The NetBSD Project

CVS log for pkgsrc/security/openssh/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / openssh

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.280 / (download) - annotate - [select for diffs], Mon Dec 18 15:38:34 2023 UTC (3 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, HEAD
Changes since 1.279: +2 -3 lines
Diff to previous 1.279 (colored) to selected 1.215 (colored)

openssh: update to 9.6p1.

Changes since OpenSSH 9.5
=========================

This release contains a number of security fixes, some small features
and bugfixes.

Security
========

This release contains fixes for a newly-discovered weakness in the
SSH transport protocol, a logic error relating to constrained PKCS#11
keys in ssh-agent(1) and countermeasures for programs that invoke
ssh(1) with user or hostnames containing invalid characters.

 * ssh(1), sshd(8): implement protocol extensions to thwart the
   so-called "Terrapin attack" discovered by Fabian B¤umer, Marcus
   Brinkmann and J¶rg Schwenk. This attack allows a MITM to effect a
   limited break of the integrity of the early encrypted SSH transport
   protocol by sending extra messages prior to the commencement of
   encryption, and deleting an equal number of consecutive messages
   immediately after encryption starts. A peer SSH client/server
   would not be able to detect that messages were deleted.

   While cryptographically novel, the security impact of this attack
   is fortunately very limited as it only allows deletion of
   consecutive messages, and deleting most messages at this stage of
   the protocol prevents user user authentication from proceeding and
   results in a stuck connection.

   The most serious identified impact is that it lets a MITM to
   delete the SSH2_MSG_EXT_INFO message sent before authentication
   starts, allowing the attacker to disable a subset of the keystroke
   timing obfuscation features introduced in OpenSSH 9.5. There is no
   other discernable impact to session secrecy or session integrity.

   OpenSSH 9.6 addresses this protocol weakness through a new "strict
   KEX" protocol extension that will be automatically enabled when
   both the client and server support it. This extension makes
   two changes to the SSH transport protocol to improve the integrity
   of the initial key exchange.

   Firstly, it requires endpoints to terminate the connection if any
   unnecessary or unexpected message is received during key exchange
   (including messages that were previously legal but not strictly
   required like SSH2_MSG_DEBUG). This removes most malleability from
   the early protocol.

   Secondly, it resets the Message Authentication Code counter at the
   conclusion of each key exchange, preventing previously inserted
   messages from being able to make persistent changes to the
   sequence number across completion of a key exchange. Either of
   these changes should be sufficient to thwart the Terrapin Attack.

   More details of these changes are in the PROTOCOL file in the
   OpenSSH source distribition.

 * ssh-agent(1): when adding PKCS#11-hosted private keys while
   specifying destination constraints, if the PKCS#11 token returned
   multiple keys then only the first key had the constraints applied.
   Use of regular private keys, FIDO tokens and unconstrained keys
   are unaffected.

 * ssh(1): if an invalid user or hostname that contained shell
   metacharacters was passed to ssh(1), and a ProxyCommand,
   LocalCommand directive or "match exec" predicate referenced the
   user or hostname via %u, %h or similar expansion token, then
   an attacker who could supply arbitrary user/hostnames to ssh(1)
   could potentially perform command injection depending on what
   quoting was present in the user-supplied ssh_config(5) directive.

   This situation could arise in the case of git submodules, where
   a repository could contain a submodule with shell characters in
   its user/hostname. Git does not ban shell metacharacters in user
   or host names when checking out repositories from untrusted
   sources.

   Although we believe it is the user's responsibility to ensure
   validity of arguments passed to ssh(1), especially across a
   security boundary such as the git example above, OpenSSH 9.6 now
   bans most shell metacharacters from user and hostnames supplied
   via the command-line. This countermeasure is not guaranteed to be
   effective in all situations, as it is infeasible for ssh(1) to
   universally filter shell metacharacters potentially relevant to
   user-supplied commands.

   User/hostnames provided via ssh_config(5) are not subject to these
   restrictions, allowing configurations that use strange names to
   continue to be used, under the assumption that the user knows what
   they are doing in their own configuration files.

Potentially incompatible changes
--------------------------------

 * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
   a TCP-like window mechanism that limits the amount of data that
   can be sent without acceptance from the peer. In cases where this
   limit was exceeded by a non-conforming peer SSH implementation,
   ssh(1)/sshd(8) previously discarded the extra data. From OpenSSH
   9.6, ssh(1)/sshd(8) will now terminate the connection if a peer
   exceeds the window limit by more than a small grace factor. This
   change should have no effect of SSH implementations that follow
   the specification.

New features
------------

 * ssh(1): add a %j token that expands to the configured ProxyJump
   hostname (or the empty string if this option is not being used)
   that can be used in a number of ssh_config(5) keywords. bz3610

 * ssh(1): add ChannelTimeout support to the client, mirroring the
   same option in the server and allowing ssh(1) to terminate
   quiescent channels.

 * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): add support for
   reading ED25519 private keys in PEM PKCS8 format. Previously
   only the OpenSSH private key format was supported.

 * ssh(1), sshd(8): introduce a protocol extension to allow
   renegotiation of acceptable signature algorithms for public key
   authentication after the server has learned the username being
   used for authentication. This allows varying sshd_config(5)
   PubkeyAcceptedAlgorithms in a "Match user" block.

 * ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
   specifying certificates when loading PKCS#11 keys. This allows the
   use of certificates backed by PKCS#11 private keys in all OpenSSH
   tools that support ssh-agent(1). Previously only ssh(1) supported
   this use-case.

Bugfixes
--------

 * ssh(1): when deciding whether to enable the keystroke timing
   obfuscation, enable it only if a channel with a TTY is active.

 * ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals
   before checking flags set in signal handler. Avoids potential
   race condition between signaling ssh to exit and polling. bz3531

 * ssh(1): when connecting to a destination with both the
   AddressFamily and CanonicalizeHostname directives in use,
   the AddressFamily directive could be ignored. bz5326

 * sftp(1): correct handling of the limits@openssh.com option when
   the server returned an unexpected message.

 * A number of fixes to the PuTTY and Dropbear regress/integration
   tests.

 * ssh(1): release GSS OIDs only at end of authentication, avoiding
   unnecessary init/cleanup cycles. bz2982

 * ssh_config(5): mention "none" is a valid argument to IdentityFile
   in the manual. bz3080

 * scp(1): improved debugging for paths from the server rejected for
   not matching the client's glob(3) pattern in old SCP/RCP protocol
   mode.

 * ssh-agent(1): refuse signing operations on destination-constrained
   keys if a previous session-bind operation has failed. This may
   prevent a fail-open situation in future if a user uses a mismatched
   ssh(1) client and ssh-agent(1) where the client supports a key type
   that the agent does not support.

Portability
-----------

 * Better identify unsupported and unstable compiler flags, such as
   -fzero-call-used-regs which has been unstable across a several
   clang releases.

 * A number of fixes to regression test reliability and log
   collection.

 * Update the OpenSSL dependency in the RPM specification.

 * sshd(8): for OpenSolaris systems that support privilege limitation
   via the getpflags() interface, prefer using the newer PRIV_XPOLICY
   to PRIV_LIMIT. bz2833

Revision 1.279 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:53 2023 UTC (5 months ago) by wiz
Branch: MAIN
Changes since 1.278: +2 -1 lines
Diff to previous 1.278 (colored) to selected 1.215 (colored)

*: bump for openssl 3

Revision 1.278 / (download) - annotate - [select for diffs], Thu Oct 19 12:28:01 2023 UTC (5 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.277: +2 -2 lines
Diff to previous 1.277 (colored) to selected 1.215 (colored)

openssh: update to 9.5p1.

pkgsrc change: enable fido2 support by default, to match NetBSD base.

Changes since OpenSSH 9.4
=========================

This release fixes a number of bugs and adds some small features.

Potentially incompatible changes
--------------------------------

 * ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
   are very convenient due to their small size. Ed25519 keys are
   specified in RFC 8709 and OpenSSH has supported them since version 6.5
   (January 2014).

 * sshd(8): the Subsystem directive now accurately preserves quoting of
   subsystem commands and arguments. This may change behaviour for exotic
   configurations, but the most common subsystem configuration
   (sftp-server) is unlikely to be affected.

New features
------------

 * ssh(1): add keystroke timing obfuscation to the client. This attempts
   to hide inter-keystroke timings by sending interactive traffic at
   fixed intervals (default: every 20ms) when there is only a small
   amount of data being sent. It also sends fake "chaff" keystrokes for
   a random interval after the last real keystroke. These are
   controlled by a new ssh_config ObscureKeystrokeTiming keyword.

 * ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
   a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
   implement a ping capability. These messages use numbers in the "local
   extensions" number space and are advertised using a "ping@openssh.com"
   ext-info message with a string version number of "0".

 * sshd(8): allow override of Subsystem directives in sshd Match blocks.

Bugfixes
--------

 * scp(1): fix scp in SFTP mode recursive upload and download of
   directories that contain symlinks to other directories. In scp mode,
   the links would be followed, but in SFTP mode they were not. bz3611

 * ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
   sshsig signature files.

 * ssh(1): interactive mode for ControlPersist sessions if they
   originally requested a tty.

 * sshd(8): make PerSourceMaxStartups first-match-wins

 * sshd(8): limit artificial login delay to a reasonable maximum (5s)
   and don't delay at all for the "none" authentication mechanism.cw
    bz3602

 * sshd(8): Log errors in kex_exchange_identification() with level
   verbose instead of error to reduce preauth log spam. All of those
   get logged with a more generic error message by sshpkt_fatal().

 * sshd(8): correct math for ClientAliveInterval that caused the probes
    to be sent less frequently than configured.

 * ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
   multiplexed sessions to ignore SIGINT under some circumstances.

Changes since OpenSSH 9.3p2
===========================

This release fixes a number of bugs and adds some small features.

Potentially incompatible changes
--------------------------------

 * This release removes support for older versions of libcrypto.
   OpenSSH now requires LibreSSL >= 3.1.0 or OpenSSL >= 1.1.1.
   Note that these versions are already deprecated by their upstream
   vendors.

 * ssh-agent(1): PKCS#11 modules must now be specified by their full
   paths. Previously dlopen(3) could search for them in system
   library directories.

New features
------------

 * ssh(1): allow forwarding Unix Domain sockets via ssh -W.

 * ssh(1): add support for configuration tags to ssh(1).
   This adds a ssh_config(5) "Tag" directive and corresponding
   "Match tag" predicate that may be used to select blocks of
   configuration similar to the pf.conf(5) keywords of the same
   name.

 * ssh(1): add a "match localnetwork" predicate. This allows matching
   on the addresses of available network interfaces and may be used to
   vary the effective client configuration based on network location.

 * ssh(1), sshd(8), ssh-keygen(1): infrastructure support for KRL
   extensions.  This defines wire formats for optional KRL extensions
   and implements parsing of the new submessages. No actual extensions
   are supported at this point.

 * sshd(8): AuthorizedPrincipalsCommand and AuthorizedKeysCommand now
   accept two additional %-expansion sequences: %D which expands to
   the routing domain of the connected session and %C which expands
   to the addresses and port numbers for the source and destination
   of the connection.

 * ssh-keygen(1): increase the default work factor (rounds) for the
   bcrypt KDF used to derive symmetric encryption keys for passphrase
   protected key files by 50%.

Bugfixes
--------

 * ssh-agent(1): improve isolation between loaded PKCS#11 modules
   by running separate ssh-pkcs11-helpers for each loaded provider.

 * ssh(1): make -f (fork after authentication) work correctly with
   multiplexed connections, including ControlPersist. bz3589 bz3589

 * ssh(1): make ConnectTimeout apply to multiplexing sockets and not
   just to network connections.

 * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
   modules being loaded by checking that the requested module
   contains the required symbol before loading it.

 * sshd(8): fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand
   appears before it in sshd_config. Since OpenSSH 8.7 the
   AuthorizedPrincipalsCommand directive was incorrectly ignored in
   this situation. bz3574

 * sshd(8), ssh(1), ssh-keygen(1): remove vestigal support for KRL
   signatures When the KRL format was originally defined, it included
   support for signing of KRL objects. However, the code to sign KRLs
   and verify KRL signatues was never completed in OpenSSH. This
   release removes the partially-implemented code to verify KRLs.
   All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in
   KRL files.

 * All: fix a number of memory leaks and unreachable/harmless integer
   overflows.

 * ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11
   modules; GHPR406

 * sshd(8), ssh(1): better validate CASignatureAlgorithms in
   ssh_config and sshd_config. Previously this directive would accept
   certificate algorithm names, but these were unusable in practice as
   OpenSSH does not support CA chains. bz3577

 * ssh(1): make `ssh -Q CASignatureAlgorithms` only list signature
   algorithms that are valid for CA signing. Previous behaviour was
   to list all signing algorithms, including certificate algorithms.

 * ssh-keyscan(1): gracefully handle systems where rlimits or the
   maximum number of open files is larger than INT_MAX; bz3581

 * ssh-keygen(1): fix "no comment" not showing on when running
   `ssh-keygen -l` on multiple keys where one has a comment and other
   following keys do not. bz3580

 * scp(1), sftp(1): adjust ftruncate() logic to handle servers that
   reorder requests. Previously, if the server reordered requests then
   the resultant file would be erroneously truncated.

 * ssh(1): don't incorrectly disable hostname canonicalization when
   CanonicalizeHostname=yes and ProxyJump was expicitly set to
   "none". bz3567

 * scp(1): when copying local->remote, check that the source file
   exists before opening an SFTP connection to the server. Based on
   GHPR#370

Revision 1.277 / (download) - annotate - [select for diffs], Wed Jul 19 14:46:13 2023 UTC (8 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Changes since 1.276: +2 -2 lines
Diff to previous 1.276 (colored) to selected 1.215 (colored)

openssh: update to 9.3p2.

    OpenSSH 9.3p2
    update version in README
    update RPM spec versions

    disallow remote addition of FIDO/PKCS11 keys

    Depends on the local client performing the session-bind@openssh.com
    operation, so non-OpenSSH local client may circumvent this.

    terminate pkcs11 process for bad libraries
    depend
    crank version

Revision 1.276 / (download) - annotate - [select for diffs], Thu Mar 16 07:22:08 2023 UTC (12 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1
Changes since 1.275: +2 -2 lines
Diff to previous 1.275 (colored) to selected 1.215 (colored)

openssh: update to 9.3p1.

Changes since OpenSSH 9.2
=========================

This release fixes a number of security bugs.

Security
========

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

 * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
   per-hop desination constraints (ssh-add -h ...) added in OpenSSH
   8.9, a logic error prevented the constraints from being
   communicated to the agent. This resulted in the keys being added
   without constraints. The common cases of non-smartcard keys and
   keys without destination constraints are unaffected. This problem
   was reported by Luci Stanescu.

 * ssh(1): Portable OpenSSH provides an implementation of the
   getrrsetbyname(3) function if the standard library does not
   provide it, for use by the VerifyHostKeyDNS feature. A
   specifically crafted DNS response could cause this function to
   perform an out-of-bounds read of adjacent stack data, but this
   condition does not appear to be exploitable beyond denial-of-
   service to the ssh(1) client.

   The getrrsetbyname(3) replacement is only included if the system's
   standard library lacks this function and portable OpenSSH was not
   compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
   only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
   problem was found by the Coverity static analyzer.

New features
------------

 * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
   outputting SSHFP fingerprints to allow algorithm selection. bz3493

 * sshd(8): add a `sshd -G` option that parses and prints the
   effective configuration without attempting to load private keys
   and perform other checks. This allows usage of the option before
   keys have been generated and for configuration evaluation and
   verification by unprivileged users.

Bugfixes
--------

 * scp(1), sftp(1): fix progressmeter corruption on wide displays;
   bz3534

 * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
   of private keys as some systems are starting to disable RSA/SHA1
   in libcrypto.

 * sftp-server(8): fix a memory leak. GHPR363

 * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
   compatibility code and simplify what's left.

 * Fix a number of low-impact Coverity static analysis findings.
   These include several reported via bz2687

 * ssh_config(5), sshd_config(5): mention that some options are not
   first-match-wins.

 * Rework logging for the regression tests. Regression tests will now
   capture separate logs for each ssh and sshd invocation in a test.

 * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
   says it should; bz3532.

 * ssh(1): ensure that there is a terminating newline when adding a
   new entry to known_hosts; bz3529

Portability
-----------

 * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
   mmap(2), madvise(2) and futex(2) flags, removing some concerning
   kernel attack surface.

 * sshd(8): improve Linux seccomp-bpf sandbox for older systems;
   bz3537

Revision 1.275 / (download) - annotate - [select for diffs], Thu Feb 2 13:31:12 2023 UTC (13 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.274: +2 -3 lines
Diff to previous 1.274 (colored) to selected 1.215 (colored)

Changes since OpenSSH 9.1
=========================

This release fixes a number of security bugs.

Security
========

This release contains fixes for two security problems and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

 * sshd(8): fix a pre-authentication double-free memory fault
   introduced in OpenSSH 9.1. This is not believed to be exploitable,
   and it occurs in the unprivileged pre-auth process that is
   subject to chroot(2) and is further sandboxed on most major
   platforms.

 * ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option
   would ignore its first argument unless it was one of the special
   keywords "any" or "none", causing the permission list to fail open
   if only one permission was specified. bz3515

 * ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs
   options were enabled, and the system/libc resolver did not check
   that names in DNS responses were valid, then use of these options
   could allow an attacker with control of DNS to include invalid
   characters (possibly including wildcards) in names added to
   known_hosts files when they were updated. These names would still
   have to match the CanonicalizePermittedCNAMEs allow-list, so
   practical exploitation appears unlikely.

Potentially-incompatible changes
--------------------------------

 * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
   controls whether the client-side ~C escape sequence that provides a
   command-line is available. Among other things, the ~C command-line
   could be used to add additional port-forwards at runtime.

   This option defaults to "no", disabling the ~C command-line that
   was previously enabled by default. Turning off the command-line
   allows platforms that support sandboxing of the ssh(1) client
   (currently only OpenBSD) to use a stricter default sandbox policy.

New features
------------

 * sshd(8): add support for channel inactivity timeouts via a new
   sshd_config(5) ChannelTimeout directive. This allows channels that
   have not seen traffic in a configurable interval to be
   automatically closed. Different timeouts may be applied to session,
   X11, agent and TCP forwarding channels.

 * sshd(8): add a sshd_config UnusedConnectionTimeout option to
   terminate client connections that have no open channels for a
   length of time. This complements the ChannelTimeout option above.

 * sshd(8): add a -V (version) option to sshd like the ssh client has.

 * ssh(1): add a "Host" line to the output of ssh -G showing the
   original hostname argument. bz3343

 * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
   allow control over some SFTP protocol parameters: the copy buffer
   length and the number of in-flight requests, both of which are used
   during upload/download. Previously these could be controlled in
   sftp(1) only. This makes them available in both SFTP protocol
   clients using the same option character sequence.

 * ssh-keyscan(1): allow scanning of complete CIDR address ranges,
   e.g.  "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
   it will be expanded to all possible addresses in the range
   including the all-0s and all-1s addresses. bz#976

 * ssh(1): support dynamic remote port forwarding in escape
   command-line's -R processing. bz#3499

Bugfixes
--------

 * ssh(1): when restoring non-blocking mode to stdio fds, restore
   exactly the flags that ssh started with and don't just clobber them
   with zero, as this could also remove the append flag from the set.
   bz3523

 * ssh(1): avoid printf("%s", NULL) if using UserKnownHostsFile=none
   and a hostkey in one of the system known hosts file changes.

 * scp(1): switch scp from using pipes to a socket-pair for
   communication with its ssh sub-processes, matching how sftp(1)
   operates.

 * sshd(8): clear signal mask early in main(); sshd may have been
   started with one or more signals masked (sigprocmask(2) is not
   cleared on fork/exec) and this could interfere with various things,
   e.g. the login grace timer. Execution environments that fail to
   clear the signal mask before running sshd are clearly broken, but
   apparently they do exist.

 * ssh(1): warn if no host keys for hostbased auth can be loaded.

 * sshd(8): Add server debugging for hostbased auth that is queued and
   sent to the client after successful authentication, but also logged
   to assist in diagnosis of HostbasedAuthentication problems. bz3507

 * ssh(1): document use of the IdentityFile option as being usable to
   list public keys as well as private keys. GHPR352

 * sshd(8): check for and disallow MaxStartups values less than or
   equal to zero during config parsing, rather than failing later at
   runtime.  bz3489

 * ssh-keygen(1): fix parsing of hex cert expiry times specified on
   the command-line when acting as a CA.

 * scp(1): when scp(1) is using the SFTP protocol for transport (the
   default), better match scp/rcp's handling of globs that don't match
   the globbed characters but do match literally (e.g. trying to
   transfer a file named "foo.[1]"). Previously scp(1) in SFTP mode
   would not match these pathnames but legacy scp/rcp mode would.
   bz3488

 * ssh-agent(1): document the "-O no-restrict-websafe" command-line
   option.

 * ssh(1): honour user's umask(2) if it is more restrictive then the
   ssh default (022).

Portability
-----------

 * sshd(8): allow writev(2) in the Linux seccomp sandbox. This seems
   to be used by recent glibcs at least in some configurations during
   error conditions. bz3512.

 * sshd(8): simply handling of SSH_CONNECTION PAM env var, removing
   global variable and checking the return value from pam_putenv.
   bz3508

 * sshd(8): disable SANDBOX_SECCOMP_FILTER_DEBUG that was mistakenly
   enabled during the OpenSSH 9.1 release cycle.

 * misc: update autotools and regenerate the config files using the
   latest autotools

 * all: use -fzero-call-used-regs=used on clang 15 instead of
   -fzero-call-used-reg=all, as some versions of clang 15 have
   miscompile code when it was enabled. bz3475

 * sshd(8): defer PRNG seeding until after the initial closefrom(2)
   call. PRNG seeding will initialize OpenSSL, and some engine
   providers (e.g. Intel's QAT) will open descriptors for their own
   use that closefrom(2) could clobber. bz3483

 * misc: in the poll(2)/ppoll(2) compatibility code, avoid assuming
   the layout of fd_set.

 * sftp-server(8), ssh-agent(1): fix ptrace(2) disabling on older
   FreeBSD kernels. Some versions do not support using id 0 to refer
   to the current PID for procctl, so try again with getpid()
   explicitly before failing.

 * configure.ac: fix -Wstrict-prototypes in configure test code.
   Clang 16 now warns on this and legacy prototypes will be removed
   in C23. GHPR355

 * configure.ac: fix setres*id checks to work with clang-16. glibc
   has the prototypes for setresuid behind _GNU_SOURCE, and clang 16
   will error out on implicit function definitions. bz3497

Revision 1.274 / (download) - annotate - [select for diffs], Wed Oct 12 13:34:59 2022 UTC (17 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.273: +2 -3 lines
Diff to previous 1.273 (colored) to selected 1.215 (colored)

Changes since OpenSSH 9.0
=========================

This release is focused on bug fixing.

Security
========

This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.

 * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
   Reported by Qualys

 * ssh-keygen(1): double free() in error path of file hashing step in
   signing/verify code; GHPR333

 * ssh-keysign(8): double-free in error path introduced in openssh-8.9

Potentially-incompatible changes
--------------------------------

 * The portable OpenSSH project now signs commits and release tags
   using git's recent SSH signature support. The list of developer
   signing keys is included in the repository as .git_allowed_signers
   and is cross-signed using the PGP key that is still used to sign
   release artifacts:
   https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc

 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438

 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.


New features
------------

 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8).

   ssh(1) will terminate a connection if the server offers an RSA key
   that falls below this limit, as the SSH protocol does not include
   the ability to retry a failed key exchange.

 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.

 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.

 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.

 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.

   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468

 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"

 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429

Bugfixes
--------

 * ssh-keygen(1): implement the "verify-required" certificate option.
   This was already documented when support for user-verified FIDO
   keys was added, but the ssh-keygen(1) code was missing.

 * ssh-agent(1): hook up the restrict_websafe command-line flag;
   previously the flag was accepted but never actually used.

 * sftp(1): improve filename tab completions: never try to complete
   names to non-existent commands, and better match the completion
   type (local or remote filename) against the argument position
   being completed.

 * ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
   handling, especially relating to keys that request
   user-verification. These should reduce the number of unnecessary
   PIN prompts for keys that support intrinsic user verification.
   GHPR302, GHPR329

 * ssh-keygen(1): when enrolling a FIDO resident key, check if a
   credential with matching application and user ID strings already
   exists and, if so, prompt the user for confirmation before
   overwriting the credential. GHPR329

 * sshd(8): improve logging of errors when opening authorized_keys
   files. bz2042

 * ssh(1): avoid multiplexing operations that could cause SIGPIPE from
   causing the client to exit early. bz3454

 * ssh_config(5), sshd_config(5): clarify that the RekeyLimit
   directive applies to both transmitted and received data. GHPR328

 * ssh-keygen(1): avoid double fclose() in error path.

 * sshd(8): log an error if pipe() fails while accepting a
   connection. bz3447

 * ssh(1), ssh-keygen(1): fix possible NULL deref when built without
   FIDO support. bz3443

 * ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
   GHPR294.

 * sshd(8): ensure that authentication passwords are cleared from
   memory in error paths. GHPR286

 * ssh(1), ssh-agent(1): avoid possibility of notifier code executing
   kill(-1). GHPR286

 * ssh_config(5): note that the ProxyJump directive also accepts the
   same tokens as ProxyCommand. GHPR305.

 * scp(1): do not not ftruncate(3) files early when in sftp mode. The
   previous behaviour of unconditionally truncating the destination
   file would cause "scp ~/foo localhost:foo" and the reverse
   "scp localhost:foo ~/foo" to delete all the contents of their
   destination. bz3431

 * ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
   unable to load a private key; bz3429

 * sftp(1), scp(1): when performing operations that glob(3) a remote
   path, ensure that the implicit working directory used to construct
   that path escapes glob(3) characters. This prevents glob characters
   from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
   "get *.txt" should have the get operation treat the path "/tmp/a*"
   literally and not attempt to expand it.

 * ssh(1), sshd(8): be stricter in which characters will be accepted
   in specifying a mask length; allow only 0-9. GHPR278

 * ssh-keygen(1): avoid printing hash algorithm twice when dumping a
   KRL

 * ssh(1), sshd(8): continue running local I/O for open channels
   during SSH transport rekeying. This should make ~-escapes work in
   the client (e.g. to exit) if the connection happened to have
   stalled during a rekey event.

 * ssh(1), sshd(8): avoid potential poll() spin during rekeying

 * Further hardening for sshbuf internals: disallow "reparenting" a
   hierarchical sshbuf and zero the entire buffer if reallocation
   fails. GHPR287

Portability
-----------

 * ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in
   FIDO security key support if libfido2 is found and usable, unless
   --without-security-key-builtin was requested.

 * ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello
   FIDO device usable on Cygwin. The windows://hello FIDO device will
   be automatically used by default on this platform unless requested
   otherwise, or when probing resident FIDO credentials (an operation
   not currently supported by WinHello).

 * Portable OpenSSH: remove workarounds for obsolete and unsupported
   versions of OpenSSL libcrypto. In particular, this release removes
   fallback support for OpenSSL that lacks AES-CTR or AES-GCM.

   Those AES cipher modes were added to OpenSSL prior to the minimum
   version currently supported by OpenSSH, so this is not expected to
   impact any currently supported configurations.

 * sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc

 * All: resync and clean up internal CSPRNG code.

 * scp(1), sftp(1), sftp-server(8): avoid linking these programs with
   unnecessary libraries. They are no longer linked against libz and
   libcrypto. This may be of benefit to space constrained systems
   using any of those components in isolation.

 * sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
   architectures.

 * configure: remove special casing of crypt(). configure will no
   longer search for crypt() in libcrypto, as it was removed from
   there years ago. configure will now only search libc and libcrypt.

 * configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its
   RSA implementation (CVE-2022-2274) on x86_64.

 * All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322

 * ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes
   required by the XMSS code on some platforms.

 * sshd(8): cache timezone data in capsicum sandbox.

Revision 1.273 / (download) - annotate - [select for diffs], Tue Jun 28 11:35:38 2022 UTC (21 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.272: +2 -1 lines
Diff to previous 1.272 (colored) to selected 1.215 (colored)

*: recursive bump for perl 5.36

Revision 1.272 / (download) - annotate - [select for diffs], Sun May 15 19:21:55 2022 UTC (22 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.271: +2 -3 lines
Diff to previous 1.271 (colored) to selected 1.215 (colored)

openssh: update to 9.0.1.

Changes since OpenSSH 8.9
=========================

This release is focused on bug fixing.

Potentially-incompatible changes
--------------------------------

This release switches scp(1) from using the legacy scp/rcp protocol
to using the SFTP protocol by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.

Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path () openssh com" to support
this.

In case of incompatibility, the scp(1) client may be instructed to use
the legacy scp/rcp using the -O flag.

New features
------------

 * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
   exchange method by default ("sntrup761x25519-sha512 () openssh com").
   The NTRU algorithm is believed to resist attacks enabled by future
   quantum computers and is paired with the X25519 ECDH key exchange
   (the previous default) as a backstop against any weaknesses in
   NTRU Prime that may be discovered in the future. The combination
   ensures that the hybrid exchange offers at least as good security
   as the status quo.

   We are making this change now (i.e. ahead of cryptographically-
   relevant quantum computers) to prevent "capture now, decrypt
   later" attacks where an adversary who can record and store SSH
   session ciphertext would be able to decrypt it once a sufficiently
   advanced quantum computer is available.

 * sftp-server(8): support the "copy-data" extension to allow server-
   side copying of files/data, following the design in
   draft-ietf-secsh-filexfer-extensions-00. bz2948

 * sftp(1): add a "cp" command to allow the sftp client to perform
   server-side file copies.

Bugfixes
--------

 * ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output
   fd closes without data in the channel buffer. bz3405 and bz3411

 * sshd(8): pack pollfd array in server listen/accept loop. Could
   cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE

 * ssh-keygen(1): avoid NULL deref via the find-principals and
   check-novalidate operations. bz3409 and GHPR#307 respectively.

 * scp(1): fix a memory leak in argument processing. bz3404

 * sshd(8): don't try to resolve ListenAddress directives in the sshd
   re-exec path. They are unused after re-exec and parsing errors
   (possible for example if the host's network configuration changed)
   could prevent connections from being accepted.

 * sshd(8): when refusing a public key authentication request from a
   client for using an unapproved or unsupported signature algorithm
   include the algorithm name in the log message to make debugging
   easier.

Portability
-----------

 * sshd(8): refactor platform-specific locked account check, fixing
   an incorrect free() on platforms with both libiaf and shadow
   passwords (probably only Unixware) GHPR#284,

 * ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
   parsing of K/M/G/etc quantities. bz#3401.

 * sshd(8): provide killpg implementation (mostly for Tandem NonStop)
   GHPR#301.

 * Check for missing ftruncate prototype. GHPR#301

 * sshd(8): default to not using sandbox when cross compiling. On most
   systems poll(2) does not work when the number of FDs is reduced
   with setrlimit, so assume it doesn't when cross compiling and we
   can't run the test.  bz#3398.

 * sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox
   violations on some (at least i386 and armhf) 32bit Linux platforms.
   bz#3396.

 * Improve detection of -fzero-call-used-regs=all support in
   configure script.

Security Near Miss
==================

 * sshd(8): fix an integer overflow in the user authentication path
   that, in conjunction with other logic errors, could have yielded
   unauthenticated access under difficult to exploit conditions.

   This situation is not exploitable because of independent checks in
   the privilege separation monitor. Privilege separation has been
   enabled by default in since openssh-3.2.2 (released in 2002) and
   has been mandatory since openssh-7.5 (released in 2017). Moreover,
   portable OpenSSH has used toolchain features available in most
   modern compilers to abort on signed integer overflow since
   openssh-6.5 (released in 2014).

   Thanks to Malcolm Stagg for finding and reporting this bug.

Potentially-incompatible changes
================================

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

 * This release modifies the FIDO security key middleware interface
   and increments SSH_SK_VERSION_MAJOR.

Changes since OpenSSH 8.8
=========================

This release includes a number of new features.

New features
------------

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)
   A detailed description of the feature is available at
   https://www.openssh.com/agent-restrict.html and the protocol
   extensions are documented in the PROTOCOL and PROTOCOL.agent
   files in the source release.

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * ssh-keygen(1): when downloading resident keys from a FIDO token,
   pass back the user ID that was used when the key was created and
   append it to the filename the key is written to (if it is not the
   default). Avoids keys being clobbered if the user created multiple
   resident keys with the same application string but different user
   IDs.

 * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
   on tokens that provide user verification (UV) on the device itself,
   including biometric keys, avoiding unnecessary PIN prompts.

 * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
   perform matching of principals names against an allowed signers
   file. To be used towards a TOFU model for SSH signatures in git.

 * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
   to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
   authentication time.

 * ssh-keygen(1): allow selection of hash at sshsig signing time
   (either sha512 (default) or sha256).

 * ssh(1), sshd(8): read network data directly to the packet input
   buffer instead of indirectly via a small stack buffer. Provides a
   modest performance improvement.

 * ssh(1), sshd(8): read data directly to the channel input buffer,
   providing a similar modest performance improvement.

 * ssh(1): extend the PubkeyAuthentication configuration directive to
   accept yes|no|unbound|host-bound to allow control over one of the
   protocol extensions used to implement agent-restricted keys.

Bugfixes
--------

 * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
   PubkeyAuthOptions can be used in a Match block. PR#277.

 * sshd(8): fix possible string truncation when constructing paths to
   .rhosts/.shosts files with very long user home directory names.

 * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
   exchange hashes

 * ssh(1): don't put the TTY into raw mode when SessionType=none,
   avoids ^C being unable to kill such a session. bz3360

 * scp(1): fix some corner-case bugs in SFTP-mode handling of
   ~-prefixed paths.

 * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
   select RSA keys when only RSA/SHA2 signature algorithms are
   configured (this is the default case). Previously RSA keys were
   not being considered in the default case.

 * ssh-keysign(1): make ssh-keysign use the requested signature
   algorithm and not the default for the key type. Part of unbreaking
   hostbased auth for RSA/SHA2 keys.

 * ssh(1): stricter UpdateHostkey signature verification logic on
   the client- side. Require RSA/SHA2 signatures for RSA hostkeys
   except when RSA/SHA1 was explicitly negotiated during initial
   KEX; bz3375

 * ssh(1), sshd(8): fix signature algorithm selection logic for
   UpdateHostkeys on the server side. The previous code tried to
   prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
   cases. This will use RSA/SHA2 signatures for RSA keys if the
   client proposed these algorithms in initial KEX. bz3375

 * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
   This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
   and sftp-server(8), as well as the sshd(8) listen loop and all
   other FD read/writability checks. On platforms with missing or
   broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
   available.

 * ssh-keygen(1): the "-Y find-principals" command was verifying key
   validity when using ca certs but not with simple key lifetimes
   within the allowed signers file.

 * ssh-keygen(1): make sshsig verify-time argument parsing optional

 * sshd(8): fix truncation in rhosts/shosts path construction.

 * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
   keys (we already did this for RSA keys). Avoids fatal errors for
   PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
   "cryptoauthlib"; bz#3364

 * ssh(1), ssh-agent(1): improve the testing of credentials against
   inserted FIDO: ask the token whether a particular key belongs to
   it in cases where the token supports on-token user-verification
   (e.g. biometrics) rather than just assuming that it will accept it.

   Will reduce spurious "Confirm user presence" notifications for key
   handles that relate to FIDO keys that are not currently inserted in at
   least some cases. bz3366

 * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
   allow for the preceding two ECN bits. bz#3373

 * ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
   option.

 * ssh-keygen(1): fix a NULL deref when using the find-principals
   function, when matching an allowed_signers line that contains a
   namespace restriction, but no restriction specified on the
   command-line

 * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
   issue #42719

 * ssh(1): suppress "Connection to xxx closed" messages when LogLevel
   is set to "error" or above. bz3378

 * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
   compressed packet data. bz3372

 * scp(1): when recursively transferring files in SFTP mode, create the
   destination directory if it doesn't already exist to match scp(1) in
   legacy RCP mode behaviour.

 * scp(1): many improvements in error message consistency between scp(1)
   in SFTP mode vs legacy RCP mode.

 * sshd(8): fix potential race in SIGTERM handling PR#289

 * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
   end of the default list of public keys so that they will be tried
   last. PR#295

 * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
   wildcard principals in allowed_signers files

Portability
-----------

 * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
   implementation does not work in a chroot when the kernel does not
   have close_range(2). It tries to read from /proc/self/fd and when
   that fails dies with an assertion of sorts. Instead, call
   close_range(2) directly from our compat code and fall back if
   that fails.  bz#3349,

 * OS X poll(2) is broken; use compat replacement. For character-
   special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
   when polled with POLLIN. Apparently this is Apple bug 3710161 -
   not public but a websearch will find other OSS projects
   rediscovering it periodically since it was first identified in
   2005.

 * Correct handling of exceptfds/POLLPRI in our select(2)-based
   poll(2)/ppoll(2) compat implementation.

 * Cygwin: correct checking of mbstowcs() return value.

 * Add a basic SECURITY.md that refers people to the openssh.com
   website.

 * Enable additional compiler warnings and toolchain hardening flags,
   including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
   -fzero-call-used-regs and -ftrivial-auto-var-init.

 * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
   is not reliable.

Revision 1.271 / (download) - annotate - [select for diffs], Thu Oct 21 07:46:38 2021 UTC (2 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.270: +2 -1 lines
Diff to previous 1.270 (colored) to selected 1.215 (colored)

*: recursive bump for heimdal 7.7.0

its buildlink3.mk now includes openssl's buildlink3.mk

Revision 1.270 / (download) - annotate - [select for diffs], Sun Sep 26 15:37:51 2021 UTC (2 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.269: +2 -3 lines
Diff to previous 1.269 (colored) to selected 1.215 (colored)

openssh: update to 8.8p1.

Changes:
One year of development, details at
https://www.openssh.com/releasenotes.html

Revision 1.269 / (download) - annotate - [select for diffs], Mon May 24 19:53:55 2021 UTC (2 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.268: +2 -1 lines
Diff to previous 1.268 (colored) to selected 1.215 (colored)

*: recursive bump for perl 5.34

Revision 1.268 / (download) - annotate - [select for diffs], Tue Sep 29 15:17:42 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.267: +2 -3 lines
Diff to previous 1.267 (colored) to selected 1.215 (colored)

openssh: Update to 8.4.1

Changelog:
Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

We intend to enable UpdateHostKeys by default in the next OpenSSH
release. This will assist the client by automatically migrating to
better algorithms. Users may consider enabling this option manually.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * ssh-agent(1): restrict ssh-agent from signing web challenges for
   FIDO/U2F keys.

   When signing messages in ssh-agent using a FIDO key that has an
   application string that does not start with "ssh:", ensure that the
   message being signed is one of the forms expected for the SSH protocol
   (currently public key authentication and sshsig signatures).

   This prevents ssh-agent forwarding on a host that has FIDO keys
   attached granting the ability for the remote side to sign challenges
   for web authentication using those keys too.

   Note that the converse case of web browsers signing SSH challenges is
   already precluded because no web RP can have the "ssh:" prefix in the
   application string that we require.

 * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating
   a FIDO resident key.

   The recent FIDO 2.1 Client to Authenticator Protocol introduced a
   "credProtect" feature to better protect resident keys. We use this
   option to require a PIN prior to all operations that may retrieve
   a resident key from a FIDO token.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * For FIDO/U2F support, OpenSSH recommends the use of libfido2 1.5.0
   or greater. Older libraries have limited support at the expense of
   disabling particular features. These include resident keys, PIN-
   required keys and multiple attached tokens.

 * ssh-keygen(1): the format of the attestation information optionally
   recorded when a FIDO key is generated has changed. It now includes
   the authenticator data needed to validate attestation signatures.

 * The API between OpenSSH and the FIDO token middleware has changed
   and the SSH_SK_VERSION_MAJOR version has been incremented as a
   result. Third-party middleware libraries must support the current
   API version (7) to work with OpenSSH 8.4.

 * The portable OpenSSH distribution now requires automake to rebuild
   the configure script and supporting files. This is not required when
   simply building portable OpenSSH from a release tar file.

Changes since OpenSSH 8.3
=========================

New features
------------

 * ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for
   each use. These keys may be generated using ssh-keygen using a new
   "verify-required" option. When a PIN-required key is used, the user
   will be prompted for a PIN to complete the signature operation.

 * sshd(8): authorized_keys now supports a new "verify-required"
   option to require FIDO signatures assert that the token verified
   that the user was present before making the signature. The FIDO
   protocol supports multiple methods for user-verification, but
   currently OpenSSH only supports PIN verification.

 * sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn
   signatures. Webauthn is a standard for using FIDO keys in web
   browsers. These signatures are a slightly different format to plain
   FIDO signatures and thus require explicit support.

 * ssh(1): allow some keywords to expand shell-style ${ENV}
   environment variables. The supported keywords are CertificateFile,
   ControlPath, IdentityAgent and IdentityFile, plus LocalForward and
   RemoteForward when used for Unix domain socket paths. bz#3140

 * ssh(1), ssh-agent(1): allow some additional control over the use of
   ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable,
   including forcibly enabling and disabling its use. bz#69

 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time
   limit for keys in addition to its current flag options. Time-
   limited keys will automatically be removed from ssh-agent after
   their expiry time has passed.

 * scp(1), sftp(1): allow the -A flag to explicitly enable agent
   forwarding in scp and sftp. The default remains to not forward an
   agent, even when ssh_config enables it.

 * ssh(1): add a '%k' TOKEN that expands to the effective HostKey of
   the destination. This allows, e.g., keeping host keys in individual
   files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654

 * ssh(1): add %-TOKEN, environment variable and tilde expansion to
   the UserKnownHostsFile directive, allowing the path to be
   completed by the configuration (e.g. bz#1654)

 * ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted
   from stdin. bz#3180

 * sshd(8): improve logging for MaxStartups connection throttling.
   sshd will now log when it starts and stops throttling and periodically
   while in this state. bz#3055

Bugfixes
--------

 * ssh(1), ssh-keygen(1): better support for multiple attached FIDO
   tokens. In cases where OpenSSH cannot unambiguously determine which
   token to direct a request to, the user is now required to select a
   token by touching it. In cases of operations that require a PIN to
   be verified, this avoids sending the wrong PIN to the wrong token
   and incrementing the token's PIN failure counter (tokens
   effectively erase their keys after too many PIN failures).

 * sshd(8): fix Include before Match in sshd_config; bz#3122

 * ssh(1): close stdin/out/error when forking after authentication
   completes ("ssh -f ...") bz#3137

 * ssh(1), sshd(8): limit the amount of channel input data buffered,
   avoiding peers that advertise large windows but are slow to read
   from causing high memory consumption.

 * ssh-agent(1): handle multiple requests sent in a single write() to
   the agent.

 * sshd(8): allow sshd_config longer than 256k

 * sshd(8): avoid spurious "Unable to load host key" message when sshd
   load a private key but no public counterpart

 * ssh(1): prefer the default hostkey algorithm list whenever we have
   a hostkey that matches its best-preference algorithm.

 * sshd(1): when ordering the hostkey algorithms to request from a
   server, prefer certificate types if the known_hosts files contain a key
   marked as a @cert-authority; bz#3157

 * ssh(1): perform host key fingerprint comparisons for the "Are you
   sure you want to continue connecting (yes/no/[fingerprint])?"
   prompt with case sensitivity.

 * sshd(8): ensure that address/masklen mismatches in sshd_config
   yield fatal errors at daemon start time rather than later when
   they are evaluated.

 * ssh-keygen(1): ensure that certificate extensions are lexically
   sorted. Previously if the user specified a custom extension then
   the everything would be in order except the custom ones. bz#3198

 * ssh(1): also compare username when checking for JumpHost loops.
   bz#3057

 * ssh-keygen(1): preserve group/world read permission on known_hosts
   files across runs of "ssh-keygen -Rf /path". The old behaviour was
   to remove all rights for group/other. bz#3146

 * ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen
   manual page and usage().

 * sshd(8): explicitly construct path to ~/.ssh/rc rather than
   relying on it being relative to the current directory, so that it
   can still be found if the shell startup changes its directory.
   bz#3185

 * sshd(8): when redirecting sshd's log output to a file, undo this
   redirection after the session child process is forked(). Fixes
   missing log messages when using this feature under some
   circumstances.

 * sshd(8): start ClientAliveInterval bookkeeping before first pass
   through select() loop; fixed theoretical case where busy sshd may
   ignore timeouts from client.

 * ssh(1): only reset the ServerAliveInterval check when we receive
   traffic from the server and ignore traffic from a port forwarding
   client, preventing a client from keeping a connection alive when
   it should be terminated. bz#2265

 * ssh-keygen(1): avoid spurious error message when ssh-keygen
   creates files outside ~/.ssh

 * sftp-client(1): fix off-by-one error that caused sftp downloads to
   make one more concurrent request that desired. This prevented using
   sftp(1) in unpipelined request/response mode, which is useful when
   debugging. bz#3054

 * ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect()
   helpers. bz#3071

 * ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to
   write to it so we don't leave an empty .ssh directory when it's not
   needed. bz#3156

 * ssh(1), sshd(8): fix multiplier when parsing time specifications
   when handling seconds after other units. bz#3171

Portability
-----------

 * sshd(8): always send any PAM account messages. If the PAM account
   stack returns any messages, always send them to the user and not
   just if the check succeeds. bz#2049

 * Implement some backwards compatibility for libfido2 libraries
   older than 1.5.0. Note that use of an older library will result
   in the loss of certain features including resident key support,
   PIN support and support for multiple attached tokens.

 * configure fixes for XCode 12

 * gnome-ssh-askpass3: ensure the "close" button is not focused by
   default for SSH_ASKPASS_PROMPT=none prompts. Avoids space/enter
   accidentally dismissing FIDO touch notifications.

 * gnome-ssh-askpass3: allow some control over textarea colour via
   $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR
   environment variables.

 * sshd(8): document another PAM spec problem in a frustrated comment

 * sshd(8): support NetBSD's utmpx.ut_ss address field. bz#960

 * Add the ssh-sk-helper binary and its manpage to the RPM spec file

 * Detect the Frankenstein monster of Linux/X32 and allow the sandbox
   to function there. bz#3085

Revision 1.267 / (download) - annotate - [select for diffs], Mon Aug 31 18:11:09 2020 UTC (3 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.266: +2 -1 lines
Diff to previous 1.266 (colored) to selected 1.215 (colored)

*: bump PKGREVISION for perl-5.32.

Revision 1.266 / (download) - annotate - [select for diffs], Sun Jun 7 06:27:52 2020 UTC (3 years, 9 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.265: +1 -4 lines
Diff to previous 1.265 (colored) to selected 1.215 (colored)

security/openssh: remove unknown configure option

Revision 1.265 / (download) - annotate - [select for diffs], Wed May 27 13:49:27 2020 UTC (3 years, 10 months ago) by sevan
Branch: MAIN
Changes since 1.264: +2 -3 lines
Diff to previous 1.264 (colored) to selected 1.215 (colored)

Update to OpenSSH 8.3

OpenSSH 8.3 was released on 2020-05-27. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually. Vendors of devices
that implement the SSH protocol should ensure that they support the
new signature algorithms for RSA keys.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * scp(1): when receiving files, scp(1) could be become desynchronised
   if a utimes(2) system call failed. This could allow file contents
   to be interpreted as file metadata and thereby permit an adversary
   to craft a file system that, when copied with scp(1) in a
   configuration that caused utimes(2) to fail (e.g. under a SELinux
   policy or syscall sandbox), transferred different file names and
   contents to the actual file system layout.

   Exploitation of this is not likely as utimes(2) does not fail under
   normal circumstances. Successful exploitation is not silent - the
   output of scp(1) would show transfer errors followed by the actual
   file(s) that were received.

   Finally, filenames returned from the peer are (since openssh-8.0)
   matched against the user's requested destination, thereby
   disallowing a successful exploit from writing files outside the
   user's selected target glob (or directory, in the case of a
   recursive transfer). This ensures that this attack can achieve no
   more than a hostile peer is already able to achieve within the scp
   protocol.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * sftp(1): reject an argument of "-1" in the same way as ssh(1) and
   scp(1) do instead of accepting and silently ignoring it.

Changes since OpenSSH 8.2
=========================

The focus of this release is bug fixing.

New Features
------------

 * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
   rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
   to allow .shosts files but not .rhosts.

 * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
   sshd_config, not just before any Match blocks; bz3148

 * ssh(1): add %TOKEN percent expansion for the LocalFoward and
   RemoteForward keywords when used for Unix domain socket forwarding.
   bz#3014

 * all: allow loading public keys from the unencrypted envelope of a
   private key file if no corresponding public key file is present.

 * ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
   possible instead of the (slower) portable C implementation included
   in OpenSSH.

 * ssh-keygen(1): add ability to dump the contents of a binary key
   revocation list via "ssh-keygen -lQf /path" bz#3132

Bugfixes
--------

 * ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
   a PKCS11Provider; bz#3141

 * ssh-keygen(1): avoid NULL dereference when trying to convert an
   invalid RFC4716 private key.

 * scp(1): when performing remote-to-remote copies using "scp -3",
   start the second ssh(1) channel with BatchMode=yes enabled to
   avoid confusing and non-deterministic ordering of prompts.

 * ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
   perform hashing of the message to be signed in the middleware layer
   rather than in OpenSSH code. This permits the use of security key
   middlewares that perform the hashing implicitly, such as Windows
   Hello.

 * ssh(1): fix incorrect error message for "too many known hosts
   files." bz#3149

 * ssh(1): make failures when establishing "Tunnel" forwarding
   terminate the connection when ExitOnForwardFailure is enabled;
   bz#3116

 * ssh-keygen(1): fix printing of fingerprints on private keys and add
   a regression test for same.

 * sshd(8): document order of checking AuthorizedKeysFile (first) and
   AuthorizedKeysCommand (subsequently, if the file doesn't match);
   bz#3134

 * sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
   not considered for HostbasedAuthentication when the target user is
   root; bz#3148

 * ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
   key parsing (oss-fuzz #20074).

 * ssh(1), sshd(8): more consistency between sets of %TOKENS are
   accepted in various configuration options.

 * ssh(1), ssh-keygen(1): improve error messages for some common
   PKCS#11 C_Login failure cases; bz#3130

 * ssh(1), sshd(8): make error messages for problems during SSH banner
   exchange consistent with other SSH transport-layer error messages
   and ensure they include the relevant IP addresses bz#3129

 * various: fix a number of spelling errors in comments and debug/error
   messages

 * ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
   from a token, don't prompt for a PIN until the token has told us
   that it needs one. Avoids double-prompting on devices that
   implement on-device authentication.

 * sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
   should be an extension, not a critical option.

 * ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
   when trying to use a FIDO key function and SecurityKeyProvider is
   empty.

 * ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
   the values allowed by the wire format (u32). Prevents integer
   wraparound of the timeout values. bz#3119

 * ssh(1): detect and prevent trivial configuration loops when using
    ProxyJump. bz#3057.

