svn commit: r294315 - in vendor-crypto/openssh/dist: . contrib/redhat contrib/suse
Dag-Erling Smørgrav
des at FreeBSD.org
Tue Jan 19 10:11:00 UTC 2016
Author: des
Date: Tue Jan 19 10:10:58 2016
New Revision: 294315
URL: https://svnweb.freebsd.org/changeset/base/294315
Log:
Vendor import of OpenSSH 7.1p2.
Modified:
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/bitmap.c
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/kex.c
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/sshbuf-getput-crypto.c
vendor-crypto/openssh/dist/sshbuf-misc.c
vendor-crypto/openssh/dist/sshbuf.c
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/version.h
Modified: vendor-crypto/openssh/dist/ChangeLog
==============================================================================
--- vendor-crypto/openssh/dist/ChangeLog Tue Jan 19 10:10:02 2016 (r294314)
+++ vendor-crypto/openssh/dist/ChangeLog Tue Jan 19 10:10:58 2016 (r294315)
@@ -1,3 +1,86 @@
+commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Jan 14 11:08:19 2016 +1100
+
+ bump version numbers
+
+commit 302bc21e6fadacb04b665868cd69b625ef69df90
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Jan 14 11:04:04 2016 +1100
+
+ openssh-7.1p2
+
+commit 6b33763242c063e4e0593877e835eeb1fd1b60aa
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Jan 14 11:02:58 2016 +1100
+
+ forcibly disable roaming support in the client
+
+commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Oct 5 17:11:21 2015 +0000
+
+ upstream commit
+
+ some more bzero->explicit_bzero, from Michael McConville
+
+ Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
+
+commit 8f5b93026797b9f7fba90d0c717570421ccebbd3
+Author: guenther at openbsd.org <guenther at openbsd.org>
+Date: Fri Sep 11 08:50:04 2015 +0000
+
+ upstream commit
+
+ Use explicit_bzero() when zeroing before free()
+
+ from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
+ ok millert@ djm@
+
+ Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
+
+commit d77148e3a3ef6c29b26ec74331455394581aa257
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Nov 8 21:59:11 2015 +0000
+
+ upstream commit
+
+ fix OOB read in packet code caused by missing return
+ statement found by Ben Hawkes; ok markus@ deraadt@
+
+ Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
+
+commit 076d849e17ab12603627f87b301e2dca71bae518
+Author: Damien Miller <djm at mindrot.org>
+Date: Sat Nov 14 18:44:49 2015 +1100
+
+ read back from libcrypto RAND when privdropping
+
+ makes certain libcrypto implementations cache a /dev/urandom fd
+ in preparation of sandboxing. Based on patch by Greg Hartman.
+
+commit f72adc0150011a28f177617a8456e1f83733099d
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Dec 13 22:42:23 2015 +0000
+
+ upstream commit
+
+ unbreak connections with peers that set
+ first_kex_follows; fix from Matt Johnston va bz#2515
+
+ Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
+
+commit 04bd8d019ccd906cac1a2b362517b8505f3759e6
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Jan 12 23:42:54 2016 +0000
+
+ upstream commit
+
+ use explicit_bzero() more liberally in the buffer code; ok
+ deraadt
+
+ Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
+
commit e91346dc2bbf460246df2ab591b7613908c1b0ad
Author: Damien Miller <djm at mindrot.org>
Date: Fri Aug 21 14:49:03 2015 +1000
@@ -7530,1604 +7613,3 @@ Date: Thu Jan 16 18:42:10 2014 +1100
[sftp-client.c]
needless and incorrect cast to size_t can break resumption of
large download; patch from tobias@
-
-commit 91b580e4bec55118bf96ab3cdbe5a50839e75d0a
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Jan 12 19:21:22 2014 +1100
-
- - djm at cvs.openbsd.org 2014/01/12 08:13:13
- [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
- [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
- avoid use of OpenSSL BIGNUM type and functions for KEX with
- Curve25519 by adding a buffer_put_bignum2_from_string() that stores
- a string using the bignum encoding rules. Will make it easier to
- build a reduced-feature OpenSSH without OpenSSL in the future;
- ok markus@
-
-commit af5d4481f4c7c8c3c746e68b961bb85ef907800e
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Jan 12 19:20:47 2014 +1100
-
- - djm at cvs.openbsd.org 2014/01/10 05:59:19
- [sshd_config]
- the /etc/ssh/ssh_host_ed25519_key is loaded by default too
-
-commit 58cd63bc63038acddfb4051ed14e11179d8f4941
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jan 10 10:59:24 2014 +1100
-
- - djm at cvs.openbsd.org 2014/01/09 23:26:48
- [sshconnect.c sshd.c]
- ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
- deranged and might make some attacks on KEX easier; ok markus@
-
-commit b3051d01e505c9c2dc00faab472a0d06fa6b0e65
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jan 10 10:58:53 2014 +1100
