mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-15 23:33:56 +08:00
5278806e39
should not depend on ECC support
3863 lines
168 KiB
Plaintext
3863 lines
168 KiB
Plaintext
20110213
|
|
- (djm) [misc.c] include time.h for nanosleep() prototype
|
|
- (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
|
|
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
|
|
ecdsa keys. ok djm.
|
|
- (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
|
|
gcc warning on platforms where it defaults to int
|
|
- (djm) [regress/Makefile] add a few more generated files to the clean
|
|
target
|
|
- (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
|
|
#define that was causing diffie-hellman-group-exchange-sha256 to be
|
|
incorrectly disabled
|
|
- (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
|
|
should not depend on ECC support
|
|
|
|
20110212
|
|
- OpenBSD CVS Sync
|
|
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
|
|
[openbsd-compat/glob.c]
|
|
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
|
|
from ARG_MAX to 64K.
|
|
Fixes glob-using programs (notably ftp) able to be triggered to hit
|
|
resource limits.
|
|
Idea from a similar NetBSD change, original problem reported by jasper@.
|
|
ok millert tedu jasper
|
|
- djm@cvs.openbsd.org 2011/01/12 01:53:14
|
|
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
|
|
and sanity check arguments (these will be unnecessary when we switch
|
|
struct glob members from being type into to size_t in the future);
|
|
"looks ok" tedu@ feedback guenther@
|
|
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
|
|
silly warnings on write() calls we don't care succeed or not.
|
|
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
|
|
flag tests that don't depend on gcc version at all; suggested by and
|
|
ok dtucker@
|
|
|
|
20110111
|
|
- (tim) [regress/host-expand.sh] Fix for building outside of read only
|
|
source tree.
|
|
- (djm) [platform.c] Some missing includes that show up under -Werror
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2011/01/08 10:51:51
|
|
[clientloop.c]
|
|
use host and not options.hostname, as the latter may have unescaped
|
|
substitution characters
|
|
- djm@cvs.openbsd.org 2011/01/11 06:06:09
|
|
[sshlogin.c]
|
|
fd leak on error paths; from zinovik@
|
|
NB. Id sync only; we use loginrec.c that was also audited and fixed
|
|
recently
|
|
- djm@cvs.openbsd.org 2011/01/11 06:13:10
|
|
[clientloop.c ssh-keygen.c sshd.c]
|
|
some unsigned long long casts that make things a bit easier for
|
|
portable without resorting to dropping PRIu64 formats everywhere
|
|
|
|
20110109
|
|
- (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
|
|
openssh AT roumenpetrov.info
|
|
|
|
20110108
|
|
- (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
|
|
test on OSX and others. Reported by imorgan AT nas.nasa.gov
|
|
|
|
20110107
|
|
- (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
|
|
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
|
|
- djm@cvs.openbsd.org 2011/01/06 22:23:53
|
|
[ssh.c]
|
|
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
|
|
googlemail.com; ok markus@
|
|
- djm@cvs.openbsd.org 2011/01/06 22:23:02
|
|
[clientloop.c]
|
|
when exiting due to ServerAliveTimeout, mention the hostname that caused
|
|
it (useful with backgrounded controlmaster)
|
|
- djm@cvs.openbsd.org 2011/01/06 22:46:21
|
|
[regress/Makefile regress/host-expand.sh]
|
|
regress test for LocalCommand %n expansion from bert.wesarg AT
|
|
googlemail.com; ok markus@
|
|
- djm@cvs.openbsd.org 2011/01/06 23:01:35
|
|
[sshconnect.c]
|
|
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
|
|
ok markus@
|
|
|
|
20110106
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2010/12/08 22:46:03
|
|
[scp.1 scp.c]
|
|
add a new -3 option to scp: Copies between two remote hosts are
|
|
transferred through the local host. Without this option the data
|
|
is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
|
- jmc@cvs.openbsd.org 2010/12/09 14:13:33
|
|
[scp.1 scp.c]
|
|
scp.1: grammer fix
|
|
scp.c: add -3 to usage()
|
|
- markus@cvs.openbsd.org 2010/12/14 11:59:06
|
|
[sshconnect.c]
|
|
don't mention key type in key-changed-warning, since we also print
|
|
this warning if a new key type appears. ok djm@
|
|
- djm@cvs.openbsd.org 2010/12/15 00:49:27
|
|
[readpass.c]
|
|
fix ControlMaster=ask regression
|
|
reset SIGCHLD handler before fork (and restore it after) so we don't miss
|
|
the the askpass child's exit status. Correct test for exit status/signal to
|
|
account for waitpid() failure; with claudio@ ok claudio@ markus@
|
|
- djm@cvs.openbsd.org 2010/12/24 21:41:48
|
|
[auth-options.c]
|
|
don't send the actual forced command in a debug message; ok markus deraadt
|
|
- otto@cvs.openbsd.org 2011/01/04 20:44:13
|
|
[ssh-keyscan.c]
|
|
handle ecdsa-sha2 with various key lengths; hint and ok djm@
|
|
|
|
20110104
|
|
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
|
|
formatter if it is present, followed by nroff and groff respectively.
|
|
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
|
|
in favour of mandoc). feedback and ok tim
|
|
|
|
20110103
|
|
- (djm) [Makefile.in] revert local hack I didn't intend to commit
|
|
|
|
20110102
|
|
- (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
|
|
- (djm) [configure.ac] Check whether libdes is needed when building
|
|
with Heimdal krb5 support. On OpenBSD this library no longer exists,
|
|
so linking it unconditionally causes a build failure; ok dtucker
|
|
|
|
20101226
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/12/08 04:02:47
|
|
[ssh_config.5 sshd_config.5]
|
|
explain that IPQoS arguments are separated by whitespace; iirc requested
|
|
by jmc@ a while back
|
|
|
|
20101205
|
|
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
|
|
debugging. Spotted by djm.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/12/03 23:49:26
|
|
[schnorr.c]
|
|
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
|
|
(this code is still disabled, but apprently people are treating it as
|
|
a reference implementation)
|
|
- djm@cvs.openbsd.org 2010/12/03 23:55:27
|
|
[auth-rsa.c]
|
|
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
|
|
bz#1829; patch from ldv AT altlinux.org; ok markus@
|
|
- djm@cvs.openbsd.org 2010/12/04 00:18:01
|
|
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
|
|
add a protocol extension to support a hard link operation. It is
|
|
available through the "ln" command in the client. The old "ln"
|
|
behaviour of creating a symlink is available using its "-s" option
|
|
or through the preexisting "symlink" command; based on a patch from
|
|
miklos AT szeredi.hu in bz#1555; ok markus@
|
|
- djm@cvs.openbsd.org 2010/12/04 13:31:37
|
|
[hostfile.c]
|
|
fix fd leak; spotted and ok dtucker
|
|
- djm@cvs.openbsd.org 2010/12/04 00:21:19
|
|
[regress/sftp-cmds.sh]
|
|
adjust for hard-link support
|
|
- (dtucker) [regress/Makefile] Id sync.
|
|
|
|
20101204
|
|
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
|
|
instead of (arc4random() % range)
|
|
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
|
|
shims for the new, non-deprecated OpenSSL key generation functions for
|
|
platforms that don't have the new interfaces.
|
|
|
|
20101201
|
|
- OpenBSD CVS Sync
|
|
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
|
|
[auth2-pubkey.c]
|
|
clean up cases of ;;
|
|
- djm@cvs.openbsd.org 2010/11/21 01:01:13
|
|
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
|
|
honour $TMPDIR for client xauth and ssh-agent temporary directories;
|
|
feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2010/11/21 10:57:07
|
|
[authfile.c]
|
|
Refactor internals of private key loading and saving to work on memory
|
|
buffers rather than directly on files. This will make a few things
|
|
easier to do in the future; ok markus@
|
|
- djm@cvs.openbsd.org 2010/11/23 02:35:50
|
|
[auth.c]
|
|
use strict_modes already passed as function argument over referencing
|
|
global options.strict_modes
|
|
- djm@cvs.openbsd.org 2010/11/23 23:57:24
|
|
[clientloop.c]
|
|
avoid NULL deref on receiving a channel request on an unknown or invalid
|
|
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/11/24 01:24:14
|
|
[channels.c]
|
|
remove a debug() that pollutes stderr on client connecting to a server
|
|
in debug mode (channel_close_fds is called transitively from the session
|
|
code post-fork); bz#1719, ok dtucker
|
|
- djm@cvs.openbsd.org 2010/11/25 04:10:09
|
|
[session.c]
|
|
replace close() loop for fds 3->64 with closefrom();
|
|
ok markus deraadt dtucker
|
|
- djm@cvs.openbsd.org 2010/11/26 05:52:49
|
|
[scp.c]
|
|
Pass through ssh command-line flags and options when doing remote-remote
|
|
transfers, e.g. to enable agent forwarding which is particularly useful
|
|
in this case; bz#1837 ok dtucker@
|
|
- markus@cvs.openbsd.org 2010/11/29 18:57:04
|
|
[authfile.c]
|
|
correctly load comment for encrypted rsa1 keys;
|
|
report/fix Joachim Schipper; ok djm@
|
|
- djm@cvs.openbsd.org 2010/11/29 23:45:51
|
|
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
|
|
[sshconnect.h sshconnect2.c]
|
|
automatically order the hostkeys requested by the client based on
|
|
which hostkeys are already recorded in known_hosts. This avoids
|
|
hostkey warnings when connecting to servers with new ECDSA keys
|
|
that are preferred by default; with markus@
|
|
|
|
20101124
|
|
- (dtucker) [platform.c session.c] Move the getluid call out of session.c and
|
|
into the platform-specific code Only affects SCO, tested by and ok tim@.
|
|
- (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
|
|
group read/write. ok dtucker@
|
|
- (dtucker) [packet.c] Remove redundant local declaration of "int tos".
|
|
- (djm) [defines.h] Add IP DSCP defines
|
|
|
|
20101122
|
|
- (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
|
|
from vapier at gentoo org.
|
|
|
|
20101120
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/11/05 02:46:47
|
|
[packet.c]
|
|
whitespace KNF
|
|
- djm@cvs.openbsd.org 2010/11/10 01:33:07
|
|
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
|
|
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
|
|
these have been around for years by this time. ok markus
|
|
- djm@cvs.openbsd.org 2010/11/13 23:27:51
|
|
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
|
|
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
|
|
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
|
|
hardcoding lowdelay/throughput.
|
|
|
|
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
|
|
- jmc@cvs.openbsd.org 2010/11/15 07:40:14
|
|
[ssh_config.5]
|
|
libary -> library;
|
|
- jmc@cvs.openbsd.org 2010/11/18 15:01:00
|
|
[scp.1 sftp.1 ssh.1 sshd_config.5]
|
|
add IPQoS to the various -o lists, and zap some trailing whitespace;
|
|
|
|
20101111
|
|
- (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
|
|
platforms that don't support ECC. Fixes some spurious warnings reported
|
|
by tim@
|
|
|
|
20101109
|
|
- (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
|
|
Feedback from dtucker@
|
|
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
|
|
support for platforms missing isblank(). ok djm@
|
|
|
|
20101108
|
|
- (tim) [regress/Makefile] Fixes to allow building/testing outside source
|
|
tree.
|
|
- (tim) [regress/kextype.sh] Shell portability fix.
|
|
|
|
20101107
|
|
- (dtucker) [platform.c] includes.h instead of defines.h so that we get
|
|
the correct typedefs.
|
|
|
|
20101105
|
|
- (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
|
|
int. Should fix bz#1817 cleanly; ok dtucker@
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/09/22 12:26:05
|
|
[regress/Makefile regress/kextype.sh]
|
|
regress test for each of the key exchange algorithms that we support
|
|
- djm@cvs.openbsd.org 2010/10/28 11:22:09
|
|
[authfile.c key.c key.h ssh-keygen.c]
|
|
fix a possible NULL deref on loading a corrupt ECDH key
|
|
|
|
store ECDH group information in private keys files as "named groups"
|
|
rather than as a set of explicit group parameters (by setting
|
|
the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
|
|
retrieves the group's OpenSSL NID that we need for various things.
|
|
- jmc@cvs.openbsd.org 2010/10/28 18:33:28
|
|
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
|
|
knock out some "-*- nroff -*-" lines;
|
|
- djm@cvs.openbsd.org 2010/11/04 02:45:34
|
|
[sftp-server.c]
|
|
umask should be parsed as octal. reported by candland AT xmission.com;
|
|
ok markus@
|
|
- (dtucker) [configure.ac platform.{c,h} session.c
|
|
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
|
|
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
|
|
ok djm@
|
|
- (dtucker) [platform.c platform.h session.c] Add a platform hook to run
|
|
after the user's groups are established and move the selinux calls into it.
|
|
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
|
|
platform.c
|
|
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
|
|
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
|
|
retain previous behavior.
|
|
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
|
|
the LOGIN_CAP case into platform.c.
|
|
- (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
|
|
platform.c
|
|
- (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
|
|
- (dtucker) [platform.c session.c] Move irix setusercontext fragment into
|
|
platform.c.
|
|
- (dtucker) [platform.c session.c] Move PAM credential establishment for the
|
|
non-LOGIN_CAP case into platform.c.
|
|
- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
|
|
check into platform.c
|
|
- (dtucker) [regress/keytype.sh] Import new test.
|
|
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
|
|
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
|
|
from configure through to regress/Makefile and use it in the tests.
|
|
- (dtucker) [regress/kextype.sh] Add missing "test".
|
|
- (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
|
|
strictly correct since while ECC requires sha256 the reverse is not true
|
|
however it does prevent spurious test failures.
|
|
- (dtucker) [platform.c] Need servconf.h and extern options.
|
|
|
|
20101025
|
|
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
|
|
1.12 to unbreak Solaris build.
|
|
ok djm@
|
|
- (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
|
|
native one.
|
|
|
|
20101024
|
|
- (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
|
|
- (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
|
|
which don't have ECC support in libcrypto.
|
|
- (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
|
|
which don't have ECC support in libcrypto.
|
|
- (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
|
|
have it.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- sthen@cvs.openbsd.org 2010/10/23 22:06:12
|
|
[sftp.c]
|
|
escape '[' in filename tab-completion; fix a type while there.
|
|
ok djm@
|
|
|
|
20101021
|
|
- OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2010/10/12 02:22:24
|
|
[mux.c]
|
|
Typo in confirmation message. bz#1827, patch from imorgan at
|
|
nas nasa gov
|
|
- djm@cvs.openbsd.org 2010/08/31 12:24:09
|
|
[regress/cert-hostkey.sh regress/cert-userkey.sh]
|
|
tests for ECDSA certificates
|
|
|
|
20101011
|
|
- (djm) [canohost.c] Zero a4 instead of addr to better match type.
|
|
bz#1825, reported by foo AT mailinator.com
|
|
- (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
|
|
|
|
20101011
|
|
- (djm) [configure.ac] Use = instead of == in shell tests. Patch from
|
|
dr AT vasco.com
|
|
|
|
20101007
|
|
- (djm) [ssh-agent.c] Fix type for curve name.
|
|
- (djm) OpenBSD CVS Sync
|
|
- matthew@cvs.openbsd.org 2010/09/24 13:33:00
|
|
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
|
|
[openbsd-compat/timingsafe_bcmp.c]
|
|
Add timingsafe_bcmp(3) to libc, mention that it's already in the
|
|
kernel in kern(9), and remove it from OpenSSH.
|
|
ok deraadt@, djm@
|
|
NB. re-added under openbsd-compat/ for portable OpenSSH
|
|
- djm@cvs.openbsd.org 2010/09/25 09:30:16
|
|
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
|
|
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
|
|
rountrips to fetch per-file stat(2) information.
|
|
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
|
|
match.
|
|
- djm@cvs.openbsd.org 2010/09/26 22:26:33
|
|
[sftp.c]
|
|
when performing an "ls" in columnated (short) mode, only call
|
|
ioctl(TIOCGWINSZ) once to get the window width instead of per-
|
|
filename
|
|
- djm@cvs.openbsd.org 2010/09/30 11:04:51
|
|
[servconf.c]
|
|
prevent free() of string in .rodata when overriding AuthorizedKeys in
|
|
a Match block; patch from rein AT basefarm.no
|
|
- djm@cvs.openbsd.org 2010/10/01 23:05:32
|
|
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
|
|
adapt to API changes in openssl-1.0.0a
|
|
NB. contains compat code to select correct API for older OpenSSL
|
|
- djm@cvs.openbsd.org 2010/10/05 05:13:18
|
|
[sftp.c sshconnect.c]
|
|
use default shell /bin/sh if $SHELL is ""; ok markus@
|
|
- djm@cvs.openbsd.org 2010/10/06 06:39:28
|
|
[clientloop.c ssh.c sshconnect.c sshconnect.h]
|
|
kill proxy command on fatal() (we already kill it on clean exit);
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2010/10/06 21:10:21
|
|
[sshconnect.c]
|
|
swapped args to kill(2)
|
|
- (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
|
|
- (djm) [cipher-acss.c] Add missing header.
|
|
- (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
|
|
|
|
20100924
|
|
- (djm) OpenBSD CVS Sync
|
|
- naddy@cvs.openbsd.org 2010/09/10 15:19:29
|
|
[ssh-keygen.1]
|
|
* mention ECDSA in more places
|
|
* less repetition in FILES section
|
|
* SSHv1 keys are still encrypted with 3DES
|
|
help and ok jmc@
|
|
- djm@cvs.openbsd.org 2010/09/11 21:44:20
|
|
[ssh.1]
|
|
mention RFC 5656 for ECC stuff
|
|
- jmc@cvs.openbsd.org 2010/09/19 21:30:05
|
|
[sftp.1]
|
|
more wacky macro fixing;
|
|
- djm@cvs.openbsd.org 2010/09/20 04:41:47
|
|
[ssh.c]
|
|
install a SIGCHLD handler to reap expiried child process; ok markus@
|
|
- djm@cvs.openbsd.org 2010/09/20 04:50:53
|
|
[jpake.c schnorr.c]
|
|
check that received values are smaller than the group size in the
|
|
disabled and unfinished J-PAKE code.
|
|
avoids catastrophic security failure found by Sebastien Martini
|
|
- djm@cvs.openbsd.org 2010/09/20 04:54:07
|
|
[jpake.c]
|
|
missing #include
|
|
- djm@cvs.openbsd.org 2010/09/20 07:19:27
|
|
[mux.c]
|
|
"atomically" create the listening mux socket by binding it on a temorary
|
|
name and then linking it into position after listen() has succeeded.
|
|
this allows the mux clients to determine that the server socket is
|
|
either ready or stale without races. stale server sockets are now
|
|
automatically removed
|
|
ok deraadt
|
|
- djm@cvs.openbsd.org 2010/09/22 05:01:30
|
|
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
|
|
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
|
|
add a KexAlgorithms knob to the client and server configuration to allow
|
|
selection of which key exchange methods are used by ssh(1) and sshd(8)
|
|
and their order of preference.
|
|
ok markus@
|
|
- jmc@cvs.openbsd.org 2010/09/22 08:30:08
|
|
[ssh.1 ssh_config.5]
|
|
ssh.1: add kexalgorithms to the -o list
|
|
ssh_config.5: format the kexalgorithms in a more consistent
|
|
(prettier!) way
|
|
ok djm
|
|
- djm@cvs.openbsd.org 2010/09/22 22:58:51
|
|
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
|
|
[sftp-client.h sftp.1 sftp.c]
|
|
add an option per-read/write callback to atomicio
|
|
|
|
factor out bandwidth limiting code from scp(1) into a generic bandwidth
|
|
limiter that can be attached using the atomicio callback mechanism
|
|
|
|
add a bandwidth limit option to sftp(1) using the above
|
|
"very nice" markus@
|
|
- jmc@cvs.openbsd.org 2010/09/23 13:34:43
|
|
[sftp.c]
|
|
add [-l limit] to usage();
|
|
- jmc@cvs.openbsd.org 2010/09/23 13:36:46
|
|
[scp.1 sftp.1]
|
|
add KexAlgorithms to the -o list;
|
|
|
|
20100910
|
|
- (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
|
|
return code since it can apparently return -1 under some conditions. From
|
|
openssh bugs werbittewas de, ok djm@
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/08/31 12:33:38
|
|
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
|
|
reintroduce commit from tedu@, which I pulled out for release
|
|
engineering:
|
|
OpenSSL_add_all_algorithms is the name of the function we have a
|
|
man page for, so use that. ok djm
|
|
- jmc@cvs.openbsd.org 2010/08/31 17:40:54
|
|
[ssh-agent.1]
|
|
fix some macro abuse;
|
|
- jmc@cvs.openbsd.org 2010/08/31 21:14:58
|
|
[ssh.1]
|
|
small text tweak to accommodate previous;
|
|
- naddy@cvs.openbsd.org 2010/09/01 15:21:35
|
|
[servconf.c]
|
|
pick up ECDSA host key by default; ok djm@
|
|
- markus@cvs.openbsd.org 2010/09/02 16:07:25
|
|
[ssh-keygen.c]
|
|
permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
|
|
- markus@cvs.openbsd.org 2010/09/02 16:08:39
|
|
[ssh.c]
|
|
unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
|
|
- naddy@cvs.openbsd.org 2010/09/02 17:21:50
|
|
[ssh-keygen.c]
|
|
Switch ECDSA default key size to 256 bits, which according to RFC5656
|
|
should still be better than our current RSA-2048 default.
