Date: Mon, 29 Feb 2016 11:19:59 -0500 From: Mike Tancsa <mike@sentex.net> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@freebsd.org>, "stable@freebsd.org" <stable@freebsd.org> Subject: Re: svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp... Message-ID: <56D46FAF.2010605@sentex.net> In-Reply-To: <201602071138.u17Bctwi038780@repo.freebsd.org> References: <201602071138.u17Bctwi038780@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I noticed on a server that I updated on Friday that incorporates r295367, some lightweight clients that were using aes128-cbc are now failing to connect. Is this a planned change ? If so, perhaps a heads up in UPDATING ? e.g. from an older client ssh -c aes128-cbc user@target.sentex.ca no matching cipher found: client aes128-cbc server chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com and running sshd -ddd debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 [preauth] debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth] debug2: kex_parse_kexinit: aes128-cbc [preauth] debug2: kex_parse_kexinit: aes128-cbc [preauth] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] Unable to negotiate with xx.yy.zz.146: no matching cipher found. Their offer: aes128-cbc [preauth] debug1: do_cleanup [preauth] On 2/7/2016 6:38 AM, Dag-Erling Smørgrav wrote: > Author: des > Date: Sun Feb 7 11:38:54 2016 > New Revision: 295367 > URL: https://svnweb.freebsd.org/changeset/base/295367 > > Log: > MFH (r265214, r294333, r294407, r294467): misc prop fixes > MFH (r285975, r287143): register mergeinfo for security fixes > MFH (r294497, r294498, r295139): internal documentation > MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap > MFH (r294332): upgrade to openssh 6.8p1 > MFH (r294367): update pam_ssh for api changes > MFH (r294909): switch usedns back on > MFH (r294336): upgrade to openssh 6.9p1 > MFH (r294495): re-enable dsa keys > MFH (r294464): upgrade to openssh 7.0p1 > MFH (r294496): upgrade to openssh 7.1p2 > > Approved by: re (gjb) > Relnotes: yes > > Added: > stable/10/crypto/openssh/.cvsignore > - copied unchanged from r294332, head/crypto/openssh/.cvsignore > stable/10/crypto/openssh/bitmap.c (contents, props changed) > - copied, changed from r294332, head/crypto/openssh/bitmap.c > - copied unchanged from r294332, head/crypto/openssh/bitmap.h > stable/10/crypto/openssh/cipher-aesctr.c > - copied, changed from r294328, head/crypto/openssh/cipher-aesctr.c > stable/10/crypto/openssh/cipher-aesctr.h > - copied unchanged from r294328, head/crypto/openssh/cipher-aesctr.h > - copied unchanged from r294332, head/crypto/openssh/opacket.c > - copied unchanged from r294332, head/crypto/openssh/opacket.h > stable/10/crypto/openssh/openbsd-compat/.cvsignore > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/.cvsignore > stable/10/crypto/openssh/openbsd-compat/kludge-fd_set.c > - copied unchanged from r294328, head/crypto/openssh/openbsd-compat/kludge-fd_set.c > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/md5.c > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/md5.h > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/reallocarray.c > stable/10/crypto/openssh/openbsd-compat/regress/.cvsignore > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/regress/.cvsignore > stable/10/crypto/openssh/openbsd-compat/regress/opensslvertest.c > - copied unchanged from r294328, head/crypto/openssh/openbsd-compat/regress/opensslvertest.c > stable/10/crypto/openssh/openbsd-compat/rmd160.c (contents, props changed) > - copied, changed from r294332, head/crypto/openssh/openbsd-compat/rmd160.c > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/rmd160.h > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/sha1.c > - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/sha1.h > stable/10/crypto/openssh/regress/.cvsignore > - copied unchanged from r294332, head/crypto/openssh/regress/.cvsignore > - copied unchanged from r294336, head/crypto/openssh/regress/cfgparse.sh > stable/10/crypto/openssh/regress/hostkey-agent.sh (contents, props changed) > - copied, changed from r294332, head/crypto/openssh/regress/hostkey-agent.sh > stable/10/crypto/openssh/regress/hostkey-rotate.sh (contents, props changed) > - copied, changed from r294332, head/crypto/openssh/regress/hostkey-rotate.sh > stable/10/crypto/openssh/regress/keygen-knownhosts.sh (contents, props changed) > - copied, changed from r294332, head/crypto/openssh/regress/keygen-knownhosts.sh > - copied unchanged from r294332, head/crypto/openssh/regress/limit-keytype.sh > - copied unchanged from r294332, head/crypto/openssh/regress/multipubkey.sh > stable/10/crypto/openssh/regress/netcat.c (contents, props changed) > - copied, changed from r294332, head/crypto/openssh/regress/netcat.c > stable/10/crypto/openssh/regress/principals-command.sh (contents, props changed) > - copied, changed from r294336, head/crypto/openssh/regress/principals-command.sh > stable/10/crypto/openssh/regress/t11.ok > - copied unchanged from r294332, head/crypto/openssh/regress/t11.ok > stable/10/crypto/openssh/regress/unittests/ > - copied from r294328, head/crypto/openssh/regress/unittests/ > stable/10/crypto/openssh/regress/unittests/bitmap/ > - copied from r294332, head/crypto/openssh/regress/unittests/bitmap/ > stable/10/crypto/openssh/regress/unittests/hostkeys/ > - copied from r294332, head/crypto/openssh/regress/unittests/hostkeys/ > stable/10/crypto/openssh/regress/unittests/kex/ > - copied from r294332, head/crypto/openssh/regress/unittests/kex/ > - copied unchanged from r294332, head/crypto/openssh/regress/valgrind-unit.sh > stable/10/crypto/openssh/scard/.cvsignore > - copied unchanged from r294332, head/crypto/openssh/scard/.cvsignore > - copied unchanged from r294332, head/crypto/openssh/ssh_api.c > - copied unchanged from r294332, head/crypto/openssh/ssh_api.h > stable/10/crypto/openssh/sshbuf-getput-basic.c > - copied, changed from r294328, head/crypto/openssh/sshbuf-getput-basic.c > stable/10/crypto/openssh/sshbuf-getput-crypto.c > - copied, changed from r294328, head/crypto/openssh/sshbuf-getput-crypto.c > stable/10/crypto/openssh/sshbuf-misc.c > - copied, changed from r294328, head/crypto/openssh/sshbuf-misc.c > stable/10/crypto/openssh/sshbuf.c > - copied, changed from r294328, head/crypto/openssh/sshbuf.c > stable/10/crypto/openssh/sshbuf.h > - copied, changed from r294328, head/crypto/openssh/sshbuf.h > stable/10/crypto/openssh/ssherr.c > - copied, changed from r294328, head/crypto/openssh/ssherr.c > stable/10/crypto/openssh/ssherr.h > - copied, changed from r294328, head/crypto/openssh/ssherr.h > stable/10/crypto/openssh/sshkey.c > - copied, changed from r294328, head/crypto/openssh/sshkey.c > stable/10/crypto/openssh/sshkey.h > - copied, changed from r294328, head/crypto/openssh/sshkey.h > Directory Properties: > stable/10/crypto/openssh/bitmap.h (props changed) > stable/10/crypto/openssh/opacket.c (props changed) > stable/10/crypto/openssh/opacket.h (props changed) > stable/10/crypto/openssh/openbsd-compat/md5.c (props changed) > stable/10/crypto/openssh/openbsd-compat/md5.h (props changed) > stable/10/crypto/openssh/openbsd-compat/reallocarray.c (props changed) > stable/10/crypto/openssh/openbsd-compat/rmd160.h (props changed) > stable/10/crypto/openssh/openbsd-compat/sha1.c (props changed) > stable/10/crypto/openssh/openbsd-compat/sha1.h (props changed) > stable/10/crypto/openssh/regress/cfgparse.sh (props changed) > stable/10/crypto/openssh/regress/limit-keytype.sh (props changed) > stable/10/crypto/openssh/regress/multipubkey.sh (props changed) > stable/10/crypto/openssh/regress/valgrind-unit.sh (props changed) > stable/10/crypto/openssh/ssh_api.c (props changed) > stable/10/crypto/openssh/ssh_api.h (props changed) > Deleted: > stable/10/crypto/openssh/compress.c > stable/10/crypto/openssh/compress.h > stable/10/crypto/openssh/contrib/caldera/ > stable/10/crypto/openssh/moduli.0 > stable/10/crypto/openssh/scp.0 > stable/10/crypto/openssh/sftp-server.0 > stable/10/crypto/openssh/sftp.0 > stable/10/crypto/openssh/ssh-add.0 > stable/10/crypto/openssh/ssh-agent.0 > stable/10/crypto/openssh/ssh-keygen.0 > stable/10/crypto/openssh/ssh-keyscan.0 > stable/10/crypto/openssh/ssh-keysign.0 > stable/10/crypto/openssh/ssh-pkcs11-helper.0 > stable/10/crypto/openssh/ssh.0 > stable/10/crypto/openssh/ssh_config.0 > stable/10/crypto/openssh/sshd.0 > stable/10/crypto/openssh/sshd_config.0 > Modified: > stable/10/crypto/openssh/ChangeLog > stable/10/crypto/openssh/FREEBSD-upgrade > stable/10/crypto/openssh/INSTALL > stable/10/crypto/openssh/Makefile.in > stable/10/crypto/openssh/OVERVIEW > stable/10/crypto/openssh/PROTOCOL > stable/10/crypto/openssh/PROTOCOL.agent > stable/10/crypto/openssh/PROTOCOL.krl > stable/10/crypto/openssh/PROTOCOL.mux > stable/10/crypto/openssh/README > stable/10/crypto/openssh/addrmatch.c > stable/10/crypto/openssh/atomicio.c > stable/10/crypto/openssh/auth-bsdauth.c > stable/10/crypto/openssh/auth-chall.c > stable/10/crypto/openssh/auth-krb5.c (contents, props changed) > stable/10/crypto/openssh/auth-options.c > stable/10/crypto/openssh/auth-options.h > stable/10/crypto/openssh/auth-pam.c > stable/10/crypto/openssh/auth-passwd.c > stable/10/crypto/openssh/auth-rh-rsa.c > stable/10/crypto/openssh/auth-rhosts.c > stable/10/crypto/openssh/auth-rsa.c > stable/10/crypto/openssh/auth.c > stable/10/crypto/openssh/auth.h > stable/10/crypto/openssh/auth1.c > stable/10/crypto/openssh/auth2-chall.c > stable/10/crypto/openssh/auth2-gss.c > stable/10/crypto/openssh/auth2-hostbased.c > stable/10/crypto/openssh/auth2-kbdint.c > stable/10/crypto/openssh/auth2-none.c > stable/10/crypto/openssh/auth2-passwd.c > stable/10/crypto/openssh/auth2-pubkey.c > stable/10/crypto/openssh/auth2.c > stable/10/crypto/openssh/authfd.c > stable/10/crypto/openssh/authfd.h > stable/10/crypto/openssh/authfile.c > stable/10/crypto/openssh/authfile.h > stable/10/crypto/openssh/bufaux.c > stable/10/crypto/openssh/bufbn.c > stable/10/crypto/openssh/bufec.c > stable/10/crypto/openssh/buffer.c > stable/10/crypto/openssh/buffer.h > stable/10/crypto/openssh/canohost.c > stable/10/crypto/openssh/chacha.h > stable/10/crypto/openssh/channels.c > stable/10/crypto/openssh/channels.h > stable/10/crypto/openssh/cipher-3des1.c > stable/10/crypto/openssh/cipher-bf1.c > stable/10/crypto/openssh/cipher-chachapoly.c > stable/10/crypto/openssh/cipher-chachapoly.h > stable/10/crypto/openssh/cipher-ctr.c > stable/10/crypto/openssh/cipher.c > stable/10/crypto/openssh/cipher.h > stable/10/crypto/openssh/clientloop.c > stable/10/crypto/openssh/compat.c > stable/10/crypto/openssh/compat.h > stable/10/crypto/openssh/config.guess > stable/10/crypto/openssh/config.h > stable/10/crypto/openssh/configure.ac > stable/10/crypto/openssh/contrib/Makefile > stable/10/crypto/openssh/contrib/README > stable/10/crypto/openssh/contrib/cygwin/README > stable/10/crypto/openssh/contrib/cygwin/ssh-host-config > stable/10/crypto/openssh/contrib/cygwin/ssh-user-config > stable/10/crypto/openssh/contrib/redhat/openssh.spec > stable/10/crypto/openssh/contrib/suse/openssh.spec > stable/10/crypto/openssh/deattack.c > stable/10/crypto/openssh/deattack.h > stable/10/crypto/openssh/defines.h > stable/10/crypto/openssh/dh.c > stable/10/crypto/openssh/dh.h > stable/10/crypto/openssh/digest-libc.c > stable/10/crypto/openssh/digest-openssl.c > stable/10/crypto/openssh/digest.h > stable/10/crypto/openssh/dispatch.c > stable/10/crypto/openssh/dispatch.h > stable/10/crypto/openssh/dns.c > stable/10/crypto/openssh/dns.h > stable/10/crypto/openssh/entropy.c > stable/10/crypto/openssh/ge25519.h > stable/10/crypto/openssh/groupaccess.c > stable/10/crypto/openssh/gss-genr.c > stable/10/crypto/openssh/gss-serv-krb5.c > stable/10/crypto/openssh/gss-serv.c > stable/10/crypto/openssh/hmac.c > stable/10/crypto/openssh/hmac.h > stable/10/crypto/openssh/hostfile.c > stable/10/crypto/openssh/hostfile.h > stable/10/crypto/openssh/includes.h > stable/10/crypto/openssh/kex.c > stable/10/crypto/openssh/kex.h > stable/10/crypto/openssh/kexc25519.c > stable/10/crypto/openssh/kexc25519c.c > stable/10/crypto/openssh/kexc25519s.c > stable/10/crypto/openssh/kexdh.c > stable/10/crypto/openssh/kexdhc.c > stable/10/crypto/openssh/kexdhs.c > stable/10/crypto/openssh/kexecdh.c > stable/10/crypto/openssh/kexecdhc.c > stable/10/crypto/openssh/kexecdhs.c > stable/10/crypto/openssh/kexgex.c > stable/10/crypto/openssh/kexgexc.c > stable/10/crypto/openssh/kexgexs.c > stable/10/crypto/openssh/key.c > stable/10/crypto/openssh/key.h > stable/10/crypto/openssh/krl.c > stable/10/crypto/openssh/krl.h > stable/10/crypto/openssh/log.c > stable/10/crypto/openssh/loginrec.c > stable/10/crypto/openssh/mac.c > stable/10/crypto/openssh/mac.h > stable/10/crypto/openssh/match.c > stable/10/crypto/openssh/match.h > stable/10/crypto/openssh/misc.c > stable/10/crypto/openssh/misc.h > stable/10/crypto/openssh/moduli > stable/10/crypto/openssh/moduli.c > stable/10/crypto/openssh/monitor.c > stable/10/crypto/openssh/monitor.h > stable/10/crypto/openssh/monitor_fdpass.c > stable/10/crypto/openssh/monitor_mm.c > stable/10/crypto/openssh/monitor_wrap.c > stable/10/crypto/openssh/monitor_wrap.h > stable/10/crypto/openssh/msg.c > stable/10/crypto/openssh/msg.h > stable/10/crypto/openssh/mux.c > stable/10/crypto/openssh/myproposal.h > stable/10/crypto/openssh/openbsd-compat/Makefile.in > stable/10/crypto/openssh/openbsd-compat/arc4random.c > stable/10/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c > stable/10/crypto/openssh/openbsd-compat/bsd-cygwin_util.c > stable/10/crypto/openssh/openbsd-compat/bsd-cygwin_util.h > stable/10/crypto/openssh/openbsd-compat/bsd-misc.c > stable/10/crypto/openssh/openbsd-compat/bsd-misc.h > stable/10/crypto/openssh/openbsd-compat/bsd-snprintf.c > stable/10/crypto/openssh/openbsd-compat/explicit_bzero.c > stable/10/crypto/openssh/openbsd-compat/fake-rfc2553.h > stable/10/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c > stable/10/crypto/openssh/openbsd-compat/openbsd-compat.h > stable/10/crypto/openssh/openbsd-compat/openssl-compat.c > stable/10/crypto/openssh/openbsd-compat/openssl-compat.h > stable/10/crypto/openssh/openbsd-compat/port-linux.c > stable/10/crypto/openssh/openbsd-compat/port-tun.c > stable/10/crypto/openssh/openbsd-compat/port-uw.c > stable/10/crypto/openssh/openbsd-compat/readpassphrase.c > stable/10/crypto/openssh/openbsd-compat/realpath.c > stable/10/crypto/openssh/openbsd-compat/regress/Makefile.in > stable/10/crypto/openssh/openbsd-compat/sha2.c > stable/10/crypto/openssh/openbsd-compat/sha2.h > stable/10/crypto/openssh/openbsd-compat/xcrypt.c > stable/10/crypto/openssh/opensshd.init.in > stable/10/crypto/openssh/packet.c > stable/10/crypto/openssh/packet.h > stable/10/crypto/openssh/platform.c > stable/10/crypto/openssh/poly1305.h > stable/10/crypto/openssh/progressmeter.c > stable/10/crypto/openssh/progressmeter.h > stable/10/crypto/openssh/readconf.c > stable/10/crypto/openssh/readconf.h > stable/10/crypto/openssh/regress/Makefile > stable/10/crypto/openssh/regress/README.regress > stable/10/crypto/openssh/regress/agent-pkcs11.sh > stable/10/crypto/openssh/regress/agent-timeout.sh > stable/10/crypto/openssh/regress/agent.sh > stable/10/crypto/openssh/regress/broken-pipe.sh > stable/10/crypto/openssh/regress/cert-hostkey.sh > stable/10/crypto/openssh/regress/cert-userkey.sh > stable/10/crypto/openssh/regress/cfgmatch.sh > stable/10/crypto/openssh/regress/cipher-speed.sh > stable/10/crypto/openssh/regress/connect-privsep.sh > stable/10/crypto/openssh/regress/connect.sh > stable/10/crypto/openssh/regress/dhgex.sh > stable/10/crypto/openssh/regress/dynamic-forward.sh > stable/10/crypto/openssh/regress/exit-status.sh > stable/10/crypto/openssh/regress/forcecommand.sh > stable/10/crypto/openssh/regress/forward-control.sh > stable/10/crypto/openssh/regress/forwarding.sh > stable/10/crypto/openssh/regress/host-expand.sh > stable/10/crypto/openssh/regress/integrity.sh > stable/10/crypto/openssh/regress/kextype.sh > stable/10/crypto/openssh/regress/key-options.sh > stable/10/crypto/openssh/regress/keygen-change.sh > stable/10/crypto/openssh/regress/keys-command.sh > stable/10/crypto/openssh/regress/keyscan.sh > stable/10/crypto/openssh/regress/keytype.sh > stable/10/crypto/openssh/regress/krl.sh > stable/10/crypto/openssh/regress/localcommand.sh > stable/10/crypto/openssh/regress/login-timeout.sh > stable/10/crypto/openssh/regress/multiplex.sh > stable/10/crypto/openssh/regress/proto-mismatch.sh > stable/10/crypto/openssh/regress/proto-version.sh > stable/10/crypto/openssh/regress/proxy-connect.sh > stable/10/crypto/openssh/regress/reconfigure.sh > stable/10/crypto/openssh/regress/reexec.sh > stable/10/crypto/openssh/regress/rekey.sh > stable/10/crypto/openssh/regress/ssh-com.sh > stable/10/crypto/openssh/regress/ssh2putty.sh > stable/10/crypto/openssh/regress/sshd-log-wrapper.sh > stable/10/crypto/openssh/regress/stderr-data.sh > stable/10/crypto/openssh/regress/t4.ok > stable/10/crypto/openssh/regress/test-exec.sh > stable/10/crypto/openssh/regress/transfer.sh > stable/10/crypto/openssh/regress/try-ciphers.sh > stable/10/crypto/openssh/regress/unittests/Makefile > stable/10/crypto/openssh/regress/unittests/Makefile.inc > stable/10/crypto/openssh/regress/unittests/hostkeys/test_iterate.c (contents, props changed) > stable/10/crypto/openssh/regress/unittests/kex/test_kex.c (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c > stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c > stable/10/crypto/openssh/regress/unittests/sshkey/common.c > stable/10/crypto/openssh/regress/unittests/sshkey/mktestdata.sh > stable/10/crypto/openssh/regress/unittests/sshkey/test_file.c > stable/10/crypto/openssh/regress/unittests/sshkey/test_fuzz.c > stable/10/crypto/openssh/regress/unittests/sshkey/test_sshkey.c > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.g > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.priv > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.priv > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.priv > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.param.n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.param.n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1-cert.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1-cert.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.p > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.q > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1_pw > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2 > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.fp > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.fp.bb > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.p > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.q > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.pub (contents, props changed) > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_n > stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_n_pw > stable/10/crypto/openssh/regress/unittests/test_helper/Makefile > stable/10/crypto/openssh/regress/unittests/test_helper/fuzz.c > stable/10/crypto/openssh/regress/unittests/test_helper/test_helper.c > stable/10/crypto/openssh/regress/unittests/test_helper/test_helper.h > stable/10/crypto/openssh/regress/yes-head.sh > stable/10/crypto/openssh/rijndael.c > stable/10/crypto/openssh/rijndael.h > stable/10/crypto/openssh/roaming_client.c > stable/10/crypto/openssh/roaming_common.c > stable/10/crypto/openssh/roaming_dummy.c > stable/10/crypto/openssh/rsa.c > stable/10/crypto/openssh/rsa.h > stable/10/crypto/openssh/sandbox-seccomp-filter.c > stable/10/crypto/openssh/sandbox-systrace.c > stable/10/crypto/openssh/scp.1 > stable/10/crypto/openssh/scp.c > stable/10/crypto/openssh/servconf.c > stable/10/crypto/openssh/servconf.h > stable/10/crypto/openssh/serverloop.c > stable/10/crypto/openssh/session.c > stable/10/crypto/openssh/sftp-client.c > stable/10/crypto/openssh/sftp-client.h > stable/10/crypto/openssh/sftp-common.c > stable/10/crypto/openssh/sftp-common.h > stable/10/crypto/openssh/sftp-glob.c > stable/10/crypto/openssh/sftp-server.8 > stable/10/crypto/openssh/sftp-server.c > stable/10/crypto/openssh/sftp.1 > stable/10/crypto/openssh/sftp.c > stable/10/crypto/openssh/ssh-add.1 > stable/10/crypto/openssh/ssh-add.c > stable/10/crypto/openssh/ssh-agent.1 > stable/10/crypto/openssh/ssh-agent.c > stable/10/crypto/openssh/ssh-dss.c > stable/10/crypto/openssh/ssh-ecdsa.c > stable/10/crypto/openssh/ssh-ed25519.c > stable/10/crypto/openssh/ssh-keygen.1 > stable/10/crypto/openssh/ssh-keygen.c > stable/10/crypto/openssh/ssh-keyscan.1 > stable/10/crypto/openssh/ssh-keyscan.c > stable/10/crypto/openssh/ssh-keysign.c > stable/10/crypto/openssh/ssh-pkcs11-client.c > stable/10/crypto/openssh/ssh-pkcs11-helper.c > stable/10/crypto/openssh/ssh-pkcs11.c > stable/10/crypto/openssh/ssh-pkcs11.h > stable/10/crypto/openssh/ssh-rsa.c > stable/10/crypto/openssh/ssh.1 > stable/10/crypto/openssh/ssh.c > stable/10/crypto/openssh/ssh.h > stable/10/crypto/openssh/ssh_config > stable/10/crypto/openssh/ssh_config.5 > stable/10/crypto/openssh/ssh_namespace.h > stable/10/crypto/openssh/sshconnect.c > stable/10/crypto/openssh/sshconnect1.c > stable/10/crypto/openssh/sshconnect2.c > stable/10/crypto/openssh/sshd.8 > stable/10/crypto/openssh/sshd.c > stable/10/crypto/openssh/sshd_config > stable/10/crypto/openssh/sshd_config.5 > stable/10/crypto/openssh/sshlogin.c > stable/10/crypto/openssh/sshpty.c > stable/10/crypto/openssh/uidswap.c > stable/10/crypto/openssh/umac.c > stable/10/crypto/openssh/uuencode.c > stable/10/crypto/openssh/version.h > stable/10/crypto/openssh/xmalloc.c > stable/10/crypto/openssh/xmalloc.h > stable/10/lib/libpam/modules/pam_ssh/pam_ssh.c > stable/10/secure/lib/libssh/Makefile > stable/10/secure/usr.sbin/sshd/Makefile > Directory Properties: > stable/10/ (props changed) > stable/10/crypto/openssh/ (props changed) > stable/10/crypto/openssh/openbsd-compat/ (props changed) > stable/10/crypto/openssh/openbsd-compat/regress/ (props changed) > stable/10/crypto/openssh/regress/unittests/bitmap/Makefile (props changed) > stable/10/crypto/openssh/regress/unittests/bitmap/tests.c (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/Makefile (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/mktestdata.sh (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_1.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_2.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_3.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_4.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_5.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_6.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_1.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_2.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_3.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_4.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_5.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_6.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_1.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_2.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_3.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_4.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_5.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_6.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_1.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_2.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_3.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_4.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_5.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_6.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_1.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_2.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_3.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_4.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_5.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_6.pub (props changed) > stable/10/crypto/openssh/regress/unittests/hostkeys/tests.c (props changed) > stable/10/crypto/openssh/regress/unittests/kex/Makefile (props changed) > stable/10/crypto/openssh/regress/unittests/kex/tests.c (props changed) > > Copied: stable/10/crypto/openssh/.cvsignore (from r294332, head/crypto/openssh/.cvsignore) > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ stable/10/crypto/openssh/.cvsignore Sun Feb 7 11:38:54 2016 (r295367, copy of r294332, head/crypto/openssh/.cvsignore) > @@ -0,0 +1,28 @@ > +*.0 > +*.out > +Makefile > +autom4te.cache > +buildit.sh > +buildpkg.sh > +config.cache > +config.h > +config.h.in > +config.log > +config.status > +configure > +openssh.xml > +opensshd.init > +scp > +sftp > +sftp-server > +ssh > +ssh-add > +ssh-agent > +ssh-keygen > +ssh-keyscan > +ssh-keysign > +ssh-pkcs11-helper > +sshd > +stamp-h.in > +survey > +survey.sh > > Modified: stable/10/crypto/openssh/ChangeLog > ============================================================================== > --- stable/10/crypto/openssh/ChangeLog Sun Feb 7 09:51:22 2016 (r295366) > +++ stable/10/crypto/openssh/ChangeLog Sun Feb 7 11:38:54 2016 (r295367) > @@ -1,2887 +1,7615 @@ > -20140313 > - - (djm) Release OpenSSH 6.6 > - > -20140304 > - - OpenBSD CVS Sync > - - djm@cvs.openbsd.org 2014/03/03 22:22:30 > - [session.c] > - ignore enviornment variables with embedded '=' or '\0' characters; > - spotted by Jann Horn; ok deraadt@ > - > -20140301 > - - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when > - no moduli file exists at the expected location. > - > -20140228 > - - OpenBSD CVS Sync > - - djm@cvs.openbsd.org 2014/02/27 00:41:49 > - [bufbn.c] > - fix unsigned overflow that could lead to reading a short ssh protocol > - 1 bignum value; found by Ben Hawkes; ok deraadt@ > - - djm@cvs.openbsd.org 2014/02/27 08:25:09 > - [bufbn.c] > - off by one in range check > - - djm@cvs.openbsd.org 2014/02/27 22:47:07 > - [sshd_config.5] > - bz#2184 clarify behaviour of a keyword that appears in multiple > - matching Match blocks; ok dtucker@ > - - djm@cvs.openbsd.org 2014/02/27 22:57:40 > - [version.h] > - openssh-6.6 > - - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 > - [regress/sftp-chroot.sh] > - Don't use -q on sftp as it suppresses logging, instead redirect the > - output to the regress logfile. > - - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 > - [sregress/ftp-chroot.sh] > - append to rather than truncating the log file > - - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 > - [regress/Makefile regress/dhgex.sh] > - Add a test for DH GEX sizes > - - djm@cvs.openbsd.org 2014/01/26 10:22:10 > - [regress/cert-hostkey.sh] > - automatically generate revoked keys from listed keys rather than > - manually specifying each type; from portable > - (Id sync only) > - - djm@cvs.openbsd.org 2014/01/26 10:49:17 > - [scp-ssh-wrapper.sh scp.sh] > - make sure $SCP is tested on the remote end rather than whichever one > - happens to be in $PATH; from portable > - (Id sync only) > - - djm@cvs.openbsd.org 2014/02/27 20:04:16 > - [login-timeout.sh] > - remove any existing LoginGraceTime from sshd_config before adding > - a specific one for the test back in > - - djm@cvs.openbsd.org 2014/02/27 21:21:25 > - [agent-ptrace.sh