-
- - djm at cvs.openbsd.org 2014/01/09 23:20:00
- [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
- [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
- [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
- [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
- Introduce digest API and use it to perform all hashing operations
- rather than calling OpenSSL EVP_Digest* directly. Will make it easier
- to build a reduced-feature OpenSSH without OpenSSL in future;
- feedback, ok markus@
-
-commit e00e413dd16eb747fb2c15a099971d91c13cf70f
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jan 10 10:40:45 2014 +1100
-
- - guenther at cvs.openbsd.org 2014/01/09 03:26:00
- [sftp-common.c]
- When formating the time for "ls -l"-style output, show dates in the future
- with the year, and rearrange a comparison to avoid a potentional signed
- arithmetic overflow that would give the wrong result.
-
- ok djm@
-
-commit 3e49853650448883685cfa32fa382d0ba6d51d48
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jan 10 10:37:05 2014 +1100
-
- - tedu at cvs.openbsd.org 2014/01/04 17:50:55
- [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
- use standard types and formats for size_t like variables. ok dtucker
-
-commit a9c1e500ef609795cbc662848edb1a1dca279c81
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Jan 8 16:13:12 2014 +1100
-
- - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
-
-commit 324541e5264e1489ca0babfaf2b39612eb80dfb3
-Author: Damien Miller <djm at mindrot.org>
-Date: Tue Dec 31 12:25:40 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/30 23:52:28
- [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
- [sshconnect.c sshconnect2.c sshd.c]
- refuse RSA keys from old proprietary clients/servers that use the
- obsolete RSA+MD5 signature scheme. it will still be possible to connect
- with these clients/servers but only DSA keys will be accepted, and we'll
- deprecate them entirely in a future release. ok markus@
-
-commit 9f4c8e797ea002a883307ca906f1f1f815010e78
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:57:46 2013 +1100
-
- - (djm) [regress/Makefile] Add some generated files for cleaning
-
-commit 106bf1ca3c7a5fdc34f9fd7a1fe651ca53085bc5
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:54:03 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 05:57:02
- [sshconnect.c]
- when showing other hostkeys, don't forget Ed25519 keys
-
-commit 0fa47cfb32c239117632cab41e4db7d3e6de5e91
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:53:39 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 05:42:16
- [ssh.c]
- don't forget to load Ed25519 certs too
-
-commit b9a95490daa04cc307589897f95bfaff324ad2c9
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:50:15 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 04:35:50
- [authfile.c]
- don't refuse to load Ed25519 certificates
-
-commit f72cdde6e6fabc51d2a62f4e75b8b926d9d7ee89
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:49:55 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 04:29:25
- [authfd.c]
- allow deletion of ed25519 keys from the agent
-
-commit 29ace1cb68cc378a464c72c0fd67aa5f9acd6b5b
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:49:31 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 04:20:04
- [key.c]
- to make sure we don't omit any key types as valid CA keys again,
- factor the valid key type check into a key_type_is_valid_ca()
- function
-
-commit 9de4fcdc5a9cff48d49a3e2f6194d3fb2d7ae34d
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:49:13 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 02:49:52
- [key.c]
- correct comment for key_drop_cert()
-
-commit 5baeacf8a80f054af40731c6f92435f9164b8e02
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:48:55 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 02:37:04
- [key.c]
- correct comment for key_to_certified()
-
-commit 83f2fe26cb19330712c952eddbd3c0b621674adc
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:48:38 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/29 02:28:10
- [key.c]
- allow ed25519 keys to appear as certificate authorities
-
-commit 06122e9a74bb488b0fe0a8f64e1135de870f9cc0
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:48:15 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/27 22:37:18
- [ssh-rsa.c]
- correct comment
-
-commit 3e19295c3a253c8dc8660cf45baad7f45fccb969
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:47:50 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/27 22:30:17
- [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
- make the original RSA and DSA signing/verification code look more like
- the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