Portability
-----------

 * Detect systems where signals flagged with SA_RESTART will interrupt
   select(2). POSIX permits implementations to choose whether
   select(2) will return when interrupted with a SA_RESTART-flagged
   signal, but OpenSSH requires interrupting behaviour.

 * Several compilation fixes for HP/UX and AIX.

 * On platforms that do not support setting process-wide routing
   domains (all excepting OpenBSD at present), fail to accept a
   configuration attempts to set one at process start time rather than
   fatally erroring at run time. bz#3126

 * Improve detection of egrep (used in regression tests) on platforms
   that offer a poor default one (e.g. Solaris).

 * A number of shell portability fixes for the regression tests.

 * Fix theoretical infinite loop in the glob(3) replacement
   implementation.

 * Fix seccomp sandbox compilation problems for some Linux
   configurations bz#3085

 * Improved detection of libfido2 and some compilation fixes for some
   configurations when --with-security-key-builtin is selected.

OpenSSH 8.2 was released on 2020-02-14. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 hash algorithm for less than USD$50K. For this reason, we will
be disabling the "ssh-rsa" public key signature algorithm that depends
on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
   (RSA/SHA1) algorithm from those accepted for certificate signatures
   (i.e. the client and server CASignatureAlgorithms option) and will
   use the rsa-sha2-512 signature algorithm by default when the
   ssh-keygen(1) CA signs new certificates.

   Certificates are at special risk to the aforementioned SHA1
   collision vulnerability as an attacker has effectively unlimited
   time in which to craft a collision that yields them a valid
   certificate, far more than the relatively brief LoginGraceTime
   window that they have to forge a host key signature.

   The OpenSSH certificate format includes a CA-specified (typically
   random) nonce value near the start of the certificate that should
   make exploitation of chosen-prefix collisions in this context
   challenging, as the attacker does not have full control over the
   prefix that actually gets signed. Nonetheless, SHA1 is now a
   demonstrably broken algorithm and futher improvements in attacks
   are highly likely.

   OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2
   algorithms and will refuse to accept certificates signed by an
   OpenSSH 8.2+ CA using RSA keys unless the unsafe algorithm is
   explicitly selected during signing ("ssh-keygen -t ssh-rsa").
   Older clients/servers may use another CA key type such as
   ssh-ed25519 (supported since OpenSSH 6.5) or one of the
   ecdsa-sha2-nistp256/384/521 types (supported since OpenSSH 5.7)
   instead if they cannot be upgraded.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
   CASignatureAlgorithms list.

 * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
   from the default key exchange proposal for both the client and
   server.

 * ssh-keygen(1): the command-line options related to the generation
   and screening of safe prime numbers used by the
   diffie-hellman-group-exchange-* key exchange algorithms have
   changed. Most options have been folded under the -O flag.

 * sshd(8): the sshd listener process title visible to ps(1) has
   changed to include information about the number of connections that
   are currently attempting authentication and the limits configured
   by MaxStartups.

 * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
   support to provide address-space isolation for token middleware
   libraries (including the internal one). It needs to be installed
   in the expected path, typically under /usr/libexec or similar.

Changes since OpenSSH 8.1
=========================

This release contains some significant new features.

FIDO/U2F Support
----------------

This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication.  In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.

ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly authorise
operations by touching or tapping them.

Generating a FIDO key requires the token be attached, and will usually
require the user tap the token to confirm the operation:

  $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
  Generating public/private ecdsa-sk key pair.
  You may need to touch your security key to authorize key generation.
  Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
  Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub

This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any other
supported key in OpenSSH and may be listed in authorized_keys, added
to ssh-agent(1), etc. The only additional stipulation is that the FIDO
token that the key belongs to must be attached when the key is used.

FIDO tokens are most commonly connected via USB but may be attached
via other means such as Bluetooth or NFC. In OpenSSH, communication
with the token is managed via a middleware library, specified by the
SecurityKeyProvider directive in ssh/sshd_config(5) or the
$SSH_SK_PROVIDER environment variable for ssh-keygen(1) and
ssh-add(1). The API for this middleware is documented in the sk-api.h
and PROTOCOL.u2f files in the source distribution.

OpenSSH includes a middleware ("SecurityKeyProvider=internal") with
support for USB tokens. It is automatically enabled in OpenBSD and may
be enabled in portable OpenSSH via the configure flag
--with-security-key-builtin. If the internal middleware is enabled
then it is automatically used by default. This internal middleware
requires that libfido2 (https://github.com/Yubico/libfido2) and its
dependencies be installed. We recommend that packagers of portable
OpenSSH enable the built-in middleware, as it provides the
lowest-friction experience for users.

Note: FIDO/U2F tokens are required to implement the ECDSA-P256
"ecdsa-sk" key type, but hardware support for Ed25519 "ed25519-sk" is
less common. Similarly, not all hardware tokens support some of the
optional features such as resident keys.

The protocol-level changes to support FIDO/U2F keys in SSH are
documented in the PROTOCOL.u2f file in the OpenSSH source
distribution.

There are a number of supporting changes to this feature:

 * ssh-keygen(1): add a "no-touch-required" option when generating
   FIDO-hosted keys, that disables their default behaviour of
   requiring a physical touch/tap on the token during authentication.
   Note: not all tokens support disabling the touch requirement.

 * sshd(8): add a sshd_config PubkeyAuthOptions directive that
   collects miscellaneous public key authentication-related options
   for sshd(8). At present it supports only a single option
   "no-touch-required". This causes sshd to skip its default check for
   FIDO/U2F keys that the signature was authorised by a touch or press
   event on the token hardware.

 * ssh(1), sshd(8), ssh-keygen(1): add a "no-touch-required" option
   for authorized_keys and a similar extension for certificates. This
   option disables the default requirement that FIDO key signatures
   attest that the user touched their key to authorize them, mirroring
   the similar PubkeyAuthOptions sshd_config option.

 * ssh-keygen(1): add support for the writing the FIDO attestation
   information that is returned when new keys are generated via the
   "-O write-attestation=/path" option. FIDO attestation certificates
   may be used to verify that a FIDO key is hosted in trusted
   hardware. OpenSSH does not currently make use of this information,
   beyond optionally writing it to disk.

FIDO2 resident keys
-------------------

FIDO/U2F OpenSSH keys consist of two parts: a "key handle" part stored
in the private key file on disk, and a per-device private key that is
unique to each FIDO/U2F token and that cannot be exported from the
token hardware. These are combined by the hardware at authentication
time to derive the real key that is used to sign authentication
challenges.

For tokens that are required to move between computers, it can be
cumbersome to have to move the private key file first. To avoid this
requirement, tokens implementing the newer FIDO2 standard support
"resident keys", where it is possible to effectively retrieve the key
handle part of the key from the hardware.

OpenSSH supports this feature, allowing resident keys to be generated
using the ssh-keygen(1) "-O resident" flag. This will produce a
public/private key pair as usual, but it will be possible to retrieve
the private key part from the token later. This may be done using
"ssh-keygen -K", which will download all available resident keys from
the tokens attached to the host and write public/private key files
for them. It is also possible to download and add resident keys
directly to ssh-agent(1) without writing files to the file-system
using "ssh-add -K".

Resident keys are indexed on the token by the application string and
user ID. By default, OpenSSH uses an application string of "ssh:" and
an empty user ID. If multiple resident keys on a single token are
desired then it may be necessary to override one or both of these
defaults using the ssh-keygen(1) "-O application=" or "-O user="
options. Note: OpenSSH will only download and use resident keys whose
application string begins with "ssh:"

Storing both parts of a key on a FIDO token increases the likelihood
of an attacker being able to use a stolen token device. For this
reason, tokens should enforce PIN authentication before allowing
download of keys, and users should set a PIN on their tokens before
creating any resident keys.

Other New Features
------------------

 * sshd(8): add an Include sshd_config keyword that allows including
   additional configuration files via glob(3) patterns. bz2468

 * ssh(1)/sshd(8): make the LE (low effort) DSCP code point available
   via the IPQoS directive; bz2986,

 * ssh(1): when AddKeysToAgent=yes is set and the key contains no
   comment, add the key to the agent with the key's path as the
   comment. bz2564

 * ssh-keygen(1), ssh-agent(1): expose PKCS#11 key labels and X.509
   subjects as key comments, rather than simply listing the PKCS#11
   provider library path. PR138

 * ssh-keygen(1): allow PEM export of DSA and ECDSA keys; bz3091

 * ssh(1), sshd(8): make zlib compile-time optional, available via the
   Makefile.inc ZLIB flag on OpenBSD or via the --with-zlib configure
   option for OpenSSH portable.

 * sshd(8): when clients get denied by MaxStartups, send a
   notification prior to the SSH2 protocol banner according to
   RFC4253 section 4.2.

 * ssh(1), ssh-agent(1): when invoking the $SSH_ASKPASS prompt
   program, pass a hint to the program to describe the type of
   desired prompt.  The possible values are "confirm" (indicating
   that a yes/no confirmation dialog with no text entry should be
   shown), "none" (to indicate an informational message only), or
   blank for the original ssh-askpass behaviour of requesting a
   password/phrase.

 * ssh(1): allow forwarding a different agent socket to the path
   specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
   option to accepting an explicit path or the name of an environment
   variable in addition to yes/no.

 * ssh-keygen(1): add a new signature operations "find-principals" to
   look up the principal associated with a signature from an allowed-
   signers file.

 * sshd(8): expose the number of currently-authenticating connections
   along with the MaxStartups limit in the process title visible to
   "ps".

Bugfixes
--------

 * sshd(8): make ClientAliveCountMax=0 have sensible semantics: it
   will now disable connection killing entirely rather than the
   current behaviour of instantly killing the connection after the
   first liveness test regardless of success. bz2627

 * sshd(8): clarify order of AllowUsers / DenyUsers vs AllowGroups /
   DenyGroups in the sshd(8) manual page. bz1690

 * sshd(8): better describe HashKnownHosts in the manual page. bz2560

 * sshd(8): clarify that that permitopen=/PermitOpen do no name or
   address translation in the manual page. bz3099

 * sshd(8): allow the UpdateHostKeys feature to function when
   multiple known_hosts files are in use. When updating host keys,
   ssh will now search subsequent known_hosts files, but will add
   updated host keys to the first specified file only. bz2738

 * All: replace all calls to signal(2) with a wrapper around
   sigaction(2). This wrapper blocks all other signals during the
   handler preventing races between handlers, and sets SA_RESTART
   which should reduce the potential for short read/write operations.

 * sftp(1): fix a race condition in the SIGCHILD handler that could
   turn in to a kill(-1); bz3084

 * sshd(8): fix a case where valid (but extremely large) SSH channel
   IDs were being incorrectly rejected. bz3098

 * ssh(1): when checking host key fingerprints as answers to new
   hostkey prompts, ignore whitespace surrounding the fingerprint
   itself.

 * All: wait for file descriptors to be readable or writeable during
   non-blocking connect, not just readable. Prevents a timeout when
   the server doesn't immediately send a banner (e.g. multiplexers
   like sslh)

 * sshd_config(5): document the sntrup4591761x25519-sha512@tinyssh.org
   key exchange algorithm. PR#151

Portability
-----------

 * sshd(8): multiple adjustments to the Linux seccomp sandbox:
   - Non-fatally deny IPC syscalls in sandbox
   - Allow clock_gettime64() in sandbox (MIPS / glibc >= 2.31)
   - Allow clock_nanosleep_time64 in sandbox (ARM) bz3100
   - Allow clock_nanosleep() in sandbox (recent glibc) bz3093

 * Explicit check for memmem declaration and fix up declaration if the
   system headers lack it. bz3102

OpenSSH 8.1 was released on 2019-10-09. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Security
========

 * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer
   overflow bug was found in the private key parsing code for the XMSS
   key type. This key type is still experimental and support for it is
   not compiled by default. No user-facing autoconf option exists in
   portable OpenSSH to enable it. This bug was found by Adam Zabrocki
   and reported via SecuriTeam's SSD program.

 * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
   rest in RAM against speculation and memory side-channel attacks like
   Spectre, Meltdown and Rambleed. This release encrypts private keys
   when they are not in use with a symmetric key that is derived from a
   relatively large "prekey" consisting of random data (currently 16KB).

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh-keygen(1): when acting as a CA and signing certificates with
   an RSA key, default to using the rsa-sha2-512 signature algorithm.
   Certificates signed by RSA keys will therefore be incompatible
   with OpenSSH versions prior to 7.2 unless the default is
   overridden (using "ssh-keygen -t ssh-rsa -s ...").

Changes since OpenSSH 8.0
=========================

This release is focused on bug-fixing.

New Features
------------

 * ssh(1): Allow %n to be expanded in ProxyCommand strings

 * ssh(1), sshd(8): Allow prepending a list of algorithms to the
   default set by starting the list with the '^' character, E.g.
   "HostKeyAlgorithms ^ssh-ed25519"

 * ssh-keygen(1): add an experimental lightweight signature and
   verification ability. Signatures may be made using regular ssh keys
   held on disk or stored in a ssh-agent and verified against an
   authorized_keys-like list of allowed keys. Signatures embed a
   namespace that prevents confusion and attacks between different
   usage domains (e.g. files vs email).

 * ssh-keygen(1): print key comment when extracting public key from a
   private key.  bz#3052

 * ssh-keygen(1): accept the verbose flag when searching for host keys
   in known hosts (i.e. "ssh-keygen -vF host") to print the matching
   host's random-art signature too. bz#3003

 * All: support PKCS8 as an optional format for storage of private
   keys to disk.  The OpenSSH native key format remains the default,
   but PKCS8 is a superior format to PEM if interoperability with
   non-OpenSSH software is required, as it may use a less insecure
   key derivation function than PEM's.

Bugfixes
--------

 * ssh(1): if a PKCS#11 token returns no keys then try to login and
   refetch them. Based on patch from Jakub Jelen; bz#2430

 * ssh(1): produce a useful error message if the user's shell is set
   incorrectly during "match exec" processing. bz#2791

 * sftp(1): allow the maximum uint32 value for the argument passed
   to -b which allows better error messages from later validation.
   bz#3050

 * ssh(1): avoid pledge sandbox violations in some combinations of
   remote forwarding, connection multiplexing and ControlMaster.

 * ssh-keyscan(1): include SHA2-variant RSA key algorithms in KEX
   proposal; allows ssh-keyscan to harvest keys from servers that
   disable old SHA1 ssh-rsa. bz#3029

 * sftp(1): print explicit "not modified" message if a file was
   requested for resumed download but was considered already complete.
   bz#2978

 * sftp(1): fix a typo and make <esc><right> move right to the
   closest end of a word just like <esc><left> moves left to the
   closest beginning of a word.

 * sshd(8): cap the number of permitopen/permitlisten directives
   allowed to appear on a single authorized_keys line.

 * All: fix a number of memory leaks (one-off or on exit paths).

 * Regression tests: a number of fixes and improvements, including
   fixes to the interop tests, adding the ability to run most tests
   on builds that disable OpenSSL support, better support for running
   tests under Valgrind and a number of bug-fixes.

 * ssh(1), sshd(8): check for convtime() refusing to accept times that
   resolve to LONG_MAX Reported by Kirk Wolf bz2977

 * ssh(1): slightly more instructive error message when the user
   specifies multiple -J options on the command-line. bz3015

 * ssh-agent(1): process agent requests for RSA certificate private
   keys using correct signature algorithm when requested. bz3016

 * sftp(1): check for user@host when parsing sftp target. This
   allows user@[1.2.3.4] to work without a path.  bz#2999

 * sshd(8): enlarge format buffer size for certificate serial
   number so the log message can record any 64-bit integer without
   truncation. bz#3012

 * sshd(8): for PermitOpen violations add the remote host and port to
   be able to more easily ascertain the source of the request. Add the
   same logging for PermitListen violations which where not previously
   logged at all.

 * scp(1), sftp(1): use the correct POSIX format style for left
   justification for the transfer progress meter. bz#3002

 * sshd(8) when examining a configuration using sshd -T, assume any
   attribute not provided by -C does not match, which allows it to work
   when sshd_config contains a Match directive with or without -C.
   bz#2858

 * ssh(1), ssh-keygen(1): downgrade PKCS#11 "provider returned no
   slots" warning from log level error to debug. This is common when
   attempting to enumerate keys on smartcard readers with no cards
   plugged in. bz#3058

 * ssh(1), ssh-keygen(1): do not unconditionally log in to PKCS#11
   tokens. Avoids spurious PIN prompts for keys not selected for
   authentication in ssh(1) and when listing public keys available in
   a token using ssh-keygen(1). bz#3006

Portability
-----------

 * ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions
   bz#3030

 * ssh(1), sshd(8): fix typo that prevented detection of Linux VRF

 * sshd(8): add no-op implementation of pam_putenv to avoid build
   breakage on platforms where the PAM implementation lacks this
   function (e.g. HP-UX). bz#3008

 * sftp-server(8): fix Solaris privilege sandbox from preventing
   the legacy sftp rename operation from working (was refusing to
   allow hard links to files owned by other users). bz#3036

 * All: add a proc_pidinfo()-based closefrom() for OS X to avoid
   the need to brute-force close all high-numbered file descriptors.
   bz#3049

 * sshd(8): in the Linux seccomp-bpf sandbox, allow mprotect(2) with
   PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
   heap allocators. Github PR#142

 * sshd(8): in the Linux seccomp-bpf sandbox, allow the s390-specific
   ioctl for ECC hardware support.

 * All: use "doc" man page format if the mandoc(1) tool is present on
   the system. Previously configure would not select the "doc" man
   page format if mandoc was present but nroff was not.

 * sshd(8): don't install duplicate STREAMS modules on Solaris; check
   if STREAMS modules are already installed on a pty before installing
   since when compiling with XPG>=4 they will likely be installed
   already. Prevents hangs and duplicate lines on the terminal.
   bz#2945 and bz#2998,

Revision 1.264 / (download) - annotate - [select for diffs], Mon Apr 27 04:08:43 2020 UTC (3 years, 11 months ago) by rillig
Branch: MAIN
Changes since 1.263: +2 -2 lines
Diff to previous 1.263 (colored) to selected 1.215 (colored)

security/openssh: remove no-op file from SUBST_FILES

Revision 1.263 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:05 2020 UTC (4 years, 2 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.262: +2 -2 lines
Diff to previous 1.262 (colored) to selected 1.215 (colored)

all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.262 / (download) - annotate - [select for diffs], Sat Jan 18 21:50:41 2020 UTC (4 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.261: +2 -2 lines
Diff to previous 1.261 (colored) to selected 1.215 (colored)

*: Recursive revision bump for openssl 1.1.1.

Revision 1.261 / (download) - annotate - [select for diffs], Sun Aug 11 13:22:48 2019 UTC (4 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.260: +2 -2 lines
Diff to previous 1.260 (colored) to selected 1.215 (colored)

Bump PKGREVISIONs for perl 5.30.0

Revision 1.260 / (download) - annotate - [select for diffs], Tue Jun 4 09:08:06 2019 UTC (4 years, 9 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.259: +2 -2 lines
Diff to previous 1.259 (colored) to selected 1.215 (colored)

When changing from login_getclass() to login_getpwclass(),
we also need to adjust the argument.  This failure caused
opensshd for the session to crash with a bus error.
Bump PKGREVISION.

Revision 1.259 / (download) - annotate - [select for diffs], Wed May 1 17:59:56 2019 UTC (4 years, 10 months ago) by maya
Branch: MAIN
Changes since 1.258: +2 -25 lines
Diff to previous 1.258 (colored) to selected 1.215 (colored)

openssh: update to 8.0p1

Update provided by Aleksej Lebedev in pkgsrc-wip.

I removed Interix support. We've been moving the patches for a
while, without a real test on Interix. the support for interix
is quite invasive and makes updating this package difficult.

Will reconsider re-adding if I knew we had actual users on
Interix (I strongly suspect we don't).



OpenSSH 8.0 was released on 2019-04-17. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Security
========

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * scp(1): Relating to the above changes to scp(1); the scp protocol
   relies on the remote shell for wildcard expansion, so there is no
   infallible way for the client's wildcard matching to perfectly
   reflect the server's. If there is a difference between client and
   server wildcard expansion, the client may refuse files from the
   server. For this reason, we have provided a new "-T" flag to scp
   that disables these client-side checks at the risk of
   reintroducing the attack described above.

 * sshd(8): Remove support for obsolete "host/port" syntax. Slash-
   separated host/port was added in 2001 as an alternative to
   host:port syntax for the benefit of IPv6 users. These days there
   are establised standards for this like [::1]:22 and the slash
   syntax is easily mistaken for CIDR notation, which OpenSSH
   supports for some things. Remove the slash notation from
   ListenAddress and PermitOpen; bz#2335

Changes since OpenSSH 7.9
=========================

This release is focused on new features and internal refactoring.

New Features
------------

 * ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
   PKCS#11 tokens.

 * ssh(1), sshd(8): Add experimental quantum-computing resistant
   key exchange method, based on a combination of Streamlined NTRU
   Prime 4591^761 and X25519.

 * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
   following NIST Special Publication 800-57's guidance for a
   128-bit equivalent symmetric security level.

 * ssh(1): Allow "PKCS11Provider=none" to override later instances of
   the PKCS11Provider directive in ssh_config; bz#2974

 * sshd(8): Add a log message for situations where a connection is
   dropped for attempting to run a command but a sshd_config
   ForceCommand=internal-sftp restriction is in effect; bz#2960

 * ssh(1): When prompting whether to record a new host key, accept
   the key fingerprint as a synonym for "yes". This allows the user
   to paste a fingerprint obtained out of band at the prompt and
   have the client do the comparison for you.

 * ssh-keygen(1): When signing multiple certificates on a single
   command-line invocation, allow automatically incrementing the
   certificate serial number.

 * scp(1), sftp(1): Accept -J option as an alias to ProxyJump on
   the scp and sftp command-lines.

 * ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
   command-line flags to increase the verbosity of output; pass
   verbose flags though to subprocesses, such as ssh-pkcs11-helper
   started from ssh-agent.

 * ssh-add(1): Add a "-T" option to allowing testing whether keys in
   an agent are usable by performing a signature and a verification.

 * sftp-server(8): Add a "lsetstat@openssh.com" protocol extension
   that replicates the functionality of the existing SSH2_FXP_SETSTAT
   operation but does not follow symlinks. bz#2067

 * sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request
   they do not follow symlinks.

 * sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes
   the connection 4-tuple available to PAM modules that wish to use
   it in decision-making. bz#2741

 * sshd(8): Add a ssh_config "Match final" predicate Matches in same
   pass as "Match canonical" but doesn't require hostname
   canonicalisation be enabled. bz#2906

 * sftp(1): Support a prefix of '@' to suppress echo of sftp batch
   commands; bz#2926

 * ssh-keygen(1): When printing certificate contents using
   "ssh-keygen -Lf /path/certificate", include the algorithm that
   the CA used to sign the cert.

Bugfixes
--------

 * sshd(8): Fix authentication failures when sshd_config contains
   "AuthenticationMethods any" inside a Match block that overrides
   a more restrictive default.

 * sshd(8): Avoid sending duplicate keepalives when ClientAliveCount
   is enabled.

 * sshd(8): Fix two race conditions related to SIGHUP daemon restart.
   Remnant file descriptors in recently-forked child processes could
   block the parent sshd's attempt to listen(2) to the configured
   addresses. Also, the restarting parent sshd could exit before any
   child processes that were awaiting their re-execution state had
   completed reading it, leaving them in a fallback path.

 * ssh(1): Fix stdout potentially being redirected to /dev/null when
   ProxyCommand=- was in use.

 * sshd(8): Avoid sending SIGPIPE to child processes if they attempt
   to write to stderr after their parent processes have exited;
   bz#2071

 * ssh(1): Fix bad interaction between the ssh_config ConnectTimeout
   and ConnectionAttempts directives - connection attempts after the
   first were ignoring the requested timeout; bz#2918

 * ssh-keyscan(1): Return a non-zero exit status if no keys were
   found; bz#2903

 * scp(1): Sanitize scp filenames to allow UTF-8 characters without
   terminal control sequences;  bz#2434

 * sshd(8): Fix confusion between ClientAliveInterval and time-based
   RekeyLimit that could cause connections to be incorrectly closed.
   bz#2757

 * ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN
   handling at initial token login. The attempt to read the PIN
   could be skipped in some cases, particularly on devices with
   integrated PIN readers. This would lead to an inability to
   retrieve keys from these tokens. bz#2652

 * ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
   CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
   C_SignInit operation. bz#2638

 * ssh(1): Improve documentation for ProxyJump/-J, clarifying that
   local configuration does not apply to jump hosts.

 * ssh-keygen(1): Clarify manual - ssh-keygen -e only writes
   public keys, not private.

 * ssh(1), sshd(8): be more strict in processing protocol banners,
   allowing \r characters only immediately before \n.

 * Various: fix a number of memory leaks, including bz#2942 and
   bz#2938

 * scp(1), sftp(1): fix calculation of initial bandwidth limits.
   Account for bytes written before the timer starts and adjust the
   schedule on which recalculations are performed. Avoids an initial
   burst of traffic and yields more accurate bandwidth limits;
   bz#2927

 * sshd(8): Only consider the ext-info-c extension during the initial
   key eschange. It shouldn't be sent in subsequent ones, but if it
   is present we should ignore it. This prevents sshd from sending a
   SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929

 * ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
   authorized_keys) and -R (remove host from authorized_keys) options
   may accept either a bare hostname or a [hostname]:port combo.
   bz#2935

 * ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936

 * sshd(8): Silence error messages when sshd fails to load some of
   the default host keys. Failure to load an explicitly-configured
   hostkey is still an error, and failure to load any host key is
   still fatal. pr/103

 * ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
   started with ControlPersist; prevents random ProxyCommand output
   from interfering with session output.

 * ssh(1): The ssh client was keeping a redundant ssh-agent socket
   (leftover from authentication) around for the life of the
   connection; bz#2912

 * sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
   PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types
   were specified, then authentication would always fail for RSA keys
   as the monitor checks only the base key (not the signature
   algorithm) type against *AcceptedKeyTypes. bz#2746

 * ssh(1): Request correct signature types from ssh-agent when
   certificate keys and RSA-SHA2 signatures are in use.

Portability
-----------

 * sshd(8): On Cygwin, run as SYSTEM where possible, using S4U for
   token creation if it supports MsV1_0 S4U Logon.

 * sshd(8): On Cygwin, use custom user/group matching code that
   respects the OS' behaviour of case-insensitive matching.

 * sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies
   the user environment if it's enabled; bz#2937

 * sshd(8) Cygwin: Change service name to cygsshd to avoid collision
   with Microsoft's OpenSSH port.

 * Allow building against OpenSSL -dev (3.x)

 * Fix a number of build problems against version configurations and
   versions of OpenSSL. Including bz#2931 and bz#2921

 * Improve warnings in cygwin service setup. bz#2922

 * Remove hardcoded service name in cygwin setup. bz#2922

Revision 1.258 / (download) - annotate - [select for diffs], Thu Apr 25 14:55:04 2019 UTC (4 years, 11 months ago) by tron
Branch: MAIN
Changes since 1.257: +2 -1 lines
Diff to previous 1.257 (colored) to selected 1.215 (colored)

openssh: Add optional command line editing to "sftp"

Add new package option "editline" (enabled by default) which adds
command line editing and filename completion to the "sftp" client.

Bump the package revision because of this change.

Revision 1.257 / (download) - annotate - [select for diffs], Fri Jan 18 20:13:36 2019 UTC (5 years, 2 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.256: +2 -3 lines
Diff to previous 1.256 (colored) to selected 1.215 (colored)

OpenSSH 7.9

Potentially-incompatible changes
================================
 * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
   option (see below) bans the use of DSA keys as certificate
   authorities.
 * sshd(8): the authentication success/failure log message has
   changed format slightly. It now includes the certificate
   fingerprint (previously it included only key ID and CA key
   fingerprint).

New Features
------------
 * ssh(1), sshd(8): allow most port numbers to be specified using
   service names from getservbyname(3) (typically /etc/services).
 * ssh(1): allow the IdentityAgent configuration directive to accept
   environment variable names. This supports the use of multiple
   agent sockets without needing to use fixed paths.
 * sshd(8): support signalling sessions via the SSH protocol.
   A limited subset of signals is supported and only for login or
   command sessions (i.e. not subsystems) that were not subject to
   a forced command via authorized_keys or sshd_config. bz#1424
 * ssh(1): support "ssh -Q sig" to list supported signature options.
   Also "ssh -Q help" to show the full set of supported queries.
 * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
   client and server configs to allow control over which signature
   formats are allowed for CAs to sign certificates. For example,
   this allows banning CAs that sign certificates using the RSA-SHA1
   signature algorithm.
 * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
   revoke keys specified by SHA256 hash.
 * ssh-keygen(1): allow creation of key revocation lists directly
   from base64-encoded SHA256 fingerprints. This supports revoking
   keys using only the information contained in sshd(8)
   authentication log messages.

Bugfixes
--------
 * ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
   attempting to load PEM private keys while using an incorrect
   passphrase. bz#2901
 * sshd(8): when a channel closed message is received from a client,
   close the stderr file descriptor at the same time stdout is
   closed. This avoids stuck processes if they were waiting for
   stderr to close and were insensitive to stdin/out closing. bz#2863
 * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
   forwarding timeout and support X11 forwarding indefinitely.
   Previously the behaviour of ForwardX11Timeout=0 was undefined.
 * sshd(8): when compiled with GSSAPI support, cache supported method
   OIDs regardless of whether GSSAPI authentication is enabled in the
   main section of sshd_config. This avoids sandbox violations if
   GSSAPI authentication was later enabled in a Match block. bz#2107
 * sshd(8): do not fail closed when configured with a text key
   revocation list that contains a too-short key. bz#2897
 * ssh(1): treat connections with ProxyJump specified the same as
   ones with a ProxyCommand set with regards to hostname
   canonicalisation (i.e. don't try to canonicalise the hostname
   unless CanonicalizeHostname is set to 'always'). bz#2896
 * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
   key authentication using certificates hosted in a ssh-agent(1)
   or against sshd(8) from OpenSSH <7.8.

Portability
-----------
 * All: support building against the openssl-1.1 API (releases 1.1.0g
   and later). The openssl-1.0 API will remain supported at least
   until OpenSSL terminates security patch support for that API version.
 * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
   apparently required by some glibc/OpenSSL combinations.
 * sshd(8): handle getgrouplist(3) returning more than
   _SC_NGROUPS_MAX groups. Some platforms consider this limit more
   as a guideline.

OpenSSH 7.8:

Potentially-incompatible changes
================================
 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.
 * sshd(8): remove internal support for S/Key multiple factor
   authentication. S/Key may still be used via PAM or BSD auth.
 * ssh(1): remove vestigal support for running ssh(1) as setuid. This
   used to be required for hostbased authentication and the (long
   gone) rhosts-style authentication, but has not been necessary for
   a long time. Attempting to execute ssh as a setuid binary, or with
   uid != effective uid will now yield a fatal error at runtime.
 * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
   HostbasedAcceptedKeyTypes options have changed. These now specify
   signature algorithms that are accepted for their respective
   authentication mechanism, where previously they specified accepted
   key types. This distinction matters when using the RSA/SHA2
   signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
   certificate counterparts. Configurations that override these
   options but omit these algorithm names may cause unexpected
   authentication failures (no action is required for configurations
   that accept the default for these options).
 * sshd(8): the precedence of session environment variables has
   changed. ~/.ssh/environment and environment="..." options in
   authorized_keys files can no longer override SSH_* variables set
   implicitly by sshd.
 * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
   They will now use DSCP AF21 for interactive traffic and CS1 for
   bulk.  For a detailed rationale, please see the commit message:
   https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284

New Features
------------
 * ssh(1)/sshd(8): add new signature algorithms "rsa-sha2-256-cert-
   v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to
   explicitly force use of RSA/SHA2 signatures in authentication.
 * sshd(8): extend the PermitUserEnvironment option to accept a
   whitelist of environment variable names in addition to global
   "yes" or "no" settings.
 * sshd(8): add a PermitListen directive to sshd_config(5) and a
   corresponding permitlisten= authorized_keys option that control
   which listen addresses and port numbers may be used by remote
   forwarding (ssh -R ...).
 * sshd(8): add some countermeasures against timing attacks used for
   account validation/enumeration. sshd will enforce a minimum time
   or each failed authentication attempt consisting of a global 5ms
   minimum plus an additional per-user 0-4ms delay derived from a
   host secret.
 * sshd(8): add a SetEnv directive to allow an administrator to
   explicitly specify environment variables in sshd_config.
   Variables set by SetEnv override the default and client-specified
   environment.
 * ssh(1): add a SetEnv directive to request that the server sets
   an environment variable in the session. Similar to the existing
   SendEnv option, these variables are set subject to server
   configuration.
 * ssh(1): allow "SendEnv -PATTERN" to clear environment variables
   previously marked for sending to the server. bz#1285
 * ssh(1)/sshd(8): make UID available as a %-expansion everywhere
   that the username is available currently. bz#2870
 * ssh(1): allow setting ProxyJump=none to disable ProxyJump
   functionality. bz#2869

Bugfixes
--------
 * sshd(8): avoid observable differences in request parsing that could
   be used to determine whether a target user is valid.
 * all: substantial internal refactoring
 * ssh(1)/sshd(8): fix some memory leaks; bz#2366
 * ssh(1): fix a pwent clobber (introduced in openssh-7.7) that could
   occur during key loading, manifesting as crash on some platforms.
 * sshd_config(5): clarify documentation for AuthenticationMethods
   option; bz#2663
 * ssh(1): ensure that the public key algorithm sent in a
   public key SSH_MSG_USERAUTH_REQUEST matches the content of the
   signature blob. Previously, these could be inconsistent when a
   legacy or non-OpenSSH ssh-agent returned a RSA/SHA1 signature
   when asked to make a RSA/SHA2 signature.
 * sshd(8): fix failures to read authorized_keys caused by faulty
   supplemental group caching. bz#2873
 * scp(1): apply umask to directories, fixing potential mkdir/chmod
   race when copying directory trees bz#2839
 * ssh-keygen(1): return correct exit code when searching for and
   hashing known_hosts entries in a single operation; bz#2772
 * ssh(1): prefer the ssh binary pointed to via argv[0] to $PATH when
   re-executing ssh for ProxyJump. bz#2831
 * sshd(8): do not ban PTY allocation when a sshd session is
   restricted because the user password is expired as it breaks
   password change dialog. (regression in openssh-7.7).
 * ssh(1)/sshd(8): fix error reporting from select() failures.
 * ssh(1): improve documentation for -w (tunnel) flag, emphasising
   that -w implicitly sets Tunnel=point-to-point. bz#2365
 * ssh-agent(1): implement EMFILE mitigation for ssh-agent. ssh-agent
   will no longer spin when its file descriptor limit is exceeded.
   bz#2576
 * ssh(1)/sshd(8): disable SSH2_MSG_DEBUG messages for Twisted Conch
   clients. Twisted Conch versions that lack a version number in
   their identification strings will mishandle these messages when
   running on Python 2.x (https://twistedmatrix.com/trac/ticket/9422)
 * sftp(1): notify user immediately when underlying ssh process dies
   expectedly. bz#2719
 * ssh(1)/sshd(8): fix tunnel forwarding; regression in 7.7 release.
   bz#2855
 * ssh-agent(1): don't kill ssh-agent's listening socket entirely if
   it fails to accept(2) a connection. bz#2837
 * sshd(8): relax checking of authorized_keys environment="..."
   options to allow underscores in variable names (regression
   introduced in 7.7). bz#2851
 * ssh(1): add some missing options in the configuration dump output
   (ssh -G). bz#2835

Portability
-----------
 * sshd(8): Expose details of completed authentication to PAM auth
   modules via SSH_AUTH_INFO_0 in the PAM environment. bz#2408
 * Fix compilation problems caused by fights between zlib and OpenSSL
   colliding uses of "free_func"
 * Improve detection of unsupported compiler options. Recently these
   may have manifested as "unsupported -Wl,-z,retpoline" warnings
   during linking.
 * sshd(8): some sandbox support for Linux/s390 bz#2752.
 * regress tests: unbreak key-options.sh test on platforms without
   openpty(3). bz#2856
 * use getrandom(2) for PRNG seeding when built without OpenSSL.

OpenSSH 7.7:

Potentially-incompatible changes
================================
 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.

New Features
------------
 * All: Add experimental support for PQC XMSS keys (Extended Hash-
   Based Signatures) based on the algorithm described in
   https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
   The XMSS signature code is experimental and not compiled in by
   default.
 * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
   to allow conditional configuration that depends on which routing
   domain a connection was received on (currently supported on OpenBSD
   and Linux).
 * sshd_config(5): Add an optional rdomain qualifier to the
   ListenAddress directive to allow listening on different routing
   domains. This is supported only on OpenBSD and Linux at present.
 * sshd_config(5): Add RDomain directive to allow the authenticated
   session to be placed in an explicit routing domain. This is only
   supported on OpenBSD at present.
 * sshd(8): Add "expiry-time" option for authorized_keys files to
   allow for expiring keys.
 * ssh(1): Add a BindInterface option to allow binding the outgoing
   connection to an interface's address (basically a more usable
   BindAddress)
 * ssh(1): Expose device allocated for tun/tap forwarding via a new
   %T expansion for LocalCommand. This allows LocalCommand to be used
   to prepare the interface.
 * sshd(8): Expose the device allocated for tun/tap forwarding via a
   new SSH_TUNNEL environment variable. This allows automatic setup of
   the interface and surrounding network configuration automatically on
   the server.
 * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
   ssh://user@host or sftp://user@host/path.  Additional connection
   parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
   implemented since the ssh fingerprint format in the draft uses the
   deprecated MD5 hash with no way to specify the any other algorithm.
 * ssh-keygen(1): Allow certificate validity intervals that specify
   only a start or stop time (instead of both or neither).
 * sftp(1): Allow "cd" and "lcd" commands with no explicit path
   argument. lcd will change to the local user's home directory as
   usual. cd will change to the starting directory for session (because
   the protocol offers no way to obtain the remote user's home
   directory). bz#2760
 * sshd(8): When doing a config test with sshd -T, only require the
   attributes that are actually used in Match criteria rather than (an
   incomplete list of) all criteria.

Bugfixes
--------

 * ssh(1)/sshd(8): More strictly check signature types during key
   exchange against what was negotiated. Prevents downgrade of RSA
   signatures made with SHA-256/512 to SHA-1.
 * sshd(8): Fix support for client that advertise a protocol version
   of "1.99" (indicating that they are prepared to accept both SSHv1 and
   SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
   support. bz#2810
 * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
   a rsa-sha2-256/512 signature was requested. This condition is possible
   when an old or non-OpenSSH agent is in use. bz#2799
 * ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
   to fatally exit if presented an invalid signature request message.
 * sshd_config(5): Accept yes/no flag options case-insensitively, as
   has been the case in ssh_config(5) for a long time. bz#2664
 * ssh(1): Improve error reporting for failures during connection.
   Under some circumstances misleading errors were being shown. bz#2814
 * ssh-keyscan(1): Add -D option to allow printing of results directly
   in SSHFP format. bz#2821
 * regress tests: fix PuTTY interop test broken in last release's SSHv1
   removal. bz#2823
 * ssh(1): Compatibility fix for some servers that erroneously drop the
   connection when the IUTF8 (RFC8160) option is sent.
 * scp(1): Disable RemoteCommand and RequestTTY in the ssh session
   started by scp (sftp was already doing this.)
 * ssh-keygen(1): Refuse to create a certificate with an unusable
   number of principals.
 * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
   public key during key generation. Previously it would silently
   ignore errors writing the comment and terminating newline.
 * ssh(1): Do not modify hostname arguments that are addresses by
   automatically forcing them to lower-case. Instead canonicalise them
   to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
   against known_hosts. bz#2763
 * ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
   prompts. bz#2803
 * sftp(1): Have sftp print a warning about shell cleanliness when
   decoding the first packet fails, which is usually caused by shells
   polluting stdout of non-interactive startups. bz#2800
 * ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
   time to monotonic time, allowing the packet layer to better function
   over a clock step and avoiding possible integer overflows during
   steps.
 * Numerous manual page fixes and improvements.

Portability
-----------
 * sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
   sandbox violations on some environments.
 * sshd(8): Remove UNICOS support. The hardware and software are literal
   museum pieces and support in sshd is too intrusive to justify
   maintaining.
 * All: Build and link with "retpoline" flags when available to mitigate
   the "branch target injection" style (variant 2) of the Spectre
   branch-prediction vulnerability.
 * All: Add auto-generated dependency information to Makefile.
 * Numerous fixed to the RPM spec files.

Revision 1.256 / (download) - annotate - [select for diffs], Wed Aug 22 09:46:19 2018 UTC (5 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.255: +2 -1 lines
Diff to previous 1.255 (colored) to selected 1.215 (colored)

Recursive bump for perl5-5.28.0

Revision 1.255 / (download) - annotate - [select for diffs], Tue Jan 2 05:37:23 2018 UTC (6 years, 2 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.254: +1 -3 lines
Diff to previous 1.254 (colored) to selected 1.215 (colored)

Remove traces of crypto restrictions from packages.

ok for idea riastradh.

Revision 1.253.4.1 / (download) - annotate - [select for diffs], Sat Nov 25 08:49:32 2017 UTC (6 years, 4 months ago) by bsiegert
Branch: pkgsrc-2017Q3
Changes since 1.253: +2 -3 lines
Diff to previous 1.253 (colored) next main 1.254 (colored) to selected 1.215 (colored)

Pullup ticket #5649 - requested by maya
security/openssh: security fix

Revisions pulled up:
- security/openssh/Makefile                                     1.254
- security/openssh/distinfo                                     1.105
- security/openssh/patches/patch-sshd.c                         1.9

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Wed Oct  4 11:44:14 UTC 2017

   Modified Files:
           pkgsrc/security/openssh: Makefile distinfo
           pkgsrc/security/openssh/patches: patch-sshd.c

   Log Message:
   openssh: update to 7.6.1.

   Potentially-incompatible changes
   ================================

   This release includes a number of changes that may affect existing
   configurations:

    * ssh(1): delete SSH protocol version 1 support, associated
      configuration options and documentation.

    * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

    * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
      ciphers.

    * Refuse RSA keys <1024 bits in length and improve reporting for keys
      that do not meet this requirement.

    * ssh(1): do not offer CBC ciphers by default.

   Changes since OpenSSH 7.5
   =========================

   This is primarily a bugfix release. It also contains substantial
   internal refactoring.

   Security
   --------

    * sftp-server(8): in read-only mode, sftp-server was incorrectly
      permitting creation of zero-length files. Reported by Michal
      Zalewski.

   New Features
   ------------

    * ssh(1): add RemoteCommand option to specify a command in the ssh
      config file instead of giving it on the client's command line. This
      allows the configuration file to specify the command that will be
      executed on the remote host.

    * sshd(8): add ExposeAuthInfo option that enables writing details of
      the authentication methods used (including public keys where
      applicable) to a file that is exposed via a $SSH_USER_AUTH
      environment variable in the subsequent session.

    * ssh(1): add support for reverse dynamic forwarding. In this mode,
      ssh will act as a SOCKS4/5 proxy and forward connections
      to destinations requested by the remote SOCKS client. This mode
      is requested using extended syntax for the -R and RemoteForward
      options and, because it is implemented solely at the client,
      does not require the server be updated to be supported.

    * sshd(8): allow LogLevel directive in sshd_config Match blocks;
      bz#2717

    * ssh-keygen(1): allow inclusion of arbitrary string or flag
      certificate extensions and critical options.

    * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
      a CA when signing certificates. bz#2377

    * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
      ToS/DSCP value and just use the operating system default.

    * ssh-add(1): added -q option to make ssh-add quiet on success.

    * ssh(1): expand the StrictHostKeyChecking option with two new
      settings. The first "accept-new" will automatically accept
      hitherto-unseen keys but will refuse connections for changed or
      invalid hostkeys. This is a safer subset of the current behaviour
      of StrictHostKeyChecking=no. The second setting "off", is a synonym
      for the current behaviour of StrictHostKeyChecking=no: accept new
      host keys, and continue connection for hosts with incorrect
      hostkeys. A future release will change the meaning of
      StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

    * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
      option in sshd(8). bz#2705

   Bugfixes
   --------

    * ssh(1): use HostKeyAlias if specified instead of hostname for
      matching host certificate principal names; bz#2728

    * sftp(1): implement sorting for globbed ls; bz#2649

    * ssh(1): add a user@host prefix to client's "Permission denied"
      messages, useful in particular when using "stacked" connections
      (e.g. ssh -J) where it's not clear which host is denying. bz#2720

    * ssh(1): accept unknown EXT_INFO extension values that contain \0
      characters. These are legal, but would previously cause fatal
      connection errors if received.

    * ssh(1)/sshd(8): repair compression statistics printed at
      connection exit

    * sftp(1): print '?' instead of incorrect link count (that the
      protocol doesn't provide) for remote listings. bz#2710

    * ssh(1): return failure rather than fatal() for more cases during
      session multiplexing negotiations. Causes the session to fall back
      to a non-mux connection if they occur. bz#2707

    * ssh(1): mention that the server may send debug messages to explain
      public key authentication problems under some circumstances; bz#2709

    * Translate OpenSSL error codes to better report incorrect passphrase
      errors when loading private keys; bz#2699

    * sshd(8): adjust compatibility patterns for WinSCP to correctly
      identify versions that implement only the legacy DH group exchange
      scheme. bz#2748

    * ssh(1): print the "Killed by signal 1" message only at LogLevel
      verbose so that it is not shown at the default level; prevents it
      from appearing during ssh -J and equivalent ProxyCommand configs.
      bz#1906, bz#2744

    * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
      existing keys if they exist but are zero length. zero-length keys
      could previously be made if ssh-keygen failed or was interrupted part
      way through generating them. bz#2561

    * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
      place the current session in the background.

    * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

    * sshd(8): avoid reliance on shared use of pointers shared between
      monitor and child sshd processes. bz#2704

    * sshd_config(8): document available AuthenticationMethods; bz#2453

    * ssh(1): avoid truncation in some login prompts; bz#2768

    * sshd(8): Fix various compilations failures, inc bz#2767

    * ssh(1): make "--" before the hostname terminate argument processing
      after the hostname too.

    * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
      new-style private keys. Fixes problems related to private key
      handling for no-OpenSSL builds. bz#2754

    * ssh(1): warn and do not attempt to use keys when the public and
      private halves do not match. bz#2737

    * sftp(1): don't print verbose error message when ssh disconnects
      from under sftp. bz#2750

    * sshd(8): fix keepalive scheduling problem: activity on a forwarded
      port from preventing the keepalive from being sent; bz#2756

    * sshd(8): when started without root privileges, don't require the
      privilege separation user or path to exist. Makes running the
      regression tests easier without touching the filesystem.

    * Make integrity.sh regression tests more robust against timeouts.
      bz#2658

    * ssh(1)/sshd(8): correctness fix for channels implementation: accept
      channel IDs greater than 0x7FFFFFFF.

   Portability
   -----------

    * sshd(9): drop two more privileges in the Solaris sandbox:
      PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

    * sshd(8): expose list of completed authentication methods to PAM
      via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

    * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
      mostly to do with host/network byte order confusion. bz#2735

    * Add --with-cflags-after and --with-ldflags-after configure flags to
      allow setting CFLAGS/LDFLAGS after configure has completed. These
      are useful for setting sanitiser/fuzzing options that may interfere
      with configure's operation.

    * sshd(8): avoid Linux seccomp violations on ppc64le over the
      socketcall syscall.

    * Fix use of ldns when using ldns-config; bz#2697

    * configure: set cache variables when cross-compiling. The cross-
      compiling fallback message was saying it assumed the test passed,
      but it wasn't actually set the cache variables and this would
      cause later tests to fail.

    * Add clang libFuzzer harnesses for public key parsing and signature
      verification.

Revision 1.254 / (download) - annotate - [select for diffs], Wed Oct 4 11:44:14 2017 UTC (6 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.253: +2 -3 lines
Diff to previous 1.253 (colored) to selected 1.215 (colored)

openssh: update to 7.6.1.


Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1): delete SSH protocol version 1 support, associated
   configuration options and documentation.

 * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

 * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
   ciphers.

 * Refuse RSA keys <1024 bits in length and improve reporting for keys
   that do not meet this requirement.

 * ssh(1): do not offer CBC ciphers by default.

Changes since OpenSSH 7.5
=========================

This is primarily a bugfix release. It also contains substantial
internal refactoring.

Security
--------

 * sftp-server(8): in read-only mode, sftp-server was incorrectly
   permitting creation of zero-length files. Reported by Michal
   Zalewski.

New Features
------------

 * ssh(1): add RemoteCommand option to specify a command in the ssh
   config file instead of giving it on the client's command line. This
   allows the configuration file to specify the command that will be
   executed on the remote host.

 * sshd(8): add ExposeAuthInfo option that enables writing details of
   the authentication methods used (including public keys where
   applicable) to a file that is exposed via a $SSH_USER_AUTH
   environment variable in the subsequent session.

 * ssh(1): add support for reverse dynamic forwarding. In this mode,
   ssh will act as a SOCKS4/5 proxy and forward connections
   to destinations requested by the remote SOCKS client. This mode
   is requested using extended syntax for the -R and RemoteForward
   options and, because it is implemented solely at the client,
   does not require the server be updated to be supported.

 * sshd(8): allow LogLevel directive in sshd_config Match blocks;
   bz#2717

 * ssh-keygen(1): allow inclusion of arbitrary string or flag
   certificate extensions and critical options.

 * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
   a CA when signing certificates. bz#2377

 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
   ToS/DSCP value and just use the operating system default.

 * ssh-add(1): added -q option to make ssh-add quiet on success.

 * ssh(1): expand the StrictHostKeyChecking option with two new
   settings. The first "accept-new" will automatically accept
   hitherto-unseen keys but will refuse connections for changed or
   invalid hostkeys. This is a safer subset of the current behaviour
   of StrictHostKeyChecking=no. The second setting "off", is a synonym
   for the current behaviour of StrictHostKeyChecking=no: accept new
   host keys, and continue connection for hosts with incorrect
   hostkeys. A future release will change the meaning of
   StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

 * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
   option in sshd(8). bz#2705

Bugfixes
--------

 * ssh(1): use HostKeyAlias if specified instead of hostname for
   matching host certificate principal names; bz#2728

 * sftp(1): implement sorting for globbed ls; bz#2649

 * ssh(1): add a user@host prefix to client's "Permission denied"
   messages, useful in particular when using "stacked" connections
   (e.g. ssh -J) where it's not clear which host is denying. bz#2720

 * ssh(1): accept unknown EXT_INFO extension values that contain \0
   characters. These are legal, but would previously cause fatal
   connection errors if received.

