]> andersk Git - openssh.git/blame - ChangeLog
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
[openssh.git] / ChangeLog
CommitLineData
b4d02860 120010611
2 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
3 <markm@swoon.net>
224cbdcc 4 - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
5 types. Patch by Jan IVEN <Jan.Iven@cern.ch>
b4d02860 6
bf093080 720010610
8 - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
9
e697bda7 1020010609
11 - OpenBSD CVS Sync
12 - markus@cvs.openbsd.org 2001/05/30 12:55:13
13 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
14 packet.c serverloop.c session.c ssh.c ssh1.h]
15 channel layer cleanup: merge header files and split .c files
36e1f6a1 16 - markus@cvs.openbsd.org 2001/05/30 15:20:10
17 [ssh.c]
18 merge functions, simplify.
a5efa1bb 19 - markus@cvs.openbsd.org 2001/05/31 10:30:17
20 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
21 packet.c serverloop.c session.c ssh.c]
22 undo the .c file split, just merge the header and keep the cvs
23 history
8e7895b8 24 - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
25 out of ssh Attic)
a98da4aa 26 - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
27 Attic.
28 - OpenBSD CVS Sync
29 - markus@cvs.openbsd.org 2001/05/31 13:08:04
30 [sshd_config]
31 group options and add some more comments
e4f7282d 32 - markus@cvs.openbsd.org 2001/06/03 14:55:39
33 [channels.c channels.h session.c]
34 use fatal_register_cleanup instead of atexit, sync with x11 authdir
35 handling
e5b71e99 36 - markus@cvs.openbsd.org 2001/06/03 19:36:44
37 [ssh-keygen.1]
38 1-2 bits of entrophy per character (not per word), ok stevesk@
4fc334a2 39 - markus@cvs.openbsd.org 2001/06/03 19:38:42
40 [scp.c]
41 pass -v to ssh; from slade@shore.net
f5e69c65 42 - markus@cvs.openbsd.org 2001/06/03 20:06:11
43 [auth2-chall.c]
44 the challenge response device decides how to handle non-existing
45 users.
46 -> fake challenges for skey and cryptocard
f0f32b8e 47 - markus@cvs.openbsd.org 2001/06/04 21:59:43
48 [channels.c channels.h session.c]
49 switch uid when cleaning up tmp files and sockets; reported by
50 zen-parse@gmx.net on bugtraq
c9130033 51 - markus@cvs.openbsd.org 2001/06/04 23:07:21
52 [clientloop.c serverloop.c sshd.c]
53 set flags in the signal handlers, do real work in the main loop,
54 ok provos@
8dcd9d5c 55 - markus@cvs.openbsd.org 2001/06/04 23:16:16
56 [session.c]
57 merge ssh1/2 x11-fwd setup, create listener after tmp-dir
aa144206 58 - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
59 [ssh-keyscan.1 ssh-keyscan.c]
60 License clarification from David Mazieres, ok deraadt@
750c256a 61 - markus@cvs.openbsd.org 2001/06/05 10:24:32
62 [channels.c]
63 don't delete the auth socket in channel_stop_listening()
64 auth_sock_cleanup_proc() will take care of this.
fc2a1d28 65 - markus@cvs.openbsd.org 2001/06/05 16:46:19
66 [session.c]
67 let session_close() delete the pty. deny x11fwd if xauthfile is set.
d87596b0 68 - markus@cvs.openbsd.org 2001/06/06 23:13:54
69 [ssh-dss.c ssh-rsa.c]
70 cleanup, remove old code
edf9ae81 71 - markus@cvs.openbsd.org 2001/06/06 23:19:35
72 [ssh-add.c]
73 remove debug message; Darren.Moffat@eng.sun.com
2a6a054e 74 - markus@cvs.openbsd.org 2001/06/07 19:57:53
75 [auth2.c]
76 style is used for bsdauth.
77 disconnect on user/service change (ietf-drafts)
449c5ba5 78 - markus@cvs.openbsd.org 2001/06/07 20:23:05
79 [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
80 sshconnect.c sshconnect1.c]
81 use xxx_put_cstring()
e6abba31 82 - markus@cvs.openbsd.org 2001/06/07 22:25:02
83 [session.c]
84 don't overwrite errno
85 delay deletion of the xauth cookie
fd9ede94 86 - markus@cvs.openbsd.org 2001/06/08 15:25:40
87 [includes.h pathnames.h readconf.c servconf.c]
88 move the path for xauth to pathnames.h
0abe778b 89 - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
83c17f20 90 - (bal) ANSIify strmode()
fdf6b7aa 91 - (bal) --with-catman should be --with-mantype patch by Dave
92 Dykstra <dwd@bell-labs.com>
fd9ede94 93
4869a96f 9420010606
e697bda7 95 - OpenBSD CVS Sync
96 - markus@cvs.openbsd.org 2001/05/17 21:34:15
97 [ssh.1]
4869a96f 98 no spaces in PreferredAuthentications;
5ba55ada 99 meixner@rbg.informatik.tu-darmstadt.de
100 - markus@cvs.openbsd.org 2001/05/18 14:13:29
101 [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
102 readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
103 improved kbd-interactive support. work by per@appgate.com and me
bc03d5aa 104 - djm@cvs.openbsd.org 2001/05/19 00:36:40
105 [session.c]
106 Disable X11 forwarding if xauth binary is not found. Patch from Nalin
107 Dahyabhai <nalin@redhat.com>; ok markus@
3e4fc5f9 108 - markus@cvs.openbsd.org 2001/05/19 16:05:41
109 [scp.c]
110 ftruncate() instead of open()+O_TRUNC like rcp.c does
111 allows scp /path/to/file localhost:/path/to/file
a18395da 112 - markus@cvs.openbsd.org 2001/05/19 16:08:43
113 [sshd.8]
114 sort options; Matthew.Stier@fnc.fujitsu.com
3398dda9 115 - markus@cvs.openbsd.org 2001/05/19 16:32:16
116 [ssh.1 sshconnect2.c]
117 change preferredauthentication order to
118 publickey,hostbased,password,keyboard-interactive
119 document that hostbased defaults to no, document order
47bf6266 120 - markus@cvs.openbsd.org 2001/05/19 16:46:19
121 [ssh.1 sshd.8]
122 document MACs defaults with .Dq
e2b1fb42 123 - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
124 [misc.c misc.h servconf.c sshd.8 sshd.c]
125 sshd command-line arguments and configuration file options that
126 specify time may be expressed using a sequence of the form:
127 time[qualifier], where time is a positive integer value and qualifier
128 is one of the following:
129 <none>,s,m,h,d,w
130 Examples:
131 600 600 seconds (10 minutes)
132 10m 10 minutes
133 1h30m 1 hour 30 minutes (90 minutes)
134 ok markus@
7e8c18e9 135 - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
136 [channels.c]
137 typo in error message
e697bda7 138 - markus@cvs.openbsd.org 2001/05/20 17:20:36
c8445989 139 [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
140 sshd_config]
141 configurable authorized_keys{,2} location; originally from peter@;
142 ok djm@
1ddf764b 143 - markus@cvs.openbsd.org 2001/05/24 11:12:42
144 [auth.c]
145 fix comment; from jakob@
4bf9c10e 146 - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
147 [clientloop.c readconf.c ssh.c ssh.h]
148 don't perform escape processing when ``EscapeChar none''; ok markus@
abe0fb9f 149 - markus@cvs.openbsd.org 2001/05/25 14:37:32
150 [ssh-keygen.c]
151 use -P for -e and -y, too.
63cd7dd0 152 - markus@cvs.openbsd.org 2001/05/28 08:04:39
153 [ssh.c]
154 fix usage()
eb2e1595 155 - markus@cvs.openbsd.org 2001/05/28 10:08:55
156 [authfile.c]
157 key_load_private: set comment to filename for PEM keys
2cf27bc4 158 - markus@cvs.openbsd.org 2001/05/28 22:51:11
159 [cipher.c cipher.h]
160 simpler 3des for ssh1
6fd8622b 161 - markus@cvs.openbsd.org 2001/05/28 23:14:49
162 [channels.c channels.h nchan.c]
163 undo broken channel fix and try a different one. there
164 should be still some select errors...
eeae19d8 165 - markus@cvs.openbsd.org 2001/05/28 23:25:24
166 [channels.c]
167 cleanup, typo
08dcb5d7 168 - markus@cvs.openbsd.org 2001/05/28 23:58:35
169 [packet.c packet.h sshconnect.c sshd.c]
170 remove some lines, simplify.
a10bdd7c 171 - markus@cvs.openbsd.org 2001/05/29 12:31:27
172 [authfile.c]
173 typo
5ba55ada 174
5cde8062 17520010528
176 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
177 Patch by Corinna Vinschen <vinschen@redhat.com>
178
362df52e 17920010517
180 - OpenBSD CVS Sync
181 - markus@cvs.openbsd.org 2001/05/12 19:53:13
182 [sftp-server.c]
183 readlink does not NULL-terminate; mhe@home.se
6efa3d14 184 - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
185 [ssh.1]
186 X11 forwarding details improved
70ea8327 187 - markus@cvs.openbsd.org 2001/05/16 20:51:57
188 [authfile.c]
189 return comments for private pem files, too; report from nolan@naic.edu
24b6b45f 190 - markus@cvs.openbsd.org 2001/05/16 21:53:53
191 [clientloop.c]
192 check for open sessions before we call select(); fixes the x11 client
193 bug reported by bowman@math.ualberta.ca
7231bd47 194 - markus@cvs.openbsd.org 2001/05/16 22:09:21
195 [channels.c nchan.c]
196 more select() error fixes (don't set rfd/wfd to -1).
7043a38d 197 - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
b1e4dd32 198 - (bal) Corrected on_exit() emulation via atexit().
362df52e 199
89aa792b 20020010512
201 - OpenBSD CVS Sync
202 - markus@cvs.openbsd.org 2001/05/11 14:59:56
203 [clientloop.c misc.c misc.h]
204 add unset_nonblock for stdout/err flushing in client_loop().
286e38f7 205 - (bal) Patch to partial sync up contrib/solaris/ packaging software.
206 Patch by pete <ninjaz@webexpress.com>
89aa792b 207
97430469 20820010511
209 - OpenBSD CVS Sync
210 - markus@cvs.openbsd.org 2001/05/09 22:51:57
211 [channels.c]
212 fix -R for protocol 2, noticed by greg@nest.cx.
213 bug was introduced with experimental dynamic forwarding.
a16092bb 214 - markus@cvs.openbsd.org 2001/05/09 23:01:31
215 [rijndael.h]
216 fix prototype; J.S.Peatfield@damtp.cam.ac.uk
97430469 217
588f4ed0 21820010509
219 - OpenBSD CVS Sync
220 - markus@cvs.openbsd.org 2001/05/06 21:23:31
221 [cli.c]
222 cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
d18e0850 223 - markus@cvs.openbsd.org 2001/05/08 19:17:31
a01a10dd 224 [channels.c serverloop.c clientloop.c]
d18e0850 225 adds correct error reporting to async connect()s
226 fixes the server-discards-data-before-connected-bug found by
227 onoe@sm.sony.co.jp
8a624ebf 228 - mouring@cvs.openbsd.org 2001/05/08 19:45:25
229 [misc.c misc.h scp.c sftp.c]
230 Use addargs() in sftp plus some clean up of addargs(). OK Markus
1b02d786 231 - markus@cvs.openbsd.org 2001/05/06 21:45:14
232 [clientloop.c]
233 use atomicio for flushing stdout/stderr bufs. thanks to
234 jbw@izanami.cee.hw.ac.uk
010980f6 235 - markus@cvs.openbsd.org 2001/05/08 22:48:07
236 [atomicio.c]
237 no need for xmalloc.h, thanks to espie@
7e2d5fa4 238 - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
239 <wayne@blorf.net>
99c8ddac 240 - (bal) ./configure support to disable SIA on OSF1. Patch by
241 Chris Adams <cmadams@hiwaay.net>
b81c369b 242 - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
243 <nakaji@tutrp.tut.ac.jp>
588f4ed0 244
7b22534a 24520010508
246 - (bal) Fixed configure test for USE_SIA.
247
94539b2a 24820010506
249 - (djm) Update config.guess and config.sub with latest versions (from
250 ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
251 Suggested by Jason Mader <jason@ncac.gwu.edu>
96c63318 252 - (bal) White Space and #ifdef sync with OpenBSD
044b0662 253 - (bal) Add 'seed_rng()' to ssh-add.c
9e9bd8c0 254 - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
cf7ff074 255 - OpenBSD CVS Sync
256 - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
257 [sftp.1 ssh-add.1 ssh-keygen.1]
258 typos, grammar
94539b2a 259
98143cfc 26020010505
261 - OpenBSD CVS Sync
262 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
263 [ssh.1 sshd.8]
264 typos
5b9601c8 265 - markus@cvs.openbsd.org 2001/05/04 14:34:34
266 [channels.c]
94539b2a 267 channel_new() reallocs channels[], we cannot use Channel *c after
268 calling channel_new(), XXX fix this in the future...
719fc62f 269 - markus@cvs.openbsd.org 2001/05/04 23:47:34
270 [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
271 move to Channel **channels (instead of Channel *channels), fixes realloc
272 problems. channel_new now returns a Channel *, favour Channel * over
273 channel id. remove old channel_allocate interface.
98143cfc 274
f92fee1f 27520010504
276 - OpenBSD CVS Sync
277 - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
278 [channels.c]
279 typo in debug() string
503e7e5b 280 - markus@cvs.openbsd.org 2001/05/03 15:45:15
281 [session.c]
282 exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
c98cab9b 283 - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
284 [servconf.c]
285 remove "\n" from fatal()
1fcde3fe 286 - mouring@cvs.openbsd.org 2001/05/03 23:09:53
287 [misc.c misc.h scp.c sftp.c]
288 Move colon() and cleanhost() to misc.c where I should I have put it in
289 the first place
044aa419 290 - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
c7ccfd39 291 - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
292 Patch by Egor Duda <deo@logos-m.ru>
f92fee1f 293
065604bb 29420010503
295 - OpenBSD CVS Sync
296 - markus@cvs.openbsd.org 2001/05/02 16:41:20
297 [ssh-add.c]
298 fix prompt for ssh-add.
299
742ee8f2 30020010502
301 - OpenBSD CVS Sync
302 - mouring@cvs.openbsd.org 2001/05/02 01:25:39
303 [readpass.c]
304 Put the 'const' back into ssh_askpass() function. Pointed out
305 by Mark Miller <markm@swoon.net>. OK Markus
306
3435f5a6 30720010501
308 - OpenBSD CVS Sync
309 - markus@cvs.openbsd.org 2001/04/30 11:18:52
310 [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
311 implement 'ssh -b bind_address' like 'telnet -b'
eef7adcb 312 - markus@cvs.openbsd.org 2001/04/30 15:50:46
313 [compat.c compat.h kex.c]
314 allow interop with weaker key generation used by ssh-2.0.x, x < 10
ec430473 315 - markus@cvs.openbsd.org 2001/04/30 16:02:49
316 [compat.c]
317 ssh-2.0.10 has the weak-key-bug, too.
3ca6cc45 318 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
3435f5a6 319
e8171bff 32020010430
39aefe7b 321 - OpenBSD CVS Sync
322 - markus@cvs.openbsd.org 2001/04/29 18:32:52
323 [serverloop.c]
324 fix whitespace
fbe90f7b 325 - markus@cvs.openbsd.org 2001/04/29 19:16:52
326 [channels.c clientloop.c compat.c compat.h serverloop.c]
327 more ssh.com-2.0.x bug-compat; from per@appgate.com
e8171bff 328 - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
0b47e48f 329 - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
39aefe7b 330
baf8c81a 33120010429
332 - (bal) Updated INSTALL. PCRE moved to a new place.
e878ffe1 333 - (djm) Release OpenSSH-2.9p1
baf8c81a 334
0096ac62 33520010427
336 - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
337 patch based on 2.5.2 version by djm.
95595a77 338 - (bal) Build manpages and config files once unless changed. Patch by
339 Carson Gaspar <carson@taltos.org>
4a2df58f 340 - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
341 Vinschen <vinschen@redhat.com>
5ef815d7 342 - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
343 Pekka Savola <pekkas@netcore.fi>
229be2df 344 - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
345 <vinschen@redhat.com>
cc3ccfdc 346 - (bal) version.h synced, RPM specs updated for 2.9
b1e2a48c 347 - (tim) update contrib/caldera files with what Caldera is using.
348 <sps@caldera.de>
0096ac62 349
b587c165 35020010425
351 - OpenBSD CVS Sync
352 - markus@cvs.openbsd.org 2001/04/23 21:57:07
353 [ssh-keygen.1 ssh-keygen.c]
354 allow public key for -e, too
012bc0e1 355 - markus@cvs.openbsd.org 2001/04/23 22:14:13
356 [ssh-keygen.c]
357 remove debug
f8252c48 358 - (bal) Whitespace resync w/ OpenBSD for uidswap.c
10f72868 359 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
360 (default: off), implies KbdInteractiveAuthentication. Suggestion from
361 markus@
c2d059b5 362 - (djm) Include crypt.h if available in auth-passwd.c
533875af 363 - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
364 man page detection fixes for SCO
b587c165 365
da89cf4d 36620010424
367 - OpenBSD CVS Sync
368 - markus@cvs.openbsd.org 2001/04/22 23:58:36
369 [ssh-keygen.1 ssh.1 sshd.8]
370 document hostbased and other cleanup
5e29aeaf 371 - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
3cc990d7 372 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
d8e76a0a 373 - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
374 <dan@mesastate.edu>
3644dc25 375 - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
da89cf4d 376
a3626e12 37720010422
378 - OpenBSD CVS Sync
379 - markus@cvs.openbsd.org 2001/04/20 16:32:22
380 [uidswap.c]
381 set non-privileged gid before uid; tholo@ and deraadt@
1a726b04 382 - mouring@cvs.openbsd.org 2001/04/21 00:55:57
383 [sftp.1]
384 Spelling
67b964a1 385 - djm@cvs.openbsd.org 2001/04/22 08:13:30
386 [ssh.1]
387 typos spotted by stevesk@; ok deraadt@
ba917921 388 - markus@cvs.openbsd.org 2001/04/22 12:34:05
389 [scp.c]
390 scp > 2GB; niles@scyld.com; ok deraadt@, djm@
5deceabb 391 - markus@cvs.openbsd.org 2001/04/22 13:25:37
392 [ssh-keygen.1 ssh-keygen.c]
393 rename arguments -x -> -e (export key), -X -> -i (import key)
394 xref draft-ietf-secsh-publickeyfile-01.txt
2cad6cef 395 - markus@cvs.openbsd.org 2001/04/22 13:32:27
396 [sftp-server.8 sftp.1 ssh.1 sshd.8]
397 xref draft-ietf-secsh-*
bcaa828e 398 - markus@cvs.openbsd.org 2001/04/22 13:41:02
399 [ssh-keygen.1 ssh-keygen.c]
400 style, noted by stevesk; sort flags in usage
a3626e12 401
df841692 40220010421
403 - OpenBSD CVS Sync
404 - djm@cvs.openbsd.org 2001/04/20 07:17:51
405 [clientloop.c ssh.1]
406 Split out and improve escape character documentation, mention ~R in
407 ~? help text; ok markus@
0e7e0abe 408 - Update RPM spec files for CVS version.h
1ddee76b 409 - (stevesk) set the default PAM service name to __progname instead
410 of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
4b28be2c 411 - (stevesk) document PAM service name change in INSTALL
13dd877b 412 - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
413 fix perl test, fix nroff test, fix Makefile to build outside source tree
df841692 414
05cc0c99 41520010420
416 - OpenBSD CVS Sync
417 - ian@cvs.openbsd.org 2001/04/18 16:21:05
418 [ssh-keyscan.1]
419 Fix typo reported in PR/1779
561e5254 420 - markus@cvs.openbsd.org 2001/04/18 21:57:42
421 [readpass.c ssh-add.c]
422 call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
f98c3421 423 - markus@cvs.openbsd.org 2001/04/18 22:03:45
424 [auth2.c sshconnect2.c]
425 use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
57a5edd8 426 - markus@cvs.openbsd.org 2001/04/18 22:48:26
427 [auth2.c]
428 no longer const
8dddf799 429 - markus@cvs.openbsd.org 2001/04/18 23:43:26
430 [auth2.c compat.c sshconnect2.c]
431 more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
432 (however the 2.1.0 server seems to work only if debug is enabled...)
ae88ea7e 433 - markus@cvs.openbsd.org 2001/04/18 23:44:51
434 [authfile.c]
435 error->debug; noted by fries@
5cf13595 436 - markus@cvs.openbsd.org 2001/04/19 00:05:11
437 [auth2.c]
438 use local variable, no function call needed.
439 (btw, hostbased works now with ssh.com >= 2.0.13)
431a2493 440 - (bal) Put scp-common.h back into scp.c (it exists in the upstream
441 tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
05cc0c99 442
e78e738a 44320010418
ce2af031 444 - OpenBSD CVS Sync
e78e738a 445 - markus@cvs.openbsd.org 2001/04/17 19:34:25
3a83b819 446 [session.c]
447 move auth_approval to do_authenticated().
448 do_child(): nuke hostkeys from memory
449 don't source .ssh/rc for subsystems.
450 - markus@cvs.openbsd.org 2001/04/18 14:15:00
451 [canohost.c]
452 debug->debug3
ce2af031 453 - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
454 be working again.
e0c4d3ac 455 - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
456 Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
3a83b819 457
8c6b78e4 45820010417
459 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
6d165a89 460 and temporary commented out 'catman-do:' since it is broken. Patches
8c6b78e4 461 for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a88b7b57 462 - OpenBSD CVS Sync
53b8fe68 463 - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
464 [key.c]
465 better safe than sorry in later mods; yongari@kt-is.co.kr
466 - markus@cvs.openbsd.org 2001/04/17 08:14:01
467 [sshconnect1.c]
468 check for key!=NULL, thanks to costa
469 - markus@cvs.openbsd.org 2001/04/17 09:52:48
470 [clientloop.c]
cf6bc93c 471 handle EINTR/EAGAIN on read; ok deraadt@
53b8fe68 472 - markus@cvs.openbsd.org 2001/04/17 10:53:26
473 [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
e961a8f9 474 add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
53b8fe68 475 - markus@cvs.openbsd.org 2001/04/17 12:55:04
476 [channels.c ssh.c]
477 undo socks5 and https support since they are not really used and
478 only bloat ssh. remove -D from usage(), since '-D' is experimental.
479
e4664c3e 48020010416
481 - OpenBSD CVS Sync
482 - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
483 [ttymodes.c]
484 fix comments
ec1f12d3 485 - markus@cvs.openbsd.org 2001/04/15 08:43:47
486 [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
487 some unused variable and typos; from tomh@po.crl.go.jp
58cfa257 488 - markus@cvs.openbsd.org 2001/04/15 16:58:03
489 [authfile.c ssh-keygen.c sshd.c]
490 don't use errno for key_{load,save}_private; discussion w/ solar@openwall
e968270c 491 - markus@cvs.openbsd.org 2001/04/15 17:16:00
492 [clientloop.c]
493 set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
494 should fix some of the blocking problems for rsync over SSH-1
84fc17bf 495 - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
496 [sshd.8]
497 some ClientAlive cleanup; ok markus@
b7c70970 498 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
499 [readconf.c servconf.c]
500 use fatal() or error() vs. fprintf(); ok markus@
5d97cfbf 501 - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
502 Roth <roth+openssh@feep.net>
6023325e 503 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
47b53518 504 - (djm) OpenBSD CVS Sync
505 - mouring@cvs.openbsd.org 2001/04/16 02:31:44
506 [scp.c sftp.c]
507 IPv6 support for sftp (which I bungled in my last patch) which is
508 borrowed from scp.c. Thanks to Markus@ for pointing it out.
764291b3 509 - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
510 [xmalloc.c]
511 xrealloc dealing with ptr == nULL; mouring
f2c2fd71 512 - djm@cvs.openbsd.org 2001/04/16 08:19:31
513 [session.c]
514 Split motd and hushlogin checks into seperate functions, helps for
515 portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
c96a4aaf 516 - Fix OSF SIA support displaying too much information for quiet
517 logins and logins where access was denied by SIA. Patch from Chris Adams
518 <cmadams@hiwaay.net>
e4664c3e 519
f03228b1 52020010415
521 - OpenBSD CVS Sync
522 - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
523 [ssh-add.c]
524 do not double free
9cf972fa 525 - markus@cvs.openbsd.org 2001/04/14 16:17:14
526 [channels.c]
527 remove some channels that are not appropriate for keepalive.
eae942e2 528 - markus@cvs.openbsd.org 2001/04/14 16:27:57
529 [ssh-add.c]
530 use clear_pass instead of xfree()
30dcc918 531 - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
532 [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
533 protocol 2 tty modes support; ok markus@
36967a16 534 - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
535 [scp.c]
536 'T' handling rcp/scp sync; ok markus@
e4664c3e 537 - Missed sshtty.[ch] in Sync.
f03228b1 538
e400a640 53920010414
540 - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
fe56c12b 541 - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
542 <vinschen@redhat.com>
3ffc6336 543 - OpenBSD CVS Sync
544 - beck@cvs.openbsd.org 2001/04/13 22:46:54
545 [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
546 Add options ClientAliveInterval and ClientAliveCountMax to sshd.
547 This gives the ability to do a "keepalive" via the encrypted channel
548 which can't be spoofed (unlike TCP keepalives). Useful for when you want
549 to use ssh connections to authenticate people for something, and know
550 relatively quickly when they are no longer authenticated. Disabled
551 by default (of course). ok markus@
e400a640 552
cc44f691 55320010413
554 - OpenBSD CVS Sync
555 - markus@cvs.openbsd.org 2001/04/12 14:29:09
556 [ssh.c]
557 show debug output during option processing, report from
558 pekkas@netcore.fi
8002af61 559 - markus@cvs.openbsd.org 2001/04/12 19:15:26
560 [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
561 compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
562 servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
563 sshconnect2.c sshd_config]
564 implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
565 similar to RhostRSAAuthentication unless you enable (the experimental)
566 HostbasedUsesNameFromPacketOnly option. please test. :)
0140e66a 567 - markus@cvs.openbsd.org 2001/04/12 19:39:27
568 [readconf.c]
569 typo
2d2a2c65 570 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
571 [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
572 robust port validation; ok markus@ jakob@
edeeab1e 573 - mouring@cvs.openbsd.org 2001/04/12 23:17:54
574 [sftp-int.c sftp-int.h sftp.1 sftp.c]
575 Add support for:
576 sftp [user@]host[:file [file]] - Fetch remote file(s)
577 sftp [user@]host[:dir[/]] - Start in remote dir/
578 OK deraadt@
57aa8961 579 - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
580 [ssh.c]
581 missing \n in error message
96f8b59f 582 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
583 lack it.
cc44f691 584
28b9cb4d 58520010412
586 - OpenBSD CVS Sync
587 - markus@cvs.openbsd.org 2001/04/10 07:46:58
588 [channels.c]
589 cleanup socks4 handling
c0ecc314 590 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
591 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
592 document id_rsa{.pub,}. markus ok
070adba2 593 - markus@cvs.openbsd.org 2001/04/10 12:15:23
594 [channels.c]
595 debug cleanup
45a2e669 596 - djm@cvs.openbsd.org 2001/04/11 07:06:22
597 [sftp-int.c]
598 'mget' and 'mput' aliases; ok markus@
6031af8d 599 - markus@cvs.openbsd.org 2001/04/11 10:59:01
600 [ssh.c]
601 use strtol() for ports, thanks jakob@
6683b40f 602 - markus@cvs.openbsd.org 2001/04/11 13:56:13
603 [channels.c ssh.c]
604 https-connect and socks5 support. i feel so bad.
ff14faf1 605 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
606 [sshd.8 sshd.c]
607 implement the -e option into sshd:
608 -e When this option is specified, sshd will send the output to the
609 standard error instead of the system log.
610 markus@ OK.
28b9cb4d 611
0a85ab61 61220010410
613 - OpenBSD CVS Sync
614 - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
615 [sftp.c]
616 do not modify an actual argv[] entry
b2ae83b8 617 - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
618 [sshd.8]
619 spelling
317611b5 620 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
621 [sftp.1]
622 spelling
a8666d84 623 - markus@cvs.openbsd.org 2001/04/09 15:12:23
624 [ssh-add.c]
625 passphrase caching: ssh-add tries last passphrase, clears passphrase if
626 not successful and after last try.
627 based on discussions with espie@, jakob@, ... and code from jakob@ and
628 wolfgang@wsrcc.com
49ae4185 629 - markus@cvs.openbsd.org 2001/04/09 15:19:49
630 [ssh-add.1]
631 ssh-add retries the last passphrase...
b8a297f1 632 - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
633 [sshd.8]
634 ListenAddress mandoc from aaron@
0a85ab61 635
6e9944b8 63620010409
febd3f8e 637 - (stevesk) use setresgid() for setegid() if needed
26de7942 638 - (stevesk) configure.in: typo
6e9944b8 639 - OpenBSD CVS Sync
640 - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
641 [sshd.8]
642 document ListenAddress addr:port
d64050ef 643 - markus@cvs.openbsd.org 2001/04/08 13:03:00
644 [ssh-add.c]
645 init pointers with NULL, thanks to danimal@danimal.org
d0a4c20b 646 - markus@cvs.openbsd.org 2001/04/08 11:27:33
647 [clientloop.c]
648 leave_raw_mode if ssh2 "session" is closed
63bd8c36 649 - markus@cvs.openbsd.org 2001/04/06 21:00:17
650 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
651 ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
652 do gid/groups-swap in addition to uid-swap, should help if /home/group
653 is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
654 to olar@openwall.com is comments. we had many requests for this.
0490e609 655 - markus@cvs.openbsd.org 2001/04/07 08:55:18
656 [buffer.c channels.c channels.h readconf.c ssh.c]
657 allow the ssh client act as a SOCKS4 proxy (dynamic local
658 portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
659 thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
660 netscape use localhost:1080 as a socks proxy.
d98d029a 661 - markus@cvs.openbsd.org 2001/04/08 11:24:33
662 [uidswap.c]
663 KNF
6e9944b8 664
d9d49fdb 66520010408
666 - OpenBSD CVS Sync
667 - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
668 [hostfile.c]
669 unused; typo in comment
d11c1288 670 - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
671 [servconf.c]
672 in addition to:
673 ListenAddress host|ipv4_addr|ipv6_addr
674 permit:
675 ListenAddress [host|ipv4_addr|ipv6_addr]:port
676 ListenAddress host|ipv4_addr:port
677 sshd.8 updates coming. ok markus@
d9d49fdb 678
613fc910 67920010407
680 - (bal) CVS ID Resync of version.h
cc94bd38 681 - OpenBSD CVS Sync
682 - markus@cvs.openbsd.org 2001/04/05 23:39:20
683 [serverloop.c]
684 keep the ssh session even if there is no active channel.
