1 20110906 2 - (djm) [README version.h] Correct version 3 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon 4 - (djm) Respin OpenSSH-5.9p1 release 5 6 20110905 7 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 8 [contrib/suse/openssh.spec] Update version numbers. 9 10 20110904 11 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal 12 regress errors for the sandbox to warnings. ok tim dtucker 13 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations 14 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen 15 support. 16 17 20110829 18 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting 19 to switch SELinux context away from unconfined_t, based on patch from 20 Jan Chadima; bz#1919 ok dtucker@ 21 22 20110827 23 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. 24 25 20110818 26 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 27 28 20110817 29 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for 30 OpenSSL 0.9.7. ok djm 31 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] 32 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen 33 - (djm) [configure.ac] error out if the host lacks the necessary bits for 34 an explicitly requested sandbox type 35 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by 36 bisson AT archlinux.org 37 - (djm) OpenBSD CVS Sync 38 - dtucker (a] cvs.openbsd.org 2011/06/03 05:35:10 39 [regress/cfgmatch.sh] 40 use OBJ to find test configs, patch from Tim Rice 41 - markus (a] cvs.openbsd.org 2011/06/30 22:44:43 42 [regress/connect-privsep.sh] 43 test with sandbox enabled; ok djm@ 44 - djm (a] cvs.openbsd.org 2011/08/02 01:23:41 45 [regress/cipher-speed.sh regress/try-ciphers.sh] 46 add SHA256/SHA512 based HMAC modes 47 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 48 MAC tests for platforms that hack EVP_SHA2 support 49 50 20110812 51 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context 52 change error by reporting old and new context names Patch from 53 jchadima at redhat. 54 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] 55 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES 56 init scrips from imorgan AT nas.nasa.gov; bz#1920 57 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the 58 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin 59 AT gmail.com; ok dtucker@ 60 61 20110807 62 - (dtucker) OpenBSD CVS Sync 63 - jmc (a] cvs.openbsd.org 2008/06/26 06:59:39 64 [moduli.5] 65 tweak previous; 66 - sobrado (a] cvs.openbsd.org 2009/10/28 08:56:54 67 [moduli.5] 68 "Diffie-Hellman" is the usual spelling for the cryptographic protocol 69 first published by Whitfield Diffie and Martin Hellman in 1976. 70 ok jmc@ 71 - jmc (a] cvs.openbsd.org 2010/10/14 20:41:28 72 [moduli.5] 73 probabalistic -> probabilistic; from naddy 74 - dtucker (a] cvs.openbsd.org 2011/08/07 12:55:30 75 [sftp.1] 76 typo, fix from Laurent Gautrot 77 78 20110805 79 - OpenBSD CVS Sync 80 - djm (a] cvs.openbsd.org 2011/06/23 23:35:42 81 [monitor.c] 82 ignore EINTR errors from poll() 83 - tedu (a] cvs.openbsd.org 2011/07/06 18:09:21 84 [authfd.c] 85 bzero the agent address. the kernel was for a while very cranky about 86 these things. evne though that's fixed, always good to initialize 87 memory. ok deraadt djm 88 - djm (a] cvs.openbsd.org 2011/07/29 14:42:45 89 [sandbox-systrace.c] 90 fail open(2) with EPERM rather than SIGKILLing the whole process. libc 91 will call open() to do strerror() when NLS is enabled; 92 feedback and ok markus@ 93 - markus (a] cvs.openbsd.org 2011/08/01 19:18:15 94 [gss-serv.c] 95 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); 96 report Adam Zabrock; ok djm@, deraadt@ 97 - djm (a] cvs.openbsd.org 2011/08/02 01:22:11 98 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] 99 Add new SHA256 and SHA512 based HMAC modes from 100 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt 101 Patch from mdb AT juniper.net; feedback and ok markus@ 102 - djm (a] cvs.openbsd.org 2011/08/02 23:13:01 103 [version.h] 104 crank now, release later 105 - djm (a] cvs.openbsd.org 2011/08/02 23:15:03 106 [ssh.c] 107 typo in comment 108 109 20110624 110 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for 111 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing 112 markus@ 113 114 20110623 115 - OpenBSD CVS Sync 116 - djm (a] cvs.openbsd.org 2011/06/22 21:47:28 117 [servconf.c] 118 reuse the multistate option arrays to pretty-print options for "sshd -T" 119 - djm (a] cvs.openbsd.org 2011/06/22 21:57:01 120 [servconf.c servconf.h sshd.c sshd_config.5] 121 [configure.ac Makefile.in] 122 introduce sandboxing of the pre-auth privsep child using systrace(4). 123 124 This introduces a new "UsePrivilegeSeparation=sandbox" option for 125 sshd_config that applies mandatory restrictions on the syscalls the 126 privsep child can perform. This prevents a compromised privsep child 127 from being used to attack other hosts (by opening sockets and proxying) 128 or probing local kernel attack surface. 129 130 The sandbox is implemented using systrace(4) in unsupervised "fast-path" 131 mode, where a list of permitted syscalls is supplied. Any syscall not 132 on the list results in SIGKILL being sent to the privsep child. Note 133 that this requires a kernel with the new SYSTR_POLICY_KILL option. 134 135 UsePrivilegeSeparation=sandbox will become the default in the future 136 so please start testing it now. 137 138 feedback dtucker@; ok markus@ 139 - djm (a] cvs.openbsd.org 2011/06/22 22:08:42 140 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] 141 hook up a channel confirm callback to warn the user then requested X11 142 forwarding was refused by the server; ok markus@ 143 - djm (a] cvs.openbsd.org 2011/06/23 09:34:13 144 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] 145 [sandbox-null.c] 146 rename sandbox.h => ssh-sandbox.h to make things easier for portable 147 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support 148 setrlimit(2) 149 150 20110620 151 - OpenBSD CVS Sync 152 - djm (a] cvs.openbsd.org 2011/06/04 00:10:26 153 [ssh_config.5] 154 explain IdentifyFile's semantics a little better, prompted by bz#1898 155 ok dtucker jmc 156 - markus (a] cvs.openbsd.org 2011/06/14 22:49:18 157 [authfile.c] 158 make sure key_parse_public/private_rsa1() no longer consumes its input 159 buffer. fixes ssh-add for passphrase-protected ssh1-keys; 160 noted by naddy@; ok djm@ 161 - djm (a] cvs.openbsd.org 2011/06/17 21:44:31 162 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] 163 make the pre-auth privsep slave log via a socketpair shared with the 164 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ 165 - djm (a] cvs.openbsd.org 2011/06/17 21:46:16 166 [sftp-server.c] 167 the protocol version should be unsigned; bz#1913 reported by mb AT 168 smartftp.com 169 - djm (a] cvs.openbsd.org 2011/06/17 21:47:35 170 [servconf.c] 171 factor out multi-choice option parsing into a parse_multistate label 172 and some support structures; ok dtucker@ 173 - djm (a] cvs.openbsd.org 2011/06/17 21:57:25 174 [clientloop.c] 175 setproctitle for a mux master that has been gracefully stopped; 176 bz#1911 from Bert.Wesarg AT googlemail.com 177 178 20110603 179 - (dtucker) [README version.h contrib/caldera/openssh.spec 180 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version 181 bumps from the 5.8p2 branch into HEAD. ok djm. 182 - (tim) [configure.ac defines.h] Run test program to detect system mail 183 directory. Add --with-maildir option to override. Fixed OpenServer 6 184 getting it wrong. Fixed many systems having MAIL=/var/mail//username 185 ok dtucker 186 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair 187 unconditionally in other places and the survey data we have does not show 188 any systems that use it. "nuke it" djm@ 189 - (djm) [configure.ac] enable setproctitle emulation for OS X 190 - (djm) OpenBSD CVS Sync 191 - djm (a] cvs.openbsd.org 2011/06/03 00:54:38 192 [ssh.c] 193 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg 194 AT googlemail.com; ok dtucker@ 195 NB. includes additional portability code to enable setproctitle emulation 196 on platforms that don't support it. 197 - dtucker (a] cvs.openbsd.org 2011/06/03 01:37:40 198 [ssh-agent.c] 199 Check current parent process ID against saved one to determine if the parent 200 has exited, rather than attempting to send a zero signal, since the latter 201 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn 202 Gillmor, ok djm@ 203 - dtucker (a] cvs.openbsd.org 2011/05/31 02:01:58 204 [regress/dynamic-forward.sh] 205 back out revs 1.6 and 1.5 since it's not reliable 206 - dtucker (a] cvs.openbsd.org 2011/05/31 02:03:34 207 [regress/dynamic-forward.sh] 208 work around startup and teardown races; caught by deraadt 209 - dtucker (a] cvs.openbsd.org 2011/06/03 00:29:52 210 [regress/dynamic-forward.sh] 211 Retry establishing the port forwarding after a small delay, should make 212 the tests less flaky when the previous test is slow to shut down and free 213 up the port. 214 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. 215 216 20110529 217 - (djm) OpenBSD CVS Sync 218 - djm (a] cvs.openbsd.org 2011/05/23 03:30:07 219 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] 220 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] 221 allow AuthorizedKeysFile to specify multiple files, separated by spaces. 