aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2015-07-02 13:15:34 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2015-07-02 13:15:34 +0000
commitc1e0861503468de5ae00ed0e532f349ec78bec68 (patch)
tree14de9b5b2b4cbd1116ed28f9b7189c866585b230
parentc0bbca73c6f7f15d5401332151fc9f9755abaf8f (diff)
downloadsrc-c1e0861503468de5ae00ed0e532f349ec78bec68.tar.gz
src-c1e0861503468de5ae00ed0e532f349ec78bec68.zip
Vendor import of OpenSSH 6.8p1.vendor/openssh/6.8p1
Notes
Notes: svn path=/vendor-crypto/openssh/dist/; revision=285031 svn path=/vendor-crypto/openssh/6.8p1/; revision=285032; tag=vendor/openssh/6.8p1
-rw-r--r--.cvsignore28
-rw-r--r--ChangeLog12387
-rw-r--r--Makefile.in101
-rw-r--r--PROTOCOL53
-rw-r--r--PROTOCOL.krl9
-rw-r--r--README2
-rw-r--r--atomicio.c3
-rw-r--r--auth-options.c83
-rw-r--r--auth-options.h4
-rw-r--r--auth-rh-rsa.c4
-rw-r--r--auth-rhosts.c64
-rw-r--r--auth-rsa.c10
-rw-r--r--auth.c72
-rw-r--r--auth.h21
-rw-r--r--auth1.c4
-rw-r--r--auth2-chall.c7
-rw-r--r--auth2-gss.c22
-rw-r--r--auth2-hostbased.c36
-rw-r--r--auth2-pubkey.c82
-rw-r--r--auth2.c18
-rw-r--r--authfd.c840
-rw-r--r--authfd.h60
-rw-r--r--authfile.c125
-rw-r--r--authfile.h13
-rw-r--r--bitmap.c212
-rw-r--r--bitmap.h56
-rw-r--r--bufbn.c6
-rw-r--r--buffer.h1
-rw-r--r--canohost.c35
-rw-r--r--channels.c77
-rw-r--r--channels.h28
-rw-r--r--cipher-3des1.c21
-rw-r--r--cipher-aesctr.c11
-rw-r--r--cipher-bf1.c21
-rw-r--r--cipher-chachapoly.c3
-rw-r--r--cipher-ctr.c4
-rw-r--r--cipher.c10
-rw-r--r--cipher.h8
-rw-r--r--clientloop.c455
-rw-r--r--compat.c17
-rw-r--r--compat.h4
-rw-r--r--compress.c167
-rw-r--r--compress.h25
-rw-r--r--config.h.in41
-rwxr-xr-xconfigure29933
-rw-r--r--configure.ac911
-rw-r--r--contrib/Makefile4
-rw-r--r--contrib/caldera/openssh.spec365
-rwxr-xr-xcontrib/caldera/ssh-host-keygen36
-rwxr-xr-xcontrib/caldera/sshd.init125
-rw-r--r--contrib/caldera/sshd.pam8
-rw-r--r--contrib/cygwin/ssh-host-config30
-rw-r--r--contrib/cygwin/ssh-user-config27
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--deattack.c81
-rw-r--r--deattack.h11
-rw-r--r--defines.h25
-rw-r--r--dh.c62
-rw-r--r--dh.h6
-rw-r--r--digest-libc.c51
-rw-r--r--digest-openssl.c25
-rw-r--r--digest.h8
-rw-r--r--dispatch.c118
-rw-r--r--dispatch.h35
-rw-r--r--dns.c41
-rw-r--r--dns.h7
-rw-r--r--entropy.c12
-rw-r--r--ge25519.h4
-rw-r--r--groupaccess.c4
-rw-r--r--gss-genr.c3
-rw-r--r--gss-serv.c3
-rw-r--r--hmac.c6
-rw-r--r--hostfile.c625
-rw-r--r--hostfile.h64
-rw-r--r--includes.h5
-rw-r--r--kex.c657
-rw-r--r--kex.h195
-rw-r--r--kexc25519.c94
-rw-r--r--kexc25519c.c161
-rw-r--r--kexc25519s.c134
-rw-r--r--kexdh.c90
-rw-r--r--kexdhc.c199
-rw-r--r--kexdhs.c190
-rw-r--r--kexecdh.c85
-rw-r--r--kexecdhc.c221
-rw-r--r--kexecdhs.c201
-rw-r--r--kexgex.c108
-rw-r--r--kexgexc.c296
-rw-r--r--kexgexs.c263
-rw-r--r--key.c59
-rw-r--r--key.h8
-rw-r--r--krl.c845
-rw-r--r--krl.h38
-rw-r--r--loginrec.c10
-rw-r--r--mac.c96
-rw-r--r--mac.h30
-rw-r--r--misc.c6
-rw-r--r--moduli.06
-rw-r--r--moduli.c14
-rw-r--r--monitor.c395
-rw-r--r--monitor.h4
-rw-r--r--monitor_fdpass.c4
-rw-r--r--monitor_mm.c8
-rw-r--r--monitor_wrap.c255
-rw-r--r--monitor_wrap.h9
-rw-r--r--msg.c25
-rw-r--r--msg.h7
-rw-r--r--mux.c6
-rw-r--r--opacket.c349
-rw-r--r--opacket.h168
-rw-r--r--openbsd-compat/.cvsignore1
-rw-r--r--openbsd-compat/Makefile.in2
-rw-r--r--openbsd-compat/arc4random.c36
-rw-r--r--openbsd-compat/bcrypt_pbkdf.c29
-rw-r--r--openbsd-compat/bsd-misc.c14
-rw-r--r--openbsd-compat/fake-rfc2553.h3
-rw-r--r--openbsd-compat/getrrsetbyname-ldns.c2
-rw-r--r--openbsd-compat/md5.c251
-rw-r--r--openbsd-compat/md5.h51
-rw-r--r--openbsd-compat/openbsd-compat.h7
-rw-r--r--openbsd-compat/openssl-compat.c4
-rw-r--r--openbsd-compat/openssl-compat.h3
-rw-r--r--openbsd-compat/port-tun.c17
-rw-r--r--openbsd-compat/readpassphrase.c8
-rw-r--r--openbsd-compat/reallocarray.c46
-rw-r--r--openbsd-compat/regress/.cvsignore6
-rw-r--r--openbsd-compat/rmd160.c376
-rw-r--r--openbsd-compat/rmd160.h61
-rw-r--r--openbsd-compat/sha1.c177
-rw-r--r--openbsd-compat/sha1.h58
-rw-r--r--openbsd-compat/sha2.c40
-rw-r--r--openbsd-compat/sha2.h19
-rw-r--r--openbsd-compat/xcrypt.c2
-rw-r--r--packet.c2857
-rw-r--r--packet.h284
-rw-r--r--progressmeter.c6
-rw-r--r--progressmeter.h4
-rw-r--r--readconf.c519
-rw-r--r--readconf.h24
-rw-r--r--regress/.cvsignore31
-rw-r--r--regress/Makefile47
-rwxr-xr-xregress/agent-pkcs11.sh4
-rw-r--r--regress/agent-timeout.sh4
-rw-r--r--regress/agent.sh8
-rw-r--r--regress/broken-pipe.sh4
-rwxr-xr-xregress/cert-hostkey.sh111
-rw-r--r--regress/cfgmatch.sh23
-rw-r--r--regress/cipher-speed.sh8
-rw-r--r--regress/connect-privsep.sh8
-rw-r--r--regress/connect.sh4
-rw-r--r--regress/dynamic-forward.sh4
-rw-r--r--regress/exit-status.sh4
-rw-r--r--regress/forcecommand.sh26
-rwxr-xr-xregress/forward-control.sh6
-rw-r--r--regress/forwarding.sh20
-rwxr-xr-xregress/host-expand.sh4
-rwxr-xr-xregress/hostkey-agent.sh52
-rwxr-xr-xregress/hostkey-rotate.sh128
-rwxr-xr-xregress/integrity.sh6
-rwxr-xr-xregress/key-options.sh10
-rw-r--r--regress/keygen-change.sh9
-rwxr-xr-xregress/keygen-knownhosts.sh197
-rw-r--r--regress/keyscan.sh9
-rwxr-xr-xregress/krl.sh90
-rwxr-xr-xregress/limit-keytype.sh80
-rwxr-xr-xregress/localcommand.sh4
-rw-r--r--regress/multiplex.sh25
-rwxr-xr-xregress/multipubkey.sh66
-rw-r--r--regress/netcat.c1690
-rw-r--r--regress/proto-mismatch.sh6
-rw-r--r--regress/proto-version.sh10
-rw-r--r--regress/proxy-connect.sh6
-rw-r--r--regress/reconfigure.sh31
-rw-r--r--regress/reexec.sh4
-rw-r--r--regress/rekey.sh24
-rw-r--r--regress/sshd-log-wrapper.sh8
-rw-r--r--regress/stderr-data.sh4
-rw-r--r--regress/t11.ok1
-rw-r--r--regress/t4.ok2
-rw-r--r--regress/test-exec.sh88
-rw-r--r--regress/transfer.sh4
-rw-r--r--regress/try-ciphers.sh8
-rw-r--r--regress/unittests/Makefile6
-rw-r--r--regress/unittests/Makefile.inc4
-rw-r--r--regress/unittests/bitmap/Makefile12
-rw-r--r--regress/unittests/bitmap/tests.c135
-rw-r--r--regress/unittests/hostkeys/Makefile12
-rwxr-xr-xregress/unittests/hostkeys/mktestdata.sh94
-rw-r--r--regress/unittests/hostkeys/test_iterate.c1171
-rw-r--r--regress/unittests/hostkeys/testdata/dsa_1.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/dsa_2.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/dsa_3.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/dsa_4.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/dsa_5.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/dsa_6.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ecdsa_1.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ecdsa_2.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ecdsa_3.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ecdsa_4.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ecdsa_5.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ecdsa_6.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ed25519_1.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ed25519_2.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ed25519_3.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ed25519_4.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ed25519_5.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/ed25519_6.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/known_hosts61
-rw-r--r--regress/unittests/hostkeys/testdata/rsa1_1.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa1_2.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa1_3.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa1_4.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa1_5.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa1_6.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa_1.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa_2.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa_3.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa_4.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa_5.pub1
-rw-r--r--regress/unittests/hostkeys/testdata/rsa_6.pub1
-rw-r--r--regress/unittests/hostkeys/tests.c16
-rw-r--r--regress/unittests/kex/Makefile14
-rw-r--r--regress/unittests/kex/test_kex.c197
-rw-r--r--regress/unittests/kex/tests.c14
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_crypto.c8
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c4
-rw-r--r--regress/unittests/sshkey/common.c4
-rwxr-xr-xregress/unittests/sshkey/mktestdata.sh4
-rw-r--r--regress/unittests/sshkey/test_file.c33
-rw-r--r--regress/unittests/sshkey/test_fuzz.c13
-rw-r--r--regress/unittests/sshkey/test_sshkey.c192
-rw-r--r--regress/unittests/sshkey/testdata/dsa_1-cert.fp2
-rw-r--r--regress/unittests/sshkey/testdata/dsa_1.fp2
-rw-r--r--regress/unittests/sshkey/testdata/dsa_2.fp2
-rw-r--r--regress/unittests/sshkey/testdata/ecdsa_1-cert.fp2
-rw-r--r--regress/unittests/sshkey/testdata/ecdsa_1.fp2
-rw-r--r--regress/unittests/sshkey/testdata/ecdsa_2.fp2
-rw-r--r--regress/unittests/sshkey/testdata/ed25519_1-cert.fp2
-rw-r--r--regress/unittests/sshkey/testdata/ed25519_1.fp2
-rw-r--r--regress/unittests/sshkey/testdata/ed25519_2.fp2
-rw-r--r--regress/unittests/sshkey/testdata/rsa1_1.fp2
-rw-r--r--regress/unittests/sshkey/testdata/rsa1_2.fp2
-rw-r--r--regress/unittests/sshkey/testdata/rsa_1-cert.fp2
-rw-r--r--regress/unittests/sshkey/testdata/rsa_1.fp2
-rw-r--r--regress/unittests/sshkey/testdata/rsa_2.fp2
-rw-r--r--regress/unittests/test_helper/Makefile5
-rw-r--r--regress/unittests/test_helper/fuzz.c102
-rw-r--r--regress/unittests/test_helper/test_helper.c67
-rw-r--r--regress/unittests/test_helper/test_helper.h13
-rwxr-xr-xregress/valgrind-unit.sh20
-rw-r--r--regress/yes-head.sh4
-rw-r--r--rijndael.c339
-rw-r--r--roaming_client.c5
-rw-r--r--roaming_common.c5
-rw-r--r--roaming_dummy.c13
-rw-r--r--sandbox-systrace.c4
-rw-r--r--scard/.cvsignore2
-rw-r--r--scp.012
-rw-r--r--scp.110
-rw-r--r--scp.c7
-rw-r--r--servconf.c123
-rw-r--r--servconf.h8
-rw-r--r--serverloop.c122
-rw-r--r--session.c15
-rw-r--r--sftp-client.c863
-rw-r--r--sftp-client.h44
-rw-r--r--sftp-common.c101
-rw-r--r--sftp-common.h7
-rw-r--r--sftp-glob.c4
-rw-r--r--sftp-server.010
-rw-r--r--sftp-server.86
-rw-r--r--sftp-server.c592
-rw-r--r--sftp.016
-rw-r--r--sftp.16
-rw-r--r--sftp.c26
-rw-r--r--ssh-add.013
-rw-r--r--ssh-add.115
-rw-r--r--ssh-add.c327
-rw-r--r--ssh-agent.014
-rw-r--r--ssh-agent.115
-rw-r--r--ssh-agent.c561
-rw-r--r--ssh-dss.c3
-rw-r--r--ssh-ecdsa.c4
-rw-r--r--ssh-ed25519.c14
-rw-r--r--ssh-keygen.050
-rw-r--r--ssh-keygen.122
-rw-r--r--ssh-keygen.c1157
-rw-r--r--ssh-keyscan.026
-rw-r--r--ssh-keyscan.16
-rw-r--r--ssh-keyscan.c160
-rw-r--r--ssh-keysign.06
-rw-r--r--ssh-keysign.c153
-rw-r--r--ssh-pkcs11-helper.04
-rw-r--r--ssh-pkcs11-helper.c2
-rw-r--r--ssh-pkcs11.c34
-rw-r--r--ssh-pkcs11.h4
-rw-r--r--ssh-rsa.c3
-rw-r--r--ssh.0169
-rw-r--r--ssh.135
-rw-r--r--ssh.c221
-rw-r--r--ssh_api.c537
-rw-r--r--ssh_api.h137
-rw-r--r--ssh_config.0513
-rw-r--r--ssh_config.5152
-rw-r--r--sshbuf-getput-basic.c57
-rw-r--r--sshbuf-getput-crypto.c21
-rw-r--r--sshbuf-misc.c5
-rw-r--r--sshbuf.c4
-rw-r--r--sshbuf.h4
-rw-r--r--sshconnect.c110
-rw-r--r--sshconnect1.c76
-rw-r--r--sshconnect2.c573
-rw-r--r--sshd.065
-rw-r--r--sshd.816
-rw-r--r--sshd.c303
-rw-r--r--sshd_config4
-rw-r--r--sshd_config.0360
-rw-r--r--sshd_config.5107
-rw-r--r--ssherr.c12
-rw-r--r--ssherr.h6
-rw-r--r--sshkey.c415
-rw-r--r--sshkey.h27
-rw-r--r--sshlogin.c6
-rw-r--r--sshpty.c11
-rw-r--r--uidswap.c4
-rw-r--r--version.h4
-rw-r--r--xmalloc.c14
328 files changed, 52319 insertions, 19755 deletions
diff --git a/.cvsignore b/.cvsignore
new file mode 100644
index 000000000000..9baaa3b4e3f6
--- /dev/null
+++ b/.cvsignore
@@ -0,0 +1,28 @@
+*.0
+*.out
+Makefile
+autom4te.cache
+buildit.sh
+buildpkg.sh
+config.cache
+config.h
+config.h.in
+config.log
+config.status
+configure
+openssh.xml
+opensshd.init
+scp
+sftp
+sftp-server
+ssh
+ssh-add
+ssh-agent
+ssh-keygen
+ssh-keyscan
+ssh-keysign
+ssh-pkcs11-helper
+sshd
+stamp-h.in
+survey
+survey.sh
diff --git a/ChangeLog b/ChangeLog
index 63aeae5564a4..092cc48ef89b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3817 +1,8584 @@
-20131006
- - (djm) Release OpenSSH-6.7
-
-20141003
- - (djm) [sshd_config.5] typo; from Iain Morgan
-
-20141001
- - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
- [openbsd-compat/openbsd-compat.h] Kludge around bad glibc
- _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
- ok dtucker@
-
-20140910
- - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
- patch from Felix von Leitner; ok dtucker
-
-20140908
- - (dtucker) [INSTALL] Update info about egd. ok djm@
-
-20140904
- - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG
-
-20140903
- - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
- conditionalise to avoid duplicate definition.
- - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
- permissions/ACLs; from Corinna Vinschen
-
-20140830
- - (djm) [openbsd-compat/openssl-compat.h] add
- OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
- - (djm) [misc.c] Missing newline between functions
- - (djm) [openbsd-compat/openssl-compat.h] add include guard
- - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@
-
-20140827
- - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
- [regress/unittests/sshkey/common.c]
- [regress/unittests/sshkey/test_file.c]
- [regress/unittests/sshkey/test_fuzz.c]
- [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
- on !ECC OpenSSL systems
- - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
- monitor, not preauth; bz#2263
- - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
- using memset_s() where possible; improve fallback to indirect bzero
- via a volatile pointer to give it more of a chance to avoid being
- optimised away.
-
-20140825
- - (djm) [bufec.c] Skip this file on !ECC OpenSSL
- - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
- update OpenSSL version requirement.
-
-20140824
- - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
- PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
-
-20140823
- - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
- lastlog writing on platforms with high UIDs; bz#2263
- - (djm) [configure.ac] We now require a working vsnprintf everywhere (not
- just for systems that lack asprintf); check for it always and extend
- test to catch more brokenness. Fixes builds on Solaris <= 9
-
-20140822
- - (djm) [configure.ac] include leading zero characters in OpenSSL version
- number; fixes test for unsupported versions
- - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC
- - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
- definition mismatch) and warning for broken/missing snprintf case.
- - (djm) [configure.ac] double braces to appease autoconf
-
-20140821
- - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.
- - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL
- - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
- don't set __progname. Diagnosed by Tom Christensen.
-
-20140820
- - (djm) [configure.ac] Check OpenSSL version is supported at configure time;
- suggested by Kevin Brott
- - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than
- -L/-l; fixes linking problems on some platforms
- - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC
- - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna
-
-20140819
- - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen
- - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC.
- - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG
- - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README]
- [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions
- of TCP wrappers.
-
-20140811
- - (djm) [myproposal.h] Make curve25519 KEX dependent on
- HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
-
-20140810
- - (djm) [README contrib/caldera/openssh.spec]
- [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
-
-20140801
- - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
- a better solution, but this will have to do for now.
- - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin
- is closed; avoid regress failures when stdin is /dev/null
- - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate
- nc from stdin, it's more portable
-
-20140730
- - OpenBSD CVS Sync
- - millert@cvs.openbsd.org 2014/07/24 22:57:10
- [ssh.1]
- Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
- - dtucker@cvs.openbsd.org 2014/07/25 21:22:03
- [ssh-agent.c]
- Clear buffer used for handling messages. This prevents keys being
- left in memory after they have been expired or deleted in some cases
- (but note that ssh-agent is setgid so you would still need root to
- access them). Pointed out by Kevin Burns, ok deraadt
- - schwarze@cvs.openbsd.org 2014/07/28 15:40:08
- [sftp-server.8 sshd_config.5]
- some systems no longer need /dev/log;
- issue noticed by jirib;
- ok deraadt
-
-20140725
- - (djm) [regress/multiplex.sh] restore incorrectly deleted line;
- pointed out by Christian Hesse
-
-20140722
- - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;
- put it back
- - (djm) [regress/multiplex.sh] change the test for still-open Unix
- domain sockets to be robust against nc implementations that produce
- error messages.
- - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
- specific tests inside OPENSSL_HAS_ECC.
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2014/07/22 01:18:50
- [key.c]
- Prevent spam from key_load_private_pem during hostbased auth. ok djm@
- - guenther@cvs.openbsd.org 2014/07/22 07:13:42
- [umac.c]
- Convert from <sys/endian.h> to the shiney new <endian.h>
- ok dtucker@, who also confirmed that -portable handles this already
- (ID sync only, includes.h pulls in endian.h if available.)
- - djm@cvs.openbsd.org 2014/07/22 01:32:12
- [regress/multiplex.sh]
- change the test for still-open Unix domain sockets to be robust against
- nc implementations that produce error messages. from -portable
- (Id sync only)
- - dtucker@cvs.openbsd.org 2014/07/22 23:23:22
- [regress/unittests/sshkey/mktestdata.sh]
- Sign test certs with ed25519 instead of ecdsa so that they'll work in
- -portable on platforms that don't have ECDSA in their OpenSSL. ok djm
- - dtucker@cvs.openbsd.org 2014/07/22 23:57:40
- [regress/unittests/sshkey/mktestdata.sh]
- Add $OpenBSD tag to make syncs easier
- - dtucker@cvs.openbsd.org 2014/07/22 23:35:38
- [regress/unittests/sshkey/testdata/*]
- Regenerate test keys with certs signed with ed25519 instead of ecdsa.
- These can be used in -portable on platforms that don't support ECDSA.
-
-20140721
- - OpenBSD CVS Sync
- - millert@cvs.openbsd.org 2014/07/15 15:54:15
- [forwarding.sh multiplex.sh]
- Add support for Unix domain socket forwarding. A remote TCP port
- may be forwarded to a local Unix domain socket and vice versa or
- both ends may be a Unix domain socket. This is a reimplementation
- of the streamlocal patches by William Ahern from:
- http://www.25thandclement.com/~william/projects/streamlocal.html
- OK djm@ markus@
- - (djm) [regress/multiplex.sh] Not all netcat accept the -N option.
- - (dtucker) [sshkey.c] ifdef out unused variable when compiling without
- OPENSSL_HAS_ECC.
-
-20140721
- - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
- needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
- - (dtucker) [regress/unittests/sshkey/
- {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
- ifdefs.
-
-20140719
- - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used
- in servconf.h.
-
-20140718
- - OpenBSD CVS Sync
- - millert@cvs.openbsd.org 2014/07/15 15:54:14
- [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
- [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
- [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
- [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
- [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
- [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
- [sshd_config.5 sshlogin.c]
- Add support for Unix domain socket forwarding. A remote TCP port
- may be forwarded to a local Unix domain socket and vice versa or
- both ends may be a Unix domain socket. This is a reimplementation
- of the streamlocal patches by William Ahern from:
- http://www.25thandclement.com/~william/projects/streamlocal.html
- OK djm@ markus@
- - jmc@cvs.openbsd.org 2014/07/16 14:48:57
- [ssh.1]
- add the streamlocal* options to ssh's -o list; millert says they're
- irrelevant for scp/sftp;
- ok markus millert
- - djm@cvs.openbsd.org 2014/07/17 00:10:56
- [sandbox-systrace.c]
- ifdef SYS_sendsyslog so this will compile without patching on -stable
- - djm@cvs.openbsd.org 2014/07/17 00:10:18
- [mux.c]
- preserve errno across syscall
- - djm@cvs.openbsd.org 2014/07/17 00:12:03
- [key.c]
- silence "incorrect passphrase" error spam; reported and ok dtucker@
- - djm@cvs.openbsd.org 2014/07/17 07:22:19
- [mux.c ssh.c]
- reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
- previously we were always returning 0. bz#2255 reported by Brendan
- Germain; ok dtucker
- - djm@cvs.openbsd.org 2014/07/18 02:46:01
- [ssh-agent.c]
- restore umask around listener socket creation (dropped in streamlocal patch
- merge)
- - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used
- in servconf.h.
- - (dtucker) [Makefile.in] Add a t-exec target to run just the executable
- tests.
- - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC.
-
-20140717
- - (djm) [digest-openssl.c] Preserve array order when disabling digests.
- Reported by Petr Lautrbach.
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2014/07/11 08:09:54
- [sandbox-systrace.c]
- Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking,
- update your kernels and sshd soon.. libc will start using sendsyslog()
- in about 4 days.
- - tedu@cvs.openbsd.org 2014/07/11 13:54:34
- [myproposal.h]
- by popular demand, add back hamc-sha1 to server proposal for better compat
- with many clients still in use. ok deraadt
-
-20140715
- - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
- has been located; fixes builds agains libressl-portable
-
-20140711
- - OpenBSD CVS Sync
- - benno@cvs.openbsd.org 2014/07/09 14:15:56
- [ssh-add.c]
- fix ssh-add crash while loading more than one key
- ok markus@
+commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
+Author: Tim Rice <tim@multitalents.net>
+Date: Mon Mar 16 22:49:20 2015 -0700
-20140709
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/07/07 08:19:12
- [ssh_config.5]
- mention that ProxyCommand is executed using shell "exec" to avoid
- a lingering process; bz#1977
- - djm@cvs.openbsd.org 2014/07/09 01:45:10
- [sftp.c]
- more useful error message when GLOB_NOSPACE occurs;
- bz#2254, patch from Orion Poplawski
- - djm@cvs.openbsd.org 2014/07/09 03:02:15
- [key.c]
- downgrade more error() to debug() to better match what old authfile.c
- did; suppresses spurious errors with hostbased authentication enabled
- - djm@cvs.openbsd.org 2014/07/06 07:42:03
- [multiplex.sh test-exec.sh]
- add a hook to the cleanup() function to kill $SSH_PID if it is set
-
- use it to kill the mux master started in multiplex.sh (it was being left
- around on fatal failures)
- - djm@cvs.openbsd.org 2014/07/07 08:15:26
- [multiplex.sh]
- remove forced-fatal that I stuck in there to test the new cleanup
- logic and forgot to remove...
-
-20140706
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/07/03 23:18:35
- [authfile.h]
- remove leakmalloc droppings
- - djm@cvs.openbsd.org 2014/07/05 23:11:48
- [channels.c]
- fix remote-forward cancel regression; ok markus@
-
-20140704
- - OpenBSD CVS Sync
- - jsing@cvs.openbsd.org 2014/07/03 12:42:16
- [cipher-chachapoly.c]
- Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this
- makes it easier to verify that chacha_encrypt_bytes() is only called once
- per chacha_ivsetup() call.
- ok djm@
- - djm@cvs.openbsd.org 2014/07/03 22:23:46
- [sshconnect.c]
- when rekeying, skip file/DNS lookup if it is the same as the key sent
- during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
- - djm@cvs.openbsd.org 2014/07/03 22:33:41
- [channels.c]
- allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
- GatewayPorts=no; allows client to choose address family;
- bz#2222 ok markus@
- - djm@cvs.openbsd.org 2014/07/03 22:40:43
- [servconf.c servconf.h session.c sshd.8 sshd_config.5]
- Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
- executed, mirroring the no-user-rc authorized_keys option;
- bz#2160; ok markus@
-
-20140703
- - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
- doesn't support it.
- - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist;
- bz#2237
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/07/03 01:45:38
- [sshkey.c]
- make Ed25519 keys' title fit properly in the randomart border; bz#2247
- based on patch from Christian Hesse
- - djm@cvs.openbsd.org 2014/07/03 03:11:03
- [ssh-agent.c]
- Only cleanup agent socket in the main agent process and not in any
- subprocesses it may have started (e.g. forked askpass). Fixes
- agent sockets being zapped when askpass processes fatal();
- bz#2236 patch from Dmitry V. Levin
- - djm@cvs.openbsd.org 2014/07/03 03:15:01
- [ssh-add.c]
- make stdout line-buffered; saves partial output getting lost when
- ssh-add fatal()s part-way through (e.g. when listing keys from an
- agent that supports key types that ssh-add doesn't);
- bz#2234, reported by Phil Pennock
- - djm@cvs.openbsd.org 2014/07/03 03:26:43
- [digest-openssl.c]
- use EVP_Digest() for one-shot hash instead of creating, updating,
- finalising and destroying a context.
- bz#2231, based on patch from Timo Teras
- - djm@cvs.openbsd.org 2014/07/03 03:34:09
- [gss-serv.c session.c ssh-keygen.c]
- standardise on NI_MAXHOST for gethostname() string lengths; about
- 1/2 the cases were using it already. Fixes bz#2239 en passant
- - djm@cvs.openbsd.org 2014/07/03 03:47:27
- [ssh-keygen.c]
- When hashing or removing hosts using ssh-keygen, don't choke on
- @revoked markers and don't remove @cert-authority markers;
- bz#2241, reported by mlindgren AT runelind.net
- - djm@cvs.openbsd.org 2014/07/03 04:36:45
- [digest.h]
- forward-declare struct sshbuf so consumers don't need to include sshbuf.h
- - djm@cvs.openbsd.org 2014/07/03 05:32:36
- [ssh_config.5]
- mention '%%' escape sequence in HostName directives and how it may
- be used to specify IPv6 link-local addresses
- - djm@cvs.openbsd.org 2014/07/03 05:38:17
- [ssh.1]
- document that -g will only work in the multiplexed case if applied to
- the mux master
- - djm@cvs.openbsd.org 2014/07/03 06:39:19
- [ssh.c ssh_config.5]
- Add a %C escape sequence for LocalCommand and ControlPath that expands
- to a unique identifer based on a has of the tuple of (local host,
- remote user, hostname, port).
-
- Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
- control paths.
-
- bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
- - jmc@cvs.openbsd.org 2014/07/03 07:45:27
- [ssh_config.5]
- escape %C since groff thinks it part of an Rs/Re block;
- - djm@cvs.openbsd.org 2014/07/03 11:16:55
- [auth.c auth.h auth1.c auth2.c]
- make the "Too many authentication failures" message include the
- user, source address, port and protocol in a format similar to the
- authentication success / failure messages; bz#2199, ok dtucker
-
-20140702
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2014/06/13 08:26:29
- [sandbox-systrace.c]
- permit SYS_getentropy
- from matthew
- - matthew@cvs.openbsd.org 2014/06/18 02:59:13
- [sandbox-systrace.c]
- Now that we have a dedicated getentropy(2) system call for
- arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace
- sandbox.
-
- ok djm
- - naddy@cvs.openbsd.org 2014/06/18 15:42:09
- [sshbuf-getput-crypto.c]
- The ssh_get_bignum functions must accept the same range of bignums
- the corresponding ssh_put_bignum functions create. This fixes the
- use of 16384-bit RSA keys (bug reported by Eivind Evensen).
- ok djm@
- - djm@cvs.openbsd.org 2014/06/24 00:52:02
- [krl.c]
- fix bug in KRL generation: multiple consecutive revoked certificate
- serial number ranges could be serialised to an invalid format.
-
- Readers of a broken KRL caused by this bug will fail closed, so no
- should-have-been-revoked key will be accepted.
- - djm@cvs.openbsd.org 2014/06/24 01:13:21
- [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
- [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
- [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
- [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
- [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
- [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
- [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
- [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
- [sshconnect2.c sshd.c sshkey.c sshkey.h
- [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
- New key API: refactor key-related functions to be more library-like,
- existing API is offered as a set of wrappers.
-
- with and ok markus@
-
- Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
- Dempsky and Ron Bowes for a detailed review a few months ago.
- NB. This commit also removes portable OpenSSH support for OpenSSL
- <0.9.8e.
- - djm@cvs.openbsd.org 2014/06/24 02:19:48
- [ssh.c]
- don't fatal() when hostname canonicalisation fails with a
- ProxyCommand in use; continue and allow the ProxyCommand to
- connect anyway (e.g. to a host with a name outside the DNS
- behind a bastion)
- - djm@cvs.openbsd.org 2014/06/24 02:21:01
- [scp.c]
- when copying local->remote fails during read, don't send uninitialised
- heap to the remote end. Reported by Jann Horn
- - deraadt@cvs.openbsd.org 2014/06/25 14:16:09
- [sshbuf.c]
- unblock SIGSEGV before raising it
- ok djm
- - markus@cvs.openbsd.org 2014/06/27 16:41:56
- [channels.c channels.h clientloop.c ssh.c]
- fix remote fwding with same listen port but different listen address
- with gerhard@, ok djm@
- - markus@cvs.openbsd.org 2014/06/27 18:50:39
- [ssh-add.c]
- fix loading of private keys
- - djm@cvs.openbsd.org 2014/06/30 12:54:39
- [key.c]
- suppress spurious error message when loading key with a passphrase;
- reported by kettenis@ ok markus@
- - djm@cvs.openbsd.org 2014/07/02 04:59:06
- [cipher-3des1.c]
- fix ssh protocol 1 on the server that regressed with the sshkey change
- (sometimes fatal() after auth completed), make file return useful status
- codes.
- NB. Id sync only for these two. They were bundled into the sshkey merge
- above, since it was easier to sync the entire file and then apply
- portable-specific changed atop it.
- - djm@cvs.openbsd.org 2014/04/30 05:32:00
- [regress/Makefile]
- unit tests for new buffer API; including basic fuzz testing
- NB. Id sync only.
- - djm@cvs.openbsd.org 2014/05/21 07:04:21
- [regress/integrity.sh]
- when failing because of unexpected output, show the offending output
- - djm@cvs.openbsd.org 2014/06/24 01:04:43
- [regress/krl.sh]
- regress test for broken consecutive revoked serial number ranges
- - djm@cvs.openbsd.org 2014/06/24 01:14:17
- [Makefile.in regress/Makefile regress/unittests/Makefile]
- [regress/unittests/sshkey/Makefile]
- [regress/unittests/sshkey/common.c]
- [regress/unittests/sshkey/common.h]
- [regress/unittests/sshkey/mktestdata.sh]
- [regress/unittests/sshkey/test_file.c]
- [regress/unittests/sshkey/test_fuzz.c]
- [regress/unittests/sshkey/test_sshkey.c]
- [regress/unittests/sshkey/tests.c]
- [regress/unittests/sshkey/testdata/dsa_1]
- [regress/unittests/sshkey/testdata/dsa_1-cert.fp]
- [regress/unittests/sshkey/testdata/dsa_1-cert.pub]
- [regress/unittests/sshkey/testdata/dsa_1.fp]
- [regress/unittests/sshkey/testdata/dsa_1.fp.bb]
- [regress/unittests/sshkey/testdata/dsa_1.param.g]
- [regress/unittests/sshkey/testdata/dsa_1.param.priv]
- [regress/unittests/sshkey/testdata/dsa_1.param.pub]
- [regress/unittests/sshkey/testdata/dsa_1.pub]
- [regress/unittests/sshkey/testdata/dsa_1_pw]
- [regress/unittests/sshkey/testdata/dsa_2]
- [regress/unittests/sshkey/testdata/dsa_2.fp]
- [regress/unittests/sshkey/testdata/dsa_2.fp.bb]
- [regress/unittests/sshkey/testdata/dsa_2.pub]
- [regress/unittests/sshkey/testdata/dsa_n]
- [regress/unittests/sshkey/testdata/dsa_n_pw]
- [regress/unittests/sshkey/testdata/ecdsa_1]
- [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp]
- [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub]
- [regress/unittests/sshkey/testdata/ecdsa_1.fp]
- [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb]
- [regress/unittests/sshkey/testdata/ecdsa_1.param.curve]
- [regress/unittests/sshkey/testdata/ecdsa_1.param.priv]
- [regress/unittests/sshkey/testdata/ecdsa_1.param.pub]
- [regress/unittests/sshkey/testdata/ecdsa_1.pub]
- [regress/unittests/sshkey/testdata/ecdsa_1_pw]
- [regress/unittests/sshkey/testdata/ecdsa_2]
- [regress/unittests/sshkey/testdata/ecdsa_2.fp]
- [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb]
- [regress/unittests/sshkey/testdata/ecdsa_2.param.curve]
- [regress/unittests/sshkey/testdata/ecdsa_2.param.priv]
- [regress/unittests/sshkey/testdata/ecdsa_2.param.pub]
- [regress/unittests/sshkey/testdata/ecdsa_2.pub]
- [regress/unittests/sshkey/testdata/ecdsa_n]
- [regress/unittests/sshkey/testdata/ecdsa_n_pw]
- [regress/unittests/sshkey/testdata/ed25519_1]
- [regress/unittests/sshkey/testdata/ed25519_1-cert.fp]
- [regress/unittests/sshkey/testdata/ed25519_1-cert.pub]
- [regress/unittests/sshkey/testdata/ed25519_1.fp]
- [regress/unittests/sshkey/testdata/ed25519_1.fp.bb]
- [regress/unittests/sshkey/testdata/ed25519_1.pub]
- [regress/unittests/sshkey/testdata/ed25519_1_pw]
- [regress/unittests/sshkey/testdata/ed25519_2]
- [regress/unittests/sshkey/testdata/ed25519_2.fp]
- [regress/unittests/sshkey/testdata/ed25519_2.fp.bb]
- [regress/unittests/sshkey/testdata/ed25519_2.pub]
- [regress/unittests/sshkey/testdata/pw]
- [regress/unittests/sshkey/testdata/rsa1_1]
- [regress/unittests/sshkey/testdata/rsa1_1.fp]
- [regress/unittests/sshkey/testdata/rsa1_1.fp.bb]
- [regress/unittests/sshkey/testdata/rsa1_1.param.n]
- [regress/unittests/sshkey/testdata/rsa1_1.pub]
- [regress/unittests/sshkey/testdata/rsa1_1_pw]
- [regress/unittests/sshkey/testdata/rsa1_2]
- [regress/unittests/sshkey/testdata/rsa1_2.fp]
- [regress/unittests/sshkey/testdata/rsa1_2.fp.bb]
- [regress/unittests/sshkey/testdata/rsa1_2.param.n]
- [regress/unittests/sshkey/testdata/rsa1_2.pub]
- [regress/unittests/sshkey/testdata/rsa_1]
- [regress/unittests/sshkey/testdata/rsa_1-cert.fp]
- [regress/unittests/sshkey/testdata/rsa_1-cert.pub]
- [regress/unittests/sshkey/testdata/rsa_1.fp]
- [regress/unittests/sshkey/testdata/rsa_1.fp.bb]
- [regress/unittests/sshkey/testdata/rsa_1.param.n]
- [regress/unittests/sshkey/testdata/rsa_1.param.p]
- [regress/unittests/sshkey/testdata/rsa_1.param.q]
- [regress/unittests/sshkey/testdata/rsa_1.pub]
- [regress/unittests/sshkey/testdata/rsa_1_pw]
- [regress/unittests/sshkey/testdata/rsa_2]
- [regress/unittests/sshkey/testdata/rsa_2.fp]
- [regress/unittests/sshkey/testdata/rsa_2.fp.bb]
- [regress/unittests/sshkey/testdata/rsa_2.param.n]
- [regress/unittests/sshkey/testdata/rsa_2.param.p]
- [regress/unittests/sshkey/testdata/rsa_2.param.q]
- [regress/unittests/sshkey/testdata/rsa_2.pub]
- [regress/unittests/sshkey/testdata/rsa_n]
- [regress/unittests/sshkey/testdata/rsa_n_pw]
- unit and fuzz tests for new key API
- - (djm) [sshkey.c] Conditionalise inclusion of util.h
- - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test
-
-20140618
- - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
-
-20140617
- - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
- openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
- Move the OpenSSL header/library version test into its own function and add
- tests for it. Fix it to allow fix version upgrades (but not downgrades).
- Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
- ok djm@ chl@
-
-20140616
- - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via
- OpenSMTPD and chl@
-
-20140612
- - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
- been removed from sshd.c.
-
-20140611
- - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from
- openbsd-compat/bsd-asprintf.c.
- - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*]
- Wrap stdlib.h include an ifdef for platforms that don't have it.
- - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for
- u_intXX_t types.
-
-20140610
- - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
- regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256
- curve tests if OpenSSL has them.
- - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
- the proposal if the version of OpenSSL we're using doesn't support ECC.
- - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef
- ECC variable too.
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/06/05 22:17:50
- [sshconnect2.c]
- fix inverted test that caused PKCS#11 keys that were explicitly listed
- not to be preferred. Reported by Dirk-Willem van Gulik
- - dtucker@cvs.openbsd.org 2014/06/10 21:46:11
- [sshbuf.h]
- Group ECC functions together to make things a little easier in -portable.
- "doesn't bother me" deraadt@
- - (dtucker) [sshbuf.h] Only declare ECC functions if building without
- OpenSSL or if OpenSSL has ECC.
- - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an
- assigment that might get optimized out. ok djm@
- - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for
- compat stuff, specifically whether or not OpenSSL has ECC.
-
-20140527
- - (djm) [cipher.c] Fix merge botch.
- - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config
- from Corinna Vinschen, fixing a number of bugs and preparing for
- Cygwin 1.7.30.
- - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
- [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
- separation user at runtime, since it may need to be a domain account.
- Patch from Corinna Vinschen.
-
-20140522
- - (djm) [Makefile.in] typo in path
-
-20140521
- - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
- vhangup on Linux. It doens't work for non-root users, and for them
- it just messes up the tty settings.
- - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC
- when it is available. It takes into account time spent suspended,
- thereby ensuring timeouts (e.g. for expiring agent keys) fire
- correctly. bz#2228 reported by John Haxby
-
-20140519
- - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine
- OpenBSD
- - OpenBSD CVS Sync
- - logan@cvs.openbsd.org 2014/04/20 09:24:26
- [dns.c dns.h ssh-keygen.c]
- Add support for SSHFP DNS records for ED25519 key types.
- OK from djm@
- - logan@cvs.openbsd.org 2014/04/21 14:36:16
- [sftp-client.c sftp-client.h sftp.c]
- Implement sftp upload resume support.
- OK from djm@, with input from guenther@, mlarkin@ and
- okan@
- - logan@cvs.openbsd.org 2014/04/22 10:07:12
- [sftp.c]
- Sort the sftp command list.
- OK from djm@
- - logan@cvs.openbsd.org 2014/04/22 12:42:04
- [sftp.1]
- Document sftp upload resume.
- OK from djm@, with feedback from okan@.
- - jmc@cvs.openbsd.org 2014/04/22 14:16:30
- [sftp.1]
- zap eol whitespace;
- - djm@cvs.openbsd.org 2014/04/23 12:42:34
- [readconf.c]
- don't record duplicate IdentityFiles
- - djm@cvs.openbsd.org 2014/04/28 03:09:18
- [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
- [ssh-keygen.c]
- buffer_get_string_ptr's return should be const to remind
- callers that futzing with it will futz with the actual buffer
- contents
- - djm@cvs.openbsd.org 2014/04/29 13:10:30
- [clientloop.c serverloop.c]
- bz#1818 - don't send channel success/failre replies on channels that
- have sent a close already; analysis and patch from Simon Tatham;
- ok markus@
- - markus@cvs.openbsd.org 2014/04/29 18:01:49
- [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
- [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
- [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
- [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
- make compiling against OpenSSL optional (make OPENSSL=no);
- reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
- allows us to explore further options; with and ok djm
- - dtucker@cvs.openbsd.org 2014/04/29 19:58:50
- [sftp.c]
- Move nulling of variable next to where it's freed. ok markus@
- - dtucker@cvs.openbsd.org 2014/04/29 20:36:51
- [sftp.c]
- Don't attempt to append a nul quote char to the filename. Should prevent
- fatal'ing with "el_insertstr failed" when there's a single quote char
- somewhere in the string. bz#2238, ok markus@
- - djm@cvs.openbsd.org 2014/04/30 05:29:56
- [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c]
- [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c]
- [ssherr.h]
- New buffer API; the first installment of the conversion/replacement
- of OpenSSH's internals to make them usable as a standalone library.
-
- This includes a set of wrappers to make it compatible with the
- existing buffer API so replacement can occur incrementally.
-
- With and ok markus@
-
- Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
- Dempsky and Ron Bowes for a detailed review.
- - naddy@cvs.openbsd.org 2014/04/30 19:07:48
- [mac.c myproposal.h umac.c]
- UMAC can use our local fallback implementation of AES when OpenSSL isn't
- available. Glue code straight from Ted Krovetz's original umac.c.
- ok markus@
- - djm@cvs.openbsd.org 2014/05/02 03:27:54
- [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
- [misc.h poly1305.h ssh-pkcs11.c defines.h]
- revert __bounded change; it causes way more problems for portable than
- it solves; pointed out by dtucker@
- - markus@cvs.openbsd.org 2014/05/03 17:20:34
- [monitor.c packet.c packet.h]
- unbreak compression, by re-init-ing the compression code in the
- post-auth child. the new buffer code is more strict, and requires
- buffer_init() while the old code was happy after a bzero();
- originally from djm@
- - logan@cvs.openbsd.org 2014/05/05 07:02:30
- [sftp.c]
- Zap extra whitespace.
-
- OK from djm@ and dtucker@
- - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
- portability glue to support building without libcrypto
- - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
- [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/03/13 20:44:49
- [login-timeout.sh]
- this test is a sorry mess of race conditions; add another sleep
- to avoid a failure on slow machines (at least until I find a
- better way)
- - djm@cvs.openbsd.org 2014/04/21 22:15:37
- [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
- repair regress tests broken by server-side default cipher/kex/mac changes
- by ensuring that the option under test is included in the server's
- algorithm list
- - dtucker@cvs.openbsd.org 2014/05/03 18:46:14
- [proxy-connect.sh]
- Add tests for with and without compression, with and without privsep.
- - logan@cvs.openbsd.org 2014/05/04 10:40:59
- [connect-privsep.sh]
- Remove the Z flag from the list of malloc options as it
- was removed from malloc.c 10 days ago.
-
- OK from miod@
- - (djm) [regress/unittests/Makefile]
- [regress/unittests/Makefile.inc]
- [regress/unittests/sshbuf/Makefile]
- [regress/unittests/sshbuf/test_sshbuf.c]
- [regress/unittests/sshbuf/test_sshbuf_fixed.c]
- [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
- [regress/unittests/sshbuf/test_sshbuf_misc.c]
- [regress/unittests/sshbuf/tests.c]
- [regress/unittests/test_helper/Makefile]
- [regress/unittests/test_helper/fuzz.c]
- [regress/unittests/test_helper/test_helper.c]
- [regress/unittests/test_helper/test_helper.h]
- Import new unit tests from OpenBSD; not yet hooked up to build.
- - (djm) [regress/Makefile Makefile.in]
- [regress/unittests/sshbuf/test_sshbuf.c
- [regress/unittests/sshbuf/test_sshbuf_fixed.c]
- [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
- [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
- [regress/unittests/sshbuf/test_sshbuf_misc.c]
- [regress/unittests/sshbuf/tests.c]
- [regress/unittests/test_helper/fuzz.c]
- [regress/unittests/test_helper/test_helper.c]
- Hook new unit tests into the build and "make tests"
- - (djm) [sshbuf.c] need __predict_false
-
-20140430
- - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
- have it. Only attempt to use __attribute__(__bounded__) for gcc.
-
-20140420
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/03/03 22:22:30
- [session.c]
- ignore enviornment variables with embedded '=' or '\0' characters;
- spotted by Jann Horn; ok deraadt@
- Id sync only - portable already has this.
- - djm@cvs.openbsd.org 2014/03/12 04:44:58
- [ssh-keyscan.c]
- scan for Ed25519 keys by default too
- - djm@cvs.openbsd.org 2014/03/12 04:50:32
- [auth-bsdauth.c ssh-keygen.c]
- don't count on things that accept arguments by reference to clear
- things for us on error; most things do, but it's unsafe form.
- - djm@cvs.openbsd.org 2014/03/12 04:51:12
- [authfile.c]
- correct test that kdf name is not "none" or "bcrypt"
- - naddy@cvs.openbsd.org 2014/03/12 13:06:59
- [ssh-keyscan.1]
- scan for Ed25519 keys by default too
- - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
- [ssh-agent.c ssh-keygen.1 ssh-keygen.c]
- Improve usage() and documentation towards the standard form.
- In particular, this line saves a lot of man page reading time.
- usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
- [-N new_passphrase] [-C comment] [-f output_keyfile]
- ok schwarze jmc
- - tedu@cvs.openbsd.org 2014/03/17 19:44:10
- [ssh.1]
- old descriptions of des and blowfish are old. maybe ok deraadt
- - tedu@cvs.openbsd.org 2014/03/19 14:42:44
- [scp.1]
- there is no need for rcp anymore
- ok deraadt millert
- - markus@cvs.openbsd.org 2014/03/25 09:40:03
- [myproposal.h]
- trimm default proposals.
-
- This commit removes the weaker pre-SHA2 hashes, the broken ciphers
- (arcfour), and the broken modes (CBC) from the default configuration
- (the patch only changes the default, all the modes are still available
- for the config files).
-
- ok djm@, reminded by tedu@ & naddy@ and discussed with many
- - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
- [myproposal.h]
- The current sharing of myproposal[] between both client and server code
- makes the previous diff highly unpallatable. We want to go in that
- direction for the server, but not for the client. Sigh.
- Brought up by naddy.
- - markus@cvs.openbsd.org 2014/03/27 23:01:27
- [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
- disable weak proposals in sshd, but keep them in ssh; ok djm@
- - djm@cvs.openbsd.org 2014/03/26 04:55:35
- [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
- [misc.h poly1305.h ssh-pkcs11.c]
- use __bounded(...) attribute recently added to sys/cdefs.h instead of
- longform __attribute__(__bounded(...));
-
- for brevity and a warning free compilation with llvm/clang
- - tedu@cvs.openbsd.org 2014/03/26 19:58:37
- [sshd.8 sshd.c]
- remove libwrap support. ok deraadt djm mfriedl
- - naddy@cvs.openbsd.org 2014/03/28 05:17:11
- [ssh_config.5 sshd_config.5]
- sync available and default algorithms, improve algorithm list formatting
- help from jmc@ and schwarze@, ok deraadt@
- - jmc@cvs.openbsd.org 2014/03/31 13:39:34
- [ssh-keygen.1]
- the text for the -K option was inserted in the wrong place in -r1.108;
- fix From: Matthew Clarke
- - djm@cvs.openbsd.org 2014/04/01 02:05:27
- [ssh-keysign.c]
- include fingerprint of key not found
- use arc4random_buf() instead of loop+arc4random()
- - djm@cvs.openbsd.org 2014/04/01 03:34:10
- [sshconnect.c]
- When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
- certificate keys to plain keys and attempt SSHFP resolution.
-
- Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
- dialog by offering only certificate keys.
-
- Reported by mcv21 AT cam.ac.uk
- - djm@cvs.openbsd.org 2014/04/01 05:32:57
- [packet.c]
- demote a debug3 to PACKET_DEBUG; ok markus@
- - djm@cvs.openbsd.org 2014/04/12 04:55:53
- [sshd.c]
- avoid crash at exit: check that pmonitor!=NULL before dereferencing;
- bz#2225, patch from kavi AT juniper.net
- - djm@cvs.openbsd.org 2014/04/16 23:22:45
- [bufaux.c]
- skip leading zero bytes in buffer_put_bignum2_from_string();
- reported by jan AT mojzis.com; ok markus@
- - djm@cvs.openbsd.org 2014/04/16 23:28:12
- [ssh-agent.1]
- remove the identity files from this manpage - ssh-agent doesn't deal
- with them at all and the same information is duplicated in ssh-add.1
- (which does deal with them); prodded by deraadt@
- - djm@cvs.openbsd.org 2014/04/18 23:52:25
- [compat.c compat.h sshconnect2.c sshd.c version.h]
- OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
- using the curve25519-sha256@libssh.org KEX exchange method to fail
- when connecting with something that implements the spec properly.
-
- Disable this KEX method when speaking to one of the affected
- versions.
-
- reported by Aris Adamantiadis; ok markus@
- - djm@cvs.openbsd.org 2014/04/19 05:54:59
- [compat.c]
- missing wildcard; pointed out by naddy@
- - tedu@cvs.openbsd.org 2014/04/19 14:53:48
- [ssh-keysign.c sshd.c]
- Delete futile calls to RAND_seed. ok djm
- NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
- - tedu@cvs.openbsd.org 2014/04/19 18:15:16
- [sshd.8]
- remove some really old rsh references
- - tedu@cvs.openbsd.org 2014/04/19 18:42:19
- [ssh.1]
- delete .xr to hosts.equiv. there's still an unfortunate amount of
- documentation referring to rhosts equivalency in here.
- - djm@cvs.openbsd.org 2014/04/20 02:30:25
- [misc.c misc.h umac.c]
- use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
- strict-alignment architectures; reported by and ok stsp@
- - djm@cvs.openbsd.org 2014/04/20 02:49:32
- [compat.c]
- add a canonical 6.6 + curve25519 bignum fix fake version that I can
- recommend people use ahead of the openssh-6.7 release
-
-20140401
- - (djm) On platforms that support it, use prctl() to prevent sftp-server
- from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
- - (djm) Use full release (e.g. 6.5p1) in debug output rather than just
- version. From des@des.no
-
-20140317
- - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to
- remind myself to add sandbox violation logging via the log socket.
-
-20140314
- - (tim) [opensshd.init.in] Add support for ed25519
-
-20140313
- - (djm) Release OpenSSH 6.6
-
-20140304
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/03/03 22:22:30
- [session.c]
- ignore enviornment variables with embedded '=' or '\0' characters;
- spotted by Jann Horn; ok deraadt@
-
-20140301
- - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
- no moduli file exists at the expected location.
-
-20140228
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/02/27 00:41:49
- [bufbn.c]
- fix unsigned overflow that could lead to reading a short ssh protocol
- 1 bignum value; found by Ben Hawkes; ok deraadt@
- - djm@cvs.openbsd.org 2014/02/27 08:25:09
- [bufbn.c]
- off by one in range check
- - djm@cvs.openbsd.org 2014/02/27 22:47:07
- [sshd_config.5]
- bz#2184 clarify behaviour of a keyword that appears in multiple
- matching Match blocks; ok dtucker@
- - djm@cvs.openbsd.org 2014/02/27 22:57:40
- [version.h]
- openssh-6.6
- - dtucker@cvs.openbsd.org 2014/01/19 23:43:02
- [regress/sftp-chroot.sh]
- Don't use -q on sftp as it suppresses logging, instead redirect the
- output to the regress logfile.
- - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
- [sregress/ftp-chroot.sh]
- append to rather than truncating the log file
- - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
- [regress/Makefile regress/dhgex.sh]
- Add a test for DH GEX sizes
- - djm@cvs.openbsd.org 2014/01/26 10:22:10
- [regress/cert-hostkey.sh]
- automatically generate revoked keys from listed keys rather than
- manually specifying each type; from portable
- (Id sync only)
- - djm@cvs.openbsd.org 2014/01/26 10:49:17
- [scp-ssh-wrapper.sh scp.sh]
- make sure $SCP is tested on the remote end rather than whichever one
- happens to be in $PATH; from portable
- (Id sync only)
- - djm@cvs.openbsd.org 2014/02/27 20:04:16
- [login-timeout.sh]
- remove any existing LoginGraceTime from sshd_config before adding
- a specific one for the test back in
- - djm@cvs.openbsd.org 2014/02/27 21:21:25
- [agent-ptrace.sh agent.sh]
- keep return values that are printed in error messages;
- from portable
- (Id sync only)
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Crank version numbers
- - (djm) [regress/host-expand.sh] Add RCS Id
-
-20140227
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/02/26 20:18:37
- [ssh.c]
- bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
- ok dtucker@ markus@
- - djm@cvs.openbsd.org 2014/02/26 20:28:44
- [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
- bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
- sandboxing, as running this code in the sandbox can cause violations;
- ok markus@
- - djm@cvs.openbsd.org 2014/02/26 20:29:29
- [channels.c]
- don't assume that the socks4 username is \0 terminated;
- spotted by Ben Hawkes; ok markus@
- - markus@cvs.openbsd.org 2014/02/26 21:53:37
- [sshd.c]
- ssh_gssapi_prepare_supported_oids needs GSSAPI
-
-20140224
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/02/07 06:55:54
- [cipher.c mac.c]
- remove some logging that makes ssh debugging output very verbose;
- ok markus
- - djm@cvs.openbsd.org 2014/02/15 23:05:36
- [channels.c]
- avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
- bz#2200, debian#738692 via Colin Watson; ok dtucker@
- - djm@cvs.openbsd.org 2014/02/22 01:32:19
- [readconf.c]
- when processing Match blocks, skip 'exec' clauses if previous predicates
- failed to match; ok markus@
- - djm@cvs.openbsd.org 2014/02/23 20:03:42
- [ssh-ed25519.c]
- check for unsigned overflow; not reachable in OpenSSH but others might
- copy our code...