|
|
ok djm@, markus@
|
|
- jmc@cvs.openbsd.org 2010/09/03 11:09:29
|
|
[scp.1]
|
|
add an EXIT STATUS section for /usr/bin;
|
|
- jmc@cvs.openbsd.org 2010/09/04 09:38:34
|
|
[ssh-add.1 ssh.1]
|
|
two more EXIT STATUS sections;
|
|
- naddy@cvs.openbsd.org 2010/09/06 17:10:19
|
|
[sshd_config]
|
|
add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
|
|
<mattieu.b@gmail.com>
|
|
ok deraadt@
|
|
- djm@cvs.openbsd.org 2010/09/08 03:54:36
|
|
[authfile.c]
|
|
typo
|
|
- deraadt@cvs.openbsd.org 2010/09/08 04:13:31
|
|
[compress.c]
|
|
work around name-space collisions some buggy compilers (looking at you
|
|
gcc, at least in earlier versions, but this does not forgive your current
|
|
transgressions) seen between zlib and openssl
|
|
ok djm
|
|
- djm@cvs.openbsd.org 2010/09/09 10:45:45
|
|
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
|
|
ECDH/ECDSA compliance fix: these methods vary the hash function they use
|
|
(SHA256/384/512) depending on the length of the curve in use. The previous
|
|
code incorrectly used SHA256 in all cases.
|
|
|
|
This fix will cause authentication failure when using 384 or 521-bit curve
|
|
keys if one peer hasn't been upgraded and the other has. (256-bit curve
|
|
keys work ok). In particular you may need to specify HostkeyAlgorithms
|
|
when connecting to a server that has not been upgraded from an upgraded
|
|
client.
|
|
|
|
ok naddy@
|
|
- (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
|
|
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
|
|
[ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
|
|
platforms that don't have the requisite OpenSSL support. ok dtucker@
|
|
- (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
|
|
for missing headers and compiler warnings.
|
|
|
|
20100831
|
|
- OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/08/08 19:36:30
|
|
[ssh-keysign.8 ssh.1 sshd.8]
|
|
use the same template for all FILES sections; i.e. -compact/.Pp where we
|
|
have multiple items, and .Pa for path names;
|
|
- tedu@cvs.openbsd.org 2010/08/12 23:34:39
|
|
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
|
|
OpenSSL_add_all_algorithms is the name of the function we have a man page
|
|
for, so use that. ok djm
|
|
- djm@cvs.openbsd.org 2010/08/16 04:06:06
|
|
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
|
|
backout previous temporarily; discussed with deraadt@
|
|
- djm@cvs.openbsd.org 2010/08/31 09:58:37
|
|
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
|
|
[packet.h ssh-dss.c ssh-rsa.c]
|
|
Add buffer_get_cstring() and related functions that verify that the
|
|
string extracted from the buffer contains no embedded \0 characters*
|
|
This prevents random (possibly malicious) crap from being appended to
|
|
strings where it would not be noticed if the string is used with
|
|
a string(3) function.
|
|
|
|
Use the new API in a few sensitive places.
|
|
|
|
* actually, we allow a single one at the end of the string for now because
|
|
we don't know how many deployed implementations get this wrong, but don't
|
|
count on this to remain indefinitely.
|
|
- djm@cvs.openbsd.org 2010/08/31 11:54:45
|
|
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
|
|
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
|
|
[monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
|
|
[ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
|
|
[ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
|
|
[ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
|
|
[uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
|
|
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
|
|
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
|
|
better performance than plain DH and DSA at the same equivalent symmetric
|
|
key length, as well as much shorter keys.
|
|
|
|
Only the mandatory sections of RFC5656 are implemented, specifically the
|
|
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
|
|
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
|
|
|
|
Certificate host and user keys using the new ECDSA key types are supported.
|
|
|
|
Note that this code has not been tested for interoperability and may be
|
|
subject to change.
|
|
|
|
feedback and ok markus@
|
|
- (djm) [Makefile.in] Add new ECC files
|
|
- (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
|
|
includes.h
|
|
|
|
20100827
|
|
- (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
|
|
remove. Patch from martynas at venck us
|
|
|
|
20100823
|
|
- (djm) Release OpenSSH-5.6p1
|
|
|
|
20100816
|
|
- (dtucker) [configure.ac openbsd-compat/Makefile.in
|
|
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
|
|
the compat library which helps on platforms like old IRIX. Based on work
|
|
by djm, tested by Tom Christensen.
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/08/12 21:49:44
|
|
[ssh.c]
|
|
close any extra file descriptors inherited from parent at start and
|
|
reopen stdin/stdout to /dev/null when forking for ControlPersist.
|
|
|
|
prevents tools that fork and run a captive ssh for communication from
|
|
failing to exit when the ssh completes while they wait for these fds to
|
|
close. The inherited fds may persist arbitrarily long if a background
|
|
mux master has been started by ControlPersist. cvs and scp were effected
|
|
by this.
|
|
|
|
"please commit" markus@
|
|
- (djm) [regress/README.regress] typo
|
|
|
|
20100812
|
|
- (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
|
|
regress/test-exec.sh] Under certain conditions when testing with sudo
|
|
tests would fail because the pidfile could not be read by a regular user.
|
|
"cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
|
|
Make sure cat is run by $SUDO. no objection from me. djm@
|
|
- (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
|
|
|
|
20100809
|
|
- (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
|
|
already set. Makes FreeBSD user openable tunnels useful; patch from
|
|
richard.burakowski+ossh AT mrburak.net, ok dtucker@
|
|
- (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
|
|
based in part on a patch from Colin Watson, ok djm@
|
|
|
|
20100809
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/08/08 16:26:42
|
|
[version.h]
|
|
crank to 5.6
|
|
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Crank version numbers
|
|
|
|
20100805
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/08/04 05:37:01
|
|
[ssh.1 ssh_config.5 sshd.8]
|
|
Remove mentions of weird "addr/port" alternate address format for IPv6
|
|
addresses combinations. It hasn't worked for ages and we have supported
|
|
the more commen "[addr]:port" format for a long time. ok jmc@ markus@
|
|
- djm@cvs.openbsd.org 2010/08/04 05:40:39
|
|
[PROTOCOL.certkeys ssh-keygen.c]
|
|
tighten the rules for certificate encoding by requiring that options
|
|
appear in lexical order and make our ssh-keygen comply. ok markus@
|
|
- djm@cvs.openbsd.org 2010/08/04 05:42:47
|
|
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
|
|
[ssh-keysign.c ssh.c]
|
|
enable certificates for hostbased authentication, from Iain Morgan;
|
|
"looks ok" markus@
|
|
- djm@cvs.openbsd.org 2010/08/04 05:49:22
|
|
[authfile.c]
|
|
commited the wrong version of the hostbased certificate diff; this
|
|
version replaces some strlc{py,at} verbosity with xasprintf() at
|
|
the request of markus@
|
|
- djm@cvs.openbsd.org 2010/08/04 06:07:11
|
|
[ssh-keygen.1 ssh-keygen.c]
|
|
Support CA keys in PKCS#11 tokens; feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2010/08/04 06:08:40
|
|
[ssh-keysign.c]
|
|
clean for -Wuninitialized (Id sync only; portable had this change)
|
|
- djm@cvs.openbsd.org 2010/08/05 13:08:42
|
|
[channels.c]
|
|
Fix a trio of bugs in the local/remote window calculation for datagram
|
|
data channels (i.e. TunnelForward):
|
|
|
|
Calculate local_consumed correctly in channel_handle_wfd() by measuring
|
|
the delta to buffer_len(c->output) from when we start to when we finish.
|
|
The proximal problem here is that the output_filter we use in portable
|
|
modified the length of the dequeued datagram (to futz with the headers
|
|
for !OpenBSD).
|
|
|
|
In channel_output_poll(), don't enqueue datagrams that won't fit in the
|
|
peer's advertised packet size (highly unlikely to ever occur) or which
|
|
won't fit in the peer's remaining window (more likely).
|
|
|
|
In channel_input_data(), account for the 4-byte string header in
|
|
datagram packets that we accept from the peer and enqueue in c->output.
|
|
|
|
report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
|
|
"looks good" markus@
|
|
|
|
20100803
|
|
- (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
|
|
PAM to sane values in case the PAM method doesn't write to them. Spotted by
|
|
Bitman Zhou, ok djm@.
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/07/16 04:45:30
|
|
[ssh-keygen.c]
|
|
avoid bogus compiler warning
|
|
- djm@cvs.openbsd.org 2010/07/16 14:07:35
|
|
[ssh-rsa.c]
|
|
more timing paranoia - compare all parts of the expected decrypted
|
|
data before returning. AFAIK not exploitable in the SSH protocol.
|
|
"groovy" deraadt@
|
|
- djm@cvs.openbsd.org 2010/07/19 03:16:33
|
|
[sftp-client.c]
|
|
bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
|
|
upload depth checks and causing verbose printing of transfers to always
|
|
be turned on; patch from imorgan AT nas.nasa.gov
|
|
- djm@cvs.openbsd.org 2010/07/19 09:15:12
|
|
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
|
|
add a "ControlPersist" option that automatically starts a background
|
|
ssh(1) multiplex master when connecting. This connection can stay alive
|
|
indefinitely, or can be set to automatically close after a user-specified
|
|
duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
|
|
further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
|
|
martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
|
|
- djm@cvs.openbsd.org 2010/07/21 02:10:58
|
|
[misc.c]
|
|
sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
|
|
- dtucker@cvs.openbsd.org 2010/07/23 08:49:25
|
|
[ssh.1]
|
|
Ciphers is documented in ssh_config(5) these days
|
|
|
|
20100819
|
|
- (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
|
|
details about its behaviour WRT existing directories. Patch from
|
|
asguthrie at gmail com, ok djm.
|
|
|
|
20100716
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/07/02 04:32:44
|
|
[misc.c]
|
|
unbreak strdelim() skipping past quoted strings, e.g.
|
|
AllowUsers "blah blah" blah
|
|
was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
|
|
ok dtucker;
|
|
- djm@cvs.openbsd.org 2010/07/12 22:38:52
|
|
[ssh.c]
|
|
Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
|
|
for protocol 2. ok markus@
|
|
- djm@cvs.openbsd.org 2010/07/12 22:41:13
|
|
[ssh.c ssh_config.5]
|
|
expand %h to the hostname in ssh_config Hostname options. While this
|
|
sounds useless, it is actually handy for working with unqualified
|
|
hostnames:
|
|
|
|
Host *.*
|
|
Hostname %h
|
|
Host *
|
|
Hostname %h.example.org
|
|
|
|
"I like it" markus@
|
|
- djm@cvs.openbsd.org 2010/07/13 11:52:06
|
|
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
|
|
[packet.c ssh-rsa.c]
|
|
implement a timing_safe_cmp() function to compare memory without leaking
|
|
timing information by short-circuiting like memcmp() and use it for
|
|
some of the more sensitive comparisons (though nothing high-value was
|
|
readily attackable anyway); "looks ok" markus@
|
|
- djm@cvs.openbsd.org 2010/07/13 23:13:16
|
|
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
|
|
[ssh-rsa.c]
|
|
s/timing_safe_cmp/timingsafe_bcmp/g
|
|
- jmc@cvs.openbsd.org 2010/07/14 17:06:58
|
|
[ssh.1]
|
|
finally ssh synopsis looks nice again! this commit just removes a ton of
|
|
hacks we had in place to make it work with old groff;
|
|
- schwarze@cvs.openbsd.org 2010/07/15 21:20:38
|
|
[ssh-keygen.1]
|
|
repair incorrect block nesting, which screwed up indentation;
|
|
problem reported and fix OK by jmc@
|
|
|
|
20100714
|
|
- (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
|
|
(line 77) should have been for no_x11_askpass.
|
|
|
|
20100702
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/06/26 00:57:07
|
|
[ssh_config.5]
|
|
tweak previous;
|
|
- djm@cvs.openbsd.org 2010/06/26 23:04:04
|
|
[ssh.c]
|
|
oops, forgot to #include <canohost.h>; spotted and patch from chl@
|
|
- djm@cvs.openbsd.org 2010/06/29 23:15:30
|
|
[ssh-keygen.1 ssh-keygen.c]
|
|
allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
|
|
bz#1749; ok markus@
|
|
- djm@cvs.openbsd.org 2010/06/29 23:16:46
|
|
[auth2-pubkey.c sshd_config.5]
|
|
allow key options (command="..." and friends) in AuthorizedPrincipals;
|
|
ok markus@
|
|
- jmc@cvs.openbsd.org 2010/06/30 07:24:25
|
|
[ssh-keygen.1]
|
|
tweak previous;
|
|
- jmc@cvs.openbsd.org 2010/06/30 07:26:03
|
|
[ssh-keygen.c]
|
|
sort usage();
|
|
- jmc@cvs.openbsd.org 2010/06/30 07:28:34
|
|
[sshd_config.5]
|
|
tweak previous;
|
|
- millert@cvs.openbsd.org 2010/07/01 13:06:59
|
|
[scp.c]
|
|
Fix a longstanding problem where if you suspend scp at the
|
|
password/passphrase prompt the terminal mode is not restored.
|
|
OK djm@
|
|
- phessler@cvs.openbsd.org 2010/06/27 19:19:56
|
|
[regress/Makefile]
|
|
fix how we run the tests so we can successfully use SUDO='sudo -E'
|
|
in our env
|
|
- djm@cvs.openbsd.org 2010/06/29 23:59:54
|
|
[cert-userkey.sh]
|
|
regress tests for key options in AuthorizedPrincipals
|
|
|
|
20100627
|
|
- (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
|
|
key.h.
|
|
|
|
20100626
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/05/21 05:00:36
|
|
[misc.c]
|
|
colon() returns char*, so s/return (0)/return NULL/
|
|
- markus@cvs.openbsd.org 2010/06/08 21:32:19
|
|
[ssh-pkcs11.c]
|
|
check length of value returned C_GetAttributValue for != 0
|
|
from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/06/17 07:07:30
|
|
[mux.c]
|
|
Correct sizing of object to be allocated by calloc(), replacing
|
|
sizeof(state) with sizeof(*state). This worked by accident since
|
|
the struct contained a single int at present, but could have broken
|
|
in the future. patch from hyc AT symas.com
|
|
- djm@cvs.openbsd.org 2010/06/18 00:58:39
|
|
[sftp.c]
|
|
unbreak ls in working directories that contains globbing characters in
|
|
their pathnames. bz#1655 reported by vgiffin AT apple.com
|
|
- djm@cvs.openbsd.org 2010/06/18 03:16:03
|
|
[session.c]
|
|
Missing check for chroot_director == "none" (we already checked against
|
|
NULL); bz#1564 from Jan.Pechanec AT Sun.COM
|
|
- djm@cvs.openbsd.org 2010/06/18 04:43:08
|
|
[sftp-client.c]
|
|
fix memory leak in do_realpath() error path; bz#1771, patch from
|
|
anicka AT suse.cz
|
|
- djm@cvs.openbsd.org 2010/06/22 04:22:59
|
|
[servconf.c sshd_config.5]
|
|
expose some more sshd_config options inside Match blocks:
|
|
AuthorizedKeysFile AuthorizedPrincipalsFile
|
|
HostbasedUsesNameFromPacketOnly PermitTunnel
|
|
bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/06/22 04:32:06
|
|
[ssh-keygen.c]
|
|
standardise error messages when attempting to open private key
|
|
files to include "progname: filename: error reason"
|
|
bz#1783; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/06/22 04:49:47
|
|
[auth.c]
|
|
queue auth debug messages for bad ownership or permissions on the user's
|
|
keyfiles. These messages will be sent after the user has successfully
|
|
authenticated (where our client will display them with LogLevel=debug).
|
|
bz#1554; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/06/22 04:54:30
|
|
[ssh-keyscan.c]
|
|
replace verbose and overflow-prone Linebuf code with read_keyfile_line()
|
|
based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/06/22 04:59:12
|
|
[session.c]
|
|
include the user name on "subsystem request for ..." log messages;
|
|
bz#1571; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/06/23 02:59:02
|
|
[ssh-keygen.c]
|
|
fix printing of extensions in v01 certificates that I broke in r1.190
|
|
- djm@cvs.openbsd.org 2010/06/25 07:14:46
|
|
[channels.c mux.c readconf.c readconf.h ssh.h]
|
|
bz#1327: remove hardcoded limit of 100 permitopen clauses and port
|
|
forwards per direction; ok markus@ stevesk@
|
|
- djm@cvs.openbsd.org 2010/06/25 07:20:04
|
|
[channels.c session.c]
|
|
bz#1750: fix requirement for /dev/null inside ChrootDirectory for
|
|
internal-sftp accidentally introduced in r1.253 by removing the code
|
|
that opens and dup /dev/null to stderr and modifying the channels code
|
|
to read stderr but discard it instead; ok markus@
|
|
- djm@cvs.openbsd.org 2010/06/25 08:46:17
|
|
[auth1.c auth2-none.c]
|
|
skip the initial check for access with an empty password when
|
|
PermitEmptyPasswords=no; bz#1638; ok markus@
|
|
- djm@cvs.openbsd.org 2010/06/25 23:10:30
|
|
[ssh.c]
|
|
log the hostname and address that we connected to at LogLevel=verbose
|
|
after authentication is successful to mitigate "phishing" attacks by
|
|
servers with trusted keys that accept authentication silently and
|
|
automatically before presenting fake password/passphrase prompts;
|
|
"nice!" markus@
|
|
- djm@cvs.openbsd.org 2010/06/25 23:10:30
|
|
[ssh.c]
|
|
log the hostname and address that we connected to at LogLevel=verbose
|
|
after authentication is successful to mitigate "phishing" attacks by
|
|
servers with trusted keys that accept authentication silently and
|
|
automatically before presenting fake password/passphrase prompts;
|
|
"nice!" markus@
|
|
|
|
20100622
|
|
- (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
|
|
bz#1579; ok dtucker
|
|
|
|
20100618
|
|
- (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
|
|
rather than assuming that $CWD == $HOME. bz#1500, patch from
|
|
timothy AT gelter.com
|
|
|
|
20100617
|
|
- (tim) [contrib/cygwin/README] Remove a reference to the obsolete
|
|
minires-devel package, and to add the reference to the libedit-devel
|
|
package since CYgwin now provides libedit. Patch from Corinna Vinschen.
|
|
|
|
20100521
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/05/07 11:31:26
|
|
[regress/Makefile regress/cert-userkey.sh]
|
|
regress tests for AuthorizedPrincipalsFile and "principals=" key option.
|
|
feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2010/05/11 02:58:04
|
|
[auth-rsa.c]
|
|
don't accept certificates marked as "cert-authority" here; ok markus@
|
|
- djm@cvs.openbsd.org 2010/05/14 00:47:22
|
|
[ssh-add.c]
|
|
check that the certificate matches the corresponding private key before
|
|
grafting it on
|
|
- djm@cvs.openbsd.org 2010/05/14 23:29:23
|
|
[channels.c channels.h mux.c ssh.c]
|
|
Pause the mux channel while waiting for reply from aynch callbacks.
|
|
Prevents misordering of replies if new requests arrive while waiting.
|
|
|
|
Extend channel open confirm callback to allow signalling failure
|
|
conditions as well as success. Use this to 1) fix a memory leak, 2)
|
|
start using the above pause mechanism and 3) delay sending a success/
|
|
failure message on mux slave session open until we receive a reply from
|
|
the server.
|
|
|
|
motivated by and with feedback from markus@
|
|
- markus@cvs.openbsd.org 2010/05/16 12:55:51
|
|
[PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
|
|
mux support for remote forwarding with dynamic port allocation,
|
|
use with
|
|
LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
|
|
feedback and ok djm@
|
|
- djm@cvs.openbsd.org 2010/05/20 11:25:26
|
|
[auth2-pubkey.c]
|
|
fix logspam when key options (from="..." especially) deny non-matching
|
|
keys; reported by henning@ also bz#1765; ok markus@ dtucker@
|
|
- djm@cvs.openbsd.org 2010/05/20 23:46:02
|
|
[PROTOCOL.certkeys auth-options.c ssh-keygen.c]
|
|
Move the permit-* options to the non-critical "extensions" field for v01
|
|
certificates. The logic is that if another implementation fails to
|
|
implement them then the connection just loses features rather than fails
|
|
outright.
|
|
|
|
ok markus@
|
|
|
|
20100511
|
|
- (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
|
|
circular dependency problem on old or odd platforms. From Tom Lane, ok
|
|
djm@.
|
|
- (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
|
|
libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
|
|
already. ok dtucker@
|
|
|
|
20100510
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/04/23 01:47:41
|
|
[ssh-keygen.c]
|
|
bz#1740: display a more helpful error message when $HOME is
|
|
inaccessible while trying to create .ssh directory. Based on patch
|
|
from jchadima AT redhat.com; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/04/23 22:27:38
|
|
[mux.c]
|
|
set "detach_close" flag when registering channel cleanup callbacks.
|
|
This causes the channel to close normally when its fds close and
|
|
hangs when terminating a mux slave using ~. bz#1758; ok markus@
|
|
- djm@cvs.openbsd.org 2010/04/23 22:42:05
|
|
[session.c]
|
|
set stderr to /dev/null for subsystems rather than just closing it.
|
|
avoids hangs if a subsystem or shell initialisation writes to stderr.
