]> andersk Git - openssh.git/blame - ChangeLog
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2002/03/16 17:41:25
[openssh.git] / ChangeLog
CommitLineData
8627f3e0 120020321
2 - (bal) OpenBSD CVS Sync
3 - itojun@cvs.openbsd.org 2002/03/08 06:10:16
4 [sftp-client.c]
5 printf type mismatch
bfa7f960 6 - itojun@cvs.openbsd.org 2002/03/11 03:18:49
7 [sftp-client.c]
8 correct type mismatches (u_int64_t != unsigned long long)
5fc7dbc9 9 - itojun@cvs.openbsd.org 2002/03/11 03:19:53
10 [sftp-client.c]
11 indent
150a5466 12 - markus@cvs.openbsd.org 2002/03/14 15:24:27
13 [sshconnect1.c]
14 don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
4f08e98d 15 - markus@cvs.openbsd.org 2002/03/14 16:38:26
16 [sshd.c]
17 split out ssh1 session key decryption; ok provos@
46f1eece 18 - markus@cvs.openbsd.org 2002/03/14 16:56:33
19 [auth-rh-rsa.c auth-rsa.c auth.h]
20 split auth_rsa() for better readability and privsep; ok provos@
c390a3c8 21 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
22 [auth.c]
23 fix file type checking (use S_ISREG). ok by markus
bcb68a8f 24 - markus@cvs.openbsd.org 2002/03/16 11:24:53
25 [compress.c]
26 skip inflateEnd if inflate fails; ok provos@
3e65880e 27 - markus@cvs.openbsd.org 2002/03/16 17:22:09
28 [auth-rh-rsa.c auth.h]
29 split auth_rhosts_rsa(), ok provos@
bb15f28b 30 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
31 [auth-krb5.c]
32 BSD license. from Daniel Kouril via Dug Song. ok markus@
8627f3e0 33
81dadca3 3420020317
35 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
36 warn if directory does not exist. Put system directories in front of
37 PATH for finding entorpy commands.
43e41c2c 38 - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
39 build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
40 [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
41 postinstall check for $piddir and add if necessary.
81dadca3 42
e4abf75b 4320020311
44 - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
45 build on all platforms that support SVR4 style package tools. Now runs
46 from build dir. Parts are based on patches from Antonio Navarro, and
47 Darren Tucker.
48
fb8f3dc9 4920020308
a068d86f 50 - (djm) Revert bits of Markus' OpenSSL compat patch which was
51 accidentally committed.
52 - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
53 Known issue: Blowfish for SSH1 does not work
dc254471 54 - (stevesk) entropy.c: typo in debug message
633151a3 55 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
fb8f3dc9 56
1854a55e 5720020307
58 - (djm) OpenBSD CVS Sync
59 - markus@cvs.openbsd.org 2002/03/06 00:20:54
60 [compat.c dh.c]
61 compat.c
83a9aa63 62 - markus@cvs.openbsd.org 2002/03/06 00:23:27
63 [compat.c dh.c]
64 undo
dbe426a1 65 - markus@cvs.openbsd.org 2002/03/06 00:24:39
66 [compat.c]
67 compat.c
86044b85 68 - markus@cvs.openbsd.org 2002/03/06 00:25:55
69 [version.h]
70 OpenSSH_3.1
01f8d3ee 71 - (djm) Update RPM spec files with new version number
4ca33cc5 72 - (bal) Updated INSTALL to reflect 0.9.6 OpenSSL requirement
5bbbc661 73 - (bal) Add in check for rpc/types.h since it is needed on
74 some platforms for INADDR_LOOPBACK. We should retest
75 SCO 3 to see if this fixes their problem also.
492a3893 76 - (bal) Test for IRIX JOBS support at runtime. Patch provided
77 by David Kaelbling <drk@sgi.com>
78
a88e3e36 7920020305
80 - stevesk@cvs.openbsd.org 2002/03/02 09:34:42
81 [LICENCE]
82 correct copyright dates for scp license; ok markus@
83
27f30efd 8420020304
85 - OpenBSD CVS Sync
86 - deraadt@cvs.openbsd.org 2002/02/26 18:52:32
87 [sftp.1]
88 Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
dc76d6ce 89 - mouring@cvs.openbsd.org 2002/02/26 19:04:37
90 [sftp.1]
91 > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
92 Last Ic on the first line should not have a space between it and the final
93 comma.
7e35f994 94 - deraadt@cvs.openbsd.org 2002/02/26 19:06:43
95 [sftp.1]
96 no, look closely. the comma was highlighted. split .Ic even more
3c05447a 97 - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
98 [misc.c]
99 use socklen_t
db518d9b 100 - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
101 [canohost.c channels.c packet.c sshd.c]
102 remove unneeded casts in [gs]etsockopt(); ok markus@
714954dc 103 - markus@cvs.openbsd.org 2002/02/28 15:46:33
104 [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
105 add some const EVP_MD for openssl-0.9.7
cd9a7017 106 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
107 [auth.c match.c match.h]
108 delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
109 for sshd -u0; ok markus@
ebb1bf1a 110 - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
111 [sshd.8]
112 DenyUsers allows user@host pattern also
f464aad8 113 - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
114 [sshd.8]
115 -u0 DNS for user@host
b334badd 116 - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
117 [auth.c]
118 log user not allowed details, from dwd@bell-labs.com; ok markus@
6805fc56 119 - markus@cvs.openbsd.org 2002/03/01 13:12:10
120 [auth.c match.c match.h]
121 undo the 'delay hostname lookup' change
122 match.c must not use compress.c (via canonhost.c/packet.c)
123 thanks to wilfried@
fa1eb020 124 - markus@cvs.openbsd.org 2002/03/04 12:43:06
125 [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
c92ec40b 126 - markus@cvs.openbsd.org 2002/03/04 13:10:46
127 [misc.c]
128 error-> debug, because O_NONBLOCK for /dev/null causes too many different
129 errnos; ok stevesk@, deraadt@
fa1eb020 130 unused include
93c3b6de 131 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
132 [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
133 channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
134 groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
135 servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
136 uuencode.c xmalloc.h]
137 $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
138 missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
139 files. ok markus@
27452401 140 - stevesk@cvs.openbsd.org 2002/03/04 18:30:23
141 [ssh-keyscan.c]
142 handle connection close during read of protocol version string.
143 fixes erroneous "bad greeting". ok markus@
c77d2e56 144 - markus@cvs.openbsd.org 2002/03/04 19:37:58
145 [channels.c]
146 off by one; thanks to joost@pine.nl
ef817d21 147 - (bal) Added contrib/aix/ to support BFF package generation provided
148 by Darren Tucker <dtucker@zip.com.au>
ddceb1c8 14920020226
150 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
151 based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
152 Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
153 reported by nolan@naic.edu (Michael Nolan)
154 patch by Pekka Savola <pekkas@netcore.fi>
155 Bug 74 [configure.ac defines.h] add sig_atomic_t test
156 reported by dwd@bell-labs.com (Dave Dykstra)
157 Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
158 [configure.ac Makefile.in] link libwrap only with sshd
159 based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
160 Bug 123 link libpam only with sshd
161 reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
162 [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
163 [acconfig.h] remove unused HAVE_REGCOMP
98f2d9d5 164 [configure.ac] put back in search for prngd-socket
12e8eb8d 165 - (stevesk) openbsd-compat/base64.h: typo in comment
e6164c5e 166 - (bal) Update sshd_config CVSID
c12337d9 167 - (bal) OpenBSD CVS Sync
168 - markus@cvs.openbsd.org 2002/02/15 23:54:10
169 [auth-krb5.c]
170 krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
171 ok provos@
2bae80e9 172 - markus@cvs.openbsd.org 2002/02/22 12:20:34
173 [log.c log.h ssh-keyscan.c]
174 overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
b967d870 175 - markus@cvs.openbsd.org 2002/02/23 17:59:02
176 [kex.c kexdh.c kexgex.c]
177 don't allow garbage after payload.
f6b1ba8f 178 - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
179 [sshd.c]
180 use u_char* here; ok markus@
f60ace9f 181 - markus@cvs.openbsd.org 2002/02/24 16:57:19
182 [sftp-client.c]
183 early close(), missing free; ok stevesk@
a318bbf4 184 - markus@cvs.openbsd.org 2002/02/24 16:58:32
185 [packet.c]
186 make 'cp' unsigned and merge with 'ucp'; ok stevesk@
b117a4d3 187 - markus@cvs.openbsd.org 2002/02/24 18:31:09
188 [uuencode.c]
189 typo in comment
c66f9d0e 190 - markus@cvs.openbsd.org 2002/02/24 19:14:59
191 [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
192 ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
193 signed vs. unsigned: make size arguments u_int, ok stevesk@
811a6342 194 - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
195 [channels.c misc.c]
196 disable Nagle in connect_to() and channel_post_port_listener() (port
197 forwarding endpoints). the intention is to preserve the on-the-wire
198 appearance to applications at either end; the applications can then
199 enable TCP_NODELAY according to their requirements. ok markus@
21b30f38 200 - markus@cvs.openbsd.org 2002/02/25 16:33:27
201 [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
202 more u_* fixes
bb2fbc98 203 - (bal) Imported missing fatal.c and fixed up Makefile.in
98f2d9d5 204 - (tim) [configure.ac] correction to Bug 123 fix
2d16d9a3 205 [configure.ac] correction to sig_atomic_t test
ddceb1c8 206
da522265 20720020225
208 - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext()
209 since we need more session information than provided by that function.
210
2ec3dbf6 21120020224
212 - (bal) Drop Session *s usage in ports-aix.[ch] and pass just what we
213 need to do the jobs (AIX still does not fully compile, but that is
214 coming).
4936fcee 215 - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All
216 that is left is handling aix_usrinfo().
f3837bc6 217 - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
218 patch by wknox@mitre.org (William Knox).
219 [sshlogin.h] declare record_utmp_only for session.c
2ec3dbf6 220
8001948f 22120020221
2ec3dbf6 222 - (bal) Minor session.c fixup for cygwin. mispelt 'is_winnt' variable.
8001948f 223
241b0041 22420020219
225 - (djm) OpenBSD CVS Sync
226 - mpech@cvs.openbsd.org 2002/02/13 08:33:47
227 [ssh-keyscan.1]
228 When you give command examples and etc., in a manual page prefix them with: $ command
229 or
230 # command
399d1ea6 231 - markus@cvs.openbsd.org 2002/02/14 23:27:59
232 [channels.c]
233 increase the SSH v2 window size to 4 packets. comsumes a little
234 bit more memory for slow receivers but increases througput.
ea9700ba 235 - markus@cvs.openbsd.org 2002/02/14 23:28:00
236 [channels.h session.c ssh.c]
237 increase the SSH v2 window size to 4 packets. comsumes a little
238 bit more memory for slow receivers but increases througput.
3ee832e5 239 - markus@cvs.openbsd.org 2002/02/14 23:41:01
240 [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
241 hide some more implementation details of cipher.[ch] and prepares for move
242 to EVP, ok deraadt@
2a55e100 243 - stevesk@cvs.openbsd.org 2002/02/16 14:53:37
244 [ssh-keygen.1]
245 -t required now for key generation
8d22d775 246 - stevesk@cvs.openbsd.org 2002/02/16 20:40:08
247 [ssh-keygen.c]
248 default to rsa keyfile path for non key generation operations where
249 keyfile not specified. fixes core dump in those cases. ok markus@
ef2839b9 250 - millert@cvs.openbsd.org 2002/02/16 21:27:53
251 [auth.h]
252 Part one of userland __P removal. Done with a simple regexp with
253 some minor hand editing to make comments line up correctly. Another
254 pass is forthcoming that handles the cases that could not be done
255 automatically.
d96be24d 256 - millert@cvs.openbsd.org 2002/02/17 19:42:32
257 [auth.h]
258 Manual cleanup of remaining userland __P use (excluding packages
259 maintained outside the tree)
70fc1609 260 - markus@cvs.openbsd.org 2002/02/18 13:05:32
261 [cipher.c cipher.h]
262 switch to EVP, ok djm@ deraadt@
4e30de66 263 - markus@cvs.openbsd.org 2002/02/18 17:55:20
264 [ssh.1]
265 -q: Fatal errors are _not_ displayed.
d9959c61 266 - deraadt@cvs.openbsd.org 2002/02/19 02:50:59
267 [sshd_config]
268 stategy is not an english word
90e70cfc 269 - (bal) Migrated IRIX jobs/projects/audit/etc code to
2cce09e7 270 openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
90e70cfc 271 - (bal) Migrated AIX getuserattr and usrinfo code to
272 openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
273 simplify our diffs against upstream source.
f7342052 274 - (bal) OpenBSD CVS Sync
275 - markus@cvs.openbsd.org 2002/02/15 23:11:26
276 [session.c]
277 split do_child(), ok mouring@
5dd82c23 278 - markus@cvs.openbsd.org 2002/02/16 00:51:44
279 [session.c]
280 typo
281 - (bal) CVS ID sync since the last two patches were merged mistakenly
241b0041 282
975956bb 28320020218
284 - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess
285
0c43a2e7 28620020213
3b83c722 287 - (djm) Don't use system sys/queue.h on AIX. Report from
288 gert@greenie.muc.de
289 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users
0c43a2e7 290
29120020213
9d726f16 292 - (djm) OpenBSD CVS Sync
293 - markus@cvs.openbsd.org 2002/02/11 16:10:15
294 [kex.c]
295 restore kexinit handler if we reset the dispatcher, this unbreaks
296 rekeying s/kex_clear_dispatch/kex_reset_dispatch/
6b4b5e49 297 - markus@cvs.openbsd.org 2002/02/11 16:15:46
298 [sshconnect1.c]
299 include md5.h, not evp.h
44b1a8e5 300 - markus@cvs.openbsd.org 2002/02/11 16:17:55
301 [sshd.c]
302 do not complain about port > 1024 if rhosts-auth is disabled
436c347c 303 - markus@cvs.openbsd.org 2002/02/11 16:19:39
304 [sshd.c]
305 include md5.h not hmac.h
fa869228 306 - markus@cvs.openbsd.org 2002/02/11 16:21:42
307 [match.c]
308 support up to 40 algorithms per proposal
c25d3df7 309 - djm@cvs.openbsd.org 2002/02/12 12:32:27
310 [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
311 Perform multiple overlapping read/write requests in file transfer. Mostly
312 done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@
b2bab059 313 - djm@cvs.openbsd.org 2002/02/12 12:44:46
314 [sftp-client.c]
315 Let overlapped upload path handle servers which reorder ACKs. This may be
316 permitted by the protocol spec; ok markus@
cb476289 317 - markus@cvs.openbsd.org 2002/02/13 00:28:13
318 [sftp-server.c]
319 handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@
b984f12e 320 - markus@cvs.openbsd.org 2002/02/13 00:39:15
321 [readpass.c]
322 readpass.c is not longer from UCB, since we now use readpassphrase(3)
22e6c827 323 - djm@cvs.openbsd.org 2002/02/13 00:59:23
324 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
325 [sftp-int.c sftp-int.h]
326 API cleanup and backwards compat for filexfer v.0 servers; ok markus@
1656cbed 327 - (djm) Sync openbsd-compat with OpenBSD CVS too
9d6b6505 328 - (djm) Bug #106: Add --without-rpath configure option. Patch from
329 Nicolas.Williams@ubsw.com
f7d5d67f 330 - (tim) [configure.ac, defines.h ] add rpc/rpc.h for INADDR_LOOPBACK
331 on SCO OSR3
9d726f16 332
2a8a6488 33320020210
334 - (djm) OpenBSD CVS Sync
335 - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
336 [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
337 move ssh config files to /etc/ssh
338 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
af98ced9 339 - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
340 [readconf.h sshd.8]
341 more /etc/ssh; openbsd@davidkrause.com
2a8a6488 342
980c9344 34320020208
344 - (djm) OpenBSD CVS Sync
345 - markus@cvs.openbsd.org 2002/02/04 12:15:25
346 [sshd.c]
347 add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
348 fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
4c646df4 349 - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
350 [ssh-agent.1]
351 more sync for default ssh-add identities; ok markus@
375f867e 352 - djm@cvs.openbsd.org 2002/02/05 00:00:46
353 [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
354 Add "-B" option to specify copy buffer length (default 32k); ok markus@
06ee33fb 355 - markus@cvs.openbsd.org 2002/02/05 14:32:55
356 [channels.c channels.h ssh.c]
357 merge channel_request() into channel_request_start()
7d5e8c46 358 - markus@cvs.openbsd.org 2002/02/06 14:22:42
359 [sftp.1]
360 sort options; ok mpech@, stevesk@
22be05a5 361 - mpech@cvs.openbsd.org 2002/02/06 14:27:23
362 [sftp.c]
363 sync usage() with manual.
5a4ae906 364 - markus@cvs.openbsd.org 2002/02/06 14:37:22
365 [session.c]
366 minor KNF
3a0d3d54 367 - markus@cvs.openbsd.org 2002/02/06 14:55:16
368 [channels.c clientloop.c serverloop.c ssh.c]
369 channel_new never returns NULL, mouring@; ok djm@
275a87f6 370 - markus@cvs.openbsd.org 2002/02/07 09:35:39
371 [ssh.c]
372 remove bogus comments
980c9344 373
bcc0381e 37420020205
983784a1 375 - (djm) Cleanup after sync:
376 - :%s/reverse_mapping_check/verify_reverse_mapping/g
bcc0381e 377 - (djm) OpenBSD CVS Sync
378 - stevesk@cvs.openbsd.org 2002/01/24 21:09:25
379 [channels.c misc.c misc.h packet.c]
380 add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
381 no nagle changes just yet; ok djm@ markus@
2ac91be1 382 - stevesk@cvs.openbsd.org 2002/01/24 21:13:23
383 [packet.c]
384 need misc.h for set_nodelay()
7d30579d 385 - markus@cvs.openbsd.org 2002/01/25 21:00:24
386 [sshconnect2.c]
387 unused include
087dea86 388 - markus@cvs.openbsd.org 2002/01/25 21:42:11
389 [ssh-dss.c ssh-rsa.c]
390 use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
391 don't use evp_md->md_size, it's not public.
a209a158 392 - markus@cvs.openbsd.org 2002/01/25 22:07:40
393 [kex.c kexdh.c kexgex.c key.c mac.c]
394 use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
f9314d9a 395 - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
396 [includes.h session.c]
397 revert code to add x11 localhost display authorization entry for
398 hostname/unix:d and uts.nodename/unix:d if nodename was different than
399 hostname. just add entry for unix:d instead. ok markus@
e6e573bd 400 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
401 [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
402 add X11UseLocalhost; ok markus@
75a624f0 403 - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
404 [ssh.c]
405 handle simple case to identify FamilyLocal display; ok markus@
a2863956 406 - markus@cvs.openbsd.org 2002/01/29 14:27:57
407 [ssh-add.c]
408 exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
bf4c5edc 409 - markus@cvs.openbsd.org 2002/01/29 14:32:03
410 [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
411 [servconf.c servconf.h session.c sshd.8 sshd_config]
412 s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
413 ok stevesk@
8875ca97 414 - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
415 [session.c]
416 limit subsystem length in log; ok markus@
8e3ce4dc 417 - markus@cvs.openbsd.org 2002/01/29 16:41:19
418 [ssh-add.1]
419 add DIAGNOSTICS; ok stevesk@
24932ee9 420 - markus@cvs.openbsd.org 2002/01/29 22:46:41
421 [session.c]
422 don't depend on servconf.c; ok djm@
16210ef7 423 - markus@cvs.openbsd.org 2002/01/29 23:50:37
424 [scp.1 ssh.1]
425 mention exit status; ok stevesk@
215ced77 426 - markus@cvs.openbsd.org 2002/01/31 13:35:11
427 [kexdh.c kexgex.c]
428 cross check announced key type and type from key blob
d01c63bb 429 - markus@cvs.openbsd.org 2002/01/31 15:00:05
430 [serverloop.c]
431 no need for WNOHANG; ok stevesk@
7899c98f 432 - markus@cvs.openbsd.org 2002/02/03 17:53:25
433 [auth1.c serverloop.c session.c session.h]
434 don't use channel_input_channel_request and callback
435 use new server_input_channel_req() instead:
436 server_input_channel_req does generic request parsing on server side
437 session_input_channel_req handles just session specific things now
438 ok djm@
8034b5cd 439 - markus@cvs.openbsd.org 2002/02/03 17:55:55
440 [channels.c channels.h]
441 remove unused channel_input_channel_request
05ca0898 442 - markus@cvs.openbsd.org 2002/02/03 17:58:21
443 [channels.c channels.h ssh.c]
444 generic callbacks are not really used, remove and
445 add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
446 ok djm@
0dbdc37c 447 - markus@cvs.openbsd.org 2002/02/03 17:59:23
448 [sshconnect2.c]
449 more cross checking if announced vs. used key type; ok stevesk@
3b5a1b05 450 - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
451 [ssh.1 sshd.8]
452 some KeepAlive cleanup/clarify; ok markus@
49ebf326 453 - stevesk@cvs.openbsd.org 2002/02/03 23:22:59
454 [ssh-agent.1]
455 ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
762f5ea2 456 - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
457 [ssh-agent.c]
458 unneeded includes
67fa09f5 459 - markus@cvs.openbsd.org 2002/02/04 11:58:10
460 [auth2.c]
461 cross checking of announced vs actual pktype in pubkey/hostbaed auth;
462 ok stevesk@
5eaf8578 463 - markus@cvs.openbsd.org 2002/02/04 12:15:25
464 [log.c log.h readconf.c servconf.c]
465 add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
466 fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
a445d432 467 - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
468 [ssh-add.1]
469 more sync for default ssh-add identities; ok markus@
a96fd7c2 470 - djm@cvs.openbsd.org 2002/02/04 21:53:12
471 [sftp.1 sftp.c]
472 Add "-P" option to directly connect to a local sftp-server. Should be
473 useful for regression testing; ok markus@
86e23f3e 474 - djm@cvs.openbsd.org 2002/02/05 00:00:46
475 [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
476 Add "-B" option to specify copy buffer length (default 32k); ok markus@
bcc0381e 477
8d7324af 47820020130
479 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
70e2f2f3 480 - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
481 [sshd_config] put back in line that tells what PATH was compiled into sshd.
8d7324af 482
90bab5a8 48320020125
9b7fcaf0 484 - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
485 and grabbing can cause deadlocks with kinput2.
90bab5a8 486
533845df 48720020124
488 - (stevesk) Makefile.in: bug #61; delete commented line for now.
489
906e811b 49020020123
491 - (djm) Fix non-standard shell syntax in autoconf. Patch from
492 Dave Dykstra <dwd@bell-labs.com>
846f83ab 493 - (stevesk) fix --with-zlib=
eb5d7ff6 494 - (djm) Use case statements in autoconf to clean up some tests
5b6c4ceb 495 - (bal) reverted out of 5/2001 change to atexit(). I assume I
496 did it to handle SonyOS. If that is the case than we will
497 do a special case for them.
906e811b 498
f1b0ecc3 49920020122
500 - (djm) autoconf hacking:
501 - We don't support --without-zlib currently, so don't allow it.
502 - Rework cryptographic random number support detection. We now detect
503 whether OpenSSL seeds itself. If it does, then we don't bother with
504 the ssh-rand-helper program. You can force the use of ssh-rand-helper
505 using the --with-rand-helper configure argument
506 - Simplify and clean up ssh-rand-helper configuration
9780116c 507 - Add OpenSSL sanity check: verify that header version matches version
508 reported by library
49d7ed32 509 - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
3dc93cd8 510 - OpenBSD CVS Sync
511 - djm@cvs.openbsd.org 2001/12/21 08:52:22
512 [ssh-keygen.1 ssh-keygen.c]
513 Remove default (rsa1) key type; ok markus@
f9654cd7 514 - djm@cvs.openbsd.org 2001/12/21 08:53:45
515 [readpass.c]
516 Avoid interruptable passphrase read; ok markus@
67656ffc 517 - djm@cvs.openbsd.org 2001/12/21 10:06:43
518 [ssh-add.1 ssh-add.c]
519 Try all standard key files (id_rsa, id_dsa, identity) when invoked with
520 no arguments; ok markus@
b0ce9259 521 - markus@cvs.openbsd.org 2001/12/21 12:17:33
522 [serverloop.c]
523 remove ifdef for USE_PIPES since fdin != fdout; ok djm@
0e0bba68 524 - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
525 [ssh-add.c]
526 try all listed keys.. how did this get broken?
e13b4278 527 - markus@cvs.openbsd.org 2001/12/25 18:49:56
528 [key.c]
529 be more careful on allocation
45c49544 530 - markus@cvs.openbsd.org 2001/12/25 18:53:00
531 [auth1.c]
532 be more carefull on allocation
bb28e836 533 - markus@cvs.openbsd.org 2001/12/27 18:10:29
534 [ssh-keygen.c]
535 -t is only needed for key generation (unbreaks -i, -e, etc).
b775c6f2 536 - markus@cvs.openbsd.org 2001/12/27 18:22:16
537 [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
538 [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
539 call fatal() for openssl allocation failures
135113a3 540 - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
541 [sshd.8]
542 clarify -p; ok markus@
cf184a44 543 - markus@cvs.openbsd.org 2001/12/27 18:26:13
544 [authfile.c]
545 missing include
108d362e 546 - markus@cvs.openbsd.org 2001/12/27 19:37:23
547 [dh.c kexdh.c kexgex.c]
548 always use BN_clear_free instead of BN_free
dc421aa3 549 - markus@cvs.openbsd.org 2001/12/27 19:54:53
550 [auth1.c auth.h auth-rh-rsa.c]
551 auth_rhosts_rsa now accept generic keys.
95500969 552 - markus@cvs.openbsd.org 2001/12/27 20:39:58
553 [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
554 [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
555 get rid of packet_integrity_check, use packet_done() instead.
3456d3c7 556 - markus@cvs.openbsd.org 2001/12/28 12:14:27
20b279e6 557 [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
558 [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
559 [ssh.c sshconnect1.c sshconnect2.c sshd.c]
3456d3c7 560 s/packet_done/packet_check_eom/ (end-of-message); ok djm@
20b279e6 561 - markus@cvs.openbsd.org 2001/12/28 13:57:33
562 [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
563 packet_get_bignum* no longer returns a size
4ef6f649 564 - markus@cvs.openbsd.org 2001/12/28 14:13:13
565 [bufaux.c bufaux.h packet.c]
566 buffer_get_bignum: int -> void
54a5250f 567 - markus@cvs.openbsd.org 2001/12/28 14:50:54
568 [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
569 [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
570 [sshconnect2.c sshd.c]
571 packet_read* no longer return the packet length, since it's not used.
7819b5c3 572 - markus@cvs.openbsd.org 2001/12/28 15:06:00
573 [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
574 [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
575 remove plen from the dispatch fn. it's no longer used.
