]>
Commit | Line | Data |
---|---|---|
1d677676 | 1 | 20020930 |
9a87e2ac | 2 | - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, |
3 | tweak README | |
4 | - (djm) OpenBSD CVS Sync | |
5 | - mickey@cvs.openbsd.org 2002/09/27 10:42:09 | |
6 | [compat.c compat.h sshd.c] | |
7 | add a generic match for a prober, such as sie big brother; | |
8 | idea from stevesk@; markus@ ok | |
1d677676 | 9 | |
0d3d0e82 | 10 | 20020927 |
11 | - (djm) OpenBSD CVS Sync | |
12 | - markus@cvs.openbsd.org 2002/09/25 11:17:16 | |
13 | [sshd_config] | |
14 | sync LoginGraceTime with default | |
26b9a3d2 | 15 | - markus@cvs.openbsd.org 2002/09/25 15:19:02 |
16 | [sshd.c] | |
17 | typo; pilot@monkey.org | |
2db9d8aa | 18 | - markus@cvs.openbsd.org 2002/09/26 11:38:43 |
19 | [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] | |
20 | [monitor_wrap.h] | |
21 | krb4 + privsep; ok dugsong@, deraadt@ | |
0d3d0e82 | 22 | |
b7c4a4cc | 23 | 20020925 |
24 | - (bal) Fix issue where successfull login does not clear failure counts | |
25 | in AIX. Patch by dtucker@zip.com.au ok by djm | |
ef51930f | 26 | - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. |
27 | This does not include the deattack.c fixes. | |
b7c4a4cc | 28 | |
99443922 | 29 | 20020923 |
30 | - (djm) OpenBSD CVS Sync | |
31 | - stevesk@cvs.openbsd.org 2002/09/23 20:46:27 | |
32 | [canohost.c] | |
33 | change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for | |
34 | non-sockets; fixes a problem passing NULL to snprintf(). ok markus@ | |
0082ad34 | 35 | - markus@cvs.openbsd.org 2002/09/23 22:11:05 |
36 | [monitor.c] | |
37 | only call auth_krb5 if kerberos is enabled; ok deraadt@ | |
4741e3a6 | 38 | - markus@cvs.openbsd.org 2002/09/24 08:46:04 |
39 | [monitor.c] | |
40 | only call kerberos code for authctxt->valid | |
cb11b555 | 41 | - todd@cvs.openbsd.org 2002/09/24 20:59:44 |
42 | [sshd.8] | |
43 | tweak the example $HOME/.ssh/rc script to not show on any cmdline the | |
44 | sensitive data it handles. This fixes bug # 402 as reported by | |
45 | kolya@mit.edu (Nickolai Zeldovich). | |
46 | ok markus@ and stevesk@ | |
99443922 | 47 | |
aec4cb4f | 48 | 20020923 |
49 | - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au | |
50 | ||
f86b0eef | 51 | 20020922 |
52 | - (djm) OpenBSD CVS Sync | |
53 | - stevesk@cvs.openbsd.org 2002/09/19 14:53:14 | |
54 | [compat.c] | |
c7724abb | 55 | - markus@cvs.openbsd.org 2002/09/19 15:51:23 |
56 | [ssh-add.c] | |
57 | typo; cd@kalkatraz.de | |
00e842d8 | 58 | - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 |
59 | [serverloop.c] | |
60 | log IP address also; ok markus@ | |
c2802d92 | 61 | - stevesk@cvs.openbsd.org 2002/09/20 18:41:29 |
62 | [auth.c] | |
63 | log illegal user here for missing privsep case (ssh2). | |
64 | this is executed in the monitor. ok markus@ | |
f86b0eef | 65 | |
792e7d2d | 66 | 20020919 |
67 | - (djm) OpenBSD CVS Sync | |
68 | - stevesk@cvs.openbsd.org 2002/09/12 19:11:52 | |
69 | [ssh-agent.c] | |
70 | %u for uid print; ok markus@ | |
da0561eb | 71 | - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 |
72 | [session.c ssh.1] | |
73 | add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ | |
facfd613 | 74 | - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 |
75 | [channels.c sshconnect.c sshd.c] | |
76 | remove use of SO_LINGER, it should not be needed. error check | |
77 | SO_REUSEADDR. fixup comments. ok markus@ | |
8bd4e2ae | 78 | - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 |
79 | [session.c] | |
80 | log when _PATH_NOLOGIN exists; ok markus@ | |
e6fe1bab | 81 | - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 |
82 | [sshd_config.5] | |
83 | more details on X11Forwarding security issues and threats; ok markus@ | |
f1dcc34e | 84 | - stevesk@cvs.openbsd.org 2002/09/16 22:03:13 |
85 | [sshd.8] | |
86 | reference moduli(5) in FILES /etc/moduli. | |
5c0d0e90 | 87 | - itojun@cvs.openbsd.org 2002/09/17 07:47:02 |
88 | [channels.c] | |
89 | don't quit while creating X11 listening socket. | |
90 | http://mail-index.netbsd.org/current-users/2002/09/16/0005.html | |
91 | got from portable. markus ok | |
6939bbd4 | 92 | - djm@cvs.openbsd.org 2002/09/19 01:58:18 |
93 | [ssh.c sshconnect.c] | |
94 | bugzilla.mindrot.org #223 - ProxyCommands don't exit. | |
95 | Patch from dtucker@zip.com.au; ok markus@ | |
792e7d2d | 96 | |
4f3834e8 | 97 | 20020912 |
eee2215e | 98 | - (djm) Made GNOME askpass programs return non-zero if cancel button is |
99 | pressed. | |