|
|
bz#1750; ok markus@
|
|
- djm@cvs.openbsd.org 2010/04/23 22:48:31
|
|
[ssh-keygen.c]
|
|
refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
|
|
since we would refuse to use them anyway. bz#1516; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/04/26 22:28:24
|
|
[sshconnect2.c]
|
|
bz#1502: authctxt.success is declared as an int, but passed by
|
|
reference to function that accepts sig_atomic_t*. Convert it to
|
|
the latter; ok markus@ dtucker@
|
|
- djm@cvs.openbsd.org 2010/05/01 02:50:50
|
|
[PROTOCOL.certkeys]
|
|
typo; jmeltzer@
|
|
- dtucker@cvs.openbsd.org 2010/05/05 04:22:09
|
|
[sftp.c]
|
|
restore mput and mget which got lost in the tab-completion changes.
|
|
found by Kenneth Whitaker, ok djm@
|
|
- djm@cvs.openbsd.org 2010/05/07 11:30:30
|
|
[auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
|
|
[key.c servconf.c servconf.h sshd.8 sshd_config.5]
|
|
add some optional indirection to matching of principal names listed
|
|
in certificates. Currently, a certificate must include the a user's name
|
|
to be accepted for authentication. This change adds the ability to
|
|
specify a list of certificate principal names that are acceptable.
|
|
|
|
When authenticating using a CA trusted through ~/.ssh/authorized_keys,
|
|
this adds a new principals="name1[,name2,...]" key option.
|
|
|
|
For CAs listed through sshd_config's TrustedCAKeys option, a new config
|
|
option "AuthorizedPrincipalsFile" specifies a per-user file containing
|
|
the list of acceptable names.
|
|
|
|
If either option is absent, the current behaviour of requiring the
|
|
username to appear in principals continues to apply.
|
|
|
|
These options are useful for role accounts, disjoint account namespaces
|
|
and "user@realm"-style naming policies in certificates.
|
|
|
|
feedback and ok markus@
|
|
- jmc@cvs.openbsd.org 2010/05/07 12:49:17
|
|
[sshd_config.5]
|
|
tweak previous;
|
|
|
|
20100423
|
|
- (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
|
|
in the openssl install directory (some newer openssl versions do this on at
|
|
least some amd64 platforms).
|
|
|
|
20100418
|
|
- OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/04/16 06:45:01
|
|
[ssh_config.5]
|
|
tweak previous; ok djm
|
|
- jmc@cvs.openbsd.org 2010/04/16 06:47:04
|
|
[ssh-keygen.1 ssh-keygen.c]
|
|
tweak previous; ok djm
|
|
- djm@cvs.openbsd.org 2010/04/16 21:14:27
|
|
[sshconnect.c]
|
|
oops, %r => remote username, not %u
|
|
- djm@cvs.openbsd.org 2010/04/16 01:58:45
|
|
[regress/cert-hostkey.sh regress/cert-userkey.sh]
|
|
regression tests for v01 certificate format
|
|
includes interop tests for v00 certs
|
|
- (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
|
|
file.
|
|
|
|
20100416
|
|
- (djm) Release openssh-5.5p1
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/03/26 03:13:17
|
|
[bufaux.c]
|
|
allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
|
|
argument to allow skipping past values in a buffer
|
|
- jmc@cvs.openbsd.org 2010/03/26 06:54:36
|
|
[ssh.1]
|
|
tweak previous;
|
|
- jmc@cvs.openbsd.org 2010/03/27 14:26:55
|
|
[ssh_config.5]
|
|
tweak previous; ok dtucker
|
|
- djm@cvs.openbsd.org 2010/04/10 00:00:16
|
|
[ssh.c]
|
|
bz#1746 - suppress spurious tty warning when using -O and stdin
|
|
is not a tty; ok dtucker@ markus@
|
|
- djm@cvs.openbsd.org 2010/04/10 00:04:30
|
|
[sshconnect.c]
|
|
fix terminology: we didn't find a certificate in known_hosts, we found
|
|
a CA key
|
|
- djm@cvs.openbsd.org 2010/04/10 02:08:44
|
|
[clientloop.c]
|
|
bz#1698: kill channel when pty allocation requests fail. Fixed
|
|
stuck client if the server refuses pty allocation.
|
|
ok dtucker@ "think so" markus@
|
|
- djm@cvs.openbsd.org 2010/04/10 02:10:56
|
|
[sshconnect2.c]
|
|
show the key type that we are offering in debug(), helps distinguish
|
|
between certs and plain keys as the path to the private key is usually
|
|
the same.
|
|
- djm@cvs.openbsd.org 2010/04/10 05:48:16
|
|
[mux.c]
|
|
fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
|
|
- djm@cvs.openbsd.org 2010/04/14 22:27:42
|
|
[ssh_config.5 sshconnect.c]
|
|
expand %r => remote username in ssh_config:ProxyCommand;
|
|
ok deraadt markus
|
|
- markus@cvs.openbsd.org 2010/04/15 20:32:55
|
|
[ssh-pkcs11.c]
|
|
retry lookup for private key if there's no matching key with CKA_SIGN
|
|
attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
|
|
ok djm@
|
|
- djm@cvs.openbsd.org 2010/04/16 01:47:26
|
|
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
|
|
[auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
|
|
[ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
|
|
[sshconnect.c sshconnect2.c sshd.c]
|
|
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
|
|
following changes:
|
|
|
|
move the nonce field to the beginning of the certificate where it can
|
|
better protect against chosen-prefix attacks on the signature hash
|
|
|
|
Rename "constraints" field to "critical options"
|
|
|
|
Add a new non-critical "extensions" field
|
|
|
|
Add a serial number
|
|
|
|
The older format is still support for authentication and cert generation
|
|
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
|
|
|
|
ok markus@
|
|
|
|
20100410
|
|
- (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
|
|
back so we disable the IPv6 tests if we don't have it.
|
|
|
|
20100409
|
|
- (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong
|
|
ones. Based on a patch from Roumen Petrov.
|
|
- (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we
|
|
have it and the path is not provided to --with-libedit. Based on a patch
|
|
from Iain Morgan.
|
|
- (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable
|
|
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
|
|
|
|
20100326
|
|
- (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection
|
|
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
|
|
- (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally
|
|
by Ingo Weinhold via Scott McCreary, ok djm@
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/03/25 23:38:28
|
|
[servconf.c]
|
|
from portable: getcwd(NULL, 0) doesn't work on all platforms, so
|
|
use a stack buffer; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/03/26 00:26:58
|
|
[ssh.1]
|
|
mention that -S none disables connection sharing; from Colin Watson
|
|
- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
|
|
set up SELinux execution context before chroot() call. From Russell
|
|
Coker via Colin watson; bz#1726 ok dtucker@
|
|
- (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721
|
|
ok dtucker@
|
|
- (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using
|
|
pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold).
|
|
- (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys;
|
|
bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2010/03/26 01:06:13
|
|
[ssh_config.5]
|
|
Reformat default value of PreferredAuthentications entry (current
|
|
formatting implies ", " is acceptable as a separator, which it's not.
|
|
ok djm@
|
|
|
|
20100324
|
|
- (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
|
|
containing the services file explicitely case-insensitive. This allows to
|
|
tweak the Windows services file reliably. Patch from vinschen at redhat.
|
|
|
|
20100321
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/03/08 09:41:27
|
|
[ssh-keygen.1]
|
|
sort the list of constraints (to -O); ok djm
|
|
- jmc@cvs.openbsd.org 2010/03/10 07:40:35
|
|
[ssh-keygen.1]
|
|
typos; from Ross Richardson
|
|
closes prs 6334 and 6335
|
|
- djm@cvs.openbsd.org 2010/03/10 23:27:17
|
|
[auth2-pubkey.c]
|
|
correct certificate logging and make it more consistent between
|
|
authorized_keys and TrustedCAKeys; ok markus@
|
|
- djm@cvs.openbsd.org 2010/03/12 01:06:25
|
|
[servconf.c]
|
|
unbreak AuthorizedKeys option with a $HOME-relative path; reported by
|
|
vinschen AT redhat.com, ok dtucker@
|
|
- markus@cvs.openbsd.org 2010/03/12 11:37:40
|
|
[servconf.c]
|
|
do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
|
|
free() (not xfree()) the buffer returned by getcwd()
|
|
- djm@cvs.openbsd.org 2010/03/13 21:10:38
|
|
[clientloop.c]
|
|
protocol conformance fix: send language tag when disconnecting normally;
|
|
spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
|
|
- djm@cvs.openbsd.org 2010/03/13 21:45:46
|
|
[ssh-keygen.1]
|
|
Certificates are named *-cert.pub, not *_cert.pub; committing a diff
|
|
from stevesk@ ok me
|
|
- jmc@cvs.openbsd.org 2010/03/13 23:38:13
|
|
[ssh-keygen.1]
|
|
fix a formatting error (args need quoted); noted by stevesk
|
|
- stevesk@cvs.openbsd.org 2010/03/15 19:40:02
|
|
[key.c key.h ssh-keygen.c]
|
|
also print certificate type (user or host) for ssh-keygen -L
|
|
ok djm kettenis
|
|
- stevesk@cvs.openbsd.org 2010/03/16 15:46:52
|
|
[auth-options.c]
|
|
spelling in error message. ok djm kettenis
|
|
- djm@cvs.openbsd.org 2010/03/16 16:36:49
|
|
[version.h]
|
|
crank version to openssh-5.5 since we have a few fixes since 5.4;
|
|
requested deraadt@ kettenis@
|
|
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Crank version numbers
|
|
|
|
20100314
|
|
- (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix
|
|
compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot
|
|
AT fefe.de
|
|
- (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for
|
|
ssh-pkcs11-helper to repair static builds (we do the same for
|
|
ssh-keyscan). Reported by felix-mindrot AT fefe.de
|
|
|
|
20100312
|
|
- (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir)
|
|
- (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.
|
|
Patch from Corinna Vinschen.
|
|
- (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install
|
|
on a Cygwin installation. Patch from Corinna Vinschen.
|
|
|
|
20100311
|
|
- (tim) [contrib/suse/openssh.spec] crank version number here too.
|
|
report by imorgan AT nas.nasa.gov
|
|
|
|
20100309
|
|
- (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
|
|
so setting it in CFLAGS correctly skips IPv6 tests.
|
|
|
|
20100308
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/03/07 22:16:01
|
|
[ssh-keygen.c]
|
|
make internal strptime string match strftime format;
|
|
suggested by vinschen AT redhat.com and markus@
|
|
- djm@cvs.openbsd.org 2010/03/08 00:28:55
|
|
[ssh-keygen.1]
|
|
document permit-agent-forwarding certificate constraint; patch from
|
|
stevesk@
|
|
- djm@cvs.openbsd.org 2010/03/07 22:01:32
|
|
[version.h]
|
|
openssh-5.4
|
|
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
crank version numbers
|
|
- (djm) Release OpenSSH-5.4p1
|
|
|
|
20100307
|
|
- (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
|
|
it gets the passwd struct from the LAM that knows about the user which is
|
|
not necessarily the default. Patch from Alexandre Letourneau.
|
|
- (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
|
|
do not set real uid, since that's needed for the chroot, and will be set
|
|
by permanently_set_uid.
|
|
- (dtucker) [session.c] Also initialize creds to NULL for handing to
|
|
setpcred.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2010/03/07 11:57:13
|
|
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
|
|
Hold authentication debug messages until after successful authentication.
|
|
Fixes an info leak of environment variables specified in authorized_keys,
|
|
reported by Jacob Appelbaum. ok djm@
|
|
|
|
20100305
|
|
- OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/03/04 12:51:25
|
|
[ssh.1 sshd_config.5]
|
|
tweak previous;
|
|
- djm@cvs.openbsd.org 2010/03/04 20:35:08
|
|
[ssh-keygen.1 ssh-keygen.c]
|
|
Add a -L flag to print the contents of a certificate; ok markus@
|
|
- jmc@cvs.openbsd.org 2010/03/04 22:52:40
|
|
[ssh-keygen.1]
|
|
fix Bk/Ek;
|
|
- djm@cvs.openbsd.org 2010/03/04 23:17:25
|
|
[sshd_config.5]
|
|
missing word; spotted by jmc@
|
|
- djm@cvs.openbsd.org 2010/03/04 23:19:29
|
|
[ssh.1 sshd.8]
|
|
move section on CA and revoked keys from ssh.1 to sshd.8's known hosts
|
|
format section and rework it a bit; requested by jmc@
|
|
- djm@cvs.openbsd.org 2010/03/04 23:27:25
|
|
[auth-options.c ssh-keygen.c]
|
|
"force-command" is not spelled "forced-command"; spotted by
|
|
imorgan AT nas.nasa.gov
|
|
- djm@cvs.openbsd.org 2010/03/05 02:58:11
|
|
[auth.c]
|
|
make the warning for a revoked key louder and more noticable
|
|
- jmc@cvs.openbsd.org 2010/03/05 06:50:35
|
|
[ssh.1 sshd.8]
|
|
tweak previous;
|
|
- jmc@cvs.openbsd.org 2010/03/05 08:31:20
|
|
[ssh.1]
|
|
document certificate authentication; help/ok djm
|
|
- djm@cvs.openbsd.org 2010/03/05 10:28:21
|
|
[ssh-add.1 ssh.1 ssh_config.5]
|
|
mention loading of certificate files from [private]-cert.pub when
|
|
they are present; feedback and ok jmc@
|
|
- (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older
|
|
compilers. OK djm@
|
|
- (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure
|
|
on some platforms
|
|
- (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@
|
|
|
|
20100304
|
|
- (djm) [ssh-keygen.c] Use correct local variable, instead of
|
|
maybe-undefined global "optarg"
|
|
- (djm) [contrib/redhat/openssh.spec] Replace obsolete BuildPreReq
|
|
on XFree86-devel with neutral /usr/include/X11/Xlib.h;
|
|
imorgan AT nas.nasa.gov in bz#1731
|
|
- (djm) [.cvsignore] Ignore ssh-pkcs11-helper
|
|
- (djm) [regress/Makefile] Cleanup sshd_proxy_orig
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/03/03 01:44:36
|
|
[auth-options.c key.c]
|
|
reject strings with embedded ASCII nul chars in certificate key IDs,
|
|
principal names and constraints
|
|
- djm@cvs.openbsd.org 2010/03/03 22:49:50
|
|
[sshd.8]
|
|
the authorized_keys option for CA keys is "cert-authority", not
|
|
"from=cert-authority". spotted by imorgan AT nas.nasa.gov
|
|
- djm@cvs.openbsd.org 2010/03/03 22:50:40
|
|
[PROTOCOL.certkeys]
|
|
s/similar same/similar/; from imorgan AT nas.nasa.gov
|
|
- djm@cvs.openbsd.org 2010/03/04 01:44:57
|
|
[key.c]
|
|
use buffer_get_string_ptr_ret() where we are checking the return
|
|
value explicitly instead of the fatal()-causing buffer_get_string_ptr()
|
|
- djm@cvs.openbsd.org 2010/03/04 10:36:03
|
|
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
|
|
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
|
|
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
|
|
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
|
|
are trusted to authenticate users (in addition than doing it per-user
|
|
in authorized_keys).
|
|
|
|
Add a RevokedKeys option to sshd_config and a @revoked marker to
|
|
known_hosts to allow keys to me revoked and banned for user or host
|
|
authentication.
|
|
|
|
feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2010/03/03 00:47:23
|
|
[regress/cert-hostkey.sh regress/cert-userkey.sh]
|
|
add an extra test to ensure that authentication with the wrong
|
|
certificate fails as it should (and it does)
|
|
- djm@cvs.openbsd.org 2010/03/04 10:38:23
|
|
[regress/cert-hostkey.sh regress/cert-userkey.sh]
|
|
additional regression tests for revoked keys and TrustedUserCAKeys
|
|
|
|
20100303
|
|
- (djm) [PROTOCOL.certkeys] Add RCS Ident
|
|
- OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/02/26 22:09:28
|
|
[ssh-keygen.1 ssh.1 sshd.8]
|
|
tweak previous;
|
|
- otto@cvs.openbsd.org 2010/03/01 11:07:06
|
|
[ssh-add.c]
|
|
zap what seems to be a left-over debug message; ok markus@
|
|
- djm@cvs.openbsd.org 2010/03/02 23:20:57
|
|
[ssh-keygen.c]
|
|
POSIX strptime is stricter than OpenBSD's so do a little dance to
|
|
appease it.
|
|
- (djm) [regress/cert-userkey.sh] s/echo -n/echon/ here too
|
|
|
|
20100302
|
|
- (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
|
|
http://git.savannah.gnu.org/gitweb/ (2009-12-30 and 2010-01-22
|
|
respectively).
|
|
|
|
20100301
|
|
- (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace
|
|
"echo -n" with "echon" for portability.
|
|
- (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM
|
|
adjust log at verbose only, since according to cjwatson in bug #1470
|
|
some virtualization platforms don't allow writes.
|
|
|
|
20100228
|
|
- (djm) [auth.c] On Cygwin, refuse usernames that have differences in
|
|
case from that matched in the system password database. On this
|
|
platform, passwords are stored case-insensitively, but sshd requires
|
|
exact case matching for Match blocks in sshd_config(5). Based on
|
|
a patch from vinschen AT redhat.com.
|
|
- (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions
|
|
to make older compilers (gcc 2.95) happy.
|
|
|
|
20100227
|
|
- (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded
|
|
- (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment
|
|
variables copied into sshd child processes. From vinschen AT redhat.com
|
|
|
|
20100226
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/02/26 20:29:54
|
|
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
|
|
[auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
|
|
[hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
|
|
[myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
|
|
[ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
|
|
[sshconnect2.c sshd.8 sshd.c sshd_config.5]
|
|
Add support for certificate key types for users and hosts.
|
|
|
|
OpenSSH certificate key types are not X.509 certificates, but a much
|
|
simpler format that encodes a public key, identity information and
|
|
some validity constraints and signs it with a CA key. CA keys are
|
|
regular SSH keys. This certificate style avoids the attack surface
|
|
of X.509 certificates and is very easy to deploy.
|
|
|
|
Certified host keys allow automatic acceptance of new host keys
|
|
when a CA certificate is marked as trusted in ~/.ssh/known_hosts.
|
|
see VERIFYING HOST KEYS in ssh(1) for details.
|
|
|
|
Certified user keys allow authentication of users when the signing
|
|
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
|
|
FILE FORMAT" in sshd(8) for details.
|
|
|
|
Certificates are minted using ssh-keygen(1), documentation is in
|
|
the "CERTIFICATES" section of that manpage.
|
|
|
|
Documentation on the format of certificates is in the file
|
|
PROTOCOL.certkeys
|
|
|
|
feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2010/02/26 20:33:21
|
|
[Makefile regress/cert-hostkey.sh regress/cert-userkey.sh]
|
|
regression tests for certified keys
|
|
|
|
20100224
|
|
- (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
|
|
[ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/02/11 20:37:47
|
|
[pathnames.h]
|
|
correct comment
|
|
- dtucker@cvs.openbsd.org 2009/11/09 04:20:04
|
|
[regress/Makefile]
|
|
add regression test for ssh-keygen pubkey conversions
|
|
- dtucker@cvs.openbsd.org 2010/01/11 02:53:44
|
|
[regress/forwarding.sh]
|
|
regress test for stdio forwarding
|
|
- djm@cvs.openbsd.org 2010/02/09 04:57:36
|
|
[regress/addrmatch.sh]
|
|
clean up droppings
|
|
- djm@cvs.openbsd.org 2010/02/09 06:29:02
|
|
[regress/Makefile]
|
|
turn on all the malloc(3) checking options when running regression
|
|
tests. this has caught a few bugs for me in the past; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/02/24 06:21:56
|
|
[regress/test-exec.sh]
|
|
wait for sshd to fully stop in cleanup() function; avoids races in tests
|
|
that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@
|
|
- markus@cvs.openbsd.org 2010/02/08 10:52:47
|
|
[regress/agent-pkcs11.sh]
|
|
test for PKCS#11 support (currently disabled)
|
|
- (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper
|
|
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Add PKCS#11 helper binary and manpage
|
|
|
|
20100212
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/02/02 22:49:34
|
|
[bufaux.c]
|
|
make buffer_get_string_ret() really non-fatal in all cases (it was
|
|
using buffer_get_int(), which could fatal() on buffer empty);
|
|
ok markus dtucker
|
|
- markus@cvs.openbsd.org 2010/02/08 10:50:20
|
|
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
|
|
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
|
|
replace our obsolete smartcard code with PKCS#11.
|
|
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
|
|
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
|
|
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
|
|
a forked a ssh-pkcs11-helper process.
|
|
PKCS#11 is currently a compile time option.
