-20020307
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/03/06 00:20:54
- [compat.c dh.c]
- compat.c
- - markus@cvs.openbsd.org 2002/03/06 00:23:27
- [compat.c dh.c]
- undo
- - markus@cvs.openbsd.org 2002/03/06 00:24:39
- [compat.c]
- compat.c
- - markus@cvs.openbsd.org 2002/03/06 00:25:55
- [version.h]
- OpenSSH_3.1
- - (djm) Update RPM spec files with new version number
-
-20020305
- - stevesk@cvs.openbsd.org 2002/03/02 09:34:42
- [LICENCE]
- correct copyright dates for scp license; ok markus@
-
-20020304
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2002/02/26 18:52:32
- [sftp.1]
- Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
- - mouring@cvs.openbsd.org 2002/02/26 19:04:37
- [sftp.1]
- > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
- Last Ic on the first line should not have a space between it and the final
- comma.
- - deraadt@cvs.openbsd.org 2002/02/26 19:06:43
- [sftp.1]
- no, look closely. the comma was highlighted. split .Ic even more
- - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
- [misc.c]
- use socklen_t
- - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
- [canohost.c channels.c packet.c sshd.c]
- remove unneeded casts in [gs]etsockopt(); ok markus@
- - markus@cvs.openbsd.org 2002/02/28 15:46:33
- [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
- add some const EVP_MD for openssl-0.9.7
- - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
- [auth.c match.c match.h]
- delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
- for sshd -u0; ok markus@
- - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
- [sshd.8]
- DenyUsers allows user@host pattern also
- - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
- [sshd.8]
- -u0 DNS for user@host
- - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
- [auth.c]
- log user not allowed details, from dwd@bell-labs.com; ok markus@
- - markus@cvs.openbsd.org 2002/03/01 13:12:10
- [auth.c match.c match.h]
- undo the 'delay hostname lookup' change
- match.c must not use compress.c (via canonhost.c/packet.c)
- thanks to wilfried@
- - markus@cvs.openbsd.org 2002/03/04 12:43:06
- [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
- - markus@cvs.openbsd.org 2002/03/04 13:10:46
- [misc.c]
- error-> debug, because O_NONBLOCK for /dev/null causes too many different
- errnos; ok stevesk@, deraadt@
- unused include
- - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
- [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
- channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
- groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
- servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
- uuencode.c xmalloc.h]
- $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
- missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
- files. ok markus@
- - stevesk@cvs.openbsd.org 2002/03/04 18:30:23
- [ssh-keyscan.c]
- handle connection close during read of protocol version string.
- fixes erroneous "bad greeting". ok markus@
- - markus@cvs.openbsd.org 2002/03/04 19:37:58
- [channels.c]
- off by one; thanks to joost@pine.nl
- - (bal) Added contrib/aix/ to support BFF package generation provided
- by Darren Tucker <dtucker@zip.com.au>
-20020226
- - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
- based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
- Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
- reported by nolan@naic.edu (Michael Nolan)
- patch by Pekka Savola <pekkas@netcore.fi>
- Bug 74 [configure.ac defines.h] add sig_atomic_t test
- reported by dwd@bell-labs.com (Dave Dykstra)
- Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
- [configure.ac Makefile.in] link libwrap only with sshd
- based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
- Bug 123 link libpam only with sshd
- reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
- [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
- [acconfig.h] remove unused HAVE_REGCOMP
- [configure.ac] put back in search for prngd-socket
- - (stevesk) openbsd-compat/base64.h: typo in comment
- - (bal) Update sshd_config CVSID
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/02/15 23:54:10
- [auth-krb5.c]
- krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
- ok provos@
- - markus@cvs.openbsd.org 2002/02/22 12:20:34
- [log.c log.h ssh-keyscan.c]
- overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
- - markus@cvs.openbsd.org 2002/02/23 17:59:02
- [kex.c kexdh.c kexgex.c]
- don't allow garbage after payload.
- - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
- [sshd.c]
- use u_char* here; ok markus@
- - markus@cvs.openbsd.org 2002/02/24 16:57:19
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+ chroot. Allows ChrootDirectory to work with selinux support compiled in
+ but not enabled. Using it with selinux enabled will require some selinux
+ support inside the chroot. "looks sane" djm@
+ - (djm) Fix RCS ident in sftp-server-main.c
+ - (djm) OpenBSD CVS sync:
+ - jmc@cvs.openbsd.org 2008/02/11 07:58:28
+ [ssh.1 sshd.8 sshd_config.5]
+ bump Mdocdate for pages committed in "febuary", necessary because
+ of a typo in rcs.c;
+ - deraadt@cvs.openbsd.org 2008/03/13 01:49:53
+ [monitor_fdpass.c]
+ Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
+ an extensive discussion with otto, kettenis, millert, and hshoexer
+ - deraadt@cvs.openbsd.org 2008/03/15 16:19:02
+ [monitor_fdpass.c]
+ Repair the simple cases for msg_controllen where it should just be
+ CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
+ of alignment; ok kettenis hshoexer
+ - djm@cvs.openbsd.org 2008/03/23 12:54:01
[sftp-client.c]
- early close(), missing free; ok stevesk@
- - markus@cvs.openbsd.org 2002/02/24 16:58:32
- [packet.c]
- make 'cp' unsigned and merge with 'ucp'; ok stevesk@
- - markus@cvs.openbsd.org 2002/02/24 18:31:09
- [uuencode.c]
- typo in comment
- - markus@cvs.openbsd.org 2002/02/24 19:14:59
- [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
- ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
- signed vs. unsigned: make size arguments u_int, ok stevesk@
- - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
- [channels.c misc.c]
- disable Nagle in connect_to() and channel_post_port_listener() (port
- forwarding endpoints). the intention is to preserve the on-the-wire
- appearance to applications at either end; the applications can then
- enable TCP_NODELAY according to their requirements. ok markus@
- - markus@cvs.openbsd.org 2002/02/25 16:33:27
- [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
- more u_* fixes
- - (bal) Imported missing fatal.c and fixed up Makefile.in
- - (tim) [configure.ac] correction to Bug 123 fix
- [configure.ac] correction to sig_atomic_t test
-
-20020225
- - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext()
- since we need more session information than provided by that function.
-
-20020224
- - (bal) Drop Session *s usage in ports-aix.[ch] and pass just what we
- need to do the jobs (AIX still does not fully compile, but that is
- coming).
- - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All
- that is left is handling aix_usrinfo().
- - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
- patch by wknox@mitre.org (William Knox).
- [sshlogin.h] declare record_utmp_only for session.c
-
-20020221
- - (bal) Minor session.c fixup for cygwin. mispelt 'is_winnt' variable.
-
-20020219
- - (djm) OpenBSD CVS Sync
- - mpech@cvs.openbsd.org 2002/02/13 08:33:47
- [ssh-keyscan.1]
- When you give command examples and etc., in a manual page prefix them with: $ command
- or
- # command
- - markus@cvs.openbsd.org 2002/02/14 23:27:59
- [channels.c]
- increase the SSH v2 window size to 4 packets. comsumes a little
- bit more memory for slow receivers but increases througput.
- - markus@cvs.openbsd.org 2002/02/14 23:28:00
- [channels.h session.c ssh.c]
- increase the SSH v2 window size to 4 packets. comsumes a little
- bit more memory for slow receivers but increases througput.
- - markus@cvs.openbsd.org 2002/02/14 23:41:01
- [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
- hide some more implementation details of cipher.[ch] and prepares for move
- to EVP, ok deraadt@
- - stevesk@cvs.openbsd.org 2002/02/16 14:53:37
- [ssh-keygen.1]
- -t required now for key generation
- - stevesk@cvs.openbsd.org 2002/02/16 20:40:08
- [ssh-keygen.c]
- default to rsa keyfile path for non key generation operations where
- keyfile not specified. fixes core dump in those cases. ok markus@
- - millert@cvs.openbsd.org 2002/02/16 21:27:53
- [auth.h]
- Part one of userland __P removal. Done with a simple regexp with
- some minor hand editing to make comments line up correctly. Another
- pass is forthcoming that handles the cases that could not be done
- automatically.
- - millert@cvs.openbsd.org 2002/02/17 19:42:32
- [auth.h]
- Manual cleanup of remaining userland __P use (excluding packages
- maintained outside the tree)
- - markus@cvs.openbsd.org 2002/02/18 13:05:32
- [cipher.c cipher.h]
- switch to EVP, ok djm@ deraadt@
- - markus@cvs.openbsd.org 2002/02/18 17:55:20
- [ssh.1]
- -q: Fatal errors are _not_ displayed.
- - deraadt@cvs.openbsd.org 2002/02/19 02:50:59
- [sshd_config]
- stategy is not an english word
- - (bal) Migrated IRIX jobs/projects/audit/etc code to
- openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
- - (bal) Migrated AIX getuserattr and usrinfo code to
- openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
- simplify our diffs against upstream source.
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/02/15 23:11:26
- [session.c]
- split do_child(), ok mouring@
- - markus@cvs.openbsd.org 2002/02/16 00:51:44
+ prefer POSIX-style file renaming over filexfer rename behaviour if the
+ server supports the posix-rename@openssh.com extension.
+ Note that the old (filexfer) behaviour would refuse to clobber an
+ existing file. Users who depended on this should adjust their sftp(1)
+ usage.
+ ok deraadt@ markus@
+ - deraadt@cvs.openbsd.org 2008/03/24 16:11:07
+ [monitor_fdpass.c]
+ msg_controllen has to be CMSG_SPACE so that the kernel can account for
+ each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
+ works now that kernel fd passing has been fixed to accept a bit of
+ sloppiness because of this ABI repair.
+ lots of discussion with kettenis
+ - djm@cvs.openbsd.org 2008/03/25 11:58:02
+ [session.c sshd_config.5]
+ ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
+ from dtucker@ ok deraadt@ djm@
+ - djm@cvs.openbsd.org 2008/03/25 23:01:41
[session.c]
- typo
- - (bal) CVS ID sync since the last two patches were merged mistakenly
-
-20020218
- - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess
-
-20020213
- - (djm) Don't use system sys/queue.h on AIX. Report from
- gert@greenie.muc.de
- - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users
-
-20020213
+ last patch had backwards test; spotted by termim AT gmail.com
+ - djm@cvs.openbsd.org 2008/03/26 21:28:14
+ [auth-options.c auth-options.h session.c sshd.8]
+ add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
+ - djm@cvs.openbsd.org 2008/03/27 00:16:49
+ [version.h]
+ openssh-4.9
+ - djm@cvs.openbsd.org 2008/03/24 21:46:54
+ [regress/sftp-badcmds.sh]
+ disable no-replace rename test now that we prefer a POSIX rename; spotted
+ by dkrause@
+ - (djm) [configure.ac] fix alignment of --without-stackprotect description
+ - (djm) [configure.ac] --with-selinux too
+ - (djm) [regress/Makefile] cleanup PuTTY interop test droppings
+ - (djm) [README] Update link to release notes
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
+ - (djm) Release 4.9p1
+
+20080315
+ - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
+ empty; report and patch from Peter Stuge
+ - (djm) [regress/test-exec.sh] Silence noise from detection of putty
+ commands; report from Peter Stuge
+ - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
+ crashes when used with ChrootDirectory
+
+20080314
+ - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
+ vinschen at redhat.com. Add () to put echo commands in subshell for lls test
+ I mistakenly left out of last commit.
+ - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at
+ nas.nasa.gov
+
+20080313
+ - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
+ self: make changes to Makefile.in next time, not the generated Makefile).
+ - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
+ puttygen(1) by $PATH
+ - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
+ by vinschen at redhat.com.
+ - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes
+ from vinschen at redhat.com and imorgan at nas.nasa.gov
+
+20080312
- (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/02/11 16:10:15
- [kex.c]
- restore kexinit handler if we reset the dispatcher, this unbreaks
- rekeying s/kex_clear_dispatch/kex_reset_dispatch/
- - markus@cvs.openbsd.org 2002/02/11 16:15:46
- [sshconnect1.c]
- include md5.h, not evp.h
- - markus@cvs.openbsd.org 2002/02/11 16:17:55
- [sshd.c]
- do not complain about port > 1024 if rhosts-auth is disabled
- - markus@cvs.openbsd.org 2002/02/11 16:19:39
+ - dtucker@cvs.openbsd.org 2007/10/29 06:57:13
+ [regress/Makefile regress/localcommand.sh]
+ Add simple regress test for LocalCommand; ok djm@
+ - jmc@cvs.openbsd.org 2007/11/25 15:35:09
+ [regress/agent-getpeereid.sh regress/agent.sh]
+ more existant -> existent, from Martynas Venckus;
+ pfctl changes: ok henning
+ ssh changes: ok deraadt
+ - djm@cvs.openbsd.org 2007/12/12 05:04:03
+ [regress/sftp-cmds.sh]
+ unbreak lls command and add a regress test that would have caught the
+ breakage; spotted by mouring@
+ NB. sftp code change already committed.
+ - djm@cvs.openbsd.org 2007/12/21 04:13:53
+ [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
+ [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
+ basic (crypto, kex and transfer) interop regression tests against putty
+ To run these, install putty and run "make interop-tests" from the build
+ directory - the tests aren't run by default yet.
+
+20080311
+ - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
+ pam_open_session and pam_close_session into the privsep monitor, which
+ will ensure that pam_session_close is called as root. Patch from Tomas
+ Mraz.
+
+20080309
+ - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
+ always work for all platforms and versions, so test what we can and
+ add a configure flag to turn it of if needed. ok djm@
+ - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
+ implementation. It's not needed to fix bug #1081 and breaks the build
+ on some AIX configurations.
+ - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
+ equivalent of LLONG_MAX for the compat regression tests, which makes them
+ run on AIX and HP-UX. Patch from David Leonard.
+ - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
+ platforms where gcc understands the option but it's not supported (and
+ thus generates a warning).
+
+20080307
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2008/02/11 07:58:28
+ [ssh.1 sshd.8 sshd_config.5]
+ bump Mdocdate for pages committed in "febuary", necessary because
+ of a typo in rcs.c;
+ - djm@cvs.openbsd.org 2008/02/13 22:38:17
+ [servconf.h session.c sshd.c]
+ rekey arc4random and OpenSSL RNG in postauth child
+ closefrom fds > 2 before shell/command execution
+ ok markus@
+ - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
[sshd.c]
- include md5.h not hmac.h
- - markus@cvs.openbsd.org 2002/02/11 16:21:42
- [match.c]
- support up to 40 algorithms per proposal
- - djm@cvs.openbsd.org 2002/02/12 12:32:27
- [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
- Perform multiple overlapping read/write requests in file transfer. Mostly
- done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@
- - djm@cvs.openbsd.org 2002/02/12 12:44:46
+ When started in configuration test mode (-t) do not check that sshd is
+ being started with an absolute path.
+ ok djm
+ - markus@cvs.openbsd.org 2008/02/20 15:25:26
+ [session.c]
+ correct boolean encoding for coredump; der Mouse via dugsong
+ - djm@cvs.openbsd.org 2008/02/22 05:58:56
+ [session.c]
+ closefrom() call was too early, delay it until just before we execute
+ the user's rc files (if any).
+ - dtucker@cvs.openbsd.org 2008/02/22 20:44:02
+ [clientloop.c packet.c packet.h serverloop.c]
+ Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
+ keepalive timer (bz #1307). ok markus@
+ - djm@cvs.openbsd.org 2008/02/27 20:21:15
+ [sftp-server.c]
+ add an extension method "posix-rename@openssh.com" to perform POSIX atomic
+ rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
+ ok dtucker@ markus@
+ - deraadt@cvs.openbsd.org 2008/03/02 18:19:35
+ [monitor_fdpass.c]
+ use a union to ensure alignment of the cmsg (pay attention: various other
+ parts of the tree need this treatment too); ok djm
+ - deraadt@cvs.openbsd.org 2008/03/04 21:15:42
+ [version.h]
+ crank version; from djm
+ - (tim) [regress/sftp-glob.sh] Shell portability fix.
+
+20080302
+ - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
+ either, so use our own.
+
+20080229
+ - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
+ configure (and there's not much point, as openssh won't work without it)
+ so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
+ built in. Remove HAVE_SELECT so we can build on platforms without poll.
+ - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.
+ - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From
+ Debian patch via bernd AT openbsd.org
+
+20080228
+ - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
+ linking problems on AIX with gcc 4.1.x.
+ - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
+ openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
+ header to after OpenSSL headers, since some versions of OpenSSL have
+ SSLeay_add_all_algorithms as a macro already.
+ - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
+ compat glue into openssl-compat.h.
+ - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
+ getgrouplist via getgrset on AIX, rather than iterating over getgrent.
+ This allows, eg, Match and AllowGroups directives to work with NIS and
+ LDAP groups.
+ - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the
+ same SyslogFacility as the rest of sshd. Patch from William Knox,
+ ok djm@.
+
+20080225
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
+ since it now conflicts with the helper function in misc.c. From
+ vinschen AT redhat.com.
+ - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
+ of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
+ Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
+ - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle
+ headers so ./configure --with-ssl-engine actually works. Patch from
+ Ian Lister.
+
+20080224
+ - (tim) [contrib/cygwin/ssh-host-config]
+ Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
+ Check more thoroughly that it's possible to create the /var/empty directory.
+ Patch by vinschen AT redhat.com
+
+20080210
+ - OpenBSD CVS Sync
+ - chl@cvs.openbsd.org 2008/01/11 07:22:28
+ [sftp-client.c sftp-client.h]
+ disable unused functions
+ initially from tobias@, but disabled them by placing them in
+ "#ifdef notyet" which was asked by djm@
+ ok djm@ tobias@
+ - djm@cvs.openbsd.org 2008/01/19 19:13:28
+ [ssh.1]
+ satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
+ some commandline parsing warnings go unconditionally to stdout).
+ - djm@cvs.openbsd.org 2008/01/19 20:48:53
+ [clientloop.c]
+ fd leak on session multiplexing error path. Report and patch from
+ gregory_shively AT fanniemae.com
+ - djm@cvs.openbsd.org 2008/01/19 20:51:26
+ [ssh.c]
+ ignore SIGPIPE in multiplex client mode - we can receive this if the
+ server runs out of fds on us midway. Report and patch from
+ gregory_shively AT fanniemae.com
+ - djm@cvs.openbsd.org 2008/01/19 22:04:57
[sftp-client.c]
- Let overlapped upload path handle servers which reorder ACKs. This may be
- permitted by the protocol spec; ok markus@
- - markus@cvs.openbsd.org 2002/02/13 00:28:13
+ fix remote handle leak in do_download() local file open error path;
+ report and fix from sworley AT chkno.net
+ - djm@cvs.openbsd.org 2008/01/19 22:22:58
+ [ssh-keygen.c]
+ when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
+ hash just the specified hostname and not the entire hostspec from the
+ keyfile. It may be of the form "hostname,ipaddr", which would lead to
+ a hash that never matches. report and fix from jp AT devnull.cz
+ - djm@cvs.openbsd.org 2008/01/19 22:37:19
+ [ssh-keygen.c]
+ unbreak line numbering (broken in revision 1.164), fix error message
+ - djm@cvs.openbsd.org 2008/01/19 23:02:40
+ [channels.c]
+ When we added support for specified bind addresses for port forwards, we
+ added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
+ this for -L port forwards that causes the client to listen on both v4
+ and v6 addresses when connected to a server with this quirk, despite
+ having set 0.0.0.0 as a bind_address.
+ report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
+ - djm@cvs.openbsd.org 2008/01/19 23:09:49
+ [readconf.c readconf.h sshconnect2.c]
+ promote rekeylimit to a int64 so it can hold the maximum useful limit
+ of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
+ - djm@cvs.openbsd.org 2008/01/20 00:38:30
+ [sftp.c]
+ When uploading, correctly handle the case of an unquoted filename with
+ glob metacharacters that match a file exactly but not as a glob, e.g. a
+ file called "[abcd]". report and test cases from duncan2nd AT gmx.de
+ - djm@cvs.openbsd.org 2008/01/21 17:24:30
[sftp-server.c]
- handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@
- - markus@cvs.openbsd.org 2002/02/13 00:39:15
- [readpass.c]
- readpass.c is not longer from UCB, since we now use readpassphrase(3)
- - djm@cvs.openbsd.org 2002/02/13 00:59:23
- [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
- [sftp-int.c sftp-int.h]
- API cleanup and backwards compat for filexfer v.0 servers; ok markus@
- - (djm) Sync openbsd-compat with OpenBSD CVS too
- - (djm) Bug #106: Add --without-rpath configure option. Patch from
- Nicolas.Williams@ubsw.com
- - (tim) [configure.ac, defines.h ] add rpc/rpc.h for INADDR_LOOPBACK
- on SCO OSR3
-
-20020210
- - (djm) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
- [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
- move ssh config files to /etc/ssh
- - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
- - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
- [readconf.h sshd.8]
- more /etc/ssh; openbsd@davidkrause.com
-
-20020208
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/02/04 12:15:25
+ Remove the fixed 100 handle limit in sftp-server and allocate as many
+ as we have available file descriptors. Patch from miklos AT szeredi.hu;
+ ok dtucker@ markus@
+ - djm@cvs.openbsd.org 2008/01/21 19:20:17
+ [sftp-client.c]
+ when a remote write error occurs during an upload, ensure that ACKs for
+ all issued requests are properly drained. patch from t8m AT centrum.cz
+ - dtucker@cvs.openbsd.org 2008/01/23 01:56:54
+ [clientloop.c packet.c serverloop.c]
+ Revert the change for bz #1307 as it causes connection aborts if an IGNORE
+ packet arrives while we're waiting in packet_read_expect (and possibly
+ elsewhere).
+ - jmc@cvs.openbsd.org 2008/01/31 20:06:50
+ [scp.1]
+ explain how to handle local file names containing colons;
+ requested by Tamas TEVESZ
+ ok dtucker
+ - markus@cvs.openbsd.org 2008/02/04 21:53:00
+ [session.c sftp-server.c sftp.h]
+ link sftp-server into sshd; feedback and ok djm@
+ - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
+ [ssh.1 sshd.8]
+ Document the correct permissions for the ~/.ssh/ directory.
+ ok jmc
+ - djm@cvs.openbsd.org 2008/02/10 09:55:37
+ [sshd_config.5]
+ mantion that "internal-sftp" is useful with ForceCommand too
+ - djm@cvs.openbsd.org 2008/02/10 10:54:29
+ [servconf.c session.c]
+ delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
+ home, rather than the user who starts sshd (probably root)
+
+20080119
+ - (djm) Silence noice from expr in ssh-copy-id; patch from
+ mikel AT mikelward.com
+ - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
+ tsr2600 AT gmail.com
+
+20080102
+ - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
+
+20080101
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/12/31 10:41:31
+ [readconf.c servconf.c]
+ Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
+ from Dmitry V. Levin, ok djm@
+ - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
[sshd.c]
- add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
- fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
- - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
- [ssh-agent.1]
- more sync for default ssh-add identities; ok markus@
- - djm@cvs.openbsd.org 2002/02/05 00:00:46
- [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
- Add "-B" option to specify copy buffer length (default 32k); ok markus@
- - markus@cvs.openbsd.org 2002/02/05 14:32:55
- [channels.c channels.h ssh.c]
- merge channel_request() into channel_request_start()
- - markus@cvs.openbsd.org 2002/02/06 14:22:42
- [sftp.1]
- sort options; ok mpech@, stevesk@
- - mpech@cvs.openbsd.org 2002/02/06 14:27:23
+ When in inetd mode, have sshd generate a Protocol 1 ephemeral server
+ key only for connections where the client chooses Protocol 1 as opposed
+ to when it's enabled in the server's config. Speeds up Protocol 2
+ connections to inetd-mode servers that also allow Protocol 1. bz #440,
+ based on a patch from bruno at wolff.to, ok markus@
+ - dtucker@cvs.openbsd.org 2008/01/01 08:47:04
+ [misc.c]
+ spaces -> tabs from my previous commit
+ - dtucker@cvs.openbsd.org 2008/01/01 09:06:39
+ [scp.c]
+ If scp -p encounters a pre-epoch timestamp, use the epoch which is
+ as close as we can get given that it's used unsigned. Add a little
+ debugging while there. bz #828, ok djm@
+ - dtucker@cvs.openbsd.org 2008/01/01 09:27:33
+ [sshd_config.5 servconf.c]
+ Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
+ only from the local network. ok markus@, man page bit ok jmc@
+ - dtucker@cvs.openbsd.org 2008/01/01 08:51:20
+ [moduli]
+ Updated moduli file; ok djm@
+
+20071231
+ - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
+ builtin glob implementation on Mac OS X. Based on a patch from
+ vgiffin at apple.
+
+20071229
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/12/12 05:04:03
[sftp.c]
- sync usage() with manual.
- - markus@cvs.openbsd.org 2002/02/06 14:37:22
- [session.c]
- minor KNF
- - markus@cvs.openbsd.org 2002/02/06 14:55:16
- [channels.c clientloop.c serverloop.c ssh.c]
- channel_new never returns NULL, mouring@; ok djm@
- - markus@cvs.openbsd.org 2002/02/07 09:35:39
+ unbreak lls command and add a regress test that would have caught the
+ breakage; spotted by mouring@
+ - dtucker@cvs.openbsd.org 2007/12/27 14:22:08
+ [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
+ sshd.c]
+ Add a small helper function to consistently handle the EAI_SYSTEM error
+ code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
+ ok markus@ stevesk@
+ - dtucker@cvs.openbsd.org 2007/12/28 15:32:24
+ [clientloop.c serverloop.c packet.c]
+ Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
+ ServerAlive and ClientAlive timers. Prevents dropping a connection
+ when these are enabled but the peer does not support our keepalives.
+ bz #1307, ok djm@.
+ - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
+ [clientloop.c]
+ Use the correct packet maximum sizes for remote port and agent forwarding.
+ Prevents the server from killing the connection if too much data is queued
+ and an excessively large packet gets sent. bz #1360, ok djm@.
+
+20071202
+ - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
+ gcc supports it. ok djm@
+ - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
+ leftover debug code.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/10/29 00:52:45
+ [auth2-gss.c]
+ Allow build without -DGSSAPI; ok deraadt@
+ (Id sync only, Portable already has the ifdefs)
+ - dtucker@cvs.openbsd.org 2007/10/29 01:55:04
+ [ssh.c]
+ Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
+ ok djm@
+ - dtucker@cvs.openbsd.org 2007/10/29 04:08:08
+ [monitor_wrap.c monitor.c]
+ Send config block back to slave for invalid users too so options
+ set by a Match block (eg Banner) behave the same for non-existent
+ users. Found by and ok djm@
+ - dtucker@cvs.openbsd.org 2007/10/29 06:51:59
+ [ssh_config.5]
+ ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
+ - dtucker@cvs.openbsd.org 2007/10/29 06:54:50
+ [ssh.c]
+ Make LocalCommand work for Protocol 1 too; ok djm@
+ - jmc@cvs.openbsd.org 2007/10/29 07:48:19
+ [ssh_config.5]
+ clean up after previous macro removal;
+ - djm@cvs.openbsd.org 2007/11/03 00:36:14
+ [clientloop.c]
+ fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
+ ok dtucker@
+ - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
+ [ssh.c]
+ bz #1377: getpwuid results were being clobbered by another getpw* call
+ inside tilde_expand_filename(); save the data we need carefully
+ ok djm
+ - dtucker@cvs.openbsd.org 2007/11/03 02:00:32
[ssh.c]
- remove bogus comments
+ Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
+ - deraadt@cvs.openbsd.org 2007/11/03 02:03:49
+ [ssh.c]
+ avoid errno trashing in signal handler; ok dtucker
-20020205
- - (djm) Cleanup after sync:
- - :%s/reverse_mapping_check/verify_reverse_mapping/g
+20071030
- (djm) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2002/01/24 21:09:25
- [channels.c misc.c misc.h packet.c]
- add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
- no nagle changes just yet; ok djm@ markus@
- - stevesk@cvs.openbsd.org 2002/01/24 21:13:23
- [packet.c]
- need misc.h for set_nodelay()
- - markus@cvs.openbsd.org 2002/01/25 21:00:24
- [sshconnect2.c]
- unused include
- - markus@cvs.openbsd.org 2002/01/25 21:42:11
- [ssh-dss.c ssh-rsa.c]
- use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
- don't use evp_md->md_size, it's not public.
- - markus@cvs.openbsd.org 2002/01/25 22:07:40
- [kex.c kexdh.c kexgex.c key.c mac.c]
- use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
- - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
- [includes.h session.c]
- revert code to add x11 localhost display authorization entry for
- hostname/unix:d and uts.nodename/unix:d if nodename was different than
- hostname. just add entry for unix:d instead. ok markus@
- - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
- [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
- add X11UseLocalhost; ok markus@
- - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
- [ssh.c]
- handle simple case to identify FamilyLocal display; ok markus@
- - markus@cvs.openbsd.org 2002/01/29 14:27:57
- [ssh-add.c]
- exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
- - markus@cvs.openbsd.org 2002/01/29 14:32:03
- [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
- [servconf.c servconf.h session.c sshd.8 sshd_config]
- s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
- ok stevesk@
- - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
- [session.c]
- limit subsystem length in log; ok markus@
- - markus@cvs.openbsd.org 2002/01/29 16:41:19
- [ssh-add.1]
- add DIAGNOSTICS; ok stevesk@
- - markus@cvs.openbsd.org 2002/01/29 22:46:41
- [session.c]
- don't depend on servconf.c; ok djm@
- - markus@cvs.openbsd.org 2002/01/29 23:50:37
- [scp.1 ssh.1]
- mention exit status; ok stevesk@
- - markus@cvs.openbsd.org 2002/01/31 13:35:11
- [kexdh.c kexgex.c]
- cross check announced key type and type from key blob
- - markus@cvs.openbsd.org 2002/01/31 15:00:05
- [serverloop.c]
- no need for WNOHANG; ok stevesk@
- - markus@cvs.openbsd.org 2002/02/03 17:53:25
- [auth1.c serverloop.c session.c session.h]
- don't use channel_input_channel_request and callback
- use new server_input_channel_req() instead:
- server_input_channel_req does generic request parsing on server side
- session_input_channel_req handles just session specific things now
- ok djm@
- - markus@cvs.openbsd.org 2002/02/03 17:55:55
- [channels.c channels.h]
- remove unused channel_input_channel_request
- - markus@cvs.openbsd.org 2002/02/03 17:58:21
- [channels.c channels.h ssh.c]
- generic callbacks are not really used, remove and
- add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
- ok djm@
- - markus@cvs.openbsd.org 2002/02/03 17:59:23
- [sshconnect2.c]
- more cross checking if announced vs. used key type; ok stevesk@
- - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
- [ssh.1 sshd.8]
- some KeepAlive cleanup/clarify; ok markus@
- - stevesk@cvs.openbsd.org 2002/02/03 23:22:59
- [ssh-agent.1]
- ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
- - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
+ - djm@cvs.openbsd.org 2007/10/29 23:49:41
+ [openbsd-compat/sys-tree.h]
+ remove extra backslash at the end of RB_PROTOTYPE, report from
+ Jan.Pechanec AT Sun.COM; ok deraadt@
+
+20071026
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ (NB. RCD ID sync only for portable)
+ - djm@cvs.openbsd.org 2007/09/21 03:05:23
+ [ssh_config.5]
+ document KbdInteractiveAuthentication in ssh_config.5;
+ patch from dkg AT fifthhorseman.net
+ - djm@cvs.openbsd.org 2007/09/21 08:15:29
+ [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
+ [monitor.c monitor_wrap.c]
+ unifdef -DBSD_AUTH
+ unifdef -USKEY
+ These options have been in use for some years;
+ ok markus@ "no objection" millert@
+ (NB. RCD ID sync only for portable)
+ - canacar@cvs.openbsd.org 2007/09/25 23:48:57
[ssh-agent.c]
- unneeded includes
- - markus@cvs.openbsd.org 2002/02/04 11:58:10
+ When adding a key that already exists, update the properties
+ (time, confirm, comment) instead of discarding them. ok djm@ markus@
+ - ray@cvs.openbsd.org 2007/09/27 00:15:57
+ [dh.c]
+ Don't return -1 on error in dh_pub_is_valid(), since it evaluates
+ to true.
+ Also fix a typo.
+ Initial diff from Matthew Dempsky, input from djm.
+ OK djm, markus.
+ - dtucker@cvs.openbsd.org 2007/09/29 00:25:51
[auth2.c]
- cross checking of announced vs actual pktype in pubkey/hostbaed auth;
- ok stevesk@
- - markus@cvs.openbsd.org 2002/02/04 12:15:25
- [log.c log.h readconf.c servconf.c]
- add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
- fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
- - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
- [ssh-add.1]
- more sync for default ssh-add identities; ok markus@
- - djm@cvs.openbsd.org 2002/02/04 21:53:12
- [sftp.1 sftp.c]
- Add "-P" option to directly connect to a local sftp-server. Should be
- useful for regression testing; ok markus@
- - djm@cvs.openbsd.org 2002/02/05 00:00:46
- [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
- Add "-B" option to specify copy buffer length (default 32k); ok markus@
-
-20020130
- - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
- - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
- [sshd_config] put back in line that tells what PATH was compiled into sshd.
-
-20020125
- - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
- and grabbing can cause deadlocks with kinput2.
-
-20020124
- - (stevesk) Makefile.in: bug #61; delete commented line for now.
-
-20020123
- - (djm) Fix non-standard shell syntax in autoconf. Patch from
- Dave Dykstra <dwd@bell-labs.com>
- - (stevesk) fix --with-zlib=
- - (djm) Use case statements in autoconf to clean up some tests
- - (bal) reverted out of 5/2001 change to atexit(). I assume I
- did it to handle SonyOS. If that is the case than we will
- do a special case for them.
-
-20020122
- - (djm) autoconf hacking:
- - We don't support --without-zlib currently, so don't allow it.
- - Rework cryptographic random number support detection. We now detect
- whether OpenSSL seeds itself. If it does, then we don't bother with
- the ssh-rand-helper program. You can force the use of ssh-rand-helper
- using the --with-rand-helper configure argument
- - Simplify and clean up ssh-rand-helper configuration
- - Add OpenSSL sanity check: verify that header version matches version
- reported by library
- - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2001/12/21 08:52:22
- [ssh-keygen.1 ssh-keygen.c]
- Remove default (rsa1) key type; ok markus@
- - djm@cvs.openbsd.org 2001/12/21 08:53:45
- [readpass.c]
- Avoid interruptable passphrase read; ok markus@
- - djm@cvs.openbsd.org 2001/12/21 10:06:43
- [ssh-add.1 ssh-add.c]
- Try all standard key files (id_rsa, id_dsa, identity) when invoked with
- no arguments; ok markus@
- - markus@cvs.openbsd.org 2001/12/21 12:17:33
- [serverloop.c]
- remove ifdef for USE_PIPES since fdin != fdout; ok djm@
- - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
- [ssh-add.c]
- try all listed keys.. how did this get broken?
- - markus@cvs.openbsd.org 2001/12/25 18:49:56
- [key.c]
- be more careful on allocation
- - markus@cvs.openbsd.org 2001/12/25 18:53:00
- [auth1.c]
- be more carefull on allocation
- - markus@cvs.openbsd.org 2001/12/27 18:10:29
- [ssh-keygen.c]
- -t is only needed for key generation (unbreaks -i, -e, etc).
- - markus@cvs.openbsd.org 2001/12/27 18:22:16
- [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
- [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
- call fatal() for openssl allocation failures
- - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
- [sshd.8]
- clarify -p; ok markus@
- - markus@cvs.openbsd.org 2001/12/27 18:26:13
- [authfile.c]
- missing include
- - markus@cvs.openbsd.org 2001/12/27 19:37:23
- [dh.c kexdh.c kexgex.c]
- always use BN_clear_free instead of BN_free
- - markus@cvs.openbsd.org 2001/12/27 19:54:53
- [auth1.c auth.h auth-rh-rsa.c]
- auth_rhosts_rsa now accept generic keys.
- - markus@cvs.openbsd.org 2001/12/27 20:39:58
- [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
- [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
- get rid of packet_integrity_check, use packet_done() instead.
- - markus@cvs.openbsd.org 2001/12/28 12:14:27
- [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
- [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
- [ssh.c sshconnect1.c sshconnect2.c sshd.c]
- s/packet_done/packet_check_eom/ (end-of-message); ok djm@
- - markus@cvs.openbsd.org 2001/12/28 13:57:33
- [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
- packet_get_bignum* no longer returns a size
- - markus@cvs.openbsd.org 2001/12/28 14:13:13
- [bufaux.c bufaux.h packet.c]
- buffer_get_bignum: int -> void
- - markus@cvs.openbsd.org 2001/12/28 14:50:54
- [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
- [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
- [sshconnect2.c sshd.c]
- packet_read* no longer return the packet length, since it's not used.
- - markus@cvs.openbsd.org 2001/12/28 15:06:00
- [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
- [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
- remove plen from the dispatch fn. it's no longer used.
- - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
- [ssh.1 sshd.8]
- document LogLevel DEBUG[123]; ok markus@
- - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
- [authfile.c channels.c compress.c packet.c sftp-server.c]
- [ssh-agent.c ssh-keygen.c]
- remove unneeded casts and some char->u_char cleanup; ok markus@
- - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
- [ssh_config]
- grammar in comment
- - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
- [readconf.c servconf.c]
- remove #ifdef _PATH_XAUTH/#endif; ok markus@
- - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
- [servconf.c sshd.8]
- protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
- /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
- - markus@cvs.openbsd.org 2002/01/05 10:43:40
- [channels.c]
- fix hanging x11 channels for rejected cookies (e.g.
- XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
- djast@cs.toronto.edu
- - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
- [ssh.1 sshd.8]
- some missing and misplaced periods
- - markus@cvs.openbsd.org 2002/01/09 13:49:27
+ Remove unused prototype. ok djm@
+ - chl@cvs.openbsd.org 2007/10/02 17:49:58
[ssh-keygen.c]
- append \n only for public keys
- - markus@cvs.openbsd.org 2002/01/09 17:16:00
- [channels.c]
- merge channel_pre_open_15/channel_pre_open_20; ok provos@
- - markus@cvs.openbsd.org 2002/01/09 17:26:35
- [channels.c nchan.c]
- replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
- ok provos@
- - markus@cvs.openbsd.org 2002/01/10 11:13:29
- [serverloop.c]
- skip client_alive_check until there are channels; ok beck@
- - markus@cvs.openbsd.org 2002/01/10 11:24:04
+ handles zero-sized strings that fgets can return
+ properly removes trailing newline
+ removes an unused variable
+ correctly counts line number
+ "looks ok" ray@ markus@
+ - markus@cvs.openbsd.org 2007/10/22 19:10:24
+ [readconf.c]
+ make sure that both the local and remote port are correct when
+ parsing -L; Jan Pechanec (bz #1378)
+ - djm@cvs.openbsd.org 2007/10/24 03:30:02
+ [sftp.c]
+ rework argument splitting and parsing to cope correctly with common
+ shell escapes and make handling of escaped characters consistent
+ with sh(1) and between sftp commands (especially between ones that
+ glob their arguments and ones that don't).
+ parse command flags using getopt(3) rather than hand-rolled parsers.
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/10/24 03:44:02
+ [scp.c]
+ factor out network read/write into an atomicio()-like function, and
+ use it to handle short reads, apply bandwidth limits and update
+ counters. make network IO non-blocking, so a small trickle of
+ reads/writes has a chance of updating the progress meter; bz #799
+ ok dtucker@
+ - djm@cvs.openbsd.org 2006/08/29 09:44:00
+ [regress/sftp-cmds.sh]
+ clean up our mess
+ - markus@cvs.openbsd.org 2006/11/06 09:27:43
+ [regress/cfgmatch.sh]
+ fix quoting for non-(c)sh login shells.
+ - dtucker@cvs.openbsd.org 2006/12/13 08:36:36
+ [regress/cfgmatch.sh]
+ Additional test for multiple PermitOpen entries. ok djm@
+ - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
+ [regress/cipher-speed.sh regress/try-ciphers.sh]
+ test umac-64@openssh.com
+ ok djm@
+ - djm@cvs.openbsd.org 2007/10/24 03:32:35
+ [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
+ comprehensive tests for sftp escaping its interaction with globbing;
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/10/26 05:30:01
+ [regress/sftp-glob.sh regress/test-exec.sh]
+ remove "echo -E" crap that I added in last commit and use printf(1) for
+ cases where we strictly require echo not to reprocess escape characters.
+ - deraadt@cvs.openbsd.org 2005/11/28 17:50:12
+ [openbsd-compat/glob.c]
+ unused arg in internal static API
+ - jakob@cvs.openbsd.org 2007/10/11 18:36:41
+ [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
+ use RRSIG instead of SIG for DNSSEC. ok djm@
+ - otto@cvs.openbsd.org 2006/10/21 09:55:03
+ [openbsd-compat/base64.c]
+ remove calls to abort(3) that can't happen anyway; from
+ <bret dot lambert at gmail.com>; ok millert@ deraadt@
+ - frantzen@cvs.openbsd.org 2004/04/24 18:11:46
+ [openbsd-compat/sys-tree.h]
+ sync to Niels Provos' version. avoid unused variable warning in
+ RB_NEXT()
+ - tdeval@cvs.openbsd.org 2004/11/24 18:10:42
+ [openbsd-compat/sys-tree.h]
+ typo
+ - grange@cvs.openbsd.org 2004/05/04 16:59:32
+ [openbsd-compat/sys-queue.h]
+ Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
+ This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
+ ok millert krw deraadt
+ - deraadt@cvs.openbsd.org 2005/02/25 13:29:30
+ [openbsd-compat/sys-queue.h]
+ minor white spacing
+ - otto@cvs.openbsd.org 2005/10/17 20:19:42
+ [openbsd-compat/sys-queue.h]
+ Performing certain operations on queue.h data structurs produced
+ funny results. An example is calling LIST_REMOVE on the same
+ element twice. This will not fail, but result in a data structure
+ referencing who knows what. Prevent these accidents by NULLing some
+ fields on remove and replace. This way, either a panic or segfault
+ will be produced on the faulty operation.
+ - otto@cvs.openbsd.org 2005/10/24 20:25:14
+ [openbsd-compat/sys-queue.h]
+ Partly backout. NOLIST, used in LISTs is probably interfering.
+ requested by deraadt@
+ - otto@cvs.openbsd.org 2005/10/25 06:37:47
+ [openbsd-compat/sys-queue.h]
+ Some uvm problem is being exposed with the more strict macros.
+ Revert until we've found out what's causing the panics.
+ - otto@cvs.openbsd.org 2005/11/25 08:06:25
+ [openbsd-compat/sys-queue.h]
+ Introduce debugging aid for queue macros. Disabled by default; but
+ developers are encouraged to run with this enabled.
+ ok krw@ fgsch@ deraadt@
+ - otto@cvs.openbsd.org 2007/04/30 18:42:34
+ [openbsd-compat/sys-queue.h]
+ Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
+ Input and okays from krw@, millert@, otto@, deraadt@, miod@.
+ - millert@cvs.openbsd.org 2004/10/07 16:56:11
+ GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
+ block.
+ (NB. mostly an RCS ID sync, as portable strips out the conditionals)
+ - (djm) [regress/sftp-cmds.sh]
+ Use more restrictive glob to pick up test files from /bin - some platforms
+ ship broken symlinks there which could spoil the test.
+ - (djm) [openbsd-compat/bindresvport.c]
+ Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
+
+20070927
+ - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
+ we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
+ - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
+ so disable it for that platform. From bacon at cs nyu edu.
+
+20070921
+ - (djm) [atomicio.c] Fix spin avoidance for platforms that define
+ EWOULDBLOCK; patch from ben AT psc.edu
+
+20070917
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/08/23 02:49:43
+ [auth-passwd.c auth.c session.c]
+ unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 02:55:51
+ [auth-passwd.c auth.c session.c]
+ missed include bits from last commit
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:06:10
+ [auth.h]
+ login_cap.h doesn't belong here
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:22:16
+ [auth2-none.c sshd_config sshd_config.5]
+ Support "Banner=none" to disable displaying of the pre-login banner;
+ ok dtucker@ deraadt@
+ - djm@cvs.openbsd.org 2007/08/23 03:23:26
+ [sshconnect.c]
+ Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
+ - djm@cvs.openbsd.org 2007/09/04 03:21:03
+ [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
+ [monitor_wrap.c ssh.c]
+ make file descriptor passing code return an error rather than call fatal()
+ when it encounters problems, and use this to make session multiplexing
+ masters survive slaves failing to pass all stdio FDs; ok markus@
+ - djm@cvs.openbsd.org 2007/09/04 11:15:56
+ [ssh.c sshconnect.c sshconnect.h]
+ make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
+ SSH banner exchange (previously it just covered the TCP connection).
+ This allows callers of ssh(1) to better detect and deal with stuck servers
+ that accept a TCP connection but don't progress the protocol, and also
+ makes ConnectTimeout useful for connections via a ProxyCommand;
+ feedback and "looks ok" markus@
+ - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
+ [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
+ sort synopsis and options in ssh-agent(1); usage is lowercase
+ ok jmc@
+ - stevesk@cvs.openbsd.org 2007/09/11 04:36:29
+ [sshpty.c]
+ sort #include
+ NB. RCS ID sync only
+ - gilles@cvs.openbsd.org 2007/09/11 15:47:17
+ [session.c ssh-keygen.c sshlogin.c]
+ use strcspn to properly overwrite '\n' in fgets returned buffer
+ ok pyr@, ray@, millert@, moritz@, chl@
+ - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ NB. RCS ID sync only
+ - stevesk@cvs.openbsd.org 2007/09/12 19:39:19
+ [umac.c]
+ use xmalloc() and xfree(); ok markus@ pvalchev@
+ - djm@cvs.openbsd.org 2007/09/13 04:39:04
+ [sftp-server.c]
+ fix incorrect test when setting syslog facility; from Jan Pechanec
+ - djm@cvs.openbsd.org 2007/09/16 00:55:52
+ [sftp-client.c]
+ use off_t instead of u_int64_t for file offsets, matching what the
+ progressmeter code expects; bz #842
+ - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
+ Problem report and additional testing rac AT tenzing.org.
+
+20070914
+ - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
+ Patch from Jan.Pechanec at sun com.
+
+20070910
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
+ return 0 on successful test. From David.Leonard at quest com.
+ - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
+ did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
+
+20070817
+ - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
+ accounts and that's what the code looks for, so make man page and code
+ agree. Pointed out by Roumen Petrov.
+ - (dtucker) [INSTALL] Group the parts describing random options and PAM
+ implementations together which is hopefully more coherent.
+ - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
+ - (dtucker) [INSTALL] Give PAM its own heading.
+ - (dtucker) [INSTALL] Link to tcpwrappers.
+
+20070816
+ - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
+ connections too. Based on a patch from Sandro Wefel, with & ok djm@
+
+20070815
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2007/08/15 08:14:46
[clientloop.c]
- handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
- - markus@cvs.openbsd.org 2002/01/10 12:38:26
- [nchan.c]
- remove dead code (skip drain)
- - markus@cvs.openbsd.org 2002/01/10 12:47:59
- [nchan.c]
- more unused code (with channels.c:1.156)
- - markus@cvs.openbsd.org 2002/01/11 10:31:05
- [packet.c]
- handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
- - markus@cvs.openbsd.org 2002/01/11 13:36:43
- [ssh2.h]
- add defines for msg type ranges
- - markus@cvs.openbsd.org 2002/01/11 13:39:36
- [auth2.c dispatch.c dispatch.h kex.c]
- a single dispatch_protocol_error() that sends a message of
- type 'UNIMPLEMENTED'
- dispatch_range(): set handler for a ranges message types
- use dispatch_protocol_ignore() for authentication requests after
- successful authentication (the drafts requirement).
- serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
- of exiting.
- - markus@cvs.openbsd.org 2002/01/11 20:14:11
- [auth2-chall.c auth-skey.c]
- use strlcpy not strlcat; mouring@
- - markus@cvs.openbsd.org 2002/01/11 23:02:18
- [readpass.c]
- use _PATH_TTY
- - markus@cvs.openbsd.org 2002/01/11 23:02:51
- [auth2-chall.c]
- use snprintf; mouring@
- - markus@cvs.openbsd.org 2002/01/11 23:26:30
- [auth-skey.c]
- use snprintf; mouring@
- - markus@cvs.openbsd.org 2002/01/12 13:10:29
- [auth-skey.c]
- undo local change
- - provos@cvs.openbsd.org 2002/01/13 17:27:07
- [ssh-agent.c]
- change to use queue.h macros; okay markus@
- - markus@cvs.openbsd.org 2002/01/13 17:57:37
- [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
- use buffer API and avoid static strings of fixed size;
- ok provos@/mouring@
- - markus@cvs.openbsd.org 2002/01/13 21:31:20
- [channels.h nchan.c]
- add chan_set_[io]state(), order states, state is now an u_int,
- simplifies debugging messages; ok provos@
- - markus@cvs.openbsd.org 2002/01/14 13:22:35
- [nchan.c]
- chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
- - markus@cvs.openbsd.org 2002/01/14 13:34:07
- [nchan.c]
- merge chan_[io]buf_empty[12]; ok provos@
- - markus@cvs.openbsd.org 2002/01/14 13:40:10
- [nchan.c]
- correct fn names for ssh2, do not switch from closed to closed;
- ok provos@
- - markus@cvs.openbsd.org 2002/01/14 13:41:13
- [nchan.c]
- remove duplicated code; ok provos@
- - markus@cvs.openbsd.org 2002/01/14 13:55:55
- [channels.c channels.h nchan.c]
- remove function pointers for events, remove chan_init*; ok provos@
- - markus@cvs.openbsd.org 2002/01/14 13:57:03
- [channels.h nchan.c]
- (c) 2002
- - markus@cvs.openbsd.org 2002/01/16 13:17:51
- [channels.c channels.h serverloop.c ssh.c]
- wrapper for channel_setup_fwd_listener
- - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
- [sshd_config]
- The stategy now used for options in the default sshd_config shipped
- with OpenSSH is to specify options with their default value where
- possible, but leave them commented. Uncommented options change a
- default value. Subsystem is currently the only default option
- changed. ok markus@
- - stevesk@cvs.openbsd.org 2002/01/16 17:42:33
+ do NOT fall back to the trused x11 cookie if generation of an untrusted
+ cookie fails; from Jan Pechanec, via security-alert at sun.com;
+ ok dtucker
+ - markus@cvs.openbsd.org 2007/08/15 08:16:49
+ [version.h]
+ openssh 4.7
+ - stevesk@cvs.openbsd.org 2007/08/15 12:13:41
+ [ssh_config.5]
+ tun device forwarding now honours ExitOnForwardFailure; ok markus@
+ - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
+ ok djm@
+ - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
+ contrib/suse/openssh.spec] Crank version.
