diff options
Diffstat (limited to 'crypto/openssh/ChangeLog')
| -rw-r--r-- | crypto/openssh/ChangeLog | 979 |
1 files changed, 979 insertions, 0 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index b2df6602371d..d6e4a4a25ae5 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,982 @@ +20100307 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/03/07 22:16:01 + [ssh-keygen.c] + make internal strptime string match strftime format; + suggested by vinschen AT redhat.com and markus@ + - djm@cvs.openbsd.org 2010/03/08 00:28:55 + [ssh-keygen.1] + document permit-agent-forwarding certificate constraint; patch from + stevesk@ + - djm@cvs.openbsd.org 2010/03/07 22:01:32 + [version.h] + openssh-5.4 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + crank version numbers + - (djm) Release OpenSSH-5.4p1 + +20100307 + - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that + it gets the passwd struct from the LAM that knows about the user which is + not necessarily the default. Patch from Alexandre Letourneau. + - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and + do not set real uid, since that's needed for the chroot, and will be set + by permanently_set_uid. + - (dtucker) [session.c] Also initialize creds to NULL for handing to + setpcred. + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/03/07 11:57:13 + [auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] + Hold authentication debug messages until after successful authentication. + Fixes an info leak of environment variables specified in authorized_keys, + reported by Jacob Appelbaum. ok djm@ + +20100305 + - OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/03/04 12:51:25 + [ssh.1 sshd_config.5] + tweak previous; + - djm@cvs.openbsd.org 2010/03/04 20:35:08 + [ssh-keygen.1 ssh-keygen.c] + Add a -L flag to print the contents of a certificate; ok markus@ + - jmc@cvs.openbsd.org 2010/03/04 22:52:40 + [ssh-keygen.1] + fix Bk/Ek; + - djm@cvs.openbsd.org 2010/03/04 23:17:25 + [sshd_config.5] + missing word; spotted by jmc@ + - djm@cvs.openbsd.org 2010/03/04 23:19:29 + [ssh.1 sshd.8] + move section on CA and revoked keys from ssh.1 to sshd.8's known hosts + format section and rework it a bit; requested by jmc@ + - djm@cvs.openbsd.org 2010/03/04 23:27:25 + [auth-options.c ssh-keygen.c] + "force-command" is not spelled "forced-command"; spotted by + imorgan AT nas.nasa.gov + - djm@cvs.openbsd.org 2010/03/05 02:58:11 + [auth.c] + make the warning for a revoked key louder and more noticable + - jmc@cvs.openbsd.org 2010/03/05 06:50:35 + [ssh.1 sshd.8] + tweak previous; + - jmc@cvs.openbsd.org 2010/03/05 08:31:20 + [ssh.1] + document certificate authentication; help/ok djm + - djm@cvs.openbsd.org 2010/03/05 10:28:21 + [ssh-add.1 ssh.1 ssh_config.5] + mention loading of certificate files from [private]-cert.pub when + they are present; feedback and ok jmc@ + - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older + compilers. OK djm@ + - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure + on some platforms + - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ + +20100304 + - (djm) [ssh-keygen.c] Use correct local variable, instead of + maybe-undefined global "optarg" + - (djm) [contrib/redhat/openssh.spec] Replace obsolete BuildPreReq + on XFree86-devel with neutral /usr/include/X11/Xlib.h; + imorgan AT nas.nasa.gov in bz#1731 + - (djm) [.cvsignore] Ignore ssh-pkcs11-helper + - (djm) [regress/Makefile] Cleanup sshd_proxy_orig + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/03/03 01:44:36 + [auth-options.c key.c] + reject strings with embedded ASCII nul chars in certificate key IDs, + principal names and constraints + - djm@cvs.openbsd.org 2010/03/03 22:49:50 + [sshd.8] + the authorized_keys option for CA keys is "cert-authority", not + "from=cert-authority". spotted by imorgan AT nas.nasa.gov + - djm@cvs.openbsd.org 2010/03/03 22:50:40 + [PROTOCOL.certkeys] + s/similar same/similar/; from imorgan AT nas.nasa.gov + - djm@cvs.openbsd.org 2010/03/04 01:44:57 + [key.c] + use buffer_get_string_ptr_ret() where we are checking the return + value explicitly instead of the fatal()-causing buffer_get_string_ptr() + - djm@cvs.openbsd.org 2010/03/04 10:36:03 + [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c] + [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h] + [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5] + Add a TrustedUserCAKeys option to sshd_config to specify CA keys that + are trusted to authenticate users (in addition than doing it per-user + in authorized_keys). + + Add a RevokedKeys option to sshd_config and a @revoked marker to + known_hosts to allow keys to me revoked and banned for user or host + authentication. + + feedback and ok markus@ + - djm@cvs.openbsd.org 2010/03/03 00:47:23 + [regress/cert-hostkey.sh regress/cert-userkey.sh] + add an extra test to ensure that authentication with the wrong + certificate fails as it should (and it does) + - djm@cvs.openbsd.org 2010/03/04 10:38:23 + [regress/cert-hostkey.sh regress/cert-userkey.sh] + additional regression tests for revoked keys and TrustedUserCAKeys + +20100303 + - (djm) [PROTOCOL.certkeys] Add