 * ssh(1)/sshd(8): repair compression statistics printed at
   connection exit

 * sftp(1): print '?' instead of incorrect link count (that the
   protocol doesn't provide) for remote listings. bz#2710

 * ssh(1): return failure rather than fatal() for more cases during
   session multiplexing negotiations. Causes the session to fall back
   to a non-mux connection if they occur. bz#2707

 * ssh(1): mention that the server may send debug messages to explain
   public key authentication problems under some circumstances; bz#2709

 * Translate OpenSSL error codes to better report incorrect passphrase
   errors when loading private keys; bz#2699

 * sshd(8): adjust compatibility patterns for WinSCP to correctly
   identify versions that implement only the legacy DH group exchange
   scheme. bz#2748

 * ssh(1): print the "Killed by signal 1" message only at LogLevel
   verbose so that it is not shown at the default level; prevents it
   from appearing during ssh -J and equivalent ProxyCommand configs.
   bz#1906, bz#2744

 * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
   existing keys if they exist but are zero length. zero-length keys
   could previously be made if ssh-keygen failed or was interrupted part
   way through generating them. bz#2561

 * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
   place the current session in the background.

 * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

 * sshd(8): avoid reliance on shared use of pointers shared between
   monitor and child sshd processes. bz#2704

 * sshd_config(8): document available AuthenticationMethods; bz#2453

 * ssh(1): avoid truncation in some login prompts; bz#2768

 * sshd(8): Fix various compilations failures, inc bz#2767

 * ssh(1): make "--" before the hostname terminate argument processing
   after the hostname too.

 * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
   new-style private keys. Fixes problems related to private key
   handling for no-OpenSSL builds. bz#2754

 * ssh(1): warn and do not attempt to use keys when the public and
   private halves do not match. bz#2737

 * sftp(1): don't print verbose error message when ssh disconnects
   from under sftp. bz#2750

 * sshd(8): fix keepalive scheduling problem: activity on a forwarded
   port from preventing the keepalive from being sent; bz#2756

 * sshd(8): when started without root privileges, don't require the
   privilege separation user or path to exist. Makes running the
   regression tests easier without touching the filesystem.

 * Make integrity.sh regression tests more robust against timeouts.
   bz#2658

 * ssh(1)/sshd(8): correctness fix for channels implementation: accept
   channel IDs greater than 0x7FFFFFFF.

Portability
-----------

 * sshd(9): drop two more privileges in the Solaris sandbox:
   PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

 * sshd(8): expose list of completed authentication methods to PAM
   via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

 * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
   mostly to do with host/network byte order confusion. bz#2735

 * Add --with-cflags-after and --with-ldflags-after configure flags to
   allow setting CFLAGS/LDFLAGS after configure has completed. These
   are useful for setting sanitiser/fuzzing options that may interfere
   with configure's operation.

 * sshd(8): avoid Linux seccomp violations on ppc64le over the
   socketcall syscall.

 * Fix use of ldns when using ldns-config; bz#2697

 * configure: set cache variables when cross-compiling. The cross-
   compiling fallback message was saying it assumed the test passed,
   but it wasn't actually set the cache variables and this would
   cause later tests to fail.

 * Add clang libFuzzer harnesses for public key parsing and signature
   verification.

Revision 1.253 / (download) - annotate - [select for diffs], Mon Jul 24 16:33:22 2017 UTC (6 years, 8 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.252: +3 -1 lines
Diff to previous 1.252 (colored) to selected 1.215 (colored)

Include 'pam' in the suggested/default list of options on NetBSD.
Add LICENSE setting, near as I can tell "modified-bsd".
Bump PKGREVISION.

Revision 1.252 / (download) - annotate - [select for diffs], Wed May 31 09:30:21 2017 UTC (6 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.251: +2 -2 lines
Diff to previous 1.251 (colored) to selected 1.215 (colored)

Update security/openssh to 7.5p1.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * This release deprecates the sshd_config UsePrivilegeSeparation
   option, thereby making privilege separation mandatory. Privilege
   separation has been on by default for almost 15 years and
   sandboxing has been on by default for almost the last five.

 * The format of several log messages emitted by the packet code has
   changed to include additional information about the user and
   their authentication state. Software that monitors ssh/sshd logs
   may need to account for these changes. For example:

   Connection closed by user x 1.1.1.1 port 1234 [preauth]
   Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
   Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]

   Affected messages include connection closure, timeout, remote
   disconnection, negotiation failure and some other fatal messages
   generated by the packet code.

 * [Portable OpenSSH only] This version removes support for building
   against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
   versions prior to 1.0.1 over 12 months ago (i.e. they no longer
   receive fixes for security bugs).

Changes since OpenSSH 7.4
=========================

This is a bugfix release.

Security
--------

 * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
   that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
   Note that the OpenSSH client disables CBC ciphers by default, sshd
   offers them as lowest-preference options and will remove them by
   default entriely in the next release. Reported by Jean Paul
   Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
   Royal Holloway, University of London.

 * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
   a recursive file transfer could be maniuplated by a hostile server to
   perform a path-traversal attack. creating or modifying files outside
   of the intended target directory. Reported by Jann Horn of Google
   Project Zero.

New Features
------------

 * ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
   algorithm lists, e.g. Ciphers=-*cbc. bz#2671

Bugfixes
--------

 * sshd(1): Fix NULL dereference crash when key exchange start
   messages are sent out of sequence.

 * ssh(1), sshd(8): Allow form-feed characters to appear in
   configuration files.

 * sshd(8): Fix regression in OpenSSH 7.4 support for the
   server-sig-algs extension, where SHA2 RSA signature methods were
   not being correctly advertised. bz#2680

 * ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
   known_hosts processing. bz#2591 bz#2685

 * ssh(1): Allow ssh to use certificates accompanied by a private key
   file but no corresponding plain *.pub public key. bz#2617

 * ssh(1): When updating hostkeys using the UpdateHostKeys option,
   accept RSA keys if HostkeyAlgorithms contains any RSA keytype.
   Previously, ssh could ignore RSA keys when only the ssh-rsa-sha2-*
   methods were enabled in HostkeyAlgorithms and not the old ssh-rsa
   method. bz#2650

 * ssh(1): Detect and report excessively long configuration file
   lines. bz#2651

 * Merge a number of fixes found by Coverity and reported via Redhat
   and FreeBSD. Includes fixes for some memory and file descriptor
   leaks in error paths. bz#2687

 * ssh-keyscan(1): Correctly hash hosts with a port number. bz#2692

 * ssh(1), sshd(8): When logging long messages to stderr, don't truncate
   "\r\n" if the length of the message exceeds the buffer. bz#2688

 * ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
   line; avoid confusion over IPv6 addresses and shells that treat
   square bracket characters specially.

 * ssh-keygen(1): Fix corruption of known_hosts when running
   "ssh-keygen -H" on a known_hosts containing already-hashed entries.

 * Fix various fallout and sharp edges caused by removing SSH protocol
   1 support from the server, including the server banner string being
   incorrectly terminated with only \n (instead of \r\n), confusing
   error messages from ssh-keyscan bz#2583 and a segfault in sshd
   if protocol v.1 was enabled for the client and sshd_config
   contained references to legacy keys bz#2686.

 * ssh(1), sshd(8): Free fd_set on connection timeout. bz#2683

 * sshd(8): Fix Unix domain socket forwarding for root (regression in
   OpenSSH 7.4).

 * sftp(1): Fix division by zero crash in "df" output when server
   returns zero total filesystem blocks/inodes.

 * ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
   encountered during key loading to more meaningful error codes.
   bz#2522 bz#2523

 * ssh-keygen(1): Sanitise escape sequences in key comments sent to
   printf but preserve valid UTF-8 when the locale supports it;
   bz#2520

 * ssh(1), sshd(8): Return reason for port forwarding failures where
   feasible rather than always "administratively prohibited". bz#2674

 * sshd(8): Fix deadlock when AuthorizedKeysCommand or
   AuthorizedPrincipalsCommand produces a lot of output and a key is
   matched early. bz#2655

 * Regression tests: several reliability fixes. bz#2654 bz#2658 bz#2659

 * ssh(1): Fix typo in ~C error message for bad port forward
   cancellation. bz#2672

 * ssh(1): Show a useful error message when included config files
   can't be opened; bz#2653

 * sshd(8): Make sshd set GSSAPIStrictAcceptorCheck=yes as the manual page
   (previously incorrectly) advertised. bz#2637

 * sshd_config(5): Repair accidentally-deleted mention of %k token
   in AuthorizedKeysCommand; bz#2656

 * sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM; bz#2665

 * ssh-agent(1): Relax PKCS#11 whitelist to include libexec and
   common 32-bit compatibility library directories.

 * sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
   response handling.

 * ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted
   keys. It was not possible to delete them except by specifying
   their full physical path. bz#2682

Portability
-----------

 * sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
   crypto coprocessor.

 * sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
   inspection.

 * ssh(1): Fix X11 forwarding on OSX where X11 was being started by
   launchd. bz#2341

 * ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
   contain non-printable characters where the codeset in use is ASCII.

 * build: Fix builds that attempt to link a kerberised libldns. bz#2603

 * build: Fix compilation problems caused by unconditionally defining
   _XOPEN_SOURCE in wide character detection.

 * sshd(8): Fix sandbox violations for clock_gettime VSDO syscall
   fallback on some Linux/X32 kernels. bz#2142

Revision 1.251 / (download) - annotate - [select for diffs], Thu Jan 19 03:50:53 2017 UTC (7 years, 2 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.250: +2 -12 lines
Diff to previous 1.250 (colored) to selected 1.215 (colored)

GC deprecated logic for openssh without /dev/urandom. This option is no longer
supported by OpenSSH.

Revision 1.249.4.1 / (download) - annotate - [select for diffs], Sun Jan 8 11:05:07 2017 UTC (7 years, 2 months ago) by bsiegert
Branch: pkgsrc-2016Q4
Changes since 1.249: +2 -2 lines
Diff to previous 1.249 (colored) next main 1.250 (colored) to selected 1.215 (colored)

Pullup ticket #5178 - requested by taca
security/openssh: security fix

Revisions pulled up:
- security/openssh/Makefile                                     1.250
- security/openssh/distinfo                                     1.103
- security/openssh/options.mk                                   1.34
- security/openssh/patches/patch-auth1.c                        deleted
- security/openssh/patches/patch-clientloop.c                   1.5
- security/openssh/patches/patch-openbsd-compat_bsd-openpty.c   1.4
- security/openssh/patches/patch-session.c                      1.8
- security/openssh/patches/patch-sshd.c                         1.8

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Dec 30 04:43:16 UTC 2016

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo options.mk
   	pkgsrc/security/openssh/patches: patch-clientloop.c
   	    patch-openbsd-compat_bsd-openpty.c patch-session.c patch-sshd.c
   Removed Files:
   	pkgsrc/security/openssh/patches: patch-auth1.c

   Log Message:
   Update openssh to 7.4.1 (7.4p1), including security fixes.

   For full changes, please refer ChangeLog file.

   Future deprecation notice
   =========================

   We plan on retiring more legacy cryptography in future releases,
   specifically:

    * In approximately August 2017, removing remaining support for the
      SSH v.1 protocol (client-only and currently compile-time disabled).

    * In the same release, removing support for Blowfish and RC4 ciphers
      and the RIPE-MD160 HMAC. (These are currently run-time disabled).

    * Refusing all RSA keys smaller than 1024 bits (the current minimum
      is 768 bits)

    * The next release of OpenSSH will remove support for running sshd(8)
      with privilege separation disabled.

    * The next release of portable OpenSSH will remove support for
      OpenSSL version prior to 1.0.1.

   This list reflects our current intentions, but please check the final
   release notes for future releases.

   Potentially-incompatible changes
   ================================

   This release includes a number of changes that may affect existing
   configurations:

    * This release removes server support for the SSH v.1 protocol.

    * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
      block ciphers are not safe in 2016 and we don't want to wait until
      attacks like SWEET32 are extended to SSH. As 3des-cbc was the
      only mandatory cipher in the SSH RFCs, this may cause problems
      connecting to older devices using the default configuration,
      but it's highly likely that such devices already need explicit
      configuration for key exchange and hostkey algorithms already
      anyway.

    * sshd(8): Remove support for pre-authentication compression.
      Doing compression early in the protocol probably seemed reasonable
      in the 1990s, but today it's clearly a bad idea in terms of both
      cryptography (cf. multiple compression oracle attacks in TLS) and
      attack surface. Pre-auth compression support has been disabled by
      default for >10 years. Support remains in the client.

    * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
      of trusted paths by default. The path whitelist may be specified
      at run-time.

    * sshd(8): When a forced-command appears in both a certificate and
      an authorized keys/principals command= restriction, sshd will now
      refuse to accept the certificate unless they are identical.
      The previous (documented) behaviour of having the certificate
      forced-command override the other could be a bit confusing and
      error-prone.

    * sshd(8): Remove the UseLogin configuration directive and support
      for having /bin/login manage login sessions.

   Changes since OpenSSH 7.3
   =========================

   This is primarily a bugfix release.

   Security
   --------

    * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
      outside a trusted whitelist (run-time configurable). Requests to
      load modules could be passed via agent forwarding and an attacker
      could attempt to load a hostile PKCS#11 module across the forwarded
      agent channel: PKCS#11 modules are shared libraries, so this would
      result in code execution on the system running the ssh-agent if the
      attacker has control of the forwarded agent-socket (on the host
      running the sshd server) and the ability to write to the filesystem
      of the host running ssh-agent (usually the host running the ssh
      client). Reported by Jann Horn of Project Zero.

    * sshd(8): When privilege separation is disabled, forwarded Unix-
      domain sockets would be created by sshd(8) with the privileges of
      'root' instead of the authenticated user. This release refuses
      Unix-domain socket forwarding when privilege separation is disabled
      (Privilege separation has been enabled by default for 14 years).
      Reported by Jann Horn of Project Zero.

    * sshd(8): Avoid theoretical leak of host private key material to
      privilege-separated child processes via realloc() when reading
      keys. No such leak was observed in practice for normal-sized keys,
      nor does a leak to the child processes directly expose key material
      to unprivileged users. Reported by Jann Horn of Project Zero.

    * sshd(8): The shared memory manager used by pre-authentication
      compression support had a bounds checks that could be elided by
      some optimising compilers. Additionally, this memory manager was
      incorrectly accessible when pre-authentication compression was
      disabled. This could potentially allow attacks against the
      privileged monitor process from the sandboxed privilege-separation
      process (a compromise of the latter would be required first).
      This release removes support for pre-authentication compression
      from sshd(8). Reported by Guido Vranken using the Stack unstable
      optimisation identification tool (http://css.csail.mit.edu/stack/)

    * sshd(8): Fix denial-of-service condition where an attacker who
      sends multiple KEXINIT messages may consume up to 128MB per
      connection. Reported by Shi Lei of Gear Team, Qihoo 360.

    * sshd(8): Validate address ranges for AllowUser and DenyUsers
      directives at configuration load time and refuse to accept invalid
      ones. It was previously possible to specify invalid CIDR address
      ranges (e.g. user@127.1.2.3/55) and these would always match,
      possibly resulting in granting access where it was not intended.
      Reported by Laurence Parry.

Revision 1.250 / (download) - annotate - [select for diffs], Fri Dec 30 04:43:16 2016 UTC (7 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.249: +2 -2 lines
Diff to previous 1.249 (colored) to selected 1.215 (colored)

Update openssh to 7.4.1 (7.4p1), including security fixes.

For full changes, please refer ChangeLog file.


Future deprecation notice
=========================

We plan on retiring more legacy cryptography in future releases,
specifically:

 * In approximately August 2017, removing remaining support for the
   SSH v.1 protocol (client-only and currently compile-time disabled).

 * In the same release, removing support for Blowfish and RC4 ciphers
   and the RIPE-MD160 HMAC. (These are currently run-time disabled).

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

 * The next release of OpenSSH will remove support for running sshd(8)
   with privilege separation disabled.

 * The next release of portable OpenSSH will remove support for
   OpenSSL version prior to 1.0.1.

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * This release removes server support for the SSH v.1 protocol.

 * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
   block ciphers are not safe in 2016 and we don't want to wait until
   attacks like SWEET32 are extended to SSH. As 3des-cbc was the
   only mandatory cipher in the SSH RFCs, this may cause problems
   connecting to older devices using the default configuration,
   but it's highly likely that such devices already need explicit
   configuration for key exchange and hostkey algorithms already
   anyway.

 * sshd(8): Remove support for pre-authentication compression.
   Doing compression early in the protocol probably seemed reasonable
   in the 1990s, but today it's clearly a bad idea in terms of both
   cryptography (cf. multiple compression oracle attacks in TLS) and
   attack surface. Pre-auth compression support has been disabled by
   default for >10 years. Support remains in the client.

 * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
   of trusted paths by default. The path whitelist may be specified
   at run-time.

 * sshd(8): When a forced-command appears in both a certificate and
   an authorized keys/principals command= restriction, sshd will now
   refuse to accept the certificate unless they are identical.
   The previous (documented) behaviour of having the certificate
   forced-command override the other could be a bit confusing and
   error-prone.

 * sshd(8): Remove the UseLogin configuration directive and support
   for having /bin/login manage login sessions.

Changes since OpenSSH 7.3
=========================

This is primarily a bugfix release.

Security
--------

 * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
   outside a trusted whitelist (run-time configurable). Requests to
   load modules could be passed via agent forwarding and an attacker
   could attempt to load a hostile PKCS#11 module across the forwarded
   agent channel: PKCS#11 modules are shared libraries, so this would
   result in code execution on the system running the ssh-agent if the
   attacker has control of the forwarded agent-socket (on the host
   running the sshd server) and the ability to write to the filesystem
   of the host running ssh-agent (usually the host running the ssh
   client). Reported by Jann Horn of Project Zero.

 * sshd(8): When privilege separation is disabled, forwarded Unix-
   domain sockets would be created by sshd(8) with the privileges of
   'root' instead of the authenticated user. This release refuses
   Unix-domain socket forwarding when privilege separation is disabled
   (Privilege separation has been enabled by default for 14 years).
   Reported by Jann Horn of Project Zero.

 * sshd(8): Avoid theoretical leak of host private key material to
   privilege-separated child processes via realloc() when reading
   keys. No such leak was observed in practice for normal-sized keys,
   nor does a leak to the child processes directly expose key material
   to unprivileged users. Reported by Jann Horn of Project Zero.

 * sshd(8): The shared memory manager used by pre-authentication
   compression support had a bounds checks that could be elided by
   some optimising compilers. Additionally, this memory manager was
   incorrectly accessible when pre-authentication compression was
   disabled. This could potentially allow attacks against the
   privileged monitor process from the sandboxed privilege-separation
   process (a compromise of the latter would be required first).
   This release removes support for pre-authentication compression
   from sshd(8). Reported by Guido Vranken using the Stack unstable
   optimisation identification tool (http://css.csail.mit.edu/stack/)

 * sshd(8): Fix denial-of-service condition where an attacker who
   sends multiple KEXINIT messages may consume up to 128MB per
   connection. Reported by Shi Lei of Gear Team, Qihoo 360.

 * sshd(8): Validate address ranges for AllowUser and DenyUsers
   directives at configuration load time and refuse to accept invalid
   ones. It was previously possible to specify invalid CIDR address
   ranges (e.g. user@127.1.2.3/55) and these would always match,
   possibly resulting in granting access where it was not intended.
   Reported by Laurence Parry.

Revision 1.249 / (download) - annotate - [select for diffs], Sun Sep 18 17:30:10 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Branch point for: pkgsrc-2016Q4
Changes since 1.248: +3 -4 lines
Diff to previous 1.248 (colored) to selected 1.215 (colored)

Update openssh to 7.3.1 (OpenSSH 7.3p1).

OpenSSH 7.3p1 is primarily a bugfix release and here is summary.


Changes since OpenSSH 7.2
=========================

Security
--------

 * sshd(8): Mitigate a potential denial-of-service attack against
   the system's crypt(3) function via sshd(8). An attacker could
   send very long passwords that would cause excessive CPU use in
   crypt(3). sshd(8) now refuses to accept password authentication
   requests of length greater than 1024 characters. Independently
   reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.

 * sshd(8): Mitigate timing differences in password authentication
   that could be used to discern valid from invalid account names
   when long passwords were sent and particular password hashing
   algorithms are in use on the server. CVE-2016-6210, reported by
   EddieEzra.Harari at verint.com

 * ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
   oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
   Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
   are disabled by default and only included for legacy compatibility.

 * ssh(1), sshd(8): Improve operation ordering of MAC verification for
   Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
   MAC before decrypting any ciphertext. This removes the possibility
   of timing differences leaking facts about the plaintext, though no
   such leakage has been observed.  Reported by Jean Paul Degabriele,
   Kenny Paterson, Torben Hansen and Martin Albrecht.

 * sshd(8): (portable only) Ignore PAM environment vars when
   UseLogin=yes. If PAM is configured to read user-specified
   environment variables and UseLogin=yes in sshd_config, then a
   hostile local user may attack /bin/login via LD_PRELOAD or
   similar environment variables set via PAM. CVE-2015-8325,
   found by Shayan Sadigh.

New Features
------------

 * ssh(1): Add a ProxyJump option and corresponding -J command-line
   flag to allow simplified indirection through a one or more SSH
   bastions or "jump hosts".

 * ssh(1): Add an IdentityAgent option to allow specifying specific
   agent sockets instead of accepting one from the environment.

 * ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
   optionally overridden when using ssh -W. bz#2577

 * ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
   per draft-sgtatham-secsh-iutf8-00.

 * ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
   2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.

 * ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
   signatures in certificates;

 * ssh(1): Add an Include directive for ssh_config(5) files.

 * ssh(1): Permit UTF-8 characters in pre-authentication banners sent
   from the server. bz#2058

Bugfixes
--------

 * ssh(1), sshd(8): Reduce the syslog level of some relatively common
   protocol events from LOG_CRIT. bz#2585

 * sshd(8): Refuse AuthenticationMethods="" in configurations and
   accept AuthenticationMethods=any for the default behaviour of not
   requiring multiple authentication. bz#2398

 * sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
   ATTEMPT!" message when forward and reverse DNS don't match. bz#2585

 * ssh(1): Close ControlPersist background process stderr except
   in debug mode or when logging to syslog. bz#1988

 * misc: Make PROTOCOL description for direct-streamlocal@openssh.com
   channel open messages match deployed code. bz#2529

 * ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
   failures when both ExitOnForwardFailure and hostname
   canonicalisation are enabled. bz#2562

 * sshd(8): Remove fallback from moduli to obsolete "primes" file
   that was deprecated in 2001. bz#2559.

 * sshd_config(5): Correct description of UseDNS: it affects ssh
   hostname processing for authorized_keys, not known_hosts; bz#2554

 * ssh(1): Fix authentication using lone certificate keys in an agent
   without corresponding private keys on the filesystem. bz#2550

 * sshd(8): Send ClientAliveInterval pings when a time-based
   RekeyLimit is set; previously keepalive packets were not being
   sent. bz#2252

Revision 1.248 / (download) - annotate - [select for diffs], Sun Jul 10 10:41:38 2016 UTC (7 years, 8 months ago) by rillig
Branch: MAIN
Changes since 1.247: +9 -9 lines
Diff to previous 1.247 (colored) to selected 1.215 (colored)

Fixed pkglint warnings about indentation.

Revision 1.247 / (download) - annotate - [select for diffs], Sun Jul 10 10:40:23 2016 UTC (7 years, 8 months ago) by rillig
Branch: MAIN
Changes since 1.246: +2 -2 lines
Diff to previous 1.246 (colored) to selected 1.215 (colored)

Fixed typo in BROKEN_ON_PLATFORM.

Revision 1.246 / (download) - annotate - [select for diffs], Sat Jul 9 06:38:56 2016 UTC (7 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.245: +2 -2 lines
Diff to previous 1.245 (colored) to selected 1.215 (colored)

Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Revision 1.243.2.1 / (download) - annotate - [select for diffs], Sat Jun 11 09:53:06 2016 UTC (7 years, 9 months ago) by spz
Branch: pkgsrc-2016Q1
Changes since 1.243: +2 -1 lines
Diff to previous 1.243 (colored) next main 1.244 (colored) to selected 1.215 (colored)

Pullup ticket #5041 - requested by taca
security/openssh: security patch

Revisions pulled up:
- security/openssh/Makefile                                     1.244
- security/openssh/distinfo                                     1.101
- security/openssh/patches/patch-session.c                      1.6

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jun  6 08:55:35 UTC 2016

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   	pkgsrc/security/openssh/patches: patch-session.c

   Log Message:
   Add fix for CVE-2015-8325 from upstream.

   Bump PKGREVISION.


   To generate a diff of this commit:
   cvs rdiff -u -r1.243 -r1.244 pkgsrc/security/openssh/Makefile
   cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssh/distinfo
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/openssh/patches/patch-session.c

Revision 1.245 / (download) - annotate - [select for diffs], Fri Jun 10 23:15:36 2016 UTC (7 years, 9 months ago) by alnsn
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.244: +10 -4 lines
Diff to previous 1.244 (colored) to selected 1.215 (colored)

Add an option to build without openssl. Fix pkg/50936. Improve PIE build.

Revision 1.244 / (download) - annotate - [select for diffs], Mon Jun 6 08:55:35 2016 UTC (7 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.243: +2 -1 lines
Diff to previous 1.243 (colored) to selected 1.215 (colored)

Add fix for CVE-2015-8325 from upstream.

Bump PKGREVISION.

Revision 1.243 / (download) - annotate - [select for diffs], Tue Mar 15 20:54:07 2016 UTC (8 years ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.242: +3 -4 lines
Diff to previous 1.242 (colored) to selected 1.215 (colored)

Update openssh to 7.2.2 (7.2p2).

Changes since OpenSSH 7.2p1
===========================

This release fixes a security bug:

 * sshd(8): sanitise X11 authentication credentials to avoid xauth
   command injection when X11Forwarding is enabled.

   Full details of the vulnerability are available at:
   http://www.openssh.com/txt/x11fwd.adv

Revision 1.242 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:23 2016 UTC (8 years ago) by jperkin
Branch: MAIN
Changes since 1.241: +2 -2 lines
Diff to previous 1.241 (colored) to selected 1.215 (colored)

Bump PKGREVISION for security/openssl ABI bump.

Revision 1.241 / (download) - annotate - [select for diffs], Fri Feb 26 21:06:38 2016 UTC (8 years, 1 month ago) by tez
Branch: MAIN
Changes since 1.240: +1 -1 lines
Diff to previous 1.240 (colored) to selected 1.215 (colored)

Fix for CVE-2016-1907
The ssh_packet_read_poll2 function in packet.c allows remote attackers to
cause a denial of service.

Revision 1.240 / (download) - annotate - [select for diffs], Fri Feb 26 09:41:06 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.239: +5 -9 lines
Diff to previous 1.239 (colored) to selected 1.215 (colored)

Use OPSYSVARS.

Revision 1.239 / (download) - annotate - [select for diffs], Mon Jan 18 12:53:25 2016 UTC (8 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.238: +2 -2 lines
Diff to previous 1.238 (colored) to selected 1.215 (colored)

Explicitly disable roaming, as per CVE-2016-0777 and CVE-2016-0778.

Fix patch dates and offsets while here.  Bump PKGREVISION.

Revision 1.238 / (download) - annotate - [select for diffs], Wed Nov 11 11:40:06 2015 UTC (8 years, 4 months ago) by sevan
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.237: +2 -1 lines
Diff to previous 1.237 (colored) to selected 1.215 (colored)


Remove the check for the presence of ssh_host_key & the command to generate it,
if ssh_host_key doesn't exist.
RSA1 support is dead and doesn't exist in the package we generate, hence,
regeneration of the key is executed everytime sshd is started/restarted.
Bump PKGREVISION

Reviewed by wiz@

Revision 1.237 / (download) - annotate - [select for diffs], Thu Sep 3 21:05:24 2015 UTC (8 years, 6 months ago) by sevan
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.236: +2 -1 lines
Diff to previous 1.236 (colored) to selected 1.215 (colored)

Mark package as broken for OpenBSD, the portable distribution is not intended
for use on OpenBSD, there is a separate release for that.

Reviewed by wiz@

Revision 1.230.2.3 / (download) - annotate - [select for diffs], Mon Aug 24 19:06:40 2015 UTC (8 years, 7 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.230.2.2: +29 -11 lines
Diff to previous 1.230.2.2 (colored) to branchpoint 1.230 (colored) next main 1.231 (colored) to selected 1.215 (colored)

Pullup ticket #4796 - requested by wiz
security/openssh: security update

Revisions pulled up:
- security/openssh/Makefile					patch
- security/openssh/PLIST					patch
- security/openssh/distinfo					patch
- security/openssh/files/org.openssh.sshd.sb.in			patch
- security/openssh/patches/patch-auth2-chall.c			patch
- security/openssh/patches/patch-auth2.c			patch
- security/openssh/patches/patch-loginrec.c			patch
- security/openssh/patches/patch-openbsd-compat_bsd-openpty.c	patch
- security/openssh/patches/patch-sandbox-darwin.c		patch
- security/openssh/patches/patch-sftp-common.c			patch
- security/openssh/patches/patch-sshd.c				patch
- security/openssh/patches/patch-uidswap.c			patch

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Aug 21 08:12:09 UTC 2015

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   Removed Files:
   	pkgsrc/security/openssh/patches: patch-auth2-chall.c

   Log Message:
   Update to 7.1p1:

   Changes since OpenSSH 7.0
   =========================

   This is a bugfix release.

   Security
   --------

    * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
      prohibit-password/without-password that could, depending on
      compile-time configuration, permit password authentication to
      root while preventing other forms of authentication. This problem
      was reported by Mantas Mikulenas.

   Bugfixes
   --------

    * ssh(1), sshd(8): add compatability workarounds for FuTTY

    * ssh(1), sshd(8): refine compatability workarounds for WinSCP

    * Fix a number of memory faults (double-free, free of uninitialised
      memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
      Kocielski.

Revision 1.236 / (download) - annotate - [select for diffs], Fri Aug 21 08:12:09 2015 UTC (8 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.235: +3 -4 lines
Diff to previous 1.235 (colored) to selected 1.215 (colored)

Update to 7.1p1:

Changes since OpenSSH 7.0
=========================

This is a bugfix release.

Security
--------

 * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
   prohibit-password/without-password that could, depending on
   compile-time configuration, permit password authentication to
   root while preventing other forms of authentication. This problem
   was reported by Mantas Mikulenas.

Bugfixes
--------

 * ssh(1), sshd(8): add compatability workarounds for FuTTY

 * ssh(1), sshd(8): refine compatability workarounds for WinSCP

 * Fix a number of memory faults (double-free, free of uninitialised
   memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
   Kocielski.

Revision 1.235 / (download) - annotate - [select for diffs], Fri Aug 14 08:57:00 2015 UTC (8 years, 7 months ago) by jperkin
Branch: MAIN
Changes since 1.234: +20 -6 lines
Diff to previous 1.234 (colored) to selected 1.215 (colored)

Fix a bug introduced 9 years ago in patch-sshd.c which has meant that
privilege separation has been disabled all that time.  The logic was changed
such that it was only enabled on Interix, instead of only being disabled on
Interix as originally intended.

While here, pull in patches from MacPorts to enable privsep on Darwin.

Bump PKGREVISION.

Revision 1.230.2.2 / (download) - annotate - [select for diffs], Sat Aug 1 08:56:59 2015 UTC (8 years, 7 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.230.2.1: +1 -0 lines
Diff to previous 1.230.2.1 (colored) to branchpoint 1.230 (colored) to selected 1.215 (colored)

Pullup ticket #4786 - requested by taca
security/openssh: security patch

Revisions pulled up:
- security/openssh/Makefile                                     1.234
- security/openssh/distinfo                                     1.94
- security/openssh/patches/patch-auth2-chall.c                  1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jul 30 03:20:36 UTC 2015

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   Added Files:
   	pkgsrc/security/openssh/patches: patch-auth2-chall.c

   Log Message:
   Add fix for CVE-2015-5600 from FreeBSD via NetBSD base.

   Bump PKGREVISION.

Revision 1.234 / (download) - annotate - [select for diffs], Thu Jul 30 03:20:36 2015 UTC (8 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.233: +2 -1 lines
Diff to previous 1.233 (colored) to selected 1.215 (colored)

Add fix for CVE-2015-5600 from FreeBSD via NetBSD base.

Bump PKGREVISION.

Revision 1.230.2.1 / (download) - annotate - [select for diffs], Tue Jul 14 22:03:39 2015 UTC (8 years, 8 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.230: +7 -5 lines
Diff to previous 1.230 (colored) to selected 1.215 (colored)

Pullup ticket #4771 - requested by taca
security/openssh: security update

Revisions pulled up:
- security/openssh/Makefile                                     1.233
- security/openssh/distinfo                                     1.92-1.93
- security/openssh/options.mk                                   1.30
- security/openssh/patches/patch-Makefile.in                    1.4
- security/openssh/patches/patch-auth-passwd.c                  1.2
- security/openssh/patches/patch-auth-rhosts.c                  1.2
- security/openssh/patches/patch-auth.c                         1.3
- security/openssh/patches/patch-auth1.c                        1.3
- security/openssh/patches/patch-auth2.c                        1.4
- security/openssh/patches/patch-channels.c                     1.2
- security/openssh/patches/patch-clientloop.c                   1.2
- security/openssh/patches/patch-compat.c                       deleted
- security/openssh/patches/patch-config.h.in                    1.4
- security/openssh/patches/patch-configure                      deleted
- security/openssh/patches/patch-configure.ac                   1.4
- security/openssh/patches/patch-defines.h                      1.3
- security/openssh/patches/patch-includes.h                     1.3
- security/openssh/patches/patch-openbsd-compat_openbsd-compat.h 1.3
- security/openssh/patches/patch-openbsd-compat_port-tun.c      1.2
- security/openssh/patches/patch-platform.c                     1.4
- security/openssh/patches/patch-scp.c                          1.3
- security/openssh/patches/patch-session.c                      1.4
- security/openssh/patches/patch-ssh.c                          1.4
- security/openssh/patches/patch-sshconnect.c                   deleted
- security/openssh/patches/patch-sshd.8                         1.1
- security/openssh/patches/patch-sshd.c                         1.4
- security/openssh/patches/patch-sshpty.c                       1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jul  9 16:14:24 UTC 2015

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo options.mk
   	pkgsrc/security/openssh/patches: patch-Makefile.in patch-auth-passwd.c
   	    patch-auth-rhosts.c patch-auth.c patch-auth1.c patch-auth2.c
   	    patch-channels.c patch-clientloop.c patch-config.h.in
   	    patch-configure.ac patch-defines.h patch-includes.h
   	    patch-openbsd-compat_openbsd-compat.h
   	    patch-openbsd-compat_port-tun.c patch-platform.c patch-scp.c
   	    patch-session.c patch-ssh.c patch-sshd.c patch-sshpty.c
   Added Files:
   	pkgsrc/security/openssh/patches: patch-sshd.8
   Removed Files:
   	pkgsrc/security/openssh/patches: patch-compat.c patch-configure
   	    patch-sshconnect.c

   Log Message:
   Update openssh to 6.9.1 (OpenSSH 6.9p1) which contains security fix.

   pkgsrc change:

   * tcp_wrappers support was removed from release 6.7, but add it refering
     FreeBSD's ports.
   * hpn-patch is also based on FreeBSD's ports.

   Security
   --------

    * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
      connections made after ForwardX11Timeout expired could be permitted
      and no longer subject to XSECURITY restrictions because of an
      ineffective timeout check in ssh(1) coupled with "fail open"
      behaviour in the X11 server when clients attempted connections with
      expired credentials. This problem was reported by Jann Horn.

    * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
      password guessing by implementing an increasing failure delay,
      storing a salted hash of the password rather than the password
      itself and using a timing-safe comparison function for verifying
      unlock attempts. This problem was reported by Ryan Castellucci.

   For more information, please refer release announce.

   	http://www.openssh.com/txt/release-6.9
   	http://www.openssh.com/txt/release-6.8
   	http://www.openssh.com/txt/release-6.7

---
   Module Name:	pkgsrc
   Committed By:	dsainty
   Date:		Fri Jul 10 07:00:29 UTC 2015

   Modified Files:
   	pkgsrc/security/openssh: distinfo

   Log Message:
   Remove dangling stale hash for patch-sshconnect.c

Revision 1.233 / (download) - annotate - [select for diffs], Thu Jul 9 16:14:23 2015 UTC (8 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.232: +7 -5 lines
Diff to previous 1.232 (colored) to selected 1.215 (colored)

Update openssh to 6.9.1 (OpenSSH 6.9p1) which contains security fix.

pkgsrc change:

* tcp_wrappers support was removed from release 6.7, but add it refering
  FreeBSD's ports.
* hpn-patch is also based on FreeBSD's ports.


Security
--------

 * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
   connections made after ForwardX11Timeout expired could be permitted
   and no longer subject to XSECURITY restrictions because of an
   ineffective timeout check in ssh(1) coupled with "fail open"
   behaviour in the X11 server when clients attempted connections with
   expired credentials. This problem was reported by Jann Horn.

 * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
   password guessing by implementing an increasing failure delay,
   storing a salted hash of the password rather than the password
   itself and using a timing-safe comparison function for verifying
   unlock attempts. This problem was reported by Ryan Castellucci.

For more information, please refer release announce.

	http://www.openssh.com/txt/release-6.9
	http://www.openssh.com/txt/release-6.8
	http://www.openssh.com/txt/release-6.7

Revision 1.232 / (download) - annotate - [select for diffs], Sat Jul 4 16:18:39 2015 UTC (8 years, 8 months ago) by joerg
Branch: MAIN
Changes since 1.231: +4 -4 lines
Diff to previous 1.231 (colored) to selected 1.215 (colored)

Remove USE_X11BASE and X11PREFIX.

Revision 1.231 / (download) - annotate - [select for diffs], Sat Jul 4 08:07:28 2015 UTC (8 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.230: +6 -1 lines
Diff to previous 1.230 (colored) to selected 1.215 (colored)

Disable stripping on Darwin.
Fixes "dyld: Symbol not found: _allow_severity".
From Andreas Kusalananda Kähäri on pkgsrc-users.

Revision 1.230 / (download) - annotate - [select for diffs], Fri Jun 12 10:51:03 2015 UTC (8 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.229: +2 -2 lines
Diff to previous 1.229 (colored) to selected 1.215 (colored)

Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.

Revision 1.228.2.1 / (download) - annotate - [select for diffs], Sat May 16 19:48:50 2015 UTC (8 years, 10 months ago) by bsiegert
Branch: pkgsrc-2015Q1
Changes since 1.228: +2 -2 lines
Diff to previous 1.228 (colored) next main 1.229 (colored) to selected 1.215 (colored)

Pullup ticket #4719 - requested by sevan
security/openssh: security fix

Revisions pulled up:
- security/openssh/Makefile                                     1.229
- security/openssh/distinfo                                     1.91
- security/openssh/patches/patch-compat.c                       1.1

---
   Module Name:    pkgsrc
   Committed By:   sevan
   Date:           Sat May 16 14:43:02 UTC 2015

   Modified Files:
           pkgsrc/security/openssh: Makefile distinfo
   Added Files:
           pkgsrc/security/openssh/patches: patch-compat.c

   Log Message:
   Use the correct buffer when calling strlen
   http://www.openwall.com/lists/oss-security/2015/05/16/3

   Reviewed by wiz@

Revision 1.229 / (download) - annotate - [select for diffs], Sat May 16 14:43:02 2015 UTC (8 years, 10 months ago) by sevan
Branch: MAIN
Changes since 1.228: +2 -2 lines
Diff to previous 1.228 (colored) to selected 1.215 (colored)

Use the correct buffer when calling strlen
http://www.openwall.com/lists/oss-security/2015/05/16/3

Reviewed by wiz@

Revision 1.228 / (download) - annotate - [select for diffs], Thu Mar 19 20:23:55 2015 UTC (9 years ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base
Branch point for: pkgsrc-2015Q1
Changes since 1.227: +2 -2 lines
Diff to previous 1.227 (colored) to selected 1.215 (colored)

Add patch from MacPorts to fix X11 forwarding under Mac OS X Yosemite.

Revision 1.227 / (download) - annotate - [select for diffs], Mon Feb 16 11:03:20 2015 UTC (9 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.226: +1 -6 lines
Diff to previous 1.226 (colored) to selected 1.215 (colored)

Put back implementation of MASTER_SITE_OPENBSD.

Revision 1.226 / (download) - annotate - [select for diffs], Sun Feb 1 09:07:40 2015 UTC (9 years, 1 month ago) by obache
Branch: MAIN
Changes since 1.225: +7 -2 lines
Diff to previous 1.225 (colored) to selected 1.215 (colored)

Revert "Define and use MASTER_SITE_OPENBSD.",
proposed/discussed is required for such changes.

Revision 1.225 / (download) - annotate - [select for diffs], Sat Jan 17 05:51:43 2015 UTC (9 years, 2 months ago) by obache
Branch: MAIN
Changes since 1.224: +2 -6 lines
Diff to previous 1.224 (colored) to selected 1.215 (colored)

Define and use MASTER_SITE_OPENBSD.

Revision 1.224 / (download) - annotate - [select for diffs], Sat Jan 17 05:31:52 2015 UTC (9 years, 2 months ago) by obache
Branch: MAIN
Changes since 1.223: +2 -5 lines
Diff to previous 1.223 (colored) to selected 1.215 (colored)

Remve "Don't delete the last entry" from MASTER_SITES.

It's not available.
ftp://ftp.belnet.be/pub/OpenBSD/OpenSSH/portable/ (capitalize openbsd) is
availabe, but it's a mirror, not the special old distfile holder.
Moreover, mirrors have good enough old versions,  and "old" subdirectory
have much old distfiles.

Revision 1.223 / (download) - annotate - [select for diffs], Sat Jan 17 01:11:06 2015 UTC (9 years, 2 months ago) by gdt
Branch: MAIN
Changes since 1.222: +2 -2 lines
Diff to previous 1.222 (colored) to selected 1.215 (colored)

Use sh not C comments in sh scripts.

From Matthias Ferdinand on pkgsrc-users.

Revision 1.220.4.1 / (download) - annotate - [select for diffs], Thu Oct 9 13:53:43 2014 UTC (9 years, 5 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.220: +2 -2 lines
Diff to previous 1.220 (colored) next main 1.221 (colored) to selected 1.215 (colored)

Pullup ticket #4520 - requested by taca
security/openssh: security patch

Revisions pulled up:
- security/openssh/Makefile                                     1.221
- security/openssh/distinfo                                     1.87
- security/openssh/patches/patch-sshconnect.c                   1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Oct  8 15:50:22 UTC 2014

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   Added Files:
   	pkgsrc/security/openssh/patches: patch-sshconnect.c

   Log Message:
   Add fix for CVE-2014-2653 from
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513.

   Bump PKGREVISION.

Revision 1.222 / (download) - annotate - [select for diffs], Thu Oct 9 13:44:53 2014 UTC (9 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.221: +1 -2 lines
Diff to previous 1.221 (colored) to selected 1.215 (colored)

Remove SVR4_PKGNAME, per discussion on tech-pkg.

Revision 1.221 / (download) - annotate - [select for diffs], Wed Oct 8 15:50:22 2014 UTC (9 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.220: +2 -2 lines
Diff to previous 1.220 (colored) to selected 1.215 (colored)

Add fix for CVE-2014-2653 from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513.

Bump PKGREVISION.

Revision 1.220 / (download) - annotate - [select for diffs], Thu May 29 23:37:20 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q2-base, pkgsrc-2014Q2
Branch point for: pkgsrc-2014Q3
Changes since 1.219: +2 -2 lines
Diff to previous 1.219 (colored) to selected 1.215 (colored)

Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.

Revision 1.219 / (download) - annotate - [select for diffs], Thu May 22 03:14:01 2014 UTC (9 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.218: +2 -1 lines
Diff to previous 1.218 (colored) to selected 1.215 (colored)

Update patch to stop error message with rc.d script.
It was noted by Ken'ichi Fukamachi via PR pkg/48825.

Bump PKGREVISION.

Revision 1.218 / (download) - annotate - [select for diffs], Sat Mar 29 09:38:11 2014 UTC (10 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.217: +6 -7 lines
Diff to previous 1.217 (colored) to selected 1.215 (colored)

Update openssh to 6.6.1 (OpenSSH 6.6p1).

pkgsrc change

    * Use PLIST_VARS.
    * Update hpn-patch based on openssh-6.5p1-hpnssh14v4.diff.gz.

Fixes security problem (SA57488).

For full changes, please refer below release notes.

	http://www.openssh.com/txt/release-6.5
	http://www.openssh.com/txt/release-6.6

Revision 1.217 / (download) - annotate - [select for diffs], Thu Mar 13 11:08:52 2014 UTC (10 years ago) by jperkin
Branch: MAIN
Changes since 1.216: +2 -1 lines
Diff to previous 1.216 (colored) to selected 1.215 (colored)

Set USE_GCC_RUNTIME=yes for packages which build shared libraries but do
not use libtool to do so.  This is required to correctly depend upon a
gcc runtime package (e.g. gcc47-libs) when using USE_PKGSRC_GCC_RUNTIME.

Revision 1.216 / (download) - annotate - [select for diffs], Tue Mar 11 14:34:40 2014 UTC (10 years ago) by jperkin
Branch: MAIN
Changes since 1.215: +2 -1 lines
Diff to previous 1.215 (colored)

Import initial SMF support for individual packages.

Revision 1.215 / (download) - annotate - [selected], Wed Feb 12 23:18:34 2014 UTC (10 years, 1 month ago) by tron
Branch: MAIN
Changes since 1.214: +2 -1 lines
Diff to previous 1.214 (colored)

Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.213.2.1 / (download) - annotate - [select for diffs], Thu Dec 5 09:52:53 2013 UTC (10 years, 3 months ago) by tron
Branch: pkgsrc-2013Q3
Changes since 1.213: +3 -4 lines
Diff to previous 1.213 (colored) next main 1.214 (colored) to selected 1.215 (colored)

Pullup ticket #4262 - requested by taca
security/openssh: security update

Revisions pulled up:
- security/openssh/Makefile                                     1.214
- security/openssh/distinfo                                     1.85
- security/openssh/options.mk                                   1.26
- security/openssh/patches/patch-Makefile.in                    1.2
- security/openssh/patches/patch-auth.c                         1.2
- security/openssh/patches/patch-auth1.c                        1.2
- security/openssh/patches/patch-auth2.c                        1.2
- security/openssh/patches/patch-config.h.in                    1.2
- security/openssh/patches/patch-configure                      1.2
- security/openssh/patches/patch-configure.ac                   1.2
- security/openssh/patches/patch-includes.h                     1.2
- security/openssh/patches/patch-scp.c                          1.2
- security/openssh/patches/patch-session.c                      1.2
- security/openssh/patches/patch-sftp-common.c                  1.1
- security/openssh/patches/patch-ssh.c                          1.2
- security/openssh/patches/patch-sshd.c                         1.2
- security/openssh/patches/patch-uidswap.c                      1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Dec  1 06:11:41 UTC 2013

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo options.mk
   	pkgsrc/security/openssh/patches: patch-Makefile.in patch-auth.c
   	    patch-auth1.c patch-auth2.c patch-config.h.in patch-configure
   	    patch-configure.ac patch-includes.h patch-scp.c patch-session.c
   	    patch-ssh.c patch-sshd.c patch-uidswap.c
   Added Files:
   	pkgsrc/security/openssh/patches: patch-sftp-common.c

   Log Message:
   Update openssh to 6.4.1 (OpenSSH 6.4p1).

   Changes since OpenSSH 6.3
   =========================

   This release fixes a security bug:

    * sshd(8): fix a memory corruption problem triggered during rekeying
      when an AES-GCM cipher is selected. Full details of the vulnerability
      are available at: http://www.openssh.com/txt/gcmrekey.adv

   Changes since OpenSSH 6.2 is too many to write here, please refer
   the release note: http://www.openssh.com/txt/release-6.3.

Revision 1.214 / (download) - annotate - [select for diffs], Sun Dec 1 06:11:41 2013 UTC (10 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.213: +3 -4 lines
Diff to previous 1.213 (colored) to selected 1.215 (colored)

Update openssh to 6.4.1 (OpenSSH 6.4p1).

Changes since OpenSSH 6.3
=========================

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Changes since OpenSSH 6.2 is too many to write here, please refer
the release note: http://www.openssh.com/txt/release-6.3.

Revision 1.213 / (download) - annotate - [select for diffs], Fri Jul 12 10:45:02 2013 UTC (10 years, 8 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base
Branch point for: pkgsrc-2013Q3
Changes since 1.212: +2 -2 lines
Diff to previous 1.212 (colored) to selected 1.215 (colored)

Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.

Revision 1.212 / (download) - annotate - [select for diffs], Fri May 31 12:41:52 2013 UTC (10 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.211: +2 -1 lines
Diff to previous 1.211 (colored) to selected 1.215 (colored)

Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.

Revision 1.211 / (download) - annotate - [select for diffs], Wed May 1 19:58:25 2013 UTC (10 years, 10 months ago) by imil
Branch: MAIN
Changes since 1.210: +3 -19 lines
Diff to previous 1.210 (colored) to selected 1.215 (colored)

Changes since OpenSSH 6.1
=========================

This release introduces a number of new features:

Features:

 * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
   SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
   and aes256-gcm@openssh.com. It uses an identical packet format to the
   AES-GCM mode specified in RFC 5647, but uses simpler and different
   selection rules during key exchange.

 * ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
   for SSH protocol 2. These modes alter the packet format and compute
   the MAC over the packet length and encrypted packet rather than over
   the plaintext data. These modes are considered more secure and are
   used by default when available.

 * ssh(1)/sshd(8): Added support for the UMAC-128 MAC as
   "umac-128@openssh.com" and "umac-128-etm@openssh.com". The latter
   being an encrypt-then-mac mode.

 * sshd(8): Added support for multiple required authentication in SSH
   protocol 2 via an AuthenticationMethods option. This option lists
   one or more comma-separated lists of authentication method names.
   Successful completion of all the methods in any list is required for
   authentication to complete. This allows, for example, requiring a
   user having to authenticate via public key or GSSAPI before they
   are offered password authentication.

 * sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
   (KRLs), a compact binary format to represent lists of revoked keys
   and certificates that take as little as one bit per certificate when
   revoking by serial number. KRLs may be generated using ssh-keygen(1)
   and are loaded into sshd(8) via the existing RevokedKeys sshd_config
   option.

 * ssh(1): IdentitiesOnly now applies to keys obtained from a
   PKCS11Provider. This allows control of which keys are offered from
   tokens using IdentityFile.

 * sshd(8): sshd_config(5)'s AllowTcpForwarding now accepts "local"
   and "remote" in addition to its previous "yes"/"no" keywords to allow
   the server to specify whether just local or remote TCP forwarding is
   enabled.

 * sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to
   support fetching authorized_keys from a command in addition to (or
   instead of) from the filesystem. The command is run under an account
   specified by an AuthorizedKeysCommandUser sshd_config(5) option.

 * sftp-server(8): Now supports a -d option to allow the starting
   directory to be something other than the user's home directory.

 * ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
   tokens using "ssh-keygen -lD pkcs11_provider".

 * ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
   now immediately sends its SSH protocol banner to the server without
   waiting to receive the server's banner, saving time when connecting.

 * ssh(1): Added ~v and ~V escape sequences to raise and lower the
   logging level respectively.

 * ssh(1): Made the escape command help (~?) context sensitive so that
   only commands that will work in the current session are shown.