+
+20070813
+ - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
+ called with PAM_ESTABLISH_CRED at least once, which resolves a problem
+ with pam_dhkeys. Patch from David Leonard, ok djm@
+
+20070810
+ - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
+ - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From
+ Matt Kraai, ok djm@
+
+20070809
+ - (dtucker) [openbsd-compat/port-aix.c] Comment typo.
+ - (dtucker) [README.platform] Document the interaction between PermitRootLogin
+ and the AIX native login restrictions.
+ - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
+ used anywhere and are a potential source of warnings.
+
+20070808
+ - (djm) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2007/07/12 05:48:05
+ [key.c]
+ Delint: remove some unreachable statements, from Bret Lambert.
+ OK markus@ and dtucker@.
+ - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
+ [scp.1 scp.c]
+ the ellipsis is not an optional argument; while here, sync the usage
+ and synopsis of commands
+ lots of good ideas by jmc@
+ ok jmc@
+ - djm@cvs.openbsd.org 2007/08/07 07:32:53
+ [clientloop.c clientloop.h ssh.c]
+ bz#1232: ensure that any specified LocalCommand is executed after the
+ tunnel device is opened. Also, make failures to open a tunnel device
+ fatal when ExitOnForwardFailure is active.
+ Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
+
+20070724
+ - (tim) [openssh.xml.in] make FMRI match what package scripts use.
+ - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
+ Report/patch by David.Leonard AT quest.com (and Bernhard Simon)
+ - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
+ - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
+
+20070628
+ - (djm) bz#1325: Fix SELinux in permissive mode where it would
+ incorrectly fatal() on errors. patch from cjwatson AT debian.org;
+ ok dtucker
+
+20070625
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/06/13 00:21:27
+ [scp.c]
+ don't ftruncate() non-regular files; bz#1236 reported by wood AT
+ xmission.com; ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/14 21:43:25
+ [ssh.c]
+ handle EINTR when waiting for mux exit status properly
+ - djm@cvs.openbsd.org 2007/06/14 22:48:05
+ [ssh.c]
+ when waiting for the multiplex exit status, read until the master end
+ writes an entire int of data *and* closes the client_fd; fixes mux
+ regression spotted by dtucker, ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/19 02:04:43
+ [atomicio.c]
+ if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
+ avoid a spin if it is not yet ready for reading/writing; ok dtucker@
+ - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
+ [channels.c]
+ Correct test for window updates every three packets; prevents sending
+ window updates for every single packet. ok markus@
+ - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
+ [atomicio.c]
+ Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
+ - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
+ atomicio.
+ - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
+ Add an implementation of poll() built on top of select(2). Code from
+ OpenNTPD with changes suggested by djm. ok djm@
+
+20070614
+ - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
+ USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
+ shared with umac.c. Allows building with OpenSSL 0.9.5 again including
+ umac support. With tim@ djm@, ok djm.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
+ sections. Fixes builds with early OpenSSL 0.9.6 versions.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
+ of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
+ subsequent <0.9.7 test.
+
+20070612
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2007/06/11 09:14:00
+ [channels.h]
+ increase default channel windows; ok djm
+ - djm@cvs.openbsd.org 2007/06/12 07:41:00
+ [ssh-add.1]
+ better document ssh-add's -d option (delete identies from agent), bz#1224
+ new text based on some provided by andrewmc-debian AT celt.dias.ie;
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 08:20:00
+ [ssh-gss.h gss-serv.c gss-genr.c]
+ relocate server-only GSSAPI code from libssh to server; bz #1225
+ patch from simon AT sxw.org.uk; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 08:24:20
+ [scp.c]
+ make scp try to skip FIFOs rather than blocking when nothing is listening.
+ depends on the platform supporting sane O_NONBLOCK semantics for open
+ on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
+ bz #856; report by cjwatson AT debian.org; ok markus@
+ - djm@cvs.openbsd.org 2007/06/12 11:11:08
+ [ssh.c]
+ fix slave exit value when a control master goes away without passing the
+ full exit status by ensuring that the slave reads a full int. bz#1261
+ reported by frekko AT gmail.com; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 11:15:17
+ [ssh.c ssh.1]
+ Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
+ GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
+ and is useful for hosts with /home on Kerberised NFS; bz #1312
+ patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
+ - djm@cvs.openbsd.org 2007/06/12 11:45:27
+ [ssh.c]
+ improved exit message from multiplex slave sessions; bz #1262
+ reported by alexandre.nunes AT gmail.com; ok dtucker@
+ - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
+ [gss-genr.c]
+ Pass GSS OID to gss_display_status to provide better information in
+ error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
+ - jmc@cvs.openbsd.org 2007/06/12 13:41:03
+ [ssh-add.1]
+ identies -> identities;
+ - jmc@cvs.openbsd.org 2007/06/12 13:43:55
[ssh.1]
- correct defaults for -i/IdentityFile; ok markus@
- - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
+ add -K to SYNOPSIS;
+ - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
+ [scp.c]
+ Encode filename with strnvis if the name contains a newline (which can't
+ be represented in the scp protocol), from bz #891. ok markus@
+
+20070611
+ - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
+ fix; tested by dtucker@ and jochen.kirn AT gmail.com
+ - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
+ [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
+ [ssh_config.5 sshd.8 sshd_config.5]
+ Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
+ must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
+ compared to hmac-md5. Represents a different approach to message
+ authentication to that of HMAC that may be beneficial if HMAC based on
+ one of its underlying hash algorithms is found to be vulnerable to a
+ new attack. http://www.ietf.org/rfc/rfc4418.txt
+ in conjunction with and OK djm@
+ - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
[ssh_config]
- correct some commented defaults. add Ciphers default. ok markus@
- - stevesk@cvs.openbsd.org 2002/01/17 04:27:37
- [log.c]
- casts to silence enum type warnings for bugzilla bug 37; ok markus@
- - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
- [sshd.8]
- correct Ciphers default; paola.mannaro@ubs.com
- - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
- [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
- unneeded cast cleanup; ok markus@
- - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
- [sshd.8]
- clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
- allard@oceanpark.com; ok markus@
- - markus@cvs.openbsd.org 2002/01/21 15:13:51
- [sshconnect.c]
- use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
- for hostkey confirm.
- - markus@cvs.openbsd.org 2002/01/21 22:30:12
- [cipher.c compat.c myproposal.h]
- remove "rijndael-*", just use "aes-" since this how rijndael is called
- in the drafts; ok stevesk@
- - markus@cvs.openbsd.org 2002/01/21 23:27:10
- [channels.c nchan.c]
- cleanup channels faster if the are empty and we are in drain-state;
- ok deraadt@
- - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
- [servconf.c]
- typo in error message; from djast@cs.toronto.edu
- - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
- changes
- - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
- bogus in configure
- - (djm) Use local sys/queue.h if necessary in ssh-agent.c
-
-20020121
- - (djm) Rework ssh-rand-helper:
- - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
- - Always seed from system calls, even when doing PRNGd seeding
- - Tidy and comment #define knobs
- - Remove unused facility for multiple runs through command list
- - KNF, cleanup, update copyright
-
-20020114
- - (djm) Bug #50 - make autoconf entropy path checks more robust
-
-20020108
- - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
- fixed env var size limit in the process. Report from Corinna Vinschen
- <vinschen@redhat.com>
- - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does
- not depend on transition links. from Lutz Jaenicke.
-
-20020106
- - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
- for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
-
-20020105
- - (bal) NCR requies use_pipes to operate correctly.
- - (stevesk) fix spurious ; from NCR change.
-
-20020103
- - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
- Roger Cornelius <rac@tenzing.org>
-
-20011229
- - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
- <vinschen@redhat.com> Could be abused to guess valid usernames
- - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen
- <vinschen@redhat.com>
-
-20011228
- - (djm) Remove recommendation to use GNU make, we should support most
- make programs.
-
-20011225
- - (stevesk) [Makefile.in ssh-rand-helper.c]
- portable lib and __progname support for ssh-rand-helper; ok djm@
-
-20011223
- - (bal) Removed contrib/chroot.diff and noted in contrib/README that it
- was not being maintained.
-
-20011222
- - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
- solar@openwall.com
- - (djm) Rework entropy code. If the OpenSSL PRNG is has not been
- internally seeded, execute a subprogram "ssh-rand-helper" to obtain
- some entropy for us. Rewrite the old in-process entropy collecter as
- an example ssh-rand-helper.
- - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
- we don't end up using ssh_prng_cmds (so we always get a valid file)
-
-20011221
- - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
- server. I have found this necessary to avoid server hangs with X input
- extensions (e.g. kinput2). Enable by setting the environment variable
- "GNOME_SSH_ASKPASS_NOGRAB"
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/12/08 17:49:28
- [channels.c pathnames.h]
- use only one path to X11 UNIX domain socket vs. an array of paths
- to try. report from djast@cs.toronto.edu. ok markus@
- - markus@cvs.openbsd.org 2001/12/09 18:45:56
- [auth2.c auth2-chall.c auth.h]
- add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
- fixes memleak.
- - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
+ Add a "MACs" line after "Ciphers" with the default MAC algorithms,
+ to ease people who want to tweak both (eg. for performance reasons).
+ ok deraadt@ djm@ dtucker@
+ - jmc@cvs.openbsd.org 2007/06/08 07:43:46
+ [ssh_config.5]
+ put the MAC list into a display, like we do for ciphers,
+ since groff has trouble handling wide lines;
+ - jmc@cvs.openbsd.org 2007/06/08 07:48:09
+ [sshd_config.5]
+ oops, here too: put the MAC list into a display, like we do for
+ ciphers, since groff has trouble with wide lines;
+ - markus@cvs.openbsd.org 2007/06/11 08:04:44
+ [channels.c]
+ send 'window adjust' messages every tree packets and do not wait
+ until 50% of the window is consumed. ok djm dtucker
+ - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
+ fallback to provided bit-swizzing functions
+ - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
+ argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
+ but check anyway in case this changes or the code gets used elsewhere.
+ - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
+ prevent warnings about redefinitions of various things in paths.h.
+ Spotted by cartmanltd at hotmail.com.
+
+20070605
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/05/22 10:18:52
[sshd.c]
- possible fd leak on error; ok markus@
- - markus@cvs.openbsd.org 2001/12/10 20:34:31
- [ssh-keyscan.c]
- check that server supports v1 for -t rsa1, report from wirth@dfki.de
- - jakob@cvs.openbsd.org 2001/12/18 10:04:21
- [auth.h hostfile.c hostfile.h]
- remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
- - jakob@cvs.openbsd.org 2001/12/18 10:05:15
+ zap double include; from p_nowaczyk AT o2.pl
+ (not required in -portable, Id sync only)
+ - djm@cvs.openbsd.org 2007/05/30 05:58:13
+ [kex.c]
+ tidy: KNF, ARGSUSED and u_int
+ - jmc@cvs.openbsd.org 2007/05/31 19:20:16
+ [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
+ ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
+ convert to new .Dd format;
+ (We will need to teach mdoc2man.awk to understand this too.)
+ - djm@cvs.openbsd.org 2007/05/31 23:34:29
+ [packet.c]
+ gc unreachable code; spotted by Tavis Ormandy
+ - djm@cvs.openbsd.org 2007/06/02 09:04:58
+ [bufbn.c]
+ memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
+ - djm@cvs.openbsd.org 2007/06/05 06:52:37
+ [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
+ Preserve MAC ctx between packets, saving 2xhash calls per-packet.
+ Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
+ patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
+ committing at his request)
+ - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
+ OpenBSD's cvs now adds.
+ - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
+ mindrot's cvs doesn't expand it on us.
+ - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
+
+20070520
+ - (dtucker) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
[auth2.c]
- log fingerprint on successful public key authentication; ok markus@
- - jakob@cvs.openbsd.org 2001/12/18 10:06:24
- [auth-rsa.c]
- log fingerprint on successful public key authentication, simplify
- usage of key structs; ok markus@
- - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
- [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
- [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
- [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
- [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
- [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
- [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
- [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
- [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
- basic KNF done while i was looking for something else
- - markus@cvs.openbsd.org 2001/12/19 16:09:39
- [serverloop.c]
- fix race between SIGCHLD and select with an additional pipe. writing
- to the pipe on SIGCHLD wakes up select(). using pselect() is not
- portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
- initial idea by pmenage@ensim.com; ok deraadt@, djm@
- - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
- [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
- change the buffer/packet interface to use void* vs. char*; ok markus@
- - markus@cvs.openbsd.org 2001/12/20 16:37:29
- [channels.c channels.h session.c]
- setup x11 listen socket for just one connect if the client requests so.
- (v2 only, but the openssh client does not support this feature).
- - djm@cvs.openbsd.org 2001/12/20 22:50:24
- [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
- [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
+ remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
+ - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
+ [sftp-server.c]
+ cast "%llu" format spec to (unsigned long long); do not assume a
+ u_int64_t arg is the same as 'unsigned long long'.
+ from Dmitry V. Levin <ldv@altlinux.org>
+ ok markus@ 'Yes, that looks correct' millert@
+ - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
+ [servconf.c]
+ Remove debug() left over from development. ok deraadt@
+ - djm@cvs.openbsd.org 2007/05/17 07:50:31
+ [log.c]
+ save and restore errno when logging; ok deraadt@
+ - djm@cvs.openbsd.org 2007/05/17 07:55:29
+ [sftp-server.c]
+ bz#1286 stop reading and processing commands when input or output buffer
+ is nearly full, otherwise sftp-server would happily try to grow the
+ input/output buffers past the maximum supported by the buffer API and
+ promptly fatal()
+ based on patch from Thue Janus Kristensen; feedback & ok dtucker@
+ - djm@cvs.openbsd.org 2007/05/17 20:48:13
[sshconnect2.c]
- Conformance fix: we should send failing packet sequence number when
- responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
- yakk@yakk.dot.net; ok markus@
-
-20011219
- - (stevesk) OpenBSD CVS sync X11 localhost display
- - stevesk@cvs.openbsd.org 2001/11/29 14:10:51
- [channels.h channels.c session.c]
- sshd X11 fake server will now listen on localhost by default:
- $ echo $DISPLAY
- localhost:12.0
- $ netstat -an|grep 6012
- tcp 0 0 127.0.0.1.6012 *.* LISTEN
- tcp6 0 0 ::1.6012 *.* LISTEN
- sshd_config gatewayports=yes can be used to revert back to the old
- behavior. will control this with another option later. ok markus@
- - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
- [includes.h session.c]
- handle utsname.nodename case for FamilyLocal X authorization; ok markus@
-
-20011207
- - (bal) PCRE no longer required. Banished from the source along with
- fake-regex.h
- - (bal) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/12/06 18:02:32
- [channels.c sshconnect.c]
- shutdown(sock, SHUT_RDWR) not needed here; ok markus@
- - stevesk@cvs.openbsd.org 2001/12/06 18:09:23
- [channels.c session.c]
- strncpy->strlcpy. remaining strncpy's are necessary. ok markus@
- - stevesk@cvs.openbsd.org 2001/12/06 18:20:32
- [channels.c]
- disable nagle for X11 fake server and client TCPs. from netbsd.
+ fall back to gethostname() when the outgoing connection is not
+ on a socket, such as is the case when ProxyCommand is used.
+ Gives hostbased auth an opportunity to work; bz#616, report
+ and feedback stuart AT kaloram.com; ok markus@
+ - djm@cvs.openbsd.org 2007/05/17 20:52:13
+ [monitor.c]
+ pass received SIGINT from monitor to postauth child so it can clean
+ up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
ok markus@
-
-20011206
- - (bal) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
- [sshd.c]
- errno saving wrapping in a signal handler
- - markus@cvs.openbsd.org 2001/11/16 12:46:13
- [ssh-keyscan.c]
- handle empty lines instead of dumping core; report from sha@sha-1.net
- - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
- [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
- enum/int type cleanup where it made sense to do so; ok markus@
- - markus@cvs.openbsd.org 2001/11/19 11:20:21
- [sshd.c]
- fd leak on HUP; ok stevesk@
- - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
- [ssh-agent.1]
- clarify/state that private keys are not exposed to clients using the
- agent; ok markus@
- - mpech@cvs.openbsd.org 2001/11/19 19:02:16
- [deattack.c radix.c]
- kill more registers
- millert@ ok
- - markus@cvs.openbsd.org 2001/11/21 15:51:24
- [key.c]
- mem leak
- - stevesk@cvs.openbsd.org 2001/11/21 18:49:14
- [ssh-keygen.1]
- more on passphrase construction; ok markus@
- - stevesk@cvs.openbsd.org 2001/11/22 05:27:29
- [ssh-keyscan.c]
- don't use "\n" in fatal()
- - markus@cvs.openbsd.org 2001/11/22 12:34:22
- [clientloop.c serverloop.c sshd.c]
- volatile sig_atomic_t
- - stevesk@cvs.openbsd.org 2001/11/29 19:06:39
- [channels.h]
- remove dead function prototype; ok markus@
- - markus@cvs.openbsd.org 2001/11/29 22:08:48
- [auth-rsa.c]
- fix protocol error: send 'failed' message instead of a 2nd challenge
- (happens if the same key is in authorized_keys twice).
- reported Ralf_Meister@genua.de; ok djm@
- - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
- [ssh.c]
- sscanf() length dependencies are clearer now; can also shrink proto
- and data if desired, but i have not done that. ok markus@
- - markus@cvs.openbsd.org 2001/12/01 21:41:48
- [session.c sshd.8]
- don't pass user defined variables to /usr/bin/login
- - deraadt@cvs.openbsd.org 2001/12/02 02:08:32
- [sftp-common.c]
- zap };
- - itojun@cvs.openbsd.org 2001/12/05 03:50:01
- [clientloop.c serverloop.c sshd.c]
- deal with LP64 printf issue with sig_atomic_t. from thorpej
- - itojun@cvs.openbsd.org 2001/12/05 03:56:39
- [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
- sshconnect2.c]
- make it compile with more strict prototype checking
- - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
- [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
- key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
- sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
- minor KNF
- - markus@cvs.openbsd.org 2001/12/05 15:04:48
- [version.h]
- post 3.0.2
- - markus@cvs.openbsd.org 2001/12/05 16:54:51
- [compat.c match.c match.h]
- make theo and djm happy: bye bye regexp
- - markus@cvs.openbsd.org 2001/12/06 13:30:06
- [servconf.c servconf.h sshd.8 sshd.c]
- add -o to sshd, too. ok deraadt@
- - (bal) Minor white space fix up in servconf.c
-
-20011126
- - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
- openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
- Allow SSHD to install as service under WIndows 9x/Me
- [configure.ac] Fix to allow linking against PCRE on Cygwin
- Patches by Corinna Vinschen <vinschen@redhat.com>
-
-20011115
- - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
- <djast@cs.toronto.edu> Fix from markus@
- - (djm) Release 3.0.1p1
-
-20011113
- - (djm) Fix early (and double) free of remote user when using Kerberos.
- Patch from Simon Wilkinson <simon@sxw.org.uk>
- - (djm) AIX login{success,failed} changes. Move loginsuccess call to
- do_authenticated. Call loginfailed for protocol 2 failures > MAX like
- we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
- K.Wolkersdorfer@fz-juelich.de and others
+ - jolan@cvs.openbsd.org 2007/05/17 23:53:41
+ [sshconnect2.c]
+ djm owes me a vb and a tism cd for breaking ssh compilation
+ - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
+ ldv at altlinux.org.
+ - (dtucker) [auth-pam.c] Return empty string if fgets fails in
+ sshpam_tty_conv. Patch from ldv at altlinux.org.
+
+20070509
+ - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
+
+20070429
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
+ for select(2) prototype.
+ - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
+ - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
+ platform's _res if it has one. Should fix problem of DNSSEC record lookups
+ on NetBSD as reported by Curt Sampson.
+ - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
+ - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
+ so we don't get redefinition warnings.
+ - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
+ - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
+ __nonnull__ for versions of GCC that don't support it.
+ - (dtucker) [configure.ac defines.h] Have configure check for offsetof
+ to prevent redefinition warnings.
+
+20070406
+ - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
+ to OpenPAM too.
+ - (dtucker) [INSTALL] prngd lives at sourceforge these days.
+
+20070326
+ - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
+ openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
+ to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
+
+20070325
+ - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
+ LIBWRAP and LIBPAM variables in Makefile with the general-purpose
+ SSHDLIBS. "I like" djm@
+
+20070321
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
+ [servconf.c sshd.c]
+ Move C/R -> kbdint special case to after the defaults have been
+ loaded, which makes ChallengeResponse default to yes again. This
+ was broken by the Match changes and not fixed properly subsequently.
+ Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
+ - djm@cvs.openbsd.org 2007/03/19 01:01:29
+ [sshd_config]
+ Disable the legacy SSH protocol 1 for new installations via
+ a configuration override. In the future, we will change the
+ server's default itself so users who need the legacy protocol
+ will need to turn it on explicitly
+ - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
+ [ssh-agent.c]
+ Remove the signal handler that checks if the agent's parent process
+ has gone away, instead check when the select loop returns. Record when
+ the next key will expire when scanning for expired keys. Set the select
+ timeout to whichever of these two things happens next. With djm@, with &
+ ok deraadt@ markus@
+ - tedu@cvs.openbsd.org 2007/03/20 03:56:12
+ [readconf.c clientloop.c]
+ remove some bogus *p tests from charles longeau
+ ok deraadt millert
+ - jmc@cvs.openbsd.org 2007/03/20 15:57:15
+ [sshd.8]
+ - let synopsis and description agree for -f
+ - sort FILES
+ - +.Xr ssh-keyscan 1 ,
+ from Igor Sobrado
+ - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
+ getpeerucred to implement getpeereid (currently only Solaris 10 and up).
+ Patch by Jan.Pechanec at Sun.
+ - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
+ HAVE_GETPEERUCRED too. Also from Jan Pechanec.
+
+20070313
+ - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
+ string.h to prevent warnings, from vapier at gentoo.org.
+ - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
+ selinux bits in -portable.
+ - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
+ bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
+ in cipher-bf1.c. Patch from Juan Gallego.
+ - (dtucker) [README.platform] Info about blibpath on AIX.
+
+20070306
- (djm) OpenBSD CVS Sync
- - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
- [auth-krb5.c]
- fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
- art@, deraadt@ ok
- - markus@cvs.openbsd.org 2001/11/12 11:17:07
- [servconf.c]
- enable authorized_keys2 again. tested by fries@
- - markus@cvs.openbsd.org 2001/11/13 02:03:57
+ - jmc@cvs.openbsd.org 2007/03/01 16:19:33
+ [sshd_config.5]
+ sort the `match' keywords;
+ - djm@cvs.openbsd.org 2007/03/06 10:13:14
[version.h]
- enter 3.0.1
- - (djm) Bump RPM package versions
-
-20011112
- - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
- - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/10/24 08:41:41
- [sshd.c]
- mention remote port in debug message
- - markus@cvs.openbsd.org 2001/10/24 08:41:20
- [ssh.c]
- remove unused
- - markus@cvs.openbsd.org 2001/10/24 08:51:35
- [clientloop.c ssh.c]
- ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- - markus@cvs.openbsd.org 2001/10/24 19:57:40
+ openssh-4.6; "please" deraadt@
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] crank spec files for release
+ - (djm) [README] correct link to release notes
+ - (djm) Release 4.6p1
+
+20070304
+ - (djm) [configure.ac] add a --without-openssl-header-check option to
+ configure, as some platforms (OS X) ship OpenSSL headers whose version
+ does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+ bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+ ciphers from working correctly (disconnects with "Bad packet length"
+ errors) as found by Ben Harris. ok djm@
+
+20070303
+ - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
+ general to cover newer gdb versions on HP-UX.
+
+20070302
+ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
+ CRLF as well as LF lineendings) and write in binary mode. Patch from
+ vinschen at redhat.com.
+ - (dtucker) [INSTALL] Update to autoconf-2.61.
+
+20070301
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
+ [auth2.c sshd_config.5 servconf.c]
+ Remove ChallengeResponseAuthentication support inside a Match
+ block as its interaction with KbdInteractive makes it difficult to
+ support. Also, relocate the CR/kbdint option special-case code into
+ servconf. "please commit" djm@, ok markus@ for the relocation.
+ - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
+ "Looks sane" dtucker@
+
+20070228
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
+ [ssh-agent.c]
+ Remove expired keys periodically so they don't remain in memory when
+ the agent is entirely idle, as noted by David R. Piegdon. This is the
+ simple fix, a more efficient one will be done later. With markus,
+ deraadt, with & ok djm.
+
+20070225
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/02/20 10:25:14
[clientloop.c]
- make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- - markus@cvs.openbsd.org 2001/10/25 21:14:32
+ set maximum packet and window sizes the same for multiplexed clients
+ as normal connections; ok markus@
+ - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
+ [sshd.c]
+ Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
+ a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
+ newly exec'ed sshd will get the SIGALRM and not have a handler for it,
+ and the default action will terminate the listening sshd. Analysis and
+ patch from andrew at gaul.org.
+ - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
+ [servconf.c]
+ Check activep so Match and GatewayPorts work together; ok markus@
+ - ray@cvs.openbsd.org 2007/02/24 03:30:11
+ [moduli.c]
+ - strlen returns size_t, not int.
+ - Pass full buffer size to fgets.
+ OK djm@, millert@, and moritz@.
+
+20070219
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2007/01/10 13:23:22
+ [ssh_config.5]
+ do not use a list for SYNOPSIS;
+ this is actually part of a larger report sent by eric s. raymond
+ and forwarded by brad, but i only read half of it. spotted by brad.
+ - jmc@cvs.openbsd.org 2007/01/12 20:20:41
[ssh-keygen.1 ssh-keygen.c]
- better docu for fingerprinting, ok deraadt@
- - markus@cvs.openbsd.org 2001/10/29 19:27:15
- [sshconnect2.c]
- hostbased: check for client hostkey before building chost
- - markus@cvs.openbsd.org 2001/10/30 20:29:09
- [ssh.1]
- ssh.1
- - markus@cvs.openbsd.org 2001/11/07 16:03:17
- [packet.c packet.h sshconnect2.c]
- pad using the padding field from the ssh2 packet instead of sending
- extra ignore messages. tested against several other ssh servers.
- - markus@cvs.openbsd.org 2001/11/07 21:40:21
- [ssh-rsa.c]
- ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
- - markus@cvs.openbsd.org 2001/11/07 22:10:28
- [ssh-dss.c ssh-rsa.c]
- missing free and sync dss/rsa code.
- - markus@cvs.openbsd.org 2001/11/07 22:12:01
- [sshd.8]
- s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
- - markus@cvs.openbsd.org 2001/11/07 22:41:51
- [auth2.c auth-rh-rsa.c]
- unused includes
- - markus@cvs.openbsd.org 2001/11/07 22:53:21
- [channels.h]
- crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
- - markus@cvs.openbsd.org 2001/11/08 10:51:08
- [readpass.c]
- don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
- - markus@cvs.openbsd.org 2001/11/08 17:49:53
+ more secsh -> rfc 4716 updates;
+ spotted by wiz@netbsd
+ ok markus
+ - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
+ [readconf.c]
+ Honour activep for times (eg ServerAliveInterval) while parsing
+ ssh_config and ~/.ssh/config so they work properly with Host directives.
+ From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
+ - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
+ [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
+ spaces
+ - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
+ [readconf.c]
+ spaces
+ - djm@cvs.openbsd.org 2007/01/22 11:32:50
+ [sftp-client.c]
+ return error from do_upload() when a write fails. fixes bz#1252: zero
+ exit status from sftp when uploading to a full device. report from
+ jirkat AT atlas.cz; ok dtucker@
+ - djm@cvs.openbsd.org 2007/01/22 13:06:21
+ [scp.c]
+ fix detection of whether we should show progress meter or not: scp
+ tested isatty(stderr) but wrote the progress meter to stdout. This patch
+ makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
+ of dtucker@
+ - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
+ [bufbn.c]
+ typos in comments; ok jmc@
+ - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
+ [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
+ Teach Match how handle config directives that are used before
+ authentication. This allows configurations such as permitting password
+ authentication from the local net only while requiring pubkey from
+ offsite. ok djm@, man page bits ok jmc@
+ - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
+ platforms don't have it. Patch from dleonard at vintela.com.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
+ an array for signatures when there are none since "calloc(0, n) returns
+ NULL on some platforms (eg Tru64), which is explicitly permitted by
+ POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
+
+20070128
+ - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
+ when closing a tty session when a background process still holds tty
+ fds open. Great detective work and patch by Marc Aurele La France,
+ slightly tweaked by me; ok dtucker@
+
+20070123
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
+ library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
+ so it works properly and modify its callers so that they don't pre or
+ post decrement arguments that are conditionally evaluated. While there,
+ put SNPRINTF_CONST back as it prevents build failures in some
+ configurations. ok djm@ (for most of it)
+
+20070122
+ - (djm) [ssh-rand-helper.8] manpage nits;
+ from dleonard AT vintela.com (bz#1529)
+
+20070117
+ - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
+ and multiple including it causes problems on old IRIXes. (It snuck back
+ in during a sync.) Found (again) by Georg Schwarz.
+
+20070114
+ - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
+ - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
+ value of snprintf replacement, similar to bugs in various libc
+ implementations. This overflow is not exploitable in OpenSSH.
+ While I'm fiddling with it, make it a fair bit faster by inlining the
+ append-char routine; ok dtucker@
+
+20070105
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
+ [ssh-keygen.c]
+ use argc and argv not some made up short form
+ - ray@cvs.openbsd.org 2006/11/23 01:35:11
+ [misc.c sftp.c]
+ Don't access buf[strlen(buf) - 1] for zero-length strings.
+ ``ok by me'' djm@.
+ - markus@cvs.openbsd.org 2006/12/11 21:25:46
+ [ssh-keygen.1 ssh.1]
+ add rfc 4716 (public key format); ok jmc
+ - djm@cvs.openbsd.org 2006/12/12 03:58:42
+ [channels.c compat.c compat.h]
+ bz #1019: some ssh.com versions apparently can't cope with the
+ remote port forwarding bind_address being a hostname, so send
+ them an address for cases where they are not explicitly
+ specified (wildcard or localhost bind). reported by daveroth AT
+ acm.org; ok dtucker@ deraadt@
+ - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
+ [servconf.c]
+ Make PermitOpen work with multiple values like the man pages says.
+ bz #1267 with details from peter at dmtz.com, with & ok djm@
+ - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
+ [servconf.c]
+ Make "PermitOpen all" first-match within a block to match the way other
+ options work. ok markus@ djm@
+ - jmc@cvs.openbsd.org 2007/01/02 09:57:25
+ [sshd_config.5]
+ do not use lists for SYNOPSIS;
+ from eric s. raymond via brad
+ - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
+ [ssh-keygen.c]
+ remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
+ - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
+ [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
+ spaces
+ - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
+ [sftp.c]
+ ARGSUSED for lint
+ - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
+ [sftp-server.c]
+ spaces
+
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
+ occur if the server did not have the privsep user and an invalid user
+ tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+ - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
+
+20061108
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2006/11/07 13:02:07
+ [dh.c]
+ BN_hex2bn returns int; from dtucker@
+
+20061107
+ - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
+ if we absolutely need it. Pointed out by Corinna, ok djm@
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2006/11/06 21:25:28
+ [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
+ ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
+ add missing checks for openssl return codes; with & ok djm@
+ - markus@cvs.openbsd.org 2006/11/07 10:31:31
+ [monitor.c version.h]
+ correctly check for bad signatures in the monitor, otherwise the monitor
+ and the unpriv process can get out of sync. with dtucker@, ok djm@,
+ dtucker@
+ - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
+ versions.
+ - (dtucker) Release 4.5p1.
+
+20061105
+ - (djm) OpenBSD CVS Sync
+ - otto@cvs.openbsd.org 2006/10/28 18:08:10
[ssh.1]
- mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@
- - markus@cvs.openbsd.org 2001/11/08 20:02:24
- [auth.c]
- don't print ROOT in CAPS for the authentication messages, i.e.
- Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
- becomes
- Accepted publickey for root from 127.0.0.1 port 42734 ssh2
- - markus@cvs.openbsd.org 2001/11/09 18:59:23
+ correct/expand example of usage of -w; ok jmc@ stevesk@
+ - markus@cvs.openbsd.org 2006/10/31 16:33:12
+ [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
+ check DH_compute_key() for -1 even if it should not happen because of
+ earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
+
+20061101
+ - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
+ events fatal in Solaris process contract support and tell it to signal
+ only processes in the same process group when something happens.
+ Based on information from andrew.benham at thus.net and similar to
+ a patch from Chad Mynhier. ok djm@
+
+20061027
+- (djm) [auth.c] gc some dead code
+
+20061023
+ - (djm) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2006/09/30 17:48:22
+ [sftp.c]
+ Clear errno before calling the strtol functions.
+ From Paul Stoeber <x0001 at x dot de1 dot cc>.
+ OK deraadt@.
+ - djm@cvs.openbsd.org 2006/10/06 02:29:19
+ [ssh-agent.c ssh-keyscan.c ssh.c]
+ sys/resource.h needs sys/time.h; prompted by brad@
+ (NB. Id sync only for portable)
+ - djm@cvs.openbsd.org 2006/10/09 23:36:11
+ [session.c]
+ xmalloc -> xcalloc that was missed previously, from portable
+ (NB. Id sync only for portable, obviously)
+ - markus@cvs.openbsd.org 2006/10/10 10:12:45
+ [sshconnect.c]
+ sleep before retrying (not after) since sleep changes errno; fixes
+ pr 5250; rad@twig.com; ok dtucker djm
+ - markus@cvs.openbsd.org 2006/10/11 12:38:03
[clientloop.c serverloop.c]
- don't memset too much memory, ok millert@
- original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
- - markus@cvs.openbsd.org 2001/11/10 13:19:45
- [sshd.c]
- cleanup libwrap support (remove bogus comment, bogus close(), add
- debug, etc).
- - markus@cvs.openbsd.org 2001/11/10 13:22:42
- [ssh-rsa.c]
- KNF (unexpand)
- - markus@cvs.openbsd.org 2001/11/10 13:37:20
+ exit instead of doing a blocking tcp send if we detect a client/server
+ timeout, since the tcp sendqueue might be already full (of alive
+ requests); ok dtucker, report mpf
+ - djm@cvs.openbsd.org 2006/10/22 02:25:50
+ [sftp-client.c]
+ cancel progress meter when upload write fails; ok deraadt@
+ - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
+ autoconf 2.60 from complaining.
+
+20061018
+ - (dtucker) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2006/09/25 04:55:38
+ [ssh-keyscan.1 ssh.1]
+ Change "a SSH" to "an SSH". Hurray, I'm not the only one who
+ pronounces "SSH" as "ess-ess-aich".
+ OK jmc@ and stevesk@.
+ - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
+ on older versions of OS X. ok djm@
+
+20061016
+ - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
+ on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
+
+20061006
+ - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
+ Differentiate between OpenServer 5 and OpenServer 6
+ - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
+ SELinux functions so they're detected correctly. Patch from pebenito at
+ gentoo.org.
+ - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
+ Allow setting alternate awk in openssh-config.local.
+
+20061003
+ - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
+ section so additional platform specific CHECK_HEADER tests will work
+ correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
+ Feedback and "seems like a good idea" dtucker@
+
+20061001
+ - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.
+
+20060929
+ - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine
+ support. Patch from andrew.benham at thus net.
+
+20060928
+ - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error
+ on Solaris 8 w/out /dev/random or prngd. Patch from rl at
+ math.technion.ac.il.
+
+20060926
+ - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not
+ referenced any more. ok djm@
+ - (dtucker) [sftp-server.8] Resync; spotted by djm@
+ - (dtucker) Release 4.4p1.
+
+20060924
+ - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
+ to rev 1.308) to work around broken gcc 2.x header file.
+
+20060923
+ - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than
+ $LDFLAGS. Patch from vapier at gentoo org.
+
+20060922
+ - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on
+ some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
+
+20060921
+ - (dtucker) OpenBSD CVS Sync
+ - otto@cvs.openbsd.org 2006/09/19 05:52:23
+ [sftp.c]
+ Use S_IS* macros insted of masking with S_IF* flags. The latter may
+ have multiple bits set, which lead to surprising results. Spotted by
+ Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
+ - markus@cvs.openbsd.org 2006/09/19 21:14:08
[packet.c]
- remove extra debug()
- - markus@cvs.openbsd.org 2001/11/11 13:02:31
- [servconf.c]
- make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
- AuthorizedKeysFile is specified.
- - (djm) Reorder portable-specific server options so that they come first.
- This should help reduce diff collisions for new server options (as they
- will appear at the end)
-
-20011109
- - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
- if permit_empty_passwd == 0 so null password check cannot be bypassed.
- jayaraj@amritapuri.com OpenBSD bug 2168
- - markus@cvs.openbsd.org 2001/11/09 19:08:35
- [sshd.c]
- remove extra trailing dot from log message; pilot@naughty.monkey.org
-
-20011103
- - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates
- from Raymund Will <ray@caldera.de>
- [acconfig.h configure.in] Clean up login checks.
- Problem reported by Jim Knoble <jmknoble@pobox.com>
-
-20011101
- - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
-
-20011031
- - (djm) Unsmoke drugs: config files should be noreplace.
-
-20011030
- - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6
- by default (can force IPv4 using --define "noipv6 1")
-
-20011029
- - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
- to configure.ac
-
-20011028
- - (djm) Avoid bug in Solaris PAM libs
- - (djm) Disconnect if no tty and PAM reports password expired
- - (djm) Fix for PAM password changes being echoed (from stevesk)
- - (stevesk) Fix compile problem with PAM password change fix
- - (stevesk) README: zlib location is http://www.gzip.org/zlib/
-
-20011027
- - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)
- Patch by Robert Dahlem <Robert.Dahlem@siemens.com>
-
-20011026
- - (bal) Set the correct current time in login_utmp_only(). Patch by
- Wayne Davison <wayned@users.sourceforge.net>
- - (tim) [scard/Makefile.in] Fix install: when building outside of source
- tree and using --src=/full_path/to/openssh
- Patch by Mark D. Baushke <mdb@juniper.net>
-
-20011025
- - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch
- by todd@
- - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and
- tcp-wrappers precedence over system libraries and includes.
- Report from Dave Dykstra <dwd@bell-labs.com>
-
-20011024
- - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already.
- - (tim) configure.in -> configure.ac
-
-20011023
- - (bal) Updated version to 3.0p1 in preparing for release.
- - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform.
- - (tim) [configure.in] Fix test for broken dirname. Based on patch from
- Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
- [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
- contrib/suse/openssh.spec] Update version to match version.h
-
-20011022
- - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open).
- Report from Michal Zalewski <lcamtuf@coredump.cx>
-
-20011021
- - (tim) [configure.in] Clean up library testing. Add optional PATH to
- --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on
- patch by albert chin (china@thewrittenword.com)
- Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
- of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE
- with AC_CHECK_MEMBERS. Add test for broken dirname() on
- Solaris 2.5.1 by Dan Astoorian <djast@cs.toronto.edu>
- [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test.
- patch by albert chin (china@thewrittenword.com)
- [scp.c] Replace obsolete HAVE_ST_BLKSIZE with
- HAVE_STRUCT_STAT_ST_BLKSIZE.
- [Makefile.in] When running make in top level, always do make
- in openbsd-compat. patch by Dave Dykstra <dwd@bell-labs.com>
-
-20011019
- - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by
- Zoran Milojevic <Zoran.Milojevic@SS8.com> and j.petersen@msh.de
-
-20011012
+ client NULL deref on protocol error; Tavis Ormandy, Google Security Team
+ - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes
+ build error on Ultrix. From Bernhard Simon.
+
+20060918
+ - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
+ macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
+ Allows build out of the box with older VAC and XLC compilers. Found by
+ David Bronder and Bernhard Simon.
+ - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
+ Prevents macro redefinition warnings of "RDONLY".
+
+20060916
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/09/16 19:53:37
+ [deattack.c deattack.h packet.c]
+ limit maximum work performed by the CRC compensation attack detector,
+ problem reported by Tavis Ormandy, Google Security Team;
+ ok markus@ deraadt@
+ - (djm) Add openssh.xml to .cvsignore and sort it
+ - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
+ process so that any logging it does is with the right timezone. From
+ Scott Strickler, ok djm@.
+ - (dtucker) [monitor.c] Correctly handle auditing of single commands when
+ using Protocol 1. From jhb at freebsd.
+ - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
+ - (dtucker) [INSTALL] Add info about audit support.
+
+20060912
+ - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
+ Support SMF in Solaris Packages if enabled by configure. Patch from
+ Chad Mynhier, tested by dtucker@
+
+20060911
+ - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
+ by Pekka Savola.
+
+20060910
+ - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available.
+ - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
+
+20060909
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
+ - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
+ - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@
+
+20060908
+ - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
+ from Chris Adams.
+ - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
+
+20060907
+ - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
+ be used to drop privilege to; fixes Solaris GSSAPI crash reported by
+ Magnus Abrante; suggestion and feedback dtucker@
+ NB. this change will require that the privilege separation user must
+ exist on all the time, not just when UsePrivilegeSeparation=yes
+ - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
+ - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
+ - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
+ chance of winning.
+
+20060905
+ - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
+ - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
+
+20060904
+ - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
+ updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
+ ok djm@
+
+20060903
+ - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
+ declaration of writev(2) and declare it ourselves if necessary. Makes
+ the atomiciov() calls build on really old systems. ok djm@
+
+20060902
+ - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
+ - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
+ openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
+ openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
+ for hton* and ntoh* macros. Required on (at least) HP-UX since we define
+ _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
+
+20060901
+ - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
+ [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
+ [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
+ [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
+ [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
+ [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
+ [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
+ [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
+ [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
+ [sshconnect1.c sshconnect2.c sshd.c]
+ [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
+ [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
+ [openbsd-compat/port-uw.c]
+ Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
+ compile problems reported by rac AT tenzing.org
+ - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
+ [openbsd-compat/rresvport.c] Some more headers: netinet/in.h
+ sys/socket.h and unistd.h in various places
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
+ warnings for binary_open and binary_close. Patch from Corinna Vinschen.
+ - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
+ test for GLOB_NOMATCH and use our glob functions if it's not found.
+ Stops sftp from segfaulting when attempting to get a nonexistent file on
+ Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
+ from and tested by Corinna Vinschen.
+ - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
+ versions.
+
+20060831
+ - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
+ [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
+ [openbsd-compat/port-solaris.h] Add support for Solaris process
+ contracts, enabled with --use-solaris-contracts. Patch from Chad
+ Mynhier, tweaked by dtucker@ and myself; ok dtucker@
+ - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
+ while setting up the ssh service account. Patch from Corinna Vinschen.
+
+20060830
- (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/10/10 22:18:47
- [channels.c channels.h clientloop.c nchan.c serverloop.c]
- [session.c session.h]
- try to keep channels open until an exit-status message is sent.
- don't kill the login shells if the shells stdin/out/err is closed.
- this should now work:
- ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
- - markus@cvs.openbsd.org 2001/10/11 13:45:21
- [session.c]
- delay detach of session if a channel gets closed but the child is
- still alive. however, release pty, since the fd's to the child are
- already closed.
- - markus@cvs.openbsd.org 2001/10/11 15:24:00
- [clientloop.c]
- clear select masks if we return before calling select().
- - (djm) "make veryclean" fix from Tom Holroyd <tomh@po.crl.go.jp>
- - (djm) Clean some autoconf-2.52 junk when doing "make distclean"
- - (djm) Cleanup sshpty.c a little
- - (bal) First wave of contrib/solaris/ package upgrades. Still more
- work needs to be done, but it is a 190% better then the stuff we
- had before!
- - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not
- set right.
-
-20011010
+ - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
+ [sshd_config.5]
+ Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
+ ok jmc@ djm@
+ - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
+ [sshd.8]
+ Add more detail about what permissions are and aren't accepted for
+ authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
+ - djm@cvs.openbsd.org 2006/08/29 10:40:19
+ [channels.c session.c]
+ normalise some inconsistent (but harmless) NULL pointer checks
+ spotted by the Stanford SATURN tool, via Isil Dillig;
+ ok markus@ deraadt@
+ - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
+ [gss-genr.c]
+ Work around a problem in Heimdal that occurs when KRB5CCNAME file is
+ missing, by checking whether or not kerberos allocated us a context
+ before attempting to free it. Patch from Simon Wilkinson, tested by
+ biorn@, ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
+ [sshconnect2.c]
+ Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
+ where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
+ - djm@cvs.openbsd.org 2006/08/30 00:14:37
+ [version.h]
+ crank to 4.4
+ - (djm) [openbsd-compat/xcrypt.c] needs unistd.h
+ - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
+ loginsuccess on AIX immediately after authentication to clear the failed
+ login count. Previously this would only happen when an interactive
+ session starts (ie when a pty is allocated) but this means that accounts
+ that have primarily non-interactive sessions (eg scp's) may gradually
+ accumulate enough failures to lock out an account. This change may have
+ a side effect of creating two audit records, one with a tty of "ssh"
+ corresponding to the authentication and one with the allocated pty per
+ interactive session.
+
+20060824
+ - (dtucker) [openbsd-compat/basename.c] Include errno.h.
+ - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
+ older systems.
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
+ on POSIX systems.
+ - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2).
+ - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc.
+ - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
+ unused variable warning when we have a broken or missing mmap(2).
+
+20060822
+ - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
+ Makefile. Patch from santhi.amirta at gmail, ok djm.
+
+20060820
+ - (dtucker) [log.c] Move ifdef to prevent unused variable warning.
+ - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
+ afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
+ - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
+ fixing bug #1181. No changes yet.
+ - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
+ (0.9.8a and presumably newer) requires -ldl to successfully link.
+ - (dtucker) [configure.ac] Remove errant "-".
+
+20060819
- (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/10/04 14:34:16
- [key.c]
- call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
- - markus@cvs.openbsd.org 2001/10/04 15:05:40
- [channels.c serverloop.c]
- comment out bogus conditions for selecting on connection_in
- - markus@cvs.openbsd.org 2001/10/04 15:12:37
- [serverloop.c]
- client_alive_check cleanup
- - markus@cvs.openbsd.org 2001/10/06 00:14:50
+ - djm@cvs.openbsd.org 2006/08/18 22:41:29
+ [gss-genr.c]
+ GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
+ - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
+ single rule for the test progs.
+
+20060818
+ - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
+ closefrom.c from sudo.
+ - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid.
+ - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error.
+ - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
+ test progs instead; they work better than what we have.
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2006/08/06 01:13:32
+ [compress.c monitor.c monitor_wrap.c]
+ "zlib.h" can be <zlib.h>; ok djm@ markus@
+ - miod@cvs.openbsd.org 2006/08/12 20:46:46
+ [monitor.c monitor_wrap.c]
+ Revert previous include file ordering change, for ssh to compile under
+ gcc2 (or until openssl include files are cleaned of parameter names
+ in function prototypes)
+ - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
+ [servconf.c servconf.h sshd_config.5]
+ Add ability to match groups to Match keyword in sshd_config. Feedback
+ djm@, stevesk@, ok stevesk@.
+ - djm@cvs.openbsd.org 2006/08/16 11:47:15
+ [sshd.c]
+ factor inetd connection, TCP listen and main TCP accept loop out of
+ main() into separate functions to improve readability; ok markus@
+ - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
+ [log.c log.h sshd.c]
+ make signal handler termination path shorter; risky code pointed out by
+ mark dowd; ok djm markus
+ - markus@cvs.openbsd.org 2006/08/18 09:15:20
+ [auth.h session.c sshd.c]
+ delay authentication related cleanups until we're authenticated and
+ all alarms have been cancelled; ok deraadt
+ - djm@cvs.openbsd.org 2006/08/18 10:27:16
+ [misc.h]
+ reorder so prototypes are sorted by the files they refer to; no
+ binary change
+ - djm@cvs.openbsd.org 2006/08/18 13:54:54
+ [gss-genr.c ssh-gss.h sshconnect2.c]
+ bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
+ ok markus@
+ - djm@cvs.openbsd.org 2006/08/18 14:40:34
+ [gss-genr.c ssh-gss.h]
+ constify host argument to match the rest of the GSSAPI functions and
+ unbreak compilation with -Werror
+ - (djm) Disable sigdie() for platforms that cannot safely syslog inside
+ a signal handler (basically all of them, excepting OpenBSD);
+ ok dtucker@
+
+20060817
+ - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
+ Include stdlib.h for malloc and friends.
+ - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
+ for closefrom() on AIX. Pointed out by William Ahern.
+ - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
+ test for closefrom() in compat code.
+
+20060816
+ - (djm) [audit-bsm.c] Sprinkle in some headers
+
+20060815
+ - (dtucker) [LICENCE] Add Reyk to the list for the compat dir.
+
+20060806
+ - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
+ on Solaris 10
+
+20060806
+ - (dtucker) [defines.h] With the includes.h changes we no longer get the
+ name clash on "YES" so we can remove the workaround for it.
+ - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
+ glob.c}] Include stdlib.h for malloc and friends in compat code.
+
+20060805
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
[sshconnect.c]
- remove unused argument
- - markus@cvs.openbsd.org 2001/10/06 00:36:42
- [session.c]
- fix typo in error message, sync with do_exec_nopty
- - markus@cvs.openbsd.org 2001/10/06 11:18:19
- [sshconnect1.c sshconnect2.c sshconnect.c]
- unify hostkey check error messages, simplify prompt.
- - markus@cvs.openbsd.org 2001/10/07 10:29:52
- [authfile.c]
- grammer; Matthew_Clarke@mindlink.bc.ca
- - markus@cvs.openbsd.org 2001/10/07 17:49:40
- [channels.c channels.h]
- avoid possible FD_ISSET overflow for channels established
- during channnel_after_select() (used for dynamic channels).