- - djm@cvs.openbsd.org 2014/02/23 20:11:36
- [readconf.c readconf.h ssh.c ssh_config.5]
- reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
- the hostname. This allows users to write configurations that always
- refer to canonical hostnames, e.g.
-
- CanonicalizeHostname yes
- CanonicalDomains int.example.org example.org
- CanonicalizeFallbackLocal no
-
- Host *.int.example.org
- Compression off
- Host *.example.org
- User djm
-
- ok markus@
+ portability fix: Solaris systems may not have a grep that understands -q
-20140213
- - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
- code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
-
-20140207
- - OpenBSD CVS Sync
- - naddy@cvs.openbsd.org 2014/02/05 20:13:25
- [ssh-keygen.1 ssh-keygen.c]
- tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
- while here, fix ordering in usage(); requested by jmc@
- - djm@cvs.openbsd.org 2014/02/06 22:21:01
- [sshconnect.c]
- in ssh_create_socket(), only do the getaddrinfo for BindAddress when
- BindAddress is actually specified. Fixes regression in 6.5 for
- UsePrivilegedPort=yes; patch from Corinna Vinschen
-
-20140206
- - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
- before freeing since free(NULL) is a no-op. ok djm.
- - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
- __NR_shutdown; some go via the socketcall(2) multiplexer.
-
-20140205
- - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
- headers/libc but not supported by the kernel. Patch from Loganaden
- Velvindron @ AfriNIC
-
-20140204
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2014/01/27 18:58:14
- [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
- replace openssl HMAC with an implementation based on our ssh_digest_*
- ok and feedback djm@
- - markus@cvs.openbsd.org 2014/01/27 19:18:54
- [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
- replace openssl MD5 with our ssh_digest_*; ok djm@
- - markus@cvs.openbsd.org 2014/01/27 20:13:46
- [digest.c digest-openssl.c digest-libc.c Makefile.in]
- rename digest.c to digest-openssl.c and add libc variant; ok djm@
- - jmc@cvs.openbsd.org 2014/01/28 14:13:39
- [ssh-keyscan.1]
- kill some bad Pa;
- From: Jan Stary
- - djm@cvs.openbsd.org 2014/01/29 00:19:26
- [sshd.c]
- use kill(0, ...) instead of killpg(0, ...); on most operating systems
- they are equivalent, but SUSv2 describes the latter as having undefined
- behaviour; from portable; ok dtucker
- (Id sync only; change is already in portable)
- - djm@cvs.openbsd.org 2014/01/29 06:18:35
- [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
- [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
- [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
- remove experimental, never-enabled JPAKE code; ok markus@
- - jmc@cvs.openbsd.org 2014/01/29 14:04:51
- [sshd_config.5]
- document kbdinteractiveauthentication;
- requested From: Ross L Richardson
-
- dtucker/markus helped explain its workings;
- - djm@cvs.openbsd.org 2014/01/30 22:26:14
- [sandbox-systrace.c]
- allow shutdown(2) syscall in sandbox - it may be called by packet_close()
- from portable
- (Id sync only; change is already in portable)
- - tedu@cvs.openbsd.org 2014/01/31 16:39:19
- [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
- [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
- [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
- [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
- [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
- replace most bzero with explicit_bzero, except a few that cna be memset
- ok djm dtucker
- - djm@cvs.openbsd.org 2014/02/02 03:44:32
- [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
- [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
- [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
- [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
- [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
- [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
- [sshd.c]
- convert memset of potentially-private data to explicit_bzero()
- - djm@cvs.openbsd.org 2014/02/03 23:28:00
- [ssh-ecdsa.c]
- fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
- DSA_SIG_new. Reported by Batz Spear; ok markus@
- - djm@cvs.openbsd.org 2014/02/02 03:44:31
- [digest-libc.c digest-openssl.c]
- convert memset of potentially-private data to explicit_bzero()
- - djm@cvs.openbsd.org 2014/02/04 00:24:29
- [ssh.c]
- delay lowercasing of hostname until right before hostname
- canonicalisation to unbreak case-sensitive matching of ssh_config;
- reported by Ike Devolder; ok markus@
- - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
- - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
-
-20140131
- - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
- syscall from sandboxes; it may be called by packet_close.
- - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
- build with HP-UX's compiler. Patch from Kevin Brott.
- - (tim) [Makefile.in] build regress/setuid-allow.
-
-20140130
- - (djm) [configure.ac] Only check for width-specified integer types
- in headers that actually exist. patch from Tom G. Christensen;
- ok dtucker@
- - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
- different symbols for 'read' when various compiler flags are
- in use, causing atomicio.c comparisons against it to break and
- read/write operations to hang; ok dtucker
- - (djm) Release openssh-6.5p1
-
-20140129
- - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
- Tom G. Christensen
-
-20140128
- - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
- ok dtucker
- - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
- latter being specified to have undefined behaviour in SUSv3;
- ok dtucker
- - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
- when used as an error message inside an if statement so we display the
- correct into. agent.sh patch from Petr Lautrbach.
-
-20140127
- - (dtucker) [Makefile.in] Remove trailing backslash which some make
- implementations (eg older Solaris) do not cope with.
-
-20140126
- - OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2014/01/25 10:12:50
- [cipher.c cipher.h kex.c kex.h kexgexc.c]
- Add a special case for the DH group size for 3des-cbc, which has an
- effective strength much lower than the key size. This causes problems
- with some cryptlib implementations, which don't support group sizes larger
- than 4k but also don't use the largest group size it does support as
- specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
- reduced by me with input from Markus. ok djm@ markus@
- - markus@cvs.openbsd.org 2014/01/25 20:35:37
- [kex.c]
- dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
- ok dtucker@, noted by mancha
- - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
- RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
- libc will attempt to open additional file descriptors for crypto
- offload and crash if they cannot be opened.
- - (djm) [configure.ac] correct AC_DEFINE for previous.
-
-20140125
- - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
- - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
- sys/capability.h exists and cap_rights_limit is in libc. Fixes
- build on FreeBSD9x which provides the header but not the libc
- support.
- - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
- against the correct thing.
-
-20140124
- - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
- the scp regress test actually test the built scp rather than the one
- in $PATH. ok dtucker@
-
-20140123
- - (tim) [session.c] Improve error reporting on set_id().
- - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
- incompatible with OpenBSD's despite post-dating it by more than a decade.
- Declare it as broken, and document FreeBSD's as the same. ok djm@
-
-20140122
- - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
- platform that is expected to use the reuse-argv style setproctitle
- hack surprises us by providing a setproctitle in libc; ok dtucker
- - (djm) [configure.ac] Unless specifically requested, only attempt
- to build Position Independent Executables on gcc >= 4.x; ok dtucker
- - (djm) [configure.ac aclocal.m4] More tests to detect fallout from
- platform hardening options: include some long long int arithmatic
- to detect missing support functions for -ftrapv in libgcc and
- equivalents, actually test linking when -ftrapv is supplied and
- set either both -pie/-fPIE or neither. feedback and ok dtucker@
-
-20140121
- - (dtucker) [configure.ac] Make PIE a configure-time option which defaults
- to on platforms where it's known to be reliably detected and off elsewhere.
- Works around platforms such as FreeBSD 9.1 where it does not interop with
- -ftrapv (it seems to work but fails when trying to link ssh). ok djm@
- - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
- tests in the configure output. ok djm.
- - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
- with sftp chroot support. Move set_id call after chroot.
- - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
- and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
- detecting toolchain-related problems; ok dtucker
-
-20140120
- - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
- implementation does not have krb5_cc_new_unique, similar to what we do
- in auth-krb5.c.
- - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
- skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/01/20 00:08:48
- [digest.c]
- memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
-
-20140119
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2014/01/17 06:23:24
- [sftp-server.c]
- fix log message statvfs. ok djm
- - dtucker@cvs.openbsd.org 2014/01/18 09:36:26
- [session.c]
- explicitly define USE_PIPES to 1 to prevent redefinition warnings in
- portable on platforms that use pipes for everything. From vinschen at
- redhat.
- - dtucker@cvs.openbsd.org 2014/01/19 04:17:29
- [canohost.c addrmatch.c]
- Cast socklen_t when comparing to size_t and use socklen_t to iterate over
- the ip options, both to prevent signed/unsigned comparison warnings.
- Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
- - djm@cvs.openbsd.org 2014/01/19 04:48:08
- [ssh_config.5]
- fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
- - dtucker@cvs.openbsd.org 2014/01/19 11:21:51
- [addrmatch.c]
- Cast the sizeof to socklen_t so it'll work even if the supplied len is
- negative. Suggested by and ok djm, ok deraadt.
-
-20140118
- - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch
- from vinschen at redhat.com
- - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
- declarations that stopped being included when we stopped including
- <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
- redhat.com.
- - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
- optind) are defined in getopt.h already. Unfortunately they are defined as
- "declspec(dllimport)" for historical reasons, because the GNU linker didn't
- allow auto-import on PE/COFF targets way back when. The problem is the
- dllexport attributes collide with the definitions in the various source
- files in OpenSSH, which obviousy define the variables without
- declspec(dllimport). The least intrusive way to get rid of these warnings
- is to disable warnings for GCC compiler attributes when building on Cygwin.
- Patch from vinschen at redhat.com.
- - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
- return value check for cap_enter() consistent with the other uses in
- FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140.
-
-20140117
- - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
- hardening flags including -fstack-protector-strong. These default to on
- if the toolchain supports them, but there is a configure-time knob
- (--without-hardening) to disable them if necessary. ok djm@
- - (djm) [sftp-client.c] signed/unsigned comparison fix
- - (dtucker) [loginrec.c] Cast to the types specfied in the format
- specification to prevent warnings.
- - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
- - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
- - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
- includes.h to pull in all of the compatibility stuff.
- - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
- #ifdef HAVE_STDINT_H.
- - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
- don't have them.
- - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
- separate lines and alphabetize for easier diffing of changes.
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/01/17 00:21:06
- [sftp-client.c]
- signed/unsigned comparison warning fix; from portable (Id sync only)
- - dtucker@cvs.openbsd.org 2014/01/17 05:26:41
- [digest.c]
- remove unused includes. ok djm@
- - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
- [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
- [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
- using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
- Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
- - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
- openbsd-compat/openssl-compat.h] Add compatibility layer for older
- openssl versions. ok djm@
- - (dtucker) Fix typo in #ifndef.
- - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
- openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
- to be useful (and for the regression tests to pass) on platforms that
- have statfs and fstatfs. ok djm@
- - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
- need them to cut down on the name collisions.
- - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
- - (dtucker) [configure.ac] Have --without-hardening not turn off
- stack-protector since that has a separate flag that's been around a while.
- - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
- Solaris.
- - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
- they're defined if we have to define them ourselves. Fixes builds on old
- AIX.
-
-20140118
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/01/16 07:31:09
- [sftp-client.c]
- needless and incorrect cast to size_t can break resumption of
- large download; patch from tobias@
- - djm@cvs.openbsd.org 2014/01/16 07:32:00
- [version.h]
- openssh-6.5
- - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Crank RPM spec version numbers.
- - (djm) [README] update release notes URL.
-
-20140112
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2014/01/10 05:59:19
- [sshd_config]
- the /etc/ssh/ssh_host_ed25519_key is loaded by default too
- - djm@cvs.openbsd.org 2014/01/12 08:13:13
- [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
- [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
- avoid use of OpenSSL BIGNUM type and functions for KEX with
- Curve25519 by adding a buffer_put_bignum2_from_string() that stores
- a string using the bignum encoding rules. Will make it easier to
- build a reduced-feature OpenSSH without OpenSSL in the future;
- ok markus@
+commit 8ef691f7d9ef500257a549d0906d78187490668f
+Author: Damien Miller <djm@google.com>
+Date: Wed Mar 11 10:35:26 2015 +1100
-20140110
- - (djm) OpenBSD CVS Sync
- - tedu@cvs.openbsd.org 2014/01/04 17:50:55
- [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
- use standard types and formats for size_t like variables. ok dtucker
- - guenther@cvs.openbsd.org 2014/01/09 03:26:00
- [sftp-common.c]
- When formating the time for "ls -l"-style output, show dates in the future
- with the year, and rearrange a comparison to avoid a potentional signed
- arithmetic overflow that would give the wrong result.
- ok djm@
- - djm@cvs.openbsd.org 2014/01/09 23:20:00
- [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
- [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
- [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
- [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
- Introduce digest API and use it to perform all hashing operations
- rather than calling OpenSSL EVP_Digest* directly. Will make it easier
- to build a reduced-feature OpenSSH without OpenSSL in future;
- feedback, ok markus@
- - djm@cvs.openbsd.org 2014/01/09 23:26:48
- [sshconnect.c sshd.c]
- ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
- deranged and might make some attacks on KEX easier; ok markus@
-
-20140108
- - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
-
-20131231
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/12/30 23:52:28
- [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
- [sshconnect.c sshconnect2.c sshd.c]
- refuse RSA keys from old proprietary clients/servers that use the
- obsolete RSA+MD5 signature scheme. it will still be possible to connect
- with these clients/servers but only DSA keys will be accepted, and we'll
- deprecate them entirely in a future release. ok markus@
-
-20131229
- - (djm) [loginrec.c] Check for username truncation when looking up lastlog
- entries
- - (djm) [regress/Makefile] Add some generated files for cleaning
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/12/19 00:10:30
- [ssh-add.c]
- skip requesting smartcard PIN when removing keys from agent; bz#2187
- patch from jay AT slushpupie.com; ok dtucker
- - dtucker@cvs.openbsd.org 2013/12/19 00:19:12
- [serverloop.c]
- Cast client_alive_interval to u_int64_t before assinging to
- max_time_milliseconds to avoid potential integer overflow in the timeout.
- bz#2170, patch from Loganaden Velvindron, ok djm@
- - djm@cvs.openbsd.org 2013/12/19 00:27:57
- [auth-options.c]
- simplify freeing of source-address certificate restriction
- - djm@cvs.openbsd.org 2013/12/19 01:04:36
- [channels.c]
- bz#2147: fix multiple remote forwardings with dynamically assigned
- listen ports. In the s->c message to open the channel we were sending
- zero (the magic number to request a dynamic port) instead of the actual
- listen port. The client therefore had no way of discriminating between
- them.
-
- Diagnosis and fix by ronf AT timeheart.net
- - djm@cvs.openbsd.org 2013/12/19 01:19:41
- [ssh-agent.c]
- bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
- that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
- ok dtucker
- - djm@cvs.openbsd.org 2013/12/19 22:57:13
- [poly1305.c poly1305.h]
- use full name for author, with his permission
- - tedu@cvs.openbsd.org 2013/12/21 07:10:47
- [ssh-keygen.1]
- small typo
- - djm@cvs.openbsd.org 2013/12/27 22:30:17
- [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
- make the original RSA and DSA signing/verification code look more like
- the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
- rather than tediously listing all variants, use __func__ for debug/
- error messages
- - djm@cvs.openbsd.org 2013/12/27 22:37:18
- [ssh-rsa.c]
- correct comment
- - djm@cvs.openbsd.org 2013/12/29 02:28:10
- [key.c]
- allow ed25519 keys to appear as certificate authorities
- - djm@cvs.openbsd.org 2013/12/29 02:37:04
- [key.c]
- correct comment for key_to_certified()
- - djm@cvs.openbsd.org 2013/12/29 02:49:52
- [key.c]
- correct comment for key_drop_cert()
- - djm@cvs.openbsd.org 2013/12/29 04:20:04
- [key.c]
- to make sure we don't omit any key types as valid CA keys again,
- factor the valid key type check into a key_type_is_valid_ca()
- function
- - djm@cvs.openbsd.org 2013/12/29 04:29:25
- [authfd.c]
- allow deletion of ed25519 keys from the agent
- - djm@cvs.openbsd.org 2013/12/29 04:35:50
- [authfile.c]
- don't refuse to load Ed25519 certificates
- - djm@cvs.openbsd.org 2013/12/29 05:42:16
- [ssh.c]
- don't forget to load Ed25519 certs too
- - djm@cvs.openbsd.org 2013/12/29 05:57:02
- [sshconnect.c]
- when showing other hostkeys, don't forget Ed25519 keys
-
-20131221
- - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
-
-20131219
- - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
- greater than 11 either rather than just 11. Patch from Tomas Kuthan.
- - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
- Patch from Loganaden Velvindron.
-
-20131218
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/12/07 08:08:26
- [ssh-keygen.1]
- document -a and -o wrt new key format
- - naddy@cvs.openbsd.org 2013/12/07 11:58:46
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
- [ssh_config.5 sshd.8 sshd_config.5]
- add missing mentions of ed25519; ok djm@
- - dtucker@cvs.openbsd.org 2013/12/08 09:53:27
- [sshd_config.5]
- Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
- - markus@cvs.openbsd.org 2013/12/09 11:03:45
- [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
- [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
- Add Authors for the public domain ed25519/nacl code.
- see also http://nacl.cr.yp.to/features.html
- All of the NaCl software is in the public domain.
- and http://ed25519.cr.yp.to/software.html
- The Ed25519 software is in the public domain.
- - markus@cvs.openbsd.org 2013/12/09 11:08:17
- [crypto_api.h]
- remove unused defines
- - pascal@cvs.openbsd.org 2013/12/15 18:17:26
- [ssh-add.c]
- Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
- ok markus@
- - djm@cvs.openbsd.org 2013/12/15 21:42:35
- [cipher-chachapoly.c]
- add some comments and constify a constant
- - markus@cvs.openbsd.org 2013/12/17 10:36:38
- [crypto_api.h]
- I've assempled the header file by cut&pasting from generated headers
- and the source files.
-
-20131208
- - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
- Vinschen
- - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
- [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
- filesystem before running agent-ptrace.sh; ok dtucker
-
-20131207
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/12/05 22:59:45
- [sftp-client.c]
- fix memory leak in error path in do_readdir(); pointed out by
- Loganaden Velvindron @ AfriNIC in bz#2163
- - djm@cvs.openbsd.org 2013/12/06 03:40:51
- [ssh-keygen.c]
- remove duplicated character ('g') in getopt() string;
- document the (few) remaining option characters so we don't have to
- rummage next time.
- - markus@cvs.openbsd.org 2013/12/06 13:30:08
- [authfd.c key.c key.h ssh-agent.c]
- move private key (de)serialization to key.c; ok djm
- - markus@cvs.openbsd.org 2013/12/06 13:34:54
- [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
- [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
- default; details in PROTOCOL.key; feedback and lots help from djm;
- ok djm@
- - markus@cvs.openbsd.org 2013/12/06 13:39:49
- [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
- [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
- [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
- [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
- [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
- support ed25519 keys (hostkeys and user identities) using the public
- domain ed25519 reference code from SUPERCOP, see
- http://ed25519.cr.yp.to/software.html
- feedback, help & ok djm@
- - jmc@cvs.openbsd.org 2013/12/06 15:29:07
- [sshd.8]
- missing comma;
- - djm@cvs.openbsd.org 2013/12/07 00:19:15
- [key.c]
- set k->cert = NULL after freeing it
- - markus@cvs.openbsd.org 2013/12/06 13:52:46
- [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
- [regress/cert-userkey.sh regress/keytype.sh]
- test ed25519 support; from djm@
- - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
- [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
- - (djm) [Makefile.in] Add ed25519 sources
- - (djm) [authfile.c] Conditionalise inclusion of util.h
- - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
- [openbsd-compat/blf.h openbsd-compat/blowfish.c]
- [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
- portable.
- - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
- [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
- Linux
- - (djm) [regress/cert-hostkey.sh] Fix merge botch
- - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
- Loganaden Velvindron @ AfriNIC in bz#2179
-
-20131205
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2013/11/21 08:05:09
- [ssh_config.5 sshd_config.5]
- no need for .Pp before displays;
- - deraadt@cvs.openbsd.org 2013/11/25 18:04:21
- [ssh.1 ssh.c]
- improve -Q usage and such. One usage change is that the option is now
- case-sensitive
- ok dtucker markus djm
- - jmc@cvs.openbsd.org 2013/11/26 12:14:54
- [ssh.1 ssh.c]
- - put -Q in the right place
- - Ar was a poor choice for the arguments to -Q. i've chosen an
- admittedly equally poor Cm, at least consistent with the rest
- of the docs. also no need for multiple instances
- - zap a now redundant Nm
- - usage() sync
- - deraadt@cvs.openbsd.org 2013/11/26 19:15:09
- [pkcs11.h]
- cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
- Eitan Adler ok markus for ssh, implies same change in kerberosV
- - djm@cvs.openbsd.org 2013/12/01 23:19:05
- [PROTOCOL]
- mention curve25519-sha256@libssh.org key exchange algorithm
- - djm@cvs.openbsd.org 2013/12/02 02:50:27
- [PROTOCOL.chacha20poly1305]
- typo; from Jon Cave
- - djm@cvs.openbsd.org 2013/12/02 02:56:17
- [ssh-pkcs11-helper.c]
- use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
- - djm@cvs.openbsd.org 2013/12/02 03:09:22
- [key.c]
- make key_to_blob() return a NULL blob on failure; part of
- bz#2175 from Loganaden Velvindron @ AfriNIC
- - djm@cvs.openbsd.org 2013/12/02 03:13:14
- [cipher.c]
- correct bzero of chacha20+poly1305 key context. bz#2177 from
- Loganaden Velvindron @ AfriNIC
-
- Also make it a memset for consistency with the rest of cipher.c
- - djm@cvs.openbsd.org 2013/12/04 04:20:01
- [sftp-client.c]
- bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
- AfriNIC
- - djm@cvs.openbsd.org 2013/12/05 01:16:41
- [servconf.c servconf.h]
- bz#2161 - fix AuthorizedKeysCommand inside a Match block and
- rearrange things so the same error is harder to make next time;
- with and ok dtucker@
- - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
- -L location for libedit. Patch from Serge van den Boom.
-
-20131121
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/11/08 11:15:19
- [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
- [uidswap.c] Include stdlib.h for free() as per the man page.
- - markus@cvs.openbsd.org 2013/11/13 13:48:20
- [ssh-pkcs11.c]
- add missing braces found by pedro
- - djm@cvs.openbsd.org 2013/11/20 02:19:01
- [sshd.c]
- delay closure of in/out fds until after "Bad protocol version
- identification..." message, as get_remote_ipaddr/get_remote_port
- require them open.
- - deraadt@cvs.openbsd.org 2013/11/20 20:53:10
- [scp.c]
- unsigned casts for ctype macros where neccessary
- ok guenther millert markus
- - deraadt@cvs.openbsd.org 2013/11/20 20:54:10
- [canohost.c clientloop.c match.c readconf.c sftp.c]
- unsigned casts for ctype macros where neccessary
- ok guenther millert markus
- - djm@cvs.openbsd.org 2013/11/21 00:45:44
- [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
- [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
- [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
- [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
- cipher "chacha20-poly1305@openssh.com" that combines Daniel
- Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
- authenticated encryption mode.
-
- Inspired by and similar to Adam Langley's proposal for TLS:
- http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
- but differs in layout used for the MAC calculation and the use of a
- second ChaCha20 instance to separately encrypt packet lengths.
- Details are in the PROTOCOL.chacha20poly1305 file.
-
- Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
- ok markus@ naddy@
- - naddy@cvs.openbsd.org 2013/11/18 05:09:32
- [regress/forward-control.sh]
- bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
- to successfully run this; ok djm@
- - djm@cvs.openbsd.org 2013/11/21 03:15:46
- [regress/krl.sh]
- add some reminders for additional tests that I'd like to implement
- - djm@cvs.openbsd.org 2013/11/21 03:16:47
- [regress/modpipe.c]
- use unsigned long long instead of u_int64_t here to avoid warnings
- on some systems portable OpenSSH is built on.
- - djm@cvs.openbsd.org 2013/11/21 03:18:51
- [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
- [regress/try-ciphers.sh]
- use new "ssh -Q cipher-auth" query to obtain lists of authenticated
- encryption ciphers instead of specifying them manually; ensures that
- the new chacha20poly1305@openssh.com mode is tested;
-
- ok markus@ and naddy@ as part of the diff to add
- chacha20poly1305@openssh.com
-
-20131110
- - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
- querying the ones that are compiled in.
-
-20131109
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/11/09 05:41:34
- [regress/test-exec.sh regress/rekey.sh]
- Use smaller test data files to speed up tests. Grow test datafiles
- where necessary for a specific test.
- - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
- NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
- latter actually works before using it. Fedora (at least) has NID_secp521r1
- that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
- - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
- - (dtucker) [configure.ac] Add missing "test".
- - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
-
-20131108
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/11/08 01:06:14
- [regress/rekey.sh]
- Rekey less frequently during tests to speed them up
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/11/07 11:58:27
- [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
- Output the effective values of Ciphers, MACs and KexAlgorithms when
- the default has not been overridden. ok markus@
- - djm@cvs.openbsd.org 2013/11/08 00:39:15
- [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
- [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
- [sftp-client.c sftp-glob.c]
- use calloc for all structure allocations; from markus@
- - djm@cvs.openbsd.org 2013/11/08 01:38:11
- [version.h]
- openssh-6.4
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update version numbers following release.
- - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
- arc4random_stir for platforms that have arc4random but don't have
- arc4random_stir (right now this is only OpenBSD -current).
- - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
- EVP_sha256.
- - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
- - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
- warnings.
- - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
- and pass in TEST_ENV. use stderr to get polluted
- and the stderr-data test to fail.
- - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
- rather than testing and generating each key, call ssh-keygen -A.
- Patch from vinschen at redhat.com.
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/11/09 05:41:34
- [regress/test-exec.sh regress/rekey.sh]
- Use smaller test data files to speed up tests. Grow test datafiles
- where necessary for a specific test.
-
-20131107
- - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
- that got lost in recent merge.
- - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
- - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
- - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
- that lack it but have arc4random_uniform()
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2013/11/04 11:51:16
- [monitor.c]
- fix rekeying for KEX_C25519_SHA256; noted by dtucker@
- RCSID sync only; I thought this was a merge botch and fixed it already
- - markus@cvs.openbsd.org 2013/11/06 16:52:11
- [monitor_wrap.c]
- fix rekeying for AES-GCM modes; ok deraadt
- - djm@cvs.openbsd.org 2013/11/06 23:05:59
- [ssh-pkcs11.c]
- from portable: s/true/true_val/ to avoid name collisions on dump platforms
- RCSID sync only
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/10/09 23:44:14
- [regress/Makefile] (ID sync only)
- regression test for sftp request white/blacklisting and readonly mode.
- - markus@cvs.openbsd.org 2013/11/02 22:39:53
- [regress/kextype.sh]
- add curve25519-sha256@libssh.org
- - dtucker@cvs.openbsd.org 2013/11/04 12:27:42
- [regress/rekey.sh]
- Test rekeying with all KexAlgorithms.
- - dtucker@cvs.openbsd.org 2013/11/07 00:12:05
- [regress/rekey.sh]
- Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
- the GCM ciphers.
- - dtucker@cvs.openbsd.org 2013/11/07 01:12:51
- [regress/rekey.sh]
- Factor out the data transfer rekey tests
- - dtucker@cvs.openbsd.org 2013/11/07 02:48:38
- [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
- Use ssh -Q instead of hardcoding lists of ciphers or MACs.
- - dtucker@cvs.openbsd.org 2013/11/07 03:55:41
- [regress/kextype.sh]
- Use ssh -Q to get kex types instead of a static list.
- - dtucker@cvs.openbsd.org 2013/11/07 04:26:56
- [regress/kextype.sh]
- trailing space
- - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
- variable. It's no longer used now that we get the supported MACs from
- ssh -Q.
-
-20131104
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2013/11/02 20:03:54
- [ssh-pkcs11.c]
- support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
- fixes bz#1908; based on patch from Laurent Barbe; ok djm
- - markus@cvs.openbsd.org 2013/11/02 21:59:15
- [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
- use curve25519 for default key exchange (curve25519-sha256@libssh.org);
- initial patch from Aris Adamantiadis; ok djm@
- - markus@cvs.openbsd.org 2013/11/02 22:10:15
- [kexdhs.c kexecdhs.c]
- no need to include monitor_wrap.h
- - markus@cvs.openbsd.org 2013/11/02 22:24:24
- [kexdhs.c kexecdhs.c]
- no need to include ssh-gss.h
- - markus@cvs.openbsd.org 2013/11/02 22:34:01
- [auth-options.c]
- no need to include monitor_wrap.h and ssh-gss.h
- - markus@cvs.openbsd.org 2013/11/02 22:39:19
- [ssh_config.5 sshd_config.5]
- the default kex is now curve25519-sha256@libssh.org
- - djm@cvs.openbsd.org 2013/11/03 10:37:19
- [roaming_common.c]
- fix a couple of function definitions foo() -> foo(void)
- (-Wold-style-definition)
- - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
- KEX/curve25519 change
-
-20131103
- - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
- From OpenSMTPD where it prevents "implicit declaration" warnings (it's
- a no-op in OpenSSH). From chl at openbsd.
- - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
- vsnprintf. From eric at openbsd via chl@.
- - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
- for platforms that don't have them.
-
-20131030
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/10/29 09:42:11
- [key.c key.h]
- fix potential stack exhaustion caused by nested certificates;
- report by Mateusz Kocielski; ok dtucker@ markus@
- - djm@cvs.openbsd.org 2013/10/29 09:48:02
- [servconf.c servconf.h session.c sshd_config sshd_config.5]
- shd_config PermitTTY to disallow TTY allocation, mirroring the
- longstanding no-pty authorized_keys option;
- bz#2070, patch from Teran McKinney; ok markus@
- - jmc@cvs.openbsd.org 2013/10/29 18:49:32
- [sshd_config.5]
- pty(4), not pty(7);
-
-20131026
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/10/25 23:04:51
- [ssh.c]
- fix crash when using ProxyCommand caused by previous commit - was calling
- freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
-
-20131025
- - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
- unnecessary arc4random_stir() calls. The only ones left are to ensure
- that the PRNG gets a different state after fork() for platforms that
- have broken the API.
-
-20131024
- - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
- rather than full client name which may be of form user@REALM;
- patch from Miguel Sanders; ok dtucker@
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/10/23 05:40:58
- [servconf.c]
- fix comment
- - djm@cvs.openbsd.org 2013/10/23 23:35:32
- [sshd.c]
- include local address and port in "Connection from ..." message (only
- shown at loglevel>=verbose)
- - dtucker@cvs.openbsd.org 2013/10/24 00:49:49
- [moduli.c]
- Periodically print progress and, if possible, expected time to completion
- when screening moduli for DH groups. ok deraadt djm
- - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
- [readconf.c servconf.c ssh_config.5 sshd_config.5]
- Disallow empty Match statements and add "Match all" which matches
- everything. ok djm, man page help jmc@
- - djm@cvs.openbsd.org 2013/10/24 08:19:36
- [ssh.c]
- fix bug introduced in hostname canonicalisation commit: don't try to
- resolve hostnames when a ProxyCommand is set unless the user has forced
- canonicalisation; spotted by Iain Morgan
- - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
-
-20131023
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/10/20 04:39:28
- [ssh_config.5]
- document % expansions performed by "Match command ..."
- - djm@cvs.openbsd.org 2013/10/20 06:19:28
- [readconf.c ssh_config.5]
- rename "command" subclause of the recently-added "Match" keyword to
- "exec"; it's shorter, clearer in intent and we might want to add the
- ability to match against the command being executed at the remote end in
- the future.
- - djm@cvs.openbsd.org 2013/10/20 09:51:26
- [scp.1 sftp.1]
- add canonicalisation options to -o lists
- - jmc@cvs.openbsd.org 2013/10/20 18:00:13
- [ssh_config.5]
- tweak the "exec" description, as worded by djm;
- - djm@cvs.openbsd.org 2013/10/23 03:03:07
- [readconf.c]
- Hostname may have %h sequences that should be expanded prior to Match
- evaluation; spotted by Iain Morgan
- - djm@cvs.openbsd.org 2013/10/23 03:05:19
- [readconf.c ssh.c]
- comment
- - djm@cvs.openbsd.org 2013/10/23 04:16:22
- [ssh-keygen.c]
- Make code match documentation: relative-specified certificate expiry time
- should be relative to current time and not the validity start time.
- Reported by Petr Lautrbach; ok deraadt@
-
-20131018
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/10/09 23:44:14
- [regress/Makefile regress/sftp-perm.sh]
- regression test for sftp request white/blacklisting and readonly mode.
- - jmc@cvs.openbsd.org 2013/10/17 07:35:48
- [sftp.1 sftp.c]
- tweak previous;
- - djm@cvs.openbsd.org 2013/10/17 22:08:04
- [sshd.c]
- include remote port in bad banner message; bz#2162
-
-20131017
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2013/10/15 14:10:25
- [ssh.1 ssh_config.5]
- tweak previous;
- - djm@cvs.openbsd.org 2013/10/16 02:31:47
- [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
- [sshconnect.c sshconnect.h]
- Implement client-side hostname canonicalisation to allow an explicit
- search path of domain suffixes to use to convert unqualified host names
- to fully-qualified ones for host key matching.
- This is particularly useful for host certificates, which would otherwise
- need to list unqualified names alongside fully-qualified ones (and this
- causes a number of problems).
- "looks fine" markus@
- - jmc@cvs.openbsd.org 2013/10/16 06:42:25
- [ssh_config.5]
- tweak previous;
- - djm@cvs.openbsd.org 2013/10/16 22:49:39
- [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
- s/canonicalise/canonicalize/ for consistency with existing spelling,
- e.g. authorized_keys; pointed out by naddy@
- - djm@cvs.openbsd.org 2013/10/16 22:58:01
- [ssh.c ssh_config.5]
- one I missed in previous: s/isation/ization/
- - djm@cvs.openbsd.org 2013/10/17 00:30:13
- [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
- fsync@openssh.com protocol extension for sftp-server
- client support to allow calling fsync() faster successful transfer
- patch mostly by imorgan AT nas.nasa.gov; bz#1798
- "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
- - djm@cvs.openbsd.org 2013/10/17 00:46:49
- [ssh.c]
- rearrange check to reduce diff against -portable
- (Id sync only)
-
-20131015
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/10/09 23:42:17
- [sftp-server.8 sftp-server.c]
- Add ability to whitelist and/or blacklist sftp protocol requests by name.
- Refactor dispatch loop and consolidate read-only mode checks.
- Make global variables static, since sftp-server is linked into sshd(8).
- ok dtucker@
- - djm@cvs.openbsd.org 2013/10/10 00:53:25
- [sftp-server.c]
- add -Q, -P and -p to usage() before jmc@ catches me
- - djm@cvs.openbsd.org 2013/10/10 01:43:03
- [sshd.c]
- bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
- updated; ok dtucker@
- - djm@cvs.openbsd.org 2013/10/11 02:45:36
- [sftp-client.c]
- rename flag arguments to be more clear and consistent.
- reorder some internal function arguments to make adding additional flags
- easier.
- no functional change
- - djm@cvs.openbsd.org 2013/10/11 02:52:23
- [sftp-client.c]
- missed one arg reorder
- - djm@cvs.openbsd.org 2013/10/11 02:53:45
- [sftp-client.h]
- obsolete comment
- - jmc@cvs.openbsd.org 2013/10/14 14:18:56
- [sftp-server.8 sftp-server.c]
- tweak previous;
- ok djm
- - djm@cvs.openbsd.org 2013/10/14 21:20:52
- [session.c session.h]
- Add logging of session starts in a useful format; ok markus@ feedback and
- ok dtucker@
- - djm@cvs.openbsd.org 2013/10/14 22:22:05
- [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
- add a "Match" keyword to ssh_config that allows matching on hostname,
- user and result of arbitrary commands. "nice work" markus@
- - djm@cvs.openbsd.org 2013/10/14 23:28:23
- [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
- refactor client config code a little:
- add multistate option partsing to readconf.c, similar to servconf.c's
- existing code.
- move checking of options that accept "none" as an argument to readconf.c
- add a lowercase() function and use it instead of explicit tolower() in
- loops
- part of a larger diff that was ok markus@
- - djm@cvs.openbsd.org 2013/10/14 23:31:01
- [ssh.c]
- whitespace at EOL; pointed out by markus@
- - [ssh.c] g/c unused variable.
-
-20131010
- - (dtucker) OpenBSD CVS Sync
- - sthen@cvs.openbsd.org 2013/09/16 11:35:43
- [ssh_config]
- Remove gssapi config parts from ssh_config, as was already done for
- sshd_config. Req by/ok ajacoutot@
- ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
- - djm@cvs.openbsd.org 2013/09/19 00:24:52
- [progressmeter.c]
- store the initial file offset so the progress meter doesn't freak out
- when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@`
- - djm@cvs.openbsd.org 2013/09/19 00:49:12
- [sftp-client.c]
- fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
- - djm@cvs.openbsd.org 2013/09/19 01:24:46
- [channels.c]
- bz#1297 - tell the client (via packet_send_debug) when their preferred
- listen address has been overridden by the server's GatewayPorts;
- ok dtucker@
- - djm@cvs.openbsd.org 2013/09/19 01:26:29
- [sshconnect.c]
- bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
- swp AT swp.pp.ru; ok dtucker@
- - dtucker@cvs.openbsd.org 2013/10/08 11:42:13
- [dh.c dh.h]
- Increase the size of the Diffie-Hellman groups requested for a each
- symmetric key size. New values from NIST Special Publication 800-57 with
- the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
- djm@.
-
-20131009
- - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
- in OpenBSD implementation of arc4random, shortly to replace the existing
- bsd-arc4random.c
- - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
- [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
- implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
- tested tim@
-
-20130922
- - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
- setting when handling SIGHUP to maintain behaviour over retart. Patch
- from Matthew Ife.
-
-20130918
- - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
-
-20130914
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/08/22 19:02:21
- [sshd.c]
- Stir PRNG after post-accept fork. The child gets a different PRNG state
- anyway via rexec and explicit privsep reseeds, but it's good to be sure.
- ok markus@
- - mikeb@cvs.openbsd.org 2013/08/28 12:34:27
- [ssh-keygen.c]
- improve batch processing a bit by making use of the quite flag a bit
- more often and exit with a non zero code if asked to find a hostname
- in a known_hosts file and it wasn't there;
- originally from reyk@, ok djm
- - djm@cvs.openbsd.org 2013/08/31 00:13:54
- [sftp.c]
- make ^w match ksh behaviour (delete previous word instead of entire line)
- - deraadt@cvs.openbsd.org 2013/09/02 22:00:34
- [ssh-keygen.c sshconnect1.c sshd.c]
- All the instances of arc4random_stir() are bogus, since arc4random()
- does this itself, inside itself, and has for a very long time.. Actually,
- this was probably reducing the entropy available.
- ok djm
- ID SYNC ONLY for portable; we don't trust other arc4random implementations
- to do this right.
- - sthen@cvs.openbsd.org 2013/09/07 13:53:11
- [sshd_config]
- Remove commented-out kerberos/gssapi config options from sample config,
- kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
- various people; ok deraadt@
- ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
- - djm@cvs.openbsd.org 2013/09/12 01:41:12
- [clientloop.c]
- fix connection crash when sending break (~B) on ControlPersist'd session;
- ok dtucker@
- - djm@cvs.openbsd.org 2013/09/13 06:54:34
- [channels.c]
- avoid unaligned access in code that reused a buffer to send a
- struct in_addr in a reply; simpler just use use buffer_put_int();
- from portable; spotted by and ok dtucker@
-
-20130828
- - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
- 'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
- start to use them in the future.
- - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
- until we have configure support.
-
-20130821
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/08/06 23:03:49
- [sftp.c]
- fix some whitespace at EOL
- make list of commands an enum rather than a long list of defines
- add -a to usage()
- - djm@cvs.openbsd.org 2013/08/06 23:05:01
- [sftp.1]
- document top-level -a option (the -a option to 'get' was already
- documented)
- - djm@cvs.openbsd.org 2013/08/06 23:06:01
- [servconf.c]
- add cast to avoid format warning; from portable
- - jmc@cvs.openbsd.org 2013/08/07 06:24:51
- [sftp.1 sftp.c]
- sort -a;
- - djm@cvs.openbsd.org 2013/08/08 04:52:04
- [sftp.c]
- fix two year old regression: symlinking a file would incorrectly
- canonicalise the target path. bz#2129 report from delphij AT freebsd.org
- - djm@cvs.openbsd.org 2013/08/08 05:04:03
- [sftp-client.c sftp-client.h sftp.c]
- add a "-l" flag for the rename command to force it to use the silly
- standard SSH_FXP_RENAME command instead of the POSIX-rename- like
- posix-rename@openssh.com extension.
-
- intended for use in regress tests, so no documentation.
- - djm@cvs.openbsd.org 2013/08/09 03:37:25
- [sftp.c]
- do getopt parsing for all sftp commands (with an empty optstring for
- commands without arguments) to ensure consistent behaviour
- - djm@cvs.openbsd.org 2013/08/09 03:39:13
- [sftp-client.c]
- two problems found by a to-be-committed regress test: 1) msg_id was not
- being initialised so was starting at a random value from the heap
- (harmless, but confusing). 2) some error conditions were not being
- propagated back to the caller
- - djm@cvs.openbsd.org 2013/08/09 03:56:42
- [sftp.c]
- enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
- matching ksh's relatively recent change.
- - djm@cvs.openbsd.org 2013/08/13 18:32:08
- [ssh-keygen.c]
- typo in error message; from Stephan Rickauer
- - djm@cvs.openbsd.org 2013/08/13 18:33:08
- [ssh-keygen.c]
- another of the same typo
- - jmc@cvs.openbsd.org 2013/08/14 08:39:27
- [scp.1 ssh.1]
- some Bx/Ox conversion;
- From: Jan Stary
- - djm@cvs.openbsd.org 2013/08/20 00:11:38
- [readconf.c readconf.h ssh_config.5 sshconnect.c]
- Add a ssh_config ProxyUseFDPass option that supports the use of
- ProxyCommands that establish a connection and then pass a connected
- file descriptor back to ssh(1). This allows the ProxyCommand to exit
- rather than have to shuffle data back and forth and enables ssh to use
- getpeername, etc. to obtain address information just like it does with
- regular directly-connected sockets. ok markus@
- - jmc@cvs.openbsd.org 2013/08/20 06:56:07
- [ssh.1 ssh_config.5]
- some proxyusefdpass tweaks;
-
-20130808
- - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
- since some platforms (eg really old FreeBSD) don't have it. Instead,
- run "make clean" before a complete regress run. ok djm.
- - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
- CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
- CLOCK_MONOTONIC define but don't actually support it. Found and tested
- by Kevin Brott, ok djm.
- - (dtucker) [misc.c] Remove define added for fallback testing that was
- mistakenly included in the previous commit.
- - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
- removal. The "make clean" removes modpipe which is built by the top-level
- directory before running the tests. Spotted by tim@
- - (djm) Release 6.3p1
-
-20130804
- - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
- for building with older Heimdal versions. ok djm.
-
-20130801
- - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
- blocking connecting socket will clear any stored errno that might
- otherwise have been retrievable via getsockopt(). A hack to limit writes
- to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
- it in an #ifdef. Diagnosis and patch from Ivo Raisr.
- - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
-
-20130725
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/07/20 22:20:42
- [krl.c]
- fix verification error in (as-yet usused) KRL signature checking path
- - djm@cvs.openbsd.org 2013/07/22 05:00:17
- [umac.c]
- make MAC key, data to be hashed and nonce for final hash const;
- checked with -Wcast-qual
- - djm@cvs.openbsd.org 2013/07/22 12:20:02
- [umac.h]
- oops, forgot to commit corresponding header change;
- spotted by jsg and jasper
- - djm@cvs.openbsd.org 2013/07/25 00:29:10
- [ssh.c]
- daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
- it is fully detached from its controlling terminal. based on debugging
- - djm@cvs.openbsd.org 2013/07/25 00:56:52
- [sftp-client.c sftp-client.h sftp.1 sftp.c]
- sftp support for resuming partial downloads; patch mostly by Loganaden
- Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
- "Just be careful" deraadt@
- - djm@cvs.openbsd.org 2013/07/25 00:57:37
- [version.h]
- openssh-6.3 for release
- - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
- [regress/test-exec.sh]
- use ssh and sshd as testdata since it needs to be >256k for the rekey test
- - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
- [regress/forwarding.sh]
- Add test for forward config parsing
- - djm@cvs.openbsd.org 2013/06/21 02:26:26
- [regress/sftp-cmds.sh regress/test-exec.sh]
- unbreak sftp-cmds for renamed test data (s/ls/data/)
- - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
- Solaris and UnixWare. Feedback and OK djm@
- - (tim) [regress/forwarding.sh] Fix for building outside source tree.
-
-20130720
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2013/07/19 07:37:48
- [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
- [servconf.h session.c sshd.c sshd_config.5]
- add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
- or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
- ok djm@
- - djm@cvs.openbsd.org 2013/07/20 01:43:46
- [umac.c]
- use a union to ensure correct alignment; ok deraadt
- - djm@cvs.openbsd.org 2013/07/20 01:44:37
- [ssh-keygen.c ssh.c]
- More useful error message on missing current user in /etc/passwd
- - djm@cvs.openbsd.org 2013/07/20 01:50:20
- [ssh-agent.c]
- call cleanup_handler on SIGINT when in debug mode to ensure sockets
- are cleaned up on manual exit; bz#2120
- - djm@cvs.openbsd.org 2013/07/20 01:55:13
- [auth-krb5.c gss-serv-krb5.c gss-serv.c]
- fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
-
-20130718
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
- [readconf.c]
- revert 1.203 while we investigate crashes reported by okan@
- - guenther@cvs.openbsd.org 2013/06/17 04:48:42
- [scp.c]
- Handle time_t values as long long's when formatting them and when
- parsing them from remote servers.
- Improve error checking in parsing of 'T' lines.
- ok dtucker@ deraadt@
- - markus@cvs.openbsd.org 2013/06/20 19:15:06
- [krl.c]
- don't leak the rdata blob on errors; ok djm@
- - djm@cvs.openbsd.org 2013/06/21 00:34:49
- [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
- for hostbased authentication, print the client host and user on
- the auth success/failure line; bz#2064, ok dtucker@
- - djm@cvs.openbsd.org 2013/06/21 00:37:49
- [ssh_config.5]
- explicitly mention that IdentitiesOnly can be used with IdentityFile
- to control which keys are offered from an agent.
- - djm@cvs.openbsd.org 2013/06/21 05:42:32
- [dh.c]
- sprinkle in some error() to explain moduli(5) parse failures
- - djm@cvs.openbsd.org 2013/06/21 05:43:10
- [scp.c]
- make this -Wsign-compare clean after time_t conversion
- - djm@cvs.openbsd.org 2013/06/22 06:31:57
- [scp.c]
- improved time_t overflow check suggested by guenther@
- - jmc@cvs.openbsd.org 2013/06/27 14:05:37
- [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
- do not use Sx for sections outwith the man page - ingo informs me that
- stuff like html will render with broken links;
- issue reported by Eric S. Raymond, via djm
- - markus@cvs.openbsd.org 2013/07/02 12:31:43
- [dh.c]
- remove extra whitespace
- - djm@cvs.openbsd.org 2013/07/12 00:19:59
- [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
- [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
- fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
- - djm@cvs.openbsd.org 2013/07/12 00:20:00
- [sftp.c ssh-keygen.c ssh-pkcs11.c]
- fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
- - djm@cvs.openbsd.org 2013/07/12 00:43:50
- [misc.c]
- in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
- errno == 0. Avoids confusing error message in some broken resolver
- cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
- - djm@cvs.openbsd.org 2013/07/12 05:42:03
- [ssh-keygen.c]
- do_print_resource_record() can never be called with a NULL filename, so
- don't attempt (and bungle) asking for one if it has not been specified
- bz#2127 ok dtucker@
- - djm@cvs.openbsd.org 2013/07/12 05:48:55
- [ssh.c]
- set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
- - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
- [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
- use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
- - djm@cvs.openbsd.org 2013/07/18 01:12:26
- [ssh.1]
- be more exact wrt perms for ~/.ssh/config; bz#2078
-
-20130702
- - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
- contrib/cygwin/ssh-user-config] Modernizes and improve readability of
- the Cygwin README file (which hasn't been updated for ages), drop
- unsupported OSes from the ssh-host-config help text, and drop an
- unneeded option from ssh-user-config. Patch from vinschen at redhat com.
-
-20130610
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
- [channels.c channels.h clientloop.c]
- Add an "ABANDONED" channel state and use for mux sessions that are
- disconnected via the ~. escape sequence. Channels in this state will
- be able to close if the server responds, but do not count as active channels.
- This means that if you ~. all of the mux clients when using ControlPersist
- on a broken network, the backgrounded mux master will exit when the
- Control Persist time expires rather than hanging around indefinitely.
- bz#1917, also reported and tested by tedu@. ok djm@ markus@.
- - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
- algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
- - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
- the required OpenSSL support. Patch from naddy at freebsd.
- - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
- and add some comments so it's clear what goes where.
-
-20130605
- - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
- the necessary functions, not from the openssl version.
- - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
- Patch from cjwatson at debian.
- - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
- forwarding test is extremely slow copying data on some machines so switch
- back to copying the much smaller ls binary until we can figure out why
- this is.
- - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
- modpipe in case there's anything in there we need.
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
- [channels.h]
- typo in comment
- - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
- [clientloop.h clientloop.c mux.c]
- No need for the mux cleanup callback to be visible so restore it to static
- and call it through the detach_user function pointer. ok djm@
- - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
- [mac.c]
- force the MAC output to be 64-bit aligned so umac won't see unaligned
- accesses on strict-alignment architectures. bz#2101, patch from
- tomas.kuthan at oracle.com, ok djm@
- - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
- [scp.c]
- use MAXPATHLEN for buffer size instead of fixed value. ok markus
- - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
- [sftp.c]
- Make sftp's libedit interface marginally multibyte aware by building up
- the quoted string by character instead of by byte. Prevents failures
- when linked against a libedit built with wide character support (bz#1990).
- "looks ok" djm
- - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
- [mux.c]
- fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
- ok djm
- - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
- [sshd.c]
- When running sshd -D, close stderr unless we have explicitly requesting
- logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
- so, err, ok dtucker.
- - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
- [sshconnect2.c]
- Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
- - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
- [readconf.c]
- plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
- - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
- platforms that don't have multibyte character support (specifically,
- mblen).
-
-20130602
- - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
- linking regress/modpipe.
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
- [progressmeter.c]
- Add misc.h for monotime prototype. (ID sync only).
- - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
- [ssh-agent.c]
- Make parent_alive_interval time_t to avoid signed/unsigned comparison
- - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
- to prevent noise from configure. Patch from Nathan Osman. (bz#2114).
- - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
- Patch from Nathan Osman.
- - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
- need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
- dealing with shell portability issues in regression tests, we let
- configure find us a capable shell on those platforms with an old /bin/sh.
- - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
- feedback and ok dtucker
- - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
- - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
- - (dtucker) [configure.ac] Some other platforms need sys/types.h before
- sys/socket.h.
-
-20130601
- - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
- using openssl's DES_crypt function on platorms that don't have a native
- one, eg Android. Based on a patch from Nathan Osman.
- - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
- rather than trying to enumerate the plaforms that don't have them.
- Based on a patch from Nathan Osman, with help from tim@.
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/05/17 00:13:13
- [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
- ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
- gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
- auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
- servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
- auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
- sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
- kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
- kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
- monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
- ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
- sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
- ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
- dns.c packet.c readpass.c authfd.c moduli.c]
- bye, bye xfree(); ok markus@
- - djm@cvs.openbsd.org 2013/05/19 02:38:28
- [auth2-pubkey.c]
- fix failure to recognise cert-authority keys if a key of a different type
- appeared in authorized_keys before it; ok markus@
- - djm@cvs.openbsd.org 2013/05/19 02:42:42
- [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
- Standardise logging of supplemental information during userauth. Keys
- and ruser is now logged in the auth success/failure message alongside
- the local username, remote host/port and protocol in use. Certificates
- contents and CA are logged too.
- Pushing all logging onto a single line simplifies log analysis as it is
- no longer necessary to relate information scattered across multiple log
- entries. "I like it" markus@
- - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
- [ssh-agent.c]
- Use time_t where appropriate. ok djm
- - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
- [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
- channels.c sandbox-systrace.c]
- Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
- keepalives and rekeying will work properly over clock steps. Suggested by
- markus@, "looks good" djm@.
- - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
- [scp.c sftp-client.c]
- Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
- from Nathan Osman via bz#2085. ok deraadt.
- - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
- [sftp-client.c]
- Update progressmeter when data is acked, not when it's sent. bz#2108, from
- Debian via Colin Watson, ok djm@
- - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
- groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
- sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
- openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
- openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
- with the equivalent calls to free.
- - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
- back to time(NULL) if we can't find it anywhere.
- - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
-
-20130529
- - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
- implementation of endgrent for platforms that don't have it (eg Android).
- Loosely based on a patch from Nathan Osman, ok djm
-
- 20130517
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/03/07 00:20:34
- [regress/proxy-connect.sh]
- repeat test with a style appended to the username
- - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
- [regress/test-exec.sh]
- Only regenerate host keys if they don't exist or if ssh-keygen has changed
- since they were. Reduces test runtime by 5-30% depending on machine
- speed.
- - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
- [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
- regress/multiplex.sh Makefile regress/cfgmatch.sh]
- Split the regress log into 3 parts: the debug output from ssh, the debug
- log from sshd and the output from the client command (ssh, scp or sftp).
- Somewhat functional now, will become more useful when ssh/sshd -E is added.
- - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
- [regress/Makefile regress/rekey.sh regress/integrity.sh
- regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
- use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
- save the output from any failing tests. If a test fails the debug output
- from ssh and sshd for the failing tests (and only the failing tests) should
- be available in failed-ssh{,d}.log.
- - djm@cvs.openbsd.org 2013/04/18 02:46:12
- [regress/Makefile regress/sftp-chroot.sh]
- test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
- - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
- [regress/multiplex.sh]
- Write mux master logs to regress.log instead of ssh.log to keep separate
- - djm@cvs.openbsd.org 2013/05/10 03:46:14
- [regress/modpipe.c]
- sync some portability changes from portable OpenSSH (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
- [regress/rekey.sh]
- Add test for time-based rekeying
- - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
- [regress/rekey.sh]
- test rekeying when there's no data being transferred
- - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
- [regress/rekey.sh]
- add server-side rekey test
- - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
- [regress/rekey.sh]
- add tests for RekeyLimit parsing
- - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
- [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
- regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
- regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
- regress/ssh-com.sh]
- replace 'echo -n' with 'printf' since it's more portable
- also remove "echon" hack.
- - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
- [regress/agent-timeout.sh]
- Pull back some portability changes from -portable:
- - TIMEOUT is a read-only variable in some shells
- - not all greps have -q so redirect to /dev/null instead.
- (ID sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
- [regress/integrity.sh]
- don't print output from ssh before getting it (it's available in ssh.log)
- - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
- [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
- regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
- regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
- regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
- regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
- regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
- regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
- regress/multiplex.sh]
- Move the setting of DATA and COPY into test-exec.sh
- - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
- [regress/try-ciphers.sh]
- use expr for math to keep diffs vs portable down
- (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
- [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
- Use SUDO when cat'ing pid files and running the sshd log wrapper so that
- it works with a restrictive umask and the pid files are not world readable.
- Changes from -portable. (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
- [regress/localcommand.sh]
- use backticks for portability. (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
- [regress/sftp-badcmds.sh]
- remove unused BATCH variable. (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
- [regress/sftp.sh]
- only compare copied data if sftp succeeds. from portable (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
- [regress/test-exec.sh]
- wait a bit longer for startup and use case for absolute path.