685 this is more in line with the protocol spec and makes
686 ssh -N -L 1234:server:110 host
687 more useful.
688 based on discussion with <mats@mindbright.se> long time ago
689 and recent mail from <res@shore.net>
0fc791ba 690 - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
691 [scp.c]
692 remove trailing / from source paths; fixes pr#1756
613fc910 693
63f7e231 69420010406
695 - (stevesk) logintest.c: fix for systems without __progname
72170131 696 - (stevesk) Makefile.in: log.o is in libssh.a
d8a2f554 697 - OpenBSD CVS Sync
698 - markus@cvs.openbsd.org 2001/04/05 10:00:06
699 [compat.c]
700 2.3.x does old GEX, too; report jakob@
6ba22c93 701 - markus@cvs.openbsd.org 2001/04/05 10:39:03
702 [compress.c compress.h packet.c]
703 reset compress state per direction when rekeying.
3667ba79 704 - markus@cvs.openbsd.org 2001/04/05 10:39:48
705 [version.h]
706 temporary version 2.5.4 (supports rekeying).
707 this is not an official release.
cd332296 708 - markus@cvs.openbsd.org 2001/04/05 10:42:57
709 [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
710 mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
711 sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
712 sshconnect2.c sshd.c]
713 fix whitespace: unexpand + trailing spaces.
255cfda1 714 - markus@cvs.openbsd.org 2001/04/05 11:09:17
715 [clientloop.c compat.c compat.h]
716 add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
b4a19d21 717 - markus@cvs.openbsd.org 2001/04/05 15:45:43
718 [ssh.1]
719 ssh defaults to protocol v2; from quisar@quisar.ambre.net
46e3af7f 720 - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
721 [canohost.c canohost.h session.c]
722 move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
54506d2e 723 - markus@cvs.openbsd.org 2001/04/05 20:01:10
724 [clientloop.c]
725 for ~R print message if server does not support rekeying. (and fix ~R).
b37caf1a 726 - markus@cvs.openbsd.org 2001/04/05 21:02:46
727 [buffer.c]
728 better error message
eb0dd41f 729 - markus@cvs.openbsd.org 2001/04/05 21:05:24
730 [clientloop.c ssh.c]
731 don't request a session for 'ssh -N', pointed out slade@shore.net
63f7e231 732
d8ee838b 73320010405
734 - OpenBSD CVS Sync
735 - markus@cvs.openbsd.org 2001/04/04 09:48:35
736 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
737 don't sent multiple kexinit-requests.
738 send newkeys, block while waiting for newkeys.
739 fix comments.
7a37c112 740 - markus@cvs.openbsd.org 2001/04/04 14:34:58
741 [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
742 enable server side rekeying + some rekey related clientup.
743 todo: we should not send any non-KEX messages after we send KEXINIT
5adb303f 744 - markus@cvs.openbsd.org 2001/04/04 15:50:55
745 [compat.c]
746 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
c422989b 747 - markus@cvs.openbsd.org 2001/04/04 20:25:38
748 [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
749 sshconnect2.c sshd.c]
750 more robust rekeying
751 don't send channel data after rekeying is started.
0715ec6c 752 - markus@cvs.openbsd.org 2001/04/04 20:32:56
753 [auth2.c]
754 we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
bbb4cc1b 755 - markus@cvs.openbsd.org 2001/04/04 22:04:35
756 [kex.c kexgex.c serverloop.c]
757 parse full kexinit packet.
758 make server-side more robust, too.
a7ca6275 759 - markus@cvs.openbsd.org 2001/04/04 23:09:18
760 [dh.c kex.c packet.c]
761 clear+free keys,iv for rekeying.
762 + fix DH mem leaks. ok niels@
86c9e193 763 - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
764 BROKEN_VHANGUP
d8ee838b 765
9d451c5a 76620010404
767 - OpenBSD CVS Sync
768 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
769 [ssh-agent.1]
770 grammar; slade@shore.net
894c5fa6 771 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
772 [sftp-glob.c ssh-agent.c ssh-keygen.c]
773 free() -> xfree()
a5c9ffdb 774 - markus@cvs.openbsd.org 2001/04/03 19:53:29
775 [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
776 move kex to kex*.c, used dispatch_set() callbacks for kex. should
777 make rekeying easier.
3463ff28 778 - todd@cvs.openbsd.org 2001/04/03 21:19:38
779 [ssh_config]
780 id_rsa1/2 -> id_rsa; ok markus@
d1ac6175 781 - markus@cvs.openbsd.org 2001/04/03 23:32:12
782 [kex.c kex.h packet.c sshconnect2.c sshd.c]
783 undo parts of recent my changes: main part of keyexchange does not
784 need dispatch-callbacks, since application data is delayed until
785 the keyexchange completes (if i understand the drafts correctly).
786 add some infrastructure for re-keying.
e092ce67 787 - markus@cvs.openbsd.org 2001/04/04 00:06:54
788 [clientloop.c sshconnect2.c]
789 enable client rekeying
790 (1) force rekeying with ~R, or
791 (2) if the server requests rekeying.
792 works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
0bc35151 793 - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
9d451c5a 794
672f212f 79520010403
796 - OpenBSD CVS Sync
797 - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
798 [sshd.8]
799 typo; ok markus@
6be9a5e8 800 - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
801 [readconf.c servconf.c]
802 correct comment; ok markus@
fe39c3df 803 - (stevesk) nchan.c: remove ostate checks and add EINVAL to
804 shutdown(SHUT_RD) error() bypass for HP-UX.
672f212f 805
0be033ea 80620010402
807 - (stevesk) log.c openbsd sync; missing newlines
5d9e4c8d 808 - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
0be033ea 809
b7a2a476 81020010330
811 - (djm) Another openbsd-compat/glob.c sync
4047d868 812 - (djm) OpenBSD CVS Sync
813 - provos@cvs.openbsd.org 2001/03/28 21:59:41
814 [kex.c kex.h sshconnect2.c sshd.c]
815 forgot to include min and max params in hash, okay markus@
c8682232 816 - provos@cvs.openbsd.org 2001/03/28 22:04:57
817 [dh.c]
818 more sanity checking on primes file
d9cd3575 819 - markus@cvs.openbsd.org 2001/03/28 22:43:31
820 [auth.h auth2.c auth2-chall.c]
821 check auth_root_allowed for kbd-int auth, too.
86b878d5 822 - provos@cvs.openbsd.org 2001/03/29 14:24:59
823 [sshconnect2.c]
824 use recommended defaults
1ad64a93 825 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
826 [sshconnect2.c sshd.c]
827 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
03b8f8be 828 - markus@cvs.openbsd.org 2001/03/29 21:17:40
829 [dh.c dh.h kex.c kex.h]
830 prepare for rekeying: move DH code to dh.c
76ca7b01 831 - djm@cvs.openbsd.org 2001/03/29 23:42:01
832 [sshd.c]
833 Protocol 1 key regeneration log => verbose, some KNF; ok markus@
b7a2a476 834
01ce749f 83520010329
836 - OpenBSD CVS Sync
837 - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
838 [ssh.1]
839 document more defaults; misc. cleanup. ok markus@
569807fb 840 - markus@cvs.openbsd.org 2001/03/26 23:12:42
841 [authfile.c]
842 KNF
457fc0c6 843 - markus@cvs.openbsd.org 2001/03/26 23:23:24
844 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
845 try to read private f-secure ssh v2 rsa keys.
1a92bd7e 846 - markus@cvs.openbsd.org 2001/03/27 10:34:08
847 [ssh-rsa.c sshd.c]
848 use EVP_get_digestbynid, reorder some calls and fix missing free.
a4da628b 849 - markus@cvs.openbsd.org 2001/03/27 10:57:00
850 [compat.c compat.h ssh-rsa.c]
851 some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
852 signatures in SSH protocol 2, ok djm@
db1cd2f3 853 - provos@cvs.openbsd.org 2001/03/27 17:46:50
854 [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
855 make dh group exchange more flexible, allow min and max group size,
856 okay markus@, deraadt@
e5ff6ecf 857 - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
858 [scp.c]
859 start to sync scp closer to rcp; ok markus@
03cb2621 860 - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
861 [scp.c]
862 usage more like rcp and add missing -B to usage; ok markus@
563834bb 863 - markus@cvs.openbsd.org 2001/03/28 20:50:45
864 [sshd.c]
865 call refuse() before close(); from olemx@ans.pl
01ce749f 866
b5b68128 86720010328
868 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
869 resolve linking conflicts with libcrypto. Report and suggested fix
870 from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
edbe6722 871 - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
872 fix from Philippe Levan <levan@epix.net>
cccfea16 873 - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
874 doesn't work because of conflicts between krbIV's and OpenSSL's des.h
8d0cc79b 875 - (djm) Sync openbsd-compat/glob.c
b5b68128 876
0c90b590 87720010327
878 - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
60a8683f 879 - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
880 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
690d0d7f 881 - OpenBSD CVS Sync
882 - djm@cvs.openbsd.org 2001/03/25 00:01:34
883 [session.c]
884 shorten; ok markus@
4f4648f9 885 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
886 [servconf.c servconf.h session.c sshd.8 sshd_config]
887 PrintLastLog option; from chip@valinux.com with some minor
888 changes by me. ok markus@
9afbfcfa 889 - markus@cvs.openbsd.org 2001/03/26 08:07:09
890 [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
891 sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
892 simpler key load/save interface, see authfile.h
893 - (djm) Reestablish PAM credentials (which can be supplemental group
894 memberships) after initgroups() blows them away. Report and suggested
895 fix from Nalin Dahyabhai <nalin@redhat.com>
0c90b590 896
b567a40c 89720010324
898 - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
80cd07ae 899 - OpenBSD CVS Sync
900 - djm@cvs.openbsd.org 2001/03/23 11:04:07
901 [compat.c compat.h sshconnect2.c sshd.c]
902 Compat for OpenSSH with broken Rijndael/AES. ok markus@
7af9f7f8 903 - markus@cvs.openbsd.org 2001/03/23 12:02:49
904 [auth1.c]
905 authctxt is now passed to do_authenticated
e285053e 906 - markus@cvs.openbsd.org 2001/03/23 13:10:57
907 [sftp-int.c]
908 fix put, upload to _absolute_ path, ok djm@
1d3c30db 909 - markus@cvs.openbsd.org 2001/03/23 14:28:32
910 [session.c sshd.c]
911 ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
8ca3f6dc 912 - (djm) Pull out our own SIGPIPE hacks
b567a40c 913
8a169574 91420010323
915 - OpenBSD CVS Sync
916 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
917 [sshd.c]
918 do not place linefeeds in buffer
919
ee110bfb 92020010322
921 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
289ba62e 922 - (bal) version.c CVS ID resync
a5b09902 923 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
924 resync
ae7242ef 925 - (bal) scp.c CVS ID resync
3e587cc3 926 - OpenBSD CVS Sync
927 - markus@cvs.openbsd.org 2001/03/20 19:10:16
928 [readconf.c]
929 default to SSH protocol version 2
e5d7a405 930 - markus@cvs.openbsd.org 2001/03/20 19:21:21
931 [session.c]
932 remove unused arg
39f7530f 933 - markus@cvs.openbsd.org 2001/03/20 19:21:21
934 [session.c]
935 remove unused arg
bb5639fe 936 - markus@cvs.openbsd.org 2001/03/21 11:43:45
937 [auth1.c auth2.c session.c session.h]
938 merge common ssh v1/2 code
5e7cb456 939 - jakob@cvs.openbsd.org 2001/03/21 14:20:45
940 [ssh-keygen.c]
941 add -B flag to usage
ca4df544 942 - markus@cvs.openbsd.org 2001/03/21 21:06:30
943 [session.c]
944 missing init; from mib@unimelb.edu.au
ee110bfb 945
f5f6020e 94620010321
947 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
948 VanDevender <stevev@darkwing.uoregon.edu>
37eadb90 949 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
950 from Solar Designer <solar@openwall.com>
0a3700ee 951 - (djm) Don't loop forever when changing password via PAM. Patch
952 from Solar Designer <solar@openwall.com>
0c13ffa2 953 - (djm) Generate config files before build
7a7101ec 954 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
955 suggested fix from Mike Battersby <mib@unimelb.edu.au>
f5f6020e 956
8d539493 95720010320
01022caf 958 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
959 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
1620233b 960 - (bal) Oops. Missed globc.h change (OpenBSD CVS).
614dee3a 961 - (djm) OpenBSD CVS Sync
962 - markus@cvs.openbsd.org 2001/03/19 17:07:23
963 [auth.c readconf.c]
964 undo /etc/shell and proto 2,1 change for openssh-2.5.2
3dd16786 965 - markus@cvs.openbsd.org 2001/03/19 17:12:10
966 [version.h]
967 version 2.5.2
ea44783f 968 - (djm) Update RPM spec version
969 - (djm) Release 2.5.2p1
3743cc2f 970- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
971 change S_ISLNK macro to work for UnixWare 2.03
9887f269 972- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
973 add get_arg_max(). Use sysconf() if ARG_MAX is not defined
8d539493 974
e339aa53 97520010319
976 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
977 do it implicitly.
7cdb79d4 978 - (djm) Add getusershell() functions from OpenBSD CVS
b1ed8313 979 - OpenBSD CVS Sync
980 - markus@cvs.openbsd.org 2001/03/18 12:07:52
981 [auth-options.c]
982 ignore permitopen="host:port" if AllowTcpForwarding==no
f8f230bf 983 - (djm) Make scp work on systems without 64-bit ints
2538ecf1 984 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
985 move HAVE_LONG_LONG_INT where it works
d1581d5f 986 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
107628c0 987 stuff. Change suggested by Mark Miller <markm@swoon.net>
d1581d5f 988 - (bal) Small fix to scp. %lu vs %ld
610e8ff5 989 - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
bb6da70f 990 - (djm) OpenBSD CVS Sync
991 - djm@cvs.openbsd.org 2001/03/19 03:52:51
992 [sftp-client.c]
993 Report ssh connection closing correctly; ok deraadt@
3a1c54d4 994 - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
995 [compat.c compat.h sshd.c]
996 specifically version match on ssh scanners. do not log scan
997 information to the console
dc504afd 998 - djm@cvs.openbsd.org 2001/03/19 12:10:17
db4d3098 999 [sshd.8]
dc504afd 1000 Document permitopen authorized_keys option; ok markus@
babd91d4 1001 - djm@cvs.openbsd.org 2001/03/19 05:49:52
1002 [ssh.1]
1003 document PreferredAuthentications option; ok markus@
05c64611 1004 - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
e339aa53 1005
ec0ad9c2 100620010318
1007 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
1008 size not delimited" fatal errors when tranfering.
5cc8d4ad 1009 - OpenBSD CVS Sync
1010 - markus@cvs.openbsd.org 2001/03/17 17:27:59
1011 [auth.c]
1012 check /etc/shells, too
7411201c 1013 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
1014 openbsd-compat/fake-regex.h
ec0ad9c2 1015
8a968c25 101620010317
1017 - Support usrinfo() on AIX. Based on patch from Gert Doering
1018 <gert@greenie.muc.de>
bf1d27bd 1019 - OpenBSD CVS Sync
1020 - markus@cvs.openbsd.org 2001/03/15 15:05:59
1021 [scp.c]
1022 use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
56b3e9ce 1023 - markus@cvs.openbsd.org 2001/03/15 22:07:08
1024 [session.c]
1025 pass Session to do_child + KNF
d50d9b63 1026 - djm@cvs.openbsd.org 2001/03/16 08:16:18
1027 [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
1028 Revise globbing for get/put to be more shell-like. In particular,
1029 "get/put file* directory/" now works. ok markus@
f55d1b5f 1030 - markus@cvs.openbsd.org 2001/03/16 09:55:53
1031 [sftp-int.c]
1032 fix memset and whitespace
6a8496e4 1033 - markus@cvs.openbsd.org 2001/03/16 13:44:24
1034 [sftp-int.c]
1035 discourage strcat/strcpy
01794848 1036 - markus@cvs.openbsd.org 2001/03/16 19:06:30
1037 [auth-options.c channels.c channels.h serverloop.c session.c]
1038 implement "permitopen" key option, restricts -L style forwarding to
1039 to specified host:port pairs. based on work by harlan@genua.de
40849fdb 1040 - Check for gl_matchc support in glob_t and fall back to the
1041 openbsd-compat/glob.[ch] support if it does not exist.
8a968c25 1042
4cb5d598 104320010315
1044 - OpenBSD CVS Sync
1045 - markus@cvs.openbsd.org 2001/03/14 08:57:14
1046 [sftp-client.c]
1047 Wall
85cf5827 1048 - markus@cvs.openbsd.org 2001/03/14 15:15:58
1049 [sftp-int.c]
1050 add version command
61b3a2bc 1051 - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
1052 [sftp-server.c]
1053 note no getopt()
51e2fc8f 1054 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
9a00bfce 1055 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
4cb5d598 1056
acc9d6d7 105720010314
1058 - OpenBSD CVS Sync
85cf5827 1059 - markus@cvs.openbsd.org 2001/03/13 17:34:42
1060 [auth-options.c]
1061 missing xfree, deny key on parse error; ok stevesk@
1062 - djm@cvs.openbsd.org 2001/03/13 22:42:54
1063 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
1064 sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
84ceda19 1065 - (bal) Fix strerror() in bsd-misc.c
1066 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
1067 missing or lacks the GLOB_ALTDIRFUNC extension
1068 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
1069 relatively. Avoids conflict between glob.h and /usr/include/glob.h
acc9d6d7 1070
22138a36 107120010313
1072 - OpenBSD CVS Sync
1073 - markus@cvs.openbsd.org 2001/03/12 22:02:02
1074 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
1075 remove old key_fingerprint interface, s/_ex//
1076
539af7f5 107720010312
1078 - OpenBSD CVS Sync
1079 - markus@cvs.openbsd.org 2001/03/11 13:25:36
1080 [auth2.c key.c]
1081 debug
301e8e5b 1082 - jakob@cvs.openbsd.org 2001/03/11 15:03:16
1083 [key.c key.h]
1084 add improved fingerprint functions. based on work by Carsten
1085 Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
954f0550 1086 - jakob@cvs.openbsd.org 2001/03/11 15:04:16
1087 [ssh-keygen.1 ssh-keygen.c]
1088 print both md5, sha1 and bubblebabble fingerprints when using
1089 ssh-keygen -l -v. ok markus@.
08345971 1090 - jakob@cvs.openbsd.org 2001/03/11 15:13:09
1091 [key.c]
1092 cleanup & shorten some var names key_fingerprint_bubblebabble.
64b1aa3b 1093 - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
1094 [ssh-keygen.c]
1095 KNF, and SHA1 binary output is just creeping featurism
733cf7f4 1096 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
1097 test if snprintf() supports %ll
1098 add /dev to search path for PRNGD/EGD socket
1099 fix my mistake in USER_PATH test program
79c9ac1b 1100 - OpenBSD CVS Sync
1101 - markus@cvs.openbsd.org 2001/03/11 18:29:51
1102 [key.c]
1103 style+cleanup
aaf45d87 1104 - markus@cvs.openbsd.org 2001/03/11 22:33:24
1105 [ssh-keygen.1 ssh-keygen.c]
1106 remove -v again. use -B instead for bubblebabble. make -B consistent
1107 with -l and make -B work with /path/to/known_hosts. ok deraadt@
a0322342 1108 - (djm) Bump portable version number for generating test RPMs
94dd09e3 1109 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
5e8611f1 1110 - (bal) Reorder includes in Makefile.
539af7f5 1111
d156519a 111220010311
1113 - OpenBSD CVS Sync
1114 - markus@cvs.openbsd.org 2001/03/10 12:48:27
1115 [sshconnect2.c]
1116 ignore nonexisting private keys; report rjmooney@mediaone.net
5e36d59c 1117 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
1118 [readconf.c ssh_config]
1119 default to SSH2, now that m68k runs fast
2f778758 1120 - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
1121 [ttymodes.c ttymodes.h]
1122 remove unused sgtty macros; ok markus@
99c415db 1123 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
1124 [compat.c compat.h sshconnect.c]
1125 all known netscreen ssh versions, and older versions of OSU ssh cannot
1126 handle password padding (newer OSU is fixed)
456fce50 1127 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
1128 make sure $bindir is in USER_PATH so scp will work
cab80f75 1129 - OpenBSD CVS Sync
1130 - markus@cvs.openbsd.org 2001/03/10 17:51:04
1131 [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
1132 add PreferredAuthentications
d156519a 1133
1c9a907f 113420010310
1135 - OpenBSD CVS Sync
1136 - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
1137 [ssh-keygen.c]
1138 create *.pub files with umask 0644, so that you can mv them to
1139 authorized_keys
cb7bd922 1140 - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
1141 [sshd.c]
1142 typo; slade@shore.net
61cf0e38 1143 - Removed log.o from sftp client. Not needed.
1c9a907f 1144
385590e4 114520010309
1146 - OpenBSD CVS Sync
1147 - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
1148 [auth1.c]
1149 unused; ok markus@
acf06a60 1150 - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
1151 [sftp.1]
1152 spelling, cleanup; ok deraadt@
fee56204 1153 - markus@cvs.openbsd.org 2001/03/08 21:42:33
1154 [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
1155 implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
1156 no need to do enter passphrase or do expensive sign operations if the
1157 server does not accept key).
385590e4 1158
3a7fe5ba 115920010308
1160 - OpenBSD CVS Sync
d5ebca2b 1161 - djm@cvs.openbsd.org 2001/03/07 10:11:23
1162 [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
1163 Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
1164 functions and small protocol change.
1165 - markus@cvs.openbsd.org 2001/03/08 00:15:48
1166 [readconf.c ssh.1]
1167 turn off useprivilegedports by default. only rhost-auth needs
1168 this. older sshd's may need this, too.
097ca118 1169 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
1170 Dirk Markwardt <D.Markwardt@tu-bs.de>
3a7fe5ba 1171
3251b439 117220010307
1173 - (bal) OpenBSD CVS Sync
1174 - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
1175 [ssh-keyscan.c]
1176 appease gcc
a5ec8a3d 1177 - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
1178 [sftp-int.c sftp.1 sftp.c]
1179 sftp -b batchfile; mouring@etoh.eviladmin.org
17910dce 1180 - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
1181 [sftp.1]
1182 order things
2c86906e 1183 - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
1184 [ssh.1 sshd.8]
1185 the name "secure shell" is boring, noone ever uses it
7daf8515 1186 - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
1187 [ssh.1]
1188 removed dated comment
f52798a4 1189 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
3251b439 1190
657297ff 119120010306
1192 - (bal) OpenBSD CVS Sync
1193 - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
1194 [sshd.8]
1195 alpha order; jcs@rt.fm
7c8f2a26 1196 - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
1197 [servconf.c]
1198 sync error message; ok markus@
f2ba0775 1199 - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
1200 [myproposal.h ssh.1]
1201 switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
1202 provos & markus ok
7a6c39a3 1203 - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
1204 [sshd.8]
1205 detail default hmac setup too
7de5b06b 1206 - markus@cvs.openbsd.org 2001/03/05 17:17:21
1207 [kex.c kex.h sshconnect2.c sshd.c]
1208 generate a 2*need size (~300 instead of 1024/2048) random private
1209 exponent during the DH key agreement. according to Niels (the great
1210 german advisor) this is safe since /etc/primes contains strong
1211 primes only.
1212
1213 References:
1214 P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
1215 agreement with short exponents, In Advances in Cryptology
1216 - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
a5df12e9 1217 - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
1218 [ssh.1]
1219 more ssh_known_hosts2 documentation; ok markus@
0b2190ee 1220 - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
1221 [dh.c]
1222 spelling
bbc62e59 1223 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
1224 [authfd.c cli.c ssh-agent.c]
1225 EINTR/EAGAIN handling is required in more cases
c16c7f20 1226 - millert@cvs.openbsd.org 2001/03/06 01:06:03
1227 [ssh-keyscan.c]
1228 Don't assume we wil get the version string all in one read().
1229 deraadt@ OK'd
09cb311c 1230 - millert@cvs.openbsd.org 2001/03/06 01:08:27
1231 [clientloop.c]
1232 If read() fails with EINTR deal with it the same way we treat EAGAIN
657297ff 1233
1a2936c4 123420010305
1235 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
2552505b 1236 - (bal) CVS ID touch up on sftp-int.c
e77df335 1237 - (bal) CVS ID touch up on uuencode.c
6cca9fde 1238 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
778f6940 1239 - (bal) OpenBSD CVS Sync
dcb971e1 1240 - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
1241 [sshd.8]
1242 it's the OpenSSH one
778f6940 1243 - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
1244 [ssh-keyscan.c]
1245 inline -> __inline__, and some indent
81333640 1246 - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
1247 [authfile.c]
1248 improve fd handling
79ddf6db 1249 - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
1250 [sftp-server.c]
1251 careful with & and &&; markus ok
96ee8386 1252 - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
1253 [ssh.c]
1254 -i supports DSA identities now; ok markus@
0c126dc9 1255 - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
1256 [servconf.c]
1257 grammar; slade@shore.net
ed2166d8 1258 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
1259 [ssh-keygen.1 ssh-keygen.c]
1260 document -d, and -t defaults to rsa1
b07ae1e9 1261 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
1262 [ssh-keygen.1 ssh-keygen.c]
1263 bye bye -d
e2fccec3 1264 - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
1265 [sshd_config]
1266 activate RSA 2 key
e91c60f2 1267 - markus@cvs.openbsd.org 2001/02/22 21:57:27
1268 [ssh.1 sshd.8]
1269 typos/grammar from matt@anzen.com
3b1a83df 1270 - markus@cvs.openbsd.org 2001/02/22 21:59:44
1271 [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
1272 use pwcopy in ssh.c, too
19d57054 1273 - markus@cvs.openbsd.org 2001/02/23 15:34:53
1274 [serverloop.c]
1275 debug2->3
00be5382 1276 - markus@cvs.openbsd.org 2001/02/23 18:15:13
1277 [sshd.c]
1278 the random session key depends now on the session_key_int
1279 sent by the 'attacker'
1280 dig1 = md5(cookie|session_key_int);
1281 dig2 = md5(dig1|cookie|session_key_int);
1282 fake_session_key = dig1|dig2;
1283 this change is caused by a mail from anakin@pobox.com
1284 patch based on discussions with my german advisor niels@openbsd.org
ec63b02d 1285 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
1286 [readconf.c]
1287 look for id_rsa by default, before id_dsa
582038fb 1288 - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
1289 [sshd_config]
1290 ssh2 rsa key before dsa key
6e18cb71 1291 - markus@cvs.openbsd.org 2001/02/27 10:35:27
1292 [packet.c]
1293 fix random padding
1b5dfeb2 1294 - markus@cvs.openbsd.org 2001/02/27 11:00:11
1295 [compat.c]
1296 support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
4ab21f86 1297 - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
1298 [misc.c]
1299 pull in protos
167b3512 1300 - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
1301 [sftp.c]
1302 do not kill the subprocess on termination (we will see if this helps
1303 things or hurts things)
7e8911cd 1304 - markus@cvs.openbsd.org 2001/02/28 08:45:39
1305 [clientloop.c]
1306 fix byte counts for ssh protocol v1
ee55dacf 1307 - markus@cvs.openbsd.org 2001/02/28 08:54:55
1308 [channels.c nchan.c nchan.h]
1309 make sure remote stderr does not get truncated.
1310 remove closed fd's from the select mask.
a6215e53 1311 - markus@cvs.openbsd.org 2001/02/28 09:57:07
1312 [packet.c packet.h sshconnect2.c]
1313 in ssh protocol v2 use ignore messages for padding (instead of
1314 trailing \0).
94dfb550 1315 - markus@cvs.openbsd.org 2001/02/28 12:55:07
1316 [channels.c]
1317 unify debug messages
5649fbbe 1318 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
1319 [misc.c]
1320 for completeness, copy pw_gecos too
0572fe75 1321 - markus@cvs.openbsd.org 2001/02/28 21:21:41
1322 [sshd.c]
1323 generate a fake session id, too
95ce5599 1324 - markus@cvs.openbsd.org 2001/02/28 21:27:48
1325 [channels.c packet.c packet.h serverloop.c]
1326 use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
1327 use random content in ignore messages.
355724fc 1328 - markus@cvs.openbsd.org 2001/02/28 21:31:32
1329 [channels.c]
1330 typo
c3f7d267 1331 - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
1332 [authfd.c]
1333 split line so that p will have an easier time next time around
a01a5f30 1334 - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
1335 [ssh.c]
1336 shorten usage by a line
12bf85ed 1337 - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
1338 [auth-rsa.c auth2.c deattack.c packet.c]
1339 KNF
4371658c 1340 - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
1341 [cli.c cli.h rijndael.h ssh-keyscan.1]
1342 copyright notices on all source files
ce91d6f8 1343 - markus@cvs.openbsd.org 2001/03/01 22:46:37
1344 [ssh.c]
1345 don't truncate remote ssh-2 commands; from mkubita@securities.cz
1346 use min, not max for logging, fixes overflow.
409edaba 1347 - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
1348 [sshd.8]
1349 explain SIGHUP better
b8dc87d3 1350 - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
1351 [sshd.8]
1352 doc the dsa/rsa key pair files
f3c7c613 1353 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
1354 [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
1355 scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
1356 ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
1357 make copyright lines the same format
2671b47f 1358 - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
1359 [ssh-keyscan.c]
1360 standard theo sweep
ff7fee59 1361 - millert@cvs.openbsd.org 2001/03/03 21:19:41
1362 [ssh-keyscan.c]
1363 Dynamically allocate read_wait and its copies. Since maxfd is
1364 based on resource limits it is often (usually?) larger than FD_SETSIZE.
c8d75031 1365 - millert@cvs.openbsd.org 2001/03/03 21:40:30
1366 [sftp-server.c]
1367 Dynamically allocate fd_set; deraadt@ OK
20e04e90 1368 - millert@cvs.openbsd.org 2001/03/03 21:41:07
1369 [packet.c]
1370 Dynamically allocate fd_set; deraadt@ OK
dce9bac5 1371 - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
1372 [sftp-server.c]
1373 KNF
c630ce76 1374 - markus@cvs.openbsd.org 2001/03/03 23:52:22
1375 [sftp.c]
1376 clean up arg processing. based on work by Christophe_Moret@hp.com
20244695 1377 - markus@cvs.openbsd.org 2001/03/03 23:59:34
1378 [log.c ssh.c]
1379 log*.c -> log.c
61f8a1d1 1380 - markus@cvs.openbsd.org 2001/03/04 00:03:59
1381 [channels.c]
1382 debug1->2
38967add 1383 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
1384 [ssh.c]
1385 add -m to usage; ok markus@
46f23b8d 1386 - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
1387 [sshd.8]
1388 small cleanup and clarify for PermitRootLogin; ok markus@
9c81df4c 1389 - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
1390 [servconf.c sshd.8]
1391 kill obsolete RandomSeed; ok markus@ deraadt@
f5429434 1392 - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
1393 [sshd.8]
1394 spelling
54b974dc 1395 - millert@cvs.openbsd.org 2001/03/04 17:42:28
1396 [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
1397 ssh.c sshconnect.c sshd.c]
1398 log functions should not be passed strings that end in newline as they
1399 get passed on to syslog() and when logging to stderr, do_log() appends
1400 its own newline.