222 Bring back authorized_keys2 as a default search path (to avoid breaking 223 existing users of this file), but override this in sshd_config so it will 224 be no longer used on fresh installs. Maybe in 2015 we can remove it 225 entierly :) 226 227 feedback and ok markus@ dtucker@ 228 - djm (a] cvs.openbsd.org 2011/05/23 03:33:38 229 [auth.c] 230 make secure_filename() spam debug logs less 231 - djm (a] cvs.openbsd.org 2011/05/23 03:52:55 232 [sshconnect.c] 233 remove extra newline 234 - jmc (a] cvs.openbsd.org 2011/05/23 07:10:21 235 [sshd.8 sshd_config.5] 236 tweak previous; ok djm 237 - djm (a] cvs.openbsd.org 2011/05/23 07:24:57 238 [authfile.c] 239 read in key comments for v.2 keys (though note that these are not 240 passed over the agent protocol); bz#439, based on patch from binder 241 AT arago.de; ok markus@ 242 - djm (a] cvs.openbsd.org 2011/05/24 07:15:47 243 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] 244 Remove undocumented legacy options UserKnownHostsFile2 and 245 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile 246 accept multiple paths per line and making their defaults include 247 known_hosts2; ok markus 248 - djm (a] cvs.openbsd.org 2011/05/23 03:31:31 249 [regress/cfgmatch.sh] 250 include testing of multiple/overridden AuthorizedKeysFiles 251 refactor to simply daemon start/stop and get rid of racy constructs 252 253 20110520 254 - (djm) [session.c] call setexeccon() before executing passwd for pw 255 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ 256 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options 257 options, we should corresponding -W-option when trying to determine 258 whether it is accepted. Also includes a warning fix on the program 259 fragment uses (bad main() return type). 260 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ 261 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 262 - OpenBSD CVS Sync 263 - djm (a] cvs.openbsd.org 2011/05/15 08:09:01 264 [authfd.c monitor.c serverloop.c] 265 use FD_CLOEXEC consistently; patch from zion AT x96.org 266 - djm (a] cvs.openbsd.org 2011/05/17 07:13:31 267 [key.c] 268 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 269 and fix the regress test that was trying to generate them :) 270 - djm (a] cvs.openbsd.org 2011/05/20 00:55:02 271 [servconf.c] 272 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile 273 and AuthorizedPrincipalsFile were not being correctly applied in 274 Match blocks, despite being overridable there; ok dtucker@ 275 - dtucker (a] cvs.openbsd.org 2011/05/20 02:00:19 276 [servconf.c] 277 Add comment documenting what should be after the preauth check. ok djm 278 - djm (a] cvs.openbsd.org 2011/05/20 03:25:45 279 [monitor.c monitor_wrap.c servconf.c servconf.h] 280 use a macro to define which string options to copy between configs 281 for Match. This avoids problems caused by forgetting to keep three 282 code locations in perfect sync and ordering 283 284 "this is at once beautiful and horrible" + ok dtucker@ 285 - djm (a] cvs.openbsd.org 2011/05/17 07:13:31 286 [regress/cert-userkey.sh] 287 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 288 and fix the regress test that was trying to generate them :) 289 - djm (a] cvs.openbsd.org 2011/05/20 02:43:36 290 [cert-hostkey.sh] 291 another attempt to generate a v00 ECDSA key that broke the test 292 ID sync only - portable already had this somehow 293 - dtucker (a] cvs.openbsd.org 2011/05/20 05:19:50 294 [dynamic-forward.sh] 295 Prevent races in dynamic forwarding test; ok djm 296 - dtucker (a] cvs.openbsd.org 2011/05/20 06:32:30 297 [dynamic-forward.sh] 298 fix dumb error in dynamic-forward test 299 300 20110515 301 - (djm) OpenBSD CVS Sync 302 - djm (a] cvs.openbsd.org 2011/05/05 05:12:08 303 [mux.c] 304 gracefully fall back when ControlPath is too large for a 305 sockaddr_un. ok markus@ as part of a larger diff 306 - dtucker (a] cvs.openbsd.org 2011/05/06 01:03:35 307 [sshd_config] 308 clarify language about overriding defaults. bz#1892, from Petr Cerny 309 - djm (a] cvs.openbsd.org 2011/05/06 01:09:53 310 [sftp.1] 311 mention that IPv6 addresses must be enclosed in square brackets; 312 bz#1845 313 - djm (a] cvs.openbsd.org 2011/05/06 02:05:41 314 [sshconnect2.c] 315 fix memory leak; bz#1849 ok dtucker@ 316 - djm (a] cvs.openbsd.org 2011/05/06 21:14:05 317 [packet.c packet.h] 318 set traffic class for IPv6 traffic as we do for IPv4 TOS; 319 patch from lionel AT mamane.lu via Colin Watson in bz#1855; 320 ok markus@ 321 - djm (a] cvs.openbsd.org 2011/05/06 21:18:02 322 [ssh.c ssh_config.5] 323 add a %L expansion (short-form of the local host name) for ControlPath; 324 sync some more expansions with LocalCommand; ok markus@ 325 - djm (a] cvs.openbsd.org 2011/05/06 21:31:38 326 [readconf.c ssh_config.5] 327 support negated Host matching, e.g. 328 329 Host *.example.org !c.example.org 330 User mekmitasdigoat 331 332 Will match "a.example.org", "b.example.org", but not "c.example.org" 333 ok markus@ 334 - djm (a] cvs.openbsd.org 2011/05/06 21:34:32 335 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] 336 Add a RequestTTY ssh_config option to allow configuration-based 337 control over tty allocation (like -t/-T); ok markus@ 338 - djm (a] cvs.openbsd.org 2011/05/06 21:38:58 339 [ssh.c] 340 fix dropping from previous diff 341 - djm (a] cvs.openbsd.org 2011/05/06 22:20:10 342 [PROTOCOL.mux] 343 fix numbering; from bert.wesarg AT googlemail.com 344 - jmc (a] cvs.openbsd.org 2011/05/07 23:19:39 345 [ssh_config.5] 346 - tweak previous 347 - come consistency fixes 348 ok djm 349 - jmc (a] cvs.openbsd.org 2011/05/07 23:20:25 350 [ssh.1] 351 +.It RequestTTY 352 - djm (a] cvs.openbsd.org 2011/05/08 12:52:01 353 [PROTOCOL.mux clientloop.c clientloop.h mux.c] 354 improve our behaviour when TTY allocation fails: if we are in 355 RequestTTY=auto mode (the default), then do not treat at TTY 356 allocation error as fatal but rather just restore the local TTY 357 to cooked mode and continue. This is more graceful on devices that 358 never allocate TTYs. 359 360 If RequestTTY is set to "yes" or "force", then failure to allocate 361 a TTY is fatal. 362 363 ok markus@ 364 - djm (a] cvs.openbsd.org 2011/05/10 05:46:46 365 [authfile.c] 366 despam debug() logs by detecting that we are trying to load a private key 367 in key_try_load_public() and returning early; ok markus@ 368 - djm (a] cvs.openbsd.org 2011/05/11 04:47:06 369 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] 370 remove support for authorized_keys2; it is a relic from the early days 371 of protocol v.2 support and has been undocumented for many years; 372 ok markus@ 373 - djm (a] cvs.openbsd.org 2011/05/13 00:05:36 374 [authfile.c] 375 warn on unexpected key type in key_parse_private_type() 376 - (djm) [packet.c] unbreak portability #endif 377 378 20110510 379 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 380 --with-ssl-engine which was broken with the change from deprecated 381 SSLeay_add_all_algorithms(). ok djm 382 383 20110506 384 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype 385 for closefrom() in test code. Report from Dan Wallis via Gentoo. 386 387 20110505 388 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS 389 definitions. From des AT des.no 390 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 391 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] 392 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] 393 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] 394 [regress/README.regress] Remove ssh-rand-helper and all its 395 tentacles. PRNGd seeding has been rolled into entropy.c directly. 396 Thanks to tim@ for testing on affected platforms. 397 - OpenBSD CVS Sync 398 - djm (a] cvs.openbsd.org 2011/03/10 02:52:57 399 [auth2-gss.c auth2.c auth.h] 400 allow GSSAPI authentication to detect when a server-side failure causes 401 authentication failure and don't count such failures against MaxAuthTries; 402 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock 403 - okan (a] cvs.openbsd.org 2011/03/15 10:36:02 404 [ssh-keyscan.c] 405 use timerclear macro 406 ok djm@ 407 - stevesk (a] cvs.openbsd.org 2011/03/23 15:16:22 408 [ssh-keygen.1 ssh-keygen.c] 409 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) 410 for which host keys do not exist, generate the host keys with the 411 default key file path, an empty passphrase, default bits for the key 412 type, and default comment. This will be used by /etc/rc to generate 413 new host keys. Idea from deraadt. 414 ok deraadt 415 - stevesk (a] cvs.openbsd.org 2011/03/23 16:24:56 416 [ssh-keygen.1] 417 -q not used in /etc/rc now so remove statement. 418 - stevesk (a] cvs.openbsd.org 2011/03/23 16:50:04 419 [ssh-keygen.c] 420 remove -d, documentation removed >10 years ago; ok markus 421 - jmc (a] cvs.openbsd.org 2011/03/24 15:29:30 422 [ssh-keygen.1] 423 zap trailing whitespace; 424 - stevesk (a] cvs.openbsd.org 2011/03/24 22:14:54 425 [ssh-keygen.c] 426 use strcasecmp() for "clear" cert permission option also; ok djm 427 - stevesk (a] cvs.openbsd.org 2011/03/29 18:54:17 428 [misc.c misc.h servconf.c] 429 print ipqos friendly string for sshd -T; ok markus 430 # sshd -Tf sshd_config|grep ipqos 431 ipqos lowdelay throughput 432 - djm (a] cvs.openbsd.org 2011/04/12 04:23:50 433 [ssh-keygen.c] 434 fix -Wshadow 435 - djm (a] cvs.openbsd.org 2011/04/12 05:32:49 436 [sshd.c] 437 exit with 0 status on SIGTERM; bz#1879 438 - djm (a] cvs.openbsd.org 2011/04/13 04:02:48 439 [ssh-keygen.1] 440 improve wording; bz#1861 441 - djm (a] cvs.openbsd.org 2011/04/13 04:09:37 442 [ssh-keygen.1] 443 mention valid -b sizes for ECDSA keys; bz#1862 444 - djm (a] cvs.openbsd.org 2011/04/17 22:42:42 445 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] 446 allow graceful shutdown of multiplexing: request that a mux server 447 removes its listener socket and refuse future multiplexing requests; 448 ok markus@ 449 - djm (a] cvs.openbsd.org 2011/04/18 00:46:05 450 [ssh-keygen.c] 451 certificate options are supposed to be packed in lexical order of 452 option name (though we don't actually enforce this at present). 