blob: 9a6724225bd211400efacf4db4f996ce94bdae78 [file] [log] [blame]
Damien Miller82c55872011-06-23 08:20:30 +1000120110623
2 - OpenBSD CVS Sync
3 - djm@cvs.openbsd.org 2011/06/22 21:47:28
4 [servconf.c]
5 reuse the multistate option arrays to pretty-print options for "sshd -T"
Damien Miller69ff1df2011-06-23 08:30:03 +10006 - djm@cvs.openbsd.org 2011/06/22 21:57:01
7 [servconf.c servconf.h sshd.c sshd_config.5]
8 [configure.ac Makefile.in]
9 introduce sandboxing of the pre-auth privsep child using systrace(4).
10
11 This introduces a new "UsePrivilegeSeparation=sandbox" option for
12 sshd_config that applies mandatory restrictions on the syscalls the
13 privsep child can perform. This prevents a compromised privsep child
14 from being used to attack other hosts (by opening sockets and proxying)
15 or probing local kernel attack surface.
16
17 The sandbox is implemented using systrace(4) in unsupervised "fast-path"
18 mode, where a list of permitted syscalls is supplied. Any syscall not
19 on the list results in SIGKILL being sent to the privsep child. Note
20 that this requires a kernel with the new SYSTR_POLICY_KILL option.
21
22 UsePrivilegeSeparation=sandbox will become the default in the future
23 so please start testing it now.
24
25 feedback dtucker@; ok markus@
Damien Miller6d7b4372011-06-23 08:31:57 +100026 - djm@cvs.openbsd.org 2011/06/22 22:08:42
27 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
28 hook up a channel confirm callback to warn the user then requested X11
29 forwarding was refused by the server; ok markus@
Damien Miller80b62e32011-06-23 19:03:18 +100030 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
31 setrlimit(2)
Damien Miller82c55872011-06-23 08:20:30 +100032
Damien Miller6029e072011-06-20 14:22:49 +10003320110620
34 - OpenBSD CVS Sync
35 - djm@cvs.openbsd.org 2011/06/04 00:10:26
36 [ssh_config.5]
37 explain IdentifyFile's semantics a little better, prompted by bz#1898
38 ok dtucker jmc
Damien Millere7ac2bd2011-06-20 14:23:25 +100039 - markus@cvs.openbsd.org 2011/06/14 22:49:18
40 [authfile.c]
41 make sure key_parse_public/private_rsa1() no longer consumes its input
42 buffer. fixes ssh-add for passphrase-protected ssh1-keys;
43 noted by naddy@; ok djm@
Damien Miller8f0bf232011-06-20 14:42:23 +100044 - djm@cvs.openbsd.org 2011/06/17 21:44:31
45 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
46 make the pre-auth privsep slave log via a socketpair shared with the
47 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Damien Millerf145a5b2011-06-20 14:42:51 +100048 - djm@cvs.openbsd.org 2011/06/17 21:46:16
49 [sftp-server.c]
50 the protocol version should be unsigned; bz#1913 reported by mb AT
51 smartftp.com
Damien Miller33322122011-06-20 14:43:11 +100052 - djm@cvs.openbsd.org 2011/06/17 21:47:35
53 [servconf.c]
54 factor out multi-choice option parsing into a parse_multistate label
55 and some support structures; ok dtucker@
Damien Miller4ac99c32011-06-20 14:43:31 +100056 - djm@cvs.openbsd.org 2011/06/17 21:57:25
57 [clientloop.c]
58 setproctitle for a mux master that has been gracefully stopped;
59 bz#1911 from Bert.Wesarg AT googlemail.com
Damien Miller6029e072011-06-20 14:22:49 +100060
Darren Tuckerc412c152011-06-03 10:35:23 +10006120110603
62 - (dtucker) [README version.h contrib/caldera/openssh.spec
63 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
64 bumps from the 5.8p2 branch into HEAD. ok djm.
Tim Rice90f42b02011-06-02 18:17:49 -070065 - (tim) [configure.ac defines.h] Run test program to detect system mail
66 directory. Add --with-maildir option to override. Fixed OpenServer 6
67 getting it wrong. Fixed many systems having MAIL=/var/mail//username
68 ok dtucker
Darren Tuckerc3c72272011-06-03 11:20:06 +100069 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
70 unconditionally in other places and the survey data we have does not show
71 any systems that use it. "nuke it" djm@
Damien Millerc09182f2011-06-03 12:11:38 +100072 - (djm) [configure.ac] enable setproctitle emulation for OS X
73 - (djm) OpenBSD CVS Sync
Damien Millerea2c1a42011-06-03 12:10:22 +100074 - djm@cvs.openbsd.org 2011/06/03 00:54:38
75 [ssh.c]
76 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
77 AT googlemail.com; ok dtucker@
78 NB. includes additional portability code to enable setproctitle emulation
79 on platforms that don't support it.
Darren Tucker3e78a512011-06-03 14:14:16 +100080 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
81 [ssh-agent.c]
82 Check current parent process ID against saved one to determine if the parent
83 has exited, rather than attempting to send a zero signal, since the latter
84 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
85 Gillmor, ok djm@
Darren Tucker260c8fb2011-06-03 14:17:27 +100086 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
87 [regress/dynamic-forward.sh]
88 back out revs 1.6 and 1.5 since it's not reliable
Darren Tucker75e035c2011-06-03 14:18:17 +100089 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
90 [regress/dynamic-forward.sh]
91 work around startup and teardown races; caught by deraadt
Darren Tuckerbf4d05a2011-06-03 14:19:02 +100092 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
93 [regress/dynamic-forward.sh]
94 Retry establishing the port forwarding after a small delay, should make
95 the tests less flaky when the previous test is slow to shut down and free
96 up the port.
Tim Ricebc481572011-06-02 22:26:19 -070097 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
Darren Tuckerc412c152011-06-03 10:35:23 +100098
Damien Millerd8478b62011-05-29 21:39:36 +10009920110529
100 - (djm) OpenBSD CVS Sync
101 - djm@cvs.openbsd.org 2011/05/23 03:30:07
102 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
103 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
104 allow AuthorizedKeysFile to specify multiple files, separated by spaces.
105 Bring back authorized_keys2 as a default search path (to avoid breaking
106 existing users of this file), but override this in sshd_config so it will
107 be no longer used on fresh installs. Maybe in 2015 we can remove it
108 entierly :)
109
110 feedback and ok markus@ dtucker@
Damien Miller1dd66e52011-05-29 21:40:42 +1000111 - djm@cvs.openbsd.org 2011/05/23 03:33:38
112 [auth.c]
113 make secure_filename() spam debug logs less
Damien Miller201f4252011-05-29 21:41:03 +1000114 - djm@cvs.openbsd.org 2011/05/23 03:52:55
115 [sshconnect.c]
116 remove extra newline
Damien Millerb9132fc2011-05-29 21:41:40 +1000117 - jmc@cvs.openbsd.org 2011/05/23 07:10:21
118 [sshd.8 sshd_config.5]
119 tweak previous; ok djm
Damien Miller04bb56e2011-05-29 21:42:08 +1000120 - djm@cvs.openbsd.org 2011/05/23 07:24:57
121 [authfile.c]
122 read in key comments for v.2 keys (though note that these are not
123 passed over the agent protocol); bz#439, based on patch from binder
124 AT arago.de; ok markus@
Damien Miller295ee632011-05-29 21:42:31 +1000125 - djm@cvs.openbsd.org 2011/05/24 07:15:47
126 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
127 Remove undocumented legacy options UserKnownHostsFile2 and
128 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
129 accept multiple paths per line and making their defaults include
130 known_hosts2; ok markus
Damien Miller8cb35872011-05-29 21:59:10 +1000131 - djm@cvs.openbsd.org 2011/05/23 03:31:31
132 [regress/cfgmatch.sh]
133 include testing of multiple/overridden AuthorizedKeysFiles
134 refactor to simply daemon start/stop and get rid of racy constructs
Damien Millerd8478b62011-05-29 21:39:36 +1000135
Damien Miller14684a12011-05-20 11:23:07 +100013620110520
137 - (djm) [session.c] call setexeccon() before executing passwd for pw
138 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
Damien Miller989bb7f2011-05-20 18:56:30 +1000139 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
140 options, we should corresponding -W-option when trying to determine
141 whether it is accepted. Also includes a warning fix on the program
142 fragment uses (bad main() return type).
143 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
Damien Millerec2eaa32011-05-20 18:57:14 +1000144 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
Damien Miller814ace02011-05-20 19:02:47 +1000145 - OpenBSD CVS Sync
146 - djm@cvs.openbsd.org 2011/05/15 08:09:01
147 [authfd.c monitor.c serverloop.c]
148 use FD_CLOEXEC consistently; patch from zion AT x96.org
Damien Miller8f639fe2011-05-20 19:03:08 +1000149 - djm@cvs.openbsd.org 2011/05/17 07:13:31
150 [key.c]
151 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
152 and fix the regress test that was trying to generate them :)
Damien Miller5d74e582011-05-20 19:03:31 +1000153 - djm@cvs.openbsd.org 2011/05/20 00:55:02
154 [servconf.c]
155 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
156 and AuthorizedPrincipalsFile were not being correctly applied in
157 Match blocks, despite being overridable there; ok dtucker@
Damien Millerc2411902011-05-20 19:03:49 +1000158 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
159 [servconf.c]
160 Add comment documenting what should be after the preauth check. ok djm
Damien Millerf2e407e2011-05-20 19:04:14 +1000161 - djm@cvs.openbsd.org 2011/05/20 03:25:45
162 [monitor.c monitor_wrap.c servconf.c servconf.h]
163 use a macro to define which string options to copy between configs
164 for Match. This avoids problems caused by forgetting to keep three
165 code locations in perfect sync and ordering
166
167 "this is at once beautiful and horrible" + ok dtucker@
Damien Millerf67188f2011-05-20 19:06:48 +1000168 - djm@cvs.openbsd.org 2011/05/17 07:13:31
169 [regress/cert-userkey.sh]
170 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
171 and fix the regress test that was trying to generate them :)
Damien Miller3045b452011-05-20 19:07:45 +1000172 - djm@cvs.openbsd.org 2011/05/20 02:43:36
173 [cert-hostkey.sh]
174 another attempt to generate a v00 ECDSA key that broke the test
175 ID sync only - portable already had this somehow
Damien Miller7b9451f2011-05-20 19:08:11 +1000176 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
177 [dynamic-forward.sh]
178 Prevent races in dynamic forwarding test; ok djm
Damien Milleracacced2011-05-20 19:08:40 +1000179 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
180 [dynamic-forward.sh]
181 fix dumb error in dynamic-forward test
Damien Miller14684a12011-05-20 11:23:07 +1000182
Damien Miller60432d82011-05-15 08:34:46 +100018320110515
184 - (djm) OpenBSD CVS Sync
185 - djm@cvs.openbsd.org 2011/05/05 05:12:08
186 [mux.c]
187 gracefully fall back when ControlPath is too large for a
188 sockaddr_un. ok markus@ as part of a larger diff
Damien Millerfd53abd2011-05-15 08:36:02 +1000189 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
190 [sshd_config]
191 clarify language about overriding defaults. bz#1892, from Petr Cerny
Damien Miller58a77e22011-05-15 08:36:29 +1000192 - djm@cvs.openbsd.org 2011/05/06 01:09:53
193 [sftp.1]
194 mention that IPv6 addresses must be enclosed in square brackets;
195 bz#1845
Damien Miller78c40c32011-05-15 08:36:59 +1000196 - djm@cvs.openbsd.org 2011/05/06 02:05:41
197 [sshconnect2.c]
198 fix memory leak; bz#1849 ok dtucker@
Damien Millerd2ac5d72011-05-15 08:43:13 +1000199 - djm@cvs.openbsd.org 2011/05/06 21:14:05
200 [packet.c packet.h]
201 set traffic class for IPv6 traffic as we do for IPv4 TOS;
202 patch from lionel AT mamane.lu via Colin Watson in bz#1855;
203 ok markus@
Damien Millerdfc85fa2011-05-15 08:44:02 +1000204 - djm@cvs.openbsd.org 2011/05/06 21:18:02
205 [ssh.c ssh_config.5]
206 add a %L expansion (short-form of the local host name) for ControlPath;
207 sync some more expansions with LocalCommand; ok markus@
Damien Millerfe924212011-05-15 08:44:45 +1000208 - djm@cvs.openbsd.org 2011/05/06 21:31:38
209 [readconf.c ssh_config.5]
210 support negated Host matching, e.g.