agent.sh] > - keep return values that are printed in error messages; > - from portable > - (Id sync only) > - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] > - [contrib/suse/openssh.spec] Crank version numbers > - - (djm) [regress/host-expand.sh] Add RCS Id > - > -20140227 > - - OpenBSD CVS Sync > - - djm@cvs.openbsd.org 2014/02/26 20:18:37 > - [ssh.c] > - bz#2205: avoid early hostname lookups unless canonicalisation is enabled; > - ok dtucker@ markus@ > - - djm@cvs.openbsd.org 2014/02/26 20:28:44 > - [auth2-gss.c gss-serv.c ssh-gss.h sshd.c] > - bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep > - sandboxing, as running this code in the sandbox can cause violations; > - ok markus@ > - - djm@cvs.openbsd.org 2014/02/26 20:29:29 > - [channels.c] > - don't assume that the socks4 username is \0 terminated; > - spotted by Ben Hawkes; ok markus@ > - - markus@cvs.openbsd.org 2014/02/26 21:53:37 > - [sshd.c] > - ssh_gssapi_prepare_supported_oids needs GSSAPI > - > -20140224 > - - OpenBSD CVS Sync > - - djm@cvs.openbsd.org 2014/02/07 06:55:54 > - [cipher.c mac.c] > - remove some logging that makes ssh debugging output very verbose; > - ok markus > - - djm@cvs.openbsd.org 2014/02/15 23:05:36 > - [channels.c] > - avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; > - bz#2200, debian#738692 via Colin Watson; ok dtucker@ > - - djm@cvs.openbsd.org 2014/02/22 01:32:19 > - [readconf.c] > - when processing Match blocks, skip 'exec' clauses if previous predicates > - failed to match; ok markus@ > - - djm@cvs.openbsd.org 2014/02/23 20:03:42 > - [ssh-ed25519.c] > - check for unsigned overflow; not reachable in OpenSSH but others might > - copy our code... > - - djm@cvs.openbsd.org 2014/02/23 20:11:36 > - [readconf.c readconf.h ssh.c ssh_config.5] > - reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes > - the hostname. This allows users to write configurations that always > - refer to canonical hostnames, e.g. > - > - CanonicalizeHostname yes > - CanonicalDomains int.example.org example.org > - CanonicalizeFallbackLocal no > - > - Host *.int.example.org > - Compression off > - Host *.example.org > - User djm > - > - ok markus@ > +commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443 > +Author: Damien Miller <djm@mindrot.org> > +Date: Thu Jan 14 11:08:19 2016 +1100 > + > + bump version numbers > + > +commit 302bc21e6fadacb04b665868cd69b625ef69df90 > +Author: Damien Miller <djm@mindrot.org> > +Date: Thu Jan 14 11:04:04 2016 +1100 > + > + openssh-7.1p2 > + > +commit 6b33763242c063e4e0593877e835eeb1fd1b60aa > +Author: Damien Miller <djm@mindrot.org> > +Date: Thu Jan 14 11:02:58 2016 +1100 > + > + forcibly disable roaming support in the client > + > +commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Mon Oct 5 17:11:21 2015 +0000 > + > + upstream commit > + > + some more bzero->explicit_bzero, from Michael McConville > + > + Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 > + > +commit 8f5b93026797b9f7fba90d0c717570421ccebbd3 > +Author: guenther@openbsd.org <guenther@openbsd.org> > +Date: Fri Sep 11 08:50:04 2015 +0000 > + > + upstream commit > + > + Use explicit_bzero() when zeroing before free() > + > + from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) > + ok millert@ djm@ > + > + Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50 > + > +commit d77148e3a3ef6c29b26ec74331455394581aa257 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Sun Nov 8 21:59:11 2015 +0000 > + > + upstream commit > + > + fix OOB read in packet code caused by missing return > + statement found by Ben Hawkes; ok markus@ deraadt@ > + > + Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 > + > +commit 076d849e17ab12603627f87b301e2dca71bae518 > +Author: Damien Miller <djm@mindrot.org> > +Date: Sat Nov 14 18:44:49 2015 +1100 > + > + read back from libcrypto RAND when privdropping > + > + makes certain libcrypto implementations cache a /dev/urandom fd > + in preparation of sandboxing. Based on patch by Greg Hartman. > + > +commit f72adc0150011a28f177617a8456e1f83733099d > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Sun Dec 13 22:42:23 2015 +0000 > + > + upstream commit > + > + unbreak connections with peers that set > + first_kex_follows; fix from Matt Johnston va bz#2515 > + > + Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b > + > +commit 04bd8d019ccd906cac1a2b362517b8505f3759e6 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Tue Jan 12 23:42:54 2016 +0000 > + > + upstream commit > + > + use explicit_bzero() more liberally in the buffer code; ok > + deraadt > + > + Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf > + > +commit e91346dc2bbf460246df2ab591b7613908c1b0ad > +Author: Damien Miller <djm@mindrot.org> > +Date: Fri Aug 21 14:49:03 2015 +1000 > + > + we don't use Github for issues/pull-requests > + > +commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23 > +Author: Damien Miller <djm@mindrot.org> > +Date: Fri Aug 21 14:43:55 2015 +1000 > + > + fix URL for connect.c > + > +commit d026a8d3da0f8186598442997c7d0a28e7275414 > +Author: Damien Miller <djm@mindrot.org> > +Date: Fri Aug 21 13:47:10 2015 +1000 > + > + update version numbers for 7.1 > + > +commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Aug 21 03:45:26 2015 +0000 > + > + upstream commit > + > + openssh-7.1 > + > + Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f > + > +commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Aug 21 03:42:19 2015 +0000 > + > + upstream commit > + > + fix inverted logic that broke PermitRootLogin; reported > + by Mantas Mikulenas; ok markus@ > + > + Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5 > + > +commit ce445b0ed927e45bd5bdce8f836eb353998dd65c > +Author: deraadt@openbsd.org <deraadt@openbsd.org> > +Date: Thu Aug 20 22:32:42 2015 +0000 > + > + upstream commit > + > + Do not cast result of malloc/calloc/realloc* if stdlib.h > + is in scope ok krw millert > + > + Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667 > + > +commit 05291e5288704d1a98bacda269eb5a0153599146 > +Author: naddy@openbsd.org <naddy@openbsd.org> > +Date: Thu Aug 20 19:20:06 2015 +0000 > + > + upstream commit > + > + In the certificates section, be consistent about using > + "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ > + > + Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb > + > +commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Aug 19 23:21:42 2015 +0000 > + > + upstream commit > + > + Better compat matching for WinSCP, add compat matching > + for FuTTY (fork of PuTTY); ok markus@ deraadt@ > + > + Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389 > + > +commit ec6eda16ebab771aa3dfc90629b41953b999cb1e > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Aug 19 23:19:01 2015 +0000 > + > + upstream commit > + > + fix double-free() in error path of DSA key