- from portable (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
- [regress/agent-getpeereid.sh]
- don't redirect stdout from sudo. from portable (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
- [regress/portnum.sh]
- use a more portable negated if structure. from portable (id sync only)
- - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
- [regress/scp.sh]
- use a file extention that's not special on some platforms. from portable
- (id sync only)
- - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
- in portable and it's long gone in openbsd.
- - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
- methods. When the openssl version doesn't support ECDH then next one on
- the list is DH group exchange, but that causes a bit more traffic which can
- mean that the tests flip bits in the initial exchange rather than the MACed
- traffic and we get different errors to what the tests look for.
- - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
- - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
- - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
- - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
- Move the jot helper function to portable-specific part of test-exec.sh.
- - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
- together and add a couple of missing lines from openbsd.
- - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
- helper function to the portable part of test-exec.sh.
- - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
- - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
- rev 1.6 which calls wait.
-
-20130516
- - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
- executed if mktemp failed; bz#2105 ok dtucker@
- - (dtucker) OpenBSD CVS Sync
- - tedu@cvs.openbsd.org 2013/04/23 17:49:45
- [misc.c]
- use xasprintf instead of a series of strlcats and strdup. ok djm
- - tedu@cvs.openbsd.org 2013/04/24 16:01:46
- [misc.c]
- remove extra parens noticed by nicm
- - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
- [sftp-server.8]
- Reference the version of the sftp draft we actually implement. ok djm@
- - djm@cvs.openbsd.org 2013/05/10 03:40:07
- [sshconnect2.c]
- fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
- Colin Watson
- - djm@cvs.openbsd.org 2013/05/10 04:08:01
- [key.c]
- memleak in cert_free(), wasn't actually freeing the struct;
- bz#2096 from shm AT digitalsun.pl
- - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
- [ssh-pkcs11-helper.c]
- remove unused extern optarg. ok markus@
- - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
- [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
- ssh_config.5 packet.h]
- Add an optional second argument to RekeyLimit in the client to allow
- rekeying based on elapsed time in addition to amount of traffic.
- with djm@ jmc@, ok djm
- - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
- [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
- sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
- rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
- page.
- - djm@cvs.openbsd.org 2013/05/16 04:27:50
- [ssh_config.5 readconf.h readconf.c]
- add the ability to ignore specific unrecognised ssh_config options;
- bz#866; ok markus@
- - jmc@cvs.openbsd.org 2013/05/16 06:28:45
- [ssh_config.5]
- put IgnoreUnknown in the right place;
- - jmc@cvs.openbsd.org 2013/05/16 06:30:06
- [sshd_config.5]
- oops! avoid Xr to self;
- - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
- [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
- Fix some "unused result" warnings found via clang and -portable.
- ok markus@
- - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
- [readconf.c servconf.c]
- switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
- - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
- [servconf.c readconf.c]
- remove now-unused variables
- - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
- [servconf.c]
- remove another now-unused variable
- - (dtucker) [configure.ac readconf.c servconf.c
- openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
-
-20130510
- - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
- supports it. Mentioned by Colin Watson in bz#2100, ok djm.
- - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
- getopt.c. Preprocessed source is identical other than line numbers.
- - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
- portability changes yet.
- - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
- openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
- portability code to getopt_long.c and switch over Makefile and the ugly
- hack in modpipe.c. Fixes bz#1448.
- - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
- openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
- in to use it when we're using our own getopt.
- - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
- underlying libraries support them.
- - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
- we don't get a warning on compilers that *don't* support it. Add
- -Wno-unknown-warning-option. Move both to the start of the list for
- maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
-
-20130423
- - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
- platforms, such as Android, that lack struct passwd.pw_gecos. Report
- and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2013/03/05 20:16:09
- [sshconnect2.c]
- reset pubkey order on partial success; ok djm@
- - djm@cvs.openbsd.org 2013/03/06 23:35:23
- [session.c]
- fatal() when ChrootDirectory specified by running without root privileges;
- ok markus@
- - djm@cvs.openbsd.org 2013/03/06 23:36:53
- [readconf.c]
- g/c unused variable (-Wunused)
- - djm@cvs.openbsd.org 2013/03/07 00:19:59
- [auth2-pubkey.c monitor.c]
- reconstruct the original username that was sent by the client, which may
- have included a style (e.g. "root:skey") when checking public key
- signatures. Fixes public key and hostbased auth when the client specified
- a style; ok markus@
- - markus@cvs.openbsd.org 2013/03/07 19:27:25
- [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
- add submethod support to AuthenticationMethods; ok and freedback djm@
- - djm@cvs.openbsd.org 2013/03/08 06:32:58
- [ssh.c]
- allow "ssh -f none ..." ok markus@
- - djm@cvs.openbsd.org 2013/04/05 00:14:00
- [auth2-gss.c krl.c sshconnect2.c]
- hush some {unused, printf type} warnings
- - djm@cvs.openbsd.org 2013/04/05 00:31:49
- [pathnames.h]
- use the existing _PATH_SSH_USER_RC define to construct the other
- pathnames; bz#2077, ok dtucker@ (no binary change)
- - djm@cvs.openbsd.org 2013/04/05 00:58:51
- [mux.c]
- cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
- (in addition to ones already in OPEN); bz#2079, ok dtucker@
- - markus@cvs.openbsd.org 2013/04/06 16:07:00
- [channels.c sshd.c]
- handle ECONNABORTED for accept(); ok deraadt some time ago...
- - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
- [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
- Add -E option to ssh and sshd to append debugging logs to a specified file
- instead of stderr or syslog. ok markus@, man page help jmc@
- - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
- [sshd.8]
- clarify -e text. suggested by & ok jmc@
- - djm@cvs.openbsd.org 2013/04/11 02:27:50
- [packet.c]
- quiet disconnect notifications on the server from error() back to logit()
- if it is a normal client closure; bz#2057 ok+feedback dtucker@
- - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
- [session.c]
- revert rev 1.262; it fails because uid is already set here. ok djm@
- - djm@cvs.openbsd.org 2013/04/18 02:16:07
- [sftp.c]
- make "sftp -q" do what it says on the sticker: hush everything but errors;
- ok dtucker@
- - djm@cvs.openbsd.org 2013/04/19 01:00:10
- [sshd_config.5]
- document the requirment that the AuthorizedKeysCommand be owned by root;
- ok dtucker@ markus@
- - djm@cvs.openbsd.org 2013/04/19 01:01:00
- [ssh-keygen.c]
- fix some memory leaks; bz#2088 ok dtucker@
- - djm@cvs.openbsd.org 2013/04/19 01:03:01
- [session.c]
- reintroduce 1.262 without the connection-killing bug:
- fatal() when ChrootDirectory specified by running without root privileges;
- ok markus@
- - djm@cvs.openbsd.org 2013/04/19 01:06:50
- [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
- [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
- add the ability to query supported ciphers, MACs, key type and KEX
- algorithms to ssh. Includes some refactoring of KEX and key type handling
- to be table-driven; ok markus@
- - djm@cvs.openbsd.org 2013/04/19 11:10:18
- [ssh.c]
- add -Q to usage; reminded by jmc@
- - djm@cvs.openbsd.org 2013/04/19 12:07:08
- [kex.c]
- remove duplicated list entry pointed out by naddy@
- - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
- [mux.c]
- typo in debug output: evitval->exitval
-
-20130418
- - (djm) [config.guess config.sub] Update to last versions before they switch
- to GPL3. ok dtucker@
- - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
- unused argument warnings (in particular, -fno-builtin-memset) from clang.
-
-20130404
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
- [readconf.c ssh.c readconf.h sshconnect2.c]
- Keep track of which IndentityFile options were manually supplied and which
- were default options, and don't warn if the latter are missing.
- ok markus@
- - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
- [krl.c]
- Remove bogus include. ok djm
- - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
- [ssh.c readconf.c readconf.h]
- Don't complain if IdentityFiles specified in system-wide configs are
- missing. ok djm, deraadt.
- - markus@cvs.openbsd.org 2013/02/22 19:13:56
- [sshconnect.c]
- support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
- - djm@cvs.openbsd.org 2013/02/22 22:09:01
- [ssh.c]
- Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
- version)
-
-20130401
- - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
- to avoid conflicting definitions of __int64, adding the required bits.
- Patch from Corinna Vinschen.
-
-20130323
- - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
-
-20130322
- - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
- Hands' greatly revised version.
- - (djm) Release 6.2p1
- - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
- - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
- defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
-
-20130318
- - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
- [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
- so mark it as broken. Patch from des AT des.no
-
-20130317
- - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
- of the bits the configure test looks for.
-
-20130316
- - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
- is unable to successfully compile them. Based on patch from des AT
- des.no
- - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
- Add a usleep replacement for platforms that lack it; ok dtucker
- - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
- occur after UID switch; patch from John Marshall via des AT des.no;
- ok dtucker@
-
-20130312
- - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
- Improve portability of cipher-speed test, based mostly on a patch from
- Iain Morgan.
- - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
- in addition to root as an owner of system directories on AIX and HP-UX.
- ok djm@
-
-20130307
- - (dtucker) [INSTALL] Bump documented autoconf version to what we're
- currently using.
- - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
- was removed in configure.ac rev 1.481 as it was redundant.
- - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
- ago.
- - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
- chance to complete on broken systems; ok dtucker@
-
-20130306
- - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
- connection to start so that the test works on slower machines.
- - (dtucker) [configure.ac] test that we can set number of file descriptors
- to zero with setrlimit before enabling the rlimit sandbox. This affects
- (at least) HPUX 11.11.
-
-20130305
- - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
- HP/UX. Spotted by Kevin Brott
- - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
- Amit Kulkarni and Kevin Brott.
- - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
- build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
- Brott.
- - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
-
-20130227
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Crank version numbers
- - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
- - (tim) [regress/integrity.sh] shell portability fix.
- - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
- - (tim) [regress/krl.sh] keep old solaris awk from hanging.
-
-20130226
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/02/20 08:27:50
- [integrity.sh]
- Add an option to modpipe that warns if the modification offset it not
- reached in it's stream and turn it on for t-integrity. This should catch
- cases where the session is not fuzzed for being too short (cf. my last
- "oops" commit)
- - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
- for UsePAM=yes configuration
-
-20130225
- - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
- to use Solaris native GSS libs. Patch from Pierre Ossman.
-
-20130223
- - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
- bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
- ok tim
-
-20130222
- - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
- ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm.
- - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
- libgss too. Patch from Pierre Ossman, ok djm.
- - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
- seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
- ok dtucker
-
-20130221
- - (tim) [regress/forward-control.sh] shell portability fix.
-
-20130220
- - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
- - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
- err.h include from krl.c. Additional portability fixes for modpipe. OK djm
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/02/20 08:27:50
- [regress/integrity.sh regress/modpipe.c]
- Add an option to modpipe that warns if the modification offset it not
- reached in it's stream and turn it on for t-integrity. This should catch
- cases where the session is not fuzzed for being too short (cf. my last
- "oops" commit)
- - djm@cvs.openbsd.org 2013/02/20 08:29:27
- [regress/modpipe.c]
- s/Id/OpenBSD/ in RCS tag
-
-20130219
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/02/18 22:26:47
- [integrity.sh]
- crank the offset yet again; it was still fuzzing KEX one of Darren's
- portable test hosts at 2800
- - djm@cvs.openbsd.org 2013/02/19 02:14:09
- [integrity.sh]
- oops, forgot to increase the output of the ssh command to ensure that
- we actually reach $offset
- - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
- lack support for SHA2.
- - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
- that do not have them.
-
-20130217
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/02/17 23:16:55
- [integrity.sh]
- make the ssh command generates some output to ensure that there are at
- least offset+tries bytes in the stream.
-
-20130216
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/02/16 06:08:45
- [integrity.sh]
- make sure the fuzz offset is actually past the end of KEX for all KEX
- types. diffie-hellman-group-exchange-sha256 requires an offset around
- 2700. Noticed via test failures in portable OpenSSH on platforms that
- lack ECC and this the more byte-frugal ECDH KEX algorithms.
-
-20130215
- - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
- Iain Morgan
- - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
- Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
- - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
- openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
- platforms that don't have it.
- - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
- group strto* function prototypes together.
- - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
- an argument. Pointed out by djm.
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/02/14 21:35:59
- [auth2-pubkey.c]
- Correct error message that had a typo and was logging the wrong thing;
- patch from Petr Lautrbach
- - dtucker@cvs.openbsd.org 2013/02/15 00:21:01
- [sshconnect2.c]
- Warn more loudly if an IdentityFile provided by the user cannot be read.
- bz #1981, ok djm@
-
-20130214
- - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
- - (djm) [regress/krl.sh] typo; found by Iain Morgan
- - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
- of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
- Iain Morgan
-
-20130212
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/01/24 21:45:37
- [krl.c]
- fix handling of (unused) KRL signatures; skip string in correct buffer
- - djm@cvs.openbsd.org 2013/01/24 22:08:56
- [krl.c]
- skip serial lookup when cert's serial number is zero
- - krw@cvs.openbsd.org 2013/01/25 05:00:27
- [krl.c]
- Revert last. Breaks due to likely typo. Let djm@ fix later.
- ok djm@ via dlg@
- - djm@cvs.openbsd.org 2013/01/25 10:22:19
- [krl.c]
- redo last commit without the vi-vomit that snuck in:
- skip serial lookup when cert's serial number is zero
- (now with 100% better comment)
- - djm@cvs.openbsd.org 2013/01/26 06:11:05
- [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
- [openbsd-compat/openssl-compat.h]
- remove ACSS, now that it is gone from libcrypto too
- - djm@cvs.openbsd.org 2013/01/27 10:06:12
- [krl.c]
- actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
- - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
- [servconf.c sshd_config sshd_config.5]
- Change default of MaxStartups to 10:30:100 to start doing random early
- drop at 10 connections up to 100 connections. This will make it harder
- to DoS as CPUs have come a long way since the original value was set
- back in 2000. Prompted by nion at debian org, ok markus@
- - dtucker@cvs.openbsd.org 2013/02/06 00:22:21
- [auth.c]
- Fix comment, from jfree.e1 at gmail
- - djm@cvs.openbsd.org 2013/02/08 00:41:12
- [sftp.c]
- fix NULL deref when built without libedit and control characters
- entered as command; debugging and patch from Iain Morgan an
- Loganaden Velvindron in bz#1956
- - markus@cvs.openbsd.org 2013/02/10 21:19:34
- [version.h]
- openssh 6.2
- - djm@cvs.openbsd.org 2013/02/10 23:32:10
- [ssh-keygen.c]
- append to moduli file when screening candidates rather than overwriting.
- allows resumption of interrupted screen; patch from Christophe Garault
- in bz#1957; ok dtucker@
- - djm@cvs.openbsd.org 2013/02/10 23:35:24
- [packet.c]
- record "Received disconnect" messages at ERROR rather than INFO priority,
- since they are abnormal and result in a non-zero ssh exit status; patch
- from Iain Morgan in bz#2057; ok dtucker@
- - dtucker@cvs.openbsd.org 2013/02/11 21:21:58
- [sshd.c]
- Add openssl version to debug output similar to the client. ok markus@
- - djm@cvs.openbsd.org 2013/02/11 23:58:51
- [regress/try-ciphers.sh]
- remove acss here too
- - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
-
-20130211
- - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
- libcrypto that lacks EVP_CIPHER_CTX_ctrl
-
-20130208
- - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
- patch from Iain Morgan in bz#2059
- - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
- __attribute__ on return values and work around if necessary. ok djm@
-
-20130207
- - (djm) [configure.ac] Don't probe seccomp capability of running kernel
- at configure time; the seccomp sandbox will fall back to rlimit at
- runtime anyway. Patch from plautrba AT redhat.com in bz#2011
-
-20130120
- - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
- Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
- prototypes for openssl-1.0.0-fips.
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2013/01/18 07:57:47
- [ssh-keygen.1]
- tweak previous;
- - jmc@cvs.openbsd.org 2013/01/18 07:59:46
- [ssh-keygen.c]
- -u before -V in usage();
- - jmc@cvs.openbsd.org 2013/01/18 08:00:49
- [sshd_config.5]
- tweak previous;
- - jmc@cvs.openbsd.org 2013/01/18 08:39:04
- [ssh-keygen.1]
- add -Q to the options list; ok djm
- - jmc@cvs.openbsd.org 2013/01/18 21:48:43
- [ssh-keygen.1]
- command-line (adj.) -> command line (n.);
- - jmc@cvs.openbsd.org 2013/01/19 07:13:25
- [ssh-keygen.1]
- fix some formatting; ok djm
- - markus@cvs.openbsd.org 2013/01/19 12:34:55
- [krl.c]
- RB_INSERT does not remove existing elments; ok djm@
- - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
- version.
- - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
-
-20130118
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/01/17 23:00:01
- [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
- [krl.c krl.h PROTOCOL.krl]
- add support for Key Revocation Lists (KRLs). These are a compact way to
- represent lists of revoked keys and certificates, taking as little as
- a single bit of incremental cost to revoke a certificate by serial number.
- KRLs are loaded via the existing RevokedKeys sshd_config option.
- feedback and ok markus@
- - djm@cvs.openbsd.org 2013/01/18 00:45:29
- [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
- Tests for Key Revocation Lists (KRLs)
- - djm@cvs.openbsd.org 2013/01/18 03:00:32
- [krl.c]
- fix KRL generation bug for list sections
-
-20130117
- - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
- check for GCM support before testing GCM ciphers.
-
-20130112
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2013/01/12 11:22:04
- [cipher.c]
- improve error message for integrity failure in AES-GCM modes; ok markus@
- - djm@cvs.openbsd.org 2013/01/12 11:23:53
- [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
- test AES-GCM modes; feedback markus@
- - (djm) [regress/integrity.sh] repair botched merge
-
-20130109
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/12/14 05:26:43
- [auth.c]
- use correct string in error message; from rustybsd at gmx.fr
- - djm@cvs.openbsd.org 2013/01/02 00:32:07
- [clientloop.c mux.c]
- channel_setup_local_fwd_listener() returns 0 on failure, not -ve
- bz#2055 reported by mathieu.lacage AT gmail.com
- - djm@cvs.openbsd.org 2013/01/02 00:33:49
- [PROTOCOL.agent]
- correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
- bz#2051 from david AT lechnology.com
- - djm@cvs.openbsd.org 2013/01/03 05:49:36
- [servconf.h]
- add a couple of ServerOptions members that should be copied to the privsep
- child (for consistency, in this case they happen only to be accessed in
- the monitor); ok dtucker@
- - djm@cvs.openbsd.org 2013/01/03 12:49:01
- [PROTOCOL]
- fix description of MAC calculation for EtM modes; ok markus@
- - djm@cvs.openbsd.org 2013/01/03 12:54:49
- [sftp-server.8 sftp-server.c]
- allow specification of an alternate start directory for sftp-server(8)
- "I like this" markus@
- - djm@cvs.openbsd.org 2013/01/03 23:22:58
- [ssh-keygen.c]
- allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
- ok markus@
- - jmc@cvs.openbsd.org 2013/01/04 19:26:38
- [sftp-server.8 sftp-server.c]
- sftp-server.8: add argument name to -d
- sftp-server.c: add -d to usage()
- ok djm
- - markus@cvs.openbsd.org 2013/01/08 18:49:04
- [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
- [myproposal.h packet.c ssh_config.5 sshd_config.5]
- support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
- ok and feedback djm@
- - djm@cvs.openbsd.org 2013/01/09 05:40:17
- [ssh-keygen.c]
- correctly initialise fingerprint type for fingerprinting PKCS#11 keys
- - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
- Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
- cipher compat code to openssl-compat.h
-
-20121217
- - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
- tests will work with VPATH directories.
-
-20121213
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2012/12/12 16:45:52
- [packet.c]
- reset incoming_packet buffer for each new packet in EtM-case, too;
- this happens if packets are parsed only parially (e.g. ignore
- messages sent when su/sudo turn off echo); noted by sthen/millert
- - naddy@cvs.openbsd.org 2012/12/12 16:46:10
- [cipher.c]
- use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
- counter mode code; ok djm@
- - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
- compat code for older OpenSSL
- - (djm) [cipher.c] Fix missing prototype for compat code
-
-20121212
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2012/12/11 22:16:21
- [monitor.c]
- drain the log messages after receiving the keystate from the unpriv
- child. otherwise it might block while sending. ok djm@
- - markus@cvs.openbsd.org 2012/12/11 22:31:18
- [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
- [packet.c ssh_config.5 sshd_config.5]
- add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
- that change the packet format and compute the MAC over the encrypted
- message (including the packet size) instead of the plaintext data;
- these EtM modes are considered more secure and used by default.
- feedback and ok djm@
- - sthen@cvs.openbsd.org 2012/12/11 22:51:45
- [mac.c]
- fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
- - markus@cvs.openbsd.org 2012/12/11 22:32:56
- [regress/try-ciphers.sh]
- add etm modes
- - markus@cvs.openbsd.org 2012/12/11 22:42:11
- [regress/Makefile regress/modpipe.c regress/integrity.sh]
- test the integrity of the packets; with djm@
- - markus@cvs.openbsd.org 2012/12/11 23:12:13
- [try-ciphers.sh]
- add hmac-ripemd160-etm@openssh.com
- - (djm) [mac.c] fix merge botch
- - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
- work on platforms without 'jot'
- - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
- - (djm) [regress/Makefile] fix t-exec rule
-
-20121207
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
- [regress/keys-command.sh]
- Fix some problems with the keys-command test:
- - use string comparison rather than numeric comparison
- - check for existing KEY_COMMAND file and don't clobber if it exists
- - clean up KEY_COMMAND file if we do create it.
- - check that KEY_COMMAND is executable (which it won't be if eg /var/run
- is mounted noexec).
- ok djm.
- - jmc@cvs.openbsd.org 2012/12/03 08:33:03
- [ssh-add.1 sshd_config.5]
- tweak previous;
- - markus@cvs.openbsd.org 2012/12/05 15:42:52
- [ssh-add.c]
- prevent double-free of comment; ok djm@
- - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
- [serverloop.c]
- Cast signal to int for logging. A no-op on openbsd (they're always ints)
- but will prevent warnings in portable. ok djm@
-
-20121205
- - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
-
-20121203
- - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
- TAILQ_FOREACH_SAFE needed for upcoming changes.
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2012/12/02 20:26:11
- [ssh_config.5 sshconnect2.c]
- Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
- This allows control of which keys are offered from tokens using
- IdentityFile. ok markus@
- - djm@cvs.openbsd.org 2012/12/02 20:42:15
- [ssh-add.1 ssh-add.c]
- make deleting explicit keys "ssh-add -d" symmetric with adding keys -
- try to delete the corresponding certificate too and respect the -k option
- to allow deleting of the key only; feedback and ok markus@
- - djm@cvs.openbsd.org 2012/12/02 20:46:11
- [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
- [sshd_config.5]
- make AllowTcpForwarding accept "local" and "remote" in addition to its
- current "yes"/"no" to allow the server to specify whether just local or
- remote TCP forwarding is enabled. ok markus@
- - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
- [regress/cipher-speed.sh regress/try-ciphers.sh]
- Add umac-128@openssh.com to the list of MACs to be tested
- - djm@cvs.openbsd.org 2012/10/19 05:10:42
- [regress/cert-userkey.sh]
- include a serial number when generating certs
- - djm@cvs.openbsd.org 2012/11/22 22:49:30
- [regress/Makefile regress/keys-command.sh]
- regress for AuthorizedKeysCommand; hints from markus@
- - djm@cvs.openbsd.org 2012/12/02 20:47:48
- [Makefile regress/forward-control.sh]
- regress for AllowTcpForwarding local/remote; ok markus@
- - djm@cvs.openbsd.org 2012/12/03 00:14:06
- [auth2-chall.c ssh-keygen.c]
- Fix compilation with -Wall -Werror (trivial type fixes)
- - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
- debugging. ok dtucker@
- - (djm) [configure.ac] Revert previous. configure.ac already does this
- for us.
-
-20121114
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2012/11/14 02:24:27
- [auth2-pubkey.c]
- fix username passed to helper program
- prepare stdio fds before closefrom()
- spotted by landry@
- - djm@cvs.openbsd.org 2012/11/14 02:32:15
- [ssh-keygen.c]
- allow the full range of unsigned serial numbers; 'fine' deraadt@
- - djm@cvs.openbsd.org 2012/12/02 20:34:10
- [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
- [monitor.c monitor.h]
- Fixes logging of partial authentication when privsep is enabled
- Previously, we recorded "Failed xxx" since we reset authenticated before
- calling auth_log() in auth2.c. This adds an explcit "Partial" state.
-
- Add a "submethod" to auth_log() to report which submethod is used
- for keyboard-interactive.
-
- Fix multiple authentication when one of the methods is
- keyboard-interactive.
-
- ok markus@
- - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
- [regress/multiplex.sh]
- Use 'kill -0' to test for the presence of a pid since it's more portable
-
-20121107
- - (djm) OpenBSD CVS Sync
- - eric@cvs.openbsd.org 2011/11/28 08:46:27
- [moduli.5]
- fix formula
- ok djm@
- - jmc@cvs.openbsd.org 2012/09/26 17:34:38
- [moduli.5]
- last stage of rfc changes, using consistent Rs/Re blocks, and moving the
- references into a STANDARDS section;
-
-20121105
- - (dtucker) [uidswap.c openbsd-compat/Makefile.in
- openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
- openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
- and gids from uidswap.c to the compat library, which allows it to work with
- the new setresuid calls in auth2-pubkey. with tim@, ok djm@
- - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
- don't have it. Spotted by tim@.
-
-20121104
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2012/10/31 08:04:50
- [sshd_config.5]
- tweak previous;
- - djm@cvs.openbsd.org 2012/11/04 10:38:43
- [auth2-pubkey.c sshd.c sshd_config.5]
- Remove default of AuthorizedCommandUser. Administrators are now expected
- to explicitly specify a user. feedback and ok markus@
- - djm@cvs.openbsd.org 2012/11/04 11:09:15
- [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
- [sshd_config.5]
- Support multiple required authentication via an AuthenticationMethods
- option. This option lists one or more comma-separated lists of
- authentication method names. Successful completion of all the methods in
- any list is required for authentication to complete;
- feedback and ok markus@
-
-20121030
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2012/10/05 12:34:39
- [sftp.c]
- fix signed vs unsigned warning; feedback & ok: djm@
- - djm@cvs.openbsd.org 2012/10/30 21:29:55
- [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
- [sshd.c sshd_config sshd_config.5]
- new sshd_config option AuthorizedKeysCommand to support fetching
- authorized_keys from a command in addition to (or instead of) from
- the filesystem. The command is run as the target server user unless
- another specified via a new AuthorizedKeysCommandUser option.
-
- patch originally by jchadima AT redhat.com, reworked by me; feedback
+ fix compile with clang
+
+commit 4df590cf8dc799e8986268d62019b487a8ed63ad
+Author: Damien Miller <djm@google.com>
+Date: Wed Mar 11 10:02:39 2015 +1100
+
+ make unit tests work for !OPENSSH_HAS_ECC
+
+commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Mar 7 04:41:48 2015 +0000
+
+ upstream commit
+
+ unbreak for w/SSH1 (default) case; ok markus@ deraadt@
+
+commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Mar 5 18:39:20 2015 -0800
+
+ unbreak hostkeys test for w/ SSH1 case
+
+commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 6 01:40:56 2015 +0000
+
+ upstream commit
+
+ fix sshkey_certify() return value for unsupported key types;
+ ok markus@ deraadt@
+
+commit be8f658e550a434eac04256bfbc4289457a24e99
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 4 15:38:03 2015 -0800
+
+ update version numbers to match version.h
+
+commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 4 23:22:35 2015 +0000
+
+ upstream commit
+
+ make these work with !SSH1; ok markus@ deraadt@
+
+commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 4 21:12:59 2015 +0000
+
+ upstream commit
+
+ make ssh-add -D work with !SSH1 agent
+
+commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 4 00:55:48 2015 -0800
+
+ netcat needs poll.h portability goop
+
+commit dad2b1892b4c1b7e58df483a8c5b983c4454e099
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Tue Mar 3 22:35:19 2015 +0000
+
+ upstream commit
+
+ make it possible to run tests w/o ssh1 support; ok djm@
+
+commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 4 18:53:53 2015 +0000
+
+ upstream commit
+
+ crank; ok markus, deraadt
+
+commit bbffb23daa0b002dd9f296e396a9ab8a5866b339
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 3 13:50:27 2015 -0800
+
+ more --without-ssh1 fixes
+
+commit 6c2039286f503e2012a58a1d109e389016e7a99b
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 3 13:48:48 2015 -0800
+
+ fix merge both that broke --without-ssh1 compile
+
+commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Mar 3 21:21:13 2015 +0000
+
+ upstream commit
+
+ add SSH1 Makefile knob to make it easier to build without
+ SSH1 support; ok markus@
+
+commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Mar 3 20:42:49 2015 +0000
+
+ upstream commit
+
+ expand __unused to full __attribute__ for better portability
+
+commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 4 07:41:27 2015 +1100
+
+ avoid warning
+
+commit d1bc844322461f882b4fd2277ba9a8d4966573d2
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 4 06:31:45 2015 +1100
+
+ Revert "define __unused to nothing if not already defined"
+
+ This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
+
+ Some system headers have objects named __unused
+
+commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 4 05:02:45 2015 +1100
+
+ check for crypt and DES_crypt in openssl block
+
+ fixes builds on systems that use DES_crypt; based on patch
+ from Roumen Petrov
+
+commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 4 04:59:13 2015 +1100
+
+ define __unused to nothing if not already defined
+
+ fixes builds on BSD/OS
+
+commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Mar 3 17:53:40 2015 +0000
+
+ upstream commit
+
+ reorder logic for better portability; patch from Roumen
+ Petrov
+
+commit 68d2dfc464fbcdf8d6387884260f9801f4352393
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Mar 3 06:48:58 2015 +0000
+
+ upstream commit
+
+ Allow "ssh -Q protocol-version" to list supported SSH
+ protocol versions. Useful for detecting builds without SSH v.1 support; idea
and ok markus@
-20121019
- - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
- the generated file as intended.
-
-20121005
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2012/09/17 09:54:44
- [sftp.c]
- an XXX for later
- - markus@cvs.openbsd.org 2012/09/17 13:04:11
- [packet.c]
- clear old keys on rekeing; ok djm
- - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
- [sftp.c]
- Add bounds check on sftp tab-completion. Part of a patch from from
- Jean-Marc Robert via tech@, ok djm
- - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
- [sftp.c]
- Fix improper handling of absolute paths when PWD is part of the completed
- path. Patch from Jean-Marc Robert via tech@, ok djm.
- - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
- [sftp.c]
- Fix handling of filenames containing escaped globbing characters and
- escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
- - jmc@cvs.openbsd.org 2012/09/26 16:12:13
- [ssh.1]
- last stage of rfc changes, using consistent Rs/Re blocks, and moving the
- references into a STANDARDS section;
- - naddy@cvs.openbsd.org 2012/10/01 13:59:51
- [monitor_wrap.c]
- pasto; ok djm@
- - djm@cvs.openbsd.org 2012/10/02 07:07:45
- [ssh-keygen.c]
- fix -z option, broken in revision 1.215
- - markus@cvs.openbsd.org 2012/10/04 13:21:50
- [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
- add umac128 variant; ok djm@ at n2k12
- - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
- [regress/try-ciphers.sh]
- Restore missing space. (Id sync only).
- - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
- [regress/multiplex.sh]
- Add test for ssh -Ostop
- - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
- [regress/multiplex.sh]
- Log -O cmd output to the log file and make logging consistent with the
- other tests. Test clean shutdown of an existing channel when testing
- "stop".
- - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
- [regress/multiplex.sh]
- use -Ocheck and waiting for completions by PID to make multiplexing test
- less racy and (hopefully) more reliable on slow hardware.
- - [Makefile umac.c] Add special-case target to build umac128.o.
- - [umac.c] Enforce allowed umac output sizes. From djm@.
- - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
-
-20120917
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
- [servconf.c]
- Fix comment line length
- - markus@cvs.openbsd.org 2012/09/14 16:51:34
- [sshconnect.c]
- remove unused variable
-
-20120907
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
- [clientloop.c]
- Make the escape command help (~?) context sensitive so that only commands
- that will work in the current session are shown. ok markus@
- - jmc@cvs.openbsd.org 2012/09/06 13:57:42
- [ssh.1]
- missing letter in previous;
- - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
- [clientloop.c]
- Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
- - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
- [clientloop.c]
- Merge escape help text for ~v and ~V; ok djm@
- - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
- [clientloop.c]
- when muxmaster is run with -N, make it shut down gracefully when a client
- sends it "-O stop" rather than hanging around (bz#1985). ok djm@
-
-20120906
- - (dtucker) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2012/08/15 18:25:50
- [ssh-keygen.1]
- a little more info on certificate validity;
- requested by Ross L Richardson, and provided by djm
- - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
- [clientloop.c clientloop.h mux.c]
- Force a clean shutdown of ControlMaster client sessions when the ~. escape
- sequence is used. This means that ~. should now work in mux clients even
- if the server is no longer responding. Found by tedu, ok djm.
- - djm@cvs.openbsd.org 2012/08/17 01:22:56
- [kex.c]
- add some comments about better handling first-KEX-follows notifications
- from the server. Nothing uses these right now. No binary change
- - djm@cvs.openbsd.org 2012/08/17 01:25:58
- [ssh-keygen.c]
- print details of which host lines were deleted when using
- "ssh-keygen -R host"; ok markus@
- - djm@cvs.openbsd.org 2012/08/17 01:30:00
- [compat.c sshconnect.c]
- Send client banner immediately, rather than waiting for the server to
- move first for SSH protocol 2 connections (the default). Patch based on
- one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
- - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
- [clientloop.c log.c ssh.1 log.h]
- Add ~v and ~V escape sequences to raise and lower the logging level
- respectively. Man page help from jmc, ok deraadt jmc
-
-20120830
- - (dtucker) [moduli] Import new moduli file.
-
-20120828
- - (djm) Release openssh-6.1
-
-20120828
- - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
- for compatibility with future mingw-w64 headers. Patch from vinschen at
- redhat com.
-
-20120822
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update version numbers
-
-20120731
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2012/07/06 06:38:03
- [ssh-keygen.c]
- missing full stop in usage();
- - djm@cvs.openbsd.org 2012/07/10 02:19:15
- [servconf.c servconf.h sshd.c sshd_config]
- Turn on systrace sandboxing of pre-auth sshd by default for new installs
- by shipping a config that overrides the current UsePrivilegeSeparation=yes
- default. Make it easier to flip the default in the future by adding too.
- prodded markus@ feedback dtucker@ "get it in" deraadt@
- - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
- [servconf.c]
- handle long comments in config files better. bz#2025, ok markus
- - markus@cvs.openbsd.org 2012/07/22 18:19:21
- [version.h]
- openssh 6.1
-
-20120720
- - (dtucker) Import regened moduli file.
-
-20120706
- - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
- not available. Allows use of sshd compiled on host with a filter-capable
- kernel on hosts that lack the support. bz#2011 ok dtucker@
- - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
- unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
- esperi.org.uk; ok dtucker@
-- (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
- [moduli.c ssh-keygen.1 ssh-keygen.c]
- Add options to specify starting line number and number of lines to process
- when screening moduli candidates. This allows processing of different
- parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
- - djm@cvs.openbsd.org 2012/07/06 01:37:21
- [mux.c]
- fix memory leak of passed-in environment variables and connection
- context when new session message is malformed; bz#2003 from Bert.Wesarg
- AT googlemail.com
- - djm@cvs.openbsd.org 2012/07/06 01:47:38
- [ssh.c]
- move setting of tty_flag to after config parsing so RequestTTY options
- are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
- ok dtucker@
+commit 39e2f1229562e1195169905607bc12290d21f021
+Author: millert@openbsd.org <millert@openbsd.org>
+Date: Sun Mar 1 15:44:40 2015 +0000
-20120704
- - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
- platforms that don't have it. "looks good" tim@
-
-20120703
- - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
- setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
- - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
- setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
- benefit is minor, so it's not worth disabling the sandbox if it doesn't
- work.
-
-20120702
-- (dtucker) OpenBSD CVS Sync
- - naddy@cvs.openbsd.org 2012/06/29 13:57:25
- [ssh_config.5 sshd_config.5]
- match the documented MAC order of preference to the actual one;
- ok dtucker@
- - markus@cvs.openbsd.org 2012/06/30 14:35:09
- [sandbox-systrace.c sshd.c]
- fix a during the load of the sandbox policies (child can still make
- the read-syscall and wait forever for systrace-answers) by replacing
- the read/write synchronisation with SIGSTOP/SIGCONT;
- report and help hshoexer@; ok djm@, dtucker@
- - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
- [ssh.c]
- set interactive ToS for forwarded X11 sessions. ok djm@
- - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
- [ssh-pkcs11-helper.c sftp-client.c]
- fix a couple of "assigned but not used" warnings. ok markus@
- - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
- [regress/connect-privsep.sh]
- remove exit from end of test since it prevents reporting failure
- - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
- Move cygwin detection to test-exec and use to skip reexec test on cygwin.
- - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
-
-20120629
- - OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
- [addrmatch.c]
- fix strlcpy truncation check. from carsten at debian org, ok markus
- - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
- [monitor.c sshconnect2.c]
- remove dead code following 'for (;;)' loops.
- From Steve.McClellan at radisys com, ok markus@
- - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
- [sftp.c]
- Remove unused variable leftover from tab-completion changes.
- From Steve.McClellan at radisys com, ok markus@
- - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
- [sandbox-systrace.c]
- Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
- sandbox" since malloc now uses it. From johnw.mail at gmail com.
- - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
- [mac.c myproposal.h ssh_config.5 sshd_config.5]
- Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
- from draft6 of the spec and will not be in the RFC when published. Patch
- from mdb at juniper net via bz#2023, ok markus.
- - naddy@cvs.openbsd.org 2012/06/29 13:57:25
- [ssh_config.5 sshd_config.5]
- match the documented MAC order of preference to the actual one; ok dtucker@
- - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
- [regress/addrmatch.sh]
- Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
- to match. Feedback and ok djm@ markus@.
- - djm@cvs.openbsd.org 2012/06/01 00:47:35
- [regress/multiplex.sh regress/forwarding.sh]
- append to rather than truncate test log; bz#2013 from openssh AT
- roumenpetrov.info
- - djm@cvs.openbsd.org 2012/06/01 00:52:52
- [regress/sftp-cmds.sh]
- don't delete .* on cleanup due to unintended env expansion; pointed out in
- bz#2014 by openssh AT roumenpetrov.info
- - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
- [regress/connect-privsep.sh]
- test sandbox with every malloc option
- - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
- [regress/try-ciphers.sh regress/cipher-speed.sh]
- Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
- from draft6 of the spec and will not be in the RFC when published. Patch
- from mdb at juniper net via bz#2023, ok markus.
- - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
- - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
- the required functions in libcrypto.
-
-20120628
- - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
- pointer deref in the client when built with LDNS and using DNSSEC with a
- CNAME. Patch from gregdlg+mr at hochet info.
-
-20120622
- - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
- can logon as a service. Patch from vinschen at redhat com.
-
-20120620
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2011/12/02 00:41:56
- [mux.c]
- fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ upstream commit
+
+ Make sure we only call getnameinfo() for AF_INET or AF_INET6
+ sockets. getpeername() of a Unix domain socket may return without error on
+ some systems without actually setting ss_family so getnameinfo() was getting
+ called with ss_family set to AF_UNSPEC. OK djm@
+
+commit e47536ba9692d271b8ad89078abdecf0a1c11707
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Feb 28 08:20:11 2015 -0800
+
+ portability fixes for regress/netcat.c
+
+ Mostly avoiding "err(1, NULL)"
+
+commit 02973ad5f6f49d8420e50a392331432b0396c100
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Feb 28 08:05:27 2015 -0800
+
+ twiddle another test for portability
+
+ from Tom G. Christensen
+
+commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 27 15:52:49 2015 -0800
+
+ twiddle test for portability
+
+commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 26 20:33:22 2015 -0800
+
+ make regress/netcat.c fd passing (more) portable
+
+commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 26 20:32:58 2015 -0800
+
+ create OBJ/valgrind-out before running unittests
+
+commit bd58853102cee739f0e115e6d4b5334332ab1442
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Feb 25 16:58:22 2015 -0800
+
+ valgrind support
+
+commit f43d17269194761eded9e89f17456332f4c83824
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Feb 26 20:45:47 2015 +0000
+
+ upstream commit
+
+ don't printf NULL key comments; reported by Tom Christensen
+
+commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Feb 25 23:05:47 2015 +0000
+
+ upstream commit
+
+ zero cmsgbuf before use; we initialise the bits we use
+ but valgrind still spams warning on it
+
+commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Feb 25 19:54:02 2015 +0000
+
+ upstream commit
+
+ fix small memory leak when UpdateHostkeys=no
+
+commit e6b950341dd75baa8526f1862bca39e52f5b879b
+Author: Tim Rice <tim@multitalents.net>
+Date: Wed Feb 25 09:56:48 2015 -0800
+
+ Revert "Work around finicky USL linker so netcat will build."
+
+ This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
+
+ No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
+
+commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Feb 25 17:29:38 2015 +0000
+
+ upstream commit
+
+ don't leak validity of user in "too many authentication
+ failures" disconnect message; reported by Sebastian Reitenbach
+
+commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Tue Feb 24 15:24:05 2015 +0000
+
+ upstream commit
+
+ add -v (show ASCII art) to -l's synopsis; ok djm@
+
+commit 678e473e2af2e4802f24dd913985864d9ead7fb3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Feb 26 04:12:58 2015 +1100
+
+ Remove dependency on xmalloc.
+
+ Remove ssh_get_progname's dependency on xmalloc, which should reduce
+ link order problems. ok djm@
+
+commit 5d5ec165c5b614b03678afdad881f10e25832e46
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Feb 25 15:32:49 2015 +1100
+
+ Restrict ECDSA and ECDH tests.
+
+ ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
+ that does not have eliptic curve functionality.
+
+commit 1734e276d99b17e92d4233fac7aef3a3180aaca7
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Feb 25 13:40:45 2015 +1100
+
+ Move definition of _NSIG.
+
+ _NSIG is only unsed in one file, so move it there prevent redefinition
+ warnings reported by Kevin Brott.
+
+commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Feb 25 13:17:40 2015 +1100
+
+ Add includes.h for compatibility stuff.
+
+commit 38806bda6d2e48ad32812b461eebe17672ada771
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 24 16:50:06 2015 -0800
+
+ include netdb.h to look for MAXHOSTNAMELEN; ok tim
+
+commit d1db656021d0cd8c001a6692f772f1de29b67c8b
+Author: Tim Rice <tim@multitalents.net>
+Date: Tue Feb 24 10:42:08 2015 -0800
+
+ Work around finicky USL linker so netcat will build.
+
+commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 24 09:23:04 2015 -0800
+
+ include includes.h to avoid build failure on AIX
+
+commit 13af342458f5064144abbb07e5ac9bbd4eb42567
+Author: Tim Rice <tim@multitalents.net>
+Date: Tue Feb 24 07:56:47 2015 -0800
+
+ Original portability patch from djm@ for platforms missing err.h.
+ Fix name space clash on Solaris 10. Still more to do for Solaris 10
+ to deal with msghdr structure differences. ok djm@
+
+commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2
+Author: Tim Rice <tim@multitalents.net>
+Date: Mon Feb 23 22:06:56 2015 -0800
+
+ cleaner way fix dispatch.h portion of commit
+ a88dd1da119052870bb2654c1a32c51971eade16
+ (some systems have sig_atomic_t in signal.h, some in sys/signal.h)
+ Sounds good to me djm@
+
+commit 676c38d7cbe65b76bbfff796861bb6615cc6a596
+Author: Tim Rice <tim@multitalents.net>
+Date: Mon Feb 23 21:51:33 2015 -0800
+
+ portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255
+
+commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6
+Author: Tim Rice <tim@multitalents.net>
+Date: Mon Feb 23 21:50:34 2015 -0800
+
+ portablity fix: s/__inline__/inline/
+
+commit 4c356308a88d309c796325bb75dce90ca16591d5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Feb 24 13:49:31 2015 +1100
+
+ Wrap stdint.h includes in HAVE_STDINT_H.
+
+commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Feb 24 13:43:57 2015 +1100
+
+ Add AI_NUMERICSERV to fake-rfc2553.
+
+ Our getaddrinfo implementation always returns numeric values already.
+
+commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Feb 24 13:39:57 2015 +1100
+
+ Include OpenSSL's objects.h before bn.h.
+
+ Prevents compile errors on some platforms (at least old GCCs and AIX's
+ XLC compilers).
+
+commit dcc8997d116f615195aa7c9ec019fb36c28c6228
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Feb 24 12:30:59 2015 +1100
+
+ Convert two macros into functions.
+
+ Convert packet_send_debug and packet_disconnect from macros to
+ functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
+ variadic macros with only one argument so we convert these two into
+ functions. ok djm@
+
+commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 23 22:21:21 2015 +0000
+
+ upstream commit
+
+ further silence spurious error message even when -v is
+ specified (e.g. to get visual host keys); reported by naddy@
+
+commit 9af21979c00652029e160295e988dea40758ece2
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 24 09:04:32 2015 +1100
+
+ don't include stdint.h unless HAVE_STDINT_H set
+
+commit 62f678dd51660d6f8aee1da33d3222c5de10a89e
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 24 09:02:54 2015 +1100
+
+ nother sys/queue.h -> sys-queue.h fix
+
+ spotted by Tom Christensen
+
+commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 23 20:32:15 2015 +0000
+
+ upstream commit
+
+ fix a race condition by using a mux socket rather than an
+ ineffectual wait statement
+
+commit a88dd1da119052870bb2654c1a32c51971eade16
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 24 06:30:29 2015 +1100
+
+ various include fixes for portable
+
+commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 23 16:55:51 2015 +0000
+
+ upstream commit
+
+ add an XXX to remind me to improve sshkey_load_public
+
+commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 23 16:55:31 2015 +0000
+
+ upstream commit
+
+ silence a spurious error message when listing
+ fingerprints for known_hosts; bz#2342
+
+commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 23 16:33:25 2015 +0000
+
+ upstream commit
+
+ fix setting/clearing of TTY raw mode around
+ UpdateHostKeys=ask confirmation question; reported by Herb Goldman
+
+commit f2004cd1adf34492eae0a44b1ef84e0e31b06088
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Feb 23 05:04:21 2015 +1100
+
+ Repair for non-ECC OpenSSL.
+
+ Ifdef out the ECC parts when building with an OpenSSL that doesn't have
+ it.
+
+commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Feb 23 03:07:24 2015 +1100
+
+ Wrap stdint.h includes in ifdefs.
+
+commit f81f1bbc5b892c8614ea740b1f92735652eb43f0
+Author: Tim Rice <tim@multitalents.net>
+Date: Sat Feb 21 18:12:10 2015 -0800
+
+ out of tree build fix
+
+commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae
+Author: Tim Rice <tim@multitalents.net>
+Date: Sat Feb 21 18:08:51 2015 -0800
+
+ mkdir kex unit test directory so testing out of tree builds works
+
+commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
+Author: halex@openbsd.org <halex@openbsd.org>
+Date: Sat Feb 21 21:46:57 2015 +0000
+
+ upstream commit
+
+ make "ssh-add -d" properly remove a corresponding
+ certificate, and also not whine and fail if there is none
+
+ ok djm@
+
+commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Feb 22 07:57:27 2015 +1100
+
+ mkdir hostkey and bitmap unit test directories
+
+commit bd49da2ef197efac5e38f5399263a8b47990c538
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 20 23:46:01 2015 +0000
+
+ upstream commit
+
+ sort options useable under Match case-insensitively; prodded
+ jmc@
+
+commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Feb 21 20:51:02 2015 +0000
+
+ upstream commit
+
+ correct paths to configuration files being written/updated;
+ they live in $OBJ not cwd; some by Roumen Petrov
+
+commit 28ba006c1acddff992ae946d0bc0b500b531ba6b
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Feb 21 15:41:07 2015 +1100
+
+ More correct checking of HAVE_DECL_AI_NUMERICSERV.
+
+commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Feb 21 15:10:33 2015 +1100
+
+ Add null declaration of AI_NUMERICINFO.
+
+ Some platforms (older FreeBSD and DragonFly versions) do have
+ getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
+ in those cases.
+
+commit 18a208d6a460d707a45916db63a571e805f5db46
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 20 22:40:32 2015 +0000
+
+ upstream commit
+
+ more options that are available under Match; bz#2353 reported
+ by calestyo AT scientia.net
+
+commit 44732de06884238049f285f1455b2181baa7dc82
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 20 22:17:21 2015 +0000
+
+ upstream commit
+
+ UpdateHostKeys fixes:
+
+ I accidentally changed the format of the hostkeys@openssh.com messages
+ last week without changing the extension name, and this has been causing
+ connection failures for people who are running -current. First reported
+ by sthen@
+
+ s/hostkeys@openssh.com/hostkeys-00@openssh.com/
+ Change the name of the proof message too, and reorder it a little.
+
+ Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
+ available to read the response) so disable UpdateHostKeys if it is in
+ ask mode and ControlPersist is active (and document this)
+
+commit 13a39414d25646f93e6d355521d832a03aaaffe2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Feb 17 00:14:05 2015 +0000
+
+ upstream commit
+
+ Regression: I broke logging of public key fingerprints in
+ 1.46. Pointed out by Pontus Lundkvist
+
+commit 773dda25e828c4c9a52f7bdce6e1e5924157beab
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 30 23:10:17 2015 +1100
+
+ repair --without-openssl; broken in refactor
+
+commit e89c780886b23600de1e1c8d74aabd1ff61f43f0
+Author: Damien Miller <djm@google.com>
+Date: Tue Feb 17 10:04:55 2015 +1100
+
+ hook up hostkeys unittest to portable Makefiles
+
+commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 16 22:21:03 2015 +0000
+
+ upstream commit
+
+ enable hostkeys unit tests
+
+commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 16 22:20:50 2015 +0000
+
+ upstream commit
+
+ check string/memory compare arguments aren't NULL
+
+commit ef575ef20d09f20722e26b45dab80b3620469687
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 16 22:18:34 2015 +0000
+
+ upstream commit
+
+ unit tests for hostfile.c code, just hostkeys_foreach so
+ far
+
+commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Sat Feb 14 12:43:16 2015 +0000
+
+ upstream commit
+
+ test server rekey limit
+
+commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 16 22:30:03 2015 +0000
+
+ upstream commit
+
+ partial backout of:
+
+ revision 1.441
+ date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
+ : x8klYPZMJSrVlt3O;
+ Let sshd load public host keys even when private keys are missing.
+ Allows sshd to advertise additional keys for future key rotation.
+ Also log fingerprint of hostkeys loaded; ok markus@
+
+ hostkey updates now require access to the private key, so we can't
+ load public keys only. The improved log messages (fingerprints of keys
+ loaded) are kept.
+
+commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 16 22:13:32 2015 +0000
+
+ upstream commit
+
+ Revise hostkeys@openssh.com hostkey learning extension.
+
+ The client will not ask the server to prove ownership of the private
+ halves of any hitherto-unseen hostkeys it offers to the client.
+
+ Allow UpdateHostKeys option to take an 'ask' argument to let the
+ user manually review keys offered.
+
+ ok markus@
+
+commit 6c5c949782d86a6e7d58006599c7685bfcd01685
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 16 22:08:57 2015 +0000
+
+ upstream commit
+
+ Refactor hostkeys_foreach() and dependent code Deal with
+ IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
+ changed ok markus@ as part of larger commit
+
+commit 51b082ccbe633dc970df1d1f4c9c0497115fe721
+Author: miod@openbsd.org <miod@openbsd.org>
+Date: Mon Feb 16 18:26:26 2015 +0000
+
+ upstream commit
+
+ Declare ge25519_base as extern, to prevent it from
+ becoming a common. Gets us rid of ``lignment 4 of symbol
+ `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
+ mod_ed25519.o'' warnings at link time.
+
+commit 02db468bf7e3281a8e3c058ced571b38b6407c34
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Fri Feb 13 18:57:00 2015 +0000
+
+ upstream commit
+
+ make rekey_limit for sshd w/privsep work; ok djm@
+ dtucker@
+
+commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Feb 12 20:34:19 2015 +0000
+
+ upstream commit
+
+ Prevent sshd spamming syslog with
+ "ssh_dispatch_run_fatal: disconnected". ok markus@
+
+commit d4c0295d1afc342057ba358237acad6be8af480b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Feb 11 01:20:38 2015 +0000
+
+ upstream commit
+
+ Some packet error messages show the address of the peer,
+ but might be generated after the socket to the peer has suffered a TCP reset.
+ In these cases, getpeername() won't work so cache the address earlier.
+
+ spotted in the wild via deraadt@ and tedu@
+
+commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d
+Author: jsg@openbsd.org <jsg@openbsd.org>
+Date: Mon Feb 9 23:22:37 2015 +0000
+
+ upstream commit
+
+ fix some leaks in error paths ok markus@
+
+commit fd36834871d06a03e1ff8d69e41992efa1bbf85f
+Author: millert@openbsd.org <millert@openbsd.org>
+Date: Fri Feb 6 23:21:59 2015 +0000
+
+ upstream commit
+
+ SIZE_MAX is standard, we should be using it in preference to
+ the obsolete SIZE_T_MAX. OK miod@ beck@
+
+commit 1910a286d7771eab84c0b047f31c0a17505236fa
+Author: millert@openbsd.org <millert@openbsd.org>
+Date: Thu Feb 5 12:59:57 2015 +0000
+
+ upstream commit
+
+ Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
+
+commit ce4f59b2405845584f45e0b3214760eb0008c06c
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Tue Feb 3 08:07:20 2015 +0000
+
+ upstream commit
+
+ missing ; djm and mlarkin really having great
+ interactions recently
+
+commit 5d34aa94938abb12b877a25be51862757f25d54b
+Author: halex@openbsd.org <halex@openbsd.org>
+Date: Tue Feb 3 00:34:14 2015 +0000
+
+ upstream commit
+
+ slightly extend the passphrase prompt if running with -c
+ in order to give the user a chance to notice if unintentionally running
+ without it
+
+ wording tweak and ok djm@
+
+commit cb3bde373e80902c7d5d0db429f85068d19b2918
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 2 22:48:53 2015 +0000
+
+ upstream commit
+
+ handle PKCS#11 C_Login returning
+ CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
+
+commit 15ad750e5ec3cc69765b7eba1ce90060e7083399
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 2 07:41:40 2015 +0000
+
+ upstream commit
+
+ turn UpdateHostkeys off by default until I figure out
+ mlarkin@'s warning message; requested by deraadt@
+
+commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Mon Feb 2 01:57:44 2015 +0000
+
+ upstream commit
+
+ increasing encounters with difficult DNS setups in
+ darknets has convinced me UseDNS off by default is better ok djm
+
+commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Jan 31 20:30:05 2015 +0000
+
+ upstream commit
+
+ Let sshd load public host keys even when private keys are
+ missing. Allows sshd to advertise additional keys for future key rotation.
+ Also log fingerprint of hostkeys loaded; ok markus@
+
+commit 46347ed5968f582661e8a70a45f448e0179ca0ab
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 11:43:14 2015 +0000
+
+ upstream commit
+
+ Add a ssh_config HostbasedKeyType option to control which
+ host public key types are tried during hostbased authentication.
+
+ This may be used to prevent too many keys being sent to the server,
+ and blowing past its MaxAuthTries limit.
