]>
Commit | Line | Data |
---|---|---|
0ce89457 | 1 | 20060131 |
2 | - (djm) OpenBSD CVS Sync | |
3 | - jmc@cvs.openbsd.org 2006/01/20 11:21:45 | |
4 | [ssh_config.5] | |
5 | - word change, agreed w/ markus | |
6 | - consistency fixes | |
ec63d7ce | 7 | - jmc@cvs.openbsd.org 2006/01/25 09:04:34 |
8 | [sshd.8] | |
9 | move the options description up the page, and a few additional tweaks | |
10 | whilst in here; | |
11 | ok markus | |
f464b2f1 | 12 | - jmc@cvs.openbsd.org 2006/01/25 09:07:22 |
13 | [sshd.8] | |
14 | move subsections to full sections; | |
b661b7fb | 15 | - jmc@cvs.openbsd.org 2006/01/26 08:47:56 |
16 | [ssh.1] | |
17 | add a section on verifying host keys in dns; | |
18 | written with a lot of help from jakob; | |
19 | feedback dtucker/markus; | |
20 | ok markus | |
d7b37427 | 21 | - reyk@cvs.openbsd.org 2006/01/30 12:22:22 |
22 | [channels.c] | |
23 | mark channel as write failed or dead instead of read failed on error | |
24 | of the channel output filter. | |
25 | ok markus@ | |
062d2977 | 26 | - jmc@cvs.openbsd.org 2006/01/30 13:37:49 |
27 | [ssh.1] | |
28 | remove an incorrect sentence; | |
29 | reported by roumen petrov; | |
30 | ok djm markus | |
4116f5c0 | 31 | - djm@cvs.openbsd.org 2006/01/31 10:19:02 |
32 | [misc.c misc.h scp.c sftp.c] | |
33 | fix local arbitrary command execution vulnerability on local/local and | |
34 | remote/remote copies (CVE-2006-0225, bz #1094), patch by | |
35 | t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ | |
b645ff66 | 36 | - (djm) Sync regress tests to OpenBSD: |
37 | - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 | |
38 | [regress/forwarding.sh] | |
39 | Regress test for ClearAllForwardings (bz #994); ok markus@ | |
9b347e5f | 40 | - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 |
41 | [regress/multiplex.sh] | |
42 | Don't call cleanup in multiplex as test-exec will cleanup anyway | |
43 | found by tim@, ok djm@ | |
44 | NB. ID sync only, we already had this | |
45 | - djm@cvs.openbsd.org 2005/05/20 23:14:15 | |
46 | [regress/test-exec.sh] | |
47 | force addressfamily=inet for tests, unbreaking dynamic-forward regress for | |
48 | recently committed nc SOCKS5 changes | |
9f22d634 | 49 | - djm@cvs.openbsd.org 2005/05/24 04:10:54 |
89deb4c2 | 50 | [regress/try-ciphers.sh] |
9f22d634 | 51 | oops, new arcfour modes here too |
89deb4c2 | 52 | - markus@cvs.openbsd.org 2005/06/30 11:02:37 |
53 | [regress/scp.sh] | |
54 | allow SUDO=sudo; from Alexander Bluhm | |
41f70006 | 55 | - grunk@cvs.openbsd.org 2005/11/14 21:25:56 |
56 | [regress/agent-getpeereid.sh] | |
57 | all other scripts in this dir use $SUDO, not 'sudo', so pull this even | |
58 | ok markus@ | |
0ce89457 | 59 | |
eeb27c78 | 60 | 20060129 |
61 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the | |
62 | opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ | |
63 | ||
16ad260d | 64 | 20060120 |
65 | - (dtucker) OpenBSD CVS Sync | |
66 | - jmc@cvs.openbsd.org 2006/01/15 17:37:05 | |
67 | [ssh.1] | |
68 | correction from deraadt | |
43a7d9e7 | 69 | - jmc@cvs.openbsd.org 2006/01/18 10:53:29 |
70 | [ssh.1] | |
71 | add a section on ssh-based vpn, based on reyk's README.tun; | |
db175906 | 72 | - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 |
73 | [scp.1 ssh.1 ssh_config.5 sftp.1] | |
74 | Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot | |
75 | #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ | |
16ad260d | 76 | |
aaa18db9 | 77 | 20060114 |
78 | - (djm) OpenBSD CVS Sync | |
79 | - jmc@cvs.openbsd.org 2006/01/06 13:27:32 | |
80 | [ssh.1] | |
81 | weed out some duplicate info in the known_hosts FILES entries; | |
82 | ok djm | |
5d7b356f | 83 | - jmc@cvs.openbsd.org 2006/01/06 13:29:10 |
84 | [ssh.1] | |
85 | final round of whacking FILES for duplicate info, and some consistency | |
86 | fixes; | |
87 | ok djm | |
dbb3bf96 | 88 | - jmc@cvs.openbsd.org 2006/01/12 14:44:12 |
89 | [ssh.1] | |
90 | split sections on tcp and x11 forwarding into two sections. | |
91 | add an example in the tcp section, based on sth i wrote for ssh faq; | |
92 | help + ok: djm markus dtucker | |
5d4e571c | 93 | - jmc@cvs.openbsd.org 2006/01/12 18:48:48 |
94 | [ssh.1] | |
95 | refer to `TCP' rather than `TCP/IP' in the context of connection | |
96 | forwarding; | |
97 | ok markus | |
e5d4cfad | 98 | - jmc@cvs.openbsd.org 2006/01/12 22:20:00 |
99 | [sshd.8] | |
100 | refer to TCP forwarding, rather than TCP/IP forwarding; | |
0b3950af | 101 | - jmc@cvs.openbsd.org 2006/01/12 22:26:02 |
102 | [ssh_config.5] | |
103 | refer to TCP forwarding, rather than TCP/IP forwarding; | |
c2da64a1 | 104 | - jmc@cvs.openbsd.org 2006/01/12 22:34:12 |
105 | [ssh.1] | |
106 | back out a sentence - AUTHENTICATION already documents this; | |
aaa18db9 | 107 | |
794febd2 | 108 | 20060109 |
109 | - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on | |
110 | tcpip service so it's always started after IP is up. Patch from | |
111 | vinschen at redhat.com. | |
112 | ||
0624a70b | 113 | 20060106 |
114 | - (djm) OpenBSD CVS Sync | |
115 | - jmc@cvs.openbsd.org 2006/01/03 16:31:10 | |
116 | [ssh.1] | |
117 | move FILES to a -compact list, and make each files an item in that list. | |
118 | this avoids nastly line wrap when we have long pathnames, and treats | |
119 | each file as a separate item; | |
120 | remove the .Pa too, since it is useless. | |
0502727e | 121 | - jmc@cvs.openbsd.org 2006/01/03 16:35:30 |
122 | [ssh.1] | |
123 | use a larger width for the ENVIRONMENT list; | |
f403d7b5 | 124 | - jmc@cvs.openbsd.org 2006/01/03 16:52:36 |
125 | [ssh.1] | |
126 | put FILES in some sort of order: sort by pathname | |
c0907b37 | 127 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 |
128 | [ssh.1] | |
129 | tweak the description of ~/.ssh/environment | |
f3119772 | 130 | - jmc@cvs.openbsd.org 2006/01/04 18:42:46 |
131 | [ssh.1] | |
132 | chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES | |
133 | entries; | |
134 | ok markus | |
6c276bb9 | 135 | - jmc@cvs.openbsd.org 2006/01/04 18:45:01 |
136 | [ssh.1] | |
137 | remove .Xr's to rsh(1) and telnet(1): they are hardly needed; | |
926f6a7a | 138 | - jmc@cvs.openbsd.org 2006/01/04 19:40:24 |
139 | [ssh.1] | |
140 | +.Xr ssh-keyscan 1 , | |
ccce91ef | 141 | - jmc@cvs.openbsd.org 2006/01/04 19:50:09 |
142 | [ssh.1] | |
143 | -.Xr gzip 1 , | |
db382686 | 144 | - djm@cvs.openbsd.org 2006/01/05 23:43:53 |
145 | [misc.c] | |
146 | check that stdio file descriptors are actually closed before clobbering | |
147 | them in sanitise_stdfd(). problems occurred when a lower numbered fd was | |
148 | closed, but higher ones weren't. spotted by, and patch tested by | |
149 | Frédéric Olivié | |
0624a70b | 150 | |
d3506f6d | 151 | 20060103 |
152 | - (djm) [channels.c] clean up harmless merge error, from reyk@ | |
153 | ||
79e46360 | 154 | 20060103 |
155 | - (djm) OpenBSD CVS Sync | |
156 | - jmc@cvs.openbsd.org 2006/01/02 17:09:49 | |
157 | [ssh_config.5 sshd_config.5] | |
158 | some corrections from michael knudsen; | |
159 | ||
6f6cd507 | 160 | 20060102 |
161 | - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support | |
4b5e6c81 | 162 | - (djm) OpenBSD CVS Sync |
163 | - jmc@cvs.openbsd.org 2005/12/31 10:46:17 | |
164 | [ssh.1] | |
165 | merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER | |
166 | AUTHENTICATION" sections into "AUTHENTICATION"; | |
167 | some rewording done to make the text read better, plus some | |
168 | improvements from djm; | |
169 | ok djm | |
b92605e1 | 170 | - jmc@cvs.openbsd.org 2005/12/31 13:44:04 |
171 | [ssh.1] | |
172 | clean up ENVIRONMENT a little; | |
20892533 | 173 | - jmc@cvs.openbsd.org 2005/12/31 13:45:19 |
174 | [ssh.1] | |
175 | .Nm does not require an argument; | |
1f1fbbd8 | 176 | - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 |
177 | [includes.h misc.c] | |
178 | move <net/if.h>; ok djm@ | |
81c042a3 | 179 | - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 |
180 | [misc.c] | |
181 | no trailing "\n" for debug() | |
3eee3b86 | 182 | - djm@cvs.openbsd.org 2006/01/02 01:20:31 |
183 | [sftp-client.c sftp-common.h sftp-server.c] | |
184 | use a common max. packet length, no binary change | |
b1b65311 | 185 | - reyk@cvs.openbsd.org 2006/01/02 07:53:44 |
186 | [misc.c] | |
187 | clarify tun(4) opening - set the mode and bring the interface up. also | |
188 | (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. | |
189 | suggested and ok by djm@ | |
d141c93d | 190 | - jmc@cvs.openbsd.org 2006/01/02 12:31:06 |
191 | [ssh.1] | |
192 | start to cut some duplicate info from FILES; | |
193 | help/ok djm | |
6f6cd507 | 194 | |
0f6cb079 | 195 | 20060101 |
196 | - (djm) [Makefile.in configure.ac includes.h misc.c] | |
197 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support | |
198 | for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is | |
199 | limited to IPv4 tunnels only, and most versions don't support the | |
200 | tap(4) device at all. | |
b5081213 | 201 | - (djm) [configure.ac] Fix linux/if_tun.h test |
3aef38da | 202 | - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too |
0f6cb079 | 203 | |
1908529f | 204 | 20051229 |
205 | - (djm) OpenBSD CVS Sync | |
206 | - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 | |
207 | [canohost.c channels.c clientloop.c] | |
208 | use 'break-in' for consistency; ok deraadt@ ok and input jmc@ | |
c1c6a032 | 209 | - reyk@cvs.openbsd.org 2005/12/30 15:56:37 |
210 | [channels.c channels.h clientloop.c] | |
211 | add channel output filter interface. | |
212 | ok djm@, suggested by markus@ | |
3da242db | 213 | - jmc@cvs.openbsd.org 2005/12/30 16:59:00 |
214 | [sftp.1] | |
215 | do not suggest that interactive authentication will work | |
216 | with the -b flag; | |
217 | based on a diff from john l. scarfone; | |
218 | ok djm | |
f470cf48 | 219 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 |
220 | [ssh.1] | |
221 | document -MM; ok djm@ | |
e914f53a | 222 | - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] |
223 | [serverloop.c ssh.c openbsd-compat/Makefile.in] | |
224 | [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding | |
225 | compatability support for Linux, diff from reyk@ | |
c40f09ca | 226 | - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does |
227 | not exist | |
d91775e1 | 228 | - (djm) [configure.ac] oops, make that linux/if_tun.h |
1908529f | 229 | |
b5c428f0 | 230 | 20051229 |
231 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd | |
232 | ||
6b0117fd | 233 | 20051224 |
234 | - (djm) OpenBSD CVS Sync | |
235 | - jmc@cvs.openbsd.org 2005/12/20 21:59:43 | |
236 | [ssh.1] | |
237 | merge the sections on protocols 1 and 2 into one section on | |
238 | authentication; | |
239 | feedback djm dtucker | |
240 | ok deraadt markus dtucker | |
5c5546be | 241 | - jmc@cvs.openbsd.org 2005/12/20 22:02:50 |
242 | [ssh.1] | |
243 | .Ss -> .Sh: subsections have not made this page more readable | |
e6c7c03e | 244 | - jmc@cvs.openbsd.org 2005/12/20 22:09:41 |
245 | [ssh.1] | |
246 | move info on ssh return values and config files up into the main | |
247 | description; | |
e49f7abd | 248 | - jmc@cvs.openbsd.org 2005/12/21 11:48:16 |
249 | [ssh.1] | |
250 | -L and -R descriptions are now above, not below, ~C description; | |
8770ef76 | 251 | - jmc@cvs.openbsd.org 2005/12/21 11:57:25 |
252 | [ssh.1] | |
253 | options now described `above', rather than `later'; | |
6e1e9c73 | 254 | - jmc@cvs.openbsd.org 2005/12/21 12:53:31 |
255 | [ssh.1] | |
256 | -Y does X11 forwarding too; | |
257 | ok markus | |
6cd6c442 | 258 | - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 |
259 | [sshd.8] | |
260 | clarify precedence of -p, Port, ListenAddress; ok and help jmc@ | |
0c9851b1 | 261 | - jmc@cvs.openbsd.org 2005/12/22 10:31:40 |
262 | [ssh_config.5] | |
263 | put the description of "UsePrivilegedPort" in the correct place; | |
9bf41db3 | 264 | - jmc@cvs.openbsd.org 2005/12/22 11:23:42 |
265 | [ssh.1] | |
266 | expand the description of -w somewhat; | |
267 | help/ok reyk | |
86131206 | 268 | - jmc@cvs.openbsd.org 2005/12/23 14:55:53 |
269 | [ssh.1] | |
270 | - sync the description of -e w/ synopsis | |
271 | - simplify the description of -I | |
272 | - note that -I is only available if support compiled in, and that it | |
273 | isn't by default | |
274 | feedback/ok djm@ | |
025fc42e | 275 | - jmc@cvs.openbsd.org 2005/12/23 23:46:23 |
276 | [ssh.1] | |
277 | less mark up for -c; | |
678143bd | 278 | - djm@cvs.openbsd.org 2005/12/24 02:27:41 |
279 | [session.c sshd.c] | |
280 | eliminate some code duplicated in privsep and non-privsep paths, and | |
281 | explicitly clear SIGALRM handler; "groovy" deraadt@ | |
6b0117fd | 282 | |
a2b1748a | 283 | 20051220 |
284 | - (dtucker) OpenBSD CVS Sync | |
285 | - reyk@cvs.openbsd.org 2005/12/13 15:03:02 | |
286 | [serverloop.c] | |
287 | if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY | |
442c8b33 | 288 | - jmc@cvs.openbsd.org 2005/12/16 18:07:08 |
289 | [ssh.1] | |
290 | move the option descriptions up the page: start of a restructure; | |
291 | ok markus deraadt | |
e426efa9 | 292 | - jmc@cvs.openbsd.org 2005/12/16 18:08:53 |
293 | [ssh.1] | |
294 | simplify a sentence; | |
28ca205d | 295 | - jmc@cvs.openbsd.org 2005/12/16 18:12:22 |
296 | [ssh.1] | |
297 | make the description of -c a little nicer; | |
a55c1733 | 298 | - jmc@cvs.openbsd.org 2005/12/16 18:14:40 |
299 | [ssh.1] | |
300 | signpost the protocol sections; | |
8918b906 | 301 | - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 |
302 | [ssh_config.5 session.c] | |
303 | spelling: fowarding, fowarded | |
551ed07c | 304 | - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 |
305 | [ssh_config.5] | |
306 | spelling: intented -> intended | |
3aa43b24 | 307 | - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 |
308 | [ssh.c] | |
309 | exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ | |
a2b1748a | 310 | |
e5146707 | 311 | 20051219 |
312 | - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac | |
313 | openbsd-compat/openssl-compat.h] Check for and work around broken AES | |
314 | ciphers >128bit on (some) Solaris 10 systems. ok djm@ | |
315 | ||
2f89281c | 316 | 20051217 |
317 | - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which | |
318 | scp.c also uses, so undef them here. | |
31b0732a | 319 | - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our |
320 | snprintf replacement can have a conflicting declaration in HP-UX's system | |
321 | headers (const vs. no const) so we now check for and work around it. Patch | |
322 | from the dynamic duo of David Leonard and Ted Percival. | |
2f89281c | 323 | |
9fed02d8 | 324 | 20051214 |
325 | - (dtucker) OpenBSD CVS Sync (regress/) | |
326 | - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 | |
327 | [regress/scp-ssh-wrapper.sh] | |
328 | Fix assumption about how many args scp will pass; ok djm@ | |
329 | ||
d7cf99ff | 330 | 20051213 |
331 | - (djm) OpenBSD CVS Sync | |
332 | - jmc@cvs.openbsd.org 2005/11/30 11:18:27 | |
333 | [ssh.1] | |
334 | timezone -> time zone | |
04ac3e62 | 335 | - jmc@cvs.openbsd.org 2005/11/30 11:45:20 |
336 | [ssh.1] | |
337 | avoid ambiguities in describing TZ; | |
338 | ok djm@ | |
d20f3c9e | 339 | - reyk@cvs.openbsd.org 2005/12/06 22:38:28 |
340 | [auth-options.c auth-options.h channels.c channels.h clientloop.c] | |
341 | [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] | |
342 | [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] | |
343 | [sshconnect.h sshd.8 sshd_config sshd_config.5] | |
344 | Add support for tun(4) forwarding over OpenSSH, based on an idea and | |
345 | initial channel code bits by markus@. This is a simple and easy way to | |
346 | use OpenSSH for ad hoc virtual private network connections, e.g. | |
347 | administrative tunnels or secure wireless access. It's based on a new | |
348 | ssh channel and works similar to the existing TCP forwarding support, | |
349 | except that it depends on the tun(4) network interface on both ends of | |
350 | the connection for layer 2 or layer 3 tunneling. This diff also adds | |
351 | support for LocalCommand in the ssh(1) client. | |
d20f3c9e | 352 | ok djm@, markus@, jmc@ (manpages), tested and discussed with others |
ceec33f3 | 353 | - djm@cvs.openbsd.org 2005/12/07 03:52:22 |
354 | [clientloop.c] | |
355 | reyk forgot to compile with -Werror (missing header) | |
985bb789 | 356 | - jmc@cvs.openbsd.org 2005/12/07 10:52:13 |
357 | [ssh.1] | |
358 | - avoid line split in SYNOPSIS | |
359 | - add args to -w | |
360 | - kill trailing whitespace | |
64925c6d | 361 | - jmc@cvs.openbsd.org 2005/12/08 14:59:44 |
362 | [ssh.1 ssh_config.5] | |
363 | make `!command' a little clearer; | |
364 | ok reyk | |
030723f9 | 365 | - jmc@cvs.openbsd.org 2005/12/08 15:06:29 |
366 | [ssh_config.5] | |
367 | keep options in order; | |
a4f24bf8 | 368 | - reyk@cvs.openbsd.org 2005/12/08 18:34:11 |
369 | [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] | |
370 | [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] | |
371 | two changes to the new ssh tunnel support. this breaks compatibility | |
372 | with the initial commit but is required for a portable approach. | |
373 | - make the tunnel id u_int and platform friendly, use predefined types. | |
374 | - support configuration of layer 2 (ethernet) or layer 3 | |
375 | (point-to-point, default) modes. configuration is done using the | |
376 | Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and | |
377 | restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option | |
378 | in sshd_config(5). | |
379 | ok djm@, man page bits by jmc@ | |
a274ba38 | 380 | - jmc@cvs.openbsd.org 2005/12/08 21:37:50 |
381 | [ssh_config.5] | |
382 | new sentence, new line; | |
b872f7f0 | 383 | - markus@cvs.openbsd.org 2005/12/12 13:46:18 |
384 | [channels.c channels.h session.c] | |
385 | make sure protocol messages for internal channels are ignored. | |
386 | allow adjust messages for non-open channels; with and ok djm@ | |
6306853a | 387 | - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable |
388 | again by providing a sys_tun_open() function for your platform and | |
389 | setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match | |
390 | OpenBSD's tunnel protocol, which prepends the address family to the | |
391 | packet | |
d7cf99ff | 392 | |
fbc06315 | 393 | 20051201 |
394 | - (djm) [envpass.sh] Remove regress script that was accidentally committed | |
395 | in top level directory and not noticed for over a year :) | |
396 | ||
6e94bd72 | 397 | 20051129 |
398 | - (tim) [ssh-keygen.c] Move DSA length test after setting default when | |
399 | bits == 0. | |
60dc0294 | 400 | - (dtucker) OpenBSD CVS Sync |
401 | - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 | |
402 | [ssh-keygen.c] | |
403 | Populate default key sizes before checking them; from & ok tim@ | |
e45da4d6 | 404 | - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) |
405 | for UnixWare. | |
6e94bd72 | 406 | |
b7bb251f | 407 | 20051128 |
408 | - (dtucker) [regress/yes-head.sh] Work around breakage caused by some | |
409 | versions of GNU head. Based on patch from zappaman at buraphalinux.org | |
8b396721 | 410 | - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use |
411 | _GNU_SOURCE instead. Patch from t8m at centrum.cz. | |
c6d7b211 | 412 | - (dtucker) OpenBSD CVS Sync |
413 | - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 | |
414 | [ssh-keygen.1 ssh-keygen.c] | |
415 | Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, | |
416 | increase minumum RSA key size to 768 bits and update man page to reflect | |
417 | these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), | |
418 | ok djm@, grudging ok deraadt@. | |
98e93fbc | 419 | - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 |
420 | [ssh-agent.1] | |
421 | Update agent socket path templates to reflect reality, correct xref for | |
422 | time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ | |
b7bb251f | 423 | |
961c2997 | 424 | 20051126 |
425 | - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, | |
426 | when they're available) need the real UID set otherwise pam_chauthtok will | |
427 | set ADMCHG after changing the password, forcing the user to change it | |
428 | again immediately. | |
429 | ||
ccc45ee0 | 430 | 20051125 |
431 | - (dtucker) [configure.ac] Apply tim's fix for older systems where the | |
432 | resolver state in resolv.h is "state" not "__res_state". With slight | |
433 | modification by me to also work on old AIXes. ok djm@ | |
419094c6 | 434 | - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for |
435 | snprintf formats, fixes warnings on some 64 bit platforms. Patch from | |
436 | shaw at vranix.com, ok djm@ | |
ccc45ee0 | 437 | |
438 | 20051124 | |
9a406e1e | 439 | - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c |
440 | openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an | |
441 | asprintf() implementation, after syncing our {v,}snprintf() implementation | |
442 | with some extra fixes from Samba's version. With help and debugging from | |
443 | dtucker and tim; ok dtucker@ | |
d08db6d1 | 444 | - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument |
445 | order in Reliant Unix block. Patch from johane at lysator.liu.se. | |
d77c7dff | 446 | - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so |
447 | many and use them only once. Speeds up testing on older/slower hardware. | |
9a406e1e | 448 | |
932ab351 | 449 | 20051122 |
450 | - (dtucker) OpenBSD CVS Sync | |
451 | - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 | |
452 | [ssh-add.c] | |
453 | space | |
29accf74 | 454 | - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 |
455 | [scp.c] | |
456 | avoid close(-1), as in rcp; ok cloder | |
a001f9d7 | 457 | - millert@cvs.openbsd.org 2005/11/15 11:59:54 |
458 | [includes.h] | |
459 | Include sys/queue.h explicitly instead of assuming some other header | |
460 | will pull it in. At the moment it gets pulled in by sys/select.h | |
461 | (which ssh has no business including) via event.h. OK markus@ | |
462 | (ID sync only in -portable) | |
426cef74 | 463 | - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 |
464 | [auth-krb5.c] | |
465 | Perform Kerberos calls even for invalid users to prevent leaking | |
466 | information about account validity. bz #975, patch originally from | |
467 | Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, | |
468 | ok markus@ | |
18f8ef7a | 469 | - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 |
470 | [hostfile.c] | |
471 | Correct format/arguments to debug call; spotted by shaw at vranix.com | |
472 | ok djm@ | |
dfde7f6e | 473 | - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch |
474 | from shaw at vranix.com. | |
932ab351 | 475 | |
60e10887 | 476 | 20051120 |
477 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what | |
478 | is going on. | |
479 | ||
4162eae5 | 480 | 20051112 |
481 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific | |
482 | ifdef lost during sync. Spotted by tim@. | |
f97dc218 | 483 | - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. |
eeee8237 | 484 | - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. |
23361281 | 485 | - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ |
29aaf112 | 486 | - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure |
487 | test: if sshd takes too long to reconfigure the subsequent connection will | |
488 | fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. | |
4162eae5 | 489 | |
e1658b5c | 490 | 20051110 |
b69585d9 | 491 | - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from |
e1658b5c | 492 | OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of |
493 | "register"). | |
b69585d9 | 494 | - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove |
7b2dcf21 | 495 | unnecessary prototype. |
b69585d9 | 496 | - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c |
497 | revs 1.7 - 1.9. | |
c080bed1 | 498 | - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. |
499 | Patch from djm@. | |
dbf07ba2 | 500 | - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ |
501 | since they're not useful right now. Patch from djm@. | |
242652fe | 502 | - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI |
503 | prototypes, removal of "register"). | |
432e59f9 | 504 | - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal |
505 | of "register"). | |
f6d4fb87 | 506 | - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to |
