Date: Mon, 31 Mar 2014 14:39:57 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r263970 - in stable/9: . crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cry... Message-ID: <201403311439.s2VEdvlR025063@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Mon Mar 31 14:39:56 2014 New Revision: 263970 URL: http://svnweb.freebsd.org/changeset/base/263970 Log: MFH (r237568, r255422, r255460, r255766, r255767, r255774, r255829, r256126, r257954, r261320, r261499, r263691, r263712): upgrade to OpenSSH 6.6p1 via 6.3p1, 6.4p1 and 6.5p1. Differences relative to head: - No DNSSEC support since stable/9 does not have LDNS - Sandboxing off by default, and uses rlimit instead of Capsicum - ED25519 moved to the bottom of the order of preference to avoid "new public key" warnings Added: stable/9/crypto/openssh/Makefile.in - copied, changed from r255774, head/crypto/openssh/Makefile.in stable/9/crypto/openssh/PROTOCOL.chacha20poly1305 - copied unchanged from r261320, head/crypto/openssh/PROTOCOL.chacha20poly1305 stable/9/crypto/openssh/PROTOCOL.key - copied unchanged from r261320, head/crypto/openssh/PROTOCOL.key stable/9/crypto/openssh/blocks.c - copied unchanged from r261320, head/crypto/openssh/blocks.c stable/9/crypto/openssh/buildpkg.sh.in - copied unchanged from r255774, head/crypto/openssh/buildpkg.sh.in stable/9/crypto/openssh/chacha.c - copied unchanged from r261320, head/crypto/openssh/chacha.c stable/9/crypto/openssh/chacha.h - copied unchanged from r261320, head/crypto/openssh/chacha.h stable/9/crypto/openssh/cipher-chachapoly.c - copied, changed from r261320, head/crypto/openssh/cipher-chachapoly.c stable/9/crypto/openssh/cipher-chachapoly.h - copied unchanged from r261320, head/crypto/openssh/cipher-chachapoly.h stable/9/crypto/openssh/config.sub - copied unchanged from r255774, head/crypto/openssh/config.sub stable/9/crypto/openssh/configure - copied, changed from r255774, head/crypto/openssh/configure stable/9/crypto/openssh/configure.ac - copied, changed from r255774, head/crypto/openssh/configure.ac stable/9/crypto/openssh/contrib/ - copied from r255774, head/crypto/openssh/contrib/ stable/9/crypto/openssh/crypto_api.h - copied unchanged from r261320, head/crypto/openssh/crypto_api.h stable/9/crypto/openssh/digest-libc.c - copied unchanged from r263712, head/crypto/openssh/digest-libc.c stable/9/crypto/openssh/digest-openssl.c - copied unchanged from r263712, head/crypto/openssh/digest-openssl.c stable/9/crypto/openssh/digest.h - copied, changed from r261320, head/crypto/openssh/digest.h stable/9/crypto/openssh/ed25519.c - copied unchanged from r261320, head/crypto/openssh/ed25519.c stable/9/crypto/openssh/fe25519.c - copied unchanged from r261320, head/crypto/openssh/fe25519.c stable/9/crypto/openssh/fe25519.h - copied unchanged from r261320, head/crypto/openssh/fe25519.h stable/9/crypto/openssh/fixalgorithms - copied unchanged from r255767, head/crypto/openssh/fixalgorithms stable/9/crypto/openssh/freebsd-configure.sh - copied unchanged from r255829, head/crypto/openssh/freebsd-configure.sh stable/9/crypto/openssh/freebsd-post-merge.sh - copied unchanged from r263691, head/crypto/openssh/freebsd-post-merge.sh stable/9/crypto/openssh/freebsd-pre-merge.sh - copied unchanged from r263691, head/crypto/openssh/freebsd-pre-merge.sh stable/9/crypto/openssh/ge25519.c - copied unchanged from r261320, head/crypto/openssh/ge25519.c stable/9/crypto/openssh/ge25519.h - copied unchanged from r261320, head/crypto/openssh/ge25519.h stable/9/crypto/openssh/ge25519_base.data - copied unchanged from r261320, head/crypto/openssh/ge25519_base.data stable/9/crypto/openssh/hash.c - copied unchanged from r261320, head/crypto/openssh/hash.c stable/9/crypto/openssh/hmac.c - copied unchanged from r263712, head/crypto/openssh/hmac.c stable/9/crypto/openssh/hmac.h - copied unchanged from r263712, head/crypto/openssh/hmac.h stable/9/crypto/openssh/install-sh - copied unchanged from r255774, head/crypto/openssh/install-sh stable/9/crypto/openssh/kexc25519.c - copied, changed from r261320, head/crypto/openssh/kexc25519.c stable/9/crypto/openssh/kexc25519c.c - copied unchanged from r261320, head/crypto/openssh/kexc25519c.c stable/9/crypto/openssh/kexc25519s.c - copied unchanged from r261320, head/crypto/openssh/kexc25519s.c stable/9/crypto/openssh/krb5_config.h - copied, changed from r255829, head/crypto/openssh/krb5_config.h stable/9/crypto/openssh/mdoc2man.awk - copied unchanged from r255774, head/crypto/openssh/mdoc2man.awk stable/9/crypto/openssh/moduli.0 - copied, changed from r255774, head/crypto/openssh/moduli.0 stable/9/crypto/openssh/nchan.ms - copied unchanged from r255774, head/crypto/openssh/nchan.ms stable/9/crypto/openssh/nchan2.ms - copied unchanged from r255774, head/crypto/openssh/nchan2.ms stable/9/crypto/openssh/openbsd-compat/Makefile.in - copied, changed from r255774, head/crypto/openssh/openbsd-compat/Makefile.in stable/9/crypto/openssh/openbsd-compat/arc4random.c - copied unchanged from r261320, head/crypto/openssh/openbsd-compat/arc4random.c stable/9/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c - copied unchanged from r261320, head/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c stable/9/crypto/openssh/openbsd-compat/blf.h - copied unchanged from r261320, head/crypto/openssh/openbsd-compat/blf.h stable/9/crypto/openssh/openbsd-compat/blowfish.c (contents, props changed) - copied, changed from r261320, head/crypto/openssh/openbsd-compat/blowfish.c stable/9/crypto/openssh/openbsd-compat/chacha_private.h - copied unchanged from r261320, head/crypto/openssh/openbsd-compat/chacha_private.h stable/9/crypto/openssh/openbsd-compat/explicit_bzero.c - copied unchanged from r263712, head/crypto/openssh/openbsd-compat/explicit_bzero.c stable/9/crypto/openssh/openbsd-compat/getopt.h - copied unchanged from r255767, head/crypto/openssh/openbsd-compat/getopt.h stable/9/crypto/openssh/openbsd-compat/getopt_long.c - copied unchanged from r255767, head/crypto/openssh/openbsd-compat/getopt_long.c stable/9/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c - copied, changed from r255422, head/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c stable/9/crypto/openssh/openbsd-compat/regress/ - copied from r255774, head/crypto/openssh/openbsd-compat/regress/ stable/9/crypto/openssh/openbsd-compat/strnlen.c - copied unchanged from r255422, head/crypto/openssh/openbsd-compat/strnlen.c stable/9/crypto/openssh/openssh.xml.in - copied unchanged from r255774, head/crypto/openssh/openssh.xml.in stable/9/crypto/openssh/opensshd.init.in - copied unchanged from r255774, head/crypto/openssh/opensshd.init.in stable/9/crypto/openssh/poly1305.c - copied unchanged from r261320, head/crypto/openssh/poly1305.c stable/9/crypto/openssh/poly1305.h - copied unchanged from r261320, head/crypto/openssh/poly1305.h stable/9/crypto/openssh/regress/ - copied from r255774, head/crypto/openssh/regress/ stable/9/crypto/openssh/regress/dhgex.sh - copied unchanged from r263712, head/crypto/openssh/regress/dhgex.sh stable/9/crypto/openssh/regress/setuid-allowed.c - copied, changed from r261320, head/crypto/openssh/regress/setuid-allowed.c stable/9/crypto/openssh/regress/sftp-perm.sh - copied unchanged from r261320, head/crypto/openssh/regress/sftp-perm.sh stable/9/crypto/openssh/sandbox-capsicum.c (contents, props changed) - copied, changed from r261320, head/crypto/openssh/sandbox-capsicum.c stable/9/crypto/openssh/sandbox-seccomp-filter.c - copied, changed from r255422, head/crypto/openssh/sandbox-seccomp-filter.c stable/9/crypto/openssh/sc25519.c - copied unchanged from r261320, head/crypto/openssh/sc25519.c stable/9/crypto/openssh/sc25519.h - copied unchanged from r261320, head/crypto/openssh/sc25519.h stable/9/crypto/openssh/scp.0 - copied, changed from r255774, head/crypto/openssh/scp.0 stable/9/crypto/openssh/sftp-server.0 - copied, changed from r255774, head/crypto/openssh/sftp-server.0 stable/9/crypto/openssh/sftp.0 - copied, changed from r255774, head/crypto/openssh/sftp.0 stable/9/crypto/openssh/smult_curve25519_ref.c - copied unchanged from r261320, head/crypto/openssh/smult_curve25519_ref.c stable/9/crypto/openssh/ssh-add.0 - copied, changed from r255774, head/crypto/openssh/ssh-add.0 stable/9/crypto/openssh/ssh-agent.0 - copied, changed from r255774, head/crypto/openssh/ssh-agent.0 stable/9/crypto/openssh/ssh-ed25519.c - copied, changed from r261320, head/crypto/openssh/ssh-ed25519.c stable/9/crypto/openssh/ssh-keygen.0 - copied, changed from r255774, head/crypto/openssh/ssh-keygen.0 stable/9/crypto/openssh/ssh-keyscan.0 - copied, changed from r255774, head/crypto/openssh/ssh-keyscan.0 stable/9/crypto/openssh/ssh-keysign.0 - copied, changed from r255774, head/crypto/openssh/ssh-keysign.0 stable/9/crypto/openssh/ssh-pkcs11-helper.0 - copied, changed from r255774, head/crypto/openssh/ssh-pkcs11-helper.0 stable/9/crypto/openssh/ssh.0 - copied, changed from r255774, head/crypto/openssh/ssh.0 stable/9/crypto/openssh/ssh_config.0 - copied, changed from r255774, head/crypto/openssh/ssh_config.0 stable/9/crypto/openssh/sshd.0 - copied, changed from r255774, head/crypto/openssh/sshd.0 stable/9/crypto/openssh/sshd_config.0 - copied, changed from r255774, head/crypto/openssh/sshd_config.0 stable/9/crypto/openssh/survey.sh.in - copied unchanged from r255774, head/crypto/openssh/survey.sh.in stable/9/crypto/openssh/verify.c - copied unchanged from r261320, head/crypto/openssh/verify.c Deleted: stable/9/crypto/openssh/FREEBSD-tricks stable/9/crypto/openssh/auth2-jpake.c stable/9/crypto/openssh/jpake.c stable/9/crypto/openssh/jpake.h stable/9/crypto/openssh/openbsd-compat/bsd-arc4random.c stable/9/crypto/openssh/openbsd-compat/getopt.c stable/9/crypto/openssh/schnorr.h Modified: stable/9/Makefile.inc1 (contents, props changed) stable/9/crypto/openssh/ChangeLog stable/9/crypto/openssh/FREEBSD-upgrade stable/9/crypto/openssh/PROTOCOL stable/9/crypto/openssh/README stable/9/crypto/openssh/aclocal.m4 stable/9/crypto/openssh/addrmatch.c stable/9/crypto/openssh/atomicio.c stable/9/crypto/openssh/audit-linux.c stable/9/crypto/openssh/auth-chall.c stable/9/crypto/openssh/auth-krb5.c stable/9/crypto/openssh/auth-options.c stable/9/crypto/openssh/auth-pam.c stable/9/crypto/openssh/auth-rsa.c stable/9/crypto/openssh/auth.c stable/9/crypto/openssh/auth.h stable/9/crypto/openssh/auth1.c stable/9/crypto/openssh/auth2-chall.c stable/9/crypto/openssh/auth2-gss.c stable/9/crypto/openssh/auth2-hostbased.c stable/9/crypto/openssh/auth2-kbdint.c stable/9/crypto/openssh/auth2-passwd.c stable/9/crypto/openssh/auth2-pubkey.c stable/9/crypto/openssh/auth2.c stable/9/crypto/openssh/authfd.c stable/9/crypto/openssh/authfile.c stable/9/crypto/openssh/authfile.h stable/9/crypto/openssh/bufaux.c stable/9/crypto/openssh/bufbn.c stable/9/crypto/openssh/bufec.c stable/9/crypto/openssh/buffer.c stable/9/crypto/openssh/buffer.h stable/9/crypto/openssh/canohost.c stable/9/crypto/openssh/channels.c stable/9/crypto/openssh/channels.h stable/9/crypto/openssh/cipher-3des1.c stable/9/crypto/openssh/cipher-aes.c stable/9/crypto/openssh/cipher-ctr.c stable/9/crypto/openssh/cipher.c stable/9/crypto/openssh/cipher.h stable/9/crypto/openssh/clientloop.c stable/9/crypto/openssh/clientloop.h stable/9/crypto/openssh/compat.c stable/9/crypto/openssh/compat.h stable/9/crypto/openssh/config.guess stable/9/crypto/openssh/config.h stable/9/crypto/openssh/config.h.in stable/9/crypto/openssh/contrib/caldera/openssh.spec stable/9/crypto/openssh/contrib/cygwin/ssh-host-config stable/9/crypto/openssh/contrib/redhat/openssh.spec stable/9/crypto/openssh/contrib/ssh-copy-id.1 (contents, props changed) stable/9/crypto/openssh/contrib/suse/openssh.spec stable/9/crypto/openssh/defines.h stable/9/crypto/openssh/dh.c stable/9/crypto/openssh/dh.h stable/9/crypto/openssh/dns.c stable/9/crypto/openssh/groupaccess.c stable/9/crypto/openssh/gss-genr.c stable/9/crypto/openssh/gss-serv-krb5.c stable/9/crypto/openssh/gss-serv.c stable/9/crypto/openssh/hostfile.c stable/9/crypto/openssh/hostfile.h stable/9/crypto/openssh/includes.h stable/9/crypto/openssh/kex.c stable/9/crypto/openssh/kex.h stable/9/crypto/openssh/kexdh.c stable/9/crypto/openssh/kexdhc.c stable/9/crypto/openssh/kexdhs.c stable/9/crypto/openssh/kexecdh.c stable/9/crypto/openssh/kexecdhc.c stable/9/crypto/openssh/kexecdhs.c stable/9/crypto/openssh/kexgex.c stable/9/crypto/openssh/kexgexc.c stable/9/crypto/openssh/kexgexs.c stable/9/crypto/openssh/key.c stable/9/crypto/openssh/key.h stable/9/crypto/openssh/krl.c stable/9/crypto/openssh/log.c stable/9/crypto/openssh/log.h stable/9/crypto/openssh/loginrec.c stable/9/crypto/openssh/mac.c stable/9/crypto/openssh/mac.h stable/9/crypto/openssh/match.c stable/9/crypto/openssh/misc.c stable/9/crypto/openssh/misc.h stable/9/crypto/openssh/moduli.5 (contents, props changed) stable/9/crypto/openssh/moduli.c stable/9/crypto/openssh/monitor.c stable/9/crypto/openssh/monitor.h stable/9/crypto/openssh/monitor_mm.c stable/9/crypto/openssh/monitor_mm.h stable/9/crypto/openssh/monitor_wrap.c stable/9/crypto/openssh/monitor_wrap.h stable/9/crypto/openssh/mux.c (contents, props changed) stable/9/crypto/openssh/myproposal.h stable/9/crypto/openssh/openbsd-compat/bsd-cygwin_util.c stable/9/crypto/openssh/openbsd-compat/bsd-cygwin_util.h stable/9/crypto/openssh/openbsd-compat/bsd-misc.c stable/9/crypto/openssh/openbsd-compat/bsd-misc.h (contents, props changed) stable/9/crypto/openssh/openbsd-compat/bsd-poll.c stable/9/crypto/openssh/openbsd-compat/bsd-setres_id.c stable/9/crypto/openssh/openbsd-compat/bsd-snprintf.c stable/9/crypto/openssh/openbsd-compat/bsd-statvfs.c stable/9/crypto/openssh/openbsd-compat/bsd-statvfs.h stable/9/crypto/openssh/openbsd-compat/openbsd-compat.h stable/9/crypto/openssh/openbsd-compat/openssl-compat.c stable/9/crypto/openssh/openbsd-compat/openssl-compat.h stable/9/crypto/openssh/openbsd-compat/port-aix.c stable/9/crypto/openssh/openbsd-compat/port-linux.c stable/9/crypto/openssh/openbsd-compat/setproctitle.c stable/9/crypto/openssh/openbsd-compat/xcrypt.c stable/9/crypto/openssh/packet.c stable/9/crypto/openssh/packet.h stable/9/crypto/openssh/pathnames.h (contents, props changed) stable/9/crypto/openssh/pkcs11.h stable/9/crypto/openssh/platform.c stable/9/crypto/openssh/platform.h stable/9/crypto/openssh/progressmeter.c stable/9/crypto/openssh/readconf.c stable/9/crypto/openssh/readconf.h stable/9/crypto/openssh/readpass.c stable/9/crypto/openssh/regress/Makefile stable/9/crypto/openssh/regress/agent-ptrace.sh stable/9/crypto/openssh/regress/agent.sh stable/9/crypto/openssh/regress/cert-hostkey.sh stable/9/crypto/openssh/regress/cert-userkey.sh stable/9/crypto/openssh/regress/cipher-speed.sh stable/9/crypto/openssh/regress/forward-control.sh stable/9/crypto/openssh/regress/host-expand.sh stable/9/crypto/openssh/regress/integrity.sh stable/9/crypto/openssh/regress/kextype.sh stable/9/crypto/openssh/regress/keytype.sh stable/9/crypto/openssh/regress/krl.sh stable/9/crypto/openssh/regress/login-timeout.sh stable/9/crypto/openssh/regress/modpipe.c stable/9/crypto/openssh/regress/rekey.sh stable/9/crypto/openssh/regress/scp-ssh-wrapper.sh stable/9/crypto/openssh/regress/scp.sh stable/9/crypto/openssh/regress/sftp-chroot.sh stable/9/crypto/openssh/regress/test-exec.sh stable/9/crypto/openssh/regress/try-ciphers.sh