forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
2666 lines (2522 loc) · 118 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
20140130
- (djm) [configure.ac] Only check for width-specified integer types
in headers that actually exist. patch from Tom G. Christensen;
ok dtucker@
- (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
different symbols for 'read' when various compiler flags are
in use, causing atomicio.c comparisons against it to break and
read/write operations to hang; ok dtucker
- (djm) Release openssh-6.5p1
20140129
- (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
Tom G. Christensen
20140128
- (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
ok dtucker
- (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
latter being specified to have undefined behaviour in SUSv3;
ok dtucker
- (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
when used as an error message inside an if statement so we display the
correct into. agent.sh patch from Petr Lautrbach.
20140127
- (dtucker) [Makefile.in] Remove trailing backslash which some make
implementations (eg older Solaris) do not cope with.
20140126
- OpenBSD CVS Sync
- [email protected] 2014/01/25 10:12:50
[cipher.c cipher.h kex.c kex.h kexgexc.c]
Add a special case for the DH group size for 3des-cbc, which has an
effective strength much lower than the key size. This causes problems
with some cryptlib implementations, which don't support group sizes larger
than 4k but also don't use the largest group size it does support as
specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
reduced by me with input from Markus. ok djm@ markus@
- [email protected] 2014/01/25 20:35:37
[kex.c]
dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
ok dtucker@, noted by mancha
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
- (djm) [configure.ac] correct AC_DEFINE for previous.
20140125
- (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
- (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
sys/capability.h exists and cap_rights_limit is in libc. Fixes
build on FreeBSD9x which provides the header but not the libc
support.
- (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
against the correct thing.
20140124
- (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
the scp regress test actually test the built scp rather than the one
in $PATH. ok dtucker@
20140123
- (tim) [session.c] Improve error reporting on set_id().
- (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
incompatible with OpenBSD's despite post-dating it by more than a decade.
Declare it as broken, and document FreeBSD's as the same. ok djm@
20140122
- (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
platform that is expected to use the reuse-argv style setproctitle
hack surprises us by providing a setproctitle in libc; ok dtucker
- (djm) [configure.ac] Unless specifically requested, only attempt
to build Position Independent Executables on gcc >= 4.x; ok dtucker
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
platform hardening options: include some long long int arithmatic
to detect missing support functions for -ftrapv in libgcc and
equivalents, actually test linking when -ftrapv is supplied and
set either both -pie/-fPIE or neither. feedback and ok dtucker@
20140121
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
- (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
tests in the configure output. ok djm.
- (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
with sftp chroot support. Move set_id call after chroot.
- (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
detecting toolchain-related problems; ok dtucker
20140120
- (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
implementation does not have krb5_cc_new_unique, similar to what we do
in auth-krb5.c.
- (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
- (djm) OpenBSD CVS Sync
- [email protected] 2014/01/20 00:08:48
[digest.c]
memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
20140119
- (dtucker) OpenBSD CVS Sync
- [email protected] 2014/01/17 06:23:24
[sftp-server.c]
fix log message statvfs. ok djm
- [email protected] 2014/01/18 09:36:26
[session.c]
explicitly define USE_PIPES to 1 to prevent redefinition warnings in
portable on platforms that use pipes for everything. From vinschen at
redhat.
- [email protected] 2014/01/19 04:17:29
[canohost.c addrmatch.c]
Cast socklen_t when comparing to size_t and use socklen_t to iterate over
the ip options, both to prevent signed/unsigned comparison warnings.
Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
- [email protected] 2014/01/19 04:48:08
[ssh_config.5]
fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
- [email protected] 2014/01/19 11:21:51
[addrmatch.c]
Cast the sizeof to socklen_t so it'll work even if the supplied len is
negative. Suggested by and ok djm, ok deraadt.
20140118
- (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch
from vinschen at redhat.com
- (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
declarations that stopped being included when we stopped including
<windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
redhat.com.
- (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
optind) are defined in getopt.h already. Unfortunately they are defined as
"declspec(dllimport)" for historical reasons, because the GNU linker didn't
allow auto-import on PE/COFF targets way back when. The problem is the
dllexport attributes collide with the definitions in the various source
files in OpenSSH, which obviousy define the variables without
declspec(dllimport). The least intrusive way to get rid of these warnings
is to disable warnings for GCC compiler attributes when building on Cygwin.