 * ssh-keygen(1): When deleting host lines from known_hosts using
   "ssh-keygen -R host", ssh-keygen(1) now prints details of which lines
   were removed.

Bugfixes:

 * ssh(1): Force a clean shutdown of ControlMaster client sessions when
   the ~. escape sequence is used. This means that ~. should now work in
   mux clients even if the server is no longer responding.

 * ssh(1): Correctly detect errors during local TCP forward setup in
   multiplexed clients. bz#2055

 * ssh-add(1): Made deleting explicit keys "ssh-add -d" symmetric with
   adding keys with respect to certificates. It now tries to delete the
   corresponding certificate and respects the -k option to allow deleting
   of the key only.

 * sftp(1): Fix a number of parsing and command-editing bugs, including
   bz#1956

 * ssh(1): When muxmaster is run with -N, ensured that it shuts down
   gracefully when a client sends it "-O stop" rather than hanging around.
   bz#1985

 * ssh-keygen(1): When screening moduli candidates, append to the file
   rather than overwriting to allow resumption. bz#1957

 * ssh(1): Record "Received disconnect" messages at ERROR rather than
   INFO priority. bz#2057.

 * ssh(1): Loudly warn if explicitly-provided private key is unreadable.
   bz#1981

Portable OpenSSH:

 * sshd(8): The Linux seccomp-filter sandbox is now supported on ARM
   platforms where the kernel supports it.

 * sshd(8): The seccomp-filter sandbox will not be enabled if the system
   headers support it at compile time, regardless of whether it can be
   enabled then. If the run-time system does not support seccomp-filter,
   sshd will fall back to the rlimit pseudo-sandbox.

 * ssh(1): Don't link in the Kerberos libraries. They aren't necessary
   on the client, just on sshd(8). bz#2072

 * Fix GSSAPI linking on Solaris, which uses a differently-named GSSAPI
   library. bz#2073

 * Fix compilation on systems with openssl-1.0.0-fips.

 * Fix a number of errors in the RPM spec files.

Changes since OpenSSH 6.0
=========================

This is primarily a bugfix release.

Features:

 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.

Bugfixes:

 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.

Portable OpenSSH:

 * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
   sandbox from the Linux SECCOMP filter sandbox when the latter is
   not available in the kernel.
 * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
   retrieve a CNAME SSHFP record.
 * Fix cross-compilation problems related to pkg-config. bz#1996

Changes since OpenSSH 5.9
=========================

This is primarily a bugfix release.

Features:

 * ssh-keygen(1): Add optional checkpoints for moduli screening
 * ssh-add(1): new -k option to load plain keys (skipping certificates)
 * sshd(8): Add wildcard support to PermitOpen, allowing things like
   "PermitOpen localhost:*".  bz #1857
 * ssh(1): support for cancelling local and remote port forwards via the
   multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
   to request the cancellation of the specified forwardings
 * support cancellation of local/dynamic forwardings from ~C commandline

Bugfixes:

 * ssh(1): ensure that $DISPLAY contains only valid characters before
   using it to extract xauth data so that it can't be used to play local
   shell metacharacter games.
 * ssh(1): unbreak remote portforwarding with dynamic allocated listen ports
 * scp(1): uppress adding '--' to remote commandlines when the first
   argument does not start with '-'. saves breakage on some
   difficult-to-upgrade embedded/router platforms
 * ssh(1)/sshd(8): fix typo in IPQoS parsing: there is no "AF14" class,
   but there is an "AF21" class
 * ssh(1)/sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during
   rekeying
 * ssh(1): skip attempting to create ~/.ssh when -F is passed
 * sshd(8): unbreak stdio forwarding when ControlPersist is in use; bz#1943
 * sshd(1): send tty break to pty master instead of (probably already
   closed) slave side; bz#1859
 * sftp(1): silence error spam for "ls */foo" in directory with files;
   bz#1683
 * Fixed a number of memory and file descriptor leaks

Portable OpenSSH:

 * Add a new privilege separation sandbox implementation for Linux's
   new seccomp sandbox, automatically enabled on platforms that support
   it. (Note: privilege separation sandboxing is still experimental)
 * Fix compilation problems on FreeBSD, where libutil contained openpty()
   but not login().
 * ssh-keygen(1): don't fail in -A on platforms that don't support ECC
 * Add optional support for LDNS, a BSD licensed DNS resolver library
   which supports DNSSEC
 * Relax OpenSSL version check to allow running OpenSSH binaries on
   systems with OpenSSL libraries with a newer "fix" or "patch" level
   than the binaries were originally compiled on (previous check only
   allowed movement within "patch" releases). bz#1991
 * Fix builds using contributed Redhat spec file. bz#1992

Changes since OpenSSH 5.8
=========================

Features:

 * Introduce sandboxing of the pre-auth privsep child using an optional
   sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
   mandatory restrictions on the syscalls the privsep child can perform.
   This intention is to prevent a compromised privsep child from being
   used to attack other hosts (by opening sockets and proxying) or
   probing local kernel attack surface.

   Three concrete sandbox implementation are provided (selected at
   configure time): systrace, seatbelt and rlimit.

   The systrace sandbox uses systrace(4) in unsupervised "fast-path"
   mode, where a list of permitted syscalls is supplied. Any syscall not
   on the list results in SIGKILL being sent to the privsep child. Note
   that this requires a kernel with the new SYSTR_POLICY_KILL option
   (only OpenBSD has this mode at present).

   The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a
   strict (kSBXProfilePureComputation) policy that disables access to
   filesystem and network resources.

   The rlimit sandbox is a fallback choice for platforms that don't
   support a better one; it uses setrlimit() to reset the hard-limit
   of file descriptors and processes to zero, which should prevent
   the privsep child from forking or opening new network connections.

   Sandboxing of the privilege separated child process is currently
   experimental but should become the default in a future release.
   Native sandboxes for other platforms are welcome (e.g. Capsicum,
   Linux pid/net namespaces, etc.)

 * Add new SHA256-based HMAC transport integrity modes from
   http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
   These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
   and hmac-sha2-512-96, and are available by default in ssh(1) and
   sshd(8)

 * The pre-authentication sshd(8) privilege separation slave process
   now logs via a socket shared with the master process, avoiding the
   need to maintain /dev/log inside the chroot.

 * ssh(1) now warns when a server refuses X11 forwarding

 * sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
   separated by whitespace. The undocumented AuthorizedKeysFile2
   option is deprecated (though the default for AuthorizedKeysFile
   includes .ssh/authorized_keys2)

 * sshd_config(5): similarly deprecate UserKnownHostsFile2 and
   GlobalKnownHostsFile2 by making UserKnownHostsFile and
   GlobalKnownHostsFile accept multiple options and default to
   include known_hosts2

 * Retain key comments when loading v.2 keys. These will be visible
   in "ssh-add -l" and other places. bz#439

 * ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
   IPv4 ToS/DSCP). bz#1855

 * ssh_config(5)'s ControlPath option now expands %L to the host
   portion of the destination host name.

 * ssh_config(5) "Host" options now support negated Host matching, e.g.

     Host *.example.org !c.example.org
        User mekmitasdigoat

   Will match "a.example.org", "b.example.org", but not "c.example.org"

 * ssh_config(5): a new RequestTTY option provides control over when a
   TTY is requested for a connection, similar to the existing -t/-tt/-T
   ssh(1) commandline options.

 * sshd(8): allow GSSAPI authentication to detect when a server-side
   failure causes authentication failure and don't count such failures
   against MaxAuthTries; bz#1244

 * ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa,
   dsa and ecdsa) for which host keys do not exist, generate the host
   keys with the default key file path, an empty passphrase, default
   bits for the key type, and default comment. This is useful for
   system initialisation scripts.

 * ssh(1): Allow graceful shutdown of multiplexing: request that a mux
   server removes its listener socket and refuse future multiplexing
   requests but don't kill existing connections. This may be requested
   using "ssh -O stop ..."

 * ssh-add(1) now accepts keys piped from standard input. E.g.
   "ssh-add - < /path/to/key"

 * ssh-keysign(8) now signs hostbased authentication
   challenges correctly using ECDSA keys; bz#1858

 * sftp(1): document that sftp accepts square brackets to delimit
   addresses (useful for IPv6); bz#1847a

 * ssh(1): when using session multiplexing, the master process will
   change its process title to reflect the control path in use and
   when a ControlPersist-ed master is waiting to close; bz#1883 and
   bz#1911

 * Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892
   1900 1905 1913

Portable OpenSSH Bugfixes:

 * Fix a compilation error in the SELinux support code. bz#1851

 * This release removes support for ssh-rand-helper. OpenSSH now
   obtains its random numbers directly from OpenSSL or from
   a PRNGd/EGD instance specified at configure time.

 * sshd(8) now resets the SELinux process execution context before
   executing passwd for password changes; bz#1891

 * Since gcc >= 4.x ignores all -Wno-options options, test only the
   corresponding -W-option when trying to determine whether it is
   accepted; bz#1901

 * Add ECDSA key generation to the Cygwin ssh-{host,user}-config
   scripts.

 * Updated .spec and init files for Linux; bz#1920

 * Improved SELinux error messages in context change failures and
   suppress error messages when attempting to change from the
   "unconfined_t" type; bz#1924 bz#1919

 * Fix build errors on platforms without dlopen(); bz#1929

Revision 1.210 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:40 2013 UTC (11 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.209: +2 -2 lines
Diff to previous 1.209 (colored) to selected 1.215 (colored)

PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.209 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:33 2012 UTC (11 years, 3 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.208: +2 -2 lines
Diff to previous 1.208 (colored) to selected 1.215 (colored)

recursive bump from cyrus-sasl libsasl2 shlib major bump.

Revision 1.208 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:38 2012 UTC (11 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.207: +1 -3 lines
Diff to previous 1.207 (colored) to selected 1.215 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.207 / (download) - annotate - [select for diffs], Wed Oct 3 21:57:25 2012 UTC (11 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.206: +2 -2 lines
Diff to previous 1.206 (colored) to selected 1.215 (colored)

Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.

Revision 1.206 / (download) - annotate - [select for diffs], Thu May 31 11:58:37 2012 UTC (11 years, 9 months ago) by imil
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.205: +16 -1 lines
Diff to previous 1.205 (colored) to selected 1.215 (colored)

Added support for OpenSSH-lpk

The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong
user authentication by using an LDAP server for retrieving public keys instead
of ~/.ssh/authorized_keys.

Revision 1.205 / (download) - annotate - [select for diffs], Mon Jan 9 05:25:36 2012 UTC (12 years, 2 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.204: +2 -2 lines
Diff to previous 1.204 (colored) to selected 1.215 (colored)

Re-enable PAM support, as it works fine provided one does not mix multiple
versions of libcrypto in sshd. This can happen if OpenSSH is linked with
pkgsrc's OpenSSL and if using nss_ldap, which pulls base-system OpenSSL
through kerberos libraries. One needs to disable the krb5 of nss_ldap
in order to fix that.

Revision 1.202.2.1 / (download) - annotate - [select for diffs], Tue Aug 23 07:17:44 2011 UTC (12 years, 7 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.202: +2 -2 lines
Diff to previous 1.202 (colored) next main 1.203 (colored) to selected 1.215 (colored)

Pullup ticket #3507 - requested by taca
security/openssh: bug fix patch

Revisions pulled up:
- security/openssh/Makefile                                     1.203-1.204
- security/openssh/distinfo                                     1.81
- security/openssh/patches/patch-atomicio.c                     1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Aug 10 15:21:02 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile
   Added Files:
   	pkgsrc/security/openssh/patches: patch-atomicio.c

   Log Message:
   Add a patch to avoid SSP side effect as NetBSD current.

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Aug 18 09:22:02 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo

   Log Message:
   I forgot to update distinfo about latest patch file addition
   (patch-atomicio.c).  Noted by wiz@ via private mail.

   Bump PKGREVISION.

Revision 1.204 / (download) - annotate - [select for diffs], Thu Aug 18 09:22:01 2011 UTC (12 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.203: +2 -2 lines
Diff to previous 1.203 (colored) to selected 1.215 (colored)

I forgot to update distinfo about latest patch file addition
(patch-atomicio.c).  Noted by wiz@ via private mail.

Bump PKGREVISION.

Revision 1.203 / (download) - annotate - [select for diffs], Wed Aug 10 15:21:02 2011 UTC (12 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.202: +2 -2 lines
Diff to previous 1.202 (colored) to selected 1.215 (colored)

Add a patch to avoid SSP side effect as NetBSD current.

Bump PKGREVISION.

Revision 1.199.2.2 / (download) - annotate - [select for diffs], Fri May 20 07:53:58 2011 UTC (12 years, 10 months ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.199.2.1: +24 -1 lines
Diff to previous 1.199.2.1 (colored) to branchpoint 1.199 (colored) next main 1.200 (colored) to selected 1.215 (colored)

Pullup ticket #3431 - requested by taca
security/openssh: bug fix update

Revisions pulled up:
- security/openssh/Makefile                                     1.201-1.202
- security/openssh/files/sshd.sh                                1.12-1.13

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon May 16 05:06:49 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile
   	pkgsrc/security/openssh/files: sshd.sh

   Log Message:
   Maintenance of openssh pacakge:

   1. Add support for check and create ECDSA host key for SSH protocol
      version 2.

   2. Disable use of strnvis(3) on NetBSD.  NetBSD current after 2011/03/12
      has strnvis(3), but it has different argument from OpenBSD (and other
      system).

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May 17 03:26:52 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile
   	pkgsrc/security/openssh/files: sshd.sh

   Log Message:
   Don't always try to create ecdsa key which depends on OpenSSL's version.

   Bump PKGREVISION.

Revision 1.202 / (download) - annotate - [select for diffs], Tue May 17 03:26:52 2011 UTC (12 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.201: +16 -2 lines
Diff to previous 1.201 (colored) to selected 1.215 (colored)

Don't always try to create ecdsa key which depends on OpenSSL's version.

Bump PKGREVISION.

Revision 1.201 / (download) - annotate - [select for diffs], Mon May 16 05:06:48 2011 UTC (12 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.200: +11 -2 lines
Diff to previous 1.200 (colored) to selected 1.215 (colored)

Maintenance of openssh pacakge:

1. Add support for check and create ECDSA host key for SSH protocol
   version 2.

2. Disable use of strnvis(3) on NetBSD.  NetBSD current after 2011/03/12
   has strnvis(3), but it has different argument from OpenBSD (and other
   system).

Bump PKGREVISION.

Revision 1.199.2.1 / (download) - annotate - [select for diffs], Sun May 15 09:33:30 2011 UTC (12 years, 10 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.199: +3 -3 lines
Diff to previous 1.199 (colored) to selected 1.215 (colored)

Pullup ticket #3430 - requested by taca
security/openssh security update

Revisions pulled up:
- security/openssh/Makefile                                     1.200
- security/openssh/distinfo                                     1.80

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun May 15 04:17:15 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo

   Log Message:
   Update openssh package to 5.8.2 (5.8p2).

   20110403
    - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
      [contrib/suse/openssh.spec] Prepare for 5.8p2 release.
    - (djm) [version.h] crank version
    - Release 5.8p2

   20110329
    - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
      noticed by tmraz AT redhat.com

   20110221
    - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
      Cygwin-specific service installer script ssh-host-config.  The actual
      functionality is the same, the revisited version is just more
      exact when it comes to check for problems which disallow to run
      certain aspects of the script.  So, part of this script and the also
      rearranged service helper script library "csih" is to check if all
      the tools required to run the script are available on the system.
      The new script also is more thorough to inform the user why the
      script failed.  Patch from vinschen at redhat com.

   20110206
    - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
      selinux code.  Patch from Leonardo Chiquitto
    - (dtucker) [contrib/cygwin/ssh-{host,user}-config]  Add ECDSA key
      generation and simplify.  Patch from Corinna Vinschen.

Revision 1.200 / (download) - annotate - [select for diffs], Sun May 15 04:17:15 2011 UTC (12 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.199: +3 -3 lines
Diff to previous 1.199 (colored) to selected 1.215 (colored)

Update openssh package to 5.8.2 (5.8p2).

20110403
 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
   [contrib/suse/openssh.spec] Prepare for 5.8p2 release.
 - (djm) [version.h] crank version
 - Release 5.8p2

20110329
 - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
   noticed by tmraz AT redhat.com

20110221
 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
   Cygwin-specific service installer script ssh-host-config.  The actual
   functionality is the same, the revisited version is just more
   exact when it comes to check for problems which disallow to run
   certain aspects of the script.  So, part of this script and the also
   rearranged service helper script library "csih" is to check if all
   the tools required to run the script are available on the system.
   The new script also is more thorough to inform the user why the
   script failed.  Patch from vinschen at redhat com.

20110206
 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
   selinux code.  Patch from Leonardo Chiquitto
 - (dtucker) [contrib/cygwin/ssh-{host,user}-config]  Add ECDSA key
   generation and simplify.  Patch from Corinna Vinschen.

Revision 1.199 / (download) - annotate - [select for diffs], Wed Feb 16 17:45:08 2011 UTC (13 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.198: +3 -3 lines
Diff to previous 1.198 (colored) to selected 1.215 (colored)

Update openssh package to 5.8.1 (5.8p1).

For changes from 5.5 to 5.7, please refer http://openssh.com/txt/release-5.7
and http://openssh.com/txt/release-5.6 in detail.

Changes since OpenSSH 5.7
=========================

Security:

 * Fix vulnerability in legacy certificate signing introduced in
   OpenSSH-5.6 and found by Mateusz Kocielski.

   Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
   the stack in place of a random nonce field. The contents of the stack
   do not appear to contain private data at this point, but this cannot
   be stated with certainty for all platform, library and compiler
   combinations. In particular, there exists a risk that some bytes from
   the privileged CA key may be accidentally included.

   A full advisory for this issue is available at:
   http://www.openssh.com/txt/legacy-cert.adv

Portable OpenSSH Bugfixes:

 * Fix compilation failure when enableing SELinux support.

 * Do not attempt to call SELinux functions when SELinux is disabled.
   bz#1851

Revision 1.198 / (download) - annotate - [select for diffs], Sun Feb 6 11:31:18 2011 UTC (13 years, 1 month ago) by obache
Branch: MAIN
Changes since 1.197: +8 -2 lines
Diff to previous 1.197 (colored) to selected 1.215 (colored)

Fixes build on SUA.
* header file location of libbind is differ than SFU.
* treat all Interxi as same, not only interix3.

Revision 1.197 / (download) - annotate - [select for diffs], Fri Jun 11 20:41:41 2010 UTC (13 years, 9 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.196: +3 -4 lines
Diff to previous 1.196 (colored) to selected 1.215 (colored)

Updated security/openssh to 5.5.1

Lots of changes, including

 * After a transition period of about 10 years, this release disables
   SSH protocol 1 by default. Clients and servers that need to use the
   legacy protocol must explicitly enable it in ssh_config / sshd_config
   or on the command-line.

 * Remove the libsectok/OpenSC-based smartcard code and add support for
   PKCS#11 tokens. This support is automatically enabled on all
   platforms that support dlopen(3) and was inspired by patches written
   by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.

 * Add support for certificate authentication of users and hosts using a
   new, minimal OpenSSH certificate format (not X.509). Certificates
   contain a public key, identity information and some validity
   constraints and are signed with a standard SSH public key using
   ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
   or via a TrustedUserCAKeys option in sshd_config(5) (for user
   authentication), or in known_hosts (for host authentication).

   Documentation for certificate support may be found in ssh-keygen(1),
   sshd(8) and ssh(1) and a description of the protocol extensions in
   PROTOCOL.certkeys.

 * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
   stdio on the client to a single port forward on the server. This
   allows, for example, using ssh as a ProxyCommand to route connections
   via intermediate servers. bz#1618

Revision 1.196 / (download) - annotate - [select for diffs], Sat Apr 17 10:42:55 2010 UTC (13 years, 11 months ago) by zafer
Branch: MAIN
Changes since 1.195: +2 -3 lines
Diff to previous 1.195 (colored) to selected 1.215 (colored)

remove pacnet mirror. service down.

Revision 1.195 / (download) - annotate - [select for diffs], Thu Feb 18 08:04:35 2010 UTC (14 years, 1 month ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.194: +4 -5 lines
Diff to previous 1.194 (colored) to selected 1.215 (colored)

Updated OpenSSH to 5.3.1 (pkg/42635 by Fredrik Pettai)

This is a bugfix release, no new features have been added.

Changes since OpenSSH 5.2
=========================

General Bugfixes:

 * Do not limit home directory paths to 256 characters. bz#1615

 * Several minor documentation and correctness fixes.

Portable OpenSSH Bugfixes:

 * This release removes for support for very old versions of Cygwin and
   for Windows 95/98/ME

 * Move the deletion of PAM credentials on logout to after the session
   close. bz#1534

 * Make PrintLastLog work on AIX. bz#1595

 * Avoid compile errors on FreeBSD from conflicts in glob.h. bz#1634

 * Delay dropping of root privileges on AIX so chroot and pam_open_session
   work correctly. bz#1249 and bz#1567

 * Increase client IO buffer on Cygwin to 64K, realising a significant
   performance improvement.

 * Roll back bz#1241 (better handling for expired passwords on Tru64).
   The change broke password logins on some configurations.

 * Accept ENOSYS as a fallback error when attempting atomic
   rename(). bz#1535

 * Fix passing of variables to recursive make(1) invocations on Solaris.
   bz#1505

 * Skip the tcgetattr call on the pty master on Solaris, since it never
   succeeds and can hang if large amounts of data is sent to the slave
   (eg a copy-paste). bz#1528

 * Fix detection of krb5-config. bz#1639

 * Fix test for server-assigned remote forwarding port for non-root users.
   bz#1578

 * Fix detection of libresolv on OSX 10.6.

Revision 1.194 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:42 2010 UTC (14 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.193: +2 -1 lines
Diff to previous 1.193 (colored) to selected 1.215 (colored)

Recursive PKGREVISION bump for jpeg update to 8.

Revision 1.193 / (download) - annotate - [select for diffs], Sun Sep 6 22:36:33 2009 UTC (14 years, 6 months ago) by zafer
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.192: +1 -2 lines
Diff to previous 1.192 (colored) to selected 1.215 (colored)

update master_sites. remove openbsd.uni-erlangen. out of service since 8/18/09

Revision 1.192 / (download) - annotate - [select for diffs], Thu May 21 03:22:29 2009 UTC (14 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2
Changes since 1.191: +4 -4 lines
Diff to previous 1.191 (colored) to selected 1.215 (colored)

Update openssh package to 5.2.1(5.2p1).

Changes since OpenSSH 5.1
=========================

Security:

 * This release changes the default cipher order to prefer the AES CTR
   modes and the revised "arcfour256" mode to CBC mode ciphers that are
   susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".

 * This release also adds countermeasures to mitigate CPNI-957037-style
   attacks against the SSH protocol's use of CBC-mode ciphers. Upon
   detection of an invalid packet length or Message Authentication
   Code, ssh/sshd will continue reading up to the maximum supported
   packet length rather than immediately terminating the connection.
   This eliminates most of the known differences in behaviour that
   leaked information about the plaintext of injected data which formed
   the basis of this attack. We believe that these attacks are rendered
   infeasible by these changes.

New features:

 * Added a -y option to ssh(1) to force logging to syslog rather than
   stderr, which is useful when running daemonised (ssh -f)

 * The sshd_config(5) ForceCommand directive now accepts commandline
   arguments for the internal-sftp server.

 * The ssh(1) ~C escape commandline now support runtime creation of
   dynamic (-D) port forwards.

 * Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
   (bz#1482)

 * Support remote port forwarding with a listen port of '0'. This
   informs the server that it should dynamically allocate a listen
   port and report it back to the client. (bz#1003)

 * sshd(8) now supports setting PermitEmptyPasswords and
   AllowAgentForwarding in Match blocks

Bug and documentation fixes

 * Repair a ssh(1) crash introduced in openssh-5.1 when the client is
   sent a zero-length banner (bz#1496)

 * Due to interoperability problems with certain
   broken SSH implementations, the eow@openssh.com and
   no-more-sessions@openssh.com protocol extensions are now only sent
   to peers that identify themselves as OpenSSH.

 * Make ssh(1) send the correct channel number for
   SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
   avoid triggering 'Non-public channel' error messages on sshd(8) in
   openssh-5.1.

 * Avoid printing 'Non-public channel' warnings in sshd(8), since the
   ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
   a behaviour introduced in openssh-5.1).

 * Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)

 * Correct fail-on-error behaviour in sftp(1) batchmode for remote
   stat operations. (bz#1541)

 * Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
   connections. (bz#1543)

 * Avoid hang in ssh(1) when attempting to connect to a server that
   has MaxSessions=0 set.

 * Multiple fixes to sshd(8) configuration test (-T) mode

 * Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
   1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540

 * Many manual page improvements.

Revision 1.191 / (download) - annotate - [select for diffs], Fri May 1 14:27:34 2009 UTC (14 years, 11 months ago) by zafer
Branch: MAIN
Changes since 1.190: +7 -4 lines
Diff to previous 1.190 (colored) to selected 1.215 (colored)

update mirrors and add a few more from the mirror list.

Revision 1.190 / (download) - annotate - [select for diffs], Tue Sep 16 12:53:08 2008 UTC (15 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3
Changes since 1.189: +4 -5 lines
Diff to previous 1.189 (colored) to selected 1.215 (colored)

Update openssh package to 5.1.1 (5.1p1)

Changes from OpenSSH 5.0 is huge to write here, please refer its
release note: http://www.openssh.com/txt/release-5.1.
I quote only Security section from the release note.

Security:

 * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
   other platforms) when X11UseLocalhost=no

   When attempting to bind(2) to a port that has previously been bound
   with SO_REUSEADDR set, most operating systems check that either the
   effective user-id matches the previous bind (common on BSD-derived
   systems) or that the bind addresses do not overlap (Linux and
   Solaris).

   Some operating systems, such as HP/UX, do not perform these checks
   and are vulnerable to an X11 man-in-the-middle attack when the
   sshd_config(5) option X11UseLocalhost has been set to "no" - an
   attacker may establish a more-specific bind, which will be used in
   preference to sshd's wildcard listener.

   Modern BSD operating systems, Linux, OS X and Solaris implement the
   above checks and are not vulnerable to this attack, nor are systems
   where the X11UseLocalhost has been left at the default value of
   "yes".

   Portable OpenSSH 5.1 avoids this problem for all operating systems
   by not setting SO_REUSEADDR when X11UseLocalhost is set to no.

   This vulnerability was reported by sway2004009 AT hotmail.com.

Revision 1.188.4.1 / (download) - annotate - [select for diffs], Fri Jul 25 09:21:40 2008 UTC (15 years, 8 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.188: +2 -1 lines
Diff to previous 1.188 (colored) next main 1.189 (colored) to selected 1.215 (colored)

pullup ticket #2459 requested by tnn
openssh: patch for X11 forwarding issue on HP-UX

revisions pulled up:
pkgsrc/security/openssh/Makefile		1.189
pkgsrc/security/openssh/distinfo		1.70
pkgsrc/security/openssh/patches/patch-at	1.7

   Module Name:	pkgsrc
   Committed By:	tnn
   Date:		Thu Jul 24 16:25:47 UTC 2008

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   Added Files:
   	pkgsrc/security/openssh/patches: patch-at

   Log Message:
   Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on
   HP-UX. Bump PKGREVISION.

Revision 1.189 / (download) - annotate - [select for diffs], Thu Jul 24 16:25:47 2008 UTC (15 years, 8 months ago) by tnn
Branch: MAIN
CVS Tags: cube-native-xorg-base, cube-native-xorg
Changes since 1.188: +2 -1 lines
Diff to previous 1.188 (colored) to selected 1.215 (colored)

Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on HP-UX.
Bump PKGREVISION.

Revision 1.188 / (download) - annotate - [select for diffs], Sun Apr 27 00:34:27 2008 UTC (15 years, 11 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base, cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.187: +10 -8 lines
Diff to previous 1.187 (colored) to selected 1.215 (colored)

Update to OpenSSH 5.0p1.
Changes since 4.7:
- fix two security issues
- chroot support for sshd(8)
- sftp server internalized in sshd(8)
- assorted bug fixes

Revision 1.187 / (download) - annotate - [select for diffs], Thu Apr 3 07:59:08 2008 UTC (15 years, 11 months ago) by tonnerre
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1
Changes since 1.186: +2 -2 lines
Diff to previous 1.186 (colored) to selected 1.215 (colored)

Fix two vulnerabilities in OpenSSH:
 - X11 forwarding information disclosure (CVE-2008-1483)
 - ForceCommand bypass vulnerability

Revision 1.186 / (download) - annotate - [select for diffs], Fri Jan 18 05:09:39 2008 UTC (16 years, 2 months ago) by tnn
Branch: MAIN
Changes since 1.185: +2 -2 lines
Diff to previous 1.185 (colored) to selected 1.215 (colored)

Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@

Revision 1.185 / (download) - annotate - [select for diffs], Mon Nov 12 00:06:06 2007 UTC (16 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4
Changes since 1.184: +1 -2 lines
Diff to previous 1.184 (colored) to selected 1.215 (colored)

Remove ftp7.usa.openbsd.org from MASTER_SITES, doesn't resolve.
From Zafer Aydogan in PR 37331.

Revision 1.184 / (download) - annotate - [select for diffs], Wed Sep 19 13:42:01 2007 UTC (16 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base, pkgsrc-2007Q3
Changes since 1.183: +3 -1 lines
Diff to previous 1.183 (colored) to selected 1.215 (colored)

Use DIST_SUBDIR for changed distfiles noted by wiz@ with private mail.

Bump PKGREVISION.

Revision 1.183 / (download) - annotate - [select for diffs], Fri Sep 7 22:12:21 2007 UTC (16 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.182: +2 -2 lines
Diff to previous 1.182 (colored) to selected 1.215 (colored)

Convert packages that test and use USE_INET6 to use the options framework
and to support the "inet6" option instead.

Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files.  Replace:

	BUILD_DEFS+=	USE_INET6
with
	BUILD_DEFS+=	IPV6_READY

and teach the README-generation tools to look for that instead.

This nukes USE_INET6 from pkgsrc proper.  We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.

Revision 1.182 / (download) - annotate - [select for diffs], Fri Sep 7 10:41:11 2007 UTC (16 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.181: +3 -4 lines
Diff to previous 1.181 (colored) to selected 1.215 (colored)

Update openssh package to 4.7.1 (4.7p1).


Changes since OpenSSH 4.6:
============================

Security bugs resolved in this release:

 * Prevent ssh(1) from using a trusted X11 cookie if creation of an
   untrusted cookie fails; found and fixed by Jan Pechanec.

Other changes, new functionality and fixes in this release:

 * sshd(8) in new installations defaults to SSH Protocol 2 only.
   Existing installations are unchanged.

 * The SSH channel window size has been increased, and both ssh(1)
   sshd(8) now send window updates more aggressively. These improves
   performance on high-BDP (Bandwidth Delay Product) networks.

 * ssh(1) and sshd(8) now preserve MAC contexts between packets, which
   saves 2 hash calls per packet and results in 12-16% speedup for
   arcfour256/hmac-md5.

 * A new MAC algorithm has been added, UMAC-64 (RFC4418) as
   "umac-64@openssh.com". UMAC-64 has been measured to be
   approximately 20% faster than HMAC-MD5.

 * A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes

 * Failure to establish a ssh(1) TunnelForward is now treated as a
   fatal error when the ExitOnForwardFailure option is set.

 * ssh(1) returns a sensible exit status if the control master goes
   away without passing the full exit status. (bz #1261)

 * The following bugs have been fixed in this release:

   - When using a ProxyCommand in ssh(1), set the outgoing hostname with
     gethostname(2), allowing hostbased authentication to work (bz #616)
   - Make scp(1) skip FIFOs rather than hanging (bz #856)
   - Encode non-printing characters in scp(1) filenames.
     these could cause copies to be aborted with a "protocol error"
     (bz #891)
   - Handle SIGINT in sshd(8) privilege separation child process to
     ensure that wtmp and lastlog records are correctly updated
     (bz #1196)
   - Report GSSAPI mechanism in errors, for libraries that support
     multiple mechanisms (bz #1220)
   - Improve documentation for ssh-add(1)'s -d option (bz #1224)
   - Rearrange and tidy GSSAPI code, removing server-only code being
     linked into the client. (bz #1225)
   - Delay execution of ssh(1)'s LocalCommand until after all forwadings
     have been established. (bz #1232)
   - In scp(1), do not truncate non-regular files (bz #1236)
   - Improve exit message from ControlMaster clients. (bz #1262)
   - Prevent sftp-server(8) from reading until it runs out of buffer
     space, whereupon it would exit with a fatal error. (bz #1286)

 * Portable OpenSSH bugs fixed:

   - Fix multiple inclusion of paths.h on AIX 5.1 systems. (bz #1243)
   - Implement getpeereid for Solaris using getpeerucred. Solaris
     systems will now refuse ssh-agent(1) and ssh(1) ControlMaster
     clients from different, non-root users (bz #1287)
   - Fix compilation warnings by including string.h if found. (bz #1294)
   - Remove redefinition of _res in getrrsetbyname.c for platforms that
     already define it. (bz #1299)
   - Fix spurious "chan_read_failed for istate 3" errors from sshd(8),
     a side-effect of the "hang on exit" fix introduced in 4.6p1.
     (bz #1306)
   - pam_end() was not being called if authentication failed (bz #1322)
   - Fix SELinux support when SELinux is in permissive mode. Previously
     sshd(8) was treating SELinux errors as always fatal. (bz #1325)
   - Ensure that pam_setcred(..., PAM_ESTABLISH_CRED) is called before
     pam_setcred(..., PAM_REINITIALIZE_CRED), fixing pam_dhkeys.
     (bz #1339)
   - Fix privilege separation on QNX - pre-auth only, this platform does
     not support file descriptior passing needed for post-auth privilege
     separation. (bz #1343)

Revision 1.181 / (download) - annotate - [select for diffs], Tue Jul 31 02:29:38 2007 UTC (16 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.180: +2 -1 lines
Diff to previous 1.180 (colored) to selected 1.215 (colored)

Add a patch from https://bugzilla.mindrot.org/show_bug.cgi?id=1306.
Fix nasty "error: channel 0: chan_read_failed for istate 3" message.

Bump PKGREVISION.

Revision 1.180 / (download) - annotate - [select for diffs], Wed Jul 4 20:54:58 2007 UTC (16 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.179: +4 -2 lines
Diff to previous 1.179 (colored) to selected 1.215 (colored)

Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.

Revision 1.179 / (download) - annotate - [select for diffs], Sun Mar 18 12:38:44 2007 UTC (17 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.178: +3 -4 lines
Diff to previous 1.178 (colored) to selected 1.215 (colored)

Update openssh pacakge to 4.6.1.


Changes since OpenSSH 4.5:
============================

 * sshd now allows the enabling and disabling of authentication
   methods on a per user, group, host and network basis via the
   Match directive in sshd_config.

 * The following bugs have been fixed in this release:

   - Clear SIGALRM when restarting due to SIGHUP. Prevents stray
     signal from taking down sshd if a connection was pending at
     the time SIGHUP was received
   - sftp returned a zero exit status when upload failed due to write
     errors (bugzilla #1252)
   - fixed an inconsistent check for a terminal when displaying scp
     progress meter (bugzilla #1265)
   - Parsing of time values in Match blocks was incorrectly applied
     to the global configuration (bugzilla #1275)
   - Allow multiple forwarding options to work when specified in a
     PermitOpen directive (bugzilla #1267)
   - Interoperate with ssh.com versions that do not support binding
     remote port forwarding sessions to a hostname (bugzilla #1019)

 * Portable OpenSSH bugs fixed:

   - "hang on exit" when background processes are running at the time
     of exit on a ttyful/login session (bugzilla #52)
   - Fix typos in the ssh-rand-helper(8) man page (bugzilla #1259)
   - Check that some SIG records have been returned in getrrsetbyname
     (bugzilla #1281)
   - Fix contrib/findssl for platforms that lack "which" (bugzilla
     #1237)
   - Work around bug in OpenSSL 0.9.8e that broke aes256-ctr,
     aes192-ctr, arcfour256 (bugzilla #1291)

Revision 1.178 / (download) - annotate - [select for diffs], Fri Mar 16 05:46:06 2007 UTC (17 years ago) by cjs
Branch: MAIN
Changes since 1.177: +2 -2 lines
Diff to previous 1.177 (colored) to selected 1.215 (colored)

Bring in patch suggested in http://bugzilla.mindrot.org/show_bug.cgi?id=1299 .
This fixes the issue that, when "options edns0" is turned on (usually in
/etc/resolv.conf), ssh doesn't see it, and thus fails to request a DNSSEC
response, which in turn leads to SSHFP records being considered insecure.

Revision 1.177 / (download) - annotate - [select for diffs], Thu Feb 22 19:27:08 2007 UTC (17 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.176: +2 -2 lines
Diff to previous 1.176 (colored) to selected 1.215 (colored)

Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.

Revision 1.176 / (download) - annotate - [select for diffs], Sat Jan 20 10:03:39 2007 UTC (17 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.175: +2 -1 lines
Diff to previous 1.175 (colored) to selected 1.215 (colored)

Update hpn-patch; openssh-4.4p1-hpn12v13 to openssh-4.5p1-hpn12v14.
Accurate changes are unknown.

Bump PKGREVISION.

Revision 1.175 / (download) - annotate - [select for diffs], Tue Nov 21 17:47:53 2006 UTC (17 years, 4 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4
Changes since 1.174: +2 -1 lines
Diff to previous 1.174 (colored) to selected 1.215 (colored)

Add explicit IOV_MAX for Interix -- openssh tries to use _XOPEN_IOV_MAX
in an autoarray, but on Interix that is the same as INT_MAX[!].

Revision 1.171.2.1 / (download) - annotate - [select for diffs], Fri Nov 10 11:50:25 2006 UTC (17 years, 4 months ago) by salo
Branch: pkgsrc-2006Q3
Changes since 1.171: +14 -6 lines
Diff to previous 1.171 (colored) next main 1.172 (colored) to selected 1.215 (colored)

Pullup ticket 1909 - requested by taca
security update for openssh

Revisions pulled up:
- pkgsrc/security/openssh/Makefile		1.172, 1.173, 1.174
- pkgsrc/security/openssh/distinfo		1.55, 1.56, 1.57
- pkgsrc/security/openssh/hacks.mk		1.2
- pkgsrc/security/openssh/options.mk		1.9, 1.10
- pkgsrc/security/openssh/patches/patch-aa	1.42, 1.43
- pkgsrc/security/openssh/patches/patch-ab	1.24, 1.25
- pkgsrc/security/openssh/patches/patch-ac	1.16
- pkgsrc/security/openssh/patches/patch-ad	1.12
- pkgsrc/security/openssh/patches/patch-ae	1.12
- pkgsrc/security/openssh/patches/patch-af	1.10
- pkgsrc/security/openssh/patches/patch-ag	1.9
- pkgsrc/security/openssh/patches/patch-ah	1.24
- pkgsrc/security/openssh/patches/patch-ai	1.10
- pkgsrc/security/openssh/patches/patch-aj	1.7
- pkgsrc/security/openssh/patches/patch-ak	1.8
- pkgsrc/security/openssh/patches/patch-al	1.7
- pkgsrc/security/openssh/patches/patch-am	1.7
- pkgsrc/security/openssh/patches/patch-an	1.8
- pkgsrc/security/openssh/patches/patch-ao	1.9
- pkgsrc/security/openssh/patches/patch-ap	1.8
- pkgsrc/security/openssh/patches/patch-aq	1.6
- pkgsrc/security/openssh/patches/patch-ar	1.7
- pkgsrc/security/openssh/patches/patch-as	1.5
- pkgsrc/security/openssh/patches/patch-at	removed
- pkgsrc/security/openssh/patches/patch-au	1.3
- pkgsrc/security/openssh/patches/patch-av	1.5
- pkgsrc/security/openssh/patches/patch-aw	1.2
- pkgsrc/security/openssh/patches/patch-ax	removed
- pkgsrc/security/openssh/patches/patch-ay	removed
- pkgsrc/security/openssh/patches/patch-az	removed

   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Tue Oct 31 03:31:20 UTC 2006

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo hacks.mk options.mk
   	pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ac patch-ad
   	    patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak
   	    patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar
   	    patch-as patch-au patch-av patch-aw
   Removed Files:
   	pkgsrc/security/openssh/patches: patch-at patch-ax patch-ay patch-az

   Log Message:
   Update openssh package to 4.4.1 (openssh-4.4p1).

   - A few pkglint warning clean up.
   - Major changes are here.  For complete changes,
     see http://www.openssh.com/txt/release-4.4.

   Changes since OpenSSH 4.3:
   ============================

   Security bugs resolved in this release:

    * Fix a pre-authentication denial of service found by Tavis Ormandy,
      that would cause sshd(8) to spin until the login grace time
      expired.

    * Fix an unsafe signal hander reported by Mark Dowd. The signal
      handler was vulnerable to a race condition that could be exploited
      to perform a pre-authentication denial of service. On portable
      OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication
      is enabled, but the likelihood of successful exploitation appears
      remote.

    * On portable OpenSSH, fix a GSSAPI authentication abort that could
      be used to determine the validity of usernames on some platforms.

   This release includes the following new functionality and fixes:

    * Implemented conditional configuration in sshd_config(5) using the
      "Match" directive. This allows some configuration options to be
      selectively overridden if specific criteria (based on user, group,
      hostname and/or address) are met. So far a useful subset of post-
      authentication options are supported and more are expected to be
      added in future releases.

    * Add support for Diffie-Hellman group exchange key agreement with a
      final hash of SHA256.

    * Added a "ForceCommand" directive to sshd_config(5). Similar to the
      command="..." option accepted in ~/.ssh/authorized_keys, this forces
      the execution of the specified command regardless of what the user
      requested. This is very useful in conjunction with the new "Match"
      option.

    * Add a "PermitOpen" directive to sshd_config(5). This mirrors the
      permitopen="..." authorized_keys option, allowing fine-grained
      control over the port-forwardings that a user is allowed to
      establish.

    * Add optional logging of transactions to sftp-server(8).

    * ssh(1) will now record port numbers for hosts stored in
      ~/.ssh/authorized_keys when a non-standard port has been requested.

    * Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
      a non-zero exit code) when requested port forwardings could not be
      established.

    * Extend sshd_config(5) "SubSystem" declarations to allow the
      specification of command-line arguments.

    * Replacement of all integer overflow susceptible invocations of
      malloc(3) and realloc(3) with overflow-checking equivalents.

    * Many manpage fixes and improvements

    * New portable OpenSSH-specific features:

      - Add optional support for SELinux, controlled using the
        --with-selinux configure option (experimental)

      - Add optional support for Solaris process contracts, enabled
        using the --with-solaris-contracts configure option (experimental)
        This option will also include SMF metadata in Solaris packages
        built using the "make package" target

      - Add optional support for OpenSSL hardware accelerators (engines),
        enabled using the --with-ssl-engine configure option.
---
   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Tue Nov  7 07:08:26 UTC 2006

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo options.mk

   Log Message:
   Update hpn-patch to hpn12v13 since old one has gone.

   Bump PKGREVISION.
---
   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Wed Nov  8 01:49:22 UTC 2006

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   	pkgsrc/security/openssh/patches: patch-aa patch-ab

   Log Message:
   Update openssh package to 4.5.1 (openssh-4.5p1).

   Changes:

   Security bugs resolved in this release:

    * Fix a bug in the sshd privilege separation monitor that weakened its
      verification of successful authentication. This bug is not known to
      be exploitable in the absence of additional vulnerabilities.

   This release includes the following non-security fixes:

    * Several compilation fixes for portable OpenSSH

    * Fixes to Solaris SMF/process contract support (bugzilla #1255)

Revision 1.174 / (download) - annotate - [select for diffs], Wed Nov 8 01:49:22 2006 UTC (17 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.173: +3 -4 lines
Diff to previous 1.173 (colored) to selected 1.215 (colored)

Update openssh package to 4.5.1 (openssh-4.5p1).

Changes:

Security bugs resolved in this release:

 * Fix a bug in the sshd privilege separation monitor that weakened its
   verification of successful authentication. This bug is not known to
   be exploitable in the absence of additional vulnerabilities.

This release includes the following non-security fixes:

 * Several compilation fixes for portable OpenSSH

 * Fixes to Solaris SMF/process contract support (bugzilla #1255)

Revision 1.173 / (download) - annotate - [select for diffs], Tue Nov 7 07:08:26 2006 UTC (17 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.172: +2 -2 lines
Diff to previous 1.172 (colored) to selected 1.215 (colored)

Update hpn-patch to hpn12v13 since old one has gone.

Bump PKGREVISION.

Revision 1.172 / (download) - annotate - [select for diffs], Tue Oct 31 03:31:19 2006 UTC (17 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.171: +14 -5 lines
Diff to previous 1.171 (colored) to selected 1.215 (colored)

Update openssh package to 4.4.1 (openssh-4.4p1).

- A few pkglint warning clean up.
- Major changes are here.  For complete changes,
  see http://www.openssh.com/txt/release-4.4.

Changes since OpenSSH 4.3:
============================

Security bugs resolved in this release:

 * Fix a pre-authentication denial of service found by Tavis Ormandy,
   that would cause sshd(8) to spin until the login grace time
   expired.

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
   pre-authentication remote code execution if GSSAPI authentication
   is enabled, but the likelihood of successful exploitation appears
   remote.

 * On portable OpenSSH, fix a GSSAPI authentication abort that could
   be used to determine the validity of usernames on some platforms.

This release includes the following new functionality and fixes:

 * Implemented conditional configuration in sshd_config(5) using the
   "Match" directive. This allows some configuration options to be
   selectively overridden if specific criteria (based on user, group,
   hostname and/or address) are met. So far a useful subset of post-
   authentication options are supported and more are expected to be
   added in future releases.

 * Add support for Diffie-Hellman group exchange key agreement with a
   final hash of SHA256.

 * Added a "ForceCommand" directive to sshd_config(5). Similar to the
   command="..." option accepted in ~/.ssh/authorized_keys, this forces
   the execution of the specified command regardless of what the user
   requested. This is very useful in conjunction with the new "Match"
   option.

 * Add a "PermitOpen" directive to sshd_config(5). This mirrors the
   permitopen="..." authorized_keys option, allowing fine-grained
   control over the port-forwardings that a user is allowed to
   establish.

 * Add optional logging of transactions to sftp-server(8).

 * ssh(1) will now record port numbers for hosts stored in
   ~/.ssh/authorized_keys when a non-standard port has been requested.

 * Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
   a non-zero exit code) when requested port forwardings could not be
   established.

 * Extend sshd_config(5) "SubSystem" declarations to allow the
   specification of command-line arguments.

 * Replacement of all integer overflow susceptible invocations of
   malloc(3) and realloc(3) with overflow-checking equivalents.

 * Many manpage fixes and improvements

 * New portable OpenSSH-specific features:

   - Add optional support for SELinux, controlled using the
     --with-selinux configure option (experimental)

   - Add optional support for Solaris process contracts, enabled
     using the --with-solaris-contracts configure option (experimental)
     This option will also include SMF metadata in Solaris packages
     built using the "make package" target

   - Add optional support for OpenSSL hardware accelerators (engines),
     enabled using the --with-ssl-engine configure option.

Revision 1.171 / (download) - annotate - [select for diffs], Thu Sep 28 10:10:52 2006 UTC (17 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base
Branch point for: pkgsrc-2006Q3
Changes since 1.170: +4 -4 lines
Diff to previous 1.170 (colored) to selected 1.215 (colored)

Update to openssh-4.3.2 (OpenSSH 4.3p2).  I missed existence of PR/32858
at previous commit.

Note: OpenSSH 4.4p1 has already released, there is no hpn-patch patch yet,
so I don't update to it while pkgsrc-freeze is in effect.


20060211
 - (dtucker) [README] Bump release notes URL.
 - (djm) Release 4.3p2

20060208
 - (tim) [session.c] Logout records were not updated on systems with
   post auth privsep disabled due to bug 1086 changes. Analysis and patch
   by vinschen at redhat.com. OK tim@, dtucker@.
 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
   -> NEED_SETPGRP), reported by Berhard Simon.  ok tim@

20060206
 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
   netinet/in_systm.h. OK dtucker@.

20060205
 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
   for Solaris. OK dtucker@.
 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
   kraai at ftbfs.org.

20060203
 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
   AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
   by a platform specific check, builtin standard includes tests will be
   skipped on the other platforms.
   Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
   OK tim@, djm@.

20060202
 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
   works with picky compilers.  Patch from alex.kiernan at thus.net.

Revision 1.170 / (download) - annotate - [select for diffs], Wed Sep 27 16:10:59 2006 UTC (17 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.169: +2 -1 lines
Diff to previous 1.169 (colored) to selected 1.215 (colored)

Add patches to fix the problem reported by Secunia Advisory SA22091 (also
CVS-2006-4924); "OpenSSH Identical Blocks Denial of Service Vulnerability"
referring to OpenBSD's CVS repository.

Bump PKGREVISION.

Revision 1.169 / (download) - annotate - [select for diffs], Sun Jun 4 14:56:37 2006 UTC (17 years, 9 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base, pkgsrc-2006Q2
Changes since 1.168: +1 -3 lines
Diff to previous 1.168 (colored) to selected 1.215 (colored)

Remove OPENSSH_GID and OPENSSH_UID, it happened to work before,
since those are the values in NetBSD. In reality, they haven't been
used for ages though.

Revision 1.168 / (download) - annotate - [select for diffs], Tue May 9 17:58:33 2006 UTC (17 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.167: +2 -2 lines
Diff to previous 1.167 (colored) to selected 1.215 (colored)

PKG_GROUPS should now only contain the group name because group IDs are
specified with PKG_GID.<group>.

Revision 1.167 / (download) - annotate - [select for diffs], Sun Apr 23 00:12:41 2006 UTC (17 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.166: +7 -2 lines
Diff to previous 1.166 (colored) to selected 1.215 (colored)

Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.

Revision 1.166 / (download) - annotate - [select for diffs], Tue Mar 14 01:14:33 2006 UTC (18 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base, pkgsrc-2006Q1
Changes since 1.165: +1 -3 lines
Diff to previous 1.165 (colored) to selected 1.215 (colored)

Modify the pkginstall framework so that it manages all aspects of
INSTALL/DEINSTALL script creation within pkgsrc.

If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts.  If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:

	INSTALL_SRC=	${PKGDIR}/INSTALL
	DEINSTALL_SRC=	# emtpy

As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts.  By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).

In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework.  The only public variables relating to the templates are:

	INSTALL_SRC		INSTALL_TEMPLATE
	DEINSTALL_SRC		DEINSTALL_TEMPLATE
				HEADER_TEMPLATE

The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.

Revision 1.165 / (download) - annotate - [select for diffs], Sat Mar 4 21:30:35 2006 UTC (18 years ago) by jlam
Branch: MAIN
Changes since 1.164: +2 -2 lines
Diff to previous 1.164 (colored) to selected 1.215 (colored)

Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no
developer is officially maintaining the package.

The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list).  Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.