RCS Ident + - OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/02/26 22:09:28 + [ssh-keygen.1 ssh.1 sshd.8] + tweak previous; + - otto@cvs.openbsd.org 2010/03/01 11:07:06 + [ssh-add.c] + zap what seems to be a left-over debug message; ok markus@ + - djm@cvs.openbsd.org 2010/03/02 23:20:57 + [ssh-keygen.c] + POSIX strptime is stricter than OpenBSD's so do a little dance to + appease it. + - (djm) [regress/cert-userkey.sh] s/echo -n/echon/ here too + +20100302 + - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from + http://git.savannah.gnu.org/gitweb/ (2009-12-30 and 2010-01-22 + respectively). + +20100301 + - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace + "echo -n" with "echon" for portability. + - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM + adjust log at verbose only, since according to cjwatson in bug #1470 + some virtualization platforms don't allow writes. + +20100228 + - (djm) [auth.c] On Cygwin, refuse usernames that have differences in + case from that matched in the system password database. On this + platform, passwords are stored case-insensitively, but sshd requires + exact case matching for Match blocks in sshd_config(5). Based on + a patch from vinschen AT redhat.com. + - (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions + to make older compilers (gcc 2.95) happy. + +20100227 + - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded + - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment + variables copied into sshd child processes. From vinschen AT redhat.com + +20100226 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/02/26 20:29:54 + [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] + [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] + [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] + [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] + [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] + [sshconnect2.c sshd.8 sshd.c sshd_config.5] + Add support for certificate key types for users and hosts. + + OpenSSH certificate key types are not X.509 certificates, but a much + simpler format that encodes a public key, identity information and + some validity constraints and signs it with a CA key. CA keys are + regular SSH keys. This certificate style avoids the attack surface + of X.509 certificates and is very easy to deploy. + + Certified host keys allow automatic acceptance of new host keys + when a CA certificate is marked as trusted in ~/.ssh/known_hosts. + see VERIFYING HOST KEYS in ssh(1) for details. + + Certified user keys allow authentication of users when the signing + CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS + FILE FORMAT" in sshd(8) for details. + + Certificates are minted using ssh-keygen(1), documentation is in + the "CERTIFICATES" section of that manpage. + + Documentation on the format of certificates is in the file + PROTOCOL.certkeys + + feedback and ok markus@ + - djm@cvs.openbsd.org 2010/02/26 20:33:21 + [Makefile regress/cert-hostkey.sh regress/cert-userkey.sh] + regression tests for certified keys + +20100224 + - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] + [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/02/11 20:37:47 + [pathnames.h] + correct comment + - dtucker@cvs.openbsd.org 2009/11/09 04:20:04 + [regress/Makefile] + add regression test for ssh-keygen pubkey conversions + - dtucker@cvs.openbsd.org 2010/01/11 02:53:44 + [regress/forwarding.sh] + regress test for stdio forwarding + - djm@cvs.openbsd.org 2010/02/09 04:57:36 + [regress/addrmatch.sh] + clean up droppings + - djm@cvs.openbsd.org 2010/02/09 06:29:02 + [regress/Makefile] + turn on all the malloc(3) checking options when running regression + tests. this has caught a few bugs for me in the past; ok dtucker@ + - djm@cvs.openbsd.org 2010/02/24 06:21:56 + [regress/test-exec.sh] + wait for sshd to fully stop in cleanup() function; avoids races in tests + that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@ + - markus@cvs.openbsd.org 2010/02/08 10:52:47 + [regress/agent-pkcs11.sh] + test for PKCS#11 support (currently disabled) + - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Add PKCS#11 helper binary and manpage + +20100212 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/02/02 22:49:34 + [bufaux.c] + make buffer_get_string_ret() really non-fatal in all cases (it was + using buffer_get_int(), which could fatal() on buffer empty); + ok markus dtucker + - markus@cvs.openbsd.org 2010/02/08 10:50:20 + [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] + [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] + replace our obsolete smartcard code with PKCS#11. + ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf + ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 + provider (shared library) while ssh-agent(1) delegates PKCS#11 to + a forked a ssh-pkcs11-helper process. + PKCS#11 is currently a compile time option. + feedback and ok djm@; inspired by patches from Alon Bar-Lev + - jmc@cvs.openbsd.org 2010/02/08 22:03:05 + [ssh-add.1 ssh-keygen.1 ssh.1 ssh.c] + tweak previous; ok markus + - djm@cvs.openbsd.org 