]> andersk Git - openssh.git/blame - ChangeLog
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) utimes() support via utime() interface on machine that lack utimes().
[openssh.git] / ChangeLog
CommitLineData
2fd3c144 120010115
2 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
89c7e31c 3 - (bal) utimes() support via utime() interface on machine that lack utimes().
2fd3c144 4
63b68889 520010114
6 - (stevesk) initial work for OpenBSD "support supplementary group in
7 {Allow,Deny}Groups" patch:
8 - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
9 - add bsd-getgrouplist.h
10 - new files groupaccess.[ch]
11 - build but don't use yet (need to merge auth.c changes)
c6a69271 12 - (stevesk) complete:
13 - markus@cvs.openbsd.org 2001/01/13 11:56:48
14 [auth.c sshd.8]
15 support supplementary group in {Allow,Deny}Groups
16 from stevesk@pobox.com
63b68889 17
f546c780 1820010112
19 - (bal) OpenBSD Sync
20 - markus@cvs.openbsd.org 2001/01/10 22:56:22
21 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
22 cleanup sftp-server implementation:
23 add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
24 parse SSH2_FILEXFER_ATTR_EXTENDED
25 send SSH2_FX_EOF if readdir returns no more entries
26 reply to SSH2_FXP_EXTENDED message
27 use #defines from the draft
28 move #definations to sftp.h
29 more info:
30 http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
31 - markus@cvs.openbsd.org 2001/01/10 19:43:20
32 [sshd.c]
33 XXX - generate_empheral_server_key() is not safe against races,
34 because it calls log()
35 - markus@cvs.openbsd.org 2001/01/09 21:19:50
36 [packet.c]
37 allow TCP_NDELAY for ipv6; from netbsd via itojun@
38
9548d6c8 3920010110
40 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
41 Bladt Norbert <Norbert.Bladt@adi.ch>
42
af972861 4320010109
44 - (bal) Resync CVS ID of cli.c
4b80e97b 45 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
46 code.
eea39c02 47 - (bal) OpenBSD Sync
48 - markus@cvs.openbsd.org 2001/01/08 22:29:05
49 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
50 sshd_config version.h]
51 implement option 'Banner /etc/issue.net' for ssh2, move version to
52 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
53 is enabled).
54 - markus@cvs.openbsd.org 2001/01/08 22:03:23
55 [channels.c ssh-keyscan.c]
56 O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
57 - markus@cvs.openbsd.org 2001/01/08 21:55:41
58 [sshconnect1.c]
59 more cleanups and fixes from stevesk@pobox.com:
60 1) try_agent_authentication() for loop will overwrite key just
61 allocated with key_new(); don't alloc
62 2) call ssh_close_authentication_connection() before exit
63 try_agent_authentication()
64 3) free mem on bad passphrase in try_rsa_authentication()
65 - markus@cvs.openbsd.org 2001/01/08 21:48:17
66 [kex.c]
67 missing free; thanks stevesk@pobox.com
f1c4659d 68 - (bal) Detect if clock_t structure exists, if not define it.
69 - (bal) Detect if O_NONBLOCK exists, if not define it.
70 - (bal) removed news4-posix.h (now empty)
71 - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
72 instead of 'int'
adc83ebf 73 - (stevesk) sshd_config: sync
4f771a33 74 - (stevesk) defines.h: remove spurious ``;''
af972861 75
bbcf899f 7620010108
77 - (bal) Fixed another typo in cli.c
78 - (bal) OpenBSD Sync
79 - markus@cvs.openbsd.org 2001/01/07 21:26:55
80 [cli.c]
81 typo
82 - markus@cvs.openbsd.org 2001/01/07 21:26:55
83 [cli.c]
84 missing free, stevesk@pobox.com
85 - markus@cvs.openbsd.org 2001/01/07 19:06:25
86 [auth1.c]
87 missing free, stevesk@pobox.com
88 - markus@cvs.openbsd.org 2001/01/07 11:28:04
89 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
90 ssh.h sshd.8 sshd.c]
91 rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
92 syslog priority changes:
93 fatal() LOG_ERR -> LOG_CRIT
94 log() LOG_INFO -> LOG_NOTICE
b8c37305 95 - Updated TODO
bbcf899f 96
9616313f 9720010107
98 - (bal) OpenBSD Sync
99 - markus@cvs.openbsd.org 2001/01/06 11:23:27
100 [ssh-rsa.c]
101 remove unused
102 - itojun@cvs.openbsd.org 2001/01/05 08:23:29
103 [ssh-keyscan.1]
104 missing .El
105 - markus@cvs.openbsd.org 2001/01/04 22:41:03
106 [session.c sshconnect.c]
107 consistent use of _PATH_BSHELL; from stevesk@pobox.com
108 - djm@cvs.openbsd.org 2001/01/04 22:35:32
109 [ssh.1 sshd.8]
110 Mention AES as available SSH2 Cipher; ok markus
111 - markus@cvs.openbsd.org 2001/01/04 22:25:58
112 [sshd.c]
113 sync usage()/man with defaults; from stevesk@pobox.com
114 - markus@cvs.openbsd.org 2001/01/04 22:21:26
115 [sshconnect2.c]
116 handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
117 that prints a banner (e.g. /etc/issue.net)
118
1877dc0c 11920010105
120 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
5a64a938 121 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
1877dc0c 122
488c06c8 12320010104
124 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
125 work by Chris Vaughan <vaughan99@yahoo.com>
126
7c49df64 12720010103
128 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
129 tree (mainly positioning)
130 - (bal) OpenSSH CVS Update
131 - markus@cvs.openbsd.org 2001/01/02 20:41:02
132 [packet.c]
133 log remote ip on disconnect; PR 1600 from jcs@rt.fm
134 - markus@cvs.openbsd.org 2001/01/02 20:50:56
135 [sshconnect.c]
136 strict_host_key_checking for host_status != HOST_CHANGED &&
137 ip_status == HOST_CHANGED
2f2f9c77 138 - (bal) authfile.c: Synced CVS ID tag
2c523de9 139 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
140 - (bal) Disable sftp-server if no 64bit int support exists. Based on
141 patch by Tim Rice <tim@multitalents.net>
142 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
143 and sftp-server.8 manpage.
7c49df64 144
a421e945 14520010102
146 - (bal) OpenBSD CVS Update
147 - markus@cvs.openbsd.org 2001/01/01 14:52:49
148 [scp.c]
149 use shared fatal(); from stevesk@pobox.com
150
0efc80a7 15120001231
152 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
153 for multiple reasons.
b1335fdf 154 - (bal) Reverted out of a partial NeXT patch.
0efc80a7 155
efcae5b1 15620001230
157 - (bal) OpenBSD CVS Update
158 - markus@cvs.openbsd.org 2000/12/28 18:58:30
159 [ssh-keygen.c]
160 enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
b148018f 161 - markus@cvs.openbsd.org 2000/12/29 22:19:13
162 [channels.c]
163 missing xfree; from vaughan99@yahoo.com
efcae5b1 164 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
03a14cc9 165 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
166 Suggested by Christian Kurz <shorty@debain.org>
cb6dabf4 167 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
168 don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
169 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
0dd78cd8 170
17120001229
172 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
173 Kurz <shorty@debain.org>
8abcdba4 174 - (bal) OpenBSD CVS Update
175 - markus@cvs.openbsd.org 2000/12/28 14:25:51
176 [auth.h auth2.c]
177 count authentication failures only
178 - markus@cvs.openbsd.org 2000/12/28 14:25:03
179 [sshconnect.c]
180 fingerprint for MITM attacks, too.
181 - markus@cvs.openbsd.org 2000/12/28 12:03:57
182 [sshd.8 sshd.c]
183 document -D
184 - markus@cvs.openbsd.org 2000/12/27 14:19:21
185 [serverloop.c]
186 less chatty
187 - markus@cvs.openbsd.org 2000/12/27 12:34
188 [auth1.c sshconnect2.c sshd.c]
189 typo
190 - markus@cvs.openbsd.org 2000/12/27 12:30:19
191 [readconf.c readconf.h ssh.1 sshconnect.c]
192 new option: HostKeyAlias: allow the user to record the host key
193 under a different name. This is useful for ssh tunneling over
194 forwarded connections or if you run multiple sshd's on different
195 ports on the same machine.
196 - markus@cvs.openbsd.org 2000/12/27 11:51:53
197 [ssh.1 ssh.c]
198 multiple -t force pty allocation, document ORIGINAL_COMMAND
199 - markus@cvs.openbsd.org 2000/12/27 11:41:31
200 [sshd.8]
201 update for ssh-2
c52c7082 202 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
203 fix merge.
0dd78cd8 204
8f523d67 20520001228
206 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
207 libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
9fb76616 208 - (djm) Update to new x11-askpass in RPM spec
0dd78cd8 209 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
210 header. Patch by Tim Rice <tim@multitalents.net>
211 - Updated TODO w/ known HP/UX issue
212 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
213 bad reference to 'NeXT including it else were' on the #ifdef version.
8f523d67 214
b03bd394 21520001227
216 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
217 Takumi Yamane <yamtak@b-session.com>
218 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
8f523d67 219 by Corinna Vinschen <vinschen@redhat.com>
220 - (djm) Fix catman-do target for non-bash
221 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
222 Takumi Yamane <yamtak@b-session.com>
223 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
b03bd394 224 by Corinna Vinschen <vinschen@redhat.com>
13991f8e 225 - (djm) Fix catman-do target for non-bash
f318b98b 226 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
227 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
228 'RLIMIT_NOFILE'
3bdf55b1 229 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
230 the info in COPYING.Ylonen has been moved to the start of each
231 SSH1-derived file and README.Ylonen is well out of date.
b03bd394 232
8d88011e 23320001223
234 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
235 if a change to config.h has occurred. Suggested by Gert Doering
236 <gert@greenie.muc.de>
237 - (bal) OpenBSD CVS Update:
238 - markus@cvs.openbsd.org 2000/12/22 16:49:40
239 [ssh-keygen.c]
240 fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
241
1e3b8b07 24220001222
243 - Updated RCSID for pty.c
244 - (bal) OpenBSD CVS Updates:
245 - markus@cvs.openbsd.org 2000/12/21 15:10:16
246 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
247 print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
248 - markus@cvs.openbsd.org 2000/12/20 19:26:56
249 [authfile.c]
250 allow ssh -i userkey for root
251 - markus@cvs.openbsd.org 2000/12/20 19:37:21
252 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
253 fix prototypes; from stevesk@pobox.com
254 - markus@cvs.openbsd.org 2000/12/20 19:32:08
255 [sshd.c]
256 init pointer to NULL; report from Jan.Ivan@cern.ch
257 - markus@cvs.openbsd.org 2000/12/19 23:17:54
258 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
259 auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
260 bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
261 crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
262 key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
263 packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
264 serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
265 ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
266 uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
267 replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
268 unsigned' with u_char.
269
67b0facb 27020001221
271 - (stevesk) OpenBSD CVS updates:
272 - markus@cvs.openbsd.org 2000/12/19 15:43:45
273 [authfile.c channels.c sftp-server.c ssh-agent.c]
274 remove() -> unlink() for consistency
275 - markus@cvs.openbsd.org 2000/12/19 15:48:09
276 [ssh-keyscan.c]
277 replace <ssl/x.h> with <openssl/x.h>
278 - markus@cvs.openbsd.org 2000/12/17 02:33:40
279 [uidswap.c]
280 typo; from wsanchez@apple.com
281
adeebd37 28220001220
283 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
284 and Linux-PAM. Based on report and fix from Andrew Morgan
285 <morgan@transmeta.com>
286
f072c47a 28720001218
288 - (stevesk) rsa.c: entropy.h not needed.
0c2fb82f 289 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
290 Suggested by Wilfredo Sanchez <wsanchez@apple.com>
f072c47a 291
731c1541 29220001216
293 - (stevesk) OpenBSD CVS updates:
294 - markus@cvs.openbsd.org 2000/12/16 02:53:57
295 [scp.c]
296 allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
297 - markus@cvs.openbsd.org 2000/12/16 02:39:57
298 [scp.c]
299 unused; from stevesk@pobox.com
300
227e8e86 30120001215
9853409f 302 - (stevesk) Old OpenBSD patch wasn't completely applied:
303 - markus@cvs.openbsd.org 2000/01/24 22:11:20
304 [scp.c]
305 allow '.' in usernames; from jedgar@fxp.org
227e8e86 306 - (stevesk) OpenBSD CVS updates:
307 - markus@cvs.openbsd.org 2000/12/13 16:26:53
308 [ssh-keyscan.c]
309 fatal already adds \n; from stevesk@pobox.com
310 - markus@cvs.openbsd.org 2000/12/13 16:25:44
311 [ssh-agent.c]
312 remove redundant spaces; from stevesk@pobox.com
313 - ho@cvs.openbsd.org 2000/12/12 15:50:21
314 [pty.c]
315 When failing to set tty owner and mode on a read-only filesystem, don't
316 abort if the tty already has correct owner and reasonably sane modes.
317 Example; permit 'root' to login to a firewall with read-only root fs.
318 (markus@ ok)
319 - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
320 [pty.c]
321 KNF
6ffc9c88 322 - markus@cvs.openbsd.org 2000/12/12 14:45:21
323 [sshd.c]
324 source port < 1024 is no longer required for rhosts-rsa since it
325 adds no additional security.
326 - markus@cvs.openbsd.org 2000/12/12 16:11:49
327 [ssh.1 ssh.c]
328 rhosts-rsa is no longer automagically disabled if ssh is not privileged.
329 UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
330 these changes should not change the visible default behaviour of the ssh client.
71c0d06a 331 - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
332 [scp.c]
333 when copying 0-sized files, do not re-print ETA time at completion
3e1caa83 334 - provos@cvs.openbsd.org 2000/12/15 10:30:15
335 [kex.c kex.h sshconnect2.c sshd.c]
336 compute diffie-hellman in parallel between server and client. okay markus@
227e8e86 337
6c935fbd 33820001213
339 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
340 from Andreas M. Kirchwitz <amk@krell.zikzak.de>
227e8e86 341 - (stevesk) OpenBSD CVS update:
1fe6a48f 342 - markus@cvs.openbsd.org 2000/12/12 15:30:02
343 [ssh-keyscan.c ssh.c sshd.c]
344 consistently use __progname; from stevesk@pobox.com
6c935fbd 345
367d1840 34620001211
347 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
348 patch to install ssh-keyscan manpage. Patch by Pekka Savola
349 <pekka@netcore.fi>
e3a70753 350 - (bal) OpenbSD CVS update
351 - markus@cvs.openbsd.org 2000/12/10 17:01:53
352 [sshconnect1.c]
353 always request new challenge for skey/tis-auth, fixes interop with
354 other implementations; report from roth@feep.net
367d1840 355
6b523bae 35620001210
357 - (bal) OpenBSD CVS updates
358 - markus@cvs.openbsd.org 2000/12/09 13:41:51
359 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
360 undo rijndael changes
361 - markus@cvs.openbsd.org 2000/12/09 13:48:31
362 [rijndael.c]
363 fix byte order bug w/o introducing new implementation
364 - markus@cvs.openbsd.org 2000/12/09 14:08:27
365 [sftp-server.c]
366 "" -> "." for realpath; from vinschen@redhat.com
367 - markus@cvs.openbsd.org 2000/12/09 14:06:54
368 [ssh-agent.c]
369 extern int optind; from stevesk@sweden.hp.com
13af0aa2 370 - provos@cvs.openbsd.org 2000/12/09 23:51:11
371 [compat.c]
372 remove unnecessary '\n'
6b523bae 373
ce9c0b75 37420001209
6b523bae 375 - (bal) OpenBSD CVS updates:
ce9c0b75 376 - djm@cvs.openbsd.org 2000/12/07 4:24:59
377 [ssh.1]
378 Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
379
f72fc97f 38020001207
6b523bae 381 - (bal) OpenBSD CVS updates:
f72fc97f 382 - markus@cvs.openbsd.org 2000/12/06 22:58:14
383 [compat.c compat.h packet.c]
384 disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
dfe89252 385 - markus@cvs.openbsd.org 2000/12/06 23:10:39
386 [rijndael.c]
387 unexpand(1)
388 - markus@cvs.openbsd.org 2000/12/06 23:05:43
389 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
390 new rijndael implementation. fixes endian bugs
f72fc97f 391
97fb6912 39220001206
6b523bae 393 - (bal) OpenBSD CVS updates:
97fb6912 394 - markus@cvs.openbsd.org 2000/12/05 20:34:09
395 [channels.c channels.h clientloop.c serverloop.c]
396 async connects for -R/-L; ok deraadt@
397 - todd@cvs.openssh.org 2000/12/05 16:47:28
398 [sshd.c]
399 tweak comment to reflect real location of pid file; ok provos@
bf5f69f7 400 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
401 have it (used in ssh-keyscan).