51c251f0 1401 - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
1402 [sshd.8]
1403 list SSH2 ciphers
2605addd 1404 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
164c80dc 1405 - (bal) Fix up logging since it changed. removed log-*.c
cc3067d6 1406 - (djm) Fix up LOG_AUTHPRIV for systems that have it
70a052c7 1407 - (stevesk) OpenBSD sync:
1408 - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
1409 [ssh-keyscan.c]
1410 skip inlining, why bother
5152d46f 1411 - (stevesk) sftp.c: handle __progname
1a2936c4 1412
40edd7ef 141320010304
1414 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
889fbcd3 1415 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
1416 give Mark Roth credit for mdoc2man.pl
40edd7ef 1417
9817de5f 141820010303
40edd7ef 1419 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
1420 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
1421 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
1422 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
9bdd5929 1423 "--with-egd-pool" configure option with "--with-prngd-socket" and
1424 "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
1425 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
9817de5f 1426
20cad736 142720010301
1428 - (djm) Properly add -lcrypt if needed.
5f404be3 1429 - (djm) Force standard PAM conversation function in a few more places.
1430 Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
1431 <nalin@redhat.com>
480eb294 1432 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
1433 <vinschen@redhat.com>
ad1f4a20 1434 - (djm) Released 2.5.1p2
20cad736 1435
cf0c5df5 143620010228
1437 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
1438 "Bad packet length" bugs.
403f5a8e 1439 - (djm) Fully revert PAM session patch (again). All PAM session init is
1440 now done before the final fork().
065ef9b1 1441 - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
d9b1f19a 1442 - (djm) Remove /tmp from EGD socket search list
cf0c5df5 1443
86b416a7 144420010227
51fb577a 1445 - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
1446 <vinschen@redhat.com>
2af09193 1447 - (bal) OpenBSD Sync
1448 - markus@cvs.openbsd.org 2001/02/23 15:37:45
1449 [session.c]
1450 handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
a892c46e 1451 - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
1452 <jmknoble@jmknoble.cx>
f4e9a0e1 1453 - (djm) Fix up POSIX saved uid support. Report from Mark Miller
1454 <markm@swoon.net>
1455 - (djm) Search for -lcrypt on FreeBSD too
c7c72446 1456 - (djm) fatal() on OpenSSL version mismatch
27cf96de 1457 - (djm) Move PAM init to after fork for non-Solaris derived PAMs
d5c4c52e 1458 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
1459 <markm@swoon.net>
4bc6dd70 1460 - (djm) Fix PAM fix
4236bde4 1461 - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
1462 change is being made as 2.5.x configfiles are not back-compatible with
64e0e67e 1463 2.3.x.
1464 - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
1465 <markm@swoon.net>
a29d3f1c 1466 - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
1467 <tim@multitalents.net>
1468 - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
1469 <tim@multitalents.net>
51fb577a 1470
4925395f 147120010226
1472 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
e9a13ac1 1473 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
1474 Based on patch from Tim Rice <tim@multitalents.net>
4925395f 1475
1eb4ec64 147620010225
1477 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
1478 Patch from Adrian Ho <lexfiend@usa.net>
490cad94 1479 - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
1480 platform defines u_int64_t as being that.
1eb4ec64 1481
a738c3b0 148220010224
1483 - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
1484 Vinschen <vinschen@redhat.com>
1485 - (bal) Reorder where 'strftime' is detected to resolve linking
1486 issues on SCO. Patch by Tim Rice <tim@multitalents.net>
1487
8fd97cc4 148820010224
1489 - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
1490 Patch by Pekka Savola <pekkas@netcore.fi>
8f0b3553 1491 - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
1492 some platforms.
3d114925 1493 - (bal) Generalize lack of UNIX sockets since this also effects Cray
1494 not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
8fd97cc4 1495
14a49e44 149620010223
1497 - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
1498 <tell@telltronics.org>
cb291102 1499 - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
1500 that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
5a67331c 1501 - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
1502 <tim@multitalents.net>
14a49e44 1503
73d6d7fa 150420010222
1505 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
ca742b3b 1506 - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
1507 - (bal) Removed reference to liblogin from contrib/README. It was
1508 integrated into OpenSSH a long while ago.
2a81eb9f 1509 - (stevesk) remove erroneous #ifdef sgi code.
1510 Michael Stone <mstone@cs.loyola.edu>
73d6d7fa 1511
fbf305f1 151220010221
1513 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
9dd3bc84 1514 - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
1515 <tim@multitalents.net>
1fe61b2e 1516 - (bal) Reverted out of 2001/02/15 patch by djm below because it
1517 breaks Solaris.
1518 - (djm) Move PAM session setup back to before setuid to user.
1519 fixes problems on Solaris-drived PAMs.
266140a8 1520 - (stevesk) session.c: back out to where we were before:
1521 - (djm) Move PAM session initialisation until after fork in sshd. Patch
1522 from Nalin Dahyabhai <nalin@redhat.com>
9dd3bc84 1523
8b3319f4 152420010220
1525 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
1526 getcwd.c.
c2b544a5 1527 - (bal) OpenBSD CVS Sync:
1528 - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
1529 [sshd.c]
1530 clarify message to make it not mention "ident"
8b3319f4 1531
1729c161 153220010219
1533 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
1534 pty.[ch] -> sshpty.[ch]
d6f13fbb 1535 - (djm) Rework search for OpenSSL location. Skip directories which don't
1536 exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
1537 with its limit of 6 -L options.
0476625f 1538 - OpenBSD CVS Sync:
1539 - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
1540 [sftp.1]
1541 typo
1542 - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
1543 [ssh.c]
1544 cleanup -V output; noted by millert
1545 - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
1546 [sshd.8]
1547 it's the OpenSSH one
1548 - markus@cvs.openbsd.org 2001/02/18 11:33:54
1549 [dispatch.c]
1550 typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
1551 - markus@cvs.openbsd.org 2001/02/19 02:53:32
1552 [compat.c compat.h serverloop.c]
1553 ssh-1.2.{18-22} has broken handling of ignore messages; report from
1554 itojun@
1555 - markus@cvs.openbsd.org 2001/02/19 03:35:23
1556 [version.h]
1557 OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
1558 - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
1559 [scp.c]
1560 np is changed by recursion; vinschen@redhat.com
1561 - Update versions in RPM spec files
1562 - Release 2.5.1p1
1729c161 1563
663fd560 156420010218
1565 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
1566 <tim@multitalents.net>
25cd3375 1567 - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
1568 stevesk
58e7f038 1569 - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
1570 <vinschen@redhat.com> and myself.
32ced054 1571 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
1572 Miskiewicz <misiek@pld.ORG.PL>
6a951840 1573 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
1574 Todd C. Miller <Todd.Miller@courtesan.com>
b82f1310 1575 - (djm) Use ttyname() to determine name of tty returned by openpty()
1576 rather then risking overflow. Patch from Marek Michalkiewicz
1577 <marekm@amelek.gda.pl>
bdf80b2c 1578 - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
1579 Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
af8fda37 1580 - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
df538d55 1581 - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
1582 SunOS)
f61d6b17 1583 - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
1584 <tim@multitalents.net>
dfef7e7e 1585 - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
36a358ca 1586 - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
d54d99a3 1587 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
1588 SIGALRM.
e1a023df 1589 - (djm) Move entropy.c over to mysignal()
667beaa9 1590 - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
1591 a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
1592 Miller <Todd.Miller@courtesan.com>
ecdde3d8 1593 - (djm) Update RPM spec files for 2.5.0p1
51ee9048 1594 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
1595 enable with --with-bsd-auth.
2adddc78 1596 - (stevesk) entropy.c: typo; should be SIGPIPE
663fd560 1597
0b1728c5 159820010217
1599 - (bal) OpenBSD Sync:
1600 - markus@cvs.openbsd.org 2001/02/16 13:38:18
1601 [channel.c]
1602 remove debug
c8b058b4 1603 - markus@cvs.openbsd.org 2001/02/16 14:03:43
1604 [session.c]
1605 proper payload-length check for x11 w/o screen-number
0b1728c5 1606
b41d8d4d 160720010216
1608 - (bal) added '--with-prce' to allow overriding of system regex when
1609 required (tested by David Dulek <ddulek@fastenal.com>)
d6fdb079 1610 - (bal) Added DG/UX case and set that they have a broken IPTOS.
278588d8 1611 - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
1612 Fixes linking on SCO.
0ceb21d6 1613 - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
1614 Nalin Dahyabhai <nalin@redhat.com>
1615 - (djm) BSD license for gnome-ssh-askpass (was X11)
1616 - (djm) KNF on gnome-ssh-askpass
ed6553e2 1617 - (djm) USE_PIPES for a few more sysv platforms
1618 - (djm) Cleanup configure.in a little
1619 - (djm) Ask users to check config.log when we can't find necessary libs
aca75d94 1620 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
1621 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
0ae4fe1d 1622 - (djm) OpenBSD CVS:
1623 - markus@cvs.openbsd.org 2001/02/15 16:19:59
1624 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
1625 [sshconnect1.c sshconnect2.c]
1626 genericize password padding function for SSH1 and SSH2.
1627 add stylized echo to 2, too.
1628 - (djm) Add roundup() macro to defines.h
9535dddf 1629 - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
1630 needed on Unixware 2.x.
b41d8d4d 1631
0086bfaf 163220010215
1633 - (djm) Move PAM session setup back to before setuid to user. Fixes
1634 problems on Solaris-derived PAMs.
e11aab29 1635 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
1636 <Darren.Moffat@eng.sun.com>
9e3c31f7 1637 - (bal) Sync w/ OpenSSH for new release
1638 - markus@cvs.openbsd.org 2001/02/12 12:45:06
1639 [sshconnect1.c]
1640 fix xmalloc(0), ok dugsong@
b2552997 1641 - markus@cvs.openbsd.org 2001/02/11 12:59:25
1642 [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
1643 sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1644 1) clean up the MAC support for SSH-2
1645 2) allow you to specify the MAC with 'ssh -m'
1646 3) or the 'MACs' keyword in ssh(d)_config
1647 4) add hmac-{md5,sha1}-96
1648 ok stevesk@, provos@
15853e93 1649 - markus@cvs.openbsd.org 2001/02/12 16:16:23
1650 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
1651 ssh-keygen.c sshd.8]
1652 PermitRootLogin={yes,without-password,forced-commands-only,no}
1653 (before this change, root could login even if PermitRootLogin==no)
7cc4cf0a 1654 - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
fd193ca4 1655 [clientloop.c packet.c ssh-keyscan.c]
1656 deal with EAGAIN/EINTR selects which were skipped
7cc4cf0a 1657 - markus@cvs.openssh.org 2001/02/13 22:49:40
1658 [auth1.c auth2.c]
1659 setproctitle(user) only if getpwnam succeeds
1660 - markus@cvs.openbsd.org 2001/02/12 23:26:20
1661 [sshd.c]
1662 missing memset; from solar@openwall.com
1663 - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
1664 [sftp-int.c]
1665 lumask now works with 1 numeric arg; ok markus@, djm@
1666 - djm@cvs.openbsd.org 2001/02/14 9:46:03
1667 [sftp-client.c sftp-int.c sftp.1]
1668 Fix and document 'preserve modes & times' option ('-p' flag in sftp);
1669 ok markus@
0b16bb01 1670 - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
1671 - (djm) Move to Jim's 1.2.0 X11 askpass program
62da27dd 1672 - (stevesk) OpenBSD sync:
1673 - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
1674 [serverloop.c]
1675 indent
0b16bb01 1676
1c2d0a13 167720010214
1678 - (djm) Don't try to close PAM session or delete credentials if the
1679 session has not been open or credentials not set. Based on patch from
1680 Andrew Bartlett <abartlet@pcug.org.au>
0ab1bcba 1681 - (djm) Move PAM session initialisation until after fork in sshd. Patch
1682 from Nalin Dahyabhai <nalin@redhat.com>
958e5ae4 1683 - (bal) Missing function prototype in bsd-snprintf.c patch by
1684 Mark Miller <markm@swoon.net>
b7ccb051 1685 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
1686 <cmadams@hiwaay.net> with a little modification and KNF.
815800e1 1687 - (stevesk) fix for SIA patch, misplaced session_setup_sia()
1c2d0a13 1688
0610439b 168920010213
84eb157c 1690 - (djm) Only test -S potential EGD sockets if they exist and are readable.
f1312c76 1691 - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
1692 I did a base KNF over the whe whole file to make it more acceptable.
1693 (backed out of original patch and removed it from ChangeLog)
01f13020 1694 - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
1695 Tim Rice <tim@multitalents.net>
8d60e965 1696 - (stevesk) auth1.c: fix PAM passwordless check.
0610439b 1697
894a4851 169820010212
1699 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
1700 --define "skip_gnome_askpass 1", --define "rh7 1" and make the
1701 implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
1702 Pekka Savola <pekkas@netcore.fi>
782d6a0d 1703 - (djm) Clean up PCRE text in INSTALL
77db6c3f 1704 - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
1705 <mib@unimelb.edu.au>
6f68f28a 1706 - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
01a7bc9a 1707 - (stevesk) session.c: remove debugging code.
894a4851 1708
abf1f107 170920010211
1710 - (bal) OpenBSD Sync
1711 - markus@cvs.openbsd.org 2001/02/07 22:35:46
1712 [auth1.c auth2.c sshd.c]
1713 move k_setpag() to a central place; ok dugsong@
c845316f 1714 - markus@cvs.openbsd.org 2001/02/10 12:52:02
1715 [auth2.c]
1716 offer passwd before s/key
e6fa162e 1717 - markus@cvs.openbsd.org 2001/02/8 22:37:10
1718 [canohost.c]
1719 remove last call to sprintf; ok deraadt@
0ab4b0f0 1720 - markus@cvs.openbsd.org 2001/02/10 1:33:32
1721 [canohost.c]
1722 add debug message, since sshd blocks here if DNS is not available
7f8ea238 1723 - markus@cvs.openbsd.org 2001/02/10 12:44:02
1724 [cli.c]
1725 don't call vis() for \r
5c470997 1726 - danh@cvs.openbsd.org 2001/02/10 0:12:43
1727 [scp.c]
1728 revert a small change to allow -r option to work again; ok deraadt@
1729 - danh@cvs.openbsd.org 2001/02/10 15:14:11
1730 [scp.c]
1731 fix memory leak; ok markus@
a0e6fead 1732 - djm@cvs.openbsd.org 2001/02/10 0:45:52
1733 [scp.1]
1734 Mention that you can quote pathnames with spaces in them
b3106440 1735 - markus@cvs.openbsd.org 2001/02/10 1:46:28
1736 [ssh.c]
1737 remove mapping of argv[0] -> hostname
f72e01a5 1738 - markus@cvs.openbsd.org 2001/02/06 22:26:17
1739 [sshconnect2.c]
1740 do not ask for passphrase in batch mode; report from ejb@ql.org
1741 - itojun@cvs.opebsd.org 2001/02/08 10:47:05
5d1d11d1 1742 [sshconnect.c sshconnect1.c sshconnect2.c]
f72e01a5 1743 %.30s is too short for IPv6 numeric address. use %.128s for now.
1744 markus ok
1745 - markus@cvs.openbsd.org 2001/02/09 12:28:35
1746 [sshconnect2.c]
1747 do not free twice, thanks to /etc/malloc.conf
1748 - markus@cvs.openbsd.org 2001/02/09 17:10:53
1749 [sshconnect2.c]
1750 partial success: debug->log; "Permission denied" if no more auth methods
1751 - markus@cvs.openbsd.org 2001/02/10 12:09:21
1752 [sshconnect2.c]
1753 remove some lines
e0b2cf6b 1754 - markus@cvs.openbsd.org 2001/02/09 13:38:07
1755 [auth-options.c]
1756 reset options if no option is given; from han.holl@prismant.nl
ca910e13 1757 - markus@cvs.openbsd.org 2001/02/08 21:58:28
1758 [channels.c]
1759 nuke sprintf, ok deraadt@
1760 - markus@cvs.openbsd.org 2001/02/08 21:58:28
1761 [channels.c]
1762 nuke sprintf, ok deraadt@
affa8be4 1763 - markus@cvs.openbsd.org 2001/02/06 22:43:02
1764 [clientloop.h]
1765 remove confusing callback code
d2c46e77 1766 - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
1767 [readconf.c]
1768 snprintf
cc8aca8a 1769 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
1770 sync with netbsd tree changes.
1771 - more strict prototypes, include necessary headers
1772 - use paths.h/pathnames.h decls
1773 - size_t typecase to int -> u_long
5be2ec5e 1774 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
1775 [ssh-keyscan.c]
1776 fix size_t -> int cast (use u_long). markus ok
1777 - markus@cvs.openbsd.org 2001/02/07 22:43:16
1778 [ssh-keyscan.c]
1779 s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
1780 - itojun@cvs.openbsd.org 2001/02/09 9:04:59
1781 [ssh-keyscan.c]
1782 do not assume malloc() returns zero-filled region. found by
1783 malloc.conf=AJ.
f21032a6 1784 - markus@cvs.openbsd.org 2001/02/08 22:35:30
1785 [sshconnect.c]
1786 don't connect if batch_mode is true and stricthostkeychecking set to
1787 'ask'
7bbcc167 1788 - djm@cvs.openbsd.org 2001/02/04 21:26:07
1789 [sshd_config]
1790 type: ok markus@
1791 - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
1792 [sshd_config]
1793 enable sftp-server by default
a2e6d17d 1794 - deraadt 2001/02/07 8:57:26
1795 [xmalloc.c]
1796 deal with new ANSI malloc stuff
1797 - markus@cvs.openbsd.org 2001/02/07 16:46:08
1798 [xmalloc.c]
1799 typo in fatal()
1800 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
1801 [xmalloc.c]
1802 fix size_t -> int cast (use u_long). markus ok
4ef922e3 1803 - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
1804 [serverloop.c sshconnect1.c]
1805 mitigate SSH1 traffic analysis - from Solar Designer
1806 <solar@openwall.com>, ok provos@
ca910e13 1807 - (bal) fixed sftp-client.c. Return 'status' instead of '0'
1808 (from the OpenBSD tree)
6b442913 1809 - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
27df9d4a 1810 - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
17321afe 1811 - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
f98d56f0 1812 - (bal) A bit more whitespace cleanup
e275684f 1813 - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
1814 <abartlet@pcug.org.au>
b27e97b1 1815 - (stevesk) misc.c: ssh.h not needed.
38a316c0 1816 - (stevesk) compat.c: more friendly cpp error
94f38e16 1817 - (stevesk) OpenBSD sync:
1818 - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
1819 [LICENSE]
1820 typos and small cleanup; ok deraadt@
abf1f107 1821
0426a3b4 182220010210
1823 - (djm) Sync sftp and scp stuff from OpenBSD:
1824 - djm@cvs.openbsd.org 2001/02/07 03:55:13
1825 [sftp-client.c]
1826 Don't free handles before we are done with them. Based on work from
1827 Corinna Vinschen <vinschen@redhat.com>. ok markus@
1828 - djm@cvs.openbsd.org 2001/02/06 22:32:53
1829 [sftp.1]
1830 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
1831 - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
1832 [sftp.1]
1833 pretty up significantly
1834 - itojun@cvs.openbsd.org 2001/02/07 06:49:42
1835 [sftp.1]
1836 .Bl-.El mismatch. markus ok
1837 - djm@cvs.openbsd.org 2001/02/07 06:12:30
1838 [sftp-int.c]
1839 Check that target is a directory before doing ls; ok markus@
1840 - itojun@cvs.openbsd.org 2001/02/07 11:01:18
1841 [scp.c sftp-client.c sftp-server.c]
1842 unsigned long long -> %llu, not %qu. markus ok
1843 - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
1844 [sftp.1 sftp-int.c]
1845 more man page cleanup and sync of help text with man page; ok markus@
1846 - markus@cvs.openbsd.org 2001/02/07 14:58:34
1847 [sftp-client.c]
1848 older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
1849 - djm@cvs.openbsd.org 2001/02/07 15:27:19
1850 [sftp.c]
1851 Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
1852 <roumen.petrov@skalasoft.com>
1853 - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
1854 [sftp-int.c]
1855 portable; ok markus@
1856 - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
1857 [sftp-int.c]
1858 lowercase cmds[].c also; ok markus@
1859 - markus@cvs.openbsd.org 2001/02/07 17:04:52
1860 [pathnames.h sftp.c]
1861 allow sftp over ssh protocol 1; ok djm@
1862 - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
1863 [scp.c]
1864 memory leak fix, and snprintf throughout
1865 - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
1866 [sftp-int.c]
1867 plug a memory leak
1868 - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
1869 [session.c sftp-client.c]
1870 %i -> %d
1871 - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
1872 [sftp-int.c]
1873 typo
1874 - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
1875 [sftp-int.c pathnames.h]
1876 _PATH_LS; ok markus@
1877 - djm@cvs.openbsd.org 2001/02/09 04:46:25
1878 [sftp-int.c]
1879 Check for NULL attribs for chown, chmod & chgrp operations, only send
1880 relevant attribs back to server; ok markus@
96b64eb0 1881 - djm@cvs.openbsd.org 2001/02/06 15:05:25
1882 [sftp.c]
1883 Use getopt to process commandline arguments
1884 - djm@cvs.openbsd.org 2001/02/06 15:06:21
1885 [sftp.c ]
1886 Wait for ssh subprocess at exit
1887 - djm@cvs.openbsd.org 2001/02/06 15:18:16
1888 [sftp-int.c]
1889 stat target for remote chdir before doing chdir
1890 - djm@cvs.openbsd.org 2001/02/06 15:32:54
1891 [sftp.1]
1892 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
1893 - provos@cvs.openbsd.org 2001/02/05 22:22:02
1894 [sftp-int.c]
1895 cleanup get_pathname, fix pwd after failed cd. okay djm@
0426a3b4 1896 - (djm) Update makefile.in for _PATH_SFTP_SERVER
c9f5e42e 1897 - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
0426a3b4 1898
6d1e1d2b 189920010209
1900 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
1901 <rjmooney@mediaone.net>
bb0c1991 1902 - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
1903 main tree while porting forward. Pointed out by Lutz Jaenicke
1904 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
f902d909 1905 - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
1906 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
25f4c264 1907 - (stevesk) OpenBSD sync:
1908 - markus@cvs.openbsd.org 2001/02/08 11:20:01
1909 [auth2.c]
1910 strict checking
1911 - markus@cvs.openbsd.org 2001/02/08 11:15:22
1912 [version.h]
1913 update to 2.3.2
1914 - markus@cvs.openbsd.org 2001/02/08 11:12:30
1915 [auth2.c]
1916 fix typo
72b3f75d 1917 - (djm) Update spec files
0ed28836 1918 - (bal) OpenBSD sync:
1919 - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
1920 [scp.c]
1921 memory leak fix, and snprintf throughout
1fc8ccdf 1922 - markus@cvs.openbsd.org 2001/02/06 22:43:02
1923 [clientloop.c]
1924 remove confusing callback code
0b202697 1925 - (djm) Add CVS Id's to files that we have missed
5ca51e19 1926 - (bal) OpenBSD Sync (more):
1927 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
1928 sync with netbsd tree changes.
1929 - more strict prototypes, include necessary headers
1930 - use paths.h/pathnames.h decls
1931 - size_t typecase to int -> u_long
1f3bf5aa 1932 - markus@cvs.openbsd.org 2001/02/06 22:07:42
1933 [ssh.c]
1934 fatal() if subsystem fails
1935 - markus@cvs.openbsd.org 2001/02/06 22:43:02
1936 [ssh.c]
1937 remove confusing callback code
1938 - jakob@cvs.openbsd.org 2001/02/06 23:03:24
1939 [ssh.c]
1940 add -1 option (force protocol version 1). ok markus@
1941 - jakob@cvs.openbsd.org 2001/02/06 23:06:21
1942 [ssh.c]
1943 reorder -{1,2,4,6} options. ok markus@
e6aa01b4 1944 - (bal) Missing 'const' in readpass.h
9c5a8165 1945 - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
1946 - djm@cvs.openbsd.org 2001/02/06 23:30:28
1947 [sftp-client.c]
1948 replace arc4random with counter for request ids; ok markus@
bc79ed5c 1949 - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
1950 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
6d1e1d2b 1951
6a25c04c 195220010208
1953 - (djm) Don't delete external askpass program in make uninstall target.
1954 Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
6958bd37 1955 - (djm) Fix linking of sftp, don't need arc4random any more.
1956 - (djm) Try to use shell that supports "test -S" for EGD socket search.
1957 Based on patch from Tim Rice <tim@multitalents.net>
6a25c04c 1958
547519f0 195920010207
bee0a37e 1960 - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
1961 seem lose track of it while in openbsd-compat/ (two confirmed reports)
5c377b3b 1962 - (djm) Much KNF on PAM code
547519f0 1963 - (djm) Revise auth-pam.c conversation function to be a little more
1964 readable.
5c377b3b 1965 - (djm) Revise kbd-int PAM conversation function to fold all text messages
1966 to before first prompt. Fixes hangs if last pam_message did not require
1967 a reply.
1968 - (djm) Fix password changing when using PAM kbd-int authentication
bee0a37e 1969
547519f0 197020010205
2b87da3b 1971 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
99286dc8 1972 that don't have NGROUPS_MAX.
57559587 1973 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
2b87da3b 1974 - (stevesk) OpenBSD sync:
1975 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
1976 [many files; did this manually to our top-level source dir]
1977 unexpand and remove end-of-line whitespace; ok markus@
408ba72f 1978 - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
1979 [sftp-server.c]
1980 SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
ec2a033a 1981 - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
1982 [sftp-int.c]
1983 ? == help
1984 - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
1985 [sftp-int.c]
1986 sort commands, so that abbreviations work as expected
1987 - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
1988 [sftp-int.c]
1989 debugging sftp: precedence and missing break. chmod, chown, chgrp
1990 seem to be working now.
1991 - markus@cvs.openbsd.org 2001/02/04 14:41:21
1992 [sftp-int.c]
1993 use base 8 for umask/chmod
1994 - markus@cvs.openbsd.org 2001/02/04 11:11:54
1995 [sftp-int.c]
1996 fix LCD
c44559d2 1997 - markus@cvs.openbsd.org 2001/02/04 08:10:44
1998 [ssh.1]
1999 typo; dpo@club-internet.fr
a5930351 2000 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
2001 [auth2.c authfd.c packet.c]
2002 remove duplicate #include's; ok markus@
6a416424 2003 - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
2004 [scp.c sshd.c]
2005 alpha happiness
2006 - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
2007 [sshd.c]
2008 precedence; ok markus@
02a024dd 2009 - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
6a416424 2010 [ssh.c sshd.c]
2011 make the alpha happy
02a024dd 2012 - markus@cvs.openbsd.org 2001/01/31 13:37:24
2013 [channels.c channels.h serverloop.c ssh.c]
547519f0 2014 do not disconnect if local port forwarding fails, e.g. if port is
2015 already in use
02a024dd 2016 - markus@cvs.openbsd.org 2001/02/01 14:58:09
2017 [channels.c]
2018 use ipaddr in channel messages, ietf-secsh wants this
2019 - markus@cvs.openbsd.org 2001/01/31 12:26:20
2020 [channels.c]
547519f0 2021 ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
2022 messages; bug report from edmundo@rano.org
a741554f 2023 - markus@cvs.openbsd.org 2001/01/31 13:48:09
2024 [sshconnect2.c]
2025 unused
9378f292 2026 - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
2027 [sftp-client.c sftp-server.c]
2028 make gcc on the alpha even happier
1fc243d1 2029
547519f0 203020010204
781a0585 2031 - (bal) I think this is the last of the bsd-*.h that don't belong.
634e0b53 2032 - (bal) Minor Makefile fix
f0f14bea 2033 - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
61e96248 2034 right.
78987b57 2035 - (bal) Changed order of LIB="" in -with-skey due to library resolving.
166e4f2a 2036 - (bal) next-posix.h changed to bsd-nextstep.h
61e96248 2037 - (djm) OpenBSD CVS sync:
2038 - markus@cvs.openbsd.org 2001/02/03 03:08:38
2039 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
2040 [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
2041 [sshd_config]
2042 make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
2043 - markus@cvs.openbsd.org 2001/02/03 03:19:51
2044 [ssh.1 sshd.8 sshd_config]
2045 Skey is now called ChallengeResponse
2046 - markus@cvs.openbsd.org 2001/02/03 03:43:09
2047 [sshd.8]
2048 use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
2049 channel. note from Erik.Anggard@cygate.se (pr/1659)
2050 - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
2051 [ssh.1]
2052 typos; ok markus@
2053 - djm@cvs.openbsd.org 2001/02/04 04:11:56
2054 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
2055 [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
2056 Basic interactive sftp client; ok theo@
2057 - (djm) Update RPM specs for new sftp binary
2058 - (djm) Update several bits for new optional reverse lookup stuff. I
2059 think I got them all.
8b061486 2060 - (djm) Makefile.in fixes
1aa00dcb 2061 - (stevesk) add mysignal() wrapper and use it for the protocol 2
2062 SIGCHLD handler.
408ba72f 2063 - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
781a0585 2064
547519f0 206520010203
63fe0529 2066 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
bf3db92d 2067 - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
2068 based file) to ensure #include space does not get confused.
f78888c7 2069 - (bal) Minor Makefile.in tweak. dirname may not exist on some
2070 platforms so builds fail. (NeXT being a well known one)
63fe0529 2071
547519f0 207220010202
61e96248 2073 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
c85a87f2 2074 <vinschen@redhat.com>
71301416 2075 - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
2076 that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
c85a87f2 2077
547519f0 207820010201
ad5075bd 2079 - (bal) Minor fix to Makefile to stop rebuilding executables if no
2080 changes have occured to any of the supporting code. Patch by
2081 Roumen Petrov <roumen.petrov@skalasoft.com>
2082
9c8dbb1b 208320010131
37845585 2084 - (djm) OpenBSD CVS Sync:
2085 - djm@cvs.openbsd.org 2001/01/30 15:48:53
2086 [sshconnect.c]
2087 Make warning message a little more consistent. ok markus@
8c89dd2b 2088 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
2089 Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
2090 respectively.
c59dc6bd 2091 - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
2092 passwords.
