-20050901
- - (djm) Update RPM spec file versions
-
-20050831
+20011202
+ - (djm) Syn with OpenBSD OpenSSH-3.0.2
+ - markus@cvs.openbsd.org
+ [session.c sshd.8 version.h]
+ Don't allow authorized_keys specified environment variables when
+ UseLogin in active
+
+20011115
+ - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
+ <djast@cs.toronto.edu> Fix from markus@
+ - (djm) Release 3.0.1p1
+
+20011113
+ - (djm) Fix early (and double) free of remote user when using Kerberos.
+ Patch from Simon Wilkinson <simon@sxw.org.uk>
+ - (djm) AIX login{success,failed} changes. Move loginsuccess call to
+ do_authenticated. Call loginfailed for protocol 2 failures > MAX like
+ we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
+ K.Wolkersdorfer@fz-juelich.de and others
- (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2005/08/30 22:08:05
- [gss-serv.c sshconnect2.c]
- destroy credentials if krb5_kuserok() call fails. Stops credentials being
- delegated to users who are not authorised for GSSAPIAuthentication when
- GSSAPIDeletegateCredentials=yes and another authentication mechanism
- succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
- simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
- - markus@cvs.openbsd.org 2005/08/31 09:28:42
+ - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
+ [auth-krb5.c]
+ fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
+ art@, deraadt@ ok
+ - markus@cvs.openbsd.org 2001/11/12 11:17:07
+ [servconf.c]
+ enable authorized_keys2 again. tested by fries@
+ - markus@cvs.openbsd.org 2001/11/13 02:03:57
[version.h]
- 4.2
- - (dtucker) [README] Update release note URL to 4.2
- - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
- openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
- libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
- Feedback and OK dtucker@
-
-20050830
- - (tim) [configure.ac] Back out last change. It needs to be done differently.
-
-20050829
- - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
- password support to 7.x for now.
-
-20050826
- - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
- openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
- openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
- openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
- on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
- by tim@. Feedback and OK dtucker@
-
-20050823
- - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
- qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
- and "//foo" to be different. Spotted by vinschen at redhat.com.
- - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
- and OK dtucker@
- - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
-
-20050821
- - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
- LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
-
-20050816
- - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
- from Jacob Nevins; ok dtucker@
-
-20050815
- - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
- - (tim) [configure.ac] corrections to libedit tests. Report and patches
- by skeleten AT shillest.net
-
-20050812
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2005/07/28 17:36:22
- [packet.c]
- missing packet_init_compression(); from solar
- - djm@cvs.openbsd.org 2005/07/30 01:26:16
+ enter 3.0.1
+ - (djm) Bump RPM package versions
+
+20011112
+ - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
+ - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/10/24 08:41:41
+ [sshd.c]
+ mention remote port in debug message
+ - markus@cvs.openbsd.org 2001/10/24 08:41:20
[ssh.c]
- fix -D listen_host initialisation, so it picks up gateway_ports setting
- correctly
- - djm@cvs.openbsd.org 2005/07/30 02:03:47
- [readconf.c]
- listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
- - dtucker@cvs.openbsd.org 2005/08/06 10:03:12
- [servconf.c]
- Unbreak sshd ListenAddress for bare IPv6 addresses.
- Report from Janusz Mucka; ok djm@
- - jaredy@cvs.openbsd.org 2005/08/08 13:22:48
- [sftp.c]
- sftp prompt enhancements:
- - in non-interactive mode, do not print an empty prompt at the end
- before finishing
- - print newline after EOF in editline mode
- - call el_end() in editline mode
- ok dtucker djm
-
-20050810
- - (dtucker) [configure.ac] Test libedit library and headers for compatibility.
- Report from skeleten AT shillest.net, ok djm@
- - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
- Sync current (thread-safe) version of realpath.c from OpenBSD (which is
- in turn based on FreeBSD's). ok djm@
-
-20050809
- - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
- Report by skeleten AT shillest.net
-
-20050803
- - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
- individually and use a value less likely to collide with real values from
- netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
- - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
- latter is specified in the standard.
-
-20050802
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2005/07/27 10:39:03
- [scp.c hostfile.c sftp-client.c]
- Silence bogus -Wuninitialized warnings; ok djm@
- - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
- with gcc. ok djm@
- - (dtucker) [configure.ac] Add a --with-Werror option to configure for
- adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
-
-20050726
- - (dtucker) [configure.ac] Update zlib warning message too, pointed out by
- tim@.
- - (djm) OpenBSD CVS Sync
- - otto@cvs.openbsd.org 2005/07/19 15:32:26
- [auth-passwd.c]
- auth_usercheck(3) can return NULL, so check for that. Report from
- mpech@. ok markus@
- - markus@cvs.openbsd.org 2005/07/25 11:59:40
- [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
- [sshconnect2.c sshd.c sshd_config sshd_config.5]
- add a new compression method that delays compression until the user
- has been authenticated successfully and set compression to 'delayed'
- for sshd.
- this breaks older openssh clients (< 3.5) if they insist on
- compression, so you have to re-enable compression in sshd_config.
- ok djm@
-
-20050725
- - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
-
-20050717
-- OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2005/07/16 01:35:24
- [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
- [sshconnect.c]
- spacing
- - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
- [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
- in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
- - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
- - djm@cvs.openbsd.org 2005/07/17 06:49:04
- [channels.c channels.h session.c session.h]
- Fix a number of X11 forwarding channel leaks:
- 1. Refuse multiple X11 forwarding requests on the same session
- 2. Clean up all listeners after a single_connection X11 forward, not just
- the one that made the single connection
- 3. Destroy X11 listeners when the session owning them goes away
- testing and ok dtucker@
- - djm@cvs.openbsd.org 2005/07/17 07:17:55
- [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
- [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
- [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
- [sshconnect.c sshconnect2.c]
- knf says that a 2nd level indent is four (not three or five) spaces
- -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
- [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
- - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
-
-20050716
- - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
- socketpair stays open on in both the monitor and PAM process. Patch from
- Joerg Sonnenberger.
-
-20050714
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2005/07/06 09:33:05
+ remove unused
+ - markus@cvs.openbsd.org 2001/10/24 08:51:35
+ [clientloop.c ssh.c]
+ ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
+ - markus@cvs.openbsd.org 2001/10/24 19:57:40
+ [clientloop.c]
+ make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
+ - markus@cvs.openbsd.org 2001/10/25 21:14:32
+ [ssh-keygen.1 ssh-keygen.c]
+ better docu for fingerprinting, ok deraadt@
+ - markus@cvs.openbsd.org 2001/10/29 19:27:15
+ [sshconnect2.c]
+ hostbased: check for client hostkey before building chost
+ - markus@cvs.openbsd.org 2001/10/30 20:29:09
[ssh.1]
- clarify meaning of ssh -b ; with & ok jmc@
- - dtucker@cvs.openbsd.org 2005/07/08 09:26:18
- [misc.c]
- Make comment match code; ok djm@
- - markus@cvs.openbsd.org 2005/07/08 09:41:33
+ ssh.1
+ - markus@cvs.openbsd.org 2001/11/07 16:03:17
+ [packet.c packet.h sshconnect2.c]
+ pad using the padding field from the ssh2 packet instead of sending
+ extra ignore messages. tested against several other ssh servers.
+ - markus@cvs.openbsd.org 2001/11/07 21:40:21
+ [ssh-rsa.c]
+ ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
+ - markus@cvs.openbsd.org 2001/11/07 22:10:28
+ [ssh-dss.c ssh-rsa.c]
+ missing free and sync dss/rsa code.
+ - markus@cvs.openbsd.org 2001/11/07 22:12:01
+ [sshd.8]
+ s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
+ - markus@cvs.openbsd.org 2001/11/07 22:41:51
+ [auth2.c auth-rh-rsa.c]
+ unused includes
+ - markus@cvs.openbsd.org 2001/11/07 22:53:21
[channels.h]
- race when efd gets closed while there is still buffered data:
- change CHANNEL_EFD_OUTPUT_ACTIVE()
- 1) c->efd must always be valid AND
- 2a) no EOF has been seen OR
- 2b) there is buffered data
- report, initial fix and testing Chuck Cranor
- - dtucker@cvs.openbsd.org 2005/07/08 10:20:41
- [ssh_config.5]
- change BindAddress to match recent ssh -b change; prompted by markus@
- - jmc@cvs.openbsd.org 2005/07/08 12:53:10
- [ssh_config.5]
- new sentence, new line;
- - dtucker@cvs.openbsd.org 2005/07/14 04:00:43
- [misc.h]
- use __sentinel__ attribute; ok deraadt@ djm@ markus@
- - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
- compiler doesn't understand it to prevent warnings. If any mainstream
- compiler versions acquire it we can test for those versions. Based on
- discussion with djm@.
-
-20050707
- - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
- the MIT Kerberos code path into a common function and expand mkstemp
- template to be consistent with the rest of OpenSSH. From sxw at
- inf.ed.ac.uk, ok djm@
- - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
- in the case where the buffer is insufficient, so always return ENOMEM.
- Also pointed out by sxw at inf.ed.ac.uk.
- - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
- calls to krb5_init_ets, which has not been required since krb-1.1.x and
- most Kerberos versions no longer export in their public API. From sxw
- at inf.ed.ac.uk, ok djm@
-
-20050706
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2005/07/01 13:19:47
- [channels.c]
- don't free() if getaddrinfo() fails; report mpech@
- - djm@cvs.openbsd.org 2005/07/04 00:58:43
- [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
- implement support for X11 and agent forwarding over multiplex slave
- connections. Because of protocol limitations, the slave connections inherit
- the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
- their own.
- ok dtucker@ "put it in" deraadt@
- - jmc@cvs.openbsd.org 2005/07/04 11:29:51
- [ssh_config.5]
- fix Xr and a little grammar;
- - markus@cvs.openbsd.org 2005/07/04 14:04:11
- [channels.c]
- don't forget to set x11_saved_display
-
-20050626
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2005/06/17 22:53:47
- [ssh.c sshconnect.c]
- Fix ControlPath's %p expanding to "0" for a default port,
- spotted dwmw2 AT infradead.org; ok markus@
- - djm@cvs.openbsd.org 2005/06/18 04:30:36
- [ssh.c ssh_config.5]
- allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
- - djm@cvs.openbsd.org 2005/06/25 22:47:49
- [ssh.c]
- do the default port filling code a few lines earlier, so it really
- does fix %p
-
-20050618
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2005/05/20 12:57:01;
- [auth1.c] split protocol 1 auth methods into separate functions, makes
- authloop much more readable; fixes and ok markus@ (portable ok &
- polish dtucker@)
- - djm@cvs.openbsd.org 2005/06/17 02:44:33
- [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
- - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
- tested and fixes tim@
-
-20050617
+ crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+ - markus@cvs.openbsd.org 2001/11/08 10:51:08
+ [readpass.c]
+ don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
+ - markus@cvs.openbsd.org 2001/11/08 17:49:53
+ [ssh.1]
+ mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@
+ - markus@cvs.openbsd.org 2001/11/08 20:02:24
+ [auth.c]
+ don't print ROOT in CAPS for the authentication messages, i.e.
+ Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
+ becomes
+ Accepted publickey for root from 127.0.0.1 port 42734 ssh2
+ - markus@cvs.openbsd.org 2001/11/09 18:59:23
+ [clientloop.c serverloop.c]
+ don't memset too much memory, ok millert@
+ original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
+ - markus@cvs.openbsd.org 2001/11/10 13:19:45
+ [sshd.c]
+ cleanup libwrap support (remove bogus comment, bogus close(), add
+ debug, etc).
+ - markus@cvs.openbsd.org 2001/11/10 13:22:42
+ [ssh-rsa.c]
+ KNF (unexpand)
+ - markus@cvs.openbsd.org 2001/11/10 13:37:20
+ [packet.c]
+ remove extra debug()
+ - markus@cvs.openbsd.org 2001/11/11 13:02:31
+ [servconf.c]
+ make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
+ AuthorizedKeysFile is specified.
+ - (djm) Reorder portable-specific server options so that they come first.
+ This should help reduce diff collisions for new server options (as they
+ will appear at the end)
+
+20011109
+ - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
+ if permit_empty_passwd == 0 so null password check cannot be bypassed.
+ jayaraj@amritapuri.com OpenBSD bug 2168
+ - markus@cvs.openbsd.org 2001/11/09 19:08:35
+ [sshd.c]
+ remove extra trailing dot from log message; pilot@naughty.monkey.org
+
+20011103
+ - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates
+ from Raymund Will <ray@caldera.de>
+ [acconfig.h configure.in] Clean up login checks.
+ Problem reported by Jim Knoble <jmknoble@pobox.com>
+
+20011101
+ - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
+
+20011031
+ - (djm) Unsmoke drugs: config files should be noreplace.
+
+20011030
+ - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6
+ by default (can force IPv4 using --define "noipv6 1")
+
+20011029
+ - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
+ to configure.ac
+
+20011028
+ - (djm) Avoid bug in Solaris PAM libs
+ - (djm) Disconnect if no tty and PAM reports password expired
+ - (djm) Fix for PAM password changes being echoed (from stevesk)
+ - (stevesk) Fix compile problem with PAM password change fix
+ - (stevesk) README: zlib location is http://www.gzip.org/zlib/
+
+20011027
+ - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)
+ Patch by Robert Dahlem <Robert.Dahlem@siemens.com>
+
+20011026
+ - (bal) Set the correct current time in login_utmp_only(). Patch by
+ Wayne Davison <wayned@users.sourceforge.net>
+ - (tim) [scard/Makefile.in] Fix install: when building outside of source
+ tree and using --src=/full_path/to/openssh
+ Patch by Mark D. Baushke <mdb@juniper.net>
+
+20011025
+ - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch
+ by todd@
+ - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and
+ tcp-wrappers precedence over system libraries and includes.
+ Report from Dave Dykstra <dwd@bell-labs.com>
+
+20011024
+ - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already.
+ - (tim) configure.in -> configure.ac
+
+20011023
+ - (bal) Updated version to 3.0p1 in preparing for release.
+ - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform.
+ - (tim) [configure.in] Fix test for broken dirname. Based on patch from
+ Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
+ [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
+ contrib/suse/openssh.spec] Update version to match version.h
+
+20011022
+ - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open).
+ Report from Michal Zalewski <lcamtuf@coredump.cx>
+
+20011021
+ - (tim) [configure.in] Clean up library testing. Add optional PATH to
+ --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on
+ patch by albert chin (china@thewrittenword.com)
+ Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
+ of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE
+ with AC_CHECK_MEMBERS. Add test for broken dirname() on
+ Solaris 2.5.1 by Dan Astoorian <djast@cs.toronto.edu>
+ [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test.
+ patch by albert chin (china@thewrittenword.com)
+ [scp.c] Replace obsolete HAVE_ST_BLKSIZE with
+ HAVE_STRUCT_STAT_ST_BLKSIZE.
+ [Makefile.in] When running make in top level, always do make
+ in openbsd-compat. patch by Dave Dykstra <dwd@bell-labs.com>
+
+20011019
+ - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by
+ Zoran Milojevic <Zoran.Milojevic@SS8.com> and j.petersen@msh.de
+
+20011012
- (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2005/06/16 03:38:36
- [channels.c channels.h clientloop.c clientloop.h ssh.c]
- move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
- easier later; ok deraadt@
- - markus@cvs.openbsd.org 2005/06/16 08:00:00
- [canohost.c channels.c sshd.c]
- don't exit if getpeername fails for forwarded ports; bugzilla #1054;
- ok djm
- - djm@cvs.openbsd.org 2005/06/17 02:44:33
- [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
- [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
- [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
- [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
- [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
- make this -Wsign-compare clean; ok avsm@ markus@
- NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
- NB2. more work may be needed to make portable Wsign-compare clean
- - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
- openbsd-compat/openssl-compat.c] only include openssl compat stuff where
- it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
- and ok tim@
-
-20050616
+ - markus@cvs.openbsd.org 2001/10/10 22:18:47
+ [channels.c channels.h clientloop.c nchan.c serverloop.c]
+ [session.c session.h]
+ try to keep channels open until an exit-status message is sent.
+ don't kill the login shells if the shells stdin/out/err is closed.
+ this should now work:
+ ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
+ - markus@cvs.openbsd.org 2001/10/11 13:45:21
+ [session.c]
+ delay detach of session if a channel gets closed but the child is
+ still alive. however, release pty, since the fd's to the child are
+ already closed.
+ - markus@cvs.openbsd.org 2001/10/11 15:24:00
+ [clientloop.c]
+ clear select masks if we return before calling select().
+ - (djm) "make veryclean" fix from Tom Holroyd <tomh@po.crl.go.jp>
+ - (djm) Clean some autoconf-2.52 junk when doing "make distclean"
+ - (djm) Cleanup sshpty.c a little
+ - (bal) First wave of contrib/solaris/ package upgrades. Still more
+ work needs to be done, but it is a 190% better then the stuff we
+ had before!
+ - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not
+ set right.
+
+20011010
- (djm) OpenBSD CVS Sync
- - jaredy@cvs.openbsd.org 2005/06/07 13:25:23
- [progressmeter.c]
- catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
- - djm@cvs.openbsd.org 2005/06/06 11:20:36
- [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
- introduce a generic %foo expansion function. replace existing % expansion
- and add expansion to ControlPath; ok markus@
- - djm@cvs.openbsd.org 2005/06/08 03:50:00
- [ssh-keygen.1 ssh-keygen.c sshd.8]
- increase default rsa/dsa key length from 1024 to 2048 bits;
- ok markus@ deraadt@
- - djm@cvs.openbsd.org 2005/06/08 11:25:09
- [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
- add ControlMaster=auto/autoask options to support opportunistic
- multiplexing; tested avsm@ and jakob@, ok markus@
- - dtucker@cvs.openbsd.org 2005/06/09 13:43:49
- [cipher.c]
- Correctly initialize end of array sentinel; ok djm@
- (Id sync only, change already in portable)
-
-20050609
- - (dtucker) [cipher.c openbsd-compat/Makefile.in
- openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
- Move compatibility code for supporting older OpenSSL versions to the
- compat layer. Suggested by and "no objection" djm@
-
-20050607
- - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
- in today's episode we attempt to coax it from limits.h where it may be
- hiding, failing that we take the DIY approach. Tested by tim@
-
-20050603
- - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
- defined, and check that it helps before keeping it in CFLAGS. Some old
- gcc's don't set an error code when encountering an unknown value in -std.
- Found and tested by tim@.
- - (dtucker) [configure.ac] Point configure's reporting address at the
- openssh-unix-dev list. ok tim@ djm@
-
-20050602
- - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
- Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
- to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
- must be run on all platforms) Add missing ;; to case statement. OK dtucker@
-
-20050601
- - (dtucker) [configure.ac] Look for _getshort and _getlong in
- arpa/nameser.h.
- - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c]
- Add strtoll to the compat library, from OpenBSD.
- - (dtucker) OpenBSD CVS Sync
- - avsm@cvs.openbsd.org 2005/05/26 02:08:05
- [scp.c]
- If copying multiple files to a target file (which normally fails, as it
- must be a target directory), kill the spawned ssh child before exiting.
- This stops it trying to authenticate and spewing lots of output.
- deraadt@ ok
- - dtucker@cvs.openbsd.org 2005/05/26 09:08:12
+ - markus@cvs.openbsd.org 2001/10/04 14:34:16
+ [key.c]
+ call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
+ - markus@cvs.openbsd.org 2001/10/04 15:05:40
+ [channels.c serverloop.c]
+ comment out bogus conditions for selecting on connection_in
+ - markus@cvs.openbsd.org 2001/10/04 15:12:37
+ [serverloop.c]
+ client_alive_check cleanup
+ - markus@cvs.openbsd.org 2001/10/06 00:14:50
+ [sshconnect.c]
+ remove unused argument
+ - markus@cvs.openbsd.org 2001/10/06 00:36:42
+ [session.c]
+ fix typo in error message, sync with do_exec_nopty
+ - markus@cvs.openbsd.org 2001/10/06 11:18:19
+ [sshconnect1.c sshconnect2.c sshconnect.c]
+ unify hostkey check error messages, simplify prompt.
+ - markus@cvs.openbsd.org 2001/10/07 10:29:52
+ [authfile.c]
+ grammer; Matthew_Clarke@mindlink.bc.ca
+ - markus@cvs.openbsd.org 2001/10/07 17:49:40
+ [channels.c channels.h]
+ avoid possible FD_ISSET overflow for channels established
+ during channnel_after_select() (used for dynamic channels).
+ - markus@cvs.openbsd.org 2001/10/08 11:48:57
+ [channels.c]
+ better debug
+ - markus@cvs.openbsd.org 2001/10/08 16:15:47
+ [sshconnect.c]
+ use correct family for -b option
+ - markus@cvs.openbsd.org 2001/10/08 19:05:05
+ [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
+ some more IPv4or6 cleanup
+ - markus@cvs.openbsd.org 2001/10/09 10:12:08
+ [session.c]
+ chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
+ - markus@cvs.openbsd.org 2001/10/09 19:32:49
+ [session.c]
+ stat subsystem command before calling do_exec, and return error to client.
+ - markus@cvs.openbsd.org 2001/10/09 19:51:18
+ [serverloop.c]
+ close all channels if the connection to the remote host has been closed,
+ should fix sshd's hanging with WCHAN==wait
+ - markus@cvs.openbsd.org 2001/10/09 21:59:41
+ [channels.c channels.h serverloop.c session.c session.h]
+ simplify session close: no more delayed session_close, no more
+ blocking wait() calls.
+ - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c
+ - (bal) seed_init() and seed_rng() required in ssh-keyscan.c
+
+20011007
+ - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.
+ Prompted by Matthew Vernon <matthew@sel.cam.ac.uk>
+
+20011005
+ - (bal) AES works under Cray, no more hack.
+
+20011004
+ - (bal) nchan2.ms resync. BSD License applied.
+
+20011003
+ - (bal) CVS ID fix up in version.h
+ - (bal) OpenBSD CVS Sync:
+ - markus@cvs.openbsd.org 2001/09/27 11:58:16
+ [compress.c]
+ mem leak; chombier@mac.com
+ - markus@cvs.openbsd.org 2001/09/27 11:59:37
+ [packet.c]
+ missing called=1; chombier@mac.com
+ - markus@cvs.openbsd.org 2001/09/27 15:31:17
+ [auth2.c auth2-chall.c sshconnect1.c]
+ typos; from solar
+ - camield@cvs.openbsd.org 2001/09/27 17:53:24
+ [sshd.8]
+ don't talk about compile-time options
+ ok markus@
+ - djm@cvs.openbsd.org 2001/09/28 12:07:09
[ssh-keygen.c]
- uint32_t -> u_int32_t for consistency; ok djm@
- - djm@cvs.openbsd.org 2005/05/27 08:30:37
+ bzero private key after loading to smartcard; ok markus@
+ - markus@cvs.openbsd.org 2001/09/28 15:46:29
[ssh.c]
- fix -O for cases where no ControlPath has been specified or socket at
- ControlPath is not contactable; spotted by and ok avsm@
- - (tim) [config.guess config.sub] Update to '2005-05-27' version.
- - (tim) [configure.ac] set TEST_SHELL for OpenServer 6
-
-20050531
- - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
- vintela.com.
- - (dtucker) [mdoc2man.awk] Teach it to understand .Ox.
-
-20050530
- - (dtucker) [README] Link to new release notes. Beter late than never...
-
-20050529
- - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
- argument to passwdexpired to be initialized to NULL. Suggested by tim@
- While at it, initialize the other arguments to auth functions in case they
- ever acquire this behaviour.
- - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
- - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
- spotted by tim@.
-
-20050528
- - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have
- one entry per line to make it easier to merge changes. ok djm@
- - (dtucker) [configure.ac] strsep() may be defined in string.h, so check
- for its presence and include it in the strsep check.
- - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for
- its presence before doing AC_FUNC_GETPGRP.
- - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor
- version-specific variations as required.
- - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
- per the autoconf man page. Configure should always define them but it
- doesn't hurt to check.
-
-20050527
- - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by
- David Leach; ok dtucker@
- - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
- openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
- Required changes from Bernhard Simon, integrated by me. ok djm@
-
-20050525
- - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
- been used for a while
- - (djm) OpenBSD CVS Sync
- - otto@cvs.openbsd.org 2005/04/05 13:45:31
- [ssh-keygen.c]
- - djm@cvs.openbsd.org 2005/04/06 09:43:59
+ bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
+ - markus@cvs.openbsd.org 2001/10/01 08:06:28
+ [scp.c]
+ skip filenames containing \n; report jdamery@chiark.greenend.org.uk
+ and matthew@debian.org
+ - markus@cvs.openbsd.org 2001/10/01 21:38:53
+ [channels.c channels.h ssh.c sshd.c]
+ remove ugliness; vp@drexel.edu via angelos
+ - markus@cvs.openbsd.org 2001/10/01 21:51:16
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ add NoHostAuthenticationForLocalhost; note that the hostkey is
+ now check for localhost, too.
+ - djm@cvs.openbsd.org 2001/10/02 08:38:50
+ [ssh-add.c]
+ return non-zero exit code on error; ok markus@
+ - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
[sshd.c]
- avoid harmless logspam by not performing setsockopt() on non-socket;
+ #include "channels.h" for channel_set_af()
+ - markus@cvs.openbsd.org 2001/10/03 10:01:20
+ [auth.c]
+ use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
+
+20011001
+ - (stevesk) loginrec.c: fix type conversion problems exposed when using
+ 64-bit off_t.
+
+20010929
+ - (bal) move reading 'config.h' up higher. Patch by albert chin
+ <china@thewrittenword.com)
+
+20010928
+ - (djm) OpenBSD CVS sync:
+ - djm@cvs.openbsd.org 2001/09/28 09:49:31
+ [scard.c]
+ Fix segv when smartcard communication error occurs during key load.
ok markus@
- - dtucker@cvs.openbsd.org 2005/04/06 12:26:06
- [ssh.c]
- Fix debug call for port forwards; patch from pete at seebeyond.com,
- ok djm@ (ID sync only - change already in portable)
- - djm@cvs.openbsd.org 2005/04/09 04:32:54
- [misc.c misc.h tildexpand.c Makefile.in]
- replace tilde_expand_filename with a simpler implementation, ahead of
- more whacking; ok deraadt@
- - jmc@cvs.openbsd.org 2005/04/14 12:30:30
+ - (djm) Update spec files for new x11-askpass
+
+20010927
+ - (stevesk) session.c: declare do_pre_login() before use
+ wayned@users.sourceforge.net
+
+20010925
+ - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
+ - (djm) Sync $sysconfdir/moduli
+ - (djm) Add AC_SYS_LARGEFILE configure test
+ - (djm) Avoid bad and unportable sprintf usage in compat code
+
+20010923
+ - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
+ by stevesk@
+ - (bal) Removed 'extern int optopt;' since it is dead wood.
+ - (bal) Updated all *.specs for 2.9.9p1 and updated version.h
+
+20010923
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/09/23 11:09:13
+ [authfile.c]
+ relax permission check for private key files.
+ - markus@cvs.openbsd.org 2001/09/23 09:58:13
+ [LICENCE]
+ new rijndael implementation
+
+20010920
+ - (tim) [scard/Makefile.in] Don't strip the Java binary
+ - (stevesk) sun_len, SUN_LEN() configure stuff no longer required
+ - (bal) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
+ [sshd.8]
+ fix ClientAliveCountMax
+ - markus@cvs.openbsd.org 2001/09/20 13:46:48
+ [auth2.c]
+ key_read returns now -1 or 1
+ - markus@cvs.openbsd.org 2001/09/20 13:50:40
+ [compat.c compat.h ssh.c]
+ bug compat: request a dummy channel for -N (no shell) sessions +
+ cleanup; vinschen@redhat.com
+ - mouring@cvs.openbsd.org 2001/09/20 20:57:51
+ [sshd_config]
+ CheckMail removed. OKed stevesk@
+
+20010919
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/09/19 10:08:51
+ [sshd.8]
+ command=xxx applies to subsystem now, too
+ - markus@cvs.openbsd.org 2001/09/19 13:23:29
+ [key.c]
+ key_read() now returns -1 on type mismatch, too
+ - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
+ [readconf.c readconf.h scp.c sftp.c ssh.1]
+ add ClearAllForwardings ssh option and set it in scp and sftp; ok
+ markus@
+ - stevesk@cvs.openbsd.org 2001/09/19 19:35:30
+ [authfd.c]
+ use sizeof addr vs. SUN_LEN(addr) for sockaddr_un. Stevens
+ blesses this and we do it this way elsewhere. this helps in
+ portable because not all systems have SUN_LEN() and
+ sockaddr_un.sun_len. ok markus@
+ - stevesk@cvs.openbsd.org 2001/09/19 21:04:53
+ [sshd.8]
+ missing -t in usage
+ - stevesk@cvs.openbsd.org 2001/09/19 21:41:57
+ [sshd.8]
+ don't advertise -V in usage; ok markus@
+ - (bal) openbsd-compat/vis.[ch] is dead wood. Removed.
+
+20010918
+ - (djm) Configure support for smartcards. Based on Ben's work.
+ - (djm) Revert setgroups call, it causes problems on OS-X
+ - (djm) Avoid warning on BSDgetopt
+ - (djm) More makefile infrastructre for smartcard support, also based
+ on Ben's work
+ - (djm) Specify --datadir in RPM spec files so smartcard applet gets
+ put somewhere sane. Add Ssh.bin to manifest.
+ - (djm) Make smartcard support conditional in Redhat RPM spec
+ - (bal) LICENCE update. Has not been done in a while.
+ - (stevesk) nchan.c: we use X/Open Sockets on HP-UX now so shutdown(2)
+ returns ENOTCONN vs. EINVAL for socket not connected; remove EINVAL
+ check. ok Lutz Jaenicke
+ - (bal) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/09/17 17:57:57
+ [scp.1 scp.c sftp.1 sftp.c]
+ add -Fssh_config option; ok markus@
+ - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
+ [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
+ u_char*/char* cleanup; ok markus
+ - markus@cvs.openbsd.org 2001/09/17 20:22:14
+ [scard.c]
+ never keep a connection to the smartcard open.
+ allows ssh-keygen -D U while the agent is running; report from
+ jakob@
+ - stevesk@cvs.openbsd.org 2001/09/17 20:38:09
+ [sftp.1 sftp.c]
+ cleanup and document -1, -s and -S; ok markus@
+ - markus@cvs.openbsd.org 2001/09/17 20:50:22
+ [key.c ssh-keygen.c]
+ better error handling if you try to export a bad key to ssh.com
+ - markus@cvs.openbsd.org 2001/09/17 20:52:47
+ [channels.c channels.h clientloop.c]
+ try to fix agent-forwarding-backconnection-bug, as seen on HPUX,
+ for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
+ - markus@cvs.openbsd.org 2001/09/17 21:04:02
+ [channels.c serverloop.c]
+ don't send fake dummy packets on CR (\r)
+ bugreport from yyua@cs.sfu.ca via solar@@openwall.com
+ - markus@cvs.openbsd.org 2001/09/17 21:09:47
+ [compat.c]
+ more versions suffering the SSH_BUG_DEBUG bug;
+ 3.0.x reported by dbutts@maddog.storability.com
+ - stevesk@cvs.openbsd.org 2001/09/17 23:56:07
+ [scp.1]
+ missing -B in usage string
+
+20010917
+ - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
+ - (tim) [includes.h openbsd-compat/getopt.c openbsd-compat/getopt.h]
+ rename getopt() to BSDgetopt() to keep form conflicting with
+ system getopt().
+ [Makefile.in configure.in] disable filepriv until I can add
+ missing procpriv calls.
+
+20010916
+ - (djm) Workaround XFree breakage in RPM spec file
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/09/16 14:46:54
+ [session.c]
+ calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
+ pr 1943b
+
+20010915
+ - (djm) Make do_pre_login static to avoid prototype #ifdef hell
+ - (djm) Sync scard/ stuff
+ - (djm) Redhat spec file cleanups from Pekka Savola <pekkas@netcore.fi> and
+ Redhat
+ - (djm) Redhat initscript config sanity checking from Pekka Savola
+ <pekkas@netcore.fi>
+ - (djm) Clear supplemental groups at sshd start to prevent them from
+ being propogated to random PAM modules. Based on patch from Redhat via
+ Pekka Savola <pekkas@netcore.fi>
+ - (djm) Make sure rijndael.c picks config.h
+ - (djm) Ensure that u_char gets defined
+
+20010914
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/09/13
+ [rijndael.c rijndael.h]
+ missing $OpenBSD
+ - markus@cvs.openbsd.org 2001/09/14
+ [session.c]
+ command=xxx overwrites subsystems, too
+ - markus@cvs.openbsd.org 2001/09/14
+ [sshd.c]
+ typo
+
+20010913
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/08/23 11:31:59
+ [cipher.c cipher.h]
+ switch to the optimised AES reference code from
+ http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
+
+20010912
+ - (bal) OpenBSD CVS Sync
+ - jakob@cvs.openbsd.org 2001/08/16 19:18:34
+ [servconf.c servconf.h session.c sshd.8]
+ deprecate CheckMail. ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
+ [ssh.1 sshd.8]
+ document case sensitivity for ssh, sshd and key file
+ options and arguments; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/17 18:59:47
+ [servconf.h]
+ typo in comment
+ - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
+ [ssh.1 sshd.8]
+ minor typos and cleanup
+ - stevesk@cvs.openbsd.org 2001/08/22 16:21:21
+ [ssh.1]
+ hostname not optional; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
+ [sshd.8]
+ no rexd; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/22 17:45:16
[ssh.1]
- arg to -b is an address, not if_name;
+ document cipher des for protocol 1; ok deraadt@
+ - camield@cvs.openbsd.org 2001/08/23 17:59:31
+ [sshd.c]
+ end request with 0, not NULL
ok markus@
- - jakob@cvs.openbsd.org 2005/04/20 10:05:45
- [dns.c]
- do not try to look up SSHFP for numerical hostname. ok djm@
- - djm@cvs.openbsd.org 2005/04/21 06:17:50
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
- [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
- variable, so don't say that we do (bz #623); ok deraadt@
- - djm@cvs.openbsd.org 2005/04/21 11:47:19
- [ssh.c]
- don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
- ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
- - dtucker@cvs.openbsd.org 2005/04/23 23:43:47
- [readpass.c]
- Add debug message if read_passphrase can't open /dev/tty; bz #471;
- ok djm@
- - jmc@cvs.openbsd.org 2005/04/26 12:59:02
- [sftp-client.h]
- spelling correction in comment from wiz@netbsd;
- - jakob@cvs.openbsd.org 2005/04/26 13:08:37
- [ssh.c ssh_config.5]
- fallback gracefully if client cannot connect to ControlPath. ok djm@
- - moritz@cvs.openbsd.org 2005/04/28 10:17:56
- [progressmeter.c ssh-keyscan.c]
- add snprintf checks. ok djm@ markus@
- - markus@cvs.openbsd.org 2005/05/02 21:13:22
- [readpass.c]
- missing {}
- - djm@cvs.openbsd.org 2005/05/10 10:28:11
- [ssh.c]
- print nice error message for EADDRINUSE as well (ID sync only)
- - djm@cvs.openbsd.org 2005/05/10 10:30:43
+ - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
+ [ssh-agent.1]
+ fix usage; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/23 18:08:59
+ [ssh-add.1 ssh-keyscan.1]
+ minor cleanup
+ - danh@cvs.openbsd.org 2001/08/27 22:02:13
+ [ssh-keyscan.c]
+ fix memory fault if non-existent filename is given to the -f option
+ ok markus@
+ - markus@cvs.openbsd.org 2001/08/28 09:51:26
+ [readconf.c]
+ don't set DynamicForward unless Host matches
+ - markus@cvs.openbsd.org 2001/08/28 15:39:48
+ [ssh.1 ssh.c]
+ allow: ssh -F configfile host
+ - markus@cvs.openbsd.org 2001/08/29 20:44:03
+ [scp.c]
+ clear the malloc'd buffer, otherwise source() will leak malloc'd
+ memory; ok theo@
+ - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
+ [sshd.8]
+ add text about -u0 preventing DNS requests; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
+ [ssh.1 ssh.c]
+ document -D and DynamicForward; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
[ssh.c]
- report real errors on fallback from ControlMaster=no to normal connect
- - markus@cvs.openbsd.org 2005/05/16 15:30:51
- [readconf.c servconf.c]
- check return value from strdelim() for NULL (AddressFamily); mpech
- - djm@cvs.openbsd.org 2005/05/19 02:39:55
- [sshd_config.5]
- sort config options, from grunk AT pestilenz.org; ok jmc@
- - djm@cvs.openbsd.org 2005/05/19 02:40:52
- [sshd_config]
- whitespace nit, from grunk AT pestilenz.org
- - djm@cvs.openbsd.org 2005/05/19 02:42:26
- [includes.h]
- fix cast, from grunk AT pestilenz.org
- - djm@cvs.openbsd.org 2005/05/20 10:50:55
- [ssh_config.5]
- give a ProxyCommand example using nc(1), with and ok jmc@
- - jmc@cvs.openbsd.org 2005/05/20 11:23:32
- [ssh_config.5]
- oops - article and spacing;
- - avsm@cvs.openbsd.org 2005/05/23 22:44:01
- [moduli.c ssh-keygen.c]
- - removes signed/unsigned comparisons in moduli generation
- - use strtonum instead of atoi where its easier
- - check some strlcpy overflow and fatal instead of truncate
- - djm@cvs.openbsd.org 2005/05/23 23:32:46
- [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
- add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
+ validate ports for -L/-R; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
+ [ssh.1 sshd.8]
+ additional documentation for GatewayPorts; ok markus@
+ - naddy@cvs.openbsd.org 2001/08/30 15:42:36
+ [ssh.1]
+ add -D to synopsis line; ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
+ [readconf.c ssh.1]
+ validate ports for LocalForward/RemoteForward.
+ add host/port alternative syntax for IPv6 (like -L/-R).
ok markus@
- - avsm@cvs.openbsd.org 2005/05/24 02:05:09
- [ssh-keygen.c]
- some style nits from dmiller@, and use a fatal() instead of a printf()/exit
- - avsm@cvs.openbsd.org 2005/05/24 17:32:44
- [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
- [ssh-keyscan.c sshconnect.c]
- Switch atomicio to use a simpler interface; it now returns a size_t
- (containing number of bytes read/written), and indicates error by
- returning 0. EOF is signalled by errno==EPIPE.
- Typical use now becomes:
-
- if (atomicio(read, ..., len) != len)
- err(1,"read");
-
- ok deraadt@, cloder@, djm@
- - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
- Cygwin.
- - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
- warning: dereferencing type-punned pointer will break strict-aliasing rules
- warning: passing arg 3 of `pam_get_item' from incompatible pointer type
- The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
- - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
- templates for _getshort and _getlong if missing to prevent compiler warnings
- on Linux.
- - (djm) [configure.ac openbsd-compat/Makefile.in]
- [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
- Add strtonum(3) from OpenBSD libc, new code needs it.
- Unfortunately Linux forces us to do a bizarre dance with compiler
- options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
-
-20050524
- - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
- - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
- that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
- idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
- USE_POSIX_THREADS will now generate an error so we don't silently change
- behaviour. ok djm@
- - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
- allocation when retrieving core Windows environment. Add CYGWIN variable
- to propagated variables. Patch from vinschen at redhat.com, ok djm@
- - Release 4.1p1
-
-20050524
- - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
- terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
- "looks ok" dtucker@
-
-20050512
- - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
- hard link section. Bug 1038.
-
-20050509
- - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
- user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
-
-20050504
- - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
- unix domain socket, so catch that too; from jakob@ ok dtucker@
-
-20050503
- - (dtucker) [canohost.c] normalise socket addresses returned by
- get_remote_hostname(). This means that IPv4 addresses in log messages
- on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
- AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
- addresses only for 4-in-6 mapped connections, regardless of whether
- or not the machine is IPv6 enabled. ok djm@
-
-20050425
- - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
- existence of a process since it's more portable. Found by jbasney at
- ncsa.uiuc.edu; ok tim@
- - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
- will clean up anyway. From tim@
- - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
- "make tests" works even if you're building on a filesystem that doesn't
- support sockets. From deengert at anl.gov, ok djm@
-
-20050424
- - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
- 1.2.1.2 or higher. With tim@, ok djm@
-
-20050423
- - (tim) [config.guess] Add support for OpenServer 6.
-
-20050421
- - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
- UseLogin is set as PAM is not used to establish credentials in that
- case. Found by Michael Selvesteen, ok djm@
-
-20050419
- - (dtucker) [INSTALL] Reference README.privsep for the privilege separation
- requirements. Pointed out by Bengt Svensson.
- - (dtucker) [INSTALL] Put the s/key text and URL back together.
- - (dtucker) [INSTALL] Fix s/key text too.
-
-20050411
- - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
-
-20050405
- - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
- - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
- Tru64. Patch from cmadams at hiwaay.net.
- - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
- sys_auth_passwd, pointed out by cmadams at hiwaay.net.
-
-20050403
- - (djm) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2005/03/31 18:39:21
+ - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
+ [auth-options.c sshd.8]
+ validate ports for permitopen key file option. add host/port
+ alternative syntax for IPv6. ok markus@
+ - markus@cvs.openbsd.org 2001/08/30 22:22:32
+ [ssh-keyscan.c]
+ do not pass pointers to longjmp; fix from wayne@blorf.net
+ - markus@cvs.openbsd.org 2001/08/31 11:46:39
+ [sshconnect2.c]
+ disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST
+ messages
+ - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
+ [readconf.c readconf.h ssh.c]
+ fatal() for nonexistent -Fssh_config. ok markus@
+ - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
+ [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
+ avoid first person in manual pages
+ - stevesk@cvs.openbsd.org 2001/09/12 18:18:25
[scp.c]
- copy argv[] element instead of smashing the one that ps will see; ok otto
- - djm@cvs.openbsd.org 2005/04/02 12:41:16
+ don't forward agent for non third-party copies; ok markus@
+
+20010815
+ - (bal) Fixed stray code in readconf.c that went in by mistake.
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/08/07 10:37:46
+ [authfd.c authfd.h]
+ extended failure messages from galb@vandyke.com
+ - deraadt@cvs.openbsd.org 2001/08/08 07:16:58
+ [scp.1]
+ when describing the -o option, give -o Protocol=1 as the specific example
+ since we are SICK AND TIRED of clueless people who cannot have difficulty
+ thinking on their own.
+ - markus@cvs.openbsd.org 2001/08/08 18:20:15
+ [uidswap.c]
+ permanently_set_uid is a noop if user is not privilegued;
+ fixes bug on solaris; from sbi@uchicago.edu
+ - markus@cvs.openbsd.org 2001/08/08 21:34:19
+ [uidswap.c]
+ undo last change; does not work for sshd
+ - jakob@cvs.openbsd.org 2001/08/11 22:51:27
+ [ssh.c tildexpand.c]
+ fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>.
+ ok markus@
+ - stevesk@cvs.openbsd.org 2001/08/13 23:38:54
[scp.c]
- since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
- build
- - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
- will free as needed. ok tim@ djm@
-
-20050331
- - (dtucker) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2005/03/16 11:10:38
- [ssh_config.5]
- get the syntax right for {Local,Remote}Forward;
- based on a diff from markus;
- problem report from ponraj;
- ok dtucker@ markus@ deraadt@
- - markus@cvs.openbsd.org 2005/03/16 21:17:39
- [version.h]
- 4.1
- - jmc@cvs.openbsd.org 2005/03/18 17:05:00
- [sshd_config.5]
- typo;
- - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
- handling of password expiry messages returned by AIX's authentication
- routines, originally reported by robvdwal at sara.nl.
- - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
- message on some platforms. Patch from pete at seebeyond.com via djm.
- - (dtucker) [monitor.c] Remaining part of fix for bug #1006.
-
-20050329
- - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
- interested in which is much faster in large (eg LDAP or NIS) environments.
- Patch from dleonard at vintela.com.
-
-20050321
- - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
- and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
- with & ok tim@
- - (dtucker) [configure.ac] Make configure error out if the user specifies
- --with-libedit but the required libs can't be found, rather than silently
- ignoring and continuing. ok tim@
- - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
- of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
-
-20050317
- - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
- Make --without-opensc work.
- - (tim) [configure.ac] portability changes on test statements. Some shells
- have problems with -a operator.
- - (tim) [configure.ac] make some configure options a little more error proof.
- - (tim) [configure.ac] remove trailing white space.
-
-20050314
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
- [readconf.c]
- Check listen addresses for null, prevents xfree from dying during
- ClearAllForwardings (bz #996). From Craig Leres, ok markus@
- - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
- [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
- monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
- readconf.c bufaux.c sftp.c]
- spacing
- - deraadt@cvs.openbsd.org 2005/03/10 22:40:38
- [auth-options.c]
- spacing
- - markus@cvs.openbsd.org 2005/03/11 14:59:06
- [ssh-keygen.c]
- typo, missing \n; mpech
- - jmc@cvs.openbsd.org 2005/03/12 11:55:03
- [ssh_config.5]
- escape `.' at eol to avoid double spacing issues;
- - dtucker@cvs.openbsd.org 2005/03/14 10:09:03
- [ssh-keygen.1]
- Correct description of -H (bz #997); ok markus@, punctuation jmc@
- - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
- [auth.c]
- Populate host for log message for logins denied by AllowUsers and
- DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
- - markus@cvs.openbsd.org 2005/03/14 11:46:56
- [buffer.c buffer.h channels.c]
- limit input buffer size for channels; bugzilla #896; with and ok dtucker@
- - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
- with a rpm -F
-
-20050313
- - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
- localized name of the local administrators group more reliable. From
- vinschen at redhat.com.
-
-20050312
- - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
- output ends up in the client's output, causing regress failures. Found
- by Corinna Vinschen.
-
-20050309
- - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
- so that regress tests behave. From Chris Adams.
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2005/03/07 23:41:54
- [ssh.1 ssh_config.5]
- more macro simplification;
- - djm@cvs.openbsd.org 2005/03/08 23:49:48
- [version.h]
- OpenSSH 4.0
- - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update spec file versions
- - (djm) [log.c] Fix dumb syntax error; ok dtucker@
- - (djm) Release OpenSSH 4.0p1
-
-20050307
- - (dtucker) [configure.ac] Disable gettext search when configuring with
- BSM audit support for the time being. ok djm@
- - (dtucker) OpenBSD CVS Sync (regress/)
- - fgsch@cvs.openbsd.org 2004/12/10 01:31:30
- [Makefile sftp-glob.sh]
- some globbing regress; prompted and ok djm@
- - david@cvs.openbsd.org 2005/01/14 04:21:18
- [Makefile test-exec.sh]
- pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
- - dtucker@cvs.openbsd.org 2005/02/27 11:33:30
- [multiplex.sh test-exec.sh sshd-log-wrapper.sh]
- Add optional capability to log output from regress commands; ok markus@
- Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
- - djm@cvs.openbsd.org 2005/02/27 23:13:36
- [login-timeout.sh]
- avoid nameservice lookups in regress test; ok dtucker@
- - djm@cvs.openbsd.org 2005/03/04 08:48:46
- [Makefile envpass.sh]
- regress test for SendEnv config parsing bug; ok dtucker@
- - (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
- - (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
-
-20050306
- - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
- when attempting to audit disconnect events. Reported by Phil Dibowitz.
- - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
- events earlier, prevents mm_request_send errors reported by Matt Goebel.
-
-20050305
- - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
- from vinschen at redhat.com
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2005/03/02 11:45:01
- [ssh.1]
- missing word;
- - djm@cvs.openbsd.org 2005/03/04 08:48:06
- [readconf.c]
- fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
-
-20050302
- - (djm) OpenBSD CVS sync:
- - jmc@cvs.openbsd.org 2005/03/01 14:47:58
+ don't need main prototype (also sync with rcp); ok markus@
+ - markus@cvs.openbsd.org 2001/08/14 09:23:02
+ [sftp.1 sftp-int.c]
+ "bye"; hk63a@netscape.net
+ - stevesk@cvs.openbsd.org 2001/08/14 17:54:29
+ [scp.1 sftp.1 ssh.1]
+ consistent documentation and example of ``-o ssh_option'' for sftp and
+ scp; document keyword=argument for ssh.
+ - (bal) QNX resync. OK tim@
+
+20010814
+ - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup
+ for some #ifdef _CRAY code; ok wendyp@cray.com
+ - (stevesk) sshpty.c: return 0 on error in cray pty code;
+ ok wendyp@cray.com
+ - (stevesk) bsd-cray.c: utmp strings are not C strings
+ - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com
+
+20010812
+ - (djm) Fix detection of long long int support. Based on patch from
+ Michael Stone <mstone@cs.loyola.edu>. ok stevesk, tim
+
+20010808
+ - (bal) Minor correction to inet_ntop.h. _BSD_RRESVPORT_H should be
+ _BSD_INET_NTOP_H. Pointed out by Mark Miller <markm@swoon.net>
+
+20010807
+ - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in
+ openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
+ in. Needed for sshconnect.c
+ [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
+ [configure.in] make tests with missing libraries fail
+ patch by Wendy Palm <wendyp@cray.com>
+ Added openbsd-compat/bsd-cray.h. Selective patches from
+ William L. Jones <jones@mail.utexas.edu>
+
+20010806
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/07/22 21:32:27
+ [sshpty.c]
+ update comment
+ - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42
[ssh.1]
- remove some unneccesary macros;
- do not mark up punctuation;
- - jmc@cvs.openbsd.org 2005/03/01 14:55:23
- [ssh_config.5]
- do not mark up punctuation;
- whitespace;
- - jmc@cvs.openbsd.org 2005/03/01 14:59:49
+ There is no option "Compress", point to "Compression" instead; ok
+ markus
+ - markus@cvs.openbsd.org 2001/07/22 22:04:19
+ [readconf.c ssh.1]
+ enable challenge-response auth by default; ok millert@
+ - markus@cvs.openbsd.org 2001/07/22 22:24:16
[sshd.8]
- new sentence, new line;
- whitespace;
- - jmc@cvs.openbsd.org 2005/03/01 15:05:00
+ Xr login.conf
+ - markus@cvs.openbsd.org 2001/07/23 09:06:28
+ [sshconnect2.c]
+ reorder default sequence of userauth methods to match ssh behaviour:
+ hostbased,publickey,keyboard-interactive,password
+ - markus@cvs.openbsd.org 2001/07/23 12:47:05
+ [ssh.1]
+ sync PreferredAuthentications
+ - aaron@cvs.openbsd.org 2001/07/23 14:14:18
[ssh-keygen.1]
- whitespace;
- - jmc@cvs.openbsd.org 2005/03/01 15:47:14
- [ssh-keyscan.1 ssh-keyscan.c]
- sort options and sync usage();
- - jmc@cvs.openbsd.org 2005/03/01 17:19:35
- [scp.1 sftp.1]
- add HashKnownHosts to -o list;
+ Fix typo.
+ - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
+ [auth2.c auth-rsa.c]
+ use %lu; ok markus@
+ - stevesk@cvs.openbsd.org 2001/07/23 18:21:46
+ [xmalloc.c]
+ no zero size xstrdup() error; ok markus@
+ - markus@cvs.openbsd.org 2001/07/25 11:59:35
+ [scard.c]
+ typo in comment
+ - markus@cvs.openbsd.org 2001/07/25 14:35:18
+ [readconf.c ssh.1 ssh.c sshconnect.c]
+ cleanup connect(); connection_attempts 4 -> 1; from
+ eivind@freebsd.org
+ - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
+ [sshd.8 sshd.c]
+ add -t option to test configuration file and keys; pekkas@netcore.fi
ok markus@
- - jmc@cvs.openbsd.org 2005/03/01 17:22:06
+ - rees@cvs.openbsd.org 2001/07/26 20:04:27
+ [scard.c ssh-keygen.c]
+ Inquire Cyberflex class for 0xf0 cards
+ change aid to conform to 7816-5
+ remove gratuitous fid selects
+ - millert@cvs.openbsd.org 2001/07/27 14:50:45
[ssh.c]
- sync usage() w/ man SYNOPSIS;
+ If smart card support is compiled in and a smart card is being used
+ for authentication, make it the first method used. markus@ OK
+ - deraadt@cvs.openbsd.org 2001/07/27 17:26:16
+ [scp.c]
+ shorten lines
+ - markus@cvs.openbsd.org 2001/07/28 09:21:15
+ [sshd.8]
+ cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
+ - mouring@cvs.openbsd.org 2001/07/29 17:02:46
+ [scp.1]
+ Clarified -o option in scp.1 OKed by Markus@
+ - jakob@cvs.openbsd.org 2001/07/30 16:06:07
+ [scard.c scard.h]
+ better errorcodes from sc_*; ok markus@
+ - stevesk@cvs.openbsd.org 2001/07/30 16:23:30
+ [rijndael.c rijndael.h]
+ new BSD-style license:
+ Brian Gladman <brg@gladman.plus.com>:
+ >I have updated my code at:
+ >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
+ >with a copyright notice as follows:
+ >[...]
+ >I am not sure which version of my old code you are using but I am
+ >happy for the notice above to be substituted for my existing copyright
+ >intent if this meets your purpose.
+ - jakob@cvs.openbsd.org 2001/07/31 08:41:10
+ [scard.c]
+ do not complain about missing smartcards. ok markus@
+ - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+ [readconf.c readconf.h ssh.1 ssh.c]
+ add 'SmartcardDevice' client option to specify which smartcard device
+ is used to access a smartcard used for storing the user's private RSA
+ key. ok markus@.
+ - jakob@cvs.openbsd.org 2001/07/31 12:42:50
+ [sftp-int.c sftp-server.c]
+ avoid paths beginning with "//"; <vinschen@redhat.com>
ok markus@
- - jmc@cvs.openbsd.org 2005/03/01 17:32:19
- [ssh-add.1]
- sort options;
- - jmc@cvs.openbsd.org 2005/03/01 18:15:56
- [ssh-keygen.1]
- sort options (no attempt made at synopsis clean up though);
- spelling (occurance -> occurrence);
- use prompt before examples;
- grammar;
- - djm@cvs.openbsd.org 2005/03/02 01:00:06
- [sshconnect.c]
- fix addition of new hashed hostnames when CheckHostIP=yes;
- found and ok dtucker@
- - djm@cvs.openbsd.org 2005/03/02 01:27:41
+ - jakob@cvs.openbsd.org 2001/07/31 12:53:34
+ [scard.c]
+ close smartcard connection if card is missing
+ - markus@cvs.openbsd.org 2001/08/01 22:03:33
+ [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
+ ssh-agent.c ssh.c]
+ use strings instead of ints for smartcard reader ids
+ - markus@cvs.openbsd.org 2001/08/01 22:16:45
+ [ssh.1 sshd.8]
+ refer to current ietf drafts for protocol v2
+ - markus@cvs.openbsd.org 2001/08/01 23:33:09
[ssh-keygen.c]
- ignore hostnames with metachars when hashing; ok deraadt@
- - djm@cvs.openbsd.org 2005/03/02 02:21:07
- [ssh.1]
- bz#987: mention ForwardX11Trusted in ssh.1,
- reported by andrew.benham AT thus.net; ok deraadt@
- - (tim) [regress/agent-ptrace.sh] add another possible gdb error.
-
-20050301
- - (djm) OpenBSD CVS sync:
- - otto@cvs.openbsd.org 2005/02/16 09:56:44
+ allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
+ like sectok).
+ - markus@cvs.openbsd.org 2001/08/01 23:38:45
+ [scard.c ssh.c]
+ support finish rsa keys.
+ free public keys after login -> call finish -> close smartcard.
+ - markus@cvs.openbsd.org 2001/08/02 00:10:17
+ [ssh-keygen.c]
+ add -D readerid option (download, i.e. print public RSA key to stdout).
+ check for card present when uploading keys.
+ use strings instead of ints for smartcard reader ids, too.
+ - jakob@cvs.openbsd.org 2001/08/02 08:58:35
+ [ssh-keygen.c]
+ change -u (upload smartcard key) to -U. ok markus@
+ - jakob@cvs.openbsd.org 2001/08/02 15:06:52
+ [ssh-keygen.c]
+ more verbose usage(). ok markus@
+ - jakob@cvs.openbsd.org 2001/08/02 15:07:23
+ [ssh-keygen.1]
+ document smartcard upload/download. ok markus@
+ - jakob@cvs.openbsd.org 2001/08/02 15:32:10
[ssh.c]
- Better diagnostic if an identity file is not accesible. ok markus@ djm@
- - djm@cvs.openbsd.org 2005/02/18 03:05:53
- [canohost.c]
- better error messages for getnameinfo failures; ok dtucker@
- - djm@cvs.openbsd.org 2005/02/20 22:59:06
- [sftp.c]
- turn on ssh batch mode when in sftp batch mode, patch from
- jdmossh AT nand.net;
- ok markus@
- - jmc@cvs.openbsd.org 2005/02/25 10:55:13
- [sshd.8]
- add /etc/motd and $HOME/.hushlogin to FILES;
- from michael knudsen;
- - djm@cvs.openbsd.org 2005/02/28 00:54:10
- [ssh_config.5]
- bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
- orion AT cora.nwra.com; ok markus@
- - djm@cvs.openbsd.org 2005/03/01 10:09:52
- [auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
- [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
- [sshd_config.5]
- bz#413: allow optional specification of bind address for port forwardings.
- Patch originally by Dan Astorian, but worked on by several people
- Adds GatewayPorts=clientspecified option on server to allow remote
- forwards to bind to client-specified ports.
- - djm@cvs.openbsd.org 2005/03/01 10:40:27
- [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
- [sshconnect.c sshd.8]
- add support for hashing host names and addresses added to known_hosts
- files, to improve privacy of which hosts user have been visiting; ok
- markus@ deraadt@
- - djm@cvs.openbsd.org 2005/03/01 10:41:28
+ add smartcard to usage(). ok markus@
+ - jakob@cvs.openbsd.org 2001/08/02 15:43:57
+ [ssh-agent.c ssh.c ssh-keygen.c]
+ add /* SMARTCARD */ to #else/#endif. ok markus@
+ - jakob@cvs.openbsd.org 2001/08/02 16:14:05
+ [scard.c ssh-agent.c ssh.c ssh-keygen.c]
+ clean up some /* SMARTCARD */. ok markus@
+ - mpech@cvs.openbsd.org 2001/08/02 18:37:35
+ [ssh-keyscan.1]
+ o) .Sh AUTHOR -> .Sh AUTHORS;
+ o) .Sh EXAMPLE -> .Sh EXAMPLES;
+ o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
+
+ millert@ ok
+ - jakob@cvs.openbsd.org 2001/08/03 10:31:19
+ [ssh-add.1]
+ document smartcard options. ok markus@
+ - jakob@cvs.openbsd.org 2001/08/03 10:31:30
+ [ssh-add.c ssh-agent.c ssh-keyscan.c]
+ improve usage(). ok markus@
+ - markus@cvs.openbsd.org 2001/08/05 23:18:20
[ssh-keyscan.1 ssh-keyscan.c]
- option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
- - djm@cvs.openbsd.org 2005/03/01 10:42:49
- [ssh-keygen.1 ssh-keygen.c ssh_config.5]
- add tools for managing known_hosts files with hashed hostnames, including
- hashing existing files and deleting hosts by name; ok markus@ deraadt@
-
-20050226
- - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
- Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
- - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
- Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
- more. Patch from vinschen at redhat.com.
- - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
- binaries without the config files. Primarily useful for packaging.
- Patch from phil at usc.edu. ok djm@
-
-20050224
- - (djm) [configure.ac] in_addr_t test needs sys/types.h too
-
-20050222
- - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
- vinschen at redhat.com.
-
-20050220
- - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
- defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
- --with-audit=bsm to enable. Patch originally from Sun Microsystems,
- parts by John R. Jackson. ok djm@
- - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
- unrelated platforms to be configured incorrectly.
-
-20050216
- - (djm) write seed to temporary file and atomically rename into place;
- ok dtucker@
- - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
- via mkstemp in some configurations. ok djm@
- - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
- by the system headers.
- - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
- Unix; prevents problems relating to the location of -lresolv in the
- link order.
- - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
- authentication early enough to be available to PAM session modules when
- privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
- Hartman and similar to Debian's ssh-krb5 package.
- - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
- compiler warnings on AIX.
-
-20050215
- - (dtucker) [config.sh.in] Collect oslevel -r too.
- - (dtucker) [README.platform auth.c configure.ac loginrec.c
- openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
- on AIX where possible (see README.platform for details) and work around
- a misfeature of AIX's getnameinfo. ok djm@
- - (dtucker) [loginrec.c] Add missing #include.
-
-20050211
- - (dtucker) [configure.ac] Tidy up configure --help output.
- - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
-
-20050210
- - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
- --disable-etc-default-login configure option.
-
-20050209
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2005/01/28 09:45:53
- [ssh_config]
- Make it clear that the example entries in ssh_config are only some of the
- commonly-used options and refer the user to ssh_config(5) for more
- details; ok djm@
- - jmc@cvs.openbsd.org 2005/01/28 15:05:43
- [ssh_config.5]
- grammar;
- - jmc@cvs.openbsd.org 2005/01/28 18:14:09
- [ssh_config.5]
- wording;
- ok markus@
- - dtucker@cvs.openbsd.org 2005/01/30 11:18:08
- [monitor.c]
- Make code match intent; ok djm@
- - dtucker@cvs.openbsd.org 2005/02/08 22:24:57
- [sshd.c]
- Provide reason in error message if getnameinfo fails; ok markus@
- - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
- disable_forwarding() from compat library. Prevent linker errrors trying
- to resolve it for binaries other than sshd. ok djm@
- - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
- paths. ok djm@
- - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
- the username to be passed to the passwd command when changing expired
- passwords. ok djm@
-
-20050208
- - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
- regress tests so newer versions of GNU head(1) behave themselves. Patch
- by djm, so ok me.
- - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
- - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
- monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
- defines and enums with SSH_ to prevent namespace collisions on some
- platforms (eg AIX).
-
-20050204
- - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
- - (dtucker) [auth.c] Fix parens in audit log check.
-
-20050202
- - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
- rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
- - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
- Make record_failed_login() call provide hostname rather than having the
- implementations having to do lookups themselves. Only affects AIX and
- UNICOS (the latter only uses the "user" parameter anyway). ok djm@
- - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
- the process. Since we also unset KRB5CCNAME at startup, if it's set after
- authentication it must have been set by the platform's native auth system.
- This was already done for AIX; this enables it for the general case.
- - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
- Bug #974: Teach sshd to write failed login records to btmp for failed auth
- attempts (currently only for password, kbdint and C/R, only on Linux and
- HP-UX), based on code from login.c from util-linux. With ashok_kovai at
- hotmail.com, ok djm@
- - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
- monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
- (first stage) Add audit instrumentation to sshd, currently disabled by
- default. with suggestions from and ok djm@
-
-20050201
- - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
- platforms syslog will revert to its default values. This may result in
- messages from external libraries (eg libwrap) being sent to a different
- facility.
- - (dtucker) [sshd_config.5] Bug #701: remove warning about
- keyboard-interactive since this is no longer the case.
-
-20050124
- - (dtucker) OpenBSD CVS Sync
- - otto@cvs.openbsd.org 2005/01/21 08:32:02
- [auth-passwd.c sshd.c]
- Warn in advance for password and account expiry; initialize loginmsg
- buffer earlier and clear it after privsep fork. ok and help dtucker@
- markus@
- - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
- [auth.c]
- Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
- DenyGroups. bz #909, ok djm@
- - djm@cvs.openbsd.org 2005/01/23 10:18:12
- [cipher.c]
- config option "Ciphers" should be case-sensitive; ok dtucker@
- - dtucker@cvs.openbsd.org 2005/01/24 10:22:06
- [scp.c sftp.c]
- Have scp and sftp wait for the spawned ssh to exit before they exit
- themselves. This prevents ssh from being unable to restore terminal
- modes (not normally a problem on OpenBSD but common with -Portable
- on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
- ok djm@ markus@
- - dtucker@cvs.openbsd.org 2005/01/24 10:29:06
- [moduli]
- Import new moduli; requested by deraadt@ a week ago
- - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
- [auth-passwd.c]
- #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
-
-20050120
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/12/23 17:35:48
- [session.c]
- check for NULL; from mpech
- - markus@cvs.openbsd.org 2004/12/23 17:38:07
- [ssh-keygen.c]
- leak; from mpech
- - djm@cvs.openbsd.org 2004/12/23 23:11:00
- [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
- bz #898: support AddressFamily in sshd_config. from
- peak@argo.troja.mff.cuni.cz; ok deraadt@
- - markus@cvs.openbsd.org 2005/01/05 08:51:32
- [sshconnect.c]
- remove dead code, log connect() failures with level error, ok djm@
- - jmc@cvs.openbsd.org 2005/01/08 00:41:19
- [sshd_config.5]
- `login'(n) -> `log in'(v);
- - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
- [moduli.c]
- Correct spelling: SCHNOOR->SCHNORR; ok djm@
- - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
- [sshd.c]
- Make debugging output continue after reexec; ok djm@
- - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
- [auth-bsdauth.c auth2-chall.c]
- Have keyboard-interactive code call the drivers even for responses for
- invalid logins. This allows the drivers themselves to decide how to
- handle them and prevent leaking information where possible. Existing
- behaviour for bsdauth is maintained by checking authctxt->valid in the
- bsdauth driver. Note that any third-party kbdint drivers will now need
- to be able to handle responses for invalid logins. ok markus@
- - djm@cvs.openbsd.org 2004/12/22 02:13:19
- [cipher-ctr.c cipher.c]
- remove fallback AES support for old OpenSSL, as OpenBSD has had it for
- many years now; ok deraadt@
- (Id sync only: Portable will continue to support older OpenSSLs)
- - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
- existence via keyboard-interactive/pam, in conjunction with previous
- auth2-chall.c change; with Colin Watson and djm.
- - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
- bytes to prevent errors from login_init_entry() when the username is
- exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
- - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
- the list of available kbdint devices if UsePAM=no. ok djm@
-
-20050118
- - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
- "make survey" and "make send-survey". This will provide data on the
- configure parameters, platform and platform features to the development
- team, which will allow (among other things) better targetting of testing.
- It's entirely voluntary and is off be default. ok djm@
- - (dtucker) [survey.sh.in] Remove any blank lines from the output of
- ccver-v and ccver-V.
-
-20041220
- - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
- from prngd is enabled at compile time but fails at run time, eg because
- prngd is not running. Note that if you have prngd running when OpenSSH is
- built, OpenSSL will consider itself internally seeded and rand-helper won't
- be built at all unless explicitly enabled via --with-rand-helper. ok djm@
- - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
- on some wacky platforms (eg old AIXes), dd will refuse to create an output
- file if it doesn't exist.
-
-20041213
- - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
- amarendra.godbole at ge com.
-
-20041211
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/12/06 16:00:43
- [bufaux.c]
- use 0x00 not \0 since buf[] is a bignum
- - fgsch@cvs.openbsd.org 2004/12/10 03:10:42
- [sftp.c]
- - fix globbed ls for paths the same lenght as the globbed path when
- we have a unique matching.
- - fix globbed ls in case of a directory when we have a unique matching.
- - as a side effect, if the path does not exist error (used to silently
- ignore).
- - don't do extra do_lstat() if we only have one matching file.
- djm@ ok
- - dtucker@cvs.openbsd.org 2004/12/11 01:48:56
- [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
- Fix debug call in error path of authorized_keys processing and fix related
- warnings; ok djm@
-
-20041208
- - (tim) [configure.ac] Comment some non obvious platforms in the
- target-specific case statement. Suggested and OK by dtucker@
-
-20041207
- - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
-
-20041206
- - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/11/25 22:22:14
- [sftp-client.c sftp.c]
- leak; from mpech
- - jmc@cvs.openbsd.org 2004/11/29 00:05:17
- [sftp.1]
- missing full stop;
- - djm@cvs.openbsd.org 2004/11/29 07:41:24
- [sftp-client.h sftp.c]
- Some small fixes from moritz@jodeit.org. ok deraadt@
- - jaredy@cvs.openbsd.org 2004/12/05 23:55:07
- [sftp.1]
- - explain that patterns can be used as arguments in get/put/ls/etc
- commands (prodded by Michael Knudsen)
- - describe ls flags as a list
- - other minor improvements
- ok jmc, djm
- - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
- [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
- Discard over-length authorized_keys entries rather than complaining when
- they don't decode. bz #884, with & ok djm@
- - (dtucker) OpenBSD CVS Sync (regress/)
- - djm@cvs.openbsd.org 2004/06/26 06:16:07
- [reexec.sh]
- don't change the name of the copied sshd for the reexec fallback test,
- makes life simpler for portable
- - dtucker@cvs.openbsd.org 2004/07/08 12:59:35
- [scp.sh]
- Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@
- - david@cvs.openbsd.org 2004/07/09 19:45:43
- [Makefile]
- add a missing CLEANFILES used in the re-exec test
- - djm@cvs.openbsd.org 2004/10/08 02:01:50
- [reexec.sh]
- shrink and tidy; ok dtucker@
- - djm@cvs.openbsd.org 2004/10/29 23:59:22
- [Makefile added brokenkeys.sh]
- regression test for handling of corrupt keys in authorized_keys file
- - djm@cvs.openbsd.org 2004/11/07 00:32:41
- [multiplex.sh]
- regression tests for new multiplex commands
- - dtucker@cvs.openbsd.org 2004/11/25 09:39:27
- [test-exec.sh]
- Remove obsolete RhostsAuthentication from test config; ok markus@
- - dtucker@cvs.openbsd.org 2004/12/06 10:49:56
- [test-exec.sh]
- Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
-
-20041203
- - (dtucker) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2004/11/07 17:42:36
+ ssh 2 support; from wayned@users.sourceforge.net
+ - markus@cvs.openbsd.org 2001/08/05 23:29:58
+ [ssh-keyscan.c]
+ make -t dsa work with commercial servers, too
+ - stevesk@cvs.openbsd.org 2001/08/06 19:47:05
+ [scp.c]
+ use alarm vs. setitimer for portable; ok markus@
+ - (bal) ssh-keyscan double -lssh hack due to seed_rng().
+ - (bal) Second around of UNICOS patches. A few other things left.
+ Patches by William L. Jones <jones@mail.utexas.edu>
+
+20010803
+ - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
+ a fast UltraSPARC.
+
+20010726
+ - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
+ handler has converged.
+
+20010725
+ - (bal) Added 'install-nokeys' to Makefile to assist package builders.
+
+20010724
+ - (bal) 4711 not 04711 for ssh binary.
+
+20010722
+ - (bal) Starting the Unicossmk merger. File merged TODO, configure.in,
+ myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in.
+ Added openbsd-compat/bsd-cray.c. Rest will be merged after
+ approval. Selective patches from William L. Jones
+ <jones@mail.utexas.edu>
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/07/18 21:10:43
+ [sshpty.c]
+ pr #1946, allow sshd if /dev is readonly
+ - stevesk@cvs.openbsd.org 2001/07/18 21:40:40
+ [ssh-agent.c]
+ chdir("/") from bbraun@synack.net; ok markus@
+ - stevesk@cvs.openbsd.org 2001/07/19 00:41:44
[ssh.1]
- options sort, and whitespace;
- - jmc@cvs.openbsd.org 2004/11/07 17:57:30
- [ssh.c]
- usage():
- - add -O
- - sync -S w/ manpage
- - remove -h
- - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
- subsequently denied by the PAM auth stack, send the PAM message to the
- user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
- ok djm@
-
-20041107
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/11/05 12:19:56
- [sftp.c]
- command editing and history support via libedit; ok markus@
- thanks to hshoexer@ and many testers on tech@ too
- - djm@cvs.openbsd.org 2004/11/07 00:01:46
- [clientloop.c clientloop.h ssh.1 ssh.c]
- add basic control of a running multiplex master connection; including the
- ability to check its status and request it to exit; ok markus@
- - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
- option and supporting makefile bits and documentation.
-
-20041105
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/08/30 09:18:08
- [LICENCE]
- s/keygen/keyscan/
- - jmc@cvs.openbsd.org 2004/08/30 21:22:49
- [ssh-add.1 ssh.1]
- .Xsession -> .xsession;
- originally from a pr from f at obiit dot org, but missed by myself;
- ok markus@ matthieu@
- - djm@cvs.openbsd.org 2004/09/07 23:41:30
- [clientloop.c ssh.c]
- cleanup multiplex control socket on SIGHUP too, spotted by sturm@
- ok markus@ deraadt@
- - deraadt@cvs.openbsd.org 2004/09/15 00:46:01
- [ssh.c]
- /* fallthrough */ is something a programmer understands. But
- /* FALLTHROUGH */ is also understood by lint, so that is better.
- - jaredy@cvs.openbsd.org 2004/09/15 03:25:41
- [sshd_config.5]
- mention PrintLastLog only prints last login time for interactive
- sessions, like PrintMotd mentions.
- From Michael Knudsen, with wording changed slightly to match the
- PrintMotd description.
- ok djm
- - mickey@cvs.openbsd.org 2004/09/15 18:42:27
- [sshd.c]
- use less doubles in daemons; markus@ ok
- - deraadt@cvs.openbsd.org 2004/09/15 18:46:04
+ escape chars are below now
+ - markus@cvs.openbsd.org 2001/07/20 14:46:11
+ [ssh-agent.c]
+ do not exit() from signal handlers; ok deraadt@
+ - stevesk@cvs.openbsd.org 2001/07/20 18:41:51
+ [ssh.1]
+ "the" command line
+
+20010719
+ - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS.
+ report from Mark Miller <markm@swoon.net>
+
+20010718
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/07/14 15:10:17
+ [readpass.c sftp-client.c sftp-common.c sftp-glob.c]
+ delete spurious #includes; ok deraadt@ markus@
+ - markus@cvs.openbsd.org 2001/07/15 16:17:08
+ [serverloop.c]
+ schedule client alive for ssh2 only, greg@cheers.bungi.com
+ - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
+ [ssh-agent.1]
+ -d will not fork; ok markus@
+ - stevesk@cvs.openbsd.org 2001/07/15 16:58:29
+ [ssh-agent.c]
+ typo in usage; ok markus@
+ - markus@cvs.openbsd.org 2001/07/17 20:48:42
+ [ssh-agent.c]
+ update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
+ - markus@cvs.openbsd.org 2001/07/17 21:04:58
+ [channels.c channels.h clientloop.c nchan.c serverloop.c]
+ keep track of both maxfd and the size of the malloc'ed fdsets.
+ update maxfd if maxfd gets closed.
+ - mouring@cvs.openbsd.org 2001/07/18 16:45:52
[scp.c]
- scratch that do { } while (0) wrapper in this case
- - djm@cvs.openbsd.org 2004/09/23 13:00:04
- [ssh.c]
- correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
- - djm@cvs.openbsd.org 2004/09/25 03:45:14
- [sshd.c]
- these printf args are no longer double; ok deraadt@ markus@
- - djm@cvs.openbsd.org 2004/10/07 10:10:24
- [scp.1 sftp.1 ssh.1 ssh_config.5]
- document KbdInteractiveDevices; ok markus@
- - djm@cvs.openbsd.org 2004/10/07 10:12:36
+ Missing -o in scp usage()
+ - (bal) Cleaned up trailing spaces in ChangeLog.
+ - (bal) Allow sshd to switch user context without password for Cygwin.
+ Patch by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Updated cygwin README and ssh-host-config. Patch by
+ Corinna Vinschen <vinschen@redhat.com>
+
+20010715
+ - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by
+ Josh Larios <jdlarios@cac.washington.edu>
+ - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in.
+ needed by openbsd-compat/fake-getaddrinfo.c
+
+20010714
+ - (stevesk) change getopt() declaration
+ - (stevesk) configure.in: use ll suffix for long long constant
+ in snprintf() test
+
+20010713
+ - (djm) Enable /etc/nologin check on PAM systems, as some lack the
+ pam_nologin module. Report from William Yodlowsky
+ <bsd@openbsd.rutgers.edu>
+ - (djm) Revert dirname fix, a better one is on its way.
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/07/04 22:47:19
[ssh-agent.c]
- don't unlink agent socket when bind() fails, spotted by rich AT
- rich-paul.net, ok markus@
- - markus@cvs.openbsd.org 2004/10/20 11:48:53
- [packet.c ssh1.h]
- disconnect for invalid (out of range) message types.
- - djm@cvs.openbsd.org 2004/10/29 21:47:15
- [channels.c channels.h clientloop.c]
- fix some window size change bugs for multiplexed connections: windows sizes
- were not being updated if they had changed after ~^Z suspends and SIGWINCH
- was not being processed unless the first connection had requested a tty;
- ok markus
- - djm@cvs.openbsd.org 2004/10/29 22:53:56
- [clientloop.c misc.h readpass.c ssh-agent.c]
- factor out common permission-asking code to separate function; ok markus@
- - djm@cvs.openbsd.org 2004/10/29 23:56:17
- [bufaux.c bufaux.h buffer.c buffer.h]
- introduce a new buffer API that returns an error rather than fatal()ing
- when presented with bad data; ok markus@
- - djm@cvs.openbsd.org 2004/10/29 23:57:05
- [key.c]
- use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
- files; ok markus@
-
-20041102
- - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
- 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
- only if a conflict is detected.
-
-20041019
- - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
- on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
-
-20041016
- - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
- ok dtucker@
-
-20041006
- - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
- and other PAM platforms.
- - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
- to void * to appease picky compilers (eg Tru64's "cc -std1").
-
-20040930
- - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@
-
-20040923
- - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
- which could have caused the justification to be wrong. ok djm@
-
-20040921
- - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
- ok djm@
- - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
- install process. Patch from vinschen at redhat.com.
-
-20040912
- - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
- No change in resultant binary
- - (djm) [loginrec.c] __func__ifiy
- - (djm) [loginrec.c] xmalloc
- - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
- banner. Suggested by deraadt@, ok mouring@, dtucker@
- - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
- Partly by & ok djm@.
-
-20040911
- - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
- - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
- failing PAM session modules to user then exit, similar to the way
- /etc/nologin is handled. ok djm@
- - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
- - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
- Make cygwin code more consistent with that which surrounds it
- - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
- Bug #892: Send messages from failing PAM account modules to the client via
- SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
- SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
- - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@
- - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
- Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
- - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
- at anl.gov, ok djm@
-
-20040830
- - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
- copy required environment variables on Cygwin. Patch from vinschen at
- redhat.com, ok djm@
- - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
- vinschen at redhat.com.
- - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
- of shell constructs. Patch from cjwatson at debian.org.
-
-20040829
- - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
- failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
- From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/08/23 11:48:09
- [authfile.c]
- fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
- - djm@cvs.openbsd.org 2004/08/23 11:48:47
- [channels.c]
- typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
- - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
- [ssh-keysign.c ssh.c]
- Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
- change in Portable; ok markus@ (CVS ID sync only)
- - dtucker@cvs.openbsd.org 2004/08/23 14:29:23
- [ssh-keysign.c]
- Remove duplicate getuid(), suggested by & ok markus@
- - markus@cvs.openbsd.org 2004/08/26 16:00:55
- [ssh.1 sshd.8]
- get rid of references to rhosts authentication; with jmc@
- - djm@cvs.openbsd.org 2004/08/28 01:01:48
- [sshd.c]
- don't erroneously close stdin for !reexec case, from Dave Johnson;
- ok markus@
- - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
- fixes configure warning on Solaris reported by wknox at mitre.org.
- - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
- support FD passing since multiplex requires it. Noted by tim@
- - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
- down, needed on some platforms, should be harmless on others. Patch from
- jason at devrandom.org.
- - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
- files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
- - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
- builds too, from vinschen at redhat.com.
- - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
- too; patch from cmadams at hiwaay.net.
- - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
- - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
- accounts with authentication configs that sshd can't support (ie
- SYSTEM=NONE and AUTH1=something).
-
-20040828
- - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
- vinschen at redhat.com.
-
-20040823
- - (djm) [ssh-rand-helper.c] Typo. Found by
- Martin.Kraemer AT Fujitsu-Siemens.com
- - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
- Martin.Kraemer AT Fujitsu-Siemens.com
-
-20040817
- - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/08/16 08:17:01
- [version.h]
- 3.9
- - (djm) Crank RPM spec version numbers
- - (djm) Release 3.9p1
-
-20040816
- - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
- to convince Solaris PAM to honour password complexity rules. ok djm@
-
-20040815
- - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
- it does the right thing on all platforms. ok djm@
- - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
- openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
- openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
- closefrom() replacement from sudo; ok dtucker@
- - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
- - (dtucker) [Makefile.in] Fix typo.
-
-20040814
- - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
- Explicitly set umask for mkstemp; ok djm@
- - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
- prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
- - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
- Plug AIX login recording into login_write so logins will be recorded for
- all auth types.
-
-20040813
- - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
- redhat.com
-- (dtucker) OpenBSD CVS Sync
- - avsm@cvs.openbsd.org 2004/08/11 21:43:05
- [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
- some signed/unsigned int comparison cleanups; markus@ ok
- - avsm@cvs.openbsd.org 2004/08/11 21:44:32
- [authfd.c scp.c ssh-keyscan.c]
- use atomicio instead of homegrown equivalents or read/write.
- markus@ ok
- - djm@cvs.openbsd.org 2004/08/12 09:18:24
- [sshlogin.c]
- typo in error message, spotted by moritz AT jodeit.org (Id sync only)
- - jakob@cvs.openbsd.org 2004/08/12 21:41:13
- [ssh-keygen.1 ssh.1]
- improve SSHFP documentation; ok deraadt@
- - jmc@cvs.openbsd.org 2004/08/13 00:01:43
- [ssh-keygen.1]
- kill whitespace at eol;
- - djm@cvs.openbsd.org 2004/08/13 02:51:48
- [monitor_fdpass.c]
- extra check for no message case; ok markus, deraadt, hshoexer, henning
- - dtucker@cvs.openbsd.org 2004/08/13 11:09:24
+ ignore SIGPIPE when debugging, too
+ - markus@cvs.openbsd.org 2001/07/04 23:13:10
+ [scard.c scard.h ssh-agent.c]
+ handle card removal more gracefully, add sc_close() to scard.h
+ - markus@cvs.openbsd.org 2001/07/04 23:39:07
+ [ssh-agent.c]
+ for smartcards remove both RSA1/2 keys
+ - markus@cvs.openbsd.org 2001/07/04 23:49:27
+ [ssh-agent.c]
+ handle mutiple adds of the same smartcard key
+ - espie@cvs.openbsd.org 2001/07/05 11:43:33
+ [sftp-glob.c]
+ Directly cast to the right type. Ok markus@
+ - stevesk@cvs.openbsd.org 2001/07/05 20:32:47
+ [sshconnect1.c]
+ statement after label; ok dugsong@
+ - stevesk@cvs.openbsd.org 2001/07/08 15:23:38
[servconf.c]
- Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
- ok markus@, djm@
-
-20040812
- - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/07/28 08:56:22
- [sshd.c]
- call setsid() _before_ re-exec
- - markus@cvs.openbsd.org 2004/07/28 09:40:29
- [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
- sshconnect1.c]
- more s/illegal/invalid/
- - djm@cvs.openbsd.org 2004/08/04 10:37:52
- [dh.c]
- return group14 when no primes found - fixes hang on empty /etc/moduli;
- ok markus@
- - dtucker@cvs.openbsd.org 2004/08/11 11:09:54
+ fix ``MaxStartups max''; ok markus@
+ - fgsch@cvs.openbsd.org 2001/07/09 05:58:47
+ [ssh.c]
+ Use getopt(3); markus@ ok.
+ - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
+ [session.c sftp-int.c]
+ correct type on last arg to execl(); nordin@cse.ogi.edu
+ - markus@cvs.openbsd.org 2001/07/10 21:49:12
+ [readpass.c]
+ don't panic if fork or pipe fail (just return an empty passwd).
+ - itojun@cvs.openbsd.org 2001/07/11 00:24:53
[servconf.c]
- Fix minor leak; "looks right" deraadt@
- - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
- [sshd.c]
- Don't try to close startup_pipe if it's not open; ok djm@
- - djm@cvs.openbsd.org 2004/08/11 11:59:22
- [sshlogin.c]
- check that lseek went were we told it to; ok markus@
- (Id sync only, but similar changes are needed in loginrec.c)
- - djm@cvs.openbsd.org 2004/08/11 12:01:16
- [sshlogin.c]
- make store_lastlog_message() static to appease -Wall; ok markus
- - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
- messages generated before the postauth privsep split.
-
-20040720
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/07/21 08:56:12
+ make it compilable in all 4 combination of KRB4/KRB5 settings.
+ dugsong ok
+ XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
+ -I/usr/include/kerberosV?
+ - markus@cvs.openbsd.org 2001/07/11 16:29:59
+ [ssh.c]
+ sort options string, fix -p, add -k
+ - markus@cvs.openbsd.org 2001/07/11 18:26:15
[auth.c]
- s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
- miod, ...
- - djm@cvs.openbsd.org 2004/07/21 10:33:31
- [auth1.c auth2.c]
- bz#899: Don't display invalid usernames in setproctitle
- from peak AT argo.troja.mff.cuni.cz; ok markus@
- - djm@cvs.openbsd.org 2004/07/21 10:36:23
- [gss-serv-krb5.c]
- fix function declaration
- - djm@cvs.openbsd.org 2004/07/21 11:51:29
- [canohost.c]
- bz#902: cache remote port so we don't fatal() in auth_log when remote
- connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
- ok markus@
- - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
- usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
-
-20040720
- - (djm) [log.c] bz #111: Escape more control characters when sending data
- to syslog; from peak AT argo.troja.mff.cuni.cz
- - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
- peak AT argo.troja.mff.cuni.cz
- - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
- that sshd is fixed to behave better; suggested by tim
-
-20040719
- - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
- ok dtucker@
- - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
- instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
- - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
- Report by rac AT tenzing.org
-
-20040717
- - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
- ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
- openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
- diff vs OpenBSD; ok mouring@, tested by tim@ too.
- - (dtucker) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
- [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
- readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
- session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
- sshd.c ttymodes.h]
- spaces
- - brad@cvs.openbsd.org 2004/07/12 23:34:25
- [ssh-keyscan.1]
- Fix incorrect macro, .I -> .Em
- From: Eric S. Raymond <esr at thyrsus dot com>
- ok jmc@
- - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
- [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
- Move "Last logged in at.." message generation to the monitor, right
- before recording the new login. Fixes missing lastlog message when
- /var/log/lastlog is not world-readable and incorrect datestamp when
- multiple sessions are used (bz #463); much assistance & ok markus@
-
-20040711
- - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
- the monitor to properly clean up the PAM thread (Debian bug #252676).