Revision 1.162.2.1 / (download) - annotate - [select for diffs], Sun Feb 12 01:53:43 2006 UTC (18 years, 1 month ago) by seb
Branch: pkgsrc-2005Q4
Changes since 1.162: +3 -3 lines
Diff to previous 1.162 (colored) next main 1.163 (colored) to selected 1.215 (colored)

Pullup ticket 1118 - requested by Lubomir Sedlacik
update security/openssh including security fix

Revisions pulled up:
- pkgsrc/security/openssh/Makefile                            1.164
- pkgsrc/security/openssh/distinfo                            1.51
- pkgsrc/security/openssh/options.mk                          1.8
- pkgsrc/security/openssh/patches/patch-aa                    1.41
- pkgsrc/security/openssh/patches/patch-ab                    1.23
- pkgsrc/security/openssh/patches/patch-ac                    1.15
- pkgsrc/security/openssh/patches/patch-ae                    1.11
- pkgsrc/security/openssh/patches/patch-ag                    1.8
- pkgsrc/security/openssh/patches/patch-ao                    1.8
- pkgsrc/security/openssh/patches/patch-am                    1.6
- pkgsrc/security/openssh/patches/patch-an                    1.7
- pkgsrc/security/openssh/patches/patch-ap                    1.7
- pkgsrc/security/openssh/patches/patch-at                    1.3
- pkgsrc/security/openssh/patches/patch-av                    1.4

   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Sun Feb 12 00:13:55 UTC 2006

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo options.mk
   	pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ac patch-ae
   	    patch-ag patch-am patch-an patch-ao patch-ap patch-at patch-av

   Log Message:
   Update to version 3.4p1

   From Jason White via PR pkg/32780

   Changes:

   Security bugs resolved in this release:

    * CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
      subshell to perform local to local, and remote to remote copy
      operations. This subshell exposed filenames to shell expansion
      twice; allowing a local attacker to create filenames containing
      shell metacharacters that, if matched by a wildcard, could lead
      to execution of attacker-specified commands with the privilege of
      the user running scp (Bugzilla #1094)

   This is primarily a bug-fix release, only one new feature has been
   added:

    * Add support for tunneling arbitrary network packets over a
      connection between an OpenSSH client and server via tun(4) virtual
      network interfaces. This allows the use of OpenSSH (4.3+) to create
      a true VPN between the client and server providing real network
      connectivity at layer 2 or 3. This feature is experimental and is
      currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
      FreeBSD. Other operating systems with tun/tap interface capability
      may be added in future portable OpenSSH releases. Please refer to
      the README.tun file in the source distribution for further details
      and usage examples.

   Some of the other bugs resolved and internal improvements are:

    * Reduce default key length for new DSA keys generated by ssh-keygen
      back to 1024 bits. DSA is not specified for longer lengths and does
      not fully benefit from simply making keys longer. As per FIPS 186-2
      Change Notice 1, ssh-keygen will refuse to generate a new DSA key
      smaller or larger than 1024 bits

    * Fixed X forwarding failing to start when a the X11 client is executed
      in background at the time of session exit (Bugzilla #1086)

    * Change ssh-keygen to generate a protocol 2 RSA key when invoked
      without arguments (Bugzilla #1064)

    * Fix timing variance for valid vs. invalid accounts when attempting
      Kerberos authentication (Bugzilla #975)

    * Ensure that ssh always returns code 255 on internal error (Bugzilla
      #1137)

    * Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029)

    * Set SO_REUSEADDR on X11 listeners to avoid problems caused by
      lingering sockets from previous session (X11 applications can
      sometimes not connect to 127.0.0.1:60xx) (Bugzilla #1076)

    * Ensure that fds 0, 1 and 2 are always attached in all programs, by
      duping /dev/null to them if necessary.

    * Xauth list invocation had bogus "." argument (Bugzilla #1082)

    * Remove internal assumptions on key exchange hash algorithm and output
      length, preparing OpenSSH for KEX methods with alternate hashes.

    * Ignore junk sent by a server before it sends the "SSH-" banner
      (Bugzilla #1067)

    * The manpages has been significantly improves and rearranged, in
      addition to other specific manpage fixes:
      #1037 - Man page entries for -L and -R should mention -g.
      #1077 - Descriptions for "ssh -D" and DynamicForward should mention
              they can specify "bind_address" optionally.
      #1088 - Incorrect descriptions in ssh_config man page for
              ControlMaster=no.
      #1121 - Several corrections for ssh_agent manpages

    * Lots of cleanups, including fixes to memory leaks on error paths
      (Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092)

    * Portable OpenSSH-specific fixes:

      - Pass random seed during re-exec for each connection: speeds up
        processing of new connections on platforms using the OpenSSH's
        builtin entropy collector (ssh-rand-helper)

      - PAM fixes and improvements:
        #1045 - Missing option for ignoring the /etc/nologin file
        #1087 - Show PAM password expiry message from LDAP on login
        #1028 - Forward final non-query conversations to client
        #1126 - Prevent user from being forced to change an expired
                password repeatedly on AIX in some PAM configurations.
        #1045 - Do not check /etc/nologin when PAM is enabled, instead
                allow PAM to handle it. Note that on platforms using
                PAM, the pam_nologin module should be used in sshd's
                session stack in order to maintain past behaviour

      - Portability-related fixes:
        #989 - Fix multiplexing regress test on Solaris
        #1097 - Cross-compile fixes.
        #1096 - ssh-keygen broken on HPUX.
        #1098 - $MAIL being set incorrectly for HPUX server login.
        #1104 - Compile error on Tru64 Unix 4.0f
        #1106 - Updated .spec file and startup for SuSE.
        #1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing
                compilation problems on glibc 2.4

Revision 1.164 / (download) - annotate - [select for diffs], Sun Feb 12 00:13:55 2006 UTC (18 years, 1 month ago) by salo
Branch: MAIN
Changes since 1.163: +3 -3 lines
Diff to previous 1.163 (colored) to selected 1.215 (colored)

Update to version 3.4p1

From Jason White via PR pkg/32780

Changes:

Security bugs resolved in this release:

 * CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
   subshell to perform local to local, and remote to remote copy
   operations. This subshell exposed filenames to shell expansion
   twice; allowing a local attacker to create filenames containing
   shell metacharacters that, if matched by a wildcard, could lead
   to execution of attacker-specified commands with the privilege of
   the user running scp (Bugzilla #1094)

This is primarily a bug-fix release, only one new feature has been
added:

 * Add support for tunneling arbitrary network packets over a
   connection between an OpenSSH client and server via tun(4) virtual
   network interfaces. This allows the use of OpenSSH (4.3+) to create
   a true VPN between the client and server providing real network
   connectivity at layer 2 or 3. This feature is experimental and is
   currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
   FreeBSD. Other operating systems with tun/tap interface capability
   may be added in future portable OpenSSH releases. Please refer to
   the README.tun file in the source distribution for further details
   and usage examples.

Some of the other bugs resolved and internal improvements are:

 * Reduce default key length for new DSA keys generated by ssh-keygen
   back to 1024 bits. DSA is not specified for longer lengths and does
   not fully benefit from simply making keys longer. As per FIPS 186-2
   Change Notice 1, ssh-keygen will refuse to generate a new DSA key
   smaller or larger than 1024 bits

 * Fixed X forwarding failing to start when a the X11 client is executed
   in background at the time of session exit (Bugzilla #1086)

 * Change ssh-keygen to generate a protocol 2 RSA key when invoked
   without arguments (Bugzilla #1064)

 * Fix timing variance for valid vs. invalid accounts when attempting
   Kerberos authentication (Bugzilla #975)

 * Ensure that ssh always returns code 255 on internal error (Bugzilla
   #1137)

 * Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029)

 * Set SO_REUSEADDR on X11 listeners to avoid problems caused by
   lingering sockets from previous session (X11 applications can
   sometimes not connect to 127.0.0.1:60xx) (Bugzilla #1076)

 * Ensure that fds 0, 1 and 2 are always attached in all programs, by
   duping /dev/null to them if necessary.

 * Xauth list invocation had bogus "." argument (Bugzilla #1082)

 * Remove internal assumptions on key exchange hash algorithm and output
   length, preparing OpenSSH for KEX methods with alternate hashes.

 * Ignore junk sent by a server before it sends the "SSH-" banner
   (Bugzilla #1067)

 * The manpages has been significantly improves and rearranged, in
   addition to other specific manpage fixes:
   #1037 - Man page entries for -L and -R should mention -g.
   #1077 - Descriptions for "ssh -D" and DynamicForward should mention
           they can specify "bind_address" optionally.
   #1088 - Incorrect descriptions in ssh_config man page for
           ControlMaster=no.
   #1121 - Several corrections for ssh_agent manpages

 * Lots of cleanups, including fixes to memory leaks on error paths
   (Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092)

 * Portable OpenSSH-specific fixes:

   - Pass random seed during re-exec for each connection: speeds up
     processing of new connections on platforms using the OpenSSH's
     builtin entropy collector (ssh-rand-helper)

   - PAM fixes and improvements:
     #1045 - Missing option for ignoring the /etc/nologin file
     #1087 - Show PAM password expiry message from LDAP on login
     #1028 - Forward final non-query conversations to client
     #1126 - Prevent user from being forced to change an expired
             password repeatedly on AIX in some PAM configurations.
     #1045 - Do not check /etc/nologin when PAM is enabled, instead
             allow PAM to handle it. Note that on platforms using
             PAM, the pam_nologin module should be used in sshd's
             session stack in order to maintain past behaviour

   - Portability-related fixes:
     #989 - Fix multiplexing regress test on Solaris
     #1097 - Cross-compile fixes.
     #1096 - ssh-keygen broken on HPUX.
     #1098 - $MAIL being set incorrectly for HPUX server login.
     #1104 - Compile error on Tru64 Unix 4.0f
     #1106 - Updated .spec file and startup for SuSE.
     #1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing
             compilation problems on glibc 2.4

Revision 1.163 / (download) - annotate - [select for diffs], Thu Dec 29 06:22:10 2005 UTC (18 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.162: +1 -2 lines
Diff to previous 1.162 (colored) to selected 1.215 (colored)

Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.

Revision 1.162 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:18 2005 UTC (18 years, 3 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.161: +6 -6 lines
Diff to previous 1.161 (colored) to selected 1.215 (colored)

Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.

Revision 1.161 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:57 2005 UTC (18 years, 3 months ago) by rillig
Branch: MAIN
Changes since 1.160: +4 -5 lines
Diff to previous 1.160 (colored) to selected 1.215 (colored)

Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html

Revision 1.160 / (download) - annotate - [select for diffs], Mon Nov 14 22:36:17 2005 UTC (18 years, 4 months ago) by grant
Branch: MAIN
Changes since 1.159: +5 -1 lines
Diff to previous 1.159 (colored) to selected 1.215 (colored)

stop openssh from complaining about zlib version numbers, as pkgsrc
already enforces a "secure" version of zlib via dependencies.

Revision 1.159 / (download) - annotate - [select for diffs], Fri Oct 7 17:42:35 2005 UTC (18 years, 5 months ago) by reed
Branch: MAIN
Changes since 1.158: +1 -2 lines
Diff to previous 1.158 (colored) to selected 1.215 (colored)

Remove CONFIGURE_ARGS for --mandir as this is now done
for GNU_CONFIGURE.

Revision 1.158 / (download) - annotate - [select for diffs], Fri Sep 23 15:45:14 2005 UTC (18 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3
Changes since 1.157: +2 -2 lines
Diff to previous 1.157 (colored) to selected 1.215 (colored)

Be quiet pkglint:

- Remove trailing white space from Makefile.
- Add NetBSD Id to patch-aa and patch-ah.

Revision 1.157 / (download) - annotate - [select for diffs], Wed Sep 21 18:07:09 2005 UTC (18 years, 6 months ago) by reed
Branch: MAIN
Changes since 1.156: +5 -5 lines
Diff to previous 1.156 (colored) to selected 1.215 (colored)

Update openssh to 4.2p1. This is from PR #31331. Thank you, Jason.

Some changes different from patches provided in that PR are:

- patch-aj, patch-aq, and patch-as not changed (they appeared to
  be identical to previous patches)

- DragonFly support also added to configure script (patch-aa)
  because compilation failed due to missing crypt

- and install-sysconf target removed from the installation target
  in Makefile.in (patch-ah). Just let the pkgsrc framework install
  this since it now will allow it to be removed correctly on
  deinstall.

- use "pam" instead of "PAM" as option name in the post-install
  target.

This removes patch-ai.

This also now uses openssh-4.2p1-hpn11.diff patch.

I didn't test with kerberos and hpn-patch options. I did test with
PAM on Linux. (The PR reported that kerberos and hpn-patch options
were tested for compiling.) I tested on NetBSD 2.0.2, Linux,
and DragonFly.

This includes two security fixes and several bug fixes and many
improvemens.  The changes are listed at
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html

TODO: get some of these patches committed upstream.

Revision 1.156 / (download) - annotate - [select for diffs], Tue Aug 23 11:48:51 2005 UTC (18 years, 7 months ago) by rillig
Branch: MAIN
Changes since 1.155: +2 -2 lines
Diff to previous 1.155 (colored) to selected 1.215 (colored)

The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.

Revision 1.155 / (download) - annotate - [select for diffs], Fri Aug 19 18:12:38 2005 UTC (18 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.154: +3 -8 lines
Diff to previous 1.154 (colored) to selected 1.215 (colored)

Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files.  Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.

Revision 1.154 / (download) - annotate - [select for diffs], Thu Jul 28 17:54:57 2005 UTC (18 years, 8 months ago) by reed
Branch: MAIN
Changes since 1.153: +3 -7 lines
Diff to previous 1.153 (colored) to selected 1.215 (colored)

MESSAGE file removed. As mentioned on tech-pkg in May, /etc/ssh.conf
and /etc/sshd.conf is old (and I assume some configurations from
there don't apply any more), user and group are not created
automatically (only if PKG_CREATE_USERGROUP is at default YES),
UsePrivilegeSeparation is the default, and seems to imply that
openssh is insecure without it.

Bump PKGREVISION.

Change comment regarding MESSAGE.Interix.

Removed unused MESSAGE_SUBST settings. Move one to the options.mk
as it is for "pam" only.

Revision 1.153 / (download) - annotate - [select for diffs], Wed Jul 20 05:27:14 2005 UTC (18 years, 8 months ago) by reed
Branch: MAIN
Changes since 1.152: +2 -5 lines
Diff to previous 1.152 (colored) to selected 1.215 (colored)

Remove MANDIR variable and just use "man" instead.

Revision 1.152 / (download) - annotate - [select for diffs], Sat Jul 16 01:19:19 2005 UTC (18 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored) to selected 1.215 (colored)

Get rid of USE_PERL5.  The new way to express needing the Perl executable
around at either build-time or at run-time is:

	USE_TOOLS+=	perl		# build-time
	USE_TOOLS+=	perl:run	# run-time

Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.

Revision 1.151 / (download) - annotate - [select for diffs], Wed May 25 23:17:11 2005 UTC (18 years, 10 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.150: +2 -2 lines
Diff to previous 1.150 (colored) to selected 1.215 (colored)

Fix typo introduced on August 4 that stopped wtmp logging under Linux
and maybe other platforms.

Bump PKGREVISION.

Revision 1.150 / (download) - annotate - [select for diffs], Wed May 25 19:37:18 2005 UTC (18 years, 10 months ago) by reed
Branch: MAIN
Changes since 1.149: +5 -5 lines
Diff to previous 1.149 (colored) to selected 1.215 (colored)

Noticed that the PAM +DISPLAY message was not displayed
and extra pam file was not included in +CONTENTS.

So moved the include of options.mk to after the PLIST_SRC and
MESSAGE_SRC are defined as empty.
(MESSAGE_SRC is redefined if Interix and if PAM PKG_OPTION was enabled
then this still needs to be fixed.)

Revision 1.149 / (download) - annotate - [select for diffs], Thu Apr 28 14:11:13 2005 UTC (18 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.148: +2 -1 lines
Diff to previous 1.148 (colored) to selected 1.215 (colored)

Add CONFLICTS with lsh (common man page).

Revision 1.148 / (download) - annotate - [select for diffs], Mon Apr 11 21:47:14 2005 UTC (18 years, 11 months ago) by tv
Branch: MAIN
Changes since 1.147: +1 -2 lines
Diff to previous 1.147 (colored) to selected 1.215 (colored)

Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.

Revision 1.147 / (download) - annotate - [select for diffs], Mon Mar 7 23:29:49 2005 UTC (19 years ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1
Changes since 1.146: +21 -7 lines
Diff to previous 1.146 (colored) to selected 1.215 (colored)

nb5:  Rework Interix support, based on work done by Interop Systems
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.

sshd now works.  Most permissions checks work properly.  Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).

Revision 1.146 / (download) - annotate - [select for diffs], Tue Dec 28 02:47:49 2004 UTC (19 years, 3 months ago) by reed
Branch: MAIN
Changes since 1.145: +2 -2 lines
Diff to previous 1.145 (colored) to selected 1.215 (colored)

The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).

Revision 1.145 / (download) - annotate - [select for diffs], Thu Nov 25 19:25:28 2004 UTC (19 years, 4 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4
Changes since 1.144: +5 -20 lines
Diff to previous 1.144 (colored) to selected 1.215 (colored)

Convert to use bsd.options.mk with the following options:

	hpn-patch kerberos PAM (only Linux)

The hpn-patch option uses the patch available in:
http://www.psc.edu/networking/projects/hpn-ssh/ to enable high performance
connections.

Also use VARBASE intead of hardcoding /var.

Bump PKGREVISION.

Revision 1.144 / (download) - annotate - [select for diffs], Sun Oct 24 02:52:15 2004 UTC (19 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.143: +9 -2 lines
Diff to previous 1.143 (colored) to selected 1.215 (colored)

tell configure where to find xauth(1) so that X forwarding over ssh
works when using pkgsrc X11.

bump PKGREVISION.

Revision 1.143 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:11 2004 UTC (19 years, 5 months ago) by tv
Branch: MAIN
Changes since 1.142: +2 -1 lines
Diff to previous 1.142 (colored) to selected 1.215 (colored)

Libtool fix for PR pkg/26633, and other issues.  Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.

Revision 1.142 / (download) - annotate - [select for diffs], Tue Aug 31 11:27:11 2004 UTC (19 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.141: +3 -3 lines
Diff to previous 1.141 (colored) to selected 1.215 (colored)

Update to 3.9p1:
 * Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
   use keys specified in ssh_config, rather than any keys in ssh-agent(1)

 * Make sshd(8) re-execute itself on accepting a new connection. This security
   measure ensures that all execute-time randomisations are reapplied for each
   connection rather than once, for the master process' lifetime. This includes
   mmap and malloc mappings, shared library addressing, shared library mapping
   order, ProPolice and StackGhost cookies on systems that support such things

 * Add strict permission and ownership checks to programs reading ~/.ssh/config
   NB ssh(1) will now exit instead of trying to process a config with poor
   ownership or permissions

 * Implemented the ability to pass selected environment variables between the
   client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
   ssh_config(5) for details

 * Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
   number of authentication attempts permitted per connection

 * Added support for cancellation of active remote port forwarding sessions.
   This may be performed using the ~C escape character, see "Escape Characters"
   in ssh(1) for details

 * Many sftp(1) interface improvements, including greatly enhanced "ls" support
   and the ability to cancel active transfers using SIGINT (^C)

 * Implement session multiplexing: a single ssh(1) connection can now carry
   multiple login/command/file transfer sessions. Refer to the "ControlMaster"
   and "ControlPath" options in ssh_config(5) for more information

 * The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)

 * Portable OpenSSH: Re-introduce support for PAM password authentication, in
   addition to the keyboard-interactive driver. PAM password authentication
   is less flexible, and doesn't support pre-authentication password expiry but
   runs in-process so Kerberos tokens, etc are retained

 * Improved and more extensive regression tests

 * Many bugfixes and small improvements

Revision 1.141 / (download) - annotate - [select for diffs], Wed Aug 4 06:43:52 2004 UTC (19 years, 7 months ago) by minskim
Branch: MAIN
Changes since 1.140: +5 -1 lines
Diff to previous 1.140 (colored) to selected 1.215 (colored)

Make openssh build on Interix.  Currently only the client (ssh) was
tested.  The server (sshd) still needs more patches especially because of
non-zero Administrator uid/gid issues.

Revision 1.140 / (download) - annotate - [select for diffs], Sun Jul 25 12:36:03 2004 UTC (19 years, 8 months ago) by grant
Branch: MAIN
Changes since 1.139: +3 -2 lines
Diff to previous 1.139 (colored) to selected 1.215 (colored)

add CONFLICT with ssh2-nox11.

Revision 1.139 / (download) - annotate - [select for diffs], Fri May 21 23:00:23 2004 UTC (19 years, 10 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2
Changes since 1.138: +3 -1 lines
Diff to previous 1.138 (colored) to selected 1.215 (colored)

Only use the NetBSD-specific MESSAGE.urandom for NetBSD.

It says to use "pseudo-device   rnd" kernel configuration.

TODO: if the above instructions are fine for other
operating systems with /dev/urandom then add.

Revision 1.138 / (download) - annotate - [select for diffs], Fri May 21 22:54:43 2004 UTC (19 years, 10 months ago) by reed
Branch: MAIN
Changes since 1.137: +12 -13 lines
Diff to previous 1.137 (colored) to selected 1.215 (colored)

The makefile had a comment saying PAM authentication causes memory
faults, and haven't tracked down why yet.

No allow PAM authentication if Linux (and USE_PAM is defined).

This will close my 20846 PR from March 2003.

Also, install the contrib/sshd.pam.generic file as the example
sshd.pam instead of the FreeBSD version, but this okay since
it was commented out in the first place.

TODO: test the PAM support on other platforms and allow
if USE_PAM is defined.

Revision 1.137 / (download) - annotate - [select for diffs], Mon May 10 18:12:23 2004 UTC (19 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.136: +3 -10 lines
Diff to previous 1.136 (colored) to selected 1.215 (colored)

Update to 3.8.1p1:
Minor bugfixes.

Revision 1.136 / (download) - annotate - [select for diffs], Sun May 2 17:30:37 2004 UTC (19 years, 11 months ago) by xtraeme
Branch: MAIN
Changes since 1.135: +4 -1 lines
Diff to previous 1.135 (colored) to selected 1.215 (colored)

Enable md5 passwords support in Linux. This closes PR pkg/25322 by
Piotr Meyer.

Revision 1.135 / (download) - annotate - [select for diffs], Wed Apr 28 05:26:39 2004 UTC (19 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.134: +1 -2 lines
Diff to previous 1.134 (colored) to selected 1.215 (colored)

The buildlink3.mk file for the Kerberos 5 implementation used will
automatically pass the correct -I flags to the compiler.

Revision 1.134 / (download) - annotate - [select for diffs], Wed Apr 28 05:25:54 2004 UTC (19 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.133: +1 -7 lines
Diff to previous 1.133 (colored) to selected 1.215 (colored)

This version of OpenSSH actually no longer supports building with
Kerberos 4 support, so remove those Makefile checks.

Revision 1.133 / (download) - annotate - [select for diffs], Wed Apr 28 04:00:17 2004 UTC (19 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.132: +10 -9 lines
Diff to previous 1.132 (colored) to selected 1.215 (colored)

Fix up OpenSSH sources to allow building with S/Key support on NetBSD as
well.  Bump the PKGREVISION.

XXX The right fix is to create a autoconf check for the number of args
XXX that skeychallenge takes and do the right thing accordingly.

Revision 1.132 / (download) - annotate - [select for diffs], Wed Apr 28 03:54:08 2004 UTC (19 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.131: +10 -11 lines
Diff to previous 1.131 (colored) to selected 1.215 (colored)

Building with Kerberos 4 support doesn't work when using mit-krb5.  Only
allow building with Kerberos 4 support when using Heimdal and if the
kerberosIV headers exist.

Revision 1.131 / (download) - annotate - [select for diffs], Tue Apr 27 21:39:39 2004 UTC (19 years, 11 months ago) by markd
Branch: MAIN
Changes since 1.130: +2 -1 lines
Diff to previous 1.130 (colored) to selected 1.215 (colored)

Add the .endif I missed off last night.

Revision 1.130 / (download) - annotate - [select for diffs], Tue Apr 27 19:08:36 2004 UTC (19 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.129: +1 -5 lines
Diff to previous 1.129 (colored) to selected 1.215 (colored)

Don't support the updating the in-tree openssh via pkgsrc.  pkgsrc really
has no business trying to update parts of the base system.

Revision 1.129 / (download) - annotate - [select for diffs], Tue Apr 27 12:30:23 2004 UTC (19 years, 11 months ago) by markd
Branch: MAIN
Changes since 1.128: +6 -2 lines
Diff to previous 1.128 (colored) to selected 1.215 (colored)

Add handling of utmpx/wtmpx on NetBSD-current.
Bump PKGREVISION.

Revision 1.128 / (download) - annotate - [select for diffs], Tue Apr 27 12:26:31 2004 UTC (19 years, 11 months ago) by markd
Branch: MAIN
Changes since 1.127: +5 -1 lines
Diff to previous 1.127 (colored) to selected 1.215 (colored)

Something in our framework interferes with configure disabling utmp/wtmp
handling on Solaris >= 8 so do it explicitly.

Revision 1.127 / (download) - annotate - [select for diffs], Tue Apr 27 12:21:49 2004 UTC (19 years, 11 months ago) by markd
Branch: MAIN
Changes since 1.126: +7 -5 lines
Diff to previous 1.126 (colored) to selected 1.215 (colored)

Use krb5.buildlink3.mk to find krb5 locations.

Revision 1.126 / (download) - annotate - [select for diffs], Sun Apr 25 23:36:52 2004 UTC (19 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.125: +7 -7 lines
Diff to previous 1.125 (colored) to selected 1.215 (colored)

Convert to bl3; update comments in Makefile.intree.

Revision 1.125 / (download) - annotate - [select for diffs], Fri Apr 23 22:07:58 2004 UTC (19 years, 11 months ago) by reed
Branch: MAIN
Changes since 1.124: +1 -3 lines
Diff to previous 1.124 (colored) to selected 1.215 (colored)

mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.

Revision 1.124 / (download) - annotate - [select for diffs], Fri Mar 26 02:27:53 2004 UTC (20 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.123: +2 -1 lines
Diff to previous 1.123 (colored) to selected 1.215 (colored)

PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.

Revision 1.123 / (download) - annotate - [select for diffs], Fri Mar 12 19:24:47 2004 UTC (20 years ago) by wiz
Branch: MAIN
Changes since 1.122: +3 -4 lines
Diff to previous 1.122 (colored) to selected 1.215 (colored)

Update to 3.8p1:
This version features many improvements and bugfixes.

Revision 1.122 / (download) - annotate - [select for diffs], Sat Feb 21 06:26:41 2004 UTC (20 years, 1 month ago) by xtraeme
Branch: MAIN
Changes since 1.121: +2 -1 lines
Diff to previous 1.121 (colored) to selected 1.215 (colored)

Force manual pages installation, because some systems like IRIX will
install them like preformatted manual pages (cat).
Reported by Georg Schwarz in PR pkg/24428.

Revision 1.121 / (download) - annotate - [select for diffs], Sat Feb 7 23:58:49 2004 UTC (20 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.120: +2 -2 lines
Diff to previous 1.120 (colored) to selected 1.215 (colored)

Don't set LD=${CC} globally, but only pass it to CONFIGURE_ENV, which is
the only relevant place that wants it.

Revision 1.120 / (download) - annotate - [select for diffs], Wed Nov 12 03:39:43 2003 UTC (20 years, 4 months ago) by jschauma
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Changes since 1.119: +2 -2 lines
Diff to previous 1.119 (colored) to selected 1.215 (colored)

PKGREVISION++ after openssl update.

Revision 1.119 / (download) - annotate - [select for diffs], Sun Oct 12 10:13:53 2003 UTC (20 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.118: +11 -9 lines
Diff to previous 1.118 (colored) to selected 1.215 (colored)

set LD=CC again for all platforms with an appropriate comment - I
don't know why this didn't originally work as it should, but I've
just tested it with gcc3 and Forte 8 on Solaris and I couldn't make
it fail.

fixes coredump problem on Solaris observed by some, and also
PR pkg/23120 from Alex Gerasimoff.

bump PKGREVISION to differentiate between broken and unbroken
package.

Revision 1.118 / (download) - annotate - [select for diffs], Sun Oct 12 08:25:17 2003 UTC (20 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.117: +2 -1 lines
Diff to previous 1.117 (colored) to selected 1.215 (colored)

add a missing .elif OPSYS == NetBSD, which was resulting in passing
"--with-skey=... --without-skey" on Solaris :)

Revision 1.117 / (download) - annotate - [select for diffs], Tue Sep 23 20:53:52 2003 UTC (20 years, 6 months ago) by jschauma
Branch: MAIN
Changes since 1.116: +4 -1 lines
Diff to previous 1.116 (colored) to selected 1.215 (colored)

On non-SunOS, bring back
LD=${CC}

Revision 1.116 / (download) - annotate - [select for diffs], Tue Sep 23 19:33:14 2003 UTC (20 years, 6 months ago) by jschauma
Branch: MAIN
Changes since 1.115: +1 -4 lines
Diff to previous 1.115 (colored) to selected 1.215 (colored)

This version of OpenSSH doesn't need special flags for Irix anymore.

Revision 1.115 / (download) - annotate - [select for diffs], Tue Sep 23 17:52:33 2003 UTC (20 years, 6 months ago) by jschauma
Branch: MAIN
Changes since 1.114: +3 -3 lines
Diff to previous 1.114 (colored) to selected 1.215 (colored)

Update to 3.7.1p2:
Most important chcanges: security relevant bug fixes in new PAM authentication code

Changes since OpenSSH 3.7.1p1:
==============================

* This release disables PAM by default. To enable it, set "UsePAM yes" in
  sshd_config. Due to complexity, inconsistencies in the specification and
  differences between vendors' PAM implementations we recommend that PAM
  be left disabled in sshd_config unless there is a need for its use.
  Sites using only public key or simple password authentication usually
  have little need to enable PAM support.

* This release now requires zlib 1.1.4 to build correctly. Previous
  versions have security problems.

* Fix compilation for versions of OpenSSL before 0.9.6. Some cipher modes
  are not supported for older OpenSSL versions.

* Fix compilation problems on systems with a missing or lacking inet_ntoa()
  function.

* Workaround problems related to unimplemented or broken setresuid/setreuid
  functions on several platforms.

* Fix compilation on older OpenBSD systems.

* Fix handling of password-less authentication (PermitEmptyPasswords=yes)
  that has not worked since the 3.7p1 release.

Revision 1.114 / (download) - annotate - [select for diffs], Mon Sep 22 01:18:38 2003 UTC (20 years, 6 months ago) by grant
Branch: MAIN
Changes since 1.113: +5 -3 lines
Diff to previous 1.113 (colored) to selected 1.215 (colored)

as this pkg now calls the linker directly, we need to explicitly
specify -lc on Solaris.

remove a bogus hack setting LD=${CC} which was also breaking the
build on Solaris.

Revision 1.113 / (download) - annotate - [select for diffs], Thu Sep 18 02:11:38 2003 UTC (20 years, 6 months ago) by jschauma
Branch: MAIN
Changes since 1.112: +3 -11 lines
Diff to previous 1.112 (colored) to selected 1.215 (colored)

Ok, so we can make this work on Irix by adding
-DSETEUID_BREAKS_SETUID -DBROKEN_SETREUID -DBROKEN_SETREGID
to the CFLAGS.  Wuppi.

Revision 1.112 / (download) - annotate - [select for diffs], Wed Sep 17 16:42:01 2003 UTC (20 years, 6 months ago) by jschauma
Branch: MAIN
Changes since 1.111: +11 -1 lines
Diff to previous 1.111 (colored) to selected 1.215 (colored)

Mark OpenSSH-3.7x as *not available for IRIX*!
# OpenSSH 3.7x currently does *not* work on IRIX!
# To compile, we would need to remove the extraneous inclusion of the
# ``inet_ntoa.h'' header in openbsd-compat/inet_ntoa.c, but even though
# sshd will not work:  It seems the connection is closed by the daemon
# when it tries to spawn off a child to handle the incoming connection
#
# If you need the latest security patches for your openssh, I'm afraid you'll
# have to apply them by hand to the 3.6.1p2 version.

(Now wouldn't it be nice if we had a NOT_FOR_PLATFORM_REASON that is displayed
automatically?)

Revision 1.111 / (download) - annotate - [select for diffs], Tue Sep 16 23:06:22 2003 UTC (20 years, 6 months ago) by grant
Branch: MAIN
Changes since 1.110: +3 -3 lines
Diff to previous 1.110 (colored) to selected 1.215 (colored)

move ftp.openssh.com to the top, as it's the only site which has the
new distfile so far.

Revision 1.110 / (download) - annotate - [select for diffs], Tue Sep 16 23:05:33 2003 UTC (20 years, 6 months ago) by grant
Branch: MAIN
Changes since 1.109: +3 -3 lines
Diff to previous 1.109 (colored) to selected 1.215 (colored)

Update openssh to 3.7.1p1.

Changes since 3.7p1:

more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU

Revision 1.109 / (download) - annotate - [select for diffs], Tue Sep 16 13:52:30 2003 UTC (20 years, 6 months ago) by grant
Branch: MAIN
Changes since 1.108: +3 -4 lines
Diff to previous 1.108 (colored) to selected 1.215 (colored)

Update openssh to 3.7p1.

Large number of changes since 3.6.1p2, the most pertinent being:

* do not expand buffer before attempting to reallocate it (buffer.c)

note that NetBSD-current already includes this fix.

other changes include:

* portability fixes
* regression test fixes
* add GSSAPI support and remove kerberos support from ssh1, retaining
  kerberos passwd auth for ssh1 and 2
* man page fixes
* general bug fixes

see the ChangeLog for full details.

Revision 1.108 / (download) - annotate - [select for diffs], Thu Sep 11 04:13:02 2003 UTC (20 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.107: +1 -4 lines
Diff to previous 1.107 (colored) to selected 1.215 (colored)

Garbage-collect USE_OPENSSL_VERSION now that openssl/buildlink2.mk supports
just setting BUILDLINK_DEPENDS.openssl.  USE_OPENSSL_VERSION wasn't
actually needed here anyway since the minimum version allowed by
openssl/buildlink2.mk exceeded the version requested here.

Revision 1.107 / (download) - annotate - [select for diffs], Sat Aug 30 22:51:36 2003 UTC (20 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.106: +3 -1 lines
Diff to previous 1.106 (colored) to selected 1.215 (colored)

Add definitions for DEINSTALL_EXTRA_TMPL and INSTALL_EXTRA_TMPL if
USE_PKGINSTALL is "YES".  bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.

Revision 1.106 / (download) - annotate - [select for diffs], Wed Jul 30 18:35:53 2003 UTC (20 years, 8 months ago) by grant
Branch: MAIN
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored) to selected 1.215 (colored)

drop unneeded parens

Revision 1.105 / (download) - annotate - [select for diffs], Thu Jul 24 21:25:26 2003 UTC (20 years, 8 months ago) by jwise
Branch: MAIN
Changes since 1.104: +2 -1 lines
Diff to previous 1.104 (colored) to selected 1.215 (colored)

Bump ${PKGREVISION} for re-enabled kerberos support.

Revision 1.104 / (download) - annotate - [select for diffs], Thu Jul 24 21:24:28 2003 UTC (20 years, 8 months ago) by jwise
Branch: MAIN
Changes since 1.103: +10 -6 lines
Diff to previous 1.103 (colored) to selected 1.215 (colored)

Fix kerberos support in this package (kerberos support in the Makefile
was commented out because it didn't work with recent openssh, is now fiexed
and commented back in).  This support is conditional on ${KERBEROS} being
set, and currently enables support for both kerberos 4 and 5.  This should
be refined.

This has been tested and confirmed on -current and 1.6.  Testing on other
platforms (if any?  solaris?) in which we support kerberos in pkgsrc should
be done.

Revision 1.103 / (download) - annotate - [select for diffs], Thu Jul 24 20:59:03 2003 UTC (20 years, 8 months ago) by jwise
Branch: MAIN
Changes since 1.102: +2 -1 lines
Diff to previous 1.102 (colored) to selected 1.215 (colored)

Mark conflicts with openssh+gssapi.

Revision 1.102 / (download) - annotate - [select for diffs], Thu Jul 17 22:53:01 2003 UTC (20 years, 8 months ago) by grant
Branch: MAIN
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored) to selected 1.215 (colored)

s/netbsd.org/NetBSD.org/

Revision 1.101 / (download) - annotate - [select for diffs], Tue Jun 10 21:00:45 2003 UTC (20 years, 9 months ago) by jschauma
Branch: MAIN
Changes since 1.100: +3 -3 lines
Diff to previous 1.100 (colored) to selected 1.215 (colored)

Upgrade to 3.6.1p2:
 - (djm) Add back radix.o (used by AFS support), after it went missing from
   Makefile many moons ago
 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
 - (djm) Fix blibpath specification for AIX/gcc
 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org

(This last fix makes this compile on IRIX again.)

Revision 1.100 / (download) - annotate - [select for diffs], Mon Jun 2 01:17:14 2003 UTC (20 years, 10 months ago) by jschauma
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored) to selected 1.215 (colored)

Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages.
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.

Revision 1.99 / (download) - annotate - [select for diffs], Tue May 6 17:42:32 2003 UTC (20 years, 10 months ago) by jmmv
Branch: MAIN
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored) to selected 1.215 (colored)

Drop trailing whitespace.  Ok'ed by wiz.

Revision 1.98 / (download) - annotate - [select for diffs], Tue Apr 22 09:50:01 2003 UTC (20 years, 11 months ago) by grant
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored) to selected 1.215 (colored)

fix last

Revision 1.97 / (download) - annotate - [select for diffs], Tue Apr 22 09:48:44 2003 UTC (20 years, 11 months ago) by grant
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored) to selected 1.215 (colored)

add missing trailing / on a master site.

Revision 1.96 / (download) - annotate - [select for diffs], Thu Apr 10 20:20:55 2003 UTC (20 years, 11 months ago) by grant
Branch: MAIN
Changes since 1.95: +5 -2 lines
Diff to previous 1.95 (colored) to selected 1.215 (colored)

add some faster mirrors to MASTER_SITES.

Revision 1.95 / (download) - annotate - [select for diffs], Thu Apr 10 12:34:15 2003 UTC (20 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.94: +3 -3 lines
Diff to previous 1.94 (colored) to selected 1.215 (colored)

Update to 3.6.1p1. No NEWS file included, only a ChangeLog, and the
relevant changes are > 500 lines, see
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
Personal selection:
     rekeying bugfixes and automatic rekeying
     bandwidth limitation (scp -l)
     Add a -t life option to ssh-agent that set the default lifetime.
     The default can still be overriden by using -t in ssh-add.
     sftp progress meter support.
     allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
     [scp.c]
     1) include stalling time in total time
     2) truncate filenames to 45 instead of 20 characters
     3) print rate instead of progress bar, no more stars
     4) scale output to tty width

Revision 1.94 / (download) - annotate - [select for diffs], Tue Jan 28 22:04:06 2003 UTC (21 years, 2 months ago) by jlam
Branch: MAIN
CVS Tags: netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored) to selected 1.215 (colored)

Instead of including bsd.pkg.install.mk directly in a package Makefile,
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES".  This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile.  Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.

Revision 1.93 / (download) - annotate - [select for diffs], Thu Jan 23 00:00:17 2003 UTC (21 years, 2 months ago) by seb
Branch: MAIN
Changes since 1.92: +4 -4 lines
Diff to previous 1.92 (colored) to selected 1.215 (colored)

Put back MASTER_SITES.

Revision 1.92 / (download) - annotate - [select for diffs], Sun Jan 19 01:26:35 2003 UTC (21 years, 2 months ago) by seb
Branch: MAIN
Changes since 1.91: +4 -4 lines
Diff to previous 1.91 (colored) to selected 1.215 (colored)

Update to version 3.5p1

Also mark this package as conflicting with ssh2 package.

Changes:

20021003
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/10/01 20:34:12
     [ssh-agent.c]
     allow root to access the agent, since there is no protection from root.
   - markus@cvs.openbsd.org 2002/10/01 13:24:50
     [version.h]
     OpenSSH 3.5
 - (djm) Bump RPM spec version numbers
 - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2

20020930
 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
   tweak README
 - (djm) OpenBSD CVS Sync
   - mickey@cvs.openbsd.org 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
   - stevesk@cvs.openbsd.org 2002/09/27 15:46:21
     [ssh.1]
     clarify compression level protocol 1 only; ok markus@ deraadt@

20020927
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/09/25 11:17:16
     [sshd_config]
     sync LoginGraceTime with default
   - markus@cvs.openbsd.org 2002/09/25 15:19:02
     [sshd.c]
     typo; pilot@monkey.org
   - markus@cvs.openbsd.org 2002/09/26 11:38:43
     [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h]
     krb4 + privsep; ok dugsong@, deraadt@

20020925
 - (bal) Fix issue where successfull login does not clear failure counts
   in AIX.  Patch by dtucker@zip.com.au ok by djm
 - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
    This does not include the deattack.c fixes.

20020923
 - (djm) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/09/23 20:46:27
     [canohost.c]
     change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
     non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
   - markus@cvs.openbsd.org 2002/09/23 22:11:05
     [monitor.c]
     only call auth_krb5 if kerberos is enabled; ok deraadt@
   - markus@cvs.openbsd.org 2002/09/24 08:46:04
     [monitor.c]
     only call kerberos code for authctxt->valid
   - todd@cvs.openbsd.org 2002/09/24 20:59:44
     [sshd.8]
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by
     kolya@mit.edu (Nickolai Zeldovich).
     ok markus@ and stevesk@

20020923
 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au

20020922
 - (djm) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/09/19 14:53:14
     [compat.c]
   - markus@cvs.openbsd.org 2002/09/19 15:51:23
     [ssh-add.c]
     typo; cd@kalkatraz.de
   - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
     [serverloop.c]
     log IP address also; ok markus@
   - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
     [auth.c]
     log illegal user here for missing privsep case (ssh2).
     this is executed in the monitor. ok markus@

20020919
 - (djm) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/09/12 19:11:52
     [ssh-agent.c]
     %u for uid print; ok markus@
   - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
     [session.c ssh.1]
     add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
   - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
     [channels.c sshconnect.c sshd.c]
     remove use of SO_LINGER, it should not be needed. error check
     SO_REUSEADDR. fixup comments. ok markus@
   - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
     [session.c]
     log when _PATH_NOLOGIN exists; ok markus@
   - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
     [sshd_config.5]
     more details on X11Forwarding security issues and threats; ok markus@
   - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
     [sshd.8]
     reference moduli(5) in FILES /etc/moduli.
   - itojun@cvs.openbsd.org 2002/09/17 07:47:02
     [channels.c]
     don't quit while creating X11 listening socket.
     http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
     got from portable.  markus ok
   - djm@cvs.openbsd.org 2002/09/19 01:58:18
     [ssh.c sshconnect.c]
     bugzilla.mindrot.org #223 - ProxyCommands don't exit.
     Patch from dtucker@zip.com.au; ok markus@

20020912
 - (djm) Made GNOME askpass programs return non-zero if cancel button is
   pressed.
 - (djm) Added getpeereid() replacement. Properly implemented for systems
   with SO_PEERCRED support. Faked for systems which lack it.
 - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
   fake-queue.h to sys-tree.h and sys-queue.h
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/09/08 20:24:08
     [hostfile.h]
     no comma at end of enumerator list
   - itojun@cvs.openbsd.org 2002/09/09 06:48:06
     [auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
     patch from markus
   - markus@cvs.openbsd.org 2002/09/09 14:54:15
     [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
     signed vs unsigned from -pedantic; ok henning@
   - markus@cvs.openbsd.org 2002/09/10 20:24:47
     [ssh-agent.c]
     check the euid of the connecting process with getpeereid(2);
     ok provos deraadt stevesk
   - stevesk@cvs.openbsd.org 2002/09/11 17:55:03
     [ssh.1]
     add agent and X11 forwarding warning text from ssh_config.5; ok markus@
   - stevesk@cvs.openbsd.org 2002/09/11 18:27:26
     [authfd.c authfd.h ssh.c]
     don't connect to agent to test for presence if we've previously
     connected; ok markus@
   - djm@cvs.openbsd.org 2002/09/11 22:41:50
     [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
     [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
     support for short/long listings and globbing in "ls"; ok markus@
   - djm@cvs.openbsd.org 2002/09/12 00:13:06
     [sftp-int.c]
     zap unused var introduced in last commit

20020911
 - (djm) Sync openbsd-compat with OpenBSD -current

20020910
 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
   Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL.
   Patch from Robert Halubek <rob@adso.com.pl>

20020905
 - (djm) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/09/04 18:52:42
     [servconf.c sshd.8 sshd_config.5]
     default LoginGraceTime to 2m; 1m may be too short for slow systems.
     ok markus@
 - (djm) Merge openssh-TODO.patch from Redhat (null) beta
 - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
    Nalin Dahyabhai <nalin@redhat.com>
 - (djm) Add support for building gtk2 password requestor from Redhat beta

20020903
 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
 - (djm) Fix Redhat RPM build dependancy test
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/08/12 10:46:35
     [ssh-agent.c]
     make ssh-agent setgid, disallow ptrace.
   - espie@cvs.openbsd.org 2002/08/21 11:20:59
     [sshd.8]
     `RSA' updated to refer to `public key', where it matters.
     okay markus@
   - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
     [servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
   - stevesk@cvs.openbsd.org 2002/08/21 20:10:28
     [ssh-agent.c]
     raise listen backlog; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/22 19:27:53
     [ssh-agent.c]
     use common close function; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/22 19:38:42
     [clientloop.c]
     format with current EscapeChar; bugzilla #388 from wknox@mitre.org.
     ok markus@
   - stevesk@cvs.openbsd.org 2002/08/22 20:57:19
     [ssh-agent.c]
     shutdown(SHUT_RDWR) not needed before close here; ok markus@
   - markus@cvs.openbsd.org 2002/08/22 21:33:58
     [auth1.c auth2.c]
     auth_root_allowed() is handled by the monitor in the privsep case,
     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
   - markus@cvs.openbsd.org 2002/08/22 21:45:41
     [session.c]
     send signal name (not signal number) in "exit-signal" message; noticed
     by galb@vandyke.com
   - stevesk@cvs.openbsd.org 2002/08/27 17:13:56
     [ssh-rsa.c]
     RSA_public_decrypt() returns -1 on error so len must be signed;
     ok markus@
   - stevesk@cvs.openbsd.org 2002/08/27 17:18:40
     [ssh_config.5]
     some warning text for ForwardAgent and ForwardX11; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
     [monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
     NOTE: there are also p-specific parts to this patch. ok markus@
   - stevesk@cvs.openbsd.org 2002/08/29 16:02:54
     [ssh.1 ssh.c]
     deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
     [ssh_config.5]
     more on UsePrivilegedPort and setuid root; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
     [ssh.c]
     shrink initial privilege bracket for setuid case; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/29 22:54:10
     [ssh_config.5 sshd_config.5]
     state XAuthLocation is a full pathname

20020820
 - OpenBSD CVS Sync
   - millert@cvs.openbsd.org 2002/08/02 14:43:15
     [monitor.c monitor_mm.c]
     Change mm_zalloc() sanity checks to be more in line with what
     we do in calloc() and add a check to monitor_mm.c.
     OK provos@ and markus@
   - marc@cvs.openbsd.org 2002/08/02 16:00:07
     [ssh.1 sshd.8]
     note that .ssh/environment is only read when
     allowed (PermitUserEnvironment in sshd_config).
     OK markus@
   - markus@cvs.openbsd.org 2002/08/02 21:23:41
     [ssh-rsa.c]
     diff is u_int (2x); ok deraadt/provos
   - markus@cvs.openbsd.org 2002/08/02 22:20:30
     [ssh-rsa.c]
     replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
     for authentication; ok deraadt/djm
   - aaron@cvs.openbsd.org 2002/08/08 13:50:23
     [sshconnect1.c]
     Use & to test if bits are set, not &&; markus@ ok.
   - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
     [auth.c]
     typo in comment
   - stevesk@cvs.openbsd.org 2002/08/09 17:21:42
     [sshd_config.5]
     use Op for mdoc conformance; from esr@golux.thyrsus.com
     ok aaron@
   - stevesk@cvs.openbsd.org 2002/08/09 17:41:12
     [sshd_config.5]
     proxy vs. fake display
   - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
     [ssh.1 sshd.8 sshd_config.5]
     more PermitUserEnvironment; ok markus@
   - stevesk@cvs.openbsd.org 2002/08/17 23:07:14
     [ssh.1]
     ForwardAgent has defaulted to no for over 2 years; be more clear here.
   - stevesk@cvs.openbsd.org 2002/08/17 23:55:01
     [ssh_config.5]
     ordered list here
 - (bal) [defines.h] Some platforms don't have SIZE_T_MAX.  So assign
   it to ULONG_MAX.

20020813
 - (tim) [configure.ac] Display OpenSSL header/library version.
   Patch by dtucker@zip.com.au

20020731
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/07/24 16:11:18
     [hostfile.c hostfile.h sshconnect.c]
     print out all known keys for a host if we get a unknown host key,
     see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4

     the ssharp mitm tool attacks users in a similar way, so i'd like to
     pointed out again:
        A MITM attack is always possible if the ssh client prints:
        The authenticity of host 'bla' can't be established.
     (protocol version 2 with pubkey authentication allows you to detect
     MITM attacks)
   - mouring@cvs.openbsd.org 2002/07/25 01:16:59
     [sftp.c]
     FallBackToRsh does not exist anywhere else.  Remove it from here.
     OK deraadt.
   - markus@cvs.openbsd.org 2002/07/29 18:57:30
     [sshconnect.c]
     print file:line
   - markus@cvs.openbsd.org 2002/07/30 17:03:55
     [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt

20020730
 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de

20020728
 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
 - (stevesk) [CREDITS] solar
 - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
   char arg.

20020725
 - (djm) Remove some cruft from INSTALL
 - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/

20020723
 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
 - (bal) sync ID w/ ssh-agent.c
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2002/07/19 15:43:33
     [log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
   - stevesk@cvs.openbsd.org 2002/07/19 17:42:40
     [ssh.c]
     display a warning from ssh when XAuthLocation does not exist or xauth
     returned no authentication data. ok markus@
   - stevesk@cvs.openbsd.org 2002/07/21 18:32:20
     [auth-options.c]
     unneeded includes
   - stevesk@cvs.openbsd.org 2002/07/21 18:34:43
     [auth-options.h]
     remove invalid comment
   - markus@cvs.openbsd.org 2002/07/22 11:03:06
     [session.c]
     fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
   - stevesk@cvs.openbsd.org 2002/07/22 17:32:56
     [monitor.c]
     u_int here; ok provos@
   - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
     [sshd.c]
     utmp_len is unsigned; display error consistent with other options.
     ok markus@
   - stevesk@cvs.openbsd.org 2002/07/15 17:15:31
     [uidswap.c]
     little more debugging; ok markus@

20020722
 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk
 - (stevesk) [xmmap.c] missing prototype for fatal()
 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
   with Cray (mostly #ifdef renaming).  Patch by wendyp@cray.com.
 - (bal) [configure.ac]  Missing ;; from cray patch.
 - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
   into it's own header.
 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
   freed by the caller; add free_pam_environment() and use it.
 - (stevesk) [auth-pam.c] typo in comment

20020721
 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
   openssh-3.4p1-owl-password-changing.diff
 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
   PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
   warning on pam_conv struct conversation function.
 - (stevesk) [auth-pam.h] license
 - (stevesk) [auth-pam.h] unneeded include
 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h

20020720
 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().