227e8e86 402 - (stevesk) OpenBSD CVS update:
f20255cb 403 - markus@cvs.openbsd.org 2000/12/06 19:57:48
404 [ssh-keyscan.c]
405 err(3) -> internal error(), from stevesk@sweden.hp.com
97fb6912 406
f6fdbddf 40720001205
6b523bae 408 - (bal) OpenBSD CVS updates:
f6fdbddf 409 - markus@cvs.openbsd.org 2000/12/04 19:24:02
410 [ssh-keyscan.c ssh-keyscan.1]
411 David Maziere's ssh-keyscan, ok niels@
412 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
413 to the recent OpenBSD source tree.
835d2104 414 - (stevesk) fix typos in contrib/hpux/README
f6fdbddf 415
cbc5abf9 41620001204
417 - (bal) More C functions defined in NeXT that are unaccessable without
f6fdbddf 418 defining -POSIX.
cbc5abf9 419 - (bal) OpenBSD CVS updates:
420 - markus@cvs.openbsd.org 2000/12/03 11:29:04
421 [compat.c]
422 remove fallback to SSH_BUG_HMAC now that the drafts are updated
423 - markus@cvs.openbsd.org 2000/12/03 11:27:55
424 [compat.c]
97fb6912 425 correctly match "2.1.0.pl2 SSH" etc; from
426 pekkas@netcore.fi/bugzilla.redhat
cbc5abf9 427 - markus@cvs.openbsd.org 2000/12/03 11:15:03
428 [auth2.c compat.c compat.h sshconnect2.c]
429 support f-secure/ssh.com 2.0.12; ok niels@
430
0b6fbf03 43120001203
cbc5abf9 432 - (bal) OpenBSD CVS updates:
0b6fbf03 433 - markus@cvs.openbsd.org 2000/11/30 22:54:31
434 [channels.c]
435 debug->warn if tried to do -R style fwd w/o client requesting this;
436 ok neils@
437 - markus@cvs.openbsd.org 2000/11/29 20:39:17
438 [cipher.c]
439 des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
440 - markus@cvs.openbsd.org 2000/11/30 18:33:05
441 [ssh-agent.c]
442 agents must not dump core, ok niels@
443 - markus@cvs.openbsd.org 2000/11/30 07:04:02
444 [ssh.1]
445 T is for both protocols
446 - markus@cvs.openbsd.org 2000/12/01 00:00:51
447 [ssh.1]
448 typo; from green@FreeBSD.org
449 - markus@cvs.openbsd.org 2000/11/30 07:02:35
450 [ssh.c]
451 check -T before isatty()
452 - provos@cvs.openbsd.org 2000/11/29 13:51:27
453 [sshconnect.c]
454 show IP address and hostname when new key is encountered. okay markus@
455 - markus@cvs.openbsd.org 2000/11/30 22:53:35
456 [sshconnect.c]
457 disable agent/x11/port fwding if hostkey has changed; ok niels@
458 - marksu@cvs.openbsd.org 2000/11/29 21:11:59
459 [sshd.c]
460 sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
461 from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
8c9fe09e 462 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
463 PAM authentication using KbdInteractive.
464 - (djm) Added another TODO
0b6fbf03 465
90f4078a 46620001202
467 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
468 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
469 <mstone@cs.loyola.edu>
470
dcef6523 47120001129
7062c40f 472 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
473 if there are background children with open fds.
c193d002 474 - (djm) bsd-rresvport.c bzero -> memset
475 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
476 still fail during compilation of sftp-server).
477 - (djm) Fail if ar is not found during configure
c523303b 478 - (djm) OpenBSD CVS updates:
479 - provos@cvs.openbsd.org 2000/11/22 08:38:31
480 [sshd.8]
481 talk about /etc/primes, okay markus@
482 - markus@cvs.openbsd.org 2000/11/23 14:03:48
483 [ssh.c sshconnect1.c sshconnect2.c]
484 complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
485 defaults
486 - markus@cvs.openbsd.org 2000/11/25 09:42:53
487 [sshconnect1.c]
488 reorder check for illegal ciphers, bugreport from espie@
489 - markus@cvs.openbsd.org 2000/11/25 10:19:34
490 [ssh-keygen.c ssh.h]
491 print keytype when generating a key.
492 reasonable defaults for RSA1/RSA/DSA keys.
b3ec54b4 493 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
494 more manpage paths in fixpaths calls
495 - (djm) Also add xauth path at Pekka's suggestion.
57ce3f00 496 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
dcef6523 497
e879a080 49820001125
499 - (djm) Give up privs when reading seed file
500
d343d900 50120001123
502 - (bal) Merge OpenBSD changes:
503 - markus@cvs.openbsd.org 2000/11/15 22:31:36
504 [auth-options.c]
505 case insensitive key options; from stevesk@sweeden.hp.com
506 - markus@cvs.openbsd.org 2000/11/16 17:55:43
507 [dh.c]
508 do not use perror() in sshd, after child is forked()
509 - markus@cvs.openbsd.org 2000/11/14 23:42:40
510 [auth-rsa.c]
511 parse option only if key matches; fix some confusing seen by the client
512 - markus@cvs.openbsd.org 2000/11/14 23:44:19
513 [session.c]
514 check no_agent_forward_flag for ssh-2, too
515 - markus@cvs.openbsd.org 2000/11/15
516 [ssh-agent.1]
517 reorder SYNOPSIS; typo, use .It
518 - markus@cvs.openbsd.org 2000/11/14 23:48:55
519 [ssh-agent.c]
520 do not reorder keys if a key is removed
521 - markus@cvs.openbsd.org 2000/11/15 19:58:08
522 [ssh.c]
523 just ignore non existing user keys
524 - millert@cvs.openbsd.org 200/11/15 20:24:43
525 [ssh-keygen.c]
526 Add missing \n at end of error message.
527
0b49a754 52820001122
529 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
530 are compilable.
531 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
532
fab2e5d3 53320001117
534 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
535 has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
835d2104 536 - (stevesk) Reworked progname support.
260d427b 537 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
538 Shinichi Maruyama <marya@st.jip.co.jp>
fab2e5d3 539
c2207f11 54020001116
541 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
542 releases.
543 - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
544 <roth@feep.net>
545
3d398e04 54620001113
547 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
548 contrib/README
fa08c86b 549 - (djm) Merge OpenBSD changes:
550 - markus@cvs.openbsd.org 2000/11/06 16:04:56
551 [channels.c channels.h clientloop.c nchan.c serverloop.c]
552 [session.c ssh.c]
553 agent forwarding and -R for ssh2, based on work from
554 jhuuskon@messi.uku.fi
555 - markus@cvs.openbsd.org 2000/11/06 16:13:27
556 [ssh.c sshconnect.c sshd.c]
557 do not disabled rhosts(rsa) if server port > 1024; from
558 pekkas@netcore.fi
559 - markus@cvs.openbsd.org 2000/11/06 16:16:35
560 [sshconnect.c]
561 downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
562 - markus@cvs.openbsd.org 2000/11/09 18:04:40
563 [auth1.c]
564 typo; from mouring@pconline.com
565 - markus@cvs.openbsd.org 2000/11/12 12:03:28
566 [ssh-agent.c]
567 off-by-one when removing a key from the agent
568 - markus@cvs.openbsd.org 2000/11/12 12:50:39
569 [auth-rh-rsa.c auth2.c authfd.c authfd.h]
570 [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
571 [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
572 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
573 [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
574 [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
575 add support for RSA to SSH2. please test.
576 there are now 3 types of keys: RSA1 is used by ssh-1 only,
577 RSA and DSA are used by SSH2.
578 you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
579 keys for SSH2 and use the RSA keys for hostkeys or for user keys.
580 SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
581 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
f001465f 582 - (djm) Change to interim version
5733a41a 583 - (djm) Fix RPM spec file stupidity
6fff1ac4 584 - (djm) fixpaths to DSA and RSA keys too
3d398e04 585
d287c664 58620001112
587 - (bal) SCO Patch to add needed libraries for configure.in. Patch by
588 Phillips Porch <root@theporch.com>
3d398e04 589 - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
590 <dcp@sgi.com>
a3bf38d0 591 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
592 failed ioctl(TIOCSCTTY) call.
d287c664 593
3c4d4fef 59420001111
595 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
596 packaging files
35325fd4 597 - (djm) Fix new Makefile.in warnings
027bf205 598 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
599 promoted to type int. Report and fix from Dan Astoorian
600 <djast@cs.toronto.edu>
d287c664 601 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
e3291159 602 it wrong. Report from Bennett Todd <bet@rahul.net>
3c4d4fef 603
3e366738 60420001110
605 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
606 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
607 - (bal) Added in check to verify S/Key library is being detected in
608 configure.in
609 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
610 Patch by Mark Miller <markm@swoon.net>
611 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
612 to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
613 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
614
373998a4 61520001107
e506ee73 616 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
617 Mark Miller <markm@swoon.net>
373998a4 618 - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
619 Jarno Huuskonen <jhuuskon@messi.uku.fi>
e506ee73 620 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
621 Mark D. Roth <roth@feep.net>
373998a4 622
ac89998a 62320001106
624 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
6c09e23c 625 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
d6846e6a 626 - (djm) Remove UPGRADING document in favour of a link to the better
627 maintained FAQ on www.openssh.com
73bd30fe 628 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
629 <pekkas@netcore.fi>
630 - (djm) Don't need X11-askpass in RPM spec file if building without it
631 from Pekka Savola <pekkas@netcore.fi>
c215ba3b 632 - (djm) Release 2.3.0p1
97b378bf 633 - (bal) typo in configure.in in regards to --with-ldflags from Marko
634 Asplund <aspa@kronodoc.fi>
635 - (bal) fixed next-posix.h. Forgot prototype of getppid().
68f189a9 636
b850ecd9 63720001105
638 - (bal) Sync with OpenBSD:
639 - markus@cvs.openbsd.org 2000/10/31 9:31:58
640 [compat.c]
641 handle all old openssh versions
642 - markus@cvs.openbsd.org 2000/10/31 13:1853
643 [deattack.c]
644 so that large packets do not wrap "n"; from netbsd
645 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
a30ce26d 646 - (bal) auth2-skey.c - Checked in. Missing from portable tree.
647 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
648 setsid() into more common files
96054e6f 649 - (stevesk) pty.c: use __hpux to identify HP-UX.
d0127657 650 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
651 bsd-waitpid.c
b850ecd9 652
75b90ced 65320001029
654 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
95273555 655 - (stevesk) Create contrib/cygwin/ directory; patch from
656 Corinna Vinschen <vinschen@redhat.com>
e9e4a1c7 657 - (bal) Resolved more $xno and $xyes issues in configure.in
fd5f0295 658 - (bal) next-posix.h - spelling and forgot a prototype
75b90ced 659
344f2b94 66020001028
661 - (djm) fix select hack in serverloop.c from Philippe WILLEM
662 <Philippe.WILLEM@urssaf.fr>
240ae474 663 - (djm) Fix mangled AIXAUTHENTICATE code
606ea390 664 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
665 <markus.friedl@informatik.uni-erlangen.de>
a22aff1f 666 - (djm) Sync with OpenBSD:
667 - markus@cvs.openbsd.org 2000/10/16 15:46:32
668 [ssh.1]
669 fixes from pekkas@netcore.fi
670 - markus@cvs.openbsd.org 2000/10/17 14:28:11
671 [atomicio.c]
672 return number of characters processed; ok deraadt@
673 - markus@cvs.openbsd.org 2000/10/18 12:04:02
674 [atomicio.c]
675 undo
676 - markus@cvs.openbsd.org 2000/10/18 12:23:02
677 [scp.c]
678 replace atomicio(read,...) with read(); ok deraadt@
679 - markus@cvs.openbsd.org 2000/10/18 12:42:00
680 [session.c]
681 restore old record login behaviour
682 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
683 [auth-skey.c]
684 fmt string problem in unused code
685 - provos@cvs.openbsd.org 2000/10/19 10:45:16
686 [sshconnect2.c]
687 don't reference freed memory. okay deraadt@
688 - markus@cvs.openbsd.org 2000/10/21 11:04:23
689 [canohost.c]
690 typo, eramore@era-t.ericsson.se; ok niels@
691 - markus@cvs.openbsd.org 2000/10/23 13:31:55
692 [cipher.c]
693 non-alignment dependent swap_bytes(); from
694 simonb@wasabisystems.com/netbsd
695 - markus@cvs.openbsd.org 2000/10/26 12:38:28
696 [compat.c]
697 add older vandyke products
698 - markus@cvs.openbsd.org 2000/10/27 01:32:19
699 [channels.c channels.h clientloop.c serverloop.c session.c]
700 [ssh.c util.c]
701 enable non-blocking IO on channels, and tty's (except for the
702 client ttys).
344f2b94 703
ddc49b5c 70420001027
705 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
706
48e7916f 70720001025
708 - (djm) Added WARNING.RNG file and modified configure to ask users of the
709 builtin entropy code to read it.
710 - (djm) Prefer builtin regex to PCRE.
00937921 711 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
712 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
713 <proski@gnu.org>
48e7916f 714
8dcda1e3 71520001020
716 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
07bee9a7 717 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
718 is more correct then current version.
8dcda1e3 719
f5af5cd5 72020001018
721 - (stevesk) Add initial support for setproctitle(). Current
722 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
134fd7f6 723 - (stevesk) Add egd startup scripts to contrib/hpux/
f5af5cd5 724
2f31bdd6 72520001017
726 - (djm) Add -lregex to cywin libs from Corinna Vinschen
727 <vinschen@cygnus.com>
ba7a3f40 728 - (djm) Don't rely on atomicio's retval to determine length of askpass
729 supplied passphrase. Problem report from Lutz Jaenicke
730 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
66d6c27e 731 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
732 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
733 <nakaji@tutrp.tut.ac.jp>
2f31bdd6 734
33de75a3 73520001016
736 - (djm) Sync with OpenBSD:
737 - markus@cvs.openbsd.org 2000/10/14 04:01:15
738 [cipher.c]
739 debug3
740 - markus@cvs.openbsd.org 2000/10/14 04:07:23
741 [scp.c]
742 remove spaces from arguments; from djm@mindrot.org
743 - markus@cvs.openbsd.org 2000/10/14 06:09:46
744 [ssh.1]
745 Cipher is for SSH-1 only
746 - markus@cvs.openbsd.org 2000/10/14 06:12:09
747 [servconf.c servconf.h serverloop.c session.c sshd.8]
748 AllowTcpForwarding; from naddy@
749 - markus@cvs.openbsd.org 2000/10/14 06:16:56
750 [auth2.c compat.c compat.h sshconnect2.c version.h]
751 OpenSSH_2.3; note that is is not complete, but the version number
752 needs to be changed for interoperability reasons
753 - markus@cvs.openbsd.org 2000/10/14 06:19:45
754 [auth-rsa.c]
755 do not send RSA challenge if key is not allowed by key-options; from
756 eivind@ThinkSec.com
757 - markus@cvs.openbsd.org 2000/10/15 08:14:01
758 [rijndael.c session.c]
759 typos; from stevesk@sweden.hp.com
760 - markus@cvs.openbsd.org 2000/10/15 08:18:31
761 [rijndael.c]
762 typo
30d8b039 763 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
764 through diffs
aa0289fe 765 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
30d8b039 766 <pekkas@netcore.fi>
aa0289fe 767 - (djm) Update version in Redhat spec file
768 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
769 Redhat 7.0 spec file
5b2d4b75 770 - (djm) Make inability to read/write PRNG seedfile non-fatal
771
33de75a3 772
4d670c24 77320001015
774 - (djm) Fix ssh2 hang on background processes at logout.
775
71dfaf1c 77620001014
443172c4 777 - (bal) Add support for realpath and getcwd for platforms with broken
778 or missing realpath implementations for sftp-server.
779 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
d8f1edd5 780 - (bal) Add support for GNU rx library for those lacking regexp support
71dfaf1c 781 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
02323c45 782 - (djm) Revert SSH2 serverloop hack, will find a better way.
4ee81249 783 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
784 from Martin Johansson <fatbob@acc.umu.se>
94ec8c6b 785 - (djm) Big OpenBSD sync:
786 - markus@cvs.openbsd.org 2000/09/30 10:27:44
787 [log.c]
788 allow loglevel debug
789 - markus@cvs.openbsd.org 2000/10/03 11:59:57
790 [packet.c]
791 hmac->mac
792 - markus@cvs.openbsd.org 2000/10/03 12:03:03
793 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
794 move fake-auth from auth1.c to individual auth methods, disables s/key in
795 debug-msg
796 - markus@cvs.openbsd.org 2000/10/03 12:16:48
797 ssh.c
798 do not resolve canonname, i have no idea why this was added oin ossh
799 - markus@cvs.openbsd.org 2000/10/09 15:30:44
800 ssh-keygen.1 ssh-keygen.c
801 -X now reads private ssh.com DSA keys, too.
802 - markus@cvs.openbsd.org 2000/10/09 15:32:34
803 auth-options.c
804 clear options on every call.
805 - markus@cvs.openbsd.org 2000/10/09 15:51:00
806 authfd.c authfd.h
807 interop with ssh-agent2, from <res@shore.net>
808 - markus@cvs.openbsd.org 2000/10/10 14:20:45
809 compat.c
810 use rexexp for version string matching
811 - provos@cvs.openbsd.org 2000/10/10 22:02:18
812 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
813 First rough implementation of the diffie-hellman group exchange. The
814 client can ask the server for bigger groups to perform the diffie-hellman
815 in, thus increasing the attack complexity when using ciphers with longer
816 keys. University of Windsor provided network, T the company.
