svn commit: r263970 - in stable/9: . crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cry...
Dag-Erling Smørgrav
des at FreeBSD.org
Mon Mar 31 14:39:57 UTC 2014
Author: des
Date: Mon Mar 31 14:39:56 2014
New Revision: 263970
URL: http://svnweb.freebsd.org/changeset/base/263970
Log:
MFH (r237568, r255422, r255460, r255766, r255767, r255774, r255829,
r256126, r257954, r261320, r261499, r263691, r263712): upgrade to
OpenSSH 6.6p1 via 6.3p1, 6.4p1 and 6.5p1.
Differences relative to head:
- No DNSSEC support since stable/9 does not have LDNS
- Sandboxing off by default, and uses rlimit instead of Capsicum
- ED25519 moved to the bottom of the order of preference to avoid
"new public key" warnings
Added:
stable/9/crypto/openssh/Makefile.in
- copied, changed from r255774, head/crypto/openssh/Makefile.in
stable/9/crypto/openssh/PROTOCOL.chacha20poly1305
- copied unchanged from r261320, head/crypto/openssh/PROTOCOL.chacha20poly1305
stable/9/crypto/openssh/PROTOCOL.key
- copied unchanged from r261320, head/crypto/openssh/PROTOCOL.key
stable/9/crypto/openssh/blocks.c
- copied unchanged from r261320, head/crypto/openssh/blocks.c
stable/9/crypto/openssh/buildpkg.sh.in
- copied unchanged from r255774, head/crypto/openssh/buildpkg.sh.in
stable/9/crypto/openssh/chacha.c
- copied unchanged from r261320, head/crypto/openssh/chacha.c
stable/9/crypto/openssh/chacha.h
- copied unchanged from r261320, head/crypto/openssh/chacha.h
stable/9/crypto/openssh/cipher-chachapoly.c
- copied, changed from r261320, head/crypto/openssh/cipher-chachapoly.c
stable/9/crypto/openssh/cipher-chachapoly.h
- copied unchanged from r261320, head/crypto/openssh/cipher-chachapoly.h
stable/9/crypto/openssh/config.sub
- copied unchanged from r255774, head/crypto/openssh/config.sub
stable/9/crypto/openssh/configure
- copied, changed from r255774, head/crypto/openssh/configure
stable/9/crypto/openssh/configure.ac
- copied, changed from r255774, head/crypto/openssh/configure.ac
stable/9/crypto/openssh/contrib/
- copied from r255774, head/crypto/openssh/contrib/
stable/9/crypto/openssh/crypto_api.h
- copied unchanged from r261320, head/crypto/openssh/crypto_api.h
stable/9/crypto/openssh/digest-libc.c
- copied unchanged from r263712, head/crypto/openssh/digest-libc.c
stable/9/crypto/openssh/digest-openssl.c
- copied unchanged from r263712, head/crypto/openssh/digest-openssl.c
stable/9/crypto/openssh/digest.h
- copied, changed from r261320, head/crypto/openssh/digest.h
stable/9/crypto/openssh/ed25519.c
- copied unchanged from r261320, head/crypto/openssh/ed25519.c
stable/9/crypto/openssh/fe25519.c
- copied unchanged from r261320, head/crypto/openssh/fe25519.c
stable/9/crypto/openssh/fe25519.h
- copied unchanged from r261320, head/crypto/openssh/fe25519.h
stable/9/crypto/openssh/fixalgorithms
- copied unchanged from r255767, head/crypto/openssh/fixalgorithms
stable/9/crypto/openssh/freebsd-configure.sh
- copied unchanged from r255829, head/crypto/openssh/freebsd-configure.sh
stable/9/crypto/openssh/freebsd-post-merge.sh
- copied unchanged from r263691, head/crypto/openssh/freebsd-post-merge.sh
stable/9/crypto/openssh/freebsd-pre-merge.sh
- copied unchanged from r263691, head/crypto/openssh/freebsd-pre-merge.sh
stable/9/crypto/openssh/ge25519.c
- copied unchanged from r261320, head/crypto/openssh/ge25519.c
stable/9/crypto/openssh/ge25519.h
- copied unchanged from r261320, head/crypto/openssh/ge25519.h
stable/9/crypto/openssh/ge25519_base.data
- copied unchanged from r261320, head/crypto/openssh/ge25519_base.data
stable/9/crypto/openssh/hash.c
- copied unchanged from r261320, head/crypto/openssh/hash.c
stable/9/crypto/openssh/hmac.c
- copied unchanged from r263712, head/crypto/openssh/hmac.c
stable/9/crypto/openssh/hmac.h
- copied unchanged from r263712, head/crypto/openssh/hmac.h
stable/9/crypto/openssh/install-sh
- copied unchanged from r255774, head/crypto/openssh/install-sh
stable/9/crypto/openssh/kexc25519.c
- copied, changed from r261320, head/crypto/openssh/kexc25519.c
stable/9/crypto/openssh/kexc25519c.c
- copied unchanged from r261320, head/crypto/openssh/kexc25519c.c
stable/9/crypto/openssh/kexc25519s.c
- copied unchanged from r261320, head/crypto/openssh/kexc25519s.c
stable/9/crypto/openssh/krb5_config.h
- copied, changed from r255829, head/crypto/openssh/krb5_config.h
stable/9/crypto/openssh/mdoc2man.awk
- copied unchanged from r255774, head/crypto/openssh/mdoc2man.awk
stable/9/crypto/openssh/moduli.0
- copied, changed from r255774, head/crypto/openssh/moduli.0
stable/9/crypto/openssh/nchan.ms
- copied unchanged from r255774, head/crypto/openssh/nchan.ms
stable/9/crypto/openssh/nchan2.ms
- copied unchanged from r255774, head/crypto/openssh/nchan2.ms
stable/9/crypto/openssh/openbsd-compat/Makefile.in
- copied, changed from r255774, head/crypto/openssh/openbsd-compat/Makefile.in
stable/9/crypto/openssh/openbsd-compat/arc4random.c
- copied unchanged from r261320, head/crypto/openssh/openbsd-compat/arc4random.c
stable/9/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c
- copied unchanged from r261320, head/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c
stable/9/crypto/openssh/openbsd-compat/blf.h
- copied unchanged from r261320, head/crypto/openssh/openbsd-compat/blf.h
stable/9/crypto/openssh/openbsd-compat/blowfish.c (contents, props changed)
- copied, changed from r261320, head/crypto/openssh/openbsd-compat/blowfish.c
stable/9/crypto/openssh/openbsd-compat/chacha_private.h
- copied unchanged from r261320, head/crypto/openssh/openbsd-compat/chacha_private.h
stable/9/crypto/openssh/openbsd-compat/explicit_bzero.c
- copied unchanged from r263712, head/crypto/openssh/openbsd-compat/explicit_bzero.c
stable/9/crypto/openssh/openbsd-compat/getopt.h
- copied unchanged from r255767, head/crypto/openssh/openbsd-compat/getopt.h
stable/9/crypto/openssh/openbsd-compat/getopt_long.c
- copied unchanged from r255767, head/crypto/openssh/openbsd-compat/getopt_long.c
stable/9/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c
- copied, changed from r255422, head/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c
stable/9/crypto/openssh/openbsd-compat/regress/
- copied from r255774, head/crypto/openssh/openbsd-compat/regress/
stable/9/crypto/openssh/openbsd-compat/strnlen.c
- copied unchanged from r255422, head/crypto/openssh/openbsd-compat/strnlen.c