211
212 Host *.example.org !c.example.org
213 User mekmitasdigoat
214
215 Will match "a.example.org", "b.example.org", but not "c.example.org"
216 ok markus@
Damien Miller21771e22011-05-15 08:45:50 +1000217 - djm@cvs.openbsd.org 2011/05/06 21:34:32
218 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
219 Add a RequestTTY ssh_config option to allow configuration-based
220 control over tty allocation (like -t/-T); ok markus@
Damien Millera6bbbe42011-05-15 08:46:29 +1000221 - djm@cvs.openbsd.org 2011/05/06 21:38:58
222 [ssh.c]
223 fix dropping from previous diff
Damien Millerc067f622011-05-15 08:46:54 +1000224 - djm@cvs.openbsd.org 2011/05/06 22:20:10
225 [PROTOCOL.mux]
226 fix numbering; from bert.wesarg AT googlemail.com
Damien Miller486dd2e2011-05-15 08:47:18 +1000227 - jmc@cvs.openbsd.org 2011/05/07 23:19:39
228 [ssh_config.5]
229 - tweak previous
230 - come consistency fixes
231 ok djm
Damien Millerf4b32aa2011-05-15 08:47:43 +1000232 - jmc@cvs.openbsd.org 2011/05/07 23:20:25
233 [ssh.1]
234 +.It RequestTTY
Damien Miller555f3b82011-05-15 08:48:05 +1000235 - djm@cvs.openbsd.org 2011/05/08 12:52:01
236 [PROTOCOL.mux clientloop.c clientloop.h mux.c]
237 improve our behaviour when TTY allocation fails: if we are in
238 RequestTTY=auto mode (the default), then do not treat at TTY
239 allocation error as fatal but rather just restore the local TTY
240 to cooked mode and continue. This is more graceful on devices that
241 never allocate TTYs.
242
243 If RequestTTY is set to "yes" or "force", then failure to allocate
244 a TTY is fatal.
245
246 ok markus@
Damien Miller32198242011-05-15 08:50:32 +1000247 - djm@cvs.openbsd.org 2011/05/10 05:46:46
248 [authfile.c]
249 despam debug() logs by detecting that we are trying to load a private key
250 in key_try_load_public() and returning early; ok markus@
Damien Miller7c1b2c42011-05-15 08:51:05 +1000251 - djm@cvs.openbsd.org 2011/05/11 04:47:06
252 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
253 remove support for authorized_keys2; it is a relic from the early days
254 of protocol v.2 support and has been undocumented for many years;
255 ok markus@
Damien Miller9d276b82011-05-15 08:51:43 +1000256 - djm@cvs.openbsd.org 2011/05/13 00:05:36
257 [authfile.c]
258 warn on unexpected key type in key_parse_private_type()
Damien Miller23f425b2011-05-15 08:58:15 +1000259 - (djm) [packet.c] unbreak portability #endif
Damien Miller60432d82011-05-15 08:34:46 +1000260
Darren Tuckerd6548fe2011-05-10 11:13:36 +100026120110510
262 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
263 --with-ssl-engine which was broken with the change from deprecated
264 SSLeay_add_all_algorithms(). ok djm
265
Darren Tucker343f75f2011-05-06 10:43:50 +100026620110506
267 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
268 for closefrom() in test code. Report from Dan Wallis via Gentoo.
269
Damien Miller68790fe2011-05-05 11:19:13 +100027020110505
271 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
272 definitions. From des AT des.no
Damien Millerf22019b2011-05-05 13:48:37 +1000273 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
274 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
275 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
276 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
277 [regress/README.regress] Remove ssh-rand-helper and all its
278 tentacles. PRNGd seeding has been rolled into entropy.c directly.
279 Thanks to tim@ for testing on affected platforms.
Damien Miller3fcdfd52011-05-05 14:04:11 +1000280 - OpenBSD CVS Sync
281 - djm@cvs.openbsd.org 2011/03/10 02:52:57
Damien Millerb2da7d12011-05-05 14:04:50 +1000282 [auth2-gss.c auth2.c auth.h]
Damien Miller3fcdfd52011-05-05 14:04:11 +1000283 allow GSSAPI authentication to detect when a server-side failure causes
284 authentication failure and don't count such failures against MaxAuthTries;
285 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
Damien Millerc5219e72011-05-05 14:05:12 +1000286 - okan@cvs.openbsd.org 2011/03/15 10:36:02
287 [ssh-keyscan.c]
288 use timerclear macro
289 ok djm@
Damien Miller58f1baf2011-05-05 14:06:15 +1000290 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
291 [ssh-keygen.1 ssh-keygen.c]
292 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
293 for which host keys do not exist, generate the host keys with the
294 default key file path, an empty passphrase, default bits for the key
295 type, and default comment. This will be used by /etc/rc to generate
296 new host keys. Idea from deraadt.
297 ok deraadt
Damien Miller4a4d1612011-05-05 14:06:39 +1000298 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
299 [ssh-keygen.1]
300 -q not used in /etc/rc now so remove statement.
Damien Miller11143192011-05-05 14:13:25 +1000301 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
302 [ssh-keygen.c]
303 remove -d, documentation removed >10 years ago; ok markus
Damien Miller3ca1eb32011-05-05 14:13:50 +1000304 - jmc@cvs.openbsd.org 2011/03/24 15:29:30
305 [ssh-keygen.1]
306 zap trailing whitespace;
Damien Miller044f4a62011-05-05 14:14:08 +1000307 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
308 [ssh-keygen.c]
309 use strcasecmp() for "clear" cert permission option also; ok djm
Damien Miller91475862011-05-05 14:14:34 +1000310 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
311 [misc.c misc.h servconf.c]
312 print ipqos friendly string for sshd -T; ok markus
313 # sshd -Tf sshd_config|grep ipqos
314 ipqos lowdelay throughput
Damien Miller884b63a2011-05-05 14:14:52 +1000315 - djm@cvs.openbsd.org 2011/04/12 04:23:50
316 [ssh-keygen.c]
317 fix -Wshadow
Damien Miller26b57ce2011-05-05 14:15:09 +1000318 - djm@cvs.openbsd.org 2011/04/12 05:32:49
319 [sshd.c]
320 exit with 0 status on SIGTERM; bz#1879
Damien Miller085c90f2011-05-05 14:15:33 +1000321 - djm@cvs.openbsd.org 2011/04/13 04:02:48
322 [ssh-keygen.1]
323 improve wording; bz#1861
Damien Millerad210322011-05-05 14:15:54 +1000324 - djm@cvs.openbsd.org 2011/04/13 04:09:37
325 [ssh-keygen.1]
326 mention valid -b sizes for ECDSA keys; bz#1862
Damien Miller6c3eec72011-05-05 14:16:22 +1000327 - djm@cvs.openbsd.org 2011/04/17 22:42:42
328 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
329 allow graceful shutdown of multiplexing: request that a mux server
330 removes its listener socket and refuse future multiplexing requests;
331 ok markus@
Damien Miller8cb1cda2011-05-05 14:16:56 +1000332 - djm@cvs.openbsd.org 2011/04/18 00:46:05
333 [ssh-keygen.c]
334 certificate options are supposed to be packed in lexical order of
335 option name (though we don't actually enforce this at present).
336 Move one up that was out of sequence
Damien Miller2ce12ef2011-05-05 14:17:18 +1000337 - djm@cvs.openbsd.org 2011/05/04 21:15:29
338 [authfile.c authfile.h ssh-add.c]
339 allow "ssh-add - < key"; feedback and ok markus@
Tim Rice19d81812011-05-04 21:44:25 -0700340 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
341 so autoreconf 2.68 is happy.
Tim Rice9abb6972011-05-04 23:06:59 -0700342 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
Damien Miller68790fe2011-05-05 11:19:13 +1000343
Darren Tuckere541aaa2011-02-21 21:41:29 +110034420110221
345 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
346 Cygwin-specific service installer script ssh-host-config. The actual
347 functionality is the same, the revisited version is just more
348 exact when it comes to check for problems which disallow to run
349 certain aspects of the script. So, part of this script and the also
350 rearranged service helper script library "csih" is to check if all
351 the tools required to run the script are available on the system.
352 The new script also is more thorough to inform the user why the
353 script failed. Patch from vinschen at redhat com.
354
Damien Miller0588beb2011-02-18 09:18:45 +110035520110218
356 - OpenBSD CVS Sync
357 - djm@cvs.openbsd.org 2011/02/16 00:31:14
358 [ssh-keysign.c]
359 make hostbased auth with ECDSA keys work correctly. Based on patch
360 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
361
Darren Tucker3b9617e2011-02-06 13:24:35 +110036220110206
363 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
364 selinux code. Patch from Leonardo Chiquitto
Darren Tuckerea676a62011-02-06 13:31:23 +1100365 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
366 generation and simplify. Patch from Corinna Vinschen.
Darren Tucker3b9617e2011-02-06 13:24:35 +1100367
Damien Millerb407dd82011-02-04 11:46:39 +110036820110204
369 - OpenBSD CVS Sync
370 - djm@cvs.openbsd.org 2011/01/31 21:42:15
371 [PROTOCOL.mux]
372 cut'n'pasto; from bert.wesarg AT googlemail.com
Damien Miller0a5f0122011-02-04 11:47:01 +1100373 - djm@cvs.openbsd.org 2011/02/04 00:44:21
374 [key.c]
375 fix uninitialised nonce variable; reported by Mateusz Kocielski
Damien Millera6981272011-02-04 11:47:20 +1100376 - djm@cvs.openbsd.org 2011/02/04 00:44:43
377 [version.h]
378 openssh-5.8
Damien Miller0d30b092011-02-04 12:43:36 +1100379 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
380 [contrib/suse/openssh.spec] update versions in docs and spec files.