9c8dbb1b 2093 - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
2094 openbsd-compat/. And resolve all ./configure and Makefile.in issues
2095 assocated.
37845585 2096
9c8dbb1b 209720010130
39929cdb 2098 - (djm) OpenBSD CVS Sync:
2099 - markus@cvs.openbsd.org 2001/01/29 09:55:37
2100 [channels.c channels.h clientloop.c serverloop.c]
2101 fix select overflow; ok deraadt@ and stevesk@
865ac82e 2102 - markus@cvs.openbsd.org 2001/01/29 12:42:35
2103 [canohost.c canohost.h channels.c clientloop.c]
2104 add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
46aa2d1f 2105 - markus@cvs.openbsd.org 2001/01/29 12:47:32
2106 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
2107 handle rsa_private_decrypt failures; helps against the Bleichenbacher
2108 pkcs#1 attack
ae810de7 2109 - djm@cvs.openbsd.org 2001/01/29 05:36:11
2110 [ssh.1 ssh.c]
2111 Allow invocation of sybsystem by commandline (-s); ok markus@
83bc57f9 2112 - (stevesk) configure.in: remove duplicate PROG_LS
39929cdb 2113
9c8dbb1b 211420010129
f29ef605 2115 - (stevesk) sftp-server.c: use %lld vs. %qd
2116
cb9da0fc 211720010128
2118 - (bal) Put USE_PIPES back into sco3.2v5
23c2a7a5 2119 - (bal) OpenBSD Sync
9bd5b720 2120 - markus@cvs.openbsd.org 2001/01/28 10:15:34
2121 [dispatch.c]
2122 re-keying is not supported; ok deraadt@
5fb622e4 2123 - markus@cvs.openbsd.org 2001/01/28 10:24:04
7f5c4295 2124 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5fb622e4 2125 cleanup AUTHORS sections
9bd5b720 2126 - markus@cvs.openbsd.org 2001/01/28 10:37:26
ab60252b 2127 [sshd.c sshd.8]
9bd5b720 2128 remove -Q, no longer needed
2129 - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
a877488a 2130 [readconf.c ssh.1]
9bd5b720 2131 ``StrictHostKeyChecking ask'' documentation and small cleanup.
2132 ok markus@
6f37606e 2133 - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
61e96248 2134 [sshd.8]
6f37606e 2135 spelling. ok markus@
95f4ccfb 2136 - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
2137 [xmalloc.c]
2138 use size_t for strlen() return. ok markus@
6f37606e 2139 - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
2140 [authfile.c]
2141 spelling. use sizeof vs. strlen(). ok markus@
9bd5b720 2142 - niklas@cvs.openbsd.org 2001/01/29 1:59:14
23c2a7a5 2143 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
2144 groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
2145 key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
2146 radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
2147 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
2148 sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
2149 $OpenBSD$
b0e305c9 2150 - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
cb9da0fc 2151
c9606e03 215220010126
61e96248 2153 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
c9606e03 2154 Petrov <roumen.petrov@skalasoft.com>
2f4b2e38 2155 - (bal) OpenBSD Sync
2156 - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
2157 [ssh-agent.c]
2158 call _exit() in signal handler
c9606e03 2159
d7d5f0b2 216020010125
2161 - (djm) Sync bsd-* support files:
2162 - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
2163 [rresvport.c bindresvport.c]
61e96248 2164 new bindresvport() semantics that itojun, shin, jean-luc and i have
d7d5f0b2 2165 agreed on, which will be happy for the future. bindresvport_sa() for
2166 sockaddr *, too. docs later..
2167 - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
2168 [bindresvport.c]
61e96248 2169 in bindresvport(), if sin is non-NULL, example sin->sin_family for
d7d5f0b2 2170 the actual family being processed
e1dd3a7a 2171 - (djm) Mention PRNGd in documentation, it is nicer than EGD
2172 - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
8080699b 2173 - (bal) AC_FUNC_STRFTIME added to autoconf
4ccb01d6 2174 - (bal) OpenBSD Resync
2175 - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
2176 [channels.c]
2177 missing freeaddrinfo(); ok markus@
d7d5f0b2 2178
556eb464 217920010124
2180 - (bal) OpenBSD Resync
2181 - markus@cvs.openbsd.org 2001/01/23 10:45:10
2182 [ssh.h]
61e96248 2183 nuke comment
1aecda34 2184 - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
2185 - (bal) #ifdef around S_IFSOCK if platform does not support it.
2186 patch by Tim Rice <tim@multitalents.net>
2187 - (bal) fake-regex.h cleanup based on Tim Rice's patch.
c33f0b36 2188 - (stevesk) sftp-server.c: fix chmod() mode mask
556eb464 2189
effa6591 219020010123
2191 - (bal) regexp.h typo in configure.in. Should have been regex.h
2192 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
61e96248 2193 - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
53a24016 2194 - (bal) OpenBSD Resync
2195 - markus@cvs.openbsd.org 2001/01/22 8:15:00
2196 [auth-krb4.c sshconnect1.c]
2197 only AFS needs radix.[ch]
2198 - markus@cvs.openbsd.org 2001/01/22 8:32:53
2199 [auth2.c]
2200 no need to include; from mouring@etoh.eviladmin.org
2201 - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
2202 [key.c]
2203 free() -> xfree(); ok markus@
2204 - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
2205 [sshconnect2.c sshd.c]
2206 fix memory leaks in SSH2 key exchange; ok markus@
d464095c 2207 - markus@cvs.openbsd.org 2001/01/22 23:06:39
2208 [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
2209 sshconnect1.c sshconnect2.c sshd.c]
2210 rename skey -> challenge response.
2211 auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
53a24016 2212
effa6591 2213
42f11eb2 221420010122
2215 - (bal) OpenBSD Resync
2216 - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
2217 [servconf.c ssh.h sshd.c]
2218 only auth-chall.c needs #ifdef SKEY
2219 - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
2220 [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
2221 auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
2222 packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
2223 session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
2224 ssh1.h sshconnect1.c sshd.c ttymodes.c]
2225 move ssh1 definitions to ssh1.h, pathnames to pathnames.h
2226 - markus@cvs.openbsd.org 2001/01/19 16:48:14
2227 [sshd.8]
2228 fix typo; from stevesk@
2229 - markus@cvs.openbsd.org 2001/01/19 16:50:58
2230 [ssh-dss.c]
61e96248 2231 clear and free digest, make consistent with other code (use dlen); from
42f11eb2 2232 stevesk@
2233 - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
2234 [auth-options.c auth-options.h auth-rsa.c auth2.c]
2235 pass the filename to auth_parse_options()
61e96248 2236 - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
42f11eb2 2237 [readconf.c]
2238 fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
2239 - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
2240 [sshconnect2.c]
2241 dh_new_group() does not return NULL. ok markus@
2242 - markus@cvs.openbsd.org 2001/01/20 21:33:42
2243 [ssh-add.c]
61e96248 2244 do not loop forever if askpass does not exist; from
42f11eb2 2245 andrew@pimlott.ne.mediaone.net
2246 - djm@cvs.openbsd.org 2001/01/20 23:00:56
2247 [servconf.c]
2248 Check for NULL return from strdelim; ok markus
2249 - djm@cvs.openbsd.org 2001/01/20 23:02:07
2250 [readconf.c]
2251 KNF; ok markus
2252 - jakob@cvs.openbsd.org 2001/01/21 9:00:33
2253 [ssh-keygen.1]
2254 remove -R flag; ok markus@
2255 - markus@cvs.openbsd.org 2001/01/21 19:05:40
2256 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
2257 auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
2258 auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
2259 bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
2260 cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
2261 deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
2262 key.c key.h log-client.c log-server.c log.c log.h login.c login.h
2263 match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
2264 readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
2265 session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
61e96248 2266 ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
42f11eb2 2267 sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
2268 ttysmodes.c uidswap.c xmalloc.c]
61e96248 2269 split ssh.h and try to cleanup the #include mess. remove unnecessary
42f11eb2 2270 #includes. rename util.[ch] -> misc.[ch]
2271 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
61e96248 2272 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
42f11eb2 2273 conflict when compiling for non-kerb install
2274 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
2275 on 1/19.
2276
6005a40c 227720010120
2278 - (bal) OpenBSD Resync
2279 - markus@cvs.openbsd.org 2001/01/19 12:45:26
2280 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
2281 only auth-chall.c needs #ifdef SKEY
47af6577 2282 - (bal) Slight auth2-pam.c clean up.
2283 - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
2284 but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
6005a40c 2285
922e6493 228620010119
2287 - (djm) Update versions in RPM specfiles
59c97189 2288 - (bal) OpenBSD Resync
2289 - markus@cvs.openbsd.org 2001/01/18 16:20:21
2290 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
2291 sshd.8 sshd.c]
61e96248 2292 log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
59c97189 2293 systems
2294 - markus@cvs.openbsd.org 2001/01/18 16:59:59
2295 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
2296 session.h sshconnect1.c]
2297 1) removes fake skey from sshd, since this will be much
2298 harder with /usr/libexec/auth/login_XXX
2299 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
2300 3) make addition of BSD_AUTH and other challenge reponse methods
2301 easier.
2302 - markus@cvs.openbsd.org 2001/01/18 17:12:43
2303 [auth-chall.c auth2-chall.c]
2304 rename *-skey.c *-chall.c since the files are not skey specific
04fc7a67 2305 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
2306 to fix NULL pointer deref and fake authloop breakage in PAM code.
f4ebf0e8 2307 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
3c418020 2308 - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
61e96248 2309
b5c334cc 231020010118
2311 - (bal) Super Sized OpenBSD Resync
2312 - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
2313 [sshd.c]
2314 maxfd+1
2315 - markus@cvs.openbsd.org 2001/01/13 17:59:18
2316 [ssh-keygen.1]
2317 small ssh-keygen manpage cleanup; stevesk@pobox.com
2318 - markus@cvs.openbsd.org 2001/01/13 18:03:07
2319 [scp.c ssh-keygen.c sshd.c]
2320 getopt() returns -1 not EOF; stevesk@pobox.com
2321 - markus@cvs.openbsd.org 2001/01/13 18:06:54
2322 [ssh-keyscan.c]
2323 use SSH_DEFAULT_PORT; from stevesk@pobox.com
2324 - markus@cvs.openbsd.org 2001/01/13 18:12:47
2325 [ssh-keyscan.c]
2326 free() -> xfree(); fix memory leak; from stevesk@pobox.com
2327 - markus@cvs.openbsd.org 2001/01/13 18:14:13
2328 [ssh-add.c]
2329 typo, from stevesk@sweden.hp.com
2330 - markus@cvs.openbsd.org 2001/01/13 18:32:50
61e96248 2331 [packet.c session.c ssh.c sshconnect.c sshd.c]
b5c334cc 2332 split out keepalive from packet_interactive (from dale@accentre.com)
2333 set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
2334 - markus@cvs.openbsd.org 2001/01/13 18:36:45
2335 [packet.c packet.h]
2336 reorder, typo
2337 - markus@cvs.openbsd.org 2001/01/13 18:38:00
2338 [auth-options.c]
2339 fix comment
2340 - markus@cvs.openbsd.org 2001/01/13 18:43:31
2341 [session.c]
2342 Wall
61e96248 2343 - markus@cvs.openbsd.org 2001/01/13 19:14:08
b5c334cc 2344 [clientloop.h clientloop.c ssh.c]
2345 move callback to headerfile
2346 - markus@cvs.openbsd.org 2001/01/15 21:40:10
2347 [ssh.c]
2348 use log() instead of stderr
2349 - markus@cvs.openbsd.org 2001/01/15 21:43:51
2350 [dh.c]
2351 use error() not stderr!
2352 - markus@cvs.openbsd.org 2001/01/15 21:45:29
2353 [sftp-server.c]
2354 rename must fail if newpath exists, debug off by default
2355 - markus@cvs.openbsd.org 2001/01/15 21:46:38
2356 [sftp-server.c]
2357 readable long listing for sftp-server, ok deraadt@
2358 - markus@cvs.openbsd.org 2001/01/16 19:20:06
2359 [key.c ssh-rsa.c]
61e96248 2360 make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
2361 galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
2362 since they are in the wrong format, too. they must be removed from
b5c334cc 2363 .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
61e96248 2364 (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
2365 .ssh/authorized_keys2) additionally, we now check that
b5c334cc 2366 BN_num_bits(rsa->n) >= 768.
2367 - markus@cvs.openbsd.org 2001/01/16 20:54:27
2368 [sftp-server.c]
2369 remove some statics. simpler handles; idea from nisse@lysator.liu.se
2370 - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
2371 [bufaux.c radix.c sshconnect.h sshconnect1.c]
2372 indent
2373 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
2374 be missing such feature.
2375
61e96248 2376
52ce34a2 237720010117
2378 - (djm) Only write random seed file at exit
717057b6 2379 - (djm) Make PAM support optional, enable with --with-pam
61e96248 2380 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
717057b6 2381 provides a crypt() of its own)
2382 - (djm) Avoid a warning in bsd-bindresvport.c
2383 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
61e96248 2384 can cause weird segfaults errors on Solaris
8694a1ce 2385 - (djm) Avoid warning in PAM code by making read_passphrase arguments const
d748039d 2386 - (djm) Add --with-pam to RPM spec files
52ce34a2 2387
2fd3c144 238820010115
2389 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
89c7e31c 2390 - (bal) utimes() support via utime() interface on machine that lack utimes().
2fd3c144 2391
63b68889 239220010114
2393 - (stevesk) initial work for OpenBSD "support supplementary group in
2394 {Allow,Deny}Groups" patch:
2395 - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
2396 - add bsd-getgrouplist.h
2397 - new files groupaccess.[ch]
2398 - build but don't use yet (need to merge auth.c changes)
c6a69271 2399 - (stevesk) complete:
2400 - markus@cvs.openbsd.org 2001/01/13 11:56:48
2401 [auth.c sshd.8]
2402 support supplementary group in {Allow,Deny}Groups
2403 from stevesk@pobox.com
61e96248 2404
f546c780 240520010112
2406 - (bal) OpenBSD Sync
2407 - markus@cvs.openbsd.org 2001/01/10 22:56:22
2408 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
2409 cleanup sftp-server implementation:
547519f0 2410 add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
2411 parse SSH2_FILEXFER_ATTR_EXTENDED
2412 send SSH2_FX_EOF if readdir returns no more entries
2413 reply to SSH2_FXP_EXTENDED message
2414 use #defines from the draft
2415 move #definations to sftp.h
f546c780 2416 more info:
61e96248 2417 http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
f546c780 2418 - markus@cvs.openbsd.org 2001/01/10 19:43:20
2419 [sshd.c]
2420 XXX - generate_empheral_server_key() is not safe against races,
61e96248 2421 because it calls log()
f546c780 2422 - markus@cvs.openbsd.org 2001/01/09 21:19:50
2423 [packet.c]
2424 allow TCP_NDELAY for ipv6; from netbsd via itojun@
2425
9548d6c8 242620010110
2427 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
2428 Bladt Norbert <Norbert.Bladt@adi.ch>
2429
af972861 243020010109
2431 - (bal) Resync CVS ID of cli.c
4b80e97b 2432 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
2433 code.
eea39c02 2434 - (bal) OpenBSD Sync
2435 - markus@cvs.openbsd.org 2001/01/08 22:29:05
2436 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
2437 sshd_config version.h]
2438 implement option 'Banner /etc/issue.net' for ssh2, move version to
2439 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
2440 is enabled).
2441 - markus@cvs.openbsd.org 2001/01/08 22:03:23
2442 [channels.c ssh-keyscan.c]
2443 O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
2444 - markus@cvs.openbsd.org 2001/01/08 21:55:41
2445 [sshconnect1.c]
2446 more cleanups and fixes from stevesk@pobox.com:
2447 1) try_agent_authentication() for loop will overwrite key just
2448 allocated with key_new(); don't alloc
2449 2) call ssh_close_authentication_connection() before exit
2450 try_agent_authentication()
2451 3) free mem on bad passphrase in try_rsa_authentication()
2452 - markus@cvs.openbsd.org 2001/01/08 21:48:17
2453 [kex.c]
2454 missing free; thanks stevesk@pobox.com
f1c4659d 2455 - (bal) Detect if clock_t structure exists, if not define it.
2456 - (bal) Detect if O_NONBLOCK exists, if not define it.
2457 - (bal) removed news4-posix.h (now empty)
2458 - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
2459 instead of 'int'
adc83ebf 2460 - (stevesk) sshd_config: sync
4f771a33 2461 - (stevesk) defines.h: remove spurious ``;''
af972861 2462
bbcf899f 246320010108
2464 - (bal) Fixed another typo in cli.c
2465 - (bal) OpenBSD Sync
2466 - markus@cvs.openbsd.org 2001/01/07 21:26:55
2467 [cli.c]
2468 typo
2469 - markus@cvs.openbsd.org 2001/01/07 21:26:55
2470 [cli.c]
2471 missing free, stevesk@pobox.com
2472 - markus@cvs.openbsd.org 2001/01/07 19:06:25
2473 [auth1.c]
2474 missing free, stevesk@pobox.com
2475 - markus@cvs.openbsd.org 2001/01/07 11:28:04
2476 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
2477 ssh.h sshd.8 sshd.c]
2478 rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
2479 syslog priority changes:
2480 fatal() LOG_ERR -> LOG_CRIT
2481 log() LOG_INFO -> LOG_NOTICE
b8c37305 2482 - Updated TODO
bbcf899f 2483
9616313f 248420010107
2485 - (bal) OpenBSD Sync
2486 - markus@cvs.openbsd.org 2001/01/06 11:23:27
2487 [ssh-rsa.c]
2488 remove unused
2489 - itojun@cvs.openbsd.org 2001/01/05 08:23:29
2490 [ssh-keyscan.1]
2491 missing .El
2492 - markus@cvs.openbsd.org 2001/01/04 22:41:03
2493 [session.c sshconnect.c]
2494 consistent use of _PATH_BSHELL; from stevesk@pobox.com
2495 - djm@cvs.openbsd.org 2001/01/04 22:35:32
2496 [ssh.1 sshd.8]
2497 Mention AES as available SSH2 Cipher; ok markus
2498 - markus@cvs.openbsd.org 2001/01/04 22:25:58
2499 [sshd.c]
2500 sync usage()/man with defaults; from stevesk@pobox.com
2501 - markus@cvs.openbsd.org 2001/01/04 22:21:26
2502 [sshconnect2.c]
2503 handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
2504 that prints a banner (e.g. /etc/issue.net)
61e96248 2505
1877dc0c 250620010105
2507 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
5a64a938 2508 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
1877dc0c 2509
488c06c8 251020010104
2511 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
2512 work by Chris Vaughan <vaughan99@yahoo.com>
2513
7c49df64 251420010103
2515 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
2516 tree (mainly positioning)
2517 - (bal) OpenSSH CVS Update
2518 - markus@cvs.openbsd.org 2001/01/02 20:41:02
2519 [packet.c]
2520 log remote ip on disconnect; PR 1600 from jcs@rt.fm
2521 - markus@cvs.openbsd.org 2001/01/02 20:50:56
2522 [sshconnect.c]
61e96248 2523 strict_host_key_checking for host_status != HOST_CHANGED &&
7c49df64 2524 ip_status == HOST_CHANGED
61e96248 2525 - (bal) authfile.c: Synced CVS ID tag
2c523de9 2526 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
2527 - (bal) Disable sftp-server if no 64bit int support exists. Based on
2528 patch by Tim Rice <tim@multitalents.net>
2529 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
2530 and sftp-server.8 manpage.
7c49df64 2531
a421e945 253220010102
2533 - (bal) OpenBSD CVS Update
2534 - markus@cvs.openbsd.org 2001/01/01 14:52:49
2535 [scp.c]
2536 use shared fatal(); from stevesk@pobox.com
2537
0efc80a7 253820001231
2539 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
2540 for multiple reasons.
b1335fdf 2541 - (bal) Reverted out of a partial NeXT patch.
0efc80a7 2542
efcae5b1 254320001230
2544 - (bal) OpenBSD CVS Update
2545 - markus@cvs.openbsd.org 2000/12/28 18:58:30
2546 [ssh-keygen.c]
2547 enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
b148018f 2548 - markus@cvs.openbsd.org 2000/12/29 22:19:13
2549 [channels.c]
2550 missing xfree; from vaughan99@yahoo.com
efcae5b1 2551 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
03a14cc9 2552 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
34665bf7 2553 Suggested by Christian Kurz <shorty@debian.org>
cb6dabf4 2554 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
61e96248 2555 don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
cb6dabf4 2556 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
0dd78cd8 2557
255820001229
61e96248 2559 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
34665bf7 2560 Kurz <shorty@debian.org>
8abcdba4 2561 - (bal) OpenBSD CVS Update
2562 - markus@cvs.openbsd.org 2000/12/28 14:25:51
2563 [auth.h auth2.c]
2564 count authentication failures only
2565 - markus@cvs.openbsd.org 2000/12/28 14:25:03
2566 [sshconnect.c]
2567 fingerprint for MITM attacks, too.
2568 - markus@cvs.openbsd.org 2000/12/28 12:03:57
2569 [sshd.8 sshd.c]
2570 document -D
2571 - markus@cvs.openbsd.org 2000/12/27 14:19:21
2572 [serverloop.c]
2573 less chatty
2574 - markus@cvs.openbsd.org 2000/12/27 12:34
2575 [auth1.c sshconnect2.c sshd.c]
2576 typo
2577 - markus@cvs.openbsd.org 2000/12/27 12:30:19
2578 [readconf.c readconf.h ssh.1 sshconnect.c]
2579 new option: HostKeyAlias: allow the user to record the host key
2580 under a different name. This is useful for ssh tunneling over
2581 forwarded connections or if you run multiple sshd's on different
2582 ports on the same machine.
2583 - markus@cvs.openbsd.org 2000/12/27 11:51:53
2584 [ssh.1 ssh.c]
2585 multiple -t force pty allocation, document ORIGINAL_COMMAND
2586 - markus@cvs.openbsd.org 2000/12/27 11:41:31
2587 [sshd.8]
2588 update for ssh-2
c52c7082 2589 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
2590 fix merge.
0dd78cd8 2591
8f523d67 259220001228
2593 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
2594 libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
9fb76616 2595 - (djm) Update to new x11-askpass in RPM spec
0dd78cd8 2596 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
2597 header. Patch by Tim Rice <tim@multitalents.net>
2598 - Updated TODO w/ known HP/UX issue
2599 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
2600 bad reference to 'NeXT including it else were' on the #ifdef version.
8f523d67 2601
b03bd394 260220001227
61e96248 2603 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
b03bd394 2604 Takumi Yamane <yamtak@b-session.com>
2605 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
8f523d67 2606 by Corinna Vinschen <vinschen@redhat.com>
2607 - (djm) Fix catman-do target for non-bash
61e96248 2608 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
8f523d67 2609 Takumi Yamane <yamtak@b-session.com>
2610 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
b03bd394 2611 by Corinna Vinschen <vinschen@redhat.com>
13991f8e 2612 - (djm) Fix catman-do target for non-bash
61e96248 2613 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
2614 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
f318b98b 2615 'RLIMIT_NOFILE'
61e96248 2616 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
2617 the info in COPYING.Ylonen has been moved to the start of each
3bdf55b1 2618 SSH1-derived file and README.Ylonen is well out of date.
b03bd394 2619
8d88011e 262020001223
2621 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
2622 if a change to config.h has occurred. Suggested by Gert Doering
2623 <gert@greenie.muc.de>
2624 - (bal) OpenBSD CVS Update:
2625 - markus@cvs.openbsd.org 2000/12/22 16:49:40
2626 [ssh-keygen.c]
2627 fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
2628
1e3b8b07 262920001222
2630 - Updated RCSID for pty.c
2631 - (bal) OpenBSD CVS Updates:
2632 - markus@cvs.openbsd.org 2000/12/21 15:10:16
2633 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
2634 print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
2635 - markus@cvs.openbsd.org 2000/12/20 19:26:56
2636 [authfile.c]
2637 allow ssh -i userkey for root
2638 - markus@cvs.openbsd.org 2000/12/20 19:37:21
2639 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
2640 fix prototypes; from stevesk@pobox.com
2641 - markus@cvs.openbsd.org 2000/12/20 19:32:08
2642 [sshd.c]
2643 init pointer to NULL; report from Jan.Ivan@cern.ch
2644 - markus@cvs.openbsd.org 2000/12/19 23:17:54
2645 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
2646 auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
2647 bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
2648 crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
2649 key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
2650 packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
2651 serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
2652 ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
2653 uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
2654 replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
2655 unsigned' with u_char.
2656
67b0facb 265720001221
2658 - (stevesk) OpenBSD CVS updates:
2659 - markus@cvs.openbsd.org 2000/12/19 15:43:45
2660 [authfile.c channels.c sftp-server.c ssh-agent.c]
2661 remove() -> unlink() for consistency
2662 - markus@cvs.openbsd.org 2000/12/19 15:48:09
2663 [ssh-keyscan.c]
2664 replace <ssl/x.h> with <openssl/x.h>
2665 - markus@cvs.openbsd.org 2000/12/17 02:33:40
2666 [uidswap.c]
2667 typo; from wsanchez@apple.com
61e96248 2668
adeebd37 266920001220
61e96248 2670 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
adeebd37 2671 and Linux-PAM. Based on report and fix from Andrew Morgan
2672 <morgan@transmeta.com>
2673
f072c47a 267420001218
2675 - (stevesk) rsa.c: entropy.h not needed.
0c2fb82f 2676 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
2677 Suggested by Wilfredo Sanchez <wsanchez@apple.com>
f072c47a 2678
731c1541 267920001216
2680 - (stevesk) OpenBSD CVS updates:
2681 - markus@cvs.openbsd.org 2000/12/16 02:53:57
2682 [scp.c]
2683 allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
2684 - markus@cvs.openbsd.org 2000/12/16 02:39:57
2685 [scp.c]
2686 unused; from stevesk@pobox.com
2687
227e8e86 268820001215
9853409f 2689 - (stevesk) Old OpenBSD patch wasn't completely applied:
2690 - markus@cvs.openbsd.org 2000/01/24 22:11:20
2691 [scp.c]
2692 allow '.' in usernames; from jedgar@fxp.org
227e8e86 2693 - (stevesk) OpenBSD CVS updates:
2694 - markus@cvs.openbsd.org 2000/12/13 16:26:53
2695 [ssh-keyscan.c]
2696 fatal already adds \n; from stevesk@pobox.com
2697 - markus@cvs.openbsd.org 2000/12/13 16:25:44
2698 [ssh-agent.c]
2699 remove redundant spaces; from stevesk@pobox.com
2700 - ho@cvs.openbsd.org 2000/12/12 15:50:21
2701 [pty.c]
2702 When failing to set tty owner and mode on a read-only filesystem, don't
2703 abort if the tty already has correct owner and reasonably sane modes.
2704 Example; permit 'root' to login to a firewall with read-only root fs.
2705 (markus@ ok)
2706 - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
2707 [pty.c]
2708 KNF
6ffc9c88 2709 - markus@cvs.openbsd.org 2000/12/12 14:45:21
2710 [sshd.c]
2711 source port < 1024 is no longer required for rhosts-rsa since it
2712 adds no additional security.
2713 - markus@cvs.openbsd.org 2000/12/12 16:11:49
2714 [ssh.1 ssh.c]
2715 rhosts-rsa is no longer automagically disabled if ssh is not privileged.
2716 UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
2717 these changes should not change the visible default behaviour of the ssh client.
71c0d06a 2718 - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
2719 [scp.c]
2720 when copying 0-sized files, do not re-print ETA time at completion
3e1caa83 2721 - provos@cvs.openbsd.org 2000/12/15 10:30:15
2722 [kex.c kex.h sshconnect2.c sshd.c]
2723 compute diffie-hellman in parallel between server and client. okay markus@
227e8e86 2724
6c935fbd 272520001213
2726 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
2727 from Andreas M. Kirchwitz <amk@krell.zikzak.de>
227e8e86 2728 - (stevesk) OpenBSD CVS update:
1fe6a48f 2729 - markus@cvs.openbsd.org 2000/12/12 15:30:02
2730 [ssh-keyscan.c ssh.c sshd.c]
61e96248 2731 consistently use __progname; from stevesk@pobox.com
6c935fbd 2732
367d1840 273320001211
2734 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
2735 patch to install ssh-keyscan manpage. Patch by Pekka Savola
2736 <pekka@netcore.fi>
e3a70753 2737 - (bal) OpenbSD CVS update
2738 - markus@cvs.openbsd.org 2000/12/10 17:01:53
2739 [sshconnect1.c]
2740 always request new challenge for skey/tis-auth, fixes interop with
2741 other implementations; report from roth@feep.net
367d1840 2742
6b523bae 274320001210
2744 - (bal) OpenBSD CVS updates
61e96248 2745 - markus@cvs.openbsd.org 2000/12/09 13:41:51
6b523bae 2746 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
2747 undo rijndael changes
61e96248 2748 - markus@cvs.openbsd.org 2000/12/09 13:48:31
6b523bae 2749 [rijndael.c]
2750 fix byte order bug w/o introducing new implementation
61e96248 2751 - markus@cvs.openbsd.org 2000/12/09 14:08:27
6b523bae 2752 [sftp-server.c]
2753 "" -> "." for realpath; from vinschen@redhat.com
61e96248 2754 - markus@cvs.openbsd.org 2000/12/09 14:06:54
6b523bae 2755 [ssh-agent.c]
2756 extern int optind; from stevesk@sweden.hp.com
13af0aa2 2757 - provos@cvs.openbsd.org 2000/12/09 23:51:11
2758 [compat.c]
2759 remove unnecessary '\n'
6b523bae 2760
ce9c0b75 276120001209
6b523bae 2762 - (bal) OpenBSD CVS updates:
61e96248 2763 - djm@cvs.openbsd.org 2000/12/07 4:24:59
ce9c0b75 2764 [ssh.1]
2765 Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
2766
f72fc97f 276720001207
6b523bae 2768 - (bal) OpenBSD CVS updates:
61e96248 2769 - markus@cvs.openbsd.org 2000/12/06 22:58:14
f72fc97f 2770 [compat.c compat.h packet.c]
2771 disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
dfe89252 2772 - markus@cvs.openbsd.org 2000/12/06 23:10:39
2773 [rijndael.c]
2774 unexpand(1)
61e96248 2775 - markus@cvs.openbsd.org 2000/12/06 23:05:43
dfe89252 2776 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
2777 new rijndael implementation. fixes endian bugs
f72fc97f 2778
97fb6912 277920001206
6b523bae 2780 - (bal) OpenBSD CVS updates:
97fb6912 2781 - markus@cvs.openbsd.org 2000/12/05 20:34:09
2782 [channels.c channels.h clientloop.c serverloop.c]
2783 async connects for -R/-L; ok deraadt@
2784 - todd@cvs.openssh.org 2000/12/05 16:47:28
2785 [sshd.c]
2786 tweak comment to reflect real location of pid file; ok provos@
bf5f69f7 2787 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
2788 have it (used in ssh-keyscan).