453 Move one up that was out of sequence 454 - djm (a] cvs.openbsd.org 2011/05/04 21:15:29 455 [authfile.c authfile.h ssh-add.c] 456 allow "ssh-add - < key"; feedback and ok markus@ 457 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE 458 so autoreconf 2.68 is happy. 459 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ 460 461 20110221 462 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the 463 Cygwin-specific service installer script ssh-host-config. The actual 464 functionality is the same, the revisited version is just more 465 exact when it comes to check for problems which disallow to run 466 certain aspects of the script. So, part of this script and the also 467 rearranged service helper script library "csih" is to check if all 468 the tools required to run the script are available on the system. 469 The new script also is more thorough to inform the user why the 470 script failed. Patch from vinschen at redhat com. 471 472 20110218 473 - OpenBSD CVS Sync 474 - djm (a] cvs.openbsd.org 2011/02/16 00:31:14 475 [ssh-keysign.c] 476 make hostbased auth with ECDSA keys work correctly. Based on patch 477 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) 478 479 20110206 480 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in 481 selinux code. Patch from Leonardo Chiquitto 482 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key 483 generation and simplify. Patch from Corinna Vinschen. 484 485 20110204 486 - OpenBSD CVS Sync 487 - djm (a] cvs.openbsd.org 2011/01/31 21:42:15 488 [PROTOCOL.mux] 489 cut'n'pasto; from bert.wesarg AT googlemail.com 490 - djm (a] cvs.openbsd.org 2011/02/04 00:44:21 491 [key.c] 492 fix uninitialised nonce variable; reported by Mateusz Kocielski 493 - djm (a] cvs.openbsd.org 2011/02/04 00:44:43 494 [version.h] 495 openssh-5.8 496 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 497 [contrib/suse/openssh.spec] update versions in docs and spec files. 498 - Release OpenSSH 5.8p1 499 500 20110128 501 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled 502 before attempting setfscreatecon(). Check whether matchpathcon() 503 succeeded before using its result. Patch from cjwatson AT debian.org; 504 bz#1851 505 506 20110127 507 - (tim) [config.guess config.sub] Sync with upstream. 508 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete 509 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with 510 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white 511 space changes for consistency/readability. Makes autoconf 2.68 happy. 512 "Nice work" djm 513 514 20110125 515 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 516 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to 517 port-linux.c to avoid compilation errors. Add -lselinux to ssh when 518 building with SELinux support to avoid linking failure; report from 519 amk AT spamfence.net; ok dtucker 520 521 20110122 522 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 523 RSA_get_default_method() for the benefit of openssl versions that don't 524 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, 525 ok djm@. 526 - OpenBSD CVS Sync 527 - djm (a] cvs.openbsd.org 2011/01/22 09:18:53 528 [version.h] 529 crank to OpenSSH-5.7 530 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 531 [contrib/suse/openssh.spec] update versions in docs and spec files. 532 - (djm) Release 5.7p1 533 534 20110119 535 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead 536 of RPM so build completes. Signatures were changed to .asc since 4.1p1. 537 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 538 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- 539 release testing (random crashes and failure to load ECC keys). 540 ok dtucker@ 541 542 20110117 543 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in 544 $PATH, fix cleanup of droppings; reported by openssh AT 545 roumenpetrov.info; ok dtucker@ 546 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding 547 its unique snowflake of a gdb error to the ones we look for. 548 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running 549 ssh-add to avoid $SUDO failures on Linux 550 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new 551 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback 552 to the old values. Feedback from vapier at gentoo org and djm, ok djm. 553 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 554 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are 555 disabled on platforms that do not support them; add a "config_defined()" 556 shell function that greps for defines in config.h and use them to decide 557 on feature tests. 558 Convert a couple of existing grep's over config.h to use the new function 559 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent 560 backslash characters in filenames, enable it for Cygwin and use it to turn 561 of tests for quotes backslashes in sftp-glob.sh. 562 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 563 - (tim) [regress/agent-getpeereid.sh] shell portability fix. 564 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on 565 the tinderbox. 566 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 567 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem 568 support, based on patches from Tomas Mraz and jchadima at redhat. 569 570 20110116 571 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 572 on configurations that don't have it. 573 - OpenBSD CVS Sync 574 - djm (a] cvs.openbsd.org 2011/01/16 11:50:05 575 [clientloop.c] 576 Use atomicio when flushing protocol 1 std{out,err} buffers at 577 session close. This was a latent bug exposed by setting a SIGCHLD 578 handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 579 - djm (a] cvs.openbsd.org 2011/01/16 11:50:36 580 [sshconnect.c] 581 reset the SIGPIPE handler when forking to execute child processes; 582 ok dtucker@ 583 - djm (a] cvs.openbsd.org 2011/01/16 12:05:59 584 [clientloop.c] 585 a couple more tweaks to the post-close protocol 1 stderr/stdout flush: 586 now that we use atomicio(), convert them from while loops to if statements 587 add test and cast to compile cleanly with -Wsigned 588 589 20110114 590 - OpenBSD CVS Sync 591 - djm (a] cvs.openbsd.org 2011/01/13 21:54:53 592 [mux.c] 593 correct error messages; patch from bert.wesarg AT googlemail.com 594 - djm (a] cvs.openbsd.org 2011/01/13 21:55:25 595 [PROTOCOL.mux] 596 correct protocol names and add a couple of missing protocol number 597 defines; patch from bert.wesarg AT googlemail.com 598 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in 599 host-key-force target rather than a substitution that is replaced with a 600 comment so that the Makefile.in is still a syntactically valid Makefile 601 (useful to run the distprep target) 602 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 603 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some 604 ecdsa bits. 605 606 20110113 607 - (djm) [misc.c] include time.h for nanosleep() prototype 608 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 609 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 610 ecdsa keys. ok djm. 611 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid 612 gcc warning on platforms where it defaults to int 613 - (djm) [regress/Makefile] add a few more generated files to the clean 614 target 615 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad 616 #define that was causing diffie-hellman-group-exchange-sha256 to be 617 incorrectly disabled 618 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 619 should not depend on ECC support 620 621 20110112 622 - OpenBSD CVS Sync 623 - nicm (a] cvs.openbsd.org 2010/10/08 21:48:42 624 [openbsd-compat/glob.c] 625 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit 626 from ARG_MAX to 64K. 627 Fixes glob-using programs (notably ftp) able to be triggered to hit 628 resource limits. 629 Idea from a similar NetBSD change, original problem reported by jasper@. 