svn commit: r323136 - in stable/11/crypto/openssh: . contrib/cygwin contrib/redhat contrib/suse openbsd-compat regress regress/unittests regress/unittests/conversion regress/unittests/match regress...
Dag-Erling Smørgrav
des at FreeBSD.org
Sat Sep 2 23:39:52 UTC 2017
Author: des
Date: Sat Sep 2 23:39:51 2017
New Revision: 323136
URL: https://svnweb.freebsd.org/changeset/base/323136
Log:
MFH (r322052): Upgrade OpenSSH to 7.5p1.
Added:
stable/11/crypto/openssh/regress/unittests/conversion/
- copied from r322052, head/crypto/openssh/regress/unittests/conversion/
Deleted:
stable/11/crypto/openssh/auth1.c
Modified:
stable/11/crypto/openssh/ChangeLog
stable/11/crypto/openssh/INSTALL
stable/11/crypto/openssh/Makefile.in
stable/11/crypto/openssh/README
stable/11/crypto/openssh/auth-pam.c
stable/11/crypto/openssh/auth2-pubkey.c
stable/11/crypto/openssh/auth2.c
stable/11/crypto/openssh/channels.c
stable/11/crypto/openssh/channels.h
stable/11/crypto/openssh/clientloop.c
stable/11/crypto/openssh/compat.c
stable/11/crypto/openssh/config.h
stable/11/crypto/openssh/configure.ac
stable/11/crypto/openssh/contrib/cygwin/ssh-host-config
stable/11/crypto/openssh/contrib/redhat/openssh.spec
stable/11/crypto/openssh/contrib/suse/openssh.spec
stable/11/crypto/openssh/digest-openssl.c
stable/11/crypto/openssh/freebsd-configure.sh
stable/11/crypto/openssh/hostfile.c
stable/11/crypto/openssh/kex.c
stable/11/crypto/openssh/krl.c
stable/11/crypto/openssh/log.c
stable/11/crypto/openssh/match.c
stable/11/crypto/openssh/match.h
stable/11/crypto/openssh/misc.c
stable/11/crypto/openssh/monitor.c
stable/11/crypto/openssh/mux.c
stable/11/crypto/openssh/openbsd-compat/bsd-misc.c
stable/11/crypto/openssh/openbsd-compat/bsd-misc.h
stable/11/crypto/openssh/openbsd-compat/fmt_scaled.c
stable/11/crypto/openssh/packet.c
stable/11/crypto/openssh/packet.h
stable/11/crypto/openssh/pathnames.h
stable/11/crypto/openssh/readconf.c
stable/11/crypto/openssh/regress/Makefile
stable/11/crypto/openssh/regress/agent-getpeereid.sh
stable/11/crypto/openssh/regress/allow-deny-users.sh
stable/11/crypto/openssh/regress/cert-file.sh
stable/11/crypto/openssh/regress/forwarding.sh
stable/11/crypto/openssh/regress/integrity.sh
stable/11/crypto/openssh/regress/test-exec.sh
stable/11/crypto/openssh/regress/unittests/Makefile
stable/11/crypto/openssh/regress/unittests/match/tests.c
stable/11/crypto/openssh/regress/unittests/test_helper/test_helper.c
stable/11/crypto/openssh/regress/unittests/test_helper/test_helper.h
stable/11/crypto/openssh/regress/unittests/utf8/tests.c
stable/11/crypto/openssh/sandbox-seccomp-filter.c
stable/11/crypto/openssh/servconf.c
stable/11/crypto/openssh/serverloop.c
stable/11/crypto/openssh/session.c
stable/11/crypto/openssh/sftp-client.c
stable/11/crypto/openssh/sftp.c
stable/11/crypto/openssh/ssh-agent.c
stable/11/crypto/openssh/ssh-keygen.c
stable/11/crypto/openssh/ssh-keyscan.c
stable/11/crypto/openssh/ssh.c
stable/11/crypto/openssh/ssh_config
stable/11/crypto/openssh/ssh_config.5
stable/11/crypto/openssh/ssh_namespace.h
stable/11/crypto/openssh/sshconnect.c
stable/11/crypto/openssh/sshconnect1.c
stable/11/crypto/openssh/sshconnect2.c
stable/11/crypto/openssh/sshd.8
stable/11/crypto/openssh/sshd.c
stable/11/crypto/openssh/sshd_config
stable/11/crypto/openssh/sshd_config.5
stable/11/crypto/openssh/sshkey.c
stable/11/crypto/openssh/sshkey.h
stable/11/crypto/openssh/utf8.c
stable/11/crypto/openssh/version.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/crypto/openssh/ChangeLog
==============================================================================
--- stable/11/crypto/openssh/ChangeLog Sat Sep 2 23:17:35 2017 (r323135)
+++ stable/11/crypto/openssh/ChangeLog Sat Sep 2 23:39:51 2017 (r323136)
@@ -1,3 +1,1174 @@
+commit d38f05dbdd291212bc95ea80648b72b7177e9f4e
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Mon Mar 20 13:38:27 2017 +1100
+
+ Add llabs() implementation.
