]> andersk Git - gssapi-openssh.git/blame - openssh/ChangeLog
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import of OpenSSH 4.9p1
[gssapi-openssh.git] / openssh / ChangeLog
CommitLineData
47686178 120080327
2 - (dtucker) Cache selinux status earlier so we know if it's enabled after a
3 chroot. Allows ChrootDirectory to work with selinux support compiled in
4 but not enabled. Using it with selinux enabled will require some selinux
5 support inside the chroot. "looks sane" djm@
6 - (djm) Fix RCS ident in sftp-server-main.c
7 - (djm) OpenBSD CVS sync:
8 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
9 [ssh.1 sshd.8 sshd_config.5]
10 bump Mdocdate for pages committed in "febuary", necessary because
11 of a typo in rcs.c;
12 - deraadt@cvs.openbsd.org 2008/03/13 01:49:53
13 [monitor_fdpass.c]
14 Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
15 an extensive discussion with otto, kettenis, millert, and hshoexer
16 - deraadt@cvs.openbsd.org 2008/03/15 16:19:02
17 [monitor_fdpass.c]
18 Repair the simple cases for msg_controllen where it should just be
19 CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
20 of alignment; ok kettenis hshoexer
21 - djm@cvs.openbsd.org 2008/03/23 12:54:01
22 [sftp-client.c]
23 prefer POSIX-style file renaming over filexfer rename behaviour if the
24 server supports the posix-rename@openssh.com extension.
25 Note that the old (filexfer) behaviour would refuse to clobber an
26 existing file. Users who depended on this should adjust their sftp(1)
27 usage.
28 ok deraadt@ markus@
29 - deraadt@cvs.openbsd.org 2008/03/24 16:11:07
30 [monitor_fdpass.c]
31 msg_controllen has to be CMSG_SPACE so that the kernel can account for
32 each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
33 works now that kernel fd passing has been fixed to accept a bit of
34 sloppiness because of this ABI repair.
35 lots of discussion with kettenis
36 - djm@cvs.openbsd.org 2008/03/25 11:58:02
37 [session.c sshd_config.5]
38 ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
39 from dtucker@ ok deraadt@ djm@
40 - djm@cvs.openbsd.org 2008/03/25 23:01:41
41 [session.c]
42 last patch had backwards test; spotted by termim AT gmail.com
43 - djm@cvs.openbsd.org 2008/03/26 21:28:14
44 [auth-options.c auth-options.h session.c sshd.8]
45 add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
46 - djm@cvs.openbsd.org 2008/03/27 00:16:49
47 [version.h]
48 openssh-4.9
49 - djm@cvs.openbsd.org 2008/03/24 21:46:54
50 [regress/sftp-badcmds.sh]
51 disable no-replace rename test now that we prefer a POSIX rename; spotted
52 by dkrause@
53 - (djm) [configure.ac] fix alignment of --without-stackprotect description
54 - (djm) [configure.ac] --with-selinux too
55 - (djm) [regress/Makefile] cleanup PuTTY interop test droppings
56 - (djm) [README] Update link to release notes
57 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
58 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
59 - (djm) Release 4.9p1
60
6120080315
62 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
63 empty; report and patch from Peter Stuge
64 - (djm) [regress/test-exec.sh] Silence noise from detection of putty
65 commands; report from Peter Stuge
66 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
67 crashes when used with ChrootDirectory
68
6920080314
70 - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
71 vinschen at redhat.com. Add () to put echo commands in subshell for lls test
72 I mistakenly left out of last commit.
73 - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at
74 nas.nasa.gov
75
7620080313
77 - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
78 self: make changes to Makefile.in next time, not the generated Makefile).
79 - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
80 puttygen(1) by $PATH
81 - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
82 by vinschen at redhat.com.
83 - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes
84 from vinschen at redhat.com and imorgan at nas.nasa.gov
85
8620080312
87 - (djm) OpenBSD CVS Sync
88 - dtucker@cvs.openbsd.org 2007/10/29 06:57:13
89 [regress/Makefile regress/localcommand.sh]
90 Add simple regress test for LocalCommand; ok djm@
91 - jmc@cvs.openbsd.org 2007/11/25 15:35:09
92 [regress/agent-getpeereid.sh regress/agent.sh]
93 more existant -> existent, from Martynas Venckus;
94 pfctl changes: ok henning
95 ssh changes: ok deraadt
96 - djm@cvs.openbsd.org 2007/12/12 05:04:03
97 [regress/sftp-cmds.sh]
98 unbreak lls command and add a regress test that would have caught the
99 breakage; spotted by mouring@
100 NB. sftp code change already committed.
101 - djm@cvs.openbsd.org 2007/12/21 04:13:53
102 [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
103 [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
104 basic (crypto, kex and transfer) interop regression tests against putty
105 To run these, install putty and run "make interop-tests" from the build
106 directory - the tests aren't run by default yet.
107
10820080311
109 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
110 pam_open_session and pam_close_session into the privsep monitor, which
111 will ensure that pam_session_close is called as root. Patch from Tomas
112 Mraz.
113
11420080309
115 - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
116 always work for all platforms and versions, so test what we can and
117 add a configure flag to turn it of if needed. ok djm@
118 - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
119 implementation. It's not needed to fix bug #1081 and breaks the build
120 on some AIX configurations.
121 - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
122 equivalent of LLONG_MAX for the compat regression tests, which makes them
123 run on AIX and HP-UX. Patch from David Leonard.
124 - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
125 platforms where gcc understands the option but it's not supported (and
126 thus generates a warning).
127
12820080307
129 - (djm) OpenBSD CVS Sync
130 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
131 [ssh.1 sshd.8 sshd_config.5]
132 bump Mdocdate for pages committed in "febuary", necessary because
133 of a typo in rcs.c;
134 - djm@cvs.openbsd.org 2008/02/13 22:38:17
135 [servconf.h session.c sshd.c]
136 rekey arc4random and OpenSSL RNG in postauth child
137 closefrom fds > 2 before shell/command execution
138 ok markus@
139 - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
140 [sshd.c]
141 When started in configuration test mode (-t) do not check that sshd is
142 being started with an absolute path.
143 ok djm
144 - markus@cvs.openbsd.org 2008/02/20 15:25:26
145 [session.c]
146 correct boolean encoding for coredump; der Mouse via dugsong
147 - djm@cvs.openbsd.org 2008/02/22 05:58:56
148 [session.c]
149 closefrom() call was too early, delay it until just before we execute
150 the user's rc files (if any).
151 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02
152 [clientloop.c packet.c packet.h serverloop.c]
153 Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
154 keepalive timer (bz #1307). ok markus@
155 - djm@cvs.openbsd.org 2008/02/27 20:21:15
156 [sftp-server.c]
157 add an extension method "posix-rename@openssh.com" to perform POSIX atomic
158 rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
159 ok dtucker@ markus@
160 - deraadt@cvs.openbsd.org 2008/03/02 18:19:35
161 [monitor_fdpass.c]
162 use a union to ensure alignment of the cmsg (pay attention: various other
163 parts of the tree need this treatment too); ok djm
164 - deraadt@cvs.openbsd.org 2008/03/04 21:15:42
165 [version.h]
166 crank version; from djm
167 - (tim) [regress/sftp-glob.sh] Shell portability fix.
168
16920080302
170 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
171 either, so use our own.
172
17320080229
174 - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
175 configure (and there's not much point, as openssh won't work without it)
176 so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
177 built in. Remove HAVE_SELECT so we can build on platforms without poll.
178 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.
179 - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From
180 Debian patch via bernd AT openbsd.org
181
18220080228
183 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
184 linking problems on AIX with gcc 4.1.x.
185 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
186 openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
187 header to after OpenSSL headers, since some versions of OpenSSL have
188 SSLeay_add_all_algorithms as a macro already.
189 - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
190 compat glue into openssl-compat.h.
191 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
192 getgrouplist via getgrset on AIX, rather than iterating over getgrent.
193 This allows, eg, Match and AllowGroups directives to work with NIS and
194 LDAP groups.
195 - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the
196 same SyslogFacility as the rest of sshd. Patch from William Knox,
197 ok djm@.
198
19920080225
200 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
201 since it now conflicts with the helper function in misc.c. From
202 vinschen AT redhat.com.
203 - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
204 of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
205 Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
206 - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle
207 headers so ./configure --with-ssl-engine actually works. Patch from
208 Ian Lister.
209
21020080224
211 - (tim) [contrib/cygwin/ssh-host-config]
212 Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
213 Check more thoroughly that it's possible to create the /var/empty directory.
214 Patch by vinschen AT redhat.com
215
21620080210
217 - OpenBSD CVS Sync
218 - chl@cvs.openbsd.org 2008/01/11 07:22:28
219 [sftp-client.c sftp-client.h]
220 disable unused functions
221 initially from tobias@, but disabled them by placing them in
222 "#ifdef notyet" which was asked by djm@
223 ok djm@ tobias@
224 - djm@cvs.openbsd.org 2008/01/19 19:13:28
225 [ssh.1]
226 satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
227 some commandline parsing warnings go unconditionally to stdout).
228 - djm@cvs.openbsd.org 2008/01/19 20:48:53
229 [clientloop.c]
230 fd leak on session multiplexing error path. Report and patch from
231 gregory_shively AT fanniemae.com
232 - djm@cvs.openbsd.org 2008/01/19 20:51:26
233 [ssh.c]
234 ignore SIGPIPE in multiplex client mode - we can receive this if the
235 server runs out of fds on us midway. Report and patch from
236 gregory_shively AT fanniemae.com
237 - djm@cvs.openbsd.org 2008/01/19 22:04:57
238 [sftp-client.c]
239 fix remote handle leak in do_download() local file open error path;
240 report and fix from sworley AT chkno.net
241 - djm@cvs.openbsd.org 2008/01/19 22:22:58
242 [ssh-keygen.c]
243 when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
244 hash just the specified hostname and not the entire hostspec from the
245 keyfile. It may be of the form "hostname,ipaddr", which would lead to
246 a hash that never matches. report and fix from jp AT devnull.cz
247 - djm@cvs.openbsd.org 2008/01/19 22:37:19
248 [ssh-keygen.c]
249 unbreak line numbering (broken in revision 1.164), fix error message
250 - djm@cvs.openbsd.org 2008/01/19 23:02:40
251 [channels.c]
252 When we added support for specified bind addresses for port forwards, we
253 added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
254 this for -L port forwards that causes the client to listen on both v4
255 and v6 addresses when connected to a server with this quirk, despite
256 having set 0.0.0.0 as a bind_address.
257 report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
258 - djm@cvs.openbsd.org 2008/01/19 23:09:49
259 [readconf.c readconf.h sshconnect2.c]
260 promote rekeylimit to a int64 so it can hold the maximum useful limit
261 of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
262 - djm@cvs.openbsd.org 2008/01/20 00:38:30
263 [sftp.c]
264 When uploading, correctly handle the case of an unquoted filename with
265 glob metacharacters that match a file exactly but not as a glob, e.g. a
266 file called "[abcd]". report and test cases from duncan2nd AT gmx.de
267 - djm@cvs.openbsd.org 2008/01/21 17:24:30
268 [sftp-server.c]
269 Remove the fixed 100 handle limit in sftp-server and allocate as many
270 as we have available file descriptors. Patch from miklos AT szeredi.hu;
271 ok dtucker@ markus@
272 - djm@cvs.openbsd.org 2008/01/21 19:20:17
273 [sftp-client.c]
274 when a remote write error occurs during an upload, ensure that ACKs for
275 all issued requests are properly drained. patch from t8m AT centrum.cz
276 - dtucker@cvs.openbsd.org 2008/01/23 01:56:54
277 [clientloop.c packet.c serverloop.c]
278 Revert the change for bz #1307 as it causes connection aborts if an IGNORE
279 packet arrives while we're waiting in packet_read_expect (and possibly
280 elsewhere).
281 - jmc@cvs.openbsd.org 2008/01/31 20:06:50
282 [scp.1]
283 explain how to handle local file names containing colons;
284 requested by Tamas TEVESZ
285 ok dtucker
286 - markus@cvs.openbsd.org 2008/02/04 21:53:00
287 [session.c sftp-server.c sftp.h]
288 link sftp-server into sshd; feedback and ok djm@
289 - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
290 [ssh.1 sshd.8]
291 Document the correct permissions for the ~/.ssh/ directory.
292 ok jmc
293 - djm@cvs.openbsd.org 2008/02/10 09:55:37
294 [sshd_config.5]
295 mantion that "internal-sftp" is useful with ForceCommand too
296 - djm@cvs.openbsd.org 2008/02/10 10:54:29
297 [servconf.c session.c]
298 delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
299 home, rather than the user who starts sshd (probably root)
300
30120080119
302 - (djm) Silence noice from expr in ssh-copy-id; patch from
303 mikel AT mikelward.com
304 - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
305 tsr2600 AT gmail.com
306
30720080102
308 - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
309
31020080101
311 - (dtucker) OpenBSD CVS Sync
312 - dtucker@cvs.openbsd.org 2007/12/31 10:41:31
313 [readconf.c servconf.c]
314 Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
315 from Dmitry V. Levin, ok djm@
316 - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
317 [sshd.c]
318 When in inetd mode, have sshd generate a Protocol 1 ephemeral server
319 key only for connections where the client chooses Protocol 1 as opposed
320 to when it's enabled in the server's config. Speeds up Protocol 2
321 connections to inetd-mode servers that also allow Protocol 1. bz #440,
322 based on a patch from bruno at wolff.to, ok markus@
323 - dtucker@cvs.openbsd.org 2008/01/01 08:47:04
324 [misc.c]
325 spaces -> tabs from my previous commit
326 - dtucker@cvs.openbsd.org 2008/01/01 09:06:39
327 [scp.c]
328 If scp -p encounters a pre-epoch timestamp, use the epoch which is
329 as close as we can get given that it's used unsigned. Add a little
330 debugging while there. bz #828, ok djm@
331 - dtucker@cvs.openbsd.org 2008/01/01 09:27:33
332 [sshd_config.5 servconf.c]
333 Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
334 only from the local network. ok markus@, man page bit ok jmc@
335 - dtucker@cvs.openbsd.org 2008/01/01 08:51:20
336 [moduli]
337 Updated moduli file; ok djm@
338
33920071231
340 - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
341 builtin glob implementation on Mac OS X. Based on a patch from
342 vgiffin at apple.
343
34420071229
345 - (dtucker) OpenBSD CVS Sync
346 - djm@cvs.openbsd.org 2007/12/12 05:04:03
347 [sftp.c]
348 unbreak lls command and add a regress test that would have caught the
349 breakage; spotted by mouring@
350 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08
351 [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
352 sshd.c]
353 Add a small helper function to consistently handle the EAI_SYSTEM error
354 code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
355 ok markus@ stevesk@
356 - dtucker@cvs.openbsd.org 2007/12/28 15:32:24
357 [clientloop.c serverloop.c packet.c]
358 Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
359 ServerAlive and ClientAlive timers. Prevents dropping a connection
360 when these are enabled but the peer does not support our keepalives.
361 bz #1307, ok djm@.
362 - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
363 [clientloop.c]
364 Use the correct packet maximum sizes for remote port and agent forwarding.
365 Prevents the server from killing the connection if too much data is queued
366 and an excessively large packet gets sent. bz #1360, ok djm@.
367
36820071202
369 - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
370 gcc supports it. ok djm@
371 - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
372 leftover debug code.
373 - (dtucker) OpenBSD CVS Sync
374 - dtucker@cvs.openbsd.org 2007/10/29 00:52:45
375 [auth2-gss.c]
376 Allow build without -DGSSAPI; ok deraadt@
377 (Id sync only, Portable already has the ifdefs)
378 - dtucker@cvs.openbsd.org 2007/10/29 01:55:04
379 [ssh.c]
380 Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
381 ok djm@
382 - dtucker@cvs.openbsd.org 2007/10/29 04:08:08
383 [monitor_wrap.c monitor.c]
384 Send config block back to slave for invalid users too so options
385 set by a Match block (eg Banner) behave the same for non-existent
386 users. Found by and ok djm@
387 - dtucker@cvs.openbsd.org 2007/10/29 06:51:59
388 [ssh_config.5]
389 ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
390 - dtucker@cvs.openbsd.org 2007/10/29 06:54:50
391 [ssh.c]
392 Make LocalCommand work for Protocol 1 too; ok djm@
393 - jmc@cvs.openbsd.org 2007/10/29 07:48:19
394 [ssh_config.5]
395 clean up after previous macro removal;
396 - djm@cvs.openbsd.org 2007/11/03 00:36:14
397 [clientloop.c]
398 fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
399 ok dtucker@
400 - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
401 [ssh.c]
402 bz #1377: getpwuid results were being clobbered by another getpw* call
403 inside tilde_expand_filename(); save the data we need carefully
404 ok djm
405 - dtucker@cvs.openbsd.org 2007/11/03 02:00:32
406 [ssh.c]
407 Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
408 - deraadt@cvs.openbsd.org 2007/11/03 02:03:49
409 [ssh.c]
410 avoid errno trashing in signal handler; ok dtucker
411
41220071030
413 - (djm) OpenBSD CVS Sync
414 - djm@cvs.openbsd.org 2007/10/29 23:49:41
415 [openbsd-compat/sys-tree.h]
416 remove extra backslash at the end of RB_PROTOTYPE, report from
417 Jan.Pechanec AT Sun.COM; ok deraadt@
418
41920071026
420 - (djm) OpenBSD CVS Sync
421 - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
422 [sshpty.c]
423 remove #if defined block not needed; ok markus@ dtucker@
424 (NB. RCD ID sync only for portable)
425 - djm@cvs.openbsd.org 2007/09/21 03:05:23
426 [ssh_config.5]
427 document KbdInteractiveAuthentication in ssh_config.5;
428 patch from dkg AT fifthhorseman.net
429 - djm@cvs.openbsd.org 2007/09/21 08:15:29
430 [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
431 [monitor.c monitor_wrap.c]
432 unifdef -DBSD_AUTH
433 unifdef -USKEY
434 These options have been in use for some years;
435 ok markus@ "no objection" millert@
436 (NB. RCD ID sync only for portable)
437 - canacar@cvs.openbsd.org 2007/09/25 23:48:57
438 [ssh-agent.c]
439 When adding a key that already exists, update the properties
440 (time, confirm, comment) instead of discarding them. ok djm@ markus@
441 - ray@cvs.openbsd.org 2007/09/27 00:15:57
442 [dh.c]
443 Don't return -1 on error in dh_pub_is_valid(), since it evaluates
444 to true.