+
+ bz#2211 based on patch by Iain Morgan; ok markus@
+
+commit 802660cb70453fa4d230cb0233bc1bbdf8328de1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 10:44:49 2015 +0000
+
+ upstream commit
+
+ set a timeout to prevent hangs when talking to busted
+ servers; ok markus@
+
+commit 86936ec245a15c7abe71a0722610998b0a28b194
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 01:11:39 2015 +0000
+
+ upstream commit
+
+ regression test for 'wildcard CA' serial/key ID revocations
+
+commit 4509b5d4a4fa645a022635bfa7e86d09b285001f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 01:13:33 2015 +0000
+
+ upstream commit
+
+ avoid more fatal/exit in the packet.c paths that
+ ssh-keyscan uses; feedback and "looks good" markus@
+
+commit 669aee994348468af8b4b2ebd29b602cf2860b22
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 01:10:33 2015 +0000
+
+ upstream commit
+
+ permit KRLs that revoke certificates by serial number or
+ key ID without scoping to a particular CA; ok markus@
+
+commit 7a2c368477e26575d0866247d3313da4256cb2b5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 00:59:19 2015 +0000
+
+ upstream commit
+
+ missing parentheses after if in do_convert_from() broke
+ private key conversion from other formats some time in 2010; bz#2345 reported
+ by jjelen AT redhat.com
+
+commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 30 00:22:25 2015 +0000
+
+ upstream commit
+
+ fix ssh protocol 1, spotted by miod@
+
+commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 28 22:36:00 2015 +0000
+
+ upstream commit
+
+ update to new API (key_fingerprint => sshkey_fingerprint)
+ check sshkey_fingerprint return values; ok markus
+
+commit 9125525c37bf73ad3ee4025520889d2ce9d10f29
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 28 22:05:31 2015 +0000
+
+ upstream commit
+
+ avoid fatal() calls in packet code makes ssh-keyscan more
+ reliable against server failures ok dtucker@ markus@
+
+commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 28 21:15:47 2015 +0000
+
+ upstream commit
+
+ avoid fatal() calls in packet code makes ssh-keyscan more
+ reliable against server failures ok dtucker@ markus@
+
+commit 1a3d14f6b44a494037c7deab485abe6496bf2c60
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 28 11:07:25 2015 +0000
+
+ upstream commit
+
+ remove obsolete comment
+
+commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639
+Author: okan@openbsd.org <okan@openbsd.org>
+Date: Tue Jan 27 12:54:06 2015 +0000
+
+ upstream commit
+
+ Since r1.2 removed the use of PRI* macros, inttypes.h is
+ no longer required.
+
+ ok djm@
+
+commit 69ff64f69615c2a21c97cb5878a0996c21423257
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 27 23:07:43 2015 +1100
+
+ compile on systems without TCP_MD5SIG (e.g. OSX)
+
+commit 358964f3082fb90b2ae15bcab07b6105cfad5a43
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 27 23:07:25 2015 +1100
+
+ use ssh-keygen under test rather than system's
+
+commit a2c95c1bf33ea53038324d1fdd774bc953f98236
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 27 23:06:59 2015 +1100
+
+ OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX
+
+commit ade31d7b6f608a19b85bee29a7a00b1e636a2919
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 27 23:06:23 2015 +1100
+
+ these need active_state defined to link on OSX
+
+ temporary measure until active_state goes away entirely
+
+commit e56aa87502f22c5844918c10190e8b4f785f067b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 27 12:01:36 2015 +0000
+
+ upstream commit
+
+ use printf instead of echo -n to reduce diff against
+ -portable
+
+commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Mon Jan 26 13:55:29 2015 +0000
+
+ upstream commit
+
+ sort previous;
+
+commit 3076ee7d530d5b16842fac7a6229706c7e5acd26
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 13:36:53 2015 +0000
+
+ upstream commit
+
+ properly restore umask
+
+commit d411d395556b73ba1b9e451516a0bd6697c4b03d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 06:12:18 2015 +0000
+
+ upstream commit
+
+ regression test for host key rotation
+
+commit fe8a3a51699afbc6407a8fae59b73349d01e49f8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 06:11:28 2015 +0000
+
+ upstream commit
+
+ adapt to sshkey API tweaks
+
+commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434
+Author: miod@openbsd.org <miod@openbsd.org>
+Date: Sat Jan 24 10:39:21 2015 +0000
+
+ upstream commit
+
+ Move -lz late in the linker commandline for things to
+ build on static arches.
+
+commit 0dad3b806fddb93c475b30853b9be1a25d673a33
+Author: miod@openbsd.org <miod@openbsd.org>
+Date: Fri Jan 23 21:21:23 2015 +0000
+
+ upstream commit
+
+ -Wpointer-sign is supported by gcc 4 only.
+
+commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 20 22:58:57 2015 +0000
+
+ upstream commit
+
+ use SUBDIR to recuse into unit tests; makes "make obj"
+ actually work
+
+commit 1d1092bff8db27080155541212b420703f8b9c92
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 12:16:36 2015 +0000
+
+ upstream commit
+
+ correct description of UpdateHostKeys in ssh_config.5 and
+ add it to -o lists for ssh, scp and sftp; pointed out by jmc@
+
+commit 5104db7cbd6cdd9c5971f4358e74414862fc1022
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 06:10:03 2015 +0000
+
+ upstream commit
+
+ correctly match ECDSA subtype (== curve) for
+ offered/recevied host keys. Fixes connection-killing host key mismatches when
+ a server offers multiple ECDSA keys with different curve type (an extremely
+ unlikely configuration).
+
+ ok markus, "looks mechanical" deraadt@
+
+commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 03:04:45 2015 +0000
+
+ upstream commit
+
+ Host key rotation support.
+
+ Add a hostkeys@openssh.com protocol extension (global request) for
+ a server to inform a client of all its available host key after
+ authentication has completed. The client may record the keys in
+ known_hosts, allowing it to upgrade to better host key algorithms
+ and a server to gracefully rotate its keys.
+
+ The client side of this is controlled by a UpdateHostkeys config
+ option (default on).
+
+ ok markus@
+
+commit 60b1825262b1f1e24fc72050b907189c92daf18e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 26 02:59:11 2015 +0000
+
+ upstream commit
+
+ small refactor and add some convenience functions; ok
+ markus
+
+commit a5a3e3328ddce91e76f71ff479022d53e35c60c9
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Thu Jan 22 21:00:42 2015 +0000
+
+ upstream commit
+
+ heirarchy -> hierarchy;
+
+commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Thu Jan 22 20:24:41 2015 +0000
+
+ upstream commit
+
+ Provide a warning about chroot misuses (which sadly, seem
+ to have become quite popular because shiny). sshd cannot detect/manage/do
+ anything about these cases, best we can do is warn in the right spot in the
+ man page. ok markus
+
+commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Tue Jan 20 23:14:00 2015 +0000
+
+ upstream commit
+
+ Reduce use of <sys/param.h> and transition to <limits.h>
+ throughout. ok djm markus
+
+commit 57e783c8ba2c0797f93977e83b2a8644a03065d8
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Tue Jan 20 20:16:21 2015 +0000
+
+ upstream commit
+
+ kex_setup errors are fatal()
+
+commit 1d6424a6ff94633c221297ae8f42d54e12a20912
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 20 08:02:33 2015 +0000
+
+ upstream commit
+
+ this test would accidentally delete agent.sh if run without
+ obj/
+
+commit 12b5f50777203e12575f1b08568281e447249ed3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 20 07:56:44 2015 +0000
+
+ upstream commit
+
+ make this compile with KERBEROS5 enabled
+
+commit e2cc6bef08941256817d44d146115b3478586ad4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 20 07:55:33 2015 +0000
+
+ upstream commit
+
+ fix hostkeys in agent; ok markus@
+
+commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 20 10:11:31 2015 +1100
+
+ fix kex test
+
+commit c78a578107c7e6dcf5d30a2f34cb6581bef14029
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:45:25 2015 +0000
+
+ upstream commit
+
+ finally enable the KEX tests I wrote some years ago...
+
+commit 31821d7217e686667d04935aeec99e1fc4a46e7e
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:42:31 2015 +0000
+
+ upstream commit
+
+ adapt to new error message (SSH_ERR_MAC_INVALID)
+
+commit d3716ca19e510e95d956ae14d5b367e364bff7f1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 19 17:31:13 2015 +0000
+
+ upstream commit
+
+ this test was broken in at least two ways, such that it
+ wasn't checking that a KRL was not excluding valid keys
+
+commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:32:39 2015 +0000
+
+ upstream commit
+
+ switch ssh-keyscan from setjmp to multiple ssh transport
+ layer instances ok djm@
+
+commit f582f0e917bb0017b00944783cd5f408bf4b0b5e
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:30:23 2015 +0000
+
+ upstream commit
+
+ add experimental api for packet layer; ok djm@
+
+commit 48b3b2ba75181f11fca7f327058a591f4426cade
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:20:20 2015 +0000
+
+ upstream commit
+
+ store compat flags in struct ssh; ok djm@
+
+commit 57d10cbe861a235dd269c74fb2fe248469ecee9d
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:16:15 2015 +0000
+
+ upstream commit
+
+ adapt kex to sshbuf and struct ssh; ok djm@
+
+commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 20:07:45 2015 +0000
+
+ upstream commit
+
+ move dispatch to struct ssh; ok djm@
+
+commit 091c302829210c41e7f57c3f094c7b9c054306f0
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 19 19:52:16 2015 +0000
+
+ upstream commit
+
+ update packet.c & isolate, introduce struct ssh a) switch
+ packet.c to buffer api and isolate per-connection info into struct ssh b)
+ (de)serialization of the state is moved from monitor to packet.c c) the old
+ packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
+ integrated into packet.c with and ok djm@
+
+commit 4e62cc68ce4ba20245d208b252e74e91d3785b74
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 19 17:35:48 2015 +0000
+
+ upstream commit
+
+ fix format strings in (disabled) debugging
+
+commit d85e06245907d49a2cd0cfa0abf59150ad616f42
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 19 06:01:32 2015 +0000
+
+ upstream commit
+
+ be a bit more careful in these tests to ensure that
+ known_hosts is clean
+
+commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 22:00:18 2015 +0000
+
+ upstream commit
+
+ regression test for known_host file editing using
+ ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
+ markus@
+
+commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 19:54:46 2015 +0000
+
+ upstream commit
+
+ more and better key tests
+
+ test signatures and verification
+ test certificate generation
+ flesh out nested cert test
+
+ removes most of the XXX todo markers
+
+commit 589e69fd82724cfc9738f128e4771da2e6405d0d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 19:53:58 2015 +0000
+
+ upstream commit
+
+ make the signature fuzzing test much more rigorous:
+ ensure that the fuzzed input cases do not match the original (using new
+ fuzz_matches_original() function) and check that the verification fails in
+ each case
+
+commit 80603c0daa2538c349c1c152405580b164d5475f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 19:52:44 2015 +0000
+
+ upstream commit
+
+ add a fuzz_matches_original() function to the fuzzer to
+ detect fuzz cases that are identical to the original data. Hacky
+ implementation, but very useful when you need the fuzz to be different, e.g.
+ when verifying signature
+
+commit 87d5495bd337e358ad69c524fcb9495208c0750b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 19:50:55 2015 +0000
+
+ upstream commit
+
+ better dumps from the fuzzer (shown on errors) -
+ include the original data as well as the fuzzed copy.
+
+commit d59ec478c453a3fff05badbbfd96aa856364f2c2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 19:47:55 2015 +0000
+
+ upstream commit
+
+ enable hostkey-agent.sh test
+
+commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Jan 17 18:54:30 2015 +0000
+
+ upstream commit
+
+ unit test for hostkeys in ssh-agent
+
+commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Thu Jan 15 23:41:29 2015 +0000
+
+ upstream commit
+
+ add kex unit tests
+
+commit d2099dec6da21ae627f6289aedae6bc1d41a22ce
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Mon Jan 19 00:32:54 2015 +0000
+
+ upstream commit
+
+ djm, your /usr/include tree is old
+
+commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 21:51:19 2015 +0000
+
+ upstream commit
+
+ some feedback from markus@: comment hostkeys_foreach()
+ context and avoid a member in it.
+
+commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 21:49:42 2015 +0000
+
+ upstream commit
+
+ make ssh-keygen use hostkeys_foreach(). Removes some
+ horrendous code; ok markus@
+
+commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 21:48:09 2015 +0000
+
+ upstream commit
+
+ convert load_hostkeys() (hostkey ordering and
+ known_host matching) to use the new hostkey_foreach() iterator; ok markus
+
+commit c29811cc480a260e42fd88849fc86a80c1e91038
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 21:40:23 2015 +0000
+
+ upstream commit
+
+ introduce hostkeys_foreach() to allow iteration over a
+ known_hosts file or controlled subset thereof. This will allow us to pull out
+ some ugly and duplicated code, and will be used to implement hostkey rotation
+ later.
+
+ feedback and ok markus
+
+commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Sun Jan 18 14:01:00 2015 +0000
+
+ upstream commit
+
+ string truncation due to sizeof(size) ok djm markus
+
+commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 13:33:34 2015 +0000
+
+ upstream commit
+
+ avoid trailing ',' in host key algorithms
+
+commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jan 18 13:22:28 2015 +0000
+
+ upstream commit
+
+ infer key length correctly when user specified a fully-
+ qualified key name instead of using the -b bits option; ok markus@
+
+commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Jan 17 18:53:34 2015 +0000
+
+ upstream commit
+
+ fix hostkeys on ssh agent; found by unit test I'm about
+ to commit
+
+commit 369d61f17657b814124268f99c033e4dc6e436c1
+Author: schwarze@openbsd.org <schwarze@openbsd.org>
+Date: Fri Jan 16 16:20:23 2015 +0000
+
+ upstream commit
+
+ garbage collect empty .No macros mandoc warns about
+
+commit bb8b442d32dbdb8521d610e10d8b248d938bd747
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 16 15:55:07 2015 +0000
+
+ upstream commit
+
+ regression: incorrect error message on
+ otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
+
+commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 16 07:19:48 2015 +0000
+
+ upstream commit
+
+ when hostname canonicalisation is enabled, try to parse
+ hostnames as addresses before looking them up for canonicalisation. fixes
+ bz#2074 and avoids needless DNS lookups in some cases; ok markus
+
+commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Fri Jan 16 06:40:12 2015 +0000
+
+ upstream commit
+
+ Replace <sys/param.h> with <limits.h> and other less
+ dirty headers where possible. Annotate <sys/param.h> lines with their
+ current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
+ LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
+ MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
+ These are the files confirmed through binary verification. ok guenther,
+ millert, doug (helped with the verification protocol)
+
+commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Thu Jan 15 21:38:50 2015 +0000
+
+ upstream commit
+
+ remove xmalloc, switch to sshbuf
+
+commit e17ac01f8b763e4b83976b9e521e90a280acc097
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Thu Jan 15 21:37:14 2015 +0000
+
+ upstream commit
+
+ switch to sshbuf
+
+commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Thu Jan 15 18:32:54 2015 +0000
+
+ upstream commit
+
+ handle UMAC128 initialization like UMAC; ok djm@ markus@
+
+commit f14564c1f7792446bca143580aef0e7ac25dcdae
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 15 11:04:36 2015 +0000
+
+ upstream commit
+
+ fix regression reported by brad@ for passworded keys without
+ agent present
+
+commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 22:08:23 2015 +1100
+
+ make bitmap test compile
+
+commit d333f89abf7179021e5c3f28673f469abe032062
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 15 07:36:28 2015 +0000
+
+ upstream commit
+
+ unit tests for KRL bitmap
+
+commit 7613f828f49c55ff356007ae9645038ab6682556
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Wed Jan 14 09:58:21 2015 +0000
+
+ upstream commit
+
+ re-add comment about full path
+
+commit 6c43b48b307c41cd656b415621a644074579a578
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Wed Jan 14 09:54:38 2015 +0000
+
+ upstream commit
+
+ don't reset to the installed sshd; connect before
+ reconfigure, too
+
+commit 771bb47a1df8b69061f09462e78aa0b66cd594bf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 13 14:51:51 2015 +0000
+
+ upstream commit
+
+ implement a SIGINFO handler so we can discern a stuck
+ fuzz test from a merely glacial one; prompted by and ok markus
+
+commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 13 08:23:26 2015 +0000
+
+ upstream commit
+
+ use $SSH instead of installed ssh to allow override;
+ spotted by markus@
+
+commit 0920553d0aee117a596b03ed5b49b280d34a32c5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 13 07:49:49 2015 +0000
+
+ upstream commit
+
+ regress test for PubkeyAcceptedKeyTypes; ok markus@
+
+commit 27ca1a5c0095eda151934bca39a77e391f875d17
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 12 20:13:27 2015 +0000
+
+ upstream commit
+
+ unbreak parsing of pubkey comments; with gerhard; ok
+ djm/deraadt
+
+commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 12 11:46:32 2015 +0000
+
+ upstream commit
+
+ fatal if soft-PKCS11 library is missing rather (rather
+ than continue and fail with a more cryptic error)
+
+commit c3554cdd2a1a62434b8161017aa76fa09718a003
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 12 11:12:38 2015 +0000
+
+ upstream commit
+
+ let this test all supporte key types; pointed out/ok
+ markus@
+
+commit 1129dcfc5a3e508635004bcc05a3574cb7687167
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 15 09:40:00 2015 +0000
+
+ upstream commit
+
+ sync ssh-keysign, ssh-keygen and some dependencies to the
+ new buffer/key API; mostly mechanical, ok markus@
+
+commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 15 07:57:08 2015 +0000
+
+ upstream commit
+
+ remove commented-out test code now that it has moved to a
+ proper unit test
+
+commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 20:54:29 2015 +0000
+
+ upstream commit
+
+ whitespace
+
+commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 20:05:27 2015 +0000
+
+ upstream commit
+
+ move authfd.c and its tentacles to the new buffer/key
+ API; ok markus@
+
+commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 19:33:41 2015 +0000
+
+ upstream commit
+
+ fix small regression: ssh-agent would return a success
+ message but an empty signature if asked to sign using an unknown key; ok
+ markus@
+
+commit b03ebe2c22b8166e4f64c37737f4278676e3488d
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 03:08:58 2015 +1100
+
+ more --without-openssl
+
+ fix some regressions caused by upstream merges
+
+ enable KRLs now that they no longer require BIGNUMs
+
+commit bc42cc6fe784f36df225c44c93b74830027cb5a2
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 03:08:29 2015 +1100
+
+ kludge around tun API mismatch betterer
+
+commit c332110291089b624fa0951fbf2d1ee6de525b9f
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 02:59:51 2015 +1100
+
+ some systems lack SO_REUSEPORT
+
+commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 02:35:50 2015 +1100
+
+ fix merge botch
+
+commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 02:35:33 2015 +1100
+
+ unbreak across API change
+
+commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 02:30:18 2015 +1100
+
+ need includes.h for portable OpenSSH
+
+commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 02:21:31 2015 +1100
+
+ support --without-openssl at configure time
+
+ Disables and removes dependency on OpenSSL. Many features don't
+ work and the set of crypto options is greatly restricted. This
+ will only work on system with native arc4random or /dev/urandom.
+
+ Considered highly experimental for now.
+
+commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 15 02:28:00 2015 +1100
+
+ add files missed in last commit
+
+commit a165bab605f7be55940bb8fae977398e8c96a46d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 15:02:39 2015 +0000
+
+ upstream commit
+
+ avoid BIGNUM in KRL code by using a simple bitmap;
+ feedback and ok markus
+
+commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 13:54:13 2015 +0000
+
+ upstream commit
+
+ update sftp client and server to new buffer API. pretty
+ much just mechanical changes; with & ok markus
+
+commit 139ca81866ec1b219c717d17061e5e7ad1059e2a
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Wed Jan 14 13:09:09 2015 +0000
+
+ upstream commit
+
+ switch to sshbuf/sshkey; with & ok djm@
+
+commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jan 14 21:48:18 2015 +1100
+
+ support --without-openssl at configure time
+
+ Disables and removes dependency on OpenSSL. Many features don't
+ work and the set of crypto options is greatly restricted. This
+ will only work on system with native arc4random or /dev/urandom.
+
+ Considered highly experimental for now.
+
+commit 54924b53af15ccdcbb9f89984512b5efef641a31
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 10:46:28 2015 +0000
+
+ upstream commit
+
+ avoid an warning for the !OPENSSL case
+
+commit ae8b463217f7c9b66655bfc3945c050ffdaeb861
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Wed Jan 14 10:30:34 2015 +0000
+
+ upstream commit
+
+ swith auth-options to new sshbuf/sshkey; ok djm@
+
+commit 540e891191b98b89ee90aacf5b14a4a68635e763
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 14 10:29:45 2015 +0000
+
+ upstream commit
+
+ make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
+ markus@
+
+commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Wed Jan 14 10:24:42 2015 +0000
+
+ upstream commit
+
+ remove unneeded includes, sync my copyright across files
+ & whitespace; ok djm@
+
+commit 128343bcdb0b60fc826f2733df8cf979ec1627b4
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Tue Jan 13 19:31:40 2015 +0000
+
+ upstream commit
+
+ adapt mac.c to ssherr.h return codes (de-fatal) and
+ simplify dependencies ok djm@
+
+commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 13 19:04:35 2015 +0000
+
+ upstream commit
+
+ sync changes from libopenssh; prepared by markus@ mostly
+ debug output tweaks, a couple of error return value changes and some other
+ minor stuff
+
+commit 76c0480a85675f03a1376167cb686abed01a3583
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 13 19:38:18 2015 +1100
+
+ add --without-ssh1 option to configure
+
+ Allows disabling support for SSH protocol 1.
+
+commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 13 07:39:19 2015 +0000
+
+ upstream commit
+
+ add sshd_config HostbasedAcceptedKeyTypes and
+ PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
+ will be accepted. Currently defaults to all. Feedback & ok markus@
+
+commit 816d1538c24209a93ba0560b27c4fda57c3fff65
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 12 20:13:27 2015 +0000
+
+ upstream commit
+
+ unbreak parsing of pubkey comments; with gerhard; ok
+ djm/deraadt
+
+commit 0097565f849851812df610b7b6b3c4bd414f6c62
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 12 19:22:46 2015 +0000
+
+ upstream commit
+
+ missing error assigment on sshbuf_put_string()
+
+commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 12 15:18:07 2015 +0000
+
+ upstream commit
+
+ apparently memcpy(x, NULL, 0) is undefined behaviour
+ according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
+ when length==0; ok markus@
+
+commit 905fe30fca82f38213763616d0d26eb6790bde33
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 12 14:05:19 2015 +0000
+
+ upstream commit
+
+ free->sshkey_free; ok djm@
+
+commit f067cca2bc20c86b110174c3fef04086a7f57b13
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Jan 12 13:29:27 2015 +0000
+
+ upstream commit
+
+ allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
+
+commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 8 13:10:58 2015 +0000
+
+ upstream commit
+
+ adjust for sshkey_load_file() API change
+
+commit e752c6d547036c602b89e9e704851463bd160e32
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 8 13:44:36 2015 +0000
+
+ upstream commit
+
+ fix ssh_config FingerprintHash evaluation order; from Petr
+ Lautrbach
+
+commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 8 10:15:45 2015 +0000
+
+ upstream commit
+
+ reorder hostbased key attempts to better match the
+ default hostkey algorithms order in myproposal.h; ok markus@
+
+commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Jan 8 10:14:08 2015 +0000
+
+ upstream commit
+
+ deprecate key_load_private_pem() and
+ sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
+ not require pathnames to be specified (they weren't really used).
+
+ Fixes a few other things en passant:
+
+ Makes ed25519 keys work for hostbased authentication (ssh-keysign
+ previously used the PEM-only routines).
+
+ Fixes key comment regression bz#2306: key pathnames were being lost as
+ comment fields.
+
+ ok markus@
+
+commit febbe09e4e9aff579b0c5cc1623f756862e4757d
+Author: tedu@openbsd.org <tedu@openbsd.org>
+Date: Wed Jan 7 18:15:07 2015 +0000
+
+ upstream commit
+
+ workaround for the Meyer, et al, Bleichenbacher Side
+ Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
+ markus
+
+commit 5191df927db282d3123ca2f34a04d8d96153911a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 23 22:42:48 2014 +0000
+
+ upstream commit
+
+ KNF and add a little more debug()
+
+commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Mon Dec 22 09:26:31 2014 +0000
+
+ upstream commit
+
+ add fingerprinthash to the options list;
+
+commit 296ef0560f60980da01d83b9f0e1a5257826536f
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Mon Dec 22 09:24:59 2014 +0000
+
+ upstream commit
+
+ tweak previous;
+
+commit 462082eacbd37778a173afb6b84c6f4d898a18b5
+Author: Damien Miller <djm@google.com>
+Date: Tue Dec 30 08:16:11 2014 +1100
+
+ avoid uninitialised free of ldns_res
+
+ If an invalid rdclass was passed to getrrsetbyname() then
+ this would execute a free on an uninitialised pointer.
+ OpenSSH only ever calls this with a fixed and valid rdclass.
+
+ Reported by Joshua Rogers
+
+commit 01b63498801053f131a0740eb9d13faf35d636c8
+Author: Damien Miller <djm@google.com>
+Date: Mon Dec 29 18:10:18 2014 +1100
+
+ pull updated OpenBSD BCrypt PBKDF implementation
+
+ Includes fix for 1 byte output overflow for large key length
+ requests (not reachable in OpenSSH).
+
+ Pointed out by Joshua Rogers
+
+commit c528c1b4af2f06712177b3de9b30705752f7cbcb
+Author: Damien Miller <djm@google.com>
+Date: Tue Dec 23 15:26:13 2014 +1100
+
+ fix variable name for IPv6 case in construct_utmpx
+
+ patch from writeonce AT midipix.org via bz#2296
+
+commit 293cac52dcda123244b2e594d15592e5e481c55e
+Author: Damien Miller <djm@google.com>
+Date: Mon Dec 22 16:30:42 2014 +1100
+
+ include and use OpenBSD netcat in regress/
+
+commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 09:05:17 2014 +0000
+
+ upstream commit
+
+ mention ssh -Q feature to list supported { MAC, cipher,
+ KEX, key } algorithms in more places and include the query string used to
+ list the relevant information; bz#2288
+
+commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Mon Dec 22 08:24:17 2014 +0000
+
+ upstream commit
+
+ tweak previous;
+
+commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 08:06:03 2014 +0000
+
+ upstream commit
+
+ regression test for multiple required pubkey authentication;
+ ok markus@
+
+commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 08:04:23 2014 +0000
+
+ upstream commit
+
+ correct description of what will happen when a
+ AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
+ will refuse to start)
+
+commit 161cf419f412446635013ac49e8c660cadc36080
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 07:55:51 2014 +0000
+
+ upstream commit
+
+ make internal handling of filename arguments of "none"
+ more consistent with ssh. "none" arguments are now replaced with NULL when
+ the configuration is finalised.
+
+ Simplifies checking later on (just need to test not-NULL rather than
+ that + strcmp) and cleans up some inconsistencies. ok markus@
+
+commit f69b69b8625be447b8826b21d87713874dac25a6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 07:51:30 2014 +0000
+
+ upstream commit
+
+ remember which public keys have been used for
+ authentication and refuse to accept previously-used keys.
+
+ This allows AuthenticationMethods=publickey,publickey to require
+ that users authenticate using two _different_ pubkeys.
+
+ ok markus@
+
+commit 46ac2ed4677968224c4ca825bc98fc68dae183f0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 07:24:11 2014 +0000
+
+ upstream commit
+
+ fix passing of wildcard forward bind addresses when
+ connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
ok dtucker@
- - djm@cvs.openbsd.org 2011/12/04 23:16:12
- [mux.c]
- revert:
- > revision 1.32
- > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
- > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
- > ok dtucker@
- it interacts badly with ControlPersist
- - djm@cvs.openbsd.org 2012/01/07 21:11:36
- [mux.c]
- fix double-free in new session handler
- NB. Id sync only
- - djm@cvs.openbsd.org 2012/05/23 03:28:28
- [dns.c dns.h key.c key.h ssh-keygen.c]
- add support for RFC6594 SSHFP DNS records for ECDSA key types.
- patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
- (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black)
- - djm@cvs.openbsd.org 2012/06/01 00:49:35
- [PROTOCOL.mux]
- correct types of port numbers (integers, not strings); bz#2004 from
- bert.wesarg AT googlemail.com
- - djm@cvs.openbsd.org 2012/06/01 01:01:22
- [mux.c]
- fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
- AT googlemail.com
- - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
- [jpake.c]
- correct sizeof usage. patch from saw at online.de, ok deraadt
- - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
- [ssh_config.5]
- RSA instead of DSA twice. From Steve.McClellan at radisys com
- - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
- [ssh.1 sshd.8]
- Remove mention of 'three' key files since there are now four. From
- Steve.McClellan at radisys com.
- - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
- [ssh.1]
- Clarify description of -W. Noted by Steve.McClellan at radisys com,
- ok jmc
- - markus@cvs.openbsd.org 2012/06/19 18:25:28
- [servconf.c servconf.h sshd_config.5]
- sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
- this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
- ok djm@ (back in March)
- - jmc@cvs.openbsd.org 2012/06/19 21:35:54
- [sshd_config.5]
- tweak previous; ok markus
- - djm@cvs.openbsd.org 2012/06/20 04:42:58
- [clientloop.c serverloop.c]
- initialise accept() backoff timer to avoid EINVAL from select(2) in
- rekeying
-
-20120519
- - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
- from cjwatson at debian org.
- - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
- pkg-config so it does the right thing when cross-compiling. Patch from
- cjwatson at debian org.
-- (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
- [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
- Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
- to match. Feedback and ok djm@ markus@.
- - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
- [sshd_config.5]
- Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
-
-20120504
- - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
- to fix building on some plaforms. Fom bowman at math utah edu and
- des at des no.
-
-20120427
- - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
- platform rather than exiting early, so that we still clean up and return
- success or failure to test-exec.sh
-
-20120426
- - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
- via Niels
- - (djm) [auth-krb5.c] Save errno across calls that might modify it;
- ok dtucker@
-
-20120423
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2012/04/23 08:18:17
- [channels.c]
- fix function proto/source mismatch
-
-20120422
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2012/02/29 11:21:26
- [ssh-keygen.c]
- allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
- - guenther@cvs.openbsd.org 2012/03/15 03:10:27
- [session.c]
- root should always be excluded from the test for /etc/nologin instead
- of having it always enforced even when marked as ignorenologin. This
- regressed when the logic was incompletely flipped around in rev 1.251
- ok halex@ millert@
- - djm@cvs.openbsd.org 2012/03/28 07:23:22
- [PROTOCOL.certkeys]
- explain certificate extensions/crit split rationale. Mention requirement
- that each appear at most once per cert.
- - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
- [channels.c channels.h servconf.c]
- Add PermitOpen none option based on patch from Loganaden Velvindron
- (bz #1949). ok djm@
- - djm@cvs.openbsd.org 2012/04/11 13:16:19
- [channels.c channels.h clientloop.c serverloop.c]
- don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
- while; ok deraadt@ markus@
- - djm@cvs.openbsd.org 2012/04/11 13:17:54
- [auth.c]
- Support "none" as an argument for AuthorizedPrincipalsFile to indicate
- no file should be read.
- - djm@cvs.openbsd.org 2012/04/11 13:26:40
- [sshd.c]
- don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
- while; ok deraadt@ markus@
- - djm@cvs.openbsd.org 2012/04/11 13:34:17
- [ssh-keyscan.1 ssh-keyscan.c]
- now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
- look for them by default; bz#1971
- - djm@cvs.openbsd.org 2012/04/12 02:42:32
- [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
- VersionAddendum option to allow server operators to append some arbitrary
- text to the SSH-... banner; ok deraadt@ "don't care" markus@
- - djm@cvs.openbsd.org 2012/04/12 02:43:55
- [sshd_config sshd_config.5]
- mention AuthorizedPrincipalsFile=none default
- - djm@cvs.openbsd.org 2012/04/20 03:24:23
- [sftp.c]
- setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
- - jmc@cvs.openbsd.org 2012/04/20 16:26:22
- [ssh.1]
- use "brackets" instead of "braces", for consistency;
-
-20120420
- - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update for release 6.0
- - (djm) [README] Update URL to release notes.
- - (djm) Release openssh-6.0
+
+commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 06:14:29 2014 +0000
+
+ upstream commit
+
+ make this slightly easier to diff against portable
+
+commit 0715bcdddbf68953964058f17255bf54734b8737
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Dec 22 13:47:07 2014 +1100
+
+ add missing regress output file
+
+commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 02:15:52 2014 +0000
+
+ upstream commit
+
+ adjust for new SHA256 key fingerprints and
+ slightly-different MD5 hex fingerprint format
+
+commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 22 01:14:49 2014 +0000
+
+ upstream commit
+
+ poll changes to netcat (usr.bin/netcat.c r1.125) broke
+ this test; fix it by ensuring more stdio fds are sent to devnull
+
+commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Sun Dec 21 23:35:14 2014 +0000
+
+ upstream commit
+
+ tweak previous;
+
+commit b79efde5c3badf5ce4312fe608d8307eade533c5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Dec 21 23:12:42 2014 +0000
+
+ upstream commit
+
+ document FingerprintHash here too
+
+commit d16bdd8027dd116afa01324bb071a4016cdc1a75
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Dec 22 10:18:09 2014 +1100
+
+ missing include for base64 encoding
+
+commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Dec 21 22:27:55 2014 +0000
+
+ upstream commit
+
+ Add FingerprintHash option to control algorithm used for
+ key fingerprints. Default changes from MD5 to SHA256 and format from hex to
+ base64.
+
+ Feedback and ok naddy@ markus@
+
+commit 058f839fe15c51be8b3a844a76ab9a8db550be4f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 18 23:58:04 2014 +0000
+
+ upstream commit
+
+ don't count partial authentication success as a failure
+ against MaxAuthTries; ok deraadt@
+
+commit c7219f4f54d64d6dde66dbcf7a2699daa782d2a1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Dec 12 00:02:17 2014 +0000
+
+ upstream commit
+
+ revert chunk I didn't mean to commit yet; via jmc@
+
+commit 7de5991aa3997e2981440f39c1ea01273a0a2c7b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 18 11:44:06 2014 +1100
+
+ upstream libc change
+
+ revision 1.2
+ date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV;
+ avoid left shift overflow in reallocarray.
+
+ Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
+ 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
+ (size_t)1 so that we get the correct constant size for the platform.
+
+ discussed with tedu@ & deraadt@
+
+commit 2048f85a5e6da8bc6e0532efe02ecfd4e63c978c
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 18 10:15:49 2014 +1100
+
+ include CFLAGS in gnome askpass targets
+
+ from Fedora
+
+commit 48b68ce19ca42fa488960028048dec023f7899bb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 11 08:20:09 2014 +0000
+
+ upstream commit
+
+ explicitly include sys/param.h in files that use the
+ howmany() macro; from portable
+
+commit d663bea30a294d440fef4398e5cd816317bd4518
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 11 05:25:06 2014 +0000
+
+ upstream commit
+
+ mention AuthorizedKeysCommandUser must be set for
+ AuthorizedKeysCommand to be run; bz#2287
+
+commit 17bf3d81e00f2abb414a4fd271118cf4913f049f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 11 05:13:28 2014 +0000
+
+ upstream commit
+
+ show in debug output which hostkeys are being tried when
+ attempting hostbased auth; patch from Iain Morgan
+
+commit da0277e3717eadf5b15e03379fc29db133487e94
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 11 04:16:14 2014 +0000
+
+ upstream commit
+
+ Make manual reflect reality: sftp-server's -d option
+ accepts a "%d" option, not a "%h" one.
+
+ bz#2316; reported by Kirk Wolf
+
+commit 4cf87f4b81fa9380bce5fcff7b0f8382ae3ad996
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Dec 10 01:24:09 2014 +0000
+
+ upstream commit
+
+ better error value for invalid signature length
+
+commit 4bfad14ca56f8ae04f418997816b4ba84e2cfc3c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Dec 10 02:12:51 2014 +1100
+
+ Resync more with OpenBSD's rijndael.c, in particular "#if 0"-ing out some
+ unused code. Should fix compile error reported by plautrba at redhat.
+
+commit 642652d280499691c8212ec6b79724b50008ce09
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Dec 10 01:32:23 2014 +1100
+
+ Add reallocarray to compat library
+
+commit 3dfd8d93dfcc69261f5af99df56f3ff598581979
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 4 22:31:50 2014 +0000
+
+ upstream commit
+
+ add tests for new client RevokedHostKeys option; refactor
+ to make it a bit more readable
+
+commit a31046cad1aed16a0b55171192faa6d02665ccec
+Author: krw@openbsd.org <krw@openbsd.org>
+Date: Wed Nov 19 13:35:37 2014 +0000
+
+ upstream commit
+
+ Nuke yet more obvious #include duplications.
+
+ ok deraadt@
+
+commit a7c762e5b2c1093542c0bc1df25ccec0b4cf479f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 4 20:47:36 2014 +0000
+
+ upstream commit
+
+ key_in_file() wrapper is no longer used
+
+commit 5e39a49930d885aac9c76af3129332b6e772cd75
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 4 02:24:32 2014 +0000
+
+ upstream commit
+
+ add RevokedHostKeys option for the client
+
+ Allow textfile or KRL-based revocation of hostkeys.
+
+commit 74de254bb92c684cf53461da97f52d5ba34ded80
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Dec 4 01:49:59 2014 +0000
+
+ upstream commit
+
+ convert KRL code to new buffer API
+
+ ok markus@
+
+commit db995f2eed5fc432598626fa3e30654503bf7151
+Author: millert@openbsd.org <millert@openbsd.org>
+Date: Wed Nov 26 18:34:51 2014 +0000
+
+ upstream commit
+
+ Prefer setvbuf() to setlinebuf() for portability; ok
+ deraadt@
+
+commit 72bba3d179ced8b425272efe6956a309202a91f3
+Author: jsg@openbsd.org <jsg@openbsd.org>
+Date: Mon Nov 24 03:39:22 2014 +0000
+
+ upstream commit
+
+ Fix crashes in the handling of the sshd config file found
+ with the afl fuzzer.
+
+ ok deraadt@ djm@
+
+commit 867f49c666adcfe92bf539d9c37c1accdea08bf6
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Nov 26 13:22:41 2014 +1100
+
+ Avoid Cygwin ssh-host-config reading /etc/group
+
+ Patch from Corinna Vinschen
+
+commit 8b66f36291a721b1ba7c44f24a07fdf39235593e
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Nov 26 13:20:35 2014 +1100
+
+ allow custom service name for sshd on Cygwin
+
+ Permits the use of multiple sshd running with different service names.
+
+ Patch by Florian Friesdorf via Corinna Vinschen
+
+commit 08c0eebf55d70a9ae1964399e609288ae3186a0c
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Sat Nov 22 19:21:03 2014 +0000
+
+ upstream commit
+
+ restore word zapped in previous, and remove some useless
+ "No" macros;
+
+commit a1418a0033fba43f061513e992e1cbcc3343e563
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Sat Nov 22 18:15:41 2014 +0000
+
+ upstream commit
+
+ /dev/random has created the same effect as /dev/arandom
+ (and /dev/urandom) for quite some time. Mop up the last few, by using
+ /dev/random where we actually want it, or not even mentioning arandom where
+ it is irrelevant.
+
+commit b6de5ac9ed421362f479d1ad4fa433d2e25dad5b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Nov 21 01:00:38 2014 +0000
+
+ upstream commit
+
+ fix NULL pointer dereference crash on invalid timestamp
+
+ found using Michal Zalewski's afl fuzzer
+
+commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e
+Author: mikeb@openbsd.org <mikeb@openbsd.org>
+Date: Tue Nov 18 22:38:48 2014 +0000
+
+ upstream commit
+
+ Sync AES code to the one shipped in OpenSSL/LibreSSL.
+
+ This includes a commit made by Andy Polyakov <appro at openssl ! org>
+ to the OpenSSL source tree on Wed, 28 Jun 2006 with the following
+ message: "Mitigate cache-collision timing attack on last round."
+
+ OK naddy, miod, djm
+
+commit 335c83d5f35d8620e16b8aa26592d4f836e09ad2
+Author: krw@openbsd.org <krw@openbsd.org>
+Date: Tue Nov 18 20:54:28 2014 +0000
+
+ upstream commit
+
+ Nuke more obvious #include duplications.
+
+ ok deraadt@ millert@ tedu@
+
+commit 51b64e44121194ae4bf153dee391228dada2abcb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Nov 17 00:21:40 2014 +0000
+
+ upstream commit
+
+ fix KRL generation when multiple CAs are in use
+
+ We would generate an invalid KRL when revoking certs by serial
+ number for multiple CA keys due to a section being written out
+ twice.
+
+ Also extend the regress test to catch this case by having it
+ produce a multi-CA KRL.
+
+ Reported by peter AT pean.org
+
+commit d2d51003a623e21fb2b25567c4878d915e90aa2a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Nov 18 01:02:25 2014 +0000
+
+ upstream commit
+
+ fix NULL pointer dereference crash in key loading
+
+ found by Michal Zalewski's AFL fuzzer
+
+commit 9f9fad0191028edc43d100d0ded39419b6895fdf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Nov 17 00:21:40 2014 +0000
+
+ upstream commit
+
+ fix KRL generation when multiple CAs are in use
+
+ We would generate an invalid KRL when revoking certs by serial
+ number for multiple CA keys due to a section being written out
+ twice.
+
+ Also extend the regress test to catch this case by having it
+ produce a multi-CA KRL.
+
+ Reported by peter AT pean.org
+
+commit da8af83d3f7ec00099963e455010e0ed1d7d0140
+Author: bentley@openbsd.org <bentley@openbsd.org>
+Date: Sat Nov 15 14:41:03 2014 +0000
+
+ upstream commit
+
+ Reduce instances of `` '' in manuals.
+
+ troff displays these as typographic quotes, but nroff implementations
+ almost always print them literally, which rarely has the intended effect
+ with modern fonts, even in stock xterm.
+
+ These uses of `` '' can be replaced either with more semantic alternatives
+ or with Dq, which prints typographic quotes in a UTF-8 locale (but will
+ automatically fall back to `` '' in an ASCII locale).
+
+ improvements and ok schwarze@
+
+commit fc302561369483bb755b17f671f70fb894aec01d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Nov 10 22:25:49 2014 +0000
+
+ upstream commit
+
+ mux-related manual tweaks
+
+ mention ControlPersist=0 is the same as ControlPersist=yes
+
+ recommend that ControlPath sockets be placed in a og-w directory
+
+commit 0e4cff5f35ed11102fe3783779960ef07e0cd381
+Author: Damien Miller <djm@google.com>
+Date: Wed Nov 5 11:01:31 2014 +1100
+
+ Prepare scripts for next Cygwin release
+
+ Makes the Cygwin-specific ssh-user-config script independent of the
+ existence of /etc/passwd. The next Cygwin release will allow to
+ generate passwd and group entries from the Windows account DBs, so the
+ scripts have to adapt.
+
+ from Corinna Vinschen
+
+commit 7d0ba5336651731949762eb8877ce9e3b52df436
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 30 10:45:41 2014 +1100
+
+ include version number in OpenSSL-too-old error
+
+commit 3bcb92e04d9207e9f78d82f7918c6d3422054ce9
+Author: lteo@openbsd.org <lteo@openbsd.org>
+Date: Fri Oct 24 02:01:20 2014 +0000
+
+ upstream commit
+
+ Remove unnecessary include: netinet/in_systm.h is not needed
+ by these programs.
+
+ NB. skipped for portable
+
+ ok deraadt@ millert@
+
+commit 6fdcaeb99532e28a69f1a1599fbd540bb15b70a0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Oct 20 03:43:01 2014 +0000
+
+ upstream commit
+
+ whitespace
+
+commit 165bc8786299e261706ed60342985f9de93a7461
+Author: daniel@openbsd.org <daniel@openbsd.org>
+Date: Tue Oct 14 03:09:59 2014 +0000
+
+ upstream commit
+
+ plug a memory leak; from Maxime Villard.
+
+ ok djm@
+
+commit b1ba15f3885947c245c2dbfaad0a04ba050abea0
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Thu Oct 9 06:21:31 2014 +0000
+
+ upstream commit
+
+ tweak previous;
+
+commit 259a02ebdf74ad90b41d116ecf70aa823fa4c6e7
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Oct 13 00:38:35 2014 +0000
+
+ upstream commit
+
+ whitespace
+
+commit 957fbceb0f3166e41b76fdb54075ab3b9cc84cba
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 8 22:20:25 2014 +0000
+
+ upstream commit
+
+ Tweak config reparsing with host canonicalisation
+
+ Make the second pass through the config files always run when
+ hostname canonicalisation is enabled.
+
+ Add a "Match canonical" criteria that allows ssh_config Match
+ blocks to trigger only in the second config pass.
+
+ Add a -G option to ssh that causes it to parse its configuration
+ and dump the result to stdout, similar to "sshd -T"
+
+ Allow ssh_config Port options set in the second config parse
+ phase to be applied (they were being ignored).
+
+ bz#2267 bz#2286; ok markus
+
+commit 5c0dafd38bf66feeeb45fa0741a5baf5ad8039ba
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 8 22:15:27 2014 +0000
+
+ upstream commit
+
+ another -Wpointer-sign from clang
+
+commit bb005dc815ebda9af3ae4b39ca101c4da918f835
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 8 22:15:06 2014 +0000
+
+ upstream commit
+
+ fix a few -Wpointer-sign warnings from clang
+
+commit 3cc1fbb4fb0e804bfb873fd363cea91b27fc8188
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 8 21:45:48 2014 +0000
+
+ upstream commit
+
+ parse cert sections using nested buffers to reduce
+ copies; ok markus
+
+commit 4a45922aebf99164e2fc83d34fe55b11ae1866ef
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Oct 6 00:47:15 2014 +0000
+
+ upstream commit
+
+ correct options in usage(); from mancha1 AT zoho.com
+
+commit 48dffd5bebae6fed0556dc5c36cece0370690618
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Sep 9 09:45:36 2014 +0000
+
+ upstream commit
+
+ mention permissions on tun(4) devices in PermitTunnel
+ documentation; bz#2273
+
+commit a5883d4eccb94b16c355987f58f86a7dee17a0c2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Sep 3 18:55:07 2014 +0000
+
+ upstream commit
+
+ tighten permissions on pty when the "tty" group does
+ not exist; pointed out by Corinna Vinschen; ok markus
+
+commit 180bcb406b58bf30723c01a6b010e48ee626dda8
+Author: sobrado@openbsd.org <sobrado@openbsd.org>
+Date: Sat Aug 30 16:32:25 2014 +0000
+
+ upstream commit
+
+ typo.
+
+commit f70b22bcdd52f6bf127047b3584371e6e5d45627
+Author: sobrado@openbsd.org <sobrado@openbsd.org>
+Date: Sat Aug 30 15:33:50 2014 +0000
+
+ upstream commit
+
+ improve capitalization for the Ed25519 public-key
+ signature system.
+
+ ok djm@
+
+commit 7df8818409c752cf3f0c3f8044fe9aebed8647bd
+Author: doug@openbsd.org <doug@openbsd.org>
+Date: Thu Aug 21 01:08:52 2014 +0000
+
+ upstream commit
+
+ Free resources on error in mkstemp and fdopen
+
+ ok djm@
+
+commit 40ba4c9733aaed08304714faeb61529f18da144b
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Wed Aug 20 01:28:55 2014 +0000
+
+ upstream commit
+
+ djm how did you make a typo like that...
+
+commit 57d378ec9278ba417a726f615daad67d157de666
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Aug 19 23:58:28 2014 +0000
+
+ upstream commit
+
+ When dumping the server configuration (sshd -T), print
+ correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
+
+commit 7ff880ede5195d0b17e7f1e3b6cfbc4cb6f85240
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Aug 19 23:57:18 2014 +0000
+
+ upstream commit
+
+ ~-expand lcd paths
+
+commit 4460a7ad0c78d4cd67c467f6e9f4254d0404ed59
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Oct 12 12:35:48 2014 +1100
+
+ remove duplicated KEX_DH1 entry
+
+commit c9b8426a616138d0d762176c94f51aff3faad5ff
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 9 10:34:06 2014 +1100
+
+ remove ChangeLog file
+
+ Commit logs will be generated from git at release time.
+
+commit 81d18ff7c93a04affbf3903e0963859763219aed
+Author: Damien Miller <djm@google.com>
+Date: Tue Oct 7 21:24:25 2014 +1100
+
+ delete contrib/caldera directory
+
+commit 0ec9e87d3638206456968202f05bb5123670607a
+Author: Damien Miller <djm@google.com>
+Date: Tue Oct 7 19:57:27 2014 +1100
+
+ test commit
+
+commit 8fb65a44568701b779f3d77326bceae63412d28d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 7 09:21:49 2014 +1100
+
+ - (djm) Release OpenSSH-6.7
+
+commit e8c9f2602c46f6781df5e52e6cd8413dab4602a3
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Oct 3 09:24:56 2014 +1000
+
+ - (djm) [sshd_config.5] typo; from Iain Morgan
+
+commit 703b98a26706f5083801d11059486d77491342ae
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 1 09:43:07 2014 +1000
+
+ - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
+ [openbsd-compat/openbsd-compat.h] Kludge around bad glibc
+ _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
+ ok dtucker@
+
+commit 0fa0ed061bbfedb0daa705e220748154a84c3413
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Sep 10 08:15:34 2014 +1000
+
+ - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
+ patch from Felix von Leitner; ok dtucker
+
+commit ad7d23d461c3b7e1dcb15db13aee5f4b94dc1a95
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Sep 9 12:23:10 2014 +1000
+
+ 20140908
+ - (dtucker) [INSTALL] Update info about egd. ok djm@
+
+commit 2a8699f37cc2515e3bc60e0c677ba060f4d48191
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Sep 4 03:46:05 2014 +1000
+
+ - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG
+
+commit 44988defb1f5e3afe576d86000365e1f07a1b494
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Sep 3 05:35:32 2014 +1000
+
+ - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
+ permissions/ACLs; from Corinna Vinschen
+
+commit 23f269562b7537b2f6f5014e50a25e5dcc55a837
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Sep 3 05:33:25 2014 +1000
+
+ - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
+ conditionalise to avoid duplicate definition.
+
+commit 41c8de2c0031cf59e7cf0c06b5bcfbf4852c1fda
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Aug 30 16:23:06 2014 +1000
+
+ - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@
+
+commit d7c81e216a7bd9eed6e239c970d9261bb1651947
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Aug 30 04:18:28 2014 +1000
+
+ - (djm) [openbsd-compat/openssl-compat.h] add include guard
+
+commit 4687802dda57365b984b897fc3c8e2867ea09b22
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Aug 30 03:29:19 2014 +1000
+
+ - (djm) [misc.c] Missing newline between functions
+
+commit 51c77e29220dee87c53be2dc47092934acab26fe
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Aug 30 02:30:30 2014 +1000
+
+ - (djm) [openbsd-compat/openssl-compat.h] add
+ OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
+
+commit 3d673d103bad35afaec6e7ef73e5277216ce33a3
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 27 06:32:01 2014 +1000
+
+ - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
+ using memset_s() where possible; improve fallback to indirect bzero
+ via a volatile pointer to give it more of a chance to avoid being
+ optimised away.
+
+commit 146218ac11a1eb0dcade6f793d7acdef163b5ddc
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 27 04:11:55 2014 +1000
+
+ - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
+ monitor, not preauth; bz#2263
+
+commit 1b215c098b3b37e38aa4e4c91bb908eee41183b1
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 27 04:04:40 2014 +1000
+
+ - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
+ [regress/unittests/sshkey/common.c]
+ [regress/unittests/sshkey/test_file.c]
+ [regress/unittests/sshkey/test_fuzz.c]
+ [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
+ on !ECC OpenSSL systems
+
+commit ad013944af0a19e3f612089d0099bb397cf6502d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 26 09:27:28 2014 +1000
+
+ - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
+ update OpenSSL version requirement.
+
+commit ed126de8ee04c66640a0ea2697c4aaf36801f100
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 26 08:37:47 2014 +1000
+
+ - (djm) [bufec.c] Skip this file on !ECC OpenSSL
+
+commit 9c1dede005746864a4fdb36a7cdf6c51296ca909
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Aug 24 03:01:06 2014 +1000
+
+ - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
+ PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
+
+commit d244a5816fd1312a33404b436e4dd83594f1119e
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Aug 23 17:06:49 2014 +1000
+
+ - (djm) [configure.ac] We now require a working vsnprintf everywhere (not
+ just for systems that lack asprintf); check for it always and extend
+ test to catch more brokenness. Fixes builds on Solaris <= 9
+
+commit 4cec036362a358e398e6a2e6d19d8e5780558634
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Aug 23 03:11:09 2014 +1000
+
+ - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
+ lastlog writing on platforms with high UIDs; bz#2263
+
+commit 394a60f2598d28b670d934b93942a3370b779b39
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 22 18:06:20 2014 +1000
+
+ - (djm) [configure.ac] double braces to appease autoconf
+
+commit 4d69aeabd6e60afcdc7cca177ca751708ab79a9d
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 22 17:48:27 2014 +1000
+
+ - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
+ definition mismatch) and warning for broken/missing snprintf case.
+
+commit 0c11f1ac369d2c0aeb0ab0458a7cd04c72fe5e9e
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 22 17:36:56 2014 +1000
+
+ - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC
+
+commit 6d62784b8973340b251fea6b04890f471adf28db
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 22 17:36:19 2014 +1000
+
+ - (djm) [configure.ac] include leading zero characters in OpenSSL version
+ number; fixes test for unsupported versions
+
+commit 4f1ff1ed782117f5d5204d4e91156ed5da07cbb7
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Aug 21 15:54:50 2014 +1000
+
+ - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
+ don't set __progname. Diagnosed by Tom Christensen.
+
+commit 005a64da0f457410045ef0bfa93c863c2450447d
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Aug 21 10:48:41 2014 +1000
+
+ - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL
+
+commit aa6598ebb3343c7380e918388e10e8ca5852b613
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Aug 21 10:47:54 2014 +1000
+
+ - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.
+
+commit 54703e3cf63f0c80d4157e5ad7dbc2b363ee2c56
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 20 11:10:51 2014 +1000
+
+ - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna
+
+commit f0935698f0461f24d8d1f1107b476ee5fd4db1cb
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 20 11:06:50 2014 +1000
+
+ - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC
+
+commit c5089ecaec3b2c02f014f4e67518390702a4ba14
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 20 11:06:20 2014 +1000
+
+ - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than
+ -L/-l; fixes linking problems on some platforms
+
+commit 2195847e503a382f83ee969b0a8bd3dfe0e55c18
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 20 11:05:03 2014 +1000
+
+ - (djm) [configure.ac] Check OpenSSL version is supported at configure time;
+ suggested by Kevin Brott
+
+commit a75aca1bbc989aa9f8b1b08489d37855f3d24d1a
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 19 11:36:07 2014 +1000
+
+ - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README]
+ [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions
+ of TCP wrappers.
+
+commit 3f022b5a9477abceeb1bbeab04b055f3cc7ca8f6
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 19 11:32:34 2014 +1000
+
+ - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG
+
+commit 88137902632aceb923990e98cf5dc923bb3ef2f5
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 19 11:28:11 2014 +1000
+
+ - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC.
+
+commit 2f3d1e7fb2eabd3cfbfd8d0f7bdd2f9a1888690b
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 19 11:14:36 2014 +1000
+
+ - (djm) [myproposal.h] Make curve25519 KEX dependent on
+ HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
+
+commit d4e7d59d01a6c7f59e8c1f94a83c086e9a33d8aa
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Aug 19 11:14:17 2014 +1000
+
+ - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen
+
+commit 9eaeea2cf2b6af5f166cfa9ad3c7a90711a147a9
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Aug 10 11:35:05 2014 +1000
+
+ - (djm) [README contrib/caldera/openssh.spec]
+ [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
+
+commit f8988fbef0c9801d19fa2f8f4f041690412bec37
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 1 13:31:52 2014 +1000
+
+ - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate
+ nc from stdin, it's more portable
+
+commit 5b3879fd4b7a4e3d43bab8f40addda39bc1169d0
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 1 12:28:31 2014 +1000
+
+ - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin
+ is closed; avoid regress failures when stdin is /dev/null
+
+commit a9c46746d266f8a1b092a72b2150682d1af8ebfc
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 1 12:26:49 2014 +1000
+
+ - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
+ a better solution, but this will have to do for now.