Patch from vinschen at redhat.com.
- (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
return value check for cap_enter() consistent with the other uses in
FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140.
20140117
- (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
hardening flags including -fstack-protector-strong. These default to on
if the toolchain supports them, but there is a configure-time knob
(--without-hardening) to disable them if necessary. ok djm@
- (djm) [sftp-client.c] signed/unsigned comparison fix
- (dtucker) [loginrec.c] Cast to the types specfied in the format
specification to prevent warnings.
- (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
- (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
- (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
includes.h to pull in all of the compatibility stuff.
- (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
#ifdef HAVE_STDINT_H.
- (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
don't have them.
- (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
separate lines and alphabetize for easier diffing of changes.
- (dtucker) OpenBSD CVS Sync
- [email protected] 2014/01/17 00:21:06
[sftp-client.c]
signed/unsigned comparison warning fix; from portable (Id sync only)
- [email protected] 2014/01/17 05:26:41
[digest.c]
remove unused includes. ok djm@
- (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
[sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
- (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
openbsd-compat/openssl-compat.h] Add compatibility layer for older
openssl versions. ok djm@
- (dtucker) Fix typo in #ifndef.
- (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
to be useful (and for the regression tests to pass) on platforms that
have statfs and fstatfs. ok djm@
- (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
need them to cut down on the name collisions.
- (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
- (dtucker) [configure.ac] Have --without-hardening not turn off
stack-protector since that has a separate flag that's been around a while.
- (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
Solaris.
- (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
they're defined if we have to define them ourselves. Fixes builds on old
AIX.
20140118
- (djm) OpenBSD CVS Sync
- [email protected] 2014/01/16 07:31:09
[sftp-client.c]
needless and incorrect cast to size_t can break resumption of
large download; patch from tobias@
- [email protected] 2014/01/16 07:32:00
[version.h]
openssh-6.5
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Crank RPM spec version numbers.
- (djm) [README] update release notes URL.
20140112
- (djm) OpenBSD CVS Sync
- [email protected] 2014/01/10 05:59:19
[sshd_config]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too
- [email protected] 2014/01/12 08:13:13
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
[kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
avoid use of OpenSSL BIGNUM type and functions for KEX with
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
20140110
- (djm) OpenBSD CVS Sync
- [email protected] 2014/01/04 17:50:55
[mac.c monitor_mm.c monitor_mm.h xmalloc.c]
use standard types and formats for size_t like variables. ok dtucker
- [email protected] 2014/01/09 03:26:00
[sftp-common.c]
When formating the time for "ls -l"-style output, show dates in the future
with the year, and rearrange a comparison to avoid a potentional signed
arithmetic overflow that would give the wrong result.
ok djm@
- [email protected] 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
- [email protected] 2014/01/09 23:26:48
[sshconnect.c sshd.c]
ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
deranged and might make some attacks on KEX easier; ok markus@
20140108
- (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
20131231
- (djm) OpenBSD CVS Sync
- [email protected] 2013/12/30 23:52:28
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
[sshconnect.c sshconnect2.c sshd.c]
refuse RSA keys from old proprietary clients/servers that use the
obsolete RSA+MD5 signature scheme. it will still be possible to connect
with these clients/servers but only DSA keys will be accepted, and we'll
deprecate them entirely in a future release. ok markus@
20131229
- (djm) [loginrec.c] Check for username truncation when looking up lastlog
entries
- (djm) [regress/Makefile] Add some generated files for cleaning
- (djm) OpenBSD CVS Sync
- [email protected] 2013/12/19 00:10:30
[ssh-add.c]
skip requesting smartcard PIN when removing keys from agent; bz#2187
patch from jay AT slushpupie.com; ok dtucker
- [email protected] 2013/12/19 00:19:12
[serverloop.c]
Cast client_alive_interval to u_int64_t before assinging to
max_time_milliseconds to avoid potential integer overflow in the timeout.
bz#2170, patch from Loganaden Velvindron, ok djm@
- [email protected] 2013/12/19 00:27:57
[auth-options.c]
simplify freeing of source-address certificate restriction
- [email protected] 2013/12/19 01:04:36
[channels.c]
bz#2147: fix multiple remote forwardings with dynamically assigned
listen ports. In the s->c message to open the channel we were sending
zero (the magic number to request a dynamic port) instead of the actual
listen port. The client therefore had no way of discriminating between
them.