-
-20040709
- - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
- vinschen AT redhat.com
-
-20040708
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2004/07/03 05:11:33
- [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
- Use '\0' not 0 for string; ok djm@, deraadt@
- - dtucker@cvs.openbsd.org 2004/07/03 11:02:25
- [monitor_wrap.c]
- Put s/key functions inside #ifdef SKEY same as monitor.c,
- from des@freebsd via bz #330, ok markus@
- - dtucker@cvs.openbsd.org 2004/07/08 12:47:21
- [scp.c]
- Prevent scp from skipping the file following a double-error.
- bz #863, ok markus@
-
-20040702
- - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by
- strube at physik3.gwdg.de a long time ago.
-
-20040701
- - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
- Ensures messages from PAM modules are displayed when privsep=no.
- - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
- warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
- - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
- to pam_authenticate for challenge-response auth too. Originally from
- fcusack at fcusack.com, ok djm@
- - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
- the same version. Handle the case where someone uses --with-privsep-user=
- and the user name does not match the group name. ok dtucker@
-
-20040630
- - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
- appdata_ptr to the conversation function. ok djm@
- - (djm) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2004/06/26 09:03:21
+ no need to call dirname(pw->pw_dir).
+ note that dirname(3) modifies its argument on some systems.
+ - (djm) Reorder Makefile.in so clean targets work a little better when
+ run directly from Makefile.in
+ - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension.
+
+20010711
+ - (djm) dirname(3) may modify its argument on glibc and other systems.
+ Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
+
+20010704
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/06/25 08:25:41
+ [channels.c channels.h cipher.c clientloop.c compat.c compat.h
+ hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
+ session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
+ update copyright for 2001
+ - markus@cvs.openbsd.org 2001/06/25 17:18:27
+ [ssh-keygen.1]
+ sshd(8) will never read the private keys, but ssh(1) does;
+ hugh@mimosa.com
+ - provos@cvs.openbsd.org 2001/06/25 17:54:47
+ [auth.c auth.h auth-rsa.c]
+ terminate secure_filename checking after checking homedir. that way
+ it works on AFS. okay markus@
+ - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
+ [auth2.c sshconnect2.c]
+ prototype cleanup; ok markus@
+ - markus@cvs.openbsd.org 2001/06/26 02:47:07
+ [ssh-keygen.c]
+ allow loading a private RSA key to a cyberflex card.
+ - markus@cvs.openbsd.org 2001/06/26 04:07:06
+ [ssh-agent.1 ssh-agent.c]
+ add debug flag
+ - markus@cvs.openbsd.org 2001/06/26 04:59:59
+ [authfd.c authfd.h ssh-add.c]
+ initial support for smartcards in the agent
+ - markus@cvs.openbsd.org 2001/06/26 05:07:43
+ [ssh-agent.c]
+ update usage
+ - markus@cvs.openbsd.org 2001/06/26 05:33:34
+ [ssh-agent.c]
+ more smartcard support.
+ - mpech@cvs.openbsd.org 2001/06/26 05:48:07
+ [sshd.8]
+ remove unnecessary .Pp between .It;
+ millert@ ok
+ - markus@cvs.openbsd.org 2001/06/26 05:50:11
+ [auth2.c]
+ new interface for secure_filename()
+ - itojun@cvs.openbsd.org 2001/06/26 06:32:58
+ [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
+ buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
+ compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
+ hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
+ radix.h readconf.h readpass.h rsa.h]
+ prototype pedant. not very creative...
+ - () -> (void)
+ - no variable names
+ - itojun@cvs.openbsd.org 2001/06/26 06:33:07
+ [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
+ sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
+ ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
+ prototype pedant. not very creative...
+ - () -> (void)
+ - no variable names
+ - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
+ [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
+ servconf.c servconf.h session.c sshconnect1.c sshd.c]
+ Kerberos v5 support for SSH1, mostly from Assar Westerlund
+ <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
+ - markus@cvs.openbsd.org 2001/06/26 17:25:34
[ssh.1]
- - remove double word
- - rearrange .Bk to keep SYNOPSIS nice
- - -M before -m in options description
- - jmc@cvs.openbsd.org 2004/06/26 09:11:14
- [ssh_config.5]
- punctuation and grammar fixes. also, keep the options in order.
- - jmc@cvs.openbsd.org 2004/06/26 09:14:40
- [sshd_config.5]
- new sentence, new line;
- - avsm@cvs.openbsd.org 2004/06/26 20:07:16
- [sshd.c]
- initialise some fd variables to -1, djm@ ok
- - djm@cvs.openbsd.org 2004/06/30 08:36:59
+ document SSH_ASKPASS; fubob@MIT.EDU
+ - markus@cvs.openbsd.org 2001/06/26 17:27:25
+ [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
+ canohost.h channels.h cipher.h clientloop.h compat.h compress.h
+ crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
+ hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
+ packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
+ session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
+ sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
+ tildexpand.h uidswap.h uuencode.h xmalloc.h]
+ remove comments from .h, since they are cut&paste from the .c files
+ and out of sync
+ - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
+ [servconf.c]
+ #include <kafs.h>
+ - markus@cvs.openbsd.org 2001/06/26 20:14:11
+ [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
+ add smartcard support to the client, too (now you can use both
+ the agent and the client).
+ - markus@cvs.openbsd.org 2001/06/27 02:12:54
+ [serverloop.c serverloop.h session.c session.h]
+ quick hack to make ssh2 work again.
+ - markus@cvs.openbsd.org 2001/06/27 04:48:53
+ [auth.c match.c sshd.8]
+ tridge@samba.org
+ - markus@cvs.openbsd.org 2001/06/27 05:35:42
+ [ssh-keygen.c]
+ use cyberflex_inq_class to inquire class.
+ - markus@cvs.openbsd.org 2001/06/27 05:42:25
+ [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
+ s/generate_additional_parameters/rsa_generate_additional_parameters/
+ http://www.humppa.com/
+ - markus@cvs.openbsd.org 2001/06/27 06:26:36
+ [ssh-add.c]
+ convert to getopt(3)
+ - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
+ [ssh-keygen.c]
+ '\0' terminated data[] is ok; ok markus@
+ - markus@cvs.openbsd.org 2001/06/29 07:06:34
+ [ssh-keygen.c]
+ new error handling for cyberflex_*
+ - markus@cvs.openbsd.org 2001/06/29 07:11:01
+ [ssh-keygen.c]
+ initialize early
+ - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
+ [clientloop.c]
+ sync function definition with declaration; ok markus@
+ - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
+ [channels.c]
+ use socklen_t for getsockopt arg #5; ok markus@
+ - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
+ [channels.c channels.h clientloop.c]
+ adress -> address; ok markus@
+ - markus@cvs.openbsd.org 2001/07/02 13:59:15
+ [serverloop.c session.c session.h]
+ wait until !session_have_children(); bugreport from
+ Lutz.Jaenicke@aet.TU-Cottbus.DE
+ - markus@cvs.openbsd.org 2001/07/02 22:29:20
+ [readpass.c]
+ do not return NULL, use "" instead.
+ - markus@cvs.openbsd.org 2001/07/02 22:40:18
+ [ssh-keygen.c]
+ update for sectok.h interface changes.
+ - markus@cvs.openbsd.org 2001/07/02 22:52:57
+ [channels.c channels.h serverloop.c]
+ improve cleanup/exit logic in ssh2:
+ stop listening to channels, detach channel users (e.g. sessions).
+ wait for children (i.e. dying sessions), send exit messages,
+ cleanup all channels.
+ - (bal) forget a few new files in sync up.
+ - (bal) Makefile fix up requires scard.c
+ - (stevesk) sync misc.h
+ - (stevesk) more sync for session.c
+ - (stevesk) sync servconf.h (comments)
+ - (tim) [contrib/caldera/openssh.spec] sync with Caldera
+ - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to
+ issue warning (line 1: tokens ignored at end of directive line)
+ - (tim) [sshconnect1.c] give the compiler something to do for success:
+ if KRB5 and AFS are not defined
+ (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: })
+
+20010629
+ - (bal) Removed net_aton() since we don't use it any more
+ - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
+ - (bal) Updated zlib's home. Thanks to David Howe <DaveHowe@gmx.co.uk>.
+ - (stevesk) remove _REENTRANT #define
+ - (stevesk) session.c: use u_int for envsize
+ - (stevesk) remove cli.[ch]
+
+20010628
+ - (djm) Sync openbsd-compat with -current libc
+ - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
+ broken makefile
+ - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
+ - (bal) Remove getusershell() since it's no longer used.
+
+20010627
+ - (djm) Reintroduce pam_session call for non-pty sessions.
+ - (djm) Remove redundant and incorrect test for max auth attempts in
+ PAM kbdint code. Based on fix from Matthew Melvin
+ <matthewm@webcentral.com.au>
+ - (djm) Rename sysconfdir/primes => sysconfdir/moduli
+ - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
+ existing primes->moduli if it exists.
+ - (djm) Sync with -current openbsd-compat/readpassphrase.c:
+ - djm@cvs.openbsd.org 2001/06/27 13:23:30
+ typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
+ - (djm) Turn up warnings if gcc or egcs detected
+ - (stevesk) for HP-UX 11.X use X/Open socket interface;
+ pulls in modern socket prototypes and eliminates a number of compiler
+ warnings. see xopen_networking(7).
+ - (stevesk) fix x11 forwarding from _PATH_XAUTH change
+ - (stevesk) use X/Open socket interface for HP-UX 10.X also
+
+20010625
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/06/21 21:08:25
[session.c]
- unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
-
-20040627
- - (tim) update README files.
- - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros.
- - (dtucker) [regress/README.regress] Document new variables.
- - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
- rename handling for Linux which returns EPERM for link() on (at least some)
- filesystems that do not support hard links. sftp-server will fall back to
- stat+rename() in such cases.
- - (dtucker) [openbsd-compat/port-aix.c] Missing __func__.
-
-20040626
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/06/25 18:43:36
- [sshd.c]
- fix broken fd handling in the re-exec fallback path, particularly when
- /dev/crypto is in use; ok deraadt@ markus@
- - djm@cvs.openbsd.org 2004/06/25 23:21:38
- [sftp.c]
- bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de
-
-20040625
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/06/24 19:30:54
- [servconf.c servconf.h sshd.c]
- re-exec sshd on accept(); initial work, final debugging and ok markus@
- - djm@cvs.openbsd.org 2004/06/25 01:16:09
- [sshd.c]
- only perform tcp wrappers checks when the incoming connection is on a
- socket. silences useless warnings from regress tests that use
- proxycommand="sshd -i". prompted by david@ ok markus@
- - djm@cvs.openbsd.org 2004/06/24 19:32:00
- [regress/Makefile regress/test-exec.sh, added regress/reexec.sh]
- regress test for re-exec corner cases
- - djm@cvs.openbsd.org 2004/06/25 01:25:12
- [regress/test-exec.sh]
- clean reexec-specific junk out of text-exec.sh and simplify; idea markus@
- - dtucker@cvs.openbsd.org 2004/06/25 05:38:48
+ don't reset forced_command (we allow multiple login shells in
+ ssh2); dwd@bell-labs.com
+ - mpech@cvs.openbsd.org 2001/06/22 10:17:51
+ [ssh.1 sshd.8 ssh-keyscan.1]
+ o) .Sh AUTHOR -> .Sh AUTHORS;
+ o) remove unnecessary .Pp;
+ o) better -mdoc style;
+ o) typo;
+ o) sort SEE ALSO;
+ aaron@ ok
+ - provos@cvs.openbsd.org 2001/06/22 21:27:08
+ [dh.c pathnames.h]
+ use /etc/moduli instead of /etc/primes, okay markus@
+ - provos@cvs.openbsd.org 2001/06/22 21:28:53
+ [sshd.8]
+ document /etc/moduli
+ - markus@cvs.openbsd.org 2001/06/22 21:55:49
+ [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
+ ssh-keygen.1]
+ merge authorized_keys2 into authorized_keys.
+ authorized_keys2 is used for backward compat.
+ (just append authorized_keys2 to authorized_keys).
+ - provos@cvs.openbsd.org 2001/06/22 21:57:59
+ [dh.c]
+ increase linebuffer to deal with larger moduli; use rewind instead of
+ close/open
+ - markus@cvs.openbsd.org 2001/06/22 22:21:20
[sftp-server.c]
- Fall back to stat+rename if filesystem doesn't doesn't support hard
- links. bz#823, ok djm@
- - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h]
- Add closefrom() for platforms that don't have it.
- - (dtucker) [sshd.c] add line missing from reexec sync.
-
-20040623
- - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
- connections with empty passwords. Patch from davidwu at nbttech.com,
- ok djm@
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2004/06/22 22:42:02
- [regress/envpass.sh]
- Add quoting for test -z; ok markus@
- - dtucker@cvs.openbsd.org 2004/06/22 22:45:52
- [regress/test-exec.sh]
- Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
- arbitary options to sshd_config and ssh_config during tests. ok markus@
- - dtucker@cvs.openbsd.org 2004/06/22 22:55:56
- [regress/dynamic-forward.sh regress/test-exec.sh]
- Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
- - mouring@cvs.openbsd.org 2004/06/23 00:39:38
- [rijndael.c]
- -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@
- - dtucker@cvs.openbsd.org 2004/06/23 14:31:01
+ allow long usernames/groups in readdir
+ - markus@cvs.openbsd.org 2001/06/22 23:35:21
[ssh.c]
- Fix counting in master/slave when passing environment variables; ok djm@
- - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match
- -Wshadow change.
- - (bal) [Makefile.in] Remove opensshd.init on 'make distclean'
- - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
- Move loginrestrictions test to port-aix.c, replace with a generic hook.
- - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable.
- - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added
- reference to "findssl.sh"
-
-20040622
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/06/20 17:36:59
- [ssh.c]
- filter passed env vars at slave in connection sharing case; ok markus@
- - djm@cvs.openbsd.org 2004/06/20 18:53:39
- [sftp.c]
- make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
- (like /bin/ls); idea & ok markus@
- - djm@cvs.openbsd.org 2004/06/20 19:28:12
- [sftp.1]
- mention new -n flag
- - avsm@cvs.openbsd.org 2004/06/21 17:36:31
- [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
- cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
- monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
- ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
- sshpty.c]
- make ssh -Wshadow clean, no functional changes
- markus@ ok
- - djm@cvs.openbsd.org 2004/06/21 17:53:03
+ don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
+ - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
+ [scp.c]
+ slightly better care
+ - markus@cvs.openbsd.org 2001/06/23 00:20:57
+ [auth2.c auth.c auth.h auth-rh-rsa.c]
+ *known_hosts2 is obsolete for hostbased authentication and
+ only used for backward compat. merge ssh1/2 hostkey check
+ and move it to auth.c
+ - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
+ [sftp.1 sftp-server.8 ssh-keygen.1]
+ join .%A entries; most by bk@rt.fm
+ - markus@cvs.openbsd.org 2001/06/23 02:34:33
+ [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
+ sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
+ get rid of known_hosts2, use it for hostkey lookup, but do not
+ modify.
+ - markus@cvs.openbsd.org 2001/06/23 03:03:59
+ [sshd.8]
+ draft-ietf-secsh-dh-group-exchange-01.txt
+ - markus@cvs.openbsd.org 2001/06/23 03:04:42
+ [auth2.c auth-rh-rsa.c]
+ restore correct ignore_user_known_hosts logic.
+ - markus@cvs.openbsd.org 2001/06/23 05:26:02
+ [key.c]
+ handle sigature of size 0 (some broken clients send this).
+ - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
+ [sftp.1 sftp-server.8 ssh-keygen.1]
+ ok, tmac is now fixed
+ - markus@cvs.openbsd.org 2001/06/23 06:41:10
+ [ssh-keygen.c]
+ try to decode ssh-3.0.0 private rsa keys
+ (allow migration to openssh, not vice versa), #910
+ - itojun@cvs.openbsd.org 2001/06/23 15:12:20
+ [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
+ canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
+ hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
+ readpass.c scp.c servconf.c serverloop.c session.c sftp.c
+ sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
+ ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
+ ssh-keygen.c ssh-keyscan.c]
+ more strict prototypes. raise warning level in Makefile.inc.
+ markus ok'ed
+ TODO; cleanup headers
+ - markus@cvs.openbsd.org 2001/06/23 17:05:22
+ [ssh-keygen.c]
+ fix import for (broken?) ssh.com/f-secure private keys
+ (i tested > 1000 RSA keys)
+ - itojun@cvs.openbsd.org 2001/06/23 17:48:18
+ [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
+ kill whitespace at EOL.
+ - markus@cvs.openbsd.org 2001/06/23 19:12:43
+ [sshd.c]
+ pidfile/sigterm race; bbraun@synack.net
+ - markus@cvs.openbsd.org 2001/06/23 22:37:46
+ [sshconnect1.c]
+ consistent with ssh2: skip key if empty passphrase is entered,
+ retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
+ - markus@cvs.openbsd.org 2001/06/24 05:25:10
+ [auth-options.c match.c match.h]
+ move ip+hostname check to match.c
+ - markus@cvs.openbsd.org 2001/06/24 05:35:33
+ [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
+ switch to readpassphrase(3)
+ 2.7/8-stable needs readpassphrase.[ch] from libc
+ - markus@cvs.openbsd.org 2001/06/24 05:47:13
+ [sshconnect2.c]
+ oops, missing format string
+ - markus@cvs.openbsd.org 2001/06/24 17:18:31
+ [ttymodes.c]
+ passing modes works fine: debug2->3
+ - (djm) -Wall fix for session.c
+ - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
+ Solaris
+
+20010622
+ - (stevesk) handle systems without pw_expire and pw_change.
+
+20010621
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/06/16 08:49:38
+ [misc.c]
+ typo; dunlap@apl.washington.edu
+ - markus@cvs.openbsd.org 2001/06/16 08:50:39
+ [channels.h]
+ bad //-style comment; thx to stevev@darkwing.uoregon.edu
+ - markus@cvs.openbsd.org 2001/06/16 08:57:35
+ [scp.c]
+ no stdio or exit() in signal handlers.
+ - markus@cvs.openbsd.org 2001/06/16 08:58:34
+ [misc.c]
+ copy pw_expire and pw_change, too.
+ - markus@cvs.openbsd.org 2001/06/19 12:34:09
[session.c]
- fix fd leak for multiple subsystem connections; with markus@
- - djm@cvs.openbsd.org 2004/06/21 22:02:58
- [log.h]
- mark fatal and cleanup exit as __dead; ok markus@
- - djm@cvs.openbsd.org 2004/06/21 22:04:50
- [sftp.c]
- introduce sorting for ls, same options as /bin/ls; ok markus@
- - djm@cvs.openbsd.org 2004/06/21 22:30:45
- [sftp.c]
- prefix ls option flags with LS_
- - djm@cvs.openbsd.org 2004/06/21 22:41:31
- [sftp.1]
- document sort options
- - djm@cvs.openbsd.org 2004/06/22 01:16:39
- [sftp.c]
- don't show .files by default in ls, add -a option to turn them back on;
- ok markus
- - markus@cvs.openbsd.org 2004/06/22 03:12:13
- [regress/envpass.sh regress/multiplex.sh]
- more portable env passing tests
- - dtucker@cvs.openbsd.org 2004/06/22 05:05:45
- [monitor.c monitor_wrap.c]
- Change login->username, will prevent -Wshadow errors in Portable;
- ok markus@
- - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket".
- - (dtucker) [defines.h] Define __dead if not already defined.
- - (bal) [auth-passwd.c auth1.c] Clean up unused variables.
-
-20040620
- - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
-
-20040619
- - (dtucker) [auth-pam.c] Don't use PAM namespace for
- pam_password_change_required either.
- - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd
- init script to top level directory. Add opensshd.init.in.
- Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in
+ cleanup forced command handling, from dwd@bell-labs.com
+ - markus@cvs.openbsd.org 2001/06/19 14:09:45
+ [session.c sshd.8]
+ disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
+ - markus@cvs.openbsd.org 2001/06/19 15:40:45
+ [session.c]
+ allocate and free at the same level.
+ - markus@cvs.openbsd.org 2001/06/20 13:56:39
+ [channels.c channels.h clientloop.c packet.c serverloop.c]
+ move from channel_stop_listening to channel_free_all,
+ call channel_free_all before calling waitpid() in serverloop.
+ fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
+
+20010615
+ - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
+ around grantpt().
+ - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
+
+20010614
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/06/13 09:10:31
+ [session.c]
+ typo, use pid not s->pid, mstone@cs.loyola.edu
-20040618
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/06/17 14:52:48
- [clientloop.c clientloop.h ssh.c]
- support environment passing over shared connections; ok markus@
- - djm@cvs.openbsd.org 2004/06/17 15:10:14
- [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
- Add option for confirmation (ControlMaster=ask) via ssh-askpass before
- opening shared connections; ok markus@
- - djm@cvs.openbsd.org 2004/06/17 14:53:27
- [regress/multiplex.sh]
- shared connection env passing regress test
- - (dtucker) [regress/README.regress] Add detail on how to run a single
- test from the top-level Makefile.
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/06/17 23:56:57
- [ssh.1 ssh.c]
- sync usage() and SYNPOSIS with connection sharing changes
- - dtucker@cvs.openbsd.org 2004/06/18 06:13:25
- [sftp.c]
- Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@
- - dtucker@cvs.openbsd.org 2004/06/18 06:15:51
- [multiplex.sh]
- Use -S for scp/sftp to force the use of the ssh being tested.
- ok djm@,markus@
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/06/18 10:40:19
- [ssh.c]
- delay signal handler setup until we have finished talking to the master.
- allow interrupting of setup (e.g. if master is stuck); ok markus@
- - markus@cvs.openbsd.org 2004/06/18 10:55:43
- [ssh.1 ssh.c]
- trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask';
- ok djm
- - djm@cvs.openbsd.org 2004/06/18 11:11:54
- [channels.c clientloop.c]
- Don't explode in clientloop when we receive a bogus channel id, but
- also don't generate them to begin with; ok markus@
-
-20040617
- - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
- platforms), so test if diff understands it. Pointed out by tim@, ok djm@
- - (dtucker) OpenBSD CVS Sync regress/
- - dtucker@cvs.openbsd.org 2004/06/17 05:51:59
- [regress/multiplex.sh]
- Remove datafile between and after tests, kill sshd rather than wait;
- ok djm@
- - dtucker@cvs.openbsd.org 2004/06/17 06:00:05
- [regress/multiplex.sh]
- Use DATA and COPY for test data rather than hard-coded paths; ok djm@
- - dtucker@cvs.openbsd.org 2004/06/17 06:19:06
- [regress/multiplex.sh]
- Add small description of failing test to failure message; ok djm@
- - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need
- it.
- - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not
- enough for slow systems, especially if they don't have a kernel RNG).
-
-20040616
- - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
- code changes.
- - (dtucker) OpenBSD CVS Sync regress/
- - djm@cvs.openbsd.org 2004/04/27 09:47:30
- [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
- regress test for environment passing, SendEnv & AcceptEnv options;
+20010613
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/06/12 10:58:29
+ [session.c]
+ merge session_free into session_close()
+ merge pty_cleanup_proc into session_pty_cleanup()
+ - markus@cvs.openbsd.org 2001/06/12 16:10:38
+ [session.c]
+ merge ssh1/ssh2 tty msg parse and alloc code
+ - markus@cvs.openbsd.org 2001/06/12 16:11:26
+ [packet.c]
+ do not log() packet_set_maxsize
+ - markus@cvs.openbsd.org 2001/06/12 21:21:29
+ [session.c]
+ remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
+ we do already trust $HOME/.ssh
+ you can use .ssh/sshrc and .ssh/environment if you want to customize
+ the location of the xauth cookies
+ - markus@cvs.openbsd.org 2001/06/12 21:30:57
+ [session.c]
+ unused
+
+20010612
+ - scp.c ID update (upstream synced vfsprintf() from us)
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/06/10 11:29:20
+ [dispatch.c]
+ we support rekeying
+ protocol errors are fatal.
+ - markus@cvs.openbsd.org 2001/06/11 10:18:24
+ [session.c]
+ reset pointer to NULL after xfree(); report from solar@openwall.com
+ - markus@cvs.openbsd.org 2001/06/11 16:04:38
+ [sshd.8]
+ typo; bdubreuil@crrel.usace.army.mil
+
+20010611
+ - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
+ <markm@swoon.net>
+ - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
+ types. Patch by Jan IVEN <Jan.Iven@cern.ch>
+ - (bal) Fixed Makefile.in so that 'configure; make install' works.
+
+20010610
+ - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
+
+20010609
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/30 12:55:13
+ [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
+ packet.c serverloop.c session.c ssh.c ssh1.h]
+ channel layer cleanup: merge header files and split .c files
+ - markus@cvs.openbsd.org 2001/05/30 15:20:10
+ [ssh.c]
+ merge functions, simplify.
+ - markus@cvs.openbsd.org 2001/05/31 10:30:17
+ [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
+ packet.c serverloop.c session.c ssh.c]
+ undo the .c file split, just merge the header and keep the cvs
+ history
+ - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
+ out of ssh Attic)
+ - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
+ Attic.
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/31 13:08:04
+ [sshd_config]
+ group options and add some more comments
+ - markus@cvs.openbsd.org 2001/06/03 14:55:39
+ [channels.c channels.h session.c]
+ use fatal_register_cleanup instead of atexit, sync with x11 authdir
+ handling
+ - markus@cvs.openbsd.org 2001/06/03 19:36:44
+ [ssh-keygen.1]
+ 1-2 bits of entrophy per character (not per word), ok stevesk@
+ - markus@cvs.openbsd.org 2001/06/03 19:38:42
+ [scp.c]
+ pass -v to ssh; from slade@shore.net
+ - markus@cvs.openbsd.org 2001/06/03 20:06:11
+ [auth2-chall.c]
+ the challenge response device decides how to handle non-existing
+ users.
+ -> fake challenges for skey and cryptocard
+ - markus@cvs.openbsd.org 2001/06/04 21:59:43
+ [channels.c channels.h session.c]
+ switch uid when cleaning up tmp files and sockets; reported by
+ zen-parse@gmx.net on bugtraq
+ - markus@cvs.openbsd.org 2001/06/04 23:07:21
+ [clientloop.c serverloop.c sshd.c]
+ set flags in the signal handlers, do real work in the main loop,
+ ok provos@
+ - markus@cvs.openbsd.org 2001/06/04 23:16:16
+ [session.c]
+ merge ssh1/2 x11-fwd setup, create listener after tmp-dir
+ - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
+ [ssh-keyscan.1 ssh-keyscan.c]
+ License clarification from David Mazieres, ok deraadt@
+ - markus@cvs.openbsd.org 2001/06/05 10:24:32
+ [channels.c]
+ don't delete the auth socket in channel_stop_listening()
+ auth_sock_cleanup_proc() will take care of this.
+ - markus@cvs.openbsd.org 2001/06/05 16:46:19
+ [session.c]
+ let session_close() delete the pty. deny x11fwd if xauthfile is set.
+ - markus@cvs.openbsd.org 2001/06/06 23:13:54
+ [ssh-dss.c ssh-rsa.c]
+ cleanup, remove old code
+ - markus@cvs.openbsd.org 2001/06/06 23:19:35
+ [ssh-add.c]
+ remove debug message; Darren.Moffat@eng.sun.com
+ - markus@cvs.openbsd.org 2001/06/07 19:57:53
+ [auth2.c]
+ style is used for bsdauth.
+ disconnect on user/service change (ietf-drafts)
+ - markus@cvs.openbsd.org 2001/06/07 20:23:05
+ [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
+ sshconnect.c sshconnect1.c]
+ use xxx_put_cstring()
+ - markus@cvs.openbsd.org 2001/06/07 22:25:02
+ [session.c]
+ don't overwrite errno
+ delay deletion of the xauth cookie
+ - markus@cvs.openbsd.org 2001/06/08 15:25:40
+ [includes.h pathnames.h readconf.c servconf.c]
+ move the path for xauth to pathnames.h
+ - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
+ - (bal) ANSIify strmode()
+ - (bal) --with-catman should be --with-mantype patch by Dave
+ Dykstra <dwd@bell-labs.com>
+
+20010606
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/17 21:34:15
+ [ssh.1]
+ no spaces in PreferredAuthentications;
+ meixner@rbg.informatik.tu-darmstadt.de
+ - markus@cvs.openbsd.org 2001/05/18 14:13:29
+ [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
+ readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
+ improved kbd-interactive support. work by per@appgate.com and me
+ - djm@cvs.openbsd.org 2001/05/19 00:36:40
+ [session.c]
+ Disable X11 forwarding if xauth binary is not found. Patch from Nalin
+ Dahyabhai <nalin@redhat.com>; ok markus@
+ - markus@cvs.openbsd.org 2001/05/19 16:05:41
+ [scp.c]
+ ftruncate() instead of open()+O_TRUNC like rcp.c does
+ allows scp /path/to/file localhost:/path/to/file
+ - markus@cvs.openbsd.org 2001/05/19 16:08:43
+ [sshd.8]
+ sort options; Matthew.Stier@fnc.fujitsu.com
+ - markus@cvs.openbsd.org 2001/05/19 16:32:16
+ [ssh.1 sshconnect2.c]
+ change preferredauthentication order to
+ publickey,hostbased,password,keyboard-interactive
+ document that hostbased defaults to no, document order
+ - markus@cvs.openbsd.org 2001/05/19 16:46:19
+ [ssh.1 sshd.8]
+ document MACs defaults with .Dq
+ - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
+ [misc.c misc.h servconf.c sshd.8 sshd.c]
+ sshd command-line arguments and configuration file options that
+ specify time may be expressed using a sequence of the form:
+ time[qualifier], where time is a positive integer value and qualifier
+ is one of the following:
+ <none>,s,m,h,d,w
+ Examples:
+ 600 600 seconds (10 minutes)
+ 10m 10 minutes
+ 1h30m 1 hour 30 minutes (90 minutes)
ok markus@
- - dtucker@cvs.openbsd.org 2004/06/13 13:51:02
- [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh
- regress/scp.sh]
- Add scp regression test; with & ok markus@
- - djm@cvs.openbsd.org 2004/06/13 15:04:08
- [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
- regress test for client multiplexing; ok markus@
- - djm@cvs.openbsd.org 2004/06/13 15:16:54
- [regress/test-exec.sh]
- remove duplicate setting of $SCP; spotted by markus@
- - dtucker@cvs.openbsd.org 2004/06/16 13:15:09
- [regress/scp.sh]
- Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@
- - dtucker@cvs.openbsd.org 2004/06/16 13:16:40
- [regress/multiplex.sh]
- Silence multiplex sftp and scp tests. ok markus@
- - (dtucker) [regress/test-exec.sh]
- Move Portable-only StrictModes to top of list to make syncs easier.
- - (dtucker) [regress/README.regress]
- Add $TEST_SHELL to readme.
-
-20040615
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/05/26 08:59:57
- [sftp.c]
- exit -> _exit in forked child on error; from andrushock AT korovino.net
- - markus@cvs.openbsd.org 2004/05/26 23:02:39
+ - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
[channels.c]
- missing freeaddrinfo; Andrey Matveev
- - dtucker@cvs.openbsd.org 2004/05/27 00:50:13
- [readconf.c]
- Kill dead code after fatal(); ok djm@
- - dtucker@cvs.openbsd.org 2004/06/01 14:20:45
- [auth2-chall.c]
- Remove redundant #include; ok markus@
- - pedro@cvs.openbsd.org 2004/06/03 12:22:20
- [sftp-client.c sftp.c]
- initialize pointers, ok markus@
- - djm@cvs.openbsd.org 2004/06/13 12:53:24
- [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
- [ssh-keyscan.c sshconnect2.c sshd.c]
- implement diffie-hellman-group14-sha1 kex method (trivial extension to
- existing diffie-hellman-group1-sha1); ok markus@
- - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
- [ssh.1 ssh_config.5 sshd_config.5]
- List supported ciphers in man pages, tidy up ssh -c;
- "looks fine" jmc@, ok markus@
- - djm@cvs.openbsd.org 2004/06/13 15:03:02
- [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
- [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
- implement session multiplexing in the client (the server has supported
- this since 2.0); ok markus@
- - djm@cvs.openbsd.org 2004/06/14 01:44:39
- [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
- [sshd.c]
- set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
- - djm@cvs.openbsd.org 2004/06/15 05:45:04
+ typo in error message
+ - markus@cvs.openbsd.org 2001/05/20 17:20:36
+ [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
+ sshd_config]
+ configurable authorized_keys{,2} location; originally from peter@;
+ ok djm@
+ - markus@cvs.openbsd.org 2001/05/24 11:12:42
+ [auth.c]
+ fix comment; from jakob@
+ - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
+ [clientloop.c readconf.c ssh.c ssh.h]
+ don't perform escape processing when ``EscapeChar none''; ok markus@
+ - markus@cvs.openbsd.org 2001/05/25 14:37:32
+ [ssh-keygen.c]
+ use -P for -e and -y, too.
+ - markus@cvs.openbsd.org 2001/05/28 08:04:39
+ [ssh.c]
+ fix usage()
+ - markus@cvs.openbsd.org 2001/05/28 10:08:55
+ [authfile.c]
+ key_load_private: set comment to filename for PEM keys
+ - markus@cvs.openbsd.org 2001/05/28 22:51:11
+ [cipher.c cipher.h]
+ simpler 3des for ssh1
+ - markus@cvs.openbsd.org 2001/05/28 23:14:49
+ [channels.c channels.h nchan.c]
+ undo broken channel fix and try a different one. there
+ should be still some select errors...
+ - markus@cvs.openbsd.org 2001/05/28 23:25:24
+ [channels.c]
+ cleanup, typo
+ - markus@cvs.openbsd.org 2001/05/28 23:58:35
+ [packet.c packet.h sshconnect.c sshd.c]
+ remove some lines, simplify.
+ - markus@cvs.openbsd.org 2001/05/29 12:31:27
+ [authfile.c]
+ typo
+
+20010528
+ - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
+ Patch by Corinna Vinschen <vinschen@redhat.com>
+
+20010517
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/12 19:53:13
+ [sftp-server.c]
+ readlink does not NULL-terminate; mhe@home.se
+ - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
+ [ssh.1]
+ X11 forwarding details improved
+ - markus@cvs.openbsd.org 2001/05/16 20:51:57
+ [authfile.c]
+ return comments for private pem files, too; report from nolan@naic.edu
+ - markus@cvs.openbsd.org 2001/05/16 21:53:53
[clientloop.c]
- missed one unset_nonblock; spotted by Tim Rice
- - (djm) Fix Makefile.in for connection sharing changes
- - (djm) [ssh.c] Use separate var for address length
-
-20040603
- - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
- ok djm@
-
-20040601
- - (djm) [auth-pam.c] Add copyright for local changes
-
-20040530
- - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM
- support for PasswordAuthentication=yes. ok djm@
- - (dtucker) [auth-pam.c] Use an invalid password for root if
- PermitRootLogin != yes or the login is invalid, to prevent leaking
- information. Based on Openwall's owl-always-auth patch. ok djm@
- - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
- - (tim) [buildpkg.sh.in] New file. A more flexible version of
- contrib/solaris/buildpkg.sh used for "make package".
- - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file.
-
-20040527
- - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
- contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
- and Jim Knoble's email address , from Jim himself.
-
-20040524
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/05/19 12:17:33
- [sftp-client.c sftp.c]
- gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
- waiting for a command; ok markus@
- - dtucker@cvs.openbsd.org 2004/05/20 10:58:05
+ check for open sessions before we call select(); fixes the x11 client
+ bug reported by bowman@math.ualberta.ca
+ - markus@cvs.openbsd.org 2001/05/16 22:09:21
+ [channels.c nchan.c]
+ more select() error fixes (don't set rfd/wfd to -1).
+ - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Corrected on_exit() emulation via atexit().
+
+20010512
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/11 14:59:56
+ [clientloop.c misc.c misc.h]
+ add unset_nonblock for stdout/err flushing in client_loop().
+ - (bal) Patch to partial sync up contrib/solaris/ packaging software.
+ Patch by pete <ninjaz@webexpress.com>
+
+20010511
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/09 22:51:57
+ [channels.c]
+ fix -R for protocol 2, noticed by greg@nest.cx.
+ bug was introduced with experimental dynamic forwarding.
+ - markus@cvs.openbsd.org 2001/05/09 23:01:31
+ [rijndael.h]
+ fix prototype; J.S.Peatfield@damtp.cam.ac.uk
+
+20010509
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/06 21:23:31
+ [cli.c]
+ cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
+ - markus@cvs.openbsd.org 2001/05/08 19:17:31
+ [channels.c serverloop.c clientloop.c]
+ adds correct error reporting to async connect()s
+ fixes the server-discards-data-before-connected-bug found by
+ onoe@sm.sony.co.jp
+ - mouring@cvs.openbsd.org 2001/05/08 19:45:25
+ [misc.c misc.h scp.c sftp.c]
+ Use addargs() in sftp plus some clean up of addargs(). OK Markus
+ - markus@cvs.openbsd.org 2001/05/06 21:45:14
[clientloop.c]
- Trivial type fix 0 -> '\0'; ok markus@
- - markus@cvs.openbsd.org 2004/05/21 08:43:03
- [kex.h moduli.c tildexpand.c]
- add prototypes for -Wall; ok djm
- - djm@cvs.openbsd.org 2004/05/21 11:33:11
- [channels.c channels.h clientloop.c serverloop.c ssh.1]
- bz #756: add support for the cancel-tcpip-forward request for the server
- and the client (through the ~C commandline). reported by z3p AT
- twistedmatrix.com; ok markus@
- - djm@cvs.openbsd.org 2004/05/22 06:32:12
- [clientloop.c ssh.1]
- use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
- - jmc@cvs.openbsd.org 2004/05/22 16:01:05
+ use atomicio for flushing stdout/stderr bufs. thanks to
+ jbw@izanami.cee.hw.ac.uk
+ - markus@cvs.openbsd.org 2001/05/08 22:48:07
+ [atomicio.c]
+ no need for xmalloc.h, thanks to espie@
+ - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
+ <wayne@blorf.net>
+ - (bal) ./configure support to disable SIA on OSF1. Patch by
+ Chris Adams <cmadams@hiwaay.net>
+ - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
+ <nakaji@tutrp.tut.ac.jp>
+
+20010508
+ - (bal) Fixed configure test for USE_SIA.
+
+20010506
+ - (djm) Update config.guess and config.sub with latest versions (from
+ ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
+ Suggested by Jason Mader <jason@ncac.gwu.edu>
+ - (bal) White Space and #ifdef sync with OpenBSD
+ - (bal) Add 'seed_rng()' to ssh-add.c
+ - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
+ [sftp.1 ssh-add.1 ssh-keygen.1]
+ typos, grammar
+
+20010505
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
+ [ssh.1 sshd.8]
+ typos
+ - markus@cvs.openbsd.org 2001/05/04 14:34:34
+ [channels.c]
+ channel_new() reallocs channels[], we cannot use Channel *c after
+ calling channel_new(), XXX fix this in the future...
+ - markus@cvs.openbsd.org 2001/05/04 23:47:34
+ [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
+ move to Channel **channels (instead of Channel *channels), fixes realloc
+ problems. channel_new now returns a Channel *, favour Channel * over
+ channel id. remove old channel_allocate interface.
+
+20010504
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
+ [channels.c]
+ typo in debug() string
+ - markus@cvs.openbsd.org 2001/05/03 15:45:15
+ [session.c]
+ exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
+ - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
+ [servconf.c]
+ remove "\n" from fatal()
+ - mouring@cvs.openbsd.org 2001/05/03 23:09:53
+ [misc.c misc.h scp.c sftp.c]
+ Move colon() and cleanhost() to misc.c where I should I have put it in
+ the first place
+ - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
+ Patch by Egor Duda <deo@logos-m.ru>
+
+20010503
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/05/02 16:41:20
+ [ssh-add.c]
+ fix prompt for ssh-add.
+
+20010502
+ - OpenBSD CVS Sync
+ - mouring@cvs.openbsd.org 2001/05/02 01:25:39
+ [readpass.c]
+ Put the 'const' back into ssh_askpass() function. Pointed out
+ by Mark Miller <markm@swoon.net>. OK Markus
+
+20010501
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/30 11:18:52
+ [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
+ implement 'ssh -b bind_address' like 'telnet -b'
+ - markus@cvs.openbsd.org 2001/04/30 15:50:46
+ [compat.c compat.h kex.c]
+ allow interop with weaker key generation used by ssh-2.0.x, x < 10
+ - markus@cvs.openbsd.org 2001/04/30 16:02:49
+ [compat.c]
+ ssh-2.0.10 has the weak-key-bug, too.
+ - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
+
+20010430
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/29 18:32:52
+ [serverloop.c]
+ fix whitespace
+ - markus@cvs.openbsd.org 2001/04/29 19:16:52
+ [channels.c clientloop.c compat.c compat.h serverloop.c]
+ more ssh.com-2.0.x bug-compat; from per@appgate.com
+ - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
+ - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
+
+20010429
+ - (bal) Updated INSTALL. PCRE moved to a new place.
+ - (djm) Release OpenSSH-2.9p1
+
+20010427
+ - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
+ patch based on 2.5.2 version by djm.
+ - (bal) Build manpages and config files once unless changed. Patch by
+ Carson Gaspar <carson@taltos.org>
+ - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
+ Vinschen <vinschen@redhat.com>
+ - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
+ Pekka Savola <pekkas@netcore.fi>
+ - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
+ <vinschen@redhat.com>
+ - (bal) version.h synced, RPM specs updated for 2.9
+ - (tim) update contrib/caldera files with what Caldera is using.
+ <sps@caldera.de>
+
+20010425
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/23 21:57:07
+ [ssh-keygen.1 ssh-keygen.c]
+ allow public key for -e, too
+ - markus@cvs.openbsd.org 2001/04/23 22:14:13
+ [ssh-keygen.c]
+ remove debug
+ - (bal) Whitespace resync w/ OpenBSD for uidswap.c
+ - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
+ (default: off), implies KbdInteractiveAuthentication. Suggestion from
+ markus@
+ - (djm) Include crypt.h if available in auth-passwd.c
+ - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
+ man page detection fixes for SCO
+
+20010424
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/22 23:58:36
+ [ssh-keygen.1 ssh.1 sshd.8]
+ document hostbased and other cleanup
+ - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
+ - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
+ - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
+ <dan@mesastate.edu>
+ - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
+
+20010422
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/20 16:32:22
+ [uidswap.c]
+ set non-privileged gid before uid; tholo@ and deraadt@
+ - mouring@cvs.openbsd.org 2001/04/21 00:55:57
+ [sftp.1]
+ Spelling
+ - djm@cvs.openbsd.org 2001/04/22 08:13:30
[ssh.1]
- kill whitespace at eol;
- - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
- [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
- sshd_config.5]
- Add MaxAuthTries sshd config option; ok markus@
- - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
- is terminated if the privsep slave exits during keyboard-interactive
- authentication. ok djm@
- - (dtucker) [sshd.c] Fix typo in comment.
-
-20040523
- - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
- sshd_config; ok dtucker@
- - (djm) [configure.ac] Warn if the system has no known way of figuring out
- which user is on the other end of a Unix domain socket; ok dtucker@
- - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle
- old/broken/incomplete <sys/queue.h>.