445 Also fix a typo.
446 Initial diff from Matthew Dempsky, input from djm.
447 OK djm, markus.
448 - dtucker@cvs.openbsd.org 2007/09/29 00:25:51
449 [auth2.c]
450 Remove unused prototype. ok djm@
451 - chl@cvs.openbsd.org 2007/10/02 17:49:58
452 [ssh-keygen.c]
453 handles zero-sized strings that fgets can return
454 properly removes trailing newline
455 removes an unused variable
456 correctly counts line number
457 "looks ok" ray@ markus@
458 - markus@cvs.openbsd.org 2007/10/22 19:10:24
459 [readconf.c]
460 make sure that both the local and remote port are correct when
461 parsing -L; Jan Pechanec (bz #1378)
462 - djm@cvs.openbsd.org 2007/10/24 03:30:02
463 [sftp.c]
464 rework argument splitting and parsing to cope correctly with common
465 shell escapes and make handling of escaped characters consistent
466 with sh(1) and between sftp commands (especially between ones that
467 glob their arguments and ones that don't).
468 parse command flags using getopt(3) rather than hand-rolled parsers.
469 ok dtucker@
470 - djm@cvs.openbsd.org 2007/10/24 03:44:02
471 [scp.c]
472 factor out network read/write into an atomicio()-like function, and
473 use it to handle short reads, apply bandwidth limits and update
474 counters. make network IO non-blocking, so a small trickle of
475 reads/writes has a chance of updating the progress meter; bz #799
476 ok dtucker@
477 - djm@cvs.openbsd.org 2006/08/29 09:44:00
478 [regress/sftp-cmds.sh]
479 clean up our mess
480 - markus@cvs.openbsd.org 2006/11/06 09:27:43
481 [regress/cfgmatch.sh]
482 fix quoting for non-(c)sh login shells.
483 - dtucker@cvs.openbsd.org 2006/12/13 08:36:36
484 [regress/cfgmatch.sh]
485 Additional test for multiple PermitOpen entries. ok djm@
486 - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
487 [regress/cipher-speed.sh regress/try-ciphers.sh]
488 test umac-64@openssh.com
489 ok djm@
490 - djm@cvs.openbsd.org 2007/10/24 03:32:35
491 [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
492 comprehensive tests for sftp escaping its interaction with globbing;
493 ok dtucker@
494 - djm@cvs.openbsd.org 2007/10/26 05:30:01
495 [regress/sftp-glob.sh regress/test-exec.sh]
496 remove "echo -E" crap that I added in last commit and use printf(1) for
497 cases where we strictly require echo not to reprocess escape characters.
498 - deraadt@cvs.openbsd.org 2005/11/28 17:50:12
499 [openbsd-compat/glob.c]
500 unused arg in internal static API
501 - jakob@cvs.openbsd.org 2007/10/11 18:36:41
502 [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
503 use RRSIG instead of SIG for DNSSEC. ok djm@
504 - otto@cvs.openbsd.org 2006/10/21 09:55:03
505 [openbsd-compat/base64.c]
506 remove calls to abort(3) that can't happen anyway; from
507 <bret dot lambert at gmail.com>; ok millert@ deraadt@
508 - frantzen@cvs.openbsd.org 2004/04/24 18:11:46
509 [openbsd-compat/sys-tree.h]
510 sync to Niels Provos' version. avoid unused variable warning in
511 RB_NEXT()
512 - tdeval@cvs.openbsd.org 2004/11/24 18:10:42
513 [openbsd-compat/sys-tree.h]
514 typo
515 - grange@cvs.openbsd.org 2004/05/04 16:59:32
516 [openbsd-compat/sys-queue.h]
517 Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
518 This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
519 ok millert krw deraadt
520 - deraadt@cvs.openbsd.org 2005/02/25 13:29:30
521 [openbsd-compat/sys-queue.h]
522 minor white spacing
523 - otto@cvs.openbsd.org 2005/10/17 20:19:42
524 [openbsd-compat/sys-queue.h]
525 Performing certain operations on queue.h data structurs produced
526 funny results. An example is calling LIST_REMOVE on the same
527 element twice. This will not fail, but result in a data structure
528 referencing who knows what. Prevent these accidents by NULLing some
529 fields on remove and replace. This way, either a panic or segfault
530 will be produced on the faulty operation.
531 - otto@cvs.openbsd.org 2005/10/24 20:25:14
532 [openbsd-compat/sys-queue.h]
533 Partly backout. NOLIST, used in LISTs is probably interfering.
534 requested by deraadt@
535 - otto@cvs.openbsd.org 2005/10/25 06:37:47
536 [openbsd-compat/sys-queue.h]
537 Some uvm problem is being exposed with the more strict macros.
538 Revert until we've found out what's causing the panics.
539 - otto@cvs.openbsd.org 2005/11/25 08:06:25
540 [openbsd-compat/sys-queue.h]
541 Introduce debugging aid for queue macros. Disabled by default; but
542 developers are encouraged to run with this enabled.
543 ok krw@ fgsch@ deraadt@
544 - otto@cvs.openbsd.org 2007/04/30 18:42:34
545 [openbsd-compat/sys-queue.h]
546 Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
547 Input and okays from krw@, millert@, otto@, deraadt@, miod@.
548 - millert@cvs.openbsd.org 2004/10/07 16:56:11
549 GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
550 block.
551 (NB. mostly an RCS ID sync, as portable strips out the conditionals)
552 - (djm) [regress/sftp-cmds.sh]
553 Use more restrictive glob to pick up test files from /bin - some platforms
554 ship broken symlinks there which could spoil the test.
555 - (djm) [openbsd-compat/bindresvport.c]
556 Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
557
55820070927
559 - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
560 we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
561 - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
562 so disable it for that platform. From bacon at cs nyu edu.
563
56420070921
565 - (djm) [atomicio.c] Fix spin avoidance for platforms that define
566 EWOULDBLOCK; patch from ben AT psc.edu
567
56820070917
569 - (djm) OpenBSD CVS Sync
570 - djm@cvs.openbsd.org 2007/08/23 02:49:43
571 [auth-passwd.c auth.c session.c]
572 unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
573 NB. RCS ID sync only for portable
574 - djm@cvs.openbsd.org 2007/08/23 02:55:51
575 [auth-passwd.c auth.c session.c]
576 missed include bits from last commit
577 NB. RCS ID sync only for portable
578 - djm@cvs.openbsd.org 2007/08/23 03:06:10
579 [auth.h]
580 login_cap.h doesn't belong here
581 NB. RCS ID sync only for portable
582 - djm@cvs.openbsd.org 2007/08/23 03:22:16
583 [auth2-none.c sshd_config sshd_config.5]
584 Support "Banner=none" to disable displaying of the pre-login banner;
585 ok dtucker@ deraadt@
586 - djm@cvs.openbsd.org 2007/08/23 03:23:26
587 [sshconnect.c]
588 Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
589 - djm@cvs.openbsd.org 2007/09/04 03:21:03
590 [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
591 [monitor_wrap.c ssh.c]
592 make file descriptor passing code return an error rather than call fatal()
593 when it encounters problems, and use this to make session multiplexing
594 masters survive slaves failing to pass all stdio FDs; ok markus@
595 - djm@cvs.openbsd.org 2007/09/04 11:15:56
596 [ssh.c sshconnect.c sshconnect.h]
597 make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
598 SSH banner exchange (previously it just covered the TCP connection).
599 This allows callers of ssh(1) to better detect and deal with stuck servers
600 that accept a TCP connection but don't progress the protocol, and also
601 makes ConnectTimeout useful for connections via a ProxyCommand;
602 feedback and "looks ok" markus@
603 - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
604 [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
605 sort synopsis and options in ssh-agent(1); usage is lowercase
606 ok jmc@
607 - stevesk@cvs.openbsd.org 2007/09/11 04:36:29
608 [sshpty.c]
609 sort #include
610 NB. RCS ID sync only
611 - gilles@cvs.openbsd.org 2007/09/11 15:47:17
612 [session.c ssh-keygen.c sshlogin.c]
613 use strcspn to properly overwrite '\n' in fgets returned buffer
614 ok pyr@, ray@, millert@, moritz@, chl@
615 - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
616 [sshpty.c]
617 remove #if defined block not needed; ok markus@ dtucker@
618 NB. RCS ID sync only
619 - stevesk@cvs.openbsd.org 2007/09/12 19:39:19
620 [umac.c]
621 use xmalloc() and xfree(); ok markus@ pvalchev@
622 - djm@cvs.openbsd.org 2007/09/13 04:39:04
623 [sftp-server.c]
624 fix incorrect test when setting syslog facility; from Jan Pechanec
625 - djm@cvs.openbsd.org 2007/09/16 00:55:52
626 [sftp-client.c]
627 use off_t instead of u_int64_t for file offsets, matching what the
628 progressmeter code expects; bz #842
629 - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
630 Problem report and additional testing rac AT tenzing.org.
631
63220070914
633 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
634 Patch from Jan.Pechanec at sun com.
635
63620070910
637 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
638 return 0 on successful test. From David.Leonard at quest com.
639 - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
640 did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
641
d4487008 64220070817
643 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
644 accounts and that's what the code looks for, so make man page and code
645 agree. Pointed out by Roumen Petrov.
646 - (dtucker) [INSTALL] Group the parts describing random options and PAM
647 implementations together which is hopefully more coherent.
648 - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
649 - (dtucker) [INSTALL] Give PAM its own heading.
650 - (dtucker) [INSTALL] Link to tcpwrappers.
651
65220070816
653 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
654 connections too. Based on a patch from Sandro Wefel, with & ok djm@
655
65620070815
657 - (dtucker) OpenBSD CVS Sync
658 - markus@cvs.openbsd.org 2007/08/15 08:14:46
659 [clientloop.c]
660 do NOT fall back to the trused x11 cookie if generation of an untrusted
661 cookie fails; from Jan Pechanec, via security-alert at sun.com;
662 ok dtucker
663 - markus@cvs.openbsd.org 2007/08/15 08:16:49
664 [version.h]
665 openssh 4.7
666 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41
667 [ssh_config.5]
668 tun device forwarding now honours ExitOnForwardFailure; ok markus@
669 - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
670 ok djm@
671 - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
672 contrib/suse/openssh.spec] Crank version.
673
67420070813
675 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
676 called with PAM_ESTABLISH_CRED at least once, which resolves a problem
677 with pam_dhkeys. Patch from David Leonard, ok djm@
678
67920070810
680 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
681 - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From
682 Matt Kraai, ok djm@
683
68420070809
685 - (dtucker) [openbsd-compat/port-aix.c] Comment typo.
686 - (dtucker) [README.platform] Document the interaction between PermitRootLogin
687 and the AIX native login restrictions.
688 - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
689 used anywhere and are a potential source of warnings.
690
69120070808
692 - (djm) OpenBSD CVS Sync
693 - ray@cvs.openbsd.org 2007/07/12 05:48:05
694 [key.c]
695 Delint: remove some unreachable statements, from Bret Lambert.
696 OK markus@ and dtucker@.
697 - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
698 [scp.1 scp.c]
699 the ellipsis is not an optional argument; while here, sync the usage
700 and synopsis of commands
701 lots of good ideas by jmc@
702 ok jmc@
703 - djm@cvs.openbsd.org 2007/08/07 07:32:53
704 [clientloop.c clientloop.h ssh.c]
705 bz#1232: ensure that any specified LocalCommand is executed after the
706 tunnel device is opened. Also, make failures to open a tunnel device
707 fatal when ExitOnForwardFailure is active.
708 Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
709
71020070724
711 - (tim) [openssh.xml.in] make FMRI match what package scripts use.
712 - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
713 Report/patch by David.Leonard AT quest.com (and Bernhard Simon)
714 - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
715 - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
716
71720070628
718 - (djm) bz#1325: Fix SELinux in permissive mode where it would
719 incorrectly fatal() on errors. patch from cjwatson AT debian.org;
720 ok dtucker
721
72220070625
723 - (dtucker) OpenBSD CVS Sync
724 - djm@cvs.openbsd.org 2007/06/13 00:21:27
725 [scp.c]
726 don't ftruncate() non-regular files; bz#1236 reported by wood AT
727 xmission.com; ok dtucker@
728 - djm@cvs.openbsd.org 2007/06/14 21:43:25
729 [ssh.c]
730 handle EINTR when waiting for mux exit status properly
731 - djm@cvs.openbsd.org 2007/06/14 22:48:05
732 [ssh.c]
733 when waiting for the multiplex exit status, read until the master end
734 writes an entire int of data *and* closes the client_fd; fixes mux
735 regression spotted by dtucker, ok dtucker@
736 - djm@cvs.openbsd.org 2007/06/19 02:04:43
737 [atomicio.c]
738 if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
739 avoid a spin if it is not yet ready for reading/writing; ok dtucker@
740 - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
741 [channels.c]
742 Correct test for window updates every three packets; prevents sending
743 window updates for every single packet. ok markus@
744 - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
745 [atomicio.c]
746 Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
747 - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
748 atomicio.
749 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
750 openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
751 Add an implementation of poll() built on top of select(2). Code from
752 OpenNTPD with changes suggested by djm. ok djm@
753
75420070614
755 - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
756 USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
757 shared with umac.c. Allows building with OpenSSL 0.9.5 again including
758 umac support. With tim@ djm@, ok djm.
759 - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
760 sections. Fixes builds with early OpenSSL 0.9.6 versions.
761 - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
762 of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
763 subsequent <0.9.7 test.
764
76520070612
766 - (dtucker) OpenBSD CVS Sync
767 - markus@cvs.openbsd.org 2007/06/11 09:14:00
768 [channels.h]
769 increase default channel windows; ok djm
770 - djm@cvs.openbsd.org 2007/06/12 07:41:00
771 [ssh-add.1]
772 better document ssh-add's -d option (delete identies from agent), bz#1224
773 new text based on some provided by andrewmc-debian AT celt.dias.ie;
774 ok dtucker@
775 - djm@cvs.openbsd.org 2007/06/12 08:20:00
776 [ssh-gss.h gss-serv.c gss-genr.c]
777 relocate server-only GSSAPI code from libssh to server; bz #1225
778 patch from simon AT sxw.org.uk; ok markus@ dtucker@
779 - djm@cvs.openbsd.org 2007/06/12 08:24:20
780 [scp.c]
781 make scp try to skip FIFOs rather than blocking when nothing is listening.
782 depends on the platform supporting sane O_NONBLOCK semantics for open
783 on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
784 bz #856; report by cjwatson AT debian.org; ok markus@
785 - djm@cvs.openbsd.org 2007/06/12 11:11:08
786 [ssh.c]
787 fix slave exit value when a control master goes away without passing the
788 full exit status by ensuring that the slave reads a full int. bz#1261
789 reported by frekko AT gmail.com; ok markus@ dtucker@
790 - djm@cvs.openbsd.org 2007/06/12 11:15:17
791 [ssh.c ssh.1]
792 Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
793 GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
794 and is useful for hosts with /home on Kerberised NFS; bz #1312
795 patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
796 - djm@cvs.openbsd.org 2007/06/12 11:45:27
797 [ssh.c]
798 improved exit message from multiplex slave sessions; bz #1262
799 reported by alexandre.nunes AT gmail.com; ok dtucker@
800 - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
801 [gss-genr.c]
802 Pass GSS OID to gss_display_status to provide better information in
803 error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
804 - jmc@cvs.openbsd.org 2007/06/12 13:41:03
805 [ssh-add.1]
806 identies -> identities;
807 - jmc@cvs.openbsd.org 2007/06/12 13:43:55
808 [ssh.1]
809 add -K to SYNOPSIS;
810 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
811 [scp.c]
812 Encode filename with strnvis if the name contains a newline (which can't
813 be represented in the scp protocol), from bz #891. ok markus@
814
81520070611
816 - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
817 fix; tested by dtucker@ and jochen.kirn AT gmail.com
818 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
819 [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
820 [ssh_config.5 sshd.8 sshd_config.5]
821 Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
822 must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
823 compared to hmac-md5. Represents a different approach to message
824 authentication to that of HMAC that may be beneficial if HMAC based on
825 one of its underlying hash algorithms is found to be vulnerable to a
826 new attack. http://www.ietf.org/rfc/rfc4418.txt
827 in conjunction with and OK djm@
828 - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
829 [ssh_config]
830 Add a "MACs" line after "Ciphers" with the default MAC algorithms,
831 to ease people who want to tweak both (eg. for performance reasons).
832 ok deraadt@ djm@ dtucker@
833 - jmc@cvs.openbsd.org 2007/06/08 07:43:46
834 [ssh_config.5]
835 put the MAC list into a display, like we do for ciphers,
836 since groff has trouble handling wide lines;
837 - jmc@cvs.openbsd.org 2007/06/08 07:48:09
838 [sshd_config.5]
839 oops, here too: put the MAC list into a display, like we do for
840 ciphers, since groff has trouble with wide lines;
841 - markus@cvs.openbsd.org 2007/06/11 08:04:44
842 [channels.c]
843 send 'window adjust' messages every tree packets and do not wait
844 until 50% of the window is consumed. ok djm dtucker
845 - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
846 fallback to provided bit-swizzing functions
847 - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
848 argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
849 but check anyway in case this changes or the code gets used elsewhere.
850 - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
851 prevent warnings about redefinitions of various things in paths.h.
852 Spotted by cartmanltd at hotmail.com.
853
85420070605
855 - (dtucker) OpenBSD CVS Sync
856 - djm@cvs.openbsd.org 2007/05/22 10:18:52
857 [sshd.c]
858 zap double include; from p_nowaczyk AT o2.pl
859 (not required in -portable, Id sync only)
860 - djm@cvs.openbsd.org 2007/05/30 05:58:13
861 [kex.c]
862 tidy: KNF, ARGSUSED and u_int
863 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
864 [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
865 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
866 convert to new .Dd format;
867 (We will need to teach mdoc2man.awk to understand this too.)
