From owner-svn-src-all@freebsd.org Thu Jul 2 13:15:35 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3C27993049; Thu, 2 Jul 2015 13:15:35 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B00D92B3F; Thu, 2 Jul 2015 13:15:35 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t62DFZTn041823; Thu, 2 Jul 2015 13:15:35 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t62DFZUf041820; Thu, 2 Jul 2015 13:15:35 GMT (envelope-from des@FreeBSD.org) Message-Id: <201507021315.t62DFZUf041820@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Thu, 2 Jul 2015 13:15:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r285031 - in vendor-crypto/openssh/dist: . contrib contrib/caldera contrib/cygwin contrib/redhat contrib/suse openbsd-compat openbsd-compat/regress regress regress/unittests regress/uni... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jul 2015 13:15:36 -0000 Author: des Date: Thu Jul 2 13:15:34 2015 New Revision: 285031 URL: https://svnweb.freebsd.org/changeset/base/285031 Log: Vendor import of OpenSSH 6.8p1. Added: vendor-crypto/openssh/dist/.cvsignore vendor-crypto/openssh/dist/bitmap.c (contents, props changed) vendor-crypto/openssh/dist/bitmap.h (contents, props changed) vendor-crypto/openssh/dist/opacket.c (contents, props changed) vendor-crypto/openssh/dist/opacket.h (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/.cvsignore vendor-crypto/openssh/dist/openbsd-compat/md5.c (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/md5.h (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/reallocarray.c (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/regress/.cvsignore vendor-crypto/openssh/dist/openbsd-compat/rmd160.c (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/rmd160.h (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/sha1.c (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/sha1.h (contents, props changed) vendor-crypto/openssh/dist/regress/.cvsignore vendor-crypto/openssh/dist/regress/hostkey-agent.sh (contents, props changed) vendor-crypto/openssh/dist/regress/hostkey-rotate.sh (contents, props changed) vendor-crypto/openssh/dist/regress/keygen-knownhosts.sh (contents, props changed) vendor-crypto/openssh/dist/regress/limit-keytype.sh (contents, props changed) vendor-crypto/openssh/dist/regress/multipubkey.sh (contents, props changed) vendor-crypto/openssh/dist/regress/netcat.c (contents, props changed) vendor-crypto/openssh/dist/regress/t11.ok vendor-crypto/openssh/dist/regress/unittests/bitmap/ vendor-crypto/openssh/dist/regress/unittests/bitmap/Makefile (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/bitmap/tests.c (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/hostkeys/ vendor-crypto/openssh/dist/regress/unittests/hostkeys/Makefile (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/hostkeys/mktestdata.sh (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/hostkeys/test_iterate.c (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/dsa_1.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/dsa_2.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/dsa_3.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/dsa_4.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/dsa_5.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/dsa_6.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ecdsa_1.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ecdsa_2.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ecdsa_3.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ecdsa_4.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ecdsa_5.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ecdsa_6.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ed25519_1.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ed25519_2.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ed25519_3.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ed25519_4.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ed25519_5.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/ed25519_6.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/known_hosts vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa1_1.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa1_2.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa1_3.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa1_4.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa1_5.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa1_6.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa_1.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa_2.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa_3.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa_4.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa_5.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/rsa_6.pub vendor-crypto/openssh/dist/regress/unittests/hostkeys/tests.c (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/kex/ vendor-crypto/openssh/dist/regress/unittests/kex/Makefile (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/kex/test_kex.c (contents, props changed) vendor-crypto/openssh/dist/regress/unittests/kex/tests.c (contents, props changed) vendor-crypto/openssh/dist/regress/valgrind-unit.sh (contents, props changed) vendor-crypto/openssh/dist/scard/.cvsignore vendor-crypto/openssh/dist/ssh_api.c (contents, props changed) vendor-crypto/openssh/dist/ssh_api.h (contents, props changed) Deleted: vendor-crypto/openssh/dist/compress.c vendor-crypto/openssh/dist/compress.h vendor-crypto/openssh/dist/contrib/caldera/ Modified: vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/Makefile.in vendor-crypto/openssh/dist/PROTOCOL vendor-crypto/openssh/dist/PROTOCOL.krl vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/atomicio.c vendor-crypto/openssh/dist/auth-options.c vendor-crypto/openssh/dist/auth-options.h vendor-crypto/openssh/dist/auth-rh-rsa.c vendor-crypto/openssh/dist/auth-rhosts.c vendor-crypto/openssh/dist/auth-rsa.c vendor-crypto/openssh/dist/auth.c vendor-crypto/openssh/dist/auth.h vendor-crypto/openssh/dist/auth1.c vendor-crypto/openssh/dist/auth2-chall.c vendor-crypto/openssh/dist/auth2-gss.c vendor-crypto/openssh/dist/auth2-hostbased.c vendor-crypto/openssh/dist/auth2-pubkey.c vendor-crypto/openssh/dist/auth2.c vendor-crypto/openssh/dist/authfd.c vendor-crypto/openssh/dist/authfd.h vendor-crypto/openssh/dist/authfile.c vendor-crypto/openssh/dist/authfile.h vendor-crypto/openssh/dist/bufbn.c vendor-crypto/openssh/dist/buffer.h vendor-crypto/openssh/dist/canohost.c vendor-crypto/openssh/dist/channels.c vendor-crypto/openssh/dist/channels.h vendor-crypto/openssh/dist/cipher-3des1.c vendor-crypto/openssh/dist/cipher-aesctr.c vendor-crypto/openssh/dist/cipher-bf1.c vendor-crypto/openssh/dist/cipher-chachapoly.c vendor-crypto/openssh/dist/cipher-ctr.c vendor-crypto/openssh/dist/cipher.c vendor-crypto/openssh/dist/cipher.h vendor-crypto/openssh/dist/clientloop.c vendor-crypto/openssh/dist/compat.c vendor-crypto/openssh/dist/compat.h vendor-crypto/openssh/dist/config.h.in vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/Makefile vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config vendor-crypto/openssh/dist/contrib/cygwin/ssh-user-config vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/deattack.c vendor-crypto/openssh/dist/deattack.h vendor-crypto/openssh/dist/defines.h vendor-crypto/openssh/dist/dh.c vendor-crypto/openssh/dist/dh.h vendor-crypto/openssh/dist/digest-libc.c vendor-crypto/openssh/dist/digest-openssl.c vendor-crypto/openssh/dist/digest.h vendor-crypto/openssh/dist/dispatch.c vendor-crypto/openssh/dist/dispatch.h vendor-crypto/openssh/dist/dns.c vendor-crypto/openssh/dist/dns.h vendor-crypto/openssh/dist/entropy.c vendor-crypto/openssh/dist/ge25519.h vendor-crypto/openssh/dist/groupaccess.c vendor-crypto/openssh/dist/gss-genr.c vendor-crypto/openssh/dist/gss-serv.c vendor-crypto/openssh/dist/hmac.c vendor-crypto/openssh/dist/hostfile.c vendor-crypto/openssh/dist/hostfile.h vendor-crypto/openssh/dist/includes.h vendor-crypto/openssh/dist/kex.c vendor-crypto/openssh/dist/kex.h vendor-crypto/openssh/dist/kexc25519.c vendor-crypto/openssh/dist/kexc25519c.c vendor-crypto/openssh/dist/kexc25519s.c vendor-crypto/openssh/dist/kexdh.c vendor-crypto/openssh/dist/kexdhc.c vendor-crypto/openssh/dist/kexdhs.c vendor-crypto/openssh/dist/kexecdh.c vendor-crypto/openssh/dist/kexecdhc.c vendor-crypto/openssh/dist/kexecdhs.c vendor-crypto/openssh/dist/kexgex.c vendor-crypto/openssh/dist/kexgexc.c vendor-crypto/openssh/dist/kexgexs.c vendor-crypto/openssh/dist/key.c vendor-crypto/openssh/dist/key.h vendor-crypto/openssh/dist/krl.c vendor-crypto/openssh/dist/krl.h vendor-crypto/openssh/dist/loginrec.c vendor-crypto/openssh/dist/mac.c vendor-crypto/openssh/dist/mac.h vendor-crypto/openssh/dist/misc.c vendor-crypto/openssh/dist/moduli.0 vendor-crypto/openssh/dist/moduli.c vendor-crypto/openssh/dist/monitor.c vendor-crypto/openssh/dist/monitor.h vendor-crypto/openssh/dist/monitor_fdpass.c vendor-crypto/openssh/dist/monitor_mm.c vendor-crypto/openssh/dist/monitor_wrap.c vendor-crypto/openssh/dist/monitor_wrap.h vendor-crypto/openssh/dist/msg.c vendor-crypto/openssh/dist/msg.h vendor-crypto/openssh/dist/mux.c vendor-crypto/openssh/dist/openbsd-compat/Makefile.in vendor-crypto/openssh/dist/openbsd-compat/arc4random.c vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h vendor-crypto/openssh/dist/openbsd-compat/port-tun.c vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c vendor-crypto/openssh/dist/openbsd-compat/sha2.c vendor-crypto/openssh/dist/openbsd-compat/sha2.h vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c vendor-crypto/openssh/dist/packet.c vendor-crypto/openssh/dist/packet.h vendor-crypto/openssh/dist/progressmeter.c vendor-crypto/openssh/dist/progressmeter.h vendor-crypto/openssh/dist/readconf.c vendor-crypto/openssh/dist/readconf.h vendor-crypto/openssh/dist/regress/Makefile vendor-crypto/openssh/dist/regress/agent-pkcs11.sh vendor-crypto/openssh/dist/regress/agent-timeout.sh vendor-crypto/openssh/dist/regress/agent.sh vendor-crypto/openssh/dist/regress/broken-pipe.sh vendor-crypto/openssh/dist/regress/cert-hostkey.sh vendor-crypto/openssh/dist/regress/cfgmatch.sh vendor-crypto/openssh/dist/regress/cipher-speed.sh vendor-crypto/openssh/dist/regress/connect-privsep.sh vendor-crypto/openssh/dist/regress/connect.sh vendor-crypto/openssh/dist/regress/dynamic-forward.sh vendor-crypto/openssh/dist/regress/exit-status.sh vendor-crypto/openssh/dist/regress/forcecommand.sh vendor-crypto/openssh/dist/regress/forward-control.sh vendor-crypto/openssh/dist/regress/forwarding.sh vendor-crypto/openssh/dist/regress/host-expand.sh vendor-crypto/openssh/dist/regress/integrity.sh vendor-crypto/openssh/dist/regress/key-options.sh vendor-crypto/openssh/dist/regress/keygen-change.sh vendor-crypto/openssh/dist/regress/keyscan.sh vendor-crypto/openssh/dist/regress/krl.sh vendor-crypto/openssh/dist/regress/localcommand.sh vendor-crypto/openssh/dist/regress/multiplex.sh vendor-crypto/openssh/dist/regress/proto-mismatch.sh vendor-crypto/openssh/dist/regress/proto-version.sh vendor-crypto/openssh/dist/regress/proxy-connect.sh vendor-crypto/openssh/dist/regress/reconfigure.sh vendor-crypto/openssh/dist/regress/reexec.sh vendor-crypto/openssh/dist/regress/rekey.sh vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh vendor-crypto/openssh/dist/regress/stderr-data.sh vendor-crypto/openssh/dist/regress/t4.ok vendor-crypto/openssh/dist/regress/test-exec.sh vendor-crypto/openssh/dist/regress/transfer.sh vendor-crypto/openssh/dist/regress/try-ciphers.sh vendor-crypto/openssh/dist/regress/unittests/Makefile vendor-crypto/openssh/dist/regress/unittests/Makefile.inc vendor-crypto/openssh/dist/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c vendor-crypto/openssh/dist/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c vendor-crypto/openssh/dist/regress/unittests/sshkey/common.c vendor-crypto/openssh/dist/regress/unittests/sshkey/mktestdata.sh vendor-crypto/openssh/dist/regress/unittests/sshkey/test_file.c vendor-crypto/openssh/dist/regress/unittests/sshkey/test_fuzz.c vendor-crypto/openssh/dist/regress/unittests/sshkey/test_sshkey.c vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/dsa_1-cert.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/dsa_1.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/dsa_2.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/ecdsa_1-cert.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/ecdsa_1.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/ecdsa_2.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/ed25519_1-cert.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/ed25519_1.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/ed25519_2.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa1_1.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa1_2.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1-cert.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1.fp vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_2.fp vendor-crypto/openssh/dist/regress/unittests/test_helper/Makefile vendor-crypto/openssh/dist/regress/unittests/test_helper/fuzz.c vendor-crypto/openssh/dist/regress/unittests/test_helper/test_helper.c vendor-crypto/openssh/dist/regress/unittests/test_helper/test_helper.h vendor-crypto/openssh/dist/regress/yes-head.sh vendor-crypto/openssh/dist/rijndael.c vendor-crypto/openssh/dist/roaming_client.c vendor-crypto/openssh/dist/roaming_common.c vendor-crypto/openssh/dist/roaming_dummy.c vendor-crypto/openssh/dist/sandbox-systrace.c vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/scp.1 vendor-crypto/openssh/dist/scp.c vendor-crypto/openssh/dist/servconf.c vendor-crypto/openssh/dist/servconf.h vendor-crypto/openssh/dist/serverloop.c vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/sftp-client.c vendor-crypto/openssh/dist/sftp-client.h vendor-crypto/openssh/dist/sftp-common.c vendor-crypto/openssh/dist/sftp-common.h vendor-crypto/openssh/dist/sftp-glob.c vendor-crypto/openssh/dist/sftp-server.0 