20020719
 - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed.
   Patch by dtucker@zip.com.au
 - (tim) [configure.ac]  test for libxnet on HP. Patch by dtucker@zip.com.au

20020718
 - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org
 - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
   by ayamura@ayamura.org
 - (tim) [configure.ac] Bug 267 rework int64_t test.
 - (tim) [includes.h] Bug 267 add stdint.h

20020717
 - (bal) aixbff package updated by dtucker@zip.com.au
 - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests
   for autoconf 2.53. Based on a patch by jrj@purdue.edu

20020716
 - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found

20020715
 - (bal) OpenBSD CVS Sync
   - itojun@cvs.openbsd.org 2002/07/12 13:29:09
     [sshconnect.c]
     print connect failure during debugging mode.
   - markus@cvs.openbsd.org 2002/07/12 15:50:17
     [cipher.c]
     EVP_CIPH_CUSTOM_IV for our own rijndael
 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
   dtucker@zip.com.au plus a a more KNF since I am near it.
 - (bal) Privsep user creation support in Solaris buildpkg.sh by
   dtucker@zip.com.au

20020714
 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
   openbsd-compat/Makefile.in] support compression on platforms that
   have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
   Based on patch from nalin@redhat.com of code extracted from Owl's package
 - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
   report by chris@by-design.net
 - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net
 - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
   report by rodney@bond.net

20020712
 - (tim) [Makefile.in] quiet down install-files: and check-user:
 - (tim) [configure.ac] remove unused filepriv line

20020710
 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
   on /var/empty to 755 Patch by vinschen@redhat.com
 - (bal) OpenBSD CVS Sync
   - itojun@cvs.openbsd.org 2002/07/09 11:56:50
     [sshconnect.c]
     silently try next address on connect(2).  markus ok
   - itojun@cvs.openbsd.org 2002/07/09 11:56:27
     [canohost.c]
     suppress log on reverse lookup failiure, as there's no real value in
     doing so.
     markus ok
   - itojun@cvs.openbsd.org 2002/07/09 12:04:02
     [sshconnect.c]
     ed static function (less warnings)
   - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
     [sshd_config.5]
     clarify no preference ordering in protocol list; ok markus@
   - itojun@cvs.openbsd.org 2002/07/10 10:28:15
     [sshconnect.c]
     bark if all connection attempt fails.
   - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
     [rijndael.c]
     use right sizeof in memcpy; markus ok

20020709
 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
   lacking that concept can share it. Patch by vinschen@redhat.com

20020708
 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
   work in a jumpstart environment. patch by kbrint@rufus.net
 - (tim) [Makefile.in] workaround for broken pakadd on some systems.
 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
   --with-privsep-path=

20020707
 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
 - (tim) [acconfig.h configure.ac sshd.c]
   s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
   patch from vinschen@redhat.com
 - (bal) [realpath.c] Updated with OpenBSD tree.
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
     [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
     patch memory leaks; grendel@zeitbombe.org
   - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
     [channels.c packet.c]
     blah blah minor nothing as i read and re-read and re-read...
   - markus@cvs.openbsd.org 2002/07/04 10:41:47
     [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
     don't allocate, copy, and discard if there is not interested in the data;
     ok deraadt@
   - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
     [log.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
     [ssh-keyscan.c]
     KNF, realloc fix, and clean usage
   - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
     [ssh-keyscan.c]
     unused variable
 - (bal) Minor KNF on ssh-keyscan.c

20020705
 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
   Reported by Darren Tucker <dtucker@zip.com.au>
 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
   from vinschen@redhat.com

20020704
 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
   faster data rate)  Bug #124
 - (bal) glob.c defines TILDE and AIX also defines it.  #undef it first.
   bug #265
 - (bal) One too many nulls in ports-aix.c

20020703
 - (bal) Updated contrib/cygwin/  patch by vinschen@redhat.com
 - (bal) minor correction to utimes() replacement.  Patch by
   onoe@sm.sony.co.jp
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/27 08:49:44
     [dh.c ssh-keyscan.c sshconnect.c]
     more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
   - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
     [monitor.c]
     improve mm_zalloc check; markus ok
   - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
     [auth2-none.c monitor.c sftp-client.c]
     use xfree()
   - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
     [ssh-keyscan.c]
     use convtime(); ok markus@
   - millert@cvs.openbsd.org 2002/06/28 01:49:31
     [monitor_mm.c]
     tree(3) wants an int return value for its compare functions and
     the difference between two pointers is not an int.  Just do the
     safest thing and store the result in a long and then return 0,
     -1, or 1 based on that result.
   - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
     [monitor_wrap.c]
     use ssize_t
   - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
     [sshd.c]
     range check -u option at invocation
   - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
     [sshd.c]
     gidset[2] -> gidset[1]; markus ok
   - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
     [auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
   - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
     [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
   - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
     [msg.c]
     %u
   - markus@cvs.openbsd.org 2002/07/01 19:48:46
     [sshconnect2.c]
     for compression=yes, we fallback to no-compression if the server does
     not support compression, vice versa for compression=no. ok mouring@
   - markus@cvs.openbsd.org 2002/07/03 09:55:38
     [ssh-keysign.c]
     use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
     in order to avoid a possible Kocher timing attack pointed out by Charles
     Hannum; ok provos@
   - markus@cvs.openbsd.org 2002/07/03 14:21:05
     [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
     re-enable ssh-keysign's sbit, but make ssh-keysign read
     /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
     globally. based on discussions with deraadt, itojun and sommerfeld;
     ok itojun@
 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
 - (bal) Missed Makefile.in change.  keysign needs readconf.o
 - (bal) Clean up aix_usrinfo().  Ignore TTY= period I guess.

20020702
 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
   friends consistently. Spotted by Solar Designer <solar@openwall.com>

20020629
 - (bal) fix to auth2-pam.c to swap fatal() arguments,  A bit of style
   clean up while I'm near it.

20020628
 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
   options should contain default value.  from solar.
 - (bal) Cygwin uid0 fix by vinschen@redhat.com
 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c.  Otherwise wise
   have issues of our fixes not propogating right (ie bcopy instead of
   memmove).  OK tim
 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
   Bug #303

20020627
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
     [monitor.c]
     correct %u
   - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
     [monitor_fdpass.c]
     use ssize_t for recvmsg() and sendmsg() return
   - markus@cvs.openbsd.org 2002/06/26 14:51:33
     [ssh-add.c]
     fix exit code for -X/-x
   - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
     [monitor_wrap.c]
     more %u
   - markus@cvs.openbsd.org 2002/06/26 22:27:32
     [ssh-keysign.c]
     bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu

Revision 1.91 / (download) - annotate - [select for diffs], Thu Sep 19 09:04:22 2002 UTC (21 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.90: +1 -5 lines
Diff to previous 1.90 (colored) to selected 1.215 (colored)

Take advantage of the auto-generation and installation of rc.d scripts.

Revision 1.90 / (download) - annotate - [select for diffs], Wed Sep 18 21:15:17 2002 UTC (21 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.89: +1 -2 lines
Diff to previous 1.89 (colored) to selected 1.215 (colored)

When using bsd.pkg.install.mk, if a DEINSTALL or INSTALL file already
exists, then use it as the default value of DEINSTALL_EXTRA_TMPL or
INSTALL_EXTRA_TMPL.

Revision 1.89 / (download) - annotate - [select for diffs], Sat Aug 31 10:09:00 2002 UTC (21 years, 7 months ago) by grant
Branch: MAIN
Changes since 1.88: +9 -3 lines
Diff to previous 1.88 (colored) to selected 1.215 (colored)

Add variables for openssh privilege separation to bsd.pkg.defaults.mk:

	OPENSSH_USER
	OPENSSH_UID
	OPENSSH_GROUP
	OPENSSH_GID
	OPENSSH_CHROOT

Use these to automatically create user/group if they do not already
exist. Assists platforms which do not have an 'sshd' user by default,
while adding flexibility for NetBSD systems.

Checked by Stoned Elipot <seb@netbsd.org>.

Revision 1.88 / (download) - annotate - [select for diffs], Wed Aug 28 04:55:18 2002 UTC (21 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.87: +19 -15 lines
Diff to previous 1.87 (colored) to selected 1.215 (colored)

Support building with S/Key support on Darwin, and move the check for
libcrypt-before-libcrypto into a section that is protected by something
we can set in the configure script (check_for_libcrypt_before).  This
should fix the latter part of pkg/18091 by grant beattie.

Revision 1.87 / (download) - annotate - [select for diffs], Fri Aug 23 07:27:54 2002 UTC (21 years, 7 months ago) by grant
Branch: MAIN
Changes since 1.86: +1 -6 lines
Diff to previous 1.86 (colored) to selected 1.215 (colored)

Remove Solaris specific SSH_PID_DIR, as Solaris 8/9 do indeed have a
/var/run directory, tmpfs is mounted on /var/run by default.

/var/run does not exist by default on Solaris 7, but some daemons
appear to make use of it after it is created (eg. syslogd).

Revision 1.86 / (download) - annotate - [select for diffs], Thu Aug 1 08:35:45 2002 UTC (21 years, 8 months ago) by tron
Branch: MAIN
CVS Tags: netbsd-1-6-RELEASE-base, netbsd-1-6
Changes since 1.85: +4 -4 lines
Diff to previous 1.85 (colored) to selected 1.215 (colored)

Comment out master sites because the file on "ftp.openbsd.org" and
possibly on its mirrors is obviously infected with a trojan. The file
on "ftp.netbsd.org" is safe.

Revision 1.85 / (download) - annotate - [select for diffs], Fri Jul 26 09:24:22 2002 UTC (21 years, 8 months ago) by grant
Branch: MAIN
Changes since 1.84: +6 -1 lines
Diff to previous 1.84 (colored) to selected 1.215 (colored)

Add skey support on Solaris.

Revision 1.84 / (download) - annotate - [select for diffs], Wed Jul 24 19:45:26 2002 UTC (21 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.83: +2 -2 lines
Diff to previous 1.83 (colored) to selected 1.215 (colored)

Change explicit build dependencies on perl into "USE_PERL5=build".  This
makes these packages build correctly on Darwin where perl>=5.8.0 is
required.

Revision 1.83 / (download) - annotate - [select for diffs], Fri Jun 28 18:00:45 2002 UTC (21 years, 9 months ago) by jlam
Branch: MAIN
CVS Tags: pkgviews-base, pkgviews
Changes since 1.82: +5 -5 lines
Diff to previous 1.82 (colored) to selected 1.215 (colored)

Only allow an in-tree update to occur if OpenSSL>=0.9.5a is in the base
distribution.  This prevents surprises like "hey, why is /usr/sbin/sshd
broken" if a pkgsrc openssl is pkg_delete'd.  Idea by itojun.

Revision 1.82 / (download) - annotate - [select for diffs], Fri Jun 28 17:10:16 2002 UTC (21 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.81: +13 -3 lines
Diff to previous 1.81 (colored) to selected 1.215 (colored)

Add ability to update the in-tree OpenSSH directly from pkgsrc.  This
installs the binaries directly in /usr and places the manpages and example
files in the correct hier(7) locations.  We don't register installation in
this case because the package database can't handle it.  We deal with the
ssh config files and directories as follows:

	NetBSD-1.5.*	use /etc/ssh_config, /etc/sshd_config
	NetBSD-1.6	use /etc/ssh/ssh_config, /etc/ssh/sshd_config

We also emit a warning in the MESSAGE file that /etc/ssh.conf and
/etc/sshd.conf should be renamed in order to keep using them.  Lastly,
there is a new target "tarball" to generate a tarball of the installed
files that might be used to install quickly on many machines, though it
may be only of limited utility.

These changes are only active if UPDATE_INTREE_OPENSSH is defined.

Revision 1.81 / (download) - annotate - [select for diffs], Fri Jun 28 09:05:16 2002 UTC (21 years, 9 months ago) by seb
Branch: MAIN
Changes since 1.80: +1 -2 lines
Diff to previous 1.80 (colored) to selected 1.215 (colored)

Add PKG_SYSCONFDIR to BUILD_DEFS.
Note: it was already as part of CONFIGURE_ENV value, this change only makes
it more "readable" IMHO.

Remove explicit addition of PKG_SYSCONFDIR to BUILD_DEFS in a couple of
Makefiles.

Revision 1.80 / (download) - annotate - [select for diffs], Thu Jun 27 10:49:40 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.79: +3 -2 lines
Diff to previous 1.79 (colored) to selected 1.215 (colored)

backout 1.77 with comment, to get working blowfish support.  pkg/17405.

Revision 1.79 / (download) - annotate - [select for diffs], Thu Jun 27 02:15:14 2002 UTC (21 years, 9 months ago) by grant
Branch: MAIN
Changes since 1.78: +2 -1 lines
Diff to previous 1.78 (colored) to selected 1.215 (colored)

add POST-INSTALL warning if sshd configuration file is found in a
previous configuration directory.

format MESSAGE consistently.

Revision 1.78 / (download) - annotate - [select for diffs], Wed Jun 26 14:33:29 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.77: +3 -3 lines
Diff to previous 1.77 (colored) to selected 1.215 (colored)

upgrade to 3.4p1 (openssh-3.4.0.1).

20020626
 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/23 21:34:07
     [channels.c]
     tcode is u_int
   - markus@cvs.openbsd.org 2002/06/24 13:12:23
     [ssh-agent.1]
     the socket name contains ssh-agent's ppid; via mpech@ from form@
   - markus@cvs.openbsd.org 2002/06/24 14:33:27
     [channels.c channels.h clientloop.c serverloop.c]
     move channel counter to u_int
   - markus@cvs.openbsd.org 2002/06/24 14:55:38
     [authfile.c kex.c ssh-agent.c]
     cat to (void) when output from buffer_get_X is ignored
   - itojun@cvs.openbsd.org 2002/06/24 15:49:22
     [msg.c]
     printf type pedant
   - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
     [sftp-server.c sshpty.c]
     explicit (u_int) for uid and gid
   - markus@cvs.openbsd.org 2002/06/25 16:22:42
     [authfd.c]
     unnecessary cast
   - markus@cvs.openbsd.org 2002/06/25 18:51:04
     [sshd.c]
     lightweight do_setusercontext after chroot()
 - (bal) Updated AIX package build.  Patch by dtucker@zip.com.au
 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
 - (bal) added back in error check for mmap().  I screwed up, Pointed
   out by stevesk@
 - (tim) [README.privsep] UnixWare tip no longer needed.
 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
   but it all damned lies.
 - (stevesk) [README.privsep] more for sshd pseudo-account.
 - (tim) [contrib/caldera/openssh.spec] add support for privsep
 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/26 08:53:12
     [bufaux.c]
     limit size of BNs to 8KB; ok provos/deraadt
   - markus@cvs.openbsd.org 2002/06/26 08:54:18
     [buffer.c]
     limit append to 1MB and buffers to 10MB
   - markus@cvs.openbsd.org 2002/06/26 08:55:02
     [channels.c]
     limit # of channels to 10000
   - markus@cvs.openbsd.org 2002/06/26 08:58:26
     [session.c]
     limit # of env vars to 1000; ok deraadt/djm
   - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
     [monitor.c]
     be careful in mm_zalloc
   - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
     [session.c]
     disclose less information from environment files; based on input
     from djm, and dschultz@uclink.Berkeley.EDU
   - markus@cvs.openbsd.org 2002/06/26 13:55:37
     [auth2-chall.c]
     make sure # of response matches # of queries, fixes int overflow;
     from ISS
   - markus@cvs.openbsd.org 2002/06/26 13:56:27
     [version.h]
     3.4
 - (djm) Require krb5 devel for RPM build w/ KrbV
 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
   <nalin@redhat.com>
 - (djm) Update spec files for release
 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
 - (djm) Release 3.4p1

20020625
 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
 - (stevesk) [README.privsep] minor updates
 - (djm) Create privsep directory and warn if privsep user is missing
   during make install
 - (bal) Started list of PrivSep issues in TODO
 - (bal) if mmap() is substandard, don't allow compression on server side.
   Post 'event' we will add more options.
 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
 - (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
   dtucker@zip.com.au
 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
   for Cygwin, Cray, & SCO

20020624
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
     [tildexpand.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
     [cipher.c key.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
     [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
      sshpty.c]
     various KNF and %d for unsigned
   - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
     [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
      sftp.c]
     bunch of u_int vs int stuff
   - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
     [ssh-keygen.c]
     u_int stuff
   - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
     [bufaux.c servconf.c]
     minor KNF.  things the fingers do while you read
   - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
     [ssh-agent.c sshd.c]
     some minor KNF and %u
   - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
     [session.c]
     compression_level is u_int
   - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
     [sshpty.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
     [channels.c channels.h session.c session.h]
     display, screen, row, col, xpixel, ypixel are u_int; markus ok
   - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
     [packet.c]
     packet_get_int() returns unsigned for reason & seqnr
  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
    xpixel are u_int.


20020623
 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
 - (bal) add extern char *getopt.  Based on report by dtucker@zip.com.au
 - OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
     [ssh.h]
     correct comment
   - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
     [ssh.1]
     section 5 not 4 for ssh_config
   - naddy@cvs.openbsd.org 2002/06/22 11:51:39
     [ssh.1]
     typo
   - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
     [sshd.8]
     add /var/empty in FILES section
   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
     [sshd.c]
     check /var/empty owner mode; ok provos@
   - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
     [scp.1]
     typo
   - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
     [ssh-agent.1 sshd.8 sshd_config.5]
     use process ID vs. pid/PID/process identifier
   - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
     [sshd.c]
     don't call setsid() if debugging or run from inetd; no "Operation not
     permitted" errors now; ok millert@ markus@
   - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
     [monitor.c]
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

Revision 1.77 / (download) - annotate - [select for diffs], Wed Jun 26 07:44:38 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored) to selected 1.215 (colored)

it works with openssl 0.9.5a

>(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
>Blowfish included) do not work correctly.)

Revision 1.76 / (download) - annotate - [select for diffs], Tue Jun 25 06:43:50 2002 UTC (21 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.75: +6 -4 lines
Diff to previous 1.75 (colored) to selected 1.215 (colored)

Back out previous and do it in a simpler way by setting PKG_SYSCONFSUBDIR
(the subdirectory of ${PKG_SYSCONFBASE} where all of the config files for
thii package will be found) to be "ssh".

Revision 1.75 / (download) - annotate - [select for diffs], Tue Jun 25 04:24:38 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.74: +3 -3 lines
Diff to previous 1.74 (colored) to selected 1.215 (colored)

use ${PKG_SYSCONFDIR}/ssh (who uses CONF_FILES?)

Revision 1.74 / (download) - annotate - [select for diffs], Tue Jun 25 04:21:39 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored) to selected 1.215 (colored)

use ${PKG_SYSCONFDIR}/ssh, to be consistent with plain NetBSD distribution

Revision 1.73 / (download) - annotate - [select for diffs], Tue Jun 25 02:13:11 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.72: +5 -11 lines
Diff to previous 1.72 (colored) to selected 1.215 (colored)

upgrade to 3.3p1, with privilege separation enabled.

(the following change may include pre-3.2.3p1 change)

20020622
 - (djm) Update README.privsep; spotted by fries@
 - (djm) Release 3.3p1

20020621
 - (djm) Sync:
   - djm@cvs.openbsd.org 2002/06/21 05:50:51
     [monitor.c]
     Don't initialise compression buffers when compression=no in sshd_config;
     ok Niels@
  - ID sync for auth-passwd.c
 - (djm) Warn and disable compression on platforms which can't handle both
   useprivilegeseparation=yes and compression=yes
 - (djm) contrib/redhat/openssh.spec hacking:
   - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
   - Add new {ssh,sshd}_config.5 manpages
   - Add new ssh-keysign program and remove setuid from ssh client

20020620
 - (bal) Fixed AIX environment handling, use setpcred() instead of existing
   code.  (Bugzilla Bug 261)
 - (bal) OpenBSD CVS Sync
   - todd@cvs.openbsd.org 2002/06/14 21:35:00
     [monitor_wrap.c]
     spelling; from Brian Poole <raj@cerias.purdue.edu>
   - markus@cvs.openbsd.org 2002/06/15 00:01:36
     [authfd.c authfd.h ssh-add.c ssh-agent.c]
     break agent key lifetime protocol and allow other contraints for key
     usage.
   - markus@cvs.openbsd.org 2002/06/15 00:07:38
     [authfd.c authfd.h ssh-add.c ssh-agent.c]
     fix stupid typo
   - markus@cvs.openbsd.org 2002/06/15 01:27:48
     [authfd.c authfd.h ssh-add.c ssh-agent.c]
     remove the CONSTRAIN_IDENTITY messages and introduce a new
     ADD_ID message with contraints instead. contraints can be
     only added together with the private key.
   - itojun@cvs.openbsd.org 2002/06/16 21:30:58
     [ssh-keyscan.c]
     use TAILQ_xx macro.  from lukem@netbsd.  markus ok
   - deraadt@cvs.openbsd.org 2002/06/17 06:05:56
     [scp.c]
     make usage like man page
   - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
     [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
   - markus@cvs.openbsd.org 2002/06/19 18:01:00
     [cipher.c monitor.c monitor_wrap.c packet.c packet.h]
     make the monitor sync the transfer ssh1 session key;
     transfer keycontext only for RC4 (this is still depends on EVP
     implementation details and is broken).
   - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
     [ssh.1 sshd.8]
     move configuration file options from ssh.1/sshd.8 to
     ssh_config.5/sshd_config.5; ok deraadt@ millert@
   - stevesk@cvs.openbsd.org 2002/06/20 20:00:05
     [scp.1 sftp.1]
     ssh_config(5)
   - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
     [ssh_config sshd_config]
     refer to config file man page
   - markus@cvs.openbsd.org 2002/06/20 23:05:56
     [servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
   - markus@cvs.openbsd.org 2002/06/20 23:37:12
     [sshd_config]
     add Compression
   - stevesk@cvs.openbsd.org 2002/05/25 20:40:08
     [LICENCE]
     missed Per Allansson (auth2-chall.c)
 - (bal) Cygwin special handling of empty passwords wrong.  Patch by
   vinschen@redhat.com
 - (bal) Missed integrating ssh_config.5 and sshd_config.5
 - (bal) Still more Makefile.in updates for ssh{d}_config.5

20020613
 - (bal) typo of setgroup for cygwin.  Patch by vinschen@redhat.com

20020612
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/11 23:03:54
     [ssh.c]
     remove unused cruft.
   - markus@cvs.openbsd.org 2002/06/12 01:09:52
     [ssh.c]
     ssh_connect returns 0 on success
 - (bal) Build noop setgroups() for cygwin to clean up code (For other
   platforms without the setgroups() requirement, you MUST define
   SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
 - (bal) Some platforms don't have ONLCR (Notable Mint)

20020611
 - (bal) ssh-agent.c RCSD fix (|unexpand already done)
 - (bal) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
     [ssh.1]
     update for no setuid root and ssh-keysign; ok deraadt@
   - itojun@cvs.openbsd.org 2002/06/09 22:17:21
     [sshconnect.c]
     pass salen to sockaddr_ntop so that we are happy on linux/solaris
   - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
     [auth-rsa.c ssh-rsa.c]
     display minimum RSA modulus in error(); ok markus@
   - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
     [ssh-keysign.8]
     merge in stuff from my man page; ok markus@
   - stevesk@cvs.openbsd.org 2002/06/10 17:36:23
     [ssh-add.1 ssh-add.c]
     use convtime() to parse and validate key lifetime.  can now
     use '-t 2h' etc.  ok markus@ provos@
   - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
     [readconf.c ssh.1]
     change RhostsRSAAuthentication and RhostsAuthentication default to no
     since ssh is no longer setuid root by default; ok markus@
   - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
     [ssh_config]
     update defaults for RhostsRSAAuthentication and RhostsAuthentication
     here too (all options commented out with default value).
   - markus@cvs.openbsd.org 2002/06/10 22:28:41
     [channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.
   - markus@cvs.openbsd.org 2002/06/11 04:14:26
     [ssh.c sshconnect.c sshconnect.h]
     no longer use uidswap.[ch] from the ssh client
     run less code with euid==0 if ssh is installed setuid root
     just switch the euid, don't switch the complete set of groups
     (this is only needed by sshd). ok provos@
   - mpech@cvs.openbsd.org 2002/06/11 05:46:20
     [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
   - itojun@cvs.openbsd.org 2002/06/11 08:11:45
     [canohost.c]
     use "ntop" only after initialized
 - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
   vinschen@redhat.com

20020609
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/08 05:07:56
     [ssh.c]
     nuke ptrace comment
   - markus@cvs.openbsd.org 2002/06/08 05:07:09
     [ssh-keysign.c]
     only accept 20 byte session ids
   - markus@cvs.openbsd.org 2002/06/08 05:17:01
     [readconf.c readconf.h ssh.1 ssh.c]
     deprecate FallBackToRsh and UseRsh; patch from djm@
   - markus@cvs.openbsd.org 2002/06/08 05:40:01
     [readconf.c]
     just warn about Deprecated options for now
   - markus@cvs.openbsd.org 2002/06/08 05:41:18
     [ssh_config]
     remove FallBackToRsh/UseRsh
   - markus@cvs.openbsd.org 2002/06/08 12:36:53
     [scp.c]
     remove FallBackToRsh
   - markus@cvs.openbsd.org 2002/06/08 12:46:14
     [readconf.c]
     silently ignore deprecated options, since FallBackToRsh might be passed
     by remote scp commands.
  - itojun@cvs.openbsd.org 2002/06/08 21:15:27
     [sshconnect.c]
     always use getnameinfo.  (diag message only)
   - markus@cvs.openbsd.org 2002/06/09 04:33:27
     [sshconnect.c]
     abort() - > fatal()
 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
   sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
   independant of them)

20020607
 - (bal) Removed --{enable/disable}-suid-ssh
 - (bal) Missed __progname in ssh-keysign.c  patch by dtucker@zip.com.au
 - (bal) use 'LOGIN_PROGRAM'  not '/usr/bin/login' in session.c patch by
   Bertrand.Velle@apogee-com.fr

20020606
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/05/15 21:56:38
     [servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2
   - markus@cvs.openbsd.org 2002/05/16 22:02:50
     [cipher.c kex.h mac.c]
     fix warnings (openssl 0.9.7 requires const)
   - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
     [session.c ssh.c]
     don't limit xauth pathlen on client side and longer print length on
     server when debug; ok markus@
   - deraadt@cvs.openbsd.org 2002/05/19 20:54:52
     [log.h]
     extra commas in enum not 100% portable
   - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
     [ssh.c sshd.c]
     spelling; abishoff@arc.nasa.gov
   - markus@cvs.openbsd.org 2002/05/23 19:24:30
     [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
     add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
     authentication in protocol v2 (needs to access the hostkeys).
   - markus@cvs.openbsd.org 2002/05/23 19:39:34
     [ssh.c]
     add comment about ssh-keysign
   - markus@cvs.openbsd.org 2002/05/24 08:45:14
     [sshconnect2.c]
     stat ssh-keysign first, print error if stat fails;
     some debug->error; fix comment
   - markus@cvs.openbsd.org 2002/05/25 08:50:39
     [sshconnect2.c]
     execlp->execl; from stevesk
   - markus@cvs.openbsd.org 2002/05/25 18:51:07
     [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
      auth2-passwd.c auth2-pubkey.c Makefile.in]
     split auth2.c into one file per method; ok provos@/deraadt@
   - stevesk@cvs.openbsd.org 2002/05/26 20:35:10
     [ssh.1]
     sort ChallengeResponseAuthentication; ok markus@
   - stevesk@cvs.openbsd.org 2002/05/28 16:45:27
     [monitor_mm.c]
     print strerror(errno) on mmap/munmap error; ok markus@
   - stevesk@cvs.openbsd.org 2002/05/28 17:28:02
     [uidswap.c]
     format spec change/casts and some KNF; ok markus@
   - stevesk@cvs.openbsd.org 2002/05/28 21:24:00
     [uidswap.c]
     use correct function name in fatal()
   - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
     [ssh.1 sshd.8]
     spelling
   - markus@cvs.openbsd.org 2002/05/29 11:21:57
     [sshd.c]
     don't start if privsep is enabled and SSH_PRIVSEP_USER or
     _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
   - markus@cvs.openbsd.org 2002/05/30 08:07:31
     [cipher.c]
     use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
     our own implementation. allow use of AES hardware via libcrypto,
     ok deraadt@
   - markus@cvs.openbsd.org 2002/05/31 10:30:33
     [sshconnect2.c]
     extent ssh-keysign protocol:
     pass # of socket-fd to ssh-keysign, keysign verfies locally used
     ip-address using this socket-fd, restricts fake local hostnames
     to actual local hostnames; ok stevesk@
   - markus@cvs.openbsd.org 2002/05/31 11:35:15
     [auth.h auth2.c]
     move Authmethod definitons to per-method file.
   - markus@cvs.openbsd.org 2002/05/31 13:16:48
     [key.c]
     add comment:
     key_verify returns 1 for a correct signature, 0 for an incorrect signature
     and -1 on error.
   - markus@cvs.openbsd.org 2002/05/31 13:20:50
     [ssh-rsa.c]
     pad received signature with leading zeros, because RSA_verify expects
     a signature of RSA_size. the drafts says the signature is transmitted
     unpadded (e.g. putty does not pad), reported by anakin@pobox.com
   - deraadt@cvs.openbsd.org 2002/06/03 12:04:07
     [ssh.h]
     compatiblity -> compatibility
     decriptor -> descriptor
     authentciated -> authenticated
     transmition -> transmission
   - markus@cvs.openbsd.org 2002/06/04 19:42:35
     [monitor.c]
     only allow enabled authentication methods; ok provos@
   - markus@cvs.openbsd.org 2002/06/04 19:53:40
     [monitor.c]
     save the session id (hash) for ssh2 (it will be passed with the
     initial sign request) and verify that this value is used during
     authentication; ok provos@
   - markus@cvs.openbsd.org 2002/06/04 23:02:06
     [packet.c]
     remove __FUNCTION__
   - markus@cvs.openbsd.org 2002/06/04 23:05:49
     [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
     __FUNCTION__ -> __func__
   - markus@cvs.openbsd.org 2002/06/05 16:08:07
     [ssh-agent.1 ssh-agent.c]
     '-a bind_address' binds the agent to user-specified unix-domain
     socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
   - markus@cvs.openbsd.org 2002/06/05 16:08:07
     [ssh-agent.1 ssh-agent.c]
     '-a bind_address' binds the agent to user-specified unix-domain
     socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
   - markus@cvs.openbsd.org 2002/06/05 16:48:54
     [ssh-agent.c]
     copy current request into an extra buffer and just flush this
     request on errors, ok provos@
   - markus@cvs.openbsd.org 2002/06/05 19:57:12
     [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -x for lock and -X for unlocking the agent.
     todo: encrypt private keys with locked...
   - markus@cvs.openbsd.org 2002/06/05 20:56:39
     [ssh-add.c]
     add -x/-X to usage
   - markus@cvs.openbsd.org 2002/06/05 21:55:44
     [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -t life,  Set lifetime (in seconds) when adding identities;
     ok provos@
   - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
     [monitor.h]
     no trailing comma in enum; china@thewrittenword.com
   - markus@cvs.openbsd.org 2002/06/06 17:12:44
     [sftp-server.c]
     discard remaining bytes of current request; ok provos@
   - markus@cvs.openbsd.org 2002/06/06 17:30:11
     [sftp-server.c]
     use get_int() macro (hide iqueue)
 - (bal) Missed msg.[ch] in merge.  Required for ssh-keysign.
 - (bal) Forgot to add msg.c Makefile.in.
 - (bal) monitor_mm.c typos.
 - (bal) Refixed auth2.c.  It was never fully commited while spliting out
   authentication to different files.
 - (bal) ssh-keysign should build and install correctly now.  Phase two
   would be to clean out any dead wood and disable ssh setuid on install.
 - (bal) Reverse logic, use __func__ first since it's C99

20020604
 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
   setsockopt from debug to error for now).

20020527
 - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
   build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
   last monitor_fdpass.c changes that are no longer needed with new tests.
   Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>

20020522
 - (djm) Fix spelling mistakes, spotted by Solar Designer i
   <solar@openwall.com>
 - Sync scard/ (not sure when it drifted)
 - (djm) OpenBSD CVS Sync:
   [auth.c]
   Fix typo/thinko.  Pass in as to auth_approval(), not NULL.
   Closes PR 2659.
 - Crank version
 - Crank RPM spec versions

20020521
 - (stevesk) [sshd.c] bug 245; disable setsid() for now
 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()

20020517
 - (tim) [configure.ac] remove extra MD5_MSG="no" line.

20020515
 - (bal) CVS ID fix up on auth-passwd.c
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
     [ssh.h]
     use ssh uid
   - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
     [ssh.h]
     move to sshd.sshd instead
   - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
     [ssh.h]
     typo in comment
   - itojun@cvs.openbsd.org 2002/05/13 02:37:39
     [auth-skey.c auth2.c]
     less warnings.  skey_{respond,query} are public (in auth.h)
   - markus@cvs.openbsd.org 2002/05/13 20:44:58
     [auth-options.c auth.c auth.h]
     move the packet_send_debug handling from auth-options.c to auth.c;
     ok provos@
   - millert@cvs.openbsd.org 2002/05/13 15:53:19
     [sshd.c]
     Call setsid() in the child after sshd accepts the connection and forks.
     This is needed for privsep which calls setlogin() when it changes uids.
     Without this, there is a race where the login name of an existing
     connection, as returned by getlogin(), may be changed to the privsep
     user (sshd).  markus@ OK
   - markus@cvs.openbsd.org 2002/05/13 21:26:49
     [auth-rhosts.c]
     handle debug messages during rhosts-rsa and hostbased authentication;
     ok provos@
   - mouring@cvs.openbsd.org 2002/05/15 15:47:49
     [kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
   - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
     [servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
   - millert@cvs.openbsd.org 2002/05/06 23:34:33
     [ssh.1 sshd.8]
     Kill/adjust r(login|exec)d? references now that those are no longer in
     the tree.
   - markus@cvs.openbsd.org 2002/05/15 21:02:53
     [servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
 - (bal) Fixed up PAM case.  I think.
 - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/05/15 21:05:29
     [version.h]
     enter OpenSSH_3.2.2
 - (bal) Caldara, Suse, and Redhat openssh.specs updated.

Revision 1.66.2.1 / (download) - annotate - [select for diffs], Sun Jun 23 18:59:11 2002 UTC (21 years, 9 months ago) by jlam
Branch: buildlink2
Changes since 1.66: +7 -5 lines
Diff to previous 1.66 (colored) next main 1.67 (colored) to selected 1.215 (colored)

Merge from pkgsrc-current to buildlink2 branch.

Revision 1.72 / (download) - annotate - [select for diffs], Sat Jun 15 21:20:04 2002 UTC (21 years, 9 months ago) by cjep
Branch: MAIN
CVS Tags: buildlink2-base
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored) to selected 1.215 (colored)

Change USE_KERBEROS to PKG_USE_KERBEROS in pkgsrc. There was a "conflict"
which the basesrc USE_KERBEROS variable. Discussed on packages@

This fixes PR#17182 from Takahiro Kambe. The problem was pointed out by
FUKAUMI Naoki on a Japanese NetBSD mailing list.

Revision 1.71 / (download) - annotate - [select for diffs], Fri May 24 04:11:47 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.70: +3 -3 lines
Diff to previous 1.70 (colored) to selected 1.215 (colored)

upgrade to 3.2.3p1.

    - a defect in the BSD_AUTH access control handling for
      OpenBSD and BSD/OS systems:

      Under certain conditions, on systems using YP with netgroups
      in the password database, it is possible that sshd does ACL
      checks for the requested user name but uses the password
      database entry of a different user for authentication. This
      means that denied users might authenticate successfully while
      permitted users could be locked out (OpenBSD PR 2659).

    - login/tty problems on Solaris (bug #245)

    - build problems on Cygwin systems

Revision 1.70 / (download) - annotate - [select for diffs], Thu May 23 09:35:10 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored) to selected 1.215 (colored)

comment; rationale for --with-md5-passwords

Revision 1.69 / (download) - annotate - [select for diffs], Mon May 20 12:58:01 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.68: +2 -1 lines
Diff to previous 1.68 (colored) to selected 1.215 (colored)

enable MD5 password support.  PR 16546

Revision 1.68 / (download) - annotate - [select for diffs], Sun May 19 07:43:23 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.67: +3 -3 lines
Diff to previous 1.67 (colored) to selected 1.215 (colored)

upgrade to 3.2.2p1.  includes security changes.

Security Changes:
=================

- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
  see UsePrivilegeSeparation in sshd(8) and
	  http://www.citi.umich.edu/u/provos/ssh/privsep.html
  for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger

Other Changes:
==============

- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in protocol v2
- support configuration of TCP forwarding during interactive sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time

Revision 1.67 / (download) - annotate - [select for diffs], Mon May 13 05:11:26 2002 UTC (21 years, 10 months ago) by grant
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored) to selected 1.215 (colored)

OpenBSD/OpenSSH now in /opsys/ on gd.tuwien.ac.at

Revision 1.66 / (download) - annotate - [select for diffs], Wed Apr 24 05:43:08 2002 UTC (21 years, 11 months ago) by martti
Branch: MAIN
Branch point for: buildlink2
Changes since 1.65: +3 -1 lines
Diff to previous 1.65 (colored) to selected 1.215 (colored)

Make this depend on OpenSSL 0.9.6. This fixes the compilation problems
in NetBSD 1.5.x.

Revision 1.65 / (download) - annotate - [select for diffs], Tue Apr 23 13:32:56 2002 UTC (21 years, 11 months ago) by martti
Branch: MAIN
Changes since 1.64: +3 -4 lines
Diff to previous 1.64 (colored) to selected 1.215 (colored)

Updated openssh to 3.1.1

* a lot of bug fixes

Revision 1.64 / (download) - annotate - [select for diffs], Tue Mar 12 06:23:07 2002 UTC (22 years ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.63: +1 -7 lines
Diff to previous 1.63 (colored) to selected 1.215 (colored)

it seems that LP64 issue (alpha/sparc64) is gone.

Revision 1.63 / (download) - annotate - [select for diffs], Thu Mar 7 16:45:33 2002 UTC (22 years ago) by tron
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored) to selected 1.215 (colored)

Update "openssh" package to version 3.0.2.1nb2. Changes since 3.0.2.1nb1:
- Fix security problem described in advisory "PINE-CERT-20020301".

Revision 1.62 / (download) - annotate - [select for diffs], Tue Feb 5 04:26:27 2002 UTC (22 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.61: +2 -1 lines
Diff to previous 1.61 (colored) to selected 1.215 (colored)

Bump package version to 3.0.2.1nb1 since the config file location changed.

Revision 1.61 / (download) - annotate - [select for diffs], Tue Feb 5 04:17:31 2002 UTC (22 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.60: +63 -57 lines
Diff to previous 1.60 (colored) to selected 1.215 (colored)

* SSH_CONF_DIR has been obsoleted.  Use PKG_SYSCONFDIR instead.
* Build properly on systems that don't have /dev/urandom by testing for
  the presence of /dev/urandom, instead of just testing for Solaris.
* Add disabled code to handle PAM (not quite working yet with security/PAM).
* Make the sshd rc.d script more /etc/rc.subr-friendly.
* Minimize amount of diffs from pristine OpenSSH sources.

Revision 1.60 / (download) - annotate - [select for diffs], Mon Dec 3 08:21:21 2001 UTC (22 years, 3 months ago) by martti
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored) to selected 1.215 (colored)

* Updated to 3.0.2.1
* Disabled scard-install (patch/patch-ah -- Do we need/want it?)

Changes since 2.9.9.2:

- Don't allow authorized_keys specified environment variables when
  UseLogin in active
- Fix IPv4 default in ssh-keyscan
- Fix early (and double) free of remote user when using Kerberos
- fix krb5 authorization check
- enable authorized_keys2 again
- ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- pad using the padding field from the ssh2 packet instead of sending
  extra ignore messages
- missing free and sync dss/rsa code
- crank c->path to 256 so they can hold a full hostname
- cleanup libwrap support
- Fix fd leak in loginrec.c
- avoid possible FD_ISSET overflow for channels established
  during channnel_after_select()
- chdir $HOME after krb_afslog()
- stat subsystem command before calling do_exec
- close all channels if the connection to the remote host has been closed,
  should fix sshd's hanging with WCHAN==wait
- add NoHostAuthenticationForLocalhost; note that the hostkey is
  now check for localhost, too
- loginrec.c: fix type conversion problems exposed when using 64-bit off_t
- Update spec files for new x11-askpass

Revision 1.59 / (download) - annotate - [select for diffs], Sun Oct 21 10:27:21 2001 UTC (22 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored) to selected 1.215 (colored)

Make PKGNAME dewey-correct. Addresses pkg/14243.

Revision 1.58 / (download) - annotate - [select for diffs], Fri Oct 19 09:40:36 2001 UTC (22 years, 5 months ago) by veego
Branch: MAIN
Changes since 1.57: +11 -1 lines
Diff to previous 1.57 (colored) to selected 1.215 (colored)

Create the pid file on solaris in /etc/ and not in the not existing /var/run
directory.
Also change @SSH_PID_DIR@ and @MKDIR@ in sshd.sh and the INSTALL* files.

Revision 1.57 / (download) - annotate - [select for diffs], Thu Oct 18 15:20:34 2001 UTC (22 years, 5 months ago) by veego
Branch: MAIN
Changes since 1.56: +2 -1 lines
Diff to previous 1.56 (colored) to selected 1.215 (colored)

SVR4 packages have a limit of 9 chars for a package name.
The automatic truncation in gensolpkg doesn't work for packages which
have the same package name for the first 5-6 chars.
e.g. amanda-server and amanda-client would be named amanda and amanda.
Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for
amanda-server.
All svr4 packages also have a vendor tag, so we have to reserve some chars
for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6
or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the
vendor tag enough room.
All p5-* packages and a few other packages have now a SVR4_PKGNAME.

Revision 1.56 / (download) - annotate - [select for diffs], Thu Sep 27 23:18:39 2001 UTC (22 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored) to selected 1.215 (colored)

Mechanical changes to 375 files to change dependency patterns of the form
foo-* to foo-[0-9]*.  This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net.  Also
change dependency examples in Packages.txt to reflect this.

Revision 1.55 / (download) - annotate - [select for diffs], Thu Sep 27 05:12:54 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored) to selected 1.215 (colored)

upgrade to 2.9.9p2.  a security hole was plugged
(ssh protocol v2 access control).

Revision 1.54 / (download) - annotate - [select for diffs], Fri Aug 17 19:49:08 2001 UTC (22 years, 7 months ago) by kim
Branch: MAIN
Changes since 1.53: +23 -1 lines
Diff to previous 1.53 (colored) to selected 1.215 (colored)

Make this work more like the ssh package:
- don't install setuid unless SSH_SUID=YES
- use libwrap (--with-tcp-wrappers) on NetBSD

I also want to fix S/Key support and Kerberos IV,
so I've left some comments in Makefile for that.

Revision 1.53 / (download) - annotate - [select for diffs], Thu Jun 28 23:12:16 2001 UTC (22 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.52: +11 -37 lines
Diff to previous 1.52 (colored) to selected 1.215 (colored)

Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY.

Revision 1.52 / (download) - annotate - [select for diffs], Mon Jun 18 19:54:14 2001 UTC (22 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.51: +14 -2 lines
Diff to previous 1.51 (colored) to selected 1.215 (colored)

Unify NetBSD and Solaris package lists and use dynamic modification.

Revision 1.51 / (download) - annotate - [select for diffs], Mon Jun 18 09:56:26 2001 UTC (22 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored) to selected 1.215 (colored)

upgrade to portable openssh 2.9p2.  should fix "cookies" file deletion bug
when X11 forwarding = yes.

20010617
 - (djm) Pull in small fix from -CURRENT for session.c:
    typo, use pid not s->pid, mstone@cs.loyola.edu

20010615
 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
   around grantpt().

20010614
 - (bal) Applied X11 Cookie Patch.  X11 Cookie behavior has changed to
   no longer use /tmp/ssh-XXXXX/

20010528
 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
   Patch by Corinna Vinschen <vinschen@redhat.com>

20010512
 - (bal) Patch to partial sync up contrib/solaris/ packaging software.
   Patch by pete <ninjaz@webexpress.com>

20010509
 - (bal) UseLogin patch for Solaris/UNICOS.  Patch by Wayne Davison
   <wayne@blorf.net>
 - (bal) ./configure support to disable SIA on OSF1.  Patch by
   Chris Adams <cmadams@hiwaay.net>
 - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
   <nakaji@tutrp.tut.ac.jp>

20010508
 - (bal) Fixed configure test for USE_SIA.

20010506
 - (djm) Update config.guess and config.sub with latest versions (from
   ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
   Suggested by Jason Mader <jason@ncac.gwu.edu>

20010504
 - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
 - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
   Patch by Egor Duda <deo@logos-m.ru>

20010430
 - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1

Revision 1.50 / (download) - annotate - [select for diffs], Tue May 22 09:46:16 2001 UTC (22 years, 10 months ago) by abs
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored) to selected 1.215 (colored)

We also work under Linux

Revision 1.49 / (download) - annotate - [select for diffs], Mon May 14 16:32:32 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored) to selected 1.215 (colored)

use portable openssh 2.9p1.

Important Changes:
==================

WARNING: SSH protocol v2 is now the default protocol version

	use the 'Protocol' option from ssh(1) and sshd(8) if
	you want to change this.

SSH protocol v2 implementation adds support for:

	HostbasedAuthentication, similar to RhostsRSA in SSH protocol
	v1

	Rekeying (negotiate new encryption keys for the current SSH
	session, try ~R in interactive SSH sessions)

	updated DH group exchange:
	        draft-ietf-secsh-dh-group-exchange-01.txt

	client option HostKeyAlgorithms

	server options ClientAliveInterval and ClientAliveCountMax

	tty mode passing

general:

	gid swapping in sshd (fixes access to /home/group/user based
	directory structures)

	Dan Kaminsky <dankamin@cisco.com> contributed an experimental
	SOCKS4 proxy to the ssh client (yes, client not the server).
	Use 'ssh -D 1080 server' if you want to try this out.

	server option PrintLastLog

	improvements for scp > 2GB

	improved ListenAddress option.
	You can now use ListenAddress host:port

	improved interoperability (bug detection for older implementations)

	improved documentation

Revision 1.48 / (download) - annotate - [select for diffs], Mon Apr 30 04:16:11 2001 UTC (22 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored) to selected 1.215 (colored)

Change build dependency from perl-5.* to perl>=${PERL5_REQD}.  Also change
dependency from libperl-5.* to libperl>=${PERL5_REQD}.

Revision 1.47 / (download) - annotate - [select for diffs], Mon Apr 16 03:03:07 2001 UTC (22 years, 11 months ago) by tron
Branch: MAIN
Changes since 1.46: +4 -2 lines
Diff to previous 1.46 (colored) to selected 1.215 (colored)

Don't try to build the "openssl" package if we got "openssl-0.96a" in the
base system

Revision 1.46 / (download) - annotate - [select for diffs], Thu Apr 12 10:42:52 2001 UTC (22 years, 11 months ago) by wennmach
Branch: MAIN
Changes since 1.45: +3 -1 lines
Diff to previous 1.45 (colored) to selected 1.215 (colored)

Add a CONFLICTS entry for sftp.
Detected by pkgconflict.

Revision 1.45 / (download) - annotate - [select for diffs], Mon Apr 9 13:32:55 2001 UTC (22 years, 11 months ago) by tron
Branch: MAIN
Changes since 1.44: +6 -4 lines
Diff to previous 1.44 (colored) to selected 1.215 (colored)

Make this package work with version 0.9.6 of the "openssl" package.

Revision 1.44 / (download) - annotate - [select for diffs], Tue Mar 27 03:20:15 2001 UTC (23 years ago) by hubertf
Branch: MAIN
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored) to selected 1.215 (colored)

Change BUILD_DEPENDS semantics:
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.

While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).

Patch by Alistair Crooks <agc@netbsd.org>

Revision 1.43 / (download) - annotate - [select for diffs], Thu Mar 22 08:49:28 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored) to selected 1.215 (colored)

upgrade to 2.5.2p2.

20010322
 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
 - (djm) Released 2.5.2p2

20010321
 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
   VanDevender <stevev@darkwing.uoregon.edu>
 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
   from Solar Designer <solar@openwall.com>
 - (djm) Don't loop forever when changing password via PAM. Patch
   from Solar Designer <solar@openwall.com>
 - (djm) Generate config files before build
 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
   suggested fix from Mike Battersby <mib@unimelb.edu.au>

20010320
 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
 - (bal) Oops.  Missed globc.h change (OpenBSD CVS).
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/19 17:07:23
     [auth.c readconf.c]
     undo /etc/shell and proto 2,1 change for openssh-2.5.2
   - markus@cvs.openbsd.org 2001/03/19 17:12:10
     [version.h]
     version 2.5.2
 - (djm) Update RPM spec version
 - (djm) Release 2.5.2p1
- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
  change S_ISLNK macro to work for UnixWare 2.03
- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
  add get_arg_max(). Use sysconf() if ARG_MAX is not defined

20010319
 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
   do it implicitly.
 - (djm) Add getusershell() functions from OpenBSD CVS
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/18 12:07:52
     [auth-options.c]
     ignore permitopen="host:port" if AllowTcpForwarding==no
 - (djm) Make scp work on systems without 64-bit ints
 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
   move HAVE_LONG_LONG_INT where it works
 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
   stuff.  Change suggested by Mark Miller <markm@swoon.net>
 - (bal) Small fix to scp.  %lu vs %ld
 - (bal) NeXTStep lacks S_ISLNK.  Plus split up S_IS*
 - (djm) OpenBSD CVS Sync
   - djm@cvs.openbsd.org     2001/03/19 03:52:51
     [sftp-client.c]
     Report ssh connection closing correctly; ok deraadt@
   - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
     [compat.c compat.h sshd.c]
     specifically version match on ssh scanners.  do not log scan
     information to the console
   - djm@cvs.openbsd.org      2001/03/19 12:10:17
     [sshd.8]
     Document permitopen authorized_keys option; ok markus@
   - djm@cvs.openbsd.org     2001/03/19 05:49:52
     [ssh.1]
     document PreferredAuthentications option; ok markus@
 - (bal) Minor NeXT fixed.  Forgot to #undef NGROUPS_MAX

20010318
 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
   size not delimited" fatal errors when tranfering.
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/17 17:27:59
     [auth.c]
     check /etc/shells, too
 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
     openbsd-compat/fake-regex.h

20010317
 - Support usrinfo() on AIX. Based on patch from Gert Doering
   <gert@greenie.muc.de>
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/15 15:05:59
     [scp.c]
     use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
   - markus@cvs.openbsd.org 2001/03/15 22:07:08
     [session.c]
     pass Session to do_child + KNF
   - djm@cvs.openbsd.org 2001/03/16 08:16:18
     [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
     Revise globbing for get/put to be more shell-like. In particular,
     "get/put file* directory/" now works. ok markus@
   - markus@cvs.openbsd.org 2001/03/16 09:55:53
     [sftp-int.c]
     fix memset and whitespace
   - markus@cvs.openbsd.org 2001/03/16 13:44:24
     [sftp-int.c]
     discourage strcat/strcpy
   - markus@cvs.openbsd.org 2001/03/16 19:06:30
     [auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de
 - Check for gl_matchc support in glob_t and fall back to the
   openbsd-compat/glob.[ch] support if it does not exist.