stable/9/crypto/openssh/roaming_client.c stable/9/crypto/openssh/roaming_common.c stable/9/crypto/openssh/rsa.c stable/9/crypto/openssh/sandbox-darwin.c stable/9/crypto/openssh/sandbox-null.c stable/9/crypto/openssh/sandbox-rlimit.c stable/9/crypto/openssh/sandbox-systrace.c stable/9/crypto/openssh/schnorr.c stable/9/crypto/openssh/scp.1 (contents, props changed) stable/9/crypto/openssh/scp.c stable/9/crypto/openssh/servconf.c stable/9/crypto/openssh/servconf.h stable/9/crypto/openssh/serverloop.c stable/9/crypto/openssh/session.c stable/9/crypto/openssh/session.h stable/9/crypto/openssh/sftp-client.c stable/9/crypto/openssh/sftp-client.h stable/9/crypto/openssh/sftp-common.c (contents, props changed) stable/9/crypto/openssh/sftp-glob.c stable/9/crypto/openssh/sftp-server.8 stable/9/crypto/openssh/sftp-server.c stable/9/crypto/openssh/sftp.1 stable/9/crypto/openssh/sftp.c stable/9/crypto/openssh/ssh-add.1 (contents, props changed) stable/9/crypto/openssh/ssh-add.c stable/9/crypto/openssh/ssh-agent.1 stable/9/crypto/openssh/ssh-agent.c stable/9/crypto/openssh/ssh-dss.c stable/9/crypto/openssh/ssh-ecdsa.c stable/9/crypto/openssh/ssh-gss.h (contents, props changed) stable/9/crypto/openssh/ssh-keygen.1 stable/9/crypto/openssh/ssh-keygen.c stable/9/crypto/openssh/ssh-keyscan.1 stable/9/crypto/openssh/ssh-keyscan.c stable/9/crypto/openssh/ssh-keysign.8 (contents, props changed) stable/9/crypto/openssh/ssh-keysign.c stable/9/crypto/openssh/ssh-pkcs11-client.c stable/9/crypto/openssh/ssh-pkcs11-helper.8 (contents, props changed) stable/9/crypto/openssh/ssh-pkcs11-helper.c stable/9/crypto/openssh/ssh-pkcs11.c stable/9/crypto/openssh/ssh-rsa.c stable/9/crypto/openssh/ssh-sandbox.h stable/9/crypto/openssh/ssh.1 stable/9/crypto/openssh/ssh.c stable/9/crypto/openssh/ssh2.h stable/9/crypto/openssh/ssh_config stable/9/crypto/openssh/ssh_config.5 stable/9/crypto/openssh/ssh_namespace.h stable/9/crypto/openssh/sshconnect.c stable/9/crypto/openssh/sshconnect.h stable/9/crypto/openssh/sshconnect1.c stable/9/crypto/openssh/sshconnect2.c stable/9/crypto/openssh/sshd.8 stable/9/crypto/openssh/sshd.c stable/9/crypto/openssh/sshd_config stable/9/crypto/openssh/sshd_config.5 stable/9/crypto/openssh/sshlogin.c stable/9/crypto/openssh/sshlogin.h stable/9/crypto/openssh/uidswap.c stable/9/crypto/openssh/umac.c stable/9/crypto/openssh/umac.h stable/9/crypto/openssh/umac128.c stable/9/crypto/openssh/uuencode.c stable/9/crypto/openssh/version.h stable/9/crypto/openssh/xmalloc.c stable/9/crypto/openssh/xmalloc.h stable/9/etc/rc.d/sshd stable/9/secure/lib/libssh/Makefile stable/9/secure/libexec/sftp-server/Makefile stable/9/secure/libexec/ssh-keysign/Makefile stable/9/secure/libexec/ssh-pkcs11-helper/Makefile stable/9/secure/usr.bin/scp/Makefile stable/9/secure/usr.bin/sftp/Makefile stable/9/secure/usr.bin/ssh-add/Makefile stable/9/secure/usr.bin/ssh-agent/Makefile stable/9/secure/usr.bin/ssh-keygen/Makefile stable/9/secure/usr.bin/ssh-keyscan/Makefile stable/9/secure/usr.bin/ssh/Makefile stable/9/secure/usr.sbin/sshd/Makefile Directory Properties: stable/9/ (props changed) stable/9/bin/cat/ (props changed) stable/9/contrib/expat/ (props changed) stable/9/contrib/groff/ (props changed) stable/9/contrib/less/ (props changed) stable/9/contrib/one-true-awk/ (props changed) stable/9/contrib/openbsm/ (props changed) stable/9/contrib/tcpdump/ (props changed) stable/9/crypto/openssh/ (props changed) stable/9/etc/ (props changed) stable/9/etc/rc.d/ (props changed) stable/9/lib/libz/ (props changed) stable/9/secure/lib/libssh/ (props changed) stable/9/secure/libexec/ssh-keysign/ (props changed) stable/9/secure/usr.bin/ssh/ (props changed) stable/9/secure/usr.sbin/sshd/ (props changed) stable/9/usr.bin/less/ (props changed) stable/9/usr.bin/minigzip/ (props changed) stable/9/usr.bin/xinstall/ (props changed) stable/9/usr.sbin/makefs/ (props changed) stable/9/usr.sbin/tcpdump/ (props changed) Modified: stable/9/Makefile.inc1 ============================================================================== --- stable/9/Makefile.inc1 Mon Mar 31 14:27:22 2014 (r263969) +++ stable/9/Makefile.inc1 Mon Mar 31 14:39:56 2014 (r263970) @@ -1357,8 +1357,8 @@ _prebuild_libs= ${_kerberos5_lib_libasn1 ${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \ ${_cddl_lib_libzfs_core} \ lib/libutil ${_lib_libypclnt} lib/libz lib/msun \ - ${_secure_lib_libcrypto} ${_secure_lib_libssh} \ - ${_secure_lib_libssl} + ${_secure_lib_libcrypto} ${_lib_libldns} \ + ${_secure_lib_libssh} ${_secure_lib_libssl} .if ${MK_LIBTHR} != "no" _lib_libthr= lib/libthr Modified: stable/9/crypto/openssh/ChangeLog ============================================================================== --- stable/9/crypto/openssh/ChangeLog Mon Mar 31 14:27:22 2014 (r263969) +++ stable/9/crypto/openssh/ChangeLog Mon Mar 31 14:39:56 2014 (r263970) @@ -1,3056 +1,2887 @@ -20130510 - - (djm) OpenBSD CVS Cherrypick - - djm@cvs.openbsd.org 2013/04/11 02:27:50 - [packet.c] - quiet disconnect notifications on the server from error() back to logit() - if it is a normal client closure; bz#2057 ok+feedback dtucker@ - - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers for release. +20140313 + - (djm) Release OpenSSH 6.6 -20130404 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 - [readconf.c ssh.c readconf.h sshconnect2.c] - Keep track of which IndentityFile options were manually supplied and which - were default options, and don't warn if the latter are missing. - ok markus@ - - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 - [krl.c] - Remove bogus include. ok djm - - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 - [ssh.c readconf.c readconf.h] - Don't complain if IdentityFiles specified in system-wide configs are - missing. ok djm, deraadt. - - markus@cvs.openbsd.org 2013/02/22 19:13:56 - [sshconnect.c] - support ProxyCommand=- (stdin/out already point to the proxy); ok djm@ - - djm@cvs.openbsd.org 2013/02/22 22:09:01 - [ssh.c] - Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier - version) +20140304 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/03/03 22:22:30 + [session.c] + ignore enviornment variables with embedded '=' or '\0' characters; + spotted by Jann Horn; ok deraadt@ -20130401 - - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h - to avoid conflicting definitions of __int64, adding the required bits. - Patch from Corinna Vinschen. +20140301 + - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when + no moduli file exists at the expected location. + +20140228 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/02/27 00:41:49 + [bufbn.c] + fix unsigned overflow that could lead to reading a short ssh protocol + 1 bignum value; found by Ben Hawkes; ok deraadt@ + - djm@cvs.openbsd.org 2014/02/27 08:25:09 + [bufbn.c] + off by one in range check + - djm@cvs.openbsd.org 2014/02/27 22:47:07 + [sshd_config.5] + bz#2184 clarify behaviour of a keyword that appears in multiple + matching Match blocks; ok dtucker@ + - djm@cvs.openbsd.org 2014/02/27 22:57:40 + [version.h] + openssh-6.6 + - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 + [regress/sftp-chroot.sh] + Don't use -q on sftp as it suppresses logging, instead redirect the + output to the regress logfile. + - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 + [sregress/ftp-chroot.sh] + append to rather than truncating the log file + - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 + [regress/Makefile regress/dhgex.sh] + Add a test for DH GEX sizes + - djm@cvs.openbsd.org 2014/01/26 10:22:10 + [regress/cert-hostkey.sh] + automatically generate revoked keys from listed keys rather than + manually specifying each type; from portable + (Id sync only) + - djm@cvs.openbsd.org 2014/01/26 10:49:17 + [scp-ssh-wrapper.sh scp.sh] + make sure $SCP is tested on the remote end rather than whichever one + happens to be in $PATH; from portable + (Id sync only) + - djm@cvs.openbsd.org 2014/02/27 20:04:16 + [login-timeout.sh] + remove any existing LoginGraceTime from sshd_config before adding + a specific one for the test back in + - djm@cvs.openbsd.org 2014/02/27 21:21:25 + [agent-ptrace.sh agent.sh] + keep return values that are printed in error messages; + from portable + (Id sync only) + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Crank version numbers + - (djm) [regress/host-expand.sh] Add RCS Id -20120322 - - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil - Hands' greatly revised version. - - (djm) Release 6.2p1 +20140227 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/02/26 20:18:37 + [ssh.c] + bz#2205: avoid early hostname lookups unless canonicalisation is enabled; + ok dtucker@ markus@ + - djm@cvs.openbsd.org 2014/02/26 20:28:44 + [auth2-gss.c gss-serv.c ssh-gss.h sshd.c] + bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep + sandboxing, as running this code in the sandbox can cause violations; + ok markus@ + - djm@cvs.openbsd.org 2014/02/26 20:29:29 + [channels.c] + don't assume that the socks4 username is \0 terminated; + spotted by Ben Hawkes; ok markus@ + - markus@cvs.openbsd.org 2014/02/26 21:53:37 + [sshd.c] + ssh_gssapi_prepare_supported_oids needs GSSAPI -20120318 - - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] - [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's - so mark it as broken. Patch from des AT des.no +20140224 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/02/07 06:55:54 + [cipher.c mac.c] + remove some logging that makes ssh debugging output very verbose; + ok markus + - djm@cvs.openbsd.org 2014/02/15 23:05:36 + [channels.c] + avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; + bz#2200, debian#738692 via Colin Watson; ok dtucker@ + - djm@cvs.openbsd.org 2014/02/22 01:32:19 + [readconf.c] + when processing Match blocks, skip 'exec' clauses if previous predicates + failed to match; ok markus@ + - djm@cvs.openbsd.org 2014/02/23 20:03:42 + [ssh-ed25519.c] + check for unsigned overflow; not reachable in OpenSSH but others might + copy our code... + - djm@cvs.openbsd.org 2014/02/23 20:11:36 + [readconf.c readconf.h ssh.c ssh_config.5] + reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes + the hostname. This allows users to write configurations that always + refer to canonical hostnames, e.g. + + CanonicalizeHostname yes + CanonicalDomains int.example.org example.org + CanonicalizeFallbackLocal no + + Host *.int.example.org + Compression off + Host *.example.org + User djm + + ok markus@ -20120317 - - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none - of the bits the configure test looks for. +20140213 + - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat + code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex. -20120316 - - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform - is unable to successfully compile them. Based on patch from des AT - des.no - - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] - Add a usleep replacement for platforms that lack it; ok dtucker - - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to - occur after UID switch; patch from John Marshall via des AT des.no; +20140207 + - OpenBSD CVS Sync + - naddy@cvs.openbsd.org 2014/02/05 20:13:25 + [ssh-keygen.1 ssh-keygen.c] + tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ + while here, fix ordering in usage(); requested by jmc@ + - djm@cvs.openbsd.org 2014/02/06 22:21:01 + [sshconnect.c] + in ssh_create_socket(), only do the getaddrinfo for BindAddress when + BindAddress is actually specified. Fixes regression in 6.5 for + UsePrivilegedPort=yes; patch from Corinna Vinschen + +20140206 + - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL + before freeing since free(NULL) is a no-op. ok djm. + - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define + __NR_shutdown; some go via the socketcall(2) multiplexer. + +20140205 + - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by + headers/libc but not supported by the kernel. Patch from Loganaden + Velvindron @ AfriNIC + +20140204 + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2014/01/27 18:58:14 + [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] + replace openssl HMAC with an implementation based on our ssh_digest_* + ok and feedback djm@ + - markus@cvs.openbsd.org 2014/01/27 19:18:54 + [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c] + replace openssl MD5 with our ssh_digest_*; ok djm@ + - markus@cvs.openbsd.org 2014/01/27 20:13:46 + [digest.c digest-openssl.c digest-libc.c Makefile.in] + rename digest.c to digest-openssl.c and add libc variant; ok djm@ + - jmc@cvs.openbsd.org 2014/01/28 14:13:39 + [ssh-keyscan.1] + kill some bad Pa; + From: Jan Stary + - djm@cvs.openbsd.org 2014/01/29 00:19:26 + [sshd.c] + use kill(0, ...) instead of killpg(0, ...); on most operating systems + they are equivalent, but SUSv2 describes the latter as having undefined + behaviour; from portable; ok dtucker + (Id sync only; change is already in portable) + - djm@cvs.openbsd.org 2014/01/29 06:18:35 + [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] + [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] + [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] + remove experimental, never-enabled JPAKE code; ok markus@ + - jmc@cvs.openbsd.org 2014/01/29 14:04:51 + [sshd_config.5] + document kbdinteractiveauthentication; + requested From: Ross L Richardson + + dtucker/markus helped explain its workings; + - djm@cvs.openbsd.org 2014/01/30 22:26:14 + [sandbox-systrace.c] + allow shutdown(2) syscall in sandbox - it may be called by packet_close() + from portable + (Id sync only; change is already in portable) + - tedu@cvs.openbsd.org 2014/01/31 16:39:19 + [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] + [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] + [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] + [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] + [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] + replace most bzero with explicit_bzero, except a few that cna be memset + ok djm dtucker + - djm@cvs.openbsd.org 2014/02/02 03:44:32 + [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] + [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] + [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] + [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] + [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] + [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] + [sshd.c] + convert memset of potentially-private data to explicit_bzero() + - djm@cvs.openbsd.org 2014/02/03 23:28:00 + [ssh-ecdsa.c] + fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike + DSA_SIG_new. Reported by Batz Spear; ok markus@ + - djm@cvs.openbsd.org 2014/02/02 03:44:31 + [digest-libc.c digest-openssl.c] + convert memset of potentially-private data to explicit_bzero() + - djm@cvs.openbsd.org 2014/02/04 00:24:29 + [ssh.c] + delay lowercasing of hostname until right before hostname + canonicalisation to unbreak case-sensitive matching of ssh_config; + reported by Ike Devolder; ok markus@ + - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o + - (djm) [regress/setuid-allowed.c] Missing string.h for strerror() + +20140131 + - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) + syscall from sandboxes; it may be called