630 ok millert tedu jasper 631 - djm (a] cvs.openbsd.org 2011/01/12 01:53:14 632 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS 633 and sanity check arguments (these will be unnecessary when we switch 634 struct glob members from being type into to size_t in the future); 635 "looks ok" tedu@ feedback guenther@ 636 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 637 silly warnings on write() calls we don't care succeed or not. 638 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 639 flag tests that don't depend on gcc version at all; suggested by and 640 ok dtucker@ 641 642 20110111 643 - (tim) [regress/host-expand.sh] Fix for building outside of read only 644 source tree. 645 - (djm) [platform.c] Some missing includes that show up under -Werror 646 - OpenBSD CVS Sync 647 - djm (a] cvs.openbsd.org 2011/01/08 10:51:51 648 [clientloop.c] 649 use host and not options.hostname, as the latter may have unescaped 650 substitution characters 651 - djm (a] cvs.openbsd.org 2011/01/11 06:06:09 652 [sshlogin.c] 653 fd leak on error paths; from zinovik@ 654 NB. Id sync only; we use loginrec.c that was also audited and fixed 655 recently 656 - djm (a] cvs.openbsd.org 2011/01/11 06:13:10 657 [clientloop.c ssh-keygen.c sshd.c] 658 some unsigned long long casts that make things a bit easier for 659 portable without resorting to dropping PRIu64 formats everywhere 660 661 20110109 662 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by 663 openssh AT roumenpetrov.info 664 665 20110108 666 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress 667 test on OSX and others. Reported by imorgan AT nas.nasa.gov 668 669 20110107 670 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test 671 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com 672 - djm (a] cvs.openbsd.org 2011/01/06 22:23:53 673 [ssh.c] 674 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT 675 googlemail.com; ok markus@ 676 - djm (a] cvs.openbsd.org 2011/01/06 22:23:02 677 [clientloop.c] 678 when exiting due to ServerAliveTimeout, mention the hostname that caused 679 it (useful with backgrounded controlmaster) 680 - djm (a] cvs.openbsd.org 2011/01/06 22:46:21 681 [regress/Makefile regress/host-expand.sh] 682 regress test for LocalCommand %n expansion from bert.wesarg AT 683 googlemail.com; ok markus@ 684 - djm (a] cvs.openbsd.org 2011/01/06 23:01:35 685 [sshconnect.c] 686 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; 687 ok markus@ 688 689 20110106 690 - (djm) OpenBSD CVS Sync 691 - markus (a] cvs.openbsd.org 2010/12/08 22:46:03 692 [scp.1 scp.c] 693 add a new -3 option to scp: Copies between two remote hosts are 694 transferred through the local host. Without this option the data 695 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) 696 - jmc (a] cvs.openbsd.org 2010/12/09 14:13:33 697 [scp.1 scp.c] 698 scp.1: grammer fix 699 scp.c: add -3 to usage() 700 - markus (a] cvs.openbsd.org 2010/12/14 11:59:06 701 [sshconnect.c] 702 don't mention key type in key-changed-warning, since we also print 703 this warning if a new key type appears. ok djm@ 704 - djm (a] cvs.openbsd.org 2010/12/15 00:49:27 705 [readpass.c] 706 fix ControlMaster=ask regression 707 reset SIGCHLD handler before fork (and restore it after) so we don't miss 708 the the askpass child's exit status. Correct test for exit status/signal to 709 account for waitpid() failure; with claudio@ ok claudio@ markus@ 710 - djm (a] cvs.openbsd.org 2010/12/24 21:41:48 711 [auth-options.c] 712 don't send the actual forced command in a debug message; ok markus deraadt 713 - otto (a] cvs.openbsd.org 2011/01/04 20:44:13 714 [ssh-keyscan.c] 715 handle ecdsa-sha2 with various key lengths; hint and ok djm@ 716 717 20110104 718 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 719 formatter if it is present, followed by nroff and groff respectively. 720 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports 721 in favour of mandoc). feedback and ok tim 722 723 20110103 724 - (djm) [Makefile.in] revert local hack I didn't intend to commit 725 726 20110102 727 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 728 - (djm) [configure.ac] Check whether libdes is needed when building 729 with Heimdal krb5 support. On OpenBSD this library no longer exists, 730 so linking it unconditionally causes a build failure; ok dtucker 731 732 20101226 733 - (dtucker) OpenBSD CVS Sync 734 - djm (a] cvs.openbsd.org 2010/12/08 04:02:47 735 [ssh_config.5 sshd_config.5] 736 explain that IPQoS arguments are separated by whitespace; iirc requested 737 by jmc@ a while back 738 739 20101205 740 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from 741 debugging. Spotted by djm. 742 - (dtucker) OpenBSD CVS Sync 743 - djm (a] cvs.openbsd.org 2010/12/03 23:49:26 744 [schnorr.c] 745 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao 746 (this code is still disabled, but apprently people are treating it as 747 a reference implementation) 748 - djm (a] cvs.openbsd.org 2010/12/03 23:55:27 749 [auth-rsa.c] 750 move check for revoked keys to run earlier (in auth_rsa_key_allowed) 751 bz#1829; patch from ldv AT altlinux.org; ok markus@ 752 - djm (a] cvs.openbsd.org 2010/12/04 00:18:01 753 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] 754 add a protocol extension to support a hard link operation. It is 755 available through the "ln" command in the client. The old "ln" 756 behaviour of creating a symlink is available using its "-s" option 757 or through the preexisting "symlink" command; based on a patch from 758 miklos AT szeredi.hu in bz#1555; ok markus@ 759 - djm (a] cvs.openbsd.org 2010/12/04 13:31:37 760 [hostfile.c] 761 fix fd leak; spotted and ok dtucker 762 - djm (a] cvs.openbsd.org 2010/12/04 00:21:19 763 [regress/sftp-cmds.sh] 764 adjust for hard-link support 765 - (dtucker) [regress/Makefile] Id sync. 766 767 20101204 768 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) 769 instead of (arc4random() % range) 770 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 771 shims for the new, non-deprecated OpenSSL key generation functions for 772 platforms that don't have the new interfaces. 773 774 20101201 775 - OpenBSD CVS Sync 776 - deraadt (a] cvs.openbsd.org 2010/11/20 05:12:38 777 [auth2-pubkey.c] 778 clean up cases of ;; 779 - djm (a] cvs.openbsd.org 2010/11/21 01:01:13 780 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] 781 honour $TMPDIR for client xauth and ssh-agent temporary directories; 782 feedback and ok markus@ 783 - djm (a] cvs.openbsd.org 2010/11/21 10:57:07 784 [authfile.c] 785 Refactor internals of private key loading and saving to work on memory 786 buffers rather than directly on files. This will make a few things 787 easier to do in the future; ok markus@ 788 - djm (a] cvs.openbsd.org 2010/11/23 02:35:50 789 [auth.c] 790 use strict_modes already passed as function argument over referencing 791 global options.strict_modes 792 - djm (a] cvs.openbsd.org 2010/11/23 23:57:24 793 [clientloop.c] 794 avoid NULL deref on receiving a channel request on an unknown or invalid 795 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 796 - djm (a] cvs.openbsd.org 2010/11/24 01:24:14 797 [channels.c] 798 remove a debug() that pollutes stderr on client connecting to a server 799 in debug mode (channel_close_fds is called transitively from the session 800 code post-fork); bz#1719, ok dtucker 801 - djm (a] cvs.openbsd.org 2010/11/25 04:10:09 802 [session.c] 803 replace close() loop for fds 3->64 with closefrom(); 804 ok markus deraadt dtucker 805 - djm (a] cvs.openbsd.org 2010/11/26 05:52:49 806 [scp.c] 807 Pass through ssh command-line flags and options when doing remote-remote 808 transfers, e.g. to enable agent forwarding which is particularly useful 809 in this case; bz#1837 ok dtucker@ 810 - markus (a] cvs.openbsd.org 2010/11/29 18:57:04 811 [authfile.c] 812 correctly load comment for encrypted rsa1 keys; 813 report/fix Joachim Schipper; ok djm@ 814 - djm (a] cvs.openbsd.org 2010/11/29 23:45:51 815 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] 816 [sshconnect.h sshconnect2.c] 817 automatically order the hostkeys requested by the client based on 818 which hostkeys are already recorded in known_hosts. This avoids 819 hostkey warnings when connecting to servers with new ECDSA keys 820 that are preferred by default; with markus@ 821 822 20101124 823 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 824 into the platform-specific code Only affects SCO, tested by and ok tim@. 825 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow 826 group read/write. ok dtucker@ 827 - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 828 - (djm) [defines.h] Add IP DSCP defines 829 830 20101122 831 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch 832 from vapier at gentoo org. 833 834 20101120 835 - OpenBSD CVS Sync 836 - djm (a] cvs.openbsd.org 2010/11/05 02:46:47 837 [packet.c] 838 whitespace KNF 839 - djm (a] cvs.openbsd.org 2010/11/10 01:33:07 840 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] 841 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. 842 these have been around for years by this time. ok markus 843 - djm (a] cvs.openbsd.org 2010/11/13 23:27:51 844 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] 845 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] 846 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of 847 hardcoding lowdelay/throughput. 848 849 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 850 - jmc (a] cvs.openbsd.org 2010/11/15 07:40:14 851 [ssh_config.5] 852 libary -> library; 853 - jmc (a] cvs.openbsd.org 2010/11/18 15:01:00 854 [scp.1 sftp.1 ssh.1 sshd_config.5] 855 add IPQoS to the various -o lists, and zap some trailing whitespace; 856 857 20101111 858 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on 859 platforms that don't support ECC. Fixes some spurious warnings reported 860 by tim@ 861 862 20101109 863 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. 