stable/9/crypto/openssh/openssh.xml.in
- copied unchanged from r255774, head/crypto/openssh/openssh.xml.in
stable/9/crypto/openssh/opensshd.init.in
- copied unchanged from r255774, head/crypto/openssh/opensshd.init.in
stable/9/crypto/openssh/poly1305.c
- copied unchanged from r261320, head/crypto/openssh/poly1305.c
stable/9/crypto/openssh/poly1305.h
- copied unchanged from r261320, head/crypto/openssh/poly1305.h
stable/9/crypto/openssh/regress/
- copied from r255774, head/crypto/openssh/regress/
stable/9/crypto/openssh/regress/dhgex.sh
- copied unchanged from r263712, head/crypto/openssh/regress/dhgex.sh
stable/9/crypto/openssh/regress/setuid-allowed.c
- copied, changed from r261320, head/crypto/openssh/regress/setuid-allowed.c
stable/9/crypto/openssh/regress/sftp-perm.sh
- copied unchanged from r261320, head/crypto/openssh/regress/sftp-perm.sh
stable/9/crypto/openssh/sandbox-capsicum.c (contents, props changed)
- copied, changed from r261320, head/crypto/openssh/sandbox-capsicum.c
stable/9/crypto/openssh/sandbox-seccomp-filter.c
- copied, changed from r255422, head/crypto/openssh/sandbox-seccomp-filter.c
stable/9/crypto/openssh/sc25519.c
- copied unchanged from r261320, head/crypto/openssh/sc25519.c
stable/9/crypto/openssh/sc25519.h
- copied unchanged from r261320, head/crypto/openssh/sc25519.h
stable/9/crypto/openssh/scp.0
- copied, changed from r255774, head/crypto/openssh/scp.0
stable/9/crypto/openssh/sftp-server.0
- copied, changed from r255774, head/crypto/openssh/sftp-server.0
stable/9/crypto/openssh/sftp.0
- copied, changed from r255774, head/crypto/openssh/sftp.0
stable/9/crypto/openssh/smult_curve25519_ref.c
- copied unchanged from r261320, head/crypto/openssh/smult_curve25519_ref.c
stable/9/crypto/openssh/ssh-add.0
- copied, changed from r255774, head/crypto/openssh/ssh-add.0
stable/9/crypto/openssh/ssh-agent.0
- copied, changed from r255774, head/crypto/openssh/ssh-agent.0
stable/9/crypto/openssh/ssh-ed25519.c
- copied, changed from r261320, head/crypto/openssh/ssh-ed25519.c
stable/9/crypto/openssh/ssh-keygen.0
- copied, changed from r255774, head/crypto/openssh/ssh-keygen.0
stable/9/crypto/openssh/ssh-keyscan.0
- copied, changed from r255774, head/crypto/openssh/ssh-keyscan.0
stable/9/crypto/openssh/ssh-keysign.0
- copied, changed from r255774, head/crypto/openssh/ssh-keysign.0
stable/9/crypto/openssh/ssh-pkcs11-helper.0
- copied, changed from r255774, head/crypto/openssh/ssh-pkcs11-helper.0
stable/9/crypto/openssh/ssh.0
- copied, changed from r255774, head/crypto/openssh/ssh.0
stable/9/crypto/openssh/ssh_config.0
- copied, changed from r255774, head/crypto/openssh/ssh_config.0
stable/9/crypto/openssh/sshd.0
- copied, changed from r255774, head/crypto/openssh/sshd.0
stable/9/crypto/openssh/sshd_config.0
- copied, changed from r255774, head/crypto/openssh/sshd_config.0
stable/9/crypto/openssh/survey.sh.in
- copied unchanged from r255774, head/crypto/openssh/survey.sh.in
stable/9/crypto/openssh/verify.c
- copied unchanged from r261320, head/crypto/openssh/verify.c
Deleted:
stable/9/crypto/openssh/FREEBSD-tricks
stable/9/crypto/openssh/auth2-jpake.c
stable/9/crypto/openssh/jpake.c
stable/9/crypto/openssh/jpake.h
stable/9/crypto/openssh/openbsd-compat/bsd-arc4random.c
stable/9/crypto/openssh/openbsd-compat/getopt.c
stable/9/crypto/openssh/schnorr.h
Modified:
stable/9/Makefile.inc1 (contents, props changed)
stable/9/crypto/openssh/ChangeLog
stable/9/crypto/openssh/FREEBSD-upgrade
stable/9/crypto/openssh/PROTOCOL
stable/9/crypto/openssh/README
stable/9/crypto/openssh/aclocal.m4
stable/9/crypto/openssh/addrmatch.c
stable/9/crypto/openssh/atomicio.c
stable/9/crypto/openssh/audit-linux.c
stable/9/crypto/openssh/auth-chall.c
stable/9/crypto/openssh/auth-krb5.c
stable/9/crypto/openssh/auth-options.c
stable/9/crypto/openssh/auth-pam.c
stable/9/crypto/openssh/auth-rsa.c
stable/9/crypto/openssh/auth.c
stable/9/crypto/openssh/auth.h
stable/9/crypto/openssh/auth1.c
stable/9/crypto/openssh/auth2-chall.c
stable/9/crypto/openssh/auth2-gss.c
stable/9/crypto/openssh/auth2-hostbased.c
stable/9/crypto/openssh/auth2-kbdint.c
stable/9/crypto/openssh/auth2-passwd.c
stable/9/crypto/openssh/auth2-pubkey.c
stable/9/crypto/openssh/auth2.c
stable/9/crypto/openssh/authfd.c
stable/9/crypto/openssh/authfile.c
stable/9/crypto/openssh/authfile.h
stable/9/crypto/openssh/bufaux.c
stable/9/crypto/openssh/bufbn.c
stable/9/crypto/openssh/bufec.c
stable/9/crypto/openssh/buffer.c
stable/9/crypto/openssh/buffer.h
stable/9/crypto/openssh/canohost.c
stable/9/crypto/openssh/channels.c
stable/9/crypto/openssh/channels.h
stable/9/crypto/openssh/cipher-3des1.c
stable/9/crypto/openssh/cipher-aes.c
stable/9/crypto/openssh/cipher-ctr.c
stable/9/crypto/openssh/cipher.c
stable/9/crypto/openssh/cipher.h
stable/9/crypto/openssh/clientloop.c
stable/9/crypto/openssh/clientloop.h
stable/9/crypto/openssh/compat.c
stable/9/crypto/openssh/compat.h
stable/9/crypto/openssh/config.guess
stable/9/crypto/openssh/config.h
stable/9/crypto/openssh/config.h.in
stable/9/crypto/openssh/contrib/caldera/openssh.spec
stable/9/crypto/openssh/contrib/cygwin/ssh-host-config
stable/9/crypto/openssh/contrib/redhat/openssh.spec
stable/9/crypto/openssh/contrib/ssh-copy-id.1 (contents, props changed)
stable/9/crypto/openssh/contrib/suse/openssh.spec
stable/9/crypto/openssh/defines.h
stable/9/crypto/openssh/dh.c
stable/9/crypto/openssh/dh.h
stable/9/crypto/openssh/dns.c
stable/9/crypto/openssh/groupaccess.c
stable/9/crypto/openssh/gss-genr.c
stable/9/crypto/openssh/gss-serv-krb5.c
stable/9/crypto/openssh/gss-serv.c
stable/9/crypto/openssh/hostfile.c
stable/9/crypto/openssh/hostfile.h
stable/9/crypto/openssh/includes.h
stable/9/crypto/openssh/kex.c
stable/9/crypto/openssh/kex.h
stable/9/crypto/openssh/kexdh.c
stable/9/crypto/openssh/kexdhc.c
stable/9/crypto/openssh/kexdhs.c
stable/9/crypto/openssh/kexecdh.c
stable/9/crypto/openssh/kexecdhc.c
stable/9/crypto/openssh/kexecdhs.c
stable/9/crypto/openssh/kexgex.c
stable/9/crypto/openssh/kexgexc.c
stable/9/crypto/openssh/kexgexs.c
stable/9/crypto/openssh/key.c
stable/9/crypto/openssh/key.h
stable/9/crypto/openssh/krl.c
stable/9/crypto/openssh/log.c
stable/9/crypto/openssh/log.h
stable/9/crypto/openssh/loginrec.c
stable/9/crypto/openssh/mac.c
stable/9/crypto/openssh/mac.h
stable/9/crypto/openssh/match.c
stable/9/crypto/openssh/misc.c