507 | after the copyright notices. Having them at the top next to the CVSIDs | |
508 | guarantees a conflict for each and every sync. | |
e4f65477 | 509 | - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. |
bfd4a832 | 510 | - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. |
bc16ca63 | 511 | - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. |
512 | Removal of rcsid, "whiteout" inode type. | |
7dfb4a82 | 513 | - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. |
514 | Removal of rcsid, will no longer strlcpy parts of the string. | |
d8922805 | 515 | - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. |
4ff445f1 | 516 | - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. |
e1829842 | 517 | - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. |
625552b8 | 518 | - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. |
a65ea33b | 519 | - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. |
b84a707a | 520 | - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. |
281bbb02 | 521 | - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. |
16d51c41 | 522 | - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up |
523 | with OpenBSD code since we don't support platforms without fstat any more. | |
b53df919 | 524 | - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. |
68b36828 | 525 | - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. |
526 | - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. | |
fc1c42f3 | 527 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. |
0695e921 | 528 | - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. |
3c8f7a26 | 529 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. |
5bf337a5 | 530 | - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. |
8c603515 | 531 | - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. |
c9d7b187 | 532 | - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. |
295034ce | 533 | - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. |
3e6325a6 | 534 | - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. |
535 | Id and copyright sync only, there were no substantial changes we need. | |
8d767ef2 | 536 | - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] |
6bd2d8e5 | 537 | -Wsign-compare fixes from djm. |
e1b4416e | 538 | - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. |
539 | Id and copyright sync only, there were no substantial changes we need. | |
cd595991 | 540 | - (dtucker) [configure.ac] Try to get the gcc version number in a way that |
541 | doesn't change between versions, and use a safer default. | |
e1658b5c | 542 | |
255d3e00 | 543 | 20051105 |
544 | - (djm) OpenBSD CVS Sync | |
545 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | |
546 | [ssh-keygen.c] | |
547 | change DSA default back to 1024, as it's defined for 1024 bits only | |
548 | and this causes interop problems with other clients. moreover, | |
549 | in order to improve the security of DSA you need to change more | |
550 | components of DSA key generation (e.g. the internal SHA1 hash); | |
551 | ok deraadt | |
8cd0437d | 552 | - djm@cvs.openbsd.org 2005/10/10 10:23:08 |
553 | [channels.c channels.h clientloop.c serverloop.c session.c] | |
554 | fix regression I introduced in 4.2: X11 forwardings initiated after | |
555 | a session has exited (e.g. "(sleep 5; xterm) &") would not start. | |
556 | bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ | |
442aee3a | 557 | - djm@cvs.openbsd.org 2005/10/11 23:37:37 |
558 | [channels.c] | |
559 | bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing | |
560 | bind() failure when a previous connection's listeners are in TIME_WAIT, | |
561 | reported by plattner AT inf.ethz.ch; ok dtucker@ | |
b96eade6 | 562 | - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 |
563 | [auth2-gss.c gss-genr.c gss-serv.c] | |
564 | remove unneeded #includes; ok markus@ | |
6e902aec | 565 | - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 |
566 | [gss-serv.c] | |
567 | spelling in comments | |
6472fefc | 568 | - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 |
569 | [gss-serv-krb5.c gss-serv.c] | |
570 | unused declarations; ok deraadt@ | |
571 | (id sync only for gss-serv-krb5.c) | |
adf8c40b | 572 | - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 |
573 | [dns.c] | |
574 | unneeded #include, unused declaration, little knf; ok deraadt@ | |
8442cc66 | 575 | - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 |
576 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c] | |
577 | KNF; ok djm@ | |
17318dd6 | 578 | - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 |
579 | [ssh-keygen.c ssh.c sshconnect2.c] | |
580 | no trailing "\n" for log functions; ok djm@ | |
8c4bd764 | 581 | - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 |
582 | [channels.c clientloop.c] | |
583 | free()->xfree(); ok djm@ | |
ed82a2a9 | 584 | - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 |
585 | [sshconnect.c] | |
586 | make external definition static; ok deraadt@ | |
7238b6e4 | 587 | - stevesk@cvs.openbsd.org 2005/10/17 13:45:05 |
588 | [dns.c] | |
589 | fix memory leaks from 2 sources: | |
590 | 1) key_fingerprint_raw() | |
591 | 2) malloc in dns_read_rdata() | |
592 | ok jakob@ | |
593 | - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 | |
594 | [dns.c] | |
595 | remove #ifdef LWRES; ok jakob@ | |
8374cf6f | 596 | - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 |
597 | [dns.c dns.h] | |
598 | more cleanups; ok jakob@ | |
6b0b0d65 | 599 | - djm@cvs.openbsd.org 2005/10/30 01:23:19 |
600 | [ssh_config.5] | |
601 | mention control socket fallback behaviour, reported by | |
602 | tryponraj AT gmail.com | |
2995db03 | 603 | - djm@cvs.openbsd.org 2005/10/30 04:01:03 |
604 | [ssh-keyscan.c] | |
605 | make ssh-keygen discard junk from server before SSH- ident, spotted by | |
606 | dave AT cirt.net; ok dtucker@ | |
aa9bc1de | 607 | - djm@cvs.openbsd.org 2005/10/30 04:03:24 |
608 | [ssh.c] | |
609 | fix misleading debug message; ok dtucker@ | |
3a85986d | 610 | - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 |
611 | [canohost.c sshd.c] | |
612 | Check for connections with IP options earlier and drop silently. ok djm@ | |
db98627d | 613 | - jmc@cvs.openbsd.org 2005/10/30 08:43:47 |
614 | [ssh_config.5] | |
615 | remove trailing whitespace; | |
7b9b0103 | 616 | - djm@cvs.openbsd.org 2005/10/30 08:52:18 |
617 | [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] | |
618 | [ssh.c sshconnect.c sshconnect1.c sshd.c] | |
619 | no need to escape single quotes in comments, no binary change | |
bdd3b323 | 620 | - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 |
621 | [sftp.c] | |
622 | Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ | |
882c9d5a | 623 | - djm@cvs.openbsd.org 2005/10/31 11:12:49 |
624 | [ssh-keygen.1 ssh-keygen.c] | |
625 | generate a protocol 2 RSA key by default | |
6af12d46 | 626 | - djm@cvs.openbsd.org 2005/10/31 11:48:29 |
627 | [serverloop.c] | |
628 | make sure we clean up wtmp, etc. file when we receive a SIGTERM, | |
629 | SIGINT or SIGQUIT when running without privilege separation (the | |
630 | normal privsep case is already OK). Patch mainly by dtucker@ and | |
631 | senthilkumar_sen AT hotpop.com; ok dtucker@ | |
3543c5e1 | 632 | - jmc@cvs.openbsd.org 2005/10/31 19:55:25 |
633 | [ssh-keygen.1] | |
634 | grammar; | |
0bbbf2a4 | 635 | - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 |
636 | [canohost.c] | |
637 | Cache reverse lookups with and without DNS separately; ok markus@ | |
47e5dc72 | 638 | - djm@cvs.openbsd.org 2005/11/04 05:15:59 |
639 | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] | |
640 | remove hardcoded hash lengths in key exchange code, allowing | |
641 | implementation of KEX methods with different hashes (e.g. SHA-256); | |
642 | ok markus@ dtucker@ stevesk@ | |
27e3ef36 | 643 | - djm@cvs.openbsd.org 2005/11/05 05:01:15 |
644 | [bufaux.c] | |
645 | Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT | |
646 | cs.stanford.edu; ok dtucker@ | |
e557f3b5 | 647 | - (dtucker) [README.platform] Add PAM section. |
ebb049f1 | 648 | - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, |
649 | resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; | |
650 | ok dtucker@ | |
255d3e00 | 651 | |
bd2a0801 | 652 | 20051102 |
653 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | |
654 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | |
655 | via FreeBSD. | |
656 | ||
5097eaa9 | 657 | 20051030 |
658 | - (djm) [contrib/suse/openssh.spec contrib/suse/rc. | |
659 | sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init | |
660 | files from imorgan AT nas.nasa.gov | |
0a61a240 | 661 | - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is |
662 | enabled, instead allow PAM to handle it. Note that on platforms using PAM, | |
663 | the pam_nologin module should be added to sshd's session stack in order to | |
664 | maintain exising behaviour. Based on patch and discussion from t8m at | |
665 | centrum.cz, ok djm@ | |
5097eaa9 | 666 | |
90f15776 | 667 | 20051025 |
668 | - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the | |
669 | sizeof(long long) checks, to make fixing bug #1104 easier (no changes | |
670 | yet). | |
d75dfaa6 | 671 | - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't |
672 | understand "%lld", even though the compiler has "long long", so handle | |
673 | it as a special case. Patch tested by mcaskill.scott at epa.gov. | |
b8bc9d84 | 674 | - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no |
675 | prompt. Patch from vinschen at redhat.com. | |
90f15776 | 676 | |
b0e7249f | 677 | 20051017 |
678 | - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. | |
679 | /etc/default/login report and testing from aabaker at iee.org, corrections | |
680 | from tim@. | |
681 | ||
8034a348 | 682 | 20051009 |
683 | - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current | |
684 | versions from OpenBSD. ok djm@ | |
685 | ||
83f987c3 | 686 | 20051008 |
687 | - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from | |
688 | brian.smith at agilent com. | |
1012885d | 689 | - (djm) [configure.ac] missing 'test' call for -with-Werror test |
83f987c3 | 690 | |
278f9900 | 691 | 20051005 |
692 | - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended | |
693 | "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and | |
694 | senthilkumar_sen at hotpop.com. | |
695 | ||
59e5aff5 | 696 | 20051003 |
697 | - (dtucker) OpenBSD CVS Sync | |
698 | - markus@cvs.openbsd.org 2005/09/07 08:53:53 | |
699 | [channels.c] | |
700 | enforce chanid != NULL; ok djm | |
b5443199 | 701 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 |
702 | [clientloop.c] | |
703 | typo; from mark at mcs.vuw.ac.nz, bug #1082 | |
fd6168c1 | 704 | - djm@cvs.openbsd.org 2005/09/13 23:40:07 |
705 | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c | |
706 | scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] | |
707 | ensure that stdio fds are attached; ok deraadt@ | |
5ddc5eb4 | 708 | - djm@cvs.openbsd.org 2005/09/19 11:37:34 |
709 | [ssh_config.5 ssh.1] | |
710 | mention ability to specify bind_address for DynamicForward and -D options; | |
711 | bz#1077 spotted by Haruyama Seigo | |
d77dd4d7 | 712 | - djm@cvs.openbsd.org 2005/09/19 11:47:09 |
713 | [sshd.c] | |
714 | stop connection abort on rekey with delayed compression enabled when | |
715 | post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ | |
67003554 | 716 | - djm@cvs.openbsd.org 2005/09/19 11:48:10 |
717 | [gss-serv.c] | |
718 | typo | |
37c406a8 | 719 | - jmc@cvs.openbsd.org 2005/09/19 15:38:27 |
720 | [ssh.1] | |
721 | some more .Bk/.Ek to avoid ugly line split; | |
80e29ee6 | 722 | - jmc@cvs.openbsd.org 2005/09/19 15:42:44 |
723 | [ssh.c] | |
724 | update -D usage here too; | |
2915e42b | 725 | - djm@cvs.openbsd.org 2005/09/19 23:31:31 |
726 | [ssh.1] | |
727 | spelling nit from stevesk@ | |
0d3d1077 | 728 | - djm@cvs.openbsd.org 2005/09/21 23:36:54 |
729 | [sshd_config.5] | |
730 | aquire -> acquire, from stevesk@ | |
ae25711b | 731 | - djm@cvs.openbsd.org 2005/09/21 23:37:11 |
732 | [sshd.c] | |
733 | change label at markus@'s request | |
8f921a4a | 734 | - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 |
735 | [ssh-keyscan.1] | |
736 | deploy .An -nosplit; ok jmc | |
d2130e1f | 737 | - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 |
738 | [canohost.c] | |
739 | Relocate check_ip_options call to prevent logging of garbage for | |
740 | connections with IP options set. bz#1092 from David Leonard, | |
741 | "looks good" deraadt@ | |
1172d361 | 742 | - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp |
743 | is required in the system path for the multiplex test to work. | |
59e5aff5 | 744 | |
bfd17430 | 745 | 20050930 |
746 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype | |
747 | for strtoll. Patch from o.flebbe at science-computing.de. | |
cfb60d3a | 748 | - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep |
749 | child during PAM account check without clearing it. This restores the | |
750 | post-login warnings such as LDAP password expiry. Patch from Tomas Mraz | |
751 | with help from several others. | |
bfd17430 | 752 | |
140da888 | 753 | 20050929 |
754 | - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg | |
755 | introduced during sync. | |
756 | ||
4ebacf50 | 757 | 20050928 |
758 | - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. | |
cafa6a80 | 759 | - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from |
760 | PAM via keyboard-interactive. Patch tested by the folks at Vintela. | |
4ebacf50 | 761 | |
759ab0d9 | 762 | 20050927 |
763 | - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid | |
764 | calls, since they can't possibly fail. ok djm@ | |
72f02ae7 | 765 | - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed |
766 | process when sshd relies on ssh-random-helper. Should result in faster | |
767 | logins on systems without a real random device or prngd. ok djm@ | |
759ab0d9 | 768 | |
b6c37221 | 769 | 20050924 |
770 | - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove | |
771 | duplicate call. ok djm@ | |
772 | ||
bb116c8e | 773 | 20050922 |
774 | - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from | |
775 | skeleten at shillest.net. | |
e47fb473 | 776 | - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at |
777 | shillest.net. | |
bb116c8e | 778 | |
3466e002 | 779 | 20050919 |
780 | - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to | |
781 | AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. | |
f666dcfa | 782 | ok dtucker@ |
3466e002 | 783 | |
f5555364 | 784 | 20050912 |
785 | - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by | |
786 | Mike Frysinger. | |
787 | ||
d2a3abef | 788 | 20050908 |
789 | - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to | |
790 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | |
791 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | |
792 | ||
b81ad920 | 793 | 20050901 |
794 | - (djm) Update RPM spec file versions | |
795 | ||
26d07095 | 796 | 20050831 |
fe206de9 | 797 | - (djm) OpenBSD CVS Sync |
798 | - djm@cvs.openbsd.org 2005/08/30 22:08:05 | |
799 | [gss-serv.c sshconnect2.c] | |
800 | destroy credentials if krb5_kuserok() call fails. Stops credentials being | |
801 | delegated to users who are not authorised for GSSAPIAuthentication when | |
802 | GSSAPIDeletegateCredentials=yes and another authentication mechanism | |
803 | succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by | |
804 | simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ | |
ce08c00d | 805 | - markus@cvs.openbsd.org 2005/08/31 09:28:42 |
806 | [version.h] | |
807 | 4.2 | |
0b6fb0e4 | 808 | - (dtucker) [README] Update release note URL to 4.2 |
26d07095 | 809 | - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c |
810 | openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable | |
811 | libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). | |
812 | Feedback and OK dtucker@ | |
fe206de9 | 813 | |
d7d2cc6e | 814 | 20050830 |
815 | - (tim) [configure.ac] Back out last change. It needs to be done differently. | |
816 | ||
e718811a | 817 | 20050829 |
818 | - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long | |
819 | password support to 7.x for now. | |
820 | ||
4c653d8e | 821 | 20050826 |
822 | - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c | |
823 | openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h | |
824 | openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c | |
825 | openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) | |
826 | on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing | |
827 | by tim@. Feedback and OK dtucker@ | |
828 | ||
6177fa47 | 829 | 20050823 |
830 | - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- | |
831 | qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" | |
832 | and "//foo" to be different. Spotted by vinschen at redhat.com. | |
2127ad65 | 833 | - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements |
834 | and OK dtucker@ | |
835 | - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ | |
6177fa47 | 836 | |
157b6700 | 837 | 20050821 |
838 | - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for | |
839 | LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ | |
840 | ||
879abf01 | 841 | 20050816 |
9665ff9d | 842 | - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE, |
879abf01 | 843 | from Jacob Nevins; ok dtucker@ |
844 | ||
a345f787 | 845 | 20050815 |
d92622f9 | 846 | - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT |
847 | - (tim) [configure.ac] corrections to libedit tests. Report and patches | |
848 | by skeleten AT shillest.net | |
a345f787 | 849 | |
4145cbfa | 850 | 20050812 |
851 | - (djm) OpenBSD CVS Sync | |
852 | - markus@cvs.openbsd.org 2005/07/28 17:36:22 | |
853 | [packet.c] | |
854 | missing packet_init_compression(); from solar | |
7c840747 | 855 | - djm@cvs.openbsd.org 2005/07/30 01:26:16 |
856 | [ssh.c] | |
857 | fix -D listen_host initialisation, so it picks up gateway_ports setting | |
858 | correctly | |
4c38e9c6 | 859 | - djm@cvs.openbsd.org 2005/07/30 02:03:47 |
860 | [readconf.c] | |
861 | listen_hosts initialisation here too; spotted greg AT y2005.nest.cx | |
91135a0e | 862 | - dtucker@cvs.openbsd.org 2005/08/06 10:03:12 |
863 | [servconf.c] | |
864 | Unbreak sshd ListenAddress for bare IPv6 addresses. | |
a83bd8eb | 865 | Report from Janusz Mucka; ok djm@ |
0aa1cc4b | 866 | - jaredy@cvs.openbsd.org 2005/08/08 13:22:48 |
867 | [sftp.c] | |
868 | sftp prompt enhancements: | |
869 | - in non-interactive mode, do not print an empty prompt at the end | |
870 | before finishing | |
871 | - print newline after EOF in editline mode | |
872 | - call el_end() in editline mode | |
873 | ok dtucker djm | |
4145cbfa | 874 | |
f47ddccb | 875 | 20050810 |
876 | - (dtucker) [configure.ac] Test libedit library and headers for compatibility. | |
877 | Report from skeleten AT shillest.net, ok djm@ | |
1a9ecc62 | 878 | - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] |
879 | Sync current (thread-safe) version of realpath.c from OpenBSD (which is | |
880 | in turn based on FreeBSD's). ok djm@ | |
f47ddccb | 881 | |
a2b3321d | 882 | 20050809 |
883 | - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ | |
884 | Report by skeleten AT shillest.net | |
885 | ||
45b12bc8 | 886 | 20050803 |
887 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines | |
888 | individually and use a value less likely to collide with real values from | |
889 | netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ | |
adb40e59 | 890 | - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the |
891 | latter is specified in the standard. | |
45b12bc8 | 892 | |
a056dfa2 | 893 | 20050802 |
894 | - (dtucker) OpenBSD CVS Sync | |
895 | - dtucker@cvs.openbsd.org 2005/07/27 10:39:03 | |
896 | [scp.c hostfile.c sftp-client.c] | |
897 | Silence bogus -Wuninitialized warnings; ok djm@ | |
af40ca44 | 898 | - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling |
899 | with gcc. ok djm@ | |
ed89c848 | 900 | - (dtucker) [configure.ac] Add a --with-Werror option to configure for |
901 | adding -Werror to CFLAGS when all of the configure tests are done. ok djm@ | |
a056dfa2 | 902 | |
6090bcfe | 903 | 20050726 |
904 | - (dtucker) [configure.ac] Update zlib warning message too, pointed out by | |
905 | tim@. | |
05c25368 | 906 | - (djm) OpenBSD CVS Sync |
907 | - otto@cvs.openbsd.org 2005/07/19 15:32:26 | |
908 | [auth-passwd.c] | |
909 | auth_usercheck(3) can return NULL, so check for that. Report from | |
910 | mpech@. ok markus@ | |
07200973 | 911 | - markus@cvs.openbsd.org 2005/07/25 11:59:40 |
912 | [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] | |
913 | [sshconnect2.c sshd.c sshd_config sshd_config.5] | |
914 | add a new compression method that delays compression until the user | |
915 | has been authenticated successfully and set compression to 'delayed' | |
916 | for sshd. | |
917 | this breaks older openssh clients (< 3.5) if they insist on | |
918 | compression, so you have to re-enable compression in sshd_config. | |
919 | ok djm@ | |
6090bcfe | 920 | |
0072b59d | 921 | 20050725 |
922 | - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096. | |
923 | ||
56964485 | 924 | 20050717 |
925 | - OpenBSD CVS Sync | |
926 | - djm@cvs.openbsd.org 2005/07/16 01:35:24 | |
927 | [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] | |
928 | [sshconnect.c] | |
929 | spacing | |
d1cf9a87 | 930 | - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] |
931 | [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL | |
932 | in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") | |
ed9e8be3 | 933 | - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line |
d08341e6 | 934 | - djm@cvs.openbsd.org 2005/07/17 06:49:04 |
935 | [channels.c channels.h session.c session.h] | |
936 | Fix a number of X11 forwarding channel leaks: | |
937 | 1. Refuse multiple X11 forwarding requests on the same session | |
938 | 2. Clean up all listeners after a single_connection X11 forward, not just | |
939 | the one that made the single connection | |
940 | 3. Destroy X11 listeners when the session owning them goes away | |
941 | testing and ok dtucker@ | |
4e2e5cfd | 942 | - djm@cvs.openbsd.org 2005/07/17 07:17:55 |
943 | [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] | |
944 | [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] | |
945 | [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] | |
946 | [sshconnect.c sshconnect2.c] | |
947 | knf says that a 2nd level indent is four (not three or five) spaces | |
98c044d0 | 948 | -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c] |
949 | [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too | |
a1a073cc | 950 | - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls |
951 | ||
5d001c70 | 952 | 20050716 |
953 | - (dtucker) [auth-pam.c] Ensure that only one side of the authentication | |
954 | socketpair stays open on in both the monitor and PAM process. Patch from | |
955 | Joerg Sonnenberger. | |
956 | ||
143f17e8 | 957 | 20050714 |
958 | - (dtucker) OpenBSD CVS Sync | |
959 | - dtucker@cvs.openbsd.org 2005/07/06 09:33:05 | |
960 | [ssh.1] | |
961 | clarify meaning of ssh -b ; with & ok jmc@ | |
6381acf0 | 962 | - dtucker@cvs.openbsd.org 2005/07/08 09:26:18 |
963 | [misc.c] | |
964 | Make comment match code; ok djm@ | |
cee6ad3d | 965 | - markus@cvs.openbsd.org 2005/07/08 09:41:33 |
966 | [channels.h] | |
967 | race when efd gets closed while there is still buffered data: | |
968 | change CHANNEL_EFD_OUTPUT_ACTIVE() | |
969 | 1) c->efd must always be valid AND | |
970 | 2a) no EOF has been seen OR | |
971 | 2b) there is buffered data | |
972 | report, initial fix and testing Chuck Cranor | |
1a8521be | 973 | - dtucker@cvs.openbsd.org 2005/07/08 10:20:41 |
974 | [ssh_config.5] | |
975 | change BindAddress to match recent ssh -b change; prompted by markus@ | |
82b7531b | 976 | - jmc@cvs.openbsd.org 2005/07/08 12:53:10 |
977 | [ssh_config.5] | |
978 | new sentence, new line; | |
8912ae0e | 979 | - dtucker@cvs.openbsd.org 2005/07/14 04:00:43 |
980 | [misc.h] | |
981 | use __sentinel__ attribute; ok deraadt@ djm@ markus@ | |
5b7b5e23 | 982 | - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the |
983 | compiler doesn't understand it to prevent warnings. If any mainstream | |
