]>
Commit | Line | Data |
---|---|---|
eb18f58d | 1 | 20030829 |
2 | - (djm) OpenBSD CVS Sync | |
3 | - deraadt@cvs.openbsd.org 2003/08/24 17:36:51 | |
4 | [auth2-gss.c] | |
5 | 64 bit cleanups; markus ok | |
8f73f7bb | 6 | - markus@cvs.openbsd.org 2003/08/28 12:54:34 |
7 | [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] | |
8 | [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] | |
9 | [sshconnect1.c sshd.c sshd_config sshd_config.5] | |
10 | remove kerberos support from ssh1, since it has been replaced with GSSAPI; | |
11 | but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ... | |
e3e69949 | 12 | - markus@cvs.openbsd.org 2003/08/29 10:03:15 |
13 | [compat.c compat.h] | |
14 | SSH_BUG_K5USER is unused; ok henning@ | |
d7ac5f18 | 15 | - markus@cvs.openbsd.org 2003/08/29 10:04:36 |
16 | [channels.c nchan.c] | |
17 | be less chatty; debug -> debug2, cleanup; ok henning@ | |
8e382949 | 18 | - markus@cvs.openbsd.org 2003/08/31 10:26:04 |
19 | [progressmeter.c] | |
20 | pass file_size + 1 to snprintf: fixes printing of truncated | |
21 | file names; fix based on patch/report from sturm@; | |
3845a9ac | 22 | - markus@cvs.openbsd.org 2003/08/31 12:14:22 |
23 | [progressmeter.c] | |
24 | do write to buf[-1] | |
f89f8ddc | 25 | - markus@cvs.openbsd.org 2003/08/31 13:29:05 |
26 | [session.c] | |
27 | call ssh_gssapi_storecreds conditionally from do_exec(); | |
28 | with sxw@inf.ed.ac.uk | |
96573c26 | 29 | - markus@cvs.openbsd.org 2003/08/31 13:30:18 |
30 | [gss-serv.c] | |
31 | correct string termination in parse_ename(); sxw@inf.ed.ac.uk | |
a7958e7b | 32 | - markus@cvs.openbsd.org 2003/08/31 13:31:57 |
33 | [gss-serv.c] | |
34 | whitspace KNF | |
105b07db | 35 | - markus@cvs.openbsd.org 2003/09/01 09:50:04 |
36 | [sshd_config.5] | |
37 | gss kex is not supported; sxw@inf.ed.ac.uk | |
eac292f8 | 38 | - markus@cvs.openbsd.org 2003/09/01 12:50:46 |
39 | [readconf.c] | |
40 | rm gssapidelegatecreds alias; never supported before | |
00fee838 | 41 | - markus@cvs.openbsd.org 2003/09/01 13:52:18 |
42 | [ssh.h] | |
43 | rm whitespace | |
eb18f58d | 44 | |
2274ae66 | 45 | 20030829 |
a5aec672 | 46 | - (bal) openbsd-compat/ clean up. Considate headers, add in Id on our |
2274ae66 | 47 | files, and added missing license to header. |
48 | ||
fe46678b | 49 | 20030826 |
50 | - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint" | |
51 | as deprecated. Remove mention from README.privsep. Patch from | |
52 | aet AT cc.hut.fi | |
7364bd04 | 53 | - (dtucker) OpenBSD CVS Sync |
54 | - markus@cvs.openbsd.org 2003/08/22 10:56:09 | |
55 | [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c | |
56 | gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c | |
57 | readconf.h servconf.c servconf.h session.c session.h ssh-gss.h | |
58 | ssh_config.5 sshconnect2.c sshd_config sshd_config.5] | |
59 | support GSS API user authentication; patches from Simon Wilkinson, | |
60 | stripped down and tested by Jakob and myself. | |
1d9f0c09 | 61 | - markus@cvs.openbsd.org 2003/08/22 13:20:03 |
62 | [sshconnect2.c] | |
63 | remove support for "kerberos-2@ssh.com" | |
816daa84 | 64 | - markus@cvs.openbsd.org 2003/08/22 13:22:27 |
65 | [auth2.c] (auth2-krb5.c removed) | |
66 | nuke "kerberos-2@ssh.com" | |
52f6ea0e | 67 | - markus@cvs.openbsd.org 2003/08/22 20:55:06 |
68 | [LICENCE] | |
69 | add Simon Wilkinson | |
f99e1ca4 | 70 | - deraadt@cvs.openbsd.org 2003/08/24 17:36:52 |
71 | [monitor.c monitor_wrap.c sshconnect2.c] | |
72 | 64 bit cleanups; markus ok | |
e68d8348 | 73 | - fgsch@cvs.openbsd.org 2003/08/25 08:13:09 |
74 | [sftp-int.c] | |
75 | fix div by zero when listing for filename lengths longer than width. | |
76 | markus@ ok. | |
ea7bee97 | 77 | - djm@cvs.openbsd.org 2003/08/25 10:33:33 |
78 | [sshconnect2.c] | |
79 | fprintf->logit to silence login banner with "ssh -q"; ok markus@ | |
749560dd | 80 | - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h |
81 | configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c | |
82 | sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson. | |
780efc0f | 83 | - (dtucker) [Makefile.in] Remove auth2-krb5. |
2b7d75f5 | 84 | - (dtucker) [contrib/aix/inventory.sh] Add public domain notice. ok mouring@ |
85 | (the original author) | |
da67ae18 | 86 | - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled. |
fe46678b | 87 | |
4e2e1af3 | 88 | 20030825 |
89 | - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from | |
90 | larsch@trustcenter.de | |
510a42ce | 91 | - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications |
f00d1f78 | 92 | and minor fixes. OK djm@ |
93 | - (bal) redo how we handle 'mysignal()'. Move it to | |
94 | openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to | |
95 | be our 'mysignal' by default. OK djm@ | |
3e6e3da0 | 96 | - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny |
97 | any access to locked accounts. ok djm@ | |
5b9e2464 | 98 | - (djm) Bug #564: Perform PAM account checks for all authentications when |
99 | UsePAM=yes; ok dtucker | |
a6e67b60 | 100 | - (dtucker) [configure.ac] Bug #533, #551: define BROKEN_GETADDRINFO on |
101 | Tru64, solves getnameinfo and "bad addr or host" errors. ok djm@ | |
ed00d4b7 | 102 | - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix) |
103 | Update package builder: correctly handle config variables, use lsuser | |
104 | rather than /etc/passwd, fix typos, add Id's. | |
4e2e1af3 | 105 | |
fda04d7d | 106 | 20030822 |
107 | - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal | |
108 | -lbroken; ok dtucker | |
fcd7f067 | 109 | - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys |
110 | rather that authorized_keys2. Patch from vinschen@redhat.com. | |
fda04d7d | 111 | |
08d035b6 | 112 | 20030821 |
113 | - (dtucker) OpenBSD CVS Sync | |
114 | - markus@cvs.openbsd.org 2003/08/14 16:08:58 | |
115 | [ssh-keygen.c] | |
116 | exit after primetest, ok djm@ | |
a814ba4d | 117 | - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros, |
