[mux.c ssh.c]
reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
previously we were always returning 0. bz#2255 reported by Brendan
Germain; ok dtucker
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
[clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
[readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
[ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
[sshd_config.5 sshlogin.c]
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
[sandbox-systrace.c]
Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking,
update your kernels and sshd soon.. libc will start using sendsyslog()
in about 4 days.
[multiplex.sh test-exec.sh]
add a hook to the cleanup() function to kill $SSH_PID if it is set
use it to kill the mux master started in multiplex.sh (it was being left
around on fatal failures)
[servconf.c servconf.h session.c sshd.8 sshd_config.5]
Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option;
bz#2160; ok markus@
[channels.c]
allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
GatewayPorts=no; allows client to choose address family;
bz#2222 ok markus@
[sshconnect.c]
when rekeying, skip file/DNS lookup if it is the same as the key sent
during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
[cipher-chachapoly.c]
Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this
makes it easier to verify that chacha_encrypt_bytes() is only called once
per chacha_ivsetup() call.
ok djm@
[auth.c auth.h auth1.c auth2.c]
make the "Too many authentication failures" message include the
user, source address, port and protocol in a format similar to the
authentication success / failure messages; bz#2199, ok dtucker
[ssh.c ssh_config.5]
Add a %C escape sequence for LocalCommand and ControlPath that expands
to a unique identifer based on a has of the tuple of (local host,
remote user, hostname, port).
Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
control paths.
bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
[ssh-keygen.c]
When hashing or removing hosts using ssh-keygen, don't choke on
@revoked markers and don't remove @cert-authority markers;
bz#2241, reported by mlindgren AT runelind.net
[gss-serv.c session.c ssh-keygen.c]
standardise on NI_MAXHOST for gethostname() string lengths; about
1/2 the cases were using it already. Fixes bz#2239 en passant
[digest-openssl.c]
use EVP_Digest() for one-shot hash instead of creating, updating,
finalising and destroying a context.
bz#2231, based on patch from Timo Teras
[ssh-add.c]
make stdout line-buffered; saves partial output getting lost when
ssh-add fatal()s part-way through (e.g. when listing keys from an
agent that supports key types that ssh-add doesn't);
bz#2234, reported by Phil Pennock
[ssh-agent.c]
Only cleanup agent socket in the main agent process and not in any
subprocesses it may have started (e.g. forked askpass). Fixes
agent sockets being zapped when askpass processes fatal();
bz#2236 patch from Dmitry V. Levin
[key.c]
suppress spurious error message when loading key with a passphrase;
reported by kettenis@ ok markus@
- djm@cvs.openbsd.org 2014/07/02 04:59:06
[cipher-3des1.c]
fix ssh protocol 1 on the server that regressed with the sshkey change
(sometimes fatal() after auth completed), make file return useful status
codes.
NB. Id sync only for these two. They were bundled into the sshkey merge
above, since it was easier to sync the entire file and then apply
portable-specific changed atop it.
Darren Tucker
Damien Miller