From 0f31b02d696704321e4e94e63dceff52599ab808 Mon Sep 17 00:00:00 2001 From: des Date: Mon, 14 Mar 2016 13:05:13 +0000 Subject: MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) --- crypto/openssh/ChangeLog | 11198 +++++++++++++++++++++++++-------------------- 1 file changed, 6244 insertions(+), 4954 deletions(-) (limited to 'crypto/openssh/ChangeLog') diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 35a1a76..1e43467 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,7615 +1,8905 @@ -commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443 +commit 5c35450a0c901d9375fb23343a8dc82397da5f75 Author: Damien Miller -Date: Thu Jan 14 11:08:19 2016 +1100 +Date: Thu Mar 10 05:04:48 2016 +1100 - bump version numbers + update versions for release -commit 302bc21e6fadacb04b665868cd69b625ef69df90 +commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56 Author: Damien Miller -Date: Thu Jan 14 11:04:04 2016 +1100 +Date: Thu Mar 10 05:03:39 2016 +1100 - openssh-7.1p2 + sanitise characters destined for xauth(1) + + reported by github.com/tintinweb -commit 6b33763242c063e4e0593877e835eeb1fd1b60aa -Author: Damien Miller -Date: Thu Jan 14 11:02:58 2016 +1100 +commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 +Author: Darren Tucker +Date: Fri Feb 26 14:40:04 2016 +1100 - forcibly disable roaming support in the client + Add a note about using xlc on AIX. -commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13 -Author: djm@openbsd.org -Date: Mon Oct 5 17:11:21 2015 +0000 +commit fd4e4f2416baa2e6565ea49d52aade296bad3e28 +Author: Darren Tucker +Date: Wed Feb 24 10:44:25 2016 +1100 - upstream commit + Skip PrintLastLog in config dump mode. - some more bzero->explicit_bzero, from Michael McConville - - Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 + When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the + config dump since it'll be reported as UNKNOWN. -commit 8f5b93026797b9f7fba90d0c717570421ccebbd3 -Author: guenther@openbsd.org -Date: Fri Sep 11 08:50:04 2015 +0000 +commit 99135c764fa250801da5ec3b8d06cbd0111caae8 +Author: Damien Miller +Date: Tue Feb 23 20:17:23 2016 +1100 + + update spec/README versions ahead of release + +commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5 +Author: Damien Miller +Date: Tue Feb 23 20:16:53 2016 +1100 + + put back portable patchlevel to p1 + +commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f +Author: djm@openbsd.org +Date: Tue Feb 23 09:14:34 2016 +0000 upstream commit - Use explicit_bzero() when zeroing before free() - - from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) - ok millert@ djm@ + openssh-7.2 - Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50 + Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78 -commit d77148e3a3ef6c29b26ec74331455394581aa257 -Author: djm@openbsd.org -Date: Sun Nov 8 21:59:11 2015 +0000 +commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf +Author: Damien Miller +Date: Tue Feb 23 16:12:13 2016 +1100 - upstream commit + Disable tests where fs perms are incorrect - fix OOB read in packet code caused by missing return - statement found by Ben Hawkes; ok markus@ deraadt@ + Some tests have strict requirements on the filesystem permissions + for certain files and directories. This adds a regress/check-perm + tool that copies the relevant logic from sshd to exactly test + the paths in question. This lets us skip tests when the local + filesystem doesn't conform to our expectations rather than + continuing and failing the test run. - Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 + ok dtucker@ -commit 076d849e17ab12603627f87b301e2dca71bae518 +commit 39f303b1f36d934d8410b05625f25c7bcb75db4d Author: Damien Miller -Date: Sat Nov 14 18:44:49 2015 +1100 +Date: Tue Feb 23 12:56:59 2016 +1100 - read back from libcrypto RAND when privdropping + fix sandbox on OSX Lion - makes certain libcrypto implementations cache a /dev/urandom fd - in preparation of sandboxing. Based on patch by Greg Hartman. + sshd was failing with: + + ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw + image not found [preauth] + + caused by chroot before sandboxing. Avoid by explicitly linking libsandbox + to sshd. Spotted by Darren. -commit f72adc0150011a28f177617a8456e1f83733099d +commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4 Author: djm@openbsd.org -Date: Sun Dec 13 22:42:23 2015 +0000 +Date: Tue Feb 23 01:34:14 2016 +0000 upstream commit - unbreak connections with peers that set - first_kex_follows; fix from Matt Johnston va bz#2515 + fix spurious error message when incorrect passphrase + entered for keys; reported by espie@ ok deraadt@ - Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b + Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899 -commit 04bd8d019ccd906cac1a2b362517b8505f3759e6 -Author: djm@openbsd.org -Date: Tue Jan 12 23:42:54 2016 +0000 +commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc +Author: sobrado@openbsd.org +Date: Sat Feb 20 23:06:23 2016 +0000 upstream commit - use explicit_bzero() more liberally in the buffer code; ok - deraadt + set ssh(1) protocol version to 2 only. - Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf + ok djm@ + + Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10 -commit e91346dc2bbf460246df2ab591b7613908c1b0ad -Author: Damien Miller -Date: Fri Aug 21 14:49:03 2015 +1000 +commit 9262e07826ba5eebf8423f7ac9e47ec488c47869 +Author: sobrado@openbsd.org +Date: Sat Feb 20 23:02:39 2016 +0000 - we don't use Github for issues/pull-requests + upstream commit + + add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to + IdentityFile. + + ok djm@ + + Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf -commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23 -Author: Damien Miller -Date: Fri Aug 21 14:43:55 2015 +1000 +commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5 +Author: sobrado@openbsd.org +Date: Sat Feb 20 23:01:46 2016 +0000 - fix URL for connect.c + upstream commit + + AddressFamily defaults to any. + + ok djm@ + + Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c -commit d026a8d3da0f8186598442997c7d0a28e7275414 -Author: Damien Miller -Date: Fri Aug 21 13:47:10 2015 +1000 +commit 907091acb188b1057d50c2158f74c3ecf1c2302b +Author: Darren Tucker +Date: Fri Feb 19 09:05:39 2016 +1100 - update version numbers for 7.1 + Make Solaris privs code build on older systems. + + Not all systems with Solaris privs have priv_basicset so factor that + out and provide backward compatibility code. Similarly, not all have + PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from + alex at cooperi.net and djm@ with help from carson at taltos.org and + wieland at purdue.edu. -commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed +commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59 Author: djm@openbsd.org -Date: Fri Aug 21 03:45:26 2015 +0000 +Date: Wed Feb 17 22:20:14 2016 +0000 upstream commit - openssh-7.1 + rekey refactor broke SSH1; spotted by Tom G. Christensen - Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f + Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243 -commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf +commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca Author: djm@openbsd.org -Date: Fri Aug 21 03:42:19 2015 +0000 +Date: Wed Feb 17 08:57:34 2016 +0000 upstream commit - fix inverted logic that broke PermitRootLogin; reported - by Mantas Mikulenas; ok markus@ + rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly + in *KeyTypes options yet. Remove them from the lists of algorithms for now. + committing on behalf of markus@ ok djm@ - Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5 + Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7 -commit ce445b0ed927e45bd5bdce8f836eb353998dd65c -Author: deraadt@openbsd.org -Date: Thu Aug 20 22:32:42 2015 +0000 +commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b +Author: jmc@openbsd.org +Date: Wed Feb 17 07:38:19 2016 +0000 upstream commit - Do not cast result of malloc/calloc/realloc* if stdlib.h - is in scope ok krw millert - - Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667 - -commit 05291e5288704d1a98bacda269eb5a0153599146 -Author: naddy@openbsd.org -Date: Thu Aug 20 19:20:06 2015 +0000 - - upstream commit + since these pages now clearly tell folks to avoid v1, + normalise the docs from a v2 perspective (i.e. stop pointing out which bits + are v2 only); - In the certificates section, be consistent about using - "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ + ok/tweaks djm ok markus - Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb + Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129 -commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4 +commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d Author: djm@openbsd.org -Date: Wed Aug 19 23:21:42 2015 +0000 +Date: Wed Feb 17 05:29:04 2016 +0000 upstream commit - Better compat matching for WinSCP, add compat matching - for FuTTY (fork of PuTTY); ok markus@ deraadt@ + make sandboxed privilege separation the default, not just + for new installs; "absolutely" deraadt@ - Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389 + Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b -commit ec6eda16ebab771aa3dfc90629b41953b999cb1e -Author: djm@openbsd.org -Date: Wed Aug 19 23:19:01 2015 +0000 +commit eb3f7337a651aa01d5dec019025e6cdc124ed081 +Author: jmc@openbsd.org +Date: Tue Feb 16 07:47:54 2016 +0000 upstream commit - fix double-free() in error path of DSA key generation - reported by Mateusz Kocielski; ok markus@ + no need to state that protocol 2 is the default twice; - Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c + Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb -commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b +commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005 Author: djm@openbsd.org -Date: Wed Aug 19 23:18:26 2015 +0000 +Date: Tue Feb 16 05:11:04 2016 +0000 upstream commit - fix free() of uninitialised pointer reported by Mateusz - Kocielski; ok markus@ + Replace list of ciphers and MACs adjacent to -1/-2 flag + descriptions in ssh(1) with a strong recommendation not to use protocol 1. + Add a similar warning to the Protocol option descriptions in ssh_config(5) + and sshd_config(5); - Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663 + prompted by and ok mmcc@ + + Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e -commit c837643b93509a3ef538cb6624b678c5fe32ff79 +commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2 Author: djm@openbsd.org -Date: Wed Aug 19 23:17:51 2015 +0000 +Date: Tue Feb 16 03:37:48 2016 +0000 upstream commit - fixed unlink([uninitialised memory]) reported by Mateusz - Kocielski; ok markus@ + add a "Close session" log entry (at loglevel=verbose) to + correspond to the existing "Starting session" one. Also include the session + id number to make multiplexed sessions more apparent. - Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109 + feedback and ok dtucker@ + + Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c -commit 1f8d3d629cd553031021068eb9c646a5f1e50994 -Author: jmc@openbsd.org -Date: Fri Aug 14 15:32:41 2015 +0000 +commit 624fd395b559820705171f460dd33d67743d13d6 +Author: djm@openbsd.org +Date: Wed Feb 17 02:24:17 2016 +0000 upstream commit - match myproposal.h order; from brian conway (i snuck in a - tweak while here) - - ok dtucker + include bad $SSH_CONNECTION in failure output - Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67 + Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529 -commit 1dc8d93ce69d6565747eb44446ed117187621b26 -Author: deraadt@openbsd.org -Date: Thu Aug 6 14:53:21 2015 +0000 +commit 60d860e54b4f199e5e89963b1c086981309753cb +Author: Darren Tucker +Date: Wed Feb 17 13:37:09 2016 +1100 - upstream commit - - add prohibit-password as a synonymn for without-password, - since the without-password is causing too many questions. Harden it to ban - all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from - djm, ok markus + Rollback addition of va_start. - Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a + va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however + it has the wrong number of args and it's not usable in non-variadic + functions anyway so it breaks things (for example Solaris 2.6 as + reported by Tom G. Christensen).i ok djm@ -commit 90a95a4745a531b62b81ce3b025e892bdc434de5 -Author: Damien Miller -Date: Tue Aug 11 13:53:41 2015 +1000 +commit 2fee909c3cee2472a98b26eb82696297b81e0d38 +Author: Darren Tucker +Date: Wed Feb 17 09:48:15 2016 +1100 - update version in README + Look for gethostbyname in libresolv and libnsl. + + Should fix build problem on Solaris 2.6 reported by Tom G. Christensen. -commit 318c37743534b58124f1bab37a8a0087a3a9bd2f +commit 5ac712d81a84396aab441a272ec429af5b738302 Author: Damien Miller -Date: Tue Aug 11 13:53:09 2015 +1000 +Date: Tue Feb 16 10:45:02 2016 +1100 - update versions in *.spec + make existing ssh_malloc_init only for __OpenBSD__ -commit 5e75f5198769056089fb06c4d738ab0e5abc66f7 -Author: Damien Miller -Date: Tue Aug 11 13:34:12 2015 +1000 +commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec +Author: djm@openbsd.org +Date: Mon Feb 15 23:32:37 2016 +0000 - set sshpam_ctxt to NULL after free + upstream commit - Avoids use-after-free in monitor when privsep child is compromised. - Reported by Moritz Jodeit; ok dtucker@ - -commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b -Author: Damien Miller -Date: Tue Aug 11 13:33:24 2015 +1000 - - Don't resend username to PAM; it already has it. + memleak of algorithm name in mm_answer_sign; reported by + Jakub Jelen - Pointed out by Moritz Jodeit; ok dtucker@ + Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08 -commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca -Author: Darren Tucker -Date: Mon Jul 27 12:14:25 2015 +1000 +commit ffb1e7e896139a42ceb78676f637658f44612411 +Author: dtucker@openbsd.org +Date: Mon Feb 15 09:47:49 2016 +0000 - Import updated moduli file from OpenBSD. + upstream commit + + Add a function to enable security-related malloc_options. + With and ok deraadt@, something similar has been in the snaps for a while. + + Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed -commit 55b263fb7cfeacb81aaf1c2036e0394c881637da +commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c Author: Damien Miller -Date: Mon Aug 10 11:13:44 2015 +1000 +Date: Tue Feb 16 10:34:39 2016 +1100 - let principals-command.sh work for noexec /var/run + sync ssh-copy-id with upstream 783ef08b0a75 -commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897 -Author: Damien Miller -Date: Thu Aug 6 11:43:42 2015 +1000 +commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd +Author: djm@openbsd.org +Date: Fri Feb 12 00:20:30 2016 +0000 - work around echo -n / sed behaviour in tests + upstream commit + + avoid fatal() for PKCS11 tokens that present empty key IDs + bz#1773, ok markus@ + + Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54 -commit d85dad81778c1aa8106acd46930b25fdf0d15b2a +commit e4c918a6c721410792b287c9fd21356a1bed5805 Author: djm@openbsd.org -Date: Wed Aug 5 05:27:33 2015 +0000 +Date: Thu Feb 11 02:56:32 2016 +0000 upstream commit - adjust for RSA minimum modulus switch; ok deraadt@ + sync crypto algorithm lists in ssh_config(5) and + sshd_config(5) with current reality. bz#2527 - Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae + Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6 -commit 57e8e229bad5fe6056b5f1199665f5f7008192c6 +commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517 Author: djm@openbsd.org -Date: Tue Aug 4 05:23:06 2015 +0000 +Date: Thu Feb 11 02:21:34 2016 +0000 upstream commit - backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this - release; problems spotted by sthen@ ok deraadt@ markus@ + fix regression in openssh-6.8 sftp client: existing + destination directories would incorrectly terminate recursive uploads; + bz#2528 - Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822 + Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18 -commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a +commit 714e367226ded4dc3897078be48b961637350b05 Author: djm@openbsd.org -Date: Sun Aug 2 09:56:42 2015 +0000 +Date: Tue Feb 9 05:30:04 2016 +0000 upstream commit - openssh 7.0; ok deraadt@ + turn off more old crypto in the client: hmac-md5, ripemd, + truncated HMACs, RC4, blowfish. ok markus@ dtucker@ - Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f + Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e -commit 3d5728a0f6874ce4efb16913a12963595070f3a9 -Author: chris@openbsd.org -Date: Fri Jul 31 15:38:09 2015 +0000 +commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3 +Author: djm@openbsd.org +Date: Mon Feb 8 23:40:12 2016 +0000 upstream commit - Allow PermitRootLogin to be overridden by config - - ok markus@ deeradt@ + don't attempt to percent_expand() already-canonicalised + addresses, avoiding unnecessary failures when attempting to connect to scoped + IPv6 addresses (that naturally contain '%' characters) - Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4 + Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a -commit 6f941396b6835ad18018845f515b0c4fe20be21a +commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a Author: djm@openbsd.org -Date: Thu Jul 30 23:09:15 2015 +0000 +Date: Mon Feb 8 10:57:07 2016 +0000 upstream commit - fix pty permissions; patch from Nikolay Edigaryev; ok - deraadt + refactor activation of rekeying - Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550 + This makes automatic rekeying internal to the packet code (previously + the server and client loops needed to assist). In doing to it makes + application of rekey limits more accurate by accounting for packets + about to be sent as well as packets queued during rekeying events + themselves. + + Based on a patch from dtucker@ which was in turn based on a patch + Aleksander Adamowski in bz#2521; ok markus@ + + Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8 -commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0 -Author: deraadt@openbsd.org -Date: Thu Jul 30 19:23:02 2015 +0000 +commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d +Author: naddy@openbsd.org +Date: Fri Feb 5 13:28:19 2016 +0000 upstream commit - change default: PermitRootLogin without-password matching - install script changes coming as well ok djm markus + Only check errno if read() has returned an error. EOF is + not an error. This fixes a problem where the mux master would sporadically + fail to notice that the client had exited. ok mikeb@ djm@ - Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6 + Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53 -commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c -Author: Damien Miller -Date: Thu Jul 30 12:31:39 2015 +1000 +commit 56d7dac790693ce420d225119283bc355cff9185 +Author: jsg@openbsd.org +Date: Fri Feb 5 04:31:21 2016 +0000 - downgrade OOM adjustment logging: verbose -> debug + upstream commit + + avoid an uninitialised value when NumberOfPasswordPrompts + is 0 ok markus@ djm@ + + Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b -commit f9eca249d4961f28ae4b09186d7dc91de74b5895 +commit deae7d52d59c5019c528f977360d87fdda15d20b Author: djm@openbsd.org -Date: Thu Jul 30 00:01:34 2015 +0000 +Date: Fri Feb 5 03:07:06 2016 +0000 upstream commit - Allow ssh_config and sshd_config kex parameters options be - prefixed by a '+' to indicate that the specified items be appended to the - default rather than replacing it. - - approach suggested by dtucker@, feedback dlg@, ok markus@ + mention internal DH-GEX fallback groups; bz#2302 - Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a + Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e -commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 +commit cac3b6665f884d46192c0dc98a64112e8b11a766 Author: djm@openbsd.org -Date: Wed Jul 29 08:34:54 2015 +0000 +Date: Fri Feb 5 02:37:56 2016 +0000 upstream commit - fix bug in previous; was printing incorrect string for - failed host key algorithms negotiation + better description for MaxSessions; bz#2531 - Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e + Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da -commit f319912b0d0e1675b8bb051ed8213792c788bcb2 +commit 5ef4b0fdcc7a239577a754829b50022b91ab4712 +Author: Damien Miller +Date: Wed Jan 27 17:45:56 2016 +1100 + + avoid FreeBSD RCS Id in comment + + Change old $FreeBSD version string in comment so it doesn't + become an RCS ident downstream; requested by des AT des.no + +commit 696d12683c90d20a0a9c5f4275fc916b7011fb04 Author: djm@openbsd.org -Date: Wed Jul 29 04:43:06 2015 +0000 +Date: Thu Feb 4 23:43:48 2016 +0000 upstream commit - include the peer's offer when logging a failure to - negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@ + printf argument casts to avoid warnings on strict + compilers - Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796 + Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c -commit b6ea0e573042eb85d84defb19227c89eb74cf05a -Author: djm@openbsd.org -Date: Tue Jul 28 23:20:42 2015 +0000 +commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a +Author: millert@openbsd.org +Date: Mon Feb 1 21:18:17 2016 +0000 upstream commit - add Cisco to the list of clients that choke on the - hostkeys update extension. Pointed out by Howard Kash + Avoid ugly "DISPLAY "(null)" invalid; disabling X11 + forwarding" message when DISPLAY is not set. This could also result in a + crash on systems with a printf that doesn't handle NULL. OK djm@ - Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84 + Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412 -commit 3f628c7b537291c1019ce86af90756fb4e66d0fd -Author: guenther@openbsd.org -Date: Mon Jul 27 16:29:23 2015 +0000 +commit 537f88ec7bcf40bd444ac5584c707c5588c55c43 +Author: dtucker@openbsd.org +Date: Fri Jan 29 05:18:15 2016 +0000 upstream commit - Permit kbind(2) use in the sandbox now, to ease testing - of ld.so work using it - - reminded by miod@, ok deraadt@ + Add regression test for RekeyLimit parsing of >32bit values + (4G and 8G). - Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413 + Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328 -commit ebe27ebe520098bbc0fe58945a87ce8490121edb -Author: millert@openbsd.org -Date: Mon Jul 20 18:44:12 2015 +0000 +commit 4c6cb8330460f94e6c7ae28a364236d4188156a3 +Author: dtucker@openbsd.org +Date: Fri Jan 29 23:04:46 2016 +0000 upstream commit - Move .Pp before .Bl, not after to quiet mandoc -Tlint. - Noticed by jmc@ + Remove leftover roaming dead code. ok djm markus. - Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23 + Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be -commit d5d91d0da819611167782c66ab629159169d94d4 -Author: millert@openbsd.org -Date: Mon Jul 20 18:42:35 2015 +0000 +commit 28136471809806d6246ef41e4341467a39fe2f91 +Author: djm@openbsd.org +Date: Fri Jan 29 05:46:01 2016 +0000 upstream commit - Sync usage with SYNOPSIS + include packet type of non-data packets in debug3 output; + ok markus dtucker - Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7 + Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41 -commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743 -Author: millert@openbsd.org -Date: Mon Jul 20 15:39:52 2015 +0000 +commit 6fd6e28daccafaa35f02741036abe64534c361a1 +Author: dtucker@openbsd.org +Date: Fri Jan 29 03:31:03 2016 +0000 upstream commit - Better desciption of Unix domain socket forwarding. - bz#2423; ok jmc@ + Revert "account for packets buffered but not yet + processed" change as it breaks for very small RekeyLimit values due to + continuous rekeying. ok djm@ - Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d - -commit d56fd1828074a4031b18b8faa0bf949669eb18a0 -Author: Damien Miller -Date: Mon Jul 20 11:19:51 2015 +1000 - - make realpath.c compile -Wsign-compare clean + Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19 -commit c63c9a691dca26bb7648827f5a13668832948929 -Author: djm@openbsd.org -Date: Mon Jul 20 00:30:01 2015 +0000 +commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb +Author: dtucker@openbsd.org +Date: Fri Jan 29 02:54:45 2016 +0000 upstream commit - mention that the default of UseDNS=no implies that - hostnames cannot be used for host matching in sshd_config and - authorized_keys; bz#2045, ok dtucker@ + Allow RekeyLimits in excess of 4G up to 2**63 bits + (limited by the return type of scan_scaled). Part of bz#2521, ok djm. - Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1 + Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979 -commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 -Author: djm@openbsd.org -Date: Sat Jul 18 08:02:17 2015 +0000 +commit c0060a65296f01d4634f274eee184c0e93ba0f23 +Author: dtucker@openbsd.org +Date: Fri Jan 29 02:42:46 2016 +0000 upstream commit - don't ignore PKCS#11 hosted keys that return empty - CKA_ID; patch by Jakub Jelen via bz#2429; ok markus + Account for packets buffered but not yet processed when + computing whether or not it is time to perform rekeying. bz#2521, based + loosely on a patch from olo at fb.com, ok djm@ - Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485 + Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c -commit b15fd989c8c62074397160147a8d5bc34b3f3c63 +commit 44cf930e670488c85c9efeb373fa5f4b455692ac Author: djm@openbsd.org -Date: Sat Jul 18 08:00:21 2015 +0000 +Date: Wed Jan 27 06:44:58 2016 +0000 upstream commit - skip uninitialised PKCS#11 slots; patch from Jakub Jelen - in bz#2427 ok markus@ + change old $FreeBSD version string in comment so it doesn't + become an RCS ident downstream; requested by des AT des.no - Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29 + Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722 -commit 5b64f85bb811246c59ebab70aed331f26ba37b18 +commit ebacd377769ac07d1bf3c75169644336056b7060 Author: djm@openbsd.org -Date: Sat Jul 18 07:57:14 2015 +0000 +Date: Wed Jan 27 00:53:12 2016 +0000 upstream commit - only query each keyboard-interactive device once per - authentication request regardless of how many times it is listed; ok markus@ + make the debug messages a bit more useful here - Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 + Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64 -commit cd7324d0667794eb5c236d8a4e0f236251babc2d -Author: djm@openbsd.org -Date: Fri Jul 17 03:34:27 2015 +0000 +commit 458abc2934e82034c5c281336d8dc0f910aecad3 +Author: jsg@openbsd.org +Date: Sat Jan 23 05:31:35 2016 +0000 upstream commit - remove -u flag to diff (only used for error output) to make - things easier for -portable + Zero a stack buffer with explicit_bzero() instead of + memset() when returning from client_loop() for consistency with + buffer_free()/sshbuf_free(). - Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548 + ok dtucker@ deraadt@ djm@ + + Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66 -commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a -Author: djm@openbsd.org -Date: Fri Jul 17 03:09:19 2015 +0000 +commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0 +Author: dtucker@openbsd.org +Date: Wed Jan 20 09:22:39 2016 +0000 upstream commit - direct-streamlocal@openssh.com Unix domain foward - messages do not contain a "reserved for future use" field and in fact, - serverloop.c checks that there isn't one. Remove erroneous mention from - PROTOCOL description. bz#2421 from Daniel Black + Include sys/time.h for gettimeofday. From sortie at + maxsi.org. - Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac + Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b -commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52 -Author: djm@openbsd.org -Date: Fri Jul 17 03:04:27 2015 +0000 +commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a +Author: markus@openbsd.org +Date: Thu Jan 14 22:56:56 2016 +0000 upstream commit - describe magic for setting up Unix domain socket fowards - via the mux channel; bz#2422 patch from Daniel Black + fd leaks; report Qualys Security Advisory team; ok + deraadt@ - Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861 + Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d -commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc -Author: Darren Tucker -Date: Fri Jul 17 12:52:34 2015 +1000 +commit a306863831c57ec5fad918687cc5d289ee8e2635 +Author: markus@openbsd.org +Date: Thu Jan 14 16:17:39 2016 +0000 - Check if realpath works on nonexistent files. - - On some platforms the native realpath doesn't work with non-existent - files (this is actually specified in some versions of POSIX), however - the sftp spec says its realpath with "canonicalize any given path name". - On those platforms, use realpath from the compat library. + upstream commit - In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines - the realpath symbol to the checked version, so redefine ours to - something else so we pick up the compat version we want. + remove roaming support; ok djm@ - bz#2428, ok djm@ + Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56 -commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0 -Author: djm@openbsd.org -Date: Fri Jul 17 02:47:45 2015 +0000 +commit 6ef49e83e30688504552ac10875feabd5521565f +Author: deraadt@openbsd.org +Date: Thu Jan 14 14:34:34 2016 +0000 upstream commit - fix incorrect test for SSH1 keys when compiled without SSH1 - support + Disable experimental client-side roaming support. Server + side was disabled/gutted for years already, but this aspect was surprisingly + forgotten. Thanks for report from Qualys - Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451 + Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df -commit df56a8035d429b2184ee94aaa7e580c1ff67f73a +commit 8d7b523b96d3be180572d9d338cedaafc0570f60 +Author: Damien Miller +Date: Thu Jan 14 11:08:19 2016 +1100 + + bump version numbers + +commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca +Author: Damien Miller +Date: Thu Jan 14 11:04:04 2016 +1100 + + openssh-7.1p2 + +commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5 +Author: Damien Miller +Date: Fri Jan 15 01:30:36 2016 +1100 + + forcibly disable roaming support in the client + +commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c Author: djm@openbsd.org -Date: Wed Jul 15 08:00:11 2015 +0000 +Date: Wed Jan 13 23:04:47 2016 +0000 upstream commit - fix NULL-deref when SSH1 reenabled + eliminate fallback from untrusted X11 forwarding to trusted + forwarding when the X server disables the SECURITY extension; Reported by + Thomas Hoger; ok deraadt@ - Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295 + Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938 -commit 41e38c4d49dd60908484e6703316651333f16b93 +commit 9a728cc918fad67c8a9a71201088b1e150340ba4 Author: djm@openbsd.org -Date: Wed Jul 15 07:19:50 2015 +0000 +Date: Tue Jan 12 23:42:54 2016 +0000 upstream commit - regen RSA1 test keys; the last batch was missing their - private parts + use explicit_bzero() more liberally in the buffer code; ok + deraadt - Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a + Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf -commit 5bf0933184cb622ca3f96d224bf3299fd2285acc -Author: markus@openbsd.org -Date: Fri Jul 10 06:23:25 2015 +0000 +commit 4626cbaf78767fc8e9c86dd04785386c59ae0839 +Author: Damien Miller +Date: Fri Jan 8 14:24:56 2016 +1100 - upstream commit + Support Illumos/Solaris fine-grained privileges - Adapt tests, now that DSA if off by default; use - PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA. + Includes a pre-auth privsep sandbox and several pledge() + emulations. bz#2511, patch by Alex Wilson. - Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c + ok dtucker@ -commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc -Author: markus@openbsd.org -Date: Tue Jul 7 14:54:16 2015 +0000 +commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d +Author: djm@openbsd.org +Date: Thu Dec 31 00:33:52 2015 +0000 upstream commit - regen test data after mktestdata.sh changes + fix three bugs in KRL code related to (unused) signature + support: verification length was being incorrectly calculated, multiple + signatures were being incorrectly processed and a NULL dereference that + occurred when signatures were verified. Reported by Carl Jackson - Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4 + Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b -commit 7c8c174c69f681d4910fa41c37646763692b28e2 -Author: markus@openbsd.org -Date: Tue Jul 7 14:53:30 2015 +0000 +commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a +Author: djm@openbsd.org +Date: Wed Dec 30 23:46:14 2015 +0000 upstream commit - adapt tests to new minimum RSA size and default FP format + unused prototype - Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e + Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97 -commit 6a977a4b68747ade189e43d302f33403fd4a47ac -Author: djm@openbsd.org -Date: Fri Jul 3 04:39:23 2015 +0000 +commit 6213f0e180e54122bb1ba928e11c784e2b4e5380 +Author: guenther@openbsd.org +Date: Sat Dec 26 20:51:35 2015 +0000 upstream commit - legacy v00 certificates are gone; adapt and don't try to - test them; "sure" markus@ dtucker@ + Use pread/pwrite instead separate lseek+read/write for + lastlog. Cast to off_t before multiplication to avoid truncation on ILP32 - Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12 + ok kettenis@ mmcc@ + + Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf -commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385 -Author: djm@openbsd.org -Date: Wed Jul 1 23:11:18 2015 +0000 +commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f +Author: semarie@openbsd.org +Date: Sat Dec 26 07:46:03 2015 +0000 upstream commit - don't expect SSH v.1 in unittests + adjust pledge promises for ControlMaster: when using + "ask" or "autoask", the process will use ssh-askpass for asking confirmation. - Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397 + problem found by halex@ + + ok halex@ + + Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80 -commit 3c099845798a817cdde513c39074ec2063781f18 +commit 271df8185d9689b3fb0523f58514481b858f6843 Author: djm@openbsd.org -Date: Mon Jun 15 06:38:50 2015 +0000 +Date: Sun Dec 13 22:42:23 2015 +0000 upstream commit - turn SSH1 back on to match src/usr.bin/ssh being tested + unbreak connections with peers that set + first_kex_follows; fix from Matt Johnston va bz#2515 - Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333 + Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b -commit b1dc2b33689668c75e95f873a42d5aea1f4af1db -Author: dtucker@openbsd.org -Date: Mon Jul 13 04:57:14 2015 +0000 +commit 43849a47c5f8687699eafbcb5604f6b9c395179f +Author: doug@openbsd.org +Date: Fri Dec 11 17:41:37 2015 +0000 upstream commit - Add "PuTTY_Local:" to the clients to which we do not - offer DH-GEX. This was the string that was used for development versions - prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately - there are some extant products based on those versions. bx2424 from Jay - Rouman, ok markus@ djm@ + Add "id" to ssh-agent pledge for subprocess support. - Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5 - -commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 -Author: markus@openbsd.org -Date: Fri Jul 10 06:21:53 2015 +0000 - - upstream commit + Found the hard way by Jan Johansson when using ssh-agent with X. Also, + rearranged proc/exec and retval to match other pledge calls in the tree. - Turn off DSA by default; add HostKeyAlgorithms to the - server and PubkeyAcceptedKeyTypes to the client side, so it still can be - tested or turned back on; feedback and ok djm@ + ok djm@ - Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21 + Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db -commit 16db0a7ee9a87945cc594d13863cfcb86038db59 -Author: markus@openbsd.org -Date: Thu Jul 9 09:49:46 2015 +0000 +commit 52d7078421844b2f88329f5be3de370b0a938636 +Author: mmcc@openbsd.org +Date: Fri Dec 11 04:21:11 2015 +0000 upstream commit - re-enable ed25519-certs if compiled w/o openssl; ok djm + Remove NULL-checks before sshbuf_free(). - Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49 + ok djm@ + + Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917 -commit c355bf306ac33de6545ce9dac22b84a194601e2f -Author: markus@openbsd.org -Date: Wed Jul 8 20:24:02 2015 +0000 +commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7 +Author: djm@openbsd.org +Date: Fri Dec 11 03:24:25 2015 +0000 upstream commit - no need to include the old buffer/key API + include remote port number in a few more messages; makes + tying log messages together into a session a bit easier; bz#2503 ok dtucker@ - Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b + Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e -commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee -Author: markus@openbsd.org -Date: Wed Jul 8 19:09:25 2015 +0000 +commit 6091c362e89079397e68744ae30df121b0a72c07 +Author: djm@openbsd.org +Date: Fri Dec 11 03:20:09 2015 +0000 upstream commit - typedefs for Cipher&CipherContext are unused + don't try to load SSHv1 private key when compiled without + SSHv1 support. From Iain Morgan bz#2505 - Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7 + Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7 -commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0 -Author: markus@openbsd.org -Date: Wed Jul 8 19:04:21 2015 +0000 +commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352 +Author: djm@openbsd.org +Date: Fri Dec 11 03:19:09 2015 +0000 upstream commit - xmalloc.h is unused + use SSH_MAX_PUBKEY_BYTES consistently as buffer size when + reading key files. Increase it to match the size of the buffers already being + used. - Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58 + Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae -commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31 -Author: markus@openbsd.org -Date: Wed Jul 8 19:01:15 2015 +0000 +commit 89540b6de025b80404a0cb8418c06377f3f98848 +Author: mmcc@openbsd.org +Date: Fri Dec 11 02:31:47 2015 +0000 upstream commit - compress.c is gone + Remove NULL-checks before sshkey_free(). - Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced + ok djm@ + + Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52 -commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615 -Author: djm@openbsd.org -Date: Fri Jul 3 04:05:54 2015 +0000 +commit 79394ed6d74572c2d2643d73937dad33727fc240 +Author: dtucker@openbsd.org +Date: Fri Dec 11 02:29:03 2015 +0000 upstream commit - another SSH_RSA_MINIMUM_MODULUS_SIZE that needed - cranking + fflush stdout so that output is seen even when running in + debug mode when output may otherwise not be flushed. Patch from dustin at + null-ptr.net. - Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1 + Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc -commit b1f383da5cd3cb921fc7776f17a14f44b8a31757 -Author: djm@openbsd.org -Date: Fri Jul 3 03:56:25 2015 +0000 +commit ee607cccb6636eb543282ba90e0677b0604d8b7a +Author: Darren Tucker +Date: Tue Dec 15 15:23:49 2015 +1100 - upstream commit + Increase robustness of redhat/openssh.spec - add an XXX reminder for getting correct key paths from - sshd_config + - remove configure --with-rsh, because this option isn't supported anymore + - replace last occurrence of BuildPreReq by BuildRequires + - update grep statement to query the krb5 include directory - Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db + Patch from CarstenGrohmann via github, ok djm. -commit 933935ce8d093996c34d7efa4d59113163080680 -Author: djm@openbsd.org -Date: Fri Jul 3 03:49:45 2015 +0000 +commit b5fa0cd73555b991a543145603658d7088ec6b60 +Author: Darren Tucker +Date: Tue Dec 15 15:10:32 2015 +1100 - upstream commit - - refuse to generate or accept RSA keys smaller than 1024 - bits; feedback and ok dtucker@ + Allow --without-ssl-engine with --without-openssl - Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba + Patch from Mike Frysinger via github. -commit bdfd29f60b74f3e678297269dc6247a5699583c1 -Author: djm@openbsd.org -Date: Fri Jul 3 03:47:00 2015 +0000 +commit c1d7e546f6029024f3257cc25c92f2bddf163125 +Author: Darren Tucker +Date: Tue Dec 15 14:27:09 2015 +1100 - upstream commit + Include openssl crypto.h for SSLeay. - turn off 1024 bit diffie-hellman-group1-sha1 key - exchange method (already off in server, this turns it off in the client by - default too) ok dtucker@ + Patch from doughdemon via github. + +commit c6f5f01651526e88c00d988ce59d71f481ebac62 +Author: Darren Tucker +Date: Tue Dec 15 13:59:12 2015 +1100 + + Add sys/time.h for gettimeofday. - Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa + Should allow it it compile with MUSL libc. Based on patch from + doughdemon via github. -commit c28fc62d789d860c75e23a9fa9fb250eb2beca57 +commit 39736be06c7498ef57d6970f2d85cf066ae57c82 Author: djm@openbsd.org -Date: Fri Jul 3 03:43:18 2015 +0000 +Date: Fri Dec 11 02:20:28 2015 +0000 upstream commit - delete support for legacy v00 certificates; "sure" - markus@ dtucker@ + correct error messages; from Tomas Kuthan bz#2507 - Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f + Upstream-ID: 7454a0affeab772398052954c79300aa82077093 -commit 564d63e1b4a9637a209d42a9d49646781fc9caef -Author: djm@openbsd.org -Date: Wed Jul 1 23:10:47 2015 +0000 +commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6 +Author: mmcc@openbsd.org +Date: Fri Dec 11 00:20:04 2015 +0000 upstream commit - Compile-time disable SSH v.1 again + Pass (char *)NULL rather than (char *)0 to execl and + execlp. - Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af + ok dtucker@ + + Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492 -commit 868109b650504dd9bcccdb1f51d0906f967c20ff -Author: djm@openbsd.org -Date: Wed Jul 1 02:39:06 2015 +0000 +commit d59ce08811bf94111c2f442184cf7d1257ffae24 +Author: mmcc@openbsd.org +Date: Thu Dec 10 17:08:40 2015 +0000 upstream commit - twiddle PermitRootLogin back + Remove NULL-checks before free(). - Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2 + ok dtucker@ + + Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8 -commit 7de4b03a6e4071d454b72927ffaf52949fa34545 -Author: djm@openbsd.org -Date: Wed Jul 1 02:32:17 2015 +0000 +commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71 +Author: mmcc@openbsd.org +Date: Thu Dec 10 07:01:35 2015 +0000 upstream commit - twiddle; (this commit marks the openssh-6.9 release) + Fix a couple "the the" typos. ok dtucker@ - Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234 + Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72 -commit 1bf477d3cdf1a864646d59820878783d42357a1d -Author: djm@openbsd.org -Date: Wed Jul 1 02:26:31 2015 +0000 +commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e +Author: markus@openbsd.org +Date: Mon Dec 7 20:04:09 2015 +0000 upstream commit - better refuse ForwardX11Trusted=no connections attempted - after ForwardX11Timeout expires; reported by Jann Horn + stricter encoding type checks for ssh-rsa; ok djm@ - Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21 + Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650 -commit 47aa7a0f8551b471fcae0447c1d78464f6dba869 -Author: djm@openbsd.org -Date: Wed Jul 1 01:56:13 2015 +0000 +commit d86a3ba7af160c13496102aed861ae48a4297072 +Author: Damien Miller +Date: Wed Dec 9 09:18:45 2015 +1100 - upstream commit - - put back default PermitRootLogin=no + Don't set IPV6_V6ONLY on OpenBSD - Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728 + It isn't necessary and runs afoul of pledge(2) restrictions. -commit 984b064fe2a23733733262f88d2e1b2a1a501662 +commit da98c11d03d819a15429d8fff9688acd7505439f Author: djm@openbsd.org -Date: Wed Jul 1 01:55:13 2015 +0000 +Date: Mon Dec 7 02:20:46 2015 +0000 upstream commit - openssh-6.9 + basic unit tests for rsa-sha2-* signature types - Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45 + Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c -commit d921082ed670f516652eeba50705e1e9f6325346 -Author: djm@openbsd.org -Date: Wed Jul 1 01:55:00 2015 +0000 +commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0 +Author: markus@openbsd.org +Date: Sat Dec 5 20:53:21 2015 +0000 upstream commit - reset default PermitRootLogin to 'yes' (momentarily, for - release) + prefer rsa-sha2-512 over -256 for hostkeys, too; noticed + by naddy@ - Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24 + Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe -commit 66295e0e1ba860e527f191b6325d2d77dec4dbce -Author: Damien Miller -Date: Wed Jul 1 11:49:12 2015 +1000 +commit 8b56e59714d87181505e4678f0d6d39955caf10e +Author: tobias@openbsd.org +Date: Fri Dec 4 21:51:06 2015 +0000 - crank version numbers for release + upstream commit + + Properly handle invalid %-format by calling fatal. + + ok deraadt, djm + + Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac -commit 37035c07d4f26bb1fbe000d2acf78efdb008681d -Author: Damien Miller -Date: Wed Jul 1 10:49:37 2015 +1000 +commit 76c9fbbe35aabc1db977fb78e827644345e9442e +Author: markus@openbsd.org +Date: Fri Dec 4 16:41:28 2015 +0000 - s/--with-ssh1/--without-ssh1/ + upstream commit + + implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures + (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and + draft-ssh-ext-info-04.txt; with & ok djm@ + + Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309 -commit 629df770dbadc2accfbe1c81b3f31f876d0acd84 +commit 6064a8b8295cb5a17b5ebcfade53053377714f40 Author: djm@openbsd.org -Date: Tue Jun 30 05:25:07 2015 +0000 +Date: Fri Dec 4 00:24:55 2015 +0000 upstream commit - fatal() when a remote window update causes the window - value to overflow. Reported by Georg Wicherski, ok markus@ + clean up agent_fd handling; properly initialise it to -1 + and make tests consistent - Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351 + ok markus@ + + Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707 -commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2 -Author: djm@openbsd.org -Date: Tue Jun 30 05:23:25 2015 +0000 +commit b91926a97620f3e51761c271ba57aa5db790f48d +Author: semarie@openbsd.org +Date: Thu Dec 3 17:00:18 2015 +0000 upstream commit - Fix math error in remote window calculations that causes - eventual stalls for datagram channels. Reported by Georg Wicherski, ok - markus@ + pledges ssh client: - mux client: which is used when + ControlMaster is in use. will end with "stdio proc tty" (proc is to + permit sending SIGWINCH to mux master on window resize) - Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab + - client loop: several levels of pledging depending of your used options + + ok deraadt@ + + Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b -commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889 -Author: Damien Miller -Date: Tue Jun 30 16:05:40 2015 +1000 +commit bcce47466bbc974636f588b5e4a9a18ae386f64a +Author: doug@openbsd.org +Date: Wed Dec 2 08:30:50 2015 +0000 - skip IPv6-related portions on hosts without IPv6 + upstream commit - with Tim Rice + Add "cpath" to the ssh-agent pledge so the cleanup + handler can unlink(). + + ok djm@ + + Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d -commit 512caddf590857af6aa12218461b5c0441028cf5 +commit a90d001543f46716b6590c6dcc681d5f5322f8cf Author: djm@openbsd.org -Date: Mon Jun 29 22:35:12 2015 +0000 +Date: Wed Dec 2 08:00:58 2015 +0000 upstream commit - add getpid to sandbox, reachable by grace_alarm_handler - - reported by Jakub Jelen; bz#2419 + ssh-agent pledge needs proc for askpass; spotted by todd@ - Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8 + Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a -commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93 +commit d952162b3c158a8f23220587bb6c8fcda75da551 Author: djm@openbsd.org -Date: Fri Jun 26 05:13:20 2015 +0000 +Date: Tue Dec 1 23:29:24 2015 +0000 upstream commit - Fix \-escaping bug that caused forward path parsing to skip - two characters and skip past the end of the string. + basic pledge() for ssh-agent, more refinement needed - Based on patch by Salvador Fandino; ok dtucker@ + Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13 + +commit f0191d7c8e76e30551084b79341886d9bb38e453 +Author: Damien Miller +Date: Mon Nov 30 10:53:25 2015 +1100 + + Revert "stub for pledge(2) for systems that lack it" - Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd + This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. + + dtucker beat me to it :/ -commit bc20205c91c9920361d12b15d253d4997dba494a +commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676 Author: Damien Miller -Date: Thu Jun 25 09:51:39 2015 +1000 +Date: Mon Nov 30 10:37:03 2015 +1100 - add missing pselect6 + revert 7d4c7513: bring back S/Key prototypes - patch from Jakub Jelen + (but leave RCSID changes) -commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a +commit 14c887c8393adde2d9fd437d498be30f8c98535c +Author: Damien Miller +Date: Mon Nov 30 09:45:29 2015 +1100 + + stub for pledge(2) for systems that lack it + +commit 452c0b6af5d14c37553e30059bf74456012493f3 Author: djm@openbsd.org -Date: Wed Jun 24 23:47:23 2015 +0000 +Date: Sun Nov 29 22:18:37 2015 +0000 upstream commit - correct test to sshkey_sign(); spotted by Albert S. + pledge, better fatal() messages; feedback deraadt@ - Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933 + Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f -commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3 -Author: dtucker@openbsd.org -Date: Wed Jun 24 01:49:19 2015 +0000 +commit 6da413c085dba37127687b2617a415602505729b +Author: deraadt@openbsd.org +Date: Sat Nov 28 06:50:52 2015 +0000 upstream commit - Revert previous commit. We still want to call setgroups - in the case where there are zero groups to remove any that we might otherwise - inherit (as pointed out by grawity at gmail.com) and since the 2nd argument - to setgroups is always a static global it's always valid to dereference in - this case. ok deraadt@ djm@ + do not leak temp file if there is no known_hosts file + from craig leres, ok djm - Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 + Upstream-ID: c820497fd5574844c782e79405c55860f170e426 -commit 882f8bf94f79528caa65b0ba71c185d705bb7195 -Author: dtucker@openbsd.org -Date: Wed Jun 24 01:49:19 2015 +0000 +commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16 +Author: Darren Tucker +Date: Mon Nov 30 07:23:53 2015 +1100 - upstream commit - - Revert previous commit. We still want to call setgroups in - the case where there are zero groups to remove any that we might otherwise - inherit (as pointed out by grawity at gmail.com) and since the 2nd argument - to setgroups is always a static global it's always valid to dereference in - this case. ok deraadt@ djm@ + Add a null implementation of pledge. - Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 + Fixes builds on almost everything. -commit 9488538a726951e82b3a4374f3c558d72c80a89b +commit b1d6b3971ef256a08692efc409fc9ada719111cc Author: djm@openbsd.org -Date: Mon Jun 22 23:42:16 2015 +0000 +Date: Sat Nov 28 06:41:03 2015 +0000 upstream commit - Don't count successful partial authentication as failures - in monitor; this may have caused the monitor to refuse multiple - authentications that would otherwise have successfully completed; ok markus@ + don't include port number in tcpip-forward replies for + requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok + markus - Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3 + Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a -commit 63b78d003bd8ca111a736e6cea6333da50f5f09b -Author: dtucker@openbsd.org -Date: Mon Jun 22 12:29:57 2015 +0000 +commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 +Author: deraadt@openbsd.org +Date: Fri Nov 27 00:49:31 2015 +0000 upstream commit - Don't call setgroups if we have zero groups; there's no - guarantee that it won't try to deref the pointer. Based on a patch from mail - at quitesimple.org, ok djm deraadt + pledge "stdio rpath wpath cpath fattr tty proc exec" + except for the -p option (which sadly has insane semantics...) ok semarie + dtucker - Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1 - -commit 5c15e22c691c79a47747bcf5490126656f97cecd -Author: Damien Miller -Date: Thu Jun 18 15:07:56 2015 +1000 + Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059 - fix syntax error - -commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403 -Author: jsing@openbsd.org -Date: Mon Jun 15 18:44:22 2015 +0000 +commit 4d90625b229cf6b3551d81550a9861897509a65f +Author: halex@openbsd.org +Date: Fri Nov 20 23:04:01 2015 +0000 upstream commit - If AuthorizedPrincipalsCommand is specified, however - AuthorizedPrincipalsFile is not (or is set to "none"), authentication will - potentially fail due to key_cert_check_authority() failing to locate a - principal that matches the username, even though an authorized principal has - already been matched in the output of the subprocess. Fix this by using the - same logic to determine if pw->pw_name should be passed, as is used to - determine if a authorized principal must be matched earlier on. + allow comment change for all supported formats ok djm@ - Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d + Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b -commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905 -Author: jsing@openbsd.org -Date: Mon Jun 15 18:42:19 2015 +0000 +commit 8ca915fc761519dd1f7766a550ec597a81db5646 +Author: djm@openbsd.org +Date: Fri Nov 20 01:45:29 2015 +0000 upstream commit - Make the arguments to match_principals_command() similar - to match_principals_file(), by changing the last argument a struct - sshkey_cert * and dereferencing key->cert in the caller. - - No functional change. - - ok djm@ + add cast to make -Werror clean - Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c + Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d -commit 97e2e1596c202a4693468378b16b2353fd2d6c5e +commit ac9473580dcd401f8281305af98635cdaae9bf96 Author: Damien Miller -Date: Wed Jun 17 14:36:54 2015 +1000 +Date: Fri Nov 20 12:35:41 2015 +1100 - trivial optimisation for seccomp-bpf + fix multiple authentication using S/Key w/ privsep - When doing arg inspection and the syscall doesn't match, skip - past the instruction that reloads the syscall into the accumulator, - since the accumulator hasn't been modified at this point. + bz#2502, patch from Kevin Korb and feandil_ -commit 99f33d7304893bd9fa04d227cb6e870171cded19 -Author: Damien Miller -Date: Wed Jun 17 10:50:51 2015 +1000 +commit 88b6fcdeb87a2fb76767854d9eb15006662dca57 +Author: djm@openbsd.org +Date: Thu Nov 19 08:23:27 2015 +0000 - aarch64 support for seccomp-bpf sandbox + upstream commit - Also resort and tidy syscall list. Based on patches by Jakub Jelen - bz#2361; ok dtucker@ + ban ConnectionAttempts=0, it makes no sense and would cause + ssh_connect_direct() to print an uninitialised stack variable; bz#2500 + reported by dvw AT phas.ubc.ca + + Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5 -commit 4ef702e1244633c1025ec7cfe044b9ab267097bf +commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7 Author: djm@openbsd.org -Date: Mon Jun 15 01:32:50 2015 +0000 +Date: Thu Nov 19 01:12:32 2015 +0000 upstream commit - return failure on RSA signature error; reported by Albert S + trailing whitespace - Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa + Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051 -commit a170f22baf18af0b1acf2788b8b715605f41a1f9 -Author: Tim Rice -Date: Tue Jun 9 22:41:13 2015 -0700 +commit f96516d052dbe38561f6b92b0e4365d8e24bb686 +Author: djm@openbsd.org +Date: Thu Nov 19 01:09:38 2015 +0000 - Fix t12 rules for out of tree builds. + upstream commit + + print host certificate contents at debug level + + Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d -commit ec04dc4a5515c913121bc04ed261857e68fa5c18 -Author: millert@openbsd.org -Date: Fri Jun 5 15:13:13 2015 +0000 +commit 499cf36fecd6040e30e2912dd25655bc574739a7 +Author: djm@openbsd.org +Date: Thu Nov 19 01:08:55 2015 +0000 upstream commit - For "ssh -L 12345:/tmp/sock" don't fail with "No forward host - name." (we have a path, not a host name). Based on a diff from Jared - Yanovich. OK djm@ + move the certificate validity formatting code to + sshkey.