|
|
feedback and ok djm@; inspired by patches from Alon Bar-Lev
|
|
- jmc@cvs.openbsd.org 2010/02/08 22:03:05
|
|
[ssh-add.1 ssh-keygen.1 ssh.1 ssh.c]
|
|
tweak previous; ok markus
|
|
- djm@cvs.openbsd.org 2010/02/09 00:50:36
|
|
[ssh-agent.c]
|
|
fallout from PKCS#11: unbreak -D
|
|
- djm@cvs.openbsd.org 2010/02/09 00:50:59
|
|
[ssh-keygen.c]
|
|
fix -Wall
|
|
- djm@cvs.openbsd.org 2010/02/09 03:56:28
|
|
[buffer.c buffer.h]
|
|
constify the arguments to buffer_len, buffer_ptr and buffer_dump
|
|
- djm@cvs.openbsd.org 2010/02/09 06:18:46
|
|
[auth.c]
|
|
unbreak ChrootDirectory+internal-sftp by skipping check for executable
|
|
shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
|
|
- markus@cvs.openbsd.org 2010/02/10 23:20:38
|
|
[ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5]
|
|
pkcs#11 is no longer optional; improve wording; ok jmc@
|
|
- jmc@cvs.openbsd.org 2010/02/11 13:23:29
|
|
[ssh.1]
|
|
libarary -> library;
|
|
- (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
|
|
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
|
|
Remove obsolete smartcard support
|
|
- (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
|
|
Make it compile on OSX
|
|
- (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
|
|
Use ssh_get_progname to fill __progname
|
|
- (djm) [configure.ac] Enable PKCS#11 support only when we find a working
|
|
dlopen()
|
|
|
|
20100210
|
|
- (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for
|
|
getseuserbyname; patch from calebcase AT gmail.com via
|
|
cjwatson AT debian.org
|
|
|
|
20100202
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/01/30 21:08:33
|
|
[sshd.8]
|
|
debug output goes to stderr, not "the system log"; ok markus dtucker
|
|
- djm@cvs.openbsd.org 2010/01/30 21:12:08
|
|
[channels.c]
|
|
fake local addr:port when stdio fowarding as some servers (Tectia at
|
|
least) validate that they are well-formed;
|
|
reported by imorgan AT nas.nasa.gov
|
|
ok dtucker
|
|
|
|
20100130
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/01/28 00:21:18
|
|
[clientloop.c]
|
|
downgrade an error() to a debug() - this particular case can be hit in
|
|
normal operation for certain sequences of mux slave vs session closure
|
|
and is harmless
|
|
- djm@cvs.openbsd.org 2010/01/29 00:20:41
|
|
[sshd.c]
|
|
set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
|
|
ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/01/29 20:16:17
|
|
[mux.c]
|
|
kill correct channel (was killing already-dead mux channel, not
|
|
its session channel)
|
|
- djm@cvs.openbsd.org 2010/01/30 02:54:53
|
|
[mux.c]
|
|
don't mark channel as read failed if it is already closing; suppresses
|
|
harmless error messages when connecting to SSH.COM Tectia server
|
|
report by imorgan AT nas.nasa.gov
|
|
|
|
20100129
|
|
- (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()
|
|
after registering the hardware engines, which causes the openssl.cnf file to
|
|
be processed. See OpenSSL's man page for OPENSSL_config(3) for details.
|
|
Patch from Solomon Peachy, ok djm@.
|
|
|
|
20100128
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/01/26 02:15:20
|
|
[mux.c]
|
|
-Wuninitialized and remove a // comment; from portable
|
|
(Id sync only)
|
|
- djm@cvs.openbsd.org 2010/01/27 13:26:17
|
|
[mux.c]
|
|
fix bug introduced in mux rewrite:
|
|
|
|
In a mux master, when a socket to a mux slave closes before its server
|
|
session (as may occur when the slave has been signalled), gracefully
|
|
close the server session rather than deleting its channel immediately.
|
|
A server may have more messages on that channel to send (e.g. an exit
|
|
message) that will fatal() the client if they are sent to a channel that
|
|
has been prematurely deleted.
|
|
|
|
spotted by imorgan AT nas.nasa.gov
|
|
- djm@cvs.openbsd.org 2010/01/27 19:21:39
|
|
[sftp.c]
|
|
add missing "p" flag to getopt optstring;
|
|
bz#1704 from imorgan AT nas.nasa.gov
|
|
|
|
20100126
|
|
- (djm) OpenBSD CVS Sync
|
|
- tedu@cvs.openbsd.org 2010/01/17 21:49:09
|
|
[ssh-agent.1]
|
|
Correct and clarify ssh-add's password asking behavior.
|
|
Improved text dtucker and ok jmc
|
|
- dtucker@cvs.openbsd.org 2010/01/18 01:50:27
|
|
[roaming_client.c]
|
|
s/long long unsigned/unsigned long long/, from tim via portable
|
|
(Id sync only, change already in portable)
|
|
- djm@cvs.openbsd.org 2010/01/26 01:28:35
|
|
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
|
|
rewrite ssh(1) multiplexing code to a more sensible protocol.
|
|
|
|
The new multiplexing code uses channels for the listener and
|
|
accepted control sockets to make the mux master non-blocking, so
|
|
no stalls when processing messages from a slave.
|
|
|
|
avoid use of fatal() in mux master protocol parsing so an errant slave
|
|
process cannot take down a running master.
|
|
|
|
implement requesting of port-forwards over multiplexed sessions. Any
|
|
port forwards requested by the slave are added to those the master has
|
|
established.
|
|
|
|
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
|
|
|
|
document master/slave mux protocol so that other tools can use it to
|
|
control a running ssh(1). Note: there are no guarantees that this
|
|
protocol won't be incompatibly changed (though it is versioned).
|
|
|
|
feedback Salvador Fandino, dtucker@
|
|
channel changes ok markus@
|
|
|
|
20100122
|
|
- (tim) [configure.ac] Due to constraints in Windows Sockets in terms of
|
|
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
|
|
in Cygwin to 65535. Patch from Corinna Vinschen.
|
|
|
|
20100117
|
|
- (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too.
|
|
- (tim) [configure.ac] On SVR5 systems, use the C99-conforming functions
|
|
snprintf() and vsnprintf() named _xsnprintf() and _xvsnprintf().
|
|
|
|
20100116
|
|
- (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h
|
|
so we correctly detect whether or not we have a native user_from_uid.
|
|
- (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid
|
|
and group_from_gid.
|
|
- (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by
|
|
Tim.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2010/01/15 09:24:23
|
|
[sftp-common.c]
|
|
unused
|
|
- (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused
|
|
variable warnings.
|
|
- (dtucker) [openbsd-compat/openbsd-compat.h] Typo.
|
|
- (tim) [regress/portnum.sh] Shell portability fix.
|
|
- (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native
|
|
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
|
|
- (tim) [roaming_client.c] Use of <sys/queue.h> is not really portable so we
|
|
use "openbsd-compat/sys-queue.h". s/long long unsigned/unsigned long long/
|
|
to keep USL compilers happy.
|
|
|
|
20100115
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2010/01/13 12:48:34
|
|
[sftp.1 sftp.c]
|
|
sftp.1: put ls -h in the right place
|
|
sftp.c: as above, plus add -p to get/put, and shorten their arg names
|
|
to keep the help usage nicely aligned
|
|
ok djm
|
|
- djm@cvs.openbsd.org 2010/01/13 23:47:26
|
|
[auth.c]
|
|
when using ChrootDirectory, make sure we test for the existence of the
|
|
user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
|
|
ok dtucker
|
|
- dtucker@cvs.openbsd.org 2010/01/14 23:41:49
|
|
[sftp-common.c]
|
|
use user_from{uid,gid} to lookup up ids since it keeps a small cache.
|
|
ok djm
|
|
- guenther@cvs.openbsd.org 2010/01/15 00:05:22
|
|
[sftp.c]
|
|
Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp
|
|
inherited SIGTERM as ignored it will still be able to kill the ssh it
|
|
starts.
|
|
ok dtucker@
|
|
- (dtucker) [openbsd-compat/pwcache.c] Pull in pwcache.c from OpenBSD (no
|
|
changes yet but there will be some to come).
|
|
- (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability
|
|
for pwcache. Also, added caching of negative hits.
|
|
|
|
20100114
|
|
- (djm) [platform.h] Add missing prototype for
|
|
platform_krb5_get_principal_name
|
|
|
|
20100113
|
|
- (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs.
|
|
- (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18:
|
|
missing restore of SIGTTOU and some whitespace.
|
|
- (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21.
|
|
- (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22.
|
|
Fixes bz #1590, where sometimes you could not interrupt a connection while
|
|
ssh was prompting for a passphrase or password.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2010/01/13 00:19:04
|
|
[sshconnect.c auth.c]
|
|
Fix a couple of typos/mispellings in comments
|
|
- dtucker@cvs.openbsd.org 2010/01/13 01:10:56
|
|
[key.c]
|
|
Ignore and log any Protocol 1 keys where the claimed size is not equal to
|
|
the actual size. Noted by Derek Martin, ok djm@
|
|
- dtucker@cvs.openbsd.org 2010/01/13 01:20:20
|
|
[canohost.c ssh-keysign.c sshconnect2.c]
|
|
Make HostBased authentication work with a ProxyCommand. bz #1569, patch
|
|
from imorgan at nas nasa gov, ok djm@
|
|
- djm@cvs.openbsd.org 2010/01/13 01:40:16
|
|
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
|
|
support '-h' (human-readable units) for sftp's ls command, just like
|
|
ls(1); ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/01/13 03:48:13
|
|
[servconf.c servconf.h sshd.c]
|
|
avoid run-time failures when specifying hostkeys via a relative
|
|
path by prepending the cwd in these cases; bz#1290; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/01/13 04:10:50
|
|
[sftp.c]
|
|
don't append a space after inserting a completion of a directory (i.e.
|
|
a path ending in '/') for a slightly better user experience; ok dtucker@
|
|
- (dtucker) [sftp-common.c] Wrap include of util.h in an ifdef.
|
|
- (tim) [defines.h] openbsd-compat/readpassphrase.c now needs _NSIG.
|
|
feedback and ok dtucker@
|
|
|
|
20100112
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2010/01/11 01:39:46
|
|
[ssh_config channels.c ssh.1 channels.h ssh.c]
|
|
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
|
|
single port forward on the server. This allows, for example, using ssh as
|
|
a ProxyCommand to route connections via intermediate servers.
|
|
bz #1618, man page help from jmc@, ok markus@
|
|
- dtucker@cvs.openbsd.org 2010/01/11 04:46:45
|
|
[authfile.c sshconnect2.c]
|
|
Do not prompt for a passphrase if we fail to open a keyfile, and log the
|
|
reason the open failed to debug.
|
|
bz #1693, found by tj AT castaglia org, ok djm@
|
|
- djm@cvs.openbsd.org 2010/01/11 10:51:07
|
|
[ssh-keygen.c]
|
|
when converting keys, truncate key comments at 72 chars as per RFC4716;
|
|
bz#1630 reported by tj AT castaglia.org; ok markus@
|
|
- dtucker@cvs.openbsd.org 2010/01/12 00:16:47
|
|
[authfile.c]
|
|
Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.
|
|
Patch from joachim joachimschipper nl.
|
|
- djm@cvs.openbsd.org 2010/01/12 00:58:25
|
|
[monitor_fdpass.c]
|
|
avoid spinning when fd passing on nonblocking sockets by calling poll()
|
|
in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/01/12 00:59:29
|
|
[roaming_common.c]
|
|
delete with extreme prejudice a debug() that fired with every keypress;
|
|
ok dtucker deraadt
|
|
- dtucker@cvs.openbsd.org 2010/01/12 01:31:05
|
|
[session.c]
|
|
Do not allow logins if /etc/nologin exists but is not readable by the user
|
|
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
|
|
- djm@cvs.openbsd.org 2010/01/12 01:36:08
|
|
[buffer.h bufaux.c]
|
|
add a buffer_get_string_ptr_ret() that does the same as
|
|
buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2010/01/12 08:33:17
|
|
[session.c]
|
|
Add explicit stat so we reliably detect nologin with bad perms.
|
|
ok djm markus
|
|
|
|
20100110
|
|
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
|
|
Remove hacks add for RoutingDomain in preparation for its removal.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
|
|
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
|
|
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
|
|
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
|
|
Remove RoutingDomain from ssh since it's now not needed. It can be
|
|
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
|
|
also ensures that trafic such as DNS lookups stays withing the specified
|
|
routingdomain. For example (from reyk):
|
|
# route -T 2 exec /usr/sbin/sshd
|
|
or inherited from the parent process
|
|
$ route -T 2 exec sh
|
|
$ ssh 10.1.2.3
|
|
ok deraadt@ markus@ stevesk@ reyk@
|
|
- dtucker@cvs.openbsd.org 2010/01/10 03:51:17
|
|
[servconf.c]
|
|
Add ChrootDirectory to sshd.c test-mode output
|
|
- dtucker@cvs.openbsd.org 2010/01/10 07:15:56
|
|
[auth.c]
|
|
Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
|
|
|
|
20100109
|
|
- (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't
|
|
have it.
|
|
- (dtucker) [defines.h] define PRIu64 for platforms that don't have it.
|
|
- (dtucker) [roaming_client.c] Wrap inttypes.h in an ifdef.
|
|
- (dtucker) [loginrec.c] Use the SUSv3 specified name for the user name
|
|
when using utmpx. Patch from Ed Schouten.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2010/01/09 00:20:26
|
|
[sftp-server.c sftp-server.8]
|
|
add a 'read-only' mode to sftp-server(8) that disables open in write mode
|
|
and all other fs-modifying protocol methods. bz#430 ok dtucker@
|
|
- djm@cvs.openbsd.org 2010/01/09 00:57:10
|
|
[PROTOCOL]
|
|
tweak language
|
|
- jmc@cvs.openbsd.org 2010/01/09 03:36:00
|
|
[sftp-server.8]
|
|
bad place to forget a comma...
|
|
- djm@cvs.openbsd.org 2010/01/09 05:04:24
|
|
[mux.c sshpty.h clientloop.c sshtty.c]
|
|
quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
|
|
usually don't actually have a tty to read/set; bz#1686 ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2010/01/09 05:17:00
|
|
[roaming_client.c]
|
|
Remove a PRIu64 format string that snuck in with roaming. ok djm@
|
|
- dtucker@cvs.openbsd.org 2010/01/09 11:13:02
|
|
[sftp.c]
|
|
Prevent sftp from derefing a null pointer when given a "-" without a
|
|
command. Also, allow whitespace to follow a "-". bz#1691, path from
|
|
Colin Watson via Debian. ok djm@ deraadt@
|
|
- dtucker@cvs.openbsd.org 2010/01/09 11:17:56
|
|
[sshd.c]
|
|
Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs
|
|
itself. Prevents two HUPs in quick succession from resulting in sshd
|
|
dying. bz#1692, patch from Colin Watson via Ubuntu.
|
|
- (dtucker) [defines.h] Remove now-undeeded PRIu64 define.
|
|
|
|
20100108
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- andreas@cvs.openbsd.org 2009/10/24 11:11:58
|
|
[roaming.h]
|
|
Declarations needed for upcoming changes.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/10/24 11:13:54
|
|
[sshconnect2.c kex.h kex.c]
|
|
Let the client detect if the server supports roaming by looking
|
|
for the resume@appgate.com kex algorithm.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/10/24 11:15:29
|
|
[clientloop.c]
|
|
client_loop() must detect if the session has been suspended and resumed,
|
|
and take appropriate action in that case.
|
|
From Martin Forssen, maf at appgate dot com
|
|
- andreas@cvs.openbsd.org 2009/10/24 11:19:17
|
|
[ssh2.h]
|
|
Define the KEX messages used when resuming a suspended connection.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/10/24 11:22:37
|
|
[roaming_common.c]
|
|
Do the actual suspend/resume in the client. This won't be useful until
|
|
the server side supports roaming.
|
|
Most code from Martin Forssen, maf at appgate dot com. Some changes by
|
|
me and markus@
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/10/24 11:23:42
|
|
[ssh.c]
|
|
Request roaming to be enabled if UseRoaming is true and the server
|
|
supports it.
|
|
ok markus@
|
|
- reyk@cvs.openbsd.org 2009/10/28 16:38:18
|
|
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
|
|
channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
|
|
sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
|
|
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
|
|
ok markus@
|
|
- jmc@cvs.openbsd.org 2009/10/28 21:45:08
|
|
[sshd_config.5 sftp.1]
|
|
tweak previous;
|
|
- djm@cvs.openbsd.org 2009/11/10 02:56:22
|
|
[ssh_config.5]
|
|
explain the constraints on LocalCommand some more so people don't
|
|
try to abuse it.
|
|
- djm@cvs.openbsd.org 2009/11/10 02:58:56
|
|
[sshd_config.5]
|
|
clarify that StrictModes does not apply to ChrootDirectory. Permissions
|
|
and ownership are always checked when chrooting. bz#1532
|
|
- dtucker@cvs.openbsd.org 2009/11/10 04:30:45
|
|
[sshconnect2.c channels.c sshconnect.c]
|
|
Set close-on-exec on various descriptors so they don't get leaked to
|
|
child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
|
|
- markus@cvs.openbsd.org 2009/11/11 21:37:03
|
|
[channels.c channels.h]
|
|
fix race condition in x11/agent channel allocation: don't read after
|
|
the end of the select read/write fdset and make sure a reused FD
|
|
is not touched before the pre-handlers are called.
|
|
with and ok djm@
|
|
- djm@cvs.openbsd.org 2009/11/17 05:31:44
|
|
[clientloop.c]
|
|
fix incorrect exit status when multiplexing and channel ID 0 is recycled
|
|
bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
|
|
- djm@cvs.openbsd.org 2009/11/19 23:39:50
|
|
[session.c]
|
|
bz#1606: error when an attempt is made to connect to a server
|
|
with ForceCommand=internal-sftp with a shell session (i.e. not a
|
|
subsystem session). Avoids stuck client when attempting to ssh to such a
|
|
service. ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2009/11/20 00:15:41
|
|
[session.c]
|
|
Warn but do not fail if stat()ing the subsystem binary fails. This helps
|
|
with chrootdirectory+forcecommand=sftp-server and restricted shells.
|
|
bz #1599, ok djm.
|
|
- djm@cvs.openbsd.org 2009/11/20 00:54:01
|
|
[sftp.c]
|
|
bz#1588 change "Connecting to host..." message to "Connected to host."
|
|
and delay it until after the sftp protocol connection has been established.
|
|
Avoids confusing sequence of messages when the underlying ssh connection
|
|
experiences problems. ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2009/11/20 00:59:36
|
|
[sshconnect2.c]
|
|
Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
|
|
- djm@cvs.openbsd.org 2009/11/20 03:24:07
|
|
[misc.c]
|
|
correct off-by-one in percent_expand(): we would fatal() when trying
|
|
to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
|
|
work. Note that nothing in OpenSSH actually uses close to this limit at
|
|
present. bz#1607 from Jan.Pechanec AT Sun.COM
|
|
- halex@cvs.openbsd.org 2009/11/22 13:18:00
|
|
[sftp.c]
|
|
make passing of zero-length arguments to ssh safe by
|
|
passing "-<switch>" "<value>" rather than "-<switch><value>"
|
|
ok dtucker@, guenther@, djm@
|
|
- dtucker@cvs.openbsd.org 2009/12/06 23:41:15
|
|
[sshconnect2.c]
|
|
zap unused variable and strlen; from Steve McClellan, ok djm
|
|
- djm@cvs.openbsd.org 2009/12/06 23:53:45
|
|
[roaming_common.c]
|
|
use socklen_t for getsockopt optlen parameter; reported by
|
|
Steve.McClellan AT radisys.com, ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2009/12/06 23:53:54
|
|
[sftp.c]
|
|
fix potential divide-by-zero in sftp's "df" output when talking to a server
|
|
that reports zero files on the filesystem (Unix filesystems always have at
|
|
least the root inode). From Steve McClellan at radisys, ok djm@
|
|
- markus@cvs.openbsd.org 2009/12/11 18:16:33
|
|
[key.c]
|
|
switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537
|
|
for the RSA public exponent; discussed with provos; ok djm@
|
|
- guenther@cvs.openbsd.org 2009/12/20 07:28:36
|
|
[ssh.c sftp.c scp.c]
|
|
When passing user-controlled options with arguments to other programs,
|
|
pass the option and option argument as separate argv entries and
|
|
not smashed into one (e.g., as -l foo and not -lfoo). Also, always
|
|
pass a "--" argument to stop option parsing, so that a positional
|
|
argument that starts with a '-' isn't treated as an option. This
|
|
fixes some error cases as well as the handling of hostnames and
|
|
filenames that start with a '-'.
|
|
Based on a diff by halex@
|
|
ok halex@ djm@ deraadt@
|
|
- djm@cvs.openbsd.org 2009/12/20 23:20:40
|
|
[PROTOCOL]
|
|
fix an incorrect magic number and typo in PROTOCOL; bz#1688
|
|
report and fix from ueno AT unixuser.org
|
|
- stevesk@cvs.openbsd.org 2009/12/25 19:40:21
|
|
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
|
|
validate routing domain is in range 0-RT_TABLEID_MAX.
|
|
'Looks right' deraadt@
|
|
- stevesk@cvs.openbsd.org 2009/12/29 16:38:41
|
|
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
|
|
Rename RDomain config option to RoutingDomain to be more clear and
|
|
consistent with other options.
|
|
NOTE: if you currently use RDomain in the ssh client or server config,
|
|
or ssh/sshd -o, you must update to use RoutingDomain.
|
|
ok markus@ djm@
|
|
- jmc@cvs.openbsd.org 2009/12/29 18:03:32
|
|
[sshd_config.5 ssh_config.5]
|
|
sort previous;
|
|
- dtucker@cvs.openbsd.org 2010/01/04 01:45:30
|
|
[sshconnect2.c]
|
|
Don't escape backslashes in the SSH2 banner. bz#1533, patch from
|
|
Michal Gorny via Gentoo.
|
|
- djm@cvs.openbsd.org 2010/01/04 02:03:57
|
|
[sftp.c]
|
|
Implement tab-completion of commands, local and remote filenames for sftp.
|
|
Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009
|
|
Google Summer of Code) and polished to a fine sheen by myself again.
|
|
It should deal more-or-less correctly with the ikky corner-cases presented
|
|
by quoted filenames, but the UI could still be slightly improved.
|
|
In particular, it is quite slow for remote completion on large directories.