- - markus@cvs.openbsd.org 2001/10/08 11:48:57
- [channels.c]
- better debug
- - markus@cvs.openbsd.org 2001/10/08 16:15:47
+ disable tunnel forwarding when no strict host key checking
+ and key changed; ok djm@ markus@ dtucker@
+ - stevesk@cvs.openbsd.org 2006/07/25 02:01:34
+ [scard.c]
+ need #include <string.h>
+ - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
+ [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
+ [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
+ move #include <sys/time.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
+ [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
+ [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
+ [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
+ [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
+ [uidswap.c xmalloc.c]
+ move #include <sys/param.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
+ [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
+ [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
+ [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
+ [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
+ [sshconnect1.c sshd.c xmalloc.c]
+ move #include <stdlib.h> out of includes.h
+ - jmc@cvs.openbsd.org 2006/07/27 08:00:50
+ [ssh_config.5]
+ avoid confusing wording in HashKnownHosts:
+ originally spotted by alan amesbury;
+ ok deraadt
+ - jmc@cvs.openbsd.org 2006/07/27 08:00:50
+ [ssh_config.5]
+ avoid confusing wording in HashKnownHosts:
+ originally spotted by alan amesbury;
+ ok deraadt
+ - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
[sshconnect.c]
- use correct family for -b option
- - markus@cvs.openbsd.org 2001/10/08 19:05:05
- [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
- some more IPv4or6 cleanup
- - markus@cvs.openbsd.org 2001/10/09 10:12:08
- [session.c]
- chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
- - markus@cvs.openbsd.org 2001/10/09 19:32:49
- [session.c]
- stat subsystem command before calling do_exec, and return error to client.
- - markus@cvs.openbsd.org 2001/10/09 19:51:18
- [serverloop.c]
- close all channels if the connection to the remote host has been closed,
- should fix sshd's hanging with WCHAN==wait
- - markus@cvs.openbsd.org 2001/10/09 21:59:41
- [channels.c channels.h serverloop.c session.c session.h]
- simplify session close: no more delayed session_close, no more
- blocking wait() calls.
- - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c
- - (bal) seed_init() and seed_rng() required in ssh-keyscan.c
-
-20011007
- - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.
- Prompted by Matthew Vernon <matthew@sel.cam.ac.uk>
-
-20011005
- - (bal) AES works under Cray, no more hack.
-
-20011004
- - (bal) nchan2.ms resync. BSD License applied.
-
-20011003
- - (bal) CVS ID fix up in version.h
- - (bal) OpenBSD CVS Sync:
- - markus@cvs.openbsd.org 2001/09/27 11:58:16
- [compress.c]
- mem leak; chombier@mac.com
- - markus@cvs.openbsd.org 2001/09/27 11:59:37
+ Allow fallback to known_hosts entries without port qualifiers for
+ non-standard ports too, so that all existing known_hosts entries will be
+ recognised. Requested by, feedback and ok markus@
+ - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
+ [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
+ [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
+ [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
+ [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
+ [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
+ [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
+ [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
+ [uuencode.h xmalloc.c]
+ move #include <stdio.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
+ [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
+ clean extra spaces
+ - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
+ [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
+ [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+ [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
+ [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
+ [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
+ [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
+ [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
+ [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
+ [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
+ [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
+ [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
+ [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
+ [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
+ [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
+ [serverloop.c session.c session.h sftp-client.c sftp-common.c]
+ [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
+ [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
+ [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
+ [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
+ [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
+ [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
+ almost entirely get rid of the culture of ".h files that include .h files"
+ ok djm, sort of ok stevesk
+ makes the pain stop in one easy step
+ NB. portable commit contains everything *except* removing includes.h, as
+ that will take a fair bit more work as we move headers that are required
+ for portability workarounds to defines.h. (also, this step wasn't "easy")
+ - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
+ [monitor.c session.c ssh-agent.c]
+ spaces
+ - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c
+ - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
+ remove last traces of bufaux.h - it was merged into buffer.h in the big
+ includes.h commit
+ - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec
+ - (djm) [openbsd-compat/regress/snprintftest.c]
+ [openbsd-compat/regress/strduptest.c] Add missing includes so they pass
+ compilation with "-Wall -Werror"
+ - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
+ [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
+ includes for Linux in
+ - (dtucker) [cleanup.c] Need defines.h for __dead.
+ - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable.
+ - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of
+ #include stdarg.h, needed for log.h.
+ - (dtucker) [entropy.c] Needs unistd.h too.
+ - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc.
+ - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
+ otherwise it is implicitly declared as returning an int.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
+ [auth2-none.c sshd.c monitor_wrap.c]
+ Add headers required to build with KERBEROS5=no. ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
+ [auth-skey.c]
+ Add headers required to build with -DSKEY. ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
+ [monitor_wrap.c auth-skey.c auth2-chall.c]
+ Zap unused variables in -DSKEY code. ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
[packet.c]
- missing called=1; chombier@mac.com
- - markus@cvs.openbsd.org 2001/09/27 15:31:17
- [auth2.c auth2-chall.c sshconnect1.c]
- typos; from solar
- - camield@cvs.openbsd.org 2001/09/27 17:53:24
+ Typo in comment
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
+ on Cygwin.
+ - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa.
+ - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h.
+ - (dtucker) [audit.c audit.h] Repair headers.
+ - (dtucker) [audit-bsm.c] Add additional headers now required.
+
+20060804
+ - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
+ versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
+ rather than just compiling it. Spotted by dlg@.
+
+20060802
+ - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
+
+20060725
+ - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
+
+20060724
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/07/12 13:39:55
+ [sshd_config.5]
+ - new sentence, new line
+ - s/The the/The/
+ - kill a bad comma
+ - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
+ [auth-options.c canohost.c channels.c includes.h readconf.c]
+ [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
+ move #include <netdb.h> out of includes.h; ok djm@
+ - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
+ [includes.h ssh.c ssh-rand-helper.c]
+ move #include <stddef.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
+ [monitor_wrap.h]
+ don't need incompletely-typed 'struct passwd' now with
+ #include <pwd.h>; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
+ [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
+ [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
+ [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
+ [sshconnect.c sshlogin.c sshpty.c uidswap.c]
+ move #include <unistd.h> out of includes.h
+ - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
+ [auth-options.c]
+ Use '\0' rather than 0 to terminates strings; ok djm@
+ - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
+ [channels.c channels.h servconf.c sshd_config.5]
+ Add PermitOpen directive to sshd_config which is equivalent to the
+ "permitopen" key option. Allows server admin to allow TCP port
+ forwarding only two specific host/port pairs. Useful when combined
+ with Match.
+ If permitopen is used in both sshd_config and a key option, both
+ must allow a given connection before it will be permitted.
+ Note that users can still use external forwarders such as netcat,
+ so to be those must be controlled too for the limits to be effective.
+ Feedback & ok djm@, man page corrections & ok jmc@.
+ - jmc@cvs.openbsd.org 2006/07/18 07:50:40
+ [sshd_config.5]
+ tweak; ok dtucker
+ - jmc@cvs.openbsd.org 2006/07/18 07:56:28
+ [scp.1]
+ replace DIAGNOSTICS with .Ex;
+ - jmc@cvs.openbsd.org 2006/07/18 08:03:09
+ [ssh-agent.1 sshd_config.5]
+ mark up angle brackets;
+ - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
+ [sshd_config.5]
+ Clarify description of Match, with minor correction from jmc@
+ - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
+ [dh.c]
+ remove unneeded includes; ok djm@
+ - dtucker@cvs.openbsd.org 2006/07/19 08:56:41
+ [servconf.c sshd_config.5]
+ Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
+ Match. ok djm@
+ - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
+ [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
+ Add ForceCommand keyword to sshd_config, equivalent to the "command="
+ key option, man page entry and example in sshd_config.
+ Feedback & ok djm@, man page corrections & ok jmc@
+ - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
+ [auth1.c serverloop.c session.c sshconnect2.c]
+ missed some needed #include <unistd.h> when KERBEROS5=no; issue from
+ massimo@cedoc.mo.it
+ - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
+ [channels.c channels.h servconf.c servconf.h sshd_config.5]
+ Make PermitOpen take a list of permitted ports and act more like most
+ other keywords (ie the first match is the effective setting). This
+ also makes it easier to override a previously set PermitOpen. ok djm@
+ - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
+ [channels.c]
+ more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
+ - stevesk@cvs.openbsd.org 2006/07/21 21:26:55
+ [progressmeter.c]
+ ARGSUSED for signal handler
+ - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
+ [includes.h moduli.c progressmeter.c scp.c sftp-common.c]
+ [sftp-server.c ssh-agent.c sshlogin.c]
+ move #include <time.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
+ [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
+ [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
+ [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
+ [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
+ [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
+ [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
+ [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
+ [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
+ [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
+ [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
+ [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
+ [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
+ [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
+ move #include <string.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
+ [auth.h dispatch.c kex.h sftp-client.c]
+ #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
+ move
+ - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
+ [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
+ [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
+ [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
+ [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
+ [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
+ [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
+ [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
+ [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
+ [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
+ make the portable tree compile again - sprinkle unistd.h and string.h
+ back in. Don't redefine __unused, as it turned out to be used in
+ headers on Linux, and replace its use in auth-pam.c with ARGSUSED
+ - (djm) [openbsd-compat/glob.c]
+ Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
+ on OpenBSD (or other platforms with a decent glob implementation) with
+ -Werror
+ - (djm) [uuencode.c]
+ Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
+ some platforms
+ - (djm) [session.c]
+ fix compile error with -Werror -Wall: 'path' is only used in
+ do_setup_env() if HAVE_LOGIN_CAP is not defined
+ - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
+ [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
+ [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
+ [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
+ [openbsd-compat/rresvport.c]
+ These look to need string.h and/or unistd.h (based on a grep for function
+ names)
+ - (djm) [Makefile.in]
+ Remove generated openbsd-compat/regress/Makefile in distclean target
+ - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
+ [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
+ Sync regress tests to -current; include dtucker@'s new cfgmatch and
+ forcecommand tests. Add cipher-speed.sh test (not linked in yet)
+ - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
+ system headers before defines.h will cause conflicting definitions.
+ - (dtucker) [regress/forcecommand.sh] Portablize.
+
+20060713
+ - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
+
+20060712
+ - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and
+ O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old
+ Linuxes and probably more.
+ - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
+ for SHUT_RD.
+ - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
+ <netinet/ip.h>.
+ - (dtucker) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
+ [sftp-glob.c sftp-common.h sftp.c]
+ buffer.h only needed in sftp-common.h and remove some unneeded
+ user includes; ok djm@
+ - jmc@cvs.openbsd.org 2006/07/10 16:04:21
[sshd.8]
- don't talk about compile-time options
+ s/and and/and/
+ - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
+ [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
+ auth.c packet.c log.c]
+ move #include <stdarg.h> out of includes.h; ok markus@
+ - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
+ [ssh.c]
+ Only copy the part of environment variable that we actually use. Prevents
+ ssh bailing when SendEnv is used and an environment variable with a really
+ long value exists. ok djm@
+ - markus@cvs.openbsd.org 2006/07/11 18:50:48
+ [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
+ channels.h readconf.c]
+ add ExitOnForwardFailure: terminate the connection if ssh(1)
+ cannot set up all requested dynamic, local, and remote port
+ forwardings. ok djm, dtucker, stevesk, jmc
+ - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
+ [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
+ sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
+ includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
+ sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
+ ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
+ move #include <errno.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
+ [ssh.c]
+ cast asterisk field precision argument to int to remove warning;
ok markus@
- - djm@cvs.openbsd.org 2001/09/28 12:07:09
+ - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
+ [authfile.c ssh.c]
+ need <errno.h> here also (it's also included in <openssl/err.h>)
+ - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
+ [sshd.c servconf.h servconf.c sshd_config.5 auth.c]
+ Add support for conditional directives to sshd_config via a "Match"
+ keyword, which works similarly to the "Host" directive in ssh_config.
+ Lines after a Match line override the default set in the main section
+ if the condition on the Match line is true, eg
+ AllowTcpForwarding yes
+ Match User anoncvs
+ AllowTcpForwarding no
+ will allow port forwarding by all users except "anoncvs".
+ Currently only a very small subset of directives are supported.
+ ok djm@
+ - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
+ openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
+ openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
+ - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
+ - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
+ - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
+ - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
+ openbsd-compat/rresvport.c] More errno.h.
+
+20060711
+ - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
+ openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
+ include paths.h. Fixes build error on Solaris.
+ - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
+ others).
+
+20060710
+ - (dtucker) [INSTALL] New autoconf version: 2.60.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/06/14 10:50:42
+ [sshconnect.c]
+ limit the number of pre-banner characters we will accept; ok markus@
+ - djm@cvs.openbsd.org 2006/06/26 10:36:15
+ [clientloop.c]
+ mention optional bind_address in runtime port forwarding setup
+ command-line help. patch from santhi.amirta AT gmail.com
+ - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
+ [ssh.1 ssh.c ssh_config.5 sshd_config.5]
+ more details and clarity for tun(4) device forwarding; ok and help
+ jmc@
+ - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
+ [gss-serv-krb5.c gss-serv.c]
+ no "servconf.h" needed here
+ (gss-serv-krb5.c change not applied, portable needs the server options)
+ - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
+ [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
+ move #include <grp.h> out of includes.h
+ (portable needed uidswap.c too)
+ - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
+ [clientloop.c ssh.1]
+ use -KR[bind_address:]port here; ok djm@
+ - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
+ [includes.h ssh.c sshconnect.c sshd.c]
+ move #include "version.h" out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
+ [channels.c includes.h]
+ move #include <arpa/inet.h> out of includes.h; old ok djm@
+ (portable needed session.c too)
+ - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
+ [canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
+ [serverloop.c sshconnect.c uuencode.c]
+ move #include <netinet/in.h> out of includes.h; ok deraadt@
+ (also ssh-rand-helper.c logintest.c loginrec.c)
+ - djm@cvs.openbsd.org 2006/07/06 10:47:05
+ [servconf.c servconf.h session.c sshd_config.5]
+ support arguments to Subsystem commands; ok markus@
+ - djm@cvs.openbsd.org 2006/07/06 10:47:57
+ [sftp-server.8 sftp-server.c]
+ add commandline options to enable logging of transactions; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
+ [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
+ [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
+ [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
+ [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
+ [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
+ [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
+ [uidswap.h]
+ move #include <pwd.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
[ssh-keygen.c]
- bzero private key after loading to smartcard; ok markus@
- - markus@cvs.openbsd.org 2001/09/28 15:46:29
- [ssh.c]
- bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
- - markus@cvs.openbsd.org 2001/10/01 08:06:28
+ move #include "dns.h" up
+ - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
+ [monitor_wrap.h]
+ typo in comment
+ - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
+ [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
+ [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
+ [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
+ move #include <sys/socket.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
+ [monitor.c session.c]
+ missed these from last commit:
+ move #include <sys/socket.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
+ [log.c]
+ move user includes after /usr/include files
+ - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
+ [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
+ [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
+ [sshlogin.c sshpty.c]
+ move #include <fcntl.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
+ [ssh-add.c]
+ use O_RDONLY vs. 0 in open(); no binary change
+ - djm@cvs.openbsd.org 2006/07/10 11:24:54
+ [sftp-server.c]
+ remove optind - it isn't used here
+ - djm@cvs.openbsd.org 2006/07/10 11:25:53
+ [sftp-server.c]
+ don't log variables that aren't yet set
+ - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
+ [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
+ [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
+ [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/07/10 12:03:20
[scp.c]
- skip filenames containing \n; report jdamery@chiark.greenend.org.uk
- and matthew@debian.org
- - markus@cvs.openbsd.org 2001/10/01 21:38:53
- [channels.c channels.h ssh.c sshd.c]
- remove ugliness; vp@drexel.edu via angelos
- - markus@cvs.openbsd.org 2001/10/01 21:51:16
- [readconf.c readconf.h ssh.1 sshconnect.c]
- add NoHostAuthenticationForLocalhost; note that the hostkey is
- now check for localhost, too.
- - djm@cvs.openbsd.org 2001/10/02 08:38:50
+ duplicate argv at the start of main() because it gets modified later;
+ pointed out by deraadt@ ok markus@
+ - djm@cvs.openbsd.org 2006/07/10 12:08:08
+ [channels.c]
+ fix misparsing of SOCKS 5 packets that could result in a crash;
+ reported by mk@ ok markus@
+ - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
+ [misc.c misc.h sshd.8 sshconnect.c]
+ Add port identifier to known_hosts for non-default ports, based originally
+ on a patch from Devin Nate in bz#910.
+ For any connection using the default port or using a HostKeyAlias the
+ format is unchanged, otherwise the host name or address is enclosed
+ within square brackets in the same format as sshd's ListenAddress.
+ Tested by many, ok markus@.
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
+ for struct sockaddr on platforms that use the fake-rfc stuff.
+
+20060706
+ - (dtucker) [configure.ac] Try AIX blibpath test in different order when
+ compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
+ configure would not select the correct libpath linker flags.
+ - (dtucker) [INSTALL] A bit more info on autoconf.
+
+20060705
+ - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
+ target already exists.
+
+20060630
+ - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
+ declaration too. Patch from russ at sludge.net.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
+ prevents warnings on platforms where _res is in the system headers.
+ - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
+ version.
+
+20060627
+ - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
+ with autoconf 2.60. Patch from vapier at gentoo.org.
+
+20060625
+ - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
+ only, otherwise sshd can hang exiting non-interactive sessions.
+
+20060624
+ - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
+ Works around limitation in Solaris' passwd program for changing passwords
+ where the username is longer than 8 characters. ok djm@
+ - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
+ #1102 workaround.
+
+20060623
+ - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
+ tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
+ from reyk@, tested by anil@
+ - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
+ 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
+ on the pty slave as zero-length reads on the pty master, which sshd
+ interprets as the descriptor closing. Since most things don't do zero
+ length writes this rarely matters, but occasionally it happens, and when
+ it does the SSH pty session appears to hang, so we add a special case for
+ this condition. ok djm@
+
+20060613
+ - (djm) [getput.h] This file has been replaced by functions in misc.c
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/05/08 10:49:48
+ [sshconnect2.c]
+ uint32_t -> u_int32_t (which we use everywhere else)
+ (Id sync only - portable already had this)
+ - markus@cvs.openbsd.org 2006/05/16 09:00:00
+ [clientloop.c]
+ missing free; from Kylene Hall
+ - markus@cvs.openbsd.org 2006/05/17 12:43:34
+ [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+ fix leak; coverity via Kylene Jo Hall
+ - miod@cvs.openbsd.org 2006/05/18 21:27:25
+ [kexdhc.c kexgexc.c]
+ paramter -> parameter
+ - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
+ [ssh_config.5]
+ Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
+ - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
+ [ssh_config]
+ Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in
+ sample ssh_config. ok markus@
+ - jmc@cvs.openbsd.org 2006/05/29 16:10:03
+ [ssh_config.5]
+ oops - previous was too long; split the list of auths up
+ - mk@cvs.openbsd.org 2006/05/30 11:46:38
+ [ssh-add.c]
+ Sync usage() with man page and reality.
+ ok deraadt dtucker
+ - jmc@cvs.openbsd.org 2006/05/29 16:13:23
+ [ssh.1]
+ add GSSAPI to the list of authentication methods supported;
+ - mk@cvs.openbsd.org 2006/05/30 11:46:38
[ssh-add.c]
- return non-zero exit code on error; ok markus@
- - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
+ Sync usage() with man page and reality.
+ ok deraadt dtucker
+ - markus@cvs.openbsd.org 2006/06/01 09:21:48
[sshd.c]
- #include "channels.h" for channel_set_af()
- - markus@cvs.openbsd.org 2001/10/03 10:01:20
- [auth.c]
- use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
-
-20011001
- - (stevesk) loginrec.c: fix type conversion problems exposed when using
- 64-bit off_t.
-
-20010929
- - (bal) move reading 'config.h' up higher. Patch by albert chin
- <china@thewrittenword.com)
-
-20010928
- - (djm) OpenBSD CVS sync:
- - djm@cvs.openbsd.org 2001/09/28 09:49:31
- [scard.c]
- Fix segv when smartcard communication error occurs during key load.
- ok markus@
- - (djm) Update spec files for new x11-askpass
-
-20010927
- - (stevesk) session.c: declare do_pre_login() before use
- wayned@users.sourceforge.net
-
-20010925
- - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
- - (djm) Sync $sysconfdir/moduli
- - (djm) Add AC_SYS_LARGEFILE configure test
- - (djm) Avoid bad and unportable sprintf usage in compat code
-
-20010923
- - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
- by stevesk@
- - (bal) Removed 'extern int optopt;' since it is dead wood.
- - (bal) Updated all *.specs for 2.9.9p1 and updated version.h
-
-20010923
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/09/23 11:09:13
- [authfile.c]
- relax permission check for private key files.
- - markus@cvs.openbsd.org 2001/09/23 09:58:13
- [LICENCE]
- new rijndael implementation
-
-20010920
- - (tim) [scard/Makefile.in] Don't strip the Java binary
- - (stevesk) sun_len, SUN_LEN() configure stuff no longer required
- - (bal) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
- [sshd.8]
- fix ClientAliveCountMax
- - markus@cvs.openbsd.org 2001/09/20 13:46:48
- [auth2.c]
- key_read returns now -1 or 1
- - markus@cvs.openbsd.org 2001/09/20 13:50:40
- [compat.c compat.h ssh.c]
- bug compat: request a dummy channel for -N (no shell) sessions +
- cleanup; vinschen@redhat.com
- - mouring@cvs.openbsd.org 2001/09/20 20:57:51
- [sshd_config]
- CheckMail removed. OKed stevesk@
-
-20010919
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/09/19 10:08:51
- [sshd.8]
- command=xxx applies to subsystem now, too
- - markus@cvs.openbsd.org 2001/09/19 13:23:29
- [key.c]
- key_read() now returns -1 on type mismatch, too
- - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
- [readconf.c readconf.h scp.c sftp.c ssh.1]
- add ClearAllForwardings ssh option and set it in scp and sftp; ok
- markus@
- - stevesk@cvs.openbsd.org 2001/09/19 19:35:30
- [authfd.c]
- use sizeof addr vs. SUN_LEN(addr) for sockaddr_un. Stevens
- blesses this and we do it this way elsewhere. this helps in
- portable because not all systems have SUN_LEN() and
- sockaddr_un.sun_len. ok markus@
- - stevesk@cvs.openbsd.org 2001/09/19 21:04:53
- [sshd.8]
- missing -t in usage
- - stevesk@cvs.openbsd.org 2001/09/19 21:41:57
- [sshd.8]
- don't advertise -V in usage; ok markus@
- - (bal) openbsd-compat/vis.[ch] is dead wood. Removed.
-
-20010918
- - (djm) Configure support for smartcards. Based on Ben's work.
- - (djm) Revert setgroups call, it causes problems on OS-X
- - (djm) Avoid warning on BSDgetopt
- - (djm) More makefile infrastructre for smartcard support, also based
- on Ben's work
- - (djm) Specify --datadir in RPM spec files so smartcard applet gets
- put somewhere sane. Add Ssh.bin to manifest.
- - (djm) Make smartcard support conditional in Redhat RPM spec
- - (bal) LICENCE update. Has not been done in a while.
- - (stevesk) nchan.c: we use X/Open Sockets on HP-UX now so shutdown(2)
- returns ENOTCONN vs. EINVAL for socket not connected; remove EINVAL
- check. ok Lutz Jaenicke
- - (bal) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/09/17 17:57:57
- [scp.1 scp.c sftp.1 sftp.c]
- add -Fssh_config option; ok markus@
- - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
- [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
- u_char*/char* cleanup; ok markus
- - markus@cvs.openbsd.org 2001/09/17 20:22:14
- [scard.c]
- never keep a connection to the smartcard open.
- allows ssh-keygen -D U while the agent is running; report from
- jakob@
- - stevesk@cvs.openbsd.org 2001/09/17 20:38:09
- [sftp.1 sftp.c]
- cleanup and document -1, -s and -S; ok markus@
- - markus@cvs.openbsd.org 2001/09/17 20:50:22
- [key.c ssh-keygen.c]
- better error handling if you try to export a bad key to ssh.com
- - markus@cvs.openbsd.org 2001/09/17 20:52:47
- [channels.c channels.h clientloop.c]
- try to fix agent-forwarding-backconnection-bug, as seen on HPUX,
- for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
- - markus@cvs.openbsd.org 2001/09/17 21:04:02
- [channels.c serverloop.c]
- don't send fake dummy packets on CR (\r)
- bugreport from yyua@cs.sfu.ca via solar@@openwall.com
- - markus@cvs.openbsd.org 2001/09/17 21:09:47
- [compat.c]
- more versions suffering the SSH_BUG_DEBUG bug;
- 3.0.x reported by dbutts@maddog.storability.com
- - stevesk@cvs.openbsd.org 2001/09/17 23:56:07
- [scp.1]
- missing -B in usage string
-
-20010917
- - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
- - (tim) [includes.h openbsd-compat/getopt.c openbsd-compat/getopt.h]
- rename getopt() to BSDgetopt() to keep form conflicting with
- system getopt().
- [Makefile.in configure.in] disable filepriv until I can add
- missing procpriv calls.
-
-20010916
- - (djm) Workaround XFree breakage in RPM spec file
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/09/16 14:46:54
- [session.c]
- calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
- pr 1943b
-
-20010915
- - (djm) Make do_pre_login static to avoid prototype #ifdef hell
- - (djm) Sync scard/ stuff
- - (djm) Redhat spec file cleanups from Pekka Savola <pekkas@netcore.fi> and
- Redhat
- - (djm) Redhat initscript config sanity checking from Pekka Savola
- <pekkas@netcore.fi>
- - (djm) Clear supplemental groups at sshd start to prevent them from
- being propogated to random PAM modules. Based on patch from Redhat via
- Pekka Savola <pekkas@netcore.fi>
- - (djm) Make sure rijndael.c picks config.h
- - (djm) Ensure that u_char gets defined
-
-20010914
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/09/13
- [rijndael.c rijndael.h]
- missing $OpenBSD
- - markus@cvs.openbsd.org 2001/09/14
- [session.c]
- command=xxx overwrites subsystems, too
- - markus@cvs.openbsd.org 2001/09/14
- [sshd.c]
- typo
-
-20010913
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/08/23 11:31:59
- [cipher.c cipher.h]
- switch to the optimised AES reference code from
- http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
-
-20010912
- - (bal) OpenBSD CVS Sync
- - jakob@cvs.openbsd.org 2001/08/16 19:18:34
- [servconf.c servconf.h session.c sshd.8]
- deprecate CheckMail. ok markus@
- - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
- [ssh.1 sshd.8]
- document case sensitivity for ssh, sshd and key file
- options and arguments; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/17 18:59:47
- [servconf.h]
- typo in comment
- - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
- [ssh.1 sshd.8]
- minor typos and cleanup
- - stevesk@cvs.openbsd.org 2001/08/22 16:21:21
- [ssh.1]
- hostname not optional; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
- [sshd.8]
- no rexd; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/22 17:45:16
- [ssh.1]
- document cipher des for protocol 1; ok deraadt@
- - camield@cvs.openbsd.org 2001/08/23 17:59:31
- [sshd.c]
- end request with 0, not NULL
- ok markus@
- - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
- [ssh-agent.1]
- fix usage; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/23 18:08:59
- [ssh-add.1 ssh-keyscan.1]
- minor cleanup
- - danh@cvs.openbsd.org 2001/08/27 22:02:13
- [ssh-keyscan.c]
- fix memory fault if non-existent filename is given to the -f option
- ok markus@
- - markus@cvs.openbsd.org 2001/08/28 09:51:26
- [readconf.c]
- don't set DynamicForward unless Host matches
- - markus@cvs.openbsd.org 2001/08/28 15:39:48
- [ssh.1 ssh.c]
- allow: ssh -F configfile host
- - markus@cvs.openbsd.org 2001/08/29 20:44:03
- [scp.c]
- clear the malloc'd buffer, otherwise source() will leak malloc'd
- memory; ok theo@
- - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
- [sshd.8]
- add text about -u0 preventing DNS requests; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
- [ssh.1 ssh.c]
- document -D and DynamicForward; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
- [ssh.c]
- validate ports for -L/-R; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
- [ssh.1 sshd.8]
- additional documentation for GatewayPorts; ok markus@
- - naddy@cvs.openbsd.org 2001/08/30 15:42:36
- [ssh.1]
- add -D to synopsis line; ok markus@
- - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
- [readconf.c ssh.1]
- validate ports for LocalForward/RemoteForward.
- add host/port alternative syntax for IPv6 (like -L/-R).
- ok markus@
- - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
- [auth-options.c sshd.8]
- validate ports for permitopen key file option. add host/port
- alternative syntax for IPv6. ok markus@
- - markus@cvs.openbsd.org 2001/08/30 22:22:32
- [ssh-keyscan.c]
- do not pass pointers to longjmp; fix from wayne@blorf.net
- - markus@cvs.openbsd.org 2001/08/31 11:46:39
- [sshconnect2.c]
- disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST
- messages
- - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
- [readconf.c readconf.h ssh.c]
- fatal() for nonexistent -Fssh_config. ok markus@
- - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
- [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
- avoid first person in manual pages
- - stevesk@cvs.openbsd.org 2001/09/12 18:18:25
- [scp.c]
- don't forward agent for non third-party copies; ok markus@
-
-20010815
- - (bal) Fixed stray code in readconf.c that went in by mistake.
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/08/07 10:37:46
- [authfd.c authfd.h]
- extended failure messages from galb@vandyke.com
- - deraadt@cvs.openbsd.org 2001/08/08 07:16:58
- [scp.1]
- when describing the -o option, give -o Protocol=1 as the specific example
- since we are SICK AND TIRED of clueless people who cannot have difficulty
- thinking on their own.
- - markus@cvs.openbsd.org 2001/08/08 18:20:15
- [uidswap.c]
- permanently_set_uid is a noop if user is not privilegued;
- fixes bug on solaris; from sbi@uchicago.edu
- - markus@cvs.openbsd.org 2001/08/08 21:34:19
- [uidswap.c]
- undo last change; does not work for sshd
- - jakob@cvs.openbsd.org 2001/08/11 22:51:27
- [ssh.c tildexpand.c]
- fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>.
- ok markus@
- - stevesk@cvs.openbsd.org 2001/08/13 23:38:54
- [scp.c]
- don't need main prototype (also sync with rcp); ok markus@
- - markus@cvs.openbsd.org 2001/08/14 09:23:02
- [sftp.1 sftp-int.c]
- "bye"; hk63a@netscape.net
- - stevesk@cvs.openbsd.org 2001/08/14 17:54:29
- [scp.1 sftp.1 ssh.1]
- consistent documentation and example of ``-o ssh_option'' for sftp and
- scp; document keyword=argument for ssh.
- - (bal) QNX resync. OK tim@
-
-20010814
- - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup
- for some #ifdef _CRAY code; ok wendyp@cray.com
- - (stevesk) sshpty.c: return 0 on error in cray pty code;
- ok wendyp@cray.com
- - (stevesk) bsd-cray.c: utmp strings are not C strings
- - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com
-
-20010812
- - (djm) Fix detection of long long int support. Based on patch from
- Michael Stone <mstone@cs.loyola.edu>. ok stevesk, tim
-
-20010808
- - (bal) Minor correction to inet_ntop.h. _BSD_RRESVPORT_H should be
- _BSD_INET_NTOP_H. Pointed out by Mark Miller <markm@swoon.net>
-
-20010807
- - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in
- openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
- in. Needed for sshconnect.c
- [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
- [configure.in] make tests with missing libraries fail
- patch by Wendy Palm <wendyp@cray.com>
- Added openbsd-compat/bsd-cray.h. Selective patches from
- William L. Jones <jones@mail.utexas.edu>
-
-20010806
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/07/22 21:32:27
- [sshpty.c]
- update comment
- - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42
- [ssh.1]
- There is no option "Compress", point to "Compression" instead; ok
- markus
- - markus@cvs.openbsd.org 2001/07/22 22:04:19
- [readconf.c ssh.1]
- enable challenge-response auth by default; ok millert@
- - markus@cvs.openbsd.org 2001/07/22 22:24:16
- [sshd.8]
- Xr login.conf
- - markus@cvs.openbsd.org 2001/07/23 09:06:28
- [sshconnect2.c]
- reorder default sequence of userauth methods to match ssh behaviour:
- hostbased,publickey,keyboard-interactive,password
- - markus@cvs.openbsd.org 2001/07/23 12:47:05
- [ssh.1]
- sync PreferredAuthentications
- - aaron@cvs.openbsd.org 2001/07/23 14:14:18
- [ssh-keygen.1]
- Fix typo.
- - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
- [auth2.c auth-rsa.c]
- use %lu; ok markus@
- - stevesk@cvs.openbsd.org 2001/07/23 18:21:46
- [xmalloc.c]
- no zero size xstrdup() error; ok markus@
- - markus@cvs.openbsd.org 2001/07/25 11:59:35
- [scard.c]
- typo in comment
- - markus@cvs.openbsd.org 2001/07/25 14:35:18
- [readconf.c ssh.1 ssh.c sshconnect.c]
- cleanup connect(); connection_attempts 4 -> 1; from
- eivind@freebsd.org
- - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
- [sshd.8 sshd.c]
- add -t option to test configuration file and keys; pekkas@netcore.fi
- ok markus@
- - rees@cvs.openbsd.org 2001/07/26 20:04:27
- [scard.c ssh-keygen.c]
- Inquire Cyberflex class for 0xf0 cards
- change aid to conform to 7816-5
- remove gratuitous fid selects
- - millert@cvs.openbsd.org 2001/07/27 14:50:45
- [ssh.c]
- If smart card support is compiled in and a smart card is being used
- for authentication, make it the first method used. markus@ OK
- - deraadt@cvs.openbsd.org 2001/07/27 17:26:16
- [scp.c]
- shorten lines
- - markus@cvs.openbsd.org 2001/07/28 09:21:15
- [sshd.8]
- cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
- - mouring@cvs.openbsd.org 2001/07/29 17:02:46
- [scp.1]
- Clarified -o option in scp.1 OKed by Markus@
- - jakob@cvs.openbsd.org 2001/07/30 16:06:07
- [scard.c scard.h]
- better errorcodes from sc_*; ok markus@
- - stevesk@cvs.openbsd.org 2001/07/30 16:23:30
- [rijndael.c rijndael.h]
- new BSD-style license:
- Brian Gladman <brg@gladman.plus.com>:
- >I have updated my code at:
- >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
- >with a copyright notice as follows:
- >[...]
- >I am not sure which version of my old code you are using but I am
- >happy for the notice above to be substituted for my existing copyright
- >intent if this meets your purpose.
- - jakob@cvs.openbsd.org 2001/07/31 08:41:10
- [scard.c]
- do not complain about missing smartcards. ok markus@
- - jakob@cvs.openbsd.org 2001/07/31 09:28:44
- [readconf.c readconf.h ssh.1 ssh.c]
- add 'SmartcardDevice' client option to specify which smartcard device
- is used to access a smartcard used for storing the user's private RSA
- key. ok markus@.
- - jakob@cvs.openbsd.org 2001/07/31 12:42:50
- [sftp-int.c sftp-server.c]
- avoid paths beginning with "//"; <vinschen@redhat.com>
- ok markus@
- - jakob@cvs.openbsd.org 2001/07/31 12:53:34
- [scard.c]
- close smartcard connection if card is missing
- - markus@cvs.openbsd.org 2001/08/01 22:03:33
- [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
- ssh-agent.c ssh.c]
- use strings instead of ints for smartcard reader ids
- - markus@cvs.openbsd.org 2001/08/01 22:16:45
- [ssh.1 sshd.8]
- refer to current ietf drafts for protocol v2
- - markus@cvs.openbsd.org 2001/08/01 23:33:09
- [ssh-keygen.c]
- allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
- like sectok).
- - markus@cvs.openbsd.org 2001/08/01 23:38:45
- [scard.c ssh.c]
- support finish rsa keys.
- free public keys after login -> call finish -> close smartcard.
- - markus@cvs.openbsd.org 2001/08/02 00:10:17
- [ssh-keygen.c]
- add -D readerid option (download, i.e. print public RSA key to stdout).
- check for card present when uploading keys.
- use strings instead of ints for smartcard reader ids, too.
- - jakob@cvs.openbsd.org 2001/08/02 08:58:35
- [ssh-keygen.c]
- change -u (upload smartcard key) to -U. ok markus@
- - jakob@cvs.openbsd.org 2001/08/02 15:06:52
- [ssh-keygen.c]
- more verbose usage(). ok markus@
- - jakob@cvs.openbsd.org 2001/08/02 15:07:23
- [ssh-keygen.1]
- document smartcard upload/download. ok markus@
- - jakob@cvs.openbsd.org 2001/08/02 15:32:10
- [ssh.c]
- add smartcard to usage(). ok markus@
- - jakob@cvs.openbsd.org 2001/08/02 15:43:57
- [ssh-agent.c ssh.c ssh-keygen.c]
- add /* SMARTCARD */ to #else/#endif. ok markus@
- - jakob@cvs.openbsd.org 2001/08/02 16:14:05
- [scard.c ssh-agent.c ssh.c ssh-keygen.c]
- clean up some /* SMARTCARD */. ok markus@
- - mpech@cvs.openbsd.org 2001/08/02 18:37:35
- [ssh-keyscan.1]
- o) .Sh AUTHOR -> .Sh AUTHORS;
- o) .Sh EXAMPLE -> .Sh EXAMPLES;
- o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
-
- millert@ ok
- - jakob@cvs.openbsd.org 2001/08/03 10:31:19
- [ssh-add.1]
- document smartcard options. ok markus@
- - jakob@cvs.openbsd.org 2001/08/03 10:31:30
- [ssh-add.c ssh-agent.c ssh-keyscan.c]
- improve usage(). ok markus@
- - markus@cvs.openbsd.org 2001/08/05 23:18:20
- [ssh-keyscan.1 ssh-keyscan.c]
- ssh 2 support; from wayned@users.sourceforge.net
- - markus@cvs.openbsd.org 2001/08/05 23:29:58
- [ssh-keyscan.c]
- make -t dsa work with commercial servers, too
- - stevesk@cvs.openbsd.org 2001/08/06 19:47:05
- [scp.c]
- use alarm vs. setitimer for portable; ok markus@
- - (bal) ssh-keyscan double -lssh hack due to seed_rng().
- - (bal) Second around of UNICOS patches. A few other things left.
- Patches by William L. Jones <jones@mail.utexas.edu>
-
-20010803
- - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
- a fast UltraSPARC.
-
-20010726
- - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
- handler has converged.
-
-20010725
- - (bal) Added 'install-nokeys' to Makefile to assist package builders.
-
-20010724
- - (bal) 4711 not 04711 for ssh binary.
-
-20010722
- - (bal) Starting the Unicossmk merger. File merged TODO, configure.in,
- myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in.
- Added openbsd-compat/bsd-cray.c. Rest will be merged after
- approval. Selective patches from William L. Jones
- <jones@mail.utexas.edu>
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/07/18 21:10:43
- [sshpty.c]
- pr #1946, allow sshd if /dev is readonly
- - stevesk@cvs.openbsd.org 2001/07/18 21:40:40
- [ssh-agent.c]
- chdir("/") from bbraun@synack.net; ok markus@
- - stevesk@cvs.openbsd.org 2001/07/19 00:41:44
- [ssh.1]
- escape chars are below now
- - markus@cvs.openbsd.org 2001/07/20 14:46:11
- [ssh-agent.c]
- do not exit() from signal handlers; ok deraadt@
- - stevesk@cvs.openbsd.org 2001/07/20 18:41:51
- [ssh.1]
- "the" command line
-
-20010719
- - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS.
- report from Mark Miller <markm@swoon.net>
-
-20010718
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/07/14 15:10:17
- [readpass.c sftp-client.c sftp-common.c sftp-glob.c]
- delete spurious #includes; ok deraadt@ markus@
- - markus@cvs.openbsd.org 2001/07/15 16:17:08
- [serverloop.c]
- schedule client alive for ssh2 only, greg@cheers.bungi.com
- - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
- [ssh-agent.1]
- -d will not fork; ok markus@
- - stevesk@cvs.openbsd.org 2001/07/15 16:58:29
- [ssh-agent.c]
- typo in usage; ok markus@
- - markus@cvs.openbsd.org 2001/07/17 20:48:42
- [ssh-agent.c]
- update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
- - markus@cvs.openbsd.org 2001/07/17 21:04:58
- [channels.c channels.h clientloop.c nchan.c serverloop.c]
- keep track of both maxfd and the size of the malloc'ed fdsets.
- update maxfd if maxfd gets closed.
- - mouring@cvs.openbsd.org 2001/07/18 16:45:52
- [scp.c]
- Missing -o in scp usage()
- - (bal) Cleaned up trailing spaces in ChangeLog.
- - (bal) Allow sshd to switch user context without password for Cygwin.
- Patch by Corinna Vinschen <vinschen@redhat.com>
- - (bal) Updated cygwin README and ssh-host-config. Patch by
- Corinna Vinschen <vinschen@redhat.com>
-
-20010715
- - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by
- Josh Larios <jdlarios@cac.washington.edu>
- - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in.
- needed by openbsd-compat/fake-getaddrinfo.c
-
-20010714
- - (stevesk) change getopt() declaration
- - (stevesk) configure.in: use ll suffix for long long constant
- in snprintf() test
-
-20010713
- - (djm) Enable /etc/nologin check on PAM systems, as some lack the
- pam_nologin module. Report from William Yodlowsky
- <bsd@openbsd.rutgers.edu>
- - (djm) Revert dirname fix, a better one is on its way.
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/07/04 22:47:19
- [ssh-agent.c]
- ignore SIGPIPE when debugging, too
- - markus@cvs.openbsd.org 2001/07/04 23:13:10
- [scard.c scard.h ssh-agent.c]
- handle card removal more gracefully, add sc_close() to scard.h
- - markus@cvs.openbsd.org 2001/07/04 23:39:07
- [ssh-agent.c]
- for smartcards remove both RSA1/2 keys
- - markus@cvs.openbsd.org 2001/07/04 23:49:27
- [ssh-agent.c]
- handle mutiple adds of the same smartcard key
- - espie@cvs.openbsd.org 2001/07/05 11:43:33
- [sftp-glob.c]
- Directly cast to the right type. Ok markus@
- - stevesk@cvs.openbsd.org 2001/07/05 20:32:47
- [sshconnect1.c]
- statement after label; ok dugsong@
- - stevesk@cvs.openbsd.org 2001/07/08 15:23:38
- [servconf.c]
- fix ``MaxStartups max''; ok markus@
- - fgsch@cvs.openbsd.org 2001/07/09 05:58:47
- [ssh.c]
- Use getopt(3); markus@ ok.
- - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
- [session.c sftp-int.c]
- correct type on last arg to execl(); nordin@cse.ogi.edu
- - markus@cvs.openbsd.org 2001/07/10 21:49:12
- [readpass.c]
- don't panic if fork or pipe fail (just return an empty passwd).
- - itojun@cvs.openbsd.org 2001/07/11 00:24:53
- [servconf.c]
- make it compilable in all 4 combination of KRB4/KRB5 settings.
- dugsong ok
- XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
- -I/usr/include/kerberosV?
- - markus@cvs.openbsd.org 2001/07/11 16:29:59
- [ssh.c]
- sort options string, fix -p, add -k
- - markus@cvs.openbsd.org 2001/07/11 18:26:15
- [auth.c]
- no need to call dirname(pw->pw_dir).
- note that dirname(3) modifies its argument on some systems.
- - (djm) Reorder Makefile.in so clean targets work a little better when
- run directly from Makefile.in
- - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension.
-
-20010711
- - (djm) dirname(3) may modify its argument on glibc and other systems.
- Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
-
-20010704
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/06/25 08:25:41
- [channels.c channels.h cipher.c clientloop.c compat.c compat.h
- hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
- session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
- update copyright for 2001
- - markus@cvs.openbsd.org 2001/06/25 17:18:27
- [ssh-keygen.1]
- sshd(8) will never read the private keys, but ssh(1) does;
- hugh@mimosa.com
- - provos@cvs.openbsd.org 2001/06/25 17:54:47
- [auth.c auth.h auth-rsa.c]
- terminate secure_filename checking after checking homedir. that way
- it works on AFS. okay markus@
- - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
- [auth2.c sshconnect2.c]
- prototype cleanup; ok markus@
- - markus@cvs.openbsd.org 2001/06/26 02:47:07
- [ssh-keygen.c]
- allow loading a private RSA key to a cyberflex card.
- - markus@cvs.openbsd.org 2001/06/26 04:07:06
- [ssh-agent.1 ssh-agent.c]
- add debug flag
- - markus@cvs.openbsd.org 2001/06/26 04:59:59
- [authfd.c authfd.h ssh-add.c]
- initial support for smartcards in the agent
- - markus@cvs.openbsd.org 2001/06/26 05:07:43
- [ssh-agent.c]
- update usage
- - markus@cvs.openbsd.org 2001/06/26 05:33:34
- [ssh-agent.c]
- more smartcard support.
- - mpech@cvs.openbsd.org 2001/06/26 05:48:07
- [sshd.8]
- remove unnecessary .Pp between .It;
- millert@ ok
- - markus@cvs.openbsd.org 2001/06/26 05:50:11
- [auth2.c]
- new interface for secure_filename()
- - itojun@cvs.openbsd.org 2001/06/26 06:32:58
- [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
- buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
- compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
- hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
- radix.h readconf.h readpass.h rsa.h]
- prototype pedant. not very creative...
- - () -> (void)
- - no variable names
- - itojun@cvs.openbsd.org 2001/06/26 06:33:07
- [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
- sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
- ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
- prototype pedant. not very creative...
- - () -> (void)
- - no variable names
- - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
- [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
- servconf.c servconf.h session.c sshconnect1.c sshd.c]
- Kerberos v5 support for SSH1, mostly from Assar Westerlund
- <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
- - markus@cvs.openbsd.org 2001/06/26 17:25:34
- [ssh.1]
- document SSH_ASKPASS; fubob@MIT.EDU
- - markus@cvs.openbsd.org 2001/06/26 17:27:25
- [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
- canohost.h channels.h cipher.h clientloop.h compat.h compress.h
- crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
- hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
- packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
- session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
- sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
- tildexpand.h uidswap.h uuencode.h xmalloc.h]
- remove comments from .h, since they are cut&paste from the .c files
- and out of sync
- - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
- [servconf.c]
- #include <kafs.h>
- - markus@cvs.openbsd.org 2001/06/26 20:14:11
- [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
- add smartcard support to the client, too (now you can use both
- the agent and the client).
- - markus@cvs.openbsd.org 2001/06/27 02:12:54
- [serverloop.c serverloop.h session.c session.h]
- quick hack to make ssh2 work again.
- - markus@cvs.openbsd.org 2001/06/27 04:48:53
- [auth.c match.c sshd.8]
- tridge@samba.org
- - markus@cvs.openbsd.org 2001/06/27 05:35:42
- [ssh-keygen.c]
- use cyberflex_inq_class to inquire class.
- - markus@cvs.openbsd.org 2001/06/27 05:42:25
- [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
- s/generate_additional_parameters/rsa_generate_additional_parameters/
- http://www.humppa.com/
- - markus@cvs.openbsd.org 2001/06/27 06:26:36
- [ssh-add.c]
- convert to getopt(3)
- - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
- [ssh-keygen.c]
- '\0' terminated data[] is ok; ok markus@
- - markus@cvs.openbsd.org 2001/06/29 07:06:34
- [ssh-keygen.c]
- new error handling for cyberflex_*
- - markus@cvs.openbsd.org 2001/06/29 07:11:01
- [ssh-keygen.c]
- initialize early
- - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
- [clientloop.c]
- sync function definition with declaration; ok markus@
- - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
- [channels.c]
- use socklen_t for getsockopt arg #5; ok markus@
- - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
- [channels.c channels.h clientloop.c]
- adress -> address; ok markus@
- - markus@cvs.openbsd.org 2001/07/02 13:59:15
- [serverloop.c session.c session.h]
- wait until !session_have_children(); bugreport from
- Lutz.Jaenicke@aet.TU-Cottbus.DE
- - markus@cvs.openbsd.org 2001/07/02 22:29:20
- [readpass.c]
- do not return NULL, use "" instead.
- - markus@cvs.openbsd.org 2001/07/02 22:40:18
- [ssh-keygen.c]
- update for sectok.h interface changes.
- - markus@cvs.openbsd.org 2001/07/02 22:52:57
- [channels.c channels.h serverloop.c]
- improve cleanup/exit logic in ssh2:
- stop listening to channels, detach channel users (e.g. sessions).
- wait for children (i.e. dying sessions), send exit messages,
- cleanup all channels.
- - (bal) forget a few new files in sync up.
- - (bal) Makefile fix up requires scard.c
- - (stevesk) sync misc.h
- - (stevesk) more sync for session.c
- - (stevesk) sync servconf.h (comments)
- - (tim) [contrib/caldera/openssh.spec] sync with Caldera
- - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to
- issue warning (line 1: tokens ignored at end of directive line)
- - (tim) [sshconnect1.c] give the compiler something to do for success:
- if KRB5 and AFS are not defined
- (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: })
-
-20010629
- - (bal) Removed net_aton() since we don't use it any more
- - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
- - (bal) Updated zlib's home. Thanks to David Howe <DaveHowe@gmx.co.uk>.
- - (stevesk) remove _REENTRANT #define
- - (stevesk) session.c: use u_int for envsize
- - (stevesk) remove cli.[ch]
-
-20010628
- - (djm) Sync openbsd-compat with -current libc
- - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
- broken makefile
- - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
- - (bal) Remove getusershell() since it's no longer used.
-
-20010627
- - (djm) Reintroduce pam_session call for non-pty sessions.
- - (djm) Remove redundant and incorrect test for max auth attempts in
- PAM kbdint code. Based on fix from Matthew Melvin
- <matthewm@webcentral.com.au>
- - (djm) Rename sysconfdir/primes => sysconfdir/moduli
- - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
- existing primes->moduli if it exists.
- - (djm) Sync with -current openbsd-compat/readpassphrase.c:
- - djm@cvs.openbsd.org 2001/06/27 13:23:30
- typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
- - (djm) Turn up warnings if gcc or egcs detected
- - (stevesk) for HP-UX 11.X use X/Open socket interface;
- pulls in modern socket prototypes and eliminates a number of compiler
- warnings. see xopen_networking(7).
- - (stevesk) fix x11 forwarding from _PATH_XAUTH change
- - (stevesk) use X/Open socket interface for HP-UX 10.X also
-
-20010625
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/06/21 21:08:25
- [session.c]
- don't reset forced_command (we allow multiple login shells in
- ssh2); dwd@bell-labs.com
- - mpech@cvs.openbsd.org 2001/06/22 10:17:51
- [ssh.1 sshd.8 ssh-keyscan.1]
- o) .Sh AUTHOR -> .Sh AUTHORS;
- o) remove unnecessary .Pp;
- o) better -mdoc style;
- o) typo;
- o) sort SEE ALSO;
- aaron@ ok
- - provos@cvs.openbsd.org 2001/06/22 21:27:08
- [dh.c pathnames.h]
- use /etc/moduli instead of /etc/primes, okay markus@
- - provos@cvs.openbsd.org 2001/06/22 21:28:53
- [sshd.8]
- document /etc/moduli
- - markus@cvs.openbsd.org 2001/06/22 21:55:49
- [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
- ssh-keygen.1]
- merge authorized_keys2 into authorized_keys.