817 - markus@cvs.openbsd.org 2000/10/11 13:59:52
818 [auth-rsa.c auth2.c]
819 clear auth options unless auth sucessfull
820 - markus@cvs.openbsd.org 2000/10/11 14:00:27
821 [auth-options.h]
822 clear auth options unless auth sucessfull
823 - markus@cvs.openbsd.org 2000/10/11 14:03:27
824 [scp.1 scp.c]
825 support 'scp -o' with help from mouring@pconline.com
826 - markus@cvs.openbsd.org 2000/10/11 14:11:35
827 [dh.c]
828 Wall
829 - markus@cvs.openbsd.org 2000/10/11 14:14:40
830 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
831 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
832 add support for s/key (kbd-interactive) to ssh2, based on work by
833 mkiernan@avantgo.com and me
834 - markus@cvs.openbsd.org 2000/10/11 14:27:24
835 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
836 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
837 [sshconnect2.c sshd.c]
838 new cipher framework
839 - markus@cvs.openbsd.org 2000/10/11 14:45:21
840 [cipher.c]
841 remove DES
842 - markus@cvs.openbsd.org 2000/10/12 03:59:20
843 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
844 enable DES in SSH-1 clients only
845 - markus@cvs.openbsd.org 2000/10/12 08:21:13
846 [kex.h packet.c]
847 remove unused
848 - markus@cvs.openbsd.org 2000/10/13 12:34:46
849 [sshd.c]
850 Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
851 - markus@cvs.openbsd.org 2000/10/13 12:59:15
852 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
853 rijndael/aes support
854 - markus@cvs.openbsd.org 2000/10/13 13:10:54
855 [sshd.8]
856 more info about -V
857 - markus@cvs.openbsd.org 2000/10/13 13:12:02
858 [myproposal.h]
859 prefer no compression
3ed32516 860 - (djm) Fix scp user@host handling
861 - (djm) Don't clobber ssh_prng_cmds on install
6bcf7caa 862 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
863 u_intXX_t types on all platforms.
9ea53ba5 864 - (stevesk) rijndael.c: cleanup missing declaration warnings.
2919e060 865 - (stevesk) ~/.hushlogin shouldn't cause required password change to
866 be bypassed.
f5665f6f 867 - (stevesk) Display correct path to ssh-askpass in configure output.
868 Report from Lutz Jaenicke.
71dfaf1c 869
ebd782f7 87020001007
871 - (stevesk) Print PAM return value in PAM log messages to aid
872 with debugging.
97994d32 873 - (stevesk) Fix detection of pw_class struct member in configure;
874 patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
875
47a134c1 87620001002
877 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
878 - (djm) Add host system and CC to end-of-configure report. Suggested by
879 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
880
7322ef0e 88120000931
882 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
883
6ac7829a 88420000930
b6490dcb 885 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
772bd898 886 - (djm) Support in bsd-snprintf.c for long long conversions from
887 Ben Lindstrom <mouring@pconline.com>
888 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
857040fb 889 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
890 very short lived X connections. Bug report from Tobias Oetiker
891 <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
bd2d7f6a 892 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
893 patch from Pekka Savola <pekkas@netcore.fi>
58665035 894 - (djm) Forgot to cvs add LICENSE file
dc2901a0 895 - (djm) Add LICENSE to RPM spec files
de273eef 896 - (djm) CVS OpenBSD sync:
897 - markus@cvs.openbsd.org 2000/09/26 13:59:59
898 [clientloop.c]
899 use debug2
900 - markus@cvs.openbsd.org 2000/09/27 15:41:34
901 [auth2.c sshconnect2.c]
902 use key_type()
903 - markus@cvs.openbsd.org 2000/09/28 12:03:18
904 [channels.c]
905 debug -> debug2 cleanup
2a7d529a 906 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
907 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
908 <Alain.St-Denis@ec.gc.ca>
909 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
910 Problem was caused by interrupted read in ssh-add. Report from Donald
911 J. Barry <don@astro.cornell.edu>
6ac7829a 912
c5d85828 91320000929
914 - (djm) Fix SSH2 not terminating until all background tasks done problem.
2ed85c06 915 - (djm) Another off-by-one fix from Pavel Kankovsky
916 <peak@argo.troja.mff.cuni.cz>
22d89d24 917 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
918 tidy necessary differences. Use Markus' new debugN() in entropy.c
77bb0bca 919 - (djm) Merged big SCO portability patch from Tim Rice
920 <tim@multitalents.net>
c5d85828 921
6fd7f731 92220000926
923 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
c5ae7384 924 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
925 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
926 Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
6fd7f731 927
2f125ca1 92820000924
929 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
930 - (djm) A bit more cleanup - created cygwin_util.h
bcdaaeab 931 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
932 <markm@swoon.net>
2f125ca1 933
764d4113 93420000923
935 - (djm) Fix address logging in utmp from Kevin Steves
936 <stevesk@sweden.hp.com>
777319db 937 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
bd590612 938 - (djm) Seperate tests for int64_t and u_int64_t types
37c1c46d 939 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
940 <stevesk@sweden.hp.com>
e79b44e1 941 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
e2144f11 942 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
943 Michael Stone <mstone@cs.loyola.edu>
188adeb2 944 - (djm) OpenBSD CVS sync:
945 - markus@cvs.openbsd.org 2000/09/17 09:38:59
946 [sshconnect2.c sshd.c]
947 fix DEBUG_KEXDH
948 - markus@cvs.openbsd.org 2000/09/17 09:52:51
949 [sshconnect.c]
950 yes no; ok niels@
951 - markus@cvs.openbsd.org 2000/09/21 04:55:11
952 [sshd.8]
953 typo
954 - markus@cvs.openbsd.org 2000/09/21 05:03:54
955 [serverloop.c]
956 typo
957 - markus@cvs.openbsd.org 2000/09/21 05:11:42
958 scp.c
959 utime() to utimes(); mouring@pconline.com
960 - markus@cvs.openbsd.org 2000/09/21 05:25:08
961 sshconnect2.c
962 change login logic in ssh2, allows plugin of other auth methods
963 - markus@cvs.openbsd.org 2000/09/21 05:25:35
964 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
965 [serverloop.c]
966 add context to dispatch_run
967 - markus@cvs.openbsd.org 2000/09/21 05:07:52
968 authfd.c authfd.h ssh-agent.c
969 bug compat for old ssh.com software
764d4113 970
7f377177 97120000920
972 - (djm) Fix bad path substitution. Report from Andrew Miner
973 <asminer@cs.iastate.edu>
974
bcbf86ec 97520000916
7950bf97 976 - (djm) Fix SSL search order from Lutz Jaenicke
977 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
19ece6d2 978 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
9cd45ea4 979 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
995edaac 980 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
981 Patch from Larry Jones <larry.jones@sdrc.com>
ad55cd03 982 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
983 password change patch.
984 - (djm) Bring licenses on my stuff in line with OpenBSD's
0bbfbdeb 985 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
986 Kevin Steves <stevesk@sweden.hp.com>
7f8f5e00 987 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
988 - (djm) Re-enable int64_t types - we need them for sftp
989 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
990 - (djm) Update Redhat SPEC file accordingly
991 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
992 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
993 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
994 <Dirk.DeWachter@rug.ac.be>
995 - (djm) Fixprogs and entropy list fixes from Larry Jones
996 <larry.jones@sdrc.com>
997 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
998 <tyoshida@gemini.rc.kyushu-u.ac.jp>
bcbf86ec 999 - (djm) Merge OpenBSD changes:
1000 - markus@cvs.openbsd.org 2000/09/05 02:59:57
1001 [session.c]
1002 print hostname (not hushlogin)
1003 - markus@cvs.openbsd.org 2000/09/05 13:18:48
1004 [authfile.c ssh-add.c]
1005 enable ssh-add -d for DSA keys
1006 - markus@cvs.openbsd.org 2000/09/05 13:20:49
1007 [sftp-server.c]
1008 cleanup
1009 - markus@cvs.openbsd.org 2000/09/06 03:46:41
1010 [authfile.h]
1011 prototype
1012 - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
1013 [ALL]
1014 cleanup copyright notices on all files. I have attempted to be
1015 accurate with the details. everything is now under Tatu's licence
1016 (which I copied from his readme), and/or the core-sdi bsd-ish thing
1017 for deattack, or various openbsd developers under a 2-term bsd
1018 licence. We're not changing any rules, just being accurate.
1019 - markus@cvs.openbsd.org 2000/09/07 14:40:30
1020 [channels.c channels.h clientloop.c serverloop.c ssh.c]
1021 cleanup window and packet sizes for ssh2 flow control; ok niels
1022 - markus@cvs.openbsd.org 2000/09/07 14:53:00
1023 [scp.c]
1024 typo
1025 - markus@cvs.openbsd.org 2000/09/07 15:13:37
1026 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
1027 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
1028 [pty.c readconf.c]
1029 some more Copyright fixes
1030 - markus@cvs.openbsd.org 2000/09/08 03:02:51
1031 [README.openssh2]
1032 bye bye
1033 - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
1034 [LICENCE cipher.c]
1035 a few more comments about it being ARC4 not RC4
1036 - markus@cvs.openbsd.org 2000/09/12 14:53:11
1037 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
1038 multiple debug levels
1039 - markus@cvs.openbsd.org 2000/09/14 14:25:15
1040 [clientloop.c]
1041 typo
1042 - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
1043 [ssh-agent.c]
1044 check return value for setenv(3) for failure, and deal appropriately
1045
deb8d717 104620000913
1047 - (djm) Fix server not exiting with jobs in background.
1048
b5e300c2 104920000905
1050 - (djm) Import OpenBSD CVS changes
1051 - markus@cvs.openbsd.org 2000/08/31 15:52:24
1052 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
1053 implement a SFTP server. interops with sftp2, scp2 and the windows
1054 client from ssh.com
1055 - markus@cvs.openbsd.org 2000/08/31 15:56:03
1056 [README.openssh2]
1057 sync
1058 - markus@cvs.openbsd.org 2000/08/31 16:05:42
1059 [session.c]
1060 Wall
1061 - markus@cvs.openbsd.org 2000/08/31 16:09:34
1062 [authfd.c ssh-agent.c]
1063 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
1064 - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
1065 [scp.1 scp.c]
1066 cleanup and fix -S support; stevesk@sweden.hp.com
1067 - markus@cvs.openbsd.org 2000/09/01 16:29:32
1068 [sftp-server.c]
1069 portability fixes
1070 - markus@cvs.openbsd.org 2000/09/01 16:32:41
1071 [sftp-server.c]
1072 fix cast; mouring@pconline.com
1073 - itojun@cvs.openbsd.org 2000/09/03 09:23:28
1074 [ssh-add.1 ssh.1]
1075 add missing .El against .Bl.
1076 - markus@cvs.openbsd.org 2000/09/04 13:03:41
1077 [session.c]
1078 missing close; ok theo
1079 - markus@cvs.openbsd.org 2000/09/04 13:07:21
1080 [session.c]
1081 fix get_last_login_time order; from andre@van-veen.de
1082 - markus@cvs.openbsd.org 2000/09/04 13:10:09
1083 [sftp-server.c]
1084 more cast fixes; from mouring@pconline.com
1085 - markus@cvs.openbsd.org 2000/09/04 13:06:04
1086 [session.c]
1087 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
1088 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
3c62e7eb 1089 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
1090
1e61f54a 109120000903
1092 - (djm) Fix Redhat init script
1093
c80876b4 109420000901
1095 - (djm) Pick up Jim's new X11-askpass
1096 - (djm) Release 2.2.0p1
1097
8b4a0d08 109820000831
bcbf86ec 1099 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
8b4a0d08 1100 <acox@cv.telegroup.com>
b817711d 1101 - (djm) Pick up new version (2.2.0) from OpenBSD CVS
8b4a0d08 1102
0b65b628 110320000830
1104 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
10fa00c8 1105 - (djm) Periodically rekey arc4random
1106 - (djm) Clean up diff against OpenBSD.
bcbf86ec 1107 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
2b10f47a 1108 <stevesk@sweden.hp.com>
b33a2e6e 1109 - (djm) Quieten the pam delete credentials error message
44839801 1110 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
1111 Kevin Steves <stevesk@sweden.hp.com>
84a770d1 1112 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
7efa2776 1113 - (djm) Fix doh in bsd-arc4random.c
0b65b628 1114
9aaf9be4 111520000829
bcbf86ec 1116 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
1117 Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
9aaf9be4 1118 Garrick James <garrick@james.net>
b5f90139 1119 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
1120 Bastian Trompetter <btrompetter@firemail.de>
698d107e 1121 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
14a9a859 1122 - More OpenBSD updates:
1123 - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
1124 [scp.c]
1125 off_t in sink, to fix files > 2GB, i think, test is still running ;-)
1126 - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
1127 [session.c]
1128 Wall
1129 - markus@cvs.openbsd.org 2000/08/26 04:33:43
1130 [compat.c]
1131 ssh.com-2.3.0
1132 - markus@cvs.openbsd.org 2000/08/27 12:18:05
1133 [compat.c]
1134 compatibility with future ssh.com versions
1135 - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
1136 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
1137 print uid/gid as unsigned
1138 - markus@cvs.openbsd.org 2000/08/28 13:51:00
1139 [ssh.c]
1140 enable -n and -f for ssh2
1141 - markus@cvs.openbsd.org 2000/08/28 14:19:53
1142 [ssh.c]
1143 allow combination of -N and -f
1144 - markus@cvs.openbsd.org 2000/08/28 14:20:56
1145 [util.c]
1146 util.c
1147 - markus@cvs.openbsd.org 2000/08/28 14:22:02
1148 [util.c]
1149 undo
1150 - markus@cvs.openbsd.org 2000/08/28 14:23:38
1151 [util.c]
1152 don't complain if setting NONBLOCK fails with ENODEV
9aaf9be4 1153
137d7b6c 115420000823
1155 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
bcbf86ec 1156 Avoids "scp never exits" problem. Reports from Lutz Jaenicke
1157 <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
137d7b6c 1158 <kajiyama@grad.sccs.chukyo-u.ac.jp>
2e73a022 1159 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
da40ab4d 1160 - (djm) Add local version to version.h
ea788c22 1161 - (djm) Don't reseed arc4random everytime it is used
2e73a022 1162 - (djm) OpenBSD CVS updates:
1163 - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
1164 [ssh.c]
1165 accept remsh as a valid name as well; roman@buildpoint.com
1166 - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
1167 [deattack.c crc32.c packet.c]
1168 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
1169 libz crc32 function yet, because it has ugly "long"'s in it;
1170 oneill@cs.sfu.ca
1171 - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
1172 [scp.1 scp.c]
1173 -S prog support; tv@debian.org
1174 - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
1175 [scp.c]
1176 knf
1177 - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
1178 [log-client.c]
1179 shorten
1180 - markus@cvs.openbsd.org 2000/08/19 12:48:11
1181 [channels.c channels.h clientloop.c ssh.c ssh.h]
1182 support for ~. in ssh2
1183 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
1184 [crc32.h]
1185 proper prototype
1186 - markus@cvs.openbsd.org 2000/08/19 15:34:44
bcbf86ec 1187 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
1188 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
2e73a022 1189 [fingerprint.c fingerprint.h]
1190 add SSH2/DSA support to the agent and some other DSA related cleanups.
1191 (note that we cannot talk to ssh.com's ssh2 agents)
1192 - markus@cvs.openbsd.org 2000/08/19 15:55:52
1193 [channels.c channels.h clientloop.c]
1194 more ~ support for ssh2
1195 - markus@cvs.openbsd.org 2000/08/19 16:21:19
1196 [clientloop.c]
1197 oops
1198 - millert@cvs.openbsd.org 2000/08/20 12:25:53
1199 [session.c]
1200 We have to stash the result of get_remote_name_or_ip() before we
1201 close our socket or getpeername() will get EBADF and the process
1202 will exit. Only a problem for "UseLogin yes".
1203 - millert@cvs.openbsd.org 2000/08/20 12:30:59
1204 [session.c]
1205 Only check /etc/nologin if "UseLogin no" since login(1) may have its
1206 own policy on determining who is allowed to login when /etc/nologin
1207 is present. Also use the _PATH_NOLOGIN define.
1208 - millert@cvs.openbsd.org 2000/08/20 12:42:43
1209 [auth1.c auth2.c session.c ssh.c]
1210 Add calls to setusercontext() and login_get*(). We basically call
1211 setusercontext() in most places where previously we did a setlogin().