vendor-crypto/openssh/dist/sftp-server.8 vendor-crypto/openssh/dist/sftp-server.c vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/sftp.1 vendor-crypto/openssh/dist/sftp.c vendor-crypto/openssh/dist/ssh-add.0 vendor-crypto/openssh/dist/ssh-add.1 vendor-crypto/openssh/dist/ssh-add.c vendor-crypto/openssh/dist/ssh-agent.0 vendor-crypto/openssh/dist/ssh-agent.1 vendor-crypto/openssh/dist/ssh-agent.c vendor-crypto/openssh/dist/ssh-dss.c vendor-crypto/openssh/dist/ssh-ecdsa.c vendor-crypto/openssh/dist/ssh-ed25519.c vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keygen.1 vendor-crypto/openssh/dist/ssh-keygen.c vendor-crypto/openssh/dist/ssh-keyscan.0 vendor-crypto/openssh/dist/ssh-keyscan.1 vendor-crypto/openssh/dist/ssh-keyscan.c vendor-crypto/openssh/dist/ssh-keysign.0 vendor-crypto/openssh/dist/ssh-keysign.c vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.c vendor-crypto/openssh/dist/ssh-pkcs11.c vendor-crypto/openssh/dist/ssh-pkcs11.h vendor-crypto/openssh/dist/ssh-rsa.c vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.1 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/ssh_config.5 vendor-crypto/openssh/dist/sshbuf-getput-basic.c vendor-crypto/openssh/dist/sshbuf-getput-crypto.c vendor-crypto/openssh/dist/sshbuf-misc.c vendor-crypto/openssh/dist/sshbuf.c vendor-crypto/openssh/dist/sshbuf.h vendor-crypto/openssh/dist/sshconnect.c vendor-crypto/openssh/dist/sshconnect1.c vendor-crypto/openssh/dist/sshconnect2.c vendor-crypto/openssh/dist/sshd.0 vendor-crypto/openssh/dist/sshd.8 vendor-crypto/openssh/dist/sshd.c vendor-crypto/openssh/dist/sshd_config vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/sshd_config.5 vendor-crypto/openssh/dist/ssherr.c vendor-crypto/openssh/dist/ssherr.h vendor-crypto/openssh/dist/sshkey.c vendor-crypto/openssh/dist/sshkey.h vendor-crypto/openssh/dist/sshlogin.c vendor-crypto/openssh/dist/sshpty.c vendor-crypto/openssh/dist/uidswap.c vendor-crypto/openssh/dist/version.h vendor-crypto/openssh/dist/xmalloc.c Added: vendor-crypto/openssh/dist/.cvsignore ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-crypto/openssh/dist/.cvsignore Thu Jul 2 13:15:34 2015 (r285031) @@ -0,0 +1,28 @@ +*.0 +*.out +Makefile +autom4te.cache +buildit.sh +buildpkg.sh +config.cache +config.h +config.h.in +config.log +config.status +configure +openssh.xml +opensshd.init +scp +sftp +sftp-server +ssh +ssh-add +ssh-agent +ssh-keygen +ssh-keyscan +ssh-keysign +ssh-pkcs11-helper +sshd +stamp-h.in +survey +survey.sh Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Thu Jul 2 12:53:22 2015 (r285030) +++ vendor-crypto/openssh/dist/ChangeLog Thu Jul 2 13:15:34 2015 (r285031) @@ -1,3817 +1,8584 @@ -20131006 - - (djm) Release OpenSSH-6.7 +commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb +Author: Tim Rice +Date: Mon Mar 16 22:49:20 2015 -0700 -20141003 - - (djm) [sshd_config.5] typo; from Iain Morgan + portability fix: Solaris systems may not have a grep that understands -q -20141001 - - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c] - [openbsd-compat/openbsd-compat.h] Kludge around bad glibc - _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; - ok dtucker@ - -20140910 - - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc; - patch from Felix von Leitner; ok dtucker - -20140908 - - (dtucker) [INSTALL] Update info about egd. ok djm@ - -20140904 - - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG - -20140903 - - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and - conditionalise to avoid duplicate definition. - - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to - permissions/ACLs; from Corinna Vinschen - -20140830 - - (djm) [openbsd-compat/openssl-compat.h] add - OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them - - (djm) [misc.c] Missing newline between functions - - (djm) [openbsd-compat/openssl-compat.h] add include guard - - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ - -20140827 - - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] - [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] - [regress/unittests/sshkey/common.c] - [regress/unittests/sshkey/test_file.c] - [regress/unittests/sshkey/test_fuzz.c] - [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h - on !ECC OpenSSL systems - - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth - monitor, not preauth; bz#2263 - - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() - using memset_s() where possible; improve fallback to indirect bzero - via a volatile pointer to give it more of a chance to avoid being - optimised away. - -20140825 - - (djm) [bufec.c] Skip this file on !ECC OpenSSL - - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, - update OpenSSL version requirement. - -20140824 - - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not - PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen - -20140823 - - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on - lastlog writing on platforms with high UIDs; bz#2263 - - (djm) [configure.ac] We now require a working vsnprintf everywhere (not - just for systems that lack asprintf); check for it always and extend - test to catch more brokenness. Fixes builds on Solaris <= 9 - -20140822 - - (djm) [configure.ac] include leading zero characters in OpenSSL version - number; fixes test for unsupported versions - - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC - - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ - definition mismatch) and warning for broken/missing snprintf case. - - (djm) [configure.ac] double braces to appease autoconf - -20140821 - - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. - - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL - - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that - don't set __progname. Diagnosed by Tom Christensen. - -20140820 - - (djm) [configure.ac] Check OpenSSL version is supported at configure time; - suggested by Kevin Brott - - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than - -L/-l; fixes linking problems on some platforms - - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC - - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna - -20140819 - - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen - - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. - - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG - - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README] - [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions - of TCP wrappers. - -20140811 - - (djm) [myproposal.h] Make curve25519 KEX dependent on - HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC. - -20140810 - - (djm) [README contrib/caldera/openssh.spec] - [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions - -20140801 - - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need - a better solution, but this will have to do for now. - - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin - is closed; avoid regress failures when stdin is /dev/null - - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate - nc from stdin, it's more portable - -20140730 - - OpenBSD CVS Sync - - millert@cvs.openbsd.org 2014/07/24 22:57:10 - [ssh.1] - Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@ - - dtucker@cvs.openbsd.org 2014/07/25 21:22:03 - [ssh-agent.c] - Clear buffer used for handling messages. This prevents keys being - left in memory after they have been expired or deleted in some cases - (but note that ssh-agent is setgid so you would still need root to - access them). Pointed out by Kevin Burns, ok deraadt - - schwarze@cvs.openbsd.org 2014/07/28 15:40:08 - [sftp-server.8 sshd_config.5] - some systems no longer need /dev/log; - issue noticed by jirib; - ok deraadt - -20140725 - - (djm) [regress/multiplex.sh] restore incorrectly deleted line; - pointed out by Christian Hesse - -20140722 - - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow; - put it back - - (djm) [regress/multiplex.sh] change the test for still-open Unix - domain sockets to be robust against nc implementations that produce - error messages. - - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa- - specific tests inside OPENSSL_HAS_ECC. - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2014/07/22 01:18:50 - [key.c] - Prevent spam from key_load_private_pem during hostbased auth. ok djm@ - - guenther@cvs.openbsd.org 2014/07/22 07:13:42 - [umac.c] - Convert from to the shiney new - ok dtucker@, who also confirmed that -portable handles this already - (ID sync only, includes.h pulls in endian.h if available.) - - djm@cvs.openbsd.org 2014/07/22 01:32:12 - [regress/multiplex.sh] - change the test for still-open Unix domain sockets to be robust against - nc implementations that produce error messages. from -portable - (Id sync only) - - dtucker@cvs.openbsd.org 2014/07/22 23:23:22 - [regress/unittests/sshkey/mktestdata.sh] - Sign test certs with ed25519 instead of ecdsa so that they'll work in - -portable on platforms that don't have ECDSA in their OpenSSL. ok djm - - dtucker@cvs.openbsd.org 2014/07/22 23:57:40 - [regress/unittests/sshkey/mktestdata.sh] - Add $OpenBSD tag to make syncs easier - - dtucker@cvs.openbsd.org 2014/07/22 23:35:38 - [regress/unittests/sshkey/testdata/*] - Regenerate test keys with certs signed with ed25519 instead of ecdsa. - These can be used in -portable on platforms that don't support ECDSA. - -20140721 - - OpenBSD CVS Sync - - millert@cvs.openbsd.org 2014/07/15 15:54:15 - [forwarding.sh multiplex.sh] - Add support for Unix domain socket forwarding. A remote TCP port - may be forwarded to a local Unix domain socket and vice versa or - both ends may be a Unix domain socket. This is a reimplementation - of the streamlocal patches by William Ahern from: - http://www.25thandclement.com/~william/projects/streamlocal.html - OK djm@ markus@ - - (djm) [regress/multiplex.sh] Not all netcat accept the -N option. - - (dtucker) [sshkey.c] ifdef out unused variable when compiling without - OPENSSL_HAS_ECC. - -20140721 - - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits - needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm - - (dtucker) [regress/unittests/sshkey/ - {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in - ifdefs. - -20140719 - - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used - in servconf.h. - -20140718 - - OpenBSD CVS Sync - - millert@cvs.openbsd.org 2014/07/15 15:54:14 - [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] - [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] - [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] - [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] - [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] - [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] - [sshd_config.5 sshlogin.c] - Add support for Unix domain socket forwarding. A remote TCP port - may be forwarded to a local Unix domain socket and vice versa or - both ends may be a Unix domain socket. This is a reimplementation - of the streamlocal patches by William Ahern from: - http://www.25thandclement.com/~william/projects/streamlocal.html - OK djm@ markus@ - - jmc@cvs.openbsd.org 2014/07/16 14:48:57 - [ssh.1] - add the streamlocal* options to ssh's -o list; millert says they're - irrelevant for scp/sftp; - ok markus millert - - djm@cvs.openbsd.org 2014/07/17 00:10:56 - [sandbox-systrace.c] - ifdef SYS_sendsyslog so this will compile without patching on -stable - - djm@cvs.openbsd.org 2014/07/17 00:10:18 - [mux.c] - preserve errno across syscall - - djm@cvs.openbsd.org 2014/07/17 00:12:03 - [key.c] - silence "incorrect passphrase" error spam; reported and ok dtucker@ - - djm@cvs.openbsd.org 2014/07/17 07:22:19 - [mux.c ssh.c] - reflect stdio-forward ("ssh -W host:port ...") failures in exit status. - previously we were always returning 0. bz#2255 reported by Brendan - Germain; ok dtucker - - djm@cvs.openbsd.org 2014/07/18 02:46:01 - [ssh-agent.c] - restore umask around listener socket creation (dropped in streamlocal patch - merge) - - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used - in servconf.h. - - (dtucker) [Makefile.in] Add a t-exec target to run just the executable - tests. - - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC. - -20140717 - - (djm) [digest-openssl.c] Preserve array order when disabling digests. - Reported by Petr Lautrbach. - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2014/07/11 08:09:54 - [sandbox-systrace.c] - Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, - update your kernels and sshd soon.. libc will start using sendsyslog() - in about 4 days. - - tedu@cvs.openbsd.org 2014/07/11 13:54:34 - [myproposal.h] - by popular demand, add back hamc-sha1 to server proposal for better compat - with many clients still in use. ok deraadt - -20140715 - - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto - has been located; fixes builds agains libressl-portable - -20140711 - - OpenBSD CVS Sync - - benno@cvs.openbsd.org 2014/07/09 14:15:56 - [ssh-add.c] - fix ssh-add crash while loading more than one key - ok markus@ +commit 8ef691f7d9ef500257a549d0906d78187490668f +Author: Damien Miller +Date: Wed Mar 11 10:35:26 2015 +1100 -20140709 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/07/07 08:19:12 - [ssh_config.5] - mention that ProxyCommand is executed using shell "exec" to avoid - a lingering process; bz#1977 - - djm@cvs.openbsd.org 2014/07/09 01:45:10 - [sftp.c] - more useful error message when GLOB_NOSPACE occurs; - bz#2254, patch from Orion Poplawski - - djm@cvs.openbsd.org 2014/07/09 03:02:15 - [key.c] - downgrade more error() to debug() to better match what old authfile.c - did; suppresses spurious errors with hostbased authentication enabled - - djm@cvs.openbsd.org 2014/07/06 07:42:03 - [multiplex.sh test-exec.sh] - add a hook to the cleanup() function to kill $SSH_PID if it is set - - use it to kill the mux master started in multiplex.sh (it was being left - around on fatal failures) - - djm@cvs.openbsd.org 2014/07/07 08:15:26 - [multiplex.sh] - remove forced-fatal that I stuck in there to test the new