- rather than tediously listing all variants, use __func__ for debug/
- error messages
-
-commit 137977180be6254639e2c90245763e6965f8d815
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:47:14 2013 +1100
-
- - tedu at cvs.openbsd.org 2013/12/21 07:10:47
- [ssh-keygen.1]
- small typo
-
-commit 339a48fe7ffb3186d22bbaa9efbbc3a053e602fd
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:46:49 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/19 22:57:13
- [poly1305.c poly1305.h]
- use full name for author, with his permission
-
-commit 0b36c83148976c7c8268f4f41497359e2fb26251
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:45:51 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/19 01:19:41
- [ssh-agent.c]
- bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
- that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
- ok dtucker
-
-commit 4def184e9b6c36be6d965a9705632fc4c0c2a8af
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:45:26 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/19 01:04:36
- [channels.c]
- bz#2147: fix multiple remote forwardings with dynamically assigned
- listen ports. In the s->c message to open the channel we were sending
- zero (the magic number to request a dynamic port) instead of the actual
- listen port. The client therefore had no way of discriminating between
- them.
-
- Diagnosis and fix by ronf AT timeheart.net
-
-commit bf25d114e23a803f8feca8926281b1aaedb6191b
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:44:56 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/19 00:27:57
- [auth-options.c]
- simplify freeing of source-address certificate restriction
-
-commit bb3dafe7024a5b4e851252e65ee35d45b965e4a8
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:44:29 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/12/19 00:19:12
- [serverloop.c]
- Cast client_alive_interval to u_int64_t before assinging to
- max_time_milliseconds to avoid potential integer overflow in the timeout.
- bz#2170, patch from Loganaden Velvindron, ok djm@
-
-commit ef275ead3dcadde4db1efe7a0aa02b5e618ed40c
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:44:07 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/19 00:10:30
- [ssh-add.c]
- skip requesting smartcard PIN when removing keys from agent; bz#2187
- patch from jay AT slushpupie.com; ok dtucker
-
-commit 7d97fd9a1cae778c3eacf16e09f5da3689d616c6
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 29 17:40:18 2013 +1100
-
- - (djm) [loginrec.c] Check for username truncation when looking up lastlog
- entries
-
-commit 77244afe3b6d013b485e0952eaab89b9db83380f
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Dec 21 17:02:39 2013 +1100
-
- 20131221
- - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
-
-commit 53f8e784dc431a82d31c9b0e95b144507f9330e9
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Dec 19 11:31:44 2013 +1100
-
- - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
- Patch from Loganaden Velvindron.
-
-commit 1fcec9d4f265e38af248c4c845986ca8c174bd68
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Dec 19 11:00:12 2013 +1100
-
- - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
- greater than 11 either rather than just 11. Patch from Tomas Kuthan.
-
-commit 6674eb9683afd1ea4eb35670b5e66815543a759e
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:50:39 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/17 10:36:38
- [crypto_api.h]
- I've assempled the header file by cut&pasting from generated headers
- and the source files.
-
-commit d58a5964426ee014384d67d775d16712e93057f3
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:50:13 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/15 21:42:35
- [cipher-chachapoly.c]
- add some comments and constify a constant
-
-commit 059321d19af24d87420de3193f79dfab23556078
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:49:48 2013 +1100
-
- - pascal at cvs.openbsd.org 2013/12/15 18:17:26
- [ssh-add.c]
- Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
- ok markus@
-
-commit 155b5a5bf158767f989215479ded2a57f331e1c6
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:48:32 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/09 11:08:17
- [crypto_api.h]
- remove unused defines
-
-commit 8a56dc2b6b48b05590810e7f4c3567508410000c
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:48:11 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/09 11:03:45
- [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
- [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
- Add Authors for the public domain ed25519/nacl code.
- see also http://nacl.cr.yp.to/features.html
- All of the NaCl software is in the public domain.
- and http://ed25519.cr.yp.to/software.html
- The Ed25519 software is in the public domain.