+
+commit 72536316a219b7394996a74691a5d4ec197480f7
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Mar 20 12:23:04 2017 +1100
+
+ crank version numbers
+
+commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Mar 20 01:18:59 2017 +0000
+
+ upstream commit
+
+ openssh-7.5
+
+ Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
+
+commit db84e52fe9cfad57f22e7e23c5fbf00092385129
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Mar 20 12:07:20 2017 +1100
+
+ I'm a doofus.
+
+ Unbreak obvious syntax error.
+
+commit 89f04852db27643717c9c3a2b0dde97ae50099ee
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Mar 20 11:53:34 2017 +1100
+
+ on Cygwin, check paths from server for backslashes
+
+ Pointed out by Jann Horn of Google Project Zero
+
+commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Mar 20 11:48:34 2017 +1100
+
+ Yet another synonym for ASCII: "646"
+
+ Used by NetBSD; this unbreaks mprintf() and friends there for the C
+ locale (caught by dtucker@ and his menagerie of test systems).
+
+commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Mar 20 09:58:34 2017 +1100
+
+ create test mux socket in /tmp
+
+ Creating the socket in $OBJ could blow past the (quite limited)
+ path limit for Unix domain sockets. As a bandaid for bz#2660,
+ reported by Colin Watson; ok dtucker@
+
+commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163
+Author: markus at openbsd.org <markus at openbsd.org>
+Date: Wed Mar 15 07:07:39 2017 +0000
+
+ upstream commit
+
+ disallow KEXINIT before NEWKEYS; ok djm; report by
+ vegard.nossum at oracle.com
+
+ Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
+
+commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Thu Mar 16 14:05:46 2017 +1100
+
+ Include includes.h for compat bits.
+
+commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Thu Mar 16 13:45:17 2017 +1100
+
+ Wrap stdint.h in #ifdef HAVE_STDINT_H
+
+commit 55a1117d7342a0bf8b793250cf314bab6b482b99
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Mar 16 11:22:42 2017 +1100
+
+ Adapt Cygwin config script to privsep knob removal
+
+ Patch from Corinna Vinschen.
+
+commit 1a321bfdb91defe3c4d9cca5651724ae167e5436
+Author: deraadt at openbsd.org <deraadt at openbsd.org>
+Date: Wed Mar 15 03:52:30 2017 +0000
+
+ upstream commit
+
+ accidents happen to the best of us; ok djm
+
+ Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
+
+commit 25f837646be8c2017c914d34be71ca435dfc0e07
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Mar 15 02:25:09 2017 +0000
+
+ upstream commit
+
+ fix regression in 7.4: deletion of PKCS#11-hosted keys
+ would fail unless they were specified by full physical pathname. Report and
+ fix from Jakub Jelen via bz#2682; ok dtucker@
+
+ Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
+
+commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Mar 15 02:19:09 2017 +0000
+
+ upstream commit
+
+ Fix segfault when sshd attempts to load RSA1 keys (can
+ only happen when protocol v.1 support is enabled for the client). Reported by
+ Jakub Jelen in bz#2686; ok dtucker
+
+ Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
+
+commit 66705948c0639a7061a0d0753266da7685badfec
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Mar 14 07:19:07 2017 +0000
+
+ upstream commit
+
+ Mark the sshd_config UsePrivilegeSeparation option as
+ deprecated, effectively making privsep mandatory in sandboxing mode. ok
+ markus@ deraadt@
+
+ (note: this doesn't remove the !privsep code paths, though that will
+ happen eventually).