60015649 576 - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
577 [ssh.1 sshd.8]
578 document LogLevel DEBUG[123]; ok markus@
20905a8e 579 - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
580 [authfile.c channels.c compress.c packet.c sftp-server.c]
581 [ssh-agent.c ssh-keygen.c]
582 remove unneeded casts and some char->u_char cleanup; ok markus@
6c79c353 583 - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
584 [ssh_config]
585 grammar in comment
b4047251 586 - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
587 [readconf.c servconf.c]
588 remove #ifdef _PATH_XAUTH/#endif; ok markus@
0f84fe37 589 - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
590 [servconf.c sshd.8]
591 protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
592 /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
8341f420 593 - markus@cvs.openbsd.org 2002/01/05 10:43:40
594 [channels.c]
595 fix hanging x11 channels for rejected cookies (e.g.
596 XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
597 djast@cs.toronto.edu
cb362b5e 598 - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
599 [ssh.1 sshd.8]
600 some missing and misplaced periods
4ccb828d 601 - markus@cvs.openbsd.org 2002/01/09 13:49:27
602 [ssh-keygen.c]
603 append \n only for public keys
0c0738d5 604 - markus@cvs.openbsd.org 2002/01/09 17:16:00
605 [channels.c]
606 merge channel_pre_open_15/channel_pre_open_20; ok provos@
9c50edcf 607 - markus@cvs.openbsd.org 2002/01/09 17:26:35
608 [channels.c nchan.c]
609 replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
610 ok provos@
99416ceb 611 - markus@cvs.openbsd.org 2002/01/10 11:13:29
612 [serverloop.c]
613 skip client_alive_check until there are channels; ok beck@
3d209bbe 614 - markus@cvs.openbsd.org 2002/01/10 11:24:04
615 [clientloop.c]
616 handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
3c27606d 617 - markus@cvs.openbsd.org 2002/01/10 12:38:26
618 [nchan.c]
619 remove dead code (skip drain)
6d566d33 620 - markus@cvs.openbsd.org 2002/01/10 12:47:59
621 [nchan.c]
622 more unused code (with channels.c:1.156)
5a5f4c37 623 - markus@cvs.openbsd.org 2002/01/11 10:31:05
624 [packet.c]
625 handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
781a02b8 626 - markus@cvs.openbsd.org 2002/01/11 13:36:43
627 [ssh2.h]
628 add defines for msg type ranges
6367063f 629 - markus@cvs.openbsd.org 2002/01/11 13:39:36
630 [auth2.c dispatch.c dispatch.h kex.c]
631 a single dispatch_protocol_error() that sends a message of
632 type 'UNIMPLEMENTED'
633 dispatch_range(): set handler for a ranges message types
634 use dispatch_protocol_ignore() for authentication requests after
635 successful authentication (the drafts requirement).
636 serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
637 of exiting.
70499440 638 - markus@cvs.openbsd.org 2002/01/11 20:14:11
639 [auth2-chall.c auth-skey.c]
640 use strlcpy not strlcat; mouring@
a62ebe1f 641 - markus@cvs.openbsd.org 2002/01/11 23:02:18
642 [readpass.c]
643 use _PATH_TTY
bd2d2ac4 644 - markus@cvs.openbsd.org 2002/01/11 23:02:51
645 [auth2-chall.c]
646 use snprintf; mouring@
7ef24c8c 647 - markus@cvs.openbsd.org 2002/01/11 23:26:30
648 [auth-skey.c]
649 use snprintf; mouring@
68a7e648 650 - markus@cvs.openbsd.org 2002/01/12 13:10:29
651 [auth-skey.c]
652 undo local change
95f0a918 653 - provos@cvs.openbsd.org 2002/01/13 17:27:07
654 [ssh-agent.c]
655 change to use queue.h macros; okay markus@
3469eac4 656 - markus@cvs.openbsd.org 2002/01/13 17:57:37
657 [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
658 use buffer API and avoid static strings of fixed size;
659 ok provos@/mouring@
368e9dfc 660 - markus@cvs.openbsd.org 2002/01/13 21:31:20
661 [channels.h nchan.c]
662 add chan_set_[io]state(), order states, state is now an u_int,
663 simplifies debugging messages; ok provos@
3057c23b 664 - markus@cvs.openbsd.org 2002/01/14 13:22:35
665 [nchan.c]
666 chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
667 - markus@cvs.openbsd.org 2002/01/14 13:34:07
668 [nchan.c]
669 merge chan_[io]buf_empty[12]; ok provos@
668a91b7 670 - markus@cvs.openbsd.org 2002/01/14 13:40:10
671 [nchan.c]
672 correct fn names for ssh2, do not switch from closed to closed;
673 ok provos@
3c9f1ecd 674 - markus@cvs.openbsd.org 2002/01/14 13:41:13
675 [nchan.c]
676 remove duplicated code; ok provos@
70bef40e 677 - markus@cvs.openbsd.org 2002/01/14 13:55:55
678 [channels.c channels.h nchan.c]
679 remove function pointers for events, remove chan_init*; ok provos@
8ab5f6b2 680 - markus@cvs.openbsd.org 2002/01/14 13:57:03
681 [channels.h nchan.c]
682 (c) 2002
5641aefa 683 - markus@cvs.openbsd.org 2002/01/16 13:17:51
684 [channels.c channels.h serverloop.c ssh.c]
685 wrapper for channel_setup_fwd_listener
ac10636f 686 - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
687 [sshd_config]
688 The stategy now used for options in the default sshd_config shipped
689 with OpenSSH is to specify options with their default value where
690 possible, but leave them commented. Uncommented options change a
691 default value. Subsystem is currently the only default option
692 changed. ok markus@
cf5a07a8 693 - stevesk@cvs.openbsd.org 2002/01/16 17:42:33
694 [ssh.1]
695 correct defaults for -i/IdentityFile; ok markus@
1bbbc136 696 - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
697 [ssh_config]
698 correct some commented defaults. add Ciphers default. ok markus@
4267abfd 699 - stevesk@cvs.openbsd.org 2002/01/17 04:27:37
700 [log.c]
701 casts to silence enum type warnings for bugzilla bug 37; ok markus@
ba218fbe 702 - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
703 [sshd.8]
704 correct Ciphers default; paola.mannaro@ubs.com
e6207598 705 - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
706 [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
707 unneeded cast cleanup; ok markus@
dfafef8f 708 - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
709 [sshd.8]
710 clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
711 allard@oceanpark.com; ok markus@
616a6b93 712 - markus@cvs.openbsd.org 2002/01/21 15:13:51
713 [sshconnect.c]
714 use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
715 for hostkey confirm.
55f9eebd 716 - markus@cvs.openbsd.org 2002/01/21 22:30:12
717 [cipher.c compat.c myproposal.h]
718 remove "rijndael-*", just use "aes-" since this how rijndael is called
719 in the drafts; ok stevesk@
32e7d71f 720 - markus@cvs.openbsd.org 2002/01/21 23:27:10
721 [channels.c nchan.c]
722 cleanup channels faster if the are empty and we are in drain-state;
723 ok deraadt@
3a454b6a 724 - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
725 [servconf.c]
726 typo in error message; from djast@cs.toronto.edu
4ca007b2 727 - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
728 changes
507c4f2e 729 - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
730 bogus in configure
187cd1fa 731 - (djm) Use local sys/queue.h if necessary in ssh-agent.c
f1b0ecc3 732
40f64e6f 73320020121
734 - (djm) Rework ssh-rand-helper:
735 - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
736 - Always seed from system calls, even when doing PRNGd seeding
737 - Tidy and comment #define knobs
738 - Remove unused facility for multiple runs through command list
739 - KNF, cleanup, update copyright
740
088cdc23 74120020114
742 - (djm) Bug #50 - make autoconf entropy path checks more robust
743
760b35a6 74420020108
745 - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
746 fixed env var size limit in the process. Report from Corinna Vinschen
747 <vinschen@redhat.com>
5cbceb3f 748 - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does
749 not depend on transition links. from Lutz Jaenicke.
760b35a6 750
1d2a4613 75120020106
752 - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
753 for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
754
d93656c9 75520020105
756 - (bal) NCR requies use_pipes to operate correctly.
29525240 757 - (stevesk) fix spurious ; from NCR change.
d93656c9 758
554e28b2 75920020103
760 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
761 Roger Cornelius <rac@tenzing.org>
762
e9571a2c 76320011229
764 - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
765 <vinschen@redhat.com> Could be abused to guess valid usernames
929fb284 766 - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen
767 <vinschen@redhat.com>
e9571a2c 768
760edf28 76920011228
770 - (djm) Remove recommendation to use GNU make, we should support most
771 make programs.
772
7bec72bc 77320011225
774 - (stevesk) [Makefile.in ssh-rand-helper.c]
775 portable lib and __progname support for ssh-rand-helper; ok djm@
776
b8291fa0 77720011223
778 - (bal) Removed contrib/chroot.diff and noted in contrib/README that it
779 was not being maintained.
780
46058ce2 78120011222
782 - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
783 solar@openwall.com
784 - (djm) Rework entropy code. If the OpenSSL PRNG is has not been
785 internally seeded, execute a subprogram "ssh-rand-helper" to obtain
786 some entropy for us. Rewrite the old in-process entropy collecter as
787 an example ssh-rand-helper.
788 - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
789 we don't end up using ssh_prng_cmds (so we always get a valid file)
790
5fb9865a 79120011221
792 - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
793 server. I have found this necessary to avoid server hangs with X input
794 extensions (e.g. kinput2). Enable by setting the environment variable
795 "GNOME_SSH_ASKPASS_NOGRAB"
805e659f 796 - OpenBSD CVS Sync
797 - stevesk@cvs.openbsd.org 2001/12/08 17:49:28
798 [channels.c pathnames.h]
799 use only one path to X11 UNIX domain socket vs. an array of paths
800 to try. report from djast@cs.toronto.edu. ok markus@
2f293d43 801 - markus@cvs.openbsd.org 2001/12/09 18:45:56
802 [auth2.c auth2-chall.c auth.h]
803 add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
804 fixes memleak.
5e8948af 805 - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
806 [sshd.c]
807 possible fd leak on error; ok markus@
cdc95d6e 808 - markus@cvs.openbsd.org 2001/12/10 20:34:31
809 [ssh-keyscan.c]
810 check that server supports v1 for -t rsa1, report from wirth@dfki.de
fb396518 811 - jakob@cvs.openbsd.org 2001/12/18 10:04:21
812 [auth.h hostfile.c hostfile.h]
813 remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
306feb91 814 - jakob@cvs.openbsd.org 2001/12/18 10:05:15
815 [auth2.c]
816 log fingerprint on successful public key authentication; ok markus@
46df736f 817 - jakob@cvs.openbsd.org 2001/12/18 10:06:24
818 [auth-rsa.c]
819 log fingerprint on successful public key authentication, simplify
820 usage of key structs; ok markus@
184eed6a 821 - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
822 [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
823 [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
824 [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
825 [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
826 [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
827 [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
828 [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
829 [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
830 basic KNF done while i was looking for something else
a10be357 831 - markus@cvs.openbsd.org 2001/12/19 16:09:39
832 [serverloop.c]
833 fix race between SIGCHLD and select with an additional pipe. writing
834 to the pipe on SIGCHLD wakes up select(). using pselect() is not
835 portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
836 initial idea by pmenage@ensim.com; ok deraadt@, djm@
6c0fa2b1 837 - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
838 [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
839 change the buffer/packet interface to use void* vs. char*; ok markus@
ac151b18 840 - markus@cvs.openbsd.org 2001/12/20 16:37:29
841 [channels.c channels.h session.c]
842 setup x11 listen socket for just one connect if the client requests so.
843 (v2 only, but the openssh client does not support this feature).
24ca6821 844 - djm@cvs.openbsd.org 2001/12/20 22:50:24
845 [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
846 [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
847 [sshconnect2.c]
848 Conformance fix: we should send failing packet sequence number when
849 responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
850 yakk@yakk.dot.net; ok markus@
5fb9865a 851
c9d0ad9b 85220011219
853 - (stevesk) OpenBSD CVS sync X11 localhost display
854 - stevesk@cvs.openbsd.org 2001/11/29 14:10:51
855 [channels.h channels.c session.c]
856 sshd X11 fake server will now listen on localhost by default:
857 $ echo $DISPLAY
858 localhost:12.0
859 $ netstat -an|grep 6012
860 tcp 0 0 127.0.0.1.6012 *.* LISTEN
861 tcp6 0 0 ::1.6012 *.* LISTEN
862 sshd_config gatewayports=yes can be used to revert back to the old
863 behavior. will control this with another option later. ok markus@
864 - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
865 [includes.h session.c]
866 handle utsname.nodename case for FamilyLocal X authorization; ok markus@
867
3f3ac025 86820011207
869 - (bal) PCRE no longer required. Banished from the source along with
870 fake-regex.h
c20f63d3 871 - (bal) OpenBSD CVS Sync
872 - stevesk@cvs.openbsd.org 2001/12/06 18:02:32
873 [channels.c sshconnect.c]
874 shutdown(sock, SHUT_RDWR) not needed here; ok markus@
74860245 875 - stevesk@cvs.openbsd.org 2001/12/06 18:09:23
876 [channels.c session.c]
877 strncpy->strlcpy. remaining strncpy's are necessary. ok markus@
d24631c9 878 - stevesk@cvs.openbsd.org 2001/12/06 18:20:32
879 [channels.c]
880 disable nagle for X11 fake server and client TCPs. from netbsd.
881 ok markus@
3f3ac025 882
88320011206
6056eb35 884 - (bal) OpenBSD CVS Sync
885 - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
886 [sshd.c]
887 errno saving wrapping in a signal handler
0408c978 888 - markus@cvs.openbsd.org 2001/11/16 12:46:13
889 [ssh-keyscan.c]
890 handle empty lines instead of dumping core; report from sha@sha-1.net
17a3011c 891 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
892 [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
893 enum/int type cleanup where it made sense to do so; ok markus@
7ace8c3b 894 - markus@cvs.openbsd.org 2001/11/19 11:20:21
895 [sshd.c]
896 fd leak on HUP; ok stevesk@
8666316a 897 - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
898 [ssh-agent.1]
899 clarify/state that private keys are not exposed to clients using the
900 agent; ok markus@
44c2ab73 901 - mpech@cvs.openbsd.org 2001/11/19 19:02:16
902 [deattack.c radix.c]
903 kill more registers
904 millert@ ok
2f98d223 905 - markus@cvs.openbsd.org 2001/11/21 15:51:24
906 [key.c]
907 mem leak
c840d0ad 908 - stevesk@cvs.openbsd.org 2001/11/21 18:49:14
909 [ssh-keygen.1]
910 more on passphrase construction; ok markus@
f48e63c8 911 - stevesk@cvs.openbsd.org 2001/11/22 05:27:29
912 [ssh-keyscan.c]
913 don't use "\n" in fatal()
7a934d1b 914 - markus@cvs.openbsd.org 2001/11/22 12:34:22
915 [clientloop.c serverloop.c sshd.c]
916 volatile sig_atomic_t
58d94604 917 - stevesk@cvs.openbsd.org 2001/11/29 19:06:39
918 [channels.h]
919 remove dead function prototype; ok markus@
2975f58d 920 - markus@cvs.openbsd.org 2001/11/29 22:08:48
921 [auth-rsa.c]
922 fix protocol error: send 'failed' message instead of a 2nd challenge
923 (happens if the same key is in authorized_keys twice).
924 reported Ralf_Meister@genua.de; ok djm@
b48eeb07 925 - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
926 [ssh.c]
927 sscanf() length dependencies are clearer now; can also shrink proto
928 and data if desired, but i have not done that. ok markus@
2548961d 929 - markus@cvs.openbsd.org 2001/12/01 21:41:48
930 [session.c sshd.8]
931 don't pass user defined variables to /usr/bin/login
947b64c7 932 - deraadt@cvs.openbsd.org 2001/12/02 02:08:32
933 [sftp-common.c]
934 zap };
010f9726 935 - itojun@cvs.openbsd.org 2001/12/05 03:50:01
936 [clientloop.c serverloop.c sshd.c]
937 deal with LP64 printf issue with sig_atomic_t. from thorpej
d5bb9418 938 - itojun@cvs.openbsd.org 2001/12/05 03:56:39
939 [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
940 sshconnect2.c]
941 make it compile with more strict prototype checking
6aacefa7 942 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
943 [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
944 key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
945 sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
946 minor KNF
663ebb32 947 - markus@cvs.openbsd.org 2001/12/05 15:04:48
948 [version.h]
949 post 3.0.2
6a92533a 950 - markus@cvs.openbsd.org 2001/12/05 16:54:51
951 [compat.c match.c match.h]
952 make theo and djm happy: bye bye regexp
2717fa0f 953 - markus@cvs.openbsd.org 2001/12/06 13:30:06
954 [servconf.c servconf.h sshd.8 sshd.c]
955 add -o to sshd, too. ok deraadt@
956 - (bal) Minor white space fix up in servconf.c
6056eb35 957
ffb8d130 95820011126
959 - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
960 openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
961 Allow SSHD to install as service under WIndows 9x/Me
962 [configure.ac] Fix to allow linking against PCRE on Cygwin
963 Patches by Corinna Vinschen <vinschen@redhat.com>
964
20716479 96520011115
966 - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
967 <djast@cs.toronto.edu> Fix from markus@
e41f14ae 968 - (djm) Release 3.0.1p1
20716479 969
9aba5a4d 97020011113
971 - (djm) Fix early (and double) free of remote user when using Kerberos.
972 Patch from Simon Wilkinson <simon@sxw.org.uk>
19e810f6 973 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
974 do_authenticated. Call loginfailed for protocol 2 failures > MAX like
975 we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
976 K.Wolkersdorfer@fz-juelich.de and others
ede8cea6 977 - (djm) OpenBSD CVS Sync
978 - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
979 [auth-krb5.c]
980 fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
981 art@, deraadt@ ok
b0248360 982 - markus@cvs.openbsd.org 2001/11/12 11:17:07
983 [servconf.c]
984 enable authorized_keys2 again. tested by fries@
0bbf2240 985 - markus@cvs.openbsd.org 2001/11/13 02:03:57
986 [version.h]
987 enter 3.0.1
86b164b3 988 - (djm) Bump RPM package versions
9aba5a4d 989
3e4e3bc8 99020011112
991 - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
d36ae718 992 - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
9ae3f727 993 - OpenBSD CVS Sync
994 - markus@cvs.openbsd.org 2001/10/24 08:41:41
995 [sshd.c]
996 mention remote port in debug message
f103187f 997 - markus@cvs.openbsd.org 2001/10/24 08:41:20
998 [ssh.c]
999 remove unused
67b75437 1000 - markus@cvs.openbsd.org 2001/10/24 08:51:35
1001 [clientloop.c ssh.c]
1002 ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
c6940381 1003 - markus@cvs.openbsd.org 2001/10/24 19:57:40
1004 [clientloop.c]
1005 make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
f564d016 1006 - markus@cvs.openbsd.org 2001/10/25 21:14:32
1007 [ssh-keygen.1 ssh-keygen.c]
1008 better docu for fingerprinting, ok deraadt@
e8d59b4d 1009 - markus@cvs.openbsd.org 2001/10/29 19:27:15
1010 [sshconnect2.c]
1011 hostbased: check for client hostkey before building chost
03cf595c 1012 - markus@cvs.openbsd.org 2001/10/30 20:29:09
1013 [ssh.1]
1014 ssh.1
b4b701be 1015 - markus@cvs.openbsd.org 2001/11/07 16:03:17
1016 [packet.c packet.h sshconnect2.c]
1017 pad using the padding field from the ssh2 packet instead of sending
1018 extra ignore messages. tested against several other ssh servers.
10f22cd7 1019 - markus@cvs.openbsd.org 2001/11/07 21:40:21
1020 [ssh-rsa.c]
1021 ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
abc4e9a7 1022 - markus@cvs.openbsd.org 2001/11/07 22:10:28
1023 [ssh-dss.c ssh-rsa.c]
1024 missing free and sync dss/rsa code.
713d61f7 1025 - markus@cvs.openbsd.org 2001/11/07 22:12:01
1026 [sshd.8]
1027 s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
f98585b0 1028 - markus@cvs.openbsd.org 2001/11/07 22:41:51
1029 [auth2.c auth-rh-rsa.c]
1030 unused includes
27c47c0a 1031 - markus@cvs.openbsd.org 2001/11/07 22:53:21
1032 [channels.h]
1033 crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
56b551e2 1034 - markus@cvs.openbsd.org 2001/11/08 10:51:08
1035 [readpass.c]
1036 don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
dd58cb5e 1037 - markus@cvs.openbsd.org 2001/11/08 17:49:53
1038 [ssh.1]
1039 mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@
fad3754c 1040 - markus@cvs.openbsd.org 2001/11/08 20:02:24
1041 [auth.c]
1042 don't print ROOT in CAPS for the authentication messages, i.e.
1043 Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
1044 becomes
1045 Accepted publickey for root from 127.0.0.1 port 42734 ssh2
b3ad8fe6 1046 - markus@cvs.openbsd.org 2001/11/09 18:59:23
1047 [clientloop.c serverloop.c]
1048 don't memset too much memory, ok millert@
1049 original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
ac28afd8 1050 - markus@cvs.openbsd.org 2001/11/10 13:19:45
1051 [sshd.c]
e15895cd 1052 cleanup libwrap support (remove bogus comment, bogus close(), add
1053 debug, etc).
5d4446bf 1054 - markus@cvs.openbsd.org 2001/11/10 13:22:42
1055 [ssh-rsa.c]
1056 KNF (unexpand)
ec413a68 1057 - markus@cvs.openbsd.org 2001/11/10 13:37:20
1058 [packet.c]
1059 remove extra debug()
5df83e07 1060 - markus@cvs.openbsd.org 2001/11/11 13:02:31
1061 [servconf.c]
e15895cd 1062 make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
1063 AuthorizedKeysFile is specified.
1064 - (djm) Reorder portable-specific server options so that they come first.
1065 This should help reduce diff collisions for new server options (as they
1066 will appear at the end)
3e4e3bc8 1067
78afd1dc 106820011109
1069 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
1070 if permit_empty_passwd == 0 so null password check cannot be bypassed.
1071 jayaraj@amritapuri.com OpenBSD bug 2168
30f60c34 1072 - markus@cvs.openbsd.org 2001/11/09 19:08:35
1073 [sshd.c]
1074 remove extra trailing dot from log message; pilot@naughty.monkey.org
1075
7c6d759d 107620011103
1077 - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates
1078 from Raymund Will <ray@caldera.de>
1079 [acconfig.h configure.in] Clean up login checks.
1080 Problem reported by Jim Knoble <jmknoble@pobox.com>
1081
108220011101
58389b85 1083 - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
1084
548fd014 108520011031
1086 - (djm) Unsmoke drugs: config files should be noreplace.
1087
b013a983 108820011030
1089 - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6
1090 by default (can force IPv4 using --define "noipv6 1")
1091
40d0f6b9 109220011029
1093 - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
1094 to configure.ac
1095
9f214051 109620011028
1097 - (djm) Avoid bug in Solaris PAM libs
7eb73cc1 1098 - (djm) Disconnect if no tty and PAM reports password expired
9678565b 1099 - (djm) Fix for PAM password changes being echoed (from stevesk)
840ad55e 1100 - (stevesk) Fix compile problem with PAM password change fix
37a8edf7 1101 - (stevesk) README: zlib location is http://www.gzip.org/zlib/
9f214051 1102
c8c15bcb 110320011027
1104 - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)
1105 Patch by Robert Dahlem <Robert.Dahlem@siemens.com>
1106
9e127e27 110720011026
1108 - (bal) Set the correct current time in login_utmp_only(). Patch by
1109 Wayne Davison <wayned@users.sourceforge.net>
fd96c060 1110 - (tim) [scard/Makefile.in] Fix install: when building outside of source
1111 tree and using --src=/full_path/to/openssh
1112 Patch by Mark D. Baushke <mdb@juniper.net>
9e127e27 1113
d321c94b 111420011025
1115 - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch
1116 by todd@
5a162955 1117 - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and
1118 tcp-wrappers precedence over system libraries and includes.
1119 Report from Dave Dykstra <dwd@bell-labs.com>
d321c94b 1120
95c88805 112120011024
1122 - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already.
451dab40 1123 - (tim) configure.in -> configure.ac
95c88805 1124
bc86d864 112520011023
1126 - (bal) Updated version to 3.0p1 in preparing for release.
7f0a4ff1 1127 - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform.
051809f6 1128 - (tim) [configure.in] Fix test for broken dirname. Based on patch from
1129 Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
1130 [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
1131 contrib/suse/openssh.spec] Update version to match version.h
bc86d864 1132
ce49121d 113320011022
1134 - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open).
1135 Report from Michal Zalewski <lcamtuf@coredump.cx>
1136
98a7c37b 113720011021
1138 - (tim) [configure.in] Clean up library testing. Add optional PATH to
1139 --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on
1140 patch by albert chin (china@thewrittenword.com)
1141 Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
1142 of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE
1143 with AC_CHECK_MEMBERS. Add test for broken dirname() on
1144 Solaris 2.5.1 by Dan Astoorian <djast@cs.toronto.edu>
1145 [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test.
1146 patch by albert chin (china@thewrittenword.com)
1147 [scp.c] Replace obsolete HAVE_ST_BLKSIZE with
1148 HAVE_STRUCT_STAT_ST_BLKSIZE.
1149 [Makefile.in] When running make in top level, always do make
1150 in openbsd-compat. patch by Dave Dykstra <dwd@bell-labs.com>
1151
09a3bd6d 115220011019
1153 - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by
1154 Zoran Milojevic <Zoran.Milojevic@SS8.com> and j.petersen@msh.de
1155
418e724c 115620011012
1157 - (djm) OpenBSD CVS Sync
1158 - markus@cvs.openbsd.org 2001/10/10 22:18:47
1159 [channels.c channels.h clientloop.c nchan.c serverloop.c]
1160 [session.c session.h]
1161 try to keep channels open until an exit-status message is sent.
1162 don't kill the login shells if the shells stdin/out/err is closed.
1163 this should now work:
1164 ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
efcc9957 1165 - markus@cvs.openbsd.org 2001/10/11 13:45:21
1166 [session.c]
1167 delay detach of session if a channel gets closed but the child is
1168 still alive. however, release pty, since the fd's to the child are
1169 already closed.
fd6cfbaf 1170 - markus@cvs.openbsd.org 2001/10/11 15:24:00
1171 [clientloop.c]
1172 clear select masks if we return before calling select().
b0454d44 1173 - (djm) "make veryclean" fix from Tom Holroyd <tomh@po.crl.go.jp>
aeabbb30 1174 - (djm) Clean some autoconf-2.52 junk when doing "make distclean"
8140f2aa 1175 - (djm) Cleanup sshpty.c a little
6e464960 1176 - (bal) First wave of contrib/solaris/ package upgrades. Still more
1177 work needs to be done, but it is a 190% better then the stuff we
1178 had before!
78c84f13 1179 - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not
1180 set right.