- authorized_keys2 is used for backward compat.
- (just append authorized_keys2 to authorized_keys).
- - provos@cvs.openbsd.org 2001/06/22 21:57:59
- [dh.c]
- increase linebuffer to deal with larger moduli; use rewind instead of
- close/open
- - markus@cvs.openbsd.org 2001/06/22 22:21:20
- [sftp-server.c]
- allow long usernames/groups in readdir
- - markus@cvs.openbsd.org 2001/06/22 23:35:21
- [ssh.c]
- don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
- - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
- [scp.c]
- slightly better care
- - markus@cvs.openbsd.org 2001/06/23 00:20:57
- [auth2.c auth.c auth.h auth-rh-rsa.c]
- *known_hosts2 is obsolete for hostbased authentication and
- only used for backward compat. merge ssh1/2 hostkey check
- and move it to auth.c
- - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
- [sftp.1 sftp-server.8 ssh-keygen.1]
- join .%A entries; most by bk@rt.fm
- - markus@cvs.openbsd.org 2001/06/23 02:34:33
- [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
- sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
- get rid of known_hosts2, use it for hostkey lookup, but do not
- modify.
- - markus@cvs.openbsd.org 2001/06/23 03:03:59
- [sshd.8]
- draft-ietf-secsh-dh-group-exchange-01.txt
- - markus@cvs.openbsd.org 2001/06/23 03:04:42
- [auth2.c auth-rh-rsa.c]
- restore correct ignore_user_known_hosts logic.
- - markus@cvs.openbsd.org 2001/06/23 05:26:02
- [key.c]
- handle sigature of size 0 (some broken clients send this).
- - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
- [sftp.1 sftp-server.8 ssh-keygen.1]
- ok, tmac is now fixed
- - markus@cvs.openbsd.org 2001/06/23 06:41:10
- [ssh-keygen.c]
- try to decode ssh-3.0.0 private rsa keys
- (allow migration to openssh, not vice versa), #910
- - itojun@cvs.openbsd.org 2001/06/23 15:12:20
- [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
- canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
- hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
- readpass.c scp.c servconf.c serverloop.c session.c sftp.c
- sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
- ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
- ssh-keygen.c ssh-keyscan.c]
- more strict prototypes. raise warning level in Makefile.inc.
- markus ok'ed
- TODO; cleanup headers
- - markus@cvs.openbsd.org 2001/06/23 17:05:22
- [ssh-keygen.c]
- fix import for (broken?) ssh.com/f-secure private keys
- (i tested > 1000 RSA keys)
- - itojun@cvs.openbsd.org 2001/06/23 17:48:18
- [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
- kill whitespace at EOL.
- - markus@cvs.openbsd.org 2001/06/23 19:12:43
- [sshd.c]
- pidfile/sigterm race; bbraun@synack.net
- - markus@cvs.openbsd.org 2001/06/23 22:37:46
- [sshconnect1.c]
- consistent with ssh2: skip key if empty passphrase is entered,
- retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
- - markus@cvs.openbsd.org 2001/06/24 05:25:10
- [auth-options.c match.c match.h]
- move ip+hostname check to match.c
- - markus@cvs.openbsd.org 2001/06/24 05:35:33
- [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
- switch to readpassphrase(3)
- 2.7/8-stable needs readpassphrase.[ch] from libc
- - markus@cvs.openbsd.org 2001/06/24 05:47:13
- [sshconnect2.c]
- oops, missing format string
- - markus@cvs.openbsd.org 2001/06/24 17:18:31
- [ttymodes.c]
- passing modes works fine: debug2->3
- - (djm) -Wall fix for session.c
- - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
- Solaris
-
-20010622
- - (stevesk) handle systems without pw_expire and pw_change.
-
-20010621
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/06/16 08:49:38
- [misc.c]
- typo; dunlap@apl.washington.edu
- - markus@cvs.openbsd.org 2001/06/16 08:50:39
- [channels.h]
- bad //-style comment; thx to stevev@darkwing.uoregon.edu
- - markus@cvs.openbsd.org 2001/06/16 08:57:35
- [scp.c]
- no stdio or exit() in signal handlers.
- - markus@cvs.openbsd.org 2001/06/16 08:58:34
- [misc.c]
- copy pw_expire and pw_change, too.
- - markus@cvs.openbsd.org 2001/06/19 12:34:09
- [session.c]
- cleanup forced command handling, from dwd@bell-labs.com
- - markus@cvs.openbsd.org 2001/06/19 14:09:45
- [session.c sshd.8]
- disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
- - markus@cvs.openbsd.org 2001/06/19 15:40:45
- [session.c]
- allocate and free at the same level.
- - markus@cvs.openbsd.org 2001/06/20 13:56:39
- [channels.c channels.h clientloop.c packet.c serverloop.c]
- move from channel_stop_listening to channel_free_all,
- call channel_free_all before calling waitpid() in serverloop.
- fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
-
-20010615
- - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
- around grantpt().
- - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
-
-20010614
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/06/13 09:10:31
- [session.c]
- typo, use pid not s->pid, mstone@cs.loyola.edu
-
-20010613
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/06/12 10:58:29
- [session.c]
- merge session_free into session_close()
- merge pty_cleanup_proc into session_pty_cleanup()
- - markus@cvs.openbsd.org 2001/06/12 16:10:38
- [session.c]
- merge ssh1/ssh2 tty msg parse and alloc code
- - markus@cvs.openbsd.org 2001/06/12 16:11:26
- [packet.c]
- do not log() packet_set_maxsize
- - markus@cvs.openbsd.org 2001/06/12 21:21:29
- [session.c]
- remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
- we do already trust $HOME/.ssh
- you can use .ssh/sshrc and .ssh/environment if you want to customize
- the location of the xauth cookies
- - markus@cvs.openbsd.org 2001/06/12 21:30:57
- [session.c]
- unused
-
-20010612
- - scp.c ID update (upstream synced vfsprintf() from us)
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/06/10 11:29:20
- [dispatch.c]
- we support rekeying
- protocol errors are fatal.
- - markus@cvs.openbsd.org 2001/06/11 10:18:24
- [session.c]
- reset pointer to NULL after xfree(); report from solar@openwall.com
- - markus@cvs.openbsd.org 2001/06/11 16:04:38
- [sshd.8]
- typo; bdubreuil@crrel.usace.army.mil
-
-20010611
- - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
- <markm@swoon.net>
- - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
- types. Patch by Jan IVEN <Jan.Iven@cern.ch>
- - (bal) Fixed Makefile.in so that 'configure; make install' works.
-
-20010610
- - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
-
-20010609
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/30 12:55:13
- [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
- packet.c serverloop.c session.c ssh.c ssh1.h]
- channel layer cleanup: merge header files and split .c files
- - markus@cvs.openbsd.org 2001/05/30 15:20:10
- [ssh.c]
- merge functions, simplify.
- - markus@cvs.openbsd.org 2001/05/31 10:30:17
- [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
- packet.c serverloop.c session.c ssh.c]
- undo the .c file split, just merge the header and keep the cvs
- history
- - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
- out of ssh Attic)
- - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
- Attic.
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/31 13:08:04
- [sshd_config]
- group options and add some more comments
- - markus@cvs.openbsd.org 2001/06/03 14:55:39
- [channels.c channels.h session.c]
- use fatal_register_cleanup instead of atexit, sync with x11 authdir
- handling
- - markus@cvs.openbsd.org 2001/06/03 19:36:44
- [ssh-keygen.1]
- 1-2 bits of entrophy per character (not per word), ok stevesk@
- - markus@cvs.openbsd.org 2001/06/03 19:38:42
- [scp.c]
- pass -v to ssh; from slade@shore.net
- - markus@cvs.openbsd.org 2001/06/03 20:06:11
- [auth2-chall.c]
- the challenge response device decides how to handle non-existing
- users.
- -> fake challenges for skey and cryptocard
- - markus@cvs.openbsd.org 2001/06/04 21:59:43
- [channels.c channels.h session.c]
- switch uid when cleaning up tmp files and sockets; reported by
- zen-parse@gmx.net on bugtraq
- - markus@cvs.openbsd.org 2001/06/04 23:07:21
- [clientloop.c serverloop.c sshd.c]
- set flags in the signal handlers, do real work in the main loop,
- ok provos@
- - markus@cvs.openbsd.org 2001/06/04 23:16:16
- [session.c]
- merge ssh1/2 x11-fwd setup, create listener after tmp-dir
- - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
- [ssh-keyscan.1 ssh-keyscan.c]
- License clarification from David Mazieres, ok deraadt@
- - markus@cvs.openbsd.org 2001/06/05 10:24:32
- [channels.c]
- don't delete the auth socket in channel_stop_listening()
- auth_sock_cleanup_proc() will take care of this.
- - markus@cvs.openbsd.org 2001/06/05 16:46:19
- [session.c]
- let session_close() delete the pty. deny x11fwd if xauthfile is set.
- - markus@cvs.openbsd.org 2001/06/06 23:13:54
- [ssh-dss.c ssh-rsa.c]
- cleanup, remove old code
- - markus@cvs.openbsd.org 2001/06/06 23:19:35
- [ssh-add.c]
- remove debug message; Darren.Moffat@eng.sun.com
- - markus@cvs.openbsd.org 2001/06/07 19:57:53
- [auth2.c]
- style is used for bsdauth.
- disconnect on user/service change (ietf-drafts)
- - markus@cvs.openbsd.org 2001/06/07 20:23:05
- [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
- sshconnect.c sshconnect1.c]
- use xxx_put_cstring()
- - markus@cvs.openbsd.org 2001/06/07 22:25:02
- [session.c]
- don't overwrite errno
- delay deletion of the xauth cookie
- - markus@cvs.openbsd.org 2001/06/08 15:25:40
- [includes.h pathnames.h readconf.c servconf.c]
- move the path for xauth to pathnames.h
- - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
- - (bal) ANSIify strmode()
- - (bal) --with-catman should be --with-mantype patch by Dave
- Dykstra <dwd@bell-labs.com>
-
-20010606
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/17 21:34:15
- [ssh.1]
- no spaces in PreferredAuthentications;
- meixner@rbg.informatik.tu-darmstadt.de
- - markus@cvs.openbsd.org 2001/05/18 14:13:29
- [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
- readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
- improved kbd-interactive support. work by per@appgate.com and me
- - djm@cvs.openbsd.org 2001/05/19 00:36:40
- [session.c]
- Disable X11 forwarding if xauth binary is not found. Patch from Nalin
- Dahyabhai <nalin@redhat.com>; ok markus@
- - markus@cvs.openbsd.org 2001/05/19 16:05:41
- [scp.c]
- ftruncate() instead of open()+O_TRUNC like rcp.c does
- allows scp /path/to/file localhost:/path/to/file
- - markus@cvs.openbsd.org 2001/05/19 16:08:43
- [sshd.8]
- sort options; Matthew.Stier@fnc.fujitsu.com
- - markus@cvs.openbsd.org 2001/05/19 16:32:16
- [ssh.1 sshconnect2.c]
- change preferredauthentication order to
- publickey,hostbased,password,keyboard-interactive
- document that hostbased defaults to no, document order
- - markus@cvs.openbsd.org 2001/05/19 16:46:19
- [ssh.1 sshd.8]
- document MACs defaults with .Dq
- - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
- [misc.c misc.h servconf.c sshd.8 sshd.c]
- sshd command-line arguments and configuration file options that
- specify time may be expressed using a sequence of the form:
- time[qualifier], where time is a positive integer value and qualifier
- is one of the following:
- <none>,s,m,h,d,w
- Examples:
- 600 600 seconds (10 minutes)
- 10m 10 minutes
- 1h30m 1 hour 30 minutes (90 minutes)
- ok markus@
- - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
- [channels.c]
- typo in error message
- - markus@cvs.openbsd.org 2001/05/20 17:20:36
- [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
- sshd_config]
- configurable authorized_keys{,2} location; originally from peter@;
- ok djm@
- - markus@cvs.openbsd.org 2001/05/24 11:12:42
- [auth.c]
- fix comment; from jakob@
- - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
- [clientloop.c readconf.c ssh.c ssh.h]
- don't perform escape processing when ``EscapeChar none''; ok markus@
- - markus@cvs.openbsd.org 2001/05/25 14:37:32
- [ssh-keygen.c]
- use -P for -e and -y, too.
- - markus@cvs.openbsd.org 2001/05/28 08:04:39
- [ssh.c]
- fix usage()
- - markus@cvs.openbsd.org 2001/05/28 10:08:55
- [authfile.c]
- key_load_private: set comment to filename for PEM keys
- - markus@cvs.openbsd.org 2001/05/28 22:51:11
- [cipher.c cipher.h]
- simpler 3des for ssh1
- - markus@cvs.openbsd.org 2001/05/28 23:14:49
- [channels.c channels.h nchan.c]
- undo broken channel fix and try a different one. there
- should be still some select errors...
- - markus@cvs.openbsd.org 2001/05/28 23:25:24
- [channels.c]
- cleanup, typo
- - markus@cvs.openbsd.org 2001/05/28 23:58:35
- [packet.c packet.h sshconnect.c sshd.c]
- remove some lines, simplify.
- - markus@cvs.openbsd.org 2001/05/29 12:31:27
- [authfile.c]
- typo
-
-20010528
- - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
- Patch by Corinna Vinschen <vinschen@redhat.com>
-
-20010517
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/12 19:53:13
- [sftp-server.c]
- readlink does not NULL-terminate; mhe@home.se
- - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
- [ssh.1]
- X11 forwarding details improved
- - markus@cvs.openbsd.org 2001/05/16 20:51:57
- [authfile.c]
- return comments for private pem files, too; report from nolan@naic.edu
- - markus@cvs.openbsd.org 2001/05/16 21:53:53
- [clientloop.c]
- check for open sessions before we call select(); fixes the x11 client
- bug reported by bowman@math.ualberta.ca
- - markus@cvs.openbsd.org 2001/05/16 22:09:21
- [channels.c nchan.c]
- more select() error fixes (don't set rfd/wfd to -1).
- - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
- - (bal) Corrected on_exit() emulation via atexit().
-
-20010512
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/11 14:59:56
- [clientloop.c misc.c misc.h]
- add unset_nonblock for stdout/err flushing in client_loop().
- - (bal) Patch to partial sync up contrib/solaris/ packaging software.
- Patch by pete <ninjaz@webexpress.com>
-
-20010511
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/09 22:51:57
- [channels.c]
- fix -R for protocol 2, noticed by greg@nest.cx.
- bug was introduced with experimental dynamic forwarding.
- - markus@cvs.openbsd.org 2001/05/09 23:01:31
- [rijndael.h]
- fix prototype; J.S.Peatfield@damtp.cam.ac.uk
-
-20010509
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/06 21:23:31
- [cli.c]
- cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
- - markus@cvs.openbsd.org 2001/05/08 19:17:31
- [channels.c serverloop.c clientloop.c]
- adds correct error reporting to async connect()s
- fixes the server-discards-data-before-connected-bug found by
- onoe@sm.sony.co.jp
- - mouring@cvs.openbsd.org 2001/05/08 19:45:25
- [misc.c misc.h scp.c sftp.c]
- Use addargs() in sftp plus some clean up of addargs(). OK Markus
- - markus@cvs.openbsd.org 2001/05/06 21:45:14
- [clientloop.c]
- use atomicio for flushing stdout/stderr bufs. thanks to
- jbw@izanami.cee.hw.ac.uk
- - markus@cvs.openbsd.org 2001/05/08 22:48:07
- [atomicio.c]
- no need for xmalloc.h, thanks to espie@
- - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
- <wayne@blorf.net>
- - (bal) ./configure support to disable SIA on OSF1. Patch by
- Chris Adams <cmadams@hiwaay.net>
- - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
- <nakaji@tutrp.tut.ac.jp>
-
-20010508
- - (bal) Fixed configure test for USE_SIA.
-
-20010506
- - (djm) Update config.guess and config.sub with latest versions (from
- ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
- Suggested by Jason Mader <jason@ncac.gwu.edu>
- - (bal) White Space and #ifdef sync with OpenBSD
- - (bal) Add 'seed_rng()' to ssh-add.c
- - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
- [sftp.1 ssh-add.1 ssh-keygen.1]
- typos, grammar
-
-20010505
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
- [ssh.1 sshd.8]
- typos
- - markus@cvs.openbsd.org 2001/05/04 14:34:34
- [channels.c]
- channel_new() reallocs channels[], we cannot use Channel *c after
- calling channel_new(), XXX fix this in the future...
- - markus@cvs.openbsd.org 2001/05/04 23:47:34
- [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
- move to Channel **channels (instead of Channel *channels), fixes realloc
- problems. channel_new now returns a Channel *, favour Channel * over
- channel id. remove old channel_allocate interface.
-
-20010504
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
- [channels.c]
- typo in debug() string
- - markus@cvs.openbsd.org 2001/05/03 15:45:15
- [session.c]
- exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
- - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
- [servconf.c]
- remove "\n" from fatal()
- - mouring@cvs.openbsd.org 2001/05/03 23:09:53
- [misc.c misc.h scp.c sftp.c]
- Move colon() and cleanhost() to misc.c where I should I have put it in
- the first place
- - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
- - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
- Patch by Egor Duda <deo@logos-m.ru>
-
-20010503
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/05/02 16:41:20
- [ssh-add.c]
- fix prompt for ssh-add.
-
-20010502
- - OpenBSD CVS Sync
- - mouring@cvs.openbsd.org 2001/05/02 01:25:39
- [readpass.c]
- Put the 'const' back into ssh_askpass() function. Pointed out
- by Mark Miller <markm@swoon.net>. OK Markus
-
-20010501
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/30 11:18:52
- [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
- implement 'ssh -b bind_address' like 'telnet -b'
- - markus@cvs.openbsd.org 2001/04/30 15:50:46
- [compat.c compat.h kex.c]
- allow interop with weaker key generation used by ssh-2.0.x, x < 10
- - markus@cvs.openbsd.org 2001/04/30 16:02:49
- [compat.c]
- ssh-2.0.10 has the weak-key-bug, too.
- - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
-
-20010430
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/29 18:32:52
- [serverloop.c]
- fix whitespace
- - markus@cvs.openbsd.org 2001/04/29 19:16:52
- [channels.c clientloop.c compat.c compat.h serverloop.c]
- more ssh.com-2.0.x bug-compat; from per@appgate.com
- - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
- - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
-
-20010429
- - (bal) Updated INSTALL. PCRE moved to a new place.
- - (djm) Release OpenSSH-2.9p1
-
-20010427
- - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
- patch based on 2.5.2 version by djm.
- - (bal) Build manpages and config files once unless changed. Patch by
- Carson Gaspar <carson@taltos.org>
- - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
- Vinschen <vinschen@redhat.com>
- - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
- Pekka Savola <pekkas@netcore.fi>
- - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
- <vinschen@redhat.com>
- - (bal) version.h synced, RPM specs updated for 2.9
- - (tim) update contrib/caldera files with what Caldera is using.
- <sps@caldera.de>
-
-20010425
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/23 21:57:07
- [ssh-keygen.1 ssh-keygen.c]
- allow public key for -e, too
- - markus@cvs.openbsd.org 2001/04/23 22:14:13
- [ssh-keygen.c]
- remove debug
- - (bal) Whitespace resync w/ OpenBSD for uidswap.c
- - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
- (default: off), implies KbdInteractiveAuthentication. Suggestion from
- markus@
- - (djm) Include crypt.h if available in auth-passwd.c
- - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
- man page detection fixes for SCO
-
-20010424
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/22 23:58:36
- [ssh-keygen.1 ssh.1 sshd.8]
- document hostbased and other cleanup
- - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
- - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
- - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
- <dan@mesastate.edu>
- - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
-
-20010422
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/20 16:32:22
- [uidswap.c]
- set non-privileged gid before uid; tholo@ and deraadt@
- - mouring@cvs.openbsd.org 2001/04/21 00:55:57
- [sftp.1]
- Spelling
- - djm@cvs.openbsd.org 2001/04/22 08:13:30
- [ssh.1]
- typos spotted by stevesk@; ok deraadt@
- - markus@cvs.openbsd.org 2001/04/22 12:34:05
- [scp.c]
- scp > 2GB; niles@scyld.com; ok deraadt@, djm@
- - markus@cvs.openbsd.org 2001/04/22 13:25:37
- [ssh-keygen.1 ssh-keygen.c]
- rename arguments -x -> -e (export key), -X -> -i (import key)
- xref draft-ietf-secsh-publickeyfile-01.txt
- - markus@cvs.openbsd.org 2001/04/22 13:32:27
- [sftp-server.8 sftp.1 ssh.1 sshd.8]
- xref draft-ietf-secsh-*
- - markus@cvs.openbsd.org 2001/04/22 13:41:02
- [ssh-keygen.1 ssh-keygen.c]
- style, noted by stevesk; sort flags in usage
-
-20010421
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2001/04/20 07:17:51
- [clientloop.c ssh.1]
- Split out and improve escape character documentation, mention ~R in
- ~? help text; ok markus@
- - Update RPM spec files for CVS version.h
- - (stevesk) set the default PAM service name to __progname instead
- of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
- - (stevesk) document PAM service name change in INSTALL
- - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
- fix perl test, fix nroff test, fix Makefile to build outside source tree
-
-20010420
- - OpenBSD CVS Sync
- - ian@cvs.openbsd.org 2001/04/18 16:21:05
- [ssh-keyscan.1]
- Fix typo reported in PR/1779
- - markus@cvs.openbsd.org 2001/04/18 21:57:42
- [readpass.c ssh-add.c]
- call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
- - markus@cvs.openbsd.org 2001/04/18 22:03:45
- [auth2.c sshconnect2.c]
- use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
- - markus@cvs.openbsd.org 2001/04/18 22:48:26
- [auth2.c]
- no longer const
- - markus@cvs.openbsd.org 2001/04/18 23:43:26
- [auth2.c compat.c sshconnect2.c]
- more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
- (however the 2.1.0 server seems to work only if debug is enabled...)
- - markus@cvs.openbsd.org 2001/04/18 23:44:51
- [authfile.c]
- error->debug; noted by fries@
- - markus@cvs.openbsd.org 2001/04/19 00:05:11
- [auth2.c]
- use local variable, no function call needed.
- (btw, hostbased works now with ssh.com >= 2.0.13)
- - (bal) Put scp-common.h back into scp.c (it exists in the upstream
- tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
-
-20010418
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/17 19:34:25
- [session.c]
- move auth_approval to do_authenticated().
- do_child(): nuke hostkeys from memory
- don't source .ssh/rc for subsystems.
- - markus@cvs.openbsd.org 2001/04/18 14:15:00
- [canohost.c]
- debug->debug3
- - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
- be working again.
- - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
- Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
-
-20010417
- - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
- and temporary commented out 'catman-do:' since it is broken. Patches
- for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
- [key.c]
- better safe than sorry in later mods; yongari@kt-is.co.kr
- - markus@cvs.openbsd.org 2001/04/17 08:14:01
- [sshconnect1.c]
- check for key!=NULL, thanks to costa
- - markus@cvs.openbsd.org 2001/04/17 09:52:48
- [clientloop.c]
- handle EINTR/EAGAIN on read; ok deraadt@
- - markus@cvs.openbsd.org 2001/04/17 10:53:26
- [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
- add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
- - markus@cvs.openbsd.org 2001/04/17 12:55:04
- [channels.c ssh.c]
- undo socks5 and https support since they are not really used and
- only bloat ssh. remove -D from usage(), since '-D' is experimental.
-
-20010416
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
- [ttymodes.c]
- fix comments
- - markus@cvs.openbsd.org 2001/04/15 08:43:47
- [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
- some unused variable and typos; from tomh@po.crl.go.jp
- - markus@cvs.openbsd.org 2001/04/15 16:58:03
- [authfile.c ssh-keygen.c sshd.c]
- don't use errno for key_{load,save}_private; discussion w/ solar@openwall
- - markus@cvs.openbsd.org 2001/04/15 17:16:00
- [clientloop.c]
- set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
- should fix some of the blocking problems for rsync over SSH-1
- - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
- [sshd.8]
- some ClientAlive cleanup; ok markus@
- - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
- [readconf.c servconf.c]
- use fatal() or error() vs. fprintf(); ok markus@
- - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
- Roth <roth+openssh@feep.net>
- - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
- - (djm) OpenBSD CVS Sync
- - mouring@cvs.openbsd.org 2001/04/16 02:31:44
- [scp.c sftp.c]
- IPv6 support for sftp (which I bungled in my last patch) which is
- borrowed from scp.c. Thanks to Markus@ for pointing it out.
- - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
- [xmalloc.c]
- xrealloc dealing with ptr == nULL; mouring
- - djm@cvs.openbsd.org 2001/04/16 08:19:31
- [session.c]
- Split motd and hushlogin checks into seperate functions, helps for
- portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
- - Fix OSF SIA support displaying too much information for quiet
- logins and logins where access was denied by SIA. Patch from Chris Adams
- <cmadams@hiwaay.net>
-
-20010415
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
- [ssh-add.c]
- do not double free
- - markus@cvs.openbsd.org 2001/04/14 16:17:14
- [channels.c]
- remove some channels that are not appropriate for keepalive.
- - markus@cvs.openbsd.org 2001/04/14 16:27:57
- [ssh-add.c]
- use clear_pass instead of xfree()
- - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
- [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
- protocol 2 tty modes support; ok markus@
- - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
- [scp.c]
- 'T' handling rcp/scp sync; ok markus@
- - Missed sshtty.[ch] in Sync.
-
-20010414
- - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
- - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
- <vinschen@redhat.com>
- - OpenBSD CVS Sync
- - beck@cvs.openbsd.org 2001/04/13 22:46:54
- [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
- Add options ClientAliveInterval and ClientAliveCountMax to sshd.
- This gives the ability to do a "keepalive" via the encrypted channel
- which can't be spoofed (unlike TCP keepalives). Useful for when you want
- to use ssh connections to authenticate people for something, and know
- relatively quickly when they are no longer authenticated. Disabled
- by default (of course). ok markus@
-
-20010413
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/12 14:29:09
- [ssh.c]
- show debug output during option processing, report from
- pekkas@netcore.fi
- - markus@cvs.openbsd.org 2001/04/12 19:15:26
- [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
- compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
- servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
- sshconnect2.c sshd_config]
- implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
- similar to RhostRSAAuthentication unless you enable (the experimental)
- HostbasedUsesNameFromPacketOnly option. please test. :)
- - markus@cvs.openbsd.org 2001/04/12 19:39:27
- [readconf.c]
- typo
- - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
- [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
- robust port validation; ok markus@ jakob@
- - mouring@cvs.openbsd.org 2001/04/12 23:17:54
- [sftp-int.c sftp-int.h sftp.1 sftp.c]
- Add support for:
- sftp [user@]host[:file [file]] - Fetch remote file(s)
- sftp [user@]host[:dir[/]] - Start in remote dir/
- OK deraadt@
- - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
- [ssh.c]
- missing \n in error message
- - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
- lack it.
-
-20010412
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/10 07:46:58
- [channels.c]
- cleanup socks4 handling
- - itojun@cvs.openbsd.org 2001/04/10 09:13:22
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
- document id_rsa{.pub,}. markus ok
- - markus@cvs.openbsd.org 2001/04/10 12:15:23
- [channels.c]
- debug cleanup
- - djm@cvs.openbsd.org 2001/04/11 07:06:22
- [sftp-int.c]
- 'mget' and 'mput' aliases; ok markus@
- - markus@cvs.openbsd.org 2001/04/11 10:59:01
- [ssh.c]
- use strtol() for ports, thanks jakob@
- - markus@cvs.openbsd.org 2001/04/11 13:56:13
- [channels.c ssh.c]
- https-connect and socks5 support. i feel so bad.
- - lebel@cvs.openbsd.org 2001/04/11 16:25:30
- [sshd.8 sshd.c]
- implement the -e option into sshd:
- -e When this option is specified, sshd will send the output to the
- standard error instead of the system log.
- markus@ OK.
-
-20010410
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
- [sftp.c]
- do not modify an actual argv[] entry
- - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
- [sshd.8]
- spelling
- - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
- [sftp.1]
- spelling
- - markus@cvs.openbsd.org 2001/04/09 15:12:23
- [ssh-add.c]
- passphrase caching: ssh-add tries last passphrase, clears passphrase if
- not successful and after last try.
- based on discussions with espie@, jakob@, ... and code from jakob@ and
- wolfgang@wsrcc.com
- - markus@cvs.openbsd.org 2001/04/09 15:19:49
- [ssh-add.1]
- ssh-add retries the last passphrase...
- - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
- [sshd.8]
- ListenAddress mandoc from aaron@
-
-20010409
- - (stevesk) use setresgid() for setegid() if needed
- - (stevesk) configure.in: typo
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
- [sshd.8]
- document ListenAddress addr:port
- - markus@cvs.openbsd.org 2001/04/08 13:03:00
- [ssh-add.c]
- init pointers with NULL, thanks to danimal@danimal.org
- - markus@cvs.openbsd.org 2001/04/08 11:27:33
- [clientloop.c]
- leave_raw_mode if ssh2 "session" is closed
- - markus@cvs.openbsd.org 2001/04/06 21:00:17
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
- ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
- do gid/groups-swap in addition to uid-swap, should help if /home/group
- is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
- to olar@openwall.com is comments. we had many requests for this.
- - markus@cvs.openbsd.org 2001/04/07 08:55:18
- [buffer.c channels.c channels.h readconf.c ssh.c]
- allow the ssh client act as a SOCKS4 proxy (dynamic local
- portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
- thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
- netscape use localhost:1080 as a socks proxy.
- - markus@cvs.openbsd.org 2001/04/08 11:24:33
- [uidswap.c]
- KNF
-
-20010408
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
- [hostfile.c]
- unused; typo in comment
- - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
- [servconf.c]
- in addition to:
- ListenAddress host|ipv4_addr|ipv6_addr
- permit:
- ListenAddress [host|ipv4_addr|ipv6_addr]:port
- ListenAddress host|ipv4_addr:port
- sshd.8 updates coming. ok markus@
-
-20010407
- - (bal) CVS ID Resync of version.h
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/05 23:39:20
- [serverloop.c]
- keep the ssh session even if there is no active channel.
- this is more in line with the protocol spec and makes
- ssh -N -L 1234:server:110 host
- more useful.
- based on discussion with <mats@mindbright.se> long time ago
- and recent mail from <res@shore.net>
- - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
- [scp.c]
- remove trailing / from source paths; fixes pr#1756
-
-20010406
- - (stevesk) logintest.c: fix for systems without __progname
- - (stevesk) Makefile.in: log.o is in libssh.a
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/05 10:00:06
- [compat.c]
- 2.3.x does old GEX, too; report jakob@
- - markus@cvs.openbsd.org 2001/04/05 10:39:03
- [compress.c compress.h packet.c]
- reset compress state per direction when rekeying.
- - markus@cvs.openbsd.org 2001/04/05 10:39:48
- [version.h]
- temporary version 2.5.4 (supports rekeying).
- this is not an official release.
- - markus@cvs.openbsd.org 2001/04/05 10:42:57
- [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
- mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
- sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
- sshconnect2.c sshd.c]
- fix whitespace: unexpand + trailing spaces.
- - markus@cvs.openbsd.org 2001/04/05 11:09:17
- [clientloop.c compat.c compat.h]
- add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
- - markus@cvs.openbsd.org 2001/04/05 15:45:43
- [ssh.1]
- ssh defaults to protocol v2; from quisar@quisar.ambre.net
- - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
- [canohost.c canohost.h session.c]
- move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
- - markus@cvs.openbsd.org 2001/04/05 20:01:10
- [clientloop.c]
- for ~R print message if server does not support rekeying. (and fix ~R).
- - markus@cvs.openbsd.org 2001/04/05 21:02:46
- [buffer.c]
- better error message
- - markus@cvs.openbsd.org 2001/04/05 21:05:24
- [clientloop.c ssh.c]
- don't request a session for 'ssh -N', pointed out slade@shore.net
-
-20010405
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/04/04 09:48:35
- [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
- don't sent multiple kexinit-requests.
- send newkeys, block while waiting for newkeys.
- fix comments.
- - markus@cvs.openbsd.org 2001/04/04 14:34:58
- [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
- enable server side rekeying + some rekey related clientup.
- todo: we should not send any non-KEX messages after we send KEXINIT
- - markus@cvs.openbsd.org 2001/04/04 15:50:55
- [compat.c]
- f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
- - markus@cvs.openbsd.org 2001/04/04 20:25:38
- [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
- sshconnect2.c sshd.c]
- more robust rekeying
- don't send channel data after rekeying is started.
- - markus@cvs.openbsd.org 2001/04/04 20:32:56
- [auth2.c]
- we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
- - markus@cvs.openbsd.org 2001/04/04 22:04:35
- [kex.c kexgex.c serverloop.c]
- parse full kexinit packet.
- make server-side more robust, too.
- - markus@cvs.openbsd.org 2001/04/04 23:09:18
- [dh.c kex.c packet.c]
- clear+free keys,iv for rekeying.
- + fix DH mem leaks. ok niels@
- - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
- BROKEN_VHANGUP
-
-20010404
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
- [ssh-agent.1]
- grammar; slade@shore.net
- - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
- [sftp-glob.c ssh-agent.c ssh-keygen.c]
- free() -> xfree()
- - markus@cvs.openbsd.org 2001/04/03 19:53:29
- [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
- move kex to kex*.c, used dispatch_set() callbacks for kex. should
- make rekeying easier.
- - todd@cvs.openbsd.org 2001/04/03 21:19:38
- [ssh_config]
- id_rsa1/2 -> id_rsa; ok markus@
- - markus@cvs.openbsd.org 2001/04/03 23:32:12
- [kex.c kex.h packet.c sshconnect2.c sshd.c]
- undo parts of recent my changes: main part of keyexchange does not
- need dispatch-callbacks, since application data is delayed until
- the keyexchange completes (if i understand the drafts correctly).
- add some infrastructure for re-keying.
- - markus@cvs.openbsd.org 2001/04/04 00:06:54
- [clientloop.c sshconnect2.c]
- enable client rekeying
- (1) force rekeying with ~R, or
- (2) if the server requests rekeying.
- works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
- - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
-
-20010403
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
- [sshd.8]
- typo; ok markus@
- - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
- [readconf.c servconf.c]
- correct comment; ok markus@
- - (stevesk) nchan.c: remove ostate checks and add EINVAL to
- shutdown(SHUT_RD) error() bypass for HP-UX.
-
-20010402
- - (stevesk) log.c openbsd sync; missing newlines
- - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
-
-20010330
- - (djm) Another openbsd-compat/glob.c sync
- - (djm) OpenBSD CVS Sync
- - provos@cvs.openbsd.org 2001/03/28 21:59:41
- [kex.c kex.h sshconnect2.c sshd.c]
- forgot to include min and max params in hash, okay markus@
- - provos@cvs.openbsd.org 2001/03/28 22:04:57
- [dh.c]
- more sanity checking on primes file
- - markus@cvs.openbsd.org 2001/03/28 22:43:31
- [auth.h auth2.c auth2-chall.c]
- check auth_root_allowed for kbd-int auth, too.
- - provos@cvs.openbsd.org 2001/03/29 14:24:59
- [sshconnect2.c]
- use recommended defaults
- - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
- [sshconnect2.c sshd.c]
- need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
- - markus@cvs.openbsd.org 2001/03/29 21:17:40
- [dh.c dh.h kex.c kex.h]
- prepare for rekeying: move DH code to dh.c
- - djm@cvs.openbsd.org 2001/03/29 23:42:01
- [sshd.c]
- Protocol 1 key regeneration log => verbose, some KNF; ok markus@
-
-20010329
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
- [ssh.1]
- document more defaults; misc. cleanup. ok markus@
- - markus@cvs.openbsd.org 2001/03/26 23:12:42
- [authfile.c]
- KNF
- - markus@cvs.openbsd.org 2001/03/26 23:23:24
- [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
- try to read private f-secure ssh v2 rsa keys.
- - markus@cvs.openbsd.org 2001/03/27 10:34:08
- [ssh-rsa.c sshd.c]
- use EVP_get_digestbynid, reorder some calls and fix missing free.
- - markus@cvs.openbsd.org 2001/03/27 10:57:00
- [compat.c compat.h ssh-rsa.c]
- some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
- signatures in SSH protocol 2, ok djm@
- - provos@cvs.openbsd.org 2001/03/27 17:46:50
- [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
- make dh group exchange more flexible, allow min and max group size,
- okay markus@, deraadt@
- - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
- [scp.c]
- start to sync scp closer to rcp; ok markus@
- - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
- [scp.c]
- usage more like rcp and add missing -B to usage; ok markus@
- - markus@cvs.openbsd.org 2001/03/28 20:50:45
- [sshd.c]
- call refuse() before close(); from olemx@ans.pl
-
-20010328
- - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
- resolve linking conflicts with libcrypto. Report and suggested fix
- from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
- - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
- fix from Philippe Levan <levan@epix.net>
- - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
- doesn't work because of conflicts between krbIV's and OpenSSL's des.h
- - (djm) Sync openbsd-compat/glob.c
-
-20010327
- - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
- - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
- Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2001/03/25 00:01:34
- [session.c]
- shorten; ok markus@
- - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
- [servconf.c servconf.h session.c sshd.8 sshd_config]
- PrintLastLog option; from chip@valinux.com with some minor
- changes by me. ok markus@
- - markus@cvs.openbsd.org 2001/03/26 08:07:09
- [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
- sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
- simpler key load/save interface, see authfile.h
- - (djm) Reestablish PAM credentials (which can be supplemental group
- memberships) after initgroups() blows them away. Report and suggested
- fix from Nalin Dahyabhai <nalin@redhat.com>
-
-20010324
- - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2001/03/23 11:04:07
- [compat.c compat.h sshconnect2.c sshd.c]
- Compat for OpenSSH with broken Rijndael/AES. ok markus@
- - markus@cvs.openbsd.org 2001/03/23 12:02:49
- [auth1.c]
- authctxt is now passed to do_authenticated
- - markus@cvs.openbsd.org 2001/03/23 13:10:57
- [sftp-int.c]
- fix put, upload to _absolute_ path, ok djm@
- - markus@cvs.openbsd.org 2001/03/23 14:28:32
- [session.c sshd.c]
- ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
- - (djm) Pull out our own SIGPIPE hacks
-
-20010323
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
- [sshd.c]
- do not place linefeeds in buffer
-
-20010322
- - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
- - (bal) version.c CVS ID resync
- - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
- resync
- - (bal) scp.c CVS ID resync
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/20 19:10:16
- [readconf.c]
- default to SSH protocol version 2
- - markus@cvs.openbsd.org 2001/03/20 19:21:21
- [session.c]
- remove unused arg
- - markus@cvs.openbsd.org 2001/03/20 19:21:21
- [session.c]
- remove unused arg
- - markus@cvs.openbsd.org 2001/03/21 11:43:45
- [auth1.c auth2.c session.c session.h]
- merge common ssh v1/2 code
- - jakob@cvs.openbsd.org 2001/03/21 14:20:45
- [ssh-keygen.c]
- add -B flag to usage
- - markus@cvs.openbsd.org 2001/03/21 21:06:30
- [session.c]
- missing init; from mib@unimelb.edu.au
-
-20010321
- - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
- VanDevender <stevev@darkwing.uoregon.edu>
- - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
- from Solar Designer <solar@openwall.com>
- - (djm) Don't loop forever when changing password via PAM. Patch
- from Solar Designer <solar@openwall.com>
- - (djm) Generate config files before build
- - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
- suggested fix from Mike Battersby <mib@unimelb.edu.au>
-
-20010320
- - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
- - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
- - (bal) Oops. Missed globc.h change (OpenBSD CVS).
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/19 17:07:23
- [auth.c readconf.c]
- undo /etc/shell and proto 2,1 change for openssh-2.5.2
- - markus@cvs.openbsd.org 2001/03/19 17:12:10
- [version.h]
- version 2.5.2
- - (djm) Update RPM spec version
- - (djm) Release 2.5.2p1
-- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
- change S_ISLNK macro to work for UnixWare 2.03
-- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
- add get_arg_max(). Use sysconf() if ARG_MAX is not defined
-
-20010319
- - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
- do it implicitly.
- - (djm) Add getusershell() functions from OpenBSD CVS
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/18 12:07:52
- [auth-options.c]
- ignore permitopen="host:port" if AllowTcpForwarding==no
- - (djm) Make scp work on systems without 64-bit ints
- - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
- move HAVE_LONG_LONG_INT where it works
- - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
- stuff. Change suggested by Mark Miller <markm@swoon.net>
- - (bal) Small fix to scp. %lu vs %ld
- - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
- - (djm) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2001/03/19 03:52:51
- [sftp-client.c]
- Report ssh connection closing correctly; ok deraadt@
- - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
- [compat.c compat.h sshd.c]
- specifically version match on ssh scanners. do not log scan
- information to the console
- - djm@cvs.openbsd.org 2001/03/19 12:10:17
- [sshd.8]
- Document permitopen authorized_keys option; ok markus@
- - djm@cvs.openbsd.org 2001/03/19 05:49:52
- [ssh.1]
- document PreferredAuthentications option; ok markus@
- - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
-
-20010318
- - (bal) Fixed scp type casing issue which causes "scp: protocol error:
- size not delimited" fatal errors when tranfering.
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/17 17:27:59
- [auth.c]
- check /etc/shells, too
- - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
- openbsd-compat/fake-regex.h
-
-20010317
- - Support usrinfo() on AIX. Based on patch from Gert Doering
- <gert@greenie.muc.de>
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/15 15:05:59
- [scp.c]
- use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
- - markus@cvs.openbsd.org 2001/03/15 22:07:08
- [session.c]
- pass Session to do_child + KNF
- - djm@cvs.openbsd.org 2001/03/16 08:16:18
- [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
- Revise globbing for get/put to be more shell-like. In particular,
- "get/put file* directory/" now works. ok markus@
- - markus@cvs.openbsd.org 2001/03/16 09:55:53
- [sftp-int.c]
- fix memset and whitespace
- - markus@cvs.openbsd.org 2001/03/16 13:44:24
- [sftp-int.c]
- discourage strcat/strcpy
- - markus@cvs.openbsd.org 2001/03/16 19:06:30
- [auth-options.c channels.c channels.h serverloop.c session.c]
- implement "permitopen" key option, restricts -L style forwarding to
- to specified host:port pairs. based on work by harlan@genua.de
- - Check for gl_matchc support in glob_t and fall back to the
- openbsd-compat/glob.[ch] support if it does not exist.
-
-20010315
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/14 08:57:14
- [sftp-client.c]
- Wall
- - markus@cvs.openbsd.org 2001/03/14 15:15:58
- [sftp-int.c]
- add version command
- - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
- [sftp-server.c]
- note no getopt()
- - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
- - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
-
-20010314
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/13 17:34:42
- [auth-options.c]
- missing xfree, deny key on parse error; ok stevesk@
- - djm@cvs.openbsd.org 2001/03/13 22:42:54
- [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
- sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
- - (bal) Fix strerror() in bsd-misc.c
- - (djm) Add replacement glob() from OpenBSD libc if the system glob is
- missing or lacks the GLOB_ALTDIRFUNC extension
- - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
- relatively. Avoids conflict between glob.h and /usr/include/glob.h
-
-20010313
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/12 22:02:02
- [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
- remove old key_fingerprint interface, s/_ex//
-
-20010312
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/11 13:25:36
- [auth2.c key.c]
- debug
- - jakob@cvs.openbsd.org 2001/03/11 15:03:16
- [key.c key.h]
- add improved fingerprint functions. based on work by Carsten
- Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
- - jakob@cvs.openbsd.org 2001/03/11 15:04:16
- [ssh-keygen.1 ssh-keygen.c]
- print both md5, sha1 and bubblebabble fingerprints when using
- ssh-keygen -l -v. ok markus@.
- - jakob@cvs.openbsd.org 2001/03/11 15:13:09
- [key.c]
- cleanup & shorten some var names key_fingerprint_bubblebabble.
- - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
- [ssh-keygen.c]
- KNF, and SHA1 binary output is just creeping featurism
- - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
- test if snprintf() supports %ll
- add /dev to search path for PRNGD/EGD socket
- fix my mistake in USER_PATH test program
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/11 18:29:51
- [key.c]
- style+cleanup
- - markus@cvs.openbsd.org 2001/03/11 22:33:24
- [ssh-keygen.1 ssh-keygen.c]
- remove -v again. use -B instead for bubblebabble. make -B consistent
- with -l and make -B work with /path/to/known_hosts. ok deraadt@
- - (djm) Bump portable version number for generating test RPMs
- - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
- - (bal) Reorder includes in Makefile.
-
-20010311
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/10 12:48:27
- [sshconnect2.c]
- ignore nonexisting private keys; report rjmooney@mediaone.net
- - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
- [readconf.c ssh_config]
- default to SSH2, now that m68k runs fast
- - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
- [ttymodes.c ttymodes.h]
- remove unused sgtty macros; ok markus@
- - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
- [compat.c compat.h sshconnect.c]
- all known netscreen ssh versions, and older versions of OSU ssh cannot
- handle password padding (newer OSU is fixed)
- - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
- make sure $bindir is in USER_PATH so scp will work
- - OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2001/03/10 17:51:04
- [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
- add PreferredAuthentications
-
-20010310
- - OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
- [ssh-keygen.c]
- create *.pub files with umask 0644, so that you can mv them to
- authorized_keys
- - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
- [sshd.c]
- typo; slade@shore.net
- - Removed log.o from sftp client. Not needed.
-
-20010309
- - OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
- [auth1.c]
- unused; ok markus@
- - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
- [sftp.1]
- spelling, cleanup; ok deraadt@
- - markus@cvs.openbsd.org 2001/03/08 21:42:33
- [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
- implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
- no need to do enter passphrase or do expensive sign operations if the
- server does not accept key).
-
-20010308
- - OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2001/03/07 10:11:23
- [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
- Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
- functions and small protocol change.
- - markus@cvs.openbsd.org 2001/03/08 00:15:48
- [readconf.c ssh.1]
- turn off useprivilegedports by default. only rhost-auth needs
- this. older sshd's may need this, too.
- - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
- Dirk Markwardt <D.Markwardt@tu-bs.de>
-
-20010307
- - (bal) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
- [ssh-keyscan.c]
- appease gcc
- - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
- [sftp-int.c sftp.1 sftp.c]
- sftp -b batchfile; mouring@etoh.eviladmin.org
- - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
- [sftp.1]
- order things
- - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
- [ssh.1 sshd.8]
- the name "secure shell" is boring, noone ever uses it
- - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
- [ssh.1]
- removed dated comment
- - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
-
-20010306
- - (bal) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
- [sshd.8]
- alpha order; jcs@rt.fm
- - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
- [servconf.c]
- sync error message; ok markus@
- - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
- [myproposal.h ssh.1]
- switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
- provos & markus ok
- - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
- [sshd.8]
- detail default hmac setup too
- - markus@cvs.openbsd.org 2001/03/05 17:17:21
- [kex.c kex.h sshconnect2.c sshd.c]
- generate a 2*need size (~300 instead of 1024/2048) random private
- exponent during the DH key agreement. according to Niels (the great
- german advisor) this is safe since /etc/primes contains strong
- primes only.
-
- References:
- P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
- agreement with short exponents, In Advances in Cryptology
- - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
- - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
- [ssh.1]
- more ssh_known_hosts2 documentation; ok markus@
- - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
- [dh.c]
- spelling
- - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
- [authfd.c cli.c ssh-agent.c]
- EINTR/EAGAIN handling is required in more cases
- - millert@cvs.openbsd.org 2001/03/06 01:06:03
- [ssh-keyscan.c]
- Don't assume we wil get the version string all in one read().
- deraadt@ OK'd
- - millert@cvs.openbsd.org 2001/03/06 01:08:27
- [clientloop.c]
- If read() fails with EINTR deal with it the same way we treat EAGAIN
-
-20010305
- - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
- - (bal) CVS ID touch up on sftp-int.c
- - (bal) CVS ID touch up on uuencode.c
- - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
- - (bal) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
- [sshd.8]
- it's the OpenSSH one
- - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
- [ssh-keyscan.c]
- inline -> __inline__, and some indent
- - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
- [authfile.c]
- improve fd handling
- - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
- [sftp-server.c]
- careful with & and &&; markus ok
- - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
- [ssh.c]
- -i supports DSA identities now; ok markus@
- - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
- [servconf.c]
- grammar; slade@shore.net
- - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
- [ssh-keygen.1 ssh-keygen.c]
- document -d, and -t defaults to rsa1
- - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
- [ssh-keygen.1 ssh-keygen.c]
- bye bye -d
- - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
- [sshd_config]
- activate RSA 2 key
- - markus@cvs.openbsd.org 2001/02/22 21:57:27
- [ssh.1 sshd.8]
- typos/grammar from matt@anzen.com
- - markus@cvs.openbsd.org 2001/02/22 21:59:44
- [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
- use pwcopy in ssh.c, too
- - markus@cvs.openbsd.org 2001/02/23 15:34:53
- [serverloop.c]
- debug2->3
- - markus@cvs.openbsd.org 2001/02/23 18:15:13
- [sshd.c]
- the random session key depends now on the session_key_int
- sent by the 'attacker'
- dig1 = md5(cookie|session_key_int);
- dig2 = md5(dig1|cookie|session_key_int);
- fake_session_key = dig1|dig2;
- this change is caused by a mail from anakin@pobox.com
- patch based on discussions with my german advisor niels@openbsd.org
- - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
- [readconf.c]
- look for id_rsa by default, before id_dsa
- - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
- [sshd_config]
- ssh2 rsa key before dsa key
- - markus@cvs.openbsd.org 2001/02/27 10:35:27
- [packet.c]
- fix random padding
- - markus@cvs.openbsd.org 2001/02/27 11:00:11
- [compat.c]
- support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
- - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
- [misc.c]
- pull in protos
- - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
- [sftp.c]
- do not kill the subprocess on termination (we will see if this helps
- things or hurts things)
- - markus@cvs.openbsd.org 2001/02/28 08:45:39
- [clientloop.c]
- fix byte counts for ssh protocol v1
- - markus@cvs.openbsd.org 2001/02/28 08:54:55
- [channels.c nchan.c nchan.h]
- make sure remote stderr does not get truncated.
