3 - djm@cvs.openbsd.org 2011/01/31 21:42:15
5 cut'n'pasto; from bert.wesarg AT googlemail.com
6 - djm@cvs.openbsd.org 2011/02/04 00:44:21
8 fix uninitialised nonce variable; reported by Mateusz Kocielski
9 - djm@cvs.openbsd.org 2011/02/04 00:44:43
12 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
13 [contrib/suse/openssh.spec] update versions in docs and spec files.
14 - Release OpenSSH 5.8p1
17 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
18 before attempting setfscreatecon(). Check whether matchpathcon()
19 succeeded before using its result. Patch from cjwatson AT debian.org;
23 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
24 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
25 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
26 building with SELinux support to avoid linking failure; report from
27 amk AT spamfence.net; ok dtucker
30 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
31 RSA_get_default_method() for the benefit of openssl versions that don't
32 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
35 - djm@cvs.openbsd.org 2011/01/22 09:18:53
38 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
39 [contrib/suse/openssh.spec] update versions in docs and spec files.
43 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
44 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
45 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
46 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
47 release testing (random crashes and failure to load ECC keys).
51 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
52 $PATH, fix cleanup of droppings; reported by openssh AT
53 roumenpetrov.info; ok dtucker@
54 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
55 its unique snowflake of a gdb error to the ones we look for.
56 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
57 ssh-add to avoid $SUDO failures on Linux
58 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
59 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
60 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
61 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
62 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
63 disabled on platforms that do not support them; add a "config_defined()"
64 shell function that greps for defines in config.h and use them to decide
66 Convert a couple of existing grep's over config.h to use the new function
67 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
68 backslash characters in filenames, enable it for Cygwin and use it to turn
69 of tests for quotes backslashes in sftp-glob.sh.
70 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
71 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
72 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
74 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
75 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
76 support, based on patches from Tomas Mraz and jchadima at redhat.
79 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
80 on configurations that don't have it.
82 - djm@cvs.openbsd.org 2011/01/16 11:50:05
84 Use atomicio when flushing protocol 1 std{out,err} buffers at
85 session close. This was a latent bug exposed by setting a SIGCHLD
86 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
87 - djm@cvs.openbsd.org 2011/01/16 11:50:36
89 reset the SIGPIPE handler when forking to execute child processes;
91 - djm@cvs.openbsd.org 2011/01/16 12:05:59
93 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
94 now that we use atomicio(), convert them from while loops to if statements
95 add test and cast to compile cleanly with -Wsigned
99 - djm@cvs.openbsd.org 2011/01/13 21:54:53
101 correct error messages; patch from bert.wesarg AT googlemail.com
102 - djm@cvs.openbsd.org 2011/01/13 21:55:25
104 correct protocol names and add a couple of missing protocol number
105 defines; patch from bert.wesarg AT googlemail.com
106 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
107 host-key-force target rather than a substitution that is replaced with a
108 comment so that the Makefile.in is still a syntactically valid Makefile
109 (useful to run the distprep target)
110 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
111 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
115 - (djm) [misc.c] include time.h for nanosleep() prototype
116 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
117 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
119 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
120 gcc warning on platforms where it defaults to int
121 - (djm) [regress/Makefile] add a few more generated files to the clean
123 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
124 #define that was causing diffie-hellman-group-exchange-sha256 to be
126 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
127 should not depend on ECC support
131 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
132 [openbsd-compat/glob.c]
133 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
135 Fixes glob-using programs (notably ftp) able to be triggered to hit
137 Idea from a similar NetBSD change, original problem reported by jasper@.
138 ok millert tedu jasper
139 - djm@cvs.openbsd.org 2011/01/12 01:53:14
140 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
141 and sanity check arguments (these will be unnecessary when we switch
142 struct glob members from being type into to size_t in the future);
143 "looks ok" tedu@ feedback guenther@
144 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
145 silly warnings on write() calls we don't care succeed or not.