Diagnosis and fix by ronf AT timeheart.net
- [email protected] 2013/12/19 01:19:41
[ssh-agent.c]
bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
ok dtucker
- [email protected] 2013/12/19 22:57:13
[poly1305.c poly1305.h]
use full name for author, with his permission
- [email protected] 2013/12/21 07:10:47
[ssh-keygen.1]
small typo
- [email protected] 2013/12/27 22:30:17
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
- [email protected] 2013/12/27 22:37:18
[ssh-rsa.c]
correct comment
- [email protected] 2013/12/29 02:28:10
[key.c]
allow ed25519 keys to appear as certificate authorities
- [email protected] 2013/12/29 02:37:04
[key.c]
correct comment for key_to_certified()
- [email protected] 2013/12/29 02:49:52
[key.c]
correct comment for key_drop_cert()
- [email protected] 2013/12/29 04:20:04
[key.c]
to make sure we don't omit any key types as valid CA keys again,
factor the valid key type check into a key_type_is_valid_ca()
function
- [email protected] 2013/12/29 04:29:25
[authfd.c]
allow deletion of ed25519 keys from the agent
- [email protected] 2013/12/29 04:35:50
[authfile.c]
don't refuse to load Ed25519 certificates
- [email protected] 2013/12/29 05:42:16
[ssh.c]
don't forget to load Ed25519 certs too
- [email protected] 2013/12/29 05:57:02
[sshconnect.c]
when showing other hostkeys, don't forget Ed25519 keys
20131221
- (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
20131219
- (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
- (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
Patch from Loganaden Velvindron.
20131218
- (djm) OpenBSD CVS Sync
- [email protected] 2013/12/07 08:08:26
[ssh-keygen.1]
document -a and -o wrt new key format
- [email protected] 2013/12/07 11:58:46
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
add missing mentions of ed25519; ok djm@
- [email protected] 2013/12/08 09:53:27
[sshd_config.5]
Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
- [email protected] 2013/12/09 11:03:45
[blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
Add Authors for the public domain ed25519/nacl code.
see also http://nacl.cr.yp.to/features.html
All of the NaCl software is in the public domain.
and http://ed25519.cr.yp.to/software.html
The Ed25519 software is in the public domain.
- [email protected] 2013/12/09 11:08:17
[crypto_api.h]
remove unused defines
- [email protected] 2013/12/15 18:17:26
[ssh-add.c]
Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
ok markus@
- [email protected] 2013/12/15 21:42:35
[cipher-chachapoly.c]
add some comments and constify a constant
- [email protected] 2013/12/17 10:36:38
[crypto_api.h]
I've assempled the header file by cut&pasting from generated headers
and the source files.
20131208
- (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
Vinschen
- (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
[regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
filesystem before running agent-ptrace.sh; ok dtucker
20131207
- (djm) OpenBSD CVS Sync
- [email protected] 2013/12/05 22:59:45
[sftp-client.c]
fix memory leak in error path in do_readdir(); pointed out by
Loganaden Velvindron @ AfriNIC in bz#2163
- [email protected] 2013/12/06 03:40:51
[ssh-keygen.c]
remove duplicated character ('g') in getopt() string;
document the (few) remaining option characters so we don't have to
rummage next time.