+
+commit 426117b2e965e43f47015942b5be8dd88fe74b88
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 30 12:33:20 2014 +1000
+
+ - schwarze@cvs.openbsd.org 2014/07/28 15:40:08
+ [sftp-server.8 sshd_config.5]
+ some systems no longer need /dev/log;
+ issue noticed by jirib;
+ ok deraadt
+
+commit f497794b6962eaf802ab4ac2a7b22ae591cca1d5
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 30 12:32:46 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/07/25 21:22:03
+ [ssh-agent.c]
+ Clear buffer used for handling messages. This prevents keys being
+ left in memory after they have been expired or deleted in some cases
+ (but note that ssh-agent is setgid so you would still need root to
+ access them). Pointed out by Kevin Burns, ok deraadt
+
+commit a8a0f65c57c8ecba94d65948e9090da54014dfef
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 30 12:32:28 2014 +1000
+
+ - OpenBSD CVS Sync
+ - millert@cvs.openbsd.org 2014/07/24 22:57:10
+ [ssh.1]
+ Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
+
+commit 56b840f2b81e14a2f95c203403633a72566736f8
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 25 08:11:30 2014 +1000
+
+ - (djm) [regress/multiplex.sh] restore incorrectly deleted line;
+ pointed out by Christian Hesse
+
+commit dd417b60d5ca220565d1014e92b7f8f43dc081eb
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 10:41:21 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/07/22 23:35:38
+ [regress/unittests/sshkey/testdata/*]
+ Regenerate test keys with certs signed with ed25519 instead of ecdsa.
+ These can be used in -portable on platforms that don't support ECDSA.
+
+commit 40e50211896369dba8f64f3b5e5fd58b76f5ac3f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 10:35:45 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/07/22 23:57:40
+ [regress/unittests/sshkey/mktestdata.sh]
+ Add $OpenBSD tag to make syncs easier
+
+commit 07e644251e809b1d4c062cf85bd1146a7e3f5a8a
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 10:34:26 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/07/22 23:23:22
+ [regress/unittests/sshkey/mktestdata.sh]
+ Sign test certs with ed25519 instead of ecdsa so that they'll work in
+ -portable on platforms that don't have ECDSA in their OpenSSL. ok djm
+
+commit cea099a7c4eaecb01b001e5453bb4e5c25006c22
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 10:04:02 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/22 01:32:12
+ [regress/multiplex.sh]
+ change the test for still-open Unix domain sockets to be robust against
+ nc implementations that produce error messages. from -portable
+ (Id sync only)
+
+commit 31eb78078d349b32ea41952ecc944b3ad6cb0d45
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 09:43:42 2014 +1000
+
+ - guenther@cvs.openbsd.org 2014/07/22 07:13:42
+ [umac.c]
+ Convert from <sys/endian.h> to the shiney new <endian.h>
+ ok dtucker@, who also confirmed that -portable handles this already
+ (ID sync only, includes.h pulls in endian.h if available.)
+
+commit 820763efef2d19d965602533036c2b4badc9d465
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 09:40:46 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/07/22 01:18:50
+ [key.c]
+ Prevent spam from key_load_private_pem during hostbased auth. ok djm@
+
+commit c4ee219a66f3190fa96cbd45b4d11015685c6306
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jul 23 04:27:50 2014 +1000
+
+ - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
+ specific tests inside OPENSSL_HAS_ECC.
+
+commit 04f4824940ea3edd60835416ececbae16438968a
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jul 22 11:31:47 2014 +1000
+
+ - (djm) [regress/multiplex.sh] change the test for still-open Unix
+ domain sockets to be robust against nc implementations that produce
+ error messages.
+
+commit 5ea4fe00d55453aaa44007330bb4c3181bd9b796
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jul 22 09:39:19 2014 +1000
+
+ - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;
+ put it back
+
+commit 948a1774a79a85f9deba6d74db95f402dee32c69
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jul 22 01:07:11 2014 +1000
+
+ - (dtucker) [sshkey.c] ifdef out unused variable when compiling without
+ OPENSSL_HAS_ECC.
+
+commit c8f610f6cc57ae129758052439d9baf13699097b
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Jul 21 10:23:27 2014 +1000
+
+ - (djm) [regress/multiplex.sh] Not all netcat accept the -N option.
+
+commit 0e4e95566cd95c887f69272499b8f3880b3ec0f5
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Jul 21 09:52:54 2014 +1000
+
+ - millert@cvs.openbsd.org 2014/07/15 15:54:15
+ [forwarding.sh multiplex.sh]
+ Add support for Unix domain socket forwarding. A remote TCP port
+ may be forwarded to a local Unix domain socket and vice versa or
+ both ends may be a Unix domain socket. This is a reimplementation
+ of the streamlocal patches by William Ahern from:
+ http://www.25thandclement.com/~william/projects/streamlocal.html
+ OK djm@ markus@
+
+commit 93a87ab27ecdc709169fb24411133998f81e2761
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jul 21 06:30:25 2014 +1000
+
+ - (dtucker) [regress/unittests/sshkey/
+ {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
+ ifdefs.
+
+commit 5573171352ea23df2dc6d2fe0324d023b7ba697c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jul 21 02:24:59 2014 +1000
+
+ - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
+ needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
+
+commit 74e28682711d005026c7c8f15f96aea9d3c8b5a3
+Author: Tim Rice <tim@multitalents.net>
+Date: Fri Jul 18 20:00:11 2014 -0700
+
+ - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used
+ in servconf.h.
+
+commit d1a0421f8e5e933fee6fb58ee6b9a22c63c8a613
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jul 19 07:23:55 2014 +1000
+
+ - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC.
+
+commit f0fe9ea1be62227c130b317769de3d1e736b6dc1
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jul 19 06:33:12 2014 +1000
+
+ - (dtucker) [Makefile.in] Add a t-exec target to run just the executable
+ tests.
+
+commit 450bc1180d4b061434a4b733c5c8814fa30b022b
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jul 19 06:23:18 2014 +1000
+
+ - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used
+ in servconf.h.
+
+commit ab2ec586baad122ed169285c31927ccf58bc7b28
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 15:04:47 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/18 02:46:01
+ [ssh-agent.c]
+ restore umask around listener socket creation (dropped in streamlocal patch
+ merge)
+
+commit 357610d15946381ae90c271837dcdd0cdce7145f
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 15:04:10 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/17 07:22:19
+ [mux.c ssh.c]
+ reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
+ previously we were always returning 0. bz#2255 reported by Brendan
+ Germain; ok dtucker
+
+commit dad9a4a0b7c2b5d78605f8df28718f116524134e
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 15:03:49 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/17 00:12:03
+ [key.c]
+ silence "incorrect passphrase" error spam; reported and ok dtucker@
+
+commit f42f7684ecbeec6ce50e0310f80b3d6da2aaf533
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 15:03:27 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/17 00:10:18
+ [mux.c]
+ preserve errno across syscall
+
+commit 1b83320628cb0733e3688b85bfe4d388a7c51909
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 15:03:02 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/17 00:10:56
+ [sandbox-systrace.c]
+ ifdef SYS_sendsyslog so this will compile without patching on -stable
+
+commit 6d57656331bcd754d912950e4a18ad259d596e61
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 15:02:06 2014 +1000
+
+ - jmc@cvs.openbsd.org 2014/07/16 14:48:57
+ [ssh.1]
+ add the streamlocal* options to ssh's -o list; millert says they're
+ irrelevant for scp/sftp;
+
+ ok markus millert
+
+commit 7acefbbcbeab725420ea07397ae35992f505f702
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 18 14:11:24 2014 +1000
+
+ - millert@cvs.openbsd.org 2014/07/15 15:54:14
+ [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+ [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
+ [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
+ [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
+ [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
+ [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
+ [sshd_config.5 sshlogin.c]
+ Add support for Unix domain socket forwarding. A remote TCP port
+ may be forwarded to a local Unix domain socket and vice versa or
+ both ends may be a Unix domain socket. This is a reimplementation
+ of the streamlocal patches by William Ahern from:
+ http://www.25thandclement.com/~william/projects/streamlocal.html
+ OK djm@ markus@
+
+commit 6262d760e00714523633bd989d62e273a3dca99a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 17 09:52:07 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/07/11 13:54:34
+ [myproposal.h]
+ by popular demand, add back hamc-sha1 to server proposal for better compat
+ with many clients still in use. ok deraadt
+
+commit 9d69d937b46ecba17f16d923e538ceda7b705c7a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 17 09:49:37 2014 +1000
+
+ - deraadt@cvs.openbsd.org 2014/07/11 08:09:54
+ [sandbox-systrace.c]
+ Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking,
+ update your kernels and sshd soon.. libc will start using sendsyslog()
+ in about 4 days.
+
+commit f6293a0b4129826fc2e37e4062f96825df43c326
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 17 09:01:25 2014 +1000
+
+ - (djm) [digest-openssl.c] Preserve array order when disabling digests.
+ Reported by Petr Lautrbach.
+
+commit 00f9cd230709c04399ef5ff80492d70a55230694
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jul 15 10:41:38 2014 +1000
+
+ - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
+ has been located; fixes builds agains libressl-portable
+
+commit 1d0df3249c87019556b83306c28d4769375c2edc
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 11 09:19:04 2014 +1000
+
+ - OpenBSD CVS Sync
+ - benno@cvs.openbsd.org 2014/07/09 14:15:56
+ [ssh-add.c]
+ fix ssh-add crash while loading more than one key
+ ok markus@
+
+commit 7a57eb3d105aa4ced15fb47001092c58811e6d9d
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 9 13:22:31 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/07 08:15:26
+ [multiplex.sh]
+ remove forced-fatal that I stuck in there to test the new cleanup
+ logic and forgot to remove...
+
+commit 612f965239a30fe536b11ece1834d9f470aeb029
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 9 13:22:03 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/06 07:42:03
+ [multiplex.sh test-exec.sh]
+ add a hook to the cleanup() function to kill $SSH_PID if it is set
+
+ use it to kill the mux master started in multiplex.sh (it was being left
+ around on fatal failures)
+
+commit d0bb950485ba121e43a77caf434115ed6417b46f
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 9 13:07:28 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/09 03:02:15
+ [key.c]
+ downgrade more error() to debug() to better match what old authfile.c
+ did; suppresses spurious errors with hostbased authentication enabled
+
+commit 0070776a038655c57f57e70cd05e4c38a5de9d84
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 9 13:07:06 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/09 01:45:10
+ [sftp.c]
+ more useful error message when GLOB_NOSPACE occurs;
+ bz#2254, patch from Orion Poplawski
+
+commit 079bac2a43c74ef7cf56850afbab3b1932534c50
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 9 13:06:25 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/07 08:19:12
+ [ssh_config.5]
+ mention that ProxyCommand is executed using shell "exec" to avoid
+ a lingering process; bz#1977
+
+commit 3a48cc090096cf99b9de592deb5f90e444edebfb
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jul 6 09:32:49 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/05 23:11:48
+ [channels.c]
+ fix remote-forward cancel regression; ok markus@
+
+commit 48bae3a38cb578713e676708164f6e7151cc64fa
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jul 6 09:27:06 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 23:18:35
+ [authfile.h]
+ remove leakmalloc droppings
+
+commit 72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 4 09:00:04 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 22:40:43
+ [servconf.c servconf.h session.c sshd.8 sshd_config.5]
+ Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
+ executed, mirroring the no-user-rc authorized_keys option;
+ bz#2160; ok markus@
+
+commit 602943d1179a08dfa70af94f62296ea5e3d6ebb8
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 4 08:59:41 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 22:33:41
+ [channels.c]
+ allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
+ GatewayPorts=no; allows client to choose address family;
+ bz#2222 ok markus@
+
+commit 6b37fbb7921d156b31e2c8f39d9e1b6746c34983
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 4 08:59:24 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 22:23:46
+ [sshconnect.c]
+ when rekeying, skip file/DNS lookup if it is the same as the key sent
+ during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
+
+commit d2c3cd5f2e47ee24cf7093ce8e948c2e79dfc3fd
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jul 4 08:59:01 2014 +1000
+
+ - jsing@cvs.openbsd.org 2014/07/03 12:42:16
+ [cipher-chachapoly.c]
+ Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this
+ makes it easier to verify that chacha_encrypt_bytes() is only called once
+ per chacha_ivsetup() call.
+ ok djm@
+
+commit 686feb560ec43a06ba04da82b50f3c183c947309
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:29:38 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 11:16:55
+ [auth.c auth.h auth1.c auth2.c]
+ make the "Too many authentication failures" message include the
+ user, source address, port and protocol in a format similar to the
+ authentication success / failure messages; bz#2199, ok dtucker
+
+commit 0f12341402e18fd9996ec23189b9418d2722453f
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:28:09 2014 +1000
+
+ - jmc@cvs.openbsd.org 2014/07/03 07:45:27
+ [ssh_config.5]
+ escape %C since groff thinks it part of an Rs/Re block;
+
+commit 9c38643c5cd47a19db2cc28279dcc28abadc22b3
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:27:46 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 06:39:19
+ [ssh.c ssh_config.5]
+ Add a %C escape sequence for LocalCommand and ControlPath that expands
+ to a unique identifer based on a has of the tuple of (local host,
+ remote user, hostname, port).
+
+ Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
+ control paths.
+
+ bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
+
+commit 49d9bfe2b2f3e90cc158a215dffa7675e57e7830
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:26:42 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 05:38:17
+ [ssh.1]
+ document that -g will only work in the multiplexed case if applied to
+ the mux master
+
+commit ef9f13ba4c58057b2166d1f2e790535da402fbe5
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:26:21 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 05:32:36
+ [ssh_config.5]
+ mention '%%' escape sequence in HostName directives and how it may
+ be used to specify IPv6 link-local addresses
+
+commit e6a407789e5432dd2e53336fb73476cc69048c54
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:25:03 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 04:36:45
+ [digest.h]
+ forward-declare struct sshbuf so consumers don't need to include sshbuf.h
+
+commit 4a1d3d50f02d0a8a4ef95ea4749293cbfb89f919
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:24:40 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 03:47:27
+ [ssh-keygen.c]
+ When hashing or removing hosts using ssh-keygen, don't choke on
+ @revoked markers and don't remove @cert-authority markers;
+ bz#2241, reported by mlindgren AT runelind.net
+
+commit e5c0d52ceb575c3db8c313e0b1aa3845943d7ba8
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:24:19 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 03:34:09
+ [gss-serv.c session.c ssh-keygen.c]
+ standardise on NI_MAXHOST for gethostname() string lengths; about
+ 1/2 the cases were using it already. Fixes bz#2239 en passant
+
+commit c174a3b7c14e0d178c61219de2aa1110e209950c
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:23:24 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 03:26:43
+ [digest-openssl.c]
+ use EVP_Digest() for one-shot hash instead of creating, updating,
+ finalising and destroying a context.
+ bz#2231, based on patch from Timo Teras
+
+commit d7ca2cd31ecc4d63a055e2dcc4bf35c13f2db4c5
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:23:01 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 03:15:01
+ [ssh-add.c]
+ make stdout line-buffered; saves partial output getting lost when
+ ssh-add fatal()s part-way through (e.g. when listing keys from an
+ agent that supports key types that ssh-add doesn't);
+ bz#2234, reported by Phil Pennock
+
+commit b1e967c8d7c7578dd0c172d85b3046cf54ea42ba
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:22:40 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 03:11:03
+ [ssh-agent.c]
+ Only cleanup agent socket in the main agent process and not in any
+ subprocesses it may have started (e.g. forked askpass). Fixes
+ agent sockets being zapped when askpass processes fatal();
+ bz#2236 patch from Dmitry V. Levin
+
+commit 61e28e55c3438d796b02ef878bcd28620d452670
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 21:22:22 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/07/03 01:45:38
+ [sshkey.c]
+ make Ed25519 keys' title fit properly in the randomart border; bz#2247
+ based on patch from Christian Hesse
+
+commit 9eb4cd9a32c32d40d36450b68ed93badc6a94c68
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 13:29:50 2014 +1000
+
+ - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist;
+ bz#2237
+
+commit 8da0fa24934501909408327298097b1629b89eaa
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 3 11:54:19 2014 +1000
+
+ - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
+ doesn't support it.
+
+commit 81309c857dd0dbc0a1245a16d621c490ad48cfbb
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 17:45:55 2014 +1000
+
+ - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test
+
+commit 82b2482ce68654815ee049b9bf021bb362a35ff2
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 17:43:41 2014 +1000
+
+ - (djm) [sshkey.c] Conditionalise inclusion of util.h
+
+commit dd8b1dd7933eb6f5652641b0cdced34a387f2e80
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 17:38:31 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/24 01:14:17
+ [Makefile.in regress/Makefile regress/unittests/Makefile]
+ [regress/unittests/sshkey/Makefile]
+ [regress/unittests/sshkey/common.c]
+ [regress/unittests/sshkey/common.h]
+ [regress/unittests/sshkey/mktestdata.sh]
+ [regress/unittests/sshkey/test_file.c]
+ [regress/unittests/sshkey/test_fuzz.c]
+ [regress/unittests/sshkey/test_sshkey.c]
+ [regress/unittests/sshkey/tests.c]
+ [regress/unittests/sshkey/testdata/dsa_1]
+ [regress/unittests/sshkey/testdata/dsa_1-cert.fp]
+ [regress/unittests/sshkey/testdata/dsa_1-cert.pub]
+ [regress/unittests/sshkey/testdata/dsa_1.fp]
+ [regress/unittests/sshkey/testdata/dsa_1.fp.bb]
+ [regress/unittests/sshkey/testdata/dsa_1.param.g]
+ [regress/unittests/sshkey/testdata/dsa_1.param.priv]
+ [regress/unittests/sshkey/testdata/dsa_1.param.pub]
+ [regress/unittests/sshkey/testdata/dsa_1.pub]
+ [regress/unittests/sshkey/testdata/dsa_1_pw]
+ [regress/unittests/sshkey/testdata/dsa_2]
+ [regress/unittests/sshkey/testdata/dsa_2.fp]
+ [regress/unittests/sshkey/testdata/dsa_2.fp.bb]
+ [regress/unittests/sshkey/testdata/dsa_2.pub]
+ [regress/unittests/sshkey/testdata/dsa_n]
+ [regress/unittests/sshkey/testdata/dsa_n_pw]
+ [regress/unittests/sshkey/testdata/ecdsa_1]
+ [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp]
+ [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub]
+ [regress/unittests/sshkey/testdata/ecdsa_1.fp]
+ [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb]
+ [regress/unittests/sshkey/testdata/ecdsa_1.param.curve]
+ [regress/unittests/sshkey/testdata/ecdsa_1.param.priv]
+ [regress/unittests/sshkey/testdata/ecdsa_1.param.pub]
+ [regress/unittests/sshkey/testdata/ecdsa_1.pub]
+ [regress/unittests/sshkey/testdata/ecdsa_1_pw]
+ [regress/unittests/sshkey/testdata/ecdsa_2]
+ [regress/unittests/sshkey/testdata/ecdsa_2.fp]
+ [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb]
+ [regress/unittests/sshkey/testdata/ecdsa_2.param.curve]
+ [regress/unittests/sshkey/testdata/ecdsa_2.param.priv]
+ [regress/unittests/sshkey/testdata/ecdsa_2.param.pub]
+ [regress/unittests/sshkey/testdata/ecdsa_2.pub]
+ [regress/unittests/sshkey/testdata/ecdsa_n]
+ [regress/unittests/sshkey/testdata/ecdsa_n_pw]
+ [regress/unittests/sshkey/testdata/ed25519_1]
+ [regress/unittests/sshkey/testdata/ed25519_1-cert.fp]
+ [regress/unittests/sshkey/testdata/ed25519_1-cert.pub]
+ [regress/unittests/sshkey/testdata/ed25519_1.fp]
+ [regress/unittests/sshkey/testdata/ed25519_1.fp.bb]
+ [regress/unittests/sshkey/testdata/ed25519_1.pub]
+ [regress/unittests/sshkey/testdata/ed25519_1_pw]
+ [regress/unittests/sshkey/testdata/ed25519_2]
+ [regress/unittests/sshkey/testdata/ed25519_2.fp]
+ [regress/unittests/sshkey/testdata/ed25519_2.fp.bb]
+ [regress/unittests/sshkey/testdata/ed25519_2.pub]
+ [regress/unittests/sshkey/testdata/pw]
+ [regress/unittests/sshkey/testdata/rsa1_1]
+ [regress/unittests/sshkey/testdata/rsa1_1.fp]
+ [regress/unittests/sshkey/testdata/rsa1_1.fp.bb]
+ [regress/unittests/sshkey/testdata/rsa1_1.param.n]
+ [regress/unittests/sshkey/testdata/rsa1_1.pub]
+ [regress/unittests/sshkey/testdata/rsa1_1_pw]
+ [regress/unittests/sshkey/testdata/rsa1_2]
+ [regress/unittests/sshkey/testdata/rsa1_2.fp]
+ [regress/unittests/sshkey/testdata/rsa1_2.fp.bb]
+ [regress/unittests/sshkey/testdata/rsa1_2.param.n]
+ [regress/unittests/sshkey/testdata/rsa1_2.pub]
+ [regress/unittests/sshkey/testdata/rsa_1]
+ [regress/unittests/sshkey/testdata/rsa_1-cert.fp]
+ [regress/unittests/sshkey/testdata/rsa_1-cert.pub]
+ [regress/unittests/sshkey/testdata/rsa_1.fp]
+ [regress/unittests/sshkey/testdata/rsa_1.fp.bb]
+ [regress/unittests/sshkey/testdata/rsa_1.param.n]
+ [regress/unittests/sshkey/testdata/rsa_1.param.p]
+ [regress/unittests/sshkey/testdata/rsa_1.param.q]
+ [regress/unittests/sshkey/testdata/rsa_1.pub]
+ [regress/unittests/sshkey/testdata/rsa_1_pw]
+ [regress/unittests/sshkey/testdata/rsa_2]
+ [regress/unittests/sshkey/testdata/rsa_2.fp]
+ [regress/unittests/sshkey/testdata/rsa_2.fp.bb]
+ [regress/unittests/sshkey/testdata/rsa_2.param.n]
+ [regress/unittests/sshkey/testdata/rsa_2.param.p]
+ [regress/unittests/sshkey/testdata/rsa_2.param.q]
+ [regress/unittests/sshkey/testdata/rsa_2.pub]
+ [regress/unittests/sshkey/testdata/rsa_n]
+ [regress/unittests/sshkey/testdata/rsa_n_pw]
+ unit and fuzz tests for new key API
+
+commit c1dc24b71f087f385b92652b9673f52af64e0428
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 17:02:03 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/24 01:04:43
+ [regress/krl.sh]
+ regress test for broken consecutive revoked serial number ranges
+
+commit 43d3ed2dd3feca6d0326c7dc82588d2faa115e92
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 17:01:08 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/05/21 07:04:21
+ [regress/integrity.sh]
+ when failing because of unexpected output, show the offending output
+
+commit 5a96707ffc8d227c2e7d94fa6b0317f8a152cf4e
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:38:05 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/30 05:32:00
+ [regress/Makefile]
+ unit tests for new buffer API; including basic fuzz testing
+ NB. Id sync only.
+
+commit 3ff92ba756aee48e4ae3e0aeff7293517b3dd185
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:33:09 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/30 12:54:39
+ [key.c]
+ suppress spurious error message when loading key with a passphrase;
+ reported by kettenis@ ok markus@
+ - djm@cvs.openbsd.org 2014/07/02 04:59:06
+ [cipher-3des1.c]
+ fix ssh protocol 1 on the server that regressed with the sshkey change
+ (sometimes fatal() after auth completed), make file return useful status
+ codes.
+ NB. Id sync only for these two. They were bundled into the sshkey merge
+ above, since it was easier to sync the entire file and then apply
+ portable-specific changed atop it.
+
+commit ec3d0e24a1e46873d80507f5cd8ee6d0d03ac5dc
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:30:00 2014 +1000
+
+ - markus@cvs.openbsd.org 2014/06/27 18:50:39
+ [ssh-add.c]
+ fix loading of private keys
+
+commit 4b3ed647d5b328cf68e6a8ffbee490d8e0683e82
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:29:40 2014 +1000
+
+ - markus@cvs.openbsd.org 2014/06/27 16:41:56
+ [channels.c channels.h clientloop.c ssh.c]
+ fix remote fwding with same listen port but different listen address
+ with gerhard@, ok djm@
+
+commit 9e01ff28664921ce9b6500681333e42fb133b4d0
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:29:21 2014 +1000
+
+ - deraadt@cvs.openbsd.org 2014/06/25 14:16:09
+ [sshbuf.c]
+ unblock SIGSEGV before raising it
+ ok djm
+
+commit 1845fe6bda0729e52f4c645137f4fc3070b5438a
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:29:01 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/24 02:21:01
+ [scp.c]
+ when copying local->remote fails during read, don't send uninitialised
+ heap to the remote end. Reported by Jann Horn
+
+commit 19439e9a2a0ac0b4b3b1210e89695418beb1c883
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:28:40 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/24 02:19:48
+ [ssh.c]
+ don't fatal() when hostname canonicalisation fails with a
+ ProxyCommand in use; continue and allow the ProxyCommand to
+ connect anyway (e.g. to a host with a name outside the DNS
+ behind a bastion)
+
+commit 8668706d0f52654fe64c0ca41a96113aeab8d2b8
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 15:28:02 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/24 01:13:21
+ [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
+ [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
+ [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
+ [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
+ [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
+ [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
+ [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
+ [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
+ [sshconnect2.c sshd.c sshkey.c sshkey.h
+ [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
+ New key API: refactor key-related functions to be more library-like,
+ existing API is offered as a set of wrappers.
+
+ with and ok markus@
+
+ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
+ Dempsky and Ron Bowes for a detailed review a few months ago.
+
+ NB. This commit also removes portable OpenSSH support for OpenSSL
+ <0.9.8e.
+
+commit 2cd7929250cf9e9f658d70dcd452f529ba08c942
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 12:48:30 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/24 00:52:02
+ [krl.c]
+ fix bug in KRL generation: multiple consecutive revoked certificate
+ serial number ranges could be serialised to an invalid format.
+
+ Readers of a broken KRL caused by this bug will fail closed, so no
+ should-have-been-revoked key will be accepted.
+
+commit 99db840ee8dbbd2b3fbc6c45d0ee2f6a65e96898
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 12:48:04 2014 +1000
+
+ - naddy@cvs.openbsd.org 2014/06/18 15:42:09
+ [sshbuf-getput-crypto.c]
+ The ssh_get_bignum functions must accept the same range of bignums
+ the corresponding ssh_put_bignum functions create. This fixes the
+ use of 16384-bit RSA keys (bug reported by Eivind Evensen).
+ ok djm@
+
+commit 84a89161a9629239b64171ef3e22ef6a3e462d51
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 12:47:48 2014 +1000
+
+ - matthew@cvs.openbsd.org 2014/06/18 02:59:13
+ [sandbox-systrace.c]
+ Now that we have a dedicated getentropy(2) system call for
+ arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace
+ sandbox.
+
+ ok djm
+
+commit 51504ceec627c0ad57b9f75585c7b3d277f326be
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jul 2 12:47:25 2014 +1000
+
+ - deraadt@cvs.openbsd.org 2014/06/13 08:26:29
+ [sandbox-systrace.c]
+ permit SYS_getentropy
+ from matthew
+
+commit a261b8df59117f7dc52abb3a34b35a40c2c9fa88
+Author: Tim Rice <tim@multitalents.net>
+Date: Wed Jun 18 16:17:28 2014 -0700
+
+ - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
+
+commit 316fac6f18f87262a315c79bcf68b9f92c9337e4
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jun 17 23:06:07 2014 +1000
+
+ - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
+ openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
+ Move the OpenSSL header/library version test into its own function and add
+ tests for it. Fix it to allow fix version upgrades (but not downgrades).
+ Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
+ ok djm@ chl@
+
+commit af665bb7b092a59104db1e65577851cf35b86e32
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jun 16 22:50:55 2014 +1000
+
+ - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via
+ OpenSMTPD and chl@
+
+commit f9696566fb41320820f3b257ab564fa321bb3751
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jun 13 11:06:04 2014 +1000
+
+ - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
+ been removed from sshd.c.
+
+commit 5e2b8894b0b24af4ad0a2f7aa33ebf255df7a8bc
+Author: Tim Rice <tim@multitalents.net>
+Date: Wed Jun 11 18:31:10 2014 -0700
+
+ - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for
+ u_intXX_t types.
+
+commit 985ee2cbc3e43bc65827c3c0d4df3faa99160c37
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 12 05:32:29 2014 +1000
+
+ - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*]
+ Wrap stdlib.h include an ifdef for platforms that don't have it.
+
+commit cf5392c2db2bb1dbef9818511d34056404436109
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 12 05:22:49 2014 +1000
+
+ - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from
+ openbsd-compat/bsd-asprintf.c.
+
+commit 58538d795e0b662f2f4e5a7193f1204bbe992ddd
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 13:39:24 2014 +1000
+
+ - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for
+ compat stuff, specifically whether or not OpenSSL has ECC.
+
+commit eb012ac581fd0abc16ee86ee3a68cf07c8ce4d08
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 13:10:00 2014 +1000
+
+ - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an
+ assigment that might get optimized out. ok djm@
+
+commit b9609fd86c623d6d440e630f5f9a63295f7aea20
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 08:04:02 2014 +1000
+
+ - (dtucker) [sshbuf.h] Only declare ECC functions if building without
+ OpenSSL or if OpenSSL has ECC.
+
+commit a54a040f66944c6e8913df8635a01a2327219be9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 07:58:35 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/06/10 21:46:11
+ [sshbuf.h]
+ Group ECC functions together to make things a little easier in -portable.
+ "doesn't bother me" deraadt@
+
+commit 9f92c53bad04a89067756be8198d4ec2d8a08875
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 07:57:58 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/06/05 22:17:50
+ [sshconnect2.c]
+ fix inverted test that caused PKCS#11 keys that were explicitly listed
+ not to be preferred. Reported by Dirk-Willem van Gulik
+
+commit 15c254a25394f96643da2ad0f674acdc51e89856
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 07:38:49 2014 +1000
+
+ - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef
+ ECC variable too.
+
+commit d7af0cc5bf273eeed0897a99420bc26841d07d8f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 07:37:25 2014 +1000
+
+ - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
+ the proposal if the version of OpenSSL we're using doesn't support ECC.
+
+commit 67508ac2563c33d582be181a3e777c65f549d22f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 11 06:27:16 2014 +1000
+
+ - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
+ regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256
+ curve tests if OpenSSL has them.
+
+commit 6482d90a65459a88c18c925368525855832272b3
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue May 27 14:34:42 2014 +1000
+
+ - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
+ [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
+ separation user at runtime, since it may need to be a domain account.
+ Patch from Corinna Vinschen.
+
+commit f9eb5e0734f7a7f6e975809eb54684d2a06a7ffc
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue May 27 14:31:58 2014 +1000
+
+ - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config
+ from Corinna Vinschen, fixing a number of bugs and preparing for
+ Cygwin 1.7.30.
+
+commit eae88744662e6b149f43ef071657727f1a157d95
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue May 27 14:27:02 2014 +1000
+
+ - (djm) [cipher.c] Fix merge botch.
+
+commit 564b5e253c1d95c26a00e8288f0089a2571661c3
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 22 08:23:59 2014 +1000
+
+ - (djm) [Makefile.in] typo in path
+
+commit e84d10302aeaf7a1acb05c451f8718143656856a
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed May 21 17:13:36 2014 +1000
+
+ revert a diff I didn't mean to commit
+
+commit 795b86313f1f1aab9691666c4f2d5dae6e4acd50
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed May 21 17:12:53 2014 +1000
+
+ - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC
+ when it is available. It takes into account time spent suspended,
+ thereby ensuring timeouts (e.g. for expiring agent keys) fire
+ correctly. bz#2228 reported by John Haxby
+
+commit 18912775cb97c0b1e75e838d3c7d4b56648137b5
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed May 21 17:06:46 2014 +1000
+
+ - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
+ vhangup on Linux. It doens't work for non-root users, and for them
+ it just messes up the tty settings.
+
+commit 7f1c264d3049cd95234e91970ccb5406e1d15b27
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 18:01:52 2014 +1000
+
+ - (djm) [sshbuf.c] need __predict_false
+
+commit e7429f2be8643e1100380a8a7389d85cc286c8fe
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 18:01:01 2014 +1000
+
+ - (djm) [regress/Makefile Makefile.in]
+ [regress/unittests/sshbuf/test_sshbuf.c
+ [regress/unittests/sshbuf/test_sshbuf_fixed.c]
+ [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
+ [regress/unittests/sshbuf/test_sshbuf_misc.c]
+ [regress/unittests/sshbuf/tests.c]
+ [regress/unittests/test_helper/fuzz.c]
+ [regress/unittests/test_helper/test_helper.c]
+ Hook new unit tests into the build and "make tests"
+
+commit def1de086707b0e6b046fe7e115c60aca0227a99
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 15:17:15 2014 +1000
+
+ - (djm) [regress/unittests/Makefile]
+ [regress/unittests/Makefile.inc]
+ [regress/unittests/sshbuf/Makefile]
+ [regress/unittests/sshbuf/test_sshbuf.c]
+ [regress/unittests/sshbuf/test_sshbuf_fixed.c]
+ [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
+ [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
+ [regress/unittests/sshbuf/test_sshbuf_misc.c]
+ [regress/unittests/sshbuf/tests.c]
+ [regress/unittests/test_helper/Makefile]
+ [regress/unittests/test_helper/fuzz.c]
+ [regress/unittests/test_helper/test_helper.c]
+ [regress/unittests/test_helper/test_helper.h]
+ Import new unit tests from OpenBSD; not yet hooked up to build.
+
+commit 167685756fde8bc213a8df2c8e1848e312db0f46
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 15:08:40 2014 +1000
+
+ - logan@cvs.openbsd.org 2014/05/04 10:40:59
+ [connect-privsep.sh]
+ Remove the Z flag from the list of malloc options as it
+ was removed from malloc.c 10 days ago.
+
+ OK from miod@
+
+commit d0b69fe90466920d69c96069312e24b581771bd7
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 15:08:19 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/05/03 18:46:14
+ [proxy-connect.sh]
+ Add tests for with and without compression, with and without privsep.
+
+commit edb1af50441d19fb2dd9ccb4d75bf14473fca584
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 15:07:53 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/21 22:15:37
+ [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
+ repair regress tests broken by server-side default cipher/kex/mac changes
+ by ensuring that the option under test is included in the server's
+ algorithm list
+
+commit 54343e95c70994695f8842fb22836321350198d3
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 15:07:33 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/03/13 20:44:49
+ [login-timeout.sh]
+ this test is a sorry mess of race conditions; add another sleep
+ to avoid a failure on slow machines (at least until I find a
+ better way)
+
+commit e5b9f0f2ee6e133894307e44e862b66426990733
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:58:07 2014 +1000
+
+ - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
+ [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
+
+commit b9c566788a9ebd6a9d466f47a532124f111f0542
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:43:37 2014 +1000
+
+ - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
+ portability glue to support building without libcrypto
+
+commit 3dc27178b42234b653a32f7a87292d7994045ee3
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:37:59 2014 +1000
+
+ - logan@cvs.openbsd.org 2014/05/05 07:02:30
+ [sftp.c]
+ Zap extra whitespace.
+
+ OK from djm@ and dtucker@
+
+commit c31a0cd5b31961f01c5b731f62a6cb9d4f767472
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:37:39 2014 +1000
+
+ - markus@cvs.openbsd.org 2014/05/03 17:20:34
+ [monitor.c packet.c packet.h]
+ unbreak compression, by re-init-ing the compression code in the
+ post-auth child. the new buffer code is more strict, and requires
+ buffer_init() while the old code was happy after a bzero();
+ originally from djm@
+
+commit 686c7d9ee6f44b2be4128d7860b6b37adaeba733
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:37:03 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/05/02 03:27:54
+ [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
+ [misc.h poly1305.h ssh-pkcs11.c defines.h]
+ revert __bounded change; it causes way more problems for portable than
+ it solves; pointed out by dtucker@
+
+commit 294c58a007cfb2f3bddc4fc3217e255857ffb9bf
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:35:03 2014 +1000
+
+ - naddy@cvs.openbsd.org 2014/04/30 19:07:48
+ [mac.c myproposal.h umac.c]
+ UMAC can use our local fallback implementation of AES when OpenSSL isn't
+ available. Glue code straight from Ted Krovetz's original umac.c.
+ ok markus@
+
+commit 05e82c3b963c33048128baf72a6f6b3a1c10b4c1
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:33:43 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/30 05:29:56
+ [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c]
+ [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c]
+ [ssherr.h]
+ New buffer API; the first installment of the conversion/replacement
+ of OpenSSH's internals to make them usable as a standalone library.
+
+ This includes a set of wrappers to make it compatible with the
+ existing buffer API so replacement can occur incrementally.
+
+ With and ok markus@
+
+ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
+ Dempsky and Ron Bowes for a detailed review.
+
+commit 380948180f847a26f2d0c85b4dad3dca2ed2fd8b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:25:18 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/04/29 20:36:51
+ [sftp.c]
+ Don't attempt to append a nul quote char to the filename. Should prevent
+ fatal'ing with "el_insertstr failed" when there's a single quote char
+ somewhere in the string. bz#2238, ok markus@
+
+commit d7fd8bedd4619a2ec7fd02aae4c4e1db4431ad9f
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:24:59 2014 +1000
+
+ - dtucker@cvs.openbsd.org 2014/04/29 19:58:50
+ [sftp.c]
+ Move nulling of variable next to where it's freed. ok markus@
+
+commit 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 14:24:09 2014 +1000
+
+ - markus@cvs.openbsd.org 2014/04/29 18:01:49
+ [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
+ [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
+ [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
+ [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
+ make compiling against OpenSSL optional (make OPENSSL=no);
+ reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
+ allows us to explore further options; with and ok djm
+
+commit c5893785564498cea73cb60d2cf199490483e080
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:48:49 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/29 13:10:30
+ [clientloop.c serverloop.c]
+ bz#1818 - don't send channel success/failre replies on channels that
+ have sent a close already; analysis and patch from Simon Tatham;
+ ok markus@
+
+commit 633de33b192d808d87537834c316dc8b75fe1880
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:48:26 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/28 03:09:18
+ [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
+ [ssh-keygen.c]
+ buffer_get_string_ptr's return should be const to remind
+ callers that futzing with it will futz with the actual buffer
+ contents
+
+commit 15271907843e4ae50dcfc83b3594014cf5e9607b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:47:56 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/23 12:42:34
+ [readconf.c]
+ don't record duplicate IdentityFiles
+
+commit 798a02568b13a2e46efebd81f08c8f4bb33a6dc7
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:47:37 2014 +1000
+
+ - jmc@cvs.openbsd.org 2014/04/22 14:16:30
+ [sftp.1]
+ zap eol whitespace;
+
+commit d875ff78d2b8436807381051de112f0ebf9b9ae1
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:47:15 2014 +1000
+
+ - logan@cvs.openbsd.org 2014/04/22 12:42:04
+ [sftp.1]
+ Document sftp upload resume.
+ OK from djm@, with feedback from okan@.
+
+commit b15cd7bb097fd80dc99520f45290ef775da1ef19
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:46:52 2014 +1000
+
+ - logan@cvs.openbsd.org 2014/04/22 10:07:12
+ [sftp.c]
+ Sort the sftp command list.
+ OK from djm@
+
+commit d8accc0aa72656ba63d50937165c5ae49db1dcd6
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:46:25 2014 +1000
+
+ - logan@cvs.openbsd.org 2014/04/21 14:36:16
+ [sftp-client.c sftp-client.h sftp.c]
+ Implement sftp upload resume support.
+ OK from djm@, with input from guenther@, mlarkin@ and
+ okan@
+
+commit 16cd3928a87d20c77b13592a74b60b08621d3ce6
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:45:58 2014 +1000
+
+ - logan@cvs.openbsd.org 2014/04/20 09:24:26
+ [dns.c dns.h ssh-keygen.c]
+ Add support for SSHFP DNS records for ED25519 key types.
+ OK from djm@
+
+commit ec0b67eb3b4e12f296ced1fafa01860c374f7eea
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 15 13:45:26 2014 +1000
+
+ - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine
+ OpenBSD
+
+commit f028460d0b2e5a584355321015cde69bf6fd933e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 1 02:24:35 2014 +1000
+
+ - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
+ have it. Only attempt to use __attribute__(__bounded__) for gcc.
+
+commit b628cc4c3e4a842bab5e4584d18c2bc5fa4d0edf
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:33:58 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/20 02:49:32
+ [compat.c]
+ add a canonical 6.6 + curve25519 bignum fix fake version that I can
+ recommend people use ahead of the openssh-6.7 release
+
+commit 888566913933a802f3a329ace123ebcb7154cf78
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:33:19 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/20 02:30:25
+ [misc.c misc.h umac.c]
+ use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
+ strict-alignment architectures; reported by and ok stsp@
+
+commit 16f85cbc7e5139950e6a38317e7c8b368beafa5d
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:29:28 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/04/19 18:42:19
+ [ssh.1]
+ delete .xr to hosts.equiv. there's still an unfortunate amount of
+ documentation referring to rhosts equivalency in here.
+
+commit 69cb24b7356ec3f0fc5ff04a68f98f2c55c766f4
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:29:06 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/04/19 18:15:16
+ [sshd.8]
+ remove some really old rsh references
+
+commit 84c1e7bca8c4ceaccf4d5557e39a833585a3c77e
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:27:53 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/04/19 14:53:48
+ [ssh-keysign.c sshd.c]
+ Delete futile calls to RAND_seed. ok djm
+ NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
+
+commit 0e6b67423b8662f9ca4c92750309e144fd637ef1
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:27:01 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/19 05:54:59
+ [compat.c]
+ missing wildcard; pointed out by naddy@
+
+commit 9395b28223334826837c15e8c1bb4dfb3b0d2ca5
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:25:30 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/18 23:52:25
+ [compat.c compat.h sshconnect2.c sshd.c version.h]
+ OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
+ using the curve25519-sha256@libssh.org KEX exchange method to fail
+ when connecting with something that implements the spec properly.
+
+ Disable this KEX method when speaking to one of the affected
+ versions.
+
+ reported by Aris Adamantiadis; ok markus@
+
+commit 8c492da58f8ceb85cf5f7066f23e26fb813a963d
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:25:09 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/16 23:28:12
+ [ssh-agent.1]
+ remove the identity files from this manpage - ssh-agent doesn't deal
+ with them at all and the same information is duplicated in ssh-add.1
+ (which does deal with them); prodded by deraadt@
+
+commit adbfdbbdccc70c9bd70d81ae096db115445c6e26
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:24:49 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/16 23:22:45
+ [bufaux.c]
+ skip leading zero bytes in buffer_put_bignum2_from_string();
+ reported by jan AT mojzis.com; ok markus@
+
+commit 75c62728dc87af6805696eeb520b9748faa136c8
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:24:31 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/12 04:55:53
+ [sshd.c]
+ avoid crash at exit: check that pmonitor!=NULL before dereferencing;
+ bz#2225, patch from kavi AT juniper.net
+
+commit 2a328437fb1b0976f2f4522d8645803d5a5d0967
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:24:01 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/01 05:32:57
+ [packet.c]
+ demote a debug3 to PACKET_DEBUG; ok markus@
+
+commit 7d6a9fb660c808882d064e152d6070ffc3844c3f
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:23:43 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/01 03:34:10
+ [sshconnect.c]
+ When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
+ certificate keys to plain keys and attempt SSHFP resolution.
+
+ Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
+ dialog by offering only certificate keys.
+
+ Reported by mcv21 AT cam.ac.uk
+
+commit fcd62c0b66b8415405ed0af29c236329eb88cc0f
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:23:21 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/04/01 02:05:27
+ [ssh-keysign.c]
+ include fingerprint of key not found
+ use arc4random_buf() instead of loop+arc4random()
+
+commit 43b156cf72f900f88065b0a1c1ebd09ab733ca46
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:23:03 2014 +1000
+
+ - jmc@cvs.openbsd.org 2014/03/31 13:39:34
+ [ssh-keygen.1]
+ the text for the -K option was inserted in the wrong place in -r1.108;
+ fix From: Matthew Clarke
+
+commit c1621c84f2dc1279065ab9fde2aa9327af418900
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:22:46 2014 +1000
+
+ - naddy@cvs.openbsd.org 2014/03/28 05:17:11
+ [ssh_config.5 sshd_config.5]
+ sync available and default algorithms, improve algorithm list formatting
+ help from jmc@ and schwarze@, ok deraadt@
+
+commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:22:18 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/03/26 19:58:37
+ [sshd.8 sshd.c]
+ remove libwrap support. ok deraadt djm mfriedl
+
+commit 4f40209aa4060b9c066a2f0d9332ace7b8dfb391
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:21:22 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/03/26 04:55:35
+ [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
+ [misc.h poly1305.h ssh-pkcs11.c]
+ use __bounded(...) attribute recently added to sys/cdefs.h instead of
+ longform __attribute__(__bounded(...));
+
+ for brevity and a warning free compilation with llvm/clang
+
+commit 9235a030ad1b16903fb495d81544e0f7c7449523
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:17:20 2014 +1000
+
+ Three commits in one (since they touch the same heavily-diverged file
+ repeatedly):
+
+ - markus@cvs.openbsd.org 2014/03/25 09:40:03
+ [myproposal.h]
+ trimm default proposals.
+
+ This commit removes the weaker pre-SHA2 hashes, the broken ciphers
+ (arcfour), and the broken modes (CBC) from the default configuration
+ (the patch only changes the default, all the modes are still available
+ for the config files).
+
+ ok djm@, reminded by tedu@ & naddy@ and discussed with many
+ - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
+ [myproposal.h]
+ The current sharing of myproposal[] between both client and server code
+ makes the previous diff highly unpallatable. We want to go in that
+ direction for the server, but not for the client. Sigh.
+ Brought up by naddy.
+ - markus@cvs.openbsd.org 2014/03/27 23:01:27
+ [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+ disable weak proposals in sshd, but keep them in ssh; ok djm@
+
+commit 6e1777f592f15f4559728c78204617537b1ac076
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:02:58 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/03/19 14:42:44
+ [scp.1]
+ there is no need for rcp anymore
+ ok deraadt millert
+
+commit eb1b7c514d2a7b1802ccee8cd50e565a4d419887
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:02:26 2014 +1000
+
+ - tedu@cvs.openbsd.org 2014/03/17 19:44:10
+ [ssh.1]
+ old descriptions of des and blowfish are old. maybe ok deraadt
+
+commit f0858de6e1324ec730752387074b111b8551081e
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:01:30 2014 +1000
+
+ - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
+ [ssh-agent.c ssh-keygen.1 ssh-keygen.c]
+ Improve usage() and documentation towards the standard form.
+ In particular, this line saves a lot of man page reading time.
+ usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
+ [-N new_passphrase] [-C comment] [-f output_keyfile]
+ ok schwarze jmc
+
+commit 94bfe0fbd6e91a56b5b0ab94ac955d2a67d101aa
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:00:51 2014 +1000
+
+ - naddy@cvs.openbsd.org 2014/03/12 13:06:59
+ [ssh-keyscan.1]
+ scan for Ed25519 keys by default too
+
+commit 3819519288b2b3928c6882f5883b0f55148f4fc0
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:00:28 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/03/12 04:51:12
+ [authfile.c]
+ correct test that kdf name is not "none" or "bcrypt"
+
+commit 8f9cd709c7cf0655d414306a0ed28306b33802be
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 13:00:11 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/03/12 04:50:32
+ [auth-bsdauth.c ssh-keygen.c]
+ don't count on things that accept arguments by reference to clear
+ things for us on error; most things do, but it's unsafe form.
+
+commit 1c7ef4be83f6dec84509a312518b9df00ab491d9
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 12:59:46 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/03/12 04:44:58
+ [ssh-keyscan.c]
+ scan for Ed25519 keys by default too
+
+commit c10bf4d051c97939b30a1616c0499310057d07da
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Apr 20 12:58:04 2014 +1000
+
+ - djm@cvs.openbsd.org 2014/03/03 22:22:30
+ [session.c]
+ ignore enviornment variables with embedded '=' or '\0' characters;
+ spotted by Jann Horn; ok deraadt@
+ Id sync only - portable already has this.
+
+commit c2e49062faccbcd7135c40d1c78c5c329c58fc2e
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 1 14:42:46 2014 +1100
+
+ - (djm) Use full release (e.g. 6.5p1) in debug output rather than just
+ version. From des@des.no
+
+commit 14928b7492abec82afa4c2b778fc03f78cd419b6
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 1 14:38:07 2014 +1100
+
+ - (djm) On platforms that support it, use prctl() to prevent sftp-server
+ from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
+
+commit 48abc47e60048461fe9117e108a7e99ea1ac2bb8
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Mar 17 14:45:56 2014 +1100
+
+ - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to
+ remind myself to add sandbox violation logging via the log socket.
+
+commit 9c36698ca2f554ec221dc7ef29c7a89e97c88705
+Author: Tim Rice <tim@multitalents.net>
+Date: Fri Mar 14 12:45:01 2014 -0700
+
+ 20140314
+ - (tim) [opensshd.init.in] Add support for ed25519
+
+commit 19158b2447e35838d69b2b735fb640d1e86061ea
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Mar 13 13:14:21 2014 +1100
+
+ - (djm) Release OpenSSH 6.6
+
+commit 8569eba5d7f7348ce3955eeeb399f66f25c52ece
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 4 09:35:17 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/03/03 22:22:30
+ [session.c]
+ ignore enviornment variables with embedded '=' or '\0' characters;
+ spotted by Jann Horn; ok deraadt@
+
+commit 2476c31b96e89aec7d4e73cb6fbfb9a4290de3a7
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Mar 2 04:01:00 2014 +1100
+
+ - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
+ no moduli file exists at the expected location.
+
+commit c83fdf30e9db865575b2521b1fe46315cf4c70ae
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:34:03 2014 +1100
+
+ - (djm) [regress/host-expand.sh] Add RCS Id
+
+commit 834aeac3555e53f7d29a6fcf3db010dfb99681c7
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:25:16 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/27 21:21:25
+ [agent-ptrace.sh agent.sh]
+ keep return values that are printed in error messages;
+ from portable
+ (Id sync only)
+
+commit 4f7f1a9a0de24410c30952c7e16d433240422182
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:24:11 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/27 20:04:16
+ [login-timeout.sh]
+ remove any existing LoginGraceTime from sshd_config before adding
+ a specific one for the test back in
+
+commit d705d987c27f68080c8798eeb5262adbdd6b4ffd
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:23:26 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/26 10:49:17
+ [scp-ssh-wrapper.sh scp.sh]
+ make sure $SCP is tested on the remote end rather than whichever one
+ happens to be in $PATH; from portable
+ (Id sync only)
+
+commit 624a3ca376e3955a4b9d936c9e899e241b65d357
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:22:37 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/26 10:22:10
+ [regress/cert-hostkey.sh]
+ automatically generate revoked keys from listed keys rather than
+ manually specifying each type; from portable
+ (Id sync only)
+
+commit b84392328425e4b9a71f8bde5fe6a4a4c48d3ec4
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:21:26 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
+ [regress/Makefile regress/dhgex.sh]
+ Add a test for DH GEX sizes
+
+commit 1e2aa3d90472293ea19008f02336d6d68aa05793
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:19:51 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
+ [sftp-chroot.sh]
+ append to rather than truncating the log file
+
+commit f483cc16fe7314e24a37aa3a4422b03c013c3213
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:19:11 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/19 23:43:02
+ [regress/sftp-chroot.sh]
+ Don't use -q on sftp as it suppresses logging, instead redirect the
+ output to the regress logfile.
+
+commit 6486f16f1c0ebd6f39286f6ab5e08286d90a994a
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:03:52 2014 +1100
+
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers
+
+commit 92cf5adea194140380e6af6ec32751f9ad540794
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:01:53 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/27 22:57:40
+ [version.h]
+ openssh-6.6
+
+commit fc5d6759aba71eb205b296b5f148010ffc828583
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:01:28 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/27 22:47:07
+ [sshd_config.5]
+ bz#2184 clarify behaviour of a keyword that appears in multiple
+ matching Match blocks; ok dtucker@
+
+commit 172ec7e0af1a5f1d682f6a2dca335c6c186153d5
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:00:57 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/27 08:25:09
+ [bufbn.c]
+ off by one in range check
+
+commit f9a9aaba437c2787e40cf7cc928281950e161678
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 28 10:00:27 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/27 00:41:49
+ [bufbn.c]
+ fix unsigned overflow that could lead to reading a short ssh protocol
+ 1 bignum value; found by Ben Hawkes; ok deraadt@
+
+commit fb3423b612713d9cde67c8a75f6f51188d6a3de3
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 27 10:20:07 2014 +1100
+
+ - markus@cvs.openbsd.org 2014/02/26 21:53:37
+ [sshd.c]
+ ssh_gssapi_prepare_supported_oids needs GSSAPI
+
+commit 1348129a34f0f7728c34d86c100a32dcc8d1f922
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 27 10:18:32 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/26 20:29:29
+ [channels.c]
+ don't assume that the socks4 username is \0 terminated;
+ spotted by Ben Hawkes; ok markus@
+
+commit e6a74aeeacd01d885262ff8e50eb28faee8c8039
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 27 10:17:49 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/26 20:28:44
+ [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
+ bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
+ sandboxing, as running this code in the sandbox can cause violations;
+ ok markus@
+
+commit 08b57c67f3609340ff703fe2782d7058acf2529e
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 27 10:17:13 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/26 20:18:37
+ [ssh.c]
+ bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
+ ok dtucker@ markus@
+
+commit 13f97b2286142fd0b8eab94e4ce84fe124eeb752
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Feb 24 15:57:55 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/23 20:11:36
+ [readconf.c readconf.h ssh.c ssh_config.5]
+ reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
+ the hostname. This allows users to write configurations that always
+ refer to canonical hostnames, e.g.
+
+ CanonicalizeHostname yes
+ CanonicalDomains int.example.org example.org
+ CanonicalizeFallbackLocal no
+
+ Host *.int.example.org
+ Compression off
+ Host *.example.org
+ User djm
+
+ ok markus@
+
+commit bee3a234f3d1ad4244952bcff1b4b7c525330dc2
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Feb 24 15:57:22 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/23 20:03:42
+ [ssh-ed25519.c]
+ check for unsigned overflow; not reachable in OpenSSH but others might
+ copy our code...
+
+commit 0628780abe61e7e50cba48cdafb1837f49ff23b2
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Feb 24 15:56:45 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/22 01:32:19
+ [readconf.c]
+ when processing Match blocks, skip 'exec' clauses if previous predicates
+ failed to match; ok markus@
+
+commit 0890dc8191bb201eb01c3429feec0300a9d3a930
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Feb 24 15:56:07 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/15 23:05:36
+ [channels.c]
+ avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
+ bz#2200, debian#738692 via Colin Watson; ok dtucker@
+
+commit d3cf67e1117c25d151d0f86396e77ee3a827045a
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Feb 24 15:55:36 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/07 06:55:54
+ [cipher.c mac.c]
+ remove some logging that makes ssh debugging output very verbose;
+ ok markus
+
+commit 03ae081aeaa118361c81ece76eb7cc1aaa2b40c5
+Author: Tim Rice <tim@multitalents.net>
+Date: Fri Feb 21 09:09:34 2014 -0800
+
+ 20140221
+ - (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
+
+commit 4a20959d2e3c90e9d66897c0b4032c785672d815
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Feb 13 16:38:32 2014 +1100
+
+ - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
+ code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
+
+commit d1a7a9c0fd1ac2e3314cceb2891959fd2cd9eabb
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 7 09:24:33 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/06 22:21:01
+ [sshconnect.c]
+ in ssh_create_socket(), only do the getaddrinfo for BindAddress when
+ BindAddress is actually specified. Fixes regression in 6.5 for
+ UsePrivilegedPort=yes; patch from Corinna Vinschen
+
+commit 6ce35b6cc4ead1bf98abec34cb2e2d6ca0abb15e
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 7 09:24:14 2014 +1100
+
+ - naddy@cvs.openbsd.org 2014/02/05 20:13:25
+ [ssh-keygen.1 ssh-keygen.c]
+ tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
+ while here, fix ordering in usage(); requested by jmc@
+
+commit 6434cb2cfbbf0a46375d2d22f2ff9927feb5e478
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 6 11:17:50 2014 +1100
+
+ - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
+ __NR_shutdown; some go via the socketcall(2) multiplexer.