by packet_close. + - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes + build with HP-UX's compiler. Patch from Kevin Brott. + - (tim) [Makefile.in] build regress/setuid-allow. + +20140130 + - (djm) [configure.ac] Only check for width-specified integer types + in headers that actually exist. patch from Tom G. Christensen; ok dtucker@ + - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering + different symbols for 'read' when various compiler flags are + in use, causing atomicio.c comparisons against it to break and + read/write operations to hang; ok dtucker + - (djm) Release openssh-6.5p1 + +20140129 + - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from + Tom G. Christensen -20120312 - - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] - Improve portability of cipher-speed test, based mostly on a patch from - Iain Morgan. - - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") - in addition to root as an owner of system directories on AIX and HP-UX. - ok djm@ - -20130307 - - (dtucker) [INSTALL] Bump documented autoconf version to what we're - currently using. - - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it - was removed in configure.ac rev 1.481 as it was redundant. - - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days - ago. - - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a - chance to complete on broken systems; ok dtucker@ - -20130306 - - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding - connection to start so that the test works on slower machines. - - (dtucker) [configure.ac] test that we can set number of file descriptors - to zero with setrlimit before enabling the rlimit sandbox. This affects - (at least) HPUX 11.11. - -20130305 - - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for - HP/UX. Spotted by Kevin Brott - - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by - Amit Kulkarni and Kevin Brott. - - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure - build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin - Brott. - - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. +20140128 + - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; + ok dtucker + - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the + latter being specified to have undefined behaviour in SUSv3; + ok dtucker + - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable + when used as an error message inside an if statement so we display the + correct into. agent.sh patch from Petr Lautrbach. + +20140127 + - (dtucker) [Makefile.in] Remove trailing backslash which some make + implementations (eg older Solaris) do not cope with. + +20140126 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 + [cipher.c cipher.h kex.c kex.h kexgexc.c] + Add a special case for the DH group size for 3des-cbc, which has an + effective strength much lower than the key size. This causes problems + with some cryptlib implementations, which don't support group sizes larger + than 4k but also don't use the largest group size it does support as + specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, + reduced by me with input from Markus. ok djm@ markus@ + - markus@cvs.openbsd.org 2014/01/25 20:35:37 + [kex.c] + dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) + ok dtucker@, noted by mancha + - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable + RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, + libc will attempt to open additional file descriptors for crypto + offload and crash if they cannot be opened. + - (djm) [configure.ac] correct AC_DEFINE for previous. + +20140125 + - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD + - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless + sys/capability.h exists and cap_rights_limit is in libc. Fixes + build on FreeBSD9x which provides the header but not the libc + support. + - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test + against the correct thing. -20130227 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers - - (tim) [regress/forward-control.sh] use sh in case login shell is csh. - - (tim) [regress/integrity.sh] shell portability fix. - - (tim) [regress/integrity.sh] keep old solaris awk from hanging. - - (tim) [regress/krl.sh] keep old solaris awk from hanging. +20140124 + - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make + the scp regress test actually test the built scp rather than the one + in $PATH. ok dtucker@ + +20140123 + - (tim) [session.c] Improve error reporting on set_id(). + - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously + incompatible with OpenBSD's despite post-dating it by more than a decade. + Declare it as broken, and document FreeBSD's as the same. ok djm@ + +20140122 + - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a + platform that is expected to use the reuse-argv style setproctitle + hack surprises us by providing a setproctitle in libc; ok dtucker + - (djm) [configure.ac] Unless specifically requested, only attempt + to build Position Independent Executables on gcc >= 4.x; ok dtucker + - (djm) [configure.ac aclocal.m4] More tests to detect fallout from + platform hardening options: include some long long int arithmatic + to detect missing support functions for -ftrapv in libgcc and + equivalents, actually test linking when -ftrapv is supplied and + set either both -pie/-fPIE or neither. feedback and ok dtucker@ + +20140121 + - (dtucker) [configure.ac] Make PIE a configure-time option which defaults + to on platforms where it's known to be reliably detected and off elsewhere. + Works around platforms such as FreeBSD 9.1 where it does not interop with + -ftrapv (it seems to work but fails when trying to link ssh). ok djm@ + - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time + tests in the configure output. ok djm. + - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced + with sftp chroot support. Move set_id call after chroot. + - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE + and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of + detecting toolchain-related problems; ok dtucker + +20140120 + - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos + implementation does not have krb5_cc_new_unique, similar to what we do + in auth-krb5.c. + - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that + skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@ + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/01/20 00:08:48 + [digest.c] + memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@ -20130226 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/02/20 08:27:50 - [integrity.sh] - Add an option to modpipe that warns if the modification offset it not - reached in it's stream and turn it on for t-integrity. This should catch - cases where the session is not fuzzed for being too short (cf. my last - "oops" commit) - - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage - for UsePAM=yes configuration +20140119 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 + [sftp-server.c] + fix log message statvfs. ok djm + - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 + [session.c] + explicitly define USE_PIPES to 1 to prevent redefinition warnings in + portable on platforms that use pipes for everything. From vinschen at + redhat. + - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 + [canohost.c addrmatch.c] + Cast socklen_t when comparing to size_t and use socklen_t to iterate over + the ip options, both to prevent signed/unsigned comparison warnings. + Patch from vinschen at redhat via portable openssh, begrudging ok deraadt. + - djm@cvs.openbsd.org 2014/01/19 04:48:08 + [ssh_config.5] + fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal + - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 + [addrmatch.c] + Cast the sizeof to socklen_t so it'll work even if the supplied len is + negative. Suggested by and ok djm, ok deraadt. -20130225 - - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed - to use Solaris native GSS libs. Patch from Pierre Ossman. +20140118 + - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch + from vinschen at redhat.com + - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function + declarations that stopped being included when we stopped including + <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at + redhat.com. + - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs, + optind) are defined in getopt.h already. Unfortunately they are defined as + "declspec(dllimport)" for historical reasons, because the GNU linker didn't + allow auto-import on PE/COFF targets way back when. The problem is the + dllexport attributes collide with the definitions in the various source + files in OpenSSH, which obviousy define the variables without + declspec(dllimport). The least intrusive way to get rid of these warnings + is to disable warnings for GCC compiler attributes when building on Cygwin. + Patch from vinschen at redhat.com. + - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the + return value check for cap_enter() consistent with the other uses in + FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. + +20140117 + - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain + hardening flags including -fstack-protector-strong. These default to on + if the toolchain supports them, but there is a configure-time knob + (--without-hardening) to disable them if necessary. ok djm@ + - (djm) [sftp-client.c] signed/unsigned comparison fix + - (dtucker) [loginrec.c] Cast to the types specfied in the format + specification to prevent warnings. + - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. + - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. + - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include + includes.h to pull in all of the compatibility stuff. + - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside + #ifdef HAVE_STDINT_H. + - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that + don't have them. + - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into + separate lines and alphabetize for easier diffing of changes. + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/01/17 00:21:06 + [sftp-client.c] + signed/unsigned comparison warning fix; from portable (Id sync only) + - dtucker@cvs.openbsd.org 2014/01/17 05:26:41 + [digest.c] + remove unused includes. ok djm@ + - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] + [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] + [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing + using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling + Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@ + - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c + openbsd-compat/openssl-compat.h] Add compatibility layer for older + openssl versions. ok djm@ + - (dtucker) Fix typo in #ifndef. + - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c + openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs + to be useful (and for the regression tests to pass) on platforms that + have statfs and fstatfs. ok djm@ + - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we + need them to cut down on the name collisions. + - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. + - (dtucker) [configure.ac] Have --without-hardening not turn off + stack-protector since that has a separate flag that's been around a while. + - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on + Solaris. + - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after + they're defined if we have to define them ourselves. Fixes builds on old + AIX. -20130223 - - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer - bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. - ok tim +20140118 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/01/16 07:31:09 + [sftp-client.c] + needless and incorrect cast to size_t can break resumption of + large download; patch from tobias@ + - djm@cvs.openbsd.org 2014/01/16 07:32:00 + [version.h] + openssh-6.5 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Crank RPM spec version numbers. + - (djm) [README] update release notes URL. -20130222 - - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to - ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. - - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named - libgss too. Patch from Pierre Ossman, ok djm. - - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux - seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; - ok dtucker +20140112 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/01/10 05:59:19 + [sshd_config] + the /etc/ssh/ssh_host_ed25519_key is loaded by default too + - djm@cvs.openbsd.org 2014/01/12 08:13:13 + [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] + [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] + avoid use of OpenSSL BIGNUM type and functions for KEX with + Curve25519 by adding a buffer_put_bignum2_from_string() that stores + a string using the bignum encoding rules. Will make it easier to + build a reduced-feature OpenSSH without OpenSSL in the future; + ok markus@ -20130221 - - (tim) [regress/forward-control.sh] shell portability fix. +20140110 + - (djm) OpenBSD CVS Sync + - tedu@cvs.openbsd.org 2014/01/04 17:50:55 + [mac.c monitor_mm.c monitor_mm.h xmalloc.c] + use standard types and formats for size_t like variables. ok dtucker + - guenther@cvs.openbsd.org 2014/01/09 03:26:00 + [sftp-common.c] + When formating the time for "ls -l"-style output, show dates in the future + with the year, and rearrange a comparison to avoid a potentional signed + arithmetic overflow that would give the wrong result. + ok djm@ + - djm@cvs.openbsd.org 2014/01/09 23:20:00 + [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] + [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] + [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] + [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] + Introduce digest API and use it to perform all hashing operations + rather than calling OpenSSL EVP_Digest* directly. Will make it easier + to build a reduced-feature OpenSSH without OpenSSL in future; + feedback, ok markus@ + - djm@cvs.openbsd.org 2014/01/09 23:26:48 + [sshconnect.c sshd.c] + ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, + deranged and might make some attacks on KEX easier; ok markus@ -20130220 - - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. - - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded - err.h include from krl.c. Additional portability fixes for modpipe. OK djm - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/02/20 08:27:50 - [regress/integrity.sh regress/modpipe.c] - Add an option to modpipe that warns if the modification offset it not - reached in it's stream and turn it on for t-integrity. This should catch - cases where the session is not fuzzed for being too short (cf. my last - "oops" commit) - - djm@cvs.openbsd.org 2013/02/20 08:29:27 - [regress/modpipe.c] - s/Id/OpenBSD/ in RCS tag +20140108 + - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@ -20130219 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/02/18 22:26:47 - [integrity.sh] - crank the offset yet again; it was still fuzzing KEX one of Darren's - portable test hosts at 2800 - - djm@cvs.openbsd.org 2013/02/19 