cleanup - logic and forgot to remove... - -20140706 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/07/03 23:18:35 - [authfile.h] - remove leakmalloc droppings - - djm@cvs.openbsd.org 2014/07/05 23:11:48 - [channels.c] - fix remote-forward cancel regression; ok markus@ - -20140704 - - OpenBSD CVS Sync - - jsing@cvs.openbsd.org 2014/07/03 12:42:16 - [cipher-chachapoly.c] - Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this - makes it easier to verify that chacha_encrypt_bytes() is only called once - per chacha_ivsetup() call. - ok djm@ - - djm@cvs.openbsd.org 2014/07/03 22:23:46 - [sshconnect.c] - when rekeying, skip file/DNS lookup if it is the same as the key sent - during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ - - djm@cvs.openbsd.org 2014/07/03 22:33:41 - [channels.c] - allow explicit ::1 and 127.0.0.1 forwarding bind addresses when - GatewayPorts=no; allows client to choose address family; - bz#2222 ok markus@ - - djm@cvs.openbsd.org 2014/07/03 22:40:43 - [servconf.c servconf.h session.c sshd.8 sshd_config.5] - Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is - executed, mirroring the no-user-rc authorized_keys option; - bz#2160; ok markus@ - -20140703 - - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto - doesn't support it. - - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist; - bz#2237 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/07/03 01:45:38 - [sshkey.c] - make Ed25519 keys' title fit properly in the randomart border; bz#2247 - based on patch from Christian Hesse - - djm@cvs.openbsd.org 2014/07/03 03:11:03 - [ssh-agent.c] - Only cleanup agent socket in the main agent process and not in any - subprocesses it may have started (e.g. forked askpass). Fixes - agent sockets being zapped when askpass processes fatal(); - bz#2236 patch from Dmitry V. Levin - - djm@cvs.openbsd.org 2014/07/03 03:15:01 - [ssh-add.c] - make stdout line-buffered; saves partial output getting lost when - ssh-add fatal()s part-way through (e.g. when listing keys from an - agent that supports key types that ssh-add doesn't); - bz#2234, reported by Phil Pennock - - djm@cvs.openbsd.org 2014/07/03 03:26:43 - [digest-openssl.c] - use EVP_Digest() for one-shot hash instead of creating, updating, - finalising and destroying a context. - bz#2231, based on patch from Timo Teras - - djm@cvs.openbsd.org 2014/07/03 03:34:09 - [gss-serv.c session.c ssh-keygen.c] - standardise on NI_MAXHOST for gethostname() string lengths; about - 1/2 the cases were using it already. Fixes bz#2239 en passant - - djm@cvs.openbsd.org 2014/07/03 03:47:27 - [ssh-keygen.c] - When hashing or removing hosts using ssh-keygen, don't choke on - @revoked markers and don't remove @cert-authority markers; - bz#2241, reported by mlindgren AT runelind.net - - djm@cvs.openbsd.org 2014/07/03 04:36:45 - [digest.h] - forward-declare struct sshbuf so consumers don't need to include sshbuf.h - - djm@cvs.openbsd.org 2014/07/03 05:32:36 - [ssh_config.5] - mention '%%' escape sequence in HostName directives and how it may - be used to specify IPv6 link-local addresses - - djm@cvs.openbsd.org 2014/07/03 05:38:17 - [ssh.1] - document that -g will only work in the multiplexed case if applied to - the mux master - - djm@cvs.openbsd.org 2014/07/03 06:39:19 - [ssh.c ssh_config.5] - Add a %C escape sequence for LocalCommand and ControlPath that expands - to a unique identifer based on a has of the tuple of (local host, - remote user, hostname, port). - - Helps avoid exceeding sockaddr_un's miserly pathname limits for mux - control paths. - - bz#2220, based on patch from mancha1 AT zoho.com; ok markus@ - - jmc@cvs.openbsd.org 2014/07/03 07:45:27 - [ssh_config.5] - escape %C since groff thinks it part of an Rs/Re block; - - djm@cvs.openbsd.org 2014/07/03 11:16:55 - [auth.c auth.h auth1.c auth2.c] - make the "Too many authentication failures" message include the - user, source address, port and protocol in a format similar to the - authentication success / failure messages; bz#2199, ok dtucker - -20140702 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2014/06/13 08:26:29 - [sandbox-systrace.c] - permit SYS_getentropy - from matthew - - matthew@cvs.openbsd.org 2014/06/18 02:59:13 - [sandbox-systrace.c] - Now that we have a dedicated getentropy(2) system call for - arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace - sandbox. - - ok djm - - naddy@cvs.openbsd.org 2014/06/18 15:42:09 - [sshbuf-getput-crypto.c] - The ssh_get_bignum functions must accept the same range of bignums - the corresponding ssh_put_bignum functions create. This fixes the - use of 16384-bit RSA keys (bug reported by Eivind Evensen). - ok djm@ - - djm@cvs.openbsd.org 2014/06/24 00:52:02 - [krl.c] - fix bug in KRL generation: multiple consecutive revoked certificate - serial number ranges could be serialised to an invalid format. - - Readers of a broken KRL caused by this bug will fail closed, so no - should-have-been-revoked key will be accepted. - - djm@cvs.openbsd.org 2014/06/24 01:13:21 - [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c - [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c - [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h - [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h - [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h - [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c - [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c - [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c - [sshconnect2.c sshd.c sshkey.c sshkey.h - [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] - New key API: refactor key-related functions to be more library-like, - existing API is offered as a set of wrappers. - - with and ok markus@ - - Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew - Dempsky and Ron Bowes for a detailed review a few months ago. - NB. This commit also removes portable OpenSSH support for OpenSSL - <0.9.8e. - - djm@cvs.openbsd.org 2014/06/24 02:19:48 - [ssh.c] - don't fatal() when hostname canonicalisation fails with a - ProxyCommand in use; continue and allow the ProxyCommand to - connect anyway (e.g. to a host with a name outside the DNS - behind a bastion) - - djm@cvs.openbsd.org 2014/06/24 02:21:01 - [scp.c] - when copying local->remote fails during read, don't send uninitialised - heap to the remote end. Reported by Jann Horn - - deraadt@cvs.openbsd.org 2014/06/25 14:16:09 - [sshbuf.c] - unblock SIGSEGV before raising it - ok djm - - markus@cvs.openbsd.org 2014/06/27 16:41:56 - [channels.c channels.h clientloop.c ssh.c] - fix remote fwding with same listen port but different listen address - with gerhard@, ok djm@ - - markus@cvs.openbsd.org 2014/06/27 18:50:39 - [ssh-add.c] - fix loading of private keys - - djm@cvs.openbsd.org 2014/06/30 12:54:39 - [key.c] - suppress spurious error message when loading key with a passphrase; - reported by kettenis@ ok markus@ - - djm@cvs.openbsd.org 2014/07/02 04:59:06 - [cipher-3des1.c] - fix ssh protocol 1 on the server that regressed with the