146 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
147 flag tests that don't depend on gcc version at all; suggested by and
151 - (tim) [regress/host-expand.sh] Fix for building outside of read only
153 - (djm) [platform.c] Some missing includes that show up under -Werror
155 - djm@cvs.openbsd.org 2011/01/08 10:51:51
157 use host and not options.hostname, as the latter may have unescaped
158 substitution characters
159 - djm@cvs.openbsd.org 2011/01/11 06:06:09
161 fd leak on error paths; from zinovik@
162 NB. Id sync only; we use loginrec.c that was also audited and fixed
164 - djm@cvs.openbsd.org 2011/01/11 06:13:10
165 [clientloop.c ssh-keygen.c sshd.c]
166 some unsigned long long casts that make things a bit easier for
167 portable without resorting to dropping PRIu64 formats everywhere
170 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
171 openssh AT roumenpetrov.info
174 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
175 test on OSX and others. Reported by imorgan AT nas.nasa.gov
178 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
179 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
180 - djm@cvs.openbsd.org 2011/01/06 22:23:53
182 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
183 googlemail.com; ok markus@
184 - djm@cvs.openbsd.org 2011/01/06 22:23:02
186 when exiting due to ServerAliveTimeout, mention the hostname that caused
187 it (useful with backgrounded controlmaster)
188 - djm@cvs.openbsd.org 2011/01/06 22:46:21
189 [regress/Makefile regress/host-expand.sh]
190 regress test for LocalCommand %n expansion from bert.wesarg AT
191 googlemail.com; ok markus@
192 - djm@cvs.openbsd.org 2011/01/06 23:01:35
194 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
198 - (djm) OpenBSD CVS Sync
199 - markus@cvs.openbsd.org 2010/12/08 22:46:03
201 add a new -3 option to scp: Copies between two remote hosts are
202 transferred through the local host. Without this option the data
203 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
204 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
207 scp.c: add -3 to usage()
208 - markus@cvs.openbsd.org 2010/12/14 11:59:06
210 don't mention key type in key-changed-warning, since we also print
211 this warning if a new key type appears. ok djm@
212 - djm@cvs.openbsd.org 2010/12/15 00:49:27
214 fix ControlMaster=ask regression
215 reset SIGCHLD handler before fork (and restore it after) so we don't miss
216 the the askpass child's exit status. Correct test for exit status/signal to
217 account for waitpid() failure; with claudio@ ok claudio@ markus@
218 - djm@cvs.openbsd.org 2010/12/24 21:41:48
220 don't send the actual forced command in a debug message; ok markus deraadt
221 - otto@cvs.openbsd.org 2011/01/04 20:44:13
223 handle ecdsa-sha2 with various key lengths; hint and ok djm@
226 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
227 formatter if it is present, followed by nroff and groff respectively.
228 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
229 in favour of mandoc). feedback and ok tim
232 - (djm) [Makefile.in] revert local hack I didn't intend to commit
235 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
236 - (djm) [configure.ac] Check whether libdes is needed when building
237 with Heimdal krb5 support. On OpenBSD this library no longer exists,
238 so linking it unconditionally causes a build failure; ok dtucker
241 - (dtucker) OpenBSD CVS Sync
242 - djm@cvs.openbsd.org 2010/12/08 04:02:47
243 [ssh_config.5 sshd_config.5]
244 explain that IPQoS arguments are separated by whitespace; iirc requested
248 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
249 debugging. Spotted by djm.
250 - (dtucker) OpenBSD CVS Sync
251 - djm@cvs.openbsd.org 2010/12/03 23:49:26
253 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
254 (this code is still disabled, but apprently people are treating it as
255 a reference implementation)
256 - djm@cvs.openbsd.org 2010/12/03 23:55:27
258 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
259 bz#1829; patch from ldv AT altlinux.org; ok markus@
260 - djm@cvs.openbsd.org 2010/12/04 00:18:01
261 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
262 add a protocol extension to support a hard link operation. It is
263 available through the "ln" command in the client. The old "ln"
264 behaviour of creating a symlink is available using its "-s" option
265 or through the preexisting "symlink" command; based on a patch from
266 miklos AT szeredi.hu in bz#1555; ok markus@
267 - djm@cvs.openbsd.org 2010/12/04 13:31:37
269 fix fd leak; spotted and ok dtucker
270 - djm@cvs.openbsd.org 2010/12/04 00:21:19
271 [regress/sftp-cmds.sh]
272 adjust for hard-link support
273 - (dtucker) [regress/Makefile] Id sync.
276 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
277 instead of (arc4random() % range)
278 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
279 shims for the new, non-deprecated OpenSSL key generation functions for
280 platforms that don't have the new interfaces.
284 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
287 - djm@cvs.openbsd.org 2010/11/21 01:01:13
288 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
289 honour $TMPDIR for client xauth and ssh-agent temporary directories;
290 feedback and ok markus@
291 - djm@cvs.openbsd.org 2010/11/21 10:57:07
293 Refactor internals of private key loading and saving to work on memory
294 buffers rather than directly on files. This will make a few things
295 easier to do in the future; ok markus@
296 - djm@cvs.openbsd.org 2010/11/23 02:35:50
298 use strict_modes already passed as function argument over referencing
299 global options.strict_modes
300 - djm@cvs.openbsd.org 2010/11/23 23:57:24
302 avoid NULL deref on receiving a channel request on an unknown or invalid
303 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
304 - djm@cvs.openbsd.org 2010/11/24 01:24:14
306 remove a debug() that pollutes stderr on client connecting to a server
307 in debug mode (channel_close_fds is called transitively from the session
308 code post-fork); bz#1719, ok dtucker
309 - djm@cvs.openbsd.org 2010/11/25 04:10:09
311 replace close() loop for fds 3->64 with closefrom();
312 ok markus deraadt dtucker
313 - djm@cvs.openbsd.org 2010/11/26 05:52:49
315 Pass through ssh command-line flags and options when doing remote-remote
316 transfers, e.g. to enable agent forwarding which is particularly useful
317 in this case; bz#1837 ok dtucker@
318 - markus@cvs.openbsd.org 2010/11/29 18:57:04
320 correctly load comment for encrypted rsa1 keys;
321 report/fix Joachim Schipper; ok djm@
322 - djm@cvs.openbsd.org 2010/11/29 23:45:51
323 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
324 [sshconnect.h sshconnect2.c]
325 automatically order the hostkeys requested by the client based on
326 which hostkeys are already recorded in known_hosts. This avoids
327 hostkey warnings when connecting to servers with new ECDSA keys
328 that are preferred by default; with markus@
331 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
332 into the platform-specific code Only affects SCO, tested by and ok tim@.