-
-commit 6575c3acf31fca117352f31f37b16ae46e664837
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:47:02 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/12/08 09:53:27
- [sshd_config.5]
- Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
-
-commit 8ba0ead6985ea14999265136b14ffd5aeec516f9
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:46:27 2013 +1100
-
- - naddy at cvs.openbsd.org 2013/12/07 11:58:46
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
- [ssh_config.5 sshd.8 sshd_config.5]
- add missing mentions of ed25519; ok djm@
-
-commit 4f752cf71cf44bf4bc777541156c2bf56daf9ce9
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Dec 18 17:45:35 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/07 08:08:26
- [ssh-keygen.1]
- document -a and -o wrt new key format
-
-commit 6d6fcd14e23a9053198342bb379815b15e504084
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 8 15:53:28 2013 +1100
-
- - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
- [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
- filesystem before running agent-ptrace.sh; ok dtucker
-
-commit 7e6e42fb532c7dafd7078ef5e9e2d3e47fcf6752
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Dec 8 08:23:08 2013 +1100
-
- - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
- Vinschen
-
-commit da3ca351b49d52ae85db2e3998265dc3c6617068
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 21:43:46 2013 +1100
-
- - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
- Loganaden Velvindron @ AfriNIC in bz#2179
-
-commit eb401585bb8336cbf81fe4fc58eb9f7cac3ab874
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 17:07:15 2013 +1100
-
- - (djm) [regress/cert-hostkey.sh] Fix merge botch
-
-commit f54542af3ad07532188b10136ae302314ec69ed6
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 16:32:44 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/06 13:52:46
- [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
- [regress/cert-userkey.sh regress/keytype.sh]
- test ed25519 support; from djm@
-
-commit f104da263de995f66b6861b4f3368264ee483d7f
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 12:37:53 2013 +1100
-
- - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
- [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
- Linux
-
-commit 1ff130dac9b7aea0628f4ad30683431fe35e0020
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:51:51 2013 +1100
-
- - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
- [openbsd-compat/blf.h openbsd-compat/blowfish.c]
- [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
- portable.
-
-commit 4260828a2958ebe8c96f66d8301dac53f4cde556
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:38:03 2013 +1100
-
- - [authfile.c] Conditionalise inclusion of util.h
-
-commit a913442bac8a26fd296a3add51293f8f6f9b3b4c
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:35:36 2013 +1100
-
- - [Makefile.in] Add ed25519 sources
-
-commit ca570a519cb846da61d002c7f46fa92e39c83e45
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:29:09 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/07 00:19:15
- [key.c]
- set k->cert = NULL after freeing it
-
-commit 3cccc0e155229a2f2d86b6df40bd4559b4f960ff
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:27:47 2013 +1100
-
- - [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
- [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
-
-commit a7827c11b3f0380b7e593664bd62013ff9c131db
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:24:30 2013 +1100
-
- - jmc at cvs.openbsd.org 2013/12/06 15:29:07
- [sshd.8]
- missing comma;
-
-commit 5be9d9e3cbd9c66f24745d25bf2e809c1d158ee0
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 11:24:01 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/06 13:39:49
- [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
- [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
- [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
- [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
- [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
- support ed25519 keys (hostkeys and user identities) using the public
- domain ed25519 reference code from SUPERCOP, see
- http://ed25519.cr.yp.to/software.html
- feedback, help & ok djm@
-
-commit bcd00abd8451f36142ae2ee10cc657202149201e
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 10:41:55 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/06 13:34:54
- [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
- [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
- default; details in PROTOCOL.key; feedback and lots help from djm;
- ok djm@
-
-commit f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 10:40:26 2013 +1100
-
- - markus at cvs.openbsd.org 2013/12/06 13:30:08
- [authfd.c key.c key.h ssh-agent.c]
- move private key (de)serialization to key.c; ok djm
-
-commit 0f8536da23a6ef26e6495177c0d8a4242b710289
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 10:31:37 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/06 03:40:51
- [ssh-keygen.c]
- remove duplicated character ('g') in getopt() string;
- document the (few) remaining option characters so we don't have to
- rummage next time.