118 | change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for | |
119 | consistency. | |
eacb954e | 120 | - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement |
121 | and after normal openpty test. | |
08d035b6 | 122 | |
83814987 | 123 | 20030813 |
124 | - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge. | |
8168a86a | 125 | - (dtucker) OpenBSD CVS Sync |
126 | - markus@cvs.openbsd.org 2003/08/13 08:33:02 | |
127 | [session.c] | |
128 | use more portable tcsendbreak(3) and ignore break_length; | |
129 | ok deraadt, millert | |
0598d99d | 130 | - markus@cvs.openbsd.org 2003/08/13 08:46:31 |
131 | [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config | |
132 | ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] | |
133 | remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, | |
134 | fgsch@, miod@, henning@, jakob@ and others | |
37ba5172 | 135 | - markus@cvs.openbsd.org 2003/08/13 09:07:10 |
136 | [readconf.c ssh.c] | |
137 | socks4->socks, since with support both 4 and 5; dtucker@zip.com.au | |
5af25b1d | 138 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] |
139 | Add a tcsendbreak function for platforms that don't have one, based on the | |
140 | one from OpenBSD. | |
83814987 | 141 | |
78e43412 | 142 | 20030811 |
143 | - (dtucker) OpenBSD CVS Sync | |
144 | (thanks to Simon Wilkinson for help with this -dt) | |
145 | - markus@cvs.openbsd.org 2003/07/16 15:02:06 | |
146 | [auth-krb5.c] | |
147 | mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se> | |
148 | otherwise the kerberos credentinal is stored in a memory cache | |
149 | in the privileged sshd. ok jabob@, hin@ (some time ago) | |
8c9f0900 | 150 | - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate |
151 | in bsd-cygwin_util.h). | |
78e43412 | 152 | |
3095daf7 | 153 | 20030808 |
154 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and | |
155 | AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition | |
156 | separately before defining them. | |
26b3608b | 157 | - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@ |
3095daf7 | 158 | |
a15f16ab | 159 | 20030807 |
160 | - (dtucker) [session.c] Have session_break_req not attempt to send a break | |
161 | if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin). | |
97722976 | 162 | - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is |
a96fbb21 | 163 | defined (fixes compile error on really old Linuxes). |
164 | - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if | |
165 | not already defined (eg Linux with some versions of libc5), based on those | |
166 | from OpenBSD. | |
871e1d12 | 167 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] |
168 | Remove incorrect filenames from comments (file names are in Id tags). | |
a3b678a3 | 169 | - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin |
170 | specific defines and includes to bsd-cygwin_util.h. Fixes build error too. | |
a15f16ab | 171 | |
2616e1bc | 172 | 20030802 |
173 | - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags. | |
1c590258 | 174 | - (dtucker) OpenBSD CVS Sync |
175 | - markus@cvs.openbsd.org 2003/07/22 13:35:22 | |
176 | [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c | |
177 | monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 | |
178 | ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] | |
179 | remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); | |
180 | test+ok henning@ | |
181 | - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. | |
182 | - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. | |
ac452e85 | 183 | - (dtucker) OpenBSD CVS Sync |
184 | - markus@cvs.openbsd.org 2003/07/23 07:42:43 | |
185 | [sshd_config] | |
186 | remove AFS; itojun@ | |
c35a6dc5 | 187 | - djm@cvs.openbsd.org 2003/07/28 09:49:56 |
188 | [ssh-keygen.1 ssh-keygen.c] | |
189 | Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen. | |
190 | Based on code from Phil Karn, William Allen Simpson and Niels Provos. | |
191 | ok markus@, thanks jmc@ | |
178b1a1d | 192 | - markus@cvs.openbsd.org 2003/07/29 18:24:00 |
193 | [LICENCE progressmeter.c] | |
194 | replace 4 clause BSD licensed progressmeter code with a replacement | |
195 | from Nils Nordman and myself; ok deraadt@ | |
196 | (copied from OpenBSD an re-applied portable changes) | |
0dd40286 | 197 | - markus@cvs.openbsd.org 2003/07/29 18:26:46 |
198 | [progressmeter.c] | |
199 | fix length for "- stalled -" (included with previous import) | |
200 | - markus@cvs.openbsd.org 2003/07/30 07:44:14 | |
201 | [progressmeter.c] | |
202 | use only 4 digits in format_size (included with previous import) | |
203 | - markus@cvs.openbsd.org 2003/07/30 07:53:27 | |
204 | [progressmeter.c] | |
205 | whitespace (included with previous import) | |
0f57e1e6 | 206 | - markus@cvs.openbsd.org 2003/07/31 09:21:02 |
207 | [auth2-none.c] | |
208 | check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za | |
209 | ok henning | |
4899ccef | 210 | - avsm@cvs.openbsd.org 2003/07/31 15:50:16 |
211 | [atomicio.c] | |
212 | correct comment: atomicio takes vwrite, not write; deraadt@ ok | |
b3a7a008 | 213 | - markus@cvs.openbsd.org 2003/07/31 22:34:03 |
214 | [progressmeter.c] | |
215 | print rate similar old version; round instead truncate; | |
216 | (included in previous progressmeter.c commit) | |
c5d3dd1b | 217 | - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] |
218 | Add a tcgetpgrp function. | |
5ae3dc68 | 219 | - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile. |
f29c37a9 | 220 | - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp. |
2616e1bc | 221 | |
cbdeccf3 | 222 | 20030730 |
223 | - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal | |
224 | ||
a9705c94 | 225 | 20030726 |
226 | - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW -> | |
227 | DISABLE_SHADOW. Fixes HP-UX compile error. | |
228 | ||
7c6eb32f | 229 | 20030724 |
230 | - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c | |
231 | openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface, | |