+
+commit 8d36f9ac71eff2e9f5770c0518b73d875f270647
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Feb 6 10:44:13 2014 +1100
+
+ - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
+ before freeing since free(NULL) is a no-op. ok djm.
+
+commit a0959da3680b4ce8cf911caf3293a6d90f88eeb7
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Feb 5 10:33:45 2014 +1100
+
+ - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
+ headers/libc but not supported by the kernel. Patch from Loganaden
+ Velvindron @ AfriNIC
+
+commit 9c449bc183b256c84d8f740727b0bc54d247b15e
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:38:28 2014 +1100
+
+ - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
+
+commit bf7e0f03be661b6f5b3bfe325135ce19391f9c4d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:37:50 2014 +1100
+
+ - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
+
+commit eb6d870a0ea8661299bb2ea8f013d3ace04e2024
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:26:34 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/04 00:24:29
+ [ssh.c]
+ delay lowercasing of hostname until right before hostname
+ canonicalisation to unbreak case-sensitive matching of ssh_config;
+ reported by Ike Devolder; ok markus@
+
+commit d56b44d2dfa093883a5c4e91be3f72d99946b170
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:26:04 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/04 00:24:29
+ [ssh.c]
+ delay lowercasing of hostname until right before hostname
+ canonicalisation to unbreak case-sensitive matching of ssh_config;
+ reported by Ike Devolder; ok markus@
+
+commit db3c595ea74ea9ccd5aa644d7e1f8dc675710731
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:25:45 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/02 03:44:31
+ [digest-libc.c digest-openssl.c]
+ convert memset of potentially-private data to explicit_bzero()
+
+commit aae07e2e2000dd318418fd7fd4597760904cae32
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:20:40 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/03 23:28:00
+ [ssh-ecdsa.c]
+ fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
+ DSA_SIG_new. Reported by Batz Spear; ok markus@
+
+commit a5103f413bde6f31bff85d6e1fd29799c647d765
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:20:14 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/02/02 03:44:32
+ [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
+ [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
+ [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
+ [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
+ [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
+ [sshd.c]
+ convert memset of potentially-private data to explicit_bzero()
+
+commit 1d2c4564265ee827147af246a16f3777741411ed
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:18:20 2014 +1100
+
+ - tedu@cvs.openbsd.org 2014/01/31 16:39:19
+ [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
+ [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
+ [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
+ [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
+ [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
+ replace most bzero with explicit_bzero, except a few that cna be memset
+ ok djm dtucker
+
+commit 3928de067c286683a95fbdbdb5fdb3c78a0e5efd
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:13:54 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/30 22:26:14
+ [sandbox-systrace.c]
+ allow shutdown(2) syscall in sandbox - it may be called by packet_close()
+ from portable
+ (Id sync only; change is already in portable)
+
+commit e1e480aee8a9af6cfbe7188667b7b940d6b57f9f
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:13:17 2014 +1100
+
+ - jmc@cvs.openbsd.org 2014/01/29 14:04:51
+ [sshd_config.5]
+ document kbdinteractiveauthentication;
+ requested From: Ross L Richardson
+
+ dtucker/markus helped explain its workings;
+
+commit 7cc194f70d4a5ec9a82d19422eaf18db4a6624c6
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:12:56 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/29 06:18:35
+ [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
+ [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
+ [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
+ remove experimental, never-enabled JPAKE code; ok markus@
+
+commit b0f26544cf6f4feeb1a4f6db09fca834f5c9867d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:10:01 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/29 00:19:26
+ [sshd.c]
+ use kill(0, ...) instead of killpg(0, ...); on most operating systems
+ they are equivalent, but SUSv2 describes the latter as having undefined
+ behaviour; from portable; ok dtucker
+ (Id sync only; change is already in portable)
+
+commit f8f35bc471500348bb262039fb1fc43175d251b0
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:09:12 2014 +1100
+
+ - jmc@cvs.openbsd.org 2014/01/28 14:13:39
+ [ssh-keyscan.1]
+ kill some bad Pa;
+ From: Jan Stary
+
+commit 0ba85d696ae9daf66002c2e4ab0d6bb111e1a787
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:08:38 2014 +1100
+
+ ignore a few more regress droppings
+
+commit ec93d15170b7a6ddf63fd654bd0f6a752acc19dd
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:07:13 2014 +1100
+
+ - markus@cvs.openbsd.org 2014/01/27 20:13:46
+ [digest.c digest-openssl.c digest-libc.c Makefile.in]
+ rename digest.c to digest-openssl.c and add libc variant; ok djm@
+
+commit 4a1c7aa640fb97d3472d51b215b6a0ec0fd025c7
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:03:36 2014 +1100
+
+ - markus@cvs.openbsd.org 2014/01/27 19:18:54
+ [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
+ replace openssl MD5 with our ssh_digest_*; ok djm@
+
+commit 4e8d937af79ce4e253f77ec93489d098b25becc3
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 4 11:02:42 2014 +1100
+
+ - markus@cvs.openbsd.org 2014/01/27 18:58:14
+ [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
+ replace openssl HMAC with an implementation based on our ssh_digest_*
+ ok and feedback djm@
+
+commit 69d0d09f76bab5aec86fbf78489169f63bd16475
+Author: Tim Rice <tim@multitalents.net>
+Date: Fri Jan 31 14:25:18 2014 -0800
+
+ - (tim) [Makefile.in] build regress/setuid-allow.
+
+commit 0eeafcd76b972a3d159f3118227c149a4d7817fe
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 31 14:18:51 2014 +1100
+
+ - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
+ build with HP-UX's compiler. Patch from Kevin Brott.
+
+commit 7e5cec6070673e9f9785ffc749837ada22fbe99f
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 31 09:25:34 2014 +1100
+
+ - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
+ syscall from sandboxes; it may be called by packet_close.
+
+commit cdb6c90811caa5df2df856be9b0b16db020fe31d
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 30 12:50:17 2014 +1100
+
+ - (djm) Release openssh-6.5p1
+
+commit 996ea80b1884b676a901439f1f2681eb6ff68501
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 30 12:49:55 2014 +1100
+
+ trim entries prior to openssh-6.0p1
+
+commit f5bbd3b657b6340551c8a95f74a70857ff8fac79
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 30 11:26:46 2014 +1100
+
+ - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
+ different symbols for 'read' when various compiler flags are
+ in use, causing atomicio.c comparisons against it to break and
+ read/write operations to hang; ok dtucker
+
+commit c2868192ddc4e1420a50389e18c05db20b0b1f32
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 30 10:21:19 2014 +1100
+
+ - (djm) [configure.ac] Only check for width-specified integer types
+ in headers that actually exist. patch from Tom G. Christensen;
+ ok dtucker@
+
+commit c161fc90fc86e2035710570238a9e1ca7a68d2a5
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jan 29 21:01:33 2014 +1100
+
+ - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
+ Tom G. Christensen
+
+commit 6f917ad376481995ab7d29fb53b08ec8d507eb9e
+Author: Tim Rice <tim@multitalents.net>
+Date: Tue Jan 28 10:26:25 2014 -0800
+
+ - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
+ when used as an error message inside an if statement so we display the
+ correct into. agent.sh patch from Petr Lautrbach.
+
+commit ab16ef4152914d44ce6f76e48167d26d22f66a06
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 28 15:08:12 2014 +1100
+
+ - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
+ latter being specified to have undefined behaviour in SUSv3;
+ ok dtucker
+
+commit ab0394905884dc6e58c3721211c6b38fb8fc2ca8
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 28 15:07:10 2014 +1100
+
+ - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
+ ok dtucker
+
+commit 4ab20a82d4d4168d62318923f62382f6ef242fcd
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jan 27 17:35:04 2014 +1100
+
+ - (dtucker) [Makefile.in] Remove trailing backslash which some make
+ implementations (eg older Solaris) do not cope with.
+
+commit e7e8b3cfe9f8665faaf0e68b33df5bbb431bd129
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jan 27 17:32:50 2014 +1100
+
+ Welcome to 2014
+
+commit 5b447c0aac0dd444251e276f6bb3bbbe1c05331c
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jan 26 09:46:53 2014 +1100
+
+ - (djm) [configure.ac] correct AC_DEFINE for previous.
+
+commit 2035b2236d3b1f76c749c642a43e03c85eae76e6
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jan 26 09:39:53 2014 +1100
+
+ - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
+ RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
+ libc will attempt to open additional file descriptors for crypto
+ offload and crash if they cannot be opened.
+
+commit a92ac7410475fbb00383c7402aa954dc0a75ae19
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jan 26 09:38:03 2014 +1100
+
+ - markus@cvs.openbsd.org 2014/01/25 20:35:37
+ [kex.c]
+ dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
+ ok dtucker@, noted by mancha
+
+commit 76eea4ab4e658670ca6e76dd1e6d17f262208b57
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jan 26 09:37:25 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/25 10:12:50
+ [cipher.c cipher.h kex.c kex.h kexgexc.c]
+ Add a special case for the DH group size for 3des-cbc, which has an
+ effective strength much lower than the key size. This causes problems
+ with some cryptlib implementations, which don't support group sizes larger
+ than 4k but also don't use the largest group size it does support as
+ specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
+ reduced by me with input from Markus. ok djm@ markus@
+
+commit 603b8f47f1cd9ed95a2017447db8e60ca6704594
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 25 13:16:59 2014 +1100
+
+ - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
+ against the correct thing.
+
+commit c96d85376d779b6ac61525b5440010d344d2f23f
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 25 13:12:28 2014 +1100
+
+ - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
+ sys/capability.h exists and cap_rights_limit is in libc. Fixes
+ build on FreeBSD9x which provides the header but not the libc
+ support.
+
+commit f62ecef9939cb3dbeb10602fd705d4db3976d822
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 25 12:34:38 2014 +1100
+
+ - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
+
+commit b0e0f760b861676a3fe5c40133b270713d5321a9
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 24 14:27:04 2014 +1100
+
+ - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
+ the scp regress test actually test the built scp rather than the one
+ in $PATH. ok dtucker@
+
+commit 42a092530159637da9cb7f9e1b5f4679e34a85e6
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jan 23 23:14:39 2014 +1100
+
+ - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
+ incompatible with OpenBSD's despite post-dating it by more than a decade.
+ Declare it as broken, and document FreeBSD's as the same. ok djm@
+
+commit 617da33c20cb59f9ea6c99c881d92493371ef7b8
+Author: Tim Rice <tim@multitalents.net>
+Date: Wed Jan 22 19:16:10 2014 -0800
+
+ - (tim) [session.c] Improve error reporting on set_id().
+
+commit 5c2ff5e31f57d303ebb414d84a934c02728fa568
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jan 22 21:30:12 2014 +1100
+
+ - (djm) [configure.ac aclocal.m4] More tests to detect fallout from
+ platform hardening options: include some long long int arithmatic
+ to detect missing support functions for -ftrapv in libgcc and
+ equivalents, actually test linking when -ftrapv is supplied and
+ set either both -pie/-fPIE or neither. feedback and ok dtucker@
+
+commit 852472a54b8a0dc3e53786b313baaa86850a4273
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jan 22 16:31:18 2014 +1100
+
+ - (djm) [configure.ac] Unless specifically requested, only attempt
+ to build Position Independent Executables on gcc >= 4.x; ok dtucker
+
+commit ee87838786cef0194db36ae0675b3e7c4e8ec661
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jan 22 16:30:15 2014 +1100
+
+ - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
+ platform that is expected to use the reuse-argv style setproctitle
+ hack surprises us by providing a setproctitle in libc; ok dtucker
+
+commit 5c96a154c7940fa67b1f11c421e390dbbc159f27
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Jan 21 13:10:26 2014 +1100
+
+ - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
+ and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
+ detecting toolchain-related problems; ok dtucker
+
+commit 9464ba6fb34bb42eb3501ec3c5143662e75674bf
+Author: Tim Rice <tim@multitalents.net>
+Date: Mon Jan 20 17:59:28 2014 -0800
+
+ - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
+ with sftp chroot support. Move set_id call after chroot.
+
+commit a6d573caa14d490e6c42fb991bcb5c6860ec704b
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jan 21 12:50:46 2014 +1100
+
+ - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
+ tests in the configure output. ok djm.
+
+commit 096118dc73ab14810b3c12785c0b5acb01ad6123
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jan 21 12:48:51 2014 +1100
+
+ - (dtucker) [configure.ac] Make PIE a configure-time option which defaults
+ to on platforms where it's known to be reliably detected and off elsewhere.
+ Works around platforms such as FreeBSD 9.1 where it does not interop with
+ -ftrapv (it seems to work but fails when trying to link ssh). ok djm@
+
+commit f9df7f6f477792254eab33cdef71a6d66488cb88
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Jan 20 20:07:15 2014 +1100
+
+ - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
+ skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
+
+commit c74e70eb52ccc0082bd5a70b5798bb01c114d138
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jan 20 13:18:09 2014 +1100
+
+ - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
+ implementation does not have krb5_cc_new_unique, similar to what we do
+ in auth-krb5.c.
+
+commit 3510979e83b6a18ec8773c64c3fa04aa08b2e783
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Jan 20 12:41:53 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/20 00:08:48
+ [digest.c]
+ memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
+
+commit 7eee358d7a6580479bee5cd7e52810ebfd03e5b2
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jan 19 22:37:02 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/19 11:21:51
+ [addrmatch.c]
+ Cast the sizeof to socklen_t so it'll work even if the supplied len is
+ negative. Suggested by and ok djm, ok deraadt.
+
+commit b7e01c09b56ab26e8fac56bbce0fd25e36d12bb0
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jan 19 22:36:13 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/19 04:48:08
+ [ssh_config.5]
+ fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
+
+commit 7b1ded04adce42efa25ada7c3a39818d3109b724
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jan 19 15:30:02 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/19 04:17:29
+ [canohost.c addrmatch.c]
+ Cast socklen_t when comparing to size_t and use socklen_t to iterate over
+ the ip options, both to prevent signed/unsigned comparison warnings.
+ Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
+
+commit 293ee3c9f0796d99ebb033735f0e315f2e0180bf
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jan 19 15:28:01 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/18 09:36:26
+ [session.c]
+ explicitly define USE_PIPES to 1 to prevent redefinition warnings in
+ portable on platforms that use pipes for everything. From redhat @
+ redhat.
+
+commit 2aca159d05f9e7880d1d8f1ce49a218840057f53
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jan 19 15:25:34 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/17 06:23:24
+ [sftp-server.c]
+ fix log message statvfs. ok djm
+
+commit 841f7da89ae8b367bb502d61c5c41916c6e7ae4c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jan 18 22:12:15 2014 +1100
+
+ - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
+ return value check for cap_enter() consistent with the other uses in
+ FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140.
+
+commit fdce3731660699b2429e93e822f2ccbaccd163ae
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jan 18 21:12:42 2014 +1100
+
+ - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
+ optind) are defined in getopt.h already. Unfortunately they are defined as
+ "declspec(dllimport)" for historical reasons, because the GNU linker didn't
+ allow auto-import on PE/COFF targets way back when. The problem is the
+ dllexport attributes collide with the definitions in the various source
+ files in OpenSSH, which obviousy define the variables without
+ declspec(dllimport). The least intrusive way to get rid of these warnings
+ is to disable warnings for GCC compiler attributes when building on Cygwin.
+ Patch from vinschen at redhat.com.
+
+commit 1411c9263f46e1ee49d0d302bf7258ebe69ce827
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jan 18 21:03:59 2014 +1100
+
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
+ declarations that stopped being included when we stopped including
+ <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
+ redhat.com.
+
+commit 89c532d843c95a085777c66365067d64d1937eb9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jan 18 20:43:49 2014 +1100
+
+ - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch
+ from vinschen at redhat.com
+
+commit 355f861022be7b23d3009fae8f3c9f6f7fc685f7
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jan 18 00:12:38 2014 +1100
+
+ - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
+ they're defined if we have to define them ourselves. Fixes builds on old
+ AIX.
+
+commit a3357661ee1d5d553294f36e4940e8285c7f1332
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Jan 18 00:03:57 2014 +1100
+
+ - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
+ Solaris.
+
+commit 9edcbff46ff01c8d5dee9c1aa843f09e9ad8a80e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 21:54:32 2014 +1100
+
+ - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off
+ stack-protector since that has a separate flag that's been around a while.
+
+commit 6d725687c490d4ba957a1bbc0ba0a2956c09fa69
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 19:17:34 2014 +1100
+
+ - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
+
+commit 5055699c7f7c7ef21703a443ec73117da392f6ae
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 18:48:22 2014 +1100
+
+ - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
+ need them to cut down on the name collisions.
+
+commit a5cf1e220def07290260e4125e74f41ac75cf88d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 18:10:58 2014 +1100
+
+ - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
+ openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
+ to be useful (and for the regression tests to pass) on platforms that
+ have statfs and fstatfs. ok djm@
+
+commit 1357d71d7b6d269969520aaa3e84d312ec971d5b
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 18:00:40 2014 +1100
+
+ - (dtucker) Fix typo in #ifndef.
+
+commit d23a91ffb289d3553a58b7a60cec39fba9f0f506
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 17:32:30 2014 +1100
+
+ - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
+ openbsd-compat/openssl-compat.h] Add compatibility layer for older
+ openssl versions. ok djm@
+
+commit 868ea1ea1c1bfdbee5dbad78f81999c5983ecf31
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 17 16:47:04 2014 +1100
+
+ - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
+ [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
+ [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
+ using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
+ Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
+
+commit a9d186a8b50d18869a10e9203abf71c83ddb1f79
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 16:30:49 2014 +1100
+
+ - dtucker@cvs.openbsd.org 2014/01/17 05:26:41
+ [digest.c]
+ remove unused includes. ok djm@
+
+commit 5f1c57a7a7eb39c0e4fee3367712337dbcaef024
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 16:29:45 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/17 00:21:06
+ [sftp-client.c]
+ signed/unsigned comparison warning fix; from portable (Id sync only)
+
+commit c548722361d89fb12c108528f96b306a26477b18
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 15:12:16 2014 +1100
+
+ - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
+ separate lines and alphabetize for easier diffing of changes.
+
+commit acad351a5b1c37de9130c9c1710445cc45a7f6b9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 14:20:05 2014 +1100
+
+ - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
+ don't have them.
+
+commit c3ed065ce8417aaa46490836648c173a5010f226
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 14:18:45 2014 +1100
+
+ - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
+ #ifdef HAVE_STDINT_H.
+
+commit f45f78ae437062c7d9506c5f475b7215f486be44
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 12:43:43 2014 +1100
+
+ - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
+ includes.h to pull in all of the compatibility stuff.
+
+commit 99df369d0340caac145d57f700d830147ff18b87
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 12:42:17 2014 +1100
+
+ - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
+
+commit ac413b62ea1957e80c711acbe0c11b908273fc01
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 12:31:33 2014 +1100
+
+ - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
+
+commit 1c4a011e9c939e74815346a560843e1862c300b8
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 12:23:23 2014 +1100
+
+ - (dtucker) [loginrec.c] Cast to the types specfied in the format
+ specification to prevent warnings.
+
+commit c3d483f9a8275be1113535a1e0d0e384f605f3c4
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 17 11:20:26 2014 +1100
+
+ - (djm) [sftp-client.c] signed/unsigned comparison fix
+
+commit fd994379dd972417d0491767f7cd9b5bf23f4975
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Jan 17 09:53:24 2014 +1100
+
+ - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
+ hardening flags including -fstack-protector-strong. These default to on
+ if the toolchain supports them, but there is a configure-time knob
+ (--without-hardening) to disable them if necessary. ok djm@
+
+commit 366224d21768ee8ec28cfbcc5fbade1b32582d58
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 16 18:51:44 2014 +1100
+
+ - (djm) [README] update release notes URL.
+
+commit 2ae77e64f8fa82cbf25c9755e8e847709b978b40
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 16 18:51:07 2014 +1100
+
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank RPM spec version numbers.
+
+commit 0fa29e6d777c73a1b4ddd3b996b06ee20022ae8a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 16 18:42:31 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/16 07:32:00
+ [version.h]
+ openssh-6.5
+
+commit 52c371cd6d2598cc73d4e633811b3012119c47e2
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jan 16 18:42:10 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/16 07:31:09
+ [sftp-client.c]
+ needless and incorrect cast to size_t can break resumption of
+ large download; patch from tobias@
+
+commit 91b580e4bec55118bf96ab3cdbe5a50839e75d0a
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jan 12 19:21:22 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/12 08:13:13
+ [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
+ avoid use of OpenSSL BIGNUM type and functions for KEX with
+ Curve25519 by adding a buffer_put_bignum2_from_string() that stores
+ a string using the bignum encoding rules. Will make it easier to
+ build a reduced-feature OpenSSH without OpenSSL in the future;
+ ok markus@
+
+commit af5d4481f4c7c8c3c746e68b961bb85ef907800e
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Jan 12 19:20:47 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/10 05:59:19
+ [sshd_config]
+ the /etc/ssh/ssh_host_ed25519_key is loaded by default too
+
+commit 58cd63bc63038acddfb4051ed14e11179d8f4941
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 10 10:59:24 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/09 23:26:48
+ [sshconnect.c sshd.c]
+ ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
+ deranged and might make some attacks on KEX easier; ok markus@
+
+commit b3051d01e505c9c2dc00faab472a0d06fa6b0e65
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 10 10:58:53 2014 +1100
+
+ - djm@cvs.openbsd.org 2014/01/09 23:20:00
+ [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
+ [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
+ [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
+ [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
+ Introduce digest API and use it to perform all hashing operations
+ rather than calling OpenSSL EVP_Digest* directly. Will make it easier
+ to build a reduced-feature OpenSSH without OpenSSL in future;
+ feedback, ok markus@
+
+commit e00e413dd16eb747fb2c15a099971d91c13cf70f
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 10 10:40:45 2014 +1100
+
+ - guenther@cvs.openbsd.org 2014/01/09 03:26:00
+ [sftp-common.c]
+ When formating the time for "ls -l"-style output, show dates in the future
+ with the year, and rearrange a comparison to avoid a potentional signed
+ arithmetic overflow that would give the wrong result.
+
+ ok djm@
+
+commit 3e49853650448883685cfa32fa382d0ba6d51d48
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 10 10:37:05 2014 +1100
+
+ - tedu@cvs.openbsd.org 2014/01/04 17:50:55
+ [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
+ use standard types and formats for size_t like variables. ok dtucker
+
+commit a9c1e500ef609795cbc662848edb1a1dca279c81
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Jan 8 16:13:12 2014 +1100
+
+ - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
+
+commit 324541e5264e1489ca0babfaf2b39612eb80dfb3
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Dec 31 12:25:40 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/30 23:52:28
+ [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
+ [sshconnect.c sshconnect2.c sshd.c]
+ refuse RSA keys from old proprietary clients/servers that use the
+ obsolete RSA+MD5 signature scheme. it will still be possible to connect
+ with these clients/servers but only DSA keys will be accepted, and we'll
+ deprecate them entirely in a future release. ok markus@
+
+commit 9f4c8e797ea002a883307ca906f1f1f815010e78
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:57:46 2013 +1100
+
+ - (djm) [regress/Makefile] Add some generated files for cleaning
+
+commit 106bf1ca3c7a5fdc34f9fd7a1fe651ca53085bc5
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:54:03 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 05:57:02
+ [sshconnect.c]
+ when showing other hostkeys, don't forget Ed25519 keys
+
+commit 0fa47cfb32c239117632cab41e4db7d3e6de5e91
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:53:39 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 05:42:16
+ [ssh.c]
+ don't forget to load Ed25519 certs too
+
+commit b9a95490daa04cc307589897f95bfaff324ad2c9
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:50:15 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 04:35:50
+ [authfile.c]
+ don't refuse to load Ed25519 certificates
+
+commit f72cdde6e6fabc51d2a62f4e75b8b926d9d7ee89
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:49:55 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 04:29:25
+ [authfd.c]
+ allow deletion of ed25519 keys from the agent
+
+commit 29ace1cb68cc378a464c72c0fd67aa5f9acd6b5b
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:49:31 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 04:20:04
+ [key.c]
+ to make sure we don't omit any key types as valid CA keys again,
+ factor the valid key type check into a key_type_is_valid_ca()
+ function
+
+commit 9de4fcdc5a9cff48d49a3e2f6194d3fb2d7ae34d
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:49:13 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 02:49:52
+ [key.c]
+ correct comment for key_drop_cert()
+
+commit 5baeacf8a80f054af40731c6f92435f9164b8e02
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:48:55 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 02:37:04
+ [key.c]
+ correct comment for key_to_certified()
+
+commit 83f2fe26cb19330712c952eddbd3c0b621674adc
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:48:38 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/29 02:28:10
+ [key.c]
+ allow ed25519 keys to appear as certificate authorities
+
+commit 06122e9a74bb488b0fe0a8f64e1135de870f9cc0
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:48:15 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/27 22:37:18
+ [ssh-rsa.c]
+ correct comment
+
+commit 3e19295c3a253c8dc8660cf45baad7f45fccb969
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:47:50 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/27 22:30:17
+ [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
+ make the original RSA and DSA signing/verification code look more like
+ the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
+ rather than tediously listing all variants, use __func__ for debug/
+ error messages
+
+commit 137977180be6254639e2c90245763e6965f8d815
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:47:14 2013 +1100
+
+ - tedu@cvs.openbsd.org 2013/12/21 07:10:47
+ [ssh-keygen.1]
+ small typo
+
+commit 339a48fe7ffb3186d22bbaa9efbbc3a053e602fd
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:46:49 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/19 22:57:13
+ [poly1305.c poly1305.h]
+ use full name for author, with his permission
+
+commit 0b36c83148976c7c8268f4f41497359e2fb26251
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:45:51 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/19 01:19:41
+ [ssh-agent.c]
+ bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
+ that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
+ ok dtucker
+
+commit 4def184e9b6c36be6d965a9705632fc4c0c2a8af
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:45:26 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/19 01:04:36
+ [channels.c]
+ bz#2147: fix multiple remote forwardings with dynamically assigned
+ listen ports. In the s->c message to open the channel we were sending
+ zero (the magic number to request a dynamic port) instead of the actual
+ listen port. The client therefore had no way of discriminating between
+ them.
+
+ Diagnosis and fix by ronf AT timeheart.net
+
+commit bf25d114e23a803f8feca8926281b1aaedb6191b
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:44:56 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/19 00:27:57
+ [auth-options.c]
+ simplify freeing of source-address certificate restriction
+
+commit bb3dafe7024a5b4e851252e65ee35d45b965e4a8
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:44:29 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/12/19 00:19:12
+ [serverloop.c]
+ Cast client_alive_interval to u_int64_t before assinging to
+ max_time_milliseconds to avoid potential integer overflow in the timeout.
+ bz#2170, patch from Loganaden Velvindron, ok djm@
+
+commit ef275ead3dcadde4db1efe7a0aa02b5e618ed40c
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:44:07 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/19 00:10:30
+ [ssh-add.c]
+ skip requesting smartcard PIN when removing keys from agent; bz#2187
+ patch from jay AT slushpupie.com; ok dtucker
+
+commit 7d97fd9a1cae778c3eacf16e09f5da3689d616c6
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 29 17:40:18 2013 +1100
+
+ - (djm) [loginrec.c] Check for username truncation when looking up lastlog
+ entries
+
+commit 77244afe3b6d013b485e0952eaab89b9db83380f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Dec 21 17:02:39 2013 +1100
+
+ 20131221
+ - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
+
+commit 53f8e784dc431a82d31c9b0e95b144507f9330e9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Dec 19 11:31:44 2013 +1100
+
+ - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
+ Patch from Loganaden Velvindron.
+
+commit 1fcec9d4f265e38af248c4c845986ca8c174bd68
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Dec 19 11:00:12 2013 +1100
+
+ - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
+ greater than 11 either rather than just 11. Patch from Tomas Kuthan.
+
+commit 6674eb9683afd1ea4eb35670b5e66815543a759e
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:50:39 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/17 10:36:38
+ [crypto_api.h]
+ I've assempled the header file by cut&pasting from generated headers
+ and the source files.
+
+commit d58a5964426ee014384d67d775d16712e93057f3
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:50:13 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/15 21:42:35
+ [cipher-chachapoly.c]
+ add some comments and constify a constant
+
+commit 059321d19af24d87420de3193f79dfab23556078
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:49:48 2013 +1100
+
+ - pascal@cvs.openbsd.org 2013/12/15 18:17:26
+ [ssh-add.c]
+ Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
+ ok markus@
+
+commit 155b5a5bf158767f989215479ded2a57f331e1c6
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:48:32 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/09 11:08:17
+ [crypto_api.h]
+ remove unused defines
+
+commit 8a56dc2b6b48b05590810e7f4c3567508410000c
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:48:11 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/09 11:03:45
+ [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
+ Add Authors for the public domain ed25519/nacl code.
+ see also http://nacl.cr.yp.to/features.html
+ All of the NaCl software is in the public domain.
+ and http://ed25519.cr.yp.to/software.html
+ The Ed25519 software is in the public domain.
+
+commit 6575c3acf31fca117352f31f37b16ae46e664837
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:47:02 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/12/08 09:53:27
+ [sshd_config.5]
+ Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
+
+commit 8ba0ead6985ea14999265136b14ffd5aeec516f9
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:46:27 2013 +1100
+
+ - naddy@cvs.openbsd.org 2013/12/07 11:58:46
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
+ [ssh_config.5 sshd.8 sshd_config.5]
+ add missing mentions of ed25519; ok djm@
+
+commit 4f752cf71cf44bf4bc777541156c2bf56daf9ce9
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Dec 18 17:45:35 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/07 08:08:26
+ [ssh-keygen.1]
+ document -a and -o wrt new key format
+
+commit 6d6fcd14e23a9053198342bb379815b15e504084
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 8 15:53:28 2013 +1100
+
+ - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
+ [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
+ filesystem before running agent-ptrace.sh; ok dtucker
+
+commit 7e6e42fb532c7dafd7078ef5e9e2d3e47fcf6752
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Dec 8 08:23:08 2013 +1100
+
+ - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
+ Vinschen
+
+commit da3ca351b49d52ae85db2e3998265dc3c6617068
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 21:43:46 2013 +1100
+
+ - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
+ Loganaden Velvindron @ AfriNIC in bz#2179
+
+commit eb401585bb8336cbf81fe4fc58eb9f7cac3ab874
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 17:07:15 2013 +1100
+
+ - (djm) [regress/cert-hostkey.sh] Fix merge botch
+
+commit f54542af3ad07532188b10136ae302314ec69ed6
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 16:32:44 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/06 13:52:46
+ [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
+ [regress/cert-userkey.sh regress/keytype.sh]
+ test ed25519 support; from djm@
+
+commit f104da263de995f66b6861b4f3368264ee483d7f
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 12:37:53 2013 +1100
+
+ - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
+ [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
+ Linux
+
+commit 1ff130dac9b7aea0628f4ad30683431fe35e0020
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:51:51 2013 +1100
+
+ - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
+ [openbsd-compat/blf.h openbsd-compat/blowfish.c]
+ [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
+ portable.
+
+commit 4260828a2958ebe8c96f66d8301dac53f4cde556
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:38:03 2013 +1100
+
+ - [authfile.c] Conditionalise inclusion of util.h
+
+commit a913442bac8a26fd296a3add51293f8f6f9b3b4c
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:35:36 2013 +1100
+
+ - [Makefile.in] Add ed25519 sources
+
+commit ca570a519cb846da61d002c7f46fa92e39c83e45
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:29:09 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/07 00:19:15
+ [key.c]
+ set k->cert = NULL after freeing it
+
+commit 3cccc0e155229a2f2d86b6df40bd4559b4f960ff
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:27:47 2013 +1100
+
+ - [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
+
+commit a7827c11b3f0380b7e593664bd62013ff9c131db
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:24:30 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/12/06 15:29:07
+ [sshd.8]
+ missing comma;
+
+commit 5be9d9e3cbd9c66f24745d25bf2e809c1d158ee0
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 11:24:01 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/06 13:39:49
+ [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
+ [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
+ [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
+ [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
+ [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
+ support ed25519 keys (hostkeys and user identities) using the public
+ domain ed25519 reference code from SUPERCOP, see
+ http://ed25519.cr.yp.to/software.html
+ feedback, help & ok djm@
+
+commit bcd00abd8451f36142ae2ee10cc657202149201e
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 10:41:55 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/06 13:34:54
+ [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
+ [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
+ default; details in PROTOCOL.key; feedback and lots help from djm;
+ ok djm@
+
+commit f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 10:40:26 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/12/06 13:30:08
+ [authfd.c key.c key.h ssh-agent.c]
+ move private key (de)serialization to key.c; ok djm
+
+commit 0f8536da23a6ef26e6495177c0d8a4242b710289
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 10:31:37 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/06 03:40:51
+ [ssh-keygen.c]
+ remove duplicated character ('g') in getopt() string;
+ document the (few) remaining option characters so we don't have to
+ rummage next time.
+
+commit 393920745fd328d3fe07f739a3cf7e1e6db45b60
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Dec 7 10:31:08 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/05 22:59:45
+ [sftp-client.c]
+ fix memory leak in error path in do_readdir(); pointed out by
+ Loganaden Velvindron @ AfriNIC in bz#2163
+
+commit 534b2ccadea5e5e9a8b27226e6faac3ed5552e97
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 14:07:27 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/05 01:16:41
+ [servconf.c servconf.h]
+ bz#2161 - fix AuthorizedKeysCommand inside a Match block and
+ rearrange things so the same error is harder to make next time;
+ with and ok dtucker@
+
+commit 8369c8e61a3408ec6bb75755fad4ffce29b5fdbe
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Dec 5 11:00:16 2013 +1100
+
+ - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
+ -L location for libedit. Patch from Serge van den Boom.
+
+commit 9275df3e0a2a3bc3897f7d664ea86a425c8a092d
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:26:32 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/04 04:20:01
+ [sftp-client.c]
+ bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
+ AfriNIC
+
+commit 960f6a2b5254e4da082d8aa3700302ed12dc769a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:26:14 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/02 03:13:14
+ [cipher.c]
+ correct bzero of chacha20+poly1305 key context. bz#2177 from
+ Loganaden Velvindron @ AfriNIC
+
+ Also make it a memset for consistency with the rest of cipher.c
+
+commit f7e8a8796d661c9d6692ab837e1effd4f5ada1c2
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:25:51 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/02 03:09:22
+ [key.c]
+ make key_to_blob() return a NULL blob on failure; part of
+ bz#2175 from Loganaden Velvindron @ AfriNIC
+
+commit f1e44ea9d9a6d4c1a95a0024132e603bd1778c9c
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:23:21 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/02 02:56:17
+ [ssh-pkcs11-helper.c]
+ use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
+
+commit 114e540b15d57618f9ebf624264298f80bbd8c77
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:22:57 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/02 02:50:27
+ [PROTOCOL.chacha20poly1305]
+ typo; from Jon Cave
+
+commit e4870c090629e32f2cb649dc16d575eeb693f4a8
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:22:39 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/12/01 23:19:05
+ [PROTOCOL]
+ mention curve25519-sha256@libssh.org key exchange algorithm
+
+commit 1d2f8804a6d33a4e908b876b2e1266b8260ec76b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:22:03 2013 +1100
+
+ - deraadt@cvs.openbsd.org 2013/11/26 19:15:09
+ [pkcs11.h]
+ cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
+ Eitan Adler ok markus for ssh, implies same change in kerberosV
+
+commit bdb352a54f82df94a548e3874b22f2d6ae90328d
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:20:52 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/11/26 12:14:54
+ [ssh.1 ssh.c]
+ - put -Q in the right place
+ - Ar was a poor choice for the arguments to -Q. i've chosen an
+ admittedly equally poor Cm, at least consistent with the rest
+ of the docs. also no need for multiple instances
+ - zap a now redundant Nm
+ - usage() sync
+
+commit d937dc084a087090f1cf5395822c3ac958d33759
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:19:54 2013 +1100
+
+ - deraadt@cvs.openbsd.org 2013/11/25 18:04:21
+ [ssh.1 ssh.c]
+ improve -Q usage and such. One usage change is that the option is now
+ case-sensitive
+ ok dtucker markus djm
+
+commit dec0393f7ee8aabc7d9d0fc2c5fddb4bc649112e
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Dec 5 10:18:43 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/11/21 08:05:09
+ [ssh_config.5 sshd_config.5]
+ no need for .Pp before displays;
+
+commit 8a073cf57940aabf85e49799f89f5d5e9b072c1b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 14:26:18 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/21 03:18:51
+ [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
+ [regress/try-ciphers.sh]
+ use new "ssh -Q cipher-auth" query to obtain lists of authenticated
+ encryption ciphers instead of specifying them manually; ensures that
+ the new chacha20poly1305@openssh.com mode is tested;
+
+ ok markus@ and naddy@ as part of the diff to add
+ chacha20poly1305@openssh.com
+
+commit ea61b2179f63d48968dd2c9617621002bb658bfe
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 14:25:15 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/21 03:16:47
+ [regress/modpipe.c]
+ use unsigned long long instead of u_int64_t here to avoid warnings
+ on some systems portable OpenSSH is built on.
+
+commit 36aba25b0409d2db6afc84d54bc47a2532d38424
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 14:24:42 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/21 03:15:46
+ [regress/krl.sh]
+ add some reminders for additional tests that I'd like to implement
+
+commit fa7a20bc289f09b334808d988746bc260a2f60c9
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 14:24:08 2013 +1100
+
+ - naddy@cvs.openbsd.org 2013/11/18 05:09:32
+ [regress/forward-control.sh]
+ bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
+ to successfully run this; ok djm@
+ (ID sync only; our timeouts are already longer)
+
+commit 0fde8acdad78a4d20cadae974376cc0165f645ee
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 14:12:23 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/21 00:45:44
+ [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
+ [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
+ [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
+ [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
+ cipher "chacha20-poly1305@openssh.com" that combines Daniel
+ Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
+ authenticated encryption mode.
+
+ Inspired by and similar to Adam Langley's proposal for TLS:
+ http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
+ but differs in layout used for the MAC calculation and the use of a
+ second ChaCha20 instance to separately encrypt packet lengths.
+ Details are in the PROTOCOL.chacha20poly1305 file.
+
+ Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
+ ok markus@ naddy@
+
+commit fdb2306acdc3eb2bc46b6dfdaaf6005c650af22a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 13:57:15 2013 +1100
+
+ - deraadt@cvs.openbsd.org 2013/11/20 20:54:10
+ [canohost.c clientloop.c match.c readconf.c sftp.c]
+ unsigned casts for ctype macros where neccessary
+ ok guenther millert markus
+
+commit e00167307e4d3692695441e9bd712f25950cb894
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 13:56:49 2013 +1100
+
+ - deraadt@cvs.openbsd.org 2013/11/20 20:53:10
+ [scp.c]
+ unsigned casts for ctype macros where neccessary
+ ok guenther millert markus
+
+commit 23e00aa6ba9eee0e0c218f2026bf405ad4625832
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 13:56:28 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/20 02:19:01
+ [sshd.c]
+ delay closure of in/out fds until after "Bad protocol version
+ identification..." message, as get_remote_ipaddr/get_remote_port
+ require them open.
+
+commit 867e6934be6521f87f04a5ab86702e2d1b314245
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 13:56:06 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/13 13:48:20
+ [ssh-pkcs11.c]
+ add missing braces found by pedro
+
+commit 0600c7020f4fe68a780bd7cf21ff541a8d4b568a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 21 13:55:43 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/08 11:15:19
+ [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
+ [uidswap.c] Include stdlib.h for free() as per the man page.
+
+commit b6a75b0b93b8faa6f79c3a395ab6c71f3f880b80
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Nov 10 20:25:22 2013 +1100
+
+ - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
+ querying the ones that are compiled in.
+
+commit 2c89430119367eb1bc96ea5ee55de83357e4c926
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Nov 10 12:38:42 2013 +1100
+
+ - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
+
+commit dd5264db5f641dbd03186f9e5e83e4b14b3d0003
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Nov 9 22:32:51 2013 +1100
+
+ - (dtucker) [configure.ac] Add missing "test".
+
+commit 95cb2d4eb08117be061f3ff076adef3e9a5372c3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Nov 9 22:02:31 2013 +1100
+
+ - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
+
+commit 37bcef51b3d9d496caecea6394814d2f49a1357f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Nov 9 18:39:25 2013 +1100
+
+ - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
+ NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
+ latter actually works before using it. Fedora (at least) has NID_secp521r1
+ that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
+
+commit 6e2fe81f926d995bae4be4a6b5b3c88c1c525187
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Nov 9 16:55:03 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/09 05:41:34
+ [regress/test-exec.sh regress/rekey.sh]
+ Use smaller test data files to speed up tests. Grow test datafiles
+ where necessary for a specific test.
+
+commit aff7ef1bb8b7c1eeb1f4812129091c5adbf51848
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Nov 9 00:19:22 2013 +1100
+
+ - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
+ rather than testing and generating each key, call ssh-keygen -A.
+ Patch from vinschen at redhat.com.
+
+commit 882abfd3fb3c98cfe70b4fc79224770468b570a5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sat Nov 9 00:17:41 2013 +1100
+
+ - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
+ and pass in TEST_ENV. Unknown options cause stderr to get polluted
+ and the stderr-data test to fail.
+
+commit 8c333ec23bdf7da917aa20ac6803a2cdd79182c5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Nov 8 21:12:58 2013 +1100
+
+ - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
+ warnings.
+
+commit d94240b2f6b376b6e9de187e4a0cd4b89dfc48cb
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Nov 8 21:10:04 2013 +1100
+
+ - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
+
+commit 1c8ce34909886288a3932dce770deec5449f7bb5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Nov 8 19:50:32 2013 +1100
+
+ - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
+ EVP_sha256.
+
+commit ccdb9bec46bcc88549b26a94aa0bae2b9f51031c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Nov 8 18:54:38 2013 +1100
+
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
+ arc4random_stir for platforms that have arc4random but don't have
+ arc4random_stir (right now this is only OpenBSD -current).
+
+commit 3420a50169b52cc8d2775d51316f9f866c73398f
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Nov 8 16:48:13 2013 +1100
+
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version numbers following release.
+
+commit 3ac4a234df842fd8c94d9cb0ad198e1fe84b895b
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Nov 8 12:39:49 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/08 01:38:11
+ [version.h]
+ openssh-6.4
+
+commit 6c81fee693038de7d4a5559043350391db2a2761
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Nov 8 12:19:55 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/08 00:39:15
+ [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
+ [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
+ [sftp-client.c sftp-glob.c]
+ use calloc for all structure allocations; from markus@
+
+commit 690d989008e18af3603a5e03f1276c9bad090370
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Nov 8 12:16:49 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/07 11:58:27
+ [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
+ Output the effective values of Ciphers, MACs and KexAlgorithms when
+ the default has not been overridden. ok markus@
+
+commit 08998c5fb9c7c1d248caa73b76e02ca0482e6d85
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Nov 8 12:11:46 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/08 01:06:14
+ [regress/rekey.sh]
+ Rekey less frequently during tests to speed them up
+
+commit 4bf7e50e533aa956366df7402c132f202e841a48
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 22:33:48 2013 +1100
+
+ - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
+ variable. It's no longer used now that we get the supported MACs from
+ ssh -Q.
+
+commit 6e9d6f411288374d1dee4b7debbfa90bc7e73035
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 15:32:37 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/07 04:26:56
+ [regress/kextype.sh]
+ trailing space
+
+commit 74cbc22529f3e5de756e1b7677b7624efb28f62c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 15:26:12 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/07 03:55:41
+ [regress/kextype.sh]
+ Use ssh -Q to get kex types instead of a static list.
+
+commit a955041c930e63405159ff7d25ef14272f36eab3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 15:21:19 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/07 02:48:38
+ [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
+ Use ssh -Q instead of hardcoding lists of ciphers or MACs.
+
+commit 06595d639577577bc15d359e037a31eb83563269
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 15:08:02 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/07 01:12:51
+ [regress/rekey.sh]
+ Factor out the data transfer rekey tests
+
+commit 651dc8b2592202dac6b16ee3b82ce5b331be7da3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 15:04:44 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/07 00:12:05
+ [regress/rekey.sh]
+ Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
+ the GCM ciphers.
+
+commit 234557762ba1096a867ca6ebdec07efebddb5153
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 15:00:51 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/11/04 12:27:42
+ [regress/rekey.sh]
+ Test rekeying with all KexAlgorithms.
+
+commit bbfb9b0f386aab0c3e19d11f136199ef1b9ad0ef
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 14:56:43 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 22:39:53
+ [regress/kextype.sh]
+ add curve25519-sha256@libssh.org
+
+commit aa19548a98c0f89283ebd7354abd746ca6bc4fdf
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Nov 7 14:50:09 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/09 23:44:14
+ [regress/Makefile] (ID sync only)
+ regression test for sftp request white/blacklisting and readonly mode.
+
+commit c8908aabff252f5da772d4e679479c2b7d18cac1
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 13:38:35 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/06 23:05:59
+ [ssh-pkcs11.c]
+ from portable: s/true/true_val/ to avoid name collisions on dump platforms
+ RCSID sync only
+
+commit 49c145c5e89b9d7d48e84328d6347d5ad640b567
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 13:35:39 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/06 16:52:11
+ [monitor_wrap.c]
+ fix rekeying for AES-GCM modes; ok deraadt
+
+commit 67a8800f290b39fd60e379988c700656ae3f2539
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 13:32:51 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/04 11:51:16
+ [monitor.c]
+ fix rekeying for KEX_C25519_SHA256; noted by dtucker@
+ RCSID sync only; I thought this was a merge botch and fixed it already
+
+commit df8b030b15fcec7baf38ec7944f309f9ca8cc9a7
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 13:28:16 2013 +1100
+
+ - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
+ that lack it but have arc4random_uniform()
+
+commit a6fd1d3c38a562709374a70fa76423859160aa90
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 12:03:26 2013 +1100
+
+ - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
+
+commit c98319750b0bbdd0d1794420ec97d65dd9244613
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 12:00:23 2013 +1100
+
+ - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
+
+commit 61c5c2319e84a58210810d39b062c8b8e3321160
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Nov 7 11:34:14 2013 +1100
+
+ - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
+ that got lost in recent merge.
+
+commit 094003f5454a9f5a607674b2739824a7e91835f4
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 22:59:27 2013 +1100
+
+ - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
+ KEX/curve25519 change
+
+commit ca67a7eaf8766499ba67801d0be8cdaa550b9a50
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 09:05:17 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/11/03 10:37:19
+ [roaming_common.c]
+ fix a couple of function definitions foo() -> foo(void)
+ (-Wold-style-definition)
+
+commit 0bd8f1519d51af8d4229be81e8f2f4903a1d440b
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 08:55:43 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 22:39:19
+ [ssh_config.5 sshd_config.5]
+ the default kex is now curve25519-sha256@libssh.org
+
+commit 4c3ba0767fbe4a8a2a748df4035aaf86651f6b30
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 08:40:13 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 22:34:01
+ [auth-options.c]
+ no need to include monitor_wrap.h and ssh-gss.h
+
+commit 660621b2106b987b874c2f120218bec249d0f6ba
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 08:37:51 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 22:24:24
+ [kexdhs.c kexecdhs.c]
+ no need to include ssh-gss.h
+
+commit abdca986decfbbc008c895195b85e879ed460ada
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 08:30:05 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 22:10:15
+ [kexdhs.c kexecdhs.c]
+ no need to include monitor_wrap.h
+
+commit 1e1242604eb0fd510fe93f81245c529237ffc513
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 08:26:52 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 21:59:15
+ [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+ use curve25519 for default key exchange (curve25519-sha256@libssh.org);
+ initial patch from Aris Adamantiadis; ok djm@
+
+commit d2252c79191d069372ed6effce7c7a2de93448cd
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Nov 4 07:41:48 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/11/02 20:03:54
+ [ssh-pkcs11.c]
+ support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
+ fixes bz#1908; based on patch from Laurent Barbe; ok djm
+
+commit 007e3b357e880caa974d5adf9669298ba0751c78
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Nov 3 18:43:55 2013 +1100
+
+ - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
+ for platforms that don't have them.
+
+commit 710f3747352fb93a63e5b69b12379da37f5b3fa9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Nov 3 17:20:34 2013 +1100
+
+ - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
+ vsnprintf. From eric at openbsd via chl@.
+
+commit d52770452308e5c2e99f4da6edaaa77ef078b610
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Nov 3 16:30:46 2013 +1100
+
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
+ From OpenSMTPD where it prevents "implicit declaration" warnings (it's
+ a no-op in OpenSSH). From chl at openbsd.
+
+commit 63857c9340d3482746a5622ffdacc756751f6448
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 30 22:31:06 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/10/29 18:49:32
+ [sshd_config.5]
+ pty(4), not pty(7);
+
+commit 5ff30c6b68adeee767dd29bf2369763c6a13c0b3
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 30 22:21:50 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/29 09:48:02
+ [servconf.c servconf.h session.c sshd_config sshd_config.5]
+ shd_config PermitTTY to disallow TTY allocation, mirroring the
+ longstanding no-pty authorized_keys option;
+ bz#2070, patch from Teran McKinney; ok markus@
+
+commit 4a3a9d4bbf8048473f5cc202cd8db7164d5e6b8d
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 30 22:19:47 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/29 09:42:11
+ [key.c key.h]
+ fix potential stack exhaustion caused by nested certificates;
+ report by Mateusz Kocielski; ok dtucker@ markus@
+
+commit 28631ceaa7acd9bc500f924614431542893c6a21
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Oct 26 10:07:56 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/25 23:04:51
+ [ssh.c]
+ fix crash when using ProxyCommand caused by previous commit - was calling
+ freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
+
+commit 26506ad29350c5681815745cc90b3952a84cf118
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Oct 26 10:05:46 2013 +1100
+
+ - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
+ unnecessary arc4random_stir() calls. The only ones left are to ensure
+ that the PRNG gets a different state after fork() for platforms that
+ have broken the API.
+
+commit bd43e8872325e9bbb3319c89da593614709f317c
+Author: Tim Rice <tim@multitalents.net>
+Date: Thu Oct 24 12:22:49 2013 -0700
+
+ - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
+
+commit a90c0338083ee0e4064c4bdf61f497293a699be0
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 24 21:03:17 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/24 08:19:36
+ [ssh.c]
+ fix bug introduced in hostname canonicalisation commit: don't try to
+ resolve hostnames when a ProxyCommand is set unless the user has forced
+ canonicalisation; spotted by Iain Morgan
+
+commit cf31f3863425453ffcda540fbefa9df80088c8d1
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 24 21:02:56 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
+ [readconf.c servconf.c ssh_config.5 sshd_config.5]
+ Disallow empty Match statements and add "Match all" which matches
+ everything. ok djm, man page help jmc@
+
+commit 4bedd4032a09ce87322ae5ea80f193f109e5c607
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 24 21:02:26 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/10/24 00:49:49
+ [moduli.c]
+ Periodically print progress and, if possible, expected time to completion
+ when screening moduli for DH groups. ok deraadt djm
+
+commit 5ecb41629860687b145be63b8877fabb6bae5eda
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 24 21:02:02 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/23 23:35:32
+ [sshd.c]
+ include local address and port in "Connection from ..." message (only
+ shown at loglevel>=verbose)
+
+commit 03bf2e61ad6ac59a362a1f11b105586cb755c147
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 24 21:01:26 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/10/23 05:40:58
+ [servconf.c]
+ fix comment
+
+commit 8f1873191478847773906af961c8984d02a49dd6
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 24 10:53:02 2013 +1100
+
+ - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
+ rather than full client name which may be of form user@REALM;
+ patch from Miguel Sanders; ok dtucker@
+
+commit 5b01b0dcb417eb615df77e7ce1b59319bf04342c
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:31:31 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/23 04:16:22
+ [ssh-keygen.c]
+ Make code match documentation: relative-specified certificate expiry time
+ should be relative to current time and not the validity start time.
+ Reported by Petr Lautrbach; ok deraadt@
+
+commit eff5cada589f25793dbe63a76aba9da39837a148
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:31:10 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/23 03:05:19
+ [readconf.c ssh.c]
+ comment
+
+commit 084bcd24e9fe874020e4df4e073e7408e1b17fb7
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:30:51 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/23 03:03:07
+ [readconf.c]
+ Hostname may have %h sequences that should be expanded prior to Match
+ evaluation; spotted by Iain Morgan
+
+commit 8e5a67f46916def40b2758bb7755350dd2eee843
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:30:25 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/10/20 18:00:13
+ [ssh_config.5]
+ tweak the "exec" description, as worded by djm;
+
+commit c0049bd0bca02890cd792babc594771c563f91f2
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:29:59 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/20 09:51:26
+ [scp.1 sftp.1]
+ add canonicalisation options to -o lists
+
+commit 8a04be795fc28514a09e55a54b2e67968f2e1b3a
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:29:40 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/20 06:19:28
+ [readconf.c ssh_config.5]
+ rename "command" subclause of the recently-added "Match" keyword to
+ "exec"; it's shorter, clearer in intent and we might want to add the
+ ability to match against the command being executed at the remote end in
+ the future.
+
+commit 5c86ebdf83b636b6741db4b03569ef4a53b89a58
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 23 16:29:12 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/20 04:39:28
+ [ssh_config.5]
+ document % expansions performed by "Match command ..."
+
+commit 4502f88774edc56194707167443f94026d3c7cfa
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Oct 18 10:17:36 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/17 22:08:04
+ [sshd.c]
+ include remote port in bad banner message; bz#2162
+
+commit 1edcbf65ebd2febeaf10a836468f35e519eed7ca
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Oct 18 10:17:17 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/10/17 07:35:48
+ [sftp.1 sftp.c]
+ tweak previous;
+
+commit a176e1823013dd8533a20235b3a5131f0626f46b
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Oct 18 09:05:41 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/09 23:44:14
+ [regress/Makefile regress/sftp-perm.sh]
+ regression test for sftp request white/blacklisting and readonly mode.
+
+commit e3ea09494dcfe7ba76536e95765c8328ecfc18fb
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:57:23 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/17 00:46:49
+ [ssh.c]
+ rearrange check to reduce diff against -portable
+ (Id sync only)
+
+commit f29238e67471a7f1088a99c3c3dbafce76b790cf
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:48:52 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/17 00:30:13
+ [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
+ fsync@openssh.com protocol extension for sftp-server
+ client support to allow calling fsync() faster successful transfer
+ patch mostly by imorgan AT nas.nasa.gov; bz#1798
+ "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
+
+commit 51682faa599550a69d8120e5e2bdbdc0625ef4be
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:48:31 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/16 22:58:01
+ [ssh.c ssh_config.5]
+ one I missed in previous: s/isation/ization/
+
+commit 3850559be93f1a442ae9ed370e8c389889dd5f72
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:48:13 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/16 22:49:39
+ [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
+ s/canonicalise/canonicalize/ for consistency with existing spelling,
+ e.g. authorized_keys; pointed out by naddy@
+
+commit 607af3434b75acc7199a5d99d5a9c11068c01f27
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:47:51 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/10/16 06:42:25
+ [ssh_config.5]
+ tweak previous;
+
+commit 0faf747e2f77f0f7083bcd59cbed30c4b5448444
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:47:23 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/16 02:31:47
+ [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
+ [sshconnect.c sshconnect.h]
+ Implement client-side hostname canonicalisation to allow an explicit
+ search path of domain suffixes to use to convert unqualified host names
+ to fully-qualified ones for host key matching.
+ This is particularly useful for host certificates, which would otherwise
+ need to list unqualified names alongside fully-qualified ones (and this
+ causes a number of problems).
+ "looks fine" markus@
+
+commit d77b81f856e078714ec6b0f86f61c20249b7ead4
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:39:00 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/10/15 14:10:25
+ [ssh.1 ssh_config.5]
+ tweak previous;
+
+commit dcd39f29ce3308dc74a0ff27a9056205a932ce05
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Oct 17 11:31:40 2013 +1100
+
+ - [ssh.c] g/c unused variable.