-
-20040513
- - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
- libresolv, fixes problems detecting it on some platforms
- (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@
- - (dtucker) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2004/05/04 18:36:07
- [scp.1]
- SendEnv here too;
- - jmc@cvs.openbsd.org 2004/05/06 11:24:23
- [ssh_config.5]
- typo from John Cosimano (PR 3770);
- - deraadt@cvs.openbsd.org 2004/05/08 00:01:37
- [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
- tildexpand.c], removed: sshtty.h tildexpand.h
- make two tiny header files go away; djm ok
- - djm@cvs.openbsd.org 2004/05/08 00:21:31
- [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
- sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
- kill a tiny header; ok deraadt@
- - djm@cvs.openbsd.org 2004/05/09 00:06:47
- [moduli.c ssh-keygen.c] removed: moduli.h
- zap another tiny header; ok deraadt@
- - djm@cvs.openbsd.org 2004/05/09 01:19:28
- [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
- sshd.c] removed: mpaux.c mpaux.h
- kill some more tiny files; ok deraadt@
- - djm@cvs.openbsd.org 2004/05/09 01:26:48
- [kex.c]
- don't overwrite what we are trying to compute
- - deraadt@cvs.openbsd.org 2004/05/11 19:01:43
- [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
- packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
- improve some code lint did not like; djm millert ok
- - dtucker@cvs.openbsd.org 2004/05/13 02:47:50
- [ssh-agent.1]
- Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
- - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
- UsePAM section. Parts from djm@ and jmc@.
- - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
- readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
- - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR
- is defined before using.
- - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR
- -> HAVE_DECL_H_ERRNO.
-
-20040502
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/04/22 11:56:57
- [moduli.c]
- Bugzilla #850: Sophie Germain is the correct name of the French
- mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
- - djm@cvs.openbsd.org 2004/04/27 09:46:37
- [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
- ssh_config.5 sshd_config.5]
- bz #815: implement ability to pass specified environment variables from
- the client to the server; ok markus@
- - djm@cvs.openbsd.org 2004/04/28 05:17:10
- [ssh_config.5 sshd_config.5]
- manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
- - jmc@cvs.openbsd.org 2004/04/28 07:02:56
- [sshd_config.5]
- remove unnecessary .Pp;
- - jmc@cvs.openbsd.org 2004/04/28 07:13:42
- [sftp.1 ssh.1]
- add SendEnv to -o list;
- - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
+ typos spotted by stevesk@; ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/22 12:34:05
+ [scp.c]
+ scp > 2GB; niles@scyld.com; ok deraadt@, djm@
+ - markus@cvs.openbsd.org 2001/04/22 13:25:37
+ [ssh-keygen.1 ssh-keygen.c]
+ rename arguments -x -> -e (export key), -X -> -i (import key)
+ xref draft-ietf-secsh-publickeyfile-01.txt
+ - markus@cvs.openbsd.org 2001/04/22 13:32:27
+ [sftp-server.8 sftp.1 ssh.1 sshd.8]
+ xref draft-ietf-secsh-*
+ - markus@cvs.openbsd.org 2001/04/22 13:41:02
+ [ssh-keygen.1 ssh-keygen.c]
+ style, noted by stevesk; sort flags in usage
+
+20010421
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/04/20 07:17:51
+ [clientloop.c ssh.1]
+ Split out and improve escape character documentation, mention ~R in
+ ~? help text; ok markus@
+ - Update RPM spec files for CVS version.h
+ - (stevesk) set the default PAM service name to __progname instead
+ of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
+ - (stevesk) document PAM service name change in INSTALL
+ - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
+ fix perl test, fix nroff test, fix Makefile to build outside source tree
+
+20010420
+ - OpenBSD CVS Sync
+ - ian@cvs.openbsd.org 2001/04/18 16:21:05
+ [ssh-keyscan.1]
+ Fix typo reported in PR/1779
+ - markus@cvs.openbsd.org 2001/04/18 21:57:42
+ [readpass.c ssh-add.c]
+ call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
+ - markus@cvs.openbsd.org 2001/04/18 22:03:45
+ [auth2.c sshconnect2.c]
+ use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/18 22:48:26
+ [auth2.c]
+ no longer const
+ - markus@cvs.openbsd.org 2001/04/18 23:43:26
+ [auth2.c compat.c sshconnect2.c]
+ more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
+ (however the 2.1.0 server seems to work only if debug is enabled...)
+ - markus@cvs.openbsd.org 2001/04/18 23:44:51
+ [authfile.c]
+ error->debug; noted by fries@
+ - markus@cvs.openbsd.org 2001/04/19 00:05:11
+ [auth2.c]
+ use local variable, no function call needed.
+ (btw, hostbased works now with ssh.com >= 2.0.13)
+ - (bal) Put scp-common.h back into scp.c (it exists in the upstream
+ tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
+
+20010418
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/17 19:34:25
+ [session.c]
+ move auth_approval to do_authenticated().
+ do_child(): nuke hostkeys from memory
+ don't source .ssh/rc for subsystems.
+ - markus@cvs.openbsd.org 2001/04/18 14:15:00
+ [canohost.c]
+ debug->debug3
+ - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
+ be working again.
+ - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
+ Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
+
+20010417
+ - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
+ and temporary commented out 'catman-do:' since it is broken. Patches
+ for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
+ [key.c]
+ better safe than sorry in later mods; yongari@kt-is.co.kr
+ - markus@cvs.openbsd.org 2001/04/17 08:14:01
+ [sshconnect1.c]
+ check for key!=NULL, thanks to costa
+ - markus@cvs.openbsd.org 2001/04/17 09:52:48
+ [clientloop.c]
+ handle EINTR/EAGAIN on read; ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/17 10:53:26
+ [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
+ add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
+ - markus@cvs.openbsd.org 2001/04/17 12:55:04
+ [channels.c ssh.c]
+ undo socks5 and https support since they are not really used and
+ only bloat ssh. remove -D from usage(), since '-D' is experimental.
+
+20010416
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
+ [ttymodes.c]
+ fix comments
+ - markus@cvs.openbsd.org 2001/04/15 08:43:47
+ [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
+ some unused variable and typos; from tomh@po.crl.go.jp
+ - markus@cvs.openbsd.org 2001/04/15 16:58:03
+ [authfile.c ssh-keygen.c sshd.c]
+ don't use errno for key_{load,save}_private; discussion w/ solar@openwall
+ - markus@cvs.openbsd.org 2001/04/15 17:16:00
+ [clientloop.c]
+ set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
+ should fix some of the blocking problems for rsync over SSH-1
+ - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
[sshd.8]
- Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
- via Debian; ok djm@
- - dtucker@cvs.openbsd.org 2004/05/02 11:57:52
- [ssh.1]
- ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via
- Debian. ok djm@
- - dtucker@cvs.openbsd.org 2004/05/02 23:02:17
+ some ClientAlive cleanup; ok markus@
+ - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
+ [readconf.c servconf.c]
+ use fatal() or error() vs. fprintf(); ok markus@
+ - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
+ Roth <roth+openssh@feep.net>
+ - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
+ - (djm) OpenBSD CVS Sync
+ - mouring@cvs.openbsd.org 2001/04/16 02:31:44
+ [scp.c sftp.c]
+ IPv6 support for sftp (which I bungled in my last patch) which is
+ borrowed from scp.c. Thanks to Markus@ for pointing it out.
+ - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
+ [xmalloc.c]
+ xrealloc dealing with ptr == nULL; mouring
+ - djm@cvs.openbsd.org 2001/04/16 08:19:31
+ [session.c]
+ Split motd and hushlogin checks into seperate functions, helps for
+ portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
+ - Fix OSF SIA support displaying too much information for quiet
+ logins and logins where access was denied by SIA. Patch from Chris Adams
+ <cmadams@hiwaay.net>
+
+20010415
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
+ [ssh-add.c]
+ do not double free
+ - markus@cvs.openbsd.org 2001/04/14 16:17:14
+ [channels.c]
+ remove some channels that are not appropriate for keepalive.
+ - markus@cvs.openbsd.org 2001/04/14 16:27:57
+ [ssh-add.c]
+ use clear_pass instead of xfree()
+ - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
+ [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
+ protocol 2 tty modes support; ok markus@
+ - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
+ [scp.c]
+ 'T' handling rcp/scp sync; ok markus@
+ - Missed sshtty.[ch] in Sync.
+
+20010414
+ - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
+ - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
+ <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+ - beck@cvs.openbsd.org 2001/04/13 22:46:54
+ [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
+ Add options ClientAliveInterval and ClientAliveCountMax to sshd.
+ This gives the ability to do a "keepalive" via the encrypted channel
+ which can't be spoofed (unlike TCP keepalives). Useful for when you want
+ to use ssh connections to authenticate people for something, and know
+ relatively quickly when they are no longer authenticated. Disabled
+ by default (of course). ok markus@
+
+20010413
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/12 14:29:09
+ [ssh.c]
+ show debug output during option processing, report from
+ pekkas@netcore.fi
+ - markus@cvs.openbsd.org 2001/04/12 19:15:26
+ [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
+ compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
+ servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
+ sshconnect2.c sshd_config]
+ implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
+ similar to RhostRSAAuthentication unless you enable (the experimental)
+ HostbasedUsesNameFromPacketOnly option. please test. :)
+ - markus@cvs.openbsd.org 2001/04/12 19:39:27
+ [readconf.c]
+ typo
+ - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
+ [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
+ robust port validation; ok markus@ jakob@
+ - mouring@cvs.openbsd.org 2001/04/12 23:17:54
+ [sftp-int.c sftp-int.h sftp.1 sftp.c]
+ Add support for:
+ sftp [user@]host[:file [file]] - Fetch remote file(s)
+ sftp [user@]host[:dir[/]] - Start in remote dir/
+ OK deraadt@
+ - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
+ [ssh.c]
+ missing \n in error message
+ - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
+ lack it.
+
+20010412
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/10 07:46:58
+ [channels.c]
+ cleanup socks4 handling
+ - itojun@cvs.openbsd.org 2001/04/10 09:13:22
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ document id_rsa{.pub,}. markus ok
+ - markus@cvs.openbsd.org 2001/04/10 12:15:23
+ [channels.c]
+ debug cleanup
+ - djm@cvs.openbsd.org 2001/04/11 07:06:22
+ [sftp-int.c]
+ 'mget' and 'mput' aliases; ok markus@
+ - markus@cvs.openbsd.org 2001/04/11 10:59:01
+ [ssh.c]
+ use strtol() for ports, thanks jakob@
+ - markus@cvs.openbsd.org 2001/04/11 13:56:13
+ [channels.c ssh.c]
+ https-connect and socks5 support. i feel so bad.
+ - lebel@cvs.openbsd.org 2001/04/11 16:25:30
+ [sshd.8 sshd.c]
+ implement the -e option into sshd:
+ -e When this option is specified, sshd will send the output to the
+ standard error instead of the system log.
+ markus@ OK.
+
+20010410
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
+ [sftp.c]
+ do not modify an actual argv[] entry
+ - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
+ [sshd.8]
+ spelling
+ - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
[sftp.1]
- ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@
- - dtucker@cvs.openbsd.org 2004/05/02 23:17:51
- [scp.1]
- ConnectionTimeout -> ConnectTimeout for scp.1 too.
+ spelling
+ - markus@cvs.openbsd.org 2001/04/09 15:12:23
+ [ssh-add.c]
+ passphrase caching: ssh-add tries last passphrase, clears passphrase if
+ not successful and after last try.
+ based on discussions with espie@, jakob@, ... and code from jakob@ and
+ wolfgang@wsrcc.com
+ - markus@cvs.openbsd.org 2001/04/09 15:19:49
+ [ssh-add.1]
+ ssh-add retries the last passphrase...
+ - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
+ [sshd.8]
+ ListenAddress mandoc from aaron@
-20040423
- - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno
- as extern int if not already declared. Fixes compile errors on old SCO
- platforms. ok tim@
- - (dtucker) [README.platform] List prereqs for building on Cygwin.
+20010409
+ - (stevesk) use setresgid() for setegid() if needed
+ - (stevesk) configure.in: typo
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
+ [sshd.8]
+ document ListenAddress addr:port
+ - markus@cvs.openbsd.org 2001/04/08 13:03:00
+ [ssh-add.c]
+ init pointers with NULL, thanks to danimal@danimal.org
+ - markus@cvs.openbsd.org 2001/04/08 11:27:33
+ [clientloop.c]
+ leave_raw_mode if ssh2 "session" is closed
+ - markus@cvs.openbsd.org 2001/04/06 21:00:17
+ [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
+ ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
+ do gid/groups-swap in addition to uid-swap, should help if /home/group
+ is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
+ to olar@openwall.com is comments. we had many requests for this.
+ - markus@cvs.openbsd.org 2001/04/07 08:55:18
+ [buffer.c channels.c channels.h readconf.c ssh.c]
+ allow the ssh client act as a SOCKS4 proxy (dynamic local
+ portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
+ thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
+ netscape use localhost:1080 as a socks proxy.
+ - markus@cvs.openbsd.org 2001/04/08 11:24:33
+ [uidswap.c]
+ KNF
+
+20010408
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
+ [hostfile.c]
+ unused; typo in comment
+ - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
+ [servconf.c]
+ in addition to:
+ ListenAddress host|ipv4_addr|ipv6_addr
+ permit:
+ ListenAddress [host|ipv4_addr|ipv6_addr]:port
+ ListenAddress host|ipv4_addr:port
+ sshd.8 updates coming. ok markus@
+
+20010407
+ - (bal) CVS ID Resync of version.h
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/05 23:39:20
+ [serverloop.c]
+ keep the ssh session even if there is no active channel.
+ this is more in line with the protocol spec and makes
+ ssh -N -L 1234:server:110 host
+ more useful.
+ based on discussion with <mats@mindbright.se> long time ago
+ and recent mail from <res@shore.net>
+ - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
+ [scp.c]
+ remove trailing / from source paths; fixes pr#1756
+
+20010406
+ - (stevesk) logintest.c: fix for systems without __progname
+ - (stevesk) Makefile.in: log.o is in libssh.a
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/05 10:00:06
+ [compat.c]
+ 2.3.x does old GEX, too; report jakob@
+ - markus@cvs.openbsd.org 2001/04/05 10:39:03
+ [compress.c compress.h packet.c]
+ reset compress state per direction when rekeying.
+ - markus@cvs.openbsd.org 2001/04/05 10:39:48
+ [version.h]
+ temporary version 2.5.4 (supports rekeying).
+ this is not an official release.
+ - markus@cvs.openbsd.org 2001/04/05 10:42:57
+ [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
+ mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
+ sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
+ sshconnect2.c sshd.c]
+ fix whitespace: unexpand + trailing spaces.
+ - markus@cvs.openbsd.org 2001/04/05 11:09:17
+ [clientloop.c compat.c compat.h]
+ add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
+ - markus@cvs.openbsd.org 2001/04/05 15:45:43
+ [ssh.1]
+ ssh defaults to protocol v2; from quisar@quisar.ambre.net
+ - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
+ [canohost.c canohost.h session.c]
+ move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
+ - markus@cvs.openbsd.org 2001/04/05 20:01:10
+ [clientloop.c]
+ for ~R print message if server does not support rekeying. (and fix ~R).
+ - markus@cvs.openbsd.org 2001/04/05 21:02:46
+ [buffer.c]
+ better error message
+ - markus@cvs.openbsd.org 2001/04/05 21:05:24
+ [clientloop.c ssh.c]
+ don't request a session for 'ssh -N', pointed out slade@shore.net
+
+20010405
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/04 09:48:35
+ [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+ don't sent multiple kexinit-requests.
+ send newkeys, block while waiting for newkeys.
+ fix comments.
+ - markus@cvs.openbsd.org 2001/04/04 14:34:58
+ [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
+ enable server side rekeying + some rekey related clientup.
+ todo: we should not send any non-KEX messages after we send KEXINIT
+ - markus@cvs.openbsd.org 2001/04/04 15:50:55
+ [compat.c]
+ f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
+ - markus@cvs.openbsd.org 2001/04/04 20:25:38
+ [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
+ sshconnect2.c sshd.c]
+ more robust rekeying
+ don't send channel data after rekeying is started.
+ - markus@cvs.openbsd.org 2001/04/04 20:32:56
+ [auth2.c]
+ we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/04 22:04:35
+ [kex.c kexgex.c serverloop.c]
+ parse full kexinit packet.
+ make server-side more robust, too.
+ - markus@cvs.openbsd.org 2001/04/04 23:09:18
+ [dh.c kex.c packet.c]
+ clear+free keys,iv for rekeying.
+ + fix DH mem leaks. ok niels@
+ - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
+ BROKEN_VHANGUP
+
+20010404
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
+ [ssh-agent.1]
+ grammar; slade@shore.net
+ - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
+ [sftp-glob.c ssh-agent.c ssh-keygen.c]
+ free() -> xfree()
+ - markus@cvs.openbsd.org 2001/04/03 19:53:29
+ [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
+ move kex to kex*.c, used dispatch_set() callbacks for kex. should
+ make rekeying easier.
+ - todd@cvs.openbsd.org 2001/04/03 21:19:38
+ [ssh_config]
+ id_rsa1/2 -> id_rsa; ok markus@
+ - markus@cvs.openbsd.org 2001/04/03 23:32:12
+ [kex.c kex.h packet.c sshconnect2.c sshd.c]
+ undo parts of recent my changes: main part of keyexchange does not
+ need dispatch-callbacks, since application data is delayed until
+ the keyexchange completes (if i understand the drafts correctly).
+ add some infrastructure for re-keying.
+ - markus@cvs.openbsd.org 2001/04/04 00:06:54
+ [clientloop.c sshconnect2.c]
+ enable client rekeying
+ (1) force rekeying with ~R, or
+ (2) if the server requests rekeying.
+ works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
+ - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
+
+20010403
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
+ [sshd.8]
+ typo; ok markus@
+ - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
+ [readconf.c servconf.c]
+ correct comment; ok markus@
+ - (stevesk) nchan.c: remove ostate checks and add EINVAL to
+ shutdown(SHUT_RD) error() bypass for HP-UX.
-20040421
- - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@
+20010402
+ - (stevesk) log.c openbsd sync; missing newlines
+ - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
-20040420
+20010330
+ - (djm) Another openbsd-compat/glob.c sync
- (djm) OpenBSD CVS Sync
- - henning@cvs.openbsd.org 2004/04/08 16:08:21
+ - provos@cvs.openbsd.org 2001/03/28 21:59:41
+ [kex.c kex.h sshconnect2.c sshd.c]
+ forgot to include min and max params in hash, okay markus@
+ - provos@cvs.openbsd.org 2001/03/28 22:04:57
+ [dh.c]
+ more sanity checking on primes file
+ - markus@cvs.openbsd.org 2001/03/28 22:43:31
+ [auth.h auth2.c auth2-chall.c]
+ check auth_root_allowed for kbd-int auth, too.
+ - provos@cvs.openbsd.org 2001/03/29 14:24:59
[sshconnect2.c]
- swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what
- FreeBSD and NetBSD do.
- ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
- - djm@cvs.openbsd.org 2004/04/18 23:10:26
- [readconf.c readconf.h ssh-keysign.c ssh.c]
- perform strict ownership and modes checks for ~/.ssh/config files,
- as these can be used to execute arbitrary programs; ok markus@
- NB. ssh will now exit when it detects a config with poor permissions
- - djm@cvs.openbsd.org 2004/04/19 13:02:40
- [ssh.1 ssh_config.5]
- document strict permission checks on ~/.ssh/config; prompted by,
- with & ok jmc@
- - jmc@cvs.openbsd.org 2004/04/19 16:12:14
- [ssh_config.5]
- kill whitespace at eol;
- - djm@cvs.openbsd.org 2004/04/19 21:51:49
- [ssh.c]
- fix idiot typo that i introduced in my last commit;
- spotted by cschneid AT cschneid.com
- - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for
- above change
- - (djm) [configure.ac] Check whether libroken is required when building
- with Heimdal
-
-20040419
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2004/02/29 22:04:45
- [regress/login-timeout.sh]
- Use sudo when restarting daemon during test. ok markus@
- - dtucker@cvs.openbsd.org 2004/03/08 10:17:12
- [regress/login-timeout.sh]
- Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only)
- - djm@cvs.openbsd.org 2004/03/30 12:41:56
- [sftp-client.c]
- sync comment with reality
- - djm@cvs.openbsd.org 2004/03/31 21:58:47
- [canohost.c]
- don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
- - markus@cvs.openbsd.org 2004/04/01 12:19:57
+ use recommended defaults
+ - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
+ [sshconnect2.c sshd.c]
+ need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
+ - markus@cvs.openbsd.org 2001/03/29 21:17:40
+ [dh.c dh.h kex.c kex.h]
+ prepare for rekeying: move DH code to dh.c
+ - djm@cvs.openbsd.org 2001/03/29 23:42:01
+ [sshd.c]
+ Protocol 1 key regeneration log => verbose, some KNF; ok markus@
+
+20010329
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
+ [ssh.1]
+ document more defaults; misc. cleanup. ok markus@
+ - markus@cvs.openbsd.org 2001/03/26 23:12:42
+ [authfile.c]
+ KNF
+ - markus@cvs.openbsd.org 2001/03/26 23:23:24
+ [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
+ try to read private f-secure ssh v2 rsa keys.
+ - markus@cvs.openbsd.org 2001/03/27 10:34:08
+ [ssh-rsa.c sshd.c]
+ use EVP_get_digestbynid, reorder some calls and fix missing free.
+ - markus@cvs.openbsd.org 2001/03/27 10:57:00
+ [compat.c compat.h ssh-rsa.c]
+ some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
+ signatures in SSH protocol 2, ok djm@
+ - provos@cvs.openbsd.org 2001/03/27 17:46:50
+ [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
+ make dh group exchange more flexible, allow min and max group size,
+ okay markus@, deraadt@
+ - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
[scp.c]
- limit trust between local and remote rcp/scp process,
- noticed by lcamtuf; ok deraadt@, djm@
-
-20040418
- - (dtucker) [auth-pam.c] Log username and source host for failed PAM
- authentication attempts. With & ok djm@
- - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow
- change of user context without a password, so relax auth method
- restrictions; from vinschen AT redhat.com; ok dtucker@
-
-20040416
- - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since
- FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com
- - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
- file using FILE: method, fixes problems on Mac OSX.
- Patch from simon@sxw.org.uk; ok dtucker@
- - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and
- BROKEN_SETREGID for SCO OpenServer 3
-
-20040412
- - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning
- from bug #701 (text from jfh at cise.ufl.edu).
- - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg
- skeychallenge(), eg on NetBSD. ok mouring@
- - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly
- 4-arg, with compatibility for 3-arg versions. From djm@, ok me.
- - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@
-
-20040408
- - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating
- pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org.
- - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers
- back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple)
- - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and
- simplify loginrec.c. ok tim@
- - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested
- limiting scope and dtucker@ agreed.
-
-20040407
- - (dtucker) [session.c] Flush stdout after displaying loginmsg. From
- f_mohr at yahoo.de.
- - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see
- if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
- are starting to restrict it as internal since it is not needed by
- developers any more. (Patch based on Apple tree)
- - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
- krb5 on MacOS/X conflicts. There may be a better solution, but this will
- work for now.
-
-20040406
- - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use
- updwtmpx() on IRIX since it seems to clobber utmp. ok djm@
- - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect
- broken getaddrinfo and friends on HP-UX. ok djm@
-
-20040330
- - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on
- Linuxes, since that's what many use. ok djm@
- - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c
- to reduce potential confusion with the one in sshd.c. ok djm@
- - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection;
- with & ok dtucker@
-
-20040327
- - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent
- duplicate login messages for mutli-session logins. ok djm@
-
-20040322
- - (djm) [sshd.c] Drop supplemental groups if started as root
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/03/09 22:11:05
- [ssh.c]
- increase x11 cookie lifetime to 20 minutes; ok djm
- - markus@cvs.openbsd.org 2004/03/10 09:45:06
- [ssh.c]
- trim usage to match ssh(1) and look more like unix. ok djm@
- - markus@cvs.openbsd.org 2004/03/11 08:36:26
+ start to sync scp closer to rcp; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
+ [scp.c]
+ usage more like rcp and add missing -B to usage; ok markus@
+ - markus@cvs.openbsd.org 2001/03/28 20:50:45
[sshd.c]
- trim usage; ok deraadt
- - markus@cvs.openbsd.org 2004/03/11 10:21:17
- [ssh.c sshd.c]
- ssh, sshd: sync version output, ok djm
- - markus@cvs.openbsd.org 2004/03/20 10:40:59
+ call refuse() before close(); from olemx@ans.pl
+
+20010328
+ - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
+ resolve linking conflicts with libcrypto. Report and suggested fix
+ from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
+ fix from Philippe Levan <levan@epix.net>
+ - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
+ doesn't work because of conflicts between krbIV's and OpenSSL's des.h
+ - (djm) Sync openbsd-compat/glob.c
+
+20010327
+ - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
+ - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
+ Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/03/25 00:01:34
+ [session.c]
+ shorten; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
+ [servconf.c servconf.h session.c sshd.8 sshd_config]
+ PrintLastLog option; from chip@valinux.com with some minor
+ changes by me. ok markus@
+ - markus@cvs.openbsd.org 2001/03/26 08:07:09
+ [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
+ sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
+ simpler key load/save interface, see authfile.h
+ - (djm) Reestablish PAM credentials (which can be supplemental group
+ memberships) after initgroups() blows them away. Report and suggested
+ fix from Nalin Dahyabhai <nalin@redhat.com>
+
+20010324
+ - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/03/23 11:04:07
+ [compat.c compat.h sshconnect2.c sshd.c]
+ Compat for OpenSSH with broken Rijndael/AES. ok markus@
+ - markus@cvs.openbsd.org 2001/03/23 12:02:49
+ [auth1.c]
+ authctxt is now passed to do_authenticated
+ - markus@cvs.openbsd.org 2001/03/23 13:10:57
+ [sftp-int.c]
+ fix put, upload to _absolute_ path, ok djm@
+ - markus@cvs.openbsd.org 2001/03/23 14:28:32
+ [session.c sshd.c]
+ ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
+ - (djm) Pull out our own SIGPIPE hacks
+
+20010323
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
+ [sshd.c]
+ do not place linefeeds in buffer
+
+20010322
+ - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
+ - (bal) version.c CVS ID resync
+ - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
+ resync
+ - (bal) scp.c CVS ID resync
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/20 19:10:16
+ [readconf.c]
+ default to SSH protocol version 2
+ - markus@cvs.openbsd.org 2001/03/20 19:21:21
+ [session.c]
+ remove unused arg
+ - markus@cvs.openbsd.org 2001/03/20 19:21:21
+ [session.c]
+ remove unused arg
+ - markus@cvs.openbsd.org 2001/03/21 11:43:45
+ [auth1.c auth2.c session.c session.h]
+ merge common ssh v1/2 code
+ - jakob@cvs.openbsd.org 2001/03/21 14:20:45
+ [ssh-keygen.c]
+ add -B flag to usage
+ - markus@cvs.openbsd.org 2001/03/21 21:06:30
+ [session.c]
+ missing init; from mib@unimelb.edu.au
+
+20010321
+ - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
+ VanDevender <stevev@darkwing.uoregon.edu>
+ - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
+ from Solar Designer <solar@openwall.com>
+ - (djm) Don't loop forever when changing password via PAM. Patch
+ from Solar Designer <solar@openwall.com>
+ - (djm) Generate config files before build
+ - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
+ suggested fix from Mike Battersby <mib@unimelb.edu.au>
+
+20010320
+ - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
+ - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
+ - (bal) Oops. Missed globc.h change (OpenBSD CVS).
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/19 17:07:23
+ [auth.c readconf.c]
+ undo /etc/shell and proto 2,1 change for openssh-2.5.2
+ - markus@cvs.openbsd.org 2001/03/19 17:12:10
[version.h]
- 3.8.1
- - (djm) Crank RPM spec versions
-
-20040311
- - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker
-
-20040310
- - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo
- before redefining it, silences warnings on Tru64.
-
-20040308
- - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some
- platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@
- - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
- openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
- inherited by the child. ok djm@
- - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
- monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
- even if keyboard-interactive is not used by the client. Prevents
- segfaults in some cases where the user's password is expired (note this
- is not considered a security exposure). ok djm@
+ version 2.5.2
+ - (djm) Update RPM spec version
+ - (djm) Release 2.5.2p1
+- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
+ change S_ISLNK macro to work for UnixWare 2.03
+- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
+ add get_arg_max(). Use sysconf() if ARG_MAX is not defined
+
+20010319
+ - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
+ do it implicitly.
+ - (djm) Add getusershell() functions from OpenBSD CVS
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/18 12:07:52
+ [auth-options.c]
+ ignore permitopen="host:port" if AllowTcpForwarding==no
+ - (djm) Make scp work on systems without 64-bit ints
+ - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
+ move HAVE_LONG_LONG_INT where it works
+ - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
+ stuff. Change suggested by Mark Miller <markm@swoon.net>
+ - (bal) Small fix to scp. %lu vs %ld
+ - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
- (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/03/03 06:47:52
- [sshd.c]
- change proctiltle after accept(2); ok henning, deraadt, djm
- - djm@cvs.openbsd.org 2004/03/03 09:30:42
+ - djm@cvs.openbsd.org 2001/03/19 03:52:51
[sftp-client.c]
- Don't print duplicate messages when progressmeter is off
- Spotted by job317 AT mailvault.com; ok markus@
- - djm@cvs.openbsd.org 2004/03/03 09:31:20
- [sftp.c]
- Fix initialisation of progress meter; ok markus@
- - markus@cvs.openbsd.org 2004/03/05 10:53:58
- [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
- add IdentitiesOnly; ok djm@, pb@
- - djm@cvs.openbsd.org 2004/03/08 09:38:05
- [ssh-keyscan.c]
- explicitly initialise remote_major and remote_minor.
- from cjwatson AT debian.org; ok markus@
- - dtucker@cvs.openbsd.org 2004/03/08 10:18:57
- [sshd_config.5]
- Document KerberosGetAFSToken; ok markus@
- - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal
-
-20040307
- - (tim) [regress/login-timeout.sh] fix building outside of source tree.
-
-20040304
- - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with
- -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@
- - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread,
- prevent hanging during PAM keyboard-interactive authentications. ok djm@
- - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h
- openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when
- configured --with-osfsia. ok djm@
-
-20040303
- - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent
- ok dtucker
-
-20040229
- - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188
-
-20040229
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/02/25 00:22:45
- [sshd.c]
- typo in comment
- - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
- [dh.c]
- Prevent sshd from sending DH groups with a primitive generator of zero or
- one, even if they are listed in /etc/moduli. ok markus@
- - dtucker@cvs.openbsd.org 2004/02/27 22:44:56
- [dh.c]
- Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
- ever uses one. ok markus@
- - dtucker@cvs.openbsd.org 2004/02/27 22:49:27
- [dh.c]
- Reset bit counter at the right time, fixes debug output in the case where
- the DH group is rejected. ok markus@
- - dtucker@cvs.openbsd.org 2004/02/17 08:23:20
- [regress/Makefile regress/login-timeout.sh]
- Add regression test for LoginGraceTime; ok markus@
- - markus@cvs.openbsd.org 2004/02/24 16:56:30
- [regress/test-exec.sh]
- allow arguments in ${TEST_SSH_XXX}
- - markus@cvs.openbsd.org 2004/02/24 17:06:52
- [regress/ssh-com-client.sh regress/ssh-com-keygen.sh
- regress/ssh-com-sftp.sh regress/ssh-com.sh]
- test against recent ssh.com releases
- - dtucker@cvs.openbsd.org 2004/02/28 12:16:57
- [regress/dynamic-forward.sh]
- Make dynamic-forward understand nc's new output. ok markus@
- - dtucker@cvs.openbsd.org 2004/02/28 13:44:45
- [regress/try-ciphers.sh]
- Test acss too; ok markus@
- - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we
- built with openssl < 0.9.7)
-
-20040226
- - (bal) KNF our sshlogin.c even if the code looks nothing like upstream
- code due to diversity issues.
-
-20040225
- - (djm) Trim ChangeLog
- - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora
-
-20040224
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/02/19 21:15:04
+ Report ssh connection closing correctly; ok deraadt@
+ - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
+ [compat.c compat.h sshd.c]
+ specifically version match on ssh scanners. do not log scan
+ information to the console
+ - djm@cvs.openbsd.org 2001/03/19 12:10:17
+ [sshd.8]
+ Document permitopen authorized_keys option; ok markus@
+ - djm@cvs.openbsd.org 2001/03/19 05:49:52
+ [ssh.1]
+ document PreferredAuthentications option; ok markus@
+ - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
+
+20010318
+ - (bal) Fixed scp type casing issue which causes "scp: protocol error:
+ size not delimited" fatal errors when tranfering.
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/17 17:27:59
+ [auth.c]
+ check /etc/shells, too
+ - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
+ openbsd-compat/fake-regex.h
+
+20010317
+ - Support usrinfo() on AIX. Based on patch from Gert Doering
+ <gert@greenie.muc.de>
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/15 15:05:59
+ [scp.c]
+ use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
+ - markus@cvs.openbsd.org 2001/03/15 22:07:08
+ [session.c]
+ pass Session to do_child + KNF
+ - djm@cvs.openbsd.org 2001/03/16 08:16:18
+ [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
+ Revise globbing for get/put to be more shell-like. In particular,
+ "get/put file* directory/" now works. ok markus@
+ - markus@cvs.openbsd.org 2001/03/16 09:55:53
+ [sftp-int.c]
+ fix memset and whitespace
+ - markus@cvs.openbsd.org 2001/03/16 13:44:24
+ [sftp-int.c]
+ discourage strcat/strcpy
+ - markus@cvs.openbsd.org 2001/03/16 19:06:30
+ [auth-options.c channels.c channels.h serverloop.c session.c]
+ implement "permitopen" key option, restricts -L style forwarding to
+ to specified host:port pairs. based on work by harlan@genua.de
+ - Check for gl_matchc support in glob_t and fall back to the
+ openbsd-compat/glob.[ch] support if it does not exist.
+
+20010315
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/14 08:57:14
+ [sftp-client.c]
+ Wall
+ - markus@cvs.openbsd.org 2001/03/14 15:15:58
+ [sftp-int.c]
+ add version command
+ - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
[sftp-server.c]
- switch to new license.template
- - markus@cvs.openbsd.org 2004/02/23 12:02:33
- [sshd.c]
- backout revision 1.279; set listen socket to non-block; ok henning.
- - markus@cvs.openbsd.org 2004/02/23 15:12:46
- [bufaux.c]
- encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka
- and drop support for negative BNs; ok otto@
- - markus@cvs.openbsd.org 2004/02/23 15:16:46
- [version.h]
- enter 3.8
- - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
- with krb5-config, hunt down gssapi.h and friends. Based partially on patch
- from deengert at anl.gov. ok djm@
- - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
- using sysconf() if available Based on patches from
- holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
- - (dtucker) [uidswap.c] Minor KNF. ok djm@
- - (tim) [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@
- - (djm) Crank RPM spec versions
- - (dtucker) [README] Add pointer to release notes. ok djm@
- - (dtucker) {README.platform] Add platform-specific notes.
- - (tim) [configure.ac] SCO3 needs -lcrypt_i for -lprot
- - (djm) Release 3.8p1
-
-20040223
- - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
- non-interactive path. ok djm@
-
-20040222
- - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
- to auth-shadow.c, no functional change. ok djm@
- - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or
- password expiry. ok djm@
- - (dtucker) [auth-passwd.c] Only check password expiry once. Prevents
- multiple warnings if a wrong password is entered.
- - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi path
- too.
-
-20040220
- - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
-
-20040218
- - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a
- path with a "-" in it. From Sergio.Gelato at astro.su.se.
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/02/17 07:17:29
- [sftp-glob.c sftp.c]
- Remove useless headers; ok deraadt@
- - djm@cvs.openbsd.org 2004/02/17 11:03:08
- [sftp.c]
- sftp.c and sftp-int.c, together at last; ok markus@
- - jmc@cvs.openbsd.org 2004/02/17 19:35:21
- [sshd_config.5]
- remove cruft left over from RhostsAuthentication removal;
- ok markus@
- - (djm) [log.c] Correct use of HAVE_OPENLOG_R
- - (djm) [log.c] Tighten openlog_r tests
+ note no getopt()
+ - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
+ - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
-20040217
- - (djm) Simplify the license on code I have written. No code changes.
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/02/17 05:39:51
+20010314
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/13 17:34:42
+ [auth-options.c]
+ missing xfree, deny key on parse error; ok stevesk@
+ - djm@cvs.openbsd.org 2001/03/13 22:42:54
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
- [sftp-int.h sftp.c]
- switch to license.template for code written by me (belated, I know...)
- - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from
- stadal@suse.cz and simon@sxw.org.uk
- - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@
- - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
- display after login. Should fix problems like pam_motd not displaying
- anything, noticed by cjwatson at debian.org. ok djm@
-
-20040212
- - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
- Portablity fixes. Data sftp transfers needs to be world readable. Some
- older shells hang on while loops when doing sh -n some_script. OK dtucker@
- - (tim) [configure.ac] Make sure -lcrypto is before -lsocket for sco3.
- ok mouring@
-
-20040211
- - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
- if HAS_SHADOW_EXPIRY is set.
- - (tim) [configure.ac] Fix comment to match code changes in ver 1.117
-
-20040210
- - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
- openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
- native password expiry.
- - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
- defines.h] Bug #14: Use do_pwchange to support password expiry and force
- change for platforms using /etc/shadow. ok djm@
- - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat
- functions to avoid conflicts with Heimdal's libroken. ok djm@
- - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
- change expired PAM passwords for SSHv1 connections without privsep.
- pam_chauthtok is still used when privsep is disabled. ok djm@
- - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
- include from port-aix.h to port-aix.c and remove unnecessary function
- definition. Fixes build errors on AIX.
- - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms
- that support it. from & ok mouring@
- - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x.
- ok djm@
-
-20040207
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2004/02/06 23:41:13
- [cipher-ctr.c]
- Use EVP_CIPHER_CTX_key_length for key length. ok markus@
- (This will fix builds with OpenSSL 0.9.5)
- - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5.
- ok djm@, markus@
-
-20040206
- - (dtucker) [acss.c acss.h] Fix $Id tags.
- - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with
- OpenSSL >= 0.9.7. ok djm@
- - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
- user, since some modules might fail due to lack of privilege. ok djm@
- - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
- for HP-UX 11.11. If there are known-good configs where this is not
- required, please report them. ok djm@
- - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
- accidentally inheriting from root's environment. ok djm@
- - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #796:
- Restore previous authdb setting after auth calls. Fixes problems with
- setpcred failing on accounts that use AFS or NIS password registries.
- - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present,
- required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>.
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2004/01/30 09:48:57
- [auth-passwd.c auth.h pathnames.h session.c]
- support for password change; ok dtucker@
- (set password-dead=1w in login.conf to use this).
- In -Portable, this is currently only platforms using bsdauth.
- - dtucker@cvs.openbsd.org 2004/02/05 05:37:17
- [monitor.c sshd.c]
- Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
- - markus@cvs.openbsd.org 2004/02/05 15:33:33
- [progressmeter.c]
- fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@
-
-20040129
- - (dtucker) OpenBSD CVS Sync regress/
- - dtucker@cvs.openbsd.org 2003/10/11 11:49:49
- [Makefile banner.sh]
- Test missing banner file, suppression of banner with ssh -q, check return
- code from ssh. ok markus@
- - jmc@cvs.openbsd.org 2003/11/07 10:16:44
- [ssh-com.sh]
- adress -> address, and a few more; all from Jonathon Gray;
- - djm@cvs.openbsd.org 2004/01/13 09:49:06
- [sftp-batch.sh]
- - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from
- tim@, ok several
- - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h]
- Bug #775: Cray fixes from wendy at cray.com
-
-20040128
- - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@
- - (dtucker) [moduli] Import new moduli file from OpenBSD.
-
-20040127
- - (djm) OpenBSD CVS Sync
- - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
- [cipher.c]
- enable acss for ssh
- ok deraadt@ markus@
- - mouring@cvs.openbsd.org 2004/01/23 17:57:48
- [sftp-int.c]
- Fix issue pointed out with ls not handling large directories
- with embeded paths correctly. OK damien@
- - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33
- [cipher.c]
- rename acss@opebsd.org to acss@openssh.org
- ok deraadt@
- - djm@cvs.openbsd.org 2004/01/25 03:49:09
- [sshconnect.c]
- reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
- from jclonguet AT free.fr; ok millert@
- - djm@cvs.openbsd.org 2004/01/27 10:08:10
- [sftp.c]
- reorder parsing so user:skey@host:file works (bugzilla #777)
- patch from admorten AT umich.edu; ok markus@
- - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
- if libcrypto lacks it
-
-20040126
- - (tim) Typo in regress/README.regress
- - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated.
- - (tim) [defines.h] Add defines for HFIXEDSZ and T_SIG
- - (tim) [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends.
- - (tim) [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ
- and T_SIG to getrrsetbyname.h
-
-20040124
- - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com
-
-20040123
- - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
- ralf.hack AT pipex.net; ok dtucker@
- - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
- Kerberos location (and thus work with Fedora Core 1);
- from jason AT devrandom.org
- - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for
- zlib >= 1.1.4. Partly from jbasney at ncsa.uiuc.edu. ok djm@
- - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options.
- Patch from vinschen at redhat.com.
- - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
- Change AFS symbol to USE_AFS to prevent namespace collisions, do not
- include kafs.h unless necessary. From deengert at anl.gov.
- - (tim) [configure.ac] Remove hard coded -L/usr/local/lib and
- -I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
- CPPFLAGS="-I/usr/local/include" ./configure if needed.
-
-20040122
- - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/
- GSSAPI detection, libs and includes. ok djm@
- - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
- just HEIMDAL.
- - (tim) [contrib/solaris/buildpkg.sh] Allow for the possibility of
- /usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
-
-20040121
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2004/01/13 09:25:05
+ sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
+ - (bal) Fix strerror() in bsd-misc.c
+ - (djm) Add replacement glob() from OpenBSD libc if the system glob is
+ missing or lacks the GLOB_ALTDIRFUNC extension
+ - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
+ relatively. Avoids conflict between glob.h and /usr/include/glob.h
+
+20010313
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/12 22:02:02
+ [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+ remove old key_fingerprint interface, s/_ex//
+
+20010312
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/11 13:25:36
+ [auth2.c key.c]
+ debug
+ - jakob@cvs.openbsd.org 2001/03/11 15:03:16
+ [key.c key.h]
+ add improved fingerprint functions. based on work by Carsten
+ Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
+ - jakob@cvs.openbsd.org 2001/03/11 15:04:16
+ [ssh-keygen.1 ssh-keygen.c]
+ print both md5, sha1 and bubblebabble fingerprints when using
+ ssh-keygen -l -v. ok markus@.
+ - jakob@cvs.openbsd.org 2001/03/11 15:13:09
+ [key.c]
+ cleanup & shorten some var names key_fingerprint_bubblebabble.
+ - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
+ [ssh-keygen.c]
+ KNF, and SHA1 binary output is just creeping featurism
+ - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
+ test if snprintf() supports %ll
+ add /dev to search path for PRNGD/EGD socket
+ fix my mistake in USER_PATH test program
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/11 18:29:51
+ [key.c]
+ style+cleanup
+ - markus@cvs.openbsd.org 2001/03/11 22:33:24
+ [ssh-keygen.1 ssh-keygen.c]
+ remove -v again. use -B instead for bubblebabble. make -B consistent
+ with -l and make -B work with /path/to/known_hosts. ok deraadt@
+ - (djm) Bump portable version number for generating test RPMs
+ - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
+ - (bal) Reorder includes in Makefile.