20010315
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/14 08:57:14
     [sftp-client.c]
     Wall
   - markus@cvs.openbsd.org 2001/03/14 15:15:58
     [sftp-int.c]
     add version command
   - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
     [sftp-server.c]
     note no getopt()
 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>

20010314
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/13 17:34:42
     [auth-options.c]
     missing xfree, deny key on parse error; ok stevesk@
   - djm@cvs.openbsd.org 2001/03/13 22:42:54
     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
     sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
 - (bal) Fix strerror() in bsd-misc.c
 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
   missing or lacks the GLOB_ALTDIRFUNC extension
 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
   relatively. Avoids conflict between glob.h and /usr/include/glob.h

20010313
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/12 22:02:02
     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
     remove old key_fingerprint interface, s/_ex//

20010312
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/11 13:25:36
     [auth2.c key.c]
     debug
   - jakob@cvs.openbsd.org 2001/03/11 15:03:16
     [key.c key.h]
     add improved fingerprint functions. based on work by Carsten
     Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
   - jakob@cvs.openbsd.org 2001/03/11 15:04:16
     [ssh-keygen.1 ssh-keygen.c]
     print both md5, sha1 and bubblebabble fingerprints when using
     ssh-keygen -l -v. ok markus@.
   - jakob@cvs.openbsd.org 2001/03/11 15:13:09
     [key.c]
     cleanup & shorten some var names key_fingerprint_bubblebabble.
   - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
     [ssh-keygen.c]
     KNF, and SHA1 binary output is just creeping featurism
 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
   test if snprintf() supports %ll
   add /dev to search path for PRNGD/EGD socket
   fix my mistake in USER_PATH test program
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/11 18:29:51
     [key.c]
     style+cleanup
   - markus@cvs.openbsd.org 2001/03/11 22:33:24
     [ssh-keygen.1 ssh-keygen.c]
     remove -v again. use -B instead for bubblebabble. make -B consistent
     with -l and make -B work with /path/to/known_hosts. ok deraadt@
 - (djm) Bump portable version number for generating test RPMs
 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
 - (bal) Reorder includes in Makefile.

20010311
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/10 12:48:27
     [sshconnect2.c]
     ignore nonexisting private keys; report rjmooney@mediaone.net
   - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
     [readconf.c ssh_config]
     default to SSH2, now that m68k runs fast
   - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
     [ttymodes.c ttymodes.h]
     remove unused sgtty macros; ok markus@
   - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
     [compat.c compat.h sshconnect.c]
     all known netscreen ssh versions, and older versions of OSU ssh cannot
     handle password padding (newer OSU is fixed)
 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
   make sure $bindir is in USER_PATH so scp will work
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/10 17:51:04
     [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
     add PreferredAuthentications

20010310
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
     [ssh-keygen.c]
     create *.pub files with umask 0644, so that you can mv them to
     authorized_keys
   - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
     [sshd.c]
     typo; slade@shore.net
 - Removed log.o from sftp client.  Not needed.

20010309
 - OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
     [auth1.c]
     unused; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
     [sftp.1]
     spelling, cleanup; ok deraadt@
   - markus@cvs.openbsd.org 2001/03/08 21:42:33
     [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
     no need to do enter passphrase or do expensive sign operations if the
     server does not accept key).

20010308
 - OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2001/03/07 10:11:23
     [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
     Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
     functions and small protocol change.
   - markus@cvs.openbsd.org 2001/03/08 00:15:48
     [readconf.c ssh.1]
     turn off useprivilegedports by default. only rhost-auth needs
     this. older sshd's may need this, too.
 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
   Dirk Markwardt <D.Markwardt@tu-bs.de>

20010307
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
     [ssh-keyscan.c]
     appease gcc
   - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
     [sftp-int.c sftp.1 sftp.c]
     sftp -b batchfile; mouring@etoh.eviladmin.org
   - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
     [sftp.1]
     order things
   - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
     [ssh.1 sshd.8]
     the name "secure shell" is boring, noone ever uses it
   - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
     [ssh.1]
     removed dated comment
 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>

20010306
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
     [sshd.8]
     alpha order; jcs@rt.fm
   - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
     [servconf.c]
     sync error message; ok markus@
   - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
     [myproposal.h ssh.1]
     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
     provos & markus ok
   - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
     [sshd.8]
     detail default hmac setup too
   - markus@cvs.openbsd.org 2001/03/05 17:17:21
     [kex.c kex.h sshconnect2.c sshd.c]
     generate a 2*need size (~300 instead of 1024/2048) random private
     exponent during the DH key agreement. according to Niels (the great
     german advisor) this is safe since /etc/primes contains strong
     primes only.

     References:
             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
             agreement with short exponents, In Advances in Cryptology
             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
   - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
     [ssh.1]
     more ssh_known_hosts2 documentation; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
     [dh.c]
     spelling
   - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
     [authfd.c cli.c ssh-agent.c]
     EINTR/EAGAIN handling is required in more cases
   - millert@cvs.openbsd.org 2001/03/06 01:06:03
     [ssh-keyscan.c]
     Don't assume we wil get the version string all in one read().
     deraadt@ OK'd
   - millert@cvs.openbsd.org 2001/03/06 01:08:27
     [clientloop.c]
     If read() fails with EINTR deal with it the same way we treat EAGAIN

20010305
 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
 - (bal) CVS ID touch up on sftp-int.c
 - (bal) CVS ID touch up on uuencode.c
 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
     [sshd.8]
     it's the OpenSSH one
   - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
     [ssh-keyscan.c]
     inline -> __inline__, and some indent
   - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
     [authfile.c]
     improve fd handling
   - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
     [sftp-server.c]
     careful with & and &&; markus ok
   - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
     [ssh.c]
     -i supports DSA identities now; ok markus@
   - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
     [servconf.c]
     grammar; slade@shore.net
   - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
     [ssh-keygen.1 ssh-keygen.c]
     document -d, and -t defaults to rsa1
   - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
     [ssh-keygen.1 ssh-keygen.c]
     bye bye -d
   - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
     [sshd_config]
     activate RSA 2 key
   - markus@cvs.openbsd.org 2001/02/22 21:57:27
     [ssh.1 sshd.8]
     typos/grammar from matt@anzen.com
   - markus@cvs.openbsd.org 2001/02/22 21:59:44
     [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
   - markus@cvs.openbsd.org 2001/02/23 15:34:53
     [serverloop.c]
     debug2->3
   - markus@cvs.openbsd.org 2001/02/23 18:15:13
     [sshd.c]
     the random session key depends now on the session_key_int
     sent by the 'attacker'
             dig1 = md5(cookie|session_key_int);
             dig2 = md5(dig1|cookie|session_key_int);
             fake_session_key = dig1|dig2;
     this change is caused by a mail from anakin@pobox.com
     patch based on discussions with my german advisor niels@openbsd.org
   - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
     [readconf.c]
     look for id_rsa by default, before id_dsa
   - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
     [sshd_config]
     ssh2 rsa key before dsa key
   - markus@cvs.openbsd.org 2001/02/27 10:35:27
     [packet.c]
     fix random padding
   - markus@cvs.openbsd.org 2001/02/27 11:00:11
     [compat.c]
     support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
   - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
     [misc.c]
     pull in protos
   - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
     [sftp.c]
     do not kill the subprocess on termination (we will see if this helps
     things or hurts things)
   - markus@cvs.openbsd.org 2001/02/28 08:45:39
     [clientloop.c]
     fix byte counts for ssh protocol v1
   - markus@cvs.openbsd.org 2001/02/28 08:54:55
     [channels.c nchan.c nchan.h]
     make sure remote stderr does not get truncated.
     remove closed fd's from the select mask.
   - markus@cvs.openbsd.org 2001/02/28 09:57:07
     [packet.c packet.h sshconnect2.c]
     in ssh protocol v2 use ignore messages for padding (instead of
     trailing \0).
   - markus@cvs.openbsd.org 2001/02/28 12:55:07
     [channels.c]
     unify debug messages
   - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
     [misc.c]
     for completeness, copy pw_gecos too
   - markus@cvs.openbsd.org 2001/02/28 21:21:41
     [sshd.c]
     generate a fake session id, too
   - markus@cvs.openbsd.org 2001/02/28 21:27:48
     [channels.c packet.c packet.h serverloop.c]
     use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
     use random content in ignore messages.
   - markus@cvs.openbsd.org 2001/02/28 21:31:32
     [channels.c]
     typo
   - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
     [authfd.c]
     split line so that p will have an easier time next time around
   - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
     [ssh.c]
     shorten usage by a line
   - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
     [auth-rsa.c auth2.c deattack.c packet.c]
     KNF
   - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
     [cli.c cli.h rijndael.h ssh-keyscan.1]
     copyright notices on all source files
   - markus@cvs.openbsd.org 2001/03/01 22:46:37
     [ssh.c]
     don't truncate remote ssh-2 commands; from mkubita@securities.cz
     use min, not max for logging, fixes overflow.
   - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
     [sshd.8]
     explain SIGHUP better
   - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
     [sshd.8]
     doc the dsa/rsa key pair files
   - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
     [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
   - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
     [ssh-keyscan.c]
     standard theo sweep
   - millert@cvs.openbsd.org 2001/03/03 21:19:41
     [ssh-keyscan.c]
     Dynamically allocate read_wait and its copies.  Since maxfd is
     based on resource limits it is often (usually?) larger than FD_SETSIZE.
   - millert@cvs.openbsd.org 2001/03/03 21:40:30
     [sftp-server.c]
     Dynamically allocate fd_set; deraadt@ OK
   - millert@cvs.openbsd.org 2001/03/03 21:41:07
     [packet.c]
     Dynamically allocate fd_set; deraadt@ OK
   - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
     [sftp-server.c]
     KNF
   - markus@cvs.openbsd.org 2001/03/03 23:52:22
     [sftp.c]
     clean up arg processing. based on work by Christophe_Moret@hp.com
   - markus@cvs.openbsd.org 2001/03/03 23:59:34
     [log.c ssh.c]
     log*.c -> log.c
   - markus@cvs.openbsd.org 2001/03/04 00:03:59
     [channels.c]
     debug1->2
   - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
     [ssh.c]
     add -m to usage; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
     [sshd.8]
     small cleanup and clarify for PermitRootLogin; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
     [servconf.c sshd.8]
     kill obsolete RandomSeed; ok markus@ deraadt@
   - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
     [sshd.8]
     spelling
   - millert@cvs.openbsd.org 2001/03/04 17:42:28
     [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
   - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
     [sshd.8]
     list SSH2 ciphers
 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
 - (bal) Fix up logging since it changed.  removed log-*.c
 - (djm) Fix up LOG_AUTHPRIV for systems that have it
 - (stevesk) OpenBSD sync:
   - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
     [ssh-keyscan.c]
     skip inlining, why bother
 - (stevesk) sftp.c: handle __progname

20010304
 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
   give Mark Roth credit for mdoc2man.pl

20010303
 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
   "--with-egd-pool" configure option with "--with-prngd-socket" and
   "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>

Revision 1.42 / (download) - annotate - [select for diffs], Sun Mar 11 20:42:28 2001 UTC (23 years ago) by tron
Branch: MAIN
Changes since 1.41: +3 -1 lines
Diff to previous 1.41 (colored) to selected 1.215 (colored)

Add dependence on "zlib" package under Solaris.

Revision 1.41 / (download) - annotate - [select for diffs], Thu Mar 1 04:14:22 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored) to selected 1.215 (colored)

use 2.5.1p2.

20010301
 - (djm) Properly add -lcrypt if needed.
 - (djm) Force standard PAM conversation function in a few more places.
   Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
   <nalin@redhat.com>
 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
   <vinschen@redhat.com>
 - (djm) Released 2.5.1p2

20010228
 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
   "Bad packet length" bugs.
 - (djm) Fully revert PAM session patch (again). All PAM session init is
   now done before the final fork().
 - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
 - (djm) Remove /tmp from EGD socket search list

20010227
 - (bal) Applied shutdown() patch for sftp.c by  Corinna Vinschen
   <vinschen@redhat.com>
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/02/23 15:37:45
     [session.c]
     handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
 - (bal) sshd.init support for all Redhat release.  Patch by Jim Knoble
   <jmknoble@jmknoble.cx>
 - (djm) Fix up POSIX saved uid support. Report from Mark Miller
   <markm@swoon.net>
 - (djm) Search for -lcrypt on FreeBSD too
 - (djm) fatal() on OpenSSL version mismatch
 - (djm) Move PAM init to after fork for non-Solaris derived PAMs
 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
   <markm@swoon.net>
 - (djm) Fix PAM fix
 - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
   change is being made as 2.5.x configfiles are not back-compatible with
   2.3.x.
 - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
   <markm@swoon.net>
 - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
   <tim@multitalents.net>
 - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
   <tim@multitalents.net>

20010226
 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
   Based on patch from Tim Rice <tim@multitalents.net>

20010225
 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
   Patch from Adrian Ho <lexfiend@usa.net>
 - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
   platform defines u_int64_t as being that.

20010224
 - (bal) Missed part of the UNIX sockets patch.  Patch by Corinna
   Vinschen <vinschen@redhat.com>
 - (bal) Reorder where 'strftime' is detected to resolve linking
   issues on SCO.  Patch by Tim Rice <tim@multitalents.net>

20010224
 - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
   Patch by Pekka Savola <pekkas@netcore.fi>
 - (bal) Renamed sigaction.[ch] to sigact.[ch].  Causes problems with
   some platforms.
 - (bal) Generalize lack of UNIX sockets since this also effects Cray
   not just Cygwin.  Based on patch by Wendy Palm <wendyp@cray.com>

20010223
 - (bal) Fix --define rh7 in openssh.spec file.  Patch by Steve Tell
   <tell@telltronics.org>
 - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
   that it was compiled against.  Patch by Pekka Savola <pekkas@netcore.fi>
 - (bal) Double -I for OpenSSL on SCO.  Patch by Tim Rice
   <tim@multitalents.net>

20010222
 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
 - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
 - (bal) Removed reference to liblogin from contrib/README.  It was
   integrated into OpenSSH a long while ago.
 - (stevesk) remove erroneous #ifdef sgi code.
   Michael Stone <mstone@cs.loyola.edu>

20010221
 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
 - (bal) Fixed OpenSSL rework to use $saved_*.  Patch by Tim Rice
   <tim@multitalents.net>
 - (bal) Reverted out of 2001/02/15 patch by djm below because it
   breaks Solaris.
	- (djm) Move PAM session setup back to before setuid to user.
	  fixes problems on Solaris-drived PAMs.
 - (stevesk) session.c: back out to where we were before:
    - (djm) Move PAM session initialisation until after fork in sshd. Patch
      from Nalin Dahyabhai <nalin@redhat.com>

20010220
 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
   getcwd.c.
 - (bal) OpenBSD CVS Sync:
   - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
     [sshd.c]
     clarify message to make it not mention "ident"

Revision 1.40 / (download) - annotate - [select for diffs], Tue Feb 20 16:33:13 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored) to selected 1.215 (colored)

upgrade to 2.5.1p1.

20010219
 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
   pty.[ch] -> sshpty.[ch]
 - (djm) Rework search for OpenSSL location. Skip directories which don't
   exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
   with its limit of 6 -L options.
 - OpenBSD CVS Sync:
   - reinhard@cvs.openbsd.org        2001/02/17 08:24:40
     [sftp.1]
     typo
   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
     [ssh.c]
     cleanup -V output; noted by millert
   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
     [sshd.8]
     it's the OpenSSH one
   - markus@cvs.openbsd.org  2001/02/18 11:33:54
     [dispatch.c]
     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
   - markus@cvs.openbsd.org  2001/02/19 02:53:32
     [compat.c compat.h serverloop.c]
     ssh-1.2.{18-22} has broken handling of ignore messages; report from
     itojun@
   - markus@cvs.openbsd.org  2001/02/19 03:35:23
     [version.h]
     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
     [scp.c]
     np is changed by recursion; vinschen@redhat.com
 - Update versions in RPM spec files
 - Release 2.5.1p1

20010218
 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
   <tim@multitalents.net>
 - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
   stevesk
 - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
   <vinschen@redhat.com> and myself.
 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
   Miskiewicz <misiek@pld.ORG.PL>
 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
   Todd C. Miller <Todd.Miller@courtesan.com>
 - (djm) Use ttyname() to determine name of tty returned by openpty()
   rather then risking overflow. Patch from Marek Michalkiewicz
   <marekm@amelek.gda.pl>
 - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
   Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
 - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
 - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
   SunOS)
 - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
   <tim@multitalents.net>
 - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
 - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
   SIGALRM.
 - (djm) Move entropy.c over to mysignal()
 - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
   a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
   Miller <Todd.Miller@courtesan.com>
 - (djm) Update RPM spec files for 2.5.0p1
 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
   enable with --with-bsd-auth.
 - (stevesk) entropy.c: typo; should be SIGPIPE

20010217
 - (bal) OpenBSD Sync:
   - markus@cvs.openbsd.org 2001/02/16 13:38:18
     [channel.c]
     remove debug
   - markus@cvs.openbsd.org 2001/02/16 14:03:43
     [session.c]
     proper payload-length check for x11 w/o screen-number

20010216
 - (bal) added '--with-prce'  to allow overriding of system regex when
   required (tested by David Dulek <ddulek@fastenal.com>)
 - (bal) Added DG/UX case and set that they have a broken IPTOS.
 - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
   Fixes linking on SCO.
 - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
   Nalin Dahyabhai <nalin@redhat.com>
 - (djm) BSD license for gnome-ssh-askpass (was X11)
 - (djm) KNF on gnome-ssh-askpass
 - (djm) USE_PIPES for a few more sysv platforms
 - (djm) Cleanup configure.in a little
 - (djm) Ask users to check config.log when we can't find necessary libs
 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
   OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
 - (djm) OpenBSD CVS:
   - markus@cvs.openbsd.org  2001/02/15 16:19:59
     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
     [sshconnect1.c sshconnect2.c]
     genericize password padding function for SSH1 and SSH2.
     add stylized echo to 2, too.
 - (djm) Add roundup() macro to defines.h
 - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
   needed on Unixware 2.x.

20010215
 - (djm) Move PAM session setup back to before setuid to user. Fixes
   problems on Solaris-derived PAMs.
 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
   <Darren.Moffat@eng.sun.com>
 - (bal) Sync w/ OpenSSH for new release
   - markus@cvs.openbsd.org 2001/02/12 12:45:06
     [sshconnect1.c]
     fix xmalloc(0), ok dugsong@
   - markus@cvs.openbsd.org 2001/02/11 12:59:25
     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
   - markus@cvs.openbsd.org 2001/02/12 16:16:23
     [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
   - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
     [clientloop.c packet.c ssh-keyscan.c]
     deal with EAGAIN/EINTR selects which were skipped
   - markus@cvs.openssh.org 2001/02/13 22:49:40
     [auth1.c auth2.c]
     setproctitle(user) only if getpwnam succeeds
   - markus@cvs.openbsd.org 2001/02/12 23:26:20
     [sshd.c]
     missing memset; from solar@openwall.com
   - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
     [sftp-int.c]
     lumask now works with 1 numeric arg; ok markus@, djm@
   - djm@cvs.openbsd.org 2001/02/14 9:46:03
     [sftp-client.c sftp-int.c sftp.1]
     Fix and document 'preserve modes & times' option ('-p' flag in sftp);
     ok markus@
 - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
 - (djm) Move to Jim's 1.2.0 X11 askpass program
 - (stevesk) OpenBSD sync:
   - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
     [serverloop.c]
     indent

20010214
 - (djm) Don't try to close PAM session or delete credentials if the
   session has not been open or credentials not set. Based on patch from
   Andrew Bartlett <abartlet@pcug.org.au>
 - (djm) Move PAM session initialisation until after fork in sshd. Patch
   from Nalin Dahyabhai <nalin@redhat.com>
 - (bal) Missing function prototype in bsd-snprintf.c patch by
   Mark Miller <markm@swoon.net>
 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
   <cmadams@hiwaay.net> with a little modification and KNF.
 - (stevesk) fix for SIA patch, misplaced session_setup_sia()

20010213
 - (djm) Only test -S potential EGD sockets if they exist and are readable.
 - (bal) Cleaned out bsd-snprintf.c.  VARARGS have been banished and
   I did a base KNF over the whe whole file to make it more acceptable.
   (backed out of original patch and removed it from ChangeLog)
 - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
   Tim Rice <tim@multitalents.net>
 - (stevesk) auth1.c: fix PAM passwordless check.

20010212
 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
   --define "skip_gnome_askpass 1", --define "rh7 1" and make the
   implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
   Pekka Savola <pekkas@netcore.fi>
 - (djm) Clean up PCRE text in INSTALL
 - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
   <mib@unimelb.edu.au>
 - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
 - (stevesk) session.c: remove debugging code.

20010211
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/02/07 22:35:46
     [auth1.c auth2.c sshd.c]
     move k_setpag() to a central place; ok dugsong@
   - markus@cvs.openbsd.org 2001/02/10 12:52:02
     [auth2.c]
     offer passwd before s/key
   - markus@cvs.openbsd.org 2001/02/8 22:37:10
     [canohost.c]
     remove last call to sprintf; ok deraadt@
   - markus@cvs.openbsd.org 2001/02/10 1:33:32
     [canohost.c]
     add debug message, since sshd blocks here if DNS is not available
   - markus@cvs.openbsd.org 2001/02/10 12:44:02
     [cli.c]
     don't call vis() for \r
   - danh@cvs.openbsd.org 2001/02/10 0:12:43
     [scp.c]
     revert a small change to allow -r option to work again; ok deraadt@
   - danh@cvs.openbsd.org 2001/02/10 15:14:11
     [scp.c]
     fix memory leak; ok markus@
   - djm@cvs.openbsd.org 2001/02/10 0:45:52
     [scp.1]
     Mention that you can quote pathnames with spaces in them
   - markus@cvs.openbsd.org 2001/02/10 1:46:28
     [ssh.c]
     remove mapping of argv[0] -> hostname
   - markus@cvs.openbsd.org 2001/02/06 22:26:17
     [sshconnect2.c]
     do not ask for passphrase in batch mode; report from ejb@ql.org
   - itojun@cvs.opebsd.org 2001/02/08 10:47:05
     [sshconnect.c sshconnect1.c sshconnect2.c]
     %.30s is too short for IPv6 numeric address.  use %.128s for now.
     markus ok
   - markus@cvs.openbsd.org 2001/02/09 12:28:35
     [sshconnect2.c]
     do not free twice, thanks to /etc/malloc.conf
   - markus@cvs.openbsd.org 2001/02/09 17:10:53
     [sshconnect2.c]
     partial success: debug->log; "Permission denied" if no more auth methods
   - markus@cvs.openbsd.org 2001/02/10 12:09:21
     [sshconnect2.c]
     remove some lines
   - markus@cvs.openbsd.org 2001/02/09 13:38:07
     [auth-options.c]
     reset options if no option is given; from han.holl@prismant.nl
   - markus@cvs.openbsd.org 2001/02/08 21:58:28
     [channels.c]
     nuke sprintf, ok deraadt@
   - markus@cvs.openbsd.org 2001/02/08 21:58:28
     [channels.c]
     nuke sprintf, ok deraadt@
   - markus@cvs.openbsd.org 2001/02/06 22:43:02
     [clientloop.h]
     remove confusing callback code
   - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
     [readconf.c]
     snprintf
   - itojun@cvs.openbsd.org 2001/02/08 19:30:52
     sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
   - itojun@cvs.openbsd.org 2001/02/07 18:04:50
     [ssh-keyscan.c]
     fix size_t -> int cast (use u_long).  markus ok
   - markus@cvs.openbsd.org 2001/02/07 22:43:16
     [ssh-keyscan.c]
     s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
   - itojun@cvs.openbsd.org 2001/02/09 9:04:59
     [ssh-keyscan.c]
     do not assume malloc() returns zero-filled region.  found by
     malloc.conf=AJ.
   - markus@cvs.openbsd.org 2001/02/08 22:35:30
     [sshconnect.c]
     don't connect if batch_mode is true and stricthostkeychecking set to
    'ask'
   - djm@cvs.openbsd.org 2001/02/04 21:26:07
     [sshd_config]
     type: ok markus@
   - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
     [sshd_config]
     enable sftp-server by default
   - deraadt 2001/02/07 8:57:26
     [xmalloc.c]
     deal with new ANSI malloc stuff
   - markus@cvs.openbsd.org 2001/02/07 16:46:08
     [xmalloc.c]
     typo in fatal()
   - itojun@cvs.openbsd.org 2001/02/07 18:04:50
     [xmalloc.c]
     fix size_t -> int cast (use u_long).  markus ok
   - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
     [serverloop.c sshconnect1.c]
     mitigate SSH1 traffic analysis - from Solar Designer
     <solar@openwall.com>, ok provos@
 - (bal) fixed sftp-client.c.  Return 'status' instead of '0'
   (from the OpenBSD tree)
 - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
 - (bal) sftp-sever.c  '%8lld' to '%8llu' (OpenBSD Sync)
 - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
 - (bal) A bit more whitespace cleanup
 - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
   <abartlet@pcug.org.au>
 - (stevesk) misc.c: ssh.h not needed.
 - (stevesk) compat.c: more friendly cpp error
 - (stevesk) OpenBSD sync:
   - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
     [LICENSE]
     typos and small cleanup; ok deraadt@

20010210
 - (djm) Sync sftp and scp stuff from OpenBSD:
   - djm@cvs.openbsd.org     2001/02/07 03:55:13
     [sftp-client.c]
     Don't free handles before we are done with them. Based on work from
     Corinna Vinschen <vinschen@redhat.com>. ok markus@
   - djm@cvs.openbsd.org     2001/02/06 22:32:53
     [sftp.1]
     Punctuation fix from Pekka Savola <pekkas@netcore.fi>
   - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
     [sftp.1]
     pretty up significantly
   - itojun@cvs.openbsd.org  2001/02/07 06:49:42
     [sftp.1]
     .Bl-.El mismatch.  markus ok
   - djm@cvs.openbsd.org     2001/02/07 06:12:30
     [sftp-int.c]
     Check that target is a directory before doing ls; ok markus@
   - itojun@cvs.openbsd.org  2001/02/07 11:01:18
     [scp.c sftp-client.c sftp-server.c]
     unsigned long long -> %llu, not %qu.  markus ok
   - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
     [sftp.1 sftp-int.c]
     more man page cleanup and sync of help text with man page; ok markus@
   - markus@cvs.openbsd.org  2001/02/07 14:58:34
     [sftp-client.c]
     older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
   - djm@cvs.openbsd.org     2001/02/07 15:27:19
     [sftp.c]
     Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
     <roumen.petrov@skalasoft.com>
   - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
     [sftp-int.c]
     portable; ok markus@
   - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
     [sftp-int.c]
     lowercase cmds[].c also; ok markus@
   - markus@cvs.openbsd.org  2001/02/07 17:04:52
     [pathnames.h sftp.c]
     allow sftp over ssh protocol 1; ok djm@
   - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
     [scp.c]
     memory leak fix, and snprintf throughout
   - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
     [sftp-int.c]
     plug a memory leak
   - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
     [session.c sftp-client.c]
     %i -> %d
   - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
     [sftp-int.c]
     typo
   - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
     [sftp-int.c pathnames.h]
     _PATH_LS; ok markus@
   - djm@cvs.openbsd.org     2001/02/09 04:46:25
     [sftp-int.c]
     Check for NULL attribs for chown, chmod & chgrp operations, only send
     relevant attribs back to server; ok markus@
   - djm@cvs.openbsd.org     2001/02/06 15:05:25
     [sftp.c]
     Use getopt to process commandline arguments
   - djm@cvs.openbsd.org     2001/02/06 15:06:21
     [sftp.c ]
     Wait for ssh subprocess at exit
   - djm@cvs.openbsd.org     2001/02/06 15:18:16
     [sftp-int.c]
     stat target for remote chdir before doing chdir
   - djm@cvs.openbsd.org     2001/02/06 15:32:54
     [sftp.1]
     Punctuation fix from Pekka Savola <pekkas@netcore.fi>
   - provos@cvs.openbsd.org  2001/02/05 22:22:02
     [sftp-int.c]
     cleanup get_pathname, fix pwd after failed cd. okay djm@
 - (djm) Update makefile.in for _PATH_SFTP_SERVER
 - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)

20010209
 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
   <rjmooney@mediaone.net>
 - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
   main tree while porting forward.  Pointed out by Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 - (bal) double entry in configure.in.  Pointed out by Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 - (stevesk) OpenBSD sync:
   - markus@cvs.openbsd.org  2001/02/08 11:20:01
     [auth2.c]
     strict checking
   - markus@cvs.openbsd.org  2001/02/08 11:15:22
     [version.h]
     update to 2.3.2
   - markus@cvs.openbsd.org  2001/02/08 11:12:30
     [auth2.c]
     fix typo
 - (djm) Update spec files
 - (bal) OpenBSD sync:
   - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
     [scp.c]
     memory leak fix, and snprintf throughout
   - markus@cvs.openbsd.org 2001/02/06 22:43:02
     [clientloop.c]
     remove confusing callback code
 - (djm) Add CVS Id's to files that we have missed
 - (bal) OpenBSD Sync (more):
   - itojun@cvs.openbsd.org 2001/02/08 19:30:52
     sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
   - markus@cvs.openbsd.org 2001/02/06 22:07:42
     [ssh.c]
     fatal() if subsystem fails
   - markus@cvs.openbsd.org 2001/02/06 22:43:02
     [ssh.c]
     remove confusing callback code
   - jakob@cvs.openbsd.org 2001/02/06 23:03:24
     [ssh.c]
     add -1 option (force protocol version 1). ok markus@
   - jakob@cvs.openbsd.org 2001/02/06 23:06:21
     [ssh.c]
     reorder -{1,2,4,6} options. ok markus@
 - (bal) Missing 'const' in readpass.h
 - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
   - djm@cvs.openbsd.org 2001/02/06 23:30:28
     [sftp-client.c]
     replace arc4random with counter for request ids; ok markus@
 - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
   Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

20010208
 - (djm) Don't delete external askpass program in make uninstall target.
   Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
 - (djm) Fix linking of sftp, don't need arc4random any more.
 - (djm) Try to use shell that supports "test -S" for EGD socket search.
   Based on patch from Tim Rice <tim@multitalents.net>

20010207
 - (bal) Save the whole path to AR in configure.  Some Solaris 2.7 installs
   seem lose track of it while in openbsd-compat/  (two confirmed reports)
 - (djm) Much KNF on PAM code
 - (djm) Revise auth-pam.c conversation function to be a little more
   readable.
 - (djm) Revise kbd-int PAM conversation function to fold all text messages
   to before first prompt. Fixes hangs if last pam_message did not require
   a reply.
 - (djm) Fix password changing when using PAM kbd-int authentication

20010205
 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
   that don't have NGROUPS_MAX.
 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
 - (stevesk) OpenBSD sync:
   - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
     [many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
   - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
     [sftp-server.c]
     SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
   - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
     [sftp-int.c]
     ? == help
   - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
     [sftp-int.c]
     sort commands, so that abbreviations work as expected
   - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
     [sftp-int.c]
     debugging sftp: precedence and missing break.  chmod, chown, chgrp
     seem to be working now.
   - markus@cvs.openbsd.org 2001/02/04 14:41:21
     [sftp-int.c]
     use base 8 for umask/chmod
   - markus@cvs.openbsd.org 2001/02/04 11:11:54
     [sftp-int.c]
     fix LCD
   - markus@cvs.openbsd.org  2001/02/04 08:10:44
     [ssh.1]
     typo; dpo@club-internet.fr
   - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
     [auth2.c authfd.c packet.c]
     remove duplicate #include's; ok markus@
   - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
     [scp.c sshd.c]
     alpha happiness
   - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
     [sshd.c]
     precedence; ok markus@
   - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
     [ssh.c sshd.c]
     make the alpha happy
   - markus@cvs.openbsd.org  2001/01/31 13:37:24
     [channels.c channels.h serverloop.c ssh.c]
     do not disconnect if local port forwarding fails, e.g. if port is
     already in use
   - markus@cvs.openbsd.org  2001/02/01 14:58:09
     [channels.c]
     use ipaddr in channel messages, ietf-secsh wants this
   - markus@cvs.openbsd.org  2001/01/31 12:26:20
     [channels.c]
     ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
     messages; bug report from edmundo@rano.org
   - markus@cvs.openbsd.org  2001/01/31 13:48:09
     [sshconnect2.c]
     unused
   - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
     [sftp-client.c sftp-server.c]
     make gcc on the alpha even happier

20010204
 - (bal) I think this is the last of the bsd-*.h that don't belong.
 - (bal) Minor Makefile fix
 - (bal) openbsd-compat/Makefile minor fix.  Ensure dependancies are done
   right.
 - (bal) Changed order of LIB="" in -with-skey due to library resolving.
 - (bal) next-posix.h changed to bsd-nextstep.h
 - (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
 - (djm) Makefile.in fixes
 - (stevesk) add mysignal() wrapper and use it for the protocol 2
   SIGCHLD handler.
 - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@

20010203
 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
 - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
   based file) to ensure #include space does not get confused.
 - (bal) Minor Makefile.in tweak.  dirname may not exist on some
   platforms so builds fail.  (NeXT being a well known one)

20010202
 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
   <vinschen@redhat.com>
 - (bal) Makefile fix to use $(MAKE) instead of 'make'  for platforms
   that use 'gmake'.   Patch by Tim Rice <tim@multitalents.net>

20010201
 - (bal) Minor fix to Makefile to stop rebuilding executables if no
   changes have occured to any of the supporting code.  Patch by
   Roumen Petrov <roumen.petrov@skalasoft.com>

20010131
 - (djm) OpenBSD CVS Sync:
   - djm@cvs.openbsd.org     2001/01/30 15:48:53
     [sshconnect.c]
     Make warning message a little more consistent. ok markus@
 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
   Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
   respectively.
 - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
   passwords.
 - (bal) Reorder.  Move all bsd-*, fake-*, next-*, and cygwin* stuff to
   openbsd-compat/.  And resolve all ./configure and Makefile.in issues
   assocated.

20010130
 - (djm) OpenBSD CVS Sync:
   - markus@cvs.openbsd.org  2001/01/29 09:55:37
     [channels.c channels.h clientloop.c serverloop.c]
     fix select overflow; ok deraadt@ and stevesk@
   - markus@cvs.openbsd.org  2001/01/29 12:42:35
     [canohost.c canohost.h channels.c clientloop.c]
     add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
   - markus@cvs.openbsd.org  2001/01/29 12:47:32
     [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
     handle rsa_private_decrypt failures; helps against the Bleichenbacher
     pkcs#1 attack
   - djm@cvs.openbsd.org     2001/01/29 05:36:11
     [ssh.1 ssh.c]
     Allow invocation of sybsystem by commandline (-s); ok markus@
 - (stevesk) configure.in: remove duplicate PROG_LS

20010129
 - (stevesk) sftp-server.c: use %lld vs. %qd

20010128
 - (bal) Put USE_PIPES back into sco3.2v5
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/28 10:15:34
     [dispatch.c]
     re-keying is not supported; ok deraadt@
   - markus@cvs.openbsd.org 2001/01/28 10:24:04
     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     cleanup AUTHORS sections
   - markus@cvs.openbsd.org 2001/01/28 10:37:26
     [sshd.c sshd.8]
     remove -Q, no longer needed
   - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
     [readconf.c ssh.1]
     ``StrictHostKeyChecking ask'' documentation and small cleanup.
     ok markus@
   - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
     [sshd.8]
     spelling.  ok markus@
   - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
     [xmalloc.c]
     use size_t for strlen() return.  ok markus@
   - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
     [authfile.c]
     spelling.  use sizeof vs. strlen().  ok markus@
   - niklas@cvs.openbsd.org 2001/01/29 1:59:14
     [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
      groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
      key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
      radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
      ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
      sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
     $OpenBSD$
  - (bal) Minor auth2.c resync.  Whitespace and moving of an #include.

20010126
 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
   Petrov <roumen.petrov@skalasoft.com>
 - (bal) OpenBSD Sync
   - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
     [ssh-agent.c]
     call _exit() in signal handler

20010125
 - (djm) Sync bsd-* support files:
   - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
     [rresvport.c bindresvport.c]
     new bindresvport() semantics that itojun, shin, jean-luc and i have
     agreed on, which will be happy for the future. bindresvport_sa() for
     sockaddr *, too.  docs later..
   - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
     [bindresvport.c]
     in bindresvport(), if sin is non-NULL, example sin->sin_family for
     the actual family being processed
 - (djm) Mention PRNGd in documentation, it is nicer than EGD
 - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
 - (bal) AC_FUNC_STRFTIME added to autoconf
 - (bal) OpenBSD Resync
   - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
     [channels.c]
     missing freeaddrinfo(); ok markus@

20010124
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/23 10:45:10
     [ssh.h]
     nuke comment
 - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
 - (bal) #ifdef around S_IFSOCK if platform does not support it.
   patch by Tim Rice <tim@multitalents.net>
 - (bal) fake-regex.h cleanup based on Tim Rice's patch.
 - (stevesk) sftp-server.c: fix chmod() mode mask

20010123
 - (bal) regexp.h typo in configure.in.  Should have been regex.h
 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
 - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/22 8:15:00
     [auth-krb4.c sshconnect1.c]
     only AFS needs radix.[ch]
   - markus@cvs.openbsd.org 2001/01/22 8:32:53
     [auth2.c]
     no need to include; from mouring@etoh.eviladmin.org
   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
     [key.c]
     free() -> xfree(); ok markus@
   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
     [sshconnect2.c sshd.c]
     fix memory leaks in SSH2 key exchange; ok markus@
   - markus@cvs.openbsd.org 2001/01/22 23:06:39
     [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
      sshconnect1.c sshconnect2.c sshd.c]
     rename skey -> challenge response.
     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.


20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.

20010120
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26
     [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
 - (bal) Slight auth2-pam.c clean up.
 - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
   but no 'regexp.h' found (SCO OpenServer 3 lacks the header).

20010119
 - (djm) Update versions in RPM specfiles
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
   to fix NULL pointer deref and fake authloop breakage in PAM code.
 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
 - (bal) Minor cygwin patch to auth1.c.  Suggested by djm.

20010118
 - (bal) Super Sized OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
     [sshd.c]
     maxfd+1
   - markus@cvs.openbsd.org 2001/01/13 17:59:18
     [ssh-keygen.1]
     small ssh-keygen manpage cleanup; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:03:07
     [scp.c ssh-keygen.c sshd.c]
     getopt() returns -1 not EOF; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:06:54
     [ssh-keyscan.c]
     use SSH_DEFAULT_PORT; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:12:47
     [ssh-keyscan.c]
     free() -> xfree(); fix memory leak; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:14:13
     [ssh-add.c]
     typo, from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org 2001/01/13 18:32:50
     [packet.c session.c ssh.c sshconnect.c sshd.c]
     split out keepalive from packet_interactive (from dale@accentre.com)
     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
   - markus@cvs.openbsd.org 2001/01/13 18:36:45
     [packet.c packet.h]
     reorder, typo
   - markus@cvs.openbsd.org 2001/01/13 18:38:00
     [auth-options.c]
     fix comment
   - markus@cvs.openbsd.org 2001/01/13 18:43:31
     [session.c]
     Wall
   - markus@cvs.openbsd.org 2001/01/13 19:14:08
     [clientloop.h clientloop.c ssh.c]
     move callback to headerfile
   - markus@cvs.openbsd.org 2001/01/15 21:40:10
     [ssh.c]
     use log() instead of stderr
   - markus@cvs.openbsd.org 2001/01/15 21:43:51
     [dh.c]
     use error() not stderr!
   - markus@cvs.openbsd.org 2001/01/15 21:45:29
     [sftp-server.c]
     rename must fail if newpath exists, debug off by default
   - markus@cvs.openbsd.org 2001/01/15 21:46:38
     [sftp-server.c]
     readable long listing for sftp-server, ok deraadt@
   - markus@cvs.openbsd.org 2001/01/16 19:20:06
     [key.c ssh-rsa.c]
     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
     since they are in the wrong format, too. they must be removed from
     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
     .ssh/authorized_keys2) additionally, we now check that
     BN_num_bits(rsa->n) >= 768.
   - markus@cvs.openbsd.org 2001/01/16 20:54:27
     [sftp-server.c]
     remove some statics. simpler handles; idea from nisse@lysator.liu.se
   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
     [bufaux.c radix.c sshconnect.h sshconnect1.c]
     indent
 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
   be missing such feature.


20010117
 - (djm) Only write random seed file at exit
 - (djm) Make PAM support optional, enable with --with-pam
 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
   provides a crypt() of its own)
 - (djm) Avoid a warning in bsd-bindresvport.c
 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
   can cause weird segfaults errors on Solaris
 - (djm) Avoid warning in PAM code by making read_passphrase arguments const
 - (djm) Add --with-pam to RPM spec files

20010115
 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
 - (bal) utimes() support via utime() interface on machine that lack utimes().

20010114
 - (stevesk) initial work for OpenBSD "support supplementary group in
   {Allow,Deny}Groups" patch:
   - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
   - add bsd-getgrouplist.h
   - new files groupaccess.[ch]
   - build but don't use yet (need to merge auth.c changes)
 - (stevesk) complete:
   - markus@cvs.openbsd.org  2001/01/13 11:56:48
     [auth.c sshd.8]
     support supplementary group in {Allow,Deny}Groups
     from stevesk@pobox.com

20010112
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/10 22:56:22
     [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
     cleanup sftp-server implementation:
     add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
     parse SSH2_FILEXFER_ATTR_EXTENDED
     send SSH2_FX_EOF if readdir returns no more entries
     reply to SSH2_FXP_EXTENDED message
     use #defines from the draft
     move #definations to sftp.h
     more info:
     http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
   - markus@cvs.openbsd.org 2001/01/10 19:43:20
     [sshd.c]
     XXX - generate_empheral_server_key() is not safe against races,
     because it calls log()
   - markus@cvs.openbsd.org 2001/01/09 21:19:50
     [packet.c]
     allow TCP_NDELAY for ipv6; from netbsd via itojun@

20010110
 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
   Bladt Norbert <Norbert.Bladt@adi.ch>

20010109
 - (bal) Resync CVS ID of cli.c
 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
   code.
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/08 22:29:05
     [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
      sshd_config version.h]
     implement option 'Banner /etc/issue.net' for ssh2, move version to
     2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
     is enabled).
   - markus@cvs.openbsd.org 2001/01/08 22:03:23
     [channels.c ssh-keyscan.c]
     O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/08 21:55:41
     [sshconnect1.c]
     more cleanups and fixes from stevesk@pobox.com:
     1) try_agent_authentication() for loop will overwrite key just
        allocated with key_new(); don't alloc
     2) call ssh_close_authentication_connection() before exit
        try_agent_authentication()
     3) free mem on bad passphrase in try_rsa_authentication()
   - markus@cvs.openbsd.org 2001/01/08 21:48:17
     [kex.c]
     missing free; thanks stevesk@pobox.com
  - (bal) Detect if clock_t structure exists, if not define it.
  - (bal) Detect if O_NONBLOCK exists, if not define it.
  - (bal) removed news4-posix.h (now empty)
  - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
    instead of 'int'
 - (stevesk) sshd_config: sync
 - (stevesk) defines.h: remove spurious ``;''

20010108
 - (bal) Fixed another typo in cli.c
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     typo
   - markus@cvs.openbsd.org 2001/01/07 21:26:55
     [cli.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 19:06:25
     [auth1.c]
     missing free, stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/07 11:28:04
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
      ssh.h sshd.8 sshd.c]
     rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
     syslog priority changes:
             fatal() LOG_ERR  -> LOG_CRIT
             log()   LOG_INFO -> LOG_NOTICE
 - Updated TODO

20010107
 - (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)

20010105
 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()

20010104
 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
   work by Chris Vaughan <vaughan99@yahoo.com>

20010103
 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
   tree (mainly positioning)
 - (bal) OpenSSH CVS Update
   - markus@cvs.openbsd.org 2001/01/02 20:41:02
     [packet.c]
     log remote ip on disconnect; PR 1600 from jcs@rt.fm
   - markus@cvs.openbsd.org 2001/01/02 20:50:56
     [sshconnect.c]
     strict_host_key_checking for host_status != HOST_CHANGED &&
     ip_status == HOST_CHANGED
 - (bal) authfile.c: Synced CVS ID tag
 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
 - (bal) Disable sftp-server if no 64bit int support exists.  Based on
   patch by Tim Rice <tim@multitalents.net>
 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
   and sftp-server.8 manpage.

20010102
 - (bal) OpenBSD CVS Update
   - markus@cvs.openbsd.org 2001/01/01 14:52:49
     [scp.c]
     use shared fatal(); from stevesk@pobox.com

20001231
 - (bal) Reverted out of MAXHOSTNAMELEN.  This should be set per OS.
   for multiple reasons.
 - (bal) Reverted out of a partial NeXT patch.

20001230
 - (bal) OpenBSD CVS Update
   - markus@cvs.openbsd.org 2000/12/28 18:58:30
     [ssh-keygen.c]
     enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
   - markus@cvs.openbsd.org 2000/12/29 22:19:13
     [channels.c]
     missing xfree; from vaughan99@yahoo.com
 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
 - (bal) if no MAXHOSTNAMELEN is defined.  Default to 64 character defination.
   Suggested by Christian Kurz <shorty@debian.org>
 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
    don't honor CPPFLAGS by default.  Suggested by Lutz Jaenicke
    <Lutz.Jaenicke@aet.TU-Cottbus.DE>

20001229
 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
   Kurz <shorty@debian.org>
 - (bal) OpenBSD CVS Update
   - markus@cvs.openbsd.org 2000/12/28 14:25:51
     [auth.h auth2.c]
     count authentication failures only
   - markus@cvs.openbsd.org 2000/12/28 14:25:03
     [sshconnect.c]
     fingerprint for MITM attacks, too.
   - markus@cvs.openbsd.org 2000/12/28 12:03:57
     [sshd.8 sshd.c]
     document -D
   - markus@cvs.openbsd.org 2000/12/27 14:19:21
     [serverloop.c]
     less chatty
   - markus@cvs.openbsd.org 2000/12/27 12:34
     [auth1.c sshconnect2.c sshd.c]
     typo
   - markus@cvs.openbsd.org 2000/12/27 12:30:19
     [readconf.c readconf.h ssh.1 sshconnect.c]
     new option: HostKeyAlias: allow the user to record the host key
     under a different name. This is useful for ssh tunneling over
     forwarded connections or if you run multiple sshd's on different
     ports on the same machine.
   - markus@cvs.openbsd.org 2000/12/27 11:51:53
     [ssh.1 ssh.c]
     multiple -t force pty allocation, document ORIGINAL_COMMAND
   - markus@cvs.openbsd.org 2000/12/27 11:41:31
     [sshd.8]
     update for ssh-2
 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
   fix merge.

20001228
 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
   libutil.h.  Suggested by Pekka Savola <pekka@netcore.fi>
 - (djm) Update to new x11-askpass in RPM spec
 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
   header.  Patch by Tim Rice <tim@multitalents.net>
 - Updated TODO w/ known HP/UX issue
 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
   bad reference to 'NeXT including it else were' on the #ifdef version.

20001227
 - (bal) Typo in configure.in: entut?ent should be endut?ent.  Suggested by
   Takumi Yamane <yamtak@b-session.com>
 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize().  Patch
   by Corinna Vinschen <vinschen@redhat.com>
 - (djm) Fix catman-do target for non-bash
 - (bal) Typo in configure.in: entut?ent should be endut?ent.  Suggested by
   Takumi Yamane <yamtak@b-session.com>
 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize().  Patch
   by Corinna Vinschen <vinschen@redhat.com>
 - (djm) Fix catman-do target for non-bash
 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
   'RLIMIT_NOFILE'
 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
   the info in COPYING.Ylonen has been moved to the start of each
   SSH1-derived file and README.Ylonen is well out of date.

20001223
 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
   if a change to config.h has occurred.  Suggested by Gert Doering
   <gert@greenie.muc.de>
 - (bal) OpenBSD CVS Update:
   - markus@cvs.openbsd.org 2000/12/22 16:49:40
     [ssh-keygen.c]
     fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com

20001222
 - Updated RCSID for pty.c
 - (bal) OpenBSD CVS Updates:
  - markus@cvs.openbsd.org 2000/12/21 15:10:16
    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
  - markus@cvs.openbsd.org 2000/12/20 19:26:56
    [authfile.c]
    allow ssh -i userkey for root
  - markus@cvs.openbsd.org 2000/12/20 19:37:21
    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
    fix prototypes; from stevesk@pobox.com
  - markus@cvs.openbsd.org 2000/12/20 19:32:08
    [sshd.c]
    init pointer to NULL; report from Jan.Ivan@cern.ch
  - markus@cvs.openbsd.org 2000/12/19 23:17:54
    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
    unsigned' with u_char.