381 - Release OpenSSH 5.8p1
Damien Millerb407dd82011-02-04 11:46:39 +1100382
Damien Millerd4a55042011-01-28 10:30:18 +110038320110128
384 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
385 before attempting setfscreatecon(). Check whether matchpathcon()
386 succeeded before using its result. Patch from cjwatson AT debian.org;
387 bz#1851
388
Tim Riced069c482011-01-26 12:32:12 -080038920110127
390 - (tim) [config.guess config.sub] Sync with upstream.
Tim Rice648f8762011-01-26 12:38:57 -0800391 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
392 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
393 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
394 space changes for consistency/readability. Makes autoconf 2.68 happy.
395 "Nice work" djm
Tim Riced069c482011-01-26 12:32:12 -0800396
Damien Miller71adf122011-01-25 12:16:15 +110039720110125
398 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
399 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
400 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
401 building with SELinux support to avoid linking failure; report from
402 amk AT spamfence.net; ok dtucker
403
Darren Tucker79241372011-01-22 09:37:01 +110040420110122
405 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
406 RSA_get_default_method() for the benefit of openssl versions that don't
407 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
408 ok djm@.
Damien Millerad4b1ad2011-01-22 20:21:33 +1100409 - OpenBSD CVS Sync
410 - djm@cvs.openbsd.org 2011/01/22 09:18:53
411 [version.h]
412 crank to OpenSSH-5.7
Damien Miller966accc2011-01-22 20:23:10 +1100413 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
414 [contrib/suse/openssh.spec] update versions in docs and spec files.
Damien Miller6f8f04b2011-01-22 20:25:11 +1100415 - (djm) Release 5.7p1
Darren Tucker79241372011-01-22 09:37:01 +1100416
Tim Rice15e1b4d2011-01-18 20:47:04 -080041720110119
418 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
419 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
Damien Millere323ebc2011-01-19 23:12:27 +1100420 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
421 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
422 release testing (random crashes and failure to load ECC keys).
423 ok dtucker@
Tim Rice15e1b4d2011-01-18 20:47:04 -0800424
Damien Miller369c0e82011-01-17 10:51:40 +110042520110117
426 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
427 $PATH, fix cleanup of droppings; reported by openssh AT
428 roumenpetrov.info; ok dtucker@
Damien Millerfd3669e2011-01-17 11:20:18 +1100429 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
430 its unique snowflake of a gdb error to the ones we look for.
Damien Miller1ccbfa82011-01-17 11:52:40 +1100431 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
432 ssh-add to avoid $SUDO failures on Linux
Darren Tucker0c93adc2011-01-17 11:55:59 +1100433 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
434 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
435 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
Damien Miller58497782011-01-17 16:17:09 +1100436 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
437 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
438 disabled on platforms that do not support them; add a "config_defined()"
439 shell function that greps for defines in config.h and use them to decide
440 on feature tests.
441 Convert a couple of existing grep's over config.h to use the new function
442 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
443 backslash characters in filenames, enable it for Cygwin and use it to turn
444 of tests for quotes backslashes in sftp-glob.sh.
445 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
Tim Rice6dfcd342011-01-16 22:53:56 -0800446 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
Darren Tucker263d43d2011-01-17 18:50:22 +1100447 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
448 the tinderbox.
Darren Tuckerea52a822011-01-17 21:15:27 +1100449 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
450 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
451 support, based on patches from Tomas Mraz and jchadima at redhat.
Damien Miller369c0e82011-01-17 10:51:40 +1100452
Darren Tucker50c61f82011-01-16 18:28:09 +110045320110116
454 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
455 on configurations that don't have it.
Damien Miller4791f9d2011-01-16 23:16:53 +1100456 - OpenBSD CVS Sync
457 - djm@cvs.openbsd.org 2011/01/16 11:50:05
458 [clientloop.c]
459 Use atomicio when flushing protocol 1 std{out,err} buffers at
460 session close. This was a latent bug exposed by setting a SIGCHLD
461 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
Damien Miller6fb6fd52011-01-16 23:17:45 +1100462 - djm@cvs.openbsd.org 2011/01/16 11:50:36
463 [sshconnect.c]
464 reset the SIGPIPE handler when forking to execute child processes;
465 ok dtucker@
Damien Millercfd6e4f2011-01-16 23:18:33 +1100466 - djm@cvs.openbsd.org 2011/01/16 12:05:59
467 [clientloop.c]
468 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
469 now that we use atomicio(), convert them from while loops to if statements
470 add test and cast to compile cleanly with -Wsigned
Darren Tucker50c61f82011-01-16 18:28:09 +1100471
Darren Tucker08f83882011-01-16 18:24:04 +110047220110114
Damien Miller445c9a52011-01-14 12:01:29 +1100473 - OpenBSD CVS Sync
474 - djm@cvs.openbsd.org 2011/01/13 21:54:53
475 [mux.c]
476 correct error messages; patch from bert.wesarg AT googlemail.com
Damien Miller42747df2011-01-14 12:01:50 +1100477 - djm@cvs.openbsd.org 2011/01/13 21:55:25
478 [PROTOCOL.mux]
479 correct protocol names and add a couple of missing protocol number
480 defines; patch from bert.wesarg AT googlemail.com
Damien Millere9b40482011-01-14 14:47:37 +1100481 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
482 host-key-force target rather than a substitution that is replaced with a
483 comment so that the Makefile.in is still a syntactically valid Makefile
484 (useful to run the distprep target)
Tim Rice02d99da2011-01-13 22:20:27 -0800485 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
Tim Ricec5c346b2011-01-13 22:36:14 -0800486 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
487 ecdsa bits.
Damien Miller445c9a52011-01-14 12:01:29 +1100488
Darren Tucker08f83882011-01-16 18:24:04 +110048920110113
Damien Miller1708cb72011-01-13 12:21:34 +1100490 - (djm) [misc.c] include time.h for nanosleep() prototype
Tim Ricecce927c2011-01-12 19:06:31 -0800491 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
Tim Rice9b87a5c2011-01-12 22:35:43 -0800492 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
493 ecdsa keys. ok djm.
Damien Millerff22df52011-01-13 21:05:27 +1100494 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
495 gcc warning on platforms where it defaults to int
Damien Millercbaf8e62011-01-13 21:08:27 +1100496 - (djm) [regress/Makefile] add a few more generated files to the clean
497 target
Damien Miller9b160862011-01-13 22:00:20 +1100498 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
499 #define that was causing diffie-hellman-group-exchange-sha256 to be
500 incorrectly disabled
Damien Miller52788062011-01-13 22:05:14 +1100501 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
502 should not depend on ECC support
Damien Miller1708cb72011-01-13 12:21:34 +1100503
Darren Tucker08f83882011-01-16 18:24:04 +110050420110112
Damien Millerb66e9172011-01-12 13:30:18 +1100505 - OpenBSD CVS Sync
506 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
507 [openbsd-compat/glob.c]
508 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
509 from ARG_MAX to 64K.
510 Fixes glob-using programs (notably ftp) able to be triggered to hit
511 resource limits.
512 Idea from a similar NetBSD change, original problem reported by jasper@.
513 ok millert tedu jasper
Damien Miller4927aaf2011-01-12 13:32:03 +1100514 - djm@cvs.openbsd.org 2011/01/12 01:53:14
515 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
516 and sanity check arguments (these will be unnecessary when we switch
517 struct glob members from being type into to size_t in the future);
518 "looks ok" tedu@ feedback guenther@
Damien Miller945aa0c2011-01-12 13:34:02 +1100519 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
520 silly warnings on write() calls we don't care succeed or not.
Damien Miller134d02a2011-01-12 16:00:37 +1100521 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
522 flag tests that don't depend on gcc version at all; suggested by and
523 ok dtucker@
Damien Millerb66e9172011-01-12 13:30:18 +1100524
Tim Rice076a3b92011-01-10 12:56:26 -080052520110111
526 - (tim) [regress/host-expand.sh] Fix for building outside of read only
527 source tree.
Damien Miller81ad4b12011-01-11 17:02:23 +1100528 - (djm) [platform.c] Some missing includes that show up under -Werror
Damien Millerb73b6fd2011-01-11 17:18:56 +1100529 - OpenBSD CVS Sync
530 - djm@cvs.openbsd.org 2011/01/08 10:51:51
531 [clientloop.c]
532 use host and not options.hostname, as the latter may have unescaped
533 substitution characters
Damien Millera256c8d2011-01-11 17:20:05 +1100534 - djm@cvs.openbsd.org 2011/01/11 06:06:09
535 [sshlogin.c]
536 fd leak on error paths; from zinovik@
537 NB. Id sync only; we use loginrec.c that was also audited and fixed
538 recently
Damien Miller821de0a2011-01-11 17:20:29 +1100539 - djm@cvs.openbsd.org 2011/01/11 06:13:10
540 [clientloop.c ssh-keygen.c sshd.c]
541 some unsigned long long casts that make things a bit easier for
542 portable without resorting to dropping PRIu64 formats everywhere
Tim Rice076a3b92011-01-10 12:56:26 -0800543
Damien Millere63b7f22011-01-09 09:19:50 +110054420110109
545 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
546 openssh AT roumenpetrov.info
547
Damien Miller996384d2011-01-08 21:58:20 +110054820110108
549 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
550 test on OSX and others. Reported by imorgan AT nas.nasa.gov
551
Damien Miller322125b2011-01-07 09:50:08 +110055220110107
553 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
554 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
Damien Miller83f8a402011-01-07 09:51:17 +1100555 - djm@cvs.openbsd.org 2011/01/06 22:23:53
556 [ssh.c]
557 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
558 googlemail.com; ok markus@
Damien Miller64abf312011-01-07 09:51:52 +1100559 - djm@cvs.openbsd.org 2011/01/06 22:23:02
560 [clientloop.c]
561 when exiting due to ServerAliveTimeout, mention the hostname that caused
562 it (useful with backgrounded controlmaster)
Damien Miller7d06b002011-01-07 09:54:20 +1100563 - djm@cvs.openbsd.org 2011/01/06 22:46:21
564 [regress/Makefile regress/host-expand.sh]
565 regress test for LocalCommand %n expansion from bert.wesarg AT
566 googlemail.com; ok markus@
Damien Millered3a8eb2011-01-07 10:02:52 +1100567 - djm@cvs.openbsd.org 2011/01/06 23:01:35
568 [sshconnect.c]
569 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
570 ok markus@
Damien Miller322125b2011-01-07 09:50:08 +1100571
Damien Millerf1211432011-01-06 22:40:30 +110057220110106
573 - (djm) OpenBSD CVS Sync
574 - markus@cvs.openbsd.org 2010/12/08 22:46:03
575 [scp.1 scp.c]
576 add a new -3 option to scp: Copies between two remote hosts are
577 transferred through the local host. Without this option the data
578 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
Damien Miller907998d2011-01-06 22:41:21 +1100579 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
580 [scp.1 scp.c]
581 scp.1: grammer fix
582 scp.c: add -3 to usage()
Damien Miller05c89972011-01-06 22:42:04 +1100583 - markus@cvs.openbsd.org 2010/12/14 11:59:06
584 [sshconnect.c]
585 don't mention key type in key-changed-warning, since we also print
586 this warning if a new key type appears. ok djm@
Damien Miller106079c2011-01-06 22:43:44 +1100587 - djm@cvs.openbsd.org 2010/12/15 00:49:27
588 [readpass.c]
589 fix ControlMaster=ask regression
590 reset SIGCHLD handler before fork (and restore it after) so we don't miss
591 the the askpass child's exit status. Correct test for exit status/signal to
592 account for waitpid() failure; with claudio@ ok claudio@ markus@
Damien Millerde53fd02011-01-06 22:44:18 +1100593 - djm@cvs.openbsd.org 2010/12/24 21:41:48
594 [auth-options.c]
595 don't send the actual forced command in a debug message; ok markus deraadt
Damien Miller8ad960b2011-01-06 22:44:44 +1100596 - otto@cvs.openbsd.org 2011/01/04 20:44:13
597 [ssh-keyscan.c]
598 handle ecdsa-sha2 with various key lengths; hint and ok djm@
Damien Millerf1211432011-01-06 22:40:30 +1100599
Damien Miller30a69e72011-01-04 08:16:27 +110060020110104
601 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
602 formatter if it is present, followed by nroff and groff respectively.