418e724c 1181
c48c32c1 118220011010
1183 - (djm) OpenBSD CVS Sync
1184 - markus@cvs.openbsd.org 2001/10/04 14:34:16
1185 [key.c]
1186 call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
0c139bd1 1187 - markus@cvs.openbsd.org 2001/10/04 15:05:40
1188 [channels.c serverloop.c]
1189 comment out bogus conditions for selecting on connection_in
72176c0e 1190 - markus@cvs.openbsd.org 2001/10/04 15:12:37
1191 [serverloop.c]
1192 client_alive_check cleanup
a2c92c4a 1193 - markus@cvs.openbsd.org 2001/10/06 00:14:50
1194 [sshconnect.c]
1195 remove unused argument
05fd093c 1196 - markus@cvs.openbsd.org 2001/10/06 00:36:42
1197 [session.c]
1198 fix typo in error message, sync with do_exec_nopty
01e9ef57 1199 - markus@cvs.openbsd.org 2001/10/06 11:18:19
1200 [sshconnect1.c sshconnect2.c sshconnect.c]
1201 unify hostkey check error messages, simplify prompt.
2cdccb44 1202 - markus@cvs.openbsd.org 2001/10/07 10:29:52
1203 [authfile.c]
1204 grammer; Matthew_Clarke@mindlink.bc.ca
639cb8ab 1205 - markus@cvs.openbsd.org 2001/10/07 17:49:40
1206 [channels.c channels.h]
1207 avoid possible FD_ISSET overflow for channels established
1208 during channnel_after_select() (used for dynamic channels).
f3964cb9 1209 - markus@cvs.openbsd.org 2001/10/08 11:48:57
1210 [channels.c]
1211 better debug
32af6a3f 1212 - markus@cvs.openbsd.org 2001/10/08 16:15:47
1213 [sshconnect.c]
1214 use correct family for -b option
dab89049 1215 - markus@cvs.openbsd.org 2001/10/08 19:05:05
1216 [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
1217 some more IPv4or6 cleanup
1218 - markus@cvs.openbsd.org 2001/10/09 10:12:08
1219 [session.c]
1220 chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
01855277 1221 - markus@cvs.openbsd.org 2001/10/09 19:32:49
1222 [session.c]
1223 stat subsystem command before calling do_exec, and return error to client.
9d1b2faa 1224 - markus@cvs.openbsd.org 2001/10/09 19:51:18
1225 [serverloop.c]
1226 close all channels if the connection to the remote host has been closed,
1227 should fix sshd's hanging with WCHAN==wait
d5f24f94 1228 - markus@cvs.openbsd.org 2001/10/09 21:59:41
1229 [channels.c channels.h serverloop.c session.c session.h]
1230 simplify session close: no more delayed session_close, no more
1231 blocking wait() calls.
b6a71cd2 1232 - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c
8782141f 1233 - (bal) seed_init() and seed_rng() required in ssh-keyscan.c
c48c32c1 1234
46dfe5ef 123520011007
1236 - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.
1237 Prompted by Matthew Vernon <matthew@sel.cam.ac.uk>
1238
822593d4 123920011005
1240 - (bal) AES works under Cray, no more hack.
1241
63fa6b6c 124220011004
1243 - (bal) nchan2.ms resync. BSD License applied.
1244
c8a62153 124520011003
1246 - (bal) CVS ID fix up in version.h
b6350327 1247 - (bal) OpenBSD CVS Sync:
1248 - markus@cvs.openbsd.org 2001/09/27 11:58:16
1249 [compress.c]
1250 mem leak; chombier@mac.com
1251 - markus@cvs.openbsd.org 2001/09/27 11:59:37
1252 [packet.c]
1253 missing called=1; chombier@mac.com
aa8003d6 1254 - markus@cvs.openbsd.org 2001/09/27 15:31:17
1255 [auth2.c auth2-chall.c sshconnect1.c]
1256 typos; from solar
5b263aae 1257 - camield@cvs.openbsd.org 2001/09/27 17:53:24
1258 [sshd.8]
1259 don't talk about compile-time options
1260 ok markus@
e99a518a 1261 - djm@cvs.openbsd.org 2001/09/28 12:07:09
1262 [ssh-keygen.c]
1263 bzero private key after loading to smartcard; ok markus@
f67792f2 1264 - markus@cvs.openbsd.org 2001/09/28 15:46:29
1265 [ssh.c]
1266 bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
5720c10e 1267 - markus@cvs.openbsd.org 2001/10/01 08:06:28
1268 [scp.c]
1269 skip filenames containing \n; report jdamery@chiark.greenend.org.uk
1270 and matthew@debian.org
5e4a7219 1271 - markus@cvs.openbsd.org 2001/10/01 21:38:53
1272 [channels.c channels.h ssh.c sshd.c]
1273 remove ugliness; vp@drexel.edu via angelos
8bbc048a 1274 - markus@cvs.openbsd.org 2001/10/01 21:51:16
1275 [readconf.c readconf.h ssh.1 sshconnect.c]
1276 add NoHostAuthenticationForLocalhost; note that the hostkey is
1277 now check for localhost, too.
e0543e42 1278 - djm@cvs.openbsd.org 2001/10/02 08:38:50
1279 [ssh-add.c]
1280 return non-zero exit code on error; ok markus@
e4d7f734 1281 - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
1282 [sshd.c]
1283 #include "channels.h" for channel_set_af()
76fbdd47 1284 - markus@cvs.openbsd.org 2001/10/03 10:01:20
1285 [auth.c]
1286 use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
c8a62153 1287
d9d47a26 128820011001
1289 - (stevesk) loginrec.c: fix type conversion problems exposed when using
1290 64-bit off_t.
1291
d8d6c87e 129220010929
1293 - (bal) move reading 'config.h' up higher. Patch by albert chin
1294 <china@thewrittenword.com)
1295
fc1fc39e 129620010928
1297 - (djm) OpenBSD CVS sync:
1298 - djm@cvs.openbsd.org 2001/09/28 09:49:31
1299 [scard.c]
1300 Fix segv when smartcard communication error occurs during key load.
1301 ok markus@
e3d5570b 1302 - (djm) Update spec files for new x11-askpass
fc1fc39e 1303
8a9ac95d 130420010927
1305 - (stevesk) session.c: declare do_pre_login() before use
1306 wayned@users.sourceforge.net
1307
aa9f6a6e 130820010925
1309 - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
168edd95 1310 - (djm) Sync $sysconfdir/moduli
948fd8b9 1311 - (djm) Add AC_SYS_LARGEFILE configure test
4f9d80ee 1312 - (djm) Avoid bad and unportable sprintf usage in compat code
aa9f6a6e 1313
57dade33 131420010923
1315 - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
1316 by stevesk@
927c3e15 1317 - (bal) Removed 'extern int optopt;' since it is dead wood.
8ead88d3 1318 - (bal) Updated all *.specs for 2.9.9p1 and updated version.h
57dade33 1319
8ab12eb4 132020010923
1321 - (bal) OpenBSD CVS Sync
1322 - markus@cvs.openbsd.org 2001/09/23 11:09:13
1323 [authfile.c]
1324 relax permission check for private key files.
157fc8e1 1325 - markus@cvs.openbsd.org 2001/09/23 09:58:13
1326 [LICENCE]
1327 new rijndael implementation
8ab12eb4 1328
64bdafe1 132920010920
1330 - (tim) [scard/Makefile.in] Don't strip the Java binary
4a38efad 1331 - (stevesk) sun_len, SUN_LEN() configure stuff no longer required
fc7eca52 1332 - (bal) OpenBSD CVS Sync
1333 - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
1334 [sshd.8]
1335 fix ClientAliveCountMax
ddcfed57 1336 - markus@cvs.openbsd.org 2001/09/20 13:46:48
1337 [auth2.c]
1338 key_read returns now -1 or 1
bcdb96c2 1339 - markus@cvs.openbsd.org 2001/09/20 13:50:40
1340 [compat.c compat.h ssh.c]
1341 bug compat: request a dummy channel for -N (no shell) sessions +
1342 cleanup; vinschen@redhat.com
4a778de1 1343 - mouring@cvs.openbsd.org 2001/09/20 20:57:51
1344 [sshd_config]
1345 CheckMail removed. OKed stevesk@
64bdafe1 1346
4cdbc654 134720010919
35c69348 1348 - (bal) OpenBSD Sync
4cdbc654 1349 - markus@cvs.openbsd.org 2001/09/19 10:08:51
1350 [sshd.8]
1351 command=xxx applies to subsystem now, too
cb8c7bad 1352 - markus@cvs.openbsd.org 2001/09/19 13:23:29
1353 [key.c]
1354 key_read() now returns -1 on type mismatch, too
e1c5bfaf 1355 - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
1356 [readconf.c readconf.h scp.c sftp.c ssh.1]
1357 add ClearAllForwardings ssh option and set it in scp and sftp; ok
1358 markus@
f34f05d5 1359 - stevesk@cvs.openbsd.org 2001/09/19 19:35:30
1360 [authfd.c]
1361 use sizeof addr vs. SUN_LEN(addr) for sockaddr_un. Stevens
1362 blesses this and we do it this way elsewhere. this helps in
1363 portable because not all systems have SUN_LEN() and
1364 sockaddr_un.sun_len. ok markus@
2043936f 1365 - stevesk@cvs.openbsd.org 2001/09/19 21:04:53
1366 [sshd.8]
1367 missing -t in usage
368bae7d 1368 - stevesk@cvs.openbsd.org 2001/09/19 21:41:57
1369 [sshd.8]
1370 don't advertise -V in usage; ok markus@
35c69348 1371 - (bal) openbsd-compat/vis.[ch] is dead wood. Removed.
4cdbc654 1372
d0b19c95 137320010918
46a831dd 1374 - (djm) Configure support for smartcards. Based on Ben's work.
fef4ea6b 1375 - (djm) Revert setgroups call, it causes problems on OS-X
46a831dd 1376 - (djm) Avoid warning on BSDgetopt
93816ec8 1377 - (djm) More makefile infrastructre for smartcard support, also based
1378 on Ben's work
4b255446 1379 - (djm) Specify --datadir in RPM spec files so smartcard applet gets
1380 put somewhere sane. Add Ssh.bin to manifest.
69c94072 1381 - (djm) Make smartcard support conditional in Redhat RPM spec
1a77481c 1382 - (bal) LICENCE update. Has not been done in a while.
f49df8e9 1383 - (stevesk) nchan.c: we use X/Open Sockets on HP-UX now so shutdown(2)
1384 returns ENOTCONN vs. EINVAL for socket not connected; remove EINVAL
1385 check. ok Lutz Jaenicke
35c69348 1386 - (bal) OpenBSD CVS Sync
f1278af7 1387 - stevesk@cvs.openbsd.org 2001/09/17 17:57:57
1388 [scp.1 scp.c sftp.1 sftp.c]
1389 add -Fssh_config option; ok markus@
cf54363d 1390 - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
1391 [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
1392 u_char*/char* cleanup; ok markus
4e842b5e 1393 - markus@cvs.openbsd.org 2001/09/17 20:22:14
1394 [scard.c]
1395 never keep a connection to the smartcard open.
1396 allows ssh-keygen -D U while the agent is running; report from
1397 jakob@
e3c1c3e6 1398 - stevesk@cvs.openbsd.org 2001/09/17 20:38:09
1399 [sftp.1 sftp.c]
1400 cleanup and document -1, -s and -S; ok markus@
f7436b8c 1401 - markus@cvs.openbsd.org 2001/09/17 20:50:22
1402 [key.c ssh-keygen.c]
1403 better error handling if you try to export a bad key to ssh.com
a5f82435 1404 - markus@cvs.openbsd.org 2001/09/17 20:52:47
1405 [channels.c channels.h clientloop.c]
1406 try to fix agent-forwarding-backconnection-bug, as seen on HPUX,
1407 for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
780a9951 1408 - markus@cvs.openbsd.org 2001/09/17 21:04:02
1409 [channels.c serverloop.c]
1410 don't send fake dummy packets on CR (\r)
1411 bugreport from yyua@cs.sfu.ca via solar@@openwall.com
b6761a3e 1412 - markus@cvs.openbsd.org 2001/09/17 21:09:47
1413 [compat.c]
1414 more versions suffering the SSH_BUG_DEBUG bug;
1415 3.0.x reported by dbutts@maddog.storability.com
edaeb835 1416 - stevesk@cvs.openbsd.org 2001/09/17 23:56:07
1417 [scp.1]
1418 missing -B in usage string
d0b19c95 1419
d31a32a4 142020010917
1421 - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
cb547f98 1422 - (tim) [includes.h openbsd-compat/getopt.c openbsd-compat/getopt.h]
1423 rename getopt() to BSDgetopt() to keep form conflicting with
1424 system getopt().
1425 [Makefile.in configure.in] disable filepriv until I can add
1426 missing procpriv calls.
d31a32a4 1427
95d00a03 142820010916
1429 - (djm) Workaround XFree breakage in RPM spec file
6fcf67f7 1430 - (bal) OpenBSD CVS Sync
1431 - markus@cvs.openbsd.org 2001/09/16 14:46:54
1432 [session.c]
1433 calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
1434 pr 1943b
95d00a03 1435
0e0144b7 143620010915
1437 - (djm) Make do_pre_login static to avoid prototype #ifdef hell
0fd6c7a9 1438 - (djm) Sync scard/ stuff
23c098ba 1439 - (djm) Redhat spec file cleanups from Pekka Savola <pekkas@netcore.fi> and
1440 Redhat
94a29edc 1441 - (djm) Redhat initscript config sanity checking from Pekka Savola
1442 <pekkas@netcore.fi>
e72ff812 1443 - (djm) Clear supplemental groups at sshd start to prevent them from
1444 being propogated to random PAM modules. Based on patch from Redhat via
1445 Pekka Savola <pekkas@netcore.fi>
a2cb4268 1446 - (djm) Make sure rijndael.c picks config.h
1447 - (djm) Ensure that u_char gets defined
0e0144b7 1448
dcf29cf8 144920010914
1450 - (bal) OpenBSD CVS Sync
1451 - markus@cvs.openbsd.org 2001/09/13
1452 [rijndael.c rijndael.h]
1453 missing $OpenBSD
fd022eed 1454 - markus@cvs.openbsd.org 2001/09/14
1455 [session.c]
1456 command=xxx overwrites subsystems, too
9658ecbc 1457 - markus@cvs.openbsd.org 2001/09/14
1458 [sshd.c]
1459 typo
fd022eed 1460
88c3bfe0 146120010913
1462 - (bal) OpenBSD CVS Sync
1463 - markus@cvs.openbsd.org 2001/08/23 11:31:59
1464 [cipher.c cipher.h]
1465 switch to the optimised AES reference code from
1466 http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
1467
5c53a31e 146820010912
1469 - (bal) OpenBSD CVS Sync
1470 - jakob@cvs.openbsd.org 2001/08/16 19:18:34
1471 [servconf.c servconf.h session.c sshd.8]
1472 deprecate CheckMail. ok markus@
54bf768d 1473 - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
1474 [ssh.1 sshd.8]
1475 document case sensitivity for ssh, sshd and key file
1476 options and arguments; ok markus@
6d7b3036 1477 - stevesk@cvs.openbsd.org 2001/08/17 18:59:47
1478 [servconf.h]
1479 typo in comment
ae897d7c 1480 - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
1481 [ssh.1 sshd.8]
1482 minor typos and cleanup
c78e5800 1483 - stevesk@cvs.openbsd.org 2001/08/22 16:21:21
1484 [ssh.1]
1485 hostname not optional; ok markus@
9495bfc5 1486 - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
1487 [sshd.8]
1488 no rexd; ok markus@
29999e54 1489 - stevesk@cvs.openbsd.org 2001/08/22 17:45:16
1490 [ssh.1]
1491 document cipher des for protocol 1; ok deraadt@
8fbc356d 1492 - camield@cvs.openbsd.org 2001/08/23 17:59:31
1493 [sshd.c]
1494 end request with 0, not NULL
1495 ok markus@
d866473d 1496 - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
1497 [ssh-agent.1]
1498 fix usage; ok markus@
75304f85 1499 - stevesk@cvs.openbsd.org 2001/08/23 18:08:59
1500 [ssh-add.1 ssh-keyscan.1]
1501 minor cleanup
b7f79e7a 1502 - danh@cvs.openbsd.org 2001/08/27 22:02:13
1503 [ssh-keyscan.c]
1504 fix memory fault if non-existent filename is given to the -f option
1505 ok markus@
14e4a15f 1506 - markus@cvs.openbsd.org 2001/08/28 09:51:26
1507 [readconf.c]
1508 don't set DynamicForward unless Host matches
e591b98a 1509 - markus@cvs.openbsd.org 2001/08/28 15:39:48
1510 [ssh.1 ssh.c]
1511 allow: ssh -F configfile host
46660a9e 1512 - markus@cvs.openbsd.org 2001/08/29 20:44:03
1513 [scp.c]
1514 clear the malloc'd buffer, otherwise source() will leak malloc'd
1515 memory; ok theo@
e675b851 1516 - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
1517 [sshd.8]
1518 add text about -u0 preventing DNS requests; ok markus@
4c780c2a 1519 - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
1520 [ssh.1 ssh.c]
1521 document -D and DynamicForward; ok markus@
d2e3df16 1522 - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
1523 [ssh.c]
1524 validate ports for -L/-R; ok markus@
70068acc 1525 - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
1526 [ssh.1 sshd.8]
1527 additional documentation for GatewayPorts; ok markus@
ad3e169f 1528 - naddy@cvs.openbsd.org 2001/08/30 15:42:36
1529 [ssh.1]
1530 add -D to synopsis line; ok markus@
3a8aabf0 1531 - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
1532 [readconf.c ssh.1]
1533 validate ports for LocalForward/RemoteForward.
1534 add host/port alternative syntax for IPv6 (like -L/-R).
1535 ok markus@
ed787d14 1536 - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
1537 [auth-options.c sshd.8]
1538 validate ports for permitopen key file option. add host/port
1539 alternative syntax for IPv6. ok markus@
4278ff63 1540 - markus@cvs.openbsd.org 2001/08/30 22:22:32
1541 [ssh-keyscan.c]
1542 do not pass pointers to longjmp; fix from wayne@blorf.net
6b759005 1543 - markus@cvs.openbsd.org 2001/08/31 11:46:39
1544 [sshconnect2.c]
93111dfa 1545 disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST
1546 messages
1547 - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
1548 [readconf.c readconf.h ssh.c]
1549 fatal() for nonexistent -Fssh_config. ok markus@
91789042 1550 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
1551 [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
1552 avoid first person in manual pages
3a222388 1553 - stevesk@cvs.openbsd.org 2001/09/12 18:18:25
1554 [scp.c]
1555 don't forward agent for non third-party copies; ok markus@
5c53a31e 1556
c6ed03bd 155720010815
1558 - (bal) Fixed stray code in readconf.c that went in by mistake.
65e683bd 1559 - OpenBSD CVS Sync
1560 - markus@cvs.openbsd.org 2001/08/07 10:37:46
1561 [authfd.c authfd.h]
1562 extended failure messages from galb@vandyke.com
c7f89f1f 1563 - deraadt@cvs.openbsd.org 2001/08/08 07:16:58
1564 [scp.1]
1565 when describing the -o option, give -o Protocol=1 as the specific example
1566 since we are SICK AND TIRED of clueless people who cannot have difficulty
1567 thinking on their own.
f2f1bedd 1568 - markus@cvs.openbsd.org 2001/08/08 18:20:15
1569 [uidswap.c]
1570 permanently_set_uid is a noop if user is not privilegued;
1571 fixes bug on solaris; from sbi@uchicago.edu
58df8789 1572 - markus@cvs.openbsd.org 2001/08/08 21:34:19
1573 [uidswap.c]
1574 undo last change; does not work for sshd
c3abff07 1575 - jakob@cvs.openbsd.org 2001/08/11 22:51:27
1576 [ssh.c tildexpand.c]
1577 fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>.
1578 ok markus@
4fa5a4db 1579 - stevesk@cvs.openbsd.org 2001/08/13 23:38:54
1580 [scp.c]
1581 don't need main prototype (also sync with rcp); ok markus@
68874d2b 1582 - markus@cvs.openbsd.org 2001/08/14 09:23:02
1583 [sftp.1 sftp-int.c]
1584 "bye"; hk63a@netscape.net
38539909 1585 - stevesk@cvs.openbsd.org 2001/08/14 17:54:29
1586 [scp.1 sftp.1 ssh.1]
1587 consistent documentation and example of ``-o ssh_option'' for sftp and
1588 scp; document keyword=argument for ssh.
41cb4569 1589 - (bal) QNX resync. OK tim@
c6ed03bd 1590
3454ff55 159120010814
1592 - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup
1593 for some #ifdef _CRAY code; ok wendyp@cray.com
5bd6962b 1594 - (stevesk) sshpty.c: return 0 on error in cray pty code;
1595 ok wendyp@cray.com
4809bc4c 1596 - (stevesk) bsd-cray.c: utmp strings are not C strings
8280a5ae 1597 - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com
3454ff55 1598
d89a02d4 159920010812
1600 - (djm) Fix detection of long long int support. Based on patch from
1601 Michael Stone <mstone@cs.loyola.edu>. ok stevesk, tim
1602
7ef909d3 160320010808
1604 - (bal) Minor correction to inet_ntop.h. _BSD_RRESVPORT_H should be
1605 _BSD_INET_NTOP_H. Pointed out by Mark Miller <markm@swoon.net>
1606
a704dd54 160720010807
1608 - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in
1609 openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
1610 in. Needed for sshconnect.c
1611 [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
1612 [configure.in] make tests with missing libraries fail
1613 patch by Wendy Palm <wendyp@cray.com>
1614 Added openbsd-compat/bsd-cray.h. Selective patches from
1615 William L. Jones <jones@mail.utexas.edu>
1616
4f7893dc 161720010806
1618 - OpenBSD CVS Sync
1619 - markus@cvs.openbsd.org 2001/07/22 21:32:27
1620 [sshpty.c]
1621 update comment
0aea6c59 1622 - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42
1623 [ssh.1]
1624 There is no option "Compress", point to "Compression" instead; ok
1625 markus
10a2cbef 1626 - markus@cvs.openbsd.org 2001/07/22 22:04:19
1627 [readconf.c ssh.1]
1628 enable challenge-response auth by default; ok millert@
248bad82 1629 - markus@cvs.openbsd.org 2001/07/22 22:24:16
1630 [sshd.8]
1631 Xr login.conf
9f37c0af 1632 - markus@cvs.openbsd.org 2001/07/23 09:06:28
1633 [sshconnect2.c]
1634 reorder default sequence of userauth methods to match ssh behaviour:
1635 hostbased,publickey,keyboard-interactive,password
29c440a0 1636 - markus@cvs.openbsd.org 2001/07/23 12:47:05
1637 [ssh.1]
1638 sync PreferredAuthentications
7fd9477e 1639 - aaron@cvs.openbsd.org 2001/07/23 14:14:18
1640 [ssh-keygen.1]
1641 Fix typo.
1bdee08c 1642 - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
1643 [auth2.c auth-rsa.c]
1644 use %lu; ok markus@
bac2ef55 1645 - stevesk@cvs.openbsd.org 2001/07/23 18:21:46
1646 [xmalloc.c]
1647 no zero size xstrdup() error; ok markus@
55684f0c 1648 - markus@cvs.openbsd.org 2001/07/25 11:59:35
1649 [scard.c]
1650 typo in comment
ce773142 1651 - markus@cvs.openbsd.org 2001/07/25 14:35:18
1652 [readconf.c ssh.1 ssh.c sshconnect.c]
1653 cleanup connect(); connection_attempts 4 -> 1; from
1654 eivind@freebsd.org
f87f09aa 1655 - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
1656 [sshd.8 sshd.c]
1657 add -t option to test configuration file and keys; pekkas@netcore.fi
1658 ok markus@
c42158fe 1659 - rees@cvs.openbsd.org 2001/07/26 20:04:27
1660 [scard.c ssh-keygen.c]
1661 Inquire Cyberflex class for 0xf0 cards
1662 change aid to conform to 7816-5
1663 remove gratuitous fid selects
2e23cde0 1664 - millert@cvs.openbsd.org 2001/07/27 14:50:45
1665 [ssh.c]
1666 If smart card support is compiled in and a smart card is being used
1667 for authentication, make it the first method used. markus@ OK
0b2988ca 1668 - deraadt@cvs.openbsd.org 2001/07/27 17:26:16
1669 [scp.c]
1670 shorten lines
7f19f8bb 1671 - markus@cvs.openbsd.org 2001/07/28 09:21:15
1672 [sshd.8]
1673 cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
79a6cb5c 1674 - mouring@cvs.openbsd.org 2001/07/29 17:02:46
1675 [scp.1]
1676 Clarified -o option in scp.1 OKed by Markus@
0b595937 1677 - jakob@cvs.openbsd.org 2001/07/30 16:06:07
1678 [scard.c scard.h]
1679 better errorcodes from sc_*; ok markus@
d6192346 1680 - stevesk@cvs.openbsd.org 2001/07/30 16:23:30
1681 [rijndael.c rijndael.h]
1682 new BSD-style license:
1683 Brian Gladman <brg@gladman.plus.com>:
1684 >I have updated my code at:
1685 >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
1686 >with a copyright notice as follows:
1687 >[...]
1688 >I am not sure which version of my old code you are using but I am
1689 >happy for the notice above to be substituted for my existing copyright
1690 >intent if this meets your purpose.
71b7a18e 1691 - jakob@cvs.openbsd.org 2001/07/31 08:41:10
1692 [scard.c]
1693 do not complain about missing smartcards. ok markus@
eea098a3 1694 - jakob@cvs.openbsd.org 2001/07/31 09:28:44
1695 [readconf.c readconf.h ssh.1 ssh.c]
1696 add 'SmartcardDevice' client option to specify which smartcard device
1697 is used to access a smartcard used for storing the user's private RSA
1698 key. ok markus@.
88690211 1699 - jakob@cvs.openbsd.org 2001/07/31 12:42:50
1700 [sftp-int.c sftp-server.c]
1701 avoid paths beginning with "//"; <vinschen@redhat.com>
1702 ok markus@
2251e099 1703 - jakob@cvs.openbsd.org 2001/07/31 12:53:34
1704 [scard.c]
1705 close smartcard connection if card is missing
9ff6f66f 1706 - markus@cvs.openbsd.org 2001/08/01 22:03:33
1707 [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
1708 ssh-agent.c ssh.c]
1709 use strings instead of ints for smartcard reader ids
1930af48 1710 - markus@cvs.openbsd.org 2001/08/01 22:16:45
1711 [ssh.1 sshd.8]
1712 refer to current ietf drafts for protocol v2
4f831fd7 1713 - markus@cvs.openbsd.org 2001/08/01 23:33:09
1714 [ssh-keygen.c]
1715 allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
1716 like sectok).
1a23ac2c 1717 - markus@cvs.openbsd.org 2001/08/01 23:38:45
05b7537a 1718 [scard.c ssh.c]
1719 support finish rsa keys.
1720 free public keys after login -> call finish -> close smartcard.
