]>
Commit | Line | Data |
---|---|---|
32c80420 | 1 | 20000609 |
2 | - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage | |
3 | (in favour of utmpx) on Solaris 8 | |
4 | ||
fa649821 | 5 | 20000606 |
48c99b2c | 6 | - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through |
7 | list of commands (by default). Removed verbose debugging (by default). | |
8 | - (djm) Increased command entropy estimates and default entropy collection | |
9 | timeout | |
f988dce5 | 10 | - (djm) Remove duplicate headers from loginrec.c |
c5fa2eb0 | 11 | - (djm) Don't add /usr/local/lib to library search path on Irix |
fa649821 | 12 | - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III |
13 | <tibbs@math.uh.edu> | |
1e83f2a2 | 14 | - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg |
15 | <zack@wolery.cumb.org> | |
fa649821 | 16 | - (djm) OpenBSD CVS updates: |
17 | - todd@cvs.openbsd.org | |
18 | [sshconnect2.c] | |
19 | teach protocol v2 to count login failures properly and also enable an | |
20 | explanation of why the password prompt comes up again like v1; this is NOT | |
21 | crypto | |
22 | - markus@cvs.openbsd.org | |
23 | [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] | |
24 | xauth_location support; pr 1234 | |
25 | [readconf.c sshconnect2.c] | |
26 | typo, unused | |
27 | [session.c] | |
28 | allow use_login only for login sessions, otherwise remote commands are | |
29 | execed with uid==0 | |
30 | [sshd.8] | |
31 | document UseLogin better | |
32 | [version.h] | |
33 | OpenSSH 2.1.1 | |
34 | [auth-rsa.c] | |
35 | fix match_hostname() logic for auth-rsa: deny access if we have a | |
36 | negative match or no match at all | |
37 | [channels.c hostfile.c match.c] | |
38 | don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via | |
39 | kris@FreeBSD.org | |
40 | ||
8e7b16f8 | 41 | 20000606 |
42 | - (djm) Added --with-cflags, --with-ldflags and --with-libs options to | |
43 | configure. | |
44 | ||
d7c0f3d5 | 45 | 20000604 |
46 | - Configure tweaking for new login code on Irix 5.3 | |
2d6c411f | 47 | - (andre) login code changes based on djm feedback |
d7c0f3d5 | 48 | |
2d6c411f | 49 | 20000603 |
50 | - (andre) New login code | |
51 | - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c | |
52 | - Add loginrec.[ch], logintest.c and autoconf code | |
53 | ||
5daf7064 | 54 | 20000531 |
55 | - Cleanup of auth.c, login.c and fake-* | |
56 | - Cleanup of auth-pam.c, save and print "account expired" error messages | |
e5662474 | 57 | - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> |
69134b9b | 58 | - Rewrote bsd-login to use proper utmp API if available. Major cleanup |
59 | of fallback DIY code. | |
5daf7064 | 60 | |
b9f446d1 | 61 | 20000530 |
62 | - Define atexit for old Solaris | |
b02ebca1 | 63 | - Fix buffer overrun in login.c for systems which use syslen in utmpx. |
64 | patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp> | |
71276795 | 65 | - OpenBSD CVS updates: |
66 | - markus@cvs.openbsd.org | |
67 | [session.c] | |
68 | make x11-fwd work w/ localhost (xauth add host/unix:11) | |
69 | [cipher.c compat.c readconf.c servconf.c] | |
70 | check strtok() != NULL; ok niels@ | |
71 | [key.c] | |
72 | fix key_read() for uuencoded keys w/o '=' | |
73 | [serverloop.c] | |
74 | group ssh1 vs. ssh2 in serverloop | |
75 | [kex.c kex.h myproposal.h sshconnect2.c sshd.c] | |
76 | split kexinit/kexdh, factor out common code | |
77 | [readconf.c ssh.1 ssh.c] | |
78 | forwardagent defaults to no, add ssh -A | |
79 | - theo@cvs.openbsd.org | |
80 | [session.c] | |
81 | just some line shortening | |
60688ef9 | 82 | - Released 2.1.0p3 |
b9f446d1 | 83 | |
29611d9c | 84 | 20000520 |
85 | - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de> | |
25422c70 | 86 | - Don't touch utmp if USE_UTMPX defined |
a423beaf | 87 | - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com> |
fc1e8bf4 | 88 | - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com> |
89 | - HPUX and Configure fixes from Lutz Jaenicke | |
90 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> | |
91 | - Use mkinstalldirs script to make directories instead of non-portable | |
92 | "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> | |
a905808d | 93 | - Doc cleanup |
29611d9c | 94 | |
301e9b01 | 95 | 20000518 |
96 | - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday | |
97 | - OpenBSD CVS updates: | |
98 | - markus@cvs.openbsd.org | |
99 | [sshconnect.c] | |
100 | copy only ai_addrlen bytes; misiek@pld.org.pl | |
101 | [auth.c] | |
102 | accept an empty shell in authentication; bug reported by | |
103 | chris@tinker.ucr.edu | |
104 | [serverloop.c] | |
105 | we don't have stderr for interactive terminal sessions (fcntl errors) | |
106 | ||
ad85db64 | 107 | 20000517 |
108 | - Fix from Andre Lucas <andre.lucas@dial.pipex.com> | |
109 | - Fixes command line printing segfaults (spotter: Bladt Norbert) | |
110 | - Fixes erroneous printing of debug messages to syslog | |
111 | - Fixes utmp for MacOS X (spotter: Aristedes Maniatis) | |
112 | - Gives useful error message if PRNG initialisation fails | |
113 | - Reduced ssh startup delay | |
114 | - Measures cumulative command time rather than the time between reads | |
115 | after select() | |
116 | - 'fixprogs' perl script to eliminate non-working entropy commands, and | |
117 | optionally run 'ent' to measure command entropy | |
c1ef8333 | 118 | - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix |
a64009ad | 119 | - Avoid WCOREDUMP complation errors for systems that lack it |
120 | - Avoid SIGCHLD warnings from entropy commands | |
28c1d5ce | 121 | - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk> |
0e73cc53 | 122 | - OpenBSD CVS update: |
123 | - markus@cvs.openbsd.org | |
124 | [ssh.c] | |
125 | fix usage() | |
126 | [ssh2.h] | |
127 | draft-ietf-secsh-architecture-05.txt | |
128 | [ssh.1] | |
129 | document ssh -T -N (ssh2 only) | |
130 | [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] | |
131 | enable nonblocking IO for sshd w/ proto 1, too; split out common code | |
132 | [aux.c] | |
133 | missing include | |
c04f75f1 | 134 | - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> |
135 | - INSTALL typo and URL fix | |
136 | - Makefile fix | |
137 | - Solaris fixes | |
138 | - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka | |
139 | <ksakai@kso.netwk.ntt-at.co.jp> | |
afa5ee68 | 140 | - RSAless operation patch from kevin_oconnor@standardandpoors.com |
d45e3d76 | 141 | - Detect OpenSSL seperatly from RSA |
142 | - Better test for RSA (more compatible with RSAref). Based on work by | |
143 | Ed Eden <ede370@stl.rural.usda.gov> | |
ad85db64 | 144 | |
3d1a1654 | 145 | 20000513 |
146 | - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz | |
147 | <misiek@pld.org.pl> | |
148 | ||
d02a3a00 | 149 | 20000511 |
150 | - Fix for prng_seed permissions checking from Lutz Jaenicke | |
151 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> | |
3d1a1654 | 152 | - "make host-key" fix for Irix |
d02a3a00 | 153 | |
d0c832f3 | 154 | 20000509 |
155 | - OpenBSD CVS update | |
156 | - markus@cvs.openbsd.org | |
157 | [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] | |
158 | [ssh.h sshconnect1.c sshconnect2.c sshd.8] | |
159 | - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) | |
160 | - hugh@cvs.openbsd.org | |
161 | [ssh.1] | |
162 | - zap typo | |
163 | [ssh-keygen.1] | |
164 | - One last nit fix. (markus approved) | |
165 | [sshd.8] | |
166 | - some markus certified spelling adjustments | |
167 | - markus@cvs.openbsd.org | |
168 | [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] | |
169 | [sshconnect2.c ] | |
170 | - bug compat w/ ssh-2.0.13 x11, split out bugs | |
171 | [nchan.c] | |
172 | - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ | |
173 | [ssh-keygen.c] | |
174 | - handle escapes in real and original key format, ok millert@ | |
175 | [version.h] | |
176 | - OpenSSH-2.1 | |
3dc1102e | 177 | - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a |
e93ee87a | 178 | - Doc updates |
21e5304a | 179 | - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported |
180 | by Andre Lucas <andre.lucas@dial.pipex.com> | |
d0c832f3 | 181 | |
ebdeb9a8 | 182 | 20000508 |
183 | - Makefile and RPM spec fixes | |
184 | - Generate DSA host keys during "make key" or RPM installs | |
f6cde515 | 185 | - OpenBSD CVS update |
186 | - markus@cvs.openbsd.org | |
187 | [clientloop.c sshconnect2.c] | |
188 | - make x11-fwd interop w/ ssh-2.0.13 | |
189 | [README.openssh2] | |
190 | - interop w/ SecureFX | |
191 | - Release 2.0.0beta2 | |
ebdeb9a8 | 192 | |
58d100bf | 193 | - Configure caching and cleanup patch from Andre Lucas' |
194 | <andre.lucas@dial.pipex.com> | |
195 | ||
1d1ffb87 | 196 | 20000507 |
197 | - Remove references to SSLeay. | |
198 | - Big OpenBSD CVS update | |
199 | - markus@cvs.openbsd.org | |
200 | [clientloop.c] | |
201 | - typo | |
202 | [session.c] | |
203 | - update proctitle on pty alloc/dealloc, e.g. w/ windows client | |
204 | [session.c] | |
205 | - update proctitle for proto 1, too | |
206 | [channels.h nchan.c serverloop.c session.c sshd.c] | |
207 | - use c-style comments | |
208 | - deraadt@cvs.openbsd.org | |
209 | [scp.c] | |
210 | - more atomicio | |
211 | - markus@cvs.openbsd.org | |
212 | [channels.c] | |
213 | - set O_NONBLOCK | |
214 | [ssh.1] | |
215 | - update AUTHOR | |
216 | [readconf.c ssh-keygen.c ssh.h] | |
217 | - default DSA key file ~/.ssh/id_dsa | |
