svn commit: r285033 - in vendor-crypto/openssh/dist: . contrib/redhat contrib/suse openbsd-compat regress regress/unittests/hostkeys regress/unittests/sshkey
Dag-Erling Smørgrav
des at FreeBSD.org
Thu Jul 2 13:18:51 UTC 2015
Author: des
Date: Thu Jul 2 13:18:50 2015
New Revision: 285033
URL: https://svnweb.freebsd.org/changeset/base/285033
Log:
Vendor import of OpenSSH 6.9p1.
Added:
vendor-crypto/openssh/dist/regress/cfgparse.sh (contents, props changed)
vendor-crypto/openssh/dist/regress/principals-command.sh (contents, props changed)
Modified:
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/PROTOCOL
vendor-crypto/openssh/dist/PROTOCOL.agent
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/auth-chall.c
vendor-crypto/openssh/dist/auth-options.c
vendor-crypto/openssh/dist/auth-pam.c
vendor-crypto/openssh/dist/auth.c
vendor-crypto/openssh/dist/auth.h
vendor-crypto/openssh/dist/auth2-hostbased.c
vendor-crypto/openssh/dist/auth2-pubkey.c
vendor-crypto/openssh/dist/authfd.c
vendor-crypto/openssh/dist/authfile.c
vendor-crypto/openssh/dist/channels.c
vendor-crypto/openssh/dist/channels.h
vendor-crypto/openssh/dist/clientloop.c
vendor-crypto/openssh/dist/compat.c
vendor-crypto/openssh/dist/compat.h
vendor-crypto/openssh/dist/config.guess
vendor-crypto/openssh/dist/configure
vendor-crypto/openssh/dist/configure.ac
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/dh.c
vendor-crypto/openssh/dist/dh.h
vendor-crypto/openssh/dist/digest-libc.c
vendor-crypto/openssh/dist/dispatch.c
vendor-crypto/openssh/dist/dns.h
vendor-crypto/openssh/dist/groupaccess.c
vendor-crypto/openssh/dist/gss-genr.c
vendor-crypto/openssh/dist/gss-serv.c
vendor-crypto/openssh/dist/hmac.c
vendor-crypto/openssh/dist/hostfile.c
vendor-crypto/openssh/dist/kex.c
vendor-crypto/openssh/dist/kexc25519.c
vendor-crypto/openssh/dist/kexc25519s.c
vendor-crypto/openssh/dist/kexgexc.c
vendor-crypto/openssh/dist/kexgexs.c
vendor-crypto/openssh/dist/krl.c
vendor-crypto/openssh/dist/match.c
vendor-crypto/openssh/dist/match.h
vendor-crypto/openssh/dist/misc.c
vendor-crypto/openssh/dist/moduli
vendor-crypto/openssh/dist/monitor.c
vendor-crypto/openssh/dist/monitor_wrap.c
vendor-crypto/openssh/dist/monitor_wrap.h
vendor-crypto/openssh/dist/mux.c
vendor-crypto/openssh/dist/myproposal.h
vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c
vendor-crypto/openssh/dist/openbsd-compat/blowfish.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h
vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
vendor-crypto/openssh/dist/openbsd-compat/rmd160.c
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/regress/Makefile
vendor-crypto/openssh/dist/regress/README.regress
vendor-crypto/openssh/dist/regress/cipher-speed.sh
vendor-crypto/openssh/dist/regress/hostkey-rotate.sh
vendor-crypto/openssh/dist/regress/integrity.sh
vendor-crypto/openssh/dist/regress/kextype.sh
vendor-crypto/openssh/dist/regress/keys-command.sh
vendor-crypto/openssh/dist/regress/netcat.c
vendor-crypto/openssh/dist/regress/ssh-com.sh
vendor-crypto/openssh/dist/regress/ssh2putty.sh
vendor-crypto/openssh/dist/regress/test-exec.sh
vendor-crypto/openssh/dist/regress/try-ciphers.sh
vendor-crypto/openssh/dist/regress/unittests/hostkeys/test_iterate.c
vendor-crypto/openssh/dist/regress/unittests/sshkey/test_sshkey.c
vendor-crypto/openssh/dist/rijndael.c
vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
vendor-crypto/openssh/dist/sandbox-systrace.c
vendor-crypto/openssh/dist/scp.c
vendor-crypto/openssh/dist/servconf.c
vendor-crypto/openssh/dist/servconf.h
vendor-crypto/openssh/dist/session.c
vendor-crypto/openssh/dist/sftp-client.c
vendor-crypto/openssh/dist/sftp-client.h
vendor-crypto/openssh/dist/sftp-server.c
vendor-crypto/openssh/dist/ssh-add.0
vendor-crypto/openssh/dist/ssh-add.1
vendor-crypto/openssh/dist/ssh-add.c
vendor-crypto/openssh/dist/ssh-agent.0
vendor-crypto/openssh/dist/ssh-agent.1
vendor-crypto/openssh/dist/ssh-agent.c
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh-keyscan.c
vendor-crypto/openssh/dist/ssh-keysign.c
vendor-crypto/openssh/dist/ssh-pkcs11.c
vendor-crypto/openssh/dist/ssh-rsa.c
vendor-crypto/openssh/dist/ssh.0
vendor-crypto/openssh/dist/ssh.1
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/ssh_config.0
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshbuf-misc.c
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshconnect2.c
vendor-crypto/openssh/dist/sshd.0
vendor-crypto/openssh/dist/sshd.8
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config
vendor-crypto/openssh/dist/sshd_config.0
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshkey.c
vendor-crypto/openssh/dist/sshkey.h
vendor-crypto/openssh/dist/sshpty.c