10a560d4 | 100 | - (djm) Added getpeereid() replacement. Properly implemented for systems |
101 | with SO_PEERCRED support. Faked for systems which lack it. | |
9fd2a215 | 102 | - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and |
103 | fake-queue.h to sys-tree.h and sys-queue.h | |
4f3834e8 | 104 | - (djm) OpenBSD CVS Sync |
105 | - markus@cvs.openbsd.org 2002/09/08 20:24:08 | |
106 | [hostfile.h] | |
107 | no comma at end of enumerator list | |
696f6bef | 108 | - itojun@cvs.openbsd.org 2002/09/09 06:48:06 |
109 | [auth1.c auth.h auth-krb5.c monitor.c monitor.h] | |
110 | [monitor_wrap.c monitor_wrap.h] | |
111 | kerberos support for privsep. confirmed to work by lha@stacken.kth.se | |
112 | patch from markus | |
661e45a0 | 113 | - markus@cvs.openbsd.org 2002/09/09 14:54:15 |
114 | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] | |
115 | signed vs unsigned from -pedantic; ok henning@ | |
87f4111f | 116 | - markus@cvs.openbsd.org 2002/09/10 20:24:47 |
117 | [ssh-agent.c] | |
118 | check the euid of the connecting process with getpeereid(2); | |
119 | ok provos deraadt stevesk | |
07d688d5 | 120 | - stevesk@cvs.openbsd.org 2002/09/11 17:55:03 |
121 | [ssh.1] | |
122 | add agent and X11 forwarding warning text from ssh_config.5; ok markus@ | |
8b10e20e | 123 | - stevesk@cvs.openbsd.org 2002/09/11 18:27:26 |
124 | [authfd.c authfd.h ssh.c] | |
125 | don't connect to agent to test for presence if we've previously | |
126 | connected; ok markus@ | |
00b3ad3e | 127 | - djm@cvs.openbsd.org 2002/09/11 22:41:50 |
128 | [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h] | |
129 | [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c] | |
130 | support for short/long listings and globbing in "ls"; ok markus@ | |
be0cd512 | 131 | - djm@cvs.openbsd.org 2002/09/12 00:13:06 |
132 | [sftp-int.c] | |
133 | zap unused var introduced in last commit | |
4f3834e8 | 134 | |
ac8802eb | 135 | 20020911 |
136 | - (djm) Sync openbsd-compat with OpenBSD -current | |
137 | ||
e2e36358 | 138 | 20020910 |
139 | - (djm) Bug #365: Read /.ssh/environment properly under CygWin. | |
140 | Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com> | |
35c4faf5 | 141 | - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL. |
142 | Patch from Robert Halubek <rob@adso.com.pl> | |
e2e36358 | 143 | |
3445ca02 | 144 | 20020905 |
145 | - (djm) OpenBSD CVS Sync | |
146 | - stevesk@cvs.openbsd.org 2002/09/04 18:52:42 | |
147 | [servconf.c sshd.8 sshd_config.5] | |
148 | default LoginGraceTime to 2m; 1m may be too short for slow systems. | |
149 | ok markus@ | |
cbecf1ed | 150 | - (djm) Merge openssh-TODO.patch from Redhat (null) beta |
c4ee4c60 | 151 | - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from |
152 | Nalin Dahyabhai <nalin@redhat.com> | |
3c1dff28 | 153 | - (djm) Add support for building gtk2 password requestor from Redhat beta |
3445ca02 | 154 | |
954640a4 | 155 | 20020903 |
33e2e066 | 156 | - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt |
e18b7d35 | 157 | - (djm) Fix Redhat RPM build dependancy test |
954640a4 | 158 | - (djm) OpenBSD CVS Sync |
159 | - markus@cvs.openbsd.org 2002/08/12 10:46:35 | |
160 | [ssh-agent.c] | |
161 | make ssh-agent setgid, disallow ptrace. | |
755c4339 | 162 | - espie@cvs.openbsd.org 2002/08/21 11:20:59 |
163 | [sshd.8] | |
164 | `RSA' updated to refer to `public key', where it matters. | |
165 | okay markus@ | |
6e0fbda1 | 166 | - stevesk@cvs.openbsd.org 2002/08/21 19:38:06 |
167 | [servconf.c sshd.8 sshd_config sshd_config.5] | |
168 | change LoginGraceTime default to 1 minute; ok mouring@ markus@ | |
00e41835 | 169 | - stevesk@cvs.openbsd.org 2002/08/21 20:10:28 |
170 | [ssh-agent.c] | |
171 | raise listen backlog; ok markus@ | |
c1a4eef1 | 172 | - stevesk@cvs.openbsd.org 2002/08/22 19:27:53 |
173 | [ssh-agent.c] | |
174 | use common close function; ok markus@ | |
1d77f8cb | 175 | - stevesk@cvs.openbsd.org 2002/08/22 19:38:42 |
176 | [clientloop.c] | |
177 | format with current EscapeChar; bugzilla #388 from wknox@mitre.org. | |
178 | ok markus@ | |
f34ec885 | 179 | - stevesk@cvs.openbsd.org 2002/08/22 20:57:19 |
180 | [ssh-agent.c] | |
181 | shutdown(SHUT_RDWR) not needed before close here; ok markus@ | |
848bf884 | 182 | - markus@cvs.openbsd.org 2002/08/22 21:33:58 |
183 | [auth1.c auth2.c] | |
184 | auth_root_allowed() is handled by the monitor in the privsep case, | |
185 | so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325 | |
6c723e7c | 186 | - markus@cvs.openbsd.org 2002/08/22 21:45:41 |