218 | [clientloop.c] | |
219 | - typo, rm verbose debug | |
220 | - deraadt@cvs.openbsd.org | |
221 | [ssh-keygen.1] | |
222 | - document DSA use of ssh-keygen | |
223 | [sshd.8] | |
224 | - a start at describing what i understand of the DSA side | |
225 | [ssh-keygen.1] | |
226 | - document -X and -x | |
227 | [ssh-keygen.c] | |
228 | - simplify usage | |
229 | - markus@cvs.openbsd.org | |
230 | [sshd.8] | |
231 | - there is no rhosts_dsa | |
232 | [ssh-keygen.1] | |
233 | - document -y, update -X,-x | |
234 | [nchan.c] | |
235 | - fix close for non-open ssh1 channels | |
236 | [servconf.c servconf.h ssh.h sshd.8 sshd.c ] | |
237 | - s/DsaKey/HostDSAKey/, document option | |
238 | [sshconnect2.c] | |
239 | - respect number_of_password_prompts | |
240 | [channels.c channels.h servconf.c servconf.h session.c sshd.8] | |
241 | - GatewayPorts for sshd, ok deraadt@ | |
242 | [ssh-add.1 ssh-agent.1 ssh.1] | |
243 | - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 | |
244 | [ssh.1] | |
245 | - more info on proto 2 | |
246 | [sshd.8] | |
247 | - sync AUTHOR w/ ssh.1 | |
248 | [key.c key.h sshconnect.c] | |
249 | - print key type when talking about host keys | |
250 | [packet.c] | |
251 | - clear padding in ssh2 | |
252 | [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] | |
253 | - replace broken uuencode w/ libc b64_ntop | |
254 | [auth2.c] | |
255 | - log failure before sending the reply | |
256 | [key.c radix.c uuencode.c] | |
257 | - remote trailing comments before calling __b64_pton | |
258 | [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] | |
259 | [sshconnect2.c sshd.8] | |
260 | - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 | |
261 | - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) | |
262 | ||
1a11e1ae | 263 | 20000502 |
0fbe8c74 | 264 | - OpenBSD CVS update |
265 | [channels.c] | |
266 | - init all fds, close all fds. | |
267 | [sshconnect2.c] | |
268 | - check whether file exists before asking for passphrase | |
269 | [servconf.c servconf.h sshd.8 sshd.c] | |
270 | - PidFile, pr 1210 | |
271 | [channels.c] | |
272 | - EINTR | |
273 | [channels.c] | |
274 | - unbreak, ok niels@ | |
275 | [sshd.c] | |
276 | - unlink pid file, ok niels@ | |
277 | [auth2.c] | |
278 | - Add missing #ifdefs; ok - markus | |
d3083fbd | 279 | - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy |
280 | gathering commands from a text file | |
1a11e1ae | 281 | - Release 2.0.0beta1 |
282 | ||
c4bc58eb | 283 | 20000501 |
284 | - OpenBSD CVS update | |
285 | [packet.c] | |
286 | - send debug messages in SSH2 format | |
3189621b | 287 | [scp.c] |
288 | - fix very rare EAGAIN/EINTR issues; based on work by djm | |
289 | [packet.c] | |
290 | - less debug, rm unused | |
291 | [auth2.c] | |
292 | - disable kerb,s/key in ssh2 | |
293 | [sshd.8] | |
294 | - Minor tweaks and typo fixes. | |
295 | [ssh-keygen.c] | |
296 | - Put -d into usage and reorder. markus ok. | |
44fb55e9 | 297 | - Include missing headers for OpenSSL tests. Fix from Phil Karn |
298 | <karn@ka9q.ampr.org> | |
3fd95d9a | 299 | - Fixed __progname symbol collisions reported by Andre Lucas |
300 | <andre.lucas@dial.pipex.com> | |
0d5f7abc | 301 | - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering |
302 | <gd@hilb1.medat.de> | |
8cb940db | 303 | - Add some missing ifdefs to auth2.c |
8af50c98 | 304 | - Deprecate perl-tk askpass. |
52bcc044 | 305 | - Irix portability fixes - don't include netinet headers more than once |
306 | - Make sure we don't save PRNG seed more than once | |
c4bc58eb | 307 | |
2b763e31 | 308 | 20000430 |
309 | - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au> | |
b7a87eea | 310 | - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection |
311 | patch. | |
312 | - Adds timeout to entropy collection | |
313 | - Disables slow entropy sources | |
314 | - Load and save seed file | |
315 | - Changed entropy seed code to user per-user seeds only (server seed is | |
316 | saved in root's .ssh directory) | |
317 | - Use atexit() and fatal cleanups to save seed on exit | |
0b242b12 | 318 | - More OpenBSD updates: |
319 | [session.c] | |
320 | - don't call chan_write_failed() if we are not writing | |
321 | [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c] | |
322 | - keysize warnings error() -> log() | |
2b763e31 | 323 | |
a306f2dd | 324 | 20000429 |
325 | - Merge big update to OpenSSH-2.0 from OpenBSD CVS | |
326 | [README.openssh2] | |
327 | - interop w/ F-secure windows client | |
328 | - sync documentation | |
329 | - ssh_host_dsa_key not ssh_dsa_key | |
330 | [auth-rsa.c] | |
331 | - missing fclose | |
332 | [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] | |
333 | [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] | |
334 | [sshd.c uuencode.c uuencode.h authfile.h] | |
335 | - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] | |
336 | for trading keys with the real and the original SSH, directly from the | |
337 | people who invented the SSH protocol. | |
338 | [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] | |
339 | [sshconnect1.c sshconnect2.c] | |
340 | - split auth/sshconnect in one file per protocol version | |
341 | [sshconnect2.c] | |
342 | - remove debug | |
343 | [uuencode.c] | |
344 | - add trailing = | |
345 | [version.h] | |
346 | - OpenSSH-2.0 | |
347 | [ssh-keygen.1 ssh-keygen.c] | |
348 | - add -R flag: exit code indicates if RSA is alive | |
349 | [sshd.c] | |
350 | - remove unused | |
351 | silent if -Q is specified | |
352 | [ssh.h] | |
353 | - host key becomes /etc/ssh_host_dsa_key | |
354 | [readconf.c servconf.c ] | |
355 | - ssh/sshd default to proto 1 and 2 | |
356 | [uuencode.c] | |
357 | - remove debug | |
358 | [auth2.c ssh-keygen.c sshconnect2.c sshd.c] | |
359 | - xfree DSA blobs | |
360 | [auth2.c serverloop.c session.c] | |
361 | - cleanup logging for sshd/2, respect PasswordAuth no | |
362 | [sshconnect2.c] | |
363 | - less debug, respect .ssh/config | |
364 | [README.openssh2 channels.c channels.h] | |
365 | - clientloop.c session.c ssh.c | |
366 | - support for x11-fwding, client+server | |
367 | ||
0ac7199f | 368 | 20000421 |
369 | - Merge fix from OpenBSD CVS | |
370 | [ssh-agent.c] | |
371 | - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de> | |
372 | via Debian bug #59926 | |
18ba2aab | 373 | - Define __progname in session.c if libc doesn't |
374 | - Remove indentation on autoconf #include statements to avoid bug in | |
375 | DEC Tru64 compiler. Report and fix from David Del Piero | |
376 | <David.DelPiero@qed.qld.gov.au> | |
0ac7199f | 377 | |
e1b37056 | 378 | 20000420 |
379 | - Make fixpaths work with perl4, patch from Andre Lucas | |
380 | <andre.lucas@dial.pipex.com> | |
9da5c3c9 | 381 | - Sync with OpenBSD CVS: |
382 | [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c] | |
383 | - pid_t | |
384 | [session.c] | |
385 | - remove bogus chan_read_failed. this could cause data | |
386 | corruption (missing data) at end of a SSH2 session. | |
4e577b89 | 387 | - Merge fixes from Debian patch from Phil Hands <phil@hands.com> |
388 | - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE) | |
389 | - Use vhangup to clean up Linux ttys | |
390 | - Force posix getopt processing on GNU libc systems | |
371ecff9 | 391 | - Debian bug #55910 - remove references to ssl(8) manpages |
247f1a89 | 392 | - Debian bug #58031 - ssh_config lies about default cipher |
e1b37056 | 393 | |
d6f24e45 | 394 | 20000419 |
395 | - OpenBSD CVS updates | |
396 | [channels.c] | |
397 | - fix pr 1196, listen_port and port_to_connect interchanged | |
398 | [scp.c] | |
399 | - after completion, replace the progress bar ETA counter with a final | |
400 | elapsed time; my idea, aaron wrote the patch | |
401 | [ssh_config sshd_config] | |
402 | - show 'Protocol' as an example, ok markus@ | |
403 | [sshd.c] | |
404 | - missing xfree() | |
405 | - Add missing header to bsd-misc.c | |
406 | ||
35484284 | 407 | 20000416 |
408 | - Reduce diff against OpenBSD source | |
409 | - All OpenSSL includes are now unconditionally referenced as | |
410 | openssl/foo.h | |
411 | - Pick up formatting changes | |
412 | - Other minor changed (typecasts, etc) that I missed | |
413 | ||
6ae2364d | 414 | 20000415 |
415 | - OpenBSD CVS updates. | |
416 | [ssh.1 ssh.c] | |
417 | - ssh -2 | |
418 | [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] | |
419 | [session.c sshconnect.c] | |
420 | - check payload for (illegal) extra data | |
421 | [ALL] | |
422 | whitespace cleanup | |
423 | ||
c323ac76 | 424 | 20000413 |
425 | - INSTALL doc updates | |
f54651ce | 426 | - Merged OpenBSD updates to include paths. |
6ae2364d | 427 | |
a8be9f80 | 428 | 20000412 |
429 | - OpenBSD CVS updates: | |
430 | - [channels.c] | |
431 | repair x11-fwd | |
432 | - [sshconnect.c] | |
433 | fix passwd prompt for ssh2, less debugging output. | |
434 | - [clientloop.c compat.c dsa.c kex.c sshd.c] | |
435 | less debugging output | |
436 | - [kex.c kex.h sshconnect.c sshd.c] | |
437 | check for reasonable public DH values | |
438 | - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c] | |
439 | [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c] | |
440 | add Cipher and Protocol options to ssh/sshd, e.g.: | |
441 | ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers | |
442 | arcfour,3des-cbc' | |
443 | - [sshd.c] | |
444 | print 1.99 only if server supports both | |
445 | ||
18e92801 | 446 | 20000408 |
447 | - Avoid some compiler warnings in fake-get*.c | |