sshkey change - (sometimes fatal() after auth completed), make file return useful status - codes. - NB. Id sync only for these two. They were bundled into the sshkey merge - above, since it was easier to sync the entire file and then apply - portable-specific changed atop it. - - djm@cvs.openbsd.org 2014/04/30 05:32:00 - [regress/Makefile] - unit tests for new buffer API; including basic fuzz testing - NB. Id sync only. - - djm@cvs.openbsd.org 2014/05/21 07:04:21 - [regress/integrity.sh] - when failing because of unexpected output, show the offending output - - djm@cvs.openbsd.org 2014/06/24 01:04:43 - [regress/krl.sh] - regress test for broken consecutive revoked serial number ranges - - djm@cvs.openbsd.org 2014/06/24 01:14:17 - [Makefile.in regress/Makefile regress/unittests/Makefile] - [regress/unittests/sshkey/Makefile] - [regress/unittests/sshkey/common.c] - [regress/unittests/sshkey/common.h] - [regress/unittests/sshkey/mktestdata.sh] - [regress/unittests/sshkey/test_file.c] - [regress/unittests/sshkey/test_fuzz.c] - [regress/unittests/sshkey/test_sshkey.c] - [regress/unittests/sshkey/tests.c] - [regress/unittests/sshkey/testdata/dsa_1] - [regress/unittests/sshkey/testdata/dsa_1-cert.fp] - [regress/unittests/sshkey/testdata/dsa_1-cert.pub] - [regress/unittests/sshkey/testdata/dsa_1.fp] - [regress/unittests/sshkey/testdata/dsa_1.fp.bb] - [regress/unittests/sshkey/testdata/dsa_1.param.g] - [regress/unittests/sshkey/testdata/dsa_1.param.priv] - [regress/unittests/sshkey/testdata/dsa_1.param.pub] - [regress/unittests/sshkey/testdata/dsa_1.pub] - [regress/unittests/sshkey/testdata/dsa_1_pw] - [regress/unittests/sshkey/testdata/dsa_2] - [regress/unittests/sshkey/testdata/dsa_2.fp] - [regress/unittests/sshkey/testdata/dsa_2.fp.bb] - [regress/unittests/sshkey/testdata/dsa_2.pub] - [regress/unittests/sshkey/testdata/dsa_n] - [regress/unittests/sshkey/testdata/dsa_n_pw] - [regress/unittests/sshkey/testdata/ecdsa_1] - [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] - [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] - [regress/unittests/sshkey/testdata/ecdsa_1.fp] - [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] - [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] - [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] - [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] - [regress/unittests/sshkey/testdata/ecdsa_1.pub] - [regress/unittests/sshkey/testdata/ecdsa_1_pw] - [regress/unittests/sshkey/testdata/ecdsa_2] - [regress/unittests/sshkey/testdata/ecdsa_2.fp] - [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] - [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] - [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] - [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] - [regress/unittests/sshkey/testdata/ecdsa_2.pub] - [regress/unittests/sshkey/testdata/ecdsa_n] - [regress/unittests/sshkey/testdata/ecdsa_n_pw] - [regress/unittests/sshkey/testdata/ed25519_1] - [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] - [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] - [regress/unittests/sshkey/testdata/ed25519_1.fp] - [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] - [regress/unittests/sshkey/testdata/ed25519_1.pub] - [regress/unittests/sshkey/testdata/ed25519_1_pw] - [regress/unittests/sshkey/testdata/ed25519_2] - [regress/unittests/sshkey/testdata/ed25519_2.fp] - [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] - [regress/unittests/sshkey/testdata/ed25519_2.pub] - [regress/unittests/sshkey/testdata/pw] - [regress/unittests/sshkey/testdata/rsa1_1] - [regress/unittests/sshkey/testdata/rsa1_1.fp] - [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] - [regress/unittests/sshkey/testdata/rsa1_1.param.n] - [regress/unittests/sshkey/testdata/rsa1_1.pub] - [regress/unittests/sshkey/testdata/rsa1_1_pw] - [regress/unittests/sshkey/testdata/rsa1_2] - [regress/unittests/sshkey/testdata/rsa1_2.fp] - [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] - [regress/unittests/sshkey/testdata/rsa1_2.param.n] - [regress/unittests/sshkey/testdata/rsa1_2.pub] - [regress/unittests/sshkey/testdata/rsa_1] - [regress/unittests/sshkey/testdata/rsa_1-cert.fp] - [regress/unittests/sshkey/testdata/rsa_1-cert.pub] - [regress/unittests/sshkey/testdata/rsa_1.fp] - [regress/unittests/sshkey/testdata/rsa_1.fp.bb] - [regress/unittests/sshkey/testdata/rsa_1.param.n] - [regress/unittests/sshkey/testdata/rsa_1.param.p] - [regress/unittests/sshkey/testdata/rsa_1.param.q] - [regress/unittests/sshkey/testdata/rsa_1.pub] - [regress/unittests/sshkey/testdata/rsa_1_pw] - [regress/unittests/sshkey/testdata/rsa_2] - [regress/unittests/sshkey/testdata/rsa_2.fp] - [regress/unittests/sshkey/testdata/rsa_2.fp.bb] - [regress/unittests/sshkey/testdata/rsa_2.param.n] - [regress/unittests/sshkey/testdata/rsa_2.param.p] - [regress/unittests/sshkey/testdata/rsa_2.param.q] - [regress/unittests/sshkey/testdata/rsa_2.pub] - [regress/unittests/sshkey/testdata/rsa_n] - [regress/unittests/sshkey/testdata/rsa_n_pw] - unit and fuzz tests for new key API - - (djm) [sshkey.c] Conditionalise inclusion of util.h - - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test - -20140618 - - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare - -20140617 - - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} - openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] - Move the OpenSSL header/library version test into its own function and add - tests for it. Fix it to allow fix version upgrades (but not downgrades). - Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). - ok djm@ chl@ - -20140616 - - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via - OpenSMTPD and chl@ - -20140612 - - (dtucker) [configure.ac] Remove tcpwrappers support, support has already - been removed from sshd.c. - -20140611 - - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from - openbsd-compat/bsd-asprintf.c. - - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*] - Wrap stdlib.h include an ifdef for platforms that don't have it. - - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for - u_intXX_t types. - -20140610 - - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c - regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 - curve tests if OpenSSL has them. - - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in - the proposal if the version of OpenSSL we're using doesn't support ECC. - - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef - ECC variable too. - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/06/05 22:17:50 - [sshconnect2.c] - fix inverted test that caused PKCS#11 keys that were explicitly listed - not to be preferred. Reported by Dirk-Willem van Gulik - - dtucker@cvs.openbsd.org 2014/06/10 21:46:11 - [sshbuf.h] - Group ECC functions together to make things a little easier in -portable. - "doesn't bother me" deraadt@ - - (dtucker) [sshbuf.h] Only declare ECC functions if building without - OpenSSL or if OpenSSL has ECC. - - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an - assigment that might get optimized out. ok djm@ - - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for - compat stuff, specifically whether or not OpenSSL has ECC. - -20140527 - - (djm) [cipher.c] Fix merge botch. - - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config - from Corinna Vinschen, fixing a number of bugs and preparing for - Cygwin 1.7.30. - - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] - [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege - separation user at runtime, since it may need to be a domain account. - Patch from Corinna Vinschen. - -20140522 - - (djm) [Makefile.in] typo in path - -20140521 - - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use - vhangup on Linux. It doens't work for non-root users, and for them - it just messes up the tty settings. - - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC - when it is available. It takes into account time spent suspended, - thereby ensuring timeouts (e.g. for expiring agent keys) fire - correctly. bz#2228 reported by John Haxby - -20140519 - - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine - OpenBSD - - OpenBSD CVS Sync - - logan@cvs.openbsd.org 2014/04/20 09:24:26 - [dns.c dns.h ssh-keygen.c] - Add support for SSHFP DNS records for ED25519 key types. - OK from djm@ - - logan@cvs.openbsd.org 2014/04/21 14:36:16 - [sftp-client.c sftp-client.h sftp.c] - Implement sftp upload resume support. - OK from djm@, with input from guenther@, mlarkin@ and - okan@ - - logan@cvs.openbsd.org 2014/04/22 10:07:12 - [sftp.c] - Sort the sftp command list. - OK from djm@ - - logan@cvs.openbsd.org 2014/04/22 12:42:04 - [sftp.1] - Document sftp upload resume. - OK from djm@, with feedback from okan@. - - jmc@cvs.openbsd.org 2014/04/22 14:16:30 - [sftp.1] - zap eol whitespace; - - djm@cvs.openbsd.org 2014/04/23 12:42:34 - [readconf.c] - don't record duplicate IdentityFiles - - djm@cvs.openbsd.org 2014/04/28 03:09:18 - [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] - [ssh-keygen.c] - buffer_get_string_ptr's return should be const to remind - callers that futzing with it will futz with the actual buffer - contents - - djm@cvs.openbsd.org 2014/04/29 13:10:30 - [clientloop.c serverloop.c] - bz#1818 - don't send channel success/failre replies on channels that - have sent a close already; analysis and patch from Simon Tatham; - ok markus@ - - markus@cvs.openbsd.org 2014/04/29 18:01:49 - [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] - [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] - [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] - [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] - make compiling against OpenSSL optional (make OPENSSL=no); - reduces algorithms to curve25519, aes-ctr, chacha, ed25519; - allows us to explore further options; with and ok djm - - dtucker@cvs.openbsd.org 2014/04/29 19:58:50 - [sftp.c] - Move nulling of variable next to where it's freed. ok markus@ - - dtucker@cvs.openbsd.org 2014/04/29 20:36:51 - [sftp.c] - Don't attempt to append a nul quote char to the filename. Should prevent - fatal'ing with "el_insertstr failed" when there's a single quote char - somewhere in the string. bz#2238, ok markus@ - - djm@cvs.openbsd.org 2014/04/30 05:29:56 - [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] - [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] - [ssherr.h] - New buffer API; the first installment of the conversion/replacement - of OpenSSH's internals to make them usable as a standalone library. - - This includes a set of wrappers to make it compatible with the - existing buffer API so replacement can occur incrementally. - - With and ok markus@ - - Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew - Dempsky and Ron Bowes for a detailed review. - - naddy@cvs.openbsd.org 2014/04/30 19:07:48 - [mac.c myproposal.h umac.c] - UMAC can use our local fallback implementation of AES when OpenSSL isn't - available. Glue code straight from Ted Krovetz's original umac.c. - ok markus@ - - djm@cvs.openbsd.org 2014/05/02 03:27:54 - [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] - [misc.h poly1305.h ssh-pkcs11.c defines.h] - revert __bounded change; it causes way more problems for portable than - it solves; pointed out by dtucker@ - - markus@cvs.openbsd.org 2014/05/03 17:20:34 - [monitor.c packet.c packet.h] - unbreak compression, by re-init-ing the compression code in the - post-auth child. the new buffer code is more strict, and requires - buffer_init() while the old code was happy after a bzero(); - originally from djm@ - - logan@cvs.openbsd.org 2014/05/05 07:02:30 - [sftp.c] - Zap extra whitespace. - - OK from djm@ and dtucker@ - - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write - portability glue to support building without libcrypto - - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c] - [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/03/13 20:44:49 - [login-timeout.sh] - this test is a sorry mess of race conditions; add another sleep - to avoid a failure on slow machines (at least until I find a - better way) - - djm@cvs.openbsd.org 2014/04/21 22:15:37 - [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh] - repair regress tests broken by server-side default cipher/kex/mac changes - by ensuring that the option under test is included in the server's - algorithm list - - dtucker@cvs.openbsd.org 2014/05/03 18:46:14 - [proxy-connect.sh] - Add tests for with and without compression, with and without privsep. - - logan@cvs.openbsd.org 2014/05/04 10:40:59 - [connect-privsep.sh] - Remove the Z flag from the list of malloc options as it - was removed from malloc.c 10 days ago. - - OK from miod@ - - (djm) [regress/unittests/Makefile] - [regress/unittests/Makefile.inc] - [regress/unittests/sshbuf/Makefile] - [regress/unittests/sshbuf/test_sshbuf.c] - [regress/unittests/sshbuf/test_sshbuf_fixed.c] - [regress/unittests/sshbuf/test_sshbuf_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] - [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] - [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_misc.c] - [regress/unittests/sshbuf/tests.c] - [regress/unittests/test_helper/Makefile] - [regress/unittests/test_helper/fuzz.c] - [regress/unittests/test_helper/test_helper.c] - [regress/unittests/test_helper/test_helper.h] - Import new unit tests from OpenBSD; not yet hooked up to build. - - (djm) [regress/Makefile Makefile.in] - [regress/unittests/sshbuf/test_sshbuf.c - [regress/unittests/sshbuf/test_sshbuf_fixed.c] - [regress/unittests/sshbuf/test_sshbuf_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] - [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] - [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] - [regress/unittests/sshbuf/test_sshbuf_misc.c] - [regress/unittests/sshbuf/tests.c] - [regress/unittests/test_helper/fuzz.c] - [regress/unittests/test_helper/test_helper.c] - Hook new unit tests into the build and "make tests" - - (djm) [sshbuf.c] need __predict_false - -20140430 - - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already - have it. Only attempt to use __attribute__(__bounded__) for gcc. - -20140420 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/03/03 22:22:30 - [session.c] - ignore enviornment variables with embedded '=' or '\0' characters; - spotted by Jann Horn; ok deraadt@ - Id sync only - portable already has this. - - djm@cvs.openbsd.org 2014/03/12 04:44:58 - [ssh-keyscan.c] - scan for Ed25519 keys by default too - - djm@cvs.openbsd.org 2014/03/12 04:50:32 - [auth-bsdauth.c ssh-keygen.c] - don't count on things that accept arguments by reference to clear - things for us on error; most things do, but it's unsafe form. - - djm@cvs.openbsd.org 2014/03/12 04:51:12 - [authfile.c] - correct test that kdf name is not "none" or "bcrypt" - - naddy@cvs.openbsd.org 2014/03/12 13:06:59 - [ssh-keyscan.1] - scan for Ed25519 keys by default too - - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 - [ssh-agent.c ssh-keygen.1 ssh-keygen.c] - Improve usage() and documentation towards the standard form. - In particular, this line saves a lot of man page reading time. - usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] - [-N new_passphrase] [-C comment] [-f output_keyfile] - ok schwarze jmc - - tedu@cvs.openbsd.org 2014/03/17 19:44:10 - [ssh.1] - old descriptions of des and blowfish are old. maybe ok deraadt - - tedu@cvs.openbsd.org 2014/03/19 14:42:44 - [scp.1] - there is no need for rcp anymore - ok deraadt millert - - markus@cvs.openbsd.org 2014/03/25 09:40:03 - [myproposal.h] - trimm default proposals. - - This commit removes the weaker pre-SHA2 hashes, the broken ciphers - (arcfour), and the broken modes (CBC) from the default configuration - (the patch only changes the default, all the modes are still available - for the config files). - - ok djm@, reminded by tedu@ & naddy@ and discussed with many - - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 - [myproposal.h] - The current sharing of myproposal[] between both client and server code - makes the previous diff highly unpallatable. We want to go in that - direction for the server, but not for the client. Sigh. - Brought up by naddy. - - markus@cvs.openbsd.org 2014/03/27 23:01:27 - [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] - disable weak proposals in sshd, but keep them in ssh; ok djm@ - - djm@cvs.openbsd.org 2014/03/26 04:55:35 - [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c - [misc.h poly1305.h ssh-pkcs11.c] - use __bounded(...) attribute recently added to sys/cdefs.h instead of - longform __attribute__(__bounded(...)); - - for brevity and a warning free compilation with llvm/clang - - tedu@cvs.openbsd.org 2014/03/26 19:58:37 - [sshd.8 sshd.c] - remove libwrap support. ok deraadt djm mfriedl - - naddy@cvs.openbsd.org 2014/03/28 05:17:11 - [ssh_config.5 sshd_config.5] - sync available and default algorithms, improve algorithm list formatting - help from jmc@ and schwarze@, ok deraadt@ - - jmc@cvs.openbsd.org 2014/03/31 13:39:34 - [ssh-keygen.1] - the text for the -K option was inserted in the wrong place in -r1.108; - fix From: Matthew Clarke - - djm@cvs.openbsd.org 2014/04/01 02:05:27 - [ssh-keysign.c] - include fingerprint of key not found - use arc4random_buf() instead of loop+arc4random() - - djm@cvs.openbsd.org 2014/04/01 03:34:10 - [sshconnect.c] - When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any - certificate keys to plain keys and attempt SSHFP resolution. - - Prevents a server from skipping SSHFP lookup and forcing a new-hostkey - dialog by offering only certificate keys. - - Reported by mcv21 AT cam.ac.uk - - djm@cvs.openbsd.org 2014/04/01 05:32:57 - [packet.c] - demote a debug3 to PACKET_DEBUG; ok markus@ - - djm@cvs.openbsd.org 2014/04/12 04:55:53 - [sshd.c] - avoid crash at exit: check that pmonitor!=NULL before dereferencing; - bz#2225, patch from kavi AT juniper.net - - djm@cvs.openbsd.org 2014/04/16 23:22:45 - [bufaux.c] - skip leading zero bytes in buffer_put_bignum2_from_string(); - reported by jan AT mojzis.com; ok markus@ - - djm@cvs.openbsd.org 2014/04/16 23:28:12 - [ssh-agent.1] - remove the identity files from this manpage - ssh-agent doesn't deal - with them at all and the same information is duplicated in ssh-add.1 - (which does deal with them); prodded by deraadt@ - - djm@cvs.openbsd.org 2014/04/18 23:52:25 - [compat.c compat.h sshconnect2.c sshd.c version.h] - OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections - using the curve25519-sha256@libssh.org KEX exchange method to fail - when connecting with something that implements the spec properly. - - Disable this KEX method when speaking to one of the affected - versions. - - reported by Aris Adamantiadis; ok markus@ - - djm@cvs.openbsd.org 2014/04/19 05:54:59 - [compat.c] - missing wildcard; pointed out by naddy@ - - tedu@cvs.openbsd.org 2014/04/19 14:53:48 - [ssh-keysign.c sshd.c] - Delete futile calls to RAND_seed. ok djm - NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon - - tedu@cvs.openbsd.org 2014/04/19 18:15:16 - [sshd.8] - remove some really old rsh references - - tedu@cvs.openbsd.org 2014/04/19 18:42:19 - [ssh.1] - delete .xr to hosts.equiv. there's still an unfortunate amount of - documentation referring to rhosts equivalency in here. - - djm@cvs.openbsd.org 2014/04/20 02:30:25 - [misc.c misc.h umac.c] - use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on - strict-alignment architectures; reported by and ok stsp@ - - djm@cvs.openbsd.org 2014/04/20 02:49:32 - [compat.c] - add a canonical 6.6 + curve25519 bignum fix fake version that I can - recommend people use ahead of the openssh-6.7 release - -20140401 - - (djm) On platforms that support it, use prctl() to prevent sftp-server - from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net - - (djm) Use full release (e.g. 6.5p1) in debug output rather than just - version. From des@des.no - -20140317 - - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to - remind myself to add sandbox violation logging via the log socket. - -20140314 - - (tim) [opensshd.init.in] Add support for ed25519 - -20140313 - - (djm) Release OpenSSH 6.6 - -20140304 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/03/03 22:22:30 - [session.c] - ignore enviornment variables with embedded '=' or '\0' characters; - spotted by Jann Horn; ok deraadt@ - -20140301 - - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when - no moduli file exists at the expected location. - -20140228 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2014/02/27 00:41:49 - [bufbn.c] - fix unsigned overflow that could lead to reading a short ssh protocol - 1 bignum value; found by Ben Hawkes; ok deraadt@ - - djm@cvs.openbsd.org 2014/02/27 08:25:09 - [bufbn.c] - off by one in range check - - djm@cvs.openbsd.org 2014/02/27 22:47:07 - [sshd_config.5] - bz#2184 clarify behaviour of a keyword that appears in multiple - matching Match blocks; ok dtucker@ - - djm@cvs.openbsd.org 2014/02/27 22:57:40 *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***