984 | compiler versions acquire it we can test for those versions. Based on | |
985 | discussion with djm@. | |
143f17e8 | 986 | |
937eb918 | 987 | 20050707 |
6f602461 | 988 | - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for |
989 | the MIT Kerberos code path into a common function and expand mkstemp | |
990 | template to be consistent with the rest of OpenSSH. From sxw at | |
991 | inf.ed.ac.uk, ok djm@ | |
992 | - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno | |
993 | in the case where the buffer is insufficient, so always return ENOMEM. | |
994 | Also pointed out by sxw at inf.ed.ac.uk. | |
a5ca055b | 995 | - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove |
996 | calls to krb5_init_ets, which has not been required since krb-1.1.x and | |
997 | most Kerberos versions no longer export in their public API. From sxw | |
998 | at inf.ed.ac.uk, ok djm@ | |
937eb918 | 999 | |
38946c65 | 1000 | 20050706 |
1001 | - (djm) OpenBSD CVS Sync | |
1002 | - markus@cvs.openbsd.org 2005/07/01 13:19:47 | |
1003 | [channels.c] | |
1004 | don't free() if getaddrinfo() fails; report mpech@ | |
ef07103c | 1005 | - djm@cvs.openbsd.org 2005/07/04 00:58:43 |
1006 | [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] | |
1007 | implement support for X11 and agent forwarding over multiplex slave | |
1008 | connections. Because of protocol limitations, the slave connections inherit | |
1009 | the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding | |
1010 | their own. | |
1011 | ok dtucker@ "put it in" deraadt@ | |
d313869b | 1012 | - jmc@cvs.openbsd.org 2005/07/04 11:29:51 |
1013 | [ssh_config.5] | |
1014 | fix Xr and a little grammar; | |
4297b666 | 1015 | - markus@cvs.openbsd.org 2005/07/04 14:04:11 |
1016 | [channels.c] | |
1017 | don't forget to set x11_saved_display | |
38946c65 | 1018 | |
c1cbe68a | 1019 | 20050626 |
1020 | - (djm) OpenBSD CVS Sync | |
1021 | - djm@cvs.openbsd.org 2005/06/17 22:53:47 | |
1022 | [ssh.c sshconnect.c] | |
1023 | Fix ControlPath's %p expanding to "0" for a default port, | |
1024 | spotted dwmw2 AT infradead.org; ok markus@ | |
699255b5 | 1025 | - djm@cvs.openbsd.org 2005/06/18 04:30:36 |
1026 | [ssh.c ssh_config.5] | |
1027 | allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@ | |
de574442 | 1028 | - djm@cvs.openbsd.org 2005/06/25 22:47:49 |
1029 | [ssh.c] | |
f542faee | 1030 | do the default port filling code a few lines earlier, so it really |
1031 | does fix %p | |
c1cbe68a | 1032 | |
8485ce56 | 1033 | 20050618 |
1034 | - (djm) OpenBSD CVS Sync | |
1035 | - djm@cvs.openbsd.org 2005/05/20 12:57:01; | |
1036 | [auth1.c] split protocol 1 auth methods into separate functions, makes | |
1037 | authloop much more readable; fixes and ok markus@ (portable ok & | |
1038 | polish dtucker@) | |
a375df46 | 1039 | - djm@cvs.openbsd.org 2005/06/17 02:44:33 |
1040 | [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@ | |
44d71ad5 | 1041 | - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable, |
1042 | tested and fixes tim@ | |
8485ce56 | 1043 | |
9bf083eb | 1044 | 20050617 |
1045 | - (djm) OpenBSD CVS Sync | |
1046 | - djm@cvs.openbsd.org 2005/06/16 03:38:36 | |
1047 | [channels.c channels.h clientloop.c clientloop.h ssh.c] | |
1048 | move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd | |
1049 | easier later; ok deraadt@ | |
29798ed0 | 1050 | - markus@cvs.openbsd.org 2005/06/16 08:00:00 |
1051 | [canohost.c channels.c sshd.c] | |
1052 | don't exit if getpeername fails for forwarded ports; bugzilla #1054; | |
1053 | ok djm | |
2ceb8101 | 1054 | - djm@cvs.openbsd.org 2005/06/17 02:44:33 |
1055 | [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] | |
1056 | [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] | |
1057 | [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] | |
1058 | [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] | |
1059 | [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] | |
1060 | make this -Wsign-compare clean; ok avsm@ markus@ | |
1061 | NB. auth1.c changes not committed yet (conflicts with uncommitted sync) | |
1062 | NB2. more work may be needed to make portable Wsign-compare clean | |
601b831d | 1063 | - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h |
1064 | openbsd-compat/openssl-compat.c] only include openssl compat stuff where | |
1065 | it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by | |
1066 | and ok tim@ | |
9bf083eb | 1067 | |
826563dc | 1068 | 20050616 |
1069 | - (djm) OpenBSD CVS Sync | |
1070 | - jaredy@cvs.openbsd.org 2005/06/07 13:25:23 | |
1071 | [progressmeter.c] | |
1072 | catch SIGWINCH and resize progress meter accordingly; ok markus dtucker | |
a980cbd7 | 1073 | - djm@cvs.openbsd.org 2005/06/06 11:20:36 |
1074 | [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] | |
1075 | introduce a generic %foo expansion function. replace existing % expansion | |
1076 | and add expansion to ControlPath; ok markus@ | |
60dacb4b | 1077 | - djm@cvs.openbsd.org 2005/06/08 03:50:00 |
1078 | [ssh-keygen.1 ssh-keygen.c sshd.8] | |
1079 | increase default rsa/dsa key length from 1024 to 2048 bits; | |
1080 | ok markus@ deraadt@ | |
9dfd96d6 | 1081 | - djm@cvs.openbsd.org 2005/06/08 11:25:09 |
1082 | [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] | |
1083 | add ControlMaster=auto/autoask options to support opportunistic | |
1084 | multiplexing; tested avsm@ and jakob@, ok markus@ | |
495795e1 | 1085 | - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 |
1086 | [cipher.c] | |
1087 | Correctly initialize end of array sentinel; ok djm@ | |
1088 | (Id sync only, change already in portable) | |
826563dc | 1089 | |
52607c0f | 1090 | 20050609 |
1091 | - (dtucker) [cipher.c openbsd-compat/Makefile.in | |
bedeeedc | 1092 | openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}] |
52607c0f | 1093 | Move compatibility code for supporting older OpenSSL versions to the |
1094 | compat layer. Suggested by and "no objection" djm@ | |
1095 | ||
343ba2ce | 1096 | 20050607 |
1097 | - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: | |
1098 | in today's episode we attempt to coax it from limits.h where it may be | |
1099 | hiding, failing that we take the DIY approach. Tested by tim@ | |
1100 | ||
dfafb2e1 | 1101 | 20050603 |
1102 | - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't | |
1103 | defined, and check that it helps before keeping it in CFLAGS. Some old | |
1104 | gcc's don't set an error code when encountering an unknown value in -std. | |
1105 | Found and tested by tim@. | |
76e6410a | 1106 | - (dtucker) [configure.ac] Point configure's reporting address at the |
1107 | openssh-unix-dev list. ok tim@ djm@ | |
dfafb2e1 | 1108 | |
b5765e1d | 1109 | 20050602 |
1110 | - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h. | |
1111 | Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms | |
1112 | to skip builtin standard includes tests. (first AC_CHECK_HEADERS test | |
1113 | must be run on all platforms) Add missing ;; to case statement. OK dtucker@ | |
1114 | ||
1c829da5 | 1115 | 20050601 |
1116 | - (dtucker) [configure.ac] Look for _getshort and _getlong in | |
1117 | arpa/nameser.h. | |
1e29a0c8 | 1118 | - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] |
1119 | Add strtoll to the compat library, from OpenBSD. | |
8f4ab41b | 1120 | - (dtucker) OpenBSD CVS Sync |
1121 | - avsm@cvs.openbsd.org 2005/05/26 02:08:05 | |
1122 | [scp.c] | |
1123 | If copying multiple files to a target file (which normally fails, as it | |
1124 | must be a target directory), kill the spawned ssh child before exiting. | |
1125 | This stops it trying to authenticate and spewing lots of output. | |
1126 | deraadt@ ok | |
2a1995a3 | 1127 | - dtucker@cvs.openbsd.org 2005/05/26 09:08:12 |
1128 | [ssh-keygen.c] | |
1129 | uint32_t -> u_int32_t for consistency; ok djm@ | |
19186c3d | 1130 | - djm@cvs.openbsd.org 2005/05/27 08:30:37 |
1131 | [ssh.c] | |
1132 | fix -O for cases where no ControlPath has been specified or socket at | |
1133 | ControlPath is not contactable; spotted by and ok avsm@ | |
32560f07 | 1134 | - (tim) [config.guess config.sub] Update to '2005-05-27' version. |
822015dd | 1135 | - (tim) [configure.ac] set TEST_SHELL for OpenServer 6 |
1c829da5 | 1136 | |
736ea7c1 | 1137 | 20050531 |
1138 | - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at | |
1139 | vintela.com. | |
cbcabe98 | 1140 | - (dtucker) [mdoc2man.awk] Teach it to understand .Ox. |
736ea7c1 | 1141 | |
1142 | 20050530 | |
1143 | - (dtucker) [README] Link to new release notes. Beter late than never... | |
1144 | ||
c8ed2130 | 1145 | 20050529 |
1146 | - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the | |
1147 | argument to passwdexpired to be initialized to NULL. Suggested by tim@ | |
1148 | While at it, initialize the other arguments to auth functions in case they | |
1149 | ever acquire this behaviour. | |
5700232d | 1150 | - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. |
ec7f28f2 | 1151 | - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message, |
1152 | spotted by tim@. | |
c8ed2130 | 1153 | |
b04a9f8c | 1154 | 20050528 |
1155 | - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have | |
1156 | one entry per line to make it easier to merge changes. ok djm@ | |
0957c2cf | 1157 | - (dtucker) [configure.ac] strsep() may be defined in string.h, so check |
1158 | for its presence and include it in the strsep check. | |
25dd2ce6 | 1159 | - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for |
1160 | its presence before doing AC_FUNC_GETPGRP. | |
7d458c86 | 1161 | - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor |
1162 | version-specific variations as required. | |
1c1ecbc8 | 1163 | - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as |
1164 | per the autoconf man page. Configure should always define them but it | |
1165 | doesn't hurt to check. | |
b04a9f8c | 1166 | |
39ff6527 | 1167 | 20050527 |
1168 | - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by | |
1169 | David Leach; ok dtucker@ | |
35fc74ed | 1170 | - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c |
1171 | openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. | |
1172 | Required changes from Bernhard Simon, integrated by me. ok djm@ | |
39ff6527 | 1173 | |
160c7f37 | 1174 | 20050525 |
1175 | - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not | |
1176 | been used for a while | |
4feb61af | 1177 | - (djm) OpenBSD CVS Sync |
1178 | - otto@cvs.openbsd.org 2005/04/05 13:45:31 | |
1179 | [ssh-keygen.c] | |
7c3bc5a2 | 1180 | - djm@cvs.openbsd.org 2005/04/06 09:43:59 |
1181 | [sshd.c] | |
1182 | avoid harmless logspam by not performing setsockopt() on non-socket; | |
1183 | ok markus@ | |
b3669591 | 1184 | - dtucker@cvs.openbsd.org 2005/04/06 12:26:06 |
1185 | [ssh.c] | |
1186 | Fix debug call for port forwards; patch from pete at seebeyond.com, | |
1187 | ok djm@ (ID sync only - change already in portable) | |
49e71137 | 1188 | - djm@cvs.openbsd.org 2005/04/09 04:32:54 |
1189 | [misc.c misc.h tildexpand.c Makefile.in] | |
1190 | replace tilde_expand_filename with a simpler implementation, ahead of | |
1191 | more whacking; ok deraadt@ | |
3feef794 | 1192 | - jmc@cvs.openbsd.org 2005/04/14 12:30:30 |
1193 | [ssh.1] | |
1194 | arg to -b is an address, not if_name; | |
1195 | ok markus@ | |
4635e729 | 1196 | - jakob@cvs.openbsd.org 2005/04/20 10:05:45 |
1197 | [dns.c] | |
1198 | do not try to look up SSHFP for numerical hostname. ok djm@ | |
140e3e97 | 1199 | - djm@cvs.openbsd.org 2005/04/21 06:17:50 |
1200 | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] | |
1201 | [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment | |
1202 | variable, so don't say that we do (bz #623); ok deraadt@ | |
7697ac2b | 1203 | - djm@cvs.openbsd.org 2005/04/21 11:47:19 |
1204 | [ssh.c] | |
1205 | don't allocate a pty when -n flag (/dev/null stdin) is set, patch from | |
1206 | ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@ | |
d49d70a8 | 1207 | - dtucker@cvs.openbsd.org 2005/04/23 23:43:47 |
1208 | [readpass.c] | |
1209 | Add debug message if read_passphrase can't open /dev/tty; bz #471; | |
1210 | ok djm@ | |
d95daa6d | 1211 | - jmc@cvs.openbsd.org 2005/04/26 12:59:02 |
1212 | [sftp-client.h] | |
1213 | spelling correction in comment from wiz@netbsd; | |
cc8ca1e6 | 1214 | - jakob@cvs.openbsd.org 2005/04/26 13:08:37 |
1215 | [ssh.c ssh_config.5] | |
1216 | fallback gracefully if client cannot connect to ControlPath. ok djm@ | |
4b826d75 | 1217 | - moritz@cvs.openbsd.org 2005/04/28 10:17:56 |
1218 | [progressmeter.c ssh-keyscan.c] | |
1219 | add snprintf checks. ok djm@ markus@ | |
c6eb32a1 | 1220 | - markus@cvs.openbsd.org 2005/05/02 21:13:22 |
1221 | [readpass.c] | |
1222 | missing {} | |
4a42b83a | 1223 | - djm@cvs.openbsd.org 2005/05/10 10:28:11 |
1224 | [ssh.c] | |
1225 | print nice error message for EADDRINUSE as well (ID sync only) | |
f6740270 | 1226 | - djm@cvs.openbsd.org 2005/05/10 10:30:43 |
1227 | [ssh.c] | |
1228 | report real errors on fallback from ControlMaster=no to normal connect | |
38634ff6 | 1229 | - markus@cvs.openbsd.org 2005/05/16 15:30:51 |
1230 | [readconf.c servconf.c] | |
1231 | check return value from strdelim() for NULL (AddressFamily); mpech | |
2264526c | 1232 | - djm@cvs.openbsd.org 2005/05/19 02:39:55 |
1233 | [sshd_config.5] | |
1234 | sort config options, from grunk AT pestilenz.org; ok jmc@ | |
05ad7fe0 | 1235 | - djm@cvs.openbsd.org 2005/05/19 02:40:52 |
1236 | [sshd_config] | |
1237 | whitespace nit, from grunk AT pestilenz.org | |
669a1ce3 | 1238 | - djm@cvs.openbsd.org 2005/05/19 02:42:26 |
1239 | [includes.h] | |
1240 | fix cast, from grunk AT pestilenz.org | |
2b610872 | 1241 | - djm@cvs.openbsd.org 2005/05/20 10:50:55 |
1242 | [ssh_config.5] | |
1243 | give a ProxyCommand example using nc(1), with and ok jmc@ | |
9fa42d41 | 1244 | - jmc@cvs.openbsd.org 2005/05/20 11:23:32 |
1245 | [ssh_config.5] | |
1246 | oops - article and spacing; | |
c784ae09 | 1247 | - avsm@cvs.openbsd.org 2005/05/23 22:44:01 |
1248 | [moduli.c ssh-keygen.c] | |
1249 | - removes signed/unsigned comparisons in moduli generation | |
1250 | - use strtonum instead of atoi where its easier | |
1251 | - check some strlcpy overflow and fatal instead of truncate | |
74a66cc8 | 1252 | - djm@cvs.openbsd.org 2005/05/23 23:32:46 |
1253 | [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5] | |
1254 | add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; | |
1255 | ok markus@ | |
de4feb6b | 1256 | - avsm@cvs.openbsd.org 2005/05/24 02:05:09 |
1257 | [ssh-keygen.c] | |
1258 | some style nits from dmiller@, and use a fatal() instead of a printf()/exit | |
05624c18 | 1259 | - avsm@cvs.openbsd.org 2005/05/24 17:32:44 |
1260 | [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c] | |
1261 | [ssh-keyscan.c sshconnect.c] | |
1262 | Switch atomicio to use a simpler interface; it now returns a size_t | |
1263 | (containing number of bytes read/written), and indicates error by | |
1264 | returning 0. EOF is signalled by errno==EPIPE. | |
1265 | Typical use now becomes: | |
1266 | ||
1267 | if (atomicio(read, ..., len) != len) | |
1268 | err(1,"read"); | |
1269 | ||
1270 | ok deraadt@, cloder@, djm@ | |
ef8c3544 | 1271 | - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on |
1272 | Cygwin. | |
44171182 | 1273 | - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux: |
03f5da4c | 1274 | warning: dereferencing type-punned pointer will break strict-aliasing rules |
1275 | warning: passing arg 3 of `pam_get_item' from incompatible pointer type | |
1276 | The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@ | |
1277 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide | |
1278 | templates for _getshort and _getlong if missing to prevent compiler warnings | |
1279 | on Linux. | |
8a3ff1aa | 1280 | - (djm) [configure.ac openbsd-compat/Makefile.in] |
1281 | [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c] | |
1282 | Add strtonum(3) from OpenBSD libc, new code needs it. | |
1283 | Unfortunately Linux forces us to do a bizarre dance with compiler | |
1284 | options to get LLONG_MIN/MAX; Spotted by and ok dtucker@ | |
160c7f37 | 1285 | |
a5b3c493 | 1286 | 20050524 |
1287 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
1288 | [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 | |
b4143b2a | 1289 | - (dtucker) [auth-pam.c] Since people don't seem to be getting the message |
1290 | that USE_POSIX_THREADS is unsupported, not recommended and generally a bad | |
1291 | idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use | |
1292 | USE_POSIX_THREADS will now generate an error so we don't silently change | |
1293 | behaviour. ok djm@ | |
b54ffe05 | 1294 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory |
1295 | allocation when retrieving core Windows environment. Add CYGWIN variable | |
1296 | to propagated variables. Patch from vinschen at redhat.com, ok djm@ | |
22c50ecf | 1297 | - Release 4.1p1 |
a5b3c493 | 1298 | |
1299 | 20050524 | |
0d7feb60 | 1300 | - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure |
1301 | terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz; | |
1302 | "looks ok" dtucker@ | |
1303 | ||
c713294b | 1304 | 20050512 |
1305 | - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script | |
1306 | hard link section. Bug 1038. | |
1307 | ||
25882b6d | 1308 | 20050509 |
1309 | - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a | |
1310 | user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com. | |
1311 | ||
05ada1a6 | 1312 | 20050504 |
1313 | - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used | |
1314 | unix domain socket, so catch that too; from jakob@ ok dtucker@ | |
1315 | ||
a56cebd3 | 1316 | 20050503 |
1317 | - (dtucker) [canohost.c] normalise socket addresses returned by | |
1318 | get_remote_hostname(). This means that IPv4 addresses in log messages | |
1319 | on IPv6 enabled machines will no longer be prefixed by "::ffff:" and | |
1320 | AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style | |
1321 | addresses only for 4-in-6 mapped connections, regardless of whether | |
1322 | or not the machine is IPv6 enabled. ok djm@ | |
1323 | ||
a8539f66 | 1324 | 20050425 |
1325 | - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the | |
1326 | existence of a process since it's more portable. Found by jbasney at | |
1327 | ncsa.uiuc.edu; ok tim@ | |
27402d9c | 1328 | - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh |
1329 | will clean up anyway. From tim@ | |
faf685a9 | 1330 | - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running |
5330cae7 | 1331 | "make tests" works even if you're building on a filesystem that doesn't |
faf685a9 | 1332 | support sockets. From deengert at anl.gov, ok djm@ |
a8539f66 | 1333 | |
5c7fc85d | 1334 | 20050424 |
1335 | - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or | |
1336 | 1.2.1.2 or higher. With tim@, ok djm@ | |
1337 | ||
9e850813 | 1338 | 20050423 |
1339 | - (tim) [config.guess] Add support for OpenServer 6. | |
1340 | ||
d9720710 | 1341 | 20050421 |
1342 | - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if | |
1343 | UseLogin is set as PAM is not used to establish credentials in that | |
1344 | case. Found by Michael Selvesteen, ok djm@ | |
1345 | ||
ad6a7661 | 1346 | 20050419 |
1347 | - (dtucker) [INSTALL] Reference README.privsep for the privilege separation | |
1348 | requirements. Pointed out by Bengt Svensson. | |
07f804af | 1349 | - (dtucker) [INSTALL] Put the s/key text and URL back together. |
f2637973 | 1350 | - (dtucker) [INSTALL] Fix s/key text too. |
ad6a7661 | 1351 | |
46f853b9 | 1352 | 20050411 |
1353 | - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME | |
1354 | ||
62eb7db4 | 1355 | 20050405 |
1356 | - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ | |
8502d79f | 1357 | - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on |
1358 | Tru64. Patch from cmadams at hiwaay.net. | |
ed81415f | 1359 | - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of |
1360 | sys_auth_passwd, pointed out by cmadams at hiwaay.net. | |
62eb7db4 | 1361 | |
99dfaccc | 1362 | 20050403 |
1363 | - (djm) OpenBSD CVS Sync | |
1364 | - deraadt@cvs.openbsd.org 2005/03/31 18:39:21 | |
1365 | [scp.c] | |
1366 | copy argv[] element instead of smashing the one that ps will see; ok otto | |
ae0d2f42 | 1367 | - djm@cvs.openbsd.org 2005/04/02 12:41:16 |
1368 | [scp.c] | |
1369 | since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror | |
1370 | build | |
d3e9f63d | 1371 | - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read |
1372 | will free as needed. ok tim@ djm@ | |
99dfaccc | 1373 | |
ecda4ffb | 1374 | 20050331 |
1375 | - (dtucker) OpenBSD CVS Sync | |
1376 | - jmc@cvs.openbsd.org 2005/03/16 11:10:38 | |
1377 | [ssh_config.5] | |
1378 | get the syntax right for {Local,Remote}Forward; | |
1379 | based on a diff from markus; | |
1380 | problem report from ponraj; | |
1381 | ok dtucker@ markus@ deraadt@ | |
e86f4cc5 | 1382 | - markus@cvs.openbsd.org 2005/03/16 21:17:39 |
1383 | [version.h] | |
1384 | 4.1 | |
102c77c2 | 1385 | - jmc@cvs.openbsd.org 2005/03/18 17:05:00 |
1386 | [sshd_config.5] | |
1387 | typo; | |
1b394137 | 1388 | - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in |
1389 | handling of password expiry messages returned by AIX's authentication | |
1390 | routines, originally reported by robvdwal at sara.nl. | |
d0c7c18d | 1391 | - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug |
1392 | message on some platforms. Patch from pete at seebeyond.com via djm. | |
e05df884 | 1393 | - (dtucker) [monitor.c] Remaining part of fix for bug #1006. |
ecda4ffb | 1394 | |
25cd6761 | 1395 | 20050329 |
1396 | - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're | |
1397 | interested in which is much faster in large (eg LDAP or NIS) environments. | |
1398 | Patch from dleonard at vintela.com. | |
1399 | ||
6dd05556 | 1400 | 20050321 |
1401 | - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes | |
1402 | and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net, | |
1403 | with & ok tim@ | |
737edf04 | 1404 | - (dtucker) [configure.ac] Make configure error out if the user specifies |
1405 | --with-libedit but the required libs can't be found, rather than silently | |
1406 | ignoring and continuing. ok tim@ | |
72ad335d | 1407 | - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions |
1408 | of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se. | |
6dd05556 | 1409 | |
987b458f | 1410 | 20050317 |
1411 | - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional. | |
1412 | Make --without-opensc work. | |
4b492aab | 1413 | - (tim) [configure.ac] portability changes on test statements. Some shells |
1414 | have problems with -a operator. | |
6cf0200f | 1415 | - (tim) [configure.ac] make some configure options a little more error proof. |
82f4e93d | 1416 | - (tim) [configure.ac] remove trailing white space. |
987b458f | 1417 | |
2b74a069 | 1418 | 20050314 |
1419 | - (dtucker) OpenBSD CVS Sync | |
1420 | - dtucker@cvs.openbsd.org 2005/03/10 10:15:02 | |
1421 | [readconf.c] | |
1422 | Check listen addresses for null, prevents xfree from dying during | |
1423 | ClearAllForwardings (bz #996). From Craig Leres, ok markus@ | |
f8cc7664 | 1424 | - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 |
1425 | [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c | |
1426 | monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c | |
1427 | readconf.c bufaux.c sftp.c] | |
1428 | spacing | |
16d3d2bc | 1429 | - deraadt@cvs.openbsd.org 2005/03/10 22:40:38 |
1430 | [auth-options.c] | |
1431 | spacing | |
604dac32 | 1432 | - markus@cvs.openbsd.org 2005/03/11 14:59:06 |
1433 | [ssh-keygen.c] | |
1434 | typo, missing \n; mpech | |
4e5038f7 | 1435 | - jmc@cvs.openbsd.org 2005/03/12 11:55:03 |
1436 | [ssh_config.5] | |
1437 | escape `.' at eol to avoid double spacing issues; | |
ee8e9906 | 1438 | - dtucker@cvs.openbsd.org 2005/03/14 10:09:03 |
1439 | [ssh-keygen.1] | |
1440 | Correct description of -H (bz #997); ok markus@, punctuation jmc@ | |
2dcbac07 | 1441 | - dtucker@cvs.openbsd.org 2005/03/14 11:44:42 |
1442 | [auth.c] | |
1443 | Populate host for log message for logins denied by AllowUsers and | |
2232a979 | 1444 | DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com) |
fa1d7d85 | 1445 | - markus@cvs.openbsd.org 2005/03/14 11:46:56 |
1446 | [buffer.c buffer.h channels.c] | |