448 | - Add IPTOS macros for systems which lack them | |
9d98aaf6 | 449 | - Only set define entropy collection macros if they are found |
e78a59f5 | 450 | - More large OpenBSD CVS updates: |
451 | - [auth.c auth.h servconf.c servconf.h serverloop.c session.c] | |
452 | [session.h ssh.h sshd.c README.openssh2] | |
453 | ssh2 server side, see README.openssh2; enable with 'sshd -2' | |
454 | - [channels.c] | |
455 | no adjust after close | |
456 | - [sshd.c compat.c ] | |
457 | interop w/ latest ssh.com windows client. | |
458 | ||
8ce64345 | 459 | 20000406 |
460 | - OpenBSD CVS update: | |
461 | - [channels.c] | |
462 | close efd on eof | |
463 | - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h] | |
464 | ssh2 client implementation, interops w/ ssh.com and lsh servers. | |
465 | - [sshconnect.c] | |
466 | missing free. | |
467 | - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c] | |
468 | remove unused argument, split cipher_mask() | |
469 | - [clientloop.c] | |
470 | re-order: group ssh1 vs. ssh2 | |
471 | - Make Redhat spec require openssl >= 0.9.5a | |
472 | ||
e7627112 | 473 | 20000404 |
474 | - Add tests for RAND_add function when searching for OpenSSL | |
7e7327a1 | 475 | - OpenBSD CVS update: |
476 | - [packet.h packet.c] | |
477 | ssh2 packet format | |
478 | - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c] | |
479 | [channels.h channels.c] | |
480 | channel layer support for ssh2 | |
481 | - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h] | |
482 | DSA, keyexchange, algorithm agreement for ssh2 | |
6c081128 | 483 | - Generate manpages before make install not at the end of make all |
484 | - Don't seed the rng quite so often | |
485 | - Always reseed rng when requested | |
e7627112 | 486 | |
bfc9a610 | 487 | 20000403 |
488 | - Wrote entropy collection routines for systems that lack /dev/random | |
489 | and EGD | |
837c30b8 | 490 | - Disable tests and typedefs for 64 bit types. They are currently unused. |
bfc9a610 | 491 | |
7368a6c8 | 492 | 20000401 |
493 | - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure) | |
494 | - [auth.c session.c sshd.c auth.h] | |
495 | split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal | |
496 | - [bufaux.c bufaux.h] | |
497 | support ssh2 bignums | |
498 | - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c] | |
499 | [readconf.c ssh.c ssh.h serverloop.c] | |
500 | replace big switch() with function tables (prepare for ssh2) | |
501 | - [ssh2.h] | |
502 | ssh2 message type codes | |
503 | - [sshd.8] | |
504 | reorder Xr to avoid cutting | |
505 | - [serverloop.c] | |
506 | close(fdin) if fdin != fdout, shutdown otherwise, ok theo@ | |
507 | - [channels.c] | |
508 | missing close | |
509 | allow bigger packets | |
510 | - [cipher.c cipher.h] | |
511 | support ssh2 ciphers | |
512 | - [compress.c] | |
513 | cleanup, less code | |
514 | - [dispatch.c dispatch.h] | |
515 | function tables for different message types | |
516 | - [log-server.c] | |
517 | do not log() if debuggin to stderr | |
518 | rename a cpp symbol, to avoid param.h collision | |
519 | - [mpaux.c] | |
520 | KNF | |
521 | - [nchan.c] | |
522 | sync w/ channels.c | |
523 | ||
f5238bee | 524 | 20000326 |
525 | - Better tests for OpenSSL w/ RSAref | |
526 | - Added replacement setenv() function from OpenBSD libc. Suggested by | |
527 | Ben Lindstrom <mouring@pconline.com> | |
4fe2af09 | 528 | - OpenBSD CVS update |
529 | - [auth-krb4.c] | |
530 | -Wall | |
531 | - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] | |
532 | [match.h ssh.c ssh.h sshconnect.c sshd.c] | |
533 | initial support for DSA keys. ok deraadt@, niels@ | |
534 | - [cipher.c cipher.h] | |
535 | remove unused cipher_attack_detected code | |
536 | - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] | |
537 | Fix some formatting problems I missed before. | |
538 | - [ssh.1 sshd.8] | |
539 | fix spelling errors, From: FreeBSD | |
540 | - [ssh.c] | |
541 | switch to raw mode only if he _get_ a pty (not if we _want_ a pty). | |
f5238bee | 542 | |
0024a081 | 543 | 20000324 |
544 | - Released 1.2.3 | |
545 | ||
bd499f9e | 546 | 20000317 |
547 | - Clarified --with-default-path option. | |
548 | - Added -blibpath handling for AIX to work around stupid runtime linking. | |
549 | Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble | |
550 | <jmknoble@pobox.com> | |
474b5fef | 551 | - Checks for 64 bit int types. Problem report from Mats Fredholm |
552 | <matsf@init.se> | |
610cd5c6 | 553 | - OpenBSD CVS updates: |
554 | - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] | |
555 | [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c] | |
556 | [sshd.c] | |
557 | pedantic: signed vs. unsigned, void*-arithm, etc | |
558 | - [ssh.1 sshd.8] | |
559 | Various cleanups and standardizations. | |
be48d23c | 560 | - Runtime error fix for HPUX from Otmar Stahl |
561 | <O.Stahl@lsw.uni-heidelberg.de> | |
bd499f9e | 562 | |
4696775a | 563 | 20000316 |
564 | - Fixed configure not passing LDFLAGS to Solaris. Report from David G. | |
565 | Hesprich <dghespri@sprintparanet.com> | |
d423d822 | 566 | - Propogate LD through to Makefile |
b7a9ce47 | 567 | - Doc cleanups |
2ba2a610 | 568 | - Added blurb about "scp: command not found" errors to UPGRADING |
4696775a | 569 | |
cb0b7ea4 | 570 | 20000315 |
571 | - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list | |
572 | problems with gcc/Solaris. | |
db55a3ea | 573 | - Don't free argument to putenv() after use (in setenv() replacement). |
574 | Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> | |
13652e52 | 575 | - Created contrib/ subdirectory. Included helpers from Phil Hands' |
576 | Debian package, README file and chroot patch from Ricardo Cerqueira | |
577 | <rmcc@clix.pt> | |
9c8aeb89 | 578 | - Moved gnome-ssh-askpass.c to contrib directory and removed config |
13652e52 | 579 | option. |
580 | - Slight cleanup to doc files | |
b14b2ae7 | 581 | - Configure fix from Bratislav ILICH <bilic@zepter.ru> |
cb0b7ea4 | 582 | |
a8ed9fd9 | 583 | 20000314 |
584 | - Include macro for IN6_IS_ADDR_V4MAPPED. Report from | |
585 | peter@frontierflying.com | |
84afc958 | 586 | - Include /usr/local/include and /usr/local/lib for systems that don't |
587 | do it themselves | |
588 | - -R/usr/local/lib for Solaris | |
589 | - Fix RSAref detection | |
590 | - Fix IN6_IS_ADDR_V4MAPPED macro | |
a8ed9fd9 | 591 | |
bcf36c78 | 592 | 20000311 |
593 | - Detect RSAref | |
43e48848 | 594 | - OpenBSD CVS change |
595 | [sshd.c] | |
596 | - disallow guessing of root password | |
867dbf40 | 597 | - More configure fixes |
80faa19f | 598 | - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp> |
bcf36c78 | 599 | |
c8d54615 | 600 | 20000309 |
601 | - OpenBSD CVS updates to v1.2.3 | |
602 | [ssh.h atomicio.c] | |
603 | - int atomicio -> ssize_t (for alpha). ok deraadt@ | |
604 | [auth-rsa.c] | |
605 | - delay MD5 computation until client sends response, free() early, cleanup. | |
606 | [cipher.c] | |
607 | - void* -> unsigned char*, ok niels@ | |
608 | [hostfile.c] | |
609 | - remove unused variable 'len'. fix comments. | |
610 | - remove unused variable | |
611 | [log-client.c log-server.c] | |
612 | - rename a cpp symbol, to avoid param.h collision | |
613 | [packet.c] | |
614 | - missing xfree() | |
615 | - getsockname() requires initialized tolen; andy@guildsoftware.com | |
616 | - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; | |
617 | from Holger.Trapp@Informatik.TU-Chemnitz.DE | |
618 | [pty.c pty.h] | |
619 | - register cleanup for pty earlier. move code for pty-owner handling to | |
620 | pty.c ok provos@, dugsong@ | |
621 | [readconf.c] | |
622 | - turn off x11-fwd for the client, too. | |
623 | [rsa.c] | |
624 | - PKCS#1 padding | |
625 | [scp.c] | |
626 | - allow '.' in usernames; from jedgar@fxp.org | |
627 | [servconf.c] | |
628 | - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de | |
629 | - sync with sshd_config | |
630 | [ssh-keygen.c] | |
631 | - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ | |
632 | [ssh.1] | |
633 | - Change invalid 'CHAT' loglevel to 'VERBOSE' | |
634 | [ssh.c] | |
635 | - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp | |
636 | - turn off x11-fwd for the client, too. | |
637 | [sshconnect.c] | |
638 | - missing xfree() | |
639 | - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. | |
640 | - read error vs. "Connection closed by remote host" | |
641 | [sshd.8] | |
642 | - ie. -> i.e., | |
643 | - do not link to a commercial page.. | |
644 | - sync with sshd_config | |
645 | [sshd.c] | |
646 | - no need for poll.h; from bright@wintelcom.net | |
647 | - log with level log() not fatal() if peer behaves badly. | |
648 | - don't panic if client behaves strange. ok deraadt@ | |
649 | - make no-port-forwarding for RSA keys deny both -L and -R style fwding | |
650 | - delay close() of pty until the pty has been chowned back to root | |
651 | - oops, fix comment, too. | |
652 | - missing xfree() | |
653 | - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. | |
654 | (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) | |
655 | - register cleanup for pty earlier. move code for pty-owner handling to | |
656 | pty.c ok provos@, dugsong@ | |
657 | - create x11 cookie file | |
658 | - fix pr 1113, fclose() -> pclose(), todo: remote popen() | |
659 | - version 1.2.3 | |
660 | - Cleaned up | |
d8223847 | 661 | - Removed warning workaround for Linux and devpts filesystems (no longer |