868 - djm@cvs.openbsd.org 2007/05/31 23:34:29
869 [packet.c]
870 gc unreachable code; spotted by Tavis Ormandy
871 - djm@cvs.openbsd.org 2007/06/02 09:04:58
872 [bufbn.c]
873 memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
874 - djm@cvs.openbsd.org 2007/06/05 06:52:37
875 [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
876 Preserve MAC ctx between packets, saving 2xhash calls per-packet.
877 Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
878 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
879 committing at his request)
880 - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
881 OpenBSD's cvs now adds.
882 - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
883 mindrot's cvs doesn't expand it on us.
884 - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
885
88620070520
887 - (dtucker) OpenBSD CVS Sync
888 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
889 [auth2.c]
890 remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
891 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
892 [sftp-server.c]
893 cast "%llu" format spec to (unsigned long long); do not assume a
894 u_int64_t arg is the same as 'unsigned long long'.
895 from Dmitry V. Levin <ldv@altlinux.org>
896 ok markus@ 'Yes, that looks correct' millert@
897 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
898 [servconf.c]
899 Remove debug() left over from development. ok deraadt@
900 - djm@cvs.openbsd.org 2007/05/17 07:50:31
901 [log.c]
902 save and restore errno when logging; ok deraadt@
903 - djm@cvs.openbsd.org 2007/05/17 07:55:29
904 [sftp-server.c]
905 bz#1286 stop reading and processing commands when input or output buffer
906 is nearly full, otherwise sftp-server would happily try to grow the
907 input/output buffers past the maximum supported by the buffer API and
908 promptly fatal()
909 based on patch from Thue Janus Kristensen; feedback & ok dtucker@
910 - djm@cvs.openbsd.org 2007/05/17 20:48:13
911 [sshconnect2.c]
912 fall back to gethostname() when the outgoing connection is not
913 on a socket, such as is the case when ProxyCommand is used.
914 Gives hostbased auth an opportunity to work; bz#616, report
915 and feedback stuart AT kaloram.com; ok markus@
916 - djm@cvs.openbsd.org 2007/05/17 20:52:13
917 [monitor.c]
918 pass received SIGINT from monitor to postauth child so it can clean
919 up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
920 ok markus@
921 - jolan@cvs.openbsd.org 2007/05/17 23:53:41
922 [sshconnect2.c]
923 djm owes me a vb and a tism cd for breaking ssh compilation
924 - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
925 ldv at altlinux.org.
926 - (dtucker) [auth-pam.c] Return empty string if fgets fails in
927 sshpam_tty_conv. Patch from ldv at altlinux.org.
928
92920070509
930 - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
931
93220070429
933 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
934 for select(2) prototype.
935 - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
936 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
937 platform's _res if it has one. Should fix problem of DNSSEC record lookups
938 on NetBSD as reported by Curt Sampson.
939 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
940 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
941 so we don't get redefinition warnings.
942 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
943 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
944 __nonnull__ for versions of GCC that don't support it.
945 - (dtucker) [configure.ac defines.h] Have configure check for offsetof
946 to prevent redefinition warnings.
947
94820070406
949 - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
950 to OpenPAM too.
951 - (dtucker) [INSTALL] prngd lives at sourceforge these days.
952
95320070326
954 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
955 openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
956 to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
957
95820070325
959 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
960 LIBWRAP and LIBPAM variables in Makefile with the general-purpose
961 SSHDLIBS. "I like" djm@
962
96320070321
964 - (dtucker) OpenBSD CVS Sync
965 - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
966 [servconf.c sshd.c]
967 Move C/R -> kbdint special case to after the defaults have been
968 loaded, which makes ChallengeResponse default to yes again. This
969 was broken by the Match changes and not fixed properly subsequently.
970 Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
971 - djm@cvs.openbsd.org 2007/03/19 01:01:29
972 [sshd_config]
973 Disable the legacy SSH protocol 1 for new installations via
974 a configuration override. In the future, we will change the
975 server's default itself so users who need the legacy protocol
976 will need to turn it on explicitly
977 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
978 [ssh-agent.c]
979 Remove the signal handler that checks if the agent's parent process
980 has gone away, instead check when the select loop returns. Record when
981 the next key will expire when scanning for expired keys. Set the select
982 timeout to whichever of these two things happens next. With djm@, with &
983 ok deraadt@ markus@
984 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
985 [readconf.c clientloop.c]
986 remove some bogus *p tests from charles longeau
987 ok deraadt millert
988 - jmc@cvs.openbsd.org 2007/03/20 15:57:15
989 [sshd.8]
990 - let synopsis and description agree for -f
991 - sort FILES
992 - +.Xr ssh-keyscan 1 ,
993 from Igor Sobrado
994 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
995 getpeerucred to implement getpeereid (currently only Solaris 10 and up).
996 Patch by Jan.Pechanec at Sun.
997 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
998 HAVE_GETPEERUCRED too. Also from Jan Pechanec.
999
100020070313
1001 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
1002 string.h to prevent warnings, from vapier at gentoo.org.
1003 - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
1004 selinux bits in -portable.
1005 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
1006 bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
1007 in cipher-bf1.c. Patch from Juan Gallego.
1008 - (dtucker) [README.platform] Info about blibpath on AIX.
1009
799ae497 101020070306
1011 - (djm) OpenBSD CVS Sync
1012 - jmc@cvs.openbsd.org 2007/03/01 16:19:33
1013 [sshd_config.5]
1014 sort the `match' keywords;
1015 - djm@cvs.openbsd.org 2007/03/06 10:13:14
1016 [version.h]
1017 openssh-4.6; "please" deraadt@
1018 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1019 [contrib/suse/openssh.spec] crank spec files for release
1020 - (djm) [README] correct link to release notes
1021 - (djm) Release 4.6p1
1022
102320070304
1024 - (djm) [configure.ac] add a --without-openssl-header-check option to
1025 configure, as some platforms (OS X) ship OpenSSL headers whose version
1026 does not match that of the shipping library. ok dtucker@
1027 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
1028 bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
1029 ciphers from working correctly (disconnects with "Bad packet length"
1030 errors) as found by Ben Harris. ok djm@
1031
103220070303
1033 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
1034 general to cover newer gdb versions on HP-UX.
1035
103620070302
1037 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
1038 CRLF as well as LF lineendings) and write in binary mode. Patch from
1039 vinschen at redhat.com.
1040 - (dtucker) [INSTALL] Update to autoconf-2.61.
1041
104220070301
1043 - (dtucker) OpenBSD CVS Sync
1044 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
1045 [auth2.c sshd_config.5 servconf.c]
1046 Remove ChallengeResponseAuthentication support inside a Match
1047 block as its interaction with KbdInteractive makes it difficult to
1048 support. Also, relocate the CR/kbdint option special-case code into
1049 servconf. "please commit" djm@, ok markus@ for the relocation.
1050 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
1051 "Looks sane" dtucker@
1052
105320070228
1054 - (dtucker) OpenBSD CVS Sync
1055 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
1056 [ssh-agent.c]
1057 Remove expired keys periodically so they don't remain in memory when
1058 the agent is entirely idle, as noted by David R. Piegdon. This is the
1059 simple fix, a more efficient one will be done later. With markus,
1060 deraadt, with & ok djm.
1061
106220070225
1063 - (dtucker) OpenBSD CVS Sync
1064 - djm@cvs.openbsd.org 2007/02/20 10:25:14
1065 [clientloop.c]
1066 set maximum packet and window sizes the same for multiplexed clients
1067 as normal connections; ok markus@
1068 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
1069 [sshd.c]
1070 Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
1071 a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
1072 newly exec'ed sshd will get the SIGALRM and not have a handler for it,
1073 and the default action will terminate the listening sshd. Analysis and
1074 patch from andrew at gaul.org.
1075 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
1076 [servconf.c]
1077 Check activep so Match and GatewayPorts work together; ok markus@
1078 - ray@cvs.openbsd.org 2007/02/24 03:30:11
1079 [moduli.c]
1080 - strlen returns size_t, not int.
1081 - Pass full buffer size to fgets.
1082 OK djm@, millert@, and moritz@.
1083
108420070219
1085 - (dtucker) OpenBSD CVS Sync
1086 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
1087 [ssh_config.5]
1088 do not use a list for SYNOPSIS;
1089 this is actually part of a larger report sent by eric s. raymond
1090 and forwarded by brad, but i only read half of it. spotted by brad.
1091 - jmc@cvs.openbsd.org 2007/01/12 20:20:41
1092 [ssh-keygen.1 ssh-keygen.c]
1093 more secsh -> rfc 4716 updates;
1094 spotted by wiz@netbsd
1095 ok markus
1096 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
1097 [readconf.c]
1098 Honour activep for times (eg ServerAliveInterval) while parsing
1099 ssh_config and ~/.ssh/config so they work properly with Host directives.
1100 From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
1101 - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
1102 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
1103 spaces
1104 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
1105 [readconf.c]
1106 spaces
1107 - djm@cvs.openbsd.org 2007/01/22 11:32:50
1108 [sftp-client.c]
1109 return error from do_upload() when a write fails. fixes bz#1252: zero
1110 exit status from sftp when uploading to a full device. report from
1111 jirkat AT atlas.cz; ok dtucker@
1112 - djm@cvs.openbsd.org 2007/01/22 13:06:21
1113 [scp.c]
1114 fix detection of whether we should show progress meter or not: scp
1115 tested isatty(stderr) but wrote the progress meter to stdout. This patch
1116 makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
1117 of dtucker@
1118 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
1119 [bufbn.c]
1120 typos in comments; ok jmc@
1121 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
1122 [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
1123 Teach Match how handle config directives that are used before
1124 authentication. This allows configurations such as permitting password
1125 authentication from the local net only while requiring pubkey from
1126 offsite. ok djm@, man page bits ok jmc@
1127 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
1128 platforms don't have it. Patch from dleonard at vintela.com.
1129 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
1130 an array for signatures when there are none since "calloc(0, n) returns
1131 NULL on some platforms (eg Tru64), which is explicitly permitted by
1132 POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
1133
113420070128
1135 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
1136 when closing a tty session when a background process still holds tty
1137 fds open. Great detective work and patch by Marc Aurele La France,
1138 slightly tweaked by me; ok dtucker@
1139
114020070123
1141 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
1142 library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
1143 so it works properly and modify its callers so that they don't pre or
1144 post decrement arguments that are conditionally evaluated. While there,
1145 put SNPRINTF_CONST back as it prevents build failures in some
1146 configurations. ok djm@ (for most of it)
1147
114820070122
1149 - (djm) [ssh-rand-helper.8] manpage nits;
1150 from dleonard AT vintela.com (bz#1529)
1151
115220070117
1153 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
1154 and multiple including it causes problems on old IRIXes. (It snuck back
1155 in during a sync.) Found (again) by Georg Schwarz.
1156
115720070114
1158 - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
1159 - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
1160 value of snprintf replacement, similar to bugs in various libc
1161 implementations. This overflow is not exploitable in OpenSSH.
1162 While I'm fiddling with it, make it a fair bit faster by inlining the
1163 append-char routine; ok dtucker@
1164
116520070105
1166 - (djm) OpenBSD CVS Sync
1167 - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
1168 [ssh-keygen.c]
1169 use argc and argv not some made up short form
1170 - ray@cvs.openbsd.org 2006/11/23 01:35:11
1171 [misc.c sftp.c]
1172 Don't access buf[strlen(buf) - 1] for zero-length strings.
1173 ``ok by me'' djm@.
1174 - markus@cvs.openbsd.org 2006/12/11 21:25:46
1175 [ssh-keygen.1 ssh.1]
1176 add rfc 4716 (public key format); ok jmc
1177 - djm@cvs.openbsd.org 2006/12/12 03:58:42
1178 [channels.c compat.c compat.h]
1179 bz #1019: some ssh.com versions apparently can't cope with the
1180 remote port forwarding bind_address being a hostname, so send
1181 them an address for cases where they are not explicitly
1182 specified (wildcard or localhost bind). reported by daveroth AT
1183 acm.org; ok dtucker@ deraadt@
1184 - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
1185 [servconf.c]
1186 Make PermitOpen work with multiple values like the man pages says.
1187 bz #1267 with details from peter at dmtz.com, with & ok djm@
1188 - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
1189 [servconf.c]
1190 Make "PermitOpen all" first-match within a block to match the way other
1191 options work. ok markus@ djm@
1192 - jmc@cvs.openbsd.org 2007/01/02 09:57:25
1193 [sshd_config.5]
1194 do not use lists for SYNOPSIS;
1195 from eric s. raymond via brad
1196 - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
1197 [ssh-keygen.c]
1198 remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
1199 - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
1200 [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
1201 spaces
1202 - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
1203 [sftp.c]
1204 ARGSUSED for lint
1205 - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
1206 [sftp-server.c]
1207 spaces
1208
120920061205
1210 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
1211 occur if the server did not have the privsep user and an invalid user
1212 tried to login and both privsep and krb5 auth are disabled; ok dtucker@
1213 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
1214
121520061108
1216 - (dtucker) OpenBSD CVS Sync
1217 - markus@cvs.openbsd.org 2006/11/07 13:02:07
1218 [dh.c]
1219 BN_hex2bn returns int; from dtucker@
1220
ff7ec503 122120061107
1222 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
1223 if we absolutely need it. Pointed out by Corinna, ok djm@
1224 - (dtucker) OpenBSD CVS Sync
1225 - markus@cvs.openbsd.org 2006/11/06 21:25:28
1226 [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
1227 ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
1228 add missing checks for openssl return codes; with & ok djm@
1229 - markus@cvs.openbsd.org 2006/11/07 10:31:31
1230 [monitor.c version.h]
1231 correctly check for bad signatures in the monitor, otherwise the monitor
1232 and the unpriv process can get out of sync. with dtucker@, ok djm@,
1233 dtucker@
1234 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
1235 versions.
ff7ec503 1236 - (dtucker) Release 4.5p1.
1237
123820061105
1239 - (djm) OpenBSD CVS Sync
1240 - otto@cvs.openbsd.org 2006/10/28 18:08:10
1241 [ssh.1]
1242 correct/expand example of usage of -w; ok jmc@ stevesk@
1243 - markus@cvs.openbsd.org 2006/10/31 16:33:12
1244 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
1245 check DH_compute_key() for -1 even if it should not happen because of
1246 earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
1247
124820061101
1249 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
1250 events fatal in Solaris process contract support and tell it to signal
1251 only processes in the same process group when something happens.
1252 Based on information from andrew.benham at thus.net and similar to
1253 a patch from Chad Mynhier. ok djm@
1254
125520061027
1256- (djm) [auth.c] gc some dead code
1257
125820061023
1259 - (djm) OpenBSD CVS Sync
1260 - ray@cvs.openbsd.org 2006/09/30 17:48:22
1261 [sftp.c]
1262 Clear errno before calling the strtol functions.
1263 From Paul Stoeber <x0001 at x dot de1 dot cc>.
1264 OK deraadt@.
1265 - djm@cvs.openbsd.org 2006/10/06 02:29:19
1266 [ssh-agent.c ssh-keyscan.c ssh.c]
1267 sys/resource.h needs sys/time.h; prompted by brad@
1268 (NB. Id sync only for portable)
1269 - djm@cvs.openbsd.org 2006/10/09 23:36:11
1270 [session.c]
1271 xmalloc -> xcalloc that was missed previously, from portable
1272 (NB. Id sync only for portable, obviously)
1273 - markus@cvs.openbsd.org 2006/10/10 10:12:45
1274 [sshconnect.c]
1275 sleep before retrying (not after) since sleep changes errno; fixes
1276 pr 5250; rad@twig.com; ok dtucker djm
1277 - markus@cvs.openbsd.org 2006/10/11 12:38:03
1278 [clientloop.c serverloop.c]
1279 exit instead of doing a blocking tcp send if we detect a client/server
1280 timeout, since the tcp sendqueue might be already full (of alive
1281 requests); ok dtucker, report mpf
1282 - djm@cvs.openbsd.org 2006/10/22 02:25:50
1283 [sftp-client.c]
1284 cancel progress meter when upload write fails; ok deraadt@
1285 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
1286 autoconf 2.60 from complaining.
1287
128820061018
1289 - (dtucker) OpenBSD CVS Sync
1290 - ray@cvs.openbsd.org 2006/09/25 04:55:38
1291 [ssh-keyscan.1 ssh.1]
1292 Change "a SSH" to "an SSH". Hurray, I'm not the only one who
1293 pronounces "SSH" as "ess-ess-aich".
1294 OK jmc@ and stevesk@.
1295 - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
1296 on older versions of OS X. ok djm@
1297
129820061016
1299 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
1300 on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
1301
130220061006
1303 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
1304 Differentiate between OpenServer 5 and OpenServer 6
1305 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
1306 SELinux functions so they're detected correctly. Patch from pebenito at
1307 gentoo.org.
1308 - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
1309 Allow setting alternate awk in openssh-config.local.
1310
131120061003
1312 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
1313 section so additional platform specific CHECK_HEADER tests will work
1314 correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
1315 Feedback and "seems like a good idea" dtucker@
1316
131720061001
1318 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.
1319
132020060929
1321 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine
1322 support. Patch from andrew.benham at thus net.
1323
132420060928
1325 - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error
1326 on Solaris 8 w/out /dev/random or prngd. Patch from rl at
1327 math.technion.ac.il.
1328
9108f8d9 132920060926
1330 - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not
1331 referenced any more. ok djm@
1332 - (dtucker) [sftp-server.8] Resync; spotted by djm@
ff7ec503 1333 - (dtucker) Release 4.4p1.
9108f8d9 1334
133520060924
1336 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
1337 to rev 1.308) to work around broken gcc 2.x header file.
1338
133920060923
1340 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than
1341 $LDFLAGS. Patch from vapier at gentoo org.