02:14:09 - [integrity.sh] - oops, forgot to increase the output of the ssh command to ensure that - we actually reach $offset - - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that - lack support for SHA2. - - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms - that do not have them. +20131231 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2013/12/30 23:52:28 + [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] + [sshconnect.c sshconnect2.c sshd.c] + refuse RSA keys from old proprietary clients/servers that use the + obsolete RSA+MD5 signature scheme. it will still be possible to connect + with these clients/servers but only DSA keys will be accepted, and we'll + deprecate them entirely in a future release. ok markus@ + +20131229 + - (djm) [loginrec.c] Check for username truncation when looking up lastlog + entries + - (djm) [regress/Makefile] Add some generated files for cleaning + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2013/12/19 00:10:30 + [ssh-add.c] + skip requesting smartcard PIN when removing keys from agent; bz#2187 + patch from jay AT slushpupie.com; ok dtucker + - dtucker@cvs.openbsd.org 2013/12/19 00:19:12 + [serverloop.c] + Cast client_alive_interval to u_int64_t before assinging to + max_time_milliseconds to avoid potential integer overflow in the timeout. + bz#2170, patch from Loganaden Velvindron, ok djm@ + - djm@cvs.openbsd.org 2013/12/19 00:27:57 + [auth-options.c] + simplify freeing of source-address certificate restriction + - djm@cvs.openbsd.org 2013/12/19 01:04:36 + [channels.c] + bz#2147: fix multiple remote forwardings with dynamically assigned + listen ports. In the s->c message to open the channel we were sending + zero (the magic number to request a dynamic port) instead of the actual + listen port. The client therefore had no way of discriminating between + them. + + Diagnosis and fix by ronf AT timeheart.net + - djm@cvs.openbsd.org 2013/12/19 01:19:41 + [ssh-agent.c] + bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent + that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; + ok dtucker + - djm@cvs.openbsd.org 2013/12/19 22:57:13 + [poly1305.c poly1305.h] + use full name for author, with his permission + - tedu@cvs.openbsd.org 2013/12/21 07:10:47 + [ssh-keygen.1] + small typo + - djm@cvs.openbsd.org 2013/12/27 22:30:17 + [ssh-dss.c ssh-ecdsa.c ssh-rsa.c] + make the original RSA and DSA signing/verification code look more like + the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type + rather than tediously listing all variants, use __func__ for debug/ + error messages + - djm@cvs.openbsd.org 2013/12/27 22:37:18 + [ssh-rsa.c] + correct comment + - djm@cvs.openbsd.org 2013/12/29 02:28:10 + [key.c] + allow ed25519 keys to appear as certificate authorities + - djm@cvs.openbsd.org 2013/12/29 02:37:04 + [key.c] + correct comment for key_to_certified() + - djm@cvs.openbsd.org 2013/12/29 02:49:52 + [key.c] + correct comment for key_drop_cert() + - djm@cvs.openbsd.org 2013/12/29 04:20:04 + [key.c] + to make sure we don't omit any key types as valid CA keys again, + factor the valid key type check into a key_type_is_valid_ca() + function + - djm@cvs.openbsd.org 2013/12/29 04:29:25 + [authfd.c] + allow deletion of ed25519 keys from the agent + - djm@cvs.openbsd.org 2013/12/29 04:35:50 + [authfile.c] + don't refuse to load Ed25519 certificates + - djm@cvs.openbsd.org 2013/12/29 05:42:16 + [ssh.c] + don't forget to load Ed25519 certs too + - djm@cvs.openbsd.org 2013/12/29 05:57:02 + [sshconnect.c] + when showing other hostkeys, don't forget Ed25519 keys -20130217 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/02/17 23:16:55 - [integrity.sh] - make the ssh command generates some output to ensure that there are at - least offset+tries bytes in the stream. +20131221 + - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. -20130216 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/02/16 06:08:45 - [integrity.sh] - make sure the fuzz offset is actually past the end of KEX for all KEX - types. diffie-hellman-group-exchange-sha256 requires an offset around - 2700. Noticed via test failures in portable OpenSSH on platforms that - lack ECC and this the more byte-frugal ECDH KEX algorithms. +20131219 + - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions + greater than 11 either rather than just 11. Patch from Tomas Kuthan. + - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item(). + Patch from Loganaden Velvindron. -20130215 - - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from - Iain Morgan - - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] - Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). - - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c - openbsd-compat/openbsd-compat.h] Add strtoull to compat library for - platforms that don't have it. - - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, - group strto* function prototypes together. - - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes - an argument. Pointed out by djm. +20131218 - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/02/14 21:35:59 - [auth2-pubkey.c] - Correct error message that had a typo and was logging the wrong thing; - patch from Petr Lautrbach - - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 - [sshconnect2.c] - Warn more loudly if an IdentityFile provided by the user cannot be read. - bz #1981, ok djm@ + - djm@cvs.openbsd.org 2013/12/07 08:08:26 + [ssh-keygen.1] + document -a and -o wrt new key format + - naddy@cvs.openbsd.org 2013/12/07 11:58:46 + [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] + [ssh_config.5 sshd.8 sshd_config.5] + add missing mentions of ed25519; ok djm@ + - dtucker@cvs.openbsd.org 2013/12/08 09:53:27 + [sshd_config.5] + Use a literal for the default value of KEXAlgorithms. ok deraadt jmc + - markus@cvs.openbsd.org 2013/12/09 11:03:45 + [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] + [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] + Add Authors for the public domain ed25519/nacl code. + see also http://nacl.cr.yp.to/features.html + All of the NaCl software is in the public domain. + and http://ed25519.cr.yp.to/software.html + The Ed25519 software is in the public domain. + - markus@cvs.openbsd.org 2013/12/09 11:08:17 + [crypto_api.h] + remove unused defines + - pascal@cvs.openbsd.org 2013/12/15 18:17:26 + [ssh-add.c] + Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page. + ok markus@ + - djm@cvs.openbsd.org 2013/12/15 21:42:35 + [cipher-chachapoly.c] + add some comments and constify a constant + - markus@cvs.openbsd.org 2013/12/17 10:36:38 + [crypto_api.h] + I've assempled the header file by cut&pasting from generated headers + and the source files. + +20131208 + - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna + Vinschen + - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh] + [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid + filesystem before running agent-ptrace.sh; ok dtucker -20130214 - - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. - - (djm) [regress/krl.sh] typo; found by Iain Morgan - - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead - of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by - Iain Morgan +20131207 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2013/12/05 22:59:45 + [sftp-client.c] + fix memory leak in error path in do_readdir(); pointed out by + Loganaden Velvindron @ AfriNIC in bz#2163 + - djm@cvs.openbsd.org 2013/12/06 03:40:51 + [ssh-keygen.c] + remove duplicated character ('g') in getopt() string; + document the (few) remaining option characters so we don't have to + rummage next