187 | [session.c] | |
188 | send signal name (not signal number) in "exit-signal" message; noticed | |
189 | by galb@vandyke.com | |
b41baf4d | 190 | - stevesk@cvs.openbsd.org 2002/08/27 17:13:56 |
191 | [ssh-rsa.c] | |
192 | RSA_public_decrypt() returns -1 on error so len must be signed; | |
193 | ok markus@ | |
dbcdea68 | 194 | - stevesk@cvs.openbsd.org 2002/08/27 17:18:40 |
195 | [ssh_config.5] | |
196 | some warning text for ForwardAgent and ForwardX11; ok markus@ | |
ba1566dd | 197 | - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 |
198 | [monitor.c session.c sshlogin.c sshlogin.h] | |
199 | pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> | |
200 | NOTE: there are also p-specific parts to this patch. ok markus@ | |
e59404d1 | 201 | - stevesk@cvs.openbsd.org 2002/08/29 16:02:54 |
202 | [ssh.1 ssh.c] | |
203 | deprecate -P as UsePrivilegedPort defaults to no now; ok markus@ | |
878b8992 | 204 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 |
205 | [ssh_config.5] | |
206 | more on UsePrivilegedPort and setuid root; ok markus@ | |
9f324470 | 207 | - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 |
208 | [ssh.c] | |
209 | shrink initial privilege bracket for setuid case; ok markus@ | |
57ff5eeb | 210 | - stevesk@cvs.openbsd.org 2002/08/29 22:54:10 |
211 | [ssh_config.5 sshd_config.5] | |
212 | state XAuthLocation is a full pathname | |
954640a4 | 213 | |
b85698ab | 214 | 20020820 |
215 | - OpenBSD CVS Sync | |
216 | - millert@cvs.openbsd.org 2002/08/02 14:43:15 | |
217 | [monitor.c monitor_mm.c] | |
218 | Change mm_zalloc() sanity checks to be more in line with what | |
219 | we do in calloc() and add a check to monitor_mm.c. | |
220 | OK provos@ and markus@ | |
6a342527 | 221 | - marc@cvs.openbsd.org 2002/08/02 16:00:07 |
222 | [ssh.1 sshd.8] | |
223 | note that .ssh/environment is only read when | |
224 | allowed (PermitUserEnvironment in sshd_config). | |
225 | OK markus@ | |
4004c2ac | 226 | - markus@cvs.openbsd.org 2002/08/02 21:23:41 |
227 | [ssh-rsa.c] | |
228 | diff is u_int (2x); ok deraadt/provos | |
0caf874a | 229 | - markus@cvs.openbsd.org 2002/08/02 22:20:30 |
230 | [ssh-rsa.c] | |
231 | replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser | |
232 | for authentication; ok deraadt/djm | |
75cf7563 | 233 | - aaron@cvs.openbsd.org 2002/08/08 13:50:23 |
234 | [sshconnect1.c] | |
235 | Use & to test if bits are set, not &&; markus@ ok. | |
d6097023 | 236 | - stevesk@cvs.openbsd.org 2002/08/08 23:54:52 |
237 | [auth.c] | |
238 | typo in comment | |
36535ee6 | 239 | - stevesk@cvs.openbsd.org 2002/08/09 17:21:42 |
240 | [sshd_config.5] | |
241 | use Op for mdoc conformance; from esr@golux.thyrsus.com | |
242 | ok aaron@ | |
b3641662 | 243 | - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 |
244 | [sshd_config.5] | |
245 | proxy vs. fake display | |
35453849 | 246 | - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 |
247 | [ssh.1 sshd.8 sshd_config.5] | |
248 | more PermitUserEnvironment; ok markus@ | |
24794905 | 249 | - stevesk@cvs.openbsd.org 2002/08/17 23:07:14 |
250 | [ssh.1] | |
251 | ForwardAgent has defaulted to no for over 2 years; be more clear here. | |
4dcbbeea | 252 | - stevesk@cvs.openbsd.org 2002/08/17 23:55:01 |
253 | [ssh_config.5] | |
254 | ordered list here | |
7d3b91a6 | 255 | - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign |
256 | it to ULONG_MAX. | |
b85698ab | 257 | |
cd018561 | 258 | 20020813 |
259 | - (tim) [configure.ac] Display OpenSSL header/library version. | |
260 | Patch by dtucker@zip.com.au | |
261 | ||
8a48a7ef | 262 | 20020731 |
263 | - (bal) OpenBSD CVS Sync | |
264 | - markus@cvs.openbsd.org 2002/07/24 16:11:18 | |
265 | [hostfile.c hostfile.h sshconnect.c] | |
266 | print out all known keys for a host if we get a unknown host key, | |
267 | see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 | |
268 | ||
269 | the ssharp mitm tool attacks users in a similar way, so i'd like to | |
270 | pointed out again: | |
271 | A MITM attack is always possible if the ssh client prints: | |
272 | The authenticity of host 'bla' can't be established. | |
273 | (protocol version 2 with pubkey authentication allows you to detect | |
274 | MITM attacks) | |
5cb5518b | 275 | - mouring@cvs.openbsd.org 2002/07/25 01:16:59 |
276 | [sftp.c] | |
277 | FallBackToRsh does not exist anywhere else. Remove it from here. | |
278 | OK deraadt. | |
567a05bf | 279 | - markus@cvs.openbsd.org 2002/07/29 18:57:30 |
280 | [sshconnect.c] | |