stable/9/crypto/openssh/misc.h
stable/9/crypto/openssh/moduli.5 (contents, props changed)
stable/9/crypto/openssh/moduli.c
stable/9/crypto/openssh/monitor.c
stable/9/crypto/openssh/monitor.h
stable/9/crypto/openssh/monitor_mm.c
stable/9/crypto/openssh/monitor_mm.h
stable/9/crypto/openssh/monitor_wrap.c
stable/9/crypto/openssh/monitor_wrap.h
stable/9/crypto/openssh/mux.c (contents, props changed)
stable/9/crypto/openssh/myproposal.h
stable/9/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
stable/9/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
stable/9/crypto/openssh/openbsd-compat/bsd-misc.c
stable/9/crypto/openssh/openbsd-compat/bsd-misc.h (contents, props changed)
stable/9/crypto/openssh/openbsd-compat/bsd-poll.c
stable/9/crypto/openssh/openbsd-compat/bsd-setres_id.c
stable/9/crypto/openssh/openbsd-compat/bsd-snprintf.c
stable/9/crypto/openssh/openbsd-compat/bsd-statvfs.c
stable/9/crypto/openssh/openbsd-compat/bsd-statvfs.h
stable/9/crypto/openssh/openbsd-compat/openbsd-compat.h
stable/9/crypto/openssh/openbsd-compat/openssl-compat.c
stable/9/crypto/openssh/openbsd-compat/openssl-compat.h
stable/9/crypto/openssh/openbsd-compat/port-aix.c
stable/9/crypto/openssh/openbsd-compat/port-linux.c
stable/9/crypto/openssh/openbsd-compat/setproctitle.c
stable/9/crypto/openssh/openbsd-compat/xcrypt.c
stable/9/crypto/openssh/packet.c
stable/9/crypto/openssh/packet.h
stable/9/crypto/openssh/pathnames.h (contents, props changed)
stable/9/crypto/openssh/pkcs11.h
stable/9/crypto/openssh/platform.c
stable/9/crypto/openssh/platform.h
stable/9/crypto/openssh/progressmeter.c
stable/9/crypto/openssh/readconf.c
stable/9/crypto/openssh/readconf.h
stable/9/crypto/openssh/readpass.c
stable/9/crypto/openssh/regress/Makefile
stable/9/crypto/openssh/regress/agent-ptrace.sh
stable/9/crypto/openssh/regress/agent.sh
stable/9/crypto/openssh/regress/cert-hostkey.sh
stable/9/crypto/openssh/regress/cert-userkey.sh
stable/9/crypto/openssh/regress/cipher-speed.sh
stable/9/crypto/openssh/regress/forward-control.sh
stable/9/crypto/openssh/regress/host-expand.sh
stable/9/crypto/openssh/regress/integrity.sh
stable/9/crypto/openssh/regress/kextype.sh
stable/9/crypto/openssh/regress/keytype.sh
stable/9/crypto/openssh/regress/krl.sh
stable/9/crypto/openssh/regress/login-timeout.sh
stable/9/crypto/openssh/regress/modpipe.c
stable/9/crypto/openssh/regress/rekey.sh
stable/9/crypto/openssh/regress/scp-ssh-wrapper.sh
stable/9/crypto/openssh/regress/scp.sh
stable/9/crypto/openssh/regress/sftp-chroot.sh
stable/9/crypto/openssh/regress/test-exec.sh
stable/9/crypto/openssh/regress/try-ciphers.sh
stable/9/crypto/openssh/roaming_client.c
stable/9/crypto/openssh/roaming_common.c
stable/9/crypto/openssh/rsa.c
stable/9/crypto/openssh/sandbox-darwin.c
stable/9/crypto/openssh/sandbox-null.c
stable/9/crypto/openssh/sandbox-rlimit.c
stable/9/crypto/openssh/sandbox-systrace.c
stable/9/crypto/openssh/schnorr.c
stable/9/crypto/openssh/scp.1 (contents, props changed)
stable/9/crypto/openssh/scp.c
stable/9/crypto/openssh/servconf.c
stable/9/crypto/openssh/servconf.h
stable/9/crypto/openssh/serverloop.c
stable/9/crypto/openssh/session.c
stable/9/crypto/openssh/session.h
stable/9/crypto/openssh/sftp-client.c
stable/9/crypto/openssh/sftp-client.h
stable/9/crypto/openssh/sftp-common.c (contents, props changed)
stable/9/crypto/openssh/sftp-glob.c
stable/9/crypto/openssh/sftp-server.8
stable/9/crypto/openssh/sftp-server.c
stable/9/crypto/openssh/sftp.1
stable/9/crypto/openssh/sftp.c
stable/9/crypto/openssh/ssh-add.1 (contents, props changed)
stable/9/crypto/openssh/ssh-add.c
stable/9/crypto/openssh/ssh-agent.1
stable/9/crypto/openssh/ssh-agent.c
stable/9/crypto/openssh/ssh-dss.c
stable/9/crypto/openssh/ssh-ecdsa.c
stable/9/crypto/openssh/ssh-gss.h (contents, props changed)
stable/9/crypto/openssh/ssh-keygen.1
stable/9/crypto/openssh/ssh-keygen.c
stable/9/crypto/openssh/ssh-keyscan.1
stable/9/crypto/openssh/ssh-keyscan.c
stable/9/crypto/openssh/ssh-keysign.8 (contents, props changed)
stable/9/crypto/openssh/ssh-keysign.c
stable/9/crypto/openssh/ssh-pkcs11-client.c
stable/9/crypto/openssh/ssh-pkcs11-helper.8 (contents, props changed)
stable/9/crypto/openssh/ssh-pkcs11-helper.c
stable/9/crypto/openssh/ssh-pkcs11.c
stable/9/crypto/openssh/ssh-rsa.c
stable/9/crypto/openssh/ssh-sandbox.h
stable/9/crypto/openssh/ssh.1
stable/9/crypto/openssh/ssh.c
stable/9/crypto/openssh/ssh2.h
stable/9/crypto/openssh/ssh_config
stable/9/crypto/openssh/ssh_config.5
stable/9/crypto/openssh/ssh_namespace.h
stable/9/crypto/openssh/sshconnect.c
stable/9/crypto/openssh/sshconnect.h
stable/9/crypto/openssh/sshconnect1.c
stable/9/crypto/openssh/sshconnect2.c
stable/9/crypto/openssh/sshd.8
stable/9/crypto/openssh/sshd.c
stable/9/crypto/openssh/sshd_config
stable/9/crypto/openssh/sshd_config.5
stable/9/crypto/openssh/sshlogin.c
stable/9/crypto/openssh/sshlogin.h
stable/9/crypto/openssh/uidswap.c
stable/9/crypto/openssh/umac.c
stable/9/crypto/openssh/umac.h
stable/9/crypto/openssh/umac128.c
stable/9/crypto/openssh/uuencode.c
stable/9/crypto/openssh/version.h
stable/9/crypto/openssh/xmalloc.c
stable/9/crypto/openssh/xmalloc.h
stable/9/etc/rc.d/sshd
stable/9/secure/lib/libssh/Makefile
stable/9/secure/libexec/sftp-server/Makefile
stable/9/secure/libexec/ssh-keysign/Makefile
stable/9/secure/libexec/ssh-pkcs11-helper/Makefile
stable/9/secure/usr.bin/scp/Makefile
stable/9/secure/usr.bin/sftp/Makefile
stable/9/secure/usr.bin/ssh-add/Makefile
stable/9/secure/usr.bin/ssh-agent/Makefile
stable/9/secure/usr.bin/ssh-keygen/Makefile
stable/9/secure/usr.bin/ssh-keyscan/Makefile
stable/9/secure/usr.bin/ssh/Makefile
stable/9/secure/usr.sbin/sshd/Makefile
Directory Properties:
stable/9/ (props changed)
stable/9/bin/cat/ (props changed)
stable/9/contrib/expat/ (props changed)
stable/9/contrib/groff/ (props changed)
stable/9/contrib/less/ (props changed)
stable/9/contrib/one-true-awk/ (props changed)
stable/9/contrib/openbsm/ (props changed)
stable/9/contrib/tcpdump/ (props changed)
stable/9/crypto/openssh/ (props changed)
stable/9/etc/ (props changed)
stable/9/etc/rc.d/ (props changed)
stable/9/lib/libz/ (props changed)
stable/9/secure/lib/libssh/ (props changed)
stable/9/secure/libexec/ssh-keysign/ (props changed)
stable/9/secure/usr.bin/ssh/ (props changed)
stable/9/secure/usr.sbin/sshd/ (props changed)