603 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
604 in favour of mandoc). feedback and ok tim
605
60620110103
Damien Millerd197fd62011-01-03 14:48:14 +1100607 - (djm) [Makefile.in] revert local hack I didn't intend to commit
608
60920110102
Damien Miller4a06f922011-01-02 21:43:59 +1100610 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
Damien Miller41bccf72011-01-02 21:53:07 +1100611 - (djm) [configure.ac] Check whether libdes is needed when building
612 with Heimdal krb5 support. On OpenBSD this library no longer exists,
613 so linking it unconditionally causes a build failure; ok dtucker
Damien Miller4a06f922011-01-02 21:43:59 +1100614
Damien Miller928362d2010-12-26 14:26:45 +110061520101226
616 - (dtucker) OpenBSD CVS Sync
617 - djm@cvs.openbsd.org 2010/12/08 04:02:47
618 [ssh_config.5 sshd_config.5]
619 explain that IPQoS arguments are separated by whitespace; iirc requested
620 by jmc@ a while back
621
Darren Tucker37bb7562010-12-05 08:46:05 +110062220101205
623 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
624 debugging. Spotted by djm.
Darren Tucker7336b902010-12-05 09:00:30 +1100625 - (dtucker) OpenBSD CVS Sync
626 - djm@cvs.openbsd.org 2010/12/03 23:49:26
627 [schnorr.c]
628 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
629 (this code is still disabled, but apprently people are treating it as
630 a reference implementation)
Darren Tuckeradab6f12010-12-05 09:01:47 +1100631 - djm@cvs.openbsd.org 2010/12/03 23:55:27
632 [auth-rsa.c]
633 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
634 bz#1829; patch from ldv AT altlinux.org; ok markus@
Darren Tuckeraf1f9092010-12-05 09:02:47 +1100635 - djm@cvs.openbsd.org 2010/12/04 00:18:01
636 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
637 add a protocol extension to support a hard link operation. It is
638 available through the "ln" command in the client. The old "ln"
639 behaviour of creating a symlink is available using its "-s" option
640 or through the preexisting "symlink" command; based on a patch from
641 miklos AT szeredi.hu in bz#1555; ok markus@
Darren Tucker094f1e92010-12-05 09:03:31 +1100642 - djm@cvs.openbsd.org 2010/12/04 13:31:37
643 [hostfile.c]
644 fix fd leak; spotted and ok dtucker
Darren Tucker4288c532010-12-05 09:45:50 +1100645 - djm@cvs.openbsd.org 2010/12/04 00:21:19
646 [regress/sftp-cmds.sh]
647 adjust for hard-link support
Darren Tucker7e1a5a42010-12-05 09:29:31 +1100648 - (dtucker) [regress/Makefile] Id sync.
Darren Tucker37bb7562010-12-05 08:46:05 +1100649
Damien Millerd89745b2010-12-03 10:50:26 +110065020101204
651 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
652 instead of (arc4random() % range)
Darren Tuckerebdef762010-12-04 23:20:50 +1100653 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
654 shims for the new, non-deprecated OpenSSL key generation functions for
655 platforms that don't have the new interfaces.
Damien Millerd89745b2010-12-03 10:50:26 +1100656
Damien Miller188ea812010-12-01 11:50:14 +110065720101201
658 - OpenBSD CVS Sync
659 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
660 [auth2-pubkey.c]
661 clean up cases of ;;
Damien Miller2cd62932010-12-01 11:50:35 +1100662 - djm@cvs.openbsd.org 2010/11/21 01:01:13
663 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
664 honour $TMPDIR for client xauth and ssh-agent temporary directories;
665 feedback and ok markus@
Damien Millera2327922010-12-01 12:01:21 +1100666 - djm@cvs.openbsd.org 2010/11/21 10:57:07
667 [authfile.c]
668 Refactor internals of private key loading and saving to work on memory
669 buffers rather than directly on files. This will make a few things
670 easier to do in the future; ok markus@
Damien Miller6a740e72010-12-01 12:01:51 +1100671 - djm@cvs.openbsd.org 2010/11/23 02:35:50
672 [auth.c]
673 use strict_modes already passed as function argument over referencing
674 global options.strict_modes
Damien Millerd0fdd682010-12-01 12:02:14 +1100675 - djm@cvs.openbsd.org 2010/11/23 23:57:24
676 [clientloop.c]
677 avoid NULL deref on receiving a channel request on an unknown or invalid
678 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
Damien Millerb7f827a2010-12-01 12:02:35 +1100679 - djm@cvs.openbsd.org 2010/11/24 01:24:14
680 [channels.c]
681 remove a debug() that pollutes stderr on client connecting to a server
682 in debug mode (channel_close_fds is called transitively from the session
683 code post-fork); bz#1719, ok dtucker
Damien Millerf80c3de2010-12-01 12:02:59 +1100684 - djm@cvs.openbsd.org 2010/11/25 04:10:09
685 [session.c]
686 replace close() loop for fds 3->64 with closefrom();
687 ok markus deraadt dtucker
Damien Miller87dc0a42010-12-01 12:03:19 +1100688 - djm@cvs.openbsd.org 2010/11/26 05:52:49
689 [scp.c]
690 Pass through ssh command-line flags and options when doing remote-remote
691 transfers, e.g. to enable agent forwarding which is particularly useful
692 in this case; bz#1837 ok dtucker@
Damien Miller03c0e532010-12-01 12:03:39 +1100693 - markus@cvs.openbsd.org 2010/11/29 18:57:04
694 [authfile.c]
695 correctly load comment for encrypted rsa1 keys;
696 report/fix Joachim Schipper; ok djm@
Damien Millerd925dcd2010-12-01 12:21:51 +1100697 - djm@cvs.openbsd.org 2010/11/29 23:45:51
698 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
699 [sshconnect.h sshconnect2.c]
700 automatically order the hostkeys requested by the client based on
701 which hostkeys are already recorded in known_hosts. This avoids
702 hostkey warnings when connecting to servers with new ECDSA keys
703 that are preferred by default; with markus@
Damien Miller188ea812010-12-01 11:50:14 +1100704
Darren Tuckerd9957122010-11-24 10:09:13 +110070520101124
706 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
707 into the platform-specific code Only affects SCO, tested by and ok tim@.
Damien Miller88e341e2010-11-24 10:36:15 +1100708 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
709 group read/write. ok dtucker@
Darren Tucker4b6cbf72010-11-24 10:46:37 +1100710 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
Damien Miller73de86a2010-11-24 10:50:04 +1100711 - (djm) [defines.h] Add IP DSCP defines
Darren Tuckerd9957122010-11-24 10:09:13 +1100712
Darren Tucker9e0ff7a2010-11-22 17:59:00 +110071320101122
714 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
715 from vapier at gentoo org.
716
Damien Miller7a221a12010-11-20 15:14:29 +110071720101120
718 - OpenBSD CVS Sync
719 - djm@cvs.openbsd.org 2010/11/05 02:46:47
720 [packet.c]
721 whitespace KNF
Damien Miller4499f4c2010-11-20 15:15:49 +1100722 - djm@cvs.openbsd.org 2010/11/10 01:33:07
723 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
724 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
725 these have been around for years by this time. ok markus
Damien Miller0dac6fb2010-11-20 15:19:38 +1100726 - djm@cvs.openbsd.org 2010/11/13 23:27:51
727 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
728 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
729 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
730 hardcoding lowdelay/throughput.
731
732 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Damien Miller8e1ea4e2010-11-20 15:20:10 +1100733 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
734 [ssh_config.5]
735 libary -> library;
Damien Miller0a184732010-11-20 15:21:03 +1100736 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
737 [scp.1 sftp.1 ssh.1 sshd_config.5]
738 add IPQoS to the various -o lists, and zap some trailing whitespace;
Damien Miller7a221a12010-11-20 15:14:29 +1100739
Damien Millerdd190dd2010-11-11 14:17:02 +110074020101111
741 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
742 platforms that don't support ECC. Fixes some spurious warnings reported
743 by tim@
744
Tim Ricee426f5e2010-11-08 09:15:14 -080074520101109
746 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
747 Feedback from dtucker@
Tim Ricec7a8af02010-11-08 14:26:23 -0800748 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
749 support for platforms missing isblank(). ok djm@
Tim Ricee426f5e2010-11-08 09:15:14 -0800750
Tim Rice522262f2010-11-07 13:00:27 -080075120101108
752 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
753 tree.
Tim Ricec10aeaa2010-11-07 13:03:11 -0800754 - (tim) [regress/kextype.sh] Shell portability fix.
Tim Rice522262f2010-11-07 13:00:27 -0800755
Darren Tuckerd1ece6e2010-11-07 18:05:54 +110075620101107
757 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
758 the correct typedefs.
759
Damien Miller3a0e9f62010-11-05 10:16:34 +110076020101105
Damien Miller34ee4202010-11-05 10:52:37 +1100761 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
762 int. Should fix bz#1817 cleanly; ok dtucker@
Damien Miller3a0e9f62010-11-05 10:16:34 +1100763 - OpenBSD CVS Sync
764 - djm@cvs.openbsd.org 2010/09/22 12:26:05
765 [regress/Makefile regress/kextype.sh]
766 regress test for each of the key exchange algorithms that we support
Damien Millerb472a902010-11-05 10:19:49 +1100767 - djm@cvs.openbsd.org 2010/10/28 11:22:09
768 [authfile.c key.c key.h ssh-keygen.c]
769 fix a possible NULL deref on loading a corrupt ECDH key
770
771 store ECDH group information in private keys files as "named groups"
772 rather than as a set of explicit group parameters (by setting
773 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
774 retrieves the group's OpenSSL NID that we need for various things.
Damien Miller55fa5652010-11-05 10:20:14 +1100775 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
776 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
777 knock out some "-*- nroff -*-" lines;
Damien Miller07331212010-11-05 10:20:31 +1100778 - djm@cvs.openbsd.org 2010/11/04 02:45:34
779 [sftp-server.c]
780 umask should be parsed as octal. reported by candland AT xmission.com;
781 ok markus@
Darren Tucker97528352010-11-05 12:03:05 +1100782 - (dtucker) [configure.ac platform.{c,h} session.c
783 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
784 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
785 ok djm@
Darren Tucker920612e2010-11-05 12:36:15 +1100786 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
787 after the user's groups are established and move the selinux calls into it.