232 | and isolate shadow password functions. Tested in Solaris, but should | |
233 | not break other platforms too badly (except maybe HP =). Also brings | |
234 | auth-passwd.c into full sync with OpenBSD tree. | |
235 | ||
82e5907c | 236 | 20030723 |
237 | - (dtucker) [configure.ac] Back out change for bug #620. | |
238 | ||
defb525d | 239 | 20030719 |
240 | - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for | |
241 | Solaris/x86. Patch from jrhett at isite.net. | |
7b390973 | 242 | - (dtucker) OpenBSD CVS Sync |
243 | - markus@cvs.openbsd.org 2003/07/14 12:36:37 | |
244 | [sshd.c] | |
245 | remove undocumented -V option. would be only useful if openssh is used | |
246 | as ssh v1 server for ssh.com's ssh v2. | |
e053cd2c | 247 | - markus@cvs.openbsd.org 2003/07/16 10:34:53 |
248 | [ssh.c sshd.c] | |
249 | don't exit on multiple -v or -d; ok deraadt@ | |
145d23ca | 250 | - markus@cvs.openbsd.org 2003/07/16 10:36:28 |
251 | [sshtty.c] | |
252 | clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@ | |
261bd618 | 253 | - deraadt@cvs.openbsd.org 2003/07/18 01:54:25 |
254 | [scp.c] | |
255 | userid is unsigned, but well, force it anyways; andrushock@korovino.net | |
b3d04e37 | 256 | - djm@cvs.openbsd.org 2003/07/19 00:45:53 |
257 | [sftp-int.c] | |
258 | fix sftp filename parsing for arguments with escaped quotes. bz #517; | |
259 | ok markus | |
86d0260c | 260 | - djm@cvs.openbsd.org 2003/07/19 00:46:31 |
261 | [regress/sftp-cmds.sh] | |
262 | regress test for sftp arguments with escaped quotes; ok markus | |
defb525d | 263 | |
e351e493 | 264 | 20030714 |
265 | - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare | |
266 | loginfailed at all, so assume 3-arg loginfailed if not declared. | |
1cd5765d | 267 | - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by |
268 | undef'ing it. | |
2aa3a16c | 269 | - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h] |
270 | Call setauthdb() before loginfailed(), which may load password registry- | |
defb525d | 271 | specific functions. Based on patch by cawlfiel at us.ibm.com. |
b4777c18 | 272 | - (dtucker) [port-aix.h] Fix prototypes. |
956b0f56 | 273 | - (dtucker) OpenBSD CVS Sync |
274 | - avsm@cvs.openbsd.org 2003/07/09 13:58:19 | |
275 | [key.c] | |
276 | minor tweak: when generating the hex fingerprint, give strlcat the full | |
277 | bound to the buffer, and add a comment below explaining why the | |
278 | zero-termination is one less than the bound. markus@ ok | |
40729edd | 279 | - markus@cvs.openbsd.org 2003/07/10 14:42:28 |
280 | [packet.c] | |
281 | the 2^(blocksize*2) rekeying limit is too expensive for 3DES, | |
282 | blowfish, etc, so enforce a 1GB limit for small blocksizes. | |
659912db | 283 | - markus@cvs.openbsd.org 2003/07/10 20:05:55 |
284 | [sftp.c] | |
285 | sync usage with manpage, add missing -R | |
e351e493 | 286 | |
f58c0e01 | 287 | 20030708 |
288 | - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] | |
289 | Include AIX headers for authentication functions and make calls match | |
e351e493 | 290 | prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed. |
bc7dfc06 | 291 | - (dtucker) [session.c] Check return value of setpcred(). |
292 | - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] | |
293 | Convert aixloginmsg into platform-independant Buffer loginmsg. | |
f58c0e01 | 294 | |
309709db | 295 | 20030707 |
296 | - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before | |
297 | searching libraries for it. Fixes build errors on NCR MP-RAS. | |
298 | ||
d72f7b79 | 299 | 20030706 |
300 | - (dtucker) [ssh-rand-helper.c loginrec.c] | |
301 | Apply atomicio typing change to these too. | |
302 | ||
71b9ced0 | 303 | 20030703 |
304 | - (dtucker) OpenBSD CVS Sync | |
305 | - djm@cvs.openbsd.org 2003/06/28 07:48:10 | |
306 | [sshd.c] | |
307 | report pidfile creation errors, based on patch from Roumen Petrov; | |
308 | ok markus@ | |
dc54438a | 309 | - deraadt@cvs.openbsd.org 2003/06/28 16:23:06 |
310 | [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c | |
311 | progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c | |
312 | sshd.c] | |
313 | deal with typing of write vs read in atomicio | |
7caca6d4 | 314 | - markus@cvs.openbsd.org 2003/06/29 12:44:38 |
315 | [sshconnect.c] | |
316 | memset 0, not \0; andrushock@korovino.net | |
8e7c9afc | 317 | - markus@cvs.openbsd.org 2003/07/02 12:56:34 |
318 | [channels.c] | |
319 | deny dynamic forwarding with -R for v1, too; ok djm@ | |
f49658f5 | 320 | - markus@cvs.openbsd.org 2003/07/02 14:51:16 |
321 | [channels.c ssh.1 ssh_config.5] | |
322 | (re)add socks5 suppport to -D; ok djm@ | |
323 | now ssh(1) can act both as a socks 4 and socks 5 server and | |
324 | dynamically forward ports. | |
03c82656 | 325 | - markus@cvs.openbsd.org 2003/07/02 20:37:48 |
326 | [ssh.c] | |
327 | convert hostkeyalias to lowercase, otherwise uppercase aliases will | |
328 | not match at all; ok henning@ | |
1768a611 | 329 | - markus@cvs.openbsd.org 2003/07/03 08:21:46 |
330 | [regress/dynamic-forward.sh] | |
331 | add socks5; speedup; reformat; based on patch from dtucker@zip.com.au | |
7664edb6 | 332 | - markus@cvs.openbsd.org 2003/07/03 08:24:13 |
333 | [regress/Makefile] | |
334 | enable tests for dynamic fwd via socks (-D), uses nc(1) | |
1572b90f | 335 | - djm@cvs.openbsd.org 2003/07/03 08:09:06 |
336 | [readconf.c readconf.h ssh-keysign.c ssh.c] | |
337 | fix AddressFamily option in config file, from brent@graveland.net; | |
338 | ok markus@ | |
71b9ced0 | 339 | |
4e00038c | 340 | 20030630 |
341 | - (djm) Search for support functions necessary to build our | |
342 | getrrsetbyname() replacement. Patch from Roumen Petrov | |
343 | ||
9f59c5a3 | 344 | 20030629 |
c5829391 | 345 | - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h |
346 | (fixes compiler warnings on Solaris 2.5.1). | |
347 | - (dtucker) [configure.ac] Add sanity test after system-dependant compiler | |
348 | flag modifications. | |
9f59c5a3 | 349 | |
9ea150a7 | 350 | 20030628 |
