]> andersk Git - openssh.git/blame - ChangeLog
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- pyr@cvs.openbsd.org 2008/05/07 05:49:37
[openssh.git] / ChangeLog
CommitLineData
9b04dbaa 120080518
2 - (djm) OpenBSD CVS Sync
3 - djm@cvs.openbsd.org 2008/04/04 05:14:38
4 [sshd_config.5]
5 ChrootDirectory is supported in Match blocks (in fact, it is most useful
6 there). Spotted by Minstrel AT minstrel.org.uk
5b76e3ef 7 - djm@cvs.openbsd.org 2008/04/04 06:44:26
8 [sshd_config.5]
9 oops, some unrelated stuff crept into that commit - backout.
10 spotted by jmc@
ade21243 11 - djm@cvs.openbsd.org 2008/04/05 02:46:02
12 [sshd_config.5]
13 HostbasedAuthentication is supported under Match too
185adaf8 14 - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
15 [configure.ac] Implement arc4random_buf(), import implementation of
16 arc4random_uniform() from OpenBSD
c1d152b8 17 - (djm) OpenBSD CVS Sync
18 - djm@cvs.openbsd.org 2008/04/13 00:22:17
19 [dh.c sshd.c]
20 Use arc4random_buf() when requesting more than a single word of output
21 Use arc4random_uniform() when the desired random number upper bound
22 is not a power of two
23 ok deraadt@ millert@
360b43ab 24 - djm@cvs.openbsd.org 2008/04/18 12:32:11
25 [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
26 introduce sftp extension methods statvfs@openssh.com and
27 fstatvfs@openssh.com that implement statvfs(2)-like operations,
28 based on a patch from miklos AT szeredi.hu (bz#1399)
29 also add a "df" command to the sftp client that uses the
30 statvfs@openssh.com to produce a df(1)-like display of filesystem
31 space and inode utilisation
32 ok markus@
ea530517 33 - jmc@cvs.openbsd.org 2008/04/18 17:15:47
34 [sftp.1]
35 macro fixage;
48fbfda0 36 - djm@cvs.openbsd.org 2008/04/18 22:01:33
37 [session.c]
38 remove unneccessary parentheses
0bb7755b 39 - otto@cvs.openbsd.org 2008/04/29 11:20:31
40 [monitor_mm.h]
41 garbage collect two unused fields in struct mm_master; ok markus@
c47ff7a6 42 - djm@cvs.openbsd.org 2008/04/30 10:14:03
43 [ssh-keyscan.1 ssh-keyscan.c]
44 default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
45 larsnooden AT openoffice.org
43c3f85c 46 - pyr@cvs.openbsd.org 2008/05/07 05:49:37
47 [servconf.c servconf.h session.c sshd_config.5]
48 Enable the AllowAgentForwarding option in sshd_config (global and match
49 context), to specify if agents should be permitted on the server.
50 As the man page states:
51 ``Note that disabling Agent forwarding does not improve security
52 unless users are also denied shell access, as they can always install
53 their own forwarders.''
54 ok djm@, ok and a mild frown markus@
9b04dbaa 55
490c3105 5620080403
57 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
58 time warnings on LynxOS. Patch from ops AT iki.fi
1ebb73e4 59 - (djm) Force string arguments to replacement setproctitle() though
60 strnvis first. Ok dtucker@
490c3105 61
2b363e83 6220080403
63 - (djm) OpenBSD CVS sync:
64 - markus@cvs.openbsd.org 2008/04/02 15:36:51
65 [channels.c]
66 avoid possible hijacking of x11-forwarded connections (back out 1.183)
67 CVE-2008-1483; ok djm@
adb7acbc 68 - jmc@cvs.openbsd.org 2008/03/27 22:37:57
69 [sshd.8]
70 remove trailing whitespace;
53e0dc70 71 - djm@cvs.openbsd.org 2008/04/03 09:50:14
72 [version.h]
73 openssh-5.0
31b1b2c8 74 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
75 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
dd052df9 76 - (djm) [README] Update link to release notes
098ebea7 77 - (djm) Release 5.0p1
31b1b2c8 78
7920080315
80 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
81 empty; report and patch from Peter Stuge
82 - (djm) [regress/test-exec.sh] Silence noise from detection of putty
83 commands; report from Peter Stuge
84 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
85 crashes when used with ChrootDirectory
86
2b363e83 87
0b639bf6 8820080327
89 - (dtucker) Cache selinux status earlier so we know if it's enabled after a
90 chroot. Allows ChrootDirectory to work with selinux support compiled in
91 but not enabled. Using it with selinux enabled will require some selinux
92 support inside the chroot. "looks sane" djm@
96110356 93 - (djm) Fix RCS ident in sftp-server-main.c
cea5c2ba 94 - (djm) OpenBSD CVS sync:
95 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
96 [ssh.1 sshd.8 sshd_config.5]
97 bump Mdocdate for pages committed in "febuary", necessary because
98 of a typo in rcs.c;
d1978bb4 99 - deraadt@cvs.openbsd.org 2008/03/13 01:49:53
100 [monitor_fdpass.c]
101 Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
102 an extensive discussion with otto, kettenis, millert, and hshoexer
93cdda57 103 - deraadt@cvs.openbsd.org 2008/03/15 16:19:02
104 [monitor_fdpass.c]
105 Repair the simple cases for msg_controllen where it should just be
106 CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
107 of alignment; ok kettenis hshoexer
530f04a8 108 - djm@cvs.openbsd.org 2008/03/23 12:54:01
109 [sftp-client.c]
110 prefer POSIX-style file renaming over filexfer rename behaviour if the
111 server supports the posix-rename@openssh.com extension.
112 Note that the old (filexfer) behaviour would refuse to clobber an
113 existing file. Users who depended on this should adjust their sftp(1)
114 usage.
115 ok deraadt@ markus@
cab36661 116 - deraadt@cvs.openbsd.org 2008/03/24 16:11:07
117 [monitor_fdpass.c]
118 msg_controllen has to be CMSG_SPACE so that the kernel can account for
119 each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
120 works now that kernel fd passing has been fixed to accept a bit of
121 sloppiness because of this ABI repair.
122 lots of discussion with kettenis
6e2a8e29 123 - djm@cvs.openbsd.org 2008/03/25 11:58:02
124 [session.c sshd_config.5]
125 ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
126 from dtucker@ ok deraadt@ djm@
0adb9449 127 - djm@cvs.openbsd.org 2008/03/25 23:01:41
128 [session.c]
129 last patch had backwards test; spotted by termim AT gmail.com
8c03e768 130 - djm@cvs.openbsd.org 2008/03/26 21:28:14
131 [auth-options.c auth-options.h session.c sshd.8]
132 add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
3b6ed4a3 133 - djm@cvs.openbsd.org 2008/03/27 00:16:49
134 [version.h]
135 openssh-4.9
f47fb977 136 - djm@cvs.openbsd.org 2008/03/24 21:46:54
137 [regress/sftp-badcmds.sh]
138 disable no-replace rename test now that we prefer a POSIX rename; spotted
139 by dkrause@
a0969097 140 - (djm) [configure.ac] fix alignment of --without-stackprotect description
bb23b54f 141 - (djm) [configure.ac] --with-selinux too
16510bb8 142 - (djm) [regress/Makefile] cleanup PuTTY interop test droppings
fc1c9fcf 143 - (djm) [README] Update link to release notes
1ca2f212 144 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
145 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
b667c771 146 - (djm) Release 4.9p1
0b639bf6 147
3e782ad1 14820080315
149 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
150 empty; report and patch from Peter Stuge
151 - (djm) [regress/test-exec.sh] Silence noise from detection of putty
152 commands; report from Peter Stuge
fab9144d 153 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
154 crashes when used with ChrootDirectory
3e782ad1 155
caba7de7 15620080314
157 - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
158 vinschen at redhat.com. Add () to put echo commands in subshell for lls test
159 I mistakenly left out of last commit.
9e8c6eb3 160 - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at
161 nas.nasa.gov
caba7de7 162
49f32817 16320080313
164 - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
165 self: make changes to Makefile.in next time, not the generated Makefile).
32f129d1 166 - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
167 puttygen(1) by $PATH
af8388bc 168 - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
169 by vinschen at redhat.com.
575a5ece 170 - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes
7e384d2c 171 from vinschen at redhat.com and imorgan at nas.nasa.gov
49f32817 172
17320080312
7fc75605 174 - (djm) OpenBSD CVS Sync
175 - dtucker@cvs.openbsd.org 2007/10/29 06:57:13
176 [regress/Makefile regress/localcommand.sh]
177 Add simple regress test for LocalCommand; ok djm@
a7c7196f 178 - jmc@cvs.openbsd.org 2007/11/25 15:35:09
179 [regress/agent-getpeereid.sh regress/agent.sh]
180 more existant -> existent, from Martynas Venckus;
181 pfctl changes: ok henning
182 ssh changes: ok deraadt
5e441c3c 183 - djm@cvs.openbsd.org 2007/12/12 05:04:03
184 [regress/sftp-cmds.sh]
185 unbreak lls command and add a regress test that would have caught the
186 breakage; spotted by mouring@
187 NB. sftp code change already committed.
f3dad773 188 - djm@cvs.openbsd.org 2007/12/21 04:13:53
189 [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
190 [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
191 basic (crypto, kex and transfer) interop regression tests against putty
192 To run these, install putty and run "make interop-tests" from the build
193 directory - the tests aren't run by default yet.
7fc75605 194
ce433d53 19520080311
83fa7e8d 196 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
197 pam_open_session and pam_close_session into the privsep monitor, which
198 will ensure that pam_session_close is called as root. Patch from Tomas
199 Mraz.
200
caa21240 20120080309
202 - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
203 always work for all platforms and versions, so test what we can and
204 add a configure flag to turn it of if needed. ok djm@
b2c70125 205 - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
206 implementation. It's not needed to fix bug #1081 and breaks the build
207 on some AIX configurations.
3828f887 208 - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
209 equivalent of LLONG_MAX for the compat regression tests, which makes them
210 run on AIX and HP-UX. Patch from David Leonard.
23c5c479 211 - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
212 platforms where gcc understands the option but it's not supported (and
213 thus generates a warning).
caa21240 214
c9e2b157 21520080307
216 - (djm) OpenBSD CVS Sync
217 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
218 [ssh.1 sshd.8 sshd_config.5]
219 bump Mdocdate for pages committed in "febuary", necessary because
220 of a typo in rcs.c;
3dfce5de 221 - djm@cvs.openbsd.org 2008/02/13 22:38:17
222 [servconf.h session.c sshd.c]
223 rekey arc4random and OpenSSL RNG in postauth child
224 closefrom fds > 2 before shell/command execution
225 ok markus@
2600996b 226 - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
227 [sshd.c]
228 When started in configuration test mode (-t) do not check that sshd is
229 being started with an absolute path.
230 ok djm
e2875d9a 231 - markus@cvs.openbsd.org 2008/02/20 15:25:26
232 [session.c]
233 correct boolean encoding for coredump; der Mouse via dugsong
1d395ba0 234 - djm@cvs.openbsd.org 2008/02/22 05:58:56
235 [session.c]
236 closefrom() call was too early, delay it until just before we execute
237 the user's rc files (if any).
ac47b626 238 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02
239 [clientloop.c packet.c packet.h serverloop.c]
240 Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
241 keepalive timer (bz #1307). ok markus@
9fcc4e18 242 - djm@cvs.openbsd.org 2008/02/27 20:21:15
243 [sftp-server.c]
244 add an extension method "posix-rename@openssh.com" to perform POSIX atomic
245 rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
246 ok dtucker@ markus@
0c9a63f1 247 - deraadt@cvs.openbsd.org 2008/03/02 18:19:35
248 [monitor_fdpass.c]
249 use a union to ensure alignment of the cmsg (pay attention: various other
250 parts of the tree need this treatment too); ok djm
3673ea60 251 - deraadt@cvs.openbsd.org 2008/03/04 21:15:42
252 [version.h]
253 crank version; from djm
9fd799a4 254 - (tim) [regress/sftp-glob.sh] Shell portability fix.
c9e2b157 255
fbfeb0de 25620080302
257 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
258 either, so use our own.
259
6ce84f4f 26020080229
261 - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
262 configure (and there's not much point, as openssh won't work without it)
263 so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
264 built in. Remove HAVE_SELECT so we can build on platforms without poll.
55b82b39 265 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.
29317db4 266 - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From
267 Debian patch via bernd AT openbsd.org
6ce84f4f 268
ebddd492 26920080228
270 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
271 linking problems on AIX with gcc 4.1.x.
f5f25d17 272 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
273 openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
274 header to after OpenSSL headers, since some versions of OpenSSL have
275 SSLeay_add_all_algorithms as a macro already.
6e013118 276 - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
277 compat glue into openssl-compat.h.
533a78f0 278 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
279 getgrouplist via getgrset on AIX, rather than iterating over getgrent.
280 This allows, eg, Match and AllowGroups directives to work with NIS and
281 LDAP groups.
5c7fd4ce 282 - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the
283 same SyslogFacility as the rest of sshd. Patch from William Knox,
284 ok djm@.
ebddd492 285
2db5d1e9 28620080225
287 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
288 since it now conflicts with the helper function in misc.c. From
289 vinschen AT redhat.com.
a74e9b64 290 - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
291 of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
292 Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
3e35bb36 293 - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle
294 headers so ./configure --with-ssl-engine actually works. Patch from
295 Ian Lister.
2db5d1e9 296
880a060b 29720080224
298 - (tim) [contrib/cygwin/ssh-host-config]
299 Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
300 Check more thoroughly that it's possible to create the /var/empty directory.
301 Patch by vinschen AT redhat.com
302
737cce6f 30320080210
304 - OpenBSD CVS Sync
305 - chl@cvs.openbsd.org 2008/01/11 07:22:28
306 [sftp-client.c sftp-client.h]
307 disable unused functions
308 initially from tobias@, but disabled them by placing them in
309 "#ifdef notyet" which was asked by djm@
310 ok djm@ tobias@
05841f5b 311 - djm@cvs.openbsd.org 2008/01/19 19:13:28
312 [ssh.1]
313 satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
314 some commandline parsing warnings go unconditionally to stdout).
4d6760a7 315 - djm@cvs.openbsd.org 2008/01/19 20:48:53
316 [clientloop.c]
317 fd leak on session multiplexing error path. Report and patch from
318 gregory_shively AT fanniemae.com
7cd4e5bc 319 - djm@cvs.openbsd.org 2008/01/19 20:51:26
320 [ssh.c]
321 ignore SIGPIPE in multiplex client mode - we can receive this if the
322 server runs out of fds on us midway. Report and patch from
323 gregory_shively AT fanniemae.com
1c861236 324 - djm@cvs.openbsd.org 2008/01/19 22:04:57
325 [sftp-client.c]
326 fix remote handle leak in do_download() local file open error path;
327 report and fix from sworley AT chkno.net
ccc6beea 328 - djm@cvs.openbsd.org 2008/01/19 22:22:58
329 [ssh-keygen.c]
330 when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
331 hash just the specified hostname and not the entire hostspec from the
332 keyfile. It may be of the form "hostname,ipaddr", which would lead to
333 a hash that never matches. report and fix from jp AT devnull.cz
f8f89bae 334 - djm@cvs.openbsd.org 2008/01/19 22:37:19
335 [ssh-keygen.c]
336 unbreak line numbering (broken in revision 1.164), fix error message
bc4cc956 337 - djm@cvs.openbsd.org 2008/01/19 23:02:40
338 [channels.c]
339 When we added support for specified bind addresses for port forwards, we
340 added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
341 this for -L port forwards that causes the client to listen on both v4
342 and v6 addresses when connected to a server with this quirk, despite
343 having set 0.0.0.0 as a bind_address.
344 report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
fe771396 345 - djm@cvs.openbsd.org 2008/01/19 23:09:49
346 [readconf.c readconf.h sshconnect2.c]
347 promote rekeylimit to a int64 so it can hold the maximum useful limit
348 of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
70755b3b 349 - djm@cvs.openbsd.org 2008/01/20 00:38:30
350 [sftp.c]
351 When uploading, correctly handle the case of an unquoted filename with
352 glob metacharacters that match a file exactly but not as a glob, e.g. a
353 file called "[abcd]". report and test cases from duncan2nd AT gmx.de
b4bbe43c 354 - djm@cvs.openbsd.org 2008/01/21 17:24:30
355 [sftp-server.c]
356 Remove the fixed 100 handle limit in sftp-server and allocate as many
357 as we have available file descriptors. Patch from miklos AT szeredi.hu;
358 ok dtucker@ markus@
514a858e 359 - djm@cvs.openbsd.org 2008/01/21 19:20:17
360 [sftp-client.c]
361 when a remote write error occurs during an upload, ensure that ACKs for
362 all issued requests are properly drained. patch from t8m AT centrum.cz
aacfb17b 363 - dtucker@cvs.openbsd.org 2008/01/23 01:56:54
364 [clientloop.c packet.c serverloop.c]
365 Revert the change for bz #1307 as it causes connection aborts if an IGNORE
366 packet arrives while we're waiting in packet_read_expect (and possibly
367 elsewhere).
51402e76 368 - jmc@cvs.openbsd.org 2008/01/31 20:06:50
369 [scp.1]
370 explain how to handle local file names containing colons;
371 requested by Tamas TEVESZ
372 ok dtucker
c33ba17e 373 - markus@cvs.openbsd.org 2008/02/04 21:53:00
374 [session.c sftp-server.c sftp.h]
375 link sftp-server into sshd; feedback and ok djm@
7c36e880 376 - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
377 [ssh.1 sshd.8]
378 Document the correct permissions for the ~/.ssh/ directory.
379 ok jmc
2bd88d9f 380 - djm@cvs.openbsd.org 2008/02/10 09:55:37
381 [sshd_config.5]
382 mantion that "internal-sftp" is useful with ForceCommand too
c5bf32e6 383 - djm@cvs.openbsd.org 2008/02/10 10:54:29
384 [servconf.c session.c]
385 delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
386 home, rather than the user who starts sshd (probably root)
737cce6f 387
efcc134b 38820080119
389 - (djm) Silence noice from expr in ssh-copy-id; patch from
390 mikel AT mikelward.com
8eff0d0a 391 - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
392 tsr2600 AT gmail.com
efcc134b 393
bd326285 39420080102
395 - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
396
2a72bc03 39720080101
398 - (dtucker) OpenBSD CVS Sync
399 - dtucker@cvs.openbsd.org 2007/12/31 10:41:31
400 [readconf.c servconf.c]
401 Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
402 from Dmitry V. Levin, ok djm@
59d68bae 403 - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
404 [sshd.c]
405 When in inetd mode, have sshd generate a Protocol 1 ephemeral server
406 key only for connections where the client chooses Protocol 1 as opposed
407 to when it's enabled in the server's config. Speeds up Protocol 2
408 connections to inetd-mode servers that also allow Protocol 1. bz #440,
409 based on a patch from bruno at wolff.to, ok markus@
e5088d08 410 - dtucker@cvs.openbsd.org 2008/01/01 08:47:04
411 [misc.c]
412 spaces -> tabs from my previous commit
413 - dtucker@cvs.openbsd.org 2008/01/01 09:06:39
414 [scp.c]
415 If scp -p encounters a pre-epoch timestamp, use the epoch which is
416 as close as we can get given that it's used unsigned. Add a little
417 debugging while there. bz #828, ok djm@
2ef741a3 418 - dtucker@cvs.openbsd.org 2008/01/01 09:27:33
419 [sshd_config.5 servconf.c]
420 Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
421 only from the local network. ok markus@, man page bit ok jmc@
c9babd71 422 - dtucker@cvs.openbsd.org 2008/01/01 08:51:20
423 [moduli]
424 Updated moduli file; ok djm@
2a72bc03 425
a8ad3b9d 42620071231
427 - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
428 builtin glob implementation on Mac OS X. Based on a patch from
429 vgiffin at apple.
430
65172fff 43120071229
432 - (dtucker) OpenBSD CVS Sync
433 - djm@cvs.openbsd.org 2007/12/12 05:04:03
434 [sftp.c]
435 unbreak lls command and add a regress test that would have caught the
436 breakage; spotted by mouring@
bb4626fe 437 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08
438 [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
439 sshd.c]
440 Add a small helper function to consistently handle the EAI_SYSTEM error
441 code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
442 ok markus@ stevesk@
271db2da 443 - dtucker@cvs.openbsd.org 2007/12/28 15:32:24
444 [clientloop.c serverloop.c packet.c]
445 Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
446 ServerAlive and ClientAlive timers. Prevents dropping a connection
447 when these are enabled but the peer does not support our keepalives.
448 bz #1307, ok djm@.
016f1482 449 - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
450 [clientloop.c]
451 Use the correct packet maximum sizes for remote port and agent forwarding.
452 Prevents the server from killing the connection if too much data is queued
453 and an excessively large packet gets sent. bz #1360, ok djm@.