vendor-crypto/openssh/dist/uidswap.c
vendor-crypto/openssh/dist/uuencode.c
vendor-crypto/openssh/dist/version.h
vendor-crypto/openssh/dist/xmalloc.c
vendor-crypto/openssh/dist/xmalloc.h
Modified: vendor-crypto/openssh/dist/ChangeLog
==============================================================================
--- vendor-crypto/openssh/dist/ChangeLog Thu Jul 2 13:16:27 2015 (r285032)
+++ vendor-crypto/openssh/dist/ChangeLog Thu Jul 2 13:18:50 2015 (r285033)
@@ -1,8584 +1,8935 @@
-commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
-Author: Tim Rice <tim at multitalents.net>
-Date: Mon Mar 16 22:49:20 2015 -0700
-
- portability fix: Solaris systems may not have a grep that understands -q
-
-commit 8ef691f7d9ef500257a549d0906d78187490668f
-Author: Damien Miller <djm at google.com>
-Date: Wed Mar 11 10:35:26 2015 +1100
+commit 7de4b03a6e4071d454b72927ffaf52949fa34545
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Jul 1 02:32:17 2015 +0000
- fix compile with clang
+ upstream commit
+
+ twiddle; (this commit marks the openssh-6.9 release)
+
+ Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
-commit 4df590cf8dc799e8986268d62019b487a8ed63ad
-Author: Damien Miller <djm at google.com>
-Date: Wed Mar 11 10:02:39 2015 +1100
+commit 1bf477d3cdf1a864646d59820878783d42357a1d
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Jul 1 02:26:31 2015 +0000
- make unit tests work for !OPENSSH_HAS_ECC
+ upstream commit
+
+ better refuse ForwardX11Trusted=no connections attempted
+ after ForwardX11Timeout expires; reported by Jann Horn
+
+ Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
-commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
+commit 47aa7a0f8551b471fcae0447c1d78464f6dba869
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Sat Mar 7 04:41:48 2015 +0000
+Date: Wed Jul 1 01:56:13 2015 +0000
upstream commit
- unbreak for w/SSH1 (default) case; ok markus@ deraadt@
+ put back default PermitRootLogin=no
+
+ Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
-commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Mar 5 18:39:20 2015 -0800
+commit 984b064fe2a23733733262f88d2e1b2a1a501662
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Jul 1 01:55:13 2015 +0000
- unbreak hostkeys test for w/ SSH1 case
+ upstream commit
+
+ openssh-6.9
+
+ Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
-commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
+commit d921082ed670f516652eeba50705e1e9f6325346
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Mar 6 01:40:56 2015 +0000
+Date: Wed Jul 1 01:55:00 2015 +0000
upstream commit
- fix sshkey_certify() return value for unsupported key types;
- ok markus@ deraadt@
+ reset default PermitRootLogin to 'yes' (momentarily, for
+ release)
+
+ Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
-commit be8f658e550a434eac04256bfbc4289457a24e99
+commit 66295e0e1ba860e527f191b6325d2d77dec4dbce
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Mar 4 15:38:03 2015 -0800
+Date: Wed Jul 1 11:49:12 2015 +1000
- update version numbers to match version.h
+ crank version numbers for release
-commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc
+commit 37035c07d4f26bb1fbe000d2acf78efdb008681d
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Jul 1 10:49:37 2015 +1000
+
+ s/--with-ssh1/--without-ssh1/
+
+commit 629df770dbadc2accfbe1c81b3f31f876d0acd84
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Wed Mar 4 23:22:35 2015 +0000
+Date: Tue Jun 30 05:25:07 2015 +0000
upstream commit
- make these work with !SSH1; ok markus@ deraadt@
+ fatal() when a remote window update causes the window
+ value to overflow. Reported by Georg Wicherski, ok markus@
+
+ Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
-commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
+commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Wed Mar 4 21:12:59 2015 +0000
+Date: Tue Jun 30 05:23:25 2015 +0000
upstream commit
- make ssh-add -D work with !SSH1 agent
+ Fix math error in remote window calculations that causes
+ eventual stalls for datagram channels. Reported by Georg Wicherski, ok
+ markus@
+
+ Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
-commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b
+commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Mar 4 00:55:48 2015 -0800
+Date: Tue Jun 30 16:05:40 2015 +1000
- netcat needs poll.h portability goop
+ skip IPv6-related portions on hosts without IPv6
+
+ with Tim Rice
-commit dad2b1892b4c1b7e58df483a8c5b983c4454e099
-Author: markus at openbsd.org <markus at openbsd.org>
-Date: Tue Mar 3 22:35:19 2015 +0000
+commit 512caddf590857af6aa12218461b5c0441028cf5