-
-commit 393920745fd328d3fe07f739a3cf7e1e6db45b60
-Author: Damien Miller <djm at mindrot.org>
-Date: Sat Dec 7 10:31:08 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/05 22:59:45
- [sftp-client.c]
- fix memory leak in error path in do_readdir(); pointed out by
- Loganaden Velvindron @ AfriNIC in bz#2163
-
-commit 534b2ccadea5e5e9a8b27226e6faac3ed5552e97
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 14:07:27 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/05 01:16:41
- [servconf.c servconf.h]
- bz#2161 - fix AuthorizedKeysCommand inside a Match block and
- rearrange things so the same error is harder to make next time;
- with and ok dtucker@
-
-commit 8369c8e61a3408ec6bb75755fad4ffce29b5fdbe
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Dec 5 11:00:16 2013 +1100
-
- - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
- -L location for libedit. Patch from Serge van den Boom.
-
-commit 9275df3e0a2a3bc3897f7d664ea86a425c8a092d
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:26:32 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/04 04:20:01
- [sftp-client.c]
- bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
- AfriNIC
-
-commit 960f6a2b5254e4da082d8aa3700302ed12dc769a
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:26:14 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/02 03:13:14
- [cipher.c]
- correct bzero of chacha20+poly1305 key context. bz#2177 from
- Loganaden Velvindron @ AfriNIC
-
- Also make it a memset for consistency with the rest of cipher.c
-
-commit f7e8a8796d661c9d6692ab837e1effd4f5ada1c2
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:25:51 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/02 03:09:22
- [key.c]
- make key_to_blob() return a NULL blob on failure; part of
- bz#2175 from Loganaden Velvindron @ AfriNIC
-
-commit f1e44ea9d9a6d4c1a95a0024132e603bd1778c9c
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:23:21 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/02 02:56:17
- [ssh-pkcs11-helper.c]
- use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
-
-commit 114e540b15d57618f9ebf624264298f80bbd8c77
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:22:57 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/02 02:50:27
- [PROTOCOL.chacha20poly1305]
- typo; from Jon Cave
-
-commit e4870c090629e32f2cb649dc16d575eeb693f4a8
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:22:39 2013 +1100
-
- - djm at cvs.openbsd.org 2013/12/01 23:19:05
- [PROTOCOL]
- mention curve25519-sha256 at libssh.org key exchange algorithm
-
-commit 1d2f8804a6d33a4e908b876b2e1266b8260ec76b
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:22:03 2013 +1100
-
- - deraadt at cvs.openbsd.org 2013/11/26 19:15:09
- [pkcs11.h]
- cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
- Eitan Adler ok markus for ssh, implies same change in kerberosV
-
-commit bdb352a54f82df94a548e3874b22f2d6ae90328d
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:20:52 2013 +1100
-
- - jmc at cvs.openbsd.org 2013/11/26 12:14:54
- [ssh.1 ssh.c]
- - put -Q in the right place
- - Ar was a poor choice for the arguments to -Q. i've chosen an
- admittedly equally poor Cm, at least consistent with the rest
- of the docs. also no need for multiple instances
- - zap a now redundant Nm
- - usage() sync
-
-commit d937dc084a087090f1cf5395822c3ac958d33759
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:19:54 2013 +1100
-
- - deraadt at cvs.openbsd.org 2013/11/25 18:04:21
- [ssh.1 ssh.c]
- improve -Q usage and such. One usage change is that the option is now
- case-sensitive
- ok dtucker markus djm
-
-commit dec0393f7ee8aabc7d9d0fc2c5fddb4bc649112e
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Dec 5 10:18:43 2013 +1100
-
- - jmc at cvs.openbsd.org 2013/11/21 08:05:09
- [ssh_config.5 sshd_config.5]
- no need for .Pp before displays;
-
-commit 8a073cf57940aabf85e49799f89f5d5e9b072c1b
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 14:26:18 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/21 03:18:51
- [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
- [regress/try-ciphers.sh]
- use new "ssh -Q cipher-auth" query to obtain lists of authenticated
- encryption ciphers instead of specifying them manually; ensures that
- the new chacha20poly1305 at openssh.com mode is tested;
-
- ok markus@ and naddy@ as part of the diff to add
- chacha20poly1305 at openssh.com
-
-commit ea61b2179f63d48968dd2c9617621002bb658bfe
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 14:25:15 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/21 03:16:47
- [regress/modpipe.c]
- use unsigned long long instead of u_int64_t here to avoid warnings
- on some systems portable OpenSSH is built on.