time. + - markus@cvs.openbsd.org 2013/12/06 13:30:08 + [authfd.c key.c key.h ssh-agent.c] + move private key (de)serialization to key.c; ok djm + - markus@cvs.openbsd.org 2013/12/06 13:34:54 + [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] + [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by + default; details in PROTOCOL.key; feedback and lots help from djm; + ok djm@ + - markus@cvs.openbsd.org 2013/12/06 13:39:49 + [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] + [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] + [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] + [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] + [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] + support ed25519 keys (hostkeys and user identities) using the public + domain ed25519 reference code from SUPERCOP, see + http://ed25519.cr.yp.to/software.html + feedback, help & ok djm@ + - jmc@cvs.openbsd.org 2013/12/06 15:29:07 + [sshd.8] + missing comma; + - djm@cvs.openbsd.org 2013/12/07 00:19:15 + [key.c] + set k->cert = NULL after freeing it + - markus@cvs.openbsd.org 2013/12/06 13:52:46 + [regress/Makefile regress/agent.sh regress/cert-hostkey.sh] + [regress/cert-userkey.sh regress/keytype.sh] + test ed25519 support; from djm@ + - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] + [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents + - (djm) [Makefile.in] Add ed25519 sources + - (djm) [authfile.c] Conditionalise inclusion of util.h + - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c] + [openbsd-compat/blf.h openbsd-compat/blowfish.c] + [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in + portable. + - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in] + [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on + Linux + - (djm) [regress/cert-hostkey.sh] Fix merge botch + - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from + Loganaden Velvindron @ AfriNIC in bz#2179 -20130212 +20131205 - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2013/01/24 21:45:37 - [krl.c] - fix handling of (unused) KRL signatures; skip string in correct buffer - - djm@cvs.openbsd.org 2013/01/24 22:08:56 - [krl.c] - skip serial lookup when cert's serial number is zero - - krw@cvs.openbsd.org 2013/01/25 05:00:27 - [krl.c] - Revert last. Breaks due to likely typo. Let djm@ fix later. - ok djm@ via dlg@ - - djm@cvs.openbsd.org 2013/01/25 10:22:19 - [krl.c] - redo last commit without the vi-vomit that snuck in: - skip serial lookup when cert's serial number is zero - (now with 100% better comment) - - djm@cvs.openbsd.org 2013/01/26 06:11:05 - [Makefile.in acss.c acss.h cipher-acss.c cipher.c] - [openbsd-compat/openssl-compat.h] - remove ACSS, now that it is gone from libcrypto too - - djm@cvs.openbsd.org 2013/01/27 10:06:12 - [krl.c] - actually use the xrealloc() return value; spotted by xi.wang AT gmail.com - - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 - [servconf.c sshd_config sshd_config.5] - Change default of MaxStartups to 10:30:100 to start doing random early - drop at 10 connections up to 100 connections. This will make it harder - to DoS as CPUs have come a long way since the original value was set - back in 2000. Prompted by nion at debian org, ok markus@ - - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 - [auth.c] - Fix comment, from jfree.e1 at gmail - - djm@cvs.openbsd.org 2013/02/08 00:41:12 - [sftp.c] - fix NULL deref when built without libedit and control characters - entered as command; debugging and patch from Iain Morgan an - Loganaden Velvindron in bz#1956 - - markus@cvs.openbsd.org 2013/02/10 21:19:34 - [version.h] - openssh 6.2 - - djm@cvs.openbsd.org 2013/02/10 23:32:10 - [ssh-keygen.c] - append to moduli file when screening candidates rather than overwriting. - allows resumption of interrupted screen; patch from Christophe Garault - in bz#1957; ok dtucker@ - - djm@cvs.openbsd.org 2013/02/10 23:35:24 - [packet.c] - record "Received disconnect" messages at ERROR rather than INFO priority, - since they are abnormal and result in a non-zero ssh exit status; patch - from Iain Morgan in bz#2057; ok dtucker@ - - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 + - jmc@cvs.openbsd.org 2013/11/21 08:05:09 + [ssh_config.5 sshd_config.5] + no need for .Pp before displays; + - deraadt@cvs.openbsd.org 2013/11/25 18:04:21 + [ssh.1 ssh.c] + improve -Q usage and such. One usage change is that the option is now + case-sensitive + ok dtucker markus djm + - jmc@cvs.openbsd.org 2013/11/26 12:14:54 + [ssh.1 ssh.c] + - put -Q in the right place + - Ar was a poor choice for the arguments to -Q. i've chosen an + admittedly equally poor Cm, at least consistent with the rest + of the docs. also no need for multiple instances + - zap a now redundant Nm + - usage() sync + - deraadt@cvs.openbsd.org 2013/11/26 19:15:09 + [pkcs11.h] + cleanup 1 << 31 idioms. Resurrection of this issue pointed out by + Eitan Adler ok markus for ssh, implies same change in kerberosV + - djm@cvs.openbsd.org 2013/12/01 23:19:05 + [PROTOCOL] + mention curve25519-sha256@libssh.org key exchange algorithm + - djm@cvs.openbsd.org 2013/12/02 02:50:27 + [PROTOCOL.chacha20poly1305] + typo; from Jon Cave + - djm@cvs.openbsd.org 2013/12/02 02:56:17 + [ssh-pkcs11-helper.c] + use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC + - djm@cvs.openbsd.org 2013/12/02 03:09:22 + [key.c] + make key_to_blob() return a NULL blob on failure; part of + bz#2175 from Loganaden Velvindron @ AfriNIC + - djm@cvs.openbsd.org 2013/12/02 03:13:14 + [cipher.c] + correct bzero of chacha20+poly1305 key context. bz#2177 from + Loganaden Velvindron @ AfriNIC + + Also make it a memset for consistency with the rest of cipher.c + - djm@cvs.openbsd.org 2013/12/04 04:20:01 + [sftp-client.c] + bz#2171: don't leak local_fd on error; from Loganaden Velvindron @ + AfriNIC + - djm@cvs.openbsd.org 2013/12/05 01:16:41 + [servconf.c servconf.h] + bz#2161 - fix AuthorizedKeysCommand inside a Match block and + rearrange things so the same error is harder to make next time; + with and ok dtucker@ + - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct + -L location for libedit. Patch from Serge van den Boom. + +20131121 + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2013/11/08 11:15:19 + [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c] + [uidswap.c] Include stdlib.h for free() as per the man page. + - markus@cvs.openbsd.org 2013/11/13 13:48:20 + [ssh-pkcs11.c] + add missing braces found by pedro + - djm@cvs.openbsd.org 2013/11/20 02:19:01 [sshd.c] - Add openssl version to debug output similar to the client. ok markus@ - - djm@cvs.openbsd.org 2013/02/11 23:58:51 + delay closure of in/out fds until after "Bad protocol version + identification..." message, as get_remote_ipaddr/get_remote_port + require them open. + - deraadt@cvs.openbsd.org 2013/11/20 20:53:10 + [scp.c] + unsigned casts for ctype macros where neccessary + ok guenther millert markus + - deraadt@cvs.openbsd.org 2013/11/20 20:54:10 + [canohost.c clientloop.c match.c readconf.c sftp.c] + unsigned casts for ctype macros where neccessary + ok guenther millert markus + - djm@cvs.openbsd.org 2013/11/21 00:45:44 + [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] + [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] + [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] + [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport + cipher "chacha20-poly1305@openssh.com" that combines Daniel + Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an + authenticated encryption mode. + *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403311439.s2VEdvlR025063>