1212 Add default login.conf file and put root in the "daemon" login class.
1213 - millert@cvs.openbsd.org 2000/08/21 10:23:31
1214 [session.c]
1215 Fix incorrect PATH setting; noted by Markus.
137d7b6c 1216
c345cf9d 121720000818
1218 - (djm) OpenBSD CVS changes:
1219 - markus@cvs.openbsd.org 2000/07/22 03:14:37
1220 [servconf.c servconf.h sshd.8 sshd.c sshd_config]
1221 random early drop; ok theo, niels
1222 - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
1223 [ssh.1]
1224 typo
1225 - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
1226 [sshd.8]
1227 many fixes from pepper@mail.reppep.com
1228 - provos@cvs.openbsd.org 2000/08/01 13:01:42
1229 [Makefile.in util.c aux.c]
1230 rename aux.c to util.c to help with cygwin port
1231 - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
1232 [authfd.c]
1233 correct sun_len; Alexander@Leidinger.net
1234 - provos@cvs.openbsd.org 2000/08/02 10:27:17
1235 [readconf.c sshd.8]
1236 disable kerberos authentication by default
1237 - provos@cvs.openbsd.org 2000/08/02 11:27:05
1238 [sshd.8 readconf.c auth-krb4.c]
1239 disallow kerberos authentication if we can't verify the TGT; from
1240 dugsong@
1241 kerberos authentication is on by default only if you have a srvtab.
1242 - markus@cvs.openbsd.org 2000/08/04 14:30:07
1243 [auth.c]
1244 unused
1245 - markus@cvs.openbsd.org 2000/08/04 14:30:35
1246 [sshd_config]
1247 MaxStartups
1248 - markus@cvs.openbsd.org 2000/08/15 13:20:46
1249 [authfd.c]
1250 cleanup; ok niels@
1251 - markus@cvs.openbsd.org 2000/08/17 14:05:10
1252 [session.c]
1253 cleanup login(1)-like jobs, no duplicate utmp entries
1254 - markus@cvs.openbsd.org 2000/08/17 14:06:34
1255 [session.c sshd.8 sshd.c]
1256 sshd -u len, similar to telnetd
1a022229 1257 - (djm) Lastlog was not getting closed after writing login entry
39987cc0 1258 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
c345cf9d 1259
416ed5a7 126020000816
1261 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
bcbf86ec 1262 - (djm) Fix strerror replacement for old SunOS. Based on patch from
416ed5a7 1263 Charles Levert <charles@comm.polymtl.ca>
bcbf86ec 1264 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
416ed5a7 1265 implementation.
ba606eb2 1266 - (djm) SUN_LEN macro for systems which lack it
416ed5a7 1267
dbaa2e87 126820000815
1269 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
cd352c82 1270 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
1271 Michael Stone <mstone@cs.loyola.edu>
d93a7e5a 1272 - (djm) Don't seek in directory based lastlogs
bcbf86ec 1273 - (djm) Fix --with-ipaddr-display configure option test. Patch from
d93a7e5a 1274 Jarno Huuskonen <jhuuskon@messi.uku.fi>
2a2cb9e7 1275 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
dbaa2e87 1276
6c33bf70 127720000813
1278 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
1279 Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
1280
3fcce26c 128120000809
bcbf86ec 1282 - (djm) Define AIX hard limits if headers don't. Report from
3fcce26c 1283 Bill Painter <william.t.painter@lmco.com>
bcbf86ec 1284 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
32eec038 1285 <charles@comm.polymtl.ca>
3fcce26c 1286
71d43804 128720000808
1288 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
1289 time, spec file cleanup.
1290
f9bcea07 129120000807
378f2232 1292 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
47670e77 1293 - (djm) Suppress error messages on channel close shutdown() failurs
1294 works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
378f2232 1295 - (djm) Add some more entropy collection commands from Lutz Jaenicke
f9bcea07 1296
bcf89935 129720000725
1298 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
1299
4c8722d9 130020000721
1301 - (djm) OpenBSD CVS updates:
1302 - markus@cvs.openbsd.org 2000/07/16 02:27:22
1303 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
1304 [sshconnect1.c sshconnect2.c]
1305 make ssh-add accept dsa keys (the agent does not)
1306 - djm@cvs.openbsd.org 2000/07/17 19:25:02
1307 [sshd.c]
1308 Another closing of stdin; ok deraadt
1309 - markus@cvs.openbsd.org 2000/07/19 18:33:12
1310 [dsa.c]
1311 missing free, reorder
1312 - markus@cvs.openbsd.org 2000/07/20 16:23:14
1313 [ssh-keygen.1]
1314 document input and output files
1315
240777b8 131620000720
4c8722d9 1317 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
240777b8 1318
3c7def32 131920000716
4c8722d9 1320 - (djm) Release 2.1.1p4
3c7def32 1321
819b676f 132220000715
704b1659 1323 - (djm) OpenBSD CVS updates
1324 - provos@cvs.openbsd.org 2000/07/13 16:53:22
1325 [aux.c readconf.c servconf.c ssh.h]
1326 allow multiple whitespace but only one '=' between tokens, bug report from
1327 Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
1328 - provos@cvs.openbsd.org 2000/07/13 17:14:09
1329 [clientloop.c]
1330 typo; todd@fries.net
1331 - provos@cvs.openbsd.org 2000/07/13 17:19:31
1332 [scp.c]
1333 close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
1334 - markus@cvs.openbsd.org 2000/07/14 16:59:46
1335 [readconf.c servconf.c]
1336 allow leading whitespace. ok niels
1337 - djm@cvs.openbsd.org 2000/07/14 22:01:38
1338 [ssh-keygen.c ssh.c]
1339 Always create ~/.ssh with mode 700; ok Markus
819b676f 1340 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
1341 - Include floatingpoint.h for entropy.c
1342 - strerror replacement
704b1659 1343
3f7a7e4a 134420000712
c37fb3c1 1345 - (djm) Remove -lresolve for Reliant Unix
3f7a7e4a 1346 - (djm) OpenBSD CVS Updates:
1347 - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
1348 [session.c sshd.c ]
1349 make MaxStartups code still work with -d; djm
1350 - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
1351 [readconf.c ssh_config]
1352 disable FallBackToRsh by default
c37fb3c1 1353 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
1354 Ben Lindstrom <mouring@pconline.com>
1e970014 1355 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
1356 spec file.
dcb36e5d 1357 - (djm) Released 2.1.1p3
3f7a7e4a 1358
56118702 135920000711
1360 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
1361 <tbert@abac.com>
132dd316 1362 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
bcbf86ec 1363 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
c99e5056 1364 <mouring@pconline.com>
bcbf86ec 1365 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
dc2a6d09 1366 from Jim Watt <jimw@peisj.pebio.com>
2d9a148e 1367 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
1368 to compile on more platforms (incl NeXT).
cc6f2c4c 1369 - (djm) Added bsd-inet_aton and configure support for NeXT
aae19451 1370 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
089fbbd2 1371 - (djm) OpenBSD CVS updates:
1372 - markus@cvs.openbsd.org 2000/06/26 03:22:29
1373 [authfd.c]
1374 cleanup, less cut&paste
1375 - markus@cvs.openbsd.org 2000/06/26 15:59:19
1376 [servconf.c servconf.h session.c sshd.8 sshd.c]
bcbf86ec 1377 MaxStartups: limit number of unauthenticated connections, work by
089fbbd2 1378 theo and me
1379 - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
1380 [session.c]
1381 use no_x11_forwarding_flag correctly; provos ok
1382 - provos@cvs.openbsd.org 2000/07/05 15:35:57
1383 [sshd.c]
1384 typo
1385 - aaron@cvs.openbsd.org 2000/07/05 22:06:58
1386 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
bcbf86ec 1387 Insert more missing .El directives. Our troff really should identify
089fbbd2 1388 these and spit out a warning.
1389 - todd@cvs.openbsd.org 2000/07/06 21:55:04
1390 [auth-rsa.c auth2.c ssh-keygen.c]
1391 clean code is good code
1392 - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
1393 [serverloop.c]
1394 sense of port forwarding flag test was backwards
1395 - provos@cvs.openbsd.org 2000/07/08 17:17:31
1396 [compat.c readconf.c]
1397 replace strtok with strsep; from David Young <dyoung@onthejob.net>
1398 - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
1399 [auth.h]
1400 KNF
1401 - ho@cvs.openbsd.org 2000/07/08 19:27:33
1402 [compat.c readconf.c]
1403 Better conditions for strsep() ending.
1404 - ho@cvs.openbsd.org 2000/07/10 10:27:05
1405 [readconf.c]
1406 Get the correct message on errors. (niels@ ok)
1407 - ho@cvs.openbsd.org 2000/07/10 10:30:25
1408 [cipher.c kex.c servconf.c]
1409 strtok() --> strsep(). (niels@ ok)
5540ea9b 1410 - (djm) Fix problem with debug mode and MaxStartups
eb37534b 1411 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
1412 builds)
229f64ee 1413 - (djm) Add strsep function from OpenBSD libc for systems that lack it
56118702 1414
a8545c6c 141520000709
1416 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
1417 Kevin Steves <stevesk@sweden.hp.com>
ec90a7d6 1418 - (djm) Match prototype and function declaration for rresvport_af.
1419 Problem report from Niklas Edmundsson <nikke@ing.umu.se>
bcbf86ec 1420 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
732e8ac5 1421 builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
37f1df94 1422 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
1423 <jimw@peisj.pebio.com>
264dce47 1424 - (djm) Fix pam sprintf fix
1425 - (djm) Cleanup entropy collection code a little more. Split initialisation
1426 from seeding, perform intialisation immediatly at start, be careful with
1427 uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
5bf9cfe9 1428 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
1429 Including sigaction() et al. replacements
bcbf86ec 1430 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
eeec075f 1431 <tbert@abac.com>
a8545c6c 1432
e2902a5b 143320000708
bcbf86ec 1434 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
e2902a5b 1435 Aaron Hopkins <aaron@die.net>
7a33f831 1436 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
1437 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 1438 - (djm) Fixed undefined variables for OSF SIA. Report from
b3f162ba 1439 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
bcbf86ec 1440 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
b28e4a3b 1441 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
bcbf86ec 1442 - (djm) Don't use inet_addr.
e2902a5b 1443
5637650d 144420000702
1445 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
27494968 1446 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
1447 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
a4070484 1448 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
1449 Chris, the Young One <cky@pobox.com>
bcbf86ec 1450 - (djm) Fix scp progress meter on really wide terminals. Based on patch
88726b31 1451 from James H. Cloos Jr. <cloos@jhcloos.com>
5637650d 1452
388e9f9f 145320000701
1454 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
daaff4d5 1455 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
82258d68 1456 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
1457 <vinschen@cygnus.com>
30228d7c 1458 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
2647ae26 1459 - (djm) Added check for broken snprintf() functions which do not correctly
1460 terminate output string and attempt to use replacement.
46158300 1461 - (djm) Released 2.1.1p2
388e9f9f 1462
9f32ceb4 146320000628
1464 - (djm) Fixes to lastlog code for Irix
1465 - (djm) Use atomicio in loginrec
3206bb3b 1466 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
1467 Irix 6.x array sessions, project id's, and system audit trail id.
9e0c3e1f 1468 - (djm) Added 'distprep' make target to simplify packaging
bcbf86ec 1469 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
4d33e531 1470 support. Enable using "USE_SIA=1 ./configure [options]"
bcbf86ec 1471
d8caae24 147220000627
1473 - (djm) Fixes to login code - not setting li->uid, cleanups
a05a70ab 1474 - (djm) Formatting
d8caae24 1475
fe30cc2e 147620000626
3e98362e 1477 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
4cb5ffa0 1478 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
1479 - (djm) Added password expiry checking (no password change support)
be0b9bb7 1480 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
1481 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
b5b3f75d 1482 - (djm) Fix fixed EGD code.
3e98362e 1483 - OpenBSD CVS update
1484 - provos@cvs.openbsd.org 2000/06/25 14:17:58
1485 [channels.c]
1486 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
1487
1c04b088 148820000623
bcbf86ec 1489 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
1c04b088 1490 Svante Signell <svante.signell@telia.com>
1491 - (djm) Autoconf logic to define sa_family_t if it is missing
e5a0294f 1492 - OpenBSD CVS Updates:
1493 - markus@cvs.openbsd.org 2000/06/22 10:32:27
1494 [sshd.c]
1495 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
1496 - djm@cvs.openbsd.org 2000/06/22 17:55:00
1497 [auth-krb4.c key.c radix.c uuencode.c]
1498 Missing CVS idents; ok markus
1c04b088 1499
f528fdf2 150020000622
1501 - (djm) Automatically generate host key during "make install". Suggested
1502 by Gary E. Miller <gem@rellim.com>
1503 - (djm) Paranoia before kill() system call
74fc9186 1504 - OpenBSD CVS Updates:
1505 - markus@cvs.openbsd.org 2000/06/18 18:50:11
1506 [auth2.c compat.c compat.h sshconnect2.c]
1507 make userauth+pubkey interop with ssh.com-2.2.0
1508 - markus@cvs.openbsd.org 2000/06/18 20:56:17
1509 [dsa.c]
1510 mem leak + be more paranoid in dsa_verify.
1511 - markus@cvs.openbsd.org 2000/06/18 21:29:50
1512 [key.c]
1513 cleanup fingerprinting, less hardcoded sizes
1514 - markus@cvs.openbsd.org 2000/06/19 19:39:45
1515 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
1516 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
bcbf86ec 1517 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
74fc9186 1518 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
1519 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
bcbf86ec 1520 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
1521 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
74fc9186 1522 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
1523 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
1524 OpenBSD tag
1525 - markus@cvs.openbsd.org 2000/06/21 10:46:10
1526 sshconnect2.c missing free; nuke old comment
f528fdf2 1527
e5fe9a1f 152820000620
1529 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
986a22ec 1530 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
e5fe9a1f 1531 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
c03aced4 1532 - (djm) Typo in loginrec.c
e5fe9a1f 1533
cbd7492e 153420000618
1535 - (djm) Add summary of configure options to end of ./configure run
bcbf86ec 1536 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
cbd7492e 1537 Michael Stone <mstone@cs.loyola.edu>
bcbf86ec 1538 - (djm) rusage is a privileged operation on some Unices (incl.
cbd7492e 1539 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
bcbf86ec 1540 - (djm) Avoid PAM failures when running without a TTY. Report from
cbd7492e 1541 Martin Petrak <petrak@spsknm.schools.sk>
1542 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
1543 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
729bfe59 1544 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
38c295d6 1545 - OpenBSD CVS updates:
1546 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
1547 [channels.c]
1548 everyone says "nix it" (remove protocol 2 debugging message)
1549 - markus@cvs.openbsd.org 2000/06/17 13:24:34
1550 [sshconnect.c]
1551 allow extended server banners
1552 - markus@cvs.openbsd.org 2000/06/17 14:30:10
1553 [sshconnect.c]
1554 missing atomicio, typo
1555 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
1556 [servconf.c servconf.h session.c sshd.8 sshd_config]
1557 add support for ssh v2 subsystems. ok markus@.
1558 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
1559 [readconf.c servconf.c]
1560 include = in WHITESPACE; markus ok
1561 - markus@cvs.openbsd.org 2000/06/17 19:09:10
1562 [auth2.c]
1563 implement bug compatibility with ssh-2.0.13 pubkey, server side
1564 - markus@cvs.openbsd.org 2000/06/17 21:00:28
1565 [compat.c]
1566 initial support for ssh.com's 2.2.0
1567 - markus@cvs.openbsd.org 2000/06/17 21:16:09
1568 [scp.c]
1569 typo
1570 - markus@cvs.openbsd.org 2000/06/17 22:05:02
1571 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
1572 split auth-rsa option parsing into auth-options
1573 add options support to authorized_keys2
1574 - markus@cvs.openbsd.org 2000/06/17 22:42:54
1575 [session.c]
1576 typo
cbd7492e 1577
509b1f88 157820000613
1579 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
1580 - Platform define for SCO 3.x which breaks on /dev/ptmx
1581 - Detect and try to fix missing MAXPATHLEN
a4d05724 1582 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
1583 <P.S.S.Camp@ukc.ac.uk>
509b1f88 1584
09564242 158520000612
1586 - (djm) Glob manpages in RPM spec files to catch compressed files
1587 - (djm) Full license in auth-pam.c
08ae384f 1588 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
383207f7 1589 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
1590 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
1591 def'd
1592 - Set AIX to use preformatted manpages
bcbf86ec 1593
74b224a0 159420000610
1595 - (djm) Minor doc tweaks
217ab55e 1596 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
74b224a0 1597
32c80420 159820000609
1599 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
1600 (in favour of utmpx) on Solaris 8
1601
fa649821 160220000606
48c99b2c 1603 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
1604 list of commands (by default). Removed verbose debugging (by default).
bcbf86ec 1605 - (djm) Increased command entropy estimates and default entropy collection
48c99b2c 1606 timeout
f988dce5 1607 - (djm) Remove duplicate headers from loginrec.c
c5fa2eb0 1608 - (djm) Don't add /usr/local/lib to library search path on Irix
bcbf86ec 1609 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
fa649821 1610 <tibbs@math.uh.edu>
1e83f2a2 1611 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
1612 <zack@wolery.cumb.org>
fa649821 1613 - (djm) OpenBSD CVS updates:
1614 - todd@cvs.openbsd.org
1615 [sshconnect2.c]
1616 teach protocol v2 to count login failures properly and also enable an
1617 explanation of why the password prompt comes up again like v1; this is NOT
1618 crypto
bcbf86ec 1619 - markus@cvs.openbsd.org
fa649821 1620 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
1621 xauth_location support; pr 1234
1622 [readconf.c sshconnect2.c]
1623 typo, unused
1624 [session.c]
1625 allow use_login only for login sessions, otherwise remote commands are
1626 execed with uid==0
1627 [sshd.8]
1628 document UseLogin better
1629 [version.h]
1630 OpenSSH 2.1.1
1631 [auth-rsa.c]
bcbf86ec 1632 fix match_hostname() logic for auth-rsa: deny access if we have a
fa649821 1633 negative match or no match at all
1634 [channels.c hostfile.c match.c]
bcbf86ec 1635 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
fa649821 1636 kris@FreeBSD.org
1637
8e7b16f8 163820000606
bcbf86ec 1639 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
8e7b16f8 1640 configure.