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jun 29 22:35:12 2015 +0000
upstream commit
- make it possible to run tests w/o ssh1 support; ok djm@
+ add getpid to sandbox, reachable by grace_alarm_handler
+
+ reported by Jakub Jelen; bz#2419
+
+ Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
-commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
+commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Wed Mar 4 18:53:53 2015 +0000
+Date: Fri Jun 26 05:13:20 2015 +0000
upstream commit
- crank; ok markus, deraadt
+ Fix \-escaping bug that caused forward path parsing to skip
+ two characters and skip past the end of the string.
+
+ Based on patch by Salvador Fandino; ok dtucker@
+
+ Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
-commit bbffb23daa0b002dd9f296e396a9ab8a5866b339
+commit bc20205c91c9920361d12b15d253d4997dba494a
Author: Damien Miller <djm at mindrot.org>
-Date: Tue Mar 3 13:50:27 2015 -0800
+Date: Thu Jun 25 09:51:39 2015 +1000
- more --without-ssh1 fixes
+ add missing pselect6
+
+ patch from Jakub Jelen
-commit 6c2039286f503e2012a58a1d109e389016e7a99b
-Author: Damien Miller <djm at mindrot.org>
-Date: Tue Mar 3 13:48:48 2015 -0800
+commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Jun 24 23:47:23 2015 +0000
- fix merge both that broke --without-ssh1 compile
+ upstream commit
+
+ correct test to sshkey_sign(); spotted by Albert S.
+
+ Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
-commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Tue Mar 3 21:21:13 2015 +0000
+commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed Jun 24 01:49:19 2015 +0000
upstream commit
- add SSH1 Makefile knob to make it easier to build without
- SSH1 support; ok markus@
+ Revert previous commit. We still want to call setgroups
+ in the case where there are zero groups to remove any that we might otherwise
+ inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
+ to setgroups is always a static global it's always valid to dereference in
+ this case. ok deraadt@ djm@
+
+ Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
-commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c
+commit 882f8bf94f79528caa65b0ba71c185d705bb7195
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed Jun 24 01:49:19 2015 +0000
+
+ upstream commit
+
+ Revert previous commit. We still want to call setgroups in
+ the case where there are zero groups to remove any that we might otherwise
+ inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
+ to setgroups is always a static global it's always valid to dereference in
+ this case. ok deraadt@ djm@
+
+ Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
+
+commit 9488538a726951e82b3a4374f3c558d72c80a89b
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Tue Mar 3 20:42:49 2015 +0000
+Date: Mon Jun 22 23:42:16 2015 +0000
upstream commit
- expand __unused to full __attribute__ for better portability
+ Don't count successful partial authentication as failures
+ in monitor; this may have caused the monitor to refuse multiple
+ authentications that would otherwise have successfully completed; ok markus@
+
+ Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3
-commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Mar 4 07:41:27 2015 +1100
+commit 63b78d003bd8ca111a736e6cea6333da50f5f09b
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Jun 22 12:29:57 2015 +0000
- avoid warning
+ upstream commit
+
+ Don't call setgroups if we have zero groups; there's no
+ guarantee that it won't try to deref the pointer. Based on a patch from mail
+ at quitesimple.org, ok djm deraadt
+
+ Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
-commit d1bc844322461f882b4fd2277ba9a8d4966573d2
+commit 5c15e22c691c79a47747bcf5490126656f97cecd
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Mar 4 06:31:45 2015 +1100
+Date: Thu Jun 18 15:07:56 2015 +1000
- Revert "define __unused to nothing if not already defined"
+ fix syntax error
+
+commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403
+Author: jsing at openbsd.org <jsing at openbsd.org>
+Date: Mon Jun 15 18:44:22 2015 +0000
+
+ upstream commit
- This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
+ If AuthorizedPrincipalsCommand is specified, however
+ AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
+ potentially fail due to key_cert_check_authority() failing to locate a
+ principal that matches the username, even though an authorized principal has
+ already been matched in the output of the subprocess. Fix this by using the
+ same logic to determine if pw->pw_name should be passed, as is used to
+ determine if a authorized principal must be matched earlier on.