stable/9/usr.bin/less/ (props changed)
stable/9/usr.bin/minigzip/ (props changed)
stable/9/usr.bin/xinstall/ (props changed)
stable/9/usr.sbin/makefs/ (props changed)
stable/9/usr.sbin/tcpdump/ (props changed)
Modified: stable/9/Makefile.inc1
==============================================================================
--- stable/9/Makefile.inc1 Mon Mar 31 14:27:22 2014 (r263969)
+++ stable/9/Makefile.inc1 Mon Mar 31 14:39:56 2014 (r263970)
@@ -1357,8 +1357,8 @@ _prebuild_libs= ${_kerberos5_lib_libasn1
${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \
${_cddl_lib_libzfs_core} \
lib/libutil ${_lib_libypclnt} lib/libz lib/msun \
- ${_secure_lib_libcrypto} ${_secure_lib_libssh} \
- ${_secure_lib_libssl}
+ ${_secure_lib_libcrypto} ${_lib_libldns} \
+ ${_secure_lib_libssh} ${_secure_lib_libssl}
.if ${MK_LIBTHR} != "no"
_lib_libthr= lib/libthr
Modified: stable/9/crypto/openssh/ChangeLog
==============================================================================
--- stable/9/crypto/openssh/ChangeLog Mon Mar 31 14:27:22 2014 (r263969)
+++ stable/9/crypto/openssh/ChangeLog Mon Mar 31 14:39:56 2014 (r263970)
@@ -1,3056 +1,2887 @@
-20130510
- - (djm) OpenBSD CVS Cherrypick
- - djm at cvs.openbsd.org 2013/04/11 02:27:50
- [packet.c]
- quiet disconnect notifications on the server from error() back to logit()
- if it is a normal client closure; bz#2057 ok+feedback dtucker@
- - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Crank version numbers for release.
+20140313
+ - (djm) Release OpenSSH 6.6
-20130404
- - (dtucker) OpenBSD CVS Sync
- - dtucker at cvs.openbsd.org 2013/02/17 23:16:57
- [readconf.c ssh.c readconf.h sshconnect2.c]
- Keep track of which IndentityFile options were manually supplied and which
- were default options, and don't warn if the latter are missing.
- ok markus@
- - dtucker at cvs.openbsd.org 2013/02/19 02:12:47
- [krl.c]
- Remove bogus include. ok djm
- - dtucker at cvs.openbsd.org 2013/02/22 04:45:09
- [ssh.c readconf.c readconf.h]
- Don't complain if IdentityFiles specified in system-wide configs are
- missing. ok djm, deraadt.
- - markus at cvs.openbsd.org 2013/02/22 19:13:56
- [sshconnect.c]
- support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
- - djm at cvs.openbsd.org 2013/02/22 22:09:01
- [ssh.c]
- Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
- version)
+20140304
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/03/03 22:22:30
+ [session.c]
+ ignore enviornment variables with embedded '=' or '\0' characters;
+ spotted by Jann Horn; ok deraadt@
-20130401
- - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
- to avoid conflicting definitions of __int64, adding the required bits.
- Patch from Corinna Vinschen.
+20140301
+ - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
+ no moduli file exists at the expected location.
+
+20140228
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/02/27 00:41:49
+ [bufbn.c]
+ fix unsigned overflow that could lead to reading a short ssh protocol
+ 1 bignum value; found by Ben Hawkes; ok deraadt@
+ - djm at cvs.openbsd.org 2014/02/27 08:25:09
+ [bufbn.c]
+ off by one in range check
+ - djm at cvs.openbsd.org 2014/02/27 22:47:07
+ [sshd_config.5]
+ bz#2184 clarify behaviour of a keyword that appears in multiple
+ matching Match blocks; ok dtucker@
+ - djm at cvs.openbsd.org 2014/02/27 22:57:40
+ [version.h]
+ openssh-6.6
+ - dtucker at cvs.openbsd.org 2014/01/19 23:43:02
+ [regress/sftp-chroot.sh]
+ Don't use -q on sftp as it suppresses logging, instead redirect the
+ output to the regress logfile.
+ - dtucker at cvs.openbsd.org 2014/01/20 00:00:30
+ [sregress/ftp-chroot.sh]
+ append to rather than truncating the log file
+ - dtucker at cvs.openbsd.org 2014/01/25 04:35:32
+ [regress/Makefile regress/dhgex.sh]
+ Add a test for DH GEX sizes
+ - djm at cvs.openbsd.org 2014/01/26 10:22:10
+ [regress/cert-hostkey.sh]
+ automatically generate revoked keys from listed keys rather than
+ manually specifying each type; from portable
+ (Id sync only)
+ - djm at cvs.openbsd.org 2014/01/26 10:49:17
+ [scp-ssh-wrapper.sh scp.sh]
+ make sure $SCP is tested on the remote end rather than whichever one
+ happens to be in $PATH; from portable
+ (Id sync only)
+ - djm at cvs.openbsd.org 2014/02/27 20:04:16
+ [login-timeout.sh]
+ remove any existing LoginGraceTime from sshd_config before adding
+ a specific one for the test back in
+ - djm at cvs.openbsd.org 2014/02/27 21:21:25
+ [agent-ptrace.sh agent.sh]
+ keep return values that are printed in error messages;
+ from portable
+ (Id sync only)
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers
+ - (djm) [regress/host-expand.sh] Add RCS Id
-20120322
- - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
- Hands' greatly revised version.
- - (djm) Release 6.2p1
+20140227
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/02/26 20:18:37
+ [ssh.c]
+ bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
+ ok dtucker@ markus@
+ - djm at cvs.openbsd.org 2014/02/26 20:28:44
+ [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
+ bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
+ sandboxing, as running this code in the sandbox can cause violations;
+ ok markus@
+ - djm at cvs.openbsd.org 2014/02/26 20:29:29
+ [channels.c]
+ don't assume that the socks4 username is \0 terminated;
+ spotted by Ben Hawkes; ok markus@
+ - markus at cvs.openbsd.org 2014/02/26 21:53:37
+ [sshd.c]
+ ssh_gssapi_prepare_supported_oids needs GSSAPI
-20120318
- - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
- [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
- so mark it as broken. Patch from des AT des.no
+20140224
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/02/07 06:55:54
+ [cipher.c mac.c]
+ remove some logging that makes ssh debugging output very verbose;
+ ok markus
+ - djm at cvs.openbsd.org 2014/02/15 23:05:36
+ [channels.c]
+ avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
+ bz#2200, debian#738692 via Colin Watson; ok dtucker@
+ - djm at cvs.openbsd.org 2014/02/22 01:32:19
+ [readconf.c]
+ when processing Match blocks, skip 'exec' clauses if previous predicates
+ failed to match; ok markus@
+ - djm at cvs.openbsd.org 2014/02/23 20:03:42
+ [ssh-ed25519.c]
+ check for unsigned overflow; not reachable in OpenSSH but others might
+ copy our code...