-
-commit 36aba25b0409d2db6afc84d54bc47a2532d38424
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 14:24:42 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/21 03:15:46
- [regress/krl.sh]
- add some reminders for additional tests that I'd like to implement
-
-commit fa7a20bc289f09b334808d988746bc260a2f60c9
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 14:24:08 2013 +1100
-
- - naddy at cvs.openbsd.org 2013/11/18 05:09:32
- [regress/forward-control.sh]
- bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
- to successfully run this; ok djm@
- (ID sync only; our timeouts are already longer)
-
-commit 0fde8acdad78a4d20cadae974376cc0165f645ee
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 14:12:23 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/21 00:45:44
- [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
- [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
- [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
- [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
- cipher "chacha20-poly1305 at openssh.com" that combines Daniel
- Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
- authenticated encryption mode.
-
- Inspired by and similar to Adam Langley's proposal for TLS:
- http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
- but differs in layout used for the MAC calculation and the use of a
- second ChaCha20 instance to separately encrypt packet lengths.
- Details are in the PROTOCOL.chacha20poly1305 file.
-
- Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
- ok markus@ naddy@
-
-commit fdb2306acdc3eb2bc46b6dfdaaf6005c650af22a
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 13:57:15 2013 +1100
-
- - deraadt at cvs.openbsd.org 2013/11/20 20:54:10
- [canohost.c clientloop.c match.c readconf.c sftp.c]
- unsigned casts for ctype macros where neccessary
- ok guenther millert markus
-
-commit e00167307e4d3692695441e9bd712f25950cb894
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 13:56:49 2013 +1100
-
- - deraadt at cvs.openbsd.org 2013/11/20 20:53:10
- [scp.c]
- unsigned casts for ctype macros where neccessary
- ok guenther millert markus
-
-commit 23e00aa6ba9eee0e0c218f2026bf405ad4625832
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 13:56:28 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/20 02:19:01
- [sshd.c]
- delay closure of in/out fds until after "Bad protocol version
- identification..." message, as get_remote_ipaddr/get_remote_port
- require them open.
-
-commit 867e6934be6521f87f04a5ab86702e2d1b314245
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 13:56:06 2013 +1100
-
- - markus at cvs.openbsd.org 2013/11/13 13:48:20
- [ssh-pkcs11.c]
- add missing braces found by pedro
-
-commit 0600c7020f4fe68a780bd7cf21ff541a8d4b568a
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 21 13:55:43 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/08 11:15:19
- [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
- [uidswap.c] Include stdlib.h for free() as per the man page.
-
-commit b6a75b0b93b8faa6f79c3a395ab6c71f3f880b80
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sun Nov 10 20:25:22 2013 +1100
-
- - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
- querying the ones that are compiled in.
-
-commit 2c89430119367eb1bc96ea5ee55de83357e4c926
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sun Nov 10 12:38:42 2013 +1100
-
- - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
-
-commit dd5264db5f641dbd03186f9e5e83e4b14b3d0003
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Nov 9 22:32:51 2013 +1100
-
- - (dtucker) [configure.ac] Add missing "test".
-
-commit 95cb2d4eb08117be061f3ff076adef3e9a5372c3
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Nov 9 22:02:31 2013 +1100
-
- - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
-
-commit 37bcef51b3d9d496caecea6394814d2f49a1357f
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Nov 9 18:39:25 2013 +1100
-
- - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
- NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
- latter actually works before using it. Fedora (at least) has NID_secp521r1
- that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
-
-commit 6e2fe81f926d995bae4be4a6b5b3c88c1c525187
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Nov 9 16:55:03 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/09 05:41:34
- [regress/test-exec.sh regress/rekey.sh]
- Use smaller test data files to speed up tests. Grow test datafiles
- where necessary for a specific test.
-
-commit aff7ef1bb8b7c1eeb1f4812129091c5adbf51848
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Nov 9 00:19:22 2013 +1100
-
- - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
- rather than testing and generating each key, call ssh-keygen -A.
- Patch from vinschen at redhat.com.
-
-commit 882abfd3fb3c98cfe70b4fc79224770468b570a5
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Nov 9 00:17:41 2013 +1100
-
- - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
- and pass in TEST_ENV. Unknown options cause stderr to get polluted
- and the stderr-data test to fail.