281 | print file:line | |
f00bab84 | 282 | - markus@cvs.openbsd.org 2002/07/30 17:03:55 |
283 | [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] | |
284 | add PermitUserEnvironment (off by default!); from dot@dotat.at; | |
285 | ok provos, deraadt | |
8a48a7ef | 286 | |
13979d47 | 287 | 20020730 |
288 | - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de | |
289 | ||
d228d9dd | 290 | 20020728 |
291 | - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar | |
16c4a972 | 292 | - (stevesk) [CREDITS] solar |
75131bbd | 293 | - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned |
294 | char arg. | |
d228d9dd | 295 | |
d40af5fa | 296 | 20020725 |
297 | - (djm) Remove some cruft from INSTALL | |
d91b4743 | 298 | - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/ |
d40af5fa | 299 | |
56b54901 | 300 | 20020723 |
301 | - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger. | |
918ffb0b | 302 | - (bal) sync ID w/ ssh-agent.c |
516f0d7d | 303 | - (bal) OpenBSD Sync |
304 | - markus@cvs.openbsd.org 2002/07/19 15:43:33 | |
305 | [log.c log.h session.c sshd.c] | |
306 | remove fatal cleanups after fork; based on discussions with and code | |
307 | from solar. | |
5d185586 | 308 | - stevesk@cvs.openbsd.org 2002/07/19 17:42:40 |
309 | [ssh.c] | |
310 | display a warning from ssh when XAuthLocation does not exist or xauth | |
311 | returned no authentication data. ok markus@ | |
30998af1 | 312 | - stevesk@cvs.openbsd.org 2002/07/21 18:32:20 |
313 | [auth-options.c] | |
314 | unneeded includes | |
dbc728ff | 315 | - stevesk@cvs.openbsd.org 2002/07/21 18:34:43 |
316 | [auth-options.h] | |
317 | remove invalid comment | |
97686bf9 | 318 | - markus@cvs.openbsd.org 2002/07/22 11:03:06 |
319 | [session.c] | |
320 | fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors; | |
d341742a | 321 | - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 |
322 | [monitor.c] | |
323 | u_int here; ok provos@ | |
67f04db1 | 324 | - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 |
325 | [sshd.c] | |
326 | utmp_len is unsigned; display error consistent with other options. | |
327 | ok markus@ | |
0df3a240 | 328 | - stevesk@cvs.openbsd.org 2002/07/15 17:15:31 |
329 | [uidswap.c] | |
330 | little more debugging; ok markus@ | |
d341742a | 331 | |
21c2c5cd | 332 | 20020722 |
333 | - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk | |
a93bd14c | 334 | - (stevesk) [xmmap.c] missing prototype for fatal() |
ccbb983c | 335 | - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync |
336 | with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. | |
d262b7f2 | 337 | - (bal) [configure.ac] Missing ;; from cray patch. |
30eab01d | 338 | - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines |
339 | into it's own header. | |
ee48c949 | 340 | - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be |
341 | freed by the caller; add free_pam_environment() and use it. | |
1d3f4ae7 | 342 | - (stevesk) [auth-pam.c] typo in comment |
21c2c5cd | 343 | |
b992432e | 344 | 20020721 |
345 | - (stevesk) [auth-pam.c] merge cosmetic changes from solar's | |
346 | openssh-3.4p1-owl-password-changing.diff | |
277f55cf | 347 | - (stevesk) [auth-pam.c] merge rest of solar's PAM patch; |
348 | PAM_NEW_AUTHTOK_REQD remains in #if 0 for now. | |
f7808a93 | 349 | - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch |
350 | warning on pam_conv struct conversation function. | |
337dde6b | 351 | - (stevesk) [auth-pam.h] license |
8565f28e | 352 | - (stevesk) [auth-pam.h] unneeded include |
e9b2c23d | 353 | - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h |
b992432e | 354 | |
ce88d9df | 355 | 20020720 |
356 | - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). | |
357 | ||
4379c0e5 | 358 | 20020719 |
359 | - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed. | |
360 | Patch by dtucker@zip.com.au | |
f75ca46d | 361 | - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au |
4379c0e5 | 362 | |
45491100 | 363 | 20020718 |
364 | - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org | |
365 | - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported | |
366 | by ayamura@ayamura.org | |
1cbbe6c8 | 367 | - (tim) [configure.ac] Bug 267 rework int64_t test. |
5749e709 | 368 | - (tim) [includes.h] Bug 267 add stdint.h |
45491100 | 369 | |
dd3943d0 | 370 | 20020717 |
371 | - (bal) aixbff package updated by dtucker@zip.com.au | |
2bf42e4a | 372 | - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests |
373 | for autoconf 2.53. Based on a patch by jrj@purdue.edu | |
dd3943d0 | 374 | |
8fc47887 | 375 | 20020716 |
376 | - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found | |
377 | ||
c750d869 | 378 | 20020715 |
379 | - (bal) OpenBSD CVS Sync | |
380 | - itojun@cvs.openbsd.org 2002/07/12 13:29:09 | |
381 | [sshconnect.c] | |
382 | print connect failure during debugging mode. | |
a2f883ce | 383 | - markus@cvs.openbsd.org 2002/07/12 15:50:17 |
384 | [cipher.c] | |
385 | EVP_CIPH_CUSTOM_IV for our own rijndael | |
2d199535 | 386 | - (bal) Remove unused tty defined in do_setusercontext() pointed out by |
387 | dtucker@zip.com.au plus a a more KNF since I am near it. | |
846be3f4 | 388 | - (bal) Privsep user creation support in Solaris buildpkg.sh by |
389 | dtucker@zip.com.au | |
c750d869 | 390 | |
798c5808 | 391 | 20020714 |
392 | - (tim) [Makefile.in] replace "id sshd" with "sshd -t" | |
4165b82e | 393 | - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c |
394 | openbsd-compat/Makefile.in] support compression on platforms that | |
395 | have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c | |
396 | Based on patch from nalin@redhat.com of code extracted from Owl's package | |
5fd8087a | 397 | - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris. |
398 | report by chris@by-design.net | |
fdebdd4f | 399 | - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net |
d80063fe | 400 | - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin() |
401 | report by rodney@bond.net | |
798c5808 | 402 | |
6b2a3595 | 403 | 20020712 |
404 | - (tim) [Makefile.in] quiet down install-files: and check-user: | |
3085601b | 405 | - (tim) [configure.ac] remove unused filepriv line |
6b2a3595 | 406 | |
249f9903 | 407 | 20020710 |
408 | - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions | |
409 | on /var/empty to 755 Patch by vinschen@redhat.com | |
6f901f8e | 410 | - (bal) OpenBSD CVS Sync |
411 | - itojun@cvs.openbsd.org 2002/07/09 11:56:50 | |
412 | [sshconnect.c] | |
413 | silently try next address on connect(2). markus ok | |
59c825e1 | 414 | - itojun@cvs.openbsd.org 2002/07/09 11:56:27 |
415 | [canohost.c] | |
416 | suppress log on reverse lookup failiure, as there's no real value in | |
417 | doing so. | |
418 | markus ok | |
aab5431b | 419 | - itojun@cvs.openbsd.org 2002/07/09 12:04:02 |
420 | [sshconnect.c] | |
421 | ed static function (less warnings) | |
94ad46d1 | 422 | - stevesk@cvs.openbsd.org 2002/07/09 17:46:25 |
423 | [sshd_config.5] | |
424 | clarify no preference ordering in protocol list; ok markus@ | |
9bd68577 | 425 | - itojun@cvs.openbsd.org 2002/07/10 10:28:15 |
426 | [sshconnect.c] | |
427 | bark if all connection attempt fails. | |
09683edf | 428 | - deraadt@cvs.openbsd.org 2002/07/10 17:53:54 |
429 | [rijndael.c] | |
430 | use right sizeof in memcpy; markus ok | |
249f9903 | 431 | |
e6f15ed1 | 432 | 20020709 |
433 | - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms | |
434 | lacking that concept can share it. Patch by vinschen@redhat.com | |
435 | ||
4f9d6706 | 436 | 20020708 |
437 | - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to | |
438 | work in a jumpstart environment. patch by kbrint@rufus.net | |
b451e27b | 439 | - (tim) [Makefile.in] workaround for broken pakadd on some systems. |
cda1ebcb | 440 | - (tim) [configure.ac] fix libc89 utimes test. Mention default path for |
441 | --with-privsep-path= | |
4f9d6706 | 442 | |
ac74561e | 443 | 20020707 |
444 | - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH) | |
94d8258b | 445 | - (tim) [acconfig.h configure.ac sshd.c] |
446 | s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ | |
d41f8eed | 447 | - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes |
448 | patch from vinschen@redhat.com | |
0b832146 | 449 | - (bal) [realpath.c] Updated with OpenBSD tree. |
da2499f5 | 450 | - (bal) OpenBSD CVS Sync |
451 | - deraadt@cvs.openbsd.org 2002/07/04 04:15:33 | |
452 | [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] | |
453 | patch memory leaks; grendel@zeitbombe.org | |
e1feb9bf | 454 | - deraadt@cvs.openbsd.org 2002/07/04 08:12:15 |
455 | [channels.c packet.c] | |
456 | blah blah minor nothing as i read and re-read and re-read... | |
eb9f2fab | 457 | - markus@cvs.openbsd.org 2002/07/04 10:41:47 |
458 | [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] | |
459 | don't allocate, copy, and discard if there is not interested in the data; | |
460 | ok deraadt@ | |
4394a17f | 461 | - deraadt@cvs.openbsd.org 2002/07/06 01:00:49 |