2010/02/09 00:50:36 + [ssh-agent.c] + fallout from PKCS#11: unbreak -D + - djm@cvs.openbsd.org 2010/02/09 00:50:59 + [ssh-keygen.c] + fix -Wall + - djm@cvs.openbsd.org 2010/02/09 03:56:28 + [buffer.c buffer.h] + constify the arguments to buffer_len, buffer_ptr and buffer_dump + - djm@cvs.openbsd.org 2010/02/09 06:18:46 + [auth.c] + unbreak ChrootDirectory+internal-sftp by skipping check for executable + shell when chrooting; reported by danh AT wzrd.com; ok dtucker@ + - markus@cvs.openbsd.org 2010/02/10 23:20:38 + [ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5] + pkcs#11 is no longer optional; improve wording; ok jmc@ + - jmc@cvs.openbsd.org 2010/02/11 13:23:29 + [ssh.1] + libarary -> library; + - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c] + [scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] + Remove obsolete smartcard support + - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] + Make it compile on OSX + - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] + Use ssh_get_progname to fill __progname + - (djm) [configure.ac] Enable PKCS#11 support only when we find a working + dlopen() + +20100210 + - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for + getseuserbyname; patch from calebcase AT gmail.com via + cjwatson AT debian.org + +20100202 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/01/30 21:08:33 + [sshd.8] + debug output goes to stderr, not "the system log"; ok markus dtucker + - djm@cvs.openbsd.org 2010/01/30 21:12:08 + [channels.c] + fake local addr:port when stdio fowarding as some servers (Tectia at + least) validate that they are well-formed; + reported by imorgan AT nas.nasa.gov + ok dtucker + +20100130 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/01/28 00:21:18 + [clientloop.c] + downgrade an error() to a debug() - this particular case can be hit in + normal operation for certain sequences of mux slave vs session closure + and is harmless + - djm@cvs.openbsd.org 2010/01/29 00:20:41 + [sshd.c] + set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com + ok dtucker@ + - djm@cvs.openbsd.org 2010/01/29 20:16:17 + [mux.c] + kill correct channel (was killing already-dead mux channel, not + its session channel) + - djm@cvs.openbsd.org 2010/01/30 02:54:53 + [mux.c] + don't mark channel as read failed if it is already closing; suppresses + harmless error messages when connecting to SSH.COM Tectia server + report by imorgan AT nas.nasa.gov + +20100129 + - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config() + after registering the hardware engines, which causes the openssl.cnf file to + be processed. See OpenSSL's man page for OPENSSL_config(3) for details. + Patch from Solomon Peachy, ok djm@. + +20100128 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/01/26 02:15:20 + [mux.c] + -Wuninitialized and remove a // comment; from portable + (Id sync only) + - djm@cvs.openbsd.org 2010/01/27 13:26:17 + [mux.c] + fix bug introduced in mux rewrite: + + In a mux master, when a socket to a mux slave closes before its server + session (as may occur when the slave has been signalled), gracefully + close the server session rather than deleting its channel immediately. + A server may have more messages on that channel to send (e.g. an exit + message) that will fatal() the client if they are sent to a channel that + has been prematurely deleted. + + spotted by imorgan AT nas.nasa.gov + - djm@cvs.openbsd.org 2010/01/27 19:21:39 + [sftp.c] + add missing "p" flag to getopt optstring; + bz#1704 from imorgan AT nas.nasa.gov + +20100126 + - (djm) OpenBSD CVS Sync + - tedu@cvs.openbsd.org 2010/01/17 21:49:09 + [ssh-agent.1] + Correct and clarify ssh-add's password asking behavior. + Improved text dtucker and ok jmc + - dtucker@cvs.openbsd.org 2010/01/18 01:50:27 + [roaming_client.c] + s/long long unsigned/unsigned long long/, from tim via portable + (Id sync only, change already in portable) + - djm@cvs.openbsd.org 2010/01/26 01:28:35 + [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] + rewrite ssh(1) multiplexing code to a more sensible protocol. + + The new multiplexing code uses channels for the listener and + accepted control sockets to make the mux master non-blocking, so + no stalls when processing messages from a slave. + + avoid use of fatal() in mux master protocol parsing so an errant slave + process cannot take down a running master. + + implement requesting of port-forwards over multiplexed sessions. Any + port forwards requested by the slave are added to those the master has + established. + + add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. + + document master/slave mux protocol so that other tools can use it to + control a running ssh(1). Note: there are no guarantees that this + protocol won't be incompatibly changed (though it is versioned). + + feedback Salvador Fandino, dtucker@ + channel changes ok markus@ + +20100122 + - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of + socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size + in Cygwin to 65535. Patch from Corinna Vinschen. + +20100117 + - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too. + - (tim) [configure.ac] On