|
|
bz#200; ok markus@
|
|
- djm@cvs.openbsd.org 2010/01/04 02:25:15
|
|
[sftp-server.c]
|
|
bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
|
|
ok markus@
|
|
- dtucker@cvs.openbsd.org 2010/01/08 21:50:49
|
|
[sftp.c]
|
|
Fix two warnings: possibly used unitialized and use a nul byte instead of
|
|
NULL pointer. ok djm@
|
|
- (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new
|
|
files for roaming and add to Makefile.
|
|
- (dtucker) [Makefile.in] .c files do not belong in the OBJ lines.
|
|
- (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that
|
|
don't have libedit.
|
|
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make
|
|
RoutingDomain an unsupported option on platforms that don't have it.
|
|
- (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remote
|
|
too.
|
|
- (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket to
|
|
be created.
|
|
- (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN more
|
|
to eliminate an unused variable warning.
|
|
- (dtucker) [roaming_serv.c] Include includes.h for u_intXX_t types.
|
|
|
|
20091226
|
|
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
|
|
Gzip all man pages. Patch from Corinna Vinschen.
|
|
|
|
20091221
|
|
- (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
|
|
Bug #1583: Use system's kerberos principal name on AIX if it's available.
|
|
Based on a patch from and tested by Miguel Sanders
|
|
|
|
20091208
|
|
- (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,
|
|
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
|
|
|
|
20091207
|
|
- (dtucker) Bug #1160: use pkg-config for opensc config if it's available.
|
|
Tested by Martin Paljak.
|
|
- (dtucker) Bug #1677: add conditionals around the source for ssh-askpass.
|
|
|
|
20091121
|
|
- (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
|
|
Bug 1628. OK dtucker@
|
|
|
|
20091120
|
|
- (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
|
|
line arguments as none are supported. Exit when passed unrecognised
|
|
commandline flags. bz#1568 from gson AT araneus.fi
|
|
|
|
20091118
|
|
- (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
|
|
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
|
|
setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
|
|
bz#1648, report and fix from jan.kratochvil AT redhat.com
|
|
- (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
|
|
bz#1645, patch from jchadima AT redhat.com
|
|
|
|
20091107
|
|
- (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
|
|
keys when built with OpenSSL versions that don't do AES.
|
|
|
|
20091105
|
|
- (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
|
|
older versions of OpenSSL.
|
|
|
|
20091024
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2009/10/11 23:03:15
|
|
[hostfile.c]
|
|
mention the host name that we are looking for in check_host_in_hostfile()
|
|
- sobrado@cvs.openbsd.org 2009/10/17 12:10:39
|
|
[sftp-server.c]
|
|
sort flags.
|
|
- sobrado@cvs.openbsd.org 2009/10/22 12:35:53
|
|
[ssh.1 ssh-agent.1 ssh-add.1]
|
|
use the UNIX-related macros (.At and .Ux) where appropriate.
|
|
ok jmc@
|
|
- sobrado@cvs.openbsd.org 2009/10/22 15:02:12
|
|
[ssh-agent.1 ssh-add.1 ssh.1]
|
|
write UNIX-domain in a more consistent way; while here, replace a
|
|
few remaining ".Tn UNIX" macros with ".Ux" ones.
|
|
pointed out by ratchov@, thanks!
|
|
ok jmc@
|
|
- djm@cvs.openbsd.org 2009/10/22 22:26:13
|
|
[authfile.c]
|
|
switch from 3DES to AES-128 for encryption of passphrase-protected
|
|
SSH protocol 2 private keys; ok several
|
|
- djm@cvs.openbsd.org 2009/10/23 01:57:11
|
|
[sshconnect2.c]
|
|
disallow a hostile server from checking jpake auth by sending an
|
|
out-of-sequence success message. (doesn't affect code enabled by default)
|
|
- dtucker@cvs.openbsd.org 2009/10/24 00:48:34
|
|
[ssh-keygen.1]
|
|
ssh-keygen now uses AES-128 for private keys
|
|
- (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.
|
|
- (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
|
|
is enabled set the security context to "sftpd_t" before running the
|
|
internal sftp server Based on a patch from jchadima at redhat.
|
|
|
|
20091011
|
|
- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
|
|
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
|
|
lstat.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2009/10/08 14:03:41
|
|
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
|
|
disable protocol 1 by default (after a transition period of about 10 years)
|
|
ok deraadt
|
|
- jmc@cvs.openbsd.org 2009/10/08 20:42:12
|
|
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
|
|
some tweaks now that protocol 1 is not offered by default; ok markus
|
|
- dtucker@cvs.openbsd.org 2009/10/11 10:41:26
|
|
[sftp-client.c]
|
|
d_type isn't portable so use lstat to get dirent modes. Suggested by and
|
|
"looks sane" deraadt@
|
|
- markus@cvs.openbsd.org 2009/10/08 18:04:27
|
|
[regress/test-exec.sh]
|
|
re-enable protocol v1 for the tests.
|
|
|
|
20091007
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2009/08/12 00:13:00
|
|
[sftp.c sftp.1]
|
|
support most of scp(1)'s commandline arguments in sftp(1), as a first
|
|
step towards making sftp(1) a drop-in replacement for scp(1).
|
|
One conflicting option (-P) has not been changed, pending further
|
|
discussion.
|
|
Patch from carlosvsilvapt@gmail.com as part of his work in the
|
|
Google Summer of Code
|
|
- jmc@cvs.openbsd.org 2009/08/12 06:31:42
|
|
[sftp.1]
|
|
sort options;
|
|
- djm@cvs.openbsd.org 2009/08/13 01:11:19
|
|
[sftp.1 sftp.c]
|
|
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
|
|
add "-P port" to match scp(1). Fortunately, the -P option is only really
|
|
used by our regression scripts.
|
|
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
|
|
of Code work; ok deraadt markus
|
|
- jmc@cvs.openbsd.org 2009/08/13 13:39:54
|
|
[sftp.1 sftp.c]
|
|
sync synopsis and usage();
|
|
- djm@cvs.openbsd.org 2009/08/14 18:17:49
|
|
[sftp-client.c]
|
|
make the "get_handle: ..." error messages vaguely useful by allowing
|
|
callers to specify their own error message strings.
|
|
- fgsch@cvs.openbsd.org 2009/08/15 18:56:34
|
|
[auth.h]
|
|
remove unused define. markus@ ok.
|
|
(Id sync only, Portable still uses this.)
|
|
- dtucker@cvs.openbsd.org 2009/08/16 23:29:26
|
|
[sshd_config.5]
|
|
Add PubkeyAuthentication to the list allowed in a Match block (bz #1577)
|
|
- djm@cvs.openbsd.org 2009/08/18 18:36:21
|
|
[sftp-client.h sftp.1 sftp-client.c sftp.c]
|
|
recursive transfer support for get/put and on the commandline
|
|
work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code
|
|
with some tweaks by me; "go for it" deraadt@
|
|
- djm@cvs.openbsd.org 2009/08/18 21:15:59
|
|
[sftp.1]
|
|
fix "get" command usage, spotted by jmc@
|
|
- jmc@cvs.openbsd.org 2009/08/19 04:56:03
|
|
[sftp.1]
|
|
ether -> either;
|
|
- dtucker@cvs.openbsd.org 2009/08/20 23:54:28
|
|
[mux.c]
|
|
subsystem_flag is defined in ssh.c so it's extern; ok djm
|
|
- djm@cvs.openbsd.org 2009/08/27 17:28:52
|
|
[sftp-server.c]
|
|
allow setting an explicit umask on the commandline to override whatever
|
|
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
|
|
- djm@cvs.openbsd.org 2009/08/27 17:33:49
|
|
[ssh-keygen.c]
|
|
force use of correct hash function for random-art signature display
|
|
as it was inheriting the wrong one when bubblebabble signatures were
|
|
activated; bz#1611 report and patch from fwojcik+openssh AT besh.com;
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2009/08/27 17:43:00
|
|
[sftp-server.8]
|
|
allow setting an explicit umask on the commandline to override whatever
|
|
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
|
|
- djm@cvs.openbsd.org 2009/08/27 17:44:52
|
|
[authfd.c ssh-add.c authfd.h]
|
|
Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
|
|
when the agent refuses the constrained add request. This was a useful
|
|
migration measure back in 2002 when constraints were new, but just
|
|
adds risk now.
|
|
bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
|
|
- djm@cvs.openbsd.org 2009/08/31 20:56:02
|
|
[sftp-server.c]
|
|
check correct variable for error message, spotted by martynas@
|
|
- djm@cvs.openbsd.org 2009/08/31 21:01:29
|
|
[sftp-server.8]
|
|
document -e and -h; prodded by jmc@
|
|
- djm@cvs.openbsd.org 2009/09/01 14:43:17
|
|
[ssh-agent.c]
|
|
fix a race condition in ssh-agent that could result in a wedged or
|
|
spinning agent: don't read off the end of the allocated fd_sets, and
|
|
don't issue blocking read/write on agent sockets - just fall back to
|
|
select() on retriable read/write errors. bz#1633 reported and tested
|
|
by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
|
|
- grunk@cvs.openbsd.org 2009/10/01 11:37:33
|
|
[dh.c]
|
|
fix a cast
|
|
ok djm@ markus@
|
|
- djm@cvs.openbsd.org 2009/10/06 04:46:40
|
|
[session.c]
|
|
bz#1596: fflush(NULL) before exec() to ensure that everying (motd
|
|
in particular) has made it out before the streams go away.
|
|
- djm@cvs.openbsd.org 2008/12/07 22:17:48
|
|
[regress/addrmatch.sh]
|
|
match string "passwordauthentication" only at start of line, not anywhere
|
|
in sshd -T output
|
|
- dtucker@cvs.openbsd.org 2009/05/05 07:51:36
|
|
[regress/multiplex.sh]
|
|
Always specify ssh_config for multiplex tests: prevents breakage caused
|
|
by options in ~/.ssh/config. From Dan Peterson.
|
|
- djm@cvs.openbsd.org 2009/08/13 00:57:17
|
|
[regress/Makefile]
|
|
regression test for port number parsing. written as part of the a2port
|
|
change that went into 5.2 but I forgot to commit it at the time...
|
|
- djm@cvs.openbsd.org 2009/08/13 01:11:55
|
|
[regress/sftp-batch.sh regress/sftp-badcmds.sh regress/sftp.sh
|
|
regress/sftp-cmds.sh regres/sftp-glob.sh]
|
|
date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7
|
|
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
|
|
add "-P port" to match scp(1). Fortunately, the -P option is only really
|
|
used by our regression scripts.
|
|
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
|
|
of Code work; ok deraadt markus
|
|
- djm@cvs.openbsd.org 2009/08/20 18:43:07
|
|
[regress/ssh-com-sftp.sh]
|
|
fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
|
|
Silva for Google Summer of Code
|
|
- dtucker@cvs.openbsd.org 2009/10/06 23:51:49
|
|
[regress/ssh2putty.sh]
|
|
Add OpenBSD tag to make syncs easier
|
|
- (dtucker) [regress/portnum.sh] Import new test.
|
|
- (dtucker) [configure.ac sftp-client.c] DTOTIF is in fs/ffs/dir.h on at
|
|
least dragonflybsd.
|
|
- (dtucker) d_type is not mandated by POSIX, so add fallback code using
|
|
stat(), needed on at least cygwin.
|
|
|
|
20091002
|
|
- (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps.
|
|
spotted by des AT des.no
|
|
|
|
20090926
|
|
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Update for release
|
|
- (djm) [README] update relnotes URL
|
|
- (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere
|
|
- (djm) Release 5.3p1
|
|
|
|
20090911
|
|
- (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
|
|
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
|
|
from jbasney at ncsa uiuc edu.
|
|
|
|
20090908
|
|
- (djm) [serverloop.c] Fix test for server-assigned remote forwarding port
|
|
(-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@
|
|
|
|
20090901
|
|
- (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for
|
|
krb5-config if it's not in the location specified by --with-kerberos5.
|
|
Patch from jchadima at redhat.
|
|
|
|
20090829
|
|
- (dtucker) [README.platform] Add text about development packages, based on
|
|
text from Chris Pepper in bug #1631.
|
|
|
|
20090828
|
|
- dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently
|
|
causes problems in some Tru64 configurations.
|
|
- (djm) [sshd_config.5] downgrade mention of login.conf to be an example
|
|
and mention PAM as another provider for ChallengeResponseAuthentication;
|
|
bz#1408; ok dtucker@
|
|
- (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when
|
|
attempting atomic rename(); ok dtucker@
|
|
- (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables
|
|
in argv, so pass them in the environment; ok dtucker@
|
|
- (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on
|
|
the pty master on Solaris, since it never succeeds and can hang if large
|
|
amounts of data is sent to the slave (eg a copy-paste). Based on a patch
|
|
originally from Doke Scott, ok djm@
|
|
- (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
|
|
size a compile-time option and set it to 64k on Cygwin, since Corinna
|
|
reports that it makes a significant difference to performance. ok djm@
|
|
- (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry.
|
|
|
|
20090820
|
|
- (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not
|
|
using it since the type conflicts can cause problems on FreeBSD. Patch
|
|
from Jonathan Chen.
|
|
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
|
|
the setpcred call on AIX to immediately before the permanently_set_uid().
|
|
Ensures that we still have privileges when we call chroot and
|
|
pam_open_sesson. Based on a patch from David Leonard.
|
|
|
|
20090817
|
|
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
|
|
zlib, which should make the errors slightly more meaningful on platforms
|
|
where there's separate "-devel" packages for those.
|
|
- (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make
|
|
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
|
|
|
|
20090729
|
|
- (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error
|
|
function. Patch from Corinna Vinschen.
|
|
|
|
20090713
|
|
- (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it
|
|
fits into 16 bits to work around a bug in glibc's resolver where it masks
|
|
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
|
|
|
|
20090712
|
|
- (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test,
|
|
prevents configure complaining on older BSDs.
|
|
- (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch
|
|
from Corinna Vinschen.
|
|
- (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on
|
|
logout to after the session close. Patch from Anicka Bernathova,
|
|
originally from Andreas Schwab via Novelll ok djm.
|
|
|
|
20090707
|
|
- (dtucker) [contrib/cygwin/ssh-host-config] better support for automated
|
|
scripts and fix usage of eval. Patch from Corinna Vinschen.
|
|
|
|
20090705
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- andreas@cvs.openbsd.org 2009/06/27 09:29:06
|
|
[packet.h packet.c]
|
|
packet_bacup_state() and packet_restore_state() will be used to
|
|
temporarily save the current state ren resuming a suspended connection.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/06/27 09:32:43
|
|
[roaming_common.c roaming.h]
|
|
It may be necessary to retransmit some data when resuming, so add it
|
|
to a buffer when roaming is enabled.
|
|
Most of this code was written by Martin Forssen, maf at appgate dot com.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/06/27 09:35:06
|
|
[readconf.h readconf.c]
|
|
Add client option UseRoaming. It doesn't do anything yet but will
|
|
control whether the client tries to use roaming if enabled on the
|
|
server. From Martin Forssen.
|
|
ok markus@
|
|
- markus@cvs.openbsd.org 2009/06/30 14:54:40
|
|
[version.h]
|
|
crank version; ok deraadt
|
|
- dtucker@cvs.openbsd.org 2009/07/02 02:11:47
|
|
[ssh.c]
|
|
allow for long home dir paths (bz #1615). ok deraadt
|
|
(based in part on a patch from jchadima at redhat)
|
|
- stevesk@cvs.openbsd.org 2009/07/05 19:28:33
|
|
[clientloop.c]
|
|
only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@
|
|
ok deraadt@ markus@
|
|
|
|
20090622
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2009/06/22 05:39:28
|
|
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
|
|
alphabetize includes; reduces diff vs portable and style(9).
|
|
ok stevesk djm
|
|
(Id sync only; these were already in order in -portable)
|
|
|
|
20090621
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2009/03/17 21:37:00
|
|
[ssh.c]
|
|
pass correct argv[0] to openlog(); ok djm@
|
|
- jmc@cvs.openbsd.org 2009/03/19 15:15:09
|
|
[ssh.1]
|
|
for "Ciphers", just point the reader to the keyword in ssh_config(5), just
|
|
as we do for "MACs": this stops us getting out of sync when the lists
|
|
change;
|
|
fixes documentation/6102, submitted by Peter J. Philipp
|
|
alternative fix proposed by djm
|
|
ok markus
|
|
- tobias@cvs.openbsd.org 2009/03/23 08:31:19
|
|
[ssh-agent.c]
|
|
Fixed a possible out-of-bounds memory access if the environment variable
|
|
SHELL is shorter than 3 characters.
|
|
with input by and ok dtucker
|
|
- tobias@cvs.openbsd.org 2009/03/23 19:38:04
|
|
[ssh-agent.c]
|
|
My previous commit didn't fix the problem at all, so stick at my first
|
|
version of the fix presented to dtucker.
|
|
Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
|
|
ok dtucker
|
|
- sobrado@cvs.openbsd.org 2009/03/26 08:38:39
|
|
[sftp-server.8 sshd.8 ssh-agent.1]
|
|
fix a few typographical errors found by spell(1).
|
|
ok dtucker@, jmc@
|
|
- stevesk@cvs.openbsd.org 2009/04/13 19:07:44
|
|
[sshd_config.5]
|
|
fix possessive; ok djm@
|
|
- stevesk@cvs.openbsd.org 2009/04/14 16:33:42
|
|
[sftp-server.c]
|
|
remove unused option character from getopt() optstring; ok markus@
|
|
- jj@cvs.openbsd.org 2009/04/14 21:10:54
|
|
[servconf.c]
|
|
Fixed a few the-the misspellings in comments. Skipped a bunch in
|
|
binutils,gcc and so on. ok jmc@
|
|
- stevesk@cvs.openbsd.org 2009/04/17 19:23:06
|
|
[session.c]
|
|
use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
|
|
ok djm@ markus@
|
|
- stevesk@cvs.openbsd.org 2009/04/17 19:40:17
|
|
[sshd_config.5]
|
|
clarify that even internal-sftp needs /dev/log for logging to work; ok
|
|
markus@
|
|
- jmc@cvs.openbsd.org 2009/04/18 18:39:10
|
|
[sshd_config.5]
|
|
tweak previous; ok stevesk
|
|
- stevesk@cvs.openbsd.org 2009/04/21 15:13:17
|
|
[sshd_config.5]
|
|
clarify we cd to user's home after chroot; ok markus@ on
|
|
earlier version; tweaks and ok jmc@
|
|
- andreas@cvs.openbsd.org 2009/05/25 06:48:01
|
|
[channels.c packet.c clientloop.c packet.h serverloop.c monitor_wrap.c
|
|
monitor.c]
|
|
Put the globals in packet.c into a struct and don't access it directly
|
|
from other files. No functional changes.
|
|
ok markus@ djm@
|
|
- andreas@cvs.openbsd.org 2009/05/27 06:31:25
|
|
[canohost.h canohost.c]
|
|
Add clear_cached_addr(), needed for upcoming changes allowing the peer
|
|
address to change.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/05/27 06:33:39
|
|
[clientloop.c]
|
|
Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger
|
|
change from Martin Forssen, maf at appgate dot com.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/05/27 06:34:36
|
|
[kex.c kex.h]
|
|
Move the KEX_COOKIE_LEN define to kex.h
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/05/27 06:36:07
|
|
[packet.h packet.c]
|
|
Add packet_put_int64() and packet_get_int64(), part of a larger change
|
|
from Martin Forssen.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/05/27 06:38:16
|
|
[sshconnect.h sshconnect.c]
|
|
Un-static ssh_exchange_identification(), part of a larger change from
|
|
Martin Forssen and needed for upcoming changes.
|
|
ok markus@
|
|
- andreas@cvs.openbsd.org 2009/05/28 16:50:16
|
|
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
|
|
monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
|
|
Keep track of number of bytes read and written. Needed for upcoming
|
|
changes. Most code from Martin Forssen, maf at appgate dot com.
|
|
ok markus@
|
|
Also, applied appropriate changes to Makefile.in
|
|
- andreas@cvs.openbsd.org 2009/06/12 20:43:22
|
|
[monitor.c packet.c]
|
|
Fix warnings found by chl@ and djm@ and change roaming_atomicio's
|
|
return type to match atomicio's
|
|
Diff from djm@, ok markus@
|
|
- andreas@cvs.openbsd.org 2009/06/12 20:58:32
|
|
[packet.c]
|
|
Move some more statics into session_state
|
|
ok markus@ djm@
|
|
- dtucker@cvs.openbsd.org 2009/06/21 07:37:15
|
|
[kexdhs.c kexgexs.c]
|
|
abort if key_sign fails, preventing possible null deref. Based on report
|
|
from Paolo Ganci, ok markus@ djm@
|
|
- dtucker@cvs.openbsd.org 2009/06/21 09:04:03
|
|
[roaming.h roaming_common.c roaming_dummy.c]
|
|
Add tags for the benefit of the sync scripts
|
|
Also: pull in the changes for 1.1->1.2 missed in the previous sync.
|
|
- (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
|
|
header-order changes to reduce diff vs OpenBSD.
|
|
- (dtucker) [servconf.c sshd.c] More whitespace sync.
|
|
- (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include <inttypes.h> in
|
|
ifdef.
|
|
|
|
20090616
|
|
- (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
|
|
is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
|
|
|
|
20090504
|
|
- (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include
|
|
variable declarations. Should prevent unused warnings anywhere it's set
|
|
(only Crays as far as I can tell) and be a no-op everywhere else.
|
|
|
|
20090318
|
|
- (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
|
|
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
|
|
Based on patch from vinschen at redhat com.