- Some system headers have objects named __unused
+ ok djm@
+
+ Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
-commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1
+commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905
+Author: jsing at openbsd.org <jsing at openbsd.org>
+Date: Mon Jun 15 18:42:19 2015 +0000
+
+ upstream commit
+
+ Make the arguments to match_principals_command() similar
+ to match_principals_file(), by changing the last argument a struct
+ sshkey_cert * and dereferencing key->cert in the caller.
+
+ No functional change.
+
+ ok djm@
+
+ Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
+
+commit 97e2e1596c202a4693468378b16b2353fd2d6c5e
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Mar 4 05:02:45 2015 +1100
+Date: Wed Jun 17 14:36:54 2015 +1000
- check for crypt and DES_crypt in openssl block
+ trivial optimisation for seccomp-bpf
- fixes builds on systems that use DES_crypt; based on patch
- from Roumen Petrov
+ When doing arg inspection and the syscall doesn't match, skip
+ past the instruction that reloads the syscall into the accumulator,
+ since the accumulator hasn't been modified at this point.
-commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908
+commit 99f33d7304893bd9fa04d227cb6e870171cded19
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Mar 4 04:59:13 2015 +1100
+Date: Wed Jun 17 10:50:51 2015 +1000
- define __unused to nothing if not already defined
+ aarch64 support for seccomp-bpf sandbox
- fixes builds on BSD/OS
+ Also resort and tidy syscall list. Based on patches by Jakub Jelen
+ bz#2361; ok dtucker@
-commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9
+commit 4ef702e1244633c1025ec7cfe044b9ab267097bf
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Tue Mar 3 17:53:40 2015 +0000
+Date: Mon Jun 15 01:32:50 2015 +0000
upstream commit
- reorder logic for better portability; patch from Roumen
- Petrov
+ return failure on RSA signature error; reported by Albert S
+
+ Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa
-commit 68d2dfc464fbcdf8d6387884260f9801f4352393
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Tue Mar 3 06:48:58 2015 +0000
+commit a170f22baf18af0b1acf2788b8b715605f41a1f9
+Author: Tim Rice <tim at multitalents.net>
+Date: Tue Jun 9 22:41:13 2015 -0700
+
+ Fix t12 rules for out of tree builds.
+
+commit ec04dc4a5515c913121bc04ed261857e68fa5c18
+Author: millert at openbsd.org <millert at openbsd.org>
+Date: Fri Jun 5 15:13:13 2015 +0000
upstream commit
- Allow "ssh -Q protocol-version" to list supported SSH
- protocol versions. Useful for detecting builds without SSH v.1 support; idea
- and ok markus@
+ For "ssh -L 12345:/tmp/sock" don't fail with "No forward host
+ name." (we have a path, not a host name). Based on a diff from Jared
+ Yanovich. OK djm@
+
+ Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
-commit 39e2f1229562e1195169905607bc12290d21f021
-Author: millert at openbsd.org <millert at openbsd.org>
-Date: Sun Mar 1 15:44:40 2015 +0000
+commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Jun 5 03:44:14 2015 +0000
upstream commit
- Make sure we only call getnameinfo() for AF_INET or AF_INET6
- sockets. getpeername() of a Unix domain socket may return without error on
- some systems without actually setting ss_family so getnameinfo() was getting
- called with ss_family set to AF_UNSPEC. OK djm@
+ typo: accidental repetition; bz#2386
+
+ Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
-commit e47536ba9692d271b8ad89078abdecf0a1c11707
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Feb 28 08:20:11 2015 -0800
+commit adfb24c69d1b6f5e758db200866c711e25a2ba73
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Jun 5 14:51:40 2015 +1000
- portability fixes for regress/netcat.c
+ Add Linux powerpc64le and powerpcle entries.