65172fff 454
eb5a7224 45520071202
456 - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
457 gcc supports it. ok djm@
4b565fda 458 - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
459 leftover debug code.
ecb431c1 460 - (dtucker) OpenBSD CVS Sync
461 - dtucker@cvs.openbsd.org 2007/10/29 00:52:45
462 [auth2-gss.c]
463 Allow build without -DGSSAPI; ok deraadt@
464 (Id sync only, Portable already has the ifdefs)
d0420e01 465 - dtucker@cvs.openbsd.org 2007/10/29 01:55:04
466 [ssh.c]
467 Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
468 ok djm@
dc0cae51 469 - dtucker@cvs.openbsd.org 2007/10/29 04:08:08
470 [monitor_wrap.c monitor.c]
471 Send config block back to slave for invalid users too so options
472 set by a Match block (eg Banner) behave the same for non-existent
473 users. Found by and ok djm@
d349e4bd 474 - dtucker@cvs.openbsd.org 2007/10/29 06:51:59
475 [ssh_config.5]
476 ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
c80e7e5d 477 - dtucker@cvs.openbsd.org 2007/10/29 06:54:50
478 [ssh.c]
479 Make LocalCommand work for Protocol 1 too; ok djm@
eb86ca9d 480 - jmc@cvs.openbsd.org 2007/10/29 07:48:19
481 [ssh_config.5]
482 clean up after previous macro removal;
16912319 483 - djm@cvs.openbsd.org 2007/11/03 00:36:14
484 [clientloop.c]
485 fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
486 ok dtucker@
a7082e17 487 - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
488 [ssh.c]
489 bz #1377: getpwuid results were being clobbered by another getpw* call
490 inside tilde_expand_filename(); save the data we need carefully
491 ok djm
42f4b33f 492 - dtucker@cvs.openbsd.org 2007/11/03 02:00:32
493 [ssh.c]
494 Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
f622d144 495 - deraadt@cvs.openbsd.org 2007/11/03 02:03:49
496 [ssh.c]
497 avoid errno trashing in signal handler; ok dtucker
eb5a7224 498
d884586a 49920071030
500 - (djm) OpenBSD CVS Sync
501 - djm@cvs.openbsd.org 2007/10/29 23:49:41
502 [openbsd-compat/sys-tree.h]
503 remove extra backslash at the end of RB_PROTOTYPE, report from
504 Jan.Pechanec AT Sun.COM; ok deraadt@
505
73209290 50620071026
507 - (djm) OpenBSD CVS Sync
508 - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
509 [sshpty.c]
510 remove #if defined block not needed; ok markus@ dtucker@
511 (NB. RCD ID sync only for portable)
530c2ec0 512 - djm@cvs.openbsd.org 2007/09/21 03:05:23
513 [ssh_config.5]
514 document KbdInteractiveAuthentication in ssh_config.5;
515 patch from dkg AT fifthhorseman.net
a3d3770c 516 - djm@cvs.openbsd.org 2007/09/21 08:15:29
517 [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
518 [monitor.c monitor_wrap.c]
519 unifdef -DBSD_AUTH
520 unifdef -USKEY
521 These options have been in use for some years;
522 ok markus@ "no objection" millert@
523 (NB. RCD ID sync only for portable)
18660b86 524 - canacar@cvs.openbsd.org 2007/09/25 23:48:57
525 [ssh-agent.c]
526 When adding a key that already exists, update the properties
527 (time, confirm, comment) instead of discarding them. ok djm@ markus@
5e4fce9c 528 - ray@cvs.openbsd.org 2007/09/27 00:15:57
529 [dh.c]
530 Don't return -1 on error in dh_pub_is_valid(), since it evaluates
531 to true.
532 Also fix a typo.
533 Initial diff from Matthew Dempsky, input from djm.
534 OK djm, markus.
e05f182e 535 - dtucker@cvs.openbsd.org 2007/09/29 00:25:51
536 [auth2.c]
537 Remove unused prototype. ok djm@
3e2d9453 538 - chl@cvs.openbsd.org 2007/10/02 17:49:58
539 [ssh-keygen.c]
540 handles zero-sized strings that fgets can return
c5b78b8e 541 properly removes trailing newline
542 removes an unused variable
543 correctly counts line number
544 "looks ok" ray@ markus@
c462cd6f 545 - markus@cvs.openbsd.org 2007/10/22 19:10:24
546 [readconf.c]
547 make sure that both the local and remote port are correct when
548 parsing -L; Jan Pechanec (bz #1378)
a733c71c 549 - djm@cvs.openbsd.org 2007/10/24 03:30:02
550 [sftp.c]
551 rework argument splitting and parsing to cope correctly with common
552 shell escapes and make handling of escaped characters consistent
553 with sh(1) and between sftp commands (especially between ones that
554 glob their arguments and ones that don't).
555 parse command flags using getopt(3) rather than hand-rolled parsers.
556 ok dtucker@
99b49072 557 - djm@cvs.openbsd.org 2007/10/24 03:44:02
558 [scp.c]
559 factor out network read/write into an atomicio()-like function, and
560 use it to handle short reads, apply bandwidth limits and update
561 counters. make network IO non-blocking, so a small trickle of
562 reads/writes has a chance of updating the progress meter; bz #799
563 ok dtucker@
49e0d774 564 - djm@cvs.openbsd.org 2006/08/29 09:44:00
565 [regress/sftp-cmds.sh]
566 clean up our mess
04ebbaad 567 - markus@cvs.openbsd.org 2006/11/06 09:27:43
568 [regress/cfgmatch.sh]
569 fix quoting for non-(c)sh login shells.
1c158420 570 - dtucker@cvs.openbsd.org 2006/12/13 08:36:36
571 [regress/cfgmatch.sh]
572 Additional test for multiple PermitOpen entries. ok djm@
ac01e61a 573 - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
574 [regress/cipher-speed.sh regress/try-ciphers.sh]
575 test umac-64@openssh.com
576 ok djm@
ba59fd15 577 - djm@cvs.openbsd.org 2007/10/24 03:32:35
578 [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
579 comprehensive tests for sftp escaping its interaction with globbing;
580 ok dtucker@
2432048a 581 - djm@cvs.openbsd.org 2007/10/26 05:30:01
582 [regress/sftp-glob.sh regress/test-exec.sh]
583 remove "echo -E" crap that I added in last commit and use printf(1) for
584 cases where we strictly require echo not to reprocess escape characters.
9e8278d2 585 - deraadt@cvs.openbsd.org 2005/11/28 17:50:12
586 [openbsd-compat/glob.c]
587 unused arg in internal static API
0af8cee7 588 - jakob@cvs.openbsd.org 2007/10/11 18:36:41
d6f5019c 589 [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
0af8cee7 590 use RRSIG instead of SIG for DNSSEC. ok djm@
a9733dc0 591 - otto@cvs.openbsd.org 2006/10/21 09:55:03
592 [openbsd-compat/base64.c]
593 remove calls to abort(3) that can't happen anyway; from
594 <bret dot lambert at gmail.com>; ok millert@ deraadt@
49f7b80f 595 - frantzen@cvs.openbsd.org 2004/04/24 18:11:46
596 [openbsd-compat/sys-tree.h]
4987209d 597 sync to Niels Provos' version. avoid unused variable warning in
598 RB_NEXT()
49f7b80f 599 - tdeval@cvs.openbsd.org 2004/11/24 18:10:42
600 [openbsd-compat/sys-tree.h]
601 typo
e271997a 602 - grange@cvs.openbsd.org 2004/05/04 16:59:32
603 [openbsd-compat/sys-queue.h]
604 Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
605 This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
606 ok millert krw deraadt
d0f02ff0 607 - deraadt@cvs.openbsd.org 2005/02/25 13:29:30
608 [openbsd-compat/sys-queue.h]
609 minor white spacing
2d67e48d 610 - otto@cvs.openbsd.org 2005/10/17 20:19:42
611 [openbsd-compat/sys-queue.h]
612 Performing certain operations on queue.h data structurs produced
613 funny results. An example is calling LIST_REMOVE on the same
614 element twice. This will not fail, but result in a data structure
615 referencing who knows what. Prevent these accidents by NULLing some
616 fields on remove and replace. This way, either a panic or segfault
617 will be produced on the faulty operation.
95760c2a 618 - otto@cvs.openbsd.org 2005/10/24 20:25:14
619 [openbsd-compat/sys-queue.h]
620 Partly backout. NOLIST, used in LISTs is probably interfering.
621 requested by deraadt@
5fda41d4 622 - otto@cvs.openbsd.org 2005/10/25 06:37:47
623 [openbsd-compat/sys-queue.h]
624 Some uvm problem is being exposed with the more strict macros.
625 Revert until we've found out what's causing the panics.
c7215802 626 - otto@cvs.openbsd.org 2005/11/25 08:06:25
627 [openbsd-compat/sys-queue.h]
628 Introduce debugging aid for queue macros. Disabled by default; but
629 developers are encouraged to run with this enabled.
630 ok krw@ fgsch@ deraadt@
9a35f8ed 631 - otto@cvs.openbsd.org 2007/04/30 18:42:34
632 [openbsd-compat/sys-queue.h]
633 Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
634 Input and okays from krw@, millert@, otto@, deraadt@, miod@.
5f762762 635 - millert@cvs.openbsd.org 2004/10/07 16:56:11
636 GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
637 block.
638 (NB. mostly an RCS ID sync, as portable strips out the conditionals)
a556beb5 639 - (djm) [regress/sftp-cmds.sh]
640 Use more restrictive glob to pick up test files from /bin - some platforms
641 ship broken symlinks there which could spoil the test.
882d4fb0 642 - (djm) [openbsd-compat/bindresvport.c]
643 Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
530c2ec0 644
8aa5db7d 64520070927
646 - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
647 we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
86996ebe 648 - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
649 so disable it for that platform. From bacon at cs nyu edu.
8aa5db7d 650
9e994eff 65120070921
652 - (djm) [atomicio.c] Fix spin avoidance for platforms that define
653 EWOULDBLOCK; patch from ben AT psc.edu
654
590c0dda 65520070917
656 - (djm) OpenBSD CVS Sync
657 - djm@cvs.openbsd.org 2007/08/23 02:49:43
658 [auth-passwd.c auth.c session.c]
659 unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
660 NB. RCS ID sync only for portable
466143fd 661 - djm@cvs.openbsd.org 2007/08/23 02:55:51
662 [auth-passwd.c auth.c session.c]
663 missed include bits from last commit
664 NB. RCS ID sync only for portable
2aa63b7b 665 - djm@cvs.openbsd.org 2007/08/23 03:06:10
666 [auth.h]
667 login_cap.h doesn't belong here
668 NB. RCS ID sync only for portable
ba8cfba6 669 - djm@cvs.openbsd.org 2007/08/23 03:22:16
670 [auth2-none.c sshd_config sshd_config.5]
671 Support "Banner=none" to disable displaying of the pre-login banner;
672 ok dtucker@ deraadt@
3af8ef1e 673 - djm@cvs.openbsd.org 2007/08/23 03:23:26
674 [sshconnect.c]
675 Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
8de7aaab 676 - djm@cvs.openbsd.org 2007/09/04 03:21:03
677 [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
678 [monitor_wrap.c ssh.c]
679 make file descriptor passing code return an error rather than call fatal()
680 when it encounters problems, and use this to make session multiplexing
681 masters survive slaves failing to pass all stdio FDs; ok markus@
71300a43 682 - djm@cvs.openbsd.org 2007/09/04 11:15:56
683 [ssh.c sshconnect.c sshconnect.h]
684 make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
685 SSH banner exchange (previously it just covered the TCP connection).
686 This allows callers of ssh(1) to better detect and deal with stuck servers
687 that accept a TCP connection but don't progress the protocol, and also
688 makes ConnectTimeout useful for connections via a ProxyCommand;
689 feedback and "looks ok" markus@
269cfc8a 690 - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
691 [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
692 sort synopsis and options in ssh-agent(1); usage is lowercase
693 ok jmc@
39fa9566 694 - stevesk@cvs.openbsd.org 2007/09/11 04:36:29
695 [sshpty.c]
696 sort #include
697 NB. RCS ID sync only
b05117ac 698 - gilles@cvs.openbsd.org 2007/09/11 15:47:17
699 [session.c ssh-keygen.c sshlogin.c]
700 use strcspn to properly overwrite '\n' in fgets returned buffer
701 ok pyr@, ray@, millert@, moritz@, chl@
f119adf5 702 - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
703 [sshpty.c]
704 remove #if defined block not needed; ok markus@ dtucker@
705 NB. RCS ID sync only
7cfacf5e 706 - stevesk@cvs.openbsd.org 2007/09/12 19:39:19
707 [umac.c]
708 use xmalloc() and xfree(); ok markus@ pvalchev@
f8f7ecf5 709 - djm@cvs.openbsd.org 2007/09/13 04:39:04
710 [sftp-server.c]
711 fix incorrect test when setting syslog facility; from Jan Pechanec
9e7f4c4f 712 - djm@cvs.openbsd.org 2007/09/16 00:55:52
713 [sftp-client.c]
714 use off_t instead of u_int64_t for file offsets, matching what the
715 progressmeter code expects; bz #842
7bf7b86c 716 - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
717 Problem report and additional testing rac AT tenzing.org.
590c0dda 718
e5fe7821 71920070914
720 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
721 Patch from Jan.Pechanec at sun com.
722
822e80ce 72320070910
724 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
725 return 0 on successful test. From David.Leonard at quest com.
d837615a 726 - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
727 did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
822e80ce 728
145707ab 72920070817
730 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
731 accounts and that's what the code looks for, so make man page and code
732 agree. Pointed out by Roumen Petrov.
85eed7c2 733 - (dtucker) [INSTALL] Group the parts describing random options and PAM
734 implementations together which is hopefully more coherent.
3d1d89ea 735 - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
49f63a45 736 - (dtucker) [INSTALL] Give PAM its own heading.
3c4db087 737 - (dtucker) [INSTALL] Link to tcpwrappers.
145707ab 738
8d5728b7 73920070816
740 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
741 connections too. Based on a patch from Sandro Wefel, with & ok djm@
742
ed64eeca 74320070815
744 - (dtucker) OpenBSD CVS Sync
745 - markus@cvs.openbsd.org 2007/08/15 08:14:46
746 [clientloop.c]
747 do NOT fall back to the trused x11 cookie if generation of an untrusted
9c36d7f7 748 cookie fails; from Jan Pechanec, via security-alert at sun.com;
749 ok dtucker
3f921d0e 750 - markus@cvs.openbsd.org 2007/08/15 08:16:49
751 [version.h]
752 openssh 4.7
1ce8114b 753 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41
754 [ssh_config.5]
755 tun device forwarding now honours ExitOnForwardFailure; ok markus@
06d20497 756 - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
757 ok djm@
4671cc21 758 - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
759 contrib/suse/openssh.spec] Crank version.
ed64eeca 760
265edd5e 76120070813
762 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
763 called with PAM_ESTABLISH_CRED at least once, which resolves a problem
764 with pam_dhkeys. Patch from David Leonard, ok djm@
765
6b3e6430 76620070810
767 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
575ee4c4 768 - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From
769 Matt Kraai, ok djm@
6b3e6430 770
86c718e3 77120070809
772 - (dtucker) [openbsd-compat/port-aix.c] Comment typo.
549d7c4d 773 - (dtucker) [README.platform] Document the interaction between PermitRootLogin
774 and the AIX native login restrictions.
929a784c 775 - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
776 used anywhere and are a potential source of warnings.
86c718e3 777
1b73b60e 77820070808
779 - (djm) OpenBSD CVS Sync
780 - ray@cvs.openbsd.org 2007/07/12 05:48:05
781 [key.c]
782 Delint: remove some unreachable statements, from Bret Lambert.
783 OK markus@ and dtucker@.
d0ac0d65 784 - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
785 [scp.1 scp.c]
786 the ellipsis is not an optional argument; while here, sync the usage
787 and synopsis of commands
788 lots of good ideas by jmc@
789 ok jmc@
79303c5a 790 - djm@cvs.openbsd.org 2007/08/07 07:32:53
791 [clientloop.c clientloop.h ssh.c]
792 bz#1232: ensure that any specified LocalCommand is executed after the
793 tunnel device is opened. Also, make failures to open a tunnel device
794 fatal when ExitOnForwardFailure is active.
795 Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
1b73b60e 796
af12bf9c 79720070724
798 - (tim) [openssh.xml.in] make FMRI match what package scripts use.
87f560bb 799 - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
25c1216a 800 Report/patch by David.Leonard AT quest.com (and Bernhard Simon)
5498741c 801 - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
a817bc2b 802 - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
af12bf9c 803
665ca996 80420070628
805 - (djm) bz#1325: Fix SELinux in permissive mode where it would
806 incorrectly fatal() on errors. patch from cjwatson AT debian.org;
807 ok dtucker
808
91044296 80920070625
810 - (dtucker) OpenBSD CVS Sync
811 - djm@cvs.openbsd.org 2007/06/13 00:21:27
812 [scp.c]
813 don't ftruncate() non-regular files; bz#1236 reported by wood AT
814 xmission.com; ok dtucker@
2c505585 815 - djm@cvs.openbsd.org 2007/06/14 21:43:25
816 [ssh.c]
817 handle EINTR when waiting for mux exit status properly
50455824 818 - djm@cvs.openbsd.org 2007/06/14 22:48:05
819 [ssh.c]
820 when waiting for the multiplex exit status, read until the master end
821 writes an entire int of data *and* closes the client_fd; fixes mux
822 regression spotted by dtucker, ok dtucker@
5a5e8b42 823 - djm@cvs.openbsd.org 2007/06/19 02:04:43
824 [atomicio.c]
825 if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
826 avoid a spin if it is not yet ready for reading/writing; ok dtucker@
d9245683 827 - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
828 [channels.c]
829 Correct test for window updates every three packets; prevents sending
830 window updates for every single packet. ok markus@
12ae19b0 831 - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
832 [atomicio.c]
833 Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
15aaadea 834 - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
835 atomicio.
6d39a5c4 836 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
837 openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
838 Add an implementation of poll() built on top of select(2). Code from
839 OpenNTPD with changes suggested by djm. ok djm@
91044296 840
cc43e894 84120070614
842 - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
843 USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
844 shared with umac.c. Allows building with OpenSSL 0.9.5 again including
845 umac support. With tim@ djm@, ok djm.
bff0be25 846 - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
847 sections. Fixes builds with early OpenSSL 0.9.6 versions.
9c9c3030 848 - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
849 of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
850 subsequent <0.9.7 test.
cc43e894 851
e110afc3 85220070612
853 - (dtucker) OpenBSD CVS Sync
854 - markus@cvs.openbsd.org 2007/06/11 09:14:00
855 [channels.h]
856 increase default channel windows; ok djm
8f41056c 857 - djm@cvs.openbsd.org 2007/06/12 07:41:00
858 [ssh-add.1]
859 better document ssh-add's -d option (delete identies from agent), bz#1224
860 new text based on some provided by andrewmc-debian AT celt.dias.ie;
861 ok dtucker@
73d4e9cc 862 - djm@cvs.openbsd.org 2007/06/12 08:20:00
863 [ssh-gss.h gss-serv.c gss-genr.c]
864 relocate server-only GSSAPI code from libssh to server; bz #1225
865 patch from simon AT sxw.org.uk; ok markus@ dtucker@
4634ee16 866 - djm@cvs.openbsd.org 2007/06/12 08:24:20
867 [scp.c]
868 make scp try to skip FIFOs rather than blocking when nothing is listening.
869 depends on the platform supporting sane O_NONBLOCK semantics for open
870 on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
871 bz #856; report by cjwatson AT debian.org; ok markus@
5805c516 872 - djm@cvs.openbsd.org 2007/06/12 11:11:08
873 [ssh.c]
874 fix slave exit value when a control master goes away without passing the
875 full exit status by ensuring that the slave reads a full int. bz#1261
876 reported by frekko AT gmail.com; ok markus@ dtucker@
b2f4d5cc 877 - djm@cvs.openbsd.org 2007/06/12 11:15:17
878 [ssh.c ssh.1]
879 Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
880 GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
881 and is useful for hosts with /home on Kerberised NFS; bz #1312
882 patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
6b34f31f 883 - djm@cvs.openbsd.org 2007/06/12 11:45:27
884 [ssh.c]
885 improved exit message from multiplex slave sessions; bz #1262
886 reported by alexandre.nunes AT gmail.com; ok dtucker@
dc1c8785 887 - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
888 [gss-genr.c]
889 Pass GSS OID to gss_display_status to provide better information in
890 error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
c159f720 891 - jmc@cvs.openbsd.org 2007/06/12 13:41:03
892 [ssh-add.1]
893 identies -> identities;
3c6a67c2 894 - jmc@cvs.openbsd.org 2007/06/12 13:43:55
895 [ssh.1]
896 add -K to SYNOPSIS;
5be98986 897 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
898 [scp.c]
899 Encode filename with strnvis if the name contains a newline (which can't
900 be represented in the scp protocol), from bz #891. ok markus@
e110afc3 901
bd6a1355 90220070611
903 - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
904 fix; tested by dtucker@ and jochen.kirn AT gmail.com
f444d0f8 905 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
906 [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
907 [ssh_config.5 sshd.8 sshd_config.5]
908 Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
909 must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
910 compared to hmac-md5. Represents a different approach to message
911 authentication to that of HMAC that may be beneficial if HMAC based on
912 one of its underlying hash algorithms is found to be vulnerable to a
913 new attack. http://www.ietf.org/rfc/rfc4418.txt
914 in conjunction with and OK djm@
c22b0835 915 - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
916 [ssh_config]
917 Add a "MACs" line after "Ciphers" with the default MAC algorithms,
918 to ease people who want to tweak both (eg. for performance reasons).