351 | - (djm) Bug #591: use PKCS#15 private key label as a comment in case | |
352 | of OpenSC. Report and patch from larsch@trustcenter.de | |
d2168412 | 353 | - (djm) Bug #593: Sanity check OpenSC card reader number; patch from |
354 | aj@dungeon.inka.de | |
f0677b69 | 355 | - (dtucker) OpenBSD CVS Sync |
356 | - markus@cvs.openbsd.org 2003/06/23 09:02:44 | |
357 | [ssh_config.5] | |
358 | document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@ | |
a27002e5 | 359 | - markus@cvs.openbsd.org 2003/06/24 08:23:46 |
360 | [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h | |
361 | monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] | |
362 | int -> u_int; ok djm@, deraadt@, mouring@ | |
d7ded285 | 363 | - miod@cvs.openbsd.org 2003/06/25 22:39:36 |
364 | [sftp-server.c] | |
365 | Typo police: attribute is better written with an 'r'. | |
2d9c1828 | 366 | - markus@cvs.openbsd.org 2003/06/26 20:08:33 |
367 | [readconf.c] | |
368 | do not dump core for 'ssh -o proxycommand host'; ok deraadt@ | |
78b2dd04 | 369 | - (dtucker) [regress/dynamic-forward.sh] Import new regression test. |
ddb154b3 | 370 | - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE |
371 | actually enable the feature, for those normally disabled. Patch by | |
372 | openssh (at) roumenpetrov.info. | |
f0677b69 | 373 | |
e15ba28b | 374 | 20030624 |
375 | - (dtucker) Have configure refer the user to config.log and | |
376 | contrib/findssl.sh for OpenSSL header/library mismatches. | |
377 | ||
63a556df | 378 | 20030622 |
c1ffd4bd | 379 | - (dtucker) OpenBSD CVS Sync |
63a556df | 380 | - markus@cvs.openbsd.org 2003/06/21 09:14:05 |
c1ffd4bd | 381 | [regress/reconfigure.sh] |
63a556df | 382 | missing $SUDO; from dtucker@zip.com.au |
93527718 | 383 | - markus@cvs.openbsd.org 2003/06/18 11:28:11 |
c1ffd4bd | 384 | [ssh-rsa.c] |
385 | backout last change, since it violates pkcs#1 | |
386 | switch to share/misc/license.template | |
1891396b | 387 | - djm@cvs.openbsd.org 2003/06/20 05:47:58 |
388 | [sshd_config.5] | |
389 | sync description of protocol 2 cipher proposal; ok markus | |
4db4d313 | 390 | - djm@cvs.openbsd.org 2003/06/20 05:48:21 |
391 | [sshd_config] | |
392 | sync some implemented options; ok markus@ | |
63a556df | 393 | - (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS. |
39ef3618 | 394 | - (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before |
395 | testing its value. | |
63a556df | 396 | |
b8e04133 | 397 | 20030618 |
398 | - (djm) OpenBSD CVS Sync | |
399 | - markus@cvs.openbsd.org 2003/06/12 07:57:38 | |
400 | [monitor.c sshlogin.c sshpty.c] | |
401 | typos; dtucker at zip.com.au | |
b9ad9d13 | 402 | - djm@cvs.openbsd.org 2003/06/12 12:22:47 |
403 | [LICENCE] | |
404 | mention more copyright holders; ok markus@ | |
1fb23629 | 405 | - nino@cvs.openbsd.org 2003/06/12 15:34:09 |
406 | [scp.c] | |
407 | Typo. Ok markus@. | |
244e796f | 408 | - markus@cvs.openbsd.org 2003/06/12 19:12:03 |
409 | [scard.c scard.h ssh-agent.c ssh.c] | |
410 | add sc_get_key_label; larsch at trustcenter.de; bugzilla#591 | |
9250058a | 411 | - markus@cvs.openbsd.org 2003/06/16 08:22:35 |
412 | [ssh-rsa.c] | |
413 | make sure the signature has at least the expected length (don't | |
414 | insist on len == hlen + oidlen, since this breaks some smartcards) | |
415 | bugzilla #592; ok djm@ | |
360a4aae | 416 | - markus@cvs.openbsd.org 2003/06/16 10:22:45 |
417 | [ssh-add.c] | |
418 | print out key comment on each prompt; make ssh-askpass more useable; ok djm@ | |
0a59bd6b | 419 | - markus@cvs.openbsd.org 2003/06/17 18:14:23 |
420 | [cipher-ctr.c] | |
421 | use license from /usr/share/misc/license.template for new code | |
1d6c0b69 | 422 | - (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh] |
423 | Import new regression tests from OpenBSD | |
d4d84f5f | 424 | - (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS. |
ed49cc81 | 425 | - (dtucker) OpenBSD CVS Sync (regress/) |
426 | - markus@cvs.openbsd.org 2003/04/02 12:21:13 | |
427 | [Makefile] | |
428 | enable rekey test | |
2c670155 | 429 | - djm@cvs.openbsd.org 2003/04/04 09:34:22 |
430 | [Makefile sftp-cmds.sh] | |
431 | More regression tests, including recent directory rename bug; ok markus@ | |
737447ad | 432 | - markus@cvs.openbsd.org 2003/05/14 22:08:27 |
433 | [ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh] | |
434 | test against some new commerical versions | |
68df2aa0 | 435 | - mouring@cvs.openbsd.org 2003/05/15 04:07:12 |
436 | [sftp-cmds.sh] | |
437 | Advanced put/get testing for sftp. OK @djm | |
eb9bf761 | 438 | - markus@cvs.openbsd.org 2003/06/12 15:40:01 |
439 | [try-ciphers.sh] | |
440 | add ctr | |
39c0191e | 441 | - markus@cvs.openbsd.org 2003/06/12 15:43:32 |
442 | [Makefile] | |
443 | test -HUP; dtucker at zip.com.au | |
b8e04133 | 444 | |
f5827134 | 445 | 20030614 |
446 | - (djm) Update license on fake-rfc2553.[ch]; ok itojun@ | |
447 | ||
be193d89 | 448 | 20030611 |
c12c6ef8 | 449 | - (djm) Mention portable copyright holders in LICENSE |
e52ca1e5 | 450 | - (djm) Put licenses on substantial header files |
8cb3fa9d | 451 | - (djm) Sync LICENSE against OpenBSD |
be193d89 | 452 | - (djm) OpenBSD CVS Sync |
453 | - jmc@cvs.openbsd.org 2003/06/10 09:12:11 | |
454 | [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] | |
455 | [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] | |
456 | - section reorder | |
457 | - COMPATIBILITY merge | |
458 | - macro cleanup | |
459 | - kill whitespace at EOL | |
460 | - new sentence, new line | |
461 | ssh pages ok markus@ | |
0daa6547 | 462 | - deraadt@cvs.openbsd.org 2003/06/10 22:20:52 |
463 | [packet.c progressmeter.c] | |
464 | mostly ansi cleanup; pval ok | |
1432b5c4 | 465 | - jakob@cvs.openbsd.org 2003/06/11 10:16:16 |
466 | [sshconnect.c] | |
467 | clean up check_host_key() and improve SSHFP feedback. ok markus@ | |
cc263107 | 468 | - jakob@cvs.openbsd.org 2003/06/11 10:18:47 |
469 | [dns.c] | |
470 | sync with check_host_key() change | |
ca719034 | 471 | - djm@cvs.openbsd.org 2003/06/11 11:18:38 |