1447 | limit input buffer size for channels; bugzilla #896; with and ok dtucker@ | |
b2518e43 | 1448 | - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed |
1449 | with a rpm -F | |
2b74a069 | 1450 | |
2b08c2fc | 1451 | 20050313 |
1452 | - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the | |
1453 | localized name of the local administrators group more reliable. From | |
1454 | vinschen at redhat.com. | |
1455 | ||
433f6c0f | 1456 | 20050312 |
1457 | - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug | |
1458 | output ends up in the client's output, causing regress failures. Found | |
1459 | by Corinna Vinschen. | |
1460 | ||
13863e85 | 1461 | 20050309 |
1462 | - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 | |
1463 | so that regress tests behave. From Chris Adams. | |
6d7a9e8f | 1464 | - (djm) OpenBSD CVS Sync |
1465 | - jmc@cvs.openbsd.org 2005/03/07 23:41:54 | |
1466 | [ssh.1 ssh_config.5] | |
1467 | more macro simplification; | |
568a2a1a | 1468 | - djm@cvs.openbsd.org 2005/03/08 23:49:48 |
1469 | [version.h] | |
1470 | OpenSSH 4.0 | |
ea9c5dda | 1471 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
1472 | [contrib/suse/openssh.spec] Update spec file versions | |
b1d73a9a | 1473 | - (djm) [log.c] Fix dumb syntax error; ok dtucker@ |
0831888a | 1474 | - (djm) Release OpenSSH 4.0p1 |
13863e85 | 1475 | |
7939c496 | 1476 | 20050307 |
1477 | - (dtucker) [configure.ac] Disable gettext search when configuring with | |
1478 | BSM audit support for the time being. ok djm@ | |
1808b4ab | 1479 | - (dtucker) OpenBSD CVS Sync (regress/) |
1480 | - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 | |
c0cab79d | 1481 | [Makefile sftp-glob.sh] |
1808b4ab | 1482 | some globbing regress; prompted and ok djm@ |
0c2cfd08 | 1483 | - david@cvs.openbsd.org 2005/01/14 04:21:18 |
1484 | [Makefile test-exec.sh] | |
1485 | pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ | |
83154755 | 1486 | - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 |
1487 | [multiplex.sh test-exec.sh sshd-log-wrapper.sh] | |
1488 | Add optional capability to log output from regress commands; ok markus@ | |
1489 | Use with: make TEST_SSH_LOGFILE=/tmp/regress.log | |
6c017ff5 | 1490 | - djm@cvs.openbsd.org 2005/02/27 23:13:36 |
1491 | [login-timeout.sh] | |
1492 | avoid nameservice lookups in regress test; ok dtucker@ | |
08ba3a8a | 1493 | - djm@cvs.openbsd.org 2005/03/04 08:48:46 |
1494 | [Makefile envpass.sh] | |
1495 | regress test for SendEnv config parsing bug; ok dtucker@ | |
1501be86 | 1496 | - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. |
11cf4f1f | 1497 | - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. |
7939c496 | 1498 | |
d9bc3cde | 1499 | 20050306 |
1500 | - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor | |
1501 | when attempting to audit disconnect events. Reported by Phil Dibowitz. | |
2b0c0925 | 1502 | - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit |
1503 | events earlier, prevents mm_request_send errors reported by Matt Goebel. | |
d9bc3cde | 1504 | |
1619d173 | 1505 | 20050305 |
1506 | - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch | |
1507 | from vinschen at redhat.com | |
4469b0cf | 1508 | - (djm) OpenBSD CVS Sync |
1509 | - jmc@cvs.openbsd.org 2005/03/02 11:45:01 | |
1510 | [ssh.1] | |
1511 | missing word; | |
c8c99dd5 | 1512 | - djm@cvs.openbsd.org 2005/03/04 08:48:06 |
1513 | [readconf.c] | |
1514 | fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ | |
1619d173 | 1515 | |
6c7e3b94 | 1516 | 20050302 |
1517 | - (djm) OpenBSD CVS sync: | |
1518 | - jmc@cvs.openbsd.org 2005/03/01 14:47:58 | |
1519 | [ssh.1] | |
1520 | remove some unneccesary macros; | |
1521 | do not mark up punctuation; | |
cd8f998c | 1522 | - jmc@cvs.openbsd.org 2005/03/01 14:55:23 |
1523 | [ssh_config.5] | |
1524 | do not mark up punctuation; | |
1525 | whitespace; | |
c79ae9fd | 1526 | - jmc@cvs.openbsd.org 2005/03/01 14:59:49 |
1527 | [sshd.8] | |
1528 | new sentence, new line; | |
1529 | whitespace; | |
219195e8 | 1530 | - jmc@cvs.openbsd.org 2005/03/01 15:05:00 |
1531 | [ssh-keygen.1] | |
1532 | whitespace; | |
3bafbaa7 | 1533 | - jmc@cvs.openbsd.org 2005/03/01 15:47:14 |
1534 | [ssh-keyscan.1 ssh-keyscan.c] | |
1535 | sort options and sync usage(); | |
ba9d1100 | 1536 | - jmc@cvs.openbsd.org 2005/03/01 17:19:35 |
1537 | [scp.1 sftp.1] | |
1538 | add HashKnownHosts to -o list; | |
1539 | ok markus@ | |
8cf98c65 | 1540 | - jmc@cvs.openbsd.org 2005/03/01 17:22:06 |
1541 | [ssh.c] | |
1542 | sync usage() w/ man SYNOPSIS; | |
1543 | ok markus@ | |
ca28318b | 1544 | - jmc@cvs.openbsd.org 2005/03/01 17:32:19 |
1545 | [ssh-add.1] | |
1546 | sort options; | |
ce0c0cdc | 1547 | - jmc@cvs.openbsd.org 2005/03/01 18:15:56 |
1548 | [ssh-keygen.1] | |
1549 | sort options (no attempt made at synopsis clean up though); | |
1550 | spelling (occurance -> occurrence); | |
1551 | use prompt before examples; | |
1552 | grammar; | |
e79276c2 | 1553 | - djm@cvs.openbsd.org 2005/03/02 01:00:06 |
1554 | [sshconnect.c] | |
1555 | fix addition of new hashed hostnames when CheckHostIP=yes; | |
1556 | found and ok dtucker@ | |
bc7119ba | 1557 | - djm@cvs.openbsd.org 2005/03/02 01:27:41 |
1558 | [ssh-keygen.c] | |
1559 | ignore hostnames with metachars when hashing; ok deraadt@ | |
82966fe8 | 1560 | - djm@cvs.openbsd.org 2005/03/02 02:21:07 |
1561 | [ssh.1] | |
1562 | bz#987: mention ForwardX11Trusted in ssh.1, | |
1563 | reported by andrew.benham AT thus.net; ok deraadt@ | |
0428614e | 1564 | - (tim) [regress/agent-ptrace.sh] add another possible gdb error. |
6c7e3b94 | 1565 | |
ec304d66 | 1566 | 20050301 |
1567 | - (djm) OpenBSD CVS sync: | |
1568 | - otto@cvs.openbsd.org 2005/02/16 09:56:44 | |
1569 | [ssh.c] | |
1570 | Better diagnostic if an identity file is not accesible. ok markus@ djm@ | |
adc75586 | 1571 | - djm@cvs.openbsd.org 2005/02/18 03:05:53 |
1572 | [canohost.c] | |
1573 | better error messages for getnameinfo failures; ok dtucker@ | |
0b73a454 | 1574 | - djm@cvs.openbsd.org 2005/02/20 22:59:06 |
1575 | [sftp.c] | |
1576 | turn on ssh batch mode when in sftp batch mode, patch from | |
1577 | jdmossh AT nand.net; | |
1578 | ok markus@ | |
a333272d | 1579 | - jmc@cvs.openbsd.org 2005/02/25 10:55:13 |
1580 | [sshd.8] | |
1581 | add /etc/motd and $HOME/.hushlogin to FILES; | |
1582 | from michael knudsen; | |
9a6b3b7a | 1583 | - djm@cvs.openbsd.org 2005/02/28 00:54:10 |
1584 | [ssh_config.5] | |
1585 | bz#849: document timeout on untrusted x11 forwarding sessions. Reported by | |
1586 | orion AT cora.nwra.com; ok markus@ | |
3867aa0a | 1587 | - djm@cvs.openbsd.org 2005/03/01 10:09:52 |
1588 | [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] | |
1589 | [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] | |
1590 | [sshd_config.5] | |
1591 | bz#413: allow optional specification of bind address for port forwardings. | |
1592 | Patch originally by Dan Astorian, but worked on by several people | |
1593 | Adds GatewayPorts=clientspecified option on server to allow remote | |
1594 | forwards to bind to client-specified ports. | |
5c63c2ab | 1595 | - djm@cvs.openbsd.org 2005/03/01 10:40:27 |
1596 | [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] | |
1597 | [sshconnect.c sshd.8] | |
1598 | add support for hashing host names and addresses added to known_hosts | |
1599 | files, to improve privacy of which hosts user have been visiting; ok | |
1600 | markus@ deraadt@ | |
90a8ae9f | 1601 | - djm@cvs.openbsd.org 2005/03/01 10:41:28 |
1602 | [ssh-keyscan.1 ssh-keyscan.c] | |
1603 | option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ | |
bdffbcdc | 1604 | - djm@cvs.openbsd.org 2005/03/01 10:42:49 |
1605 | [ssh-keygen.1 ssh-keygen.c ssh_config.5] | |
1606 | add tools for managing known_hosts files with hashed hostnames, including | |
1607 | hashing existing files and deleting hosts by name; ok markus@ deraadt@ | |
ec304d66 | 1608 | |
a6de2de3 | 1609 | 20050226 |
1610 | - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] | |
1611 | Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. | |
7ff856c5 | 1612 | - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] |
1613 | Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any | |
1614 | more. Patch from vinschen at redhat.com. | |
e1283d9c | 1615 | - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the |
1616 | binaries without the config files. Primarily useful for packaging. | |
1617 | Patch from phil at usc.edu. ok djm@ | |
a6de2de3 | 1618 | |
1619 | 20050224 | |
777ece68 | 1620 | - (djm) [configure.ac] in_addr_t test needs sys/types.h too |
1621 | ||
c2736f7f | 1622 | 20050222 |
1623 | - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from | |
1624 | vinschen at redhat.com. | |
1625 | ||
7b578f7d | 1626 | 20050220 |
1627 | - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac | |
1628 | defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure | |
1629 | --with-audit=bsm to enable. Patch originally from Sun Microsystems, | |
1630 | parts by John R. Jackson. ok djm@ | |
c85ed8e2 | 1631 | - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes |
1632 | unrelated platforms to be configured incorrectly. | |
7b578f7d | 1633 | |
a418076b | 1634 | 20050216 |
1635 | - (djm) write seed to temporary file and atomically rename into place; | |
1636 | ok dtucker@ | |
e005a96c | 1637 | - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called |
1638 | via mkstemp in some configurations. ok djm@ | |
f83b0f6a | 1639 | - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined |
1640 | by the system headers. | |
85cf54ec | 1641 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant |
1642 | Unix; prevents problems relating to the location of -lresolv in the | |
1643 | link order. | |
09d7ebd1 | 1644 | - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic |
1645 | authentication early enough to be available to PAM session modules when | |
1646 | privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam | |
1647 | Hartman and similar to Debian's ssh-krb5 package. | |
ba603e06 | 1648 | - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more |
1649 | compiler warnings on AIX. | |
a418076b | 1650 | |
5f879c03 | 1651 | 20050215 |
1652 | - (dtucker) [config.sh.in] Collect oslevel -r too. | |
5ccf88cb | 1653 | - (dtucker) [README.platform auth.c configure.ac loginrec.c |
1654 | openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 | |
1655 | on AIX where possible (see README.platform for details) and work around | |
1656 | a misfeature of AIX's getnameinfo. ok djm@ | |
c53d8c93 | 1657 | - (dtucker) [loginrec.c] Add missing #include. |
5f879c03 | 1658 | |
6ff3d0dc | 1659 | 20050211 |
1660 | - (dtucker) [configure.ac] Tidy up configure --help output. | |
3287ae43 | 1661 | - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. |
6ff3d0dc | 1662 | |
694d0cef | 1663 | 20050210 |
1664 | - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the | |
1665 | --disable-etc-default-login configure option. | |
1666 | ||
0d133778 | 1667 | 20050209 |
1668 | - (dtucker) OpenBSD CVS Sync | |
1669 | - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 | |
1670 | [ssh_config] | |
1671 | Make it clear that the example entries in ssh_config are only some of the | |
1672 | commonly-used options and refer the user to ssh_config(5) for more | |
1673 | details; ok djm@ | |
0d6cbe2c | 1674 | - jmc@cvs.openbsd.org 2005/01/28 15:05:43 |
1675 | [ssh_config.5] | |
1676 | grammar; | |
7034edae | 1677 | - jmc@cvs.openbsd.org 2005/01/28 18:14:09 |
1678 | [ssh_config.5] | |
1679 | wording; | |
1680 | ok markus@ | |
75cccc2c | 1681 | - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 |
1682 | [monitor.c] | |
1683 | Make code match intent; ok djm@ | |
945a9853 | 1684 | - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 |
1685 | [sshd.c] | |
1686 | Provide reason in error message if getnameinfo fails; ok markus@ | |
751e5199 | 1687 | - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call |
1688 | disable_forwarding() from compat library. Prevent linker errrors trying | |
1689 | to resolve it for binaries other than sshd. ok djm@ | |
99eb0f64 | 1690 | - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir |
1691 | paths. ok djm@ | |
3ade3b57 | 1692 | - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require |
1693 | the username to be passed to the passwd command when changing expired | |
1694 | passwords. ok djm@ | |
0d133778 | 1695 | |
9c70ca37 | 1696 | 20050208 |
1697 | - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the | |
1698 | regress tests so newer versions of GNU head(1) behave themselves. Patch | |
1699 | by djm, so ok me. | |
c2edf154 | 1700 | - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. |
6039eeef | 1701 | - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c |
1702 | monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit | |
1703 | defines and enums with SSH_ to prevent namespace collisions on some | |
1704 | platforms (eg AIX). | |
9c70ca37 | 1705 | |
780d885c | 1706 | 20050204 |
1707 | - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. | |
6af6e631 | 1708 | - (dtucker) [auth.c] Fix parens in audit log check. |
780d885c | 1709 | |
667abcc6 | 1710 | 20050202 |
1711 | - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath | |
1712 | rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ | |
575e336f | 1713 | - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] |
1714 | Make record_failed_login() call provide hostname rather than having the | |
1715 | implementations having to do lookups themselves. Only affects AIX and | |
1716 | UNICOS (the latter only uses the "user" parameter anyway). ok djm@ | |
3bfd27d5 | 1717 | - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child |
1718 | the process. Since we also unset KRB5CCNAME at startup, if it's set after | |
1719 | authentication it must have been set by the platform's native auth system. | |
1720 | This was already done for AIX; this enables it for the general case. | |
b6610e8f | 1721 | - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] |
1722 | Bug #974: Teach sshd to write failed login records to btmp for failed auth | |
1723 | attempts (currently only for password, kbdint and C/R, only on Linux and | |
1724 | HP-UX), based on code from login.c from util-linux. With ashok_kovai at | |
1725 | hotmail.com, ok djm@ | |
c00e4d75 | 1726 | - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c |
1727 | monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: | |
1728 | (first stage) Add audit instrumentation to sshd, currently disabled by | |
9a8c0786 | 1729 | default. with suggestions from and ok djm@ |
667abcc6 | 1730 | |
29c82270 | 1731 | 20050201 |
1732 | - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some | |
1733 | platforms syslog will revert to its default values. This may result in | |
1734 | messages from external libraries (eg libwrap) being sent to a different | |
1735 | facility. | |
8a4c4ee4 | 1736 | - (dtucker) [sshd_config.5] Bug #701: remove warning about |
1737 | keyboard-interactive since this is no longer the case. | |
29c82270 | 1738 | |
022487ce | 1739 | 20050124 |
1740 | - (dtucker) OpenBSD CVS Sync | |
1741 | - otto@cvs.openbsd.org 2005/01/21 08:32:02 | |
1742 | [auth-passwd.c sshd.c] | |
1743 | Warn in advance for password and account expiry; initialize loginmsg | |
1744 | buffer earlier and clear it after privsep fork. ok and help dtucker@ | |
1745 | markus@ | |
31de8b2b | 1746 | - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 |
1747 | [auth.c] | |
1748 | Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and | |
1749 | DenyGroups. bz #909, ok djm@ | |
3ebbcf03 | 1750 | - djm@cvs.openbsd.org 2005/01/23 10:18:12 |
1751 | [cipher.c] | |
1752 | config option "Ciphers" should be case-sensitive; ok dtucker@ | |
3c03ad3f | 1753 | - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 |
1754 | [scp.c sftp.c] | |
1755 | Have scp and sftp wait for the spawned ssh to exit before they exit | |
1756 | themselves. This prevents ssh from being unable to restore terminal | |
1757 | modes (not normally a problem on OpenBSD but common with -Portable | |
1758 | on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); | |
1759 | ok djm@ markus@ | |
7936123b | 1760 | - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 |
1761 | [moduli] | |
1762 | Import new moduli; requested by deraadt@ a week ago | |
6c0dc0dd | 1763 | - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 |
1764 | [auth-passwd.c] | |
1765 | #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ | |
022487ce | 1766 | |
b0042027 | 1767 | 20050120 |
1768 | - (dtucker) OpenBSD CVS Sync | |
1769 | - markus@cvs.openbsd.org 2004/12/23 17:35:48 | |
1770 | [session.c] | |
1771 | check for NULL; from mpech | |
3c460ede | 1772 | - markus@cvs.openbsd.org 2004/12/23 17:38:07 |
1773 | [ssh-keygen.c] | |
1774 | leak; from mpech | |
31b41ceb | 1775 | - djm@cvs.openbsd.org 2004/12/23 23:11:00 |
1776 | [servconf.c servconf.h sshd.c sshd_config sshd_config.5] | |
1777 | bz #898: support AddressFamily in sshd_config. from | |
1778 | peak@argo.troja.mff.cuni.cz; ok deraadt@ | |
cf039bd1 | 1779 | - markus@cvs.openbsd.org 2005/01/05 08:51:32 |
1780 | [sshconnect.c] | |
1781 | remove dead code, log connect() failures with level error, ok djm@ | |
667e4135 | 1782 | - jmc@cvs.openbsd.org 2005/01/08 00:41:19 |
1783 | [sshd_config.5] | |
1784 | `login'(n) -> `log in'(v); | |
1d03d1ad | 1785 | - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 |
1786 | [moduli.c] | |
1787 | Correct spelling: SCHNOOR->SCHNORR; ok djm@ | |
25c31d49 | 1788 | - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 |
1789 | [sshd.c] | |
1790 | Make debugging output continue after reexec; ok djm@ | |
37ea4f91 | 1791 | - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 |
1792 | [auth-bsdauth.c auth2-chall.c] | |
1793 | Have keyboard-interactive code call the drivers even for responses for | |
1794 | invalid logins. This allows the drivers themselves to decide how to | |
1795 | handle them and prevent leaking information where possible. Existing | |
1796 | behaviour for bsdauth is maintained by checking authctxt->valid in the | |
1797 | bsdauth driver. Note that any third-party kbdint drivers will now need | |
1798 | to be able to handle responses for invalid logins. ok markus@ | |
5d33c697 | 1799 | - djm@cvs.openbsd.org 2004/12/22 02:13:19 |
1800 | [cipher-ctr.c cipher.c] | |
1801 | remove fallback AES support for old OpenSSL, as OpenBSD has had it for | |
1802 | many years now; ok deraadt@ | |
1803 | (Id sync only: Portable will continue to support older OpenSSLs) | |
af0e5c2f | 1804 | - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user |
1805 | existence via keyboard-interactive/pam, in conjunction with previous | |
1806 | auth2-chall.c change; with Colin Watson and djm. | |
9c1966bf | 1807 | - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 |
1808 | bytes to prevent errors from login_init_entry() when the username is | |
1809 | exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ | |
c384a74c | 1810 | - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from |
1811 | the list of available kbdint devices if UsePAM=no. ok djm@ | |
b0042027 | 1812 | |
1813 | 20050118 | |
d7cfdd7c | 1814 | - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement |
1815 | "make survey" and "make send-survey". This will provide data on the | |
1816 | configure parameters, platform and platform features to the development | |
1817 | team, which will allow (among other things) better targetting of testing. | |
1818 | It's entirely voluntary and is off be default. ok djm@ | |
1aeec5f7 | 1819 | - (dtucker) [survey.sh.in] Remove any blank lines from the output of |
1820 | ccver-v and ccver-V. | |
d7cfdd7c | 1821 | |
1e111f05 | 1822 | 20041220 |
1823 | - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading | |
1824 | from prngd is enabled at compile time but fails at run time, eg because | |
1825 | prngd is not running. Note that if you have prngd running when OpenSSH is | |
1826 | built, OpenSSL will consider itself internally seeded and rand-helper won't | |
1827 | be built at all unless explicitly enabled via --with-rand-helper. ok djm@ | |
0a3ea6cc | 1828 | - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since |
1829 | on some wacky platforms (eg old AIXes), dd will refuse to create an output | |
1830 | file if it doesn't exist. | |
1e111f05 | 1831 | |
7a5de142 | 1832 | 20041213 |
1833 | - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from | |
1834 | amarendra.godbole at ge com. | |
1835 | ||
595c699c | 1836 | 20041211 |
1837 | - (dtucker) OpenBSD CVS Sync | |
1838 | - markus@cvs.openbsd.org 2004/12/06 16:00:43 | |
1839 | [bufaux.c] | |
1840 | use 0x00 not \0 since buf[] is a bignum | |
2bd204e5 | 1841 | - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 |
1842 | [sftp.c] | |
1843 | - fix globbed ls for paths the same lenght as the globbed path when | |
1844 | we have a unique matching. | |
1845 | - fix globbed ls in case of a directory when we have a unique matching. | |
1846 | - as a side effect, if the path does not exist error (used to silently | |
1847 | ignore). | |
1848 | - don't do extra do_lstat() if we only have one matching file. | |
1849 | djm@ ok | |
41feb690 | 1850 | - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 |
1851 | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] | |
1852 | Fix debug call in error path of authorized_keys processing and fix related | |
1853 | warnings; ok djm@ | |
595c699c | 1854 | |
79a7ba96 | 1855 | 20041208 |
1856 | - (tim) [configure.ac] Comment some non obvious platforms in the | |
1857 | target-specific case statement. Suggested and OK by dtucker@ | |
1858 | ||
03543667 | 1859 | 20041207 |
1860 | - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. | |
1861 | ||
23a1441b | 1862 | 20041206 |
1863 | - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ | |
aa41be57 | 1864 | - (dtucker) OpenBSD CVS Sync |
1865 | - markus@cvs.openbsd.org 2004/11/25 22:22:14 | |
1866 | [sftp-client.c sftp.c] | |
1867 | leak; from mpech | |
281cf948 | 1868 | - jmc@cvs.openbsd.org 2004/11/29 00:05:17 |
1869 | [sftp.1] | |
1870 | missing full stop; | |
47460206 | 1871 | - djm@cvs.openbsd.org 2004/11/29 07:41:24 |
1872 | [sftp-client.h sftp.c] | |
1873 | Some small fixes from moritz@jodeit.org. ok deraadt@ | |
f9d52dd1 | 1874 | - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 |
1875 | [sftp.1] | |
1876 | - explain that patterns can be used as arguments in get/put/ls/etc | |
1877 | commands (prodded by Michael Knudsen) | |
1878 | - describe ls flags as a list | |
1879 | - other minor improvements | |
1880 | ok jmc, djm | |
ea067773 | 1881 | - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 |
1882 | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] | |
1883 | Discard over-length authorized_keys entries rather than complaining when | |
1884 | they don't decode. bz #884, with & ok djm@ | |
67a35538 | 1885 | - (dtucker) OpenBSD CVS Sync (regress/) |
1886 | - djm@cvs.openbsd.org 2004/06/26 06:16:07 | |
1887 | [reexec.sh] | |
1888 | don't change the name of the copied sshd for the reexec fallback test, | |
1889 | makes life simpler for portable | |
642c4a6f | 1890 | - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 |
1891 | [scp.sh] | |
1892 | Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ | |
473bdc8b | 1893 | - david@cvs.openbsd.org 2004/07/09 19:45:43 |
1894 | [Makefile] | |
1895 | add a missing CLEANFILES used in the re-exec test | |
9c7ea094 | 1896 | - djm@cvs.openbsd.org 2004/10/08 02:01:50 |
1897 | [reexec.sh] | |
1898 | shrink and tidy; ok dtucker@ | |
d7f49021 | 1899 | - djm@cvs.openbsd.org 2004/10/29 23:59:22 |
1900 | [Makefile added brokenkeys.sh] | |
1901 | regression test for handling of corrupt keys in authorized_keys file | |
a1c3731b | 1902 | - djm@cvs.openbsd.org 2004/11/07 00:32:41 |
1903 | [multiplex.sh] | |
1904 | regression tests for new multiplex commands | |
a22f9767 | 1905 | - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 |
1906 | [test-exec.sh] | |
1907 | Remove obsolete RhostsAuthentication from test config; ok markus@ | |
185a020b | 1908 | - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 |
1909 | [test-exec.sh] | |
1910 | Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ | |
23a1441b | 1911 | |
cf848a5e | 1912 | 20041203 |
1913 | - (dtucker) OpenBSD CVS Sync | |