919 ok deraadt@ djm@ dtucker@
bbc77085 920 - jmc@cvs.openbsd.org 2007/06/08 07:43:46
921 [ssh_config.5]
922 put the MAC list into a display, like we do for ciphers,
923 since groff has trouble handling wide lines;
33d2ae0f 924 - jmc@cvs.openbsd.org 2007/06/08 07:48:09
925 [sshd_config.5]
926 oops, here too: put the MAC list into a display, like we do for
927 ciphers, since groff has trouble with wide lines;
68a73f53 928 - markus@cvs.openbsd.org 2007/06/11 08:04:44
929 [channels.c]
930 send 'window adjust' messages every tree packets and do not wait
931 until 50% of the window is consumed. ok djm dtucker
1aac2117 932 - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
933 fallback to provided bit-swizzing functions
aee0a82f 934 - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
935 argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
936 but check anyway in case this changes or the code gets used elsewhere.
e9b2809d 937 - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
938 prevent warnings about redefinitions of various things in paths.h.
939 Spotted by cartmanltd at hotmail.com.
c22b0835 940
c33de4d8 94120070605
942 - (dtucker) OpenBSD CVS Sync
943 - djm@cvs.openbsd.org 2007/05/22 10:18:52
944 [sshd.c]
945 zap double include; from p_nowaczyk AT o2.pl
946 (not required in -portable, Id sync only)
68525040 947 - djm@cvs.openbsd.org 2007/05/30 05:58:13
948 [kex.c]
949 tidy: KNF, ARGSUSED and u_int
e473dcd1 950 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
951 [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
952 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
953 convert to new .Dd format;
954 (We will need to teach mdoc2man.awk to understand this too.)
d156cd22 955 - djm@cvs.openbsd.org 2007/05/31 23:34:29
956 [packet.c]
957 gc unreachable code; spotted by Tavis Ormandy
996279fc 958 - djm@cvs.openbsd.org 2007/06/02 09:04:58
959 [bufbn.c]
960 memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
a3de8da1 961 - djm@cvs.openbsd.org 2007/06/05 06:52:37
962 [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
963 Preserve MAC ctx between packets, saving 2xhash calls per-packet.
964 Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
965 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
966 committing at his request)
f43b2695 967 - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
968 OpenBSD's cvs now adds.
8c5a3b27 969 - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
970 mindrot's cvs doesn't expand it on us.
757841b2 971 - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
c33de4d8 972
2e5c9c30 97320070520
974 - (dtucker) OpenBSD CVS Sync
975 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
976 [auth2.c]
977 remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
23983bf9 978 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
979 [sftp-server.c]
980 cast "%llu" format spec to (unsigned long long); do not assume a
981 u_int64_t arg is the same as 'unsigned long long'.
982 from Dmitry V. Levin <ldv@altlinux.org>
983 ok markus@ 'Yes, that looks correct' millert@
51b787f2 984 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
985 [servconf.c]
986 Remove debug() left over from development. ok deraadt@
7ce05acc 987 - djm@cvs.openbsd.org 2007/05/17 07:50:31
988 [log.c]
989 save and restore errno when logging; ok deraadt@
72dea2d9 990 - djm@cvs.openbsd.org 2007/05/17 07:55:29
991 [sftp-server.c]
992 bz#1286 stop reading and processing commands when input or output buffer
993 is nearly full, otherwise sftp-server would happily try to grow the
994 input/output buffers past the maximum supported by the buffer API and
995 promptly fatal()
996 based on patch from Thue Janus Kristensen; feedback & ok dtucker@
7fd1deb2 997 - djm@cvs.openbsd.org 2007/05/17 20:48:13
998 [sshconnect2.c]
999 fall back to gethostname() when the outgoing connection is not
1000 on a socket, such as is the case when ProxyCommand is used.
1001 Gives hostbased auth an opportunity to work; bz#616, report
1002 and feedback stuart AT kaloram.com; ok markus@
21cd42db 1003 - djm@cvs.openbsd.org 2007/05/17 20:52:13
1004 [monitor.c]
1005 pass received SIGINT from monitor to postauth child so it can clean
1006 up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
1007 ok markus@
b2349766 1008 - jolan@cvs.openbsd.org 2007/05/17 23:53:41
1009 [sshconnect2.c]
1010 djm owes me a vb and a tism cd for breaking ssh compilation
fd8f181b 1011 - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
1012 ldv at altlinux.org.
e2dedae7 1013 - (dtucker) [auth-pam.c] Return empty string if fgets fails in
1014 sshpam_tty_conv. Patch from ldv at altlinux.org.
2e5c9c30 1015
40701614 101620070509
1017 - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
1018
65737b47 101920070429
1020 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
1021 for select(2) prototype.
e5b792cd 1022 - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
560acf80 1023 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
1024 platform's _res if it has one. Should fix problem of DNSSEC record lookups
1025 on NetBSD as reported by Curt Sampson.
81fa3f37 1026 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
0bf6279d 1027 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
1028 so we don't get redefinition warnings.
0b9fdeb8 1029 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
1030 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
1031 __nonnull__ for versions of GCC that don't support it.
b41ece30 1032 - (dtucker) [configure.ac defines.h] Have configure check for offsetof
1033 to prevent redefinition warnings.
0b9fdeb8 1034
6b44d402 103520070406
1036 - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
1037 to OpenPAM too.
e5d352eb 1038 - (dtucker) [INSTALL] prngd lives at sourceforge these days.
6b44d402 1039
a03acb8f 104020070326
1041 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
1042 openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
1043 to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
1044
e54defb4 104520070325
1046 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
1047 LIBWRAP and LIBPAM variables in Makefile with the general-purpose
1048 SSHDLIBS. "I like" djm@
1049
136d42b7 105020070321
1051 - (dtucker) OpenBSD CVS Sync
1052 - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
1053 [servconf.c sshd.c]
1054 Move C/R -> kbdint special case to after the defaults have been
1055 loaded, which makes ChallengeResponse default to yes again. This
1056 was broken by the Match changes and not fixed properly subsequently.
1057 Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
e93309c3 1058 - djm@cvs.openbsd.org 2007/03/19 01:01:29
1059 [sshd_config]
1060 Disable the legacy SSH protocol 1 for new installations via
1061 a configuration override. In the future, we will change the
1062 server's default itself so users who need the legacy protocol
1063 will need to turn it on explicitly
7f38e62e 1064 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
1065 [ssh-agent.c]
1066 Remove the signal handler that checks if the agent's parent process
1067 has gone away, instead check when the select loop returns. Record when
1068 the next key will expire when scanning for expired keys. Set the select
1069 timeout to whichever of these two things happens next. With djm@, with &
1070 ok deraadt@ markus@
f48fbab3 1071 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
1072 [readconf.c clientloop.c]
1073 remove some bogus *p tests from charles longeau
1074 ok deraadt millert
82029813 1075 - jmc@cvs.openbsd.org 2007/03/20 15:57:15
1076 [sshd.8]
1077 - let synopsis and description agree for -f
1078 - sort FILES
1079 - +.Xr ssh-keyscan 1 ,
1080 from Igor Sobrado
1961d660 1081 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
1082 getpeerucred to implement getpeereid (currently only Solaris 10 and up).
1083 Patch by Jan.Pechanec at Sun.
aee1c971 1084 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
1085 HAVE_GETPEERUCRED too. Also from Jan Pechanec.
136d42b7 1086
fce809d2 108720070313
1088 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
1089 string.h to prevent warnings, from vapier at gentoo.org.
5425009d 1090 - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
1091 selinux bits in -portable.
ab26a796 1092 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
1093 bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
1094 in cipher-bf1.c. Patch from Juan Gallego.
76ef2ed2 1095 - (dtucker) [README.platform] Info about blibpath on AIX.
fce809d2 1096
a863b75f 109720070306
1098 - (djm) OpenBSD CVS Sync
1099 - jmc@cvs.openbsd.org 2007/03/01 16:19:33
1100 [sshd_config.5]
1101 sort the `match' keywords;
95d6e8af 1102 - djm@cvs.openbsd.org 2007/03/06 10:13:14
1103 [version.h]
1104 openssh-4.6; "please" deraadt@
0a052bfe 1105 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1106 [contrib/suse/openssh.spec] crank spec files for release
9b86b75a 1107 - (djm) [README] correct link to release notes
68ff14ce 1108 - (djm) Release 4.6p1
a863b75f 1109
1d42bcce 111020070304
1111 - (djm) [configure.ac] add a --without-openssl-header-check option to
1112 configure, as some platforms (OS X) ship OpenSSL headers whose version
1113 does not match that of the shipping library. ok dtucker@
190d9b26 1114 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
1115 bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
1116 ciphers from working correctly (disconnects with "Bad packet length"
1117 errors) as found by Ben Harris. ok djm@
1d42bcce 1118
f0bbbd78 111920070303
1120 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
1121 general to cover newer gdb versions on HP-UX.
1122
04765d02 112320070302
1124 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
1125 CRLF as well as LF lineendings) and write in binary mode. Patch from
1126 vinschen at redhat.com.
2769e5d0 1127 - (dtucker) [INSTALL] Update to autoconf-2.61.
04765d02 1128
121c4a34 112920070301
1130 - (dtucker) OpenBSD CVS Sync
1131 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
1132 [auth2.c sshd_config.5 servconf.c]
1133 Remove ChallengeResponseAuthentication support inside a Match
1134 block as its interaction with KbdInteractive makes it difficult to
1135 support. Also, relocate the CR/kbdint option special-case code into
1136 servconf. "please commit" djm@, ok markus@ for the relocation.
840bd607 1137 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
1138 "Looks sane" dtucker@
121c4a34 1139
f10f9102 114020070228
1141 - (dtucker) OpenBSD CVS Sync
1142 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
1143 [ssh-agent.c]
1144 Remove expired keys periodically so they don't remain in memory when
1145 the agent is entirely idle, as noted by David R. Piegdon. This is the
1146 simple fix, a more efficient one will be done later. With markus,
1147 deraadt, with & ok djm.
1148
88ea6a3c 114920070225
1150 - (dtucker) OpenBSD CVS Sync
1151 - djm@cvs.openbsd.org 2007/02/20 10:25:14
1152 [clientloop.c]
1153 set maximum packet and window sizes the same for multiplexed clients
1154 as normal connections; ok markus@
1e823acf 1155 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
1156 [sshd.c]
1157 Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
1158 a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
1159 newly exec'ed sshd will get the SIGALRM and not have a handler for it,
1160 and the default action will terminate the listening sshd. Analysis and
1161 patch from andrew at gaul.org.
f3e3d6ce 1162 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
1163 [servconf.c]
1164 Check activep so Match and GatewayPorts work together; ok markus@
8c1cb72e 1165 - ray@cvs.openbsd.org 2007/02/24 03:30:11
1166 [moduli.c]
1167 - strlen returns size_t, not int.
1168 - Pass full buffer size to fgets.
1169 OK djm@, millert@, and moritz@.
88ea6a3c 1170
5792fbb7 117120070219
1172 - (dtucker) OpenBSD CVS Sync
1173 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
1174 [ssh_config.5]
1175 do not use a list for SYNOPSIS;
1176 this is actually part of a larger report sent by eric s. raymond
1177 and forwarded by brad, but i only read half of it. spotted by brad.
e91a8c3f 1178 - jmc@cvs.openbsd.org 2007/01/12 20:20:41
1179 [ssh-keygen.1 ssh-keygen.c]
1180 more secsh -> rfc 4716 updates;
1181 spotted by wiz@netbsd
1182 ok markus
70b5e752 1183 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
1184 [readconf.c]
1185 Honour activep for times (eg ServerAliveInterval) while parsing
1186 ssh_config and ~/.ssh/config so they work properly with Host directives.
1187 From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
1188 - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
1189 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
1190 spaces
0cf6a024 1191 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
1192 [readconf.c]
1193 spaces
e4d5ca17 1194 - djm@cvs.openbsd.org 2007/01/22 11:32:50
1195 [sftp-client.c]
1196 return error from do_upload() when a write fails. fixes bz#1252: zero
1197 exit status from sftp when uploading to a full device. report from
1198 jirkat AT atlas.cz; ok dtucker@
7df0afaf 1199 - djm@cvs.openbsd.org 2007/01/22 13:06:21
1200 [scp.c]
1201 fix detection of whether we should show progress meter or not: scp
1202 tested isatty(stderr) but wrote the progress meter to stdout. This patch
1203 makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
1204 of dtucker@
1b313731 1205 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
1206 [bufbn.c]
1207 typos in comments; ok jmc@
03bcbf84 1208 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
1209 [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
1210 Teach Match how handle config directives that are used before
1211 authentication. This allows configurations such as permitting password
1212 authentication from the local net only while requiring pubkey from
1213 offsite. ok djm@, man page bits ok jmc@
99d804ce 1214 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
1215 platforms don't have it. Patch from dleonard at vintela.com.
56a6f96f 1216 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
1217 an array for signatures when there are none since "calloc(0, n) returns
1218 NULL on some platforms (eg Tru64), which is explicitly permitted by
1219 POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
5792fbb7 1220
34640ce6 122120070128
1222 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
1223 when closing a tty session when a background process still holds tty
1224 fds open. Great detective work and patch by Marc Aurele La France,
1225 slightly tweaked by me; ok dtucker@
1226
4b478cc5 122720070123
1228 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
1229 library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
1230 so it works properly and modify its callers so that they don't pre or
1231 post decrement arguments that are conditionally evaluated. While there,
1232 put SNPRINTF_CONST back as it prevents build failures in some
1233 configurations. ok djm@ (for most of it)
1234
ed9b5e5f 123520070122
1236 - (djm) [ssh-rand-helper.8] manpage nits;
1237 from dleonard AT vintela.com (bz#1529)
1238
25bd7a2a 123920070117
1240 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
1241 and multiple including it causes problems on old IRIXes. (It snuck back
1242 in during a sync.) Found (again) by Georg Schwarz.
1243
b05ff3f5 124420070114
7ac507d4 1245 - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
0d00c5cb 1246 - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
1247 value of snprintf replacement, similar to bugs in various libc
1248 implementations. This overflow is not exploitable in OpenSSH.
1249 While I'm fiddling with it, make it a fair bit faster by inlining the
1250 append-char routine; ok dtucker@
b05ff3f5 1251
4b4810d4 125220070105
1253 - (djm) OpenBSD CVS Sync
1254 - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
1255 [ssh-keygen.c]
1256 use argc and argv not some made up short form
ce4cf693 1257 - ray@cvs.openbsd.org 2006/11/23 01:35:11
1258 [misc.c sftp.c]
1259 Don't access buf[strlen(buf) - 1] for zero-length strings.
1260 ``ok by me'' djm@.
4e3c0053 1261 - markus@cvs.openbsd.org 2006/12/11 21:25:46
1262 [ssh-keygen.1 ssh.1]
1263 add rfc 4716 (public key format); ok jmc
04efe9b0 1264 - djm@cvs.openbsd.org 2006/12/12 03:58:42
1265 [channels.c compat.c compat.h]
1266 bz #1019: some ssh.com versions apparently can't cope with the
1267 remote port forwarding bind_address being a hostname, so send
1268 them an address for cases where they are not explicitly
1269 specified (wildcard or localhost bind). reported by daveroth AT
1270 acm.org; ok dtucker@ deraadt@
75b6d52c 1271 - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
1272 [servconf.c]
1273 Make PermitOpen work with multiple values like the man pages says.
1274 bz #1267 with details from peter at dmtz.com, with & ok djm@
38757197 1275 - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
1276 [servconf.c]
1277 Make "PermitOpen all" first-match within a block to match the way other
1278 options work. ok markus@ djm@
5d9a4204 1279 - jmc@cvs.openbsd.org 2007/01/02 09:57:25
1280 [sshd_config.5]
1281 do not use lists for SYNOPSIS;
1282 from eric s. raymond via brad
cbaa43c0 1283 - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
1284 [ssh-keygen.c]
1285 remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
4f6e2ba9 1286 - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
1287 [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
1288 spaces
c9625a42 1289 - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
1290 [sftp.c]
1291 ARGSUSED for lint
9a24ac07 1292 - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
1293 [sftp-server.c]
1294 spaces
4b4810d4 1295
2b563deb 129620061205
1297 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
1298 occur if the server did not have the privsep user and an invalid user
1299 tried to login and both privsep and krb5 auth are disabled; ok dtucker@
096393b8 1300 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
2b563deb 1301
d4d9db8d 130220061108
1303 - (dtucker) OpenBSD CVS Sync
1304 - markus@cvs.openbsd.org 2006/11/07 13:02:07
1305 [dh.c]
1306 BN_hex2bn returns int; from dtucker@
1307
4d02b823 130820061107
1309 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
1310 if we absolutely need it. Pointed out by Corinna, ok djm@
e516451d 1311 - (dtucker) OpenBSD CVS Sync
1312 - markus@cvs.openbsd.org 2006/11/06 21:25:28
1313 [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
1314 ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
1315 add missing checks for openssl return codes; with & ok djm@
89916e8c 1316 - markus@cvs.openbsd.org 2006/11/07 10:31:31
1317 [monitor.c version.h]
1318 correctly check for bad signatures in the monitor, otherwise the monitor
1319 and the unpriv process can get out of sync. with dtucker@, ok djm@,
1320 dtucker@
5b296f76 1321 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
1322 versions.
4354f73b 1323 - (dtucker) Release 4.5p1.
4d02b823 1324
b8e51e81 132520061105
1326 - (djm) OpenBSD CVS Sync
1327 - otto@cvs.openbsd.org 2006/10/28 18:08:10
1328 [ssh.1]
1329 correct/expand example of usage of -w; ok jmc@ stevesk@
8e8b473c 1330 - markus@cvs.openbsd.org 2006/10/31 16:33:12
1331 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
1332 check DH_compute_key() for -1 even if it should not happen because of
1333 earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
b8e51e81 1334
8852e1d4 133520061101
1336 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
1337 events fatal in Solaris process contract support and tell it to signal
1338 only processes in the same process group when something happens.
1339 Based on information from andrew.benham at thus.net and similar to
1340 a patch from Chad Mynhier. ok djm@
1341
1acc8e56 134220061027
1343- (djm) [auth.c] gc some dead code
1344
b3c338b7 134520061023
1346 - (djm) OpenBSD CVS Sync
1347 - ray@cvs.openbsd.org 2006/09/30 17:48:22
1348 [sftp.c]
1349 Clear errno before calling the strtol functions.
1350 From Paul Stoeber <x0001 at x dot de1 dot cc>.
1351 OK deraadt@.
fceb95fa 1352 - djm@cvs.openbsd.org 2006/10/06 02:29:19
1353 [ssh-agent.c ssh-keyscan.c ssh.c]
1354 sys/resource.h needs sys/time.h; prompted by brad@
1355 (NB. Id sync only for portable)
db6fcd65 1356 - djm@cvs.openbsd.org 2006/10/09 23:36:11
1357 [session.c]
1358 xmalloc -> xcalloc that was missed previously, from portable
1359 (NB. Id sync only for portable, obviously)
77903f77 1360 - markus@cvs.openbsd.org 2006/10/10 10:12:45
1361 [sshconnect.c]
1362 sleep before retrying (not after) since sleep changes errno; fixes
1363 pr 5250; rad@twig.com; ok dtucker djm
bd3b2cb2 1364 - markus@cvs.openbsd.org 2006/10/11 12:38:03
1365 [clientloop.c serverloop.c]
1366 exit instead of doing a blocking tcp send if we detect a client/server
1367 timeout, since the tcp sendqueue might be already full (of alive
1368 requests); ok dtucker, report mpf
cdfbded8 1369 - djm@cvs.openbsd.org 2006/10/22 02:25:50
1370 [sftp-client.c]
1371 cancel progress meter when upload write fails; ok deraadt@
0f74133a 1372 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
1373 autoconf 2.60 from complaining.
b3c338b7 1374
525251b0 137520061018
1376 - (dtucker) OpenBSD CVS Sync
1377 - ray@cvs.openbsd.org 2006/09/25 04:55:38
1378 [ssh-keyscan.1 ssh.1]
1379 Change "a SSH" to "an SSH". Hurray, I'm not the only one who
1380 pronounces "SSH" as "ess-ess-aich".