- Mostly avoiding "err(1, NULL)"
+ Stopgap to resolve bz#2409 because we are so close to release and will
+ update config.guess and friends shortly after the release. ok djm@
-commit 02973ad5f6f49d8420e50a392331432b0396c100
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Feb 28 08:05:27 2015 -0800
+commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da
+Merge: 6397eed d2480bc
+Author: Tim Rice <tim at multitalents.net>
+Date: Wed Jun 3 21:43:13 2015 -0700
- twiddle another test for portability
+ Merge branch 'master' of git.mindrot.org:/var/git/openssh
+
+commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc
+Author: Tim Rice <tim at multitalents.net>
+Date: Wed Jun 3 21:41:11 2015 -0700
+
+ Remove unneeded backslashes. Patch from Ángel González
+
+commit d2480bcac1caf31b03068de877a47d6e1027bf6d
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Thu Jun 4 14:10:55 2015 +1000
+
+ Remove redundant include of stdarg.h. bz#2410
+
+commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Jun 2 09:10:40 2015 +0000
+
+ upstream commit
- from Tom G. Christensen
+ mention CheckHostIP adding addresses to known_hosts;
+ bz#1993; ok dtucker@
+
+ Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
-commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Feb 27 15:52:49 2015 -0800
+commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Tue Jun 2 20:15:26 2015 +1000
- twiddle test for portability
+ Replace strcpy with strlcpy.
+
+ ok djm, sanity check by Corinna Vinschen.
-commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83
+commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143
Author: Damien Miller <djm at mindrot.org>
-Date: Thu Feb 26 20:33:22 2015 -0800
+Date: Fri May 29 18:27:21 2015 +1000
- make regress/netcat.c fd passing (more) portable
+ skip, rather than fatal when run without SUDO set
-commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea
+commit 599f01142a376645b15cbc9349d7e8975e1cf245
Author: Damien Miller <djm at mindrot.org>
-Date: Thu Feb 26 20:32:58 2015 -0800
+Date: Fri May 29 18:03:15 2015 +1000
- create OBJ/valgrind-out before running unittests
+ fix merge botch that left ",," in KEX algs
-commit bd58853102cee739f0e115e6d4b5334332ab1442
+commit 0c2a81dfc21822f2423edd30751e5ec53467b347
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Feb 25 16:58:22 2015 -0800
+Date: Fri May 29 17:08:28 2015 +1000
- valgrind support
+ re-enable SSH protocol 1 at compile time
-commit f43d17269194761eded9e89f17456332f4c83824
+commit db438f9285d64282d3ac9e8c0944f59f037c0151
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Thu Feb 26 20:45:47 2015 +0000
+Date: Fri May 29 03:05:13 2015 +0000
upstream commit
- don't printf NULL key comments; reported by Tom Christensen
+ make this work without SUDO set; ok dtucker@
+
+ Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715
-commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8
+commit 1d9a2e2849c9864fe75daabf433436341c968e14
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Wed Feb 25 23:05:47 2015 +0000
+Date: Thu May 28 07:37:31 2015 +0000
upstream commit
- zero cmsgbuf before use; we initialise the bits we use
- but valgrind still spams warning on it
+ wrap all moduli-related code in #ifdef WITH_OPENSSL.
+ based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
+
+ Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
-commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Wed Feb 25 19:54:02 2015 +0000
+commit 496aeb25bc2d6c434171292e4714771b594bd00e
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Thu May 28 05:41:29 2015 +0000
upstream commit
- fix small memory leak when UpdateHostkeys=no
+ Increase the allowed length of the known host file name
+ in the log message to be consistent with other cases. Part of bz#1993, ok
+ deraadt.
+
+ Upstream-ID: a9e97567be49f25daf286721450968251ff78397
-commit e6b950341dd75baa8526f1862bca39e52f5b879b
-Author: Tim Rice <tim at multitalents.net>
-Date: Wed Feb 25 09:56:48 2015 -0800
+commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Thu May 28 05:09:45 2015 +0000
- Revert "Work around finicky USL linker so netcat will build."
+ upstream commit
- This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
+ Fix typo (keywork->keyword)
- No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
+ Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534
-commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0
+commit 9cc6842493fbf23025ccc1edab064869640d3bec
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Wed Feb 25 17:29:38 2015 +0000
+Date: Thu May 28 04:50:53 2015 +0000
upstream commit
- don't leak validity of user in "too many authentication
- failures" disconnect message; reported by Sebastian Reitenbach
+ add error message on ftruncate failure; bz#2176
+
+ Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf
-commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
-Author: naddy at openbsd.org <naddy at openbsd.org>
-Date: Tue Feb 24 15:24:05 2015 +0000
+commit d1958793a0072c22be26d136dbda5ae263e717a0
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu May 28 04:40:13 2015 +0000
upstream commit
- add -v (show ASCII art) to -l's synopsis; ok djm@
+ make ssh-keygen default to ed25519 keys when compiled
+ without OpenSSL; bz#2388, ok dtucker@
+
+ Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71
-commit 678e473e2af2e4802f24dd913985864d9ead7fb3
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Feb 26 04:12:58 2015 +1100
+commit 3ecde664c9fc5fb3667aedf9e6671462600f6496
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed May 27 23:51:10 2015 +0000
- Remove dependency on xmalloc.