+
+20010311
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/10 12:48:27
+ [sshconnect2.c]
+ ignore nonexisting private keys; report rjmooney@mediaone.net
+ - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
+ [readconf.c ssh_config]
+ default to SSH2, now that m68k runs fast
+ - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
+ [ttymodes.c ttymodes.h]
+ remove unused sgtty macros; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+ [compat.c compat.h sshconnect.c]
+ all known netscreen ssh versions, and older versions of OSU ssh cannot
+ handle password padding (newer OSU is fixed)
+ - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
+ make sure $bindir is in USER_PATH so scp will work
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/10 17:51:04
+ [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
+ add PreferredAuthentications
+
+20010310
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
+ [ssh-keygen.c]
+ create *.pub files with umask 0644, so that you can mv them to
+ authorized_keys
+ - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
+ [sshd.c]
+ typo; slade@shore.net
+ - Removed log.o from sftp client. Not needed.
+
+20010309
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
+ [auth1.c]
+ unused; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
+ [sftp.1]
+ spelling, cleanup; ok deraadt@
+ - markus@cvs.openbsd.org 2001/03/08 21:42:33
+ [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
+ implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
+ no need to do enter passphrase or do expensive sign operations if the
+ server does not accept key).
+
+20010308
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/03/07 10:11:23
+ [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
+ Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
+ functions and small protocol change.
+ - markus@cvs.openbsd.org 2001/03/08 00:15:48
+ [readconf.c ssh.1]
+ turn off useprivilegedports by default. only rhost-auth needs
+ this. older sshd's may need this, too.
+ - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
+ Dirk Markwardt <D.Markwardt@tu-bs.de>
+
+20010307
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
+ [ssh-keyscan.c]
+ appease gcc
+ - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
[sftp-int.c sftp.1 sftp.c]
- Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
- enable use of "-b -" to accept batchfile from stdin; ok markus@
- - jmc@cvs.openbsd.org 2004/01/13 12:17:33
+ sftp -b batchfile; mouring@etoh.eviladmin.org
+ - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
[sftp.1]
- remove unnecessary Ic's;
- kill whitespace at EOL;
- ok djm@
- - markus@cvs.openbsd.org 2004/01/13 19:23:15
- [compress.c session.c]
- -Wall; ok henning
- - markus@cvs.openbsd.org 2004/01/13 19:45:15
- [compress.c]
- cast for portability; millert@
- - markus@cvs.openbsd.org 2004/01/19 09:24:21
- [channels.c]
- fake consumption for half closed channels since the peer is waiting for
- window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
- reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
- - markus@cvs.openbsd.org 2004/01/19 21:25:15
- [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
- fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
- - djm@cvs.openbsd.org 2004/01/21 03:07:59
- [sftp.c]
- initialise infile in main, rather than statically - from portable
- - deraadt@cvs.openbsd.org 2004/01/11 21:55:06
- [sshpty.c]
- for pty opening, only use the openpty() path. the other stuff only needs
- to be in openssh-p; markus ok
- - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
- openpty() replacement
-
-20040114
- - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
- unexpectedly. with & ok djm@
- - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
- test for case where cleanup has already run.
- - (dtucker) [auth-pam.c] Add minor debugging.
-
-20040113
- - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No
- functional changes.
-
-20040108
- - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and
- only define if not already. From des at freebsd.org.
- - (dtucker) [configure.ac] Remove extra (typo) comma.
-
-20040105
- - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from
- cjwatson at debian.org.
- - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
- Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
-
-20040102
- - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
- jakob@
- - (djm) Remove useless DNS support configure summary message. from jakob@
- - (djm) OSX/Darwin put the PAM headers in a different place, detect this.
- Report from jakob@
-
-20031231
- - (dtucker) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2003/12/22 09:16:58
- [moduli.c ssh-keygen.1 ssh-keygen.c]
- tidy up moduli generation debugging, add -v (verbose/debug) option to
- ssh-keygen; ok markus@
- - markus@cvs.openbsd.org 2003/12/22 20:29:55
- [cipher-3des1.c]
- EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
- - jakob@cvs.openbsd.org 2003/12/23 16:12:10
- [servconf.c servconf.h session.c sshd_config]
- implement KerberosGetAFSToken server option. ok markus@, beck@
- - millert@cvs.openbsd.org 2003/12/29 16:39:50
+ order things
+ - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
+ [ssh.1 sshd.8]
+ the name "secure shell" is boring, noone ever uses it
+ - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
+ [ssh.1]
+ removed dated comment
+ - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
+
+20010306
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
+ [sshd.8]
+ alpha order; jcs@rt.fm
+ - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
+ [servconf.c]
+ sync error message; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+ [myproposal.h ssh.1]
+ switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+ provos & markus ok
+ - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
+ [sshd.8]
+ detail default hmac setup too
+ - markus@cvs.openbsd.org 2001/03/05 17:17:21
+ [kex.c kex.h sshconnect2.c sshd.c]
+ generate a 2*need size (~300 instead of 1024/2048) random private
+ exponent during the DH key agreement. according to Niels (the great
+ german advisor) this is safe since /etc/primes contains strong
+ primes only.
+
+ References:
+ P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
+ agreement with short exponents, In Advances in Cryptology
+ - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
+ - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
+ [ssh.1]
+ more ssh_known_hosts2 documentation; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
+ [dh.c]
+ spelling
+ - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
+ [authfd.c cli.c ssh-agent.c]
+ EINTR/EAGAIN handling is required in more cases
+ - millert@cvs.openbsd.org 2001/03/06 01:06:03
+ [ssh-keyscan.c]
+ Don't assume we wil get the version string all in one read().
+ deraadt@ OK'd
+ - millert@cvs.openbsd.org 2001/03/06 01:08:27
+ [clientloop.c]
+ If read() fails with EINTR deal with it the same way we treat EAGAIN
+
+20010305
+ - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
+ - (bal) CVS ID touch up on sftp-int.c
+ - (bal) CVS ID touch up on uuencode.c
+ - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
+ [sshd.8]
+ it's the OpenSSH one
+ - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
+ [ssh-keyscan.c]
+ inline -> __inline__, and some indent
+ - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
+ [authfile.c]
+ improve fd handling
+ - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
+ [sftp-server.c]
+ careful with & and &&; markus ok
+ - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
+ [ssh.c]
+ -i supports DSA identities now; ok markus@
+ - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
+ [servconf.c]
+ grammar; slade@shore.net
+ - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
+ [ssh-keygen.1 ssh-keygen.c]
+ document -d, and -t defaults to rsa1
+ - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
+ [ssh-keygen.1 ssh-keygen.c]
+ bye bye -d
+ - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
[sshd_config]
- KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
- - dtucker@cvs.openbsd.org 2003/12/31 00:24:50
- [auth2-passwd.c]
- Ignore password change request during password auth (which we currently
- don't support) and discard proposed new password. corrections/ok markus@
- - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist.
-
-20031219
- - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
- typedef size_t ourselves.
-
-20031218
- - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban.
- - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
- authentication. Partially fixes bug #423. Feedback & ok djm@
-
-20031217
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2003/12/09 15:28:43
+ activate RSA 2 key
+ - markus@cvs.openbsd.org 2001/02/22 21:57:27
+ [ssh.1 sshd.8]
+ typos/grammar from matt@anzen.com
+ - markus@cvs.openbsd.org 2001/02/22 21:59:44
+ [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
+ use pwcopy in ssh.c, too
+ - markus@cvs.openbsd.org 2001/02/23 15:34:53
[serverloop.c]
- make ClientKeepAlive work for ssh -N, too (no login shell requested).
- 1) send a bogus channel request if we find a channel
- 2) send a bogus global request if we don't have a channel
- ok + test beck@
- - markus@cvs.openbsd.org 2003/12/09 17:29:04
+ debug2->3
+ - markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
- fix -o and HUP; ok henning@
- - markus@cvs.openbsd.org 2003/12/09 17:30:05
- [ssh.c]
- don't modify argv for ssh -o; similar to sshd.c 1.283
- - markus@cvs.openbsd.org 2003/12/09 21:53:37
- [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
- [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
- rename keepalive to tcpkeepalive; the old name causes too much
- confusion; ok djm, dtucker; with help from jmc@
- - dtucker@cvs.openbsd.org 2003/12/09 23:45:32
+ the random session key depends now on the session_key_int
+ sent by the 'attacker'
+ dig1 = md5(cookie|session_key_int);
+ dig2 = md5(dig1|cookie|session_key_int);
+ fake_session_key = dig1|dig2;
+ this change is caused by a mail from anakin@pobox.com
+ patch based on discussions with my german advisor niels@openbsd.org
+ - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
+ [readconf.c]
+ look for id_rsa by default, before id_dsa
+ - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
+ [sshd_config]
+ ssh2 rsa key before dsa key
+ - markus@cvs.openbsd.org 2001/02/27 10:35:27
+ [packet.c]
+ fix random padding
+ - markus@cvs.openbsd.org 2001/02/27 11:00:11
+ [compat.c]
+ support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
+ - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
+ [misc.c]
+ pull in protos
+ - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
+ [sftp.c]
+ do not kill the subprocess on termination (we will see if this helps
+ things or hurts things)
+ - markus@cvs.openbsd.org 2001/02/28 08:45:39
[clientloop.c]
- Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@
- - markus@cvs.openbsd.org 2003/12/14 12:37:21
- [ssh_config.5]
- we don't support GSS KEX; from Simon Wilkinson
- - markus@cvs.openbsd.org 2003/12/16 15:49:51
- [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
- [ssh.c ssh_config.5]
- application layer keep alive (ServerAliveInterval ServerAliveCountMax)
- for ssh(1), similar to the sshd(8) option; ok beck@; with help from
- jmc and dtucker@
- - markus@cvs.openbsd.org 2003/12/16 15:51:54
- [dh.c]
- use <= instead of < in dh_estimate; ok provos/hshoexer;
- do not return < DH_GRP_MIN
- - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for
- setres[ug]id() present but not implemented (eg some Linux/glibc
- combinations).
- - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are
- using a real 'signal()' (Noticed by a NeXT Compile)
-
-20031209
- - (dtucker) OpenBSD CVS Sync
- - matthieu@cvs.openbsd.org 2003/11/25 23:10:08
- [ssh-add.1]
- ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
- - djm@cvs.openbsd.org 2003/11/26 21:44:29
- [cipher-aes.c]
- fix #ifdef before #define; ok markus@
- (RCS ID sync only, Portable already had this)
- - markus@cvs.openbsd.org 2003/12/02 12:15:10
- [progressmeter.c]
- improvments from andreas@:
- * saner speed estimate for transfers that takes less than a second by
- rounding the time to 1 second.
- * when the transfer is finished calculate the actual total speed
- rather than the current speed which is given during the transfer
- - markus@cvs.openbsd.org 2003/12/02 17:01:15
- [channels.c session.c ssh-agent.c ssh.h sshd.c]
- use SSH_LISTEN_BACKLOG (=128) in listen(2).
- - djm@cvs.openbsd.org 2003/12/07 06:34:18
- [moduli.c]
- remove unused debugging #define templates
- - markus@cvs.openbsd.org 2003/12/08 11:00:47
- [kexgexc.c]
- print requested group size in debug; ok djm
- - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
- [moduli.c]
- Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
- they can't be used for Diffie-Hellman. Assistance and ok djm@
- - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
-
-20031208
- - (tim) [configure.ac] Bug 770. Fix --without-rpath.
-
-20031123
- - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own
- function and call it unconditionally
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2003/11/23 23:17:34
+ fix byte counts for ssh protocol v1
+ - markus@cvs.openbsd.org 2001/02/28 08:54:55
+ [channels.c nchan.c nchan.h]
+ make sure remote stderr does not get truncated.
+ remove closed fd's from the select mask.
+ - markus@cvs.openbsd.org 2001/02/28 09:57:07
+ [packet.c packet.h sshconnect2.c]
+ in ssh protocol v2 use ignore messages for padding (instead of
+ trailing \0).
+ - markus@cvs.openbsd.org 2001/02/28 12:55:07
+ [channels.c]
+ unify debug messages
+ - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
+ [misc.c]
+ for completeness, copy pw_gecos too
+ - markus@cvs.openbsd.org 2001/02/28 21:21:41
+ [sshd.c]
+ generate a fake session id, too
+ - markus@cvs.openbsd.org 2001/02/28 21:27:48
+ [channels.c packet.c packet.h serverloop.c]
+ use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
+ use random content in ignore messages.
+ - markus@cvs.openbsd.org 2001/02/28 21:31:32
+ [channels.c]
+ typo
+ - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
+ [authfd.c]
+ split line so that p will have an easier time next time around
+ - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
+ [ssh.c]
+ shorten usage by a line
+ - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
+ [auth-rsa.c auth2.c deattack.c packet.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
+ [cli.c cli.h rijndael.h ssh-keyscan.1]
+ copyright notices on all source files
+ - markus@cvs.openbsd.org 2001/03/01 22:46:37
+ [ssh.c]
+ don't truncate remote ssh-2 commands; from mkubita@securities.cz
+ use min, not max for logging, fixes overflow.
+ - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
+ [sshd.8]
+ explain SIGHUP better
+ - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
+ [sshd.8]
+ doc the dsa/rsa key pair files
+ - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
+ [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
+ scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
+ ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
+ make copyright lines the same format
+ - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
[ssh-keyscan.c]
- from portable - use sysconf to detect fd limit; ok markus@
- (tidy diff by adding SSH_SSFDMAX macro to defines.h)
- - djm@cvs.openbsd.org 2003/11/23 23:18:45
- [ssh-keygen.c]
- consistency PATH_MAX -> MAXPATHLEN; ok markus@
- (RCS ID sync only)
- - djm@cvs.openbsd.org 2003/11/23 23:21:21
+ standard theo sweep
+ - millert@cvs.openbsd.org 2001/03/03 21:19:41
+ [ssh-keyscan.c]
+ Dynamically allocate read_wait and its copies. Since maxfd is
+ based on resource limits it is often (usually?) larger than FD_SETSIZE.
+ - millert@cvs.openbsd.org 2001/03/03 21:40:30
+ [sftp-server.c]
+ Dynamically allocate fd_set; deraadt@ OK
+ - millert@cvs.openbsd.org 2001/03/03 21:41:07
+ [packet.c]
+ Dynamically allocate fd_set; deraadt@ OK
+ - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
+ [sftp-server.c]
+ KNF
+ - markus@cvs.openbsd.org 2001/03/03 23:52:22
+ [sftp.c]
+ clean up arg processing. based on work by Christophe_Moret@hp.com
+ - markus@cvs.openbsd.org 2001/03/03 23:59:34
+ [log.c ssh.c]
+ log*.c -> log.c
+ - markus@cvs.openbsd.org 2001/03/04 00:03:59
+ [channels.c]
+ debug1->2
+ - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
+ [ssh.c]
+ add -m to usage; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
+ [sshd.8]
+ small cleanup and clarify for PermitRootLogin; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
+ [servconf.c sshd.8]
+ kill obsolete RandomSeed; ok markus@ deraadt@
+ - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
+ [sshd.8]
+ spelling
+ - millert@cvs.openbsd.org 2001/03/04 17:42:28
+ [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
+ ssh.c sshconnect.c sshd.c]
+ log functions should not be passed strings that end in newline as they
+ get passed on to syslog() and when logging to stderr, do_log() appends
+ its own newline.
+ - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
+ [sshd.8]
+ list SSH2 ciphers
+ - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
+ - (bal) Fix up logging since it changed. removed log-*.c
+ - (djm) Fix up LOG_AUTHPRIV for systems that have it
+ - (stevesk) OpenBSD sync:
+ - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
+ [ssh-keyscan.c]
+ skip inlining, why bother
+ - (stevesk) sftp.c: handle __progname
+
+20010304
+ - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
+ - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
+ give Mark Roth credit for mdoc2man.pl
+
+20010303
+ - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
+ - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
+ - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
+ - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
+ "--with-egd-pool" configure option with "--with-prngd-socket" and
+ "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20010301
+ - (djm) Properly add -lcrypt if needed.
+ - (djm) Force standard PAM conversation function in a few more places.
+ Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
+ <nalin@redhat.com>
+ - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
+ <vinschen@redhat.com>
+ - (djm) Released 2.5.1p2
+
+20010228
+ - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
+ "Bad packet length" bugs.
+ - (djm) Fully revert PAM session patch (again). All PAM session init is
+ now done before the final fork().
+ - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
+ - (djm) Remove /tmp from EGD socket search list
+
+20010227
+ - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
+ <vinschen@redhat.com>
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/02/23 15:37:45
+ [session.c]
+ handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
+ - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
+ <jmknoble@jmknoble.cx>
+ - (djm) Fix up POSIX saved uid support. Report from Mark Miller
+ <markm@swoon.net>
+ - (djm) Search for -lcrypt on FreeBSD too
+ - (djm) fatal() on OpenSSL version mismatch
+ - (djm) Move PAM init to after fork for non-Solaris derived PAMs
+ - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
+ <markm@swoon.net>
+ - (djm) Fix PAM fix
+ - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
+ change is being made as 2.5.x configfiles are not back-compatible with
+ 2.3.x.
+ - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
+ <markm@swoon.net>
+ - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
+ <tim@multitalents.net>
+ - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
+ <tim@multitalents.net>
+
+20010226
+ - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
+ - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
+ Based on patch from Tim Rice <tim@multitalents.net>
+
+20010225
+ - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
+ Patch from Adrian Ho <lexfiend@usa.net>
+ - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
+ platform defines u_int64_t as being that.
+
+20010224
+ - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
+ Vinschen <vinschen@redhat.com>
+ - (bal) Reorder where 'strftime' is detected to resolve linking
+ issues on SCO. Patch by Tim Rice <tim@multitalents.net>
+
+20010224
+ - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
+ Patch by Pekka Savola <pekkas@netcore.fi>
+ - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
+ some platforms.
+ - (bal) Generalize lack of UNIX sockets since this also effects Cray
+ not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
+
+20010223
+ - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
+ <tell@telltronics.org>
+ - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
+ that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
+ - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
+ <tim@multitalents.net>
+
+20010222
+ - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
+ - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
+ - (bal) Removed reference to liblogin from contrib/README. It was
+ integrated into OpenSSH a long while ago.
+ - (stevesk) remove erroneous #ifdef sgi code.
+ Michael Stone <mstone@cs.loyola.edu>
+
+20010221
+ - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
+ - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
+ <tim@multitalents.net>
+ - (bal) Reverted out of 2001/02/15 patch by djm below because it
+ breaks Solaris.
+ - (djm) Move PAM session setup back to before setuid to user.
+ fixes problems on Solaris-drived PAMs.
+ - (stevesk) session.c: back out to where we were before:
+ - (djm) Move PAM session initialisation until after fork in sshd. Patch
+ from Nalin Dahyabhai <nalin@redhat.com>
+
+20010220
+ - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
+ getcwd.c.
+ - (bal) OpenBSD CVS Sync:
+ - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
+ [sshd.c]
+ clarify message to make it not mention "ident"
+
+20010219
+ - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
+ pty.[ch] -> sshpty.[ch]
+ - (djm) Rework search for OpenSSL location. Skip directories which don't
+ exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
+ with its limit of 6 -L options.
+ - OpenBSD CVS Sync:
+ - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
+ [sftp.1]
+ typo
+ - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
+ [ssh.c]
+ cleanup -V output; noted by millert
+ - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
+ [sshd.8]
+ it's the OpenSSH one
+ - markus@cvs.openbsd.org 2001/02/18 11:33:54
+ [dispatch.c]
+ typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
+ - markus@cvs.openbsd.org 2001/02/19 02:53:32
+ [compat.c compat.h serverloop.c]
+ ssh-1.2.{18-22} has broken handling of ignore messages; report from
+ itojun@
+ - markus@cvs.openbsd.org 2001/02/19 03:35:23
+ [version.h]
+ OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
+ - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
[scp.c]
- from portable: rename clashing variable limit-> limit_rate; ok markus@
- (RCS ID sync only)
- - dtucker@cvs.openbsd.org 2003/11/24 00:16:35
- [ssh.1 ssh.c]
- Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
- - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original
- source file path (in OpenBSD tree).
-
-20031122
- - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@
- - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
- Move AIX specific password authentication code to port-aix.c, call
- authenticate() until reenter flag is clear.
- - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
- Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
- is enabled, rely on SIA to check for locked accounts if enabled. ok djm@
- - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch
- - (djm) [sftp-int.c] Remove duplicated code from bogus sync
- - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code
-
-20031121
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2003/11/20 11:39:28
- [progressmeter.c]
- fix rounding errors; from andreas@
- - djm@cvs.openbsd.org 2003/11/21 11:57:03
- [everything]
- unexpand and delete whitespace at EOL; ok markus@
- (done locally and RCS IDs synced)
-
-20031118
- - (djm) Fix early exit for root auth success when UsePAM=yes and
- PermitRootLogin=no
- - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
- and use it for do_pam_session. Fixes problems like pam_motd not
- displaying anything. ok djm@
- - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@
- - (djm) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2003/11/18 00:40:05
- [serverloop.c]
- Correct check for authctxt->valid. ok djm@
- - djm@cvs.openbsd.org 2003/11/18 10:53:07
- [monitor.c]
- unbreak fake authloop for non-existent users (my screwup). Spotted and
- tested by dtucker@; ok markus@
-
-20031117
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2003/11/03 09:03:37
- [auth-chall.c]
- make this a little more idiot-proof; ok markus@
- (includes portable-specific changes)
- - jakob@cvs.openbsd.org 2003/11/03 09:09:41
- [sshconnect.c]
- move changed key warning into warn_changed_key(). ok markus@
- - jakob@cvs.openbsd.org 2003/11/03 09:37:32
- [sshconnect.c]
- do not free static type pointer in warn_changed_key()
- - djm@cvs.openbsd.org 2003/11/04 08:54:09
- [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
- [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
+ np is changed by recursion; vinschen@redhat.com
+ - Update versions in RPM spec files
+ - Release 2.5.1p1
+
+20010218
+ - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
+ <tim@multitalents.net>
+ - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
+ stevesk
+ - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
+ <vinschen@redhat.com> and myself.
+ - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
+ Miskiewicz <misiek@pld.ORG.PL>
+ - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
+ Todd C. Miller <Todd.Miller@courtesan.com>
+ - (djm) Use ttyname() to determine name of tty returned by openpty()
+ rather then risking overflow. Patch from Marek Michalkiewicz
+ <marekm@amelek.gda.pl>
+ - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
+ Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
+ - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
+ SunOS)
+ - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
+ <tim@multitalents.net>
+ - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
+ - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
+ - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
+ SIGALRM.
+ - (djm) Move entropy.c over to mysignal()
+ - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
+ a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
+ Miller <Todd.Miller@courtesan.com>
+ - (djm) Update RPM spec files for 2.5.0p1
+ - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
+ enable with --with-bsd-auth.
+ - (stevesk) entropy.c: typo; should be SIGPIPE
+
+20010217
+ - (bal) OpenBSD Sync:
+ - markus@cvs.openbsd.org 2001/02/16 13:38:18
+ [channel.c]
+ remove debug
+ - markus@cvs.openbsd.org 2001/02/16 14:03:43
[session.c]
- standardise arguments to auth methods - they should all take authctxt.
- check authctxt->valid rather then pw != NULL; ok markus@
- - jakob@cvs.openbsd.org 2003/11/08 16:02:40
- [auth1.c]
- remove unused variable (pw). ok djm@
- (id sync only - still used in portable)
- - jmc@cvs.openbsd.org 2003/11/08 19:17:29
+ proper payload-length check for x11 w/o screen-number
+
+20010216
+ - (bal) added '--with-prce' to allow overriding of system regex when
+ required (tested by David Dulek <ddulek@fastenal.com>)
+ - (bal) Added DG/UX case and set that they have a broken IPTOS.
+ - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
+ Fixes linking on SCO.
+ - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
+ Nalin Dahyabhai <nalin@redhat.com>
+ - (djm) BSD license for gnome-ssh-askpass (was X11)
+ - (djm) KNF on gnome-ssh-askpass
+ - (djm) USE_PIPES for a few more sysv platforms
+ - (djm) Cleanup configure.in a little
+ - (djm) Ask users to check config.log when we can't find necessary libs
+ - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
+ OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+ - markus@cvs.openbsd.org 2001/02/15 16:19:59
+ [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+ [sshconnect1.c sshconnect2.c]
+ genericize password padding function for SSH1 and SSH2.
+ add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
+ - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
+ needed on Unixware 2.x.
+
+20010215
+ - (djm) Move PAM session setup back to before setuid to user. Fixes
+ problems on Solaris-derived PAMs.
+ - (djm) Clean up PAM namespace. Suggested by Darren Moffat
+ <Darren.Moffat@eng.sun.com>
+ - (bal) Sync w/ OpenSSH for new release
+ - markus@cvs.openbsd.org 2001/02/12 12:45:06
+ [sshconnect1.c]
+ fix xmalloc(0), ok dugsong@
+ - markus@cvs.openbsd.org 2001/02/11 12:59:25
+ [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
+ sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
+ 1) clean up the MAC support for SSH-2
+ 2) allow you to specify the MAC with 'ssh -m'
+ 3) or the 'MACs' keyword in ssh(d)_config
+ 4) add hmac-{md5,sha1}-96
+ ok stevesk@, provos@
+ - markus@cvs.openbsd.org 2001/02/12 16:16:23
+ [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
+ ssh-keygen.c sshd.8]
+ PermitRootLogin={yes,without-password,forced-commands-only,no}
+ (before this change, root could login even if PermitRootLogin==no)
+ - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
+ [clientloop.c packet.c ssh-keyscan.c]
+ deal with EAGAIN/EINTR selects which were skipped
+ - markus@cvs.openssh.org 2001/02/13 22:49:40
+ [auth1.c auth2.c]
+ setproctitle(user) only if getpwnam succeeds
+ - markus@cvs.openbsd.org 2001/02/12 23:26:20
+ [sshd.c]
+ missing memset; from solar@openwall.com
+ - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
[sftp-int.c]
- typos from Jonathon Gray;
- - jakob@cvs.openbsd.org 2003/11/10 16:23:41
- [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
- [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
- [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
- constify. ok markus@ & djm@
- - dtucker@cvs.openbsd.org 2003/11/12 10:12:15
+ lumask now works with 1 numeric arg; ok markus@, djm@
+ - djm@cvs.openbsd.org 2001/02/14 9:46:03
+ [sftp-client.c sftp-int.c sftp.1]
+ Fix and document 'preserve modes & times' option ('-p' flag in sftp);
+ ok markus@
+ - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
+ - (djm) Move to Jim's 1.2.0 X11 askpass program
+ - (stevesk) OpenBSD sync:
+ - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
+ [serverloop.c]
+ indent
+
+20010214
+ - (djm) Don't try to close PAM session or delete credentials if the
+ session has not been open or credentials not set. Based on patch from
+ Andrew Bartlett <abartlet@pcug.org.au>
+ - (djm) Move PAM session initialisation until after fork in sshd. Patch
+ from Nalin Dahyabhai <nalin@redhat.com>
+ - (bal) Missing function prototype in bsd-snprintf.c patch by
+ Mark Miller <markm@swoon.net>
+ - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
+ <cmadams@hiwaay.net> with a little modification and KNF.
+ - (stevesk) fix for SIA patch, misplaced session_setup_sia()
+
+20010213
+ - (djm) Only test -S potential EGD sockets if they exist and are readable.
+ - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
+ I did a base KNF over the whe whole file to make it more acceptable.
+ (backed out of original patch and removed it from ChangeLog)
+ - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
+ Tim Rice <tim@multitalents.net>
+ - (stevesk) auth1.c: fix PAM passwordless check.
+
+20010212
+ - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
+ --define "skip_gnome_askpass 1", --define "rh7 1" and make the
+ implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
+ Pekka Savola <pekkas@netcore.fi>
+ - (djm) Clean up PCRE text in INSTALL
+ - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
+ <mib@unimelb.edu.au>
+ - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
+ - (stevesk) session.c: remove debugging code.
+
+20010211
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/02/07 22:35:46
+ [auth1.c auth2.c sshd.c]
+ move k_setpag() to a central place; ok dugsong@
+ - markus@cvs.openbsd.org 2001/02/10 12:52:02
+ [auth2.c]
+ offer passwd before s/key
+ - markus@cvs.openbsd.org 2001/02/8 22:37:10
+ [canohost.c]
+ remove last call to sprintf; ok deraadt@
+ - markus@cvs.openbsd.org 2001/02/10 1:33:32
+ [canohost.c]
+ add debug message, since sshd blocks here if DNS is not available
+ - markus@cvs.openbsd.org 2001/02/10 12:44:02
+ [cli.c]
+ don't call vis() for \r
+ - danh@cvs.openbsd.org 2001/02/10 0:12:43
+ [scp.c]
+ revert a small change to allow -r option to work again; ok deraadt@
+ - danh@cvs.openbsd.org 2001/02/10 15:14:11
[scp.c]
- When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
- - jakob@cvs.openbsd.org 2003/11/12 16:39:58
- [dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
- update SSHFP validation. ok markus@
- - jmc@cvs.openbsd.org 2003/11/12 20:14:51
- [ssh_config.5]
- make verb agree with subject, and kill some whitespace;
- - markus@cvs.openbsd.org 2003/11/14 13:19:09
+ fix memory leak; ok markus@
+ - djm@cvs.openbsd.org 2001/02/10 0:45:52
+ [scp.1]
+ Mention that you can quote pathnames with spaces in them
+ - markus@cvs.openbsd.org 2001/02/10 1:46:28
+ [ssh.c]
+ remove mapping of argv[0] -> hostname
+ - markus@cvs.openbsd.org 2001/02/06 22:26:17
[sshconnect2.c]
- cleanup and minor fixes for the client code; from Simon Wilkinson
- - djm@cvs.openbsd.org 2003/11/17 09:45:39
- [msg.c msg.h sshconnect2.c ssh-keysign.c]
- return error on msg send/receive failure (rather than fatal); ok markus@
- - markus@cvs.openbsd.org 2003/11/17 11:06:07
- [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
- [monitor_wrap.h sshconnect2.c ssh-gss.h]
- replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
- test + ok jakob.
- - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
- conversation function
- - (djm) Export environment variables from authentication subprocess to
- parent. Part of Bug #717
-
-20031115
- - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
- HP-UX, skip test on AIX.
-
-20031113
- - (dtucker) [auth-pam.c] Append newlines to lines output by the
- pam_chauthtok_conv().
- - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All
- contrib/cygwin). Major update from vinschen at redhat.com.
- - Makefile provides a `cygwin-postinstall' target to run right after
- `make install'.
- - Better support for Windows 2003 Server.
- - Try to get permissions as correct as possible.
- - New command line options to allow full automated host configuration.
- - Create configs from skeletons in /etc/defaults/etc.
- - Use /bin/bash, allows reading user input with readline support.
- - Remove really old configs from /usr/local.
- - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and
- PAM_ERROR_MSG messages.
-
-20031106
- - (djm) Clarify UsePAM consequences a little more
-
-20031103
- - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
- are created correctly with CRLF line terminations. Patch from vinschen at
- redhat.com.
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2003/10/15 09:48:45
- [monitor_wrap.c]
- check pmonitor != NULL
- - markus@cvs.openbsd.org 2003/10/21 09:50:06
- [auth2-gss.c]
- make sure the doid is larger than 2
- - avsm@cvs.openbsd.org 2003/10/26 16:57:43
+ do not ask for passphrase in batch mode; report from ejb@ql.org
+ - itojun@cvs.opebsd.org 2001/02/08 10:47:05
+ [sshconnect.c sshconnect1.c sshconnect2.c]
+ %.30s is too short for IPv6 numeric address. use %.128s for now.
+ markus ok
+ - markus@cvs.openbsd.org 2001/02/09 12:28:35
[sshconnect2.c]
- rename 'supported' static var in userauth_gssapi() to 'gss_supported'
- to avoid shadowing the global version. markus@ ok
- - markus@cvs.openbsd.org 2003/10/28 09:08:06
- [misc.c]
- error->debug for getsockopt+TCP_NODELAY; several requests
- - markus@cvs.openbsd.org 2003/11/02 11:01:03
- [auth2-gss.c compat.c compat.h sshconnect2.c]
- remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
- - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid.
-
-20031021
- - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
- directly. Noted by Darren.Moffat at sun.com.
- - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set,
- make agent setgid during test.
-
-20031017
- - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with
- MD5 passwords even if PAM support is enabled. From steev at detritus.net.
-
-20031015
- - (dtucker) OpenBSD CVS Sync
- - jmc@cvs.openbsd.org 2003/10/08 08:27:36
- [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
- scp and sftp: add options list and sort options. options list requested
- by deraadt@
- sshd: use same format as ssh
- ssh: remove wrong option from list
- sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
- ok deraadt@ markus@
- - markus@cvs.openbsd.org 2003/10/08 15:21:24
- [readconf.c ssh_config.5]
- default GSS API to no in client, too; ok jakob, deraadt@
- - markus@cvs.openbsd.org 2003/10/11 08:24:08
- [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
- remote x11 clients are now untrusted by default, uses xauth(8) to generate
- untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
- ok deraadt; feedback and ok djm/fries
- - markus@cvs.openbsd.org 2003/10/11 08:26:43
+ do not free twice, thanks to /etc/malloc.conf
+ - markus@cvs.openbsd.org 2001/02/09 17:10:53
[sshconnect2.c]
- search keys in reverse order; fixes #684
- - markus@cvs.openbsd.org 2003/10/11 11:36:23
- [monitor_wrap.c]
- return NULL for missing banner; ok djm@
- - jmc@cvs.openbsd.org 2003/10/12 13:12:13
- [ssh_config.5]
- note that EnableSSHKeySign should be in the non-hostspecific section;
- remove unnecessary .Pp;
- ok markus@
- - markus@cvs.openbsd.org 2003/10/13 08:22:25
- [scp.1 sftp.1]
- don't refer to options related to forwarding; ok jmc@
- - jakob@cvs.openbsd.org 2003/10/14 19:42:10
- [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
- include SSHFP lookup code (not enabled by default). ok markus@
- - jakob@cvs.openbsd.org 2003/10/14 19:43:23
- [README.dns]
- update
- - markus@cvs.openbsd.org 2003/10/14 19:54:39
- [session.c ssh-agent.c]
- 10X for mkdtemp; djm@
- - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
- openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
- compiled in but disabled in config.
- - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
- - (tim) [regress/banner.sh] portability fix.
-
-20031009
- - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
-
-20031008
- - (dtucker) OpenBSD CVS Sync
- - dtucker@cvs.openbsd.org 2003/10/07 01:47:27
+ partial success: debug->log; "Permission denied" if no more auth methods
+ - markus@cvs.openbsd.org 2001/02/10 12:09:21
[sshconnect2.c]
- Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 &
- #707. ok markus@
- - djm@cvs.openbsd.org 2003/10/07 07:04:16
+ remove some lines
+ - markus@cvs.openbsd.org 2001/02/09 13:38:07
+ [auth-options.c]
+ reset options if no option is given; from han.holl@prismant.nl
+ - markus@cvs.openbsd.org 2001/02/08 21:58:28
+ [channels.c]
+ nuke sprintf, ok deraadt@
+ - markus@cvs.openbsd.org 2001/02/08 21:58:28
+ [channels.c]
+ nuke sprintf, ok deraadt@
+ - markus@cvs.openbsd.org 2001/02/06 22:43:02
+ [clientloop.h]
+ remove confusing callback code
+ - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
+ [readconf.c]
+ snprintf
+ - itojun@cvs.openbsd.org 2001/02/08 19:30:52
+ sync with netbsd tree changes.
+ - more strict prototypes, include necessary headers
+ - use paths.h/pathnames.h decls
+ - size_t typecase to int -> u_long
+ - itojun@cvs.openbsd.org 2001/02/07 18:04:50
+ [ssh-keyscan.c]
+ fix size_t -> int cast (use u_long). markus ok
+ - markus@cvs.openbsd.org 2001/02/07 22:43:16
+ [ssh-keyscan.c]
+ s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
+ - itojun@cvs.openbsd.org 2001/02/09 9:04:59
+ [ssh-keyscan.c]
+ do not assume malloc() returns zero-filled region. found by
+ malloc.conf=AJ.
+ - markus@cvs.openbsd.org 2001/02/08 22:35:30
+ [sshconnect.c]
+ don't connect if batch_mode is true and stricthostkeychecking set to
+ 'ask'
+ - djm@cvs.openbsd.org 2001/02/04 21:26:07
+ [sshd_config]
+ type: ok markus@
+ - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
+ [sshd_config]
+ enable sftp-server by default
+ - deraadt 2001/02/07 8:57:26
+ [xmalloc.c]
+ deal with new ANSI malloc stuff
+ - markus@cvs.openbsd.org 2001/02/07 16:46:08
+ [xmalloc.c]
+ typo in fatal()
+ - itojun@cvs.openbsd.org 2001/02/07 18:04:50
+ [xmalloc.c]
+ fix size_t -> int cast (use u_long). markus ok
+ - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
+ [serverloop.c sshconnect1.c]
+ mitigate SSH1 traffic analysis - from Solar Designer
+ <solar@openwall.com>, ok provos@
+ - (bal) fixed sftp-client.c. Return 'status' instead of '0'
+ (from the OpenBSD tree)
+ - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
+ - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
+ - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
+ - (bal) A bit more whitespace cleanup
+ - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
+ <abartlet@pcug.org.au>
+ - (stevesk) misc.c: ssh.h not needed.
+ - (stevesk) compat.c: more friendly cpp error
+ - (stevesk) OpenBSD sync:
+ - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
+ [LICENSE]
+ typos and small cleanup; ok deraadt@
+
+20010210
+ - (djm) Sync sftp and scp stuff from OpenBSD:
+ - djm@cvs.openbsd.org 2001/02/07 03:55:13
+ [sftp-client.c]
+ Don't free handles before we are done with them. Based on work from
+ Corinna Vinschen <vinschen@redhat.com>. ok markus@
+ - djm@cvs.openbsd.org 2001/02/06 22:32:53
+ [sftp.1]
+ Punctuation fix from Pekka Savola <pekkas@netcore.fi>
+ - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
+ [sftp.1]
+ pretty up significantly
+ - itojun@cvs.openbsd.org 2001/02/07 06:49:42
+ [sftp.1]
+ .Bl-.El mismatch. markus ok
+ - djm@cvs.openbsd.org 2001/02/07 06:12:30
+ [sftp-int.c]
+ Check that target is a directory before doing ls; ok markus@
+ - itojun@cvs.openbsd.org 2001/02/07 11:01:18
+ [scp.c sftp-client.c sftp-server.c]
+ unsigned long long -> %llu, not %qu. markus ok
+ - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
+ [sftp.1 sftp-int.c]
+ more man page cleanup and sync of help text with man page; ok markus@
+ - markus@cvs.openbsd.org 2001/02/07 14:58:34
+ [sftp-client.c]
+ older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
+ - djm@cvs.openbsd.org 2001/02/07 15:27:19
+ [sftp.c]
+ Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
+ <roumen.petrov@skalasoft.com>
+ - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
+ [sftp-int.c]
+ portable; ok markus@
+ - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
+ [sftp-int.c]
+ lowercase cmds[].c also; ok markus@
+ - markus@cvs.openbsd.org 2001/02/07 17:04:52
+ [pathnames.h sftp.c]
+ allow sftp over ssh protocol 1; ok djm@
+ - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
+ [scp.c]
+ memory leak fix, and snprintf throughout
+ - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
+ [sftp-int.c]
+ plug a memory leak
+ - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
+ [session.c sftp-client.c]
+ %i -> %d
+ - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
+ [sftp-int.c]
+ typo
+ - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
+ [sftp-int.c pathnames.h]
+ _PATH_LS; ok markus@
+ - djm@cvs.openbsd.org 2001/02/09 04:46:25
+ [sftp-int.c]
+ Check for NULL attribs for chown, chmod & chgrp operations, only send
+ relevant attribs back to server; ok markus@
+ - djm@cvs.openbsd.org 2001/02/06 15:05:25
+ [sftp.c]
+ Use getopt to process commandline arguments
+ - djm@cvs.openbsd.org 2001/02/06 15:06:21
+ [sftp.c ]
+ Wait for ssh subprocess at exit
+ - djm@cvs.openbsd.org 2001/02/06 15:18:16
+ [sftp-int.c]
+ stat target for remote chdir before doing chdir
+ - djm@cvs.openbsd.org 2001/02/06 15:32:54
+ [sftp.1]
+ Punctuation fix from Pekka Savola <pekkas@netcore.fi>
+ - provos@cvs.openbsd.org 2001/02/05 22:22:02
+ [sftp-int.c]
+ cleanup get_pathname, fix pwd after failed cd. okay djm@
+ - (djm) Update makefile.in for _PATH_SFTP_SERVER
+ - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
+
+20010209
+ - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
+ <rjmooney@mediaone.net>
+ - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
+ main tree while porting forward. Pointed out by Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (stevesk) OpenBSD sync:
+ - markus@cvs.openbsd.org 2001/02/08 11:20:01
+ [auth2.c]
+ strict checking
+ - markus@cvs.openbsd.org 2001/02/08 11:15:22
+ [version.h]
+ update to 2.3.2
+ - markus@cvs.openbsd.org 2001/02/08 11:12:30
+ [auth2.c]
+ fix typo
+ - (djm) Update spec files
+ - (bal) OpenBSD sync:
+ - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
+ [scp.c]
+ memory leak fix, and snprintf throughout
+ - markus@cvs.openbsd.org 2001/02/06 22:43:02
+ [clientloop.c]
+ remove confusing callback code
+ - (djm) Add CVS Id's to files that we have missed
+ - (bal) OpenBSD Sync (more):
+ - itojun@cvs.openbsd.org 2001/02/08 19:30:52
+ sync with netbsd tree changes.
+ - more strict prototypes, include necessary headers
+ - use paths.h/pathnames.h decls
+ - size_t typecase to int -> u_long
+ - markus@cvs.openbsd.org 2001/02/06 22:07:42
+ [ssh.c]
+ fatal() if subsystem fails
+ - markus@cvs.openbsd.org 2001/02/06 22:43:02
+ [ssh.c]
+ remove confusing callback code
+ - jakob@cvs.openbsd.org 2001/02/06 23:03:24
+ [ssh.c]
+ add -1 option (force protocol version 1). ok markus@
+ - jakob@cvs.openbsd.org 2001/02/06 23:06:21
+ [ssh.c]
+ reorder -{1,2,4,6} options. ok markus@
+ - (bal) Missing 'const' in readpass.h
+ - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
+ - djm@cvs.openbsd.org 2001/02/06 23:30:28
+ [sftp-client.c]
+ replace arc4random with counter for request ids; ok markus@
+ - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
+ Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20010208
+ - (djm) Don't delete external askpass program in make uninstall target.
+ Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
+ - (djm) Fix linking of sftp, don't need arc4random any more.
+ - (djm) Try to use shell that supports "test -S" for EGD socket search.
+ Based on patch from Tim Rice <tim@multitalents.net>
+
+20010207
+ - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
+ seem lose track of it while in openbsd-compat/ (two confirmed reports)
+ - (djm) Much KNF on PAM code
+ - (djm) Revise auth-pam.c conversation function to be a little more
+ readable.
+ - (djm) Revise kbd-int PAM conversation function to fold all text messages
+ to before first prompt. Fixes hangs if last pam_message did not require
+ a reply.
+ - (djm) Fix password changing when using PAM kbd-int authentication
+
+20010205
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
+ that don't have NGROUPS_MAX.
+ - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
+ - (stevesk) OpenBSD sync:
+ - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
+ [many files; did this manually to our top-level source dir]
+ unexpand and remove end-of-line whitespace; ok markus@
+ - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
+ [sftp-server.c]
+ SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
+ - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
+ [sftp-int.c]
+ ? == help
+ - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
+ [sftp-int.c]
+ sort commands, so that abbreviations work as expected
+ - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
+ [sftp-int.c]
+ debugging sftp: precedence and missing break. chmod, chown, chgrp
+ seem to be working now.
+ - markus@cvs.openbsd.org 2001/02/04 14:41:21
[sftp-int.c]
- sftp quoting fix from admorten AT umich.edu; ok markus@
- - deraadt@cvs.openbsd.org 2003/10/07 21:58:28
+ use base 8 for umask/chmod
+ - markus@cvs.openbsd.org 2001/02/04 11:11:54
+ [sftp-int.c]
+ fix LCD
+ - markus@cvs.openbsd.org 2001/02/04 08:10:44
+ [ssh.1]
+ typo; dpo@club-internet.fr
+ - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
+ [auth2.c authfd.c packet.c]
+ remove duplicate #include's; ok markus@
+ - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
+ [scp.c sshd.c]
+ alpha happiness
+ - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
+ [sshd.c]
+ precedence; ok markus@
+ - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
+ [ssh.c sshd.c]
+ make the alpha happy
+ - markus@cvs.openbsd.org 2001/01/31 13:37:24
+ [channels.c channels.h serverloop.c ssh.c]
+ do not disconnect if local port forwarding fails, e.g. if port is
+ already in use
+ - markus@cvs.openbsd.org 2001/02/01 14:58:09
+ [channels.c]
+ use ipaddr in channel messages, ietf-secsh wants this
+ - markus@cvs.openbsd.org 2001/01/31 12:26:20
+ [channels.c]
+ ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
+ messages; bug report from edmundo@rano.org
+ - markus@cvs.openbsd.org 2001/01/31 13:48:09
+ [sshconnect2.c]
+ unused
+ - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
+ [sftp-client.c sftp-server.c]
+ make gcc on the alpha even happier
+
+20010204
+ - (bal) I think this is the last of the bsd-*.h that don't belong.
+ - (bal) Minor Makefile fix
+ - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
+ right.
+ - (bal) Changed order of LIB="" in -with-skey due to library resolving.
+ - (bal) next-posix.h changed to bsd-nextstep.h
+ - (djm) OpenBSD CVS sync:
+ - markus@cvs.openbsd.org 2001/02/03 03:08:38
+ [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
+ [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
+ [sshd_config]
+ make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
+ - markus@cvs.openbsd.org 2001/02/03 03:19:51
+ [ssh.1 sshd.8 sshd_config]
+ Skey is now called ChallengeResponse
+ - markus@cvs.openbsd.org 2001/02/03 03:43:09
+ [sshd.8]
+ use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
+ channel. note from Erik.Anggard@cygate.se (pr/1659)
+ - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
+ [ssh.1]
+ typos; ok markus@
+ - djm@cvs.openbsd.org 2001/02/04 04:11:56
+ [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
+ [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
+ Basic interactive sftp client; ok theo@
+ - (djm) Update RPM specs for new sftp binary
+ - (djm) Update several bits for new optional reverse lookup stuff. I
+ think I got them all.
+ - (djm) Makefile.in fixes
+ - (stevesk) add mysignal() wrapper and use it for the protocol 2
+ SIGCHLD handler.
+ - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
+
+20010203
+ - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
+ based file) to ensure #include space does not get confused.
+ - (bal) Minor Makefile.in tweak. dirname may not exist on some
+ platforms so builds fail. (NeXT being a well known one)
+
+20010202
+ - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
+ <vinschen@redhat.com>
+ - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
+ that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
+
+20010201
+ - (bal) Minor fix to Makefile to stop rebuilding executables if no
+ changes have occured to any of the supporting code. Patch by
+ Roumen Petrov <roumen.petrov@skalasoft.com>
+
+20010131
+ - (djm) OpenBSD CVS Sync:
+ - djm@cvs.openbsd.org 2001/01/30 15:48:53
+ [sshconnect.c]
+ Make warning message a little more consistent. ok markus@
+ - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
+ Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
+ respectively.
+ - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
+ passwords.
+ - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
+ openbsd-compat/. And resolve all ./configure and Makefile.in issues
+ assocated.
+
+20010130
+ - (djm) OpenBSD CVS Sync:
+ - markus@cvs.openbsd.org 2001/01/29 09:55:37
+ [channels.c channels.h clientloop.c serverloop.c]
+ fix select overflow; ok deraadt@ and stevesk@
+ - markus@cvs.openbsd.org 2001/01/29 12:42:35
+ [canohost.c canohost.h channels.c clientloop.c]
+ add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
+ - markus@cvs.openbsd.org 2001/01/29 12:47:32
+ [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
+ handle rsa_private_decrypt failures; helps against the Bleichenbacher
+ pkcs#1 attack
+ - djm@cvs.openbsd.org 2001/01/29 05:36:11
+ [ssh.1 ssh.c]
+ Allow invocation of sybsystem by commandline (-s); ok markus@
+ - (stevesk) configure.in: remove duplicate PROG_LS
+
+20010129
+ - (stevesk) sftp-server.c: use %lld vs. %qd
+
+20010128
+ - (bal) Put USE_PIPES back into sco3.2v5
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/28 10:15:34
+ [dispatch.c]
+ re-keying is not supported; ok deraadt@
+ - markus@cvs.openbsd.org 2001/01/28 10:24:04
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ cleanup AUTHORS sections
+ - markus@cvs.openbsd.org 2001/01/28 10:37:26
+ [sshd.c sshd.8]
+ remove -Q, no longer needed
+ - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
+ [readconf.c ssh.1]
+ ``StrictHostKeyChecking ask'' documentation and small cleanup.
+ ok markus@
+ - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
+ [sshd.8]
+ spelling. ok markus@
+ - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
+ [xmalloc.c]
+ use size_t for strlen() return. ok markus@
+ - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
+ [authfile.c]
+ spelling. use sizeof vs. strlen(). ok markus@
+ - niklas@cvs.openbsd.org 2001/01/29 1:59:14
+ [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
+ groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
+ key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
+ radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
+ ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
+ sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
+ $OpenBSD$
+ - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
+
+20010126
+ - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
+ Petrov <roumen.petrov@skalasoft.com>
+ - (bal) OpenBSD Sync
+ - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
+ [ssh-agent.c]
+ call _exit() in signal handler
+
+20010125
+ - (djm) Sync bsd-* support files:
+ - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
+ [rresvport.c bindresvport.c]
+ new bindresvport() semantics that itojun, shin, jean-luc and i have
+ agreed on, which will be happy for the future. bindresvport_sa() for
+ sockaddr *, too. docs later..
+ - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
+ [bindresvport.c]
+ in bindresvport(), if sin is non-NULL, example sin->sin_family for
+ the actual family being processed
+ - (djm) Mention PRNGd in documentation, it is nicer than EGD
+ - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
+ - (bal) AC_FUNC_STRFTIME added to autoconf
+ - (bal) OpenBSD Resync
+ - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
+ [channels.c]
+ missing freeaddrinfo(); ok markus@
+
+20010124
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/23 10:45:10
+ [ssh.h]
+ nuke comment
+ - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
+ - (bal) #ifdef around S_IFSOCK if platform does not support it.
+ patch by Tim Rice <tim@multitalents.net>
+ - (bal) fake-regex.h cleanup based on Tim Rice's patch.
+ - (stevesk) sftp-server.c: fix chmod() mode mask
+
+20010123
+ - (bal) regexp.h typo in configure.in. Should have been regex.h
+ - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
+ - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/22 8:15:00
+ [auth-krb4.c sshconnect1.c]
+ only AFS needs radix.[ch]
+ - markus@cvs.openbsd.org 2001/01/22 8:32:53
+ [auth2.c]
+ no need to include; from mouring@etoh.eviladmin.org
+ - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
+ [key.c]
+ free() -> xfree(); ok markus@
+ - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
+ [sshconnect2.c sshd.c]
+ fix memory leaks in SSH2 key exchange; ok markus@
+ - markus@cvs.openbsd.org 2001/01/22 23:06:39
+ [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
+ sshconnect1.c sshconnect2.c sshd.c]
+ rename skey -> challenge response.
+ auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
+
+
+20010122
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+ [servconf.c ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+ [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+ packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+ session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+ ssh1.h sshconnect1.c sshd.c ttymodes.c]
+ move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+ - markus@cvs.openbsd.org 2001/01/19 16:48:14
+ [sshd.8]
+ fix typo; from stevesk@
+ - markus@cvs.openbsd.org 2001/01/19 16:50:58
+ [ssh-dss.c]
+ clear and free digest, make consistent with other code (use dlen); from
+ stevesk@
+ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+ [auth-options.c auth-options.h auth-rsa.c auth2.c]
+ pass the filename to auth_parse_options()
+ - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+ [readconf.c]
+ fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+ - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
- set ptr to NULL after free
- - dtucker@cvs.openbsd.org 2003/10/07 01:52:13
- [regress/Makefile regress/banner.sh]
- Test SSH2 banner. ok markus@
- - djm@cvs.openbsd.org 2003/10/07 07:04:52
- [regress/sftp-cmds.sh]
- more sftp quoting regress tests; ok markus
-
-20031007
- - (djm) Delete autom4te.cache after autoreconf
- - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
- cleanup functions. With & ok djm@
- - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a
- run-time switch, always build --with-md5-passwords.
- - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
- Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@
- - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID
- on Reliant Unix. Patch from Robert.Dahlem at siemens.com.
- - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on
- Reliant Unix. Based on patch from Robert.Dahlem at siemens.com.
-
-20031003
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2003/10/02 10:41:59
+ dh_new_group() does not return NULL. ok markus@
+ - markus@cvs.openbsd.org 2001/01/20 21:33:42
+ [ssh-add.c]
+ do not loop forever if askpass does not exist; from
+ andrew@pimlott.ne.mediaone.net
+ - djm@cvs.openbsd.org 2001/01/20 23:00:56
+ [servconf.c]
+ Check for NULL return from strdelim; ok markus
+ - djm@cvs.openbsd.org 2001/01/20 23:02:07
+ [readconf.c]
+ KNF; ok markus
+ - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+ [ssh-keygen.1]
+ remove -R flag; ok markus@
+ - markus@cvs.openbsd.org 2001/01/21 19:05:40
+ [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+ auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+ bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
+ cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+ deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+ key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+ match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+ readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+ session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+ ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+ sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+ ttysmodes.c uidswap.c xmalloc.c]
+ split ssh.h and try to cleanup the #include mess. remove unnecessary
+ #includes. rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+ conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+ on 1/19.
+
+20010120
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26
+ [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - (bal) Slight auth2-pam.c clean up.
+ - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
+ but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
+
+20010119
+ - (djm) Update versions in RPM specfiles
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/18 16:20:21
+ [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
+ sshd.8 sshd.c]
+ log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
+ systems
+ - markus@cvs.openbsd.org 2001/01/18 16:59:59
+ [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
+ session.h sshconnect1.c]
+ 1) removes fake skey from sshd, since this will be much
+ harder with /usr/libexec/auth/login_XXX
+ 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
+ 3) make addition of BSD_AUTH and other challenge reponse methods
+ easier.
+ - markus@cvs.openbsd.org 2001/01/18 17:12:43
+ [auth-chall.c auth2-chall.c]
+ rename *-skey.c *-chall.c since the files are not skey specific
+ - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
+ to fix NULL pointer deref and fake authloop breakage in PAM code.
+ - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
+
+20010118
+ - (bal) Super Sized OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
[sshd.c]
- print openssl version, too, several requests; ok henning/djm.
- - markus@cvs.openbsd.org 2003/10/02 08:26:53
- [ssh-gss.h]
- missing $OpenBSD:; dtucker
- - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default
- option.
+ maxfd+1
+ - markus@cvs.openbsd.org 2001/01/13 17:59:18
+ [ssh-keygen.1]
+ small ssh-keygen manpage cleanup; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:03:07
+ [scp.c ssh-keygen.c sshd.c]
+ getopt() returns -1 not EOF; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:06:54
+ [ssh-keyscan.c]
+ use SSH_DEFAULT_PORT; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:12:47
+ [ssh-keyscan.c]
+ free() -> xfree(); fix memory leak; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:14:13
+ [ssh-add.c]
+ typo, from stevesk@sweden.hp.com
+ - markus@cvs.openbsd.org 2001/01/13 18:32:50
+ [packet.c session.c ssh.c sshconnect.c sshd.c]
+ split out keepalive from packet_interactive (from dale@accentre.com)
+ set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+ - markus@cvs.openbsd.org 2001/01/13 18:36:45
+ [packet.c packet.h]
+ reorder, typo
+ - markus@cvs.openbsd.org 2001/01/13 18:38:00
+ [auth-options.c]
+ fix comment
+ - markus@cvs.openbsd.org 2001/01/13 18:43:31
+ [session.c]
+ Wall
+ - markus@cvs.openbsd.org 2001/01/13 19:14:08
+ [clientloop.h clientloop.c ssh.c]
+ move callback to headerfile
+ - markus@cvs.openbsd.org 2001/01/15 21:40:10
+ [ssh.c]
+ use log() instead of stderr
+ - markus@cvs.openbsd.org 2001/01/15 21:43:51
+ [dh.c]
+ use error() not stderr!
+ - markus@cvs.openbsd.org 2001/01/15 21:45:29
+ [sftp-server.c]
+ rename must fail if newpath exists, debug off by default
+ - markus@cvs.openbsd.org 2001/01/15 21:46:38
+ [sftp-server.c]
+ readable long listing for sftp-server, ok deraadt@
+ - markus@cvs.openbsd.org 2001/01/16 19:20:06
+ [key.c ssh-rsa.c]
+ make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
+ galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
+ since they are in the wrong format, too. they must be removed from
+ .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+ (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
+ .ssh/authorized_keys2) additionally, we now check that
+ BN_num_bits(rsa->n) >= 768.
+ - markus@cvs.openbsd.org 2001/01/16 20:54:27
+ [sftp-server.c]
+ remove some statics. simpler handles; idea from nisse@lysator.liu.se
+ - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+ [bufaux.c radix.c sshconnect.h sshconnect1.c]
+ indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+ be missing such feature.
+
+
+20010117
+ - (djm) Only write random seed file at exit
+ - (djm) Make PAM support optional, enable with --with-pam
+ - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
+ provides a crypt() of its own)
+ - (djm) Avoid a warning in bsd-bindresvport.c
+ - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
+ can cause weird segfaults errors on Solaris
+ - (djm) Avoid warning in PAM code by making read_passphrase arguments const
+ - (djm) Add --with-pam to RPM spec files
+
+20010115
+ - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
+ - (bal) utimes() support via utime() interface on machine that lack utimes().
+
+20010114
+ - (stevesk) initial work for OpenBSD "support supplementary group in
+ {Allow,Deny}Groups" patch:
+ - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
+ - add bsd-getgrouplist.h
+ - new files groupaccess.[ch]
+ - build but don't use yet (need to merge auth.c changes)
+ - (stevesk) complete:
+ - markus@cvs.openbsd.org 2001/01/13 11:56:48
+ [auth.c sshd.8]
+ support supplementary group in {Allow,Deny}Groups
+ from stevesk@pobox.com
+
+20010112
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/10 22:56:22
+ [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
+ cleanup sftp-server implementation:
+ add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
+ parse SSH2_FILEXFER_ATTR_EXTENDED
+ send SSH2_FX_EOF if readdir returns no more entries
+ reply to SSH2_FXP_EXTENDED message
+ use #defines from the draft
+ move #definations to sftp.h
+ more info:
+ http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
+ - markus@cvs.openbsd.org 2001/01/10 19:43:20
+ [sshd.c]
+ XXX - generate_empheral_server_key() is not safe against races,
+ because it calls log()
+ - markus@cvs.openbsd.org 2001/01/09 21:19:50
+ [packet.c]
+ allow TCP_NDELAY for ipv6; from netbsd via itojun@
+
+20010110
+ - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
+ Bladt Norbert <Norbert.Bladt@adi.ch>
+
+20010109
+ - (bal) Resync CVS ID of cli.c
+ - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
+ code.
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/08 22:29:05
+ [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
+ sshd_config version.h]
+ implement option 'Banner /etc/issue.net' for ssh2, move version to
+ 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
+ is enabled).
+ - markus@cvs.openbsd.org 2001/01/08 22:03:23
+ [channels.c ssh-keyscan.c]
+ O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/08 21:55:41
+ [sshconnect1.c]
+ more cleanups and fixes from stevesk@pobox.com:
+ 1) try_agent_authentication() for loop will overwrite key just
+ allocated with key_new(); don't alloc
+ 2) call ssh_close_authentication_connection() before exit
+ try_agent_authentication()
+ 3) free mem on bad passphrase in try_rsa_authentication()
+ - markus@cvs.openbsd.org 2001/01/08 21:48:17
+ [kex.c]
+ missing free; thanks stevesk@pobox.com
+ - (bal) Detect if clock_t structure exists, if not define it.
+ - (bal) Detect if O_NONBLOCK exists, if not define it.
+ - (bal) removed news4-posix.h (now empty)
+ - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
+ instead of 'int'
+ - (stevesk) sshd_config: sync
+ - (stevesk) defines.h: remove spurious ``;''
+
+20010108
+ - (bal) Fixed another typo in cli.c
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/07 21:26:55
+ [cli.c]
+ typo
+ - markus@cvs.openbsd.org 2001/01/07 21:26:55
+ [cli.c]
+ missing free, stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/07 19:06:25
+ [auth1.c]
+ missing free, stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/07 11:28:04
+ [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
+ ssh.h sshd.8 sshd.c]
+ rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
+ syslog priority changes:
+ fatal() LOG_ERR -> LOG_CRIT
+ log() LOG_INFO -> LOG_NOTICE
+ - Updated TODO
+
+20010107
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/06 11:23:27
+ [ssh-rsa.c]
+ remove unused
+ - itojun@cvs.openbsd.org 2001/01/05 08:23:29
+ [ssh-keyscan.1]
+ missing .El
+ - markus@cvs.openbsd.org 2001/01/04 22:41:03
+ [session.c sshconnect.c]
+ consistent use of _PATH_BSHELL; from stevesk@pobox.com
+ - djm@cvs.openbsd.org 2001/01/04 22:35:32
+ [ssh.1 sshd.8]
+ Mention AES as available SSH2 Cipher; ok markus
+ - markus@cvs.openbsd.org 2001/01/04 22:25:58
+ [sshd.c]
+ sync usage()/man with defaults; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/04 22:21:26
+ [sshconnect2.c]
+ handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
+ that prints a banner (e.g. /etc/issue.net)
+
+20010105
+ - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
+ - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
+
+20010104
+ - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
+ work by Chris Vaughan <vaughan99@yahoo.com>
+
+20010103
+ - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
+ tree (mainly positioning)
+ - (bal) OpenSSH CVS Update
+ - markus@cvs.openbsd.org 2001/01/02 20:41:02
+ [packet.c]
+ log remote ip on disconnect; PR 1600 from jcs@rt.fm
+ - markus@cvs.openbsd.org 2001/01/02 20:50:56
+ [sshconnect.c]
+ strict_host_key_checking for host_status != HOST_CHANGED &&
+ ip_status == HOST_CHANGED
+ - (bal) authfile.c: Synced CVS ID tag
+ - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
+ - (bal) Disable sftp-server if no 64bit int support exists. Based on
+ patch by Tim Rice <tim@multitalents.net>
+ - (bal) Makefile.in changes to uninstall: target to remove sftp-server
+ and sftp-server.8 manpage.
+
+20010102
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2001/01/01 14:52:49
+ [scp.c]
+ use shared fatal(); from stevesk@pobox.com
-20031002
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2003/09/23 20:17:11
- [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
- cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
- monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
- ssh-agent.c sshd.c]
- replace fatal_cleanup() and linked list of fatal callbacks with static
- cleanup_exit() function. re-refine cleanup_exit() where appropriate,
- allocate sshd's authctxt eary to allow simpler cleanup in sshd.
- tested by many, ok deraadt@
- - markus@cvs.openbsd.org 2003/09/23 20:18:52
- [progressmeter.c]
- don't print trailing \0; bug #709; Robert.Dahlem@siemens.com
- ok millert/deraadt@
- - markus@cvs.openbsd.org 2003/09/23 20:41:11
- [channels.c channels.h clientloop.c]
- move client only agent code to clientloop.c
- - markus@cvs.openbsd.org 2003/09/26 08:19:29
+20001231
+ - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
+ for multiple reasons.
+ - (bal) Reverted out of a partial NeXT patch.
+
+20001230
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2000/12/28 18:58:30
+ [ssh-keygen.c]
+ enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
+ - markus@cvs.openbsd.org 2000/12/29 22:19:13
+ [channels.c]
+ missing xfree; from vaughan99@yahoo.com
+ - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
+ - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
+ Suggested by Christian Kurz <shorty@debian.org>
+ - (bal) Add in '.c.o' section to Makefile.in to address make programs that
+ don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20001229
+ - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
+ Kurz <shorty@debian.org>
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2000/12/28 14:25:51
+ [auth.h auth2.c]
+ count authentication failures only
+ - markus@cvs.openbsd.org 2000/12/28 14:25:03
+ [sshconnect.c]
+ fingerprint for MITM attacks, too.
+ - markus@cvs.openbsd.org 2000/12/28 12:03:57
+ [sshd.8 sshd.c]
+ document -D
+ - markus@cvs.openbsd.org 2000/12/27 14:19:21
+ [serverloop.c]
+ less chatty
+ - markus@cvs.openbsd.org 2000/12/27 12:34
+ [auth1.c sshconnect2.c sshd.c]
+ typo
+ - markus@cvs.openbsd.org 2000/12/27 12:30:19
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ new option: HostKeyAlias: allow the user to record the host key
+ under a different name. This is useful for ssh tunneling over
+ forwarded connections or if you run multiple sshd's on different
+ ports on the same machine.
+ - markus@cvs.openbsd.org 2000/12/27 11:51:53
+ [ssh.1 ssh.c]
+ multiple -t force pty allocation, document ORIGINAL_COMMAND
+ - markus@cvs.openbsd.org 2000/12/27 11:41:31
+ [sshd.8]
+ update for ssh-2
+ - (stevesk) compress.[ch] sync with openbsd; missed in prototype
+ fix merge.
+
+20001228
+ - (bal) Patch to add libutil.h to loginrec.c only if the platform has
+ libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
+ - (djm) Update to new x11-askpass in RPM spec
+ - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
+ header. Patch by Tim Rice <tim@multitalents.net>
+ - Updated TODO w/ known HP/UX issue
+ - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
+ bad reference to 'NeXT including it else were' on the #ifdef version.
+
+20001227
+ - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
+ Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
+ Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
+ - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
+ 'RLIMIT_NOFILE'
+ - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
+ the info in COPYING.Ylonen has been moved to the start of each
+ SSH1-derived file and README.Ylonen is well out of date.
+
+20001223
+ - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
+ if a change to config.h has occurred. Suggested by Gert Doering
+ <gert@greenie.muc.de>
+ - (bal) OpenBSD CVS Update:
+ - markus@cvs.openbsd.org 2000/12/22 16:49:40
+ [ssh-keygen.c]
+ fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
+
+20001222
+ - Updated RCSID for pty.c
+ - (bal) OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/12/21 15:10:16
+ [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
+ print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
+ - markus@cvs.openbsd.org 2000/12/20 19:26:56
+ [authfile.c]
+ allow ssh -i userkey for root
+ - markus@cvs.openbsd.org 2000/12/20 19:37:21
+ [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
+ fix prototypes; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/20 19:32:08
+ [sshd.c]
+ init pointer to NULL; report from Jan.Ivan@cern.ch
+ - markus@cvs.openbsd.org 2000/12/19 23:17:54
+ [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
+ auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
+ bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
+ crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
+ key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
+ packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
+ serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
+ ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
+ uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
+ replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
+ unsigned' with u_char.
+
+20001221
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/19 15:43:45
+ [authfile.c channels.c sftp-server.c ssh-agent.c]
+ remove() -> unlink() for consistency
+ - markus@cvs.openbsd.org 2000/12/19 15:48:09
+ [ssh-keyscan.c]
+ replace <ssl/x.h> with <openssl/x.h>
+ - markus@cvs.openbsd.org 2000/12/17 02:33:40
+ [uidswap.c]
+ typo; from wsanchez@apple.com
+
+20001220
+ - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
+ and Linux-PAM. Based on report and fix from Andrew Morgan
+ <morgan@transmeta.com>
+
+20001218
+ - (stevesk) rsa.c: entropy.h not needed.
+ - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
+ Suggested by Wilfredo Sanchez <wsanchez@apple.com>
+
+20001216
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/16 02:53:57
+ [scp.c]
+ allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
+ - markus@cvs.openbsd.org 2000/12/16 02:39:57
+ [scp.c]
+ unused; from stevesk@pobox.com
+
+20001215
+ - (stevesk) Old OpenBSD patch wasn't completely applied:
+ - markus@cvs.openbsd.org 2000/01/24 22:11:20
+ [scp.c]
+ allow '.' in usernames; from jedgar@fxp.org
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/13 16:26:53
+ [ssh-keyscan.c]
+ fatal already adds \n; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/13 16:25:44
+ [ssh-agent.c]
+ remove redundant spaces; from stevesk@pobox.com
+ - ho@cvs.openbsd.org 2000/12/12 15:50:21
+ [pty.c]
+ When failing to set tty owner and mode on a read-only filesystem, don't
+ abort if the tty already has correct owner and reasonably sane modes.
+ Example; permit 'root' to login to a firewall with read-only root fs.
+ (markus@ ok)
+ - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+ [pty.c]
+ KNF
+ - markus@cvs.openbsd.org 2000/12/12 14:45:21
[sshd.c]
- no need to set the listen sockets to non-block; ok deraadt@
- - jmc@cvs.openbsd.org 2003/09/29 11:40:51
+ source port < 1024 is no longer required for rhosts-rsa since it
+ adds no additional security.
+ - markus@cvs.openbsd.org 2000/12/12 16:11:49
+ [ssh.1 ssh.c]
+ rhosts-rsa is no longer automagically disabled if ssh is not privileged.
+ UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
+ these changes should not change the visible default behaviour of the ssh client.
+ - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
+ [scp.c]
+ when copying 0-sized files, do not re-print ETA time at completion
+ - provos@cvs.openbsd.org 2000/12/15 10:30:15
+ [kex.c kex.h sshconnect2.c sshd.c]
+ compute diffie-hellman in parallel between server and client. okay markus@
+
+20001213
+ - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
+ from Andreas M. Kirchwitz <amk@krell.zikzak.de>
+ - (stevesk) OpenBSD CVS update:
+ - markus@cvs.openbsd.org 2000/12/12 15:30:02
+ [ssh-keyscan.c ssh.c sshd.c]
+ consistently use __progname; from stevesk@pobox.com
+
+20001211
+ - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
+ patch to install ssh-keyscan manpage. Patch by Pekka Savola
+ <pekka@netcore.fi>
+ - (bal) OpenbSD CVS update
+ - markus@cvs.openbsd.org 2000/12/10 17:01:53
+ [sshconnect1.c]
+ always request new challenge for skey/tis-auth, fixes interop with
+ other implementations; report from roth@feep.net
+
+20001210
+ - (bal) OpenBSD CVS updates
+ - markus@cvs.openbsd.org 2000/12/09 13:41:51
+ [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+ undo rijndael changes
+ - markus@cvs.openbsd.org 2000/12/09 13:48:31
+ [rijndael.c]
+ fix byte order bug w/o introducing new implementation
+ - markus@cvs.openbsd.org 2000/12/09 14:08:27
+ [sftp-server.c]
+ "" -> "." for realpath; from vinschen@redhat.com
+ - markus@cvs.openbsd.org 2000/12/09 14:06:54
+ [ssh-agent.c]
+ extern int optind; from stevesk@sweden.hp.com
+ - provos@cvs.openbsd.org 2000/12/09 23:51:11
+ [compat.c]
+ remove unnecessary '\n'
+
+20001209
+ - (bal) OpenBSD CVS updates:
+ - djm@cvs.openbsd.org 2000/12/07 4:24:59
[ssh.1]
- - add list of options to -o and .Xr ssh_config(5)
- - some other cleanup
- requested by deraadt@;
- ok deraadt@ markus@
- - markus@cvs.openbsd.org 2003/09/29 20:19:57
- [servconf.c sshd_config]
- GSSAPICleanupCreds -> GSSAPICleanupCredentials
- - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring
- --with-pam. ok djm@
- - (dtucker) [ssh-gss.h] Prototype change missed in sync.
- - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
- Based on patches by Matthias Koeppe and Thomas Baden. ok djm@
-
-20030930
- - (bal) Fix issues in openbsd-compat/realpath.c
-
-20030925
- - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove
- DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from
- michael_steffens at hp.com, ok djm@
- - (tim) [sshd_config] UsePAM defaults to no.
-
-20030924
- - (djm) Update version.h and spec files for HEAD
- - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6.
-
-20030923
- - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree
- builds. Portability corrections from tim@.
- - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X.
- Patch from max at quendi.de.
- - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi.
- - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64.
- - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS.
- Patch from david.haughton at ncr.com
- - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6.
- Part of patch supplied by bugzilla-openssh at thewrittenword.com
- - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c
- openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with
- where gai_strerror is defined as "const char *". Part of patch supplied
- by bugzilla-openssh at thewrittenword.com
- - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update
- ssh-host-config to match current defaults, bump README version. Patch from
- vinschen at redhat.com.
- - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the
- OS does not support permanently dropping privileges. Patch from
- vinschen at redhat.com.
- - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
- add canohost.h to stop warning. Based on patch from openssh-unix-dev at
- thewrittenword.com
- - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or
- higher.
- - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/
- - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN.
- Report by distler AT golem ph utexas edu.
- - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from
- article by genty at austin.ibm.com, included with the author's permission.
- - (dtucker) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2003/09/18 07:52:54
+ Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
+
+20001207
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/06 22:58:14
+ [compat.c compat.h packet.c]
+ disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
+ - markus@cvs.openbsd.org 2000/12/06 23:10:39
+ [rijndael.c]
+ unexpand(1)
+ - markus@cvs.openbsd.org 2000/12/06 23:05:43
+ [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+ new rijndael implementation. fixes endian bugs
+
+20001206
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/05 20:34:09
+ [channels.c channels.h clientloop.c serverloop.c]
+ async connects for -R/-L; ok deraadt@
+ - todd@cvs.openssh.org 2000/12/05 16:47:28
+ [sshd.c]
+ tweak comment to reflect real location of pid file; ok provos@
+ - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
+ have it (used in ssh-keyscan).
+ - (stevesk) OpenBSD CVS update:
+ - markus@cvs.openbsd.org 2000/12/06 19:57:48
+ [ssh-keyscan.c]
+ err(3) -> internal error(), from stevesk@sweden.hp.com
+
+20001205
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/04 19:24:02
+ [ssh-keyscan.c ssh-keyscan.1]
+ David Maziere's ssh-keyscan, ok niels@
+ - (bal) Updated Makefile.in to include ssh-keyscan that was just added
+ to the recent OpenBSD source tree.
+ - (stevesk) fix typos in contrib/hpux/README
+
+20001204
+ - (bal) More C functions defined in NeXT that are unaccessable without
+ defining -POSIX.
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/03 11:29:04
+ [compat.c]
+ remove fallback to SSH_BUG_HMAC now that the drafts are updated
+ - markus@cvs.openbsd.org 2000/12/03 11:27:55
+ [compat.c]
+ correctly match "2.1.0.pl2 SSH" etc; from
+ pekkas@netcore.fi/bugzilla.redhat
+ - markus@cvs.openbsd.org 2000/12/03 11:15:03
+ [auth2.c compat.c compat.h sshconnect2.c]
+ support f-secure/ssh.com 2.0.12; ok niels@
+
+20001203
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/11/30 22:54:31
+ [channels.c]
+ debug->warn if tried to do -R style fwd w/o client requesting this;
+ ok neils@
+ - markus@cvs.openbsd.org 2000/11/29 20:39:17
+ [cipher.c]
+ des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
+ - markus@cvs.openbsd.org 2000/11/30 18:33:05
+ [ssh-agent.c]
+ agents must not dump core, ok niels@
+ - markus@cvs.openbsd.org 2000/11/30 07:04:02
+ [ssh.1]
+ T is for both protocols
+ - markus@cvs.openbsd.org 2000/12/01 00:00:51
+ [ssh.1]
+ typo; from green@FreeBSD.org
+ - markus@cvs.openbsd.org 2000/11/30 07:02:35
+ [ssh.c]
+ check -T before isatty()
+ - provos@cvs.openbsd.org 2000/11/29 13:51:27
+ [sshconnect.c]
+ show IP address and hostname when new key is encountered. okay markus@
+ - markus@cvs.openbsd.org 2000/11/30 22:53:35
+ [sshconnect.c]
+ disable agent/x11/port fwding if hostkey has changed; ok niels@
+ - marksu@cvs.openbsd.org 2000/11/29 21:11:59
+ [sshd.c]
+ sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
+ from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
+ - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
+ PAM authentication using KbdInteractive.
+ - (djm) Added another TODO
+
+20001202
+ - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
+ - (bal) Irix need some sort of mansubdir, patch by Michael Stone
+ <mstone@cs.loyola.edu>
+
+20001129
+ - (djm) Back out all the serverloop.c hacks. sshd will now hang again
+ if there are background children with open fds.
+ - (djm) bsd-rresvport.c bzero -> memset
+ - (djm) Don't fail in defines.h on absence of 64 bit types (we will
+ still fail during compilation of sftp-server).
+ - (djm) Fail if ar is not found during configure
+ - (djm) OpenBSD CVS updates:
+ - provos@cvs.openbsd.org 2000/11/22 08:38:31
+ [sshd.8]
+ talk about /etc/primes, okay markus@
+ - markus@cvs.openbsd.org 2000/11/23 14:03:48
+ [ssh.c sshconnect1.c sshconnect2.c]
+ complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
+ defaults
+ - markus@cvs.openbsd.org 2000/11/25 09:42:53
+ [sshconnect1.c]
+ reorder check for illegal ciphers, bugreport from espie@
+ - markus@cvs.openbsd.org 2000/11/25 10:19:34
+ [ssh-keygen.c ssh.h]
+ print keytype when generating a key.
+ reasonable defaults for RSA1/RSA/DSA keys.
+ - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
+ more manpage paths in fixpaths calls
+ - (djm) Also add xauth path at Pekka's suggestion.
+ - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
+
+20001125
+ - (djm) Give up privs when reading seed file
+
+20001123
+ - (bal) Merge OpenBSD changes:
+ - markus@cvs.openbsd.org 2000/11/15 22:31:36
+ [auth-options.c]
+ case insensitive key options; from stevesk@sweeden.hp.com
+ - markus@cvs.openbsd.org 2000/11/16 17:55:43
+ [dh.c]
+ do not use perror() in sshd, after child is forked()
+ - markus@cvs.openbsd.org 2000/11/14 23:42:40
+ [auth-rsa.c]
+ parse option only if key matches; fix some confusing seen by the client
+ - markus@cvs.openbsd.org 2000/11/14 23:44:19
+ [session.c]
+ check no_agent_forward_flag for ssh-2, too
+ - markus@cvs.openbsd.org 2000/11/15
+ [ssh-agent.1]
+ reorder SYNOPSIS; typo, use .It
+ - markus@cvs.openbsd.org 2000/11/14 23:48:55
+ [ssh-agent.c]
+ do not reorder keys if a key is removed
+ - markus@cvs.openbsd.org 2000/11/15 19:58:08
+ [ssh.c]
+ just ignore non existing user keys
+ - millert@cvs.openbsd.org 200/11/15 20:24:43
+ [ssh-keygen.c]
+ Add missing \n at end of error message.
+
+20001122
+ - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
+ are compilable.
+ - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
+
+20001117
+ - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
+ has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
+ - (stevesk) Reworked progname support.
+ - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
+ Shinichi Maruyama <marya@st.jip.co.jp>
+
+20001116
+ - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
+ releases.
+ - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
+ <roth@feep.net>
+
+20001113
+ - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
+ contrib/README
+ - (djm) Merge OpenBSD changes:
+ - markus@cvs.openbsd.org 2000/11/06 16:04:56
+ [channels.c channels.h clientloop.c nchan.c serverloop.c]
+ [session.c ssh.c]
+ agent forwarding and -R for ssh2, based on work from
+ jhuuskon@messi.uku.fi
+ - markus@cvs.openbsd.org 2000/11/06 16:13:27
+ [ssh.c sshconnect.c sshd.c]
+ do not disabled rhosts(rsa) if server port > 1024; from
+ pekkas@netcore.fi
+ - markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
- missing {}; bug #656; jclonguet at free.fr
- - markus@cvs.openbsd.org 2003/09/18 07:54:48
- [buffer.c]
- protect against double free; #660; zardoz at users.sf.net
- - markus@cvs.openbsd.org 2003/09/18 07:56:05
- [authfile.c]
- missing buffer_free(&encrypted); #662; zardoz at users.sf.net
- - markus@cvs.openbsd.org 2003/09/18 08:49:45
- [deattack.c misc.c session.c ssh-agent.c]
- more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
- ok millert@
- - miod@cvs.openbsd.org 2003/09/18 13:02:21
- [authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
- A few signedness fixes for harmless situations; markus@ ok
- - markus@cvs.openbsd.org 2003/09/19 09:02:02
+ downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
+ - markus@cvs.openbsd.org 2000/11/09 18:04:40
+ [auth1.c]
+ typo; from mouring@pconline.com
+ - markus@cvs.openbsd.org 2000/11/12 12:03:28
+ [ssh-agent.c]
+ off-by-one when removing a key from the agent
+ - markus@cvs.openbsd.org 2000/11/12 12:50:39
+ [auth-rh-rsa.c auth2.c authfd.c authfd.h]
+ [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
+ [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
+ [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
+ [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
+ [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
+ add support for RSA to SSH2. please test.
+ there are now 3 types of keys: RSA1 is used by ssh-1 only,
+ RSA and DSA are used by SSH2.
+ you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
+ keys for SSH2 and use the RSA keys for hostkeys or for user keys.
+ SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
+ - (djm) Fix up Makefile and Redhat init script to create RSA host keys
+ - (djm) Change to interim version
+ - (djm) Fix RPM spec file stupidity
+ - (djm) fixpaths to DSA and RSA keys too
+
+20001112
+ - (bal) SCO Patch to add needed libraries for configure.in. Patch by
+ Phillips Porch <root@theporch.com>
+ - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
+ <dcp@sgi.com>
+ - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
+ failed ioctl(TIOCSCTTY) call.
+
+20001111
+ - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
+ packaging files
+ - (djm) Fix new Makefile.in warnings
+ - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
+ promoted to type int. Report and fix from Dan Astoorian
+ <djast@cs.toronto.edu>
+ - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
+ it wrong. Report from Bennett Todd <bet@rahul.net>
+
+20001110
+ - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
+ - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
+ - (bal) Added in check to verify S/Key library is being detected in
+ configure.in
+ - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
+ Patch by Mark Miller <markm@swoon.net>
+ - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
+ to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
+ - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
+
+20001107
+ - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
+ Mark Miller <markm@swoon.net>
+ - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
+ Jarno Huuskonen <jhuuskon@messi.uku.fi>
+ - (bal) fixpaths fixed to stop it from quitely failing. Patch by
+ Mark D. Roth <roth@feep.net>
+
+20001106
+ - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
+ - (djm) Manually fix up missed diff hunks (mainly RCS idents)
+ - (djm) Remove UPGRADING document in favour of a link to the better
+ maintained FAQ on www.openssh.com
+ - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
+ <pekkas@netcore.fi>
+ - (djm) Don't need X11-askpass in RPM spec file if building without it
+ from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Release 2.3.0p1
+ - (bal) typo in configure.in in regards to --with-ldflags from Marko
+ Asplund <aspa@kronodoc.fi>
+ - (bal) fixed next-posix.h. Forgot prototype of getppid().
+
+20001105
+ - (bal) Sync with OpenBSD:
+ - markus@cvs.openbsd.org 2000/10/31 9:31:58
+ [compat.c]
+ handle all old openssh versions
+ - markus@cvs.openbsd.org 2000/10/31 13:1853
+ [deattack.c]
+ so that large packets do not wrap "n"; from netbsd
+ - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
+ - (bal) auth2-skey.c - Checked in. Missing from portable tree.
+ - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
+ setsid() into more common files
+ - (stevesk) pty.c: use __hpux to identify HP-UX.
+ - (bal) Missed auth-skey.o in Makefile.in and minor correction to
+ bsd-waitpid.c
+
+20001029
+ - (stevesk) Fix typo in auth.c: USE_PAM not PAM
+ - (stevesk) Create contrib/cygwin/ directory; patch from
+ Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Resolved more $xno and $xyes issues in configure.in
+ - (bal) next-posix.h - spelling and forgot a prototype
+
+20001028
+ - (djm) fix select hack in serverloop.c from Philippe WILLEM
+ <Philippe.WILLEM@urssaf.fr>
+ - (djm) Fix mangled AIXAUTHENTICATE code
+ - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
+ <markus.friedl@informatik.uni-erlangen.de>
+ - (djm) Sync with OpenBSD:
+ - markus@cvs.openbsd.org 2000/10/16 15:46:32
+ [ssh.1]
+ fixes from pekkas@netcore.fi
+ - markus@cvs.openbsd.org 2000/10/17 14:28:11
+ [atomicio.c]
+ return number of characters processed; ok deraadt@
+ - markus@cvs.openbsd.org 2000/10/18 12:04:02
+ [atomicio.c]
+ undo
+ - markus@cvs.openbsd.org 2000/10/18 12:23:02
+ [scp.c]
+ replace atomicio(read,...) with read(); ok deraadt@
+ - markus@cvs.openbsd.org 2000/10/18 12:42:00
+ [session.c]
+ restore old record login behaviour
+ - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
+ [auth-skey.c]
+ fmt string problem in unused code
+ - provos@cvs.openbsd.org 2000/10/19 10:45:16
+ [sshconnect2.c]
+ don't reference freed memory. okay deraadt@
+ - markus@cvs.openbsd.org 2000/10/21 11:04:23
+ [canohost.c]
+ typo, eramore@era-t.ericsson.se; ok niels@
+ - markus@cvs.openbsd.org 2000/10/23 13:31:55
+ [cipher.c]
+ non-alignment dependent swap_bytes(); from
+ simonb@wasabisystems.com/netbsd
+ - markus@cvs.openbsd.org 2000/10/26 12:38:28
+ [compat.c]
+ add older vandyke products
+ - markus@cvs.openbsd.org 2000/10/27 01:32:19
+ [channels.c channels.h clientloop.c serverloop.c session.c]
+ [ssh.c util.c]
+ enable non-blocking IO on channels, and tty's (except for the
+ client ttys).
+
+20001027
+ - (djm) Increase REKEY_BYTES to 2^24 for arc4random
+
+20001025
+ - (djm) Added WARNING.RNG file and modified configure to ask users of the
+ builtin entropy code to read it.
+ - (djm) Prefer builtin regex to PCRE.
+ - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
+ - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
+ <proski@gnu.org>
+
+20001020
+ - (djm) Don't define _REENTRANT for SNI/Reliant Unix
+ - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
+ is more correct then current version.