1342
134320060922
1344 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on
1345 some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
1346
134720060921
1348 - (dtucker) OpenBSD CVS Sync
1349 - otto@cvs.openbsd.org 2006/09/19 05:52:23
1350 [sftp.c]
1351 Use S_IS* macros insted of masking with S_IF* flags. The latter may
1352 have multiple bits set, which lead to surprising results. Spotted by
1353 Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
1354 - markus@cvs.openbsd.org 2006/09/19 21:14:08
1355 [packet.c]
1356 client NULL deref on protocol error; Tavis Ormandy, Google Security Team
1357 - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes
1358 build error on Ultrix. From Bernhard Simon.
1359
136020060918
1361 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
1362 macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
1363 Allows build out of the box with older VAC and XLC compilers. Found by
1364 David Bronder and Bernhard Simon.
1365 - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
1366 Prevents macro redefinition warnings of "RDONLY".
1367
136820060916
1369 - OpenBSD CVS Sync
1370 - djm@cvs.openbsd.org 2006/09/16 19:53:37
1371 [deattack.c deattack.h packet.c]
1372 limit maximum work performed by the CRC compensation attack detector,
1373 problem reported by Tavis Ormandy, Google Security Team;
1374 ok markus@ deraadt@
1375 - (djm) Add openssh.xml to .cvsignore and sort it
1376 - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
1377 process so that any logging it does is with the right timezone. From
1378 Scott Strickler, ok djm@.
1379 - (dtucker) [monitor.c] Correctly handle auditing of single commands when
1380 using Protocol 1. From jhb at freebsd.
1381 - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
1382 - (dtucker) [INSTALL] Add info about audit support.
1383
138420060912
1385 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
1386 Support SMF in Solaris Packages if enabled by configure. Patch from
1387 Chad Mynhier, tested by dtucker@
1388
138920060911
1390 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
1391 by Pekka Savola.
1392
139320060910
1394 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available.
1395 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
1396
139720060909
1398 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
1399 - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
1400 - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@
1401
140220060908
1403 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
1404 from Chris Adams.
1405 - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
1406
140720060907
1408 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
1409 be used to drop privilege to; fixes Solaris GSSAPI crash reported by
1410 Magnus Abrante; suggestion and feedback dtucker@
1411 NB. this change will require that the privilege separation user must
1412 exist on all the time, not just when UsePrivilegeSeparation=yes
1413 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
1414 - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
1415 - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
1416 chance of winning.
1417
141820060905
1419 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
1420 - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
1421
142220060904
1423 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
1424 updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
1425 ok djm@
1426
142720060903
1428 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
1429 declaration of writev(2) and declare it ourselves if necessary. Makes
1430 the atomiciov() calls build on really old systems. ok djm@
1431
143220060902
1433 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
1434 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
1435 openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
1436 openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
1437 for hton* and ntoh* macros. Required on (at least) HP-UX since we define
1438 _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
1439
144020060901
1441 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
1442 [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
1443 [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
1444 [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
1445 [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
1446 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
1447 [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
1448 [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
1449 [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
1450 [sshconnect1.c sshconnect2.c sshd.c]
1451 [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
1452 [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
1453 [openbsd-compat/port-uw.c]
1454 Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
1455 compile problems reported by rac AT tenzing.org
1456 - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
1457 [openbsd-compat/rresvport.c] Some more headers: netinet/in.h
1458 sys/socket.h and unistd.h in various places
1459 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
1460 warnings for binary_open and binary_close. Patch from Corinna Vinschen.
1461 - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
1462 test for GLOB_NOMATCH and use our glob functions if it's not found.
1463 Stops sftp from segfaulting when attempting to get a nonexistent file on
1464 Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
1465 from and tested by Corinna Vinschen.
1466 - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
1467 versions.
1468
146920060831
1470 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
1471 [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
1472 [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
1473 [openbsd-compat/port-solaris.h] Add support for Solaris process
1474 contracts, enabled with --use-solaris-contracts. Patch from Chad
1475 Mynhier, tweaked by dtucker@ and myself; ok dtucker@
1476 - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
1477 while setting up the ssh service account. Patch from Corinna Vinschen.
1478
147920060830
1480 - (djm) OpenBSD CVS Sync
1481 - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
1482 [sshd_config.5]
1483 Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
1484 ok jmc@ djm@
1485 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
1486 [sshd.8]
1487 Add more detail about what permissions are and aren't accepted for
1488 authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
1489 - djm@cvs.openbsd.org 2006/08/29 10:40:19
1490 [channels.c session.c]
1491 normalise some inconsistent (but harmless) NULL pointer checks
1492 spotted by the Stanford SATURN tool, via Isil Dillig;
1493 ok markus@ deraadt@
1494 - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
1495 [gss-genr.c]
1496 Work around a problem in Heimdal that occurs when KRB5CCNAME file is
1497 missing, by checking whether or not kerberos allocated us a context
1498 before attempting to free it. Patch from Simon Wilkinson, tested by
1499 biorn@, ok djm@
1500 - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
1501 [sshconnect2.c]
1502 Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
1503 where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
1504 - djm@cvs.openbsd.org 2006/08/30 00:14:37
1505 [version.h]
1506 crank to 4.4
1507 - (djm) [openbsd-compat/xcrypt.c] needs unistd.h
1508 - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
1509 loginsuccess on AIX immediately after authentication to clear the failed
1510 login count. Previously this would only happen when an interactive
1511 session starts (ie when a pty is allocated) but this means that accounts
1512 that have primarily non-interactive sessions (eg scp's) may gradually
1513 accumulate enough failures to lock out an account. This change may have
1514 a side effect of creating two audit records, one with a tty of "ssh"
1515 corresponding to the authentication and one with the allocated pty per
1516 interactive session.
1517
151820060824
1519 - (dtucker) [openbsd-compat/basename.c] Include errno.h.
1520 - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
1521 older systems.
1522 - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
1523 on POSIX systems.
1524 - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2).
1525 - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc.
1526 - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
1527 unused variable warning when we have a broken or missing mmap(2).
1528
152920060822
1530 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
1531 Makefile. Patch from santhi.amirta at gmail, ok djm.
1532
153320060820
1534 - (dtucker) [log.c] Move ifdef to prevent unused variable warning.
1535 - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
1536 afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
1537 - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
1538 fixing bug #1181. No changes yet.
1539 - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
1540 (0.9.8a and presumably newer) requires -ldl to successfully link.
1541 - (dtucker) [configure.ac] Remove errant "-".
1542
154320060819
1544 - (djm) OpenBSD CVS Sync
1545 - djm@cvs.openbsd.org 2006/08/18 22:41:29
1546 [gss-genr.c]
1547 GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
1548 - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
1549 single rule for the test progs.
1550
155120060818
1552 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
1553 closefrom.c from sudo.
1554 - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid.
1555 - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error.
1556 - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
1557 test progs instead; they work better than what we have.
1558 - (djm) OpenBSD CVS Sync
1559 - stevesk@cvs.openbsd.org 2006/08/06 01:13:32
1560 [compress.c monitor.c monitor_wrap.c]
1561 "zlib.h" can be <zlib.h>; ok djm@ markus@
1562 - miod@cvs.openbsd.org 2006/08/12 20:46:46
1563 [monitor.c monitor_wrap.c]
1564 Revert previous include file ordering change, for ssh to compile under
1565 gcc2 (or until openssl include files are cleaned of parameter names
1566 in function prototypes)
1567 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
1568 [servconf.c servconf.h sshd_config.5]
1569 Add ability to match groups to Match keyword in sshd_config. Feedback
1570 djm@, stevesk@, ok stevesk@.
1571 - djm@cvs.openbsd.org 2006/08/16 11:47:15
1572 [sshd.c]
1573 factor inetd connection, TCP listen and main TCP accept loop out of
1574 main() into separate functions to improve readability; ok markus@
1575 - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
1576 [log.c log.h sshd.c]
1577 make signal handler termination path shorter; risky code pointed out by
1578 mark dowd; ok djm markus
1579 - markus@cvs.openbsd.org 2006/08/18 09:15:20
1580 [auth.h session.c sshd.c]
1581 delay authentication related cleanups until we're authenticated and
1582 all alarms have been cancelled; ok deraadt
1583 - djm@cvs.openbsd.org 2006/08/18 10:27:16
1584 [misc.h]
1585 reorder so prototypes are sorted by the files they refer to; no
1586 binary change
1587 - djm@cvs.openbsd.org 2006/08/18 13:54:54
1588 [gss-genr.c ssh-gss.h sshconnect2.c]
1589 bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
1590 ok markus@
1591 - djm@cvs.openbsd.org 2006/08/18 14:40:34
1592 [gss-genr.c ssh-gss.h]
1593 constify host argument to match the rest of the GSSAPI functions and
1594 unbreak compilation with -Werror
1595 - (djm) Disable sigdie() for platforms that cannot safely syslog inside
1596 a signal handler (basically all of them, excepting OpenBSD);
1597 ok dtucker@
1598
159920060817
1600 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
1601 Include stdlib.h for malloc and friends.
1602 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
1603 for closefrom() on AIX. Pointed out by William Ahern.
1604 - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
1605 test for closefrom() in compat code.
1606
160720060816
1608 - (djm) [audit-bsm.c] Sprinkle in some headers
1609
161020060815
1611 - (dtucker) [LICENCE] Add Reyk to the list for the compat dir.
1612
161320060806
1614 - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
1615 on Solaris 10
1616
161720060806
1618 - (dtucker) [defines.h] With the includes.h changes we no longer get the
1619 name clash on "YES" so we can remove the workaround for it.
1620 - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
1621 glob.c}] Include stdlib.h for malloc and friends in compat code.
1622
162320060805
1624 - (djm) OpenBSD CVS Sync
1625 - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
1626 [sshconnect.c]
1627 disable tunnel forwarding when no strict host key checking
1628 and key changed; ok djm@ markus@ dtucker@
1629 - stevesk@cvs.openbsd.org 2006/07/25 02:01:34
1630 [scard.c]
1631 need #include <string.h>
1632 - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
1633 [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
1634 [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
1635 move #include <sys/time.h> out of includes.h
1636 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
1637 [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
1638 [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
1639 [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
1640 [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
1641 [uidswap.c xmalloc.c]
1642 move #include <sys/param.h> out of includes.h
1643 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
1644 [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
1645 [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
1646 [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
1647 [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
1648 [sshconnect1.c sshd.c xmalloc.c]
1649 move #include <stdlib.h> out of includes.h
1650 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
1651 [ssh_config.5]
1652 avoid confusing wording in HashKnownHosts:
1653 originally spotted by alan amesbury;
1654 ok deraadt
1655 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
1656 [ssh_config.5]
1657 avoid confusing wording in HashKnownHosts:
1658 originally spotted by alan amesbury;
1659 ok deraadt
1660 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
1661 [sshconnect.c]
1662 Allow fallback to known_hosts entries without port qualifiers for
1663 non-standard ports too, so that all existing known_hosts entries will be
1664 recognised. Requested by, feedback and ok markus@
1665 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
1666 [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
1667 [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
1668 [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
1669 [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
1670 [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
1671 [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
1672 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
1673 [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
1674 [uuencode.h xmalloc.c]
1675 move #include <stdio.h> out of includes.h
1676 - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
1677 [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
1678 clean extra spaces
1679 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
1680 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
1681 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
1682 [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
1683 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
1684 [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
1685 [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
1686 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
1687 [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
1688 [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
1689 [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
1690 [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
1691 [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
1692 [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
1693 [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
1694 [serverloop.c session.c session.h sftp-client.c sftp-common.c]
1695 [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
1696 [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
1697 [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
1698 [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
1699 [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
1700 [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
1701 almost entirely get rid of the culture of ".h files that include .h files"
1702 ok djm, sort of ok stevesk
1703 makes the pain stop in one easy step
1704 NB. portable commit contains everything *except* removing includes.h, as
1705 that will take a fair bit more work as we move headers that are required
1706 for portability workarounds to defines.h. (also, this step wasn't "easy")
1707 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
1708 [monitor.c session.c ssh-agent.c]
1709 spaces
1710 - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c
1711 - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
1712 remove last traces of bufaux.h - it was merged into buffer.h in the big
1713 includes.h commit
1714 - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec
1715 - (djm) [openbsd-compat/regress/snprintftest.c]
1716 [openbsd-compat/regress/strduptest.c] Add missing includes so they pass
1717 compilation with "-Wall -Werror"
1718 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
1719 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
1720 includes for Linux in
1721 - (dtucker) [cleanup.c] Need defines.h for __dead.
1722 - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable.
1723 - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of
1724 #include stdarg.h, needed for log.h.
1725 - (dtucker) [entropy.c] Needs unistd.h too.
1726 - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h.
1727 - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc.
1728 - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
1729 otherwise it is implicitly declared as returning an int.
1730 - (dtucker) OpenBSD CVS Sync
1731 - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
1732 [auth2-none.c sshd.c monitor_wrap.c]
1733 Add headers required to build with KERBEROS5=no. ok djm@
1734 - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
1735 [auth-skey.c]
1736 Add headers required to build with -DSKEY. ok djm@
1737 - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
1738 [monitor_wrap.c auth-skey.c auth2-chall.c]
1739 Zap unused variables in -DSKEY code. ok djm@
1740 - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
1741 [packet.c]
1742 Typo in comment
1743 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
1744 on Cygwin.
1745 - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa.
1746 - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h.
1747 - (dtucker) [audit.c audit.h] Repair headers.
1748 - (dtucker) [audit-bsm.c] Add additional headers now required.
1749
175020060804
1751 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
1752 versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
1753 rather than just compiling it. Spotted by dlg@.
1754
175520060802
1756 - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
1757
175820060725
1759 - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
1760
176120060724
1762 - (djm) OpenBSD CVS Sync
1763 - jmc@cvs.openbsd.org 2006/07/12 13:39:55
1764 [sshd_config.5]
1765 - new sentence, new line
1766 - s/The the/The/
1767 - kill a bad comma
1768 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
1769 [auth-options.c canohost.c channels.c includes.h readconf.c]
1770 [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
1771 move #include <netdb.h> out of includes.h; ok djm@
1772 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
1773 [includes.h ssh.c ssh-rand-helper.c]
1774 move #include <stddef.h> out of includes.h
1775 - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
1776 [monitor_wrap.h]
1777 don't need incompletely-typed 'struct passwd' now with
1778 #include <pwd.h>; ok markus@
1779 - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
1780 [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
1781 [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
1782 [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
1783 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
1784 [sshconnect.c sshlogin.c sshpty.c uidswap.c]
1785 move #include <unistd.h> out of includes.h
1786 - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
1787 [auth-options.c]
1788 Use '\0' rather than 0 to terminates strings; ok djm@
1789 - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
1790 [channels.c channels.h servconf.c sshd_config.5]
1791 Add PermitOpen directive to sshd_config which is equivalent to the
1792 "permitopen" key option. Allows server admin to allow TCP port
1793 forwarding only two specific host/port pairs. Useful when combined
1794 with Match.
1795 If permitopen is used in both sshd_config and a key option, both
1796 must allow a given connection before it will be permitted.
1797 Note that users can still use external forwarders such as netcat,
1798 so to be those must be controlled too for the limits to be effective.
1799 Feedback & ok djm@, man page corrections & ok jmc@.
1800 - jmc@cvs.openbsd.org 2006/07/18 07:50:40
1801 [sshd_config.5]
1802 tweak; ok dtucker
1803 - jmc@cvs.openbsd.org 2006/07/18 07:56:28
1804 [scp.1]
1805 replace DIAGNOSTICS with .Ex;
1806 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
1807 [ssh-agent.1 sshd_config.5]
1808 mark up angle brackets;
1809 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
1810 [sshd_config.5]
1811 Clarify description of Match, with minor correction from jmc@
1812 - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
1813 [dh.c]
1814 remove unneeded includes; ok djm@
1815 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41
1816 [servconf.c sshd_config.5]
1817 Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
1818 Match. ok djm@
1819 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
1820 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
1821 Add ForceCommand keyword to sshd_config, equivalent to the "command="
1822 key option, man page entry and example in sshd_config.
1823 Feedback & ok djm@, man page corrections & ok jmc@
1824 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
1825 [auth1.c serverloop.c session.c sshconnect2.c]
1826 missed some needed #include <unistd.h> when KERBEROS5=no; issue from
1827 massimo@cedoc.mo.it
1828 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
1829 [channels.c channels.h servconf.c servconf.h sshd_config.5]
1830 Make PermitOpen take a list of permitted ports and act more like most
1831 other keywords (ie the first match is the effective setting). This
1832 also makes it easier to override a previously set PermitOpen. ok djm@
1833 - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
1834 [channels.c]
1835 more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
1836 - stevesk@cvs.openbsd.org 2006/07/21 21:26:55
1837 [progressmeter.c]
1838 ARGSUSED for signal handler
1839 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
1840 [includes.h moduli.c progressmeter.c scp.c sftp-common.c]
1841 [sftp-server.c ssh-agent.c sshlogin.c]
1842 move #include <time.h> out of includes.h
1843 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
1844 [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
1845 [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
1846 [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
1847 [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
1848 [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
1849 [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
1850 [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
1851 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
1852 [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
1853 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
1854 [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
1855 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
1856 [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
1857 move #include <string.h> out of includes.h
1858 - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
1859 [auth.h dispatch.c kex.h sftp-client.c]
1860 #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
1861 move
1862 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
1863 [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
1864 [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
1865 [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
1866 [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
1867 [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
1868 [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
1869 [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
1870 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
1871 [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
1872 make the portable tree compile again - sprinkle unistd.h and string.h
1873 back in. Don't redefine __unused, as it turned out to be used in
1874 headers on Linux, and replace its use in auth-pam.c with ARGSUSED
1875 - (djm) [openbsd-compat/glob.c]
1876 Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
1877 on OpenBSD (or other platforms with a decent glob implementation) with
1878 -Werror
1879 - (djm) [uuencode.c]
1880 Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
1881 some platforms
1882 - (djm) [session.c]
1883 fix compile error with -Werror -Wall: 'path' is only used in
1884 do_setup_env() if HAVE_LOGIN_CAP is not defined
1885 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
1886 [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
1887 [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
1888 [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
1889 [openbsd-compat/rresvport.c]
1890 These look to need string.h and/or unistd.h (based on a grep for function
1891 names)
1892 - (djm) [Makefile.in]
1893 Remove generated openbsd-compat/regress/Makefile in distclean target
1894 - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
1895 [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
1896 Sync regress tests to -current; include dtucker@'s new cfgmatch and
1897 forcecommand tests. Add cipher-speed.sh test (not linked in yet)
1898 - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
1899 system headers before defines.h will cause conflicting definitions.