93a56445 1721 - markus@cvs.openbsd.org 2001/08/02 00:10:17
1722 [ssh-keygen.c]
1723 add -D readerid option (download, i.e. print public RSA key to stdout).
1724 check for card present when uploading keys.
1725 use strings instead of ints for smartcard reader ids, too.
285d2b15 1726 - jakob@cvs.openbsd.org 2001/08/02 08:58:35
1727 [ssh-keygen.c]
1728 change -u (upload smartcard key) to -U. ok markus@
58153e34 1729 - jakob@cvs.openbsd.org 2001/08/02 15:06:52
1730 [ssh-keygen.c]
1731 more verbose usage(). ok markus@
f0d6bdcf 1732 - jakob@cvs.openbsd.org 2001/08/02 15:07:23
1733 [ssh-keygen.1]
1734 document smartcard upload/download. ok markus@
315dfb04 1735 - jakob@cvs.openbsd.org 2001/08/02 15:32:10
1736 [ssh.c]
1737 add smartcard to usage(). ok markus@
3e984472 1738 - jakob@cvs.openbsd.org 2001/08/02 15:43:57
1739 [ssh-agent.c ssh.c ssh-keygen.c]
1740 add /* SMARTCARD */ to #else/#endif. ok markus@
1a23ac2c 1741 - jakob@cvs.openbsd.org 2001/08/02 16:14:05
dd2495cb 1742 [scard.c ssh-agent.c ssh.c ssh-keygen.c]
1743 clean up some /* SMARTCARD */. ok markus@
0f6d5acf 1744 - mpech@cvs.openbsd.org 2001/08/02 18:37:35
1745 [ssh-keyscan.1]
1746 o) .Sh AUTHOR -> .Sh AUTHORS;
1747 o) .Sh EXAMPLE -> .Sh EXAMPLES;
1748 o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
1749
1750 millert@ ok
5a26334c 1751 - jakob@cvs.openbsd.org 2001/08/03 10:31:19
1752 [ssh-add.1]
1753 document smartcard options. ok markus@
33e766d2 1754 - jakob@cvs.openbsd.org 2001/08/03 10:31:30
1755 [ssh-add.c ssh-agent.c ssh-keyscan.c]
1756 improve usage(). ok markus@
5061072f 1757 - markus@cvs.openbsd.org 2001/08/05 23:18:20
1758 [ssh-keyscan.1 ssh-keyscan.c]
1759 ssh 2 support; from wayned@users.sourceforge.net
578954b1 1760 - markus@cvs.openbsd.org 2001/08/05 23:29:58
1761 [ssh-keyscan.c]
1762 make -t dsa work with commercial servers, too
cddb9003 1763 - stevesk@cvs.openbsd.org 2001/08/06 19:47:05
1764 [scp.c]
1765 use alarm vs. setitimer for portable; ok markus@
94796c10 1766 - (bal) ssh-keyscan double -lssh hack due to seed_rng().
1a23ac2c 1767 - (bal) Second around of UNICOS patches. A few other things left.
1768 Patches by William L. Jones <jones@mail.utexas.edu>
4f7893dc 1769
29a47408 177020010803
1771 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
1772 a fast UltraSPARC.
1773
42ad0eec 177420010726
1775 - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
1776 handler has converged.
1777
aa7dbcdd 177820010725
1779 - (bal) Added 'install-nokeys' to Makefile to assist package builders.
1780
0b7d19eb 178120010724
1782 - (bal) 4711 not 04711 for ssh binary.
1783
ca5c7d6a 178420010722
1785 - (bal) Starting the Unicossmk merger. File merged TODO, configure.in,
1786 myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in.
1787 Added openbsd-compat/bsd-cray.c. Rest will be merged after
1788 approval. Selective patches from William L. Jones
1789 <jones@mail.utexas.edu>
7458aff1 1790 - OpenBSD CVS Sync
1791 - markus@cvs.openbsd.org 2001/07/18 21:10:43
1792 [sshpty.c]
1793 pr #1946, allow sshd if /dev is readonly
ec9f3450 1794 - stevesk@cvs.openbsd.org 2001/07/18 21:40:40
1795 [ssh-agent.c]
1796 chdir("/") from bbraun@synack.net; ok markus@
5bef3c35 1797 - stevesk@cvs.openbsd.org 2001/07/19 00:41:44
1798 [ssh.1]
1799 escape chars are below now
7efa8482 1800 - markus@cvs.openbsd.org 2001/07/20 14:46:11
1801 [ssh-agent.c]
1802 do not exit() from signal handlers; ok deraadt@
491f5f7b 1803 - stevesk@cvs.openbsd.org 2001/07/20 18:41:51
1804 [ssh.1]
1805 "the" command line
ca5c7d6a 1806
979b0a64 180720010719
1808 - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS.
1809 report from Mark Miller <markm@swoon.net>
1810
6e69a45d 181120010718
1812 - OpenBSD CVS Sync
2c5b1791 1813 - stevesk@cvs.openbsd.org 2001/07/14 15:10:17
1814 [readpass.c sftp-client.c sftp-common.c sftp-glob.c]
1815 delete spurious #includes; ok deraadt@ markus@
68fa858a 1816 - markus@cvs.openbsd.org 2001/07/15 16:17:08
2c5b1791 1817 [serverloop.c]
1818 schedule client alive for ssh2 only, greg@cheers.bungi.com
2c71dfc1 1819 - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
1820 [ssh-agent.1]
1821 -d will not fork; ok markus@
d1fc1b88 1822 - stevesk@cvs.openbsd.org 2001/07/15 16:58:29
68fa858a 1823 [ssh-agent.c]
d1fc1b88 1824 typo in usage; ok markus@
68fa858a 1825 - markus@cvs.openbsd.org 2001/07/17 20:48:42
1826 [ssh-agent.c]
e364646f 1827 update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
68fa858a 1828 - markus@cvs.openbsd.org 2001/07/17 21:04:58
1829 [channels.c channels.h clientloop.c nchan.c serverloop.c]
489aa2e9 1830 keep track of both maxfd and the size of the malloc'ed fdsets.
1831 update maxfd if maxfd gets closed.
c3941fa6 1832 - mouring@cvs.openbsd.org 2001/07/18 16:45:52
1833 [scp.c]
1834 Missing -o in scp usage()
68fa858a 1835 - (bal) Cleaned up trailing spaces in ChangeLog.
31fb6aaf 1836 - (bal) Allow sshd to switch user context without password for Cygwin.
1837 Patch by Corinna Vinschen <vinschen@redhat.com>
41fcc457 1838 - (bal) Updated cygwin README and ssh-host-config. Patch by
ad0cc858 1839 Corinna Vinschen <vinschen@redhat.com>
6e69a45d 1840
39c98ef7 184120010715
1842 - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by
1843 Josh Larios <jdlarios@cac.washington.edu>
c14e6239 1844 - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in.
1845 needed by openbsd-compat/fake-getaddrinfo.c
68fa858a 1846
6800f427 184720010714
1848 - (stevesk) change getopt() declaration
763a1a18 1849 - (stevesk) configure.in: use ll suffix for long long constant
1850 in snprintf() test
6800f427 1851
453b4bd0 185220010713
68fa858a 1853 - (djm) Enable /etc/nologin check on PAM systems, as some lack the
1854 pam_nologin module. Report from William Yodlowsky
453b4bd0 1855 <bsd@openbsd.rutgers.edu>
9912296f 1856 - (djm) Revert dirname fix, a better one is on its way.
1ee482c5 1857 - OpenBSD CVS Sync
1858 - markus@cvs.openbsd.org 2001/07/04 22:47:19
1859 [ssh-agent.c]
1860 ignore SIGPIPE when debugging, too
878b5225 1861 - markus@cvs.openbsd.org 2001/07/04 23:13:10
1862 [scard.c scard.h ssh-agent.c]
1863 handle card removal more gracefully, add sc_close() to scard.h
77261db4 1864 - markus@cvs.openbsd.org 2001/07/04 23:39:07
1865 [ssh-agent.c]
1866 for smartcards remove both RSA1/2 keys
a0e0f486 1867 - markus@cvs.openbsd.org 2001/07/04 23:49:27
1868 [ssh-agent.c]
1869 handle mutiple adds of the same smartcard key
62bb2c8f 1870 - espie@cvs.openbsd.org 2001/07/05 11:43:33
1871 [sftp-glob.c]
1872 Directly cast to the right type. Ok markus@
1873 - stevesk@cvs.openbsd.org 2001/07/05 20:32:47
1874 [sshconnect1.c]
1875 statement after label; ok dugsong@
97de229c 1876 - stevesk@cvs.openbsd.org 2001/07/08 15:23:38
1877 [servconf.c]
1878 fix ``MaxStartups max''; ok markus@
f5a1a01a 1879 - fgsch@cvs.openbsd.org 2001/07/09 05:58:47
1880 [ssh.c]
1881 Use getopt(3); markus@ ok.
ed916b28 1882 - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
1883 [session.c sftp-int.c]
1884 correct type on last arg to execl(); nordin@cse.ogi.edu
333b5ba7 1885 - markus@cvs.openbsd.org 2001/07/10 21:49:12
1886 [readpass.c]
1887 don't panic if fork or pipe fail (just return an empty passwd).
46d738cd 1888 - itojun@cvs.openbsd.org 2001/07/11 00:24:53
1889 [servconf.c]
68fa858a 1890 make it compilable in all 4 combination of KRB4/KRB5 settings.
46d738cd 1891 dugsong ok
1892 XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
1893 -I/usr/include/kerberosV?
afd501f9 1894 - markus@cvs.openbsd.org 2001/07/11 16:29:59
1895 [ssh.c]
1896 sort options string, fix -p, add -k
1897 - markus@cvs.openbsd.org 2001/07/11 18:26:15
1898 [auth.c]
1899 no need to call dirname(pw->pw_dir).
1900 note that dirname(3) modifies its argument on some systems.
82d95536 1901 - (djm) Reorder Makefile.in so clean targets work a little better when
1902 run directly from Makefile.in
1812a662 1903 - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension.
453b4bd0 1904
85b08d98 190520010711
68fa858a 1906 - (djm) dirname(3) may modify its argument on glibc and other systems.
85b08d98 1907 Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
1908
a96070d4 190920010704
1910 - OpenBSD CVS Sync
1911 - markus@cvs.openbsd.org 2001/06/25 08:25:41
68fa858a 1912 [channels.c channels.h cipher.c clientloop.c compat.c compat.h
1913 hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
a96070d4 1914 session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
1915 update copyright for 2001
8a497b11 1916 - markus@cvs.openbsd.org 2001/06/25 17:18:27
1917 [ssh-keygen.1]
68fa858a 1918 sshd(8) will never read the private keys, but ssh(1) does;
8a497b11 1919 hugh@mimosa.com
6978866a 1920 - provos@cvs.openbsd.org 2001/06/25 17:54:47
1921 [auth.c auth.h auth-rsa.c]
68fa858a 1922 terminate secure_filename checking after checking homedir. that way
ffb215be 1923 it works on AFS. okay markus@
1924 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
1925 [auth2.c sshconnect2.c]
1926 prototype cleanup; ok markus@
2b30154a 1927 - markus@cvs.openbsd.org 2001/06/26 02:47:07
1928 [ssh-keygen.c]
1929 allow loading a private RSA key to a cyberflex card.
ffdb5d70 1930 - markus@cvs.openbsd.org 2001/06/26 04:07:06
1931 [ssh-agent.1 ssh-agent.c]
1932 add debug flag
983def13 1933 - markus@cvs.openbsd.org 2001/06/26 04:59:59
1934 [authfd.c authfd.h ssh-add.c]
1935 initial support for smartcards in the agent
f7e5ac7b 1936 - markus@cvs.openbsd.org 2001/06/26 05:07:43
1937 [ssh-agent.c]
1938 update usage
2b5fe3b8 1939 - markus@cvs.openbsd.org 2001/06/26 05:33:34
1940 [ssh-agent.c]
1941 more smartcard support.
543baeea 1942 - mpech@cvs.openbsd.org 2001/06/26 05:48:07
1943 [sshd.8]
1944 remove unnecessary .Pp between .It;
1945 millert@ ok
0c9664c2 1946 - markus@cvs.openbsd.org 2001/06/26 05:50:11
1947 [auth2.c]
1948 new interface for secure_filename()
2a1e4639 1949 - itojun@cvs.openbsd.org 2001/06/26 06:32:58
68fa858a 1950 [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
1951 buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
1952 compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
1953 hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
2a1e4639 1954 radix.h readconf.h readpass.h rsa.h]
1955 prototype pedant. not very creative...
1956 - () -> (void)
1957 - no variable names
1c06a9ca 1958 - itojun@cvs.openbsd.org 2001/06/26 06:33:07
68fa858a 1959 [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
1960 sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
1c06a9ca 1961 ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
1962 prototype pedant. not very creative...
1963 - () -> (void)
1964 - no variable names
ced49be2 1965 - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
68fa858a 1966 [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
ced49be2 1967 servconf.c servconf.h session.c sshconnect1.c sshd.c]
68fa858a 1968 Kerberos v5 support for SSH1, mostly from Assar Westerlund
ced49be2 1969 <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
3474b2b4 1970 - markus@cvs.openbsd.org 2001/06/26 17:25:34
1971 [ssh.1]
1972 document SSH_ASKPASS; fubob@MIT.EDU
255cabd9 1973 - markus@cvs.openbsd.org 2001/06/26 17:27:25
68fa858a 1974 [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
1975 canohost.h channels.h cipher.h clientloop.h compat.h compress.h
1976 crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
1977 hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
1978 packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
1979 session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
1980 sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
255cabd9 1981 tildexpand.h uidswap.h uuencode.h xmalloc.h]
1982 remove comments from .h, since they are cut&paste from the .c files
1983 and out of sync
83f46621 1984 - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
1985 [servconf.c]
1986 #include <kafs.h>
57156994 1987 - markus@cvs.openbsd.org 2001/06/26 20:14:11
1988 [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
1989 add smartcard support to the client, too (now you can use both
1990 the agent and the client).
1991 - markus@cvs.openbsd.org 2001/06/27 02:12:54
1992 [serverloop.c serverloop.h session.c session.h]
1993 quick hack to make ssh2 work again.
80f8f24f 1994 - markus@cvs.openbsd.org 2001/06/27 04:48:53
1995 [auth.c match.c sshd.8]
1996 tridge@samba.org
d0bfe096 1997 - markus@cvs.openbsd.org 2001/06/27 05:35:42
1998 [ssh-keygen.c]
1999 use cyberflex_inq_class to inquire class.
2b63e803 2000 - markus@cvs.openbsd.org 2001/06/27 05:42:25
2001 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
2002 s/generate_additional_parameters/rsa_generate_additional_parameters/
2003 http://www.humppa.com/
34e02b83 2004 - markus@cvs.openbsd.org 2001/06/27 06:26:36
2005 [ssh-add.c]
2006 convert to getopt(3)
d3260e12 2007 - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
2008 [ssh-keygen.c]
2009 '\0' terminated data[] is ok; ok markus@
49ccba9c 2010 - markus@cvs.openbsd.org 2001/06/29 07:06:34
2011 [ssh-keygen.c]
2012 new error handling for cyberflex_*
542d70b8 2013 - markus@cvs.openbsd.org 2001/06/29 07:11:01
2014 [ssh-keygen.c]
2015 initialize early
eea46d13 2016 - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
2017 [clientloop.c]
2018 sync function definition with declaration; ok markus@
8ab2cb35 2019 - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
2020 [channels.c]
2021 use socklen_t for getsockopt arg #5; ok markus@
b3f8a79c 2022 - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
2023 [channels.c channels.h clientloop.c]
2024 adress -> address; ok markus@
5b5d170c 2025 - markus@cvs.openbsd.org 2001/07/02 13:59:15
2026 [serverloop.c session.c session.h]
68fa858a 2027 wait until !session_have_children(); bugreport from
5b5d170c 2028 Lutz.Jaenicke@aet.TU-Cottbus.DE
613021ac 2029 - markus@cvs.openbsd.org 2001/07/02 22:29:20
2030 [readpass.c]
2031 do not return NULL, use "" instead.
666248da 2032 - markus@cvs.openbsd.org 2001/07/02 22:40:18
2033 [ssh-keygen.c]
2034 update for sectok.h interface changes.
3cf2be58 2035 - markus@cvs.openbsd.org 2001/07/02 22:52:57
2036 [channels.c channels.h serverloop.c]
2037 improve cleanup/exit logic in ssh2:
2038 stop listening to channels, detach channel users (e.g. sessions).
2039 wait for children (i.e. dying sessions), send exit messages,
2040 cleanup all channels.
637b033d 2041 - (bal) forget a few new files in sync up.
06be7c3b 2042 - (bal) Makefile fix up requires scard.c
ac96ca42 2043 - (stevesk) sync misc.h
9c328529 2044 - (stevesk) more sync for session.c
4f1f4d8d 2045 - (stevesk) sync servconf.h (comments)
afb9165e 2046 - (tim) [contrib/caldera/openssh.spec] sync with Caldera
d9e3d19f 2047 - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to
2048 issue warning (line 1: tokens ignored at end of directive line)
2049 - (tim) [sshconnect1.c] give the compiler something to do for success:
2050 if KRB5 and AFS are not defined
2051 (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: })
637b033d 2052
aa8d09da 205320010629
2054 - (bal) Removed net_aton() since we don't use it any more
64c4b8d7 2055 - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
7af3215a 2056 - (bal) Updated zlib's home. Thanks to David Howe <DaveHowe@gmx.co.uk>.
16adf618 2057 - (stevesk) remove _REENTRANT #define
16995a2c 2058 - (stevesk) session.c: use u_int for envsize
6a26f353 2059 - (stevesk) remove cli.[ch]
aa8d09da 2060
f11065cb 206120010628
2062 - (djm) Sync openbsd-compat with -current libc
68fa858a 2063 - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
050df9db 2064 broken makefile
07608451 2065 - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
2066 - (bal) Remove getusershell() since it's no longer used.
f11065cb 2067
78220944 206820010627
2069 - (djm) Reintroduce pam_session call for non-pty sessions.
68fa858a 2070 - (djm) Remove redundant and incorrect test for max auth attempts in
2071 PAM kbdint code. Based on fix from Matthew Melvin
763dfdf0 2072 <matthewm@webcentral.com.au>
f0194608 2073 - (djm) Rename sysconfdir/primes => sysconfdir/moduli
68fa858a 2074 - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
ff4955c9 2075 existing primes->moduli if it exists.
0eb1a22d 2076 - (djm) Sync with -current openbsd-compat/readpassphrase.c:
2077 - djm@cvs.openbsd.org 2001/06/27 13:23:30
2078 typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
5ed2bb5b 2079 - (djm) Turn up warnings if gcc or egcs detected
b8fea62d 2080 - (stevesk) for HP-UX 11.X use X/Open socket interface;
2081 pulls in modern socket prototypes and eliminates a number of compiler
2082 warnings. see xopen_networking(7).
fef01705 2083 - (stevesk) fix x11 forwarding from _PATH_XAUTH change
28564873 2084 - (stevesk) use X/Open socket interface for HP-UX 10.X also
78220944 2085
e16f4ac8 208620010625
0cd000dd 2087 - OpenBSD CVS Sync
bc233fdf 2088 - markus@cvs.openbsd.org 2001/06/21 21:08:25
2089 [session.c]
2090 don't reset forced_command (we allow multiple login shells in
2091 ssh2); dwd@bell-labs.com
a5a2da3b 2092 - mpech@cvs.openbsd.org 2001/06/22 10:17:51
2093 [ssh.1 sshd.8 ssh-keyscan.1]
2094 o) .Sh AUTHOR -> .Sh AUTHORS;
2095 o) remove unnecessary .Pp;
2096 o) better -mdoc style;
2097 o) typo;
2098 o) sort SEE ALSO;
a5a2da3b 2099 aaron@ ok
e2854364 2100 - provos@cvs.openbsd.org 2001/06/22 21:27:08
2101 [dh.c pathnames.h]
2102 use /etc/moduli instead of /etc/primes, okay markus@
e2432638 2103 - provos@cvs.openbsd.org 2001/06/22 21:28:53
2104 [sshd.8]
2105 document /etc/moduli
96a7b0cc 2106 - markus@cvs.openbsd.org 2001/06/22 21:55:49
68fa858a 2107 [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
96a7b0cc 2108 ssh-keygen.1]
2109 merge authorized_keys2 into authorized_keys.
2110 authorized_keys2 is used for backward compat.
2111 (just append authorized_keys2 to authorized_keys).
826676b3 2112 - provos@cvs.openbsd.org 2001/06/22 21:57:59
2113 [dh.c]
2114 increase linebuffer to deal with larger moduli; use rewind instead of
2115 close/open
bc233fdf 2116 - markus@cvs.openbsd.org 2001/06/22 22:21:20
2117 [sftp-server.c]
2118 allow long usernames/groups in readdir
a599bd06 2119 - markus@cvs.openbsd.org 2001/06/22 23:35:21
2e000c58 2120 [ssh.c]
2121 don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
cb220a93 2122 - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
2123 [scp.c]
2124 slightly better care
d0c8ca5c 2125 - markus@cvs.openbsd.org 2001/06/23 00:20:57
2126 [auth2.c auth.c auth.h auth-rh-rsa.c]
2127 *known_hosts2 is obsolete for hostbased authentication and
2128 only used for backward compat. merge ssh1/2 hostkey check
2129 and move it to auth.c
e16f4ac8 2130 - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
2131 [sftp.1 sftp-server.8 ssh-keygen.1]
2132 join .%A entries; most by bk@rt.fm
f49bc4f7 2133 - markus@cvs.openbsd.org 2001/06/23 02:34:33
68fa858a 2134 [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
f49bc4f7 2135 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
68fa858a 2136 get rid of known_hosts2, use it for hostkey lookup, but do not
f49bc4f7 2137 modify.
7d747e89 2138 - markus@cvs.openbsd.org 2001/06/23 03:03:59
2139 [sshd.8]
2140 draft-ietf-secsh-dh-group-exchange-01.txt
73473230 2141 - markus@cvs.openbsd.org 2001/06/23 03:04:42
2142 [auth2.c auth-rh-rsa.c]
2143 restore correct ignore_user_known_hosts logic.
c10d042a 2144 - markus@cvs.openbsd.org 2001/06/23 05:26:02
2145 [key.c]
2146 handle sigature of size 0 (some broken clients send this).
7b518233 2147 - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
2148 [sftp.1 sftp-server.8 ssh-keygen.1]
2149 ok, tmac is now fixed
2e0becb6 2150 - markus@cvs.openbsd.org 2001/06/23 06:41:10
2151 [ssh-keygen.c]
2152 try to decode ssh-3.0.0 private rsa keys
2153 (allow migration to openssh, not vice versa), #910
396c147e 2154 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
68fa858a 2155 [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
2156 canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
2157 hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
2158 readpass.c scp.c servconf.c serverloop.c session.c sftp.c
2159 sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
2160 ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
396c147e 2161 ssh-keygen.c ssh-keyscan.c]
68fa858a 2162 more strict prototypes. raise warning level in Makefile.inc.
396c147e 2163 markus ok'ed
2164 TODO; cleanup headers
a599bd06 2165 - markus@cvs.openbsd.org 2001/06/23 17:05:22
2166 [ssh-keygen.c]
2167 fix import for (broken?) ssh.com/f-secure private keys
2168 (i tested > 1000 RSA keys)
3730bb22 2169 - itojun@cvs.openbsd.org 2001/06/23 17:48:18
2170 [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
2171 kill whitespace at EOL.
3aca00a3 2172 - markus@cvs.openbsd.org 2001/06/23 19:12:43
2173 [sshd.c]
2174 pidfile/sigterm race; bbraun@synack.net
ce404659 2175 - markus@cvs.openbsd.org 2001/06/23 22:37:46
2176 [sshconnect1.c]
2177 consistent with ssh2: skip key if empty passphrase is entered,
2178 retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
2cee8a25 2179 - markus@cvs.openbsd.org 2001/06/24 05:25:10
2180 [auth-options.c match.c match.h]
2181 move ip+hostname check to match.c
1843a425 2182 - markus@cvs.openbsd.org 2001/06/24 05:35:33
2183 [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
2184 switch to readpassphrase(3)
2185 2.7/8-stable needs readpassphrase.[ch] from libc
80097c54 2186 - markus@cvs.openbsd.org 2001/06/24 05:47:13
2187 [sshconnect2.c]
2188 oops, missing format string
b4e7177c 2189 - markus@cvs.openbsd.org 2001/06/24 17:18:31
2190 [ttymodes.c]
2191 passing modes works fine: debug2->3
ab88181c 2192 - (djm) -Wall fix for session.c
3159d49a 2193 - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
2194 Solaris
0cd000dd 2195
7751d4eb 219620010622
2197 - (stevesk) handle systems without pw_expire and pw_change.
2198
e04e7a19 219920010621
2200 - OpenBSD CVS Sync
2201 - markus@cvs.openbsd.org 2001/06/16 08:49:38
2202 [misc.c]
2203 typo; dunlap@apl.washington.edu
c03175c6 2204 - markus@cvs.openbsd.org 2001/06/16 08:50:39
2205 [channels.h]
2206 bad //-style comment; thx to stevev@darkwing.uoregon.edu
08c260ea 2207 - markus@cvs.openbsd.org 2001/06/16 08:57:35
2208 [scp.c]
2209 no stdio or exit() in signal handlers.
c4d49b85 2210 - markus@cvs.openbsd.org 2001/06/16 08:58:34
2211 [misc.c]
2212 copy pw_expire and pw_change, too.
dac6753b 2213 - markus@cvs.openbsd.org 2001/06/19 12:34:09
2214 [session.c]
2215 cleanup forced command handling, from dwd@bell-labs.com
ff027d84 2216 - markus@cvs.openbsd.org 2001/06/19 14:09:45
2217 [session.c sshd.8]
2218 disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
c95add71 2219 - markus@cvs.openbsd.org 2001/06/19 15:40:45
2220 [session.c]
2221 allocate and free at the same level.
d6746a0b 2222 - markus@cvs.openbsd.org 2001/06/20 13:56:39
2223 [channels.c channels.h clientloop.c packet.c serverloop.c]
2224 move from channel_stop_listening to channel_free_all,
2225 call channel_free_all before calling waitpid() in serverloop.