+
+20001018
+ - (stevesk) Add initial support for setproctitle(). Current
+ support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
+ - (stevesk) Add egd startup scripts to contrib/hpux/
+
+20001017
+ - (djm) Add -lregex to cywin libs from Corinna Vinschen
+ <vinschen@cygnus.com>
+ - (djm) Don't rely on atomicio's retval to determine length of askpass
+ supplied passphrase. Problem report from Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (bal) Changed from GNU rx to PCRE on suggestion from djm.
+ - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
+ <nakaji@tutrp.tut.ac.jp>
+
+20001016
+ - (djm) Sync with OpenBSD:
+ - markus@cvs.openbsd.org 2000/10/14 04:01:15
+ [cipher.c]
+ debug3
+ - markus@cvs.openbsd.org 2000/10/14 04:07:23
+ [scp.c]
+ remove spaces from arguments; from djm@mindrot.org
+ - markus@cvs.openbsd.org 2000/10/14 06:09:46
+ [ssh.1]
+ Cipher is for SSH-1 only
+ - markus@cvs.openbsd.org 2000/10/14 06:12:09
+ [servconf.c servconf.h serverloop.c session.c sshd.8]
+ AllowTcpForwarding; from naddy@
+ - markus@cvs.openbsd.org 2000/10/14 06:16:56
+ [auth2.c compat.c compat.h sshconnect2.c version.h]
+ OpenSSH_2.3; note that is is not complete, but the version number
+ needs to be changed for interoperability reasons
+ - markus@cvs.openbsd.org 2000/10/14 06:19:45
+ [auth-rsa.c]
+ do not send RSA challenge if key is not allowed by key-options; from
+ eivind@ThinkSec.com
+ - markus@cvs.openbsd.org 2000/10/15 08:14:01
+ [rijndael.c session.c]
+ typos; from stevesk@sweden.hp.com
+ - markus@cvs.openbsd.org 2000/10/15 08:18:31
+ [rijndael.c]
+ typo
+ - (djm) Copy manpages back over from OpenBSD - too tedious to wade
+ through diffs
+ - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
+ <pekkas@netcore.fi>
+ - (djm) Update version in Redhat spec file
+ - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
+ Redhat 7.0 spec file
+ - (djm) Make inability to read/write PRNG seedfile non-fatal
+
+
+20001015
+ - (djm) Fix ssh2 hang on background processes at logout.
+
+20001014
+ - (bal) Add support for realpath and getcwd for platforms with broken
+ or missing realpath implementations for sftp-server.
+ - (bal) Corrected mistake in INSTALL in regards to GNU rx library
+ - (bal) Add support for GNU rx library for those lacking regexp support
+ - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
+ - (djm) Revert SSH2 serverloop hack, will find a better way.
+ - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
+ from Martin Johansson <fatbob@acc.umu.se>
+ - (djm) Big OpenBSD sync:
+ - markus@cvs.openbsd.org 2000/09/30 10:27:44
+ [log.c]
+ allow loglevel debug
+ - markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
- buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471
- - markus@cvs.openbsd.org 2003/09/19 09:03:00
- [buffer.c]
- sign fix in buffer_dump; Jedi/Sector One; pr 3473
- - markus@cvs.openbsd.org 2003/09/19 11:29:40
+ hmac->mac
+ - markus@cvs.openbsd.org 2000/10/03 12:03:03
+ [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
+ move fake-auth from auth1.c to individual auth methods, disables s/key in
+ debug-msg
+ - markus@cvs.openbsd.org 2000/10/03 12:16:48
+ ssh.c
+ do not resolve canonname, i have no idea why this was added oin ossh
+ - markus@cvs.openbsd.org 2000/10/09 15:30:44
+ ssh-keygen.1 ssh-keygen.c
+ -X now reads private ssh.com DSA keys, too.
+ - markus@cvs.openbsd.org 2000/10/09 15:32:34
+ auth-options.c
+ clear options on every call.
+ - markus@cvs.openbsd.org 2000/10/09 15:51:00
+ authfd.c authfd.h
+ interop with ssh-agent2, from <res@shore.net>
+ - markus@cvs.openbsd.org 2000/10/10 14:20:45
+ compat.c
+ use rexexp for version string matching
+ - provos@cvs.openbsd.org 2000/10/10 22:02:18
+ [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
+ First rough implementation of the diffie-hellman group exchange. The
+ client can ask the server for bigger groups to perform the diffie-hellman
+ in, thus increasing the attack complexity when using ciphers with longer
+ keys. University of Windsor provided network, T the company.
+ - markus@cvs.openbsd.org 2000/10/11 13:59:52
+ [auth-rsa.c auth2.c]
+ clear auth options unless auth sucessfull
+ - markus@cvs.openbsd.org 2000/10/11 14:00:27
+ [auth-options.h]
+ clear auth options unless auth sucessfull
+ - markus@cvs.openbsd.org 2000/10/11 14:03:27
+ [scp.1 scp.c]
+ support 'scp -o' with help from mouring@pconline.com
+ - markus@cvs.openbsd.org 2000/10/11 14:11:35
+ [dh.c]
+ Wall
+ - markus@cvs.openbsd.org 2000/10/11 14:14:40
+ [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
+ [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
+ add support for s/key (kbd-interactive) to ssh2, based on work by
+ mkiernan@avantgo.com and me
+ - markus@cvs.openbsd.org 2000/10/11 14:27:24
+ [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
+ [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
+ [sshconnect2.c sshd.c]
+ new cipher framework
+ - markus@cvs.openbsd.org 2000/10/11 14:45:21
+ [cipher.c]
+ remove DES
+ - markus@cvs.openbsd.org 2000/10/12 03:59:20
+ [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
+ enable DES in SSH-1 clients only
+ - markus@cvs.openbsd.org 2000/10/12 08:21:13
+ [kex.h packet.c]
+ remove unused
+ - markus@cvs.openbsd.org 2000/10/13 12:34:46
+ [sshd.c]
+ Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
+ - markus@cvs.openbsd.org 2000/10/13 12:59:15
+ [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
+ rijndael/aes support
+ - markus@cvs.openbsd.org 2000/10/13 13:10:54
+ [sshd.8]
+ more info about -V
+ - markus@cvs.openbsd.org 2000/10/13 13:12:02
+ [myproposal.h]
+ prefer no compression
+ - (djm) Fix scp user@host handling
+ - (djm) Don't clobber ssh_prng_cmds on install
+ - (stevesk) Include config.h in rijndael.c so we define intXX_t and
+ u_intXX_t types on all platforms.
+ - (stevesk) rijndael.c: cleanup missing declaration warnings.
+ - (stevesk) ~/.hushlogin shouldn't cause required password change to
+ be bypassed.
+ - (stevesk) Display correct path to ssh-askpass in configure output.
+ Report from Lutz Jaenicke.
+
+20001007
+ - (stevesk) Print PAM return value in PAM log messages to aid
+ with debugging.
+ - (stevesk) Fix detection of pw_class struct member in configure;
+ patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
+
+20001002
+ - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Add host system and CC to end-of-configure report. Suggested by
+ Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20000931
+ - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
+
+20000930
+ - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Support in bsd-snprintf.c for long long conversions from
+ Ben Lindstrom <mouring@pconline.com>
+ - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
+ very short lived X connections. Bug report from Tobias Oetiker
+ <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
+ - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
+ patch from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Forgot to cvs add LICENSE file
+ - (djm) Add LICENSE to RPM spec files
+ - (djm) CVS OpenBSD sync:
+ - markus@cvs.openbsd.org 2000/09/26 13:59:59
+ [clientloop.c]
+ use debug2
+ - markus@cvs.openbsd.org 2000/09/27 15:41:34
+ [auth2.c sshconnect2.c]
+ use key_type()
+ - markus@cvs.openbsd.org 2000/09/28 12:03:18
+ [channels.c]
+ debug -> debug2 cleanup
+ - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
+ strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
+ <Alain.St-Denis@ec.gc.ca>
+ - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
+ Problem was caused by interrupted read in ssh-add. Report from Donald
+ J. Barry <don@astro.cornell.edu>
+
+20000929
+ - (djm) Fix SSH2 not terminating until all background tasks done problem.
+ - (djm) Another off-by-one fix from Pavel Kankovsky
+ <peak@argo.troja.mff.cuni.cz>
+ - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
+ tidy necessary differences. Use Markus' new debugN() in entropy.c
+ - (djm) Merged big SCO portability patch from Tim Rice
+ <tim@multitalents.net>
+
+20000926
+ - (djm) Update X11-askpass to 1.0.2 in RPM spec file
+ - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
+ - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
+ Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
+
+20000924
+ - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
+ - (djm) A bit more cleanup - created cygwin_util.h
+ - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
+ <markm@swoon.net>
+
+20000923
+ - (djm) Fix address logging in utmp from Kevin Steves
+ <stevesk@sweden.hp.com>
+ - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Seperate tests for int64_t and u_int64_t types
+ - (djm) Tweak password expiry checking at suggestion of Kevin Steves
+ <stevesk@sweden.hp.com>
+ - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
+ Michael Stone <mstone@cs.loyola.edu>
+ - (djm) OpenBSD CVS sync:
+ - markus@cvs.openbsd.org 2000/09/17 09:38:59
+ [sshconnect2.c sshd.c]
+ fix DEBUG_KEXDH
+ - markus@cvs.openbsd.org 2000/09/17 09:52:51
+ [sshconnect.c]
+ yes no; ok niels@
+ - markus@cvs.openbsd.org 2000/09/21 04:55:11
+ [sshd.8]
+ typo
+ - markus@cvs.openbsd.org 2000/09/21 05:03:54
+ [serverloop.c]
+ typo
+ - markus@cvs.openbsd.org 2000/09/21 05:11:42
+ scp.c
+ utime() to utimes(); mouring@pconline.com
+ - markus@cvs.openbsd.org 2000/09/21 05:25:08
+ sshconnect2.c
+ change login logic in ssh2, allows plugin of other auth methods
+ - markus@cvs.openbsd.org 2000/09/21 05:25:35
+ [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
+ [serverloop.c]
+ add context to dispatch_run
+ - markus@cvs.openbsd.org 2000/09/21 05:07:52
+ authfd.c authfd.h ssh-agent.c
+ bug compat for old ssh.com software
+
+20000920
+ - (djm) Fix bad path substitution. Report from Andrew Miner
+ <asminer@cs.iastate.edu>
+
+20000916
+ - (djm) Fix SSL search order from Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
+ - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
+ Patch from Larry Jones <larry.jones@sdrc.com>
+ - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
+ password change patch.
+ - (djm) Bring licenses on my stuff in line with OpenBSD's
+ - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
+ Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
+ - (djm) Re-enable int64_t types - we need them for sftp
+ - (djm) Use libexecdir from configure , rather than libexecdir/ssh
+ - (djm) Update Redhat SPEC file accordingly
+ - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
+ - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
+ - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
+ <Dirk.DeWachter@rug.ac.be>
+ - (djm) Fixprogs and entropy list fixes from Larry Jones
+ <larry.jones@sdrc.com>
+ - (djm) Fix for SuSE spec file from Takashi YOSHIDA
+ <tyoshida@gemini.rc.kyushu-u.ac.jp>
+ - (djm) Merge OpenBSD changes:
+ - markus@cvs.openbsd.org 2000/09/05 02:59:57
+ [session.c]
+ print hostname (not hushlogin)
+ - markus@cvs.openbsd.org 2000/09/05 13:18:48
+ [authfile.c ssh-add.c]
+ enable ssh-add -d for DSA keys
+ - markus@cvs.openbsd.org 2000/09/05 13:20:49
+ [sftp-server.c]
+ cleanup
+ - markus@cvs.openbsd.org 2000/09/06 03:46:41
+ [authfile.h]
+ prototype
+ - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
+ [ALL]
+ cleanup copyright notices on all files. I have attempted to be
+ accurate with the details. everything is now under Tatu's licence
+ (which I copied from his readme), and/or the core-sdi bsd-ish thing
+ for deattack, or various openbsd developers under a 2-term bsd
+ licence. We're not changing any rules, just being accurate.
+ - markus@cvs.openbsd.org 2000/09/07 14:40:30
+ [channels.c channels.h clientloop.c serverloop.c ssh.c]
+ cleanup window and packet sizes for ssh2 flow control; ok niels
+ - markus@cvs.openbsd.org 2000/09/07 14:53:00
+ [scp.c]
+ typo
+ - markus@cvs.openbsd.org 2000/09/07 15:13:37
+ [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
+ [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
+ [pty.c readconf.c]
+ some more Copyright fixes
+ - markus@cvs.openbsd.org 2000/09/08 03:02:51
+ [README.openssh2]
+ bye bye
+ - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
+ [LICENCE cipher.c]
+ a few more comments about it being ARC4 not RC4
+ - markus@cvs.openbsd.org 2000/09/12 14:53:11
+ [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
+ multiple debug levels
+ - markus@cvs.openbsd.org 2000/09/14 14:25:15
+ [clientloop.c]
+ typo
+ - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
- provide a ssh-agent specific fatal() function; ok deraadt
- - markus@cvs.openbsd.org 2003/09/19 11:30:39
- [ssh-keyscan.c]
- avoid fatal_cleanup, just call exit(); ok deraadt
- - markus@cvs.openbsd.org 2003/09/19 11:31:33
+ check return value for setenv(3) for failure, and deal appropriately
+
+20000913
+ - (djm) Fix server not exiting with jobs in background.
+
+20000905
+ - (djm) Import OpenBSD CVS changes
+ - markus@cvs.openbsd.org 2000/08/31 15:52:24
+ [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
+ implement a SFTP server. interops with sftp2, scp2 and the windows
+ client from ssh.com
+ - markus@cvs.openbsd.org 2000/08/31 15:56:03
+ [README.openssh2]
+ sync
+ - markus@cvs.openbsd.org 2000/08/31 16:05:42
+ [session.c]
+ Wall
+ - markus@cvs.openbsd.org 2000/08/31 16:09:34
+ [authfd.c ssh-agent.c]
+ add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
+ - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
+ [scp.1 scp.c]
+ cleanup and fix -S support; stevesk@sweden.hp.com
+ - markus@cvs.openbsd.org 2000/09/01 16:29:32
+ [sftp-server.c]
+ portability fixes
+ - markus@cvs.openbsd.org 2000/09/01 16:32:41
+ [sftp-server.c]
+ fix cast; mouring@pconline.com
+ - itojun@cvs.openbsd.org 2000/09/03 09:23:28
+ [ssh-add.1 ssh.1]
+ add missing .El against .Bl.
+ - markus@cvs.openbsd.org 2000/09/04 13:03:41
+ [session.c]
+ missing close; ok theo
+ - markus@cvs.openbsd.org 2000/09/04 13:07:21
+ [session.c]
+ fix get_last_login_time order; from andre@van-veen.de
+ - markus@cvs.openbsd.org 2000/09/04 13:10:09
+ [sftp-server.c]
+ more cast fixes; from mouring@pconline.com
+ - markus@cvs.openbsd.org 2000/09/04 13:06:04
+ [session.c]
+ set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
+ - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
+ - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
+
+20000903
+ - (djm) Fix Redhat init script
+
+20000901
+ - (djm) Pick up Jim's new X11-askpass
+ - (djm) Release 2.2.0p1
+
+20000831
+ - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
+ <acox@cv.telegroup.com>
+ - (djm) Pick up new version (2.2.0) from OpenBSD CVS
+
+20000830
+ - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
+ - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
+ <stevesk@sweden.hp.com>
+ - (djm) Quieten the pam delete credentials error message
+ - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
+ Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Fix doh in bsd-arc4random.c
+
+20000829
+ - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
+ Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
+ Garrick James <garrick@james.net>
+ - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
+ Bastian Trompetter <btrompetter@firemail.de>
+ - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
+ - More OpenBSD updates:
+ - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
+ [scp.c]
+ off_t in sink, to fix files > 2GB, i think, test is still running ;-)
+ - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
+ [session.c]
+ Wall
+ - markus@cvs.openbsd.org 2000/08/26 04:33:43
+ [compat.c]
+ ssh.com-2.3.0
+ - markus@cvs.openbsd.org 2000/08/27 12:18:05
+ [compat.c]
+ compatibility with future ssh.com versions
+ - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
+ [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
+ print uid/gid as unsigned
+ - markus@cvs.openbsd.org 2000/08/28 13:51:00
+ [ssh.c]
+ enable -n and -f for ssh2
+ - markus@cvs.openbsd.org 2000/08/28 14:19:53
+ [ssh.c]
+ allow combination of -N and -f
+ - markus@cvs.openbsd.org 2000/08/28 14:20:56
+ [util.c]
+ util.c
+ - markus@cvs.openbsd.org 2000/08/28 14:22:02
+ [util.c]
+ undo
+ - markus@cvs.openbsd.org 2000/08/28 14:23:38
+ [util.c]
+ don't complain if setting NONBLOCK fails with ENODEV
+
+20000823
+ - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
+ Avoids "scp never exits" problem. Reports from Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
+ <kajiyama@grad.sccs.chukyo-u.ac.jp>
+ - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
+ - (djm) Add local version to version.h
+ - (djm) Don't reseed arc4random everytime it is used
+ - (djm) OpenBSD CVS updates:
+ - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
+ [ssh.c]
+ accept remsh as a valid name as well; roman@buildpoint.com
+ - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
+ [deattack.c crc32.c packet.c]
+ rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
+ libz crc32 function yet, because it has ugly "long"'s in it;
+ oneill@cs.sfu.ca
+ - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
+ [scp.1 scp.c]
+ -S prog support; tv@debian.org
+ - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
+ [scp.c]
+ knf
+ - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
+ [log-client.c]
+ shorten
+ - markus@cvs.openbsd.org 2000/08/19 12:48:11
+ [channels.c channels.h clientloop.c ssh.c ssh.h]
+ support for ~. in ssh2
+ - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
+ [crc32.h]
+ proper prototype
+ - markus@cvs.openbsd.org 2000/08/19 15:34:44
+ [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
+ [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
+ [fingerprint.c fingerprint.h]
+ add SSH2/DSA support to the agent and some other DSA related cleanups.
+ (note that we cannot talk to ssh.com's ssh2 agents)
+ - markus@cvs.openbsd.org 2000/08/19 15:55:52
+ [channels.c channels.h clientloop.c]
+ more ~ support for ssh2
+ - markus@cvs.openbsd.org 2000/08/19 16:21:19
+ [clientloop.c]
+ oops
+ - millert@cvs.openbsd.org 2000/08/20 12:25:53
+ [session.c]
+ We have to stash the result of get_remote_name_or_ip() before we
+ close our socket or getpeername() will get EBADF and the process
+ will exit. Only a problem for "UseLogin yes".
+ - millert@cvs.openbsd.org 2000/08/20 12:30:59
+ [session.c]
+ Only check /etc/nologin if "UseLogin no" since login(1) may have its
+ own policy on determining who is allowed to login when /etc/nologin
+ is present. Also use the _PATH_NOLOGIN define.
+ - millert@cvs.openbsd.org 2000/08/20 12:42:43
+ [auth1.c auth2.c session.c ssh.c]
+ Add calls to setusercontext() and login_get*(). We basically call
+ setusercontext() in most places where previously we did a setlogin().
+ Add default login.conf file and put root in the "daemon" login class.
+ - millert@cvs.openbsd.org 2000/08/21 10:23:31
+ [session.c]
+ Fix incorrect PATH setting; noted by Markus.
+
+20000818
+ - (djm) OpenBSD CVS changes:
+ - markus@cvs.openbsd.org 2000/07/22 03:14:37
+ [servconf.c servconf.h sshd.8 sshd.c sshd_config]
+ random early drop; ok theo, niels
+ - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
+ [ssh.1]
+ typo
+ - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
+ [sshd.8]
+ many fixes from pepper@mail.reppep.com
+ - provos@cvs.openbsd.org 2000/08/01 13:01:42
+ [Makefile.in util.c aux.c]
+ rename aux.c to util.c to help with cygwin port
+ - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
+ [authfd.c]
+ correct sun_len; Alexander@Leidinger.net
+ - provos@cvs.openbsd.org 2000/08/02 10:27:17
+ [readconf.c sshd.8]
+ disable kerberos authentication by default
+ - provos@cvs.openbsd.org 2000/08/02 11:27:05
+ [sshd.8 readconf.c auth-krb4.c]
+ disallow kerberos authentication if we can't verify the TGT; from
+ dugsong@
+ kerberos authentication is on by default only if you have a srvtab.
+ - markus@cvs.openbsd.org 2000/08/04 14:30:07
+ [auth.c]
+ unused
+ - markus@cvs.openbsd.org 2000/08/04 14:30:35
+ [sshd_config]
+ MaxStartups
+ - markus@cvs.openbsd.org 2000/08/15 13:20:46
+ [authfd.c]
+ cleanup; ok niels@
+ - markus@cvs.openbsd.org 2000/08/17 14:05:10
+ [session.c]
+ cleanup login(1)-like jobs, no duplicate utmp entries
+ - markus@cvs.openbsd.org 2000/08/17 14:06:34
+ [session.c sshd.8 sshd.c]
+ sshd -u len, similar to telnetd
+ - (djm) Lastlog was not getting closed after writing login entry
+ - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
+
+20000816
+ - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
+ - (djm) Fix strerror replacement for old SunOS. Based on patch from
+ Charles Levert <charles@comm.polymtl.ca>
+ - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
+ implementation.
+ - (djm) SUN_LEN macro for systems which lack it
+
+20000815
+ - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
+ - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
+ Michael Stone <mstone@cs.loyola.edu>
+ - (djm) Don't seek in directory based lastlogs
+ - (djm) Fix --with-ipaddr-display configure option test. Patch from
+ Jarno Huuskonen <jhuuskon@messi.uku.fi>
+ - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
+
+20000813
+ - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
+ Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
+
+20000809
+ - (djm) Define AIX hard limits if headers don't. Report from
+ Bill Painter <william.t.painter@lmco.com>
+ - (djm) utmp direct write & SunOS 4 patch from Charles Levert
+ <charles@comm.polymtl.ca>
+
+20000808
+ - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
+ time, spec file cleanup.
+
+20000807
+ - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
+ - (djm) Suppress error messages on channel close shutdown() failurs
+ works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
+ - (djm) Add some more entropy collection commands from Lutz Jaenicke
+
+20000725
+ - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
+
+20000721
+ - (djm) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/07/16 02:27:22
+ [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
+ [sshconnect1.c sshconnect2.c]
+ make ssh-add accept dsa keys (the agent does not)
+ - djm@cvs.openbsd.org 2000/07/17 19:25:02
+ [sshd.c]
+ Another closing of stdin; ok deraadt
+ - markus@cvs.openbsd.org 2000/07/19 18:33:12
+ [dsa.c]
+ missing free, reorder
+ - markus@cvs.openbsd.org 2000/07/20 16:23:14
+ [ssh-keygen.1]
+ document input and output files
+
+20000720
+ - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
+
+20000716
+ - (djm) Release 2.1.1p4
+
+20000715
+ - (djm) OpenBSD CVS updates
+ - provos@cvs.openbsd.org 2000/07/13 16:53:22
+ [aux.c readconf.c servconf.c ssh.h]
+ allow multiple whitespace but only one '=' between tokens, bug report from
+ Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
+ - provos@cvs.openbsd.org 2000/07/13 17:14:09
+ [clientloop.c]
+ typo; todd@fries.net
+ - provos@cvs.openbsd.org 2000/07/13 17:19:31
+ [scp.c]
+ close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
+ - markus@cvs.openbsd.org 2000/07/14 16:59:46
+ [readconf.c servconf.c]
+ allow leading whitespace. ok niels
+ - djm@cvs.openbsd.org 2000/07/14 22:01:38
+ [ssh-keygen.c ssh.c]
+ Always create ~/.ssh with mode 700; ok Markus
+ - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
+ - Include floatingpoint.h for entropy.c
+ - strerror replacement
+
+20000712
+ - (djm) Remove -lresolve for Reliant Unix
+ - (djm) OpenBSD CVS Updates:
+ - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
+ [session.c sshd.c ]
+ make MaxStartups code still work with -d; djm
+ - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
+ [readconf.c ssh_config]
+ disable FallBackToRsh by default
+ - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
+ Ben Lindstrom <mouring@pconline.com>
+ - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
+ spec file.
+ - (djm) Released 2.1.1p3
+
+20000711
+ - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
+ <tbert@abac.com>
+ - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
+ - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
+ <mouring@pconline.com>
+ - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
+ from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
+ to compile on more platforms (incl NeXT).
+ - (djm) Added bsd-inet_aton and configure support for NeXT
+ - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
+ - (djm) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/06/26 03:22:29
+ [authfd.c]
+ cleanup, less cut&paste
+ - markus@cvs.openbsd.org 2000/06/26 15:59:19
+ [servconf.c servconf.h session.c sshd.8 sshd.c]
+ MaxStartups: limit number of unauthenticated connections, work by
+ theo and me
+ - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
+ [session.c]
+ use no_x11_forwarding_flag correctly; provos ok
+ - provos@cvs.openbsd.org 2000/07/05 15:35:57
+ [sshd.c]
+ typo
+ - aaron@cvs.openbsd.org 2000/07/05 22:06:58
+ [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
+ Insert more missing .El directives. Our troff really should identify
+ these and spit out a warning.
+ - todd@cvs.openbsd.org 2000/07/06 21:55:04
+ [auth-rsa.c auth2.c ssh-keygen.c]
+ clean code is good code
+ - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
+ [serverloop.c]
+ sense of port forwarding flag test was backwards
+ - provos@cvs.openbsd.org 2000/07/08 17:17:31
+ [compat.c readconf.c]
+ replace strtok with strsep; from David Young <dyoung@onthejob.net>
+ - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
+ [auth.h]
+ KNF
+ - ho@cvs.openbsd.org 2000/07/08 19:27:33
+ [compat.c readconf.c]
+ Better conditions for strsep() ending.
+ - ho@cvs.openbsd.org 2000/07/10 10:27:05
+ [readconf.c]
+ Get the correct message on errors. (niels@ ok)
+ - ho@cvs.openbsd.org 2000/07/10 10:30:25
+ [cipher.c kex.c servconf.c]
+ strtok() --> strsep(). (niels@ ok)
+ - (djm) Fix problem with debug mode and MaxStartups
+ - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
+ builds)
+ - (djm) Add strsep function from OpenBSD libc for systems that lack it
+
+20000709
+ - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
+ Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Match prototype and function declaration for rresvport_af.
+ Problem report from Niklas Edmundsson <nikke@ing.umu.se>
+ - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
+ builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
+ - (djm) Replace ut_name with ut_user. Patch from Jim Watt
+ <jimw@peisj.pebio.com>
+ - (djm) Fix pam sprintf fix
+ - (djm) Cleanup entropy collection code a little more. Split initialisation
+ from seeding, perform intialisation immediatly at start, be careful with
+ uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
+ Including sigaction() et al. replacements
+ - (djm) AIX getuserattr() session initialisation from Tom Bertelson
+ <tbert@abac.com>
+
+20000708
+ - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
+ Aaron Hopkins <aaron@die.net>
+ - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
+ Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fixed undefined variables for OSF SIA. Report from
+ Baars, Henk <Hendrik.Baars@nl.origin-it.com>
+ - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
+ Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
+ - (djm) Don't use inet_addr.
+
+20000702
+ - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
+ on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
+ Chris, the Young One <cky@pobox.com>
+ - (djm) Fix scp progress meter on really wide terminals. Based on patch
+ from James H. Cloos Jr. <cloos@jhcloos.com>
+
+20000701
+ - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
+ - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
+ - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
+ <vinschen@cygnus.com>
+ - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
+ - (djm) Added check for broken snprintf() functions which do not correctly
+ terminate output string and attempt to use replacement.
+ - (djm) Released 2.1.1p2
+
+20000628
+ - (djm) Fixes to lastlog code for Irix
+ - (djm) Use atomicio in loginrec
+ - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
+ Irix 6.x array sessions, project id's, and system audit trail id.
+ - (djm) Added 'distprep' make target to simplify packaging
+ - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
+ support. Enable using "USE_SIA=1 ./configure [options]"
+
+20000627
+ - (djm) Fixes to login code - not setting li->uid, cleanups
+ - (djm) Formatting
+
+20000626
+ - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
+ - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
+ - (djm) Added password expiry checking (no password change support)
+ - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
+ based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fix fixed EGD code.
+ - OpenBSD CVS update
+ - provos@cvs.openbsd.org 2000/06/25 14:17:58
[channels.c]
- do not call channel_free_all on fatal; ok deraadt
- - markus@cvs.openbsd.org 2003/09/19 11:33:09
- [packet.c sshd.c]
- do not call packet_close on fatal; ok deraadt
- - markus@cvs.openbsd.org 2003/09/19 17:40:20
+ correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
+
+20000623
+ - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
+ Svante Signell <svante.signell@telia.com>
+ - (djm) Autoconf logic to define sa_family_t if it is missing
+ - OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/06/22 10:32:27
+ [sshd.c]
+ missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
+ - djm@cvs.openbsd.org 2000/06/22 17:55:00
+ [auth-krb4.c key.c radix.c uuencode.c]
+ Missing CVS idents; ok markus
+
+20000622
+ - (djm) Automatically generate host key during "make install". Suggested
+ by Gary E. Miller <gem@rellim.com>
+ - (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/06/18 18:50:11
+ [auth2.c compat.c compat.h sshconnect2.c]
+ make userauth+pubkey interop with ssh.com-2.2.0
+ - markus@cvs.openbsd.org 2000/06/18 20:56:17
+ [dsa.c]
+ mem leak + be more paranoid in dsa_verify.
+ - markus@cvs.openbsd.org 2000/06/18 21:29:50
+ [key.c]
+ cleanup fingerprinting, less hardcoded sizes
+ - markus@cvs.openbsd.org 2000/06/19 19:39:45
+ [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+ [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+ [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
+ [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+ [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+ [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
+ [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
+ [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+ [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+ OpenBSD tag
+ - markus@cvs.openbsd.org 2000/06/21 10:46:10
+ sshconnect2.c missing free; nuke old comment
+
+20000620
+ - (djm) Replace use of '-o' and '-a' logical operators in configure tests
+ with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
+ to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
+ - (djm) Typo in loginrec.c
+
+20000618
+ - (djm) Add summary of configure options to end of ./configure run
+ - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
+ Michael Stone <mstone@cs.loyola.edu>
+ - (djm) rusage is a privileged operation on some Unices (incl.
+ Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
+ - (djm) Avoid PAM failures when running without a TTY. Report from
+ Martin Petrak <petrak@spsknm.schools.sk>
+ - (djm) Include sys/types.h when including netinet/in.h in configure tests.
+ Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
+ - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
+ - OpenBSD CVS updates:
+ - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
+ [channels.c]
+ everyone says "nix it" (remove protocol 2 debugging message)
+ - markus@cvs.openbsd.org 2000/06/17 13:24:34
+ [sshconnect.c]
+ allow extended server banners
+ - markus@cvs.openbsd.org 2000/06/17 14:30:10
+ [sshconnect.c]
+ missing atomicio, typo
+ - jakob@cvs.openbsd.org 2000/06/17 16:52:34
+ [servconf.c servconf.h session.c sshd.8 sshd_config]
+ add support for ssh v2 subsystems. ok markus@.
+ - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
+ [readconf.c servconf.c]
+ include = in WHITESPACE; markus ok
+ - markus@cvs.openbsd.org 2000/06/17 19:09:10
+ [auth2.c]
+ implement bug compatibility with ssh-2.0.13 pubkey, server side
+ - markus@cvs.openbsd.org 2000/06/17 21:00:28
+ [compat.c]
+ initial support for ssh.com's 2.2.0
+ - markus@cvs.openbsd.org 2000/06/17 21:16:09
[scp.c]
- error handling for remote-remote copy; #638; report Harald Koenig;
- ok millert, fgs, henning, deraadt
- - markus@cvs.openbsd.org 2003/09/19 17:43:35
- [clientloop.c sshtty.c sshtty.h]
- remove fatal callbacks from client code; ok deraadt
- - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john
- on #unixhelp@efnet
- - (tim) [configure.ac] add --disable-etc-default-login option. ok djm
- - (djm) Sync with V_3_7 branch:
- - (djm) Fix SSH1 challenge kludge
- - (djm) Bug #671: Fix builds on OpenBSD
- - (djm) Bug #676: Fix PAM stack corruption
- - (djm) Fix bad free() in PAM code
- - (djm) Don't call pam_end before pam_init
- - (djm) Enable build with old OpenSSL again
- - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
+ typo
+ - markus@cvs.openbsd.org 2000/06/17 22:05:02
+ [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
+ split auth-rsa option parsing into auth-options
+ add options support to authorized_keys2
+ - markus@cvs.openbsd.org 2000/06/17 22:42:54
+ [session.c]
+ typo
+
+20000613
+ - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
+ - Platform define for SCO 3.x which breaks on /dev/ptmx
+ - Detect and try to fix missing MAXPATHLEN
+ - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
+ <P.S.S.Camp@ukc.ac.uk>
+
+20000612
+ - (djm) Glob manpages in RPM spec files to catch compressed files
+ - (djm) Full license in auth-pam.c
+ - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+ - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
+ - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
+ def'd
+ - Set AIX to use preformatted manpages
+
+20000610
+ - (djm) Minor doc tweaks
+ - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
+
+20000609
+ - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
+ (in favour of utmpx) on Solaris 8
+
+20000606
+ - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
+ list of commands (by default). Removed verbose debugging (by default).
+ - (djm) Increased command entropy estimates and default entropy collection
+ timeout
+ - (djm) Remove duplicate headers from loginrec.c
+ - (djm) Don't add /usr/local/lib to library search path on Irix
+ - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
+ <tibbs@math.uh.edu>
+ - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
+ <zack@wolery.cumb.org>
+ - (djm) OpenBSD CVS updates:
+ - todd@cvs.openbsd.org
+ [sshconnect2.c]
+ teach protocol v2 to count login failures properly and also enable an
+ explanation of why the password prompt comes up again like v1; this is NOT
+ crypto
+ - markus@cvs.openbsd.org
+ [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
+ xauth_location support; pr 1234
+ [readconf.c sshconnect2.c]
+ typo, unused
+ [session.c]
+ allow use_login only for login sessions, otherwise remote commands are
+ execed with uid==0
+ [sshd.8]
+ document UseLogin better
+ [version.h]
+ OpenSSH 2.1.1
+ [auth-rsa.c]
+ fix match_hostname() logic for auth-rsa: deny access if we have a
+ negative match or no match at all
+ [channels.c hostfile.c match.c]
+ don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
+ kris@FreeBSD.org
+
+20000606
+ - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
+ configure.
+
+20000604
+ - Configure tweaking for new login code on Irix 5.3
+ - (andre) login code changes based on djm feedback
+
+20000603
+ - (andre) New login code
+ - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
+ - Add loginrec.[ch], logintest.c and autoconf code
+
+20000531
+ - Cleanup of auth.c, login.c and fake-*
+ - Cleanup of auth-pam.c, save and print "account expired" error messages
+ - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
+ - Rewrote bsd-login to use proper utmp API if available. Major cleanup
+ of fallback DIY code.
+
+20000530
+ - Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+ patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
+ - OpenBSD CVS updates:
+ - markus@cvs.openbsd.org
+ [session.c]
+ make x11-fwd work w/ localhost (xauth add host/unix:11)
+ [cipher.c compat.c readconf.c servconf.c]
+ check strtok() != NULL; ok niels@
+ [key.c]
+ fix key_read() for uuencoded keys w/o '='
+ [serverloop.c]
+ group ssh1 vs. ssh2 in serverloop
+ [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
+ split kexinit/kexdh, factor out common code
+ [readconf.c ssh.1 ssh.c]
+ forwardagent defaults to no, add ssh -A
+ - theo@cvs.openbsd.org
+ [session.c]
+ just some line shortening
+ - Released 2.1.0p3
+
+20000520
+ - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Don't touch utmp if USE_UTMPX defined
+ - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
+ - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
+ - HPUX and Configure fixes from Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Use mkinstalldirs script to make directories instead of non-portable
+ "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Doc cleanup
+
+20000518
+ - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
+ - OpenBSD CVS updates:
+ - markus@cvs.openbsd.org
+ [sshconnect.c]
+ copy only ai_addrlen bytes; misiek@pld.org.pl
+ [auth.c]
+ accept an empty shell in authentication; bug reported by
+ chris@tinker.ucr.edu
+ [serverloop.c]
+ we don't have stderr for interactive terminal sessions (fcntl errors)
+
+20000517
+ - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Fixes command line printing segfaults (spotter: Bladt Norbert)
+ - Fixes erroneous printing of debug messages to syslog
+ - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
+ - Gives useful error message if PRNG initialisation fails
+ - Reduced ssh startup delay
+ - Measures cumulative command time rather than the time between reads
+ after select()
+ - 'fixprogs' perl script to eliminate non-working entropy commands, and
+ optionally run 'ent' to measure command entropy
+ - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
+ - Avoid WCOREDUMP complation errors for systems that lack it
+ - Avoid SIGCHLD warnings from entropy commands
+ - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
+ - OpenBSD CVS update:
+ - markus@cvs.openbsd.org
+ [ssh.c]
+ fix usage()
+ [ssh2.h]
+ draft-ietf-secsh-architecture-05.txt
+ [ssh.1]
+ document ssh -T -N (ssh2 only)
+ [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
+ enable nonblocking IO for sshd w/ proto 1, too; split out common code
+ [aux.c]
+ missing include
+ - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+ - INSTALL typo and URL fix
+ - Makefile fix
+ - Solaris fixes
+ - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
+ <ksakai@kso.netwk.ntt-at.co.jp>
+ - RSAless operation patch from kevin_oconnor@standardandpoors.com
+ - Detect OpenSSL seperatly from RSA
+ - Better test for RSA (more compatible with RSAref). Based on work by
+ Ed Eden <ede370@stl.rural.usda.gov>
+
+20000513
+ - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
+ <misiek@pld.org.pl>
+
+20000511
+ - Fix for prng_seed permissions checking from Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - "make host-key" fix for Irix
+
+20000509
+ - OpenBSD CVS update
+ - markus@cvs.openbsd.org
+ [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+ [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+ - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+ - hugh@cvs.openbsd.org
+ [ssh.1]
+ - zap typo
+ [ssh-keygen.1]
+ - One last nit fix. (markus approved)
+ [sshd.8]
+ - some markus certified spelling adjustments
+ - markus@cvs.openbsd.org
+ [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+ [sshconnect2.c ]
+ - bug compat w/ ssh-2.0.13 x11, split out bugs
+ [nchan.c]
+ - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+ [ssh-keygen.c]
+ - handle escapes in real and original key format, ok millert@
+ [version.h]
+ - OpenSSH-2.1
+ - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
+ - Doc updates
+ - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
+ by Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000508
+ - Makefile and RPM spec fixes
+ - Generate DSA host keys during "make key" or RPM installs
+ - OpenBSD CVS update
+ - markus@cvs.openbsd.org
+ [clientloop.c sshconnect2.c]
+ - make x11-fwd interop w/ ssh-2.0.13
+ [README.openssh2]
+ - interop w/ SecureFX
+ - Release 2.0.0beta2
+
+ - Configure caching and cleanup patch from Andre Lucas'
+ <andre.lucas@dial.pipex.com>
+
+20000507
+ - Remove references to SSLeay.
+ - Big OpenBSD CVS update
+ - markus@cvs.openbsd.org
+ [clientloop.c]
+ - typo
+ [session.c]
+ - update proctitle on pty alloc/dealloc, e.g. w/ windows client
+ [session.c]
+ - update proctitle for proto 1, too
+ [channels.h nchan.c serverloop.c session.c sshd.c]
+ - use c-style comments
+ - deraadt@cvs.openbsd.org
+ [scp.c]
+ - more atomicio
+ - markus@cvs.openbsd.org
+ [channels.c]
+ - set O_NONBLOCK
+ [ssh.1]
+ - update AUTHOR
+ [readconf.c ssh-keygen.c ssh.h]
+ - default DSA key file ~/.ssh/id_dsa
+ [clientloop.c]
+ - typo, rm verbose debug
+ - deraadt@cvs.openbsd.org
+ [ssh-keygen.1]
+ - document DSA use of ssh-keygen
+ [sshd.8]
+ - a start at describing what i understand of the DSA side
+ [ssh-keygen.1]
+ - document -X and -x
+ [ssh-keygen.c]
+ - simplify usage
+ - markus@cvs.openbsd.org
+ [sshd.8]
+ - there is no rhosts_dsa
+ [ssh-keygen.1]
+ - document -y, update -X,-x
+ [nchan.c]
+ - fix close for non-open ssh1 channels
+ [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
+ - s/DsaKey/HostDSAKey/, document option
+ [sshconnect2.c]
+ - respect number_of_password_prompts
+ [channels.c channels.h servconf.c servconf.h session.c sshd.8]
+ - GatewayPorts for sshd, ok deraadt@
+ [ssh-add.1 ssh-agent.1 ssh.1]
+ - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
+ [ssh.1]
+ - more info on proto 2
+ [sshd.8]
+ - sync AUTHOR w/ ssh.1
+ [key.c key.h sshconnect.c]
+ - print key type when talking about host keys
+ [packet.c]
+ - clear padding in ssh2
+ [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
+ - replace broken uuencode w/ libc b64_ntop
+ [auth2.c]
+ - log failure before sending the reply
+ [key.c radix.c uuencode.c]
+ - remote trailing comments before calling __b64_pton
+ [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
+ [sshconnect2.c sshd.8]
+ - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
+ - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
+
+20000502
+ - OpenBSD CVS update
+ [channels.c]
+ - init all fds, close all fds.
+ [sshconnect2.c]
+ - check whether file exists before asking for passphrase
+ [servconf.c servconf.h sshd.8 sshd.c]
+ - PidFile, pr 1210
+ [channels.c]
+ - EINTR
+ [channels.c]
+ - unbreak, ok niels@
+ [sshd.c]
+ - unlink pid file, ok niels@
+ [auth2.c]
+ - Add missing #ifdefs; ok - markus
+ - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
+ gathering commands from a text file
+ - Release 2.0.0beta1
+
+20000501
+ - OpenBSD CVS update
+ [packet.c]
+ - send debug messages in SSH2 format
+ [scp.c]
+ - fix very rare EAGAIN/EINTR issues; based on work by djm
+ [packet.c]
+ - less debug, rm unused
+ [auth2.c]
+ - disable kerb,s/key in ssh2
+ [sshd.8]
+ - Minor tweaks and typo fixes.
+ [ssh-keygen.c]
+ - Put -d into usage and reorder. markus ok.
+ - Include missing headers for OpenSSL tests. Fix from Phil Karn
+ <karn@ka9q.ampr.org>
+ - Fixed __progname symbol collisions reported by Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
+ <gd@hilb1.medat.de>
+ - Add some missing ifdefs to auth2.c
+ - Deprecate perl-tk askpass.
+ - Irix portability fixes - don't include netinet headers more than once
+ - Make sure we don't save PRNG seed more than once
+
+20000430
+ - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
+ - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
+ patch.
+ - Adds timeout to entropy collection
+ - Disables slow entropy sources
+ - Load and save seed file
+ - Changed entropy seed code to user per-user seeds only (server seed is
+ saved in root's .ssh directory)
+ - Use atexit() and fatal cleanups to save seed on exit
+ - More OpenBSD updates:
+ [session.c]
+ - don't call chan_write_failed() if we are not writing
+ [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
+ - keysize warnings error() -> log()
+
+20000429
+ - Merge big update to OpenSSH-2.0 from OpenBSD CVS
+ [README.openssh2]
+ - interop w/ F-secure windows client
+ - sync documentation
+ - ssh_host_dsa_key not ssh_dsa_key
+ [auth-rsa.c]
+ - missing fclose
+ [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
+ [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
+ [sshd.c uuencode.c uuencode.h authfile.h]
+ - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
+ for trading keys with the real and the original SSH, directly from the
+ people who invented the SSH protocol.