662 | required after OpenBSD updates) | |
c8d54615 | 663 | |
07055445 | 664 | 20000308 |
665 | - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp> | |
666 | ||
667 | 20000307 | |
668 | - Released 1.2.2p1 | |
669 | ||
9c8c3fc6 | 670 | 20000305 |
671 | - Fix DEC compile fix | |
54096dcc | 672 | - Explicitly seed OpenSSL's PRNG before checking rsa_alive() |
aa6bd60a | 673 | - Check for getpagesize in libucb.a if not found in libc. Fix for old |
674 | Solaris from Andre Lucas <andre.lucas@dial.pipex.com> | |
9fc7867e | 675 | - Check for libwrap if --with-tcp-wrappers option specified. Suggestion |
676 | Mate Wierdl <mw@moni.msci.memphis.edu> | |
9c8c3fc6 | 677 | |
6bf4d066 | 678 | 20000303 |
679 | - Added "make host-key" target, Suggestion from Dominik Brettnacher | |
680 | <domi@saargate.de> | |
16218745 | 681 | - Don't permanently fail on bind() if getaddrinfo has more choices left for |
682 | us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz | |
683 | Miskiewicz <misiek@pld.org.pl> | |
22fa590f | 684 | - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au> |
685 | - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au> | |
6bf4d066 | 686 | |
a0391976 | 687 | 20000302 |
688 | - Big cleanup of autoconf code | |
689 | - Rearranged to be a little more logical | |
690 | - Added -R option for Solaris | |
691 | - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program | |
692 | to detect library and header location _and_ ensure library has proper | |
693 | RSA support built in (this is a problem with OpenSSL 0.9.5). | |
817175bc | 694 | - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de |
0a1718dc | 695 | - Avoid warning message with Unix98 ptys |
3276571c | 696 | - Warning was valid - possible race condition on PTYs. Avoided using |
697 | platform-specific code. | |
698 | - Document some common problems | |
81eef326 | 699 | - Allow root access to any key. Patch from |
700 | markus.friedl@informatik.uni-erlangen.de | |
a0391976 | 701 | |
f55afe71 | 702 | 20000207 |
703 | - Removed SOCKS code. Will support through a ProxyCommand. | |
704 | ||
d07d1c58 | 705 | 20000203 |
706 | - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu | |
d581b7ae | 707 | - Add --with-ssl-dir option |
d07d1c58 | 708 | |
9d5f374b | 709 | 20000202 |
710 | - Fix lastlog code for directory based lastlogs. Fix from Josh Durham | |
711 | <jmd@aoe.vt.edu> | |
6b1f3fdb | 712 | - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp> |
713 | - Added URLs to Japanese translations of documents by HARUYAMA Seigo | |
714 | <haruyama@nt.phys.s.u-tokyo.ac.jp> | |
9d5f374b | 715 | |
bc8c2601 | 716 | 20000201 |
717 | - Use socket pairs by default (instead of pipes). Prevents race condition | |
718 | on several (buggy) OSs. Report and fix from tridge@linuxcare.com | |
719 | ||
69c76614 | 720 | 20000127 |
721 | - Seed OpenSSL's random number generator before generating RSA keypairs | |
722 | - Split random collector into seperate file | |
aaf2abd7 | 723 | - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com> |
69c76614 | 724 | |
f9507c24 | 725 | 20000126 |
726 | - Released 1.2.2 stable | |
727 | ||
728 | - NeXT keeps it lastlog in /usr/adm. Report from | |
729 | mouring@newton.pconline.com | |
587120ad | 730 | - Added note in UPGRADING re interop with commercial SSH using idea. |
731 | Report from Jim Knoble <jmknoble@pobox.com> | |
732 | - Fix linking order for Kerberos/AFS. Fix from Holget Trapp | |
733 | <Holger.Trapp@Informatik.TU-Chemnitz.DE> | |
f9507c24 | 734 | |
bfae20ad | 735 | 20000125 |
736 | - Fix NULL pointer dereference in login.c. Fix from Andre Lucas | |
737 | <andre.lucas@dial.pipex.com> | |
07b0cb78 | 738 | - Reorder PAM initialisation so it does not mess up lastlog. Reported |
739 | by Andre Lucas <andre.lucas@dial.pipex.com> | |
9755cbdb | 740 | - Use preformatted manpages on SCO, report from Gary E. Miller |
741 | <gem@rellim.com> | |
742 | - New URL for x11-ssh-askpass. | |
7e31dc81 | 743 | - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble |
744 | <jmknoble@pobox.com> | |
ff8ecdb8 | 745 | - Added 'DESTDIR' option to Makefile to ease package building. Patch from |
746 | Jim Knoble <jmknoble@pobox.com> | |
747 | - Updated RPM spec files to use DESTDIR | |
bfae20ad | 748 | |
bb58aa4b | 749 | 20000124 |
750 | - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number | |
751 | increment) | |
752 | ||
d45317d8 | 753 | 20000123 |
754 | - OpenBSD CVS: | |
755 | - [packet.c] | |
756 | getsockname() requires initialized tolen; andy@guildsoftware.com | |
4c40f834 | 757 | - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin |
758 | <drankin@bohemians.lexington.ky.us> | |
12aa90af | 759 | - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com> |
d45317d8 | 760 | |
e844f761 | 761 | 20000122 |
762 | - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor | |
763 | <bent@clark.net> | |
c54a6257 | 764 | - Merge preformatted manpage patch from Andre Lucas |
765 | <andre.lucas@dial.pipex.com> | |
8eb34e02 | 766 | - Make IPv4 use the default in RPM packages |
767 | - Irix uses preformatted manpages | |
1e64903d | 768 | - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp |
769 | <Holger.Trapp@Informatik.TU-Chemnitz.DE> | |
9bc5ddfe | 770 | - OpenBSD CVS updates: |
771 | - [packet.c] | |
772 | use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; | |
773 | from Holger.Trapp@Informatik.TU-Chemnitz.DE | |
774 | - [sshd.c] | |
775 | log with level log() not fatal() if peer behaves badly. | |
776 | - [readpass.c] | |
777 | instead of blocking SIGINT, catch it ourselves, so that we can clean | |
778 | the tty modes up and kill ourselves -- instead of our process group | |
779 | leader (scp, cvs, ...) going away and leaving us in noecho mode. | |
780 | people with cbreak shells never even noticed.. | |
399d9d44 | 781 | - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] |
782 | ie. -> i.e., | |
e844f761 | 783 | |
4c8ef3fb | 784 | 20000120 |
785 | - Don't use getaddrinfo on AIX | |
7b2ea3a1 | 786 | - Update to latest OpenBSD CVS: |
787 | - [auth-rsa.c] | |
788 | - fix user/1056, sshd keeps restrictions; dbt@meat.net | |
789 | - [sshconnect.c] | |
790 | - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. | |
791 | - destroy keys earlier | |
d468fc76 | 792 | - split key exchange (kex) and user authentication (user-auth), |
793 | ok: provos@ | |
7b2ea3a1 | 794 | - [sshd.c] |
795 | - no need for poll.h; from bright@wintelcom.net | |
796 | - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. | |
d468fc76 | 797 | - split key exchange (kex) and user authentication (user-auth), |
798 | ok: provos@ | |
f3bba493 | 799 | - Big manpage and config file cleanup from Andre Lucas |
800 | <andre.lucas@dial.pipex.com> | |
5f4fdfae | 801 | - Re-added latest (unmodified) OpenBSD manpages |
47f9a56a | 802 | - Doc updates |
d468fc76 | 803 | - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and |
804 | Christos Zoulas <christos@netbsd.org> | |
4c8ef3fb | 805 | |
082bbfb3 | 806 | 20000119 |
20af321f | 807 | - SCO compile fixes from Gary E. Miller <gem@rellim.com> |
082bbfb3 | 808 | - Compile fix from Darren_Hall@progressive.com |
59e76f33 | 809 | - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC |
810 | addresses using getaddrinfo(). Added a configure switch to make the | |
811 | default lookup mode AF_INET | |
082bbfb3 | 812 | |
a63a7f37 | 813 | 20000118 |
814 | - Fixed --with-pid-dir option | |
51a6baf8 | 815 | - Makefile fix from Gary E. Miller <gem@rellim.com> |
976f7e19 | 816 | - Compile fix for HPUX and Solaris from Andre Lucas |
817 | <andre.lucas@dial.pipex.com> | |
a63a7f37 | 818 | |
f914c7fb | 819 | 20000117 |
820 | - Clean up bsd-bindresvport.c. Use arc4random() for picking initial | |
821 | port, ignore EINVAL errors (Linux) when searching for free port. | |
de93b046 | 822 | - Revert __snprintf -> snprintf aliasing. Apparently Solaris |
823 | __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org> | |
9b363e1c | 824 | - Document location of Redhat PAM file in INSTALL. |
80a44451 | 825 | - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6 |
826 | INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to | |
f4a7cf29 | 827 | deliver (no IPv6 kernel support) |
80a44451 | 828 | - Released 1.2.1pre27 |
f914c7fb | 829 | |
f4a7cf29 | 830 | - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c) |
cf8ad170 | 831 | - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen |
832 | <jhuuskon@hytti.uku.fi> | |
691a8a9f | 833 | - Fix hang on logout if processes are still using the pty. Needs |
834 | further testing. | |
5957fd29 | 835 | - Patch from Christos Zoulas <christos@zoulas.com> |
836 | - Try $prefix first when looking for OpenSSL. | |
837 | - Include sys/types.h when including sys/socket.h in test programs | |
19d9ac2a | 838 | - Substitute PID directory in sshd.8. Suggestion from Andrew |
839 | Stribblehill <a.d.stribblehill@durham.ac.uk> | |
f4a7cf29 | 840 | |
47e45e44 | 841 | 20000116 |
842 | - Renamed --with-xauth-path to --with-xauth | |
843 | - Added --with-pid-dir option | |
844 | - Released 1.2.1pre26 | |
845 | ||
a82ef8ae | 846 | - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp> |
66be05a1 | 847 | - Fixed broken bugfix for /dev/ptmx on Linux systems which lack |
848 | openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp> | |
a82ef8ae | 849 | |
5cdfe03f | 850 | 20000115 |
851 | - Add --with-xauth-path configure directive and explicit test for | |