Darren Tucker4db38072010-11-05 12:41:13 +1100788 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
789 platform.c
Darren Tucker44a97be2010-11-05 12:45:18 +1100790 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
Darren Tuckerfd4d8aa2010-11-05 12:50:41 +1100791 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
792 retain previous behavior.
Darren Tucker728d8372010-11-05 13:00:05 +1100793 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
794 the LOGIN_CAP case into platform.c.
Darren Tucker7a8afe32010-11-05 13:07:24 +1100795 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
796 platform.c
Darren Tucker0b2ee642010-11-05 13:29:25 +1100797 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
798 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
799 platform.c.
Darren Tuckercc124182010-11-05 13:32:52 +1100800 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
801 non-LOGIN_CAP case into platform.c.
Darren Tuckerb12fe272010-11-05 14:47:01 +1100802 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
803 check into platform.c
Darren Tuckerb69e0332010-11-05 18:19:15 +1100804 - (dtucker) [regress/keytype.sh] Import new test.
Darren Tuckereab5f0d2010-11-05 18:23:38 +1100805 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
806 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
807 from configure through to regress/Makefile and use it in the tests.
Darren Tucker345178d2010-11-05 18:35:52 +1100808 - (dtucker) [regress/kextype.sh] Add missing "test".
Darren Tuckerf619d1c2010-11-05 18:41:50 +1100809 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
810 strictly correct since while ECC requires sha256 the reverse is not true
811 however it does prevent spurious test failures.
Darren Tucker9283d8c2010-11-05 18:56:08 +1100812 - (dtucker) [platform.c] Need servconf.h and extern options.
Damien Miller3a0e9f62010-11-05 10:16:34 +1100813
Tim Ricebdd3e672010-10-24 18:35:55 -070081420101025
815 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
816 1.12 to unbreak Solaris build.
817 ok djm@
Darren Tucker54b1f312010-10-25 16:54:28 +1100818 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
819 native one.
Tim Ricebdd3e672010-10-24 18:35:55 -0700820
Darren Tuckera5393932010-10-24 10:47:30 +110082120101024
822 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
Darren Tuckerbfd9b1b2010-10-24 11:19:26 +1100823 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
824 which don't have ECC support in libcrypto.
Darren Tuckerd633fef2010-10-24 11:33:07 +1100825 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
826 which don't have ECC support in libcrypto.
Darren Tucker7bc236d2010-10-24 11:58:43 +1100827 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
828 have it.
Darren Tuckerd78739a2010-10-24 10:56:32 +1100829 - (dtucker) OpenBSD CVS Sync
830 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
831 [sftp.c]
832 escape '[' in filename tab-completion; fix a type while there.
833 ok djm@
Darren Tuckera5393932010-10-24 10:47:30 +1100834
Damien Miller68512c02010-10-21 15:21:11 +110083520101021
836 - OpenBSD CVS Sync
837 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
838 [mux.c]
839 Typo in confirmation message. bz#1827, patch from imorgan at
840 nas nasa gov
Damien Miller6fd2d7d2010-10-21 15:27:14 +1100841 - djm@cvs.openbsd.org 2010/08/31 12:24:09
842 [regress/cert-hostkey.sh regress/cert-userkey.sh]
843 tests for ECDSA certificates
Damien Miller68512c02010-10-21 15:21:11 +1100844
Damien Miller1f789802010-10-11 22:35:22 +110084520101011
Damien Miller47e57bf2010-10-12 13:28:12 +1100846 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
847 bz#1825, reported by foo AT mailinator.com
Damien Miller9c0c31d2010-10-12 13:30:44 +1100848 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
Damien Miller47e57bf2010-10-12 13:28:12 +1100849
85020101011
Damien Miller1f789802010-10-11 22:35:22 +1100851 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
852 dr AT vasco.com
853
Damien Milleraa180632010-10-07 21:25:27 +110085420101007
Damien Miller9a3d0dc2010-10-07 22:06:42 +1100855 - (djm) [ssh-agent.c] Fix type for curve name.
Damien Milleraa180632010-10-07 21:25:27 +1100856 - (djm) OpenBSD CVS Sync
857 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
858 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
859 [openbsd-compat/timingsafe_bcmp.c]
860 Add timingsafe_bcmp(3) to libc, mention that it's already in the
861 kernel in kern(9), and remove it from OpenSSH.
862 ok deraadt@, djm@
863 NB. re-added under openbsd-compat/ for portable OpenSSH
Damien Millera6e121a2010-10-07 21:39:17 +1100864 - djm@cvs.openbsd.org 2010/09/25 09:30:16
865 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
866 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
867 rountrips to fetch per-file stat(2) information.
868 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
869 match.
Damien Miller68e2e562010-10-07 21:39:55 +1100870 - djm@cvs.openbsd.org 2010/09/26 22:26:33
871 [sftp.c]
872 when performing an "ls" in columnated (short) mode, only call
873 ioctl(TIOCGWINSZ) once to get the window width instead of per-
874 filename
Damien Millerc54b02c2010-10-07 21:40:17 +1100875 - djm@cvs.openbsd.org 2010/09/30 11:04:51
876 [servconf.c]
877 prevent free() of string in .rodata when overriding AuthorizedKeys in
878 a Match block; patch from rein AT basefarm.no
Damien Miller9a3d0dc2010-10-07 22:06:42 +1100879 - djm@cvs.openbsd.org 2010/10/01 23:05:32
880 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
881 adapt to API changes in openssl-1.0.0a
882 NB. contains compat code to select correct API for older OpenSSL
Damien Miller38d9a962010-10-07 22:07:11 +1100883 - djm@cvs.openbsd.org 2010/10/05 05:13:18
884 [sftp.c sshconnect.c]
885 use default shell /bin/sh if $SHELL is ""; ok markus@
Damien Millera41ccca2010-10-07 22:07:32 +1100886 - djm@cvs.openbsd.org 2010/10/06 06:39:28
887 [clientloop.c ssh.c sshconnect.c sshconnect.h]
888 kill proxy command on fatal() (we already kill it on clean exit);
889 ok markus@
Damien Miller45fcdaa2010-10-07 22:07:58 +1100890 - djm@cvs.openbsd.org 2010/10/06 21:10:21
891 [sshconnect.c]
892 swapped args to kill(2)
Damien Miller37f4f182010-10-07 22:10:38 +1100893 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
Damien Miller80e99532010-10-07 22:12:08 +1100894 - (djm) [cipher-acss.c] Add missing header.
Damien Miller88b844f2010-10-07 22:19:23 +1100895 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
Damien Milleraa180632010-10-07 21:25:27 +1100896
Damien Miller6186bbc2010-09-24 22:00:54 +100089720100924
898 - (djm) OpenBSD CVS Sync
899 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
900 [ssh-keygen.1]
901 * mention ECDSA in more places
902 * less repetition in FILES section
903 * SSHv1 keys are still encrypted with 3DES
904 help and ok jmc@
Damien Miller1ca94692010-09-24 22:01:22 +1000905 - djm@cvs.openbsd.org 2010/09/11 21:44:20
906 [ssh.1]
907 mention RFC 5656 for ECC stuff
Damien Miller881adf72010-09-24 22:01:54 +1000908 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
909 [sftp.1]
910 more wacky macro fixing;
Damien Miller857b02e2010-09-24 22:02:56 +1000911 - djm@cvs.openbsd.org 2010/09/20 04:41:47
912 [ssh.c]
913 install a SIGCHLD handler to reap expiried child process; ok markus@
Damien Millerf7540cd2010-09-24 22:03:24 +1000914 - djm@cvs.openbsd.org 2010/09/20 04:50:53
915 [jpake.c schnorr.c]
916 check that received values are smaller than the group size in the
917 disabled and unfinished J-PAKE code.
918 avoids catastrophic security failure found by Sebastien Martini
Damien Miller18e1cab2010-09-24 22:07:17 +1000919 - djm@cvs.openbsd.org 2010/09/20 04:54:07
920 [jpake.c]
921 missing #include
Damien Miller603134e2010-09-24 22:07:55 +1000922 - djm@cvs.openbsd.org 2010/09/20 07:19:27
923 [mux.c]
924 "atomically" create the listening mux socket by binding it on a temorary
925 name and then linking it into position after listen() has succeeded.
926 this allows the mux clients to determine that the server socket is
927 either ready or stale without races. stale server sockets are now
928 automatically removed
929 ok deraadt
Damien Millerd5f62bf2010-09-24 22:11:14 +1000930 - djm@cvs.openbsd.org 2010/09/22 05:01:30
931 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
932 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
933 add a KexAlgorithms knob to the client and server configuration to allow
934 selection of which key exchange methods are used by ssh(1) and sshd(8)
935 and their order of preference.
936 ok markus@
Damien Miller7fe2b1f2010-09-24 22:11:53 +1000937 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
938 [ssh.1 ssh_config.5]
939 ssh.1: add kexalgorithms to the -o list
940 ssh_config.5: format the kexalgorithms in a more consistent
941 (prettier!) way
942 ok djm
Damien Miller65e42f82010-09-24 22:15:11 +1000943 - djm@cvs.openbsd.org 2010/09/22 22:58:51
944 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
945 [sftp-client.h sftp.1 sftp.c]
946 add an option per-read/write callback to atomicio
947
948 factor out bandwidth limiting code from scp(1) into a generic bandwidth
949 limiter that can be attached using the atomicio callback mechanism
950
951 add a bandwidth limit option to sftp(1) using the above
952 "very nice" markus@
Damien Miller56883e12010-09-24 22:15:39 +1000953 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
954 [sftp.c]
955 add [-l limit] to usage();
Damien Miller2beb32f2010-09-24 22:16:03 +1000956 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
957 [scp.1 sftp.1]
958 add KexAlgorithms to the -o list;
Damien Miller6186bbc2010-09-24 22:00:54 +1000959
Damien Miller4314c2b2010-09-10 11:12:09 +100096020100910
Darren Tucker50e3bab2010-09-10 10:30:25 +1000961 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
962 return code since it can apparently return -1 under some conditions. From
963 openssh bugs werbittewas de, ok djm@
Damien Miller4314c2b2010-09-10 11:12:09 +1000964 - OpenBSD CVS Sync
965 - djm@cvs.openbsd.org 2010/08/31 12:33:38
966 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
967 reintroduce commit from tedu@, which I pulled out for release
968 engineering:
969 OpenSSL_add_all_algorithms is the name of the function we have a
970 man page for, so use that. ok djm
Damien Millerde735ea2010-09-10 11:12:38 +1000971 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
972 [ssh-agent.1]
973 fix some macro abuse;
Damien Millerd4427902010-09-10 11:15:10 +1000974 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
975 [ssh.1]
976 small text tweak to accommodate previous;
Damien Millere13cadf2010-09-10 11:15:33 +1000977 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
978 [servconf.c]
979 pick up ECDSA host key by default; ok djm@
Damien Miller390f1532010-09-10 11:17:54 +1000980 - markus@cvs.openbsd.org 2010/09/02 16:07:25
Damien Miller57737942010-09-10 11:16:37 +1000981 [ssh-keygen.c]
982 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
Damien Miller390f1532010-09-10 11:17:54 +1000983 - markus@cvs.openbsd.org 2010/09/02 16:08:39
Damien Miller5929c522010-09-10 11:17:02 +1000984 [ssh.c]
985 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
Damien Miller6e9f6802010-09-10 11:17:38 +1000986 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
987 [ssh-keygen.c]
988 Switch ECDSA default key size to 256 bits, which according to RFC5656
989 should still be better than our current RSA-2048 default.