1914 | - jmc@cvs.openbsd.org 2004/11/07 17:42:36 | |
1915 | [ssh.1] | |
1916 | options sort, and whitespace; | |
aeefce7a | 1917 | - jmc@cvs.openbsd.org 2004/11/07 17:57:30 |
1918 | [ssh.c] | |
1919 | usage(): | |
1920 | - add -O | |
1921 | - sync -S w/ manpage | |
1922 | - remove -h | |
9aab0af7 | 1923 | - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is |
1924 | subsequently denied by the PAM auth stack, send the PAM message to the | |
1925 | user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). | |
1926 | ok djm@ | |
cf848a5e | 1927 | |
5132eac0 | 1928 | 20041107 |
1929 | - (dtucker) OpenBSD CVS Sync | |
1930 | - djm@cvs.openbsd.org 2004/11/05 12:19:56 | |
1931 | [sftp.c] | |
1932 | command editing and history support via libedit; ok markus@ | |
1933 | thanks to hshoexer@ and many testers on tech@ too | |
f8c6db83 | 1934 | - djm@cvs.openbsd.org 2004/11/07 00:01:46 |
1935 | [clientloop.c clientloop.h ssh.1 ssh.c] | |
1936 | add basic control of a running multiplex master connection; including the | |
1937 | ability to check its status and request it to exit; ok markus@ | |
59031773 | 1938 | - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure |
1939 | option and supporting makefile bits and documentation. | |
5132eac0 | 1940 | |
4725d66c | 1941 | 20041105 |
1942 | - (dtucker) OpenBSD CVS Sync | |
1943 | - markus@cvs.openbsd.org 2004/08/30 09:18:08 | |
1944 | [LICENCE] | |
1945 | s/keygen/keyscan/ | |
caeffafb | 1946 | - jmc@cvs.openbsd.org 2004/08/30 21:22:49 |
1947 | [ssh-add.1 ssh.1] | |
1948 | .Xsession -> .xsession; | |
1949 | originally from a pr from f at obiit dot org, but missed by myself; | |
1950 | ok markus@ matthieu@ | |
d3e5d1e9 | 1951 | - djm@cvs.openbsd.org 2004/09/07 23:41:30 |
1952 | [clientloop.c ssh.c] | |
1953 | cleanup multiplex control socket on SIGHUP too, spotted by sturm@ | |
1954 | ok markus@ deraadt@ | |
59d4718a | 1955 | - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 |
1956 | [ssh.c] | |
1957 | /* fallthrough */ is something a programmer understands. But | |
1958 | /* FALLTHROUGH */ is also understood by lint, so that is better. | |
329a8666 | 1959 | - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 |
1960 | [sshd_config.5] | |
1961 | mention PrintLastLog only prints last login time for interactive | |
1962 | sessions, like PrintMotd mentions. | |
1963 | From Michael Knudsen, with wording changed slightly to match the | |
1964 | PrintMotd description. | |
1965 | ok djm | |
1c5eab6f | 1966 | - mickey@cvs.openbsd.org 2004/09/15 18:42:27 |
1967 | [sshd.c] | |
1968 | use less doubles in daemons; markus@ ok | |
007607ab | 1969 | - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 |
1970 | [scp.c] | |
1971 | scratch that do { } while (0) wrapper in this case | |
a7e124fe | 1972 | - djm@cvs.openbsd.org 2004/09/23 13:00:04 |
1973 | [ssh.c] | |
1974 | correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ | |
e9aec1d4 | 1975 | - djm@cvs.openbsd.org 2004/09/25 03:45:14 |
1976 | [sshd.c] | |
1977 | these printf args are no longer double; ok deraadt@ markus@ | |
396070f8 | 1978 | - djm@cvs.openbsd.org 2004/10/07 10:10:24 |
1979 | [scp.1 sftp.1 ssh.1 ssh_config.5] | |
1980 | document KbdInteractiveDevices; ok markus@ | |
8e8d8c82 | 1981 | - djm@cvs.openbsd.org 2004/10/07 10:12:36 |
1982 | [ssh-agent.c] | |
1983 | don't unlink agent socket when bind() fails, spotted by rich AT | |
1984 | rich-paul.net, ok markus@ | |
750bbb35 | 1985 | - markus@cvs.openbsd.org 2004/10/20 11:48:53 |
1986 | [packet.c ssh1.h] | |
1987 | disconnect for invalid (out of range) message types. | |
2c9a4d41 | 1988 | - djm@cvs.openbsd.org 2004/10/29 21:47:15 |
1989 | [channels.c channels.h clientloop.c] | |
1990 | fix some window size change bugs for multiplexed connections: windows sizes | |
1991 | were not being updated if they had changed after ~^Z suspends and SIGWINCH | |
1992 | was not being processed unless the first connection had requested a tty; | |
1993 | ok markus | |
7a9c7a0b | 1994 | - djm@cvs.openbsd.org 2004/10/29 22:53:56 |
1995 | [clientloop.c misc.h readpass.c ssh-agent.c] | |
1996 | factor out common permission-asking code to separate function; ok markus@ | |
b82a59f2 | 1997 | - djm@cvs.openbsd.org 2004/10/29 23:56:17 |
1998 | [bufaux.c bufaux.h buffer.c buffer.h] | |
1999 | introduce a new buffer API that returns an error rather than fatal()ing | |
2000 | when presented with bad data; ok markus@ | |
63488674 | 2001 | - djm@cvs.openbsd.org 2004/10/29 23:57:05 |
2002 | [key.c] | |
2003 | use new buffer API to avoid fatal errors on corrupt keys in authorized_keys | |
2004 | files; ok markus@ | |
4725d66c | 2005 | |
b29fd59f | 2006 | 20041102 |
2007 | - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX | |
2008 | 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ | |
2009 | only if a conflict is detected. | |
2010 | ||
8f817407 | 2011 | 20041019 |
2012 | - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or | |
2013 | on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ | |
2014 | ||
bbe58934 | 2015 | 20041016 |
6390930e | 2016 | - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; |
2017 | ok dtucker@ | |
bbe58934 | 2018 | |
27f6fddf | 2019 | 20041006 |
2020 | - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode | |
2021 | and other PAM platforms. | |
4db587d2 | 2022 | - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants |
2023 | to void * to appease picky compilers (eg Tru64's "cc -std1"). | |
27f6fddf | 2024 | |
bc6f919d | 2025 | 20040930 |
2026 | - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ | |
2027 | ||
201407c5 | 2028 | 20040923 |
2029 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, | |
2030 | which could have caused the justification to be wrong. ok djm@ | |
2031 | ||
11124dde | 2032 | 20040921 |
2033 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. | |
2034 | ok djm@ | |
682c95a2 | 2035 | - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin |
2036 | install process. Patch from vinschen at redhat.com. | |
11124dde | 2037 | |
fa64c868 | 2038 | 20040912 |
2039 | - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. | |
2040 | No change in resultant binary | |
a233586b | 2041 | - (djm) [loginrec.c] __func__ifiy |
7a52470e | 2042 | - (djm) [loginrec.c] xmalloc |
4526e8c2 | 2043 | - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol |
2044 | banner. Suggested by deraadt@, ok mouring@, dtucker@ | |
479cece8 | 2045 | - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. |
2046 | Partly by & ok djm@. | |
fa64c868 | 2047 | |
1ef38e33 | 2048 | 20040911 |
2049 | - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ | |
abdec250 | 2050 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from |
2051 | failing PAM session modules to user then exit, similar to the way | |
2052 | /etc/nologin is handled. ok djm@ | |
ab17aac2 | 2053 | - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. |
73b1ee82 | 2054 | - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] |
2055 | Make cygwin code more consistent with that which surrounds it | |
ba6dd90e | 2056 | - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] |
2057 | Bug #892: Send messages from failing PAM account modules to the client via | |
2058 | SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with | |
2059 | SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ | |
d0c890ac | 2060 | - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ |
1a01a50c | 2061 | - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. |
2062 | Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ | |
ef084ee2 | 2063 | - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert |
2064 | at anl.gov, ok djm@ | |
1ef38e33 | 2065 | |
3c502155 | 2066 | 20040830 |
2067 | - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only | |
2068 | copy required environment variables on Cygwin. Patch from vinschen at | |
2069 | redhat.com, ok djm@ | |
148aa9e3 | 2070 | - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from |
2071 | vinschen at redhat.com. | |
3ca8cd7a | 2072 | - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability |
2073 | of shell constructs. Patch from cjwatson at debian.org. | |
3c502155 | 2074 | |
07bcec17 | 2075 | 20040829 |
2076 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from | |
2077 | failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. | |
2078 | From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ | |
528afafa | 2079 | - (dtucker) OpenBSD CVS Sync |
2080 | - djm@cvs.openbsd.org 2004/08/23 11:48:09 | |
2081 | [authfile.c] | |
2082 | fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus | |
2912cbd6 | 2083 | - djm@cvs.openbsd.org 2004/08/23 11:48:47 |
2084 | [channels.c] | |
2085 | typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus | |
510ec5d1 | 2086 | - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 |
2087 | [ssh-keysign.c ssh.c] | |
2088 | Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches | |
2089 | change in Portable; ok markus@ (CVS ID sync only) | |
baab9e74 | 2090 | - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 |
2091 | [ssh-keysign.c] | |
2092 | Remove duplicate getuid(), suggested by & ok markus@ | |
6f5abc1e | 2093 | - markus@cvs.openbsd.org 2004/08/26 16:00:55 |
2094 | [ssh.1 sshd.8] | |
2095 | get rid of references to rhosts authentication; with jmc@ | |
9216f89c | 2096 | - djm@cvs.openbsd.org 2004/08/28 01:01:48 |
2097 | [sshd.c] | |
2098 | don't erroneously close stdin for !reexec case, from Dave Johnson; | |
2099 | ok markus@ | |
765a24cd | 2100 | - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, |
2101 | fixes configure warning on Solaris reported by wknox at mitre.org. | |
3b4e535d | 2102 | - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not |
2103 | support FD passing since multiplex requires it. Noted by tim@ | |
0f996f6f | 2104 | - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn |
2105 | down, needed on some platforms, should be harmless on others. Patch from | |
2106 | jason at devrandom.org. | |
1f29cb36 | 2107 | - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like |
2108 | files ending in .exe that aren't binaries; patch from vinschen at redhat.com. | |
e3dde834 | 2109 | - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree |
2110 | builds too, from vinschen at redhat.com. | |
2d05b097 | 2111 | - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 |
2112 | too; patch from cmadams at hiwaay.net. | |
b3146b5f | 2113 | - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. |
1383f285 | 2114 | - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for |
2115 | accounts with authentication configs that sshd can't support (ie | |
2116 | SYSTEM=NONE and AUTH1=something). | |
07bcec17 | 2117 | |
8a550b0c | 2118 | 20040828 |
dc3f209a | 2119 | - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from |
2120 | vinschen at redhat.com. | |
8a550b0c | 2121 | |
96b0de7d | 2122 | 20040823 |
2123 | - (djm) [ssh-rand-helper.c] Typo. Found by | |
2124 | Martin.Kraemer AT Fujitsu-Siemens.com | |
f6d20d59 | 2125 | - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by |
2126 | Martin.Kraemer AT Fujitsu-Siemens.com | |
96b0de7d | 2127 | |
bd8b4205 | 2128 | 20040817 |
2129 | - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. | |
d9ea1ac4 | 2130 | - (djm) OpenBSD CVS Sync |
2131 | - markus@cvs.openbsd.org 2004/08/16 08:17:01 | |
2132 | [version.h] | |
2133 | 3.9 | |
3e9c2229 | 2134 | - (djm) Crank RPM spec version numbers |
0774a3cb | 2135 | - (djm) Release 3.9p1 |
bd8b4205 | 2136 | |
059d3165 | 2137 | 20040816 |
2138 | - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root | |
2139 | to convince Solaris PAM to honour password complexity rules. ok djm@ | |
2140 | ||
6213295d | 2141 | 20040815 |
2142 | - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since | |
2143 | it does the right thing on all platforms. ok djm@ | |
419e26e7 | 2144 | - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in |
2145 | openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c | |
2146 | openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter | |
2147 | closefrom() replacement from sudo; ok dtucker@ | |
5f12e050 | 2148 | - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker |
b93c1b14 | 2149 | - (dtucker) [Makefile.in] Fix typo. |
6213295d | 2150 | |
b347167a | 2151 | 20040814 |
2152 | - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c] | |
2153 | Explicitly set umask for mkstemp; ok djm@ | |
c3a4ce90 | 2154 | - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise |
2155 | prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@ | |
f5ed3301 | 2156 | - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] |
2157 | Plug AIX login recording into login_write so logins will be recorded for | |
2158 | all auth types. | |
b347167a | 2159 | |
3cc5d223 | 2160 | 20040813 |
2161 | - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at | |
2162 | redhat.com | |
9a995072 | 2163 | - (dtucker) OpenBSD CVS Sync |
2164 | - avsm@cvs.openbsd.org 2004/08/11 21:43:05 | |
2165 | [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] | |
2166 | some signed/unsigned int comparison cleanups; markus@ ok | |
f581b6e8 | 2167 | - avsm@cvs.openbsd.org 2004/08/11 21:44:32 |
2168 | [authfd.c scp.c ssh-keyscan.c] | |
2169 | use atomicio instead of homegrown equivalents or read/write. | |
2170 | markus@ ok | |
188c698a | 2171 | - djm@cvs.openbsd.org 2004/08/12 09:18:24 |
2172 | [sshlogin.c] | |
2173 | typo in error message, spotted by moritz AT jodeit.org (Id sync only) | |
3a858356 | 2174 | - jakob@cvs.openbsd.org 2004/08/12 21:41:13 |
2175 | [ssh-keygen.1 ssh.1] | |
2176 | improve SSHFP documentation; ok deraadt@ | |
a665982d | 2177 | - jmc@cvs.openbsd.org 2004/08/13 00:01:43 |
2178 | [ssh-keygen.1] | |
2179 | kill whitespace at eol; | |
fb3d6bd2 | 2180 | - djm@cvs.openbsd.org 2004/08/13 02:51:48 |
2181 | [monitor_fdpass.c] | |
2182 | extra check for no message case; ok markus, deraadt, hshoexer, henning | |
861cc543 | 2183 | - dtucker@cvs.openbsd.org 2004/08/13 11:09:24 |
2184 | [servconf.c] | |
2185 | Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr | |
2186 | ok markus@, djm@ | |
3cc5d223 | 2187 | |
c6ad9bc4 | 2188 | 20040812 |
2189 | - (dtucker) [sshd.c] Remove duplicate variable imported during sync. | |
8b758bd2 | 2190 | - (dtucker) OpenBSD CVS Sync |
2191 | - markus@cvs.openbsd.org 2004/07/28 08:56:22 | |
2192 | [sshd.c] | |
2193 | call setsid() _before_ re-exec | |
d77347cc | 2194 | - markus@cvs.openbsd.org 2004/07/28 09:40:29 |
2195 | [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c | |
2196 | sshconnect1.c] | |
2197 | more s/illegal/invalid/ | |
0875a0a2 | 2198 | - djm@cvs.openbsd.org 2004/08/04 10:37:52 |
2199 | [dh.c] | |
2200 | return group14 when no primes found - fixes hang on empty /etc/moduli; | |
2201 | ok markus@ | |
16acb158 | 2202 | - dtucker@cvs.openbsd.org 2004/08/11 11:09:54 |
2203 | [servconf.c] | |
2204 | Fix minor leak; "looks right" deraadt@ | |
ad148c04 | 2205 | - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 |
2206 | [sshd.c] | |
2207 | Don't try to close startup_pipe if it's not open; ok djm@ | |
e12b5ad5 | 2208 | - djm@cvs.openbsd.org 2004/08/11 11:59:22 |
2209 | [sshlogin.c] | |
2210 | check that lseek went were we told it to; ok markus@ | |
2211 | (Id sync only, but similar changes are needed in loginrec.c) | |
7456203e | 2212 | - djm@cvs.openbsd.org 2004/08/11 12:01:16 |
2213 | [sshlogin.c] | |
2214 | make store_lastlog_message() static to appease -Wall; ok markus | |
f143ed33 | 2215 | - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling |
2216 | messages generated before the postauth privsep split. | |
c6ad9bc4 | 2217 | |
227a6a97 | 2218 | 20040720 |
2219 | - (djm) OpenBSD CVS Sync | |
2220 | - markus@cvs.openbsd.org 2004/07/21 08:56:12 | |
2221 | [auth.c] | |
2222 | s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, | |
2223 | miod, ... | |
bd5c0694 | 2224 | - djm@cvs.openbsd.org 2004/07/21 10:33:31 |
2225 | [auth1.c auth2.c] | |
2226 | bz#899: Don't display invalid usernames in setproctitle | |
d2e302d7 | 2227 | from peak AT argo.troja.mff.cuni.cz; ok markus@ |
2228 | - djm@cvs.openbsd.org 2004/07/21 10:36:23 | |
2229 | [gss-serv-krb5.c] | |
2230 | fix function declaration | |
13f2a382 | 2231 | - djm@cvs.openbsd.org 2004/07/21 11:51:29 |
2232 | [canohost.c] | |
2233 | bz#902: cache remote port so we don't fatal() in auth_log when remote | |
2234 | connection goes away quickly. from peak AT argo.troja.mff.cuni.cz; | |
2235 | ok markus@ | |
da97d54d | 2236 | - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid |
2237 | usernames in setproctitle from peak AT argo.troja.mff.cuni.cz; | |
227a6a97 | 2238 | |
84824e11 | 2239 | 20040720 |
ac87b3c2 | 2240 | - (djm) [log.c] bz #111: Escape more control characters when sending data |
2241 | to syslog; from peak AT argo.troja.mff.cuni.cz | |
2a5aa59b | 2242 | - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from |
2243 | peak AT argo.troja.mff.cuni.cz | |
84824e11 | 2244 | - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now |
2245 | that sshd is fixed to behave better; suggested by tim | |
ac87b3c2 | 2246 | |
75d1f941 | 2247 | 20040719 |
2248 | - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD | |
2249 | ok dtucker@ | |
8936b151 | 2250 | - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function, |
2251 | instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@ | |
34f2baf0 | 2252 | - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry. |
2253 | Report by rac AT tenzing.org | |
75d1f941 | 2254 | |
35cf0057 | 2255 | 20040717 |
2256 | - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c | |
2257 | ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c | |
2258 | openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces | |
2259 | diff vs OpenBSD; ok mouring@, tested by tim@ too. | |
f2107e97 | 2260 | - (dtucker) OpenBSD CVS Sync |
2261 | - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 | |
2262 | [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c | |
2263 | readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c | |
2264 | session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h | |
2265 | sshd.c ttymodes.h] | |
2266 | spaces | |
95a07125 | 2267 | - brad@cvs.openbsd.org 2004/07/12 23:34:25 |
2268 | [ssh-keyscan.1] | |
2269 | Fix incorrect macro, .I -> .Em | |
2270 | From: Eric S. Raymond <esr at thyrsus dot com> | |
2271 | ok jmc@ | |
be2ca0c9 | 2272 | - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 |
2273 | [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] | |
2274 | Move "Last logged in at.." message generation to the monitor, right | |
2275 | before recording the new login. Fixes missing lastlog message when | |
2276 | /var/log/lastlog is not world-readable and incorrect datestamp when | |
2277 | multiple sessions are used (bz #463); much assistance & ok markus@ | |
35cf0057 | 2278 | |
930d0441 | 2279 | 20040711 |
2280 | - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows | |
2281 | the monitor to properly clean up the PAM thread (Debian bug #252676). | |
2282 | ||
6a2c4cd8 | 2283 | 20040709 |
2284 | - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from | |
2285 | vinschen AT redhat.com | |
2286 | ||
5b8a78e8 | 2287 | 20040708 |
2288 | - (dtucker) OpenBSD CVS Sync | |
2289 | - dtucker@cvs.openbsd.org 2004/07/03 05:11:33 | |
2290 | [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable) | |
2291 | Use '\0' not 0 for string; ok djm@, deraadt@ | |
77751377 | 2292 | - dtucker@cvs.openbsd.org 2004/07/03 11:02:25 |
2293 | [monitor_wrap.c] | |
2294 | Put s/key functions inside #ifdef SKEY same as monitor.c, | |
2295 | from des@freebsd via bz #330, ok markus@ | |
7e693c81 | 2296 | - dtucker@cvs.openbsd.org 2004/07/08 12:47:21 |
2297 | [scp.c] | |
2298 | Prevent scp from skipping the file following a double-error. | |
2299 | bz #863, ok markus@ | |
5b8a78e8 | 2300 | |
544842de | 2301 | 20040702 |
2302 | - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by | |
2303 | strube at physik3.gwdg.de a long time ago. | |
2304 | ||
25bfd4ff | 2305 | 20040701 |
2306 | - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. | |
2307 | Ensures messages from PAM modules are displayed when privsep=no. | |
0943f13c | 2308 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes |
2309 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ | |
e4472e7e | 2310 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK |
2311 | to pam_authenticate for challenge-response auth too. Originally from | |
2312 | fcusack at fcusack.com, ok djm@ | |
d386a795 | 2313 | - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within |
2314 | the same version. Handle the case where someone uses --with-privsep-user= | |
2315 | and the user name does not match the group name. ok dtucker@ | |
25bfd4ff | 2316 | |
d506e25f | 2317 | 20040630 |
2318 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | |
2319 | appdata_ptr to the conversation function. ok djm@ | |
9affc5db | 2320 | - (djm) OpenBSD CVS Sync |
2321 | - jmc@cvs.openbsd.org 2004/06/26 09:03:21 | |
2322 | [ssh.1] | |
2323 | - remove double word | |
2324 | - rearrange .Bk to keep SYNOPSIS nice | |
2325 | - -M before -m in options description | |
9a5cfb58 | 2326 | - jmc@cvs.openbsd.org 2004/06/26 09:11:14 |
2327 | [ssh_config.5] | |
2328 | punctuation and grammar fixes. also, keep the options in order. | |
8fca654b | 2329 | - jmc@cvs.openbsd.org 2004/06/26 09:14:40 |
2330 | [sshd_config.5] | |
2331 | new sentence, new line; | |
83529a6b | 2332 | - avsm@cvs.openbsd.org 2004/06/26 20:07:16 |
2333 | [sshd.c] | |
2334 | initialise some fd variables to -1, djm@ ok | |
c6c76c99 | 2335 | - djm@cvs.openbsd.org 2004/06/30 08:36:59 |
2336 | [session.c] | |
2337 | unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@ | |
d506e25f | 2338 | |
6bd29ee7 | 2339 | 20040627 |
2340 | - (tim) update README files. | |
78666263 | 2341 | - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros. |
6a303e26 | 2342 | - (dtucker) [regress/README.regress] Document new variables. |
cd698186 | 2343 | - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp |
2344 | rename handling for Linux which returns EPERM for link() on (at least some) | |
2345 | filesystems that do not support hard links. sftp-server will fall back to | |
2346 | stat+rename() in such cases. | |
13f72b91 | 2347 | - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. |
6bd29ee7 | 2348 | |
b250e837 | 2349 | 20040626 |
2350 | - (djm) OpenBSD CVS Sync | |
2351 | - djm@cvs.openbsd.org 2004/06/25 18:43:36 | |
2352 | [sshd.c] | |
2353 | fix broken fd handling in the re-exec fallback path, particularly when | |
2354 | /dev/crypto is in use; ok deraadt@ markus@ | |
7f09f717 | 2355 | - djm@cvs.openbsd.org 2004/06/25 23:21:38 |
2356 | [sftp.c] | |
2357 | bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de | |
b250e837 | 2358 | |
b9a549d7 | 2359 | 20040625 |
2360 | - (dtucker) OpenBSD CVS Sync | |
2361 | - djm@cvs.openbsd.org 2004/06/24 19:30:54 | |
2362 | [servconf.c servconf.h sshd.c] | |
2363 | re-exec sshd on accept(); initial work, final debugging and ok markus@ | |
33e5359c | 2364 | - djm@cvs.openbsd.org 2004/06/25 01:16:09 |
2365 | [sshd.c] | |
2366 | only perform tcp wrappers checks when the incoming connection is on a | |
2367 | socket. silences useless warnings from regress tests that use | |
2368 | proxycommand="sshd -i". prompted by david@ ok markus@ | |
403447b4 | 2369 | - djm@cvs.openbsd.org 2004/06/24 19:32:00 |
2370 | [regress/Makefile regress/test-exec.sh, added regress/reexec.sh] | |
2371 | regress test for re-exec corner cases | |
19031d79 | 2372 | - djm@cvs.openbsd.org 2004/06/25 01:25:12 |
2373 | [regress/test-exec.sh] | |
2374 | clean reexec-specific junk out of text-exec.sh and simplify; idea markus@ | |
dc5888bf | 2375 | - dtucker@cvs.openbsd.org 2004/06/25 05:38:48 |
2376 | [sftp-server.c] | |
2377 | Fall back to stat+rename if filesystem doesn't doesn't support hard | |
2378 | links. bz#823, ok djm@ | |
2909d712 | 2379 | - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h] |
2380 | Add closefrom() for platforms that don't have it. | |
7706b4c7 | 2381 | - (dtucker) [sshd.c] add line missing from reexec sync. |
b9a549d7 | 2382 | |
ece30983 | 2383 | 20040623 |
2384 | - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 | |
2385 | connections with empty passwords. Patch from davidwu at nbttech.com, | |