472 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | |
473 | make agent constraints (lifetime, confirm) work with smartcard keys; | |
474 | ok markus@ | |
be193d89 | 475 | |
476 | ||
8a547250 | 477 | 20030609 |
478 | - (djm) Sync README.smartcard with OpenBSD -current | |
a1864983 | 479 | - (djm) Re-merge OpenSC info into README.smartcard |
8a547250 | 480 | |
f5db6a03 | 481 | 20030606 |
482 | - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@ | |
483 | ||
02e2a074 | 484 | 20030605 |
485 | - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent | |
486 | canohost.c changes. | |
688eed4a | 487 | - (djm) Implement paranoid priv dropping checks, based on: |
488 | "SetUID demystified" - Hao Chen, David Wagner and Drew Dean | |
489 | Proceedings of USENIX Security Symposium 2002 | |
d6bd2b5a | 490 | - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code |
52d58495 | 491 | - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch] |
57c917f8 | 492 | - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in |
493 | Patch from larsch@trustcenter.de | |
7b7f164b | 494 | - (djm) Bug #589 - scard-opensc: load only keys with a private keys |
495 | Patch from larsch@trustcenter.de | |
4ed465ec | 496 | - (dtucker) Add includes.h to fake-rfc2553.c so it will build. |
e932f447 | 497 | - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c). |
02e2a074 | 498 | |
b08a39ff | 499 | 20030604 |
d60e487c | 500 | - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from |
501 | simon@sxw.org.uk (Also matches a change in OpenBSD a while ago) | |
8acdec60 | 502 | - (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt. |
11f1e60e | 503 | Patch from larsch@trustcenter.de; ok markus@ |
504 | - (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from | |
505 | larsch@trustcenter.de; ok markus@ | |
d453a600 | 506 | - (djm) OpenBSD CVS Sync |
507 | - djm@cvs.openbsd.org 2003/06/04 08:25:18 | |
508 | [sshconnect.c] | |
509 | disable challenge/response and keyboard-interactive auth methods | |
510 | upon hostkey mismatch. based on patch from fcusack AT fcusack.com. | |
511 | bz #580; ok markus@ | |
ee50371d | 512 | - djm@cvs.openbsd.org 2003/06/04 10:23:48 |
513 | [sshd.c] | |
514 | remove duplicated group-dropping code; ok markus@ | |
b08a39ff | 515 | - djm@cvs.openbsd.org 2003/06/04 12:03:59 |
516 | [serverloop.c] | |
517 | remove bitrotten commet; ok markus@ | |
cf3248b8 | 518 | - djm@cvs.openbsd.org 2003/06/04 12:18:49 |
519 | [scp.c] | |
520 | ansify; ok markus@ | |
0f764b2f | 521 | - djm@cvs.openbsd.org 2003/06/04 12:40:39 |
522 | [scp.c] | |
523 | kill ssh process upon receipt of signal, bz #241. | |
524 | based on patch from esb AT hawaii.edu; ok markus@ | |
1b558925 | 525 | - djm@cvs.openbsd.org 2003/06/04 12:41:22 |
526 | [sftp.c] | |
527 | kill ssh process on receipt of signal; ok markus@ | |
fba33e81 | 528 | - (djm) Update to fix of bug #584: lock card before return. |
529 | From larsch@trustcenter.de | |
8d9bb5dd | 530 | - (djm) Always use mysignal() for SIGALRM |
d60e487c | 531 | |
3a2b2b44 | 532 | 20030603 |
533 | - (djm) Replace setproctitle replacement with code derived from | |
534 | UCB sendmail | |
c5a7d788 | 535 | - (djm) OpenBSD CVS Sync |
536 | - markus@cvs.openbsd.org 2003/06/02 09:17:34 | |
537 | [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] | |
538 | [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] | |
539 | [sshd_config.5] | |
540 | deprecate VerifyReverseMapping since it's dangerous if combined | |
541 | with IP based access control as noted by Mike Harding; replace with | |
542 | a UseDNS option, UseDNS is on by default and includes the | |
543 | VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ | |
544 | ok deraadt@, djm@ | |
d981089c | 545 | - millert@cvs.openbsd.org 2003/06/03 02:56:16 |
546 | [scp.c] | |
547 | Remove the advertising clause in the UCB license which Berkeley | |
548 | rescinded 22 July 1999. Proofed by myself and Theo. | |
c5a7d788 | 549 | - (djm) Fix portable-specific uses of verify_reverse_mapping too |
3e67f7df | 550 | - (djm) Sync openbsd-compat with OpenBSD CVS. |
484d59c7 | 551 | - No more 4-term BSD licenses in linked code |
5d8ca8c7 | 552 | - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping. |
3a2b2b44 | 553 | |
aff561f9 | 554 | 20030602 |
555 | - (djm) Fix segv from bad reordering in auth-pam.c | |
416c732d | 556 | - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may |
557 | clobber | |
1b7342ab | 558 | - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing |
559 | CVS ID. | |
8862e142 | 560 | - (djm) Remove "noip6" option from RedHat spec file. This may now be |
561 | set at runtime using AddressFamily option. | |
58ba3cb7 | 562 | - (djm) Fix use of macro before #define in cipher-aes.c |
382fe2fa | 563 | - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS |
b0545fe6 | 564 | - (djm) OpenBSD CVS Sync |
565 | - djm@cvs.openbsd.org 2003/05/26 12:54:40 | |
566 | [sshconnect.c] | |
567 | fix format strings; ok markus@ | |
fa5120a0 | 568 | - deraadt@cvs.openbsd.org 2003/05/29 16:58:45 |
569 | [sshd.c uidswap.c] | |
570 | seteuid and setegid; markus ok | |
0f92946c | 571 | - jakob@cvs.openbsd.org 2003/06/02 08:31:10 |
572 | [ssh_config.5] | |
573 | VerifyHostKeyDNS is v2 only. ok markus@ | |
aff561f9 | 574 | |
4f178be8 | 575 | 20030530 |
576 | - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at | |
577 | roumenpetrov.info | |
eabb99c6 | 578 | - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix. |
4f178be8 | 579 | |
4881aebb | 580 | 20030526 |
581 | - (djm) Avoid auth2-chall.c warning when compiling without | |
582 | PAM, BSD_AUTH and SKEY | |
583 | ||
5b0fe364 | 584 | 20030525 |
585 | - (djm) OpenBSD CVS Sync | |
586 | - djm@cvs.openbsd.org 2003/05/24 09:02:22 | |
587 | [log.c] | |
588 | pass logged data through strnvis; ok markus | |
b9ed513a | 589 | - djm@cvs.openbsd.org 2003/05/24 09:30:40 |
590 | [authfile.c monitor.c sftp-common.c sshpty.c] | |
591 | cast some types for printing; ok markus@ | |
5b0fe364 | 592 | |