|
|
|
|
20090308
|
|
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
|
|
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
|
|
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
|
|
version of Cygwin. Patch from vinschen at redhat com.
|
|
|
|
20090307
|
|
- (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
|
|
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
|
|
has a /dev/random).
|
|
- (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
|
|
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
|
|
to use them. Allows building with older OpenSSL versions.
|
|
- (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed.
|
|
- (dtucker) [configure.ac] Missing comma in type list.
|
|
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
|
|
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
|
|
in openssl 0.9.6) so add an explicit test for it.
|
|
|
|
20090306
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2009/03/05 07:18:19
|
|
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
|
|
[sshconnect2.c]
|
|
refactor the (disabled) Schnorr proof code to make it a little more
|
|
generally useful
|
|
- djm@cvs.openbsd.org 2009/03/05 11:30:50
|
|
[uuencode.c]
|
|
document what these functions do so I don't ever have to recuse into
|
|
b64_pton/ntop to remember their return values
|
|
|
|
20090223
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2009/02/22 23:50:57
|
|
[ssh_config.5 sshd_config.5]
|
|
don't advertise experimental options
|
|
- djm@cvs.openbsd.org 2009/02/22 23:59:25
|
|
[sshd_config.5]
|
|
missing period
|
|
- djm@cvs.openbsd.org 2009/02/23 00:06:15
|
|
[version.h]
|
|
openssh-5.2
|
|
- (djm) [README] update for 5.2
|
|
- (djm) Release openssh-5.2p1
|
|
|
|
20090222
|
|
- (djm) OpenBSD CVS Sync
|
|
- tobias@cvs.openbsd.org 2009/02/21 19:32:04
|
|
[misc.c sftp-server-main.c ssh-keygen.c]
|
|
Added missing newlines in error messages.
|
|
ok dtucker
|
|
|
|
20090221
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2009/02/17 01:28:32
|
|
[ssh_config]
|
|
sync with revised default ciphers; pointed out by dkrause@
|
|
- djm@cvs.openbsd.org 2009/02/18 04:31:21
|
|
[schnorr.c]
|
|
signature should hash over the entire group, not just the generator
|
|
(this is still disabled code)
|
|
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Prepare for 5.2p1
|
|
|
|
20090216
|
|
- (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh]
|
|
[regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
|
|
interop tests from FATAL error to a warning. Allows some interop
|
|
tests to proceed if others are missing necessary prerequisites.
|
|
- (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris
|
|
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
|
|
|
|
20090214
|
|
- (djm) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2009/02/02 11:15:14
|
|
[sftp.c]
|
|
Initialize a few variables to prevent spurious "may be used
|
|
uninitialized" warnings from newer gcc's. ok djm@
|
|
- djm@cvs.openbsd.org 2009/02/12 03:00:56
|
|
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
|
|
[readconf.h serverloop.c ssh.c]
|
|
support remote port forwarding with a zero listen port (-R0:...) to
|
|
dyamically allocate a listen port at runtime (this is actually
|
|
specified in rfc4254); bz#1003 ok markus@
|
|
- djm@cvs.openbsd.org 2009/02/12 03:16:01
|
|
[serverloop.c]
|
|
tighten check for -R0:... forwarding: only allow dynamic allocation
|
|
if want_reply is set in the packet
|
|
- djm@cvs.openbsd.org 2009/02/12 03:26:22
|
|
[monitor.c]
|
|
some paranoia: check that the serialised key is really KEY_RSA before
|
|
diddling its internals
|
|
- djm@cvs.openbsd.org 2009/02/12 03:42:09
|
|
[ssh.1]
|
|
document -R0:... usage
|
|
- djm@cvs.openbsd.org 2009/02/12 03:44:25
|
|
[ssh.1]
|
|
consistency: Dq => Ql
|
|
- djm@cvs.openbsd.org 2009/02/12 03:46:17
|
|
[ssh_config.5]
|
|
document RemoteForward usage with 0 listen port
|
|
- jmc@cvs.openbsd.org 2009/02/12 07:34:20
|
|
[ssh_config.5]
|
|
kill trailing whitespace;
|
|
- markus@cvs.openbsd.org 2009/02/13 11:50:21
|
|
[packet.c]
|
|
check for enc !=NULL in packet_start_discard
|
|
- djm@cvs.openbsd.org 2009/02/14 06:35:49
|
|
[PROTOCOL]
|
|
mention that eow and no-more-sessions extensions are sent only to
|
|
OpenSSH peers
|
|
|
|
20090212
|
|
- (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically
|
|
set ownership and modes, so avoid explicitly setting them
|
|
- (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
|
|
OSX provides a getlastlogxbyname function that automates the reading of
|
|
a lastlog file. Also, the pututxline function will update lastlog so
|
|
there is no need for loginrec.c to do it explicitly. Collapse some
|
|
overly verbose code while I'm in there.
|
|
|
|
20090201
|
|
- (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in
|
|
channels.c too, so move the definition for non-IP6 platforms to defines.h
|
|
where it can be shared.
|
|
|
|
20090129
|
|
- (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
|
|
If the CYGWIN environment variable is empty, the installer script
|
|
should not install the service with an empty CYGWIN variable, but
|
|
rather without setting CYGWNI entirely.
|
|
- (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes.
|
|
|
|
20090128
|
|
- (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
|
|
Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
|
|
The information given for the setting of the CYGWIN environment variable
|
|
is wrong for both releases so I just removed it, together with the
|
|
unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
|
|
|
|
20081228
|
|
- (djm) OpenBSD CVS Sync
|
|
- stevesk@cvs.openbsd.org 2008/12/09 03:20:42
|
|
[channels.c servconf.c]
|
|
channel_print_adm_permitted_opens() should deal with all the printing
|
|
for that config option. suggested by markus@; ok markus@ djm@
|
|
dtucker@
|
|
- djm@cvs.openbsd.org 2008/12/09 04:32:22
|
|
[auth2-chall.c]
|
|
replace by-hand string building with xasprinf(); ok deraadt@
|
|
- sobrado@cvs.openbsd.org 2008/12/09 15:35:00
|
|
[sftp.1 sftp.c]
|
|
update for the synopses displayed by the 'help' command, there are a
|
|
few missing flags; add 'bye' to the output of 'help'; sorting and spacing.
|
|
jmc@ suggested replacing .Oo/.Oc with a single .Op macro.
|
|
ok jmc@
|
|
- stevesk@cvs.openbsd.org 2008/12/09 22:37:33
|
|
[clientloop.c]
|
|
fix typo in error message
|
|
- stevesk@cvs.openbsd.org 2008/12/10 03:55:20
|
|
[addrmatch.c]
|
|
o cannot be NULL here but use xfree() to be consistent; ok djm@
|
|
- stevesk@cvs.openbsd.org 2008/12/29 01:12:36
|
|
[ssh-keyscan.1]
|
|
fix example, default key type is rsa for 3+ years; from
|
|
frederic.perrin@resel.fr
|
|
- stevesk@cvs.openbsd.org 2008/12/29 02:23:26
|
|
[pathnames.h]
|
|
no need to escape single quotes in comments
|
|
- okan@cvs.openbsd.org 2008/12/30 00:46:56
|
|
[sshd_config.5]
|
|
add AllowAgentForwarding to available Match keywords list
|
|
ok djm
|
|
- djm@cvs.openbsd.org 2009/01/01 21:14:35
|
|
[channels.c]
|
|
call channel destroy callbacks on receipt of open failure messages.
|
|
fixes client hangs when connecting to a server that has MaxSessions=0
|
|
set spotted by imorgan AT nas.nasa.gov; ok markus@
|
|
- djm@cvs.openbsd.org 2009/01/01 21:17:36
|
|
[kexgexs.c]
|
|
fix hash calculation for KEXGEX: hash over the original client-supplied
|
|
values and not the sanity checked versions that we acutally use;
|
|
bz#1540 reported by john.smith AT arrows.demon.co.uk
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2009/01/14 01:38:06
|
|
[channels.c]
|
|
support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
|
|
"looks ok" markus@
|
|
- stevesk@cvs.openbsd.org 2009/01/15 17:38:43
|
|
[readconf.c]
|
|
1) use obsolete instead of alias for consistency
|
|
2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
|
|
so move the comment.
|
|
3) reorder so like options are together
|
|
ok djm@
|
|
- djm@cvs.openbsd.org 2009/01/22 09:46:01
|
|
[channels.c channels.h session.c]
|
|
make Channel->path an allocated string, saving a few bytes here and
|
|
there and fixing bz#1380 in the process; ok markus@
|
|
- djm@cvs.openbsd.org 2009/01/22 09:49:57
|
|
[channels.c]
|
|
oops! I committed the wrong version of the Channel->path diff,
|
|
it was missing some tweaks suggested by stevesk@
|
|
- djm@cvs.openbsd.org 2009/01/22 10:02:34
|
|
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
|
|
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
|
|
make a2port() return -1 when it encounters an invalid port number
|
|
rather than 0, which it will now treat as valid (needed for future work)
|
|
adjust current consumers of a2port() to check its return value is <= 0,
|
|
which in turn required some things to be converted from u_short => int
|
|
make use of int vs. u_short consistent in some other places too
|
|
feedback & ok markus@
|
|
- djm@cvs.openbsd.org 2009/01/22 10:09:16
|
|
[auth-options.c]
|
|
another chunk of a2port() diff that got away. wtfdjm??
|
|
- djm@cvs.openbsd.org 2009/01/23 07:58:11
|
|
[myproposal.h]
|
|
prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
|
|
modes; ok markus@
|
|
- naddy@cvs.openbsd.org 2009/01/24 17:10:22
|
|
[ssh_config.5 sshd_config.5]
|
|
sync list of preferred ciphers; ok djm@
|
|
- markus@cvs.openbsd.org 2009/01/26 09:58:15
|
|
[cipher.c cipher.h packet.c]
|
|
Work around the CPNI-957037 Plaintext Recovery Attack by always
|
|
reading 256K of data on packet size or HMAC errors (in CBC mode only).
|
|
Help, feedback and ok djm@
|
|
Feedback from Martin Albrecht and Paterson Kenny
|
|
|
|
20090107
|
|
- (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
|
|
Patch based on one from vgiffin AT apple.com; ok dtucker@
|
|
- (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via
|
|
launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
|
|
ok dtucker@
|
|
- (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make
|
|
ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity"
|
|
key). Patch from cjwatson AT debian.org
|
|
|
|
20090107
|
|
- (tim) [configure.ac defines.h openbsd-compat/port-uw.c
|
|
openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
|
|
OK djm@ dtucker@
|
|
- (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section.
|
|
OpenServer 6 doesn't need libcrypt.
|
|
|
|
20081209
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/12/09 02:38:18
|
|
[clientloop.c]
|
|
The ~C escape handler does not work correctly for multiplexed sessions -
|
|
it opens a commandline on the master session, instead of on the slave
|
|
that requested it. Disable it on slave sessions until such time as it
|
|
is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2008/12/09 02:39:59
|
|
[sftp.c]
|
|
Deal correctly with failures in remote stat() operation in sftp,
|
|
correcting fail-on-error behaviour in batchmode. bz#1541 report and
|
|
fix from anedvedicky AT gmail.com; ok markus@
|
|
- djm@cvs.openbsd.org 2008/12/09 02:58:16
|
|
[readconf.c]
|
|
don't leave junk (free'd) pointers around in Forward *fwd argument on
|
|
failure; avoids double-free in ~C -L handler when given an invalid
|
|
forwarding specification; bz#1539 report from adejong AT debian.org
|
|
via Colin Watson; ok markus@ dtucker@
|
|
- djm@cvs.openbsd.org 2008/12/09 03:02:37
|
|
[sftp.1 sftp.c]
|
|
correct sftp(1) and corresponding usage syntax;
|
|
bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
|
|
|
|
20081208
|
|
- (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
|
|
use some stack in main().
|
|
Report and suggested fix from vapier AT gentoo.org
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2008/12/02 19:01:07
|
|
[clientloop.c]
|
|
we have to use the recipient's channel number (RFC 4254) for
|
|
SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
|
|
otherwise we trigger 'Non-public channel' error messages on sshd
|
|
systems with clientkeepalive enabled; noticed by sturm; ok djm;
|
|
- markus@cvs.openbsd.org 2008/12/02 19:08:59
|
|
[serverloop.c]
|
|
backout 1.149, since it's not necessary and openssh clients send
|
|
broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
|
|
- markus@cvs.openbsd.org 2008/12/02 19:09:38
|
|
[channels.c]
|
|
s/remote_id/id/ to be more consistent with other code; ok djm@
|
|
|
|
20081201
|
|
- (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files
|
|
and tweak the is-sshd-running check in ssh-host-config. Patch from
|
|
vinschen at redhat com.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2008/11/21 15:47:38
|
|
[packet.c]
|
|
packet_disconnect() on padding error, too. should reduce the success
|
|
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
|
|
ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/11/30 11:59:26
|
|
[monitor_fdpass.c]
|
|
Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
|
|
|
|
20081123
|
|
- (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
|
|
declarations, removing an unnecessary union member and adding whitespace.
|
|
cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago.
|
|
|
|
20081118
|
|
- (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
|
|
member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
|
|
feedback by djm@
|
|
|
|
20081111
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2008/11/05 11:22:54
|
|
[servconf.c]
|
|
passord -> password;
|
|
fixes user/5975 from Rene Maroufi
|
|
- stevesk@cvs.openbsd.org 2008/11/07 00:42:12
|
|
[ssh-keygen.c]
|
|
spelling/typo in comment
|
|
- stevesk@cvs.openbsd.org 2008/11/07 18:50:18
|
|
[nchan.c]
|
|
add space to some log/debug messages for readability; ok djm@ markus@
|
|
- dtucker@cvs.openbsd.org 2008/11/07 23:34:48
|
|
[auth2-jpake.c]
|
|
Move JPAKE define to make life easier for portable. ok djm@
|
|
- tobias@cvs.openbsd.org 2008/11/09 12:34:47
|
|
[session.c ssh.1]
|
|
typo fixed (overriden -> overridden)
|
|
ok espie, jmc
|
|
- stevesk@cvs.openbsd.org 2008/11/11 02:58:09
|
|
[servconf.c]
|
|
USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing
|
|
kerberosgetafstoken. ok dtucker@
|
|
(Id sync only, we still want the ifdef in portable)
|
|
- stevesk@cvs.openbsd.org 2008/11/11 03:55:11
|
|
[channels.c]
|
|
for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
|
|
permitopen's; ok and input dtucker@
|
|
- djm@cvs.openbsd.org 2008/11/10 02:06:35
|
|
[regress/putty-ciphers.sh]
|
|
PuTTY supports AES CTR modes, so interop test against them too
|
|
|
|
20081105
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/11/03 08:59:41
|
|
[servconf.c]
|
|
include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
|
|
- djm@cvs.openbsd.org 2008/11/04 07:58:09
|
|
[auth.c]
|
|
need unistd.h for close() prototype
|
|
(ID sync only)
|
|
- djm@cvs.openbsd.org 2008/11/04 08:22:13
|
|
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
|
|
[readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
|
|
[sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
|
|
[Makefile.in]
|
|
Add support for an experimental zero-knowledge password authentication
|
|
method using the J-PAKE protocol described in F. Hao, P. Ryan,
|
|
"Password Authenticated Key Exchange by Juggling", 16th Workshop on
|
|
Security Protocols, Cambridge, April 2008.
|
|
|
|
This method allows password-based authentication without exposing
|
|
the password to the server. Instead, the client and server exchange
|
|
cryptographic proofs to demonstrate of knowledge of the password while
|
|
revealing nothing useful to an attacker or compromised endpoint.
|
|
|
|
This is experimental, work-in-progress code and is presently
|
|
compiled-time disabled (turn on -DJPAKE in Makefile.inc).
|
|
|
|
"just commit it. It isn't too intrusive." deraadt@
|
|
- stevesk@cvs.openbsd.org 2008/11/04 19:18:00
|
|
[readconf.c]
|
|
because parse_forward() is now used to parse all forward types (DLR),
|
|
and it malloc's space for host variables, we don't need to malloc
|
|
here. fixes small memory leaks.
|
|
|
|
previously dynamic forwards were not parsed in parse_forward() and
|
|
space was not malloc'd in that case.
|
|
|
|
ok djm@
|
|
- stevesk@cvs.openbsd.org 2008/11/05 03:23:09
|
|
[clientloop.c ssh.1]
|
|
add dynamic forward escape command line; ok djm@
|
|
|
|
20081103
|
|
- OpenBSD CVS Sync
|
|
- sthen@cvs.openbsd.org 2008/07/24 23:55:30
|
|
[ssh-keygen.1]
|
|
Add "ssh-keygen -F -l" to synopsis (displays fingerprint from
|
|
known_hosts). ok djm@
|
|
- grunk@cvs.openbsd.org 2008/07/25 06:56:35
|
|
[ssh_config]
|
|
Add VisualHostKey to example file, ok djm@
|
|
- grunk@cvs.openbsd.org 2008/07/25 07:05:16
|
|
[key.c]
|
|
In random art visualization, make sure to use the end marker only at the
|
|
end. Initial diff by Dirk Loss, tweaks and ok djm@
|
|
- markus@cvs.openbsd.org 2008/07/31 14:48:28
|
|
[sshconnect2.c]
|
|
don't allocate space for empty banners; report t8m at centrum.cz;
|
|
ok deraadt
|
|
- krw@cvs.openbsd.org 2008/08/02 04:29:51
|
|
[ssh_config.5]
|
|
whitepsace -> whitespace. From Matthew Clarke via bugs@.
|
|
- djm@cvs.openbsd.org 2008/08/21 04:09:57
|
|
[session.c]
|
|
allow ForceCommand internal-sftp with arguments. based on patch from
|
|
michael.barabanov AT gmail.com; ok markus@
|
|
- djm@cvs.openbsd.org 2008/09/06 12:24:13
|
|
[kex.c]
|
|
OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our
|
|
replacement anymore
|
|
(ID sync only for portable - we still need this)
|
|
- markus@cvs.openbsd.org 2008/09/11 14:22:37
|
|
[compat.c compat.h nchan.c ssh.c]
|
|
only send eow and no-more-sessions requests to openssh 5 and newer;
|
|
fixes interop problems with broken ssh v2 implementations; ok djm@
|
|
- millert@cvs.openbsd.org 2008/10/02 14:39:35
|
|
[session.c]
|
|
Convert an unchecked strdup to xstrdup. OK deraadt@
|
|
- jmc@cvs.openbsd.org 2008/10/03 13:08:12
|
|
[sshd.8]
|
|
do not give an example of how to chmod files: we can presume the user
|
|
knows that. removes an ambiguity in the permission of authorized_keys;
|
|
ok deraadt
|
|
- deraadt@cvs.openbsd.org 2008/10/03 23:56:28
|
|
[sshconnect2.c]
|
|
Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the
|
|
function.
|
|
spotted by des@freebsd, who commited an incorrect fix to the freebsd tree
|
|
and (as is fairly typical) did not report the problem to us. But this fix
|
|
is correct.
|
|
ok djm
|
|
- djm@cvs.openbsd.org 2008/10/08 23:34:03
|
|
[ssh.1 ssh.c]
|
|
Add -y option to force logging via syslog rather than stderr.
|
|
Useful for daemonised ssh connection (ssh -f). Patch originally from
|
|
and ok'd by markus@
|
|
- djm@cvs.openbsd.org 2008/10/09 03:50:54
|
|
[servconf.c sshd_config.5]
|
|
support setting PermitEmptyPasswords in a Match block
|
|
requested in PR3891; ok dtucker@
|
|
- jmc@cvs.openbsd.org 2008/10/09 06:54:22
|
|
[ssh.c]
|
|
add -y to usage();
|
|
- stevesk@cvs.openbsd.org 2008/10/10 04:55:16
|
|
[scp.c]
|
|
spelling in comment; ok djm@
|
|
- stevesk@cvs.openbsd.org 2008/10/10 05:00:12
|
|
[key.c]
|
|
typo in error message; ok djm@
|
|
- stevesk@cvs.openbsd.org 2008/10/10 16:43:27
|
|
[ssh_config.5]
|
|
use 'Privileged ports can be forwarded only when logging in as root on
|
|
the remote machine.' for RemoteForward just like ssh.1 -R.
|
|
ok djm@ jmc@
|
|
- stevesk@cvs.openbsd.org 2008/10/14 18:11:33
|
|
[sshconnect.c]
|
|
use #define ROQUIET here; no binary change. ok dtucker@
|
|
- stevesk@cvs.openbsd.org 2008/10/17 18:36:24
|
|
[ssh_config.5]
|
|
correct and clarify VisualHostKey; ok jmc@
|
|
- stevesk@cvs.openbsd.org 2008/10/30 19:31:16
|
|
[clientloop.c sshd.c]
|
|
don't need to #include "monitor_fdpass.h"
|
|
- stevesk@cvs.openbsd.org 2008/10/31 15:05:34
|
|
[dispatch.c]
|
|
remove unused #define DISPATCH_MIN; ok markus@
|
|
- djm@cvs.openbsd.org 2008/11/01 04:50:08
|
|
[sshconnect2.c]
|
|
sprinkle ARGSUSED on dispatch handlers
|
|
nuke stale unusued prototype
|
|
- stevesk@cvs.openbsd.org 2008/11/01 06:43:33
|
|
[channels.c]
|
|
fix some typos in log messages; ok djm@
|
|
- sobrado@cvs.openbsd.org 2008/11/01 11:14:36
|
|
[ssh-keyscan.1 ssh-keyscan.c]
|
|
the ellipsis is not an optional argument; while here, improve spacing.