+
+ Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
+
+commit f86586b03fe6cd8f595289bde200a94bc2c191af
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Mar 14 18:26:29 2017 +1100
+
+ Make seccomp-bpf sandbox work on Linux/X32
+
+ Allow clock_gettime syscall with X32 bit masked off. Apparently
+ this is required for at least some kernel versions. bz#2142
+ Patch mostly by Colin Watson. ok dtucker@
+
+commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Mar 14 18:01:52 2017 +1100
+
+ require OpenSSL >=1.0.1
+
+commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Mar 14 17:48:43 2017 +1100
+
+ Remove macro trickery; no binary change
+
+ This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
+ prepending __NR_ to the syscall number parameter and just makes
+ them explicit in the macro invocations.
+
+ No binary change in stripped object file before/after.
+
+commit 5f1596e11d55539678c41f68aed358628d33d86f
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Mar 14 13:15:18 2017 +1100
+
+ support ioctls for ICA crypto card on Linux/s390
+
+ Based on patch from Eduardo Barretto; ok dtucker@
+
+commit b1b22dd0df2668b322dda174e501dccba2cf5c44
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Tue Mar 14 14:19:36 2017 +1100
+
+ Plumb conversion test into makefile.
+
+commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Mar 14 01:20:29 2017 +0000
+
+ upstream commit
+
+ Add unit test for convtime().
+
+ Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
+
+commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Mar 14 01:10:07 2017 +0000
+
+ upstream commit
+
+ Add ASSERT_LONG_* helpers.
+
+ Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
+
+commit c6774d21185220c0ba11e8fd204bf0ad1a432071
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Mar 14 00:55:37 2017 +0000
+
+ upstream commit
+
+ Fix convtime() overflow test on boundary condition,
+ spotted by & ok djm.
+
+ Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
+
+commit f5746b40cfe6d767c8e128fe50c43274b31cd594
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Mar 14 00:25:03 2017 +0000
+
+ upstream commit
+
+ Check for integer overflow when parsing times in
+ convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
+
+ Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
+
+commit f5907982f42a8d88a430b8a46752cbb7859ba979
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Tue Mar 14 13:38:15 2017 +1100
+
+ Add a "unit" target to run only unit tests.
+
+commit 9e96b41682aed793fadbea5ccd472f862179fb02
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Mar 14 12:24:47 2017 +1100
+
+ Fix weakness in seccomp-bpf sandbox arg inspection
+
+ Syscall arguments are passed via an array of 64-bit values in struct
+ seccomp_data, but we were only inspecting the bottom 32 bits and not
+ even those correctly for BE systems.
+
+ Fortunately, the only case argument inspection was used was in the
+ socketcall filtering so using this for sandbox escape seems
+ impossible.
+
+ ok dtucker
+
+commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Mar 11 23:44:16 2017 +0000
+
+ upstream commit
+
+ regress tests for loading certificates without public keys;
+ bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
+
+ Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
+
+commit 1e24552716194db8f2f620587b876158a9ef56ad
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Mar 11 23:40:26 2017 +0000
+
+ upstream commit
+
+ allow ssh to use certificates accompanied by a private
+ key file but no corresponding plain *.pub public key. bz#2617 based on patch
+ from Adam Eijdenberg; ok dtucker@ markus@
+
+ Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
+
+commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
+Author: markus at openbsd.org <markus at openbsd.org>
+Date: Sat Mar 11 13:07:35 2017 +0000
+
+ upstream commit
+
+ Don't count the initial block twice when computing how
+ many bytes to discard for the work around for the attacks against CBC-mode.
+ ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
+
+ Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
+
+commit ef653dd5bd5777132d9f9ee356225f9ee3379504
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 07:18:32 2017 +0000
+
+ upstream commit
+
+ krl.c
+
+ Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
+
+commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Mar 12 10:48:14 2017 +1100
+
+ sync fmt_scaled.c with OpenBSD
+
+ revision 1.13
+ date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
+ fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
+ using AFL against ssh_config. ok deraadt@ millert@
+ ----------------------------
+ revision 1.12
+ date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
+ fairly simple unsigned char casts for ctype
+ ok krw
+ ----------------------------
+ revision 1.11
+ date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
+ make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
+ an invalid multiplier, like the man page says it should
+
+ "looks sensible" deraadt@, ok ian@
+ ----------------------------
+ revision 1.10
+ date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
+ use llabs instead of the home-grown version; and some comment changes
+ ok ian@, millert@
+ ----------------------------
+
+commit 894221a63fa061e52e414ca58d47edc5fe645968
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 05:01:13 2017 +0000
+
+ upstream commit
+
+ When updating hostkeys, accept RSA keys if
+ HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
+ keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
+ nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
+ dtucker@
+
+ Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
+
+commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 04:24:55 2017 +0000
+
+ upstream commit
+
+ make hostname matching really insensitive to case;
+ bz#2685, reported by Petr Cerny; ok dtucker@
+
+ Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
+
+commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 03:52:48 2017 +0000
+
+ upstream commit
+
+ reword a comment to make it fit 80 columns
+
+ Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
+
+commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 04:27:32 2017 +0000
+
+ upstream commit
+
+ better match sshd config parser behaviour: fatal() if
+ line is overlong, increase line buffer to match sshd's; bz#2651 reported by
+ Don Fong; ok dtucker@
+
+ Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
+
+commit db2597207e69912f2592cd86a1de8e948a9d7ffb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 04:26:06 2017 +0000
+
+ upstream commit
+
+ ensure hostname is lower-case before hashing it;
+ bz#2591 reported by Griff Miller II; ok dtucker@
+
+ Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
+
+commit df9936936c695f85c1038bd706d62edf752aca4b
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 04:24:55 2017 +0000
+
+ upstream commit
+
+ make hostname matching really insensitive to case;
+ bz#2685, reported by Petr Cerny; ok dtucker@
+
+ Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
+
+commit 67eed24bfa7645d88fa0b883745fccb22a0e527e
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 04:11:00 2017 +0000
+
+ upstream commit
+
+ Remove old null check from config dumper. Patch from
+ jjelen at redhat.com vi bz#2687, ok djm@
+
+ Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
+
+commit 183ba55aaaecca0206184b854ad6155df237adbe
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 04:07:20 2017 +0000
+
+ upstream commit
+
+ fix regression in 7.4 server-sig-algs, where we were
+ accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
+ Goncalves; ok dtucker@
+
+ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
+
+commit 66be4fe8c4435af5bbc82998501a142a831f1181
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 03:53:11 2017 +0000
+
+ upstream commit
+
+ Check for NULL return value from key_new. Patch from
+ jjelen at redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
+
+commit ec2892b5c7fea199914cb3a6afb3af38f84990bf
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 03:52:48 2017 +0000
+
+ upstream commit
+
+ reword a comment to make it fit 80 columns
+
+ Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
+
+commit 7fadbb6da3f4122de689165651eb39985e1cba85
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 03:48:57 2017 +0000
+
+ upstream commit
+
+ Check for NULL argument to sshkey_read. Patch from
+ jjelen at redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
+
+commit 5a06b9e019e2b0b0f65a223422935b66f3749de3
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 03:45:40 2017 +0000
+
+ upstream commit
+
+ Plug some mem leaks mostly on error paths. From jjelen
+ at redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
+
+commit f6edbe9febff8121f26835996b1229b5064d31b7
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 03:24:48 2017 +0000
+
+ upstream commit
+
+ Plug mem leak on GLOB_NOMATCH case. From jjelen at
+ redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
+
+commit 566b3a46e89a2fda2db46f04f2639e92da64a120
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 03:22:40 2017 +0000
+
+ upstream commit
+
+ Plug descriptor leaks of auth_sock. From jjelen at
+ redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
+
+commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 03:18:24 2017 +0000
+
+ upstream commit
+
+ correctly hash hosts with a port number. Reported by Josh
+ Powers in bz#2692; ok dtucker@
+
+ Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
+
+commit 9747b9c742de409633d4753bf1a752cbd211e2d3
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 10 03:15:58 2017 +0000
+
+ upstream commit
+
+ don't truncate off \r\n from long stderr lines; bz#2688,
+ reported by Brian Dyson; ok dtucker@
+
+ Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
+
+commit 4a4b75adac862029a1064577eb5af299b1580cdd
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Mar 10 02:59:51 2017 +0000
+
+ upstream commit
+
+ Validate digest arg in ssh_digest_final; from jjelen at
+ redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
+
+commit bee0167be2340d8de4bdc1ab1064ec957c85a447
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Mar 10 13:40:18 2017 +1100
+
+ Check for NULL from malloc.