227e8e86 2789 - (stevesk) OpenBSD CVS update:
f20255cb 2790 - markus@cvs.openbsd.org 2000/12/06 19:57:48
2791 [ssh-keyscan.c]
2792 err(3) -> internal error(), from stevesk@sweden.hp.com
97fb6912 2793
f6fdbddf 279420001205
6b523bae 2795 - (bal) OpenBSD CVS updates:
f6fdbddf 2796 - markus@cvs.openbsd.org 2000/12/04 19:24:02
2797 [ssh-keyscan.c ssh-keyscan.1]
2798 David Maziere's ssh-keyscan, ok niels@
2799 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
2800 to the recent OpenBSD source tree.
835d2104 2801 - (stevesk) fix typos in contrib/hpux/README
f6fdbddf 2802
cbc5abf9 280320001204
2804 - (bal) More C functions defined in NeXT that are unaccessable without
61e96248 2805 defining -POSIX.
2806 - (bal) OpenBSD CVS updates:
2807 - markus@cvs.openbsd.org 2000/12/03 11:29:04
cbc5abf9 2808 [compat.c]
2809 remove fallback to SSH_BUG_HMAC now that the drafts are updated
2810 - markus@cvs.openbsd.org 2000/12/03 11:27:55
2811 [compat.c]
61e96248 2812 correctly match "2.1.0.pl2 SSH" etc; from
97fb6912 2813 pekkas@netcore.fi/bugzilla.redhat
cbc5abf9 2814 - markus@cvs.openbsd.org 2000/12/03 11:15:03
2815 [auth2.c compat.c compat.h sshconnect2.c]
2816 support f-secure/ssh.com 2.0.12; ok niels@
2817
0b6fbf03 281820001203
cbc5abf9 2819 - (bal) OpenBSD CVS updates:
0b6fbf03 2820 - markus@cvs.openbsd.org 2000/11/30 22:54:31
2821 [channels.c]
61e96248 2822 debug->warn if tried to do -R style fwd w/o client requesting this;
0b6fbf03 2823 ok neils@
2824 - markus@cvs.openbsd.org 2000/11/29 20:39:17
2825 [cipher.c]
2826 des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
2827 - markus@cvs.openbsd.org 2000/11/30 18:33:05
2828 [ssh-agent.c]
2829 agents must not dump core, ok niels@
61e96248 2830 - markus@cvs.openbsd.org 2000/11/30 07:04:02
0b6fbf03 2831 [ssh.1]
2832 T is for both protocols
2833 - markus@cvs.openbsd.org 2000/12/01 00:00:51
2834 [ssh.1]
2835 typo; from green@FreeBSD.org
2836 - markus@cvs.openbsd.org 2000/11/30 07:02:35
2837 [ssh.c]
2838 check -T before isatty()
2839 - provos@cvs.openbsd.org 2000/11/29 13:51:27
2840 [sshconnect.c]
61e96248 2841 show IP address and hostname when new key is encountered. okay markus@
0b6fbf03 2842 - markus@cvs.openbsd.org 2000/11/30 22:53:35
2843 [sshconnect.c]
2844 disable agent/x11/port fwding if hostkey has changed; ok niels@
2845 - marksu@cvs.openbsd.org 2000/11/29 21:11:59
2846 [sshd.c]
2847 sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
2848 from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
8c9fe09e 2849 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
2850 PAM authentication using KbdInteractive.
2851 - (djm) Added another TODO
0b6fbf03 2852
90f4078a 285320001202
2854 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
61e96248 2855 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
90f4078a 2856 <mstone@cs.loyola.edu>
2857
dcef6523 285820001129
7062c40f 2859 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
2860 if there are background children with open fds.
c193d002 2861 - (djm) bsd-rresvport.c bzero -> memset
61e96248 2862 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
c193d002 2863 still fail during compilation of sftp-server).
2864 - (djm) Fail if ar is not found during configure
c523303b 2865 - (djm) OpenBSD CVS updates:
2866 - provos@cvs.openbsd.org 2000/11/22 08:38:31
2867 [sshd.8]
2868 talk about /etc/primes, okay markus@
2869 - markus@cvs.openbsd.org 2000/11/23 14:03:48
2870 [ssh.c sshconnect1.c sshconnect2.c]
2871 complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
2872 defaults
2873 - markus@cvs.openbsd.org 2000/11/25 09:42:53
2874 [sshconnect1.c]
2875 reorder check for illegal ciphers, bugreport from espie@
2876 - markus@cvs.openbsd.org 2000/11/25 10:19:34
2877 [ssh-keygen.c ssh.h]
2878 print keytype when generating a key.
2879 reasonable defaults for RSA1/RSA/DSA keys.
b3ec54b4 2880 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
2881 more manpage paths in fixpaths calls
2882 - (djm) Also add xauth path at Pekka's suggestion.
57ce3f00 2883 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
dcef6523 2884
e879a080 288520001125
2886 - (djm) Give up privs when reading seed file
2887
d343d900 288820001123
2889 - (bal) Merge OpenBSD changes:
2890 - markus@cvs.openbsd.org 2000/11/15 22:31:36
2891 [auth-options.c]
61e96248 2892 case insensitive key options; from stevesk@sweeden.hp.com
d343d900 2893 - markus@cvs.openbsd.org 2000/11/16 17:55:43
2894 [dh.c]
2895 do not use perror() in sshd, after child is forked()
2896 - markus@cvs.openbsd.org 2000/11/14 23:42:40
2897 [auth-rsa.c]
2898 parse option only if key matches; fix some confusing seen by the client
2899 - markus@cvs.openbsd.org 2000/11/14 23:44:19
2900 [session.c]
2901 check no_agent_forward_flag for ssh-2, too
2902 - markus@cvs.openbsd.org 2000/11/15
2903 [ssh-agent.1]
2904 reorder SYNOPSIS; typo, use .It
2905 - markus@cvs.openbsd.org 2000/11/14 23:48:55
2906 [ssh-agent.c]
2907 do not reorder keys if a key is removed
2908 - markus@cvs.openbsd.org 2000/11/15 19:58:08
2909 [ssh.c]
61e96248 2910 just ignore non existing user keys
d343d900 2911 - millert@cvs.openbsd.org 200/11/15 20:24:43
2912 [ssh-keygen.c]
2913 Add missing \n at end of error message.
2914
0b49a754 291520001122
2916 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
2917 are compilable.
2918 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
2919
fab2e5d3 292020001117
2921 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
2922 has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
61e96248 2923 - (stevesk) Reworked progname support.
260d427b 2924 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
2925 Shinichi Maruyama <marya@st.jip.co.jp>
fab2e5d3 2926
c2207f11 292720001116
2928 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
2929 releases.
2930 - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
2931 <roth@feep.net>
2932
3d398e04 293320001113
61e96248 2934 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
3d398e04 2935 contrib/README
fa08c86b 2936 - (djm) Merge OpenBSD changes:
2937 - markus@cvs.openbsd.org 2000/11/06 16:04:56
2938 [channels.c channels.h clientloop.c nchan.c serverloop.c]
2939 [session.c ssh.c]
2940 agent forwarding and -R for ssh2, based on work from
2941 jhuuskon@messi.uku.fi
2942 - markus@cvs.openbsd.org 2000/11/06 16:13:27
2943 [ssh.c sshconnect.c sshd.c]
2944 do not disabled rhosts(rsa) if server port > 1024; from
2945 pekkas@netcore.fi
2946 - markus@cvs.openbsd.org 2000/11/06 16:16:35
2947 [sshconnect.c]
2948 downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
2949 - markus@cvs.openbsd.org 2000/11/09 18:04:40
2950 [auth1.c]
2951 typo; from mouring@pconline.com
2952 - markus@cvs.openbsd.org 2000/11/12 12:03:28
2953 [ssh-agent.c]
2954 off-by-one when removing a key from the agent
2955 - markus@cvs.openbsd.org 2000/11/12 12:50:39
2956 [auth-rh-rsa.c auth2.c authfd.c authfd.h]
2957 [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
2958 [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
2959 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
2960 [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
61e96248 2961 [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
fa08c86b 2962 add support for RSA to SSH2. please test.
2963 there are now 3 types of keys: RSA1 is used by ssh-1 only,
2964 RSA and DSA are used by SSH2.
2965 you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
2966 keys for SSH2 and use the RSA keys for hostkeys or for user keys.
2967 SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
2968 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
f001465f 2969 - (djm) Change to interim version
5733a41a 2970 - (djm) Fix RPM spec file stupidity
6fff1ac4 2971 - (djm) fixpaths to DSA and RSA keys too
3d398e04 2972
d287c664 297320001112
2974 - (bal) SCO Patch to add needed libraries for configure.in. Patch by
2975 Phillips Porch <root@theporch.com>
3d398e04 2976 - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
2977 <dcp@sgi.com>
a3bf38d0 2978 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
2979 failed ioctl(TIOCSCTTY) call.
d287c664 2980
3c4d4fef 298120001111
2982 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
2983 packaging files
35325fd4 2984 - (djm) Fix new Makefile.in warnings
61e96248 2985 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
2986 promoted to type int. Report and fix from Dan Astoorian
027bf205 2987 <djast@cs.toronto.edu>
61e96248 2988 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
e3291159 2989 it wrong. Report from Bennett Todd <bet@rahul.net>
3c4d4fef 2990
3e366738 299120001110
2992 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
2993 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
2994 - (bal) Added in check to verify S/Key library is being detected in
2995 configure.in
61e96248 2996 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
3e366738 2997 Patch by Mark Miller <markm@swoon.net>
2998 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
61e96248 2999 to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
3e366738 3000 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
3001
373998a4 300220001107
e506ee73 3003 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
3004 Mark Miller <markm@swoon.net>
373998a4 3005 - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
3006 Jarno Huuskonen <jhuuskon@messi.uku.fi>
e506ee73 3007 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
3008 Mark D. Roth <roth@feep.net>
373998a4 3009
ac89998a 301020001106
3011 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
6c09e23c 3012 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
61e96248 3013 - (djm) Remove UPGRADING document in favour of a link to the better
d6846e6a 3014 maintained FAQ on www.openssh.com
73bd30fe 3015 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
3016 <pekkas@netcore.fi>
3017 - (djm) Don't need X11-askpass in RPM spec file if building without it
3018 from Pekka Savola <pekkas@netcore.fi>
c215ba3b 3019 - (djm) Release 2.3.0p1
97b378bf 3020 - (bal) typo in configure.in in regards to --with-ldflags from Marko
3021 Asplund <aspa@kronodoc.fi>
3022 - (bal) fixed next-posix.h. Forgot prototype of getppid().
68f189a9 3023
b850ecd9 302420001105
3025 - (bal) Sync with OpenBSD:
3026 - markus@cvs.openbsd.org 2000/10/31 9:31:58
3027 [compat.c]
3028 handle all old openssh versions
3029 - markus@cvs.openbsd.org 2000/10/31 13:1853
3030 [deattack.c]
3031 so that large packets do not wrap "n"; from netbsd
3032 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
a30ce26d 3033 - (bal) auth2-skey.c - Checked in. Missing from portable tree.
3034 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
3035 setsid() into more common files
96054e6f 3036 - (stevesk) pty.c: use __hpux to identify HP-UX.
d0127657 3037 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
3038 bsd-waitpid.c
b850ecd9 3039
75b90ced 304020001029
3041 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
95273555 3042 - (stevesk) Create contrib/cygwin/ directory; patch from
3043 Corinna Vinschen <vinschen@redhat.com>
e9e4a1c7 3044 - (bal) Resolved more $xno and $xyes issues in configure.in
fd5f0295 3045 - (bal) next-posix.h - spelling and forgot a prototype
75b90ced 3046
344f2b94 304720001028
61e96248 3048 - (djm) fix select hack in serverloop.c from Philippe WILLEM
344f2b94 3049 <Philippe.WILLEM@urssaf.fr>
240ae474 3050 - (djm) Fix mangled AIXAUTHENTICATE code
61e96248 3051 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
606ea390 3052 <markus.friedl@informatik.uni-erlangen.de>
a22aff1f 3053 - (djm) Sync with OpenBSD:
3054 - markus@cvs.openbsd.org 2000/10/16 15:46:32
3055 [ssh.1]
3056 fixes from pekkas@netcore.fi
3057 - markus@cvs.openbsd.org 2000/10/17 14:28:11
3058 [atomicio.c]
3059 return number of characters processed; ok deraadt@
3060 - markus@cvs.openbsd.org 2000/10/18 12:04:02
3061 [atomicio.c]
3062 undo
3063 - markus@cvs.openbsd.org 2000/10/18 12:23:02
3064 [scp.c]
3065 replace atomicio(read,...) with read(); ok deraadt@
3066 - markus@cvs.openbsd.org 2000/10/18 12:42:00
3067 [session.c]
3068 restore old record login behaviour
3069 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
3070 [auth-skey.c]
3071 fmt string problem in unused code
3072 - provos@cvs.openbsd.org 2000/10/19 10:45:16
3073 [sshconnect2.c]
3074 don't reference freed memory. okay deraadt@
3075 - markus@cvs.openbsd.org 2000/10/21 11:04:23
3076 [canohost.c]
3077 typo, eramore@era-t.ericsson.se; ok niels@
3078 - markus@cvs.openbsd.org 2000/10/23 13:31:55
3079 [cipher.c]
3080 non-alignment dependent swap_bytes(); from
3081 simonb@wasabisystems.com/netbsd
3082 - markus@cvs.openbsd.org 2000/10/26 12:38:28
3083 [compat.c]
3084 add older vandyke products
3085 - markus@cvs.openbsd.org 2000/10/27 01:32:19
3086 [channels.c channels.h clientloop.c serverloop.c session.c]
3087 [ssh.c util.c]
61e96248 3088 enable non-blocking IO on channels, and tty's (except for the
a22aff1f 3089 client ttys).
344f2b94 3090
ddc49b5c 309120001027
3092 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
3093
48e7916f 309420001025
3095 - (djm) Added WARNING.RNG file and modified configure to ask users of the
3096 builtin entropy code to read it.
3097 - (djm) Prefer builtin regex to PCRE.
00937921 3098 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
3099 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
3100 <proski@gnu.org>
48e7916f 3101
8dcda1e3 310220001020
3103 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
07bee9a7 3104 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
3105 is more correct then current version.
8dcda1e3 3106
f5af5cd5 310720001018
3108 - (stevesk) Add initial support for setproctitle(). Current
3109 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
134fd7f6 3110 - (stevesk) Add egd startup scripts to contrib/hpux/
f5af5cd5 3111
2f31bdd6 311220001017
3113 - (djm) Add -lregex to cywin libs from Corinna Vinschen
3114 <vinschen@cygnus.com>
ba7a3f40 3115 - (djm) Don't rely on atomicio's retval to determine length of askpass
3116 supplied passphrase. Problem report from Lutz Jaenicke
3117 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
66d6c27e 3118 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
61e96248 3119 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
66d6c27e 3120 <nakaji@tutrp.tut.ac.jp>
2f31bdd6 3121
33de75a3 312220001016
3123 - (djm) Sync with OpenBSD:
3124 - markus@cvs.openbsd.org 2000/10/14 04:01:15
3125 [cipher.c]
3126 debug3
3127 - markus@cvs.openbsd.org 2000/10/14 04:07:23
3128 [scp.c]
3129 remove spaces from arguments; from djm@mindrot.org
3130 - markus@cvs.openbsd.org 2000/10/14 06:09:46
3131 [ssh.1]
3132 Cipher is for SSH-1 only
3133 - markus@cvs.openbsd.org 2000/10/14 06:12:09
3134 [servconf.c servconf.h serverloop.c session.c sshd.8]
3135 AllowTcpForwarding; from naddy@
3136 - markus@cvs.openbsd.org 2000/10/14 06:16:56
3137 [auth2.c compat.c compat.h sshconnect2.c version.h]
61e96248 3138 OpenSSH_2.3; note that is is not complete, but the version number
33de75a3 3139 needs to be changed for interoperability reasons
3140 - markus@cvs.openbsd.org 2000/10/14 06:19:45
3141 [auth-rsa.c]
3142 do not send RSA challenge if key is not allowed by key-options; from
3143 eivind@ThinkSec.com
3144 - markus@cvs.openbsd.org 2000/10/15 08:14:01
3145 [rijndael.c session.c]
3146 typos; from stevesk@sweden.hp.com
3147 - markus@cvs.openbsd.org 2000/10/15 08:18:31
3148 [rijndael.c]
3149 typo
61e96248 3150 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
30d8b039 3151 through diffs
61e96248 3152 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
30d8b039 3153 <pekkas@netcore.fi>
aa0289fe 3154 - (djm) Update version in Redhat spec file
61e96248 3155 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
aa0289fe 3156 Redhat 7.0 spec file
5b2d4b75 3157 - (djm) Make inability to read/write PRNG seedfile non-fatal
3158
33de75a3 3159
4d670c24 316020001015
3161 - (djm) Fix ssh2 hang on background processes at logout.
3162
71dfaf1c 316320001014
443172c4 3164 - (bal) Add support for realpath and getcwd for platforms with broken
3165 or missing realpath implementations for sftp-server.
3166 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
61e96248 3167 - (bal) Add support for GNU rx library for those lacking regexp support
71dfaf1c 3168 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
02323c45 3169 - (djm) Revert SSH2 serverloop hack, will find a better way.
4ee81249 3170 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
3171 from Martin Johansson <fatbob@acc.umu.se>
94ec8c6b 3172 - (djm) Big OpenBSD sync:
3173 - markus@cvs.openbsd.org 2000/09/30 10:27:44
3174 [log.c]
3175 allow loglevel debug
3176 - markus@cvs.openbsd.org 2000/10/03 11:59:57
3177 [packet.c]
3178 hmac->mac
3179 - markus@cvs.openbsd.org 2000/10/03 12:03:03
3180 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
3181 move fake-auth from auth1.c to individual auth methods, disables s/key in
3182 debug-msg
3183 - markus@cvs.openbsd.org 2000/10/03 12:16:48
3184 ssh.c
3185 do not resolve canonname, i have no idea why this was added oin ossh
3186 - markus@cvs.openbsd.org 2000/10/09 15:30:44
3187 ssh-keygen.1 ssh-keygen.c
3188 -X now reads private ssh.com DSA keys, too.
3189 - markus@cvs.openbsd.org 2000/10/09 15:32:34
3190 auth-options.c
3191 clear options on every call.
3192 - markus@cvs.openbsd.org 2000/10/09 15:51:00
3193 authfd.c authfd.h
3194 interop with ssh-agent2, from <res@shore.net>
3195 - markus@cvs.openbsd.org 2000/10/10 14:20:45
3196 compat.c
3197 use rexexp for version string matching
3198 - provos@cvs.openbsd.org 2000/10/10 22:02:18
3199 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
3200 First rough implementation of the diffie-hellman group exchange. The
3201 client can ask the server for bigger groups to perform the diffie-hellman
3202 in, thus increasing the attack complexity when using ciphers with longer
3203 keys. University of Windsor provided network, T the company.
3204 - markus@cvs.openbsd.org 2000/10/11 13:59:52
3205 [auth-rsa.c auth2.c]
3206 clear auth options unless auth sucessfull
3207 - markus@cvs.openbsd.org 2000/10/11 14:00:27
3208 [auth-options.h]
3209 clear auth options unless auth sucessfull
3210 - markus@cvs.openbsd.org 2000/10/11 14:03:27
3211 [scp.1 scp.c]
3212 support 'scp -o' with help from mouring@pconline.com
3213 - markus@cvs.openbsd.org 2000/10/11 14:11:35
3214 [dh.c]
3215 Wall
3216 - markus@cvs.openbsd.org 2000/10/11 14:14:40
3217 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
3218 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
3219 add support for s/key (kbd-interactive) to ssh2, based on work by
3220 mkiernan@avantgo.com and me
3221 - markus@cvs.openbsd.org 2000/10/11 14:27:24
3222 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
3223 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
3224 [sshconnect2.c sshd.c]
3225 new cipher framework
3226 - markus@cvs.openbsd.org 2000/10/11 14:45:21
3227 [cipher.c]
3228 remove DES
3229 - markus@cvs.openbsd.org 2000/10/12 03:59:20
3230 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
3231 enable DES in SSH-1 clients only
3232 - markus@cvs.openbsd.org 2000/10/12 08:21:13
3233 [kex.h packet.c]
3234 remove unused
3235 - markus@cvs.openbsd.org 2000/10/13 12:34:46
3236 [sshd.c]
3237 Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
3238 - markus@cvs.openbsd.org 2000/10/13 12:59:15
3239 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
3240 rijndael/aes support
3241 - markus@cvs.openbsd.org 2000/10/13 13:10:54
3242 [sshd.8]
3243 more info about -V
3244 - markus@cvs.openbsd.org 2000/10/13 13:12:02
3245 [myproposal.h]
3246 prefer no compression
3ed32516 3247 - (djm) Fix scp user@host handling
3248 - (djm) Don't clobber ssh_prng_cmds on install
6bcf7caa 3249 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
3250 u_intXX_t types on all platforms.
9ea53ba5 3251 - (stevesk) rijndael.c: cleanup missing declaration warnings.
2919e060 3252 - (stevesk) ~/.hushlogin shouldn't cause required password change to
3253 be bypassed.
f5665f6f 3254 - (stevesk) Display correct path to ssh-askpass in configure output.
3255 Report from Lutz Jaenicke.
71dfaf1c 3256
ebd782f7 325720001007
3258 - (stevesk) Print PAM return value in PAM log messages to aid
3259 with debugging.
97994d32 3260 - (stevesk) Fix detection of pw_class struct member in configure;
3261 patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
3262
47a134c1 326320001002
3264 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
3265 - (djm) Add host system and CC to end-of-configure report. Suggested by
3266 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3267
7322ef0e 326820000931
3269 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
3270
6ac7829a 327120000930
b6490dcb 3272 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
61e96248 3273 - (djm) Support in bsd-snprintf.c for long long conversions from
772bd898 3274 Ben Lindstrom <mouring@pconline.com>
3275 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
857040fb 3276 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
61e96248 3277 very short lived X connections. Bug report from Tobias Oetiker
857040fb 3278 <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
bd2d7f6a 3279 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
3280 patch from Pekka Savola <pekkas@netcore.fi>
58665035 3281 - (djm) Forgot to cvs add LICENSE file
dc2901a0 3282 - (djm) Add LICENSE to RPM spec files
de273eef 3283 - (djm) CVS OpenBSD sync:
3284 - markus@cvs.openbsd.org 2000/09/26 13:59:59
3285 [clientloop.c]
3286 use debug2
3287 - markus@cvs.openbsd.org 2000/09/27 15:41:34
3288 [auth2.c sshconnect2.c]
3289 use key_type()
3290 - markus@cvs.openbsd.org 2000/09/28 12:03:18
3291 [channels.c]
3292 debug -> debug2 cleanup
61e96248 3293 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
2a7d529a 3294 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
3295 <Alain.St-Denis@ec.gc.ca>
61e96248 3296 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
3297 Problem was caused by interrupted read in ssh-add. Report from Donald
2a7d529a 3298 J. Barry <don@astro.cornell.edu>
6ac7829a 3299
c5d85828 330020000929
3301 - (djm) Fix SSH2 not terminating until all background tasks done problem.
61e96248 3302 - (djm) Another off-by-one fix from Pavel Kankovsky
3303 <peak@argo.troja.mff.cuni.cz>
22d89d24 3304 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
3305 tidy necessary differences. Use Markus' new debugN() in entropy.c
61e96248 3306 - (djm) Merged big SCO portability patch from Tim Rice
77bb0bca 3307 <tim@multitalents.net>
c5d85828 3308
6fd7f731 330920000926
3310 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
c5ae7384 3311 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
61e96248 3312 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
3313 Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
6fd7f731 3314
2f125ca1 331520000924
3316 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
3317 - (djm) A bit more cleanup - created cygwin_util.h
bcdaaeab 3318 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
3319 <markm@swoon.net>
2f125ca1 3320
764d4113 332120000923
61e96248 3322 - (djm) Fix address logging in utmp from Kevin Steves
764d4113 3323 <stevesk@sweden.hp.com>
777319db 3324 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
bd590612 3325 - (djm) Seperate tests for int64_t and u_int64_t types
61e96248 3326 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
37c1c46d 3327 <stevesk@sweden.hp.com>
e79b44e1 3328 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
61e96248 3329 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
e2144f11 3330 Michael Stone <mstone@cs.loyola.edu>
188adeb2 3331 - (djm) OpenBSD CVS sync:
3332 - markus@cvs.openbsd.org 2000/09/17 09:38:59
3333 [sshconnect2.c sshd.c]
3334 fix DEBUG_KEXDH
3335 - markus@cvs.openbsd.org 2000/09/17 09:52:51
3336 [sshconnect.c]
3337 yes no; ok niels@
3338 - markus@cvs.openbsd.org 2000/09/21 04:55:11
3339 [sshd.8]
3340 typo
3341 - markus@cvs.openbsd.org 2000/09/21 05:03:54
3342 [serverloop.c]
3343 typo
3344 - markus@cvs.openbsd.org 2000/09/21 05:11:42
3345 scp.c
3346 utime() to utimes(); mouring@pconline.com
3347 - markus@cvs.openbsd.org 2000/09/21 05:25:08
3348 sshconnect2.c
3349 change login logic in ssh2, allows plugin of other auth methods
3350 - markus@cvs.openbsd.org 2000/09/21 05:25:35
3351 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
3352 [serverloop.c]
3353 add context to dispatch_run
3354 - markus@cvs.openbsd.org 2000/09/21 05:07:52
3355 authfd.c authfd.h ssh-agent.c
3356 bug compat for old ssh.com software
764d4113 3357
7f377177 335820000920
3359 - (djm) Fix bad path substitution. Report from Andrew Miner
3360 <asminer@cs.iastate.edu>
3361
bcbf86ec 336220000916
61e96248 3363 - (djm) Fix SSL search order from Lutz Jaenicke
7950bf97 3364 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
19ece6d2 3365 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
9cd45ea4 3366 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
995edaac 3367 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
3368 Patch from Larry Jones <larry.jones@sdrc.com>
61e96248 3369 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
ad55cd03 3370 password change patch.
3371 - (djm) Bring licenses on my stuff in line with OpenBSD's
0bbfbdeb 3372 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
3373 Kevin Steves <stevesk@sweden.hp.com>
7f8f5e00 3374 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
3375 - (djm) Re-enable int64_t types - we need them for sftp
3376 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
3377 - (djm) Update Redhat SPEC file accordingly
3378 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
3379 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
61e96248 3380 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
7f8f5e00 3381 <Dirk.DeWachter@rug.ac.be>
61e96248 3382 - (djm) Fixprogs and entropy list fixes from Larry Jones
7f8f5e00 3383 <larry.jones@sdrc.com>
3384 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
3385 <tyoshida@gemini.rc.kyushu-u.ac.jp>
bcbf86ec 3386 - (djm) Merge OpenBSD changes:
3387 - markus@cvs.openbsd.org 2000/09/05 02:59:57
3388 [session.c]
3389 print hostname (not hushlogin)
3390 - markus@cvs.openbsd.org 2000/09/05 13:18:48
3391 [authfile.c ssh-add.c]
3392 enable ssh-add -d for DSA keys
3393 - markus@cvs.openbsd.org 2000/09/05 13:20:49
3394 [sftp-server.c]
3395 cleanup
3396 - markus@cvs.openbsd.org 2000/09/06 03:46:41
3397 [authfile.h]
3398 prototype
3399 - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
3400 [ALL]
61e96248 3401 cleanup copyright notices on all files. I have attempted to be
3402 accurate with the details. everything is now under Tatu's licence
3403 (which I copied from his readme), and/or the core-sdi bsd-ish thing
3404 for deattack, or various openbsd developers under a 2-term bsd
bcbf86ec 3405 licence. We're not changing any rules, just being accurate.
3406 - markus@cvs.openbsd.org 2000/09/07 14:40:30
3407 [channels.c channels.h clientloop.c serverloop.c ssh.c]
3408 cleanup window and packet sizes for ssh2 flow control; ok niels
3409 - markus@cvs.openbsd.org 2000/09/07 14:53:00
3410 [scp.c]
3411 typo
3412 - markus@cvs.openbsd.org 2000/09/07 15:13:37
3413 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
3414 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
3415 [pty.c readconf.c]
3416 some more Copyright fixes
3417 - markus@cvs.openbsd.org 2000/09/08 03:02:51
3418 [README.openssh2]
3419 bye bye
3420 - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
3421 [LICENCE cipher.c]
3422 a few more comments about it being ARC4 not RC4
3423 - markus@cvs.openbsd.org 2000/09/12 14:53:11
3424 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
3425 multiple debug levels
3426 - markus@cvs.openbsd.org 2000/09/14 14:25:15
3427 [clientloop.c]
3428 typo
3429 - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
3430 [ssh-agent.c]
3431 check return value for setenv(3) for failure, and deal appropriately
3432
deb8d717 343320000913
3434 - (djm) Fix server not exiting with jobs in background.
3435
b5e300c2 343620000905
3437 - (djm) Import OpenBSD CVS changes
3438 - markus@cvs.openbsd.org 2000/08/31 15:52:24
3439 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
3440 implement a SFTP server. interops with sftp2, scp2 and the windows
3441 client from ssh.com
3442 - markus@cvs.openbsd.org 2000/08/31 15:56:03
3443 [README.openssh2]
3444 sync
3445 - markus@cvs.openbsd.org 2000/08/31 16:05:42
3446 [session.c]
3447 Wall
3448 - markus@cvs.openbsd.org 2000/08/31 16:09:34
3449 [authfd.c ssh-agent.c]
3450 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
3451 - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
3452 [scp.1 scp.c]
3453 cleanup and fix -S support; stevesk@sweden.hp.com
3454 - markus@cvs.openbsd.org 2000/09/01 16:29:32
3455 [sftp-server.c]
3456 portability fixes
3457 - markus@cvs.openbsd.org 2000/09/01 16:32:41
3458 [sftp-server.c]
3459 fix cast; mouring@pconline.com
3460 - itojun@cvs.openbsd.org 2000/09/03 09:23:28
3461 [ssh-add.1 ssh.1]
3462 add missing .El against .Bl.