333 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
334 group read/write. ok dtucker@
335 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
336 - (djm) [defines.h] Add IP DSCP defines
339 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
340 from vapier at gentoo org.
344 - djm@cvs.openbsd.org 2010/11/05 02:46:47
347 - djm@cvs.openbsd.org 2010/11/10 01:33:07
348 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
349 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
350 these have been around for years by this time. ok markus
351 - djm@cvs.openbsd.org 2010/11/13 23:27:51
352 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
353 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
354 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
355 hardcoding lowdelay/throughput.
357 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
358 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
361 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
362 [scp.1 sftp.1 ssh.1 sshd_config.5]
363 add IPQoS to the various -o lists, and zap some trailing whitespace;
366 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
367 platforms that don't support ECC. Fixes some spurious warnings reported
371 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
372 Feedback from dtucker@
373 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
374 support for platforms missing isblank(). ok djm@
377 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
379 - (tim) [regress/kextype.sh] Shell portability fix.
382 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
383 the correct typedefs.
386 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
387 int. Should fix bz#1817 cleanly; ok dtucker@
389 - djm@cvs.openbsd.org 2010/09/22 12:26:05
390 [regress/Makefile regress/kextype.sh]
391 regress test for each of the key exchange algorithms that we support
392 - djm@cvs.openbsd.org 2010/10/28 11:22:09
393 [authfile.c key.c key.h ssh-keygen.c]
394 fix a possible NULL deref on loading a corrupt ECDH key
396 store ECDH group information in private keys files as "named groups"
397 rather than as a set of explicit group parameters (by setting
398 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
399 retrieves the group's OpenSSL NID that we need for various things.
400 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
401 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
402 knock out some "-*- nroff -*-" lines;
403 - djm@cvs.openbsd.org 2010/11/04 02:45:34
405 umask should be parsed as octal. reported by candland AT xmission.com;
407 - (dtucker) [configure.ac platform.{c,h} session.c
408 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
409 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
411 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
412 after the user's groups are established and move the selinux calls into it.
413 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
415 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
416 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
417 retain previous behavior.
418 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
419 the LOGIN_CAP case into platform.c.
420 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
422 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
423 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
425 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
426 non-LOGIN_CAP case into platform.c.
427 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
428 check into platform.c
429 - (dtucker) [regress/keytype.sh] Import new test.
430 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
431 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
432 from configure through to regress/Makefile and use it in the tests.
433 - (dtucker) [regress/kextype.sh] Add missing "test".
434 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
435 strictly correct since while ECC requires sha256 the reverse is not true
436 however it does prevent spurious test failures.
437 - (dtucker) [platform.c] Need servconf.h and extern options.
440 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
441 1.12 to unbreak Solaris build.
443 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
447 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
448 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
449 which don't have ECC support in libcrypto.
450 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
451 which don't have ECC support in libcrypto.
452 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
454 - (dtucker) OpenBSD CVS Sync
455 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
457 escape '[' in filename tab-completion; fix a type while there.
462 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
464 Typo in confirmation message. bz#1827, patch from imorgan at
466 - djm@cvs.openbsd.org 2010/08/31 12:24:09
467 [regress/cert-hostkey.sh regress/cert-userkey.sh]
468 tests for ECDSA certificates
471 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
472 bz#1825, reported by foo AT mailinator.com
473 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
476 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
480 - (djm) [ssh-agent.c] Fix type for curve name.
481 - (djm) OpenBSD CVS Sync
482 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
483 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
484 [openbsd-compat/timingsafe_bcmp.c]
485 Add timingsafe_bcmp(3) to libc, mention that it's already in the
486 kernel in kern(9), and remove it from OpenSSH.
488 NB. re-added under openbsd-compat/ for portable OpenSSH
489 - djm@cvs.openbsd.org 2010/09/25 09:30:16
490 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
491 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
492 rountrips to fetch per-file stat(2) information.