SVR5 systems, use the C99-conforming functions + snprintf() and vsnprintf() named _xsnprintf() and _xvsnprintf(). + +20100116 + - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h + so we correctly detect whether or not we have a native user_from_uid. + - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid + and group_from_gid. + - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by + Tim. + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2010/01/15 09:24:23 + [sftp-common.c] + unused + - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused + variable warnings. + - (dtucker) [openbsd-compat/openbsd-compat.h] Typo. + - (tim) [regress/portnum.sh] Shell portability fix. + - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native + getaddrinfo() is too old and limited for addr_pton() in addrmatch.c. + - (tim) [roaming_client.c] Use of <sys/queue.h> is not really portable so we + use "openbsd-compat/sys-queue.h". s/long long unsigned/unsigned long long/ + to keep USL compilers happy. + +20100115 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/01/13 12:48:34 + [sftp.1 sftp.c] + sftp.1: put ls -h in the right place + sftp.c: as above, plus add -p to get/put, and shorten their arg names + to keep the help usage nicely aligned + ok djm + - djm@cvs.openbsd.org 2010/01/13 23:47:26 + [auth.c] + when using ChrootDirectory, make sure we test for the existence of the + user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu; + ok dtucker + - dtucker@cvs.openbsd.org 2010/01/14 23:41:49 + [sftp-common.c] + use user_from{uid,gid} to lookup up ids since it keeps a small cache. + ok djm + - guenther@cvs.openbsd.org 2010/01/15 00:05:22 + [sftp.c] + Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp + inherited SIGTERM as ignored it will still be able to kill the ssh it + starts. + ok dtucker@ + - (dtucker) [openbsd-compat/pwcache.c] Pull in pwcache.c from OpenBSD (no + changes yet but there will be some to come). + - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability + for pwcache. Also, added caching of negative hits. + +20100114 + - (djm) [platform.h] Add missing prototype for + platform_krb5_get_principal_name + +20100113 + - (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs. + - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: + missing restore of SIGTTOU and some whitespace. + - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21. + - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22. + Fixes bz #1590, where sometimes you could not interrupt a connection while + ssh was prompting for a passphrase or password. + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/01/13 00:19:04 + [sshconnect.c auth.c] + Fix a couple of typos/mispellings in comments + - dtucker@cvs.openbsd.org 2010/01/13 01:10:56 + [key.c] + Ignore and log any Protocol 1 keys where the claimed size is not equal to + the actual size. Noted by Derek Martin, ok djm@ + - dtucker@cvs.openbsd.org 2010/01/13 01:20:20 + [canohost.c ssh-keysign.c sshconnect2.c] + Make HostBased authentication work with a ProxyCommand. bz #1569, patch + from imorgan at nas nasa gov, ok djm@ + - djm@cvs.openbsd.org 2010/01/13 01:40:16 + [sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h] + support '-h' (human-readable units) for sftp's ls command, just like + ls(1); ok dtucker@ + - djm@cvs.openbsd.org 2010/01/13 03:48:13 + [servconf.c servconf.h sshd.c] + avoid run-time failures when specifying hostkeys via a relative + path by prepending the cwd in these cases; bz#1290; ok dtucker@ + - djm@cvs.openbsd.org 2010/01/13 04:10:50 + [sftp.c] + don't append a space after inserting a completion of a directory (i.e. + a path ending in '/') for a slightly better user experience; ok dtucker@ + - (dtucker) [sftp-common.c] Wrap include of util.h in an ifdef. + - (tim) [defines.h] openbsd-compat/readpassphrase.c now needs _NSIG. + feedback and ok dtucker@ + +20100112 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/01/11 01:39:46 + [ssh_config channels.c ssh.1 channels.h ssh.c] + Add a 'netcat mode' (ssh -W). This connects stdio on the client to a + single port forward on the server. This allows, for example, using ssh as + a ProxyCommand to route connections via intermediate servers. + bz #1618, man page help from jmc@, ok markus@ + - dtucker@cvs.openbsd.org 2010/01/11 04:46:45 + [authfile.c sshconnect2.c] + Do not prompt for a passphrase if we fail to open a keyfile, and log the + reason the open failed to debug. + bz #1693, found by tj AT castaglia org, ok djm@ + - djm@cvs.openbsd.org 2010/01/11 10:51:07 + [ssh-keygen.c] + when converting keys, truncate key comments at 72 chars as per RFC4716; + bz#1630 reported by tj AT castaglia.org; ok markus@ + - dtucker@cvs.openbsd.org 2010/01/12 00:16:47 + [authfile.c] + Fix bug introduced in r1.78 (incorrect brace location) that broke key auth. + Patch from joachim joachimschipper nl. + - djm@cvs.openbsd.org 2010/01/12 00:58:25 + [monitor_fdpass.c] + avoid spinning when fd passing on nonblocking sockets by calling poll() + in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@ + - djm@cvs.openbsd.org 