1900 - (dtucker) [regress/forcecommand.sh] Portablize.
1901
190220060713
1903 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
1904
190520060712
1906 - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and
1907 O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old
1908 Linuxes and probably more.
1909 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
1910 for SHUT_RD.
1911 - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
1912 <netinet/ip.h>.
1913 - (dtucker) OpenBSD CVS Sync
1914 - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
1915 [sftp-glob.c sftp-common.h sftp.c]
1916 buffer.h only needed in sftp-common.h and remove some unneeded
1917 user includes; ok djm@
1918 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
1919 [sshd.8]
1920 s/and and/and/
1921 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
1922 [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
1923 auth.c packet.c log.c]
1924 move #include <stdarg.h> out of includes.h; ok markus@
1925 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
1926 [ssh.c]
1927 Only copy the part of environment variable that we actually use. Prevents
1928 ssh bailing when SendEnv is used and an environment variable with a really
1929 long value exists. ok djm@
1930 - markus@cvs.openbsd.org 2006/07/11 18:50:48
1931 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
1932 channels.h readconf.c]
1933 add ExitOnForwardFailure: terminate the connection if ssh(1)
1934 cannot set up all requested dynamic, local, and remote port
1935 forwardings. ok djm, dtucker, stevesk, jmc
1936 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
1937 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
1938 sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
1939 includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
1940 sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
1941 ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
1942 move #include <errno.h> out of includes.h; ok markus@
1943 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
1944 [ssh.c]
1945 cast asterisk field precision argument to int to remove warning;
1946 ok markus@
1947 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
1948 [authfile.c ssh.c]
1949 need <errno.h> here also (it's also included in <openssl/err.h>)
1950 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
1951 [sshd.c servconf.h servconf.c sshd_config.5 auth.c]
1952 Add support for conditional directives to sshd_config via a "Match"
1953 keyword, which works similarly to the "Host" directive in ssh_config.
1954 Lines after a Match line override the default set in the main section
1955 if the condition on the Match line is true, eg
1956 AllowTcpForwarding yes
1957 Match User anoncvs
1958 AllowTcpForwarding no
1959 will allow port forwarding by all users except "anoncvs".
1960 Currently only a very small subset of directives are supported.
1961 ok djm@
1962 - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
1963 openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
1964 openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
1965 - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
1966 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
1967 - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
1968 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
1969 openbsd-compat/rresvport.c] More errno.h.
1970
197120060711
1972 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
1973 openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
1974 include paths.h. Fixes build error on Solaris.
1975 - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
1976 others).
1977
197820060710
1979 - (dtucker) [INSTALL] New autoconf version: 2.60.
1980 - OpenBSD CVS Sync
1981 - djm@cvs.openbsd.org 2006/06/14 10:50:42
1982 [sshconnect.c]
1983 limit the number of pre-banner characters we will accept; ok markus@
1984 - djm@cvs.openbsd.org 2006/06/26 10:36:15
1985 [clientloop.c]
1986 mention optional bind_address in runtime port forwarding setup
1987 command-line help. patch from santhi.amirta AT gmail.com
1988 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
1989 [ssh.1 ssh.c ssh_config.5 sshd_config.5]
1990 more details and clarity for tun(4) device forwarding; ok and help
1991 jmc@
1992 - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
1993 [gss-serv-krb5.c gss-serv.c]
1994 no "servconf.h" needed here
1995 (gss-serv-krb5.c change not applied, portable needs the server options)
1996 - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
1997 [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
1998 move #include <grp.h> out of includes.h
1999 (portable needed uidswap.c too)
2000 - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
2001 [clientloop.c ssh.1]
2002 use -KR[bind_address:]port here; ok djm@
2003 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
2004 [includes.h ssh.c sshconnect.c sshd.c]
2005 move #include "version.h" out of includes.h; ok markus@
2006 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
2007 [channels.c includes.h]
2008 move #include <arpa/inet.h> out of includes.h; old ok djm@
2009 (portable needed session.c too)
2010 - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
2011 [canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
2012 [serverloop.c sshconnect.c uuencode.c]
2013 move #include <netinet/in.h> out of includes.h; ok deraadt@
2014 (also ssh-rand-helper.c logintest.c loginrec.c)
2015 - djm@cvs.openbsd.org 2006/07/06 10:47:05
2016 [servconf.c servconf.h session.c sshd_config.5]
2017 support arguments to Subsystem commands; ok markus@
2018 - djm@cvs.openbsd.org 2006/07/06 10:47:57
2019 [sftp-server.8 sftp-server.c]
2020 add commandline options to enable logging of transactions; ok markus@
2021 - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
2022 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
2023 [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
2024 [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
2025 [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
2026 [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
2027 [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
2028 [uidswap.h]
2029 move #include <pwd.h> out of includes.h; ok markus@
2030 - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
2031 [ssh-keygen.c]
2032 move #include "dns.h" up
2033 - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
2034 [monitor_wrap.h]
2035 typo in comment
2036 - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
2037 [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
2038 [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
2039 [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
2040 move #include <sys/socket.h> out of includes.h
2041 - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
2042 [monitor.c session.c]
2043 missed these from last commit:
2044 move #include <sys/socket.h> out of includes.h
2045 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
2046 [log.c]
2047 move user includes after /usr/include files
2048 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
2049 [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
2050 [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
2051 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2052 [sshlogin.c sshpty.c]
2053 move #include <fcntl.h> out of includes.h
2054 - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
2055 [ssh-add.c]
2056 use O_RDONLY vs. 0 in open(); no binary change
2057 - djm@cvs.openbsd.org 2006/07/10 11:24:54
2058 [sftp-server.c]
2059 remove optind - it isn't used here
2060 - djm@cvs.openbsd.org 2006/07/10 11:25:53
2061 [sftp-server.c]
2062 don't log variables that aren't yet set
2063 - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
2064 [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
2065 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
2066 [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2067 - OpenBSD CVS Sync
2068 - djm@cvs.openbsd.org 2006/07/10 12:03:20
2069 [scp.c]
2070 duplicate argv at the start of main() because it gets modified later;
2071 pointed out by deraadt@ ok markus@
2072 - djm@cvs.openbsd.org 2006/07/10 12:08:08
2073 [channels.c]
2074 fix misparsing of SOCKS 5 packets that could result in a crash;
2075 reported by mk@ ok markus@
2076 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
2077 [misc.c misc.h sshd.8 sshconnect.c]
2078 Add port identifier to known_hosts for non-default ports, based originally
2079 on a patch from Devin Nate in bz#910.
2080 For any connection using the default port or using a HostKeyAlias the
2081 format is unchanged, otherwise the host name or address is enclosed
2082 within square brackets in the same format as sshd's ListenAddress.
2083 Tested by many, ok markus@.
2084 - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
2085 for struct sockaddr on platforms that use the fake-rfc stuff.
2086
208720060706
2088 - (dtucker) [configure.ac] Try AIX blibpath test in different order when
2089 compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
2090 configure would not select the correct libpath linker flags.
2091 - (dtucker) [INSTALL] A bit more info on autoconf.
2092
209320060705
2094 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
2095 target already exists.
2096
209720060630
2098 - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
2099 declaration too. Patch from russ at sludge.net.
2100 - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
2101 prevents warnings on platforms where _res is in the system headers.
2102 - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
2103 version.
2104
210520060627
2106 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
2107 with autoconf 2.60. Patch from vapier at gentoo.org.
2108
210920060625
2110 - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
2111 only, otherwise sshd can hang exiting non-interactive sessions.
2112
211320060624
2114 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
2115 Works around limitation in Solaris' passwd program for changing passwords
2116 where the username is longer than 8 characters. ok djm@
2117 - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
2118 #1102 workaround.
2119
212020060623
2121 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
2122 tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
2123 from reyk@, tested by anil@
2124 - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
2125 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
2126 on the pty slave as zero-length reads on the pty master, which sshd
2127 interprets as the descriptor closing. Since most things don't do zero
2128 length writes this rarely matters, but occasionally it happens, and when
2129 it does the SSH pty session appears to hang, so we add a special case for
2130 this condition. ok djm@
2131
213220060613
2133 - (djm) [getput.h] This file has been replaced by functions in misc.c
2134 - OpenBSD CVS Sync
2135 - djm@cvs.openbsd.org 2006/05/08 10:49:48
2136 [sshconnect2.c]
2137 uint32_t -> u_int32_t (which we use everywhere else)
2138 (Id sync only - portable already had this)
2139 - markus@cvs.openbsd.org 2006/05/16 09:00:00
2140 [clientloop.c]
2141 missing free; from Kylene Hall
2142 - markus@cvs.openbsd.org 2006/05/17 12:43:34
2143 [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
2144 fix leak; coverity via Kylene Jo Hall
2145 - miod@cvs.openbsd.org 2006/05/18 21:27:25
2146 [kexdhc.c kexgexc.c]
2147 paramter -> parameter
2148 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
2149 [ssh_config.5]
2150 Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2151 - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
2152 [ssh_config]
2153 Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in
2154 sample ssh_config. ok markus@
2155 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
2156 [ssh_config.5]
2157 oops - previous was too long; split the list of auths up
2158 - mk@cvs.openbsd.org 2006/05/30 11:46:38
2159 [ssh-add.c]
2160 Sync usage() with man page and reality.
2161 ok deraadt dtucker
2162 - jmc@cvs.openbsd.org 2006/05/29 16:13:23
2163 [ssh.1]
2164 add GSSAPI to the list of authentication methods supported;
2165 - mk@cvs.openbsd.org 2006/05/30 11:46:38
2166 [ssh-add.c]
2167 Sync usage() with man page and reality.
2168 ok deraadt dtucker
2169 - markus@cvs.openbsd.org 2006/06/01 09:21:48
2170 [sshd.c]
2171 call get_remote_ipaddr() early; fixes logging after client disconnects;
2172 report mpf@; ok dtucker@
2173 - markus@cvs.openbsd.org 2006/06/06 10:20:20
2174 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
2175 replace remaining setuid() calls with permanently_set_uid() and
2176 check seteuid() return values; report Marcus Meissner; ok dtucker djm
2177 - markus@cvs.openbsd.org 2006/06/08 14:45:49
2178 [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
2179 do not set the gid, noted by solar; ok djm
2180 - djm@cvs.openbsd.org 2006/06/13 01:18:36
2181 [ssh-agent.c]
2182 always use a format string, even when printing a constant
2183 - djm@cvs.openbsd.org 2006/06/13 02:17:07
2184 [ssh-agent.c]
2185 revert; i am on drugs. spotted by alexander AT beard.se
2186
218720060521
2188 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
2189 and slave, we can remove the special-case handling in the audit hook in
2190 auth_log.
2191
219220060517
2193 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
2194 pointer leak. From kjhall at us.ibm.com, found by coverity.
2195
219620060515
2197 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
2198 _res, prevents problems on some platforms that have _res as a global but
2199 don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
2200 georg.schwarz at freenet.de, ok djm@.
2201 - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
2202 default. Patch originally from tim@, ok djm
2203 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
2204 do not allow kbdint again after the PAM account check fails. ok djm@
2205
220620060506
2207 - (dtucker) OpenBSD CVS Sync
2208 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
2209 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
2210 Prevent ssh from trying to open private keys with bad permissions more than
2211 once or prompting for their passphrases (which it subsequently ignores
2212 anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
2213 - djm@cvs.openbsd.org 2006/05/04 14:55:23
2214 [dh.c]
2215 tighter DH exponent checks here too; feedback and ok markus@
2216 - djm@cvs.openbsd.org 2006/04/01 05:37:46
2217 [OVERVIEW]
2218 $OpenBSD$ in here too
2219 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
2220 [auth-krb5.c]
2221 Add $OpenBSD$ in comment here too
2222
222320060504
2224 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
2225 session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
2226 openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
2227 in Portable-only code; since calloc zeros, remove now-redundant memsets.
2228 Also add a couple of sanity checks. With & ok djm@
2229
223020060503
2231 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
2232 and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
2233 "no objections" tim@
2234
223520060423
2236 - (djm) OpenBSD CVS Sync
2237 - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
2238 [scp.c]
2239 minimal lint cleanup (unused crud, and some size_t); ok djm
2240 - djm@cvs.openbsd.org 2006/04/01 05:50:29
2241 [scp.c]
2242 xasprintification; ok deraadt@
2243 - djm@cvs.openbsd.org 2006/04/01 05:51:34
2244 [atomicio.c]
2245 ANSIfy; requested deraadt@
2246 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
2247 [ssh-keysign.c]
2248 sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2249 - djm@cvs.openbsd.org 2006/04/03 07:10:38
2250 [gss-genr.c]
2251 GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
2252 by dleonard AT vintela.com. use xasprintf() to simplify code while in
2253 there; "looks right" deraadt@
2254 - djm@cvs.openbsd.org 2006/04/16 00:48:52
2255 [buffer.c buffer.h channels.c]
2256 Fix condition where we could exit with a fatal error when an input
2257 buffer became too large and the remote end had advertised a big window.
2258 The problem was a mismatch in the backoff math between the channels code
2259 and the buffer code, so make a buffer_check_alloc() function that the
2260 channels code can use to propsectivly check whether an incremental
2261 allocation will succeed. bz #1131, debugged with the assistance of
2262 cove AT wildpackets.com; ok dtucker@ deraadt@
2263 - djm@cvs.openbsd.org 2006/04/16 00:52:55
2264 [atomicio.c atomicio.h]
2265 introduce atomiciov() function that wraps readv/writev to retry
2266 interrupted transfers like atomicio() does for read/write;
2267 feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2268 - djm@cvs.openbsd.org 2006/04/16 00:54:10
2269 [sftp-client.c]
2270 avoid making a tiny 4-byte write to send the packet length of sftp
2271 commands, which would result in a separate tiny packet on the wire by
2272 using atomiciov(writev, ...) to write the length and the command in one
2273 pass; ok deraadt@
2274 - djm@cvs.openbsd.org 2006/04/16 07:59:00
2275 [atomicio.c]
2276 reorder sanity test so that it cannot dereference past the end of the
2277 iov array; well spotted canacar@!
2278 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
2279 [bufaux.c bufbn.c Makefile.in]
2280 Move Buffer bignum functions into their own file, bufbn.c. This means
2281 that sftp and sftp-server (which use the Buffer functions in bufaux.c
2282 but not the bignum ones) no longer need to be linked with libcrypto.