+ upstream commit
- Remove ssh_get_progname's dependency on xmalloc, which should reduce
- link order problems. ok djm@
+ Reorder client proposal to prefer
+ diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@
+
+ Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058
-commit 5d5ec165c5b614b03678afdad881f10e25832e46
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Wed Feb 25 15:32:49 2015 +1100
+commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed May 27 23:39:18 2015 +0000
- Restrict ECDSA and ECDH tests.
+ upstream commit
- ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
- that does not have eliptic curve functionality.
+ Add a stronger (4k bit) fallback group that sshd can use
+ when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok
+ markus@ (earlier version), djm@
+
+ Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4
-commit 1734e276d99b17e92d4233fac7aef3a3180aaca7
+commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Wed Feb 25 13:40:45 2015 +1100
+Date: Thu May 28 10:03:40 2015 +1000
- Move definition of _NSIG.
+ New moduli file from OpenBSD, removing 1k groups.
- _NSIG is only unsed in one file, so move it there prevent redefinition
- warnings reported by Kevin Brott.
+ Remove 1k bit groups. ok deraadt@, markus@
-commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Wed Feb 25 13:17:40 2015 +1100
-
- Add includes.h for compatibility stuff.
-
-commit 38806bda6d2e48ad32812b461eebe17672ada771
-Author: Damien Miller <djm at mindrot.org>
-Date: Tue Feb 24 16:50:06 2015 -0800
-
- include netdb.h to look for MAXHOSTNAMELEN; ok tim
-
-commit d1db656021d0cd8c001a6692f772f1de29b67c8b
-Author: Tim Rice <tim at multitalents.net>
-Date: Tue Feb 24 10:42:08 2015 -0800
-
- Work around finicky USL linker so netcat will build.
-
-commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3
-Author: Damien Miller <djm at mindrot.org>
-Date: Tue Feb 24 09:23:04 2015 -0800
+commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed May 27 05:15:02 2015 +0000
- include includes.h to avoid build failure on AIX
+ upstream commit
+
+ support PKCS#11 devices with external PIN entry devices
+ bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
+
+ Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
-commit 13af342458f5064144abbb07e5ac9bbd4eb42567
-Author: Tim Rice <tim at multitalents.net>
-Date: Tue Feb 24 07:56:47 2015 -0800
+commit b282fec1aa05246ed3482270eb70fc3ec5f39a00
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue May 26 23:23:40 2015 +0000
- Original portability patch from djm@ for platforms missing err.h.
- Fix name space clash on Solaris 10. Still more to do for Solaris 10
- to deal with msghdr structure differences. ok djm@
+ upstream commit
+
+ Cap DH-GEX group size at 4kbits for Cisco implementations.
+ Some of them will choke when asked for preferred sizes >4k instead of
+ returning the 4k group that they do have. bz#2209, ok djm@
+
+ Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
-commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2
-Author: Tim Rice <tim at multitalents.net>
-Date: Mon Feb 23 22:06:56 2015 -0800
+commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun May 24 23:39:16 2015 +0000
- cleaner way fix dispatch.h portion of commit
- a88dd1da119052870bb2654c1a32c51971eade16
- (some systems have sig_atomic_t in signal.h, some in sys/signal.h)
- Sounds good to me djm@
+ upstream commit
+
+ add missing 'c' option to getopt(), case statement was
+ already there; from Felix Bolte
+
+ Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081
-commit 676c38d7cbe65b76bbfff796861bb6615cc6a596
-Author: Tim Rice <tim at multitalents.net>
-Date: Mon Feb 23 21:51:33 2015 -0800
+commit 64a89ec07660abba4d0da7c0095b7371c98bab62
+Author: jsg at openbsd.org <jsg at openbsd.org>
+Date: Sat May 23 14:28:37 2015 +0000
- portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255
+ upstream commit
+
+ fix a memory leak in an error path ok markus@ dtucker@
+
+ Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598
-commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6
-Author: Tim Rice <tim at multitalents.net>
-Date: Mon Feb 23 21:50:34 2015 -0800
+commit f948737449257d2cb83ffcfe7275eb79b677fd4a
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri May 22 05:28:45 2015 +0000
- portablity fix: s/__inline__/inline/
+ upstream commit
+
+ mention ssh-keygen -E for comparing legacy MD5
+ fingerprints; bz#2332
+
+ Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
-commit 4c356308a88d309c796325bb75dce90ca16591d5
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Tue Feb 24 13:49:31 2015 +1100
+commit 0882332616e4f0272c31cc47bf2018f9cb258a4e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri May 22 04:45:52 2015 +0000
- Wrap stdint.h includes in HAVE_STDINT_H.