+ - djm at cvs.openbsd.org 2014/02/23 20:11:36
+ [readconf.c readconf.h ssh.c ssh_config.5]
+ reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
+ the hostname. This allows users to write configurations that always
+ refer to canonical hostnames, e.g.
+
+ CanonicalizeHostname yes
+ CanonicalDomains int.example.org example.org
+ CanonicalizeFallbackLocal no
+
+ Host *.int.example.org
+ Compression off
+ Host *.example.org
+ User djm
+
+ ok markus@
-20120317
- - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
- of the bits the configure test looks for.
+20140213
+ - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
+ code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
-20120316
- - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
- is unable to successfully compile them. Based on patch from des AT
- des.no
- - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
- Add a usleep replacement for platforms that lack it; ok dtucker
- - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
- occur after UID switch; patch from John Marshall via des AT des.no;
+20140207
+ - OpenBSD CVS Sync
+ - naddy at cvs.openbsd.org 2014/02/05 20:13:25
+ [ssh-keygen.1 ssh-keygen.c]
+ tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
+ while here, fix ordering in usage(); requested by jmc@
+ - djm at cvs.openbsd.org 2014/02/06 22:21:01
+ [sshconnect.c]
+ in ssh_create_socket(), only do the getaddrinfo for BindAddress when
+ BindAddress is actually specified. Fixes regression in 6.5 for
+ UsePrivilegedPort=yes; patch from Corinna Vinschen
+
+20140206
+ - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
+ before freeing since free(NULL) is a no-op. ok djm.
+ - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
+ __NR_shutdown; some go via the socketcall(2) multiplexer.
+
+20140205
+ - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
+ headers/libc but not supported by the kernel. Patch from Loganaden
+ Velvindron @ AfriNIC
+
+20140204
+ - OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2014/01/27 18:58:14
+ [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
+ replace openssl HMAC with an implementation based on our ssh_digest_*
+ ok and feedback djm@
+ - markus at cvs.openbsd.org 2014/01/27 19:18:54
+ [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
+ replace openssl MD5 with our ssh_digest_*; ok djm@
+ - markus at cvs.openbsd.org 2014/01/27 20:13:46
+ [digest.c digest-openssl.c digest-libc.c Makefile.in]
+ rename digest.c to digest-openssl.c and add libc variant; ok djm@
+ - jmc at cvs.openbsd.org 2014/01/28 14:13:39
+ [ssh-keyscan.1]
+ kill some bad Pa;
+ From: Jan Stary
+ - djm at cvs.openbsd.org 2014/01/29 00:19:26
+ [sshd.c]
+ use kill(0, ...) instead of killpg(0, ...); on most operating systems
+ they are equivalent, but SUSv2 describes the latter as having undefined
+ behaviour; from portable; ok dtucker
+ (Id sync only; change is already in portable)
+ - djm at cvs.openbsd.org 2014/01/29 06:18:35
+ [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
+ [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
+ [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
+ remove experimental, never-enabled JPAKE code; ok markus@
+ - jmc at cvs.openbsd.org 2014/01/29 14:04:51
+ [sshd_config.5]
+ document kbdinteractiveauthentication;
+ requested From: Ross L Richardson
+
+ dtucker/markus helped explain its workings;
+ - djm at cvs.openbsd.org 2014/01/30 22:26:14
+ [sandbox-systrace.c]
+ allow shutdown(2) syscall in sandbox - it may be called by packet_close()
+ from portable
+ (Id sync only; change is already in portable)
+ - tedu at cvs.openbsd.org 2014/01/31 16:39:19
+ [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
+ [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
+ [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
+ [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
+ [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
+ replace most bzero with explicit_bzero, except a few that cna be memset
+ ok djm dtucker
+ - djm at cvs.openbsd.org 2014/02/02 03:44:32
+ [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
+ [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
+ [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
+ [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
+ [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
+ [sshd.c]
+ convert memset of potentially-private data to explicit_bzero()
+ - djm at cvs.openbsd.org 2014/02/03 23:28:00
+ [ssh-ecdsa.c]
+ fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
+ DSA_SIG_new. Reported by Batz Spear; ok markus@
+ - djm at cvs.openbsd.org 2014/02/02 03:44:31
+ [digest-libc.c digest-openssl.c]
+ convert memset of potentially-private data to explicit_bzero()
+ - djm at cvs.openbsd.org 2014/02/04 00:24:29
+ [ssh.c]
+ delay lowercasing of hostname until right before hostname
+ canonicalisation to unbreak case-sensitive matching of ssh_config;
+ reported by Ike Devolder; ok markus@
+ - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
+ - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
+
+20140131
+ - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
+ syscall from sandboxes; it may be called by packet_close.
+ - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
+ build with HP-UX's compiler. Patch from Kevin Brott.
+ - (tim) [Makefile.in] build regress/setuid-allow.
+
+20140130
+ - (djm) [configure.ac] Only check for width-specified integer types
+ in headers that actually exist. patch from Tom G. Christensen;
ok dtucker@
+ - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
+ different symbols for 'read' when various compiler flags are
+ in use, causing atomicio.c comparisons against it to break and
+ read/write operations to hang; ok dtucker
+ - (djm) Release openssh-6.5p1
+
+20140129
+ - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
+ Tom G. Christensen
-20120312
- - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
- Improve portability of cipher-speed test, based mostly on a patch from
- Iain Morgan.
- - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
- in addition to root as an owner of system directories on AIX and HP-UX.
- ok djm@
-
-20130307
- - (dtucker) [INSTALL] Bump documented autoconf version to what we're
- currently using.
- - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
- was removed in configure.ac rev 1.481 as it was redundant.
- - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
- ago.
- - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
- chance to complete on broken systems; ok dtucker@
-
-20130306
- - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
- connection to start so that the test works on slower machines.
- - (dtucker) [configure.ac] test that we can set number of file descriptors
- to zero with setrlimit before enabling the rlimit sandbox. This affects
- (at least) HPUX 11.11.
-
-20130305
- - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
- HP/UX. Spotted by Kevin Brott
- - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
- Amit Kulkarni and Kevin Brott.
- - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
- build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
- Brott.
- - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
+20140128
+ - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
+ ok dtucker
+ - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
+ latter being specified to have undefined behaviour in SUSv3;
+ ok dtucker
+ - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
+ when used as an error message inside an if statement so we display the
+ correct into. agent.sh patch from Petr Lautrbach.
+
+20140127
+ - (dtucker) [Makefile.in] Remove trailing backslash which some make
+ implementations (eg older Solaris) do not cope with.
+
+20140126
+ - OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2014/01/25 10:12:50
+ [cipher.c cipher.h kex.c kex.h kexgexc.c]
+ Add a special case for the DH group size for 3des-cbc, which has an
+ effective strength much lower than the key size. This causes problems
+ with some cryptlib implementations, which don't support group sizes larger
+ than 4k but also don't use the largest group size it does support as
+ specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
+ reduced by me with input from Markus. ok djm@ markus@
+ - markus at cvs.openbsd.org 2014/01/25 20:35:37
+ [kex.c]
+ dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
+ ok dtucker@, noted by mancha
+ - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
+ RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
+ libc will attempt to open additional file descriptors for crypto
+ offload and crash if they cannot be opened.
+ - (djm) [configure.ac] correct AC_DEFINE for previous.
+
+20140125
+ - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
+ - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
+ sys/capability.h exists and cap_rights_limit is in libc. Fixes
+ build on FreeBSD9x which provides the header but not the libc
+ support.
+ - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
+ against the correct thing.
-20130227
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Crank version numbers
- - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
- - (tim) [regress/integrity.sh] shell portability fix.
- - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
- - (tim) [regress/krl.sh] keep old solaris awk from hanging.