864 Feedback from dtucker@ 865 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 866 support for platforms missing isblank(). ok djm@ 867 868 20101108 869 - (tim) [regress/Makefile] Fixes to allow building/testing outside source 870 tree. 871 - (tim) [regress/kextype.sh] Shell portability fix. 872 873 20101107 874 - (dtucker) [platform.c] includes.h instead of defines.h so that we get 875 the correct typedefs. 876 877 20101105 878 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 879 int. Should fix bz#1817 cleanly; ok dtucker@ 880 - OpenBSD CVS Sync 881 - djm (a] cvs.openbsd.org 2010/09/22 12:26:05 882 [regress/Makefile regress/kextype.sh] 883 regress test for each of the key exchange algorithms that we support 884 - djm (a] cvs.openbsd.org 2010/10/28 11:22:09 885 [authfile.c key.c key.h ssh-keygen.c] 886 fix a possible NULL deref on loading a corrupt ECDH key 887 888 store ECDH group information in private keys files as "named groups" 889 rather than as a set of explicit group parameters (by setting 890 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and 891 retrieves the group's OpenSSL NID that we need for various things. 892 - jmc (a] cvs.openbsd.org 2010/10/28 18:33:28 893 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 894 knock out some "-*- nroff -*-" lines; 895 - djm (a] cvs.openbsd.org 2010/11/04 02:45:34 896 [sftp-server.c] 897 umask should be parsed as octal. reported by candland AT xmission.com; 898 ok markus@ 899 - (dtucker) [configure.ac platform.{c,h} session.c 900 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. 901 Patch from cory.erickson at csu mnscu edu with a bit of rework from me. 902 ok djm@ 903 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 904 after the user's groups are established and move the selinux calls into it. 905 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 906 platform.c 907 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 908 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to 909 retain previous behavior. 910 - (dtucker) [platform.c session.c] Move the PAM credential establishment for 911 the LOGIN_CAP case into platform.c. 912 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 913 platform.c 914 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. 915 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 916 platform.c. 917 - (dtucker) [platform.c session.c] Move PAM credential establishment for the 918 non-LOGIN_CAP case into platform.c. 919 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 920 check into platform.c 921 - (dtucker) [regress/keytype.sh] Import new test. 922 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 923 Import recent changes to regress/Makefile, pass a flag to enable ECC tests 924 from configure through to regress/Makefile and use it in the tests. 925 - (dtucker) [regress/kextype.sh] Add missing "test". 926 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not 927 strictly correct since while ECC requires sha256 the reverse is not true 928 however it does prevent spurious test failures. 929 - (dtucker) [platform.c] Need servconf.h and extern options. 930 931 20101025 932 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 933 1.12 to unbreak Solaris build. 934 ok djm@ 935 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a 936 native one. 937 938 20101024 939 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 940 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms 941 which don't have ECC support in libcrypto. 942 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms 943 which don't have ECC support in libcrypto. 944 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't 945 have it. 946 - (dtucker) OpenBSD CVS Sync 947 - sthen (a] cvs.openbsd.org 2010/10/23 22:06:12 948 [sftp.c] 949 escape '[' in filename tab-completion; fix a type while there. 950 ok djm@ 951 952 20101021 953 - OpenBSD CVS Sync 954 - dtucker (a] cvs.openbsd.org 2010/10/12 02:22:24 955 [mux.c] 956 Typo in confirmation message. bz#1827, patch from imorgan at 957 nas nasa gov 958 - djm (a] cvs.openbsd.org 2010/08/31 12:24:09 959 [regress/cert-hostkey.sh regress/cert-userkey.sh] 960 tests for ECDSA certificates 961 962 20101011 963 - (djm) [canohost.c] Zero a4 instead of addr to better match type. 964 bz#1825, reported by foo AT mailinator.com 965 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 966 967 20101011 968 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 969 dr AT vasco.com 970 971 20101007 972 - (djm) [ssh-agent.c] Fix type for curve name. 973 - (djm) OpenBSD CVS Sync 974 - matthew (a] cvs.openbsd.org 2010/09/24 13:33:00 975 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] 976 [openbsd-compat/timingsafe_bcmp.c] 977 Add timingsafe_bcmp(3) to libc, mention that it's already in the 978 kernel in kern(9), and remove it from OpenSSH. 979 ok deraadt@, djm@ 980 NB. re-added under openbsd-compat/ for portable OpenSSH 981 - djm (a] cvs.openbsd.org 2010/09/25 09:30:16 982 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] 983 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server 984 rountrips to fetch per-file stat(2) information. 985 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to 986 match. 987 - djm (a] cvs.openbsd.org 2010/09/26 22:26:33 988 [sftp.c] 989 when performing an "ls" in columnated (short) mode, only call 990 ioctl(TIOCGWINSZ) once to get the window width instead of per- 991 filename 992 - djm (a] cvs.openbsd.org 2010/09/30 11:04:51 993 [servconf.c] 994 prevent free() of string in .rodata when overriding AuthorizedKeys in 995 a Match block; patch from rein AT basefarm.no 996 - djm (a] cvs.openbsd.org 2010/10/01 23:05:32 997 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] 998 adapt to API changes in openssl-1.0.0a 999 NB. contains compat code to select correct API for older OpenSSL 1000 - djm (a] cvs.openbsd.org 2010/10/05 05:13:18 1001 [sftp.c sshconnect.c] 1002 use default shell /bin/sh if $SHELL is ""; ok markus@ 1003 - djm (a] cvs.openbsd.org 2010/10/06 06:39:28 1004 [clientloop.c ssh.c sshconnect.c sshconnect.h] 1005 kill proxy command on fatal() (we already kill it on clean exit); 1006 ok markus@ 1007 - djm (a] cvs.openbsd.org 2010/10/06 21:10:21 1008 [sshconnect.c] 1009 swapped args to kill(2) 1010 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 1011 - (djm) [cipher-acss.c] Add missing header. 1012 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 1013 1014 20100924 1015 - (djm) OpenBSD CVS Sync 1016 - naddy (a] cvs.openbsd.org 2010/09/10 15:19:29 1017 [ssh-keygen.1] 1018 * mention ECDSA in more places 1019 * less repetition in FILES section 1020 * SSHv1 keys are still encrypted with 3DES 1021 help and ok jmc@ 1022 - djm (a] cvs.openbsd.org 2010/09/11 21:44:20 1023 [ssh.1] 1024 mention RFC 5656 for ECC stuff 1025 - jmc (a] cvs.openbsd.org 2010/09/19 21:30:05 1026 [sftp.1] 1027 more wacky macro fixing; 1028 - djm (a] cvs.openbsd.org 2010/09/20 04:41:47 1029 [ssh.c] 1030 install a SIGCHLD handler to reap expiried child process; ok markus@ 1031 - djm (a] cvs.openbsd.org 2010/09/20 04:50:53 1032 [jpake.c schnorr.c] 1033 check that received values are smaller than the group size in the 1034 disabled and unfinished J-PAKE code. 1035 avoids catastrophic security failure found by Sebastien Martini 1036 - djm (a] cvs.openbsd.org 2010/09/20 04:54:07 1037 [jpake.c] 1038 missing #include 1039 - djm (a] cvs.openbsd.org 2010/09/20 07:19:27 1040 [mux.c] 1041 "atomically" create the listening mux socket by binding it on a temorary 1042 name and then linking it into position after listen() has succeeded. 1043 this allows the mux clients to determine that the server socket is 1044 either ready or stale without races. stale server sockets are now 1045 automatically removed 1046 ok deraadt 1047 - djm (a] cvs.openbsd.org 2010/09/22 05:01:30 1048 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] 1049 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] 1050 add a KexAlgorithms knob to the client and server configuration to allow 1051 selection of which key exchange methods are used by ssh(1) and sshd(8) 1052 and their order of preference. 1053 ok markus@ 1054 - jmc (a] cvs.openbsd.org 2010/09/22 08:30:08 1055 [ssh.1 ssh_config.5] 1056 ssh.1: add kexalgorithms to the -o list 1057 ssh_config.5: format the kexalgorithms in a more consistent 1058 (prettier!) way 1059 ok djm 1060 - djm (a] cvs.openbsd.org 2010/09/22 22:58:51 1061 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] 1062 [sftp-client.h sftp.1 sftp.c] 1063 add an option per-read/write callback to atomicio 1064 1065 factor out bandwidth limiting code from scp(1) into a generic bandwidth 1066 limiter that can be attached using the atomicio callback mechanism 1067 1068 add a bandwidth limit option to sftp(1) using the above 1069 "very nice" markus@ 1070 - jmc (a] cvs.openbsd.org 2010/09/23 13:34:43 1071 [sftp.c] 1072 add [-l limit] to usage(); 1073 - jmc (a] cvs.openbsd.org 2010/09/23 13:36:46 1074 [scp.1 sftp.1] 1075 add KexAlgorithms to the -o list; 1076 1077 20100910 1078 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact 1079 return code since it can apparently return -1 under some conditions. From 1080 openssh bugs werbittewas de, ok djm@ 1081 - OpenBSD CVS Sync 1082 - djm (a] cvs.openbsd.org 2010/08/31 12:33:38 1083 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 1084 reintroduce commit from tedu@, which I pulled out for release 1085 engineering: 1086 OpenSSL_add_all_algorithms is the name of the function we have a 1087 man page for, so use that. ok djm 1088 - jmc (a] cvs.openbsd.org 2010/08/31 17:40:54 1089 [ssh-agent.1] 1090 fix some macro abuse; 1091 - jmc (a] cvs.openbsd.org 2010/08/31 21:14:58 1092 [ssh.1] 1093 small text tweak to accommodate previous; 1094 - naddy (a] cvs.openbsd.org 2010/09/01 15:21:35 1095 [servconf.c] 1096 pick up ECDSA host key by default; ok djm@ 1097 - markus (a] cvs.openbsd.org 2010/09/02 16:07:25 1098 [ssh-keygen.c] 1099 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 1100 - markus (a] cvs.openbsd.org 2010/09/02 16:08:39 1101 [ssh.c] 1102 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 1103 - naddy (a] cvs.openbsd.org 2010/09/02 17:21:50 1104 [ssh-keygen.c] 1105 Switch ECDSA default key size to 256 bits, which according to RFC5656 1106 should still be better than our current RSA-2048 default. 