1641
d7c0f3d5 164220000604
1643 - Configure tweaking for new login code on Irix 5.3
2d6c411f 1644 - (andre) login code changes based on djm feedback
d7c0f3d5 1645
2d6c411f 164620000603
1647 - (andre) New login code
1648 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
1649 - Add loginrec.[ch], logintest.c and autoconf code
bcbf86ec 1650
5daf7064 165120000531
1652 - Cleanup of auth.c, login.c and fake-*
1653 - Cleanup of auth-pam.c, save and print "account expired" error messages
e5662474 1654 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
69134b9b 1655 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
1656 of fallback DIY code.
5daf7064 1657
b9f446d1 165820000530
1659 - Define atexit for old Solaris
b02ebca1 1660 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
1661 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
71276795 1662 - OpenBSD CVS updates:
1663 - markus@cvs.openbsd.org
1664 [session.c]
1665 make x11-fwd work w/ localhost (xauth add host/unix:11)
1666 [cipher.c compat.c readconf.c servconf.c]
1667 check strtok() != NULL; ok niels@
1668 [key.c]
1669 fix key_read() for uuencoded keys w/o '='
1670 [serverloop.c]
1671 group ssh1 vs. ssh2 in serverloop
1672 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
1673 split kexinit/kexdh, factor out common code
1674 [readconf.c ssh.1 ssh.c]
1675 forwardagent defaults to no, add ssh -A
1676 - theo@cvs.openbsd.org
1677 [session.c]
1678 just some line shortening
60688ef9 1679 - Released 2.1.0p3
b9f446d1 1680
29611d9c 168120000520
1682 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
25422c70 1683 - Don't touch utmp if USE_UTMPX defined
a423beaf 1684 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
fc1e8bf4 1685 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
bcbf86ec 1686 - HPUX and Configure fixes from Lutz Jaenicke
fc1e8bf4 1687 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 1688 - Use mkinstalldirs script to make directories instead of non-portable
fc1e8bf4 1689 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a905808d 1690 - Doc cleanup
29611d9c 1691
301e9b01 169220000518
1693 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
1694 - OpenBSD CVS updates:
1695 - markus@cvs.openbsd.org
1696 [sshconnect.c]
1697 copy only ai_addrlen bytes; misiek@pld.org.pl
1698 [auth.c]
bcbf86ec 1699 accept an empty shell in authentication; bug reported by
301e9b01 1700 chris@tinker.ucr.edu
1701 [serverloop.c]
1702 we don't have stderr for interactive terminal sessions (fcntl errors)
1703
ad85db64 170420000517
1705 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
1706 - Fixes command line printing segfaults (spotter: Bladt Norbert)
1707 - Fixes erroneous printing of debug messages to syslog
1708 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
1709 - Gives useful error message if PRNG initialisation fails
1710 - Reduced ssh startup delay
1711 - Measures cumulative command time rather than the time between reads
704b1659 1712 after select()
ad85db64 1713 - 'fixprogs' perl script to eliminate non-working entropy commands, and
704b1659 1714 optionally run 'ent' to measure command entropy
c1ef8333 1715 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
a64009ad 1716 - Avoid WCOREDUMP complation errors for systems that lack it
bcbf86ec 1717 - Avoid SIGCHLD warnings from entropy commands
28c1d5ce 1718 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
0e73cc53 1719 - OpenBSD CVS update:
bcbf86ec 1720 - markus@cvs.openbsd.org
0e73cc53 1721 [ssh.c]
1722 fix usage()
1723 [ssh2.h]
1724 draft-ietf-secsh-architecture-05.txt
1725 [ssh.1]
1726 document ssh -T -N (ssh2 only)
1727 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
1728 enable nonblocking IO for sshd w/ proto 1, too; split out common code
1729 [aux.c]
1730 missing include
c04f75f1 1731 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
1732 - INSTALL typo and URL fix
1733 - Makefile fix
1734 - Solaris fixes
bcbf86ec 1735 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
c04f75f1 1736 <ksakai@kso.netwk.ntt-at.co.jp>
afa5ee68 1737 - RSAless operation patch from kevin_oconnor@standardandpoors.com
d45e3d76 1738 - Detect OpenSSL seperatly from RSA
bcbf86ec 1739 - Better test for RSA (more compatible with RSAref). Based on work by
d45e3d76 1740 Ed Eden <ede370@stl.rural.usda.gov>
ad85db64 1741
3d1a1654 174220000513
bcbf86ec 1743 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
3d1a1654 1744 <misiek@pld.org.pl>
1745
d02a3a00 174620000511
bcbf86ec 1747 - Fix for prng_seed permissions checking from Lutz Jaenicke
d02a3a00 1748 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3d1a1654 1749 - "make host-key" fix for Irix
d02a3a00 1750
d0c832f3 175120000509
1752 - OpenBSD CVS update
1753 - markus@cvs.openbsd.org
1754 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
1755 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
1756 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
1757 - hugh@cvs.openbsd.org
1758 [ssh.1]
1759 - zap typo
1760 [ssh-keygen.1]
1761 - One last nit fix. (markus approved)
1762 [sshd.8]
1763 - some markus certified spelling adjustments
1764 - markus@cvs.openbsd.org
1765 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
1766 [sshconnect2.c ]
1767 - bug compat w/ ssh-2.0.13 x11, split out bugs
1768 [nchan.c]
1769 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
1770 [ssh-keygen.c]
1771 - handle escapes in real and original key format, ok millert@
1772 [version.h]
1773 - OpenSSH-2.1
3dc1102e 1774 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
e93ee87a 1775 - Doc updates
bcbf86ec 1776 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
21e5304a 1777 by Andre Lucas <andre.lucas@dial.pipex.com>
d0c832f3 1778
ebdeb9a8 177920000508
1780 - Makefile and RPM spec fixes
1781 - Generate DSA host keys during "make key" or RPM installs
f6cde515 1782 - OpenBSD CVS update
1783 - markus@cvs.openbsd.org
1784 [clientloop.c sshconnect2.c]
1785 - make x11-fwd interop w/ ssh-2.0.13
1786 [README.openssh2]
1787 - interop w/ SecureFX
1788 - Release 2.0.0beta2
ebdeb9a8 1789
bcbf86ec 1790 - Configure caching and cleanup patch from Andre Lucas'
58d100bf 1791 <andre.lucas@dial.pipex.com>
1792
1d1ffb87 179320000507
1794 - Remove references to SSLeay.
1795 - Big OpenBSD CVS update
1796 - markus@cvs.openbsd.org
1797 [clientloop.c]
1798 - typo
1799 [session.c]
1800 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
1801 [session.c]
1802 - update proctitle for proto 1, too
1803 [channels.h nchan.c serverloop.c session.c sshd.c]
1804 - use c-style comments
1805 - deraadt@cvs.openbsd.org
1806 [scp.c]
1807 - more atomicio
bcbf86ec 1808 - markus@cvs.openbsd.org
1d1ffb87 1809 [channels.c]
1810 - set O_NONBLOCK
1811 [ssh.1]
1812 - update AUTHOR
1813 [readconf.c ssh-keygen.c ssh.h]
1814 - default DSA key file ~/.ssh/id_dsa
1815 [clientloop.c]
1816 - typo, rm verbose debug
1817 - deraadt@cvs.openbsd.org
1818 [ssh-keygen.1]
1819 - document DSA use of ssh-keygen
1820 [sshd.8]
1821 - a start at describing what i understand of the DSA side
1822 [ssh-keygen.1]
1823 - document -X and -x
1824 [ssh-keygen.c]
1825 - simplify usage
bcbf86ec 1826 - markus@cvs.openbsd.org
1d1ffb87 1827 [sshd.8]
1828 - there is no rhosts_dsa
1829 [ssh-keygen.1]
1830 - document -y, update -X,-x
1831 [nchan.c]
1832 - fix close for non-open ssh1 channels
1833 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
1834 - s/DsaKey/HostDSAKey/, document option
1835 [sshconnect2.c]
1836 - respect number_of_password_prompts
1837 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
1838 - GatewayPorts for sshd, ok deraadt@
1839 [ssh-add.1 ssh-agent.1 ssh.1]
1840 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
1841 [ssh.1]
1842 - more info on proto 2
1843 [sshd.8]
1844 - sync AUTHOR w/ ssh.1
1845 [key.c key.h sshconnect.c]
1846 - print key type when talking about host keys
1847 [packet.c]
1848 - clear padding in ssh2
1849 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
1850 - replace broken uuencode w/ libc b64_ntop
1851 [auth2.c]
1852 - log failure before sending the reply
1853 [key.c radix.c uuencode.c]
1854 - remote trailing comments before calling __b64_pton
1855 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
1856 [sshconnect2.c sshd.8]
1857 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
1858 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
1859
1a11e1ae 186020000502
0fbe8c74 1861 - OpenBSD CVS update
1862 [channels.c]
1863 - init all fds, close all fds.
1864 [sshconnect2.c]
1865 - check whether file exists before asking for passphrase
1866 [servconf.c servconf.h sshd.8 sshd.c]
1867 - PidFile, pr 1210
1868 [channels.c]
1869 - EINTR
1870 [channels.c]
1871 - unbreak, ok niels@
1872 [sshd.c]
1873 - unlink pid file, ok niels@
1874 [auth2.c]
1875 - Add missing #ifdefs; ok - markus
bcbf86ec 1876 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
d3083fbd 1877 gathering commands from a text file
1a11e1ae 1878 - Release 2.0.0beta1
1879
c4bc58eb 188020000501
1881 - OpenBSD CVS update
1882 [packet.c]
1883 - send debug messages in SSH2 format
3189621b 1884 [scp.c]
1885 - fix very rare EAGAIN/EINTR issues; based on work by djm
1886 [packet.c]
1887 - less debug, rm unused
1888 [auth2.c]
1889 - disable kerb,s/key in ssh2
1890 [sshd.8]
1891 - Minor tweaks and typo fixes.
1892 [ssh-keygen.c]
1893 - Put -d into usage and reorder. markus ok.
bcbf86ec 1894 - Include missing headers for OpenSSL tests. Fix from Phil Karn
44fb55e9 1895 <karn@ka9q.ampr.org>
bcbf86ec 1896 - Fixed __progname symbol collisions reported by Andre Lucas
3fd95d9a 1897 <andre.lucas@dial.pipex.com>
0d5f7abc 1898 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
1899 <gd@hilb1.medat.de>
8cb940db 1900 - Add some missing ifdefs to auth2.c
8af50c98 1901 - Deprecate perl-tk askpass.
52bcc044 1902 - Irix portability fixes - don't include netinet headers more than once
1903 - Make sure we don't save PRNG seed more than once
c4bc58eb 1904
2b763e31 190520000430
1906 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
b7a87eea 1907 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
1908 patch.
1909 - Adds timeout to entropy collection
1910 - Disables slow entropy sources
1911 - Load and save seed file
bcbf86ec 1912 - Changed entropy seed code to user per-user seeds only (server seed is
b7a87eea 1913 saved in root's .ssh directory)
1914 - Use atexit() and fatal cleanups to save seed on exit
0b242b12 1915 - More OpenBSD updates:
1916 [session.c]
1917 - don't call chan_write_failed() if we are not writing
1918 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
1919 - keysize warnings error() -> log()
2b763e31 1920
a306f2dd 192120000429
1922 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
1923 [README.openssh2]
1924 - interop w/ F-secure windows client
1925 - sync documentation
1926 - ssh_host_dsa_key not ssh_dsa_key
1927 [auth-rsa.c]
1928 - missing fclose
1929 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
1930 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
1931 [sshd.c uuencode.c uuencode.h authfile.h]
1932 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
1933 for trading keys with the real and the original SSH, directly from the
1934 people who invented the SSH protocol.
1935 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
1936 [sshconnect1.c sshconnect2.c]
1937 - split auth/sshconnect in one file per protocol version
1938 [sshconnect2.c]
1939 - remove debug
1940 [uuencode.c]
1941 - add trailing =
1942 [version.h]
1943 - OpenSSH-2.0
1944 [ssh-keygen.1 ssh-keygen.c]
1945 - add -R flag: exit code indicates if RSA is alive
1946 [sshd.c]
1947 - remove unused
1948 silent if -Q is specified
1949 [ssh.h]
1950 - host key becomes /etc/ssh_host_dsa_key
1951 [readconf.c servconf.c ]
1952 - ssh/sshd default to proto 1 and 2
1953 [uuencode.c]
1954 - remove debug
1955 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
1956 - xfree DSA blobs
1957 [auth2.c serverloop.c session.c]
1958 - cleanup logging for sshd/2, respect PasswordAuth no
1959 [sshconnect2.c]
1960 - less debug, respect .ssh/config
1961 [README.openssh2 channels.c channels.h]
bcbf86ec 1962 - clientloop.c session.c ssh.c
a306f2dd 1963 - support for x11-fwding, client+server
1964
0ac7199f 196520000421
1966 - Merge fix from OpenBSD CVS
1967 [ssh-agent.c]
1968 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
1969 via Debian bug #59926
18ba2aab 1970 - Define __progname in session.c if libc doesn't
1971 - Remove indentation on autoconf #include statements to avoid bug in
bcbf86ec 1972 DEC Tru64 compiler. Report and fix from David Del Piero
18ba2aab 1973 <David.DelPiero@qed.qld.gov.au>
0ac7199f 1974
e1b37056 197520000420
bcbf86ec 1976 - Make fixpaths work with perl4, patch from Andre Lucas
e1b37056 1977 <andre.lucas@dial.pipex.com>
9da5c3c9 1978 - Sync with OpenBSD CVS:
1979 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
1980 - pid_t
1981 [session.c]
1982 - remove bogus chan_read_failed. this could cause data
1983 corruption (missing data) at end of a SSH2 session.
4e577b89 1984 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
1985 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
1986 - Use vhangup to clean up Linux ttys
1987 - Force posix getopt processing on GNU libc systems
371ecff9 1988 - Debian bug #55910 - remove references to ssl(8) manpages
247f1a89 1989 - Debian bug #58031 - ssh_config lies about default cipher
e1b37056 1990
d6f24e45 199120000419
1992 - OpenBSD CVS updates
1993 [channels.c]
1994 - fix pr 1196, listen_port and port_to_connect interchanged
1995 [scp.c]
bcbf86ec 1996 - after completion, replace the progress bar ETA counter with a final
d6f24e45 1997 elapsed time; my idea, aaron wrote the patch
1998 [ssh_config sshd_config]
1999 - show 'Protocol' as an example, ok markus@
2000 [sshd.c]
2001 - missing xfree()
2002 - Add missing header to bsd-misc.c
2003
35484284 200420000416
2005 - Reduce diff against OpenBSD source
bcbf86ec 2006 - All OpenSSL includes are now unconditionally referenced as
35484284 2007 openssl/foo.h
2008 - Pick up formatting changes
2009 - Other minor changed (typecasts, etc) that I missed
2010
6ae2364d 201120000415
2012 - OpenBSD CVS updates.
2013 [ssh.1 ssh.c]
2014 - ssh -2
2015 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
2016 [session.c sshconnect.c]
2017 - check payload for (illegal) extra data
2018 [ALL]
2019 whitespace cleanup
2020
c323ac76 202120000413
2022 - INSTALL doc updates
f54651ce 2023 - Merged OpenBSD updates to include paths.
bcbf86ec 2024
a8be9f80 202520000412
2026 - OpenBSD CVS updates:
2027 - [channels.c]
2028 repair x11-fwd
2029 - [sshconnect.c]
2030 fix passwd prompt for ssh2, less debugging output.
2031 - [clientloop.c compat.c dsa.c kex.c sshd.c]
2032 less debugging output
2033 - [kex.c kex.h sshconnect.c sshd.c]
2034 check for reasonable public DH values
2035 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
2036 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
2037 add Cipher and Protocol options to ssh/sshd, e.g.:
2038 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
2039 arcfour,3des-cbc'
2040 - [sshd.c]
2041 print 1.99 only if server supports both
2042
18e92801 204320000408
2044 - Avoid some compiler warnings in fake-get*.c
2045 - Add IPTOS macros for systems which lack them
9d98aaf6 2046 - Only set define entropy collection macros if they are found
e78a59f5 2047 - More large OpenBSD CVS updates:
2048 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
2049 [session.h ssh.h sshd.c README.openssh2]
2050 ssh2 server side, see README.openssh2; enable with 'sshd -2'
2051 - [channels.c]
2052 no adjust after close
2053 - [sshd.c compat.c ]
2054 interop w/ latest ssh.com windows client.
bcbf86ec 2055
8ce64345 205620000406
2057 - OpenBSD CVS update:
2058 - [channels.c]
2059 close efd on eof
2060 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
2061 ssh2 client implementation, interops w/ ssh.com and lsh servers.