+20140124
+ - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
+ the scp regress test actually test the built scp rather than the one
+ in $PATH. ok dtucker@
+
+20140123
+ - (tim) [session.c] Improve error reporting on set_id().
+ - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
+ incompatible with OpenBSD's despite post-dating it by more than a decade.
+ Declare it as broken, and document FreeBSD's as the same. ok djm@
+
+20140122
+ - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
+ platform that is expected to use the reuse-argv style setproctitle
+ hack surprises us by providing a setproctitle in libc; ok dtucker
+ - (djm) [configure.ac] Unless specifically requested, only attempt
+ to build Position Independent Executables on gcc >= 4.x; ok dtucker
+ - (djm) [configure.ac aclocal.m4] More tests to detect fallout from
+ platform hardening options: include some long long int arithmatic
+ to detect missing support functions for -ftrapv in libgcc and
+ equivalents, actually test linking when -ftrapv is supplied and
+ set either both -pie/-fPIE or neither. feedback and ok dtucker@
+
+20140121
+ - (dtucker) [configure.ac] Make PIE a configure-time option which defaults
+ to on platforms where it's known to be reliably detected and off elsewhere.
+ Works around platforms such as FreeBSD 9.1 where it does not interop with
+ -ftrapv (it seems to work but fails when trying to link ssh). ok djm@
+ - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
+ tests in the configure output. ok djm.
+ - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
+ with sftp chroot support. Move set_id call after chroot.
+ - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
+ and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
+ detecting toolchain-related problems; ok dtucker
+
+20140120
+ - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
+ implementation does not have krb5_cc_new_unique, similar to what we do
+ in auth-krb5.c.
+ - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
+ skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/20 00:08:48
+ [digest.c]
+ memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
-20130226
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/02/20 08:27:50
- [integrity.sh]
- Add an option to modpipe that warns if the modification offset it not
- reached in it's stream and turn it on for t-integrity. This should catch
- cases where the session is not fuzzed for being too short (cf. my last
- "oops" commit)
- - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
- for UsePAM=yes configuration
+20140119
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2014/01/17 06:23:24
+ [sftp-server.c]
+ fix log message statvfs. ok djm
+ - dtucker at cvs.openbsd.org 2014/01/18 09:36:26
+ [session.c]
+ explicitly define USE_PIPES to 1 to prevent redefinition warnings in
+ portable on platforms that use pipes for everything. From vinschen at
+ redhat.
+ - dtucker at cvs.openbsd.org 2014/01/19 04:17:29
+ [canohost.c addrmatch.c]
+ Cast socklen_t when comparing to size_t and use socklen_t to iterate over
+ the ip options, both to prevent signed/unsigned comparison warnings.
+ Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
+ - djm at cvs.openbsd.org 2014/01/19 04:48:08
+ [ssh_config.5]
+ fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
+ - dtucker at cvs.openbsd.org 2014/01/19 11:21:51
+ [addrmatch.c]
+ Cast the sizeof to socklen_t so it'll work even if the supplied len is
+ negative. Suggested by and ok djm, ok deraadt.
-20130225
- - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
- to use Solaris native GSS libs. Patch from Pierre Ossman.
+20140118
+ - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch
+ from vinschen at redhat.com
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
+ declarations that stopped being included when we stopped including
+ <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
+ redhat.com.
+ - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
+ optind) are defined in getopt.h already. Unfortunately they are defined as
+ "declspec(dllimport)" for historical reasons, because the GNU linker didn't
+ allow auto-import on PE/COFF targets way back when. The problem is the
+ dllexport attributes collide with the definitions in the various source
+ files in OpenSSH, which obviousy define the variables without
+ declspec(dllimport). The least intrusive way to get rid of these warnings
+ is to disable warnings for GCC compiler attributes when building on Cygwin.
+ Patch from vinschen at redhat.com.
+ - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
+ return value check for cap_enter() consistent with the other uses in
+ FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140.
+
+20140117
+ - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
+ hardening flags including -fstack-protector-strong. These default to on
+ if the toolchain supports them, but there is a configure-time knob
+ (--without-hardening) to disable them if necessary. ok djm@
+ - (djm) [sftp-client.c] signed/unsigned comparison fix
+ - (dtucker) [loginrec.c] Cast to the types specfied in the format
+ specification to prevent warnings.
+ - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
+ - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
+ - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
+ includes.h to pull in all of the compatibility stuff.
+ - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
+ #ifdef HAVE_STDINT_H.
+ - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
+ don't have them.
+ - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
+ separate lines and alphabetize for easier diffing of changes.
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/17 00:21:06
+ [sftp-client.c]
+ signed/unsigned comparison warning fix; from portable (Id sync only)
+ - dtucker at cvs.openbsd.org 2014/01/17 05:26:41
+ [digest.c]
+ remove unused includes. ok djm@
+ - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
+ [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
+ [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
+ using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
+ Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
+ - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
+ openbsd-compat/openssl-compat.h] Add compatibility layer for older
+ openssl versions. ok djm@
+ - (dtucker) Fix typo in #ifndef.
+ - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
+ openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
+ to be useful (and for the regression tests to pass) on platforms that
+ have statfs and fstatfs. ok djm@
+ - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
+ need them to cut down on the name collisions.
+ - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
+ - (dtucker) [configure.ac] Have --without-hardening not turn off
+ stack-protector since that has a separate flag that's been around a while.
+ - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
+ Solaris.
+ - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
+ they're defined if we have to define them ourselves. Fixes builds on old
+ AIX.
-20130223
- - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
- bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
- ok tim
+20140118
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/16 07:31:09
+ [sftp-client.c]
+ needless and incorrect cast to size_t can break resumption of
+ large download; patch from tobias@
+ - djm at cvs.openbsd.org 2014/01/16 07:32:00
+ [version.h]
+ openssh-6.5
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank RPM spec version numbers.
+ - (djm) [README] update release notes URL.
-20130222
- - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
- ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm.
- - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
- libgss too. Patch from Pierre Ossman, ok djm.
- - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
- seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
- ok dtucker
+20140112
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/10 05:59:19
+ [sshd_config]
+ the /etc/ssh/ssh_host_ed25519_key is loaded by default too
+ - djm at cvs.openbsd.org 2014/01/12 08:13:13
+ [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
+ avoid use of OpenSSL BIGNUM type and functions for KEX with
+ Curve25519 by adding a buffer_put_bignum2_from_string() that stores
+ a string using the bignum encoding rules. Will make it easier to
+ build a reduced-feature OpenSSH without OpenSSL in the future;
+ ok markus@
-20130221
- - (tim) [regress/forward-control.sh] shell portability fix.
+20140110
+ - (djm) OpenBSD CVS Sync
+ - tedu at cvs.openbsd.org 2014/01/04 17:50:55
+ [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
+ use standard types and formats for size_t like variables. ok dtucker
+ - guenther at cvs.openbsd.org 2014/01/09 03:26:00
+ [sftp-common.c]
+ When formating the time for "ls -l"-style output, show dates in the future
+ with the year, and rearrange a comparison to avoid a potentional signed
+ arithmetic overflow that would give the wrong result.