1381 OK jmc@ and stevesk@.
d1f7ec98 1382 - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
1383 on older versions of OS X. ok djm@
525251b0 1384
8153fef1 138520061016
1386 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
1387 on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
1388
1f231631 138920061006
1390 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
1391 Differentiate between OpenServer 5 and OpenServer 6
5ba277eb 1392 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
1393 SELinux functions so they're detected correctly. Patch from pebenito at
1394 gentoo.org.
b18359f6 1395 - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
1396 Allow setting alternate awk in openssh-config.local.
1f231631 1397
aa56f760 139820061003
1399 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
1400 section so additional platform specific CHECK_HEADER tests will work
1401 correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
1402 Feedback and "seems like a good idea" dtucker@
1403
00dea73e 140420061001
1405 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.
1406
24b2647b 140720060929
1408 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine
1409 support. Patch from andrew.benham at thus net.
1410
243a64f1 141120060928
1412 - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error
1413 on Solaris 8 w/out /dev/random or prngd. Patch from rl at
1414 math.technion.ac.il.
1415
f0a2e834 141620060926
1417 - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not
1418 referenced any more. ok djm@
5ed1a353 1419 - (dtucker) [sftp-server.8] Resync; spotted by djm@
0eb97cdf 1420 - (dtucker) Release 4.4p1.
f0a2e834 1421
d6336595 142220060924
1423 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
1424 to rev 1.308) to work around broken gcc 2.x header file.
1425
530456f4 142620060923
1427 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than
1428 $LDFLAGS. Patch from vapier at gentoo org.
1429
c5bca5d4 143020060922
1431 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on
1432 some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
1433
d3fc2aa3 143420060921
1435 - (dtucker) OpenBSD CVS Sync
1436 - otto@cvs.openbsd.org 2006/09/19 05:52:23
1437 [sftp.c]
1438 Use S_IS* macros insted of masking with S_IF* flags. The latter may
1439 have multiple bits set, which lead to surprising results. Spotted by
1440 Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
a29c9898 1441 - markus@cvs.openbsd.org 2006/09/19 21:14:08
1442 [packet.c]
1443 client NULL deref on protocol error; Tavis Ormandy, Google Security Team
ffbfca72 1444 - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes
1445 build error on Ultrix. From Bernhard Simon.
d3fc2aa3 1446
25a2779b 144720060918
1448 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
1449 macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
1450 Allows build out of the box with older VAC and XLC compilers. Found by
1451 David Bronder and Bernhard Simon.
d9ed544b 1452 - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
1453 Prevents macro redefinition warnings of "RDONLY".
25a2779b 1454
f0d0e025 145520060916
1456 - OpenBSD CVS Sync
1457 - djm@cvs.openbsd.org 2006/09/16 19:53:37
1458 [deattack.c deattack.h packet.c]
1459 limit maximum work performed by the CRC compensation attack detector,
1460 problem reported by Tavis Ormandy, Google Security Team;
1461 ok markus@ deraadt@
95954124 1462 - (djm) Add openssh.xml to .cvsignore and sort it
3fd7b98a 1463 - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
1464 process so that any logging it does is with the right timezone. From
1465 Scott Strickler, ok djm@.
bb09a477 1466 - (dtucker) [monitor.c] Correctly handle auditing of single commands when
1467 using Protocol 1. From jhb at freebsd.
cd3e77c4 1468 - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
8e700494 1469 - (dtucker) [INSTALL] Add info about audit support.
f0d0e025 1470
29eadd7c 147120060912
1472 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
1473 Support SMF in Solaris Packages if enabled by configure. Patch from
1474 Chad Mynhier, tested by dtucker@
1475
7238aaad 147620060911
1477 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
1478 by Pekka Savola.
1479
d23046e2 148020060910
1481 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available.
36f36ba3 1482 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
d23046e2 1483
fa6edaf0 148420060909
1485 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
d2f401fe 1486 - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
16082eaa 1487 - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@
fa6edaf0 1488
368a00c2 148920060908
1490 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
1491 from Chris Adams.
a01f637d 1492 - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
368a00c2 1493
a078cbee 149420060907
1495 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
1496 be used to drop privilege to; fixes Solaris GSSAPI crash reported by
1497 Magnus Abrante; suggestion and feedback dtucker@
1498 NB. this change will require that the privilege separation user must
1499 exist on all the time, not just when UsePrivilegeSeparation=yes
5cc6ddad 1500 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
4130b6f1 1501 - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
15367d95 1502 - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
1503 chance of winning.
a078cbee 1504
9286ecf2 150520060905
1506 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
e0f3adac 1507 - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
9286ecf2 1508
62143a41 150920060904
1510 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
1511 updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
1512 ok djm@
1513
752994dd 151420060903
1515 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
1516 declaration of writev(2) and declare it ourselves if necessary. Makes
1517 the atomiciov() calls build on really old systems. ok djm@
1518
b823d0b9 151920060902
1520 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
5e837c7b 1521 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
1522 openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
1523 openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
1524 for hton* and ntoh* macros. Required on (at least) HP-UX since we define
1525 _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
b823d0b9 1526
24436b92 152720060901
1528 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
1529 [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
1530 [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
1531 [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
1532 [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
1533 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
1534 [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
1535 [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
1536 [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
aa751414 1537 [sshconnect1.c sshconnect2.c sshd.c]
24436b92 1538 [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
1539 [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
1540 [openbsd-compat/port-uw.c]
1541 Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
1542 compile problems reported by rac AT tenzing.org
aa751414 1543 - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
1544 [openbsd-compat/rresvport.c] Some more headers: netinet/in.h
1545 sys/socket.h and unistd.h in various places
dd41ba6f 1546 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
1547 warnings for binary_open and binary_close. Patch from Corinna Vinschen.
78888bab 1548 - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
1549 test for GLOB_NOMATCH and use our glob functions if it's not found.
1550 Stops sftp from segfaulting when attempting to get a nonexistent file on
1551 Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
1552 from and tested by Corinna Vinschen.
cdc9d1fc 1553 - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
1554 versions.
24436b92 1555
5b84789f 155620060831
1557 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
1558 [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
1559 [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
1560 [openbsd-compat/port-solaris.h] Add support for Solaris process
1561 contracts, enabled with --use-solaris-contracts. Patch from Chad
1562 Mynhier, tweaked by dtucker@ and myself; ok dtucker@
77f7d474 1563 - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
1564 while setting up the ssh service account. Patch from Corinna Vinschen.
5b84789f 1565
e9f2e744 156620060830
1567 - (djm) OpenBSD CVS Sync
1568 - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
1569 [sshd_config.5]
1570 Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
1571 ok jmc@ djm@
5f047fbc 1572 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
1573 [sshd.8]
1574 Add more detail about what permissions are and aren't accepted for
1575 authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
0875ae22 1576 - djm@cvs.openbsd.org 2006/08/29 10:40:19
1577 [channels.c session.c]
1578 normalise some inconsistent (but harmless) NULL pointer checks
1579 spotted by the Stanford SATURN tool, via Isil Dillig;
1580 ok markus@ deraadt@
b4f8e1cb 1581 - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
1582 [gss-genr.c]
1583 Work around a problem in Heimdal that occurs when KRB5CCNAME file is
1584 missing, by checking whether or not kerberos allocated us a context
1585 before attempting to free it. Patch from Simon Wilkinson, tested by
1586 biorn@, ok djm@
3223b72f 1587 - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
1588 [sshconnect2.c]
1589 Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
1590 where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
76970201 1591 - djm@cvs.openbsd.org 2006/08/30 00:14:37
1592 [version.h]
1593 crank to 4.4
9d68c41d 1594 - (djm) [openbsd-compat/xcrypt.c] needs unistd.h
6545dd0b 1595 - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
1596 loginsuccess on AIX immediately after authentication to clear the failed
1597 login count. Previously this would only happen when an interactive
1598 session starts (ie when a pty is allocated) but this means that accounts
1599 that have primarily non-interactive sessions (eg scp's) may gradually
1600 accumulate enough failures to lock out an account. This change may have
1601 a side effect of creating two audit records, one with a tty of "ssh"
1602 corresponding to the authentication and one with the allocated pty per
1603 interactive session.
e9f2e744 1604
48a7de26 160520060824
1606 - (dtucker) [openbsd-compat/basename.c] Include errno.h.
8151aaa5 1607 - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
1608 older systems.
ab26f490 1609 - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
1610 on POSIX systems.
6beea87c 1611 - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2).
e429fba8 1612 - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc.
f07855f7 1613 - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
1614 unused variable warning when we have a broken or missing mmap(2).
48a7de26 1615
c1a1c295 161620060822
1617 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
1618 Makefile. Patch from santhi.amirta at gmail, ok djm.
1619
9895d518 162020060820
1621 - (dtucker) [log.c] Move ifdef to prevent unused variable warning.
08fb8ce9 1622 - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
1623 afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
a086f73b 1624 - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
1625 fixing bug #1181. No changes yet.
282d6408 1626 - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
1627 (0.9.8a and presumably newer) requires -ldl to successfully link.
08164407 1628 - (dtucker) [configure.ac] Remove errant "-".
9895d518 1629
94d458e8 163020060819
1631 - (djm) OpenBSD CVS Sync
1632 - djm@cvs.openbsd.org 2006/08/18 22:41:29
1633 [gss-genr.c]
1634 GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
ea83a498 1635 - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
1636 single rule for the test progs.
94d458e8 1637
795e7517 163820060818
1639 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
1640 closefrom.c from sudo.
5a1d6300 1641 - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid.
fed313fd 1642 - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error.
d5498c58 1643 - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
1644 test progs instead; they work better than what we have.
78372b6e 1645 - (djm) OpenBSD CVS Sync
1646 - stevesk@cvs.openbsd.org 2006/08/06 01:13:32
1647 [compress.c monitor.c monitor_wrap.c]
1648 "zlib.h" can be <zlib.h>; ok djm@ markus@
ba52fb56 1649 - miod@cvs.openbsd.org 2006/08/12 20:46:46
1650 [monitor.c monitor_wrap.c]
1651 Revert previous include file ordering change, for ssh to compile under
1652 gcc2 (or until openssl include files are cleaned of parameter names
1653 in function prototypes)
fa47fe3c 1654 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
1655 [servconf.c servconf.h sshd_config.5]
1656 Add ability to match groups to Match keyword in sshd_config. Feedback
1657 djm@, stevesk@, ok stevesk@.
e07335e2 1658 - djm@cvs.openbsd.org 2006/08/16 11:47:15
1659 [sshd.c]
1660 factor inetd connection, TCP listen and main TCP accept loop out of
1661 main() into separate functions to improve readability; ok markus@
28463427 1662 - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
1663 [log.c log.h sshd.c]
1664 make signal handler termination path shorter; risky code pointed out by
1665 mark dowd; ok djm markus
184cb418 1666 - markus@cvs.openbsd.org 2006/08/18 09:15:20
1667 [auth.h session.c sshd.c]
1668 delay authentication related cleanups until we're authenticated and
1669 all alarms have been cancelled; ok deraadt
b2af4ca8 1670 - djm@cvs.openbsd.org 2006/08/18 10:27:16
1671 [misc.h]
1672 reorder so prototypes are sorted by the files they refer to; no
1673 binary change
592de384 1674 - djm@cvs.openbsd.org 2006/08/18 13:54:54
1675 [gss-genr.c ssh-gss.h sshconnect2.c]
1676 bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
1677 ok markus@
abb47f1e 1678 - djm@cvs.openbsd.org 2006/08/18 14:40:34
1679 [gss-genr.c ssh-gss.h]
1680 constify host argument to match the rest of the GSSAPI functions and
1681 unbreak compilation with -Werror
c79c4814 1682 - (djm) Disable sigdie() for platforms that cannot safely syslog inside
1683 a signal handler (basically all of them, excepting OpenBSD);
1684 ok dtucker@
795e7517 1685
f8688ddd 168620060817
1687 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
1688 Include stdlib.h for malloc and friends.
53c337ed 1689 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
1690 for closefrom() on AIX. Pointed out by William Ahern.
98cc66aa 1691 - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
1692 test for closefrom() in compat code.
f8688ddd 1693
5388904a 169420060816
1695 - (djm) [audit-bsm.c] Sprinkle in some headers
1696
4a86d8eb 169720060815
1698 - (dtucker) [LICENCE] Add Reyk to the list for the compat dir.
1699
3a5b6088 170020060806
1701 - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
1702 on Solaris 10
1703
170420060806
149abacb 1705 - (dtucker) [defines.h] With the includes.h changes we no longer get the
1706 name clash on "YES" so we can remove the workaround for it.
442a6515 1707 - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
1708 glob.c}] Include stdlib.h for malloc and friends in compat code.
149abacb 1709
fee76795 171020060805
1711 - (djm) OpenBSD CVS Sync
1712 - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
1713 [sshconnect.c]
1714 disable tunnel forwarding when no strict host key checking
1715 and key changed; ok djm@ markus@ dtucker@
912da635 1716 - stevesk@cvs.openbsd.org 2006/07/25 02:01:34
1717 [scard.c]
1718 need #include <string.h>
e264ac72 1719 - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
1720 [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
1721 [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
1722 move #include <sys/time.h> out of includes.h
536c14e8 1723 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
1724 [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
1725 [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
1726 [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
1727 [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
1728 [uidswap.c xmalloc.c]
1729 move #include <sys/param.h> out of includes.h
ffa517a8 1730 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
1731 [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
1732 [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
1733 [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
1734 [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
1735 [sshconnect1.c sshd.c xmalloc.c]
1736 move #include <stdlib.h> out of includes.h
f0817fbb 1737 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
1738 [ssh_config.5]
1739 avoid confusing wording in HashKnownHosts:
1740 originally spotted by alan amesbury;
1741 ok deraadt
38b37661 1742 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
1743 [ssh_config.5]
1744 avoid confusing wording in HashKnownHosts:
1745 originally spotted by alan amesbury;
1746 ok deraadt
331c3884 1747 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
1748 [sshconnect.c]
1749 Allow fallback to known_hosts entries without port qualifiers for
1750 non-standard ports too, so that all existing known_hosts entries will be
1751 recognised. Requested by, feedback and ok markus@
cf851879 1752 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
1753 [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
1754 [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
1755 [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
1756 [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
1757 [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
1758 [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
1759 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
1760 [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
1761 [uuencode.h xmalloc.c]
1762 move #include <stdio.h> out of includes.h
d4f40d92 1763 - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
1764 [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
1765 clean extra spaces
31652869 1766 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
1767 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
1768 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
1769 [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
1770 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
1771 [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
1772 [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
1773 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
1774 [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
1775 [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
1776 [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
1777 [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
1778 [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
1779 [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
1780 [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
1781 [serverloop.c session.c session.h sftp-client.c sftp-common.c]
1782 [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
1783 [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
1784 [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
1785 [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
1786 [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
1787 [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
1788 almost entirely get rid of the culture of ".h files that include .h files"
1789 ok djm, sort of ok stevesk
1790 makes the pain stop in one easy step
1791 NB. portable commit contains everything *except* removing includes.h, as
1792 that will take a fair bit more work as we move headers that are required
1793 for portability workarounds to defines.h. (also, this step wasn't "easy")
c56969f9 1794 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
1795 [monitor.c session.c ssh-agent.c]
1796 spaces
8bdc7aa0 1797 - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c
693a35d3 1798 - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
1799 remove last traces of bufaux.h - it was merged into buffer.h in the big
1800 includes.h commit
8ad2db2a 1801 - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec
8d3106fd 1802 - (djm) [openbsd-compat/regress/snprintftest.c]
1803 [openbsd-compat/regress/strduptest.c] Add missing includes so they pass
1804 compilation with "-Wall -Werror"
00a017bd 1805 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
1806 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
1807 includes for Linux in
ccc09f5c 1808 - (dtucker) [cleanup.c] Need defines.h for __dead.
9ae6b834 1809 - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable.
f2265d5d 1810 - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of
1811 #include stdarg.h, needed for log.h.
5be9f803 1812 - (dtucker) [entropy.c] Needs unistd.h too.
35d1c2de 1813 - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h.
76e03684 1814 - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc.
5946a69f 1815 - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
1816 otherwise it is implicitly declared as returning an int.
428f6258 1817 - (dtucker) OpenBSD CVS Sync
1818 - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
1819 [auth2-none.c sshd.c monitor_wrap.c]
1820 Add headers required to build with KERBEROS5=no. ok djm@
453cb7e7 1821 - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
1822 [auth-skey.c]
1823 Add headers required to build with -DSKEY. ok djm@
cecc422f 1824 - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
1825 [monitor_wrap.c auth-skey.c auth2-chall.c]
1826 Zap unused variables in -DSKEY code. ok djm@
0e13ec0f 1827 - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
1828 [packet.c]
1829 Typo in comment
97ea266c 1830 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
1831 on Cygwin.
e3220bb2 1832 - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa.
f3296bc4 1833 - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h.
0e23dc86 1834 - (dtucker) [audit.c audit.h] Repair headers.
6f54ce27 1835 - (dtucker) [audit-bsm.c] Add additional headers now required.
fee76795 1836
3e05aa50 183720060804
1838 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
1839 versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
1840 rather than just compiling it. Spotted by dlg@.
1841
53d4ae20 184220060802
1843 - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
1844
be350da6 184520060725
1846 - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
1847
14e980ef 184820060724
1849 - (djm) OpenBSD CVS Sync
1850 - jmc@cvs.openbsd.org 2006/07/12 13:39:55
1851 [sshd_config.5]
1852 - new sentence, new line
1853 - s/The the/The/
1854 - kill a bad comma
c8dfff33 1855 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
742bee8c 1856 [auth-options.c canohost.c channels.c includes.h readconf.c]
1857 [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
c8dfff33 1858 move #include <netdb.h> out of includes.h; ok djm@
bcaab305 1859 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
1860 [includes.h ssh.c ssh-rand-helper.c]
1861 move #include <stddef.h> out of includes.h
d2a69816 1862 - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
1863 [monitor_wrap.h]
1864 don't need incompletely-typed 'struct passwd' now with
1865 #include <pwd.h>; ok markus@
5188ba17 1866 - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
1867 [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
1868 [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
1869 [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
1870 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
1871 [sshconnect.c sshlogin.c sshpty.c uidswap.c]
1872 move #include <unistd.h> out of includes.h
774de098 1873 - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
1874 [auth-options.c]
1875 Use '\0' rather than 0 to terminates strings; ok djm@
2fefbadf 1876 - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
1877 [channels.c channels.h servconf.c sshd_config.5]
1878 Add PermitOpen directive to sshd_config which is equivalent to the
1879 "permitopen" key option. Allows server admin to allow TCP port
1880 forwarding only two specific host/port pairs. Useful when combined
1881 with Match.
1882 If permitopen is used in both sshd_config and a key option, both
1883 must allow a given connection before it will be permitted.
1884 Note that users can still use external forwarders such as netcat,
1885 so to be those must be controlled too for the limits to be effective.
1886 Feedback & ok djm@, man page corrections & ok jmc@.
f22506ff 1887 - jmc@cvs.openbsd.org 2006/07/18 07:50:40
1888 [sshd_config.5]
1889 tweak; ok dtucker
578d2b99 1890 - jmc@cvs.openbsd.org 2006/07/18 07:56:28
1891 [scp.1]
1892 replace DIAGNOSTICS with .Ex;
874d319b 1893 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
1894 [ssh-agent.1 sshd_config.5]
1895 mark up angle brackets;
4895f836 1896 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
1897 [sshd_config.5]
1898 Clarify description of Match, with minor correction from jmc@
62e12ffe 1899 - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
1900 [dh.c]
1901 remove unneeded includes; ok djm@
691712e0 1902 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41
1903 [servconf.c sshd_config.5]
1904 Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
1905 Match. ok djm@
e7259e8d 1906 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
1907 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
1908 Add ForceCommand keyword to sshd_config, equivalent to the "command="
1909 key option, man page entry and example in sshd_config.