2062 - [sshconnect.c]
2063 missing free.
2064 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
2065 remove unused argument, split cipher_mask()
2066 - [clientloop.c]
2067 re-order: group ssh1 vs. ssh2
2068 - Make Redhat spec require openssl >= 0.9.5a
2069
e7627112 207020000404
2071 - Add tests for RAND_add function when searching for OpenSSL
7e7327a1 2072 - OpenBSD CVS update:
2073 - [packet.h packet.c]
2074 ssh2 packet format
2075 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
2076 [channels.h channels.c]
2077 channel layer support for ssh2
2078 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
2079 DSA, keyexchange, algorithm agreement for ssh2
6c081128 2080 - Generate manpages before make install not at the end of make all
2081 - Don't seed the rng quite so often
2082 - Always reseed rng when requested
e7627112 2083
bfc9a610 208420000403
2085 - Wrote entropy collection routines for systems that lack /dev/random
2086 and EGD
837c30b8 2087 - Disable tests and typedefs for 64 bit types. They are currently unused.
bfc9a610 2088
7368a6c8 208920000401
2090 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
2091 - [auth.c session.c sshd.c auth.h]
2092 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
2093 - [bufaux.c bufaux.h]
2094 support ssh2 bignums
2095 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
2096 [readconf.c ssh.c ssh.h serverloop.c]
2097 replace big switch() with function tables (prepare for ssh2)
2098 - [ssh2.h]
2099 ssh2 message type codes
2100 - [sshd.8]
2101 reorder Xr to avoid cutting
2102 - [serverloop.c]
2103 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
2104 - [channels.c]
2105 missing close
2106 allow bigger packets
2107 - [cipher.c cipher.h]
2108 support ssh2 ciphers
2109 - [compress.c]
2110 cleanup, less code
2111 - [dispatch.c dispatch.h]
2112 function tables for different message types
2113 - [log-server.c]
2114 do not log() if debuggin to stderr
2115 rename a cpp symbol, to avoid param.h collision
2116 - [mpaux.c]
2117 KNF
2118 - [nchan.c]
2119 sync w/ channels.c
2120
f5238bee 212120000326
2122 - Better tests for OpenSSL w/ RSAref
bcbf86ec 2123 - Added replacement setenv() function from OpenBSD libc. Suggested by
f5238bee 2124 Ben Lindstrom <mouring@pconline.com>
4fe2af09 2125 - OpenBSD CVS update
2126 - [auth-krb4.c]
2127 -Wall
2128 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
2129 [match.h ssh.c ssh.h sshconnect.c sshd.c]
2130 initial support for DSA keys. ok deraadt@, niels@
2131 - [cipher.c cipher.h]
2132 remove unused cipher_attack_detected code
2133 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
2134 Fix some formatting problems I missed before.
2135 - [ssh.1 sshd.8]
2136 fix spelling errors, From: FreeBSD
2137 - [ssh.c]
2138 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
f5238bee 2139
0024a081 214020000324
2141 - Released 1.2.3
2142
bd499f9e 214320000317
2144 - Clarified --with-default-path option.
2145 - Added -blibpath handling for AIX to work around stupid runtime linking.
2146 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
986a22ec 2147 <jmknoble@jmknoble.cx>
474b5fef 2148 - Checks for 64 bit int types. Problem report from Mats Fredholm
2149 <matsf@init.se>
610cd5c6 2150 - OpenBSD CVS updates:
bcbf86ec 2151 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
610cd5c6 2152 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
2153 [sshd.c]
2154 pedantic: signed vs. unsigned, void*-arithm, etc
2155 - [ssh.1 sshd.8]
2156 Various cleanups and standardizations.
bcbf86ec 2157 - Runtime error fix for HPUX from Otmar Stahl
be48d23c 2158 <O.Stahl@lsw.uni-heidelberg.de>
bd499f9e 2159
4696775a 216020000316
bcbf86ec 2161 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
4696775a 2162 Hesprich <dghespri@sprintparanet.com>
d423d822 2163 - Propogate LD through to Makefile
b7a9ce47 2164 - Doc cleanups
2ba2a610 2165 - Added blurb about "scp: command not found" errors to UPGRADING
4696775a 2166
cb0b7ea4 216720000315
2168 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
2169 problems with gcc/Solaris.
bcbf86ec 2170 - Don't free argument to putenv() after use (in setenv() replacement).
db55a3ea 2171 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
bcbf86ec 2172 - Created contrib/ subdirectory. Included helpers from Phil Hands'
13652e52 2173 Debian package, README file and chroot patch from Ricardo Cerqueira
2174 <rmcc@clix.pt>
bcbf86ec 2175 - Moved gnome-ssh-askpass.c to contrib directory and removed config
13652e52 2176 option.
2177 - Slight cleanup to doc files
b14b2ae7 2178 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
cb0b7ea4 2179
a8ed9fd9 218020000314
bcbf86ec 2181 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
a8ed9fd9 2182 peter@frontierflying.com
84afc958 2183 - Include /usr/local/include and /usr/local/lib for systems that don't
2184 do it themselves
2185 - -R/usr/local/lib for Solaris
2186 - Fix RSAref detection
2187 - Fix IN6_IS_ADDR_V4MAPPED macro
a8ed9fd9 2188
bcf36c78 218920000311
2190 - Detect RSAref
43e48848 2191 - OpenBSD CVS change
2192 [sshd.c]
2193 - disallow guessing of root password
867dbf40 2194 - More configure fixes
80faa19f 2195 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
bcf36c78 2196
c8d54615 219720000309
2198 - OpenBSD CVS updates to v1.2.3
704b1659 2199 [ssh.h atomicio.c]
2200 - int atomicio -> ssize_t (for alpha). ok deraadt@
2201 [auth-rsa.c]
2202 - delay MD5 computation until client sends response, free() early, cleanup.
2203 [cipher.c]
2204 - void* -> unsigned char*, ok niels@
2205 [hostfile.c]
2206 - remove unused variable 'len'. fix comments.
2207 - remove unused variable
2208 [log-client.c log-server.c]
2209 - rename a cpp symbol, to avoid param.h collision
2210 [packet.c]
2211 - missing xfree()
2212 - getsockname() requires initialized tolen; andy@guildsoftware.com
2213 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
2214 from Holger.Trapp@Informatik.TU-Chemnitz.DE
2215 [pty.c pty.h]
bcbf86ec 2216 - register cleanup for pty earlier. move code for pty-owner handling to
c8d54615 2217 pty.c ok provos@, dugsong@
704b1659 2218 [readconf.c]
2219 - turn off x11-fwd for the client, too.
2220 [rsa.c]
2221 - PKCS#1 padding
2222 [scp.c]
2223 - allow '.' in usernames; from jedgar@fxp.org
2224 [servconf.c]
2225 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
2226 - sync with sshd_config
2227 [ssh-keygen.c]
2228 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
2229 [ssh.1]
2230 - Change invalid 'CHAT' loglevel to 'VERBOSE'
2231 [ssh.c]
2232 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
2233 - turn off x11-fwd for the client, too.
2234 [sshconnect.c]
2235 - missing xfree()
2236 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
2237 - read error vs. "Connection closed by remote host"
2238 [sshd.8]
2239 - ie. -> i.e.,
2240 - do not link to a commercial page..
2241 - sync with sshd_config
2242 [sshd.c]
2243 - no need for poll.h; from bright@wintelcom.net
2244 - log with level log() not fatal() if peer behaves badly.
2245 - don't panic if client behaves strange. ok deraadt@
2246 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
2247 - delay close() of pty until the pty has been chowned back to root
2248 - oops, fix comment, too.
2249 - missing xfree()
2250 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
2251 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
bcbf86ec 2252 - register cleanup for pty earlier. move code for pty-owner handling to
704b1659 2253 pty.c ok provos@, dugsong@
2254 - create x11 cookie file
2255 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
2256 - version 1.2.3
c8d54615 2257 - Cleaned up
bcbf86ec 2258 - Removed warning workaround for Linux and devpts filesystems (no longer
d8223847 2259 required after OpenBSD updates)
c8d54615 2260
07055445 226120000308
2262 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
2263
226420000307
2265 - Released 1.2.2p1
2266
9c8c3fc6 226720000305
2268 - Fix DEC compile fix
54096dcc 2269 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
aa6bd60a 2270 - Check for getpagesize in libucb.a if not found in libc. Fix for old
2271 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 2272 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
9fc7867e 2273 Mate Wierdl <mw@moni.msci.memphis.edu>
9c8c3fc6 2274
6bf4d066 227520000303
2276 - Added "make host-key" target, Suggestion from Dominik Brettnacher
2277 <domi@saargate.de>
bcbf86ec 2278 - Don't permanently fail on bind() if getaddrinfo has more choices left for
16218745 2279 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
2280 Miskiewicz <misiek@pld.org.pl>
22fa590f 2281 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
2282 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
6bf4d066 2283
a0391976 228420000302
2285 - Big cleanup of autoconf code
2286 - Rearranged to be a little more logical
2287 - Added -R option for Solaris
2288 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
2289 to detect library and header location _and_ ensure library has proper
2290 RSA support built in (this is a problem with OpenSSL 0.9.5).
817175bc 2291 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
0a1718dc 2292 - Avoid warning message with Unix98 ptys
bcbf86ec 2293 - Warning was valid - possible race condition on PTYs. Avoided using
3276571c 2294 platform-specific code.
2295 - Document some common problems
bcbf86ec 2296 - Allow root access to any key. Patch from
81eef326 2297 markus.friedl@informatik.uni-erlangen.de
a0391976 2298
f55afe71 229920000207
2300 - Removed SOCKS code. Will support through a ProxyCommand.
2301
d07d1c58 230220000203
2303 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
d581b7ae 2304 - Add --with-ssl-dir option
d07d1c58 2305
9d5f374b 230620000202
bcbf86ec 2307 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
9d5f374b 2308 <jmd@aoe.vt.edu>
6b1f3fdb 2309 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 2310 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
6b1f3fdb 2311 <haruyama@nt.phys.s.u-tokyo.ac.jp>
9d5f374b 2312
bc8c2601 231320000201
2314 - Use socket pairs by default (instead of pipes). Prevents race condition
2315 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
2316
69c76614 231720000127
2318 - Seed OpenSSL's random number generator before generating RSA keypairs
2319 - Split random collector into seperate file
aaf2abd7 2320 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
69c76614 2321
f9507c24 232220000126
2323 - Released 1.2.2 stable
2324
bcbf86ec 2325 - NeXT keeps it lastlog in /usr/adm. Report from
f9507c24 2326 mouring@newton.pconline.com
bcbf86ec 2327 - Added note in UPGRADING re interop with commercial SSH using idea.
986a22ec 2328 Report from Jim Knoble <jmknoble@jmknoble.cx>
587120ad 2329 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
2330 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
f9507c24 2331
bfae20ad 233220000125
bcbf86ec 2333 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
bfae20ad 2334 <andre.lucas@dial.pipex.com>
07b0cb78 2335 - Reorder PAM initialisation so it does not mess up lastlog. Reported
2336 by Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 2337 - Use preformatted manpages on SCO, report from Gary E. Miller
9755cbdb 2338 <gem@rellim.com>
2339 - New URL for x11-ssh-askpass.
bcbf86ec 2340 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
986a22ec 2341 <jmknoble@jmknoble.cx>
bcbf86ec 2342 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
986a22ec 2343 Jim Knoble <jmknoble@jmknoble.cx>
ff8ecdb8 2344 - Updated RPM spec files to use DESTDIR
bfae20ad 2345
bb58aa4b 234620000124
2347 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
2348 increment)
2349
d45317d8 235020000123
2351 - OpenBSD CVS:
2352 - [packet.c]
2353 getsockname() requires initialized tolen; andy@guildsoftware.com
bcbf86ec 2354 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
4c40f834 2355 <drankin@bohemians.lexington.ky.us>
12aa90af 2356 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
d45317d8 2357
e844f761 235820000122
2359 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
2360 <bent@clark.net>
c54a6257 2361 - Merge preformatted manpage patch from Andre Lucas
2362 <andre.lucas@dial.pipex.com>
8eb34e02 2363 - Make IPv4 use the default in RPM packages
2364 - Irix uses preformatted manpages
1e64903d 2365 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
2366 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
9bc5ddfe 2367 - OpenBSD CVS updates:
2368 - [packet.c]
2369 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
2370 from Holger.Trapp@Informatik.TU-Chemnitz.DE
2371 - [sshd.c]
2372 log with level log() not fatal() if peer behaves badly.
2373 - [readpass.c]
bcbf86ec 2374 instead of blocking SIGINT, catch it ourselves, so that we can clean
2375 the tty modes up and kill ourselves -- instead of our process group
2376 leader (scp, cvs, ...) going away and leaving us in noecho mode.
9bc5ddfe 2377 people with cbreak shells never even noticed..
399d9d44 2378 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
2379 ie. -> i.e.,
e844f761 2380
4c8ef3fb 238120000120
2382 - Don't use getaddrinfo on AIX
7b2ea3a1 2383 - Update to latest OpenBSD CVS:
2384 - [auth-rsa.c]
2385 - fix user/1056, sshd keeps restrictions; dbt@meat.net
2386 - [sshconnect.c]
2387 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
2388 - destroy keys earlier
bcbf86ec 2389 - split key exchange (kex) and user authentication (user-auth),
d468fc76 2390 ok: provos@
7b2ea3a1 2391 - [sshd.c]
2392 - no need for poll.h; from bright@wintelcom.net
2393 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
bcbf86ec 2394 - split key exchange (kex) and user authentication (user-auth),
d468fc76 2395 ok: provos@
f3bba493 2396 - Big manpage and config file cleanup from Andre Lucas
2397 <andre.lucas@dial.pipex.com>
5f4fdfae 2398 - Re-added latest (unmodified) OpenBSD manpages
47f9a56a 2399 - Doc updates
d468fc76 2400 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
2401 Christos Zoulas <christos@netbsd.org>
4c8ef3fb 2402
082bbfb3 240320000119
20af321f 2404 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
082bbfb3 2405 - Compile fix from Darren_Hall@progressive.com
59e76f33 2406 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
2407 addresses using getaddrinfo(). Added a configure switch to make the
2408 default lookup mode AF_INET
082bbfb3 2409
a63a7f37 241020000118
2411 - Fixed --with-pid-dir option
51a6baf8 2412 - Makefile fix from Gary E. Miller <gem@rellim.com>
bcbf86ec 2413 - Compile fix for HPUX and Solaris from Andre Lucas
976f7e19 2414 <andre.lucas@dial.pipex.com>
a63a7f37 2415
f914c7fb 241620000117
2417 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
2418 port, ignore EINVAL errors (Linux) when searching for free port.
bcbf86ec 2419 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
de93b046 2420 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
9b363e1c 2421 - Document location of Redhat PAM file in INSTALL.
bcbf86ec 2422 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
2423 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
f4a7cf29 2424 deliver (no IPv6 kernel support)
80a44451 2425 - Released 1.2.1pre27
f914c7fb 2426
f4a7cf29 2427 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
bcbf86ec 2428 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
cf8ad170 2429 <jhuuskon@hytti.uku.fi>
bcbf86ec 2430 - Fix hang on logout if processes are still using the pty. Needs
691a8a9f 2431 further testing.
5957fd29 2432 - Patch from Christos Zoulas <christos@zoulas.com>
2433 - Try $prefix first when looking for OpenSSL.
2434 - Include sys/types.h when including sys/socket.h in test programs
bcbf86ec 2435 - Substitute PID directory in sshd.8. Suggestion from Andrew
19d9ac2a 2436 Stribblehill <a.d.stribblehill@durham.ac.uk>
f4a7cf29 2437
47e45e44 243820000116
2439 - Renamed --with-xauth-path to --with-xauth
2440 - Added --with-pid-dir option
2441 - Released 1.2.1pre26
2442
a82ef8ae 2443 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
bcbf86ec 2444 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
66be05a1 2445 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
a82ef8ae 2446
5cdfe03f 244720000115
2448 - Add --with-xauth-path configure directive and explicit test for
bcbf86ec 2449 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
5cdfe03f 2450 Nordby <anders@fix.no>
bcbf86ec 2451 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
5cdfe03f 2452 openpty. Report from John Seifarth <john@waw.be>
2453 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
bcbf86ec 2454 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
5cdfe03f 2455 <gem@rellim.com>
2456 - Use __snprintf and __vnsprintf if they are found where snprintf and
2457 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
2458 and others.