462 | [log.c] | |
463 | KNF | |
50d2fbbc | 464 | - deraadt@cvs.openbsd.org 2002/07/06 01:01:26 |
465 | [ssh-keyscan.c] | |
466 | KNF, realloc fix, and clean usage | |
12a3f2c3 | 467 | - stevesk@cvs.openbsd.org 2002/07/06 17:47:58 |
468 | [ssh-keyscan.c] | |
469 | unused variable | |
41545cb6 | 470 | - (bal) Minor KNF on ssh-keyscan.c |
ac74561e | 471 | |
0764e748 | 472 | 20020705 |
473 | - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs. | |
474 | Reported by Darren Tucker <dtucker@zip.com.au> | |
e12659f4 | 475 | - (tim) [contrib/cygwin/ssh-host-config] double slash corrction |
476 | from vinschen@redhat.com | |
0764e748 | 477 | |
64c0ce80 | 478 | 20020704 |
479 | - (bal) Limit data to TTY for AIX only (Newer versions can't handle the | |
480 | faster data rate) Bug #124 | |
375c1dee | 481 | - (bal) glob.c defines TILDE and AIX also defines it. #undef it first. |
482 | bug #265 | |
ff2de800 | 483 | - (bal) One too many nulls in ports-aix.c |
64c0ce80 | 484 | |
d2f95449 | 485 | 20020703 |
486 | - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com | |
619a6aff | 487 | - (bal) minor correction to utimes() replacement. Patch by |
488 | onoe@sm.sony.co.jp | |
f11fe301 | 489 | - OpenBSD CVS Sync |
490 | - markus@cvs.openbsd.org 2002/06/27 08:49:44 | |
491 | [dh.c ssh-keyscan.c sshconnect.c] | |
492 | more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@ | |
181d6635 | 493 | - deraadt@cvs.openbsd.org 2002/06/27 09:08:00 |
494 | [monitor.c] | |
495 | improve mm_zalloc check; markus ok | |
30e37ee6 | 496 | - deraadt@cvs.openbsd.org 2002/06/27 10:35:47 |
497 | [auth2-none.c monitor.c sftp-client.c] | |
498 | use xfree() | |
c8f94200 | 499 | - stevesk@cvs.openbsd.org 2002/06/27 19:49:08 |
500 | [ssh-keyscan.c] | |
501 | use convtime(); ok markus@ | |
a64d3560 | 502 | - millert@cvs.openbsd.org 2002/06/28 01:49:31 |
503 | [monitor_mm.c] | |
504 | tree(3) wants an int return value for its compare functions and | |
505 | the difference between two pointers is not an int. Just do the | |
506 | safest thing and store the result in a long and then return 0, | |
507 | -1, or 1 based on that result. | |
405a0d43 | 508 | - deraadt@cvs.openbsd.org 2002/06/28 01:50:37 |
509 | [monitor_wrap.c] | |
510 | use ssize_t | |
4efd85b2 | 511 | - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 |
512 | [sshd.c] | |
513 | range check -u option at invocation | |
6ded293b | 514 | - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 |
515 | [sshd.c] | |
516 | gidset[2] -> gidset[1]; markus ok | |
7fdc56c5 | 517 | - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 |
518 | [auth2.c session.c sshd.c] | |
519 | lint asks that we use names that do not overlap | |
343288b8 | 520 | - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 |
521 | [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c | |
522 | monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c | |
523 | sshconnect2.c sshd.c] | |
524 | minor KNF | |
7d60d74c | 525 | - deraadt@cvs.openbsd.org 2002/07/01 16:15:25 |
526 | [msg.c] | |
527 | %u | |
713f6cd9 | 528 | - markus@cvs.openbsd.org 2002/07/01 19:48:46 |
529 | [sshconnect2.c] | |
530 | for compression=yes, we fallback to no-compression if the server does | |
531 | not support compression, vice versa for compression=no. ok mouring@ | |
261189cc | 532 | - markus@cvs.openbsd.org 2002/07/03 09:55:38 |
533 | [ssh-keysign.c] | |
534 | use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) | |
535 | in order to avoid a possible Kocher timing attack pointed out by Charles | |
536 | Hannum; ok provos@ | |
60cd0a97 | 537 | - markus@cvs.openbsd.org 2002/07/03 14:21:05 |
538 | [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] | |
539 | re-enable ssh-keysign's sbit, but make ssh-keysign read | |
540 | /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled | |
541 | globally. based on discussions with deraadt, itojun and sommerfeld; | |
542 | ok itojun@ | |
56fd97d7 | 543 | - (bal) Failed password attempts don't increment counter on AIX. Bug #145 |
e8aa0a5c | 544 | - (bal) Missed Makefile.in change. keysign needs readconf.o |
0ba40daa | 545 | - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. |
56fd97d7 | 546 | |
b2f295dc | 547 | 20020702 |
548 | - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & | |
549 | friends consistently. Spotted by Solar Designer <solar@openwall.com> | |
550 | ||
3c3e878a | 551 | 20020629 |
552 | - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style | |