852 | /usr/openwin/bin/xauth for Solaris systems. Report from Anders | |
853 | Nordby <anders@fix.no> | |
854 | - Fix incorrect detection of /dev/ptmx on Linux systems that lack | |
855 | openpty. Report from John Seifarth <john@waw.be> | |
856 | - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in | |
857 | sys/types.h. Fixes problems on SCO, report from Gary E. Miller | |
858 | <gem@rellim.com> | |
859 | - Use __snprintf and __vnsprintf if they are found where snprintf and | |
860 | vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net> | |
861 | and others. | |
862 | ||
48e671d5 | 863 | 20000114 |
864 | - Merged OpenBSD IPv6 patch: | |
865 | - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1] | |
866 | [scp.c packet.h packet.c login.c log.c canohost.c channels.c] | |
867 | [hostfile.c sshd_config] | |
868 | ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new | |
869 | features: sshd allows multiple ListenAddress and Port options. note | |
870 | that libwrap is not IPv6-ready. (based on patches from | |
871 | fujiwara@rcac.tdi.co.jp) | |
872 | - [ssh.c canohost.c] | |
873 | more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, | |
874 | from itojun@ | |
875 | - [channels.c] | |
876 | listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE) | |
877 | - [packet.h] | |
878 | allow auth-kerberos for IPv4 only | |
879 | - [scp.1 sshd.8 servconf.h scp.c] | |
880 | document -4, -6, and 'ssh -L 2022/::1/22' | |
881 | - [ssh.c] | |
882 | 'ssh @host' is illegal (null user name), from | |
883 | karsten@gedankenpolizei.de | |
884 | - [sshconnect.c] | |
885 | better error message | |
886 | - [sshd.c] | |
887 | allow auth-kerberos for IPv4 only | |
888 | - Big IPv6 merge: | |
889 | - Cleanup overrun in sockaddr copying on RHL 6.1 | |
890 | - Replacements for getaddrinfo, getnameinfo, etc based on versions | |
891 | from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> | |
892 | - Replacement for missing structures on systems that lack IPv6 | |
893 | - record_login needed to know about AF_INET6 addresses | |
894 | - Borrowed more code from OpenBSD: rresvport_af and requisites | |
895 | ||
2598df62 | 896 | 20000110 |
897 | - Fixes to auth-skey to enable it to use the standard OpenSSL libraries | |
898 | ||
b8a0310d | 899 | 20000107 |
900 | - New config.sub and config.guess to fix problems on SCO. Supplied | |
901 | by Gary E. Miller <gem@rellim.com> | |
b6a98a85 | 902 | - SCO build fix from Gary E. Miller <gem@rellim.com> |
2598df62 | 903 | - Released 1.2.1pre25 |
b8a0310d | 904 | |
dfb95100 | 905 | 20000106 |
906 | - Documentation update & cleanup | |
907 | - Better KrbIV / AFS detection, based on patch from: | |
908 | Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> | |
909 | ||
b9795b89 | 910 | 20000105 |
911 | - Fixed annoying DES corruption problem. libcrypt has been | |
912 | overriding symbols in libcrypto. Removed libcrypt and crypt.h | |
913 | altogether (libcrypto includes its own crypt(1) replacement) | |
914 | - Added platform-specific rules for Irix 6.x. Included warning that | |
915 | they are untested. | |
916 | ||
a1ec4d79 | 917 | 20000103 |
918 | - Add explicit make rules for files proccessed by fixpaths. | |
919 | - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori | |
920 | <tnh@kondara.org> | |
607d73e6 | 921 | - Removed "nullok" directive from default PAM configuration files. |
922 | Added information on enabling EmptyPasswords on openssh+PAM in | |
923 | UPGRADING file. | |
e02735bb | 924 | - OpenBSD CVS updates |
925 | - [ssh-agent.c] | |
926 | cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and | |
927 | dgaudet@arctic.org | |
928 | - [sshconnect.c] | |
929 | compare correct version for 1.3 compat mode | |
a1ec4d79 | 930 | |
93c7f644 | 931 | 20000102 |
932 | - Prevent multiple inclusion of config.h and defines.h. Suggested | |
933 | by Andre Lucas <andre.lucas@dial.pipex.com> | |
934 | - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet | |
935 | <dgaudet@arctic.org> | |
936 | ||
76b8607f | 937 | 19991231 |
938 | - Fix password support on systems with a mixture of shadowed and | |
939 | non-shadowed passwords (e.g. NIS). Report and fix from | |
940 | HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp> | |
723221b5 | 941 | - Fix broken autoconf typedef detection. Report from Marc G. |
942 | Fournier <marc.fournier@acadiau.ca> | |
b92964b7 | 943 | - Fix occasional crash on LinuxPPC. Patch from Franz Sirl |
944 | <Franz.Sirl-kernel@lauterbach.com> | |
a6ddc88b | 945 | - Prevent typedefs from being compiled more than once. Report from |
946 | Marc G. Fournier <marc.fournier@acadiau.ca> | |
4811cc0b | 947 | - Fill in ut_utaddr utmp field. Report from Benjamin Charron |
948 | <iretd@bigfoot.com> | |
c43d69a9 | 949 | - Really fix broken default path. Fix from Jim Knoble |
950 | <jmknoble@pobox.com> | |
ae3a3d31 | 951 | - Remove test for quad_t. No longer needed. |
76a8e733 | 952 | - Released 1.2.1pre24 |
953 | ||
954 | - Added support for directory-based lastlogs | |
955 | - Really fix typedefs, patch from Ben Taylor <bent@clark.net> | |
76b8607f | 956 | |
13f825f4 | 957 | 19991230 |
958 | - OpenBSD CVS updates: | |
959 | - [auth-passwd.c] | |
960 | check for NULL 1st | |
a5c9cd31 | 961 | - Removed most of the pam code into its own file auth-pam.[ch]. This |
962 | cleaned up sshd.c up significantly. | |
76b8607f | 963 | - PAM authentication was incorrectly interpreting |
964 | "PermitRootLogin without-password". Report from Matthias Andree | |
965 | <ma@dt.e-technik.uni-dortmund.de | |
a5c9cd31 | 966 | - Several other cleanups |
0bc5b6fb | 967 | - Merged Dante SOCKS support patch from David Rankin |
968 | <drankin@bohemians.lexington.ky.us> | |
969 | - Updated documentation with ./configure options | |
76b8607f | 970 | - Released 1.2.1pre23 |
13f825f4 | 971 | |
c73a0cb5 | 972 | 19991229 |
973 | - Applied another NetBSD portability patch from David Rankin | |
974 | <drankin@bohemians.lexington.ky.us> | |
975 | - Fix --with-default-path option. | |
a0f84251 | 976 | - Autodetect perl, patch from David Rankin |
977 | <drankin@bohemians.lexington.ky.us> | |
0a2ff95d | 978 | - Print whether OpenSSH was compiled with RSARef, patch from |
979 | Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu> | |
f91bacbd | 980 | - Calls to pam_setcred, patch from Nalin Dahyabhai |
981 | <nalin@thermo.stat.ncsu.edu> | |
e3a93db0 | 982 | - Detect missing size_t and typedef it. |
5ab44a92 | 983 | - Rename helper.[ch] to (more appropriate) bsd-misc.[ch] |
984 | - Minor Makefile cleaning | |
c73a0cb5 | 985 | |
b6019d68 | 986 | 19991228 |
987 | - Replacement for getpagesize() for systems which lack it | |
70e0115b | 988 | - NetBSD login.c compile fix from David Rankin |
989 | <drankin@bohemians.lexington.ky.us> | |
990 | - Fully set ut_tv if present in utmp or utmpx | |
d94aa2ae | 991 | - Portability fixes for Irix 5.3 (now compiles OK!) |
992 | - autoconf and other misc cleanups | |
ea1970a3 | 993 | - Merged AIX patch from Darren Hall <dhall@virage.org> |
994 | - Cleaned up defines.h | |
fa9a2dd6 | 995 | - Released 1.2.1pre22 |
b6019d68 | 996 | |
d2dcff5f | 997 | 19991227 |
998 | - Automatically correct paths in manpages and configuration files. Patch | |
999 | and script from Andre Lucas <andre.lucas@dial.pipex.com> | |
1000 | - Removed credits from README to CREDITS file, updated. | |
cb807f40 | 1001 | - Added --with-default-path to specify custom path for server |
1002 | - Removed #ifdef trickery from acconfig.h into defines.h | |
36a5b38e | 1003 | - PAM bugfix. PermitEmptyPassword was being ignored. |
1004 | - Fixed PAM config files to allow empty passwords if server does. | |
1005 | - Explained spurious PAM auth warning workaround in UPGRADING | |
21feb5fa | 1006 | - Use last few chars of tty line as ut_id |
5a7794be | 1007 | - New SuSE RPM spec file from Chris Saia <csaia@wtower.com> |
00e6dd70 | 1008 | - OpenBSD CVS updates: |
1009 | - [packet.h auth-rhosts.c] | |
1010 | check format string for packet_disconnect and packet_send_debug, too | |
1011 | - [channels.c] | |
1012 | use packet_get_maxsize for channels. consistence. | |
d2dcff5f | 1013 | |
f74efc8d | 1014 | 19991226 |
1015 | - Enabled utmpx support by default for Solaris | |
1016 | - Cleanup sshd.c PAM a little more | |
bc7ea646 | 1017 | - Revised RPM package to include Jim Knoble's <jmknoble@pobox.com> |
1018 | X11 ssh-askpass program. | |
20c43d8c | 1019 | - Disable logging of PAM success and failures, PAM is verbose enough. |
1020 | Unfortunatly there is currently no way to disable auth failure | |
1021 | messages. Mention this in UPGRADING file and sent message to PAM | |
1022 | developers | |
83b7f649 | 1023 | - OpenBSD CVS update: |
1024 | - [ssh-keygen.1 ssh.1] | |
1025 | remove ref to .ssh/random_seed, mention .ssh/environment in | |
1026 | .Sh FILES, too | |
72251cb6 | 1027 | - Released 1.2.1pre21 |
1028 | - Fixed implicit '.' in default path, report from Jim Knoble | |
1029 | <jmknoble@pobox.com> | |
30a39691 | 1030 | - Redhat RPM spec fixes from Jim Knoble <jmknoble@pobox.com> |
f74efc8d | 1031 | |
f498ed15 | 1032 | 19991225 |
1033 | - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> | |
1034 | - Cleanup of auth-passwd.c for shadow and MD5 passwords | |
1035 | - Cleanup and bugfix of PAM authentication code | |
f74efc8d | 1036 | - Released 1.2.1pre20 |
1037 | ||
1038 | - Merged fixes from Ben Taylor <bent@clark.net> | |
1039 | - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk> | |