44c78996 | 593 | 20030524 |
594 | - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net | |
595 | ||
d83ebe4a | 596 | 20030523 |
597 | - (djm) Use VIS_SAFE on logged strings rather than default strnvis | |
598 | encoding (which encodes many more characters) | |
bd47824b | 599 | - OpenBSD CVS Sync |
600 | - jmc@cvs.openbsd.org 2003/05/20 12:03:35 | |
601 | [sftp.1] | |
602 | - new sentence, new line | |
603 | - added .Xr's | |
604 | - typos | |
605 | ok djm@ | |
3cbc677d | 606 | - jmc@cvs.openbsd.org 2003/05/20 12:09:31 |
607 | [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1] | |
608 | new sentence, new line | |
da54f5be | 609 | - djm@cvs.openbsd.org 2003/05/23 08:29:30 |
610 | [sshconnect.c] | |
611 | fix leak; ok markus@ | |
d83ebe4a | 612 | |
c453493f | 613 | 20030520 |
614 | - (djm) OpenBSD CVS Sync | |
615 | - deraadt@cvs.openbsd.org 2003/05/18 23:22:01 | |
616 | [log.c] | |
617 | use syslog_r() in a signal handler called place; markus ok | |
79d4fc55 | 618 | - (djm) Configure logic to detect syslog_r and friends |
c453493f | 619 | |
acb50584 | 620 | 20030519 |
621 | - (djm) Sync auth-pam.h with what we actually implement | |
622 | ||
623 | 20030518 | |
5ff453c0 | 624 | - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in |
625 | recent merge | |
f811e52a | 626 | - (djm) OpenBSD CVS Sync |
627 | - djm@cvs.openbsd.org 2003/05/16 03:27:12 | |
628 | [readconf.c ssh_config ssh_config.5 ssh-keysign.c] | |
629 | add AddressFamily option to ssh_config (like -4, -6 on commandline). | |
630 | Portable bug #534; ok markus@ | |
013b1214 | 631 | - itojun@cvs.openbsd.org 2003/05/17 03:25:58 |
632 | [auth-rhosts.c] | |
633 | just in case, put numbers to sscanf %s arg. | |
25b66522 | 634 | - markus@cvs.openbsd.org 2003/05/17 04:27:52 |
635 | [cipher.c cipher-ctr.c myproposal.h] | |
636 | experimental support for aes-ctr modes from | |
637 | http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt | |
638 | ok djm@ | |
25351757 | 639 | - (djm) Remove IPv4 by default hack now that we can specify AF in config |
3bf784bc | 640 | - (djm) Tidy and trim TODO |
bffa6723 | 641 | - (djm) Sync openbsd-compat/ with OpenBSD CVS head |
9901cb37 | 642 | - (djm) Big KNF on openbsd-compat/ |
f1da2b8b | 643 | - (djm) KNF on md5crypt.[ch] |
644 | - (djm) KNF on auth-sia.[ch] | |
5ff453c0 | 645 | |
f123055b | 646 | 20030517 |
647 | - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD) | |
648 | ||
c936c243 | 649 | 20030516 |
650 | - (djm) OpenBSD CVS Sync | |
651 | - djm@cvs.openbsd.org 2003/05/15 13:52:10 | |
652 | [ssh.c] | |
653 | Make "ssh -V" print the OpenSSL version in a human readable form. Patch | |
654 | from Craig Leres (mindrot at ee.lbl.gov); ok markus@ | |
a2144546 | 655 | - jakob@cvs.openbsd.org 2003/05/15 14:02:47 |
656 | [readconf.c servconf.c] | |
657 | warn for unsupported config option. ok markus@ | |
5bdfde81 | 658 | - markus@cvs.openbsd.org 2003/05/15 14:09:21 |
659 | [auth2-krb5.c] | |
660 | fix 64bit issue; report itojun@ | |
09ab3296 | 661 | - djm@cvs.openbsd.org 2003/05/15 14:55:25 |
662 | [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c] | |
663 | add a ConnectTimeout option to ssh, based on patch from | |
664 | Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@ | |
b06b11ad | 665 | - (djm) Add warning for UsePAM when built without PAM support |
7be625e1 | 666 | - (djm) A few type mismatch fixes from Bug #565 |
0eb6370a | 667 | - (djm) Guard free_pam_environment against NULL argument. Works around |
668 | HP/UX PAM problems debugged by dtucker | |
c936c243 | 669 | |
7efc7f57 | 670 | 20030515 |
671 | - (djm) OpenBSD CVS Sync | |
672 | - jmc@cvs.openbsd.org 2003/05/14 13:11:56 | |
673 | [ssh-agent.1] | |
674 | setup -> set up; | |
675 | from wiz@netbsd | |
21289cd0 | 676 | - jakob@cvs.openbsd.org 2003/05/14 18:16:20 |
677 | [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] | |
678 | [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] | |
679 | add experimental support for verifying hos keys using DNS as described | |
680 | in draft-ietf-secsh-dns-xx.txt. more information in README.dns. | |
681 | ok markus@ and henning@ | |
16a79097 | 682 | - markus@cvs.openbsd.org 2003/05/14 22:24:42 |
683 | [clientloop.c session.c ssh.1] | |
684 | allow to send a BREAK to the remote system; ok various | |
b8c2031b | 685 | - markus@cvs.openbsd.org 2003/05/15 00:28:28 |
686 | [sshconnect2.c] | |
687 | cleanup unregister of per-method packet handlers; ok djm@ | |
d0ec7f42 | 688 | - jakob@cvs.openbsd.org 2003/05/15 01:48:10 |
689 | [readconf.c readconf.h servconf.c servconf.h] | |
690 | always parse kerberos options. ok djm@ markus@ | |
b414a17b | 691 | - jakob@cvs.openbsd.org 2003/05/15 02:27:15 |
692 | [dns.c] | |
693 | add missing freerrset | |
3b6e3da9 | 694 | - markus@cvs.openbsd.org 2003/05/15 03:08:29 |
695 | [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c] | |
696 | split out custom EVP ciphers | |
02159d9b | 697 | - djm@cvs.openbsd.org 2003/05/15 03:10:52 |
698 | [ssh-keygen.c] | |
699 | avoid warning; ok jakob@ | |
4a26f5c5 | 700 | - mouring@cvs.openbsd.org 2003/05/15 03:39:07 |
701 | [sftp-int.c] | |
702 | Make put/get (globed and nonglobed) code more consistant. OK djm@ | |
c44f10c6 | 703 | - mouring@cvs.openbsd.org 2003/05/15 03:43:59 |
dc69f53c | 704 | [sftp-int.c sftp.c] |
c44f10c6 | 705 | Teach ls how to display multiple column display and allow users |
706 | to return to single column format via 'ls -1'. OK @djm | |
1457e7ff | 707 | - jakob@cvs.openbsd.org 2003/05/15 04:08:44 |
708 | [readconf.c servconf.c] | |
709 | disable kerberos when not supported. ok markus@ | |
861f0365 | 710 | - markus@cvs.openbsd.org 2003/05/15 04:08:41 |
711 | [ssh.1] | |
712 | ~B is ssh2 only | |
d0ec7f42 | 713 | - (djm) Always parse UsePAM |
3e05e934 | 714 | - (djm) Configure glue for DNS support (code doesn't work in portable yet) |
4460d509 | 715 | - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support) |
86ee6794 | 716 | - (djm) Tidy Makefile clean targets |