1910 Feedback & ok djm@, man page corrections & ok jmc@
67514848 1911 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
1912 [auth1.c serverloop.c session.c sshconnect2.c]
1913 missed some needed #include <unistd.h> when KERBEROS5=no; issue from
1914 massimo@cedoc.mo.it
ea46e550 1915 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
1916 [channels.c channels.h servconf.c servconf.h sshd_config.5]
1917 Make PermitOpen take a list of permitted ports and act more like most
1918 other keywords (ie the first match is the effective setting). This
1919 also makes it easier to override a previously set PermitOpen. ok djm@
ebb90778 1920 - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
1921 [channels.c]
1922 more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
c88c3fb9 1923 - stevesk@cvs.openbsd.org 2006/07/21 21:26:55
1924 [progressmeter.c]
1925 ARGSUSED for signal handler
b0f6943a 1926 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
1927 [includes.h moduli.c progressmeter.c scp.c sftp-common.c]
1928 [sftp-server.c ssh-agent.c sshlogin.c]
1929 move #include <time.h> out of includes.h
00146caa 1930 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
1931 [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
1932 [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
1933 [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
1934 [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
1935 [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
1936 [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
1937 [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
1938 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
1939 [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
1940 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
1941 [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
1942 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
1943 [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
1944 move #include <string.h> out of includes.h
519fc2b7 1945 - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
1946 [auth.h dispatch.c kex.h sftp-client.c]
1947 #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
1948 move
28cb0a43 1949 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
1950 [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
1951 [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
1952 [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
1953 [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
1954 [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
1955 [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
1956 [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
1957 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
1958 [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
1959 make the portable tree compile again - sprinkle unistd.h and string.h
1960 back in. Don't redefine __unused, as it turned out to be used in
1961 headers on Linux, and replace its use in auth-pam.c with ARGSUSED
ba1e6121 1962 - (djm) [openbsd-compat/glob.c]
1963 Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
1964 on OpenBSD (or other platforms with a decent glob implementation) with
1965 -Werror
25523747 1966 - (djm) [uuencode.c]
1967 Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
1968 some platforms
9b09381d 1969 - (djm) [session.c]
1970 fix compile error with -Werror -Wall: 'path' is only used in
1971 do_setup_env() if HAVE_LOGIN_CAP is not defined
e204f3ee 1972 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
1973 [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
1974 [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
1975 [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
1976 [openbsd-compat/rresvport.c]
1977 These look to need string.h and/or unistd.h (based on a grep for function
1978 names)
f40c8634 1979 - (djm) [Makefile.in]
1980 Remove generated openbsd-compat/regress/Makefile in distclean target
e7c5b206 1981 - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
1982 [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
1983 Sync regress tests to -current; include dtucker@'s new cfgmatch and
1984 forcecommand tests. Add cipher-speed.sh test (not linked in yet)
30872a12 1985 - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
1986 system headers before defines.h will cause conflicting definitions.
b64d983b 1987 - (dtucker) [regress/forcecommand.sh] Portablize.
e204f3ee 1988
4352744e 198920060713
1990 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
1991
956d6743 199220060712
294d3ca5 1993 - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and
1994 O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old
1995 Linuxes and probably more.
71f4c727 1996 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
1997 for SHUT_RD.
f9d5c000 1998 - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
1999 <netinet/ip.h>.
a773acf7 2000 - (dtucker) OpenBSD CVS Sync
2001 - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
2002 [sftp-glob.c sftp-common.h sftp.c]
2003 buffer.h only needed in sftp-common.h and remove some unneeded
2004 user includes; ok djm@
a0bca6ed 2005 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
2006 [sshd.8]
2007 s/and and/and/
4c72fcfd 2008 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
2009 [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
2010 auth.c packet.c log.c]
2011 move #include <stdarg.h> out of includes.h; ok markus@
0ad62016 2012 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
2013 [ssh.c]
2014 Only copy the part of environment variable that we actually use. Prevents
2015 ssh bailing when SendEnv is used and an environment variable with a really
2016 long value exists. ok djm@
42ea6f5e 2017 - markus@cvs.openbsd.org 2006/07/11 18:50:48
2018 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
2019 channels.h readconf.c]
2020 add ExitOnForwardFailure: terminate the connection if ssh(1)
2021 cannot set up all requested dynamic, local, and remote port
2022 forwardings. ok djm, dtucker, stevesk, jmc
028094f4 2023 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
2024 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
2025 sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
2026 includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
2027 sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
2028 ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
2029 move #include <errno.h> out of includes.h; ok markus@
00c8971b 2030 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
2031 [ssh.c]
2032 cast asterisk field precision argument to int to remove warning;
2033 ok markus@
dd984467 2034 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
2035 [authfile.c ssh.c]
2036 need <errno.h> here also (it's also included in <openssl/err.h>)
d231781a 2037 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
2038 [sshd.c servconf.h servconf.c sshd_config.5 auth.c]
2039 Add support for conditional directives to sshd_config via a "Match"
2040 keyword, which works similarly to the "Host" directive in ssh_config.
2041 Lines after a Match line override the default set in the main section
2042 if the condition on the Match line is true, eg
2043 AllowTcpForwarding yes
2044 Match User anoncvs
2045 AllowTcpForwarding no
2046 will allow port forwarding by all users except "anoncvs".
2047 Currently only a very small subset of directives are supported.
2048 ok djm@
fec71b2f 2049 - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
2050 openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
2051 openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
baede55a 2052 - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
403a29ac 2053 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
5f8747dc 2054 - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
4f4b7d4d 2055 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
2056 openbsd-compat/rresvport.c] More errno.h.
2057
37259a8e 205820060711
2059 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
2060 openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
2061 include paths.h. Fixes build error on Solaris.
2edd133e 2062 - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
2063 others).
37259a8e 2064
44064ac4 206520060710
2066 - (dtucker) [INSTALL] New autoconf version: 2.60.
e5c76324 2067 - OpenBSD CVS Sync
2068 - djm@cvs.openbsd.org 2006/06/14 10:50:42
2069 [sshconnect.c]
2070 limit the number of pre-banner characters we will accept; ok markus@
9f1090be 2071 - djm@cvs.openbsd.org 2006/06/26 10:36:15
2072 [clientloop.c]
2073 mention optional bind_address in runtime port forwarding setup
2074 command-line help. patch from santhi.amirta AT gmail.com
06fa4ac1 2075 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
2076 [ssh.1 ssh.c ssh_config.5 sshd_config.5]
2077 more details and clarity for tun(4) device forwarding; ok and help
2078 jmc@
6955279c 2079 - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
2080 [gss-serv-krb5.c gss-serv.c]
2081 no "servconf.h" needed here
2082 (gss-serv-krb5.c change not applied, portable needs the server options)
16fbe330 2083 - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
2084 [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
2085 move #include <grp.h> out of includes.h
2086 (portable needed uidswap.c too)
33f13fa5 2087 - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
2088 [clientloop.c ssh.1]
2089 use -KR[bind_address:]port here; ok djm@
28015df4 2090 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
2091 [includes.h ssh.c sshconnect.c sshd.c]
2092 move #include "version.h" out of includes.h; ok markus@
319d6b41 2093 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
2094 [channels.c includes.h]
2095 move #include <arpa/inet.h> out of includes.h; old ok djm@
2096 (portable needed session.c too)
9794d008 2097 - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
2098 [canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
2099 [serverloop.c sshconnect.c uuencode.c]
2100 move #include <netinet/in.h> out of includes.h; ok deraadt@
2101 (also ssh-rand-helper.c logintest.c loginrec.c)
d66ce1a1 2102 - djm@cvs.openbsd.org 2006/07/06 10:47:05
2103 [servconf.c servconf.h session.c sshd_config.5]
2104 support arguments to Subsystem commands; ok markus@
a13880bb 2105 - djm@cvs.openbsd.org 2006/07/06 10:47:57
2106 [sftp-server.8 sftp-server.c]
2107 add commandline options to enable logging of transactions; ok markus@
b1842393 2108 - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
2109 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
2110 [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
2111 [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
2112 [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
2113 [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
2114 [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
2115 [uidswap.h]
2116 move #include <pwd.h> out of includes.h; ok markus@
0cbe25f0 2117 - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
2118 [ssh-keygen.c]
2119 move #include "dns.h" up
76275092 2120 - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
2121 [monitor_wrap.h]
2122 typo in comment
5b04a8bf 2123 - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
2124 [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
2125 [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
2126 [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
2127 move #include <sys/socket.h> out of includes.h
9305512d 2128 - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
2129 [monitor.c session.c]
2130 missed these from last commit:
2131 move #include <sys/socket.h> out of includes.h
ca1df159 2132 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
2133 [log.c]
2134 move user includes after /usr/include files
d3221cca 2135 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
2136 [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
2137 [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
2138 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2139 [sshlogin.c sshpty.c]
2140 move #include <fcntl.h> out of includes.h
657939aa 2141 - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
2142 [ssh-add.c]
2143 use O_RDONLY vs. 0 in open(); no binary change
43bc2dc9 2144 - djm@cvs.openbsd.org 2006/07/10 11:24:54
2145 [sftp-server.c]
2146 remove optind - it isn't used here
26ddd377 2147 - djm@cvs.openbsd.org 2006/07/10 11:25:53
2148 [sftp-server.c]
2149 don't log variables that aren't yet set
22bbb3e6 2150 - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
2151 [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
2152 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
2153 [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
1879b184 2154 - OpenBSD CVS Sync
2155 - djm@cvs.openbsd.org 2006/07/10 12:03:20
2156 [scp.c]
2157 duplicate argv at the start of main() because it gets modified later;
2158 pointed out by deraadt@ ok markus@
a217e418 2159 - djm@cvs.openbsd.org 2006/07/10 12:08:08
2160 [channels.c]
2161 fix misparsing of SOCKS 5 packets that could result in a crash;
2162 reported by mk@ ok markus@
d4530052 2163 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
2164 [misc.c misc.h sshd.8 sshconnect.c]
2165 Add port identifier to known_hosts for non-default ports, based originally
2166 on a patch from Devin Nate in bz#910.
2167 For any connection using the default port or using a HostKeyAlias the
2168 format is unchanged, otherwise the host name or address is enclosed
2169 within square brackets in the same format as sshd's ListenAddress.
2170 Tested by many, ok markus@.
9b6edf98 2171 - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
2172 for struct sockaddr on platforms that use the fake-rfc stuff.
44064ac4 2173
e7479666 217420060706
2175 - (dtucker) [configure.ac] Try AIX blibpath test in different order when
2176 compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
2177 configure would not select the correct libpath linker flags.
90f321a4 2178 - (dtucker) [INSTALL] A bit more info on autoconf.
e7479666 2179
e5c27607 218020060705
2181 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
2182 target already exists.
2183
202c6095 218420060630
2185 - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
2186 declaration too. Patch from russ at sludge.net.
0bbb4f75 2187 - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
2188 prevents warnings on platforms where _res is in the system headers.
10f1064f 2189 - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
2190 version.
202c6095 2191
ecd9ec09 219220060627
2193 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
2194 with autoconf 2.60. Patch from vapier at gentoo.org.
2195
9c04d67d 219620060625
2197 - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
2198 only, otherwise sshd can hang exiting non-interactive sessions.
2199
795aa5f5 220020060624
2201 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
2202 Works around limitation in Solaris' passwd program for changing passwords
2203 where the username is longer than 8 characters. ok djm@
24a87055 2204 - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
2205 #1102 workaround.
795aa5f5 2206
e02505e2 220720060623
2208 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
2209 tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
2210 from reyk@, tested by anil@
ea8c44d9 2211 - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
2212 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
2213 on the pty slave as zero-length reads on the pty master, which sshd
2214 interprets as the descriptor closing. Since most things don't do zero
2215 length writes this rarely matters, but occasionally it happens, and when
2216 it does the SSH pty session appears to hang, so we add a special case for
2217 this condition. ok djm@
e02505e2 2218
6cba36fd 221920060613
ae410a09 2220 - (djm) [getput.h] This file has been replaced by functions in misc.c
6cba36fd 2221 - OpenBSD CVS Sync
2222 - djm@cvs.openbsd.org 2006/05/08 10:49:48
2223 [sshconnect2.c]
2224 uint32_t -> u_int32_t (which we use everywhere else)
2225 (Id sync only - portable already had this)
3173dd0d 2226 - markus@cvs.openbsd.org 2006/05/16 09:00:00
2227 [clientloop.c]
2228 missing free; from Kylene Hall
2b8dc5e3 2229 - markus@cvs.openbsd.org 2006/05/17 12:43:34
2230 [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
2231 fix leak; coverity via Kylene Jo Hall
18c60a0b 2232 - miod@cvs.openbsd.org 2006/05/18 21:27:25
2233 [kexdhc.c kexgexc.c]
2234 paramter -> parameter
07a80cea 2235 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
2236 [ssh_config.5]
2237 Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
aa195106 2238 - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
2239 [ssh_config]
f127d8a4 2240 Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in
2241 sample ssh_config. ok markus@
2242 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
2243 [ssh_config.5]
2244 oops - previous was too long; split the list of auths up
ed277f5e 2245 - mk@cvs.openbsd.org 2006/05/30 11:46:38
2246 [ssh-add.c]
2247 Sync usage() with man page and reality.
2248 ok deraadt dtucker
2249 - jmc@cvs.openbsd.org 2006/05/29 16:13:23
2250 [ssh.1]
2251 add GSSAPI to the list of authentication methods supported;
f9579ee9 2252 - mk@cvs.openbsd.org 2006/05/30 11:46:38
2253 [ssh-add.c]
2254 Sync usage() with man page and reality.
2255 ok deraadt dtucker
211f229e 2256 - markus@cvs.openbsd.org 2006/06/01 09:21:48
2257 [sshd.c]
2258 call get_remote_ipaddr() early; fixes logging after client disconnects;
2259 report mpf@; ok dtucker@
82aeee5d 2260 - markus@cvs.openbsd.org 2006/06/06 10:20:20
2261 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
2262 replace remaining setuid() calls with permanently_set_uid() and
2263 check seteuid() return values; report Marcus Meissner; ok dtucker djm
3c33c1b6 2264 - markus@cvs.openbsd.org 2006/06/08 14:45:49
2265 [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
2266 do not set the gid, noted by solar; ok djm
e1ff5445 2267 - djm@cvs.openbsd.org 2006/06/13 01:18:36
2268 [ssh-agent.c]
2269 always use a format string, even when printing a constant
2270 - djm@cvs.openbsd.org 2006/06/13 02:17:07
2271 [ssh-agent.c]
2272 revert; i am on drugs. spotted by alexander AT beard.se
6cba36fd 2273
2ae7f715 227420060521
2275 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
2276 and slave, we can remove the special-case handling in the audit hook in
2277 auth_log.
2278
227920060517
aee28e67 2280 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
2281 pointer leak. From kjhall at us.ibm.com, found by coverity.
2282
2ae7f715 228320060515
a048aeba 2284 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
2285 _res, prevents problems on some platforms that have _res as a global but
2286 don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
2287 georg.schwarz at freenet.de, ok djm@.
143a79db 2288 - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
2289 default. Patch originally from tim@, ok djm
5aa56df0 2290 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
2291 do not allow kbdint again after the PAM account check fails. ok djm@
a048aeba 2292
2ae7f715 229320060506
689d3f77 2294 - (dtucker) OpenBSD CVS Sync
fc231518 2295 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
2296 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
2297 Prevent ssh from trying to open private keys with bad permissions more than
2298 once or prompting for their passphrases (which it subsequently ignores
2299 anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
397d64d2 2300 - djm@cvs.openbsd.org 2006/05/04 14:55:23
2301 [dh.c]
2302 tighter DH exponent checks here too; feedback and ok markus@
a1361c4b 2303 - djm@cvs.openbsd.org 2006/04/01 05:37:46
2304 [OVERVIEW]
2305 $OpenBSD$ in here too
9188927d 2306 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
2307 [auth-krb5.c]
2308 Add $OpenBSD$ in comment here too
fc231518 2309
01d35895 231020060504
2311 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
2312 session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
2313 openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
2314 in Portable-only code; since calloc zeros, remove now-redundant memsets.
2315 Also add a couple of sanity checks. With & ok djm@
2316
7ca4010c 231720060503
2318 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
2319 and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
2320 "no objections" tim@
2321
ac93e676 232220060423
2323 - (djm) OpenBSD CVS Sync
2324 - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
2325 [scp.c]
2326 minimal lint cleanup (unused crud, and some size_t); ok djm
c0a8e7bb 2327 - djm@cvs.openbsd.org 2006/04/01 05:50:29
2328 [scp.c]
2329 xasprintification; ok deraadt@
5fe9ca7d 2330 - djm@cvs.openbsd.org 2006/04/01 05:51:34
2331 [atomicio.c]
2332 ANSIfy; requested deraadt@
2333 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
2334 [ssh-keysign.c]
2335 sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
9c3c8eb1 2336 - djm@cvs.openbsd.org 2006/04/03 07:10:38
2337 [gss-genr.c]
2338 GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
2339 by dleonard AT vintela.com. use xasprintf() to simplify code while in
2340 there; "looks right" deraadt@
69d9d413 2341 - djm@cvs.openbsd.org 2006/04/16 00:48:52
2342 [buffer.c buffer.h channels.c]
2343 Fix condition where we could exit with a fatal error when an input
2344 buffer became too large and the remote end had advertised a big window.
2345 The problem was a mismatch in the backoff math between the channels code
2346 and the buffer code, so make a buffer_check_alloc() function that the
2347 channels code can use to propsectivly check whether an incremental
2348 allocation will succeed. bz #1131, debugged with the assistance of
2349 cove AT wildpackets.com; ok dtucker@ deraadt@
68d86b37 2350 - djm@cvs.openbsd.org 2006/04/16 00:52:55
2351 [atomicio.c atomicio.h]
2352 introduce atomiciov() function that wraps readv/writev to retry
2353 interrupted transfers like atomicio() does for read/write;
2354 feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2c4369de 2355 - djm@cvs.openbsd.org 2006/04/16 00:54:10
2356 [sftp-client.c]
2357 avoid making a tiny 4-byte write to send the packet length of sftp
2358 commands, which would result in a separate tiny packet on the wire by
2359 using atomiciov(writev, ...) to write the length and the command in one
2360 pass; ok deraadt@
7bccebd0 2361 - djm@cvs.openbsd.org 2006/04/16 07:59:00
2362 [atomicio.c]
2363 reorder sanity test so that it cannot dereference past the end of the
2364 iov array; well spotted canacar@!
b0a892b2 2365 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
71544c3d 2366 [bufaux.c bufbn.c Makefile.in]
b0a892b2 2367 Move Buffer bignum functions into their own file, bufbn.c. This means
2368 that sftp and sftp-server (which use the Buffer functions in bufaux.c
2369 but not the bignum ones) no longer need to be linked with libcrypto.