1107 ok djm@, markus@ 1108 - jmc (a] cvs.openbsd.org 2010/09/03 11:09:29 1109 [scp.1] 1110 add an EXIT STATUS section for /usr/bin; 1111 - jmc (a] cvs.openbsd.org 2010/09/04 09:38:34 1112 [ssh-add.1 ssh.1] 1113 two more EXIT STATUS sections; 1114 - naddy (a] cvs.openbsd.org 2010/09/06 17:10:19 1115 [sshd_config] 1116 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste 1117 <mattieu.b (a] gmail.com> 1118 ok deraadt@ 1119 - djm (a] cvs.openbsd.org 2010/09/08 03:54:36 1120 [authfile.c] 1121 typo 1122 - deraadt (a] cvs.openbsd.org 2010/09/08 04:13:31 1123 [compress.c] 1124 work around name-space collisions some buggy compilers (looking at you 1125 gcc, at least in earlier versions, but this does not forgive your current 1126 transgressions) seen between zlib and openssl 1127 ok djm 1128 - djm (a] cvs.openbsd.org 2010/09/09 10:45:45 1129 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] 1130 ECDH/ECDSA compliance fix: these methods vary the hash function they use 1131 (SHA256/384/512) depending on the length of the curve in use. The previous 1132 code incorrectly used SHA256 in all cases. 1133 1134 This fix will cause authentication failure when using 384 or 521-bit curve 1135 keys if one peer hasn't been upgraded and the other has. (256-bit curve 1136 keys work ok). In particular you may need to specify HostkeyAlgorithms 1137 when connecting to a server that has not been upgraded from an upgraded 1138 client. 1139 1140 ok naddy@ 1141 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 1142 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] 1143 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on 1144 platforms that don't have the requisite OpenSSL support. ok dtucker@ 1145 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 1146 for missing headers and compiler warnings. 1147 1148 20100831 1149 - OpenBSD CVS Sync 1150 - jmc (a] cvs.openbsd.org 2010/08/08 19:36:30 1151 [ssh-keysign.8 ssh.1 sshd.8] 1152 use the same template for all FILES sections; i.e. -compact/.Pp where we 1153 have multiple items, and .Pa for path names; 1154 - tedu (a] cvs.openbsd.org 2010/08/12 23:34:39 1155 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 1156 OpenSSL_add_all_algorithms is the name of the function we have a man page 1157 for, so use that. ok djm 1158 - djm (a] cvs.openbsd.org 2010/08/16 04:06:06 1159 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 1160 backout previous temporarily; discussed with deraadt@ 1161 - djm (a] cvs.openbsd.org 2010/08/31 09:58:37 1162 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] 1163 [packet.h ssh-dss.c ssh-rsa.c] 1164 Add buffer_get_cstring() and related functions that verify that the 1165 string extracted from the buffer contains no embedded \0 characters* 1166 This prevents random (possibly malicious) crap from being appended to 1167 strings where it would not be noticed if the string is used with 1168 a string(3) function. 1169 1170 Use the new API in a few sensitive places. 1171 1172 * actually, we allow a single one at the end of the string for now because 1173 we don't know how many deployed implementations get this wrong, but don't 1174 count on this to remain indefinitely. 1175 - djm (a] cvs.openbsd.org 2010/08/31 11:54:45 1176 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] 1177 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] 1178 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] 1179 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] 1180 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] 1181 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] 1182 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] 1183 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and 1184 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer 1185 better performance than plain DH and DSA at the same equivalent symmetric 1186 key length, as well as much shorter keys. 1187 1188 Only the mandatory sections of RFC5656 are implemented, specifically the 1189 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and 1190 ECDSA. Point compression (optional in RFC5656 is NOT implemented). 1191 1192 Certificate host and user keys using the new ECDSA key types are supported. 1193 1194 Note that this code has not been tested for interoperability and may be 1195 subject to change. 1196 1197 feedback and ok markus@ 1198 - (djm) [Makefile.in] Add new ECC files 1199 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include 1200 includes.h 1201 1202 20100827 1203 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, 1204 remove. Patch from martynas at venck us 1205 1206 20100823 1207 - (djm) Release OpenSSH-5.6p1 1208 1209 20100816 1210 - (dtucker) [configure.ac openbsd-compat/Makefile.in 1211 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to 1212 the compat library which helps on platforms like old IRIX. Based on work 1213 by djm, tested by Tom Christensen. 1214 - OpenBSD CVS Sync 1215 - djm (a] cvs.openbsd.org 2010/08/12 21:49:44 1216 [ssh.c] 1217 close any extra file descriptors inherited from parent at start and 1218 reopen stdin/stdout to /dev/null when forking for ControlPersist. 1219 1220 prevents tools that fork and run a captive ssh for communication from 1221 failing to exit when the ssh completes while they wait for these fds to 1222 close. The inherited fds may persist arbitrarily long if a background 1223 mux master has been started by ControlPersist. cvs and scp were effected 1224 by this. 1225 1226 "please commit" markus@ 1227 - (djm) [regress/README.regress] typo 1228 1229 20100812 1230 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh 1231 regress/test-exec.sh] Under certain conditions when testing with sudo 1232 tests would fail because the pidfile could not be read by a regular user. 1233 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" 1234 Make sure cat is run by $SUDO. no objection from me. djm@ 1235 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. 1236 1237 20100809 1238 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is 1239 already set. Makes FreeBSD user openable tunnels useful; patch from 1240 richard.burakowski+ossh AT mrburak.net, ok dtucker@ 1241 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. 1242 based in part on a patch from Colin Watson, ok djm@ 1243 1244 20100809 1245 - OpenBSD CVS Sync 1246 - djm (a] cvs.openbsd.org 2010/08/08 16:26:42 1247 [version.h] 1248 crank to 5.6 1249 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1250 [contrib/suse/openssh.spec] Crank version numbers 1251 1252 20100805 1253 - OpenBSD CVS Sync 1254 - djm (a] cvs.openbsd.org 2010/08/04 05:37:01 1255 [ssh.1 ssh_config.5 sshd.8] 1256 Remove mentions of weird "addr/port" alternate address format for IPv6 1257 addresses combinations. It hasn't worked for ages and we have supported 1258 the more commen "[addr]:port" format for a long time. ok jmc@ markus@ 1259 - djm (a] cvs.openbsd.org 2010/08/04 05:40:39 1260 [PROTOCOL.certkeys ssh-keygen.c] 1261 tighten the rules for certificate encoding by requiring that options 1262 appear in lexical order and make our ssh-keygen comply. ok markus@ 1263 - djm (a] cvs.openbsd.org 2010/08/04 05:42:47 1264 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] 1265 [ssh-keysign.c ssh.c] 1266 enable certificates for hostbased authentication, from Iain Morgan; 1267 "looks ok" markus@ 1268 - djm (a] cvs.openbsd.org 2010/08/04 05:49:22 1269 [authfile.c] 1270 commited the wrong version of the hostbased certificate diff; this 1271 version replaces some strlc{py,at} verbosity with xasprintf() at 1272 the request of markus@ 1273 - djm (a] cvs.openbsd.org 2010/08/04 06:07:11 1274 [ssh-keygen.1 ssh-keygen.c] 1275 Support CA keys in PKCS#11 tokens; feedback and ok markus@ 1276 - djm (a] cvs.openbsd.org 2010/08/04 06:08:40 1277 [ssh-keysign.c] 1278 clean for -Wuninitialized (Id sync only; portable had this change) 1279 - djm (a] cvs.openbsd.org 2010/08/05 13:08:42 1280 [channels.c] 1281 Fix a trio of bugs in the local/remote window calculation for datagram 1282 data channels (i.e. TunnelForward): 1283 1284 Calculate local_consumed correctly in channel_handle_wfd() by measuring 1285 the delta to buffer_len(c->output) from when we start to when we finish. 1286 The proximal problem here is that the output_filter we use in portable 1287 modified the length of the dequeued datagram (to futz with the headers 1288 for !OpenBSD). 