2636769c | 717 | - (djm) Adapt README.dns for portable |
2d2e4a34 | 718 | - (djm) Avoid uuencode.c warnings |
1457e7ff | 719 | - (djm) Enable UsePAM when built --with-pam |
67467c30 | 720 | - (djm) Only build getrrsetbyname replacement when using --with-dns |
f420d2ba | 721 | - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv |
722 | correctly) | |
3c49ef10 | 723 | - (djm) Bug #444: Wrong paths after reconfigure |
321735c7 | 724 | - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK |
f420d2ba | 725 | |
dd3ebb5a | 726 | 20030514 |
727 | - (djm) Bug #117: Don't lie to PAM about username | |
0608f8a7 | 728 | - (djm) RCSID sync w/ OpenBSD |
204fde99 | 729 | - (djm) OpenBSD CVS Sync |
730 | - djm@cvs.openbsd.org 2003/04/09 12:00:37 | |
731 | [readconf.c] | |
732 | strip trailing whitespace from config lines before parsing. | |
733 | Fixes bz 528; ok markus@ | |
18ae3c67 | 734 | - markus@cvs.openbsd.org 2003/04/12 10:13:57 |
735 | [cipher.c] | |
736 | hide cipher details; ok djm@ | |
45c42d58 | 737 | - markus@cvs.openbsd.org 2003/04/12 10:15:36 |
738 | [misc.c] | |
739 | debug->debug2 | |
c825cd79 | 740 | - naddy@cvs.openbsd.org 2003/04/12 11:40:15 |
741 | [ssh.1] | |
742 | document -V switch, fix wording; ok markus@ | |
3e131a6d | 743 | - markus@cvs.openbsd.org 2003/04/14 14:17:50 |
744 | [channels.c sshconnect.c sshd.c ssh-keyscan.c] | |
745 | avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP | |
927e9f8b | 746 | - mouring@cvs.openbsd.org 2003/04/14 21:31:27 |
747 | [sftp-int.c] | |
748 | Missing globfree(&g) in process_put() spotted by Vince Brimhall | |
749 | <VBrimhall@novell.com>. ok@ Theo | |
750 | - markus@cvs.openbsd.org 2003/04/16 14:35:27 | |
751 | [auth.h] | |
752 | document struct Authctxt; with solar | |
b9e5aff6 | 753 | - deraadt@cvs.openbsd.org 2003/04/26 04:29:49 |
754 | [ssh-keyscan.c] | |
755 | -t in usage(); rogier@quaak.org | |
9a26a6e2 | 756 | - mouring@cvs.openbsd.org 2003/04/30 01:16:20 |
757 | [sshd.8 sshd_config.5] | |
758 | Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable | |
759 | Bug #550 and * escaping suggested by jmc@. | |
09dc8896 | 760 | - david@cvs.openbsd.org 2003/04/30 20:41:07 |
761 | [sshd.8] | |
762 | fix invalid .Pf macro usage introduced in previous commit | |
763 | ok jmc@ mouring@ | |
3566c73c | 764 | - markus@cvs.openbsd.org 2003/05/11 16:56:48 |
765 | [authfile.c ssh-keygen.c] | |
766 | change key_load_public to try to read a public from: | |
767 | rsa1 private or rsa1 public and ssh2 keys. | |
768 | this makes ssh-keygen -e fail for ssh1 keys more gracefully | |
769 | for example; report from itojun (netbsd pr 20550). | |
0d942eff | 770 | - markus@cvs.openbsd.org 2003/05/11 20:30:25 |
771 | [channels.c clientloop.c serverloop.c session.c ssh.c] | |
772 | make channel_new() strdup the 'remote_name' (not the caller); ok theo | |
43348518 | 773 | - markus@cvs.openbsd.org 2003/05/12 16:55:37 |
774 | [sshconnect2.c] | |
775 | for pubkey authentication try the user keys in the following order: | |
776 | 1. agent keys that are found in the config file | |
777 | 2. other agent keys | |
778 | 3. keys that are only listed in the config file | |
779 | this helps when an agent has many keys, where the server might | |
780 | close the connection before the correct key is used. report & ok pb@ | |
dc109cfe | 781 | - markus@cvs.openbsd.org 2003/05/12 18:35:18 |
782 | [ssh-keyscan.1] | |
783 | typo: DSA keys are of type ssh-dss; Brian Poole | |
81466908 | 784 | - markus@cvs.openbsd.org 2003/05/14 00:52:59 |
785 | [ssh2.h] | |
786 | ranges for per auth method messages | |
787 | - djm@cvs.openbsd.org 2003/05/14 01:00:44 | |
788 | [sftp.1] | |
789 | emphasise the batchmode functionality and make reference to pubkey auth, | |
790 | both of which are FAQs; ok markus@ | |
802e01b8 | 791 | - markus@cvs.openbsd.org 2003/05/14 02:15:47 |
792 | [auth2.c monitor.c sshconnect2.c auth2-krb5.c] | |
793 | implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@ | |
794 | server interops with commercial client; ok jakob@ djm@ | |
72c5fe79 | 795 | - jmc@cvs.openbsd.org 2003/05/14 08:25:39 |
796 | [sftp.1] | |
797 | - better formatting in SYNOPSIS | |
798 | - whitespace at EOL | |
799 | ok djm@ | |
3a39206f | 800 | - markus@cvs.openbsd.org 2003/05/14 08:57:49 |
801 | [monitor.c] | |
802 | http://bugzilla.mindrot.org/show_bug.cgi?id=560 | |
803 | Privsep child continues to run after monitor killed. | |
804 | Pass monitor signals through to child; Darren Tucker | |
751092f9 | 805 | - (djm) Make portable build with MIT krb5 (some issues remain) |
7fceb20d | 806 | - (djm) Add new UsePAM configuration directive to allow runtime control |
807 | over usage of PAM. This allows non-root use of sshd when built with | |
808 | --with-pam | |
817e6d38 | 809 | - (djm) Die screaming if start_pam() is called when UsePAM=no |
83ccf11a | 810 | - (djm) Avoid KrbV leak for MIT Kerberos |
b1848832 | 811 | - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@ |
fa065de2 | 812 | - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability |
dd3ebb5a | 813 | |
91f3aa9b | 814 | 20030512 |
815 | - (djm) Redhat spec: Don't install profile.d scripts when not | |
816 | building with GNOME/GTK askpass (patch from bet@rahul.net) | |
817 | ||
5def520a | 818 | 20030510 |
819 | - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than | |
820 | "make install". Patch by roth@feep.net. | |
ad84c479 | 821 | - (dtucker) Bug #536: Test for and work around openpty/controlling tty |
822 | problem on Linux (fixes "could not set controlling tty" errors). | |
05114c74 | 823 | - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with |
824 | proper challenge-response module | |
23ab1f36 | 825 | - (djm) 2-clause license on loginrec.c, with permission from |
826 | andre@ae-35.com | |
5def520a | 827 | |
43ce025d | 828 | 20030504 |
dd594f99 | 829 | - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h. |
830 | Patch from vinschen@redhat.com. | |
43ce025d | 831 | |
2cd5dbba | 832 | 20030503 |