493 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
495 - djm@cvs.openbsd.org 2010/09/26 22:26:33
497 when performing an "ls" in columnated (short) mode, only call
498 ioctl(TIOCGWINSZ) once to get the window width instead of per-
500 - djm@cvs.openbsd.org 2010/09/30 11:04:51
502 prevent free() of string in .rodata when overriding AuthorizedKeys in
503 a Match block; patch from rein AT basefarm.no
504 - djm@cvs.openbsd.org 2010/10/01 23:05:32
505 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
506 adapt to API changes in openssl-1.0.0a
507 NB. contains compat code to select correct API for older OpenSSL
508 - djm@cvs.openbsd.org 2010/10/05 05:13:18
509 [sftp.c sshconnect.c]
510 use default shell /bin/sh if $SHELL is ""; ok markus@
511 - djm@cvs.openbsd.org 2010/10/06 06:39:28
512 [clientloop.c ssh.c sshconnect.c sshconnect.h]
513 kill proxy command on fatal() (we already kill it on clean exit);
515 - djm@cvs.openbsd.org 2010/10/06 21:10:21
517 swapped args to kill(2)
518 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
519 - (djm) [cipher-acss.c] Add missing header.
520 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
523 - (djm) OpenBSD CVS Sync
524 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
526 * mention ECDSA in more places
527 * less repetition in FILES section
528 * SSHv1 keys are still encrypted with 3DES
530 - djm@cvs.openbsd.org 2010/09/11 21:44:20
532 mention RFC 5656 for ECC stuff
533 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
535 more wacky macro fixing;
536 - djm@cvs.openbsd.org 2010/09/20 04:41:47
538 install a SIGCHLD handler to reap expiried child process; ok markus@
539 - djm@cvs.openbsd.org 2010/09/20 04:50:53
541 check that received values are smaller than the group size in the
542 disabled and unfinished J-PAKE code.
543 avoids catastrophic security failure found by Sebastien Martini
544 - djm@cvs.openbsd.org 2010/09/20 04:54:07
547 - djm@cvs.openbsd.org 2010/09/20 07:19:27
549 "atomically" create the listening mux socket by binding it on a temorary
550 name and then linking it into position after listen() has succeeded.
551 this allows the mux clients to determine that the server socket is
552 either ready or stale without races. stale server sockets are now
553 automatically removed
555 - djm@cvs.openbsd.org 2010/09/22 05:01:30
556 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
557 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
558 add a KexAlgorithms knob to the client and server configuration to allow
559 selection of which key exchange methods are used by ssh(1) and sshd(8)
560 and their order of preference.
562 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
564 ssh.1: add kexalgorithms to the -o list
565 ssh_config.5: format the kexalgorithms in a more consistent
568 - djm@cvs.openbsd.org 2010/09/22 22:58:51
569 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
570 [sftp-client.h sftp.1 sftp.c]
571 add an option per-read/write callback to atomicio
573 factor out bandwidth limiting code from scp(1) into a generic bandwidth
574 limiter that can be attached using the atomicio callback mechanism
576 add a bandwidth limit option to sftp(1) using the above
578 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
580 add [-l limit] to usage();
581 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
583 add KexAlgorithms to the -o list;
586 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
587 return code since it can apparently return -1 under some conditions. From
588 openssh bugs werbittewas de, ok djm@
590 - djm@cvs.openbsd.org 2010/08/31 12:33:38
591 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
592 reintroduce commit from tedu@, which I pulled out for release
594 OpenSSL_add_all_algorithms is the name of the function we have a
595 man page for, so use that. ok djm
596 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
598 fix some macro abuse;
599 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
601 small text tweak to accommodate previous;
602 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
604 pick up ECDSA host key by default; ok djm@
605 - markus@cvs.openbsd.org 2010/09/02 16:07:25
607 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
608 - markus@cvs.openbsd.org 2010/09/02 16:08:39
610 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
611 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
613 Switch ECDSA default key size to 256 bits, which according to RFC5656
614 should still be better than our current RSA-2048 default.
616 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
618 add an EXIT STATUS section for /usr/bin;
619 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
621 two more EXIT STATUS sections;
622 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
624 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
625 <mattieu.b@gmail.com>
627 - djm@cvs.openbsd.org 2010/09/08 03:54:36
630 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
632 work around name-space collisions some buggy compilers (looking at you
633 gcc, at least in earlier versions, but this does not forgive your current
634 transgressions) seen between zlib and openssl
636 - djm@cvs.openbsd.org 2010/09/09 10:45:45
637 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
638 ECDH/ECDSA compliance fix: these methods vary the hash function they use
639 (SHA256/384/512) depending on the length of the curve in use. The previous
640 code incorrectly used SHA256 in all cases.