[ch] - Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f + Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523 -commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6 +commit bcb7bc77bbb1535d1008c7714085556f3065d99d Author: djm@openbsd.org -Date: Fri Jun 5 03:44:14 2015 +0000 +Date: Wed Nov 18 08:37:28 2015 +0000 upstream commit - typo: accidental repetition; bz#2386 + fix "ssh-keygen -l" of private key, broken in support for + multiple plain keys on stdin - Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b + Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d -commit adfb24c69d1b6f5e758db200866c711e25a2ba73 -Author: Darren Tucker -Date: Fri Jun 5 14:51:40 2015 +1000 +commit 259adb6179e23195c8f6913635ea71040d1ccd63 +Author: millert@openbsd.org +Date: Mon Nov 16 23:47:52 2015 +0000 - Add Linux powerpc64le and powerpcle entries. + upstream commit - Stopgap to resolve bz#2409 because we are so close to release and will - update config.guess and friends shortly after the release. ok djm@ - -commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da -Merge: 6397eed d2480bc -Author: Tim Rice -Date: Wed Jun 3 21:43:13 2015 -0700 - - Merge branch 'master' of git.mindrot.org:/var/git/openssh - -commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc -Author: Tim Rice -Date: Wed Jun 3 21:41:11 2015 -0700 - - Remove unneeded backslashes. Patch from Ángel González - -commit d2480bcac1caf31b03068de877a47d6e1027bf6d -Author: Darren Tucker -Date: Thu Jun 4 14:10:55 2015 +1000 - - Remove redundant include of stdarg.h. bz#2410 + Replace remaining calls to index(3) with strchr(3). OK + jca@ krw@ + + Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d -commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb +commit c56a255162c2166884539c0a1f7511575325b477 Author: djm@openbsd.org -Date: Tue Jun 2 09:10:40 2015 +0000 +Date: Mon Nov 16 22:53:07 2015 +0000 upstream commit - mention CheckHostIP adding addresses to known_hosts; - bz#1993; ok dtucker@ + Allow fingerprinting from standard input "ssh-keygen -lf + -" - Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7 - -commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818 -Author: Darren Tucker -Date: Tue Jun 2 20:15:26 2015 +1000 - - Replace strcpy with strlcpy. + Support fingerprinting multiple plain keys in a file and authorized_keys + files too (bz#1319) - ok djm, sanity check by Corinna Vinschen. + ok markus@ + + Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77 -commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143 -Author: Damien Miller -Date: Fri May 29 18:27:21 2015 +1000 +commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204 +Author: djm@openbsd.org +Date: Mon Nov 16 22:51:05 2015 +0000 - skip, rather than fatal when run without SUDO set + upstream commit + + always call privsep_preauth_child() regardless of whether + sshd was started by root; it does important priming before sandboxing and + failing to call it could result in sandbox violations later; ok markus@ + + Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383 -commit 599f01142a376645b15cbc9349d7e8975e1cf245 -Author: Damien Miller -Date: Fri May 29 18:03:15 2015 +1000 +commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f +Author: djm@openbsd.org +Date: Mon Nov 16 22:50:01 2015 +0000 - fix merge botch that left ",," in KEX algs + upstream commit + + improve sshkey_read() semantics; only update *cpp when a + key is successfully read; ok markus@ + + Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089 -commit 0c2a81dfc21822f2423edd30751e5ec53467b347 -Author: Damien Miller -Date: Fri May 29 17:08:28 2015 +1000 +commit db6f8dc5dd5655b59368efd074994d4568bc3556 +Author: logan@openbsd.org +Date: Mon Nov 16 06:13:04 2015 +0000 - re-enable SSH protocol 1 at compile time + upstream commit + + 1) Use xcalloc() instead of xmalloc() to check for + potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size + just before the for loop. (suggested by djm@) + + OK djm@ + + Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213 -commit db438f9285d64282d3ac9e8c0944f59f037c0151 +commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0 Author: djm@openbsd.org -Date: Fri May 29 03:05:13 2015 +0000 +Date: Mon Nov 16 00:30:02 2015 +0000 upstream commit - make this work without SUDO set; ok dtucker@ + Add a new authorized_keys option "restrict" that + includes all current and future key restrictions (no-*-forwarding, etc). Also + add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". + This simplifies the task of setting up restricted keys and ensures they are + maximally-restricted, regardless of any permissions we might implement in the + future. - Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715 + Example: + + restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1... + + Idea from Jann Horn; ok markus@ + + Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0 -commit 1d9a2e2849c9864fe75daabf433436341c968e14 -Author: djm@openbsd.org -Date: Thu May 28 07:37:31 2015 +0000 +commit e41a071f7bda6af1fb3f081bed0151235fa61f15 +Author: jmc@openbsd.org +Date: Sun Nov 15 23:58:04 2015 +0000 upstream commit - wrap all moduli-related code in #ifdef WITH_OPENSSL. - based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@ + correct section number for ssh-agent; - Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf + Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6 -commit 496aeb25bc2d6c434171292e4714771b594bd00e -Author: dtucker@openbsd.org -Date: Thu May 28 05:41:29 2015 +0000 +commit 1a11670286acddcc19f5eff0966c380831fc4638 +Author: jmc@openbsd.org +Date: Sun Nov 15 23:54:15 2015 +0000 upstream commit - Increase the allowed length of the known host file name - in the log message to be consistent with other cases. Part of bz#1993, ok - deraadt. + do not confuse mandoc by presenting "Dd"; - Upstream-ID: a9e97567be49f25daf286721450968251ff78397 + Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65 -commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14 -Author: dtucker@openbsd.org -Date: Thu May 28 05:09:45 2015 +0000 +commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b +Author: jcs@openbsd.org +Date: Sun Nov 15 22:26:49 2015 +0000 upstream commit - Fix typo (keywork->keyword) + Add an AddKeysToAgent client option which can be set to + 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a + private key that is used during authentication will be added to ssh-agent if + it is running (with confirmation enabled if set to 'confirm'). - Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534 + Initial version from Joachim Schipper many years ago. + + ok markus@ + + Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4 -commit 9cc6842493fbf23025ccc1edab064869640d3bec +commit d87063d9baf5479b6e813d47dfb694a97df6f6f5 Author: djm@openbsd.org -Date: Thu May 28 04:50:53 2015 +0000 +Date: Fri Nov 13 04:39:35 2015 +0000 upstream commit - add error message on ftruncate failure; bz#2176 + send SSH2_MSG_UNIMPLEMENTED replies to unexpected + messages during KEX; bz#2949, ok dtucker@ - Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf + Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786 -commit d1958793a0072c22be26d136dbda5ae263e717a0 +commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc Author: djm@openbsd.org -Date: Thu May 28 04:40:13 2015 +0000 +Date: Fri Nov 13 04:38:06 2015 +0000 upstream commit - make ssh-keygen default to ed25519 keys when compiled - without OpenSSL; bz#2388, ok dtucker@ + Support "none" as an argument for sshd_config + ForceCommand and ChrootDirectory. Useful inside Match blocks to override a + global default. bz#2486 ok dtucker@ - Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71 + Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5 -commit 3ecde664c9fc5fb3667aedf9e6671462600f6496 -Author: dtucker@openbsd.org -Date: Wed May 27 23:51:10 2015 +0000 +commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe +Author: djm@openbsd.org +Date: Fri Nov 13 04:34:15 2015 +0000 upstream commit - Reorder client proposal to prefer - diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@ + support multiple certificates (one per line) and + reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ - Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058 + Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db -commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68 -Author: dtucker@openbsd.org -Date: Wed May 27 23:39:18 2015 +0000 +commit b6b9108f5b561c83612cb97ece4134eb59fde071 +Author: djm@openbsd.org +Date: Fri Nov 13 02:57:46 2015 +0000 upstream commit - Add a stronger (4k bit) fallback group that sshd can use - when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok - markus@ (earlier version), djm@ + list a couple more options usable in Match blocks; + bz#2489 - Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4 + Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879 -commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a -Author: Darren Tucker -Date: Thu May 28 10:03:40 2015 +1000 +commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb +Author: djm@openbsd.org +Date: Wed Nov 11 04:56:39 2015 +0000 - New moduli file from OpenBSD, removing 1k groups. + upstream commit - Remove 1k bit groups. ok deraadt@, markus@ + improve PEEK/POKE macros: better casts, don't multiply + evaluate arguments; ok deraadt@ + + Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e -commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea +commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec Author: djm@openbsd.org -Date: Wed May 27 05:15:02 2015 +0000 +Date: Wed Nov 11 01:48:01 2015 +0000 upstream commit - support PKCS#11 devices with external PIN entry devices - bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@ + remove prototypes for long-gone s/key support; ok + dtucker@ - Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d + Upstream-ID: db5bed3c57118af986490ab23d399df807359a79 -commit b282fec1aa05246ed3482270eb70fc3ec5f39a00 -Author: dtucker@openbsd.org -Date: Tue May 26 23:23:40 2015 +0000 +commit 07889c75926c040b8e095949c724e66af26441cb +Author: Damien Miller +Date: Sat Nov 14 18:44:49 2015 +1100 - upstream commit + read back from libcrypto RAND when privdropping - Cap DH-GEX group size at 4kbits for Cisco implementations. - Some of them will choke when asked for preferred sizes >4k instead of - returning the 4k group that they do have. bz#2209, ok djm@ + makes certain libcrypto implementations cache a /dev/urandom fd + in preparation of sandboxing. Based on patch by Greg Hartman. + +commit 1560596f44c01bb0cef977816410950ed17b8ecd +Author: Darren Tucker +Date: Tue Nov 10 11:14:47 2015 +1100 + + Fix compiler warnings in the openssl header check. - Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d + Noted by Austin English. -commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e -Author: djm@openbsd.org -Date: Sun May 24 23:39:16 2015 +0000 +commit e72a8575ffe1d8adff42c9abe9ca36938acc036b +Author: jmc@openbsd.org +Date: Sun Nov 8 23:24:03 2015 +0000 upstream commit - add missing 'c' option to getopt(), case statement was - already there; from Felix Bolte + -c before -H, in SYNOPSIS and usage(); - Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081 + Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404 -commit 64a89ec07660abba4d0da7c0095b7371c98bab62 -Author: jsg@openbsd.org -Date: Sat May 23 14:28:37 2015 +0000 +commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485 +Author: djm@openbsd.org +Date: Sun Nov 8 22:30:20 2015 +0000 upstream commit - fix a memory leak in an error path ok markus@ dtucker@ + Add "ssh-keyscan -c ..." flag to allow fetching + certificates instead of plain keys; ok markus@ - Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598 + Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82 -commit f948737449257d2cb83ffcfe7275eb79b677fd4a -Author: djm@openbsd.org -Date: Fri May 22 05:28:45 2015 +0000 +commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346 +Author: jmc@openbsd.org +Date: Sun Nov 8 22:08:38 2015 +0000 upstream commit - mention ssh-keygen -E for comparing legacy MD5 - fingerprints; bz#2332 + remove slogin links; ok deraadt markus djm - Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859 + Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730 -commit 0882332616e4f0272c31cc47bf2018f9cb258a4e +commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0 Author: djm@openbsd.org -Date: Fri May 22 04:45:52 2015 +0000 +Date: Sun Nov 8 21:59:11 2015 +0000 upstream commit - Reorder EscapeChar option parsing to avoid a single-byte - out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@ + fix OOB read in packet code caused by missing return + statement found by Ben Hawkes; ok markus@ deraadt@ - Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060 + Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 -commit d7c31da4d42c115843edee2074d7d501f8804420 -Author: djm@openbsd.org -Date: Fri May 22 03:50:02 2015 +0000 +commit 5e288923a303ca672b686908320bc5368ebec6e6 +Author: mmcc@openbsd.org +Date: Fri Nov 6 00:31:41 2015 +0000 upstream commit - add knob to relax GSSAPI host credential check for - multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker - (kerberos/GSSAPI is not compiled by default on OpenBSD) + 1. rlogin and rsh are long gone 2. protocol version isn't + of core relevance here, and v1 is going away - Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d + ok markus@, deraadt@ + + Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8 -commit aa72196a00be6e0b666215edcffbc10af234cb0e -Author: Darren Tucker -Date: Fri May 22 17:49:46 2015 +1000 +commit 8b29008bbe97f33381d9b4b93fcfa304168d0286 +Author: jmc@openbsd.org +Date: Thu Nov 5 09:48:05 2015 +0000 - Include signal.h for sig_atomic_t, used by kex.h. + upstream commit - bz#2402, from tomas.kuthan at oracle com. + "commandline" -> "command line", since there are so few + examples of the former in the pages, so many of the latter, and in some of + these pages we had multiple spellings; + + prompted by tj + + Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659 -commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a +commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e Author: Darren Tucker -Date: Fri May 22 12:47:24 2015 +1000 +Date: Thu Oct 29 20:57:34 2015 +1100 - Import updated moduli file from OpenBSD. + (re)wrap SYS_sendsyslog in ifdef. + + Replace ifdef that went missing in commit + c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older + OpenBSDs. -commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9 +commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff Author: djm@openbsd.org -Date: Thu May 21 12:01:19 2015 +0000 +Date: Thu Oct 29 08:05:17 2015 +0000 upstream commit - Support "ssh-keygen -lF hostname" to find search known_hosts - and print key hashes. Already advertised by ssh-keygen(1), but not delivered - by code; ok dtucker@ + regress test for "PubkeyAcceptedKeyTypes +..." inside a + Match block - Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387 - -commit e97201feca10b5196da35819ae516d0b87cf3a50 -Author: Damien Miller -Date: Thu May 21 17:55:15 2015 +1000 - - conditionalise util.h inclusion + Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647 -commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0 -Author: djm@openbsd.org -Date: Thu May 21 06:44:25 2015 +0000 +commit abd9dbc3c0d8c8c7561347cfa22166156e78c077 +Author: dtucker@openbsd.org +Date: Mon Oct 26 02:50:58 2015 +0000 upstream commit - regress test for AuthorizedPrincipalsCommand + Fix typo certopt->certopts in shell variable. This would + cause the test to hang at a host key prompt if you have an A or CNAME for + "proxy" in your local domain. - Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219 + Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a -commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1 +commit ed08510d38aef930a061ae30d10f2a9cf233bafa Author: djm@openbsd.org -Date: Thu May 21 06:40:02 2015 +0000 +Date: Thu Oct 29 08:05:01 2015 +0000 upstream commit - regress test for AuthorizedKeysCommand arguments + Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; + ok dtucker@ - Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12 + Upstream-ID: 853662c4036730b966aab77684390c47b9738c69 -commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1 +commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5 Author: djm@openbsd.org -Date: Thu May 21 06:43:30 2015 +0000 +Date: Tue Oct 27 08:54:52 2015 +0000 upstream commit - add AuthorizedPrincipalsCommand that allows getting - authorized_principals from a subprocess rather than a file, which is quite - useful in deployments with large userbases - - feedback and ok markus@ + fix execv arguments in a way less likely to cause grief + for -portable; ok dtucker@ - Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6 + Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5 -commit 24232a3e5ab467678a86aa67968bbb915caffed4 +commit 63d188175accea83305e89fafa011136ff3d96ad Author: djm@openbsd.org -Date: Thu May 21 06:38:35 2015 +0000 +Date: Tue Oct 27 01:44:45 2015 +0000 upstream commit - support arguments to AuthorizedKeysCommand - - bz#2081 loosely based on patch by Sami Hartikainen - feedback and ok markus@ + log certificate serial in verbose() messages to match the + main auth success/fail message; ok dtucker@ - Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7 + Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288 -commit d80fbe41a57c72420c87a628444da16d09d66ca7 +commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f Author: djm@openbsd.org -Date: Thu May 21 04:55:51 2015 +0000 +Date: Tue Oct 27 00:49:53 2015 +0000 upstream commit - refactor: split base64 encoding of pubkey into its own - sshkey_to_base64() function and out of sshkey_write(); ok markus@ + avoid de-const warning & shrink; ok dtucker@ - Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a + Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db -commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5 -Author: deraadt@openbsd.org -Date: Mon May 18 15:06:05 2015 +0000 +commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e +Author: dtucker@openbsd.org +Date: Sun Oct 25 23:42:00 2015 +0000 upstream commit - getentropy() and sendsyslog() have been around long - enough. openssh-portable may want the #ifdef's but not base. discussed with - djm few weeks back + Expand tildes in filenames passed to -i before checking + whether or not the identity file exists. This means that if the shell + doesn't do the expansion (eg because the option and filename were given as a + single argument) then we'll still add the key. bz#2481, ok markus@ - Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926 + Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6 -commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e +commit 97e184e508dd33c37860c732c0eca3fc57698b40 Author: dtucker@openbsd.org -Date: Fri May 15 05:44:21 2015 +0000 +Date: Sun Oct 25 23:14:03 2015 +0000 upstream commit - Use a salted hash of the lock passphrase instead of plain - text and do constant-time comparisons of it. Should prevent leaking any - information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s - incrementing delay for each failed unlock attempt up to 10s. ok markus@ - (earlier version), djm@ + Do not prepend "exec" to the shell command run by "Match + exec" in a config file. It's an unnecessary optimization from repurposed + ProxyCommand code and prevents some things working with some shells. + bz#2471, pointed out by res at qoxp.net. ok markus@ - Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f + Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3 -commit d028d5d3a697c71b21e4066d8672cacab3caa0a8 -Author: Damien Miller -Date: Tue May 5 19:10:58 2015 +1000 +commit 8db134e7f457bcb069ec72bc4ee722e2af557c69 +Author: Darren Tucker +Date: Thu Oct 29 10:48:23 2015 +1100 - upstream commit + Prevent name collisions with system glob (bz#2463) - - tedu@cvs.openbsd.org 2015/01/12 03:20:04 - [bcrypt_pbkdf.c] - rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks, - nor are they the same size. + Move glob.h from includes.h to the only caller (sftp) and override the + names for the symbols. This prevents name collisions with the system glob + in the case where something other than ssh uses it (eg kerberos). With + jjelen at redhat.com, ok djm@ -commit f6391d4e59b058984163ab28f4e317e7a72478f1 -Author: Damien Miller -Date: Tue May 5 19:10:23 2015 +1000 +commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5 +Author: dtucker@openbsd.org +Date: Fri Oct 23 02:22:01 2015 +0000 upstream commit - - deraadt@cvs.openbsd.org 2015/01/08 00:30:07 - [bcrypt_pbkdf.c] - declare a local version of MIN(), call it MINIMUM() + Update expected group sizes to match recent code changes. + + Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794 -commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f -Author: Damien Miller -Date: Tue May 5 19:09:46 2015 +1000 +commit 9ada37d36003a77902e90a3214981e417457cf13 +Author: djm@openbsd.org +Date: Sat Oct 24 22:56:19 2015 +0000 upstream commit - - djm@cvs.openbsd.org 2014/12/30 01:41:43 - [bcrypt_pbkdf.c] - typo in comment: ouput => output + fix keyscan output for multiple hosts/addrs on one line + when host hashing or a non standard port is in use; bz#2479 ok dtucker@ + + Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b -commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2 +commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319 Author: djm@openbsd.org -Date: Mon May 4 06:10:48 2015 +0000 +Date: Sat Oct 24 22:52:22 2015 +0000 upstream commit - Remove pattern length argument from match_pattern_list(), we - only ever use it for strlen(pattern). + skip "Could not chdir to home directory" message when + chrooted - Prompted by hanno AT hboeck.de pointing an out-of-bound read - error caused by an incorrect pattern length found using AFL - and his own tools. + patch from Christian Hesse in bz#2485 ok dtucker@ - ok markus@ + Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431 -commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4 -Author: djm@openbsd.org -Date: Fri May 1 07:10:01 2015 +0000 +commit a820a8618ec44735dabc688fab96fba38ad66bb2 +Author: sthen@openbsd.org +Date: Sat Oct 24 08:34:09 2015 +0000 upstream commit - refactor ssh_dispatch_run_fatal() to use sshpkt_fatal() - to better report error conditions. Teach sshpkt_fatal() about ECONNRESET. - - Improves error messages on TCP connection resets. bz#2257 + Handle the split of tun(4) "link0" into tap(4) in ssh + tun-forwarding. Adapted from portable (using separate devices for this is the + normal case in most OS). ok djm@ - ok dtucker@ + Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39 -commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d -Author: djm@openbsd.org -Date: Fri May 1 07:08:08 2015 +0000 +commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b +Author: gsoares@openbsd.org +Date: Wed Oct 21 11:33:03 2015 +0000 upstream commit - a couple of parse targets were missing activep checks, - causing them to be misapplied in match context; bz#2272 diagnosis and - original patch from Sami Hartikainen ok dtucker@ + fix memory leak in error path ok djm@ + + Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35 -commit 7e8528cad04b2775c3b7db08abf8fb42e47e6b2a -Author: djm@openbsd.org -Date: Fri May 1 04:17:51 2015 +0000 +commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5 +Author: mmcc@openbsd.org +Date: Tue Oct 20 23:24:25 2015 +0000 upstream commit - make handling of AuthorizedPrincipalsFile=none more - consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@ + Compare pointers to NULL rather than 0. + + ok djm@ + + Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8 -commit ca430d4d9cc0f62eca3b1fb1e2928395b7ce80f7 -Author: djm@openbsd.org -Date: Fri May 1 04:03:20 2015 +0000 +commit f98a09cacff7baad8748c9aa217afd155a4d493f +Author: mmcc@openbsd.org +Date: Tue Oct 20 03:36:35 2015 +0000 upstream commit - remove failed remote forwards established by muliplexing - from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok - dtucker@ + Replace a function-local allocation with stack memory. + + ok djm@ + + Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e -commit 8312cfb8ad88657517b3e23ac8c56c8e38eb9792 -Author: djm@openbsd.org -Date: Fri May 1 04:01:58 2015 +0000 +commit ac908c1eeacccfa85659594d92428659320fd57e +Author: Damien Miller +Date: Thu Oct 22 09:35:24 2015 +1100 - upstream commit + turn off PrintLastLog when --disable-lastlog - reduce stderr spam when using ssh -S /path/mux -O forward - -R 0:... ok dtucker@ + bz#2278 from Brent Paulson -commit 179be0f5e62f1f492462571944e45a3da660d82b +commit b56deb847f4a0115a8bf488bf6ee8524658162fd Author: djm@openbsd.org -Date: Fri May 1 03:23:51 2015 +0000 +Date: Fri Oct 16 22:32:22 2015 +0000 upstream commit - prevent authorized_keys options picked up on public key - tests without a corresponding private key authentication being applied to - other authentication methods. Reported by halex@, ok markus@ + increase the minimum modulus that we will send or accept in + diffie-hellman-group-exchange to 2048 bits; ok markus@ + + Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a -commit a42d67be65b719a430b7fcaba2a4e4118382723a +commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9 Author: djm@openbsd.org -Date: Fri May 1 03:20:54 2015 +0000 +Date: Fri Oct 16 18:40:49 2015 +0000 upstream commit - Don't make parsing of authorized_keys' environment= - option conditional on PermitUserEnv - always parse it, but only use the - result if the option is enabled. This prevents the syntax of authorized_keys - changing depending on which sshd_config options were enabled. + better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in + hostname canonicalisation - treat them as already canonical and remove the + trailing '.' before matching ssh_config; ok markus@ - bz#2329; based on patch from coladict AT gmail.com, ok dtucker@ + Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a -commit e661a86353e11592c7ed6a847e19a83609f49e77 -Author: djm@openbsd.org -Date: Mon May 4 06:10:48 2015 +0000 +commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7 +Author: mmcc@openbsd.org +Date: Fri Oct 16 17:07:24 2015 +0000 upstream commit - Remove pattern length argument from match_pattern_list(), we - only ever use it for strlen(pattern). + 0 -> NULL when comparing with a char*. - Prompted by hanno AT hboeck.de pointing an out-of-bound read - error caused by an incorrect pattern length found using AFL - and his own tools. + ok dtucker@, djm@. - ok markus@ + Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300 -commit 0ef1de742be2ee4b10381193fe90730925b7f027 -Author: dtucker@openbsd.org -Date: Thu Apr 23 05:01:19 2015 +0000 +commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2 +Author: djm@openbsd.org +Date: Thu Oct 15 23:51:40 2015 +0000 upstream commit - Add a simple regression test for sshd's configuration - parser. Right now, all it does is run the output of sshd -T back through - itself and ensure the output is valid and invariant. + fix some signed/unsigned integer type mismatches in + format strings; reported by Nicholas Lemonias + + Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c -commit 368f83c793275faa2c52f60eaa9bdac155c4254b +commit 1a2663a15d356bb188196b6414b4c50dc12fd42b Author: djm@openbsd.org -Date: Wed Apr 22 01:38:36 2015 +0000 +Date: Thu Oct 15 23:08:23 2015 +0000 upstream commit - use correct key for nested certificate test + argument to sshkey_from_private() and sshkey_demote() + can't be NULL + + Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f -commit 8d4d1bfddbbd7d21f545dc6997081d1ea1fbc99a -Author: djm@openbsd.org -Date: Fri May 1 07:11:47 2015 +0000 +commit 0f754e29dd3760fc0b172c1220f18b753fb0957e +Author: Damien Miller +Date: Fri Oct 16 10:53:14 2015 +1100 - upstream commit + need va_copy before va_start - mention that the user's shell from /etc/passwd is used - for commands too; bz#1459 ok dtucker@ + reported by Nicholas Lemonias -commit 5ab283d0016bbc9d4d71e8e5284d011bc5a930cf -Author: djm@openbsd.org -Date: Fri May 8 07:29:00 2015 +0000 +commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd +Author: Damien Miller +Date: Thu Oct 15 15:48:28 2015 -0700 + + fix compilation on systems without SYMLOOP_MAX + +commit fafe1d84a210fb3dae7744f268059cc583db8c12 +Author: Damien Miller +Date: Wed Oct 14 09:22:15 2015 -0700 + + s/SANDBOX_TAME/SANDBOX_PLEDGE/g + +commit 8f22911027ff6c17d7226d232ccd20727f389310 +Author: Damien Miller +Date: Wed Oct 14 08:28:19 2015 +1100 upstream commit - whitespace - - Upstream-Regress-ID: 6b708a3e709d5b7fd37890f874bafdff1f597519 + revision 1.20 + date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; + In rev 1.15 the sizeof argument was fixed in a strlcat() call but + the truncation check immediately following it was not updated to + match. Not an issue in practice since the buffers are the same + size. OK deraadt@ -commit 8377d5008ad260048192e1e56ad7d15a56d103dd -Author: djm@openbsd.org -Date: Fri May 8 07:26:13 2015 +0000 +commit 23fa695bb735f54f04d46123662609edb6c76767 +Author: Damien Miller +Date: Wed Oct 14 08:27:51 2015 +1100 upstream commit - whitespace at EOL - - Upstream-Regress-ID: 9c48911643d5b05173b36a012041bed4080b8554 + revision 1.19 + date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; + Move to the universe. + review by millert, binary checking process with doug, concept with guenther -commit c28a3436fa8737709ea88e4437f8f23a6ab50359 -Author: djm@openbsd.org -Date: Fri May 8 06:45:13 2015 +0000 +commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b +Author: Damien Miller +Date: Wed Oct 14 08:27:08 2015 +1100 upstream commit - moar whitespace at eol - - Upstream-ID: 64eaf872a3ba52ed41e494287e80d40aaba4b515 + revision 1.18 + date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; + Revert last commit due to changed semantics found by make release. -commit 2b64c490468fd4ca35ac8d5cc31c0520dc1508bb -Author: djm@openbsd.org -Date: Fri May 8 06:41:56 2015 +0000 +commit c39ad23b06e9aecc3ff788e92f787a08472905b1 +Author: Damien Miller +Date: Wed Oct 14 08:26:24 2015 +1100 upstream commit - whitespace at EOL + revision 1.17 + date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; + Better POSIX compliance in realpath(3). - Upstream-ID: 57bcf67d666c6fc1ad798aee448fdc3f70f7ec2c + millert@ made changes to realpath.c based on FreeBSD's version. I merged + Todd's changes into dl_realpath.c. + + ok millert@, guenther@ -commit 4e636cf201ce6e7e3b9088568218f9d4e2c51712 -Author: djm@openbsd.org -Date: Fri May 8 03:56:51 2015 +0000 +commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4 +Author: Damien Miller +Date: Wed Oct 14 08:25:55 2015 +1100 upstream commit - whitespace at EOL + revision 1.16 + date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; + - Add comments regarding copies of these files also in libexec/ld.so + okay guenther@ -commit 38b8272f823dc1dd4e29dbcee83943ed48bb12fa -Author: dtucker@openbsd.org -Date: Mon May 4 01:47:53 2015 +0000 +commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410 +Author: Damien Miller +Date: Wed Oct 14 08:25:32 2015 +1100 upstream commit - Use diff w/out -u for better portability + revision 1.15 + date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; + specify the bounds of the dst to strlcat (both values were static and + equal, but it is more correct) + from Michal Mazurek -commit 297060f42d5189a4065ea1b6f0afdf6371fb0507 -Author: dtucker@openbsd.org -Date: Fri May 8 03:25:07 2015 +0000 +commit 7365fe5b4859de2305e40ea132da3823830fa710 +Author: Damien Miller +Date: Wed Oct 14 08:25:09 2015 +1100 upstream commit - Use xcalloc for permitted_adm_opens instead of xmalloc to - ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok - djm@ + revision 1.14 + date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; + Recent Single Unix will malloc memory if the second argument of realpath() + is NULL, and third-party software is starting to rely upon this. + Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor + tweaks from nicm@ and yours truly. -commit 63ebf019be863b2d90492a85e248cf55a6e87403 +commit e679c09cd1951f963793aa3d9748d1c3fdcf808f Author: djm@openbsd.org -Date: Fri May 8 03:17:49 2015 +0000 +Date: Tue Oct 13 16:15:21 2015 +0000 upstream commit - don't choke on new-format private keys encrypted with an - AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@ + apply PubkeyAcceptedKeyTypes filtering earlier, so all + skipped keys are noted before pubkey authentication starts. ok dtucker@ + + Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8 -commit f8484dac678ab3098ae522a5f03bb2530f822987 -Author: dtucker@openbsd.org -Date: Wed May 6 05:45:17 2015 +0000 +commit 179c353f564ec7ada64b87730b25fb41107babd7 +Author: djm@openbsd.org +Date: Tue Oct 13 00:21:27 2015 +0000 upstream commit - Clarify pseudo-terminal request behaviour and use - "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@. + free the correct IV length, don't assume it's always the + cipher blocksize; ok dtucker@ + + Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298 -commit ea139507bef8bad26e86ed99a42c7233ad115c38 -Author: dtucker@openbsd.org -Date: Wed May 6 04:07:18 2015 +0000 +commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3 +Author: deraadt@openbsd.org +Date: Fri Oct 9 01:37:08 2015 +0000 upstream commit - Blacklist DH-GEX for specific PuTTY versions known to - send non-RFC4419 DH-GEX messages rather than all versions of PuTTY. - According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX - messages. ok djm@ + Change all tame callers to namechange to pledge(2). + + Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2 -commit b58234f00ee3872eb84f6e9e572a9a34e902e36e -Author: dtucker@openbsd.org -Date: Tue May 5 10:17:49 2015 +0000 +commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73 +Author: Damien Miller +Date: Thu Oct 8 04:30:48 2015 +1100 + + hook tame(2) sandbox up to build + + OpenBSD only for now + +commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6 +Author: djm@openbsd.org +Date: Wed Oct 7 15:59:12 2015 +0000 upstream commit - WinSCP doesn't implement RFC4419 DH-GEX so flag it so we - don't offer that KEX method. ok markus@ + include PubkeyAcceptedKeyTypes in ssh -G config dump + + Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb -commit d5b1507a207253b39e810e91e68f9598691b7a29 -Author: jsg@openbsd.org -Date: Tue May 5 02:48:17 2015 +0000 +commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e +Author: sobrado@openbsd.org +Date: Wed Oct 7 14:45:30 2015 +0000 upstream commit - use the sizeof the struct not the sizeof a pointer to the - struct in ssh_digest_start() + UsePrivilegeSeparation defaults to sandbox now. - This file is only used if ssh is built with OPENSSL=no + ok djm@ - ok markus@ + Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f -commit a647b9b8e616c231594b2710c925d31b1b8afea3 -Author: Darren Tucker -Date: Fri May 8 11:07:27 2015 +1000 +commit 2905d6f99c837bb699b6ebc61711b19acd030709 +Author: djm@openbsd.org +Date: Wed Oct 7 00:54:06 2015 +0000 - Put brackets around mblen() compat constant. + upstream commit - This might help with the reported problem cross compiling for Android - ("error: expected identifier or '(' before numeric constant") but - shouldn't hurt in any case. + don't try to change tun device flags if they are already + what we need; makes it possible to use tun/tap networking as non- root user + if device permissions and interface flags are pre-established; based on patch + by Ossi Herrala + + Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21 -commit d1680d36e17244d9af3843aeb5025cb8e40d6c07 -Author: Darren Tucker -Date: Thu Apr 30 09:18:11 2015 +1000 +commit 0dc74512bdb105b048883f07de538b37e5e024d4 +Author: Damien Miller +Date: Mon Oct 5 18:33:05 2015 -0700 - xrealloc -> xreallocarray in portable code too. + unbreak merge botch -commit 531a57a3893f9fcd4aaaba8c312b612bbbcc021e -Author: dtucker@openbsd.org -Date: Wed Apr 29 03:48:56 2015 +0000 +commit fdd020e86439afa7f537e2429d29d4b744c94331 +Author: djm@openbsd.org +Date: Tue Oct 6 01:20:59 2015 +0000 upstream commit - Allow ListenAddress, Port and AddressFamily in any - order. bz#68, ok djm@, jmc@ (for the man page bit). - -commit c1d5bcf1aaf1209af02f79e48ba1cbc76a87b56f -Author: jmc@openbsd.org -Date: Tue Apr 28 13:47:38 2015 +0000 - - upstream commit + adapt to recent sshkey_parse_private_fileblob() API + change - enviroment -> environment: apologies to darren for not - spotting that first time round... + Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988 -commit 43beea053db191cac47c2cd8d3dc1930158aff1a -Author: dtucker@openbsd.org -Date: Tue Apr 28 10:25:15 2015 +0000 +commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5 +Author: djm@openbsd.org +Date: Thu Sep 24 07:15:39 2015 +0000 upstream commit - Fix typo in previous + fix command-line option to match what was actually + committed + + Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699 -commit 85b96ef41374f3ddc9139581f87da09b2cd9199e -Author: dtucker@openbsd.org -Date: Tue Apr 28 10:17:58 2015 +0000 +commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd +Author: djm@openbsd.org +Date: Thu Sep 24 06:16:53 2015 +0000 upstream commit - Document that the TERM environment variable is not - subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from - jjelen at redhat, help and ok jmc@ + regress test for CertificateFile; patch from Meghana Bhat + via bz#2436 + + Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25 -commit 88a7c598a94ff53f76df228eeaae238d2d467565 +commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad Author: djm@openbsd.org -Date: Mon Apr 27 21:42:48 2015 +0000 +Date: Mon Oct 5 17:11:21 2015 +0000 upstream commit - Make sshd default to PermitRootLogin=no; ok deraadt@ - rpe@ + some more bzero->explicit_bzero, from Michael McConville + + Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 -commit 734226b4480a6c736096c729fcf6f391400599c7 -Author: djm@openbsd.org -Date: Mon Apr 27 01:52:30 2015 +0000 +commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011 +Author: deraadt@openbsd.org +Date: Fri Oct 2 15:52:55 2015 +0000 upstream commit - fix compilation with OPENSSL=no; ok dtucker@ + fix email + + Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834 -commit a4b9d2ce1eb7703eaf0809b0c8a82ded8aa4f1c6 -Author: dtucker@openbsd.org -Date: Mon Apr 27 00:37:53 2015 +0000 +commit b19e1b4ab11884c4f62aee9f8ab53127a4732658 +Author: deraadt@openbsd.org +Date: Fri Oct 2 01:39:52 2015 +0000 upstream commit - Include stdio.h for FILE (used in sshkey.h) so it - compiles with OPENSSL=no. + a sandbox using tame ok djm + + Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3 -commit dbcc652f4ca11fe04e5930c7ef18a219318c6cda -Author: djm@openbsd.org -Date: Mon Apr 27 00:21:21 2015 +0000 +commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac +Author: deraadt@openbsd.org +Date: Fri Oct 2 01:39:26 2015 +0000 upstream commit - allow "sshd -f none" to skip reading the config file, - much like "ssh -F none" does. ok dtucker + re-order system calls in order of risk, ok i'll be + honest, ordered this way they look like tame... ok djm + + Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813 -commit b7ca276fca316c952f0b90f5adb1448c8481eedc +commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546 Author: jmc@openbsd.org -Date: Fri Apr 24 06:26:49 2015 +0000 +Date: Fri Sep 25 18:19:54 2015 +0000 upstream commit - combine -Dd onto one line and update usage(); + some certificatefile tweaks; ok djm + + Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0 -commit 2ea974630d7017e4c7666d14d9dc939707613e96 +commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8 Author: djm@openbsd.org -Date: Fri Apr 24 05:26:44 2015 +0000 +Date: Thu Sep 24 06:15:11 2015 +0000 upstream commit - add ssh-agent -D to leave ssh-agent in foreground - without enabling debug mode; bz#2381 ok dtucker@ + add ssh_config CertificateFile option to explicitly list + a certificate; patch from Meghana Bhat on bz#2436; ok markus@ + + Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8 -commit 8ac2ffd7aa06042f6b924c87139f2fea5c5682f7 -Author: deraadt@openbsd.org -Date: Fri Apr 24 01:36:24 2015 +0000 +commit e3cbb06ade83c72b640a53728d362bbefa0008e2 +Author: sobrado@openbsd.org +Date: Tue Sep 22 08:33:23 2015 +0000 upstream commit - 2*len -> use xreallocarray() ok djm + fix two typos. + + Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709 -commit 657a5fbc0d0aff309079ff8fb386f17e964963c2 -Author: deraadt@openbsd.org -Date: Fri Apr 24 01:36:00 2015 +0000 +commit 8408218c1ca88cb17d15278174a24a94a6f65fe1 +Author: djm@openbsd.org +Date: Mon Sep 21 04:31:00 2015 +0000 upstream commit - rename xrealloc() to xreallocarray() since it follows - that form. ok djm + fix possible hang on closed output; bz#2469 reported by Tomas + Kuthan ok markus@ + + Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3 -commit 1108ae242fdd2c304307b68ddf46aebe43ebffaa -Author: dtucker@openbsd.org -Date: Thu Apr 23 04:59:10 2015 +0000 +commit 0097248f90a00865082e8c146b905a6555cc146f +Author: djm@openbsd.org +Date: Fri Sep 11 04:55:01 2015 +0000 upstream commit - Two small fixes for sshd -T: ListenAddress'es are added - to a list head so reverse the order when printing them to ensure the - behaviour remains the same, and print StreamLocalBindMask as octal with - leading zero. ok deraadt@ + skip if running as root; many systems (inc OpenBSD) allow + root to ptrace arbitrary processes + + Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038 -commit bd902b8473e1168f19378d5d0ae68d0c203525df -Author: dtucker@openbsd.org -Date: Thu Apr 23 04:53:53 2015 +0000 +commit 9c06c814aff925e11a5cc592c06929c258a014f6 +Author: djm@openbsd.org +Date: Fri Sep 11 03:44:21 2015 +0000 upstream commit - Check for and reject missing arguments for - VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com, - ok djm@ + try all supported key types here; bz#2455 reported by + Jakub Jelen + + Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba -commit ca42c1758575e592239de1d5755140e054b91a0d -Author: djm@openbsd.org -Date: Wed Apr 22 01:24:01 2015 +0000 +commit 3c019a936b43f3e2773f3edbde7c114d73caaa4c +Author: tim@openbsd.org +Date: Sun Sep 13 14:39:16 2015 +0000 upstream commit - unknown certificate extensions are non-fatal, so don't - fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok - dtucker@ + - Fix error message: passphrase needs to be at least 5 + characters, not 4. - Remove unused function argument. - Remove two + unnecessary variables. + + OK djm@ + + Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30 -commit 39bfbf7caad231cc4bda6909fb1af0705bca04d8 -Author: jsg@openbsd.org -Date: Tue Apr 21 07:01:00 2015 +0000 +commit 2681cdb6e0de7c1af549dac37a9531af202b4434 +Author: tim@openbsd.org +Date: Sun Sep 13 13:48:19 2015 +0000 upstream commit - Add back a backslash removed in rev 1.42 so - KEX_SERVER_ENCRYPT will include aes again. + When adding keys to the agent, don't ignore the comment + of keys for which the user is prompted for a passphrase. - ok deraadt@ + Tweak and OK djm@ + + Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec -commit 6b0d576bb87eca3efd2b309fcfe4edfefc289f9c -Author: djm@openbsd.org -Date: Fri Apr 17 13:32:09 2015 +0000 +commit 14692f7b8251cdda847e648a82735eef8a4d2a33 +Author: guenther@openbsd.org +Date: Fri Sep 11 08:50:04 2015 +0000 upstream commit - s/recommended/required/ that private keys be og-r this - wording change was made a while ago but got accidentally reverted + Use explicit_bzero() when zeroing before free() + + from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) + ok millert@ djm@ + + Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50 -commit 44a8e7ce6f3ab4c2eb1ae49115c210b98e53c4df -Author: djm@openbsd.org -Date: Fri Apr 17 13:25:52 2015 +0000 +commit 846f6fa4cfa8483a9195971dbdd162220f199d85 +Author: jmc@openbsd.org +Date: Fri Sep 11 06:55:46 2015 +0000 upstream commit - don't try to cleanup NULL KEX proposals in - kex_prop_free(); found by Jukka Taimisto and Markus Hietava + sync -Q in usage() to SYNOPSIS; since it's drastically + shorter, i've reformatted the block to sync with the man (80 cols) and saved + a line; + + Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd -commit 3038a191872d2882052306098c1810d14835e704 -Author: djm@openbsd.org -Date: Fri Apr 17 13:19:22 2015 +0000 +commit 95923e0520a8647417ee6dcdff44694703dfeef0 +Author: jmc@openbsd.org +Date: Fri Sep 11 06:51:39 2015 +0000 upstream commit - use error/logit/fatal instead of fprintf(stderr, ...) - and exit(0), fix a few errors that were being printed to stdout instead of - stderr and a few non-errors that were going to stderr instead of stdout - bz#2325; ok dtucker + tweak previous; + + Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6 -commit a58be33cb6cd24441fa7e634db0e5babdd56f07f -Author: djm@openbsd.org -Date: Fri Apr 17 13:16:48 2015 +0000 +commit 86ac462f833b05d8ed9de9c50ccb295d7faa79ff +Author: dtucker@openbsd.org +Date: Fri Sep 11 05:27:02 2015 +0000 upstream commit - debug log missing DISPLAY environment when X11 - forwarding requested; bz#1682 ok dtucker@ + Update usage to match man page. + + Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675 -commit 17d4d9d9fbc8fb80e322f94d95eecc604588a474 +commit 674b3b68c1d36b2562324927cd03857b565e05e8 Author: djm@openbsd.org -Date: Fri Apr 17 04:32:31 2015 +0000 +Date: Fri Sep 11 03:47:28 2015 +0000 upstream commit - don't call record_login() in monitor when UseLogin is - enabled; bz#278 reported by drk AT sgi.com; ok dtucker + expand %i in ControlPath to UID; bz#2449 + + patch from Christian Hesse w/ feedback from dtucker@ + + Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925 -commit 40132ff87b6cbc3dc05fb5df2e9d8e3afa06aafd -Author: dtucker@openbsd.org -Date: Fri Apr 17 04:12:35 2015 +0000 +commit c0f55db7ee00c8202b05cb4b9ad4ce72cc45df41 +Author: djm@openbsd.org +Date: Fri Sep 11 03:42:32 2015 +0000 upstream commit - Add some missing options to sshd -T and fix the output - of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat - com, ok djm. + mention -Q key-plain and -Q key-cert; bz#2455 pointed out + by Jakub Jelen + + Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896 -commit 6cc7cfa936afde2d829e56ee6528c7ea47a42441 -Author: dtucker@openbsd.org -Date: Thu Apr 16 23:25:50 2015 +0000 +commit cfffbdb10fdf0f02d3f4232232eef7ec3876c383 +Author: Darren Tucker +Date: Mon Sep 14 16:24:21 2015 +1000 - upstream commit + Use ssh-keygen -A when generating host keys. - Document "none" for PidFile XAuthLocation - TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@ + Use ssh-keygen -A instead of per-keytype invocations when generating host + keys. Add tests when doing host-key-force since we can't use ssh-keygen -A + since it can't specify alternate locations. bz#2459, ok djm@ -commit 15fdfc9b1c6808b26bc54d4d61a38b54541763ed -Author: dtucker@openbsd.org -Date: Wed Apr 15 23:23:25 2015 +0000 +commit 366bada1e9e124654aac55b72b6ccf878755b0dc +Author: Darren Tucker +Date: Fri Sep 11 13:29:22 2015 +1000 - upstream commit + Correct default value for --with-ssh1. - Plug leak of address passed to logging. bz#2373, patch - from jjelen at redhat, ok markus@ + bz#2457, from konto-mindrot.org at walimnieto.com. -commit bb2289e2a47d465eaaaeff3dee2a6b7777b4c291 -Author: dtucker@openbsd.org -Date: Tue Apr 14 04:17:03 2015 +0000 +commit 2bca8a43e7dd9b04d7070824ffebb823c72587b2 +Author: djm@openbsd.org +Date: Fri Sep 11 03:13:36 2015 +0000 upstream commit - Output remote username in debug output since with Host - and Match it's not always obvious what it will be. bz#2368, ok djm@ + more clarity on what AuthorizedKeysFile=none does; based + on diff by Thiebaud Weksteen + + Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704 -commit 70860b6d07461906730632f9758ff1b7c98c695a -Author: Darren Tucker -Date: Fri Apr 17 10:56:13 2015 +1000 +commit 61942ea4a01e6db4fdf37ad61de81312ffe310e9 +Author: djm@openbsd.org +Date: Wed Sep 9 00:52:44 2015 +0000 - Format UsePAM setting when using sshd -T. + upstream commit - Part of bz#2346, patch from jjelen at redhat com. + openssh_RSA_verify return type is int, so don't make it + size_t within the function itself with only negative numbers or zero assigned + to it. bz#2460 + + Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55 -commit ee15d9c9f0720f5a8b0b34e4b10ecf21f9824814 -Author: Darren Tucker -Date: Fri Apr 17 10:40:23 2015 +1000 +commit 4f7cc2f8cc861a21e6dbd7f6c25652afb38b9b96 +Author: dtucker@openbsd.org +Date: Fri Sep 4 08:21:47 2015 +0000 - Wrap endian.h include inside ifdef (bz#2370). + upstream commit + + Plug minor memory leaks when options are used more than + once. bz#2182, patch from Tiago Cunha, ok deraadt djm + + Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e -commit 408f4c2ad4a4c41baa7b9b2b7423d875abbfa70b +commit 7ad8b287c8453a3e61dbc0d34d467632b8b06fc8 Author: Darren Tucker -Date: Fri Apr 17 09:39:58 2015 +1000 +Date: Fri Sep 11 13:11:02 2015 +1000 - Look for '${host}-ar' before 'ar'. - - This changes configure.ac to look for '${host}-ar' as set by - AC_CANONICAL_HOST before looking for the unprefixed 'ar'. - Useful when cross-compiling when all your binutils are prefixed. + Force resolution of _res for correct detection. - Patch from moben at exherbo org via astrand at lysator liu se and - bz#2352. + bz#2259, from sconeu at yahoo.com. -commit 673a1c16ad078d41558247ce739fe812c960acc8 -Author: Damien Miller -Date: Thu Apr 16 11:40:20 2015 +1000 +commit 26ad18247213ff72b4438abe7fc660c958810fa2 +Author: Damien Miller +Date: Thu Sep 10 10:57:41 2015 +1000 - remove dependency on arpa/telnet.h + allow getrandom syscall; from Felix von Leitner -commit 202d443eeda1829d336595a3cfc07827e49f45ed -Author: Darren Tucker -Date: Wed Apr 15 15:59:49 2015 +1000 +commit 5245bc1e6b129a10a928f73f11c3aa32656c44b4 +Author: jmc@openbsd.org +Date: Fri Sep 4 06:40:45 2015 +0000 - Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits. + upstream commit + + full stop belongs outside the brackets, not inside; + + Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a -commit 597986493412c499f2bc2209420cb195f97b3668 -Author: Damien Miller -Date: Thu Apr 9 10:14:48 2015 +1000 +commit a85768a9321d74b41219eeb3c9be9f1702cbf6a5 +Author: djm@openbsd.org +Date: Fri Sep 4 04:56:09 2015 +0000 - platform's with openpty don't need pty_release + upstream commit + + add a debug2() right before DNS resolution; it's a place + where ssh could previously silently hang for a while. bz#2433 + + Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0 -commit 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0 +commit 46152af8d27aa34d5d26ed1c371dc8aa142d4730 Author: djm@openbsd.org -Date: Mon Apr 13 02:04:08 2015 +0000 +Date: Fri Sep 4 04:55:24 2015 +0000 upstream commit - deprecate ancient, pre-RFC4419 and undocumented - SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems - reasonable" dtucker@ + correct function name in error messages + + Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e -commit d8f391caef62378463a0e6b36f940170dadfe605 -Author: dtucker@openbsd.org -Date: Fri Apr 10 05:16:50 2015 +0000 +commit a954cdb799a4d83c2d40fbf3e7b9f187fbfd72fc +Author: djm@openbsd.org +Date: Fri Sep 4 04:47:50 2015 +0000 upstream commit - Don't send hostkey advertisments - (hostkeys-00@openssh.com) to current versions of Tera Term as they can't - handle them. Newer versions should be OK. Patch from Bryan Drewery and - IWAMOTO Kouichi, ok djm@ + better document ExitOnForwardFailure; bz#2444, ok + dtucker@ + + Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2 -commit 2c2cfe1a1c97eb9a08cc9817fd0678209680c636 +commit f54d8ac2474b6fc3afa081cf759b48a6c89d3319 Author: djm@openbsd.org -Date: Fri Apr 10 00:08:55 2015 +0000 +Date: Fri Sep 4 04:44:08 2015 +0000 upstream commit - include port number if a non-default one has been - specified; based on patch from Michael Handler + don't record hostbased authentication hostkeys as user + keys in test for multiple authentication with the same key + + Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc -commit 4492a4f222da4cf1e8eab12689196322e27b08c4 +commit ac3451dd65f27ecf85dc045c46d49e2bbcb8dddd Author: djm@openbsd.org -Date: Tue Apr 7 23:00:42 2015 +0000 +Date: Fri Sep 4 03:57:38 2015 +0000 upstream commit - treat Protocol=1,2|2,1 as Protocol=2 when compiled - without SSH1 support; ok dtucker@ millert@ + remove extra newline in nethack-mode hostkey; from + Christian Hesse bz#2686 + + Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92 -commit c265e2e6e932efc6d86f6cc885dea33637a67564 -Author: miod@openbsd.org -Date: Sun Apr 5 15:43:43 2015 +0000 +commit 9e3ed9ebb1a7e47c155c28399ddf09b306ea05df +Author: djm@openbsd.org +Date: Fri Sep 4 04:23:10 2015 +0000 upstream commit - Do not use int for sig_atomic_t; spotted by - christos@netbsd; ok markus@ + trim junk from end of file; bz#2455 from Jakub Jelen + + Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6 -commit e7bf3a5eda6a1b02bef6096fed78527ee11e54cc -Author: Darren Tucker -Date: Tue Apr 7 10:48:04 2015 +1000 +commit f3a3ea180afff080bab82087ee0b60db9fd84f6c +Author: jsg@openbsd.org +Date: Wed Sep 2 07:51:12 2015 +0000 - Use do{}while(0) for no-op functions. + upstream commit - From FreeBSD. + Fix occurrences of "r = func() != 0" which result in the + wrong error codes being returned due to != having higher precedence than =. + + ok deraadt@ markus@ + + Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840 -commit bb99844abae2b6447272f79e7fa84134802eb4df -Author: Darren Tucker -Date: Tue Apr 7 10:47:15 2015 +1000 +commit f498a98cf83feeb7ea01c15cd1c98b3111361f3a +Author: Damien Miller +Date: Thu Sep 3 09:11:22 2015 +1000 - Wrap blf.h include in ifdef. From FreeBSD. + don't check for yp_match; ok tim@ -commit d9b9b43656091cf0ad55c122f08fadb07dad0abd -Author: Darren Tucker -Date: Tue Apr 7 09:10:00 2015 +1000 +commit 9690b78b7848b0b376980a61d51b1613e187ddb5 +Author: djm@openbsd.org +Date: Fri Aug 21 23:57:48 2015 +0000 - Fix misspellings of regress CONFOPTS env variables. + upstream commit - Patch from Bryan Drewery. + Improve printing of KEX offers and decisions + + The debug output now labels the client and server offers and the + negotiated options. ok markus@ + + Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb -commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156 +commit 60a92470e21340e1a3fc10f9c7140d8e1519dc55 Author: djm@openbsd.org -Date: Fri Apr 3 22:17:27 2015 +0000 +Date: Fri Aug 21 23:53:08 2015 +0000 upstream commit - correct return value in pubkey parsing, spotted by Ben Hawkes - ok markus@ + Fix printing (ssh -G ...) of HostKeyAlgorithms=+... + Reported by Bryan Drewery + + Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293 -commit 7da2be0cb9601ed25460c83aa4d44052b967ba0f +commit 6310f60fffca2d1e464168e7d1f7e3b6b0268897 Author: djm@openbsd.org -Date: Tue Mar 31 22:59:01 2015 +0000 +Date: Fri Aug 21 23:52:30 2015 +0000 upstream commit - adapt to recent hostfile.c change: when parsing - known_hosts without fully parsing the keys therein, hostkeys_foreach() will - now correctly identify KEY_RSA1 keys; ok markus@ miod@ + Fix expansion of HostkeyAlgorithms=+... + + Reported by Bryan Drewery + + Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d -commit 9e1777a0d1c706714b055811c12ab8cc21033e4a -Author: markus@openbsd.org -Date: Tue Mar 24 20:19:15 2015 +0000 +commit e774e5ea56237fd626a8161f9005023dff3e76c9 +Author: deraadt@openbsd.org +Date: Fri Aug 21 