20001221
 - (stevesk) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/19 15:43:45
     [authfile.c channels.c sftp-server.c ssh-agent.c]
     remove() -> unlink() for consistency
   - markus@cvs.openbsd.org 2000/12/19 15:48:09
     [ssh-keyscan.c]
     replace <ssl/x.h> with <openssl/x.h>
   - markus@cvs.openbsd.org 2000/12/17 02:33:40
     [uidswap.c]
     typo; from wsanchez@apple.com

20001220
 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
   and Linux-PAM. Based on report and fix from Andrew Morgan
   <morgan@transmeta.com>

20001218
 - (stevesk) rsa.c: entropy.h not needed.
 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
   Suggested by Wilfredo Sanchez <wsanchez@apple.com>

20001216
 - (stevesk) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/16 02:53:57
     [scp.c]
     allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
   - markus@cvs.openbsd.org 2000/12/16 02:39:57
     [scp.c]
     unused; from stevesk@pobox.com

20001215
 - (stevesk) Old OpenBSD patch wasn't completely applied:
   - markus@cvs.openbsd.org 2000/01/24 22:11:20
     [scp.c]
     allow '.' in usernames; from jedgar@fxp.org
 - (stevesk) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/13 16:26:53
     [ssh-keyscan.c]
     fatal already adds \n; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2000/12/13 16:25:44
     [ssh-agent.c]
     remove redundant spaces; from stevesk@pobox.com
   - ho@cvs.openbsd.org 2000/12/12 15:50:21
     [pty.c]
     When failing to set tty owner and mode on a read-only filesystem, don't
     abort if the tty already has correct owner and reasonably sane modes.
     Example; permit 'root' to login to a firewall with read-only root fs.
     (markus@ ok)
   - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
     [pty.c]
     KNF
   - markus@cvs.openbsd.org 2000/12/12 14:45:21
     [sshd.c]
     source port < 1024 is no longer required for rhosts-rsa since it
     adds no additional security.
   - markus@cvs.openbsd.org 2000/12/12 16:11:49
     [ssh.1 ssh.c]
     rhosts-rsa is no longer automagically disabled if ssh is not privileged.
     UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
     these changes should not change the visible default behaviour of the ssh client.
   - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
     [scp.c]
     when copying 0-sized files, do not re-print ETA time at completion
   - provos@cvs.openbsd.org 2000/12/15 10:30:15
     [kex.c kex.h sshconnect2.c sshd.c]
     compute diffie-hellman in parallel between server and client. okay markus@

20001213
 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
   from Andreas M. Kirchwitz <amk@krell.zikzak.de>
 - (stevesk) OpenBSD CVS update:
   - markus@cvs.openbsd.org 2000/12/12 15:30:02
     [ssh-keyscan.c ssh.c sshd.c]
     consistently use __progname; from stevesk@pobox.com

20001211
 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
   patch to install ssh-keyscan manpage.  Patch by Pekka Savola
   <pekka@netcore.fi>
 - (bal) OpenbSD CVS update
   - markus@cvs.openbsd.org 2000/12/10 17:01:53
     [sshconnect1.c]
     always request new challenge for skey/tis-auth, fixes interop with
     other implementations; report from roth@feep.net

20001210
 - (bal) OpenBSD CVS updates
   - markus@cvs.openbsd.org 2000/12/09 13:41:51
     [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
     undo rijndael changes
   - markus@cvs.openbsd.org 2000/12/09 13:48:31
     [rijndael.c]
     fix byte order bug w/o introducing new implementation
   - markus@cvs.openbsd.org 2000/12/09 14:08:27
     [sftp-server.c]
     "" -> "." for realpath; from vinschen@redhat.com
   - markus@cvs.openbsd.org 2000/12/09 14:06:54
     [ssh-agent.c]
     extern int optind; from stevesk@sweden.hp.com
   - provos@cvs.openbsd.org 2000/12/09 23:51:11
     [compat.c]
     remove unnecessary '\n'

20001209
 - (bal) OpenBSD CVS updates:
   - djm@cvs.openbsd.org 2000/12/07 4:24:59
     [ssh.1]
     Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo

20001207
 - (bal) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/06 22:58:14
     [compat.c compat.h packet.c]
     disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
   - markus@cvs.openbsd.org 2000/12/06 23:10:39
     [rijndael.c]
     unexpand(1)
   - markus@cvs.openbsd.org 2000/12/06 23:05:43
     [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
     new rijndael implementation. fixes endian bugs

20001206
 - (bal) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/05 20:34:09
     [channels.c channels.h clientloop.c serverloop.c]
     async connects for -R/-L; ok deraadt@
   - todd@cvs.openssh.org 2000/12/05 16:47:28
     [sshd.c]
     tweak comment to reflect real location of pid file; ok provos@
 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
   have it (used in ssh-keyscan).
 - (stevesk) OpenBSD CVS update:
   - markus@cvs.openbsd.org 2000/12/06 19:57:48
     [ssh-keyscan.c]
     err(3) -> internal error(), from stevesk@sweden.hp.com

20001205
 - (bal) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/04 19:24:02
     [ssh-keyscan.c ssh-keyscan.1]
     David Maziere's ssh-keyscan, ok niels@
 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
   to the recent OpenBSD source tree.
 - (stevesk) fix typos in contrib/hpux/README

20001204
 - (bal) More C functions defined in NeXT that are unaccessable without
   defining -POSIX.
 - (bal) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/03 11:29:04
     [compat.c]
     remove fallback to SSH_BUG_HMAC now that the drafts are updated
   - markus@cvs.openbsd.org 2000/12/03 11:27:55
     [compat.c]
     correctly match "2.1.0.pl2 SSH" etc; from
     pekkas@netcore.fi/bugzilla.redhat
   - markus@cvs.openbsd.org 2000/12/03 11:15:03
     [auth2.c compat.c compat.h sshconnect2.c]
     support f-secure/ssh.com 2.0.12; ok niels@

20001203
 - (bal) OpenBSD CVS updates:
  - markus@cvs.openbsd.org 2000/11/30 22:54:31
    [channels.c]
    debug->warn if tried to do -R style fwd w/o client requesting this;
    ok neils@
  - markus@cvs.openbsd.org 2000/11/29 20:39:17
    [cipher.c]
    des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
  - markus@cvs.openbsd.org 2000/11/30 18:33:05
    [ssh-agent.c]
    agents must not dump core, ok niels@
  - markus@cvs.openbsd.org 2000/11/30 07:04:02
    [ssh.1]
    T is for both protocols
  - markus@cvs.openbsd.org 2000/12/01 00:00:51
    [ssh.1]
    typo; from green@FreeBSD.org
  - markus@cvs.openbsd.org 2000/11/30 07:02:35
    [ssh.c]
    check -T before isatty()
  - provos@cvs.openbsd.org 2000/11/29 13:51:27
    [sshconnect.c]
    show IP address and hostname when new key is encountered. okay markus@
  - markus@cvs.openbsd.org 2000/11/30 22:53:35
    [sshconnect.c]
    disable agent/x11/port fwding if hostkey has changed; ok niels@
  - marksu@cvs.openbsd.org 2000/11/29 21:11:59
    [sshd.c]
    sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
    from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
   PAM authentication using KbdInteractive.
 - (djm) Added another TODO

20001202
 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
   <mstone@cs.loyola.edu>

20001129
 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
   if there are background children with open fds.
 - (djm) bsd-rresvport.c bzero -> memset
 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
   still fail during compilation of sftp-server).
 - (djm) Fail if ar is not found during configure
 - (djm) OpenBSD CVS updates:
   - provos@cvs.openbsd.org  2000/11/22 08:38:31
     [sshd.8]
     talk about /etc/primes, okay markus@
   - markus@cvs.openbsd.org  2000/11/23 14:03:48
     [ssh.c sshconnect1.c sshconnect2.c]
     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
     defaults
   - markus@cvs.openbsd.org  2000/11/25 09:42:53
     [sshconnect1.c]
     reorder check for illegal ciphers, bugreport from espie@
   - markus@cvs.openbsd.org  2000/11/25 10:19:34
     [ssh-keygen.c ssh.h]
     print keytype when generating a key.
     reasonable defaults for RSA1/RSA/DSA keys.
 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
   more manpage paths in fixpaths calls
 - (djm) Also add xauth path at Pekka's suggestion.
 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility

20001125
 - (djm) Give up privs when reading seed file

20001123
 - (bal) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/15 22:31:36
     [auth-options.c]
     case insensitive key options; from stevesk@sweeden.hp.com
   - markus@cvs.openbsd.org  2000/11/16 17:55:43
     [dh.c]
     do not use perror() in sshd, after child is forked()
   - markus@cvs.openbsd.org  2000/11/14 23:42:40
     [auth-rsa.c]
     parse option only if key matches; fix some confusing seen by the client
   - markus@cvs.openbsd.org  2000/11/14 23:44:19
     [session.c]
     check no_agent_forward_flag for ssh-2, too
   - markus@cvs.openbsd.org  2000/11/15
     [ssh-agent.1]
     reorder SYNOPSIS; typo, use .It
   - markus@cvs.openbsd.org  2000/11/14 23:48:55
     [ssh-agent.c]
     do not reorder keys if a key is removed
   - markus@cvs.openbsd.org  2000/11/15 19:58:08
     [ssh.c]
     just ignore non existing user keys
   - millert@cvs.openbsd.org  200/11/15 20:24:43
     [ssh-keygen.c]
     Add missing \n at end of error message.

20001122
 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
   are compilable.
 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.

20001117
 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake.  It
   has no affect the output.  Patch by Corinna Vinschen <vinschen@redhat.com>
 - (stevesk) Reworked progname support.
 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c.  Patch by
   Shinichi Maruyama <marya@st.jip.co.jp>

20001116
 - (bal) Added in MAXSYMLINK test in bsd-realpath.c.  Required for some SCO
   releases.
 - (bal) Make builds work outside of source tree.  Patch by Mark D. Roth
   <roth@feep.net>

20001113
 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
   contrib/README
 - (djm) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
 - (djm) Fix RPM spec file stupidity
 - (djm) fixpaths to DSA and RSA keys too

20001112
 - (bal) SCO Patch to add needed libraries for configure.in.  Patch by
   Phillips Porch <root@theporch.com>
 - (bal) IRIX patch to adding Job Limits.  Patch by Denis Parker
   <dcp@sgi.com>
 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY.  Add error() to
   failed ioctl(TIOCSCTTY) call.

20001111
 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
   packaging files
 - (djm) Fix new Makefile.in warnings
 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
   promoted to type int. Report and fix from Dan Astoorian
   <djast@cs.toronto.edu>
 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
   it wrong. Report from Bennett Todd <bet@rahul.net>

20001110
 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
 - (bal) Added in check to verify S/Key library is being detected in
   configure.in
 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
   Patch by Mark Miller <markm@swoon.net>
 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
   to remove warnings under MacOS X.  Patch by Mark Miller <markm@swoon.net>
 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs

20001107
 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
   Mark Miller <markm@swoon.net>
 - (bal) sshd.init files corrected to assign $? to RETVAL.  Patch by
   Jarno Huuskonen <jhuuskon@messi.uku.fi>
 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
   Mark D. Roth <roth@feep.net>

20001106
 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
 - (djm) Remove UPGRADING document in favour of a link to the better
   maintained FAQ on www.openssh.com
 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
   <pekkas@netcore.fi>
 - (djm) Don't need X11-askpass in RPM spec file if building without it
   from Pekka Savola <pekkas@netcore.fi>
 - (djm) Release 2.3.0p1
 - (bal) typo in configure.in in regards to --with-ldflags from Marko
   Asplund <aspa@kronodoc.fi>
 - (bal) fixed next-posix.h.  Forgot prototype of getppid().

Revision 1.39 / (download) - annotate - [select for diffs], Sat Feb 17 17:49:56 2001 UTC (23 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored) to selected 1.215 (colored)

Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.

Revision 1.38 / (download) - annotate - [select for diffs], Thu Feb 15 15:18:17 2001 UTC (23 years, 1 month ago) by briggs
Branch: MAIN
Changes since 1.37: +2 -6 lines
Diff to previous 1.37 (colored) to selected 1.215 (colored)

Prune old/nonexistant mirror sites from MASTER_SITES.

Revision 1.37 / (download) - annotate - [select for diffs], Tue Feb 6 03:17:00 2001 UTC (23 years, 1 month ago) by fredb
Branch: MAIN
Changes since 1.36: +3 -3 lines
Diff to previous 1.36 (colored) to selected 1.215 (colored)

Make that "autoreconf" -- there is no "autoremake".

Revision 1.36 / (download) - annotate - [select for diffs], Mon Feb 5 09:01:03 2001 UTC (23 years, 1 month ago) by tron
Branch: MAIN
Changes since 1.35: +3 -3 lines
Diff to previous 1.35 (colored) to selected 1.215 (colored)

Use full pathname "${LOCALBASE}/bin/auto..." in dependences and make
targets. This includes a fix for PR pkg/12125 by Tomasz Luchowski.

Revision 1.35 / (download) - annotate - [select for diffs], Mon Jan 29 11:34:41 2001 UTC (23 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.34: +3 -3 lines
Diff to previous 1.34 (colored) to selected 1.215 (colored)

Add automatic ${VARIABLE} handling for MESSAGE files.
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced,
not @VARIABLE@, nor @@VARIABLE@@).
By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX,
X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST.
Clean up some packages while I'm there; add RCS tags to most MESSAGEs.
Remove some uninteresting MESSAGEs.

Revision 1.34 / (download) - annotate - [select for diffs], Wed Jan 10 16:05:52 2001 UTC (23 years, 2 months ago) by tron
Branch: MAIN
Changes since 1.33: +8 -2 lines
Diff to previous 1.33 (colored) to selected 1.215 (colored)

Make this package work under SunOS.

Revision 1.33 / (download) - annotate - [select for diffs], Wed Jan 10 15:10:59 2001 UTC (23 years, 2 months ago) by tron
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored) to selected 1.215 (colored)

Don't check for "/dev/urandom" under Solaris.

Revision 1.32 / (download) - annotate - [select for diffs], Fri Dec 8 08:52:35 2000 UTC (23 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.31: +4 -2 lines
Diff to previous 1.31 (colored) to selected 1.215 (colored)

Move code from REQ file to INSTALL.

Revision 1.31 / (download) - annotate - [select for diffs], Thu Nov 9 09:18:23 2000 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored) to selected 1.215 (colored)

upgrade to 2.3.0p1.  XXX pathname for ssh-askpass?

20001106
 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
 - (djm) Remove UPGRADING document in favour of a link to the better
   maintained FAQ on www.openssh.com
 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
   <pekkas@netcore.fi>
 - (djm) Don't need X11-askpass in RPM spec file if building without it
   from Pekka Savola <pekkas@netcore.fi>
 - (djm) Release 2.3.0p1

20001105
 - (bal) Sync with OpenBSD:
   - markus@cvs.openbsd.org 2000/10/31 9:31:58
     [compat.c]
     handle all old openssh versions
   - markus@cvs.openbsd.org 2000/10/31 13:1853
     [deattack.c]
     so that large packets do not wrap "n"; from netbsd
 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
 - (bal) auth2-skey.c - Checked in.  Missing from portable tree.
 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
   setsid() into more common files
 - (stevesk) pty.c: use __hpux to identify HP-UX.
 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
   bsd-waitpid.c

20001029
 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
 - (stevesk) Create contrib/cygwin/ directory; patch from
   Corinna Vinschen <vinschen@redhat.com>
 - (bal) Resolved more $xno and $xyes issues in configure.in
 - (bal) next-posix.h - spelling and forgot a prototype

20001028
 - (djm) fix select hack in serverloop.c from Philippe WILLEM
   <Philippe.WILLEM@urssaf.fr>
 - (djm) Fix mangled AIXAUTHENTICATE code
 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
   <markus.friedl@informatik.uni-erlangen.de>
 - (djm) Sync with OpenBSD:
   - markus@cvs.openbsd.org  2000/10/16 15:46:32
     [ssh.1]
     fixes from pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/10/17 14:28:11
     [atomicio.c]
     return number of characters processed; ok deraadt@
   - markus@cvs.openbsd.org  2000/10/18 12:04:02
     [atomicio.c]
     undo
   - markus@cvs.openbsd.org  2000/10/18 12:23:02
     [scp.c]
     replace atomicio(read,...) with read(); ok deraadt@
   - markus@cvs.openbsd.org  2000/10/18 12:42:00
     [session.c]
     restore old record login behaviour
   - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
     [auth-skey.c]
     fmt string problem in unused code
   - provos@cvs.openbsd.org  2000/10/19 10:45:16
     [sshconnect2.c]
     don't reference freed memory. okay deraadt@
   - markus@cvs.openbsd.org  2000/10/21 11:04:23
     [canohost.c]
     typo, eramore@era-t.ericsson.se; ok niels@
   - markus@cvs.openbsd.org  2000/10/23 13:31:55
     [cipher.c]
     non-alignment dependent swap_bytes(); from
     simonb@wasabisystems.com/netbsd
   - markus@cvs.openbsd.org  2000/10/26 12:38:28
     [compat.c]
     add older vandyke products
   - markus@cvs.openbsd.org  2000/10/27 01:32:19
     [channels.c channels.h clientloop.c serverloop.c session.c]
     [ssh.c util.c]
     enable non-blocking IO on channels, and tty's (except for the
     client ttys).

20001027
 - (djm) Increase REKEY_BYTES to 2^24 for arc4random

20001025
 - (djm) Added WARNING.RNG file and modified configure to ask users of the
   builtin entropy code to read it.
 - (djm) Prefer builtin regex to PCRE.
 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
   <proski@gnu.org>

20001020
 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
 - (bal) Imported NEWS-OS waitpid() macros into NeXT.  Since implementation
   is more correct then current version.

20001018
 - (stevesk) Add initial support for setproctitle().  Current
   support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
 - (stevesk) Add egd startup scripts to contrib/hpux/

20001017
 - (djm) Add -lregex to cywin libs from Corinna Vinschen
   <vinschen@cygnus.com>
 - (djm) Don't rely on atomicio's retval to determine length of askpass
   supplied passphrase. Problem report from Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
   <nakaji@tutrp.tut.ac.jp>

20001016
 - (djm) Sync with OpenBSD:
   - markus@cvs.openbsd.org  2000/10/14 04:01:15
     [cipher.c]
     debug3
   - markus@cvs.openbsd.org  2000/10/14 04:07:23
     [scp.c]
     remove spaces from arguments; from djm@mindrot.org
   - markus@cvs.openbsd.org  2000/10/14 06:09:46
     [ssh.1]
     Cipher is for SSH-1 only
   - markus@cvs.openbsd.org  2000/10/14 06:12:09
     [servconf.c servconf.h serverloop.c session.c sshd.8]
     AllowTcpForwarding; from naddy@
   - markus@cvs.openbsd.org  2000/10/14 06:16:56
     [auth2.c compat.c compat.h sshconnect2.c version.h]
     OpenSSH_2.3; note that is is not complete, but the version number
     needs to be changed for interoperability reasons
   - markus@cvs.openbsd.org  2000/10/14 06:19:45
     [auth-rsa.c]
     do not send RSA challenge if key is not allowed by key-options; from
     eivind@ThinkSec.com
   - markus@cvs.openbsd.org  2000/10/15 08:14:01
     [rijndael.c session.c]
     typos; from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/10/15 08:18:31
     [rijndael.c]
     typo
 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
   through diffs
 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
   <pekkas@netcore.fi>
 - (djm) Update version in Redhat spec file
 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
   Redhat 7.0 spec file
 - (djm) Make inability to read/write PRNG seedfile non-fatal


20001015
 - (djm) Fix ssh2 hang on background processes at logout.

20001014
 - (bal) Add support for realpath and getcwd for platforms with broken
   or missing realpath implementations for sftp-server.
 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
 - (bal) Add support for GNU rx library for those lacking regexp support
 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
 - (djm) Revert SSH2 serverloop hack, will find a better way.
 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
   from Martin Johansson <fatbob@acc.umu.se>
 - (djm) Big OpenBSD sync:
   - markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
 - (djm) Fix scp user@host handling
 - (djm) Don't clobber ssh_prng_cmds on install
 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
   u_intXX_t types on all platforms.
 - (stevesk) rijndael.c: cleanup missing declaration warnings.
 - (stevesk) ~/.hushlogin shouldn't cause required password change to
   be bypassed.
 - (stevesk) Display correct path to ssh-askpass in configure output.
   Report from Lutz Jaenicke.

20001007
 - (stevesk) Print PAM return value in PAM log messages to aid
   with debugging.
 - (stevesk) Fix detection of pw_class struct member in configure;
   patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>

20001002
 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
 - (djm) Add host system and CC to end-of-configure report. Suggested by
   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

20000931
 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>

20000930
 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
 - (djm) Support in bsd-snprintf.c for long long conversions from
   Ben Lindstrom <mouring@pconline.com>
 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
   very short lived X connections. Bug report from Tobias Oetiker
   <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
   patch from Pekka Savola <pekkas@netcore.fi>
 - (djm) Forgot to cvs add LICENSE file
 - (djm) Add LICENSE to RPM spec files
 - (djm) CVS OpenBSD sync:
   - markus@cvs.openbsd.org  2000/09/26 13:59:59
     [clientloop.c]
     use debug2
   - markus@cvs.openbsd.org  2000/09/27 15:41:34
     [auth2.c sshconnect2.c]
     use key_type()
   - markus@cvs.openbsd.org  2000/09/28 12:03:18
     [channels.c]
     debug -> debug2 cleanup
 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
   strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
   <Alain.St-Denis@ec.gc.ca>
 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
   Problem was caused by interrupted read in ssh-add. Report from Donald
   J. Barry <don@astro.cornell.edu>

20000929
 - (djm) Fix SSH2 not terminating until all background tasks done problem.
 - (djm) Another off-by-one fix from Pavel Kankovsky
   <peak@argo.troja.mff.cuni.cz>
 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
   tidy necessary differences. Use Markus' new debugN() in entropy.c
 - (djm) Merged big SCO portability patch from Tim Rice
   <tim@multitalents.net>

20000926
 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
   Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>

20000924
 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
 - (djm) A bit more cleanup - created cygwin_util.h
 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
   <markm@swoon.net>

20000923
 - (djm) Fix address logging in utmp from Kevin Steves
   <stevesk@sweden.hp.com>
 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
 - (djm) Seperate tests for int64_t and u_int64_t types
 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
   <stevesk@sweden.hp.com>
 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
   Michael Stone <mstone@cs.loyola.edu>
 - (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2000/09/17 09:38:59
     [sshconnect2.c sshd.c]
     fix DEBUG_KEXDH
   - markus@cvs.openbsd.org  2000/09/17 09:52:51
     [sshconnect.c]
     yes no; ok niels@
   - markus@cvs.openbsd.org  2000/09/21 04:55:11
     [sshd.8]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:03:54
     [serverloop.c]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:11:42
     scp.c
     utime() to utimes(); mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/21 05:25:08
     sshconnect2.c
     change login logic in ssh2, allows plugin of other auth methods
   - markus@cvs.openbsd.org  2000/09/21 05:25:35
     [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
     [serverloop.c]
     add context to dispatch_run
   - markus@cvs.openbsd.org  2000/09/21 05:07:52
     authfd.c authfd.h ssh-agent.c
     bug compat for old ssh.com software

20000920
 - (djm) Fix bad path substitution. Report from Andrew Miner
   <asminer@cs.iastate.edu>

20000916
 - (djm) Fix SSL search order from Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
   Patch from Larry Jones <larry.jones@sdrc.com>
 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
   password change patch.
 - (djm) Bring licenses on my stuff in line with OpenBSD's
 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
   Kevin Steves <stevesk@sweden.hp.com>
 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
 - (djm) Re-enable int64_t types - we need them for sftp
 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
 - (djm) Update Redhat SPEC file accordingly
 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
   <Dirk.DeWachter@rug.ac.be>
 - (djm) Fixprogs and entropy list fixes from Larry Jones
   <larry.jones@sdrc.com>
 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
   <tyoshida@gemini.rc.kyushu-u.ac.jp>
 - (djm) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately

20000913
 - (djm) Fix server not exiting with jobs in background.

20000905
 - (djm) Import OpenBSD CVS changes
   - markus@cvs.openbsd.org  2000/08/31 15:52:24
     [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
     implement a SFTP server. interops with sftp2, scp2 and the windows
     client from ssh.com
   - markus@cvs.openbsd.org  2000/08/31 15:56:03
     [README.openssh2]
     sync
   - markus@cvs.openbsd.org  2000/08/31 16:05:42
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/31 16:09:34
     [authfd.c ssh-agent.c]
     add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
   - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
     [scp.1 scp.c]
     cleanup and fix -S support; stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/09/01 16:29:32
     [sftp-server.c]
     portability fixes
   - markus@cvs.openbsd.org  2000/09/01 16:32:41
     [sftp-server.c]
     fix cast; mouring@pconline.com
   - itojun@cvs.openbsd.org  2000/09/03 09:23:28
     [ssh-add.1 ssh.1]
     add missing .El against .Bl.
   - markus@cvs.openbsd.org  2000/09/04 13:03:41
     [session.c]
     missing close; ok theo
   - markus@cvs.openbsd.org  2000/09/04 13:07:21
     [session.c]
     fix get_last_login_time order; from andre@van-veen.de
   - markus@cvs.openbsd.org  2000/09/04 13:10:09
     [sftp-server.c]
     more cast fixes; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/04 13:06:04
     [session.c]
     set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>

20000903
 - (djm) Fix Redhat init script

20000901
 - (djm) Pick up Jim's new X11-askpass
 - (djm) Release 2.2.0p1

Revision 1.30 / (download) - annotate - [select for diffs], Thu Sep 28 16:31:15 2000 UTC (23 years, 6 months ago) by hubertf
Branch: MAIN
CVS Tags: netbsd-1-5-RELEASE, netbsd-1-4-PATCH003
Changes since 1.29: +3 -3 lines
Diff to previous 1.29 (colored) to selected 1.215 (colored)

openssl is broken on alpha, and openssh hangs in configure when checking
for openssl libs. Disable both, and reference PR to fix it.

XXX should be changed for USE_SSL.

Revision 1.29 / (download) - annotate - [select for diffs], Wed Sep 20 04:49:19 2000 UTC (23 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored) to selected 1.215 (colored)

Install rc.d control script as "sshd" instead of "sshd.sh" to comply with
how NetBSD's rc.d interprets script names.  Also add REQUIRE and PROVIDE
sections to control scripts so they can be used directly in NetBSD's rc.d
system.

Revision 1.28 / (download) - annotate - [select for diffs], Sat Sep 9 19:40:21 2000 UTC (23 years, 6 months ago) by fredb
Branch: MAIN
Changes since 1.27: +3 -4 lines
Diff to previous 1.27 (colored) to selected 1.215 (colored)

Reorganize crypto handling, as discussed on tech-pkg. Remove all
RESTRICTED= variables that were predicated on former U.S. export
regulations. Add CRYPTO=, as necessary, so it's still possible to
exclude all crypto packages from a build by setting MKCRYPTO=no
(but "lintpkgsrc -R" will no longer catch them).

Specifically,

- - All packages which set USE_SSL just lose their RESTRICTED
    variable, since MKCRYPTO responds to USE_SSL directly.
- - realplayer7 and ns-flash keep their RESTRICTED, which is based
    on license terms, but also gain the CRYPTO variable.
- - srp-client is now marked broken, since the distfile is evidently
    no longer available. On this, we're no worse off than before.
    [We haven't been mirroring the distfile, or testing the build!]
- - isakmpd gets CRYPTO for RESTRICTED, but remains broken.
- - crack loses all restrictions, as it does not evidently empower
    a user to utilize strong encryption (working definition: ability
    to encode a message that requires a secret key plus big number
    arithmetic to decode).

Revision 1.27 / (download) - annotate - [select for diffs], Tue Sep 5 09:43:02 2000 UTC (23 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.26: +8 -4 lines
Diff to previous 1.26 (colored) to selected 1.215 (colored)

The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
on whether it's part of the X11 distribution or installed from pkgsrc.
Use correct path depending on if ${X11BASE}/bin/ssh-askpass exists.

Revision 1.26 / (download) - annotate - [select for diffs], Tue Sep 5 09:33:16 2000 UTC (23 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored) to selected 1.215 (colored)

Update build dependency on perl to build in correct directory if perl
interpreter is not found.

Revision 1.25 / (download) - annotate - [select for diffs], Mon Sep 4 00:47:49 2000 UTC (23 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored) to selected 1.215 (colored)

upgrade to 2.2.0p1.

---
20000901
 - (djm) Pick up Jim's new X11-askpass
 - (djm) Release 2.2.0p1

20000831
 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
   <acox@cv.telegroup.com>
 - (djm) Pick up new version (2.2.0) from OpenBSD CVS

20000830
 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
 - (djm) Periodically rekey arc4random
 - (djm) Clean up diff against OpenBSD.
 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
   <stevesk@sweden.hp.com>
 - (djm) Quieten the pam delete credentials error message
 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
   Kevin Steves <stevesk@sweden.hp.com>
 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
 - (djm) Fix doh in bsd-arc4random.c

20000829
 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
   Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
   Garrick James <garrick@james.net>
 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
   Bastian Trompetter <btrompetter@firemail.de>
 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
 - More OpenBSD updates:
   - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
     [scp.c]
     off_t in sink, to fix files > 2GB, i think, test is still running ;-)
   - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/26 04:33:43
     [compat.c]
     ssh.com-2.3.0
   - markus@cvs.openbsd.org  2000/08/27 12:18:05
     [compat.c]
     compatibility with future ssh.com versions
   - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
     [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
     print uid/gid as unsigned
   - markus@cvs.openbsd.org  2000/08/28 13:51:00
     [ssh.c]
     enable -n and -f for ssh2
   - markus@cvs.openbsd.org  2000/08/28 14:19:53
     [ssh.c]
     allow combination of -N and -f
   - markus@cvs.openbsd.org  2000/08/28 14:20:56
     [util.c]
     util.c
   - markus@cvs.openbsd.org  2000/08/28 14:22:02
     [util.c]
     undo
   - markus@cvs.openbsd.org  2000/08/28 14:23:38
     [util.c]
     don't complain if setting NONBLOCK fails with ENODEV

20000823
 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
   Avoids "scp never exits" problem. Reports from Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
   <kajiyama@grad.sccs.chukyo-u.ac.jp>
 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
 - (djm) Add local version to version.h
 - (djm) Don't reseed arc4random everytime it is used
 - (djm) OpenBSD CVS updates:
   - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
     [ssh.c]
     accept remsh as a valid name as well; roman@buildpoint.com
   - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
     [deattack.c crc32.c packet.c]
     rename crc32() to ssh_crc32() to avoid zlib name clash.  do not move to
     libz crc32 function yet, because it has ugly "long"'s in it;
     oneill@cs.sfu.ca
   - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
     [scp.1 scp.c]
     -S prog support; tv@debian.org
   - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
     [scp.c]
     knf
   - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
     [log-client.c]
     shorten
   - markus@cvs.openbsd.org  2000/08/19 12:48:11
     [channels.c channels.h clientloop.c ssh.c ssh.h]
     support for ~. in ssh2
   - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
     [crc32.h]
     proper prototype
   - markus@cvs.openbsd.org  2000/08/19 15:34:44
     [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
     [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
     [fingerprint.c fingerprint.h]
     add SSH2/DSA support to the agent and some other DSA related cleanups.
     (note that we cannot talk to ssh.com's ssh2 agents)
   - markus@cvs.openbsd.org  2000/08/19 15:55:52
     [channels.c channels.h clientloop.c]
     more ~ support for ssh2
   - markus@cvs.openbsd.org  2000/08/19 16:21:19
     [clientloop.c]
     oops
   - millert@cvs.openbsd.org 2000/08/20 12:25:53
     [session.c]
     We have to stash the result of get_remote_name_or_ip() before we
     close our socket or getpeername() will get EBADF and the process
     will exit.  Only a problem for "UseLogin yes".
   - millert@cvs.openbsd.org 2000/08/20 12:30:59
     [session.c]
     Only check /etc/nologin if "UseLogin no" since login(1) may have its
     own policy on determining who is allowed to login when /etc/nologin
     is present.  Also use the _PATH_NOLOGIN define.
   - millert@cvs.openbsd.org 2000/08/20 12:42:43
     [auth1.c auth2.c session.c ssh.c]
     Add calls to setusercontext() and login_get*().  We basically call
     setusercontext() in most places where previously we did a setlogin().
     Add default login.conf file and put root in the "daemon" login class.
   - millert@cvs.openbsd.org 2000/08/21 10:23:31
     [session.c]
     Fix incorrect PATH setting; noted by Markus.

20000818
 - (djm) OpenBSD CVS changes:
   - markus@cvs.openbsd.org  2000/07/22 03:14:37
     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
     random early drop; ok theo, niels
   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
     [ssh.1]
     typo
   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
     [sshd.8]
     many fixes from pepper@mail.reppep.com
   - provos@cvs.openbsd.org  2000/08/01 13:01:42
     [Makefile.in util.c aux.c]
     rename aux.c to util.c to help with cygwin port
   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
     [authfd.c]
     correct sun_len; Alexander@Leidinger.net
   - provos@cvs.openbsd.org  2000/08/02 10:27:17
     [readconf.c sshd.8]
     disable kerberos authentication by default
   - provos@cvs.openbsd.org  2000/08/02 11:27:05
     [sshd.8 readconf.c auth-krb4.c]
     disallow kerberos authentication if we can't verify the TGT; from
     dugsong@
     kerberos authentication is on by default only if you have a srvtab.
   - markus@cvs.openbsd.org  2000/08/04 14:30:07
     [auth.c]
     unused
   - markus@cvs.openbsd.org  2000/08/04 14:30:35
     [sshd_config]
     MaxStartups
   - markus@cvs.openbsd.org  2000/08/15 13:20:46
     [authfd.c]
     cleanup; ok niels@
   - markus@cvs.openbsd.org  2000/08/17 14:05:10
     [session.c]
     cleanup login(1)-like jobs, no duplicate utmp entries
   - markus@cvs.openbsd.org  2000/08/17 14:06:34
     [session.c sshd.8 sshd.c]
      sshd -u len, similar to telnetd
 - (djm) Lastlog was not getting closed after writing login entry
 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>

20000816
 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
 - (djm) Fix strerror replacement for old SunOS. Based on patch from
   Charles Levert <charles@comm.polymtl.ca>
 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
   implementation.
 - (djm) SUN_LEN macro for systems which lack it

20000815
 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
   Michael Stone <mstone@cs.loyola.edu>
 - (djm) Don't seek in directory based lastlogs
 - (djm) Fix --with-ipaddr-display configure option test. Patch from
   Jarno Huuskonen <jhuuskon@messi.uku.fi>
 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>

20000813
 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
   Fabrice bacchella <fabrice.bacchella@marchfirst.fr>

20000809
 - (djm) Define AIX hard limits if headers don't. Report from
   Bill Painter <william.t.painter@lmco.com>
 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
   <charles@comm.polymtl.ca>

20000808
 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
   time, spec file cleanup.

20000807
 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
 - (djm) Suppress error messages on channel close shutdown() failurs
   works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
 - (djm) Add some more entropy collection commands from Lutz Jaenicke

20000725
 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF

20000721
 - (djm) OpenBSD CVS updates:
   - markus@cvs.openbsd.org  2000/07/16 02:27:22
     [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c]
     make ssh-add accept dsa keys (the agent does not)
   - djm@cvs.openbsd.org     2000/07/17 19:25:02
     [sshd.c]
     Another closing of stdin; ok deraadt
   - markus@cvs.openbsd.org  2000/07/19 18:33:12
     [dsa.c]
     missing free, reorder
   - markus@cvs.openbsd.org  2000/07/20 16:23:14
     [ssh-keygen.1]
     document input and output files

20000720
 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>

20000716
 - (djm) Release 2.1.1p4

Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 31 13:08:37 2000 UTC (23 years, 7 months ago) by fredb
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored) to selected 1.215 (colored)

Don't use dewey depends for version numbers with alpha characters.
[Question: is openssl-0.9.5a before or after openssl-0.9.5? Dewey
depends sure doesn't know.]

Revision 1.23 / (download) - annotate - [select for diffs], Mon Aug 28 09:14:51 2000 UTC (23 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.22: +2 -3 lines
Diff to previous 1.22 (colored) to selected 1.215 (colored)

Use PERL5 variable for location of perl5 binary.

Revision 1.22 / (download) - annotate - [select for diffs], Fri Aug 18 22:46:48 2000 UTC (23 years, 7 months ago) by hubertf
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored) to selected 1.215 (colored)

Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive and
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions.

MIRROR_DISTFILES and NO_CDROM are now dead.

Revision 1.21 / (download) - annotate - [select for diffs], Fri Aug 11 05:19:42 2000 UTC (23 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.20: +7 -1 lines
Diff to previous 1.20 (colored) to selected 1.215 (colored)

Set location of ssh-askpass to be ${X11PREFIX}/bin/ssh-askpass.
Closes PR#10774.

Revision 1.20 / (download) - annotate - [select for diffs], Wed Aug 9 17:47:31 2000 UTC (23 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.19: +4 -1 lines
Diff to previous 1.19 (colored) to selected 1.215 (colored)

Add master site on ftp.openssh.com.
Add note why we have both openssh.com entries.

Revision 1.19 / (download) - annotate - [select for diffs], Fri Jul 28 17:52:09 2000 UTC (23 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored) to selected 1.215 (colored)

It's openssl>=0.9.5a, not openssl>=0.9.5.

Revision 1.18 / (download) - annotate - [select for diffs], Sat Jul 22 08:21:59 2000 UTC (23 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.17: +40 -32 lines
Diff to previous 1.17 (colored) to selected 1.215 (colored)

Update openssh to 2.1.1p4.
Package changes:
    * Factor out common post-install code from PLIST and package Makefile
      into files/INSTALL.
    * Enhance files/sshd.sh to handle start/stop/restart/status.
    * Check for usable installed version of OpenSSL.  This bit possibly
      closes the following PRs: 10404, 10501, 10593

Changes from 2.1.1p3:
    * allow multiple whitespace but only one '=' between tokens
    * close can fail on AFS
    * allow leading whitespace in configuration files
    * Always create ~/.ssh with mode 700

Revision 1.17 / (download) - annotate - [select for diffs], Sat Jul 15 03:53:46 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.16: +6 -5 lines
Diff to previous 1.16 (colored) to selected 1.215 (colored)

update to 2.1.1p3.
depend on openssl >= 0.9.5.  see PR 10593.

--- 2.1.1p2 -> 2.1.1p3
20000712
 - (djm) Remove -lresolve for Reliant Unix
 - (djm) OpenBSD CVS Updates:
   - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
     [session.c sshd.c ]
     make MaxStartups code still work with -d; djm
   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
     [readconf.c ssh_config]
     disable FallBackToRsh by default
 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
   Ben Lindstrom <mouring@pconline.com>
 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
   spec file.
 - (djm) Released 2.1.1p3

20000711
 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
   <tbert@abac.com>
 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
   <mouring@pconline.com>
 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
   from Jim Watt <jimw@peisj.pebio.com>
 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
   to compile on more platforms (incl NeXT).
 - (djm) Added bsd-inet_aton and configure support for NeXT
 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
 - (djm) OpenBSD CVS updates:
   - markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
 - (djm) Fix problem with debug mode and MaxStartups
 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
   builds)
 - (djm) Add strsep function from OpenBSD libc for systems that lack it

20000709
 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
   Kevin Steves <stevesk@sweden.hp.com>
 - (djm) Match prototype and function declaration for rresvport_af.
   Problem report from Niklas Edmundsson <nikke@ing.umu.se>
 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
   builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
   <jimw@peisj.pebio.com>
 - (djm) Fix pam sprintf fix
 - (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
   Including sigaction() et al. replacements
 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
   <tbert@abac.com>

20000708
 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
   Aaron Hopkins <aaron@die.net>
 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 - (djm) Fixed undefined variables for OSF SIA. Report from
   Baars, Henk <Hendrik.Baars@nl.origin-it.com>
 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
   Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
 - (djm) Don't use inet_addr.

20000702
 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
   on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
   Chris, the Young One <cky@pobox.com>
 - (djm) Fix scp progress meter on really wide terminals. Based on patch
   from James H. Cloos Jr. <cloos@jhcloos.com>

20000701
 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
   <vinschen@cygnus.com>
 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
 - (djm) Added check for broken snprintf() functions which do not correctly
   terminate output string and attempt to use replacement.
 - (djm) Released 2.1.1p2

Revision 1.16 / (download) - annotate - [select for diffs], Sun Jul 9 13:19:36 2000 UTC (23 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored) to selected 1.215 (colored)

add Austrian mirror site for distfile

Revision 1.15 / (download) - annotate - [select for diffs], Sun Jul 2 22:07:55 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored) to selected 1.215 (colored)

upgrade fro 2.1.1p1 to 2.1.1p2.

--- recent changelogs
20000701
 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
   <vinschen@cygnus.com>
 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
 - (djm) Added check for broken snprintf() functions which do not correctly
   terminate output string and attempt to use replacement.
 - (djm) Released 2.1.1p2

20000628
 - (djm) Fixes to lastlog code for Irix
 - (djm) Use atomicio in loginrec
 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
   Irix 6.x array sessions, project id's, and system audit trail id.
 - (djm) Added 'distprep' make target to simplify packaging
 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
   support. Enable using "USE_SIA=1 ./configure [options]"

20000627
 - (djm) Fixes to login code - not setting li->uid, cleanups
 - (djm) Formatting

20000626
 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
 - (djm) Added password expiry checking (no password change support)
 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
   based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
 - (djm) Fix fixed EGD code.
 - OpenBSD CVS update
   - provos@cvs.openbsd.org  2000/06/25 14:17:58
     [channels.c]
     correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>

20000623
 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
   Svante Signell <svante.signell@telia.com>
 - (djm) Autoconf logic to define sa_family_t if it is missing
 - OpenBSD CVS Updates:
   - markus@cvs.openbsd.org  2000/06/22 10:32:27
     [sshd.c]
     missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
   - djm@cvs.openbsd.org     2000/06/22 17:55:00
     [auth-krb4.c key.c radix.c uuencode.c]
     Missing CVS idents; ok markus

20000622
 - (djm) Automatically generate host key during "make install". Suggested
   by Gary E. Miller <gem@rellim.com>
 - (djm) Paranoia before kill() system call
 - OpenBSD CVS Updates:
   - markus@cvs.openbsd.org  2000/06/18 18:50:11
     [auth2.c compat.c compat.h sshconnect2.c]
     make userauth+pubkey interop with ssh.com-2.2.0
   - markus@cvs.openbsd.org  2000/06/18 20:56:17
     [dsa.c]
     mem leak + be more paranoid in dsa_verify.
   - markus@cvs.openbsd.org  2000/06/18 21:29:50
     [key.c]
     cleanup fingerprinting, less hardcoded sizes
   - markus@cvs.openbsd.org  2000/06/19 19:39:45
     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
     OpenBSD tag
   - markus@cvs.openbsd.org  2000/06/21 10:46:10
     sshconnect2.c missing free; nuke old comment

20000620
 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
   with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx>
   to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
 - (djm) Typo in loginrec.c

20000618
 - (djm) Add summary of configure options to end of ./configure run
 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
   Michael Stone <mstone@cs.loyola.edu>
 - (djm) rusage is a privileged operation on some Unices (incl.
   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
 - (djm) Avoid PAM failures when running without a TTY. Report from
   Martin Petrak <petrak@spsknm.schools.sk>
 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
 - OpenBSD CVS updates:
   - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
     [channels.c]
     everyone says "nix it" (remove protocol 2 debugging message)
   - markus@cvs.openbsd.org  2000/06/17 13:24:34
     [sshconnect.c]
     allow extended server banners
   - markus@cvs.openbsd.org  2000/06/17 14:30:10
     [sshconnect.c]
     missing atomicio, typo
   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     add support for ssh v2 subsystems. ok markus@.
   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
     [readconf.c servconf.c]
     include = in WHITESPACE; markus ok
   - markus@cvs.openbsd.org  2000/06/17 19:09:10
     [auth2.c]
     implement bug compatibility with ssh-2.0.13 pubkey, server side
   - markus@cvs.openbsd.org  2000/06/17 21:00:28
     [compat.c]
     initial support for ssh.com's 2.2.0
   - markus@cvs.openbsd.org  2000/06/17 21:16:09
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/06/17 22:05:02
     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
     split auth-rsa option parsing into auth-options
     add options support to authorized_keys2
   - markus@cvs.openbsd.org  2000/06/17 22:42:54
     [session.c]
     typo

20000613
 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
  - Platform define for SCO 3.x which breaks on /dev/ptmx
  - Detect and try to fix missing MAXPATHLEN
 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
   <P.S.S.Camp@ukc.ac.uk>

20000612
 - (djm) Glob manpages in RPM spec files to catch compressed files
 - (djm) Full license in auth-pam.c
 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
  - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
     def'd
  - Set AIX to use preformatted manpages

20000610
 - (djm) Minor doc tweaks
 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>

20000609
 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
   (in favour of utmpx) on Solaris 8

20000606
 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
   list of commands (by default). Removed verbose debugging (by default).
 - (djm) Increased command entropy estimates and default entropy collection
   timeout
 - (djm) Remove duplicate headers from loginrec.c
 - (djm) Don't add /usr/local/lib to library search path on Irix
 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
   <tibbs@math.uh.edu>
 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
   <zack@wolery.cumb.org>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org

Revision 1.14 / (download) - annotate - [select for diffs], Sat Jul 1 01:16:39 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.13: +6 -1 lines
Diff to previous 1.13 (colored) to selected 1.215 (colored)

generate dsa host key in post-install.

Revision 1.13 / (download) - annotate - [select for diffs], Thu Jun 15 04:56:50 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored) to selected 1.215 (colored)

upgrade to 2.1.1p1 from portable openssh distribution.

--- changelog from 2.1.0p3:

20000609
 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
   (in favour of utmpx) on Solaris 8

20000606
 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
   list of commands (by default). Removed verbose debugging (by default).
 - (djm) Increased command entropy estimates and default entropy collection
   timeout
 - (djm) Remove duplicate headers from loginrec.c
 - (djm) Don't add /usr/local/lib to library search path on Irix
 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
   <tibbs@math.uh.edu>
 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
   <zack@wolery.cumb.org>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org

20000606
 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
   configure.

20000604
 - Configure tweaking for new login code on Irix 5.3
 - (andre) login code changes based on djm feedback

20000603
 - (andre) New login code
    - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
    - Add loginrec.[ch], logintest.c and autoconf code

20000531
 - Cleanup of auth.c, login.c and fake-*
 - Cleanup of auth-pam.c, save and print "account expired" error messages
 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
   of fallback DIY code.

Revision 1.12 / (download) - annotate - [select for diffs], Wed May 31 15:32:44 2000 UTC (23 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.11: +6 -2 lines
Diff to previous 1.11 (colored) to selected 1.215 (colored)

upgrade to 2.1.0p3.
there are too many changes to mention here.
the biggest change would be the addition of SSH protocol version 2 (uses DSA).

Revision 1.11 / (download) - annotate - [select for diffs], Sun May 28 11:28:51 2000 UTC (23 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored) to selected 1.215 (colored)

Fix path to old distfile on openssh.com.

Revision 1.10 / (download) - annotate - [select for diffs], Fri May 19 21:36:10 2000 UTC (23 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.9: +3 -2 lines
Diff to previous 1.9 (colored) to selected 1.215 (colored)

add www.openssh.com to MASTER_SITES; all mirrors don't have the file
anymore

Revision 1.9 / (download) - annotate - [select for diffs], Thu Mar 30 06:51:55 2000 UTC (24 years ago) by jlam
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored) to selected 1.215 (colored)

Check for "/usr/include/openssl/rsa.h" instead of "/usr/bin/openssl" on
-current.

Revision 1.8 / (download) - annotate - [select for diffs], Sun Mar 26 23:57:31 2000 UTC (24 years ago) by fredb
Branch: MAIN
Changes since 1.7: +5 -2 lines
Diff to previous 1.7 (colored) to selected 1.215 (colored)

Test for current's openssl before depending on the openssl package.

Revision 1.7 / (download) - annotate - [select for diffs], Sun Mar 26 14:36:24 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.6: +6 -3 lines
Diff to previous 1.6 (colored) to selected 1.215 (colored)

upgrade to 1.2.3.  make it conflict with security/ssh6.

Revision 1.6 / (download) - annotate - [select for diffs], Tue Mar 7 12:02:35 2000 UTC (24 years ago) by wiz
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) to selected 1.215 (colored)

correct homepage (www.openssh.org is not the official site!)

Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 27 17:12:02 2000 UTC (24 years, 2 months ago) by hubertf
Branch: MAIN
CVS Tags: netbsd-1-4-PATCH002
Changes since 1.4: +36 -12 lines
Diff to previous 1.4 (colored) to selected 1.215 (colored)

Clean this up, sync with the ssh package, and update to
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.

Changes:

20000125
 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Reorder PAM initialisation so it does not mess up lastlog. Reported
   by Andre Lucas <andre.lucas@dial.pipex.com>
 - Use preformatted manpages on SCO, report from Gary E. Miller
   <gem@rellim.com>
 - New URL for x11-ssh-askpass.
 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
   <jmknoble@pobox.com>
 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
   Jim Knoble <jmknoble@pobox.com>
 - Updated RPM spec files to use DESTDIR

20000124
 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
   increment)

20000123
 - OpenBSD CVS:
   - [packet.c]
     getsockname() requires initialized tolen; andy@guildsoftware.com
 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
   <drankin@bohemians.lexington.ky.us>
 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>

20000122
 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
   <bent@clark.net>
 - Merge preformatted manpage patch from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Make IPv4 use the default in RPM packages
 - Irix uses preformatted manpages
 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
 - OpenBSD CVS updates:
   - [packet.c]
     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
     from Holger.Trapp@Informatik.TU-Chemnitz.DE
   - [sshd.c]
     log with level log() not fatal() if peer behaves badly.
   - [readpass.c]
     instead of blocking SIGINT, catch it ourselves, so that we can clean
     the tty modes up and kill ourselves -- instead of our process group
     leader (scp, cvs, ...) going away and leaving us in noecho mode.
     people with cbreak shells never even noticed..
   - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     ie. -> i.e.,

20000120
 - Don't use getaddrinfo on AIX
 - Update to latest OpenBSD CVS:
   - [auth-rsa.c]
     - fix user/1056, sshd keeps restrictions; dbt@meat.net
   - [sshconnect.c]
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - destroy keys earlier
     - split key exchange (kex) and user authentication (user-auth),
       ok: provos@
   - [sshd.c]
     - no need for poll.h; from bright@wintelcom.net
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - split key exchange (kex) and user authentication (user-auth),
       ok: provos@
   - [sshd.c]
     - no need for poll.h; from bright@wintelcom.net
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - split key exchange (kex) and user authentication (user-auth),
       ok: provos@
 - Big manpage and config file cleanup from Andre Lucas
   <andre.lucas@dial.pipex.com>
   - Re-added latest (unmodified) OpenBSD manpages
 - Doc updates
 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
   Christos Zoulas <christos@netbsd.org>

20000119
 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
 - Compile fix from Darren_Hall@progressive.com
 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
   addresses using getaddrinfo(). Added a configure switch to make the
   default lookup mode AF_INET

20000118
 - Fixed --with-pid-dir option
 - Makefile fix from Gary E. Miller <gem@rellim.com>
 - Compile fix for HPUX and Solaris from Andre Lucas
   <andre.lucas@dial.pipex.com>

Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 27 13:52:35 2000 UTC (24 years, 2 months ago) by hubertf
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored) to selected 1.215 (colored)

Adjust CONFLICTS to not clash with the ssh-ip-tunnel package.

Revision 1.3 / (download) - annotate - [select for diffs], Thu Jan 27 13:49:44 2000 UTC (24 years, 2 months ago) by hubertf
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored) to selected 1.215 (colored)

no "-" in pkg version!

Revision 1.2 / (download) - annotate - [select for diffs], Mon Jan 17 05:38:54 2000 UTC (24 years, 2 months ago) by christos
Branch: MAIN
Changes since 1.1: +4 -3 lines
Diff to previous 1.1 (colored) to selected 1.215 (colored)

fix obvious problems.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Jan 17 05:34:32 2000 UTC (24 years, 2 months ago) by christos
Branch: MAIN
Diff to selected 1.215 (colored)

New openssh package [needs some cleanup]
- it is not enabled by default (need to think what to do with the ssh conflict)
- only tested under 1.4.1 so far

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>