3463 - markus@cvs.openbsd.org 2000/09/04 13:03:41
3464 [session.c]
3465 missing close; ok theo
3466 - markus@cvs.openbsd.org 2000/09/04 13:07:21
3467 [session.c]
3468 fix get_last_login_time order; from andre@van-veen.de
3469 - markus@cvs.openbsd.org 2000/09/04 13:10:09
3470 [sftp-server.c]
3471 more cast fixes; from mouring@pconline.com
3472 - markus@cvs.openbsd.org 2000/09/04 13:06:04
3473 [session.c]
3474 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
3475 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
3c62e7eb 3476 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
3477
1e61f54a 347820000903
3479 - (djm) Fix Redhat init script
3480
c80876b4 348120000901
3482 - (djm) Pick up Jim's new X11-askpass
3483 - (djm) Release 2.2.0p1
3484
8b4a0d08 348520000831
bcbf86ec 3486 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
8b4a0d08 3487 <acox@cv.telegroup.com>
b817711d 3488 - (djm) Pick up new version (2.2.0) from OpenBSD CVS
8b4a0d08 3489
0b65b628 349020000830
3491 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
10fa00c8 3492 - (djm) Periodically rekey arc4random
3493 - (djm) Clean up diff against OpenBSD.
bcbf86ec 3494 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
2b10f47a 3495 <stevesk@sweden.hp.com>
b33a2e6e 3496 - (djm) Quieten the pam delete credentials error message
44839801 3497 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
3498 Kevin Steves <stevesk@sweden.hp.com>
84a770d1 3499 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
7efa2776 3500 - (djm) Fix doh in bsd-arc4random.c
0b65b628 3501
9aaf9be4 350220000829
bcbf86ec 3503 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
3504 Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
9aaf9be4 3505 Garrick James <garrick@james.net>
b5f90139 3506 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
3507 Bastian Trompetter <btrompetter@firemail.de>
698d107e 3508 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
14a9a859 3509 - More OpenBSD updates:
3510 - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
3511 [scp.c]
3512 off_t in sink, to fix files > 2GB, i think, test is still running ;-)
3513 - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
3514 [session.c]
3515 Wall
3516 - markus@cvs.openbsd.org 2000/08/26 04:33:43
3517 [compat.c]
3518 ssh.com-2.3.0
3519 - markus@cvs.openbsd.org 2000/08/27 12:18:05
3520 [compat.c]
3521 compatibility with future ssh.com versions
3522 - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
3523 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
3524 print uid/gid as unsigned
3525 - markus@cvs.openbsd.org 2000/08/28 13:51:00
3526 [ssh.c]
3527 enable -n and -f for ssh2
3528 - markus@cvs.openbsd.org 2000/08/28 14:19:53
3529 [ssh.c]
3530 allow combination of -N and -f
3531 - markus@cvs.openbsd.org 2000/08/28 14:20:56
3532 [util.c]
3533 util.c
3534 - markus@cvs.openbsd.org 2000/08/28 14:22:02
3535 [util.c]
3536 undo
3537 - markus@cvs.openbsd.org 2000/08/28 14:23:38
3538 [util.c]
3539 don't complain if setting NONBLOCK fails with ENODEV
9aaf9be4 3540
137d7b6c 354120000823
3542 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
bcbf86ec 3543 Avoids "scp never exits" problem. Reports from Lutz Jaenicke
3544 <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
137d7b6c 3545 <kajiyama@grad.sccs.chukyo-u.ac.jp>
2e73a022 3546 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
da40ab4d 3547 - (djm) Add local version to version.h
ea788c22 3548 - (djm) Don't reseed arc4random everytime it is used
2e73a022 3549 - (djm) OpenBSD CVS updates:
3550 - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
3551 [ssh.c]
3552 accept remsh as a valid name as well; roman@buildpoint.com
3553 - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
3554 [deattack.c crc32.c packet.c]
3555 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
3556 libz crc32 function yet, because it has ugly "long"'s in it;
3557 oneill@cs.sfu.ca
3558 - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
3559 [scp.1 scp.c]
3560 -S prog support; tv@debian.org
3561 - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
3562 [scp.c]
3563 knf
3564 - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
3565 [log-client.c]
3566 shorten
3567 - markus@cvs.openbsd.org 2000/08/19 12:48:11
3568 [channels.c channels.h clientloop.c ssh.c ssh.h]
3569 support for ~. in ssh2
3570 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
3571 [crc32.h]
3572 proper prototype
3573 - markus@cvs.openbsd.org 2000/08/19 15:34:44
bcbf86ec 3574 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
3575 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
2e73a022 3576 [fingerprint.c fingerprint.h]
3577 add SSH2/DSA support to the agent and some other DSA related cleanups.
3578 (note that we cannot talk to ssh.com's ssh2 agents)
3579 - markus@cvs.openbsd.org 2000/08/19 15:55:52
3580 [channels.c channels.h clientloop.c]
3581 more ~ support for ssh2
3582 - markus@cvs.openbsd.org 2000/08/19 16:21:19
3583 [clientloop.c]
3584 oops
3585 - millert@cvs.openbsd.org 2000/08/20 12:25:53
3586 [session.c]
3587 We have to stash the result of get_remote_name_or_ip() before we
3588 close our socket or getpeername() will get EBADF and the process
3589 will exit. Only a problem for "UseLogin yes".
3590 - millert@cvs.openbsd.org 2000/08/20 12:30:59
3591 [session.c]
3592 Only check /etc/nologin if "UseLogin no" since login(1) may have its
3593 own policy on determining who is allowed to login when /etc/nologin
3594 is present. Also use the _PATH_NOLOGIN define.
3595 - millert@cvs.openbsd.org 2000/08/20 12:42:43
3596 [auth1.c auth2.c session.c ssh.c]
3597 Add calls to setusercontext() and login_get*(). We basically call
3598 setusercontext() in most places where previously we did a setlogin().
3599 Add default login.conf file and put root in the "daemon" login class.
3600 - millert@cvs.openbsd.org 2000/08/21 10:23:31
3601 [session.c]
3602 Fix incorrect PATH setting; noted by Markus.
137d7b6c 3603
c345cf9d 360420000818
3605 - (djm) OpenBSD CVS changes:
3606 - markus@cvs.openbsd.org 2000/07/22 03:14:37
3607 [servconf.c servconf.h sshd.8 sshd.c sshd_config]
3608 random early drop; ok theo, niels
3609 - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
3610 [ssh.1]
3611 typo
3612 - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
3613 [sshd.8]
3614 many fixes from pepper@mail.reppep.com
3615 - provos@cvs.openbsd.org 2000/08/01 13:01:42
3616 [Makefile.in util.c aux.c]
3617 rename aux.c to util.c to help with cygwin port
3618 - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
3619 [authfd.c]
3620 correct sun_len; Alexander@Leidinger.net
3621 - provos@cvs.openbsd.org 2000/08/02 10:27:17
3622 [readconf.c sshd.8]
3623 disable kerberos authentication by default
3624 - provos@cvs.openbsd.org 2000/08/02 11:27:05
3625 [sshd.8 readconf.c auth-krb4.c]
3626 disallow kerberos authentication if we can't verify the TGT; from
3627 dugsong@
3628 kerberos authentication is on by default only if you have a srvtab.
3629 - markus@cvs.openbsd.org 2000/08/04 14:30:07
3630 [auth.c]
3631 unused
3632 - markus@cvs.openbsd.org 2000/08/04 14:30:35
3633 [sshd_config]
3634 MaxStartups
3635 - markus@cvs.openbsd.org 2000/08/15 13:20:46
3636 [authfd.c]
3637 cleanup; ok niels@
3638 - markus@cvs.openbsd.org 2000/08/17 14:05:10
3639 [session.c]
3640 cleanup login(1)-like jobs, no duplicate utmp entries
3641 - markus@cvs.openbsd.org 2000/08/17 14:06:34
3642 [session.c sshd.8 sshd.c]
3643 sshd -u len, similar to telnetd
1a022229 3644 - (djm) Lastlog was not getting closed after writing login entry
39987cc0 3645 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
c345cf9d 3646
416ed5a7 364720000816
3648 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
bcbf86ec 3649 - (djm) Fix strerror replacement for old SunOS. Based on patch from
416ed5a7 3650 Charles Levert <charles@comm.polymtl.ca>
bcbf86ec 3651 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
416ed5a7 3652 implementation.
ba606eb2 3653 - (djm) SUN_LEN macro for systems which lack it
416ed5a7 3654
dbaa2e87 365520000815
3656 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
cd352c82 3657 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
3658 Michael Stone <mstone@cs.loyola.edu>
d93a7e5a 3659 - (djm) Don't seek in directory based lastlogs
bcbf86ec 3660 - (djm) Fix --with-ipaddr-display configure option test. Patch from
d93a7e5a 3661 Jarno Huuskonen <jhuuskon@messi.uku.fi>
2a2cb9e7 3662 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
dbaa2e87 3663
6c33bf70 366420000813
3665 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
3666 Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
3667
3fcce26c 366820000809
bcbf86ec 3669 - (djm) Define AIX hard limits if headers don't. Report from
3fcce26c 3670 Bill Painter <william.t.painter@lmco.com>
bcbf86ec 3671 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
32eec038 3672 <charles@comm.polymtl.ca>
3fcce26c 3673
71d43804 367420000808
3675 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
3676 time, spec file cleanup.
3677
f9bcea07 367820000807
378f2232 3679 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
47670e77 3680 - (djm) Suppress error messages on channel close shutdown() failurs
3681 works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
378f2232 3682 - (djm) Add some more entropy collection commands from Lutz Jaenicke
f9bcea07 3683
bcf89935 368420000725
3685 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
3686
4c8722d9 368720000721
3688 - (djm) OpenBSD CVS updates:
3689 - markus@cvs.openbsd.org 2000/07/16 02:27:22
3690 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
3691 [sshconnect1.c sshconnect2.c]
3692 make ssh-add accept dsa keys (the agent does not)
3693 - djm@cvs.openbsd.org 2000/07/17 19:25:02
3694 [sshd.c]
3695 Another closing of stdin; ok deraadt
3696 - markus@cvs.openbsd.org 2000/07/19 18:33:12
3697 [dsa.c]
3698 missing free, reorder
3699 - markus@cvs.openbsd.org 2000/07/20 16:23:14
3700 [ssh-keygen.1]
3701 document input and output files
3702
240777b8 370320000720
4c8722d9 3704 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
240777b8 3705
3c7def32 370620000716
4c8722d9 3707 - (djm) Release 2.1.1p4
3c7def32 3708
819b676f 370920000715
704b1659 3710 - (djm) OpenBSD CVS updates
3711 - provos@cvs.openbsd.org 2000/07/13 16:53:22
3712 [aux.c readconf.c servconf.c ssh.h]
3713 allow multiple whitespace but only one '=' between tokens, bug report from
3714 Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
3715 - provos@cvs.openbsd.org 2000/07/13 17:14:09
3716 [clientloop.c]
3717 typo; todd@fries.net
3718 - provos@cvs.openbsd.org 2000/07/13 17:19:31
3719 [scp.c]
3720 close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
3721 - markus@cvs.openbsd.org 2000/07/14 16:59:46
3722 [readconf.c servconf.c]
3723 allow leading whitespace. ok niels
3724 - djm@cvs.openbsd.org 2000/07/14 22:01:38
3725 [ssh-keygen.c ssh.c]
3726 Always create ~/.ssh with mode 700; ok Markus
819b676f 3727 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
3728 - Include floatingpoint.h for entropy.c
3729 - strerror replacement
704b1659 3730
3f7a7e4a 373120000712
c37fb3c1 3732 - (djm) Remove -lresolve for Reliant Unix
3f7a7e4a 3733 - (djm) OpenBSD CVS Updates:
3734 - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
3735 [session.c sshd.c ]
3736 make MaxStartups code still work with -d; djm
3737 - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
3738 [readconf.c ssh_config]
3739 disable FallBackToRsh by default
c37fb3c1 3740 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
3741 Ben Lindstrom <mouring@pconline.com>
1e970014 3742 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
3743 spec file.
dcb36e5d 3744 - (djm) Released 2.1.1p3
3f7a7e4a 3745
56118702 374620000711
3747 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
3748 <tbert@abac.com>
132dd316 3749 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
bcbf86ec 3750 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
c99e5056 3751 <mouring@pconline.com>
bcbf86ec 3752 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
dc2a6d09 3753 from Jim Watt <jimw@peisj.pebio.com>
2d9a148e 3754 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
3755 to compile on more platforms (incl NeXT).
cc6f2c4c 3756 - (djm) Added bsd-inet_aton and configure support for NeXT
aae19451 3757 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
089fbbd2 3758 - (djm) OpenBSD CVS updates:
3759 - markus@cvs.openbsd.org 2000/06/26 03:22:29
3760 [authfd.c]
3761 cleanup, less cut&paste
3762 - markus@cvs.openbsd.org 2000/06/26 15:59:19
3763 [servconf.c servconf.h session.c sshd.8 sshd.c]
bcbf86ec 3764 MaxStartups: limit number of unauthenticated connections, work by
089fbbd2 3765 theo and me
3766 - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
3767 [session.c]
3768 use no_x11_forwarding_flag correctly; provos ok
3769 - provos@cvs.openbsd.org 2000/07/05 15:35:57
3770 [sshd.c]
3771 typo
3772 - aaron@cvs.openbsd.org 2000/07/05 22:06:58
3773 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
bcbf86ec 3774 Insert more missing .El directives. Our troff really should identify
089fbbd2 3775 these and spit out a warning.
3776 - todd@cvs.openbsd.org 2000/07/06 21:55:04
3777 [auth-rsa.c auth2.c ssh-keygen.c]
3778 clean code is good code
3779 - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
3780 [serverloop.c]
3781 sense of port forwarding flag test was backwards
3782 - provos@cvs.openbsd.org 2000/07/08 17:17:31
3783 [compat.c readconf.c]
3784 replace strtok with strsep; from David Young <dyoung@onthejob.net>
3785 - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
3786 [auth.h]
3787 KNF
3788 - ho@cvs.openbsd.org 2000/07/08 19:27:33
3789 [compat.c readconf.c]
3790 Better conditions for strsep() ending.
3791 - ho@cvs.openbsd.org 2000/07/10 10:27:05
3792 [readconf.c]
3793 Get the correct message on errors. (niels@ ok)
3794 - ho@cvs.openbsd.org 2000/07/10 10:30:25
3795 [cipher.c kex.c servconf.c]
3796 strtok() --> strsep(). (niels@ ok)
5540ea9b 3797 - (djm) Fix problem with debug mode and MaxStartups
eb37534b 3798 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
3799 builds)
229f64ee 3800 - (djm) Add strsep function from OpenBSD libc for systems that lack it
56118702 3801
a8545c6c 380220000709
3803 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
3804 Kevin Steves <stevesk@sweden.hp.com>
ec90a7d6 3805 - (djm) Match prototype and function declaration for rresvport_af.
3806 Problem report from Niklas Edmundsson <nikke@ing.umu.se>
bcbf86ec 3807 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
732e8ac5 3808 builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
37f1df94 3809 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
3810 <jimw@peisj.pebio.com>
264dce47 3811 - (djm) Fix pam sprintf fix
3812 - (djm) Cleanup entropy collection code a little more. Split initialisation
3813 from seeding, perform intialisation immediatly at start, be careful with
3814 uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
5bf9cfe9 3815 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
3816 Including sigaction() et al. replacements
bcbf86ec 3817 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
eeec075f 3818 <tbert@abac.com>
a8545c6c 3819
e2902a5b 382020000708
bcbf86ec 3821 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
e2902a5b 3822 Aaron Hopkins <aaron@die.net>
7a33f831 3823 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
3824 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 3825 - (djm) Fixed undefined variables for OSF SIA. Report from
b3f162ba 3826 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
bcbf86ec 3827 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
b28e4a3b 3828 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
bcbf86ec 3829 - (djm) Don't use inet_addr.
e2902a5b 3830
5637650d 383120000702
3832 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
27494968 3833 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
3834 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
a4070484 3835 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
3836 Chris, the Young One <cky@pobox.com>
bcbf86ec 3837 - (djm) Fix scp progress meter on really wide terminals. Based on patch
88726b31 3838 from James H. Cloos Jr. <cloos@jhcloos.com>
5637650d 3839
388e9f9f 384020000701
3841 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
daaff4d5 3842 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
82258d68 3843 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
3844 <vinschen@cygnus.com>
30228d7c 3845 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
2647ae26 3846 - (djm) Added check for broken snprintf() functions which do not correctly
3847 terminate output string and attempt to use replacement.
46158300 3848 - (djm) Released 2.1.1p2
388e9f9f 3849
9f32ceb4 385020000628
3851 - (djm) Fixes to lastlog code for Irix
3852 - (djm) Use atomicio in loginrec
3206bb3b 3853 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
3854 Irix 6.x array sessions, project id's, and system audit trail id.
9e0c3e1f 3855 - (djm) Added 'distprep' make target to simplify packaging
bcbf86ec 3856 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
4d33e531 3857 support. Enable using "USE_SIA=1 ./configure [options]"
61e96248 3858
d8caae24 385920000627
3860 - (djm) Fixes to login code - not setting li->uid, cleanups
a05a70ab 3861 - (djm) Formatting
d8caae24 3862
fe30cc2e 386320000626
3e98362e 3864 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
4cb5ffa0 3865 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
3866 - (djm) Added password expiry checking (no password change support)
be0b9bb7 3867 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
3868 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
b5b3f75d 3869 - (djm) Fix fixed EGD code.
3e98362e 3870 - OpenBSD CVS update
3871 - provos@cvs.openbsd.org 2000/06/25 14:17:58
3872 [channels.c]
3873 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
3874
1c04b088 387520000623
bcbf86ec 3876 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
1c04b088 3877 Svante Signell <svante.signell@telia.com>
3878 - (djm) Autoconf logic to define sa_family_t if it is missing
e5a0294f 3879 - OpenBSD CVS Updates:
3880 - markus@cvs.openbsd.org 2000/06/22 10:32:27
3881 [sshd.c]
3882 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
3883 - djm@cvs.openbsd.org 2000/06/22 17:55:00
3884 [auth-krb4.c key.c radix.c uuencode.c]
3885 Missing CVS idents; ok markus
1c04b088 3886
f528fdf2 388720000622
3888 - (djm) Automatically generate host key during "make install". Suggested
3889 by Gary E. Miller <gem@rellim.com>
3890 - (djm) Paranoia before kill() system call
74fc9186 3891 - OpenBSD CVS Updates:
3892 - markus@cvs.openbsd.org 2000/06/18 18:50:11
3893 [auth2.c compat.c compat.h sshconnect2.c]
3894 make userauth+pubkey interop with ssh.com-2.2.0
3895 - markus@cvs.openbsd.org 2000/06/18 20:56:17
3896 [dsa.c]
3897 mem leak + be more paranoid in dsa_verify.
3898 - markus@cvs.openbsd.org 2000/06/18 21:29:50
3899 [key.c]
3900 cleanup fingerprinting, less hardcoded sizes
3901 - markus@cvs.openbsd.org 2000/06/19 19:39:45
3902 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
3903 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
bcbf86ec 3904 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
74fc9186 3905 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
3906 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
bcbf86ec 3907 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
3908 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
74fc9186 3909 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
3910 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
3911 OpenBSD tag
3912 - markus@cvs.openbsd.org 2000/06/21 10:46:10
3913 sshconnect2.c missing free; nuke old comment
f528fdf2 3914
e5fe9a1f 391520000620
3916 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
986a22ec 3917 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
e5fe9a1f 3918 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
c03aced4 3919 - (djm) Typo in loginrec.c
e5fe9a1f 3920
cbd7492e 392120000618
3922 - (djm) Add summary of configure options to end of ./configure run
bcbf86ec 3923 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
cbd7492e 3924 Michael Stone <mstone@cs.loyola.edu>
bcbf86ec 3925 - (djm) rusage is a privileged operation on some Unices (incl.
cbd7492e 3926 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
bcbf86ec 3927 - (djm) Avoid PAM failures when running without a TTY. Report from
cbd7492e 3928 Martin Petrak <petrak@spsknm.schools.sk>
3929 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
3930 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
729bfe59 3931 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
38c295d6 3932 - OpenBSD CVS updates:
3933 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
3934 [channels.c]
3935 everyone says "nix it" (remove protocol 2 debugging message)
3936 - markus@cvs.openbsd.org 2000/06/17 13:24:34
3937 [sshconnect.c]
3938 allow extended server banners
3939 - markus@cvs.openbsd.org 2000/06/17 14:30:10
3940 [sshconnect.c]
3941 missing atomicio, typo
3942 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
3943 [servconf.c servconf.h session.c sshd.8 sshd_config]
3944 add support for ssh v2 subsystems. ok markus@.
3945 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
3946 [readconf.c servconf.c]
3947 include = in WHITESPACE; markus ok
3948 - markus@cvs.openbsd.org 2000/06/17 19:09:10
3949 [auth2.c]
3950 implement bug compatibility with ssh-2.0.13 pubkey, server side
3951 - markus@cvs.openbsd.org 2000/06/17 21:00:28
3952 [compat.c]
3953 initial support for ssh.com's 2.2.0
3954 - markus@cvs.openbsd.org 2000/06/17 21:16:09
3955 [scp.c]
3956 typo
3957 - markus@cvs.openbsd.org 2000/06/17 22:05:02
3958 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
3959 split auth-rsa option parsing into auth-options
3960 add options support to authorized_keys2
3961 - markus@cvs.openbsd.org 2000/06/17 22:42:54
3962 [session.c]
3963 typo
cbd7492e 3964
509b1f88 396520000613
3966 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
3967 - Platform define for SCO 3.x which breaks on /dev/ptmx
3968 - Detect and try to fix missing MAXPATHLEN
a4d05724 3969 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
3970 <P.S.S.Camp@ukc.ac.uk>
509b1f88 3971
09564242 397220000612
3973 - (djm) Glob manpages in RPM spec files to catch compressed files
3974 - (djm) Full license in auth-pam.c
08ae384f 3975 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
383207f7 3976 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
3977 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
3978 def'd
3979 - Set AIX to use preformatted manpages
61e96248 3980
74b224a0 398120000610
3982 - (djm) Minor doc tweaks
217ab55e 3983 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
74b224a0 3984
32c80420 398520000609
3986 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
3987 (in favour of utmpx) on Solaris 8
3988
fa649821 398920000606
48c99b2c 3990 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
3991 list of commands (by default). Removed verbose debugging (by default).
bcbf86ec 3992 - (djm) Increased command entropy estimates and default entropy collection
48c99b2c 3993 timeout
f988dce5 3994 - (djm) Remove duplicate headers from loginrec.c
c5fa2eb0 3995 - (djm) Don't add /usr/local/lib to library search path on Irix
bcbf86ec 3996 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
fa649821 3997 <tibbs@math.uh.edu>
1e83f2a2 3998 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
3999 <zack@wolery.cumb.org>
fa649821 4000 - (djm) OpenBSD CVS updates:
4001 - todd@cvs.openbsd.org
4002 [sshconnect2.c]
4003 teach protocol v2 to count login failures properly and also enable an
4004 explanation of why the password prompt comes up again like v1; this is NOT
4005 crypto
61e96248 4006 - markus@cvs.openbsd.org
fa649821 4007 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
4008 xauth_location support; pr 1234
4009 [readconf.c sshconnect2.c]
4010 typo, unused
4011 [session.c]
4012 allow use_login only for login sessions, otherwise remote commands are
4013 execed with uid==0
4014 [sshd.8]
4015 document UseLogin better
4016 [version.h]
4017 OpenSSH 2.1.1
4018 [auth-rsa.c]
bcbf86ec 4019 fix match_hostname() logic for auth-rsa: deny access if we have a
fa649821 4020 negative match or no match at all
4021 [channels.c hostfile.c match.c]
bcbf86ec 4022 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
fa649821 4023 kris@FreeBSD.org
4024
8e7b16f8 402520000606
bcbf86ec 4026 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
8e7b16f8 4027 configure.
4028
d7c0f3d5 402920000604
4030 - Configure tweaking for new login code on Irix 5.3
2d6c411f 4031 - (andre) login code changes based on djm feedback
d7c0f3d5 4032
2d6c411f 403320000603
4034 - (andre) New login code
4035 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
4036 - Add loginrec.[ch], logintest.c and autoconf code
61e96248 4037
5daf7064 403820000531
4039 - Cleanup of auth.c, login.c and fake-*
4040 - Cleanup of auth-pam.c, save and print "account expired" error messages
e5662474 4041 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
69134b9b 4042 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
4043 of fallback DIY code.
5daf7064 4044
b9f446d1 404520000530
4046 - Define atexit for old Solaris
b02ebca1 4047 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
4048 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
71276795 4049 - OpenBSD CVS updates:
4050 - markus@cvs.openbsd.org
4051 [session.c]
4052 make x11-fwd work w/ localhost (xauth add host/unix:11)
4053 [cipher.c compat.c readconf.c servconf.c]
4054 check strtok() != NULL; ok niels@
4055 [key.c]
4056 fix key_read() for uuencoded keys w/o '='
4057 [serverloop.c]
4058 group ssh1 vs. ssh2 in serverloop
4059 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
4060 split kexinit/kexdh, factor out common code
4061 [readconf.c ssh.1 ssh.c]
4062 forwardagent defaults to no, add ssh -A
4063 - theo@cvs.openbsd.org
4064 [session.c]
4065 just some line shortening
60688ef9 4066 - Released 2.1.0p3
b9f446d1 4067
29611d9c 406820000520
4069 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
25422c70 4070 - Don't touch utmp if USE_UTMPX defined
a423beaf 4071 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
fc1e8bf4 4072 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
bcbf86ec 4073 - HPUX and Configure fixes from Lutz Jaenicke
fc1e8bf4 4074 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 4075 - Use mkinstalldirs script to make directories instead of non-portable
fc1e8bf4 4076 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a905808d 4077 - Doc cleanup
29611d9c 4078
301e9b01 407920000518
4080 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
4081 - OpenBSD CVS updates:
4082 - markus@cvs.openbsd.org
4083 [sshconnect.c]
4084 copy only ai_addrlen bytes; misiek@pld.org.pl
4085 [auth.c]
bcbf86ec 4086 accept an empty shell in authentication; bug reported by
301e9b01 4087 chris@tinker.ucr.edu
4088 [serverloop.c]
4089 we don't have stderr for interactive terminal sessions (fcntl errors)
4090
ad85db64 409120000517
4092 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
4093 - Fixes command line printing segfaults (spotter: Bladt Norbert)
4094 - Fixes erroneous printing of debug messages to syslog
4095 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
4096 - Gives useful error message if PRNG initialisation fails
4097 - Reduced ssh startup delay
4098 - Measures cumulative command time rather than the time between reads
704b1659 4099 after select()
ad85db64 4100 - 'fixprogs' perl script to eliminate non-working entropy commands, and
704b1659 4101 optionally run 'ent' to measure command entropy
c1ef8333 4102 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
a64009ad 4103 - Avoid WCOREDUMP complation errors for systems that lack it
bcbf86ec 4104 - Avoid SIGCHLD warnings from entropy commands
28c1d5ce 4105 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
0e73cc53 4106 - OpenBSD CVS update:
bcbf86ec 4107 - markus@cvs.openbsd.org
0e73cc53 4108 [ssh.c]
4109 fix usage()
4110 [ssh2.h]
4111 draft-ietf-secsh-architecture-05.txt
4112 [ssh.1]
4113 document ssh -T -N (ssh2 only)
4114 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
4115 enable nonblocking IO for sshd w/ proto 1, too; split out common code
4116 [aux.c]
4117 missing include
c04f75f1 4118 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
4119 - INSTALL typo and URL fix
4120 - Makefile fix
4121 - Solaris fixes
bcbf86ec 4122 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
c04f75f1 4123 <ksakai@kso.netwk.ntt-at.co.jp>
afa5ee68 4124 - RSAless operation patch from kevin_oconnor@standardandpoors.com
d45e3d76 4125 - Detect OpenSSL seperatly from RSA
bcbf86ec 4126 - Better test for RSA (more compatible with RSAref). Based on work by
d45e3d76 4127 Ed Eden <ede370@stl.rural.usda.gov>
ad85db64 4128
3d1a1654 412920000513
bcbf86ec 4130 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
3d1a1654 4131 <misiek@pld.org.pl>
4132
d02a3a00 413320000511
bcbf86ec 4134 - Fix for prng_seed permissions checking from Lutz Jaenicke
d02a3a00 4135 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3d1a1654 4136 - "make host-key" fix for Irix
d02a3a00 4137
d0c832f3 413820000509
4139 - OpenBSD CVS update
4140 - markus@cvs.openbsd.org
4141 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
4142 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
4143 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
4144 - hugh@cvs.openbsd.org
4145 [ssh.1]
4146 - zap typo
4147 [ssh-keygen.1]
4148 - One last nit fix. (markus approved)
4149 [sshd.8]
4150 - some markus certified spelling adjustments
4151 - markus@cvs.openbsd.org
4152 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
4153 [sshconnect2.c ]
4154 - bug compat w/ ssh-2.0.13 x11, split out bugs
4155 [nchan.c]
4156 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
4157 [ssh-keygen.c]
4158 - handle escapes in real and original key format, ok millert@
4159 [version.h]
4160 - OpenSSH-2.1
3dc1102e 4161 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
e93ee87a 4162 - Doc updates
bcbf86ec 4163 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
21e5304a 4164 by Andre Lucas <andre.lucas@dial.pipex.com>
d0c832f3 4165
ebdeb9a8 416620000508
4167 - Makefile and RPM spec fixes
4168 - Generate DSA host keys during "make key" or RPM installs
f6cde515 4169 - OpenBSD CVS update
4170 - markus@cvs.openbsd.org
4171 [clientloop.c sshconnect2.c]
4172 - make x11-fwd interop w/ ssh-2.0.13
4173 [README.openssh2]
4174 - interop w/ SecureFX
4175 - Release 2.0.0beta2
ebdeb9a8 4176
bcbf86ec 4177 - Configure caching and cleanup patch from Andre Lucas'
58d100bf 4178 <andre.lucas@dial.pipex.com>
4179
1d1ffb87 418020000507
4181 - Remove references to SSLeay.