+ upstream commit
+
+ Reorder EscapeChar option parsing to avoid a single-byte
+ out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
+
+ Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
-commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Tue Feb 24 13:43:57 2015 +1100
+commit d7c31da4d42c115843edee2074d7d501f8804420
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri May 22 03:50:02 2015 +0000
- Add AI_NUMERICSERV to fake-rfc2553.
+ upstream commit
- Our getaddrinfo implementation always returns numeric values already.
+ add knob to relax GSSAPI host credential check for
+ multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
+ (kerberos/GSSAPI is not compiled by default on OpenBSD)
+
+ Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d
-commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4
+commit aa72196a00be6e0b666215edcffbc10af234cb0e
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Tue Feb 24 13:39:57 2015 +1100
+Date: Fri May 22 17:49:46 2015 +1000
- Include OpenSSL's objects.h before bn.h.
+ Include signal.h for sig_atomic_t, used by kex.h.
- Prevents compile errors on some platforms (at least old GCCs and AIX's
- XLC compilers).
+ bz#2402, from tomas.kuthan at oracle com.
-commit dcc8997d116f615195aa7c9ec019fb36c28c6228
+commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Tue Feb 24 12:30:59 2015 +1100
+Date: Fri May 22 12:47:24 2015 +1000
- Convert two macros into functions.
-
- Convert packet_send_debug and packet_disconnect from macros to
- functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
- variadic macros with only one argument so we convert these two into
- functions. ok djm@
+ Import updated moduli file from OpenBSD.
-commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
+commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Mon Feb 23 22:21:21 2015 +0000
+Date: Thu May 21 12:01:19 2015 +0000
upstream commit
- further silence spurious error message even when -v is
- specified (e.g. to get visual host keys); reported by naddy@
+ Support "ssh-keygen -lF hostname" to find search known_hosts
+ and print key hashes. Already advertised by ssh-keygen(1), but not delivered
+ by code; ok dtucker@
+
+ Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387
-commit 9af21979c00652029e160295e988dea40758ece2
+commit e97201feca10b5196da35819ae516d0b87cf3a50
Author: Damien Miller <djm at mindrot.org>
-Date: Tue Feb 24 09:04:32 2015 +1100
+Date: Thu May 21 17:55:15 2015 +1000
- don't include stdint.h unless HAVE_STDINT_H set
+ conditionalise util.h inclusion
-commit 62f678dd51660d6f8aee1da33d3222c5de10a89e
-Author: Damien Miller <djm at mindrot.org>
-Date: Tue Feb 24 09:02:54 2015 +1100
+commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu May 21 06:44:25 2015 +0000
- nother sys/queue.h -> sys-queue.h fix
+ upstream commit
- spotted by Tom Christensen
+ regress test for AuthorizedPrincipalsCommand
+
+ Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219
-commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
+commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Mon Feb 23 20:32:15 2015 +0000
+Date: Thu May 21 06:40:02 2015 +0000
upstream commit
- fix a race condition by using a mux socket rather than an
- ineffectual wait statement
+ regress test for AuthorizedKeysCommand arguments
+
+ Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12
-commit a88dd1da119052870bb2654c1a32c51971eade16
-Author: Damien Miller <djm at mindrot.org>
-Date: Tue Feb 24 06:30:29 2015 +1100
+commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu May 21 06:43:30 2015 +0000
- various include fixes for portable
+ upstream commit
+
+ add AuthorizedPrincipalsCommand that allows getting
+ authorized_principals from a subprocess rather than a file, which is quite
+ useful in deployments with large userbases
+
+ feedback and ok markus@
+
+ Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
-commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd
+commit 24232a3e5ab467678a86aa67968bbb915caffed4
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Mon Feb 23 16:55:51 2015 +0000
+Date: Thu May 21 06:38:35 2015 +0000
upstream commit
- add an XXX to remind me to improve sshkey_load_public
+ support arguments to AuthorizedKeysCommand
+
+ bz#2081 loosely based on patch by Sami Hartikainen
+ feedback and ok markus@
+
+ Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7
-commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
+commit d80fbe41a57c72420c87a628444da16d09d66ca7
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Mon Feb 23 16:55:31 2015 +0000
+Date: Thu May 21 04:55:51 2015 +0000
upstream commit
- silence a spurious error message when listing
- fingerprints for known_hosts; bz#2342
+ refactor: split base64 encoding of pubkey into its own
+ sshkey_to_base64() function and out of sshkey_write(); ok markus@
+
+ Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
-commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Mon Feb 23 16:33:25 2015 +0000
+commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5
+Author: deraadt at openbsd.org <deraadt at openbsd.org>
+Date: Mon May 18 15:06:05 2015 +0000
upstream commit
- fix setting/clearing of TTY raw mode around
- UpdateHostKeys=ask confirmation question; reported by Herb Goldman
+ getentropy() and sendsyslog() have been around long
+ enough. openssh-portable may want the #ifdef's but not base. discussed with
+ djm few weeks back
+
+ Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926
-commit f2004cd1adf34492eae0a44b1ef84e0e31b06088
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Feb 23 05:04:21 2015 +1100
+commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri May 15 05:44:21 2015 +0000
- Repair for non-ECC OpenSSL.