2226 fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
e04e7a19 2227
5ad9f968 222820010615
2229 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
2230 around grantpt().
f7940aa9 2231 - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
5ad9f968 2232
eb26141e 223320010614
2234 - OpenBSD CVS Sync
2235 - markus@cvs.openbsd.org 2001/06/13 09:10:31
2236 [session.c]
2237 typo, use pid not s->pid, mstone@cs.loyola.edu
2238
86066315 223920010613
eb26141e 2240 - OpenBSD CVS Sync
86066315 2241 - markus@cvs.openbsd.org 2001/06/12 10:58:29
2242 [session.c]
2243 merge session_free into session_close()
2244 merge pty_cleanup_proc into session_pty_cleanup()
653d5f86 2245 - markus@cvs.openbsd.org 2001/06/12 16:10:38
2246 [session.c]
2247 merge ssh1/ssh2 tty msg parse and alloc code
76735fe3 2248 - markus@cvs.openbsd.org 2001/06/12 16:11:26
2249 [packet.c]
2250 do not log() packet_set_maxsize
b44de2b1 2251 - markus@cvs.openbsd.org 2001/06/12 21:21:29
2252 [session.c]
2253 remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
2254 we do already trust $HOME/.ssh
2255 you can use .ssh/sshrc and .ssh/environment if you want to customize
2256 the location of the xauth cookies
7a313633 2257 - markus@cvs.openbsd.org 2001/06/12 21:30:57
2258 [session.c]
2259 unused
86066315 2260
2c9d881a 226120010612
38296b32 2262 - scp.c ID update (upstream synced vfsprintf() from us)
2263 - OpenBSD CVS Sync
2c9d881a 2264 - markus@cvs.openbsd.org 2001/06/10 11:29:20
2265 [dispatch.c]
2266 we support rekeying
2267 protocol errors are fatal.
1500bcdd 2268 - markus@cvs.openbsd.org 2001/06/11 10:18:24
2269 [session.c]
2270 reset pointer to NULL after xfree(); report from solar@openwall.com
f740438e 2271 - markus@cvs.openbsd.org 2001/06/11 16:04:38
2272 [sshd.8]
2273 typo; bdubreuil@crrel.usace.army.mil
2c9d881a 2274
b4d02860 227520010611
68fa858a 2276 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
2277 <markm@swoon.net>
224cbdcc 2278 - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
68fa858a 2279 types. Patch by Jan IVEN <Jan.Iven@cern.ch>
0bb724ce 2280 - (bal) Fixed Makefile.in so that 'configure; make install' works.
b4d02860 2281
bf093080 228220010610
2283 - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
2284
e697bda7 228520010609
2286 - OpenBSD CVS Sync
2287 - markus@cvs.openbsd.org 2001/05/30 12:55:13
68fa858a 2288 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
e697bda7 2289 packet.c serverloop.c session.c ssh.c ssh1.h]
2290 channel layer cleanup: merge header files and split .c files
36e1f6a1 2291 - markus@cvs.openbsd.org 2001/05/30 15:20:10
2292 [ssh.c]
2293 merge functions, simplify.
a5efa1bb 2294 - markus@cvs.openbsd.org 2001/05/31 10:30:17
68fa858a 2295 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
a5efa1bb 2296 packet.c serverloop.c session.c ssh.c]
68fa858a 2297 undo the .c file split, just merge the header and keep the cvs
a5efa1bb 2298 history
68fa858a 2299 - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
8e7895b8 2300 out of ssh Attic)
68fa858a 2301 - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
a98da4aa 2302 Attic.
2303 - OpenBSD CVS Sync
2304 - markus@cvs.openbsd.org 2001/05/31 13:08:04
2305 [sshd_config]
2306 group options and add some more comments
e4f7282d 2307 - markus@cvs.openbsd.org 2001/06/03 14:55:39
2308 [channels.c channels.h session.c]
68fa858a 2309 use fatal_register_cleanup instead of atexit, sync with x11 authdir
e4f7282d 2310 handling
e5b71e99 2311 - markus@cvs.openbsd.org 2001/06/03 19:36:44
2312 [ssh-keygen.1]
2313 1-2 bits of entrophy per character (not per word), ok stevesk@
4fc334a2 2314 - markus@cvs.openbsd.org 2001/06/03 19:38:42
2315 [scp.c]
2316 pass -v to ssh; from slade@shore.net
f5e69c65 2317 - markus@cvs.openbsd.org 2001/06/03 20:06:11
2318 [auth2-chall.c]
68fa858a 2319 the challenge response device decides how to handle non-existing
f5e69c65 2320 users.
2321 -> fake challenges for skey and cryptocard
f0f32b8e 2322 - markus@cvs.openbsd.org 2001/06/04 21:59:43
2323 [channels.c channels.h session.c]
68fa858a 2324 switch uid when cleaning up tmp files and sockets; reported by
f0f32b8e 2325 zen-parse@gmx.net on bugtraq
c9130033 2326 - markus@cvs.openbsd.org 2001/06/04 23:07:21
2327 [clientloop.c serverloop.c sshd.c]
68fa858a 2328 set flags in the signal handlers, do real work in the main loop,
c9130033 2329 ok provos@
8dcd9d5c 2330 - markus@cvs.openbsd.org 2001/06/04 23:16:16
2331 [session.c]
2332 merge ssh1/2 x11-fwd setup, create listener after tmp-dir
aa144206 2333 - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
2334 [ssh-keyscan.1 ssh-keyscan.c]
2335 License clarification from David Mazieres, ok deraadt@
750c256a 2336 - markus@cvs.openbsd.org 2001/06/05 10:24:32
2337 [channels.c]
2338 don't delete the auth socket in channel_stop_listening()
2339 auth_sock_cleanup_proc() will take care of this.
fc2a1d28 2340 - markus@cvs.openbsd.org 2001/06/05 16:46:19
2341 [session.c]
2342 let session_close() delete the pty. deny x11fwd if xauthfile is set.
d87596b0 2343 - markus@cvs.openbsd.org 2001/06/06 23:13:54
2344 [ssh-dss.c ssh-rsa.c]
2345 cleanup, remove old code
edf9ae81 2346 - markus@cvs.openbsd.org 2001/06/06 23:19:35
2347 [ssh-add.c]
2348 remove debug message; Darren.Moffat@eng.sun.com
2a6a054e 2349 - markus@cvs.openbsd.org 2001/06/07 19:57:53
2350 [auth2.c]
2351 style is used for bsdauth.
2352 disconnect on user/service change (ietf-drafts)
449c5ba5 2353 - markus@cvs.openbsd.org 2001/06/07 20:23:05
68fa858a 2354 [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
449c5ba5 2355 sshconnect.c sshconnect1.c]
2356 use xxx_put_cstring()
e6abba31 2357 - markus@cvs.openbsd.org 2001/06/07 22:25:02
2358 [session.c]
2359 don't overwrite errno
2360 delay deletion of the xauth cookie
fd9ede94 2361 - markus@cvs.openbsd.org 2001/06/08 15:25:40
2362 [includes.h pathnames.h readconf.c servconf.c]
2363 move the path for xauth to pathnames.h
0abe778b 2364 - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
83c17f20 2365 - (bal) ANSIify strmode()
68fa858a 2366 - (bal) --with-catman should be --with-mantype patch by Dave
2367 Dykstra <dwd@bell-labs.com>
fd9ede94 2368
4869a96f 236920010606
e697bda7 2370 - OpenBSD CVS Sync
68fa858a 2371 - markus@cvs.openbsd.org 2001/05/17 21:34:15
e697bda7 2372 [ssh.1]
68fa858a 2373 no spaces in PreferredAuthentications;
5ba55ada 2374 meixner@rbg.informatik.tu-darmstadt.de
2375 - markus@cvs.openbsd.org 2001/05/18 14:13:29
68fa858a 2376 [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
5ba55ada 2377 readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
2378 improved kbd-interactive support. work by per@appgate.com and me
bc03d5aa 2379 - djm@cvs.openbsd.org 2001/05/19 00:36:40
2380 [session.c]
2381 Disable X11 forwarding if xauth binary is not found. Patch from Nalin
2382 Dahyabhai <nalin@redhat.com>; ok markus@
68fa858a 2383 - markus@cvs.openbsd.org 2001/05/19 16:05:41
2384 [scp.c]
3e4fc5f9 2385 ftruncate() instead of open()+O_TRUNC like rcp.c does
68fa858a 2386 allows scp /path/to/file localhost:/path/to/file
2387 - markus@cvs.openbsd.org 2001/05/19 16:08:43
2388 [sshd.8]
a18395da 2389 sort options; Matthew.Stier@fnc.fujitsu.com
68fa858a 2390 - markus@cvs.openbsd.org 2001/05/19 16:32:16
2391 [ssh.1 sshconnect2.c]
2392 change preferredauthentication order to
2393 publickey,hostbased,password,keyboard-interactive
3398dda9 2394 document that hostbased defaults to no, document order
47bf6266 2395 - markus@cvs.openbsd.org 2001/05/19 16:46:19
68fa858a 2396 [ssh.1 sshd.8]
2397 document MACs defaults with .Dq
2398 - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
2399 [misc.c misc.h servconf.c sshd.8 sshd.c]
2400 sshd command-line arguments and configuration file options that
2401 specify time may be expressed using a sequence of the form:
e2b1fb42 2402 time[qualifier], where time is a positive integer value and qualifier
68fa858a 2403 is one of the following:
2404 <none>,s,m,h,d,w
2405 Examples:
2406 600 600 seconds (10 minutes)
2407 10m 10 minutes
2408 1h30m 1 hour 30 minutes (90 minutes)
2409 ok markus@
7e8c18e9 2410 - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
68fa858a 2411 [channels.c]
2412 typo in error message
e697bda7 2413 - markus@cvs.openbsd.org 2001/05/20 17:20:36
c8445989 2414 [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
2415 sshd_config]
68fa858a 2416 configurable authorized_keys{,2} location; originally from peter@;
2417 ok djm@
1ddf764b 2418 - markus@cvs.openbsd.org 2001/05/24 11:12:42
68fa858a 2419 [auth.c]
2420 fix comment; from jakob@
2421 - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
2422 [clientloop.c readconf.c ssh.c ssh.h]
4bf9c10e 2423 don't perform escape processing when ``EscapeChar none''; ok markus@
abe0fb9f 2424 - markus@cvs.openbsd.org 2001/05/25 14:37:32
68fa858a 2425 [ssh-keygen.c]
2426 use -P for -e and -y, too.
63cd7dd0 2427 - markus@cvs.openbsd.org 2001/05/28 08:04:39
68fa858a 2428 [ssh.c]
2429 fix usage()
2430 - markus@cvs.openbsd.org 2001/05/28 10:08:55
2431 [authfile.c]
eb2e1595 2432 key_load_private: set comment to filename for PEM keys
2cf27bc4 2433 - markus@cvs.openbsd.org 2001/05/28 22:51:11
68fa858a 2434 [cipher.c cipher.h]
2435 simpler 3des for ssh1
2436 - markus@cvs.openbsd.org 2001/05/28 23:14:49
2437 [channels.c channels.h nchan.c]
6fd8622b 2438 undo broken channel fix and try a different one. there
68fa858a 2439 should be still some select errors...
2440 - markus@cvs.openbsd.org 2001/05/28 23:25:24
2441 [channels.c]
2442 cleanup, typo
08dcb5d7 2443 - markus@cvs.openbsd.org 2001/05/28 23:58:35
68fa858a 2444 [packet.c packet.h sshconnect.c sshd.c]
2445 remove some lines, simplify.
a10bdd7c 2446 - markus@cvs.openbsd.org 2001/05/29 12:31:27
68fa858a 2447 [authfile.c]
2448 typo
5ba55ada 2449
5cde8062 245020010528
2451 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
2452 Patch by Corinna Vinschen <vinschen@redhat.com>
2453
362df52e 245420010517
2455 - OpenBSD CVS Sync
2456 - markus@cvs.openbsd.org 2001/05/12 19:53:13
2457 [sftp-server.c]
2458 readlink does not NULL-terminate; mhe@home.se
6efa3d14 2459 - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
2460 [ssh.1]
2461 X11 forwarding details improved
70ea8327 2462 - markus@cvs.openbsd.org 2001/05/16 20:51:57
2463 [authfile.c]
2464 return comments for private pem files, too; report from nolan@naic.edu
24b6b45f 2465 - markus@cvs.openbsd.org 2001/05/16 21:53:53
2466 [clientloop.c]
2467 check for open sessions before we call select(); fixes the x11 client
2468 bug reported by bowman@math.ualberta.ca
7231bd47 2469 - markus@cvs.openbsd.org 2001/05/16 22:09:21
2470 [channels.c nchan.c]
2471 more select() error fixes (don't set rfd/wfd to -1).
7043a38d 2472 - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
68fa858a 2473 - (bal) Corrected on_exit() emulation via atexit().
362df52e 2474
89aa792b 247520010512
2476 - OpenBSD CVS Sync
2477 - markus@cvs.openbsd.org 2001/05/11 14:59:56
2478 [clientloop.c misc.c misc.h]
2479 add unset_nonblock for stdout/err flushing in client_loop().
286e38f7 2480 - (bal) Patch to partial sync up contrib/solaris/ packaging software.
2481 Patch by pete <ninjaz@webexpress.com>
89aa792b 2482
97430469 248320010511
2484 - OpenBSD CVS Sync
2485 - markus@cvs.openbsd.org 2001/05/09 22:51:57
2486 [channels.c]
2487 fix -R for protocol 2, noticed by greg@nest.cx.
2488 bug was introduced with experimental dynamic forwarding.
a16092bb 2489 - markus@cvs.openbsd.org 2001/05/09 23:01:31
2490 [rijndael.h]
2491 fix prototype; J.S.Peatfield@damtp.cam.ac.uk
97430469 2492
588f4ed0 249320010509
2494 - OpenBSD CVS Sync
2495 - markus@cvs.openbsd.org 2001/05/06 21:23:31
2496 [cli.c]
2497 cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
d18e0850 2498 - markus@cvs.openbsd.org 2001/05/08 19:17:31
a01a10dd 2499 [channels.c serverloop.c clientloop.c]
d18e0850 2500 adds correct error reporting to async connect()s
68fa858a 2501 fixes the server-discards-data-before-connected-bug found by
d18e0850 2502 onoe@sm.sony.co.jp
8a624ebf 2503 - mouring@cvs.openbsd.org 2001/05/08 19:45:25
2504 [misc.c misc.h scp.c sftp.c]
2505 Use addargs() in sftp plus some clean up of addargs(). OK Markus
1b02d786 2506 - markus@cvs.openbsd.org 2001/05/06 21:45:14
2507 [clientloop.c]
68fa858a 2508 use atomicio for flushing stdout/stderr bufs. thanks to
1b02d786 2509 jbw@izanami.cee.hw.ac.uk
010980f6 2510 - markus@cvs.openbsd.org 2001/05/08 22:48:07
2511 [atomicio.c]
2512 no need for xmalloc.h, thanks to espie@
68fa858a 2513 - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
7e2d5fa4 2514 <wayne@blorf.net>
99c8ddac 2515 - (bal) ./configure support to disable SIA on OSF1. Patch by
2516 Chris Adams <cmadams@hiwaay.net>
68fa858a 2517 - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
b81c369b 2518 <nakaji@tutrp.tut.ac.jp>
588f4ed0 2519
7b22534a 252020010508
68fa858a 2521 - (bal) Fixed configure test for USE_SIA.
7b22534a 2522
94539b2a 252320010506
2524 - (djm) Update config.guess and config.sub with latest versions (from
2525 ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
2526 Suggested by Jason Mader <jason@ncac.gwu.edu>
96c63318 2527 - (bal) White Space and #ifdef sync with OpenBSD
044b0662 2528 - (bal) Add 'seed_rng()' to ssh-add.c
9e9bd8c0 2529 - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
cf7ff074 2530 - OpenBSD CVS Sync
2531 - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
2532 [sftp.1 ssh-add.1 ssh-keygen.1]
2533 typos, grammar
94539b2a 2534
98143cfc 253520010505
2536 - OpenBSD CVS Sync
2537 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
2538 [ssh.1 sshd.8]
2539 typos
5b9601c8 2540 - markus@cvs.openbsd.org 2001/05/04 14:34:34
2541 [channels.c]
94539b2a 2542 channel_new() reallocs channels[], we cannot use Channel *c after
2543 calling channel_new(), XXX fix this in the future...
719fc62f 2544 - markus@cvs.openbsd.org 2001/05/04 23:47:34
2545 [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
68fa858a 2546 move to Channel **channels (instead of Channel *channels), fixes realloc
2547 problems. channel_new now returns a Channel *, favour Channel * over
719fc62f 2548 channel id. remove old channel_allocate interface.
98143cfc 2549
f92fee1f 255020010504
2551 - OpenBSD CVS Sync
2552 - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
2553 [channels.c]
2554 typo in debug() string
503e7e5b 2555 - markus@cvs.openbsd.org 2001/05/03 15:45:15
2556 [session.c]
2557 exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
c98cab9b 2558 - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
2559 [servconf.c]
2560 remove "\n" from fatal()
1fcde3fe 2561 - mouring@cvs.openbsd.org 2001/05/03 23:09:53
2562 [misc.c misc.h scp.c sftp.c]
2563 Move colon() and cleanhost() to misc.c where I should I have put it in
2564 the first place
044aa419 2565 - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
c7ccfd39 2566 - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
2567 Patch by Egor Duda <deo@logos-m.ru>
f92fee1f 2568
065604bb 256920010503
2570 - OpenBSD CVS Sync
2571 - markus@cvs.openbsd.org 2001/05/02 16:41:20
2572 [ssh-add.c]
2573 fix prompt for ssh-add.
2574
742ee8f2 257520010502
2576 - OpenBSD CVS Sync
2577 - mouring@cvs.openbsd.org 2001/05/02 01:25:39
2578 [readpass.c]
2579 Put the 'const' back into ssh_askpass() function. Pointed out
2580 by Mark Miller <markm@swoon.net>. OK Markus
2581
3435f5a6 258220010501
2583 - OpenBSD CVS Sync
2584 - markus@cvs.openbsd.org 2001/04/30 11:18:52
2585 [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
2586 implement 'ssh -b bind_address' like 'telnet -b'
eef7adcb 2587 - markus@cvs.openbsd.org 2001/04/30 15:50:46
2588 [compat.c compat.h kex.c]
2589 allow interop with weaker key generation used by ssh-2.0.x, x < 10
ec430473 2590 - markus@cvs.openbsd.org 2001/04/30 16:02:49
2591 [compat.c]
2592 ssh-2.0.10 has the weak-key-bug, too.
3ca6cc45 2593 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
3435f5a6 2594
e8171bff 259520010430
39aefe7b 2596 - OpenBSD CVS Sync
2597 - markus@cvs.openbsd.org 2001/04/29 18:32:52
2598 [serverloop.c]
2599 fix whitespace
fbe90f7b 2600 - markus@cvs.openbsd.org 2001/04/29 19:16:52
2601 [channels.c clientloop.c compat.c compat.h serverloop.c]
2602 more ssh.com-2.0.x bug-compat; from per@appgate.com
e8171bff 2603 - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
0b47e48f 2604 - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
39aefe7b 2605
baf8c81a 260620010429
2607 - (bal) Updated INSTALL. PCRE moved to a new place.
e878ffe1 2608 - (djm) Release OpenSSH-2.9p1
baf8c81a 2609
0096ac62 261020010427
2611 - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
2612 patch based on 2.5.2 version by djm.
95595a77 2613 - (bal) Build manpages and config files once unless changed. Patch by
2614 Carson Gaspar <carson@taltos.org>
68fa858a 2615 - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
4a2df58f 2616 Vinschen <vinschen@redhat.com>
5ef815d7 2617 - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
2618 Pekka Savola <pekkas@netcore.fi>
68fa858a 2619 - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
229be2df 2620 <vinschen@redhat.com>
cc3ccfdc 2621 - (bal) version.h synced, RPM specs updated for 2.9
b1e2a48c 2622 - (tim) update contrib/caldera files with what Caldera is using.
2623 <sps@caldera.de>
0096ac62 2624
b587c165 262520010425
2626 - OpenBSD CVS Sync
2627 - markus@cvs.openbsd.org 2001/04/23 21:57:07
2628 [ssh-keygen.1 ssh-keygen.c]
2629 allow public key for -e, too
012bc0e1 2630 - markus@cvs.openbsd.org 2001/04/23 22:14:13
2631 [ssh-keygen.c]
2632 remove debug
f8252c48 2633 - (bal) Whitespace resync w/ OpenBSD for uidswap.c
10f72868 2634 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
68fa858a 2635 (default: off), implies KbdInteractiveAuthentication. Suggestion from
10f72868 2636 markus@
c2d059b5 2637 - (djm) Include crypt.h if available in auth-passwd.c
533875af 2638 - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
2639 man page detection fixes for SCO
b587c165 2640
da89cf4d 264120010424
2642 - OpenBSD CVS Sync
2643 - markus@cvs.openbsd.org 2001/04/22 23:58:36
2644 [ssh-keygen.1 ssh.1 sshd.8]
2645 document hostbased and other cleanup
5e29aeaf 2646 - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
3cc990d7 2647 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
68fa858a 2648 - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
d8e76a0a 2649 <dan@mesastate.edu>
3644dc25 2650 - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
da89cf4d 2651
a3626e12 265220010422
2653 - OpenBSD CVS Sync
2654 - markus@cvs.openbsd.org 2001/04/20 16:32:22
2655 [uidswap.c]
2656 set non-privileged gid before uid; tholo@ and deraadt@
1a726b04 2657 - mouring@cvs.openbsd.org 2001/04/21 00:55:57
2658 [sftp.1]
2659 Spelling
67b964a1 2660 - djm@cvs.openbsd.org 2001/04/22 08:13:30
2661 [ssh.1]
2662 typos spotted by stevesk@; ok deraadt@
ba917921 2663 - markus@cvs.openbsd.org 2001/04/22 12:34:05
2664 [scp.c]
2665 scp > 2GB; niles@scyld.com; ok deraadt@, djm@
5deceabb 2666 - markus@cvs.openbsd.org 2001/04/22 13:25:37
2667 [ssh-keygen.1 ssh-keygen.c]
2668 rename arguments -x -> -e (export key), -X -> -i (import key)
2669 xref draft-ietf-secsh-publickeyfile-01.txt
2cad6cef 2670 - markus@cvs.openbsd.org 2001/04/22 13:32:27
2671 [sftp-server.8 sftp.1 ssh.1 sshd.8]
2672 xref draft-ietf-secsh-*
bcaa828e 2673 - markus@cvs.openbsd.org 2001/04/22 13:41:02
2674 [ssh-keygen.1 ssh-keygen.c]
2675 style, noted by stevesk; sort flags in usage
a3626e12 2676
df841692 267720010421
2678 - OpenBSD CVS Sync
2679 - djm@cvs.openbsd.org 2001/04/20 07:17:51
2680 [clientloop.c ssh.1]
2681 Split out and improve escape character documentation, mention ~R in
2682 ~? help text; ok markus@
0e7e0abe 2683 - Update RPM spec files for CVS version.h
1ddee76b 2684 - (stevesk) set the default PAM service name to __progname instead
2685 of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
4b28be2c 2686 - (stevesk) document PAM service name change in INSTALL
13dd877b 2687 - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
2688 fix perl test, fix nroff test, fix Makefile to build outside source tree
df841692 2689
05cc0c99 269020010420
68fa858a 2691 - OpenBSD CVS Sync
05cc0c99 2692 - ian@cvs.openbsd.org 2001/04/18 16:21:05
68fa858a 2693 [ssh-keyscan.1]
2694 Fix typo reported in PR/1779
2695 - markus@cvs.openbsd.org 2001/04/18 21:57:42
2696 [readpass.c ssh-add.c]
561e5254 2697 call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
68fa858a 2698 - markus@cvs.openbsd.org 2001/04/18 22:03:45
2699 [auth2.c sshconnect2.c]
f98c3421 2700 use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
57a5edd8 2701 - markus@cvs.openbsd.org 2001/04/18 22:48:26
68fa858a 2702 [auth2.c]
2703 no longer const
2704 - markus@cvs.openbsd.org 2001/04/18 23:43:26
2705 [auth2.c compat.c sshconnect2.c]
2706 more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
8dddf799 2707 (however the 2.1.0 server seems to work only if debug is enabled...)
ae88ea7e 2708 - markus@cvs.openbsd.org 2001/04/18 23:44:51
68fa858a 2709 [authfile.c]
2710 error->debug; noted by fries@
2711 - markus@cvs.openbsd.org 2001/04/19 00:05:11
2712 [auth2.c]
2713 use local variable, no function call needed.
5cf13595 2714 (btw, hostbased works now with ssh.com >= 2.0.13)
431a2493 2715 - (bal) Put scp-common.h back into scp.c (it exists in the upstream
2716 tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
05cc0c99 2717
e78e738a 271820010418
68fa858a 2719 - OpenBSD CVS Sync
e78e738a 2720 - markus@cvs.openbsd.org 2001/04/17 19:34:25
3a83b819 2721 [session.c]
2722 move auth_approval to do_authenticated().
2723 do_child(): nuke hostkeys from memory
2724 don't source .ssh/rc for subsystems.
2725 - markus@cvs.openbsd.org 2001/04/18 14:15:00
2726 [canohost.c]
2727 debug->debug3
ce2af031 2728 - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
2729 be working again.
e0c4d3ac 2730 - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
2731 Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
3a83b819 2732
8c6b78e4 273320010417
2734 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
6d165a89 2735 and temporary commented out 'catman-do:' since it is broken. Patches
8c6b78e4 2736 for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a88b7b57 2737 - OpenBSD CVS Sync
53b8fe68 2738 - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
2739 [key.c]
2740 better safe than sorry in later mods; yongari@kt-is.co.kr
2741 - markus@cvs.openbsd.org 2001/04/17 08:14:01
2742 [sshconnect1.c]
2743 check for key!=NULL, thanks to costa
2744 - markus@cvs.openbsd.org 2001/04/17 09:52:48
2745 [clientloop.c]
cf6bc93c 2746 handle EINTR/EAGAIN on read; ok deraadt@
53b8fe68 2747 - markus@cvs.openbsd.org 2001/04/17 10:53:26
2748 [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
e961a8f9 2749 add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
53b8fe68 2750 - markus@cvs.openbsd.org 2001/04/17 12:55:04
2751 [channels.c ssh.c]
2752 undo socks5 and https support since they are not really used and
2753 only bloat ssh. remove -D from usage(), since '-D' is experimental.
2754
e4664c3e 275520010416
2756 - OpenBSD CVS Sync
2757 - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
2758 [ttymodes.c]
2759 fix comments
ec1f12d3 2760 - markus@cvs.openbsd.org 2001/04/15 08:43:47
2761 [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
2762 some unused variable and typos; from tomh@po.crl.go.jp
58cfa257 2763 - markus@cvs.openbsd.org 2001/04/15 16:58:03
2764 [authfile.c ssh-keygen.c sshd.c]
2765 don't use errno for key_{load,save}_private; discussion w/ solar@openwall
e968270c 2766 - markus@cvs.openbsd.org 2001/04/15 17:16:00
2767 [clientloop.c]
2768 set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
2769 should fix some of the blocking problems for rsync over SSH-1
84fc17bf 2770 - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
2771 [sshd.8]
2772 some ClientAlive cleanup; ok markus@
b7c70970 2773 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
2774 [readconf.c servconf.c]
2775 use fatal() or error() vs. fprintf(); ok markus@
5d97cfbf 2776 - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
2777 Roth <roth+openssh@feep.net>
6023325e 2778 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
47b53518 2779 - (djm) OpenBSD CVS Sync
2780 - mouring@cvs.openbsd.org 2001/04/16 02:31:44
2781 [scp.c sftp.c]
2782 IPv6 support for sftp (which I bungled in my last patch) which is
2783 borrowed from scp.c. Thanks to Markus@ for pointing it out.