553 | clean up while I'm near it. | |
554 | ||
811ee370 | 555 | 20020628 |
556 | - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented | |
557 | options should contain default value. from solar. | |
b9b82dab | 558 | - (bal) Cygwin uid0 fix by vinschen@redhat.com |
17962c40 | 559 | - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise |
560 | have issues of our fixes not propogating right (ie bcopy instead of | |
561 | memmove). OK tim | |
4fa4fb00 | 562 | - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported. |
563 | Bug #303 | |
811ee370 | 564 | |
ce88d9df | 565 | 20020627 |
d1ff09ba | 566 | - OpenBSD CVS Sync |
567 | - deraadt@cvs.openbsd.org 2002/06/26 14:49:36 | |
568 | [monitor.c] | |
569 | correct %u | |
63b5f1a1 | 570 | - deraadt@cvs.openbsd.org 2002/06/26 14:50:04 |
571 | [monitor_fdpass.c] | |
572 | use ssize_t for recvmsg() and sendmsg() return | |
1431a900 | 573 | - markus@cvs.openbsd.org 2002/06/26 14:51:33 |
574 | [ssh-add.c] | |
575 | fix exit code for -X/-x | |
bb0640b2 | 576 | - deraadt@cvs.openbsd.org 2002/06/26 15:00:32 |
577 | [monitor_wrap.c] | |
578 | more %u | |
20e79e98 | 579 | - markus@cvs.openbsd.org 2002/06/26 22:27:32 |
580 | [ssh-keysign.c] | |
581 | bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu | |
d1ff09ba | 582 | |
4bfa8bb6 | 583 | 20020626 |
584 | - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM | |
a594fa74 | 585 | - (bal) OpenBSD CVS Sync |
586 | - markus@cvs.openbsd.org 2002/06/23 21:34:07 | |
587 | [channels.c] | |
588 | tcode is u_int | |
38501509 | 589 | - markus@cvs.openbsd.org 2002/06/24 13:12:23 |
590 | [ssh-agent.1] | |
591 | the socket name contains ssh-agent's ppid; via mpech@ from form@ | |
f91d9a89 | 592 | - markus@cvs.openbsd.org 2002/06/24 14:33:27 |
593 | [channels.c channels.h clientloop.c serverloop.c] | |
594 | move channel counter to u_int | |
1169c3df | 595 | - markus@cvs.openbsd.org 2002/06/24 14:55:38 |
596 | [authfile.c kex.c ssh-agent.c] | |
597 | cat to (void) when output from buffer_get_X is ignored | |
09915dc1 | 598 | - itojun@cvs.openbsd.org 2002/06/24 15:49:22 |
599 | [msg.c] | |
600 | printf type pedant | |
d0a1c5d1 | 601 | - deraadt@cvs.openbsd.org 2002/06/24 17:57:20 |
602 | [sftp-server.c sshpty.c] | |
603 | explicit (u_int) for uid and gid | |
6c69a6a9 | 604 | - markus@cvs.openbsd.org 2002/06/25 16:22:42 |
605 | [authfd.c] | |
606 | unnecessary cast | |
87809a1f | 607 | - markus@cvs.openbsd.org 2002/06/25 18:51:04 |
608 | [sshd.c] | |
609 | lightweight do_setusercontext after chroot() | |
924681ee | 610 | - (bal) Updated AIX package build. Patch by dtucker@zip.com.au |
46c8ebb3 | 611 | - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8 |
78beb77d | 612 | - (bal) added back in error check for mmap(). I screwed up, Pointed |
613 | out by stevesk@ | |
f2d9a1f8 | 614 | - (tim) [README.privsep] UnixWare tip no longer needed. |
88cb875c | 615 | - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP, |
616 | but it all damned lies. | |
0d0270e6 | 617 | - (stevesk) [README.privsep] more for sshd pseudo-account. |
8029e7fc | 618 | - (tim) [contrib/caldera/openssh.spec] add support for privsep |
8695f9f7 | 619 | - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ |
b29fe4ea | 620 | - (djm) OpenBSD CVS Sync |
621 | - markus@cvs.openbsd.org 2002/06/26 08:53:12 | |
622 | [bufaux.c] | |
623 | limit size of BNs to 8KB; ok provos/deraadt | |
22d62d31 | 624 | - markus@cvs.openbsd.org 2002/06/26 08:54:18 |
625 | [buffer.c] | |
626 | limit append to 1MB and buffers to 10MB | |
5df8c731 | 627 | - markus@cvs.openbsd.org 2002/06/26 08:55:02 |
628 | [channels.c] | |
629 | limit # of channels to 10000 | |
87f18810 | 630 | - markus@cvs.openbsd.org 2002/06/26 08:58:26 |
631 | [session.c] | |
632 | limit # of env vars to 1000; ok deraadt/djm | |
2f095a0e | 633 | - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 |
634 | [monitor.c] | |
635 | be careful in mm_zalloc | |
66087567 | 636 | - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 |
637 | [session.c] | |
638 | disclose less information from environment files; based on input | |
639 | from djm, and dschultz@uclink.Berkeley.EDU | |
477edc5d | 640 | - markus@cvs.openbsd.org 2002/06/26 13:55:37 |
641 | [auth2-chall.c] | |
642 | make sure # of response matches # of queries, fixes int overflow; | |
643 | from ISS | |
03b14b6f | 644 | - markus@cvs.openbsd.org 2002/06/26 13:56:27 |
645 | [version.h] | |
646 | 3.4 | |
9c696d0d | 647 | - (djm) Require krb5 devel for RPM build w/ KrbV |