2386 | ok djm@ | |
e0e1d130 | 2387 | - (dtucker) OpenBSD CVS Sync |
2388 | - dtucker@cvs.openbsd.org 2004/06/22 22:42:02 | |
2389 | [regress/envpass.sh] | |
2390 | Add quoting for test -z; ok markus@ | |
677dd470 | 2391 | - dtucker@cvs.openbsd.org 2004/06/22 22:45:52 |
2392 | [regress/test-exec.sh] | |
2393 | Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding | |
2394 | arbitary options to sshd_config and ssh_config during tests. ok markus@ | |
08f8b491 | 2395 | - dtucker@cvs.openbsd.org 2004/06/22 22:55:56 |
2396 | [regress/dynamic-forward.sh regress/test-exec.sh] | |
2397 | Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@ | |
2225c3d3 | 2398 | - mouring@cvs.openbsd.org 2004/06/23 00:39:38 |
2399 | [rijndael.c] | |
2400 | -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@ | |
77c50919 | 2401 | - dtucker@cvs.openbsd.org 2004/06/23 14:31:01 |
2402 | [ssh.c] | |
2403 | Fix counting in master/slave when passing environment variables; ok djm@ | |
9ea217e8 | 2404 | - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match |
2405 | -Wshadow change. | |
915d8ec0 | 2406 | - (bal) [Makefile.in] Remove opensshd.init on 'make distclean' |
bc5c2025 | 2407 | - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] |
2408 | Move loginrestrictions test to port-aix.c, replace with a generic hook. | |
30a3b174 | 2409 | - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable. |
915d8ec0 | 2410 | - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added |
2411 | reference to "findssl.sh" | |
ece30983 | 2412 | |
67a08279 | 2413 | 20040622 |
2414 | - (dtucker) OpenBSD CVS Sync | |
2415 | - djm@cvs.openbsd.org 2004/06/20 17:36:59 | |
2416 | [ssh.c] | |
2417 | filter passed env vars at slave in connection sharing case; ok markus@ | |
48925711 | 2418 | - djm@cvs.openbsd.org 2004/06/20 18:53:39 |
2419 | [sftp.c] | |
2420 | make "ls -l" listings print user/group names, add "ls -n" to show uid/gid | |
2421 | (like /bin/ls); idea & ok markus@ | |
031a105c | 2422 | - djm@cvs.openbsd.org 2004/06/20 19:28:12 |
2423 | [sftp.1] | |
2424 | mention new -n flag | |
ca75d7de | 2425 | - avsm@cvs.openbsd.org 2004/06/21 17:36:31 |
2426 | [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c | |
2427 | cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c | |
2428 | monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c | |
2429 | ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c | |
2430 | sshpty.c] | |
2431 | make ssh -Wshadow clean, no functional changes | |
2432 | markus@ ok | |
d7ecbe88 | 2433 | - djm@cvs.openbsd.org 2004/06/21 17:53:03 |
2434 | [session.c] | |
2435 | fix fd leak for multiple subsystem connections; with markus@ | |
3a55a954 | 2436 | - djm@cvs.openbsd.org 2004/06/21 22:02:58 |
2437 | [log.h] | |
2438 | mark fatal and cleanup exit as __dead; ok markus@ | |
95cbd340 | 2439 | - djm@cvs.openbsd.org 2004/06/21 22:04:50 |
2440 | [sftp.c] | |
2441 | introduce sorting for ls, same options as /bin/ls; ok markus@ | |
ae7daec3 | 2442 | - djm@cvs.openbsd.org 2004/06/21 22:30:45 |
2443 | [sftp.c] | |
2444 | prefix ls option flags with LS_ | |
c4c84934 | 2445 | - djm@cvs.openbsd.org 2004/06/21 22:41:31 |
2446 | [sftp.1] | |
2447 | document sort options | |
cc4ff6c4 | 2448 | - djm@cvs.openbsd.org 2004/06/22 01:16:39 |
2449 | [sftp.c] | |
2450 | don't show .files by default in ls, add -a option to turn them back on; | |
2451 | ok markus | |
cb19b709 | 2452 | - markus@cvs.openbsd.org 2004/06/22 03:12:13 |
2453 | [regress/envpass.sh regress/multiplex.sh] | |
2454 | more portable env passing tests | |
18a8f313 | 2455 | - dtucker@cvs.openbsd.org 2004/06/22 05:05:45 |
2456 | [monitor.c monitor_wrap.c] | |
2457 | Change login->username, will prevent -Wshadow errors in Portable; | |
2458 | ok markus@ | |
0cc632c0 | 2459 | - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket". |
8a946417 | 2460 | - (dtucker) [defines.h] Define __dead if not already defined. |
915d8ec0 | 2461 | - (bal) [auth-passwd.c auth1.c] Clean up unused variables. |
67a08279 | 2462 | |
a3245b92 | 2463 | 20040620 |
2464 | - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. | |
2465 | ||
c10bb2ce | 2466 | 20040619 |
2467 | - (dtucker) [auth-pam.c] Don't use PAM namespace for | |
2468 | pam_password_change_required either. | |
ddd8c95b | 2469 | - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd |
2470 | init script to top level directory. Add opensshd.init.in. | |
2471 | Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in | |
c10bb2ce | 2472 | |
1786be35 | 2473 | 20040618 |
2474 | - (djm) OpenBSD CVS Sync | |
2475 | - djm@cvs.openbsd.org 2004/06/17 14:52:48 | |
2476 | [clientloop.c clientloop.h ssh.c] | |
2477 | support environment passing over shared connections; ok markus@ | |
0d34d6ce | 2478 | - djm@cvs.openbsd.org 2004/06/17 15:10:14 |
2479 | [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] | |
2480 | Add option for confirmation (ControlMaster=ask) via ssh-askpass before | |
2481 | opening shared connections; ok markus@ | |
b9a59b74 | 2482 | - djm@cvs.openbsd.org 2004/06/17 14:53:27 |
2483 | [regress/multiplex.sh] | |
2484 | shared connection env passing regress test | |
1ddab330 | 2485 | - (dtucker) [regress/README.regress] Add detail on how to run a single |
2486 | test from the top-level Makefile. | |
0e19494c | 2487 | - (dtucker) OpenBSD CVS Sync |
2488 | - djm@cvs.openbsd.org 2004/06/17 23:56:57 | |
2489 | [ssh.1 ssh.c] | |
2490 | sync usage() and SYNPOSIS with connection sharing changes | |
35e49915 | 2491 | - dtucker@cvs.openbsd.org 2004/06/18 06:13:25 |
2492 | [sftp.c] | |
2493 | Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@ | |
1980d5c9 | 2494 | - dtucker@cvs.openbsd.org 2004/06/18 06:15:51 |
2495 | [multiplex.sh] | |
2496 | Use -S for scp/sftp to force the use of the ssh being tested. | |
2497 | ok djm@,markus@ | |
78d2b454 | 2498 | - (djm) OpenBSD CVS Sync |
2499 | - djm@cvs.openbsd.org 2004/06/18 10:40:19 | |
2500 | [ssh.c] | |
2501 | delay signal handler setup until we have finished talking to the master. | |
2502 | allow interrupting of setup (e.g. if master is stuck); ok markus@ | |
4598add7 | 2503 | - markus@cvs.openbsd.org 2004/06/18 10:55:43 |
2504 | [ssh.1 ssh.c] | |
2505 | trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; | |
2506 | ok djm | |
13de3560 | 2507 | - djm@cvs.openbsd.org 2004/06/18 11:11:54 |
2508 | [channels.c clientloop.c] | |
2509 | Don't explode in clientloop when we receive a bogus channel id, but | |
2510 | also don't generate them to begin with; ok markus@ | |
1786be35 | 2511 | |
502f32cd | 2512 | 20040617 |
2513 | - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some | |
2514 | platforms), so test if diff understands it. Pointed out by tim@, ok djm@ | |
58766d34 | 2515 | - (dtucker) OpenBSD CVS Sync regress/ |
2516 | - dtucker@cvs.openbsd.org 2004/06/17 05:51:59 | |
2517 | [regress/multiplex.sh] | |
2518 | Remove datafile between and after tests, kill sshd rather than wait; | |
2519 | ok djm@ | |
00e612c7 | 2520 | - dtucker@cvs.openbsd.org 2004/06/17 06:00:05 |
2521 | [regress/multiplex.sh] | |
2522 | Use DATA and COPY for test data rather than hard-coded paths; ok djm@ | |
c031f95b | 2523 | - dtucker@cvs.openbsd.org 2004/06/17 06:19:06 |
2524 | [regress/multiplex.sh] | |
2525 | Add small description of failing test to failure message; ok djm@ | |
b066fabe | 2526 | - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need |
2527 | it. | |
1cfcbead | 2528 | - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not |
2529 | enough for slow systems, especially if they don't have a kernel RNG). | |
502f32cd | 2530 | |
6d05637a | 2531 | 20040616 |
2532 | - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No | |
2533 | code changes. | |
1b0a92c0 | 2534 | - (dtucker) OpenBSD CVS Sync regress/ |
2535 | - djm@cvs.openbsd.org 2004/04/27 09:47:30 | |
30ee6294 | 2536 | [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] |
1b0a92c0 | 2537 | regress test for environment passing, SendEnv & AcceptEnv options; |
2538 | ok markus@ | |
53e2a65c | 2539 | - dtucker@cvs.openbsd.org 2004/06/13 13:51:02 |
30ee6294 | 2540 | [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh |
2541 | regress/scp.sh] | |
53e2a65c | 2542 | Add scp regression test; with & ok markus@ |
00995aa0 | 2543 | - djm@cvs.openbsd.org 2004/06/13 15:04:08 |
30ee6294 | 2544 | [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] |
00995aa0 | 2545 | regress test for client multiplexing; ok markus@ |
099e2052 | 2546 | - djm@cvs.openbsd.org 2004/06/13 15:16:54 |
2547 | [regress/test-exec.sh] | |
2548 | remove duplicate setting of $SCP; spotted by markus@ | |
6d89f486 | 2549 | - dtucker@cvs.openbsd.org 2004/06/16 13:15:09 |
2550 | [regress/scp.sh] | |
2551 | Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@ | |
6d3d1404 | 2552 | - dtucker@cvs.openbsd.org 2004/06/16 13:16:40 |
353e5ddd | 2553 | [regress/multiplex.sh] |
6d3d1404 | 2554 | Silence multiplex sftp and scp tests. ok markus@ |
6b1caf5d | 2555 | - (dtucker) [regress/test-exec.sh] |
2556 | Move Portable-only StrictModes to top of list to make syncs easier. | |
2557 | - (dtucker) [regress/README.regress] | |
2558 | Add $TEST_SHELL to readme. | |
6d05637a | 2559 | |
8dbffee9 | 2560 | 20040615 |
2561 | - (djm) OpenBSD CVS Sync | |
2562 | - djm@cvs.openbsd.org 2004/05/26 08:59:57 | |
2563 | [sftp.c] | |
2564 | exit -> _exit in forked child on error; from andrushock AT korovino.net | |
0ea89f7e | 2565 | - markus@cvs.openbsd.org 2004/05/26 23:02:39 |
2566 | [channels.c] | |
2567 | missing freeaddrinfo; Andrey Matveev | |
f9ee425b | 2568 | - dtucker@cvs.openbsd.org 2004/05/27 00:50:13 |
2569 | [readconf.c] | |
2570 | Kill dead code after fatal(); ok djm@ | |
87ef1b80 | 2571 | - dtucker@cvs.openbsd.org 2004/06/01 14:20:45 |
2572 | [auth2-chall.c] | |
2573 | Remove redundant #include; ok markus@ | |
6e007f08 | 2574 | - pedro@cvs.openbsd.org 2004/06/03 12:22:20 |
2575 | [sftp-client.c sftp.c] | |
2576 | initialize pointers, ok markus@ | |
41e5bd9a | 2577 | - djm@cvs.openbsd.org 2004/06/13 12:53:24 |
2578 | [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] | |
2579 | [ssh-keyscan.c sshconnect2.c sshd.c] | |
2580 | implement diffie-hellman-group14-sha1 kex method (trivial extension to | |
2581 | existing diffie-hellman-group1-sha1); ok markus@ | |
3b9baa7b | 2582 | - dtucker@cvs.openbsd.org 2004/06/13 14:01:42 |
2583 | [ssh.1 ssh_config.5 sshd_config.5] | |
2584 | List supported ciphers in man pages, tidy up ssh -c; | |
2585 | "looks fine" jmc@, ok markus@ | |
5e96b616 | 2586 | - djm@cvs.openbsd.org 2004/06/13 15:03:02 |
2587 | [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] | |
2588 | [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] | |
2589 | implement session multiplexing in the client (the server has supported | |
2590 | this since 2.0); ok markus@ | |
170694d7 | 2591 | - djm@cvs.openbsd.org 2004/06/14 01:44:39 |
2592 | [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] | |
2593 | [sshd.c] | |
1b273ece | 2594 | set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ |
2595 | - djm@cvs.openbsd.org 2004/06/15 05:45:04 | |
2596 | [clientloop.c] | |
2597 | missed one unset_nonblock; spotted by Tim Rice | |
a67a2ec6 | 2598 | - (djm) Fix Makefile.in for connection sharing changes |
4b5df124 | 2599 | - (djm) [ssh.c] Use separate var for address length |
8dbffee9 | 2600 | |
8600a4ab | 2601 | 20040603 |
2602 | - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. | |
2603 | ok djm@ | |
2604 | ||
93c5ef94 | 2605 | 20040601 |
2606 | - (djm) [auth-pam.c] Add copyright for local changes | |
2607 | ||
5de92f17 | 2608 | 20040530 |
0e716148 | 2609 | - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM |
5de92f17 | 2610 | support for PasswordAuthentication=yes. ok djm@ |
0e716148 | 2611 | - (dtucker) [auth-pam.c] Use an invalid password for root if |
2612 | PermitRootLogin != yes or the login is invalid, to prevent leaking | |
2613 | information. Based on Openwall's owl-always-auth patch. ok djm@ | |
9cefe228 | 2614 | - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@ |
2615 | - (tim) [buildpkg.sh.in] New file. A more flexible version of | |
2616 | contrib/solaris/buildpkg.sh used for "make package". | |
25616c13 | 2617 | - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file. |
5de92f17 | 2618 | |
f2422cee | 2619 | 20040527 |
2620 | - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec | |
2621 | contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass | |
2622 | and Jim Knoble's email address , from Jim himself. | |
2623 | ||
0e5de6f8 | 2624 | 20040524 |
2625 | - (dtucker) OpenBSD CVS Sync | |
2626 | - djm@cvs.openbsd.org 2004/05/19 12:17:33 | |
2627 | [sftp-client.c sftp.c] | |
2628 | gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while | |
2629 | waiting for a command; ok markus@ | |
27c6fcae | 2630 | - dtucker@cvs.openbsd.org 2004/05/20 10:58:05 |
2631 | [clientloop.c] | |
2632 | Trivial type fix 0 -> '\0'; ok markus@ | |
7e9a0e92 | 2633 | - markus@cvs.openbsd.org 2004/05/21 08:43:03 |
2634 | [kex.h moduli.c tildexpand.c] | |
2635 | add prototypes for -Wall; ok djm | |
d740ec16 | 2636 | - djm@cvs.openbsd.org 2004/05/21 11:33:11 |
2637 | [channels.c channels.h clientloop.c serverloop.c ssh.1] | |
8a956cda | 2638 | bz #756: add support for the cancel-tcpip-forward request for the server |
2639 | and the client (through the ~C commandline). reported by z3p AT | |
2640 | twistedmatrix.com; ok markus@ | |
7069a5e2 | 2641 | - djm@cvs.openbsd.org 2004/05/22 06:32:12 |
2642 | [clientloop.c ssh.1] | |
2643 | use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@ | |
790029d9 | 2644 | - jmc@cvs.openbsd.org 2004/05/22 16:01:05 |
2645 | [ssh.1] | |
2646 | kill whitespace at eol; | |
af4bd935 | 2647 | - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 |
8a956cda | 2648 | [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config |
2649 | sshd_config.5] | |
af4bd935 | 2650 | Add MaxAuthTries sshd config option; ok markus@ |
8a956cda | 2651 | - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" |
2652 | is terminated if the privsep slave exits during keyboard-interactive | |
2653 | authentication. ok djm@ | |
e5ba4718 | 2654 | - (dtucker) [sshd.c] Fix typo in comment. |
0e5de6f8 | 2655 | |
73e81988 | 2656 | 20040523 |
2f6f9cff | 2657 | - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in |
2658 | sshd_config; ok dtucker@ | |
2659 | - (djm) [configure.ac] Warn if the system has no known way of figuring out | |
2660 | which user is on the other end of a Unix domain socket; ok dtucker@ | |
a205f92a | 2661 | - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle |
2662 | old/broken/incomplete <sys/queue.h>. | |
73e81988 | 2663 | |
dabb524a | 2664 | 20040513 |
2665 | - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in | |
2666 | libresolv, fixes problems detecting it on some platforms | |
2667 | (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@ | |
16cc4c93 | 2668 | - (dtucker) OpenBSD CVS Sync |
2669 | - jmc@cvs.openbsd.org 2004/05/04 18:36:07 | |
2670 | [scp.1] | |
2671 | SendEnv here too; | |
b2e90ab5 | 2672 | - jmc@cvs.openbsd.org 2004/05/06 11:24:23 |
2673 | [ssh_config.5] | |
2674 | typo from John Cosimano (PR 3770); | |
07d80252 | 2675 | - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 |
2676 | [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c | |
2677 | tildexpand.c], removed: sshtty.h tildexpand.h | |
2678 | make two tiny header files go away; djm ok | |
58ae9cb8 | 2679 | - djm@cvs.openbsd.org 2004/05/08 00:21:31 |
2680 | [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c | |
2681 | sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h | |
2682 | kill a tiny header; ok deraadt@ | |
20eea1d7 | 2683 | - djm@cvs.openbsd.org 2004/05/09 00:06:47 |
2684 | [moduli.c ssh-keygen.c] removed: moduli.h | |
2685 | zap another tiny header; ok deraadt@ | |
8bbf1fa6 | 2686 | - djm@cvs.openbsd.org 2004/05/09 01:19:28 |
2687 | [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c | |
2688 | sshd.c] removed: mpaux.c mpaux.h | |
2689 | kill some more tiny files; ok deraadt@ | |
59657003 | 2690 | - djm@cvs.openbsd.org 2004/05/09 01:26:48 |
2691 | [kex.c] | |
2692 | don't overwrite what we are trying to compute | |
f6be21a0 | 2693 | - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 |
2694 | [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c | |
2695 | packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] | |
2696 | improve some code lint did not like; djm millert ok | |
1852a1f8 | 2697 | - dtucker@cvs.openbsd.org 2004/05/13 02:47:50 |
2698 | [ssh-agent.1] | |
2699 | Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@ | |
d5c67850 | 2700 | - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to |
2701 | UsePAM section. Parts from djm@ and jmc@. | |
0f3ee929 | 2702 | - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses |
2703 | readpass.h, grep says scard-opensc.c does too. Replace with misc.h. | |
85165968 | 2704 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR |
2705 | is defined before using. | |
4d29d2d3 | 2706 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR |
2707 | -> HAVE_DECL_H_ERRNO. | |
dabb524a | 2708 | |
2709 | 20040502 | |
df5a0d7e | 2710 | - (dtucker) OpenBSD CVS Sync |
2711 | - djm@cvs.openbsd.org 2004/04/22 11:56:57 | |
2712 | [moduli.c] | |
2713 | Bugzilla #850: Sophie Germain is the correct name of the French | |
2714 | mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr | |
61a2c1da | 2715 | - djm@cvs.openbsd.org 2004/04/27 09:46:37 |
2716 | [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c | |
2717 | ssh_config.5 sshd_config.5] | |
2718 | bz #815: implement ability to pass specified environment variables from | |
2719 | the client to the server; ok markus@ | |
b8b9f2e6 | 2720 | - djm@cvs.openbsd.org 2004/04/28 05:17:10 |
2721 | [ssh_config.5 sshd_config.5] | |
2722 | manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu) | |
a040b9ee | 2723 | - jmc@cvs.openbsd.org 2004/04/28 07:02:56 |
2724 | [sshd_config.5] | |
2725 | remove unnecessary .Pp; | |
8e99a198 | 2726 | - jmc@cvs.openbsd.org 2004/04/28 07:13:42 |
2727 | [sftp.1 ssh.1] | |
2728 | add SendEnv to -o list; | |
7b7385da | 2729 | - dtucker@cvs.openbsd.org 2004/05/02 11:54:31 |
2730 | [sshd.8] | |
2731 | Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk | |
2732 | via Debian; ok djm@ | |
20b267fb | 2733 | - dtucker@cvs.openbsd.org 2004/05/02 11:57:52 |
2734 | [ssh.1] | |
2735 | ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via | |
2736 | Debian. ok djm@ | |
927fcba2 | 2737 | - dtucker@cvs.openbsd.org 2004/05/02 23:02:17 |
2738 | [sftp.1] | |
2739 | ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@ | |
78f8c073 | 2740 | - dtucker@cvs.openbsd.org 2004/05/02 23:17:51 |
2741 | [scp.1] | |
2742 | ConnectionTimeout -> ConnectTimeout for scp.1 too. | |
df5a0d7e | 2743 | |
41e0e158 | 2744 | 20040423 |
2745 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno | |
2746 | as extern int if not already declared. Fixes compile errors on old SCO | |
2747 | platforms. ok tim@ | |
3daa912a | 2748 | - (dtucker) [README.platform] List prereqs for building on Cygwin. |
41e0e158 | 2749 | |
e7df6a14 | 2750 | 20040421 |
2751 | - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@ | |
2752 | ||
484b2208 | 2753 | 20040420 |
2754 | - (djm) OpenBSD CVS Sync | |
2755 | - henning@cvs.openbsd.org 2004/04/08 16:08:21 | |
2756 | [sshconnect2.c] | |
da3e452a | 2757 | swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what |
2758 | FreeBSD and NetBSD do. | |
484b2208 | 2759 | ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@ |
9f6cab4b | 2760 | - djm@cvs.openbsd.org 2004/04/18 23:10:26 |
2761 | [readconf.c readconf.h ssh-keysign.c ssh.c] | |
2762 | perform strict ownership and modes checks for ~/.ssh/config files, | |
2763 | as these can be used to execute arbitrary programs; ok markus@ | |
2764 | NB. ssh will now exit when it detects a config with poor permissions | |
e1520719 | 2765 | - djm@cvs.openbsd.org 2004/04/19 13:02:40 |
2766 | [ssh.1 ssh_config.5] | |
2767 | document strict permission checks on ~/.ssh/config; prompted by, | |
2768 | with & ok jmc@ | |
1e9b1b82 | 2769 | - jmc@cvs.openbsd.org 2004/04/19 16:12:14 |
2770 | [ssh_config.5] | |
2771 | kill whitespace at eol; | |
f7f14143 | 2772 | - djm@cvs.openbsd.org 2004/04/19 21:51:49 |
2773 | [ssh.c] | |
2774 | fix idiot typo that i introduced in my last commit; | |
2775 | spotted by cschneid AT cschneid.com | |
da3e452a | 2776 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for |
2777 | above change | |
41707f74 | 2778 | - (djm) [configure.ac] Check whether libroken is required when building |
2779 | with Heimdal | |
484b2208 | 2780 | |
1297d248 | 2781 | 20040419 |
2782 | - (dtucker) OpenBSD CVS Sync | |
2783 | - dtucker@cvs.openbsd.org 2004/02/29 22:04:45 | |
2784 | [regress/login-timeout.sh] | |
2785 | Use sudo when restarting daemon during test. ok markus@ | |
b4752a0e | 2786 | - dtucker@cvs.openbsd.org 2004/03/08 10:17:12 |
2787 | [regress/login-timeout.sh] | |
2788 | Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only) | |
b093b499 | 2789 | - djm@cvs.openbsd.org 2004/03/30 12:41:56 |
2790 | [sftp-client.c] | |
2791 | sync comment with reality | |
12674c78 | 2792 | - djm@cvs.openbsd.org 2004/03/31 21:58:47 |
2793 | [canohost.c] | |
2794 | don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) | |
f09aa22c | 2795 | - markus@cvs.openbsd.org 2004/04/01 12:19:57 |
2796 | [scp.c] | |
2797 | limit trust between local and remote rcp/scp process, | |
2798 | noticed by lcamtuf; ok deraadt@, djm@ | |
1297d248 | 2799 | |
1e08e787 | 2800 | 20040418 |
2801 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM | |
2802 | authentication attempts. With & ok djm@ | |
917ee1d2 | 2803 | - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow |
2804 | change of user context without a password, so relax auth method | |
2805 | restrictions; from vinschen AT redhat.com; ok dtucker@ | |
1e08e787 | 2806 | |
f9aacd5e | 2807 | 20040416 |
2808 | - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since | |
2809 | FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com | |
6490a5d5 | 2810 | - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache |
2811 | file using FILE: method, fixes problems on Mac OSX. | |
2812 | Patch from simon@sxw.org.uk; ok dtucker@ | |
9ff90d99 | 2813 | - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and |
2814 | BROKEN_SETREGID for SCO OpenServer 3 | |
f9aacd5e | 2815 | |
d1d10baa | 2816 | 20040412 |
2817 | - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning | |
2818 | from bug #701 (text from jfh at cise.ufl.edu). | |
141fc639 | 2819 | - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg |
2820 | skeychallenge(), eg on NetBSD. ok mouring@ | |
f2b7b5c8 | 2821 | - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly |
2822 | 4-arg, with compatibility for 3-arg versions. From djm@, ok me. | |
77f09220 | 2823 | - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@ |
d1d10baa | 2824 | |
f20d4564 | 2825 | 20040408 |
2826 | - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating | |
2827 | pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org. | |
9b08c23f | 2828 | - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers |
2829 | back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) | |
074c4cbc | 2830 | - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and |
2831 | simplify loginrec.c. ok tim@ | |
a655c012 | 2832 | - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested |
2833 | limiting scope and dtucker@ agreed. | |
f20d4564 | 2834 | |
e7d0f139 | 2835 | 20040407 |
2836 | - (dtucker) [session.c] Flush stdout after displaying loginmsg. From | |
2837 | f_mohr at yahoo.de. | |
79753592 | 2838 | - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see |
2839 | if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) | |
2840 | are starting to restrict it as internal since it is not needed by | |
2841 | developers any more. (Patch based on Apple tree) | |
2842 | - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since | |
2843 | krb5 on MacOS/X conflicts. There may be a better solution, but this will | |
2844 | work for now. | |
e7d0f139 | 2845 | |
3d59832f | 2846 | 20040406 |
2847 | - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use | |
2848 | updwtmpx() on IRIX since it seems to clobber utmp. ok djm@ | |