2370 ok markus@
50394f26 2371 - djm@cvs.openbsd.org 2006/04/20 09:27:09
2372 [auth.h clientloop.c dispatch.c dispatch.h kex.h]
2373 replace the last non-sig_atomic_t flag used in a signal handler with a
2374 sig_atomic_t, unfortunately with some knock-on effects in other (non-
2375 signal) contexts in which it is used; ok markus@
4439dde1 2376 - markus@cvs.openbsd.org 2006/04/20 09:47:59
2377 [sshconnect.c]
2378 simplify; ok djm@
6e97fe1d 2379 - djm@cvs.openbsd.org 2006/04/20 21:53:44
2380 [includes.h session.c sftp.c]
2381 Switch from using pipes to socketpairs for communication between
2382 sftp/scp and ssh, and between sshd and its subprocesses. This saves
2383 a file descriptor per session and apparently makes userland ppp over
2384 ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
2385 decision on a per-platform basis)
40402a68 2386 - djm@cvs.openbsd.org 2006/04/22 04:06:51
2387 [uidswap.c]
2388 use setres[ug]id() to permanently revoke privileges; ok deraadt@
2389 (ID Sync only - portable already uses setres[ug]id() whenever possible)
ae3afe05 2390 - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
2391 [crc32.c]
2392 remove extra spaces
0ca1dcaf 2393 - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
2394 sig_atomic_t
ac93e676 2395
ef4d1846 239620060421
2397 - (djm) [Makefile.in configure.ac session.c sshpty.c]
2398 [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
2399 [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
2400 [openbsd-compat/port-linux.h] Add support for SELinux, setting
2401 the execution and TTY contexts. based on patch from Daniel Walsh,
2402 bz #880; ok dtucker@
2403
88680c8b 240420060418
ef4d1846 2405 - (djm) [canohost.c] Reorder IP options check so that it isn't broken
2406 by mapped addresses; bz #1179 reported by markw wtech-llc.com;
88680c8b 2407 ok dtucker@
2408
6a0984b4 240920060331
2410 - OpenBSD CVS Sync
2411 - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
2412 [xmalloc.c]
2413 we can do the size & nmemb check before the integer overflow check;
2414 evol
fd06fbe0 2415 - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
2416 [dh.c]
2417 use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
e56b07ea 2418 - djm@cvs.openbsd.org 2006/03/27 23:15:46
2419 [sftp.c]
2420 always use a format string for addargs; spotted by mouring@
19e79961 2421 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
2422 [README.tun ssh.c]
2423 spacing
4f16046f 2424 - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
2425 [channels.c]
2426 do not accept unreasonable X ports numbers; ok djm
cfaa5405 2427 - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
2428 [ssh-agent.c]
2429 use strtonum() to parse the pid from the file, and range check it
2430 better; ok djm
04aa9e67 2431 - djm@cvs.openbsd.org 2006/03/30 09:41:25
2432 [channels.c]
2433 ARGSUSED for dispatch table-driven functions
51e7a012 2434 - djm@cvs.openbsd.org 2006/03/30 09:58:16
2435 [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
2436 [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
2437 replace {GET,PUT}_XXBIT macros with functionally similar functions,
2438 silencing a heap of lint warnings. also allows them to use
2439 __bounded__ checking which can't be applied to macros; requested
2440 by and feedback from deraadt@
8cffe22a 2441 - djm@cvs.openbsd.org 2006/03/30 10:41:25
2442 [ssh.c ssh_config.5]
2443 add percent escape chars to the IdentityFile option, bz #1159 based
2444 on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2ccf5424 2445 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
2446 [ssh-keygen.c]
2447 Correctly handle truncated files while converting keys; ok djm@
c023a130 2448 - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
2449 [auth.c monitor.c]
2450 Prevent duplicate log messages when privsep=yes; ok djm@
99d18e3e 2451 - jmc@cvs.openbsd.org 2006/03/31 09:09:30
2452 [ssh_config.5]
2453 kill trailing whitespace;
b4d7dedd 2454 - djm@cvs.openbsd.org 2006/03/31 09:13:56
2455 [ssh_config.5]
2456 remote user escape is %r not %h; spotted by jmc@
6a0984b4 2457
3eff92ec 245820060326
2459 - OpenBSD CVS Sync
2460 - jakob@cvs.openbsd.org 2006/03/15 08:46:44
2461 [ssh-keygen.c]
2462 if no key file are given when printing the DNS host record, use the
2463 host key file(s) as default. ok djm@
d6157b67 2464 - biorn@cvs.openbsd.org 2006/03/16 10:31:45
2465 [scp.c]
2466 Try to display errormessage even if remout == -1
2467 ok djm@, markus@
9dfca510 2468 - djm@cvs.openbsd.org 2006/03/17 22:31:50
2469 [authfd.c]
2470 another unreachable found by lint
60ffd527 2471 - djm@cvs.openbsd.org 2006/03/17 22:31:11
2472 [authfd.c]
2473 unreachanble statement, found by lint
4113a1d7 2474 - djm@cvs.openbsd.org 2006/03/19 02:22:32
2475 [serverloop.c]
2476 memory leaks detected by Coverity via elad AT netbsd.org;
2477 ok deraadt@ dtucker@
e6a3cfb5 2478 - djm@cvs.openbsd.org 2006/03/19 02:22:56
2479 [sftp.c]
2480 more memory leaks detected by Coverity via elad AT netbsd.org;
2481 deraadt@ ok
f8f9ef4d 2482 - djm@cvs.openbsd.org 2006/03/19 02:23:26
2483 [hostfile.c]
2484 FILE* leak detected by Coverity via elad AT netbsd.org;
2485 ok deraadt@
88299971 2486 - djm@cvs.openbsd.org 2006/03/19 02:24:05
2487 [dh.c readconf.c servconf.c]
2488 potential NULL pointer dereferences detected by Coverity
2489 via elad AT netbsd.org; ok deraadt@
18fc231c 2490 - djm@cvs.openbsd.org 2006/03/19 07:41:30
2491 [sshconnect2.c]
2492 memory leaks detected by Coverity via elad AT netbsd.org;
2493 deraadt@ ok
0f8cd5a6 2494 - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
2495 [servconf.c]
2496 Correct strdelim null test; ok djm@
c8e9c167 2497 - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
2498 [auth1.c authfd.c channels.c]
2499 spacing
b4bbf172 2500 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
2501 [kex.c kex.h monitor.c myproposal.h session.c]
2502 spacing
3efa8ea9 2503 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
2504 [clientloop.c progressmeter.c serverloop.c sshd.c]
2505 ARGSUSED for signal handlers
6e56dc92 2506 - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
2507 [ssh-keyscan.c]
2508 please lint
7de98c39 2509 - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
2510 [ssh.c]
2511 spacing
c84ac6a4 2512 - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
2513 [authfile.c]
2514 whoever thought that break after return was a good idea needs to
2515 get their head examimed
98d40a74 2516 - djm@cvs.openbsd.org 2006/03/20 04:09:44
2517 [monitor.c]
2518 memory leaks detected by Coverity via elad AT netbsd.org;
2519 deraadt@ ok
2520 that should be all of them now
7016f7cf 2521 - djm@cvs.openbsd.org 2006/03/20 11:38:46
2522 [key.c]
2523 (really) last of the Coverity diffs: avoid possible NULL deref in
2524 key_free. via elad AT netbsd.org; markus@ ok
5ef36928 2525 - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
2526 [auth.c key.c misc.c packet.c ssh-add.c]
2527 in a switch (), break after return or goto is stupid
353d48db 2528 - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
2529 [key.c]
2530 djm did a typo
952fce1b 2531 - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
2532 [ssh-rsa.c]
2533 in a switch (), break after return or goto is stupid
148de80c 2534 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
b3b6f53d 2535 [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
2536 [ssh.c sshpty.c sshpty.h]
148de80c 2537 sprinkle u_int throughout pty subsystem, ok markus
fe8c3af1 2538 - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
2539 [auth1.c auth2.c sshd.c]
2540 sprinkle some ARGSUSED for table driven functions (which sometimes
2541 must ignore their args)
32596c7b 2542 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
2543 [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
2544 [ssh-rsa.c ssh.c sshlogin.c]
2545 annoying spacing fixes getting in the way of real diffs
b248a875 2546 - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
2547 [monitor.c]
2548 spacing
338eb2ab 2549 - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
2550 [channels.c]
2551 x11_fake_data is only ever used as u_char *
0bcc3e35 2552 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
2553 [dns.c]
2554 cast xstrdup to propert u_char *
9555d258 2555 - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
2556 [canohost.c match.c ssh.c sshconnect.c]
2557 be strict with tolower() casting
a7137f6b 2558 - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
2559 [channels.c fatal.c kex.c packet.c serverloop.c]
2560 spacing
1cec12db 2561 - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
2562 [ttymodes.c]
2563 spacing
52e3daed 2564 - djm@cvs.openbsd.org 2006/03/25 00:05:41
2565 [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
2566 [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
2567 [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
2568 [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
2569 [xmalloc.c xmalloc.h]
2570 introduce xcalloc() and xasprintf() failure-checked allocations
2571 functions and use them throughout openssh
2572
2573 xcalloc is particularly important because malloc(nmemb * size) is a
2574 dangerous idiom (subject to integer overflow) and it is time for it
2575 to die
2576
2577 feedback and ok deraadt@
c5d10563 2578 - djm@cvs.openbsd.org 2006/03/25 01:13:23
2579 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
2580 [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
2581 [uidswap.c]
2582 change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
2583 to xrealloc(p, new_nmemb, new_itemsize).
2584
2585 realloc is particularly prone to integer overflows because it is
2586 almost always allocating "n * size" bytes, so this is a far safer
2587 API; ok deraadt@
522327f5 2588 - djm@cvs.openbsd.org 2006/03/25 01:30:23
2589 [sftp.c]
2590 "abormally" is a perfectly cromulent word, but "abnormally" is better
c1cb7bae 2591 - djm@cvs.openbsd.org 2006/03/25 13:17:03
6ba5f28f 2592 [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
2593 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
2594 [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
2595 [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
2596 [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
2597 [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
2598 [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
2599 [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
2600 [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
2601 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
2602 [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
2603 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
2604 [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
2605 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
2606 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
2607 [uidswap.c uuencode.c xmalloc.c]
c1cb7bae 2608 Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
2609 Theo nuked - our scripts to sync -portable need them in the files
febd6f21 2610 - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
2611 [auth-rsa.c authfd.c packet.c]
2612 needed casts (always will be needed)
b476adfa 2613 - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
2614 [clientloop.c serverloop.c]
2615 spacing
306f24ca 2616 - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
2617 [sshlogin.c sshlogin.h]
2618 nicer size_t and time_t types
0fe9892f 2619 - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
2620 [ssh-keygen.c]
2621 cast strtonum() result to right type
8d0b0353 2622 - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
2623 [ssh-agent.c]
2624 mark two more signal handlers ARGSUSED
d6d4897e 2625 - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
2626 [channels.c]
2627 use strtonum() instead of atoi() [limit X screens to 400, sorry]
15dd2c4f 2628 - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
2629 [bufaux.c channels.c packet.c]
2630 remove (char *) casts to a function that accepts void * for the arg
5b5f6af7 2631 - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
2632 [channels.c]
2633 delete cast not required
56f824f3 2634 - djm@cvs.openbsd.org 2006/03/25 22:22:43
2635 [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
2636 [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
2637 [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
2638 [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
2639 [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
2640 [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
2641 [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
2642 [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
2643 [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
2644 [ttymodes.h uidswap.h uuencode.h xmalloc.h]
2645 standardise spacing in $OpenBSD$ tags; requested by deraadt@
9594740b 2646 - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
2647 [uuencode.c]
2648 typo
3eff92ec 2649
df938409 265020060325
2651 - OpenBSD CVS Sync
2652 - djm@cvs.openbsd.org 2006/03/16 04:24:42
2653 [ssh.1]
2654 Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
2655 that OpenSSH supports
a92a0909 2656 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
2657 [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
2658 [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
2659 [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
2660 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
2661 [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
2662 [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
2663 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
2664 [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
2665 [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
2666 [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
2667 [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
2668 [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
2669 [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
2670 [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
2671 [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
2672 [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
2673 [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
2674 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
2675 [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
2676 [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
2677 [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
2678 [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
2679 [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
2680 RCSID() can die
0e03e3d0 2681 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
2682 [kex.h myproposal.h]
2683 spacing
0fa53840 2684 - djm@cvs.openbsd.org 2006/03/20 04:07:22
2685 [auth2-gss.c]
2686 GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
2687 reviewed by simon AT sxw.org.uk; deraadt@ ok
0926fd19 2688 - djm@cvs.openbsd.org 2006/03/20 04:07:49
2689 [gss-genr.c]
2690 more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
2691 reviewed by simon AT sxw.org.uk; deraadt@ ok
7cd30d48 2692 - djm@cvs.openbsd.org 2006/03/20 04:08:18
2693 [gss-serv.c]
2694 last lot of GSSAPI related leaks detected by Coverity via
2695 elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
97f67e9a 2696 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
2697 [monitor_wrap.h sshpty.h]
2698 sprinkle u_int throughout pty subsystem, ok markus
fd6eaa8c 2699 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
2700 [session.h]
2701 annoying spacing fixes getting in the way of real diffs
6cfe93ec 2702 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
2703 [dns.c]
2704 cast xstrdup to propert u_char *
f0eea41f 2705 - jakob@cvs.openbsd.org 2006/03/22 21:16:24
2706 [ssh.1]
2707 simplify SSHFP example; ok jmc@
69753336 2708 - djm@cvs.openbsd.org 2006/03/22 21:27:15
2709 [deattack.c deattack.h]
2710 remove IV support from the CRC attack detector, OpenSSH has never used
2711 it - it only applied to IDEA-CFB, which we don't support.
2712 prompted by NetBSD Coverity report via elad AT netbsd.org;
2713 feedback markus@ "nuke it" deraadt@
df938409 2714
08a3f952 271520060318
7f38714e 2716 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
2717 elad AT NetBSD.org
2718 - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
2719 a LLONG rather than a long. Fixes scp'ing of large files on platforms
2720 with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
08a3f952 2721
32b0131a 272220060316
2723 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
2f360c89 2724 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
2725 /usr/include/crypto. Hint from djm@.
b1f0c612 2726 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
2727 Disable sha256 when openssl < 0.9.7. Patch from djm@.
30baf904 2728 - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
2729 OpenSSL; ok tim
32b0131a 2730
0ac58ab4 273120060315
2732 - (djm) OpenBSD CVS Sync:
2733 - msf@cvs.openbsd.org 2006/02/06 15:54:07
2734 [ssh.1]
2735 - typo fix
2736 ok jmc@
260c414c 2737 - jmc@cvs.openbsd.org 2006/02/06 21:44:47
2738 [ssh.1]
2739 make this a little less ambiguous...
c38f5d19 2740 - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
2741 [auth-rhosts.c includes.h]
2742 move #include <netgroup.h> out of includes.h; ok markus@
c3ff311a 2743 - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
2744 [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
2745 move #include <sys/queue.h> out of includes.h; ok markus@
1d3e026f 2746 - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
2747 [channels.c clientloop.c clientloop.h includes.h packet.h]
2748 [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
2749 move #include <termios.h> out of includes.h; ok markus@
99f28949 2750 - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
2751 [sshtty.c]
2752 "log.h" not needed
cc63c340 2753 - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
2754 [hostfile.c]
2755 "packet.h" not needed
db5a9db9 2756 - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
2757 [deattack.c]
2758 duplicate #include
a75f5360 2759 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
2760 [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
2761 [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
2762 [sshd.c sshpty.c]
2763 move #include <paths.h> out of includes.h; ok markus@
6425cf65 2764 - stevesk@cvs.openbsd.org 2006/02/08 12:32:49
2765 [includes.h misc.c]
2766 move #include <netinet/tcp.h> out of includes.h; ok markus@
1720c23b 2767 - stevesk@cvs.openbsd.org 2006/02/08 13:15:44
2768 [gss-serv.c monitor.c]
2769 small KNF
5b984d1d 2770 - stevesk@cvs.openbsd.org 2006/02/08 14:16:59
2771 [sshconnect.c]
2772 <openssl/bn.h> not needed
876faccd 2773 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
2774 [includes.h ssh-agent.c ssh-keyscan.c ssh.c]
2775 move #include <sys/resource.h> out of includes.h; ok markus@
a3dcf543 2776 - stevesk@cvs.openbsd.org 2006/02/08 14:38:18
2777 [includes.h packet.c]
2778 move #include <netinet/in_systm.h> and <netinet/ip.h> out of
2779 includes.h; ok markus@
68e39d38 2780 - stevesk@cvs.openbsd.org 2006/02/08 23:51:24
2781 [includes.h scp.c sftp-glob.c sftp-server.c]
2782 move #include <dirent.h> out of includes.h; ok markus@
bbb1501d 2783 - stevesk@cvs.openbsd.org 2006/02/09 00:32:07
2784 [includes.h]
2785 #include <sys/endian.h> not needed; ok djm@
2786 NB. ID Sync only - we still need this (but it may move later)
4eb67845 2787 - jmc@cvs.openbsd.org 2006/02/09 10:10:47
2788 [sshd.8]
2789 - move some text into a CAVEATS section
2790 - merge the COMMAND EXECUTION... section into AUTHENTICATION
bd7c69ea 2791 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
2792 [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
2793 [ssh.c sshd.c sshpty.c]
2794 move #include <sys/ioctl.h> out of includes.h; ok markus@
aa2eae64 2795 - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
2796 [includes.h monitor.c readpass.c scp.c serverloop.c session.c\7f]
2797 [sftp.c sshconnect.c sshconnect2.c sshd.c]
2798 move #include <sys/wait.h> out of includes.h; ok markus@
cfb9181c 2799 - otto@cvs.openbsd.org 2006/02/11 19:31:18
2800 [atomicio.c]
2801 type correctness; from Ray Lai in PR 5011; ok millert@
f7b8224d 2802 - djm@cvs.openbsd.org 2006/02/12 06:45:34
2803 [ssh.c ssh_config.5]
2804 add a %l expansion code to the ControlPath, which is filled in with the
2805 local hostname at runtime. Requested by henning@ to avoid some problems
2806 with /home on NFS; ok dtucker@
129d5252 2807 - djm@cvs.openbsd.org 2006/02/12 10:44:18
2808 [readconf.c]
2809 raise error when the user specifies a RekeyLimit that is smaller than 16
2810 (the smallest of our cipher's blocksize) or big enough to cause integer
2811 wraparound; ok & feedback dtucker@
5e7007ea 2812 - jmc@cvs.openbsd.org 2006/02/12 10:49:44
2813 [ssh_config.5]
2814 slight rewording; ok djm
010c04e5 2815 - jmc@cvs.openbsd.org 2006/02/12 10:52:41
2816 [sshd.8]
2817 rework the description of authorized_keys a little;
9ed4bd80 2818 - jmc@cvs.openbsd.org 2006/02/12 17:57:19
2819 [sshd.8]
2820 sort the list of options permissable w/ authorized_keys;
2821 ok djm dtucker
1e0fcfc6 2822 - jmc@cvs.openbsd.org 2006/02/13 10:16:39
2823 [sshd.8]
2824 no need to subsection the authorized_keys examples - instead, convert
2825 this to look like an actual file. also use proto 2 keys, and use IETF
2826 example addresses;
2881e0e9 2827 - jmc@cvs.openbsd.org 2006/02/13 10:21:25
2828 [sshd.8]
2829 small tweaks for the ssh_known_hosts section;
9d4b0313 2830 - jmc@cvs.openbsd.org 2006/02/13 11:02:26
2831 [sshd.8]
2832 turn this into an example ssh_known_hosts file; ok djm
481e991f 2833 - jmc@cvs.openbsd.org 2006/02/13 11:08:43
2834 [sshd.8]
2835 - avoid nasty line split
2836 - `*' does not need to be escaped
10fa86ae 2837 - jmc@cvs.openbsd.org 2006/02/13 11:27:25
2838 [sshd.8]
2839 sort FILES and use a -compact list;
2db34ac9 2840 - david@cvs.openbsd.org 2006/02/15 05:08:24
2841 [sftp-client.c]
2842 typo in comment; ok djm@
0e505e42 2843 - jmc@cvs.openbsd.org 2006/02/15 16:53:20
2844 [ssh.1]
2845 remove the IETF draft references and replace them with some updated RFCs;
2866aceb 2846 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
2847 [sshd.8]
2848 remove ietf draft references; RFC list now maintained in ssh.1;
00e7c607 2849 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
2850 [sshd.8]
2851 sync some of the FILES entries w/ ssh.1;
f3d2d92e 2852 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
2853 [sshd.8]
2854 move the sshrc stuff out of FILES, and into its own section:
2855 FILES is not a good place to document how stuff works;
e56bbe08 2856 - jmc@cvs.openbsd.org 2006/02/19 20:02:17
2857 [sshd.8]
2858 sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
3783659a 2859 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
2860 [sshd.8]
2861 grammar;
922f8f17 2862 - jmc@cvs.openbsd.org 2006/02/19 20:12:25
2863 [ssh_config.5]
2864 add some vertical space;
cebb4c24 2865 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
2866 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
2867 move #include <sys/un.h> out of includes.h; ok djm@
4095f623 2868 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
2869 [clientloop.c includes.h monitor.c progressmeter.c scp.c]
2870 [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
2871 move #include <signal.h> out of includes.h; ok markus@
ada68823 2872 - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
2873 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
2874 [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
2875 [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
2876 [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
2877 [sshconnect2.c sshd.c sshpty.c]
2878 move #include <sys/stat.h> out of includes.h; ok markus@
b6438382 2879 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
2880 [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
2881 [sshconnect.c]
2882 move #include <ctype.h> out of includes.h; ok djm@
95d46d8f 2883 - jmc@cvs.openbsd.org 2006/02/24 10:25:14
2884 [ssh_config.5]
2885 add section on patterns;
2886 from dtucker + myself
ac1ec4d8 2887 - jmc@cvs.openbsd.org 2006/02/24 10:33:54
2888 [sshd_config.5]
2889 signpost to PATTERNS;
436a5ff9 2890 - jmc@cvs.openbsd.org 2006/02/24 10:37:07
2891 [ssh_config.5]
2892 tidy up the refs to PATTERNS;
4cb23985 2893 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
2894 [sshd.8]
2895 signpost to PATTERNS section;
340a4caf 2896 - jmc@cvs.openbsd.org 2006/02/24 20:22:16
2897 [ssh-keysign.8 ssh_config.5 sshd_config.5]
2898 some consistency fixes;
f09ffbdb 2899 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
2900 [ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2901 more consistency fixes;
c5786b30 2902 - jmc@cvs.openbsd.org 2006/02/24 23:20:07
2903 [ssh_config.5]
2904 some grammar/wording fixes;
b74c3b8c 2905 - jmc@cvs.openbsd.org 2006/02/24 23:43:57
2906 [sshd_config.5]
2907 some grammar/wording fixes;
32cfd177 2908 - jmc@cvs.openbsd.org 2006/02/24 23:51:17
2909 [sshd_config.5]
2910 oops - bits i missed;
2963b207 2911 - jmc@cvs.openbsd.org 2006/02/25 12:26:17
2912 [ssh_config.5]
2913 document the possible values for KbdInteractiveDevices;
84c1b530 2914 help/ok dtucker
2915 - jmc@cvs.openbsd.org 2006/02/25 12:28:34
2916 [sshd_config.5]
2917 document the order in which allow/deny directives are processed;
a269663f 2918 help/ok dtucker
de4f5093 2919 - jmc@cvs.openbsd.org 2006/02/26 17:17:18
2920 [ssh_config.5]
2921 move PATTERNS to the end of the main body; requested by dtucker
ef1c6497 2922 - jmc@cvs.openbsd.org 2006/02/26 18:01:13
2923 [sshd_config.5]
2924 subsection is pointless here;
c04ba6a6 2925 - jmc@cvs.openbsd.org 2006/02/26 18:03:10
2926 [ssh_config.5]
2927 comma;
8b6bf4d5 2928 - djm@cvs.openbsd.org 2006/02/28 01:10:21
2929 [session.c]
2930 fix logout recording when privilege separation is disabled, analysis and
2931 patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
2932 NB. ID sync only - patch already in portable
140000b4 2933 - djm@cvs.openbsd.org 2006/03/04 04:12:58
2934 [serverloop.c]
2935 move a debug() outside of a signal handler; ok markus@ a little while back
16a5525d 2936 - djm@cvs.openbsd.org 2006/03/12 04:23:07
2937 [ssh.c]
2938 knf nit
9f513268 2939 - djm@cvs.openbsd.org 2006/03/13 08:16:00
2940 [sshd.c]
2941 don't log that we are listening on a socket before the listen() call
2942 actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
71f0de56 2943 - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
2944 [packet.c]
2945 Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
2946 poor performance and protocol stalls under some network conditions (mindrot
2947 bugs #556 and #981). Patch originally from markus@, ok djm@
15b81af3 2948 - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
2949 [ssh-keygen.c]
2950 Make ssh-keygen handle CR and CRLF line termination when converting IETF
2951 format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
2952 Pepper, ok djm@
533b9133 2953 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
2954 [misc.c ssh_config.5 sshd_config.5]
2955 Allow config directives to contain whitespace by surrounding them by double
2956 quotes. mindrot #482, man page help from jmc@, ok djm@
45660a22 2957 - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
2958 [authfile.c authfile.h ssh-add.c]
2959 Make ssh-add check file permissions before attempting to load private
2960 key files multiple times; it will fail anyway and this prevents confusing
2961 multiple prompts and warnings. mindrot #1138, ok djm@
22aa23f8 2962 - djm@cvs.openbsd.org 2006/03/14 00:15:39
2963 [canohost.c]
2964 log the originating address and not just the name when a reverse
2965 mapping check fails, requested by linux AT linuon.com
2d762582 2966 - markus@cvs.openbsd.org 2006/03/14 16:32:48
2967 [ssh_config.5 sshd_config.5]
2968 *AliveCountMax applies to protcol v2 only; ok dtucker, djm
2ff8003a 2969 - djm@cvs.openbsd.org 2006/03/07 09:07:40
2970 [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
2971 Implement the diffie-hellman-group-exchange-sha256 key exchange method
2972 using the SHA256 code in libc (and wrapper to make it into an OpenSSL
2973 EVP), interop tested against CVS PuTTY
2974 NB. no portability bits committed yet
13ff27b7 2975 - (djm) [configure.ac defines.h kex.c md-sha256.c]
2976 [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
2977 [openbsd-compat/sha2.c] First stab at portability glue for SHA256
2978 KEX support, should work with libc SHA256 support or OpenSSL
2979 EVP_sha256 if present
1a6e2ed1 2980 - (djm) [includes.h] Restore accidentally dropped netinet/in.h
d3c45531 2981 - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
f73e2ad7 2982 - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
53a9f480 2983 - (djm) [regress/.cvsignore] Ignore Makefile here
81e73e57 2984 - (djm) [loginrec.c] Need stat.h
6c3a432e 2985 - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
2986 system sha2.h
cb2c6179 2987 - (djm) [ssh-rand-helper.c] Needs a bunch of headers
3e598f1a 2988 - (djm) [ssh-agent.c] Restore dropped stat.h
3070c7e1 2989 - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
2990 SHA384, which we don't need and doesn't compile without tweaks
b5b88c19 2991 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
2992 [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
2993 [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
2994 [openbsd-compat/glob.c openbsd-compat/mktemp.c]
2995 [openbsd-compat/readpassphrase.c] Lots of include fixes for
2996 OpenSolaris
b481f63d 2997 - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
3e9b2b1b 2998 - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
2999 includes removed from includes.h
d90b9f9a 3000 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
b02dadfc 3001 - (djm) [includes.h] Put back paths.h, it is needed in defines.h
d4bf5977 3002 - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
3003 sys/ioctl.h for struct winsize.