- remove closed fd's from the select mask.
- - markus@cvs.openbsd.org 2001/02/28 09:57:07
- [packet.c packet.h sshconnect2.c]
- in ssh protocol v2 use ignore messages for padding (instead of
- trailing \0).
- - markus@cvs.openbsd.org 2001/02/28 12:55:07
- [channels.c]
- unify debug messages
- - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
- [misc.c]
- for completeness, copy pw_gecos too
- - markus@cvs.openbsd.org 2001/02/28 21:21:41
- [sshd.c]
- generate a fake session id, too
- - markus@cvs.openbsd.org 2001/02/28 21:27:48
- [channels.c packet.c packet.h serverloop.c]
- use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
- use random content in ignore messages.
- - markus@cvs.openbsd.org 2001/02/28 21:31:32
- [channels.c]
- typo
- - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
- [authfd.c]
- split line so that p will have an easier time next time around
- - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
- [ssh.c]
- shorten usage by a line
- - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
- [auth-rsa.c auth2.c deattack.c packet.c]
- KNF
- - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
- [cli.c cli.h rijndael.h ssh-keyscan.1]
- copyright notices on all source files
- - markus@cvs.openbsd.org 2001/03/01 22:46:37
- [ssh.c]
- don't truncate remote ssh-2 commands; from mkubita@securities.cz
- use min, not max for logging, fixes overflow.
- - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
- [sshd.8]
- explain SIGHUP better
- - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
- [sshd.8]
- doc the dsa/rsa key pair files
- - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
- [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
- scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
- ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
- make copyright lines the same format
- - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
- [ssh-keyscan.c]
- standard theo sweep
- - millert@cvs.openbsd.org 2001/03/03 21:19:41
- [ssh-keyscan.c]
- Dynamically allocate read_wait and its copies. Since maxfd is
- based on resource limits it is often (usually?) larger than FD_SETSIZE.
- - millert@cvs.openbsd.org 2001/03/03 21:40:30
- [sftp-server.c]
- Dynamically allocate fd_set; deraadt@ OK
- - millert@cvs.openbsd.org 2001/03/03 21:41:07
- [packet.c]
- Dynamically allocate fd_set; deraadt@ OK
- - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
- [sftp-server.c]
- KNF
- - markus@cvs.openbsd.org 2001/03/03 23:52:22
- [sftp.c]
- clean up arg processing. based on work by Christophe_Moret@hp.com
- - markus@cvs.openbsd.org 2001/03/03 23:59:34
- [log.c ssh.c]
- log*.c -> log.c
- - markus@cvs.openbsd.org 2001/03/04 00:03:59
- [channels.c]
- debug1->2
- - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
- [ssh.c]
- add -m to usage; ok markus@
- - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
- [sshd.8]
- small cleanup and clarify for PermitRootLogin; ok markus@
- - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
- [servconf.c sshd.8]
- kill obsolete RandomSeed; ok markus@ deraadt@
- - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
- [sshd.8]
- spelling
- - millert@cvs.openbsd.org 2001/03/04 17:42:28
- [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
- ssh.c sshconnect.c sshd.c]
- log functions should not be passed strings that end in newline as they
- get passed on to syslog() and when logging to stderr, do_log() appends
- its own newline.
- - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
- [sshd.8]
- list SSH2 ciphers
- - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
- - (bal) Fix up logging since it changed. removed log-*.c
- - (djm) Fix up LOG_AUTHPRIV for systems that have it
- - (stevesk) OpenBSD sync:
- - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
- [ssh-keyscan.c]
- skip inlining, why bother
- - (stevesk) sftp.c: handle __progname
-
-20010304
- - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
- - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
- give Mark Roth credit for mdoc2man.pl
-
-20010303
- - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
- - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
- - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
- - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
- "--with-egd-pool" configure option with "--with-prngd-socket" and
- "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
-
-20010301
- - (djm) Properly add -lcrypt if needed.
- - (djm) Force standard PAM conversation function in a few more places.
- Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
- <nalin@redhat.com>
- - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
- <vinschen@redhat.com>
- - (djm) Released 2.5.1p2
-
-20010228
- - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
- "Bad packet length" bugs.
- - (djm) Fully revert PAM session patch (again). All PAM session init is
- now done before the final fork().
- - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
- - (djm) Remove /tmp from EGD socket search list
-
-20010227
- - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
- <vinschen@redhat.com>
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/02/23 15:37:45
- [session.c]
- handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
- - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
- <jmknoble@jmknoble.cx>
- - (djm) Fix up POSIX saved uid support. Report from Mark Miller
- <markm@swoon.net>
- - (djm) Search for -lcrypt on FreeBSD too
- - (djm) fatal() on OpenSSL version mismatch
- - (djm) Move PAM init to after fork for non-Solaris derived PAMs
- - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
- <markm@swoon.net>
- - (djm) Fix PAM fix
- - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
- change is being made as 2.5.x configfiles are not back-compatible with
- 2.3.x.
- - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
- <markm@swoon.net>
- - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
- <tim@multitalents.net>
- - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
- <tim@multitalents.net>
-
-20010226
- - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
- - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
- Based on patch from Tim Rice <tim@multitalents.net>
-
-20010225
- - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
- Patch from Adrian Ho <lexfiend@usa.net>
- - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
- platform defines u_int64_t as being that.
-
-20010224
- - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
- Vinschen <vinschen@redhat.com>
- - (bal) Reorder where 'strftime' is detected to resolve linking
- issues on SCO. Patch by Tim Rice <tim@multitalents.net>
-
-20010224
- - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
- Patch by Pekka Savola <pekkas@netcore.fi>
- - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
- some platforms.
- - (bal) Generalize lack of UNIX sockets since this also effects Cray
- not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
-
-20010223
- - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
- <tell@telltronics.org>
- - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
- that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
- - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
- <tim@multitalents.net>
-
-20010222
- - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
- - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
- - (bal) Removed reference to liblogin from contrib/README. It was
- integrated into OpenSSH a long while ago.
- - (stevesk) remove erroneous #ifdef sgi code.
- Michael Stone <mstone@cs.loyola.edu>
-
-20010221
- - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
- - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
- <tim@multitalents.net>
- - (bal) Reverted out of 2001/02/15 patch by djm below because it
- breaks Solaris.
- - (djm) Move PAM session setup back to before setuid to user.
- fixes problems on Solaris-drived PAMs.
- - (stevesk) session.c: back out to where we were before:
- - (djm) Move PAM session initialisation until after fork in sshd. Patch
- from Nalin Dahyabhai <nalin@redhat.com>
-
-20010220
- - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
- getcwd.c.
- - (bal) OpenBSD CVS Sync:
- - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
- [sshd.c]
- clarify message to make it not mention "ident"
-
-20010219
- - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
- pty.[ch] -> sshpty.[ch]
- - (djm) Rework search for OpenSSL location. Skip directories which don't
- exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
- with its limit of 6 -L options.
- - OpenBSD CVS Sync:
- - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
- [sftp.1]
- typo
- - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
- [ssh.c]
- cleanup -V output; noted by millert
- - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
- [sshd.8]
- it's the OpenSSH one
- - markus@cvs.openbsd.org 2001/02/18 11:33:54
- [dispatch.c]
- typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
- - markus@cvs.openbsd.org 2001/02/19 02:53:32
- [compat.c compat.h serverloop.c]
- ssh-1.2.{18-22} has broken handling of ignore messages; report from
- itojun@
- - markus@cvs.openbsd.org 2001/02/19 03:35:23
- [version.h]
- OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
- - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
- [scp.c]
- np is changed by recursion; vinschen@redhat.com
- - Update versions in RPM spec files
- - Release 2.5.1p1
-
-20010218
- - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
- <tim@multitalents.net>
- - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
- stevesk
- - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
- <vinschen@redhat.com> and myself.
- - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
- Miskiewicz <misiek@pld.ORG.PL>
- - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
- Todd C. Miller <Todd.Miller@courtesan.com>
- - (djm) Use ttyname() to determine name of tty returned by openpty()
- rather then risking overflow. Patch from Marek Michalkiewicz
- <marekm@amelek.gda.pl>
- - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
- Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
- - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
- - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
- SunOS)
- - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
- <tim@multitalents.net>
- - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
- - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
- - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
- SIGALRM.
- - (djm) Move entropy.c over to mysignal()
- - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
- a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
- Miller <Todd.Miller@courtesan.com>
- - (djm) Update RPM spec files for 2.5.0p1
- - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
- enable with --with-bsd-auth.
- - (stevesk) entropy.c: typo; should be SIGPIPE
-
-20010217
- - (bal) OpenBSD Sync:
- - markus@cvs.openbsd.org 2001/02/16 13:38:18
- [channel.c]
- remove debug
- - markus@cvs.openbsd.org 2001/02/16 14:03:43
- [session.c]
- proper payload-length check for x11 w/o screen-number
-
-20010216
- - (bal) added '--with-prce' to allow overriding of system regex when
- required (tested by David Dulek <ddulek@fastenal.com>)
- - (bal) Added DG/UX case and set that they have a broken IPTOS.
- - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
- Fixes linking on SCO.
- - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
- Nalin Dahyabhai <nalin@redhat.com>
- - (djm) BSD license for gnome-ssh-askpass (was X11)
- - (djm) KNF on gnome-ssh-askpass
- - (djm) USE_PIPES for a few more sysv platforms
- - (djm) Cleanup configure.in a little
- - (djm) Ask users to check config.log when we can't find necessary libs
- - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
- OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
- - (djm) OpenBSD CVS:
- - markus@cvs.openbsd.org 2001/02/15 16:19:59
- [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
- [sshconnect1.c sshconnect2.c]
- genericize password padding function for SSH1 and SSH2.
- add stylized echo to 2, too.
- - (djm) Add roundup() macro to defines.h
- - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
- needed on Unixware 2.x.
-
-20010215
- - (djm) Move PAM session setup back to before setuid to user. Fixes
- problems on Solaris-derived PAMs.
- - (djm) Clean up PAM namespace. Suggested by Darren Moffat
- <Darren.Moffat@eng.sun.com>
- - (bal) Sync w/ OpenSSH for new release
- - markus@cvs.openbsd.org 2001/02/12 12:45:06
- [sshconnect1.c]
- fix xmalloc(0), ok dugsong@
- - markus@cvs.openbsd.org 2001/02/11 12:59:25
- [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
- sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
- 1) clean up the MAC support for SSH-2
- 2) allow you to specify the MAC with 'ssh -m'
- 3) or the 'MACs' keyword in ssh(d)_config
- 4) add hmac-{md5,sha1}-96
- ok stevesk@, provos@
- - markus@cvs.openbsd.org 2001/02/12 16:16:23
- [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
- ssh-keygen.c sshd.8]
- PermitRootLogin={yes,without-password,forced-commands-only,no}
- (before this change, root could login even if PermitRootLogin==no)
- - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
- [clientloop.c packet.c ssh-keyscan.c]
- deal with EAGAIN/EINTR selects which were skipped
- - markus@cvs.openssh.org 2001/02/13 22:49:40
- [auth1.c auth2.c]
- setproctitle(user) only if getpwnam succeeds
- - markus@cvs.openbsd.org 2001/02/12 23:26:20
- [sshd.c]
- missing memset; from solar@openwall.com
- - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
- [sftp-int.c]
- lumask now works with 1 numeric arg; ok markus@, djm@
- - djm@cvs.openbsd.org 2001/02/14 9:46:03
- [sftp-client.c sftp-int.c sftp.1]
- Fix and document 'preserve modes & times' option ('-p' flag in sftp);
- ok markus@
- - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
- - (djm) Move to Jim's 1.2.0 X11 askpass program
- - (stevesk) OpenBSD sync:
- - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
- [serverloop.c]
- indent
-
-20010214
- - (djm) Don't try to close PAM session or delete credentials if the
- session has not been open or credentials not set. Based on patch from
- Andrew Bartlett <abartlet@pcug.org.au>
- - (djm) Move PAM session initialisation until after fork in sshd. Patch
- from Nalin Dahyabhai <nalin@redhat.com>
- - (bal) Missing function prototype in bsd-snprintf.c patch by
- Mark Miller <markm@swoon.net>
- - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
- <cmadams@hiwaay.net> with a little modification and KNF.
- - (stevesk) fix for SIA patch, misplaced session_setup_sia()
-
-20010213
- - (djm) Only test -S potential EGD sockets if they exist and are readable.
- - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
- I did a base KNF over the whe whole file to make it more acceptable.
- (backed out of original patch and removed it from ChangeLog)
- - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
- Tim Rice <tim@multitalents.net>
- - (stevesk) auth1.c: fix PAM passwordless check.
-
-20010212
- - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
- --define "skip_gnome_askpass 1", --define "rh7 1" and make the
- implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
- Pekka Savola <pekkas@netcore.fi>
- - (djm) Clean up PCRE text in INSTALL
- - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
- <mib@unimelb.edu.au>
- - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
- - (stevesk) session.c: remove debugging code.
-
-20010211
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/02/07 22:35:46
- [auth1.c auth2.c sshd.c]
- move k_setpag() to a central place; ok dugsong@
- - markus@cvs.openbsd.org 2001/02/10 12:52:02
- [auth2.c]
- offer passwd before s/key
- - markus@cvs.openbsd.org 2001/02/8 22:37:10
- [canohost.c]
- remove last call to sprintf; ok deraadt@
- - markus@cvs.openbsd.org 2001/02/10 1:33:32
- [canohost.c]
- add debug message, since sshd blocks here if DNS is not available
- - markus@cvs.openbsd.org 2001/02/10 12:44:02
- [cli.c]
- don't call vis() for \r
- - danh@cvs.openbsd.org 2001/02/10 0:12:43
- [scp.c]
- revert a small change to allow -r option to work again; ok deraadt@
- - danh@cvs.openbsd.org 2001/02/10 15:14:11
- [scp.c]
- fix memory leak; ok markus@
- - djm@cvs.openbsd.org 2001/02/10 0:45:52
- [scp.1]
- Mention that you can quote pathnames with spaces in them
- - markus@cvs.openbsd.org 2001/02/10 1:46:28
- [ssh.c]
- remove mapping of argv[0] -> hostname
- - markus@cvs.openbsd.org 2001/02/06 22:26:17
- [sshconnect2.c]
- do not ask for passphrase in batch mode; report from ejb@ql.org
- - itojun@cvs.opebsd.org 2001/02/08 10:47:05
- [sshconnect.c sshconnect1.c sshconnect2.c]
- %.30s is too short for IPv6 numeric address. use %.128s for now.
- markus ok
- - markus@cvs.openbsd.org 2001/02/09 12:28:35
- [sshconnect2.c]
- do not free twice, thanks to /etc/malloc.conf
- - markus@cvs.openbsd.org 2001/02/09 17:10:53
- [sshconnect2.c]
- partial success: debug->log; "Permission denied" if no more auth methods
- - markus@cvs.openbsd.org 2001/02/10 12:09:21
- [sshconnect2.c]
- remove some lines
- - markus@cvs.openbsd.org 2001/02/09 13:38:07
- [auth-options.c]
- reset options if no option is given; from han.holl@prismant.nl
- - markus@cvs.openbsd.org 2001/02/08 21:58:28
- [channels.c]
- nuke sprintf, ok deraadt@
- - markus@cvs.openbsd.org 2001/02/08 21:58:28
- [channels.c]
- nuke sprintf, ok deraadt@
- - markus@cvs.openbsd.org 2001/02/06 22:43:02
- [clientloop.h]
- remove confusing callback code
- - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
- [readconf.c]
- snprintf
- - itojun@cvs.openbsd.org 2001/02/08 19:30:52
- sync with netbsd tree changes.
- - more strict prototypes, include necessary headers
- - use paths.h/pathnames.h decls
- - size_t typecase to int -> u_long
- - itojun@cvs.openbsd.org 2001/02/07 18:04:50
- [ssh-keyscan.c]
- fix size_t -> int cast (use u_long). markus ok
- - markus@cvs.openbsd.org 2001/02/07 22:43:16
- [ssh-keyscan.c]
- s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
- - itojun@cvs.openbsd.org 2001/02/09 9:04:59
- [ssh-keyscan.c]
- do not assume malloc() returns zero-filled region. found by
- malloc.conf=AJ.
- - markus@cvs.openbsd.org 2001/02/08 22:35:30
- [sshconnect.c]
- don't connect if batch_mode is true and stricthostkeychecking set to
- 'ask'
- - djm@cvs.openbsd.org 2001/02/04 21:26:07
- [sshd_config]
- type: ok markus@
- - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
- [sshd_config]
- enable sftp-server by default
- - deraadt 2001/02/07 8:57:26
- [xmalloc.c]
- deal with new ANSI malloc stuff
- - markus@cvs.openbsd.org 2001/02/07 16:46:08
- [xmalloc.c]
- typo in fatal()
- - itojun@cvs.openbsd.org 2001/02/07 18:04:50
- [xmalloc.c]
- fix size_t -> int cast (use u_long). markus ok
- - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
- [serverloop.c sshconnect1.c]
- mitigate SSH1 traffic analysis - from Solar Designer
- <solar@openwall.com>, ok provos@
- - (bal) fixed sftp-client.c. Return 'status' instead of '0'
- (from the OpenBSD tree)
- - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
- - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
- - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
- - (bal) A bit more whitespace cleanup
- - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
- <abartlet@pcug.org.au>
- - (stevesk) misc.c: ssh.h not needed.
- - (stevesk) compat.c: more friendly cpp error
- - (stevesk) OpenBSD sync:
- - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
- [LICENSE]
- typos and small cleanup; ok deraadt@
-
-20010210
- - (djm) Sync sftp and scp stuff from OpenBSD:
- - djm@cvs.openbsd.org 2001/02/07 03:55:13
- [sftp-client.c]
- Don't free handles before we are done with them. Based on work from
- Corinna Vinschen <vinschen@redhat.com>. ok markus@
- - djm@cvs.openbsd.org 2001/02/06 22:32:53
- [sftp.1]
- Punctuation fix from Pekka Savola <pekkas@netcore.fi>
- - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
- [sftp.1]
- pretty up significantly
- - itojun@cvs.openbsd.org 2001/02/07 06:49:42
- [sftp.1]
- .Bl-.El mismatch. markus ok
- - djm@cvs.openbsd.org 2001/02/07 06:12:30
- [sftp-int.c]
- Check that target is a directory before doing ls; ok markus@
- - itojun@cvs.openbsd.org 2001/02/07 11:01:18
- [scp.c sftp-client.c sftp-server.c]
- unsigned long long -> %llu, not %qu. markus ok
- - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
- [sftp.1 sftp-int.c]
- more man page cleanup and sync of help text with man page; ok markus@
- - markus@cvs.openbsd.org 2001/02/07 14:58:34
- [sftp-client.c]
- older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
- - djm@cvs.openbsd.org 2001/02/07 15:27:19
- [sftp.c]
- Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
- <roumen.petrov@skalasoft.com>
- - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
- [sftp-int.c]
- portable; ok markus@
- - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
- [sftp-int.c]
- lowercase cmds[].c also; ok markus@
- - markus@cvs.openbsd.org 2001/02/07 17:04:52
- [pathnames.h sftp.c]
- allow sftp over ssh protocol 1; ok djm@
- - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
- [scp.c]
- memory leak fix, and snprintf throughout
- - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
- [sftp-int.c]
- plug a memory leak
- - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
- [session.c sftp-client.c]
- %i -> %d
- - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
- [sftp-int.c]
- typo
- - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
- [sftp-int.c pathnames.h]
- _PATH_LS; ok markus@
- - djm@cvs.openbsd.org 2001/02/09 04:46:25
- [sftp-int.c]
- Check for NULL attribs for chown, chmod & chgrp operations, only send
- relevant attribs back to server; ok markus@
- - djm@cvs.openbsd.org 2001/02/06 15:05:25
- [sftp.c]
- Use getopt to process commandline arguments
- - djm@cvs.openbsd.org 2001/02/06 15:06:21
- [sftp.c ]
- Wait for ssh subprocess at exit
- - djm@cvs.openbsd.org 2001/02/06 15:18:16
- [sftp-int.c]
- stat target for remote chdir before doing chdir
- - djm@cvs.openbsd.org 2001/02/06 15:32:54
- [sftp.1]
- Punctuation fix from Pekka Savola <pekkas@netcore.fi>
- - provos@cvs.openbsd.org 2001/02/05 22:22:02
- [sftp-int.c]
- cleanup get_pathname, fix pwd after failed cd. okay djm@
- - (djm) Update makefile.in for _PATH_SFTP_SERVER
- - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
-
-20010209
- - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
- <rjmooney@mediaone.net>
- - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
- main tree while porting forward. Pointed out by Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - (stevesk) OpenBSD sync:
- - markus@cvs.openbsd.org 2001/02/08 11:20:01
- [auth2.c]
- strict checking
- - markus@cvs.openbsd.org 2001/02/08 11:15:22
- [version.h]
- update to 2.3.2
- - markus@cvs.openbsd.org 2001/02/08 11:12:30
- [auth2.c]
- fix typo
- - (djm) Update spec files
- - (bal) OpenBSD sync:
- - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
- [scp.c]
- memory leak fix, and snprintf throughout
- - markus@cvs.openbsd.org 2001/02/06 22:43:02
- [clientloop.c]
- remove confusing callback code
- - (djm) Add CVS Id's to files that we have missed
- - (bal) OpenBSD Sync (more):
- - itojun@cvs.openbsd.org 2001/02/08 19:30:52
- sync with netbsd tree changes.
- - more strict prototypes, include necessary headers
- - use paths.h/pathnames.h decls
- - size_t typecase to int -> u_long
- - markus@cvs.openbsd.org 2001/02/06 22:07:42
- [ssh.c]
- fatal() if subsystem fails
- - markus@cvs.openbsd.org 2001/02/06 22:43:02
- [ssh.c]
- remove confusing callback code
- - jakob@cvs.openbsd.org 2001/02/06 23:03:24
- [ssh.c]
- add -1 option (force protocol version 1). ok markus@
- - jakob@cvs.openbsd.org 2001/02/06 23:06:21
- [ssh.c]
- reorder -{1,2,4,6} options. ok markus@
- - (bal) Missing 'const' in readpass.h
- - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
- - djm@cvs.openbsd.org 2001/02/06 23:30:28
- [sftp-client.c]
- replace arc4random with counter for request ids; ok markus@
- - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
- Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
-
-20010208
- - (djm) Don't delete external askpass program in make uninstall target.
- Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
- - (djm) Fix linking of sftp, don't need arc4random any more.
- - (djm) Try to use shell that supports "test -S" for EGD socket search.
- Based on patch from Tim Rice <tim@multitalents.net>
-
-20010207
- - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
- seem lose track of it while in openbsd-compat/ (two confirmed reports)
- - (djm) Much KNF on PAM code
- - (djm) Revise auth-pam.c conversation function to be a little more
- readable.
- - (djm) Revise kbd-int PAM conversation function to fold all text messages
- to before first prompt. Fixes hangs if last pam_message did not require
- a reply.
- - (djm) Fix password changing when using PAM kbd-int authentication
-
-20010205
- - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
- that don't have NGROUPS_MAX.
- - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
- - (stevesk) OpenBSD sync:
- - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
- [many files; did this manually to our top-level source dir]
- unexpand and remove end-of-line whitespace; ok markus@
- - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
- [sftp-server.c]
- SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
- - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
- [sftp-int.c]
- ? == help
- - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
- [sftp-int.c]
- sort commands, so that abbreviations work as expected
- - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
- [sftp-int.c]
- debugging sftp: precedence and missing break. chmod, chown, chgrp
- seem to be working now.
- - markus@cvs.openbsd.org 2001/02/04 14:41:21
- [sftp-int.c]
- use base 8 for umask/chmod
- - markus@cvs.openbsd.org 2001/02/04 11:11:54
- [sftp-int.c]
- fix LCD
- - markus@cvs.openbsd.org 2001/02/04 08:10:44
- [ssh.1]
- typo; dpo@club-internet.fr
- - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
- [auth2.c authfd.c packet.c]
- remove duplicate #include's; ok markus@
- - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
- [scp.c sshd.c]
- alpha happiness
- - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
- [sshd.c]
- precedence; ok markus@
- - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
- [ssh.c sshd.c]
- make the alpha happy
- - markus@cvs.openbsd.org 2001/01/31 13:37:24
- [channels.c channels.h serverloop.c ssh.c]
- do not disconnect if local port forwarding fails, e.g. if port is
- already in use
- - markus@cvs.openbsd.org 2001/02/01 14:58:09
- [channels.c]
- use ipaddr in channel messages, ietf-secsh wants this
- - markus@cvs.openbsd.org 2001/01/31 12:26:20
- [channels.c]
- ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
- messages; bug report from edmundo@rano.org
- - markus@cvs.openbsd.org 2001/01/31 13:48:09
- [sshconnect2.c]
- unused
- - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
- [sftp-client.c sftp-server.c]
- make gcc on the alpha even happier
-
-20010204
- - (bal) I think this is the last of the bsd-*.h that don't belong.
- - (bal) Minor Makefile fix
- - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
- right.
- - (bal) Changed order of LIB="" in -with-skey due to library resolving.
- - (bal) next-posix.h changed to bsd-nextstep.h
- - (djm) OpenBSD CVS sync:
- - markus@cvs.openbsd.org 2001/02/03 03:08:38
- [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
- [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
- [sshd_config]
- make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
- - markus@cvs.openbsd.org 2001/02/03 03:19:51
- [ssh.1 sshd.8 sshd_config]
- Skey is now called ChallengeResponse
- - markus@cvs.openbsd.org 2001/02/03 03:43:09
- [sshd.8]
- use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
- channel. note from Erik.Anggard@cygate.se (pr/1659)
- - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
- [ssh.1]
- typos; ok markus@
- - djm@cvs.openbsd.org 2001/02/04 04:11:56
- [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
- [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
- Basic interactive sftp client; ok theo@
- - (djm) Update RPM specs for new sftp binary
- - (djm) Update several bits for new optional reverse lookup stuff. I
- think I got them all.
- - (djm) Makefile.in fixes
- - (stevesk) add mysignal() wrapper and use it for the protocol 2
- SIGCHLD handler.
- - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
-
-20010203
- - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
- - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
- based file) to ensure #include space does not get confused.
- - (bal) Minor Makefile.in tweak. dirname may not exist on some
- platforms so builds fail. (NeXT being a well known one)
-
-20010202
- - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
- <vinschen@redhat.com>
- - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
- that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
-
-20010201
- - (bal) Minor fix to Makefile to stop rebuilding executables if no
- changes have occured to any of the supporting code. Patch by
- Roumen Petrov <roumen.petrov@skalasoft.com>
-
-20010131
- - (djm) OpenBSD CVS Sync:
- - djm@cvs.openbsd.org 2001/01/30 15:48:53
- [sshconnect.c]
- Make warning message a little more consistent. ok markus@
- - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
- Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
- respectively.
- - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
- passwords.
- - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
- openbsd-compat/. And resolve all ./configure and Makefile.in issues
- assocated.
-
-20010130
- - (djm) OpenBSD CVS Sync:
- - markus@cvs.openbsd.org 2001/01/29 09:55:37
- [channels.c channels.h clientloop.c serverloop.c]
- fix select overflow; ok deraadt@ and stevesk@
- - markus@cvs.openbsd.org 2001/01/29 12:42:35
- [canohost.c canohost.h channels.c clientloop.c]
- add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
- - markus@cvs.openbsd.org 2001/01/29 12:47:32
- [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
- handle rsa_private_decrypt failures; helps against the Bleichenbacher
- pkcs#1 attack
- - djm@cvs.openbsd.org 2001/01/29 05:36:11
- [ssh.1 ssh.c]
- Allow invocation of sybsystem by commandline (-s); ok markus@
- - (stevesk) configure.in: remove duplicate PROG_LS
-
-20010129
- - (stevesk) sftp-server.c: use %lld vs. %qd
-
-20010128
- - (bal) Put USE_PIPES back into sco3.2v5
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/01/28 10:15:34
- [dispatch.c]
- re-keying is not supported; ok deraadt@
- - markus@cvs.openbsd.org 2001/01/28 10:24:04
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
- cleanup AUTHORS sections
- - markus@cvs.openbsd.org 2001/01/28 10:37:26
- [sshd.c sshd.8]
- remove -Q, no longer needed
- - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
- [readconf.c ssh.1]
- ``StrictHostKeyChecking ask'' documentation and small cleanup.
- ok markus@
- - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
- [sshd.8]
- spelling. ok markus@
- - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
- [xmalloc.c]
- use size_t for strlen() return. ok markus@
- - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
- [authfile.c]
- spelling. use sizeof vs. strlen(). ok markus@
- - niklas@cvs.openbsd.org 2001/01/29 1:59:14
- [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
- groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
- key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
- radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
- ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
- sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
- $OpenBSD$
- - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
-
-20010126
- - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
- Petrov <roumen.petrov@skalasoft.com>
- - (bal) OpenBSD Sync
- - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
- [ssh-agent.c]
- call _exit() in signal handler
-
-20010125
- - (djm) Sync bsd-* support files:
- - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
- [rresvport.c bindresvport.c]
- new bindresvport() semantics that itojun, shin, jean-luc and i have
- agreed on, which will be happy for the future. bindresvport_sa() for
- sockaddr *, too. docs later..
- - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
- [bindresvport.c]
- in bindresvport(), if sin is non-NULL, example sin->sin_family for
- the actual family being processed
- - (djm) Mention PRNGd in documentation, it is nicer than EGD
- - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
- - (bal) AC_FUNC_STRFTIME added to autoconf
- - (bal) OpenBSD Resync
- - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
- [channels.c]
- missing freeaddrinfo(); ok markus@
-
-20010124
- - (bal) OpenBSD Resync
- - markus@cvs.openbsd.org 2001/01/23 10:45:10
- [ssh.h]
- nuke comment
- - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
- - (bal) #ifdef around S_IFSOCK if platform does not support it.
- patch by Tim Rice <tim@multitalents.net>
- - (bal) fake-regex.h cleanup based on Tim Rice's patch.
- - (stevesk) sftp-server.c: fix chmod() mode mask
-
-20010123
- - (bal) regexp.h typo in configure.in. Should have been regex.h
- - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
- - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
- - (bal) OpenBSD Resync
- - markus@cvs.openbsd.org 2001/01/22 8:15:00
- [auth-krb4.c sshconnect1.c]
- only AFS needs radix.[ch]
- - markus@cvs.openbsd.org 2001/01/22 8:32:53
- [auth2.c]
- no need to include; from mouring@etoh.eviladmin.org
- - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
- [key.c]
- free() -> xfree(); ok markus@
- - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
- [sshconnect2.c sshd.c]
- fix memory leaks in SSH2 key exchange; ok markus@
- - markus@cvs.openbsd.org 2001/01/22 23:06:39
- [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
- sshconnect1.c sshconnect2.c sshd.c]
- rename skey -> challenge response.
- auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
-
-
-20010122
- - (bal) OpenBSD Resync
- - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
- [servconf.c ssh.h sshd.c]
- only auth-chall.c needs #ifdef SKEY
- - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
- [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
- auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
- packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
- session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
- ssh1.h sshconnect1.c sshd.c ttymodes.c]
- move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- - markus@cvs.openbsd.org 2001/01/19 16:48:14
- [sshd.8]
- fix typo; from stevesk@
- - markus@cvs.openbsd.org 2001/01/19 16:50:58
- [ssh-dss.c]
- clear and free digest, make consistent with other code (use dlen); from
- stevesk@
- - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
- [auth-options.c auth-options.h auth-rsa.c auth2.c]
- pass the filename to auth_parse_options()
- - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
- [readconf.c]
- fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
- [sshconnect2.c]
- dh_new_group() does not return NULL. ok markus@
- - markus@cvs.openbsd.org 2001/01/20 21:33:42
- [ssh-add.c]
- do not loop forever if askpass does not exist; from
- andrew@pimlott.ne.mediaone.net
- - djm@cvs.openbsd.org 2001/01/20 23:00:56
- [servconf.c]
- Check for NULL return from strdelim; ok markus
- - djm@cvs.openbsd.org 2001/01/20 23:02:07
- [readconf.c]
- KNF; ok markus
- - jakob@cvs.openbsd.org 2001/01/21 9:00:33
- [ssh-keygen.1]
- remove -R flag; ok markus@
- - markus@cvs.openbsd.org 2001/01/21 19:05:40
- [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
- auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
- auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
- bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
- cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
- deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
- key.c key.h log-client.c log-server.c log.c log.h login.c login.h
- match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
- readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
- session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
- ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
- sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
- ttysmodes.c uidswap.c xmalloc.c]
- split ssh.h and try to cleanup the #include mess. remove unnecessary
- #includes. rename util.[ch] -> misc.[ch]
- - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
- conflict when compiling for non-kerb install
- - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
- on 1/19.
-
-20010120
- - (bal) OpenBSD Resync
- - markus@cvs.openbsd.org 2001/01/19 12:45:26
- [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
- only auth-chall.c needs #ifdef SKEY
- - (bal) Slight auth2-pam.c clean up.
- - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
- but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
-
-20010119
- - (djm) Update versions in RPM specfiles
- - (bal) OpenBSD Resync
- - markus@cvs.openbsd.org 2001/01/18 16:20:21
- [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
- sshd.8 sshd.c]
- log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
- systems
- - markus@cvs.openbsd.org 2001/01/18 16:59:59
- [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
- session.h sshconnect1.c]
- 1) removes fake skey from sshd, since this will be much
- harder with /usr/libexec/auth/login_XXX
- 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
- 3) make addition of BSD_AUTH and other challenge reponse methods
- easier.
- - markus@cvs.openbsd.org 2001/01/18 17:12:43
- [auth-chall.c auth2-chall.c]
- rename *-skey.c *-chall.c since the files are not skey specific
- - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
- to fix NULL pointer deref and fake authloop breakage in PAM code.
- - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
- - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
-
-20010118
- - (bal) Super Sized OpenBSD Resync
- - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
- [sshd.c]
- maxfd+1
- - markus@cvs.openbsd.org 2001/01/13 17:59:18
- [ssh-keygen.1]
- small ssh-keygen manpage cleanup; stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/13 18:03:07
- [scp.c ssh-keygen.c sshd.c]
- getopt() returns -1 not EOF; stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/13 18:06:54
- [ssh-keyscan.c]
- use SSH_DEFAULT_PORT; from stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/13 18:12:47
- [ssh-keyscan.c]
- free() -> xfree(); fix memory leak; from stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/13 18:14:13
- [ssh-add.c]
- typo, from stevesk@sweden.hp.com
- - markus@cvs.openbsd.org 2001/01/13 18:32:50
- [packet.c session.c ssh.c sshconnect.c sshd.c]
- split out keepalive from packet_interactive (from dale@accentre.com)
- set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
- - markus@cvs.openbsd.org 2001/01/13 18:36:45
- [packet.c packet.h]
- reorder, typo
- - markus@cvs.openbsd.org 2001/01/13 18:38:00
- [auth-options.c]
- fix comment
- - markus@cvs.openbsd.org 2001/01/13 18:43:31
- [session.c]
- Wall
- - markus@cvs.openbsd.org 2001/01/13 19:14:08
- [clientloop.h clientloop.c ssh.c]
- move callback to headerfile
- - markus@cvs.openbsd.org 2001/01/15 21:40:10
- [ssh.c]
- use log() instead of stderr
- - markus@cvs.openbsd.org 2001/01/15 21:43:51
- [dh.c]
- use error() not stderr!
- - markus@cvs.openbsd.org 2001/01/15 21:45:29
- [sftp-server.c]
- rename must fail if newpath exists, debug off by default
- - markus@cvs.openbsd.org 2001/01/15 21:46:38
- [sftp-server.c]
- readable long listing for sftp-server, ok deraadt@
- - markus@cvs.openbsd.org 2001/01/16 19:20:06
- [key.c ssh-rsa.c]
- make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
- galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
- since they are in the wrong format, too. they must be removed from
- .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
- (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
- .ssh/authorized_keys2) additionally, we now check that
- BN_num_bits(rsa->n) >= 768.
- - markus@cvs.openbsd.org 2001/01/16 20:54:27
- [sftp-server.c]
- remove some statics. simpler handles; idea from nisse@lysator.liu.se
- - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
- [bufaux.c radix.c sshconnect.h sshconnect1.c]
- indent
- - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
- be missing such feature.
-
-
-20010117
- - (djm) Only write random seed file at exit
- - (djm) Make PAM support optional, enable with --with-pam
- - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
- provides a crypt() of its own)
- - (djm) Avoid a warning in bsd-bindresvport.c
- - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
- can cause weird segfaults errors on Solaris
- - (djm) Avoid warning in PAM code by making read_passphrase arguments const
- - (djm) Add --with-pam to RPM spec files
-
-20010115
- - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
- - (bal) utimes() support via utime() interface on machine that lack utimes().
-
-20010114
- - (stevesk) initial work for OpenBSD "support supplementary group in
- {Allow,Deny}Groups" patch:
- - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
- - add bsd-getgrouplist.h
- - new files groupaccess.[ch]
- - build but don't use yet (need to merge auth.c changes)
- - (stevesk) complete:
- - markus@cvs.openbsd.org 2001/01/13 11:56:48
- [auth.c sshd.8]
- support supplementary group in {Allow,Deny}Groups
- from stevesk@pobox.com
-
-20010112
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/01/10 22:56:22
- [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
- cleanup sftp-server implementation:
- add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
- parse SSH2_FILEXFER_ATTR_EXTENDED
- send SSH2_FX_EOF if readdir returns no more entries
- reply to SSH2_FXP_EXTENDED message
- use #defines from the draft
- move #definations to sftp.h
- more info:
- http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
- - markus@cvs.openbsd.org 2001/01/10 19:43:20
- [sshd.c]
- XXX - generate_empheral_server_key() is not safe against races,
- because it calls log()
- - markus@cvs.openbsd.org 2001/01/09 21:19:50
- [packet.c]
- allow TCP_NDELAY for ipv6; from netbsd via itojun@
-
-20010110
- - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
- Bladt Norbert <Norbert.Bladt@adi.ch>
-
-20010109
- - (bal) Resync CVS ID of cli.c
- - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
- code.
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/01/08 22:29:05
- [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
- sshd_config version.h]
- implement option 'Banner /etc/issue.net' for ssh2, move version to
- 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
- is enabled).
- - markus@cvs.openbsd.org 2001/01/08 22:03:23
- [channels.c ssh-keyscan.c]
- O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/08 21:55:41
- [sshconnect1.c]
- more cleanups and fixes from stevesk@pobox.com:
- 1) try_agent_authentication() for loop will overwrite key just
- allocated with key_new(); don't alloc
- 2) call ssh_close_authentication_connection() before exit
- try_agent_authentication()
- 3) free mem on bad passphrase in try_rsa_authentication()
- - markus@cvs.openbsd.org 2001/01/08 21:48:17
- [kex.c]
- missing free; thanks stevesk@pobox.com
- - (bal) Detect if clock_t structure exists, if not define it.
- - (bal) Detect if O_NONBLOCK exists, if not define it.
- - (bal) removed news4-posix.h (now empty)
- - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
- instead of 'int'
- - (stevesk) sshd_config: sync
- - (stevesk) defines.h: remove spurious ``;''
-
-20010108
- - (bal) Fixed another typo in cli.c
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/01/07 21:26:55
- [cli.c]
- typo
- - markus@cvs.openbsd.org 2001/01/07 21:26:55
- [cli.c]
- missing free, stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/07 19:06:25
- [auth1.c]
- missing free, stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/07 11:28:04
- [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
- ssh.h sshd.8 sshd.c]
- rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
- syslog priority changes:
- fatal() LOG_ERR -> LOG_CRIT
- log() LOG_INFO -> LOG_NOTICE
- - Updated TODO
-
-20010107
- - (bal) OpenBSD Sync
- - markus@cvs.openbsd.org 2001/01/06 11:23:27
- [ssh-rsa.c]
- remove unused
- - itojun@cvs.openbsd.org 2001/01/05 08:23:29
- [ssh-keyscan.1]
- missing .El
- - markus@cvs.openbsd.org 2001/01/04 22:41:03
- [session.c sshconnect.c]
- consistent use of _PATH_BSHELL; from stevesk@pobox.com
- - djm@cvs.openbsd.org 2001/01/04 22:35:32
- [ssh.1 sshd.8]
- Mention AES as available SSH2 Cipher; ok markus
- - markus@cvs.openbsd.org 2001/01/04 22:25:58
- [sshd.c]
- sync usage()/man with defaults; from stevesk@pobox.com
- - markus@cvs.openbsd.org 2001/01/04 22:21:26
- [sshconnect2.c]
- handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
- that prints a banner (e.g. /etc/issue.net)
-
-20010105
- - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
- - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
-
-20010104
- - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
- work by Chris Vaughan <vaughan99@yahoo.com>
-
-20010103
- - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
- tree (mainly positioning)
- - (bal) OpenSSH CVS Update
- - markus@cvs.openbsd.org 2001/01/02 20:41:02
- [packet.c]
- log remote ip on disconnect; PR 1600 from jcs@rt.fm
- - markus@cvs.openbsd.org 2001/01/02 20:50:56
- [sshconnect.c]
- strict_host_key_checking for host_status != HOST_CHANGED &&
- ip_status == HOST_CHANGED
- - (bal) authfile.c: Synced CVS ID tag
- - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
- - (bal) Disable sftp-server if no 64bit int support exists. Based on
- patch by Tim Rice <tim@multitalents.net>
- - (bal) Makefile.in changes to uninstall: target to remove sftp-server
- and sftp-server.8 manpage.
-
-20010102
- - (bal) OpenBSD CVS Update
- - markus@cvs.openbsd.org 2001/01/01 14:52:49
- [scp.c]
- use shared fatal(); from stevesk@pobox.com
-
-20001231
- - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
- for multiple reasons.
- - (bal) Reverted out of a partial NeXT patch.
-
-20001230
- - (bal) OpenBSD CVS Update
- - markus@cvs.openbsd.org 2000/12/28 18:58:30
- [ssh-keygen.c]
- enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
- - markus@cvs.openbsd.org 2000/12/29 22:19:13
- [channels.c]
- missing xfree; from vaughan99@yahoo.com
- - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
- - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
- Suggested by Christian Kurz <shorty@debian.org>
- - (bal) Add in '.c.o' section to Makefile.in to address make programs that
- don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
-
-20001229
- - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
- Kurz <shorty@debian.org>
- - (bal) OpenBSD CVS Update
- - markus@cvs.openbsd.org 2000/12/28 14:25:51
- [auth.h auth2.c]
- count authentication failures only
- - markus@cvs.openbsd.org 2000/12/28 14:25:03
- [sshconnect.c]
- fingerprint for MITM attacks, too.
- - markus@cvs.openbsd.org 2000/12/28 12:03:57
- [sshd.8 sshd.c]
- document -D
- - markus@cvs.openbsd.org 2000/12/27 14:19:21
- [serverloop.c]
- less chatty
- - markus@cvs.openbsd.org 2000/12/27 12:34
- [auth1.c sshconnect2.c sshd.c]
- typo
- - markus@cvs.openbsd.org 2000/12/27 12:30:19
- [readconf.c readconf.h ssh.1 sshconnect.c]
- new option: HostKeyAlias: allow the user to record the host key
- under a different name. This is useful for ssh tunneling over
- forwarded connections or if you run multiple sshd's on different
- ports on the same machine.
- - markus@cvs.openbsd.org 2000/12/27 11:51:53
- [ssh.1 ssh.c]
- multiple -t force pty allocation, document ORIGINAL_COMMAND
- - markus@cvs.openbsd.org 2000/12/27 11:41:31
- [sshd.8]
- update for ssh-2
- - (stevesk) compress.[ch] sync with openbsd; missed in prototype
- fix merge.
-
-20001228
- - (bal) Patch to add libutil.h to loginrec.c only if the platform has
- libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
- - (djm) Update to new x11-askpass in RPM spec
- - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
- header. Patch by Tim Rice <tim@multitalents.net>
- - Updated TODO w/ known HP/UX issue
- - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
- bad reference to 'NeXT including it else were' on the #ifdef version.
-
-20001227
- - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
- Takumi Yamane <yamtak@b-session.com>
- - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
- by Corinna Vinschen <vinschen@redhat.com>
- - (djm) Fix catman-do target for non-bash
- - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
- Takumi Yamane <yamtak@b-session.com>
- - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
- by Corinna Vinschen <vinschen@redhat.com>
- - (djm) Fix catman-do target for non-bash
- - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
- - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
- 'RLIMIT_NOFILE'
- - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
- the info in COPYING.Ylonen has been moved to the start of each
- SSH1-derived file and README.Ylonen is well out of date.
-
-20001223
- - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
- if a change to config.h has occurred. Suggested by Gert Doering
- <gert@greenie.muc.de>
- - (bal) OpenBSD CVS Update:
- - markus@cvs.openbsd.org 2000/12/22 16:49:40
- [ssh-keygen.c]
- fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
-
-20001222
- - Updated RCSID for pty.c
- - (bal) OpenBSD CVS Updates:
- - markus@cvs.openbsd.org 2000/12/21 15:10:16
- [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
- print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- - markus@cvs.openbsd.org 2000/12/20 19:26:56
- [authfile.c]
- allow ssh -i userkey for root
- - markus@cvs.openbsd.org 2000/12/20 19:37:21
- [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
- fix prototypes; from stevesk@pobox.com
- - markus@cvs.openbsd.org 2000/12/20 19:32:08
- [sshd.c]
- init pointer to NULL; report from Jan.Ivan@cern.ch
- - markus@cvs.openbsd.org 2000/12/19 23:17:54
- [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
- auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
- bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
- crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
- key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
- packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
- serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
- ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
- uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
- replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
- unsigned' with u_char.
-
-20001221
- - (stevesk) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/19 15:43:45
- [authfile.c channels.c sftp-server.c ssh-agent.c]
- remove() -> unlink() for consistency
- - markus@cvs.openbsd.org 2000/12/19 15:48:09
- [ssh-keyscan.c]
- replace <ssl/x.h> with <openssl/x.h>
- - markus@cvs.openbsd.org 2000/12/17 02:33:40
- [uidswap.c]
- typo; from wsanchez@apple.com
+ call get_remote_ipaddr() early; fixes logging after client disconnects;
+ report mpf@; ok dtucker@
+ - markus@cvs.openbsd.org 2006/06/06 10:20:20
+ [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
+ replace remaining setuid() calls with permanently_set_uid() and
+ check seteuid() return values; report Marcus Meissner; ok dtucker djm
+ - markus@cvs.openbsd.org 2006/06/08 14:45:49
+ [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
+ do not set the gid, noted by solar; ok djm
+ - djm@cvs.openbsd.org 2006/06/13 01:18:36
+ [ssh-agent.c]
+ always use a format string, even when printing a constant
+ - djm@cvs.openbsd.org 2006/06/13 02:17:07
+ [ssh-agent.c]
+ revert; i am on drugs. spotted by alexander AT beard.se
+
+20060521
+ - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
+ and slave, we can remove the special-case handling in the audit hook in
+ auth_log.
+
+20060517
+ - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
+ pointer leak. From kjhall at us.ibm.com, found by coverity.
+
+20060515
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
+ _res, prevents problems on some platforms that have _res as a global but
+ don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
+ georg.schwarz at freenet.de, ok djm@.
+ - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
+ default. Patch originally from tim@, ok djm
+ - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
+ do not allow kbdint again after the PAM account check fails. ok djm@
+
+20060506
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
+ [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
+ Prevent ssh from trying to open private keys with bad permissions more than
+ once or prompting for their passphrases (which it subsequently ignores
+ anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
+ - djm@cvs.openbsd.org 2006/05/04 14:55:23
+ [dh.c]
+ tighter DH exponent checks here too; feedback and ok markus@
+ - djm@cvs.openbsd.org 2006/04/01 05:37:46
+ [OVERVIEW]
+ $OpenBSD$ in here too
+ - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
+ [auth-krb5.c]
+ Add $OpenBSD$ in comment here too
-20001220
- - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
- and Linux-PAM. Based on report and fix from Andrew Morgan
- <morgan@transmeta.com>
+20060504
+ - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
+ session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
+ openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
+ in Portable-only code; since calloc zeros, remove now-redundant memsets.
+ Also add a couple of sanity checks. With & ok djm@
-20001218
- - (stevesk) rsa.c: entropy.h not needed.
- - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
- Suggested by Wilfredo Sanchez <wsanchez@apple.com>
+20060503
+ - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
+ and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
+ "no objections" tim@
-20001216
- - (stevesk) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/16 02:53:57
- [scp.c]
- allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
- - markus@cvs.openbsd.org 2000/12/16 02:39:57
+20060423
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
[scp.c]
- unused; from stevesk@pobox.com
-
-20001215
- - (stevesk) Old OpenBSD patch wasn't completely applied:
- - markus@cvs.openbsd.org 2000/01/24 22:11:20
+ minimal lint cleanup (unused crud, and some size_t); ok djm
+ - djm@cvs.openbsd.org 2006/04/01 05:50:29
[scp.c]
- allow '.' in usernames; from jedgar@fxp.org
- - (stevesk) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/13 16:26:53
- [ssh-keyscan.c]
- fatal already adds \n; from stevesk@pobox.com
- - markus@cvs.openbsd.org 2000/12/13 16:25:44
+ xasprintification; ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/01 05:51:34
+ [atomicio.c]
+ ANSIfy; requested deraadt@
+ - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
+ [ssh-keysign.c]
+ sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
+ - djm@cvs.openbsd.org 2006/04/03 07:10:38
+ [gss-genr.c]
+ GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
+ by dleonard AT vintela.com. use xasprintf() to simplify code while in
+ there; "looks right" deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:48:52
+ [buffer.c buffer.h channels.c]
+ Fix condition where we could exit with a fatal error when an input
+ buffer became too large and the remote end had advertised a big window.
+ The problem was a mismatch in the backoff math between the channels code
+ and the buffer code, so make a buffer_check_alloc() function that the
+ channels code can use to propsectivly check whether an incremental
+ allocation will succeed. bz #1131, debugged with the assistance of
+ cove AT wildpackets.com; ok dtucker@ deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:52:55
+ [atomicio.c atomicio.h]
+ introduce atomiciov() function that wraps readv/writev to retry
+ interrupted transfers like atomicio() does for read/write;
+ feedback deraadt@ dtucker@ stevesk@ ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:54:10
+ [sftp-client.c]
+ avoid making a tiny 4-byte write to send the packet length of sftp
+ commands, which would result in a separate tiny packet on the wire by
+ using atomiciov(writev, ...) to write the length and the command in one
+ pass; ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 07:59:00
+ [atomicio.c]
+ reorder sanity test so that it cannot dereference past the end of the
+ iov array; well spotted canacar@!
+ - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
+ [bufaux.c bufbn.c Makefile.in]
+ Move Buffer bignum functions into their own file, bufbn.c. This means
+ that sftp and sftp-server (which use the Buffer functions in bufaux.c
+ but not the bignum ones) no longer need to be linked with libcrypto.
+ ok markus@
+ - djm@cvs.openbsd.org 2006/04/20 09:27:09
+ [auth.h clientloop.c dispatch.c dispatch.h kex.h]
+ replace the last non-sig_atomic_t flag used in a signal handler with a
+ sig_atomic_t, unfortunately with some knock-on effects in other (non-
+ signal) contexts in which it is used; ok markus@
+ - markus@cvs.openbsd.org 2006/04/20 09:47:59
+ [sshconnect.c]
+ simplify; ok djm@
+ - djm@cvs.openbsd.org 2006/04/20 21:53:44
+ [includes.h session.c sftp.c]
+ Switch from using pipes to socketpairs for communication between
+ sftp/scp and ssh, and between sshd and its subprocesses. This saves
+ a file descriptor per session and apparently makes userland ppp over
+ ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
+ decision on a per-platform basis)
+ - djm@cvs.openbsd.org 2006/04/22 04:06:51
+ [uidswap.c]
+ use setres[ug]id() to permanently revoke privileges; ok deraadt@
+ (ID Sync only - portable already uses setres[ug]id() whenever possible)
+ - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
+ [crc32.c]
+ remove extra spaces
+ - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
+ sig_atomic_t
+
+20060421
+ - (djm) [Makefile.in configure.ac session.c sshpty.c]
+ [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
+ [openbsd-compat/port-linux.h] Add support for SELinux, setting
+ the execution and TTY contexts. based on patch from Daniel Walsh,
+ bz #880; ok dtucker@
+
+20060418
+ - (djm) [canohost.c] Reorder IP options check so that it isn't broken
+ by mapped addresses; bz #1179 reported by markw wtech-llc.com;
+ ok dtucker@
+
+20060331
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
+ [xmalloc.c]
+ we can do the size & nmemb check before the integer overflow check;
+ evol
+ - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+ [dh.c]
+ use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
+ - djm@cvs.openbsd.org 2006/03/27 23:15:46
+ [sftp.c]
+ always use a format string for addargs; spotted by mouring@
+ - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
+ [README.tun ssh.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
+ [channels.c]
+ do not accept unreasonable X ports numbers; ok djm
+ - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
[ssh-agent.c]
- remove redundant spaces; from stevesk@pobox.com
- - ho@cvs.openbsd.org 2000/12/12 15:50:21
- [pty.c]
- When failing to set tty owner and mode on a read-only filesystem, don't
- abort if the tty already has correct owner and reasonably sane modes.
- Example; permit 'root' to login to a firewall with read-only root fs.
- (markus@ ok)
- - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
- [pty.c]
- KNF
- - markus@cvs.openbsd.org 2000/12/12 14:45:21
- [sshd.c]
- source port < 1024 is no longer required for rhosts-rsa since it
- adds no additional security.
- - markus@cvs.openbsd.org 2000/12/12 16:11:49
- [ssh.1 ssh.c]
- rhosts-rsa is no longer automagically disabled if ssh is not privileged.
- UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
- these changes should not change the visible default behaviour of the ssh client.
- - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
+ use strtonum() to parse the pid from the file, and range check it
+ better; ok djm
+ - djm@cvs.openbsd.org 2006/03/30 09:41:25
+ [channels.c]
+ ARGSUSED for dispatch table-driven functions
+ - djm@cvs.openbsd.org 2006/03/30 09:58:16
+ [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
+ [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
+ replace {GET,PUT}_XXBIT macros with functionally similar functions,
+ silencing a heap of lint warnings. also allows them to use
+ __bounded__ checking which can't be applied to macros; requested
+ by and feedback from deraadt@
+ - djm@cvs.openbsd.org 2006/03/30 10:41:25
+ [ssh.c ssh_config.5]
+ add percent escape chars to the IdentityFile option, bz #1159 based
+ on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
+ - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
+ [ssh-keygen.c]
+ Correctly handle truncated files while converting keys; ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
+ [auth.c monitor.c]
+ Prevent duplicate log messages when privsep=yes; ok djm@
+ - jmc@cvs.openbsd.org 2006/03/31 09:09:30
+ [ssh_config.5]
+ kill trailing whitespace;
+ - djm@cvs.openbsd.org 2006/03/31 09:13:56
+ [ssh_config.5]
+ remote user escape is %r not %h; spotted by jmc@
+
+20060326
+ - OpenBSD CVS Sync
+ - jakob@cvs.openbsd.org 2006/03/15 08:46:44
+ [ssh-keygen.c]
+ if no key file are given when printing the DNS host record, use the
+ host key file(s) as default. ok djm@
+ - biorn@cvs.openbsd.org 2006/03/16 10:31:45
[scp.c]
- when copying 0-sized files, do not re-print ETA time at completion
- - provos@cvs.openbsd.org 2000/12/15 10:30:15
- [kex.c kex.h sshconnect2.c sshd.c]
- compute diffie-hellman in parallel between server and client. okay markus@
-
-20001213
- - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
- from Andreas M. Kirchwitz <amk@krell.zikzak.de>
- - (stevesk) OpenBSD CVS update:
- - markus@cvs.openbsd.org 2000/12/12 15:30:02
- [ssh-keyscan.c ssh.c sshd.c]
- consistently use __progname; from stevesk@pobox.com
-
-20001211
- - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
- patch to install ssh-keyscan manpage. Patch by Pekka Savola
- <pekka@netcore.fi>
- - (bal) OpenbSD CVS update
- - markus@cvs.openbsd.org 2000/12/10 17:01:53
- [sshconnect1.c]
- always request new challenge for skey/tis-auth, fixes interop with
- other implementations; report from roth@feep.net
-
-20001210
- - (bal) OpenBSD CVS updates
- - markus@cvs.openbsd.org 2000/12/09 13:41:51
- [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
- undo rijndael changes
- - markus@cvs.openbsd.org 2000/12/09 13:48:31
- [rijndael.c]
- fix byte order bug w/o introducing new implementation
- - markus@cvs.openbsd.org 2000/12/09 14:08:27
- [sftp-server.c]
- "" -> "." for realpath; from vinschen@redhat.com
- - markus@cvs.openbsd.org 2000/12/09 14:06:54
- [ssh-agent.c]
- extern int optind; from stevesk@sweden.hp.com
- - provos@cvs.openbsd.org 2000/12/09 23:51:11
- [compat.c]
- remove unnecessary '\n'
-
-20001209
- - (bal) OpenBSD CVS updates:
- - djm@cvs.openbsd.org 2000/12/07 4:24:59
- [ssh.1]
- Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
-
-20001207
- - (bal) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/06 22:58:14
- [compat.c compat.h packet.c]
- disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
- - markus@cvs.openbsd.org 2000/12/06 23:10:39
- [rijndael.c]
- unexpand(1)
- - markus@cvs.openbsd.org 2000/12/06 23:05:43
- [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
- new rijndael implementation. fixes endian bugs
-
-20001206
- - (bal) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/05 20:34:09
- [channels.c channels.h clientloop.c serverloop.c]
- async connects for -R/-L; ok deraadt@
- - todd@cvs.openssh.org 2000/12/05 16:47:28
- [sshd.c]
- tweak comment to reflect real location of pid file; ok provos@
- - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
- have it (used in ssh-keyscan).
- - (stevesk) OpenBSD CVS update:
- - markus@cvs.openbsd.org 2000/12/06 19:57:48
+ Try to display errormessage even if remout == -1
+ ok djm@, markus@
+ - djm@cvs.openbsd.org 2006/03/17 22:31:50
+ [authfd.c]
+ another unreachable found by lint
+ - djm@cvs.openbsd.org 2006/03/17 22:31:11
+ [authfd.c]
+ unreachanble statement, found by lint
+ - djm@cvs.openbsd.org 2006/03/19 02:22:32
+ [serverloop.c]
+ memory leaks detected by Coverity via elad AT netbsd.org;
+ ok deraadt@ dtucker@
+ - djm@cvs.openbsd.org 2006/03/19 02:22:56
+ [sftp.c]
+ more memory leaks detected by Coverity via elad AT netbsd.org;
+ deraadt@ ok
+ - djm@cvs.openbsd.org 2006/03/19 02:23:26
+ [hostfile.c]
+ FILE* leak detected by Coverity via elad AT netbsd.org;
+ ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/19 02:24:05
+ [dh.c readconf.c servconf.c]
+ potential NULL pointer dereferences detected by Coverity
+ via elad AT netbsd.org; ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/19 07:41:30
+ [sshconnect2.c]
+ memory leaks detected by Coverity via elad AT netbsd.org;
+ deraadt@ ok
+ - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
+ [servconf.c]
+ Correct strdelim null test; ok djm@
+ - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
+ [auth1.c authfd.c channels.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
+ [kex.c kex.h monitor.c myproposal.h session.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
+ [clientloop.c progressmeter.c serverloop.c sshd.c]
+ ARGSUSED for signal handlers
+ - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
[ssh-keyscan.c]
- err(3) -> internal error(), from stevesk@sweden.hp.com
-
-20001205
- - (bal) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/04 19:24:02
- [ssh-keyscan.c ssh-keyscan.1]
- David Maziere's ssh-keyscan, ok niels@
- - (bal) Updated Makefile.in to include ssh-keyscan that was just added
- to the recent OpenBSD source tree.
- - (stevesk) fix typos in contrib/hpux/README
-
-20001204
- - (bal) More C functions defined in NeXT that are unaccessable without
- defining -POSIX.
- - (bal) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/12/03 11:29:04
- [compat.c]
- remove fallback to SSH_BUG_HMAC now that the drafts are updated
- - markus@cvs.openbsd.org 2000/12/03 11:27:55
- [compat.c]
- correctly match "2.1.0.pl2 SSH" etc; from
- pekkas@netcore.fi/bugzilla.redhat
- - markus@cvs.openbsd.org 2000/12/03 11:15:03
- [auth2.c compat.c compat.h sshconnect2.c]
- support f-secure/ssh.com 2.0.12; ok niels@
-
-20001203
- - (bal) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/11/30 22:54:31
- [channels.c]
- debug->warn if tried to do -R style fwd w/o client requesting this;
- ok neils@
- - markus@cvs.openbsd.org 2000/11/29 20:39:17
- [cipher.c]
- des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
- - markus@cvs.openbsd.org 2000/11/30 18:33:05
- [ssh-agent.c]
- agents must not dump core, ok niels@
- - markus@cvs.openbsd.org 2000/11/30 07:04:02
- [ssh.1]
- T is for both protocols
- - markus@cvs.openbsd.org 2000/12/01 00:00:51
- [ssh.1]
- typo; from green@FreeBSD.org
- - markus@cvs.openbsd.org 2000/11/30 07:02:35
- [ssh.c]
- check -T before isatty()
- - provos@cvs.openbsd.org 2000/11/29 13:51:27
- [sshconnect.c]
- show IP address and hostname when new key is encountered. okay markus@
- - markus@cvs.openbsd.org 2000/11/30 22:53:35
- [sshconnect.c]
- disable agent/x11/port fwding if hostkey has changed; ok niels@
- - marksu@cvs.openbsd.org 2000/11/29 21:11:59
- [sshd.c]
- sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
- from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
- - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
- PAM authentication using KbdInteractive.
- - (djm) Added another TODO
-
-20001202
- - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
- - (bal) Irix need some sort of mansubdir, patch by Michael Stone
- <mstone@cs.loyola.edu>
-
-20001129
- - (djm) Back out all the serverloop.c hacks. sshd will now hang again
- if there are background children with open fds.
- - (djm) bsd-rresvport.c bzero -> memset
- - (djm) Don't fail in defines.h on absence of 64 bit types (we will
- still fail during compilation of sftp-server).
- - (djm) Fail if ar is not found during configure
- - (djm) OpenBSD CVS updates:
- - provos@cvs.openbsd.org 2000/11/22 08:38:31
- [sshd.8]
- talk about /etc/primes, okay markus@
- - markus@cvs.openbsd.org 2000/11/23 14:03:48
- [ssh.c sshconnect1.c sshconnect2.c]
- complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
- defaults
- - markus@cvs.openbsd.org 2000/11/25 09:42:53
- [sshconnect1.c]
- reorder check for illegal ciphers, bugreport from espie@
- - markus@cvs.openbsd.org 2000/11/25 10:19:34
- [ssh-keygen.c ssh.h]
- print keytype when generating a key.
- reasonable defaults for RSA1/RSA/DSA keys.
- - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
- more manpage paths in fixpaths calls
- - (djm) Also add xauth path at Pekka's suggestion.
- - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
-
-20001125
- - (djm) Give up privs when reading seed file
-
-20001123
- - (bal) Merge OpenBSD changes:
- - markus@cvs.openbsd.org 2000/11/15 22:31:36
- [auth-options.c]
- case insensitive key options; from stevesk@sweeden.hp.com
- - markus@cvs.openbsd.org 2000/11/16 17:55:43
- [dh.c]
- do not use perror() in sshd, after child is forked()
- - markus@cvs.openbsd.org 2000/11/14 23:42:40
- [auth-rsa.c]
- parse option only if key matches; fix some confusing seen by the client
- - markus@cvs.openbsd.org 2000/11/14 23:44:19
- [session.c]
- check no_agent_forward_flag for ssh-2, too
- - markus@cvs.openbsd.org 2000/11/15
- [ssh-agent.1]
- reorder SYNOPSIS; typo, use .It
- - markus@cvs.openbsd.org 2000/11/14 23:48:55
- [ssh-agent.c]
- do not reorder keys if a key is removed
- - markus@cvs.openbsd.org 2000/11/15 19:58:08
+ please lint
+ - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
[ssh.c]
- just ignore non existing user keys
- - millert@cvs.openbsd.org 200/11/15 20:24:43
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
+ [authfile.c]
+ whoever thought that break after return was a good idea needs to
+ get their head examimed
+ - djm@cvs.openbsd.org 2006/03/20 04:09:44
+ [monitor.c]
+ memory leaks detected by Coverity via elad AT netbsd.org;
+ deraadt@ ok
+ that should be all of them now
+ - djm@cvs.openbsd.org 2006/03/20 11:38:46
+ [key.c]
+ (really) last of the Coverity diffs: avoid possible NULL deref in
+ key_free. via elad AT netbsd.org; markus@ ok
+ - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
+ [auth.c key.c misc.c packet.c ssh-add.c]
+ in a switch (), break after return or goto is stupid
+ - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
+ [key.c]
+ djm did a typo
+ - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
+ [ssh-rsa.c]
+ in a switch (), break after return or goto is stupid
+ - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
+ [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
+ [ssh.c sshpty.c sshpty.h]
+ sprinkle u_int throughout pty subsystem, ok markus
+ - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
+ [auth1.c auth2.c sshd.c]
+ sprinkle some ARGSUSED for table driven functions (which sometimes
+ must ignore their args)
+ - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
+ [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
+ [ssh-rsa.c ssh.c sshlogin.c]
+ annoying spacing fixes getting in the way of real diffs
+ - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
+ [monitor.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
+ [channels.c]
+ x11_fake_data is only ever used as u_char *
+ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
+ [dns.c]
+ cast xstrdup to propert u_char *
+ - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
+ [canohost.c match.c ssh.c sshconnect.c]
+ be strict with tolower() casting
+ - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
+ [channels.c fatal.c kex.c packet.c serverloop.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
+ [ttymodes.c]
+ spacing
+ - djm@cvs.openbsd.org 2006/03/25 00:05:41
+ [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
+ [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
+ [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
+ [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
+ [xmalloc.c xmalloc.h]
+ introduce xcalloc() and xasprintf() failure-checked allocations
+ functions and use them throughout openssh
+
+ xcalloc is particularly important because malloc(nmemb * size) is a
+ dangerous idiom (subject to integer overflow) and it is time for it
+ to die
+
+ feedback and ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/25 01:13:23
+ [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
+ [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
+ [uidswap.c]
+ change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
+ to xrealloc(p, new_nmemb, new_itemsize).
+
+ realloc is particularly prone to integer overflows because it is
+ almost always allocating "n * size" bytes, so this is a far safer
+ API; ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/25 01:30:23
+ [sftp.c]
+ "abormally" is a perfectly cromulent word, but "abnormally" is better
+ - djm@cvs.openbsd.org 2006/03/25 13:17:03
+ [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
+ [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
+ [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
+ [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
+ [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
+ [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
+ [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
+ [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
+ [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
+ [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
+ [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
+ [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
+ [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
+ [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
+ [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
+ [uidswap.c uuencode.c xmalloc.c]
+ Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
+ Theo nuked - our scripts to sync -portable need them in the files
+ - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
+ [auth-rsa.c authfd.c packet.c]
+ needed casts (always will be needed)
+ - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
+ [clientloop.c serverloop.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
+ [sshlogin.c sshlogin.h]
+ nicer size_t and time_t types
+ - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
[ssh-keygen.c]
- Add missing \n at end of error message.
-
-20001122
- - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
- are compilable.
- - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
-
-20001117
- - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
- has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
- - (stevesk) Reworked progname support.
- - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
- Shinichi Maruyama <marya@st.jip.co.jp>
-
-20001116
- - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
- releases.
- - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
- <roth@feep.net>
-
-20001113
- - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
- contrib/README
- - (djm) Merge OpenBSD changes:
- - markus@cvs.openbsd.org 2000/11/06 16:04:56
- [channels.c channels.h clientloop.c nchan.c serverloop.c]
- [session.c ssh.c]
- agent forwarding and -R for ssh2, based on work from
- jhuuskon@messi.uku.fi
- - markus@cvs.openbsd.org 2000/11/06 16:13:27
- [ssh.c sshconnect.c sshd.c]
- do not disabled rhosts(rsa) if server port > 1024; from
- pekkas@netcore.fi
- - markus@cvs.openbsd.org 2000/11/06 16:16:35
- [sshconnect.c]
- downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- - markus@cvs.openbsd.org 2000/11/09 18:04:40
- [auth1.c]
- typo; from mouring@pconline.com
- - markus@cvs.openbsd.org 2000/11/12 12:03:28
+ cast strtonum() result to right type
+ - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
[ssh-agent.c]
- off-by-one when removing a key from the agent
- - markus@cvs.openbsd.org 2000/11/12 12:50:39
- [auth-rh-rsa.c auth2.c authfd.c authfd.h]
- [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
- [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
- [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
- [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
- [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
- add support for RSA to SSH2. please test.
- there are now 3 types of keys: RSA1 is used by ssh-1 only,
- RSA and DSA are used by SSH2.
- you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
- keys for SSH2 and use the RSA keys for hostkeys or for user keys.
- SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- - (djm) Fix up Makefile and Redhat init script to create RSA host keys
- - (djm) Change to interim version
- - (djm) Fix RPM spec file stupidity
- - (djm) fixpaths to DSA and RSA keys too
-
-20001112
- - (bal) SCO Patch to add needed libraries for configure.in. Patch by
- Phillips Porch <root@theporch.com>
- - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
- <dcp@sgi.com>
- - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
- failed ioctl(TIOCSCTTY) call.
-
-20001111
- - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
- packaging files
- - (djm) Fix new Makefile.in warnings
- - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
- promoted to type int. Report and fix from Dan Astoorian
- <djast@cs.toronto.edu>
- - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
- it wrong. Report from Bennett Todd <bet@rahul.net>
-
-20001110
- - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
- - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
- - (bal) Added in check to verify S/Key library is being detected in
- configure.in
- - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
- Patch by Mark Miller <markm@swoon.net>
- - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
- to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
- - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
-
-20001107
- - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
- Mark Miller <markm@swoon.net>
- - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
- Jarno Huuskonen <jhuuskon@messi.uku.fi>
- - (bal) fixpaths fixed to stop it from quitely failing. Patch by
- Mark D. Roth <roth@feep.net>
-
-20001106
- - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
- - (djm) Manually fix up missed diff hunks (mainly RCS idents)
- - (djm) Remove UPGRADING document in favour of a link to the better
- maintained FAQ on www.openssh.com
- - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
- <pekkas@netcore.fi>
- - (djm) Don't need X11-askpass in RPM spec file if building without it
- from Pekka Savola <pekkas@netcore.fi>
- - (djm) Release 2.3.0p1
- - (bal) typo in configure.in in regards to --with-ldflags from Marko
- Asplund <aspa@kronodoc.fi>
- - (bal) fixed next-posix.h. Forgot prototype of getppid().
-
-20001105
- - (bal) Sync with OpenBSD:
- - markus@cvs.openbsd.org 2000/10/31 9:31:58
- [compat.c]
- handle all old openssh versions
- - markus@cvs.openbsd.org 2000/10/31 13:1853
- [deattack.c]
- so that large packets do not wrap "n"; from netbsd
- - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
- - (bal) auth2-skey.c - Checked in. Missing from portable tree.
- - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
- setsid() into more common files
- - (stevesk) pty.c: use __hpux to identify HP-UX.
- - (bal) Missed auth-skey.o in Makefile.in and minor correction to
- bsd-waitpid.c
-
-20001029
- - (stevesk) Fix typo in auth.c: USE_PAM not PAM
- - (stevesk) Create contrib/cygwin/ directory; patch from
- Corinna Vinschen <vinschen@redhat.com>
- - (bal) Resolved more $xno and $xyes issues in configure.in
- - (bal) next-posix.h - spelling and forgot a prototype
-
-20001028
- - (djm) fix select hack in serverloop.c from Philippe WILLEM
- <Philippe.WILLEM@urssaf.fr>
- - (djm) Fix mangled AIXAUTHENTICATE code
- - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
- <markus.friedl@informatik.uni-erlangen.de>
- - (djm) Sync with OpenBSD:
- - markus@cvs.openbsd.org 2000/10/16 15:46:32
+ mark two more signal handlers ARGSUSED
+ - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
+ [channels.c]
+ use strtonum() instead of atoi() [limit X screens to 400, sorry]
+ - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
+ [bufaux.c channels.c packet.c]
+ remove (char *) casts to a function that accepts void * for the arg
+ - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
+ [channels.c]
+ delete cast not required
+ - djm@cvs.openbsd.org 2006/03/25 22:22:43
+ [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
+ [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
+ [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
+ [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
+ [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
+ [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
+ [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
+ [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
+ [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
+ [ttymodes.h uidswap.h uuencode.h xmalloc.h]
+ standardise spacing in $OpenBSD$ tags; requested by deraadt@
+ - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
+ [uuencode.c]
+ typo
+
+20060325
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/03/16 04:24:42
[ssh.1]
- fixes from pekkas@netcore.fi
- - markus@cvs.openbsd.org 2000/10/17 14:28:11
- [atomicio.c]
- return number of characters processed; ok deraadt@
- - markus@cvs.openbsd.org 2000/10/18 12:04:02
+ Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
+ that OpenSSH supports
+ - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
+ [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
+ [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
+ [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
+ [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
+ [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
+ [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
+ [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
+ [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
+ [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
+ [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
+ [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
+ [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
+ [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
+ [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
+ [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
+ [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
+ [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
+ [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
+ [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
+ [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
+ [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
+ [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
+ [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
+ RCSID() can die
+ - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
+ [kex.h myproposal.h]
+ spacing
+ - djm@cvs.openbsd.org 2006/03/20 04:07:22
+ [auth2-gss.c]
+ GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
+ reviewed by simon AT sxw.org.uk; deraadt@ ok
+ - djm@cvs.openbsd.org 2006/03/20 04:07:49
+ [gss-genr.c]
+ more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
+ reviewed by simon AT sxw.org.uk; deraadt@ ok
+ - djm@cvs.openbsd.org 2006/03/20 04:08:18
+ [gss-serv.c]
+ last lot of GSSAPI related leaks detected by Coverity via
+ elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
+ - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
+ [monitor_wrap.h sshpty.h]
+ sprinkle u_int throughout pty subsystem, ok markus
+ - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
+ [session.h]
+ annoying spacing fixes getting in the way of real diffs
+ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
+ [dns.c]
+ cast xstrdup to propert u_char *
+ - jakob@cvs.openbsd.org 2006/03/22 21:16:24
+ [ssh.1]
+ simplify SSHFP example; ok jmc@
+ - djm@cvs.openbsd.org 2006/03/22 21:27:15
+ [deattack.c deattack.h]
+ remove IV support from the CRC attack detector, OpenSSH has never used
+ it - it only applied to IDEA-CFB, which we don't support.
+ prompted by NetBSD Coverity report via elad AT netbsd.org;
+ feedback markus@ "nuke it" deraadt@
+
+20060318
+ - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
+ elad AT NetBSD.org
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
+ a LLONG rather than a long. Fixes scp'ing of large files on platforms
+ with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
+
+20060316
+ - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
+ - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
+ /usr/include/crypto. Hint from djm@.
+ - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
+ Disable sha256 when openssl < 0.9.7. Patch from djm@.
+ - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
+ OpenSSL; ok tim
+
+20060315
+ - (djm) OpenBSD CVS Sync:
+ - msf@cvs.openbsd.org 2006/02/06 15:54:07
+ [ssh.1]
+ - typo fix
+ ok jmc@
+ - jmc@cvs.openbsd.org 2006/02/06 21:44:47
+ [ssh.1]
+ make this a little less ambiguous...
+ - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
+ [auth-rhosts.c includes.h]
+ move #include <netgroup.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
+ [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
+ move #include <sys/queue.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
+ [channels.c clientloop.c clientloop.h includes.h packet.h]
+ [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
+ move #include <termios.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
+ [sshtty.c]
+ "log.h" not needed
+ - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
+ [hostfile.c]
+ "packet.h" not needed
+ - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
+ [deattack.c]
+ duplicate #include
+ - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
+ [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
+ [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
+ [sshd.c sshpty.c]
+ move #include <paths.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 12:32:49
+ [includes.h misc.c]
+ move #include <netinet/tcp.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 13:15:44
+ [gss-serv.c monitor.c]
+ small KNF
+ - stevesk@cvs.openbsd.org 2006/02/08 14:16:59
+ [sshconnect.c]
+ <openssl/bn.h> not needed
+ - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
+ [includes.h ssh-agent.c ssh-keyscan.c ssh.c]
+ move #include <sys/resource.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 14:38:18
+ [includes.h packet.c]
+ move #include <netinet/in_systm.h> and <netinet/ip.h> out of
+ includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 23:51:24
+ [includes.h scp.c sftp-glob.c sftp-server.c]
+ move #include <dirent.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/09 00:32:07
+ [includes.h]
+ #include <sys/endian.h> not needed; ok djm@
+ NB. ID Sync only - we still need this (but it may move later)
+ - jmc@cvs.openbsd.org 2006/02/09 10:10:47
+ [sshd.8]
+ - move some text into a CAVEATS section
+ - merge the COMMAND EXECUTION... section into AUTHENTICATION
+ - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
+ [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
+ [ssh.c sshd.c sshpty.c]
+ move #include <sys/ioctl.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
+ [includes.h monitor.c readpass.c scp.c serverloop.c session.c\7f]
+ [sftp.c sshconnect.c sshconnect2.c sshd.c]
+ move #include <sys/wait.h> out of includes.h; ok markus@
+ - otto@cvs.openbsd.org 2006/02/11 19:31:18
[atomicio.c]
- undo
- - markus@cvs.openbsd.org 2000/10/18 12:23:02
- [scp.c]
- replace atomicio(read,...) with read(); ok deraadt@
- - markus@cvs.openbsd.org 2000/10/18 12:42:00
- [session.c]
- restore old record login behaviour
- - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
- [auth-skey.c]
- fmt string problem in unused code
- - provos@cvs.openbsd.org 2000/10/19 10:45:16
- [sshconnect2.c]
- don't reference freed memory. okay deraadt@
- - markus@cvs.openbsd.org 2000/10/21 11:04:23
- [canohost.c]
- typo, eramore@era-t.ericsson.se; ok niels@
- - markus@cvs.openbsd.org 2000/10/23 13:31:55
- [cipher.c]
- non-alignment dependent swap_bytes(); from
- simonb@wasabisystems.com/netbsd
- - markus@cvs.openbsd.org 2000/10/26 12:38:28
- [compat.c]
- add older vandyke products
- - markus@cvs.openbsd.org 2000/10/27 01:32:19
- [channels.c channels.h clientloop.c serverloop.c session.c]
- [ssh.c util.c]
- enable non-blocking IO on channels, and tty's (except for the
- client ttys).
-
-20001027
- - (djm) Increase REKEY_BYTES to 2^24 for arc4random
-
-20001025
- - (djm) Added WARNING.RNG file and modified configure to ask users of the
- builtin entropy code to read it.
- - (djm) Prefer builtin regex to PCRE.
- - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
- - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
- <proski@gnu.org>
-
-20001020
- - (djm) Don't define _REENTRANT for SNI/Reliant Unix
- - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
- is more correct then current version.
-
-20001018
- - (stevesk) Add initial support for setproctitle(). Current
- support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
- - (stevesk) Add egd startup scripts to contrib/hpux/
-
-20001017
- - (djm) Add -lregex to cywin libs from Corinna Vinschen
- <vinschen@cygnus.com>
- - (djm) Don't rely on atomicio's retval to determine length of askpass
- supplied passphrase. Problem report from Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - (bal) Changed from GNU rx to PCRE on suggestion from djm.
- - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
- <nakaji@tutrp.tut.ac.jp>
-
-20001016
- - (djm) Sync with OpenBSD:
- - markus@cvs.openbsd.org 2000/10/14 04:01:15
- [cipher.c]
- debug3
- - markus@cvs.openbsd.org 2000/10/14 04:07:23
- [scp.c]
- remove spaces from arguments; from djm@mindrot.org
- - markus@cvs.openbsd.org 2000/10/14 06:09:46
+ type correctness; from Ray Lai in PR 5011; ok millert@
+ - djm@cvs.openbsd.org 2006/02/12 06:45:34
+ [ssh.c ssh_config.5]
+ add a %l expansion code to the ControlPath, which is filled in with the
+ local hostname at runtime. Requested by henning@ to avoid some problems
+ with /home on NFS; ok dtucker@
+ - djm@cvs.openbsd.org 2006/02/12 10:44:18
+ [readconf.c]
+ raise error when the user specifies a RekeyLimit that is smaller than 16
+ (the smallest of our cipher's blocksize) or big enough to cause integer
+ wraparound; ok & feedback dtucker@
+ - jmc@cvs.openbsd.org 2006/02/12 10:49:44
+ [ssh_config.5]
+ slight rewording; ok djm
+ - jmc@cvs.openbsd.org 2006/02/12 10:52:41
+ [sshd.8]
+ rework the description of authorized_keys a little;
+ - jmc@cvs.openbsd.org 2006/02/12 17:57:19
+ [sshd.8]
+ sort the list of options permissable w/ authorized_keys;
+ ok djm dtucker
+ - jmc@cvs.openbsd.org 2006/02/13 10:16:39
+ [sshd.8]
+ no need to subsection the authorized_keys examples - instead, convert
+ this to look like an actual file. also use proto 2 keys, and use IETF
+ example addresses;
+ - jmc@cvs.openbsd.org 2006/02/13 10:21:25
+ [sshd.8]
+ small tweaks for the ssh_known_hosts section;
+ - jmc@cvs.openbsd.org 2006/02/13 11:02:26
+ [sshd.8]
+ turn this into an example ssh_known_hosts file; ok djm
+ - jmc@cvs.openbsd.org 2006/02/13 11:08:43
+ [sshd.8]
+ - avoid nasty line split
+ - `*' does not need to be escaped
+ - jmc@cvs.openbsd.org 2006/02/13 11:27:25
+ [sshd.8]
+ sort FILES and use a -compact list;
+ - david@cvs.openbsd.org 2006/02/15 05:08:24
+ [sftp-client.c]
+ typo in comment; ok djm@
+ - jmc@cvs.openbsd.org 2006/02/15 16:53:20
[ssh.1]
- Cipher is for SSH-1 only
- - markus@cvs.openbsd.org 2000/10/14 06:12:09
- [servconf.c servconf.h serverloop.c session.c sshd.8]
- AllowTcpForwarding; from naddy@
- - markus@cvs.openbsd.org 2000/10/14 06:16:56
- [auth2.c compat.c compat.h sshconnect2.c version.h]
- OpenSSH_2.3; note that is is not complete, but the version number
- needs to be changed for interoperability reasons
- - markus@cvs.openbsd.org 2000/10/14 06:19:45
- [auth-rsa.c]
- do not send RSA challenge if key is not allowed by key-options; from
- eivind@ThinkSec.com
- - markus@cvs.openbsd.org 2000/10/15 08:14:01
- [rijndael.c session.c]
- typos; from stevesk@sweden.hp.com
- - markus@cvs.openbsd.org 2000/10/15 08:18:31
- [rijndael.c]
- typo
- - (djm) Copy manpages back over from OpenBSD - too tedious to wade
- through diffs
- - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
- <pekkas@netcore.fi>
- - (djm) Update version in Redhat spec file
- - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
- Redhat 7.0 spec file
- - (djm) Make inability to read/write PRNG seedfile non-fatal
-
-
-20001015
- - (djm) Fix ssh2 hang on background processes at logout.
-
-20001014
- - (bal) Add support for realpath and getcwd for platforms with broken
- or missing realpath implementations for sftp-server.
- - (bal) Corrected mistake in INSTALL in regards to GNU rx library
- - (bal) Add support for GNU rx library for those lacking regexp support
- - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
- - (djm) Revert SSH2 serverloop hack, will find a better way.
- - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
- from Martin Johansson <fatbob@acc.umu.se>
- - (djm) Big OpenBSD sync:
- - markus@cvs.openbsd.org 2000/09/30 10:27:44
- [log.c]
- allow loglevel debug
- - markus@cvs.openbsd.org 2000/10/03 11:59:57
- [packet.c]
- hmac->mac
- - markus@cvs.openbsd.org 2000/10/03 12:03:03
- [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
- move fake-auth from auth1.c to individual auth methods, disables s/key in
- debug-msg
- - markus@cvs.openbsd.org 2000/10/03 12:16:48
- ssh.c
- do not resolve canonname, i have no idea why this was added oin ossh
- - markus@cvs.openbsd.org 2000/10/09 15:30:44
- ssh-keygen.1 ssh-keygen.c
- -X now reads private ssh.com DSA keys, too.
- - markus@cvs.openbsd.org 2000/10/09 15:32:34
- auth-options.c
- clear options on every call.
- - markus@cvs.openbsd.org 2000/10/09 15:51:00
- authfd.c authfd.h
- interop with ssh-agent2, from <res@shore.net>
- - markus@cvs.openbsd.org 2000/10/10 14:20:45
- compat.c
- use rexexp for version string matching
- - provos@cvs.openbsd.org 2000/10/10 22:02:18
- [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
- First rough implementation of the diffie-hellman group exchange. The
- client can ask the server for bigger groups to perform the diffie-hellman
- in, thus increasing the attack complexity when using ciphers with longer
- keys. University of Windsor provided network, T the company.
- - markus@cvs.openbsd.org 2000/10/11 13:59:52
- [auth-rsa.c auth2.c]
- clear auth options unless auth sucessfull
- - markus@cvs.openbsd.org 2000/10/11 14:00:27
- [auth-options.h]
- clear auth options unless auth sucessfull
- - markus@cvs.openbsd.org 2000/10/11 14:03:27
- [scp.1 scp.c]
- support 'scp -o' with help from mouring@pconline.com
- - markus@cvs.openbsd.org 2000/10/11 14:11:35
- [dh.c]
- Wall
- - markus@cvs.openbsd.org 2000/10/11 14:14:40
- [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
- [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
- add support for s/key (kbd-interactive) to ssh2, based on work by
- mkiernan@avantgo.com and me
- - markus@cvs.openbsd.org 2000/10/11 14:27:24
- [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
- [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
- [sshconnect2.c sshd.c]
- new cipher framework
- - markus@cvs.openbsd.org 2000/10/11 14:45:21
- [cipher.c]
- remove DES
- - markus@cvs.openbsd.org 2000/10/12 03:59:20
- [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
- enable DES in SSH-1 clients only
- - markus@cvs.openbsd.org 2000/10/12 08:21:13
- [kex.h packet.c]
- remove unused
- - markus@cvs.openbsd.org 2000/10/13 12:34:46
- [sshd.c]
- Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- - markus@cvs.openbsd.org 2000/10/13 12:59:15
- [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
- rijndael/aes support
- - markus@cvs.openbsd.org 2000/10/13 13:10:54
+ remove the IETF draft references and replace them with some updated RFCs;
+ - jmc@cvs.openbsd.org 2006/02/15 16:55:33
[sshd.8]
- more info about -V
- - markus@cvs.openbsd.org 2000/10/13 13:12:02
- [myproposal.h]
- prefer no compression
- - (djm) Fix scp user@host handling
- - (djm) Don't clobber ssh_prng_cmds on install
- - (stevesk) Include config.h in rijndael.c so we define intXX_t and
- u_intXX_t types on all platforms.
- - (stevesk) rijndael.c: cleanup missing declaration warnings.
- - (stevesk) ~/.hushlogin shouldn't cause required password change to
- be bypassed.
- - (stevesk) Display correct path to ssh-askpass in configure output.
- Report from Lutz Jaenicke.
-
-20001007
- - (stevesk) Print PAM return value in PAM log messages to aid
- with debugging.
- - (stevesk) Fix detection of pw_class struct member in configure;
- patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
-
-20001002
- - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
- - (djm) Add host system and CC to end-of-configure report. Suggested by
- Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
-
-20000931
- - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
-
-20000930
- - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
- - (djm) Support in bsd-snprintf.c for long long conversions from
- Ben Lindstrom <mouring@pconline.com>
- - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
- - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
- very short lived X connections. Bug report from Tobias Oetiker
- <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
- - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
- patch from Pekka Savola <pekkas@netcore.fi>
- - (djm) Forgot to cvs add LICENSE file
- - (djm) Add LICENSE to RPM spec files
- - (djm) CVS OpenBSD sync:
- - markus@cvs.openbsd.org 2000/09/26 13:59:59
- [clientloop.c]
- use debug2
- - markus@cvs.openbsd.org 2000/09/27 15:41:34
- [auth2.c sshconnect2.c]
- use key_type()
- - markus@cvs.openbsd.org 2000/09/28 12:03:18
- [channels.c]
- debug -> debug2 cleanup
- - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
- strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
- <Alain.St-Denis@ec.gc.ca>
- - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
- Problem was caused by interrupted read in ssh-add. Report from Donald
- J. Barry <don@astro.cornell.edu>
-
-20000929
- - (djm) Fix SSH2 not terminating until all background tasks done problem.
- - (djm) Another off-by-one fix from Pavel Kankovsky
- <peak@argo.troja.mff.cuni.cz>
- - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
- tidy necessary differences. Use Markus' new debugN() in entropy.c
- - (djm) Merged big SCO portability patch from Tim Rice
- <tim@multitalents.net>
-
-20000926
- - (djm) Update X11-askpass to 1.0.2 in RPM spec file
- - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
- - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
- Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
-
-20000924
- - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
- - (djm) A bit more cleanup - created cygwin_util.h
- - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
- <markm@swoon.net>
-
-20000923
- - (djm) Fix address logging in utmp from Kevin Steves
- <stevesk@sweden.hp.com>
- - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
- - (djm) Seperate tests for int64_t and u_int64_t types
- - (djm) Tweak password expiry checking at suggestion of Kevin Steves
- <stevesk@sweden.hp.com>
- - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
- - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
- Michael Stone <mstone@cs.loyola.edu>
- - (djm) OpenBSD CVS sync:
- - markus@cvs.openbsd.org 2000/09/17 09:38:59
- [sshconnect2.c sshd.c]
- fix DEBUG_KEXDH
- - markus@cvs.openbsd.org 2000/09/17 09:52:51
+ remove ietf draft references; RFC list now maintained in ssh.1;
+ - jmc@cvs.openbsd.org 2006/02/16 09:05:34
+ [sshd.8]
+ sync some of the FILES entries w/ ssh.1;
+ - jmc@cvs.openbsd.org 2006/02/19 19:52:10
+ [sshd.8]
+ move the sshrc stuff out of FILES, and into its own section:
+ FILES is not a good place to document how stuff works;
+ - jmc@cvs.openbsd.org 2006/02/19 20:02:17
+ [sshd.8]
+ sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
+ - jmc@cvs.openbsd.org 2006/02/19 20:05:00
+ [sshd.8]
+ grammar;
+ - jmc@cvs.openbsd.org 2006/02/19 20:12:25
+ [ssh_config.5]
+ add some vertical space;
+ - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
+ [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
+ move #include <sys/un.h> out of includes.h; ok djm@
+ - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
+ [clientloop.c includes.h monitor.c progressmeter.c scp.c]
+ [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
+ move #include <signal.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
+ [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
+ [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
+ [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
+ [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
+ [sshconnect2.c sshd.c sshpty.c]
+ move #include <sys/stat.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
+ [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
[sshconnect.c]
- yes no; ok niels@
- - markus@cvs.openbsd.org 2000/09/21 04:55:11
+ move #include <ctype.h> out of includes.h; ok djm@
+ - jmc@cvs.openbsd.org 2006/02/24 10:25:14
+ [ssh_config.5]
+ add section on patterns;
+ from dtucker + myself
+ - jmc@cvs.openbsd.org 2006/02/24 10:33:54
+ [sshd_config.5]
+ signpost to PATTERNS;
+ - jmc@cvs.openbsd.org 2006/02/24 10:37:07
+ [ssh_config.5]
+ tidy up the refs to PATTERNS;
+ - jmc@cvs.openbsd.org 2006/02/24 10:39:52
[sshd.8]
- typo
- - markus@cvs.openbsd.org 2000/09/21 05:03:54
- [serverloop.c]
- typo
- - markus@cvs.openbsd.org 2000/09/21 05:11:42
- scp.c
- utime() to utimes(); mouring@pconline.com
- - markus@cvs.openbsd.org 2000/09/21 05:25:08
- sshconnect2.c
- change login logic in ssh2, allows plugin of other auth methods
- - markus@cvs.openbsd.org 2000/09/21 05:25:35
- [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
- [serverloop.c]
- add context to dispatch_run
- - markus@cvs.openbsd.org 2000/09/21 05:07:52
- authfd.c authfd.h ssh-agent.c
- bug compat for old ssh.com software
-
-20000920
- - (djm) Fix bad path substitution. Report from Andrew Miner
- <asminer@cs.iastate.edu>
-
-20000916
- - (djm) Fix SSL search order from Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
- - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
- - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
- Patch from Larry Jones <larry.jones@sdrc.com>
- - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
- password change patch.
- - (djm) Bring licenses on my stuff in line with OpenBSD's
- - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
- Kevin Steves <stevesk@sweden.hp.com>
- - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
- - (djm) Re-enable int64_t types - we need them for sftp
- - (djm) Use libexecdir from configure , rather than libexecdir/ssh
- - (djm) Update Redhat SPEC file accordingly
- - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
- - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
- - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
- <Dirk.DeWachter@rug.ac.be>
- - (djm) Fixprogs and entropy list fixes from Larry Jones
- <larry.jones@sdrc.com>
- - (djm) Fix for SuSE spec file from Takashi YOSHIDA
- <tyoshida@gemini.rc.kyushu-u.ac.jp>
- - (djm) Merge OpenBSD changes:
- - markus@cvs.openbsd.org 2000/09/05 02:59:57
- [session.c]
- print hostname (not hushlogin)
- - markus@cvs.openbsd.org 2000/09/05 13:18:48
- [authfile.c ssh-add.c]
- enable ssh-add -d for DSA keys
- - markus@cvs.openbsd.org 2000/09/05 13:20:49
- [sftp-server.c]
- cleanup
- - markus@cvs.openbsd.org 2000/09/06 03:46:41
- [authfile.h]
- prototype
- - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
- [ALL]
- cleanup copyright notices on all files. I have attempted to be
- accurate with the details. everything is now under Tatu's licence
- (which I copied from his readme), and/or the core-sdi bsd-ish thing
- for deattack, or various openbsd developers under a 2-term bsd
- licence. We're not changing any rules, just being accurate.
- - markus@cvs.openbsd.org 2000/09/07 14:40:30
- [channels.c channels.h clientloop.c serverloop.c ssh.c]
- cleanup window and packet sizes for ssh2 flow control; ok niels
- - markus@cvs.openbsd.org 2000/09/07 14:53:00
- [scp.c]
- typo
- - markus@cvs.openbsd.org 2000/09/07 15:13:37
- [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
- [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
- [pty.c readconf.c]
- some more Copyright fixes
- - markus@cvs.openbsd.org 2000/09/08 03:02:51
- [README.openssh2]
- bye bye
- - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
- [LICENCE cipher.c]
- a few more comments about it being ARC4 not RC4
- - markus@cvs.openbsd.org 2000/09/12 14:53:11
- [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
- multiple debug levels
- - markus@cvs.openbsd.org 2000/09/14 14:25:15
- [clientloop.c]
- typo
- - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
- [ssh-agent.c]
- check return value for setenv(3) for failure, and deal appropriately
-
-20000913
- - (djm) Fix server not exiting with jobs in background.
-
-20000905
- - (djm) Import OpenBSD CVS changes
- - markus@cvs.openbsd.org 2000/08/31 15:52:24
- [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
- implement a SFTP server. interops with sftp2, scp2 and the windows
- client from ssh.com
- - markus@cvs.openbsd.org 2000/08/31 15:56:03
- [README.openssh2]
- sync
- - markus@cvs.openbsd.org 2000/08/31 16:05:42
- [session.c]
- Wall
- - markus@cvs.openbsd.org 2000/08/31 16:09:34
- [authfd.c ssh-agent.c]
- add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
- - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
- [scp.1 scp.c]
- cleanup and fix -S support; stevesk@sweden.hp.com
- - markus@cvs.openbsd.org 2000/09/01 16:29:32
- [sftp-server.c]
- portability fixes
- - markus@cvs.openbsd.org 2000/09/01 16:32:41
- [sftp-server.c]
- fix cast; mouring@pconline.com
- - itojun@cvs.openbsd.org 2000/09/03 09:23:28
- [ssh-add.1 ssh.1]
- add missing .El against .Bl.
- - markus@cvs.openbsd.org 2000/09/04 13:03:41
- [session.c]
- missing close; ok theo
- - markus@cvs.openbsd.org 2000/09/04 13:07:21
- [session.c]
- fix get_last_login_time order; from andre@van-veen.de
- - markus@cvs.openbsd.org 2000/09/04 13:10:09
- [sftp-server.c]
- more cast fixes; from mouring@pconline.com
- - markus@cvs.openbsd.org 2000/09/04 13:06:04
- [session.c]
- set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
- - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
- - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
-
-20000903
- - (djm) Fix Redhat init script
-
-20000901
- - (djm) Pick up Jim's new X11-askpass
- - (djm) Release 2.2.0p1
-
-20000831
- - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
- <acox@cv.telegroup.com>
- - (djm) Pick up new version (2.2.0) from OpenBSD CVS
-
-20000830
- - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
- - (djm) Periodically rekey arc4random
- - (djm) Clean up diff against OpenBSD.
- - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
- <stevesk@sweden.hp.com>
- - (djm) Quieten the pam delete credentials error message
- - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
- Kevin Steves <stevesk@sweden.hp.com>
- - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
- - (djm) Fix doh in bsd-arc4random.c
-
-20000829
- - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
- Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
- Garrick James <garrick@james.net>
- - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
- Bastian Trompetter <btrompetter@firemail.de>
- - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
- - More OpenBSD updates:
- - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
- [scp.c]
- off_t in sink, to fix files > 2GB, i think, test is still running ;-)
- - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
+ signpost to PATTERNS section;
+ - jmc@cvs.openbsd.org 2006/02/24 20:22:16
+ [ssh-keysign.8 ssh_config.5 sshd_config.5]
+ some consistency fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 20:31:31
+ [ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ more consistency fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 23:20:07
+ [ssh_config.5]
+ some grammar/wording fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 23:43:57
+ [sshd_config.5]
+ some grammar/wording fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 23:51:17
+ [sshd_config.5]
+ oops - bits i missed;
+ - jmc@cvs.openbsd.org 2006/02/25 12:26:17
+ [ssh_config.5]
+ document the possible values for KbdInteractiveDevices;
+ help/ok dtucker
+ - jmc@cvs.openbsd.org 2006/02/25 12:28:34
+ [sshd_config.5]
+ document the order in which allow/deny directives are processed;
+ help/ok dtucker
+ - jmc@cvs.openbsd.org 2006/02/26 17:17:18
+ [ssh_config.5]
+ move PATTERNS to the end of the main body; requested by dtucker
+ - jmc@cvs.openbsd.org 2006/02/26 18:01:13
+ [sshd_config.5]
+ subsection is pointless here;
+ - jmc@cvs.openbsd.org 2006/02/26 18:03:10
+ [ssh_config.5]
+ comma;
+ - djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
- Wall
- - markus@cvs.openbsd.org 2000/08/26 04:33:43
- [compat.c]
- ssh.com-2.3.0
- - markus@cvs.openbsd.org 2000/08/27 12:18:05
- [compat.c]
- compatibility with future ssh.com versions
- - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
- [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
- print uid/gid as unsigned
- - markus@cvs.openbsd.org 2000/08/28 13:51:00
- [ssh.c]
- enable -n and -f for ssh2
- - markus@cvs.openbsd.org 2000/08/28 14:19:53
- [ssh.c]
- allow combination of -N and -f
- - markus@cvs.openbsd.org 2000/08/28 14:20:56
- [util.c]
- util.c
- - markus@cvs.openbsd.org 2000/08/28 14:22:02
- [util.c]
- undo
- - markus@cvs.openbsd.org 2000/08/28 14:23:38
- [util.c]
- don't complain if setting NONBLOCK fails with ENODEV
-
-20000823
- - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
- Avoids "scp never exits" problem. Reports from Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
- <kajiyama@grad.sccs.chukyo-u.ac.jp>
- - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- - (djm) Add local version to version.h
- - (djm) Don't reseed arc4random everytime it is used
- - (djm) OpenBSD CVS updates:
- - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
+ fix logout recording when privilege separation is disabled, analysis and
+ patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
+ NB. ID sync only - patch already in portable
+ - djm@cvs.openbsd.org 2006/03/04 04:12:58
+ [serverloop.c]
+ move a debug() outside of a signal handler; ok markus@ a little while back
+ - djm@cvs.openbsd.org 2006/03/12 04:23:07
[ssh.c]
- accept remsh as a valid name as well; roman@buildpoint.com
- - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
- [deattack.c crc32.c packet.c]
- rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
- libz crc32 function yet, because it has ugly "long"'s in it;
- oneill@cs.sfu.ca
- - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
- [scp.1 scp.c]
- -S prog support; tv@debian.org
- - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
+ knf nit
+ - djm@cvs.openbsd.org 2006/03/13 08:16:00
+ [sshd.c]
+ don't log that we are listening on a socket before the listen() call
+ actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
+ - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
+ [packet.c]
+ Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
+ poor performance and protocol stalls under some network conditions (mindrot
+ bugs #556 and #981). Patch originally from markus@, ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
+ [ssh-keygen.c]
+ Make ssh-keygen handle CR and CRLF line termination when converting IETF
+ format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
+ Pepper, ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
+ [misc.c ssh_config.5 sshd_config.5]
+ Allow config directives to contain whitespace by surrounding them by double
+ quotes. mindrot #482, man page help from jmc@, ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
+ [authfile.c authfile.h ssh-add.c]
+ Make ssh-add check file permissions before attempting to load private
+ key files multiple times; it will fail anyway and this prevents confusing
+ multiple prompts and warnings. mindrot #1138, ok djm@
+ - djm@cvs.openbsd.org 2006/03/14 00:15:39
+ [canohost.c]
+ log the originating address and not just the name when a reverse
+ mapping check fails, requested by linux AT linuon.com
+ - markus@cvs.openbsd.org 2006/03/14 16:32:48
+ [ssh_config.5 sshd_config.5]
+ *AliveCountMax applies to protcol v2 only; ok dtucker, djm
+ - djm@cvs.openbsd.org 2006/03/07 09:07:40
+ [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+ Implement the diffie-hellman-group-exchange-sha256 key exchange method
+ using the SHA256 code in libc (and wrapper to make it into an OpenSSL
+ EVP), interop tested against CVS PuTTY
+ NB. no portability bits committed yet
+ - (djm) [configure.ac defines.h kex.c md-sha256.c]
+ [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
+ [openbsd-compat/sha2.c] First stab at portability glue for SHA256
+ KEX support, should work with libc SHA256 support or OpenSSL
+ EVP_sha256 if present
+ - (djm) [includes.h] Restore accidentally dropped netinet/in.h
+ - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
+ - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
+ - (djm) [regress/.cvsignore] Ignore Makefile here
+ - (djm) [loginrec.c] Need stat.h
+ - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
+ system sha2.h
+ - (djm) [ssh-rand-helper.c] Needs a bunch of headers
+ - (djm) [ssh-agent.c] Restore dropped stat.h
+ - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
+ SHA384, which we don't need and doesn't compile without tweaks
+ - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
+ [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
+ [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
+ [openbsd-compat/glob.c openbsd-compat/mktemp.c]
+ [openbsd-compat/readpassphrase.c] Lots of include fixes for
+ OpenSolaris
+ - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
+ - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
+ includes removed from includes.h
+ - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
+ - (djm) [includes.h] Put back paths.h, it is needed in defines.h
+ - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
+ sys/ioctl.h for struct winsize.
+ - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
+
+20060313
+ - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
+ since not all platforms support it. Instead, use internal equivalent while
+ computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
+ as it's no longer required. Tested by Bernhard Simon, ok djm@
+
+20060304
+ - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
+ file rather than directory, required as Cygwin will be importing lastlog(1).
+ Also tightens up permissions on the file. Patch from vinschen@redhat.com.
+ - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h
+ includes. Patch from gentoo.riverrat at gmail.com.
+
+20060226
+ - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY
+ patch from kraai at ftbfs.org.
+
+20060223
+ - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
+ reality. Pointed out by tryponraj at gmail.com.
+
+20060222
+ - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
+ compile in compat code if required.
+
+20060221
+ - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
+ redefinition of SSLeay_add_all_algorithms.
+
+20060220
+ - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
+ Add optional enabling of OpenSSL's (hardware) Engine support, via
+ configure --with-ssl-engine. Based in part on a diff by michal at
+ logix.cz.
+
+20060219
+ - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
+ Add first attempt at regress tests for compat library. ok djm@
+
+20060214
+ - (tim) [buildpkg.sh.in] Make the names consistent.
+ s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
+
+20060212
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
+ to silence compiler warning, from vinschen at redhat.com.
+ - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX.
+ - (dtucker) [README version.h contrib/caldera/openssh.spec
+ contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
+ strings to match 4.3p2 release.
+
+20060208
+ - (tim) [session.c] Logout records were not updated on systems with
+ post auth privsep disabled due to bug 1086 changes. Analysis and patch
+ by vinschen at redhat.com. OK tim@, dtucker@.
+ - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
+ -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@
+
+20060206
+ - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
+ netinet/in_systm.h. OK dtucker@.
+
+20060205
+ - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
+ for Solaris. OK dtucker@.
+ - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
+ kraai at ftbfs.org.
+
+20060203
+ - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
+ AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
+ by a platform specific check, builtin standard includes tests will be
+ skipped on the other platforms.
+ Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
+ OK tim@, djm@.
+
+20060202
+ - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
+ works with picky compilers. Patch from alex.kiernan at thus.net.
+
+20060201
+ - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
+ determine the user's login name - needed for regress tests on Solaris
+ 10 and OpenSolaris
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/02/01 09:06:50
+ [sshd.8]
+ - merge sections on protocols 1 and 2 into a single section
+ - remove configuration file section
+ ok markus
+ - jmc@cvs.openbsd.org 2006/02/01 09:11:41
+ [sshd.8]
+ small tweak;
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update versions ahead of release
+ - markus@cvs.openbsd.org 2006/02/01 11:27:22
+ [version.h]
+ openssh 4.3
+ - (djm) Release OpenSSH 4.3p1
+
+20060131
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/20 11:21:45
+ [ssh_config.5]
+ - word change, agreed w/ markus
+ - consistency fixes
+ - jmc@cvs.openbsd.org 2006/01/25 09:04:34
+ [sshd.8]
+ move the options description up the page, and a few additional tweaks
+ whilst in here;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/25 09:07:22
+ [sshd.8]
+ move subsections to full sections;
+ - jmc@cvs.openbsd.org 2006/01/26 08:47:56
+ [ssh.1]
+ add a section on verifying host keys in dns;
+ written with a lot of help from jakob;
+ feedback dtucker/markus;
+ ok markus
+ - reyk@cvs.openbsd.org 2006/01/30 12:22:22
+ [channels.c]
+ mark channel as write failed or dead instead of read failed on error
+ of the channel output filter.
+ ok markus@
+ - jmc@cvs.openbsd.org 2006/01/30 13:37:49
+ [ssh.1]
+ remove an incorrect sentence;
+ reported by roumen petrov;
+ ok djm markus
+ - djm@cvs.openbsd.org 2006/01/31 10:19:02
+ [misc.c misc.h scp.c sftp.c]
+ fix local arbitrary command execution vulnerability on local/local and
+ remote/remote copies (CVE-2006-0225, bz #1094), patch by
+ t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
+ - djm@cvs.openbsd.org 2006/01/31 10:35:43
[scp.c]
- knf
- - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
- [log-client.c]
- shorten
- - markus@cvs.openbsd.org 2000/08/19 12:48:11
- [channels.c channels.h clientloop.c ssh.c ssh.h]
- support for ~. in ssh2
- - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
- [crc32.h]
- proper prototype
- - markus@cvs.openbsd.org 2000/08/19 15:34:44
- [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
- [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
- [fingerprint.c fingerprint.h]
- add SSH2/DSA support to the agent and some other DSA related cleanups.
- (note that we cannot talk to ssh.com's ssh2 agents)
- - markus@cvs.openbsd.org 2000/08/19 15:55:52
- [channels.c channels.h clientloop.c]
- more ~ support for ssh2
- - markus@cvs.openbsd.org 2000/08/19 16:21:19
- [clientloop.c]
- oops
- - millert@cvs.openbsd.org 2000/08/20 12:25:53
- [session.c]
- We have to stash the result of get_remote_name_or_ip() before we
- close our socket or getpeername() will get EBADF and the process
- will exit. Only a problem for "UseLogin yes".
- - millert@cvs.openbsd.org 2000/08/20 12:30:59
- [session.c]
- Only check /etc/nologin if "UseLogin no" since login(1) may have its
- own policy on determining who is allowed to login when /etc/nologin
- is present. Also use the _PATH_NOLOGIN define.
- - millert@cvs.openbsd.org 2000/08/20 12:42:43
- [auth1.c auth2.c session.c ssh.c]
- Add calls to setusercontext() and login_get*(). We basically call
- setusercontext() in most places where previously we did a setlogin().
- Add default login.conf file and put root in the "daemon" login class.
- - millert@cvs.openbsd.org 2000/08/21 10:23:31
- [session.c]
- Fix incorrect PATH setting; noted by Markus.
-
-20000818
- - (djm) OpenBSD CVS changes:
- - markus@cvs.openbsd.org 2000/07/22 03:14:37
- [servconf.c servconf.h sshd.8 sshd.c sshd_config]
- random early drop; ok theo, niels
- - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
+ "scp a b c" shouldn't clobber "c" when it is not a directory, report and
+ fix from biorn@; ok markus@
+ - (djm) Sync regress tests to OpenBSD:
+ - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
+ [regress/forwarding.sh]
+ Regress test for ClearAllForwardings (bz #994); ok markus@
+ - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
+ [regress/multiplex.sh]
+ Don't call cleanup in multiplex as test-exec will cleanup anyway
+ found by tim@, ok djm@
+ NB. ID sync only, we already had this
+ - djm@cvs.openbsd.org 2005/05/20 23:14:15
+ [regress/test-exec.sh]
+ force addressfamily=inet for tests, unbreaking dynamic-forward regress for
+ recently committed nc SOCKS5 changes
+ - djm@cvs.openbsd.org 2005/05/24 04:10:54
+ [regress/try-ciphers.sh]
+ oops, new arcfour modes here too
+ - markus@cvs.openbsd.org 2005/06/30 11:02:37
+ [regress/scp.sh]
+ allow SUDO=sudo; from Alexander Bluhm
+ - grunk@cvs.openbsd.org 2005/11/14 21:25:56
+ [regress/agent-getpeereid.sh]
+ all other scripts in this dir use $SUDO, not 'sudo', so pull this even
+ ok markus@
+ - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
+ [regress/scp-ssh-wrapper.sh]
+ Fix assumption about how many args scp will pass; ok djm@
+ NB. ID sync only, we already had this
+ - djm@cvs.openbsd.org 2006/01/27 06:49:21
+ [scp.sh]
+ regress test for local to local scp copies; ok dtucker@
+ - djm@cvs.openbsd.org 2006/01/31 10:23:23
+ [scp.sh]
+ regression test for CVE-2006-0225 written by dtucker@
+ - djm@cvs.openbsd.org 2006/01/31 10:36:33
+ [scp.sh]
+ regress test for "scp a b c" where "c" is not a directory
+
+20060129
+ - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
+ opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
+
+20060120
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/15 17:37:05
[ssh.1]
- typo
- - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
+ correction from deraadt
+ - jmc@cvs.openbsd.org 2006/01/18 10:53:29
+ [ssh.1]
+ add a section on ssh-based vpn, based on reyk's README.tun;
+ - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
+ [scp.1 ssh.1 ssh_config.5 sftp.1]
+ Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
+ #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
+
+20060114
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/06 13:27:32
+ [ssh.1]
+ weed out some duplicate info in the known_hosts FILES entries;
+ ok djm
+ - jmc@cvs.openbsd.org 2006/01/06 13:29:10
+ [ssh.1]
+ final round of whacking FILES for duplicate info, and some consistency
+ fixes;
+ ok djm
+ - jmc@cvs.openbsd.org 2006/01/12 14:44:12
+ [ssh.1]
+ split sections on tcp and x11 forwarding into two sections.
+ add an example in the tcp section, based on sth i wrote for ssh faq;
+ help + ok: djm markus dtucker
+ - jmc@cvs.openbsd.org 2006/01/12 18:48:48
+ [ssh.1]
+ refer to `TCP' rather than `TCP/IP' in the context of connection
+ forwarding;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/12 22:20:00
[sshd.8]
- many fixes from pepper@mail.reppep.com
- - provos@cvs.openbsd.org 2000/08/01 13:01:42
- [Makefile.in util.c aux.c]
- rename aux.c to util.c to help with cygwin port
- - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
- [authfd.c]
- correct sun_len; Alexander@Leidinger.net
- - provos@cvs.openbsd.org 2000/08/02 10:27:17
- [readconf.c sshd.8]
- disable kerberos authentication by default
- - provos@cvs.openbsd.org 2000/08/02 11:27:05
- [sshd.8 readconf.c auth-krb4.c]
- disallow kerberos authentication if we can't verify the TGT; from
- dugsong@
- kerberos authentication is on by default only if you have a srvtab.
- - markus@cvs.openbsd.org 2000/08/04 14:30:07
- [auth.c]
- unused
- - markus@cvs.openbsd.org 2000/08/04 14:30:35
- [sshd_config]
- MaxStartups
- - markus@cvs.openbsd.org 2000/08/15 13:20:46
- [authfd.c]
- cleanup; ok niels@
- - markus@cvs.openbsd.org 2000/08/17 14:05:10
- [session.c]
- cleanup login(1)-like jobs, no duplicate utmp entries
- - markus@cvs.openbsd.org 2000/08/17 14:06:34
- [session.c sshd.8 sshd.c]
- sshd -u len, similar to telnetd
- - (djm) Lastlog was not getting closed after writing login entry
- - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
-
-20000816
- - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
- - (djm) Fix strerror replacement for old SunOS. Based on patch from
- Charles Levert <charles@comm.polymtl.ca>
- - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
- implementation.
- - (djm) SUN_LEN macro for systems which lack it
-
-20000815
- - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
- - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
- Michael Stone <mstone@cs.loyola.edu>
- - (djm) Don't seek in directory based lastlogs
- - (djm) Fix --with-ipaddr-display configure option test. Patch from
- Jarno Huuskonen <jhuuskon@messi.uku.fi>
- - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
-
-20000813
- - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
- Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
-
-20000809
- - (djm) Define AIX hard limits if headers don't. Report from
- Bill Painter <william.t.painter@lmco.com>
- - (djm) utmp direct write & SunOS 4 patch from Charles Levert
- <charles@comm.polymtl.ca>
-
-20000808
- - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
- time, spec file cleanup.
-
-20000807
- - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
- - (djm) Suppress error messages on channel close shutdown() failurs
- works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
- - (djm) Add some more entropy collection commands from Lutz Jaenicke
-
-20000725
- - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
-
-20000721
- - (djm) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/07/16 02:27:22
- [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
- [sshconnect1.c sshconnect2.c]
- make ssh-add accept dsa keys (the agent does not)
- - djm@cvs.openbsd.org 2000/07/17 19:25:02
- [sshd.c]
- Another closing of stdin; ok deraadt
- - markus@cvs.openbsd.org 2000/07/19 18:33:12
- [dsa.c]
- missing free, reorder
- - markus@cvs.openbsd.org 2000/07/20 16:23:14
- [ssh-keygen.1]
- document input and output files
+ refer to TCP forwarding, rather than TCP/IP forwarding;
+ - jmc@cvs.openbsd.org 2006/01/12 22:26:02
+ [ssh_config.5]
+ refer to TCP forwarding, rather than TCP/IP forwarding;
+ - jmc@cvs.openbsd.org 2006/01/12 22:34:12
+ [ssh.1]
+ back out a sentence - AUTHENTICATION already documents this;
+
+20060109
+ - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
+ tcpip service so it's always started after IP is up. Patch from
+ vinschen at redhat.com.
+
+20060106
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/03 16:31:10
+ [ssh.1]
+ move FILES to a -compact list, and make each files an item in that list.
+ this avoids nastly line wrap when we have long pathnames, and treats
+ each file as a separate item;
+ remove the .Pa too, since it is useless.
+ - jmc@cvs.openbsd.org 2006/01/03 16:35:30
+ [ssh.1]
+ use a larger width for the ENVIRONMENT list;
+ - jmc@cvs.openbsd.org 2006/01/03 16:52:36
+ [ssh.1]
+ put FILES in some sort of order: sort by pathname
+ - jmc@cvs.openbsd.org 2006/01/03 16:55:18
+ [ssh.1]
+ tweak the description of ~/.ssh/environment
+ - jmc@cvs.openbsd.org 2006/01/04 18:42:46
+ [ssh.1]
+ chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
+ entries;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/04 18:45:01
+ [ssh.1]
+ remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
+ - jmc@cvs.openbsd.org 2006/01/04 19:40:24
+ [ssh.1]
+ +.Xr ssh-keyscan 1 ,
+ - jmc@cvs.openbsd.org 2006/01/04 19:50:09
+ [ssh.1]
+ -.Xr gzip 1 ,
+ - djm@cvs.openbsd.org 2006/01/05 23:43:53
+ [misc.c]
+ check that stdio file descriptors are actually closed before clobbering
+ them in sanitise_stdfd(). problems occurred when a lower numbered fd was
+ closed, but higher ones weren't. spotted by, and patch tested by
+ Frédéric Olivié
-20000720
- - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
+20060103
+ - (djm) [channels.c] clean up harmless merge error, from reyk@
+
+20060103
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/02 17:09:49
+ [ssh_config.5 sshd_config.5]
+ some corrections from michael knudsen;
-20000716
- - (djm) Release 2.1.1p4
+20060102
+ - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/12/31 10:46:17
+ [ssh.1]
+ merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
+ AUTHENTICATION" sections into "AUTHENTICATION";
+ some rewording done to make the text read better, plus some
+ improvements from djm;
+ ok djm
+ - jmc@cvs.openbsd.org 2005/12/31 13:44:04
+ [ssh.1]
+ clean up ENVIRONMENT a little;
+ - jmc@cvs.openbsd.org 2005/12/31 13:45:19
+ [ssh.1]
+ .Nm does not require an argument;
+ - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
+ [includes.h misc.c]
+ move <net/if.h>; ok djm@
+ - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
+ [misc.c]
+ no trailing "\n" for debug()
+ - djm@cvs.openbsd.org 2006/01/02 01:20:31
+ [sftp-client.c sftp-common.h sftp-server.c]
+ use a common max. packet length, no binary change
+ - reyk@cvs.openbsd.org 2006/01/02 07:53:44
+ [misc.c]
+ clarify tun(4) opening - set the mode and bring the interface up. also
+ (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
+ suggested and ok by djm@
+ - jmc@cvs.openbsd.org 2006/01/02 12:31:06
+ [ssh.1]
+ start to cut some duplicate info from FILES;
+ help/ok djm
+
+20060101
+ - (djm) [Makefile.in configure.ac includes.h misc.c]
+ [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
+ for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
+ limited to IPv4 tunnels only, and most versions don't support the
+ tap(4) device at all.
+ - (djm) [configure.ac] Fix linux/if_tun.h test
+ - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
+
+20051229
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
+ [canohost.c channels.c clientloop.c]
+ use 'break-in' for consistency; ok deraadt@ ok and input jmc@
+ - reyk@cvs.openbsd.org 2005/12/30 15:56:37
+ [channels.c channels.h clientloop.c]
+ add channel output filter interface.
+ ok djm@, suggested by markus@
+ - jmc@cvs.openbsd.org 2005/12/30 16:59:00
+ [sftp.1]
+ do not suggest that interactive authentication will work
+ with the -b flag;
+ based on a diff from john l. scarfone;
+ ok djm
+ - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
+ [ssh.1]
+ document -MM; ok djm@
+ - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
+ [serverloop.c ssh.c openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
+ compatability support for Linux, diff from reyk@
+ - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
+ not exist
+ - (djm) [configure.ac] oops, make that linux/if_tun.h
+
+20051229
+ - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
+
+20051224
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/12/20 21:59:43
+ [ssh.1]
+ merge the sections on protocols 1 and 2 into one section on
+ authentication;
+ feedback djm dtucker
+ ok deraadt markus dtucker
+ - jmc@cvs.openbsd.org 2005/12/20 22:02:50
+ [ssh.1]
+ .Ss -> .Sh: subsections have not made this page more readable
+ - jmc@cvs.openbsd.org 2005/12/20 22:09:41
+ [ssh.1]
+ move info on ssh return values and config files up into the main
+ description;
+ - jmc@cvs.openbsd.org 2005/12/21 11:48:16
+ [ssh.1]
+ -L and -R descriptions are now above, not below, ~C description;
+ - jmc@cvs.openbsd.org 2005/12/21 11:57:25
+ [ssh.1]
+ options now described `above', rather than `later';
+ - jmc@cvs.openbsd.org 2005/12/21 12:53:31
+ [ssh.1]
+ -Y does X11 forwarding too;
+ ok markus
+ - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
+ [sshd.8]
+ clarify precedence of -p, Port, ListenAddress; ok and help jmc@
+ - jmc@cvs.openbsd.org 2005/12/22 10:31:40
+ [ssh_config.5]
+ put the description of "UsePrivilegedPort" in the correct place;
+ - jmc@cvs.openbsd.org 2005/12/22 11:23:42
+ [ssh.1]
+ expand the description of -w somewhat;
+ help/ok reyk
+ - jmc@cvs.openbsd.org 2005/12/23 14:55:53
+ [ssh.1]
+ - sync the description of -e w/ synopsis
+ - simplify the description of -I
+ - note that -I is only available if support compiled in, and that it
+ isn't by default
+ feedback/ok djm@
+ - jmc@cvs.openbsd.org 2005/12/23 23:46:23
+ [ssh.1]
+ less mark up for -c;
+ - djm@cvs.openbsd.org 2005/12/24 02:27:41
+ [session.c sshd.c]
+ eliminate some code duplicated in privsep and non-privsep paths, and
+ explicitly clear SIGALRM handler; "groovy" deraadt@
-20000715
- - (djm) OpenBSD CVS updates
- - provos@cvs.openbsd.org 2000/07/13 16:53:22
- [aux.c readconf.c servconf.c ssh.h]
- allow multiple whitespace but only one '=' between tokens, bug report from
- Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
- - provos@cvs.openbsd.org 2000/07/13 17:14:09
+20051220
+ - (dtucker) OpenBSD CVS Sync
+ - reyk@cvs.openbsd.org 2005/12/13 15:03:02
+ [serverloop.c]
+ if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
+ - jmc@cvs.openbsd.org 2005/12/16 18:07:08
+ [ssh.1]
+ move the option descriptions up the page: start of a restructure;
+ ok markus deraadt
+ - jmc@cvs.openbsd.org 2005/12/16 18:08:53
+ [ssh.1]
+ simplify a sentence;
+ - jmc@cvs.openbsd.org 2005/12/16 18:12:22
+ [ssh.1]
+ make the description of -c a little nicer;
+ - jmc@cvs.openbsd.org 2005/12/16 18:14:40
+ [ssh.1]
+ signpost the protocol sections;
+ - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
+ [ssh_config.5 session.c]
+ spelling: fowarding, fowarded
+ - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
+ [ssh_config.5]
+ spelling: intented -> intended
+ - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
+ [ssh.c]
+ exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
+
+20051219
+ - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
+ openbsd-compat/openssl-compat.h] Check for and work around broken AES
+ ciphers >128bit on (some) Solaris 10 systems. ok djm@
+
+20051217
+ - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
+ scp.c also uses, so undef them here.
+ - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
+ snprintf replacement can have a conflicting declaration in HP-UX's system
+ headers (const vs. no const) so we now check for and work around it. Patch
+ from the dynamic duo of David Leonard and Ted Percival.
+
+20051214
+ - (dtucker) OpenBSD CVS Sync (regress/)
+ - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
+ [regress/scp-ssh-wrapper.sh]
+ Fix assumption about how many args scp will pass; ok djm@
+
+20051213
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/11/30 11:18:27
+ [ssh.1]
+ timezone -> time zone
+ - jmc@cvs.openbsd.org 2005/11/30 11:45:20
+ [ssh.1]
+ avoid ambiguities in describing TZ;
+ ok djm@
+ - reyk@cvs.openbsd.org 2005/12/06 22:38:28
+ [auth-options.c auth-options.h channels.c channels.h clientloop.c]
+ [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
+ [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
+ [sshconnect.h sshd.8 sshd_config sshd_config.5]
+ Add support for tun(4) forwarding over OpenSSH, based on an idea and
+ initial channel code bits by markus@. This is a simple and easy way to
+ use OpenSSH for ad hoc virtual private network connections, e.g.
+ administrative tunnels or secure wireless access. It's based on a new
+ ssh channel and works similar to the existing TCP forwarding support,
+ except that it depends on the tun(4) network interface on both ends of
+ the connection for layer 2 or layer 3 tunneling. This diff also adds
+ support for LocalCommand in the ssh(1) client.
+ ok djm@, markus@, jmc@ (manpages), tested and discussed with others
+ - djm@cvs.openbsd.org 2005/12/07 03:52:22
[clientloop.c]
- typo; todd@fries.net
- - provos@cvs.openbsd.org 2000/07/13 17:19:31
+ reyk forgot to compile with -Werror (missing header)
+ - jmc@cvs.openbsd.org 2005/12/07 10:52:13
+ [ssh.1]
+ - avoid line split in SYNOPSIS
+ - add args to -w
+ - kill trailing whitespace
+ - jmc@cvs.openbsd.org 2005/12/08 14:59:44
+ [ssh.1 ssh_config.5]
+ make `!command' a little clearer;
+ ok reyk
+ - jmc@cvs.openbsd.org 2005/12/08 15:06:29
+ [ssh_config.5]
+ keep options in order;
+ - reyk@cvs.openbsd.org 2005/12/08 18:34:11
+ [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
+ [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
+ two changes to the new ssh tunnel support. this breaks compatibility
+ with the initial commit but is required for a portable approach.
+ - make the tunnel id u_int and platform friendly, use predefined types.
+ - support configuration of layer 2 (ethernet) or layer 3
+ (point-to-point, default) modes. configuration is done using the
+ Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
+ restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
+ in sshd_config(5).
+ ok djm@, man page bits by jmc@
+ - jmc@cvs.openbsd.org 2005/12/08 21:37:50
+ [ssh_config.5]
+ new sentence, new line;
+ - markus@cvs.openbsd.org 2005/12/12 13:46:18
+ [channels.c channels.h session.c]
+ make sure protocol messages for internal channels are ignored.
+ allow adjust messages for non-open channels; with and ok djm@
+ - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
+ again by providing a sys_tun_open() function for your platform and
+ setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
+ OpenBSD's tunnel protocol, which prepends the address family to the
+ packet
+
+20051201
+ - (djm) [envpass.sh] Remove regress script that was accidentally committed
+ in top level directory and not noticed for over a year :)
+
+20051129
+ - (tim) [ssh-keygen.c] Move DSA length test after setting default when
+ bits == 0.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
+ [ssh-keygen.c]
+ Populate default key sizes before checking them; from & ok tim@
+ - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
+ for UnixWare.
+
+20051128
+ - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
+ versions of GNU head. Based on patch from zappaman at buraphalinux.org
+ - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
+ _GNU_SOURCE instead. Patch from t8m at centrum.cz.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
+ [ssh-keygen.1 ssh-keygen.c]
+ Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
+ increase minumum RSA key size to 768 bits and update man page to reflect
+ these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
+ ok djm@, grudging ok deraadt@.
+ - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
+ [ssh-agent.1]
+ Update agent socket path templates to reflect reality, correct xref for
+ time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
+
+20051126
+ - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
+ when they're available) need the real UID set otherwise pam_chauthtok will
+ set ADMCHG after changing the password, forcing the user to change it
+ again immediately.
+
+20051125
+ - (dtucker) [configure.ac] Apply tim's fix for older systems where the
+ resolver state in resolv.h is "state" not "__res_state". With slight
+ modification by me to also work on old AIXes. ok djm@
+ - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
+ snprintf formats, fixes warnings on some 64 bit platforms. Patch from
+ shaw at vranix.com, ok djm@
+
+20051124
+ - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
+ openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
+ asprintf() implementation, after syncing our {v,}snprintf() implementation
+ with some extra fixes from Samba's version. With help and debugging from
+ dtucker and tim; ok dtucker@
+ - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
+ order in Reliant Unix block. Patch from johane at lysator.liu.se.
+ - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
+ many and use them only once. Speeds up testing on older/slower hardware.
+
+20051122
+ - (dtucker) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
+ [ssh-add.c]
+ space
+ - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
[scp.c]
- close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
- - markus@cvs.openbsd.org 2000/07/14 16:59:46
- [readconf.c servconf.c]
- allow leading whitespace. ok niels
- - djm@cvs.openbsd.org 2000/07/14 22:01:38
- [ssh-keygen.c ssh.c]
- Always create ~/.ssh with mode 700; ok Markus
- - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
- - Include floatingpoint.h for entropy.c
- - strerror replacement
-
-20000712
- - (djm) Remove -lresolve for Reliant Unix
- - (djm) OpenBSD CVS Updates:
- - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
- [session.c sshd.c ]
- make MaxStartups code still work with -d; djm
- - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
- [readconf.c ssh_config]
- disable FallBackToRsh by default
- - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
- Ben Lindstrom <mouring@pconline.com>
- - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
- spec file.
- - (djm) Released 2.1.1p3
-
-20000711
- - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
- <tbert@abac.com>
- - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
- - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
- <mouring@pconline.com>
- - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
- from Jim Watt <jimw@peisj.pebio.com>
- - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
- to compile on more platforms (incl NeXT).
- - (djm) Added bsd-inet_aton and configure support for NeXT
- - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
- - (djm) OpenBSD CVS updates:
- - markus@cvs.openbsd.org 2000/06/26 03:22:29
- [authfd.c]
- cleanup, less cut&paste
- - markus@cvs.openbsd.org 2000/06/26 15:59:19
- [servconf.c servconf.h session.c sshd.8 sshd.c]
- MaxStartups: limit number of unauthenticated connections, work by
- theo and me
- - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
- [session.c]
- use no_x11_forwarding_flag correctly; provos ok
- - provos@cvs.openbsd.org 2000/07/05 15:35:57
- [sshd.c]
- typo
- - aaron@cvs.openbsd.org 2000/07/05 22:06:58
- [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
- Insert more missing .El directives. Our troff really should identify
- these and spit out a warning.
- - todd@cvs.openbsd.org 2000/07/06 21:55:04
- [auth-rsa.c auth2.c ssh-keygen.c]
- clean code is good code
- - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
+ avoid close(-1), as in rcp; ok cloder
+ - millert@cvs.openbsd.org 2005/11/15 11:59:54
+ [includes.h]
+ Include sys/queue.h explicitly instead of assuming some other header
+ will pull it in. At the moment it gets pulled in by sys/select.h
+ (which ssh has no business including) via event.h. OK markus@
+ (ID sync only in -portable)
+ - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
+ [auth-krb5.c]
+ Perform Kerberos calls even for invalid users to prevent leaking
+ information about account validity. bz #975, patch originally from
+ Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
+ ok markus@
+ - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
+ [hostfile.c]
+ Correct format/arguments to debug call; spotted by shaw at vranix.com
+ ok djm@
+ - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
+ from shaw at vranix.com.
+
+20051120
+ - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
+ is going on.
+
+20051112
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
+ ifdef lost during sync. Spotted by tim@.
+ - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
+ - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
+ - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
+ - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
+ test: if sshd takes too long to reconfigure the subsequent connection will
+ fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
+
+20051110
+ - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
+ OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
+ "register").
+ - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
+ unnecessary prototype.
+ - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
+ revs 1.7 - 1.9.
+ - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
+ Patch from djm@.
+ - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
+ since they're not useful right now. Patch from djm@.
+ - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
+ prototypes, removal of "register").
+ - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
+ of "register").
+ - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
+ after the copyright notices. Having them at the top next to the CVSIDs
+ guarantees a conflict for each and every sync.
+ - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
+ - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
+ - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
+ Removal of rcsid, "whiteout" inode type.
+ - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
+ Removal of rcsid, will no longer strlcpy parts of the string.
+ - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
+ - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
+ - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
+ - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
+ - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
+ - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
+ - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
+ - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
+ with OpenBSD code since we don't support platforms without fstat any more.
+ - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
+ - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
+ - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
+ - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
+ - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
+ - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
+ - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
+ - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
+ - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
+ - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
+ - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
+ Id and copyright sync only, there were no substantial changes we need.
+ - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
+ -Wsign-compare fixes from djm.
+ - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
+ Id and copyright sync only, there were no substantial changes we need.
+ - (dtucker) [configure.ac] Try to get the gcc version number in a way that
+ doesn't change between versions, and use a safer default.
+
+20051105
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2005/10/07 11:13:57
+ [ssh-keygen.c]
+ change DSA default back to 1024, as it's defined for 1024 bits only
+ and this causes interop problems with other clients. moreover,
+ in order to improve the security of DSA you need to change more
+ components of DSA key generation (e.g. the internal SHA1 hash);
+ ok deraadt
+ - djm@cvs.openbsd.org 2005/10/10 10:23:08
+ [channels.c channels.h clientloop.c serverloop.c session.c]
+ fix regression I introduced in 4.2: X11 forwardings initiated after
+ a session has exited (e.g. "(sleep 5; xterm) &") would not start.
+ bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2005/10/11 23:37:37
+ [channels.c]
+ bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
+ bind() failure when a previous connection's listeners are in TIME_WAIT,
+ reported by plattner AT inf.ethz.ch; ok dtucker@
+ - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
+ [auth2-gss.c gss-genr.c gss-serv.c]
+ remove unneeded #includes; ok markus@
+ - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
+ [gss-serv.c]
+ spelling in comments
+ - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
+ [gss-serv-krb5.c gss-serv.c]
+ unused declarations; ok deraadt@
+ (id sync only for gss-serv-krb5.c)
+ - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
+ [dns.c]
+ unneeded #include, unused declaration, little knf; ok deraadt@
+ - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
+ [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
+ KNF; ok djm@
+ - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
+ [ssh-keygen.c ssh.c sshconnect2.c]
+ no trailing "\n" for log functions; ok djm@
+ - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
+ [channels.c clientloop.c]
+ free()->xfree(); ok djm@
+ - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
+ [sshconnect.c]
+ make external definition static; ok deraadt@
+ - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
+ [dns.c]
+ fix memory leaks from 2 sources:
+ 1) key_fingerprint_raw()
+ 2) malloc in dns_read_rdata()
+ ok jakob@
+ - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
+ [dns.c]
+ remove #ifdef LWRES; ok jakob@
+ - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
+ [dns.c dns.h]
+ more cleanups; ok jakob@
+ - djm@cvs.openbsd.org 2005/10/30 01:23:19
+ [ssh_config.5]
+ mention control socket fallback behaviour, reported by
+ tryponraj AT gmail.com
+ - djm@cvs.openbsd.org 2005/10/30 04:01:03
+ [ssh-keyscan.c]
+ make ssh-keygen discard junk from server before SSH- ident, spotted by
+ dave AT cirt.net; ok dtucker@
+ - djm@cvs.openbsd.org 2005/10/30 04:03:24
+ [ssh.c]
+ fix misleading debug message; ok dtucker@
+ - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
+ [canohost.c sshd.c]
+ Check for connections with IP options earlier and drop silently. ok djm@
+ - jmc@cvs.openbsd.org 2005/10/30 08:43:47
+ [ssh_config.5]
+ remove trailing whitespace;
+ - djm@cvs.openbsd.org 2005/10/30 08:52:18
+ [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
+ [ssh.c sshconnect.c sshconnect1.c sshd.c]
+ no need to escape single quotes in comments, no binary change
+ - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
+ [sftp.c]
+ Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
+ - djm@cvs.openbsd.org 2005/10/31 11:12:49
+ [ssh-keygen.1 ssh-keygen.c]
+ generate a protocol 2 RSA key by default
+ - djm@cvs.openbsd.org 2005/10/31 11:48:29
[serverloop.c]
- sense of port forwarding flag test was backwards
- - provos@cvs.openbsd.org 2000/07/08 17:17:31
- [compat.c readconf.c]
- replace strtok with strsep; from David Young <dyoung@onthejob.net>
- - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
- [auth.h]
- KNF
- - ho@cvs.openbsd.org 2000/07/08 19:27:33
- [compat.c readconf.c]
- Better conditions for strsep() ending.
- - ho@cvs.openbsd.org 2000/07/10 10:27:05
- [readconf.c]
- Get the correct message on errors. (niels@ ok)
- - ho@cvs.openbsd.org 2000/07/10 10:30:25
- [cipher.c kex.c servconf.c]
- strtok() --> strsep(). (niels@ ok)
- - (djm) Fix problem with debug mode and MaxStartups
- - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
- builds)
- - (djm) Add strsep function from OpenBSD libc for systems that lack it
-
-20000709
- - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
- Kevin Steves <stevesk@sweden.hp.com>
- - (djm) Match prototype and function declaration for rresvport_af.
- Problem report from Niklas Edmundsson <nikke@ing.umu.se>
- - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
- builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
- - (djm) Replace ut_name with ut_user. Patch from Jim Watt
- <jimw@peisj.pebio.com>
- - (djm) Fix pam sprintf fix
- - (djm) Cleanup entropy collection code a little more. Split initialisation
- from seeding, perform intialisation immediatly at start, be careful with
- uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
- - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
- Including sigaction() et al. replacements
- - (djm) AIX getuserattr() session initialisation from Tom Bertelson
- <tbert@abac.com>
-
-20000708
- - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
- Aaron Hopkins <aaron@die.net>
- - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
- Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - (djm) Fixed undefined variables for OSF SIA. Report from
- Baars, Henk <Hendrik.Baars@nl.origin-it.com>
- - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
- Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
- - (djm) Don't use inet_addr.
-
-20000702
- - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
- - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
- on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
- Chris, the Young One <cky@pobox.com>
- - (djm) Fix scp progress meter on really wide terminals. Based on patch
- from James H. Cloos Jr. <cloos@jhcloos.com>
-
-20000701
- - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
- - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
- - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
- <vinschen@cygnus.com>
- - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
- - (djm) Added check for broken snprintf() functions which do not correctly
- terminate output string and attempt to use replacement.
- - (djm) Released 2.1.1p2
-
-20000628
- - (djm) Fixes to lastlog code for Irix
- - (djm) Use atomicio in loginrec
- - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
- Irix 6.x array sessions, project id's, and system audit trail id.
- - (djm) Added 'distprep' make target to simplify packaging
- - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
- support. Enable using "USE_SIA=1 ./configure [options]"
-
-20000627
- - (djm) Fixes to login code - not setting li->uid, cleanups
- - (djm) Formatting
-
-20000626
- - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
- - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- - (djm) Added password expiry checking (no password change support)
- - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
- based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - (djm) Fix fixed EGD code.
- - OpenBSD CVS update
- - provos@cvs.openbsd.org 2000/06/25 14:17:58
+ make sure we clean up wtmp, etc. file when we receive a SIGTERM,
+ SIGINT or SIGQUIT when running without privilege separation (the
+ normal privsep case is already OK). Patch mainly by dtucker@ and
+ senthilkumar_sen AT hotpop.com; ok dtucker@
+ - jmc@cvs.openbsd.org 2005/10/31 19:55:25
+ [ssh-keygen.1]
+ grammar;
+ - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
+ [canohost.c]
+ Cache reverse lookups with and without DNS separately; ok markus@
+ - djm@cvs.openbsd.org 2005/11/04 05:15:59
+ [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
+ remove hardcoded hash lengths in key exchange code, allowing
+ implementation of KEX methods with different hashes (e.g. SHA-256);
+ ok markus@ dtucker@ stevesk@
+ - djm@cvs.openbsd.org 2005/11/05 05:01:15
+ [bufaux.c]
+ Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
+ cs.stanford.edu; ok dtucker@
+ - (dtucker) [README.platform] Add PAM section.
+ - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
+ resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
+ ok dtucker@
+
+20051102
+ - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
+ Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
+ via FreeBSD.
+
+20051030
+ - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
+ sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
+ files from imorgan AT nas.nasa.gov
+ - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
+ enabled, instead allow PAM to handle it. Note that on platforms using PAM,
+ the pam_nologin module should be added to sshd's session stack in order to
+ maintain exising behaviour. Based on patch and discussion from t8m at
+ centrum.cz, ok djm@
+
+20051025
+ - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
+ sizeof(long long) checks, to make fixing bug #1104 easier (no changes
+ yet).
+ - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
+ understand "%lld", even though the compiler has "long long", so handle
+ it as a special case. Patch tested by mcaskill.scott at epa.gov.
+ - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
+ prompt. Patch from vinschen at redhat.com.
+
+20051017
+ - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
+ /etc/default/login report and testing from aabaker at iee.org, corrections
+ from tim@.
+
+20051009
+ - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
+ versions from OpenBSD. ok djm@
+
+20051008
+ - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
+ brian.smith at agilent com.
+ - (djm) [configure.ac] missing 'test' call for -with-Werror test
+
+20051005
+ - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
+ "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
+ senthilkumar_sen at hotpop.com.
+
+20051003
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2005/09/07 08:53:53
[channels.c]
- correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
-
-20000623
- - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
- Svante Signell <svante.signell@telia.com>
- - (djm) Autoconf logic to define sa_family_t if it is missing
- - OpenBSD CVS Updates:
- - markus@cvs.openbsd.org 2000/06/22 10:32:27
+ enforce chanid != NULL; ok djm
+ - markus@cvs.openbsd.org 2005/09/09 19:18:05
+ [clientloop.c]
+ typo; from mark at mcs.vuw.ac.nz, bug #1082
+ - djm@cvs.openbsd.org 2005/09/13 23:40:07
+ [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+ scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+ ensure that stdio fds are attached; ok deraadt@
+ - djm@cvs.openbsd.org 2005/09/19 11:37:34
+ [ssh_config.5 ssh.1]
+ mention ability to specify bind_address for DynamicForward and -D options;
+ bz#1077 spotted by Haruyama Seigo
+ - djm@cvs.openbsd.org 2005/09/19 11:47:09
[sshd.c]
- missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
- - djm@cvs.openbsd.org 2000/06/22 17:55:00
- [auth-krb4.c key.c radix.c uuencode.c]
- Missing CVS idents; ok markus
-
-20000622
- - (djm) Automatically generate host key during "make install". Suggested
- by Gary E. Miller <gem@rellim.com>
- - (djm) Paranoia before kill() system call
- - OpenBSD CVS Updates:
- - markus@cvs.openbsd.org 2000/06/18 18:50:11
- [auth2.c compat.c compat.h sshconnect2.c]
- make userauth+pubkey interop with ssh.com-2.2.0
- - markus@cvs.openbsd.org 2000/06/18 20:56:17
- [dsa.c]
- mem leak + be more paranoid in dsa_verify.
- - markus@cvs.openbsd.org 2000/06/18 21:29:50
- [key.c]
- cleanup fingerprinting, less hardcoded sizes
- - markus@cvs.openbsd.org 2000/06/19 19:39:45
- [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
- [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
- [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
- [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
- [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
- [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
- [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
- [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
- [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
- OpenBSD tag
- - markus@cvs.openbsd.org 2000/06/21 10:46:10
- sshconnect2.c missing free; nuke old comment
-
-20000620
- - (djm) Replace use of '-o' and '-a' logical operators in configure tests
- with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
- to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
- - (djm) Typo in loginrec.c
-
-20000618
- - (djm) Add summary of configure options to end of ./configure run
- - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
- Michael Stone <mstone@cs.loyola.edu>
- - (djm) rusage is a privileged operation on some Unices (incl.
- Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
- - (djm) Avoid PAM failures when running without a TTY. Report from
- Martin Petrak <petrak@spsknm.schools.sk>
- - (djm) Include sys/types.h when including netinet/in.h in configure tests.
- Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
- - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
- - OpenBSD CVS updates:
- - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
- [channels.c]
- everyone says "nix it" (remove protocol 2 debugging message)
- - markus@cvs.openbsd.org 2000/06/17 13:24:34
- [sshconnect.c]
- allow extended server banners
- - markus@cvs.openbsd.org 2000/06/17 14:30:10
- [sshconnect.c]
- missing atomicio, typo
- - jakob@cvs.openbsd.org 2000/06/17 16:52:34
- [servconf.c servconf.h session.c sshd.8 sshd_config]
- add support for ssh v2 subsystems. ok markus@.
- - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
- [readconf.c servconf.c]
- include = in WHITESPACE; markus ok
- - markus@cvs.openbsd.org 2000/06/17 19:09:10
- [auth2.c]
- implement bug compatibility with ssh-2.0.13 pubkey, server side
- - markus@cvs.openbsd.org 2000/06/17 21:00:28
- [compat.c]
- initial support for ssh.com's 2.2.0
- - markus@cvs.openbsd.org 2000/06/17 21:16:09
- [scp.c]
- typo
- - markus@cvs.openbsd.org 2000/06/17 22:05:02
- [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
- split auth-rsa option parsing into auth-options
- add options support to authorized_keys2
- - markus@cvs.openbsd.org 2000/06/17 22:42:54
- [session.c]
+ stop connection abort on rekey with delayed compression enabled when
+ post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
+ - djm@cvs.openbsd.org 2005/09/19 11:48:10
+ [gss-serv.c]
typo
-
-20000613
- - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
- - Platform define for SCO 3.x which breaks on /dev/ptmx
- - Detect and try to fix missing MAXPATHLEN
- - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
- <P.S.S.Camp@ukc.ac.uk>
-
-20000612
- - (djm) Glob manpages in RPM spec files to catch compressed files
- - (djm) Full license in auth-pam.c
- - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
- - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
- - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
- def'd
- - Set AIX to use preformatted manpages
-
-20000610
- - (djm) Minor doc tweaks
- - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
-
-20000609
- - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
- (in favour of utmpx) on Solaris 8
-
-20000606
- - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
- list of commands (by default). Removed verbose debugging (by default).
- - (djm) Increased command entropy estimates and default entropy collection
- timeout
- - (djm) Remove duplicate headers from loginrec.c
- - (djm) Don't add /usr/local/lib to library search path on Irix
- - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
- <tibbs@math.uh.edu>
- - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
- <zack@wolery.cumb.org>
- - (djm) OpenBSD CVS updates:
- - todd@cvs.openbsd.org
- [sshconnect2.c]
- teach protocol v2 to count login failures properly and also enable an
- explanation of why the password prompt comes up again like v1; this is NOT
- crypto
- - markus@cvs.openbsd.org
- [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
- xauth_location support; pr 1234
- [readconf.c sshconnect2.c]
- typo, unused
- [session.c]
- allow use_login only for login sessions, otherwise remote commands are
- execed with uid==0
- [sshd.8]
- document UseLogin better
- [version.h]
- OpenSSH 2.1.1
- [auth-rsa.c]
- fix match_hostname() logic for auth-rsa: deny access if we have a
- negative match or no match at all
- [channels.c hostfile.c match.c]
- don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
- kris@FreeBSD.org
-
-20000606
- - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
- configure.
-
-20000604
- - Configure tweaking for new login code on Irix 5.3
- - (andre) login code changes based on djm feedback
-
-20000603
- - (andre) New login code
- - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
- - Add loginrec.[ch], logintest.c and autoconf code
-
-20000531
- - Cleanup of auth.c, login.c and fake-*
- - Cleanup of auth-pam.c, save and print "account expired" error messages
- - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
- - Rewrote bsd-login to use proper utmp API if available. Major cleanup
- of fallback DIY code.
-
-20000530
- - Define atexit for old Solaris
- - Fix buffer overrun in login.c for systems which use syslen in utmpx.
- patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
- - OpenBSD CVS updates:
- - markus@cvs.openbsd.org
- [session.c]
- make x11-fwd work w/ localhost (xauth add host/unix:11)
- [cipher.c compat.c readconf.c servconf.c]
- check strtok() != NULL; ok niels@
- [key.c]
- fix key_read() for uuencoded keys w/o '='
- [serverloop.c]
- group ssh1 vs. ssh2 in serverloop
- [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
- split kexinit/kexdh, factor out common code
- [readconf.c ssh.1 ssh.c]
- forwardagent defaults to no, add ssh -A
- - theo@cvs.openbsd.org
- [session.c]
- just some line shortening
- - Released 2.1.0p3
-
-20000520
- - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
- - Don't touch utmp if USE_UTMPX defined
- - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
- - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
- - HPUX and Configure fixes from Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - Use mkinstalldirs script to make directories instead of non-portable
- "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - Doc cleanup
-
-20000518
- - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
- - OpenBSD CVS updates:
- - markus@cvs.openbsd.org
- [sshconnect.c]
- copy only ai_addrlen bytes; misiek@pld.org.pl
- [auth.c]
- accept an empty shell in authentication; bug reported by
- chris@tinker.ucr.edu
- [serverloop.c]
- we don't have stderr for interactive terminal sessions (fcntl errors)
-
-20000517
- - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
- - Fixes command line printing segfaults (spotter: Bladt Norbert)
- - Fixes erroneous printing of debug messages to syslog
- - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
- - Gives useful error message if PRNG initialisation fails
- - Reduced ssh startup delay
- - Measures cumulative command time rather than the time between reads
- after select()
- - 'fixprogs' perl script to eliminate non-working entropy commands, and
- optionally run 'ent' to measure command entropy
- - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
- - Avoid WCOREDUMP complation errors for systems that lack it
- - Avoid SIGCHLD warnings from entropy commands
- - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
- - OpenBSD CVS update:
- - markus@cvs.openbsd.org
- [ssh.c]
- fix usage()
- [ssh2.h]
- draft-ietf-secsh-architecture-05.txt
- [ssh.1]
- document ssh -T -N (ssh2 only)
- [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
- enable nonblocking IO for sshd w/ proto 1, too; split out common code
- [aux.c]
- missing include
- - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
- - INSTALL typo and URL fix
- - Makefile fix
- - Solaris fixes
- - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
- <ksakai@kso.netwk.ntt-at.co.jp>
- - RSAless operation patch from kevin_oconnor@standardandpoors.com
- - Detect OpenSSL seperatly from RSA
- - Better test for RSA (more compatible with RSAref). Based on work by
- Ed Eden <ede370@stl.rural.usda.gov>
-
-20000513
- - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
- <misiek@pld.org.pl>
-
-20000511
- - Fix for prng_seed permissions checking from Lutz Jaenicke
- <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- - "make host-key" fix for Irix
-
-20000509
- - OpenBSD CVS update
- - markus@cvs.openbsd.org
- [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
- [ssh.h sshconnect1.c sshconnect2.c sshd.8]
- - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
- - hugh@cvs.openbsd.org
- [ssh.1]
- - zap typo
- [ssh-keygen.1]
- - One last nit fix. (markus approved)
- [sshd.8]
- - some markus certified spelling adjustments
- - markus@cvs.openbsd.org
- [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
- [sshconnect2.c ]
- - bug compat w/ ssh-2.0.13 x11, split out bugs
- [nchan.c]
- - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
- [ssh-keygen.c]
- - handle escapes in real and original key format, ok millert@
- [version.h]
- - OpenSSH-2.1
- - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
- - Doc updates
- - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
- by Andre Lucas <andre.lucas@dial.pipex.com>
-
-20000508
- - Makefile and RPM spec fixes
- - Generate DSA host keys during "make key" or RPM installs
- - OpenBSD CVS update
- - markus@cvs.openbsd.org
- [clientloop.c sshconnect2.c]
- - make x11-fwd interop w/ ssh-2.0.13
- [README.openssh2]
- - interop w/ SecureFX
- - Release 2.0.0beta2
-
- - Configure caching and cleanup patch from Andre Lucas'
- <andre.lucas@dial.pipex.com>
-
-20000507
- - Remove references to SSLeay.