generation > + reported by Mateusz Kocielski; ok markus@ > + > + Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c > + > +commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Aug 19 23:18:26 2015 +0000 > + > + upstream commit > + > + fix free() of uninitialised pointer reported by Mateusz > + Kocielski; ok markus@ > + > + Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663 > + > +commit c837643b93509a3ef538cb6624b678c5fe32ff79 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Aug 19 23:17:51 2015 +0000 > + > + upstream commit > + > + fixed unlink([uninitialised memory]) reported by Mateusz > + Kocielski; ok markus@ > + > + Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109 > + > +commit 1f8d3d629cd553031021068eb9c646a5f1e50994 > +Author: jmc@openbsd.org <jmc@openbsd.org> > +Date: Fri Aug 14 15:32:41 2015 +0000 > + > + upstream commit > + > + match myproposal.h order; from brian conway (i snuck in a > + tweak while here) > + > + ok dtucker > + > + Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67 > + > +commit 1dc8d93ce69d6565747eb44446ed117187621b26 > +Author: deraadt@openbsd.org <deraadt@openbsd.org> > +Date: Thu Aug 6 14:53:21 2015 +0000 > + > + upstream commit > + > + add prohibit-password as a synonymn for without-password, > + since the without-password is causing too many questions. Harden it to ban > + all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from > + djm, ok markus > + > + Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a > + > +commit 90a95a4745a531b62b81ce3b025e892bdc434de5 > +Author: Damien Miller <djm@mindrot.org> > +Date: Tue Aug 11 13:53:41 2015 +1000 > + > + update version in README > + > +commit 318c37743534b58124f1bab37a8a0087a3a9bd2f > +Author: Damien Miller <djm@mindrot.org> > +Date: Tue Aug 11 13:53:09 2015 +1000 > + > + update versions in *.spec > + > +commit 5e75f5198769056089fb06c4d738ab0e5abc66f7 > +Author: Damien Miller <djm@mindrot.org> > +Date: Tue Aug 11 13:34:12 2015 +1000 > + > + set sshpam_ctxt to NULL after free > + > + Avoids use-after-free in monitor when privsep child is compromised. > + Reported by Moritz Jodeit; ok dtucker@ > + > +commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b > +Author: Damien Miller <djm@mindrot.org> > +Date: Tue Aug 11 13:33:24 2015 +1000 > + > + Don't resend username to PAM; it already has it. > + > + Pointed out by Moritz Jodeit; ok dtucker@ > + > +commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca > +Author: Darren Tucker <dtucker@zip.com.au> > +Date: Mon Jul 27 12:14:25 2015 +1000 > + > + Import updated moduli file from OpenBSD. > + > +commit 55b263fb7cfeacb81aaf1c2036e0394c881637da > +Author: Damien Miller <djm@mindrot.org> > +Date: Mon Aug 10 11:13:44 2015 +1000 > + > + let principals-command.sh work for noexec /var/run > + > +commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897 > +Author: Damien Miller <djm@mindrot.org> > +Date: Thu Aug 6 11:43:42 2015 +1000 > + > + work around echo -n / sed behaviour in tests > + > +commit d85dad81778c1aa8106acd46930b25fdf0d15b2a > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Aug 5 05:27:33 2015 +0000 > + > + upstream commit > + > + adjust for RSA minimum modulus switch; ok deraadt@ > + > + Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae > + > +commit 57e8e229bad5fe6056b5f1199665f5f7008192c6 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Tue Aug 4 05:23:06 2015 +0000 > + > + upstream commit > + > + backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this > + release; problems spotted by sthen@ ok deraadt@ markus@ > + > + Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822 > + > +commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Sun Aug 2 09:56:42 2015 +0000 > + > + upstream commit > + > + openssh 7.0; ok deraadt@ > + > + Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f > + > +commit 3d5728a0f6874ce4efb16913a12963595070f3a9 > +Author: chris@openbsd.org <chris@openbsd.org> > +Date: Fri Jul 31 15:38:09 2015 +0000 > + > + upstream commit > + > + Allow PermitRootLogin to be overridden by config > + > + ok markus@ deeradt@ > + > + Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4 > + > +commit 6f941396b6835ad18018845f515b0c4fe20be21a > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Thu Jul 30 23:09:15 2015 +0000 > + > + upstream commit > + > + fix pty permissions; patch from Nikolay Edigaryev; ok > + deraadt > + > + Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550 > + > +commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0 > +Author: deraadt@openbsd.org <deraadt@openbsd.org> > +Date: Thu Jul 30 19:23:02 2015 +0000 > + > + upstream commit > + > + change default: PermitRootLogin without-password matching > + install script changes coming as well ok djm markus > + > + Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6 > + > +commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c > +Author: Damien Miller <djm@mindrot.org> > +Date: Thu Jul 30 12:31:39 2015 +1000 > + > + downgrade OOM adjustment logging: verbose -> debug > + > +commit f9eca249d4961f28ae4b09186d7dc91de74b5895 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Thu Jul 30 00:01:34 2015 +0000 > + > + upstream commit > + > + Allow ssh_config and sshd_config kex parameters options be > + prefixed by a '+' to indicate that the specified items be appended to the > + default rather than replacing it. > + > + approach suggested by dtucker@, feedback dlg@, ok markus@ > + > + Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a > + > +commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 29 08:34:54 2015 +0000 > + > + upstream commit > + > + fix bug in previous; was printing incorrect string for > + failed host key algorithms negotiation > + > + Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e > + > +commit f319912b0d0e1675b8bb051ed8213792c788bcb2 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 29 04:43:06 2015 +0000 > + > + upstream commit > + > + include the peer's offer when logging a failure to > + negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@ > + > + Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796 > + > +commit b6ea0e573042eb85d84defb19227c89eb74cf05a > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Tue Jul 28 23:20:42 2015 +0000 > + > + upstream commit > + > + add Cisco to the list of clients that choke on the > + hostkeys update extension. Pointed out by Howard Kash > + > + Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84 > + > +commit 3f628c7b537291c1019ce86af90756fb4e66d0fd > +Author: guenther@openbsd.org <guenther@openbsd.org> > +Date: Mon Jul 27 16:29:23 2015 +0000 > + > + upstream commit > + > + Permit kbind(2) use in the sandbox now, to ease testing > + of ld.so work using it > + > + reminded by miod@, ok deraadt@ > + > + Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413 > + > +commit ebe27ebe520098bbc0fe58945a87ce8490121edb > +Author: millert@openbsd.org <millert@openbsd.org> > +Date: Mon Jul 20 18:44:12 2015 +0000 > + > + upstream commit > + > + Move .Pp before .Bl, not after to quiet mandoc -Tlint. > + Noticed by jmc@ > + > + Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23 > + > +commit d5d91d0da819611167782c66ab629159169d94d4 > +Author: millert@openbsd.org <millert@openbsd.org> > +Date: Mon Jul 20 18:42:35 2015 +0000 > + > + upstream commit > + > + Sync usage with SYNOPSIS > + > + Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7 > + > +commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743 > +Author: millert@openbsd.org <millert@openbsd.org> > +Date: Mon Jul 20 15:39:52 2015 +0000 > + > + upstream commit > + > + Better desciption of Unix domain socket forwarding. > + bz#2423; ok jmc@ > + > + Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d > + > +commit d56fd1828074a4031b18b8faa0bf949669eb18a0 > +Author: Damien Miller <djm@mindrot.org> > +Date: Mon Jul 20 11:19:51 2015 +1000 > + > + make realpath.c compile -Wsign-compare clean > + > +commit c63c9a691dca26bb7648827f5a13668832948929 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Mon Jul 20 00:30:01 2015 +0000 > + > + upstream commit > + > + mention that the default of UseDNS=no implies that > + hostnames cannot be used for host matching in sshd_config and > + authorized_keys; bz#2045, ok dtucker@ > + > + Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1 > + > +commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Sat Jul 18 08:02:17 2015 +0000 > + > + upstream commit > + > + don't ignore PKCS#11 hosted keys that return empty > + CKA_ID; patch by Jakub Jelen via bz#2429; ok markus > + > + Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485 > + > +commit b15fd989c8c62074397160147a8d5bc34b3f3c63 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Sat Jul 18 08:00:21 2015 +0000 > + > + upstream commit > + > + skip uninitialised PKCS#11 slots; patch from Jakub Jelen > + in bz#2427 ok markus@ > + > + Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29 > + > +commit 5b64f85bb811246c59ebab70aed331f26ba37b18 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Sat Jul 18 07:57:14 2015 +0000 > + > + upstream commit > + > + only query each keyboard-interactive device once per > + authentication request regardless of how many times it is listed; ok markus@ > + > + Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 > + > +commit cd7324d0667794eb5c236d8a4e0f236251babc2d > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 17 03:34:27 2015 +0000 > + > + upstream commit > + > + remove -u flag to diff (only used for error output) to make > + things easier for -portable > + > + Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548 > + > +commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 17 03:09:19 2015 +0000 > + > + upstream commit > + > + direct-streamlocal@openssh.com Unix domain foward > + messages do not contain a "reserved for future use" field and in fact, > + serverloop.c checks that there isn't one. Remove erroneous mention from > + PROTOCOL description. bz#2421 from Daniel Black > + > + Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac > + > +commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 17 03:04:27 2015 +0000 > + > + upstream commit > + > + describe magic for setting up Unix domain socket fowards > + via the mux channel; bz#2422 patch from Daniel Black > + > + Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861 > + > +commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc > +Author: Darren Tucker <dtucker@zip.com.au> > +Date: Fri Jul 17 12:52:34 2015 +1000 > + > + Check if realpath works on nonexistent files. > + > + On some platforms the native realpath doesn't work with non-existent > + files (this is actually specified in some versions of POSIX), however > + the sftp spec says its realpath with "canonicalize any given path name". > + On those platforms, use realpath from the compat library. > + > + In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines > + the realpath symbol to the checked version, so redefine ours to > + something else so we pick up the compat version we want. > + > + bz#2428, ok djm@ > + > +commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 17 02:47:45 2015 +0000 > + > + upstream commit > + > + fix incorrect test for SSH1 keys when compiled without SSH1 > + support > + > + Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451 > + > +commit df56a8035d429b2184ee94aaa7e580c1ff67f73a > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 15 08:00:11 2015 +0000 > + > + upstream commit > + > + fix NULL-deref when SSH1 reenabled > + > + Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295 > + > +commit 41e38c4d49dd60908484e6703316651333f16b93 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 15 07:19:50 2015 +0000 > + > + upstream commit > + > + regen RSA1 test keys; the last batch was missing their > + private parts > + > + Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a > + > +commit 5bf0933184cb622ca3f96d224bf3299fd2285acc > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Fri Jul 10 06:23:25 2015 +0000 > + > + upstream commit > + > + Adapt tests, now that DSA if off by default; use > + PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA. > + > + Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c > + > +commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Tue Jul 7 14:54:16 2015 +0000 > + > + upstream commit > + > + regen test data after mktestdata.sh changes > + > + Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4 > + > +commit 7c8c174c69f681d4910fa41c37646763692b28e2 > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Tue Jul 7 14:53:30 2015 +0000 > + > + upstream commit > + > + adapt tests to new minimum RSA size and default FP format > + > + Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e > + > +commit 6a977a4b68747ade189e43d302f33403fd4a47ac > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 3 04:39:23 2015 +0000 > + > + upstream commit > + > + legacy v00 certificates are gone; adapt and don't try to > + test them; "sure" markus@ dtucker@ > + > + Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12 > + > +commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 23:11:18 2015 +0000 > + > + upstream commit > + > + don't expect SSH v.1 in unittests > + > + Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397 > + > +commit 3c099845798a817cdde513c39074ec2063781f18 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Mon Jun 15 06:38:50 2015 +0000 > + > + upstream commit > + > + turn SSH1 back on to match src/usr.bin/ssh being tested > + > + Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333 > + > +commit b1dc2b33689668c75e95f873a42d5aea1f4af1db > +Author: dtucker@openbsd.org <dtucker@openbsd.org> > +Date: Mon Jul 13 04:57:14 2015 +0000 > + > + upstream commit > + > + Add "PuTTY_Local:" to the clients to which we do not > + offer DH-GEX. This was the string that was used for development versions > + prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately > + there are some extant products based on those versions. bx2424 from Jay > + Rouman, ok markus@ djm@ > + > + Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5 > + > +commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Fri Jul 10 06:21:53 2015 +0000 > + > + upstream commit > + > + Turn off DSA by default; add HostKeyAlgorithms to the > + server and PubkeyAcceptedKeyTypes to the client side, so it still can be > + tested or turned back on; feedback and ok djm@ > + > + Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21 > + > +commit 16db0a7ee9a87945cc594d13863cfcb86038db59 > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Thu Jul 9 09:49:46 2015 +0000 > + > + upstream commit > + > + re-enable ed25519-certs if compiled w/o openssl; ok djm > + > + Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49 > + > +commit c355bf306ac33de6545ce9dac22b84a194601e2f > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Wed Jul 8 20:24:02 2015 +0000 > + > + upstream commit > + > + no need to include the old buffer/key API > + > + Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b > + > +commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Wed Jul 8 19:09:25 2015 +0000 > + > + upstream commit > + > + typedefs for Cipher&CipherContext are unused > + > + Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7 > + > +commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0 > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Wed Jul 8 19:04:21 2015 +0000 > + > + upstream commit > + > + xmalloc.h is unused > + > + Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58 > + > +commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31 > +Author: markus@openbsd.org <markus@openbsd.org> > +Date: Wed Jul 8 19:01:15 2015 +0000 > + > + upstream commit > + > + compress.c is gone > + > + Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced > + > +commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 3 04:05:54 2015 +0000 > + > + upstream commit > + > + another SSH_RSA_MINIMUM_MODULUS_SIZE that needed > + cranking > + > + Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1 > + > +commit b1f383da5cd3cb921fc7776f17a14f44b8a31757 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 3 03:56:25 2015 +0000 > + > + upstream commit > + > + add an XXX reminder for getting correct key paths from > + sshd_config > + > + Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db > + > +commit 933935ce8d093996c34d7efa4d59113163080680 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 3 03:49:45 2015 +0000 > + > + upstream commit > + > + refuse to generate or accept RSA keys smaller than 1024 > + bits; feedback and ok dtucker@ > + > + Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba > + > +commit bdfd29f60b74f3e678297269dc6247a5699583c1 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 3 03:47:00 2015 +0000 > + > + upstream commit > + > + turn off 1024 bit diffie-hellman-group1-sha1 key > + exchange method (already off in server, this turns it off in the client by > + default too) ok dtucker@ > + > + Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa > + > +commit c28fc62d789d860c75e23a9fa9fb250eb2beca57 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Fri Jul 3 03:43:18 2015 +0000 > + > + upstream commit > + > + delete support for legacy v00 certificates; "sure" > + markus@ dtucker@ > + > + Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f > + > +commit 564d63e1b4a9637a209d42a9d49646781fc9caef > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 23:10:47 2015 +0000 > + > + upstream commit > + > + Compile-time disable SSH v.1 again > + > + Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af > + > +commit 868109b650504dd9bcccdb1f51d0906f967c20ff > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 02:39:06 2015 +0000 > + > + upstream commit > + > + twiddle PermitRootLogin back > + > + Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2 > + > +commit 7de4b03a6e4071d454b72927ffaf52949fa34545 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 02:32:17 2015 +0000 > + > + upstream commit > + > + twiddle; (this commit marks the openssh-6.9 release) > + > + Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234 > + > +commit 1bf477d3cdf1a864646d59820878783d42357a1d > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 02:26:31 2015 +0000 > + > + upstream commit > + > + better refuse ForwardX11Trusted=no connections attempted > + after ForwardX11Timeout expires; reported by Jann Horn > + > + Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21 > + > +commit 47aa7a0f8551b471fcae0447c1d78464f6dba869 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 01:56:13 2015 +0000 > + > + upstream commit > + > + put back default PermitRootLogin=no > + > + Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728 > + > +commit 984b064fe2a23733733262f88d2e1b2a1a501662 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 01:55:13 2015 +0000 > + > + upstream commit > + > + openssh-6.9 > + > + Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45 > + > +commit d921082ed670f516652eeba50705e1e9f6325346 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Wed Jul 1 01:55:00 2015 +0000 > + > + upstream commit > + > + reset default PermitRootLogin to 'yes' (momentarily, for > + release) > + > + Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24 > + > +commit 66295e0e1ba860e527f191b6325d2d77dec4dbce > +Author: Damien Miller <djm@mindrot.org> > +Date: Wed Jul 1 11:49:12 2015 +1000 > + > + crank version numbers for release > + > +commit 37035c07d4f26bb1fbe000d2acf78efdb008681d > +Author: Damien Miller <djm@mindrot.org> > +Date: Wed Jul 1 10:49:37 2015 +1000 > + > + s/--with-ssh1/--without-ssh1/ > + > +commit 629df770dbadc2accfbe1c81b3f31f876d0acd84 > +Author: djm@openbsd.org <djm@openbsd.org> > +Date: Tue Jun 30 05:25:07 2015 +0000 > + > + upstream commit > + > + fatal() when a remote window update causes the window > + value to overflow. Reported by Georg Wicherski, ok markus@ > + > + Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351 > + > +commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2 > +Author: djm@openbsd.org <djm@openbsd.org> > > *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** > _______________________________________________ > svn-src-stable-10@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 > To unsubscribe, send any mail to "svn-src-stable-10-unsubscribe@freebsd.org" > > -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56D46FAF.2010605>