c4186be7 | 648 | - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai |
649 | <nalin@redhat.com> | |
1e7bc74c | 650 | - (djm) Update spec files for release |
49b53b03 | 651 | - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS |
03b14b6f | 652 | - (djm) Release 3.4p1 |
6519cfd6 | 653 | - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in |
654 | by mistake | |
4bfa8bb6 | 655 | |
ef1ac12b | 656 | 20020625 |
657 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh | |
1a44c6f7 | 658 | - (stevesk) [README.privsep] minor updates |
fd3cbf67 | 659 | - (djm) Create privsep directory and warn if privsep user is missing |
660 | during make install | |
702b2855 | 661 | - (bal) Started list of PrivSep issues in TODO |
1c6249af | 662 | - (bal) if mmap() is substandard, don't allow compression on server side. |
663 | Post 'event' we will add more options. | |
cbaa3d44 | 664 | - (tim) [contrib/caldera/openssh.spec] Sync with Caldera |
e2bc41f9 | 665 | - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by |
666 | dtucker@zip.com.au | |
d170feb1 | 667 | - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus |
668 | for Cygwin, Cray, & SCO | |
ef1ac12b | 669 | |
d5803314 | 670 | 20020624 |
671 | - OpenBSD CVS Sync | |
672 | - deraadt@cvs.openbsd.org 2002/06/23 03:25:50 | |
673 | [tildexpand.c] | |
674 | KNF | |
3ddc795d | 675 | - deraadt@cvs.openbsd.org 2002/06/23 03:26:19 |
676 | [cipher.c key.c] | |
677 | KNF | |
d6133f43 | 678 | - deraadt@cvs.openbsd.org 2002/06/23 03:30:58 |
679 | [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c | |
680 | sshpty.c] | |
681 | various KNF and %d for unsigned | |
9906a836 | 682 | - deraadt@cvs.openbsd.org 2002/06/23 09:30:14 |
683 | [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c | |
684 | sftp.c] | |
685 | bunch of u_int vs int stuff | |
512df038 | 686 | - deraadt@cvs.openbsd.org 2002/06/23 09:39:55 |
687 | [ssh-keygen.c] | |
688 | u_int stuff | |
7528d467 | 689 | - deraadt@cvs.openbsd.org 2002/06/23 09:46:51 |
690 | [bufaux.c servconf.c] | |
691 | minor KNF. things the fingers do while you read | |
e424e241 | 692 | - deraadt@cvs.openbsd.org 2002/06/23 10:29:52 |
693 | [ssh-agent.c sshd.c] | |
694 | some minor KNF and %u | |
7138ebd9 | 695 | - deraadt@cvs.openbsd.org 2002/06/23 20:39:45 |
696 | [session.c] | |
697 | compression_level is u_int | |
f09ce20a | 698 | - deraadt@cvs.openbsd.org 2002/06/23 21:06:13 |
699 | [sshpty.c] | |
700 | KNF | |
57f228e8 | 701 | - deraadt@cvs.openbsd.org 2002/06/23 21:06:41 |
702 | [channels.c channels.h session.c session.h] | |
703 | display, screen, row, col, xpixel, ypixel are u_int; markus ok | |
0bc50167 | 704 | - deraadt@cvs.openbsd.org 2002/06/23 21:10:02 |
705 | [packet.c] | |
706 | packet_get_int() returns unsigned for reason & seqnr | |
57f228e8 | 707 | - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col, |
708 | xpixel are u_int. | |
709 | ||
d5803314 | 710 | |
58177c0a | 711 | 20020623 |
712 | - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX. | |
dc43acd2 | 713 | - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset. |
ef3912be | 714 | - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au |
a8bbdc75 | 715 | - OpenBSD CVS Sync |
716 | - stevesk@cvs.openbsd.org 2002/06/22 02:00:29 | |
717 | [ssh.h] | |
718 | correct comment | |
1ae02182 | 719 | - stevesk@cvs.openbsd.org 2002/06/22 02:40:23 |
720 | [ssh.1] | |
721 | section 5 not 4 for ssh_config | |
b2843ec6 | 722 | - naddy@cvs.openbsd.org 2002/06/22 11:51:39 |
723 | [ssh.1] | |
724 | typo | |
75653d3e | 725 | - stevesk@cvs.openbsd.org 2002/06/22 16:32:54 |
726 | [sshd.8] | |
727 | add /var/empty in FILES section | |
a56313d7 | 728 | - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 |
729 | [sshd.c] | |
730 | check /var/empty owner mode; ok provos@ | |
e4e83d70 | 731 | - stevesk@cvs.openbsd.org 2002/06/22 16:41:57 |
732 | [scp.1] | |
733 | typo | |
baa08b92 | 734 | - stevesk@cvs.openbsd.org 2002/06/22 16:45:29 |
735 | [ssh-agent.1 sshd.8 sshd_config.5] | |
736 | use process ID vs. pid/PID/process identifier | |
c28876e9 | 737 | - stevesk@cvs.openbsd.org 2002/06/22 20:05:27 |
738 | [sshd.c] | |
739 | don't call setsid() if debugging or run from inetd; no "Operation not | |
740 | permitted" errors now; ok millert@ markus@ | |
d17ef027 | 741 | - stevesk@cvs.openbsd.org 2002/06/22 23:09:51 |
742 | [monitor.c] | |
743 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | |
744 | ok provos@ | |
58177c0a | 745 | |
0b202697 | 746 | $Id$ |