1040 | - Disabled logging of PAM password authentication failures when password | |
1041 | is empty. (e.g start of authentication loop). Reported by Naz | |
1042 | <96na@eng.cam.ac.uk>) | |
f498ed15 | 1043 | |
1044 | 19991223 | |
1045 | - Merged later HPUX patch from Andre Lucas | |
1046 | <andre.lucas@dial.pipex.com> | |
1047 | - Above patch included better utmpx support from Ben Taylor | |
f74efc8d | 1048 | <bent@clark.net> |
f498ed15 | 1049 | |
eef6f7e9 | 1050 | 19991222 |
1051 | - Fix undefined fd_set type in ssh.h from Povl H. Pedersen | |
1052 | <pope@netguide.dk> | |
ae28776a | 1053 | - Fix login.c breakage on systems which lack ut_host in struct |
1054 | utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com> | |
eef6f7e9 | 1055 | |
a7effaac | 1056 | 19991221 |
1057 | - Integration of large HPUX patch from Andre Lucas | |
1058 | <andre.lucas@dial.pipex.com>. Integrating it had a few other | |
1059 | benefits: | |
1060 | - Ability to disable shadow passwords at configure time | |
1061 | - Ability to disable lastlog support at configure time | |
1062 | - Support for IP address in $DISPLAY | |
ae2f7af7 | 1063 | - OpenBSD CVS update: |
1064 | - [sshconnect.c] | |
1065 | say "REMOTE HOST IDENTIFICATION HAS CHANGED" | |
59dd7a31 | 1066 | - Fix DISABLE_SHADOW support |
1067 | - Allow MD5 passwords even if shadow passwords are disabled | |
16034de9 | 1068 | - Release 1.2.1pre19 |
a7effaac | 1069 | |
3f1d9bcd | 1070 | 19991218 |
1071 | - Redhat init script patch from Chun-Chung Chen | |
1072 | <cjj@u.washington.edu> | |
7e1c2490 | 1073 | - Avoid breakage on systems without IPv6 headers |
3f1d9bcd | 1074 | |
60d804c8 | 1075 | 19991216 |
1076 | - Makefile changes for Solaris from Peter Kocks | |
1077 | <peter.kocks@baygate.com> | |
89cafde6 | 1078 | - Minor updates to docs |
1079 | - Merged OpenBSD CVS changes: | |
1080 | - [authfd.c ssh-agent.c] | |
1081 | keysize warnings talk about identity files | |
1082 | - [packet.c] | |
1083 | "Connection closed by x.x.x.x": fatal() -> log() | |
c9d323f0 | 1084 | - Correctly handle empty passwords in shadow file. Patch from: |
1085 | "Chris, the Young One" <cky@pobox.com> | |
1086 | - Released 1.2.1pre18 | |
60d804c8 | 1087 | |
7dc6fc6d | 1088 | 19991215 |
1089 | - Integrated patchs from Juergen Keil <jk@tools.de> | |
1090 | - Avoid void* pointer arithmatic | |
1091 | - Use LDFLAGS correctly | |
68227e6d | 1092 | - Fix SIGIO error in scp |
1093 | - Simplify status line printing in scp | |
906a2515 | 1094 | - Added better test for inline functions compiler support from |
1095 | Darren_Hall@progressive.com | |
7dc6fc6d | 1096 | |
95f1eccc | 1097 | 19991214 |
1098 | - OpenBSD CVS Changes | |
1099 | - [canohost.c] | |
1100 | fix get_remote_port() and friends for sshd -i; | |
1101 | Holger.Trapp@Informatik.TU-Chemnitz.DE | |
1102 | - [mpaux.c] | |
1103 | make code simpler. no need for memcpy. niels@ ok | |
1104 | - [pty.c] | |
1105 | namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org | |
1106 | fix proto; markus | |
1107 | - [ssh.1] | |
1108 | typo; mark.baushke@solipsa.com | |
1109 | - [channels.c ssh.c ssh.h sshd.c] | |
1110 | type conflict for 'extern Type *options' in channels.c; dot@dotat.at | |
1111 | - [sshconnect.c] | |
1112 | move checking of hostkey into own function. | |
1113 | - [version.h] | |
1114 | OpenSSH-1.2.1 | |
884bcb37 | 1115 | - Clean up broken includes in pty.c |
7303768f | 1116 | - Some older systems don't have poll.h, they use sys/poll.h instead |
1117 | - Doc updates | |
95f1eccc | 1118 | |
847e8865 | 1119 | 19991211 |
1120 | - Fix compilation on systems with AFS. Reported by | |
1121 | aloomis@glue.umd.edu | |
1122 | - Fix installation on Solaris. Reported by | |
1123 | Gordon Rowell <gordonr@gormand.com.au> | |
1124 | - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com, | |
1125 | patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de> | |
1126 | - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com> | |
1127 | - Compile fix from David Agraz <dagraz@jahoopa.com> | |
1128 | - Avoid compiler warning in bsd-snprintf.c | |
1129 | - Added pam_limits.so to default PAM config. Suggested by | |
1130 | Jim Knoble <jmknoble@pobox.com> | |
1131 | ||
8946db53 | 1132 | 19991209 |
1133 | - Import of patch from Ben Taylor <bent@clark.net>: | |
1134 | - Improved PAM support | |
1135 | - "uninstall" rule for Makefile | |
1136 | - utmpx support | |
1137 | - Should fix PAM problems on Solaris | |
2d86a6cc | 1138 | - OpenBSD CVS updates: |
1139 | - [readpass.c] | |
1140 | avoid stdio; based on work by markus, millert, and I | |
1141 | - [sshd.c] | |
1142 | make sure the client selects a supported cipher | |
1143 | - [sshd.c] | |
1144 | fix sighup handling. accept would just restart and daemon handled | |
1145 | sighup only after the next connection was accepted. use poll on | |
1146 | listen sock now. | |
1147 | - [sshd.c] | |
1148 | make that a fatal | |
87e91331 | 1149 | - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us> |
1150 | to fix libwrap support on NetBSD | |
5001b9e4 | 1151 | - Released 1.2pre17 |
8946db53 | 1152 | |
6d8c4ea4 | 1153 | 19991208 |
1154 | - Compile fix for Solaris with /dev/ptmx from | |
1155 | David Agraz <dagraz@jahoopa.com> | |
1156 | ||
4285816a | 1157 | 19991207 |
1158 | - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com> | |
1159 | fixes compatability with 4.x and 5.x | |
db28aeb5 | 1160 | - Fixed default SSH_ASKPASS |
d465f2ca | 1161 | - Fix PAM account and session being called multiple times. Problem |
1162 | reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk> | |
a408af76 | 1163 | - Merged more OpenBSD changes: |
1164 | - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c] | |
1165 | move atomicio into it's own file. wrap all socket write()s which | |
1166 | were doing write(sock, buf, len) != len, with atomicio() calls. | |
1167 | - [auth-skey.c] | |
1168 | fd leak | |
1169 | - [authfile.c] | |
1170 | properly name fd variable | |
1171 | - [channels.c] | |
1172 | display great hatred towards strcpy | |
1173 | - [pty.c pty.h sshd.c] | |
1174 | use openpty() if it exists (it does on BSD4_4) | |
1175 | - [tildexpand.c] | |
1176 | check for ~ expansion past MAXPATHLEN | |
1177 | - Modified helper.c to use new atomicio function. | |
1178 | - Reformat Makefile a little | |
1179 | - Moved RC4 routines from rc4.[ch] into helper.c | |
1180 | - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX) | |
9983a8ca | 1181 | - Updated SuSE spec from Chris Saia <csaia@wtower.com> |
1182 | - Tweaked Redhat spec | |
9158d92f | 1183 | - Clean up bad imports of a few files (forgot -kb) |
1184 | - Released 1.2pre16 | |
4285816a | 1185 | |
9c7b6dfd | 1186 | 19991204 |
1187 | - Small cleanup of PAM code in sshd.c | |
57112b5a | 1188 | - Merged OpenBSD CVS changes: |
1189 | - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h] | |
1190 | move skey-auth from auth-passwd.c to auth-skey.c, same for krb4 | |
1191 | - [auth-rsa.c] | |
1192 | warn only about mismatch if key is _used_ | |
1193 | warn about keysize-mismatch with log() not error() | |
1194 | channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c | |
1195 | ports are u_short | |
1196 | - [hostfile.c] | |
1197 | indent, shorter warning | |
1198 | - [nchan.c] | |
1199 | use error() for internal errors | |
1200 | - [packet.c] | |
1201 | set loglevel for SSH_MSG_DISCONNECT to log(), not fatal() | |
1202 | serverloop.c | |
1203 | indent | |
1204 | - [ssh-add.1 ssh-add.c ssh.h] | |
1205 | document $SSH_ASKPASS, reasonable default | |
1206 | - [ssh.1] | |
1207 | CheckHostIP is not available for connects via proxy command | |
1208 | - [sshconnect.c] | |
1209 | typo | |
1210 | easier to read client code for passwd and skey auth | |
1211 | turn of checkhostip for proxy connects, since we don't know the remote ip | |
9c7b6dfd | 1212 | |
dad3b556 | 1213 | 19991126 |
1214 | - Add definition for __P() | |
1215 | - Added [v]snprintf() replacement for systems that lack it | |
1216 | ||
0ce43ae4 | 1217 | 19991125 |
1218 | - More reformatting merged from OpenBSD CVS | |
1219 | - Merged OpenBSD CVS changes: | |
1220 | - [channels.c] | |
1221 | fix packet_integrity_check() for !have_hostname_in_open. | |
1222 | report from mrwizard@psu.edu via djm@ibs.com.au | |
1223 | - [channels.c] | |
1224 | set SO_REUSEADDR and SO_LINGER for forwarded ports. | |
1225 | chip@valinux.com via damien@ibs.com.au | |
1226 | - [nchan.c] | |
1227 | it's not an error() if shutdown_write failes in nchan. | |
1228 | - [readconf.c] | |
1229 | remove dead #ifdef-0-code | |
1230 | - [readconf.c servconf.c] | |
1231 | strcasecmp instead of tolower | |
1232 | - [scp.c] | |
1233 | progress meter overflow fix from damien@ibs.com.au | |
1234 | - [ssh-add.1 ssh-add.c] | |
1235 | SSH_ASKPASS support | |
1236 | - [ssh.1 ssh.c] | |
1237 | postpone fork_after_authentication until command execution, | |
1238 | request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au | |
1239 | plus: use daemon() for backgrounding | |
cf8dd513 | 1240 | - Added BSD compatible install program and autoconf test, thanks to |
1241 | Niels Kristian Bech Jensen <nkbj@image.dk> | |
1242 | - Solaris fixing, thanks to Ben Taylor <bent@clark.net> | |
09041313 | 1243 | - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com> |
3dbefdb8 | 1244 | - Release 1.2pre15 |
0ce43ae4 | 1245 | |
5260325f | 1246 | 19991124 |
1247 | - Merged very large OpenBSD source code reformat | |