4182 - Big OpenBSD CVS update
4183 - markus@cvs.openbsd.org
4184 [clientloop.c]
4185 - typo
4186 [session.c]
4187 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
4188 [session.c]
4189 - update proctitle for proto 1, too
4190 [channels.h nchan.c serverloop.c session.c sshd.c]
4191 - use c-style comments
4192 - deraadt@cvs.openbsd.org
4193 [scp.c]
4194 - more atomicio
bcbf86ec 4195 - markus@cvs.openbsd.org
1d1ffb87 4196 [channels.c]
4197 - set O_NONBLOCK
4198 [ssh.1]
4199 - update AUTHOR
4200 [readconf.c ssh-keygen.c ssh.h]
4201 - default DSA key file ~/.ssh/id_dsa
4202 [clientloop.c]
4203 - typo, rm verbose debug
4204 - deraadt@cvs.openbsd.org
4205 [ssh-keygen.1]
4206 - document DSA use of ssh-keygen
4207 [sshd.8]
4208 - a start at describing what i understand of the DSA side
4209 [ssh-keygen.1]
4210 - document -X and -x
4211 [ssh-keygen.c]
4212 - simplify usage
bcbf86ec 4213 - markus@cvs.openbsd.org
1d1ffb87 4214 [sshd.8]
4215 - there is no rhosts_dsa
4216 [ssh-keygen.1]
4217 - document -y, update -X,-x
4218 [nchan.c]
4219 - fix close for non-open ssh1 channels
4220 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
4221 - s/DsaKey/HostDSAKey/, document option
4222 [sshconnect2.c]
4223 - respect number_of_password_prompts
4224 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
4225 - GatewayPorts for sshd, ok deraadt@
4226 [ssh-add.1 ssh-agent.1 ssh.1]
4227 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
4228 [ssh.1]
4229 - more info on proto 2
4230 [sshd.8]
4231 - sync AUTHOR w/ ssh.1
4232 [key.c key.h sshconnect.c]
4233 - print key type when talking about host keys
4234 [packet.c]
4235 - clear padding in ssh2
4236 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
4237 - replace broken uuencode w/ libc b64_ntop
4238 [auth2.c]
4239 - log failure before sending the reply
4240 [key.c radix.c uuencode.c]
4241 - remote trailing comments before calling __b64_pton
4242 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
4243 [sshconnect2.c sshd.8]
4244 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
4245 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
4246
1a11e1ae 424720000502
0fbe8c74 4248 - OpenBSD CVS update
4249 [channels.c]
4250 - init all fds, close all fds.
4251 [sshconnect2.c]
4252 - check whether file exists before asking for passphrase
4253 [servconf.c servconf.h sshd.8 sshd.c]
4254 - PidFile, pr 1210
4255 [channels.c]
4256 - EINTR
4257 [channels.c]
4258 - unbreak, ok niels@
4259 [sshd.c]
4260 - unlink pid file, ok niels@
4261 [auth2.c]
4262 - Add missing #ifdefs; ok - markus
bcbf86ec 4263 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
d3083fbd 4264 gathering commands from a text file
1a11e1ae 4265 - Release 2.0.0beta1
4266
c4bc58eb 426720000501
4268 - OpenBSD CVS update
4269 [packet.c]
4270 - send debug messages in SSH2 format
3189621b 4271 [scp.c]
4272 - fix very rare EAGAIN/EINTR issues; based on work by djm
4273 [packet.c]
4274 - less debug, rm unused
4275 [auth2.c]
4276 - disable kerb,s/key in ssh2
4277 [sshd.8]
4278 - Minor tweaks and typo fixes.
4279 [ssh-keygen.c]
4280 - Put -d into usage and reorder. markus ok.
bcbf86ec 4281 - Include missing headers for OpenSSL tests. Fix from Phil Karn
44fb55e9 4282 <karn@ka9q.ampr.org>
bcbf86ec 4283 - Fixed __progname symbol collisions reported by Andre Lucas
3fd95d9a 4284 <andre.lucas@dial.pipex.com>
0d5f7abc 4285 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
4286 <gd@hilb1.medat.de>
8cb940db 4287 - Add some missing ifdefs to auth2.c
8af50c98 4288 - Deprecate perl-tk askpass.
52bcc044 4289 - Irix portability fixes - don't include netinet headers more than once
4290 - Make sure we don't save PRNG seed more than once
c4bc58eb 4291
2b763e31 429220000430
4293 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
b7a87eea 4294 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
4295 patch.
4296 - Adds timeout to entropy collection
4297 - Disables slow entropy sources
4298 - Load and save seed file
bcbf86ec 4299 - Changed entropy seed code to user per-user seeds only (server seed is
b7a87eea 4300 saved in root's .ssh directory)
4301 - Use atexit() and fatal cleanups to save seed on exit
0b242b12 4302 - More OpenBSD updates:
4303 [session.c]
4304 - don't call chan_write_failed() if we are not writing
4305 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
4306 - keysize warnings error() -> log()
2b763e31 4307
a306f2dd 430820000429
4309 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
4310 [README.openssh2]
4311 - interop w/ F-secure windows client
4312 - sync documentation
4313 - ssh_host_dsa_key not ssh_dsa_key
4314 [auth-rsa.c]
4315 - missing fclose
4316 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
4317 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
4318 [sshd.c uuencode.c uuencode.h authfile.h]
4319 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
4320 for trading keys with the real and the original SSH, directly from the
4321 people who invented the SSH protocol.
4322 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
4323 [sshconnect1.c sshconnect2.c]
4324 - split auth/sshconnect in one file per protocol version
4325 [sshconnect2.c]
4326 - remove debug
4327 [uuencode.c]
4328 - add trailing =
4329 [version.h]
4330 - OpenSSH-2.0
4331 [ssh-keygen.1 ssh-keygen.c]
4332 - add -R flag: exit code indicates if RSA is alive
4333 [sshd.c]
4334 - remove unused
4335 silent if -Q is specified
4336 [ssh.h]
4337 - host key becomes /etc/ssh_host_dsa_key
4338 [readconf.c servconf.c ]
4339 - ssh/sshd default to proto 1 and 2
4340 [uuencode.c]
4341 - remove debug
4342 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
4343 - xfree DSA blobs
4344 [auth2.c serverloop.c session.c]
4345 - cleanup logging for sshd/2, respect PasswordAuth no
4346 [sshconnect2.c]
4347 - less debug, respect .ssh/config
4348 [README.openssh2 channels.c channels.h]
bcbf86ec 4349 - clientloop.c session.c ssh.c
a306f2dd 4350 - support for x11-fwding, client+server
4351
0ac7199f 435220000421
4353 - Merge fix from OpenBSD CVS
4354 [ssh-agent.c]
4355 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
4356 via Debian bug #59926
18ba2aab 4357 - Define __progname in session.c if libc doesn't
4358 - Remove indentation on autoconf #include statements to avoid bug in
bcbf86ec 4359 DEC Tru64 compiler. Report and fix from David Del Piero
18ba2aab 4360 <David.DelPiero@qed.qld.gov.au>
0ac7199f 4361
e1b37056 436220000420
bcbf86ec 4363 - Make fixpaths work with perl4, patch from Andre Lucas
e1b37056 4364 <andre.lucas@dial.pipex.com>
9da5c3c9 4365 - Sync with OpenBSD CVS:
4366 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
4367 - pid_t
4368 [session.c]
4369 - remove bogus chan_read_failed. this could cause data
4370 corruption (missing data) at end of a SSH2 session.
4e577b89 4371 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
4372 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
4373 - Use vhangup to clean up Linux ttys
4374 - Force posix getopt processing on GNU libc systems
371ecff9 4375 - Debian bug #55910 - remove references to ssl(8) manpages
247f1a89 4376 - Debian bug #58031 - ssh_config lies about default cipher
e1b37056 4377
d6f24e45 437820000419
4379 - OpenBSD CVS updates
4380 [channels.c]
4381 - fix pr 1196, listen_port and port_to_connect interchanged
4382 [scp.c]
bcbf86ec 4383 - after completion, replace the progress bar ETA counter with a final
d6f24e45 4384 elapsed time; my idea, aaron wrote the patch
4385 [ssh_config sshd_config]
4386 - show 'Protocol' as an example, ok markus@
4387 [sshd.c]
4388 - missing xfree()
4389 - Add missing header to bsd-misc.c
4390
35484284 439120000416
4392 - Reduce diff against OpenBSD source
bcbf86ec 4393 - All OpenSSL includes are now unconditionally referenced as
35484284 4394 openssl/foo.h
4395 - Pick up formatting changes
4396 - Other minor changed (typecasts, etc) that I missed
4397
6ae2364d 439820000415
4399 - OpenBSD CVS updates.
4400 [ssh.1 ssh.c]
4401 - ssh -2
4402 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
4403 [session.c sshconnect.c]
4404 - check payload for (illegal) extra data
4405 [ALL]
4406 whitespace cleanup
4407
c323ac76 440820000413
4409 - INSTALL doc updates
f54651ce 4410 - Merged OpenBSD updates to include paths.
bcbf86ec 4411
a8be9f80 441220000412
4413 - OpenBSD CVS updates:
4414 - [channels.c]
4415 repair x11-fwd
4416 - [sshconnect.c]
4417 fix passwd prompt for ssh2, less debugging output.
4418 - [clientloop.c compat.c dsa.c kex.c sshd.c]
4419 less debugging output
4420 - [kex.c kex.h sshconnect.c sshd.c]
4421 check for reasonable public DH values
4422 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
4423 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
4424 add Cipher and Protocol options to ssh/sshd, e.g.:
4425 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
4426 arcfour,3des-cbc'
4427 - [sshd.c]
4428 print 1.99 only if server supports both
4429
18e92801 443020000408
4431 - Avoid some compiler warnings in fake-get*.c
4432 - Add IPTOS macros for systems which lack them
9d98aaf6 4433 - Only set define entropy collection macros if they are found
e78a59f5 4434 - More large OpenBSD CVS updates:
4435 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
4436 [session.h ssh.h sshd.c README.openssh2]
4437 ssh2 server side, see README.openssh2; enable with 'sshd -2'
4438 - [channels.c]
4439 no adjust after close
4440 - [sshd.c compat.c ]
4441 interop w/ latest ssh.com windows client.
61e96248 4442
8ce64345 444320000406
4444 - OpenBSD CVS update:
4445 - [channels.c]
4446 close efd on eof
4447 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
4448 ssh2 client implementation, interops w/ ssh.com and lsh servers.
4449 - [sshconnect.c]
4450 missing free.
4451 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
4452 remove unused argument, split cipher_mask()
4453 - [clientloop.c]
4454 re-order: group ssh1 vs. ssh2
4455 - Make Redhat spec require openssl >= 0.9.5a
4456
e7627112 445720000404
4458 - Add tests for RAND_add function when searching for OpenSSL
7e7327a1 4459 - OpenBSD CVS update:
4460 - [packet.h packet.c]
4461 ssh2 packet format
4462 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
4463 [channels.h channels.c]
4464 channel layer support for ssh2
4465 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
4466 DSA, keyexchange, algorithm agreement for ssh2
6c081128 4467 - Generate manpages before make install not at the end of make all
4468 - Don't seed the rng quite so often
4469 - Always reseed rng when requested
e7627112 4470
bfc9a610 447120000403
4472 - Wrote entropy collection routines for systems that lack /dev/random
4473 and EGD
837c30b8 4474 - Disable tests and typedefs for 64 bit types. They are currently unused.
bfc9a610 4475
7368a6c8 447620000401
4477 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
4478 - [auth.c session.c sshd.c auth.h]
4479 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
4480 - [bufaux.c bufaux.h]
4481 support ssh2 bignums
4482 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
4483 [readconf.c ssh.c ssh.h serverloop.c]
4484 replace big switch() with function tables (prepare for ssh2)
4485 - [ssh2.h]
4486 ssh2 message type codes
4487 - [sshd.8]
4488 reorder Xr to avoid cutting
4489 - [serverloop.c]
4490 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
4491 - [channels.c]
4492 missing close
4493 allow bigger packets
4494 - [cipher.c cipher.h]
4495 support ssh2 ciphers
4496 - [compress.c]
4497 cleanup, less code
4498 - [dispatch.c dispatch.h]
4499 function tables for different message types
4500 - [log-server.c]
4501 do not log() if debuggin to stderr
4502 rename a cpp symbol, to avoid param.h collision
4503 - [mpaux.c]
4504 KNF
4505 - [nchan.c]
4506 sync w/ channels.c
4507
f5238bee 450820000326
4509 - Better tests for OpenSSL w/ RSAref
bcbf86ec 4510 - Added replacement setenv() function from OpenBSD libc. Suggested by
f5238bee 4511 Ben Lindstrom <mouring@pconline.com>
4fe2af09 4512 - OpenBSD CVS update
4513 - [auth-krb4.c]
4514 -Wall
4515 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
4516 [match.h ssh.c ssh.h sshconnect.c sshd.c]
4517 initial support for DSA keys. ok deraadt@, niels@
4518 - [cipher.c cipher.h]
4519 remove unused cipher_attack_detected code
4520 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
4521 Fix some formatting problems I missed before.
4522 - [ssh.1 sshd.8]
4523 fix spelling errors, From: FreeBSD
4524 - [ssh.c]
4525 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
f5238bee 4526
0024a081 452720000324
4528 - Released 1.2.3
4529
bd499f9e 453020000317
4531 - Clarified --with-default-path option.
4532 - Added -blibpath handling for AIX to work around stupid runtime linking.
4533 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
986a22ec 4534 <jmknoble@jmknoble.cx>
474b5fef 4535 - Checks for 64 bit int types. Problem report from Mats Fredholm
4536 <matsf@init.se>
610cd5c6 4537 - OpenBSD CVS updates:
bcbf86ec 4538 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
610cd5c6 4539 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
4540 [sshd.c]
4541 pedantic: signed vs. unsigned, void*-arithm, etc
4542 - [ssh.1 sshd.8]
4543 Various cleanups and standardizations.
bcbf86ec 4544 - Runtime error fix for HPUX from Otmar Stahl
be48d23c 4545 <O.Stahl@lsw.uni-heidelberg.de>
bd499f9e 4546
4696775a 454720000316
bcbf86ec 4548 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
4696775a 4549 Hesprich <dghespri@sprintparanet.com>
d423d822 4550 - Propogate LD through to Makefile
b7a9ce47 4551 - Doc cleanups
2ba2a610 4552 - Added blurb about "scp: command not found" errors to UPGRADING
4696775a 4553
cb0b7ea4 455420000315
4555 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
4556 problems with gcc/Solaris.
bcbf86ec 4557 - Don't free argument to putenv() after use (in setenv() replacement).
db55a3ea 4558 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
bcbf86ec 4559 - Created contrib/ subdirectory. Included helpers from Phil Hands'
13652e52 4560 Debian package, README file and chroot patch from Ricardo Cerqueira
4561 <rmcc@clix.pt>
bcbf86ec 4562 - Moved gnome-ssh-askpass.c to contrib directory and removed config
13652e52 4563 option.
4564 - Slight cleanup to doc files
b14b2ae7 4565 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
cb0b7ea4 4566
a8ed9fd9 456720000314
bcbf86ec 4568 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
a8ed9fd9 4569 peter@frontierflying.com
84afc958 4570 - Include /usr/local/include and /usr/local/lib for systems that don't
4571 do it themselves
4572 - -R/usr/local/lib for Solaris
4573 - Fix RSAref detection
4574 - Fix IN6_IS_ADDR_V4MAPPED macro
a8ed9fd9 4575
bcf36c78 457620000311
4577 - Detect RSAref
43e48848 4578 - OpenBSD CVS change
4579 [sshd.c]
4580 - disallow guessing of root password
867dbf40 4581 - More configure fixes
80faa19f 4582 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
bcf36c78 4583
c8d54615 458420000309
4585 - OpenBSD CVS updates to v1.2.3
704b1659 4586 [ssh.h atomicio.c]
4587 - int atomicio -> ssize_t (for alpha). ok deraadt@
4588 [auth-rsa.c]
4589 - delay MD5 computation until client sends response, free() early, cleanup.
4590 [cipher.c]
4591 - void* -> unsigned char*, ok niels@
4592 [hostfile.c]
4593 - remove unused variable 'len'. fix comments.
4594 - remove unused variable
4595 [log-client.c log-server.c]
4596 - rename a cpp symbol, to avoid param.h collision
4597 [packet.c]
4598 - missing xfree()
4599 - getsockname() requires initialized tolen; andy@guildsoftware.com
4600 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
4601 from Holger.Trapp@Informatik.TU-Chemnitz.DE
4602 [pty.c pty.h]
bcbf86ec 4603 - register cleanup for pty earlier. move code for pty-owner handling to
c8d54615 4604 pty.c ok provos@, dugsong@
704b1659 4605 [readconf.c]
4606 - turn off x11-fwd for the client, too.
4607 [rsa.c]
4608 - PKCS#1 padding
4609 [scp.c]
4610 - allow '.' in usernames; from jedgar@fxp.org
4611 [servconf.c]
4612 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
4613 - sync with sshd_config
4614 [ssh-keygen.c]
4615 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
4616 [ssh.1]
4617 - Change invalid 'CHAT' loglevel to 'VERBOSE'
4618 [ssh.c]
4619 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
4620 - turn off x11-fwd for the client, too.
4621 [sshconnect.c]
4622 - missing xfree()
4623 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
4624 - read error vs. "Connection closed by remote host"
4625 [sshd.8]
4626 - ie. -> i.e.,
4627 - do not link to a commercial page..
4628 - sync with sshd_config
4629 [sshd.c]
4630 - no need for poll.h; from bright@wintelcom.net
4631 - log with level log() not fatal() if peer behaves badly.
4632 - don't panic if client behaves strange. ok deraadt@
4633 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
4634 - delay close() of pty until the pty has been chowned back to root
4635 - oops, fix comment, too.
4636 - missing xfree()
4637 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
4638 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
bcbf86ec 4639 - register cleanup for pty earlier. move code for pty-owner handling to
704b1659 4640 pty.c ok provos@, dugsong@
4641 - create x11 cookie file
4642 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
4643 - version 1.2.3
c8d54615 4644 - Cleaned up
bcbf86ec 4645 - Removed warning workaround for Linux and devpts filesystems (no longer
d8223847 4646 required after OpenBSD updates)
c8d54615 4647
07055445 464820000308
4649 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
4650
465120000307
4652 - Released 1.2.2p1
4653
9c8c3fc6 465420000305
4655 - Fix DEC compile fix
54096dcc 4656 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
aa6bd60a 4657 - Check for getpagesize in libucb.a if not found in libc. Fix for old
4658 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 4659 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
9fc7867e 4660 Mate Wierdl <mw@moni.msci.memphis.edu>
9c8c3fc6 4661
6bf4d066 466220000303
4663 - Added "make host-key" target, Suggestion from Dominik Brettnacher
4664 <domi@saargate.de>
bcbf86ec 4665 - Don't permanently fail on bind() if getaddrinfo has more choices left for
16218745 4666 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
4667 Miskiewicz <misiek@pld.org.pl>
22fa590f 4668 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
4669 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
6bf4d066 4670
a0391976 467120000302
4672 - Big cleanup of autoconf code
4673 - Rearranged to be a little more logical
4674 - Added -R option for Solaris
4675 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
4676 to detect library and header location _and_ ensure library has proper
4677 RSA support built in (this is a problem with OpenSSL 0.9.5).
817175bc 4678 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
0a1718dc 4679 - Avoid warning message with Unix98 ptys
bcbf86ec 4680 - Warning was valid - possible race condition on PTYs. Avoided using
3276571c 4681 platform-specific code.
4682 - Document some common problems
bcbf86ec 4683 - Allow root access to any key. Patch from
81eef326 4684 markus.friedl@informatik.uni-erlangen.de
a0391976 4685
f55afe71 468620000207
4687 - Removed SOCKS code. Will support through a ProxyCommand.
4688
d07d1c58 468920000203
4690 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
d581b7ae 4691 - Add --with-ssl-dir option
d07d1c58 4692
9d5f374b 469320000202
bcbf86ec 4694 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
9d5f374b 4695 <jmd@aoe.vt.edu>
6b1f3fdb 4696 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 4697 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
6b1f3fdb 4698 <haruyama@nt.phys.s.u-tokyo.ac.jp>
9d5f374b 4699
bc8c2601 470020000201
4701 - Use socket pairs by default (instead of pipes). Prevents race condition
4702 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
4703
69c76614 470420000127
4705 - Seed OpenSSL's random number generator before generating RSA keypairs
4706 - Split random collector into seperate file
aaf2abd7 4707 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
69c76614 4708
f9507c24 470920000126
4710 - Released 1.2.2 stable
4711
bcbf86ec 4712 - NeXT keeps it lastlog in /usr/adm. Report from
f9507c24 4713 mouring@newton.pconline.com
bcbf86ec 4714 - Added note in UPGRADING re interop with commercial SSH using idea.
986a22ec 4715 Report from Jim Knoble <jmknoble@jmknoble.cx>
587120ad 4716 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
4717 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
f9507c24 4718
bfae20ad 471920000125
bcbf86ec 4720 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
bfae20ad 4721 <andre.lucas@dial.pipex.com>
07b0cb78 4722 - Reorder PAM initialisation so it does not mess up lastlog. Reported
4723 by Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 4724 - Use preformatted manpages on SCO, report from Gary E. Miller
9755cbdb 4725 <gem@rellim.com>
4726 - New URL for x11-ssh-askpass.
bcbf86ec 4727 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
986a22ec 4728 <jmknoble@jmknoble.cx>
bcbf86ec 4729 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
986a22ec 4730 Jim Knoble <jmknoble@jmknoble.cx>
ff8ecdb8 4731 - Updated RPM spec files to use DESTDIR
bfae20ad 4732
bb58aa4b 473320000124
4734 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
4735 increment)
4736
d45317d8 473720000123
4738 - OpenBSD CVS:
4739 - [packet.c]
4740 getsockname() requires initialized tolen; andy@guildsoftware.com
bcbf86ec 4741 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
4c40f834 4742 <drankin@bohemians.lexington.ky.us>
12aa90af 4743 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
d45317d8 4744
e844f761 474520000122
4746 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
4747 <bent@clark.net>
c54a6257 4748 - Merge preformatted manpage patch from Andre Lucas
4749 <andre.lucas@dial.pipex.com>
8eb34e02 4750 - Make IPv4 use the default in RPM packages
4751 - Irix uses preformatted manpages
1e64903d 4752 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
4753 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
9bc5ddfe 4754 - OpenBSD CVS updates:
4755 - [packet.c]
4756 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
4757 from Holger.Trapp@Informatik.TU-Chemnitz.DE
4758 - [sshd.c]
4759 log with level log() not fatal() if peer behaves badly.
4760 - [readpass.c]
bcbf86ec 4761 instead of blocking SIGINT, catch it ourselves, so that we can clean
4762 the tty modes up and kill ourselves -- instead of our process group
61e96248 4763 leader (scp, cvs, ...) going away and leaving us in noecho mode.
9bc5ddfe 4764 people with cbreak shells never even noticed..
399d9d44 4765 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
4766 ie. -> i.e.,
e844f761 4767
4c8ef3fb 476820000120
4769 - Don't use getaddrinfo on AIX
7b2ea3a1 4770 - Update to latest OpenBSD CVS:
4771 - [auth-rsa.c]
4772 - fix user/1056, sshd keeps restrictions; dbt@meat.net
4773 - [sshconnect.c]
4774 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
4775 - destroy keys earlier
bcbf86ec 4776 - split key exchange (kex) and user authentication (user-auth),
d468fc76 4777 ok: provos@
7b2ea3a1 4778 - [sshd.c]
4779 - no need for poll.h; from bright@wintelcom.net
4780 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
bcbf86ec 4781 - split key exchange (kex) and user authentication (user-auth),
d468fc76 4782 ok: provos@
f3bba493 4783 - Big manpage and config file cleanup from Andre Lucas
4784 <andre.lucas@dial.pipex.com>
5f4fdfae 4785 - Re-added latest (unmodified) OpenBSD manpages
47f9a56a 4786 - Doc updates
d468fc76 4787 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
4788 Christos Zoulas <christos@netbsd.org>
4c8ef3fb 4789
082bbfb3 479020000119
20af321f 4791 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
082bbfb3 4792 - Compile fix from Darren_Hall@progressive.com
59e76f33 4793 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
4794 addresses using getaddrinfo(). Added a configure switch to make the
4795 default lookup mode AF_INET
082bbfb3 4796
a63a7f37 479720000118
4798 - Fixed --with-pid-dir option
51a6baf8 4799 - Makefile fix from Gary E. Miller <gem@rellim.com>
61e96248 4800 - Compile fix for HPUX and Solaris from Andre Lucas
976f7e19 4801 <andre.lucas@dial.pipex.com>
a63a7f37 4802
f914c7fb 480320000117
4804 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
4805 port, ignore EINVAL errors (Linux) when searching for free port.
bcbf86ec 4806 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
de93b046 4807 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
9b363e1c 4808 - Document location of Redhat PAM file in INSTALL.
bcbf86ec 4809 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
4810 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
f4a7cf29 4811 deliver (no IPv6 kernel support)
80a44451 4812 - Released 1.2.1pre27
f914c7fb 4813
f4a7cf29 4814 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
bcbf86ec 4815 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
cf8ad170 4816 <jhuuskon@hytti.uku.fi>
bcbf86ec 4817 - Fix hang on logout if processes are still using the pty. Needs
691a8a9f 4818 further testing.
5957fd29 4819 - Patch from Christos Zoulas <christos@zoulas.com>
4820 - Try $prefix first when looking for OpenSSL.
4821 - Include sys/types.h when including sys/socket.h in test programs
bcbf86ec 4822 - Substitute PID directory in sshd.8. Suggestion from Andrew
19d9ac2a 4823 Stribblehill <a.d.stribblehill@durham.ac.uk>
f4a7cf29 4824
47e45e44 482520000116
4826 - Renamed --with-xauth-path to --with-xauth
4827 - Added --with-pid-dir option
4828 - Released 1.2.1pre26
4829
a82ef8ae 4830 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
bcbf86ec 4831 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
66be05a1 4832 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
a82ef8ae 4833
5cdfe03f 483420000115
4835 - Add --with-xauth-path configure directive and explicit test for
bcbf86ec 4836 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
5cdfe03f 4837 Nordby <anders@fix.no>
bcbf86ec 4838 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
5cdfe03f 4839 openpty. Report from John Seifarth <john@waw.be>
4840 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
bcbf86ec 4841 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
5cdfe03f 4842 <gem@rellim.com>
4843 - Use __snprintf and __vnsprintf if they are found where snprintf and
4844 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
4845 and others.
4846
48e671d5 484720000114
4848 - Merged OpenBSD IPv6 patch:
4849 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
4850 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
4851 [hostfile.c sshd_config]
4852 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
bcbf86ec 4853 features: sshd allows multiple ListenAddress and Port options. note
4854 that libwrap is not IPv6-ready. (based on patches from
48e671d5 4855 fujiwara@rcac.tdi.co.jp)
4856 - [ssh.c canohost.c]
bcbf86ec 4857 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
48e671d5 4858 from itojun@
4859 - [channels.c]
4860 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
4861 - [packet.h]
4862 allow auth-kerberos for IPv4 only
4863 - [scp.1 sshd.8 servconf.h scp.c]
4864 document -4, -6, and 'ssh -L 2022/::1/22'
4865 - [ssh.c]
bcbf86ec 4866 'ssh @host' is illegal (null user name), from
48e671d5 4867 karsten@gedankenpolizei.de
4868 - [sshconnect.c]
4869 better error message
4870 - [sshd.c]
4871 allow auth-kerberos for IPv4 only
4872 - Big IPv6 merge:
4873 - Cleanup overrun in sockaddr copying on RHL 6.1
4874 - Replacements for getaddrinfo, getnameinfo, etc based on versions
4875 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
4876 - Replacement for missing structures on systems that lack IPv6
4877 - record_login needed to know about AF_INET6 addresses
4878 - Borrowed more code from OpenBSD: rresvport_af and requisites
4879
2598df62 488020000110
4881 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
4882
b8a0310d 488320000107
4884 - New config.sub and config.guess to fix problems on SCO. Supplied
4885 by Gary E. Miller <gem@rellim.com>
b6a98a85 4886 - SCO build fix from Gary E. Miller <gem@rellim.com>
2598df62 4887 - Released 1.2.1pre25
b8a0310d 4888
dfb95100 488920000106
4890 - Documentation update & cleanup
4891 - Better KrbIV / AFS detection, based on patch from:
4892 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
4893
b9795b89 489420000105
bcbf86ec 4895 - Fixed annoying DES corruption problem. libcrypt has been
b9795b89 4896 overriding symbols in libcrypto. Removed libcrypt and crypt.h
4897 altogether (libcrypto includes its own crypt(1) replacement)
4898 - Added platform-specific rules for Irix 6.x. Included warning that
4899 they are untested.
4900
a1ec4d79 490120000103
4902 - Add explicit make rules for files proccessed by fixpaths.
61e96248 4903 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
a1ec4d79 4904 <tnh@kondara.org>
bcbf86ec 4905 - Removed "nullok" directive from default PAM configuration files.
4906 Added information on enabling EmptyPasswords on openssh+PAM in
607d73e6 4907 UPGRADING file.
e02735bb 4908 - OpenBSD CVS updates
4909 - [ssh-agent.c]
bcbf86ec 4910 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
e02735bb 4911 dgaudet@arctic.org
4912 - [sshconnect.c]
4913 compare correct version for 1.3 compat mode
a1ec4d79 4914
93c7f644 491520000102
4916 - Prevent multiple inclusion of config.h and defines.h. Suggested
4917 by Andre Lucas <andre.lucas@dial.pipex.com>
4918 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
4919 <dgaudet@arctic.org>
4920
76b8607f 492119991231
bcbf86ec 4922 - Fix password support on systems with a mixture of shadowed and
4923 non-shadowed passwords (e.g. NIS). Report and fix from
76b8607f 4924 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 4925 - Fix broken autoconf typedef detection. Report from Marc G.
723221b5 4926 Fournier <marc.fournier@acadiau.ca>
b92964b7 4927 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
4928 <Franz.Sirl-kernel@lauterbach.com>
bcbf86ec 4929 - Prevent typedefs from being compiled more than once. Report from
a6ddc88b 4930 Marc G. Fournier <marc.fournier@acadiau.ca>
4811cc0b 4931 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
4932 <iretd@bigfoot.com>
bcbf86ec 4933 - Really fix broken default path. Fix from Jim Knoble
986a22ec 4934 <jmknoble@jmknoble.cx>
ae3a3d31 4935 - Remove test for quad_t. No longer needed.