|
|
- stevesk@cvs.openbsd.org 2008/11/01 17:40:33
|
|
[clientloop.c readconf.c readconf.h ssh.c]
|
|
merge dynamic forward parsing into parse_forward();
|
|
'i think this is OK' djm@
|
|
- stevesk@cvs.openbsd.org 2008/11/02 00:16:16
|
|
[ttymodes.c]
|
|
protocol 2 tty modes support is now 7.5 years old so remove these
|
|
debug3()s; ok deraadt@
|
|
- stevesk@cvs.openbsd.org 2008/11/03 01:07:02
|
|
[readconf.c]
|
|
remove valueless comment
|
|
- stevesk@cvs.openbsd.org 2008/11/03 02:44:41
|
|
[readconf.c]
|
|
fix comment
|
|
- (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
|
|
Make example scripts generate keys with default sizes rather than fixed,
|
|
non-default 1024 bits; patch from imorgan AT nas.nasa.gov
|
|
- (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
|
|
[contrib/redhat/sshd.pam] Move pam_nologin to account group from
|
|
incorrect auth group in example files;
|
|
patch from imorgan AT nas.nasa.gov
|
|
|
|
20080906
|
|
- (dtucker) [config.guess config.sub] Update to latest versions from
|
|
http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16
|
|
respectively).
|
|
|
|
20080830
|
|
- (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs
|
|
larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch
|
|
from Nicholas Marriott.
|
|
|
|
20080721
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/07/23 07:36:55
|
|
[servconf.c]
|
|
do not try to print options that have been compile-time disabled
|
|
in config test mode (sshd -T); report from nix-corp AT esperi.org.uk
|
|
ok dtucker@
|
|
- (djm) [servconf.c] Print UsePAM option in config test mode (when it
|
|
has been compiled in); report from nix-corp AT esperi.org.uk
|
|
ok dtucker@
|
|
|
|
20080721
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2008/07/18 22:51:01
|
|
[sftp-server.8]
|
|
no need for .Pp before or after .Sh;
|
|
- djm@cvs.openbsd.org 2008/07/21 08:19:07
|
|
[version.h]
|
|
openssh-5.1
|
|
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Update version number in README and RPM specs
|
|
- (djm) Release OpenSSH-5.1
|
|
|
|
20080717
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/07/17 08:48:00
|
|
[sshconnect2.c]
|
|
strnvis preauth banner; pointed out by mpf@ ok markus@
|
|
- djm@cvs.openbsd.org 2008/07/17 08:51:07
|
|
[auth2-hostbased.c]
|
|
strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes
|
|
report and patch from res AT qoxp.net (bz#1200); ok markus@
|
|
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat
|
|
code, replace with equivalent cygwin library call. Patch from vinschen
|
|
at redhat.com, ok djm@.
|
|
- (djm) [sshconnect2.c] vis.h isn't available everywhere
|
|
|
|
20080716
|
|
- OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/07/15 02:23:14
|
|
[sftp.1]
|
|
number of pipelined requests is now 64;
|
|
prodded by Iain.Morgan AT nasa.gov
|
|
- djm@cvs.openbsd.org 2008/07/16 11:51:14
|
|
[clientloop.c]
|
|
rename variable first_gc -> last_gc (since it is actually the last
|
|
in the list).
|
|
- djm@cvs.openbsd.org 2008/07/16 11:52:19
|
|
[channels.c]
|
|
this loop index should be automatic, not static
|
|
|
|
20080714
|
|
- (djm) OpenBSD CVS Sync
|
|
- sthen@cvs.openbsd.org 2008/07/13 21:22:52
|
|
[ssh-keygen.c]
|
|
Change "ssh-keygen -F [host] -l" to not display random art unless
|
|
-v is also specified, making it consistent with the manual and other
|
|
uses of -l.
|
|
ok grunk@
|
|
- djm@cvs.openbsd.org 2008/07/13 22:13:07
|
|
[channels.c]
|
|
use struct sockaddr_storage instead of struct sockaddr for accept(2)
|
|
address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
|
|
- djm@cvs.openbsd.org 2008/07/13 22:16:03
|
|
[sftp.c]
|
|
increase number of piplelined requests so they properly fill the
|
|
(recently increased) channel window. prompted by rapier AT psc.edu;
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2008/07/14 01:55:56
|
|
[sftp-server.8]
|
|
mention requirement for /dev/log inside chroot when using sftp-server
|
|
with ChrootDirectory
|
|
- (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to
|
|
avoid clash with sin(3) function; reported by
|
|
cristian.ionescu-idbohrn AT axis.com
|
|
- (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close()
|
|
prototype; reported by cristian.ionescu-idbohrn AT axis.com
|
|
- (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash;
|
|
reported by cristian.ionescu-idbohrn AT axis.com
|
|
- (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config]
|
|
[contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd]
|
|
Revamped and simplified Cygwin ssh-host-config script that uses
|
|
unified csih configuration tool. Requires recent Cygwin.
|
|
Patch from vinschen AT redhat.com
|
|
|
|
20080712
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/07/12 04:52:50
|
|
[channels.c]
|
|
unbreak; move clearing of cctx struct to before first use
|
|
reported by dkrause@
|
|
- djm@cvs.openbsd.org 2008/07/12 05:33:41
|
|
[scp.1]
|
|
better description for -i flag:
|
|
s/RSA authentication/public key authentication/
|
|
- (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h]
|
|
return EAI_FAMILY when trying to lookup unsupported address family;
|
|
from vinschen AT redhat.com
|
|
|
|
20080711
|
|
- (djm) OpenBSD CVS Sync
|
|
- stevesk@cvs.openbsd.org 2008/07/07 00:31:41
|
|
[ttymodes.c]
|
|
we don't need arg after the debug3() was removed. from lint.
|
|
ok djm@
|
|
- stevesk@cvs.openbsd.org 2008/07/07 23:32:51
|
|
[key.c]
|
|
/*NOTREACHED*/ for lint warning:
|
|
warning: function key_equal falls off bottom without returning value
|
|
ok djm@
|
|
- markus@cvs.openbsd.org 2008/07/10 18:05:58
|
|
[channels.c]
|
|
missing bzero; from mickey; ok djm@
|
|
- markus@cvs.openbsd.org 2008/07/10 18:08:11
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
|
|
sync v1 and v2 traffic accounting; add it to sshd, too;
|
|
ok djm@, dtucker@
|
|
|
|
20080709
|
|
- (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
|
|
- (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
|
|
account check failure path. The vulnerable format buffer is supplied
|
|
from PAM and should not contain attacker-supplied data.
|
|
- (djm) [auth.c] Missing unistd.h for close()
|
|
- (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x
|
|
|
|
20080705
|
|
- (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
|
|
passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
|
|
hotpop.com, w/ dtucker@
|
|
- (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for
|
|
Tru64. readv doesn't seem to be a comparable object there.
|
|
bz#1386, patch from dtucker@ ok me
|
|
- (djm) [Makefile.in] Pass though pass to conch for interop tests
|
|
- (djm) [configure.ac] unbreak: remove extra closing brace
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/07/04 23:08:25
|
|
[packet.c]
|
|
handle EINTR in packet_write_poll()l ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/07/04 23:30:16
|
|
[auth1.c auth2.c]
|
|
Make protocol 1 MaxAuthTries logic match protocol 2's.
|
|
Do not treat the first protocol 2 authentication attempt as
|
|
a failure IFF it is for method "none".
|
|
Makes MaxAuthTries' user-visible behaviour identical for
|
|
protocol 1 vs 2.
|
|
ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/07/05 05:16:01
|
|
[PROTOCOL]
|
|
grammar
|
|
|
|
20080704
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/07/02 13:30:34
|
|
[auth2.c]
|
|
really really remove the freebie "none" auth try for protocol 2
|
|
- djm@cvs.openbsd.org 2008/07/02 13:47:39
|
|
[ssh.1 ssh.c]
|
|
When forking after authentication ("ssh -f") with ExitOnForwardFailure
|
|
enabled, delay the fork until after replies for any -R forwards have
|
|
been seen. Allows for robust detection of -R forward failure when
|
|
using -f (similar to bz#92); ok dtucker@
|
|
- otto@cvs.openbsd.org 2008/07/03 21:46:58
|
|
[auth2-pubkey.c]
|
|
avoid nasty double free; ok dtucker@ djm@
|
|
- djm@cvs.openbsd.org 2008/07/04 03:44:59
|
|
[servconf.c groupaccess.h groupaccess.c]
|
|
support negation of groups in "Match group" block (bz#1315); ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2008/07/04 03:47:02
|
|
[monitor.c]
|
|
Make debug a little clearer. ok djm@
|
|
- djm@cvs.openbsd.org 2008/06/30 08:07:34
|
|
[regress/key-options.sh]
|
|
shell portability: use "=" instead of "==" in test(1) expressions,
|
|
double-quote string with backslash escaped /
|
|
- djm@cvs.openbsd.org 2008/06/30 10:31:11
|
|
[regress/{putty-transfer,putty-kex,putty-ciphers}.sh]
|
|
remove "set -e" left over from debugging
|
|
- djm@cvs.openbsd.org 2008/06/30 10:43:03
|
|
[regress/conch-ciphers.sh]
|
|
explicitly disable conch options that could interfere with the test
|
|
- (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link
|
|
returns EXDEV. Patch from Mike Garrison, ok djm@
|
|
- (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
|
|
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
|
|
[sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
|
|
some platforms (HP nonstop) it is a distinct errno;
|
|
bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
|
|
|
|
20080702
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/06/30 08:05:59
|
|
[PROTOCOL.agent]
|
|
typo: s/constraint_date/constraint_data/
|
|
- djm@cvs.openbsd.org 2008/06/30 12:15:39
|
|
[serverloop.c]
|
|
only pass channel requests on session channels through to the session
|
|
channel handler, avoiding spurious log messages; ok! markus@
|
|
- djm@cvs.openbsd.org 2008/06/30 12:16:02
|
|
[nchan.c]
|
|
only send eow@openssh.com notifications for session channels; ok! markus@
|
|
- djm@cvs.openbsd.org 2008/06/30 12:18:34
|
|
[PROTOCOL]
|
|
clarify that eow@openssh.com is only sent on session channels
|
|
- dtucker@cvs.openbsd.org 2008/07/01 07:20:52
|
|
[sshconnect.c]
|
|
Check ExitOnForwardFailure if forwardings are disabled due to a failed
|
|
host key check. ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/07/01 07:24:22
|
|
[sshconnect.c sshd.c]
|
|
Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
|
|
in order to comply with RFC 4253. bz #1443, ok djm@
|
|
- stevesk@cvs.openbsd.org 2008/07/01 23:12:47
|
|
[PROTOCOL.agent]
|
|
fix some typos; ok djm@
|
|
- djm@cvs.openbsd.org 2008/07/02 02:24:18
|
|
[sshd_config sshd_config.5 sshd.8 servconf.c]
|
|
increase default size of ssh protocol 1 ephemeral key from 768 to 1024
|
|
bits; prodded by & ok dtucker@ ok deraadt@
|
|
- dtucker@cvs.openbsd.org 2008/07/02 12:03:51
|
|
[auth-rsa.c auth.c auth2-pubkey.c auth.h]
|
|
Merge duplicate host key file checks, based in part on a patch from Rob
|
|
Holland via bz #1348 . Also checks for non-regular files during protocol
|
|
1 RSA auth. ok djm@
|
|
- djm@cvs.openbsd.org 2008/07/02 12:36:39
|
|
[auth2-none.c auth2.c]
|
|
Make protocol 2 MaxAuthTries behaviour a little more sensible:
|
|
Check whether client has exceeded MaxAuthTries before running
|
|
an authentication method and skip it if they have, previously it
|
|
would always allow one try (for "none" auth).
|
|
Preincrement failure count before post-auth test - previously this
|
|
checked and postincremented, also to allow one "none" try.
|
|
Together, these two changes always count the "none" auth method
|
|
which could be skipped by a malicious client (e.g. an SSH worm)
|
|
to get an extra attempt at a real auth method. They also make
|
|
MaxAuthTries=0 a useful way to block users entirely (esp. in a
|
|
sshd_config Match block).
|
|
Also, move sending of any preauth banner from "none" auth method
|
|
to the first call to input_userauth_request(), so worms that skip
|
|
the "none" method get to see it too.
|
|
|
|
20080630
|
|
- (djm) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2008/06/10 23:13:43
|
|
[regress/Makefile regress/key-options.sh]
|
|
Add regress test for key options. ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/11 23:11:40
|
|
[regress/Makefile]
|
|
Don't run cipher-speed test by default; mistakenly enabled by me
|
|
- djm@cvs.openbsd.org 2008/06/28 13:57:25
|
|
[regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
|
|
very basic regress test against Twisted Conch in "make interop"
|
|
target (conch is available in ports/devel/py-twisted/conch);
|
|
ok markus@
|
|
- (djm) [regress/Makefile] search for conch by path, like we do putty
|
|
|
|
20080629
|
|
- (djm) OpenBSD CVS Sync
|
|
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
|
|
[sftp.c]
|
|
use optopt to get invalid flag, instead of return value of getopt,
|
|
which is always '?'; ok djm@
|
|
- otto@cvs.openbsd.org 2008/06/25 11:13:43
|
|
[key.c]
|
|
add key length to visual fingerprint; zap magical constants;
|
|
ok grunk@ djm@
|
|
- djm@cvs.openbsd.org 2008/06/26 06:10:09
|
|
[sftp-client.c sftp-server.c]
|
|
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
|
|
bits. Note that this only affects explicit setting of modes (e.g. via
|
|
sftp(1)'s chmod command) and not file transfers. (bz#1310)
|
|
ok deraadt@ at c2k8
|
|
- djm@cvs.openbsd.org 2008/06/26 09:19:40
|
|
[dh.c dh.h moduli.c]
|
|
when loading moduli from /etc/moduli in sshd(8), check that they
|
|
are of the expected "safe prime" structure and have had
|
|
appropriate primality tests performed;
|
|
feedback and ok dtucker@
|
|
- grunk@cvs.openbsd.org 2008/06/26 11:46:31
|
|
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
|
|
Move SSH Fingerprint Visualization away from sharing the config option
|
|
CheckHostIP to an own config option named VisualHostKey.
|
|
While there, fix the behaviour that ssh would draw a random art picture
|
|
on every newly seen host even when the option was not enabled.
|
|
prodded by deraadt@, discussions,
|
|
help and ok markus@ djm@ dtucker@
|
|
- jmc@cvs.openbsd.org 2008/06/26 21:11:46
|
|
[ssh.1]
|
|
add VisualHostKey to the list of options listed in -o;
|
|
- djm@cvs.openbsd.org 2008/06/28 07:25:07
|
|
[PROTOCOL]
|
|
spelling fixes
|
|
- djm@cvs.openbsd.org 2008/06/28 13:58:23
|
|
[ssh-agent.c]
|
|
refuse to add a key that has unknown constraints specified;
|
|
ok markus
|
|
- djm@cvs.openbsd.org 2008/06/28 14:05:15
|
|
[ssh-agent.c]
|
|
reset global compat flag after processing a protocol 2 signature
|
|
request with the legacy DSA encoding flag set; ok markus
|
|
- djm@cvs.openbsd.org 2008/06/28 14:08:30
|
|
[PROTOCOL PROTOCOL.agent]
|
|
document the protocol used by ssh-agent; "looks ok" markus@
|
|
|
|
20080628
|
|
- (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
|
|
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
|
|
|
|
20080626
|
|
- (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD.
|
|
(bz#1372)
|
|
- (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
|
|
|
|
20080616
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2008/06/16 13:22:53
|
|
[session.c channels.c]
|
|
Rename the isatty argument to is_tty so we don't shadow
|
|
isatty(3). ok markus@
|
|
- (dtucker) [channels.c] isatty -> is_tty here too.
|
|
|
|
20080615
|
|
- (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc.
|
|
- OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
|
|
[sshd.c]
|
|
wrap long line at 80 chars
|
|
- dtucker@cvs.openbsd.org 2008/06/14 17:07:11
|
|
[sshd.c]
|
|
ensure default umask disallows at least group and world write; ok djm@
|
|
- djm@cvs.openbsd.org 2008/06/14 18:33:43
|
|
[session.c]
|
|
suppress the warning message from chdir(homedir) failures
|
|
when chrooted (bz#1461); ok dtucker
|
|
- dtucker@cvs.openbsd.org 2008/06/14 19:42:10
|
|
[scp.1]
|
|
Mention that scp follows symlinks during -r. bz #1466,
|
|
from nectar at apple
|
|
- dtucker@cvs.openbsd.org 2008/06/15 16:55:38
|
|
[sshd_config.5]
|
|
MaxSessions is allowed in a Match block too
|
|
- dtucker@cvs.openbsd.org 2008/06/15 16:58:40
|
|
[servconf.c sshd_config.5]
|
|
Allow MaxAuthTries within a Match block. ok djm@
|
|
- djm@cvs.openbsd.org 2008/06/15 20:06:26
|
|
[channels.c channels.h session.c]
|
|
don't call isatty() on a pty master, instead pass a flag down to
|
|
channel_set_fds() indicating that te fds refer to a tty. Fixes a
|
|
hang on exit on Solaris (bz#1463) in portable but is actually
|
|
a generic bug; ok dtucker deraadt markus
|
|
|
|
20080614
|
|
- (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction
|
|
replacement code; patch from ighighi AT gmail.com in bz#1240;
|
|
ok dtucker
|
|
|
|
20080613
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- deraadt@cvs.openbsd.org 2008/06/13 09:44:36
|
|
[packet.c]
|
|
compile on older gcc; no decl after code
|
|
- dtucker@cvs.openbsd.org 2008/06/13 13:56:59
|
|
[monitor.c]
|
|
Clear key options in the monitor on failed authentication, prevents
|
|
applying additional restrictions to non-pubkey authentications in
|
|
the case where pubkey fails but another method subsequently succeeds.
|
|
bz #1472, found by Colin Watson, ok markus@ djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/13 14:18:51
|
|
[auth2-pubkey.c auth-rhosts.c]
|
|
Include unistd.h for close(), prevents warnings in -portable
|
|
- dtucker@cvs.openbsd.org 2008/06/13 17:21:20
|
|
[mux.c]
|
|
Friendlier error messages for mux fallback. ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/13 18:55:22
|
|
[scp.c]
|
|
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
|
- grunk@cvs.openbsd.org 2008/06/13 20:13:26
|
|
[ssh.1]
|
|
Explain the use of SSH fpr visualization using random art, and cite the
|
|
original scientific paper inspiring that technique.
|
|
Much help with English and nroff by jmc@, thanks.
|
|
- (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which
|
|
despite its name doesn't seem to implement all of GSSAPI. Patch from
|
|
Jan Engelhardt, sanity checked by Simon Wilkinson.
|
|
|
|
20080612
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2008/06/11 07:30:37
|
|
[sshd.8]
|
|
kill trailing whitespace;
|
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
|
|
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
|
|
sshconnect.c]
|
|
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
|
|
graphical hash visualization schemes known as "random art", and by
|
|
Dan Kaminsky's musings on the subject during a BlackOp talk at the
|
|
23C3 in Berlin.
|
|
Scientific publication (original paper):
|
|
"Hash Visualization: a New Technique to improve Real-World Security",
|
|
Perrig A. and Song D., 1999, International Workshop on Cryptographic
|
|
Techniques and E-Commerce (CrypTEC '99)
|
|
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
|
|
The algorithm used here is a worm crawling over a discrete plane,
|
|
leaving a trace (augmenting the field) everywhere it goes.
|
|
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
|
|
makes the respective movement vector be ignored for this turn,
|
|
thus switching to the other color of the chessboard.
|
|
Graphs are not unambiguous for now, because circles in graphs can be
|
|
walked in either direction.
|
|
discussions with several people,
|
|
help, corrections and ok markus@ djm@
|
|
- grunk@cvs.openbsd.org 2008/06/11 21:38:25
|
|
[ssh-keygen.c]
|
|
ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub
|
|
would not display you the random art as intended, spotted by canacar@
|
|
- grunk@cvs.openbsd.org 2008/06/11 22:20:46
|
|
[ssh-keygen.c ssh-keygen.1]
|
|
ssh-keygen would write fingerprints to STDOUT, and random art to STDERR,
|
|
that is not how it was envisioned.
|
|
Also correct manpage saying that -v is needed along with -l for it to work.
|
|
spotted by naddy@
|
|
- otto@cvs.openbsd.org 2008/06/11 23:02:22
|
|
[key.c]
|
|
simpler way of computing the augmentations; ok grunk@
|
|
- grunk@cvs.openbsd.org 2008/06/11 23:03:56
|
|
[ssh_config.5]
|
|
CheckHostIP set to ``fingerprint'' will display both hex and random art
|
|
spotted by naddy@
|
|
- grunk@cvs.openbsd.org 2008/06/11 23:51:57
|
|
[key.c]
|
|
#define statements that are not atoms need braces around them, else they
|
|
will cause trouble in some cases.
|
|
Also do a computation of -1 once, and not in a loop several times.
|
|
spotted by otto@
|
|
- dtucker@cvs.openbsd.org 2008/06/12 00:03:49
|
|
[dns.c canohost.c sshconnect.c]
|
|
Do not pass "0" strings as ports to getaddrinfo because the lookups
|
|
can slow things down and we never use the service info anyway. bz
|
|
#859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
|
|
deraadt@ djm@
|
|
djm belives that the reason for the "0" strings is to ensure that
|
|
it's not possible to call getaddrinfo with both host and port being
|
|
NULL. In the case of canohost.c host is a local array. In the
|
|
case of sshconnect.c, it's checked for null immediately before use.