2010/01/12 00:59:29 + [roaming_common.c] + delete with extreme prejudice a debug() that fired with every keypress; + ok dtucker deraadt + - dtucker@cvs.openbsd.org 2010/01/12 01:31:05 + [session.c] + Do not allow logins if /etc/nologin exists but is not readable by the user + logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@ + - djm@cvs.openbsd.org 2010/01/12 01:36:08 + [buffer.h bufaux.c] + add a buffer_get_string_ptr_ret() that does the same as + buffer_get_string_ptr() but does not fatal() on error; ok dtucker@ + - dtucker@cvs.openbsd.org 2010/01/12 08:33:17 + [session.c] + Add explicit stat so we reliably detect nologin with bad perms. + ok djm markus + +20100110 + - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] + Remove hacks add for RoutingDomain in preparation for its removal. + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 + [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h + ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c + readconf.h scp.1 sftp.1 ssh_config.5 misc.h] + Remove RoutingDomain from ssh since it's now not needed. It can be + replaced with "route exec" or "nc -V" as a proxycommand. "route exec" + also ensures that trafic such as DNS lookups stays withing the specified + routingdomain. For example (from reyk): + # route -T 2 exec /usr/sbin/sshd + or inherited from the parent process + $ route -T 2 exec sh + $ ssh 10.1.2.3 + ok deraadt@ markus@ stevesk@ reyk@ + - dtucker@cvs.openbsd.org 2010/01/10 03:51:17 + [servconf.c] + Add ChrootDirectory to sshd.c test-mode output + - dtucker@cvs.openbsd.org 2010/01/10 07:15:56 + [auth.c] + Output a debug if we can't open an existing keyfile. bz#1694, ok djm@ + +20100109 + - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't + have it. + - (dtucker) [defines.h] define PRIu64 for platforms that don't have it. + - (dtucker) [roaming_client.c] Wrap inttypes.h in an ifdef. + - (dtucker) [loginrec.c] Use the SUSv3 specified name for the user name + when using utmpx. Patch from Ed Schouten. + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/01/09 00:20:26 + [sftp-server.c sftp-server.8] + add a 'read-only' mode to sftp-server(8) that disables open in write mode + and all other fs-modifying protocol methods. bz#430 ok dtucker@ + - djm@cvs.openbsd.org 2010/01/09 00:57:10 + [PROTOCOL] + tweak language + - jmc@cvs.openbsd.org 2010/01/09 03:36:00 + [sftp-server.8] + bad place to forget a comma... + - djm@cvs.openbsd.org 2010/01/09 05:04:24 + [mux.c sshpty.h clientloop.c sshtty.c] + quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we + usually don't actually have a tty to read/set; bz#1686 ok dtucker@ + - dtucker@cvs.openbsd.org 2010/01/09 05:17:00 + [roaming_client.c] + Remove a PRIu64 format string that snuck in with roaming. ok djm@ + - dtucker@cvs.openbsd.org 2010/01/09 11:13:02 + [sftp.c] + Prevent sftp from derefing a null pointer when given a "-" without a + command. Also, allow whitespace to follow a "-". bz#1691, path from + Colin Watson via Debian. ok djm@ deraadt@ + - dtucker@cvs.openbsd.org 2010/01/09 11:17:56 + [sshd.c] + Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs + itself. Prevents two HUPs in quick succession from resulting in sshd + dying. bz#1692, patch from Colin Watson via Ubuntu. + - (dtucker) [defines.h] Remove now-undeeded PRIu64 define. + +20100108 + - (dtucker) OpenBSD CVS Sync + - andreas@cvs.openbsd.org 2009/10/24 11:11:58 + [roaming.h] + Declarations needed for upcoming changes. + ok markus@ + - andreas@cvs.openbsd.org 2009/10/24 11:13:54 + [sshconnect2.c kex.h kex.c] + Let the client detect if the server supports roaming by looking + for the resume@appgate.com kex algorithm. + ok markus@ + - andreas@cvs.openbsd.org 2009/10/24 11:15:29 + [clientloop.c] + client_loop() must detect if the session has been suspended and resumed, + and take appropriate action in that case. + From Martin Forssen, maf at appgate dot com + - andreas@cvs.openbsd.org 2009/10/24 11:19:17 + [ssh2.h] + Define the KEX messages used when resuming a suspended connection. + ok markus@ + - andreas@cvs.openbsd.org 2009/10/24 11:22:37 + [roaming_common.c] + Do the actual suspend/resume in the client. This won't be useful until + the server side supports roaming. + Most code from Martin Forssen, maf at appgate dot com. Some changes by + me and markus@ + ok markus@ + - andreas@cvs.openbsd.org 2009/10/24 11:23:42 + [ssh.c] + Request roaming to be enabled if UseRoaming is true and the server + supports it. + ok markus@ + - reyk@cvs.openbsd.org 2009/10/28 16:38:18 + [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c + channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 + sftp.1 sshd_config.5 readconf.c ssh.c misc.c] + Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. + ok markus@ + - jmc@cvs.openbsd.org 2009/10/28 21:45:08 + [sshd_config.5 sftp.1] + tweak previous; + - djm@cvs.openbsd.org 2009/11/10 02:56:22 + [ssh_config.5] + explain the constraints on LocalCommand some more so people don't + try to abuse it. + - djm@cvs.openbsd.org 2009/11/10 02:58:56 + [sshd_config.5] + clarify that StrictModes does not apply to ChrootDirectory. Permissions + and ownership are always checked when chrooting. bz#1532 + - dtucker@cvs.openbsd.org 2009/11/10 04:30:45 + [sshconnect2.c channels.c sshconnect.c] + Set close-on-exec on various descriptors so they don't get leaked to + child processes. bz #1643, patch from jchadima at redhat, ok deraadt. + - markus@cvs.openbsd.org 2009/11/11 21:37:03 + [channels.c channels.h] + fix race condition in x11/agent channel allocation: don't read after + the end of the select read/write fdset and make sure a reused FD + is not touched before the pre-handlers are called. + with and ok djm@ + - djm@cvs.openbsd.org 2009/11/17 05:31:44 + [clientloop.c] + fix incorrect exit status when multiplexing and channel ID 0 is recycled + bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker + - djm@cvs.openbsd.org 2009/11/19 23:39:50 + [session.c] + bz#1606: error when an attempt is made to connect to a server + with ForceCommand=internal-sftp with a shell session (i.e. not a + subsystem session). Avoids stuck client when attempting to ssh to such a + service. ok dtucker@ + - dtucker@cvs.openbsd.org 2009/11/20 00:15:41 + [session.c] + Warn but do not fail if stat()ing the subsystem binary fails. This helps + with chrootdirectory+forcecommand=sftp-server and restricted shells. + bz #1599, ok djm. + - djm@cvs.openbsd.org 2009/11/20 00:54:01 + [sftp.c] + bz#1588 change "Connecting to host..." message to "Connected to host." + and delay it until after the sftp protocol connection has been established. + Avoids confusing sequence of messages when the underlying ssh connection + experiences problems. ok dtucker@ + - dtucker@cvs.openbsd.org 2009/11/20 00:59:36 + [sshconnect2.c] + Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@ + - djm@cvs.openbsd.org 2009/11/20 03:24:07 + [misc.c] + correct off-by-one in percent_expand(): we would fatal() when trying + to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually + work. Note that nothing in OpenSSH actually uses close to this limit at + present. bz#1607 from Jan.Pechanec AT Sun.COM + - halex@cvs.openbsd.org 2009/11/22 13:18:00 + [sftp.c] + make passing of zero-length arguments to ssh safe by + passing "-<switch>" "<value>" rather than "-<switch><value>" + ok dtucker@, guenther@, djm@ + - dtucker@cvs.openbsd.org 2009/12/06 23:41:15 + [sshconnect2.c] + zap unused variable and strlen; from Steve McClellan, ok djm + - djm@cvs.openbsd.org 2009/12/06 23:53:45 + [roaming_common.c] + use socklen_t for getsockopt optlen parameter; reported by + Steve.McClellan AT radisys.com, ok dtucker@ + - dtucker@cvs.openbsd.org 2009/12/06 23:53:54 + [sftp.c] + fix potential divide-by-zero in sftp's "df" output when talking to a server + that reports zero files on the filesystem (Unix filesystems always have at + least the root inode). From Steve McClellan at radisys, ok djm@ + - markus@cvs.openbsd.org 2009/12/11 18:16:33 + [key.c] + switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 + for the RSA public exponent; discussed with provos; ok djm@ + - guenther@cvs.openbsd.org 2009/12/20 07:28:36 + [ssh.c sftp.c scp.c] + When passing user-controlled options with arguments to other programs, + pass the option and option argument as separate argv entries and + not smashed into one (e.g., as -l foo and not -lfoo). Also, always + pass a "--" argument to stop option parsing, so that a positional + argument that starts with a '-' isn't treated as an option. This + fixes some error cases as well as the handling of hostnames and + filenames that start with a '-'. + Based on a diff by halex@ + ok halex@ djm@ deraadt@ + - djm@cvs.openbsd.org 2009/12/20 23:20:40 + [PROTOCOL] + fix an incorrect magic number and typo in PROTOCOL; bz#1688 + report and fix from ueno AT unixuser.org + - stevesk@cvs.openbsd.org 2009/12/25 19:40:21 + [readconf.c servconf.c misc.h ssh-keyscan.c misc.c] + validate routing domain is in range 0-RT_TABLEID_MAX. + 'Looks right' deraadt@ + - stevesk@cvs.openbsd.org 2009/12/29 16:38:41 + [sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1] + Rename RDomain config option to RoutingDomain to be more clear and + consistent with other options. + NOTE: if you currently use RDomain in the ssh client or server config, + or ssh/sshd -o, you must update to use RoutingDomain. + ok markus@ djm@ + - jmc@cvs.openbsd.org 2009/12/29 18:03:32 + [sshd_config.5 ssh_config.5] + sort previous; + - dtucker@cvs.openbsd.org 2010/01/04 01:45:30 + [sshconnect2.c] + Don't escape backslashes in the SSH2 banner. bz#1533, patch from + Michal Gorny via Gentoo. + - djm@cvs.openbsd.org 2010/01/04 02:03:57 + [sftp.c] + Implement tab-completion of commands, local and remote filenames for sftp. + Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009 + Google Summer of Code) and polished to a fine sheen by myself again. + It should deal more-or-less correctly with the ikky corner-cases presented + by quoted filenames, but the UI could still be slightly improved. + In particular, it is quite slow for remote completion on large directories. + bz#200; ok markus@ + - djm@cvs.openbsd.org 2010/01/04 02:25:15 + [sftp-server.c] + bz#1566 don't unnecessarily dup() in