76a8e733 4936 - Released 1.2.1pre24
4937
4938 - Added support for directory-based lastlogs
4939 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
76b8607f 4940
13f825f4 494119991230
4942 - OpenBSD CVS updates:
4943 - [auth-passwd.c]
4944 check for NULL 1st
bcbf86ec 4945 - Removed most of the pam code into its own file auth-pam.[ch]. This
a5c9cd31 4946 cleaned up sshd.c up significantly.
bcbf86ec 4947 - PAM authentication was incorrectly interpreting
76b8607f 4948 "PermitRootLogin without-password". Report from Matthias Andree
4949 <ma@dt.e-technik.uni-dortmund.de
a5c9cd31 4950 - Several other cleanups
0bc5b6fb 4951 - Merged Dante SOCKS support patch from David Rankin
4952 <drankin@bohemians.lexington.ky.us>
4953 - Updated documentation with ./configure options
76b8607f 4954 - Released 1.2.1pre23
13f825f4 4955
c73a0cb5 495619991229
bcbf86ec 4957 - Applied another NetBSD portability patch from David Rankin
c73a0cb5 4958 <drankin@bohemians.lexington.ky.us>
4959 - Fix --with-default-path option.
bcbf86ec 4960 - Autodetect perl, patch from David Rankin
a0f84251 4961 <drankin@bohemians.lexington.ky.us>
bcbf86ec 4962 - Print whether OpenSSH was compiled with RSARef, patch from
0a2ff95d 4963 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
bcbf86ec 4964 - Calls to pam_setcred, patch from Nalin Dahyabhai
f91bacbd 4965 <nalin@thermo.stat.ncsu.edu>
e3a93db0 4966 - Detect missing size_t and typedef it.
5ab44a92 4967 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
4968 - Minor Makefile cleaning
c73a0cb5 4969
b6019d68 497019991228
4971 - Replacement for getpagesize() for systems which lack it
bcbf86ec 4972 - NetBSD login.c compile fix from David Rankin
70e0115b 4973 <drankin@bohemians.lexington.ky.us>
4974 - Fully set ut_tv if present in utmp or utmpx
d94aa2ae 4975 - Portability fixes for Irix 5.3 (now compiles OK!)
4976 - autoconf and other misc cleanups
ea1970a3 4977 - Merged AIX patch from Darren Hall <dhall@virage.org>
4978 - Cleaned up defines.h
fa9a2dd6 4979 - Released 1.2.1pre22
b6019d68 4980
d2dcff5f 498119991227
4982 - Automatically correct paths in manpages and configuration files. Patch
4983 and script from Andre Lucas <andre.lucas@dial.pipex.com>
4984 - Removed credits from README to CREDITS file, updated.
cb807f40 4985 - Added --with-default-path to specify custom path for server
4986 - Removed #ifdef trickery from acconfig.h into defines.h
36a5b38e 4987 - PAM bugfix. PermitEmptyPassword was being ignored.
4988 - Fixed PAM config files to allow empty passwords if server does.
4989 - Explained spurious PAM auth warning workaround in UPGRADING
21feb5fa 4990 - Use last few chars of tty line as ut_id
5a7794be 4991 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
00e6dd70 4992 - OpenBSD CVS updates:
4993 - [packet.h auth-rhosts.c]
4994 check format string for packet_disconnect and packet_send_debug, too
4995 - [channels.c]
4996 use packet_get_maxsize for channels. consistence.
d2dcff5f 4997
f74efc8d 499819991226
4999 - Enabled utmpx support by default for Solaris
5000 - Cleanup sshd.c PAM a little more
986a22ec 5001 - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
bc7ea646 5002 X11 ssh-askpass program.
20c43d8c 5003 - Disable logging of PAM success and failures, PAM is verbose enough.
bcbf86ec 5004 Unfortunatly there is currently no way to disable auth failure
5005 messages. Mention this in UPGRADING file and sent message to PAM
20c43d8c 5006 developers
83b7f649 5007 - OpenBSD CVS update:
5008 - [ssh-keygen.1 ssh.1]
bcbf86ec 5009 remove ref to .ssh/random_seed, mention .ssh/environment in
83b7f649 5010 .Sh FILES, too
72251cb6 5011 - Released 1.2.1pre21
bcbf86ec 5012 - Fixed implicit '.' in default path, report from Jim Knoble
986a22ec 5013 <jmknoble@jmknoble.cx>
5014 - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
f74efc8d 5015
f498ed15 501619991225
5017 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
5018 - Cleanup of auth-passwd.c for shadow and MD5 passwords
5019 - Cleanup and bugfix of PAM authentication code
f74efc8d 5020 - Released 1.2.1pre20
5021
5022 - Merged fixes from Ben Taylor <bent@clark.net>
5023 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
5024 - Disabled logging of PAM password authentication failures when password
5025 is empty. (e.g start of authentication loop). Reported by Naz
5026 <96na@eng.cam.ac.uk>)
f498ed15 5027
502819991223
bcbf86ec 5029 - Merged later HPUX patch from Andre Lucas
f498ed15 5030 <andre.lucas@dial.pipex.com>
5031 - Above patch included better utmpx support from Ben Taylor
f74efc8d 5032 <bent@clark.net>
f498ed15 5033
eef6f7e9 503419991222
bcbf86ec 5035 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
eef6f7e9 5036 <pope@netguide.dk>
ae28776a 5037 - Fix login.c breakage on systems which lack ut_host in struct
5038 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
eef6f7e9 5039
a7effaac 504019991221
bcbf86ec 5041 - Integration of large HPUX patch from Andre Lucas
5042 <andre.lucas@dial.pipex.com>. Integrating it had a few other
a7effaac 5043 benefits:
5044 - Ability to disable shadow passwords at configure time
5045 - Ability to disable lastlog support at configure time
5046 - Support for IP address in $DISPLAY
ae2f7af7 5047 - OpenBSD CVS update:
5048 - [sshconnect.c]
5049 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
59dd7a31 5050 - Fix DISABLE_SHADOW support
5051 - Allow MD5 passwords even if shadow passwords are disabled
16034de9 5052 - Release 1.2.1pre19
a7effaac 5053
3f1d9bcd 505419991218
bcbf86ec 5055 - Redhat init script patch from Chun-Chung Chen
3f1d9bcd 5056 <cjj@u.washington.edu>
7e1c2490 5057 - Avoid breakage on systems without IPv6 headers
3f1d9bcd 5058
60d804c8 505919991216
bcbf86ec 5060 - Makefile changes for Solaris from Peter Kocks
60d804c8 5061 <peter.kocks@baygate.com>
89cafde6 5062 - Minor updates to docs
5063 - Merged OpenBSD CVS changes:
5064 - [authfd.c ssh-agent.c]
5065 keysize warnings talk about identity files
5066 - [packet.c]
5067 "Connection closed by x.x.x.x": fatal() -> log()
bcbf86ec 5068 - Correctly handle empty passwords in shadow file. Patch from:
c9d323f0 5069 "Chris, the Young One" <cky@pobox.com>
5070 - Released 1.2.1pre18
60d804c8 5071
7dc6fc6d 507219991215
5073 - Integrated patchs from Juergen Keil <jk@tools.de>
5074 - Avoid void* pointer arithmatic
5075 - Use LDFLAGS correctly
68227e6d 5076 - Fix SIGIO error in scp
5077 - Simplify status line printing in scp
61e96248 5078 - Added better test for inline functions compiler support from
906a2515 5079 Darren_Hall@progressive.com
7dc6fc6d 5080
95f1eccc 508119991214
5082 - OpenBSD CVS Changes
5083 - [canohost.c]
bcbf86ec 5084 fix get_remote_port() and friends for sshd -i;
95f1eccc 5085 Holger.Trapp@Informatik.TU-Chemnitz.DE
5086 - [mpaux.c]
5087 make code simpler. no need for memcpy. niels@ ok
5088 - [pty.c]
5089 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
5090 fix proto; markus
5091 - [ssh.1]
5092 typo; mark.baushke@solipsa.com
5093 - [channels.c ssh.c ssh.h sshd.c]
5094 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
5095 - [sshconnect.c]
5096 move checking of hostkey into own function.
5097 - [version.h]
5098 OpenSSH-1.2.1
884bcb37 5099 - Clean up broken includes in pty.c
7303768f 5100 - Some older systems don't have poll.h, they use sys/poll.h instead
5101 - Doc updates
95f1eccc 5102
847e8865 510319991211
bcbf86ec 5104 - Fix compilation on systems with AFS. Reported by
847e8865 5105 aloomis@glue.umd.edu
bcbf86ec 5106 - Fix installation on Solaris. Reported by
847e8865 5107 Gordon Rowell <gordonr@gormand.com.au>
5108 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
5109 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
5110 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
5111 - Compile fix from David Agraz <dagraz@jahoopa.com>
5112 - Avoid compiler warning in bsd-snprintf.c
bcbf86ec 5113 - Added pam_limits.so to default PAM config. Suggested by
986a22ec 5114 Jim Knoble <jmknoble@jmknoble.cx>
847e8865 5115
8946db53 511619991209
5117 - Import of patch from Ben Taylor <bent@clark.net>:
5118 - Improved PAM support
5119 - "uninstall" rule for Makefile
5120 - utmpx support
5121 - Should fix PAM problems on Solaris
2d86a6cc 5122 - OpenBSD CVS updates:
5123 - [readpass.c]
5124 avoid stdio; based on work by markus, millert, and I
5125 - [sshd.c]
5126 make sure the client selects a supported cipher
5127 - [sshd.c]
bcbf86ec 5128 fix sighup handling. accept would just restart and daemon handled
5129 sighup only after the next connection was accepted. use poll on
2d86a6cc 5130 listen sock now.
5131 - [sshd.c]
5132 make that a fatal
87e91331 5133 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
5134 to fix libwrap support on NetBSD
5001b9e4 5135 - Released 1.2pre17
8946db53 5136
6d8c4ea4 513719991208
bcbf86ec 5138 - Compile fix for Solaris with /dev/ptmx from
6d8c4ea4 5139 David Agraz <dagraz@jahoopa.com>
5140
4285816a 514119991207
986a22ec 5142 - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
4285816a 5143 fixes compatability with 4.x and 5.x
db28aeb5 5144 - Fixed default SSH_ASKPASS
bcbf86ec 5145 - Fix PAM account and session being called multiple times. Problem
d465f2ca 5146 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
a408af76 5147 - Merged more OpenBSD changes:
5148 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
bcbf86ec 5149 move atomicio into it's own file. wrap all socket write()s which
a408af76 5150 were doing write(sock, buf, len) != len, with atomicio() calls.
5151 - [auth-skey.c]
5152 fd leak
5153 - [authfile.c]
5154 properly name fd variable
5155 - [channels.c]
5156 display great hatred towards strcpy
5157 - [pty.c pty.h sshd.c]
5158 use openpty() if it exists (it does on BSD4_4)
5159 - [tildexpand.c]
5160 check for ~ expansion past MAXPATHLEN
5161 - Modified helper.c to use new atomicio function.
5162 - Reformat Makefile a little
5163 - Moved RC4 routines from rc4.[ch] into helper.c
5164 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
9983a8ca 5165 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
5166 - Tweaked Redhat spec
9158d92f 5167 - Clean up bad imports of a few files (forgot -kb)
5168 - Released 1.2pre16
4285816a 5169
9c7b6dfd 517019991204
5171 - Small cleanup of PAM code in sshd.c
57112b5a 5172 - Merged OpenBSD CVS changes:
5173 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
5174 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
5175 - [auth-rsa.c]
5176 warn only about mismatch if key is _used_
5177 warn about keysize-mismatch with log() not error()
5178 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
5179 ports are u_short
5180 - [hostfile.c]
5181 indent, shorter warning
5182 - [nchan.c]
5183 use error() for internal errors
5184 - [packet.c]
5185 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
5186 serverloop.c
5187 indent
5188 - [ssh-add.1 ssh-add.c ssh.h]
5189 document $SSH_ASKPASS, reasonable default
5190 - [ssh.1]
5191 CheckHostIP is not available for connects via proxy command
5192 - [sshconnect.c]
5193 typo
5194 easier to read client code for passwd and skey auth
5195 turn of checkhostip for proxy connects, since we don't know the remote ip
9c7b6dfd 5196
dad3b556 519719991126
5198 - Add definition for __P()
5199 - Added [v]snprintf() replacement for systems that lack it
5200
0ce43ae4 520119991125
5202 - More reformatting merged from OpenBSD CVS
5203 - Merged OpenBSD CVS changes:
5204 - [channels.c]
5205 fix packet_integrity_check() for !have_hostname_in_open.
5206 report from mrwizard@psu.edu via djm@ibs.com.au
5207 - [channels.c]
5208 set SO_REUSEADDR and SO_LINGER for forwarded ports.
5209 chip@valinux.com via damien@ibs.com.au
5210 - [nchan.c]
5211 it's not an error() if shutdown_write failes in nchan.
5212 - [readconf.c]
5213 remove dead #ifdef-0-code
5214 - [readconf.c servconf.c]
5215 strcasecmp instead of tolower
5216 - [scp.c]
5217 progress meter overflow fix from damien@ibs.com.au
5218 - [ssh-add.1 ssh-add.c]
5219 SSH_ASKPASS support
5220 - [ssh.1 ssh.c]
5221 postpone fork_after_authentication until command execution,
5222 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
5223 plus: use daemon() for backgrounding
cf8dd513 5224 - Added BSD compatible install program and autoconf test, thanks to
5225 Niels Kristian Bech Jensen <nkbj@image.dk>
5226 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
09041313 5227 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
3dbefdb8 5228 - Release 1.2pre15
0ce43ae4 5229
5260325f 523019991124
5231 - Merged very large OpenBSD source code reformat
5232 - OpenBSD CVS updates
5233 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
5234 [ssh.h sshd.8 sshd.c]
5235 syslog changes:
5236 * Unified Logmessage for all auth-types, for success and for failed
5237 * Standard connections get only ONE line in the LOG when level==LOG:
5238 Auth-attempts are logged only, if authentication is:
5239 a) successfull or
5240 b) with passwd or
5241 c) we had more than AUTH_FAIL_LOG failues
5242 * many log() became verbose()
5243 * old behaviour with level=VERBOSE
5244 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
5245 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
5246 messages. allows use of s/key in windows (ttssh, securecrt) and
5247 ssh-1.2.27 clients without 'ssh -v', ok: niels@
5248 - [sshd.8]
5249 -V, for fallback to openssh in SSH2 compatibility mode
5250 - [sshd.c]
5251 fix sigchld race; cjc5@po.cwru.edu
5252
4655fe80 525319991123
5254 - Added SuSE package files from Chris Saia <csaia@wtower.com>
8b241e50 5255 - Restructured package-related files under packages/*
4655fe80 5256 - Added generic PAM config
8b241e50 5257 - Numerous little Solaris fixes
9c08d6ce 5258 - Add recommendation to use GNU make to INSTALL document
4655fe80 5259
60bed5fd 526019991122
5261 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
2f2cc3f9 5262 - OpenBSD CVS Changes
bcbf86ec 5263 - [ssh-keygen.c]
5264 don't create ~/.ssh only if the user wants to store the private
5265 key there. show fingerprint instead of public-key after
2f2cc3f9 5266 keygeneration. ok niels@
b09a984b 5267 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
96ad4350 5268 - Added timersub() macro
b09a984b 5269 - Tidy RCSIDs of bsd-*.c
bcbf86ec 5270 - Added autoconf test and macro to deal with old PAM libraries
96ad4350 5271 pam_strerror definition (one arg vs two).
530f1889 5272 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
bcbf86ec 5273 - Retry /dev/urandom reads interrupted by signal (report from
530f1889 5274 Robert Hardy <rhardy@webcon.net>)
1647c2b5 5275 - Added a setenv replacement for systems which lack it
d84a9a44 5276 - Only display public key comment when presenting ssh-askpass dialog
5277 - Released 1.2pre14
60bed5fd 5278
bcbf86ec 5279 - Configure, Make and changelog corrections from Tudor Bosman
2ddcfdf3 5280 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
5281
9d6b7add 528219991121
2f2cc3f9 5283 - OpenBSD CVS Changes:
60bed5fd 5284 - [channels.c]
5285 make this compile, bad markus
5286 - [log.c readconf.c servconf.c ssh.h]
5287 bugfix: loglevels are per host in clientconfig,
5288 factor out common log-level parsing code.
5289 - [servconf.c]
5290 remove unused index (-Wall)
5291 - [ssh-agent.c]
5292 only one 'extern char *__progname'
5293 - [sshd.8]
5294 document SIGHUP, -Q to synopsis
5295 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
5296 [channels.c clientloop.c]
5297 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
5298 [hope this time my ISP stays alive during commit]
5299 - [OVERVIEW README] typos; green@freebsd
5300 - [ssh-keygen.c]
5301 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
5302 exit if writing the key fails (no infinit loop)
5303 print usage() everytime we get bad options
5304 - [ssh-keygen.c] overflow, djm@mindrot.org
5305 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
61e96248 5306
2b942fe0 530719991120
bcbf86ec 5308 - Merged more Solaris support from Marc G. Fournier
2b942fe0 5309 <marc.fournier@acadiau.ca>
5310 - Wrote autoconf tests for integer bit-types
5311 - Fixed enabling kerberos support
bcbf86ec 5312 - Fix segfault in ssh-keygen caused by buffer overrun in filename
13c36c4c 5313 handling.
2b942fe0 5314
06479889 531519991119
5316 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
2ad77510 5317 - Merged OpenBSD CVS changes
5318 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
5319 more %d vs. %s in fmt-strings
5320 - [authfd.c]
5321 Integers should not be printed with %s
7b1cc56c 5322 - EGD uses a socket, not a named pipe. Duh.
5323 - Fix includes in fingerprint.c
29dbde15 5324 - Fix scp progress bar bug again.
bcbf86ec 5325 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
736890c4 5326 David Rankin <drankin@bohemians.lexington.ky.us>
91b8065d 5327 - Added autoconf option to enable Kerberos 4 support (untested)
5328 - Added autoconf option to enable AFS support (untested)
5329 - Added autoconf option to enable S/Key support (untested)
5330 - Added autoconf option to enable TCP wrappers support (compiles OK)
beb43d31 5331 - Renamed BSD helper function files to bsd-*
bcbf86ec 5332 - Added tests for login and daemon and enable OpenBSD replacements for
caf3bc51 5333 when they are absent.
5334 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
06479889 5335
2bd61362 533619991118
5337 - Merged OpenBSD CVS changes
5338 - [scp.c] foregroundproc() in scp
5339 - [sshconnect.h] include fingerprint.h
bcbf86ec 5340 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
2bd61362 5341 changes.
0c16a097 5342 - [ssh.1] Spell my name right.
2bd61362 5343 - Added openssh.com info to README
5344
f095fcc7 534519991117
5346 - Merged OpenBSD CVS changes
5347 - [ChangeLog.Ylonen] noone needs this anymore
5348 - [authfd.c] close-on-exec for auth-socket, ok deraadt
bcbf86ec 5349 - [hostfile.c]
5350 in known_hosts key lookup the entry for the bits does not need
5351 to match, all the information is contained in n and e. This
5352 solves the problem with buggy servers announcing the wrong
f095fcc7 5353 modulus length. markus and me.
bcbf86ec 5354 - [serverloop.c]
5355 bugfix: check for space if child has terminated, from:
f095fcc7 5356 iedowse@maths.tcd.ie
5357 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
5358 [fingerprint.c fingerprint.h]
5359 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
5360 - [ssh-agent.1] typo
5361 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
bcbf86ec 5362 - [sshd.c]
f095fcc7 5363 force logging to stderr while loading private key file
5364 (lost while converting to new log-levels)
5365
4d195447 536619991116
5367 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
5368 - Merged OpenBSD CVS changes:
5369 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
5370 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
5371 the keysize of rsa-parameter 'n' is passed implizit,
5372 a few more checks and warnings about 'pretended' keysizes.
5373 - [cipher.c cipher.h packet.c packet.h sshd.c]
5374 remove support for cipher RC4
5375 - [ssh.c]
5376 a note for legay systems about secuity issues with permanently_set_uid(),
5377 the private hostkey and ptrace()
5378 - [sshconnect.c]
5379 more detailed messages about adding and checking hostkeys
5380
dad9a31e 538119991115
5382 - Merged OpenBSD CVS changes:
bcbf86ec 5383 - [ssh-add.c] change passphrase loop logic and remove ref to
dad9a31e 5384 $DISPLAY, ok niels
5385 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
bcbf86ec 5386 modular.
dad9a31e 5387 - Revised autoconf support for enabling/disabling askpass support.
e7c0f9d5 5388 - Merged more OpenBSD CVS changes:
704b1659 5389 [auth-krb4.c]
5390 - disconnect if getpeername() fails
5391 - missing xfree(*client)
5392 [canohost.c]
5393 - disconnect if getpeername() fails
5394 - fix comment: we _do_ disconnect if ip-options are set
5395 [sshd.c]
5396 - disconnect if getpeername() fails
5397 - move checking of remote port to central place
5398 [auth-rhosts.c] move checking of remote port to central place
5399 [log-server.c] avoid extra fd per sshd, from millert@
5400 [readconf.c] print _all_ bad config-options in ssh(1), too
5401 [readconf.h] print _all_ bad config-options in ssh(1), too
5402 [ssh.c] print _all_ bad config-options in ssh(1), too
5403 [sshconnect.c] disconnect if getpeername() fails
e7c0f9d5 5404 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
c75a1a66 5405 - Various small cleanups to bring diff (against OpenBSD) size down.
f601d847 5406 - Merged more Solaris compability from Marc G. Fournier
5407 <marc.fournier@acadiau.ca>
5408 - Wrote autoconf tests for __progname symbol
986a22ec 5409 - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
0c372277 5410 - Released 1.2pre12
5411
5412 - Another OpenBSD CVS update:
5413 - [ssh-keygen.1] fix .Xr
dad9a31e 5414
92da7197 541519991114
5416 - Solaris compilation fixes (still imcomplete)
5417
94f7bb9e 541819991113
dd092f97 5419 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
5420 - Don't install config files if they already exist
5421 - Fix inclusion of additional preprocessor directives from acconfig.h
94f7bb9e 5422 - Removed redundant inclusions of config.h
e9c75a39 5423 - Added 'Obsoletes' lines to RPM spec file
94f7bb9e 5424 - Merged OpenBSD CVS changes:
5425 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
bcbf86ec 5426 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
94f7bb9e 5427 totalsize, ok niels,aaron
bcbf86ec 5428 - Delay fork (-f option) in ssh until after port forwarded connections
94f7bb9e 5429 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
b2344d54 5430 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
5431 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
dd092f97 5432 - Tidied default config file some more
5433 - Revised Redhat initscript to fix bug: sshd (re)start would fail
5434 if executed from inside a ssh login.
94f7bb9e 5435
e35c1dc2 543619991112
5437 - Merged changes from OpenBSD CVS
5438 - [sshd.c] session_key_int may be zero
b4748e2f 5439 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
bcbf86ec 5440 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
b4748e2f 5441 deraadt,millert
5442 - Brought default sshd_config more in line with OpenBSD's
547c9f30 5443 - Grab server in gnome-ssh-askpass (Debian bug #49872)
5444 - Released 1.2pre10
e35c1dc2 5445
8bc7973f 5446 - Added INSTALL documentation
6fa724bc 5447 - Merged yet more changes from OpenBSD CVS
5448 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
5449 [ssh.c ssh.h sshconnect.c sshd.c]
5450 make all access to options via 'extern Options options'
5451 and 'extern ServerOptions options' respectively;
5452 options are no longer passed as arguments:
5453 * make options handling more consistent
5454 * remove #include "readconf.h" from ssh.h
5455 * readconf.h is only included if necessary
5456 - [mpaux.c] clear temp buffer
5457 - [servconf.c] print _all_ bad options found in configfile
045672f9 5458 - Make ssh-askpass support optional through autoconf
59b0f0d4 5459 - Fix nasty division-by-zero error in scp.c
5460 - Released 1.2pre11
8bc7973f 5461
4cca272e 546219991111
5463 - Added (untested) Entropy Gathering Daemon (EGD) support
67d68e3a 5464 - Fixed /dev/urandom fd leak (Debian bug #49722)
5bbb5681 5465 - Merged OpenBSD CVS changes:
5466 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
5467 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
5468 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
bcbf86ec 5469 - Fix integer overflow which was messing up scp's progress bar for large
3f1d9bcd 5470 file transfers. Fix submitted to OpenBSD developers. Report and fix
5471 from Kees Cook <cook@cpoint.net>
6a17f9c2 5472 - Merged more OpenBSD CVS changes:
bcbf86ec 5473 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
6a17f9c2 5474 + krb-cleanup cleanup
5475 - [clientloop.c log-client.c log-server.c ]
5476 [readconf.c readconf.h servconf.c servconf.h ]
5477 [ssh.1 ssh.c ssh.h sshd.8]
5478 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
5479 obsoletes QuietMode and FascistLogging in sshd.
e35c1dc2 5480 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
5481 allow session_key_int != sizeof(session_key)
5482 [this should fix the pre-assert-removal-core-files]
5483 - Updated default config file to use new LogLevel option and to improve
5484 readability
5485
f370266e 548619991110
67d68e3a 5487 - Merged several minor fixes:
f370266e 5488 - ssh-agent commandline parsing
5489 - RPM spec file now installs ssh setuid root
5490 - Makefile creates libdir
4cca272e 5491 - Merged beginnings of Solaris compability from Marc G. Fournier
5492 <marc.fournier@acadiau.ca>
f370266e 5493
d4f11b59 549419991109
5495 - Autodetection of SSL/Crypto library location via autoconf
5496 - Fixed location of ssh-askpass to follow autoconf
5497 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
5498 - Autodetection of RSAref library for US users
5499 - Minor doc updates
560557bb 5500 - Merged OpenBSD CVS changes:
5501 - [rsa.c] bugfix: use correct size for memset()
5502 - [sshconnect.c] warn if announced size of modulus 'n' != real size
f025becb 5503 - Added GNOME passphrase requestor (use --with-gnome-askpass)
d397b172 5504 - RPM build now creates subpackages
aa51e7cc 5505 - Released 1.2pre9
d4f11b59 5506
e1a9c08d 550719991108
5508 - Removed debian/ directory. This is now being maintained separately.
5509 - Added symlinks for slogin in RPM spec file
5510 - Fixed permissions on manpages in RPM spec file
5511 - Added references to required libraries in README file
5512 - Removed config.h.in from CVS
5513 - Removed pwdb support (better pluggable auth is provided by glibc)
5514 - Made PAM and requisite libdl optional
5515 - Removed lots of unnecessary checks from autoconf
5516 - Added support and autoconf test for openpty() function (Unix98 pty support)
5517 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
5518 - Added TODO file
5519 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
5520 - Added ssh-askpass program
5521 - Added ssh-askpass support to ssh-add.c
5522 - Create symlinks for slogin on install
5523 - Fix "distclean" target in makefile
5524 - Added example for ssh-agent to manpage
5525 - Added support for PAM_TEXT_INFO messages
5526 - Disable internal /etc/nologin support if PAM enabled
5527 - Merged latest OpenBSD CVS changes:
5bae4ab8 5528 - [all] replace assert() with error, fatal or packet_disconnect
e1a9c08d 5529 - [sshd.c] don't send fail-msg but disconnect if too many authentication
5530 failures
e1a9c08d 5531 - [sshd.c] remove unused argument. ok dugsong
5532 - [sshd.c] typo
5533 - [rsa.c] clear buffers used for encryption. ok: niels
5534 - [rsa.c] replace assert() with error, fatal or packet_disconnect
ade6fccd 5535 - [auth-krb4.c] remove unused argument. ok dugsong
e1a9c08d 5536 - Fixed coredump after merge of OpenBSD rsa.c patch
9010d60a 5537 - Released 1.2pre8
e1a9c08d 5538
3028328e 553919991102
5540 - Merged change from OpenBSD CVS
5541 - One-line cleanup in sshd.c
5542
474832c5 554319991030
5544 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
69256d9d 5545 - Merged latest updates for OpenBSD CVS:
5546 - channels.[ch] - remove broken x11 fix and document istate/ostate
5547 - ssh-agent.c - call setsid() regardless of argv[]
5548 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
5549 - Documentation cleanups
5550 - Renamed README -> README.Ylonen
5551 - Renamed README.openssh ->README
474832c5 5552
339660f6 555319991029
5554 - Renamed openssh* back to ssh* at request of Theo de Raadt
5555 - Incorporated latest changes from OpenBSD's CVS
5556 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
5557 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
549b3eed 5558 - Make distclean now removed configure script
5559 - Improved PAM logging
5560 - Added some debug() calls for PAM
4ecd19ea 5561 - Removed redundant subdirectories
bcbf86ec 5562 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
4ecd19ea 5563 building on Debian.
242588e6 5564 - Fixed off-by-one error in PAM env patch
5565 - Released 1.2pre6
339660f6 5566
5881cd60 556719991028
5568 - Further PAM enhancements.
5569 - Much cleaner
5570 - Now uses account and session modules for all logins.
5571 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
5572 - Build fixes
5573 - Autoconf
5574 - Change binary names to open*
5575 - Fixed autoconf script to detect PAM on RH6.1
5576 - Added tests for libpwdb, and OpenBSD functions to autoconf
221395b3 5577 - Released 1.2pre4
fca82d2e 5578
5579 - Imported latest OpenBSD CVS code
5580 - Updated README.openssh
93f04616 5581 - Released 1.2pre5
fca82d2e 5582
5881cd60 558319991027
5584 - Adapted PAM patch.
5585 - Released 1.0pre2
5586
5587 - Excised my buggy replacements for strlcpy and mkdtemp
5588 - Imported correct OpenBSD strlcpy and mkdtemp routines.
5589 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
5590 - Picked up correct version number from OpenBSD
5591 - Added sshd.pam PAM configuration file
5592 - Added sshd.init Redhat init script
5593 - Added openssh.spec RPM spec file
5594 - Released 1.2pre3
5595
559619991026
5597 - Fixed include paths of OpenSSL functions
5598 - Use OpenSSL MD5 routines
5599 - Imported RC4 code from nanocrypt
5600 - Wrote replacements for OpenBSD arc4random* functions
5601 - Wrote replacements for strlcpy and mkdtemp
5602 - Released 1.0pre1
0b202697 5603
5604$Id$
git-cvsimport mirror of OpenSSH
This page took 4.293168 seconds and 5 git commands to generate.