3919d576 3004 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
0ac58ab4 3005
055252ed 300620060313
3007 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
3008 since not all platforms support it. Instead, use internal equivalent while
3009 computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
3010 as it's no longer required. Tested by Bernhard Simon, ok djm@
3011
f9b93ff8 301220060304
3013 - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
3014 file rather than directory, required as Cygwin will be importing lastlog(1).
3015 Also tightens up permissions on the file. Patch from vinschen@redhat.com.
a8d3dd47 3016 - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h
3017 includes. Patch from gentoo.riverrat at gmail.com.
f9b93ff8 3018
49c64dd6 301920060226
3020 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY
3021 patch from kraai at ftbfs.org.
3022
302320060223
05059810 3024 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
3025 reality. Pointed out by tryponraj at gmail.com.
3026
49c64dd6 302720060222
0244ad55 3028 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
3029 compile in compat code if required.
3030
15101d77 303120060221
3032 - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
3033 redefinition of SSLeay_add_all_algorithms.
3034
c7ad0d99 303520060220
3036 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
3037 Add optional enabling of OpenSSL's (hardware) Engine support, via
3038 configure --with-ssl-engine. Based in part on a diff by michal at
3039 logix.cz.
3040
46096a5b 304120060219
3042 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
3043 Add first attempt at regress tests for compat library. ok djm@
3044
103ff395 304520060214
3046 - (tim) [buildpkg.sh.in] Make the names consistent.
3047 s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
3048
06a517d4 304920060212
3050 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
3051 to silence compiler warning, from vinschen at redhat.com.
0c7e8877 3052 - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX.
9603096f 3053 - (dtucker) [README version.h contrib/caldera/openssh.spec
3054 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
3055 strings to match 4.3p2 release.
06a517d4 3056
4c721c3d 305720060208
3058 - (tim) [session.c] Logout records were not updated on systems with
3059 post auth privsep disabled due to bug 1086 changes. Analysis and patch
3060 by vinschen at redhat.com. OK tim@, dtucker@.
4b2cf3f1 3061 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
8753ef06 3062 -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@
4c721c3d 3063
5679f14d 306420060206
3065 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
3066 netinet/in_systm.h. OK dtucker@.
3067
823221b2 306820060205
3069 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
3070 for Solaris. OK dtucker@.
9c54c067 3071 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
3072 kraai at ftbfs.org.
823221b2 3073
c9ecc3c7 307420060203
3075 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
3076 AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
3077 by a platform specific check, builtin standard includes tests will be
3078 skipped on the other platforms.
3079 Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
3080 OK tim@, djm@.
3081
300ea548 308220060202
3083 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
3084 works with picky compilers. Patch from alex.kiernan at thus.net.
3085
0ceedd4e 308620060201
3087 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
3088 determine the user's login name - needed for regress tests on Solaris
3089 10 and OpenSolaris
f3906047 3090 - (djm) OpenBSD CVS Sync
3091 - jmc@cvs.openbsd.org 2006/02/01 09:06:50
3092 [sshd.8]
3093 - merge sections on protocols 1 and 2 into a single section
3094 - remove configuration file section
3095 ok markus
170c69ba 3096 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
3097 [sshd.8]
3098 small tweak;
026be201 3099 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3100 [contrib/suse/openssh.spec] Update versions ahead of release
ac07067e 3101 - markus@cvs.openbsd.org 2006/02/01 11:27:22
3102 [version.h]
3103 openssh 4.3
2ac31303 3104 - (djm) Release OpenSSH 4.3p1
0ceedd4e 3105
0ce89457 310620060131
3107 - (djm) OpenBSD CVS Sync
3108 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
3109 [ssh_config.5]
3110 - word change, agreed w/ markus
3111 - consistency fixes
ec63d7ce 3112 - jmc@cvs.openbsd.org 2006/01/25 09:04:34
3113 [sshd.8]
3114 move the options description up the page, and a few additional tweaks
3115 whilst in here;
3116 ok markus
f464b2f1 3117 - jmc@cvs.openbsd.org 2006/01/25 09:07:22
3118 [sshd.8]
3119 move subsections to full sections;
b661b7fb 3120 - jmc@cvs.openbsd.org 2006/01/26 08:47:56
3121 [ssh.1]
3122 add a section on verifying host keys in dns;
3123 written with a lot of help from jakob;
3124 feedback dtucker/markus;
3125 ok markus
d7b37427 3126 - reyk@cvs.openbsd.org 2006/01/30 12:22:22
3127 [channels.c]
3128 mark channel as write failed or dead instead of read failed on error
3129 of the channel output filter.
3130 ok markus@
062d2977 3131 - jmc@cvs.openbsd.org 2006/01/30 13:37:49
3132 [ssh.1]
3133 remove an incorrect sentence;
3134 reported by roumen petrov;
3135 ok djm markus
4116f5c0 3136 - djm@cvs.openbsd.org 2006/01/31 10:19:02
3137 [misc.c misc.h scp.c sftp.c]
3138 fix local arbitrary command execution vulnerability on local/local and
3139 remote/remote copies (CVE-2006-0225, bz #1094), patch by
3140 t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
16e8ab10 3141 - djm@cvs.openbsd.org 2006/01/31 10:35:43
3142 [scp.c]
3143 "scp a b c" shouldn't clobber "c" when it is not a directory, report and
3144 fix from biorn@; ok markus@
b645ff66 3145 - (djm) Sync regress tests to OpenBSD:
3146 - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
3147 [regress/forwarding.sh]
3148 Regress test for ClearAllForwardings (bz #994); ok markus@
9b347e5f 3149 - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
3150 [regress/multiplex.sh]
3151 Don't call cleanup in multiplex as test-exec will cleanup anyway
3152 found by tim@, ok djm@
3153 NB. ID sync only, we already had this
3154 - djm@cvs.openbsd.org 2005/05/20 23:14:15
3155 [regress/test-exec.sh]
3156 force addressfamily=inet for tests, unbreaking dynamic-forward regress for
3157 recently committed nc SOCKS5 changes
9f22d634 3158 - djm@cvs.openbsd.org 2005/05/24 04:10:54
89deb4c2 3159 [regress/try-ciphers.sh]
9f22d634 3160 oops, new arcfour modes here too
89deb4c2 3161 - markus@cvs.openbsd.org 2005/06/30 11:02:37
3162 [regress/scp.sh]
3163 allow SUDO=sudo; from Alexander Bluhm
41f70006 3164 - grunk@cvs.openbsd.org 2005/11/14 21:25:56
3165 [regress/agent-getpeereid.sh]
3166 all other scripts in this dir use $SUDO, not 'sudo', so pull this even
3167 ok markus@
71133d5b 3168 - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
3169 [regress/scp-ssh-wrapper.sh]
3170 Fix assumption about how many args scp will pass; ok djm@
3171 NB. ID sync only, we already had this
452613c1 3172 - djm@cvs.openbsd.org 2006/01/27 06:49:21
3173 [scp.sh]
3174 regress test for local to local scp copies; ok dtucker@
3ca1f5b0 3175 - djm@cvs.openbsd.org 2006/01/31 10:23:23
3176 [scp.sh]
3177 regression test for CVE-2006-0225 written by dtucker@
d5b44cf1 3178 - djm@cvs.openbsd.org 2006/01/31 10:36:33
3179 [scp.sh]
3180 regress test for "scp a b c" where "c" is not a directory
0ce89457 3181
eeb27c78 318220060129
3183 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
3184 opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
3185
16ad260d 318620060120
3187 - (dtucker) OpenBSD CVS Sync
3188 - jmc@cvs.openbsd.org 2006/01/15 17:37:05
3189 [ssh.1]
3190 correction from deraadt
43a7d9e7 3191 - jmc@cvs.openbsd.org 2006/01/18 10:53:29
3192 [ssh.1]
3193 add a section on ssh-based vpn, based on reyk's README.tun;
db175906 3194 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
3195 [scp.1 ssh.1 ssh_config.5 sftp.1]
3196 Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
3197 #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
16ad260d 3198
aaa18db9 319920060114
3200 - (djm) OpenBSD CVS Sync
3201 - jmc@cvs.openbsd.org 2006/01/06 13:27:32
3202 [ssh.1]
3203 weed out some duplicate info in the known_hosts FILES entries;
3204 ok djm
5d7b356f 3205 - jmc@cvs.openbsd.org 2006/01/06 13:29:10
3206 [ssh.1]
3207 final round of whacking FILES for duplicate info, and some consistency
3208 fixes;
3209 ok djm
dbb3bf96 3210 - jmc@cvs.openbsd.org 2006/01/12 14:44:12
3211 [ssh.1]
3212 split sections on tcp and x11 forwarding into two sections.
3213 add an example in the tcp section, based on sth i wrote for ssh faq;
3214 help + ok: djm markus dtucker
5d4e571c 3215 - jmc@cvs.openbsd.org 2006/01/12 18:48:48
3216 [ssh.1]
3217 refer to `TCP' rather than `TCP/IP' in the context of connection
3218 forwarding;
3219 ok markus
e5d4cfad 3220 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
3221 [sshd.8]
3222 refer to TCP forwarding, rather than TCP/IP forwarding;
0b3950af 3223 - jmc@cvs.openbsd.org 2006/01/12 22:26:02
3224 [ssh_config.5]
3225 refer to TCP forwarding, rather than TCP/IP forwarding;
c2da64a1 3226 - jmc@cvs.openbsd.org 2006/01/12 22:34:12
3227 [ssh.1]
3228 back out a sentence - AUTHENTICATION already documents this;
aaa18db9 3229
794febd2 323020060109
3231 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
3232 tcpip service so it's always started after IP is up. Patch from
3233 vinschen at redhat.com.
3234
0624a70b 323520060106
3236 - (djm) OpenBSD CVS Sync
3237 - jmc@cvs.openbsd.org 2006/01/03 16:31:10
3238 [ssh.1]
3239 move FILES to a -compact list, and make each files an item in that list.
3240 this avoids nastly line wrap when we have long pathnames, and treats
3241 each file as a separate item;
3242 remove the .Pa too, since it is useless.
0502727e 3243 - jmc@cvs.openbsd.org 2006/01/03 16:35:30
3244 [ssh.1]
3245 use a larger width for the ENVIRONMENT list;
f403d7b5 3246 - jmc@cvs.openbsd.org 2006/01/03 16:52:36
3247 [ssh.1]
3248 put FILES in some sort of order: sort by pathname
c0907b37 3249 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
3250 [ssh.1]
3251 tweak the description of ~/.ssh/environment
f3119772 3252 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
3253 [ssh.1]
3254 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
3255 entries;
3256 ok markus
6c276bb9 3257 - jmc@cvs.openbsd.org 2006/01/04 18:45:01
3258 [ssh.1]
3259 remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
926f6a7a 3260 - jmc@cvs.openbsd.org 2006/01/04 19:40:24
3261 [ssh.1]
3262 +.Xr ssh-keyscan 1 ,
ccce91ef 3263 - jmc@cvs.openbsd.org 2006/01/04 19:50:09
3264 [ssh.1]
3265 -.Xr gzip 1 ,
db382686 3266 - djm@cvs.openbsd.org 2006/01/05 23:43:53
3267 [misc.c]
3268 check that stdio file descriptors are actually closed before clobbering
3269 them in sanitise_stdfd(). problems occurred when a lower numbered fd was
3270 closed, but higher ones weren't. spotted by, and patch tested by
3271 Frédéric Olivié
0624a70b 3272
d3506f6d 327320060103
3274 - (djm) [channels.c] clean up harmless merge error, from reyk@
3275
79e46360 327620060103
3277 - (djm) OpenBSD CVS Sync
3278 - jmc@cvs.openbsd.org 2006/01/02 17:09:49
3279 [ssh_config.5 sshd_config.5]
3280 some corrections from michael knudsen;
3281
6f6cd507 328220060102
3283 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
4b5e6c81 3284 - (djm) OpenBSD CVS Sync
3285 - jmc@cvs.openbsd.org 2005/12/31 10:46:17
3286 [ssh.1]
3287 merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
3288 AUTHENTICATION" sections into "AUTHENTICATION";
3289 some rewording done to make the text read better, plus some
3290 improvements from djm;
3291 ok djm
b92605e1 3292 - jmc@cvs.openbsd.org 2005/12/31 13:44:04
3293 [ssh.1]
3294 clean up ENVIRONMENT a little;
20892533 3295 - jmc@cvs.openbsd.org 2005/12/31 13:45:19
3296 [ssh.1]
3297 .Nm does not require an argument;
1f1fbbd8 3298 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
3299 [includes.h misc.c]
3300 move <net/if.h>; ok djm@
81c042a3 3301 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
3302 [misc.c]
3303 no trailing "\n" for debug()
3eee3b86 3304 - djm@cvs.openbsd.org 2006/01/02 01:20:31
3305 [sftp-client.c sftp-common.h sftp-server.c]
3306 use a common max. packet length, no binary change
b1b65311 3307 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
3308 [misc.c]
3309 clarify tun(4) opening - set the mode and bring the interface up. also
3310 (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
3311 suggested and ok by djm@
d141c93d 3312 - jmc@cvs.openbsd.org 2006/01/02 12:31:06
3313 [ssh.1]
3314 start to cut some duplicate info from FILES;
3315 help/ok djm
6f6cd507 3316
0f6cb079 331720060101
3318 - (djm) [Makefile.in configure.ac includes.h misc.c]
3319 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
3320 for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
3321 limited to IPv4 tunnels only, and most versions don't support the
3322 tap(4) device at all.
b5081213 3323 - (djm) [configure.ac] Fix linux/if_tun.h test
3aef38da 3324 - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
0f6cb079 3325
1908529f 332620051229
3327 - (djm) OpenBSD CVS Sync
3328 - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
3329 [canohost.c channels.c clientloop.c]
3330 use 'break-in' for consistency; ok deraadt@ ok and input jmc@
c1c6a032 3331 - reyk@cvs.openbsd.org 2005/12/30 15:56:37
3332 [channels.c channels.h clientloop.c]
3333 add channel output filter interface.
3334 ok djm@, suggested by markus@
3da242db 3335 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
3336 [sftp.1]
3337 do not suggest that interactive authentication will work
3338 with the -b flag;
3339 based on a diff from john l. scarfone;
3340 ok djm
f470cf48 3341 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
3342 [ssh.1]
3343 document -MM; ok djm@
e914f53a 3344 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
3345 [serverloop.c ssh.c openbsd-compat/Makefile.in]
3346 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
3347 compatability support for Linux, diff from reyk@
c40f09ca 3348 - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
3349 not exist
d91775e1 3350 - (djm) [configure.ac] oops, make that linux/if_tun.h
1908529f 3351
b5c428f0 335220051229
3353 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
3354
6b0117fd 335520051224
3356 - (djm) OpenBSD CVS Sync
3357 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
3358 [ssh.1]
3359 merge the sections on protocols 1 and 2 into one section on
3360 authentication;
3361 feedback djm dtucker
3362 ok deraadt markus dtucker
5c5546be 3363 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
3364 [ssh.1]
3365 .Ss -> .Sh: subsections have not made this page more readable
e6c7c03e 3366 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
3367 [ssh.1]
3368 move info on ssh return values and config files up into the main
3369 description;
e49f7abd 3370 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
3371 [ssh.1]
3372 -L and -R descriptions are now above, not below, ~C description;
8770ef76 3373 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
3374 [ssh.1]
3375 options now described `above', rather than `later';
6e1e9c73 3376 - jmc@cvs.openbsd.org 2005/12/21 12:53:31
3377 [ssh.1]
3378 -Y does X11 forwarding too;
3379 ok markus
6cd6c442 3380 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
3381 [sshd.8]
3382 clarify precedence of -p, Port, ListenAddress; ok and help jmc@
0c9851b1 3383 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
3384 [ssh_config.5]
3385 put the description of "UsePrivilegedPort" in the correct place;
9bf41db3 3386 - jmc@cvs.openbsd.org 2005/12/22 11:23:42
3387 [ssh.1]
3388 expand the description of -w somewhat;
3389 help/ok reyk
86131206 3390 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
3391 [ssh.1]
3392 - sync the description of -e w/ synopsis
3393 - simplify the description of -I
3394 - note that -I is only available if support compiled in, and that it
3395 isn't by default
3396 feedback/ok djm@
025fc42e 3397 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
3398 [ssh.1]
3399 less mark up for -c;
678143bd 3400 - djm@cvs.openbsd.org 2005/12/24 02:27:41
3401 [session.c sshd.c]
3402 eliminate some code duplicated in privsep and non-privsep paths, and
3403 explicitly clear SIGALRM handler; "groovy" deraadt@
6b0117fd 3404
a2b1748a 340520051220
3406 - (dtucker) OpenBSD CVS Sync
3407 - reyk@cvs.openbsd.org 2005/12/13 15:03:02
3408 [serverloop.c]
3409 if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
442c8b33 3410 - jmc@cvs.openbsd.org 2005/12/16 18:07:08
3411 [ssh.1]
3412 move the option descriptions up the page: start of a restructure;
3413 ok markus deraadt
e426efa9 3414 - jmc@cvs.openbsd.org 2005/12/16 18:08:53
3415 [ssh.1]
3416 simplify a sentence;
28ca205d 3417 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
3418 [ssh.1]
3419 make the description of -c a little nicer;
a55c1733 3420 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
3421 [ssh.1]
3422 signpost the protocol sections;
8918b906 3423 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
3424 [ssh_config.5 session.c]
3425 spelling: fowarding, fowarded
551ed07c 3426 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
3427 [ssh_config.5]
3428 spelling: intented -> intended
3aa43b24 3429 - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
3430 [ssh.c]
3431 exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
a2b1748a 3432
e5146707 343320051219
3434 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
3435 openbsd-compat/openssl-compat.h] Check for and work around broken AES
3436 ciphers >128bit on (some) Solaris 10 systems. ok djm@
3437
2f89281c 343820051217
3439 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
3440 scp.c also uses, so undef them here.