1289 1290 In channel_output_poll(), don't enqueue datagrams that won't fit in the 1291 peer's advertised packet size (highly unlikely to ever occur) or which 1292 won't fit in the peer's remaining window (more likely). 1293 1294 In channel_input_data(), account for the 4-byte string header in 1295 datagram packets that we accept from the peer and enqueue in c->output. 1296 1297 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; 1298 "looks good" markus@ 1299 1300 20100803 1301 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from 1302 PAM to sane values in case the PAM method doesn't write to them. Spotted by 1303 Bitman Zhou, ok djm@. 1304 - OpenBSD CVS Sync 1305 - djm (a] cvs.openbsd.org 2010/07/16 04:45:30 1306 [ssh-keygen.c] 1307 avoid bogus compiler warning 1308 - djm (a] cvs.openbsd.org 2010/07/16 14:07:35 1309 [ssh-rsa.c] 1310 more timing paranoia - compare all parts of the expected decrypted 1311 data before returning. AFAIK not exploitable in the SSH protocol. 1312 "groovy" deraadt@ 1313 - djm (a] cvs.openbsd.org 2010/07/19 03:16:33 1314 [sftp-client.c] 1315 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive 1316 upload depth checks and causing verbose printing of transfers to always 1317 be turned on; patch from imorgan AT nas.nasa.gov 1318 - djm (a] cvs.openbsd.org 2010/07/19 09:15:12 1319 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] 1320 add a "ControlPersist" option that automatically starts a background 1321 ssh(1) multiplex master when connecting. This connection can stay alive 1322 indefinitely, or can be set to automatically close after a user-specified 1323 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but 1324 further hacked on by wmertens AT cisco.com, apb AT cequrux.com, 1325 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ 1326 - djm (a] cvs.openbsd.org 2010/07/21 02:10:58 1327 [misc.c] 1328 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern 1329 - dtucker (a] cvs.openbsd.org 2010/07/23 08:49:25 1330 [ssh.1] 1331 Ciphers is documented in ssh_config(5) these days 1332 1333 20100819 1334 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more 1335 details about its behaviour WRT existing directories. Patch from 1336 asguthrie at gmail com, ok djm. 1337 1338 20100716 1339 - (djm) OpenBSD CVS Sync 1340 - djm (a] cvs.openbsd.org 2010/07/02 04:32:44 1341 [misc.c] 1342 unbreak strdelim() skipping past quoted strings, e.g. 1343 AllowUsers "blah blah" blah 1344 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com 1345 ok dtucker; 1346 - djm (a] cvs.openbsd.org 2010/07/12 22:38:52 1347 [ssh.c] 1348 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") 1349 for protocol 2. ok markus@ 1350 - djm (a] cvs.openbsd.org 2010/07/12 22:41:13 1351 [ssh.c ssh_config.5] 1352 expand %h to the hostname in ssh_config Hostname options. While this 1353 sounds useless, it is actually handy for working with unqualified 1354 hostnames: 1355 1356 Host *.* 1357 Hostname %h 1358 Host * 1359 Hostname %h.example.org 1360 1361 "I like it" markus@ 1362 - djm (a] cvs.openbsd.org 2010/07/13 11:52:06 1363 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] 1364 [packet.c ssh-rsa.c] 1365 implement a timing_safe_cmp() function to compare memory without leaking 1366 timing information by short-circuiting like memcmp() and use it for 1367 some of the more sensitive comparisons (though nothing high-value was 1368 readily attackable anyway); "looks ok" markus@ 1369 - djm (a] cvs.openbsd.org 2010/07/13 23:13:16 1370 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] 1371 [ssh-rsa.c] 1372 s/timing_safe_cmp/timingsafe_bcmp/g 1373 - jmc (a] cvs.openbsd.org 2010/07/14 17:06:58 1374 [ssh.1] 1375 finally ssh synopsis looks nice again! this commit just removes a ton of 1376 hacks we had in place to make it work with old groff; 1377 - schwarze (a] cvs.openbsd.org 2010/07/15 21:20:38 1378 [ssh-keygen.1] 1379 repair incorrect block nesting, which screwed up indentation; 1380 problem reported and fix OK by jmc@ 1381 1382 20100714 1383 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass 1384 (line 77) should have been for no_x11_askpass. 1385 1386 20100702 1387 - (djm) OpenBSD CVS Sync 1388 - jmc (a] cvs.openbsd.org 2010/06/26 00:57:07 1389 [ssh_config.5] 1390 tweak previous; 1391 - djm (a] cvs.openbsd.org 2010/06/26 23:04:04 1392 [ssh.c] 1393 oops, forgot to #include <canohost.h>; spotted and patch from chl@ 1394 - djm (a] cvs.openbsd.org 2010/06/29 23:15:30 1395 [ssh-keygen.1 ssh-keygen.c] 1396 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; 1397 bz#1749; ok markus@ 1398 - djm (a] cvs.openbsd.org 2010/06/29 23:16:46 1399 [auth2-pubkey.c sshd_config.5] 1400 allow key options (command="..." and friends) in AuthorizedPrincipals; 1401 ok markus@ 1402 - jmc (a] cvs.openbsd.org 2010/06/30 07:24:25 1403 [ssh-keygen.1] 1404 tweak previous; 1405 - jmc (a] cvs.openbsd.org 2010/06/30 07:26:03 1406 [ssh-keygen.c] 1407 sort usage(); 1408 - jmc (a] cvs.openbsd.org 2010/06/30 07:28:34 1409 [sshd_config.5] 1410 tweak previous; 1411 - millert (a] cvs.openbsd.org 2010/07/01 13:06:59 1412 [scp.c] 1413 Fix a longstanding problem where if you suspend scp at the 1414 password/passphrase prompt the terminal mode is not restored. 1415 OK djm@ 1416 - phessler (a] cvs.openbsd.org 2010/06/27 19:19:56 1417 [regress/Makefile] 1418 fix how we run the tests so we can successfully use SUDO='sudo -E' 1419 in our env 1420 - djm (a] cvs.openbsd.org 2010/06/29 23:59:54 1421 [cert-userkey.sh] 1422 regress tests for key options in AuthorizedPrincipals 1423 1424 20100627 1425 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs 1426 key.h. 1427 1428 20100626 1429 - (djm) OpenBSD CVS Sync 1430 - djm (a] cvs.openbsd.org 2010/05/21 05:00:36 1431 [misc.c] 1432 colon() returns char*, so s/return (0)/return NULL/ 1433 - markus (a] cvs.openbsd.org 2010/06/08 21:32:19 1434 [ssh-pkcs11.c] 1435 check length of value returned C_GetAttributValue for != 0 1436 from mdrtbugzilla (a] codefive.co.uk; bugzilla #1773; ok dtucker@ 1437 - djm (a] cvs.openbsd.org 2010/06/17 07:07:30 1438 [mux.c] 1439 Correct sizing of object to be allocated by calloc(), replacing 1440 sizeof(state) with sizeof(*state). This worked by accident since 1441 the struct contained a single int at present, but could have broken 1442 in the future. patch from hyc AT symas.com 1443 - djm (a] cvs.openbsd.org 2010/06/18 00:58:39 1444 [sftp.c] 1445 unbreak ls in working directories that contains globbing characters in 1446 their pathnames. bz#1655 reported by vgiffin AT apple.com 1447 - djm (a] cvs.openbsd.org 2010/06/18 03:16:03 1448 [session.c] 1449 Missing check for chroot_director == "none" (we already checked against 1450 NULL); bz#1564 from Jan.Pechanec AT Sun.COM 1451 - djm (a] cvs.openbsd.org 2010/06/18 04:43:08 1452 [sftp-client.c] 1453 fix memory leak in do_realpath() error path; bz#1771, patch from 1454 anicka AT suse.cz 1455 - djm (a] cvs.openbsd.org 2010/06/22 04:22:59 1456 [servconf.c sshd_config.5] 1457 expose some more sshd_config options inside Match blocks: 1458 AuthorizedKeysFile AuthorizedPrincipalsFile 1459 HostbasedUsesNameFromPacketOnly PermitTunnel 1460 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ 1461 - djm (a] cvs.openbsd.org 2010/06/22 04:32:06 1462 [ssh-keygen.c] 1463 standardise error messages when attempting to open private key 1464 files to include "progname: filename: error reason" 1465 bz#1783; ok dtucker@ 1466 - djm (a] cvs.openbsd.org 2010/06/22 04:49:47 1467 [auth.c] 1468 queue auth debug messages for bad ownership or permissions on the user's 1469 keyfiles. These messages will be sent after the user has successfully 1470 authenticated (where our client will display them with LogLevel=debug). 1471 bz#1554; ok dtucker@ 1472 - djm (a] cvs.openbsd.org 2010/06/22 04:54:30 1473 [ssh-keyscan.c] 1474 replace verbose and overflow-prone Linebuf code with read_keyfile_line() 1475 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ 1476 - djm (a] cvs.openbsd.org 2010/06/22 04:59:12 1477 [session.c] 1478 include the user name on "subsystem request for ..." log messages; 1479 bz#1571; ok dtucker@ 1480 - djm (a] cvs.openbsd.org 2010/06/23 02:59:02 1481 [ssh-keygen.c] 1482 fix printing of extensions in v01 certificates that I broke in r1.190 1483 - djm (a] cvs.openbsd.org 2010/06/25 07:14:46 1484 [channels.c mux.c readconf.c readconf.h ssh.h] 1485 bz#1327: remove hardcoded limit of 100 permitopen clauses and port 1486 forwards per direction; ok markus@ stevesk@ 1487 - djm (a] cvs.openbsd.org 2010/06/25 07:20:04 1488 [channels.c session.c] 1489 bz#1750: fix requirement for /dev/null inside ChrootDirectory for 1490 internal-sftp accidentally introduced in r1.253 by removing the code 1491 that opens and dup /dev/null to stderr and modifying the channels code 1492 to read stderr but discard it instead; ok markus@ 1493 - djm (a] cvs.openbsd.org 2010/06/25 08:46:17 1494 [auth1.c auth2-none.c] 1495 skip the initial check for access with an empty password when 1496 PermitEmptyPasswords=no; bz#1638; ok markus@ 1497 - djm (a] cvs.openbsd.org 2010/06/25 23:10:30 1498 [ssh.c] 1499 log the hostname and address that we connected to at LogLevel=verbose 1500 after authentication is successful to mitigate "phishing" attacks by 1501 servers with trusted keys that accept authentication silently and 1502 automatically before presenting fake password/passphrase prompts; 1503 "nice!" markus@ 1504 - djm (a] cvs.openbsd.org 2010/06/25 23:10:30 1505 [ssh.c] 1506 log the hostname and address that we connected to at LogLevel=verbose 1507 after authentication is successful to mitigate "phishing" attacks by 1508 servers with trusted keys that accept authentication silently and 1509 automatically before presenting fake password/passphrase prompts; 1510 "nice!" markus@ 1511 1512 20100622 1513 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 1514 bz#1579; ok dtucker 1515 1516 20100618 1517 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ 1518 rather than assuming that $CWD == $HOME. bz#1500, patch from 1519 timothy AT gelter.com 1520 1521 20100617 1522 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete 1523 minires-devel package, and to add the reference to the libedit-devel 1524 package since CYgwin now provides libedit. Patch from Corinna Vinschen. 