990 ok djm@, markus@
Damien Miller390f1532010-09-10 11:17:54 +1000991 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
992 [scp.1]
993 add an EXIT STATUS section for /usr/bin;
Damien Millerdaa7b222010-09-10 11:19:33 +1000994 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
995 [ssh-add.1 ssh.1]
996 two more EXIT STATUS sections;
Damien Miller80ed82a2010-09-10 11:20:11 +1000997 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
998 [sshd_config]
999 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
1000 <mattieu.b@gmail.com>
1001 ok deraadt@
Damien Millerbf0423e2010-09-10 11:20:38 +10001002 - djm@cvs.openbsd.org 2010/09/08 03:54:36
1003 [authfile.c]
1004 typo
Damien Miller3796ab42010-09-10 11:20:59 +10001005 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
1006 [compress.c]
1007 work around name-space collisions some buggy compilers (looking at you
1008 gcc, at least in earlier versions, but this does not forgive your current
1009 transgressions) seen between zlib and openssl
1010 ok djm
Damien Miller041ab7c2010-09-10 11:23:34 +10001011 - djm@cvs.openbsd.org 2010/09/09 10:45:45
1012 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
1013 ECDH/ECDSA compliance fix: these methods vary the hash function they use
1014 (SHA256/384/512) depending on the length of the curve in use. The previous
1015 code incorrectly used SHA256 in all cases.
1016
1017 This fix will cause authentication failure when using 384 or 521-bit curve
1018 keys if one peer hasn't been upgraded and the other has. (256-bit curve
1019 keys work ok). In particular you may need to specify HostkeyAlgorithms
1020 when connecting to a server that has not been upgraded from an upgraded
1021 client.
1022
1023 ok naddy@
Damien Miller6af914a2010-09-10 11:39:26 +10001024 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
1025 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
1026 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
1027 platforms that don't have the requisite OpenSSL support. ok dtucker@
Darren Tucker8ccb7392010-09-10 12:28:24 +10001028 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
1029 for missing headers and compiler warnings.
Darren Tucker50e3bab2010-09-10 10:30:25 +10001030
103120100831
Damien Millerafdae612010-08-31 22:31:14 +10001032 - OpenBSD CVS Sync
1033 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
1034 [ssh-keysign.8 ssh.1 sshd.8]
1035 use the same template for all FILES sections; i.e. -compact/.Pp where we
1036 have multiple items, and .Pa for path names;
Damien Miller9b87e792010-08-31 22:31:37 +10001037 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
1038 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
1039 OpenSSL_add_all_algorithms is the name of the function we have a man page
1040 for, so use that. ok djm
Damien Millerd96546f2010-08-31 22:32:12 +10001041 - djm@cvs.openbsd.org 2010/08/16 04:06:06
1042 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
1043 backout previous temporarily; discussed with deraadt@
Damien Millerda108ec2010-08-31 22:36:39 +10001044 - djm@cvs.openbsd.org 2010/08/31 09:58:37
1045 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
1046 [packet.h ssh-dss.c ssh-rsa.c]
1047 Add buffer_get_cstring() and related functions that verify that the
1048 string extracted from the buffer contains no embedded \0 characters*
1049 This prevents random (possibly malicious) crap from being appended to
1050 strings where it would not be noticed if the string is used with
1051 a string(3) function.
1052
1053 Use the new API in a few sensitive places.
1054
1055 * actually, we allow a single one at the end of the string for now because
1056 we don't know how many deployed implementations get this wrong, but don't
1057 count on this to remain indefinitely.
Damien Millereb8b60e2010-08-31 22:41:14 +10001058 - djm@cvs.openbsd.org 2010/08/31 11:54:45
1059 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
1060 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
1061 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
1062 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
1063 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
1064 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
1065 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
1066 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
1067 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
1068 better performance than plain DH and DSA at the same equivalent symmetric
1069 key length, as well as much shorter keys.
1070
1071 Only the mandatory sections of RFC5656 are implemented, specifically the
1072 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
1073 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
1074
1075 Certificate host and user keys using the new ECDSA key types are supported.
1076
1077 Note that this code has not been tested for interoperability and may be
1078 subject to change.
1079
1080 feedback and ok markus@
Damien Millerb5a62d02010-08-31 22:47:15 +10001081 - (djm) [Makefile.in] Add new ECC files
Damien Millerc79ff072010-08-31 22:50:48 +10001082 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
1083 includes.h
Damien Millerafdae612010-08-31 22:31:14 +10001084
Darren Tucker6889abd2010-08-27 10:12:54 +1000108520100827
1086 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
1087 remove. Patch from martynas at venck us
1088
Damien Millera5362022010-08-23 21:20:20 +1000108920100823
1090 - (djm) Release OpenSSH-5.6p1
1091
Darren Tuckeraa74f672010-08-16 13:15:23 +1000109220100816
1093 - (dtucker) [configure.ac openbsd-compat/Makefile.in
1094 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
1095 the compat library which helps on platforms like old IRIX. Based on work
1096 by djm, tested by Tom Christensen.
Damien Miller00d9ae22010-08-17 01:59:31 +10001097 - OpenBSD CVS Sync
1098 - djm@cvs.openbsd.org 2010/08/12 21:49:44
1099 [ssh.c]
1100 close any extra file descriptors inherited from parent at start and
1101 reopen stdin/stdout to /dev/null when forking for ControlPersist.
1102
1103 prevents tools that fork and run a captive ssh for communication from
1104 failing to exit when the ssh completes while they wait for these fds to
1105 close. The inherited fds may persist arbitrarily long if a background
1106 mux master has been started by ControlPersist. cvs and scp were effected
1107 by this.
1108
1109 "please commit" markus@
Damien Miller07ad3892010-08-17 07:04:28 +10001110 - (djm) [regress/README.regress] typo
Darren Tuckeraa74f672010-08-16 13:15:23 +10001111
Tim Rice722b8d12010-08-12 09:43:13 -0700111220100812
1113 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
1114 regress/test-exec.sh] Under certain conditions when testing with sudo
1115 tests would fail because the pidfile could not be read by a regular user.
1116 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
1117 Make sure cat is run by $SUDO. no objection from me. djm@
Tim Ricead7d5472010-08-12 10:33:01 -07001118 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
Tim Rice722b8d12010-08-12 09:43:13 -07001119
Damien Miller7e569b82010-08-09 02:28:37 +1000112020100809
Damien Miller2c4b13a2010-08-10 12:47:40 +10001121 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
1122 already set. Makes FreeBSD user openable tunnels useful; patch from
1123 richard.burakowski+ossh AT mrburak.net, ok dtucker@
Darren Tucker02c47342010-08-10 13:36:09 +10001124 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
1125 based in part on a patch from Colin Watson, ok djm@
Damien Miller2c4b13a2010-08-10 12:47:40 +10001126
112720100809
Damien Miller7e569b82010-08-09 02:28:37 +10001128 - OpenBSD CVS Sync
1129 - djm@cvs.openbsd.org 2010/08/08 16:26:42
1130 [version.h]
1131 crank to 5.6
Damien Miller792010b2010-08-09 02:32:05 +10001132 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1133 [contrib/suse/openssh.spec] Crank version numbers
Damien Miller7e569b82010-08-09 02:28:37 +10001134
Damien Miller8e604ac2010-08-09 02:28:10 +1000113520100805
Damien Miller7fa96602010-08-05 13:03:13 +10001136 - OpenBSD CVS Sync
1137 - djm@cvs.openbsd.org 2010/08/04 05:37:01
1138 [ssh.1 ssh_config.5 sshd.8]
1139 Remove mentions of weird "addr/port" alternate address format for IPv6
1140 addresses combinations. It hasn't worked for ages and we have supported
1141 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
Damien Miller1da63882010-08-05 13:03:51 +10001142 - djm@cvs.openbsd.org 2010/08/04 05:40:39
1143 [PROTOCOL.certkeys ssh-keygen.c]
1144 tighten the rules for certificate encoding by requiring that options
1145 appear in lexical order and make our ssh-keygen comply. ok markus@
Damien Millerc1583312010-08-05 13:04:50 +10001146 - djm@cvs.openbsd.org 2010/08/04 05:42:47
1147 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
1148 [ssh-keysign.c ssh.c]
1149 enable certificates for hostbased authentication, from Iain Morgan;
1150 "looks ok" markus@
Damien Miller5458c4d2010-08-05 13:05:15 +10001151 - djm@cvs.openbsd.org 2010/08/04 05:49:22
1152 [authfile.c]
1153 commited the wrong version of the hostbased certificate diff; this
1154 version replaces some strlc{py,at} verbosity with xasprintf() at
1155 the request of markus@
Damien Miller757f34e2010-08-05 13:05:31 +10001156 - djm@cvs.openbsd.org 2010/08/04 06:07:11
1157 [ssh-keygen.1 ssh-keygen.c]
1158 Support CA keys in PKCS#11 tokens; feedback and ok markus@
Damien Millerb89e6b72010-08-05 13:06:20 +10001159 - djm@cvs.openbsd.org 2010/08/04 06:08:40
1160 [ssh-keysign.c]
1161 clean for -Wuninitialized (Id sync only; portable had this change)
Damien Miller7d457182010-08-05 23:09:48 +10001162 - djm@cvs.openbsd.org 2010/08/05 13:08:42
1163 [channels.c]
1164 Fix a trio of bugs in the local/remote window calculation for datagram
1165 data channels (i.e. TunnelForward):
1166
1167 Calculate local_consumed correctly in channel_handle_wfd() by measuring
1168 the delta to buffer_len(c->output) from when we start to when we finish.
1169 The proximal problem here is that the output_filter we use in portable
1170 modified the length of the dequeued datagram (to futz with the headers
1171 for !OpenBSD).
1172
1173 In channel_output_poll(), don't enqueue datagrams that won't fit in the
1174 peer's advertised packet size (highly unlikely to ever occur) or which
1175 won't fit in the peer's remaining window (more likely).
1176
1177 In channel_input_data(), account for the 4-byte string header in
1178 datagram packets that we accept from the peer and enqueue in c->output.
1179
1180 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
1181 "looks good" markus@
Damien Miller7fa96602010-08-05 13:03:13 +10001182
Damien Miller8e604ac2010-08-09 02:28:10 +1000118320100803
Darren Tucker8b7a0552010-08-03 15:50:16 +10001184 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
1185 PAM to sane values in case the PAM method doesn't write to them. Spotted by
1186 Bitman Zhou, ok djm@.
Damien Miller844cccf2010-08-03 16:03:29 +10001187 - OpenBSD CVS Sync
1188 - djm@cvs.openbsd.org 2010/07/16 04:45:30
1189 [ssh-keygen.c]
1190 avoid bogus compiler warning
Damien Miller4e8285e2010-08-03 16:04:03 +10001191 - djm@cvs.openbsd.org 2010/07/16 14:07:35
1192 [ssh-rsa.c]
1193 more timing paranoia - compare all parts of the expected decrypted
1194 data before returning. AFAIK not exploitable in the SSH protocol.