1248 | - OpenBSD CVS updates | |
1249 | - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] | |
1250 | [ssh.h sshd.8 sshd.c] | |
1251 | syslog changes: | |
1252 | * Unified Logmessage for all auth-types, for success and for failed | |
1253 | * Standard connections get only ONE line in the LOG when level==LOG: | |
1254 | Auth-attempts are logged only, if authentication is: | |
1255 | a) successfull or | |
1256 | b) with passwd or | |
1257 | c) we had more than AUTH_FAIL_LOG failues | |
1258 | * many log() became verbose() | |
1259 | * old behaviour with level=VERBOSE | |
1260 | - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] | |
1261 | tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE | |
1262 | messages. allows use of s/key in windows (ttssh, securecrt) and | |
1263 | ssh-1.2.27 clients without 'ssh -v', ok: niels@ | |
1264 | - [sshd.8] | |
1265 | -V, for fallback to openssh in SSH2 compatibility mode | |
1266 | - [sshd.c] | |
1267 | fix sigchld race; cjc5@po.cwru.edu | |
1268 | ||
4655fe80 | 1269 | 19991123 |
1270 | - Added SuSE package files from Chris Saia <csaia@wtower.com> | |
8b241e50 | 1271 | - Restructured package-related files under packages/* |
4655fe80 | 1272 | - Added generic PAM config |
8b241e50 | 1273 | - Numerous little Solaris fixes |
9c08d6ce | 1274 | - Add recommendation to use GNU make to INSTALL document |
4655fe80 | 1275 | |
60bed5fd | 1276 | 19991122 |
1277 | - Make <enter> close gnome-ssh-askpass (Debian bug #50299) | |
2f2cc3f9 | 1278 | - OpenBSD CVS Changes |
1279 | - [ssh-keygen.c] | |
1280 | don't create ~/.ssh only if the user wants to store the private | |
1281 | key there. show fingerprint instead of public-key after | |
1282 | keygeneration. ok niels@ | |
b09a984b | 1283 | - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h |
96ad4350 | 1284 | - Added timersub() macro |
b09a984b | 1285 | - Tidy RCSIDs of bsd-*.c |
96ad4350 | 1286 | - Added autoconf test and macro to deal with old PAM libraries |
1287 | pam_strerror definition (one arg vs two). | |
530f1889 | 1288 | - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>) |
1289 | - Retry /dev/urandom reads interrupted by signal (report from | |
1290 | Robert Hardy <rhardy@webcon.net>) | |
1647c2b5 | 1291 | - Added a setenv replacement for systems which lack it |
d84a9a44 | 1292 | - Only display public key comment when presenting ssh-askpass dialog |
1293 | - Released 1.2pre14 | |
60bed5fd | 1294 | |
2ddcfdf3 | 1295 | - Configure, Make and changelog corrections from Tudor Bosman |
1296 | <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk> | |
1297 | ||
9d6b7add | 1298 | 19991121 |
2f2cc3f9 | 1299 | - OpenBSD CVS Changes: |
60bed5fd | 1300 | - [channels.c] |
1301 | make this compile, bad markus | |
1302 | - [log.c readconf.c servconf.c ssh.h] | |
1303 | bugfix: loglevels are per host in clientconfig, | |
1304 | factor out common log-level parsing code. | |
1305 | - [servconf.c] | |
1306 | remove unused index (-Wall) | |
1307 | - [ssh-agent.c] | |
1308 | only one 'extern char *__progname' | |
1309 | - [sshd.8] | |
1310 | document SIGHUP, -Q to synopsis | |
1311 | - [sshconnect.c serverloop.c sshd.c packet.c packet.h] | |
1312 | [channels.c clientloop.c] | |
1313 | SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@ | |
1314 | [hope this time my ISP stays alive during commit] | |
1315 | - [OVERVIEW README] typos; green@freebsd | |
1316 | - [ssh-keygen.c] | |
1317 | replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me) | |
1318 | exit if writing the key fails (no infinit loop) | |
1319 | print usage() everytime we get bad options | |
1320 | - [ssh-keygen.c] overflow, djm@mindrot.org | |
1321 | - [sshd.c] fix sigchld race; cjc5@po.cwru.edu | |
1322 | ||
2b942fe0 | 1323 | 19991120 |
1324 | - Merged more Solaris support from Marc G. Fournier | |
1325 | <marc.fournier@acadiau.ca> | |
1326 | - Wrote autoconf tests for integer bit-types | |
1327 | - Fixed enabling kerberos support | |
13c36c4c | 1328 | - Fix segfault in ssh-keygen caused by buffer overrun in filename |
1329 | handling. | |
2b942fe0 | 1330 | |
06479889 | 1331 | 19991119 |
1332 | - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com> | |
2ad77510 | 1333 | - Merged OpenBSD CVS changes |
1334 | - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c] | |
1335 | more %d vs. %s in fmt-strings | |
1336 | - [authfd.c] | |
1337 | Integers should not be printed with %s | |
7b1cc56c | 1338 | - EGD uses a socket, not a named pipe. Duh. |
1339 | - Fix includes in fingerprint.c | |
29dbde15 | 1340 | - Fix scp progress bar bug again. |
2ddcfdf3 | 1341 | - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of |
736890c4 | 1342 | David Rankin <drankin@bohemians.lexington.ky.us> |
91b8065d | 1343 | - Added autoconf option to enable Kerberos 4 support (untested) |
1344 | - Added autoconf option to enable AFS support (untested) | |
1345 | - Added autoconf option to enable S/Key support (untested) | |
1346 | - Added autoconf option to enable TCP wrappers support (compiles OK) | |
beb43d31 | 1347 | - Renamed BSD helper function files to bsd-* |
caf3bc51 | 1348 | - Added tests for login and daemon and enable OpenBSD replacements for |
1349 | when they are absent. | |
1350 | - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu> | |
06479889 | 1351 | |
2bd61362 | 1352 | 19991118 |
1353 | - Merged OpenBSD CVS changes | |
1354 | - [scp.c] foregroundproc() in scp | |
1355 | - [sshconnect.h] include fingerprint.h | |
1356 | - [sshd.c] bugfix: the log() for passwd-auth escaped during logging | |
1357 | changes. | |
0c16a097 | 1358 | - [ssh.1] Spell my name right. |
2bd61362 | 1359 | - Added openssh.com info to README |
1360 | ||
f095fcc7 | 1361 | 19991117 |
1362 | - Merged OpenBSD CVS changes | |
1363 | - [ChangeLog.Ylonen] noone needs this anymore | |
1364 | - [authfd.c] close-on-exec for auth-socket, ok deraadt | |
1365 | - [hostfile.c] | |
1366 | in known_hosts key lookup the entry for the bits does not need | |
1367 | to match, all the information is contained in n and e. This | |
1368 | solves the problem with buggy servers announcing the wrong | |
1369 | modulus length. markus and me. | |
1370 | - [serverloop.c] | |
1371 | bugfix: check for space if child has terminated, from: | |
1372 | iedowse@maths.tcd.ie | |
1373 | - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] | |
1374 | [fingerprint.c fingerprint.h] | |
1375 | rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se> | |
1376 | - [ssh-agent.1] typo | |
1377 | - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ | |
1378 | - [sshd.c] | |
1379 | force logging to stderr while loading private key file | |
1380 | (lost while converting to new log-levels) | |
1381 | ||
4d195447 | 1382 | 19991116 |
1383 | - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com> | |
1384 | - Merged OpenBSD CVS changes: | |
1385 | - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] | |
1386 | [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] | |
1387 | the keysize of rsa-parameter 'n' is passed implizit, | |
1388 | a few more checks and warnings about 'pretended' keysizes. | |
1389 | - [cipher.c cipher.h packet.c packet.h sshd.c] | |
1390 | remove support for cipher RC4 | |
1391 | - [ssh.c] | |
1392 | a note for legay systems about secuity issues with permanently_set_uid(), | |
1393 | the private hostkey and ptrace() | |
1394 | - [sshconnect.c] | |
1395 | more detailed messages about adding and checking hostkeys | |
1396 | ||
dad9a31e | 1397 | 19991115 |
1398 | - Merged OpenBSD CVS changes: | |
1399 | - [ssh-add.c] change passphrase loop logic and remove ref to | |
1400 | $DISPLAY, ok niels | |
1401 | - Changed to ssh-add.c broke askpass support. Revised it to be a little more | |
1402 | modular. | |
1403 | - Revised autoconf support for enabling/disabling askpass support. | |
e7c0f9d5 | 1404 | - Merged more OpenBSD CVS changes: |
1405 | [auth-krb4.c] | |
1406 | - disconnect if getpeername() fails | |
1407 | - missing xfree(*client) | |
1408 | [canohost.c] | |
1409 | - disconnect if getpeername() fails | |
1410 | - fix comment: we _do_ disconnect if ip-options are set | |
1411 | [sshd.c] | |
1412 | - disconnect if getpeername() fails | |
1413 | - move checking of remote port to central place | |
1414 | [auth-rhosts.c] move checking of remote port to central place | |
1415 | [log-server.c] avoid extra fd per sshd, from millert@ | |
1416 | [readconf.c] print _all_ bad config-options in ssh(1), too | |
1417 | [readconf.h] print _all_ bad config-options in ssh(1), too | |
1418 | [ssh.c] print _all_ bad config-options in ssh(1), too | |
1419 | [sshconnect.c] disconnect if getpeername() fails | |
1420 | - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it. | |
c75a1a66 | 1421 | - Various small cleanups to bring diff (against OpenBSD) size down. |
f601d847 | 1422 | - Merged more Solaris compability from Marc G. Fournier |
1423 | <marc.fournier@acadiau.ca> | |
1424 | - Wrote autoconf tests for __progname symbol | |
8c119fd0 | 1425 | - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com> |
0c372277 | 1426 | - Released 1.2pre12 |
1427 | ||
1428 | - Another OpenBSD CVS update: | |
1429 | - [ssh-keygen.1] fix .Xr | |
dad9a31e | 1430 | |
92da7197 | 1431 | 19991114 |
1432 | - Solaris compilation fixes (still imcomplete) | |
1433 | ||
94f7bb9e | 1434 | 19991113 |
dd092f97 | 1435 | - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk> |
1436 | - Don't install config files if they already exist | |