+ [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
+ [sshconnect1.c sshconnect2.c]
+ - split auth/sshconnect in one file per protocol version
+ [sshconnect2.c]
+ - remove debug
+ [uuencode.c]
+ - add trailing =
+ [version.h]
+ - OpenSSH-2.0
+ [ssh-keygen.1 ssh-keygen.c]
+ - add -R flag: exit code indicates if RSA is alive
+ [sshd.c]
+ - remove unused
+ silent if -Q is specified
+ [ssh.h]
+ - host key becomes /etc/ssh_host_dsa_key
+ [readconf.c servconf.c ]
+ - ssh/sshd default to proto 1 and 2
+ [uuencode.c]
+ - remove debug
+ [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
+ - xfree DSA blobs
+ [auth2.c serverloop.c session.c]
+ - cleanup logging for sshd/2, respect PasswordAuth no
+ [sshconnect2.c]
+ - less debug, respect .ssh/config
+ [README.openssh2 channels.c channels.h]
+ - clientloop.c session.c ssh.c
+ - support for x11-fwding, client+server
+
+20000421
+ - Merge fix from OpenBSD CVS
+ [ssh-agent.c]
+ - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
+ via Debian bug #59926
+ - Define __progname in session.c if libc doesn't
+ - Remove indentation on autoconf #include statements to avoid bug in
+ DEC Tru64 compiler. Report and fix from David Del Piero
+ <David.DelPiero@qed.qld.gov.au>
+
+20000420
+ - Make fixpaths work with perl4, patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Sync with OpenBSD CVS:
+ [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
+ - pid_t
+ [session.c]
+ - remove bogus chan_read_failed. this could cause data
+ corruption (missing data) at end of a SSH2 session.
+ - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
+ - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
+ - Use vhangup to clean up Linux ttys
+ - Force posix getopt processing on GNU libc systems
+ - Debian bug #55910 - remove references to ssl(8) manpages
+ - Debian bug #58031 - ssh_config lies about default cipher
+
+20000419
+ - OpenBSD CVS updates
+ [channels.c]
+ - fix pr 1196, listen_port and port_to_connect interchanged
+ [scp.c]
+ - after completion, replace the progress bar ETA counter with a final
+ elapsed time; my idea, aaron wrote the patch
+ [ssh_config sshd_config]
+ - show 'Protocol' as an example, ok markus@
+ [sshd.c]
+ - missing xfree()
+ - Add missing header to bsd-misc.c
+
+20000416
+ - Reduce diff against OpenBSD source
+ - All OpenSSL includes are now unconditionally referenced as
+ openssl/foo.h
+ - Pick up formatting changes
+ - Other minor changed (typecasts, etc) that I missed
+
+20000415
+ - OpenBSD CVS updates.
+ [ssh.1 ssh.c]
+ - ssh -2
+ [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+ [session.c sshconnect.c]
+ - check payload for (illegal) extra data
+ [ALL]
+ whitespace cleanup
+
+20000413
+ - INSTALL doc updates
+ - Merged OpenBSD updates to include paths.
+
+20000412
+ - OpenBSD CVS updates:
+ - [channels.c]
+ repair x11-fwd
+ - [sshconnect.c]
+ fix passwd prompt for ssh2, less debugging output.
+ - [clientloop.c compat.c dsa.c kex.c sshd.c]
+ less debugging output
+ - [kex.c kex.h sshconnect.c sshd.c]
+ check for reasonable public DH values
+ - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
+ [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
+ add Cipher and Protocol options to ssh/sshd, e.g.:
+ ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
+ arcfour,3des-cbc'
+ - [sshd.c]
+ print 1.99 only if server supports both
+
+20000408
+ - Avoid some compiler warnings in fake-get*.c
+ - Add IPTOS macros for systems which lack them
+ - Only set define entropy collection macros if they are found
+ - More large OpenBSD CVS updates:
+ - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
+ [session.h ssh.h sshd.c README.openssh2]
+ ssh2 server side, see README.openssh2; enable with 'sshd -2'
+ - [channels.c]
+ no adjust after close
+ - [sshd.c compat.c ]
+ interop w/ latest ssh.com windows client.
+
+20000406
+ - OpenBSD CVS update:
+ - [channels.c]
+ close efd on eof
+ - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
+ ssh2 client implementation, interops w/ ssh.com and lsh servers.
+ - [sshconnect.c]
+ missing free.
+ - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
+ remove unused argument, split cipher_mask()
+ - [clientloop.c]
+ re-order: group ssh1 vs. ssh2
+ - Make Redhat spec require openssl >= 0.9.5a
+
+20000404
+ - Add tests for RAND_add function when searching for OpenSSL
+ - OpenBSD CVS update:
+ - [packet.h packet.c]
+ ssh2 packet format
+ - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
+ [channels.h channels.c]
+ channel layer support for ssh2
+ - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
+ DSA, keyexchange, algorithm agreement for ssh2
+ - Generate manpages before make install not at the end of make all
+ - Don't seed the rng quite so often
+ - Always reseed rng when requested
+
+20000403
+ - Wrote entropy collection routines for systems that lack /dev/random
+ and EGD
+ - Disable tests and typedefs for 64 bit types. They are currently unused.
+
+20000401
+ - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
+ - [auth.c session.c sshd.c auth.h]
+ split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
+ - [bufaux.c bufaux.h]
+ support ssh2 bignums
+ - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
+ [readconf.c ssh.c ssh.h serverloop.c]
+ replace big switch() with function tables (prepare for ssh2)
+ - [ssh2.h]
+ ssh2 message type codes
+ - [sshd.8]
+ reorder Xr to avoid cutting
+ - [serverloop.c]
+ close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
+ - [channels.c]
+ missing close
+ allow bigger packets
+ - [cipher.c cipher.h]
+ support ssh2 ciphers
+ - [compress.c]
+ cleanup, less code
+ - [dispatch.c dispatch.h]
+ function tables for different message types
+ - [log-server.c]
+ do not log() if debuggin to stderr
+ rename a cpp symbol, to avoid param.h collision
+ - [mpaux.c]
+ KNF
+ - [nchan.c]
+ sync w/ channels.c
+
+20000326
+ - Better tests for OpenSSL w/ RSAref
+ - Added replacement setenv() function from OpenBSD libc. Suggested by
+ Ben Lindstrom <mouring@pconline.com>
+ - OpenBSD CVS update
+ - [auth-krb4.c]
+ -Wall
+ - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
+ [match.h ssh.c ssh.h sshconnect.c sshd.c]
+ initial support for DSA keys. ok deraadt@, niels@
+ - [cipher.c cipher.h]
+ remove unused cipher_attack_detected code
+ - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ Fix some formatting problems I missed before.
+ - [ssh.1 sshd.8]
+ fix spelling errors, From: FreeBSD
+ - [ssh.c]
+ switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
+
+20000324
+ - Released 1.2.3
+
+20000317
+ - Clarified --with-default-path option.
+ - Added -blibpath handling for AIX to work around stupid runtime linking.
+ Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
+ <jmknoble@jmknoble.cx>
+ - Checks for 64 bit int types. Problem report from Mats Fredholm
+ <matsf@init.se>
+ - OpenBSD CVS updates:
+ - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
+ [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+ [sshd.c]
+ pedantic: signed vs. unsigned, void*-arithm, etc
+ - [ssh.1 sshd.8]
+ Various cleanups and standardizations.
+ - Runtime error fix for HPUX from Otmar Stahl
+ <O.Stahl@lsw.uni-heidelberg.de>
+
+20000316
+ - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
+ Hesprich <dghespri@sprintparanet.com>
+ - Propogate LD through to Makefile
+ - Doc cleanups
+ - Added blurb about "scp: command not found" errors to UPGRADING
+
+20000315
+ - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
+ problems with gcc/Solaris.
+ - Don't free argument to putenv() after use (in setenv() replacement).
+ Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
+ - Created contrib/ subdirectory. Included helpers from Phil Hands'
+ Debian package, README file and chroot patch from Ricardo Cerqueira
+ <rmcc@clix.pt>
+ - Moved gnome-ssh-askpass.c to contrib directory and removed config
+ option.
+ - Slight cleanup to doc files
+ - Configure fix from Bratislav ILICH <bilic@zepter.ru>
+
+20000314
+ - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
+ peter@frontierflying.com
+ - Include /usr/local/include and /usr/local/lib for systems that don't
+ do it themselves
+ - -R/usr/local/lib for Solaris
+ - Fix RSAref detection
+ - Fix IN6_IS_ADDR_V4MAPPED macro
+
+20000311
+ - Detect RSAref
+ - OpenBSD CVS change
+ [sshd.c]
+ - disallow guessing of root password
+ - More configure fixes
+ - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
+
+20000309
+ - OpenBSD CVS updates to v1.2.3
+ [ssh.h atomicio.c]
+ - int atomicio -> ssize_t (for alpha). ok deraadt@
+ [auth-rsa.c]
+ - delay MD5 computation until client sends response, free() early, cleanup.
+ [cipher.c]
+ - void* -> unsigned char*, ok niels@
+ [hostfile.c]
+ - remove unused variable 'len'. fix comments.
+ - remove unused variable
+ [log-client.c log-server.c]
+ - rename a cpp symbol, to avoid param.h collision
+ [packet.c]
+ - missing xfree()
+ - getsockname() requires initialized tolen; andy@guildsoftware.com
+ - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+ from Holger.Trapp@Informatik.TU-Chemnitz.DE
+ [pty.c pty.h]
+ - register cleanup for pty earlier. move code for pty-owner handling to
+ pty.c ok provos@, dugsong@
+ [readconf.c]
+ - turn off x11-fwd for the client, too.
+ [rsa.c]
+ - PKCS#1 padding
+ [scp.c]
+ - allow '.' in usernames; from jedgar@fxp.org
+ [servconf.c]
+ - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
+ - sync with sshd_config
+ [ssh-keygen.c]
+ - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
+ [ssh.1]
+ - Change invalid 'CHAT' loglevel to 'VERBOSE'
+ [ssh.c]
+ - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
+ - turn off x11-fwd for the client, too.
+ [sshconnect.c]
+ - missing xfree()
+ - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
+ - read error vs. "Connection closed by remote host"
+ [sshd.8]
+ - ie. -> i.e.,
+ - do not link to a commercial page..
+ - sync with sshd_config
+ [sshd.c]
+ - no need for poll.h; from bright@wintelcom.net
+ - log with level log() not fatal() if peer behaves badly.
+ - don't panic if client behaves strange. ok deraadt@
+ - make no-port-forwarding for RSA keys deny both -L and -R style fwding
+ - delay close() of pty until the pty has been chowned back to root
+ - oops, fix comment, too.
+ - missing xfree()
+ - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
+ (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
+ - register cleanup for pty earlier. move code for pty-owner handling to
+ pty.c ok provos@, dugsong@
+ - create x11 cookie file
+ - fix pr 1113, fclose() -> pclose(), todo: remote popen()
+ - version 1.2.3
+ - Cleaned up
+ - Removed warning workaround for Linux and devpts filesystems (no longer
+ required after OpenBSD updates)
+
+20000308
+ - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
+
+20000307
+ - Released 1.2.2p1
+
+20000305
+ - Fix DEC compile fix
+ - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
+ - Check for getpagesize in libucb.a if not found in libc. Fix for old
+ Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
+ Mate Wierdl <mw@moni.msci.memphis.edu>
+
+20000303
+ - Added "make host-key" target, Suggestion from Dominik Brettnacher
+ <domi@saargate.de>
+ - Don't permanently fail on bind() if getaddrinfo has more choices left for
+ us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
+ Miskiewicz <misiek@pld.org.pl>
+ - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+ - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+
+20000302
+ - Big cleanup of autoconf code
+ - Rearranged to be a little more logical
+ - Added -R option for Solaris
+ - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
+ to detect library and header location _and_ ensure library has proper
+ RSA support built in (this is a problem with OpenSSL 0.9.5).
+ - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
+ - Avoid warning message with Unix98 ptys
+ - Warning was valid - possible race condition on PTYs. Avoided using
+ platform-specific code.
+ - Document some common problems
+ - Allow root access to any key. Patch from
+ markus.friedl@informatik.uni-erlangen.de
+
+20000207
+ - Removed SOCKS code. Will support through a ProxyCommand.
+
+20000203
+ - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
+ - Add --with-ssl-dir option
+
+20000202
+ - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
+ <jmd@aoe.vt.edu>
+ - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Added URLs to Japanese translations of documents by HARUYAMA Seigo
+ <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
+20000201
+ - Use socket pairs by default (instead of pipes). Prevents race condition
+ on several (buggy) OSs. Report and fix from tridge@linuxcare.com
+
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
+ - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000126
+ - Released 1.2.2 stable
+
+ - NeXT keeps it lastlog in /usr/adm. Report from
+ mouring@newton.pconline.com
+ - Added note in UPGRADING re interop with commercial SSH using idea.
+ Report from Jim Knoble <jmknoble@jmknoble.cx>
+ - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
+ <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000125
+ - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+ by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Use preformatted manpages on SCO, report from Gary E. Miller
+ <gem@rellim.com>
+ - New URL for x11-ssh-askpass.
+ - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
+ <jmknoble@jmknoble.cx>
+ - Added 'DESTDIR' option to Makefile to ease package building. Patch from
+ Jim Knoble <jmknoble@jmknoble.cx>
+ - Updated RPM spec files to use DESTDIR
+
+20000124
+ - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
+ increment)
+
+20000123
+ - OpenBSD CVS:
+ - [packet.c]
+ getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000122
+ - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
+ <bent@clark.net>
+ - Merge preformatted manpage patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Make IPv4 use the default in RPM packages
+ - Irix uses preformatted manpages
+ - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
+ <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+ - [packet.c]
+ use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+ from Holger.Trapp@Informatik.TU-Chemnitz.DE
+ - [sshd.c]
+ log with level log() not fatal() if peer behaves badly.
+ - [readpass.c]
+ instead of blocking SIGINT, catch it ourselves, so that we can clean
+ the tty modes up and kill ourselves -- instead of our process group
+ leader (scp, cvs, ...) going away and leaving us in noecho mode.
+ people with cbreak shells never even noticed..
+ - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ ie. -> i.e.,
+
+20000120
+ - Don't use getaddrinfo on AIX
+ - Update to latest OpenBSD CVS:
+ - [auth-rsa.c]
+ - fix user/1056, sshd keeps restrictions; dbt@meat.net
+ - [sshconnect.c]
+ - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+ - destroy keys earlier
+ - split key exchange (kex) and user authentication (user-auth),
+ ok: provos@
+ - [sshd.c]
+ - no need for poll.h; from bright@wintelcom.net
+ - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+ - split key exchange (kex) and user authentication (user-auth),
+ ok: provos@
+ - Big manpage and config file cleanup from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Re-added latest (unmodified) OpenBSD manpages
+ - Doc updates
+ - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
+ Christos Zoulas <christos@netbsd.org>
+
+20000119
+ - SCO compile fixes from Gary E. Miller <gem@rellim.com>
+ - Compile fix from Darren_Hall@progressive.com
+ - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
+ addresses using getaddrinfo(). Added a configure switch to make the
+ default lookup mode AF_INET
+
+20000118
+ - Fixed --with-pid-dir option
+ - Makefile fix from Gary E. Miller <gem@rellim.com>
+ - Compile fix for HPUX and Solaris from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+
+20000117
+ - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
+ port, ignore EINVAL errors (Linux) when searching for free port.
+ - Revert __snprintf -> snprintf aliasing. Apparently Solaris
+ __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
+ - Document location of Redhat PAM file in INSTALL.
+ - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
+ INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
+ deliver (no IPv6 kernel support)
+ - Released 1.2.1pre27
+
+ - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
+ - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
+ <jhuuskon@hytti.uku.fi>
+ - Fix hang on logout if processes are still using the pty. Needs
+ further testing.
+ - Patch from Christos Zoulas <christos@zoulas.com>
+ - Try $prefix first when looking for OpenSSL.
+ - Include sys/types.h when including sys/socket.h in test programs
+ - Substitute PID directory in sshd.8. Suggestion from Andrew
+ Stribblehill <a.d.stribblehill@durham.ac.uk>
+
+20000116
+ - Renamed --with-xauth-path to --with-xauth
+ - Added --with-pid-dir option
+ - Released 1.2.1pre26
+
+ - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+ - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
+ openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+
+20000115
+ - Add --with-xauth-path configure directive and explicit test for
+ /usr/openwin/bin/xauth for Solaris systems. Report from Anders
+ Nordby <anders@fix.no>
+ - Fix incorrect detection of /dev/ptmx on Linux systems that lack
+ openpty. Report from John Seifarth <john@waw.be>
+ - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
+ sys/types.h. Fixes problems on SCO, report from Gary E. Miller
+ <gem@rellim.com>
+ - Use __snprintf and __vnsprintf if they are found where snprintf and
+ vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
+ and others.
+
+20000114
+ - Merged OpenBSD IPv6 patch:
+ - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
+ [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
+ [hostfile.c sshd_config]
+ ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
+ features: sshd allows multiple ListenAddress and Port options. note
+ that libwrap is not IPv6-ready. (based on patches from
+ fujiwara@rcac.tdi.co.jp)
+ - [ssh.c canohost.c]
+ more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
+ from itojun@
+ - [channels.c]
+ listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
+ - [packet.h]
+ allow auth-kerberos for IPv4 only
+ - [scp.1 sshd.8 servconf.h scp.c]
+ document -4, -6, and 'ssh -L 2022/::1/22'
+ - [ssh.c]
+ 'ssh @host' is illegal (null user name), from
+ karsten@gedankenpolizei.de
+ - [sshconnect.c]
+ better error message
+ - [sshd.c]
+ allow auth-kerberos for IPv4 only
+ - Big IPv6 merge:
+ - Cleanup overrun in sockaddr copying on RHL 6.1
+ - Replacements for getaddrinfo, getnameinfo, etc based on versions
+ from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
+ - Replacement for missing structures on systems that lack IPv6
+ - record_login needed to know about AF_INET6 addresses
+ - Borrowed more code from OpenBSD: rresvport_af and requisites
+
+20000110
+ - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
+
+20000107
+ - New config.sub and config.guess to fix problems on SCO. Supplied
+ by Gary E. Miller <gem@rellim.com>
+ - SCO build fix from Gary E. Miller <gem@rellim.com>
+ - Released 1.2.1pre25
+
+20000106
+ - Documentation update & cleanup
+ - Better KrbIV / AFS detection, based on patch from:
+ Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000105
+ - Fixed annoying DES corruption problem. libcrypt has been
+ overriding symbols in libcrypto. Removed libcrypt and crypt.h
+ altogether (libcrypto includes its own crypt(1) replacement)
+ - Added platform-specific rules for Irix 6.x. Included warning that
+ they are untested.
+
+20000103
+ - Add explicit make rules for files proccessed by fixpaths.
+ - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
+ <tnh@kondara.org>
+ - Removed "nullok" directive from default PAM configuration files.
+ Added information on enabling EmptyPasswords on openssh+PAM in
+ UPGRADING file.
+ - OpenBSD CVS updates
+ - [ssh-agent.c]
+ cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
+ dgaudet@arctic.org
+ - [sshconnect.c]
+ compare correct version for 1.3 compat mode
+
+20000102
+ - Prevent multiple inclusion of config.h and defines.h. Suggested
+ by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
+ <dgaudet@arctic.org>
+
+19991231
+ - Fix password support on systems with a mixture of shadowed and
+ non-shadowed passwords (e.g. NIS). Report and fix from
+ HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Fix broken autoconf typedef detection. Report from Marc G.
+ Fournier <marc.fournier@acadiau.ca>
+ - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
+ <Franz.Sirl-kernel@lauterbach.com>
+ - Prevent typedefs from being compiled more than once. Report from
+ Marc G. Fournier <marc.fournier@acadiau.ca>
+ - Fill in ut_utaddr utmp field. Report from Benjamin Charron
+ <iretd@bigfoot.com>
+ - Really fix broken default path. Fix from Jim Knoble
+ <jmknoble@jmknoble.cx>
+ - Remove test for quad_t. No longer needed.
+ - Released 1.2.1pre24
+
+ - Added support for directory-based lastlogs
+ - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
+
+19991230
+ - OpenBSD CVS updates:
+ - [auth-passwd.c]
+ check for NULL 1st
+ - Removed most of the pam code into its own file auth-pam.[ch]. This
+ cleaned up sshd.c up significantly.
+ - PAM authentication was incorrectly interpreting
+ "PermitRootLogin without-password". Report from Matthias Andree
+ <ma@dt.e-technik.uni-dortmund.de
+ - Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
+ - Released 1.2.1pre23
+
+19991229
+ - Applied another NetBSD portability patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fix --with-default-path option.
+ - Autodetect perl, patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Print whether OpenSSH was compiled with RSARef, patch from
+ Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
+ - Calls to pam_setcred, patch from Nalin Dahyabhai
+ <nalin@thermo.stat.ncsu.edu>
+ - Detect missing size_t and typedef it.
+ - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
+ - Minor Makefile cleaning
+
+19991228
+ - Replacement for getpagesize() for systems which lack it
+ - NetBSD login.c compile fix from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
+ - Merged AIX patch from Darren Hall <dhall@virage.org>
+ - Cleaned up defines.h
+ - Released 1.2.1pre22
+
+19991227
+ - Automatically correct paths in manpages and configuration files. Patch
+ and script from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Removed credits from README to CREDITS file, updated.
+ - Added --with-default-path to specify custom path for server
+ - Removed #ifdef trickery from acconfig.h into defines.h
+ - PAM bugfix. PermitEmptyPassword was being ignored.
+ - Fixed PAM config files to allow empty passwords if server does.
+ - Explained spurious PAM auth warning workaround in UPGRADING
+ - Use last few chars of tty line as ut_id
+ - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
+ - OpenBSD CVS updates:
+ - [packet.h auth-rhosts.c]
+ check format string for packet_disconnect and packet_send_debug, too
+ - [channels.c]
+ use packet_get_maxsize for channels. consistence.
+
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+ - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
+ X11 ssh-askpass program.
+ - Disable logging of PAM success and failures, PAM is verbose enough.
+ Unfortunatly there is currently no way to disable auth failure
+ messages. Mention this in UPGRADING file and sent message to PAM
+ developers
+ - OpenBSD CVS update:
+ - [ssh-keygen.1 ssh.1]
+ remove ref to .ssh/random_seed, mention .ssh/environment in
+ .Sh FILES, too
+ - Released 1.2.1pre21
+ - Fixed implicit '.' in default path, report from Jim Knoble
+ <jmknoble@jmknoble.cx>
+ - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
+
+19991225
+ - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Cleanup of auth-passwd.c for shadow and MD5 passwords
+ - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+ is empty. (e.g start of authentication loop). Reported by Naz
+ <96na@eng.cam.ac.uk>)
+
+19991223
+ - Merged later HPUX patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Above patch included better utmpx support from Ben Taylor
+ <bent@clark.net>
+
+19991222
+ - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
+ <pope@netguide.dk>
+ - Fix login.c breakage on systems which lack ut_host in struct
+ utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
+
+19991221
+ - Integration of large HPUX patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>. Integrating it had a few other
+ benefits:
+ - Ability to disable shadow passwords at configure time
+ - Ability to disable lastlog support at configure time
+ - Support for IP address in $DISPLAY
+ - OpenBSD CVS update:
+ - [sshconnect.c]
+ say "REMOTE HOST IDENTIFICATION HAS CHANGED"
+ - Fix DISABLE_SHADOW support
+ - Allow MD5 passwords even if shadow passwords are disabled
+ - Release 1.2.1pre19
+
+19991218
+ - Redhat init script patch from Chun-Chung Chen
+ <cjj@u.washington.edu>
+ - Avoid breakage on systems without IPv6 headers
+
+19991216
+ - Makefile changes for Solaris from Peter Kocks
+ <peter.kocks@baygate.com>
+ - Minor updates to docs
+ - Merged OpenBSD CVS changes:
+ - [authfd.c ssh-agent.c]
+ keysize warnings talk about identity files
+ - [packet.c]
+ "Connection closed by x.x.x.x": fatal() -> log()
+ - Correctly handle empty passwords in shadow file. Patch from:
+ "Chris, the Young One" <cky@pobox.com>
+ - Released 1.2.1pre18
+
+19991215
+ - Integrated patchs from Juergen Keil <jk@tools.de>
+ - Avoid void* pointer arithmatic
+ - Use LDFLAGS correctly
+ - Fix SIGIO error in scp
+ - Simplify status line printing in scp
+ - Added better test for inline functions compiler support from
+ Darren_Hall@progressive.com
+
+19991214
+ - OpenBSD CVS Changes
+ - [canohost.c]
+ fix get_remote_port() and friends for sshd -i;
+ Holger.Trapp@Informatik.TU-Chemnitz.DE
+ - [mpaux.c]
+ make code simpler. no need for memcpy. niels@ ok
+ - [pty.c]
+ namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
+ fix proto; markus
+ - [ssh.1]
+ typo; mark.baushke@solipsa.com
+ - [channels.c ssh.c ssh.h sshd.c]
+ type conflict for 'extern Type *options' in channels.c; dot@dotat.at
+ - [sshconnect.c]
+ move checking of hostkey into own function.
+ - [version.h]
+ OpenSSH-1.2.1
+ - Clean up broken includes in pty.c
+ - Some older systems don't have poll.h, they use sys/poll.h instead
+ - Doc updates
+
+19991211
+ - Fix compilation on systems with AFS. Reported by
+ aloomis@glue.umd.edu
+ - Fix installation on Solaris. Reported by
+ Gordon Rowell <gordonr@gormand.com.au>
+ - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
+ patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
+ - Compile fix from David Agraz <dagraz@jahoopa.com>
+ - Avoid compiler warning in bsd-snprintf.c
+ - Added pam_limits.so to default PAM config. Suggested by
+ Jim Knoble <jmknoble@jmknoble.cx>
+
+19991209
+ - Import of patch from Ben Taylor <bent@clark.net>:
+ - Improved PAM support
+ - "uninstall" rule for Makefile
+ - utmpx support
+ - Should fix PAM problems on Solaris
+ - OpenBSD CVS updates:
+ - [readpass.c]
+ avoid stdio; based on work by markus, millert, and I
+ - [sshd.c]
+ make sure the client selects a supported cipher
+ - [sshd.c]
+ fix sighup handling. accept would just restart and daemon handled
+ sighup only after the next connection was accepted. use poll on
+ listen sock now.
+ - [sshd.c]
+ make that a fatal
+ - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
+ to fix libwrap support on NetBSD
+ - Released 1.2pre17
+
+19991208
+ - Compile fix for Solaris with /dev/ptmx from
+ David Agraz <dagraz@jahoopa.com>
+
+19991207
+ - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
+ fixes compatability with 4.x and 5.x
+ - Fixed default SSH_ASKPASS
+ - Fix PAM account and session being called multiple times. Problem
+ reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
+ - Merged more OpenBSD changes:
+ - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
+ move atomicio into it's own file. wrap all socket write()s which
+ were doing write(sock, buf, len) != len, with atomicio() calls.
+ - [auth-skey.c]
+ fd leak
+ - [authfile.c]
+ properly name fd variable
+ - [channels.c]
+ display great hatred towards strcpy
+ - [pty.c pty.h sshd.c]
+ use openpty() if it exists (it does on BSD4_4)
+ - [tildexpand.c]
+ check for ~ expansion past MAXPATHLEN
+ - Modified helper.c to use new atomicio function.
+ - Reformat Makefile a little
+ - Moved RC4 routines from rc4.[ch] into helper.c
+ - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
+ - Updated SuSE spec from Chris Saia <csaia@wtower.com>
+ - Tweaked Redhat spec
+ - Clean up bad imports of a few files (forgot -kb)
+ - Released 1.2pre16
+
+19991204
+ - Small cleanup of PAM code in sshd.c
+ - Merged OpenBSD CVS changes:
+ - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
+ move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
+ - [auth-rsa.c]
+ warn only about mismatch if key is _used_
+ warn about keysize-mismatch with log() not error()
+ channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
+ ports are u_short
+ - [hostfile.c]
+ indent, shorter warning
+ - [nchan.c]
+ use error() for internal errors
+ - [packet.c]
+ set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
+ serverloop.c
+ indent
+ - [ssh-add.1 ssh-add.c ssh.h]
+ document $SSH_ASKPASS, reasonable default
+ - [ssh.1]
+ CheckHostIP is not available for connects via proxy command
+ - [sshconnect.c]
+ typo
+ easier to read client code for passwd and skey auth
+ turn of checkhostip for proxy connects, since we don't know the remote ip
+
+19991126
+ - Add definition for __P()
+ - Added [v]snprintf() replacement for systems that lack it
+
+19991125
+ - More reformatting merged from OpenBSD CVS
+ - Merged OpenBSD CVS changes:
+ - [channels.c]
+ fix packet_integrity_check() for !have_hostname_in_open.
+ report from mrwizard@psu.edu via djm@ibs.com.au
+ - [channels.c]
+ set SO_REUSEADDR and SO_LINGER for forwarded ports.
+ chip@valinux.com via damien@ibs.com.au
+ - [nchan.c]
+ it's not an error() if shutdown_write failes in nchan.
+ - [readconf.c]
+ remove dead #ifdef-0-code
+ - [readconf.c servconf.c]
+ strcasecmp instead of tolower
+ - [scp.c]
+ progress meter overflow fix from damien@ibs.com.au
+ - [ssh-add.1 ssh-add.c]
+ SSH_ASKPASS support
+ - [ssh.1 ssh.c]
+ postpone fork_after_authentication until command execution,
+ request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
+ plus: use daemon() for backgrounding
+ - Added BSD compatible install program and autoconf test, thanks to
+ Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
+ - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
+ - Release 1.2pre15
+
+19991124
+ - Merged very large OpenBSD source code reformat
+ - OpenBSD CVS updates
+ - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
+ [ssh.h sshd.8 sshd.c]
+ syslog changes:
+ * Unified Logmessage for all auth-types, for success and for failed
+ * Standard connections get only ONE line in the LOG when level==LOG:
+ Auth-attempts are logged only, if authentication is:
+ a) successfull or
+ b) with passwd or
+ c) we had more than AUTH_FAIL_LOG failues
+ * many log() became verbose()
+ * old behaviour with level=VERBOSE
+ - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
+ tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
+ messages. allows use of s/key in windows (ttssh, securecrt) and
+ ssh-1.2.27 clients without 'ssh -v', ok: niels@
+ - [sshd.8]
+ -V, for fallback to openssh in SSH2 compatibility mode
+ - [sshd.c]
+ fix sigchld race; cjc5@po.cwru.edu
+
+19991123
+ - Added SuSE package files from Chris Saia <csaia@wtower.com>
+ - Restructured package-related files under packages/*
+ - Added generic PAM config
+ - Numerous little Solaris fixes
+ - Add recommendation to use GNU make to INSTALL document
+
+19991122
+ - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
+ - OpenBSD CVS Changes
+ - [ssh-keygen.c]
+ don't create ~/.ssh only if the user wants to store the private
+ key there. show fingerprint instead of public-key after
+ keygeneration. ok niels@
+ - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
+ - Added timersub() macro
+ - Tidy RCSIDs of bsd-*.c
+ - Added autoconf test and macro to deal with old PAM libraries
+ pam_strerror definition (one arg vs two).
+ - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
+ - Retry /dev/urandom reads interrupted by signal (report from
+ Robert Hardy <rhardy@webcon.net>)
+ - Added a setenv replacement for systems which lack it
+ - Only display public key comment when presenting ssh-askpass dialog
+ - Released 1.2pre14
+
+ - Configure, Make and changelog corrections from Tudor Bosman
+ <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
+
+19991121
+ - OpenBSD CVS Changes:
+ - [channels.c]
+ make this compile, bad markus
+ - [log.c readconf.c servconf.c ssh.h]
+ bugfix: loglevels are per host in clientconfig,
+ factor out common log-level parsing code.
+ - [servconf.c]
+ remove unused index (-Wall)
+ - [ssh-agent.c]
+ only one 'extern char *__progname'
+ - [sshd.8]
+ document SIGHUP, -Q to synopsis
+ - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
+ [channels.c clientloop.c]
+ SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
+ [hope this time my ISP stays alive during commit]
+ - [OVERVIEW README] typos; green@freebsd
+ - [ssh-keygen.c]
+ replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
+ exit if writing the key fails (no infinit loop)
+ print usage() everytime we get bad options
+ - [ssh-keygen.c] overflow, djm@mindrot.org
+ - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
+
+19991120
+ - Merged more Solaris support from Marc G. Fournier
+ <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for integer bit-types
+ - Fixed enabling kerberos support
+ - Fix segfault in ssh-keygen caused by buffer overrun in filename
+ handling.
+
+19991119
+ - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
+ - Merged OpenBSD CVS changes
+ - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
+ more %d vs. %s in fmt-strings
+ - [authfd.c]
+ Integers should not be printed with %s
+ - EGD uses a socket, not a named pipe. Duh.
+ - Fix includes in fingerprint.c
+ - Fix scp progress bar bug again.
+ - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
+ David Rankin <drankin@bohemians.lexington.ky.us>
+ - Added autoconf option to enable Kerberos 4 support (untested)
+ - Added autoconf option to enable AFS support (untested)
+ - Added autoconf option to enable S/Key support (untested)
+ - Added autoconf option to enable TCP wrappers support (compiles OK)
+ - Renamed BSD helper function files to bsd-*
+ - Added tests for login and daemon and enable OpenBSD replacements for
+ when they are absent.
+ - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
+
+19991118
+ - Merged OpenBSD CVS changes
+ - [scp.c] foregroundproc() in scp
+ - [sshconnect.h] include fingerprint.h
+ - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
+ changes.
+ - [ssh.1] Spell my name right.
+ - Added openssh.com info to README
+
+19991117
+ - Merged OpenBSD CVS changes
+ - [ChangeLog.Ylonen] noone needs this anymore
+ - [authfd.c] close-on-exec for auth-socket, ok deraadt
+ - [hostfile.c]
+ in known_hosts key lookup the entry for the bits does not need
+ to match, all the information is contained in n and e. This
+ solves the problem with buggy servers announcing the wrong
+ modulus length. markus and me.
+ - [serverloop.c]
+ bugfix: check for space if child has terminated, from:
+ iedowse@maths.tcd.ie
+ - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
+ [fingerprint.c fingerprint.h]
+ rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
+ - [ssh-agent.1] typo
+ - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
+ - [sshd.c]
+ force logging to stderr while loading private key file
+ (lost while converting to new log-levels)
+
+19991116
+ - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
+ - Merged OpenBSD CVS changes:
+ - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
+ [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
+ the keysize of rsa-parameter 'n' is passed implizit,
+ a few more checks and warnings about 'pretended' keysizes.
+ - [cipher.c cipher.h packet.c packet.h sshd.c]
+ remove support for cipher RC4
+ - [ssh.c]
+ a note for legay systems about secuity issues with permanently_set_uid(),
+ the private hostkey and ptrace()
+ - [sshconnect.c]
+ more detailed messages about adding and checking hostkeys
+
+19991115
+ - Merged OpenBSD CVS changes:
+ - [ssh-add.c] change passphrase loop logic and remove ref to
+ $DISPLAY, ok niels
+ - Changed to ssh-add.c broke askpass support. Revised it to be a little more
+ modular.
+ - Revised autoconf support for enabling/disabling askpass support.
+ - Merged more OpenBSD CVS changes:
+ [auth-krb4.c]
+ - disconnect if getpeername() fails
+ - missing xfree(*client)
+ [canohost.c]
+ - disconnect if getpeername() fails
+ - fix comment: we _do_ disconnect if ip-options are set
+ [sshd.c]
+ - disconnect if getpeername() fails
+ - move checking of remote port to central place
+ [auth-rhosts.c] move checking of remote port to central place
+ [log-server.c] avoid extra fd per sshd, from millert@
+ [readconf.c] print _all_ bad config-options in ssh(1), too
+ [readconf.h] print _all_ bad config-options in ssh(1), too
+ [ssh.c] print _all_ bad config-options in ssh(1), too
+ [sshconnect.c] disconnect if getpeername() fails
+ - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
+ - Various small cleanups to bring diff (against OpenBSD) size down.
+ - Merged more Solaris compability from Marc G. Fournier
+ <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for __progname symbol
+ - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
+ - Released 1.2pre12
+
+ - Another OpenBSD CVS update:
+ - [ssh-keygen.1] fix .Xr
+
+19991114
+ - Solaris compilation fixes (still imcomplete)
+
+19991113
+ - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Don't install config files if they already exist
+ - Fix inclusion of additional preprocessor directives from acconfig.h
+ - Removed redundant inclusions of config.h
+ - Added 'Obsoletes' lines to RPM spec file
+ - Merged OpenBSD CVS changes:
+ - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
+ - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
+ totalsize, ok niels,aaron
+ - Delay fork (-f option) in ssh until after port forwarded connections
+ have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
+ - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
+ - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
+ - Tidied default config file some more
+ - Revised Redhat initscript to fix bug: sshd (re)start would fail
+ if executed from inside a ssh login.
+
+19991112
+ - Merged changes from OpenBSD CVS
+ - [sshd.c] session_key_int may be zero
+ - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+ IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
+ deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
+ - Grab server in gnome-ssh-askpass (Debian bug #49872)
+ - Released 1.2pre10
+
+ - Added INSTALL documentation
+ - Merged yet more changes from OpenBSD CVS
+ - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
+ [ssh.c ssh.h sshconnect.c sshd.c]
+ make all access to options via 'extern Options options'
+ and 'extern ServerOptions options' respectively;
+ options are no longer passed as arguments:
+ * make options handling more consistent
+ * remove #include "readconf.h" from ssh.h
+ * readconf.h is only included if necessary
+ - [mpaux.c] clear temp buffer
+ - [servconf.c] print _all_ bad options found in configfile
+ - Make ssh-askpass support optional through autoconf
+ - Fix nasty division-by-zero error in scp.c
+ - Released 1.2pre11
+
+19991111
+ - Added (untested) Entropy Gathering Daemon (EGD) support
+ - Fixed /dev/urandom fd leak (Debian bug #49722)
+ - Merged OpenBSD CVS changes:
+ - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - Fix integer overflow which was messing up scp's progress bar for large
+ file transfers. Fix submitted to OpenBSD developers. Report and fix
+ from Kees Cook <cook@cpoint.net>
+ - Merged more OpenBSD CVS changes:
+ - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ + krb-cleanup cleanup
+ - [clientloop.c log-client.c log-server.c ]
+ [readconf.c readconf.h servconf.c servconf.h ]
+ [ssh.1 ssh.c ssh.h sshd.8]
+ add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
+ obsoletes QuietMode and FascistLogging in sshd.
+ - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+ allow session_key_int != sizeof(session_key)
+ [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+ readability
+
+19991110
+ - Merged several minor fixes:
+ - ssh-agent commandline parsing
+ - RPM spec file now installs ssh setuid root
+ - Makefile creates libdir
+ - Merged beginnings of Solaris compability from Marc G. Fournier
+ <marc.fournier@acadiau.ca>
+
+19991109
+ - Autodetection of SSL/Crypto library location via autoconf
+ - Fixed location of ssh-askpass to follow autoconf
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Autodetection of RSAref library for US users
+ - Minor doc updates
+ - Merged OpenBSD CVS changes:
+ - [rsa.c] bugfix: use correct size for memset()
+ - [sshconnect.c] warn if announced size of modulus 'n' != real size
+ - Added GNOME passphrase requestor (use --with-gnome-askpass)
+ - RPM build now creates subpackages
+ - Released 1.2pre9
+
+19991108
+ - Removed debian/ directory. This is now being maintained separately.
+ - Added symlinks for slogin in RPM spec file
+ - Fixed permissions on manpages in RPM spec file
+ - Added references to required libraries in README file
+ - Removed config.h.in from CVS
+ - Removed pwdb support (better pluggable auth is provided by glibc)
+ - Made PAM and requisite libdl optional
+ - Removed lots of unnecessary checks from autoconf
+ - Added support and autoconf test for openpty() function (Unix98 pty support)
+ - Fix for scp not finding ssh if not installed as /usr/bin/ssh
+ - Added TODO file
+ - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
+ - Added ssh-askpass program
+ - Added ssh-askpass support to ssh-add.c
+ - Create symlinks for slogin on install
+ - Fix "distclean" target in makefile
+ - Added example for ssh-agent to manpage
+ - Added support for PAM_TEXT_INFO messages
+ - Disable internal /etc/nologin support if PAM enabled
+ - Merged latest OpenBSD CVS changes:
+ - [all] replace assert() with error, fatal or packet_disconnect
+ - [sshd.c] don't send fail-msg but disconnect if too many authentication
+ failures
+ - [sshd.c] remove unused argument. ok dugsong
+ - [sshd.c] typo
+ - [rsa.c] clear buffers used for encryption. ok: niels
+ - [rsa.c] replace assert() with error, fatal or packet_disconnect
+ - [auth-krb4.c] remove unused argument. ok dugsong
+ - Fixed coredump after merge of OpenBSD rsa.c patch
+ - Released 1.2pre8
+
+19991102
+ - Merged change from OpenBSD CVS
+ - One-line cleanup in sshd.c
+
+19991030
+ - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
+ - Merged latest updates for OpenBSD CVS:
+ - channels.[ch] - remove broken x11 fix and document istate/ostate
+ - ssh-agent.c - call setsid() regardless of argv[]
+ - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
+ - Documentation cleanups
+ - Renamed README -> README.Ylonen
+ - Renamed README.openssh ->README
+
+19991029
+ - Renamed openssh* back to ssh* at request of Theo de Raadt
+ - Incorporated latest changes from OpenBSD's CVS
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
+ - Make distclean now removed configure script
+ - Improved PAM logging
+ - Added some debug() calls for PAM
+ - Removed redundant subdirectories
+ - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
+ building on Debian.
+ - Fixed off-by-one error in PAM env patch
+ - Released 1.2pre6
+
+19991028
+ - Further PAM enhancements.
+ - Much cleaner
+ - Now uses account and session modules for all logins.
+ - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
+ - Build fixes
+ - Autoconf
+ - Change binary names to open*
+ - Fixed autoconf script to detect PAM on RH6.1
+ - Added tests for libpwdb, and OpenBSD functions to autoconf
+ - Released 1.2pre4
+
+ - Imported latest OpenBSD CVS code
+ - Updated README.openssh
+ - Released 1.2pre5
+
+19991027
+ - Adapted PAM patch.
+ - Released 1.0pre2
+
+ - Excised my buggy replacements for strlcpy and mkdtemp
+ - Imported correct OpenBSD strlcpy and mkdtemp routines.
+ - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
+ - Picked up correct version number from OpenBSD
+ - Added sshd.pam PAM configuration file
+ - Added sshd.init Redhat init script
+ - Added openssh.spec RPM spec file
+ - Released 1.2pre3
+
+19991026
+ - Fixed include paths of OpenSSL functions
+ - Use OpenSSL MD5 routines
+ - Imported RC4 code from nanocrypt
+ - Wrote replacements for OpenBSD arc4random* functions
+ - Wrote replacements for strlcpy and mkdtemp
+ - Released 1.0pre1
$Id$
andersk / gssapi-openssh.git / blobdiff