+
+commit 5359a628ce3763408da25d83271a8eddec597a0c
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:20:37 2013 +1100
+
+ - [ssh.c] g/c unused variable.
+
+commit 386feab0c4736b054585ee8ee372865d5cde8d69
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:14:49 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/14 23:31:01
+ [ssh.c]
+ whitespace at EOL; pointed out by markus@
+
+commit e9fc72edd6c313b670558cd5219601c38a949b67
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:14:12 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/14 23:28:23
+ [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
+ refactor client config code a little:
+ add multistate option partsing to readconf.c, similar to servconf.c's
+ existing code.
+ move checking of options that accept "none" as an argument to readconf.c
+ add a lowercase() function and use it instead of explicit tolower() in
+ loops
+ part of a larger diff that was ok markus@
+
+commit 194fd904d8597a274b93e075b2047afdf5a175d4
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:13:05 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/14 22:22:05
+ [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
+ add a "Match" keyword to ssh_config that allows matching on hostname,
+ user and result of arbitrary commands. "nice work" markus@
+
+commit 71df752de2a04f423b1cd18d961a79f4fbccbcee
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:12:02 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/14 21:20:52
+ [session.c session.h]
+ Add logging of session starts in a useful format; ok markus@ feedback and
+ ok dtucker@
+
+commit 6efab27109b82820e8d32a5d811adb7bfc354f65
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:07:05 2013 +1100
+
+ - jmc@cvs.openbsd.org 2013/10/14 14:18:56
+ [sftp-server.8 sftp-server.c]
+ tweak previous;
+ ok djm
+
+commit 61c7de8a94156f6d7e9718ded9be8c65bb902b66
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:06:45 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/11 02:53:45
+ [sftp-client.h]
+ obsolete comment
+
+commit 2f93d0556e4892208c9b072624caa8cc5ddd839d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:06:27 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/11 02:52:23
+ [sftp-client.c]
+ missed one arg reorder
+
+commit bda5c8445713ae592d969a5105ed1a65da22bc96
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 12:05:58 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/11 02:45:36
+ [sftp-client.c]
+ rename flag arguments to be more clear and consistent.
+ reorder some internal function arguments to make adding additional flags
+ easier.
+ no functional change
+
+commit 61ee4d68ca0fcc793a826fc7ec70f3b8ffd12ab6
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 11:56:47 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/10 01:43:03
+ [sshd.c]
+ bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
+ updated; ok dtucker@
+
+commit 73600e51af9ee734a19767e0c084bbbc5eb5b8da
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 11:56:25 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/10 00:53:25
+ [sftp-server.c]
+ add -Q, -P and -p to usage() before jmc@ catches me
+
+commit 6eaeebf27d92f39a38c772aa3f20c2250af2dd29
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 15 11:55:57 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/10/09 23:42:17
+ [sftp-server.8 sftp-server.c]
+ Add ability to whitelist and/or blacklist sftp protocol requests by name.
+ Refactor dispatch loop and consolidate read-only mode checks.
+ Make global variables static, since sftp-server is linked into sshd(8).
+ ok dtucker@
+
+commit df62d71e64d29d1054e7a53d1a801075ef70335f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Oct 10 10:32:39 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/10/08 11:42:13
+ [dh.c dh.h]
+ Increase the size of the Diffie-Hellman groups requested for a each
+ symmetric key size. New values from NIST Special Publication 800-57 with
+ the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
+ djm@.
+
+commit e6e52f8c5dc89a6767702e65bb595aaf7bc8991c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Oct 10 10:28:07 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/09/19 01:26:29
+ [sshconnect.c]
+ bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
+ swp AT swp.pp.ru; ok dtucker@
+
+commit 71152bc9911bc34a98810b2398dac20df3fe8de3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Oct 10 10:27:21 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/09/19 01:24:46
+ [channels.c]
+ bz#1297 - tell the client (via packet_send_debug) when their preferred
+ listen address has been overridden by the server's GatewayPorts;
+ ok dtucker@
+
+commit b59aaf3c4f3f449a4b86d8528668bd979be9aa5f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Oct 10 10:26:21 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/09/19 00:49:12
+ [sftp-client.c]
+ fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
+
+commit 5d80e4522d6238bdefe9d0c634f0e6d35a241e41
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Oct 10 10:25:09 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/09/19 00:24:52
+ [progressmeter.c]
+ store the initial file offset so the progress meter doesn't freak out
+ when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
+
+commit ad92df7e5ed26fea85adfb3f95352d6cd8e86344
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Oct 10 10:24:11 2013 +1100
+
+ - sthen@cvs.openbsd.org 2013/09/16 11:35:43
+ [ssh_config]
+ Remove gssapi config parts from ssh_config, as was already done for
+ sshd_config. Req by/ok ajacoutot@
+ ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
+
+commit 720711960b130d36dfdd3d50eb25ef482bdd000e
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 9 10:44:47 2013 +1100
+
+ - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
+ [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
+ implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
+ tested tim@
+
+commit 9159310087a218e28940a592896808b8eb76a039
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 9 10:42:32 2013 +1100
+
+ - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
+ in OpenBSD implementation of arc4random, shortly to replace the existing
+ bsd-arc4random.c
+
+commit 67f1d557a68d6fa8966a327d7b6dee3408cf0e72
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 9 09:33:08 2013 +1100
+
+ correct incorrect years in datestamps; from des
+
+commit f2bf36c3eb4d969f85ec8aa342e9aecb61cc8bb1
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Sep 22 19:02:40 2013 +1000
+
+ - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
+ setting when handling SIGHUP to maintain behaviour over retart. Patch
+ from Matthew Ife.
+
+commit e90a06ae570fd259a2f5ced873c7f17390f535a5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Sep 18 15:09:38 2013 +1000
+
+ - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
+
+commit 13840e0103946982cee2a05c40697be7e57dca41
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:49:43 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/09/13 06:54:34
+ [channels.c]
+ avoid unaligned access in code that reused a buffer to send a
+ struct in_addr in a reply; simpler just use use buffer_put_int();
+ from portable; spotted by and ok dtucker@
+
+commit 70182522a47d283513a010338cd028cb80dac2ab
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:49:19 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/09/12 01:41:12
+ [clientloop.c]
+ fix connection crash when sending break (~B) on ControlPersist'd session;
+ ok dtucker@
+
+commit ff9d6c2a4171ee32e8fe28fc3b86eb33bd5c845b
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:48:55 2013 +1000
+
+ - sthen@cvs.openbsd.org 2013/09/07 13:53:11
+ [sshd_config]
+ Remove commented-out kerberos/gssapi config options from sample config,
+ kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
+ various people; ok deraadt@
+ ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
+
+commit 8bab5e7b5ff6721d926b5ebf05a3a24489889c58
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:47:00 2013 +1000
+
+ - deraadt@cvs.openbsd.org 2013/09/02 22:00:34
+ [ssh-keygen.c sshconnect1.c sshd.c]
+ All the instances of arc4random_stir() are bogus, since arc4random()
+ does this itself, inside itself, and has for a very long time.. Actually,
+ this was probably reducing the entropy available.
+ ok djm
+ ID SYNC ONLY for portable; we don't trust other arc4random implementations
+ to do this right.
+
+commit 61353b3208d548fab863e0e0ac5d2400ee5bb340
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:45:32 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/31 00:13:54
+ [sftp.c]
+ make ^w match ksh behaviour (delete previous word instead of entire line)
+
+commit 660854859cad31d234edb9353fb7ca2780df8128
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:45:03 2013 +1000
+
+ - mikeb@cvs.openbsd.org 2013/08/28 12:34:27
+ [ssh-keygen.c]
+ improve batch processing a bit by making use of the quite flag a bit
+ more often and exit with a non zero code if asked to find a hostname
+ in a known_hosts file and it wasn't there;
+ originally from reyk@, ok djm
+
+commit 045bda5cb8acf0eb9d71c275ee1247e3154fc9e5
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:44:37 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/22 19:02:21
+ [sshd.c]
+ Stir PRNG after post-accept fork. The child gets a different PRNG state
+ anyway via rexec and explicit privsep reseeds, but it's good to be sure.
+ ok markus@
+
+commit ed4af412da60a084891b20412433a27966613fb8
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Sep 14 09:40:51 2013 +1000
+
+ add marker for 6.3p1 release at the point of the last included change
+
+commit 43968a8e66a0aa1afefb11665bf96f86b113f5d9
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 28 14:00:54 2013 +1000
+
+ - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
+ until we have configure support.
+
+commit 04be8b9e53f8388c94b531ebc5d1bd6e10e930d1
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 28 12:49:43 2013 +1000
+
+ - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
+ 'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
+ start to use them in the future.
+
+commit f2f6c315a920a256937e1b6a3702757f3195a592
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:44:58 2013 +1000
+
+ - jmc@cvs.openbsd.org 2013/08/20 06:56:07
+ [ssh.1 ssh_config.5]
+ some proxyusefdpass tweaks;
+
+commit 1262b6638f7d01ab110fd373dd90d915c882fe1a
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:44:24 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/20 00:11:38
+ [readconf.c readconf.h ssh_config.5 sshconnect.c]
+ Add a ssh_config ProxyUseFDPass option that supports the use of
+ ProxyCommands that establish a connection and then pass a connected
+ file descriptor back to ssh(1). This allows the ProxyCommand to exit
+ rather than have to shuffle data back and forth and enables ssh to use
+ getpeername, etc. to obtain address information just like it does with
+ regular directly-connected sockets. ok markus@
+
+commit b7727df37efde4dbe4f5a33b19cbf42022aabf66
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:43:49 2013 +1000
+
+ - jmc@cvs.openbsd.org 2013/08/14 08:39:27
+ [scp.1 ssh.1]
+ some Bx/Ox conversion;
+ From: Jan Stary
+
+commit d5d9d7b1fdacf0551de4c747728bd159be40590a
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:43:27 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/13 18:33:08
+ [ssh-keygen.c]
+ another of the same typo
+
+commit d234afb0b3a8de1be78cbeafed5fc86912594c3c
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:42:58 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/13 18:32:08
+ [ssh-keygen.c]
+ typo in error message; from Stephan Rickauer
+
+commit e0ee727b8281a7c2ae20630ce83f6b200b404059
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:42:35 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/09 03:56:42
+ [sftp.c]
+ enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
+ matching ksh's relatively recent change.
+
+commit fec029f1dc2c338f3fae3fa82aabc988dc07868c
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:42:12 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/09 03:39:13
+ [sftp-client.c]
+ two problems found by a to-be-committed regress test: 1) msg_id was not
+ being initialised so was starting at a random value from the heap
+ (harmless, but confusing). 2) some error conditions were not being
+ propagated back to the caller
+
+commit 036d30743fc914089f9849ca52d615891d47e616
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:41:46 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/09 03:37:25
+ [sftp.c]
+ do getopt parsing for all sftp commands (with an empty optstring for
+ commands without arguments) to ensure consistent behaviour
+
+commit c7dba12bf95eb1d69711881a153cc286c1987663
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:41:15 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/08 05:04:03
+ [sftp-client.c sftp-client.h sftp.c]
+ add a "-l" flag for the rename command to force it to use the silly
+ standard SSH_FXP_RENAME command instead of the POSIX-rename- like
+ posix-rename@openssh.com extension.
+
+ intended for use in regress tests, so no documentation.
+
+commit 034f27a0c09e69fe3589045b41f03f6e345b63f5
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:40:44 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/08 04:52:04
+ [sftp.c]
+ fix two year old regression: symlinking a file would incorrectly
+ canonicalise the target path. bz#2129 report from delphij AT freebsd.org
+
+commit c6895c5c67492144dd28589e5788f783be9152ed
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:40:21 2013 +1000
+
+ - jmc@cvs.openbsd.org 2013/08/07 06:24:51
+ [sftp.1 sftp.c]
+ sort -a;
+
+commit a6d6c1f38ac9b4a5e1bd4df889e1020a8370ed55
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:40:01 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/06 23:06:01
+ [servconf.c]
+ add cast to avoid format warning; from portable
+
+commit eec840673bce3f69ad269672fba7ed8ff05f154f
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:39:39 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/06 23:05:01
+ [sftp.1]
+ document top-level -a option (the -a option to 'get' was already
+ documented)
+
+commit 02e878070d0eddad4e11f2c82644b275418eb112
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 21 02:38:51 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/08/06 23:03:49
+ [sftp.c]
+ fix some whitespace at EOL
+ make list of commands an enum rather than a long list of defines
+ add -a to usage()
+
+commit acd2060f750c16d48b87b92a10b5a833227baf9d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Aug 8 17:02:12 2013 +1000
+
+ - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
+ removal. The "make clean" removes modpipe which is built by the top-level
+ directory before running the tests. Spotted by tim@
+
+commit 9542de4547beebf707f3640082d471f1a85534c9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Aug 8 12:50:06 2013 +1000
+
+ - (dtucker) [misc.c] Remove define added for fallback testing that was
+ mistakenly included in the previous commit.
+
+commit 94396b7f06f512a0acb230640d7f703fb802a9ee
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Aug 8 11:52:37 2013 +1000
+
+ - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
+ CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
+ CLOCK_MONOTONIC define but don't actually support it. Found and tested
+ by Kevin Brott, ok djm.
+
+commit a5a3cbfa0fb8ef011d3e7b38910a13f6ebbb8818
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Aug 8 10:58:49 2013 +1000
+
+ - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
+ since some platforms (eg really old FreeBSD) don't have it. Instead,
+ run "make clean" before a complete regress run. ok djm.
+
+commit f3ab2c5f9cf4aed44971eded3ac9eeb1344b2be5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Aug 4 21:48:41 2013 +1000
+
+ - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
+ for building with older Heimdal versions. ok djm.
+
+commit ab3575c055adfbce70fa7405345cf0f80b07c827
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Aug 1 14:34:16 2013 +1000
+
+ - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
+
+commit c192a4c4f6da907dc0e67a3ca61d806f9a92c931
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Aug 1 14:29:20 2013 +1000
+
+ - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
+ blocking connecting socket will clear any stored errno that might
+ otherwise have been retrievable via getsockopt(). A hack to limit writes
+ to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
+ it in an #ifdef. Diagnosis and patch from Ivo Raisr.
+
+commit 81f7cf1ec5bc2fd202eda05abc2e5361c54633c5
+Author: Tim Rice <tim@multitalents.net>
+Date: Thu Jul 25 18:41:40 2013 -0700
+
+ more correct comment for last commit
+
+commit 0553ad76ffdff35fb31b9e6df935a71a1cc6daa2
+Author: Tim Rice <tim@multitalents.net>
+Date: Thu Jul 25 16:03:16 2013 -0700
+
+ - (tim) [regress/forwarding.sh] Fix for building outside read only source tree.
+
+commit ed899eb597a8901ff7322cba809660515ec0d601
+Author: Tim Rice <tim@multitalents.net>
+Date: Thu Jul 25 15:40:00 2013 -0700
+
+ - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
+ Solaris and UnixWare. Feedback and OK djm@
+
+commit e9e936d33b4b1d77ffbaace9438cb2f1469c1dc7
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 12:34:00 2013 +1000
+
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version numbers
+
+commit d1e26cf391de31128b4edde118bff5fed98a90ea
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 12:11:18 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/06/21 02:26:26
+ [regress/sftp-cmds.sh regress/test-exec.sh]
+ unbreak sftp-cmds for renamed test data (s/ls/data/)
+
+commit 78d47b7c5b182e44552913de2b4b7e0363c8e3cc
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 12:08:46 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
+ [regress/forwarding.sh]
+ Add test for forward config parsing
+
+commit fea440639e04cea9f2605375a41d654390369402
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 12:08:07 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
+ [regress/test-exec.sh]
+ use ssh and sshd as testdata since it needs to be >256k for the rekey test
+
+commit 53435b2d8773a5d7c78359e9f7bf9df2d93b9ef5
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 11:57:15 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/25 00:57:37
+ [version.h]
+ openssh-6.3 for release
+
+commit 0d032419ee6e1968fc1cb187af63bf3b77b506ea
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 11:56:52 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/25 00:56:52
+ [sftp-client.c sftp-client.h sftp.1 sftp.c]
+ sftp support for resuming partial downloads; patch mostly by Loganaden
+ Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
+
+commit 98e27dcf581647b5bbe9780e8f59685d942d8ea3
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 11:55:52 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/25 00:29:10
+ [ssh.c]
+ daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
+ it is fully detached from its controlling terminal. based on debugging
+
+commit 94c9cd34d1590ea1d4bf76919a15b5688fa90ed1
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 11:55:39 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/22 12:20:02
+ [umac.h]
+ oops, forgot to commit corresponding header change;
+ spotted by jsg and jasper
+
+commit c331dbd22297ab9bf351abee659893d139c9f28a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 11:55:20 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/22 05:00:17
+ [umac.c]
+ make MAC key, data to be hashed and nonce for final hash const;
+ checked with -Wcast-qual
+
+commit c8669a8cd24952b3f16a44eac63d2b6ce8a6343a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 25 11:52:48 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/20 22:20:42
+ [krl.c]
+ fix verification error in (as-yet usused) KRL signature checking path
+
+commit 63ddc899d28cf60045b560891894b9fbf6f822e9
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jul 20 13:35:45 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/20 01:55:13
+ [auth-krb5.c gss-serv-krb5.c gss-serv.c]
+ fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
+
+commit 1f0e86f23fcebb026371c0888402a981df2a61c4
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jul 20 13:22:49 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/20 01:50:20
+ [ssh-agent.c]
+ call cleanup_handler on SIGINT when in debug mode to ensure sockets
+ are cleaned up on manual exit; bz#2120
+
+commit 3009d3cbb89316b1294fb5cedb54770b5d114d04
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jul 20 13:22:31 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/20 01:44:37
+ [ssh-keygen.c ssh.c]
+ More useful error message on missing current user in /etc/passwd
+
+commit 32ecfa0f7920db31471ca8c1f4adc20ae38ed9d6
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jul 20 13:22:13 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/20 01:43:46
+ [umac.c]
+ use a union to ensure correct alignment; ok deraadt
+
+commit 85b45e09188e7a7fc8f0a900a4c6a0f04a5720a7
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jul 20 13:21:52 2013 +1000
+
+ - markus@cvs.openbsd.org 2013/07/19 07:37:48
+ [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
+ [servconf.h session.c sshd.c sshd_config.5]
+ add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
+ or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
+ ok djm@
+
+commit d93340cbb6bc0fc0dbd4427e0cec6d994a494dd9
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:14:34 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/18 01:12:26
+ [ssh.1]
+ be more exact wrt perms for ~/.ssh/config; bz#2078
+
+commit bf836e535dc3a8050c1756423539bac127ee5098
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:14:13 2013 +1000
+
+ - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
+ [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
+ use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
+
+commit 649fe025a409d0ce88c60a068f3f211193c35873
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:13:55 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/12 05:48:55
+ [ssh.c]
+ set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
+
+commit 5bb8833e809d827496dffca0dc2c223052c93931
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:13:37 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/12 05:42:03
+ [ssh-keygen.c]
+ do_print_resource_record() can never be called with a NULL filename, so
+ don't attempt (and bungle) asking for one if it has not been specified
+ bz#2127 ok dtucker@
+
+commit 7313fc9222785d0c54a7ffcaf2067f4db02c8d72
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:13:19 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/12 00:43:50
+ [misc.c]
+ in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
+ errno == 0. Avoids confusing error message in some broken resolver
+ cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
+
+commit 746d1a6c524d2e90ebe98cc29e42573a3e1c3c1b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:13:02 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/12 00:20:00
+ [sftp.c ssh-keygen.c ssh-pkcs11.c]
+ fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
+
+commit ce98654674648fb7d58f73edf6aa398656a2dba4
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:12:44 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/07/12 00:19:59
+ [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
+ [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
+ fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
+
+commit 0d02c3e10e1ed16d6396748375a133d348127a2a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:12:06 2013 +1000
+
+ - markus@cvs.openbsd.org 2013/07/02 12:31:43
+ [dh.c]
+ remove extra whitespace
+
+commit fecfd118d6c90df4fcd3cec7b14e4d3ce69a41d5
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:11:50 2013 +1000
+
+ - jmc@cvs.openbsd.org 2013/06/27 14:05:37
+ [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ do not use Sx for sections outwith the man page - ingo informs me that
+ stuff like html will render with broken links;
+
+ issue reported by Eric S. Raymond, via djm
+
+commit bc35d92e78fd53c3f32cbdbdf89d8b1919788c50
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:11:25 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/06/22 06:31:57
+ [scp.c]
+ improved time_t overflow check suggested by guenther@
+
+commit 8158441d01ab84f33a7e70e27f87c02cbf67e709
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:11:07 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/06/21 05:43:10
+ [scp.c]
+ make this -Wsign-compare clean after time_t conversion
+
+commit bbeb1dac550bad8e6aff9bd27113c6bd5ebb7413
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:10:49 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/06/21 05:42:32
+ [dh.c]
+ sprinkle in some error() to explain moduli(5) parse failures
+
+commit 7f2b438ca0b7c3b9684a03d7bf3eaf379da16de9
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:10:29 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/06/21 00:37:49
+ [ssh_config.5]
+ explicitly mention that IdentitiesOnly can be used with IdentityFile
+ to control which keys are offered from an agent.
+
+commit 20bdcd72365e8b3d51261993928cc47c5f0d7c8a
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:10:09 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/06/21 00:34:49
+ [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
+ for hostbased authentication, print the client host and user on
+ the auth success/failure line; bz#2064, ok dtucker@
+
+commit 3071070b39e6d1722151c754cdc2b26640eaf45e
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:09:44 2013 +1000
+
+ - markus@cvs.openbsd.org 2013/06/20 19:15:06
+ [krl.c]
+ don't leak the rdata blob on errors; ok djm@
+
+commit 044bd2a7ddb0b6f6b716c87e57261572e2b89028
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:09:25 2013 +1000
+
+ - guenther@cvs.openbsd.org 2013/06/17 04:48:42
+ [scp.c]
+ Handle time_t values as long long's when formatting them and when
+ parsing them from remote servers.
+ Improve error checking in parsing of 'T' lines.
+
+ ok dtucker@ deraadt@
+
+commit 9a6615542108118582f64b7161ca0e12176e3712
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Jul 18 16:09:04 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
+ [readconf.c]
+ revert 1.203 while we investigate crashes reported by okan@
+
+commit b7482cff46e7e76bfb3cda86c365a08f58d4fca0
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jul 2 20:06:46 2013 +1000
+
+ - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
+ contrib/cygwin/ssh-user-config] Modernizes and improve readability of
+ the Cygwin README file (which hasn't been updated for ages), drop
+ unsupported OSes from the ssh-host-config help text, and drop an
+ unneeded option from ssh-user-config. Patch from vinschen at redhat com.
+
+commit b8ae92d08b91beaef34232c6ef34b9941473fdd6
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jun 11 12:10:02 2013 +1000
+
+ - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
+ and add some comments so it's clear what goes where.
+
+commit 97b62f41adcb0dcbeff142d0540793a7ea17c910
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jun 11 11:47:24 2013 +1000
+
+ - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
+ the required OpenSSL support. Patch from naddy at freebsd.
+
+commit 6d8bd57448b45b42809da32857d7804444349ee7
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jun 11 11:26:10 2013 +1000
+
+ - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
+ algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
+
+commit 36187093ea0b2d2240c043417b8949611687e105
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Jun 10 13:07:11 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
+ [channels.c channels.h clientloop.c]
+ Add an "ABANDONED" channel state and use for mux sessions that are
+ disconnected via the ~. escape sequence. Channels in this state will
+ be able to close if the server responds, but do not count as active channels.
+ This means that if you ~. all of the mux clients when using ControlPersist
+ on a broken network, the backgrounded mux master will exit when the
+ Control Persist time expires rather than hanging around indefinitely.
+ bz#1917, also reported and tested by tedu@. ok djm@ markus@.
+
+commit ae133d4b31af05bb232d797419f498f3ae7e9f2d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:30:20 2013 +1000
+
+ - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
+ platforms that don't have multibyte character support (specifically,
+ mblen).
+
+commit 408eaf3ab716096f8faf30f091bd54a2c7a17a09
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:22:46 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
+ [readconf.c]
+ plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
+
+commit e52a260f16888ca75390f97de4606943e61785e8
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:22:05 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
+ [sshconnect2.c]
+ Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
+
+commit 0cca17fa1819d3a0ba06a6db41ab3eaa8d769587
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:21:14 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
+ [sshd.c]
+ When running sshd -D, close stderr unless we have explicitly requesting
+ logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
+ so, err, ok dtucker.
+
+commit 746e9067bd9b3501876e1c86f38f3c510a12f895
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:20:13 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
+ [mux.c]
+ fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
+ ok djm
+
+commit ea64721275a81c4788af36294d94bf4f74012e06
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:19:09 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
+ [sftp.c]
+ Make sftp's libedit interface marginally multibyte aware by building up
+ the quoted string by character instead of by byte. Prevents failures
+ when linked against a libedit built with wide character support (bz#1990).
+ "looks ok" djm
+
+commit 194454d7a8f8cb8ac55f2b9d0199ef9445788bee
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:16:04 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
+ [scp.c]
+ use MAXPATHLEN for buffer size instead of fixed value. ok markus
+
+commit 4ac66af091cf6db5a42c18e43738ca9c41e338e5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:12:37 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
+ [mac.c]
+ force the MAC output to be 64-bit aligned so umac won't see unaligned
+ accesses on strict-alignment architectures. bz#2101, patch from
+ tomas.kuthan at oracle.com, ok djm@
+
+commit ea8342c248ad6c0a4fe1a70de133f954973bd2b2
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:11:40 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
+ [clientloop.h clientloop.c mux.c]
+ No need for the mux cleanup callback to be visible so restore it to static
+ and call it through the detach_user function pointer. ok djm@
+
+commit 5d12b8f05d79ba89d0807910a664fa80f6f3bf8c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 08:09:10 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
+ [channels.h]
+ typo in comment
+
+commit dc62edbf121c41e8b5270904091039450206d98a
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 05:12:35 2013 +1000
+
+ - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
+ modpipe in case there's anything in there we need.
+
+commit 2a22873cd869679415104bc9f6bb154811ee604c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Jun 6 01:59:13 2013 +1000
+
+ - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
+ forwarding test is extremely slow copying data on some machines so switch
+ back to copying the much smaller ls binary until we can figure out why
+ this is.
+
+commit b4e00949f01176cd4fae3e0cef5ffa8dea379042
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 5 22:48:44 2013 +1000
+
+ - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
+ Patch from cjwatson at debian.
+
+commit 2ea9eb77a7fcab3190564ef5a6a5377a600aa391
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Wed Jun 5 15:04:00 2013 +1000
+
+ - (dtucker) Enable sha256 kex methods based on the presence of the necessary
+ functions, not from the openssl version.
+
+commit 16cac190ebb9b5612cccea63a7c22ac33bc9a07a
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Jun 4 12:55:24 2013 +1000
+
+ - (dtucker) [configure.ac] Some other platforms need sys/types.h before
+ sys/socket.h.
+
+commit 0b43ffe143a5843703c3755fa040b8684fb04134
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jun 3 09:30:44 2013 +1000
+
+ - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
+
+commit 3f3064c82238c486706471d300217d73dd0f125e
+Author: Tim Rice <tim@multitalents.net>
+Date: Sun Jun 2 15:13:09 2013 -0700
+
+ - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
+
+commit 01ec0af301f60fefdd0079647f13ef9abadd2db5
+Author: Tim Rice <tim@multitalents.net>
+Date: Sun Jun 2 14:31:27 2013 -0700
+
+ - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
+ feedback and ok dtucker
+
+commit 5ab9b63468100757479534edeb53f788a61fe08b
+Author: Tim Rice <tim@multitalents.net>
+Date: Sun Jun 2 14:05:48 2013 -0700
+
+ - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
+ need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
+ dealing with shell portability issues in regression tests, we let
+ configure find us a capable shell on those platforms with an old /bin/sh.
+
+commit 898ac935e56a7ac5d8b686c590fdb8b7aca27e59
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jun 3 02:03:25 2013 +1000
+
+ - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
+ Patch from Nathan Osman.
+
+commit ef4901c3eb98c7ab1342c3cd8f2638da1f4b0678
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jun 3 01:59:13 2013 +1000
+
+ - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
+ to prevent noise from configure. Patch from Nathan Osman.
+
+commit 073f795bc1c7728c320e5982c0d417376b0907f5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 23:47:11 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
+ [ssh-agent.c]
+ Make parent_alive_interval time_t to avoid signed/unsigned comparison
+
+commit 00e1abb1ebe13ab24e812f68715f46e65e7c5271
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 23:46:24 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
+ [progressmeter.c]
+ Add misc.h for monotime prototype. (id sync only)
+
+commit 86211d1738695e63b2a68f0c3a4f60e1a9d9bda3
+Author: Tim Rice <tim@multitalents.net>
+Date: Sat Jun 1 18:38:23 2013 -0700
+
+ 20130602
+ - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
+ linking regress/modpipe.
+
+commit e9887d1c37940b9d6c72d55cfad7a40de4c6e28d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 09:17:09 2013 +1000
+
+ - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
+
+commit 65cf74079a2d563c4ede649116a13ca78c8cc2a4
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 09:11:19 2013 +1000
+
+ fix typo
+
+commit c9a1991b95a4c9f04f9dcef299a8110d2ec80d3e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 08:37:05 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
+ [sftp-client.c]
+ Update progressmeter when data is acked, not when it's sent. bz#2108, from
+ Debian via Colin Watson, ok djm@
+
+commit a710891659202c82545e84725d4e5cd77aef567c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 08:18:31 2013 +1000
+
+ - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
+ back to time(NULL) if we can't find it anywhere.
+
+commit f60845fde29cead9d75e812db1c04916b4c58ffd
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 08:07:31 2013 +1000
+
+ - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
+ groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
+ sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
+ openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
+ openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
+ with the equivalent calls to free.
+
+commit 12f6533215c0a36ab29d11ff52a853fce45573b4
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 08:01:24 2013 +1000
+
+ Remove stray '+' accidentally introduced in sync
+
+commit 3750fce6ac6b287f62584ac55a4406df95c71b92
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:52:21 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
+ [scp.c sftp-client.c]
+ Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
+ from Nathan Osman via bz#2113. ok deraadt.
+
+ (note: corrected bug number from 2085)
+
+commit b759c9c2efebe7b416ab81093ca8eb17836b6933
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:46:16 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
+ [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
+ channels.c sandbox-systrace.c]
+ Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
+ keepalives and rekeying will work properly over clock steps. Suggested by
+ markus@, "looks good" djm@.
+
+commit 55119253c64808b0d3b2ab5d2bc67ee9dac3430b
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:43:59 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
+ [ssh-agent.c]
+ Use time_t where appropriate. ok djm
+
+commit 0acca3797d53d958d240c69a5f222f2aa8444858
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:41:51 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/19 02:42:42
+ [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
+ Standardise logging of supplemental information during userauth. Keys
+ and ruser is now logged in the auth success/failure message alongside
+ the local username, remote host/port and protocol in use. Certificates
+ contents and CA are logged too.
+ Pushing all logging onto a single line simplifies log analysis as it is
+ no longer necessary to relate information scattered across multiple log
+ entries. "I like it" markus@
+
+commit 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:32:00 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/19 02:38:28
+ [auth2-pubkey.c]
+ fix failure to recognise cert-authority keys if a key of a different type
+ appeared in authorized_keys before it; ok markus@
+
+commit a627d42e51ffa71e014d7b2d2c07118122fd3ec3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:31:17 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/17 00:13:13
+ [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
+ ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
+ gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
+ auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
+ servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
+ auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
+ sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
+ kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
+ kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
+ monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
+ ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
+ sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
+ ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
+ dns.c packet.c readpass.c authfd.c moduli.c]
+ bye, bye xfree(); ok markus@
+
+commit c7aad0058c957afeb26a3f703e8cb0eddeb62365
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 07:18:47 2013 +1000
+
+ - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
+ rather than trying to enumerate the plaforms that don't have them.
+ Based on a patch from Nathan Osman, with help from tim@.
+
+commit c0c3373216801797053e123b5f62d35bf41b3611
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Jun 2 06:28:03 2013 +1000
+
+ - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
+ using openssl's DES_crpyt function on platorms that don't have a native
+ one, eg Android. Based on a patch from Nathan Osman.
+
+commit efdf5342143a887013a1daae583167dadf6752a7
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 30 08:29:08 2013 +1000
+
+ - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
+ implementation of endgrent for platforms that don't have it (eg Android).
+ Loosely based on a patch from Nathan Osman, ok djm
+
+commit 9b42d327380e5cd04efde6fb70e1535fecedf0d7
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:48:59 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
+ [regress/scp.sh]
+ use a file extention that's not special on some platforms. from portable
+ (id sync only)
+
+commit 0a404b0ed79ba45ccaf7ed5528a8f5004c3698cb
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:47:29 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
+ [regress/portnum.sh]
+ use a more portable negated if structure. from portable (id sync only)
+
+commit 62ee222e6f3f5ee288434f58b5136ae3d56f5164
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:46:00 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
+ [regress/agent-getpeereid.sh]
+ don't redirect stdout from sudo. from portable (id sync only)
+
+commit 00478d30cb4bcc18dc1ced8144d16b03cdf790f6
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:45:06 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
+ [regress/test-exec.sh]
+ wait a bit longer for startup and use case for absolute path.
+ from portable (id sync only)
+
+commit 98989eb95eef0aefed7e9fb4e65c2f625be946f6
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:44:09 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
+ [regress/sftp.sh]
+ only compare copied data if sftp succeeds. from portable (id sync only)
+
+commit 438f60eb9a5f7cd40bb242cfec865e4fde71b07c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:43:13 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
+ [regress/sftp-badcmds.sh]
+ remove unused BATCH variable. (id sync only)
+
+commit 1466bd25a8d1ff7ae455a795d2d7d52dc17d2938
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:42:05 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
+ [localcommand.sh]
+ use backticks for portability. (id sync only)
+
+commit 05b5e518c9969d63471f2ccfd85b1de6e724d30b
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:41:07 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
+ [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
+ Use SUDO when cat'ing pid files and running the sshd log wrapper so that
+ it works with a restrictive umask and the pid files are not world readable.
+ Changes from -portable. (id sync only)
+
+commit dd669173f93ea8c8397e0af758eaf13ab4f1c591
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:39:57 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
+ [regress/try-ciphers.sh]
+ use expr for math to keep diffs vs portable down
+ (id sync only)
+
+commit 044f32f4c6fd342f9f5949bb0ca77624c0db4494
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:12:57 2013 +1000
+
+ - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
+ rev 1.6 which calls wait.
+
+commit 9cc8ff7b63f175661c8807006f6d2649d56ac402
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 20:01:52 2013 +1000
+
+ - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
+
+commit f8d5b3451726530a864b172c556c311370c244e1
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 19:53:25 2013 +1000
+
+ - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
+ helper function to the portable part of test-exec.sh.
+
+commit 6f66981ed3c6bb83b937959f329323975e356c33
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 19:28:51 2013 +1000
+
+ - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
+ together and add a couple of missing lines from openbsd.
+
+commit 5f1a89a3b67264f4aa83e057cd4f74fd60b9ffa4
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 19:17:58 2013 +1000
+
+ - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
+ Move the jot helper function to portable-specific part of test-exec.sh.
+
+commit 96457a54d05dea81f34ecb4e059d2f8b98382b85
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 19:03:38 2013 +1000
+
+ - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
+
+commit 7f193236594e8328ad133ea05eded31f837b45b5
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 19:02:28 2013 +1000
+
+ - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
+
+commit 8654dd2d737800d09e7730b3dfc2a54411f4cf90
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 16:03:48 2013 +1000
+
+ - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
+
+commit 59d928d3b47e8298f4a8b4b3fb37fb8c8ce1b098
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 15:32:29 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
+ [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
+ regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
+ regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
+ regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
+ regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
+ regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
+ regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
+ regress/multiplex.sh]
+ Move the setting of DATA and COPY into test-exec.sh
+
+commit 34035be27b7ddd84706fe95c39d37cba7d5c9572
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 14:47:51 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
+ [regress/integrity.sh]
+ don't print output from ssh before getting it (it's available in ssh.log)
+
+commit b8b96b0aa634d440feba4331c80ae4de9dda2081
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 14:46:20 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
+ [regress/agent-timeout.sh]
+ Pull back some portability changes from -portable:
+ - TIMEOUT is a read-only variable in some shells
+ - not all greps have -q so redirect to /dev/null instead.
+ (ID sync only)
+
+commit a40d97ff46831c9081a6a4472036689360847fb1
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 14:44:53 2013 +1000
+
+ sync missing ID
+
+commit 56347efe796a0506e846621ae65562b978e45f1d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 13:28:36 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
+ [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
+ regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
+ regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
+ regress/ssh-com.sh]
+ replace 'echo -n' with 'printf' since it's more portable
+ also remove "echon" hack.
+
+commit 91af05c5167fe0aa5bd41d2e4a83757d9f627c18
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 13:16:59 2013 +1000
+
+ - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
+ methods. When the openssl version doesn't support ECDH then next one on
+ the list is DH group exchange, but that causes a bit more traffic which can
+ mean that the tests flip bits in the initial exchange rather than the MACed
+ traffic and we get different errors to what the tests look for.
+
+commit 6e1e60c3c2e16c32bb7ca0876caaa6182a4e4b2c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 11:23:41 2013 +1000
+
+ - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
+ in portable and it's long gone in openbsd.
+
+commit 982b0cbc4c2b5ea14725f4b339393cdf343dd0fe
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:45:12 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
+ [regress/rekey.sh]
+ add tests for RekeyLimit parsing
+
+commit 14490fe7b0f45b1b19f8a3dc10eb3d214f27f5bd
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:44:20 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
+ [regress/rekey.sh]
+ add server-side rekey test
+
+commit c31c8729c15f83fba14ef9da0d66bda6215ff69a
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:43:33 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
+ [regress/rekey.sh]
+ test rekeying when there's no data being transferred
+
+commit a8a62fcc46c19997797846197a6256ed9a777a47
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:42:34 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
+ [rekey.sh]
+ Add test for time-based rekeying
+
+commit 5e95173715d516e6014485e2b6def1fb3db84036
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:41:33 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/10 03:46:14
+ [modpipe.c]
+ sync some portability changes from portable OpenSSH (id sync only)
+
+commit a4df65b9fc68a555a7d8781700475fb03ed6e694
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:37:31 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/22 07:28:53
+ [multiplex.sh]
+ Add tests for -Oforward and -Ocancel for local and remote forwards
+
+commit 40aaff7e4bcb05b05e3d24938b6d34885be817da
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:36:20 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
+ [multiplex.sh]
+ Write mux master logs to regress.log instead of ssh.log to keep separate
+
+commit f3568fc62b73b50a0a3c8447e4a00f4892cab25e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:35:26 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/18 02:46:12
+ [Makefile regress/sftp-chroot.sh]
+ test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
+
+commit dfea3bcdd7c980c2335402464b7dd8d8721e426d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:31:39 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
+ [regress/Makefile regress/rekey.sh regress/integrity.sh
+ regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
+ use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
+ save the output from any failing tests. If a test fails the debug output
+ from ssh and sshd for the failing tests (and only the failing tests) should
+ be available in failed-ssh{,d}.log.
+
+commit 75129025a2d504b630d1718fef0da002f5662f63
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:19:10 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
+ [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
+ regress/multiplex.sh Makefile regress/cfgmatch.sh]
+ Split the regress log into 3 parts: the debug output from ssh, the debug
+ log from sshd and the output from the client command (ssh, scp or sftp).
+ Somewhat functional now, will become more useful when ssh/sshd -E is added.
+
+commit 7c8b1e72331293b4707dc6f7f68a69e975a3fa70
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:10:20 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
+ [test-exec.sh]
+ Only regenerate host keys if they don't exist or if ssh-keygen has changed
+ since they were. Reduces test runtime by 5-30% depending on machine
+ speed.
+
+commit 712de4d1100963b11bc618472f95ce36bf7e2ae3
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 17 09:07:12 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/03/07 00:20:34
+ [regress/proxy-connect.sh]
+ repeat test with a style appended to the username
+
+commit 09c0f0325b2f538de9a1073e03b8ef26dece4c16
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:48:57 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
+ [servconf.c]
+ remove another now-unused variable
+
+commit 9113d0c2381202412c912a20c8083ab7d6824ec9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:48:14 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
+ [servconf.c readconf.c]
+ remove now-unused variables
+
+commit e194ba4111ffd47cd1f4c8be1ddc8a4cb673d005
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:47:31 2013 +1000
+
+ - (dtucker) [configure.ac readconf.c servconf.c
+ openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
+
+commit b7ee8521448100e5b268111ff90feb017e657e44
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:33:10 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
+ [readconf.c servconf.c]
+ switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
+
+commit dbee308253931f8c1aeebf781d7e7730ff6a0dc1
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:32:29 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
+ [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
+ Fix some "unused result" warnings found via clang and -portable.
+ ok markus@
+
+commit 64d22946d664dad8165f1fae9e78b53831ed728d
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:31:29 2013 +1000
+
+ - jmc@cvs.openbsd.org 2013/05/16 06:30:06
+ [sshd_config.5]
+ oops! avoid Xr to self;
+
+commit 63e0df2b936770baadc8844617b99e5174b476d0
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:30:31 2013 +1000
+
+ - jmc@cvs.openbsd.org 2013/05/16 06:28:45
+ [ssh_config.5]
+ put IgnoreUnknown in the right place;
+
+commit 0763698f71efef8b3f8460c5700758359219eb7c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:30:03 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/16 04:27:50
+ [ssh_config.5 readconf.h readconf.c]
+ add the ability to ignore specific unrecognised ssh_config options;
+ bz#866; ok markus@
+
+commit 5f96f3b4bee11ae2b9b32ff9b881c3693e210f96
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:29:28 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
+ [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
+ sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
+ rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
+ page.
+
+commit c53c2af173cf67fd1c26f98e7900299b1b65b6ec
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:28:16 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
+ [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
+ ssh_config.5 packet.h]
+ Add an optional second argument to RekeyLimit in the client to allow
+ rekeying based on elapsed time in addition to amount of traffic.
+ with djm@ jmc@, ok djm
+
+commit 64c6fceecd27e1739040b42de8f3759454260b39
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:27:14 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
+ [ssh-pkcs11-helper.c]
+ remove unused extern optarg. ok markus@
+
+commit caf00109346e4ab6bb495b0e22bc5b1e7ee22f26
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:26:18 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/10 04:08:01
+ [key.c]
+ memleak in cert_free(), wasn't actually freeing the struct;
+ bz#2096 from shm AT digitalsun.pl
+
+commit 7e831edbf7a1b0b9aeeb08328b9fceafaad1bf22
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:25:40 2013 +1000
+
+ add missing attribution
+
+commit 54da6be320495604ddf65d10ac4cc8cf7849c533
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:25:04 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/05/10 03:40:07
+ [sshconnect2.c]
+ fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
+
+commit 5d8b702d95c0dfc338726fecfbb709695afd1377
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:24:23 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
+ [sftp-server.8]
+ Reference the version of the sftp draft we actually implement. ok djm@
+
+commit 026d9db3fbe311b5a7e98d62472cb666aa559648
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:23:52 2013 +1000
+
+ - tedu@cvs.openbsd.org 2013/04/24 16:01:46
+ [misc.c]
+ remove extra parens noticed by nicm
+
+commit 2ca51bf140ef2c2409fd220778529dc17c11d8fa
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu May 16 20:22:46 2013 +1000
+
+ - tedu@cvs.openbsd.org 2013/04/23 17:49:45
+ [misc.c]
+ use xasprintf instead of a series of strlcats and strdup. ok djm
+
+commit 6aa3eacc5e5f39702b6dd5b27970d9fd97bc2383
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu May 16 11:10:17 2013 +1000
+
+ - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
+ executed if mktemp failed; bz#2105 ok dtucker@
+
+commit c54e3e0741a27119b3badd8ff92b1988b7e9bd50
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 18:53:14 2013 +1000
+
+ - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
+ we don't get a warning on compilers that *don't* support it. Add
+ -Wno-unknown-warning-option. Move both to the start of the list for
+ maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
+
+commit a75d247a18a5099c60226395354eb252c097ac86
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 18:11:55 2013 +1000
+
+ - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
+ underlying libraries support them.
+
+commit 0abfb559e3f79d1f217773510d7626c3722aa3c1
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 18:08:49 2013 +1000
+
+ - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
+ openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
+ in to use it when we're using our own getopt.
+
+commit ccfdfceacb7e23d1479ed4cc91976c5ac6e23c56
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 16:28:55 2013 +1000
+
+ - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
+ openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
+ portability code to getopt_long.c and switch over Makefile and the ugly
+ hack in modpipe.c. Fixes bz#1448.
+
+commit 39332020078aa8fd4fc28e00b336438dc64b0f5a
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 15:38:11 2013 +1000
+
+ - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
+ portability changes yet.
+
+commit 35b2fe99bee4f332d1c1efa49107cdb3c67da07a
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 15:35:26 2013 +1000
+
+ - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
+ getopt.c. Preprocessed source is identical other than line numbers.
+
+commit abbc7a7c02e45787d023f50a30f62d7a3e14fe9e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri May 10 13:54:23 2013 +1000
+
+ - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
+ supports it. Mentioned by Colin Watson in bz#2100, ok djm.
+
+commit bc02f163f6e882d390abfb925b47b41e13ae523b
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 19:25:49 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
+ [mux.c]
+ typo in debug output: evitval->exitval
+
+commit f8b894e31dc3530c7eb6d0a378848260d54f74c4
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 19:25:29 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/19 12:07:08
+ [kex.c]
+ remove duplicated list entry pointed out by naddy@
+
+commit 34bd20a1e53b63ceb01f06c1654d9112e6784b0a
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 19:25:00 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/19 11:10:18
+ [ssh.c]
+ add -Q to usage; reminded by jmc@
+
+commit ea11119eee3c5e2429b1f5f8688b25b028fa991a
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 19:24:32 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/19 01:06:50
+ [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
+ [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
+ add the ability to query supported ciphers, MACs, key type and KEX
+ algorithms to ssh. Includes some refactoring of KEX and key type handling
+ to be table-driven; ok markus@
+
+commit a56086b9903b62c1c4fdedf01b68338fe4dc90e4
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:24:18 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/19 01:03:01
+ [session.c]
+ reintroduce 1.262 without the connection-killing bug:
+ fatal() when ChrootDirectory specified by running without root privileges;
+ ok markus@
+
+commit 0d6771b4648889ae5bc4235f9e3fc6cd82b710bd
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:23:24 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/19 01:01:00
+ [ssh-keygen.c]
+ fix some memory leaks; bz#2088 ok dtucker@
+
+commit 467b00c38ba244f9966466e57a89d003f3afb159
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:23:07 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/19 01:00:10
+ [sshd_config.5]
+ document the requirment that the AuthorizedKeysCommand be owned by root;
+ ok dtucker@ markus@
+
+commit 9303e6527bb5ca7630c765f28624702c212bfd6c
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:22:40 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/18 02:16:07
+ [sftp.c]
+ make "sftp -q" do what it says on the sticker: hush everything but errors;
+
+commit f1a02aea35504e8bef2ed9eef6f9ddeab12bacb3
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:22:13 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
+ [session.c]
+ revert rev 1.262; it fails because uid is already set here. ok djm@
+
+commit d5edefd27a30768cc7a4817302e964b6cb2f9be7
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:21:39 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/11 02:27:50
+ [packet.c]
+ quiet disconnect notifications on the server from error() back to logit()
+ if it is a normal client closure; bz#2057 ok+feedback dtucker@
+
+commit 6901032b05291fc5d2bd4067fc47904de3506fda
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:21:24 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
+ [sshd.8]
+ clarify -e text. suggested by & ok jmc@
+
+commit 03d4d7e60b16f913c75382e32e136ddfa8d6485f
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:21:06 2013 +1000
+
+ - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
+ [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
+ Add -E option to ssh and sshd to append debugging logs to a specified file
+ instead of stderr or syslog. ok markus@, man page help jmc@
+
+commit 37f1c08473b1ef2a188ee178ce2e11e841f88563
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:20:43 2013 +1000
+
+ - markus@cvs.openbsd.org 2013/04/06 16:07:00
+ [channels.c sshd.c]
+ handle ECONNABORTED for accept(); ok deraadt some time ago...
+
+commit 172859cff7df9fd8a29a1f0a4de568f644bbda50
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:19:27 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/05 00:58:51
+ [mux.c]
+ cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
+ (in addition to ones already in OPEN); bz#2079, ok dtucker@
+
+commit 9f12b5dcd5f7772e633fb2786c63bfcbea1f1aea
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:19:11 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/05 00:31:49
+ [pathnames.h]
+ use the existing _PATH_SSH_USER_RC define to construct the other
+ pathnames; bz#2077, ok dtucker@ (no binary change)
+
+commit d677ad14ff7efedf21745ee1694058350e758e18
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:18:51 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/04/05 00:14:00
+ [auth2-gss.c krl.c sshconnect2.c]
+ hush some {unused, printf type} warnings
+
+commit 508b6c3d3b95c8ec078fd4801368597ab29b2db9
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:18:28 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/03/08 06:32:58
+ [ssh.c]
+ allow "ssh -f none ..." ok markus@
+
+commit 91a55f28f35431f9000b95815c343b5a18fda712
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:18:10 2013 +1000
+
+ - markus@cvs.openbsd.org 2013/03/07 19:27:25
+ [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
+ add submethod support to AuthenticationMethods; ok and freedback djm@
+
+commit 4ce189d9108c62090a0dd5dea973d175328440db
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:17:52 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/03/07 00:19:59
+ [auth2-pubkey.c monitor.c]
+ reconstruct the original username that was sent by the client, which may
+ have included a style (e.g. "root:skey") when checking public key
+ signatures. Fixes public key and hostbased auth when the client specified
+ a style; ok markus@
+
+commit 5cbec4c25954b184e43bf3d3ac09e65eb474f5f9
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:17:12 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/03/06 23:36:53
+ [readconf.c]
+ g/c unused variable (-Wunused)
+
+commit 998cc56b65682d490c9bbf5977dceb1aa84a0233
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:16:43 2013 +1000
+
+ - djm@cvs.openbsd.org 2013/03/06 23:35:23
+ [session.c]
+ fatal() when ChrootDirectory specified by running without root privileges;
+ ok markus@
+
+commit 62e9c4f9b6027620f9091a2f43328e057bdb33f1
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 15:15:49 2013 +1000
+
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2013/03/05 20:16:09
+ [sshconnect2.c]
+ reset pubkey order on partial success; ok djm@
+
+commit 6332da2ae88db623d7da8070dd807efa26d9dfe8
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Apr 23 14:25:52 2013 +1000
+
+ - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
+ platforms, such as Android, that lack struct passwd.pw_gecos. Report
+ and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
+
+commit ce1c9574fcfaf753a062276867335c1e237f725c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Apr 18 21:36:19 2013 +1000
+
+ - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
+ unused argument warnings (in particular, -fno-builtin-memset) from clang.
+
+commit bc68f2451b836e6a3fa65df8774a8b1f10049ded
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Apr 18 11:26:25 2013 +1000
+
+ - (djm) [config.guess config.sub] Update to last versions before they switch
+ to GPL3. ok dtucker@
+
+commit 15fd19c4c9943cf02bc6f462d52c86ee6a8f422e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Apr 5 11:22:26 2013 +1100
+
+ - djm@cvs.openbsd.org 2013/02/22 22:09:01
+ [ssh.c]
+ Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
+ version)
+
+commit 5d1d9541a7c83963cd887b6b36e25b46463a05d4
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Apr 5 11:20:00 2013 +1100
+
+ - markus@cvs.openbsd.org 2013/02/22 19:13:56
+ [sshconnect.c]
+ support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
+
+commit aefa3682431f59cf1ad9a0f624114b135135aa44
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Apr 5 11:18:35 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
+ [ssh.c readconf.c readconf.h]
+ Don't complain if IdentityFiles specified in system-wide configs are
+ missing. ok djm, deraadt
+
+commit f3c38142435622d056582e851579d8647a233c7f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Apr 5 11:16:52 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
+ [krl.c]
+ Remove bogus include. ok djm
+ (id sync only)
+
+commit 1910478c2d2c3d0e1edacaeff21ed388d70759e9
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Apr 5 11:13:08 2013 +1100
+
+ - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
+ [readconf.c ssh.c readconf.h sshconnect2.c]
+ Keep track of which IndentityFile options were manually supplied and which
+ were default options, and don't warn if the latter are missing.
+ ok markus@
+
+commit c9627cdbc65b25da943f24e6a953da899f08eefc
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Apr 1 12:40:48 2013 +1100
+
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
+ to avoid conflicting definitions of __int64, adding the required bits.
+ Patch from Corinna Vinschen.
+
+commit 75db01d2ce29a85f8e5a2aff2011446896cf3f8a
+Author: Tim Rice <tim@multitalents.net>
+Date: Fri Mar 22 10:14:32 2013 -0700
+
+ - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
+
+commit 221b4b2436ac78a65c3b775c25ccd396a1fed208
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Mar 22 12:51:09 2013 +1100
+
+ - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
+ defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
+
+commit c8a0f27c6d761d1335d13ed84d773e9ddf1d95c8
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Mar 22 12:49:14 2013 +1100
+
+ - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
+
+commit eed8dc261018aea4d6b8606ca3addc9f8cf9ed1e
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Mar 22 10:25:22 2013 +1100
+
+ - (djm) Release 6.2p1
+
+commit 83efe7c86168cc07b8e6cc6df6b54f7ace3b64a3
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Mar 22 10:17:36 2013 +1100
+
+ - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
+ Hands' greatly revised version.