764291b3 2784 - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
2785 [xmalloc.c]
2786 xrealloc dealing with ptr == nULL; mouring
f2c2fd71 2787 - djm@cvs.openbsd.org 2001/04/16 08:19:31
2788 [session.c]
68fa858a 2789 Split motd and hushlogin checks into seperate functions, helps for
f2c2fd71 2790 portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
68fa858a 2791 - Fix OSF SIA support displaying too much information for quiet
2792 logins and logins where access was denied by SIA. Patch from Chris Adams
c96a4aaf 2793 <cmadams@hiwaay.net>
e4664c3e 2794
f03228b1 279520010415
2796 - OpenBSD CVS Sync
2797 - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
2798 [ssh-add.c]
2799 do not double free
9cf972fa 2800 - markus@cvs.openbsd.org 2001/04/14 16:17:14
2801 [channels.c]
2802 remove some channels that are not appropriate for keepalive.
eae942e2 2803 - markus@cvs.openbsd.org 2001/04/14 16:27:57
2804 [ssh-add.c]
2805 use clear_pass instead of xfree()
30dcc918 2806 - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
2807 [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
2808 protocol 2 tty modes support; ok markus@
36967a16 2809 - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
2810 [scp.c]
2811 'T' handling rcp/scp sync; ok markus@
e4664c3e 2812 - Missed sshtty.[ch] in Sync.
f03228b1 2813
e400a640 281420010414
2815 - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
68fa858a 2816 - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
fe56c12b 2817 <vinschen@redhat.com>
3ffc6336 2818 - OpenBSD CVS Sync
2819 - beck@cvs.openbsd.org 2001/04/13 22:46:54
2820 [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
2821 Add options ClientAliveInterval and ClientAliveCountMax to sshd.
2822 This gives the ability to do a "keepalive" via the encrypted channel
2823 which can't be spoofed (unlike TCP keepalives). Useful for when you want
2824 to use ssh connections to authenticate people for something, and know
2825 relatively quickly when they are no longer authenticated. Disabled
2826 by default (of course). ok markus@
e400a640 2827
cc44f691 282820010413
68fa858a 2829 - OpenBSD CVS Sync
2830 - markus@cvs.openbsd.org 2001/04/12 14:29:09
2831 [ssh.c]
2832 show debug output during option processing, report from
cc44f691 2833 pekkas@netcore.fi
8002af61 2834 - markus@cvs.openbsd.org 2001/04/12 19:15:26
68fa858a 2835 [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
2836 compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
2837 servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
8002af61 2838 sshconnect2.c sshd_config]
2839 implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
2840 similar to RhostRSAAuthentication unless you enable (the experimental)
2841 HostbasedUsesNameFromPacketOnly option. please test. :)
0140e66a 2842 - markus@cvs.openbsd.org 2001/04/12 19:39:27
2843 [readconf.c]
2844 typo
2d2a2c65 2845 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
2846 [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
2847 robust port validation; ok markus@ jakob@
edeeab1e 2848 - mouring@cvs.openbsd.org 2001/04/12 23:17:54
2849 [sftp-int.c sftp-int.h sftp.1 sftp.c]
2850 Add support for:
2851 sftp [user@]host[:file [file]] - Fetch remote file(s)
2852 sftp [user@]host[:dir[/]] - Start in remote dir/
2853 OK deraadt@
57aa8961 2854 - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
2855 [ssh.c]
2856 missing \n in error message
96f8b59f 2857 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
2858 lack it.
cc44f691 2859
28b9cb4d 286020010412
68fa858a 2861 - OpenBSD CVS Sync
28b9cb4d 2862 - markus@cvs.openbsd.org 2001/04/10 07:46:58
68fa858a 2863 [channels.c]
2864 cleanup socks4 handling
2865 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
c0ecc314 2866 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
68fa858a 2867 document id_rsa{.pub,}. markus ok
070adba2 2868 - markus@cvs.openbsd.org 2001/04/10 12:15:23
68fa858a 2869 [channels.c]
2870 debug cleanup
45a2e669 2871 - djm@cvs.openbsd.org 2001/04/11 07:06:22
2872 [sftp-int.c]
2873 'mget' and 'mput' aliases; ok markus@
6031af8d 2874 - markus@cvs.openbsd.org 2001/04/11 10:59:01
2875 [ssh.c]
2876 use strtol() for ports, thanks jakob@
6683b40f 2877 - markus@cvs.openbsd.org 2001/04/11 13:56:13
2878 [channels.c ssh.c]
2879 https-connect and socks5 support. i feel so bad.
ff14faf1 2880 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
2881 [sshd.8 sshd.c]
2882 implement the -e option into sshd:
2883 -e When this option is specified, sshd will send the output to the
2884 standard error instead of the system log.
2885 markus@ OK.
28b9cb4d 2886
0a85ab61 288720010410
2888 - OpenBSD CVS Sync
2889 - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
2890 [sftp.c]
2891 do not modify an actual argv[] entry
b2ae83b8 2892 - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
2893 [sshd.8]
2894 spelling
317611b5 2895 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
2896 [sftp.1]
2897 spelling
a8666d84 2898 - markus@cvs.openbsd.org 2001/04/09 15:12:23
2899 [ssh-add.c]
2900 passphrase caching: ssh-add tries last passphrase, clears passphrase if
2901 not successful and after last try.
2902 based on discussions with espie@, jakob@, ... and code from jakob@ and
2903 wolfgang@wsrcc.com
49ae4185 2904 - markus@cvs.openbsd.org 2001/04/09 15:19:49
2905 [ssh-add.1]
2906 ssh-add retries the last passphrase...
b8a297f1 2907 - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
2908 [sshd.8]
2909 ListenAddress mandoc from aaron@
0a85ab61 2910
6e9944b8 291120010409
febd3f8e 2912 - (stevesk) use setresgid() for setegid() if needed
26de7942 2913 - (stevesk) configure.in: typo
6e9944b8 2914 - OpenBSD CVS Sync
2915 - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
2916 [sshd.8]
2917 document ListenAddress addr:port
d64050ef 2918 - markus@cvs.openbsd.org 2001/04/08 13:03:00
2919 [ssh-add.c]
2920 init pointers with NULL, thanks to danimal@danimal.org
d0a4c20b 2921 - markus@cvs.openbsd.org 2001/04/08 11:27:33
2922 [clientloop.c]
2923 leave_raw_mode if ssh2 "session" is closed
63bd8c36 2924 - markus@cvs.openbsd.org 2001/04/06 21:00:17
2925 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
2926 ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
2927 do gid/groups-swap in addition to uid-swap, should help if /home/group
2928 is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
2929 to olar@openwall.com is comments. we had many requests for this.
0490e609 2930 - markus@cvs.openbsd.org 2001/04/07 08:55:18
2931 [buffer.c channels.c channels.h readconf.c ssh.c]
68fa858a 2932 allow the ssh client act as a SOCKS4 proxy (dynamic local
2933 portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
2934 thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
0490e609 2935 netscape use localhost:1080 as a socks proxy.
d98d029a 2936 - markus@cvs.openbsd.org 2001/04/08 11:24:33
2937 [uidswap.c]
2938 KNF
6e9944b8 2939
d9d49fdb 294020010408
2941 - OpenBSD CVS Sync
2942 - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
2943 [hostfile.c]
2944 unused; typo in comment
d11c1288 2945 - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
2946 [servconf.c]
2947 in addition to:
2948 ListenAddress host|ipv4_addr|ipv6_addr
2949 permit:
2950 ListenAddress [host|ipv4_addr|ipv6_addr]:port
2951 ListenAddress host|ipv4_addr:port
2952 sshd.8 updates coming. ok markus@
d9d49fdb 2953
613fc910 295420010407
2955 - (bal) CVS ID Resync of version.h
cc94bd38 2956 - OpenBSD CVS Sync
2957 - markus@cvs.openbsd.org 2001/04/05 23:39:20
2958 [serverloop.c]
2959 keep the ssh session even if there is no active channel.
2960 this is more in line with the protocol spec and makes
2961 ssh -N -L 1234:server:110 host
2962 more useful.
2963 based on discussion with <mats@mindbright.se> long time ago
2964 and recent mail from <res@shore.net>
0fc791ba 2965 - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
2966 [scp.c]
2967 remove trailing / from source paths; fixes pr#1756
68fa858a 2968
63f7e231 296920010406
2970 - (stevesk) logintest.c: fix for systems without __progname
72170131 2971 - (stevesk) Makefile.in: log.o is in libssh.a
d8a2f554 2972 - OpenBSD CVS Sync
2973 - markus@cvs.openbsd.org 2001/04/05 10:00:06
2974 [compat.c]
2975 2.3.x does old GEX, too; report jakob@
6ba22c93 2976 - markus@cvs.openbsd.org 2001/04/05 10:39:03
2977 [compress.c compress.h packet.c]
2978 reset compress state per direction when rekeying.
3667ba79 2979 - markus@cvs.openbsd.org 2001/04/05 10:39:48
2980 [version.h]
2981 temporary version 2.5.4 (supports rekeying).
2982 this is not an official release.
cd332296 2983 - markus@cvs.openbsd.org 2001/04/05 10:42:57
68fa858a 2984 [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
2985 mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
2986 sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
cd332296 2987 sshconnect2.c sshd.c]
2988 fix whitespace: unexpand + trailing spaces.
255cfda1 2989 - markus@cvs.openbsd.org 2001/04/05 11:09:17
2990 [clientloop.c compat.c compat.h]
2991 add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
b4a19d21 2992 - markus@cvs.openbsd.org 2001/04/05 15:45:43
2993 [ssh.1]
2994 ssh defaults to protocol v2; from quisar@quisar.ambre.net
46e3af7f 2995 - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
2996 [canohost.c canohost.h session.c]
2997 move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
54506d2e 2998 - markus@cvs.openbsd.org 2001/04/05 20:01:10
2999 [clientloop.c]
3000 for ~R print message if server does not support rekeying. (and fix ~R).
b37caf1a 3001 - markus@cvs.openbsd.org 2001/04/05 21:02:46
3002 [buffer.c]
3003 better error message
eb0dd41f 3004 - markus@cvs.openbsd.org 2001/04/05 21:05:24
3005 [clientloop.c ssh.c]
3006 don't request a session for 'ssh -N', pointed out slade@shore.net
63f7e231 3007
d8ee838b 300820010405
68fa858a 3009 - OpenBSD CVS Sync
3010 - markus@cvs.openbsd.org 2001/04/04 09:48:35
d8ee838b 3011 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
68fa858a 3012 don't sent multiple kexinit-requests.
3013 send newkeys, block while waiting for newkeys.
3014 fix comments.
3015 - markus@cvs.openbsd.org 2001/04/04 14:34:58
3016 [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
3017 enable server side rekeying + some rekey related clientup.
7a37c112 3018 todo: we should not send any non-KEX messages after we send KEXINIT
5adb303f 3019 - markus@cvs.openbsd.org 2001/04/04 15:50:55
3020 [compat.c]
3021 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
c422989b 3022 - markus@cvs.openbsd.org 2001/04/04 20:25:38
68fa858a 3023 [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
c422989b 3024 sshconnect2.c sshd.c]
3025 more robust rekeying
3026 don't send channel data after rekeying is started.
0715ec6c 3027 - markus@cvs.openbsd.org 2001/04/04 20:32:56
3028 [auth2.c]
3029 we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
bbb4cc1b 3030 - markus@cvs.openbsd.org 2001/04/04 22:04:35
3031 [kex.c kexgex.c serverloop.c]
3032 parse full kexinit packet.
3033 make server-side more robust, too.
a7ca6275 3034 - markus@cvs.openbsd.org 2001/04/04 23:09:18
3035 [dh.c kex.c packet.c]
3036 clear+free keys,iv for rekeying.
3037 + fix DH mem leaks. ok niels@
86c9e193 3038 - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
3039 BROKEN_VHANGUP
d8ee838b 3040
9d451c5a 304120010404
3042 - OpenBSD CVS Sync
3043 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
3044 [ssh-agent.1]
3045 grammar; slade@shore.net
894c5fa6 3046 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
3047 [sftp-glob.c ssh-agent.c ssh-keygen.c]
3048 free() -> xfree()
a5c9ffdb 3049 - markus@cvs.openbsd.org 2001/04/03 19:53:29
3050 [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
3051 move kex to kex*.c, used dispatch_set() callbacks for kex. should
3052 make rekeying easier.
3463ff28 3053 - todd@cvs.openbsd.org 2001/04/03 21:19:38
3054 [ssh_config]
3055 id_rsa1/2 -> id_rsa; ok markus@
d1ac6175 3056 - markus@cvs.openbsd.org 2001/04/03 23:32:12
3057 [kex.c kex.h packet.c sshconnect2.c sshd.c]
3058 undo parts of recent my changes: main part of keyexchange does not
3059 need dispatch-callbacks, since application data is delayed until
3060 the keyexchange completes (if i understand the drafts correctly).
3061 add some infrastructure for re-keying.
e092ce67 3062 - markus@cvs.openbsd.org 2001/04/04 00:06:54
3063 [clientloop.c sshconnect2.c]
3064 enable client rekeying
3065 (1) force rekeying with ~R, or
3066 (2) if the server requests rekeying.
3067 works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
0bc35151 3068 - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
9d451c5a 3069
672f212f 307020010403
3071 - OpenBSD CVS Sync
3072 - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
3073 [sshd.8]
3074 typo; ok markus@
6be9a5e8 3075 - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
3076 [readconf.c servconf.c]
3077 correct comment; ok markus@
fe39c3df 3078 - (stevesk) nchan.c: remove ostate checks and add EINVAL to
3079 shutdown(SHUT_RD) error() bypass for HP-UX.
672f212f 3080
0be033ea 308120010402
3082 - (stevesk) log.c openbsd sync; missing newlines
5d9e4c8d 3083 - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
0be033ea 3084
b7a2a476 308520010330
3086 - (djm) Another openbsd-compat/glob.c sync
4047d868 3087 - (djm) OpenBSD CVS Sync
3088 - provos@cvs.openbsd.org 2001/03/28 21:59:41
3089 [kex.c kex.h sshconnect2.c sshd.c]
3090 forgot to include min and max params in hash, okay markus@
c8682232 3091 - provos@cvs.openbsd.org 2001/03/28 22:04:57
3092 [dh.c]
3093 more sanity checking on primes file
d9cd3575 3094 - markus@cvs.openbsd.org 2001/03/28 22:43:31
3095 [auth.h auth2.c auth2-chall.c]
3096 check auth_root_allowed for kbd-int auth, too.
86b878d5 3097 - provos@cvs.openbsd.org 2001/03/29 14:24:59
3098 [sshconnect2.c]
3099 use recommended defaults
1ad64a93 3100 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
3101 [sshconnect2.c sshd.c]
3102 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
03b8f8be 3103 - markus@cvs.openbsd.org 2001/03/29 21:17:40
3104 [dh.c dh.h kex.c kex.h]
3105 prepare for rekeying: move DH code to dh.c
76ca7b01 3106 - djm@cvs.openbsd.org 2001/03/29 23:42:01
3107 [sshd.c]
3108 Protocol 1 key regeneration log => verbose, some KNF; ok markus@
b7a2a476 3109
01ce749f 311020010329
3111 - OpenBSD CVS Sync
3112 - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
3113 [ssh.1]
3114 document more defaults; misc. cleanup. ok markus@
569807fb 3115 - markus@cvs.openbsd.org 2001/03/26 23:12:42
3116 [authfile.c]
3117 KNF
457fc0c6 3118 - markus@cvs.openbsd.org 2001/03/26 23:23:24
3119 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
3120 try to read private f-secure ssh v2 rsa keys.
1a92bd7e 3121 - markus@cvs.openbsd.org 2001/03/27 10:34:08
3122 [ssh-rsa.c sshd.c]
3123 use EVP_get_digestbynid, reorder some calls and fix missing free.
a4da628b 3124 - markus@cvs.openbsd.org 2001/03/27 10:57:00
3125 [compat.c compat.h ssh-rsa.c]
3126 some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
3127 signatures in SSH protocol 2, ok djm@
db1cd2f3 3128 - provos@cvs.openbsd.org 2001/03/27 17:46:50
3129 [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
3130 make dh group exchange more flexible, allow min and max group size,
3131 okay markus@, deraadt@
e5ff6ecf 3132 - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
3133 [scp.c]
3134 start to sync scp closer to rcp; ok markus@
03cb2621 3135 - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
3136 [scp.c]
3137 usage more like rcp and add missing -B to usage; ok markus@
563834bb 3138 - markus@cvs.openbsd.org 2001/03/28 20:50:45
3139 [sshd.c]
3140 call refuse() before close(); from olemx@ans.pl
01ce749f 3141
b5b68128 314220010328
68fa858a 3143 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
3144 resolve linking conflicts with libcrypto. Report and suggested fix
b5b68128 3145 from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
edbe6722 3146 - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
3147 fix from Philippe Levan <levan@epix.net>
cccfea16 3148 - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
3149 doesn't work because of conflicts between krbIV's and OpenSSL's des.h
8d0cc79b 3150 - (djm) Sync openbsd-compat/glob.c
b5b68128 3151
0c90b590 315220010327
3153 - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
68fa858a 3154 - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
60a8683f 3155 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
690d0d7f 3156 - OpenBSD CVS Sync
3157 - djm@cvs.openbsd.org 2001/03/25 00:01:34
3158 [session.c]
3159 shorten; ok markus@
4f4648f9 3160 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
3161 [servconf.c servconf.h session.c sshd.8 sshd_config]
3162 PrintLastLog option; from chip@valinux.com with some minor
3163 changes by me. ok markus@
9afbfcfa 3164 - markus@cvs.openbsd.org 2001/03/26 08:07:09
68fa858a 3165 [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
9afbfcfa 3166 sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
3167 simpler key load/save interface, see authfile.h
68fa858a 3168 - (djm) Reestablish PAM credentials (which can be supplemental group
9afbfcfa 3169 memberships) after initgroups() blows them away. Report and suggested
3170 fix from Nalin Dahyabhai <nalin@redhat.com>
0c90b590 3171
b567a40c 317220010324
3173 - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
80cd07ae 3174 - OpenBSD CVS Sync
3175 - djm@cvs.openbsd.org 2001/03/23 11:04:07
3176 [compat.c compat.h sshconnect2.c sshd.c]
3177 Compat for OpenSSH with broken Rijndael/AES. ok markus@
7af9f7f8 3178 - markus@cvs.openbsd.org 2001/03/23 12:02:49
3179 [auth1.c]
3180 authctxt is now passed to do_authenticated
e285053e 3181 - markus@cvs.openbsd.org 2001/03/23 13:10:57
3182 [sftp-int.c]
3183 fix put, upload to _absolute_ path, ok djm@
1d3c30db 3184 - markus@cvs.openbsd.org 2001/03/23 14:28:32
3185 [session.c sshd.c]
3186 ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
8ca3f6dc 3187 - (djm) Pull out our own SIGPIPE hacks
b567a40c 3188
8a169574 318920010323
68fa858a 3190 - OpenBSD CVS Sync
8a169574 3191 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
68fa858a 3192 [sshd.c]
3193 do not place linefeeds in buffer
8a169574 3194
ee110bfb 319520010322
3196 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
289ba62e 3197 - (bal) version.c CVS ID resync
a5b09902 3198 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
3199 resync
ae7242ef 3200 - (bal) scp.c CVS ID resync
3e587cc3 3201 - OpenBSD CVS Sync
3202 - markus@cvs.openbsd.org 2001/03/20 19:10:16
3203 [readconf.c]
3204 default to SSH protocol version 2
e5d7a405 3205 - markus@cvs.openbsd.org 2001/03/20 19:21:21
3206 [session.c]
3207 remove unused arg
39f7530f 3208 - markus@cvs.openbsd.org 2001/03/20 19:21:21
3209 [session.c]
3210 remove unused arg
bb5639fe 3211 - markus@cvs.openbsd.org 2001/03/21 11:43:45
3212 [auth1.c auth2.c session.c session.h]
3213 merge common ssh v1/2 code
5e7cb456 3214 - jakob@cvs.openbsd.org 2001/03/21 14:20:45
3215 [ssh-keygen.c]
3216 add -B flag to usage
ca4df544 3217 - markus@cvs.openbsd.org 2001/03/21 21:06:30
3218 [session.c]
3219 missing init; from mib@unimelb.edu.au
ee110bfb 3220
f5f6020e 322120010321
68fa858a 3222 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
f5f6020e 3223 VanDevender <stevev@darkwing.uoregon.edu>
37eadb90 3224 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
3225 from Solar Designer <solar@openwall.com>
0a3700ee 3226 - (djm) Don't loop forever when changing password via PAM. Patch
3227 from Solar Designer <solar@openwall.com>
0c13ffa2 3228 - (djm) Generate config files before build
7a7101ec 3229 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
3230 suggested fix from Mike Battersby <mib@unimelb.edu.au>
f5f6020e 3231
8d539493 323220010320
01022caf 3233 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
3234 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
1620233b 3235 - (bal) Oops. Missed globc.h change (OpenBSD CVS).
614dee3a 3236 - (djm) OpenBSD CVS Sync
3237 - markus@cvs.openbsd.org 2001/03/19 17:07:23
3238 [auth.c readconf.c]
3239 undo /etc/shell and proto 2,1 change for openssh-2.5.2
3dd16786 3240 - markus@cvs.openbsd.org 2001/03/19 17:12:10
3241 [version.h]
3242 version 2.5.2
ea44783f 3243 - (djm) Update RPM spec version
3244 - (djm) Release 2.5.2p1
3743cc2f 3245- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
3246 change S_ISLNK macro to work for UnixWare 2.03
9887f269 3247- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
3248 add get_arg_max(). Use sysconf() if ARG_MAX is not defined
8d539493 3249
e339aa53 325020010319
68fa858a 3251 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
e339aa53 3252 do it implicitly.
7cdb79d4 3253 - (djm) Add getusershell() functions from OpenBSD CVS
b1ed8313 3254 - OpenBSD CVS Sync
3255 - markus@cvs.openbsd.org 2001/03/18 12:07:52
3256 [auth-options.c]
3257 ignore permitopen="host:port" if AllowTcpForwarding==no
f8f230bf 3258 - (djm) Make scp work on systems without 64-bit ints
2538ecf1 3259 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
3260 move HAVE_LONG_LONG_INT where it works
d1581d5f 3261 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
107628c0 3262 stuff. Change suggested by Mark Miller <markm@swoon.net>
d1581d5f 3263 - (bal) Small fix to scp. %lu vs %ld
68fa858a 3264 - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
bb6da70f 3265 - (djm) OpenBSD CVS Sync
3266 - djm@cvs.openbsd.org 2001/03/19 03:52:51
3267 [sftp-client.c]
3268 Report ssh connection closing correctly; ok deraadt@
3a1c54d4 3269 - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
3270 [compat.c compat.h sshd.c]
68fa858a 3271 specifically version match on ssh scanners. do not log scan
3a1c54d4 3272 information to the console
dc504afd 3273 - djm@cvs.openbsd.org 2001/03/19 12:10:17
db4d3098 3274 [sshd.8]
dc504afd 3275 Document permitopen authorized_keys option; ok markus@
babd91d4 3276 - djm@cvs.openbsd.org 2001/03/19 05:49:52
3277 [ssh.1]
3278 document PreferredAuthentications option; ok markus@
05c64611 3279 - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
e339aa53 3280
ec0ad9c2 328120010318
68fa858a 3282 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
ec0ad9c2 3283 size not delimited" fatal errors when tranfering.
5cc8d4ad 3284 - OpenBSD CVS Sync
3285 - markus@cvs.openbsd.org 2001/03/17 17:27:59
3286 [auth.c]
3287 check /etc/shells, too
7411201c 3288 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
3289 openbsd-compat/fake-regex.h
ec0ad9c2 3290
8a968c25 329120010317
68fa858a 3292 - Support usrinfo() on AIX. Based on patch from Gert Doering
8a968c25 3293 <gert@greenie.muc.de>
bf1d27bd 3294 - OpenBSD CVS Sync
3295 - markus@cvs.openbsd.org 2001/03/15 15:05:59
3296 [scp.c]
3297 use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
56b3e9ce 3298 - markus@cvs.openbsd.org 2001/03/15 22:07:08
3299 [session.c]
3300 pass Session to do_child + KNF
d50d9b63 3301 - djm@cvs.openbsd.org 2001/03/16 08:16:18
3302 [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
3303 Revise globbing for get/put to be more shell-like. In particular,
3304 "get/put file* directory/" now works. ok markus@
f55d1b5f 3305 - markus@cvs.openbsd.org 2001/03/16 09:55:53
3306 [sftp-int.c]
3307 fix memset and whitespace
6a8496e4 3308 - markus@cvs.openbsd.org 2001/03/16 13:44:24
3309 [sftp-int.c]
3310 discourage strcat/strcpy
01794848 3311 - markus@cvs.openbsd.org 2001/03/16 19:06:30
3312 [auth-options.c channels.c channels.h serverloop.c session.c]
3313 implement "permitopen" key option, restricts -L style forwarding to
3314 to specified host:port pairs. based on work by harlan@genua.de
68fa858a 3315 - Check for gl_matchc support in glob_t and fall back to the
40849fdb 3316 openbsd-compat/glob.[ch] support if it does not exist.
8a968c25 3317
4cb5d598 331820010315
3319 - OpenBSD CVS Sync
3320 - markus@cvs.openbsd.org 2001/03/14 08:57:14
3321 [sftp-client.c]
3322 Wall
85cf5827 3323 - markus@cvs.openbsd.org 2001/03/14 15:15:58
3324 [sftp-int.c]
3325 add version command
61b3a2bc 3326 - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
3327 [sftp-server.c]
3328 note no getopt()
51e2fc8f 3329 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
68fa858a 3330 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
4cb5d598 3331
acc9d6d7 333220010314
3333 - OpenBSD CVS Sync
85cf5827 3334 - markus@cvs.openbsd.org 2001/03/13 17:34:42
3335 [auth-options.c]
3336 missing xfree, deny key on parse error; ok stevesk@
3337 - djm@cvs.openbsd.org 2001/03/13 22:42:54
3338 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
3339 sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
84ceda19 3340 - (bal) Fix strerror() in bsd-misc.c
3341 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
3342 missing or lacks the GLOB_ALTDIRFUNC extension
68fa858a 3343 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
84ceda19 3344 relatively. Avoids conflict between glob.h and /usr/include/glob.h
acc9d6d7 3345
22138a36 334620010313
3347 - OpenBSD CVS Sync
3348 - markus@cvs.openbsd.org 2001/03/12 22:02:02
3349 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
3350 remove old key_fingerprint interface, s/_ex//
3351
539af7f5 335220010312
3353 - OpenBSD CVS Sync
3354 - markus@cvs.openbsd.org 2001/03/11 13:25:36
3355 [auth2.c key.c]
3356 debug
301e8e5b 3357 - jakob@cvs.openbsd.org 2001/03/11 15:03:16
3358 [key.c key.h]
3359 add improved fingerprint functions. based on work by Carsten
3360 Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
954f0550 3361 - jakob@cvs.openbsd.org 2001/03/11 15:04:16
3362 [ssh-keygen.1 ssh-keygen.c]
3363 print both md5, sha1 and bubblebabble fingerprints when using
3364 ssh-keygen -l -v. ok markus@.