- [email protected] 2013/12/06 13:30:08
[authfd.c key.c key.h ssh-agent.c]
move private key (de)serialization to key.c; ok djm
- [email protected] 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
- [email protected] 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
[servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
[ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
[sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
[fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
support ed25519 keys (hostkeys and user identities) using the public
domain ed25519 reference code from SUPERCOP, see
http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
- [email protected] 2013/12/06 15:29:07
[sshd.8]
missing comma;
- [email protected] 2013/12/07 00:19:15
[key.c]
set k->cert = NULL after freeing it
- [email protected] 2013/12/06 13:52:46
[regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
[regress/cert-userkey.sh regress/keytype.sh]
test ed25519 support; from djm@
- (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
- (djm) [Makefile.in] Add ed25519 sources
- (djm) [authfile.c] Conditionalise inclusion of util.h
- (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
- (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
Linux
- (djm) [regress/cert-hostkey.sh] Fix merge botch
- (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
Loganaden Velvindron @ AfriNIC in bz#2179
20131205
- (djm) OpenBSD CVS Sync
- [email protected] 2013/11/21 08:05:09
[ssh_config.5 sshd_config.5]
no need for .Pp before displays;
- [email protected] 2013/11/25 18:04:21
[ssh.1 ssh.c]
improve -Q usage and such. One usage change is that the option is now
case-sensitive
ok dtucker markus djm
- [email protected] 2013/11/26 12:14:54
[ssh.1 ssh.c]
- put -Q in the right place
- Ar was a poor choice for the arguments to -Q. i've chosen an
admittedly equally poor Cm, at least consistent with the rest
of the docs. also no need for multiple instances
- zap a now redundant Nm
- usage() sync
- [email protected] 2013/11/26 19:15:09
[pkcs11.h]
cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
Eitan Adler ok markus for ssh, implies same change in kerberosV
- [email protected] 2013/12/01 23:19:05
[PROTOCOL]
mention [email protected] key exchange algorithm
- [email protected] 2013/12/02 02:50:27
[PROTOCOL.chacha20poly1305]
typo; from Jon Cave
- [email protected] 2013/12/02 02:56:17
[ssh-pkcs11-helper.c]
use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
- [email protected] 2013/12/02 03:09:22
[key.c]
make key_to_blob() return a NULL blob on failure; part of
bz#2175 from Loganaden Velvindron @ AfriNIC
- [email protected] 2013/12/02 03:13:14
[cipher.c]
correct bzero of chacha20+poly1305 key context. bz#2177 from
Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
- [email protected] 2013/12/04 04:20:01
[sftp-client.c]
bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
AfriNIC
- [email protected] 2013/12/05 01:16:41
[servconf.c servconf.h]
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time;
with and ok dtucker@
- (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
-L location for libedit. Patch from Serge van den Boom.
20131121
- (djm) OpenBSD CVS Sync
- [email protected] 2013/11/08 11:15:19
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
[uidswap.c] Include stdlib.h for free() as per the man page.
- [email protected] 2013/11/13 13:48:20
[ssh-pkcs11.c]
add missing braces found by pedro
- [email protected] 2013/11/20 02:19:01
[sshd.c]
delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.
- [email protected] 2013/11/20 20:53:10
[scp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
- [email protected] 2013/11/20 20:54:10
[canohost.c clientloop.c match.c readconf.c sftp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
- [email protected] 2013/11/21 00:45:44
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "[email protected]" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
- [email protected] 2013/11/18 05:09:32
[regress/forward-control.sh]
bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
to successfully run this; ok djm@
- [email protected] 2013/11/21 03:15:46
[regress/krl.sh]
add some reminders for additional tests that I'd like to implement
- [email protected] 2013/11/21 03:16:47
[regress/modpipe.c]
use unsigned long long instead of u_int64_t here to avoid warnings
on some systems portable OpenSSH is built on.
- [email protected] 2013/11/21 03:18:51
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new [email protected] mode is tested;
ok markus@ and naddy@ as part of the diff to add
20131110
- (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
querying the ones that are compiled in.
20131109
- (dtucker) OpenBSD CVS Sync
- [email protected] 2013/11/09 05:41:34
[regress/test-exec.sh regress/rekey.sh]
Use smaller test data files to speed up tests. Grow test datafiles
where necessary for a specific test.
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
- (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
- (dtucker) [configure.ac] Add missing "test".
- (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
20131108
- (dtucker) OpenBSD CVS Sync
- [email protected] 2013/11/08 01:06:14
[regress/rekey.sh]
Rekey less frequently during tests to speed them up
- (djm) OpenBSD CVS Sync
- [email protected] 2013/11/07 11:58:27
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
Output the effective values of Ciphers, MACs and KexAlgorithms when
the default has not been overridden. ok markus@
- [email protected] 2013/11/08 00:39:15
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
[clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
[sftp-client.c sftp-glob.c]
use calloc for all structure allocations; from markus@
- [email protected] 2013/11/08 01:38:11
[version.h]
openssh-6.4
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update version numbers following release.