+ ok djm@
+ - djm at cvs.openbsd.org 2014/01/09 23:20:00
+ [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
+ [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
+ [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
+ [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
+ Introduce digest API and use it to perform all hashing operations
+ rather than calling OpenSSL EVP_Digest* directly. Will make it easier
+ to build a reduced-feature OpenSSH without OpenSSL in future;
+ feedback, ok markus@
+ - djm at cvs.openbsd.org 2014/01/09 23:26:48
+ [sshconnect.c sshd.c]
+ ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
+ deranged and might make some attacks on KEX easier; ok markus@
-20130220
- - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
- - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
- err.h include from krl.c. Additional portability fixes for modpipe. OK djm
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/02/20 08:27:50
- [regress/integrity.sh regress/modpipe.c]
- Add an option to modpipe that warns if the modification offset it not
- reached in it's stream and turn it on for t-integrity. This should catch
- cases where the session is not fuzzed for being too short (cf. my last
- "oops" commit)
- - djm at cvs.openbsd.org 2013/02/20 08:29:27
- [regress/modpipe.c]
- s/Id/OpenBSD/ in RCS tag
+20140108
+ - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
-20130219
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/02/18 22:26:47
- [integrity.sh]
- crank the offset yet again; it was still fuzzing KEX one of Darren's
- portable test hosts at 2800
- - djm at cvs.openbsd.org 2013/02/19 02:14:09
- [integrity.sh]
- oops, forgot to increase the output of the ssh command to ensure that
- we actually reach $offset
- - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
- lack support for SHA2.
- - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
- that do not have them.
+20131231
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/30 23:52:28
+ [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
+ [sshconnect.c sshconnect2.c sshd.c]
+ refuse RSA keys from old proprietary clients/servers that use the
+ obsolete RSA+MD5 signature scheme. it will still be possible to connect
+ with these clients/servers but only DSA keys will be accepted, and we'll
+ deprecate them entirely in a future release. ok markus@
+
+20131229
+ - (djm) [loginrec.c] Check for username truncation when looking up lastlog
+ entries
+ - (djm) [regress/Makefile] Add some generated files for cleaning
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/19 00:10:30
+ [ssh-add.c]
+ skip requesting smartcard PIN when removing keys from agent; bz#2187
+ patch from jay AT slushpupie.com; ok dtucker
+ - dtucker at cvs.openbsd.org 2013/12/19 00:19:12
+ [serverloop.c]
+ Cast client_alive_interval to u_int64_t before assinging to
+ max_time_milliseconds to avoid potential integer overflow in the timeout.
+ bz#2170, patch from Loganaden Velvindron, ok djm@
+ - djm at cvs.openbsd.org 2013/12/19 00:27:57
+ [auth-options.c]
+ simplify freeing of source-address certificate restriction
+ - djm at cvs.openbsd.org 2013/12/19 01:04:36
+ [channels.c]
+ bz#2147: fix multiple remote forwardings with dynamically assigned
+ listen ports. In the s->c message to open the channel we were sending
+ zero (the magic number to request a dynamic port) instead of the actual
+ listen port. The client therefore had no way of discriminating between
+ them.
+
+ Diagnosis and fix by ronf AT timeheart.net
+ - djm at cvs.openbsd.org 2013/12/19 01:19:41
+ [ssh-agent.c]
+ bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
+ that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
+ ok dtucker
+ - djm at cvs.openbsd.org 2013/12/19 22:57:13
+ [poly1305.c poly1305.h]
+ use full name for author, with his permission
+ - tedu at cvs.openbsd.org 2013/12/21 07:10:47
+ [ssh-keygen.1]
+ small typo
+ - djm at cvs.openbsd.org 2013/12/27 22:30:17
+ [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
+ make the original RSA and DSA signing/verification code look more like
+ the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
+ rather than tediously listing all variants, use __func__ for debug/
+ error messages
+ - djm at cvs.openbsd.org 2013/12/27 22:37:18
+ [ssh-rsa.c]
+ correct comment
+ - djm at cvs.openbsd.org 2013/12/29 02:28:10
+ [key.c]
+ allow ed25519 keys to appear as certificate authorities
+ - djm at cvs.openbsd.org 2013/12/29 02:37:04
+ [key.c]
+ correct comment for key_to_certified()
+ - djm at cvs.openbsd.org 2013/12/29 02:49:52
+ [key.c]
+ correct comment for key_drop_cert()
+ - djm at cvs.openbsd.org 2013/12/29 04:20:04
+ [key.c]
+ to make sure we don't omit any key types as valid CA keys again,
+ factor the valid key type check into a key_type_is_valid_ca()
+ function
+ - djm at cvs.openbsd.org 2013/12/29 04:29:25
+ [authfd.c]
+ allow deletion of ed25519 keys from the agent
+ - djm at cvs.openbsd.org 2013/12/29 04:35:50
+ [authfile.c]
+ don't refuse to load Ed25519 certificates
+ - djm at cvs.openbsd.org 2013/12/29 05:42:16
+ [ssh.c]
+ don't forget to load Ed25519 certs too
+ - djm at cvs.openbsd.org 2013/12/29 05:57:02
+ [sshconnect.c]
+ when showing other hostkeys, don't forget Ed25519 keys
-20130217
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/02/17 23:16:55
- [integrity.sh]
- make the ssh command generates some output to ensure that there are at
- least offset+tries bytes in the stream.
+20131221
+ - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
-20130216
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/02/16 06:08:45
- [integrity.sh]
- make sure the fuzz offset is actually past the end of KEX for all KEX
- types. diffie-hellman-group-exchange-sha256 requires an offset around
- 2700. Noticed via test failures in portable OpenSSH on platforms that
- lack ECC and this the more byte-frugal ECDH KEX algorithms.
+20131219
+ - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
+ greater than 11 either rather than just 11. Patch from Tomas Kuthan.
+ - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
+ Patch from Loganaden Velvindron.
-20130215
- - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
- Iain Morgan
- - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
- Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
- - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
- openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
- platforms that don't have it.
- - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
- group strto* function prototypes together.
- - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
- an argument. Pointed out by djm.
+20131218
- (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/02/14 21:35:59
- [auth2-pubkey.c]
- Correct error message that had a typo and was logging the wrong thing;
- patch from Petr Lautrbach
- - dtucker at cvs.openbsd.org 2013/02/15 00:21:01
- [sshconnect2.c]
- Warn more loudly if an IdentityFile provided by the user cannot be read.
- bz #1981, ok djm@
+ - djm at cvs.openbsd.org 2013/12/07 08:08:26
+ [ssh-keygen.1]
+ document -a and -o wrt new key format
+ - naddy at cvs.openbsd.org 2013/12/07 11:58:46
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
+ [ssh_config.5 sshd.8 sshd_config.5]
+ add missing mentions of ed25519; ok djm@
+ - dtucker at cvs.openbsd.org 2013/12/08 09:53:27
+ [sshd_config.5]
+ Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
+ - markus at cvs.openbsd.org 2013/12/09 11:03:45
+ [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
+ Add Authors for the public domain ed25519/nacl code.
+ see also http://nacl.cr.yp.to/features.html
+ All of the NaCl software is in the public domain.
+ and http://ed25519.cr.yp.to/software.html
+ The Ed25519 software is in the public domain.
+ - markus at cvs.openbsd.org 2013/12/09 11:08:17
+ [crypto_api.h]
+ remove unused defines
+ - pascal at cvs.openbsd.org 2013/12/15 18:17:26
+ [ssh-add.c]
+ Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
+ ok markus@
+ - djm at cvs.openbsd.org 2013/12/15 21:42:35
+ [cipher-chachapoly.c]
+ add some comments and constify a constant
+ - markus at cvs.openbsd.org 2013/12/17 10:36:38
+ [crypto_api.h]
+ I've assempled the header file by cut&pasting from generated headers
+ and the source files.
+
+20131208
+ - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
+ Vinschen
+ - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
+ [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
+ filesystem before running agent-ptrace.sh; ok dtucker
-20130214
- - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
- - (djm) [regress/krl.sh] typo; found by Iain Morgan
- - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
- of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
- Iain Morgan
+20131207
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/05 22:59:45
+ [sftp-client.c]
+ fix memory leak in error path in do_readdir(); pointed out by
+ Loganaden Velvindron @ AfriNIC in bz#2163
+ - djm at cvs.openbsd.org 2013/12/06 03:40:51
+ [ssh-keygen.c]
+ remove duplicated character ('g') in getopt() string;
+ document the (few) remaining option characters so we don't have to
+ rummage next time.