1437 | - Fix inclusion of additional preprocessor directives from acconfig.h | |
94f7bb9e | 1438 | - Removed redundant inclusions of config.h |
e9c75a39 | 1439 | - Added 'Obsoletes' lines to RPM spec file |
94f7bb9e | 1440 | - Merged OpenBSD CVS changes: |
1441 | - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels | |
1442 | - [scp.c] fix overflow reported by damien@ibs.com.au: off_t | |
1443 | totalsize, ok niels,aaron | |
1444 | - Delay fork (-f option) in ssh until after port forwarded connections | |
1445 | have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi> | |
b2344d54 | 1446 | - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de> |
1447 | - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled | |
dd092f97 | 1448 | - Tidied default config file some more |
1449 | - Revised Redhat initscript to fix bug: sshd (re)start would fail | |
1450 | if executed from inside a ssh login. | |
94f7bb9e | 1451 | |
e35c1dc2 | 1452 | 19991112 |
1453 | - Merged changes from OpenBSD CVS | |
1454 | - [sshd.c] session_key_int may be zero | |
b4748e2f | 1455 | - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] |
1456 | IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok | |
1457 | deraadt,millert | |
1458 | - Brought default sshd_config more in line with OpenBSD's | |
547c9f30 | 1459 | - Grab server in gnome-ssh-askpass (Debian bug #49872) |
1460 | - Released 1.2pre10 | |
e35c1dc2 | 1461 | |
8bc7973f | 1462 | - Added INSTALL documentation |
6fa724bc | 1463 | - Merged yet more changes from OpenBSD CVS |
1464 | - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c] | |
1465 | [ssh.c ssh.h sshconnect.c sshd.c] | |
1466 | make all access to options via 'extern Options options' | |
1467 | and 'extern ServerOptions options' respectively; | |
1468 | options are no longer passed as arguments: | |
1469 | * make options handling more consistent | |
1470 | * remove #include "readconf.h" from ssh.h | |
1471 | * readconf.h is only included if necessary | |
1472 | - [mpaux.c] clear temp buffer | |
1473 | - [servconf.c] print _all_ bad options found in configfile | |
045672f9 | 1474 | - Make ssh-askpass support optional through autoconf |
59b0f0d4 | 1475 | - Fix nasty division-by-zero error in scp.c |
1476 | - Released 1.2pre11 | |
8bc7973f | 1477 | |
4cca272e | 1478 | 19991111 |
1479 | - Added (untested) Entropy Gathering Daemon (EGD) support | |
67d68e3a | 1480 | - Fixed /dev/urandom fd leak (Debian bug #49722) |
5bbb5681 | 1481 | - Merged OpenBSD CVS changes: |
1482 | - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too | |
1483 | - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too | |
1484 | - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too | |
505fed0a | 1485 | - Fix integer overflow which was messing up scp's progress bar for large |
3f1d9bcd | 1486 | file transfers. Fix submitted to OpenBSD developers. Report and fix |
1487 | from Kees Cook <cook@cpoint.net> | |
6a17f9c2 | 1488 | - Merged more OpenBSD CVS changes: |
1489 | - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() | |
1490 | + krb-cleanup cleanup | |
1491 | - [clientloop.c log-client.c log-server.c ] | |
1492 | [readconf.c readconf.h servconf.c servconf.h ] | |
1493 | [ssh.1 ssh.c ssh.h sshd.8] | |
1494 | add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, | |
1495 | obsoletes QuietMode and FascistLogging in sshd. | |
e35c1dc2 | 1496 | - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au: |
1497 | allow session_key_int != sizeof(session_key) | |
1498 | [this should fix the pre-assert-removal-core-files] | |
1499 | - Updated default config file to use new LogLevel option and to improve | |
1500 | readability | |
1501 | ||
f370266e | 1502 | 19991110 |
67d68e3a | 1503 | - Merged several minor fixes: |
f370266e | 1504 | - ssh-agent commandline parsing |
1505 | - RPM spec file now installs ssh setuid root | |
1506 | - Makefile creates libdir | |
4cca272e | 1507 | - Merged beginnings of Solaris compability from Marc G. Fournier |
1508 | <marc.fournier@acadiau.ca> | |
f370266e | 1509 | |
d4f11b59 | 1510 | 19991109 |
1511 | - Autodetection of SSL/Crypto library location via autoconf | |
1512 | - Fixed location of ssh-askpass to follow autoconf | |
1513 | - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk> | |
1514 | - Autodetection of RSAref library for US users | |
1515 | - Minor doc updates | |
560557bb | 1516 | - Merged OpenBSD CVS changes: |
1517 | - [rsa.c] bugfix: use correct size for memset() | |
1518 | - [sshconnect.c] warn if announced size of modulus 'n' != real size | |
f025becb | 1519 | - Added GNOME passphrase requestor (use --with-gnome-askpass) |
d397b172 | 1520 | - RPM build now creates subpackages |
aa51e7cc | 1521 | - Released 1.2pre9 |
d4f11b59 | 1522 | |
e1a9c08d | 1523 | 19991108 |
1524 | - Removed debian/ directory. This is now being maintained separately. | |
1525 | - Added symlinks for slogin in RPM spec file | |
1526 | - Fixed permissions on manpages in RPM spec file | |
1527 | - Added references to required libraries in README file | |
1528 | - Removed config.h.in from CVS | |
1529 | - Removed pwdb support (better pluggable auth is provided by glibc) | |
1530 | - Made PAM and requisite libdl optional | |
1531 | - Removed lots of unnecessary checks from autoconf | |
1532 | - Added support and autoconf test for openpty() function (Unix98 pty support) | |
1533 | - Fix for scp not finding ssh if not installed as /usr/bin/ssh | |
1534 | - Added TODO file | |
1535 | - Merged parts of Debian patch From Phil Hands <phil@hands.com>: | |
1536 | - Added ssh-askpass program | |
1537 | - Added ssh-askpass support to ssh-add.c | |
1538 | - Create symlinks for slogin on install | |
1539 | - Fix "distclean" target in makefile | |
1540 | - Added example for ssh-agent to manpage | |
1541 | - Added support for PAM_TEXT_INFO messages | |
1542 | - Disable internal /etc/nologin support if PAM enabled | |
1543 | - Merged latest OpenBSD CVS changes: | |
5bae4ab8 | 1544 | - [all] replace assert() with error, fatal or packet_disconnect |
e1a9c08d | 1545 | - [sshd.c] don't send fail-msg but disconnect if too many authentication |
1546 | failures | |
e1a9c08d | 1547 | - [sshd.c] remove unused argument. ok dugsong |
1548 | - [sshd.c] typo | |
1549 | - [rsa.c] clear buffers used for encryption. ok: niels | |
1550 | - [rsa.c] replace assert() with error, fatal or packet_disconnect | |
ade6fccd | 1551 | - [auth-krb4.c] remove unused argument. ok dugsong |
e1a9c08d | 1552 | - Fixed coredump after merge of OpenBSD rsa.c patch |
9010d60a | 1553 | - Released 1.2pre8 |
e1a9c08d | 1554 | |
3028328e | 1555 | 19991102 |
1556 | - Merged change from OpenBSD CVS | |
1557 | - One-line cleanup in sshd.c | |
1558 | ||
474832c5 | 1559 | 19991030 |
1560 | - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com> | |
69256d9d | 1561 | - Merged latest updates for OpenBSD CVS: |
1562 | - channels.[ch] - remove broken x11 fix and document istate/ostate | |
1563 | - ssh-agent.c - call setsid() regardless of argv[] | |
1564 | - ssh.c - save a few lines when disabling rhosts-{rsa-}auth | |
1565 | - Documentation cleanups | |
1566 | - Renamed README -> README.Ylonen | |
1567 | - Renamed README.openssh ->README | |
474832c5 | 1568 | |
339660f6 | 1569 | 19991029 |
1570 | - Renamed openssh* back to ssh* at request of Theo de Raadt | |
1571 | - Incorporated latest changes from OpenBSD's CVS | |
1572 | - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk> | |
1573 | - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | |
549b3eed | 1574 | - Make distclean now removed configure script |
1575 | - Improved PAM logging | |
1576 | - Added some debug() calls for PAM | |
4ecd19ea | 1577 | - Removed redundant subdirectories |
1578 | - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for | |
1579 | building on Debian. | |
242588e6 | 1580 | - Fixed off-by-one error in PAM env patch |
1581 | - Released 1.2pre6 | |
339660f6 | 1582 | |
5881cd60 | 1583 | 19991028 |
1584 | - Further PAM enhancements. | |
1585 | - Much cleaner | |
1586 | - Now uses account and session modules for all logins. | |
1587 | - Integrated patch from Dan Brosemer <odin@linuxfreak.com> | |
1588 | - Build fixes | |
1589 | - Autoconf | |
1590 | - Change binary names to open* | |
1591 | - Fixed autoconf script to detect PAM on RH6.1 | |
1592 | - Added tests for libpwdb, and OpenBSD functions to autoconf | |
221395b3 | 1593 | - Released 1.2pre4 |
fca82d2e | 1594 | |
1595 | - Imported latest OpenBSD CVS code | |
1596 | - Updated README.openssh | |
93f04616 | 1597 | - Released 1.2pre5 |
fca82d2e | 1598 | |
5881cd60 | 1599 | 19991027 |
1600 | - Adapted PAM patch. | |
1601 | - Released 1.0pre2 | |
1602 | ||
1603 | - Excised my buggy replacements for strlcpy and mkdtemp | |
1604 | - Imported correct OpenBSD strlcpy and mkdtemp routines. | |
1605 | - Reduced arc4random_stir entropy read to 32 bytes (256 bits) | |
1606 | - Picked up correct version number from OpenBSD | |
1607 | - Added sshd.pam PAM configuration file | |
1608 | - Added sshd.init Redhat init script | |
1609 | - Added openssh.spec RPM spec file | |
1610 | - Released 1.2pre3 | |
1611 | ||
1612 | 19991026 | |
1613 | - Fixed include paths of OpenSSL functions | |
1614 | - Use OpenSSL MD5 routines | |
1615 | - Imported RC4 code from nanocrypt | |
1616 | - Wrote replacements for OpenBSD arc4random* functions | |
1617 | - Wrote replacements for strlcpy and mkdtemp | |
1618 | - Released 1.0pre1 |