1195 "groovy" deraadt@
Damien Millerc4bb91c2010-08-03 16:04:22 +10001196 - djm@cvs.openbsd.org 2010/07/19 03:16:33
1197 [sftp-client.c]
1198 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
1199 upload depth checks and causing verbose printing of transfers to always
1200 be turned on; patch from imorgan AT nas.nasa.gov
Damien Millere11e1ea2010-08-03 16:04:46 +10001201 - djm@cvs.openbsd.org 2010/07/19 09:15:12
1202 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
1203 add a "ControlPersist" option that automatically starts a background
1204 ssh(1) multiplex master when connecting. This connection can stay alive
1205 indefinitely, or can be set to automatically close after a user-specified
1206 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
1207 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
1208 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Damien Miller8c1eb112010-08-03 16:05:05 +10001209 - djm@cvs.openbsd.org 2010/07/21 02:10:58
1210 [misc.c]
1211 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
Damien Miller081f3c72010-08-03 16:05:25 +10001212 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
1213 [ssh.1]
1214 Ciphers is documented in ssh_config(5) these days
Darren Tucker8b7a0552010-08-03 15:50:16 +10001215
121620100819
Darren Tucker12b29db2010-07-19 21:24:13 +10001217 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
1218 details about its behaviour WRT existing directories. Patch from
1219 asguthrie at gmail com, ok djm.
1220
Damien Miller9308fc72010-07-16 13:56:01 +1000122120100716
1222 - (djm) OpenBSD CVS Sync
1223 - djm@cvs.openbsd.org 2010/07/02 04:32:44
1224 [misc.c]
1225 unbreak strdelim() skipping past quoted strings, e.g.
1226 AllowUsers "blah blah" blah
1227 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
1228 ok dtucker;
Damien Miller1f25ab42010-07-16 13:56:23 +10001229 - djm@cvs.openbsd.org 2010/07/12 22:38:52
1230 [ssh.c]
1231 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
1232 for protocol 2. ok markus@
Damien Millerd0244d42010-07-16 13:56:43 +10001233 - djm@cvs.openbsd.org 2010/07/12 22:41:13
1234 [ssh.c ssh_config.5]
1235 expand %h to the hostname in ssh_config Hostname options. While this
1236 sounds useless, it is actually handy for working with unqualified
1237 hostnames:
1238
1239 Host *.*
1240 Hostname %h
1241 Host *
1242 Hostname %h.example.org
1243
1244 "I like it" markus@
Damien Miller8a0268f2010-07-16 13:57:51 +10001245 - djm@cvs.openbsd.org 2010/07/13 11:52:06
1246 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
1247 [packet.c ssh-rsa.c]
1248 implement a timing_safe_cmp() function to compare memory without leaking
1249 timing information by short-circuiting like memcmp() and use it for
1250 some of the more sensitive comparisons (though nothing high-value was
1251 readily attackable anyway); "looks ok" markus@
Damien Millerea1651c2010-07-16 13:58:37 +10001252 - djm@cvs.openbsd.org 2010/07/13 23:13:16
1253 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
1254 [ssh-rsa.c]
1255 s/timing_safe_cmp/timingsafe_bcmp/g
Damien Millerbcfbc482010-07-16 13:59:11 +10001256 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
1257 [ssh.1]
1258 finally ssh synopsis looks nice again! this commit just removes a ton of
1259 hacks we had in place to make it work with old groff;
Damien Millerbad5e032010-07-16 13:59:59 +10001260 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
1261 [ssh-keygen.1]
1262 repair incorrect block nesting, which screwed up indentation;
1263 problem reported and fix OK by jmc@
Damien Miller9308fc72010-07-16 13:56:01 +10001264
Tim Ricecfbdc282010-07-14 13:42:28 -0700126520100714
1266 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
1267 (line 77) should have been for no_x11_askpass.
1268
Damien Millercede1db2010-07-02 13:33:48 +1000126920100702
1270 - (djm) OpenBSD CVS Sync
1271 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
1272 [ssh_config.5]
1273 tweak previous;
Damien Millerb96c4412010-07-02 13:34:24 +10001274 - djm@cvs.openbsd.org 2010/06/26 23:04:04
1275 [ssh.c]
1276 oops, forgot to #include <canohost.h>; spotted and patch from chl@
Damien Miller44b25042010-07-02 13:35:01 +10001277 - djm@cvs.openbsd.org 2010/06/29 23:15:30
1278 [ssh-keygen.1 ssh-keygen.c]
1279 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
1280 bz#1749; ok markus@
Damien Miller6018a362010-07-02 13:35:19 +10001281 - djm@cvs.openbsd.org 2010/06/29 23:16:46
1282 [auth2-pubkey.c sshd_config.5]
1283 allow key options (command="..." and friends) in AuthorizedPrincipals;
1284 ok markus@
Damien Millerea727282010-07-02 13:35:34 +10001285 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
1286 [ssh-keygen.1]
1287 tweak previous;
Damien Miller6022f582010-07-02 13:37:01 +10001288 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
1289 [ssh-keygen.c]
1290 sort usage();
Damien Millerd59dab82010-07-02 13:37:17 +10001291 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
1292 [sshd_config.5]
1293 tweak previous;
Damien Miller0979b402010-07-02 13:37:33 +10001294 - millert@cvs.openbsd.org 2010/07/01 13:06:59
1295 [scp.c]
1296 Fix a longstanding problem where if you suspend scp at the
1297 password/passphrase prompt the terminal mode is not restored.
1298 OK djm@
Damien Miller527ded72010-07-02 13:40:16 +10001299 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
1300 [regress/Makefile]
1301 fix how we run the tests so we can successfully use SUDO='sudo -E'
1302 in our env
Damien Millerab139cd2010-07-02 13:42:18 +10001303 - djm@cvs.openbsd.org 2010/06/29 23:59:54
1304 [cert-userkey.sh]
1305 regress tests for key options in AuthorizedPrincipals
Damien Millercede1db2010-07-02 13:33:48 +10001306
Tim Rice3fd307d2010-06-26 16:45:15 -0700130720100627
1308 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
1309 key.h.
1310
Damien Miller2e774462010-06-26 09:30:47 +1000131120100626
1312 - (djm) OpenBSD CVS Sync
1313 - djm@cvs.openbsd.org 2010/05/21 05:00:36
1314 [misc.c]
1315 colon() returns char*, so s/return (0)/return NULL/
Damien Miller4fe686d2010-06-26 09:36:10 +10001316 - markus@cvs.openbsd.org 2010/06/08 21:32:19
1317 [ssh-pkcs11.c]
1318 check length of value returned C_GetAttributValue for != 0
1319 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
Damien Millerc094d1e2010-06-26 09:36:34 +10001320 - djm@cvs.openbsd.org 2010/06/17 07:07:30
1321 [mux.c]
1322 Correct sizing of object to be allocated by calloc(), replacing
1323 sizeof(state) with sizeof(*state). This worked by accident since
1324 the struct contained a single int at present, but could have broken
1325 in the future. patch from hyc AT symas.com
Damien Miller99ac4e92010-06-26 09:36:58 +10001326 - djm@cvs.openbsd.org 2010/06/18 00:58:39
1327 [sftp.c]
1328 unbreak ls in working directories that contains globbing characters in
1329 their pathnames. bz#1655 reported by vgiffin AT apple.com
Damien Miller7aa46ec2010-06-26 09:37:57 +10001330 - djm@cvs.openbsd.org 2010/06/18 03:16:03
1331 [session.c]
1332 Missing check for chroot_director == "none" (we already checked against
1333 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
Damien Miller49566312010-06-26 09:38:23 +10001334 - djm@cvs.openbsd.org 2010/06/18 04:43:08
1335 [sftp-client.c]
1336 fix memory leak in do_realpath() error path; bz#1771, patch from
1337 anicka AT suse.cz
Damien Millerab6de352010-06-26 09:38:45 +10001338 - djm@cvs.openbsd.org 2010/06/22 04:22:59
1339 [servconf.c sshd_config.5]
1340 expose some more sshd_config options inside Match blocks:
1341 AuthorizedKeysFile AuthorizedPrincipalsFile
1342 HostbasedUsesNameFromPacketOnly PermitTunnel
1343 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
Damien Millerba3420a2010-06-26 09:39:07 +10001344 - djm@cvs.openbsd.org 2010/06/22 04:32:06
1345 [ssh-keygen.c]
1346 standardise error messages when attempting to open private key
1347 files to include "progname: filename: error reason"
1348 bz#1783; ok dtucker@
Damien Miller48147d62010-06-26 09:39:25 +10001349 - djm@cvs.openbsd.org 2010/06/22 04:49:47
1350 [auth.c]
1351 queue auth debug messages for bad ownership or permissions on the user's
1352 keyfiles. These messages will be sent after the user has successfully
1353 authenticated (where our client will display them with LogLevel=debug).
Damien Miller0e76c5e2010-06-26 09:39:59 +10001354 bz#1554; ok dtucker@
1355 - djm@cvs.openbsd.org 2010/06/22 04:54:30
1356 [ssh-keyscan.c]
1357 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
1358 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
Damien Miller1b2b61e2010-06-26 09:47:43 +10001359 - djm@cvs.openbsd.org 2010/06/22 04:59:12
1360 [session.c]
1361 include the user name on "subsystem request for ..." log messages;
1362 bz#1571; ok dtucker@
Damien Millerd834d352010-06-26 09:48:02 +10001363 - djm@cvs.openbsd.org 2010/06/23 02:59:02
1364 [ssh-keygen.c]
1365 fix printing of extensions in v01 certificates that I broke in r1.190
Damien Miller232cfb12010-06-26 09:50:30 +10001366 - djm@cvs.openbsd.org 2010/06/25 07:14:46
1367 [channels.c mux.c readconf.c readconf.h ssh.h]
1368 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
1369 forwards per direction; ok markus@ stevesk@
Damien Miller8853ca52010-06-26 10:00:14 +10001370 - djm@cvs.openbsd.org 2010/06/25 07:20:04
1371 [channels.c session.c]
1372 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
1373 internal-sftp accidentally introduced in r1.253 by removing the code
1374 that opens and dup /dev/null to stderr and modifying the channels code
1375 to read stderr but discard it instead; ok markus@
Damien Millerbda3eca2010-06-26 10:01:33 +10001376 - djm@cvs.openbsd.org 2010/06/25 08:46:17
1377 [auth1.c auth2-none.c]
1378 skip the initial check for access with an empty password when
1379 PermitEmptyPasswords=no; bz#1638; ok markus@
Damien Miller383ffe62010-06-26 10:02:03 +10001380 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1381 [ssh.c]
1382 log the hostname and address that we connected to at LogLevel=verbose
1383 after authentication is successful to mitigate "phishing" attacks by
1384 servers with trusted keys that accept authentication silently and
1385 automatically before presenting fake password/passphrase prompts;
1386 "nice!" markus@
Damien Miller1ab6a512010-06-26 10:02:24 +10001387 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1388 [ssh.c]
1389 log the hostname and address that we connected to at LogLevel=verbose
1390 after authentication is successful to mitigate "phishing" attacks by
1391 servers with trusted keys that accept authentication silently and
1392 automatically before presenting fake password/passphrase prompts;
1393 "nice!" markus@
Damien Miller2e774462010-06-26 09:30:47 +10001394
Damien Millerd82a2602010-06-22 15:02:39 +1000139520100622
1396 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
1397 bz#1579; ok dtucker
1398
Damien Millerea909792010-06-18 11:09:24 +1000139920100618
1400 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
1401 rather than assuming that $CWD == $HOME. bz#1500, patch from
1402 timothy AT gelter.com
1403
Tim Riceb9ae4ec2010-06-17 11:11:44 -0700140420100617
1405 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
1406 minires-devel package, and to add the reference to the libedit-devel
1407 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
1408
Damien Miller3bcce802010-05-21 14:48:16 +1000140920100521
1410 - (djm) OpenBSD CVS Sync
1411 - djm@cvs.openbsd.org 2010/05/07 11:31:26
1412 [regress/Makefile regress/cert-userkey.sh]
1413 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
1414 feedback and ok markus@
Damien Miller3b903822010-05-21 14:56:25 +10001415 - djm@cvs.openbsd.org 2010/05/11 02:58:04
1416 [auth-rsa.c]
1417 don't accept certificates marked as "cert-authority" here; ok markus@
Damien Millerc6afb5f2010-05-21 14:56:47 +10001418 - djm@cvs.openbsd.org 2010/05/14 00:47:22
1419 [ssh-add.c]
1420 check that the certificate matches the corresponding private key before
1421 grafting it on
Damien Millerd530f5f2010-05-21 14:57:10 +10001422 - djm@cvs.openbsd.org 2010/05/14 23:29:23
1423 [channels.c channels.h mux.c ssh.c]