642 This fix will cause authentication failure when using 384 or 521-bit curve
643 keys if one peer hasn't been upgraded and the other has. (256-bit curve
644 keys work ok). In particular you may need to specify HostkeyAlgorithms
645 when connecting to a server that has not been upgraded from an upgraded
649 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
650 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
651 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
652 platforms that don't have the requisite OpenSSL support. ok dtucker@
653 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
654 for missing headers and compiler warnings.
658 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
659 [ssh-keysign.8 ssh.1 sshd.8]
660 use the same template for all FILES sections; i.e. -compact/.Pp where we
661 have multiple items, and .Pa for path names;
662 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
663 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
664 OpenSSL_add_all_algorithms is the name of the function we have a man page
665 for, so use that. ok djm
666 - djm@cvs.openbsd.org 2010/08/16 04:06:06
667 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
668 backout previous temporarily; discussed with deraadt@
669 - djm@cvs.openbsd.org 2010/08/31 09:58:37
670 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
671 [packet.h ssh-dss.c ssh-rsa.c]
672 Add buffer_get_cstring() and related functions that verify that the
673 string extracted from the buffer contains no embedded \0 characters*
674 This prevents random (possibly malicious) crap from being appended to
675 strings where it would not be noticed if the string is used with
676 a string(3) function.
678 Use the new API in a few sensitive places.
680 * actually, we allow a single one at the end of the string for now because
681 we don't know how many deployed implementations get this wrong, but don't
682 count on this to remain indefinitely.
683 - djm@cvs.openbsd.org 2010/08/31 11:54:45
684 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
685 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
686 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
687 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
688 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
689 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
690 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
691 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
692 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
693 better performance than plain DH and DSA at the same equivalent symmetric
694 key length, as well as much shorter keys.
696 Only the mandatory sections of RFC5656 are implemented, specifically the
697 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
698 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
700 Certificate host and user keys using the new ECDSA key types are supported.
702 Note that this code has not been tested for interoperability and may be
705 feedback and ok markus@
706 - (djm) [Makefile.in] Add new ECC files
707 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
711 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
712 remove. Patch from martynas at venck us
715 - (djm) Release OpenSSH-5.6p1
718 - (dtucker) [configure.ac openbsd-compat/Makefile.in
719 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
720 the compat library which helps on platforms like old IRIX. Based on work
721 by djm, tested by Tom Christensen.
723 - djm@cvs.openbsd.org 2010/08/12 21:49:44
725 close any extra file descriptors inherited from parent at start and
726 reopen stdin/stdout to /dev/null when forking for ControlPersist.
728 prevents tools that fork and run a captive ssh for communication from
729 failing to exit when the ssh completes while they wait for these fds to
730 close. The inherited fds may persist arbitrarily long if a background
731 mux master has been started by ControlPersist. cvs and scp were effected
734 "please commit" markus@
735 - (djm) [regress/README.regress] typo
738 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
739 regress/test-exec.sh] Under certain conditions when testing with sudo
740 tests would fail because the pidfile could not be read by a regular user.
741 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
742 Make sure cat is run by $SUDO. no objection from me. djm@
743 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
746 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
747 already set. Makes FreeBSD user openable tunnels useful; patch from
748 richard.burakowski+ossh AT mrburak.net, ok dtucker@
749 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
750 based in part on a patch from Colin Watson, ok djm@
754 - djm@cvs.openbsd.org 2010/08/08 16:26:42
757 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
758 [contrib/suse/openssh.spec] Crank version numbers
762 - djm@cvs.openbsd.org 2010/08/04 05:37:01
763 [ssh.1 ssh_config.5 sshd.8]
764 Remove mentions of weird "addr/port" alternate address format for IPv6
765 addresses combinations. It hasn't worked for ages and we have supported
766 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
767 - djm@cvs.openbsd.org 2010/08/04 05:40:39
768 [PROTOCOL.certkeys ssh-keygen.c]
769 tighten the rules for certificate encoding by requiring that options
770 appear in lexical order and make our ssh-keygen comply. ok markus@
771 - djm@cvs.openbsd.org 2010/08/04 05:42:47
772 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
773 [ssh-keysign.c ssh.c]
774 enable certificates for hostbased authentication, from Iain Morgan;
776 - djm@cvs.openbsd.org 2010/08/04 05:49:22
778 commited the wrong version of the hostbased certificate diff; this
779 version replaces some strlc{py,at} verbosity with xasprintf() at
780 the request of markus@
781 - djm@cvs.openbsd.org 2010/08/04 06:07:11
782 [ssh-keygen.1 ssh-keygen.c]
783 Support CA keys in PKCS#11 tokens; feedback and ok markus@
784 - djm@cvs.openbsd.org 2010/08/04 06:08:40
786 clean for -Wuninitialized (Id sync only; portable had this change)
787 - djm@cvs.openbsd.org 2010/08/05 13:08:42
789 Fix a trio of bugs in the local/remote window calculation for datagram
790 data channels (i.e. TunnelForward):
792 Calculate local_consumed correctly in channel_handle_wfd() by measuring
793 the delta to buffer_len(c->output) from when we start to when we finish.