+
+commit 63b4bcd04e1c57b77eabb4e4d359508a4b2af685
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Mar 20 12:55:14 2013 +1100
+
+ - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
+ [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
+ so mark it as broken. Patch from des AT des.no
diff --git a/Makefile.in b/Makefile.in
index 06be3d5d5ae4..40cc7aae1ed0 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -65,28 +65,33 @@ MANFMT=@MANFMT@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
LIBOPENSSH_OBJS=\
+ ssh_api.o \
ssherr.o \
sshbuf.o \
sshkey.o \
sshbuf-getput-basic.o \
sshbuf-misc.o \
- sshbuf-getput-crypto.o
+ sshbuf-getput-crypto.o \
+ krl.o \
+ bitmap.o
LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
- authfd.o authfile.o bufaux.o bufbn.o buffer.o \
- canohost.o channels.o cipher.o cipher-aes.o \
+ authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \
+ canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
- compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
- log.o match.o md-sha256.o moduli.o nchan.o packet.o \
+ compat.o crc32.o deattack.o fatal.o hostfile.o \
+ log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
- atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
- kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
- ssh-pkcs11.o krl.o smult_curve25519_ref.o \
- kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
- ssh-ed25519.o digest-openssl.o hmac.o \
- sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
+ ssh-pkcs11.o smult_curve25519_ref.o \
+ poly1305.o chacha.o cipher-chachapoly.o \
+ ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
+ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \
+ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
+ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
+ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
@@ -99,8 +104,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
auth-chall.o auth2-chall.o groupaccess.o \
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
- monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
- kexc25519s.o auth-krb5.o \
+ monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
@@ -230,6 +234,12 @@ clean: regressclean
rm -f regress/unittests/sshbuf/test_sshbuf
rm -f regress/unittests/sshkey/*.o
rm -f regress/unittests/sshkey/test_sshkey
+ rm -f regress/unittests/bitmap/*.o
+ rm -f regress/unittests/bitmap/test_bitmap
+ rm -f regress/unittests/hostkeys/*.o
+ rm -f regress/unittests/hostkeys/test_hostkeys
+ rm -f regress/unittests/kex/*.o
+ rm -f regress/unittests/kex/test_kex
(cd openbsd-compat && $(MAKE) clean)
distclean: regressclean
@@ -244,6 +254,12 @@ distclean: regressclean
rm -f regress/unittests/sshbuf/test_sshbuf
rm -f regress/unittests/sshkey/*.o
rm -f regress/unittests/sshkey/test_sshkey
+ rm -f regress/unittests/bitmap/*.o
+ rm -f regress/unittests/bitmap/test_bitmap
+ rm -f regress/unittests/hostkeys/*.o
+ rm -f regress/unittests/hostkeys/test_hostkeys
+ rm -f regress/unittests/kex/*.o
+ rm -f regress/unittests/kex/test_kex
(cd openbsd-compat && $(MAKE) distclean)
if test -d pkg ; then \
rm -fr pkg ; \
@@ -417,15 +433,21 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
regress-prep:
- [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
- [ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests
- [ -d `pwd`/regress/unittests/test_helper ] || \
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+ [ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests
+ [ -d `pwd`/regress/unittests/test_helper ] || \
mkdir -p `pwd`/regress/unittests/test_helper
- [ -d `pwd`/regress/unittests/sshbuf ] || \
+ [ -d `pwd`/regress/unittests/sshbuf ] || \
mkdir -p `pwd`/regress/unittests/sshbuf
- [ -d `pwd`/regress/unittests/sshkey ] || \
+ [ -d `pwd`/regress/unittests/sshkey ] || \
mkdir -p `pwd`/regress/unittests/sshkey
- [ -f `pwd`/regress/Makefile ] || \
+ [ -d `pwd`/regress/unittests/bitmap ] || \
+ mkdir -p `pwd`/regress/unittests/bitmap
+ [ -d `pwd`/regress/unittests/hostkeys ] || \
+ mkdir -p `pwd`/regress/unittests/hostkeys
+ [ -d `pwd`/regress/unittests/kex ] || \
+ mkdir -p `pwd`/regress/unittests/kex
+ [ -f `pwd`/regress/Makefile ] || \
ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
@@ -436,6 +458,10 @@ regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
UNITTESTS_TEST_HELPER_OBJS=\
regress/unittests/test_helper/test_helper.o \
regress/unittests/test_helper/fuzz.o
@@ -473,11 +499,46 @@ regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+UNITTESTS_TEST_BITMAP_OBJS=\
+ regress/unittests/bitmap/tests.o
+
+regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
+ regress/unittests/test_helper/libtest_helper.a libssh.a
+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_BITMAP_OBJS) \
+ regress/unittests/test_helper/libtest_helper.a \
+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_KEX_OBJS=\
+ regress/unittests/kex/tests.o \
+ regress/unittests/kex/test_kex.o \
+ roaming_dummy.o
+
+regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
+ regress/unittests/test_helper/libtest_helper.a libssh.a
+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_KEX_OBJS) \
+ regress/unittests/test_helper/libtest_helper.a \
+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_HOSTKEYS_OBJS=\
+ regress/unittests/hostkeys/tests.o \
+ regress/unittests/hostkeys/test_iterate.o
+
+regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
+ ${UNITTESTS_TEST_HOSTKEYS_OBJS} \
+ regress/unittests/test_helper/libtest_helper.a libssh.a
+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_HOSTKEYS_OBJS) \
+ regress/unittests/test_helper/libtest_helper.a \
+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
REGRESS_BINARIES=\
regress/modpipe$(EXEEXT) \
regress/setuid-allowed$(EXEEXT) \
+ regress/netcat$(EXEEXT) \
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
- regress/unittests/sshkey/test_sshkey$(EXEEXT)
+ regress/unittests/sshkey/test_sshkey$(EXEEXT) \
+ regress/unittests/bitmap/test_bitmap$(EXEEXT) \
+ regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
+ regress/unittests/kex/test_kex$(EXEEXT)
tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES)
BUILDDIR=`pwd`; \
diff --git a/PROTOCOL b/PROTOCOL
index aa59f584eeb4..91bfe270d933 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -40,8 +40,8 @@ http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
"ecdsa-sha2-nistp521-cert-v01@openssh.com"
OpenSSH introduces new public key algorithms to support certificate
-authentication for users and hostkeys. These methods are documented in
-the file PROTOCOL.certkeys
+authentication for users and host keys. These methods are documented
+in the file PROTOCOL.certkeys
1.4. transport: Elliptic Curve cryptography
@@ -282,6 +282,53 @@ by the client cancel the forwarding of a Unix domain socket.
boolean FALSE
string socket path
+2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com"
+and "hostkeys-prove-00@openssh.com"
+
+OpenSSH supports a protocol extension allowing a server to inform
+a client of all its protocol v.2 host keys after user-authentication
+has completed.
+
+ byte SSH_MSG_GLOBAL_REQUEST
+ string "hostkeys-00@openssh.com"
+ string[] hostkeys
+
+Upon receiving this message, a client should check which of the
+supplied host keys are present in known_hosts. For keys that are
+not present, it should send a "hostkeys-prove@openssh.com" message
+to request the server prove ownership of the private half of the
+key.
+
+ byte SSH_MSG_GLOBAL_REQUEST
+ string "hostkeys-prove-00@openssh.com"
+ char 1 /* want-reply */
+ string[] hostkeys
+
+When a server receives this message, it should generate a signature
+using each requested key over the following:
+
+ string "hostkeys-prove-00@openssh.com"
+ string session identifier
+ string hostkey
+
+These signatures should be included in the reply, in the order matching
+the hostkeys in the request:
+
+ byte SSH_MSG_REQUEST_SUCCESS
+ string[] signatures
+
+When the client receives this reply (and not a failure), it should
+validate the signatures and may update its known_hosts file, adding keys
+that it has not seen before and deleting keys for the server host that
+are no longer offered.
+
+These extensions let a client learn key types that it had not previously
+encountered, thereby allowing it to potentially upgrade from weaker
+key algorithms to better ones. It also supports graceful key rotation:
+a server may offer multiple keys of the same type for a period (to
+give clients an opportunity to learn them using this extension) before
+removing the deprecated key from those offered.
+
3. SFTP protocol changes
3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
@@ -406,4 +453,4 @@ respond with a SSH_FXP_STATUS message.
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.24 2014/07/15 15:54:14 millert Exp $
+$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $
diff --git a/PROTOCOL.krl b/PROTOCOL.krl
index e8caa4527ab3..b9695107bac7 100644
--- a/PROTOCOL.krl
+++ b/PROTOCOL.krl
@@ -37,7 +37,7 @@ The available section types are:
#define KRL_SECTION_FINGERPRINT_SHA1 3
#define KRL_SECTION_SIGNATURE 4
-3. Certificate serial section
+2. Certificate section
These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
serial number or key ID. The consist of the CA key that issued the
@@ -47,6 +47,11 @@ ignored.
string ca_key
string reserved
+Where "ca_key" is the standard SSH wire serialisation of the CA's
+public key. Alternately, "ca_key" may be an empty string to indicate
+the certificate section applies to all CAs (this is most useful when
+revoking key IDs).
+
Followed by one or more sections:
byte cert_section_type
@@ -161,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify
signatures. Signature sections are optional for KRLs distributed by
trusted means.
-$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $
+$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $
diff --git a/README b/README
index b21441ae0683..f1f7e7fc0451 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-6.7 for the release notes.
+See http://www.openssh.com/txt/release-6.8 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
diff --git a/atomicio.c b/atomicio.c
index 2bac36c91cd7..b1ec234f5851 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: atomicio.c,v 1.26 2010/09/22 22:58:51 djm Exp $ */
+/* $OpenBSD: atomicio.c,v 1.27 2015/01/16 06:40:12 deraadt Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
@@ -41,6 +41,7 @@
#endif
#include <string.h>
#include <unistd.h>
+#include <limits.h>
#include "atomicio.h"
diff --git a/auth-options.c b/auth-options.c
index f3d9c9df820f..4f0da9c04d33 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.64 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth-options.c,v 1.65 2015/01/14 10:30:34 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -21,15 +21,19 @@
#include <stdarg.h>
#include "openbsd-compat/sys-queue.h"
+
+#include "key.h" /* XXX for typedef */
+#include "buffer.h" /* XXX for typedef */
#include "xmalloc.h"
#include "match.h"
+#include "ssherr.h"
#include "log.h"
#include "canohost.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "misc.h"
#include "channels.h"
#include "servconf.h"
-#include "key.h"
+#include "sshkey.h"
#include "auth-options.h"
#include "hostfile.h"
#include "auth.h"
@@ -417,7 +421,7 @@ bad_option:
#define OPTIONS_CRITICAL 1
#define OPTIONS_EXTENSIONS 2
static int
-parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
+parse_option_list(struct sshbuf *oblob, struct passwd *pw,
u_int which, int crit,
int *cert_no_port_forwarding_flag,
int *cert_no_agent_forwarding_flag,
@@ -430,26 +434,25 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
char *command, *allowed;
const char *remote_ip;
char *name = NULL;
- u_char *data_blob = NULL;
- u_int nlen, dlen, clen;
- Buffer c, data;
- int ret = -1, result, found;
-
- buffer_init(&data);
+ struct sshbuf *c = NULL, *data = NULL;
+ int r, ret = -1, result, found;
- /* Make copy to avoid altering original */
- buffer_init(&c);
- buffer_append(&c, optblob, optblob_len);
+ if ((c = sshbuf_fromb(oblob)) == NULL) {
+ error("%s: sshbuf_fromb failed", __func__);
+ goto out;
+ }
- while (buffer_len(&c) > 0) {
- if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL ||
- (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) {
- error("Certificate options corrupt");
+ while (sshbuf_len(c) > 0) {
+ sshbuf_free(data);
+ data = NULL;
+ if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 ||
+ (r = sshbuf_froms(c, &data)) != 0) {
+ error("Unable to parse certificate options: %s",
+ ssh_err(r));
goto out;
}
- buffer_append(&data, data_blob, dlen);
- debug3("found certificate option \"%.100s\" len %u",
- name, dlen);
+ debug3("found certificate option \"%.100s\" len %zu",
+ name, sshbuf_len(data));
found = 0;
if ((which & OPTIONS_EXTENSIONS) != 0) {
if (strcmp(name, "permit-X11-forwarding") == 0) {
@@ -473,10 +476,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
}
if (!found && (which & OPTIONS_CRITICAL) != 0) {
if (strcmp(name, "force-command") == 0) {
- if ((command = buffer_get_cstring_ret(&data,
- &clen)) == NULL) {
- error("Certificate constraint \"%s\" "
- "corrupt", name);
+ if ((r = sshbuf_get_cstring(data, &command,
+ NULL)) != 0) {
+ error("Unable to parse \"%s\" "
+ "section: %s", name, ssh_err(r));
goto out;
}
if (*cert_forced_command != NULL) {
@@ -489,10 +492,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
found = 1;
}
if (strcmp(name, "source-address") == 0) {
- if ((allowed = buffer_get_cstring_ret(&data,
- &clen)) == NULL) {
- error("Certificate constraint "
- "\"%s\" corrupt", name);
+ if ((r = sshbuf_get_cstring(data, &allowed,
+ NULL)) != 0) {
+ error("Unable to parse \"%s\" "
+ "section: %s", name, ssh_err(r));
goto out;
}
if ((*cert_source_address_done)++) {
@@ -540,16 +543,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
logit("Certificate extension \"%s\" "
"is not supported", name);
}
- } else if (buffer_len(&data) != 0) {
+ } else if (sshbuf_len(data) != 0) {
error("Certificate option \"%s\" corrupt "
"(extra data)", name);
goto out;
}
- buffer_clear(&data);
free(name);
- free(data_blob);
name = NULL;
- data_blob = NULL;
}
/* successfully parsed all options */
ret = 0;
@@ -563,10 +563,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
}
if (name != NULL)
free(name);
- if (data_blob != NULL)
- free(data_blob);
- buffer_free(&data);
- buffer_free(&c);
+ sshbuf_free(data);
+ sshbuf_free(c);
return ret;
}
@@ -575,7 +573,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
* options so this must be called after auth_parse_options().
*/
int
-auth_cert_options(Key *k, struct passwd *pw)
+auth_cert_options(struct sshkey *k, struct passwd *pw)
{
int cert_no_port_forwarding_flag = 1;
int cert_no_agent_forwarding_flag = 1;
@@ -585,10 +583,9 @@ auth_cert_options(Key *k, struct passwd *pw)
char *cert_forced_command = NULL;
int cert_source_address_done = 0;
- if (key_cert_is_legacy(k)) {
+ if (sshkey_cert_is_legacy(k)) {
/* All options are in the one field for v00 certs */
- if (parse_option_list(buffer_ptr(k->cert->critical),
- buffer_len(k->cert->critical), pw,
+ if (parse_option_list(k->cert->critical, pw,
OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
&cert_no_port_forwarding_flag,
&cert_no_agent_forwarding_flag,
@@ -600,14 +597,12 @@ auth_cert_options(Key *k, struct passwd *pw)
return -1;
} else {
/* Separate options and extensions for v01 certs */
- if (parse_option_list(buffer_ptr(k->cert->critical),
- buffer_len(k->cert->critical), pw,
+ if (parse_option_list(k->cert->critical, pw,
OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
&cert_forced_command,
&cert_source_address_done) == -1)
return -1;
- if (parse_option_list(buffer_ptr(k->cert->extensions),
- buffer_len(k->cert->extensions), pw,
+ if (parse_option_list(k->cert->extensions, pw,
OPTIONS_EXTENSIONS, 1,
&cert_no_port_forwarding_flag,
&cert_no_agent_forwarding_flag,
diff --git a/auth-options.h b/auth-options.h
index 7455c945465a..34852e5c0bb3 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.20 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.21 2015/01/14 10:30:34 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -35,6 +35,6 @@ extern char *authorized_principals;
int auth_parse_options(struct passwd *, char *, char *, u_long);
void auth_clear_options(void);
-int auth_cert_options(Key *, struct passwd *);
+int auth_cert_options(struct sshkey *, struct passwd *);
#endif
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index b7fd064e7dc8..2e20396ea779 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,6 +15,8 @@
#include "includes.h"
+#ifdef WITH_SSH1
+
#include <sys/types.h>
#include <pwd.h>
@@ -102,3 +104,5 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
packet_send_debug("Rhosts with RSA host authentication accepted.");
return 1;
}
+
+#endif /* WITH_SSH1 */
diff --git a/auth-rhosts.c b/auth-rhosts.c
index b5bedee8d40d..ee9e827afd08 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.45 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -57,7 +57,8 @@ check_rhosts_file(const char *filename, const char *hostname,
const char *server_user)
{
FILE *f;
- char buf[1024]; /* Must not be larger than host, user, dummy below. */
+#define RBUFLN 1024
+ char buf[RBUFLN];/* Must not be larger than host, user, dummy below. */
int fd;
struct stat st;
@@ -80,8 +81,9 @@ check_rhosts_file(const char *filename, const char *hostname,
return 0;
}
while (fgets(buf, sizeof(buf), f)) {
- /* All three must be at least as big as buf to avoid overflows. */
- char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;
+ /* All three must have length >= buf to avoid overflows. */
+ char hostbuf[RBUFLN], userbuf[RBUFLN], dummy[RBUFLN];
+ char *host, *user, *cp;
int negated;
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
@@ -140,8 +142,8 @@ check_rhosts_file(const char *filename, const char *hostname,
/* Check for empty host/user names (particularly '+'). */
if (!host[0] || !user[0]) {
/* We come here if either was '+' or '-'. */
- auth_debug_add("Ignoring wild host/user names in %.100s.",
- filename);
+ auth_debug_add("Ignoring wild host/user names "
+ "in %.100s.", filename);
continue;
}
/* Verify that host name matches. */
@@ -149,7 +151,8 @@ check_rhosts_file(const char *filename, const char *hostname,
if (!innetgr(host + 1, hostname, NULL, NULL) &&
!innetgr(host + 1, ipaddr, NULL, NULL))
continue;
- } else if (strcasecmp(host, hostname) && strcmp(host, ipaddr) != 0)
+ } else if (strcasecmp(host, hostname) &&
+ strcmp(host, ipaddr) != 0)
continue; /* Different hostname. */
/* Verify that user name matches. */
@@ -208,7 +211,8 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
/* Switch to the user's uid. */
temporarily_use_uid(pw);
/*
- * Quick check: if the user has no .shosts or .rhosts files, return
+ * Quick check: if the user has no .shosts or .rhosts files and
+ * no system hosts.equiv/shosts.equiv files exist then return
* failure immediately without doing costly lookups from name
* servers.
*/
@@ -223,27 +227,38 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
/* Switch back to privileged uid. */
restore_uid();
- /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
+ /*
+ * Deny if The user has no .shosts or .rhosts file and there
+ * are no system-wide files.
+ */
if (!rhosts_files[rhosts_file_index] &&
stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
- stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
+ debug3("%s: no hosts access files exist", __func__);
return 0;
+ }
- /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
- if (pw->pw_uid != 0) {
+ /*
+ * If not logging in as superuser, try /etc/hosts.equiv and
+ * shosts.equiv.
+ */
+ if (pw->pw_uid == 0)
+ debug3("%s: root user, ignoring system hosts files", __func__);
+ else {
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
client_user, pw->pw_name)) {
- auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
- hostname, ipaddr);
+ auth_debug_add("Accepted for %.100s [%.100s] by "
+ "/etc/hosts.equiv.", hostname, ipaddr);
return 1;
}
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
client_user, pw->pw_name)) {
- auth_debug_add("Accepted for %.100s [%.100s] by %.100s.",
- hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
+ auth_debug_add("Accepted for %.100s [%.100s] by "
+ "%.100s.", hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}
+
/*
* Check that the home directory is owned by root or the user, and is
* not group or world writable.
@@ -290,20 +305,25 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
auth_debug_add("Bad file modes for %.200s", buf);
continue;
}
- /* Check if we have been configured to ignore .rhosts and .shosts files. */
+ /*
+ * Check if we have been configured to ignore .rhosts
+ * and .shosts files.
+ */
if (options.ignore_rhosts) {
- auth_debug_add("Server has been configured to ignore %.100s.",
- rhosts_files[rhosts_file_index]);
+ auth_debug_add("Server has been configured to "
+ "ignore %.100s.", rhosts_files[rhosts_file_index]);
continue;
}
/* Check if authentication is permitted by the file. */
- if (check_rhosts_file(buf, hostname, ipaddr, client_user, pw->pw_name)) {
+ if (check_rhosts_file(buf, hostname, ipaddr,
+ client_user, pw->pw_name)) {
auth_debug_add("Accepted by %.100s.",
rhosts_files[rhosts_file_index]);
/* Restore the privileged uid. */
restore_uid();
- auth_debug_add("Accepted host %s ip %s client_user %s server_user %s",
- hostname, ipaddr, client_user, pw->pw_name);
+ auth_debug_add("Accepted host %s ip %s client_user "
+ "%s server_user %s", hostname, ipaddr,
+ client_user, pw->pw_name);
return 1;
}
}
diff --git a/auth-rsa.c b/auth-rsa.c
index e9f4ede26a77..cbd971be1f17 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.88 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -16,6 +16,8 @@
#include "includes.h"
+#ifdef WITH_SSH1
+
#include <sys/types.h>
#include <sys/stat.h>
@@ -236,7 +238,9 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(key), fp);
free(fp);
@@ -341,3 +345,5 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
packet_send_debug("RSA authentication accepted.");
return (1);
}
+
+#endif /* WITH_SSH1 */
diff --git a/auth.c b/auth.c
index 5e60682ce28b..f9b76730194b 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.106 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth.c,v 1.110 2015/02/25 17:29:38 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -27,7 +27,6 @@
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/param.h>
#include <netinet/in.h>
@@ -50,6 +49,7 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#include <limits.h>
#include "xmalloc.h"
#include "match.h"
@@ -71,7 +71,8 @@
#endif
#include "authfile.h"
#include "monitor_wrap.h"
-#include "krl.h"
+#include "authfile.h"
+#include "ssherr.h"
#include "compat.h"
/* import */
@@ -330,13 +331,14 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
void
auth_maxtries_exceeded(Authctxt *authctxt)
{
- packet_disconnect("Too many authentication failures for "
+ error("maximum authentication attempts exceeded for "
"%s%.100s from %.200s port %d %s",
authctxt->valid ? "" : "invalid user ",
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
compat20 ? "ssh2" : "ssh1");
+ packet_disconnect("Too many authentication failures");
/* NOTREACHED */
}
@@ -375,7 +377,7 @@ auth_root_allowed(const char *method)
char *
expand_authorized_keys(const char *filename, struct passwd *pw)
{
- char *file, ret[MAXPATHLEN];
+ char *file, ret[PATH_MAX];
int i;
file = percent_expand(filename, "h", pw->pw_dir,
@@ -467,7 +469,7 @@ int
auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
uid_t uid, char *err, size_t errlen)
{
- char buf[MAXPATHLEN], homedir[MAXPATHLEN];
+ char buf[PATH_MAX], homedir[PATH_MAX];
char *cp;
int comparehome = 0;
struct stat st;
@@ -673,43 +675,39 @@ getpwnamallow(const char *user)
int
auth_key_is_revoked(Key *key)
{
-#ifdef WITH_OPENSSL
- char *key_fp;
+ char *fp = NULL;
+ int r;
if (options.revoked_keys_file == NULL)
return 0;
- switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
- case 0:
- return 0; /* Not revoked */
- case -2:
- break; /* Not a KRL */
- default:
- goto revoked;
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ error("%s: fingerprint key: %s", __func__, ssh_err(r));
+ goto out;
}
-#endif
- debug3("%s: treating %s as a key list", __func__,
- options.revoked_keys_file);
- switch (key_in_file(key, options.revoked_keys_file, 0)) {
+
+ r = sshkey_check_revoked(key, options.revoked_keys_file);
+ switch (r) {
case 0:
- /* key not revoked */
- return 0;
- case -1:
- /* Error opening revoked_keys_file: refuse all keys */
- error("Revoked keys file is unreadable: refusing public key "
- "authentication");
- return 1;
-#ifdef WITH_OPENSSL
- case 1:
- revoked:
- /* Key revoked */
- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- error("WARNING: authentication attempt with a revoked "
- "%s key %s ", key_type(key), key_fp);
- free(key_fp);
- return 1;
-#endif
+ break; /* not revoked */
+ case SSH_ERR_KEY_REVOKED:
+ error("Authentication key %s %s revoked by file %s",
+ sshkey_type(key), fp, options.revoked_keys_file);
+ goto out;
+ default:
+ error("Error checking authentication key %s %s in "
+ "revoked keys file %s: %s", sshkey_type(key), fp,
+ options.revoked_keys_file, ssh_err(r));
+ goto out;
}
- fatal("key_in_file returned junk");
+
+ /* Success */
+ r = 0;
+
+ out:
+ free(fp);
+ return r == 0 ? 0 : 1;
}
void
diff --git a/auth.h b/auth.h
index d081c94a6f36..db86037603df 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.82 2015/02/16 22:13:32 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -42,6 +42,9 @@
#include <krb5.h>
#endif
+struct ssh;
+struct sshkey;
+
typedef struct Authctxt Authctxt;
typedef struct Authmethod Authmethod;
typedef struct KbdintDevice KbdintDevice;
@@ -75,6 +78,9 @@ struct Authctxt {
#endif
Buffer *loginmsg;
void *methoddata;
+
+ struct sshkey **prev_userkeys;
+ u_int nprev_userkeys;
};
/*
* Every authentication method has to handle authentication requests for
@@ -123,6 +129,8 @@ int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
__attribute__((__format__ (printf, 3, 4)));
+void auth2_record_userkey(Authctxt *, struct sshkey *);
+int auth2_userkey_already_used(Authctxt *, struct sshkey *);
struct stat;
int auth_secure_path(const char *, struct stat *, const char *, uid_t,
@@ -195,12 +203,13 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *,
/* hostkey handling */
Key *get_hostkey_by_index(int);
-Key *get_hostkey_public_by_index(int);
-Key *get_hostkey_public_by_type(int);
-Key *get_hostkey_private_by_type(int);
-int get_hostkey_index(Key *);
+Key *get_hostkey_public_by_index(int, struct ssh *);
+Key *get_hostkey_public_by_type(int, int, struct ssh *);
+Key *get_hostkey_private_by_type(int, int, struct ssh *);
+int get_hostkey_index(Key *, int, struct ssh *);
int ssh1_session_key(BIGNUM *);
-void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int);
+int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *,
+ const u_char *, size_t, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff --git a/auth1.c b/auth1.c
index 50388285ce4c..5073c49bb37d 100644
--- a/auth1.c
+++ b/auth1.c
@@ -12,6 +12,8 @@
#include "includes.h"
+#ifdef WITH_SSH1
+
#include <sys/types.h>
#include <stdarg.h>
@@ -438,3 +440,5 @@ do_authentication(Authctxt *authctxt)
packet_send();
packet_write_wait();
}
+
+#endif /* WITH_SSH1 */
diff --git a/auth2-chall.c b/auth2-chall.c
index ea4eb6952f8c..ddabe1a90710 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -49,7 +49,7 @@ extern ServerOptions options;
static int auth2_challenge_start(Authctxt *);
static int send_userauth_info_request(Authctxt *);
-static void input_userauth_info_response(int, u_int32_t, void *);
+static int input_userauth_info_response(int, u_int32_t, void *);
#ifdef BSD_AUTH
extern KbdintDevice bsdauth_device;
@@ -279,7 +279,7 @@ send_userauth_info_request(Authctxt *authctxt)
return 1;
}
-static void
+static int
input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -344,6 +344,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
}
userauth_finish(authctxt, authenticated, "keyboard-interactive",
devicename);
+ return 0;
}
void
diff --git a/auth2-gss.c b/auth2-gss.c
index 447f896f2b55..1ca8357731ca 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -48,10 +48,10 @@
extern ServerOptions options;
-static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
-static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
-static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
-static void input_gssapi_errtok(int, u_int32_t, void *);
+static int input_gssapi_token(int type, u_int32_t plen, void *ctxt);
+static int input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
+static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+static int input_gssapi_errtok(int, u_int32_t, void *);
/*
* We only support those mechanisms that we know about (ie ones that we know
@@ -126,7 +126,7 @@ userauth_gssapi(Authctxt *authctxt)
return (0);
}
-static void
+static int
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -178,9 +178,10 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
}
gss_release_buffer(&min_status, &send_tok);
+ return 0;
}
-static void
+static int
input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -212,6 +213,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
/* The client will have already moved on to the next auth */
gss_release_buffer(&maj_status, &send_tok);
+ return 0;
}
/*
@@ -220,7 +222,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
* which only enables it once the GSSAPI exchange is complete.
*/
-static void
+static int
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -244,9 +246,10 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+ return 0;
}
-static void
+static int
input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -284,6 +287,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+ return 0;
}
Authmethod method_gssapi = {
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 6787e4ca4186..eebfe8fc3354 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -48,6 +48,7 @@
#endif
#include "monitor_wrap.h"
#include "pathnames.h"
+#include "match.h"
/* import */
extern ServerOptions options;
@@ -107,6 +108,14 @@ userauth_hostbased(Authctxt *authctxt)
"signature format");
goto done;
}
+ if (match_pattern_list(sshkey_ssh_name(key),
+ options.hostbased_key_types,
+ strlen(options.hostbased_key_types), 0) != 1) {
+ logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
+ __func__, sshkey_type(key));
+ goto done;
+ }
+
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
buffer_init(&b);
@@ -163,7 +172,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
resolvedname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
- debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
+ debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
chost, resolvedname, ipaddr);
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
@@ -172,19 +181,27 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
}
if (options.hostbased_uses_name_from_packet_only) {
- if (auth_rhosts2(pw, cuser, chost, chost) == 0)
+ if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
+ debug2("%s: auth_rhosts2 refused "
+ "user \"%.100s\" host \"%.100s\" (from packet)",
+ __func__, cuser, chost);
return 0;
+ }
lookup = chost;
} else {
if (strcasecmp(resolvedname, chost) != 0)
logit("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
chost, ipaddr, resolvedname);
- if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)
+ if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
+ debug2("%s: auth_rhosts2 refused "
+ "user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
+ __func__, cuser, resolvedname, ipaddr);
return 0;
+ }
lookup = resolvedname;
}
- debug2("userauth_hostbased: access allowed by auth_rhosts2");
+ debug2("%s: access allowed by auth_rhosts2", __func__);
if (key_is_cert(key) &&
key_cert_check_authority(key, 1, 0, lookup, &reason)) {
@@ -207,14 +224,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
if (host_status == HOST_OK) {
if (key_is_cert(key)) {
- fp = key_fingerprint(key->cert->signature_key,
- SSH_FP_MD5, SSH_FP_HEX);
+ if ((fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
verbose("Accepted certificate ID \"%s\" signed by "
"%s CA %s from %s@%s", key->cert->key_id,
key_type(key->cert->signature_key), fp,
cuser, lookup);
} else {
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ if ((fp = sshkey_fingerprint(key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
verbose("Accepted %s public key %s from %s@%s",
key_type(key), fp, cuser, lookup);
}
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index f3ca96592b95..d943efa1e7e2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.41 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -41,6 +41,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <limits.h>
#include "xmalloc.h"
#include "ssh.h"
@@ -122,6 +123,17 @@ userauth_pubkey(Authctxt *authctxt)
"signature scheme");
goto done;
}
+ if (auth2_userkey_already_used(authctxt, key)) {
+ logit("refusing previously-used %s key", key_type(key));
+ goto done;
+ }
+ if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
+ strlen(options.pubkey_key_types), 0) != 1) {
+ logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
+ __func__, sshkey_ssh_name(key));
+ goto done;
+ }
+
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
@@ -159,8 +171,12 @@ userauth_pubkey(Authctxt *authctxt)
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
- buffer_len(&b))) == 1)
+ buffer_len(&b))) == 1) {
authenticated = 1;
+ /* Record the successful key to prevent reuse */
+ auth2_record_userkey(authctxt, key);
+ key = NULL; /* Don't free below */
+ }
buffer_free(&b);
free(sig);
} else {
@@ -212,17 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
}
if (key_is_cert(key)) {
- fp = key_fingerprint(key->cert->signature_key,
- SSH_FP_MD5, SSH_FP_HEX);
+ fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT);
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial,
- key_type(key->cert->signature_key), fp,
+ key_type(key->cert->signature_key),
+ fp == NULL ? "(null)" : fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
} else {
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+ fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT);
+ auth_info(authctxt, "%s %s%s%s", key_type(key),
+ fp == NULL ? "(null)" : fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
}
@@ -365,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
continue;
if (!key_is_cert_authority)
continue;
- fp = key_fingerprint(found, SSH_FP_MD5,
- SSH_FP_HEX);
+ if ((fp = sshkey_fingerprint(found,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching CA found: file %s, line %lu, %s %s",
file, linenum, key_type(found), fp);
/*
@@ -405,11 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
continue;
if (key_is_cert_authority)
continue;
- found_key = 1;
- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ if ((fp = sshkey_fingerprint(found,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(found), fp);
free(fp);
+ found_key = 1;
break;
}
}
@@ -431,11 +453,12 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
return 0;
- ca_fp = key_fingerprint(key->cert->signature_key,
- SSH_FP_MD5, SSH_FP_HEX);
+ if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ return 0;
- if (key_in_file(key->cert->signature_key,
- options.trusted_user_ca_keys, 1) != 1) {
+ if (sshkey_in_file(key->cert->signature_key,
+ options.trusted_user_ca_keys, 1, 0) != 0) {
debug2("%s: CA %s %s is not listed in %s", __func__,
key_type(key->cert->signature_key), ca_fp,
options.trusted_user_ca_keys);
@@ -680,6 +703,35 @@ user_key_allowed(struct passwd *pw, Key *key)
return success;
}
+/* Records a public key in the list of previously-successful keys */
+void
+auth2_record_userkey(Authctxt *authctxt, struct sshkey *key)
+{
+ struct sshkey **tmp;
+
+ if (authctxt->nprev_userkeys >= INT_MAX ||
+ (tmp = reallocarray(authctxt->prev_userkeys,
+ authctxt->nprev_userkeys + 1, sizeof(*tmp))) == NULL)
+ fatal("%s: reallocarray failed", __func__);
+ authctxt->prev_userkeys = tmp;
+ authctxt->prev_userkeys[authctxt->nprev_userkeys] = key;
+ authctxt->nprev_userkeys++;
+}
+
+/* Checks whether a key has already been used successfully for authentication */
+int
+auth2_userkey_already_used(Authctxt *authctxt, struct sshkey *key)
+{
+ u_int i;
+
+ for (i = 0; i < authctxt->nprev_userkeys; i++) {
+ if (sshkey_equal_public(key, authctxt->prev_userkeys[i])) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
Authmethod method_pubkey = {
"publickey",
userauth_pubkey,
diff --git a/auth2.c b/auth2.c
index d9b440ae38f2..717796228a86 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -87,8 +87,8 @@ Authmethod *authmethods[] = {
/* protocol */
-static void input_service_request(int, u_int32_t, void *);
-static void input_userauth_request(int, u_int32_t, void *);
+static int input_service_request(int, u_int32_t, void *);
+static int input_userauth_request(int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(Authctxt *, const char *);
@@ -151,9 +151,7 @@ userauth_banner(void)
{
char *banner = NULL;
- if (options.banner == NULL ||
- strcasecmp(options.banner, "none") == 0 ||
- (datafellows & SSH_BUG_BANNER) != 0)
+ if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0)
return;
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
@@ -176,7 +174,7 @@ do_authentication2(Authctxt *authctxt)
}
/*ARGSUSED*/
-static void
+static int
input_service_request(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -207,10 +205,11 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
packet_disconnect("bad service request %s", service);
}
free(service);
+ return 0;
}
/*ARGSUSED*/
-static void
+static int
input_userauth_request(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
@@ -286,6 +285,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
free(service);
free(user);
free(method);
+ return 0;
}
void
@@ -356,7 +356,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
} else {
/* Allow initial try of "none" auth without failure penalty */
- if (!authctxt->server_caused_failure &&
+ if (!partial && !authctxt->server_caused_failure &&
(authctxt->attempt > 1 || strcmp(method, "none") != 0))
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
diff --git a/authfd.c b/authfd.c
index 2d5a8dd5bb49..5d9414faf543 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: authfd.c,v 1.94 2015/01/14 20:05:27 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -47,124 +47,121 @@
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
+#include <errno.h>
#include "xmalloc.h"
#include "ssh.h"
#include "rsa.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "authfd.h"
#include "cipher.h"
-#include "kex.h"
#include "compat.h"
#include "log.h"
#include "atomicio.h"
#include "misc.h"
+#include "ssherr.h"
-static int agent_present = 0;
-
-/* helper */
-int decode_reply(int type);
+#define MAX_AGENT_IDENTITIES 2048 /* Max keys in agent reply */
+#define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */
/* macro to check for "agent failure" message */
#define agent_failed(x) \
- ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \
+ ((x == SSH_AGENT_FAILURE) || \
+ (x == SSH_COM_AGENT2_FAILURE) || \
(x == SSH2_AGENT_FAILURE))
-int
-ssh_agent_present(void)
+/* Convert success/failure response from agent to a err.h status */
+static int
+decode_reply(u_char type)
{
- int authfd;
-
- if (agent_present)
- return 1;
- if ((authfd = ssh_get_authentication_socket()) == -1)
+ if (agent_failed(type))
+ return SSH_ERR_AGENT_FAILURE;
+ else if (type == SSH_AGENT_SUCCESS)
return 0;
- else {
- ssh_close_authentication_socket(authfd);
- return 1;
- }
+ else
+ return SSH_ERR_INVALID_FORMAT;
}
/* Returns the number of the authentication fd, or -1 if there is none. */
-
int
-ssh_get_authentication_socket(void)
+ssh_get_authentication_socket(int *fdp)
{
const char *authsocket;
- int sock;
+ int sock, oerrno;
struct sockaddr_un sunaddr;
+ if (fdp != NULL)
+ *fdp = -1;
+
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
if (!authsocket)
- return -1;
+ return SSH_ERR_AGENT_NOT_PRESENT;
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0)
- return -1;
+ if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+ return SSH_ERR_SYSTEM_ERROR;
/* close on exec */
- if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) {
+ if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
+ connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
+ oerrno = errno;
close(sock);
- return -1;
+ errno = oerrno;
+ return SSH_ERR_SYSTEM_ERROR;
}
- if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
+ if (fdp != NULL)
+ *fdp = sock;
+ else
close(sock);
- return -1;
- }
- agent_present = 1;
- return sock;
+ return 0;
}
+/* Communicate with agent: send request and read reply */
static int
-ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
+ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
{
- u_int l, len;
+ int r;
+ size_t l, len;
char buf[1024];
/* Get the length of the message, and format it in the buffer. */
- len = buffer_len(request);
+ len = sshbuf_len(request);
put_u32(buf, len);
/* Send the length and then the packet to the agent. */
- if (atomicio(vwrite, auth->fd, buf, 4) != 4 ||
- atomicio(vwrite, auth->fd, buffer_ptr(request),
- buffer_len(request)) != buffer_len(request)) {
- error("Error writing to authentication socket.");
- return 0;
- }
+ if (atomicio(vwrite, sock, buf, 4) != 4 ||
+ atomicio(vwrite, sock, (u_char *)sshbuf_ptr(request),
+ sshbuf_len(request)) != sshbuf_len(request))
+ return SSH_ERR_AGENT_COMMUNICATION;
/*
* Wait for response from the agent. First read the length of the
* response packet.
*/
- if (atomicio(read, auth->fd, buf, 4) != 4) {
- error("Error reading response length from authentication socket.");
- return 0;
- }
+ if (atomicio(read, sock, buf, 4) != 4)
+ return SSH_ERR_AGENT_COMMUNICATION;
/* Extract the length, and check it for sanity. */
len = get_u32(buf);
- if (len > 256 * 1024)
- fatal("Authentication response too long: %u", len);
+ if (len > MAX_AGENT_REPLY_LEN)
+ return SSH_ERR_INVALID_FORMAT;
/* Read the rest of the response in to the buffer. */
- buffer_clear(reply);
+ sshbuf_reset(reply);
while (len > 0) {
l = len;
if (l > sizeof(buf))
l = sizeof(buf);
- if (atomicio(read, auth->fd, buf, l) != l) {
- error("Error reading response from authentication socket.");
- return 0;
- }
- buffer_append(reply, buf, l);
+ if (atomicio(read, sock, buf, l) != l)
+ return SSH_ERR_AGENT_COMMUNICATION;
+ if ((r = sshbuf_put(reply, buf, l)) != 0)
+ return r;
len -= l;
}
- return 1;
+ return 0;
}
/*
@@ -172,7 +169,6 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
* obtained). The argument must have been returned by
* ssh_get_authentication_socket().
*/
-
void
ssh_close_authentication_socket(int sock)
{
@@ -180,80 +176,103 @@ ssh_close_authentication_socket(int sock)
close(sock);
}
-/*
- * Opens and connects a private socket for communication with the
- * authentication agent. Returns the file descriptor (which must be
- * shut down and closed by the caller when no longer needed).
- * Returns NULL if an error occurred and the connection could not be
- * opened.
- */
-
-AuthenticationConnection *
-ssh_get_authentication_connection(void)
+/* Lock/unlock agent */
+int
+ssh_lock_agent(int sock, int lock, const char *password)
{
- AuthenticationConnection *auth;
- int sock;
-
- sock = ssh_get_authentication_socket();
-
- /*
- * Fail if we couldn't obtain a connection. This happens if we
- * exited due to a timeout.
- */
- if (sock < 0)
- return NULL;
-
- auth = xcalloc(1, sizeof(*auth));
- auth->fd = sock;
- buffer_init(&auth->identities);
- auth->howmany = 0;
-
- return auth;
+ int r;
+ u_char type = lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK;
+ struct sshbuf *msg;
+
+ if ((msg = sshbuf_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+ (r = sshbuf_put_cstring(msg, password)) != 0)
+ goto out;
+ if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+ goto out;
+ if ((r = sshbuf_get_u8(msg, &type)) != 0)
+ goto out;
+ r = decode_reply(type);
+ out:
+ sshbuf_free(msg);
+ return r;
}
-/*
- * Closes the connection to the authentication agent and frees any associated
- * memory.
- */
-
-void
-ssh_close_authentication_connection(AuthenticationConnection *auth)
+#ifdef WITH_SSH1
+static int
+deserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp)
{
- buffer_free(&auth->identities);
- close(auth->fd);
- free(auth);
+ struct sshkey *key;
+ int r, keybits;
+ u_int32_t bits;
+ char *comment = NULL;
+
+ if ((key = sshkey_new(KEY_RSA1)) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((r = sshbuf_get_u32(ids, &bits)) != 0 ||
+ (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 ||
+ (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 ||
+ (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)
+ goto out;
+ keybits = BN_num_bits(key->rsa->n);
+ /* XXX previously we just warned here. I think we should be strict */
+ if (keybits < 0 || bits != (u_int)keybits) {
+ r = SSH_ERR_KEY_BITS_MISMATCH;
+ goto out;
+ }
+ if (keyp != NULL) {
+ *keyp = key;
+ key = NULL;
+ }
+ if (commentp != NULL) {
+ *commentp = comment;
+ comment = NULL;
+ }
+ r = 0;
+ out:
+ sshkey_free(key);
+ free(comment);
+ return r;
}
+#endif
-/* Lock/unlock agent */
-int
-ssh_lock_agent(AuthenticationConnection *auth, int lock, const char *password)
+static int
+deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp)
{
- int type;
- Buffer msg;
-
- buffer_init(&msg);
- buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK);
- buffer_put_cstring(&msg, password);
-
- if (ssh_request_reply(auth, &msg, &msg) == 0) {
- buffer_free(&msg);
- return 0;
+ int r;
+ char *comment = NULL;
+ const u_char *blob;
+ size_t blen;
+
+ if ((r = sshbuf_get_string_direct(ids, &blob, &blen)) != 0 ||
+ (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)
+ goto out;
+ if ((r = sshkey_from_blob(blob, blen, keyp)) != 0)
+ goto out;
+ if (commentp != NULL) {
+ *commentp = comment;
+ comment = NULL;
}
- type = buffer_get_char(&msg);
- buffer_free(&msg);
- return decode_reply(type);
+ r = 0;
+ out:
+ free(comment);
+ return r;
}
/*
- * Returns the first authentication identity held by the agent.
+ * Fetch list of identities held by the agent.
*/
-
int
-ssh_get_num_identities(AuthenticationConnection *auth, int version)
+ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp)
{
- int type, code1 = 0, code2 = 0;
- Buffer request;
+ u_char type, code1 = 0, code2 = 0;
+ u_int32_t num, i;
+ struct sshbuf *msg;
+ struct ssh_identitylist *idl = NULL;
+ int r;
+ /* Determine request and expected response types */
switch (version) {
case 1:
code1 = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
@@ -264,238 +283,270 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version)
code2 = SSH2_AGENT_IDENTITIES_ANSWER;
break;
default:
- return 0;
+ return SSH_ERR_INVALID_ARGUMENT;
}
/*
* Send a message to the agent requesting for a list of the
* identities it can represent.
*/
- buffer_init(&request);
- buffer_put_char(&request, code1);
+ if ((msg = sshbuf_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((r = sshbuf_put_u8(msg, code1)) != 0)
+ goto out;
- buffer_clear(&auth->identities);
- if (ssh_request_reply(auth, &request, &auth->identities) == 0) {
- buffer_free(&request);
- return 0;
- }
- buffer_free(&request);
+ if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+ goto out;
/* Get message type, and verify that we got a proper answer. */
- type = buffer_get_char(&auth->identities);
+ if ((r = sshbuf_get_u8(msg, &type)) != 0)
+ goto out;
if (agent_failed(type)) {
- return 0;
+ r = SSH_ERR_AGENT_FAILURE;
+ goto out;
} else if (type != code2) {
- fatal("Bad authentication reply message type: %d", type);
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
}
/* Get the number of entries in the response and check it for sanity. */
- auth->howmany = buffer_get_int(&auth->identities);
- if ((u_int)auth->howmany > 1024)
- fatal("Too many identities in authentication reply: %d",
- auth->howmany);
-
- return auth->howmany;
-}
-
-Key *
-ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version)
-{
- /* get number of identities and return the first entry (if any). */
- if (ssh_get_num_identities(auth, version) > 0)
- return ssh_get_next_identity(auth, comment, version);
- return NULL;
-}
+ if ((r = sshbuf_get_u32(msg, &num)) != 0)
+ goto out;
+ if (num > MAX_AGENT_IDENTITIES) {
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
+ if (num == 0) {
+ r = SSH_ERR_AGENT_NO_IDENTITIES;
+ goto out;
+ }
-Key *
-ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
-{
+ /* Deserialise the response into a list of keys/comments */
+ if ((idl = calloc(1, sizeof(*idl))) == NULL ||
+ (idl->keys = calloc(num, sizeof(*idl->keys))) == NULL ||
+ (idl->comments = calloc(num, sizeof(*idl->comments))) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+ for (i = 0; i < num;) {
+ switch (version) {
+ case 1:
#ifdef WITH_SSH1
- int keybits;
- u_int bits;
+ if ((r = deserialise_identity1(msg,
+ &(idl->keys[i]), &(idl->comments[i]))) != 0)
+ goto out;
#endif
- u_char *blob;
- u_int blen;
- Key *key = NULL;
-
- /* Return failure if no more entries. */
- if (auth->howmany <= 0)
- return NULL;
+ break;
+ case 2:
+ if ((r = deserialise_identity2(msg,
+ &(idl->keys[i]), &(idl->comments[i]))) != 0) {
+ if (r == SSH_ERR_KEY_TYPE_UNKNOWN) {
+ /* Gracefully skip unknown key types */
+ num--;
+ continue;
+ } else
+ goto out;
+ }
+ break;
+ }
+ i++;
+ }
+ idl->nkeys = num;
+ *idlp = idl;
+ idl = NULL;
+ r = 0;
+ out:
+ sshbuf_free(msg);
+ if (idl != NULL)
+ ssh_free_identitylist(idl);
+ return r;
+}
- /*
- * Get the next entry from the packet. These will abort with a fatal
- * error if the packet is too short or contains corrupt data.
- */
- switch (version) {
-#ifdef WITH_SSH1
- case 1:
- key = key_new(KEY_RSA1);
- bits = buffer_get_int(&auth->identities);
- buffer_get_bignum(&auth->identities, key->rsa->e);
- buffer_get_bignum(&auth->identities, key->rsa->n);
- *comment = buffer_get_string(&auth->identities, NULL);
- keybits = BN_num_bits(key->rsa->n);
- if (keybits < 0 || bits != (u_int)keybits)
- logit("Warning: identity keysize mismatch: actual %d, announced %u",
- BN_num_bits(key->rsa->n), bits);
- break;
-#endif
- case 2:
- blob = buffer_get_string(&auth->identities, &blen);
- *comment = buffer_get_string(&auth->identities, NULL);
- key = key_from_blob(blob, blen);
- free(blob);
- break;
- default:
- return NULL;
+void
+ssh_free_identitylist(struct ssh_identitylist *idl)
+{
+ size_t i;
+
+ if (idl == NULL)
+ return;
+ for (i = 0; i < idl->nkeys; i++) {
+ if (idl->keys != NULL)
+ sshkey_free(idl->keys[i]);
+ if (idl->comments != NULL)
+ free(idl->comments[i]);
}
- /* Decrement the number of remaining entries. */
- auth->howmany--;
- return key;
+ free(idl);
}
/*
- * Generates a random challenge, sends it to the agent, and waits for
- * response from the agent. Returns true (non-zero) if the agent gave the
- * correct answer, zero otherwise. Response type selects the style of
- * response desired, with 0 corresponding to protocol version 1.0 (no longer
- * supported) and 1 corresponding to protocol version 1.1.
+ * Sends a challenge (typically from a server via ssh(1)) to the agent,
+ * and waits for a response from the agent.
+ * Returns true (non-zero) if the agent gave the correct answer, zero
+ * otherwise.
*/
#ifdef WITH_SSH1
int
-ssh_decrypt_challenge(AuthenticationConnection *auth,
- Key* key, BIGNUM *challenge,
- u_char session_id[16],
- u_int response_type,
- u_char response[16])
+ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge,
+ u_char session_id[16], u_char response[16])
{
- Buffer buffer;
- int success = 0;
- int i;
- int type;
+ struct sshbuf *msg;
+ int r;
+ u_char type;
if (key->type != KEY_RSA1)
- return 0;
- if (response_type == 0) {
- logit("Compatibility with ssh protocol version 1.0 no longer supported.");
- return 0;
- }
- buffer_init(&buffer);
- buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
- buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
- buffer_put_bignum(&buffer, key->rsa->e);
- buffer_put_bignum(&buffer, key->rsa->n);
- buffer_put_bignum(&buffer, challenge);
- buffer_append(&buffer, session_id, 16);
- buffer_put_int(&buffer, response_type);
-
- if (ssh_request_reply(auth, &buffer, &buffer) == 0) {
- buffer_free(&buffer);
- return 0;
- }
- type = buffer_get_char(&buffer);
-
+ return SSH_ERR_INVALID_ARGUMENT;
+ if ((msg = sshbuf_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 ||
+ (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 ||
+ (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 ||
+ (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 ||
+ (r = sshbuf_put_bignum1(msg, challenge)) != 0 ||
+ (r = sshbuf_put(msg, session_id, 16)) != 0 ||
+ (r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */
+ goto out;
+ if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+ goto out;
+ if ((r = sshbuf_get_u8(msg, &type)) != 0)
+ goto out;
if (agent_failed(type)) {
- logit("Agent admitted failure to authenticate using the key.");
+ r = SSH_ERR_AGENT_FAILURE;
+ goto out;
} else if (type != SSH_AGENT_RSA_RESPONSE) {
- fatal("Bad authentication response: %d", type);
- } else {
- success = 1;
- /*
- * Get the response from the packet. This will abort with a
- * fatal error if the packet is corrupt.
- */
- for (i = 0; i < 16; i++)
- response[i] = (u_char)buffer_get_char(&buffer);
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
}
- buffer_free(&buffer);
- return success;
+ if ((r = sshbuf_get(msg, response, 16)) != 0)
+ goto out;
+ r = 0;
+ out:
+ sshbuf_free(msg);
+ return r;
}
#endif
-/* ask agent to sign data, returns -1 on error, 0 on success */
+/* ask agent to sign data, returns err.h code on error, 0 on success */
int
-ssh_agent_sign(AuthenticationConnection *auth,
- Key *key,
- u_char **sigp, u_int *lenp,
- u_char *data, u_int datalen)
+ssh_agent_sign(int sock, struct sshkey *key,
+ u_char **sigp, size_t *lenp,
+ const u_char *data, size_t datalen, u_int compat)
{
- extern int datafellows;
- Buffer msg;
- u_char *blob;
- u_int blen;
- int type, flags = 0;
- int ret = -1;
-
- if (key_to_blob(key, &blob, &blen) == 0)
- return -1;
-
- if (datafellows & SSH_BUG_SIGBLOB)
- flags = SSH_AGENT_OLD_SIGNATURE;
-
- buffer_init(&msg);
- buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST);
- buffer_put_string(&msg, blob, blen);
- buffer_put_string(&msg, data, datalen);
- buffer_put_int(&msg, flags);
- free(blob);
-
- if (ssh_request_reply(auth, &msg, &msg) == 0) {
- buffer_free(&msg);
- return -1;
- }
- type = buffer_get_char(&msg);
+ struct sshbuf *msg;
+ u_char *blob = NULL, type;
+ size_t blen = 0, len = 0;
+ u_int flags = 0;
+ int r = SSH_ERR_INTERNAL_ERROR;
+
+ if (sigp != NULL)
+ *sigp = NULL;
+ if (lenp != NULL)
+ *lenp = 0;
+
+ if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
+ return SSH_ERR_INVALID_ARGUMENT;
+ if (compat & SSH_BUG_SIGBLOB)
+ flags |= SSH_AGENT_OLD_SIGNATURE;
+ if ((msg = sshbuf_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
+ goto out;
+ if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
+ (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
+ (r = sshbuf_put_string(msg, data, datalen)) != 0 ||
+ (r = sshbuf_put_u32(msg, flags)) != 0)
+ goto out;
+ if ((r = ssh_request_reply(sock, msg, msg) != 0))
+ goto out;
+ if ((r = sshbuf_get_u8(msg, &type)) != 0)
+ goto out;
if (agent_failed(type)) {
- logit("Agent admitted failure to sign using the key.");
+ r = SSH_ERR_AGENT_FAILURE;
+ goto out;
} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
- fatal("Bad authentication response: %d", type);
- } else {
- ret = 0;
- *sigp = buffer_get_string(&msg, lenp);
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
+ if ((r = sshbuf_get_string(msg, sigp, &len)) != 0)
+ goto out;
+ *lenp = len;
+ r = 0;
+ out:
+ if (blob != NULL) {
+ explicit_bzero(blob, blen);
+ free(blob);
}
- buffer_free(&msg);
- return ret;
+ sshbuf_free(msg);
+ return r;
}
/* Encode key for a message to the agent. */
#ifdef WITH_SSH1
-static void
-ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+static int
+ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment)
{
- buffer_put_int(b, BN_num_bits(key->n));
- buffer_put_bignum(b, key->n);
- buffer_put_bignum(b, key->e);
- buffer_put_bignum(b, key->d);
+ int r;
+
/* To keep within the protocol: p < q for ssh. in SSL p > q */
- buffer_put_bignum(b, key->iqmp); /* ssh key->u */
- buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */
- buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
- buffer_put_cstring(b, comment);
+ if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 ||
+ (r = sshbuf_put_bignum1(b, key->n)) != 0 ||
+ (r = sshbuf_put_bignum1(b, key->e)) != 0 ||
+ (r = sshbuf_put_bignum1(b, key->d)) != 0 ||
+ (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 ||
+ (r = sshbuf_put_bignum1(b, key->q)) != 0 ||
+ (r = sshbuf_put_bignum1(b, key->p)) != 0 ||
+ (r = sshbuf_put_cstring(b, comment)) != 0)
+ return r;
+ return 0;
}
#endif
-static void
-ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+static int
+ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key,
+ const char *comment)
+{
+ int r;
+
+ if ((r = sshkey_private_serialize(key, b)) != 0 ||
+ (r = sshbuf_put_cstring(b, comment)) != 0)
+ return r;
+ return 0;
+}
+
+static int
+encode_constraints(struct sshbuf *m, u_int life, u_int confirm)
{
- key_private_serialize(key, b);
- buffer_put_cstring(b, comment);
+ int r;
+
+ if (life != 0) {
+ if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_LIFETIME)) != 0 ||
+ (r = sshbuf_put_u32(m, life)) != 0)
+ goto out;
+ }
+ if (confirm != 0) {
+ if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_CONFIRM)) != 0)
+ goto out;
+ }
+ r = 0;
+ out:
+ return r;
}
/*
- * Adds an identity to the authentication server. This call is not meant to
- * be used by normal applications.
+ * Adds an identity to the authentication server.
+ * This call is intended only for use by ssh-add(1) and like applications.
*/
-
int
-ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
- const char *comment, u_int life, u_int confirm)
+ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment,
+ u_int life, u_int confirm)
{
- Buffer msg;
- int type, constrained = (life || confirm);
+ struct sshbuf *msg;
+ int r, constrained = (life || confirm);
+ u_char type;
- buffer_init(&msg);
+ if ((msg = sshbuf_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
switch (key->type) {
#ifdef WITH_SSH1
@@ -503,8 +554,9 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
type = constrained ?
SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
SSH_AGENTC_ADD_RSA_IDENTITY;
- buffer_put_char(&msg, type);
- ssh_encode_identity_rsa1(&msg, key->rsa, comment);
+ if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+ (r = ssh_encode_identity_rsa1(msg, key->rsa, comment)) != 0)
+ goto out;
break;
#endif
#ifdef WITH_OPENSSL
@@ -522,77 +574,88 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
type = constrained ?
SSH2_AGENTC_ADD_ID_CONSTRAINED :
SSH2_AGENTC_ADD_IDENTITY;
- buffer_put_char(&msg, type);
- ssh_encode_identity_ssh2(&msg, key, comment);
+ if ((r = sshbuf_put_u8(msg, type)) != 0 ||
+ (r = ssh_encode_identity_ssh2(m