1424 Pause the mux channel while waiting for reply from aynch callbacks.
1425 Prevents misordering of replies if new requests arrive while waiting.
1426
1427 Extend channel open confirm callback to allow signalling failure
1428 conditions as well as success. Use this to 1) fix a memory leak, 2)
1429 start using the above pause mechanism and 3) delay sending a success/
1430 failure message on mux slave session open until we receive a reply from
1431 the server.
1432
1433 motivated by and with feedback from markus@
Damien Miller388f6fc2010-05-21 14:57:35 +10001434 - markus@cvs.openbsd.org 2010/05/16 12:55:51
1435 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
1436 mux support for remote forwarding with dynamic port allocation,
1437 use with
1438 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
1439 feedback and ok djm@
Damien Miller84399552010-05-21 14:58:12 +10001440 - djm@cvs.openbsd.org 2010/05/20 11:25:26
1441 [auth2-pubkey.c]
1442 fix logspam when key options (from="..." especially) deny non-matching
1443 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
Damien Millerd0e4a8e2010-05-21 14:58:32 +10001444 - djm@cvs.openbsd.org 2010/05/20 23:46:02
1445 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
1446 Move the permit-* options to the non-critical "extensions" field for v01
1447 certificates. The logic is that if another implementation fails to
1448 implement them then the connection just loses features rather than fails
1449 outright.
1450
1451 ok markus@
Damien Miller3bcce802010-05-21 14:48:16 +10001452
Darren Tucker5b6d0d02010-05-12 16:51:38 +1000145320100511
1454 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
1455 circular dependency problem on old or odd platforms. From Tom Lane, ok
1456 djm@.
Damien Miller4b1ec832010-05-12 17:49:59 +10001457 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
1458 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
1459 already. ok dtucker@
Darren Tucker5b6d0d02010-05-12 16:51:38 +10001460
Damien Miller50af79b2010-05-10 11:52:00 +1000146120100510
1462 - OpenBSD CVS Sync
1463 - djm@cvs.openbsd.org 2010/04/23 01:47:41
1464 [ssh-keygen.c]
1465 bz#1740: display a more helpful error message when $HOME is
1466 inaccessible while trying to create .ssh directory. Based on patch
1467 from jchadima AT redhat.com; ok dtucker@
Damien Miller85c50d72010-05-10 11:53:02 +10001468 - djm@cvs.openbsd.org 2010/04/23 22:27:38
1469 [mux.c]
1470 set "detach_close" flag when registering channel cleanup callbacks.
1471 This causes the channel to close normally when its fds close and
1472 hangs when terminating a mux slave using ~. bz#1758; ok markus@
Damien Miller22a29882010-05-10 11:53:54 +10001473 - djm@cvs.openbsd.org 2010/04/23 22:42:05
1474 [session.c]
1475 set stderr to /dev/null for subsystems rather than just closing it.
1476 avoids hangs if a subsystem or shell initialisation writes to stderr.
1477 bz#1750; ok markus@
Damien Millerbebbb7e2010-05-10 11:54:38 +10001478 - djm@cvs.openbsd.org 2010/04/23 22:48:31
1479 [ssh-keygen.c]
1480 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
1481 since we would refuse to use them anyway. bz#1516; ok dtucker@
Damien Miller79442c02010-05-10 11:55:38 +10001482 - djm@cvs.openbsd.org 2010/04/26 22:28:24
1483 [sshconnect2.c]
1484 bz#1502: authctxt.success is declared as an int, but passed by
1485 reference to function that accepts sig_atomic_t*. Convert it to
1486 the latter; ok markus@ dtucker@
Damien Miller2725c212010-05-10 11:56:14 +10001487 - djm@cvs.openbsd.org 2010/05/01 02:50:50
1488 [PROTOCOL.certkeys]
1489 typo; jmeltzer@
Damien Miller099fc162010-05-10 11:56:50 +10001490 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
1491 [sftp.c]
1492 restore mput and mget which got lost in the tab-completion changes.
1493 found by Kenneth Whitaker, ok djm@
Damien Miller30da3442010-05-10 11:58:03 +10001494 - djm@cvs.openbsd.org 2010/05/07 11:30:30
1495 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
1496 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
1497 add some optional indirection to matching of principal names listed
1498 in certificates. Currently, a certificate must include the a user's name
1499 to be accepted for authentication. This change adds the ability to
1500 specify a list of certificate principal names that are acceptable.
1501
1502 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
1503 this adds a new principals="name1[,name2,...]" key option.
1504
1505 For CAs listed through sshd_config's TrustedCAKeys option, a new config
1506 option "AuthorizedPrincipalsFile" specifies a per-user file containing
1507 the list of acceptable names.
1508
1509 If either option is absent, the current behaviour of requiring the
1510 username to appear in principals continues to apply.
1511
1512 These options are useful for role accounts, disjoint account namespaces
1513 and "user@realm"-style naming policies in certificates.
1514
1515 feedback and ok markus@
Damien Miller81d3fc52010-05-10 11:58:45 +10001516 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
1517 [sshd_config.5]
1518 tweak previous;
Damien Miller50af79b2010-05-10 11:52:00 +10001519
Darren Tucker9f8703b2010-04-23 11:12:06 +1000152020100423
1521 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
1522 in the openssl install directory (some newer openssl versions do this on at
1523 least some amd64 platforms).
1524
Damien Millerc4eddee2010-04-18 08:07:43 +1000152520100418
1526 - OpenBSD CVS Sync
1527 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
1528 [ssh_config.5]
1529 tweak previous; ok djm
Damien Miller1f181422010-04-18 08:08:03 +10001530 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
1531 [ssh-keygen.1 ssh-keygen.c]
1532 tweak previous; ok djm
Damien Millerc617aa92010-04-18 08:08:20 +10001533 - djm@cvs.openbsd.org 2010/04/16 21:14:27
1534 [sshconnect.c]
1535 oops, %r => remote username, not %u
Damien Miller53f4bb62010-04-18 08:15:14 +10001536 - djm@cvs.openbsd.org 2010/04/16 01:58:45
1537 [regress/cert-hostkey.sh regress/cert-userkey.sh]
1538 regression tests for v01 certificate format
1539 includes interop tests for v00 certs
Darren Tuckere25a9bd2010-04-18 13:35:00 +10001540 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
1541 file.
Damien Millerc4eddee2010-04-18 08:07:43 +10001542
Damien Millera45f1c02010-04-16 15:51:34 +1000154320100416
1544 - (djm) Release openssh-5.5p1
Damien Millerd6fc3062010-04-16 15:51:45 +10001545 - OpenBSD CVS Sync
1546 - djm@cvs.openbsd.org 2010/03/26 03:13:17
1547 [bufaux.c]
1548 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
1549 argument to allow skipping past values in a buffer
Damien Miller67f30d72010-04-16 15:52:03 +10001550 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
1551 [ssh.1]
1552 tweak previous;
Damien Miller544378d2010-04-16 15:52:24 +10001553 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
1554 [ssh_config.5]
1555 tweak previous; ok dtucker
Damien Millerdeb5a142010-04-16 15:52:43 +10001556 - djm@cvs.openbsd.org 2010/04/10 00:00:16
1557 [ssh.c]
1558 bz#1746 - suppress spurious tty warning when using -O and stdin
1559 is not a tty; ok dtucker@ markus@
Damien Miller67283992010-04-16 15:53:02 +10001560 - djm@cvs.openbsd.org 2010/04/10 00:04:30
1561 [sshconnect.c]
1562 fix terminology: we didn't find a certificate in known_hosts, we found
1563 a CA key
Damien Miller22c97f12010-04-16 15:53:23 +10001564 - djm@cvs.openbsd.org 2010/04/10 02:08:44
1565 [clientloop.c]
1566 bz#1698: kill channel when pty allocation requests fail. Fixed
1567 stuck client if the server refuses pty allocation.
1568 ok dtucker@ "think so" markus@
Damien Miller88680652010-04-16 15:53:43 +10001569 - djm@cvs.openbsd.org 2010/04/10 02:10:56
1570 [sshconnect2.c]
1571 show the key type that we are offering in debug(), helps distinguish
1572 between certs and plain keys as the path to the private key is usually
1573 the same.
Damien Miller601a23c2010-04-16 15:54:01 +10001574 - djm@cvs.openbsd.org 2010/04/10 05:48:16
1575 [mux.c]
1576 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
Damien Millerb1b17042010-04-16 15:54:19 +10001577 - djm@cvs.openbsd.org 2010/04/14 22:27:42
1578 [ssh_config.5 sshconnect.c]
1579 expand %r => remote username in ssh_config:ProxyCommand;
1580 ok deraadt markus
Damien Miller031c9102010-04-16 15:54:44 +10001581 - markus@cvs.openbsd.org 2010/04/15 20:32:55
1582 [ssh-pkcs11.c]
1583 retry lookup for private key if there's no matching key with CKA_SIGN
1584 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
1585 ok djm@
Damien Miller4e270b02010-04-16 15:56:21 +10001586 - djm@cvs.openbsd.org 2010/04/16 01:47:26
1587 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
1588 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
1589 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
1590 [sshconnect.c sshconnect2.c sshd.c]
1591 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
1592 following changes:
1593
1594 move the nonce field to the beginning of the certificate where it can
1595 better protect against chosen-prefix attacks on the signature hash
1596
1597 Rename "constraints" field to "critical options"
1598
1599 Add a new non-critical "extensions" field
1600
1601 Add a serial number
1602
1603 The older format is still support for authentication and cert generation
1604 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
1605
1606 ok markus@