08345971 3365 - jakob@cvs.openbsd.org 2001/03/11 15:13:09
3366 [key.c]
3367 cleanup & shorten some var names key_fingerprint_bubblebabble.
64b1aa3b 3368 - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
3369 [ssh-keygen.c]
3370 KNF, and SHA1 binary output is just creeping featurism
733cf7f4 3371 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
3372 test if snprintf() supports %ll
3373 add /dev to search path for PRNGD/EGD socket
3374 fix my mistake in USER_PATH test program
79c9ac1b 3375 - OpenBSD CVS Sync
3376 - markus@cvs.openbsd.org 2001/03/11 18:29:51
3377 [key.c]
3378 style+cleanup
aaf45d87 3379 - markus@cvs.openbsd.org 2001/03/11 22:33:24
3380 [ssh-keygen.1 ssh-keygen.c]
3381 remove -v again. use -B instead for bubblebabble. make -B consistent
3382 with -l and make -B work with /path/to/known_hosts. ok deraadt@
a0322342 3383 - (djm) Bump portable version number for generating test RPMs
94dd09e3 3384 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
68fa858a 3385 - (bal) Reorder includes in Makefile.
539af7f5 3386
d156519a 338720010311
3388 - OpenBSD CVS Sync
3389 - markus@cvs.openbsd.org 2001/03/10 12:48:27
3390 [sshconnect2.c]
3391 ignore nonexisting private keys; report rjmooney@mediaone.net
5e36d59c 3392 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
3393 [readconf.c ssh_config]
3394 default to SSH2, now that m68k runs fast
2f778758 3395 - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
3396 [ttymodes.c ttymodes.h]
3397 remove unused sgtty macros; ok markus@
99c415db 3398 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
3399 [compat.c compat.h sshconnect.c]
3400 all known netscreen ssh versions, and older versions of OSU ssh cannot
3401 handle password padding (newer OSU is fixed)
456fce50 3402 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
3403 make sure $bindir is in USER_PATH so scp will work
cab80f75 3404 - OpenBSD CVS Sync
3405 - markus@cvs.openbsd.org 2001/03/10 17:51:04
3406 [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
3407 add PreferredAuthentications
d156519a 3408
1c9a907f 340920010310
3410 - OpenBSD CVS Sync
3411 - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
3412 [ssh-keygen.c]
68fa858a 3413 create *.pub files with umask 0644, so that you can mv them to
1c9a907f 3414 authorized_keys
cb7bd922 3415 - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
3416 [sshd.c]
3417 typo; slade@shore.net
61cf0e38 3418 - Removed log.o from sftp client. Not needed.
1c9a907f 3419
385590e4 342020010309
3421 - OpenBSD CVS Sync
3422 - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
3423 [auth1.c]
3424 unused; ok markus@
acf06a60 3425 - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
3426 [sftp.1]
3427 spelling, cleanup; ok deraadt@
fee56204 3428 - markus@cvs.openbsd.org 2001/03/08 21:42:33
3429 [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
3430 implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
3431 no need to do enter passphrase or do expensive sign operations if the
3432 server does not accept key).
385590e4 3433
3a7fe5ba 343420010308
3435 - OpenBSD CVS Sync
d5ebca2b 3436 - djm@cvs.openbsd.org 2001/03/07 10:11:23
3437 [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
3438 Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
3439 functions and small protocol change.
3440 - markus@cvs.openbsd.org 2001/03/08 00:15:48
3441 [readconf.c ssh.1]
3442 turn off useprivilegedports by default. only rhost-auth needs
3443 this. older sshd's may need this, too.
097ca118 3444 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
3445 Dirk Markwardt <D.Markwardt@tu-bs.de>
3a7fe5ba 3446
3251b439 344720010307
3448 - (bal) OpenBSD CVS Sync
3449 - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
3450 [ssh-keyscan.c]
3451 appease gcc
a5ec8a3d 3452 - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
3453 [sftp-int.c sftp.1 sftp.c]
3454 sftp -b batchfile; mouring@etoh.eviladmin.org
17910dce 3455 - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
3456 [sftp.1]
3457 order things
2c86906e 3458 - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
3459 [ssh.1 sshd.8]
3460 the name "secure shell" is boring, noone ever uses it
7daf8515 3461 - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
3462 [ssh.1]
3463 removed dated comment
f52798a4 3464 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
3251b439 3465
657297ff 346620010306
3467 - (bal) OpenBSD CVS Sync
3468 - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
3469 [sshd.8]
3470 alpha order; jcs@rt.fm
7c8f2a26 3471 - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
3472 [servconf.c]
3473 sync error message; ok markus@
f2ba0775 3474 - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
3475 [myproposal.h ssh.1]
3476 switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
3477 provos & markus ok
7a6c39a3 3478 - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
3479 [sshd.8]
3480 detail default hmac setup too
7de5b06b 3481 - markus@cvs.openbsd.org 2001/03/05 17:17:21
3482 [kex.c kex.h sshconnect2.c sshd.c]
3483 generate a 2*need size (~300 instead of 1024/2048) random private
3484 exponent during the DH key agreement. according to Niels (the great
3485 german advisor) this is safe since /etc/primes contains strong
3486 primes only.
3487
3488 References:
3489 P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
3490 agreement with short exponents, In Advances in Cryptology
3491 - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
a5df12e9 3492 - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
3493 [ssh.1]
3494 more ssh_known_hosts2 documentation; ok markus@
0b2190ee 3495 - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
3496 [dh.c]
3497 spelling
bbc62e59 3498 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
3499 [authfd.c cli.c ssh-agent.c]
3500 EINTR/EAGAIN handling is required in more cases
c16c7f20 3501 - millert@cvs.openbsd.org 2001/03/06 01:06:03
3502 [ssh-keyscan.c]
3503 Don't assume we wil get the version string all in one read().
3504 deraadt@ OK'd
09cb311c 3505 - millert@cvs.openbsd.org 2001/03/06 01:08:27
3506 [clientloop.c]
3507 If read() fails with EINTR deal with it the same way we treat EAGAIN
657297ff 3508
1a2936c4 350920010305
3510 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
68fa858a 3511 - (bal) CVS ID touch up on sftp-int.c
e77df335 3512 - (bal) CVS ID touch up on uuencode.c
6cca9fde 3513 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
778f6940 3514 - (bal) OpenBSD CVS Sync
dcb971e1 3515 - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
3516 [sshd.8]
3517 it's the OpenSSH one
778f6940 3518 - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
3519 [ssh-keyscan.c]
3520 inline -> __inline__, and some indent
81333640 3521 - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
3522 [authfile.c]
3523 improve fd handling
79ddf6db 3524 - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
3525 [sftp-server.c]
3526 careful with & and &&; markus ok
96ee8386 3527 - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
3528 [ssh.c]
3529 -i supports DSA identities now; ok markus@
0c126dc9 3530 - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
3531 [servconf.c]
3532 grammar; slade@shore.net
ed2166d8 3533 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
3534 [ssh-keygen.1 ssh-keygen.c]
3535 document -d, and -t defaults to rsa1
b07ae1e9 3536 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
3537 [ssh-keygen.1 ssh-keygen.c]
3538 bye bye -d
e2fccec3 3539 - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
3540 [sshd_config]
3541 activate RSA 2 key
e91c60f2 3542 - markus@cvs.openbsd.org 2001/02/22 21:57:27
3543 [ssh.1 sshd.8]
3544 typos/grammar from matt@anzen.com
3b1a83df 3545 - markus@cvs.openbsd.org 2001/02/22 21:59:44
3546 [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
3547 use pwcopy in ssh.c, too
19d57054 3548 - markus@cvs.openbsd.org 2001/02/23 15:34:53
3549 [serverloop.c]
3550 debug2->3
00be5382 3551 - markus@cvs.openbsd.org 2001/02/23 18:15:13
3552 [sshd.c]
3553 the random session key depends now on the session_key_int
3554 sent by the 'attacker'
3555 dig1 = md5(cookie|session_key_int);
3556 dig2 = md5(dig1|cookie|session_key_int);
3557 fake_session_key = dig1|dig2;
3558 this change is caused by a mail from anakin@pobox.com
3559 patch based on discussions with my german advisor niels@openbsd.org
ec63b02d 3560 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
3561 [readconf.c]
3562 look for id_rsa by default, before id_dsa
582038fb 3563 - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
3564 [sshd_config]
3565 ssh2 rsa key before dsa key
6e18cb71 3566 - markus@cvs.openbsd.org 2001/02/27 10:35:27
3567 [packet.c]
3568 fix random padding
1b5dfeb2 3569 - markus@cvs.openbsd.org 2001/02/27 11:00:11
3570 [compat.c]
3571 support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
4ab21f86 3572 - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
3573 [misc.c]
3574 pull in protos
167b3512 3575 - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
3576 [sftp.c]
3577 do not kill the subprocess on termination (we will see if this helps
3578 things or hurts things)
7e8911cd 3579 - markus@cvs.openbsd.org 2001/02/28 08:45:39
3580 [clientloop.c]
3581 fix byte counts for ssh protocol v1
ee55dacf 3582 - markus@cvs.openbsd.org 2001/02/28 08:54:55
3583 [channels.c nchan.c nchan.h]
3584 make sure remote stderr does not get truncated.
3585 remove closed fd's from the select mask.
a6215e53 3586 - markus@cvs.openbsd.org 2001/02/28 09:57:07
3587 [packet.c packet.h sshconnect2.c]
3588 in ssh protocol v2 use ignore messages for padding (instead of
3589 trailing \0).
94dfb550 3590 - markus@cvs.openbsd.org 2001/02/28 12:55:07
3591 [channels.c]
3592 unify debug messages
5649fbbe 3593 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
3594 [misc.c]
3595 for completeness, copy pw_gecos too
0572fe75 3596 - markus@cvs.openbsd.org 2001/02/28 21:21:41
3597 [sshd.c]
3598 generate a fake session id, too
95ce5599 3599 - markus@cvs.openbsd.org 2001/02/28 21:27:48
3600 [channels.c packet.c packet.h serverloop.c]
3601 use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
3602 use random content in ignore messages.
355724fc 3603 - markus@cvs.openbsd.org 2001/02/28 21:31:32
3604 [channels.c]
3605 typo
c3f7d267 3606 - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
3607 [authfd.c]
3608 split line so that p will have an easier time next time around
a01a5f30 3609 - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
3610 [ssh.c]
3611 shorten usage by a line
12bf85ed 3612 - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
3613 [auth-rsa.c auth2.c deattack.c packet.c]
3614 KNF
4371658c 3615 - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
3616 [cli.c cli.h rijndael.h ssh-keyscan.1]
3617 copyright notices on all source files
ce91d6f8 3618 - markus@cvs.openbsd.org 2001/03/01 22:46:37
3619 [ssh.c]
3620 don't truncate remote ssh-2 commands; from mkubita@securities.cz
3621 use min, not max for logging, fixes overflow.
409edaba 3622 - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
3623 [sshd.8]
3624 explain SIGHUP better
b8dc87d3 3625 - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
3626 [sshd.8]
3627 doc the dsa/rsa key pair files
f3c7c613 3628 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
3629 [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
3630 scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
3631 ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
3632 make copyright lines the same format
2671b47f 3633 - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
3634 [ssh-keyscan.c]
3635 standard theo sweep
ff7fee59 3636 - millert@cvs.openbsd.org 2001/03/03 21:19:41
3637 [ssh-keyscan.c]
3638 Dynamically allocate read_wait and its copies. Since maxfd is
3639 based on resource limits it is often (usually?) larger than FD_SETSIZE.
c8d75031 3640 - millert@cvs.openbsd.org 2001/03/03 21:40:30
3641 [sftp-server.c]
3642 Dynamically allocate fd_set; deraadt@ OK
20e04e90 3643 - millert@cvs.openbsd.org 2001/03/03 21:41:07
3644 [packet.c]
3645 Dynamically allocate fd_set; deraadt@ OK
dce9bac5 3646 - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
3647 [sftp-server.c]
3648 KNF
c630ce76 3649 - markus@cvs.openbsd.org 2001/03/03 23:52:22
3650 [sftp.c]
3651 clean up arg processing. based on work by Christophe_Moret@hp.com
20244695 3652 - markus@cvs.openbsd.org 2001/03/03 23:59:34
3653 [log.c ssh.c]
3654 log*.c -> log.c
61f8a1d1 3655 - markus@cvs.openbsd.org 2001/03/04 00:03:59
3656 [channels.c]
3657 debug1->2
38967add 3658 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
3659 [ssh.c]
3660 add -m to usage; ok markus@
46f23b8d 3661 - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
3662 [sshd.8]
3663 small cleanup and clarify for PermitRootLogin; ok markus@
9c81df4c 3664 - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
3665 [servconf.c sshd.8]
3666 kill obsolete RandomSeed; ok markus@ deraadt@
f5429434 3667 - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
3668 [sshd.8]
3669 spelling
54b974dc 3670 - millert@cvs.openbsd.org 2001/03/04 17:42:28
3671 [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
3672 ssh.c sshconnect.c sshd.c]
3673 log functions should not be passed strings that end in newline as they
3674 get passed on to syslog() and when logging to stderr, do_log() appends
3675 its own newline.
51c251f0 3676 - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
3677 [sshd.8]
3678 list SSH2 ciphers
2605addd 3679 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
164c80dc 3680 - (bal) Fix up logging since it changed. removed log-*.c
cc3067d6 3681 - (djm) Fix up LOG_AUTHPRIV for systems that have it
70a052c7 3682 - (stevesk) OpenBSD sync:
3683 - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
3684 [ssh-keyscan.c]
3685 skip inlining, why bother
5152d46f 3686 - (stevesk) sftp.c: handle __progname
1a2936c4 3687
40edd7ef 368820010304
3689 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
889fbcd3 3690 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
3691 give Mark Roth credit for mdoc2man.pl
40edd7ef 3692
9817de5f 369320010303
40edd7ef 3694 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
3695 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
3696 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
3697 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
68fa858a 3698 "--with-egd-pool" configure option with "--with-prngd-socket" and
9bdd5929 3699 "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
3700 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
9817de5f 3701
20cad736 370220010301
68fa858a 3703 - (djm) Properly add -lcrypt if needed.
5f404be3 3704 - (djm) Force standard PAM conversation function in a few more places.
68fa858a 3705 Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
5f404be3 3706 <nalin@redhat.com>
68fa858a 3707 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
480eb294 3708 <vinschen@redhat.com>
ad1f4a20 3709 - (djm) Released 2.5.1p2
20cad736 3710
cf0c5df5 371120010228
3712 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
3713 "Bad packet length" bugs.
68fa858a 3714 - (djm) Fully revert PAM session patch (again). All PAM session init is
403f5a8e 3715 now done before the final fork().
065ef9b1 3716 - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
d9b1f19a 3717 - (djm) Remove /tmp from EGD socket search list
cf0c5df5 3718
86b416a7 371920010227
68fa858a 3720 - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
51fb577a 3721 <vinschen@redhat.com>
2af09193 3722 - (bal) OpenBSD Sync
3723 - markus@cvs.openbsd.org 2001/02/23 15:37:45
3724 [session.c]
3725 handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
68fa858a 3726 - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
a892c46e 3727 <jmknoble@jmknoble.cx>
68fa858a 3728 - (djm) Fix up POSIX saved uid support. Report from Mark Miller
f4e9a0e1 3729 <markm@swoon.net>
3730 - (djm) Search for -lcrypt on FreeBSD too
c7c72446 3731 - (djm) fatal() on OpenSSL version mismatch
27cf96de 3732 - (djm) Move PAM init to after fork for non-Solaris derived PAMs
d5c4c52e 3733 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
3734 <markm@swoon.net>
4bc6dd70 3735 - (djm) Fix PAM fix
4236bde4 3736 - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
3737 change is being made as 2.5.x configfiles are not back-compatible with
64e0e67e 3738 2.3.x.
3739 - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
3740 <markm@swoon.net>
68fa858a 3741 - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
a29d3f1c 3742 <tim@multitalents.net>
68fa858a 3743 - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
a29d3f1c 3744 <tim@multitalents.net>
51fb577a 3745
4925395f 374620010226
3747 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
68fa858a 3748 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
e9a13ac1 3749 Based on patch from Tim Rice <tim@multitalents.net>
4925395f 3750
1eb4ec64 375120010225
3752 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
3753 Patch from Adrian Ho <lexfiend@usa.net>
490cad94 3754 - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
3755 platform defines u_int64_t as being that.
1eb4ec64 3756
a738c3b0 375720010224
68fa858a 3758 - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
a738c3b0 3759 Vinschen <vinschen@redhat.com>
3760 - (bal) Reorder where 'strftime' is detected to resolve linking
3761 issues on SCO. Patch by Tim Rice <tim@multitalents.net>
3762
8fd97cc4 376320010224
3764 - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
3765 Patch by Pekka Savola <pekkas@netcore.fi>
8f0b3553 3766 - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
3767 some platforms.
3d114925 3768 - (bal) Generalize lack of UNIX sockets since this also effects Cray
3769 not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
8fd97cc4 3770
14a49e44 377120010223
3772 - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
3773 <tell@telltronics.org>
cb291102 3774 - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
3775 that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
68fa858a 3776 - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
5a67331c 3777 <tim@multitalents.net>
14a49e44 3778
68fa858a 377920010222
73d6d7fa 3780 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
ca742b3b 3781 - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
3782 - (bal) Removed reference to liblogin from contrib/README. It was
3783 integrated into OpenSSH a long while ago.
2a81eb9f 3784 - (stevesk) remove erroneous #ifdef sgi code.
3785 Michael Stone <mstone@cs.loyola.edu>
73d6d7fa 3786
fbf305f1 378720010221
3788 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
68fa858a 3789 - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
9dd3bc84 3790 <tim@multitalents.net>
1fe61b2e 3791 - (bal) Reverted out of 2001/02/15 patch by djm below because it
3792 breaks Solaris.
3793 - (djm) Move PAM session setup back to before setuid to user.
3794 fixes problems on Solaris-drived PAMs.
266140a8 3795 - (stevesk) session.c: back out to where we were before:
68fa858a 3796 - (djm) Move PAM session initialisation until after fork in sshd. Patch
266140a8 3797 from Nalin Dahyabhai <nalin@redhat.com>
9dd3bc84 3798
8b3319f4 379920010220
3800 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
3801 getcwd.c.
c2b544a5 3802 - (bal) OpenBSD CVS Sync:
3803 - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
3804 [sshd.c]
3805 clarify message to make it not mention "ident"
8b3319f4 3806
1729c161 380720010219
3808 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
3809 pty.[ch] -> sshpty.[ch]
d6f13fbb 3810 - (djm) Rework search for OpenSSL location. Skip directories which don't
3811 exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
3812 with its limit of 6 -L options.
0476625f 3813 - OpenBSD CVS Sync:
3814 - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
3815 [sftp.1]
3816 typo
3817 - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
3818 [ssh.c]
3819 cleanup -V output; noted by millert
3820 - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
3821 [sshd.8]
3822 it's the OpenSSH one
3823 - markus@cvs.openbsd.org 2001/02/18 11:33:54
3824 [dispatch.c]
3825 typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
3826 - markus@cvs.openbsd.org 2001/02/19 02:53:32
3827 [compat.c compat.h serverloop.c]
3828 ssh-1.2.{18-22} has broken handling of ignore messages; report from
3829 itojun@
3830 - markus@cvs.openbsd.org 2001/02/19 03:35:23
3831 [version.h]
3832 OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
3833 - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
3834 [scp.c]
3835 np is changed by recursion; vinschen@redhat.com
3836 - Update versions in RPM spec files
3837 - Release 2.5.1p1
1729c161 3838
663fd560 383920010218
68fa858a 3840 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
3841 <tim@multitalents.net>
25cd3375 3842 - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
3843 stevesk
68fa858a 3844 - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
58e7f038 3845 <vinschen@redhat.com> and myself.
32ced054 3846 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
3847 Miskiewicz <misiek@pld.ORG.PL>
6a951840 3848 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
3849 Todd C. Miller <Todd.Miller@courtesan.com>
68fa858a 3850 - (djm) Use ttyname() to determine name of tty returned by openpty()
3851 rather then risking overflow. Patch from Marek Michalkiewicz
b82f1310 3852 <marekm@amelek.gda.pl>
68fa858a 3853 - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
bdf80b2c 3854 Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
af8fda37 3855 - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
68fa858a 3856 - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
df538d55 3857 SunOS)
68fa858a 3858 - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
f61d6b17 3859 <tim@multitalents.net>
dfef7e7e 3860 - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
36a358ca 3861 - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
68fa858a 3862 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
d54d99a3 3863 SIGALRM.
e1a023df 3864 - (djm) Move entropy.c over to mysignal()
68fa858a 3865 - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
3866 a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
667beaa9 3867 Miller <Todd.Miller@courtesan.com>
ecdde3d8 3868 - (djm) Update RPM spec files for 2.5.0p1
51ee9048 3869 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
3870 enable with --with-bsd-auth.
2adddc78 3871 - (stevesk) entropy.c: typo; should be SIGPIPE
663fd560 3872
0b1728c5 387320010217
3874 - (bal) OpenBSD Sync:
3875 - markus@cvs.openbsd.org 2001/02/16 13:38:18
68fa858a 3876 [channel.c]
3877 remove debug
c8b058b4 3878 - markus@cvs.openbsd.org 2001/02/16 14:03:43
3879 [session.c]
3880 proper payload-length check for x11 w/o screen-number
0b1728c5 3881
b41d8d4d 388220010216
3883 - (bal) added '--with-prce' to allow overriding of system regex when
3884 required (tested by David Dulek <ddulek@fastenal.com>)
d6fdb079 3885 - (bal) Added DG/UX case and set that they have a broken IPTOS.
278588d8 3886 - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
3887 Fixes linking on SCO.
68fa858a 3888 - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
0ceb21d6 3889 Nalin Dahyabhai <nalin@redhat.com>
3890 - (djm) BSD license for gnome-ssh-askpass (was X11)
3891 - (djm) KNF on gnome-ssh-askpass
ed6553e2 3892 - (djm) USE_PIPES for a few more sysv platforms
3893 - (djm) Cleanup configure.in a little
3894 - (djm) Ask users to check config.log when we can't find necessary libs
aca75d94 3895 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
3896 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
0ae4fe1d 3897 - (djm) OpenBSD CVS:
3898 - markus@cvs.openbsd.org 2001/02/15 16:19:59
3899 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
3900 [sshconnect1.c sshconnect2.c]
3901 genericize password padding function for SSH1 and SSH2.
3902 add stylized echo to 2, too.
3903 - (djm) Add roundup() macro to defines.h
9535dddf 3904 - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
3905 needed on Unixware 2.x.
b41d8d4d 3906
0086bfaf 390720010215
68fa858a 3908 - (djm) Move PAM session setup back to before setuid to user. Fixes
0086bfaf 3909 problems on Solaris-derived PAMs.
e11aab29 3910 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
3911 <Darren.Moffat@eng.sun.com>
9e3c31f7 3912 - (bal) Sync w/ OpenSSH for new release
3913 - markus@cvs.openbsd.org 2001/02/12 12:45:06
3914 [sshconnect1.c]
3915 fix xmalloc(0), ok dugsong@
b2552997 3916 - markus@cvs.openbsd.org 2001/02/11 12:59:25
3917 [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
3918 sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
3919 1) clean up the MAC support for SSH-2
3920 2) allow you to specify the MAC with 'ssh -m'
3921 3) or the 'MACs' keyword in ssh(d)_config
3922 4) add hmac-{md5,sha1}-96
3923 ok stevesk@, provos@
15853e93 3924 - markus@cvs.openbsd.org 2001/02/12 16:16:23
3925 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
3926 ssh-keygen.c sshd.8]
3927 PermitRootLogin={yes,without-password,forced-commands-only,no}
3928 (before this change, root could login even if PermitRootLogin==no)
7cc4cf0a 3929 - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
fd193ca4 3930 [clientloop.c packet.c ssh-keyscan.c]
3931 deal with EAGAIN/EINTR selects which were skipped
7cc4cf0a 3932 - markus@cvs.openssh.org 2001/02/13 22:49:40
3933 [auth1.c auth2.c]
3934 setproctitle(user) only if getpwnam succeeds
3935 - markus@cvs.openbsd.org 2001/02/12 23:26:20
3936 [sshd.c]
3937 missing memset; from solar@openwall.com
3938 - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
3939 [sftp-int.c]
3940 lumask now works with 1 numeric arg; ok markus@, djm@
3941 - djm@cvs.openbsd.org 2001/02/14 9:46:03
3942 [sftp-client.c sftp-int.c sftp.1]
3943 Fix and document 'preserve modes & times' option ('-p' flag in sftp);
3944 ok markus@
0b16bb01 3945 - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
3946 - (djm) Move to Jim's 1.2.0 X11 askpass program
62da27dd 3947 - (stevesk) OpenBSD sync:
3948 - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
3949 [serverloop.c]
3950 indent
0b16bb01 3951
1c2d0a13 395220010214
3953 - (djm) Don't try to close PAM session or delete credentials if the
68fa858a 3954 session has not been open or credentials not set. Based on patch from
1c2d0a13 3955 Andrew Bartlett <abartlet@pcug.org.au>
68fa858a 3956 - (djm) Move PAM session initialisation until after fork in sshd. Patch
0ab1bcba 3957 from Nalin Dahyabhai <nalin@redhat.com>
958e5ae4 3958 - (bal) Missing function prototype in bsd-snprintf.c patch by
3959 Mark Miller <markm@swoon.net>
b7ccb051 3960 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
3961 <cmadams@hiwaay.net> with a little modification and KNF.
815800e1 3962 - (stevesk) fix for SIA patch, misplaced session_setup_sia()
1c2d0a13 3963
0610439b 396420010213
84eb157c 3965 - (djm) Only test -S potential EGD sockets if they exist and are readable.
f1312c76 3966 - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
3967 I did a base KNF over the whe whole file to make it more acceptable.
3968 (backed out of original patch and removed it from ChangeLog)
01f13020 3969 - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
3970 Tim Rice <tim@multitalents.net>
8d60e965 3971 - (stevesk) auth1.c: fix PAM passwordless check.
0610439b 3972
894a4851 397320010212
68fa858a 3974 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
3975 --define "skip_gnome_askpass 1", --define "rh7 1" and make the
3976 implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
894a4851 3977 Pekka Savola <pekkas@netcore.fi>
782d6a0d 3978 - (djm) Clean up PCRE text in INSTALL
68fa858a 3979 - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
77db6c3f 3980 <mib@unimelb.edu.au>
6f68f28a 3981 - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
01a7bc9a 3982 - (stevesk) session.c: remove debugging code.