and out fds for sftp-server; + ok markus@ + - dtucker@cvs.openbsd.org 2010/01/08 21:50:49 + [sftp.c] + Fix two warnings: possibly used unitialized and use a nul byte instead of + NULL pointer. ok djm@ + - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new + files for roaming and add to Makefile. + - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines. + - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that + don't have libedit. + - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make + RoutingDomain an unsupported option on platforms that don't have it. + - (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remote + too. + - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket to + be created. + - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN more + to eliminate an unused variable warning. + - (dtucker) [roaming_serv.c] Include includes.h for u_intXX_t types. + +20091226 + - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 + Gzip all man pages. Patch from Corinna Vinschen. + +20091221 + - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}] + Bug #1583: Use system's kerberos principal name on AIX if it's available. + Based on a patch from and tested by Miguel Sanders + +20091208 + - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, + based on a patch from Vaclav Ovsik and Colin Watson. ok djm. + +20091207 + - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. + Tested by Martin Paljak. + - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass. + +20091121 + - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it. + Bug 1628. OK dtucker@ + +20091120 + - (djm) [ssh-rand-helper.c] Print error and usage() when passed command- + line arguments as none are supported. Exit when passed unrecognised + commandline flags. bz#1568 from gson AT araneus.fi + +20091118 + - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to + set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify + setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() + bz#1648, report and fix from jan.kratochvil AT redhat.com + - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal. + bz#1645, patch from jchadima AT redhat.com + +20091107 + - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private + keys when built with OpenSSL versions that don't do AES. + +20091105 + - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with + older versions of OpenSSL. + +20091024 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2009/10/11 23:03:15 + [hostfile.c] + mention the host name that we are looking for in check_host_in_hostfile() + - sobrado@cvs.openbsd.org 2009/10/17 12:10:39 + [sftp-server.c] + sort flags. + - sobrado@cvs.openbsd.org 2009/10/22 12:35:53 + [ssh.1 ssh-agent.1 ssh-add.1] + use the UNIX-related macros (.At and .Ux) where appropriate. + ok jmc@ + - sobrado@cvs.openbsd.org 2009/10/22 15:02:12 + [ssh-agent.1 ssh-add.1 ssh.1] + write UNIX-domain in a more consistent way; while here, replace a + few remaining ".Tn UNIX" macros with ".Ux" ones. + pointed out by ratchov@, thanks! + ok jmc@ + - djm@cvs.openbsd.org 2009/10/22 22:26:13 + [authfile.c] + switch from 3DES to AES-128 for encryption of passphrase-protected + SSH protocol 2 private keys; ok several + - djm@cvs.openbsd.org 2009/10/23 01:57:11 + [sshconnect2.c] + disallow a hostile server from checking jpake auth by sending an + out-of-sequence success message. (doesn't affect code enabled by default) + - dtucker@cvs.openbsd.org 2009/10/24 00:48:34 + [ssh-keygen.1] + ssh-keygen now uses AES-128 for private keys + - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro. + - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux + is enabled set the security context to "sftpd_t" before running the + internal sftp server Based on a patch from jchadima at redhat. + +20091011 + - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for + dirent d_type and DTTOIF as we've switched OpenBSD to the more portable + lstat. + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2009/10/08 14:03:41 + [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] + disable protocol 1 by default (after a transition period of about 10 years) + ok deraadt + - jmc@cvs.openbsd.org 2009/10/08 20:42:12 + [sshd_config.5 ssh_config.5 sshd.8 ssh.1] + some tweaks now that protocol 1 is not offered by default; ok markus + - dtucker@cvs.openbsd.org 2009/10/11 10:41:26 + [sftp-client.c] + d_type isn't portable so use lstat to get dirent modes. Suggested by and + "looks sane" deraadt@ + - markus@cvs.openbsd.org 2009/10/08 18:04:27 + [regress/test-exec.sh] + re-enable protocol v1 for the tests. + +20091007 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2009/08/12 00:13:00 + [sftp.c sftp.1] + support most of scp(1)'s commandline arguments in sftp(1), as a first + step towards making sftp(1) a drop-in replacement for scp(1). + One conflicting option (-P) has not been changed, pending further + discussion. + Patch from carlosvsilvapt@gmail.com as part of his work in the + Google Summer of Code + - jmc@cvs.openbsd.org 2009/08/12 06:31:42 + [sftp.1] + sort options; + - djm@cvs.openbsd.org 2009/08/13 