794 The proximal problem here is that the output_filter we use in portable
795 modified the length of the dequeued datagram (to futz with the headers
798 In channel_output_poll(), don't enqueue datagrams that won't fit in the
799 peer's advertised packet size (highly unlikely to ever occur) or which
800 won't fit in the peer's remaining window (more likely).
802 In channel_input_data(), account for the 4-byte string header in
803 datagram packets that we accept from the peer and enqueue in c->output.
805 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
809 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
810 PAM to sane values in case the PAM method doesn't write to them. Spotted by
811 Bitman Zhou, ok djm@.
813 - djm@cvs.openbsd.org 2010/07/16 04:45:30
815 avoid bogus compiler warning
816 - djm@cvs.openbsd.org 2010/07/16 14:07:35
818 more timing paranoia - compare all parts of the expected decrypted
819 data before returning. AFAIK not exploitable in the SSH protocol.
821 - djm@cvs.openbsd.org 2010/07/19 03:16:33
823 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
824 upload depth checks and causing verbose printing of transfers to always
825 be turned on; patch from imorgan AT nas.nasa.gov
826 - djm@cvs.openbsd.org 2010/07/19 09:15:12
827 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
828 add a "ControlPersist" option that automatically starts a background
829 ssh(1) multiplex master when connecting. This connection can stay alive
830 indefinitely, or can be set to automatically close after a user-specified
831 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
832 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
833 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
834 - djm@cvs.openbsd.org 2010/07/21 02:10:58
836 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
837 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
839 Ciphers is documented in ssh_config(5) these days
842 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
843 details about its behaviour WRT existing directories. Patch from
844 asguthrie at gmail com, ok djm.
847 - (djm) OpenBSD CVS Sync
848 - djm@cvs.openbsd.org 2010/07/02 04:32:44
850 unbreak strdelim() skipping past quoted strings, e.g.
851 AllowUsers "blah blah" blah
852 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
854 - djm@cvs.openbsd.org 2010/07/12 22:38:52
856 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
857 for protocol 2. ok markus@
858 - djm@cvs.openbsd.org 2010/07/12 22:41:13
860 expand %h to the hostname in ssh_config Hostname options. While this
861 sounds useless, it is actually handy for working with unqualified
867 Hostname %h.example.org
870 - djm@cvs.openbsd.org 2010/07/13 11:52:06
871 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
873 implement a timing_safe_cmp() function to compare memory without leaking
874 timing information by short-circuiting like memcmp() and use it for
875 some of the more sensitive comparisons (though nothing high-value was
876 readily attackable anyway); "looks ok" markus@
877 - djm@cvs.openbsd.org 2010/07/13 23:13:16
878 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
880 s/timing_safe_cmp/timingsafe_bcmp/g
881 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
883 finally ssh synopsis looks nice again! this commit just removes a ton of
884 hacks we had in place to make it work with old groff;
885 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
887 repair incorrect block nesting, which screwed up indentation;
888 problem reported and fix OK by jmc@
891 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
892 (line 77) should have been for no_x11_askpass.
895 - (djm) OpenBSD CVS Sync
896 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
899 - djm@cvs.openbsd.org 2010/06/26 23:04:04
901 oops, forgot to #include <canohost.h>; spotted and patch from chl@
902 - djm@cvs.openbsd.org 2010/06/29 23:15:30
903 [ssh-keygen.1 ssh-keygen.c]
904 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
906 - djm@cvs.openbsd.org 2010/06/29 23:16:46
907 [auth2-pubkey.c sshd_config.5]
908 allow key options (command="..." and friends) in AuthorizedPrincipals;
910 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
913 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
916 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
919 - millert@cvs.openbsd.org 2010/07/01 13:06:59
921 Fix a longstanding problem where if you suspend scp at the
922 password/passphrase prompt the terminal mode is not restored.