2283 ok markus@
2284 - djm@cvs.openbsd.org 2006/04/20 09:27:09
2285 [auth.h clientloop.c dispatch.c dispatch.h kex.h]
2286 replace the last non-sig_atomic_t flag used in a signal handler with a
2287 sig_atomic_t, unfortunately with some knock-on effects in other (non-
2288 signal) contexts in which it is used; ok markus@
2289 - markus@cvs.openbsd.org 2006/04/20 09:47:59
2290 [sshconnect.c]
2291 simplify; ok djm@
2292 - djm@cvs.openbsd.org 2006/04/20 21:53:44
2293 [includes.h session.c sftp.c]
2294 Switch from using pipes to socketpairs for communication between
2295 sftp/scp and ssh, and between sshd and its subprocesses. This saves
2296 a file descriptor per session and apparently makes userland ppp over
2297 ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
2298 decision on a per-platform basis)
2299 - djm@cvs.openbsd.org 2006/04/22 04:06:51
2300 [uidswap.c]
2301 use setres[ug]id() to permanently revoke privileges; ok deraadt@
2302 (ID Sync only - portable already uses setres[ug]id() whenever possible)
2303 - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
2304 [crc32.c]
2305 remove extra spaces
2306 - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
2307 sig_atomic_t
2308
230920060421
2310 - (djm) [Makefile.in configure.ac session.c sshpty.c]
2311 [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
2312 [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
2313 [openbsd-compat/port-linux.h] Add support for SELinux, setting
2314 the execution and TTY contexts. based on patch from Daniel Walsh,
2315 bz #880; ok dtucker@
2316
231720060418
2318 - (djm) [canohost.c] Reorder IP options check so that it isn't broken
2319 by mapped addresses; bz #1179 reported by markw wtech-llc.com;
2320 ok dtucker@
2321
232220060331
2323 - OpenBSD CVS Sync
2324 - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
2325 [xmalloc.c]
2326 we can do the size & nmemb check before the integer overflow check;
2327 evol
2328 - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
2329 [dh.c]
2330 use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
2331 - djm@cvs.openbsd.org 2006/03/27 23:15:46
2332 [sftp.c]
2333 always use a format string for addargs; spotted by mouring@
2334 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
2335 [README.tun ssh.c]
2336 spacing
2337 - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
2338 [channels.c]
2339 do not accept unreasonable X ports numbers; ok djm
2340 - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
2341 [ssh-agent.c]
2342 use strtonum() to parse the pid from the file, and range check it
2343 better; ok djm
2344 - djm@cvs.openbsd.org 2006/03/30 09:41:25
2345 [channels.c]
2346 ARGSUSED for dispatch table-driven functions
2347 - djm@cvs.openbsd.org 2006/03/30 09:58:16
2348 [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
2349 [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
2350 replace {GET,PUT}_XXBIT macros with functionally similar functions,
2351 silencing a heap of lint warnings. also allows them to use
2352 __bounded__ checking which can't be applied to macros; requested
2353 by and feedback from deraadt@
2354 - djm@cvs.openbsd.org 2006/03/30 10:41:25
2355 [ssh.c ssh_config.5]
2356 add percent escape chars to the IdentityFile option, bz #1159 based
2357 on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2358 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
2359 [ssh-keygen.c]
2360 Correctly handle truncated files while converting keys; ok djm@
2361 - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
2362 [auth.c monitor.c]
2363 Prevent duplicate log messages when privsep=yes; ok djm@
2364 - jmc@cvs.openbsd.org 2006/03/31 09:09:30
2365 [ssh_config.5]
2366 kill trailing whitespace;
2367 - djm@cvs.openbsd.org 2006/03/31 09:13:56
2368 [ssh_config.5]
2369 remote user escape is %r not %h; spotted by jmc@
2370
237120060326
2372 - OpenBSD CVS Sync
2373 - jakob@cvs.openbsd.org 2006/03/15 08:46:44
2374 [ssh-keygen.c]
2375 if no key file are given when printing the DNS host record, use the
2376 host key file(s) as default. ok djm@
2377 - biorn@cvs.openbsd.org 2006/03/16 10:31:45
2378 [scp.c]
2379 Try to display errormessage even if remout == -1
2380 ok djm@, markus@
2381 - djm@cvs.openbsd.org 2006/03/17 22:31:50
2382 [authfd.c]
2383 another unreachable found by lint
2384 - djm@cvs.openbsd.org 2006/03/17 22:31:11
2385 [authfd.c]
2386 unreachanble statement, found by lint
2387 - djm@cvs.openbsd.org 2006/03/19 02:22:32
2388 [serverloop.c]
2389 memory leaks detected by Coverity via elad AT netbsd.org;
2390 ok deraadt@ dtucker@
2391 - djm@cvs.openbsd.org 2006/03/19 02:22:56
2392 [sftp.c]
2393 more memory leaks detected by Coverity via elad AT netbsd.org;
2394 deraadt@ ok
2395 - djm@cvs.openbsd.org 2006/03/19 02:23:26
2396 [hostfile.c]
2397 FILE* leak detected by Coverity via elad AT netbsd.org;
2398 ok deraadt@
2399 - djm@cvs.openbsd.org 2006/03/19 02:24:05
2400 [dh.c readconf.c servconf.c]
2401 potential NULL pointer dereferences detected by Coverity
2402 via elad AT netbsd.org; ok deraadt@
2403 - djm@cvs.openbsd.org 2006/03/19 07:41:30
2404 [sshconnect2.c]
2405 memory leaks detected by Coverity via elad AT netbsd.org;
2406 deraadt@ ok
2407 - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
2408 [servconf.c]
2409 Correct strdelim null test; ok djm@
2410 - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
2411 [auth1.c authfd.c channels.c]
2412 spacing
2413 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
2414 [kex.c kex.h monitor.c myproposal.h session.c]
2415 spacing
2416 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
2417 [clientloop.c progressmeter.c serverloop.c sshd.c]
2418 ARGSUSED for signal handlers
2419 - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
2420 [ssh-keyscan.c]
2421 please lint
2422 - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
2423 [ssh.c]
2424 spacing
2425 - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
2426 [authfile.c]
2427 whoever thought that break after return was a good idea needs to
2428 get their head examimed
2429 - djm@cvs.openbsd.org 2006/03/20 04:09:44
2430 [monitor.c]
2431 memory leaks detected by Coverity via elad AT netbsd.org;
2432 deraadt@ ok
2433 that should be all of them now
2434 - djm@cvs.openbsd.org 2006/03/20 11:38:46
2435 [key.c]
2436 (really) last of the Coverity diffs: avoid possible NULL deref in
2437 key_free. via elad AT netbsd.org; markus@ ok
2438 - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
2439 [auth.c key.c misc.c packet.c ssh-add.c]
2440 in a switch (), break after return or goto is stupid
2441 - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
2442 [key.c]
2443 djm did a typo
2444 - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
2445 [ssh-rsa.c]
2446 in a switch (), break after return or goto is stupid
2447 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
2448 [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
2449 [ssh.c sshpty.c sshpty.h]
2450 sprinkle u_int throughout pty subsystem, ok markus
2451 - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
2452 [auth1.c auth2.c sshd.c]
2453 sprinkle some ARGSUSED for table driven functions (which sometimes
2454 must ignore their args)
2455 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
2456 [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
2457 [ssh-rsa.c ssh.c sshlogin.c]
2458 annoying spacing fixes getting in the way of real diffs
2459 - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
2460 [monitor.c]
2461 spacing
2462 - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
2463 [channels.c]
2464 x11_fake_data is only ever used as u_char *
2465 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
2466 [dns.c]
2467 cast xstrdup to propert u_char *
2468 - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
2469 [canohost.c match.c ssh.c sshconnect.c]
2470 be strict with tolower() casting
2471 - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
2472 [channels.c fatal.c kex.c packet.c serverloop.c]
2473 spacing
2474 - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
2475 [ttymodes.c]
2476 spacing
2477 - djm@cvs.openbsd.org 2006/03/25 00:05:41
2478 [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
2479 [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
2480 [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
2481 [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
2482 [xmalloc.c xmalloc.h]
2483 introduce xcalloc() and xasprintf() failure-checked allocations
2484 functions and use them throughout openssh
2485
2486 xcalloc is particularly important because malloc(nmemb * size) is a
2487 dangerous idiom (subject to integer overflow) and it is time for it
2488 to die
2489
2490 feedback and ok deraadt@
2491 - djm@cvs.openbsd.org 2006/03/25 01:13:23
2492 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
2493 [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
2494 [uidswap.c]
2495 change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
2496 to xrealloc(p, new_nmemb, new_itemsize).
2497
2498 realloc is particularly prone to integer overflows because it is
2499 almost always allocating "n * size" bytes, so this is a far safer
2500 API; ok deraadt@
2501 - djm@cvs.openbsd.org 2006/03/25 01:30:23
2502 [sftp.c]
2503 "abormally" is a perfectly cromulent word, but "abnormally" is better
2504 - djm@cvs.openbsd.org 2006/03/25 13:17:03
2505 [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
2506 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
2507 [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
2508 [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
2509 [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
2510 [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
2511 [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
2512 [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
2513 [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
2514 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
2515 [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
2516 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
2517 [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
2518 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
2519 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
2520 [uidswap.c uuencode.c xmalloc.c]
2521 Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
2522 Theo nuked - our scripts to sync -portable need them in the files
2523 - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
2524 [auth-rsa.c authfd.c packet.c]
2525 needed casts (always will be needed)
2526 - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
2527 [clientloop.c serverloop.c]
2528 spacing
2529 - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
2530 [sshlogin.c sshlogin.h]
2531 nicer size_t and time_t types
2532 - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
2533 [ssh-keygen.c]
2534 cast strtonum() result to right type
2535 - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
2536 [ssh-agent.c]
2537 mark two more signal handlers ARGSUSED
2538 - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
2539 [channels.c]
2540 use strtonum() instead of atoi() [limit X screens to 400, sorry]
2541 - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
2542 [bufaux.c channels.c packet.c]
2543 remove (char *) casts to a function that accepts void * for the arg
2544 - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
2545 [channels.c]
2546 delete cast not required
2547 - djm@cvs.openbsd.org 2006/03/25 22:22:43
2548 [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
2549 [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
2550 [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
2551 [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
2552 [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
2553 [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
2554 [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
2555 [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
2556 [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
2557 [ttymodes.h uidswap.h uuencode.h xmalloc.h]
2558 standardise spacing in $OpenBSD$ tags; requested by deraadt@
2559 - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
2560 [uuencode.c]
2561 typo
2562
256320060325
2564 - OpenBSD CVS Sync
2565 - djm@cvs.openbsd.org 2006/03/16 04:24:42
2566 [ssh.1]
2567 Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
2568 that OpenSSH supports
2569 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
2570 [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
2571 [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
2572 [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
2573 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
2574 [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
2575 [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
2576 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
2577 [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
2578 [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
2579 [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
2580 [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
2581 [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
2582 [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
2583 [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
2584 [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
2585 [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
2586 [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
2587 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
2588 [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
2589 [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
2590 [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
2591 [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
2592 [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
2593 RCSID() can die
2594 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
2595 [kex.h myproposal.h]
2596 spacing
2597 - djm@cvs.openbsd.org 2006/03/20 04:07:22
2598 [auth2-gss.c]
2599 GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
2600 reviewed by simon AT sxw.org.uk; deraadt@ ok
2601 - djm@cvs.openbsd.org 2006/03/20 04:07:49
2602 [gss-genr.c]
2603 more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
2604 reviewed by simon AT sxw.org.uk; deraadt@ ok
2605 - djm@cvs.openbsd.org 2006/03/20 04:08:18
2606 [gss-serv.c]
2607 last lot of GSSAPI related leaks detected by Coverity via
2608 elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
2609 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
2610 [monitor_wrap.h sshpty.h]
2611 sprinkle u_int throughout pty subsystem, ok markus
2612 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
2613 [session.h]
2614 annoying spacing fixes getting in the way of real diffs
2615 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
2616 [dns.c]
2617 cast xstrdup to propert u_char *
2618 - jakob@cvs.openbsd.org 2006/03/22 21:16:24
2619 [ssh.1]
2620 simplify SSHFP example; ok jmc@
2621 - djm@cvs.openbsd.org 2006/03/22 21:27:15
2622 [deattack.c deattack.h]
2623 remove IV support from the CRC attack detector, OpenSSH has never used
2624 it - it only applied to IDEA-CFB, which we don't support.
2625 prompted by NetBSD Coverity report via elad AT netbsd.org;
2626 feedback markus@ "nuke it" deraadt@
2627
262820060318
2629 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
2630 elad AT NetBSD.org
2631 - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
2632 a LLONG rather than a long. Fixes scp'ing of large files on platforms
2633 with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
2634
263520060316
2636 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
2637 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
2638 /usr/include/crypto. Hint from djm@.
2639 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
2640 Disable sha256 when openssl < 0.9.7. Patch from djm@.
2641 - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
2642 OpenSSL; ok tim
2643
264420060315
2645 - (djm) OpenBSD CVS Sync:
2646 - msf@cvs.openbsd.org 2006/02/06 15:54:07
2647 [ssh.1]
2648 - typo fix
2649 ok jmc@
2650 - jmc@cvs.openbsd.org 2006/02/06 21:44:47
2651 [ssh.1]
2652 make this a little less ambiguous...
2653 - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
2654 [auth-rhosts.c includes.h]
2655 move #include <netgroup.h> out of includes.h; ok markus@
2656 - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
2657 [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
2658 move #include <sys/queue.h> out of includes.h; ok markus@
2659 - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
2660 [channels.c clientloop.c clientloop.h includes.h packet.h]
2661 [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
2662 move #include <termios.h> out of includes.h; ok markus@
2663 - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
2664 [sshtty.c]
2665 "log.h" not needed
2666 - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
2667 [hostfile.c]
2668 "packet.h" not needed
2669 - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
2670 [deattack.c]
2671 duplicate #include
2672 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
2673 [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
2674 [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
2675 [sshd.c sshpty.c]
2676 move #include <paths.h> out of includes.h; ok markus@
2677 - stevesk@cvs.openbsd.org 2006/02/08 12:32:49
2678 [includes.h misc.c]
2679 move #include <netinet/tcp.h> out of includes.h; ok markus@
2680 - stevesk@cvs.openbsd.org 2006/02/08 13:15:44
2681 [gss-serv.c monitor.c]
2682 small KNF
2683 - stevesk@cvs.openbsd.org 2006/02/08 14:16:59
2684 [sshconnect.c]
2685 <openssl/bn.h> not needed
2686 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
2687 [includes.h ssh-agent.c ssh-keyscan.c ssh.c]
2688 move #include <sys/resource.h> out of includes.h; ok markus@
2689 - stevesk@cvs.openbsd.org 2006/02/08 14:38:18
2690 [includes.h packet.c]
2691 move #include <netinet/in_systm.h> and <netinet/ip.h> out of
2692 includes.h; ok markus@
2693 - stevesk@cvs.openbsd.org 2006/02/08 23:51:24
2694 [includes.h scp.c sftp-glob.c sftp-server.c]
2695 move #include <dirent.h> out of includes.h; ok markus@
2696 - stevesk@cvs.openbsd.org 2006/02/09 00:32:07
2697 [includes.h]
2698 #include <sys/endian.h> not needed; ok djm@
2699 NB. ID Sync only - we still need this (but it may move later)
2700 - jmc@cvs.openbsd.org 2006/02/09 10:10:47
2701 [sshd.8]
2702 - move some text into a CAVEATS section
2703 - merge the COMMAND EXECUTION... section into AUTHENTICATION
2704 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
2705 [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
2706 [ssh.c sshd.c sshpty.c]
2707 move #include <sys/ioctl.h> out of includes.h; ok markus@
2708 - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
2709 [includes.h monitor.c readpass.c scp.c serverloop.c session.c\7f]
2710 [sftp.c sshconnect.c sshconnect2.c sshd.c]
2711 move #include <sys/wait.h> out of includes.h; ok markus@
2712 - otto@cvs.openbsd.org 2006/02/11 19:31:18
2713 [atomicio.c]
2714 type correctness; from Ray Lai in PR 5011; ok millert@
2715 - djm@cvs.openbsd.org 2006/02/12 06:45:34
2716 [ssh.c ssh_config.5]
2717 add a %l expansion code to the ControlPath, which is filled in with the
2718 local hostname at runtime. Requested by henning@ to avoid some problems
2719 with /home on NFS; ok dtucker@
2720 - djm@cvs.openbsd.org 2006/02/12 10:44:18
2721 [readconf.c]
2722 raise error when the user specifies a RekeyLimit that is smaller than 16
2723 (the smallest of our cipher's blocksize) or big enough to cause integer
2724 wraparound; ok & feedback dtucker@
2725 - jmc@cvs.openbsd.org 2006/02/12 10:49:44
2726 [ssh_config.5]
2727 slight rewording; ok djm
2728 - jmc@cvs.openbsd.org 2006/02/12 10:52:41
2729 [sshd.8]
2730 rework the description of authorized_keys a little;
2731 - jmc@cvs.openbsd.org 2006/02/12 17:57:19
2732 [sshd.8]
2733 sort the list of options permissable w/ authorized_keys;
2734 ok djm dtucker
2735 - jmc@cvs.openbsd.org 2006/02/13 10:16:39
2736 [sshd.8]
2737 no need to subsection the authorized_keys examples - instead, convert
2738 this to look like an actual file. also use proto 2 keys, and use IETF
2739 example addresses;
2740 - jmc@cvs.openbsd.org 2006/02/13 10:21:25
2741 [sshd.8]
2742 small tweaks for the ssh_known_hosts section;
2743 - jmc@cvs.openbsd.org 2006/02/13 11:02:26
2744 [sshd.8]
2745 turn this into an example ssh_known_hosts file; ok djm
2746 - jmc@cvs.openbsd.org 2006/02/13 11:08:43
2747 [sshd.8]
2748 - avoid nasty line split
2749 - `*' does not need to be escaped
2750 - jmc@cvs.openbsd.org 2006/02/13 11:27:25
2751 [sshd.8]
2752 sort FILES and use a -compact list;
2753 - david@cvs.openbsd.org 2006/02/15 05:08:24
2754 [sftp-client.c]
2755 typo in comment; ok djm@
2756 - jmc@cvs.openbsd.org 2006/02/15 16:53:20
2757 [ssh.1]
2758 remove the IETF draft references and replace them with some updated RFCs;
2759 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
2760 [sshd.8]
2761 remove ietf draft references; RFC list now maintained in ssh.1;
2762 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
2763 [sshd.8]
2764 sync some of the FILES entries w/ ssh.1;
2765 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
2766 [sshd.8]
2767 move the sshrc stuff out of FILES, and into its own section:
2768 FILES is not a good place to document how stuff works;
2769 - jmc@cvs.openbsd.org 2006/02/19 20:02:17
2770 [sshd.8]
2771 sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
2772 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
2773 [sshd.8]
2774 grammar;
2775 - jmc@cvs.openbsd.org 2006/02/19 20:12:25
2776 [ssh_config.5]
2777 add some vertical space;
2778 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
2779 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
2780 move #include <sys/un.h> out of includes.h; ok djm@
2781 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
2782 [clientloop.c includes.h monitor.c progressmeter.c scp.c]
2783 [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
2784 move #include <signal.h> out of includes.h; ok markus@
2785 - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
2786 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
2787 [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
2788 [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
2789 [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
2790 [sshconnect2.c sshd.c sshpty.c]
2791 move #include <sys/stat.h> out of includes.h; ok markus@
2792 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
2793 [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
2794 [sshconnect.c]
2795 move #include <ctype.h> out of includes.h; ok djm@
2796 - jmc@cvs.openbsd.org 2006/02/24 10:25:14
2797 [ssh_config.5]
2798 add section on patterns;
2799 from dtucker + myself
2800 - jmc@cvs.openbsd.org 2006/02/24 10:33:54
2801 [sshd_config.5]
2802 signpost to PATTERNS;
2803 - jmc@cvs.openbsd.org 2006/02/24 10:37:07
2804 [ssh_config.5]
2805 tidy up the refs to PATTERNS;
2806 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
2807 [sshd.8]
2808 signpost to PATTERNS section;
2809 - jmc@cvs.openbsd.org 2006/02/24 20:22:16
2810 [ssh-keysign.8 ssh_config.5 sshd_config.5]
2811 some consistency fixes;
2812 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
2813 [ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2814 more consistency fixes;
2815 - jmc@cvs.openbsd.org 2006/02/24 23:20:07
2816 [ssh_config.5]
2817 some grammar/wording fixes;
2818 - jmc@cvs.openbsd.org 2006/02/24 23:43:57
2819 [sshd_config.5]
2820 some grammar/wording fixes;
2821 - jmc@cvs.openbsd.org 2006/02/24 23:51:17
2822 [sshd_config.5]
2823 oops - bits i missed;
2824 - jmc@cvs.openbsd.org 2006/02/25 12:26:17
2825 [ssh_config.5]
2826 document the possible values for KbdInteractiveDevices;
2827 help/ok dtucker
2828 - jmc@cvs.openbsd.org 2006/02/25 12:28:34
2829 [sshd_config.5]
2830 document the order in which allow/deny directives are processed;
2831 help/ok dtucker
2832 - jmc@cvs.openbsd.org 2006/02/26 17:17:18
2833 [ssh_config.5]
2834 move PATTERNS to the end of the main body; requested by dtucker
2835 - jmc@cvs.openbsd.org 2006/02/26 18:01:13
2836 [sshd_config.5]
2837 subsection is pointless here;
2838 - jmc@cvs.openbsd.org 2006/02/26 18:03:10
2839 [ssh_config.5]
2840 comma;
2841 - djm@cvs.openbsd.org 2006/02/28 01:10:21
2842 [session.c]
2843 fix logout recording when privilege separation is disabled, analysis and
2844 patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
2845 NB. ID sync only - patch already in portable
2846 - djm@cvs.openbsd.org 2006/03/04 04:12:58
2847 [serverloop.c]
2848 move a debug() outside of a signal handler; ok markus@ a little while back
2849 - djm@cvs.openbsd.org 2006/03/12 04:23:07
2850 [ssh.c]
2851 knf nit
2852 - djm@cvs.openbsd.org 2006/03/13 08:16:00
2853 [sshd.c]
2854 don't log that we are listening on a socket before the listen() call
2855 actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2856 - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
2857 [packet.c]
2858 Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
2859 poor performance and protocol stalls under some network conditions (mindrot
2860 bugs #556 and #981). Patch originally from markus@, ok djm@
2861 - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
2862 [ssh-keygen.c]
2863 Make ssh-keygen handle CR and CRLF line termination when converting IETF
2864 format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
2865 Pepper, ok djm@
2866 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
2867 [misc.c ssh_config.5 sshd_config.5]
2868 Allow config directives to contain whitespace by surrounding them by double
2869 quotes. mindrot #482, man page help from jmc@, ok djm@
2870 - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
2871 [authfile.c authfile.h ssh-add.c]
2872 Make ssh-add check file permissions before attempting to load private
2873 key files multiple times; it will fail anyway and this prevents confusing
2874 multiple prompts and warnings. mindrot #1138, ok djm@
2875 - djm@cvs.openbsd.org 2006/03/14 00:15:39
2876 [canohost.c]
2877 log the originating address and not just the name when a reverse
2878 mapping check fails, requested by linux AT linuon.com
2879 - markus@cvs.openbsd.org 2006/03/14 16:32:48
2880 [ssh_config.5 sshd_config.5]
2881 *AliveCountMax applies to protcol v2 only; ok dtucker, djm
2882 - djm@cvs.openbsd.org 2006/03/07 09:07:40
2883 [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
2884 Implement the diffie-hellman-group-exchange-sha256 key exchange method
2885 using the SHA256 code in libc (and wrapper to make it into an OpenSSL
2886 EVP), interop tested against CVS PuTTY
2887 NB. no portability bits committed yet
2888 - (djm) [configure.ac defines.h kex.c md-sha256.c]
2889 [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
2890 [openbsd-compat/sha2.c] First stab at portability glue for SHA256
2891 KEX support, should work with libc SHA256 support or OpenSSL
2892 EVP_sha256 if present
2893 - (djm) [includes.h] Restore accidentally dropped netinet/in.h
2894 - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
2895 - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
2896 - (djm) [regress/.cvsignore] Ignore Makefile here
2897 - (djm) [loginrec.c] Need stat.h
2898 - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
2899 system sha2.h
2900 - (djm) [ssh-rand-helper.c] Needs a bunch of headers
2901 - (djm) [ssh-agent.c] Restore dropped stat.h
2902 - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
2903 SHA384, which we don't need and doesn't compile without tweaks
2904 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
2905 [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
2906 [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
2907 [openbsd-compat/glob.c openbsd-compat/mktemp.c]
2908 [openbsd-compat/readpassphrase.c] Lots of include fixes for
2909 OpenSolaris
2910 - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
2911 - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
2912 includes removed from includes.h
2913 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
2914 - (djm) [includes.h] Put back paths.h, it is needed in defines.h
2915 - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
2916 sys/ioctl.h for struct winsize.