01:11:19 + [sftp.1 sftp.c] + Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", + add "-P port" to match scp(1). Fortunately, the -P option is only really + used by our regression scripts. + part of larger patch from carlosvsilvapt@gmail.com for his Google Summer + of Code work; ok deraadt markus + - jmc@cvs.openbsd.org 2009/08/13 13:39:54 + [sftp.1 sftp.c] + sync synopsis and usage(); + - djm@cvs.openbsd.org 2009/08/14 18:17:49 + [sftp-client.c] + make the "get_handle: ..." error messages vaguely useful by allowing + callers to specify their own error message strings. + - fgsch@cvs.openbsd.org 2009/08/15 18:56:34 + [auth.h] + remove unused define. markus@ ok. + (Id sync only, Portable still uses this.) + - dtucker@cvs.openbsd.org 2009/08/16 23:29:26 + [sshd_config.5] + Add PubkeyAuthentication to the list allowed in a Match block (bz #1577) + - djm@cvs.openbsd.org 2009/08/18 18:36:21 + [sftp-client.h sftp.1 sftp-client.c sftp.c] + recursive transfer support for get/put and on the commandline + work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code + with some tweaks by me; "go for it" deraadt@ + - djm@cvs.openbsd.org 2009/08/18 21:15:59 + [sftp.1] + fix "get" command usage, spotted by jmc@ + - jmc@cvs.openbsd.org 2009/08/19 04:56:03 + [sftp.1] + ether -> either; + - dtucker@cvs.openbsd.org 2009/08/20 23:54:28 + [mux.c] + subsystem_flag is defined in ssh.c so it's extern; ok djm + - djm@cvs.openbsd.org 2009/08/27 17:28:52 + [sftp-server.c] + allow setting an explicit umask on the commandline to override whatever + default the user has. bz#1229; ok dtucker@ deraadt@ markus@ + - djm@cvs.openbsd.org 2009/08/27 17:33:49 + [ssh-keygen.c] + force use of correct hash function for random-art signature display + as it was inheriting the wrong one when bubblebabble signatures were + activated; bz#1611 report and patch from fwojcik+openssh AT besh.com; + ok markus@ + - djm@cvs.openbsd.org 2009/08/27 17:43:00 + [sftp-server.8] + allow setting an explicit umask on the commandline to override whatever + default the user has. bz#1229; ok dtucker@ deraadt@ markus@ + - djm@cvs.openbsd.org 2009/08/27 17:44:52 + [authfd.c ssh-add.c authfd.h] + Do not fall back to adding keys without contraints (ssh-add -c / -t ...) + when the agent refuses the constrained add request. This was a useful + migration measure back in 2002 when constraints were new, but just + adds risk now. + bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@ + - djm@cvs.openbsd.org 2009/08/31 20:56:02 + [sftp-server.c] + check correct variable for error message, spotted by martynas@ + - djm@cvs.openbsd.org 2009/08/31 21:01:29 + [sftp-server.8] + document -e and -h; prodded by jmc@ + - djm@cvs.openbsd.org 2009/09/01 14:43:17 + [ssh-agent.c] + fix a race condition in ssh-agent that could result in a wedged or + spinning agent: don't read off the end of the allocated fd_sets, and + don't issue blocking read/write on agent sockets - just fall back to + select() on retriable read/write errors. bz#1633 reported and tested + by "noodle10000 AT googlemail.com"; ok dtucker@ markus@ + - grunk@cvs.openbsd.org 2009/10/01 11:37:33 + [dh.c] + fix a cast + ok djm@ markus@ + - djm@cvs.openbsd.org 2009/10/06 04:46:40 + [session.c] + bz#1596: fflush(NULL) before exec() to ensure that everying (motd + in particular) has made it out before the streams go away. + - djm@cvs.openbsd.org 2008/12/07 22:17:48 + [regress/addrmatch.sh] + match string "passwordauthentication" only at start of line, not anywhere + in sshd -T output + - dtucker@cvs.openbsd.org 2009/05/05 07:51:36 + [regress/multiplex.sh] + Always specify ssh_config for multiplex tests: prevents breakage caused + by options in ~/.ssh/config. From Dan Peterson. + - djm@cvs.openbsd.org 2009/08/13 00:57:17 + [regress/Makefile] + regression test for port number parsing. written as part of the a2port + change that went into 5.2 but I forgot to commit it at the time... + - djm@cvs.openbsd.org 2009/08/13 01:11:55 + [regress/sftp-batch.sh regress/sftp-badcmds.sh regress/sftp.sh + regress/sftp-cmds.sh regres/sftp-glob.sh] + date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7 + Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", + add "-P port" to match scp(1). Fortunately, the -P option is only really + used by our regression scripts. + part of larger patch from carlosvsilvapt@gmail.com for his Google Summer + of Code work; ok deraadt markus + - djm@cvs.openbsd.org 2009/08/20 18:43:07 + [regress/ssh-com-sftp.sh] + fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos + Silva for Google Summer of Code + - dtucker@cvs.openbsd.org 2009/10/06 23:51:49 + [regress/ssh2putty.sh] + Add OpenBSD tag to make syncs easier + - (dtucker) [regress/portnum.sh] Import new test. + - (dtucker) [configure.ac sftp-client.c] DTOTIF is in fs/ffs/dir.h on at + least dragonflybsd. + - (dtucker) d_type is not mandated by POSIX, so add fallback code using + stat(), needed on at least cygwin. + +20091002 + - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps. + spotted by des AT des.no + 20090926 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update for release |