+
+ Part of bz#2687, from jjelen at redhat.com.
+
+commit da39b09d43b137a5a3d071b51589e3efb3701238
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Mar 10 13:22:32 2017 +1100
+
+ If OSX is using launchd, remove screen no.
+
+ Check for socket with and without screen number. From Apple and Jakob
+ Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
+
+commit 8fb15311a011517eb2394bb95a467c209b8b336c
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Mar 8 12:07:47 2017 +0000
+
+ upstream commit
+
+ quote [host]:port in generated ProxyJump commandline; the
+ [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
+ Tirkkonen via bugs@
+
+ Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
+
+commit 18501151cf272a15b5f2c5e777f2e0933633c513
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Mar 6 02:03:20 2017 +0000
+
+ upstream commit
+
+ Check l->hosts before dereferencing; fixes potential null
+ pointer deref. ok djm@
+
+ Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
+
+commit d072370793f1a20f01ad827ba8fcd3b8f2c46165
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Mar 6 00:44:51 2017 +0000
+
+ upstream commit
+
+ linenum is unsigned long so use %lu in log formats. ok
+ deraadt@
+
+ Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
+
+commit 12d3767ba4c84c32150cbe6ff6494498780f12c9
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Mar 3 06:13:11 2017 +0000
+
+ upstream commit
+
+ fix ssh-keygen -H accidentally corrupting known_hosts that
+ contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
+ hostkeys_foreach() when hostname matching is in use, so we need to look for
+ the hash marker explicitly.
+
+ Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
+
+commit d7abb771bd5a941b26144ba400a34563a1afa589
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Feb 28 06:10:08 2017 +0000
+
+ upstream commit
+
+ small memleak: free fd_set on connection timeout (though
+ we are heading to exit anyway). From Tom Rix in bz#2683
+
+ Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
+
+commit 78142e3ab3887e53a968d6e199bcb18daaf2436e
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Mon Feb 27 14:30:33 2017 +0000
+
+ upstream commit
+
+ errant dot; from klemens nanni
+
+ Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
+
+commit 8071a6924c12bb51406a9a64a4b2892675112c87
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 24 03:16:34 2017 +0000
+
+ upstream commit
+
+ might as well set the listener socket CLOEXEC
+
+ Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
+
+commit d5499190559ebe374bcdfa8805408646ceffad64
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Feb 19 00:11:29 2017 +0000
+
+ upstream commit
+
+ add test cases for C locale; ok schwarze@
+
+ Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
+
+commit 011c8ffbb0275281a0cf330054cf21be10c43e37
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Feb 19 00:10:57 2017 +0000
+
+ upstream commit
+
+ Add a common nl_langinfo(CODESET) alias for US-ASCII
+ "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
+ non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
+
+ Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
+
+commit 0c4430a19b73058a569573492f55e4c9eeaae67b
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Feb 7 23:03:11 2017 +0000
+
+ upstream commit
+
+ Remove deprecated SSH1 options RSAAuthentication and
+ RhostsRSAAuthentication from regression test sshd_config.
+
+ Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
+
+commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Feb 17 02:32:05 2017 +0000
+
+ upstream commit
+
+ Do not show rsa1 key type in usage when compiled without
+ SSH1 support.