2917 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
2918
291920060313
2920 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
2921 since not all platforms support it. Instead, use internal equivalent while
2922 computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
2923 as it's no longer required. Tested by Bernhard Simon, ok djm@
2924
292520060304
2926 - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
2927 file rather than directory, required as Cygwin will be importing lastlog(1).
2928 Also tightens up permissions on the file. Patch from vinschen@redhat.com.
2929 - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h
2930 includes. Patch from gentoo.riverrat at gmail.com.
2931
293220060226
2933 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY
2934 patch from kraai at ftbfs.org.
2935
293620060223
2937 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
2938 reality. Pointed out by tryponraj at gmail.com.
2939
294020060222
2941 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
2942 compile in compat code if required.
2943
294420060221
2945 - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
2946 redefinition of SSLeay_add_all_algorithms.
2947
294820060220
2949 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
2950 Add optional enabling of OpenSSL's (hardware) Engine support, via
2951 configure --with-ssl-engine. Based in part on a diff by michal at
2952 logix.cz.
2953
295420060219
2955 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
2956 Add first attempt at regress tests for compat library. ok djm@
2957
295820060214
2959 - (tim) [buildpkg.sh.in] Make the names consistent.
2960 s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
2961
296220060212
2963 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
2964 to silence compiler warning, from vinschen at redhat.com.
2965 - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX.
2966 - (dtucker) [README version.h contrib/caldera/openssh.spec
2967 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
2968 strings to match 4.3p2 release.
f2f068fa 2969
297020060208
2971 - (tim) [session.c] Logout records were not updated on systems with
2972 post auth privsep disabled due to bug 1086 changes. Analysis and patch
2973 by vinschen at redhat.com. OK tim@, dtucker@.
2974 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
9108f8d9 2975 -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@
f2f068fa 2976
297720060206
2978 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
2979 netinet/in_systm.h. OK dtucker@.
2980
298120060205
2982 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
2983 for Solaris. OK dtucker@.
2984 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
2985 kraai at ftbfs.org.
2986
298720060203
2988 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
2989 AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
2990 by a platform specific check, builtin standard includes tests will be
2991 skipped on the other platforms.
2992 Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
2993 OK tim@, djm@.
2994
299520060202
2996 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
2997 works with picky compilers. Patch from alex.kiernan at thus.net.
2998
2c06c99b 299920060201
3000 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
3001 determine the user's login name - needed for regress tests on Solaris
3002 10 and OpenSolaris
3003 - (djm) OpenBSD CVS Sync
3004 - jmc@cvs.openbsd.org 2006/02/01 09:06:50
3005 [sshd.8]
3006 - merge sections on protocols 1 and 2 into a single section
3007 - remove configuration file section
3008 ok markus
3009 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
3010 [sshd.8]
3011 small tweak;
3012 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3013 [contrib/suse/openssh.spec] Update versions ahead of release
3014 - markus@cvs.openbsd.org 2006/02/01 11:27:22
3015 [version.h]
3016 openssh 4.3
3017 - (djm) Release OpenSSH 4.3p1
3018
301920060131
3020 - (djm) OpenBSD CVS Sync
3021 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
3022 [ssh_config.5]
3023 - word change, agreed w/ markus
3024 - consistency fixes
3025 - jmc@cvs.openbsd.org 2006/01/25 09:04:34
3026 [sshd.8]
3027 move the options description up the page, and a few additional tweaks
3028 whilst in here;
3029 ok markus
3030 - jmc@cvs.openbsd.org 2006/01/25 09:07:22
3031 [sshd.8]
3032 move subsections to full sections;
3033 - jmc@cvs.openbsd.org 2006/01/26 08:47:56
3034 [ssh.1]
3035 add a section on verifying host keys in dns;
3036 written with a lot of help from jakob;
3037 feedback dtucker/markus;
3038 ok markus
3039 - reyk@cvs.openbsd.org 2006/01/30 12:22:22
3040 [channels.c]
3041 mark channel as write failed or dead instead of read failed on error
3042 of the channel output filter.
3043 ok markus@
3044 - jmc@cvs.openbsd.org 2006/01/30 13:37:49
3045 [ssh.1]
3046 remove an incorrect sentence;
3047 reported by roumen petrov;
3048 ok djm markus
3049 - djm@cvs.openbsd.org 2006/01/31 10:19:02
3050 [misc.c misc.h scp.c sftp.c]
3051 fix local arbitrary command execution vulnerability on local/local and
3052 remote/remote copies (CVE-2006-0225, bz #1094), patch by
3053 t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
3054 - djm@cvs.openbsd.org 2006/01/31 10:35:43
3055 [scp.c]
3056 "scp a b c" shouldn't clobber "c" when it is not a directory, report and
3057 fix from biorn@; ok markus@
3058 - (djm) Sync regress tests to OpenBSD:
3059 - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
3060 [regress/forwarding.sh]
3061 Regress test for ClearAllForwardings (bz #994); ok markus@
3062 - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
3063 [regress/multiplex.sh]
3064 Don't call cleanup in multiplex as test-exec will cleanup anyway
3065 found by tim@, ok djm@
3066 NB. ID sync only, we already had this
3067 - djm@cvs.openbsd.org 2005/05/20 23:14:15
3068 [regress/test-exec.sh]
3069 force addressfamily=inet for tests, unbreaking dynamic-forward regress for
3070 recently committed nc SOCKS5 changes
3071 - djm@cvs.openbsd.org 2005/05/24 04:10:54
3072 [regress/try-ciphers.sh]
3073 oops, new arcfour modes here too
3074 - markus@cvs.openbsd.org 2005/06/30 11:02:37
3075 [regress/scp.sh]
3076 allow SUDO=sudo; from Alexander Bluhm
3077 - grunk@cvs.openbsd.org 2005/11/14 21:25:56
3078 [regress/agent-getpeereid.sh]
3079 all other scripts in this dir use $SUDO, not 'sudo', so pull this even
3080 ok markus@
3081 - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
3082 [regress/scp-ssh-wrapper.sh]
3083 Fix assumption about how many args scp will pass; ok djm@
3084 NB. ID sync only, we already had this
3085 - djm@cvs.openbsd.org 2006/01/27 06:49:21
3086 [scp.sh]
3087 regress test for local to local scp copies; ok dtucker@
3088 - djm@cvs.openbsd.org 2006/01/31 10:23:23
3089 [scp.sh]
3090 regression test for CVE-2006-0225 written by dtucker@
3091 - djm@cvs.openbsd.org 2006/01/31 10:36:33
3092 [scp.sh]
3093 regress test for "scp a b c" where "c" is not a directory
3094
309520060129
3096 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
3097 opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
3098
309920060120
3100 - (dtucker) OpenBSD CVS Sync
3101 - jmc@cvs.openbsd.org 2006/01/15 17:37:05
3102 [ssh.1]
3103 correction from deraadt
3104 - jmc@cvs.openbsd.org 2006/01/18 10:53:29
3105 [ssh.1]
3106 add a section on ssh-based vpn, based on reyk's README.tun;
3107 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
3108 [scp.1 ssh.1 ssh_config.5 sftp.1]
3109 Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
3110 #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
3111
311220060114
3113 - (djm) OpenBSD CVS Sync
3114 - jmc@cvs.openbsd.org 2006/01/06 13:27:32
3115 [ssh.1]
3116 weed out some duplicate info in the known_hosts FILES entries;
3117 ok djm
3118 - jmc@cvs.openbsd.org 2006/01/06 13:29:10
3119 [ssh.1]
3120 final round of whacking FILES for duplicate info, and some consistency
3121 fixes;
3122 ok djm
3123 - jmc@cvs.openbsd.org 2006/01/12 14:44:12
3124 [ssh.1]
3125 split sections on tcp and x11 forwarding into two sections.
3126 add an example in the tcp section, based on sth i wrote for ssh faq;
3127 help + ok: djm markus dtucker
3128 - jmc@cvs.openbsd.org 2006/01/12 18:48:48
3129 [ssh.1]
3130 refer to `TCP' rather than `TCP/IP' in the context of connection
3131 forwarding;
3132 ok markus
3133 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
3134 [sshd.8]
3135 refer to TCP forwarding, rather than TCP/IP forwarding;
3136 - jmc@cvs.openbsd.org 2006/01/12 22:26:02
3137 [ssh_config.5]
3138 refer to TCP forwarding, rather than TCP/IP forwarding;
3139 - jmc@cvs.openbsd.org 2006/01/12 22:34:12
3140 [ssh.1]
3141 back out a sentence - AUTHENTICATION already documents this;
3142
314320060109
3144 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
3145 tcpip service so it's always started after IP is up. Patch from
3146 vinschen at redhat.com.
3147
314820060106
3149 - (djm) OpenBSD CVS Sync
3150 - jmc@cvs.openbsd.org 2006/01/03 16:31:10
3151 [ssh.1]
3152 move FILES to a -compact list, and make each files an item in that list.
3153 this avoids nastly line wrap when we have long pathnames, and treats
3154 each file as a separate item;
3155 remove the .Pa too, since it is useless.
3156 - jmc@cvs.openbsd.org 2006/01/03 16:35:30
3157 [ssh.1]
3158 use a larger width for the ENVIRONMENT list;
3159 - jmc@cvs.openbsd.org 2006/01/03 16:52:36
3160 [ssh.1]
3161 put FILES in some sort of order: sort by pathname
3162 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
3163 [ssh.1]
3164 tweak the description of ~/.ssh/environment
3165 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
3166 [ssh.1]
3167 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
3168 entries;
3169 ok markus
3170 - jmc@cvs.openbsd.org 2006/01/04 18:45:01
3171 [ssh.1]
3172 remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
3173 - jmc@cvs.openbsd.org 2006/01/04 19:40:24
3174 [ssh.1]
3175 +.Xr ssh-keyscan 1 ,
3176 - jmc@cvs.openbsd.org 2006/01/04 19:50:09
3177 [ssh.1]
3178 -.Xr gzip 1 ,
3179 - djm@cvs.openbsd.org 2006/01/05 23:43:53
3180 [misc.c]
3181 check that stdio file descriptors are actually closed before clobbering
3182 them in sanitise_stdfd(). problems occurred when a lower numbered fd was
3183 closed, but higher ones weren't. spotted by, and patch tested by
3184 Frédéric Olivié
3185
318620060103
3187 - (djm) [channels.c] clean up harmless merge error, from reyk@
3188
318920060103
3190 - (djm) OpenBSD CVS Sync
3191 - jmc@cvs.openbsd.org 2006/01/02 17:09:49
3192 [ssh_config.5 sshd_config.5]
3193 some corrections from michael knudsen;
3194
319520060102
3196 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
3197 - (djm) OpenBSD CVS Sync
3198 - jmc@cvs.openbsd.org 2005/12/31 10:46:17
3199 [ssh.1]
3200 merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
3201 AUTHENTICATION" sections into "AUTHENTICATION";
3202 some rewording done to make the text read better, plus some
3203 improvements from djm;
3204 ok djm
3205 - jmc@cvs.openbsd.org 2005/12/31 13:44:04
3206 [ssh.1]
3207 clean up ENVIRONMENT a little;
3208 - jmc@cvs.openbsd.org 2005/12/31 13:45:19
3209 [ssh.1]
3210 .Nm does not require an argument;
3211 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
3212 [includes.h misc.c]
3213 move <net/if.h>; ok djm@
3214 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
3215 [misc.c]
3216 no trailing "\n" for debug()
3217 - djm@cvs.openbsd.org 2006/01/02 01:20:31
3218 [sftp-client.c sftp-common.h sftp-server.c]
3219 use a common max. packet length, no binary change
3220 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
3221 [misc.c]
3222 clarify tun(4) opening - set the mode and bring the interface up. also
3223 (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
3224 suggested and ok by djm@
3225 - jmc@cvs.openbsd.org 2006/01/02 12:31:06
3226 [ssh.1]
3227 start to cut some duplicate info from FILES;
3228 help/ok djm
3229
323020060101
3231 - (djm) [Makefile.in configure.ac includes.h misc.c]
3232 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
3233 for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
3234 limited to IPv4 tunnels only, and most versions don't support the
3235 tap(4) device at all.
3236 - (djm) [configure.ac] Fix linux/if_tun.h test
3237 - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
3238
323920051229
3240 - (djm) OpenBSD CVS Sync
3241 - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
3242 [canohost.c channels.c clientloop.c]
3243 use 'break-in' for consistency; ok deraadt@ ok and input jmc@
3244 - reyk@cvs.openbsd.org 2005/12/30 15:56:37
3245 [channels.c channels.h clientloop.c]
3246 add channel output filter interface.
3247 ok djm@, suggested by markus@
3248 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
3249 [sftp.1]
3250 do not suggest that interactive authentication will work
3251 with the -b flag;
3252 based on a diff from john l. scarfone;
3253 ok djm
3254 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
3255 [ssh.1]
3256 document -MM; ok djm@
3257 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
3258 [serverloop.c ssh.c openbsd-compat/Makefile.in]
3259 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
3260 compatability support for Linux, diff from reyk@
3261 - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
3262 not exist
3263 - (djm) [configure.ac] oops, make that linux/if_tun.h
3264
326520051229
3266 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
3267
326820051224
3269 - (djm) OpenBSD CVS Sync
3270 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
3271 [ssh.1]
3272 merge the sections on protocols 1 and 2 into one section on
3273 authentication;
3274 feedback djm dtucker
3275 ok deraadt markus dtucker
3276 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
3277 [ssh.1]
3278 .Ss -> .Sh: subsections have not made this page more readable
3279 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
3280 [ssh.1]
3281 move info on ssh return values and config files up into the main
3282 description;
3283 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
3284 [ssh.1]
3285 -L and -R descriptions are now above, not below, ~C description;
3286 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
3287 [ssh.1]
3288 options now described `above', rather than `later';
3289 - jmc@cvs.openbsd.org 2005/12/21 12:53:31
3290 [ssh.1]
3291 -Y does X11 forwarding too;
3292 ok markus
3293 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
3294 [sshd.8]
3295 clarify precedence of -p, Port, ListenAddress; ok and help jmc@
3296 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
3297 [ssh_config.5]
3298 put the description of "UsePrivilegedPort" in the correct place;
3299 - jmc@cvs.openbsd.org 2005/12/22 11:23:42
3300 [ssh.1]
3301 expand the description of -w somewhat;
3302 help/ok reyk
3303 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
3304 [ssh.1]
3305 - sync the description of -e w/ synopsis
3306 - simplify the description of -I
3307 - note that -I is only available if support compiled in, and that it
3308 isn't by default
3309 feedback/ok djm@
3310 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
3311 [ssh.1]
3312 less mark up for -c;
3313 - djm@cvs.openbsd.org 2005/12/24 02:27:41
3314 [session.c sshd.c]
3315 eliminate some code duplicated in privsep and non-privsep paths, and
3316 explicitly clear SIGALRM handler; "groovy" deraadt@
3317
331820051220
3319 - (dtucker) OpenBSD CVS Sync
3320 - reyk@cvs.openbsd.org 2005/12/13 15:03:02
3321 [serverloop.c]
3322 if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
3323 - jmc@cvs.openbsd.org 2005/12/16 18:07:08
3324 [ssh.1]
3325 move the option descriptions up the page: start of a restructure;
3326 ok markus deraadt
3327 - jmc@cvs.openbsd.org 2005/12/16 18:08:53
3328 [ssh.1]
3329 simplify a sentence;
3330 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
3331 [ssh.1]
3332 make the description of -c a little nicer;
3333 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
3334 [ssh.1]
3335 signpost the protocol sections;
3336 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
3337 [ssh_config.5 session.c]
3338 spelling: fowarding, fowarded
3339 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
3340 [ssh_config.5]
3341 spelling: intented -> intended
3342 - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
3343 [ssh.c]
3344 exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
3345
334620051219
3347 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
3348 openbsd-compat/openssl-compat.h] Check for and work around broken AES
3349 ciphers >128bit on (some) Solaris 10 systems. ok djm@
3350
335120051217
3352 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
3353 scp.c also uses, so undef them here.