833 | - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted | |
834 | by wendyp@cray.com. | |
835 | ||
bf7c1e6c | 836 | 20030502 |
837 | - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels, | |
838 | privsep should now work. | |
73d9dad3 | 839 | - (dtucker) Move handling of bad password authentications into a platform |
990278ef | 840 | specific record_failed_login() function (affects AIX & Unicos). ok mouring@ |
bf7c1e6c | 841 | |
68ece370 | 842 | 20030429 |
843 | - (djm) Add back radix.o (used by AFS support), after it went missing from | |
844 | Makefile many moons ago | |
845 | - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer | |
846 | - (djm) Fix blibpath specification for AIX/gcc | |
847 | - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org | |
848 | ||
ded9dd18 | 849 | 20030428 |
850 | - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit | |
851 | hacked code. | |
852 | ||
aceb0423 | 853 | 20030427 |
854 | - (bal) Bug #541: return; was dropped by mistake. Reported by | |
855 | furrier@iglou.com | |
c8a50a34 | 856 | - (bal) Since we don't support platforms lacking u_int_64. We may |
857 | as well clean out some of those evil #ifdefs | |
9a6fee8b | 858 | - (bal) auth1.c minor resync while looking at the code. |
d7cf277b | 859 | - (bal) auth2.c same changed as above. |
aceb0423 | 860 | |
0a626302 | 861 | 20030409 |
862 | - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report | |
863 | from matth@eecs.berkeley.edu | |
d35929b5 | 864 | - (djm) Make the spec work with Redhat 9.0 (which renames sharutils) |
ffd7b36b | 865 | - (djm) OpenBSD CVS Sync |
866 | - markus@cvs.openbsd.org 2003/04/02 09:48:07 | |
867 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] | |
868 | [readconf.h serverloop.c sshconnect2.c] | |
869 | reapply rekeying chage, tested by henning@, ok djm@ | |
16f1b5ca | 870 | - markus@cvs.openbsd.org 2003/04/02 14:36:26 |
871 | [ssh-keysign.c] | |
872 | potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526 | |
6c1bc5c5 | 873 | - itojun@cvs.openbsd.org 2003/04/03 07:25:27 |
874 | [progressmeter.c] | |
875 | $OpenBSD$ | |
876 | - itojun@cvs.openbsd.org 2003/04/03 10:17:35 | |
877 | [progressmeter.c] | |
878 | remove $OpenBSD$, as other *.c does not have it. | |
806e4c11 | 879 | - markus@cvs.openbsd.org 2003/04/07 08:29:57 |
880 | [monitor_wrap.c] | |
881 | typo: get correct counters; introduced during rekeying change. | |
2f5b2528 | 882 | - millert@cvs.openbsd.org 2003/04/07 21:58:05 |
883 | [progressmeter.c] | |
884 | The UCB copyright here is incorrect. This code did not originate | |
885 | at UCB, it was written by Luke Mewburn. Updated the copyright at | |
886 | the author's request. markus@ OK | |
887 | - itojun@cvs.openbsd.org 2003/04/08 20:21:29 | |
888 | [*.c *.h] | |
889 | rename log() into logit() to avoid name conflict. markus ok, from | |
890 | netbsd | |
891 | - (djm) XXX - Performed locally using: | |
892 | "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h" | |
70e1f62f | 893 | - hin@cvs.openbsd.org 2003/04/09 08:23:52 |
894 | [servconf.c] | |
895 | Don't include <krb.h> when compiling with Kerberos 5 support | |
2f5b2528 | 896 | - (djm) Fix up missing include for packet.c |
a3568201 | 897 | - (djm) Fix missed log => logit occurance (reference by function pointer) |
0a626302 | 898 | |
4d0cb2e5 | 899 | 20030402 |
900 | - (bal) if IP_TOS is not found or broken don't try to compile in | |
901 | packet_set_tos() function call. bug #527 | |
902 | ||
a4e5acef | 903 | 20030401 |
904 | - (djm) OpenBSD CVS Sync | |
905 | - jmc@cvs.openbsd.org 2003/03/28 10:11:43 | |
906 | [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] | |
907 | [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] | |
908 | - killed whitespace | |
909 | - new sentence new line | |
910 | - .Bk for arguments | |
911 | ok markus@ | |
177f584b | 912 | - markus@cvs.openbsd.org 2003/04/01 10:10:23 |
913 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] | |
914 | [readconf.h serverloop.c sshconnect2.c] | |
915 | rekeying bugfixes and automatic rekeying: | |
916 | * both client and server rekey _automatically_ | |
917 | (a) after 2^31 packets, because after 2^32 packets | |
918 | the sequence number for packets wraps | |
919 | (b) after 2^(blocksize_in_bits/4) blocks | |
920 | (see: draft-ietf-secsh-newmodes-00.txt) | |
921 | (a) and (b) are _enabled_ by default, and only disabled for known | |
922 | openssh versions, that don't support rekeying properly. | |
923 | * client option 'RekeyLimit' | |
924 | * do not reply to requests during rekeying | |
925 | - markus@cvs.openbsd.org 2003/04/01 10:22:21 | |
926 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] | |
927 | [readconf.h serverloop.c sshconnect2.c] | |
928 | backout rekeying changes (for 3.6.1) | |
519bdfe8 | 929 | - markus@cvs.openbsd.org 2003/04/01 10:31:26 |
930 | [compat.c compat.h kex.c] | |
931 | bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; | |
932 | tested by ho@ and myself | |
9dd240a3 | 933 | - markus@cvs.openbsd.org 2003/04/01 10:56:46 |
934 | [version.h] | |
935 | 3.6.1 | |
ac01b518 | 936 | - (djm) Crank spec file versions |
b32453fe | 937 | - (djm) Release 3.6.1p1 |
a4e5acef | 938 | |
fd77a40f | 939 | 20030326 |
940 | - (djm) OpenBSD CVS Sync | |
941 | - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 | |
942 | [sftp-server.c] | |
943 | one last fix to the tree: race fix broke stuff; pr 3169; | |
944 | srp@srparish.net, help from djm | |
945 | ||
8021857c | 946 | 20030325 |
947 | - (djm) Fix getpeerid support for 64 bit BE systems. From | |
948 | Arnd Bergmann <arndb@de.ibm.com> | |
949 | ||
cdb64c4d | 950 | 20030324 |
951 | - (djm) OpenBSD CVS Sync | |
952 | - markus@cvs.openbsd.org 2003/03/23 19:02:00 | |
953 | [monitor.c] | |
954 | unbreak rekeying for privsep; ok millert@ | |
955 | - Release 3.6p1 | |
62086365 | 956 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
957 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | |
cdb64c4d | 958 | |
0b202697 | 959 | $Id$ |