924 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
926 fix how we run the tests so we can successfully use SUDO='sudo -E'
928 - djm@cvs.openbsd.org 2010/06/29 23:59:54
930 regress tests for key options in AuthorizedPrincipals
933 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
937 - (djm) OpenBSD CVS Sync
938 - djm@cvs.openbsd.org 2010/05/21 05:00:36
940 colon() returns char*, so s/return (0)/return NULL/
941 - markus@cvs.openbsd.org 2010/06/08 21:32:19
943 check length of value returned C_GetAttributValue for != 0
944 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
945 - djm@cvs.openbsd.org 2010/06/17 07:07:30
947 Correct sizing of object to be allocated by calloc(), replacing
948 sizeof(state) with sizeof(*state). This worked by accident since
949 the struct contained a single int at present, but could have broken
950 in the future. patch from hyc AT symas.com
951 - djm@cvs.openbsd.org 2010/06/18 00:58:39
953 unbreak ls in working directories that contains globbing characters in
954 their pathnames. bz#1655 reported by vgiffin AT apple.com
955 - djm@cvs.openbsd.org 2010/06/18 03:16:03
957 Missing check for chroot_director == "none" (we already checked against
958 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
959 - djm@cvs.openbsd.org 2010/06/18 04:43:08
961 fix memory leak in do_realpath() error path; bz#1771, patch from
963 - djm@cvs.openbsd.org 2010/06/22 04:22:59
964 [servconf.c sshd_config.5]
965 expose some more sshd_config options inside Match blocks:
966 AuthorizedKeysFile AuthorizedPrincipalsFile
967 HostbasedUsesNameFromPacketOnly PermitTunnel
968 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
969 - djm@cvs.openbsd.org 2010/06/22 04:32:06
971 standardise error messages when attempting to open private key
972 files to include "progname: filename: error reason"
974 - djm@cvs.openbsd.org 2010/06/22 04:49:47
976 queue auth debug messages for bad ownership or permissions on the user's
977 keyfiles. These messages will be sent after the user has successfully
978 authenticated (where our client will display them with LogLevel=debug).
980 - djm@cvs.openbsd.org 2010/06/22 04:54:30
982 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
983 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
984 - djm@cvs.openbsd.org 2010/06/22 04:59:12
986 include the user name on "subsystem request for ..." log messages;
988 - djm@cvs.openbsd.org 2010/06/23 02:59:02
990 fix printing of extensions in v01 certificates that I broke in r1.190
991 - djm@cvs.openbsd.org 2010/06/25 07:14:46
992 [channels.c mux.c readconf.c readconf.h ssh.h]
993 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
994 forwards per direction; ok markus@ stevesk@
995 - djm@cvs.openbsd.org 2010/06/25 07:20:04
996 [channels.c session.c]
997 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
998 internal-sftp accidentally introduced in r1.253 by removing the code
999 that opens and dup /dev/null to stderr and modifying the channels code
1000 to read stderr but discard it instead; ok markus@
1001 - djm@cvs.openbsd.org 2010/06/25 08:46:17
1002 [auth1.c auth2-none.c]
1003 skip the initial check for access with an empty password when
1004 PermitEmptyPasswords=no; bz#1638; ok markus@
1005 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1007 log the hostname and address that we connected to at LogLevel=verbose
1008 after authentication is successful to mitigate "phishing" attacks by
1009 servers with trusted keys that accept authentication silently and
1010 automatically before presenting fake password/passphrase prompts;
1012 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1014 log the hostname and address that we connected to at LogLevel=verbose
1015 after authentication is successful to mitigate "phishing" attacks by
1016 servers with trusted keys that accept authentication silently and
1017 automatically before presenting fake password/passphrase prompts;
1021 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
1025 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
1026 rather than assuming that $CWD == $HOME. bz#1500, patch from
1027 timothy AT gelter.com
1030 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
1031 minires-devel package, and to add the reference to the libedit-devel
1032 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
1035 - (djm) OpenBSD CVS Sync
1036 - djm@cvs.openbsd.org 2010/05/07 11:31:26
1037 [regress/Makefile regress/cert-userkey.sh]
1038 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
1039 feedback and ok markus@
1040 - djm@cvs.openbsd.org 2010/05/11 02:58:04
1042 don't accept certificates marked as "cert-authority" here; ok markus@
1043 - djm@cvs.openbsd.org 2010/05/14 00:47:22
1045 check that the certificate matches the corresponding private key before
1047 - djm@cvs.openbsd.org 2010/05/14 23:29:23
1048 [channels.c channels.h mux.c ssh.c]
1049 Pause the mux channel while waiting for reply from aynch callbacks.
1050 Prevents misordering of replies if new requests arrive while waiting.
1052 Extend channel open confirm callback to allow signalling failure
1053 conditions as well as success. Use this to 1) fix a memory leak, 2)
1054 start using the above pause mechanism and 3) delay sending a success/
1055 failure message on mux slave session open until we receive a reply from
1058 motivated by and with feedback from markus@
1059 - markus@cvs.openbsd.org 2010/05/16 12:55:51
1060 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
1061 mux support for remote forwarding with dynamic port allocation,
1063 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
1064 feedback and ok djm@
1065 - djm@cvs.openbsd.org 2010/05/20 11:25:26
1067 fix logspam when key options (from="..." especially) deny non-matching
1068 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
1069 - djm@cvs.openbsd.org 2010/05/20 23:46:02
1070 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
1071 Move the permit-* options to the non-critical "extensions" field for v01
1072 certificates. The logic is that if another implementation fails to
1073 implement them then the connection just loses features rather than fails
1079 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
1080 circular dependency problem on old or odd platforms. From Tom Lane, ok
1082 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
1083 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
1084 already. ok dtucker@
1088 - djm@cvs.openbsd.org 2010/04/23 01:47:41
1090 bz#1740: display a more helpful error message when $HOME is
1091 inaccessible while trying to create .ssh directory. Based on patch
1092 from jchadima AT redhat.com; ok dtucker@
1093 - djm@cvs.openbsd.org 2010/04/23 22:27:38
1095 set "detach_close" flag when registering channel cleanup callbacks.