2459
48e671d5 246020000114
2461 - Merged OpenBSD IPv6 patch:
2462 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
2463 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
2464 [hostfile.c sshd_config]
2465 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
bcbf86ec 2466 features: sshd allows multiple ListenAddress and Port options. note
2467 that libwrap is not IPv6-ready. (based on patches from
48e671d5 2468 fujiwara@rcac.tdi.co.jp)
2469 - [ssh.c canohost.c]
bcbf86ec 2470 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
48e671d5 2471 from itojun@
2472 - [channels.c]
2473 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
2474 - [packet.h]
2475 allow auth-kerberos for IPv4 only
2476 - [scp.1 sshd.8 servconf.h scp.c]
2477 document -4, -6, and 'ssh -L 2022/::1/22'
2478 - [ssh.c]
bcbf86ec 2479 'ssh @host' is illegal (null user name), from
48e671d5 2480 karsten@gedankenpolizei.de
2481 - [sshconnect.c]
2482 better error message
2483 - [sshd.c]
2484 allow auth-kerberos for IPv4 only
2485 - Big IPv6 merge:
2486 - Cleanup overrun in sockaddr copying on RHL 6.1
2487 - Replacements for getaddrinfo, getnameinfo, etc based on versions
2488 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
2489 - Replacement for missing structures on systems that lack IPv6
2490 - record_login needed to know about AF_INET6 addresses
2491 - Borrowed more code from OpenBSD: rresvport_af and requisites
2492
2598df62 249320000110
2494 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
2495
b8a0310d 249620000107
2497 - New config.sub and config.guess to fix problems on SCO. Supplied
2498 by Gary E. Miller <gem@rellim.com>
b6a98a85 2499 - SCO build fix from Gary E. Miller <gem@rellim.com>
2598df62 2500 - Released 1.2.1pre25
b8a0310d 2501
dfb95100 250220000106
2503 - Documentation update & cleanup
2504 - Better KrbIV / AFS detection, based on patch from:
2505 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
2506
b9795b89 250720000105
bcbf86ec 2508 - Fixed annoying DES corruption problem. libcrypt has been
b9795b89 2509 overriding symbols in libcrypto. Removed libcrypt and crypt.h
2510 altogether (libcrypto includes its own crypt(1) replacement)
2511 - Added platform-specific rules for Irix 6.x. Included warning that
2512 they are untested.
2513
a1ec4d79 251420000103
2515 - Add explicit make rules for files proccessed by fixpaths.
bcbf86ec 2516 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
a1ec4d79 2517 <tnh@kondara.org>
bcbf86ec 2518 - Removed "nullok" directive from default PAM configuration files.
2519 Added information on enabling EmptyPasswords on openssh+PAM in
607d73e6 2520 UPGRADING file.
e02735bb 2521 - OpenBSD CVS updates
2522 - [ssh-agent.c]
bcbf86ec 2523 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
e02735bb 2524 dgaudet@arctic.org
2525 - [sshconnect.c]
2526 compare correct version for 1.3 compat mode
a1ec4d79 2527
93c7f644 252820000102
2529 - Prevent multiple inclusion of config.h and defines.h. Suggested
2530 by Andre Lucas <andre.lucas@dial.pipex.com>
2531 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
2532 <dgaudet@arctic.org>
2533
76b8607f 253419991231
bcbf86ec 2535 - Fix password support on systems with a mixture of shadowed and
2536 non-shadowed passwords (e.g. NIS). Report and fix from
76b8607f 2537 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 2538 - Fix broken autoconf typedef detection. Report from Marc G.
723221b5 2539 Fournier <marc.fournier@acadiau.ca>
b92964b7 2540 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
2541 <Franz.Sirl-kernel@lauterbach.com>
bcbf86ec 2542 - Prevent typedefs from being compiled more than once. Report from
a6ddc88b 2543 Marc G. Fournier <marc.fournier@acadiau.ca>
4811cc0b 2544 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
2545 <iretd@bigfoot.com>
bcbf86ec 2546 - Really fix broken default path. Fix from Jim Knoble
986a22ec 2547 <jmknoble@jmknoble.cx>
ae3a3d31 2548 - Remove test for quad_t. No longer needed.
76a8e733 2549 - Released 1.2.1pre24
2550
2551 - Added support for directory-based lastlogs
2552 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
76b8607f 2553
13f825f4 255419991230
2555 - OpenBSD CVS updates:
2556 - [auth-passwd.c]
2557 check for NULL 1st
bcbf86ec 2558 - Removed most of the pam code into its own file auth-pam.[ch]. This
a5c9cd31 2559 cleaned up sshd.c up significantly.
bcbf86ec 2560 - PAM authentication was incorrectly interpreting
76b8607f 2561 "PermitRootLogin without-password". Report from Matthias Andree
2562 <ma@dt.e-technik.uni-dortmund.de
a5c9cd31 2563 - Several other cleanups
0bc5b6fb 2564 - Merged Dante SOCKS support patch from David Rankin
2565 <drankin@bohemians.lexington.ky.us>
2566 - Updated documentation with ./configure options
76b8607f 2567 - Released 1.2.1pre23
13f825f4 2568
c73a0cb5 256919991229
bcbf86ec 2570 - Applied another NetBSD portability patch from David Rankin
c73a0cb5 2571 <drankin@bohemians.lexington.ky.us>
2572 - Fix --with-default-path option.
bcbf86ec 2573 - Autodetect perl, patch from David Rankin
a0f84251 2574 <drankin@bohemians.lexington.ky.us>
bcbf86ec 2575 - Print whether OpenSSH was compiled with RSARef, patch from
0a2ff95d 2576 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
bcbf86ec 2577 - Calls to pam_setcred, patch from Nalin Dahyabhai
f91bacbd 2578 <nalin@thermo.stat.ncsu.edu>
e3a93db0 2579 - Detect missing size_t and typedef it.
5ab44a92 2580 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
2581 - Minor Makefile cleaning
c73a0cb5 2582
b6019d68 258319991228
2584 - Replacement for getpagesize() for systems which lack it
bcbf86ec 2585 - NetBSD login.c compile fix from David Rankin
70e0115b 2586 <drankin@bohemians.lexington.ky.us>
2587 - Fully set ut_tv if present in utmp or utmpx
d94aa2ae 2588 - Portability fixes for Irix 5.3 (now compiles OK!)
2589 - autoconf and other misc cleanups
ea1970a3 2590 - Merged AIX patch from Darren Hall <dhall@virage.org>
2591 - Cleaned up defines.h
fa9a2dd6 2592 - Released 1.2.1pre22
b6019d68 2593
d2dcff5f 259419991227
2595 - Automatically correct paths in manpages and configuration files. Patch
2596 and script from Andre Lucas <andre.lucas@dial.pipex.com>
2597 - Removed credits from README to CREDITS file, updated.
cb807f40 2598 - Added --with-default-path to specify custom path for server
2599 - Removed #ifdef trickery from acconfig.h into defines.h
36a5b38e 2600 - PAM bugfix. PermitEmptyPassword was being ignored.
2601 - Fixed PAM config files to allow empty passwords if server does.
2602 - Explained spurious PAM auth warning workaround in UPGRADING
21feb5fa 2603 - Use last few chars of tty line as ut_id
5a7794be 2604 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
00e6dd70 2605 - OpenBSD CVS updates:
2606 - [packet.h auth-rhosts.c]
2607 check format string for packet_disconnect and packet_send_debug, too
2608 - [channels.c]
2609 use packet_get_maxsize for channels. consistence.
d2dcff5f 2610
f74efc8d 261119991226
2612 - Enabled utmpx support by default for Solaris
2613 - Cleanup sshd.c PAM a little more
986a22ec 2614 - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
bc7ea646 2615 X11 ssh-askpass program.
20c43d8c 2616 - Disable logging of PAM success and failures, PAM is verbose enough.
bcbf86ec 2617 Unfortunatly there is currently no way to disable auth failure
2618 messages. Mention this in UPGRADING file and sent message to PAM
20c43d8c 2619 developers
83b7f649 2620 - OpenBSD CVS update:
2621 - [ssh-keygen.1 ssh.1]
bcbf86ec 2622 remove ref to .ssh/random_seed, mention .ssh/environment in
83b7f649 2623 .Sh FILES, too
72251cb6 2624 - Released 1.2.1pre21
bcbf86ec 2625 - Fixed implicit '.' in default path, report from Jim Knoble
986a22ec 2626 <jmknoble@jmknoble.cx>
2627 - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
f74efc8d 2628
f498ed15 262919991225
2630 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
2631 - Cleanup of auth-passwd.c for shadow and MD5 passwords
2632 - Cleanup and bugfix of PAM authentication code
f74efc8d 2633 - Released 1.2.1pre20
2634
2635 - Merged fixes from Ben Taylor <bent@clark.net>
2636 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
2637 - Disabled logging of PAM password authentication failures when password
2638 is empty. (e.g start of authentication loop). Reported by Naz
2639 <96na@eng.cam.ac.uk>)
f498ed15 2640
264119991223
bcbf86ec 2642 - Merged later HPUX patch from Andre Lucas
f498ed15 2643 <andre.lucas@dial.pipex.com>
2644 - Above patch included better utmpx support from Ben Taylor
f74efc8d 2645 <bent@clark.net>
f498ed15 2646
eef6f7e9 264719991222
bcbf86ec 2648 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
eef6f7e9 2649 <pope@netguide.dk>
ae28776a 2650 - Fix login.c breakage on systems which lack ut_host in struct
2651 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
eef6f7e9 2652
a7effaac 265319991221
bcbf86ec 2654 - Integration of large HPUX patch from Andre Lucas
2655 <andre.lucas@dial.pipex.com>. Integrating it had a few other
a7effaac 2656 benefits:
2657 - Ability to disable shadow passwords at configure time
2658 - Ability to disable lastlog support at configure time
2659 - Support for IP address in $DISPLAY
ae2f7af7 2660 - OpenBSD CVS update:
2661 - [sshconnect.c]
2662 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
59dd7a31 2663 - Fix DISABLE_SHADOW support
2664 - Allow MD5 passwords even if shadow passwords are disabled
16034de9 2665 - Release 1.2.1pre19
a7effaac 2666
3f1d9bcd 266719991218
bcbf86ec 2668 - Redhat init script patch from Chun-Chung Chen
3f1d9bcd 2669 <cjj@u.washington.edu>
7e1c2490 2670 - Avoid breakage on systems without IPv6 headers
3f1d9bcd 2671
60d804c8 267219991216
bcbf86ec 2673 - Makefile changes for Solaris from Peter Kocks
60d804c8 2674 <peter.kocks@baygate.com>
89cafde6 2675 - Minor updates to docs
2676 - Merged OpenBSD CVS changes:
2677 - [authfd.c ssh-agent.c]
2678 keysize warnings talk about identity files
2679 - [packet.c]
2680 "Connection closed by x.x.x.x": fatal() -> log()
bcbf86ec 2681 - Correctly handle empty passwords in shadow file. Patch from:
c9d323f0 2682 "Chris, the Young One" <cky@pobox.com>
2683 - Released 1.2.1pre18
60d804c8 2684
7dc6fc6d 268519991215
2686 - Integrated patchs from Juergen Keil <jk@tools.de>
2687 - Avoid void* pointer arithmatic
2688 - Use LDFLAGS correctly
68227e6d 2689 - Fix SIGIO error in scp
2690 - Simplify status line printing in scp
bcbf86ec 2691 - Added better test for inline functions compiler support from
906a2515 2692 Darren_Hall@progressive.com
7dc6fc6d 2693
95f1eccc 269419991214
2695 - OpenBSD CVS Changes
2696 - [canohost.c]
bcbf86ec 2697 fix get_remote_port() and friends for sshd -i;
95f1eccc 2698 Holger.Trapp@Informatik.TU-Chemnitz.DE
2699 - [mpaux.c]
2700 make code simpler. no need for memcpy. niels@ ok
2701 - [pty.c]
2702 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
2703 fix proto; markus
2704 - [ssh.1]
2705 typo; mark.baushke@solipsa.com
2706 - [channels.c ssh.c ssh.h sshd.c]
2707 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
2708 - [sshconnect.c]
2709 move checking of hostkey into own function.
2710 - [version.h]
2711 OpenSSH-1.2.1
884bcb37 2712 - Clean up broken includes in pty.c
7303768f 2713 - Some older systems don't have poll.h, they use sys/poll.h instead
2714 - Doc updates
95f1eccc 2715
847e8865 271619991211
bcbf86ec 2717 - Fix compilation on systems with AFS. Reported by
847e8865 2718 aloomis@glue.umd.edu
bcbf86ec 2719 - Fix installation on Solaris. Reported by
847e8865 2720 Gordon Rowell <gordonr@gormand.com.au>
2721 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
2722 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
2723 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
2724 - Compile fix from David Agraz <dagraz@jahoopa.com>
2725 - Avoid compiler warning in bsd-snprintf.c
bcbf86ec 2726 - Added pam_limits.so to default PAM config. Suggested by
986a22ec 2727 Jim Knoble <jmknoble@jmknoble.cx>
847e8865 2728
8946db53 272919991209
2730 - Import of patch from Ben Taylor <bent@clark.net>:
2731 - Improved PAM support
2732 - "uninstall" rule for Makefile
2733 - utmpx support
2734 - Should fix PAM problems on Solaris
2d86a6cc 2735 - OpenBSD CVS updates:
2736 - [readpass.c]
2737 avoid stdio; based on work by markus, millert, and I
2738 - [sshd.c]
2739 make sure the client selects a supported cipher
2740 - [sshd.c]
bcbf86ec 2741 fix sighup handling. accept would just restart and daemon handled
2742 sighup only after the next connection was accepted. use poll on
2d86a6cc 2743 listen sock now.
2744 - [sshd.c]
2745 make that a fatal
87e91331 2746 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
2747 to fix libwrap support on NetBSD
5001b9e4 2748 - Released 1.2pre17
8946db53 2749
6d8c4ea4 275019991208
bcbf86ec 2751 - Compile fix for Solaris with /dev/ptmx from
6d8c4ea4 2752 David Agraz <dagraz@jahoopa.com>
2753
4285816a 275419991207
986a22ec 2755 - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
4285816a 2756 fixes compatability with 4.x and 5.x
db28aeb5 2757 - Fixed default SSH_ASKPASS
bcbf86ec 2758 - Fix PAM account and session being called multiple times. Problem
d465f2ca 2759 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
a408af76 2760 - Merged more OpenBSD changes:
2761 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
bcbf86ec 2762 move atomicio into it's own file. wrap all socket write()s which
a408af76 2763 were doing write(sock, buf, len) != len, with atomicio() calls.
2764 - [auth-skey.c]
2765 fd leak
2766 - [authfile.c]
2767 properly name fd variable
2768 - [channels.c]
2769 display great hatred towards strcpy
2770 - [pty.c pty.h sshd.c]
2771 use openpty() if it exists (it does on BSD4_4)
2772 - [tildexpand.c]
2773 check for ~ expansion past MAXPATHLEN
2774 - Modified helper.c to use new atomicio function.
2775 - Reformat Makefile a little
2776 - Moved RC4 routines from rc4.[ch] into helper.c
2777 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
9983a8ca 2778 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
2779 - Tweaked Redhat spec
9158d92f 2780 - Clean up bad imports of a few files (forgot -kb)
2781 - Released 1.2pre16
4285816a 2782
9c7b6dfd 278319991204
2784 - Small cleanup of PAM code in sshd.c
57112b5a 2785 - Merged OpenBSD CVS changes:
2786 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
2787 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
2788 - [auth-rsa.c]
2789 warn only about mismatch if key is _used_
2790 warn about keysize-mismatch with log() not error()
2791 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
2792 ports are u_short
2793 - [hostfile.c]
2794 indent, shorter warning
2795 - [nchan.c]
2796 use error() for internal errors
2797 - [packet.c]
2798 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
2799 serverloop.c
2800 indent
2801 - [ssh-add.1 ssh-add.c ssh.h]
2802 document $SSH_ASKPASS, reasonable default
2803 - [ssh.1]
2804 CheckHostIP is not available for connects via proxy command
2805 - [sshconnect.c]
2806 typo
2807 easier to read client code for passwd and skey auth
2808 turn of checkhostip for proxy connects, since we don't know the remote ip
9c7b6dfd 2809
dad3b556 281019991126
2811 - Add definition for __P()
2812 - Added [v]snprintf() replacement for systems that lack it
2813
0ce43ae4 281419991125
2815 - More reformatting merged from OpenBSD CVS
2816 - Merged OpenBSD CVS changes:
2817 - [channels.c]
2818 fix packet_integrity_check() for !have_hostname_in_open.
2819 report from mrwizard@psu.edu via djm@ibs.com.au
2820 - [channels.c]
2821 set SO_REUSEADDR and SO_LINGER for forwarded ports.
2822 chip@valinux.com via damien@ibs.com.au
2823 - [nchan.c]
2824 it's not an error() if shutdown_write failes in nchan.