+ - markus at cvs.openbsd.org 2013/12/06 13:30:08
+ [authfd.c key.c key.h ssh-agent.c]
+ move private key (de)serialization to key.c; ok djm
+ - markus at cvs.openbsd.org 2013/12/06 13:34:54
+ [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
+ [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
+ default; details in PROTOCOL.key; feedback and lots help from djm;
+ ok djm@
+ - markus at cvs.openbsd.org 2013/12/06 13:39:49
+ [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
+ [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
+ [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
+ [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
+ [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
+ support ed25519 keys (hostkeys and user identities) using the public
+ domain ed25519 reference code from SUPERCOP, see
+ http://ed25519.cr.yp.to/software.html
+ feedback, help & ok djm@
+ - jmc at cvs.openbsd.org 2013/12/06 15:29:07
+ [sshd.8]
+ missing comma;
+ - djm at cvs.openbsd.org 2013/12/07 00:19:15
+ [key.c]
+ set k->cert = NULL after freeing it
+ - markus at cvs.openbsd.org 2013/12/06 13:52:46
+ [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
+ [regress/cert-userkey.sh regress/keytype.sh]
+ test ed25519 support; from djm@
+ - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
+ - (djm) [Makefile.in] Add ed25519 sources
+ - (djm) [authfile.c] Conditionalise inclusion of util.h
+ - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
+ [openbsd-compat/blf.h openbsd-compat/blowfish.c]
+ [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
+ portable.
+ - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
+ [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
+ Linux
+ - (djm) [regress/cert-hostkey.sh] Fix merge botch
+ - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
+ Loganaden Velvindron @ AfriNIC in bz#2179
-20130212
+20131205
- (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2013/01/24 21:45:37
- [krl.c]
- fix handling of (unused) KRL signatures; skip string in correct buffer
- - djm at cvs.openbsd.org 2013/01/24 22:08:56
- [krl.c]
- skip serial lookup when cert's serial number is zero
- - krw at cvs.openbsd.org 2013/01/25 05:00:27
- [krl.c]
- Revert last. Breaks due to likely typo. Let djm@ fix later.
- ok djm@ via dlg@
- - djm at cvs.openbsd.org 2013/01/25 10:22:19
- [krl.c]
- redo last commit without the vi-vomit that snuck in:
- skip serial lookup when cert's serial number is zero
- (now with 100% better comment)
- - djm at cvs.openbsd.org 2013/01/26 06:11:05
- [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
- [openbsd-compat/openssl-compat.h]
- remove ACSS, now that it is gone from libcrypto too
- - djm at cvs.openbsd.org 2013/01/27 10:06:12
- [krl.c]
- actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
- - dtucker at cvs.openbsd.org 2013/02/06 00:20:42
- [servconf.c sshd_config sshd_config.5]
- Change default of MaxStartups to 10:30:100 to start doing random early
- drop at 10 connections up to 100 connections. This will make it harder
- to DoS as CPUs have come a long way since the original value was set
- back in 2000. Prompted by nion at debian org, ok markus@
- - dtucker at cvs.openbsd.org 2013/02/06 00:22:21
- [auth.c]
- Fix comment, from jfree.e1 at gmail
- - djm at cvs.openbsd.org 2013/02/08 00:41:12
- [sftp.c]
- fix NULL deref when built without libedit and control characters
- entered as command; debugging and patch from Iain Morgan an
- Loganaden Velvindron in bz#1956
- - markus at cvs.openbsd.org 2013/02/10 21:19:34
- [version.h]
- openssh 6.2
- - djm at cvs.openbsd.org 2013/02/10 23:32:10
- [ssh-keygen.c]
- append to moduli file when screening candidates rather than overwriting.
- allows resumption of interrupted screen; patch from Christophe Garault
- in bz#1957; ok dtucker@
- - djm at cvs.openbsd.org 2013/02/10 23:35:24
- [packet.c]
- record "Received disconnect" messages at ERROR rather than INFO priority,
- since they are abnormal and result in a non-zero ssh exit status; patch
- from Iain Morgan in bz#2057; ok dtucker@
- - dtucker at cvs.openbsd.org 2013/02/11 21:21:58
+ - jmc at cvs.openbsd.org 2013/11/21 08:05:09
+ [ssh_config.5 sshd_config.5]
+ no need for .Pp before displays;
+ - deraadt at cvs.openbsd.org 2013/11/25 18:04:21
+ [ssh.1 ssh.c]
+ improve -Q usage and such. One usage change is that the option is now
+ case-sensitive
+ ok dtucker markus djm
+ - jmc at cvs.openbsd.org 2013/11/26 12:14:54
+ [ssh.1 ssh.c]
+ - put -Q in the right place
+ - Ar was a poor choice for the arguments to -Q. i've chosen an
+ admittedly equally poor Cm, at least consistent with the rest
+ of the docs. also no need for multiple instances
+ - zap a now redundant Nm
+ - usage() sync
+ - deraadt at cvs.openbsd.org 2013/11/26 19:15:09
+ [pkcs11.h]
+ cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
+ Eitan Adler ok markus for ssh, implies same change in kerberosV
+ - djm at cvs.openbsd.org 2013/12/01 23:19:05
+ [PROTOCOL]
+ mention curve25519-sha256 at libssh.org key exchange algorithm
+ - djm at cvs.openbsd.org 2013/12/02 02:50:27
+ [PROTOCOL.chacha20poly1305]
+ typo; from Jon Cave
+ - djm at cvs.openbsd.org 2013/12/02 02:56:17
+ [ssh-pkcs11-helper.c]
+ use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
+ - djm at cvs.openbsd.org 2013/12/02 03:09:22
+ [key.c]
+ make key_to_blob() return a NULL blob on failure; part of
+ bz#2175 from Loganaden Velvindron @ AfriNIC
+ - djm at cvs.openbsd.org 2013/12/02 03:13:14
+ [cipher.c]
+ correct bzero of chacha20+poly1305 key context. bz#2177 from
+ Loganaden Velvindron @ AfriNIC
+
+ Also make it a memset for consistency with the rest of cipher.c
+ - djm at cvs.openbsd.org 2013/12/04 04:20:01
+ [sftp-client.c]
+ bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
+ AfriNIC
+ - djm at cvs.openbsd.org 2013/12/05 01:16:41
+ [servconf.c servconf.h]
+ bz#2161 - fix AuthorizedKeysCommand inside a Match block and
+ rearrange things so the same error is harder to make next time;
+ with and ok dtucker@
+ - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
+ -L location for libedit. Patch from Serge van den Boom.
+
+20131121
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/11/08 11:15:19
+ [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
+ [uidswap.c] Include stdlib.h for free() as per the man page.
+ - markus at cvs.openbsd.org 2013/11/13 13:48:20
+ [ssh-pkcs11.c]
+ add missing braces found by pedro
+ - djm at cvs.openbsd.org 2013/11/20 02:19:01
[sshd.c]
- Add openssl version to debug output similar to the client. ok markus@
- - djm at cvs.openbsd.org 2013/02/11 23:58:51
+ delay closure of in/out fds until after "Bad protocol version
+ identification..." message, as get_remote_ipaddr/get_remote_port
+ require them open.
+ - deraadt at cvs.openbsd.org 2013/11/20 20:53:10
+ [scp.c]
+ unsigned casts for ctype macros where neccessary
+ ok guenther millert markus
+ - deraadt at cvs.openbsd.org 2013/11/20 20:54:10
+ [canohost.c clientloop.c match.c readconf.c sftp.c]
+ unsigned casts for ctype macros where neccessary
+ ok guenther millert markus
+ - djm at cvs.openbsd.org 2013/11/21 00:45:44
+ [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
+ [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
+ [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
+ [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
+ cipher "chacha20-poly1305 at openssh.com" that combines Daniel
+ Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
+ authenticated encryption mode.
+
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable
mailing list