+
+ Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
+
+commit ecc35893715f969e98fee118481f404772de4132
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Feb 17 02:31:14 2017 +0000
+
+ upstream commit
+
+ ifdef out "rsa1" from the list of supported keytypes when
+ compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
+
+ Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
+
+commit 10577c6d96a55b877a960b2d0b75edef1b9945af
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 17 02:04:15 2017 +0000
+
+ upstream commit
+
+ For ProxyJump/-J, surround host name with brackets to
+ allow literal IPv6 addresses. From Dick Visser; ok dtucker@
+
+ Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
+
+commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4
+Author: jsg at openbsd.org <jsg at openbsd.org>
+Date: Wed Feb 15 23:38:31 2017 +0000
+
+ upstream commit
+
+ Fix memory leaks in match_filter_list() error paths.
+
+ ok dtucker@ markus@
+
+ Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
+
+commit 6d5a41b38b55258213ecfaae9df7a758caa752a1
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Feb 15 01:46:47 2017 +0000
+
+ upstream commit
+
+ fix division by zero crash in "df" output when server
+ returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
+ dtucker@
+
+ Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
+
+commit bd5d7d239525d595ecea92765334af33a45d9d63
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Sun Feb 12 15:45:15 2017 +1100
+
+ ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
+
+ EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
+ for the benefit of OpenSSL versions prior to that.
+
+commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 10 04:34:50 2017 +0000
+
+ upstream commit
+
+ bring back r1.34 that was backed out for problems loading
+ public keys:
+
+ translate OpenSSL error codes to something more
+ meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
+
+ with additional fix from Jakub Jelen to solve the backout.
+ bz#2525 bz#2523 re-ok dtucker@
+
+ Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
+
+commit a287c5ad1e0bf9811c7b9221979b969255076019
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 10 03:36:40 2017 +0000
+
+ upstream commit
+
+ Sanitise escape sequences in key comments sent to printf
+ but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
+
+ Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
+
+commit e40269be388972848aafcca7060111c70aab5b87
+Author: millert at openbsd.org <millert at openbsd.org>
+Date: Wed Feb 8 20:32:43 2017 +0000
+
+ upstream commit
+
+ Avoid printf %s NULL. From semarie@, OK djm@
+
+ Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
+
+commit 5b90709ab8704dafdb31e5651073b259d98352bc
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Feb 6 09:22:51 2017 +0000
+
+ upstream commit
+
+ Restore \r\n newline sequence for server ident string. The CR
+ got lost in the flensing of SSHv1. Pointed out by Stef Bon
+
+ Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
+
+commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 3 23:01:42 2017 +0000
+
+ upstream commit
+
+ unit test for match_filter_list() function; still want a
+ better name for this...
+
+ Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
+
+commit f1a193464a7b77646f0d0cedc929068e4a413ab4
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 3 23:05:57 2017 +0000
+
+ upstream commit
+
+ use ssh_packet_set_log_preamble() to include connection
+ username in packet log messages, e.g.
+
+ Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
+
+ ok markus@ bz#113
+
+ Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
+
+commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 3 23:03:33 2017 +0000
+
+ upstream commit
+
+ add ssh_packet_set_log_preamble() to allow inclusion of a
+ preamble string in disconnect messages; ok markus@
+
+ Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
+
+commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 3 23:01:19 2017 +0000
+
+ upstream commit
+
+ support =- for removing methods from algorithms lists,
+ e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
+ it" markus@
+
+ Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
+
+commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Feb 3 05:05:56 2017 +0000
+
+ upstream commit
+
+ allow form-feed characters at EOL; bz#2431 ok dtucker@
+
+ Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
+
+commit 523db8540b720c4d21ab0ff6f928476c70c38aab
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Feb 3 16:01:22 2017 +1100
+
+ prefer to use ldns-config to find libldns
+
+ Should fix bz#2603 - "Build with ldns and without kerberos support
+ fails if ldns compiled with kerberos support" by including correct
+ cflags/libs
+
+ ok dtucker@
+
+commit c998bf0afa1a01257a53793eba57941182e9e0b7
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Feb 3 02:56:00 2017 +0000
+
+ upstream commit
+
+ Make ssh_packet_set_rekey_limits take u32 for the number of
+ seconds until rekeying (negative values are rejected at config parse time).