2fe51906 | 2849 | - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect |
2850 | broken getaddrinfo and friends on HP-UX. ok djm@ | |
3d59832f | 2851 | |
b90bed9f | 2852 | 20040330 |
2853 | - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on | |
2854 | Linuxes, since that's what many use. ok djm@ | |
d948154a | 2855 | - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c |
2856 | to reduce potential confusion with the one in sshd.c. ok djm@ | |
35087869 | 2857 | - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection; |
2858 | with & ok dtucker@ | |
b90bed9f | 2859 | |
75dbfa01 | 2860 | 20040327 |
2861 | - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent | |
2862 | duplicate login messages for mutli-session logins. ok djm@ | |
2863 | ||
c876ee7e | 2864 | 20040322 |
a4c0faa2 | 2865 | - (djm) [sshd.c] Drop supplemental groups if started as root |
c876ee7e | 2866 | - (djm) OpenBSD CVS Sync |
2867 | - markus@cvs.openbsd.org 2004/03/09 22:11:05 | |
2868 | [ssh.c] | |
2869 | increase x11 cookie lifetime to 20 minutes; ok djm | |
182ccbba | 2870 | - markus@cvs.openbsd.org 2004/03/10 09:45:06 |
2871 | [ssh.c] | |
2872 | trim usage to match ssh(1) and look more like unix. ok djm@ | |
65edde94 | 2873 | - markus@cvs.openbsd.org 2004/03/11 08:36:26 |
2874 | [sshd.c] | |
2875 | trim usage; ok deraadt | |
85ac7a84 | 2876 | - markus@cvs.openbsd.org 2004/03/11 10:21:17 |
2877 | [ssh.c sshd.c] | |
2878 | ssh, sshd: sync version output, ok djm | |
7c79db4e | 2879 | - markus@cvs.openbsd.org 2004/03/20 10:40:59 |
2880 | [version.h] | |
2881 | 3.8.1 | |
442c8293 | 2882 | - (djm) Crank RPM spec versions |
a4c0faa2 | 2883 | |
2b983b95 | 2884 | 20040311 |
2885 | - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker | |
2886 | ||
31863e02 | 2887 | 20040310 |
2888 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo | |
2889 | before redefining it, silences warnings on Tru64. | |
2890 | ||
3a5d0759 | 2891 | 20040308 |
2892 | - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some | |
529d73ab | 2893 | platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@ |
2894 | - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h | |
2895 | openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being | |
2896 | inherited by the child. ok djm@ | |
2897 | - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c | |
2898 | monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized | |
cc120685 | 2899 | even if keyboard-interactive is not used by the client. Prevents |
2900 | segfaults in some cases where the user's password is expired (note this | |
2901 | is not considered a security exposure). ok djm@ | |
2902 | - (djm) OpenBSD CVS Sync | |
2903 | - markus@cvs.openbsd.org 2004/03/03 06:47:52 | |
2904 | [sshd.c] | |
2905 | change proctiltle after accept(2); ok henning, deraadt, djm | |
213bab61 | 2906 | - djm@cvs.openbsd.org 2004/03/03 09:30:42 |
2907 | [sftp-client.c] | |
2908 | Don't print duplicate messages when progressmeter is off | |
2909 | Spotted by job317 AT mailvault.com; ok markus@ | |
06abcf97 | 2910 | - djm@cvs.openbsd.org 2004/03/03 09:31:20 |
2911 | [sftp.c] | |
2912 | Fix initialisation of progress meter; ok markus@ | |
3a065ed0 | 2913 | - markus@cvs.openbsd.org 2004/03/05 10:53:58 |
2914 | [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] | |
2915 | add IdentitiesOnly; ok djm@, pb@ | |
b655d28c | 2916 | - djm@cvs.openbsd.org 2004/03/08 09:38:05 |
2917 | [ssh-keyscan.c] | |
2918 | explicitly initialise remote_major and remote_minor. | |
2919 | from cjwatson AT debian.org; ok markus@ | |
24f37810 | 2920 | - dtucker@cvs.openbsd.org 2004/03/08 10:18:57 |
2921 | [sshd_config.5] | |
2922 | Document KerberosGetAFSToken; ok markus@ | |
c4f51837 | 2923 | - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal |
3a5d0759 | 2924 | |
d22e04fd | 2925 | 20040307 |
2926 | - (tim) [regress/login-timeout.sh] fix building outside of source tree. | |
2927 | ||
a1e0095d | 2928 | 20040304 |
2929 | - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with | |
2930 | -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@ | |
355fbf31 | 2931 | - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, |
2932 | prevent hanging during PAM keyboard-interactive authentications. ok djm@ | |
69a20cff | 2933 | - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h |
2934 | openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when | |
2935 | configured --with-osfsia. ok djm@ | |
a1e0095d | 2936 | |
1452867a | 2937 | 20040303 |
e7f6070d | 2938 | - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent |
2939 | ok dtucker | |
2940 | ||
010e9d5b | 2941 | 20040229 |
2942 | - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 | |
2943 | ||
6ff58a4b | 2944 | 20040229 |
2945 | - (dtucker) OpenBSD CVS Sync | |
2946 | - djm@cvs.openbsd.org 2004/02/25 00:22:45 | |
2947 | [sshd.c] | |
2948 | typo in comment | |
8b0a55ac | 2949 | - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 |
2950 | [dh.c] | |
2951 | Prevent sshd from sending DH groups with a primitive generator of zero or | |
2952 | one, even if they are listed in /etc/moduli. ok markus@ | |
cd744742 | 2953 | - dtucker@cvs.openbsd.org 2004/02/27 22:44:56 |
2954 | [dh.c] | |
2955 | Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone | |
2956 | ever uses one. ok markus@ | |
e24bb7d5 | 2957 | - dtucker@cvs.openbsd.org 2004/02/27 22:49:27 |
2958 | [dh.c] | |
2959 | Reset bit counter at the right time, fixes debug output in the case where | |
2960 | the DH group is rejected. ok markus@ | |
42cfd508 | 2961 | - dtucker@cvs.openbsd.org 2004/02/17 08:23:20 |
2962 | [regress/Makefile regress/login-timeout.sh] | |
2963 | Add regression test for LoginGraceTime; ok markus@ | |
dd75dc6d | 2964 | - markus@cvs.openbsd.org 2004/02/24 16:56:30 |
2965 | [regress/test-exec.sh] | |
2966 | allow arguments in ${TEST_SSH_XXX} | |
e7ac982b | 2967 | - markus@cvs.openbsd.org 2004/02/24 17:06:52 |
2968 | [regress/ssh-com-client.sh regress/ssh-com-keygen.sh | |
2969 | regress/ssh-com-sftp.sh regress/ssh-com.sh] | |
2970 | test against recent ssh.com releases | |
f492915d | 2971 | - dtucker@cvs.openbsd.org 2004/02/28 12:16:57 |
2972 | [regress/dynamic-forward.sh] | |
2973 | Make dynamic-forward understand nc's new output. ok markus@ | |
79a00bda | 2974 | - dtucker@cvs.openbsd.org 2004/02/28 13:44:45 |
2975 | [regress/try-ciphers.sh] | |
2976 | Test acss too; ok markus@ | |
1d64dfd3 | 2977 | - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we |
2978 | built with openssl < 0.9.7) | |
6ff58a4b | 2979 | |
769a750c | 2980 | 20040226 |
2981 | - (bal) KNF our sshlogin.c even if the code looks nothing like upstream | |
2982 | code due to diversity issues. | |
2983 | ||
3b5581f5 | 2984 | 20040225 |
2985 | - (djm) Trim ChangeLog | |
557f108b | 2986 | - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora |
3b5581f5 | 2987 | |
71c1910f | 2988 | 20040224 |
2989 | - (dtucker) OpenBSD CVS Sync | |
2990 | - markus@cvs.openbsd.org 2004/02/19 21:15:04 | |
2991 | [sftp-server.c] | |
2992 | switch to new license.template | |
a666e3b1 | 2993 | - markus@cvs.openbsd.org 2004/02/23 12:02:33 |
2994 | [sshd.c] | |
2995 | backout revision 1.279; set listen socket to non-block; ok henning. | |
155890b3 | 2996 | - markus@cvs.openbsd.org 2004/02/23 15:12:46 |
2997 | [bufaux.c] | |
2998 | encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka | |
2999 | and drop support for negative BNs; ok otto@ | |
a5337ac4 | 3000 | - markus@cvs.openbsd.org 2004/02/23 15:16:46 |
3001 | [version.h] | |
3002 | enter 3.8 | |
071970fb | 3003 | - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found |
3004 | with krb5-config, hunt down gssapi.h and friends. Based partially on patch | |
469e90f9 | 3005 | from deengert at anl.gov. ok djm@ |
13dff404 | 3006 | - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime |
3007 | using sysconf() if available Based on patches from | |
3008 | holger AT van-lengerich.de and openssh_bugzilla AT hockin.org | |
972fc531 | 3009 | - (dtucker) [uidswap.c] Minor KNF. ok djm@ |
fee4a84f | 3010 | - (tim) [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@ |
8607ab76 | 3011 | - (djm) Crank RPM spec versions |
54fe3272 | 3012 | - (dtucker) [README] Add pointer to release notes. ok djm@ |
510c0a8a | 3013 | - (dtucker) {README.platform] Add platform-specific notes. |
f9e4952c | 3014 | - (tim) [configure.ac] SCO3 needs -lcrypt_i for -lprot |
a40872de | 3015 | - (djm) Release 3.8p1 |
71c1910f | 3016 | |
59f327e0 | 3017 | 20040223 |
3018 | - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the | |
3019 | non-interactive path. ok djm@ | |
3020 | ||
f14ca4a4 | 3021 | 20040222 |
3022 | - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test | |
3023 | to auth-shadow.c, no functional change. ok djm@ | |
2b486b75 | 3024 | - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or |
3025 | password expiry. ok djm@ | |
3026 | - (dtucker) [auth-passwd.c] Only check password expiry once. Prevents | |
3027 | multiple warnings if a wrong password is entered. | |
3028 | - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi path | |
3029 | too. | |
f14ca4a4 | 3030 | |
45a3410a | 3031 | 20040220 |
3032 | - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ | |
3033 | ||
13961ade | 3034 | 20040218 |
3035 | - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a | |
3036 | path with a "-" in it. From Sergio.Gelato at astro.su.se. | |
caf1e9f0 | 3037 | - (djm) OpenBSD CVS Sync |
3038 | - djm@cvs.openbsd.org 2004/02/17 07:17:29 | |
3039 | [sftp-glob.c sftp.c] | |
3040 | Remove useless headers; ok deraadt@ | |
2cda7d6b | 3041 | - djm@cvs.openbsd.org 2004/02/17 11:03:08 |
3042 | [sftp.c] | |
3043 | sftp.c and sftp-int.c, together at last; ok markus@ | |
ab263a3d | 3044 | - jmc@cvs.openbsd.org 2004/02/17 19:35:21 |
3045 | [sshd_config.5] | |
3046 | remove cruft left over from RhostsAuthentication removal; | |
3047 | ok markus@ | |
232b600a | 3048 | - (djm) [log.c] Correct use of HAVE_OPENLOG_R |
a90ed4b3 | 3049 | - (djm) [log.c] Tighten openlog_r tests |
13961ade | 3050 | |
9cd11896 | 3051 | 20040217 |
3052 | - (djm) Simplify the license on code I have written. No code changes. | |
ab3932ab | 3053 | - (djm) OpenBSD CVS Sync |
3054 | - djm@cvs.openbsd.org 2004/02/17 05:39:51 | |
3055 | [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c] | |
3056 | [sftp-int.h sftp.c] | |
3057 | switch to license.template for code written by me (belated, I know...) | |
5d464804 | 3058 | - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from |
3059 | stadal@suse.cz and simon@sxw.org.uk | |
60922169 | 3060 | - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ |
ef687c66 | 3061 | - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for |
3062 | display after login. Should fix problems like pam_motd not displaying | |
3063 | anything, noticed by cjwatson at debian.org. ok djm@ | |
9cd11896 | 3064 | |
006cb311 | 3065 | 20040212 |
3066 | - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh] | |
3067 | Portablity fixes. Data sftp transfers needs to be world readable. Some | |
3068 | older shells hang on while loops when doing sh -n some_script. OK dtucker@ | |
5486a457 | 3069 | - (tim) [configure.ac] Make sure -lcrypto is before -lsocket for sco3. |
3070 | ok mouring@ | |
006cb311 | 3071 | |
d78480be | 3072 | 20040211 |
3073 | - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check | |
3074 | if HAS_SHADOW_EXPIRY is set. | |
8087c5ee | 3075 | - (tim) [configure.ac] Fix comment to match code changes in ver 1.117 |
d78480be | 3076 | |
cadfc759 | 3077 | 20040210 |
3078 | - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c | |
5a8bd0c3 | 3079 | openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's |
3080 | native password expiry. | |
3081 | - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h | |
3082 | defines.h] Bug #14: Use do_pwchange to support password expiry and force | |
3083 | change for platforms using /etc/shadow. ok djm@ | |
1c46f905 | 3084 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat |
3085 | functions to avoid conflicts with Heimdal's libroken. ok djm@ | |
dd1fb864 | 3086 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to |
3087 | change expired PAM passwords for SSHv1 connections without privsep. | |
3088 | pam_chauthtok is still used when privsep is disabled. ok djm@ | |
262b1744 | 3089 | - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move |
3090 | include from port-aix.h to port-aix.c and remove unnecessary function | |
3091 | definition. Fixes build errors on AIX. | |
41c64c91 | 3092 | - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms |
3093 | that support it. from & ok mouring@ | |
0655c763 | 3094 | - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x. |
d78480be | 3095 | ok djm@ |
cadfc759 | 3096 | |
59d51274 | 3097 | 20040207 |
3098 | - (dtucker) OpenBSD CVS Sync | |
3099 | - dtucker@cvs.openbsd.org 2004/02/06 23:41:13 | |
3100 | [cipher-ctr.c] | |
3101 | Use EVP_CIPHER_CTX_key_length for key length. ok markus@ | |
3102 | (This will fix builds with OpenSSL 0.9.5) | |
1c4d41b9 | 3103 | - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5. |
3104 | ok djm@, markus@ | |
59d51274 | 3105 | |
92d0d880 | 3106 | 20040206 |
3107 | - (dtucker) [acss.c acss.h] Fix $Id tags. | |
c7b91244 | 3108 | - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with |
3109 | OpenSSL >= 0.9.7. ok djm@ | |
72037bc8 | 3110 | - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root |
3111 | user, since some modules might fail due to lack of privilege. ok djm@ | |
38b69c0b | 3112 | - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO |
3113 | for HP-UX 11.11. If there are known-good configs where this is not | |
3114 | required, please report them. ok djm@ | |
a6cd1e13 | 3115 | - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent |
3116 | accidentally inheriting from root's environment. ok djm@ | |
7ccff316 | 3117 | - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #796: |
3118 | Restore previous authdb setting after auth calls. Fixes problems with | |
3119 | setpcred failing on accounts that use AFS or NIS password registries. | |
51693efd | 3120 | - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present, |
3121 | required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>. | |
37656beb | 3122 | - (dtucker) OpenBSD CVS Sync |
3123 | - markus@cvs.openbsd.org 2004/01/30 09:48:57 | |
3124 | [auth-passwd.c auth.h pathnames.h session.c] | |
3125 | support for password change; ok dtucker@ | |
3126 | (set password-dead=1w in login.conf to use this). | |
3127 | In -Portable, this is currently only platforms using bsdauth. | |
a9b33b95 | 3128 | - dtucker@cvs.openbsd.org 2004/02/05 05:37:17 |
3129 | [monitor.c sshd.c] | |
3130 | Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@ | |
7b0a59c9 | 3131 | - markus@cvs.openbsd.org 2004/02/05 15:33:33 |
3132 | [progressmeter.c] | |
3133 | fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@ | |
92d0d880 | 3134 | |
d642a47a | 3135 | 20040129 |
3136 | - (dtucker) OpenBSD CVS Sync regress/ | |
3137 | - dtucker@cvs.openbsd.org 2003/10/11 11:49:49 | |
3138 | [Makefile banner.sh] | |
3139 | Test missing banner file, suppression of banner with ssh -q, check return | |
3140 | code from ssh. ok markus@ | |
b3293f64 | 3141 | - jmc@cvs.openbsd.org 2003/11/07 10:16:44 |
3142 | [ssh-com.sh] | |
3143 | adress -> address, and a few more; all from Jonathon Gray; | |
7267f37e | 3144 | - djm@cvs.openbsd.org 2004/01/13 09:49:06 |
3145 | [sftp-batch.sh] | |
8068d564 | 3146 | - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from |
3147 | tim@, ok several | |
c1ad5966 | 3148 | - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h] |
3149 | Bug #775: Cray fixes from wendy at cray.com | |
d642a47a | 3150 | |
71658852 | 3151 | 20040128 |
3152 | - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@ | |
f5d109e7 | 3153 | - (dtucker) [moduli] Import new moduli file from OpenBSD. |
71658852 | 3154 | |
268c23e9 | 3155 | 20040127 |
3156 | - (djm) OpenBSD CVS Sync | |
3157 | - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03 | |
3158 | [cipher.c] | |
3159 | enable acss for ssh | |
3160 | ok deraadt@ markus@ | |
0372ae57 | 3161 | - mouring@cvs.openbsd.org 2004/01/23 17:57:48 |
3162 | [sftp-int.c] | |
3163 | Fix issue pointed out with ls not handling large directories | |
3164 | with embeded paths correctly. OK damien@ | |
8b557a74 | 3165 | - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33 |
3166 | [cipher.c] | |
3167 | rename acss@opebsd.org to acss@openssh.org | |
3168 | ok deraadt@ | |
2daf1db1 | 3169 | - djm@cvs.openbsd.org 2004/01/25 03:49:09 |
3170 | [sshconnect.c] | |
3171 | reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785) | |
3172 | from jclonguet AT free.fr; ok millert@ | |
02de7c6e | 3173 | - djm@cvs.openbsd.org 2004/01/27 10:08:10 |
3174 | [sftp.c] | |
3175 | reorder parsing so user:skey@host:file works (bugzilla #777) | |
3176 | patch from admorten AT umich.edu; ok markus@ | |
268c23e9 | 3177 | - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS |
3178 | if libcrypto lacks it | |
3179 | ||
86f807ed | 3180 | 20040126 |
3181 | - (tim) Typo in regress/README.regress | |
a5753dd4 | 3182 | - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated. |
a98550d2 | 3183 | - (tim) [defines.h] Add defines for HFIXEDSZ and T_SIG |
9e833a9b | 3184 | - (tim) [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends. |
2df78719 | 3185 | - (tim) [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ |
3186 | and T_SIG to getrrsetbyname.h | |
86f807ed | 3187 | |
6e9f4c0f | 3188 | 20040124 |
3189 | - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com | |
3190 | ||
f4eaee12 | 3191 | 20040123 |
3192 | - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from | |
3193 | ralf.hack AT pipex.net; ok dtucker@ | |
b6cfb8c2 | 3194 | - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect |
3195 | Kerberos location (and thus work with Fedora Core 1); | |
3196 | from jason AT devrandom.org | |
4ad65809 | 3197 | - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for |
3198 | zlib >= 1.1.4. Partly from jbasney at ncsa.uiuc.edu. ok djm@ | |
73fd4871 | 3199 | - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options. |
3200 | Patch from vinschen at redhat.com. | |
bcfcc5f9 | 3201 | - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] |
3202 | Change AFS symbol to USE_AFS to prevent namespace collisions, do not | |
3203 | include kafs.h unless necessary. From deengert at anl.gov. | |
0a15d73b | 3204 | - (tim) [configure.ac] Remove hard coded -L/usr/local/lib and |
3205 | -I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \ | |
3206 | CPPFLAGS="-I/usr/local/include" ./configure if needed. | |
f4eaee12 | 3207 | |
5585c441 | 3208 | 20040122 |
3209 | - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/ | |
3210 | GSSAPI detection, libs and includes. ok djm@ | |
6704d19a | 3211 | - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not |
3212 | just HEIMDAL. | |
8e8d046c | 3213 | - (tim) [contrib/solaris/buildpkg.sh] Allow for the possibility of |
3214 | /usr/local being a symbolic link. Fixes problem reported by Henry Grebler. | |
5585c441 | 3215 | |
a8b64bb8 | 3216 | 20040121 |
3217 | - (djm) OpenBSD CVS Sync | |
3218 | - djm@cvs.openbsd.org 2004/01/13 09:25:05 | |
3219 | [sftp-int.c sftp.1 sftp.c] | |
3220 | Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and | |
3221 | enable use of "-b -" to accept batchfile from stdin; ok markus@ | |
f74de0d7 | 3222 | - jmc@cvs.openbsd.org 2004/01/13 12:17:33 |
3223 | [sftp.1] | |
3224 | remove unnecessary Ic's; | |
3225 | kill whitespace at EOL; | |
3226 | ok djm@ | |
39dfceeb | 3227 | - markus@cvs.openbsd.org 2004/01/13 19:23:15 |
3228 | [compress.c session.c] | |
3229 | -Wall; ok henning | |
33623c65 | 3230 | - markus@cvs.openbsd.org 2004/01/13 19:45:15 |
3231 | [compress.c] | |
3232 | cast for portability; millert@ | |
7741e239 | 3233 | - markus@cvs.openbsd.org 2004/01/19 09:24:21 |
3234 | [channels.c] | |
3235 | fake consumption for half closed channels since the peer is waiting for | |
3236 | window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@ | |
3237 | reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo' | |
43f7a4b8 | 3238 | - markus@cvs.openbsd.org 2004/01/19 21:25:15 |
3239 | [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] | |
3240 | fix mem leaks; some fixes from Pete Flugstad; tested dtucker@ | |
ac414e17 | 3241 | - djm@cvs.openbsd.org 2004/01/21 03:07:59 |
3242 | [sftp.c] | |
3243 | initialise infile in main, rather than statically - from portable | |
a4de1163 | 3244 | - deraadt@cvs.openbsd.org 2004/01/11 21:55:06 |
3245 | [sshpty.c] | |
3246 | for pty opening, only use the openpty() path. the other stuff only needs | |
3247 | to be in openssh-p; markus ok | |
3248 | - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an | |
3249 | openpty() replacement | |
a8b64bb8 | 3250 | |
100e6910 | 3251 | 20040114 |
3252 | - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits | |
3253 | unexpectedly. with & ok djm@ | |
28b49ff8 | 3254 | - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add |
3255 | test for case where cleanup has already run. | |
90f3c272 | 3256 | - (dtucker) [auth-pam.c] Add minor debugging. |
100e6910 | 3257 | |
e47e681f | 3258 | 20040113 |
3259 | - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No | |
3260 | functional changes. | |
3261 | ||
b3f87f4f | 3262 | 20040108 |
3263 | - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and | |
3264 | only define if not already. From des at freebsd.org. | |
24a9171d | 3265 | - (dtucker) [configure.ac] Remove extra (typo) comma. |
b3f87f4f | 3266 | |
e7c060cb | 3267 | 20040105 |
3268 | - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from | |
3269 | cjwatson at debian.org. | |
309af4e5 | 3270 | - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] |
3271 | Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@ | |
e7c060cb | 3272 | |
ff620033 | 3273 | 20040102 |
3274 | - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from | |
3275 | jakob@ | |
c0c10689 | 3276 | - (djm) Remove useless DNS support configure summary message. from jakob@ |
2511d104 | 3277 | - (djm) OSX/Darwin put the PAM headers in a different place, detect this. |
3278 | Report from jakob@ | |
ff620033 | 3279 | |
c6fbc95a | 3280 | 20031231 |
3281 | - (dtucker) OpenBSD CVS Sync | |
3282 | - djm@cvs.openbsd.org 2003/12/22 09:16:58 | |
3283 | [moduli.c ssh-keygen.1 ssh-keygen.c] | |
3284 | tidy up moduli generation debugging, add -v (verbose/debug) option to | |
3285 | ssh-keygen; ok markus@ | |
1dd5f021 | 3286 | - markus@cvs.openbsd.org 2003/12/22 20:29:55 |
3287 | [cipher-3des1.c] | |
3288 | EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr | |
a1e30b47 | 3289 | - jakob@cvs.openbsd.org 2003/12/23 16:12:10 |
3290 | [servconf.c servconf.h session.c sshd_config] | |
3291 | implement KerberosGetAFSToken server option. ok markus@, beck@ | |
6bb49a16 | 3292 | - millert@cvs.openbsd.org 2003/12/29 16:39:50 |
3293 | [sshd_config] | |
3294 | KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK | |
b0ca6225 | 3295 | - dtucker@cvs.openbsd.org 2003/12/31 00:24:50 |
3296 | [auth2-passwd.c] | |
3297 | Ignore password change request during password auth (which we currently | |
3298 | don't support) and discard proposed new password. corrections/ok markus@ | |
3f176010 | 3299 | - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist. |
c6fbc95a | 3300 | |
56b13279 | 3301 | 20031219 |
3302 | - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we | |
3303 | typedef size_t ourselves. | |
3304 | ||
0c6a72a5 | 3305 | 20031218 |
3306 | - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban. | |
b3ef7fb7 | 3307 | - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive |
3308 | authentication. Partially fixes bug #423. Feedback & ok djm@ | |
0c6a72a5 | 3309 | |
95ae2076 | 3310 | 20031217 |
3311 | - (djm) OpenBSD CVS Sync | |
3312 | - markus@cvs.openbsd.org 2003/12/09 15:28:43 | |
3313 | [serverloop.c] | |
3314 | make ClientKeepAlive work for ssh -N, too (no login shell requested). | |
3315 | 1) send a bogus channel request if we find a channel | |
3316 | 2) send a bogus global request if we don't have a channel | |
3317 | ok + test beck@ | |
c5894280 | 3318 | - markus@cvs.openbsd.org 2003/12/09 17:29:04 |
3319 | [sshd.c] | |
3320 | fix -o and HUP; ok henning@ | |
1aafd17a | 3321 | - markus@cvs.openbsd.org 2003/12/09 17:30:05 |