- (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
arc4random_stir for platforms that have arc4random but don't have
arc4random_stir (right now this is only OpenBSD -current).
- (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
EVP_sha256.
- (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
- (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
warnings.
- (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
and pass in TEST_ENV. use stderr to get polluted
and the stderr-data test to fail.
- (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
rather than testing and generating each key, call ssh-keygen -A.
Patch from vinschen at redhat.com.
- (dtucker) OpenBSD CVS Sync
- [email protected] 2013/11/09 05:41:34
[regress/test-exec.sh regress/rekey.sh]
Use smaller test data files to speed up tests. Grow test datafiles
where necessary for a specific test.
20131107
- (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
that got lost in recent merge.
- (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
- (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
that lack it but have arc4random_uniform()
- (djm) OpenBSD CVS Sync
- [email protected] 2013/11/04 11:51:16
[monitor.c]
fix rekeying for KEX_C25519_SHA256; noted by dtucker@
RCSID sync only; I thought this was a merge botch and fixed it already
- [email protected] 2013/11/06 16:52:11
[monitor_wrap.c]
fix rekeying for AES-GCM modes; ok deraadt
- [email protected] 2013/11/06 23:05:59
[ssh-pkcs11.c]
from portable: s/true/true_val/ to avoid name collisions on dump platforms
RCSID sync only
- (dtucker) OpenBSD CVS Sync
- [email protected] 2013/10/09 23:44:14
[regress/Makefile] (ID sync only)
regression test for sftp request white/blacklisting and readonly mode.
- [email protected] 2013/11/02 22:39:53
[regress/kextype.sh]
- [email protected] 2013/11/04 12:27:42
[regress/rekey.sh]
Test rekeying with all KexAlgorithms.
- [email protected] 2013/11/07 00:12:05
[regress/rekey.sh]
Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
the GCM ciphers.
- [email protected] 2013/11/07 01:12:51
[regress/rekey.sh]
Factor out the data transfer rekey tests
- [email protected] 2013/11/07 02:48:38
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
Use ssh -Q instead of hardcoding lists of ciphers or MACs.
- [email protected] 2013/11/07 03:55:41
[regress/kextype.sh]
Use ssh -Q to get kex types instead of a static list.
- [email protected] 2013/11/07 04:26:56
[regress/kextype.sh]
trailing space
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
20131104
- (djm) OpenBSD CVS Sync
- [email protected] 2013/11/02 20:03:54
[ssh-pkcs11.c]
support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
fixes bz#1908; based on patch from Laurent Barbe; ok djm
- [email protected] 2013/11/02 21:59:15
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange ([email protected]);
initial patch from Aris Adamantiadis; ok djm@
- [email protected] 2013/11/02 22:10:15
[kexdhs.c kexecdhs.c]
no need to include monitor_wrap.h
- [email protected] 2013/11/02 22:24:24
[kexdhs.c kexecdhs.c]
no need to include ssh-gss.h
- [email protected] 2013/11/02 22:34:01
[auth-options.c]
no need to include monitor_wrap.h and ssh-gss.h
- [email protected] 2013/11/02 22:39:19
[ssh_config.5 sshd_config.5]
the default kex is now [email protected]
- [email protected] 2013/11/03 10:37:19
[roaming_common.c]
fix a couple of function definitions foo() -> foo(void)
(-Wold-style-definition)
- (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
KEX/curve25519 change
20131103
- (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
a no-op in OpenSSH). From chl at openbsd.
- (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
vsnprintf. From eric at openbsd via chl@.
- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
for platforms that don't have them.