31b0732a 3441 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
3442 snprintf replacement can have a conflicting declaration in HP-UX's system
3443 headers (const vs. no const) so we now check for and work around it. Patch
3444 from the dynamic duo of David Leonard and Ted Percival.
2f89281c 3445
9fed02d8 344620051214
3447 - (dtucker) OpenBSD CVS Sync (regress/)
3448 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
3449 [regress/scp-ssh-wrapper.sh]
3450 Fix assumption about how many args scp will pass; ok djm@
3451
d7cf99ff 345220051213
3453 - (djm) OpenBSD CVS Sync
3454 - jmc@cvs.openbsd.org 2005/11/30 11:18:27
3455 [ssh.1]
3456 timezone -> time zone
04ac3e62 3457 - jmc@cvs.openbsd.org 2005/11/30 11:45:20
3458 [ssh.1]
3459 avoid ambiguities in describing TZ;
3460 ok djm@
d20f3c9e 3461 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
3462 [auth-options.c auth-options.h channels.c channels.h clientloop.c]
3463 [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
3464 [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
3465 [sshconnect.h sshd.8 sshd_config sshd_config.5]
3466 Add support for tun(4) forwarding over OpenSSH, based on an idea and
3467 initial channel code bits by markus@. This is a simple and easy way to
3468 use OpenSSH for ad hoc virtual private network connections, e.g.
3469 administrative tunnels or secure wireless access. It's based on a new
3470 ssh channel and works similar to the existing TCP forwarding support,
3471 except that it depends on the tun(4) network interface on both ends of
3472 the connection for layer 2 or layer 3 tunneling. This diff also adds
3473 support for LocalCommand in the ssh(1) client.
d20f3c9e 3474 ok djm@, markus@, jmc@ (manpages), tested and discussed with others
ceec33f3 3475 - djm@cvs.openbsd.org 2005/12/07 03:52:22
3476 [clientloop.c]
3477 reyk forgot to compile with -Werror (missing header)
985bb789 3478 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
3479 [ssh.1]
3480 - avoid line split in SYNOPSIS
3481 - add args to -w
3482 - kill trailing whitespace
64925c6d 3483 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
3484 [ssh.1 ssh_config.5]
3485 make `!command' a little clearer;
3486 ok reyk
030723f9 3487 - jmc@cvs.openbsd.org 2005/12/08 15:06:29
3488 [ssh_config.5]
3489 keep options in order;
a4f24bf8 3490 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
3491 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
3492 [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
3493 two changes to the new ssh tunnel support. this breaks compatibility
3494 with the initial commit but is required for a portable approach.
3495 - make the tunnel id u_int and platform friendly, use predefined types.
3496 - support configuration of layer 2 (ethernet) or layer 3
3497 (point-to-point, default) modes. configuration is done using the
3498 Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
3499 restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
3500 in sshd_config(5).
3501 ok djm@, man page bits by jmc@
a274ba38 3502 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
3503 [ssh_config.5]
3504 new sentence, new line;
b872f7f0 3505 - markus@cvs.openbsd.org 2005/12/12 13:46:18
3506 [channels.c channels.h session.c]
3507 make sure protocol messages for internal channels are ignored.
3508 allow adjust messages for non-open channels; with and ok djm@
6306853a 3509 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
3510 again by providing a sys_tun_open() function for your platform and
3511 setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
3512 OpenBSD's tunnel protocol, which prepends the address family to the
3513 packet
d7cf99ff 3514
fbc06315 351520051201
3516 - (djm) [envpass.sh] Remove regress script that was accidentally committed
3517 in top level directory and not noticed for over a year :)
3518
6e94bd72 351920051129
3520 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
3521 bits == 0.
60dc0294 3522 - (dtucker) OpenBSD CVS Sync
3523 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
3524 [ssh-keygen.c]
3525 Populate default key sizes before checking them; from & ok tim@
e45da4d6 3526 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
3527 for UnixWare.
6e94bd72 3528
b7bb251f 352920051128
3530 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
3531 versions of GNU head. Based on patch from zappaman at buraphalinux.org
8b396721 3532 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
3533 _GNU_SOURCE instead. Patch from t8m at centrum.cz.
c6d7b211 3534 - (dtucker) OpenBSD CVS Sync
3535 - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
3536 [ssh-keygen.1 ssh-keygen.c]
3537 Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
3538 increase minumum RSA key size to 768 bits and update man page to reflect
3539 these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
3540 ok djm@, grudging ok deraadt@.
98e93fbc 3541 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
3542 [ssh-agent.1]
3543 Update agent socket path templates to reflect reality, correct xref for
3544 time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
b7bb251f 3545
961c2997 354620051126
3547 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
3548 when they're available) need the real UID set otherwise pam_chauthtok will
3549 set ADMCHG after changing the password, forcing the user to change it
3550 again immediately.
3551
ccc45ee0 355220051125
3553 - (dtucker) [configure.ac] Apply tim's fix for older systems where the
3554 resolver state in resolv.h is "state" not "__res_state". With slight
3555 modification by me to also work on old AIXes. ok djm@
419094c6 3556 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
3557 snprintf formats, fixes warnings on some 64 bit platforms. Patch from
3558 shaw at vranix.com, ok djm@
ccc45ee0 3559
356020051124
9a406e1e 3561 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
3562 openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
3563 asprintf() implementation, after syncing our {v,}snprintf() implementation
3564 with some extra fixes from Samba's version. With help and debugging from
3565 dtucker and tim; ok dtucker@
d08db6d1 3566 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
3567 order in Reliant Unix block. Patch from johane at lysator.liu.se.
d77c7dff 3568 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
3569 many and use them only once. Speeds up testing on older/slower hardware.
9a406e1e 3570
932ab351 357120051122
3572 - (dtucker) OpenBSD CVS Sync
3573 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
3574 [ssh-add.c]
3575 space
29accf74 3576 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
3577 [scp.c]
3578 avoid close(-1), as in rcp; ok cloder
a001f9d7 3579 - millert@cvs.openbsd.org 2005/11/15 11:59:54
3580 [includes.h]
3581 Include sys/queue.h explicitly instead of assuming some other header
3582 will pull it in. At the moment it gets pulled in by sys/select.h
3583 (which ssh has no business including) via event.h. OK markus@
3584 (ID sync only in -portable)
426cef74 3585 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
3586 [auth-krb5.c]
3587 Perform Kerberos calls even for invalid users to prevent leaking
3588 information about account validity. bz #975, patch originally from
3589 Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
3590 ok markus@
18f8ef7a 3591 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
3592 [hostfile.c]
3593 Correct format/arguments to debug call; spotted by shaw at vranix.com
3594 ok djm@
dfde7f6e 3595 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
3596 from shaw at vranix.com.
932ab351 3597
60e10887 359820051120
3599 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
3600 is going on.
3601
4162eae5 360220051112
3603 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
3604 ifdef lost during sync. Spotted by tim@.
f97dc218 3605 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
eeee8237 3606 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
23361281 3607 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
29aaf112 3608 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
3609 test: if sshd takes too long to reconfigure the subsequent connection will
3610 fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
4162eae5 3611
e1658b5c 361220051110
b69585d9 3613 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
e1658b5c 3614 OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
3615 "register").
b69585d9 3616 - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
7b2dcf21 3617 unnecessary prototype.
b69585d9 3618 - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
3619 revs 1.7 - 1.9.
c080bed1 3620 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
3621 Patch from djm@.
dbf07ba2 3622 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
3623 since they're not useful right now. Patch from djm@.
242652fe 3624 - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
3625 prototypes, removal of "register").
432e59f9 3626 - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
3627 of "register").
f6d4fb87 3628 - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
3629 after the copyright notices. Having them at the top next to the CVSIDs
3630 guarantees a conflict for each and every sync.
e4f65477 3631 - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
bfd4a832 3632 - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
bc16ca63 3633 - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
3634 Removal of rcsid, "whiteout" inode type.
7dfb4a82 3635 - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
3636 Removal of rcsid, will no longer strlcpy parts of the string.
d8922805 3637 - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
4ff445f1 3638 - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
e1829842 3639 - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
625552b8 3640 - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
a65ea33b 3641 - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
b84a707a 3642 - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
281bbb02 3643 - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
16d51c41 3644 - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
3645 with OpenBSD code since we don't support platforms without fstat any more.
b53df919 3646 - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
68b36828 3647 - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
3648 - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
fc1c42f3 3649 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
0695e921 3650 - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
3c8f7a26 3651 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
5bf337a5 3652 - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
8c603515 3653 - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
c9d7b187 3654 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
295034ce 3655 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
3e6325a6 3656 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
3657 Id and copyright sync only, there were no substantial changes we need.
8d767ef2 3658 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
6bd2d8e5 3659 -Wsign-compare fixes from djm.
e1b4416e 3660 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
3661 Id and copyright sync only, there were no substantial changes we need.
cd595991 3662 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
3663 doesn't change between versions, and use a safer default.
e1658b5c 3664
255d3e00 366520051105
3666 - (djm) OpenBSD CVS Sync
3667 - markus@cvs.openbsd.org 2005/10/07 11:13:57
3668 [ssh-keygen.c]
3669 change DSA default back to 1024, as it's defined for 1024 bits only
3670 and this causes interop problems with other clients. moreover,
3671 in order to improve the security of DSA you need to change more
3672 components of DSA key generation (e.g. the internal SHA1 hash);
3673 ok deraadt
8cd0437d 3674 - djm@cvs.openbsd.org 2005/10/10 10:23:08
3675 [channels.c channels.h clientloop.c serverloop.c session.c]
3676 fix regression I introduced in 4.2: X11 forwardings initiated after
3677 a session has exited (e.g. "(sleep 5; xterm) &") would not start.
3678 bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
442aee3a 3679 - djm@cvs.openbsd.org 2005/10/11 23:37:37
3680 [channels.c]
3681 bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
3682 bind() failure when a previous connection's listeners are in TIME_WAIT,
3683 reported by plattner AT inf.ethz.ch; ok dtucker@
b96eade6 3684 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
3685 [auth2-gss.c gss-genr.c gss-serv.c]
3686 remove unneeded #includes; ok markus@
6e902aec 3687 - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
3688 [gss-serv.c]
3689 spelling in comments
6472fefc 3690 - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
3691 [gss-serv-krb5.c gss-serv.c]
3692 unused declarations; ok deraadt@
3693 (id sync only for gss-serv-krb5.c)
adf8c40b 3694 - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
3695 [dns.c]
3696 unneeded #include, unused declaration, little knf; ok deraadt@
8442cc66 3697 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
3698 [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
3699 KNF; ok djm@
17318dd6 3700 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
3701 [ssh-keygen.c ssh.c sshconnect2.c]
3702 no trailing "\n" for log functions; ok djm@
8c4bd764 3703 - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
3704 [channels.c clientloop.c]
3705 free()->xfree(); ok djm@
ed82a2a9 3706 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
3707 [sshconnect.c]
3708 make external definition static; ok deraadt@
7238b6e4 3709 - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
3710 [dns.c]
3711 fix memory leaks from 2 sources:
3712 1) key_fingerprint_raw()
3713 2) malloc in dns_read_rdata()
3714 ok jakob@
3715 - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
3716 [dns.c]
3717 remove #ifdef LWRES; ok jakob@
8374cf6f 3718 - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
3719 [dns.c dns.h]
3720 more cleanups; ok jakob@
6b0b0d65 3721 - djm@cvs.openbsd.org 2005/10/30 01:23:19
3722 [ssh_config.5]
3723 mention control socket fallback behaviour, reported by
3724 tryponraj AT gmail.com
2995db03 3725 - djm@cvs.openbsd.org 2005/10/30 04:01:03
3726 [ssh-keyscan.c]
3727 make ssh-keygen discard junk from server before SSH- ident, spotted by
3728 dave AT cirt.net; ok dtucker@
aa9bc1de 3729 - djm@cvs.openbsd.org 2005/10/30 04:03:24
3730 [ssh.c]
3731 fix misleading debug message; ok dtucker@
3a85986d 3732 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
3733 [canohost.c sshd.c]
3734 Check for connections with IP options earlier and drop silently. ok djm@
db98627d 3735 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
3736 [ssh_config.5]
3737 remove trailing whitespace;
7b9b0103 3738 - djm@cvs.openbsd.org 2005/10/30 08:52:18
3739 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
3740 [ssh.c sshconnect.c sshconnect1.c sshd.c]
3741 no need to escape single quotes in comments, no binary change
bdd3b323 3742 - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
3743 [sftp.c]
3744 Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
882c9d5a 3745 - djm@cvs.openbsd.org 2005/10/31 11:12:49
3746 [ssh-keygen.1 ssh-keygen.c]
3747 generate a protocol 2 RSA key by default
6af12d46 3748 - djm@cvs.openbsd.org 2005/10/31 11:48:29
3749 [serverloop.c]
3750 make sure we clean up wtmp, etc. file when we receive a SIGTERM,
3751 SIGINT or SIGQUIT when running without privilege separation (the
3752 normal privsep case is already OK). Patch mainly by dtucker@ and
3753 senthilkumar_sen AT hotpop.com; ok dtucker@
3543c5e1 3754 - jmc@cvs.openbsd.org 2005/10/31 19:55:25
3755 [ssh-keygen.1]
3756 grammar;
0bbbf2a4 3757 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
3758 [canohost.c]
3759 Cache reverse lookups with and without DNS separately; ok markus@
47e5dc72 3760 - djm@cvs.openbsd.org 2005/11/04 05:15:59
3761 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
3762 remove hardcoded hash lengths in key exchange code, allowing
3763 implementation of KEX methods with different hashes (e.g. SHA-256);
3764 ok markus@ dtucker@ stevesk@
27e3ef36 3765 - djm@cvs.openbsd.org 2005/11/05 05:01:15
3766 [bufaux.c]
3767 Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
3768 cs.stanford.edu; ok dtucker@
e557f3b5 3769 - (dtucker) [README.platform] Add PAM section.
ebb049f1 3770 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
3771 resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
3772 ok dtucker@
255d3e00 3773
bd2a0801 377420051102
3775 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
3776 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
3777 via FreeBSD.
3778
5097eaa9 377920051030
3780 - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
3781 sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
3782 files from imorgan AT nas.nasa.gov
0a61a240 3783 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
3784 enabled, instead allow PAM to handle it. Note that on platforms using PAM,
3785 the pam_nologin module should be added to sshd's session stack in order to
3786 maintain exising behaviour. Based on patch and discussion from t8m at
3787 centrum.cz, ok djm@
5097eaa9 3788
90f15776 378920051025
3790 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
3791 sizeof(long long) checks, to make fixing bug #1104 easier (no changes
3792 yet).
d75dfaa6 3793 - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
3794 understand "%lld", even though the compiler has "long long", so handle
3795 it as a special case. Patch tested by mcaskill.scott at epa.gov.
b8bc9d84 3796 - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
3797 prompt. Patch from vinschen at redhat.com.
90f15776 3798
b0e7249f 379920051017
3800 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
3801 /etc/default/login report and testing from aabaker at iee.org, corrections
3802 from tim@.
3803
8034a348 380420051009
3805 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
3806 versions from OpenBSD. ok djm@
3807
83f987c3 380820051008
3809 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
3810 brian.smith at agilent com.
1012885d 3811 - (djm) [configure.ac] missing 'test' call for -with-Werror test
83f987c3 3812
278f9900 381320051005
3814 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
3815 "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
3816 senthilkumar_sen at hotpop.com.
3817
59e5aff5 381820051003
3819 - (dtucker) OpenBSD CVS Sync
3820 - markus@cvs.openbsd.org 2005/09/07 08:53:53
3821 [channels.c]
3822 enforce chanid != NULL; ok djm
b5443199 3823 - markus@cvs.openbsd.org 2005/09/09 19:18:05
3824 [clientloop.c]
3825 typo; from mark at mcs.vuw.ac.nz, bug #1082
fd6168c1 3826 - djm@cvs.openbsd.org 2005/09/13 23:40:07
3827 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
3828 scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
3829 ensure that stdio fds are attached; ok deraadt@
5ddc5eb4 3830 - djm@cvs.openbsd.org 2005/09/19 11:37:34
3831 [ssh_config.5 ssh.1]
3832 mention ability to specify bind_address for DynamicForward and -D options;
3833 bz#1077 spotted by Haruyama Seigo
d77dd4d7 3834 - djm@cvs.openbsd.org 2005/09/19 11:47:09
3835 [sshd.c]
3836 stop connection abort on rekey with delayed compression enabled when
3837 post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
67003554 3838 - djm@cvs.openbsd.org 2005/09/19 11:48:10
3839 [gss-serv.c]
3840 typo
37c406a8 3841 - jmc@cvs.openbsd.org 2005/09/19 15:38:27
3842 [ssh.1]
3843 some more .Bk/.Ek to avoid ugly line split;
80e29ee6 3844 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
3845 [ssh.c]
3846 update -D usage here too;
2915e42b 3847 - djm@cvs.openbsd.org 2005/09/19 23:31:31
3848 [ssh.1]
3849 spelling nit from stevesk@
0d3d1077 3850 - djm@cvs.openbsd.org 2005/09/21 23:36:54
3851 [sshd_config.5]
3852 aquire -> acquire, from stevesk@
ae25711b 3853 - djm@cvs.openbsd.org 2005/09/21 23:37:11
3854 [sshd.c]
3855 change label at markus@'s request
8f921a4a 3856 - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
3857 [ssh-keyscan.1]
3858 deploy .An -nosplit; ok jmc
d2130e1f 3859 - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
3860 [canohost.c]
3861 Relocate check_ip_options call to prevent logging of garbage for
3862 connections with IP options set. bz#1092 from David Leonard,
3863 "looks good" deraadt@
1172d361 3864 - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
3865 is required in the system path for the multiplex test to work.
59e5aff5 3866
bfd17430 386720050930
3868 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
3869 for strtoll. Patch from o.flebbe at science-computing.de.
cfb60d3a 3870 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
3871 child during PAM account check without clearing it. This restores the
3872 post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
3873 with help from several others.
bfd17430 3874
140da888 387520050929
3876 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
3877 introduced during sync.
3878
4ebacf50 387920050928
3880 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
cafa6a80 3881 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
3882 PAM via keyboard-interactive. Patch tested by the folks at Vintela.
4ebacf50 3883
759ab0d9 388420050927
3885 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
3886 calls, since they can't possibly fail. ok djm@
72f02ae7 3887 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
3888 process when sshd relies on ssh-random-helper. Should result in faster
3889 logins on systems without a real random device or prngd. ok djm@
759ab0d9 3890
b6c37221 389120050924
3892 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
3893 duplicate call. ok djm@
3894
bb116c8e 389520050922
3896 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
3897 skeleten at shillest.net.
e47fb473 3898 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
3899 shillest.net.
bb116c8e 3900
3466e002 390120050919
3902 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
3903 AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
f666dcfa 3904 ok dtucker@
3466e002 3905
f5555364 390620050912
3907 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
3908 Mike Frysinger.
3909
d2a3abef 391020050908
3911 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
3912 OpenServer 6 and add osr5bigcrypt support so when someone migrates
3913 passwords between UnixWare and OpenServer they will still work. OK dtucker@
3914
0b202697 3915$Id$
git-cvsimport mirror of OpenSSH
This page took 1.11322 seconds and 5 git commands to generate.