23:29:31 2015 +0000 upstream commit - use ${SSH} for -Q instead of installed ssh + Improve size == 0, count == 0 checking in mm_zalloc, + which is "array" like. Discussed with tedu, millert, otto.... and ok djm + + Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29 -commit ce1b358ea414a2cc88e4430cd5a2ea7fecd9de57 -Author: djm@openbsd.org -Date: Mon Mar 16 22:46:14 2015 +0000 +commit 189de02d9ad6f3645417c0ddf359b923aae5f926 +Author: Damien Miller +Date: Fri Aug 21 15:45:02 2015 +1000 - upstream commit - - make CLEANFILES clean up more of the tests' droppings + expose POLLHUP and POLLNVAL for netcat.c -commit 398f9ef192d820b67beba01ec234d66faca65775 -Author: djm@openbsd.org -Date: Tue Mar 31 22:57:06 2015 +0000 +commit e91346dc2bbf460246df2ab591b7613908c1b0ad +Author: Damien Miller +Date: Fri Aug 21 14:49:03 2015 +1000 - upstream commit - - downgrade error() for known_hosts parse errors to debug() - to quiet warnings from ssh1 keys present when compiled !ssh1. - - also identify ssh1 keys when scanning, even when compiled !ssh1 - - ok markus@ miod@ + we don't use Github for issues/pull-requests -commit 9a47ab80030a31f2d122b8fd95bd48c408b9fcd9 +commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23 +Author: Damien Miller +Date: Fri Aug 21 14:43:55 2015 +1000 + + fix URL for connect.c + +commit d026a8d3da0f8186598442997c7d0a28e7275414 +Author: Damien Miller +Date: Fri Aug 21 13:47:10 2015 +1000 + + update version numbers for 7.1 + +commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed Author: djm@openbsd.org -Date: Tue Mar 31 22:55:50 2015 +0000 +Date: Fri Aug 21 03:45:26 2015 +0000 upstream commit - fd leak for !ssh1 case; found by unittests; ok markus@ + openssh-7.1 + + Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f -commit c9a0805a6280681901c270755a7cd630d7c5280e +commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf Author: djm@openbsd.org -Date: Tue Mar 31 22:55:24 2015 +0000 +Date: Fri Aug 21 03:42:19 2015 +0000 upstream commit - don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 - listener; reported by miod@; ok miod@ markus@ + fix inverted logic that broke PermitRootLogin; reported + by Mantas Mikulenas; ok markus@ + + Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5 -commit 704d8c88988cae38fb755a6243b119731d223222 -Author: tobias@openbsd.org -Date: Tue Mar 31 11:06:49 2015 +0000 +commit ce445b0ed927e45bd5bdce8f836eb353998dd65c +Author: deraadt@openbsd.org +Date: Thu Aug 20 22:32:42 2015 +0000 upstream commit - Comments are only supported for RSA1 keys. If a user - tried to add one and entered his passphrase, explicitly clear it before exit. - This is done in all other error paths, too. + Do not cast result of malloc/calloc/realloc* if stdlib.h + is in scope ok krw millert - ok djm + Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667 -commit 78de1673c05ea2c33e0d4a4b64ecb5186b6ea2e9 -Author: jmc@openbsd.org -Date: Mon Mar 30 18:28:37 2015 +0000 +commit 05291e5288704d1a98bacda269eb5a0153599146 +Author: naddy@openbsd.org +Date: Thu Aug 20 19:20:06 2015 +0000 upstream commit - ssh-askpass(1) is the default, overridden by SSH_ASKPASS; - diff originally from jiri b; + In the certificates section, be consistent about using + "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ + + Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb -commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00 +commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4 Author: djm@openbsd.org -Date: Mon Mar 30 00:00:29 2015 +0000 +Date: Wed Aug 19 23:21:42 2015 +0000 upstream commit - fix uninitialised memory read when parsing a config file - consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok - dtucker - -commit fecede00a76fbb33a349f5121c0b2f9fbc04a777 -Author: markus@openbsd.org -Date: Thu Mar 26 19:32:19 2015 +0000 - - upstream commit + Better compat matching for WinSCP, add compat matching + for FuTTY (fork of PuTTY); ok markus@ deraadt@ - sigp and lenp are not optional in ssh_agent_sign(); ok - djm@ + Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389 -commit 1b0ef3813244c78669e6d4d54c624f600945327d -Author: naddy@openbsd.org -Date: Thu Mar 26 12:32:38 2015 +0000 +commit ec6eda16ebab771aa3dfc90629b41953b999cb1e +Author: djm@openbsd.org +Date: Wed Aug 19 23:19:01 2015 +0000 upstream commit - don't try to load .ssh/identity by default if SSH1 is - disabled; ok markus@ + fix double-free() in error path of DSA key generation + reported by Mateusz Kocielski; ok markus@ + + Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c -commit f9b78852379b74a2d14e6fc94fe52af30b7e9c31 +commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b Author: djm@openbsd.org -Date: Thu Mar 26 07:00:04 2015 +0000 +Date: Wed Aug 19 23:18:26 2015 +0000 upstream commit - ban all-zero curve25519 keys as recommended by latest - CFRG curves draft; ok markus + fix free() of uninitialised pointer reported by Mateusz + Kocielski; ok markus@ + + Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663 -commit b8afbe2c1aaf573565e4da775261dfafc8b1ba9c +commit c837643b93509a3ef538cb6624b678c5fe32ff79 Author: djm@openbsd.org -Date: Thu Mar 26 06:59:28 2015 +0000 +Date: Wed Aug 19 23:17:51 2015 +0000 upstream commit - relax bits needed check to allow - diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was - selected as symmetric cipher; ok markus + fixed unlink([uninitialised memory]) reported by Mateusz + Kocielski; ok markus@ + + Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109 -commit 47842f71e31da130555353c1d57a1e5a8937f1c0 -Author: markus@openbsd.org -Date: Wed Mar 25 19:29:58 2015 +0000 +commit 1f8d3d629cd553031021068eb9c646a5f1e50994 +Author: jmc@openbsd.org +Date: Fri Aug 14 15:32:41 2015 +0000 upstream commit - ignore v1 errors on ssh-add -D; only try v2 keys on - -l/-L (unless WITH_SSH1) ok djm@ + match myproposal.h order; from brian conway (i snuck in a + tweak while here) + + ok dtucker + + Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67 -commit 5f57e77f91bf2230c09eca96eb5ecec39e5f2da6 -Author: markus@openbsd.org -Date: Wed Mar 25 19:21:48 2015 +0000 +commit 1dc8d93ce69d6565747eb44446ed117187621b26 +Author: deraadt@openbsd.org +Date: Thu Aug 6 14:53:21 2015 +0000 upstream commit - unbreak ssh_agent_sign (lenp vs *lenp) + add prohibit-password as a synonymn for without-password, + since the without-password is causing too many questions. Harden it to ban + all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from + djm, ok markus + + Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a -commit 4daeb67181054f2a377677fac919ee8f9ed3490e -Author: markus@openbsd.org -Date: Tue Mar 24 20:10:08 2015 +0000 +commit 90a95a4745a531b62b81ce3b025e892bdc434de5 +Author: Damien Miller +Date: Tue Aug 11 13:53:41 2015 +1000 - upstream commit - - don't leak 'setp' on error; noted by Nicholas Lemonias; - ok djm@ + update version in README -commit 7d4f96f9de2a18af0d9fa75ea89a4990de0344f5 -Author: markus@openbsd.org -Date: Tue Mar 24 20:09:11 2015 +0000 +commit 318c37743534b58124f1bab37a8a0087a3a9bd2f +Author: Damien Miller +Date: Tue Aug 11 13:53:09 2015 +1000 - upstream commit - - consistent check for NULL as noted by Nicholas - Lemonias; ok djm@ + update versions in *.spec -commit df100be51354e447d9345cf1ec22e6013c0eed50 -Author: markus@openbsd.org -Date: Tue Mar 24 20:03:44 2015 +0000 +commit 5e75f5198769056089fb06c4d738ab0e5abc66f7 +Author: Damien Miller +Date: Tue Aug 11 13:34:12 2015 +1000 - upstream commit + set sshpam_ctxt to NULL after free - correct fmt-string for size_t as noted by Nicholas - Lemonias; ok djm@ + Avoids use-after-free in monitor when privsep child is compromised. + Reported by Moritz Jodeit; ok dtucker@ -commit a22b9ef21285e81775732436f7c84a27bd3f71e0 -Author: djm@openbsd.org -Date: Tue Mar 24 09:17:21 2015 +0000 +commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b +Author: Damien Miller +Date: Tue Aug 11 13:33:24 2015 +1000 - upstream commit + Don't resend username to PAM; it already has it. - promote chacha20-poly1305@openssh.com to be the default - cipher; ok markus + Pointed out by Moritz Jodeit; ok dtucker@ -commit 2aa9da1a3b360cf7b13e96fe1521534b91501fb5 -Author: djm@openbsd.org -Date: Tue Mar 24 01:29:19 2015 +0000 +commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca +Author: Darren Tucker +Date: Mon Jul 27 12:14:25 2015 +1000 - upstream commit - - Compile-time disable SSH protocol 1. You can turn it - back on using the Makefile.inc knob if you need it to talk to ancient - devices. + Import updated moduli file from OpenBSD. -commit 53097b2022154edf96b4e8526af5666f979503f7 +commit 55b263fb7cfeacb81aaf1c2036e0394c881637da +Author: Damien Miller +Date: Mon Aug 10 11:13:44 2015 +1000 + + let principals-command.sh work for noexec /var/run + +commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897 +Author: Damien Miller +Date: Thu Aug 6 11:43:42 2015 +1000 + + work around echo -n / sed behaviour in tests + +commit d85dad81778c1aa8106acd46930b25fdf0d15b2a Author: djm@openbsd.org -Date: Tue Mar 24 01:11:12 2015 +0000 +Date: Wed Aug 5 05:27:33 2015 +0000 upstream commit - fix double-negative error message "ssh1 is not - unsupported" + adjust for RSA minimum modulus switch; ok deraadt@ + + Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae -commit 5c27e3b6ec2db711dfcd40e6359c0bcdd0b62ea9 +commit 57e8e229bad5fe6056b5f1199665f5f7008192c6 Author: djm@openbsd.org -Date: Mon Mar 23 06:06:38 2015 +0000 +Date: Tue Aug 4 05:23:06 2015 +0000 upstream commit - for ssh-keygen -A, don't try (and fail) to generate ssh - v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled - without OpenSSL based on patch by Mike Frysinger; bz#2369 + backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this + release; problems spotted by sthen@ ok deraadt@ markus@ + + Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822 -commit 725fd22a8c41db7de73a638539a5157b7e4424ae +commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a Author: djm@openbsd.org -Date: Wed Mar 18 01:44:21 2015 +0000 +Date: Sun Aug 2 09:56:42 2015 +0000 upstream commit - KRL support doesn't need OpenSSL anymore, remove #ifdefs - from around call + openssh 7.0; ok deraadt@ + + Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f -commit b07011c18e0b2e172c5fd09d21fb159a0bf5fcc7 -Author: djm@openbsd.org -Date: Mon Mar 16 11:09:52 2015 +0000 +commit 3d5728a0f6874ce4efb16913a12963595070f3a9 +Author: chris@openbsd.org +Date: Fri Jul 31 15:38:09 2015 +0000 upstream commit - #if 0 some more arrays used only for decrypting (we don't - use since we only need encrypt for AES-CTR) + Allow PermitRootLogin to be overridden by config + + ok markus@ deeradt@ + + Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4 -commit 1cb3016635898d287e9d58b50c430995652d5358 -Author: jsg@openbsd.org -Date: Wed Mar 11 00:48:39 2015 +0000 +commit 6f941396b6835ad18018845f515b0c4fe20be21a +Author: djm@openbsd.org +Date: Thu Jul 30 23:09:15 2015 +0000 upstream commit - add back the changes from rev 1.206, djm reverted this by - mistake in rev 1.207 - -commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697 -Author: Damien Miller -Date: Fri Mar 20 09:11:59 2015 +1100 - - remove error() accidentally inserted for debugging + fix pty permissions; patch from Nikolay Edigaryev; ok + deraadt - pointed out by Christian Hesse - -commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb -Author: Tim Rice -Date: Mon Mar 16 22:49:20 2015 -0700 - - portability fix: Solaris systems may not have a grep that understands -q - -commit 8ef691f7d9ef500257a549d0906d78187490668f -Author: Damien Miller -Date: Wed Mar 11 10:35:26 2015 +1100 - - fix compile with clang - -commit 4df590cf8dc799e8986268d62019b487a8ed63ad -Author: Damien Miller -Date: Wed Mar 11 10:02:39 2015 +1100 - - make unit tests work for !OPENSSH_HAS_ECC + Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550 -commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba -Author: djm@openbsd.org -Date: Sat Mar 7 04:41:48 2015 +0000 +commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0 +Author: deraadt@openbsd.org +Date: Thu Jul 30 19:23:02 2015 +0000 upstream commit - unbreak for w/SSH1 (default) case; ok markus@ deraadt@ + change default: PermitRootLogin without-password matching + install script changes coming as well ok djm markus + + Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6 -commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f +commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c Author: Damien Miller -Date: Thu Mar 5 18:39:20 2015 -0800 +Date: Thu Jul 30 12:31:39 2015 +1000 - unbreak hostkeys test for w/ SSH1 case + downgrade OOM adjustment logging: verbose -> debug -commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4 +commit f9eca249d4961f28ae4b09186d7dc91de74b5895 Author: djm@openbsd.org -Date: Fri Mar 6 01:40:56 2015 +0000 +Date: Thu Jul 30 00:01:34 2015 +0000 upstream commit - fix sshkey_certify() return value for unsupported key types; - ok markus@ deraadt@ + Allow ssh_config and sshd_config kex parameters options be + prefixed by a '+' to indicate that the specified items be appended to the + default rather than replacing it. + + approach suggested by dtucker@, feedback dlg@, ok markus@ + + Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a -commit be8f658e550a434eac04256bfbc4289457a24e99 -Author: Damien Miller -Date: Wed Mar 4 15:38:03 2015 -0800 +commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 +Author: djm@openbsd.org +Date: Wed Jul 29 08:34:54 2015 +0000 - update version numbers to match version.h + upstream commit + + fix bug in previous; was printing incorrect string for + failed host key algorithms negotiation + + Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e -commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc +commit f319912b0d0e1675b8bb051ed8213792c788bcb2 Author: djm@openbsd.org -Date: Wed Mar 4 23:22:35 2015 +0000 +Date: Wed Jul 29 04:43:06 2015 +0000 upstream commit - make these work with !SSH1; ok markus@ deraadt@ + include the peer's offer when logging a failure to + negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@ + + Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796 -commit 2f04af92f036b0c87a23efb259c37da98cd81fe6 +commit b6ea0e573042eb85d84defb19227c89eb74cf05a Author: djm@openbsd.org -Date: Wed Mar 4 21:12:59 2015 +0000 +Date: Tue Jul 28 23:20:42 2015 +0000 upstream commit - make ssh-add -D work with !SSH1 agent + add Cisco to the list of clients that choke on the + hostkeys update extension. Pointed out by Howard Kash + + Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84 -commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b -Author: Damien Miller -Date: Wed Mar 4 00:55:48 2015 -0800 +commit 3f628c7b537291c1019ce86af90756fb4e66d0fd +Author: guenther@openbsd.org +Date: Mon Jul 27 16:29:23 2015 +0000 - netcat needs poll.h portability goop + upstream commit + + Permit kbind(2) use in the sandbox now, to ease testing + of ld.so work using it + + reminded by miod@, ok deraadt@ + + Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413 -commit dad2b1892b4c1b7e58df483a8c5b983c4454e099 -Author: markus@openbsd.org -Date: Tue Mar 3 22:35:19 2015 +0000 +commit ebe27ebe520098bbc0fe58945a87ce8490121edb +Author: millert@openbsd.org +Date: Mon Jul 20 18:44:12 2015 +0000 upstream commit - make it possible to run tests w/o ssh1 support; ok djm@ + Move .Pp before .Bl, not after to quiet mandoc -Tlint. + Noticed by jmc@ + + Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23 -commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2 -Author: djm@openbsd.org -Date: Wed Mar 4 18:53:53 2015 +0000 +commit d5d91d0da819611167782c66ab629159169d94d4 +Author: millert@openbsd.org +Date: Mon Jul 20 18:42:35 2015 +0000 upstream commit - crank; ok markus, deraadt + Sync usage with SYNOPSIS + + Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7 -commit bbffb23daa0b002dd9f296e396a9ab8a5866b339 -Author: Damien Miller -Date: Tue Mar 3 13:50:27 2015 -0800 +commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743 +Author: millert@openbsd.org +Date: Mon Jul 20 15:39:52 2015 +0000 - more --without-ssh1 fixes + upstream commit + + Better desciption of Unix domain socket forwarding. + bz#2423; ok jmc@ + + Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d -commit 6c2039286f503e2012a58a1d109e389016e7a99b +commit d56fd1828074a4031b18b8faa0bf949669eb18a0 Author: Damien Miller -Date: Tue Mar 3 13:48:48 2015 -0800 +Date: Mon Jul 20 11:19:51 2015 +1000 - fix merge both that broke --without-ssh1 compile + make realpath.c compile -Wsign-compare clean -commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3 +commit c63c9a691dca26bb7648827f5a13668832948929 Author: djm@openbsd.org -Date: Tue Mar 3 21:21:13 2015 +0000 +Date: Mon Jul 20 00:30:01 2015 +0000 upstream commit - add SSH1 Makefile knob to make it easier to build without - SSH1 support; ok markus@ + mention that the default of UseDNS=no implies that + hostnames cannot be used for host matching in sshd_config and + authorized_keys; bz#2045, ok dtucker@ + + Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1 -commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c +commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 Author: djm@openbsd.org -Date: Tue Mar 3 20:42:49 2015 +0000 +Date: Sat Jul 18 08:02:17 2015 +0000 upstream commit - expand __unused to full __attribute__ for better portability - -commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6 -Author: Damien Miller -Date: Wed Mar 4 07:41:27 2015 +1100 - - avoid warning + don't ignore PKCS#11 hosted keys that return empty + CKA_ID; patch by Jakub Jelen via bz#2429; ok markus + + Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485 -commit d1bc844322461f882b4fd2277ba9a8d4966573d2 -Author: Damien Miller -Date: Wed Mar 4 06:31:45 2015 +1100 +commit b15fd989c8c62074397160147a8d5bc34b3f3c63 +Author: djm@openbsd.org +Date: Sat Jul 18 08:00:21 2015 +0000 - Revert "define __unused to nothing if not already defined" + upstream commit - This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908. + skip uninitialised PKCS#11 slots; patch from Jakub Jelen + in bz#2427 ok markus@ - Some system headers have objects named __unused + Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29 -commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1 -Author: Damien Miller -Date: Wed Mar 4 05:02:45 2015 +1100 +commit 5b64f85bb811246c59ebab70aed331f26ba37b18 +Author: djm@openbsd.org +Date: Sat Jul 18 07:57:14 2015 +0000 - check for crypt and DES_crypt in openssl block + upstream commit - fixes builds on systems that use DES_crypt; based on patch - from Roumen Petrov - -commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908 -Author: Damien Miller -Date: Wed Mar 4 04:59:13 2015 +1100 - - define __unused to nothing if not already defined + only query each keyboard-interactive device once per + authentication request regardless of how many times it is listed; ok markus@ - fixes builds on BSD/OS + Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 -commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9 +commit cd7324d0667794eb5c236d8a4e0f236251babc2d Author: djm@openbsd.org -Date: Tue Mar 3 17:53:40 2015 +0000 +Date: Fri Jul 17 03:34:27 2015 +0000 upstream commit - reorder logic for better portability; patch from Roumen - Petrov + remove -u flag to diff (only used for error output) to make + things easier for -portable + + Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548 -commit 68d2dfc464fbcdf8d6387884260f9801f4352393 +commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a Author: djm@openbsd.org -Date: Tue Mar 3 06:48:58 2015 +0000 +Date: Fri Jul 17 03:09:19 2015 +0000 upstream commit - Allow "ssh -Q protocol-version" to list supported SSH - protocol versions. Useful for detecting builds without SSH v.1 support; idea - and ok markus@ + direct-streamlocal@openssh.com Unix domain foward + messages do not contain a "reserved for future use" field and in fact, + serverloop.c checks that there isn't one. Remove erroneous mention from + PROTOCOL description. bz#2421 from Daniel Black + + Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac -commit 39e2f1229562e1195169905607bc12290d21f021 -Author: millert@openbsd.org -Date: Sun Mar 1 15:44:40 2015 +0000 +commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52 +Author: djm@openbsd.org +Date: Fri Jul 17 03:04:27 2015 +0000 upstream commit - Make sure we only call getnameinfo() for AF_INET or AF_INET6 - sockets. getpeername() of a Unix domain socket may return without error on - some systems without actually setting ss_family so getnameinfo() was getting - called with ss_family set to AF_UNSPEC. OK djm@ + describe magic for setting up Unix domain socket fowards + via the mux channel; bz#2422 patch from Daniel Black + + Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861 -commit e47536ba9692d271b8ad89078abdecf0a1c11707 -Author: Damien Miller -Date: Sat Feb 28 08:20:11 2015 -0800 +commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc +Author: Darren Tucker +Date: Fri Jul 17 12:52:34 2015 +1000 - portability fixes for regress/netcat.c + Check if realpath works on nonexistent files. - Mostly avoiding "err(1, NULL)" + On some platforms the native realpath doesn't work with non-existent + files (this is actually specified in some versions of POSIX), however + the sftp spec says its realpath with "canonicalize any given path name". + On those platforms, use realpath from the compat library. + + In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines + the realpath symbol to the checked version, so redefine ours to + something else so we pick up the compat version we want. + + bz#2428, ok djm@ -commit 02973ad5f6f49d8420e50a392331432b0396c100 -Author: Damien Miller -Date: Sat Feb 28 08:05:27 2015 -0800 +commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0 +Author: djm@openbsd.org +Date: Fri Jul 17 02:47:45 2015 +0000 - twiddle another test for portability + upstream commit - from Tom G. Christensen + fix incorrect test for SSH1 keys when compiled without SSH1 + support + + Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451 -commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0 -Author: Damien Miller -Date: Fri Feb 27 15:52:49 2015 -0800 +commit df56a8035d429b2184ee94aaa7e580c1ff67f73a +Author: djm@openbsd.org +Date: Wed Jul 15 08:00:11 2015 +0000 - twiddle test for portability + upstream commit + + fix NULL-deref when SSH1 reenabled + + Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295 -commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83 -Author: Damien Miller -Date: Thu Feb 26 20:33:22 2015 -0800 +commit 41e38c4d49dd60908484e6703316651333f16b93 +Author: djm@openbsd.org +Date: Wed Jul 15 07:19:50 2015 +0000 - make regress/netcat.c fd passing (more) portable + upstream commit + + regen RSA1 test keys; the last batch was missing their + private parts + + Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a -commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea -Author: Damien Miller -Date: Thu Feb 26 20:32:58 2015 -0800 +commit 5bf0933184cb622ca3f96d224bf3299fd2285acc +Author: markus@openbsd.org +Date: Fri Jul 10 06:23:25 2015 +0000 - create OBJ/valgrind-out before running unittests + upstream commit + + Adapt tests, now that DSA if off by default; use + PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA. + + Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c -commit bd58853102cee739f0e115e6d4b5334332ab1442 -Author: Damien Miller -Date: Wed Feb 25 16:58:22 2015 -0800 +commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc +Author: markus@openbsd.org +Date: Tue Jul 7 14:54:16 2015 +0000 - valgrind support + upstream commit + + regen test data after mktestdata.sh changes + + Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4 -commit f43d17269194761eded9e89f17456332f4c83824 -Author: djm@openbsd.org -Date: Thu Feb 26 20:45:47 2015 +0000 +commit 7c8c174c69f681d4910fa41c37646763692b28e2 +Author: markus@openbsd.org +Date: Tue Jul 7 14:53:30 2015 +0000 upstream commit - don't printf NULL key comments; reported by Tom Christensen + adapt tests to new minimum RSA size and default FP format + + Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e -commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8 +commit 6a977a4b68747ade189e43d302f33403fd4a47ac Author: djm@openbsd.org -Date: Wed Feb 25 23:05:47 2015 +0000 +Date: Fri Jul 3 04:39:23 2015 +0000 upstream commit - zero cmsgbuf before use; we initialise the bits we use - but valgrind still spams warning on it + legacy v00 certificates are gone; adapt and don't try to + test them; "sure" markus@ dtucker@ + + Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12 -commit a63cfa26864b93ab6afefad0b630e5358ed8edfa +commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385 Author: djm@openbsd.org -Date: Wed Feb 25 19:54:02 2015 +0000 +Date: Wed Jul 1 23:11:18 2015 +0000 upstream commit - fix small memory leak when UpdateHostkeys=no + don't expect SSH v.1 in unittests + + Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397 -commit e6b950341dd75baa8526f1862bca39e52f5b879b -Author: Tim Rice -Date: Wed Feb 25 09:56:48 2015 -0800 +commit 3c099845798a817cdde513c39074ec2063781f18 +Author: djm@openbsd.org +Date: Mon Jun 15 06:38:50 2015 +0000 - Revert "Work around finicky USL linker so netcat will build." + upstream commit - This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. + turn SSH1 back on to match src/usr.bin/ssh being tested - No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3 + Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333 -commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0 -Author: djm@openbsd.org -Date: Wed Feb 25 17:29:38 2015 +0000 +commit b1dc2b33689668c75e95f873a42d5aea1f4af1db +Author: dtucker@openbsd.org +Date: Mon Jul 13 04:57:14 2015 +0000 upstream commit - don't leak validity of user in "too many authentication - failures" disconnect message; reported by Sebastian Reitenbach + Add "PuTTY_Local:" to the clients to which we do not + offer DH-GEX. This was the string that was used for development versions + prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately + there are some extant products based on those versions. bx2424 from Jay + Rouman, ok markus@ djm@ + + Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5 -commit 6288e3a935494df12519164f52ca5c8c65fc3ca5 -Author: naddy@openbsd.org -Date: Tue Feb 24 15:24:05 2015 +0000 +commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 +Author: markus@openbsd.org +Date: Fri Jul 10 06:21:53 2015 +0000 upstream commit - add -v (show ASCII art) to -l's synopsis; ok djm@ + Turn off DSA by default; add HostKeyAlgorithms to the + server and PubkeyAcceptedKeyTypes to the client side, so it still can be + tested or turned back on; feedback and ok djm@ + + Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21 -commit 678e473e2af2e4802f24dd913985864d9ead7fb3 -Author: Darren Tucker -Date: Thu Feb 26 04:12:58 2015 +1100 +commit 16db0a7ee9a87945cc594d13863cfcb86038db59 +Author: markus@openbsd.org +Date: Thu Jul 9 09:49:46 2015 +0000 - Remove dependency on xmalloc. + upstream commit - Remove ssh_get_progname's dependency on xmalloc, which should reduce - link order problems. ok djm@ + re-enable ed25519-certs if compiled w/o openssl; ok djm + + Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49 -commit 5d5ec165c5b614b03678afdad881f10e25832e46 -Author: Darren Tucker -Date: Wed Feb 25 15:32:49 2015 +1100 +commit c355bf306ac33de6545ce9dac22b84a194601e2f +Author: markus@openbsd.org +Date: Wed Jul 8 20:24:02 2015 +0000 - Restrict ECDSA and ECDH tests. + upstream commit - ifdef out some more ECDSA and ECDH tests when built against an OpenSSL - that does not have eliptic curve functionality. + no need to include the old buffer/key API + + Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b -commit 1734e276d99b17e92d4233fac7aef3a3180aaca7 -Author: Darren Tucker -Date: Wed Feb 25 13:40:45 2015 +1100 +commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee +Author: markus@openbsd.org +Date: Wed Jul 8 19:09:25 2015 +0000 - Move definition of _NSIG. + upstream commit - _NSIG is only unsed in one file, so move it there prevent redefinition - warnings reported by Kevin Brott. - -commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d -Author: Darren Tucker -Date: Wed Feb 25 13:17:40 2015 +1100 + typedefs for Cipher&CipherContext are unused + + Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7 - Add includes.h for compatibility stuff. +commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0 +Author: markus@openbsd.org +Date: Wed Jul 8 19:04:21 2015 +0000 -commit 38806bda6d2e48ad32812b461eebe17672ada771 -Author: Damien Miller -Date: Tue Feb 24 16:50:06 2015 -0800 + upstream commit + + xmalloc.h is unused + + Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58 - include netdb.h to look for MAXHOSTNAMELEN; ok tim +commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31 +Author: markus@openbsd.org +Date: Wed Jul 8 19:01:15 2015 +0000 -commit d1db656021d0cd8c001a6692f772f1de29b67c8b -Author: Tim Rice -Date: Tue Feb 24 10:42:08 2015 -0800 + upstream commit + + compress.c is gone + + Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced - Work around finicky USL linker so netcat will build. +commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615 +Author: djm@openbsd.org +Date: Fri Jul 3 04:05:54 2015 +0000 -commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3 -Author: Damien Miller -Date: Tue Feb 24 09:23:04 2015 -0800 + upstream commit + + another SSH_RSA_MINIMUM_MODULUS_SIZE that needed + cranking + + Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1 - include includes.h to avoid build failure on AIX +commit b1f383da5cd3cb921fc7776f17a14f44b8a31757 +Author: djm@openbsd.org +Date: Fri Jul 3 03:56:25 2015 +0000 -commit 13af342458f5064144abbb07e5ac9bbd4eb42567 -Author: Tim Rice -Date: Tue Feb 24 07:56:47 2015 -0800 + upstream commit + + add an XXX reminder for getting correct key paths from + sshd_config + + Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db - Original portability patch from djm@ for platforms missing err.h. - Fix name space clash on Solaris 10. Still more to do for Solaris 10 - to deal with msghdr structure differences. ok djm@ +commit 933935ce8d093996c34d7efa4d59113163080680 +Author: djm@openbsd.org +Date: Fri Jul 3 03:49:45 2015 +0000 -commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2 -Author: Tim Rice -Date: Mon Feb 23 22:06:56 2015 -0800 - - cleaner way fix dispatch.h portion of commit - a88dd1da119052870bb2654c1a32c51971eade16 - (some systems have sig_atomic_t in signal.h, some in sys/signal.h) - Sounds good to me djm@ - -commit 676c38d7cbe65b76bbfff796861bb6615cc6a596 -Author: Tim Rice -Date: Mon Feb 23 21:51:33 2015 -0800 - - portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255 - -commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6 -Author: Tim Rice -Date: Mon Feb 23 21:50:34 2015 -0800 - - portablity fix: s/__inline__/inline/ - -commit 4c356308a88d309c796325bb75dce90ca16591d5 -Author: Darren Tucker -Date: Tue Feb 24 13:49:31 2015 +1100 - - Wrap stdint.h includes in HAVE_STDINT_H. - -commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614 -Author: Darren Tucker -Date: Tue Feb 24 13:43:57 2015 +1100 - - Add AI_NUMERICSERV to fake-rfc2553. + upstream commit - Our getaddrinfo implementation always returns numeric values already. - -commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4 -Author: Darren Tucker -Date: Tue Feb 24 13:39:57 2015 +1100 - - Include OpenSSL's objects.h before bn.h. + refuse to generate or accept RSA keys smaller than 1024 + bits; feedback and ok dtucker@ - Prevents compile errors on some platforms (at least old GCCs and AIX's - XLC compilers). + Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba -commit dcc8997d116f615195aa7c9ec019fb36c28c6228 -Author: Darren Tucker -Date: Tue Feb 24 12:30:59 2015 +1100 +commit bdfd29f60b74f3e678297269dc6247a5699583c1 +Author: djm@openbsd.org +Date: Fri Jul 3 03:47:00 2015 +0000 - Convert two macros into functions. + upstream commit - Convert packet_send_debug and packet_disconnect from macros to - functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with - variadic macros with only one argument so we convert these two into - functions. ok djm@ + turn off 1024 bit diffie-hellman-group1-sha1 key + exchange method (already off in server, this turns it off in the client by + default too) ok dtucker@ + + Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa -commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1 +commit c28fc62d789d860c75e23a9fa9fb250eb2beca57 Author: djm@openbsd.org -Date: Mon Feb 23 22:21:21 2015 +0000 +Date: Fri Jul 3 03:43:18 2015 +0000 upstream commit - further silence spurious error message even when -v is - specified (e.g. to get visual host keys); reported by naddy@ - -commit 9af21979c00652029e160295e988dea40758ece2 -Author: Damien Miller -Date: Tue Feb 24 09:04:32 2015 +1100 - - don't include stdint.h unless HAVE_STDINT_H set + delete support for legacy v00 certificates; "sure" + markus@ dtucker@ + + Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f -commit 62f678dd51660d6f8aee1da33d3222c5de10a89e -Author: Damien Miller -Date: Tue Feb 24 09:02:54 2015 +1100 +commit 564d63e1b4a9637a209d42a9d49646781fc9caef +Author: djm@openbsd.org +Date: Wed Jul 1 23:10:47 2015 +0000 - nother sys/queue.h -> sys-queue.h fix + upstream commit - spotted by Tom Christensen + Compile-time disable SSH v.1 again + + Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af -commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f +commit 868109b650504dd9bcccdb1f51d0906f967c20ff Author: djm@openbsd.org -Date: Mon Feb 23 20:32:15 2015 +0000 +Date: Wed Jul 1 02:39:06 2015 +0000 upstream commit - fix a race condition by using a mux socket rather than an - ineffectual wait statement + twiddle PermitRootLogin back + + Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2 -commit a88dd1da119052870bb2654c1a32c51971eade16 -Author: Damien Miller -Date: Tue Feb 24 06:30:29 2015 +1100 +commit 7de4b03a6e4071d454b72927ffaf52949fa34545 +Author: djm@openbsd.org +Date: Wed Jul 1 02:32:17 2015 +0000 - various include fixes for portable + upstream commit + + twiddle; (this commit marks the openssh-6.9 release) + + Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234 -commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd +commit 1bf477d3cdf1a864646d59820878783d42357a1d Author: djm@openbsd.org -Date: Mon Feb 23 16:55:51 2015 +0000 +Date: Wed Jul 1 02:26:31 2015 +0000 upstream commit - add an XXX to remind me to improve sshkey_load_public + better refuse ForwardX11Trusted=no connections attempted + after ForwardX11Timeout expires; reported by Jann Horn + + Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21 -commit e94e4b07ef2eaead38b085a60535df9981cdbcdb +commit 47aa7a0f8551b471fcae0447c1d78464f6dba869 Author: djm@openbsd.org -Date: Mon Feb 23 16:55:31 2015 +0000 +Date: Wed Jul 1 01:56:13 2015 +0000 upstream commit - silence a spurious error message when listing - fingerprints for known_hosts; bz#2342 + put back default PermitRootLogin=no + + Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728 -commit f2293a65392b54ac721f66bc0b44462e8d1d81f8 +commit 984b064fe2a23733733262f88d2e1b2a1a501662 Author: djm@openbsd.org -Date: Mon Feb 23 16:33:25 2015 +0000 +Date: Wed Jul 1 01:55:13 2015 +0000 upstream commit - fix setting/clearing of TTY raw mode around - UpdateHostKeys=ask confirmation question; reported by Herb Goldman + openssh-6.9 + + Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45 -commit f2004cd1adf34492eae0a44b1ef84e0e31b06088 -Author: Darren Tucker -Date: Mon Feb 23 05:04:21 2015 +1100 +commit d921082ed670f516652eeba50705e1e9f6325346 +Author: djm@openbsd.org +Date: Wed Jul 1 01:55:00 2015 +0000 - Repair for non-ECC OpenSSL. + upstream commit - Ifdef out the ECC parts when building with an OpenSSL that doesn't have - it. + reset default PermitRootLogin to 'yes' (momentarily, for + release) + + Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24 -commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f -Author: Darren Tucker -Date: Mon Feb 23 03:07:24 2015 +1100 +commit 66295e0e1ba860e527f191b6325d2d77dec4dbce +Author: Damien Miller +Date: Wed Jul 1 11:49:12 2015 +1000 - Wrap stdint.h includes in ifdefs. + crank version numbers for release -commit f81f1bbc5b892c8614ea740b1f92735652eb43f0 -Author: Tim Rice -Date: Sat Feb 21 18:12:10 2015 -0800 +commit 37035c07d4f26bb1fbe000d2acf78efdb008681d +Author: Damien Miller +Date: Wed Jul 1 10:49:37 2015 +1000 - out of tree build fix + s/--with-ssh1/--without-ssh1/ -commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae -Author: Tim Rice -Date: Sat Feb 21 18:08:51 2015 -0800 +commit 629df770dbadc2accfbe1c81b3f31f876d0acd84 +Author: djm@openbsd.org +Date: Tue Jun 30 05:25:07 2015 +0000 - mkdir kex unit test directory so testing out of tree builds works + upstream commit + + fatal() when a remote window update causes the window + value to overflow. Reported by Georg Wicherski, ok markus@ + + Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351 -commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c -Author: halex@openbsd.org -Date: Sat Feb 21 21:46:57 2015 +0000 +commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2 +Author: djm@openbsd.org +Date: Tue Jun 30 05:23:25 2015 +0000 upstream commit - make "ssh-add -d" properly remove a corresponding - certificate, and also not whine and fail if there is none + Fix math error in remote window calculations that causes + eventual stalls for datagram channels. Reported by Georg Wicherski, ok + markus@ - ok djm@ + Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab -commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6 +commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889 Author: Damien Miller -Date: Sun Feb 22 07:57:27 2015 +1100 +Date: Tue Jun 30 16:05:40 2015 +1000 - mkdir hostkey and bitmap unit test directories + skip IPv6-related portions on hosts without IPv6 + + with Tim Rice -commit bd49da2ef197efac5e38f5399263a8b47990c538 +commit 512caddf590857af6aa12218461b5c0441028cf5 Author: djm@openbsd.org -Date: Fri Feb 20 23:46:01 2015 +0000 +Date: Mon Jun 29 22:35:12 2015 +0000 upstream commit - sort options useable under Match case-insensitively; prodded - jmc@ + add getpid to sandbox, reachable by grace_alarm_handler + + reported by Jakub Jelen; bz#2419 + + Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8 -commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac +commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93 Author: djm@openbsd.org -Date: Sat Feb 21 20:51:02 2015 +0000 +Date: Fri Jun 26 05:13:20 2015 +0000 upstream commit - correct paths to configuration files being written/updated; - they live in $OBJ not cwd; some by Roumen Petrov - -commit 28ba006c1acddff992ae946d0bc0b500b531ba6b -Author: Darren Tucker -Date: Sat Feb 21 15:41:07 2015 +1100 - - More correct checking of HAVE_DECL_AI_NUMERICSERV. - -commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54 -Author: Darren Tucker -Date: Sat Feb 21 15:10:33 2015 +1100 - - Add null declaration of AI_NUMERICINFO. + Fix \-escaping bug that caused forward path parsing to skip + two characters and skip past the end of the string. - Some platforms (older FreeBSD and DragonFly versions) do have - getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero - in those cases. + Based on patch by Salvador Fandino; ok dtucker@ + + Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd -commit 18a208d6a460d707a45916db63a571e805f5db46 -Author: djm@openbsd.org -Date: Fri Feb 20 22:40:32 2015 +0000 +commit bc20205c91c9920361d12b15d253d4997dba494a +Author: Damien Miller +Date: Thu Jun 25 09:51:39 2015 +1000 - upstream commit + add missing pselect6 - more options that are available under Match; bz#2353 reported - by calestyo AT scientia.net + patch from Jakub Jelen -commit 44732de06884238049f285f1455b2181baa7dc82 +commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a Author: djm@openbsd.org -Date: Fri Feb 20 22:17:21 2015 +0000 +Date: Wed Jun 24 23:47:23 2015 +0000 upstream commit - UpdateHostKeys fixes: + correct test to sshkey_sign(); spotted by Albert S. - I accidentally changed the format of the hostkeys@openssh.com messages - last week without changing the extension name, and this has been causing - connection failures for people who are running -current. First reported - by sthen@ - - s/hostkeys@openssh.com/hostkeys-00@openssh.com/ - Change the name of the proof message too, and reorder it a little. - - Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY - available to read the response) so disable UpdateHostKeys if it is in - ask mode and ControlPersist is active (and document this) + Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933 -commit 13a39414d25646f93e6d355521d832a03aaaffe2 -Author: djm@openbsd.org -Date: Tue Feb 17 00:14:05 2015 +0000 +commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3 +Author: dtucker@openbsd.org +Date: Wed Jun 24 01:49:19 2015 +0000 upstream commit - Regression: I broke logging of public key fingerprints in - 1.46. Pointed out by Pontus Lundkvist - -commit 773dda25e828c4c9a52f7bdce6e1e5924157beab -Author: Damien Miller -Date: Fri Jan 30 23:10:17 2015 +1100 - - repair --without-openssl; broken in refactor - -commit e89c780886b23600de1e1c8d74aabd1ff61f43f0 -Author: Damien Miller -Date: Tue Feb 17 10:04:55 2015 +1100 - - hook up hostkeys unittest to portable Makefiles + Revert previous commit. We still want to call setgroups + in the case where there are zero groups to remove any that we might otherwise + inherit (as pointed out by grawity at gmail.com) and since the 2nd argument + to setgroups is always a static global it's always valid to dereference in + this case. ok deraadt@ djm@ + + Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 -commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99 -Author: djm@openbsd.org -Date: Mon Feb 16 22:21:03 2015 +0000 +commit 882f8bf94f79528caa65b0ba71c185d705bb7195 +Author: dtucker@openbsd.org +Date: Wed Jun 24 01:49:19 2015 +0000 upstream commit - enable hostkeys unit tests + Revert previous commit. We still want to call setgroups in + the case where there are zero groups to remove any that we might otherwise + inherit (as pointed out by grawity at gmail.com) and since the 2nd argument + to setgroups is always a static global it's always valid to dereference in + this case. ok deraadt@ djm@ + + Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 -commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b +commit 9488538a726951e82b3a4374f3c558d72c80a89b Author: djm@openbsd.org -Date: Mon Feb 16 22:20:50 2015 +0000 +Date: Mon Jun 22 23:42:16 2015 +0000 upstream commit - check string/memory compare arguments aren't NULL + Don't count successful partial authentication as failures + in monitor; this may have caused the monitor to refuse multiple + authentications that would otherwise have successfully completed; ok markus@ + + Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3 -commit ef575ef20d09f20722e26b45dab80b3620469687 -Author: djm@openbsd.org -Date: Mon Feb 16 22:18:34 2015 +0000 +commit 63b78d003bd8ca111a736e6cea6333da50f5f09b +Author: dtucker@openbsd.org +Date: Mon Jun 22 12:29:57 2015 +0000 upstream commit - unit tests for hostfile.c code, just hostkeys_foreach so - far + Don't call setgroups if we have zero groups; there's no + guarantee that it won't try to deref the pointer. Based on a patch from mail + at quitesimple.org, ok djm deraadt + + Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1 -commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7 -Author: markus@openbsd.org -Date: Sat Feb 14 12:43:16 2015 +0000 +commit 5c15e22c691c79a47747bcf5490126656f97cecd +Author: Damien Miller +Date: Thu Jun 18 15:07:56 2015 +1000 - upstream commit - - test server rekey limit + fix syntax error -commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3 -Author: djm@openbsd.org -Date: Mon Feb 16 22:30:03 2015 +0000 +commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403 +Author: jsing@openbsd.org +Date: Mon Jun 15 18:44:22 2015 +0000 upstream commit - partial backout of: + If AuthorizedPrincipalsCommand is specified, however + AuthorizedPrincipalsFile is not (or is set to "none"), authentication will + potentially fail due to key_cert_check_authority() failing to locate a + principal that matches the username, even though an authorized principal has + already been matched in the output of the subprocess. Fix this by using the + same logic to determine if pw->pw_name should be passed, as is used to + determine if a authorized principal must be matched earlier on. - revision 1.441 - date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid - : x8klYPZMJSrVlt3O; - Let sshd load public host keys even when private keys are missing. - Allows sshd to advertise additional keys for future key rotation. - Also log fingerprint of hostkeys loaded; ok markus@ + ok djm@ - hostkey updates now require access to the private key, so we can't - load public keys only. The improved log messages (fingerprints of keys - loaded) are kept. + Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d -commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc -Author: djm@openbsd.org -Date: Mon Feb 16 22:13:32 2015 +0000 +commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905 +Author: jsing@openbsd.org +Date: Mon Jun 15 18:42:19 2015 +0000 upstream commit - Revise hostkeys@openssh.com hostkey learning extension. + Make the arguments to match_principals_command() similar + to match_principals_file(), by changing the last argument a struct + sshkey_cert * and dereferencing key->cert in the caller. - The client will not ask the server to prove ownership of the private - halves of any hitherto-unseen hostkeys it offers to the client. + No functional change. - Allow UpdateHostKeys option to take an 'ask' argument to let the - user manually review keys offered. + ok djm@ - ok markus@ + Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c -commit 6c5c949782d86a6e7d58006599c7685bfcd01685 -Author: djm@openbsd.org -Date: Mon Feb 16 22:08:57 2015 +0000 +commit 97e2e1596c202a4693468378b16b2353fd2d6c5e +Author: Damien Miller +Date: Wed Jun 17 14:36:54 2015 +1000 - upstream commit + trivial optimisation for seccomp-bpf - Refactor hostkeys_foreach() and dependent code Deal with - IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing - changed ok markus@ as part of larger commit + When doing arg inspection and the syscall doesn't match, skip + past the instruction that reloads the syscall into the accumulator, + since the accumulator hasn't been modified at this point. -commit 51b082ccbe633dc970df1d1f4c9c0497115fe721 -Author: miod@openbsd.org -Date: Mon Feb 16 18:26:26 2015 +0000 +commit 99f33d7304893bd9fa04d227cb6e870171cded19 +Author: Damien Miller +Date: Wed Jun 17 10:50:51 2015 +1000 - upstream commit + aarch64 support for seccomp-bpf sandbox - Declare ge25519_base as extern, to prevent it from - becoming a common. Gets us rid of ``lignment 4 of symbol - `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in - mod_ed25519.o'' warnings at link time. + Also resort and tidy syscall list. Based on patches by Jakub Jelen + bz#2361; ok dtucker@ -commit 02db468bf7e3281a8e3c058ced571b38b6407c34 -Author: markus@openbsd.org -Date: Fri Feb 13 18:57:00 2015 +0000 +commit 4ef702e1244633c1025ec7cfe044b9ab267097bf +Author: djm@openbsd.org +Date: Mon Jun 15 01:32:50 2015 +0000 upstream commit - make rekey_limit for sshd w/privsep work; ok djm@ - dtucker@ + return failure on RSA signature error; reported by Albert S + + Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa -commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8 -Author: dtucker@openbsd.org -Date: Thu Feb 12 20:34:19 2015 +0000 +commit a170f22baf18af0b1acf2788b8b715605f41a1f9 +Author: Tim Rice +Date: Tue Jun 9 22:41:13 2015 -0700 - upstream commit - - Prevent sshd spamming syslog with - "ssh_dispatch_run_fatal: disconnected". ok markus@ + Fix t12 rules for out of tree builds. -commit d4c0295d1afc342057ba358237acad6be8af480b -Author: djm@openbsd.org -Date: Wed Feb 11 01:20:38 2015 +0000 +commit ec04dc4a5515c913121bc04ed261857e68fa5c18 +Author: millert@openbsd.org +Date: Fri Jun 5 15:13:13 2015 +0000 upstream commit - Some packet error messages show the address of the peer, - but might be generated after the socket to the peer has suffered a TCP reset. - In these cases, getpeername() won't work so cache the address earlier. + For "ssh -L 12345:/tmp/sock" don't fail with "No forward host + name." (we have a path, not a host name). Based on a diff from Jared + Yanovich. OK djm@ - spotted in the wild via deraadt@ and tedu@ + Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f -commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d -Author: jsg@openbsd.org -Date: Mon Feb 9 23:22:37 2015 +0000 +commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6 +Author: djm@openbsd.org +Date: Fri Jun 5 03:44:14 2015 +0000 upstream commit - fix some leaks in error paths ok markus@ + typo: accidental repetition; bz#2386 + + Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b -commit fd36834871d06a03e1ff8d69e41992efa1bbf85f -Author: millert@openbsd.org -Date: Fri Feb 6 23:21:59 2015 +0000 +commit adfb24c69d1b6f5e758db200866c711e25a2ba73 +Author: Darren Tucker +Date: Fri Jun 5 14:51:40 2015 +1000 - upstream commit + Add Linux powerpc64le and powerpcle entries. - SIZE_MAX is standard, we should be using it in preference to - the obsolete SIZE_T_MAX. OK miod@ beck@ + Stopgap to resolve bz#2409 because we are so close to release and will + update config.guess and friends shortly after the release. ok djm@ -commit 1910a286d7771eab84c0b047f31c0a17505236fa -Author: millert@openbsd.org -Date: Thu Feb 5 12:59:57 2015 +0000 +commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da +Merge: 6397eed d2480bc +Author: Tim Rice +Date: Wed Jun 3 21:43:13 2015 -0700 - upstream commit - - Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ + Merge branch 'master' of git.mindrot.org:/var/git/openssh -commit ce4f59b2405845584f45e0b3214760eb0008c06c -Author: deraadt@openbsd.org -Date: Tue Feb 3 08:07:20 2015 +0000 +commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc +Author: Tim Rice +Date: Wed Jun 3 21:41:11 2015 -0700 - upstream commit - - missing ; djm and mlarkin really having great - interactions recently + Remove unneeded backslashes. Patch from Ángel González -commit 5d34aa94938abb12b877a25be51862757f25d54b -Author: halex@openbsd.org -Date: Tue Feb 3 00:34:14 2015 +0000 +commit d2480bcac1caf31b03068de877a47d6e1027bf6d +Author: Darren Tucker +Date: Thu Jun 4 14:10:55 2015 +1000 - upstream commit - - slightly extend the passphrase prompt if running with -c - in order to give the user a chance to notice if unintentionally running - without it - - wording tweak and ok djm@ + Remove redundant include of stdarg.h. bz#2410 -commit cb3bde373e80902c7d5d0db429f85068d19b2918 +commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb Author: djm@openbsd.org -Date: Mon Feb 2 22:48:53 2015 +0000 +Date: Tue Jun 2 09:10:40 2015 +0000 upstream commit - handle PKCS#11 C_Login returning - CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@ + mention CheckHostIP adding addresses to known_hosts; + bz#1993; ok dtucker@ + + Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7 -commit 15ad750e5ec3cc69765b7eba1ce90060e7083399 -Author: djm@openbsd.org -Date: Mon Feb 2 07:41:40 2015 +0000 +commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818 +Author: Darren Tucker +Date: Tue Jun 2 20:15:26 2015 +1000 - upstream commit + Replace strcpy with strlcpy. - turn UpdateHostkeys off by default until I figure out - mlarkin@'s warning message; requested by deraadt@ + ok djm, sanity check by Corinna Vinschen. -commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 -Author: deraadt@openbsd.org -Date: Mon Feb 2 01:57:44 2015 +0000 +commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143 +Author: Damien Miller +Date: Fri May 29 18:27:21 2015 +1000 - upstream commit - - increasing encounters with difficult DNS setups in - darknets has convinced me UseDNS off by default is better ok djm + skip, rather than fatal when run without SUDO set -commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38 -Author: djm@openbsd.org -Date: Sat Jan 31 20:30:05 2015 +0000 +commit 599f01142a376645b15cbc9349d7e8975e1cf245 +Author: Damien Miller +Date: Fri May 29 18:03:15 2015 +1000 - upstream commit - - Let sshd load public host keys even when private keys are - missing. Allows sshd to advertise additional keys for future key rotation. - Also log fingerprint of hostkeys loaded; ok markus@ + fix merge botch that left ",," in KEX algs -commit 46347ed5968f582661e8a70a45f448e0179ca0ab -Author: djm@openbsd.org -Date: Fri Jan 30 11:43:14 2015 +0000 +commit 0c2a81dfc21822f2423edd30751e5ec53467b347 +Author: Damien Miller +Date: Fri May 29 17:08:28 2015 +1000 - upstream commit - - Add a ssh_config HostbasedKeyType option to control which - host public key types are tried during hostbased authentication. - - This may be used to prevent too many keys being sent to the server, - and blowing past its MaxAuthTries limit. - - bz#2211 based on patch by Iain Morgan; ok markus@ + re-enable SSH protocol 1 at compile time -commit 802660cb70453fa4d230cb0233bc1bbdf8328de1 +commit db438f9285d64282d3ac9e8c0944f59f037c0151 Author: djm@openbsd.org -Date: Fri Jan 30 10:44:49 2015 +0000 +Date: Fri May 29 03:05:13 2015 +0000 upstream commit - set a timeout to prevent hangs when talking to busted - servers; ok markus@ + make this work without SUDO set; ok dtucker@ + + Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715 -commit 86936ec245a15c7abe71a0722610998b0a28b194 +commit 1d9a2e2849c9864fe75daabf433436341c968e14 Author: djm@openbsd.org -Date: Fri Jan 30 01:11:39 2015 +0000 +Date: Thu May 28 07:37:31 2015 +0000 upstream commit - regression test for 'wildcard CA' serial/key ID revocations + wrap all moduli-related code in #ifdef WITH_OPENSSL. + based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@ + + Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf -commit 4509b5d4a4fa645a022635bfa7e86d09b285001f -Author: djm@openbsd.org -Date: Fri Jan 30 01:13:33 2015 +0000 +commit 496aeb25bc2d6c434171292e4714771b594bd00e +Author: dtucker@openbsd.org +Date: Thu May 28 05:41:29 2015 +0000 upstream commit - avoid more fatal/exit in the packet.c paths that - ssh-keyscan uses; feedback and "looks good" markus@ + Increase the allowed length of the known host file name + in the log message to be consistent with other cases. Part of bz#1993, ok + deraadt. + + Upstream-ID: a9e97567be49f25daf286721450968251ff78397 -commit 669aee994348468af8b4b2ebd29b602cf2860b22 -Author: djm@openbsd.org -Date: Fri Jan 30 01:10:33 2015 +0000 +commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14 +Author: dtucker@openbsd.org +Date: Thu May 28 05:09:45 2015 +0000 upstream commit - permit KRLs that revoke certificates by serial number or - key ID without scoping to a particular CA; ok markus@ + Fix typo (keywork->keyword) + + Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534 -commit 7a2c368477e26575d0866247d3313da4256cb2b5 +commit 9cc6842493fbf23025ccc1edab064869640d3bec Author: djm@openbsd.org -Date: Fri Jan 30 00:59:19 2015 +0000 +Date: Thu May 28 04:50:53 2015 +0000 upstream commit - missing parentheses after if in do_convert_from() broke - private key conversion from other formats some time in 2010; bz#2345 reported - by jjelen AT redhat.com + add error message on ftruncate failure; bz#2176 + + Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf -commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355 +commit d1958793a0072c22be26d136dbda5ae263e717a0 Author: djm@openbsd.org -Date: Fri Jan 30 00:22:25 2015 +0000 +Date: Thu May 28 04:40:13 2015 +0000 upstream commit - fix ssh protocol 1, spotted by miod@ + make