20131030
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/29 09:42:11
[key.c key.h]
fix potential stack exhaustion caused by nested certificates;
report by Mateusz Kocielski; ok dtucker@ markus@
- [email protected] 2013/10/29 09:48:02
[servconf.c servconf.h session.c sshd_config sshd_config.5]
shd_config PermitTTY to disallow TTY allocation, mirroring the
longstanding no-pty authorized_keys option;
bz#2070, patch from Teran McKinney; ok markus@
- [email protected] 2013/10/29 18:49:32
[sshd_config.5]
pty(4), not pty(7);
20131026
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/25 23:04:51
[ssh.c]
fix crash when using ProxyCommand caused by previous commit - was calling
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
20131025
- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
20131024
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/23 05:40:58
[servconf.c]
fix comment
- [email protected] 2013/10/23 23:35:32
[sshd.c]
include local address and port in "Connection from ..." message (only
shown at loglevel>=verbose)
- [email protected] 2013/10/24 00:49:49
[moduli.c]
Periodically print progress and, if possible, expected time to completion
when screening moduli for DH groups. ok deraadt djm
- [email protected] 2013/10/24 00:51:48
[readconf.c servconf.c ssh_config.5 sshd_config.5]
Disallow empty Match statements and add "Match all" which matches
everything. ok djm, man page help jmc@
- [email protected] 2013/10/24 08:19:36
[ssh.c]
fix bug introduced in hostname canonicalisation commit: don't try to
resolve hostnames when a ProxyCommand is set unless the user has forced
canonicalisation; spotted by Iain Morgan
- (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
20131023
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/20 04:39:28
[ssh_config.5]
document % expansions performed by "Match command ..."
- [email protected] 2013/10/20 06:19:28
[readconf.c ssh_config.5]
rename "command" subclause of the recently-added "Match" keyword to
"exec"; it's shorter, clearer in intent and we might want to add the
ability to match against the command being executed at the remote end in
the future.
- [email protected] 2013/10/20 09:51:26
[scp.1 sftp.1]
add canonicalisation options to -o lists
- [email protected] 2013/10/20 18:00:13
[ssh_config.5]
tweak the "exec" description, as worded by djm;
- [email protected] 2013/10/23 03:03:07
[readconf.c]
Hostname may have %h sequences that should be expanded prior to Match
evaluation; spotted by Iain Morgan
- [email protected] 2013/10/23 03:05:19
[readconf.c ssh.c]
comment
- [email protected] 2013/10/23 04:16:22
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
20131018
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/09 23:44:14
[regress/Makefile regress/sftp-perm.sh]
regression test for sftp request white/blacklisting and readonly mode.
- [email protected] 2013/10/17 07:35:48
[sftp.1 sftp.c]
tweak previous;
- [email protected] 2013/10/17 22:08:04
[sshd.c]
include remote port in bad banner message; bz#2162
20131017
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/15 14:10:25
[ssh.1 ssh_config.5]
tweak previous;
- [email protected] 2013/10/16 02:31:47
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
[sshconnect.c sshconnect.h]
Implement client-side hostname canonicalisation to allow an explicit
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
- [email protected] 2013/10/16 06:42:25
[ssh_config.5]
tweak previous;
- [email protected] 2013/10/16 22:49:39
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
s/canonicalise/canonicalize/ for consistency with existing spelling,
e.g. authorized_keys; pointed out by naddy@
- [email protected] 2013/10/16 22:58:01
[ssh.c ssh_config.5]
one I missed in previous: s/isation/ization/
- [email protected] 2013/10/17 00:30:13
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
[email protected] protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
- [email protected] 2013/10/17 00:46:49
[ssh.c]
rearrange check to reduce diff against -portable
(Id sync only)
20131015
- (djm) OpenBSD CVS Sync
- [email protected] 2013/10/09 23:42:17
[sftp-server.8 sftp-server.c]
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks.
Make global variables static, since sftp-server is linked into sshd(8).
ok dtucker@
- [email protected] 2013/10/10 00:53:25
[sftp-server.c]
add -Q, -P and -p to usage() before jmc@ catches me
- [email protected] 2013/10/10 01:43:03
[sshd.c]
bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
updated; ok dtucker@
- [email protected] 2013/10/11 02:45:36
[sftp-client.c]
rename flag arguments to be more clear and consistent.
reorder some internal function arguments to make adding additional flags
easier.