|
|
In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
|
|
be non-null but it's not obvious, so I added a warning message in
|
|
case it is ever passed a null.
|
|
- grunk@cvs.openbsd.org 2008/06/12 00:13:55
|
|
[sshconnect.c]
|
|
Make ssh print the random art also when ssh'ing to a host using IP only.
|
|
spotted by naddy@, ok and help djm@ dtucker@
|
|
- otto@cvs.openbsd.org 2008/06/12 00:13:13
|
|
[key.c]
|
|
use an odd number of rows and columns and a separate start marker, looks
|
|
better; ok grunk@
|
|
- djm@cvs.openbsd.org 2008/06/12 03:40:52
|
|
[clientloop.h mux.c channels.c clientloop.c channels.h]
|
|
Enable ~ escapes for multiplex slave sessions; give each channel
|
|
its own escape state and hook the escape filters up to muxed
|
|
channels. bz #1331
|
|
Mux slaves do not currently support the ~^Z and ~& escapes.
|
|
NB. this change cranks the mux protocol version, so a new ssh
|
|
mux client will not be able to connect to a running old ssh
|
|
mux master.
|
|
ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/06/12 04:06:00
|
|
[clientloop.h ssh.c clientloop.c]
|
|
maintain an ordered queue of outstanding global requests that we
|
|
expect replies to, similar to the per-channel confirmation queue.
|
|
Use this queue to verify success or failure for remote forward
|
|
establishment in a race free way.
|
|
ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/06/12 04:17:47
|
|
[clientloop.c]
|
|
thall shalt not code past the eightieth column
|
|
- djm@cvs.openbsd.org 2008/06/12 04:24:06
|
|
[ssh.c]
|
|
thal shalt not code past the eightieth column
|
|
- djm@cvs.openbsd.org 2008/06/12 05:15:41
|
|
[PROTOCOL]
|
|
document tun@openssh.com forwarding method
|
|
- djm@cvs.openbsd.org 2008/06/12 05:32:30
|
|
[mux.c]
|
|
some more TODO for me
|
|
- grunk@cvs.openbsd.org 2008/06/12 05:42:46
|
|
[key.c]
|
|
supply the key type (rsa1, rsa, dsa) as a caption in the frame of the
|
|
random art. while there, stress the fact that the field base should at
|
|
least be 8 characters for the pictures to make sense.
|
|
comment and ok djm@
|
|
- grunk@cvs.openbsd.org 2008/06/12 06:32:59
|
|
[key.c]
|
|
We already mark the start of the worm, now also mark the end of the worm
|
|
in our random art drawings.
|
|
ok djm@
|
|
- djm@cvs.openbsd.org 2008/06/12 15:19:17
|
|
[clientloop.h channels.h clientloop.c channels.c mux.c]
|
|
The multiplexing escape char handler commit last night introduced a
|
|
small memory leak per session; plug it.
|
|
- dtucker@cvs.openbsd.org 2008/06/12 16:35:31
|
|
[ssh_config.5 ssh.c]
|
|
keyword expansion for localcommand. ok djm@
|
|
- jmc@cvs.openbsd.org 2008/06/12 19:10:09
|
|
[ssh_config.5 ssh-keygen.1]
|
|
tweak the ascii art text; ok grunk
|
|
- dtucker@cvs.openbsd.org 2008/06/12 20:38:28
|
|
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
|
|
Make keepalive timeouts apply while waiting for a packet, particularly
|
|
during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
|
|
- djm@cvs.openbsd.org 2008/06/12 20:47:04
|
|
[sftp-client.c]
|
|
print extension revisions for extensions that we understand
|
|
- djm@cvs.openbsd.org 2008/06/12 21:06:25
|
|
[clientloop.c]
|
|
I was coalescing expected global request confirmation replies at
|
|
the wrong end of the queue - fix; prompted by markus@
|
|
- grunk@cvs.openbsd.org 2008/06/12 21:14:46
|
|
[ssh-keygen.c]
|
|
make ssh-keygen -lf show the key type just as ssh-add -l would do it
|
|
ok djm@ markus@
|
|
- grunk@cvs.openbsd.org 2008/06/12 22:03:36
|
|
[key.c]
|
|
add my copyright, ok djm@
|
|
- ian@cvs.openbsd.org 2008/06/12 23:24:58
|
|
[sshconnect.c]
|
|
tweak wording in message, ok deraadt@ jmc@
|
|
- dtucker@cvs.openbsd.org 2008/06/13 00:12:02
|
|
[sftp.h log.h]
|
|
replace __dead with __attribute__((noreturn)), makes things
|
|
a little easier to port. Also, add it to sigdie(). ok djm@
|
|
- djm@cvs.openbsd.org 2008/06/13 00:16:49
|
|
[mux.c]
|
|
fall back to creating a new TCP connection on most multiplexing errors
|
|
(socket connect fail, invalid version, refused permittion, corrupted
|
|
messages, etc.); bz #1329 ok dtucker@
|
|
- dtucker@cvs.openbsd.org 2008/06/13 00:47:53
|
|
[mux.c]
|
|
upcast size_t to u_long to match format arg; ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/13 00:51:47
|
|
[mac.c]
|
|
upcast another size_t to u_long to match format
|
|
- dtucker@cvs.openbsd.org 2008/06/13 01:38:23
|
|
[misc.c]
|
|
upcast uid to long with matching %ld, prevents warnings in portable
|
|
- djm@cvs.openbsd.org 2008/06/13 04:40:22
|
|
[auth2-pubkey.c auth-rhosts.c]
|
|
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
|
|
regular files; report from Solar Designer via Colin Watson in bz#1471
|
|
ok dtucker@ deraadt
|
|
- (dtucker) [clientloop.c serverloop.c] channel_register_filter now
|
|
takes 2 more args. with djm@
|
|
- (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
|
|
from Todd Vierling.
|
|
- (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA
|
|
systems. Patch from R. Scott Bailey.
|
|
- (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used
|
|
on big endian machines, so ifdef them for little-endian only to prevent
|
|
unused function warnings on big-endians.
|
|
- (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent
|
|
compiler warnings on some platforms. Based on a discussion with otto@
|
|
|
|
20080611
|
|
- (djm) [channels.c configure.ac]
|
|
Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
|
|
bz#1464; ok dtucker
|
|
|
|
20080610
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/06/10 03:57:27
|
|
[servconf.c match.h sshd_config.5]
|
|
support CIDR address matching in sshd_config "Match address" blocks, with
|
|
full support for negation and fall-back to classic wildcard matching.
|
|
For example:
|
|
Match address 192.0.2.0/24,3ffe:ffff::/32,!10.*
|
|
PasswordAuthentication yes
|
|
addrmatch.c code mostly lifted from flowd's addr.c
|
|
feedback and ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/06/10 04:17:46
|
|
[sshd_config.5]
|
|
better reference for pattern-list
|
|
- dtucker@cvs.openbsd.org 2008/06/10 04:50:25
|
|
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
|
|
Add extended test mode (-T) and connection parameters for test mode (-C).
|
|
-T causes sshd to write its effective configuration to stdout and exit.
|
|
-C causes any relevant Match rules to be applied before output. The
|
|
combination allows tesing of the parser and config files. ok deraadt djm
|
|
- jmc@cvs.openbsd.org 2008/06/10 07:12:00
|
|
[sshd_config.5]
|
|
tweak previous;
|
|
- jmc@cvs.openbsd.org 2008/06/10 08:17:40
|
|
[sshd.8 sshd.c]
|
|
- update usage()
|
|
- fix SYNOPSIS, and sort options
|
|
- some minor additional fixes
|
|
- dtucker@cvs.openbsd.org 2008/06/09 18:06:32
|
|
[regress/test-exec.sh]
|
|
Don't generate putty keys if we're not going to use them. ok djm
|
|
- dtucker@cvs.openbsd.org 2008/06/10 05:23:32
|
|
[regress/addrmatch.sh regress/Makefile]
|
|
Regress test for Match CIDR rules. ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/10 15:21:41
|
|
[test-exec.sh]
|
|
Use a more portable construct for checking if we're running a putty test
|
|
- dtucker@cvs.openbsd.org 2008/06/10 15:28:49
|
|
[test-exec.sh]
|
|
Add quotes
|
|
- dtucker@cvs.openbsd.org 2008/06/10 18:21:24
|
|
[ssh_config.5]
|
|
clarify that Host patterns are space-separated. ok deraadt
|
|
- djm@cvs.openbsd.org 2008/06/10 22:15:23
|
|
[PROTOCOL ssh.c serverloop.c]
|
|
Add a no-more-sessions@openssh.com global request extension that the
|
|
client sends when it knows that it will never request another session
|
|
(i.e. when session multiplexing is disabled). This allows a server to
|
|
disallow further session requests and terminate the session.
|
|
Why would a non-multiplexing client ever issue additional session
|
|
requests? It could have been attacked with something like SSH'jack:
|
|
http://www.storm.net.nz/projects/7
|
|
feedback & ok markus
|
|
- djm@cvs.openbsd.org 2008/06/10 23:06:19
|
|
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
|
|
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
|
|
ok and extensive testing dtucker@
|
|
- dtucker@cvs.openbsd.org 2008/06/10 23:21:34
|
|
[bufaux.c]
|
|
Use '\0' for a nul byte rather than unadorned 0. ok djm@
|
|
- dtucker@cvs.openbsd.org 2008/06/10 23:13:43
|
|
[Makefile regress/key-options.sh]
|
|
Add regress test for key options. ok djm@
|
|
- (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6
|
|
since the new CIDR code in addmatch.c references it.
|
|
- (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
|
|
specific tests on platforms that don't do IPv6.
|
|
- (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well
|
|
as environment.
|
|
- (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now.
|
|
|
|
20080609
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- dtucker@cvs.openbsd.org 2008/06/08 17:04:41
|
|
[sftp-server.c]
|
|
Add case for ENOSYS in errno_to_portable; ok deraadt
|
|
- dtucker@cvs.openbsd.org 2008/06/08 20:15:29
|
|
[sftp.c sftp-client.c sftp-client.h]
|
|
Have the sftp client store the statvfs replies in wire format,
|
|
which prevents problems when the server's native sizes exceed the
|
|
client's.
|
|
Also extends the sizes of the remaining 32bit wire format to 64bit,
|
|
they're specified as unsigned long in the standard.
|
|
- dtucker@cvs.openbsd.org 2008/06/09 13:02:39
|
|
[sftp-server.c]
|
|
Extend 32bit -> 64bit values for statvfs extension missed in previous
|
|
commit.
|
|
- dtucker@cvs.openbsd.org 2008/06/09 13:38:46
|
|
[PROTOCOL]
|
|
Use a $OpenBSD tag so our scripts will sync changes.
|
|
|
|
20080608
|
|
- (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c
|
|
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
|
|
openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
|
|
fstatvfs and remove #defines around statvfs code. ok djm@
|
|
- (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a
|
|
macro to convert fsid to unsigned long for platforms where fsid is a
|
|
2-member array.
|
|
|
|
20080607
|
|
- (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H.
|
|
- (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c]
|
|
Do not enable statvfs extensions on platforms that do not have statvfs.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/05/19 06:14:02
|
|
[packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/05/19 15:45:07
|
|
[sshtty.c ttymodes.c sshpty.h]
|
|
Fix sending tty modes when stdin is not a tty (bz#1199). Previously
|
|
we would send the modes corresponding to a zeroed struct termios,
|
|
whereas we should have been sending an empty list of modes.
|
|
Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
|
|
- djm@cvs.openbsd.org 2008/05/19 15:46:31
|
|
[ssh-keygen.c]
|
|
support -l (print fingerprint) in combination with -F (find host) to
|
|
search for a host in ~/.ssh/known_hosts and display its fingerprint;
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2008/05/19 20:53:52
|
|
[clientloop.c]
|
|
unbreak tree by committing this bit that I missed from:
|
|
Fix sending tty modes when stdin is not a tty (bz#1199). Previously
|
|
we would send the modes corresponding to a zeroed struct termios,
|
|
whereas we should have been sending an empty list of modes.
|
|
Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
|
|
|
|
20080604
|
|
- (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias
|
|
in arc4random_uniform with upper_bound in (2^30,2*31). Note that
|
|
OpenSSH did not make requests with upper bounds in this range.
|
|
|
|
20080519
|
|
- (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in]
|
|
[openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
|
|
Fix compilation on Linux, including pulling in fmt_scaled(3)
|
|
implementation from OpenBSD's libutil.
|
|
|
|
20080518
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/04/04 05:14:38
|
|
[sshd_config.5]
|
|
ChrootDirectory is supported in Match blocks (in fact, it is most useful
|
|
there). Spotted by Minstrel AT minstrel.org.uk
|
|
- djm@cvs.openbsd.org 2008/04/04 06:44:26
|
|
[sshd_config.5]
|
|
oops, some unrelated stuff crept into that commit - backout.
|
|
spotted by jmc@
|
|
- djm@cvs.openbsd.org 2008/04/05 02:46:02
|
|
[sshd_config.5]
|
|
HostbasedAuthentication is supported under Match too
|
|
- (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
|
|
[configure.ac] Implement arc4random_buf(), import implementation of
|
|
arc4random_uniform() from OpenBSD
|
|
- (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes
|
|
- (djm) [openbsd-compat/port-tun.c] needs sys/queue.h
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2008/04/13 00:22:17
|
|
[dh.c sshd.c]
|
|
Use arc4random_buf() when requesting more than a single word of output
|
|
Use arc4random_uniform() when the desired random number upper bound
|
|
is not a power of two
|
|
ok deraadt@ millert@
|
|
- djm@cvs.openbsd.org 2008/04/18 12:32:11
|
|
[sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
|
|
introduce sftp extension methods statvfs@openssh.com and
|
|
fstatvfs@openssh.com that implement statvfs(2)-like operations,
|
|
based on a patch from miklos AT szeredi.hu (bz#1399)
|
|
also add a "df" command to the sftp client that uses the
|
|
statvfs@openssh.com to produce a df(1)-like display of filesystem
|
|
space and inode utilisation
|
|
ok markus@
|
|
- jmc@cvs.openbsd.org 2008/04/18 17:15:47
|
|
[sftp.1]
|
|
macro fixage;
|
|
- djm@cvs.openbsd.org 2008/04/18 22:01:33
|
|
[session.c]
|
|
remove unneccessary parentheses
|
|
- otto@cvs.openbsd.org 2008/04/29 11:20:31
|
|
[monitor_mm.h]
|
|
garbage collect two unused fields in struct mm_master; ok markus@
|
|
- djm@cvs.openbsd.org 2008/04/30 10:14:03
|
|
[ssh-keyscan.1 ssh-keyscan.c]
|
|
default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
|
|
larsnooden AT openoffice.org
|
|
- pyr@cvs.openbsd.org 2008/05/07 05:49:37
|
|
[servconf.c servconf.h session.c sshd_config.5]
|
|
Enable the AllowAgentForwarding option in sshd_config (global and match
|
|
context), to specify if agents should be permitted on the server.
|
|
As the man page states:
|
|
``Note that disabling Agent forwarding does not improve security
|
|
unless users are also denied shell access, as they can always install
|
|
their own forwarders.''
|
|
ok djm@, ok and a mild frown markus@
|
|
- pyr@cvs.openbsd.org 2008/05/07 06:43:35
|
|
[sshd_config]
|
|
push the sshd_config bits in, spotted by ajacoutot@
|
|
- jmc@cvs.openbsd.org 2008/05/07 08:00:14
|
|
[sshd_config.5]
|
|
sort;
|
|
- markus@cvs.openbsd.org 2008/05/08 06:59:01
|
|
[bufaux.c buffer.h channels.c packet.c packet.h]
|
|
avoid extra malloc/copy/free when receiving data over the net;
|
|
~10% speedup for localhost-scp; ok djm@
|
|
- djm@cvs.openbsd.org 2008/05/08 12:02:23
|
|
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
|
|
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
|
|
[ssh.c sshd.c]
|
|
Implement a channel success/failure status confirmation callback
|
|
mechanism. Each channel maintains a queue of callbacks, which will
|
|
be drained in order (RFC4253 guarantees confirm messages are not
|
|
reordered within an channel).
|
|
Also includes a abandonment callback to clean up if a channel is
|
|
closed without sending confirmation messages. This probably
|
|
shouldn't happen in compliant implementations, but it could be
|
|
abused to leak memory.
|
|
ok markus@ (as part of a larger diff)
|
|
- djm@cvs.openbsd.org 2008/05/08 12:21:16
|
|
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
|
|
[sshd_config sshd_config.5]
|
|
Make the maximum number of sessions run-time controllable via
|
|
a sshd_config MaxSessions knob. This is useful for disabling
|
|
login/shell/subsystem access while leaving port-forwarding working
|
|
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
|
|
simply increasing the number of allows multiplexed sessions.
|
|
Because some bozos are sure to configure MaxSessions in excess of the
|
|
number of available file descriptors in sshd (which, at peak, might be
|
|
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
|
|
on error paths, and make it fail gracefully on out-of-fd conditions -
|
|
sending channel errors instead of than exiting with fatal().
|
|
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2008/05/08 13:06:11
|
|
[clientloop.c clientloop.h ssh.c]
|
|
Use new channel status confirmation callback system to properly deal
|
|
with "important" channel requests that fail, in particular command exec,
|
|
shell and subsystem requests. Previously we would optimistically assume
|
|
that the requests would always succeed, which could cause hangs if they
|
|
did not (e.g. when the server runs out of fds) or were unimplemented by
|
|
the server (bz #1384)
|
|
Also, properly report failing multiplex channel requests via the mux
|
|
client stderr (subject to LogLevel in the mux master) - better than
|
|
silently failing.
|
|
most bits ok markus@ (as part of a larger diff)
|
|
- djm@cvs.openbsd.org 2008/05/09 04:55:56
|
|
[channels.c channels.h clientloop.c serverloop.c]
|
|
Try additional addresses when connecting to a port forward destination
|
|
whose DNS name resolves to more than one address. The previous behaviour
|
|
was to try the first address and give up.
|
|
Reported by stig AT venaas.com in bz#343
|
|
great feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2008/05/09 14:18:44
|
|
[clientloop.c clientloop.h ssh.c mux.c]
|
|
tidy up session multiplexing code, moving it into its own file and
|
|
making the function names more consistent - making ssh.c and
|
|
clientloop.c a fair bit more readable.
|
|
ok markus@
|
|
- djm@cvs.openbsd.org 2008/05/09 14:26:08
|
|
[ssh.c]
|
|
dingo stole my diff hunk
|
|
- markus@cvs.openbsd.org 2008/05/09 16:16:06
|
|
[session.c]
|
|
re-add the USE_PIPES code and enable it.
|
|
without pipes shutdown-read from the sshd does not trigger
|
|
a SIGPIPE when the forked program does a write.
|
|
ok djm@
|
|
(Id sync only, USE_PIPES never left portable OpenSSH)
|
|
- markus@cvs.openbsd.org 2008/05/09 16:17:51
|
|
[channels.c]
|
|
error-fd race: don't enable the error fd in the select bitmask
|
|
for channels with both in- and output closed, since the channel
|
|
will go away before we call select();
|
|
report, lots of debugging help and ok djm@
|
|
- markus@cvs.openbsd.org 2008/05/09 16:21:13
|
|
[channels.h clientloop.c nchan.c serverloop.c]
|
|
unbreak
|
|
ssh -2 localhost od /bin/ls | true
|
|
ignoring SIGPIPE by adding a new channel message (EOW) that signals
|
|
the peer that we're not interested in any data it might send.
|
|
fixes bz #85; discussion, debugging and ok djm@
|
|
- pvalchev@cvs.openbsd.org 2008/05/12 20:52:20
|
|
[umac.c]
|
|
Ensure nh_result lies on a 64-bit boundary (fixes warnings observed
|
|
on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@
|
|
- djm@cvs.openbsd.org 2008/05/15 23:52:24
|
|
[nchan2.ms]
|
|
document eow message in ssh protocol 2 channel state machine;
|
|
feedback and ok markus@
|
|
- djm@cvs.openbsd.org 2008/05/18 21:29:05
|
|
[sftp-server.c]
|
|
comment extension announcement
|
|
- djm@cvs.openbsd.org 2008/05/16 08:30:42
|
|
[PROTOCOL]
|
|
document our protocol extensions and deviations; ok markus@
|
|
- djm@cvs.openbsd.org 2008/05/17 01:31:56
|
|
[PROTOCOL]
|
|
grammar and correctness fixes from stevesk@
|
|
|
|
20080403
|
|
- (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
|
|
time warnings on LynxOS. Patch from ops AT iki.fi
|
|
- (djm) Force string arguments to replacement setproctitle() though
|
|
strnvis first. Ok dtucker@
|
|
|
|
20080403
|
|
- (djm) OpenBSD CVS sync:
|
|
- markus@cvs.openbsd.org 2008/04/02 15:36:51
|
|
[channels.c]
|
|
avoid possible hijacking of x11-forwarded connections (back out 1.183)
|
|
CVE-2008-1483; ok djm@
|
|
- jmc@cvs.openbsd.org 2008/03/27 22:37:57
|
|
[sshd.8]
|
|
remove trailing whitespace;
|
|
- djm@cvs.openbsd.org 2008/04/03 09:50:14
|
|
[version.h]
|
|
openssh-5.0
|
|
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
- (djm) [README] Update link to release notes
|
|
- (djm) Release 5.0p1
|