1096 This causes the channel to close normally when its fds close and
1097 hangs when terminating a mux slave using ~. bz#1758; ok markus@
1098 - djm@cvs.openbsd.org 2010/04/23 22:42:05
1100 set stderr to /dev/null for subsystems rather than just closing it.
1101 avoids hangs if a subsystem or shell initialisation writes to stderr.
1103 - djm@cvs.openbsd.org 2010/04/23 22:48:31
1105 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
1106 since we would refuse to use them anyway. bz#1516; ok dtucker@
1107 - djm@cvs.openbsd.org 2010/04/26 22:28:24
1109 bz#1502: authctxt.success is declared as an int, but passed by
1110 reference to function that accepts sig_atomic_t*. Convert it to
1111 the latter; ok markus@ dtucker@
1112 - djm@cvs.openbsd.org 2010/05/01 02:50:50
1115 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
1117 restore mput and mget which got lost in the tab-completion changes.
1118 found by Kenneth Whitaker, ok djm@
1119 - djm@cvs.openbsd.org 2010/05/07 11:30:30
1120 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
1121 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
1122 add some optional indirection to matching of principal names listed
1123 in certificates. Currently, a certificate must include the a user's name
1124 to be accepted for authentication. This change adds the ability to
1125 specify a list of certificate principal names that are acceptable.
1127 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
1128 this adds a new principals="name1[,name2,...]" key option.
1130 For CAs listed through sshd_config's TrustedCAKeys option, a new config
1131 option "AuthorizedPrincipalsFile" specifies a per-user file containing
1132 the list of acceptable names.
1134 If either option is absent, the current behaviour of requiring the
1135 username to appear in principals continues to apply.
1137 These options are useful for role accounts, disjoint account namespaces
1138 and "user@realm"-style naming policies in certificates.
1140 feedback and ok markus@
1141 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
1146 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
1147 in the openssl install directory (some newer openssl versions do this on at
1148 least some amd64 platforms).
1152 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
1154 tweak previous; ok djm
1155 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
1156 [ssh-keygen.1 ssh-keygen.c]
1157 tweak previous; ok djm
1158 - djm@cvs.openbsd.org 2010/04/16 21:14:27
1160 oops, %r => remote username, not %u
1161 - djm@cvs.openbsd.org 2010/04/16 01:58:45
1162 [regress/cert-hostkey.sh regress/cert-userkey.sh]
1163 regression tests for v01 certificate format
1164 includes interop tests for v00 certs
1165 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
1169 - (djm) Release openssh-5.5p1
1171 - djm@cvs.openbsd.org 2010/03/26 03:13:17
1173 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
1174 argument to allow skipping past values in a buffer
1175 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
1178 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
1180 tweak previous; ok dtucker
1181 - djm@cvs.openbsd.org 2010/04/10 00:00:16
1183 bz#1746 - suppress spurious tty warning when using -O and stdin
1184 is not a tty; ok dtucker@ markus@
1185 - djm@cvs.openbsd.org 2010/04/10 00:04:30
1187 fix terminology: we didn't find a certificate in known_hosts, we found
1189 - djm@cvs.openbsd.org 2010/04/10 02:08:44
1191 bz#1698: kill channel when pty allocation requests fail. Fixed
1192 stuck client if the server refuses pty allocation.
1193 ok dtucker@ "think so" markus@
1194 - djm@cvs.openbsd.org 2010/04/10 02:10:56
1196 show the key type that we are offering in debug(), helps distinguish
1197 between certs and plain keys as the path to the private key is usually
1199 - djm@cvs.openbsd.org 2010/04/10 05:48:16
1201 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
1202 - djm@cvs.openbsd.org 2010/04/14 22:27:42
1203 [ssh_config.5 sshconnect.c]
1204 expand %r => remote username in ssh_config:ProxyCommand;
1206 - markus@cvs.openbsd.org 2010/04/15 20:32:55
1208 retry lookup for private key if there's no matching key with CKA_SIGN
1209 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
1211 - djm@cvs.openbsd.org 2010/04/16 01:47:26
1212 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
1213 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
1214 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
1215 [sshconnect.c sshconnect2.c sshd.c]
1216 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
1219 move the nonce field to the beginning of the certificate where it can
1220 better protect against chosen-prefix attacks on the signature hash
1222 Rename "constraints" field to "critical options"
1224 Add a new non-critical "extensions" field
1228 The older format is still support for authentication and cert generation
1229 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)