no functional change
- [email protected] 2013/10/11 02:52:23
[sftp-client.c]
missed one arg reorder
- [email protected] 2013/10/11 02:53:45
[sftp-client.h]
obsolete comment
- [email protected] 2013/10/14 14:18:56
[sftp-server.8 sftp-server.c]
tweak previous;
ok djm
- [email protected] 2013/10/14 21:20:52
[session.c session.h]
Add logging of session starts in a useful format; ok markus@ feedback and
ok dtucker@
- [email protected] 2013/10/14 22:22:05
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
add a "Match" keyword to ssh_config that allows matching on hostname,
user and result of arbitrary commands. "nice work" markus@
- [email protected] 2013/10/14 23:28:23
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
refactor client config code a little:
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
- [email protected] 2013/10/14 23:31:01
[ssh.c]
whitespace at EOL; pointed out by markus@
- [ssh.c] g/c unused variable.
20131010
- (dtucker) OpenBSD CVS Sync
- [email protected] 2013/09/16 11:35:43
[ssh_config]
Remove gssapi config parts from ssh_config, as was already done for
sshd_config. Req by/ok ajacoutot@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
- [email protected] 2013/09/19 00:24:52
[progressmeter.c]
store the initial file offset so the progress meter doesn't freak out
when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@`
- [email protected] 2013/09/19 00:49:12
[sftp-client.c]
fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
- [email protected] 2013/09/19 01:24:46
[channels.c]
bz#1297 - tell the client (via packet_send_debug) when their preferred
listen address has been overridden by the server's GatewayPorts;
ok dtucker@
- [email protected] 2013/09/19 01:26:29
[sshconnect.c]
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
- [email protected] 2013/10/08 11:42:13
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
20131009
- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
in OpenBSD implementation of arc4random, shortly to replace the existing
bsd-arc4random.c
- (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
tested tim@
20130922
- (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
setting when handling SIGHUP to maintain behaviour over retart. Patch
from Matthew Ife.
20130918
- (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
20130914
- (djm) OpenBSD CVS Sync
- [email protected] 2013/08/22 19:02:21
[sshd.c]
Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@
- [email protected] 2013/08/28 12:34:27
[ssh-keygen.c]
improve batch processing a bit by making use of the quite flag a bit
more often and exit with a non zero code if asked to find a hostname
in a known_hosts file and it wasn't there;
originally from reyk@, ok djm
- [email protected] 2013/08/31 00:13:54
[sftp.c]
make ^w match ksh behaviour (delete previous word instead of entire line)
- [email protected] 2013/09/02 22:00:34
[ssh-keygen.c sshconnect1.c sshd.c]
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually,
this was probably reducing the entropy available.
ok djm
ID SYNC ONLY for portable; we don't trust other arc4random implementations
to do this right.
- [email protected] 2013/09/07 13:53:11
[sshd_config]
Remove commented-out kerberos/gssapi config options from sample config,
kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
various people; ok deraadt@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
- [email protected] 2013/09/12 01:41:12
[clientloop.c]
fix connection crash when sending break (~B) on ControlPersist'd session;
ok dtucker@
- [email protected] 2013/09/13 06:54:34
[channels.c]
avoid unaligned access in code that reused a buffer to send a
struct in_addr in a reply; simpler just use use buffer_put_int();
from portable; spotted by and ok dtucker@
20130828
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
start to use them in the future.
- (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
until we have configure support.
20130821
- (djm) OpenBSD CVS Sync
- [email protected] 2013/08/06 23:03:49
[sftp.c]
fix some whitespace at EOL
make list of commands an enum rather than a long list of defines
add -a to usage()
- [email protected] 2013/08/06 23:05:01
[sftp.1]
document top-level -a option (the -a option to 'get' was already
documented)
- [email protected] 2013/08/06 23:06:01
[servconf.c]
add cast to avoid format warning; from portable
- [email protected] 2013/08/07 06:24:51
[sftp.1 sftp.c]
sort -a;
- [email protected] 2013/08/08 04:52:04
[sftp.c]
fix two year old regression: symlinking a file would incorrectly
canonicalise the target path. bz#2129 report from delphij AT freebsd.org
- [email protected] 2013/08/08 05:04:03
[sftp-client.c sftp-client.h sftp.c]
add a "-l" flag for the rename command to force it to use the silly