ssh-keygen default to ed25519 keys when compiled + without OpenSSL; bz#2388, ok dtucker@ + + Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71 -commit 9ce86c926dfa6e0635161b035e3944e611cbccf0 -Author: djm@openbsd.org -Date: Wed Jan 28 22:36:00 2015 +0000 +commit 3ecde664c9fc5fb3667aedf9e6671462600f6496 +Author: dtucker@openbsd.org +Date: Wed May 27 23:51:10 2015 +0000 upstream commit - update to new API (key_fingerprint => sshkey_fingerprint) - check sshkey_fingerprint return values; ok markus + Reorder client proposal to prefer + diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@ + + Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058 -commit 9125525c37bf73ad3ee4025520889d2ce9d10f29 -Author: djm@openbsd.org -Date: Wed Jan 28 22:05:31 2015 +0000 +commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68 +Author: dtucker@openbsd.org +Date: Wed May 27 23:39:18 2015 +0000 upstream commit - avoid fatal() calls in packet code makes ssh-keyscan more - reliable against server failures ok dtucker@ markus@ + Add a stronger (4k bit) fallback group that sshd can use + when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok + markus@ (earlier version), djm@ + + Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4 -commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb -Author: djm@openbsd.org -Date: Wed Jan 28 21:15:47 2015 +0000 +commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a +Author: Darren Tucker +Date: Thu May 28 10:03:40 2015 +1000 - upstream commit + New moduli file from OpenBSD, removing 1k groups. - avoid fatal() calls in packet code makes ssh-keyscan more - reliable against server failures ok dtucker@ markus@ + Remove 1k bit groups. ok deraadt@, markus@ -commit 1a3d14f6b44a494037c7deab485abe6496bf2c60 +commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea Author: djm@openbsd.org -Date: Wed Jan 28 11:07:25 2015 +0000 +Date: Wed May 27 05:15:02 2015 +0000 upstream commit - remove obsolete comment + support PKCS#11 devices with external PIN entry devices + bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@ + + Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d -commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639 -Author: okan@openbsd.org -Date: Tue Jan 27 12:54:06 2015 +0000 +commit b282fec1aa05246ed3482270eb70fc3ec5f39a00 +Author: dtucker@openbsd.org +Date: Tue May 26 23:23:40 2015 +0000 upstream commit - Since r1.2 removed the use of PRI* macros, inttypes.h is - no longer required. - - ok djm@ - -commit 69ff64f69615c2a21c97cb5878a0996c21423257 -Author: Damien Miller -Date: Tue Jan 27 23:07:43 2015 +1100 - - compile on systems without TCP_MD5SIG (e.g. OSX) - -commit 358964f3082fb90b2ae15bcab07b6105cfad5a43 -Author: Damien Miller -Date: Tue Jan 27 23:07:25 2015 +1100 - - use ssh-keygen under test rather than system's - -commit a2c95c1bf33ea53038324d1fdd774bc953f98236 -Author: Damien Miller -Date: Tue Jan 27 23:06:59 2015 +1100 - - OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX - -commit ade31d7b6f608a19b85bee29a7a00b1e636a2919 -Author: Damien Miller -Date: Tue Jan 27 23:06:23 2015 +1100 - - these need active_state defined to link on OSX + Cap DH-GEX group size at 4kbits for Cisco implementations. + Some of them will choke when asked for preferred sizes >4k instead of + returning the 4k group that they do have. bz#2209, ok djm@ - temporary measure until active_state goes away entirely + Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d -commit e56aa87502f22c5844918c10190e8b4f785f067b +commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e Author: djm@openbsd.org -Date: Tue Jan 27 12:01:36 2015 +0000 +Date: Sun May 24 23:39:16 2015 +0000 upstream commit - use printf instead of echo -n to reduce diff against - -portable + add missing 'c' option to getopt(), case statement was + already there; from Felix Bolte + + Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081 -commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068 -Author: jmc@openbsd.org -Date: Mon Jan 26 13:55:29 2015 +0000 +commit 64a89ec07660abba4d0da7c0095b7371c98bab62 +Author: jsg@openbsd.org +Date: Sat May 23 14:28:37 2015 +0000 upstream commit - sort previous; + fix a memory leak in an error path ok markus@ dtucker@ + + Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598 -commit 3076ee7d530d5b16842fac7a6229706c7e5acd26 +commit f948737449257d2cb83ffcfe7275eb79b677fd4a Author: djm@openbsd.org -Date: Mon Jan 26 13:36:53 2015 +0000 +Date: Fri May 22 05:28:45 2015 +0000 upstream commit - properly restore umask + mention ssh-keygen -E for comparing legacy MD5 + fingerprints; bz#2332 + + Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859 -commit d411d395556b73ba1b9e451516a0bd6697c4b03d +commit 0882332616e4f0272c31cc47bf2018f9cb258a4e Author: djm@openbsd.org -Date: Mon Jan 26 06:12:18 2015 +0000 +Date: Fri May 22 04:45:52 2015 +0000 upstream commit - regression test for host key rotation + Reorder EscapeChar option parsing to avoid a single-byte + out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@ + + Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060 -commit fe8a3a51699afbc6407a8fae59b73349d01e49f8 +commit d7c31da4d42c115843edee2074d7d501f8804420 Author: djm@openbsd.org -Date: Mon Jan 26 06:11:28 2015 +0000 +Date: Fri May 22 03:50:02 2015 +0000 upstream commit - adapt to sshkey API tweaks + add knob to relax GSSAPI host credential check for + multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker + (kerberos/GSSAPI is not compiled by default on OpenBSD) + + Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d -commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434 -Author: miod@openbsd.org -Date: Sat Jan 24 10:39:21 2015 +0000 +commit aa72196a00be6e0b666215edcffbc10af234cb0e +Author: Darren Tucker +Date: Fri May 22 17:49:46 2015 +1000 - upstream commit + Include signal.h for sig_atomic_t, used by kex.h. - Move -lz late in the linker commandline for things to - build on static arches. + bz#2402, from tomas.kuthan at oracle com. -commit 0dad3b806fddb93c475b30853b9be1a25d673a33 -Author: miod@openbsd.org -Date: Fri Jan 23 21:21:23 2015 +0000 +commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a +Author: Darren Tucker +Date: Fri May 22 12:47:24 2015 +1000 - upstream commit - - -Wpointer-sign is supported by gcc 4 only. + Import updated moduli file from OpenBSD. -commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098 +commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9 Author: djm@openbsd.org -Date: Tue Jan 20 22:58:57 2015 +0000 +Date: Thu May 21 12:01:19 2015 +0000 upstream commit - use SUBDIR to recuse into unit tests; makes "make obj" - actually work + Support "ssh-keygen -lF hostname" to find search known_hosts + and print key hashes. Already advertised by ssh-keygen(1), but not delivered + by code; ok dtucker@ + + Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387 -commit 1d1092bff8db27080155541212b420703f8b9c92 +commit e97201feca10b5196da35819ae516d0b87cf3a50 +Author: Damien Miller +Date: Thu May 21 17:55:15 2015 +1000 + + conditionalise util.h inclusion + +commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0 Author: djm@openbsd.org -Date: Mon Jan 26 12:16:36 2015 +0000 +Date: Thu May 21 06:44:25 2015 +0000 upstream commit - correct description of UpdateHostKeys in ssh_config.5 and - add it to -o lists for ssh, scp and sftp; pointed out by jmc@ + regress test for AuthorizedPrincipalsCommand + + Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219 -commit 5104db7cbd6cdd9c5971f4358e74414862fc1022 +commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1 Author: djm@openbsd.org -Date: Mon Jan 26 06:10:03 2015 +0000 +Date: Thu May 21 06:40:02 2015 +0000 upstream commit - correctly match ECDSA subtype (== curve) for - offered/recevied host keys. Fixes connection-killing host key mismatches when - a server offers multiple ECDSA keys with different curve type (an extremely - unlikely configuration). + regress test for AuthorizedKeysCommand arguments - ok markus, "looks mechanical" deraadt@ + Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12 -commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 +commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1 Author: djm@openbsd.org -Date: Mon Jan 26 03:04:45 2015 +0000 +Date: Thu May 21 06:43:30 2015 +0000 upstream commit - Host key rotation support. - - Add a hostkeys@openssh.com protocol extension (global request) for - a server to inform a client of all its available host key after - authentication has completed. The client may record the keys in - known_hosts, allowing it to upgrade to better host key algorithms - and a server to gracefully rotate its keys. + add AuthorizedPrincipalsCommand that allows getting + authorized_principals from a subprocess rather than a file, which is quite + useful in deployments with large userbases - The client side of this is controlled by a UpdateHostkeys config - option (default on). + feedback and ok markus@ - ok markus@ + Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6 -commit 60b1825262b1f1e24fc72050b907189c92daf18e +commit 24232a3e5ab467678a86aa67968bbb915caffed4 Author: djm@openbsd.org -Date: Mon Jan 26 02:59:11 2015 +0000 +Date: Thu May 21 06:38:35 2015 +0000 upstream commit - small refactor and add some convenience functions; ok - markus + support arguments to AuthorizedKeysCommand + + bz#2081 loosely based on patch by Sami Hartikainen + feedback and ok markus@ + + Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7 -commit a5a3e3328ddce91e76f71ff479022d53e35c60c9 -Author: jmc@openbsd.org -Date: Thu Jan 22 21:00:42 2015 +0000 +commit d80fbe41a57c72420c87a628444da16d09d66ca7 +Author: djm@openbsd.org +Date: Thu May 21 04:55:51 2015 +0000 upstream commit - heirarchy -> hierarchy; + refactor: split base64 encoding of pubkey into its own + sshkey_to_base64() function and out of sshkey_write(); ok markus@ + + Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a -commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11 +commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5 Author: deraadt@openbsd.org -Date: Thu Jan 22 20:24:41 2015 +0000 +Date: Mon May 18 15:06:05 2015 +0000 upstream commit - Provide a warning about chroot misuses (which sadly, seem - to have become quite popular because shiny). sshd cannot detect/manage/do - anything about these cases, best we can do is warn in the right spot in the - man page. ok markus + getentropy() and sendsyslog() have been around long + enough. openssh-portable may want the #ifdef's but not base. discussed with + djm few weeks back + + Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926 -commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076 -Author: deraadt@openbsd.org -Date: Tue Jan 20 23:14:00 2015 +0000 +commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e +Author: dtucker@openbsd.org +Date: Fri May 15 05:44:21 2015 +0000 upstream commit - Reduce use of and transition to - throughout. ok djm markus + Use a salted hash of the lock passphrase instead of plain + text and do constant-time comparisons of it. Should prevent leaking any + information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s + incrementing delay for each failed unlock attempt up to 10s. ok markus@ + (earlier version), djm@ + + Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f -commit 57e783c8ba2c0797f93977e83b2a8644a03065d8 -Author: markus@openbsd.org -Date: Tue Jan 20 20:16:21 2015 +0000 +commit d028d5d3a697c71b21e4066d8672cacab3caa0a8 +Author: Damien Miller +Date: Tue May 5 19:10:58 2015 +1000 upstream commit - kex_setup errors are fatal() + - tedu@cvs.openbsd.org 2015/01/12 03:20:04 + [bcrypt_pbkdf.c] + rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks, + nor are they the same size. -commit 1d6424a6ff94633c221297ae8f42d54e12a20912 -Author: djm@openbsd.org -Date: Tue Jan 20 08:02:33 2015 +0000 +commit f6391d4e59b058984163ab28f4e317e7a72478f1 +Author: Damien Miller +Date: Tue May 5 19:10:23 2015 +1000 upstream commit - this test would accidentally delete agent.sh if run without - obj/ + - deraadt@cvs.openbsd.org 2015/01/08 00:30:07 + [bcrypt_pbkdf.c] + declare a local version of MIN(), call it MINIMUM() -commit 12b5f50777203e12575f1b08568281e447249ed3 -Author: djm@openbsd.org -Date: Tue Jan 20 07:56:44 2015 +0000 +commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f +Author: Damien Miller +Date: Tue May 5 19:09:46 2015 +1000 upstream commit - make this compile with KERBEROS5 enabled + - djm@cvs.openbsd.org 2014/12/30 01:41:43 + [bcrypt_pbkdf.c] + typo in comment: ouput => output -commit e2cc6bef08941256817d44d146115b3478586ad4 +commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2 Author: djm@openbsd.org -Date: Tue Jan 20 07:55:33 2015 +0000 +Date: Mon May 4 06:10:48 2015 +0000 upstream commit - fix hostkeys in agent; ok markus@ - -commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1 -Author: Damien Miller -Date: Tue Jan 20 10:11:31 2015 +1100 - - fix kex test + Remove pattern length argument from match_pattern_list(), we + only ever use it for strlen(pattern). + + Prompted by hanno AT hboeck.de pointing an out-of-bound read + error caused by an incorrect pattern length found using AFL + and his own tools. + + ok markus@ -commit c78a578107c7e6dcf5d30a2f34cb6581bef14029 -Author: markus@openbsd.org -Date: Mon Jan 19 20:45:25 2015 +0000 +commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4 +Author: djm@openbsd.org +Date: Fri May 1 07:10:01 2015 +0000 upstream commit - finally enable the KEX tests I wrote some years ago... + refactor ssh_dispatch_run_fatal() to use sshpkt_fatal() + to better report error conditions. Teach sshpkt_fatal() about ECONNRESET. + + Improves error messages on TCP connection resets. bz#2257 + + ok dtucker@ -commit 31821d7217e686667d04935aeec99e1fc4a46e7e -Author: markus@openbsd.org -Date: Mon Jan 19 20:42:31 2015 +0000 +commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d +Author: djm@openbsd.org +Date: Fri May 1 07:08:08 2015 +0000 upstream commit - adapt to new error message (SSH_ERR_MAC_INVALID) + a couple of parse targets were missing activep checks, + causing them to be misapplied in match context; bz#2272 diagnosis and + original patch from Sami Hartikainen ok dtucker@ -commit d3716ca19e510e95d956ae14d5b367e364bff7f1 +commit 7e8528cad04b2775c3b7db08abf8fb42e47e6b2a Author: djm@openbsd.org -Date: Mon Jan 19 17:31:13 2015 +0000 +Date: Fri May 1 04:17:51 2015 +0000 upstream commit - this test was broken in at least two ways, such that it - wasn't checking that a KRL was not excluding valid keys + make handling of AuthorizedPrincipalsFile=none more + consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@ -commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3 -Author: markus@openbsd.org -Date: Mon Jan 19 20:32:39 2015 +0000 +commit ca430d4d9cc0f62eca3b1fb1e2928395b7ce80f7 +Author: djm@openbsd.org +Date: Fri May 1 04:03:20 2015 +0000 upstream commit - switch ssh-keyscan from setjmp to multiple ssh transport - layer instances ok djm@ + remove failed remote forwards established by muliplexing + from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok + dtucker@ -commit f582f0e917bb0017b00944783cd5f408bf4b0b5e -Author: markus@openbsd.org -Date: Mon Jan 19 20:30:23 2015 +0000 +commit 8312cfb8ad88657517b3e23ac8c56c8e38eb9792 +Author: djm@openbsd.org +Date: Fri May 1 04:01:58 2015 +0000 upstream commit - add experimental api for packet layer; ok djm@ + reduce stderr spam when using ssh -S /path/mux -O forward + -R 0:... ok dtucker@ -commit 48b3b2ba75181f11fca7f327058a591f4426cade -Author: markus@openbsd.org -Date: Mon Jan 19 20:20:20 2015 +0000 +commit 179be0f5e62f1f492462571944e45a3da660d82b +Author: djm@openbsd.org +Date: Fri May 1 03:23:51 2015 +0000 upstream commit - store compat flags in struct ssh; ok djm@ + prevent authorized_keys options picked up on public key + tests without a corresponding private key authentication being applied to + other authentication methods. Reported by halex@, ok markus@ -commit 57d10cbe861a235dd269c74fb2fe248469ecee9d -Author: markus@openbsd.org -Date: Mon Jan 19 20:16:15 2015 +0000 +commit a42d67be65b719a430b7fcaba2a4e4118382723a +Author: djm@openbsd.org +Date: Fri May 1 03:20:54 2015 +0000 upstream commit - adapt kex to sshbuf and struct ssh; ok djm@ + Don't make parsing of authorized_keys' environment= + option conditional on PermitUserEnv - always parse it, but only use the + result if the option is enabled. This prevents the syntax of authorized_keys + changing depending on which sshd_config options were enabled. + + bz#2329; based on patch from coladict AT gmail.com, ok dtucker@ -commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a -Author: markus@openbsd.org -Date: Mon Jan 19 20:07:45 2015 +0000 +commit e661a86353e11592c7ed6a847e19a83609f49e77 +Author: djm@openbsd.org +Date: Mon May 4 06:10:48 2015 +0000 upstream commit - move dispatch to struct ssh; ok djm@ - -commit 091c302829210c41e7f57c3f094c7b9c054306f0 -Author: markus@openbsd.org -Date: Mon Jan 19 19:52:16 2015 +0000 + Remove pattern length argument from match_pattern_list(), we + only ever use it for strlen(pattern). + + Prompted by hanno AT hboeck.de pointing an out-of-bound read + error caused by an incorrect pattern length found using AFL + and his own tools. + + ok markus@ + +commit 0ef1de742be2ee4b10381193fe90730925b7f027 +Author: dtucker@openbsd.org +Date: Thu Apr 23 05:01:19 2015 +0000 upstream commit - update packet.c & isolate, introduce struct ssh a) switch - packet.c to buffer api and isolate per-connection info into struct ssh b) - (de)serialization of the state is moved from monitor to packet.c c) the old - packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and - integrated into packet.c with and ok djm@ + Add a simple regression test for sshd's configuration + parser. Right now, all it does is run the output of sshd -T back through + itself and ensure the output is valid and invariant. -commit 4e62cc68ce4ba20245d208b252e74e91d3785b74 +commit 368f83c793275faa2c52f60eaa9bdac155c4254b Author: djm@openbsd.org -Date: Mon Jan 19 17:35:48 2015 +0000 +Date: Wed Apr 22 01:38:36 2015 +0000 upstream commit - fix format strings in (disabled) debugging + use correct key for nested certificate test -commit d85e06245907d49a2cd0cfa0abf59150ad616f42 +commit 8d4d1bfddbbd7d21f545dc6997081d1ea1fbc99a Author: djm@openbsd.org -Date: Mon Jan 19 06:01:32 2015 +0000 +Date: Fri May 1 07:11:47 2015 +0000 upstream commit - be a bit more careful in these tests to ensure that - known_hosts is clean + mention that the user's shell from /etc/passwd is used + for commands too; bz#1459 ok dtucker@ -commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf +commit 5ab283d0016bbc9d4d71e8e5284d011bc5a930cf Author: djm@openbsd.org -Date: Sun Jan 18 22:00:18 2015 +0000 +Date: Fri May 8 07:29:00 2015 +0000 upstream commit - regression test for known_host file editing using - ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok - markus@ + whitespace + + Upstream-Regress-ID: 6b708a3e709d5b7fd37890f874bafdff1f597519 -commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3 +commit 8377d5008ad260048192e1e56ad7d15a56d103dd Author: djm@openbsd.org -Date: Sun Jan 18 19:54:46 2015 +0000 +Date: Fri May 8 07:26:13 2015 +0000 upstream commit - more and better key tests - - test signatures and verification - test certificate generation - flesh out nested cert test + whitespace at EOL - removes most of the XXX todo markers + Upstream-Regress-ID: 9c48911643d5b05173b36a012041bed4080b8554 -commit 589e69fd82724cfc9738f128e4771da2e6405d0d +commit c28a3436fa8737709ea88e4437f8f23a6ab50359 Author: djm@openbsd.org -Date: Sun Jan 18 19:53:58 2015 +0000 +Date: Fri May 8 06:45:13 2015 +0000 upstream commit - make the signature fuzzing test much more rigorous: - ensure that the fuzzed input cases do not match the original (using new - fuzz_matches_original() function) and check that the verification fails in - each case + moar whitespace at eol + + Upstream-ID: 64eaf872a3ba52ed41e494287e80d40aaba4b515 -commit 80603c0daa2538c349c1c152405580b164d5475f +commit 2b64c490468fd4ca35ac8d5cc31c0520dc1508bb Author: djm@openbsd.org -Date: Sun Jan 18 19:52:44 2015 +0000 +Date: Fri May 8 06:41:56 2015 +0000 upstream commit - add a fuzz_matches_original() function to the fuzzer to - detect fuzz cases that are identical to the original data. Hacky - implementation, but very useful when you need the fuzz to be different, e.g. - when verifying signature + whitespace at EOL + + Upstream-ID: 57bcf67d666c6fc1ad798aee448fdc3f70f7ec2c -commit 87d5495bd337e358ad69c524fcb9495208c0750b +commit 4e636cf201ce6e7e3b9088568218f9d4e2c51712 Author: djm@openbsd.org -Date: Sun Jan 18 19:50:55 2015 +0000 +Date: Fri May 8 03:56:51 2015 +0000 upstream commit - better dumps from the fuzzer (shown on errors) - - include the original data as well as the fuzzed copy. + whitespace at EOL -commit d59ec478c453a3fff05badbbfd96aa856364f2c2 -Author: djm@openbsd.org -Date: Sun Jan 18 19:47:55 2015 +0000 +commit 38b8272f823dc1dd4e29dbcee83943ed48bb12fa +Author: dtucker@openbsd.org +Date: Mon May 4 01:47:53 2015 +0000 upstream commit - enable hostkey-agent.sh test + Use diff w/out -u for better portability -commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105 -Author: djm@openbsd.org -Date: Sat Jan 17 18:54:30 2015 +0000 +commit 297060f42d5189a4065ea1b6f0afdf6371fb0507 +Author: dtucker@openbsd.org +Date: Fri May 8 03:25:07 2015 +0000 upstream commit - unit test for hostkeys in ssh-agent + Use xcalloc for permitted_adm_opens instead of xmalloc to + ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok + djm@ -commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2 -Author: markus@openbsd.org -Date: Thu Jan 15 23:41:29 2015 +0000 +commit 63ebf019be863b2d90492a85e248cf55a6e87403 +Author: djm@openbsd.org +Date: Fri May 8 03:17:49 2015 +0000 upstream commit - add kex unit tests + don't choke on new-format private keys encrypted with an + AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@ -commit d2099dec6da21ae627f6289aedae6bc1d41a22ce -Author: deraadt@openbsd.org -Date: Mon Jan 19 00:32:54 2015 +0000 +commit f8484dac678ab3098ae522a5f03bb2530f822987 +Author: dtucker@openbsd.org +Date: Wed May 6 05:45:17 2015 +0000 upstream commit - djm, your /usr/include tree is old + Clarify pseudo-terminal request behaviour and use + "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@. -commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54 -Author: djm@openbsd.org -Date: Sun Jan 18 21:51:19 2015 +0000 +commit ea139507bef8bad26e86ed99a42c7233ad115c38 +Author: dtucker@openbsd.org +Date: Wed May 6 04:07:18 2015 +0000 upstream commit - some feedback from markus@: comment hostkeys_foreach() - context and avoid a member in it. + Blacklist DH-GEX for specific PuTTY versions known to + send non-RFC4419 DH-GEX messages rather than all versions of PuTTY. + According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX + messages. ok djm@ -commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f -Author: djm@openbsd.org -Date: Sun Jan 18 21:49:42 2015 +0000 +commit b58234f00ee3872eb84f6e9e572a9a34e902e36e +Author: dtucker@openbsd.org +Date: Tue May 5 10:17:49 2015 +0000 upstream commit - make ssh-keygen use hostkeys_foreach(). Removes some - horrendous code; ok markus@ + WinSCP doesn't implement RFC4419 DH-GEX so flag it so we + don't offer that KEX method. ok markus@ -commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9 -Author: djm@openbsd.org -Date: Sun Jan 18 21:48:09 2015 +0000 +commit d5b1507a207253b39e810e91e68f9598691b7a29 +Author: jsg@openbsd.org +Date: Tue May 5 02:48:17 2015 +0000 upstream commit - convert load_hostkeys() (hostkey ordering and - known_host matching) to use the new hostkey_foreach() iterator; ok markus + use the sizeof the struct not the sizeof a pointer to the + struct in ssh_digest_start() + + This file is only used if ssh is built with OPENSSL=no + + ok markus@ -commit c29811cc480a260e42fd88849fc86a80c1e91038 -Author: djm@openbsd.org -Date: Sun Jan 18 21:40:23 2015 +0000 +commit a647b9b8e616c231594b2710c925d31b1b8afea3 +Author: Darren Tucker +Date: Fri May 8 11:07:27 2015 +1000 - upstream commit + Put brackets around mblen() compat constant. - introduce hostkeys_foreach() to allow iteration over a - known_hosts file or controlled subset thereof. This will allow us to pull out - some ugly and duplicated code, and will be used to implement hostkey rotation - later. + This might help with the reported problem cross compiling for Android + ("error: expected identifier or '(' before numeric constant") but + shouldn't hurt in any case. + +commit d1680d36e17244d9af3843aeb5025cb8e40d6c07 +Author: Darren Tucker +Date: Thu Apr 30 09:18:11 2015 +1000 + + xrealloc -> xreallocarray in portable code too. + +commit 531a57a3893f9fcd4aaaba8c312b612bbbcc021e +Author: dtucker@openbsd.org +Date: Wed Apr 29 03:48:56 2015 +0000 + + upstream commit - feedback and ok markus + Allow ListenAddress, Port and AddressFamily in any + order. bz#68, ok djm@, jmc@ (for the man page bit). -commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346 -Author: deraadt@openbsd.org -Date: Sun Jan 18 14:01:00 2015 +0000 +commit c1d5bcf1aaf1209af02f79e48ba1cbc76a87b56f +Author: jmc@openbsd.org +Date: Tue Apr 28 13:47:38 2015 +0000 upstream commit - string truncation due to sizeof(size) ok djm markus + enviroment -> environment: apologies to darren for not + spotting that first time round... -commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41 -Author: djm@openbsd.org -Date: Sun Jan 18 13:33:34 2015 +0000 +commit 43beea053db191cac47c2cd8d3dc1930158aff1a +Author: dtucker@openbsd.org +Date: Tue Apr 28 10:25:15 2015 +0000 upstream commit - avoid trailing ',' in host key algorithms + Fix typo in previous -commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007 -Author: djm@openbsd.org -Date: Sun Jan 18 13:22:28 2015 +0000 +commit 85b96ef41374f3ddc9139581f87da09b2cd9199e +Author: dtucker@openbsd.org +Date: Tue Apr 28 10:17:58 2015 +0000 upstream commit - infer key length correctly when user specified a fully- - qualified key name instead of using the -b bits option; ok markus@ + Document that the TERM environment variable is not + subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from + jjelen at redhat, help and ok jmc@ -commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5 +commit 88a7c598a94ff53f76df228eeaae238d2d467565 Author: djm@openbsd.org -Date: Sat Jan 17 18:53:34 2015 +0000 +Date: Mon Apr 27 21:42:48 2015 +0000 upstream commit - fix hostkeys on ssh agent; found by unit test I'm about - to commit + Make sshd default to PermitRootLogin=no; ok deraadt@ + rpe@ -commit 369d61f17657b814124268f99c033e4dc6e436c1 -Author: schwarze@openbsd.org -Date: Fri Jan 16 16:20:23 2015 +0000 +commit 734226b4480a6c736096c729fcf6f391400599c7 +Author: djm@openbsd.org +Date: Mon Apr 27 01:52:30 2015 +0000 upstream commit - garbage collect empty .No macros mandoc warns about + fix compilation with OPENSSL=no; ok dtucker@ -commit bb8b442d32dbdb8521d610e10d8b248d938bd747 -Author: djm@openbsd.org -Date: Fri Jan 16 15:55:07 2015 +0000 +commit a4b9d2ce1eb7703eaf0809b0c8a82ded8aa4f1c6 +Author: dtucker@openbsd.org +Date: Mon Apr 27 00:37:53 2015 +0000 upstream commit - regression: incorrect error message on - otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@ + Include stdio.h for FILE (used in sshkey.h) so it + compiles with OPENSSL=no. -commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc +commit dbcc652f4ca11fe04e5930c7ef18a219318c6cda Author: djm@openbsd.org -Date: Fri Jan 16 07:19:48 2015 +0000 +Date: Mon Apr 27 00:21:21 2015 +0000 upstream commit - when hostname canonicalisation is enabled, try to parse - hostnames as addresses before looking them up for canonicalisation. fixes - bz#2074 and avoids needless DNS lookups in some cases; ok markus + allow "sshd -f none" to skip reading the config file, + much like "ssh -F none" does. ok dtucker -commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c -Author: deraadt@openbsd.org -Date: Fri Jan 16 06:40:12 2015 +0000 +commit b7ca276fca316c952f0b90f5adb1448c8481eedc +Author: jmc@openbsd.org +Date: Fri Apr 24 06:26:49 2015 +0000 upstream commit - Replace with and other less - dirty headers where possible. Annotate lines with their - current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, - LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of - MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. - These are the files confirmed through binary verification. ok guenther, - millert, doug (helped with the verification protocol) + combine -Dd onto one line and update usage(); -commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c -Author: markus@openbsd.org -Date: Thu Jan 15 21:38:50 2015 +0000 +commit 2ea974630d7017e4c7666d14d9dc939707613e96 +Author: djm@openbsd.org +Date: Fri Apr 24 05:26:44 2015 +0000 upstream commit - remove xmalloc, switch to sshbuf + add ssh-agent -D to leave ssh-agent in foreground + without enabling debug mode; bz#2381 ok dtucker@ -commit e17ac01f8b763e4b83976b9e521e90a280acc097 -Author: markus@openbsd.org -Date: Thu Jan 15 21:37:14 2015 +0000 +commit 8ac2ffd7aa06042f6b924c87139f2fea5c5682f7 +Author: deraadt@openbsd.org +Date: Fri Apr 24 01:36:24 2015 +0000 upstream commit - switch to sshbuf + 2*len -> use xreallocarray() ok djm -commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0 -Author: naddy@openbsd.org -Date: Thu Jan 15 18:32:54 2015 +0000 +commit 657a5fbc0d0aff309079ff8fb386f17e964963c2 +Author: deraadt@openbsd.org +Date: Fri Apr 24 01:36:00 2015 +0000 upstream commit - handle UMAC128 initialization like UMAC; ok djm@ markus@ + rename xrealloc() to xreallocarray() since it follows + that form. ok djm -commit f14564c1f7792446bca143580aef0e7ac25dcdae -Author: djm@openbsd.org -Date: Thu Jan 15 11:04:36 2015 +0000 +commit 1108ae242fdd2c304307b68ddf46aebe43ebffaa +Author: dtucker@openbsd.org +Date: Thu Apr 23 04:59:10 2015 +0000 upstream commit - fix regression reported by brad@ for passworded keys without - agent present - -commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e -Author: Damien Miller -Date: Thu Jan 15 22:08:23 2015 +1100 - - make bitmap test compile + Two small fixes for sshd -T: ListenAddress'es are added + to a list head so reverse the order when printing them to ensure the + behaviour remains the same, and print StreamLocalBindMask as octal with + leading zero. ok deraadt@ -commit d333f89abf7179021e5c3f28673f469abe032062 -Author: djm@openbsd.org -Date: Thu Jan 15 07:36:28 2015 +0000 +commit bd902b8473e1168f19378d5d0ae68d0c203525df +Author: dtucker@openbsd.org +Date: Thu Apr 23 04:53:53 2015 +0000 upstream commit - unit tests for KRL bitmap + Check for and reject missing arguments for + VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com, + ok djm@ -commit 7613f828f49c55ff356007ae9645038ab6682556 -Author: markus@openbsd.org -Date: Wed Jan 14 09:58:21 2015 +0000 +commit ca42c1758575e592239de1d5755140e054b91a0d +Author: djm@openbsd.org +Date: Wed Apr 22 01:24:01 2015 +0000 upstream commit - re-add comment about full path + unknown certificate extensions are non-fatal, so don't + fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok + dtucker@ -commit 6c43b48b307c41cd656b415621a644074579a578 -Author: markus@openbsd.org -Date: Wed Jan 14 09:54:38 2015 +0000 +commit 39bfbf7caad231cc4bda6909fb1af0705bca04d8 +Author: jsg@openbsd.org +Date: Tue Apr 21 07:01:00 2015 +0000 upstream commit - don't reset to the installed sshd; connect before - reconfigure, too + Add back a backslash removed in rev 1.42 so + KEX_SERVER_ENCRYPT will include aes again. + + ok deraadt@ -commit 771bb47a1df8b69061f09462e78aa0b66cd594bf +commit 6b0d576bb87eca3efd2b309fcfe4edfefc289f9c Author: djm@openbsd.org -Date: Tue Jan 13 14:51:51 2015 +0000 +Date: Fri Apr 17 13:32:09 2015 +0000 upstream commit - implement a SIGINFO handler so we can discern a stuck - fuzz test from a merely glacial one; prompted by and ok markus + s/recommended/required/ that private keys be og-r this + wording change was made a while ago but got accidentally reverted -commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f +commit 44a8e7ce6f3ab4c2eb1ae49115c210b98e53c4df Author: djm@openbsd.org -Date: Tue Jan 13 08:23:26 2015 +0000 +Date: Fri Apr 17 13:25:52 2015 +0000 upstream commit - use $SSH instead of installed ssh to allow override; - spotted by markus@ + don't try to cleanup NULL KEX proposals in + kex_prop_free(); found by Jukka Taimisto and Markus Hietava -commit 0920553d0aee117a596b03ed5b49b280d34a32c5 +commit 3038a191872d2882052306098c1810d14835e704 Author: djm@openbsd.org -Date: Tue Jan 13 07:49:49 2015 +0000 +Date: Fri Apr 17 13:19:22 2015 +0000 upstream commit - regress test for PubkeyAcceptedKeyTypes; ok markus@ + use error/logit/fatal instead of fprintf(stderr, ...) + and exit(0), fix a few errors that were being printed to stdout instead of + stderr and a few non-errors that were going to stderr instead of stdout + bz#2325; ok dtucker -commit 27ca1a5c0095eda151934bca39a77e391f875d17 -Author: markus@openbsd.org -Date: Mon Jan 12 20:13:27 2015 +0000 +commit a58be33cb6cd24441fa7e634db0e5babdd56f07f +Author: djm@openbsd.org +Date: Fri Apr 17 13:16:48 2015 +0000 upstream commit - unbreak parsing of pubkey comments; with gerhard; ok - djm/deraadt + debug log missing DISPLAY environment when X11 + forwarding requested; bz#1682 ok dtucker@ -commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc +commit 17d4d9d9fbc8fb80e322f94d95eecc604588a474 Author: djm@openbsd.org -Date: Mon Jan 12 11:46:32 2015 +0000 +Date: Fri Apr 17 04:32:31 2015 +0000 upstream commit - fatal if soft-PKCS11 library is missing rather (rather - than continue and fail with a more cryptic error) + don't call record_login() in monitor when UseLogin is + enabled; bz#278 reported by drk AT sgi.com; ok dtucker -commit c3554cdd2a1a62434b8161017aa76fa09718a003 -Author: djm@openbsd.org -Date: Mon Jan 12 11:12:38 2015 +0000 +commit 40132ff87b6cbc3dc05fb5df2e9d8e3afa06aafd +Author: dtucker@openbsd.org +Date: Fri Apr 17 04:12:35 2015 +0000 upstream commit - let this test all supporte key types; pointed out/ok - markus@ + Add some missing options to sshd -T and fix the output + of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat + com, ok djm. -commit 1129dcfc5a3e508635004bcc05a3574cb7687167 -Author: djm@openbsd.org -Date: Thu Jan 15 09:40:00 2015 +0000 +commit 6cc7cfa936afde2d829e56ee6528c7ea47a42441 +Author: dtucker@openbsd.org +Date: Thu Apr 16 23:25:50 2015 +0000 upstream commit - sync ssh-keysign, ssh-keygen and some dependencies to the - new buffer/key API; mostly mechanical, ok markus@ + Document "none" for PidFile XAuthLocation + TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@ -commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c -Author: djm@openbsd.org -Date: Thu Jan 15 07:57:08 2015 +0000 +commit 15fdfc9b1c6808b26bc54d4d61a38b54541763ed +Author: dtucker@openbsd.org +Date: Wed Apr 15 23:23:25 2015 +0000 upstream commit - remove commented-out test code now that it has moved to a - proper unit test + Plug leak of address passed to logging. bz#2373, patch + from jjelen at redhat, ok markus@ -commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f -Author: djm@openbsd.org -Date: Wed Jan 14 20:54:29 2015 +0000 +commit bb2289e2a47d465eaaaeff3dee2a6b7777b4c291 +Author: dtucker@openbsd.org +Date: Tue Apr 14 04:17:03 2015 +0000 upstream commit - whitespace + Output remote username in debug output since with Host + and Match it's not always obvious what it will be. bz#2368, ok djm@ -commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622 -Author: djm@openbsd.org -Date: Wed Jan 14 20:05:27 2015 +0000 +commit 70860b6d07461906730632f9758ff1b7c98c695a +Author: Darren Tucker +Date: Fri Apr 17 10:56:13 2015 +1000 - upstream commit + Format UsePAM setting when using sshd -T. - move authfd.c and its tentacles to the new buffer/key - API; ok markus@ + Part of bz#2346, patch from jjelen at redhat com. -commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289 -Author: djm@openbsd.org -Date: Wed Jan 14 19:33:41 2015 +0000 +commit ee15d9c9f0720f5a8b0b34e4b10ecf21f9824814 +Author: Darren Tucker +Date: Fri Apr 17 10:40:23 2015 +1000 - upstream commit - - fix small regression: ssh-agent would return a success - message but an empty signature if asked to sign using an unknown key; ok - markus@ + Wrap endian.h include inside ifdef (bz#2370). -commit b03ebe2c22b8166e4f64c37737f4278676e3488d -Author: Damien Miller -Date: Thu Jan 15 03:08:58 2015 +1100 +commit 408f4c2ad4a4c41baa7b9b2b7423d875abbfa70b +Author: Darren Tucker +Date: Fri Apr 17 09:39:58 2015 +1000 - more --without-openssl + Look for '${host}-ar' before 'ar'. - fix some regressions caused by upstream merges + This changes configure.ac to look for '${host}-ar' as set by + AC_CANONICAL_HOST before looking for the unprefixed 'ar'. + Useful when cross-compiling when all your binutils are prefixed. - enable KRLs now that they no longer require BIGNUMs - -commit bc42cc6fe784f36df225c44c93b74830027cb5a2 -Author: Damien Miller -Date: Thu Jan 15 03:08:29 2015 +1100 - - kludge around tun API mismatch betterer + Patch from moben at exherbo org via astrand at lysator liu se and + bz#2352. -commit c332110291089b624fa0951fbf2d1ee6de525b9f -Author: Damien Miller -Date: Thu Jan 15 02:59:51 2015 +1100 +commit 673a1c16ad078d41558247ce739fe812c960acc8 +Author: Damien Miller +Date: Thu Apr 16 11:40:20 2015 +1000 - some systems lack SO_REUSEPORT + remove dependency on arpa/telnet.h -commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae -Author: Damien Miller -Date: Thu Jan 15 02:35:50 2015 +1100 +commit 202d443eeda1829d336595a3cfc07827e49f45ed +Author: Darren Tucker +Date: Wed Apr 15 15:59:49 2015 +1000 - fix merge botch + Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits. -commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b -Author: Damien Miller -Date: Thu Jan 15 02:35:33 2015 +1100 +commit 597986493412c499f2bc2209420cb195f97b3668 +Author: Damien Miller +Date: Thu Apr 9 10:14:48 2015 +1000 - unbreak across API change + platform's with openpty don't need pty_release -commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47 -Author: Damien Miller -Date: Thu Jan 15 02:30:18 2015 +1100 +commit 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0 +Author: djm@openbsd.org +Date: Mon Apr 13 02:04:08 2015 +0000 - need includes.h for portable OpenSSH + upstream commit + + deprecate ancient, pre-RFC4419 and undocumented + SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems + reasonable" dtucker@ -commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9 -Author: Damien Miller -Date: Thu Jan 15 02:21:31 2015 +1100 +commit d8f391caef62378463a0e6b36f940170dadfe605 +Author: dtucker@openbsd.org +Date: Fri Apr 10 05:16:50 2015 +0000 - support --without-openssl at configure time + upstream commit - Disables and removes dependency on OpenSSL. Many features don't - work and the set of crypto options is greatly restricted. This - will only work on system with native arc4random or /dev/urandom. - - Considered highly experimental for now. - -commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9 -Author: Damien Miller -Date: Thu Jan 15 02:28:00 2015 +1100 - - add files missed in last commit + Don't send hostkey advertisments + (hostkeys-00@openssh.com) to current versions of Tera Term as they can't + handle them. Newer versions should be OK. Patch from Bryan Drewery and + IWAMOTO Kouichi, ok djm@ -commit a165bab605f7be55940bb8fae977398e8c96a46d +commit 2c2cfe1a1c97eb9a08cc9817fd0678209680c636 Author: djm@openbsd.org -Date: Wed Jan 14 15:02:39 2015 +0000 +Date: Fri Apr 10 00:08:55 2015 +0000 upstream commit - avoid BIGNUM in KRL code by using a simple bitmap; - feedback and ok markus + include port number if a non-default one has been + specified; based on patch from Michael Handler -commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32 +commit 4492a4f222da4cf1e8eab12689196322e27b08c4 Author: djm@openbsd.org -Date: Wed Jan 14 13:54:13 2015 +0000 +Date: Tue Apr 7 23:00:42 2015 +0000 upstream commit - update sftp client and server to new buffer API. pretty - much just mechanical changes; with & ok markus + treat Protocol=1,2|2,1 as Protocol=2 when compiled + without SSH1 support; ok dtucker@ millert@ -commit 139ca81866ec1b219c717d17061e5e7ad1059e2a -Author: markus@openbsd.org -Date: Wed Jan 14 13:09:09 2015 +0000 +commit c265e2e6e932efc6d86f6cc885dea33637a67564 +Author: miod@openbsd.org +Date: Sun Apr 5 15:43:43 2015 +0000 upstream commit - switch to sshbuf/sshkey; with & ok djm@ + Do not use int for sig_atomic_t; spotted by + christos@netbsd; ok markus@ -commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180 -Author: Damien Miller -Date: Wed Jan 14 21:48:18 2015 +1100 +commit e7bf3a5eda6a1b02bef6096fed78527ee11e54cc +Author: Darren Tucker +Date: Tue Apr 7 10:48:04 2015 +1000 - support --without-openssl at configure time - - Disables and removes dependency on OpenSSL. Many features don't - work and the set of crypto options is greatly restricted. This - will only work on system with native arc4random or /dev/urandom. + Use do{}while(0) for no-op functions. - Considered highly experimental for now. + From FreeBSD. -commit 54924b53af15ccdcbb9f89984512b5efef641a31 -Author: djm@openbsd.org -Date: Wed Jan 14 10:46:28 2015 +0000 +commit bb99844abae2b6447272f79e7fa84134802eb4df +Author: Darren Tucker +Date: Tue Apr 7 10:47:15 2015 +1000 - upstream commit + Wrap blf.h include in ifdef. From FreeBSD. + +commit d9b9b43656091cf0ad55c122f08fadb07dad0abd +Author: Darren Tucker +Date: Tue Apr 7 09:10:00 2015 +1000 + + Fix misspellings of regress CONFOPTS env variables. - avoid an warning for the !OPENSSL case + Patch from Bryan Drewery. -commit ae8b463217f7c9b66655bfc3945c050ffdaeb861 -Author: markus@openbsd.org -Date: Wed Jan 14 10:30:34 2015 +0000 +commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156 +Author: djm@openbsd.org +Date: Fri Apr 3 22:17:27 2015 +0000 upstream commit - swith auth-options to new sshbuf/sshkey; ok djm@ + correct return value in pubkey parsing, spotted by Ben Hawkes + ok markus@ -commit 540e891191b98b89ee90aacf5b14a4a68635e763 +commit 7da2be0cb9601ed25460c83aa4d44052b967ba0f Author: djm@openbsd.org -Date: Wed Jan 14 10:29:45 2015 +0000 +Date: Tue Mar 31 22:59:01 2015 +0000 upstream commit - make non-OpenSSL aes-ctr work on sshd w/ privsep; ok - markus@ + adapt to recent hostfile.c change: when parsing + known_hosts without fully parsing the keys therein, hostkeys_foreach() will + now correctly identify KEY_RSA1 keys; ok markus@ miod@ -commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53 +commit 9e1777a0d1c706714b055811c12ab8cc21033e4a Author: markus@openbsd.org -Date: Wed Jan 14 10:24:42 2015 +0000 +Date: Tue Mar 24 20:19:15 2015 +0000 upstream commit - remove unneeded includes, sync my copyright across files - & whitespace; ok djm@ + use ${SSH} for -Q instead of installed ssh -commit 128343bcdb0b60fc826f2733df8cf979ec1627b4 -Author: markus@openbsd.org -Date: Tue Jan 13 19:31:40 2015 +0000 +commit ce1b358ea414a2cc88e4430cd5a2ea7fecd9de57 +Author: djm@openbsd.org +Date: Mon Mar 16 22:46:14 2015 +0000 upstream commit - adapt mac.c to ssherr.h return codes (de-fatal) and - simplify dependencies ok djm@ + make CLEANFILES clean up more of the tests' droppings -commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed +commit 398f9ef192d820b67beba01ec234d66faca65775 Author: djm@openbsd.org -Date: Tue Jan 13 19:04:35 2015 +0000 +Date: Tue Mar 31 22:57:06 2015 +0000 upstream commit - sync changes from libopenssh; prepared by markus@ mostly - debug output tweaks, a couple of error return value changes and some other - minor stuff + downgrade error() for known_hosts parse errors to debug() + to quiet warnings from ssh1 keys present when compiled !ssh1. + + also identify ssh1 keys when scanning, even when compiled !ssh1 + + ok markus@ miod@ -commit 76c0480a85675f03a1376167cb686abed01a3583 -Author: Damien Miller -Date: Tue Jan 13 19:38:18 2015 +1100 +commit 9a47ab80030a31f2d122b8fd95bd48c408b9fcd9 +Author: djm@openbsd.org +Date: Tue Mar 31 22:55:50 2015 +0000 - add --without-ssh1 option to configure + upstream commit - Allows disabling support for SSH protocol 1. + fd leak for !ssh1 case; found by unittests; ok markus@ -commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03 +commit c9a0805a6280681901c270755a7cd630d7c5280e Author: djm@openbsd.org -Date: Tue Jan 13 07:39:19 2015 +0000 +Date: Tue Mar 31 22:55:24 2015 +0000 upstream commit - add sshd_config HostbasedAcceptedKeyTypes and - PubkeyAcceptedKeyTypes options to allow sshd to control what public key types - will be accepted. Currently defaults to all. Feedback & ok markus@ + don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 + listener; reported by miod@; ok miod@ markus@ -commit 816d1538c24209a93ba0560b27c4fda57c3fff65 -Author: markus@openbsd.org -Date: Mon Jan 12 20:13:27 2015 +0000 +commit 704d8c88988cae38fb755a6243b119731d223222 +Author: tobias@openbsd.org +Date: Tue Mar 31 11:06:49 2015 +0000 upstream commit - unbreak parsing of pubkey comments; with gerhard; ok - djm/deraadt + Comments are only supported for RSA1 keys. If a user + tried to add one and entered his passphrase, explicitly clear it before exit. + This is done in all other error paths, too. + + ok djm -commit 0097565f849851812df610b7b6b3c4bd414f6c62 -Author: markus@openbsd.org -Date: Mon Jan 12 19:22:46 2015 +0000 +commit 78de1673c05ea2c33e0d4a4b64ecb5186b6ea2e9 +Author: jmc@openbsd.org +Date: Mon Mar 30 18:28:37 2015 +0000 upstream commit - missing error assigment on sshbuf_put_string() + ssh-askpass(1) is the default, overridden by SSH_ASKPASS; + diff originally from jiri b; -commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5 +commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00 Author: djm@openbsd.org -Date: Mon Jan 12 15:18:07 2015 +0000 +Date: Mon Mar 30 00:00:29 2015 +0000 upstream commit - apparently memcpy(x, NULL, 0) is undefined behaviour - according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls - when length==0; ok markus@ + fix uninitialised memory read when parsing a config file + consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok + dtucker -commit 905fe30fca82f38213763616d0d26eb6790bde33 +commit fecede00a76fbb33a349f5121c0b2f9fbc04a777 Author: markus@openbsd.org -Date: Mon Jan 12 14:05:19 2015 +0000 +Date: Thu Mar 26 19:32:19 2015 +0000 upstream commit - free->sshkey_free; ok djm@ + sigp and lenp are not optional in ssh_agent_sign(); ok + djm@ -commit f067cca2bc20c86b110174c3fef04086a7f57b13 -Author: markus@openbsd.org -Date: Mon Jan 12 13:29:27 2015 +0000 +commit 1b0ef3813244c78669e6d4d54c624f600945327d +Author: naddy@openbsd.org +Date: Thu Mar 26 12:32:38 2015 +0000 upstream commit - allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ + don't try to load .ssh/identity by default if SSH1 is + disabled; ok markus@ -commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d +commit f9b78852379b74a2d14e6fc94fe52af30b7e9c31 Author: djm@openbsd.org -Date: Thu Jan 8 13:10:58 2015 +0000 +Date: Thu Mar 26 07:00:04 2015 +0000 upstream commit - adjust for sshkey_load_file() API change + ban all-zero curve25519 keys as recommended by latest + CFRG curves draft; ok markus -commit e752c6d547036c602b89e9e704851463bd160e32 +commit b8afbe2c1aaf573565e4da775261dfafc8b1ba9c Author: djm@openbsd.org -Date: Thu Jan 8 13:44:36 2015 +0000 +Date: Thu Mar 26 06:59:28 2015 +0000 upstream commit - fix ssh_config FingerprintHash evaluation order; from Petr - Lautrbach + relax bits needed check to allow + diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was + selected as symmetric cipher; ok markus -commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf -Author: djm@openbsd.org -Date: Thu Jan 8 10:15:45 2015 +0000 +commit 47842f71e31da130555353c1d57a1e5a8937f1c0 +Author: markus@openbsd.org +Date: Wed Mar 25 19:29:58 2015 +0000 upstream commit - reorder hostbased key attempts to better match the - default hostkey algorithms order in myproposal.h; ok markus@ + ignore v1 errors on ssh-add -D; only try v2 keys on + -l/-L (unless WITH_SSH1) ok djm@ -commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46 -Author: djm@openbsd.org -Date: Thu Jan 8 10:14:08 2015 +0000 +commit 5f57e77f91bf2230c09eca96eb5ecec39e5f2da6 +Author: markus@openbsd.org +Date: Wed Mar 25 19:21:48 2015 +0000 upstream commit - deprecate key_load_private_pem() and - sshkey_load_private_pem() interfaces. Refactor the generic key loading API to - not require pathnames to be specified (they weren't really used). - - Fixes a few other things en passant: - - Makes ed25519 keys work for hostbased authentication (ssh-keysign - previously used the PEM-only routines). - - Fixes key comment regression bz#2306: key pathnames were being lost as - comment fields. - - ok markus@ + unbreak ssh_agent_sign (lenp vs *lenp) -commit febbe09e4e9aff579b0c5cc1623f756862e4757d -Author: tedu@openbsd.org -Date: Wed Jan 7 18:15:07 2015 +0000 +commit 4daeb67181054f2a377677fac919ee8f9ed3490e +Author: markus@openbsd.org +Date: Tue Mar 24 20:10:08 2015 +0000 upstream commit - workaround for the Meyer, et al, Bleichenbacher Side - Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm - markus + don't leak 'setp' on error; noted by Nicholas Lemonias; + ok djm@ -commit 5191df927db282d3123ca2f34a04d8d96153911a -Author: djm@openbsd.org -Date: Tue Dec 23 22:42:48 2014 +0000 +commit 7d4f96f9de2a18af0d9fa75ea89a4990de0344f5 +Author: markus@openbsd.org +Date: Tue Mar 24 20:09:11 2015 +0000 upstream commit - KNF and add a little more debug() + consistent check for NULL as noted by Nicholas + Lemonias; ok djm@ -commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7 -Author: jmc@openbsd.org -Date: Mon Dec 22 09:26:31 2014 +0000 +commit df100be51354e447d9345cf1ec22e6013c0eed50 +Author: markus@openbsd.org +Date: Tue Mar 24 20:03:44 2015 +0000 upstream commit - add fingerprinthash to the options list; + correct fmt-string for size_t as noted by Nicholas + Lemonias; ok djm@ -commit 296ef0560f60980da01d83b9f0e1a5257826536f -Author: jmc@openbsd.org -Date: Mon Dec 22 09:24:59 2014 +0000 +commit a22b9ef21285e81775732436f7c84a27bd3f71e0 +Author: djm@openbsd.org +Date: Tue Mar 24 09:17:21 2015 +0000 upstream commit - tweak previous; - -commit 462082eacbd37778a173afb6b84c6f4d898a18b5 -Author: Damien Miller -Date: Tue Dec 30 08:16:11 2014 +1100 - - avoid uninitialised free of ldns_res - - If an invalid rdclass was passed to getrrsetbyname() then - this would execute a free on an uninitialised pointer. - OpenSSH only ever calls this with a fixed and valid rdclass. - - Reported by Joshua Rogers - -commit 01b63498801053f131a0740eb9d13faf35d636c8 -Author: Damien Miller -Date: Mon Dec 29 18:10:18 2014 +1100 - - pull updated OpenBSD BCrypt PBKDF implementation - - Includes fix for 1 byte output overflow for large key length - requests (not reachable in OpenSSH). - - Pointed out by Joshua Rogers - -commit c528c1b4af2f06712177b3de9b30705752f7cbcb -Author: Damien Miller -Date: Tue Dec 23 15:26:13 2014 +1100 - - fix variable name for IPv6 case in construct_utmpx - - patch from writeonce AT midipix.org via bz#2296 - -commit 293cac52dcda123244b2e594d15592e5e481c55e -Author: Damien Miller -Date: Mon Dec 22 16:30:42 2014 +1100 - - include and use OpenBSD netcat in regress/ + promote chacha20-poly1305@openssh.com to be the default + cipher; ok markus -commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d +commit 2aa9da1a3b360cf7b13e96fe1521534b91501fb5 Author: djm@openbsd.org -Date: Mon Dec 22 09:05:17 2014 +0000 +Date: Tue Mar 24 01:29:19 2015 +0000 upstream commit - mention ssh -Q feature to list supported { MAC, cipher, - KEX, key } algorithms in more places and include the query string used to - list the relevant information; bz#2288 + Compile-time disable SSH protocol 1. You can turn it + back on using the Makefile.inc knob if you need it to talk to ancient + devices. -commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 -Author: jmc@openbsd.org -Date: Mon Dec 22 08:24:17 2014 +0000 +commit 53097b2022154edf96b4e8526af5666f979503f7 +Author: djm@openbsd.org +Date: Tue Mar 24 01:11:12 2015 +0000 upstream commit - tweak previous; + fix double-negative error message "ssh1 is not + unsupported" -commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6 +commit 5c27e3b6ec2db711dfcd40e6359c0bcdd0b62ea9 Author: djm@openbsd.org -Date: Mon Dec 22 08:06:03 2014 +0000 +Date: Mon Mar 23 06:06:38 2015 +0000 upstream commit - regression test for multiple required pubkey authentication; - ok markus@ + for ssh-keygen -A, don't try (and fail) to generate ssh + v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled + without OpenSSL based on patch by Mike Frysinger; bz#2369 -commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 +commit 725fd22a8c41db7de73a638539a5157b7e4424ae Author: djm@openbsd.org -Date: Mon Dec 22 08:04:23 2014 +0000 +Date: Wed Mar 18 01:44:21 2015 +0000 upstream commit - correct description of what will happen when a - AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd - will refuse to start) + KRL support doesn't need OpenSSL anymore, remove #ifdefs + from around call -commit 161cf419f412446635013ac49e8c660cadc36080 +commit b07011c18e0b2e172c5fd09d21fb159a0bf5fcc7 Author: djm@openbsd.org -Date: Mon Dec 22 07:55:51 2014 +0000 +Date: Mon Mar 16 11:09:52 2015 +0000 upstream commit - make internal handling of filename arguments of "none" - more consistent with ssh. "none" arguments are now replaced with NULL when - the configuration is finalised. - - Simplifies checking later on (just need to test not-NULL rather than - that + strcmp) and cleans up some inconsistencies. ok markus@ + #if 0 some more arrays used only for decrypting (we don't + use since we only need encrypt for AES-CTR) -commit f69b69b8625be447b8826b21d87713874dac25a6 -Author: djm@openbsd.org -Date: Mon Dec 22 07:51:30 2014 +0000 +commit 1cb3016635898d287e9d58b50c430995652d5358 +Author: jsg@openbsd.org +Date: Wed Mar 11 00:48:39 2015 +0000 upstream commit - remember which public keys have been used for - authentication and refuse to accept previously-used keys. - - This allows AuthenticationMethods=publickey,publickey to require - that users authenticate using two _different_ pubkeys. - - ok markus@ + add back the changes from rev 1.206, djm reverted this by + mistake in rev 1.207 -commit 46ac2ed4677968224c4ca825bc98fc68dae183f0 -Author: djm@openbsd.org -Date: Mon Dec 22 07:24:11 2014 +0000 +commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697 +Author: Damien Miller +Date: Fri Mar 20 09:11:59 2015 +1100 - upstream commit + remove error() accidentally inserted for debugging - fix passing of wildcard forward bind addresses when - connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; - ok dtucker@ + pointed out by Christian Hesse -commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1 -Author: djm@openbsd.org -Date: Mon Dec 22 06:14:29 2014 +0000 +commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb +Author: Tim Rice +Date: Mon Mar 16 22:49:20 2015 -0700 - upstream commit - - make this slightly easier to diff against portable + portability fix: Solaris systems may not have a grep that understands -q -commit 0715bcdddbf68953964058f17255bf54734b8737 -Author: Damien Miller -Date: Mon Dec 22 13:47:07 2014 +1100 +commit 8ef691f7d9ef500257a549d0906d78187490668f +Author: Damien Miller +Date: Wed Mar 11 10:35:26 2015 +1100 - add missing regress output file + fix compile with clang -commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593 -Author: djm@openbsd.org -Date: Mon Dec 22 02:15:52 2014 +0000 +commit 4df590cf8dc799e8986268d62019b487a8ed63ad +Author: Damien Miller +Date: Wed Mar 11 10:02:39 2015 +1100 - upstream commit - - adjust for new SHA256 key fingerprints and - slightly-different MD5 hex fingerprint format + make unit tests work for !OPENSSH_HAS_ECC -commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151 +commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba Author: djm@openbsd.org -Date: Mon Dec 22 01:14:49 2014 +0000 +Date: Sat Mar 7 04:41:48 2015 +0000 upstream commit - poll changes to netcat (usr.bin/netcat.c r1.125) broke - this test; fix it by ensuring more stdio fds are sent to devnull + unbreak for w/SSH1 (default) case; ok markus@ deraadt@ -commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260 -Author: jmc@openbsd.org -Date: Sun Dec 21 23:35:14 2014 +0000 +commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f +Author: Damien Miller +Date: Thu Mar 5 18:39:20 2015 -0800 - upstream commit - - tweak previous; + unbreak hostkeys test for w/ SSH1 case -commit b79efde5c3badf5ce4312fe608d8307eade533c5 +commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4 Author: djm@openbsd.org -Date: Sun Dec 21 23:12:42 2014 +0000 +Date: Fri Mar 6 01:40:56 2015 +0000 upstream commit - document FingerprintHash here too + fix sshkey_certify() return value for unsupported key types; + ok markus@ deraadt@ -commit d16bdd8027dd116afa01324bb071a4016cdc1a75 +commit be8f658e550a434eac04256bfbc4289457a24e99 Author: Damien Miller -Date: Mon Dec 22 10:18:09 2014 +1100 +Date: Wed Mar 4 15:38:03 2015 -0800 - missing include for base64 encoding + update version numbers to match version.h -commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 +commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc Author: djm@openbsd.org -Date: Sun Dec 21 22:27:55 2014 +0000 +Date: Wed Mar 4 23:22:35 2015 +0000 upstream commit - Add FingerprintHash option to control algorithm used for - key fingerprints. Default changes from MD5 to SHA256 and format from hex to - base64. - - Feedback and ok naddy@ markus@ + make these work with !SSH1; ok markus@ deraadt@ -commit 058f839fe15c51be8b3a844a76ab9a8db550be4f +commit 2f04af92f036b0c87a23efb259c37da98cd81fe6 Author: djm@openbsd.org -Date: Thu Dec 18 23:58:04 2014 +0000 +Date: Wed Mar 4 21:12:59 2015 +0000 upstream commit - don't count partial authentication success as a failure - against MaxAuthTries; ok deraadt@ + make ssh-add -D work with !SSH1 agent -commit c7219f4f54d64d6dde66dbcf7a2699daa782d2a1 +commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b +Author: Damien Miller +Date: Wed Mar 4 00:55:48 2015 -0800 + + netcat needs poll.h portability goop + +commit dad2b1892b4c1b7e58df483a8c5b983c4454e099 +Author: markus@openbsd.org +Date: Tue Mar 3 22:35:19 2015 +0000 + + upstream commit + + make it possible to run tests w/o ssh1 support; ok djm@ + +commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2 Author: djm@openbsd.org -Date: Fri Dec 12 00:02:17 2014 +0000 +Date: Wed Mar 4 18:53:53 2015 +0000 upstream commit - revert chunk I didn't mean to commit yet; via jmc@ + crank; ok markus, deraadt -commit 7de5991aa3997e2981440f39c1ea01273a0a2c7b +commit bbffb23daa0b002dd9f296e396a9ab8a5866b339 Author: Damien Miller -Date: Thu Dec 18 11:44:06 2014 +1100 +Date: Tue Mar 3 13:50:27 2015 -0800 - upstream libc change - - revision 1.2 - date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV; - avoid left shift overflow in reallocarray. - - Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting - 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with - (size_t)1 so that we get the correct constant size for the platform. - - discussed with tedu@ & deraadt@ + more --without-ssh1 fixes -commit 2048f85a5e6da8bc6e0532efe02ecfd4e63c978c +commit 6c2039286f503e2012a58a1d109e389016e7a99b Author: Damien Miller -Date: Thu Dec 18 10:15:49 2014 +1100 +Date: Tue Mar 3 13:48:48 2015 -0800 - include CFLAGS in gnome askpass targets - - from Fedora + fix merge both that broke --without-ssh1 compile -commit 48b68ce19ca42fa488960028048dec023f7899bb +commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3 Author: djm@openbsd.org -Date: Thu Dec 11 08:20:09 2014 +0000 +Date: Tue Mar 3 21:21:13 2015 +0000 upstream commit - explicitly include sys/param.h in files that use the - howmany() macro; from portable + add SSH1 Makefile knob to make it easier to build without + SSH1 support; ok markus@ -commit d663bea30a294d440fef4398e5cd816317bd4518 +commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c Author: djm@openbsd.org -Date: Thu Dec 11 05:25:06 2014 +0000 +Date: Tue Mar 3 20:42:49 2015 +0000 upstream commit - mention AuthorizedKeysCommandUser must be set for - AuthorizedKeysCommand to be run; bz#2287 + expand __unused to full __attribute__ for better portability -commit 17bf3d81e00f2abb414a4fd271118cf4913f049f -Author: djm@openbsd.org -Date: Thu Dec 11 05:13:28 2014 +0000 +commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6 +Author: Damien Miller +Date: Wed Mar 4 07:41:27 2015 +1100 - upstream commit - - show in debug output which hostkeys are being tried when - attempting hostbased auth; patch from Iain Morgan + avoid warning -commit da0277e3717eadf5b15e03379fc29db133487e94 -Author: djm@openbsd.org -Date: Thu Dec 11 04:16:14 2014 +0000 +commit d1bc844322461f882b4fd2277ba9a8d4966573d2 +Author: Damien Miller +Date: Wed Mar 4 06:31:45 2015 +1100 - upstream commit + Revert "define __unused to nothing if not already defined" - Make manual reflect reality: sftp-server's -d option - accepts a "%d" option, not a "%h" one. + This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908. - bz#2316; reported by Kirk Wolf + Some system headers have objects named __unused -commit 4cf87f4b81fa9380bce5fcff7b0f8382ae3ad996 -Author: djm@openbsd.org -Date: Wed Dec 10 01:24:09 2014 +0000 +commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1 +Author: Damien Miller +Date: Wed Mar 4 05:02:45 2015 +1100 - upstream commit + check for crypt and DES_crypt in openssl block - better error value for invalid signature length - -commit 4bfad14ca56f8ae04f418997816b4ba84e2cfc3c -Author: Darren Tucker -Date: Wed Dec 10 02:12:51 2014 +1100 - - Resync more with OpenBSD's rijndael.c, in particular "#if 0"-ing out some - unused code. Should fix compile error reported by plautrba at redhat. - -commit 642652d280499691c8212ec6b79724b50008ce09 -Author: Darren Tucker -Date: Wed Dec 10 01:32:23 2014 +1100 - - Add reallocarray to compat library + fixes builds on systems that use DES_crypt; based on patch + from Roumen Petrov -commit 3dfd8d93dfcc69261f5af99df56f3ff598581979 -Author: djm@openbsd.org -Date: Thu Dec 4 22:31:50 2014 +0000 +commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908 +Author: Damien Miller +Date: Wed Mar 4 04:59:13 2015 +1100 - upstream commit + define __unused to nothing if not already defined - add tests for new client RevokedHostKeys option; refactor - to make it a bit more readable + fixes builds on BSD/OS -commit a31046cad1aed16a0b55171192faa6d02665ccec -Author: krw@openbsd.org -Date: Wed Nov 19 13:35:37 2014 +0000 +commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9 +Author: djm@openbsd.org +Date: Tue Mar 3 17:53:40 2015 +0000 upstream commit - Nuke yet more obvious #include duplications. - - ok deraadt@ + reorder logic for better portability; patch from Roumen + Petrov -commit a7c762e5b2c1093542c0bc1df25ccec0b4cf479f +commit 68d2dfc464fbcdf8d6387884260f9801f4352393 Author: djm@openbsd.org -Date: Thu Dec 4 20:47:36 2014 +0000 +Date: Tue Mar 3 06:48:58 2015 +0000 upstream commit - key_in_file() wrapper is no longer used + Allow "ssh -Q protocol-version" to list supported SSH + protocol versions. Useful for detecting builds without SSH v.1 support; idea + and ok markus@ -commit 5e39a49930d885aac9c76af3129332b6e772cd75 -Author: djm@openbsd.org -Date: Thu Dec 4 02:24:32 2014 +0000 +commit 39e2f1229562e1195169905607bc12290d21f021 +Author: millert@openbsd.org +Date: Sun Mar 1 15:44:40 2015 +0000 upstream commit - add RevokedHostKeys option for the client - - Allow textfile or KRL-based revocation of hostkeys. + Make sure we only call getnameinfo() for AF_INET or AF_INET6 + sockets. getpeername() of a Unix domain socket may return without error on + some systems without actually setting ss_family so getnameinfo() was getting + called with ss_family set to AF_UNSPEC. OK djm@ -commit 74de254bb92c684cf53461da97f52d5ba34ded80 -Author: djm@openbsd.org -Date: Thu Dec 4 01:49:59 2014 +0000 +commit e47536ba9692d271b8ad89078abdecf0a1c11707 +Author: Damien Miller +Date: Sat Feb 28 08:20:11 2015 -0800 - upstream commit - - convert KRL code to new buffer API + portability fixes for regress/netcat.c - ok markus@ + Mostly avoiding "err(1, NULL)" -commit db995f2eed5fc432598626fa3e30654503bf7151 -Author: millert@openbsd.org -Date: Wed Nov 26 18:34:51 2014 +0000 +commit 02973ad5f6f49d8420e50a392331432b0396c100 +Author: Damien Miller +Date: Sat Feb 28 08:05:27 2015 -0800 - upstream commit + twiddle another test for portability - Prefer setvbuf() to setlinebuf() for portability; ok - deraadt@ + from Tom G. Christensen -commit 72bba3d179ced8b425272efe6956a309202a91f3 -Author: jsg@openbsd.org -Date: Mon Nov 24 03:39:22 2014 +0000 +commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0 +Author: Damien Miller +Date: Fri Feb 27 15:52:49 2015 -0800 - upstream commit - - Fix crashes in the handling of the sshd config file found - with the afl fuzzer. - - ok deraadt@ djm@ + twiddle test for portability -commit 867f49c666adcfe92bf539d9c37c1accdea08bf6 +commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83 Author: Damien Miller -Date: Wed Nov 26 13:22:41 2014 +1100 +Date: Thu Feb 26 20:33:22 2015 -0800 - Avoid Cygwin ssh-host-config reading /etc/group - - Patch from Corinna Vinschen + make regress/netcat.c fd passing (more) portable -commit 8b66f36291a721b1ba7c44f24a07fdf39235593e +commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea Author: Damien Miller -Date: Wed Nov 26 13:20:35 2014 +1100 +Date: Thu Feb 26 20:32:58 2015 -0800 - allow custom service name for sshd on Cygwin - - Permits the use of multiple sshd running with different service names. - - Patch by Florian Friesdorf via Corinna Vinschen + create OBJ/valgrind-out before running unittests -commit 08c0eebf55d70a9ae1964399e609288ae3186a0c -Author: jmc@openbsd.org -Date: Sat Nov 22 19:21:03 2014 +0000 +commit bd58853102cee739f0e115e6d4b5334332ab1442 +Author: Damien Miller +Date: Wed Feb 25 16:58:22 2015 -0800 - upstream commit - - restore word zapped in previous, and remove some useless - "No" macros; + valgrind support -commit a1418a0033fba43f061513e992e1cbcc3343e563 -Author: deraadt@openbsd.org -Date: Sat Nov 22 18:15:41 2014 +0000 +commit f43d17269194761eded9e89f17456332f4c83824 +Author: djm@openbsd.org +Date: Thu Feb 26 20:45:47 2015 +0000 upstream commit - /dev/random has created the same effect as /dev/arandom - (and /dev/urandom) for quite some time. Mop up the last few, by using - /dev/random where we actually want it, or not even mentioning arandom where - it is irrelevant. + don't printf NULL key comments; reported by Tom Christensen -commit b6de5ac9ed421362f479d1ad4fa433d2e25dad5b +commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8 Author: djm@openbsd.org -Date: Fri Nov 21 01:00:38 2014 +0000 +Date: Wed Feb 25 23:05:47 2015 +0000 upstream commit - fix NULL pointer dereference crash on invalid timestamp - - found using Michal Zalewski's afl fuzzer + zero cmsgbuf before use; we initialise the bits we use + but valgrind still spams warning on it -commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e -Author: mikeb@openbsd.org -Date: Tue Nov 18 22:38:48 2014 +0000 +commit a63cfa26864b93ab6afefad0b630e5358ed8edfa +Author: djm@openbsd.org +Date: Wed Feb 25 19:54:02 2015 +0000 upstream commit - Sync AES code to the one shipped in OpenSSL/LibreSSL. - - This includes a commit made by Andy Polyakov - to the OpenSSL source tree on Wed, 28 Jun 2006 with the following - message: "Mitigate cache-collision timing attack on last round." - - OK naddy, miod, djm + fix small memory leak when UpdateHostkeys=no -commit 335c83d5f35d8620e16b8aa26592d4f836e09ad2 -Author: krw@openbsd.org -Date: Tue Nov 18 20:54:28 2014 +0000 +commit e6b950341dd75baa8526f1862bca39e52f5b879b +Author: Tim Rice +Date: Wed Feb 25 09:56:48 2015 -0800 - upstream commit + Revert "Work around finicky USL linker so netcat will build." - Nuke more obvious #include duplications. + This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. - ok deraadt@ millert@ tedu@ + No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3 -commit 51b64e44121194ae4bf153dee391228dada2abcb +commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0 Author: djm@openbsd.org -Date: Mon Nov 17 00:21:40 2014 +0000 +Date: Wed Feb 25 17:29:38 2015 +0000 upstream commit - fix KRL generation when multiple CAs are in use - - We would generate an invalid KRL when revoking certs by serial - number for multiple CA keys due to a section being written out - twice. - - Also extend the regress test to catch this case by having it - produce a multi-CA KRL. - - Reported by peter AT pean.org + don't leak validity of user in "too many authentication + failures" disconnect message; reported by Sebastian Reitenbach -commit d2d51003a623e21fb2b25567c4878d915e90aa2a -Author: djm@openbsd.org -Date: Tue Nov 18 01:02:25 2014 +0000 +commit 6288e3a935494df12519164f52ca5c8c65fc3ca5 +Author: naddy@openbsd.org +Date: Tue Feb 24 15:24:05 2015 +0000 upstream commit - fix NULL pointer dereference crash in key loading + add -v (show ASCII art) to -l's synopsis; ok djm@ + +commit 678e473e2af2e4802f24dd913985864d9ead7fb3 +Author: Darren Tucker +Date: Thu Feb 26 04:12:58 2015 +1100 + + Remove dependency on xmalloc. - found by Michal Zalewski's AFL fuzzer + Remove ssh_get_progname's dependency on xmalloc, which should reduce + link order problems. ok djm@ -commit 9f9fad0191028edc43d100d0ded39419b6895fdf -Author: djm@openbsd.org -Date: Mon Nov 17 00:21:40 2014 +0000 +commit 5d5ec165c5b614b03678afdad881f10e25832e46 +Author: Darren Tucker +Date: Wed Feb 25 15:32:49 2015 +1100 - upstream commit + Restrict ECDSA and ECDH tests. - fix KRL generation when multiple CAs are in use + ifdef out some more ECDSA and ECDH tests when built against an OpenSSL + that does not have eliptic curve functionality. + +commit 1734e276d99b17e92d4233fac7aef3a3180aaca7 +Author: Darren Tucker +Date: Wed Feb 25 13:40:45 2015 +1100 + + Move definition of _NSIG. - We would generate an invalid KRL when revoking certs by serial - number for multiple CA keys due to a section being written out - twice. - - Also extend the regress test to catch this case by having it - produce a multi-CA KRL. - - Reported by peter AT pean.org + _NSIG is only unsed in one file, so move it there prevent redefinition + warnings reported by Kevin Brott. -commit da8af83d3f7ec00099963e455010e0ed1d7d0140 -Author: bentley@openbsd.org -Date: Sat Nov 15 14:41:03 2014 +0000 +commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d +Author: Darren Tucker +Date: Wed Feb 25 13:17:40 2015 +1100 - upstream commit - - Reduce instances of `` '' in manuals. - - troff displays these as typographic quotes, but nroff implementations - almost always print them literally, which rarely has the intended effect - with modern fonts, even in stock xterm. - - These uses of `` '' can be replaced either with more semantic alternatives - or with Dq, which prints typographic quotes in a UTF-8 locale (but will - automatically fall back to `` '' in an ASCII locale). - - improvements and ok schwarze@ + Add includes.h for compatibility stuff. -commit fc302561369483bb755b17f671f70fb894aec01d -Author: djm@openbsd.org -Date: Mon Nov 10 22:25:49 2014 +0000 +commit 38806bda6d2e48ad32812b461eebe17672ada771 +Author: Damien Miller +Date: Tue Feb 24 16:50:06 2015 -0800 - upstream commit - - mux-related manual tweaks - - mention ControlPersist=0 is the same as ControlPersist=yes - - recommend that ControlPath sockets be placed in a og-w directory + include netdb.h to look for MAXHOSTNAMELEN; ok tim -commit 0e4cff5f35ed11102fe3783779960ef07e0cd381 -Author: Damien Miller -Date: Wed Nov 5 11:01:31 2014 +1100 +commit d1db656021d0cd8c001a6692f772f1de29b67c8b +Author: Tim Rice +Date: Tue Feb 24 10:42:08 2015 -0800 - Prepare scripts for next Cygwin release - - Makes the Cygwin-specific ssh-user-config script independent of the - existence of /etc/passwd. The next Cygwin release will allow to - generate passwd and group entries from the Windows account DBs, so the - scripts have to adapt. - - from Corinna Vinschen + Work around finicky USL linker so netcat will build. -commit 7d0ba5336651731949762eb8877ce9e3b52df436 +commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3 Author: Damien Miller -Date: Thu Oct 30 10:45:41 2014 +1100 +Date: Tue Feb 24 09:23:04 2015 -0800 - include version number in OpenSSL-too-old error + include includes.h to avoid build failure on AIX -commit 3bcb92e04d9207e9f78d82f7918c6d3422054ce9 -Author: lteo@openbsd.org -Date: Fri Oct 24 02:01:20 2014 +0000 +commit 13af342458f5064144abbb07e5ac9bbd4eb42567 +Author: Tim Rice +Date: Tue Feb 24 07:56:47 2015 -0800 - upstream commit - - Remove unnecessary include: netinet/in_systm.h is not needed - by these programs. - - NB. skipped for portable - - ok deraadt@ millert@ + Original portability patch from djm@ for platforms missing err.h. + Fix name space clash on Solaris 10. Still more to do for Solaris 10 + to deal with msghdr structure differences. ok djm@ -commit 6fdcaeb99532e28a69f1a1599fbd540bb15b70a0 -Author: djm@openbsd.org -Date: Mon Oct 20 03:43:01 2014 +0000 +commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2 +Author: Tim Rice +Date: Mon Feb 23 22:06:56 2015 -0800 - upstream commit - - whitespace + cleaner way fix dispatch.h portion of commit + a88dd1da119052870bb2654c1a32c51971eade16 + (some systems have sig_atomic_t in signal.h, some in sys/signal.h) + Sounds good to me djm@ -commit 165bc8786299e261706ed60342985f9de93a7461 -Author: daniel@openbsd.org -Date: Tue Oct 14 03:09:59 2014 +0000 +commit 676c38d7cbe65b76bbfff796861bb6615cc6a596 +Author: Tim Rice +Date: Mon Feb 23 21:51:33 2015 -0800 - upstream commit - - plug a memory leak; from Maxime Villard. - - ok djm@ + portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255 -commit b1ba15f3885947c245c2dbfaad0a04ba050abea0 -Author: jmc@openbsd.org -Date: Thu Oct 9 06:21:31 2014 +0000 +commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6 +Author: Tim Rice +Date: Mon Feb 23 21:50:34 2015 -0800 - upstream commit - - tweak previous; + portablity fix: s/__inline__/inline/ -commit 259a02ebdf74ad90b41d116ecf70aa823fa4c6e7 -Author: djm@openbsd.org -Date: Mon Oct 13 00:38:35 2014 +0000 +commit 4c356308a88d309c796325bb75dce90ca16591d5 +Author: Darren Tucker +Date: Tue Feb 24 13:49:31 2015 +1100 - upstream commit - - whitespace + Wrap stdint.h includes in HAVE_STDINT_H. -commit 957fbceb0f3166e41b76fdb54075ab3b9cc84cba -Author: djm@openbsd.org -Date: Wed Oct 8 22:20:25 2014 +0000 +commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614 +Author: Darren Tucker +Date: Tue Feb 24 13:43:57 2015 +1100 - upstream commit - - Tweak config reparsing with host canonicalisation - - Make the second pass through the config files always run when - hostname canonicalisation is enabled. - - Add a "Match canonical" criteria that allows ssh_config Match - blocks to trigger only in the second config pass. + Add AI_NUMERICSERV to fake-rfc2553. - Add a -G option to ssh that causes it to parse its configuration - and dump the result to stdout, similar to "sshd -T" + Our getaddrinfo implementation always returns numeric values already. + +commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4 +Author: Darren Tucker +Date: Tue Feb 24 13:39:57 2015 +1100 + + Include OpenSSL's objects.h before bn.h. - Allow ssh_config Port options set in the second config parse - phase to be applied (they were being ignored). + Prevents compile errors on some platforms (at least old GCCs and AIX's + XLC compilers). + +commit dcc8997d116f615195aa7c9ec019fb36c28c6228 +Author: Darren Tucker +Date: Tue Feb 24 12:30:59 2015 +1100 + + Convert two macros into functions. - bz#2267 bz#2286; ok markus + Convert packet_send_debug and packet_disconnect from macros to + functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with + variadic macros with only one argument so we convert these two into + functions. ok djm@ -commit 5c0dafd38bf66feeeb45fa0741a5baf5ad8039ba +commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1 Author: djm@openbsd.org -Date: Wed Oct 8 22:15:27 2014 +0000 +Date: Mon Feb 23 22:21:21 2015 +0000 upstream commit - another -Wpointer-sign from clang + further silence spurious error message even when -v is + specified (e.g. to get visual host keys); reported by naddy@ -commit bb005dc815ebda9af3ae4b39ca101c4da918f835 -Author: djm@openbsd.org -Date: Wed Oct 8 22:15:06 2014 +0000 +commit 9af21979c00652029e160295e988dea40758ece2 +Author: Damien Miller +Date: Tue Feb 24 09:04:32 2015 +1100 - upstream commit + don't include stdint.h unless HAVE_STDINT_H set + +commit 62f678dd51660d6f8aee1da33d3222c5de10a89e +Author: Damien Miller +Date: Tue Feb 24 09:02:54 2015 +1100 + + nother sys/queue.h -> sys-queue.h fix - fix a few -Wpointer-sign warnings from clang + spotted by Tom Christensen -commit 3cc1fbb4fb0e804bfb873fd363cea91b27fc8188 +commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f Author: djm@openbsd.org -Date: Wed Oct 8 21:45:48 2014 +0000 +Date: Mon Feb 23 20:32:15 2015 +0000 upstream commit - parse cert sections using nested buffers to reduce - copies; ok markus + fix a race condition by using a mux socket rather than an + ineffectual wait statement -commit 4a45922aebf99164e2fc83d34fe55b11ae1866ef +commit a88dd1da119052870bb2654c1a32c51971eade16 +Author: Damien Miller +Date: Tue Feb 24 06:30:29 2015 +1100 + + various include fixes for portable + +commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd Author: djm@openbsd.org -Date: Mon Oct 6 00:47:15 2014 +0000 +Date: Mon Feb 23 16:55:51 2015 +0000 upstream commit - correct options in usage(); from mancha1 AT zoho.com + add an XXX to remind me to improve sshkey_load_public -commit 48dffd5bebae6fed0556dc5c36cece0370690618 +commit e94e4b07ef2eaead38b085a60535df9981cdbcdb Author: djm@openbsd.org -Date: Tue Sep 9 09:45:36 2014 +0000 +Date: Mon Feb 23 16:55:31 2015 +0000 upstream commit - mention permissions on tun(4) devices in PermitTunnel - documentation; bz#2273 + silence a spurious error message when listing + fingerprints for known_hosts; bz#2342 -commit a5883d4eccb94b16c355987f58f86a7dee17a0c2 +commit f2293a65392b54ac721f66bc0b44462e8d1d81f8 Author: djm@openbsd.org -Date: Wed Sep 3 18:55:07 2014 +0000 +Date: Mon Feb 23 16:33:25 2015 +0000 upstream commit - tighten permissions on pty when the "tty" group does - not exist; pointed out by Corinna Vinschen; ok markus + fix setting/clearing of TTY raw mode around + UpdateHostKeys=ask confirmation question; reported by Herb Goldman -commit 180bcb406b58bf30723c01a6b010e48ee626dda8 -Author: sobrado@openbsd.org -Date: Sat Aug 30 16:32:25 2014 +0000 +commit f2004cd1adf34492eae0a44b1ef84e0e31b06088 +Author: Darren Tucker +Date: Mon Feb 23 05:04:21 2015 +1100 - upstream commit + Repair for non-ECC OpenSSL. - typo. + Ifdef out the ECC parts when building with an OpenSSL that doesn't have + it. -commit f70b22bcdd52f6bf127047b3584371e6e5d45627 -Author: sobrado@openbsd.org -Date: Sat Aug 30 15:33:50 2014 +0000 +commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f +Author: Darren Tucker +Date: Mon Feb 23 03:07:24 2015 +1100 - upstream commit - - improve capitalization for the Ed25519 public-key - signature system. - - ok djm@ + Wrap stdint.h includes in ifdefs. -commit 7df8818409c752cf3f0c3f8044fe9aebed8647bd -Author: doug@openbsd.org -Date: Thu Aug 21 01:08:52 2014 +0000 +commit f81f1bbc5b892c8614ea740b1f92735652eb43f0 +Author: Tim Rice +Date: Sat Feb 21 18:12:10 2015 -0800 - upstream commit + out of tree build fix + +commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae +Author: Tim Rice +Date: Sat Feb 21 18:08:51 2015 -0800 + + mkdir kex unit test directory so testing out of tree builds works + +commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c +Author: halex@openbsd.org +Date: Sat Feb 21 21:46:57 2015 +0000 + + upstream commit - Free resources on error in mkstemp and fdopen + make "ssh-add -d" properly remove a corresponding + certificate, and also not whine and fail if there is none ok djm@ -commit 40ba4c9733aaed08304714faeb61529f18da144b -Author: deraadt@openbsd.org -Date: Wed Aug 20 01:28:55 2014 +0000 +commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6 +Author: Damien Miller +Date: Sun Feb 22 07:57:27 2015 +1100 - upstream commit - - djm how did you make a typo like that... + mkdir hostkey and bitmap unit test directories -commit 57d378ec9278ba417a726f615daad67d157de666 +commit bd49da2ef197efac5e38f5399263a8b47990c538 Author: djm@openbsd.org -Date: Tue Aug 19 23:58:28 2014 +0000 +Date: Fri Feb 20 23:46:01 2015 +0000 upstream commit - When dumping the server configuration (sshd -T), print - correct KEX, MAC and cipher defaults. Spotted by Iain Morgan + sort options useable under Match case-insensitively; prodded + jmc@ -commit 7ff880ede5195d0b17e7f1e3b6cfbc4cb6f85240 +commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac Author: djm@openbsd.org -Date: Tue Aug 19 23:57:18 2014 +0000 +Date: Sat Feb 21 20:51:02 2015 +0000 upstream commit - ~-expand lcd paths + correct paths to configuration files being written/updated; + they live in $OBJ not cwd; some by Roumen Petrov -commit 4460a7ad0c78d4cd67c467f6e9f4254d0404ed59 -Author: Damien Miller -Date: Sun Oct 12 12:35:48 2014 +1100 +commit 28ba006c1acddff992ae946d0bc0b500b531ba6b +Author: Darren Tucker +Date: Sat Feb 21 15:41:07 2015 +1100 - remove duplicated KEX_DH1 entry + More correct checking of HAVE_DECL_AI_NUMERICSERV. -commit c9b8426a616138d0d762176c94f51aff3faad5ff -Author: Damien Miller -Date: Thu Oct 9 10:34:06 2014 +1100 +commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54 +Author: Darren Tucker +Date: Sat Feb 21 15:10:33 2015 +1100 - remove ChangeLog file + Add null declaration of AI_NUMERICINFO. - Commit logs will be generated from git at release time. + Some platforms (older FreeBSD and DragonFly versions) do have + getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero + in those cases. -commit 81d18ff7c93a04affbf3903e0963859763219aed -Author: Damien Miller -Date: Tue Oct 7 21:24:25 2014 +1100 +commit 18a208d6a460d707a45916db63a571e805f5db46 +Author: djm@openbsd.org +Date: Fri Feb 20 22:40:32 2015 +0000 - delete contrib/caldera directory + upstream commit + + more options that are available under Match; bz#2353 reported + by calestyo AT scientia.net -commit 0ec9e87d3638206456968202f05bb5123670607a -Author: Damien Miller -Date: Tue Oct 7 19:57:27 2014 +1100 +commit 44732de06884238049f285f1455b2181baa7dc82 +Author: djm@openbsd.org +Date: Fri Feb 20 22:17:21 2015 +0000 - test commit + upstream commit + + UpdateHostKeys fixes: + + I accidentally changed the format of the hostkeys@openssh.com messages + last week without changing the extension name, and this has been causing + connection failures for people who are running -current. First reported + by sthen@ + + s/hostkeys@openssh.com/hostkeys-00@openssh.com/ + Change the name of the proof message too, and reorder it a little. + + Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY + available to read the response) so disable UpdateHostKeys if it is in + ask mode and ControlPersist is active (and document this) -commit 8fb65a44568701b779f3d77326bceae63412d28d -Author: Damien Miller -Date: Tue Oct 7 09:21:49 2014 +1100 +commit 13a39414d25646f93e6d355521d832a03aaaffe2 +Author: djm@openbsd.org +Date: Tue Feb 17 00:14:05 2015 +0000 - - (djm) Release OpenSSH-6.7 + upstream commit + + Regression: I broke logging of public key fingerprints in + 1.46. Pointed out by Pontus Lundkvist -commit e8c9f2602c46f6781df5e52e6cd8413dab4602a3 +commit 773dda25e828c4c9a52f7bdce6e1e5924157beab Author: Damien Miller -Date: Fri Oct 3 09:24:56 2014 +1000 - - - (djm) [sshd_config.5] typo; from Iain Morgan +Date: Fri Jan 30 23:10:17 2015 +1100 -commit 703b98a26706f5083801d11059486d77491342ae -Author: Damien Miller -Date: Wed Oct 1 09:43:07 2014 +1000 + repair --without-openssl; broken in refactor - - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c] - [openbsd-compat/openbsd-compat.h] Kludge around bad glibc - _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; - ok dtucker@ +commit e89c780886b23600de1e1c8d74aabd1ff61f43f0 +Author: Damien Miller +Date: Tue Feb 17 10:04:55 2015 +1100 -commit 0fa0ed061bbfedb0daa705e220748154a84c3413 -Author: Damien Miller -Date: Wed Sep 10 08:15:34 2014 +1000 + hook up hostkeys unittest to portable Makefiles - - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc; - patch from Felix von Leitner; ok dtucker +commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99 +Author: djm@openbsd.org +Date: Mon Feb 16 22:21:03 2015 +0000 -commit ad7d23d461c3b7e1dcb15db13aee5f4b94dc1a95 -Author: Darren Tucker -Date: Tue Sep 9 12:23:10 2014 +1000 + upstream commit + + enable hostkeys unit tests - 20140908 - - (dtucker) [INSTALL] Update info about egd. ok djm@ +commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b +Author: djm@openbsd.org +Date: Mon Feb 16 22:20:50 2015 +0000 -commit 2a8699f37cc2515e3bc60e0c677ba060f4d48191 -Author: Damien Miller -Date: Thu Sep 4 03:46:05 2014 +1000 + upstream commit + + check string/memory compare arguments aren't NULL - - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG +commit ef575ef20d09f20722e26b45dab80b3620469687 +Author: djm@openbsd.org +Date: Mon Feb 16 22:18:34 2015 +0000 -commit 44988defb1f5e3afe576d86000365e1f07a1b494 -Author: Damien Miller -Date: Wed Sep 3 05:35:32 2014 +1000 + upstream commit + + unit tests for hostfile.c code, just hostkeys_foreach so + far - - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to - permissions/ACLs; from Corinna Vinschen +commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7 +Author: markus@openbsd.org +Date: Sat Feb 14 12:43:16 2015 +0000 -commit 23f269562b7537b2f6f5014e50a25e5dcc55a837 -Author: Damien Miller -Date: Wed Sep 3 05:33:25 2014 +1000 + upstream commit + + test server rekey limit - - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and - conditionalise to avoid duplicate definition. +commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3 +Author: djm@openbsd.org +Date: Mon Feb 16 22:30:03 2015 +0000 -commit 41c8de2c0031cf59e7cf0c06b5bcfbf4852c1fda -Author: Damien Miller -Date: Sat Aug 30 16:23:06 2014 +1000 + upstream commit + + partial backout of: + + revision 1.441 + date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid + : x8klYPZMJSrVlt3O; + Let sshd load public host keys even when private keys are missing. + Allows sshd to advertise additional keys for future key rotation. + Also log fingerprint of hostkeys loaded; ok markus@ + + hostkey updates now require access to the private key, so we can't + load public keys only. The improved log messages (fingerprints of keys + loaded) are kept. - - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ +commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc +Author: djm@openbsd.org +Date: Mon Feb 16 22:13:32 2015 +0000 -commit d7c81e216a7bd9eed6e239c970d9261bb1651947 -Author: Damien Miller -Date: Sat Aug 30 04:18:28 2014 +1000 + upstream commit + + Revise hostkeys@openssh.com hostkey learning extension. + + The client will not ask the server to prove ownership of the private + halves of any hitherto-unseen hostkeys it offers to the client. + + Allow UpdateHostKeys option to take an 'ask' argument to let the + user manually review keys offered. + + ok markus@ - - (djm) [openbsd-compat/openssl-compat.h] add include guard +commit 6c5c949782d86a6e7d58006599c7685bfcd01685 +Author: djm@openbsd.org +Date: Mon Feb 16 22:08:57 2015 +0000 -commit 4687802dda57365b984b897fc3c8e2867ea09b22 -Author: Damien Miller -Date: Sat Aug 30 03:29:19 2014 +1000 + upstream commit + + Refactor hostkeys_foreach() and dependent code Deal with + IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing + changed ok markus@ as part of larger commit - - (djm) [misc.c] Missing newline between functions +commit 51b082ccbe633dc970df1d1f4c9c0497115fe721 +Author: miod@openbsd.org +Date: Mon Feb 16 18:26:26 2015 +0000 -commit 51c77e29220dee87c53be2dc47092934acab26fe -Author: Damien Miller -Date: Sat Aug 30 02:30:30 2014 +1000 + upstream commit + + Declare ge25519_base as extern, to prevent it from + becoming a common. Gets us rid of ``lignment 4 of symbol + `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in + mod_ed25519.o'' warnings at link time. - - (djm) [openbsd-compat/openssl-compat.h] add - OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them +commit 02db468bf7e3281a8e3c058ced571b38b6407c34 +Author: markus@openbsd.org +Date: Fri Feb 13 18:57:00 2015 +0000 -commit 3d673d103bad35afaec6e7ef73e5277216ce33a3 -Author: Damien Miller -Date: Wed Aug 27 06:32:01 2014 +1000 + upstream commit + + make rekey_limit for sshd w/privsep work; ok djm@ + dtucker@ - - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() - using memset_s() where possible; improve fallback to indirect bzero - via a volatile pointer to give it more of a chance to avoid being - optimised away. +commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8 +Author: dtucker@openbsd.org +Date: Thu Feb 12 20:34:19 2015 +0000 -commit 146218ac11a1eb0dcade6f793d7acdef163b5ddc -Author: Damien Miller -Date: Wed Aug 27 04:11:55 2014 +1000 - - - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth - monitor, not preauth; bz#2263 + upstream commit + + Prevent sshd spamming syslog with + "ssh_dispatch_run_fatal: disconnected". ok markus@ -commit 1b215c098b3b37e38aa4e4c91bb908eee41183b1 -Author: Damien Miller -Date: Wed Aug 27 04:04:40 2014 +1000 +commit d4c0295d1afc342057ba358237acad6be8af480b +Author: djm@openbsd.org +Date: Wed Feb 11 01:20:38 2015 +0000 - - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] - [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] - [regress/unittests/sshkey/common.c] - [regress/unittests/sshkey/test_file.c] - [regress/unittests/sshkey/test_fuzz.c] - [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h - on !ECC OpenSSL systems + upstream commit + + Some packet error messages show the address of the peer, + but might be generated after the socket to the peer has suffered a TCP reset. + In these cases, getpeername() won't work so cache the address earlier. + + spotted in the wild via deraadt@ and tedu@ -commit ad013944af0a19e3f612089d0099bb397cf6502d -Author: Damien Miller -Date: Tue Aug 26 09:27:28 2014 +1000 +commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d +Author: jsg@openbsd.org +Date: Mon Feb 9 23:22:37 2015 +0000 - - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, - update OpenSSL version requirement. + upstream commit + + fix some leaks in error paths ok markus@ -commit ed126de8ee04c66640a0ea2697c4aaf36801f100 -Author: Damien Miller -Date: Tue Aug 26 08:37:47 2014 +1000 +commit fd36834871d06a03e1ff8d69e41992efa1bbf85f +Author: millert@openbsd.org +Date: Fri Feb 6 23:21:59 2015 +0000 - - (djm) [bufec.c] Skip this file on !ECC OpenSSL + upstream commit + + SIZE_MAX is standard, we should be using it in preference to + the obsolete SIZE_T_MAX. OK miod@ beck@ -commit 9c1dede005746864a4fdb36a7cdf6c51296ca909 -Author: Damien Miller -Date: Sun Aug 24 03:01:06 2014 +1000 +commit 1910a286d7771eab84c0b047f31c0a17505236fa +Author: millert@openbsd.org +Date: Thu Feb 5 12:59:57 2015 +0000 - - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not - PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen + upstream commit + + Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ -commit d244a5816fd1312a33404b436e4dd83594f1119e -Author: Damien Miller -Date: Sat Aug 23 17:06:49 2014 +1000 +commit ce4f59b2405845584f45e0b3214760eb0008c06c +Author: deraadt@openbsd.org +Date: Tue Feb 3 08:07:20 2015 +0000 - - (djm) [configure.ac] We now require a working vsnprintf everywhere (not - just for systems that lack asprintf); check for it always and extend - test to catch more brokenness. Fixes builds on Solaris <= 9 + upstream commit + + missing ; djm and mlarkin really having great + interactions recently -commit 4cec036362a358e398e6a2e6d19d8e5780558634 -Author: Damien Miller -Date: Sat Aug 23 03:11:09 2014 +1000 +commit 5d34aa94938abb12b877a25be51862757f25d54b +Author: halex@openbsd.org +Date: Tue Feb 3 00:34:14 2015 +0000 - - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on - lastlog writing on platforms with high UIDs; bz#2263 + upstream commit + + slightly extend the passphrase prompt if running with -c + in order to give the user a chance to notice if unintentionally running + without it + + wording tweak and ok djm@ -commit 394a60f2598d28b670d934b93942a3370b779b39 -Author: Damien Miller -Date: Fri Aug 22 18:06:20 2014 +1000 +commit cb3bde373e80902c7d5d0db429f85068d19b2918 +Author: djm@openbsd.org +Date: Mon Feb 2 22:48:53 2015 +0000 - - (djm) [configure.ac] double braces to appease autoconf + upstream commit + + handle PKCS#11 C_Login returning + CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@ -commit 4d69aeabd6e60afcdc7cca177ca751708ab79a9d -Author: Damien Miller -Date: Fri Aug 22 17:48:27 2014 +1000 +commit 15ad750e5ec3cc69765b7eba1ce90060e7083399 +Author: djm@openbsd.org +Date: Mon Feb 2 07:41:40 2015 +0000 - - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ - definition mismatch) and warning for broken/missing snprintf case. + upstream commit + + turn UpdateHostkeys off by default until I figure out + mlarkin@'s warning message; requested by deraadt@ -commit 0c11f1ac369d2c0aeb0ab0458a7cd04c72fe5e9e -Author: Damien Miller -Date: Fri Aug 22 17:36:56 2014 +1000 +commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 +Author: deraadt@openbsd.org +Date: Mon Feb 2 01:57:44 2015 +0000 - - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC + upstream commit + + increasing encounters with difficult DNS setups in + darknets has convinced me UseDNS off by default is better ok djm -commit 6d62784b8973340b251fea6b04890f471adf28db -Author: Damien Miller -Date: Fri Aug 22 17:36:19 2014 +1000 +commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38 +Author: djm@openbsd.org +Date: Sat Jan 31 20:30:05 2015 +0000 - - (djm) [configure.ac] include leading zero characters in OpenSSL version - number; fixes test for unsupported versions + upstream commit + + Let sshd load public host keys even when private keys are + missing. Allows sshd to advertise additional keys for future key rotation. + Also log fingerprint of hostkeys loaded; ok markus@ -commit 4f1ff1ed782117f5d5204d4e91156ed5da07cbb7 -Author: Damien Miller -Date: Thu Aug 21 15:54:50 2014 +1000 +commit 46347ed5968f582661e8a70a45f448e0179ca0ab +Author: djm@openbsd.org +Date: Fri Jan 30 11:43:14 2015 +0000 - - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that - don't set __progname. Diagnosed by Tom Christensen. + upstream commit + + Add a ssh_config HostbasedKeyType option to control which + host public key types are tried during hostbased authentication. + + This may be used to prevent too many keys being sent to the server, + and blowing past its MaxAuthTries limit. + + bz#2211 based on patch by Iain Morgan; ok markus@ -commit 005a64da0f457410045ef0bfa93c863c2450447d -Author: Damien Miller -Date: Thu Aug 21 10:48:41 2014 +1000 +commit 802660cb70453fa4d230cb0233bc1bbdf8328de1 +Author: djm@openbsd.org +Date: Fri Jan 30 10:44:49 2015 +0000 - - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL + upstream commit + + set a timeout to prevent hangs when talking to busted + servers; ok markus@ -commit aa6598ebb3343c7380e918388e10e8ca5852b613 -Author: Damien Miller -Date: Thu Aug 21 10:47:54 2014 +1000 +commit 86936ec245a15c7abe71a0722610998b0a28b194 +Author: djm@openbsd.org +Date: Fri Jan 30 01:11:39 2015 +0000 - - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. + upstream commit + + regression test for 'wildcard CA' serial/key ID revocations -commit 54703e3cf63f0c80d4157e5ad7dbc2b363ee2c56 -Author: Damien Miller -Date: Wed Aug 20 11:10:51 2014 +1000 +commit 4509b5d4a4fa645a022635bfa7e86d09b285001f +Author: djm@openbsd.org +Date: Fri Jan 30 01:13:33 2015 +0000 - - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna + upstream commit + + avoid more fatal/exit in the packet.c paths that + ssh-keyscan uses; feedback and "looks good" markus@ -commit f0935698f0461f24d8d1f1107b476ee5fd4db1cb -Author: Damien Miller -Date: Wed Aug 20 11:06:50 2014 +1000 +commit 669aee994348468af8b4b2ebd29b602cf2860b22 +Author: djm@openbsd.org +Date: Fri Jan 30 01:10:33 2015 +0000 - - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC + upstream commit + + permit KRLs that revoke certificates by serial number or + key ID without scoping to a particular CA; ok markus@ -commit c5089ecaec3b2c02f014f4e67518390702a4ba14 -Author: Damien Miller -Date: Wed Aug 20 11:06:20 2014 +1000 +commit 7a2c368477e26575d0866247d3313da4256cb2b5 +Author: djm@openbsd.org +Date: Fri Jan 30 00:59:19 2015 +0000 - - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than - -L/-l; fixes linking problems on some platforms + upstream commit + + missing parentheses after if in do_convert_from() broke + private key conversion from other formats some time in 2010; bz#2345 reported + by jjelen AT redhat.com -commit 2195847e503a382f83ee969b0a8bd3dfe0e55c18 -Author: Damien Miller -Date: Wed Aug 20 11:05:03 2014 +1000 +commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355 +Author: djm@openbsd.org +Date: Fri Jan 30 00:22:25 2015 +0000 - - (djm) [configure.ac] Check OpenSSL version is supported at configure time; - suggested by Kevin Brott + upstream commit + + fix ssh protocol 1, spotted by miod@ -commit a75aca1bbc989aa9f8b1b08489d37855f3d24d1a -Author: Damien Miller -Date: Tue Aug 19 11:36:07 2014 +1000 +commit 9ce86c926dfa6e0635161b035e3944e611cbccf0 +Author: djm@openbsd.org +Date: Wed Jan 28 22:36:00 2015 +0000 - - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README] - [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions - of TCP wrappers. + upstream commit + + update to new API (key_fingerprint => sshkey_fingerprint) + check sshkey_fingerprint return values; ok markus -commit 3f022b5a9477abceeb1bbeab04b055f3cc7ca8f6 -Author: Damien Miller -Date: Tue Aug 19 11:32:34 2014 +1000 +commit 9125525c37bf73ad3ee4025520889d2ce9d10f29 +Author: djm@openbsd.org +Date: Wed Jan 28 22:05:31 2015 +0000 - - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG + upstream commit + + avoid fatal() calls in packet code makes ssh-keyscan more + reliable against server failures ok dtucker@ markus@ -commit 88137902632aceb923990e98cf5dc923bb3ef2f5 -Author: Damien Miller -Date: Tue Aug 19 11:28:11 2014 +1000 +commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb +Author: djm@openbsd.org +Date: Wed Jan 28 21:15:47 2015 +0000 - - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. + upstream commit + + avoid fatal() calls in packet code makes ssh-keyscan more + reliable against server failures ok dtucker@ markus@ -commit 2f3d1e7fb2eabd3cfbfd8d0f7bdd2f9a1888690b -Author: Damien Miller -Date: Tue Aug 19 11:14:36 2014 +1000 +commit 1a3d14f6b44a494037c7deab485abe6496bf2c60 +Author: djm@openbsd.org +Date: Wed Jan 28 11:07:25 2015 +0000 - - (djm) [myproposal.h] Make curve25519 KEX dependent on - HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC. + upstream commit + + remove obsolete comment -commit d4e7d59d01a6c7f59e8c1f94a83c086e9a33d8aa -Author: Damien Miller -Date: Tue Aug 19 11:14:17 2014 +1000 +commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639 +Author: okan@openbsd.org +Date: Tue Jan 27 12:54:06 2015 +0000 - - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen + upstream commit + + Since r1.2 removed the use of PRI* macros, inttypes.h is + no longer required. + + ok djm@ -commit 9eaeea2cf2b6af5f166cfa9ad3c7a90711a147a9 +commit 69ff64f69615c2a21c97cb5878a0996c21423257 Author: Damien Miller -Date: Sun Aug 10 11:35:05 2014 +1000 +Date: Tue Jan 27 23:07:43 2015 +1100 - - (djm) [README contrib/caldera/openssh.spec] - [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions + compile on systems without TCP_MD5SIG (e.g. OSX) -commit f8988fbef0c9801d19fa2f8f4f041690412bec37 +commit 358964f3082fb90b2ae15bcab07b6105cfad5a43 Author: Damien Miller -Date: Fri Aug 1 13:31:52 2014 +1000 +Date: Tue Jan 27 23:07:25 2015 +1100 - - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate - nc from stdin, it's more portable + use ssh-keygen under test rather than system's -commit 5b3879fd4b7a4e3d43bab8f40addda39bc1169d0 +commit a2c95c1bf33ea53038324d1fdd774bc953f98236 Author: Damien Miller -Date: Fri Aug 1 12:28:31 2014 +1000 +Date: Tue Jan 27 23:06:59 2015 +1100 - - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin - is closed; avoid regress failures when stdin is /dev/null + OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX -commit a9c46746d266f8a1b092a72b2150682d1af8ebfc +commit ade31d7b6f608a19b85bee29a7a00b1e636a2919 Author: Damien Miller -Date: Fri Aug 1 12:26:49 2014 +1000 +Date: Tue Jan 27 23:06:23 2015 +1100 - - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need - a better solution, but this will have to do for now. + these need active_state defined to link on OSX + + temporary measure until active_state goes away entirely -commit 426117b2e965e43f47015942b5be8dd88fe74b88 -Author: Damien Miller -Date: Wed Jul 30 12:33:20 2014 +1000 +commit e56aa87502f22c5844918c10190e8b4f785f067b +Author: djm@openbsd.org +Date: Tue Jan 27 12:01:36 2015 +0000 - - schwarze@cvs.openbsd.org 2014/07/28 15:40:08 - [sftp-server.8 sshd_config.5] - some systems no longer need /dev/log; - issue noticed by jirib; - ok deraadt + upstream commit + + use printf instead of echo -n to reduce diff against + -portable -commit f497794b6962eaf802ab4ac2a7b22ae591cca1d5 -Author: Damien Miller -Date: Wed Jul 30 12:32:46 2014 +1000 +commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068 +Author: jmc@openbsd.org +Date: Mon Jan 26 13:55:29 2015 +0000 - - dtucker@cvs.openbsd.org 2014/07/25 21:22:03 - [ssh-agent.c] - Clear buffer used for handling messages. This prevents keys being - left in memory after they have been expired or deleted in some cases - (but note that ssh-agent is setgid so you would still need root to - access them). Pointed out by Kevin Burns, ok deraadt + upstream commit + + sort previous; -commit a8a0f65c57c8ecba94d65948e9090da54014dfef -Author: Damien Miller -Date: Wed Jul 30 12:32:28 2014 +1000 +commit 3076ee7d530d5b16842fac7a6229706c7e5acd26 +Author: djm@openbsd.org +Date: Mon Jan 26 13:36:53 2015 +0000 - - OpenBSD CVS Sync - - millert@cvs.openbsd.org 2014/07/24 22:57:10 - [ssh.1] - Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@ + upstream commit + + properly restore umask -commit 56b840f2b81e14a2f95c203403633a72566736f8 -Author: Damien Miller -Date: Fri Jul 25 08:11:30 2014 +1000 +commit d411d395556b73ba1b9e451516a0bd6697c4b03d +Author: djm@openbsd.org +Date: Mon Jan 26 06:12:18 2015 +0000 - - (djm) [regress/multiplex.sh] restore incorrectly deleted line; - pointed out by Christian Hesse + upstream commit + + regression test for host key rotation -commit dd417b60d5ca220565d1014e92b7f8f43dc081eb -Author: Darren Tucker -Date: Wed Jul 23 10:41:21 2014 +1000 +commit fe8a3a51699afbc6407a8fae59b73349d01e49f8 +Author: djm@openbsd.org +Date: Mon Jan 26 06:11:28 2015 +0000 - - dtucker@cvs.openbsd.org 2014/07/22 23:35:38 - [regress/unittests/sshkey/testdata/*] - Regenerate test keys with certs signed with ed25519 instead of ecdsa. - These can be used in -portable on platforms that don't support ECDSA. + upstream commit + + adapt to sshkey API tweaks -commit 40e50211896369dba8f64f3b5e5fd58b76f5ac3f -Author: Darren Tucker -Date: Wed Jul 23 10:35:45 2014 +1000 +commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434 +Author: miod@openbsd.org +Date: Sat Jan 24 10:39:21 2015 +0000 - - dtucker@cvs.openbsd.org 2014/07/22 23:57:40 - [regress/unittests/sshkey/mktestdata.sh] - Add $OpenBSD tag to make syncs easier + upstream commit + + Move -lz late in the linker commandline for things to + build on static arches. -commit 07e644251e809b1d4c062cf85bd1146a7e3f5a8a -Author: Darren Tucker -Date: Wed Jul 23 10:34:26 2014 +1000 +commit 0dad3b806fddb93c475b30853b9be1a25d673a33 +Author: miod@openbsd.org +Date: Fri Jan 23 21:21:23 2015 +0000 - - dtucker@cvs.openbsd.org 2014/07/22 23:23:22 - [regress/unittests/sshkey/mktestdata.sh] - Sign test certs with ed25519 instead of ecdsa so that they'll work in - -portable on platforms that don't have ECDSA in their OpenSSL. ok djm + upstream commit + + -Wpointer-sign is supported by gcc 4 only. -commit cea099a7c4eaecb01b001e5453bb4e5c25006c22 -Author: Darren Tucker -Date: Wed Jul 23 10:04:02 2014 +1000 +commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098 +Author: djm@openbsd.org +Date: Tue Jan 20 22:58:57 2015 +0000 - - djm@cvs.openbsd.org 2014/07/22 01:32:12 - [regress/multiplex.sh] - change the test for still-open Unix domain sockets to be robust against - nc implementations that produce error messages. from -portable - (Id sync only) + upstream commit + + use SUBDIR to recuse into unit tests; makes "make obj" + actually work -commit 31eb78078d349b32ea41952ecc944b3ad6cb0d45 -Author: Darren Tucker -Date: Wed Jul 23 09:43:42 2014 +1000 +commit 1d1092bff8db27080155541212b420703f8b9c92 +Author: djm@openbsd.org +Date: Mon Jan 26 12:16:36 2015 +0000 - - guenther@cvs.openbsd.org 2014/07/22 07:13:42 - [umac.c] - Convert from to the shiney new - ok dtucker@, who also confirmed that -portable handles this already - (ID sync only, includes.h pulls in endian.h if available.) + upstream commit + + correct description of UpdateHostKeys in ssh_config.5 and + add it to -o lists for ssh, scp and sftp; pointed out by jmc@ -commit 820763efef2d19d965602533036c2b4badc9d465 -Author: Darren Tucker -Date: Wed Jul 23 09:40:46 2014 +1000 +commit 5104db7cbd6cdd9c5971f4358e74414862fc1022 +Author: djm@openbsd.org +Date: Mon Jan 26 06:10:03 2015 +0000 - - dtucker@cvs.openbsd.org 2014/07/22 01:18:50 - [key.c] - Prevent spam from key_load_private_pem during hostbased auth. ok djm@ + upstream commit + + correctly match ECDSA subtype (== curve) for + offered/recevied host keys. Fixes connection-killing host key mismatches when + a server offers multiple ECDSA keys with different curve type (an extremely + unlikely configuration). + + ok markus, "looks mechanical" deraadt@ -commit c4ee219a66f3190fa96cbd45b4d11015685c6306 -Author: Darren Tucker -Date: Wed Jul 23 04:27:50 2014 +1000 +commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 +Author: djm@openbsd.org +Date: Mon Jan 26 03:04:45 2015 +0000 - - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa- - specific tests inside OPENSSL_HAS_ECC. + upstream commit + + Host key rotation support. + + Add a hostkeys@openssh.com protocol extension (global request) for + a server to inform a client of all its available host key after + authentication has completed. The client may record the keys in + known_hosts, allowing it to upgrade to better host key algorithms + and a server to gracefully rotate its keys. + + The client side of this is controlled by a UpdateHostkeys config + option (default on). + + ok markus@ -commit 04f4824940ea3edd60835416ececbae16438968a -Author: Damien Miller -Date: Tue Jul 22 11:31:47 2014 +1000 +commit 60b1825262b1f1e24fc72050b907189c92daf18e +Author: djm@openbsd.org +Date: Mon Jan 26 02:59:11 2015 +0000 - - (djm) [regress/multiplex.sh] change the test for still-open Unix - domain sockets to be robust against nc implementations that produce - error messages. + upstream commit + + small refactor and add some convenience functions; ok + markus -commit 5ea4fe00d55453aaa44007330bb4c3181bd9b796 -Author: Damien Miller -Date: Tue Jul 22 09:39:19 2014 +1000 +commit a5a3e3328ddce91e76f71ff479022d53e35c60c9 +Author: jmc@openbsd.org +Date: Thu Jan 22 21:00:42 2015 +0000 - - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow; - put it back + upstream commit + + heirarchy -> hierarchy; -commit 948a1774a79a85f9deba6d74db95f402dee32c69 -Author: Darren Tucker -Date: Tue Jul 22 01:07:11 2014 +1000 +commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11 +Author: deraadt@openbsd.org +Date: Thu Jan 22 20:24:41 2015 +0000 - - (dtucker) [sshkey.c] ifdef out unused variable when compiling without - OPENSSL_HAS_ECC. + upstream commit + + Provide a warning about chroot misuses (which sadly, seem + to have become quite popular because shiny). sshd cannot detect/manage/do + anything about these cases, best we can do is warn in the right spot in the + man page. ok markus -commit c8f610f6cc57ae129758052439d9baf13699097b -Author: Damien Miller -Date: Mon Jul 21 10:23:27 2014 +1000 +commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076 +Author: deraadt@openbsd.org +Date: Tue Jan 20 23:14:00 2015 +0000 - - (djm) [regress/multiplex.sh] Not all netcat accept the -N option. + upstream commit + + Reduce use of and transition to + throughout. ok djm markus -commit 0e4e95566cd95c887f69272499b8f3880b3ec0f5 -Author: Damien Miller -Date: Mon Jul 21 09:52:54 2014 +1000 +commit 57e783c8ba2c0797f93977e83b2a8644a03065d8 +Author: markus@openbsd.org +Date: Tue Jan 20 20:16:21 2015 +0000 - - millert@cvs.openbsd.org 2014/07/15 15:54:15 - [forwarding.sh multiplex.sh] - Add support for Unix domain socket forwarding. A remote TCP port - may be forwarded to a local Unix domain socket and vice versa or - both ends may be a Unix domain socket. This is a reimplementation - of the streamlocal patches by William Ahern from: - http://www.25thandclement.com/~william/projects/streamlocal.html - OK djm@ markus@ + upstream commit + + kex_setup errors are fatal() -commit 93a87ab27ecdc709169fb24411133998f81e2761 -Author: Darren Tucker -Date: Mon Jul 21 06:30:25 2014 +1000 +commit 1d6424a6ff94633c221297ae8f42d54e12a20912 +Author: djm@openbsd.org +Date: Tue Jan 20 08:02:33 2015 +0000 - - (dtucker) [regress/unittests/sshkey/ - {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in - ifdefs. + upstream commit + + this test would accidentally delete agent.sh if run without + obj/ -commit 5573171352ea23df2dc6d2fe0324d023b7ba697c -Author: Darren Tucker -Date: Mon Jul 21 02:24:59 2014 +1000 +commit 12b5f50777203e12575f1b08568281e447249ed3 +Author: djm@openbsd.org +Date: Tue Jan 20 07:56:44 2015 +0000 - - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits - needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm + upstream commit + + make this compile with KERBEROS5 enabled -commit 74e28682711d005026c7c8f15f96aea9d3c8b5a3 -Author: Tim Rice -Date: Fri Jul 18 20:00:11 2014 -0700 +commit e2cc6bef08941256817d44d146115b3478586ad4 +Author: djm@openbsd.org +Date: Tue Jan 20 07:55:33 2015 +0000 - - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used - in servconf.h. + upstream commit + + fix hostkeys in agent; ok markus@ -commit d1a0421f8e5e933fee6fb58ee6b9a22c63c8a613 -Author: Darren Tucker -Date: Sat Jul 19 07:23:55 2014 +1000 +commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1 +Author: Damien Miller +Date: Tue Jan 20 10:11:31 2015 +1100 - - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC. + fix kex test -commit f0fe9ea1be62227c130b317769de3d1e736b6dc1 -Author: Darren Tucker -Date: Sat Jul 19 06:33:12 2014 +1000 +commit c78a578107c7e6dcf5d30a2f34cb6581bef14029 +Author: markus@openbsd.org +Date: Mon Jan 19 20:45:25 2015 +0000 - - (dtucker) [Makefile.in] Add a t-exec target to run just the executable - tests. + upstream commit + + finally enable the KEX tests I wrote some years ago... -commit 450bc1180d4b061434a4b733c5c8814fa30b022b -Author: Darren Tucker -Date: Sat Jul 19 06:23:18 2014 +1000 +commit 31821d7217e686667d04935aeec99e1fc4a46e7e +Author: markus@openbsd.org +Date: Mon Jan 19 20:42:31 2015 +0000 - - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used - in servconf.h. + upstream commit + + adapt to new error message (SSH_ERR_MAC_INVALID) -commit ab2ec586baad122ed169285c31927ccf58bc7b28 -Author: Damien Miller -Date: Fri Jul 18 15:04:47 2014 +1000 +commit