+ upstream commit
- Ifdef out the ECC parts when building with an OpenSSL that doesn't have
- it.
+ Use a salted hash of the lock passphrase instead of plain
+ text and do constant-time comparisons of it. Should prevent leaking any
+ information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
+ incrementing delay for each failed unlock attempt up to 10s. ok markus@
+ (earlier version), djm@
+
+ Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
-commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Feb 23 03:07:24 2015 +1100
+commit d028d5d3a697c71b21e4066d8672cacab3caa0a8
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue May 5 19:10:58 2015 +1000
- Wrap stdint.h includes in ifdefs.
+ upstream commit
+
+ - tedu at cvs.openbsd.org 2015/01/12 03:20:04
+ [bcrypt_pbkdf.c]
+ rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
+ nor are they the same size.
-commit f81f1bbc5b892c8614ea740b1f92735652eb43f0
-Author: Tim Rice <tim at multitalents.net>
-Date: Sat Feb 21 18:12:10 2015 -0800
+commit f6391d4e59b058984163ab28f4e317e7a72478f1
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue May 5 19:10:23 2015 +1000
- out of tree build fix
+ upstream commit
+
+ - deraadt at cvs.openbsd.org 2015/01/08 00:30:07
+ [bcrypt_pbkdf.c]
+ declare a local version of MIN(), call it MINIMUM()
-commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae
-Author: Tim Rice <tim at multitalents.net>
-Date: Sat Feb 21 18:08:51 2015 -0800
+commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue May 5 19:09:46 2015 +1000
- mkdir kex unit test directory so testing out of tree builds works
+ upstream commit
+
+ - djm at cvs.openbsd.org 2014/12/30 01:41:43
+ [bcrypt_pbkdf.c]
+ typo in comment: ouput => output
-commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
-Author: halex at openbsd.org <halex at openbsd.org>
-Date: Sat Feb 21 21:46:57 2015 +0000
+commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon May 4 06:10:48 2015 +0000
upstream commit
- make "ssh-add -d" properly remove a corresponding
- certificate, and also not whine and fail if there is none
+ Remove pattern length argument from match_pattern_list(), we
+ only ever use it for strlen(pattern).
- ok djm@
+ Prompted by hanno AT hboeck.de pointing an out-of-bound read
+ error caused by an incorrect pattern length found using AFL
+ and his own tools.
+
+ ok markus@
-commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Feb 22 07:57:27 2015 +1100
+commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri May 1 07:10:01 2015 +0000
- mkdir hostkey and bitmap unit test directories
+ upstream commit
+
+ refactor ssh_dispatch_run_fatal() to use sshpkt_fatal()
+ to better report error conditions. Teach sshpkt_fatal() about ECONNRESET.
+
+ Improves error messages on TCP connection resets. bz#2257
+
+ ok dtucker@
-commit bd49da2ef197efac5e38f5399263a8b47990c538
+commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Feb 20 23:46:01 2015 +0000
+Date: Fri May 1 07:08:08 2015 +0000
upstream commit
- sort options useable under Match case-insensitively; prodded
- jmc@
+ a couple of parse targets were missing activep checks,
+ causing them to be misapplied in match context; bz#2272 diagnosis and
+ original patch from Sami Hartikainen ok dtucker@
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list