1525 1526 20100521 1527 - (djm) OpenBSD CVS Sync 1528 - djm (a] cvs.openbsd.org 2010/05/07 11:31:26 1529 [regress/Makefile regress/cert-userkey.sh] 1530 regress tests for AuthorizedPrincipalsFile and "principals=" key option. 1531 feedback and ok markus@ 1532 - djm (a] cvs.openbsd.org 2010/05/11 02:58:04 1533 [auth-rsa.c] 1534 don't accept certificates marked as "cert-authority" here; ok markus@ 1535 - djm (a] cvs.openbsd.org 2010/05/14 00:47:22 1536 [ssh-add.c] 1537 check that the certificate matches the corresponding private key before 1538 grafting it on 1539 - djm (a] cvs.openbsd.org 2010/05/14 23:29:23 1540 [channels.c channels.h mux.c ssh.c] 1541 Pause the mux channel while waiting for reply from aynch callbacks. 1542 Prevents misordering of replies if new requests arrive while waiting. 1543 1544 Extend channel open confirm callback to allow signalling failure 1545 conditions as well as success. Use this to 1) fix a memory leak, 2) 1546 start using the above pause mechanism and 3) delay sending a success/ 1547 failure message on mux slave session open until we receive a reply from 1548 the server. 1549 1550 motivated by and with feedback from markus@ 1551 - markus (a] cvs.openbsd.org 2010/05/16 12:55:51 1552 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] 1553 mux support for remote forwarding with dynamic port allocation, 1554 use with 1555 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` 1556 feedback and ok djm@ 1557 - djm (a] cvs.openbsd.org 2010/05/20 11:25:26 1558 [auth2-pubkey.c] 1559 fix logspam when key options (from="..." especially) deny non-matching 1560 keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 1561 - djm (a] cvs.openbsd.org 2010/05/20 23:46:02 1562 [PROTOCOL.certkeys auth-options.c ssh-keygen.c] 1563 Move the permit-* options to the non-critical "extensions" field for v01 1564 certificates. The logic is that if another implementation fails to 1565 implement them then the connection just loses features rather than fails 1566 outright. 1567 1568 ok markus@ 1569 1570 20100511 1571 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve 1572 circular dependency problem on old or odd platforms. From Tom Lane, ok 1573 djm@. 1574 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older 1575 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't 1576 already. ok dtucker@ 1577 1578 20100510 1579 - OpenBSD CVS Sync 1580 - djm (a] cvs.openbsd.org 2010/04/23 01:47:41 1581 [ssh-keygen.c] 1582 bz#1740: display a more helpful error message when $HOME is 1583 inaccessible while trying to create .ssh directory. Based on patch 1584 from jchadima AT redhat.com; ok dtucker@ 1585 - djm (a] cvs.openbsd.org 2010/04/23 22:27:38 1586 [mux.c] 1587 set "detach_close" flag when registering channel cleanup callbacks. 1588 This causes the channel to close normally when its fds close and 1589 hangs when terminating a mux slave using ~. bz#1758; ok markus@ 1590 - djm (a] cvs.openbsd.org 2010/04/23 22:42:05 1591 [session.c] 1592 set stderr to /dev/null for subsystems rather than just closing it. 1593 avoids hangs if a subsystem or shell initialisation writes to stderr. 1594 bz#1750; ok markus@ 1595 - djm (a] cvs.openbsd.org 2010/04/23 22:48:31 1596 [ssh-keygen.c] 1597 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, 1598 since we would refuse to use them anyway. bz#1516; ok dtucker@ 1599 - djm (a] cvs.openbsd.org 2010/04/26 22:28:24 1600 [sshconnect2.c] 1601 bz#1502: authctxt.success is declared as an int, but passed by 1602 reference to function that accepts sig_atomic_t*. Convert it to 1603 the latter; ok markus@ dtucker@ 1604 - djm (a] cvs.openbsd.org 2010/05/01 02:50:50 1605 [PROTOCOL.certkeys] 1606 typo; jmeltzer@ 1607 - dtucker (a] cvs.openbsd.org 2010/05/05 04:22:09 1608 [sftp.c] 1609 restore mput and mget which got lost in the tab-completion changes. 1610 found by Kenneth Whitaker, ok djm@ 1611 - djm (a] cvs.openbsd.org 2010/05/07 11:30:30 1612 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] 1613 [key.c servconf.c servconf.h sshd.8 sshd_config.5] 1614 add some optional indirection to matching of principal names listed 1615 in certificates. Currently, a certificate must include the a user's name 1616 to be accepted for authentication. This change adds the ability to 1617 specify a list of certificate principal names that are acceptable. 1618 1619 When authenticating using a CA trusted through ~/.ssh/authorized_keys, 1620 this adds a new principals="name1[,name2,...]" key option. 1621 1622 For CAs listed through sshd_config's TrustedCAKeys option, a new config 1623 option "AuthorizedPrincipalsFile" specifies a per-user file containing 1624 the list of acceptable names. 1625 1626 If either option is absent, the current behaviour of requiring the 1627 username to appear in principals continues to apply. 1628 1629 These options are useful for role accounts, disjoint account namespaces 1630 and "user@realm"-style naming policies in certificates. 1631 1632 feedback and ok markus@ 1633 - jmc (a] cvs.openbsd.org 2010/05/07 12:49:17 1634 [sshd_config.5] 1635 tweak previous; 1636 1637 20100423 1638 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 1639 in the openssl install directory (some newer openssl versions do this on at 1640 least some amd64 platforms). 1641 1642 20100418 1643 - OpenBSD CVS Sync 1644 - jmc (a] cvs.openbsd.org 2010/04/16 06:45:01 1645 [ssh_config.5] 1646 tweak previous; ok djm 1647 - jmc (a] cvs.openbsd.org 2010/04/16 06:47:04 1648 [ssh-keygen.1 ssh-keygen.c] 1649 tweak previous; ok djm 1650 - djm (a] cvs.openbsd.org 2010/04/16 21:14:27 1651 [sshconnect.c] 1652 oops, %r => remote username, not %u 1653 - djm (a] cvs.openbsd.org 2010/04/16 01:58:45 1654 [regress/cert-hostkey.sh regress/cert-userkey.sh] 1655 regression tests for v01 certificate format 1656 includes interop tests for v00 certs 1657 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 1658 file. 1659 1660 20100416 1661 - (djm) Release openssh-5.5p1 1662 - OpenBSD CVS Sync 1663 - djm (a] cvs.openbsd.org 2010/03/26 03:13:17 1664 [bufaux.c] 1665 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer 1666 argument to allow skipping past values in a buffer 1667 - jmc (a] cvs.openbsd.org 2010/03/26 06:54:36 1668 [ssh.1] 1669 tweak previous; 1670 - jmc (a] cvs.openbsd.org 2010/03/27 14:26:55 1671 [ssh_config.5] 1672 tweak previous; ok dtucker 1673 - djm (a] cvs.openbsd.org 2010/04/10 00:00:16 1674 [ssh.c] 1675 bz#1746 - suppress spurious tty warning when using -O and stdin 1676 is not a tty; ok dtucker@ markus@ 1677 - djm (a] cvs.openbsd.org 2010/04/10 00:04:30 1678 [sshconnect.c] 1679 fix terminology: we didn't find a certificate in known_hosts, we found 1680 a CA key 1681 - djm (a] cvs.openbsd.org 2010/04/10 02:08:44 1682 [clientloop.c] 1683 bz#1698: kill channel when pty allocation requests fail. Fixed 1684 stuck client if the server refuses pty allocation. 1685 ok dtucker@ "think so" markus@ 1686 - djm (a] cvs.openbsd.org 2010/04/10 02:10:56 1687 [sshconnect2.c] 1688 show the key type that we are offering in debug(), helps distinguish 1689 between certs and plain keys as the path to the private key is usually 1690 the same. 1691 - djm (a] cvs.openbsd.org 2010/04/10 05:48:16 1692 [mux.c] 1693 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au 1694 - djm (a] cvs.openbsd.org 2010/04/14 22:27:42 1695 [ssh_config.5 sshconnect.c] 1696 expand %r => remote username in ssh_config:ProxyCommand; 1697 ok deraadt markus 1698 - markus (a] cvs.openbsd.org 2010/04/15 20:32:55 1699 [ssh-pkcs11.c] 1700 retry lookup for private key if there's no matching key with CKA_SIGN 1701 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) 1702 ok djm@ 1703 - djm (a] cvs.openbsd.org 2010/04/16 01:47:26 1704 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] 1705 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] 1706 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] 1707 [sshconnect.c sshconnect2.c sshd.c] 1708 revised certificate format ssh-{dss,rsa}-cert-v01 (a] openssh.com with the 1709 following changes: 1710 1711 move the nonce field to the beginning of the certificate where it can 1712 better protect against chosen-prefix attacks on the signature hash 1713 1714 Rename "constraints" field to "critical options" 1715 1716 Add a new non-critical "extensions" field 1717 1718 Add a serial number 1719 1720 The older format is still support for authentication and cert generation 1721 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) 1722 1723 ok markus@ 1724