3354 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
3355 snprintf replacement can have a conflicting declaration in HP-UX's system
3356 headers (const vs. no const) so we now check for and work around it. Patch
3357 from the dynamic duo of David Leonard and Ted Percival.
3358
335920051214
3360 - (dtucker) OpenBSD CVS Sync (regress/)
3361 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
3362 [regress/scp-ssh-wrapper.sh]
3363 Fix assumption about how many args scp will pass; ok djm@
3364
336520051213
3366 - (djm) OpenBSD CVS Sync
3367 - jmc@cvs.openbsd.org 2005/11/30 11:18:27
3368 [ssh.1]
3369 timezone -> time zone
3370 - jmc@cvs.openbsd.org 2005/11/30 11:45:20
3371 [ssh.1]
3372 avoid ambiguities in describing TZ;
3373 ok djm@
3374 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
3375 [auth-options.c auth-options.h channels.c channels.h clientloop.c]
3376 [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
3377 [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
3378 [sshconnect.h sshd.8 sshd_config sshd_config.5]
3379 Add support for tun(4) forwarding over OpenSSH, based on an idea and
3380 initial channel code bits by markus@. This is a simple and easy way to
3381 use OpenSSH for ad hoc virtual private network connections, e.g.
3382 administrative tunnels or secure wireless access. It's based on a new
3383 ssh channel and works similar to the existing TCP forwarding support,
3384 except that it depends on the tun(4) network interface on both ends of
3385 the connection for layer 2 or layer 3 tunneling. This diff also adds
3386 support for LocalCommand in the ssh(1) client.
3387 ok djm@, markus@, jmc@ (manpages), tested and discussed with others
3388 - djm@cvs.openbsd.org 2005/12/07 03:52:22
3389 [clientloop.c]
3390 reyk forgot to compile with -Werror (missing header)
3391 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
3392 [ssh.1]
3393 - avoid line split in SYNOPSIS
3394 - add args to -w
3395 - kill trailing whitespace
3396 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
3397 [ssh.1 ssh_config.5]
3398 make `!command' a little clearer;
3399 ok reyk
3400 - jmc@cvs.openbsd.org 2005/12/08 15:06:29
3401 [ssh_config.5]
3402 keep options in order;
3403 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
3404 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
3405 [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
3406 two changes to the new ssh tunnel support. this breaks compatibility
3407 with the initial commit but is required for a portable approach.
3408 - make the tunnel id u_int and platform friendly, use predefined types.
3409 - support configuration of layer 2 (ethernet) or layer 3
3410 (point-to-point, default) modes. configuration is done using the
3411 Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
3412 restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
3413 in sshd_config(5).
3414 ok djm@, man page bits by jmc@
3415 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
3416 [ssh_config.5]
3417 new sentence, new line;
3418 - markus@cvs.openbsd.org 2005/12/12 13:46:18
3419 [channels.c channels.h session.c]
3420 make sure protocol messages for internal channels are ignored.
3421 allow adjust messages for non-open channels; with and ok djm@
3422 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
3423 again by providing a sys_tun_open() function for your platform and
3424 setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
3425 OpenBSD's tunnel protocol, which prepends the address family to the
3426 packet
3427
342820051201
3429 - (djm) [envpass.sh] Remove regress script that was accidentally committed
3430 in top level directory and not noticed for over a year :)
3431
343220051129
3433 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
3434 bits == 0.
3435 - (dtucker) OpenBSD CVS Sync
3436 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
3437 [ssh-keygen.c]
3438 Populate default key sizes before checking them; from & ok tim@
3439 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
3440 for UnixWare.
3441
344220051128
3443 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
3444 versions of GNU head. Based on patch from zappaman at buraphalinux.org
3445 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
3446 _GNU_SOURCE instead. Patch from t8m at centrum.cz.
3447 - (dtucker) OpenBSD CVS Sync
3448 - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
3449 [ssh-keygen.1 ssh-keygen.c]
3450 Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
3451 increase minumum RSA key size to 768 bits and update man page to reflect
3452 these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
3453 ok djm@, grudging ok deraadt@.
3454 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
3455 [ssh-agent.1]
3456 Update agent socket path templates to reflect reality, correct xref for
3457 time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
3458
345920051126
3460 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
3461 when they're available) need the real UID set otherwise pam_chauthtok will
3462 set ADMCHG after changing the password, forcing the user to change it
3463 again immediately.
3464
346520051125
3466 - (dtucker) [configure.ac] Apply tim's fix for older systems where the
3467 resolver state in resolv.h is "state" not "__res_state". With slight
3468 modification by me to also work on old AIXes. ok djm@
3469 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
3470 snprintf formats, fixes warnings on some 64 bit platforms. Patch from
3471 shaw at vranix.com, ok djm@
3472
347320051124
3474 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
3475 openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
3476 asprintf() implementation, after syncing our {v,}snprintf() implementation
3477 with some extra fixes from Samba's version. With help and debugging from
3478 dtucker and tim; ok dtucker@
3479 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
3480 order in Reliant Unix block. Patch from johane at lysator.liu.se.
3481 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
3482 many and use them only once. Speeds up testing on older/slower hardware.
3483
348420051122
3485 - (dtucker) OpenBSD CVS Sync
3486 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
3487 [ssh-add.c]
3488 space
3489 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
3490 [scp.c]
3491 avoid close(-1), as in rcp; ok cloder
3492 - millert@cvs.openbsd.org 2005/11/15 11:59:54
3493 [includes.h]
3494 Include sys/queue.h explicitly instead of assuming some other header
3495 will pull it in. At the moment it gets pulled in by sys/select.h
3496 (which ssh has no business including) via event.h. OK markus@
3497 (ID sync only in -portable)
3498 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
3499 [auth-krb5.c]
3500 Perform Kerberos calls even for invalid users to prevent leaking
3501 information about account validity. bz #975, patch originally from
3502 Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
3503 ok markus@
3504 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
3505 [hostfile.c]
3506 Correct format/arguments to debug call; spotted by shaw at vranix.com
3507 ok djm@
3508 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
3509 from shaw at vranix.com.
3510
351120051120
3512 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
3513 is going on.
3514
351520051112
3516 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
3517 ifdef lost during sync. Spotted by tim@.
3518 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
3519 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
3520 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
3521 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
3522 test: if sshd takes too long to reconfigure the subsequent connection will
3523 fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
3524
352520051110
3526 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
3527 OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
3528 "register").
3529 - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
3530 unnecessary prototype.
3531 - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
3532 revs 1.7 - 1.9.
3533 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
3534 Patch from djm@.
3535 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
3536 since they're not useful right now. Patch from djm@.
3537 - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
3538 prototypes, removal of "register").
3539 - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
3540 of "register").
3541 - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
3542 after the copyright notices. Having them at the top next to the CVSIDs
3543 guarantees a conflict for each and every sync.
3544 - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
3545 - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
3546 - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
3547 Removal of rcsid, "whiteout" inode type.
3548 - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
3549 Removal of rcsid, will no longer strlcpy parts of the string.
3550 - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
3551 - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
3552 - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
3553 - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
3554 - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
3555 - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
3556 - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
3557 - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
3558 with OpenBSD code since we don't support platforms without fstat any more.
3559 - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
3560 - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
3561 - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
3562 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
3563 - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
3564 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
3565 - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
3566 - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
3567 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
3568 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
3569 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
3570 Id and copyright sync only, there were no substantial changes we need.
3571 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
3572 -Wsign-compare fixes from djm.
3573 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
3574 Id and copyright sync only, there were no substantial changes we need.
3575 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
3576 doesn't change between versions, and use a safer default.
3577
357820051105
3579 - (djm) OpenBSD CVS Sync
3580 - markus@cvs.openbsd.org 2005/10/07 11:13:57
3581 [ssh-keygen.c]
3582 change DSA default back to 1024, as it's defined for 1024 bits only
3583 and this causes interop problems with other clients. moreover,
3584 in order to improve the security of DSA you need to change more
3585 components of DSA key generation (e.g. the internal SHA1 hash);
3586 ok deraadt
3587 - djm@cvs.openbsd.org 2005/10/10 10:23:08
3588 [channels.c channels.h clientloop.c serverloop.c session.c]
3589 fix regression I introduced in 4.2: X11 forwardings initiated after
3590 a session has exited (e.g. "(sleep 5; xterm) &") would not start.
3591 bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
3592 - djm@cvs.openbsd.org 2005/10/11 23:37:37
3593 [channels.c]
3594 bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
3595 bind() failure when a previous connection's listeners are in TIME_WAIT,
3596 reported by plattner AT inf.ethz.ch; ok dtucker@
3597 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
3598 [auth2-gss.c gss-genr.c gss-serv.c]
3599 remove unneeded #includes; ok markus@
3600 - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
3601 [gss-serv.c]
3602 spelling in comments
3603 - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
3604 [gss-serv-krb5.c gss-serv.c]
3605 unused declarations; ok deraadt@
3606 (id sync only for gss-serv-krb5.c)
3607 - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
3608 [dns.c]
3609 unneeded #include, unused declaration, little knf; ok deraadt@
3610 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
3611 [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
3612 KNF; ok djm@
3613 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
3614 [ssh-keygen.c ssh.c sshconnect2.c]
3615 no trailing "\n" for log functions; ok djm@
3616 - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
3617 [channels.c clientloop.c]
3618 free()->xfree(); ok djm@
3619 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
3620 [sshconnect.c]
3621 make external definition static; ok deraadt@
3622 - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
3623 [dns.c]
3624 fix memory leaks from 2 sources:
3625 1) key_fingerprint_raw()
3626 2) malloc in dns_read_rdata()
3627 ok jakob@
3628 - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
3629 [dns.c]
3630 remove #ifdef LWRES; ok jakob@
3631 - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
3632 [dns.c dns.h]
3633 more cleanups; ok jakob@
3634 - djm@cvs.openbsd.org 2005/10/30 01:23:19
3635 [ssh_config.5]
3636 mention control socket fallback behaviour, reported by
3637 tryponraj AT gmail.com
3638 - djm@cvs.openbsd.org 2005/10/30 04:01:03
3639 [ssh-keyscan.c]
3640 make ssh-keygen discard junk from server before SSH- ident, spotted by
3641 dave AT cirt.net; ok dtucker@
3642 - djm@cvs.openbsd.org 2005/10/30 04:03:24
3643 [ssh.c]
3644 fix misleading debug message; ok dtucker@
3645 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
3646 [canohost.c sshd.c]
3647 Check for connections with IP options earlier and drop silently. ok djm@
3648 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
3649 [ssh_config.5]
3650 remove trailing whitespace;
3651 - djm@cvs.openbsd.org 2005/10/30 08:52:18
3652 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
3653 [ssh.c sshconnect.c sshconnect1.c sshd.c]
3654 no need to escape single quotes in comments, no binary change
3655 - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
3656 [sftp.c]
3657 Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
3658 - djm@cvs.openbsd.org 2005/10/31 11:12:49
3659 [ssh-keygen.1 ssh-keygen.c]
3660 generate a protocol 2 RSA key by default
3661 - djm@cvs.openbsd.org 2005/10/31 11:48:29
3662 [serverloop.c]
3663 make sure we clean up wtmp, etc. file when we receive a SIGTERM,
3664 SIGINT or SIGQUIT when running without privilege separation (the
3665 normal privsep case is already OK). Patch mainly by dtucker@ and
3666 senthilkumar_sen AT hotpop.com; ok dtucker@
3667 - jmc@cvs.openbsd.org 2005/10/31 19:55:25
3668 [ssh-keygen.1]
3669 grammar;
3670 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
3671 [canohost.c]
3672 Cache reverse lookups with and without DNS separately; ok markus@
3673 - djm@cvs.openbsd.org 2005/11/04 05:15:59
3674 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
3675 remove hardcoded hash lengths in key exchange code, allowing
3676 implementation of KEX methods with different hashes (e.g. SHA-256);
3677 ok markus@ dtucker@ stevesk@
3678 - djm@cvs.openbsd.org 2005/11/05 05:01:15
3679 [bufaux.c]
3680 Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
3681 cs.stanford.edu; ok dtucker@
3682 - (dtucker) [README.platform] Add PAM section.
3683 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
3684 resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
3685 ok dtucker@
3686
368720051102
3688 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
3689 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
3690 via FreeBSD.
3691
369220051030
3693 - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
3694 sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
3695 files from imorgan AT nas.nasa.gov
3696 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
3697 enabled, instead allow PAM to handle it. Note that on platforms using PAM,
3698 the pam_nologin module should be added to sshd's session stack in order to
3699 maintain exising behaviour. Based on patch and discussion from t8m at
3700 centrum.cz, ok djm@
3701
370220051025
3703 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
3704 sizeof(long long) checks, to make fixing bug #1104 easier (no changes
3705 yet).
3706 - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
3707 understand "%lld", even though the compiler has "long long", so handle
3708 it as a special case. Patch tested by mcaskill.scott at epa.gov.
3709 - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
3710 prompt. Patch from vinschen at redhat.com.
3711
371220051017
3713 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
3714 /etc/default/login report and testing from aabaker at iee.org, corrections
3715 from tim@.
3716
371720051009
3718 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
3719 versions from OpenBSD. ok djm@
3720
372120051008
3722 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
3723 brian.smith at agilent com.
3724 - (djm) [configure.ac] missing 'test' call for -with-Werror test
3725
372620051005
3727 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
3728 "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
3729 senthilkumar_sen at hotpop.com.
3730
373120051003
3732 - (dtucker) OpenBSD CVS Sync
3733 - markus@cvs.openbsd.org 2005/09/07 08:53:53
3734 [channels.c]
3735 enforce chanid != NULL; ok djm
3736 - markus@cvs.openbsd.org 2005/09/09 19:18:05
3737 [clientloop.c]
3738 typo; from mark at mcs.vuw.ac.nz, bug #1082
3739 - djm@cvs.openbsd.org 2005/09/13 23:40:07
3740 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
3741 scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
3742 ensure that stdio fds are attached; ok deraadt@
3743 - djm@cvs.openbsd.org 2005/09/19 11:37:34
3744 [ssh_config.5 ssh.1]
3745 mention ability to specify bind_address for DynamicForward and -D options;
3746 bz#1077 spotted by Haruyama Seigo
3747 - djm@cvs.openbsd.org 2005/09/19 11:47:09
3748 [sshd.c]
3749 stop connection abort on rekey with delayed compression enabled when
3750 post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
3751 - djm@cvs.openbsd.org 2005/09/19 11:48:10
3752 [gss-serv.c]
3753 typo
3754 - jmc@cvs.openbsd.org 2005/09/19 15:38:27
3755 [ssh.1]
3756 some more .Bk/.Ek to avoid ugly line split;
3757 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
3758 [ssh.c]
3759 update -D usage here too;
3760 - djm@cvs.openbsd.org 2005/09/19 23:31:31
3761 [ssh.1]
3762 spelling nit from stevesk@
3763 - djm@cvs.openbsd.org 2005/09/21 23:36:54
3764 [sshd_config.5]
3765 aquire -> acquire, from stevesk@
3766 - djm@cvs.openbsd.org 2005/09/21 23:37:11
3767 [sshd.c]
3768 change label at markus@'s request
3769 - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
3770 [ssh-keyscan.1]
3771 deploy .An -nosplit; ok jmc
3772 - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
3773 [canohost.c]
3774 Relocate check_ip_options call to prevent logging of garbage for
3775 connections with IP options set. bz#1092 from David Leonard,
3776 "looks good" deraadt@
3777 - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
3778 is required in the system path for the multiplex test to work.
3779
378020050930
3781 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
3782 for strtoll. Patch from o.flebbe at science-computing.de.
3783 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
3784 child during PAM account check without clearing it. This restores the
3785 post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
3786 with help from several others.
3787
378820050929
3789 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
3790 introduced during sync.
3791
379220050928
3793 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
3794 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
3795 PAM via keyboard-interactive. Patch tested by the folks at Vintela.
3796
379720050927
3798 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
3799 calls, since they can't possibly fail. ok djm@
3800 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
3801 process when sshd relies on ssh-random-helper. Should result in faster
3802 logins on systems without a real random device or prngd. ok djm@
3803
380420050924
3805 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
3806 duplicate call. ok djm@
3807
380820050922
3809 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
3810 skeleten at shillest.net.
3811 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
3812 shillest.net.
3813
381420050919
3815 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
3816 AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
3817 ok dtucker@
3818
381920050912
3820 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
3821 Mike Frysinger.
3822
382320050908
3824 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
3825 OpenServer 6 and add osr5bigcrypt support so when someone migrates
3826 passwords between UnixWare and OpenServer they will still work. OK dtucker@
3827
3c0ef626 3828$Id$
git-cvsimport mirror of GSI OpenSSH
This page took 0.968463 seconds and 5 git commands to generate.