- - Big OpenBSD CVS update
- - markus@cvs.openbsd.org
- [clientloop.c]
- - typo
- [session.c]
- - update proctitle on pty alloc/dealloc, e.g. w/ windows client
- [session.c]
- - update proctitle for proto 1, too
- [channels.h nchan.c serverloop.c session.c sshd.c]
- - use c-style comments
- - deraadt@cvs.openbsd.org
- [scp.c]
- - more atomicio
- - markus@cvs.openbsd.org
- [channels.c]
- - set O_NONBLOCK
- [ssh.1]
- - update AUTHOR
- [readconf.c ssh-keygen.c ssh.h]
- - default DSA key file ~/.ssh/id_dsa
- [clientloop.c]
- - typo, rm verbose debug
- - deraadt@cvs.openbsd.org
- [ssh-keygen.1]
- - document DSA use of ssh-keygen
- [sshd.8]
- - a start at describing what i understand of the DSA side
- [ssh-keygen.1]
- - document -X and -x
- [ssh-keygen.c]
- - simplify usage
- - markus@cvs.openbsd.org
- [sshd.8]
- - there is no rhosts_dsa
- [ssh-keygen.1]
- - document -y, update -X,-x
- [nchan.c]
- - fix close for non-open ssh1 channels
- [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- - s/DsaKey/HostDSAKey/, document option
- [sshconnect2.c]
- - respect number_of_password_prompts
- [channels.c channels.h servconf.c servconf.h session.c sshd.8]
- - GatewayPorts for sshd, ok deraadt@
- [ssh-add.1 ssh-agent.1 ssh.1]
- - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
- [ssh.1]
- - more info on proto 2
- [sshd.8]
- - sync AUTHOR w/ ssh.1
- [key.c key.h sshconnect.c]
- - print key type when talking about host keys
- [packet.c]
- - clear padding in ssh2
- [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- - replace broken uuencode w/ libc b64_ntop
- [auth2.c]
- - log failure before sending the reply
- [key.c radix.c uuencode.c]
- - remote trailing comments before calling __b64_pton
- [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
- [sshconnect2.c sshd.8]
- - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
-
-20000502
- - OpenBSD CVS update
- [channels.c]
- - init all fds, close all fds.
- [sshconnect2.c]
- - check whether file exists before asking for passphrase
- [servconf.c servconf.h sshd.8 sshd.c]
- - PidFile, pr 1210
- [channels.c]
- - EINTR
- [channels.c]
- - unbreak, ok niels@
- [sshd.c]
- - unlink pid file, ok niels@
- [auth2.c]
- - Add missing #ifdefs; ok - markus
- - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
- gathering commands from a text file
- - Release 2.0.0beta1
-
-20000501
- - OpenBSD CVS update
- [packet.c]
- - send debug messages in SSH2 format
- [scp.c]
- - fix very rare EAGAIN/EINTR issues; based on work by djm
- [packet.c]
- - less debug, rm unused
- [auth2.c]
- - disable kerb,s/key in ssh2
- [sshd.8]
- - Minor tweaks and typo fixes.
- [ssh-keygen.c]
- - Put -d into usage and reorder. markus ok.
- - Include missing headers for OpenSSL tests. Fix from Phil Karn
- <karn@ka9q.ampr.org>
- - Fixed __progname symbol collisions reported by Andre Lucas
- <andre.lucas@dial.pipex.com>
- - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
- <gd@hilb1.medat.de>
- - Add some missing ifdefs to auth2.c
- - Deprecate perl-tk askpass.
- - Irix portability fixes - don't include netinet headers more than once
- - Make sure we don't save PRNG seed more than once
-
-20000430
- - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
- - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
- patch.
- - Adds timeout to entropy collection
- - Disables slow entropy sources
- - Load and save seed file
- - Changed entropy seed code to user per-user seeds only (server seed is
- saved in root's .ssh directory)
- - Use atexit() and fatal cleanups to save seed on exit
- - More OpenBSD updates:
- [session.c]
- - don't call chan_write_failed() if we are not writing
- [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
- - keysize warnings error() -> log()
-
-20000429
- - Merge big update to OpenSSH-2.0 from OpenBSD CVS
- [README.openssh2]
- - interop w/ F-secure windows client
- - sync documentation
- - ssh_host_dsa_key not ssh_dsa_key
- [auth-rsa.c]
- - missing fclose
- [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
- [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
- [sshd.c uuencode.c uuencode.h authfile.h]
- - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
- for trading keys with the real and the original SSH, directly from the
- people who invented the SSH protocol.
- [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
- [sshconnect1.c sshconnect2.c]
- - split auth/sshconnect in one file per protocol version
- [sshconnect2.c]
- - remove debug
- [uuencode.c]
- - add trailing =
- [version.h]
- - OpenSSH-2.0
- [ssh-keygen.1 ssh-keygen.c]
- - add -R flag: exit code indicates if RSA is alive
- [sshd.c]
- - remove unused
- silent if -Q is specified
- [ssh.h]
- - host key becomes /etc/ssh_host_dsa_key
- [readconf.c servconf.c ]
- - ssh/sshd default to proto 1 and 2
- [uuencode.c]
- - remove debug
- [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
- - xfree DSA blobs
- [auth2.c serverloop.c session.c]
- - cleanup logging for sshd/2, respect PasswordAuth no
- [sshconnect2.c]
- - less debug, respect .ssh/config
- [README.openssh2 channels.c channels.h]
- - clientloop.c session.c ssh.c
- - support for x11-fwding, client+server
-
-20000421
- - Merge fix from OpenBSD CVS
- [ssh-agent.c]
- - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
- via Debian bug #59926
- - Define __progname in session.c if libc doesn't
- - Remove indentation on autoconf #include statements to avoid bug in
- DEC Tru64 compiler. Report and fix from David Del Piero
- <David.DelPiero@qed.qld.gov.au>
-
-20000420
- - Make fixpaths work with perl4, patch from Andre Lucas
- <andre.lucas@dial.pipex.com>
- - Sync with OpenBSD CVS:
- [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
- - pid_t
- [session.c]
- - remove bogus chan_read_failed. this could cause data
- corruption (missing data) at end of a SSH2 session.
- - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
- - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
- - Use vhangup to clean up Linux ttys
- - Force posix getopt processing on GNU libc systems
- - Debian bug #55910 - remove references to ssl(8) manpages
- - Debian bug #58031 - ssh_config lies about default cipher
-
-20000419
- - OpenBSD CVS updates
- [channels.c]
- - fix pr 1196, listen_port and port_to_connect interchanged
- [scp.c]
- - after completion, replace the progress bar ETA counter with a final
- elapsed time; my idea, aaron wrote the patch
- [ssh_config sshd_config]
- - show 'Protocol' as an example, ok markus@
- [sshd.c]
- - missing xfree()
- - Add missing header to bsd-misc.c
-
-20000416
- - Reduce diff against OpenBSD source
- - All OpenSSL includes are now unconditionally referenced as
- openssl/foo.h
- - Pick up formatting changes
- - Other minor changed (typecasts, etc) that I missed
-
-20000415
- - OpenBSD CVS updates.
- [ssh.1 ssh.c]
- - ssh -2
- [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
- [session.c sshconnect.c]
- - check payload for (illegal) extra data
- [ALL]
- whitespace cleanup
-
-20000413
- - INSTALL doc updates
- - Merged OpenBSD updates to include paths.
-
-20000412
- - OpenBSD CVS updates:
- - [channels.c]
- repair x11-fwd
- - [sshconnect.c]
- fix passwd prompt for ssh2, less debugging output.
- - [clientloop.c compat.c dsa.c kex.c sshd.c]
- less debugging output
- - [kex.c kex.h sshconnect.c sshd.c]
- check for reasonable public DH values
- - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
- [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
- add Cipher and Protocol options to ssh/sshd, e.g.:
- ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
- arcfour,3des-cbc'
- - [sshd.c]
- print 1.99 only if server supports both
-
-20000408
- - Avoid some compiler warnings in fake-get*.c
- - Add IPTOS macros for systems which lack them
- - Only set define entropy collection macros if they are found
- - More large OpenBSD CVS updates:
- - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
- [session.h ssh.h sshd.c README.openssh2]
- ssh2 server side, see README.openssh2; enable with 'sshd -2'
- - [channels.c]
- no adjust after close
- - [sshd.c compat.c ]
- interop w/ latest ssh.com windows client.
-
-20000406
- - OpenBSD CVS update:
- - [channels.c]
- close efd on eof
- - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
- ssh2 client implementation, interops w/ ssh.com and lsh servers.
- - [sshconnect.c]
- missing free.
- - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
- remove unused argument, split cipher_mask()
- - [clientloop.c]
- re-order: group ssh1 vs. ssh2
- - Make Redhat spec require openssl >= 0.9.5a
-
-20000404
- - Add tests for RAND_add function when searching for OpenSSL
- - OpenBSD CVS update:
- - [packet.h packet.c]
- ssh2 packet format
- - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
- [channels.h channels.c]
- channel layer support for ssh2
- - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
- DSA, keyexchange, algorithm agreement for ssh2
- - Generate manpages before make install not at the end of make all
- - Don't seed the rng quite so often
- - Always reseed rng when requested
-
-20000403
- - Wrote entropy collection routines for systems that lack /dev/random
- and EGD
- - Disable tests and typedefs for 64 bit types. They are currently unused.
-
-20000401
- - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- - [auth.c session.c sshd.c auth.h]
- split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
- - [bufaux.c bufaux.h]
- support ssh2 bignums
- - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
- [readconf.c ssh.c ssh.h serverloop.c]
- replace big switch() with function tables (prepare for ssh2)
- - [ssh2.h]
- ssh2 message type codes
- - [sshd.8]
- reorder Xr to avoid cutting
- - [serverloop.c]
- close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
- - [channels.c]
- missing close
- allow bigger packets
- - [cipher.c cipher.h]
- support ssh2 ciphers
- - [compress.c]
- cleanup, less code
- - [dispatch.c dispatch.h]
- function tables for different message types
- - [log-server.c]
- do not log() if debuggin to stderr
- rename a cpp symbol, to avoid param.h collision
- - [mpaux.c]
- KNF
- - [nchan.c]
- sync w/ channels.c
-
-20000326
- - Better tests for OpenSSL w/ RSAref
- - Added replacement setenv() function from OpenBSD libc. Suggested by
- Ben Lindstrom <mouring@pconline.com>
- - OpenBSD CVS update
- - [auth-krb4.c]
- -Wall
- - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
- [match.h ssh.c ssh.h sshconnect.c sshd.c]
- initial support for DSA keys. ok deraadt@, niels@
- - [cipher.c cipher.h]
- remove unused cipher_attack_detected code
- - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
- Fix some formatting problems I missed before.
- - [ssh.1 sshd.8]
- fix spelling errors, From: FreeBSD
- - [ssh.c]
- switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
-
-20000324
- - Released 1.2.3
-
-20000317
- - Clarified --with-default-path option.
- - Added -blibpath handling for AIX to work around stupid runtime linking.
- Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
- <jmknoble@jmknoble.cx>
- - Checks for 64 bit int types. Problem report from Mats Fredholm
- <matsf@init.se>
- - OpenBSD CVS updates:
- - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
- [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+ - jmc@cvs.openbsd.org 2005/09/19 15:38:27
+ [ssh.1]
+ some more .Bk/.Ek to avoid ugly line split;
+ - jmc@cvs.openbsd.org 2005/09/19 15:42:44
+ [ssh.c]
+ update -D usage here too;
+ - djm@cvs.openbsd.org 2005/09/19 23:31:31
+ [ssh.1]
+ spelling nit from stevesk@
+ - djm@cvs.openbsd.org 2005/09/21 23:36:54
+ [sshd_config.5]
+ aquire -> acquire, from stevesk@
+ - djm@cvs.openbsd.org 2005/09/21 23:37:11
[sshd.c]
- pedantic: signed vs. unsigned, void*-arithm, etc
- - [ssh.1 sshd.8]
- Various cleanups and standardizations.
- - Runtime error fix for HPUX from Otmar Stahl
- <O.Stahl@lsw.uni-heidelberg.de>
-
-20000316
- - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
- Hesprich <dghespri@sprintparanet.com>
- - Propogate LD through to Makefile
- - Doc cleanups
- - Added blurb about "scp: command not found" errors to UPGRADING
-
-20000315
- - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
- problems with gcc/Solaris.
- - Don't free argument to putenv() after use (in setenv() replacement).
- Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
- - Created contrib/ subdirectory. Included helpers from Phil Hands'
- Debian package, README file and chroot patch from Ricardo Cerqueira
- <rmcc@clix.pt>
- - Moved gnome-ssh-askpass.c to contrib directory and removed config
- option.
- - Slight cleanup to doc files
- - Configure fix from Bratislav ILICH <bilic@zepter.ru>
-
-20000314
- - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
- peter@frontierflying.com
- - Include /usr/local/include and /usr/local/lib for systems that don't
- do it themselves
- - -R/usr/local/lib for Solaris
- - Fix RSAref detection
- - Fix IN6_IS_ADDR_V4MAPPED macro
-
-20000311
- - Detect RSAref
- - OpenBSD CVS change
- [sshd.c]
- - disallow guessing of root password
- - More configure fixes
- - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
-
-20000309
- - OpenBSD CVS updates to v1.2.3
- [ssh.h atomicio.c]
- - int atomicio -> ssize_t (for alpha). ok deraadt@
- [auth-rsa.c]
- - delay MD5 computation until client sends response, free() early, cleanup.
- [cipher.c]
- - void* -> unsigned char*, ok niels@
- [hostfile.c]
- - remove unused variable 'len'. fix comments.
- - remove unused variable
- [log-client.c log-server.c]
- - rename a cpp symbol, to avoid param.h collision
- [packet.c]
- - missing xfree()
- - getsockname() requires initialized tolen; andy@guildsoftware.com
- - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
- from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [pty.c pty.h]
- - register cleanup for pty earlier. move code for pty-owner handling to
- pty.c ok provos@, dugsong@
- [readconf.c]
- - turn off x11-fwd for the client, too.
- [rsa.c]
- - PKCS#1 padding
- [scp.c]
- - allow '.' in usernames; from jedgar@fxp.org
- [servconf.c]
- - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
- - sync with sshd_config
- [ssh-keygen.c]
- - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
- [ssh.1]
- - Change invalid 'CHAT' loglevel to 'VERBOSE'
- [ssh.c]
- - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
- - turn off x11-fwd for the client, too.
- [sshconnect.c]
- - missing xfree()
- - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
- - read error vs. "Connection closed by remote host"
- [sshd.8]
- - ie. -> i.e.,
- - do not link to a commercial page..
- - sync with sshd_config
- [sshd.c]
- - no need for poll.h; from bright@wintelcom.net
- - log with level log() not fatal() if peer behaves badly.
- - don't panic if client behaves strange. ok deraadt@
- - make no-port-forwarding for RSA keys deny both -L and -R style fwding
- - delay close() of pty until the pty has been chowned back to root
- - oops, fix comment, too.
- - missing xfree()
- - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
- (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
- - register cleanup for pty earlier. move code for pty-owner handling to
- pty.c ok provos@, dugsong@
- - create x11 cookie file
- - fix pr 1113, fclose() -> pclose(), todo: remote popen()
- - version 1.2.3
- - Cleaned up
- - Removed warning workaround for Linux and devpts filesystems (no longer
- required after OpenBSD updates)
-
-20000308
- - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
-
-20000307
- - Released 1.2.2p1
-
-20000305
- - Fix DEC compile fix
- - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
- - Check for getpagesize in libucb.a if not found in libc. Fix for old
- Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
- - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
- Mate Wierdl <mw@moni.msci.memphis.edu>
-
-20000303
- - Added "make host-key" target, Suggestion from Dominik Brettnacher
- <domi@saargate.de>
- - Don't permanently fail on bind() if getaddrinfo has more choices left for
- us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
- Miskiewicz <misiek@pld.org.pl>
- - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
- - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
-
-20000302
- - Big cleanup of autoconf code
- - Rearranged to be a little more logical
- - Added -R option for Solaris
- - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
- to detect library and header location _and_ ensure library has proper
- RSA support built in (this is a problem with OpenSSL 0.9.5).
- - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
- - Avoid warning message with Unix98 ptys
- - Warning was valid - possible race condition on PTYs. Avoided using
- platform-specific code.
- - Document some common problems
- - Allow root access to any key. Patch from
- markus.friedl@informatik.uni-erlangen.de
-
-20000207
- - Removed SOCKS code. Will support through a ProxyCommand.
-
-20000203
- - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
- - Add --with-ssl-dir option
-
-20000202
- - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
- <jmd@aoe.vt.edu>
- - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- - Added URLs to Japanese translations of documents by HARUYAMA Seigo
- <haruyama@nt.phys.s.u-tokyo.ac.jp>
-
-20000201
- - Use socket pairs by default (instead of pipes). Prevents race condition
- on several (buggy) OSs. Report and fix from tridge@linuxcare.com
-
-20000127
- - Seed OpenSSL's random number generator before generating RSA keypairs
- - Split random collector into seperate file
- - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
-
-20000126
- - Released 1.2.2 stable
-
- - NeXT keeps it lastlog in /usr/adm. Report from
- mouring@newton.pconline.com
- - Added note in UPGRADING re interop with commercial SSH using idea.
- Report from Jim Knoble <jmknoble@jmknoble.cx>
- - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
- <Holger.Trapp@Informatik.TU-Chemnitz.DE>
-
-20000125
- - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
- <andre.lucas@dial.pipex.com>
- - Reorder PAM initialisation so it does not mess up lastlog. Reported
- by Andre Lucas <andre.lucas@dial.pipex.com>
- - Use preformatted manpages on SCO, report from Gary E. Miller
- <gem@rellim.com>
- - New URL for x11-ssh-askpass.
- - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
- <jmknoble@jmknoble.cx>
- - Added 'DESTDIR' option to Makefile to ease package building. Patch from
- Jim Knoble <jmknoble@jmknoble.cx>
- - Updated RPM spec files to use DESTDIR
-
-20000124
- - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
- increment)
-
-20000123
- - OpenBSD CVS:
- - [packet.c]
- getsockname() requires initialized tolen; andy@guildsoftware.com
- - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
- <drankin@bohemians.lexington.ky.us>
- - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
-
-20000122
- - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
- <bent@clark.net>
- - Merge preformatted manpage patch from Andre Lucas
- <andre.lucas@dial.pipex.com>
- - Make IPv4 use the default in RPM packages
- - Irix uses preformatted manpages
- - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
- <Holger.Trapp@Informatik.TU-Chemnitz.DE>
- - OpenBSD CVS updates:
- - [packet.c]
- use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
- from Holger.Trapp@Informatik.TU-Chemnitz.DE
- - [sshd.c]
- log with level log() not fatal() if peer behaves badly.
- - [readpass.c]
- instead of blocking SIGINT, catch it ourselves, so that we can clean
- the tty modes up and kill ourselves -- instead of our process group
- leader (scp, cvs, ...) going away and leaving us in noecho mode.
- people with cbreak shells never even noticed..
- - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
- ie. -> i.e.,
-
-20000120
- - Don't use getaddrinfo on AIX
- - Update to latest OpenBSD CVS:
- - [auth-rsa.c]
- - fix user/1056, sshd keeps restrictions; dbt@meat.net
- - [sshconnect.c]
- - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- - destroy keys earlier
- - split key exchange (kex) and user authentication (user-auth),
- ok: provos@
- - [sshd.c]
- - no need for poll.h; from bright@wintelcom.net
- - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- - split key exchange (kex) and user authentication (user-auth),
- ok: provos@
- - Big manpage and config file cleanup from Andre Lucas
- <andre.lucas@dial.pipex.com>
- - Re-added latest (unmodified) OpenBSD manpages
- - Doc updates
- - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
- Christos Zoulas <christos@netbsd.org>
-
-20000119
- - SCO compile fixes from Gary E. Miller <gem@rellim.com>
- - Compile fix from Darren_Hall@progressive.com
- - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
- addresses using getaddrinfo(). Added a configure switch to make the
- default lookup mode AF_INET
-
-20000118
- - Fixed --with-pid-dir option
- - Makefile fix from Gary E. Miller <gem@rellim.com>
- - Compile fix for HPUX and Solaris from Andre Lucas
- <andre.lucas@dial.pipex.com>
-
-20000117
- - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
- port, ignore EINVAL errors (Linux) when searching for free port.
- - Revert __snprintf -> snprintf aliasing. Apparently Solaris
- __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
- - Document location of Redhat PAM file in INSTALL.
- - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
- INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
- deliver (no IPv6 kernel support)
- - Released 1.2.1pre27
-
- - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
- - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
- <jhuuskon@hytti.uku.fi>
- - Fix hang on logout if processes are still using the pty. Needs
- further testing.
- - Patch from Christos Zoulas <christos@zoulas.com>
- - Try $prefix first when looking for OpenSSL.
- - Include sys/types.h when including sys/socket.h in test programs
- - Substitute PID directory in sshd.8. Suggestion from Andrew
- Stribblehill <a.d.stribblehill@durham.ac.uk>
-
-20000116
- - Renamed --with-xauth-path to --with-xauth
- - Added --with-pid-dir option
- - Released 1.2.1pre26
-
- - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
- - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
- openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
-
-20000115
- - Add --with-xauth-path configure directive and explicit test for
- /usr/openwin/bin/xauth for Solaris systems. Report from Anders
- Nordby <anders@fix.no>
- - Fix incorrect detection of /dev/ptmx on Linux systems that lack
- openpty. Report from John Seifarth <john@waw.be>
- - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
- sys/types.h. Fixes problems on SCO, report from Gary E. Miller
- <gem@rellim.com>
- - Use __snprintf and __vnsprintf if they are found where snprintf and
- vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
- and others.
-
-20000114
- - Merged OpenBSD IPv6 patch:
- - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
- [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
- [hostfile.c sshd_config]
- ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
- features: sshd allows multiple ListenAddress and Port options. note
- that libwrap is not IPv6-ready. (based on patches from
- fujiwara@rcac.tdi.co.jp)
- - [ssh.c canohost.c]
- more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
- from itojun@
- - [channels.c]
- listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
- - [packet.h]
- allow auth-kerberos for IPv4 only
- - [scp.1 sshd.8 servconf.h scp.c]
- document -4, -6, and 'ssh -L 2022/::1/22'
- - [ssh.c]
- 'ssh @host' is illegal (null user name), from
- karsten@gedankenpolizei.de
- - [sshconnect.c]
- better error message
- - [sshd.c]
- allow auth-kerberos for IPv4 only
- - Big IPv6 merge:
- - Cleanup overrun in sockaddr copying on RHL 6.1
- - Replacements for getaddrinfo, getnameinfo, etc based on versions
- from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
- - Replacement for missing structures on systems that lack IPv6
- - record_login needed to know about AF_INET6 addresses
- - Borrowed more code from OpenBSD: rresvport_af and requisites
-
-20000110
- - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
-
-20000107
- - New config.sub and config.guess to fix problems on SCO. Supplied
- by Gary E. Miller <gem@rellim.com>
- - SCO build fix from Gary E. Miller <gem@rellim.com>
- - Released 1.2.1pre25
-
-20000106
- - Documentation update & cleanup
- - Better KrbIV / AFS detection, based on patch from:
- Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
-
-20000105
- - Fixed annoying DES corruption problem. libcrypt has been
- overriding symbols in libcrypto. Removed libcrypt and crypt.h
- altogether (libcrypto includes its own crypt(1) replacement)
- - Added platform-specific rules for Irix 6.x. Included warning that
- they are untested.
-
-20000103
- - Add explicit make rules for files proccessed by fixpaths.
- - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
- <tnh@kondara.org>
- - Removed "nullok" directive from default PAM configuration files.
- Added information on enabling EmptyPasswords on openssh+PAM in
- UPGRADING file.
- - OpenBSD CVS updates
- - [ssh-agent.c]
- cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
- dgaudet@arctic.org
- - [sshconnect.c]
- compare correct version for 1.3 compat mode
-
-20000102
- - Prevent multiple inclusion of config.h and defines.h. Suggested
- by Andre Lucas <andre.lucas@dial.pipex.com>
- - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
- <dgaudet@arctic.org>
-
-19991231
- - Fix password support on systems with a mixture of shadowed and
- non-shadowed passwords (e.g. NIS). Report and fix from
- HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- - Fix broken autoconf typedef detection. Report from Marc G.
- Fournier <marc.fournier@acadiau.ca>
- - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
- <Franz.Sirl-kernel@lauterbach.com>
- - Prevent typedefs from being compiled more than once. Report from
- Marc G. Fournier <marc.fournier@acadiau.ca>
- - Fill in ut_utaddr utmp field. Report from Benjamin Charron
- <iretd@bigfoot.com>
- - Really fix broken default path. Fix from Jim Knoble
- <jmknoble@jmknoble.cx>
- - Remove test for quad_t. No longer needed.
- - Released 1.2.1pre24
-
- - Added support for directory-based lastlogs
- - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
-
-19991230
- - OpenBSD CVS updates:
- - [auth-passwd.c]
- check for NULL 1st
- - Removed most of the pam code into its own file auth-pam.[ch]. This
- cleaned up sshd.c up significantly.
- - PAM authentication was incorrectly interpreting
- "PermitRootLogin without-password". Report from Matthias Andree
- <ma@dt.e-technik.uni-dortmund.de
- - Several other cleanups
- - Merged Dante SOCKS support patch from David Rankin
- <drankin@bohemians.lexington.ky.us>
- - Updated documentation with ./configure options
- - Released 1.2.1pre23
-
-19991229
- - Applied another NetBSD portability patch from David Rankin
- <drankin@bohemians.lexington.ky.us>
- - Fix --with-default-path option.
- - Autodetect perl, patch from David Rankin
- <drankin@bohemians.lexington.ky.us>
- - Print whether OpenSSH was compiled with RSARef, patch from
- Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
- - Calls to pam_setcred, patch from Nalin Dahyabhai
- <nalin@thermo.stat.ncsu.edu>
- - Detect missing size_t and typedef it.
- - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
- - Minor Makefile cleaning
-
-19991228
- - Replacement for getpagesize() for systems which lack it
- - NetBSD login.c compile fix from David Rankin
- <drankin@bohemians.lexington.ky.us>
- - Fully set ut_tv if present in utmp or utmpx
- - Portability fixes for Irix 5.3 (now compiles OK!)
- - autoconf and other misc cleanups
- - Merged AIX patch from Darren Hall <dhall@virage.org>
- - Cleaned up defines.h
- - Released 1.2.1pre22
-
-19991227
- - Automatically correct paths in manpages and configuration files. Patch
- and script from Andre Lucas <andre.lucas@dial.pipex.com>
- - Removed credits from README to CREDITS file, updated.
- - Added --with-default-path to specify custom path for server
- - Removed #ifdef trickery from acconfig.h into defines.h
- - PAM bugfix. PermitEmptyPassword was being ignored.
- - Fixed PAM config files to allow empty passwords if server does.
- - Explained spurious PAM auth warning workaround in UPGRADING
- - Use last few chars of tty line as ut_id
- - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
- - OpenBSD CVS updates:
- - [packet.h auth-rhosts.c]
- check format string for packet_disconnect and packet_send_debug, too
- - [channels.c]
- use packet_get_maxsize for channels. consistence.
-
-19991226
- - Enabled utmpx support by default for Solaris
- - Cleanup sshd.c PAM a little more
- - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
- X11 ssh-askpass program.
- - Disable logging of PAM success and failures, PAM is verbose enough.
- Unfortunatly there is currently no way to disable auth failure
- messages. Mention this in UPGRADING file and sent message to PAM
- developers
- - OpenBSD CVS update:
- - [ssh-keygen.1 ssh.1]
- remove ref to .ssh/random_seed, mention .ssh/environment in
- .Sh FILES, too
- - Released 1.2.1pre21
- - Fixed implicit '.' in default path, report from Jim Knoble
- <jmknoble@jmknoble.cx>
- - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
-
-19991225
- - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- - Cleanup of auth-passwd.c for shadow and MD5 passwords
- - Cleanup and bugfix of PAM authentication code
- - Released 1.2.1pre20
-
- - Merged fixes from Ben Taylor <bent@clark.net>
- - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
- - Disabled logging of PAM password authentication failures when password
- is empty. (e.g start of authentication loop). Reported by Naz
- <96na@eng.cam.ac.uk>)
-
-19991223
- - Merged later HPUX patch from Andre Lucas
- <andre.lucas@dial.pipex.com>
- - Above patch included better utmpx support from Ben Taylor
- <bent@clark.net>
-
-19991222
- - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
- <pope@netguide.dk>
- - Fix login.c breakage on systems which lack ut_host in struct
- utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
-
-19991221
- - Integration of large HPUX patch from Andre Lucas
- <andre.lucas@dial.pipex.com>. Integrating it had a few other
- benefits:
- - Ability to disable shadow passwords at configure time
- - Ability to disable lastlog support at configure time
- - Support for IP address in $DISPLAY
- - OpenBSD CVS update:
- - [sshconnect.c]
- say "REMOTE HOST IDENTIFICATION HAS CHANGED"
- - Fix DISABLE_SHADOW support
- - Allow MD5 passwords even if shadow passwords are disabled
- - Release 1.2.1pre19
-
-19991218
- - Redhat init script patch from Chun-Chung Chen
- <cjj@u.washington.edu>
- - Avoid breakage on systems without IPv6 headers
-
-19991216
- - Makefile changes for Solaris from Peter Kocks
- <peter.kocks@baygate.com>
- - Minor updates to docs
- - Merged OpenBSD CVS changes:
- - [authfd.c ssh-agent.c]
- keysize warnings talk about identity files
- - [packet.c]
- "Connection closed by x.x.x.x": fatal() -> log()
- - Correctly handle empty passwords in shadow file. Patch from:
- "Chris, the Young One" <cky@pobox.com>
- - Released 1.2.1pre18
-
-19991215
- - Integrated patchs from Juergen Keil <jk@tools.de>
- - Avoid void* pointer arithmatic
- - Use LDFLAGS correctly
- - Fix SIGIO error in scp
- - Simplify status line printing in scp
- - Added better test for inline functions compiler support from
- Darren_Hall@progressive.com
-
-19991214
- - OpenBSD CVS Changes
- - [canohost.c]
- fix get_remote_port() and friends for sshd -i;
- Holger.Trapp@Informatik.TU-Chemnitz.DE
- - [mpaux.c]
- make code simpler. no need for memcpy. niels@ ok
- - [pty.c]
- namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
- fix proto; markus
- - [ssh.1]
- typo; mark.baushke@solipsa.com
- - [channels.c ssh.c ssh.h sshd.c]
- type conflict for 'extern Type *options' in channels.c; dot@dotat.at
- - [sshconnect.c]
- move checking of hostkey into own function.
- - [version.h]
- OpenSSH-1.2.1
- - Clean up broken includes in pty.c
- - Some older systems don't have poll.h, they use sys/poll.h instead
- - Doc updates
-
-19991211
- - Fix compilation on systems with AFS. Reported by
- aloomis@glue.umd.edu
- - Fix installation on Solaris. Reported by
- Gordon Rowell <gordonr@gormand.com.au>
- - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
- patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
- - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
- - Compile fix from David Agraz <dagraz@jahoopa.com>
- - Avoid compiler warning in bsd-snprintf.c
- - Added pam_limits.so to default PAM config. Suggested by
- Jim Knoble <jmknoble@jmknoble.cx>
-
-19991209
- - Import of patch from Ben Taylor <bent@clark.net>:
- - Improved PAM support
- - "uninstall" rule for Makefile
- - utmpx support
- - Should fix PAM problems on Solaris
- - OpenBSD CVS updates:
- - [readpass.c]
- avoid stdio; based on work by markus, millert, and I
- - [sshd.c]
- make sure the client selects a supported cipher
- - [sshd.c]
- fix sighup handling. accept would just restart and daemon handled
- sighup only after the next connection was accepted. use poll on
- listen sock now.
- - [sshd.c]
- make that a fatal
- - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
- to fix libwrap support on NetBSD
- - Released 1.2pre17
-
-19991208
- - Compile fix for Solaris with /dev/ptmx from
- David Agraz <dagraz@jahoopa.com>
-
-19991207
- - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
- fixes compatability with 4.x and 5.x
- - Fixed default SSH_ASKPASS
- - Fix PAM account and session being called multiple times. Problem
- reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
- - Merged more OpenBSD changes:
- - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
- move atomicio into it's own file. wrap all socket write()s which
- were doing write(sock, buf, len) != len, with atomicio() calls.
- - [auth-skey.c]
- fd leak
- - [authfile.c]
- properly name fd variable
- - [channels.c]
- display great hatred towards strcpy
- - [pty.c pty.h sshd.c]
- use openpty() if it exists (it does on BSD4_4)
- - [tildexpand.c]
- check for ~ expansion past MAXPATHLEN
- - Modified helper.c to use new atomicio function.
- - Reformat Makefile a little
- - Moved RC4 routines from rc4.[ch] into helper.c
- - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
- - Updated SuSE spec from Chris Saia <csaia@wtower.com>
- - Tweaked Redhat spec
- - Clean up bad imports of a few files (forgot -kb)
- - Released 1.2pre16
-
-19991204
- - Small cleanup of PAM code in sshd.c
- - Merged OpenBSD CVS changes:
- - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
- move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
- - [auth-rsa.c]
- warn only about mismatch if key is _used_
- warn about keysize-mismatch with log() not error()
- channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
- ports are u_short
- - [hostfile.c]
- indent, shorter warning
- - [nchan.c]
- use error() for internal errors
- - [packet.c]
- set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
- serverloop.c
- indent
- - [ssh-add.1 ssh-add.c ssh.h]
- document $SSH_ASKPASS, reasonable default
- - [ssh.1]
- CheckHostIP is not available for connects via proxy command
- - [sshconnect.c]
- typo
- easier to read client code for passwd and skey auth
- turn of checkhostip for proxy connects, since we don't know the remote ip
-
-19991126
- - Add definition for __P()
- - Added [v]snprintf() replacement for systems that lack it
-
-19991125
- - More reformatting merged from OpenBSD CVS
- - Merged OpenBSD CVS changes:
- - [channels.c]
- fix packet_integrity_check() for !have_hostname_in_open.
- report from mrwizard@psu.edu via djm@ibs.com.au
- - [channels.c]
- set SO_REUSEADDR and SO_LINGER for forwarded ports.
- chip@valinux.com via damien@ibs.com.au
- - [nchan.c]
- it's not an error() if shutdown_write failes in nchan.
- - [readconf.c]
- remove dead #ifdef-0-code
- - [readconf.c servconf.c]
- strcasecmp instead of tolower
- - [scp.c]
- progress meter overflow fix from damien@ibs.com.au
- - [ssh-add.1 ssh-add.c]
- SSH_ASKPASS support
- - [ssh.1 ssh.c]
- postpone fork_after_authentication until command execution,
- request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
- plus: use daemon() for backgrounding
- - Added BSD compatible install program and autoconf test, thanks to
- Niels Kristian Bech Jensen <nkbj@image.dk>
- - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
- - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
- - Release 1.2pre15
-
-19991124
- - Merged very large OpenBSD source code reformat
- - OpenBSD CVS updates
- - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
- [ssh.h sshd.8 sshd.c]
- syslog changes:
- * Unified Logmessage for all auth-types, for success and for failed
- * Standard connections get only ONE line in the LOG when level==LOG:
- Auth-attempts are logged only, if authentication is:
- a) successfull or
- b) with passwd or
- c) we had more than AUTH_FAIL_LOG failues
- * many log() became verbose()
- * old behaviour with level=VERBOSE
- - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
- tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
- messages. allows use of s/key in windows (ttssh, securecrt) and
- ssh-1.2.27 clients without 'ssh -v', ok: niels@
- - [sshd.8]
- -V, for fallback to openssh in SSH2 compatibility mode
- - [sshd.c]
- fix sigchld race; cjc5@po.cwru.edu
-
-19991123
- - Added SuSE package files from Chris Saia <csaia@wtower.com>
- - Restructured package-related files under packages/*
- - Added generic PAM config
- - Numerous little Solaris fixes
- - Add recommendation to use GNU make to INSTALL document
-
-19991122
- - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
- - OpenBSD CVS Changes
- - [ssh-keygen.c]
- don't create ~/.ssh only if the user wants to store the private
- key there. show fingerprint instead of public-key after
- keygeneration. ok niels@
- - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
- - Added timersub() macro
- - Tidy RCSIDs of bsd-*.c
- - Added autoconf test and macro to deal with old PAM libraries
- pam_strerror definition (one arg vs two).
- - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
- - Retry /dev/urandom reads interrupted by signal (report from
- Robert Hardy <rhardy@webcon.net>)
- - Added a setenv replacement for systems which lack it
- - Only display public key comment when presenting ssh-askpass dialog
- - Released 1.2pre14
-
- - Configure, Make and changelog corrections from Tudor Bosman
- <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
-
-19991121
- - OpenBSD CVS Changes:
- - [channels.c]
- make this compile, bad markus
- - [log.c readconf.c servconf.c ssh.h]
- bugfix: loglevels are per host in clientconfig,
- factor out common log-level parsing code.
- - [servconf.c]
- remove unused index (-Wall)
- - [ssh-agent.c]
- only one 'extern char *__progname'
- - [sshd.8]
- document SIGHUP, -Q to synopsis
- - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
- [channels.c clientloop.c]
- SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
- [hope this time my ISP stays alive during commit]
- - [OVERVIEW README] typos; green@freebsd
- - [ssh-keygen.c]
- replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
- exit if writing the key fails (no infinit loop)
- print usage() everytime we get bad options
- - [ssh-keygen.c] overflow, djm@mindrot.org
- - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
-
-19991120
- - Merged more Solaris support from Marc G. Fournier
- <marc.fournier@acadiau.ca>
- - Wrote autoconf tests for integer bit-types
- - Fixed enabling kerberos support
- - Fix segfault in ssh-keygen caused by buffer overrun in filename
- handling.
-
-19991119
- - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
- - Merged OpenBSD CVS changes
- - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
- more %d vs. %s in fmt-strings
- - [authfd.c]
- Integers should not be printed with %s
- - EGD uses a socket, not a named pipe. Duh.
- - Fix includes in fingerprint.c
- - Fix scp progress bar bug again.
- - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
- David Rankin <drankin@bohemians.lexington.ky.us>
- - Added autoconf option to enable Kerberos 4 support (untested)
- - Added autoconf option to enable AFS support (untested)
- - Added autoconf option to enable S/Key support (untested)
- - Added autoconf option to enable TCP wrappers support (compiles OK)
- - Renamed BSD helper function files to bsd-*
- - Added tests for login and daemon and enable OpenBSD replacements for
- when they are absent.
- - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
-
-19991118
- - Merged OpenBSD CVS changes
- - [scp.c] foregroundproc() in scp
- - [sshconnect.h] include fingerprint.h
- - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
- changes.
- - [ssh.1] Spell my name right.
- - Added openssh.com info to README
-
-19991117
- - Merged OpenBSD CVS changes
- - [ChangeLog.Ylonen] noone needs this anymore
- - [authfd.c] close-on-exec for auth-socket, ok deraadt
- - [hostfile.c]
- in known_hosts key lookup the entry for the bits does not need
- to match, all the information is contained in n and e. This
- solves the problem with buggy servers announcing the wrong
- modulus length. markus and me.
- - [serverloop.c]
- bugfix: check for space if child has terminated, from:
- iedowse@maths.tcd.ie
- - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
- [fingerprint.c fingerprint.h]
- rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
- - [ssh-agent.1] typo
- - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
- - [sshd.c]
- force logging to stderr while loading private key file
- (lost while converting to new log-levels)
-
-19991116
- - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
- - Merged OpenBSD CVS changes:
- - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
- [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
- the keysize of rsa-parameter 'n' is passed implizit,
- a few more checks and warnings about 'pretended' keysizes.
- - [cipher.c cipher.h packet.c packet.h sshd.c]
- remove support for cipher RC4
- - [ssh.c]
- a note for legay systems about secuity issues with permanently_set_uid(),
- the private hostkey and ptrace()
- - [sshconnect.c]
- more detailed messages about adding and checking hostkeys
-
-19991115
- - Merged OpenBSD CVS changes:
- - [ssh-add.c] change passphrase loop logic and remove ref to
- $DISPLAY, ok niels
- - Changed to ssh-add.c broke askpass support. Revised it to be a little more
- modular.
- - Revised autoconf support for enabling/disabling askpass support.
- - Merged more OpenBSD CVS changes:
- [auth-krb4.c]
- - disconnect if getpeername() fails
- - missing xfree(*client)
- [canohost.c]
- - disconnect if getpeername() fails
- - fix comment: we _do_ disconnect if ip-options are set
- [sshd.c]
- - disconnect if getpeername() fails
- - move checking of remote port to central place
- [auth-rhosts.c] move checking of remote port to central place
- [log-server.c] avoid extra fd per sshd, from millert@
- [readconf.c] print _all_ bad config-options in ssh(1), too
- [readconf.h] print _all_ bad config-options in ssh(1), too
- [ssh.c] print _all_ bad config-options in ssh(1), too
- [sshconnect.c] disconnect if getpeername() fails
- - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
- - Various small cleanups to bring diff (against OpenBSD) size down.
- - Merged more Solaris compability from Marc G. Fournier
- <marc.fournier@acadiau.ca>
- - Wrote autoconf tests for __progname symbol
- - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
- - Released 1.2pre12
-
- - Another OpenBSD CVS update:
- - [ssh-keygen.1] fix .Xr
-
-19991114
- - Solaris compilation fixes (still imcomplete)
-
-19991113
- - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- - Don't install config files if they already exist
- - Fix inclusion of additional preprocessor directives from acconfig.h
- - Removed redundant inclusions of config.h
- - Added 'Obsoletes' lines to RPM spec file
- - Merged OpenBSD CVS changes:
- - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
- - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
- totalsize, ok niels,aaron
- - Delay fork (-f option) in ssh until after port forwarded connections
- have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
- - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
- - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
- - Tidied default config file some more
- - Revised Redhat initscript to fix bug: sshd (re)start would fail
- if executed from inside a ssh login.
-
-19991112
- - Merged changes from OpenBSD CVS
- - [sshd.c] session_key_int may be zero
- - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
- IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
- deraadt,millert
- - Brought default sshd_config more in line with OpenBSD's
- - Grab server in gnome-ssh-askpass (Debian bug #49872)
- - Released 1.2pre10
-
- - Added INSTALL documentation
- - Merged yet more changes from OpenBSD CVS
- - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
- [ssh.c ssh.h sshconnect.c sshd.c]
- make all access to options via 'extern Options options'
- and 'extern ServerOptions options' respectively;
- options are no longer passed as arguments:
- * make options handling more consistent
- * remove #include "readconf.h" from ssh.h
- * readconf.h is only included if necessary
- - [mpaux.c] clear temp buffer
- - [servconf.c] print _all_ bad options found in configfile
- - Make ssh-askpass support optional through autoconf
- - Fix nasty division-by-zero error in scp.c
- - Released 1.2pre11
-
-19991111
- - Added (untested) Entropy Gathering Daemon (EGD) support
- - Fixed /dev/urandom fd leak (Debian bug #49722)
- - Merged OpenBSD CVS changes:
- - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- - Fix integer overflow which was messing up scp's progress bar for large
- file transfers. Fix submitted to OpenBSD developers. Report and fix
- from Kees Cook <cook@cpoint.net>
- - Merged more OpenBSD CVS changes:
- - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
- + krb-cleanup cleanup
- - [clientloop.c log-client.c log-server.c ]
- [readconf.c readconf.h servconf.c servconf.h ]
- [ssh.1 ssh.c ssh.h sshd.8]
- add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
- obsoletes QuietMode and FascistLogging in sshd.
- - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
- allow session_key_int != sizeof(session_key)
- [this should fix the pre-assert-removal-core-files]
- - Updated default config file to use new LogLevel option and to improve
- readability
-
-19991110
- - Merged several minor fixes:
- - ssh-agent commandline parsing
- - RPM spec file now installs ssh setuid root
- - Makefile creates libdir
- - Merged beginnings of Solaris compability from Marc G. Fournier
- <marc.fournier@acadiau.ca>
-
-19991109
- - Autodetection of SSL/Crypto library location via autoconf
- - Fixed location of ssh-askpass to follow autoconf
- - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- - Autodetection of RSAref library for US users
- - Minor doc updates
- - Merged OpenBSD CVS changes:
- - [rsa.c] bugfix: use correct size for memset()
- - [sshconnect.c] warn if announced size of modulus 'n' != real size
- - Added GNOME passphrase requestor (use --with-gnome-askpass)
- - RPM build now creates subpackages
- - Released 1.2pre9
-
-19991108
- - Removed debian/ directory. This is now being maintained separately.
- - Added symlinks for slogin in RPM spec file
- - Fixed permissions on manpages in RPM spec file
- - Added references to required libraries in README file
- - Removed config.h.in from CVS
- - Removed pwdb support (better pluggable auth is provided by glibc)
- - Made PAM and requisite libdl optional
- - Removed lots of unnecessary checks from autoconf
- - Added support and autoconf test for openpty() function (Unix98 pty support)
- - Fix for scp not finding ssh if not installed as /usr/bin/ssh
- - Added TODO file
- - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
- - Added ssh-askpass program
- - Added ssh-askpass support to ssh-add.c
- - Create symlinks for slogin on install
- - Fix "distclean" target in makefile
- - Added example for ssh-agent to manpage
- - Added support for PAM_TEXT_INFO messages
- - Disable internal /etc/nologin support if PAM enabled
- - Merged latest OpenBSD CVS changes:
- - [all] replace assert() with error, fatal or packet_disconnect
- - [sshd.c] don't send fail-msg but disconnect if too many authentication
- failures
- - [sshd.c] remove unused argument. ok dugsong
- - [sshd.c] typo
- - [rsa.c] clear buffers used for encryption. ok: niels
- - [rsa.c] replace assert() with error, fatal or packet_disconnect
- - [auth-krb4.c] remove unused argument. ok dugsong
- - Fixed coredump after merge of OpenBSD rsa.c patch
- - Released 1.2pre8
-
-19991102
- - Merged change from OpenBSD CVS
- - One-line cleanup in sshd.c
-
-19991030
- - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
- - Merged latest updates for OpenBSD CVS:
- - channels.[ch] - remove broken x11 fix and document istate/ostate
- - ssh-agent.c - call setsid() regardless of argv[]
- - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
- - Documentation cleanups
- - Renamed README -> README.Ylonen
- - Renamed README.openssh ->README
-
-19991029
- - Renamed openssh* back to ssh* at request of Theo de Raadt
- - Incorporated latest changes from OpenBSD's CVS
- - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- - Make distclean now removed configure script
- - Improved PAM logging
- - Added some debug() calls for PAM
- - Removed redundant subdirectories
- - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
- building on Debian.
- - Fixed off-by-one error in PAM env patch
- - Released 1.2pre6
-
-19991028
- - Further PAM enhancements.
- - Much cleaner
- - Now uses account and session modules for all logins.
- - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
- - Build fixes
- - Autoconf
- - Change binary names to open*
- - Fixed autoconf script to detect PAM on RH6.1
- - Added tests for libpwdb, and OpenBSD functions to autoconf
- - Released 1.2pre4
-
- - Imported latest OpenBSD CVS code
- - Updated README.openssh
- - Released 1.2pre5
-
-19991027
- - Adapted PAM patch.
- - Released 1.0pre2
-
- - Excised my buggy replacements for strlcpy and mkdtemp
- - Imported correct OpenBSD strlcpy and mkdtemp routines.
- - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
- - Picked up correct version number from OpenBSD
- - Added sshd.pam PAM configuration file
- - Added sshd.init Redhat init script
- - Added openssh.spec RPM spec file
- - Released 1.2pre3
-
-19991026
- - Fixed include paths of OpenSSL functions
- - Use OpenSSL MD5 routines
- - Imported RC4 code from nanocrypt
- - Wrote replacements for OpenBSD arc4random* functions
- - Wrote replacements for strlcpy and mkdtemp
- - Released 1.0pre1
+ change label at markus@'s request
+ - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
+ [ssh-keyscan.1]
+ deploy .An -nosplit; ok jmc
+ - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
+ [canohost.c]
+ Relocate check_ip_options call to prevent logging of garbage for
+ connections with IP options set. bz#1092 from David Leonard,
+ "looks good" deraadt@
+ - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
+ is required in the system path for the multiplex test to work.
+
+20050930
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
+ for strtoll. Patch from o.flebbe at science-computing.de.
+ - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
+ child during PAM account check without clearing it. This restores the
+ post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
+ with help from several others.
+
+20050929
+ - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
+ introduced during sync.
+
+20050928
+ - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
+ - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
+ PAM via keyboard-interactive. Patch tested by the folks at Vintela.
+
+20050927
+ - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
+ calls, since they can't possibly fail. ok djm@
+ - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
+ process when sshd relies on ssh-random-helper. Should result in faster
+ logins on systems without a real random device or prngd. ok djm@
+
+20050924
+ - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
+ duplicate call. ok djm@
+
+20050922
+ - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
+ skeleten at shillest.net.
+ - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
+ shillest.net.
+
+20050919
+ - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
+ AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
+ ok dtucker@
+
+20050912
+ - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
+ Mike Frysinger.
+
+20050908
+ - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
+ OpenServer 6 and add osr5bigcrypt support so when someone migrates
+ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id$