d3716ca19e510e95d956ae14d5b367e364bff7f1 +Author: djm@openbsd.org +Date: Mon Jan 19 17:31:13 2015 +0000 - - djm@cvs.openbsd.org 2014/07/18 02:46:01 - [ssh-agent.c] - restore umask around listener socket creation (dropped in streamlocal patch - merge) + upstream commit + + this test was broken in at least two ways, such that it + wasn't checking that a KRL was not excluding valid keys -commit 357610d15946381ae90c271837dcdd0cdce7145f -Author: Damien Miller -Date: Fri Jul 18 15:04:10 2014 +1000 +commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3 +Author: markus@openbsd.org +Date: Mon Jan 19 20:32:39 2015 +0000 - - djm@cvs.openbsd.org 2014/07/17 07:22:19 - [mux.c ssh.c] - reflect stdio-forward ("ssh -W host:port ...") failures in exit status. - previously we were always returning 0. bz#2255 reported by Brendan - Germain; ok dtucker + upstream commit + + switch ssh-keyscan from setjmp to multiple ssh transport + layer instances ok djm@ -commit dad9a4a0b7c2b5d78605f8df28718f116524134e -Author: Damien Miller -Date: Fri Jul 18 15:03:49 2014 +1000 +commit f582f0e917bb0017b00944783cd5f408bf4b0b5e +Author: markus@openbsd.org +Date: Mon Jan 19 20:30:23 2015 +0000 - - djm@cvs.openbsd.org 2014/07/17 00:12:03 - [key.c] - silence "incorrect passphrase" error spam; reported and ok dtucker@ + upstream commit + + add experimental api for packet layer; ok djm@ -commit f42f7684ecbeec6ce50e0310f80b3d6da2aaf533 -Author: Damien Miller -Date: Fri Jul 18 15:03:27 2014 +1000 +commit 48b3b2ba75181f11fca7f327058a591f4426cade +Author: markus@openbsd.org +Date: Mon Jan 19 20:20:20 2015 +0000 - - djm@cvs.openbsd.org 2014/07/17 00:10:18 - [mux.c] - preserve errno across syscall + upstream commit + + store compat flags in struct ssh; ok djm@ -commit 1b83320628cb0733e3688b85bfe4d388a7c51909 -Author: Damien Miller -Date: Fri Jul 18 15:03:02 2014 +1000 +commit 57d10cbe861a235dd269c74fb2fe248469ecee9d +Author: markus@openbsd.org +Date: Mon Jan 19 20:16:15 2015 +0000 - - djm@cvs.openbsd.org 2014/07/17 00:10:56 - [sandbox-systrace.c] - ifdef SYS_sendsyslog so this will compile without patching on -stable + upstream commit + + adapt kex to sshbuf and struct ssh; ok djm@ -commit 6d57656331bcd754d912950e4a18ad259d596e61 -Author: Damien Miller -Date: Fri Jul 18 15:02:06 2014 +1000 +commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a +Author: markus@openbsd.org +Date: Mon Jan 19 20:07:45 2015 +0000 - - jmc@cvs.openbsd.org 2014/07/16 14:48:57 - [ssh.1] - add the streamlocal* options to ssh's -o list; millert says they're - irrelevant for scp/sftp; + upstream commit - ok markus millert + move dispatch to struct ssh; ok djm@ -commit 7acefbbcbeab725420ea07397ae35992f505f702 -Author: Damien Miller -Date: Fri Jul 18 14:11:24 2014 +1000 +commit 091c302829210c41e7f57c3f094c7b9c054306f0 +Author: markus@openbsd.org +Date: Mon Jan 19 19:52:16 2015 +0000 - - millert@cvs.openbsd.org 2014/07/15 15:54:14 - [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] - [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] - [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] - [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] - [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] - [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] - [sshd_config.5 sshlogin.c] - Add support for Unix domain socket forwarding. A remote TCP port - may be forwarded to a local Unix domain socket and vice versa or - both ends may be a Unix domain socket. This is a reimplementation - of the streamlocal patches by William Ahern from: - http://www.25thandclement.com/~william/projects/streamlocal.html - OK djm@ markus@ + upstream commit + + update packet.c & isolate, introduce struct ssh a) switch + packet.c to buffer api and isolate per-connection info into struct ssh b) + (de)serialization of the state is moved from monitor to packet.c c) the old + packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and + integrated into packet.c with and ok djm@ -commit 6262d760e00714523633bd989d62e273a3dca99a -Author: Damien Miller -Date: Thu Jul 17 09:52:07 2014 +1000 +commit 4e62cc68ce4ba20245d208b252e74e91d3785b74 +Author: djm@openbsd.org +Date: Mon Jan 19 17:35:48 2015 +0000 - - tedu@cvs.openbsd.org 2014/07/11 13:54:34 - [myproposal.h] - by popular demand, add back hamc-sha1 to server proposal for better compat - with many clients still in use. ok deraadt + upstream commit + + fix format strings in (disabled) debugging -commit 9d69d937b46ecba17f16d923e538ceda7b705c7a -Author: Damien Miller -Date: Thu Jul 17 09:49:37 2014 +1000 +commit d85e06245907d49a2cd0cfa0abf59150ad616f42 +Author: djm@openbsd.org +Date: Mon Jan 19 06:01:32 2015 +0000 - - deraadt@cvs.openbsd.org 2014/07/11 08:09:54 - [sandbox-systrace.c] - Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, - update your kernels and sshd soon.. libc will start using sendsyslog() - in about 4 days. + upstream commit + + be a bit more careful in these tests to ensure that + known_hosts is clean -commit f6293a0b4129826fc2e37e4062f96825df43c326 -Author: Damien Miller -Date: Thu Jul 17 09:01:25 2014 +1000 +commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf +Author: djm@openbsd.org +Date: Sun Jan 18 22:00:18 2015 +0000 - - (djm) [digest-openssl.c] Preserve array order when disabling digests. - Reported by Petr Lautrbach. + upstream commit + + regression test for known_host file editing using + ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok + markus@ -commit 00f9cd230709c04399ef5ff80492d70a55230694 -Author: Damien Miller -Date: Tue Jul 15 10:41:38 2014 +1000 +commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3 +Author: djm@openbsd.org +Date: Sun Jan 18 19:54:46 2015 +0000 - - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto - has been located; fixes builds agains libressl-portable + upstream commit + + more and better key tests + + test signatures and verification + test certificate generation + flesh out nested cert test + + removes most of the XXX todo markers -commit 1d0df3249c87019556b83306c28d4769375c2edc -Author: Damien Miller -Date: Fri Jul 11 09:19:04 2014 +1000 +commit 589e69fd82724cfc9738f128e4771da2e6405d0d +Author: djm@openbsd.org +Date: Sun Jan 18 19:53:58 2015 +0000 - - OpenBSD CVS Sync - - benno@cvs.openbsd.org 2014/07/09 14:15:56 - [ssh-add.c] - fix ssh-add crash while loading more than one key - ok markus@ + upstream commit + + make the signature fuzzing test much more rigorous: + ensure that the fuzzed input cases do not match the original (using new + fuzz_matches_original() function) and check that the verification fails in + each case -commit 7a57eb3d105aa4ced15fb47001092c58811e6d9d -Author: Damien Miller -Date: Wed Jul 9 13:22:31 2014 +1000 +commit 80603c0daa2538c349c1c152405580b164d5475f +Author: djm@openbsd.org +Date: Sun Jan 18 19:52:44 2015 +0000 - - djm@cvs.openbsd.org 2014/07/07 08:15:26 - [multiplex.sh] - remove forced-fatal that I stuck in there to test the new cleanup - logic and forgot to remove... + upstream commit + + add a fuzz_matches_original() function to the fuzzer to + detect fuzz cases that are identical to the original data. Hacky + implementation, but very useful when you need the fuzz to be different, e.g. + when verifying signature -commit 612f965239a30fe536b11ece1834d9f470aeb029 -Author: Damien Miller -Date: Wed Jul 9 13:22:03 2014 +1000 +commit 87d5495bd337e358ad69c524fcb9495208c0750b +Author: djm@openbsd.org +Date: Sun Jan 18 19:50:55 2015 +0000 - - djm@cvs.openbsd.org 2014/07/06 07:42:03 - [multiplex.sh test-exec.sh] - add a hook to the cleanup() function to kill $SSH_PID if it is set + upstream commit - use it to kill the mux master started in multiplex.sh (it was being left - around on fatal failures) + better dumps from the fuzzer (shown on errors) - + include the original data as well as the fuzzed copy. -commit d0bb950485ba121e43a77caf434115ed6417b46f -Author: Damien Miller -Date: Wed Jul 9 13:07:28 2014 +1000 +commit d59ec478c453a3fff05badbbfd96aa856364f2c2 +Author: djm@openbsd.org +Date: Sun Jan 18 19:47:55 2015 +0000 - - djm@cvs.openbsd.org 2014/07/09 03:02:15 - [key.c] - downgrade more error() to debug() to better match what old authfile.c - did; suppresses spurious errors with hostbased authentication enabled + upstream commit + + enable hostkey-agent.sh test -commit 0070776a038655c57f57e70cd05e4c38a5de9d84 -Author: Damien Miller -Date: Wed Jul 9 13:07:06 2014 +1000 +commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105 +Author: djm@openbsd.org +Date: Sat Jan 17 18:54:30 2015 +0000 - - djm@cvs.openbsd.org 2014/07/09 01:45:10 - [sftp.c] - more useful error message when GLOB_NOSPACE occurs; - bz#2254, patch from Orion Poplawski + upstream commit + + unit test for hostkeys in ssh-agent -commit 079bac2a43c74ef7cf56850afbab3b1932534c50 -Author: Damien Miller -Date: Wed Jul 9 13:06:25 2014 +1000 +commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2 +Author: markus@openbsd.org +Date: Thu Jan 15 23:41:29 2015 +0000 - - djm@cvs.openbsd.org 2014/07/07 08:19:12 - [ssh_config.5] - mention that ProxyCommand is executed using shell "exec" to avoid - a lingering process; bz#1977 + upstream commit + + add kex unit tests -commit 3a48cc090096cf99b9de592deb5f90e444edebfb -Author: Damien Miller -Date: Sun Jul 6 09:32:49 2014 +1000 +commit d2099dec6da21ae627f6289aedae6bc1d41a22ce +Author: deraadt@openbsd.org +Date: Mon Jan 19 00:32:54 2015 +0000 - - djm@cvs.openbsd.org 2014/07/05 23:11:48 - [channels.c] - fix remote-forward cancel regression; ok markus@ + upstream commit + + djm, your /usr/include tree is old -commit 48bae3a38cb578713e676708164f6e7151cc64fa -Author: Damien Miller -Date: Sun Jul 6 09:27:06 2014 +1000 +commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54 +Author: djm@openbsd.org +Date: Sun Jan 18 21:51:19 2015 +0000 - - djm@cvs.openbsd.org 2014/07/03 23:18:35 - [authfile.h] - remove leakmalloc droppings + upstream commit + + some feedback from markus@: comment hostkeys_foreach() + context and avoid a member in it. -commit 72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826 -Author: Damien Miller -Date: Fri Jul 4 09:00:04 2014 +1000 +commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f +Author: djm@openbsd.org +Date: Sun Jan 18 21:49:42 2015 +0000 - - djm@cvs.openbsd.org 2014/07/03 22:40:43 - [servconf.c servconf.h session.c sshd.8 sshd_config.5] - Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is - executed, mirroring the no-user-rc authorized_keys option; - bz#2160; ok markus@ + upstream commit + + make ssh-keygen use hostkeys_foreach(). Removes some + horrendous code; ok markus@ -commit 602943d1179a08dfa70af94f62296ea5e3d6ebb8 -Author: Damien Miller -Date: Fri Jul 4 08:59:41 2014 +1000 +commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9 +Author: djm@openbsd.org +Date: Sun Jan 18 21:48:09 2015 +0000 - - djm@cvs.openbsd.org 2014/07/03 22:33:41 - [channels.c] - allow explicit ::1 and 127.0.0.1 forwarding bind addresses when - GatewayPorts=no; allows client to choose address family; - bz#2222 ok markus@ + upstream commit + + convert load_hostkeys() (hostkey ordering and + known_host matching) to use the new hostkey_foreach() iterator; ok markus -commit 6b37fbb7921d156b31e2c8f39d9e1b6746c34983 -Author: Damien Miller -Date: Fri Jul 4 08:59:24 2014 +1000 +commit c29811cc480a260e42fd88849fc86a80c1e91038 +Author: djm@openbsd.org +Date: Sun Jan 18 21:40:23 2015 +0000 - - djm@cvs.openbsd.org 2014/07/03 22:23:46 - [sshconnect.c] - when rekeying, skip file/DNS lookup if it is the same as the key sent - during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ + upstream commit + + introduce hostkeys_foreach() to allow iteration over a + known_hosts file or controlled subset thereof. This will allow us to pull out + some ugly and duplicated code, and will be used to implement hostkey rotation + later. + + feedback and ok markus -commit d2c3cd5f2e47ee24cf7093ce8e948c2e79dfc3fd -Author: Damien Miller -Date: Fri Jul 4 08:59:01 2014 +1000 +commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346 +Author: deraadt@openbsd.org +Date: Sun Jan 18 14:01:00 2015 +0000 - - jsing@cvs.openbsd.org 2014/07/03 12:42:16 - [cipher-chachapoly.c] - Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this - makes it easier to verify that chacha_encrypt_bytes() is only called once - per chacha_ivsetup() call. - ok djm@ + upstream commit + + string truncation due to sizeof(size) ok djm markus -commit 686feb560ec43a06ba04da82b50f3c183c947309 -Author: Damien Miller -Date: Thu Jul 3 21:29:38 2014 +1000 +commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41 +Author: djm@openbsd.org +Date: Sun Jan 18 13:33:34 2015 +0000 - - djm@cvs.openbsd.org 2014/07/03 11:16:55 - [auth.c auth.h auth1.c auth2.c] - make the "Too many authentication failures" message include the - user, source address, port and protocol in a format similar to the - authentication success / failure messages; bz#2199, ok dtucker + upstream commit + + avoid trailing ',' in host key algorithms -commit 0f12341402e18fd9996ec23189b9418d2722453f -Author: Damien Miller -Date: Thu Jul 3 21:28:09 2014 +1000 +commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007 +Author: djm@openbsd.org +Date: Sun Jan 18 13:22:28 2015 +0000 - - jmc@cvs.openbsd.org 2014/07/03 07:45:27 - [ssh_config.5] - escape %C since groff thinks it part of an Rs/Re block; + upstream commit + + infer key length correctly when user specified a fully- + qualified key name instead of using the -b bits option; ok markus@ -commit 9c38643c5cd47a19db2cc28279dcc28abadc22b3 -Author: Damien Miller -Date: Thu Jul 3 21:27:46 2014 +1000 +commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5 +Author: djm@openbsd.org +Date: Sat Jan 17 18:53:34 2015 +0000 - - djm@cvs.openbsd.org 2014/07/03 06:39:19 - [ssh.c ssh_config.5] - Add a %C escape sequence for LocalCommand and ControlPath that expands - to a unique identifer based on a has of the tuple of (local host, - remote user, hostname, port). - - Helps avoid exceeding sockaddr_un's miserly pathname limits for mux - control paths. + upstream commit - bz#2220, based on patch from mancha1 AT zoho.com; ok markus@ - -commit 49d9bfe2b2f3e90cc158a215dffa7675e57e7830 -Author: Damien Miller -Date: Thu Jul 3 21:26:42 2014 +1000 + fix hostkeys on ssh agent; found by unit test I'm about + to commit - - djm@cvs.openbsd.org 2014/07/03 05:38:17 - [ssh.1] - document that -g will only work in the multiplexed case if applied to - the mux master +commit 369d61f17657b814124268f99c033e4dc6e436c1 +Author: schwarze@openbsd.org +Date: Fri Jan 16 16:20:23 2015 +0000 -commit ef9f13ba4c58057b2166d1f2e790535da402fbe5 -Author: Damien Miller -Date: Thu Jul 3 21:26:21 2014 +1000 + upstream commit + + garbage collect empty .No macros mandoc warns about - - djm@cvs.openbsd.org 2014/07/03 05:32:36 - [ssh_config.5] - mention '%%' escape sequence in HostName directives and how it may - be used to specify IPv6 link-local addresses +commit bb8b442d32dbdb8521d610e10d8b248d938bd747 +Author: djm@openbsd.org +Date: Fri Jan 16 15:55:07 2015 +0000 -commit e6a407789e5432dd2e53336fb73476cc69048c54 -Author: Damien Miller -Date: Thu Jul 3 21:25:03 2014 +1000 + upstream commit + + regression: incorrect error message on + otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@ - - djm@cvs.openbsd.org 2014/07/03 04:36:45 - [digest.h] - forward-declare struct sshbuf so consumers don't need to include sshbuf.h +commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc +Author: djm@openbsd.org +Date: Fri Jan 16 07:19:48 2015 +0000 -commit 4a1d3d50f02d0a8a4ef95ea4749293cbfb89f919 -Author: Damien Miller -Date: Thu Jul 3 21:24:40 2014 +1000 + upstream commit + + when hostname canonicalisation is enabled, try to parse + hostnames as addresses before looking them up for canonicalisation. fixes + bz#2074 and avoids needless DNS lookups in some cases; ok markus + +commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c +Author: deraadt@openbsd.org +Date: Fri Jan 16 06:40:12 2015 +0000 + + upstream commit + + Replace with and other less + dirty headers where possible. Annotate lines with their + current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, + LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of + MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. + These are the files confirmed through binary verification. ok guenther, + millert, doug (helped with the verification protocol) + +commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c +Author: markus@openbsd.org +Date: Thu Jan 15 21:38:50 2015 +0000 + + upstream commit + + remove xmalloc, switch to sshbuf + +commit e17ac01f8b763e4b83976b9e521e90a280acc097 +Author: markus@openbsd.org +Date: Thu Jan 15 21:37:14 2015 +0000 + + upstream commit + + switch to sshbuf + +commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0 +Author: naddy@openbsd.org +Date: Thu Jan 15 18:32:54 2015 +0000 + + upstream commit + + handle UMAC128 initialization like UMAC; ok djm@ markus@ + +commit f14564c1f7792446bca143580aef0e7ac25dcdae +Author: djm@openbsd.org +Date: Thu Jan 15 11:04:36 2015 +0000 + + upstream commit + + fix regression reported by brad@ for passworded keys without + agent present + +commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e +Author: Damien Miller +Date: Thu Jan 15 22:08:23 2015 +1100 + + make bitmap test compile + +commit d333f89abf7179021e5c3f28673f469abe032062 +Author: djm@openbsd.org +Date: Thu Jan 15 07:36:28 2015 +0000 + + upstream commit + + unit tests for KRL bitmap + +commit 7613f828f49c55ff356007ae9645038ab6682556 +Author: markus@openbsd.org +Date: Wed Jan 14 09:58:21 2015 +0000 + + upstream commit + + re-add comment about full path + +commit 6c43b48b307c41cd656b415621a644074579a578 +Author: markus@openbsd.org +Date: Wed Jan 14 09:54:38 2015 +0000 + + upstream commit + + don't reset to the installed sshd; connect before + reconfigure, too + +commit 771bb47a1df8b69061f09462e78aa0b66cd594bf +Author: djm@openbsd.org +Date: Tue Jan 13 14:51:51 2015 +0000 + + upstream commit + + implement a SIGINFO handler so we can discern a stuck + fuzz test from a merely glacial one; prompted by and ok markus + +commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f +Author: djm@openbsd.org +Date: Tue Jan 13 08:23:26 2015 +0000 + + upstream commit + + use $SSH instead of installed ssh to allow override; + spotted by markus@ + +commit 0920553d0aee117a596b03ed5b49b280d34a32c5 +Author: djm@openbsd.org +Date: Tue Jan 13 07:49:49 2015 +0000 + + upstream commit + + regress test for PubkeyAcceptedKeyTypes; ok markus@ + +commit 27ca1a5c0095eda151934bca39a77e391f875d17 +Author: markus@openbsd.org +Date: Mon Jan 12 20:13:27 2015 +0000 + + upstream commit + + unbreak parsing of pubkey comments; with gerhard; ok + djm/deraadt + +commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc +Author: djm@openbsd.org +Date: Mon Jan 12 11:46:32 2015 +0000 + + upstream commit + + fatal if soft-PKCS11 library is missing rather (rather + than continue and fail with a more cryptic error) + +commit c3554cdd2a1a62434b8161017aa76fa09718a003 +Author: djm@openbsd.org +Date: Mon Jan 12 11:12:38 2015 +0000 + + upstream commit + + let this test all supporte key types; pointed out/ok + markus@ + +commit 1129dcfc5a3e508635004bcc05a3574cb7687167 +Author: djm@openbsd.org +Date: Thu Jan 15 09:40:00 2015 +0000 + + upstream commit + + sync ssh-keysign, ssh-keygen and some dependencies to the + new buffer/key API; mostly mechanical, ok markus@ + +commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c +Author: djm@openbsd.org +Date: Thu Jan 15 07:57:08 2015 +0000 + + upstream commit + + remove commented-out test code now that it has moved to a + proper unit test + +commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f +Author: djm@openbsd.org +Date: Wed Jan 14 20:54:29 2015 +0000 + + upstream commit + + whitespace + +commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622 +Author: djm@openbsd.org +Date: Wed Jan 14 20:05:27 2015 +0000 + + upstream commit + + move authfd.c and its tentacles to the new buffer/key + API; ok markus@ + +commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289 +Author: djm@openbsd.org +Date: Wed Jan 14 19:33:41 2015 +0000 + + upstream commit + + fix small regression: ssh-agent would return a success + message but an empty signature if asked to sign using an unknown key; ok + markus@ + +commit b03ebe2c22b8166e4f64c37737f4278676e3488d +Author: Damien Miller +Date: Thu Jan 15 03:08:58 2015 +1100 + + more --without-openssl + + fix some regressions caused by upstream merges + + enable KRLs now that they no longer require BIGNUMs + +commit bc42cc6fe784f36df225c44c93b74830027cb5a2 +Author: Damien Miller +Date: Thu Jan 15 03:08:29 2015 +1100 + + kludge around tun API mismatch betterer + +commit c332110291089b624fa0951fbf2d1ee6de525b9f +Author: Damien Miller +Date: Thu Jan 15 02:59:51 2015 +1100 + + some systems lack SO_REUSEPORT + +commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae +Author: Damien Miller +Date: Thu Jan 15 02:35:50 2015 +1100 + + fix merge botch + +commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b +Author: Damien Miller +Date: Thu Jan 15 02:35:33 2015 +1100 + + unbreak across API change + +commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47 +Author: Damien Miller +Date: Thu Jan 15 02:30:18 2015 +1100 + + need includes.h for portable OpenSSH + +commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9 +Author: Damien Miller +Date: Thu Jan 15 02:21:31 2015 +1100 + + support --without-openssl at configure time + + Disables and removes dependency on OpenSSL. Many features don't + work and the set of crypto options is greatly restricted. This + will only work on system with native arc4random or /dev/urandom. + + Considered highly experimental for now. + +commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9 +Author: Damien Miller +Date: Thu Jan 15 02:28:00 2015 +1100 + + add files missed in last commit + +commit a165bab605f7be55940bb8fae977398e8c96a46d +Author: djm@openbsd.org +Date: Wed Jan 14 15:02:39 2015 +0000 + + upstream commit + + avoid BIGNUM in KRL code by using a simple bitmap; + feedback and ok markus + +commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32 +Author: djm@openbsd.org +Date: Wed Jan 14 13:54:13 2015 +0000 + + upstream commit + + update sftp client and server to new buffer API. pretty + much just mechanical changes; with & ok markus + +commit 139ca81866ec1b219c717d17061e5e7ad1059e2a +Author: markus@openbsd.org +Date: Wed Jan 14 13:09:09 2015 +0000 + + upstream commit + + switch to sshbuf/sshkey; with & ok djm@ + +commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180 +Author: Damien Miller +Date: Wed Jan 14 21:48:18 2015 +1100 + + support --without-openssl at configure time + + Disables and removes dependency on OpenSSL. Many features don't + work and the set of crypto options is greatly restricted. This + will only work on system with native arc4random or /dev/urandom. + + Considered highly experimental for now. + +commit 54924b53af15ccdcbb9f89984512b5efef641a31 +Author: djm@openbsd.org +Date: Wed Jan 14 10:46:28 2015 +0000 + + upstream commit + + avoid an warning for the !OPENSSL case + +commit ae8b463217f7c9b66655bfc3945c050ffdaeb861 +Author: markus@openbsd.org +Date: Wed Jan 14 10:30:34 2015 +0000 + + upstream commit + + swith auth-options to new sshbuf/sshkey; ok djm@ + +commit 540e891191b98b89ee90aacf5b14a4a68635e763 +Author: djm@openbsd.org +Date: Wed Jan 14 10:29:45 2015 +0000 + + upstream commit + + make non-OpenSSL aes-ctr work on sshd w/ privsep; ok + markus@ + +commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53 +Author: markus@openbsd.org +Date: Wed Jan 14 10:24:42 2015 +0000 + + upstream commit + + remove unneeded includes, sync my copyright across files + & whitespace; ok djm@ + +commit 128343bcdb0b60fc826f2733df8cf979ec1627b4 +Author: markus@openbsd.org +Date: Tue Jan 13 19:31:40 2015 +0000 + + upstream commit + + adapt mac.c to ssherr.h return codes (de-fatal) and + simplify dependencies ok djm@ + +commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed +Author: djm@openbsd.org +Date: Tue Jan 13 19:04:35 2015 +0000 + + upstream commit + + sync changes from libopenssh; prepared by markus@ mostly + debug output tweaks, a couple of error return value changes and some other + minor stuff + +commit 76c0480a85675f03a1376167cb686abed01a3583 +Author: Damien Miller +Date: Tue Jan 13 19:38:18 2015 +1100 + + add --without-ssh1 option to configure + + Allows disabling support for SSH protocol 1. + +commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03 +Author: djm@openbsd.org +Date: Tue Jan 13 07:39:19 2015 +0000 + + upstream commit + + add sshd_config HostbasedAcceptedKeyTypes and + PubkeyAcceptedKeyTypes options to allow sshd to control what public key types + will be accepted. Currently defaults to all. Feedback & ok markus@ + +commit 816d1538c24209a93ba0560b27c4fda57c3fff65 +Author: markus@openbsd.org +Date: Mon Jan 12 20:13:27 2015 +0000 + + upstream commit + + unbreak parsing of pubkey comments; with gerhard; ok + djm/deraadt + +commit 0097565f849851812df610b7b6b3c4bd414f6c62 +Author: markus@openbsd.org +Date: Mon Jan 12 19:22:46 2015 +0000 + + upstream commit + + missing error assigment on sshbuf_put_string() + +commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5 +Author: djm@openbsd.org +Date: Mon Jan 12 15:18:07 2015 +0000 + + upstream commit + + apparently memcpy(x, NULL, 0) is undefined behaviour + according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls + when length==0; ok markus@ + +commit 905fe30fca82f38213763616d0d26eb6790bde33 +Author: markus@openbsd.org +Date: Mon Jan 12 14:05:19 2015 +0000 + + upstream commit + + free->sshkey_free; ok djm@ + +commit f067cca2bc20c86b110174c3fef04086a7f57b13 +Author: markus@openbsd.org +Date: Mon Jan 12 13:29:27 2015 +0000 + + upstream commit + + allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ + +commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d +Author: djm@openbsd.org +Date: Thu Jan 8 13:10:58 2015 +0000 + + upstream commit + + adjust for sshkey_load_file() API change + +commit e752c6d547036c602b89e9e704851463bd160e32 +Author: djm@openbsd.org +Date: Thu Jan 8 13:44:36 2015 +0000 + + upstream commit + + fix ssh_config FingerprintHash evaluation order; from Petr + Lautrbach + +commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf +Author: djm@openbsd.org +Date: Thu Jan 8 10:15:45 2015 +0000 + + upstream commit + + reorder hostbased key attempts to better match the + default hostkey algorithms order in myproposal.h; ok markus@ + +commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46 +Author: djm@openbsd.org +Date: Thu Jan 8 10:14:08 2015 +0000 + + upstream commit + + deprecate key_load_private_pem() and + sshkey_load_private_pem() interfaces. Refactor the generic key loading API to + not require pathnames to be specified (they weren't really used). + + Fixes a few other things en passant: + + Makes ed25519 keys work for hostbased authentication (ssh-keysign + previously used the PEM-only routines). + + Fixes key comment regression bz#2306: key pathnames were being lost as + comment fields. + + ok markus@ + +commit febbe09e4e9aff579b0c5cc1623f756862e4757d +Author: tedu@openbsd.org +Date: Wed Jan 7 18:15:07 2015 +0000 + + upstream commit + + workaround for the Meyer, et al, Bleichenbacher Side + Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm + markus + +commit 5191df927db282d3123ca2f34a04d8d96153911a +Author: djm@openbsd.org +Date: Tue Dec 23 22:42:48 2014 +0000 + + upstream commit + + KNF and add a little more debug() + +commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7 +Author: jmc@openbsd.org +Date: Mon Dec 22 09:26:31 2014 +0000 + + upstream commit + + add fingerprinthash to the options list; + +commit 296ef0560f60980da01d83b9f0e1a5257826536f +Author: jmc@openbsd.org +Date: Mon Dec 22 09:24:59 2014 +0000 + + upstream commit + + tweak previous; + +commit 462082eacbd37778a173afb6b84c6f4d898a18b5 +Author: Damien Miller +Date: Tue Dec 30 08:16:11 2014 +1100 + + avoid uninitialised free of ldns_res + + If an invalid rdclass was passed to getrrsetbyname() then + this would execute a free on an uninitialised pointer. + OpenSSH only ever calls this with a fixed and valid rdclass. + + Reported by Joshua Rogers + +commit 01b63498801053f131a0740eb9d13faf35d636c8 +Author: Damien Miller +Date: Mon Dec 29 18:10:18 2014 +1100 + + pull updated OpenBSD BCrypt PBKDF implementation + + Includes fix for 1 byte output overflow for large key length + requests (not reachable in OpenSSH). + + Pointed out by Joshua Rogers + +commit c528c1b4af2f06712177b3de9b30705752f7cbcb +Author: Damien Miller +Date: Tue Dec 23 15:26:13 2014 +1100 + + fix variable name for IPv6 case in construct_utmpx + + patch from writeonce AT midipix.org via bz#2296 + +commit 293cac52dcda123244b2e594d15592e5e481c55e +Author: Damien Miller +Date: Mon Dec 22 16:30:42 2014 +1100 + + include and use OpenBSD netcat in regress/ + +commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d +Author: djm@openbsd.org +Date: Mon Dec 22 09:05:17 2014 +0000 + + upstream commit + + mention ssh -Q feature to list supported { MAC, cipher, + KEX, key } algorithms in more places and include the query string used to + list the relevant information; bz#2288 + +commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 +Author: jmc@openbsd.org +Date: Mon Dec 22 08:24:17 2014 +0000 + + upstream commit + + tweak previous; + +commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6 +Author: djm@openbsd.org +Date: Mon Dec 22 08:06:03 2014 +0000 + + upstream commit + + regression test for multiple required pubkey authentication; + ok markus@ + +commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 +Author: djm@openbsd.org +Date: Mon Dec 22 08:04:23 2014 +0000 + + upstream commit + + correct description of what will happen when a + AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd + will refuse to start) + +commit 161cf419f412446635013ac49e8c660cadc36080 +Author: djm@openbsd.org +Date: Mon Dec 22 07:55:51 2014 +0000 + + upstream commit + + make internal handling of filename arguments of "none" + more consistent with ssh. "none" arguments are now replaced with NULL when + the configuration is finalised. + + Simplifies checking later on (just need to test not-NULL rather than + that + strcmp) and cleans up some inconsistencies. ok markus@ + +commit f69b69b8625be447b8826b21d87713874dac25a6 +Author: djm@openbsd.org +Date: Mon Dec 22 07:51:30 2014 +0000 + + upstream commit + + remember which public keys have been used for + authentication and refuse to accept previously-used keys. + + This allows AuthenticationMethods=publickey,publickey to require + that users authenticate using two _different_ pubkeys. + + ok markus@ + +commit 46ac2ed4677968224c4ca825bc98fc68dae183f0 +Author: djm@openbsd.org +Date: Mon Dec 22 07:24:11 2014 +0000 + + upstream commit + + fix passing of wildcard forward bind addresses when + connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; + ok dtucker@ + +commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1 +Author: djm@openbsd.org +Date: Mon Dec 22 06:14:29 2014 +0000 + + upstream commit + + make this slightly easier to diff against portable + +commit 0715bcdddbf68953964058f17255bf54734b8737 +Author: Damien Miller +Date: Mon Dec 22 13:47:07 2014 +1100 + + add missing regress output file + +commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593 +Author: djm@openbsd.org +Date: Mon Dec 22 02:15:52 2014 +0000 + + upstream commit + + adjust for new SHA256 key fingerprints and + slightly-different MD5 hex fingerprint format + +commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151 +Author: djm@openbsd.org +Date: Mon Dec 22 01:14:49 2014 +0000 + + upstream commit + + poll changes to netcat (usr.bin/netcat.c r1.125) broke + this test; fix it by ensuring more stdio fds are sent to devnull + +commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260 +Author: jmc@openbsd.org +Date: Sun Dec 21 23:35:14 2014 +0000 + + upstream commit + + tweak previous; + +commit b79efde5c3badf5ce4312fe608d8307eade533c5 +Author: djm@openbsd.org +Date: Sun Dec 21 23:12:42 2014 +0000 + + upstream commit + + document FingerprintHash here too + +commit d16bdd8027dd116afa01324bb071a4016cdc1a75 +Author: Damien Miller +Date: Mon Dec 22 10:18:09 2014 +1100 + + missing include for base64 encoding + +commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 +Author: djm@openbsd.org +Date: Sun Dec 21 22:27:55 2014 +0000 + + upstream commit + + Add FingerprintHash option to control algorithm used for + key fingerprints. Default changes from MD5 to SHA256 and format from hex to + base64. + + Feedback and ok naddy@ markus@ + +commit 058f839fe15c51be8b3a844a76ab9a8db550be4f +Author: djm@openbsd.org +Date: Thu Dec 18 23:58:04 2014 +0000 + + upstream commit + + don't count partial authentication success as a failure + against MaxAuthTries; ok deraadt@ + +commit c7219f4f54d64d6dde66dbcf7a2699daa782d2a1 +Author: djm@openbsd.org +Date: Fri Dec 12 00:02:17 2014 +0000 + + upstream commit + + revert chunk I didn't mean to commit yet; via jmc@ + +commit 7de5991aa3997e2981440f39c1ea01273a0a2c7b +Author: Damien Miller +Date: Thu Dec 18 11:44:06 2014 +1100 + + upstream libc change + + revision 1.2 + date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV; + avoid left shift overflow in reallocarray. + + Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting + 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with + (size_t)1 so that we get the correct constant size for the platform. + + discussed with tedu@ & deraadt@ + +commit 2048f85a5e6da8bc6e0532efe02ecfd4e63c978c +Author: Damien Miller +Date: Thu Dec 18 10:15:49 2014 +1100 + + include CFLAGS in gnome askpass targets + + from Fedora + +commit 48b68ce19ca42fa488960028048dec023f7899bb +Author: djm@openbsd.org +Date: Thu Dec 11 08:20:09 2014 +0000 + + upstream commit + + explicitly include sys/param.h in files that use the + howmany() macro; from portable + +commit d663bea30a294d440fef4398e5cd816317bd4518 +Author: djm@openbsd.org +Date: Thu Dec 11 05:25:06 2014 +0000 + + upstream commit + + mention AuthorizedKeysCommandUser must be set for + AuthorizedKeysCommand to be run; bz#2287 + +commit 17bf3d81e00f2abb414a4fd271118cf4913f049f +Author: djm@openbsd.org +Date: Thu Dec 11 05:13:28 2014 +0000 + + upstream commit + + show in debug output which hostkeys are being tried when + attempting hostbased auth; patch from Iain Morgan + +commit da0277e3717eadf5b15e03379fc29db133487e94 +Author: djm@openbsd.org +Date: Thu Dec 11 04:16:14 2014 +0000 + + upstream commit + + Make manual reflect reality: sftp-server's -d option + accepts a "%d" option, not a "%h" one. + + bz#2316; reported by Kirk Wolf + +commit 4cf87f4b81fa9380bce5fcff7b0f8382ae3ad996 +Author: djm@openbsd.org +Date: Wed Dec 10 01:24:09 2014 +0000 + + upstream commit + + better error value for invalid signature length + +commit 4bfad14ca56f8ae04f418997816b4ba84e2cfc3c +Author: Darren Tucker +Date: Wed Dec 10 02:12:51 2014 +1100 + + Resync more with OpenBSD's rijndael.c, in particular "#if 0"-ing out some + unused code. Should fix compile error reported by plautrba at redhat. + +commit 642652d280499691c8212ec6b79724b50008ce09 +Author: Darren Tucker +Date: Wed Dec 10 01:32:23 2014 +1100 + + Add reallocarray to compat library + +commit 3dfd8d93dfcc69261f5af99df56f3ff598581979 +Author: djm@openbsd.org +Date: Thu Dec 4 22:31:50 2014 +0000 + + upstream commit + + add tests for new client RevokedHostKeys option; refactor + to make it a bit more readable + +commit a31046cad1aed16a0b55171192faa6d02665ccec +Author: krw@openbsd.org +Date: Wed Nov 19 13:35:37 2014 +0000 + + upstream commit + + Nuke yet more obvious #include duplications. + + ok deraadt@ + +commit a7c762e5b2c1093542c0bc1df25ccec0b4cf479f +Author: djm@openbsd.org +Date: Thu Dec 4 20:47:36 2014 +0000 + + upstream commit + + key_in_file() wrapper is no longer used + +commit 5e39a49930d885aac9c76af3129332b6e772cd75 +Author: djm@openbsd.org +Date: Thu Dec 4 02:24:32 2014 +0000 + + upstream commit + + add RevokedHostKeys option for the client + + Allow textfile or KRL-based revocation of hostkeys. + +commit 74de254bb92c684cf53461da97f52d5ba34ded80 +Author: djm@openbsd.org +Date: Thu Dec 4 01:49:59 2014 +0000 + + upstream commit + + convert KRL code to new buffer API + + ok markus@ + +commit db995f2eed5fc432598626fa3e30654503bf7151 +Author: millert@openbsd.org +Date: Wed Nov 26 18:34:51 2014 +0000 + + upstream commit + + Prefer setvbuf() to setlinebuf() for portability; ok + deraadt@ + +commit 72bba3d179ced8b425272efe6956a309202a91f3 +Author: jsg@openbsd.org +Date: Mon Nov 24 03:39:22 2014 +0000 + + upstream commit + + Fix crashes in the handling of the sshd config file found + with the afl fuzzer. + + ok deraadt@ djm@ + +commit 867f49c666adcfe92bf539d9c37c1accdea08bf6 +Author: Damien Miller +Date: Wed Nov 26 13:22:41 2014 +1100 + + Avoid Cygwin ssh-host-config reading /etc/group + + Patch from Corinna Vinschen + +commit 8b66f36291a721b1ba7c44f24a07fdf39235593e +Author: Damien Miller +Date: Wed Nov 26 13:20:35 2014 +1100 + + allow custom service name for sshd on Cygwin + + Permits the use of multiple sshd running with different service names. + + Patch by Florian Friesdorf via Corinna Vinschen + +commit 08c0eebf55d70a9ae1964399e609288ae3186a0c +Author: jmc@openbsd.org +Date: Sat Nov 22 19:21:03 2014 +0000 + + upstream commit + + restore word zapped in previous, and remove some useless + "No" macros; + +commit a1418a0033fba43f061513e992e1cbcc3343e563 +Author: deraadt@openbsd.org +Date: Sat Nov 22 18:15:41 2014 +0000 + + upstream commit + + /dev/random has created the same effect as /dev/arandom + (and /dev/urandom) for quite some time. Mop up the last few, by using + /dev/random where we actually want it, or not even mentioning arandom where + it is irrelevant. + +commit b6de5ac9ed421362f479d1ad4fa433d2e25dad5b +Author: djm@openbsd.org +Date: Fri Nov 21 01:00:38 2014 +0000 + + upstream commit + + fix NULL pointer dereference crash on invalid timestamp + + found using Michal Zalewski's afl fuzzer + +commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e +Author: mikeb@openbsd.org +Date: Tue Nov 18 22:38:48 2014 +0000 + + upstream commit + + Sync AES code to the one shipped in OpenSSL/LibreSSL. + + This includes a commit made by Andy Polyakov + to the OpenSSL source tree on Wed, 28 Jun 2006 with the following + message: "Mitigate cache-collision timing attack on last round." + + OK naddy, miod, djm + +commit 335c83d5f35d8620e16b8aa26592d4f836e09ad2 +Author: krw@openbsd.org +Date: Tue Nov 18 20:54:28 2014 +0000 + + upstream commit + + Nuke more obvious #include duplications. + + ok deraadt@ millert@ tedu@ + +commit 51b64e44121194ae4bf153dee391228dada2abcb +Author: djm@openbsd.org +Date: Mon Nov 17 00:21:40 2014 +0000 + + upstream commit + + fix KRL generation when multiple CAs are in use + + We would generate an invalid KRL when revoking certs by serial + number for multiple CA keys due to a section being written out + twice. + + Also extend the regress test to catch this case by having it + produce a multi-CA KRL. + + Reported by peter AT pean.org + +commit d2d51003a623e21fb2b25567c4878d915e90aa2a +Author: djm@openbsd.org +Date: Tue Nov 18 01:02:25 2014 +0000 + + upstream commit + + fix NULL pointer dereference crash in key loading + + found by Michal Zalewski's AFL fuzzer + +commit 9f9fad0191028edc43d100d0ded39419b6895fdf +Author: djm@openbsd.org +Date: Mon Nov 17 00:21:40 2014 +0000 + + upstream commit + + fix KRL generation when multiple CAs are in use + + We would generate an invalid KRL when revoking certs by serial + number for multiple CA keys due to a section being written out + twice. + + Also extend the regress test to catch this case by having it + produce a multi-CA KRL. + + Reported by peter AT pean.org + +commit da8af83d3f7ec00099963e455010e0ed1d7d0140 +Author: bentley@openbsd.org +Date: Sat Nov 15 14:41:03 2014 +0000 + + upstream commit + + Reduce instances of `` '' in manuals. + + troff displays these as typographic quotes, but nroff implementations + almost always print them literally, which rarely has the intended effect + with modern fonts, even in stock xterm. + + These uses of `` '' can be replaced either with more semantic alternatives + or with Dq, which prints typographic quotes in a UTF-8 locale (but will + automatically fall back to `` '' in an ASCII locale). + + improvements and ok schwarze@ + +commit fc302561369483bb755b17f671f70fb894aec01d +Author: djm@openbsd.org +Date: Mon Nov 10 22:25:49 2014 +0000 + + upstream commit + + mux-related manual tweaks + + mention ControlPersist=0 is the same as ControlPersist=yes + + recommend that ControlPath sockets be placed in a og-w directory + +commit 0e4cff5f35ed11102fe3783779960ef07e0cd381 +Author: Damien Miller +Date: Wed Nov 5 11:01:31 2014 +1100 + + Prepare scripts for next Cygwin release + + Makes the Cygwin-specific ssh-user-config script independent of the + existence of /etc/passwd. The next Cygwin release will allow to + generate passwd and group entries from the Windows account DBs, so the + scripts have to adapt. + + from Corinna Vinschen + +commit 7d0ba5336651731949762eb8877ce9e3b52df436 +Author: Damien Miller +Date: Thu Oct 30 10:45:41 2014 +1100 + + include version number in OpenSSL-too-old error + +commit 3bcb92e04d9207e9f78d82f7918c6d3422054ce9 +Author: lteo@openbsd.org +Date: Fri Oct 24 02:01:20 2014 +0000 + + upstream commit + + Remove unnecessary include: netinet/in_systm.h is not needed + by these programs. + + NB. skipped for portable + + ok deraadt@ millert@ + +commit 6fdcaeb99532e28a69f1a1599fbd540bb15b70a0 +Author: djm@openbsd.org +Date: Mon Oct 20 03:43:01 2014 +0000 + + upstream commit + + whitespace + +commit 165bc8786299e261706ed60342985f9de93a7461 +Author: daniel@openbsd.org +Date: Tue Oct 14 03:09:59 2014 +0000 + + upstream commit + + plug a memory leak; from Maxime Villard. + + ok djm@ + +commit b1ba15f3885947c245c2dbfaad0a04ba050abea0 +Author: jmc@openbsd.org +Date: Thu Oct 9 06:21:31 2014 +0000 + + upstream commit + + tweak previous; + +commit 259a02ebdf74ad90b41d116ecf70aa823fa4c6e7 +Author: djm@openbsd.org +Date: Mon Oct 13 00:38:35 2014 +0000 + + upstream commit + + whitespace + +commit 957fbceb0f3166e41b76fdb54075ab3b9cc84cba +Author: djm@openbsd.org +Date: Wed Oct 8 22:20:25 2014 +0000 + + upstream commit + + Tweak config reparsing with host canonicalisation + + Make the second pass through the config files always run when + hostname canonicalisation is enabled. + + Add a "Match canonical" criteria that allows ssh_config Match + blocks to trigger only in the second config pass. + + Add a -G option to ssh that causes it to parse its configuration + and dump the result to stdout, similar to "sshd -T" + + Allow ssh_config Port options set in the second config parse + phase to be applied (they were being ignored). + + bz#2267 bz#2286; ok markus + +commit 5c0dafd38bf66feeeb45fa0741a5baf5ad8039ba +Author: djm@openbsd.org +Date: Wed Oct 8 22:15:27 2014 +0000 + + upstream commit + + another -Wpointer-sign from clang + +commit bb005dc815ebda9af3ae4b39ca101c4da918f835 +Author: djm@openbsd.org +Date: Wed Oct 8 22:15:06 2014 +0000 + + upstream commit + + fix a few -Wpointer-sign warnings from clang + +commit 3cc1fbb4fb0e804bfb873fd363cea91b27fc8188 +Author: djm@openbsd.org +Date: Wed Oct 8 21:45:48 2014 +0000 + + upstream commit + + parse cert sections using nested buffers to reduce + copies; ok markus + +commit 4a45922aebf99164e2fc83d34fe55b11ae1866ef +Author: djm@openbsd.org +Date: Mon Oct 6 00:47:15 2014 +0000 + + upstream commit + + correct options in usage(); from mancha1 AT zoho.com + +commit 48dffd5bebae6fed0556dc5c36cece0370690618 +Author: djm@openbsd.org +Date: Tue Sep 9 09:45:36 2014 +0000 + + upstream commit + + mention permissions on tun(4) devices in PermitTunnel + documentation; bz#2273 + +commit a5883d4eccb94b16c355987f58f86a7dee17a0c2 +Author: djm@openbsd.org +Date: Wed Sep 3 18:55:07 2014 +0000 + + upstream commit + + tighten permissions on pty when the "tty" group does + not exist; pointed out by Corinna Vinschen; ok markus + +commit 180bcb406b58bf30723c01a6b010e48ee626dda8 +Author: sobrado@openbsd.org +Date: Sat Aug 30 16:32:25 2014 +0000 + + upstream commit + + typo. - - djm@cvs.openbsd.org 2014/07/03 03:47:27 - [ssh-keygen.c] - When hashing or removing hosts using ssh-keygen, don't choke on - @revoked markers and don't remove @cert-authority markers; - bz#2241, reported by mlindgren AT runelind.net +commit f70b22bcdd52f6bf127047b3584371e6e5d45627 +Author: sobrado@openbsd.org +Date: Sat Aug 30 15:33:50 2014 +0000 -commit e5c0d52ceb575c3db8c313e0b1aa3845943d7ba8 + upstream commit + + improve capitalization for the Ed25519 public-key + signature system. + + ok djm@ + +commit 7df8818409c752cf3f0c3f8044fe9aebed8647bd +Author: doug@openbsd.org +Date: Thu Aug 21 01:08:52 2014 +0000 + + upstream commit + + Free resources on error in mkstemp and fdopen + + ok djm@ + +commit 40ba4c9733aaed08304714faeb61529f18da144b +Author: deraadt@openbsd.org +Date: Wed Aug 20 01:28:55 2014 +0000 + + upstream commit + + djm how did you make a typo like that... + +commit 57d378ec9278ba417a726f615daad67d157de666 +Author: djm@openbsd.org +Date: Tue Aug 19 23:58:28 2014 +0000 + + upstream commit + + When dumping the server configuration (sshd -T), print + correct KEX, MAC and cipher defaults. Spotted by Iain Morgan + +commit 7ff880ede5195d0b17e7f1e3b6cfbc4cb6f85240 +Author: djm@openbsd.org +Date: Tue Aug 19 23:57:18 2014 +0000 + + upstream commit + + ~-expand lcd paths + +commit 4460a7ad0c78d4cd67c467f6e9f4254d0404ed59 Author: Damien Miller -Date: Thu Jul 3 21:24:19 2014 +1000 +Date: Sun Oct 12 12:35:48 2014 +1100 - - djm@cvs.openbsd.org 2014/07/03 03:34:09 - [gss-serv.c session.c ssh-keygen.c] - standardise on NI_MAXHOST for gethostname() string lengths; about - 1/2 the cases were using it already. Fixes bz#2239 en passant + remove duplicated KEX_DH1 entry -commit c174a3b7c14e0d178c61219de2aa1110e209950c +commit c9b8426a616138d0d762176c94f51aff3faad5ff Author: Damien Miller -Date: Thu Jul 3 21:23:24 2014 +1000 +Date: Thu Oct 9 10:34:06 2014 +1100 - - djm@cvs.openbsd.org 2014/07/03 03:26:43 - [digest-openssl.c] - use EVP_Digest() for one-shot hash instead of creating, updating, - finalising and destroying a context. - bz#2231, based on patch from Timo Teras + remove ChangeLog file + + Commit logs will be generated from git at release time. -commit d7ca2cd31ecc4d63a055e2dcc4bf35c13f2db4c5 +commit 81d18ff7c93a04affbf3903e0963859763219aed +Author: Damien Miller +Date: Tue Oct 7 21:24:25 2014 +1100 + + delete contrib/caldera directory + +commit 0ec9e87d3638206456968202f05bb5123670607a +Author: Damien Miller +Date: Tue Oct 7 19:57:27 2014 +1100 + + test commit + +commit 8fb65a44568701b779f3d77326bceae63412d28d Author: Damien Miller -Date: Thu Jul 3 21:23:01 2014 +1000 +Date: Tue Oct 7 09:21:49 2014 +1100 - - djm@cvs.openbsd.org 2014/07/03 03:15:01 - [ssh-add.c] - make stdout line-buffered; saves partial output getting lost when - ssh-add fatal()s part-way through (e.g. when listing keys from an - agent that supports key types that ssh-add doesn't); - bz#2234, reported by Phil Pennock + - (djm) Release OpenSSH-6.7 -commit b1e967c8d7c7578dd0c172d85b3046cf54ea42ba +commit e8c9f2602c46f6781df5e52e6cd8413dab4602a3 Author: Damien Miller -Date: Thu Jul 3 21:22:40 2014 +1000 +Date: Fri Oct 3 09:24:56 2014 +1000 - - djm@cvs.openbsd.org 2014/07/03 03:11:03 - [ssh-agent.c] - Only cleanup agent socket in the main agent process and not in any - subprocesses it may have started (e.g. forked askpass). Fixes - agent sockets being zapped when askpass processes fatal(); - bz#2236 patch from Dmitry V. Levin + - (djm) [sshd_config.5] typo; from Iain Morgan -commit 61e28e55c3438d796b02ef878bcd28620d452670 +commit 703b98a26706f5083801d11059486d77491342ae Author: Damien Miller -Date: Thu Jul 3 21:22:22 2014 +1000 +Date: Wed Oct 1 09:43:07 2014 +1000 - - djm@cvs.openbsd.org 2014/07/03 01:45:38 - [sshkey.c] - make Ed25519 keys' title fit properly in the randomart border; bz#2247 - based on patch from Christian Hesse + - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c] + [openbsd-compat/openbsd-compat.h] Kludge around bad glibc + _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; + ok dtucker@ -commit 9eb4cd9a32c32d40d36450b68ed93badc6a94c68 +commit 0fa0ed061bbfedb0daa705e220748154a84c3413 Author: Damien Miller -Date: Thu Jul 3 13:29:50 2014 +1000 +Date: Wed Sep 10 08:15:34 2014 +1000 - - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist; - bz#2237 + - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc; + patch from Felix von Leitner; ok dtucker -commit 8da0fa24934501909408327298097b1629b89eaa +commit ad7d23d461c3b7e1dcb15db13aee5f4b94dc1a95 +Author: Darren Tucker +Date: Tue Sep 9 12:23:10 2014 +1000 + + 20140908 + - (dtucker) [INSTALL] Update info about egd. ok djm@ + +commit 2a8699f37cc2515e3bc60e0c677ba060f4d48191 Author: Damien Miller -Date: Thu Jul 3 11:54:19 2014 +1000 +Date: Thu Sep 4 03:46:05 2014 +1000 - - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto - doesn't support it. + - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG -commit 81309c857dd0dbc0a1245a16d621c490ad48cfbb +commit 44988defb1f5e3afe576d86000365e1f07a1b494 Author: Damien Miller -Date: Wed Jul 2 17:45:55 2014 +1000 +Date: Wed Sep 3 05:35:32 2014 +1000 - - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test + - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to + permissions/ACLs; from Corinna Vinschen -commit 82b2482ce68654815ee049b9bf021bb362a35ff2 +commit 23f269562b7537b2f6f5014e50a25e5dcc55a837 Author: Damien Miller -Date: Wed Jul 2 17:43:41 2014 +1000 +Date: Wed Sep 3 05:33:25 2014 +1000 - - (djm) [sshkey.c] Conditionalise inclusion of util.h + - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and + conditionalise to avoid duplicate definition. -commit dd8b1dd7933eb6f5652641b0cdced34a387f2e80 +commit 41c8de2c0031cf59e7cf0c06b5bcfbf4852c1fda Author: Damien Miller -Date: Wed Jul 2 17:38:31 2014 +1000 +Date: Sat Aug 30 16:23:06 2014 +1000 - - djm@cvs.openbsd.org 2014/06/24 01:14:17 - [Makefile.in regress/Makefile regress/unittests/Makefile] - [regress/unittests/sshkey/Makefile] - [regress/unittests/sshkey/common.c] - [regress/unittests/sshkey/common.h] - [regress/unittests/sshkey/mktestdata.sh] - [regress/unittests/sshkey/test_file.c] - [regress/unittests/sshkey/test_fuzz.c] - [regress/unittests/sshkey/test_sshkey.c] - [regress/unittests/sshkey/tests.c] - [regress/unittests/sshkey/testdata/dsa_1] - [regress/unittests/sshkey/testdata/dsa_1-cert.fp] - [regress/unittests/sshkey/testdata/dsa_1-cert.pub] - [regress/unittests/sshkey/testdata/dsa_1.fp] - [regress/unittests/sshkey/testdata/dsa_1.fp.bb] - [regress/unittests/sshkey/testdata/dsa_1.param.g] - [regress/unittests/sshkey/testdata/dsa_1.param.priv] - [regress/unittests/sshkey/testdata/dsa_1.param.pub] - [regress/unittests/sshkey/testdata/dsa_1.pub] - [regress/unittests/sshkey/testdata/dsa_1_pw] - [regress/unittests/sshkey/testdata/dsa_2] - [regress/unittests/sshkey/testdata/dsa_2.fp] - [regress/unittests/sshkey/testdata/dsa_2.fp.bb] - [regress/unittests/sshkey/testdata/dsa_2.pub] - [regress/unittests/sshkey/testdata/dsa_n] - [regress/unittests/sshkey/testdata/dsa_n_pw] - [regress/unittests/sshkey/testdata/ecdsa_1] - [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] - [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] - [regress/unittests/sshkey/testdata/ecdsa_1.fp] - [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] - [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] - [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] - [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] - [regress/unittests/sshkey/testdata/ecdsa_1.pub] - [regress/unittests/sshkey/testdata/ecdsa_1_pw] - [regress/unittests/sshkey/testdata/ecdsa_2] - [regress/unittests/sshkey/testdata/ecdsa_2.fp] - [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] - [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] - [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] - [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] - [regress/unittests/sshkey/testdata/ecdsa_2.pub] - [regress/unittests/sshkey/testdata/ecdsa_n] - [regress/unittests/sshkey/testdata/ecdsa_n_pw] - [regress/unittests/sshkey/testdata/ed25519_1] - [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] - [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] - [regress/unittests/sshkey/testdata/ed25519_1.fp] - [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] - [regress/unittests/sshkey/testdata/ed25519_1.pub] - [regress/unittests/sshkey/testdata/ed25519_1_pw] - [regress/unittests/sshkey/testdata/ed25519_2] - [regress/unittests/sshkey/testdata/ed25519_2.fp] - [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] - [regress/unittests/sshkey/testdata/ed25519_2.pub] - [regress/unittests/sshkey/testdata/pw] - [regress/unittests/sshkey/testdata/rsa1_1] - [regress/unittests/sshkey/testdata/rsa1_1.fp] - [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] - [regress/unittests/sshkey/testdata/rsa1_1.param.n] - [regress/unittests/sshkey/testdata/rsa1_1.pub] - [regress/unittests/sshkey/testdata/rsa1_1_pw] - [regress/unittests/sshkey/testdata/rsa1_2] - [regress/unittests/sshkey/testdata/rsa1_2.fp] - [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] - [regress/unittests/sshkey/testdata/rsa1_2.param.n] - [regress/unittests/sshkey/testdata/rsa1_2.pub] - [regress/unittests/sshkey/testdata/rsa_1] - [regress/unittests/sshkey/testdata/rsa_1-cert.fp] - [regress/unittests/sshkey/testdata/rsa_1-cert.pub] - [regress/unittests/sshkey/testdata/rsa_1.fp] - [regress/unittests/sshkey/testdata/rsa_1.fp.bb] - [regress/unittests/sshkey/testdata/rsa_1.param.n] - [regress/unittests/sshkey/testdata/rsa_1.param.p] - [regress/unittests/sshkey/testdata/rsa_1.param.q] - [regress/unittests/sshkey/testdata/rsa_1.pub] - [regress/unittests/sshkey/testdata/rsa_1_pw] - [regress/unittests/sshkey/testdata/rsa_2] - [regress/unittests/sshkey/testdata/rsa_2.fp] - [regress/unittests/sshkey/testdata/rsa_2.fp.bb] - [regress/unittests/sshkey/testdata/rsa_2.param.n] - [regress/unittests/sshkey/testdata/rsa_2.param.p] - [regress/unittests/sshkey/testdata/rsa_2.param.q] - [regress/unittests/sshkey/testdata/rsa_2.pub] - [regress/unittests/sshkey/testdata/rsa_n] - [regress/unittests/sshkey/testdata/rsa_n_pw] - unit and fuzz tests for new key API + - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ + +commit d7c81e216a7bd9eed6e239c970d9261bb1651947 +Author: Damien Miller +Date: Sat Aug 30 04:18:28 2014 +1000 + + - (djm) [openbsd-compat/openssl-compat.h] add include guard + +commit 4687802dda57365b984b897fc3c8e2867ea09b22 +Author: Damien Miller +Date: Sat Aug 30 03:29:19 2014 +1000 -commit c1dc24b71f087f385b92652b9673f52af64e0428 + - (djm) [misc.c] Missing newline between functions + +commit 51c77e29220dee87c53be2dc47092934acab26fe Author: Damien Miller -Date: Wed Jul 2 17:02:03 2014 +1000 +Date: Sat Aug 30 02:30:30 2014 +1000 - - djm@cvs.openbsd.org 2014/06/24 01:04:43 - [regress/krl.sh] - regress test for broken consecutive revoked serial number ranges + - (djm) [openbsd-compat/openssl-compat.h] add + OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them -commit 43d3ed2dd3feca6d0326c7dc82588d2faa115e92 +commit 3d673d103bad35afaec6e7ef73e5277216ce33a3 Author: Damien Miller -Date: Wed Jul 2 17:01:08 2014 +1000 +Date: Wed Aug 27 06:32:01 2014 +1000 - - djm@cvs.openbsd.org 2014/05/21 07:04:21 - [regress/integrity.sh] - when failing because of unexpected output, show the offending output + - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() + using memset_s() where possible; improve fallback to indirect bzero + via a volatile pointer to give it more of a chance to avoid being + optimised away. -commit 5a96707ffc8d227c2e7d94fa6b0317f8a152cf4e +commit 146218ac11a1eb0dcade6f793d7acdef163b5ddc Author: Damien Miller -Date: Wed Jul 2 15:38:05 2014 +1000 +Date: Wed Aug 27 04:11:55 2014 +1000 - - djm@cvs.openbsd.org 2014/04/30 05:32:00 - [regress/Makefile] - unit tests for new buffer API; including basic fuzz testing - NB. Id sync only. + - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth + monitor, not preauth; bz#2263 -commit 3ff92ba756aee48e4ae3e0aeff7293517b3dd185 +commit 1b215c098b3b37e38aa4e4c91bb908eee41183b1 Author: Damien Miller -Date: Wed Jul 2 15:33:09 2014 +1000 +Date: Wed Aug 27 04:04:40 2014 +1000 - - djm@cvs.openbsd.org 2014/06/30 12:54:39 - [key.c] - suppress spurious error message when loading key with a passphrase; - reported by kettenis@ ok markus@ - - djm@cvs.openbsd.org 2014/07/02 04:59:06 - [cipher-3des1.c] - fix ssh protocol 1 on the server that regressed with the sshkey change - (sometimes fatal() after auth completed), make file return useful status - codes. - NB. Id sync only for these two. They were bundled into the sshkey merge - above, since it was easier to sync the entire file and then apply - portable-specific changed atop it. + - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] + [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] + [regress/unittests/sshkey/common.c] + [regress/unittests/sshkey/test_file.c] + [regress/unittests/sshkey/test_fuzz.c] + [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h + on !ECC OpenSSL systems -commit ec3d0e24a1e46873d80507f5cd8ee6d0d03ac5dc +commit ad013944af0a19e3f612089d0099bb397cf6502d Author: Damien Miller -Date: Wed Jul 2 15:30:00 2014 +1000 +Date: Tue Aug 26 09:27:28 2014 +1000 - - markus@cvs.openbsd.org 2014/06/27 18:50:39 - [ssh-add.c] - fix loading of private keys + - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, + update OpenSSL version requirement. -commit 4b3ed647d5b328cf68e6a8ffbee490d8e0683e82 +commit ed126de8ee04c66640a0ea2697c4aaf36801f100 Author: Damien Miller -Date: Wed Jul 2 15:29:40 2014 +1000 +Date: Tue Aug 26 08:37:47 2014 +1000 - - markus@cvs.openbsd.org 2014/06/27 16:41:56 - [channels.c channels.h clientloop.c ssh.c] - fix remote fwding with same listen port but different listen address - with gerhard@, ok djm@ + - (djm) [bufec.c] Skip this file on !ECC OpenSSL -commit 9e01ff28664921ce9b6500681333e42fb133b4d0 +commit 9c1dede005746864a4fdb36a7cdf6c51296ca909 Author: Damien Miller -Date: Wed Jul 2 15:29:21 2014 +1000 +Date: Sun Aug 24 03:01:06 2014 +1000 - - deraadt@cvs.openbsd.org 2014/06/25 14:16:09 - [sshbuf.c] - unblock SIGSEGV before raising it - ok djm + - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not + PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen -commit 1845fe6bda0729e52f4c645137f4fc3070b5438a +commit d244a5816fd1312a33404b436e4dd83594f1119e Author: Damien Miller -Date: Wed Jul 2 15:29:01 2014 +1000 +Date: Sat Aug 23 17:06:49 2014 +1000 - - djm@cvs.openbsd.org 2014/06/24 02:21:01 - [scp.c] - when copying local->remote fails during read, don't send uninitialised - heap to the remote end. Reported by Jann Horn + - (djm) [configure.ac] We now require a working vsnprintf everywhere (not + just for systems that lack asprintf); check for it always and extend + test to catch more brokenness. Fixes builds on Solaris <= 9 -commit 19439e9a2a0ac0b4b3b1210e89695418beb1c883 +commit 4cec036362a358e398e6a2e6d19d8e5780558634 Author: Damien Miller -Date: Wed Jul 2 15:28:40 2014 +1000 +Date: Sat Aug 23 03:11:09 2014 +1000 - - djm@cvs.openbsd.org 2014/06/24 02:19:48 - [ssh.c] - don't fatal() when hostname canonicalisation fails with a - ProxyCommand in use; continue and allow the ProxyCommand to - connect anyway (e.g. to a host with a name outside the DNS - behind a bastion) + - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on + lastlog writing on platforms with high UIDs; bz#2263 -commit 8668706d0f52654fe64c0ca41a96113aeab8d2b8 +commit 394a60f2598d28b670d934b93942a3370b779b39 Author: Damien Miller -Date: Wed Jul 2 15:28:02 2014 +1000 +Date: Fri Aug 22 18:06:20 2014 +1000 - - djm@cvs.openbsd.org 2014/06/24 01:13:21 - [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c - [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c - [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h - [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h - [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h - [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c - [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c - [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c - [sshconnect2.c sshd.c sshkey.c sshkey.h - [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] - New key API: refactor key-related functions to be more library-like, - existing API is offered as a set of wrappers. - - with and ok markus@ - - Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew - Dempsky and Ron Bowes for a detailed review a few months ago. - - NB. This commit also removes portable OpenSSH support for OpenSSL - <0.9.8e. + - (djm) [configure.ac] double braces to appease autoconf -commit 2cd7929250cf9e9f658d70dcd452f529ba08c942 +commit 4d69aeabd6e60afcdc7cca177ca751708ab79a9d Author: Damien Miller -Date: Wed Jul 2 12:48:30 2014 +1000 +Date: Fri Aug 22 17:48:27 2014 +1000 - - djm@cvs.openbsd.org 2014/06/24 00:52:02 - [krl.c] - fix bug in KRL generation: multiple consecutive revoked certificate - serial number ranges could be serialised to an invalid format. - - Readers of a broken KRL caused by this bug will fail closed, so no - should-have-been-revoked key will be accepted. + - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ + definition mismatch) and warning for broken/missing snprintf case. -commit 99db840ee8dbbd2b3fbc6c45d0ee2f6a65e96898 +commit 0c11f1ac369d2c0aeb0ab0458a7cd04c72fe5e9e Author: Damien Miller -Date: Wed Jul 2 12:48:04 2014 +1000 +Date: Fri Aug 22 17:36:56 2014 +1000 - - naddy@cvs.openbsd.org 2014/06/18 15:42:09 - [sshbuf-getput-crypto.c] - The ssh_get_bignum functions must accept the same range of bignums - the corresponding ssh_put_bignum functions create. This fixes the - use of 16384-bit RSA keys (bug reported by Eivind Evensen). - ok djm@ + - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC -commit 84a89161a9629239b64171ef3e22ef6a3e462d51 +commit 6d62784b8973340b251fea6b04890f471adf28db Author: Damien Miller -Date: Wed Jul 2 12:47:48 2014 +1000 +Date: Fri Aug 22 17:36:19 2014 +1000 - - matthew@cvs.openbsd.org 2014/06/18 02:59:13 - [sandbox-systrace.c] - Now that we have a dedicated getentropy(2) system call for - arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace - sandbox. - - ok djm + - (djm) [configure.ac] include leading zero characters in OpenSSL version + number; fixes test for unsupported versions -commit 51504ceec627c0ad57b9f75585c7b3d277f326be +commit 4f1ff1ed782117f5d5204d4e91156ed5da07cbb7 Author: Damien Miller -Date: Wed Jul 2 12:47:25 2014 +1000 +Date: Thu Aug 21 15:54:50 2014 +1000 - - deraadt@cvs.openbsd.org 2014/06/13 08:26:29 - [sandbox-systrace.c] - permit SYS_getentropy - from matthew + - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that + don't set __progname. Diagnosed by Tom Christensen. -commit a261b8df59117f7dc52abb3a34b35a40c2c9fa88 -Author: Tim Rice -Date: Wed Jun 18 16:17:28 2014 -0700 +commit 005a64da0f457410045ef0bfa93c863c2450447d +Author: Damien Miller +Date: Thu Aug 21 10:48:41 2014 +1000 + + - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL + +commit aa6598ebb3343c7380e918388e10e8ca5852b613 +Author: Damien Miller +Date: Thu Aug 21 10:47:54 2014 +1000 + + - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. + +commit 54703e3cf63f0c80d4157e5ad7dbc2b363ee2c56 +Author: Damien Miller +Date: Wed Aug 20 11:10:51 2014 +1000 + + - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna + +commit f0935698f0461f24d8d1f1107b476ee5fd4db1cb +Author: Damien Miller +Date: Wed Aug 20 11:06:50 2014 +1000 + + - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC + +commit c5089ecaec3b2c02f014f4e67518390702a4ba14 +Author: Damien Miller +Date: Wed Aug 20 11:06:20 2014 +1000 + + - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than + -L/-l; fixes linking problems on some platforms + +commit 2195847e503a382f83ee969b0a8bd3dfe0e55c18 +Author: Damien Miller +Date: Wed Aug 20 11:05:03 2014 +1000 + + - (djm) [configure.ac] Check OpenSSL version is supported at configure time; + suggested by Kevin Brott + +commit a75aca1bbc989aa9f8b1b08489d37855f3d24d1a +Author: Damien Miller +Date: Tue Aug 19 11:36:07 2014 +1000 + + - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README] + [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions + of TCP wrappers. + +commit 3f022b5a9477abceeb1bbeab04b055f3cc7ca8f6 +Author: Damien Miller +Date: Tue Aug 19 11:32:34 2014 +1000 + + - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG + +commit 88137902632aceb923990e98cf5dc923bb3ef2f5 +Author: Damien Miller +Date: Tue Aug 19 11:28:11 2014 +1000 + + - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. + +commit 2f3d1e7fb2eabd3cfbfd8d0f7bdd2f9a1888690b +Author: Damien Miller +Date: Tue Aug 19 11:14:36 2014 +1000 + + - (djm) [myproposal.h] Make curve25519 KEX dependent on + HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC. + +commit d4e7d59d01a6c7f59e8c1f94a83c086e9a33d8aa +Author: Damien Miller +Date: Tue Aug 19 11:14:17 2014 +1000 + + - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen + +commit 9eaeea2cf2b6af5f166cfa9ad3c7a90711a147a9 +Author: Damien Miller +Date: Sun Aug 10 11:35:05 2014 +1000 - - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare + - (djm) [README contrib/caldera/openssh.spec] + [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions -commit 316fac6f18f87262a315c79bcf68b9f92c9337e4 -Author: Darren Tucker -Date: Tue Jun 17 23:06:07 2014 +1000 +commit f8988fbef0c9801d19fa2f8f4f041690412bec37 +Author: Damien Miller +Date: Fri Aug 1 13:31:52 2014 +1000 - - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} - openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] - Move the OpenSSL header/library version test into its own function and add - tests for it. Fix it to allow fix version upgrades (but not downgrades). - Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). - ok djm@ chl@ + - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate + nc from stdin, it's more portable -commit af665bb7b092a59104db1e65577851cf35b86e32 -Author: Darren Tucker -Date: Mon Jun 16 22:50:55 2014 +1000 +commit 5b3879fd4b7a4e3d43bab8f40addda39bc1169d0 +Author: Damien Miller +Date: Fri Aug 1 12:28:31 2014 +1000 - - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via - OpenSMTPD and chl@ + - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin + is closed; avoid regress failures when stdin is /dev/null -commit f9696566fb41320820f3b257ab564fa321bb3751 -Author: Darren Tucker -Date: Fri Jun 13 11:06:04 2014 +1000 +commit a9c46746d266f8a1b092a72b2150682d1af8ebfc +Author: Damien Miller +Date: Fri Aug 1 12:26:49 2014 +1000 - - (dtucker) [configure.ac] Remove tcpwrappers support, support has already - been removed from sshd.c. + - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need + a better solution, but this will have to do for now. -commit 5e2b8894b0b24af4ad0a2f7aa33ebf255df7a8bc -Author: Tim Rice -Date: Wed Jun 11 18:31:10 2014 -0700 +commit 426117b2e965e43f47015942b5be8dd88fe74b88 +Author: Damien Miller +Date: Wed Jul 30 12:33:20 2014 +1000 - - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for - u_intXX_t types. + - schwarze@cvs.openbsd.org 2014/07/28 15:40:08 + [sftp-server.8 sshd_config.5] + some systems no longer need /dev/log; + issue noticed by jirib; + ok deraadt -commit 985ee2cbc3e43bc65827c3c0d4df3faa99160c37 -Author: Darren Tucker -Date: Thu Jun 12 05:32:29 2014 +1000 +commit f497794b6962eaf802ab4ac2a7b22ae591cca1d5 +Author: Damien Miller +Date: Wed Jul 30 12:32:46 2014 +1000 - - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*] - Wrap stdlib.h include an ifdef for platforms that don't have it. + - dtucker@cvs.openbsd.org 2014/07/25 21:22:03 + [ssh-agent.c] + Clear buffer used for handling messages. This prevents keys being + left in memory after they have been expired or deleted in some cases + (but note that ssh-agent is setgid so you would still need root to + access them). Pointed out by Kevin Burns, ok deraadt -commit cf5392c2db2bb1dbef9818511d34056404436109 -Author: Darren Tucker -Date: Thu Jun 12 05:22:49 2014 +1000 +commit a8a0f65c57c8ecba94d65948e9090da54014dfef +Author: Damien Miller +Date: Wed Jul 30 12:32:28 2014 +1000 - - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from - openbsd-compat/bsd-asprintf.c. + - OpenBSD CVS Sync + - millert@cvs.openbsd.org 2014/07/24 22:57:10 + [ssh.1] + Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@ -commit 58538d795e0b662f2f4e5a7193f1204bbe992ddd -Author: Darren Tucker -Date: Wed Jun 11 13:39:24 2014 +1000 +commit 56b840f2b81e14a2f95c203403633a72566736f8 +Author: Damien Miller +Date: Fri Jul 25 08:11:30 2014 +1000 - - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for - compat stuff, specifically whether or not OpenSSL has ECC. + - (djm) [regress/multiplex.sh] restore incorrectly deleted line; + pointed out by Christian Hesse -commit eb012ac581fd0abc16ee86ee3a68cf07c8ce4d08 +commit dd417b60d5ca220565d1014e92b7f8f43dc081eb Author: Darren Tucker -Date: Wed Jun 11 13:10:00 2014 +1000 +Date: Wed Jul 23 10:41:21 2014 +1000 - - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an - assigment that might get optimized out. ok djm@ + - dtucker@cvs.openbsd.org 2014/07/22 23:35:38 + [regress/unittests/sshkey/testdata/*] + Regenerate test keys with certs signed with ed25519 instead of ecdsa. + These can be used in -portable on platforms that don't support ECDSA. -commit b9609fd86c623d6d440e630f5f9a63295f7aea20 +commit 40e50211896369dba8f64f3b5e5fd58b76f5ac3f Author: Darren Tucker -Date: Wed Jun 11 08:04:02 2014 +1000 +Date: Wed Jul 23 10:35:45 2014 +1000 - - (dtucker) [sshbuf.h] Only declare ECC functions if building without - OpenSSL or if OpenSSL has ECC. + - dtucker@cvs.openbsd.org 2014/07/22 23:57:40 + [regress/unittests/sshkey/mktestdata.sh] + Add $OpenBSD tag to make syncs easier -commit a54a040f66944c6e8913df8635a01a2327219be9 +commit 07e644251e809b1d4c062cf85bd1146a7e3f5a8a Author: Darren Tucker -Date: Wed Jun 11 07:58:35 2014 +1000 +Date: Wed Jul 23 10:34:26 2014 +1000 - - dtucker@cvs.openbsd.org 2014/06/10 21:46:11 - [sshbuf.h] - Group ECC functions together to make things a little easier in -portable. - "doesn't bother me" deraadt@ + - dtucker@cvs.openbsd.org 2014/07/22 23:23:22 + [regress/unittests/sshkey/mktestdata.sh] + Sign test certs with ed25519 instead of ecdsa so that they'll work in + -portable on platforms that don't have ECDSA in their OpenSSL. ok djm -commit 9f92c53bad04a89067756be8198d4ec2d8a08875 +commit cea099a7c4eaecb01b001e5453bb4e5c25006c22 Author: Darren Tucker -Date: Wed Jun 11 07:57:58 2014 +1000 +Date: Wed Jul 23 10:04:02 2014 +1000 - - djm@cvs.openbsd.org 2014/06/05 22:17:50 - [sshconnect2.c] - fix inverted test that caused PKCS#11 keys that were explicitly listed - not to be preferred. Reported by Dirk-Willem van Gulik + - djm@cvs.openbsd.org 2014/07/22 01:32:12 + [regress/multiplex.sh] + change the test for still-open Unix domain sockets to be robust against + nc implementations that produce error messages. from -portable + (Id sync only) -commit 15c254a25394f96643da2ad0f674acdc51e89856 +commit 31eb78078d349b32ea41952ecc944b3ad6cb0d45 Author: Darren Tucker -Date: Wed Jun 11 07:38:49 2014 +1000 +Date: Wed Jul 23 09:43:42 2014 +1000 - - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef - ECC variable too. + - guenther@cvs.openbsd.org 2014/07/22 07:13:42 + [umac.c] + Convert from to the shiney new + ok dtucker@, who also confirmed that -portable handles this already + (ID sync only, includes.h pulls in endian.h if available.) -commit d7af0cc5bf273eeed0897a99420bc26841d07d8f +commit 820763efef2d19d965602533036c2b4badc9d465 Author: Darren Tucker -Date: Wed Jun 11 07:37:25 2014 +1000 +Date: Wed Jul 23 09:40:46 2014 +1000 - - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in - the proposal if the version of OpenSSL we're using doesn't support ECC. + - dtucker@cvs.openbsd.org 2014/07/22 01:18:50 + [key.c] + Prevent spam from key_load_private_pem during hostbased auth. ok djm@ -commit 67508ac2563c33d582be181a3e777c65f549d22f +commit c4ee219a66f3190fa96cbd45b4d11015685c6306 Author: Darren Tucker -Date: Wed Jun 11 06:27:16 2014 +1000 - - - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c - regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 - curve tests if OpenSSL has them. - -commit 6482d90a65459a88c18c925368525855832272b3 -Author: Damien Miller -Date: Tue May 27 14:34:42 2014 +1000 +Date: Wed Jul 23 04:27:50 2014 +1000 - - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] - [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege - separation user at runtime, since it may need to be a domain account. - Patch from Corinna Vinschen. + - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa- + specific tests inside OPENSSL_HAS_ECC. -commit f9eb5e0734f7a7f6e975809eb54684d2a06a7ffc +commit 04f4824940ea3edd60835416ececbae16438968a Author: Damien Miller -Date: Tue May 27 14:31:58 2014 +1000 +Date: Tue Jul 22 11:31:47 2014 +1000 - - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config - from Corinna Vinschen, fixing a number of bugs and preparing for - Cygwin 1.7.30. + - (djm) [regress/multiplex.sh] change the test for still-open Unix + domain sockets to be robust against nc implementations that produce + error messages. -commit eae88744662e6b149f43ef071657727f1a157d95 +commit 5ea4fe00d55453aaa44007330bb4c3181bd9b796 Author: Damien Miller -Date: Tue May 27 14:27:02 2014 +1000 +Date: Tue Jul 22 09:39:19 2014 +1000 - - (djm) [cipher.c] Fix merge botch. + - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow; + put it back -commit 564b5e253c1d95c26a00e8288f0089a2571661c3 -Author: Damien Miller -Date: Thu May 22 08:23:59 2014 +1000 +commit 948a1774a79a85f9deba6d74db95f402dee32c69 +Author: Darren Tucker +Date: Tue Jul 22 01:07:11 2014 +1000 - - (djm) [Makefile.in] typo in path + - (dtucker) [sshkey.c] ifdef out unused variable when compiling without + OPENSSL_HAS_ECC. -commit e84d10302aeaf7a1acb05c451f8718143656856a +commit c8f610f6cc57ae129758052439d9baf13699097b Author: Damien Miller -Date: Wed May 21 17:13:36 2014 +1000 +Date: Mon Jul 21 10:23:27 2014 +1000 - revert a diff I didn't mean to commit + - (djm) [regress/multiplex.sh] Not all netcat accept the -N option. -commit 795b86313f1f1aab9691666c4f2d5dae6e4acd50 +commit 0e4e95566cd95c887f69272499b8f3880b3ec0f5 Author: Damien Miller -Date: Wed May 21 17:12:53 2014 +1000 - - - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC - when it is available. It takes into account time spent suspended, - thereby ensuring timeouts (e.g. for expiring agent keys) fire - correctly. bz#2228 reported by John Haxby +Date: Mon Jul 21 09:52:54 2014 +1000 -commit 18912775cb97c0b1e75e838d3c7d4b56648137b5 -Author: Damien Miller -Date: Wed May 21 17:06:46 2014 +1000 + - millert@cvs.openbsd.org 2014/07/15 15:54:15 + [forwarding.sh multiplex.sh] + Add support for Unix domain socket forwarding. A remote TCP port + may be forwarded to a local Unix domain socket and vice versa or + both ends may be a Unix domain socket. This is a reimplementation + of the streamlocal patches by William Ahern from: + http://www.25thandclement.com/~william/projects/streamlocal.html + OK djm@ markus@ - - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use - vhangup on Linux. It doens't work for non-root users, and for them - it just messes up the tty settings. +commit 93a87ab27ecdc709169fb24411133998f81e2761 +Author: Darren Tucker +Date: Mon Jul 21 06:30:25 2014 +1000 -commit 7f1c264d3049cd95234e91970ccb5406e1d15b27 -Author: Damien Miller -Date: Thu May 15 18:01:52 2014 +1000 + - (dtucker) [regress/unittests/sshkey/ + {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in + ifdefs. - - (djm) [sshbuf.c] need __predict_false +commit 5573171352ea23df2dc6d2fe0324d023b7ba697c +Author: Darren Tucker +Date: Mon Jul 21 02:24:59 2014 +1000 -commit e7429f2be8643e1100380a8a7389d85cc286c8fe -Author: Damien Miller -Date: Thu May 15 18:01:01 2014 +1000 + - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits + needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm - - (djm) [regress/Makefile Makefile.in] - [regress/unittests/sshbuf/test_sshbuf.c - [regress/unittests/sshbuf/test_sshbuf_fixed.c] - [regress/unittests/sshbuf/test_sshbuf_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] - [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] - [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_misc.c] - [regress/unittests/sshbuf/tests.c] - [regress/unittests/test_helper/fuzz.c] - [regress/unittests/test_helper/test_helper.c] - Hook new unit tests into the build and "make tests" +commit 74e28682711d005026c7c8f15f96aea9d3c8b5a3 +Author: Tim Rice +Date: Fri Jul 18 20:00:11 2014 -0700 -commit def1de086707b0e6b046fe7e115c60aca0227a99 -Author: Damien Miller -Date: Thu May 15 15:17:15 2014 +1000 + - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used + in servconf.h. - - (djm) [regress/unittests/Makefile] - [regress/unittests/Makefile.inc] - [regress/unittests/sshbuf/Makefile] - [regress/unittests/sshbuf/test_sshbuf.c] - [regress/unittests/sshbuf/test_sshbuf_fixed.c] - [regress/unittests/sshbuf/test_sshbuf_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] - [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] - [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_misc.c] - [regress/unittests/sshbuf/tests.c] - [regress/unittests/test_helper/Makefile] - [regress/unittests/test_helper/fuzz.c] - [regress/unittests/test_helper/test_helper.c] - [regress/unittests/test_helper/test_helper.h] - Import new unit tests from OpenBSD; not yet hooked up to build. +commit d1a0421f8e5e933fee6fb58ee6b9a22c63c8a613 +Author: Darren Tucker +Date: Sat Jul 19 07:23:55 2014 +1000 -commit 167685756fde8bc213a8df2c8e1848e312db0f46 -Author: Damien Miller -Date: Thu May 15 15:08:40 2014 +1000 + - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC. - - logan@cvs.openbsd.org 2014/05/04 10:40:59 - [connect-privsep.sh] - Remove the Z flag from the list of malloc options as it - was removed from malloc.c 10 days ago. - - OK from miod@ +commit f0fe9ea1be62227c130b317769de3d1e736b6dc1 +Author: Darren Tucker +Date: Sat Jul 19 06:33:12 2014 +1000 -commit d0b69fe90466920d69c96069312e24b581771bd7 + - (dtucker) [Makefile.in] Add a t-exec target to run just the executable + tests. + +commit 450bc1180d4b061434a4b733c5c8814fa30b022b +Author: Darren Tucker +Date: Sat Jul 19 06:23:18 2014 +1000 + + - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used + in servconf.h. + +commit ab2ec586baad122ed169285c31927ccf58bc7b28 Author: Damien Miller -Date: Thu May 15 15:08:19 2014 +1000 +Date: Fri Jul 18 15:04:47 2014 +1000 - - dtucker@cvs.openbsd.org 2014/05/03 18:46:14 - [proxy-connect.sh] - Add tests for with and without compression, with and without privsep. + - djm@cvs.openbsd.org 2014/07/18 02:46:01 + [ssh-agent.c] + restore umask around listener socket creation (dropped in streamlocal patch + merge) -commit edb1af50441d19fb2dd9ccb4d75bf14473fca584 +commit 357610d15946381ae90c271837dcdd0cdce7145f Author: Damien Miller -Date: Thu May 15 15:07:53 2014 +1000 +Date: Fri Jul 18 15:04:10 2014 +1000 - - djm@cvs.openbsd.org 2014/04/21 22:15:37 - [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh] - repair regress tests broken by server-side default cipher/kex/mac changes - by ensuring that the option under test is included in the server's - algorithm list + - djm@cvs.openbsd.org 2014/07/17 07:22:19 + [mux.c ssh.c] + reflect stdio-forward ("ssh -W host:port ...") failures in exit status. + previously we were always returning 0. bz#2255 reported by Brendan + Germain; ok dtucker -commit 54343e95c70994695f8842fb22836321350198d3 +commit dad9a4a0b7c2b5d78605f8df28718f116524134e Author: Damien Miller -Date: Thu May 15 15:07:33 2014 +1000 +Date: Fri Jul 18 15:03:49 2014 +1000 - - djm@cvs.openbsd.org 2014/03/13 20:44:49 - [login-timeout.sh] - this test is a sorry mess of race conditions; add another sleep - to avoid a failure on slow machines (at least until I find a - better way) + - djm@cvs.openbsd.org 2014/07/17 00:12:03 + [key.c] + silence "incorrect passphrase" error spam; reported and ok dtucker@ -commit e5b9f0f2ee6e133894307e44e862b66426990733 +commit f42f7684ecbeec6ce50e0310f80b3d6da2aaf533 Author: Damien Miller -Date: Thu May 15 14:58:07 2014 +1000 +Date: Fri Jul 18 15:03:27 2014 +1000 - - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c] - [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes + - djm@cvs.openbsd.org 2014/07/17 00:10:18 + [mux.c] + preserve errno across syscall -commit b9c566788a9ebd6a9d466f47a532124f111f0542 +commit 1b83320628cb0733e3688b85bfe4d388a7c51909 Author: Damien Miller -Date: Thu May 15 14:43:37 2014 +1000 +Date: Fri Jul 18 15:03:02 2014 +1000 - - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write - portability glue to support building without libcrypto + - djm@cvs.openbsd.org 2014/07/17 00:10:56 + [sandbox-systrace.c] + ifdef SYS_sendsyslog so this will compile without patching on -stable -commit 3dc27178b42234b653a32f7a87292d7994045ee3 +commit 6d57656331bcd754d912950e4a18ad259d596e61 Author: Damien Miller -Date: Thu May 15 14:37:59 2014 +1000 +Date: Fri Jul 18 15:02:06 2014 +1000 - - logan@cvs.openbsd.org 2014/05/05 07:02:30 - [sftp.c] - Zap extra whitespace. + - jmc@cvs.openbsd.org 2014/07/16 14:48:57 + [ssh.1] + add the streamlocal* options to ssh's -o list; millert says they're + irrelevant for scp/sftp; - OK from djm@ and dtucker@ + ok markus millert -commit c31a0cd5b31961f01c5b731f62a6cb9d4f767472 +commit 7acefbbcbeab725420ea07397ae35992f505f702 Author: Damien Miller -Date: Thu May 15 14:37:39 2014 +1000 +Date: Fri Jul 18 14:11:24 2014 +1000 - - markus@cvs.openbsd.org 2014/05/03 17:20:34 - [monitor.c packet.c packet.h] - unbreak compression, by re-init-ing the compression code in the - post-auth child. the new buffer code is more strict, and requires - buffer_init() while the old code was happy after a bzero(); - originally from djm@ + - millert@cvs.openbsd.org 2014/07/15 15:54:14 + [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] + [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] + [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] + [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] + [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] + [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] + [sshd_config.5 sshlogin.c] + Add support for Unix domain socket forwarding. A remote TCP port + may be forwarded to a local Unix domain socket and vice versa or + both ends may be a Unix domain socket. This is a reimplementation + of the streamlocal patches by William Ahern from: + http://www.25thandclement.com/~william/projects/streamlocal.html + OK djm@ markus@ -commit 686c7d9ee6f44b2be4128d7860b6b37adaeba733 +commit 6262d760e00714523633bd989d62e273a3dca99a Author: Damien Miller -Date: Thu May 15 14:37:03 2014 +1000 +Date: Thu Jul 17 09:52:07 2014 +1000 - - djm@cvs.openbsd.org 2014/05/02 03:27:54 - [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] - [misc.h poly1305.h ssh-pkcs11.c defines.h] - revert __bounded change; it causes way more problems for portable than - it solves; pointed out by dtucker@ + - tedu@cvs.openbsd.org 2014/07/11 13:54:34 + [myproposal.h] + by popular demand, add back hamc-sha1 to server proposal for better compat + with many clients still in use. ok deraadt -commit 294c58a007cfb2f3bddc4fc3217e255857ffb9bf +commit 9d69d937b46ecba17f16d923e538ceda7b705c7a Author: Damien Miller -Date: Thu May 15 14:35:03 2014 +1000 +Date: Thu Jul 17 09:49:37 2014 +1000 - - naddy@cvs.openbsd.org 2014/04/30 19:07:48 - [mac.c myproposal.h umac.c] - UMAC can use our local fallback implementation of AES when OpenSSL isn't - available. Glue code straight from Ted Krovetz's original umac.c. - ok markus@ + - deraadt@cvs.openbsd.org 2014/07/11 08:09:54 + [sandbox-systrace.c] + Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, + update your kernels and sshd soon.. libc will start using sendsyslog() + in about 4 days. -commit 05e82c3b963c33048128baf72a6f6b3a1c10b4c1 +commit f6293a0b4129826fc2e37e4062f96825df43c326 Author: Damien Miller -Date: Thu May 15 14:33:43 2014 +1000 +Date: Thu Jul 17 09:01:25 2014 +1000 - - djm@cvs.openbsd.org 2014/04/30 05:29:56 - [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] - [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] - [ssherr.h] - New buffer API; the first installment of the conversion/replacement - of OpenSSH's internals to make them usable as a standalone library. - - This includes a set of wrappers to make it compatible with the - existing buffer API so replacement can occur incrementally. - - With and ok markus@ - - Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew - Dempsky and Ron Bowes for a detailed review. + - (djm) [digest-openssl.c] Preserve array order when disabling digests. + Reported by Petr Lautrbach. -commit 380948180f847a26f2d0c85b4dad3dca2ed2fd8b +commit 00f9cd230709c04399ef5ff80492d70a55230694 Author: Damien Miller -Date: Thu May 15 14:25:18 2014 +1000 +Date: Tue Jul 15 10:41:38 2014 +1000 - - dtucker@cvs.openbsd.org 2014/04/29 20:36:51 - [sftp.c] - Don't attempt to append a nul quote char to the filename. Should prevent - fatal'ing with "el_insertstr failed" when there's a single quote char - somewhere in the string. bz#2238, ok markus@ + - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto + has been located; fixes builds agains libressl-portable -commit d7fd8bedd4619a2ec7fd02aae4c4e1db4431ad9f +commit 1d0df3249c87019556b83306c28d4769375c2edc Author: Damien Miller -Date: Thu May 15 14:24:59 2014 +1000 +Date: Fri Jul 11 09:19:04 2014 +1000 - - dtucker@cvs.openbsd.org 2014/04/29 19:58:50 - [sftp.c] - Move nulling of variable next to where it's freed. ok markus@ + - OpenBSD CVS Sync + - benno@cvs.openbsd.org 2014/07/09 14:15:56 + [ssh-add.c] + fix ssh-add crash while loading more than one key + ok markus@ -commit 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 +commit 7a57eb3d105aa4ced15fb47001092c58811e6d9d Author: Damien Miller -Date: Thu May 15 14:24:09 2014 +1000 +Date: Wed Jul 9 13:22:31 2014 +1000 - - markus@cvs.openbsd.org 2014/04/29 18:01:49 - [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] - [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] - [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] - [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] - make compiling against OpenSSL optional (make OPENSSL=no); - reduces algorithms to curve25519, aes-ctr, chacha, ed25519; - allows us to explore further options; with and ok djm + - djm@cvs.openbsd.org 2014/07/07 08:15:26 + [multiplex.sh] + remove forced-fatal that I stuck in there to test the new cleanup + logic and forgot to remove... -commit c5893785564498cea73cb60d2cf199490483e080 +commit 612f965239a30fe536b11ece1834d9f470aeb029 Author: Damien Miller -Date: Thu May 15 13:48:49 2014 +1000 +Date: Wed Jul 9 13:22:03 2014 +1000 - - djm@cvs.openbsd.org 2014/04/29 13:10:30 - [clientloop.c serverloop.c] - bz#1818 - don't send channel success/failre replies on channels that - have sent a close already; analysis and patch from Simon Tatham; - ok markus@ + - djm@cvs.openbsd.org 2014/07/06 07:42:03 + [multiplex.sh test-exec.sh] + add a hook to the cleanup() function to kill $SSH_PID if it is set + + use it to kill the mux master started in multiplex.sh (it was being left + around on fatal failures) -commit 633de33b192d808d87537834c316dc8b75fe1880 +commit d0bb950485ba121e43a77caf434115ed6417b46f Author: Damien Miller -Date: Thu May 15 13:48:26 2014 +1000 +Date: Wed Jul 9 13:07:28 2014 +1000 - - djm@cvs.openbsd.org 2014/04/28 03:09:18 - [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] - [ssh-keygen.c] - buffer_get_string_ptr's return should be const to remind - callers that futzing with it will futz with the actual buffer - contents + - djm@cvs.openbsd.org 2014/07/09 03:02:15 + [key.c] + downgrade more error() to debug() to better match what old authfile.c + did; suppresses spurious errors with hostbased authentication enabled -commit 15271907843e4ae50dcfc83b3594014cf5e9607b +commit 0070776a038655c57f57e70cd05e4c38a5de9d84 Author: Damien Miller -Date: Thu May 15 13:47:56 2014 +1000 +Date: Wed Jul 9 13:07:06 2014 +1000 - - djm@cvs.openbsd.org 2014/04/23 12:42:34 - [readconf.c] - don't record duplicate IdentityFiles + - djm@cvs.openbsd.org 2014/07/09 01:45:10 + [sftp.c] + more useful error message when GLOB_NOSPACE occurs; + bz#2254, patch from Orion Poplawski -commit 798a02568b13a2e46efebd81f08c8f4bb33a6dc7 +commit 079bac2a43c74ef7cf56850afbab3b1932534c50 Author: Damien Miller -Date: Thu May 15 13:47:37 2014 +1000 +Date: Wed Jul 9 13:06:25 2014 +1000 - - jmc@cvs.openbsd.org 2014/04/22 14:16:30 - [sftp.1] - zap eol whitespace; + - djm@cvs.openbsd.org 2014/07/07 08:19:12 + [ssh_config.5] + mention that ProxyCommand is executed using shell "exec" to avoid + a lingering process; bz#1977 -commit d875ff78d2b8436807381051de112f0ebf9b9ae1 +commit 3a48cc090096cf99b9de592deb5f90e444edebfb Author: Damien Miller -Date: Thu May 15 13:47:15 2014 +1000 +Date: Sun Jul 6 09:32:49 2014 +1000 - - logan@cvs.openbsd.org 2014/04/22 12:42:04 - [sftp.1] - Document sftp upload resume. - OK from djm@, with feedback from okan@. + - djm@cvs.openbsd.org 2014/07/05 23:11:48 + [channels.c] + fix remote-forward cancel regression; ok markus@ -commit b15cd7bb097fd80dc99520f45290ef775da1ef19 +commit 48bae3a38cb578713e676708164f6e7151cc64fa Author: Damien Miller -Date: Thu May 15 13:46:52 2014 +1000 +Date: Sun Jul 6 09:27:06 2014 +1000 - - logan@cvs.openbsd.org 2014/04/22 10:07:12 - [sftp.c] - Sort the sftp command list. - OK from djm@ + - djm@cvs.openbsd.org 2014/07/03 23:18:35 + [authfile.h] + remove leakmalloc droppings -commit d8accc0aa72656ba63d50937165c5ae49db1dcd6 +commit 72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826 Author: Damien Miller -Date: Thu May 15 13:46:25 2014 +1000 +Date: Fri Jul 4 09:00:04 2014 +1000 - - logan@cvs.openbsd.org 2014/04/21 14:36:16 - [sftp-client.c sftp-client.h sftp.c] - Implement sftp upload resume support. - OK from djm@, with input from guenther@, mlarkin@ and - okan@ + - djm@cvs.openbsd.org 2014/07/03 22:40:43 + [servconf.c servconf.h session.c sshd.8 sshd_config.5] + Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is + executed, mirroring the no-user-rc authorized_keys option; + bz#2160; ok markus@ -commit 16cd3928a87d20c77b13592a74b60b08621d3ce6 +commit 602943d1179a08dfa70af94f62296ea5e3d6ebb8 Author: Damien Miller -Date: Thu May 15 13:45:58 2014 +1000 +Date: Fri Jul 4 08:59:41 2014 +1000 - - logan@cvs.openbsd.org 2014/04/20 09:24:26 - [dns.c dns.h ssh-keygen.c] - Add support for SSHFP DNS records for ED25519 key types. - OK from djm@ + - djm@cvs.openbsd.org 2014/07/03 22:33:41 + [channels.c] + allow explicit ::1 and 127.0.0.1 forwarding bind addresses when + GatewayPorts=no; allows client to choose address family; + bz#2222 ok markus@ -commit ec0b67eb3b4e12f296ced1fafa01860c374f7eea +commit 6b37fbb7921d156b31e2c8f39d9e1b6746c34983 Author: Damien Miller -Date: Thu May 15 13:45:26 2014 +1000 +Date: Fri Jul 4 08:59:24 2014 +1000 - - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine - OpenBSD + - djm@cvs.openbsd.org 2014/07/03 22:23:46 + [sshconnect.c] + when rekeying, skip file/DNS lookup if it is the same as the key sent + during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ -commit f028460d0b2e5a584355321015cde69bf6fd933e -Author: Darren Tucker -Date: Thu May 1 02:24:35 2014 +1000 +commit d2c3cd5f2e47ee24cf7093ce8e948c2e79dfc3fd +Author: Damien Miller +Date: Fri Jul 4 08:59:01 2014 +1000 - - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already - have it. Only attempt to use __attribute__(__bounded__) for gcc. + - jsing@cvs.openbsd.org 2014/07/03 12:42:16 + [cipher-chachapoly.c] + Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this + makes it easier to verify that chacha_encrypt_bytes() is only called once + per chacha_ivsetup() call. + ok djm@ -commit b628cc4c3e4a842bab5e4584d18c2bc5fa4d0edf +commit 686feb560ec43a06ba04da82b50f3c183c947309 Author: Damien Miller -Date: Sun Apr 20 13:33:58 2014 +1000 +Date: Thu Jul 3 21:29:38 2014 +1000 - - djm@cvs.openbsd.org 2014/04/20 02:49:32 - [compat.c] - add a canonical 6.6 + curve25519 bignum fix fake version that I can - recommend people use ahead of the openssh-6.7 release + - djm@cvs.openbsd.org 2014/07/03 11:16:55 + [auth.c auth.h auth1.c auth2.c] + make the "Too many authentication failures" message include the + user, source address, port and protocol in a format similar to the + authentication success / failure messages; bz#2199, ok dtucker -commit 888566913933a802f3a329ace123ebcb7154cf78 +commit 0f12341402e18fd9996ec23189b9418d2722453f Author: Damien Miller -Date: Sun Apr 20 13:33:19 2014 +1000 +Date: Thu Jul 3 21:28:09 2014 +1000 - - djm@cvs.openbsd.org 2014/04/20 02:30:25 - [misc.c misc.h umac.c] - use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on - strict-alignment architectures; reported by and ok stsp@ + - jmc@cvs.openbsd.org 2014/07/03 07:45:27 + [ssh_config.5] + escape %C since groff thinks it part of an Rs/Re block; -commit 16f85cbc7e5139950e6a38317e7c8b368beafa5d +commit 9c38643c5cd47a19db2cc28279dcc28abadc22b3 Author: Damien Miller -Date: Sun Apr 20 13:29:28 2014 +1000 +Date: Thu Jul 3 21:27:46 2014 +1000 - - tedu@cvs.openbsd.org 2014/04/19 18:42:19 - [ssh.1] - delete .xr to hosts.equiv. there's still an unfortunate amount of - documentation referring to rhosts equivalency in here. + - djm@cvs.openbsd.org 2014/07/03 06:39:19 + [ssh.c ssh_config.5] + Add a %C escape sequence for LocalCommand and ControlPath that expands + to a unique identifer based on a has of the tuple of (local host, + remote user, hostname, port). + + Helps avoid exceeding sockaddr_un's miserly pathname limits for mux + control paths. + + bz#2220, based on patch from mancha1 AT zoho.com; ok markus@ -commit 69cb24b7356ec3f0fc5ff04a68f98f2c55c766f4 +commit 49d9bfe2b2f3e90cc158a215dffa7675e57e7830 Author: Damien Miller -Date: Sun Apr 20 13:29:06 2014 +1000 +Date: Thu Jul 3 21:26:42 2014 +1000 - - tedu@cvs.openbsd.org 2014/04/19 18:15:16 - [sshd.8] - remove some really old rsh references + - djm@cvs.openbsd.org 2014/07/03 05:38:17 + [ssh.1] + document that -g will only work in the multiplexed case if applied to + the mux master -commit 84c1e7bca8c4ceaccf4d5557e39a833585a3c77e +commit ef9f13ba4c58057b2166d1f2e790535da402fbe5 Author: Damien Miller -Date: Sun Apr 20 13:27:53 2014 +1000 +Date: Thu Jul 3 21:26:21 2014 +1000 - - tedu@cvs.openbsd.org 2014/04/19 14:53:48 - [ssh-keysign.c sshd.c] - Delete futile calls to RAND_seed. ok djm - NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon + - djm@cvs.openbsd.org 2014/07/03 05:32:36 + [ssh_config.5] + mention '%%' escape sequence in HostName directives and how it may + be used to specify IPv6 link-local addresses -commit 0e6b67423b8662f9ca4c92750309e144fd637ef1 +commit e6a407789e5432dd2e53336fb73476cc69048c54 Author: Damien Miller -Date: Sun Apr 20 13:27:01 2014 +1000 +Date: Thu Jul 3 21:25:03 2014 +1000 - - djm@cvs.openbsd.org 2014/04/19 05:54:59 - [compat.c] - missing wildcard; pointed out by naddy@ + - djm@cvs.openbsd.org 2014/07/03 04:36:45 + [digest.h] + forward-declare struct sshbuf so consumers don't need to include sshbuf.h -commit 9395b28223334826837c15e8c1bb4dfb3b0d2ca5 +commit 4a1d3d50f02d0a8a4ef95ea4749293cbfb89f919 Author: Damien Miller -Date: Sun Apr 20 13:25:30 2014 +1000 +Date: Thu Jul 3 21:24:40 2014 +1000 - - djm@cvs.openbsd.org 2014/04/18 23:52:25 - [compat.c compat.h sshconnect2.c sshd.c version.h] - OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections - using the curve25519-sha256@libssh.org KEX exchange method to fail - when connecting with something that implements the spec properly. - - Disable this KEX method when speaking to one of the affected - versions. - - reported by Aris Adamantiadis; ok markus@ + - djm@cvs.openbsd.org 2014/07/03 03:47:27 + [ssh-keygen.c] + When hashing or removing hosts using ssh-keygen, don't choke on + @revoked markers and don't remove @cert-authority markers; + bz#2241, reported by mlindgren AT runelind.net -commit 8c492da58f8ceb85cf5f7066f23e26fb813a963d +commit e5c0d52ceb575c3db8c313e0b1aa3845943d7ba8 Author: Damien Miller -Date: Sun Apr 20 13:25:09 2014 +1000 +Date: Thu Jul 3 21:24:19 2014 +1000 - - djm@cvs.openbsd.org 2014/04/16 23:28:12 - [ssh-agent.1] - remove the identity files from this manpage - ssh-agent doesn't deal - with them at all and the same information is duplicated in ssh-add.1 - (which does deal with them); prodded by deraadt@ + - djm@cvs.openbsd.org 2014/07/03 03:34:09 + [gss-serv.c session.c ssh-keygen.c] + standardise on NI_MAXHOST for gethostname() string lengths; about + 1/2 the cases were using it already. Fixes bz#2239 en passant -commit adbfdbbdccc70c9bd70d81ae096db115445c6e26 +commit c174a3b7c14e0d178c61219de2aa1110e209950c Author: Damien Miller -Date: Sun Apr 20 13:24:49 2014 +1000 +Date: Thu Jul 3 21:23:24 2014 +1000 - - djm@cvs.openbsd.org 2014/04/16 23:22:45 - [bufaux.c] - skip leading zero bytes in buffer_put_bignum2_from_string(); - reported by jan AT mojzis.com; ok markus@ + - djm@cvs.openbsd.org 2014/07/03 03:26:43 + [digest-openssl.c] + use EVP_Digest() for one-shot hash instead of creating, updating, + finalising and destroying a context. + bz#2231, based on patch from Timo Teras -commit 75c62728dc87af6805696eeb520b9748faa136c8 +commit d7ca2cd31ecc4d63a055e2dcc4bf35c13f2db4c5 Author: Damien Miller -Date: Sun Apr 20 13:24:31 2014 +1000 +Date: Thu Jul 3 21:23:01 2014 +1000 - - djm@cvs.openbsd.org 2014/04/12 04:55:53 - [sshd.c] - avoid crash at exit: check that pmonitor!=NULL before dereferencing; - bz#2225, patch from kavi AT juniper.net + - djm@cvs.openbsd.org 2014/07/03 03:15:01 + [ssh-add.c] + make stdout line-buffered; saves partial output getting lost when + ssh-add fatal()s part-way through (e.g. when listing keys from an + agent that supports key types that ssh-add doesn't); + bz#2234, reported by Phil Pennock -commit 2a328437fb1b0976f2f4522d8645803d5a5d0967 +commit b1e967c8d7c7578dd0c172d85b3046cf54ea42ba Author: Damien Miller -Date: Sun Apr 20 13:24:01 2014 +1000 +Date: Thu Jul 3 21:22:40 2014 +1000 - - djm@cvs.openbsd.org 2014/04/01 05:32:57 - [packet.c] - demote a debug3 to PACKET_DEBUG; ok markus@ + - djm@cvs.openbsd.org 2014/07/03 03:11:03 + [ssh-agent.c] + Only cleanup agent socket in the main agent process and not in any + subprocesses it may have started (e.g. forked askpass). Fixes + agent sockets being zapped when askpass processes fatal(); + bz#2236 patch from Dmitry V. Levin -commit 7d6a9fb660c808882d064e152d6070ffc3844c3f +commit 61e28e55c3438d796b02ef878bcd28620d452670 Author: Damien Miller -Date: Sun Apr 20 13:23:43 2014 +1000 +Date: Thu Jul 3 21:22:22 2014 +1000 - - djm@cvs.openbsd.org 2014/04/01 03:34:10 - [sshconnect.c] - When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any - certificate keys to plain keys and attempt SSHFP resolution. - - Prevents a server from skipping SSHFP lookup and forcing a new-hostkey - dialog by offering only certificate keys. - - Reported by mcv21 AT cam.ac.uk + - djm@cvs.openbsd.org 2014/07/03 01:45:38 + [sshkey.c] + make Ed25519 keys' title fit properly in the randomart border; bz#2247 + based on patch from Christian Hesse -commit fcd62c0b66b8415405ed0af29c236329eb88cc0f +commit 9eb4cd9a32c32d40d36450b68ed93badc6a94c68 Author: Damien Miller -Date: Sun Apr 20 13:23:21 2014 +1000 +Date: Thu Jul 3 13:29:50 2014 +1000 - - djm@cvs.openbsd.org 2014/04/01 02:05:27 - [ssh-keysign.c] - include fingerprint of key not found - use arc4random_buf() instead of loop+arc4random() + - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist; + bz#2237 -commit 43b156cf72f900f88065b0a1c1ebd09ab733ca46 +commit 8da0fa24934501909408327298097b1629b89eaa Author: Damien Miller -Date: Sun Apr 20 13:23:03 2014 +1000 +Date: Thu Jul 3 11:54:19 2014 +1000 - - jmc@cvs.openbsd.org 2014/03/31 13:39:34 - [ssh-keygen.1] - the text for the -K option was inserted in the wrong place in -r1.108; - fix From: Matthew Clarke + - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto + doesn't support it. -commit c1621c84f2dc1279065ab9fde2aa9327af418900 +commit 81309c857dd0dbc0a1245a16d621c490ad48cfbb Author: Damien Miller -Date: Sun Apr 20 13:22:46 2014 +1000 +Date: Wed Jul 2 17:45:55 2014 +1000 - - naddy@cvs.openbsd.org 2014/03/28 05:17:11 - [ssh_config.5 sshd_config.5] - sync available and default algorithms, improve algorithm list formatting - help from jmc@ and schwarze@, ok deraadt@ + - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test -commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054 +commit 82b2482ce68654815ee049b9bf021bb362a35ff2 Author: Damien Miller -Date: Sun Apr 20 13:22:18 2014 +1000 +Date: Wed Jul 2 17:43:41 2014 +1000 - - tedu@cvs.openbsd.org 2014/03/26 19:58:37 - [sshd.8 sshd.c] - remove libwrap support. ok deraadt djm mfriedl + - (djm) [sshkey.c] Conditionalise inclusion of util.h -commit 4f40209aa4060b9c066a2f0d9332ace7b8dfb391 +commit dd8b1dd7933eb6f5652641b0cdced34a387f2e80 Author: Damien Miller -Date: Sun Apr 20 13:21:22 2014 +1000 +Date: Wed Jul 2 17:38:31 2014 +1000 - - djm@cvs.openbsd.org 2014/03/26 04:55:35 - [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c - [misc.h poly1305.h ssh-pkcs11.c] - use __bounded(...) attribute recently added to sys/cdefs.h instead of - longform __attribute__(__bounded(...)); - - for brevity and a warning free compilation with llvm/clang + - djm@cvs.openbsd.org 2014/06/24 01:14:17 + [Makefile.in regress/Makefile regress/unittests/Makefile] + [regress/unittests/sshkey/Makefile] + [regress/unittests/sshkey/common.c] + [regress/unittests/sshkey/common.h] + [regress/unittests/sshkey/mktestdata.sh] + [regress/unittests/sshkey/test_file.c] + [regress/unittests/sshkey/test_fuzz.c] + [regress/unittests/sshkey/test_sshkey.c] + [regress/unittests/sshkey/tests.c] + [regress/unittests/sshkey/testdata/dsa_1] + [regress/unittests/sshkey/testdata/dsa_1-cert.fp] + [regress/unittests/sshkey/testdata/dsa_1-cert.pub] + [regress/unittests/sshkey/testdata/dsa_1.fp] + [regress/unittests/sshkey/testdata/dsa_1.fp.bb] + [regress/unittests/sshkey/testdata/dsa_1.param.g] + [regress/unittests/sshkey/testdata/dsa_1.param.priv] + [regress/unittests/sshkey/testdata/dsa_1.param.pub] + [regress/unittests/sshkey/testdata/dsa_1.pub] + [regress/unittests/sshkey/testdata/dsa_1_pw] + [regress/unittests/sshkey/testdata/dsa_2] + [regress/unittests/sshkey/testdata/dsa_2.fp] + [regress/unittests/sshkey/testdata/dsa_2.fp.bb] + [regress/unittests/sshkey/testdata/dsa_2.pub] + [regress/unittests/sshkey/testdata/dsa_n] + [regress/unittests/sshkey/testdata/dsa_n_pw] + [regress/unittests/sshkey/testdata/ecdsa_1] + [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] + [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] + [regress/unittests/sshkey/testdata/ecdsa_1.fp] + [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] + [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] + [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] + [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] + [regress/unittests/sshkey/testdata/ecdsa_1.pub] + [regress/unittests/sshkey/testdata/ecdsa_1_pw] + [regress/unittests/sshkey/testdata/ecdsa_2] + [regress/unittests/sshkey/testdata/ecdsa_2.fp] + [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] + [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] + [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] + [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] + [regress/unittests/sshkey/testdata/ecdsa_2.pub] + [regress/unittests/sshkey/testdata/ecdsa_n] + [regress/unittests/sshkey/testdata/ecdsa_n_pw] + [regress/unittests/sshkey/testdata/ed25519_1] + [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] + [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] + [regress/unittests/sshkey/testdata/ed25519_1.fp] + [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] + [regress/unittests/sshkey/testdata/ed25519_1.pub] + [regress/unittests/sshkey/testdata/ed25519_1_pw] + [regress/unittests/sshkey/testdata/ed25519_2] + [regress/unittests/sshkey/testdata/ed25519_2.fp] + [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] + [regress/unittests/sshkey/testdata/ed25519_2.pub] + [regress/unittests/sshkey/testdata/pw] + [regress/unittests/sshkey/testdata/rsa1_1] + [regress/unittests/sshkey/testdata/rsa1_1.fp] + [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] + [regress/unittests/sshkey/testdata/rsa1_1.param.n] + [regress/unittests/sshkey/testdata/rsa1_1.pub] + [regress/unittests/sshkey/testdata/rsa1_1_pw] + [regress/unittests/sshkey/testdata/rsa1_2] + [regress/unittests/sshkey/testdata/rsa1_2.fp] + [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] + [regress/unittests/sshkey/testdata/rsa1_2.param.n] + [regress/unittests/sshkey/testdata/rsa1_2.pub] + [regress/unittests/sshkey/testdata/rsa_1] + [regress/unittests/sshkey/testdata/rsa_1-cert.fp] + [regress/unittests/sshkey/testdata/rsa_1-cert.pub] + [regress/unittests/sshkey/testdata/rsa_1.fp] + [regress/unittests/sshkey/testdata/rsa_1.fp.bb] + [regress/unittests/sshkey/testdata/rsa_1.param.n] + [regress/unittests/sshkey/testdata/rsa_1.param.p] + [regress/unittests/sshkey/testdata/rsa_1.param.q] + [regress/unittests/sshkey/testdata/rsa_1.pub] + [regress/unittests/sshkey/testdata/rsa_1_pw] + [regress/unittests/sshkey/testdata/rsa_2] + [regress/unittests/sshkey/testdata/rsa_2.fp] + [regress/unittests/sshkey/testdata/rsa_2.fp.bb] + [regress/unittests/sshkey/testdata/rsa_2.param.n] + [regress/unittests/sshkey/testdata/rsa_2.param.p] + [regress/unittests/sshkey/testdata/rsa_2.param.q] + [regress/unittests/sshkey/testdata/rsa_2.pub] + [regress/unittests/sshkey/testdata/rsa_n] + [regress/unittests/sshkey/testdata/rsa_n_pw] + unit and fuzz tests for new key API -commit 9235a030ad1b16903fb495d81544e0f7c7449523 +commit c1dc24b71f087f385b92652b9673f52af64e0428 Author: Damien Miller -Date: Sun Apr 20 13:17:20 2014 +1000 +Date: Wed Jul 2 17:02:03 2014 +1000 - Three commits in one (since they touch the same heavily-diverged file - repeatedly): - - - markus@cvs.openbsd.org 2014/03/25 09:40:03 - [myproposal.h] - trimm default proposals. - - This commit removes the weaker pre-SHA2 hashes, the broken ciphers - (arcfour), and the broken modes (CBC) from the default configuration - (the patch only changes the default, all the modes are still available - for the config files). - - ok djm@, reminded by tedu@ & naddy@ and discussed with many - - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 - [myproposal.h] - The current sharing of myproposal[] between both client and server code - makes the previous diff highly unpallatable. We want to go in that - direction for the server, but not for the client. Sigh. - Brought up by naddy. - - markus@cvs.openbsd.org 2014/03/27 23:01:27 - [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] - disable weak proposals in sshd, but keep them in ssh; ok djm@ + - djm@cvs.openbsd.org 2014/06/24 01:04:43 + [regress/krl.sh] + regress test for broken consecutive revoked serial number ranges -commit 6e1777f592f15f4559728c78204617537b1ac076 +commit 43d3ed2dd3feca6d0326c7dc82588d2faa115e92 Author: Damien Miller -Date: Sun Apr 20 13:02:58 2014 +1000 +Date: Wed Jul 2 17:01:08 2014 +1000 - - tedu@cvs.openbsd.org 2014/03/19 14:42:44 - [scp.1] - there is no need for rcp anymore - ok deraadt millert + - djm@cvs.openbsd.org 2014/05/21 07:04:21 + [regress/integrity.sh] + when failing because of unexpected output, show the offending output -commit eb1b7c514d2a7b1802ccee8cd50e565a4d419887 +commit 5a96707ffc8d227c2e7d94fa6b0317f8a152cf4e Author: Damien Miller -Date: Sun Apr 20 13:02:26 2014 +1000 +Date: Wed Jul 2 15:38:05 2014 +1000 - - tedu@cvs.openbsd.org 2014/03/17 19:44:10 - [ssh.1] - old descriptions of des and blowfish are old. maybe ok deraadt + - djm@cvs.openbsd.org 2014/04/30 05:32:00 + [regress/Makefile] + unit tests for new buffer API; including basic fuzz testing + NB. Id sync only. -commit f0858de6e1324ec730752387074b111b8551081e +commit 3ff92ba756aee48e4ae3e0aeff7293517b3dd185 Author: Damien Miller -Date: Sun Apr 20 13:01:30 2014 +1000 +Date: Wed Jul 2 15:33:09 2014 +1000 - - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 - [ssh-agent.c ssh-keygen.1 ssh-keygen.c] - Improve usage() and documentation towards the standard form. - In particular, this line saves a lot of man page reading time. - usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] - [-N new_passphrase] [-C comment] [-f output_keyfile] - ok schwarze jmc + - djm@cvs.openbsd.org 2014/06/30 12:54:39 + [key.c] + suppress spurious error message when loading key with a passphrase; + reported by kettenis@ ok markus@ + - djm@cvs.openbsd.org 2014/07/02 04:59:06 + [cipher-3des1.c] + fix ssh protocol 1 on the server that regressed with the sshkey change + (sometimes fatal() after auth completed), make file return useful status + codes. + NB. Id sync only for these two. They were bundled into the sshkey merge + above, since it was easier to sync the entire file and then apply + portable-specific changed atop it. -commit 94bfe0fbd6e91a56b5b0ab94ac955d2a67d101aa +commit ec3d0e24a1e46873d80507f5cd8ee6d0d03ac5dc Author: Damien Miller -Date: Sun Apr 20 13:00:51 2014 +1000 +Date: Wed Jul 2 15:30:00 2014 +1000 - - naddy@cvs.openbsd.org 2014/03/12 13:06:59 - [ssh-keyscan.1] - scan for Ed25519 keys by default too + - markus@cvs.openbsd.org 2014/06/27 18:50:39 + [ssh-add.c] + fix loading of private keys -commit 3819519288b2b3928c6882f5883b0f55148f4fc0 +commit 4b3ed647d5b328cf68e6a8ffbee490d8e0683e82 Author: Damien Miller -Date: Sun Apr 20 13:00:28 2014 +1000 +Date: Wed Jul 2 15:29:40 2014 +1000 - - djm@cvs.openbsd.org 2014/03/12 04:51:12 - [authfile.c] - correct test that kdf name is not "none" or "bcrypt" + - markus@cvs.openbsd.org 2014/06/27 16:41:56 + [channels.c channels.h clientloop.c ssh.c] + fix remote fwding with same listen port but different listen address + with gerhard@, ok djm@ -commit 8f9cd709c7cf0655d414306a0ed28306b33802be +commit 9e01ff28664921ce9b6500681333e42fb133b4d0 Author: Damien Miller -Date: Sun Apr 20 13:00:11 2014 +1000 +Date: Wed Jul 2 15:29:21 2014 +1000 - - djm@cvs.openbsd.org 2014/03/12 04:50:32 - [auth-bsdauth.c ssh-keygen.c] - don't count on things that accept arguments by reference to clear - things for us on error; most things do, but it's unsafe form. + - deraadt@cvs.openbsd.org 2014/06/25 14:16:09 + [sshbuf.c] + unblock SIGSEGV before raising it + ok djm + +commit 1845fe6bda0729e52f4c645137f4fc3070b5438a +Author: Damien Miller +Date: Wed Jul 2 15:29:01 2014 +1000 + + - djm@cvs.openbsd.org 2014/06/24 02:21:01 + [scp.c] + when copying local->remote fails during read, don't send uninitialised + heap to the remote end. Reported by Jann Horn + +commit 19439e9a2a0ac0b4b3b1210e89695418beb1c883 +Author: Damien Miller +Date: Wed Jul 2 15:28:40 2014 +1000 -commit 1c7ef4be83f6dec84509a312518b9df00ab491d9 + - djm@cvs.openbsd.org 2014/06/24 02:19:48 + [ssh.c] + don't fatal() when hostname canonicalisation fails with a + ProxyCommand in use; continue and allow the ProxyCommand to + connect anyway (e.g. to a host with a name outside the DNS + behind a bastion) + +commit 8668706d0f52654fe64c0ca41a96113aeab8d2b8 Author: Damien Miller -Date: Sun Apr 20 12:59:46 2014 +1000 +Date: Wed Jul 2 15:28:02 2014 +1000 - - djm@cvs.openbsd.org 2014/03/12 04:44:58 - [ssh-keyscan.c] - scan for Ed25519 keys by default too + - djm@cvs.openbsd.org 2014/06/24 01:13:21 + [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c + [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c + [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h + [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h + [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h + [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c + [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c + [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c + [sshconnect2.c sshd.c sshkey.c sshkey.h + [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] + New key API: refactor key-related functions to be more library-like, + existing API is offered as a set of wrappers. + + with and ok markus@ + + Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew + Dempsky and Ron Bowes for a detailed review a few months ago. + + NB. This commit also removes portable OpenSSH support for OpenSSL + <0.9.8e. -commit c10bf4d051c97939b30a1616c0499310057d07da +commit 2cd7929250cf9e9f658d70dcd452f529ba08c942 Author: Damien Miller -Date: Sun Apr 20 12:58:04 2014 +1000 +Date: Wed Jul 2 12:48:30 2014 +1000 - - djm@cvs.openbsd.org 2014/03/03 22:22:30 - [session.c] - ignore enviornment variables with embedded '=' or '\0' characters; - spotted by Jann Horn; ok deraadt@ - Id sync only - portable already has this. + - djm@cvs.openbsd.org 2014/06/24 00:52:02 + [krl.c] + fix bug in KRL generation: multiple consecutive revoked certificate + serial number ranges could be serialised to an invalid format. + + Readers of a broken KRL caused by this bug will fail closed, so no + should-have-been-revoked key will be accepted. -commit c2e49062faccbcd7135c40d1c78c5c329c58fc2e +commit 99db840ee8dbbd2b3fbc6c45d0ee2f6a65e96898 Author: Damien Miller -Date: Tue Apr 1 14:42:46 2014 +1100 +Date: Wed Jul 2 12:48:04 2014 +1000 - - (djm) Use full release (e.g. 6.5p1) in debug output rather than just - version. From des@des.no + - naddy@cvs.openbsd.org 2014/06/18 15:42:09 + [sshbuf-getput-crypto.c] + The ssh_get_bignum functions must accept the same range of bignums + the corresponding ssh_put_bignum functions create. This fixes the + use of 16384-bit RSA keys (bug reported by Eivind Evensen). + ok djm@ -commit 14928b7492abec82afa4c2b778fc03f78cd419b6 +commit 84a89161a9629239b64171ef3e22ef6a3e462d51 Author: Damien Miller -Date: Tue Apr 1 14:38:07 2014 +1100 +Date: Wed Jul 2 12:47:48 2014 +1000 - - (djm) On platforms that support it, use prctl() to prevent sftp-server - from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net + - matthew@cvs.openbsd.org 2014/06/18 02:59:13 + [sandbox-systrace.c] + Now that we have a dedicated getentropy(2) system call for + arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace + sandbox. + + ok djm -commit 48abc47e60048461fe9117e108a7e99ea1ac2bb8 +commit 51504ceec627c0ad57b9f75585c7b3d277f326be Author: Damien Miller -Date: Mon Mar 17 14:45:56 2014 +1100 +Date: Wed Jul 2 12:47:25 2014 +1000 - - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to - remind myself to add sandbox violation logging via the log socket. + - deraadt@cvs.openbsd.org 2014/06/13 08:26:29 + [sandbox-systrace.c] + permit SYS_getentropy + from matthew -commit 9c36698ca2f554ec221dc7ef29c7a89e97c88705 +commit a261b8df59117f7dc52abb3a34b35a40c2c9fa88 Author: Tim Rice -Date: Fri Mar 14 12:45:01 2014 -0700 +Date: Wed Jun 18 16:17:28 2014 -0700 - 20140314 - - (tim) [opensshd.init.in] Add support for ed25519 + - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare -commit 19158b2447e35838d69b2b735fb640d1e86061ea -Author: Damien Miller -Date: Thu Mar 13 13:14:21 2014 +1100 +commit 316fac6f18f87262a315c79bcf68b9f92c9337e4 +Author: Darren Tucker +Date: Tue Jun 17 23:06:07 2014 +1000 - - (djm) Release OpenSSH 6.6 + - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} + openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] + Move the OpenSSL header/library version test into its own function and add + tests for it. Fix it to allow fix version upgrades (but not downgrades). + Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). + ok djm@ chl@ -commit 8569eba5d7f7348ce3955eeeb399f66f25c52ece -Author: Damien Miller -Date: Tue Mar 4 09:35:17 2014 +1100 +commit af665bb7b092a59104db1e65577851cf35b86e32 +Author: Darren Tucker +Date: Mon Jun 16 22:50:55 2014 +1000 - - djm@cvs.openbsd.org 2014/03/03 22:22:30 - [session.c] - ignore enviornment variables with embedded '=' or '\0' characters; - spotted by Jann Horn; ok deraadt@ + - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via + OpenSMTPD and chl@ -commit 2476c31b96e89aec7d4e73cb6fbfb9a4290de3a7 -Author: Damien Miller -Date: Sun Mar 2 04:01:00 2014 +1100 +commit f9696566fb41320820f3b257ab564fa321bb3751 +Author: Darren Tucker +Date: Fri Jun 13 11:06:04 2014 +1000 - - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when - no moduli file exists at the expected location. + - (dtucker) [configure.ac] Remove tcpwrappers support, support has already + been removed from sshd.c. -commit c83fdf30e9db865575b2521b1fe46315cf4c70ae -Author: Damien Miller -Date: Fri Feb 28 10:34:03 2014 +1100 +commit 5e2b8894b0b24af4ad0a2f7aa33ebf255df7a8bc +Author: Tim Rice +Date: Wed Jun 11 18:31:10 2014 -0700 - - (djm) [regress/host-expand.sh] Add RCS Id + - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for + u_intXX_t types. -commit 834aeac3555e53f7d29a6fcf3db010dfb99681c7 -Author: Damien Miller -Date: Fri Feb 28 10:25:16 2014 +1100 +commit 985ee2cbc3e43bc65827c3c0d4df3faa99160c37 +Author: Darren Tucker +Date: Thu Jun 12 05:32:29 2014 +1000 - - djm@cvs.openbsd.org 2014/02/27 21:21:25 - [agent-ptrace.sh agent.sh] - keep return values that are printed in error messages; - from portable - (Id sync only) + - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*] + Wrap stdlib.h include an ifdef for platforms that don't have it. -commit 4f7f1a9a0de24410c30952c7e16d433240422182 -Author: Damien Miller -Date: Fri Feb 28 10:24:11 2014 +1100 +commit cf5392c2db2bb1dbef9818511d34056404436109 +Author: Darren Tucker +Date: Thu Jun 12 05:22:49 2014 +1000 - - djm@cvs.openbsd.org 2014/02/27 20:04:16 - [login-timeout.sh] - remove any existing LoginGraceTime from sshd_config before adding - a specific one for the test back in + - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from + openbsd-compat/bsd-asprintf.c. -commit d705d987c27f68080c8798eeb5262adbdd6b4ffd -Author: Damien Miller -Date: Fri Feb 28 10:23:26 2014 +1100 +commit 58538d795e0b662f2f4e5a7193f1204bbe992ddd +Author: Darren Tucker +Date: Wed Jun 11 13:39:24 2014 +1000 - - djm@cvs.openbsd.org 2014/01/26 10:49:17 - [scp-ssh-wrapper.sh scp.sh] - make sure $SCP is tested on the remote end rather than whichever one - happens to be in $PATH; from portable - (Id sync only) + - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for + compat stuff, specifically whether or not OpenSSL has ECC. -commit 624a3ca376e3955a4b9d936c9e899e241b65d357 -Author: Damien Miller -Date: Fri Feb 28 10:22:37 2014 +1100 +commit eb012ac581fd0abc16ee86ee3a68cf07c8ce4d08 +Author: Darren Tucker +Date: Wed Jun 11 13:10:00 2014 +1000 - - djm@cvs.openbsd.org 2014/01/26 10:22:10 - [regress/cert-hostkey.sh] - automatically generate revoked keys from listed keys rather than - manually specifying each type; from portable - (Id sync only) + - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an + assigment that might get optimized out. ok djm@ -commit b84392328425e4b9a71f8bde5fe6a4a4c48d3ec4 -Author: Damien Miller -Date: Fri Feb 28 10:21:26 2014 +1100 +commit b9609fd86c623d6d440e630f5f9a63295f7aea20 +Author: Darren Tucker +Date: Wed Jun 11 08:04:02 2014 +1000 - - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 - [regress/Makefile regress/dhgex.sh] - Add a test for DH GEX sizes + - (dtucker) [sshbuf.h] Only declare ECC functions if building without + OpenSSL or if OpenSSL has ECC. -commit 1e2aa3d90472293ea19008f02336d6d68aa05793 -Author: Damien Miller -Date: Fri Feb 28 10:19:51 2014 +1100 +commit a54a040f66944c6e8913df8635a01a2327219be9 +Author: Darren Tucker +Date: Wed Jun 11 07:58:35 2014 +1000 - - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 - [sftp-chroot.sh] - append to rather than truncating the log file + - dtucker@cvs.openbsd.org 2014/06/10 21:46:11 + [sshbuf.h] + Group ECC functions together to make things a little easier in -portable. + "doesn't bother me" deraadt@ -commit f483cc16fe7314e24a37aa3a4422b03c013c3213 -Author: Damien Miller -Date: Fri Feb 28 10:19:11 2014 +1100 +commit 9f92c53bad04a89067756be8198d4ec2d8a08875 +Author: Darren Tucker +Date: Wed Jun 11 07:57:58 2014 +1000 - - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 - [regress/sftp-chroot.sh] - Don't use -q on sftp as it suppresses logging, instead redirect the - output to the regress logfile. + - djm@cvs.openbsd.org 2014/06/05 22:17:50 + [sshconnect2.c] + fix inverted test that caused PKCS#11 keys that were explicitly listed + not to be preferred. Reported by Dirk-Willem van Gulik -commit 6486f16f1c0ebd6f39286f6ab5e08286d90a994a -Author: Damien Miller -Date: Fri Feb 28 10:03:52 2014 +1100 +commit 15c254a25394f96643da2ad0f674acdc51e89856 +Author: Darren Tucker +Date: Wed Jun 11 07:38:49 2014 +1000 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers + - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef + ECC variable too. -commit 92cf5adea194140380e6af6ec32751f9ad540794 -Author: Damien Miller -Date: Fri Feb 28 10:01:53 2014 +1100 +commit d7af0cc5bf273eeed0897a99420bc26841d07d8f +Author: Darren Tucker +Date: Wed Jun 11 07:37:25 2014 +1000 - - djm@cvs.openbsd.org 2014/02/27 22:57:40 - [version.h] - openssh-6.6 + - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in + the proposal if the version of OpenSSL we're using doesn't support ECC. -commit fc5d6759aba71eb205b296b5f148010ffc828583 -Author: Damien Miller -Date: Fri Feb 28 10:01:28 2014 +1100 +commit 67508ac2563c33d582be181a3e777c65f549d22f +Author: Darren Tucker +Date: Wed Jun 11 06:27:16 2014 +1000 - - djm@cvs.openbsd.org 2014/02/27 22:47:07 - [sshd_config.5] - bz#2184 clarify behaviour of a keyword that appears in multiple - matching Match blocks; ok dtucker@ + - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c + regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 + curve tests if OpenSSL has them. -commit 172ec7e0af1a5f1d682f6a2dca335c6c186153d5 +commit 6482d90a65459a88c18c925368525855832272b3 Author: Damien Miller -Date: Fri Feb 28 10:00:57 2014 +1100 +Date: Tue May 27 14:34:42 2014 +1000 - - djm@cvs.openbsd.org 2014/02/27 08:25:09 - [bufbn.c] - off by one in range check + - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] + [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege + separation user at runtime, since it may need to be a domain account. + Patch from Corinna Vinschen. -commit f9a9aaba437c2787e40cf7cc928281950e161678 +commit f9eb5e0734f7a7f6e975809eb54684d2a06a7ffc Author: Damien Miller -Date: Fri Feb 28 10:00:27 2014 +1100 +Date: Tue May 27 14:31:58 2014 +1000 - - djm@cvs.openbsd.org 2014/02/27 00:41:49 - [bufbn.c] - fix unsigned overflow that could lead to reading a short ssh protocol - 1 bignum value; found by Ben Hawkes; ok deraadt@ + - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config + from Corinna Vinschen, fixing a number of bugs and preparing for + Cygwin 1.7.30. -commit fb3423b612713d9cde67c8a75f6f51188d6a3de3 +commit eae88744662e6b149f43ef071657727f1a157d95 Author: Damien Miller -Date: Thu Feb 27 10:20:07 2014 +1100 +Date: Tue May 27 14:27:02 2014 +1000 - - markus@cvs.openbsd.org 2014/02/26 21:53:37 - [sshd.c] - ssh_gssapi_prepare_supported_oids needs GSSAPI + - (djm) [cipher.c] Fix merge botch. -commit 1348129a34f0f7728c34d86c100a32dcc8d1f922 +commit 564b5e253c1d95c26a00e8288f0089a2571661c3 Author: Damien Miller -Date: Thu Feb 27 10:18:32 2014 +1100 +Date: Thu May 22 08:23:59 2014 +1000 - - djm@cvs.openbsd.org 2014/02/26 20:29:29 - [channels.c] - don't assume that the socks4 username is \0 terminated; - spotted by Ben Hawkes; ok markus@ + - (djm) [Makefile.in] typo in path -commit e6a74aeeacd01d885262ff8e50eb28faee8c8039 +commit e84d10302aeaf7a1acb05c451f8718143656856a Author: Damien Miller -Date: Thu Feb 27 10:17:49 2014 +1100 +Date: Wed May 21 17:13:36 2014 +1000 - - djm@cvs.openbsd.org 2014/02/26 20:28:44 - [auth2-gss.c gss-serv.c ssh-gss.h sshd.c] - bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep - sandboxing, as running this code in the sandbox can cause violations; - ok markus@ + revert a diff I didn't mean to commit -commit 08b57c67f3609340ff703fe2782d7058acf2529e +commit 795b86313f1f1aab9691666c4f2d5dae6e4acd50 Author: Damien Miller -Date: Thu Feb 27 10:17:13 2014 +1100 +Date: Wed May 21 17:12:53 2014 +1000 - - djm@cvs.openbsd.org 2014/02/26 20:18:37 - [ssh.c] - bz#2205: avoid early hostname lookups unless canonicalisation is enabled; - ok dtucker@ markus@ + - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC + when it is available. It takes into account time spent suspended, + thereby ensuring timeouts (e.g. for expiring agent keys) fire + correctly. bz#2228 reported by John Haxby -commit 13f97b2286142fd0b8eab94e4ce84fe124eeb752 +commit 18912775cb97c0b1e75e838d3c7d4b56648137b5 Author: Damien Miller -Date: Mon Feb 24 15:57:55 2014 +1100 +Date: Wed May 21 17:06:46 2014 +1000 - - djm@cvs.openbsd.org 2014/02/23 20:11:36 - [readconf.c readconf.h ssh.c ssh_config.5] - reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes - the hostname. This allows users to write configurations that always - refer to canonical hostnames, e.g. - - CanonicalizeHostname yes - CanonicalDomains int.example.org example.org - CanonicalizeFallbackLocal no - - Host *.int.example.org - Compression off - Host *.example.org - User djm - - ok markus@ + - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use + vhangup on Linux. It doens't work for non-root users, and for them + it just messes up the tty settings. -commit bee3a234f3d1ad4244952bcff1b4b7c525330dc2 +commit 7f1c264d3049cd95234e91970ccb5406e1d15b27 Author: Damien Miller -Date: Mon Feb 24 15:57:22 2014 +1100 +Date: Thu May 15 18:01:52 2014 +1000 - - djm@cvs.openbsd.org 2014/02/23 20:03:42 - [ssh-ed25519.c] - check for unsigned overflow; not reachable in OpenSSH but others might - copy our code... + - (djm) [sshbuf.c] need __predict_false -commit 0628780abe61e7e50cba48cdafb1837f49ff23b2 +commit e7429f2be8643e1100380a8a7389d85cc286c8fe Author: Damien Miller -Date: Mon Feb 24 15:56:45 2014 +1100 +Date: Thu May 15 18:01:01 2014 +1000 - - djm@cvs.openbsd.org 2014/02/22 01:32:19 - [readconf.c] - when processing Match blocks, skip 'exec' clauses if previous predicates - failed to match; ok markus@ + - (djm) [regress/Makefile Makefile.in] + [regress/unittests/sshbuf/test_sshbuf.c + [regress/unittests/sshbuf/test_sshbuf_fixed.c] + [regress/unittests/sshbuf/test_sshbuf_fuzz.c] + [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] + [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] + [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] + [regress/unittests/sshbuf/test_sshbuf_misc.c] + [regress/unittests/sshbuf/tests.c] + [regress/unittests/test_helper/fuzz.c] + [regress/unittests/test_helper/test_helper.c] + Hook new unit tests into the build and "make tests" -commit 0890dc8191bb201eb01c3429feec0300a9d3a930 +commit def1de086707b0e6b046fe7e115c60aca0227a99 Author: Damien Miller -Date: Mon Feb 24 15:56:07 2014 +1100 +Date: Thu May 15 15:17:15 2014 +1000 - - djm@cvs.openbsd.org 2014/02/15 23:05:36 - [channels.c] - avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; - bz#2200, debian#738692 via Colin Watson; ok dtucker@ + - (djm) [regress/unittests/Makefile] + [regress/unittests/Makefile.inc] + [regress/unittests/sshbuf/Makefile] + [regress/unittests/sshbuf/test_sshbuf.c] + [regress/unittests/sshbuf/test_sshbuf_fixed.c] + [regress/unittests/sshbuf/test_sshbuf_fuzz.c] + [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] + [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] + [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] + [regress/unittests/sshbuf/test_sshbuf_misc.c] + [regress/unittests/sshbuf/tests.c] + [regress/unittests/test_helper/Makefile] + [regress/unittests/test_helper/fuzz.c] + [regress/unittests/test_helper/test_helper.c] + [regress/unittests/test_helper/test_helper.h] + Import new unit tests from OpenBSD; not yet hooked up to build. -commit d3cf67e1117c25d151d0f86396e77ee3a827045a +commit 167685756fde8bc213a8df2c8e1848e312db0f46 Author: Damien Miller -Date: Mon Feb 24 15:55:36 2014 +1100 - - - djm@cvs.openbsd.org 2014/02/07 06:55:54 - [cipher.c mac.c] - remove some logging that makes ssh debugging output very verbose; - ok markus - -commit 03ae081aeaa118361c81ece76eb7cc1aaa2b40c5 -Author: Tim Rice -Date: Fri Feb 21 09:09:34 2014 -0800 - - 20140221 - - (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery. - -commit 4a20959d2e3c90e9d66897c0b4032c785672d815 -Author: Darren Tucker -Date: Thu Feb 13 16:38:32 2014 +1100 +Date: Thu May 15 15:08:40 2014 +1000 - - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat - code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex. + - logan@cvs.openbsd.org 2014/05/04 10:40:59 + [connect-privsep.sh] + Remove the Z flag from the list of malloc options as it + was removed from malloc.c 10 days ago. + + OK from miod@ -commit d1a7a9c0fd1ac2e3314cceb2891959fd2cd9eabb +commit d0b69fe90466920d69c96069312e24b581771bd7 Author: Damien Miller -Date: Fri Feb 7 09:24:33 2014 +1100 +Date: Thu May 15 15:08:19 2014 +1000 - - djm@cvs.openbsd.org 2014/02/06 22:21:01 - [sshconnect.c] - in ssh_create_socket(), only do the getaddrinfo for BindAddress when - BindAddress is actually specified. Fixes regression in 6.5 for - UsePrivilegedPort=yes; patch from Corinna Vinschen + - dtucker@cvs.openbsd.org 2014/05/03 18:46:14 + [proxy-connect.sh] + Add tests for with and without compression, with and without privsep. -commit 6ce35b6cc4ead1bf98abec34cb2e2d6ca0abb15e +commit edb1af50441d19fb2dd9ccb4d75bf14473fca584 Author: Damien Miller -Date: Fri Feb 7 09:24:14 2014 +1100 +Date: Thu May 15 15:07:53 2014 +1000 - - naddy@cvs.openbsd.org 2014/02/05 20:13:25 - [ssh-keygen.1 ssh-keygen.c] - tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ - while here, fix ordering in usage(); requested by jmc@ + - djm@cvs.openbsd.org 2014/04/21 22:15:37 + [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh] + repair regress tests broken by server-side default cipher/kex/mac changes + by ensuring that the option under test is included in the server's + algorithm list -commit 6434cb2cfbbf0a46375d2d22f2ff9927feb5e478 +commit 54343e95c70994695f8842fb22836321350198d3 Author: Damien Miller -Date: Thu Feb 6 11:17:50 2014 +1100 - - - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define - __NR_shutdown; some go via the socketcall(2) multiplexer. - -commit 8d36f9ac71eff2e9f5770c0518b73d875f270647 -Author: Darren Tucker -Date: Thu Feb 6 10:44:13 2014 +1100 +Date: Thu May 15 15:07:33 2014 +1000 - - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL - before freeing since free(NULL) is a no-op. ok djm. + - djm@cvs.openbsd.org 2014/03/13 20:44:49 + [login-timeout.sh] + this test is a sorry mess of race conditions; add another sleep + to avoid a failure on slow machines (at least until I find a + better way) -commit a0959da3680b4ce8cf911caf3293a6d90f88eeb7 +commit e5b9f0f2ee6e133894307e44e862b66426990733 Author: Damien Miller -Date: Wed Feb 5 10:33:45 2014 +1100 +Date: Thu May 15 14:58:07 2014 +1000 - - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by - headers/libc but not supported by the kernel. Patch from Loganaden - Velvindron @ AfriNIC + - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c] + [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes -commit 9c449bc183b256c84d8f740727b0bc54d247b15e +commit b9c566788a9ebd6a9d466f47a532124f111f0542 Author: Damien Miller -Date: Tue Feb 4 11:38:28 2014 +1100 +Date: Thu May 15 14:43:37 2014 +1000 - - (djm) [regress/setuid-allowed.c] Missing string.h for strerror() + - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write + portability glue to support building without libcrypto -commit bf7e0f03be661b6f5b3bfe325135ce19391f9c4d +commit 3dc27178b42234b653a32f7a87292d7994045ee3 Author: Damien Miller -Date: Tue Feb 4 11:37:50 2014 +1100 +Date: Thu May 15 14:37:59 2014 +1000 - - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o + - logan@cvs.openbsd.org 2014/05/05 07:02:30 + [sftp.c] + Zap extra whitespace. + + OK from djm@ and dtucker@ -commit eb6d870a0ea8661299bb2ea8f013d3ace04e2024 +commit c31a0cd5b31961f01c5b731f62a6cb9d4f767472 Author: Damien Miller -Date: Tue Feb 4 11:26:34 2014 +1100 +Date: Thu May 15 14:37:39 2014 +1000 - - djm@cvs.openbsd.org 2014/02/04 00:24:29 - [ssh.c] - delay lowercasing of hostname until right before hostname - canonicalisation to unbreak case-sensitive matching of ssh_config; - reported by Ike Devolder; ok markus@ + - markus@cvs.openbsd.org 2014/05/03 17:20:34 + [monitor.c packet.c packet.h] + unbreak compression, by re-init-ing the compression code in the + post-auth child. the new buffer code is more strict, and requires + buffer_init() while the old code was happy after a bzero(); + originally from djm@ -commit d56b44d2dfa093883a5c4e91be3f72d99946b170 +commit 686c7d9ee6f44b2be4128d7860b6b37adaeba733 Author: Damien Miller -Date: Tue Feb 4 11:26:04 2014 +1100 +Date: Thu May 15 14:37:03 2014 +1000 - - djm@cvs.openbsd.org 2014/02/04 00:24:29 - [ssh.c] - delay lowercasing of hostname until right before hostname - canonicalisation to unbreak case-sensitive matching of ssh_config; - reported by Ike Devolder; ok markus@ + - djm@cvs.openbsd.org 2014/05/02 03:27:54 + [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] + [misc.h poly1305.h ssh-pkcs11.c defines.h] + revert __bounded change; it causes way more problems for portable than + it solves; pointed out by dtucker@ -commit db3c595ea74ea9ccd5aa644d7e1f8dc675710731 +commit 294c58a007cfb2f3bddc4fc3217e255857ffb9bf Author: Damien Miller -Date: Tue Feb 4 11:25:45 2014 +1100 +Date: Thu May 15 14:35:03 2014 +1000 - - djm@cvs.openbsd.org 2014/02/02 03:44:31 - [digest-libc.c digest-openssl.c] - convert memset of potentially-private data to explicit_bzero() + - naddy@cvs.openbsd.org 2014/04/30 19:07:48 + [mac.c myproposal.h umac.c] + UMAC can use our local fallback implementation of AES when OpenSSL isn't + available. Glue code straight from Ted Krovetz's original umac.c. + ok markus@ -commit aae07e2e2000dd318418fd7fd4597760904cae32 +commit 05e82c3b963c33048128baf72a6f6b3a1c10b4c1 Author: Damien Miller -Date: Tue Feb 4 11:20:40 2014 +1100 +Date: Thu May 15 14:33:43 2014 +1000 - - djm@cvs.openbsd.org 2014/02/03 23:28:00 - [ssh-ecdsa.c] - fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike - DSA_SIG_new. Reported by Batz Spear; ok markus@ + - djm@cvs.openbsd.org 2014/04/30 05:29:56 + [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] + [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] + [ssherr.h] + New buffer API; the first installment of the conversion/replacement + of OpenSSH's internals to make them usable as a standalone library. + + This includes a set of wrappers to make it compatible with the + existing buffer API so replacement can occur incrementally. + + With and ok markus@ + + Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew + Dempsky and Ron Bowes for a detailed review. -commit a5103f413bde6f31bff85d6e1fd29799c647d765 +commit 380948180f847a26f2d0c85b4dad3dca2ed2fd8b Author: Damien Miller -Date: Tue Feb 4 11:20:14 2014 +1100 +Date: Thu May 15 14:25:18 2014 +1000 - - djm@cvs.openbsd.org 2014/02/02 03:44:32 - [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] - [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] - [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] - [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] - [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] - [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] - [sshd.c] - convert memset of potentially-private data to explicit_bzero() + - dtucker@cvs.openbsd.org 2014/04/29 20:36:51 + [sftp.c] + Don't attempt to append a nul quote char to the filename. Should prevent + fatal'ing with "el_insertstr failed" when there's a single quote char + somewhere in the string. bz#2238, ok markus@ -commit 1d2c4564265ee827147af246a16f3777741411ed +commit d7fd8bedd4619a2ec7fd02aae4c4e1db4431ad9f Author: Damien Miller -Date: Tue Feb 4 11:18:20 2014 +1100 +Date: Thu May 15 14:24:59 2014 +1000 - - tedu@cvs.openbsd.org 2014/01/31 16:39:19 - [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] - [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] - [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] - [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] - [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] - replace most bzero with explicit_bzero, except a few that cna be memset - ok djm dtucker + - dtucker@cvs.openbsd.org 2014/04/29 19:58:50 + [sftp.c] + Move nulling of variable next to where it's freed. ok markus@ -commit 3928de067c286683a95fbdbdb5fdb3c78a0e5efd +commit 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Author: Damien Miller -Date: Tue Feb 4 11:13:54 2014 +1100 +Date: Thu May 15 14:24:09 2014 +1000 - - djm@cvs.openbsd.org 2014/01/30 22:26:14 - [sandbox-systrace.c] - allow shutdown(2) syscall in sandbox - it may be called by packet_close() - from portable - (Id sync only; change is already in portable) + - markus@cvs.openbsd.org 2014/04/29 18:01:49 + [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] + [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] + [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] + [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] + make compiling against OpenSSL optional (make OPENSSL=no); + reduces algorithms to curve25519, aes-ctr, chacha, ed25519; + allows us to explore further options; with and ok djm -commit e1e480aee8a9af6cfbe7188667b7b940d6b57f9f +commit c5893785564498cea73cb60d2cf199490483e080 Author: Damien Miller -Date: Tue Feb 4 11:13:17 2014 +1100 +Date: Thu May 15 13:48:49 2014 +1000 - - jmc@cvs.openbsd.org 2014/01/29 14:04:51 - [sshd_config.5] - document kbdinteractiveauthentication; - requested From: Ross L Richardson - - dtucker/markus helped explain its workings; + - djm@cvs.openbsd.org 2014/04/29 13:10:30 + [clientloop.c serverloop.c] + bz#1818 - don't send channel success/failre replies on channels that + have sent a close already; analysis and patch from Simon Tatham; + ok markus@ -commit 7cc194f70d4a5ec9a82d19422eaf18db4a6624c6 +commit 633de33b192d808d87537834c316dc8b75fe1880 Author: Damien Miller -Date: Tue Feb 4 11:12:56 2014 +1100 +Date: Thu May 15 13:48:26 2014 +1000 - - djm@cvs.openbsd.org 2014/01/29 06:18:35 - [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] - [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] - [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] - remove experimental, never-enabled JPAKE code; ok markus@ + - djm@cvs.openbsd.org 2014/04/28 03:09:18 + [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] + [ssh-keygen.c] + buffer_get_string_ptr's return should be const to remind + callers that futzing with it will futz with the actual buffer + contents -commit b0f26544cf6f4feeb1a4f6db09fca834f5c9867d +commit 15271907843e4ae50dcfc83b3594014cf5e9607b Author: Damien Miller -Date: Tue Feb 4 11:10:01 2014 +1100 +Date: Thu May 15 13:47:56 2014 +1000 - - djm@cvs.openbsd.org 2014/01/29 00:19:26 - [sshd.c] - use kill(0, ...) instead of killpg(0, ...); on most operating systems - they are equivalent, but SUSv2 describes the latter as having undefined - behaviour; from portable; ok dtucker - (Id sync only; change is already in portable) + - djm@cvs.openbsd.org 2014/04/23 12:42:34 + [readconf.c] + don't record duplicate IdentityFiles -commit f8f35bc471500348bb262039fb1fc43175d251b0 +commit 798a02568b13a2e46efebd81f08c8f4bb33a6dc7 Author: Damien Miller -Date: Tue Feb 4 11:09:12 2014 +1100 +Date: Thu May 15 13:47:37 2014 +1000 - - jmc@cvs.openbsd.org 2014/01/28 14:13:39 - [ssh-keyscan.1] - kill some bad Pa; - From: Jan Stary + - jmc@cvs.openbsd.org 2014/04/22 14:16:30 + [sftp.1] + zap eol whitespace; -commit 0ba85d696ae9daf66002c2e4ab0d6bb111e1a787 +commit d875ff78d2b8436807381051de112f0ebf9b9ae1 Author: Damien Miller -Date: Tue Feb 4 11:08:38 2014 +1100 +Date: Thu May 15 13:47:15 2014 +1000 - ignore a few more regress droppings + - logan@cvs.openbsd.org 2014/04/22 12:42:04 + [sftp.1] + Document sftp upload resume. + OK from djm@, with feedback from okan@. -commit ec93d15170b7a6ddf63fd654bd0f6a752acc19dd +commit b15cd7bb097fd80dc99520f45290ef775da1ef19 Author: Damien Miller -Date: Tue Feb 4 11:07:13 2014 +1100 +Date: Thu May 15 13:46:52 2014 +1000 - - markus@cvs.openbsd.org 2014/01/27 20:13:46 - [digest.c digest-openssl.c digest-libc.c Makefile.in] - rename digest.c to digest-openssl.c and add libc variant; ok djm@ + - logan@cvs.openbsd.org 2014/04/22 10:07:12 + [sftp.c] + Sort the sftp command list. + OK from djm@ -commit 4a1c7aa640fb97d3472d51b215b6a0ec0fd025c7 +commit d8accc0aa72656ba63d50937165c5ae49db1dcd6 Author: Damien Miller -Date: Tue Feb 4 11:03:36 2014 +1100 +Date: Thu May 15 13:46:25 2014 +1000 - - markus@cvs.openbsd.org 2014/01/27 19:18:54 - [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c] - replace openssl MD5 with our ssh_digest_*; ok djm@ + - logan@cvs.openbsd.org 2014/04/21 14:36:16 + [sftp-client.c sftp-client.h sftp.c] + Implement sftp upload resume support. + OK from djm@, with input from guenther@, mlarkin@ and + okan@ -commit 4e8d937af79ce4e253f77ec93489d098b25becc3 +commit 16cd3928a87d20c77b13592a74b60b08621d3ce6 Author: Damien Miller -Date: Tue Feb 4 11:02:42 2014 +1100 +Date: Thu May 15 13:45:58 2014 +1000 - - markus@cvs.openbsd.org 2014/01/27 18:58:14 - [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] - replace openssl HMAC with an implementation based on our ssh_digest_* - ok and feedback djm@ + - logan@cvs.openbsd.org 2014/04/20 09:24:26 + [dns.c dns.h ssh-keygen.c] + Add support for SSHFP DNS records for ED25519 key types. + OK from djm@ -commit 69d0d09f76bab5aec86fbf78489169f63bd16475 -Author: Tim Rice -Date: Fri Jan 31 14:25:18 2014 -0800 +commit ec0b67eb3b4e12f296ced1fafa01860c374f7eea +Author: Damien Miller +Date: Thu May 15 13:45:26 2014 +1000 - - (tim) [Makefile.in] build regress/setuid-allow. + - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine + OpenBSD -commit 0eeafcd76b972a3d159f3118227c149a4d7817fe +commit f028460d0b2e5a584355321015cde69bf6fd933e Author: Darren Tucker -Date: Fri Jan 31 14:18:51 2014 +1100 - - - (dtucker) [readconf.c] Include for the hton macros. Fixes - build with HP-UX's compiler. Patch from Kevin Brott. - -commit 7e5cec6070673e9f9785ffc749837ada22fbe99f -Author: Damien Miller -Date: Fri Jan 31 09:25:34 2014 +1100 +Date: Thu May 1 02:24:35 2014 +1000 - - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) - syscall from sandboxes; it may be called by packet_close. + - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already + have it. Only attempt to use __attribute__(__bounded__) for gcc. -commit cdb6c90811caa5df2df856be9b0b16db020fe31d +commit b628cc4c3e4a842bab5e4584d18c2bc5fa4d0edf Author: Damien Miller -Date: Thu Jan 30 12:50:17 2014 +1100 +Date: Sun Apr 20 13:33:58 2014 +1000 - - (djm) Release openssh-6.5p1 + - djm@cvs.openbsd.org 2014/04/20 02:49:32 + [compat.c] + add a canonical 6.6 + curve25519 bignum fix fake version that I can + recommend people use ahead of the openssh-6.7 release -commit 996ea80b1884b676a901439f1f2681eb6ff68501 +commit 888566913933a802f3a329ace123ebcb7154cf78 Author: Damien Miller -Date: Thu Jan 30 12:49:55 2014 +1100 +Date: Sun Apr 20 13:33:19 2014 +1000 - trim entries prior to openssh-6.0p1 + - djm@cvs.openbsd.org 2014/04/20 02:30:25 + [misc.c misc.h umac.c] + use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on + strict-alignment architectures; reported by and ok stsp@ -commit f5bbd3b657b6340551c8a95f74a70857ff8fac79 +commit 16f85cbc7e5139950e6a38317e7c8b368beafa5d Author: Damien Miller -Date: Thu Jan 30 11:26:46 2014 +1100 +Date: Sun Apr 20 13:29:28 2014 +1000 - - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering - different symbols for 'read' when various compiler flags are - in use, causing atomicio.c comparisons against it to break and - read/write operations to hang; ok dtucker + - tedu@cvs.openbsd.org 2014/04/19 18:42:19 + [ssh.1] + delete .xr to hosts.equiv. there's still an unfortunate amount of + documentation referring to rhosts equivalency in here. -commit c2868192ddc4e1420a50389e18c05db20b0b1f32 +commit 69cb24b7356ec3f0fc5ff04a68f98f2c55c766f4 Author: Damien Miller -Date: Thu Jan 30 10:21:19 2014 +1100 +Date: Sun Apr 20 13:29:06 2014 +1000 - - (djm) [configure.ac] Only check for width-specified integer types - in headers that actually exist. patch from Tom G. Christensen; - ok dtucker@ + - tedu@cvs.openbsd.org 2014/04/19 18:15:16 + [sshd.8] + remove some really old rsh references -commit c161fc90fc86e2035710570238a9e1ca7a68d2a5 +commit 84c1e7bca8c4ceaccf4d5557e39a833585a3c77e Author: Damien Miller -Date: Wed Jan 29 21:01:33 2014 +1100 - - - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from - Tom G. Christensen - -commit 6f917ad376481995ab7d29fb53b08ec8d507eb9e -Author: Tim Rice -Date: Tue Jan 28 10:26:25 2014 -0800 +Date: Sun Apr 20 13:27:53 2014 +1000 - - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable - when used as an error message inside an if statement so we display the - correct into. agent.sh patch from Petr Lautrbach. + - tedu@cvs.openbsd.org 2014/04/19 14:53:48 + [ssh-keysign.c sshd.c] + Delete futile calls to RAND_seed. ok djm + NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon -commit ab16ef4152914d44ce6f76e48167d26d22f66a06 +commit 0e6b67423b8662f9ca4c92750309e144fd637ef1 Author: Damien Miller -Date: Tue Jan 28 15:08:12 2014 +1100 +Date: Sun Apr 20 13:27:01 2014 +1000 - - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the - latter being specified to have undefined behaviour in SUSv3; - ok dtucker + - djm@cvs.openbsd.org 2014/04/19 05:54:59 + [compat.c] + missing wildcard; pointed out by naddy@ -commit ab0394905884dc6e58c3721211c6b38fb8fc2ca8 +commit 9395b28223334826837c15e8c1bb4dfb3b0d2ca5 Author: Damien Miller -Date: Tue Jan 28 15:07:10 2014 +1100 - - - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; - ok dtucker - -commit 4ab20a82d4d4168d62318923f62382f6ef242fcd -Author: Darren Tucker -Date: Mon Jan 27 17:35:04 2014 +1100 - - - (dtucker) [Makefile.in] Remove trailing backslash which some make - implementations (eg older Solaris) do not cope with. - -commit e7e8b3cfe9f8665faaf0e68b33df5bbb431bd129 -Author: Darren Tucker -Date: Mon Jan 27 17:32:50 2014 +1100 +Date: Sun Apr 20 13:25:30 2014 +1000 - Welcome to 2014 + - djm@cvs.openbsd.org 2014/04/18 23:52:25 + [compat.c compat.h sshconnect2.c sshd.c version.h] + OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections + using the curve25519-sha256@libssh.org KEX exchange method to fail + when connecting with something that implements the spec properly. + + Disable this KEX method when speaking to one of the affected + versions. + + reported by Aris Adamantiadis; ok markus@ -commit 5b447c0aac0dd444251e276f6bb3bbbe1c05331c +commit 8c492da58f8ceb85cf5f7066f23e26fb813a963d Author: Damien Miller -Date: Sun Jan 26 09:46:53 2014 +1100 +Date: Sun Apr 20 13:25:09 2014 +1000 - - (djm) [configure.ac] correct AC_DEFINE for previous. + - djm@cvs.openbsd.org 2014/04/16 23:28:12 + [ssh-agent.1] + remove the identity files from this manpage - ssh-agent doesn't deal + with them at all and the same information is duplicated in ssh-add.1 + (which does deal with them); prodded by deraadt@ -commit 2035b2236d3b1f76c749c642a43e03c85eae76e6 +commit adbfdbbdccc70c9bd70d81ae096db115445c6e26 Author: Damien Miller -Date: Sun Jan 26 09:39:53 2014 +1100 +Date: Sun Apr 20 13:24:49 2014 +1000 - - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable - RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, - libc will attempt to open additional file descriptors for crypto - offload and crash if they cannot be opened. + - djm@cvs.openbsd.org 2014/04/16 23:22:45 + [bufaux.c] + skip leading zero bytes in buffer_put_bignum2_from_string(); + reported by jan AT mojzis.com; ok markus@ -commit a92ac7410475fbb00383c7402aa954dc0a75ae19 +commit 75c62728dc87af6805696eeb520b9748faa136c8 Author: Damien Miller -Date: Sun Jan 26 09:38:03 2014 +1100 +Date: Sun Apr 20 13:24:31 2014 +1000 - - markus@cvs.openbsd.org 2014/01/25 20:35:37 - [kex.c] - dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) - ok dtucker@, noted by mancha + - djm@cvs.openbsd.org 2014/04/12 04:55:53 + [sshd.c] + avoid crash at exit: check that pmonitor!=NULL before dereferencing; + bz#2225, patch from kavi AT juniper.net -commit 76eea4ab4e658670ca6e76dd1e6d17f262208b57 +commit 2a328437fb1b0976f2f4522d8645803d5a5d0967 Author: Damien Miller -Date: Sun Jan 26 09:37:25 2014 +1100 +Date: Sun Apr 20 13:24:01 2014 +1000 - - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 - [cipher.c cipher.h kex.c kex.h kexgexc.c] - Add a special case for the DH group size for 3des-cbc, which has an - effective strength much lower than the key size. This causes problems - with some cryptlib implementations, which don't support group sizes larger - than 4k but also don't use the largest group size it does support as - specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, - reduced by me with input from Markus. ok djm@ markus@ + - djm@cvs.openbsd.org 2014/04/01 05:32:57 + [packet.c] + demote a debug3 to PACKET_DEBUG; ok markus@ -commit 603b8f47f1cd9ed95a2017447db8e60ca6704594 +commit 7d6a9fb660c808882d064e152d6070ffc3844c3f Author: Damien Miller -Date: Sat Jan 25 13:16:59 2014 +1100 +Date: Sun Apr 20 13:23:43 2014 +1000 - - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test - against the correct thing. + - djm@cvs.openbsd.org 2014/04/01 03:34:10 + [sshconnect.c] + When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any + certificate keys to plain keys and attempt SSHFP resolution. + + Prevents a server from skipping SSHFP lookup and forcing a new-hostkey + dialog by offering only certificate keys. + + Reported by mcv21 AT cam.ac.uk -commit c96d85376d779b6ac61525b5440010d344d2f23f +commit fcd62c0b66b8415405ed0af29c236329eb88cc0f Author: Damien Miller -Date: Sat Jan 25 13:12:28 2014 +1100 +Date: Sun Apr 20 13:23:21 2014 +1000 - - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless - sys/capability.h exists and cap_rights_limit is in libc. Fixes - build on FreeBSD9x which provides the header but not the libc - support. + - djm@cvs.openbsd.org 2014/04/01 02:05:27 + [ssh-keysign.c] + include fingerprint of key not found + use arc4random_buf() instead of loop+arc4random() -commit f62ecef9939cb3dbeb10602fd705d4db3976d822 +commit 43b156cf72f900f88065b0a1c1ebd09ab733ca46 Author: Damien Miller -Date: Sat Jan 25 12:34:38 2014 +1100 +Date: Sun Apr 20 13:23:03 2014 +1000 - - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD + - jmc@cvs.openbsd.org 2014/03/31 13:39:34 + [ssh-keygen.1] + the text for the -K option was inserted in the wrong place in -r1.108; + fix From: Matthew Clarke -commit b0e0f760b861676a3fe5c40133b270713d5321a9 +commit c1621c84f2dc1279065ab9fde2aa9327af418900 Author: Damien Miller -Date: Fri Jan 24 14:27:04 2014 +1100 - - - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make - the scp regress test actually test the built scp rather than the one - in $PATH. ok dtucker@ - -commit 42a092530159637da9cb7f9e1b5f4679e34a85e6 -Author: Darren Tucker -Date: Thu Jan 23 23:14:39 2014 +1100 - - - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously - incompatible with OpenBSD's despite post-dating it by more than a decade. - Declare it as broken, and document FreeBSD's as the same. ok djm@ - -commit 617da33c20cb59f9ea6c99c881d92493371ef7b8 -Author: Tim Rice -Date: Wed Jan 22 19:16:10 2014 -0800 +Date: Sun Apr 20 13:22:46 2014 +1000 - - (tim) [session.c] Improve error reporting on set_id(). + - naddy@cvs.openbsd.org 2014/03/28 05:17:11 + [ssh_config.5 sshd_config.5] + sync available and default algorithms, improve algorithm list formatting + help from jmc@ and schwarze@, ok deraadt@ -commit 5c2ff5e31f57d303ebb414d84a934c02728fa568 +commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054 Author: Damien Miller -Date: Wed Jan 22 21:30:12 2014 +1100 +Date: Sun Apr 20 13:22:18 2014 +1000 - - (djm) [configure.ac aclocal.m4] More tests to detect fallout from - platform hardening options: include some long long int arithmatic - to detect missing support functions for -ftrapv in libgcc and - equivalents, actually test linking when -ftrapv is supplied and - set either both -pie/-fPIE or neither. feedback and ok dtucker@ + - tedu@cvs.openbsd.org 2014/03/26 19:58:37 + [sshd.8 sshd.c] + remove libwrap support. ok deraadt djm mfriedl -commit 852472a54b8a0dc3e53786b313baaa86850a4273 +commit 4f40209aa4060b9c066a2f0d9332ace7b8dfb391 Author: Damien Miller -Date: Wed Jan 22 16:31:18 2014 +1100 +Date: Sun Apr 20 13:21:22 2014 +1000 - - (djm) [configure.ac] Unless specifically requested, only attempt - to build Position Independent Executables on gcc >= 4.x; ok dtucker + - djm@cvs.openbsd.org 2014/03/26 04:55:35 + [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c + [misc.h poly1305.h ssh-pkcs11.c] + use __bounded(...) attribute recently added to sys/cdefs.h instead of + longform __attribute__(__bounded(...)); + + for brevity and a warning free compilation with llvm/clang -commit ee87838786cef0194db36ae0675b3e7c4e8ec661 +commit 9235a030ad1b16903fb495d81544e0f7c7449523 Author: Damien Miller -Date: Wed Jan 22 16:30:15 2014 +1100 +Date: Sun Apr 20 13:17:20 2014 +1000 - - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a - platform that is expected to use the reuse-argv style setproctitle - hack surprises us by providing a setproctitle in libc; ok dtucker + Three commits in one (since they touch the same heavily-diverged file + repeatedly): + + - markus@cvs.openbsd.org 2014/03/25 09:40:03 + [myproposal.h] + trimm default proposals. + + This commit removes the weaker pre-SHA2 hashes, the broken ciphers + (arcfour), and the broken modes (CBC) from the default configuration + (the patch only changes the default, all the modes are still available + for the config files). + + ok djm@, reminded by tedu@ & naddy@ and discussed with many + - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 + [myproposal.h] + The current sharing of myproposal[] between both client and server code + makes the previous diff highly unpallatable. We want to go in that + direction for the server, but not for the client. Sigh. + Brought up by naddy. + - markus@cvs.openbsd.org 2014/03/27 23:01:27 + [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] + disable weak proposals in sshd, but keep them in ssh; ok djm@ -commit 5c96a154c7940fa67b1f11c421e390dbbc159f27 +commit 6e1777f592f15f4559728c78204617537b1ac076 Author: Damien Miller -Date: Tue Jan 21 13:10:26 2014 +1100 - - - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE - and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of - detecting toolchain-related problems; ok dtucker - -commit 9464ba6fb34bb42eb3501ec3c5143662e75674bf -Author: Tim Rice -Date: Mon Jan 20 17:59:28 2014 -0800 - - - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced - with sftp chroot support. Move set_id call after chroot. - -commit a6d573caa14d490e6c42fb991bcb5c6860ec704b -Author: Darren Tucker -Date: Tue Jan 21 12:50:46 2014 +1100 - - - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time - tests in the configure output. ok djm. - -commit 096118dc73ab14810b3c12785c0b5acb01ad6123 -Author: Darren Tucker -Date: Tue Jan 21 12:48:51 2014 +1100 +Date: Sun Apr 20 13:02:58 2014 +1000 - - (dtucker) [configure.ac] Make PIE a configure-time option which defaults - to on platforms where it's known to be reliably detected and off elsewhere. - Works around platforms such as FreeBSD 9.1 where it does not interop with - -ftrapv (it seems to work but fails when trying to link ssh). ok djm@ + - tedu@cvs.openbsd.org 2014/03/19 14:42:44 + [scp.1] + there is no need for rcp anymore + ok deraadt millert -commit f9df7f6f477792254eab33cdef71a6d66488cb88 +commit eb1b7c514d2a7b1802ccee8cd50e565a4d419887 Author: Damien Miller -Date: Mon Jan 20 20:07:15 2014 +1100 - - - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that - skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@ - -commit c74e70eb52ccc0082bd5a70b5798bb01c114d138 -Author: Darren Tucker -Date: Mon Jan 20 13:18:09 2014 +1100 +Date: Sun Apr 20 13:02:26 2014 +1000 - - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos - implementation does not have krb5_cc_new_unique, similar to what we do - in auth-krb5.c. + - tedu@cvs.openbsd.org 2014/03/17 19:44:10 + [ssh.1] + old descriptions of des and blowfish are old. maybe ok deraadt -commit 3510979e83b6a18ec8773c64c3fa04aa08b2e783 +commit f0858de6e1324ec730752387074b111b8551081e Author: Damien Miller -Date: Mon Jan 20 12:41:53 2014 +1100 - - - djm@cvs.openbsd.org 2014/01/20 00:08:48 - [digest.c] - memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@ - -commit 7eee358d7a6580479bee5cd7e52810ebfd03e5b2 -Author: Darren Tucker -Date: Sun Jan 19 22:37:02 2014 +1100 - - - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 - [addrmatch.c] - Cast the sizeof to socklen_t so it'll work even if the supplied len is - negative. Suggested by and ok djm, ok deraadt. - -commit b7e01c09b56ab26e8fac56bbce0fd25e36d12bb0 -Author: Darren Tucker -Date: Sun Jan 19 22:36:13 2014 +1100 - - - djm@cvs.openbsd.org 2014/01/19 04:48:08 - [ssh_config.5] - fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal - -commit 7b1ded04adce42efa25ada7c3a39818d3109b724 -Author: Darren Tucker -Date: Sun Jan 19 15:30:02 2014 +1100 - - - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 - [canohost.c addrmatch.c] - Cast socklen_t when comparing to size_t and use socklen_t to iterate over - the ip options, both to prevent signed/unsigned comparison warnings. - Patch from vinschen at redhat via portable openssh, begrudging ok deraadt. - -commit 293ee3c9f0796d99ebb033735f0e315f2e0180bf -Author: Darren Tucker -Date: Sun Jan 19 15:28:01 2014 +1100 - - - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 - [session.c] - explicitly define USE_PIPES to 1 to prevent redefinition warnings in - portable on platforms that use pipes for everything. From redhat @ - redhat. - -commit 2aca159d05f9e7880d1d8f1ce49a218840057f53 -Author: Darren Tucker -Date: Sun Jan 19 15:25:34 2014 +1100 - - - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 - [sftp-server.c] - fix log message statvfs. ok djm - -commit 841f7da89ae8b367bb502d61c5c41916c6e7ae4c -Author: Darren Tucker -Date: Sat Jan 18 22:12:15 2014 +1100 - - - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the - return value check for cap_enter() consistent with the other uses in - FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. - -commit fdce3731660699b2429e93e822f2ccbaccd163ae -Author: Darren Tucker -Date: Sat Jan 18 21:12:42 2014 +1100 - - - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs, - optind) are defined in getopt.h already. Unfortunately they are defined as - "declspec(dllimport)" for historical reasons, because the GNU linker didn't - allow auto-import on PE/COFF targets way back when. The problem is the - dllexport attributes collide with the definitions in the various source - files in OpenSSH, which obviousy define the variables without - declspec(dllimport). The least intrusive way to get rid of these warnings - is to disable warnings for GCC compiler attributes when building on Cygwin. - Patch from vinschen at redhat.com. - -commit 1411c9263f46e1ee49d0d302bf7258ebe69ce827 -Author: Darren Tucker -Date: Sat Jan 18 21:03:59 2014 +1100 - - - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function - declarations that stopped being included when we stopped including - from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at - redhat.com. - -commit 89c532d843c95a085777c66365067d64d1937eb9 -Author: Darren Tucker -Date: Sat Jan 18 20:43:49 2014 +1100 - - - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch - from vinschen at redhat.com - -commit 355f861022be7b23d3009fae8f3c9f6f7fc685f7 -Author: Darren Tucker -Date: Sat Jan 18 00:12:38 2014 +1100 - - - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after - they're defined if we have to define them ourselves. Fixes builds on old - AIX. - -commit a3357661ee1d5d553294f36e4940e8285c7f1332 -Author: Darren Tucker -Date: Sat Jan 18 00:03:57 2014 +1100 - - - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on - Solaris. - -commit 9edcbff46ff01c8d5dee9c1aa843f09e9ad8a80e -Author: Darren Tucker -Date: Fri Jan 17 21:54:32 2014 +1100 - - - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off - stack-protector since that has a separate flag that's been around a while. - -commit 6d725687c490d4ba957a1bbc0ba0a2956c09fa69 -Author: Darren Tucker -Date: Fri Jan 17 19:17:34 2014 +1100 - - - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. - -commit 5055699c7f7c7ef21703a443ec73117da392f6ae -Author: Darren Tucker -Date: Fri Jan 17 18:48:22 2014 +1100 - - - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we - need them to cut down on the name collisions. - -commit a5cf1e220def07290260e4125e74f41ac75cf88d -Author: Darren Tucker -Date: Fri Jan 17 18:10:58 2014 +1100 - - - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c - openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs - to be useful (and for the regression tests to pass) on platforms that - have statfs and fstatfs. ok djm@ - -commit 1357d71d7b6d269969520aaa3e84d312ec971d5b -Author: Darren Tucker -Date: Fri Jan 17 18:00:40 2014 +1100 - - - (dtucker) Fix typo in #ifndef. - -commit d23a91ffb289d3553a58b7a60cec39fba9f0f506 -Author: Darren Tucker -Date: Fri Jan 17 17:32:30 2014 +1100 +Date: Sun Apr 20 13:01:30 2014 +1000 - - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c - openbsd-compat/openssl-compat.h] Add compatibility layer for older - openssl versions. ok djm@ + - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 + [ssh-agent.c ssh-keygen.1 ssh-keygen.c] + Improve usage() and documentation towards the standard form. + In particular, this line saves a lot of man page reading time. + usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] + [-N new_passphrase] [-C comment] [-f output_keyfile] + ok schwarze jmc -commit 868ea1ea1c1bfdbee5dbad78f81999c5983ecf31 +commit 94bfe0fbd6e91a56b5b0ab94ac955d2a67d101aa Author: Damien Miller -Date: Fri Jan 17 16:47:04 2014 +1100 - - - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] - [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] - [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing - using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling - Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@ - -commit a9d186a8b50d18869a10e9203abf71c83ddb1f79 -Author: Darren Tucker -Date: Fri Jan 17 16:30:49 2014 +1100 - - - dtucker@cvs.openbsd.org 2014/01/17 05:26:41 - [digest.c] - remove unused includes. ok djm@ - -commit 5f1c57a7a7eb39c0e4fee3367712337dbcaef024 -Author: Darren Tucker -Date: Fri Jan 17 16:29:45 2014 +1100 - - - djm@cvs.openbsd.org 2014/01/17 00:21:06 - [sftp-client.c] - signed/unsigned comparison warning fix; from portable (Id sync only) - -commit c548722361d89fb12c108528f96b306a26477b18 -Author: Darren Tucker -Date: Fri Jan 17 15:12:16 2014 +1100 - - - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into - separate lines and alphabetize for easier diffing of changes. - -commit acad351a5b1c37de9130c9c1710445cc45a7f6b9 -Author: Darren Tucker -Date: Fri Jan 17 14:20:05 2014 +1100 - - - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that - don't have them. - -commit c3ed065ce8417aaa46490836648c173a5010f226 -Author: Darren Tucker -Date: Fri Jan 17 14:18:45 2014 +1100 - - - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside - #ifdef HAVE_STDINT_H. - -commit f45f78ae437062c7d9506c5f475b7215f486be44 -Author: Darren Tucker -Date: Fri Jan 17 12:43:43 2014 +1100 +Date: Sun Apr 20 13:00:51 2014 +1000 - - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include - includes.h to pull in all of the compatibility stuff. + - naddy@cvs.openbsd.org 2014/03/12 13:06:59 + [ssh-keyscan.1] + scan for Ed25519 keys by default too -commit 99df369d0340caac145d57f700d830147ff18b87 -Author: Darren Tucker -Date: Fri Jan 17 12:42:17 2014 +1100 +commit 3819519288b2b3928c6882f5883b0f55148f4fc0 +Author: Damien Miller +Date: Sun Apr 20 13:00:28 2014 +1000 - - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. + - djm@cvs.openbsd.org 2014/03/12 04:51:12 + [authfile.c] + correct test that kdf name is not "none" or "bcrypt" -commit ac413b62ea1957e80c711acbe0c11b908273fc01 -Author: Darren Tucker -Date: Fri Jan 17 12:31:33 2014 +1100 +commit 8f9cd709c7cf0655d414306a0ed28306b33802be +Author: Damien Miller +Date: Sun Apr 20 13:00:11 2014 +1000 - - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. + - djm@cvs.openbsd.org 2014/03/12 04:50:32 + [auth-bsdauth.c ssh-keygen.c] + don't count on things that accept arguments by reference to clear + things for us on error; most things do, but it's unsafe form. -commit 1c4a011e9c939e74815346a560843e1862c300b8 -Author: Darren Tucker -Date: Fri Jan 17 12:23:23 2014 +1100 +commit 1c7ef4be83f6dec84509a312518b9df00ab491d9 +Author: Damien Miller +Date: Sun Apr 20 12:59:46 2014 +1000 - - (dtucker) [loginrec.c] Cast to the types specfied in the format - specification to prevent warnings. + - djm@cvs.openbsd.org 2014/03/12 04:44:58 + [ssh-keyscan.c] + scan for Ed25519 keys by default too -commit c3d483f9a8275be1113535a1e0d0e384f605f3c4 +commit c10bf4d051c97939b30a1616c0499310057d07da Author: Damien Miller -Date: Fri Jan 17 11:20:26 2014 +1100 +Date: Sun Apr 20 12:58:04 2014 +1000 - - (djm) [sftp-client.c] signed/unsigned comparison fix + - djm@cvs.openbsd.org 2014/03/03 22:22:30 + [session.c] + ignore enviornment variables with embedded '=' or '\0' characters; + spotted by Jann Horn; ok deraadt@ + Id sync only - portable already has this. -commit fd994379dd972417d0491767f7cd9b5bf23f4975 -Author: Darren Tucker -Date: Fri Jan 17 09:53:24 2014 +1100 +commit c2e49062faccbcd7135c40d1c78c5c329c58fc2e +Author: Damien Miller +Date: Tue Apr 1 14:42:46 2014 +1100 - - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain - hardening flags including -fstack-protector-strong. These default to on - if the toolchain supports them, but there is a configure-time knob - (--without-hardening) to disable them if necessary. ok djm@ + - (djm) Use full release (e.g. 6.5p1) in debug output rather than just + version. From des@des.no -commit 366224d21768ee8ec28cfbcc5fbade1b32582d58 +commit 14928b7492abec82afa4c2b778fc03f78cd419b6 Author: Damien Miller -Date: Thu Jan 16 18:51:44 2014 +1100 +Date: Tue Apr 1 14:38:07 2014 +1100 - - (djm) [README] update release notes URL. + - (djm) On platforms that support it, use prctl() to prevent sftp-server + from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net -commit 2ae77e64f8fa82cbf25c9755e8e847709b978b40 +commit 48abc47e60048461fe9117e108a7e99ea1ac2bb8 Author: Damien Miller -Date: Thu Jan 16 18:51:07 2014 +1100 +Date: Mon Mar 17 14:45:56 2014 +1100 - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank RPM spec version numbers. + - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to + remind myself to add sandbox violation logging via the log socket. -commit 0fa29e6d777c73a1b4ddd3b996b06ee20022ae8a -Author: Damien Miller -Date: Thu Jan 16 18:42:31 2014 +1100 +commit 9c36698ca2f554ec221dc7ef29c7a89e97c88705 +Author: Tim Rice +Date: Fri Mar 14 12:45:01 2014 -0700 - - djm@cvs.openbsd.org 2014/01/16 07:32:00 - [version.h] - openssh-6.5 + 20140314 + - (tim) [opensshd.init.in] Add support for ed25519 -commit 52c371cd6d2598cc73d4e633811b3012119c47e2 +commit 19158b2447e35838d69b2b735fb640d1e86061ea Author: Damien Miller -Date: Thu Jan 16 18:42:10 2014 +1100 +Date: Thu Mar 13 13:14:21 2014 +1100 - - djm@cvs.openbsd.org 2014/01/16 07:31:09 - [sftp-client.c] - needless and incorrect cast to size_t can break resumption of - large download; patch from tobias@ + - (djm) Release OpenSSH 6.6 -- cgit v1.1