3322 | [ssh.c] | |
3323 | don't modify argv for ssh -o; similar to sshd.c 1.283 | |
fd573618 | 3324 | - markus@cvs.openbsd.org 2003/12/09 21:53:37 |
3325 | [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] | |
3326 | [ssh_config.5 sshconnect.c sshd.c sshd_config.5] | |
3327 | rename keepalive to tcpkeepalive; the old name causes too much | |
3328 | confusion; ok djm, dtucker; with help from jmc@ | |
66357af5 | 3329 | - dtucker@cvs.openbsd.org 2003/12/09 23:45:32 |
3330 | [clientloop.c] | |
3331 | Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@ | |
e8dd24a8 | 3332 | - markus@cvs.openbsd.org 2003/12/14 12:37:21 |
3333 | [ssh_config.5] | |
3334 | we don't support GSS KEX; from Simon Wilkinson | |
5d8d32a3 | 3335 | - markus@cvs.openbsd.org 2003/12/16 15:49:51 |
3336 | [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] | |
3337 | [ssh.c ssh_config.5] | |
3338 | application layer keep alive (ServerAliveInterval ServerAliveCountMax) | |
3339 | for ssh(1), similar to the sshd(8) option; ok beck@; with help from | |
3340 | jmc and dtucker@ | |
b3c35b71 | 3341 | - markus@cvs.openbsd.org 2003/12/16 15:51:54 |
3342 | [dh.c] | |
3343 | use <= instead of < in dh_estimate; ok provos/hshoexer; | |
3344 | do not return < DH_GRP_MIN | |
9a3fe0e2 | 3345 | - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for |
3346 | setres[ug]id() present but not implemented (eg some Linux/glibc | |
3347 | combinations). | |
cc1102cb | 3348 | - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are |
3349 | using a real 'signal()' (Noticed by a NeXT Compile) | |
95ae2076 | 3350 | |
ef75d357 | 3351 | 20031209 |
3352 | - (dtucker) OpenBSD CVS Sync | |
3353 | - matthieu@cvs.openbsd.org 2003/11/25 23:10:08 | |
3354 | [ssh-add.1] | |
3355 | ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@. | |
dfeea606 | 3356 | - djm@cvs.openbsd.org 2003/11/26 21:44:29 |
3357 | [cipher-aes.c] | |
3358 | fix #ifdef before #define; ok markus@ | |
3359 | (RCS ID sync only, Portable already had this) | |
adfde93f | 3360 | - markus@cvs.openbsd.org 2003/12/02 12:15:10 |
3361 | [progressmeter.c] | |
3362 | improvments from andreas@: | |
3363 | * saner speed estimate for transfers that takes less than a second by | |
3364 | rounding the time to 1 second. | |
3365 | * when the transfer is finished calculate the actual total speed | |
3366 | rather than the current speed which is given during the transfer | |
fce39749 | 3367 | - markus@cvs.openbsd.org 2003/12/02 17:01:15 |
3368 | [channels.c session.c ssh-agent.c ssh.h sshd.c] | |
3369 | use SSH_LISTEN_BACKLOG (=128) in listen(2). | |
69e782ea | 3370 | - djm@cvs.openbsd.org 2003/12/07 06:34:18 |
3371 | [moduli.c] | |
3372 | remove unused debugging #define templates | |
5acd7dc1 | 3373 | - markus@cvs.openbsd.org 2003/12/08 11:00:47 |
3374 | [kexgexc.c] | |
3375 | print requested group size in debug; ok djm | |
eb7a33b8 | 3376 | - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 |
3377 | [moduli.c] | |
3378 | Prevent ssh-keygen -T from outputting moduli with a generator of 0, since | |
3379 | they can't be used for Diffie-Hellman. Assistance and ok djm@ | |
b97b4f35 | 3380 | - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. |
ef75d357 | 3381 | |
e6354014 | 3382 | 20031208 |
3383 | - (tim) [configure.ac] Bug 770. Fix --without-rpath. | |
3384 | ||
1639bb8f | 3385 | 20031123 |
3386 | - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own | |
3387 | function and call it unconditionally | |
341c3efe | 3388 | - (djm) OpenBSD CVS Sync |
3389 | - djm@cvs.openbsd.org 2003/11/23 23:17:34 | |
3390 | [ssh-keyscan.c] | |
3391 | from portable - use sysconf to detect fd limit; ok markus@ | |
3392 | (tidy diff by adding SSH_SSFDMAX macro to defines.h) | |
e7e3e2c8 | 3393 | - djm@cvs.openbsd.org 2003/11/23 23:18:45 |
3394 | [ssh-keygen.c] | |
3395 | consistency PATH_MAX -> MAXPATHLEN; ok markus@ | |
3396 | (RCS ID sync only) | |
3397 | - djm@cvs.openbsd.org 2003/11/23 23:21:21 | |
3398 | [scp.c] | |
3399 | from portable: rename clashing variable limit-> limit_rate; ok markus@ | |
3400 | (RCS ID sync only) | |
f7926e97 | 3401 | - dtucker@cvs.openbsd.org 2003/11/24 00:16:35 |
3402 | [ssh.1 ssh.c] | |
3403 | Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@ | |
d74671e4 | 3404 | - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original |
3405 | source file path (in OpenBSD tree). | |
1639bb8f | 3406 | |
7fbb4189 | 3407 | 20031122 |
3408 | - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@ | |
f0b467ef | 3409 | - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] |
3410 | Move AIX specific password authentication code to port-aix.c, call | |
3411 | authenticate() until reenter flag is clear. | |
dbf8efb3 | 3412 | - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net. |
3413 | Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA | |
3414 | is enabled, rely on SIA to check for locked accounts if enabled. ok djm@ | |
10adbb52 | 3415 | - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch |
e20054de | 3416 | - (djm) [sftp-int.c] Remove duplicated code from bogus sync |
00df6acd | 3417 | - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code |
7fbb4189 | 3418 | |
81b161c2 | 3419 | 20031121 |
3420 | - (djm) OpenBSD CVS Sync | |
3421 | - markus@cvs.openbsd.org 2003/11/20 11:39:28 | |
3422 | [progressmeter.c] | |
3423 | fix rounding errors; from andreas@ | |
aff51935 | 3424 | - djm@cvs.openbsd.org 2003/11/21 11:57:03 |
3425 | [everything] | |
3426 | unexpand and delete whitespace at EOL; ok markus@ | |
3427 | (done locally and RCS IDs synced) | |
81b161c2 | 3428 | |
3eaf3960 | 3429 | 20031118 |
4d1de3a3 | 3430 | - (djm) Fix early exit for root auth success when UsePAM=yes and |
3431 | PermitRootLogin=no | |
3eaf3960 | 3432 | - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, |
95077f48 | 3433 | and use it for do_pam_session. Fixes problems like pam_motd not |
3434 | displaying anything. ok djm@ | |
f79a6165 | 3435 | - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ |
95077f48 | 3436 | - (djm) OpenBSD CVS Sync |
3437 | - dtucker@cvs.openbsd.org 2003/11/18 00:40:05 | |
3438 | [serverloop.c] | |
3439 | Correct check for authctxt->valid. ok djm@ | |
b2a5802b | 3440 | - djm@cvs.openbsd.org 2003/11/18 10:53:07 |
3441 | [monitor.c] | |
3442 | unbreak fake authloop for non-existent users (my screwup). Spotted and | |
3443 | tested by dtucker@; ok markus@ | |
4d1de3a3 | 3444 | |
85a68682 | 3445 | 20031117 |
3446 | - (djm) OpenBSD CVS Sync | |
3447 | - djm@cvs.openbsd.org 2003/11/03 09:03:37 | |
3448 | [auth-chall.c] | |
3449 | make this a little more idiot-proof; ok markus@ | |
3450 | (includes portable-specific changes) | |
1a1bc5d5 | 3451 | - jakob@cvs.openbsd.org 2003/11/03 09:09:41 |
3452 | [sshconnect.c] | |
3453 | move changed key warning into warn_changed_key(). ok markus@ | |
f5da7f70 | 3454 | - jakob@cvs.openbsd.org 2003/11/03 09:37:32 |
3455 | [sshconnect.c] | |
3456 | do not free static type pointer in warn_changed_key() | |
fdaef11e | 3457 | - djm@cvs.openbsd.org 2003/11/04 08:54:09 |
3458 | [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] | |
3459 | [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] | |
3460 | [session.c] | |
3461 | standardise arguments to auth methods - they should all take authctxt. | |
3462 | check authctxt->valid rather then pw != NULL; ok markus@ | |
dc1759e6 | 3463 | - jakob@cvs.openbsd.org 2003/11/08 16:02:40 |
3464 | [auth1.c] | |
3465 | remove unused variable (pw). ok djm@ | |
3466 | (id sync only - still used in portable) | |
512d319a | 3467 | - jmc@cvs.openbsd.org 2003/11/08 19:17:29 |
3468 | [sftp-int.c] | |
3469 | typos from Jonathon Gray; | |
b6c7b7b7 | 3470 | - jakob@cvs.openbsd.org 2003/11/10 16:23:41 |
3471 | [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] | |
3472 | [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] | |
3473 | [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] | |
3474 | constify. ok markus@ & djm@ | |
15c8e3fd | 3475 | - dtucker@cvs.openbsd.org 2003/11/12 10:12:15 |
3476 | [scp.c] | |
3477 | When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@ | |
0161a13d | 3478 | - jakob@cvs.openbsd.org 2003/11/12 16:39:58 |
3479 | [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] | |
3480 | update SSHFP validation. ok markus@ | |
dd376e92 | 3481 | - jmc@cvs.openbsd.org 2003/11/12 20:14:51 |
3482 | [ssh_config.5] | |
3483 | make verb agree with subject, and kill some whitespace; | |
b930668c | 3484 | - markus@cvs.openbsd.org 2003/11/14 13:19:09 |
3485 | [sshconnect2.c] | |
3486 | cleanup and minor fixes for the client code; from Simon Wilkinson | |
d3cbe6f8 | 3487 | - djm@cvs.openbsd.org 2003/11/17 09:45:39 |
3488 | [msg.c msg.h sshconnect2.c ssh-keysign.c] | |
3489 | return error on msg send/receive failure (rather than fatal); ok markus@ | |
0789992b | 3490 | - markus@cvs.openbsd.org 2003/11/17 11:06:07 |
3491 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] | |
3492 | [monitor_wrap.h sshconnect2.c ssh-gss.h] | |
3493 | replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; | |
3494 | test + ok jakob. | |
7b2a0de3 | 3495 | - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int |
3496 | conversation function | |
2212fc98 | 3497 | - (djm) Export environment variables from authentication subprocess to |
3498 | parent. Part of Bug #717 | |
85a68682 | 3499 | |
1d58af42 | 3500 | 20031115 |
3501 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and | |
3502 | HP-UX, skip test on AIX. | |
3503 | ||
74117b26 | 3504 | 20031113 |
3505 | - (dtucker) [auth-pam.c] Append newlines to lines output by the | |
3506 | pam_chauthtok_conv(). | |
9e936326 | 3507 | - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All |
3508 | contrib/cygwin). Major update from vinschen at redhat.com. | |
3509 | - Makefile provides a `cygwin-postinstall' target to run right after | |
3510 | `make install'. | |
3511 | - Better support for Windows 2003 Server. | |
3512 | - Try to get permissions as correct as possible. | |
3513 | - New command line options to allow full automated host configuration. | |
3514 | - Create configs from skeletons in /etc/defaults/etc. | |
3515 | - Use /bin/bash, allows reading user input with readline support. | |
3516 | - Remove really old configs from /usr/local. | |
4f1b45b4 | 3517 | - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and |
3518 | PAM_ERROR_MSG messages. | |
74117b26 | 3519 | |
53554b24 | 3520 | 20031106 |
3521 | - (djm) Clarify UsePAM consequences a little more | |
3522 | ||
c3d908f0 | 3523 | 20031103 |
3524 | - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services | |
3525 | are created correctly with CRLF line terminations. Patch from vinschen at | |
3526 | redhat.com. | |
74677ba3 | 3527 | - (dtucker) OpenBSD CVS Sync |
3528 | - markus@cvs.openbsd.org 2003/10/15 09:48:45 | |
3529 | [monitor_wrap.c] | |
3530 | check pmonitor != NULL | |
9da35e2c | 3531 | - markus@cvs.openbsd.org 2003/10/21 09:50:06 |
3532 | [auth2-gss.c] | |
3533 | make sure the doid is larger than 2 | |
b0b30ca6 | 3534 | - avsm@cvs.openbsd.org 2003/10/26 16:57:43 |
3535 | [sshconnect2.c] | |
3536 | rename 'supported' static var in userauth_gssapi() to 'gss_supported' | |
3537 | to avoid shadowing the global version. markus@ ok | |
f7fb35fe | 3538 | - markus@cvs.openbsd.org 2003/10/28 09:08:06 |
3539 | [misc.c] | |
3540 | error->debug for getsockopt+TCP_NODELAY; several requests | |
d8d9afd0 | 3541 | - markus@cvs.openbsd.org 2003/11/02 11:01:03 |
3542 | [auth2-gss.c compat.c compat.h sshconnect2.c] | |
3543 | remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk | |
61893035 | 3544 | - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid. |
c3d908f0 | 3545 | |
f8ec2373 | 3546 | 20031021 |
3547 | - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords | |
3548 | directly. Noted by Darren.Moffat at sun.com. | |
5c4056b2 | 3549 | - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set, |
3550 | make agent setgid during test. | |
f8ec2373 | 3551 | |
4897a87c | 3552 | 20031017 |
3553 | - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with | |
3554 | MD5 passwords even if PAM support is enabled. From steev at detritus.net. | |
3555 | ||
433e60ac | 3556 | 20031015 |
3557 | - (dtucker) OpenBSD CVS Sync | |
3558 | - jmc@cvs.openbsd.org 2003/10/08 08:27:36 | |
3559 | [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] | |
3560 | scp and sftp: add options list and sort options. options list requested | |
3561 | by deraadt@ | |
3562 | sshd: use same format as ssh | |
3563 | ssh: remove wrong option from list | |
3564 | sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) | |
3565 | ok deraadt@ markus@ | |
2ecb78df | 3566 | - markus@cvs.openbsd.org 2003/10/08 15:21:24 |
3567 | [readconf.c ssh_config.5] | |
3568 | default GSS API to no in client, too; ok jakob, deraadt@ | |
d73a67d7 | 3569 | - markus@cvs.openbsd.org 2003/10/11 08:24:08 |
3570 | [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] | |
3571 | remote x11 clients are now untrusted by default, uses xauth(8) to generate | |
3572 | untrusted cookies; ForwardX11Trusted=yes restores old behaviour. | |
3573 | ok deraadt; feedback and ok djm/fries | |
b56e99e2 | 3574 | - markus@cvs.openbsd.org 2003/10/11 08:26:43 |
3575 | [sshconnect2.c] | |
3576 | search keys in reverse order; fixes #684 | |
02cd6c56 | 3577 | - markus@cvs.openbsd.org 2003/10/11 11:36:23 |
3578 | [monitor_wrap.c] | |
3579 | return NULL for missing banner; ok djm@ | |
246bb171 | 3580 | - jmc@cvs.openbsd.org 2003/10/12 13:12:13 |
3581 | [ssh_config.5] | |
3582 | note that EnableSSHKeySign should be in the non-hostspecific section; | |
3583 | remove unnecessary .Pp; | |
3584 | ok markus@ | |
b3054353 | 3585 | - markus@cvs.openbsd.org 2003/10/13 08:22:25 |
3586 | [scp.1 sftp.1] | |
3587 | don't refer to options related to forwarding; ok jmc@ | |
b08b7370 | 3588 | - jakob@cvs.openbsd.org 2003/10/14 19:42:10 |
3589 | [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] | |
3590 | include SSHFP lookup code (not enabled by default). ok markus@ | |
baf12e3f | 3591 | - jakob@cvs.openbsd.org 2003/10/14 19:43:23 |
3592 | [README.dns] | |
3593 | update | |
c88de854 | 3594 | - markus@cvs.openbsd.org 2003/10/14 19:54:39 |
3595 | [session.c ssh-agent.c] | |
3596 | 10X for mkdtemp; djm@ | |
c31dc31c | 3597 | - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c |
3598 | openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always | |
3599 | compiled in but disabled in config. | |
11d40248 | 3600 | - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. |
ea12f758 | 3601 | - (tim) [regress/banner.sh] portability fix. |
433e60ac | 3602 | |
a83a3125 | 3603 | 20031009 |
3604 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ | |
3605 | ||
19e633e7 | 3606 | 20031008 |
3607 | - (dtucker) OpenBSD CVS Sync | |
3608 | - dtucker@cvs.openbsd.org 2003/10/07 01:47:27 | |
3609 | [sshconnect2.c] | |
c8f0cf13 | 3610 | Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & |
3611 | #707. ok markus@ | |
7fdf5569 | 3612 | - djm@cvs.openbsd.org 2003/10/07 07:04:16 |
3613 | [sftp-int.c] | |
3614 | sftp quoting fix from admorten AT umich.edu; ok markus@ | |
c8f0cf13 | 3615 | - deraadt@cvs.openbsd.org 2003/10/07 21:58:28 |
3616 | [sshconnect2.c] | |
3617 | set ptr to NULL after free | |
4c98e94c | 3618 | - dtucker@cvs.openbsd.org 2003/10/07 01:52:13 |
3619 | [regress/Makefile regress/banner.sh] | |
3620 | Test SSH2 banner. ok markus@ | |
3d3e0ec3 | 3621 | - djm@cvs.openbsd.org 2003/10/07 07:04:52 |
3622 | [regress/sftp-cmds.sh] | |
3623 | more sftp quoting regress tests; ok markus | |
19e633e7 | 3624 | |
e3df52a9 | 3625 | 20031007 |
3626 | - (djm) Delete autom4te.cache after autoreconf | |
c6630044 | 3627 | - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static |
3628 | cleanup functions. With & ok djm@ | |
f658a5e8 | 3629 | - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a |
3630 | run-time switch, always build --with-md5-passwords. | |
7111a85c | 3631 | - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c] |
3632 | Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@ | |
605369bb | 3633 | - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID |
3634 | on Reliant Unix. Patch from Robert.Dahlem at siemens.com. | |
e2798e96 | 3635 | - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on |
3636 | Reliant Unix. Based on patch from Robert.Dahlem at siemens.com. | |
e3df52a9 | 3637 | |
418ae4b4 | 3638 | 20031003 |
3f1204c3 | 3639 | - (dtucker) OpenBSD CVS Sync |
418ae4b4 | 3640 | - markus@cvs.openbsd.org 2003/10/02 10:41:59 |
3641 | [sshd.c] | |
3642 | print openssl version, too, several requests; ok henning/djm. | |
59f552b7 | 3643 | - markus@cvs.openbsd.org 2003/10/02 08:26:53 |
3644 | [ssh-gss.h] | |
3645 | missing $OpenBSD:; dtucker | |
ba7c26ce | 3646 | - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default |
3647 | option. | |
418ae4b4 | 3648 | |
2362db19 | 3649 | 20031002 |
3f1204c3 | 3650 | - (dtucker) OpenBSD CVS Sync |
2362db19 | 3651 | - markus@cvs.openbsd.org 2003/09/23 20:17:11 |
3652 | [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c | |
3653 | cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h | |
3654 | monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h | |
3655 | ssh-agent.c sshd.c] | |
3656 | replace fatal_cleanup() and linked list of fatal callbacks with static | |
3657 | cleanup_exit() function. re-refine cleanup_exit() where appropriate, | |
3658 | allocate sshd's authctxt eary to allow simpler cleanup in sshd. | |
3659 | tested by many, ok deraadt@ | |
0469be42 | 3660 | - markus@cvs.openbsd.org 2003/09/23 20:18:52 |
3661 | [progressmeter.c] | |
3662 | don't print trailing \0; bug #709; Robert.Dahlem@siemens.com | |
3663 | ok millert/deraadt@ | |
c15706e2 | 3664 | - markus@cvs.openbsd.org 2003/09/23 20:41:11 |
3665 | [channels.c channels.h clientloop.c] | |
3666 | move client only agent code to clientloop.c | |
51d2a129 | 3667 | - markus@cvs.openbsd.org 2003/09/26 08:19:29 |
3668 | [sshd.c] | |
3669 | no need to set the listen sockets to non-block; ok deraadt@ | |
5f4a0c58 | 3670 | - jmc@cvs.openbsd.org 2003/09/29 11:40:51 |
3671 | [ssh.1] | |
3672 | - add list of options to -o and .Xr ssh_config(5) | |
3673 | - some other cleanup | |
3674 | requested by deraadt@; | |
3675 | ok deraadt@ markus@ | |
e377c083 | 3676 | - markus@cvs.openbsd.org 2003/09/29 20:19:57 |
3677 | [servconf.c sshd_config] | |
3678 | GSSAPICleanupCreds -> GSSAPICleanupCredentials | |
97b56d59 | 3679 | - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring |
3680 | --with-pam. ok djm@ | |
21c1aca3 | 3681 | - (dtucker) [ssh-gss.h] Prototype change missed in sync. |
3a23ba0e | 3682 | - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations. |
3683 | Based on patches by Matthias Koeppe and Thomas Baden. ok djm@ | |
2362db19 | 3684 | |
0cdb4344 | 3685 | 20030930 |
3686 | - (bal) Fix issues in openbsd-compat/realpath.c | |
3687 | ||
4214aa45 | 3688 | 20030925 |
3689 | - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove | |
3690 | DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from | |
3691 | michael_steffens at hp.com, ok djm@ | |
1b4ba39b | 3692 | - (tim) [sshd_config] UsePAM defaults to no. |
4214aa45 | 3693 | |
67c4ea7d | 3694 | 20030924 |
3695 | - (djm) Update version.h and spec files for HEAD | |
cb433561 | 3696 | - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6. |
67c4ea7d | 3697 | |
5ba73866 | 3698 | 20030923 |
291c14e8 | 3699 | - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree |
5ba73866 | 3700 | builds. Portability corrections from tim@. |
b27e573d | 3701 | - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X. |
635e0c42 | 3702 | Patch from max at quendi.de. |
08da2d08 | 3703 | - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi. |
3704 | - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64. | |
6fb3618d | 3705 | - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS. |
3706 | Patch from david.haughton at ncr.com | |
412c0eaa | 3707 | - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6. |
3708 | Part of patch supplied by bugzilla-openssh at thewrittenword.com | |
1a086f97 | 3709 | - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c |
3710 | openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with | |
3711 | where gai_strerror is defined as "const char *". Part of patch supplied | |
3712 | by bugzilla-openssh at thewrittenword.com | |
35283c00 | 3713 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update |
3714 | ssh-host-config to match current defaults, bump README version. Patch from | |
3715 | vinschen at redhat.com. | |
51e7d820 | 3716 | - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the |
3717 | OS does not support permanently dropping privileges. Patch from | |
3718 | vinschen at redhat.com. | |
805dcf3a | 3719 | - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h, |
3720 | add canohost.h to stop warning. Based on patch from openssh-unix-dev at | |
3721 | thewrittenword.com | |
913a4384 | 3722 | - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or |
3723 | higher. | |
f4f2ff4f | 3724 | - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/ |
b27e573d | 3725 | - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN. |
3726 | Report by distler AT golem ph utexas edu. | |
ca043cac | 3727 | - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from |
3728 | article by genty at austin.ibm.com, included with the author's permission. | |
ce26c02a | 3729 | - (dtucker) OpenBSD CVS Sync |
3730 | - markus@cvs.openbsd.org 2003/09/18 07:52:54 | |
3731 | [sshconnect.c] | |
3732 | missing {}; bug #656; jclonguet at free.fr | |
5bd34316 | 3733 | - markus@cvs.openbsd.org 2003/09/18 07:54:48 |
3734 | [buffer.c] | |
3735 | protect against double free; #660; zardoz at users.sf.net | |
1bd71826 | 3736 | - markus@cvs.openbsd.org 2003/09/18 07:56:05 |
3737 | [authfile.c] | |
3738 | missing buffer_free(&encrypted); #662; zardoz at users.sf.net | |
c46e584f | 3739 | - markus@cvs.openbsd.org 2003/09/18 08:49:45 |
3740 | [deattack.c misc.c session.c ssh-agent.c] | |
3741 | more buffer allocation fixes; from Solar Designer; CAN-2003-0682; | |
3742 | ok millert@ | |
bb92e5cc | 3743 | - miod@cvs.openbsd.org 2003/09/18 13:02:21 |
3744 | [authfd.c bufaux.c dh.c mac.c ssh-keygen.c] | |
3745 | A few signedness fixes for harmless situations; markus@ ok | |
9adbb4a4 | 3746 | - markus@cvs.openbsd.org 2003/09/19 09:02:02 |
3747 | [packet.c] | |
3748 | buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 | |
f04181fe | 3749 | - markus@cvs.openbsd.org 2003/09/19 09:03:00 |
3750 | [buffer.c] | |
3751 | sign fix in buffer_dump; Jedi/Sector One; pr 3473 | |
cd25664d | 3752 | - markus@cvs.openbsd.org 2003/09/19 11:29:40 |
3753 | [ssh-agent.c] | |
3754 | provide a ssh-agent specific fatal() function; ok deraadt | |
eec6d341 | 3755 | - markus@cvs.openbsd.org 2003/09/19 11:30:39 |
3756 | [ssh-keyscan.c] | |
3757 | avoid fatal_cleanup, just call exit(); ok deraadt | |
364b1cde | 3758 | - markus@cvs.openbsd.org 2003/09/19 11:31:33 |
3759 | [channels.c] | |
3760 | do not call channel_free_all on fatal; ok deraadt | |
72c4301f | 3761 | - markus@cvs.openbsd.org 2003/09/19 11:33:09 |
3762 | [packet.c sshd.c] | |
3763 | do not call packet_close on fatal; ok deraadt | |
815a8407 | 3764 | - markus@cvs.openbsd.org 2003/09/19 17:40:20 |
3765 | [scp.c] | |
3766 | error handling for remote-remote copy; #638; report Harald Koenig; | |
3767 | ok millert, fgs, henning, deraadt | |
82de775c | 3768 | - markus@cvs.openbsd.org 2003/09/19 17:43:35 |
3769 | [clientloop.c sshtty.c sshtty.h] | |
3770 | remove fatal callbacks from client code; ok deraadt | |
9e3191db | 3771 | - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john |
3772 | on #unixhelp@efnet | |
daa41e62 | 3773 | - (tim) [configure.ac] add --disable-etc-default-login option. ok djm |
0a23d79f | 3774 | - (djm) Sync with V_3_7 branch: |
3775 | - (djm) Fix SSH1 challenge kludge | |
3776 | - (djm) Bug #671: Fix builds on OpenBSD | |
3777 | - (djm) Bug #676: Fix PAM stack corruption | |
3778 | - (djm) Fix bad free() in PAM code | |
3779 | - (djm) Don't call pam_end before pam_init | |
3780 | - (djm) Enable build with old OpenSSL again | |
3781 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | |
3782 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | |
5ba73866 | 3783 | |
0b202697 | 3784 | $Id$ |