-
-commit 8c333ec23bdf7da917aa20ac6803a2cdd79182c5
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Nov 8 21:12:58 2013 +1100
-
- - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
- warnings.
-
-commit d94240b2f6b376b6e9de187e4a0cd4b89dfc48cb
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Nov 8 21:10:04 2013 +1100
-
- - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
-
-commit 1c8ce34909886288a3932dce770deec5449f7bb5
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Nov 8 19:50:32 2013 +1100
-
- - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
- EVP_sha256.
-
-commit ccdb9bec46bcc88549b26a94aa0bae2b9f51031c
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Nov 8 18:54:38 2013 +1100
-
- - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
- arc4random_stir for platforms that have arc4random but don't have
- arc4random_stir (right now this is only OpenBSD -current).
-
-commit 3420a50169b52cc8d2775d51316f9f866c73398f
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Nov 8 16:48:13 2013 +1100
-
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update version numbers following release.
-
-commit 3ac4a234df842fd8c94d9cb0ad198e1fe84b895b
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Nov 8 12:39:49 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/08 01:38:11
- [version.h]
- openssh-6.4
-
-commit 6c81fee693038de7d4a5559043350391db2a2761
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Nov 8 12:19:55 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/08 00:39:15
- [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
- [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
- [sftp-client.c sftp-glob.c]
- use calloc for all structure allocations; from markus@
-
-commit 690d989008e18af3603a5e03f1276c9bad090370
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Nov 8 12:16:49 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/07 11:58:27
- [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
- Output the effective values of Ciphers, MACs and KexAlgorithms when
- the default has not been overridden. ok markus@
-
-commit 08998c5fb9c7c1d248caa73b76e02ca0482e6d85
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Nov 8 12:11:46 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/08 01:06:14
- [regress/rekey.sh]
- Rekey less frequently during tests to speed them up
-
-commit 4bf7e50e533aa956366df7402c132f202e841a48
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 22:33:48 2013 +1100
-
- - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
- variable. It's no longer used now that we get the supported MACs from
- ssh -Q.
-
-commit 6e9d6f411288374d1dee4b7debbfa90bc7e73035
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 15:32:37 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/07 04:26:56
- [regress/kextype.sh]
- trailing space
-
-commit 74cbc22529f3e5de756e1b7677b7624efb28f62c
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 15:26:12 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/07 03:55:41
- [regress/kextype.sh]
- Use ssh -Q to get kex types instead of a static list.
-
-commit a955041c930e63405159ff7d25ef14272f36eab3
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 15:21:19 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/07 02:48:38
- [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
- Use ssh -Q instead of hardcoding lists of ciphers or MACs.
-
-commit 06595d639577577bc15d359e037a31eb83563269
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 15:08:02 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/07 01:12:51
- [regress/rekey.sh]
- Factor out the data transfer rekey tests
-
-commit 651dc8b2592202dac6b16ee3b82ce5b331be7da3
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 15:04:44 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/07 00:12:05
- [regress/rekey.sh]
- Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
- the GCM ciphers.
-
-commit 234557762ba1096a867ca6ebdec07efebddb5153
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 15:00:51 2013 +1100
-
- - dtucker at cvs.openbsd.org 2013/11/04 12:27:42
- [regress/rekey.sh]
- Test rekeying with all KexAlgorithms.
-
-commit bbfb9b0f386aab0c3e19d11f136199ef1b9ad0ef
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 14:56:43 2013 +1100
-
- - markus at cvs.openbsd.org 2013/11/02 22:39:53
- [regress/kextype.sh]
- add curve25519-sha256 at libssh.org
-
-commit aa19548a98c0f89283ebd7354abd746ca6bc4fdf
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Nov 7 14:50:09 2013 +1100
-
- - djm at cvs.openbsd.org 2013/10/09 23:44:14
- [regress/Makefile] (ID sync only)
- regression test for sftp request white/blacklisting and readonly mode.
-
-commit c8908aabff252f5da772d4e679479c2b7d18cac1
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Nov 7 13:38:35 2013 +1100
-
- - djm at cvs.openbsd.org 2013/11/06 23:05:59
- [ssh-pkcs11.c]
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-vendor
mailing list