+ This allows the removal of some casts and a signed vs unsigned comparison
+ warning.
+
+ rekey_time is cast to int64 for the comparison which is a no-op
+ on OpenBSD, but should also do the right thing in -portable on
+ anything still using 32bit time_t (until the system time actually
+ wraps, anyway).
+
+ some early guidance deraadt@, ok djm@
+
+ Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
+
+commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422
+Author: jsg at openbsd.org <jsg at openbsd.org>
+Date: Thu Feb 2 10:54:25 2017 +0000
+
+ upstream commit
+
+ In vasnmprintf() return an error if malloc fails and
+ don't set a function argument to the address of free'd memory.
+
+ ok djm@
+
+ Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
+
+commit 858252fb1d451ebb0969cf9749116c8f0ee42753
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed Feb 1 02:59:09 2017 +0000
+
+ upstream commit
+
+ Return true reason for port forwarding failures where
+ feasible rather than always "administratively prohibited". bz#2674, ok djm@
+
+ Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
+
+commit 6ba9f893838489add6ec4213c7a997b425e4a9e0
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Jan 30 23:27:39 2017 +0000
+
+ upstream commit
+
+ Small correction to the known_hosts section on when it is
+ updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
+ sdf.org
+
+ Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
+
+commit c61d5ec3c11e7ff9779b6127421d9f166cf10915
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Feb 3 14:10:34 2017 +1100
+
+ Remove _XOPEN_SOURCE from wide char detection.
+
+ Having _XOPEN_SOURCE unconditionally causes problems on some platforms
+ and configurations, notably Solaris 64-bit binaries. It was there for
+ the benefit of Linux put the required bits in the *-*linux* section.
+
+ Patch from yvoinov at gmail.com.
+
+commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 05:22:14 2017 +0000
+
+ upstream commit
+
+ fully unbreak: some $SSH invocations did not have -F
+ specified and could pick up the ~/.ssh/config of the user running the tests
+
+ Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
+
+commit 6956e21fb26652887475fe77ea40d2efcf25908b
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 04:54:07 2017 +0000
+
+ upstream commit
+
+ partially unbreak: was not specifying hostname on some
+ $SSH invocations
+
+ Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
+
+commit 52763dd3fe0a4678dafdf7aeb32286e514130afc
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 01:03:00 2017 +0000
+
+ upstream commit
+
+ revise keys/principals command hang fix (bz#2655) to
+ consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
+ dtucker@
+
+ Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
+
+commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 00:38:50 2017 +0000
+
+ upstream commit
+
+ small cleanup post SSHv1 removal:
+
+ remove SSHv1-isms in commented examples
+
+ reorder token table to group deprecated and compile-time conditional tokens
+ better
+
+ fix config dumping code for some compile-time conditional options that
+ weren't being correctly skipped (SSHv1 and PKCS#11)
+
+ Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
+
+commit 4833d01591b7eb049489d9558b65f5553387ed43
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 00:34:01 2017 +0000
+
+ upstream commit
+
+ some explicit NULL tests when dumping configured
+ forwardings; from Karsten Weiss
+
+ Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
+
+commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 00:32:28 2017 +0000
+
+ upstream commit
+
+ misplaced braces in test; from Karsten Weiss
+
+ Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
+
+commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jan 30 00:32:03 2017 +0000
+
+ upstream commit
+
+ don't dereference authctxt before testing != NULL, it
+ causes compilers to make assumptions; from Karsten Weiss
+
+ Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
+
+commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Jan 6 02:51:16 2017 +0000
+
+ upstream commit
+
+ use correct ssh-add program; bz#2654, from Colin Watson
+
+ Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
+
+commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Jan 6 02:26:10 2017 +0000
+
+ upstream commit
+
+ Account for timeouts in the integrity tests as failures.
+
+ If the first test in a series for a given MAC happens to modify the low
+ bytes of a packet length, then ssh will time out and this will be
+ interpreted as a test failure. Patch from cjwatson at debian.org via
+ bz#2658.
+
+ Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list