2825 - [readconf.c]
2826 remove dead #ifdef-0-code
2827 - [readconf.c servconf.c]
2828 strcasecmp instead of tolower
2829 - [scp.c]
2830 progress meter overflow fix from damien@ibs.com.au
2831 - [ssh-add.1 ssh-add.c]
2832 SSH_ASKPASS support
2833 - [ssh.1 ssh.c]
2834 postpone fork_after_authentication until command execution,
2835 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
2836 plus: use daemon() for backgrounding
cf8dd513 2837 - Added BSD compatible install program and autoconf test, thanks to
2838 Niels Kristian Bech Jensen <nkbj@image.dk>
2839 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
09041313 2840 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
3dbefdb8 2841 - Release 1.2pre15
0ce43ae4 2842
5260325f 284319991124
2844 - Merged very large OpenBSD source code reformat
2845 - OpenBSD CVS updates
2846 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
2847 [ssh.h sshd.8 sshd.c]
2848 syslog changes:
2849 * Unified Logmessage for all auth-types, for success and for failed
2850 * Standard connections get only ONE line in the LOG when level==LOG:
2851 Auth-attempts are logged only, if authentication is:
2852 a) successfull or
2853 b) with passwd or
2854 c) we had more than AUTH_FAIL_LOG failues
2855 * many log() became verbose()
2856 * old behaviour with level=VERBOSE
2857 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
2858 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
2859 messages. allows use of s/key in windows (ttssh, securecrt) and
2860 ssh-1.2.27 clients without 'ssh -v', ok: niels@
2861 - [sshd.8]
2862 -V, for fallback to openssh in SSH2 compatibility mode
2863 - [sshd.c]
2864 fix sigchld race; cjc5@po.cwru.edu
2865
4655fe80 286619991123
2867 - Added SuSE package files from Chris Saia <csaia@wtower.com>
8b241e50 2868 - Restructured package-related files under packages/*
4655fe80 2869 - Added generic PAM config
8b241e50 2870 - Numerous little Solaris fixes
9c08d6ce 2871 - Add recommendation to use GNU make to INSTALL document
4655fe80 2872
60bed5fd 287319991122
2874 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
2f2cc3f9 2875 - OpenBSD CVS Changes
bcbf86ec 2876 - [ssh-keygen.c]
2877 don't create ~/.ssh only if the user wants to store the private
2878 key there. show fingerprint instead of public-key after
2f2cc3f9 2879 keygeneration. ok niels@
b09a984b 2880 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
96ad4350 2881 - Added timersub() macro
b09a984b 2882 - Tidy RCSIDs of bsd-*.c
bcbf86ec 2883 - Added autoconf test and macro to deal with old PAM libraries
96ad4350 2884 pam_strerror definition (one arg vs two).
530f1889 2885 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
bcbf86ec 2886 - Retry /dev/urandom reads interrupted by signal (report from
530f1889 2887 Robert Hardy <rhardy@webcon.net>)
1647c2b5 2888 - Added a setenv replacement for systems which lack it
d84a9a44 2889 - Only display public key comment when presenting ssh-askpass dialog
2890 - Released 1.2pre14
60bed5fd 2891
bcbf86ec 2892 - Configure, Make and changelog corrections from Tudor Bosman
2ddcfdf3 2893 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
2894
9d6b7add 289519991121
2f2cc3f9 2896 - OpenBSD CVS Changes:
60bed5fd 2897 - [channels.c]
2898 make this compile, bad markus
2899 - [log.c readconf.c servconf.c ssh.h]
2900 bugfix: loglevels are per host in clientconfig,
2901 factor out common log-level parsing code.
2902 - [servconf.c]
2903 remove unused index (-Wall)
2904 - [ssh-agent.c]
2905 only one 'extern char *__progname'
2906 - [sshd.8]
2907 document SIGHUP, -Q to synopsis
2908 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
2909 [channels.c clientloop.c]
2910 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
2911 [hope this time my ISP stays alive during commit]
2912 - [OVERVIEW README] typos; green@freebsd
2913 - [ssh-keygen.c]
2914 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
2915 exit if writing the key fails (no infinit loop)
2916 print usage() everytime we get bad options
2917 - [ssh-keygen.c] overflow, djm@mindrot.org
2918 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
bcbf86ec 2919
2b942fe0 292019991120
bcbf86ec 2921 - Merged more Solaris support from Marc G. Fournier
2b942fe0 2922 <marc.fournier@acadiau.ca>
2923 - Wrote autoconf tests for integer bit-types
2924 - Fixed enabling kerberos support
bcbf86ec 2925 - Fix segfault in ssh-keygen caused by buffer overrun in filename
13c36c4c 2926 handling.
2b942fe0 2927
06479889 292819991119
2929 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
2ad77510 2930 - Merged OpenBSD CVS changes
2931 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
2932 more %d vs. %s in fmt-strings
2933 - [authfd.c]
2934 Integers should not be printed with %s
7b1cc56c 2935 - EGD uses a socket, not a named pipe. Duh.
2936 - Fix includes in fingerprint.c
29dbde15 2937 - Fix scp progress bar bug again.
bcbf86ec 2938 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
736890c4 2939 David Rankin <drankin@bohemians.lexington.ky.us>
91b8065d 2940 - Added autoconf option to enable Kerberos 4 support (untested)
2941 - Added autoconf option to enable AFS support (untested)
2942 - Added autoconf option to enable S/Key support (untested)
2943 - Added autoconf option to enable TCP wrappers support (compiles OK)
beb43d31 2944 - Renamed BSD helper function files to bsd-*
bcbf86ec 2945 - Added tests for login and daemon and enable OpenBSD replacements for
caf3bc51 2946 when they are absent.
2947 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
06479889 2948
2bd61362 294919991118
2950 - Merged OpenBSD CVS changes
2951 - [scp.c] foregroundproc() in scp
2952 - [sshconnect.h] include fingerprint.h
bcbf86ec 2953 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
2bd61362 2954 changes.
0c16a097 2955 - [ssh.1] Spell my name right.
2bd61362 2956 - Added openssh.com info to README
2957
f095fcc7 295819991117
2959 - Merged OpenBSD CVS changes
2960 - [ChangeLog.Ylonen] noone needs this anymore
2961 - [authfd.c] close-on-exec for auth-socket, ok deraadt
bcbf86ec 2962 - [hostfile.c]
2963 in known_hosts key lookup the entry for the bits does not need
2964 to match, all the information is contained in n and e. This
2965 solves the problem with buggy servers announcing the wrong
f095fcc7 2966 modulus length. markus and me.
bcbf86ec 2967 - [serverloop.c]
2968 bugfix: check for space if child has terminated, from:
f095fcc7 2969 iedowse@maths.tcd.ie
2970 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
2971 [fingerprint.c fingerprint.h]
2972 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
2973 - [ssh-agent.1] typo
2974 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
bcbf86ec 2975 - [sshd.c]
f095fcc7 2976 force logging to stderr while loading private key file
2977 (lost while converting to new log-levels)
2978
4d195447 297919991116
2980 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
2981 - Merged OpenBSD CVS changes:
2982 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
2983 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
2984 the keysize of rsa-parameter 'n' is passed implizit,
2985 a few more checks and warnings about 'pretended' keysizes.
2986 - [cipher.c cipher.h packet.c packet.h sshd.c]
2987 remove support for cipher RC4
2988 - [ssh.c]
2989 a note for legay systems about secuity issues with permanently_set_uid(),
2990 the private hostkey and ptrace()
2991 - [sshconnect.c]
2992 more detailed messages about adding and checking hostkeys
2993
dad9a31e 299419991115
2995 - Merged OpenBSD CVS changes:
bcbf86ec 2996 - [ssh-add.c] change passphrase loop logic and remove ref to
dad9a31e 2997 $DISPLAY, ok niels
2998 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
bcbf86ec 2999 modular.
dad9a31e 3000 - Revised autoconf support for enabling/disabling askpass support.
e7c0f9d5 3001 - Merged more OpenBSD CVS changes:
704b1659 3002 [auth-krb4.c]
3003 - disconnect if getpeername() fails
3004 - missing xfree(*client)
3005 [canohost.c]
3006 - disconnect if getpeername() fails
3007 - fix comment: we _do_ disconnect if ip-options are set
3008 [sshd.c]
3009 - disconnect if getpeername() fails
3010 - move checking of remote port to central place
3011 [auth-rhosts.c] move checking of remote port to central place
3012 [log-server.c] avoid extra fd per sshd, from millert@
3013 [readconf.c] print _all_ bad config-options in ssh(1), too
3014 [readconf.h] print _all_ bad config-options in ssh(1), too
3015 [ssh.c] print _all_ bad config-options in ssh(1), too
3016 [sshconnect.c] disconnect if getpeername() fails
e7c0f9d5 3017 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
c75a1a66 3018 - Various small cleanups to bring diff (against OpenBSD) size down.
f601d847 3019 - Merged more Solaris compability from Marc G. Fournier
3020 <marc.fournier@acadiau.ca>
3021 - Wrote autoconf tests for __progname symbol
986a22ec 3022 - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
0c372277 3023 - Released 1.2pre12
3024
3025 - Another OpenBSD CVS update:
3026 - [ssh-keygen.1] fix .Xr
dad9a31e 3027
92da7197 302819991114
3029 - Solaris compilation fixes (still imcomplete)
3030
94f7bb9e 303119991113
dd092f97 3032 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
3033 - Don't install config files if they already exist
3034 - Fix inclusion of additional preprocessor directives from acconfig.h
94f7bb9e 3035 - Removed redundant inclusions of config.h
e9c75a39 3036 - Added 'Obsoletes' lines to RPM spec file
94f7bb9e 3037 - Merged OpenBSD CVS changes:
3038 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
bcbf86ec 3039 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
94f7bb9e 3040 totalsize, ok niels,aaron
bcbf86ec 3041 - Delay fork (-f option) in ssh until after port forwarded connections
94f7bb9e 3042 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
b2344d54 3043 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
3044 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
dd092f97 3045 - Tidied default config file some more
3046 - Revised Redhat initscript to fix bug: sshd (re)start would fail
3047 if executed from inside a ssh login.
94f7bb9e 3048
e35c1dc2 304919991112
3050 - Merged changes from OpenBSD CVS
3051 - [sshd.c] session_key_int may be zero
b4748e2f 3052 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
bcbf86ec 3053 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
b4748e2f 3054 deraadt,millert
3055 - Brought default sshd_config more in line with OpenBSD's
547c9f30 3056 - Grab server in gnome-ssh-askpass (Debian bug #49872)
3057 - Released 1.2pre10
e35c1dc2 3058
8bc7973f 3059 - Added INSTALL documentation
6fa724bc 3060 - Merged yet more changes from OpenBSD CVS
3061 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
3062 [ssh.c ssh.h sshconnect.c sshd.c]
3063 make all access to options via 'extern Options options'
3064 and 'extern ServerOptions options' respectively;
3065 options are no longer passed as arguments:
3066 * make options handling more consistent
3067 * remove #include "readconf.h" from ssh.h
3068 * readconf.h is only included if necessary
3069 - [mpaux.c] clear temp buffer
3070 - [servconf.c] print _all_ bad options found in configfile
045672f9 3071 - Make ssh-askpass support optional through autoconf
59b0f0d4 3072 - Fix nasty division-by-zero error in scp.c
3073 - Released 1.2pre11
8bc7973f 3074
4cca272e 307519991111
3076 - Added (untested) Entropy Gathering Daemon (EGD) support
67d68e3a 3077 - Fixed /dev/urandom fd leak (Debian bug #49722)
5bbb5681 3078 - Merged OpenBSD CVS changes:
3079 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
3080 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
3081 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
bcbf86ec 3082 - Fix integer overflow which was messing up scp's progress bar for large
3f1d9bcd 3083 file transfers. Fix submitted to OpenBSD developers. Report and fix
3084 from Kees Cook <cook@cpoint.net>
6a17f9c2 3085 - Merged more OpenBSD CVS changes:
bcbf86ec 3086 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
6a17f9c2 3087 + krb-cleanup cleanup
3088 - [clientloop.c log-client.c log-server.c ]
3089 [readconf.c readconf.h servconf.c servconf.h ]
3090 [ssh.1 ssh.c ssh.h sshd.8]
3091 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
3092 obsoletes QuietMode and FascistLogging in sshd.
e35c1dc2 3093 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
3094 allow session_key_int != sizeof(session_key)
3095 [this should fix the pre-assert-removal-core-files]
3096 - Updated default config file to use new LogLevel option and to improve
3097 readability
3098
f370266e 309919991110
67d68e3a 3100 - Merged several minor fixes:
f370266e 3101 - ssh-agent commandline parsing
3102 - RPM spec file now installs ssh setuid root
3103 - Makefile creates libdir
4cca272e 3104 - Merged beginnings of Solaris compability from Marc G. Fournier
3105 <marc.fournier@acadiau.ca>
f370266e 3106
d4f11b59 310719991109
3108 - Autodetection of SSL/Crypto library location via autoconf
3109 - Fixed location of ssh-askpass to follow autoconf
3110 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
3111 - Autodetection of RSAref library for US users
3112 - Minor doc updates
560557bb 3113 - Merged OpenBSD CVS changes:
3114 - [rsa.c] bugfix: use correct size for memset()
3115 - [sshconnect.c] warn if announced size of modulus 'n' != real size
f025becb 3116 - Added GNOME passphrase requestor (use --with-gnome-askpass)
d397b172 3117 - RPM build now creates subpackages
aa51e7cc 3118 - Released 1.2pre9
d4f11b59 3119
e1a9c08d 312019991108
3121 - Removed debian/ directory. This is now being maintained separately.
3122 - Added symlinks for slogin in RPM spec file
3123 - Fixed permissions on manpages in RPM spec file
3124 - Added references to required libraries in README file
3125 - Removed config.h.in from CVS
3126 - Removed pwdb support (better pluggable auth is provided by glibc)
3127 - Made PAM and requisite libdl optional
3128 - Removed lots of unnecessary checks from autoconf
3129 - Added support and autoconf test for openpty() function (Unix98 pty support)
3130 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
3131 - Added TODO file
3132 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
3133 - Added ssh-askpass program
3134 - Added ssh-askpass support to ssh-add.c
3135 - Create symlinks for slogin on install
3136 - Fix "distclean" target in makefile
3137 - Added example for ssh-agent to manpage
3138 - Added support for PAM_TEXT_INFO messages
3139 - Disable internal /etc/nologin support if PAM enabled
3140 - Merged latest OpenBSD CVS changes:
5bae4ab8 3141 - [all] replace assert() with error, fatal or packet_disconnect
e1a9c08d 3142 - [sshd.c] don't send fail-msg but disconnect if too many authentication
3143 failures
e1a9c08d 3144 - [sshd.c] remove unused argument. ok dugsong
3145 - [sshd.c] typo
3146 - [rsa.c] clear buffers used for encryption. ok: niels
3147 - [rsa.c] replace assert() with error, fatal or packet_disconnect
ade6fccd 3148 - [auth-krb4.c] remove unused argument. ok dugsong
e1a9c08d 3149 - Fixed coredump after merge of OpenBSD rsa.c patch
9010d60a 3150 - Released 1.2pre8
e1a9c08d 3151
3028328e 315219991102
3153 - Merged change from OpenBSD CVS
3154 - One-line cleanup in sshd.c
3155
474832c5 315619991030
3157 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
69256d9d 3158 - Merged latest updates for OpenBSD CVS:
3159 - channels.[ch] - remove broken x11 fix and document istate/ostate
3160 - ssh-agent.c - call setsid() regardless of argv[]
3161 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
3162 - Documentation cleanups
3163 - Renamed README -> README.Ylonen
3164 - Renamed README.openssh ->README
474832c5 3165
339660f6 316619991029
3167 - Renamed openssh* back to ssh* at request of Theo de Raadt
3168 - Incorporated latest changes from OpenBSD's CVS
3169 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
3170 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
549b3eed 3171 - Make distclean now removed configure script
3172 - Improved PAM logging
3173 - Added some debug() calls for PAM
4ecd19ea 3174 - Removed redundant subdirectories
bcbf86ec 3175 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
4ecd19ea 3176 building on Debian.
242588e6 3177 - Fixed off-by-one error in PAM env patch
3178 - Released 1.2pre6
339660f6 3179
5881cd60 318019991028
3181 - Further PAM enhancements.
3182 - Much cleaner
3183 - Now uses account and session modules for all logins.
3184 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
3185 - Build fixes
3186 - Autoconf
3187 - Change binary names to open*
3188 - Fixed autoconf script to detect PAM on RH6.1
3189 - Added tests for libpwdb, and OpenBSD functions to autoconf
221395b3 3190 - Released 1.2pre4
fca82d2e 3191
3192 - Imported latest OpenBSD CVS code
3193 - Updated README.openssh
93f04616 3194 - Released 1.2pre5
fca82d2e 3195
5881cd60 319619991027
3197 - Adapted PAM patch.
3198 - Released 1.0pre2
3199
3200 - Excised my buggy replacements for strlcpy and mkdtemp
3201 - Imported correct OpenBSD strlcpy and mkdtemp routines.
3202 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
3203 - Picked up correct version number from OpenBSD
3204 - Added sshd.pam PAM configuration file
3205 - Added sshd.init Redhat init script
3206 - Added openssh.spec RPM spec file
3207 - Released 1.2pre3
3208
320919991026
3210 - Fixed include paths of OpenSSL functions
3211 - Use OpenSSL MD5 routines
3212 - Imported RC4 code from nanocrypt
3213 - Wrote replacements for OpenBSD arc4random* functions
3214 - Wrote replacements for strlcpy and mkdtemp
3215 - Released 1.0pre1
git-cvsimport mirror of OpenSSH
This page took 0.630191 seconds and 5 git commands to generate.