894a4851 3983
abf1f107 398420010211
3985 - (bal) OpenBSD Sync
3986 - markus@cvs.openbsd.org 2001/02/07 22:35:46
3987 [auth1.c auth2.c sshd.c]
3988 move k_setpag() to a central place; ok dugsong@
c845316f 3989 - markus@cvs.openbsd.org 2001/02/10 12:52:02
3990 [auth2.c]
3991 offer passwd before s/key
e6fa162e 3992 - markus@cvs.openbsd.org 2001/02/8 22:37:10
3993 [canohost.c]
3994 remove last call to sprintf; ok deraadt@
0ab4b0f0 3995 - markus@cvs.openbsd.org 2001/02/10 1:33:32
3996 [canohost.c]
3997 add debug message, since sshd blocks here if DNS is not available
7f8ea238 3998 - markus@cvs.openbsd.org 2001/02/10 12:44:02
3999 [cli.c]
4000 don't call vis() for \r
5c470997 4001 - danh@cvs.openbsd.org 2001/02/10 0:12:43
4002 [scp.c]
4003 revert a small change to allow -r option to work again; ok deraadt@
4004 - danh@cvs.openbsd.org 2001/02/10 15:14:11
4005 [scp.c]
4006 fix memory leak; ok markus@
a0e6fead 4007 - djm@cvs.openbsd.org 2001/02/10 0:45:52
4008 [scp.1]
4009 Mention that you can quote pathnames with spaces in them
b3106440 4010 - markus@cvs.openbsd.org 2001/02/10 1:46:28
4011 [ssh.c]
4012 remove mapping of argv[0] -> hostname
f72e01a5 4013 - markus@cvs.openbsd.org 2001/02/06 22:26:17
4014 [sshconnect2.c]
4015 do not ask for passphrase in batch mode; report from ejb@ql.org
4016 - itojun@cvs.opebsd.org 2001/02/08 10:47:05
5d1d11d1 4017 [sshconnect.c sshconnect1.c sshconnect2.c]
68fa858a 4018 %.30s is too short for IPv6 numeric address. use %.128s for now.
f72e01a5 4019 markus ok
4020 - markus@cvs.openbsd.org 2001/02/09 12:28:35
4021 [sshconnect2.c]
4022 do not free twice, thanks to /etc/malloc.conf
4023 - markus@cvs.openbsd.org 2001/02/09 17:10:53
4024 [sshconnect2.c]
4025 partial success: debug->log; "Permission denied" if no more auth methods
4026 - markus@cvs.openbsd.org 2001/02/10 12:09:21
4027 [sshconnect2.c]
4028 remove some lines
e0b2cf6b 4029 - markus@cvs.openbsd.org 2001/02/09 13:38:07
4030 [auth-options.c]
4031 reset options if no option is given; from han.holl@prismant.nl
ca910e13 4032 - markus@cvs.openbsd.org 2001/02/08 21:58:28
4033 [channels.c]
4034 nuke sprintf, ok deraadt@
4035 - markus@cvs.openbsd.org 2001/02/08 21:58:28
4036 [channels.c]
4037 nuke sprintf, ok deraadt@
affa8be4 4038 - markus@cvs.openbsd.org 2001/02/06 22:43:02
4039 [clientloop.h]
4040 remove confusing callback code
d2c46e77 4041 - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
4042 [readconf.c]
4043 snprintf
cc8aca8a 4044 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
4045 sync with netbsd tree changes.
4046 - more strict prototypes, include necessary headers
4047 - use paths.h/pathnames.h decls
4048 - size_t typecase to int -> u_long
5be2ec5e 4049 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
4050 [ssh-keyscan.c]
4051 fix size_t -> int cast (use u_long). markus ok
4052 - markus@cvs.openbsd.org 2001/02/07 22:43:16
4053 [ssh-keyscan.c]
4054 s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
4055 - itojun@cvs.openbsd.org 2001/02/09 9:04:59
4056 [ssh-keyscan.c]
68fa858a 4057 do not assume malloc() returns zero-filled region. found by
5be2ec5e 4058 malloc.conf=AJ.
f21032a6 4059 - markus@cvs.openbsd.org 2001/02/08 22:35:30
4060 [sshconnect.c]
68fa858a 4061 don't connect if batch_mode is true and stricthostkeychecking set to
f21032a6 4062 'ask'
7bbcc167 4063 - djm@cvs.openbsd.org 2001/02/04 21:26:07
4064 [sshd_config]
4065 type: ok markus@
4066 - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
4067 [sshd_config]
4068 enable sftp-server by default
a2e6d17d 4069 - deraadt 2001/02/07 8:57:26
4070 [xmalloc.c]
4071 deal with new ANSI malloc stuff
4072 - markus@cvs.openbsd.org 2001/02/07 16:46:08
4073 [xmalloc.c]
4074 typo in fatal()
4075 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
4076 [xmalloc.c]
4077 fix size_t -> int cast (use u_long). markus ok
4ef922e3 4078 - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
4079 [serverloop.c sshconnect1.c]
68fa858a 4080 mitigate SSH1 traffic analysis - from Solar Designer
4ef922e3 4081 <solar@openwall.com>, ok provos@
68fa858a 4082 - (bal) fixed sftp-client.c. Return 'status' instead of '0'
ca910e13 4083 (from the OpenBSD tree)
6b442913 4084 - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
27df9d4a 4085 - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
17321afe 4086 - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
f98d56f0 4087 - (bal) A bit more whitespace cleanup
68fa858a 4088 - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
e275684f 4089 <abartlet@pcug.org.au>
b27e97b1 4090 - (stevesk) misc.c: ssh.h not needed.
38a316c0 4091 - (stevesk) compat.c: more friendly cpp error
94f38e16 4092 - (stevesk) OpenBSD sync:
4093 - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
4094 [LICENSE]
4095 typos and small cleanup; ok deraadt@
abf1f107 4096
0426a3b4 409720010210
4098 - (djm) Sync sftp and scp stuff from OpenBSD:
4099 - djm@cvs.openbsd.org 2001/02/07 03:55:13
4100 [sftp-client.c]
4101 Don't free handles before we are done with them. Based on work from
4102 Corinna Vinschen <vinschen@redhat.com>. ok markus@
4103 - djm@cvs.openbsd.org 2001/02/06 22:32:53
4104 [sftp.1]
4105 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
4106 - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
4107 [sftp.1]
4108 pretty up significantly
4109 - itojun@cvs.openbsd.org 2001/02/07 06:49:42
4110 [sftp.1]
4111 .Bl-.El mismatch. markus ok
4112 - djm@cvs.openbsd.org 2001/02/07 06:12:30
4113 [sftp-int.c]
4114 Check that target is a directory before doing ls; ok markus@
4115 - itojun@cvs.openbsd.org 2001/02/07 11:01:18
4116 [scp.c sftp-client.c sftp-server.c]
4117 unsigned long long -> %llu, not %qu. markus ok
4118 - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
4119 [sftp.1 sftp-int.c]
4120 more man page cleanup and sync of help text with man page; ok markus@
4121 - markus@cvs.openbsd.org 2001/02/07 14:58:34
4122 [sftp-client.c]
4123 older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
4124 - djm@cvs.openbsd.org 2001/02/07 15:27:19
4125 [sftp.c]
4126 Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
4127 <roumen.petrov@skalasoft.com>
4128 - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
4129 [sftp-int.c]
4130 portable; ok markus@
4131 - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
4132 [sftp-int.c]
4133 lowercase cmds[].c also; ok markus@
4134 - markus@cvs.openbsd.org 2001/02/07 17:04:52
4135 [pathnames.h sftp.c]
4136 allow sftp over ssh protocol 1; ok djm@
4137 - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
4138 [scp.c]
4139 memory leak fix, and snprintf throughout
4140 - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
4141 [sftp-int.c]
4142 plug a memory leak
4143 - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
4144 [session.c sftp-client.c]
4145 %i -> %d
4146 - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
4147 [sftp-int.c]
4148 typo
4149 - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
4150 [sftp-int.c pathnames.h]
4151 _PATH_LS; ok markus@
4152 - djm@cvs.openbsd.org 2001/02/09 04:46:25
4153 [sftp-int.c]
4154 Check for NULL attribs for chown, chmod & chgrp operations, only send
4155 relevant attribs back to server; ok markus@
96b64eb0 4156 - djm@cvs.openbsd.org 2001/02/06 15:05:25
4157 [sftp.c]
4158 Use getopt to process commandline arguments
4159 - djm@cvs.openbsd.org 2001/02/06 15:06:21
4160 [sftp.c ]
4161 Wait for ssh subprocess at exit
4162 - djm@cvs.openbsd.org 2001/02/06 15:18:16
4163 [sftp-int.c]
4164 stat target for remote chdir before doing chdir
4165 - djm@cvs.openbsd.org 2001/02/06 15:32:54
4166 [sftp.1]
4167 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
4168 - provos@cvs.openbsd.org 2001/02/05 22:22:02
4169 [sftp-int.c]
4170 cleanup get_pathname, fix pwd after failed cd. okay djm@
0426a3b4 4171 - (djm) Update makefile.in for _PATH_SFTP_SERVER
c9f5e42e 4172 - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
0426a3b4 4173
6d1e1d2b 417420010209
68fa858a 4175 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
6d1e1d2b 4176 <rjmooney@mediaone.net>
bb0c1991 4177 - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
68fa858a 4178 main tree while porting forward. Pointed out by Lutz Jaenicke
bb0c1991 4179 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
f902d909 4180 - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
4181 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
25f4c264 4182 - (stevesk) OpenBSD sync:
4183 - markus@cvs.openbsd.org 2001/02/08 11:20:01
4184 [auth2.c]
4185 strict checking
4186 - markus@cvs.openbsd.org 2001/02/08 11:15:22
4187 [version.h]
4188 update to 2.3.2
4189 - markus@cvs.openbsd.org 2001/02/08 11:12:30
4190 [auth2.c]
4191 fix typo
72b3f75d 4192 - (djm) Update spec files
0ed28836 4193 - (bal) OpenBSD sync:
4194 - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
4195 [scp.c]
4196 memory leak fix, and snprintf throughout
1fc8ccdf 4197 - markus@cvs.openbsd.org 2001/02/06 22:43:02
4198 [clientloop.c]
4199 remove confusing callback code
0b202697 4200 - (djm) Add CVS Id's to files that we have missed
5ca51e19 4201 - (bal) OpenBSD Sync (more):
4202 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
4203 sync with netbsd tree changes.
4204 - more strict prototypes, include necessary headers
4205 - use paths.h/pathnames.h decls
4206 - size_t typecase to int -> u_long
1f3bf5aa 4207 - markus@cvs.openbsd.org 2001/02/06 22:07:42
4208 [ssh.c]
4209 fatal() if subsystem fails
4210 - markus@cvs.openbsd.org 2001/02/06 22:43:02
4211 [ssh.c]
4212 remove confusing callback code
4213 - jakob@cvs.openbsd.org 2001/02/06 23:03:24
4214 [ssh.c]
4215 add -1 option (force protocol version 1). ok markus@
4216 - jakob@cvs.openbsd.org 2001/02/06 23:06:21
4217 [ssh.c]
4218 reorder -{1,2,4,6} options. ok markus@
e6aa01b4 4219 - (bal) Missing 'const' in readpass.h
9c5a8165 4220 - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
4221 - djm@cvs.openbsd.org 2001/02/06 23:30:28
4222 [sftp-client.c]
4223 replace arc4random with counter for request ids; ok markus@
68fa858a 4224 - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
bc79ed5c 4225 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
6d1e1d2b 4226
6a25c04c 422720010208
4228 - (djm) Don't delete external askpass program in make uninstall target.
4229 Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
6958bd37 4230 - (djm) Fix linking of sftp, don't need arc4random any more.
4231 - (djm) Try to use shell that supports "test -S" for EGD socket search.
4232 Based on patch from Tim Rice <tim@multitalents.net>
6a25c04c 4233
547519f0 423420010207
bee0a37e 4235 - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
4236 seem lose track of it while in openbsd-compat/ (two confirmed reports)
5c377b3b 4237 - (djm) Much KNF on PAM code
547519f0 4238 - (djm) Revise auth-pam.c conversation function to be a little more
4239 readable.
5c377b3b 4240 - (djm) Revise kbd-int PAM conversation function to fold all text messages
4241 to before first prompt. Fixes hangs if last pam_message did not require
4242 a reply.
4243 - (djm) Fix password changing when using PAM kbd-int authentication
bee0a37e 4244
547519f0 424520010205
2b87da3b 4246 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
99286dc8 4247 that don't have NGROUPS_MAX.
57559587 4248 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
2b87da3b 4249 - (stevesk) OpenBSD sync:
4250 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
4251 [many files; did this manually to our top-level source dir]
4252 unexpand and remove end-of-line whitespace; ok markus@
408ba72f 4253 - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
4254 [sftp-server.c]
4255 SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
ec2a033a 4256 - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
4257 [sftp-int.c]
4258 ? == help
4259 - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
4260 [sftp-int.c]
4261 sort commands, so that abbreviations work as expected
4262 - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
4263 [sftp-int.c]
4264 debugging sftp: precedence and missing break. chmod, chown, chgrp
4265 seem to be working now.
4266 - markus@cvs.openbsd.org 2001/02/04 14:41:21
4267 [sftp-int.c]
4268 use base 8 for umask/chmod
4269 - markus@cvs.openbsd.org 2001/02/04 11:11:54
4270 [sftp-int.c]
4271 fix LCD
c44559d2 4272 - markus@cvs.openbsd.org 2001/02/04 08:10:44
4273 [ssh.1]
4274 typo; dpo@club-internet.fr
a5930351 4275 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
4276 [auth2.c authfd.c packet.c]
4277 remove duplicate #include's; ok markus@
6a416424 4278 - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
4279 [scp.c sshd.c]
4280 alpha happiness
4281 - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
4282 [sshd.c]
4283 precedence; ok markus@
02a024dd 4284 - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
6a416424 4285 [ssh.c sshd.c]
4286 make the alpha happy
02a024dd 4287 - markus@cvs.openbsd.org 2001/01/31 13:37:24
4288 [channels.c channels.h serverloop.c ssh.c]
68fa858a 4289 do not disconnect if local port forwarding fails, e.g. if port is
547519f0 4290 already in use
02a024dd 4291 - markus@cvs.openbsd.org 2001/02/01 14:58:09
4292 [channels.c]
4293 use ipaddr in channel messages, ietf-secsh wants this
4294 - markus@cvs.openbsd.org 2001/01/31 12:26:20
4295 [channels.c]
68fa858a 4296 ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
547519f0 4297 messages; bug report from edmundo@rano.org
a741554f 4298 - markus@cvs.openbsd.org 2001/01/31 13:48:09
4299 [sshconnect2.c]
4300 unused
9378f292 4301 - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
4302 [sftp-client.c sftp-server.c]
4303 make gcc on the alpha even happier
1fc243d1 4304
547519f0 430520010204
781a0585 4306 - (bal) I think this is the last of the bsd-*.h that don't belong.
634e0b53 4307 - (bal) Minor Makefile fix
f0f14bea 4308 - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
61e96248 4309 right.
78987b57 4310 - (bal) Changed order of LIB="" in -with-skey due to library resolving.
166e4f2a 4311 - (bal) next-posix.h changed to bsd-nextstep.h
61e96248 4312 - (djm) OpenBSD CVS sync:
4313 - markus@cvs.openbsd.org 2001/02/03 03:08:38
4314 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
4315 [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
4316 [sshd_config]
4317 make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
4318 - markus@cvs.openbsd.org 2001/02/03 03:19:51
4319 [ssh.1 sshd.8 sshd_config]
4320 Skey is now called ChallengeResponse
4321 - markus@cvs.openbsd.org 2001/02/03 03:43:09
4322 [sshd.8]
4323 use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
4324 channel. note from Erik.Anggard@cygate.se (pr/1659)
4325 - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
4326 [ssh.1]
4327 typos; ok markus@
4328 - djm@cvs.openbsd.org 2001/02/04 04:11:56
4329 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
4330 [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
4331 Basic interactive sftp client; ok theo@
4332 - (djm) Update RPM specs for new sftp binary
68fa858a 4333 - (djm) Update several bits for new optional reverse lookup stuff. I
61e96248 4334 think I got them all.
8b061486 4335 - (djm) Makefile.in fixes
1aa00dcb 4336 - (stevesk) add mysignal() wrapper and use it for the protocol 2
4337 SIGCHLD handler.
408ba72f 4338 - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
781a0585 4339
547519f0 434020010203
63fe0529 4341 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
bf3db92d 4342 - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
4343 based file) to ensure #include space does not get confused.
f78888c7 4344 - (bal) Minor Makefile.in tweak. dirname may not exist on some
4345 platforms so builds fail. (NeXT being a well known one)
63fe0529 4346
547519f0 434720010202
61e96248 4348 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
c85a87f2 4349 <vinschen@redhat.com>
71301416 4350 - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
4351 that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
c85a87f2 4352
547519f0 435320010201
ad5075bd 4354 - (bal) Minor fix to Makefile to stop rebuilding executables if no
4355 changes have occured to any of the supporting code. Patch by
4356 Roumen Petrov <roumen.petrov@skalasoft.com>
4357
9c8dbb1b 435820010131
37845585 4359 - (djm) OpenBSD CVS Sync:
4360 - djm@cvs.openbsd.org 2001/01/30 15:48:53
4361 [sshconnect.c]
4362 Make warning message a little more consistent. ok markus@
8c89dd2b 4363 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
4364 Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
4365 respectively.
c59dc6bd 4366 - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
4367 passwords.
9c8dbb1b 4368 - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
4369 openbsd-compat/. And resolve all ./configure and Makefile.in issues
4370 assocated.
37845585 4371
9c8dbb1b 437220010130
39929cdb 4373 - (djm) OpenBSD CVS Sync:
4374 - markus@cvs.openbsd.org 2001/01/29 09:55:37
4375 [channels.c channels.h clientloop.c serverloop.c]
4376 fix select overflow; ok deraadt@ and stevesk@
865ac82e 4377 - markus@cvs.openbsd.org 2001/01/29 12:42:35
4378 [canohost.c canohost.h channels.c clientloop.c]
4379 add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
46aa2d1f 4380 - markus@cvs.openbsd.org 2001/01/29 12:47:32
4381 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
4382 handle rsa_private_decrypt failures; helps against the Bleichenbacher
4383 pkcs#1 attack
ae810de7 4384 - djm@cvs.openbsd.org 2001/01/29 05:36:11
4385 [ssh.1 ssh.c]
4386 Allow invocation of sybsystem by commandline (-s); ok markus@
83bc57f9 4387 - (stevesk) configure.in: remove duplicate PROG_LS
39929cdb 4388
9c8dbb1b 438920010129
f29ef605 4390 - (stevesk) sftp-server.c: use %lld vs. %qd
4391
cb9da0fc 439220010128
4393 - (bal) Put USE_PIPES back into sco3.2v5
23c2a7a5 4394 - (bal) OpenBSD Sync
9bd5b720 4395 - markus@cvs.openbsd.org 2001/01/28 10:15:34
4396 [dispatch.c]
4397 re-keying is not supported; ok deraadt@
5fb622e4 4398 - markus@cvs.openbsd.org 2001/01/28 10:24:04
7f5c4295 4399 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5fb622e4 4400 cleanup AUTHORS sections
9bd5b720 4401 - markus@cvs.openbsd.org 2001/01/28 10:37:26
ab60252b 4402 [sshd.c sshd.8]
9bd5b720 4403 remove -Q, no longer needed
4404 - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
a877488a 4405 [readconf.c ssh.1]
9bd5b720 4406 ``StrictHostKeyChecking ask'' documentation and small cleanup.
4407 ok markus@
6f37606e 4408 - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
61e96248 4409 [sshd.8]
6f37606e 4410 spelling. ok markus@
95f4ccfb 4411 - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
4412 [xmalloc.c]
4413 use size_t for strlen() return. ok markus@
6f37606e 4414 - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
4415 [authfile.c]
4416 spelling. use sizeof vs. strlen(). ok markus@
9bd5b720 4417 - niklas@cvs.openbsd.org 2001/01/29 1:59:14
23c2a7a5 4418 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
4419 groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
4420 key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
4421 radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
4422 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
4423 sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
4424 $OpenBSD$
b0e305c9 4425 - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
cb9da0fc 4426
c9606e03 442720010126
61e96248 4428 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
c9606e03 4429 Petrov <roumen.petrov@skalasoft.com>
2f4b2e38 4430 - (bal) OpenBSD Sync
4431 - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
4432 [ssh-agent.c]
4433 call _exit() in signal handler
c9606e03 4434
d7d5f0b2 443520010125
4436 - (djm) Sync bsd-* support files:
4437 - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
4438 [rresvport.c bindresvport.c]
61e96248 4439 new bindresvport() semantics that itojun, shin, jean-luc and i have
d7d5f0b2 4440 agreed on, which will be happy for the future. bindresvport_sa() for
4441 sockaddr *, too. docs later..
4442 - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
4443 [bindresvport.c]
61e96248 4444 in bindresvport(), if sin is non-NULL, example sin->sin_family for
d7d5f0b2 4445 the actual family being processed
e1dd3a7a 4446 - (djm) Mention PRNGd in documentation, it is nicer than EGD
4447 - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
8080699b 4448 - (bal) AC_FUNC_STRFTIME added to autoconf
4ccb01d6 4449 - (bal) OpenBSD Resync
4450 - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
4451 [channels.c]
4452 missing freeaddrinfo(); ok markus@
d7d5f0b2 4453
556eb464 445420010124
4455 - (bal) OpenBSD Resync
4456 - markus@cvs.openbsd.org 2001/01/23 10:45:10
4457 [ssh.h]
61e96248 4458 nuke comment
1aecda34 4459 - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
4460 - (bal) #ifdef around S_IFSOCK if platform does not support it.
4461 patch by Tim Rice <tim@multitalents.net>
4462 - (bal) fake-regex.h cleanup based on Tim Rice's patch.
c33f0b36 4463 - (stevesk) sftp-server.c: fix chmod() mode mask
556eb464 4464
effa6591 446520010123
4466 - (bal) regexp.h typo in configure.in. Should have been regex.h
4467 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
61e96248 4468 - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
53a24016 4469 - (bal) OpenBSD Resync
4470 - markus@cvs.openbsd.org 2001/01/22 8:15:00
4471 [auth-krb4.c sshconnect1.c]
4472 only AFS needs radix.[ch]
4473 - markus@cvs.openbsd.org 2001/01/22 8:32:53
4474 [auth2.c]
4475 no need to include; from mouring@etoh.eviladmin.org
4476 - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
4477 [key.c]
4478 free() -> xfree(); ok markus@
4479 - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
4480 [sshconnect2.c sshd.c]
4481 fix memory leaks in SSH2 key exchange; ok markus@
d464095c 4482 - markus@cvs.openbsd.org 2001/01/22 23:06:39
4483 [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
4484 sshconnect1.c sshconnect2.c sshd.c]
4485 rename skey -> challenge response.
4486 auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
53a24016 4487
effa6591 4488
42f11eb2 448920010122
4490 - (bal) OpenBSD Resync
4491 - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
4492 [servconf.c ssh.h sshd.c]
4493 only auth-chall.c needs #ifdef SKEY
4494 - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
4495 [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
4496 auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
4497 packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
4498 session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
4499 ssh1.h sshconnect1.c sshd.c ttymodes.c]
4500 move ssh1 definitions to ssh1.h, pathnames to pathnames.h
4501 - markus@cvs.openbsd.org 2001/01/19 16:48:14
4502 [sshd.8]
4503 fix typo; from stevesk@
4504 - markus@cvs.openbsd.org 2001/01/19 16:50:58
4505 [ssh-dss.c]
61e96248 4506 clear and free digest, make consistent with other code (use dlen); from
42f11eb2 4507 stevesk@
4508 - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
4509 [auth-options.c auth-options.h auth-rsa.c auth2.c]
4510 pass the filename to auth_parse_options()
61e96248 4511 - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
42f11eb2 4512 [readconf.c]
4513 fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
4514 - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
4515 [sshconnect2.c]
4516 dh_new_group() does not return NULL. ok markus@
4517 - markus@cvs.openbsd.org 2001/01/20 21:33:42
4518 [ssh-add.c]
61e96248 4519 do not loop forever if askpass does not exist; from
42f11eb2 4520 andrew@pimlott.ne.mediaone.net
4521 - djm@cvs.openbsd.org 2001/01/20 23:00:56
4522 [servconf.c]
4523 Check for NULL return from strdelim; ok markus
4524 - djm@cvs.openbsd.org 2001/01/20 23:02:07
4525 [readconf.c]
4526 KNF; ok markus
4527 - jakob@cvs.openbsd.org 2001/01/21 9:00:33
4528 [ssh-keygen.1]
4529 remove -R flag; ok markus@
4530 - markus@cvs.openbsd.org 2001/01/21 19:05:40
4531 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
4532 auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
4533 auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
4534 bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
4535 cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
4536 deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
4537 key.c key.h log-client.c log-server.c log.c log.h login.c login.h
4538 match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
4539 readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
4540 session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
61e96248 4541 ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
42f11eb2 4542 sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
4543 ttysmodes.c uidswap.c xmalloc.c]
61e96248 4544 split ssh.h and try to cleanup the #include mess. remove unnecessary
42f11eb2 4545 #includes. rename util.[ch] -> misc.[ch]
4546 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
61e96248 4547 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
42f11eb2 4548 conflict when compiling for non-kerb install
4549 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
4550 on 1/19.
4551
6005a40c 455220010120
4553 - (bal) OpenBSD Resync
4554 - markus@cvs.openbsd.org 2001/01/19 12:45:26
4555 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
4556 only auth-chall.c needs #ifdef SKEY
47af6577 4557 - (bal) Slight auth2-pam.c clean up.
4558 - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
4559 but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
6005a40c 4560
922e6493 456120010119
4562 - (djm) Update versions in RPM specfiles
59c97189 4563 - (bal) OpenBSD Resync
4564 - markus@cvs.openbsd.org 2001/01/18 16:20:21
4565 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
4566 sshd.8 sshd.c]
61e96248 4567 log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
59c97189 4568 systems
4569 - markus@cvs.openbsd.org 2001/01/18 16:59:59
4570 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
4571 session.h sshconnect1.c]
4572 1) removes fake skey from sshd, since this will be much
4573 harder with /usr/libexec/auth/login_XXX
4574 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
4575 3) make addition of BSD_AUTH and other challenge reponse methods
4576 easier.
4577 - markus@cvs.openbsd.org 2001/01/18 17:12:43
4578 [auth-chall.c auth2-chall.c]
4579 rename *-skey.c *-chall.c since the files are not skey specific
04fc7a67 4580 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
4581 to fix NULL pointer deref and fake authloop breakage in PAM code.
f4ebf0e8 4582 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
3c418020 4583 - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
61e96248 4584
b5c334cc 458520010118
4586 - (bal) Super Sized OpenBSD Resync
4587 - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
4588 [sshd.c]
4589 maxfd+1
4590 - markus@cvs.openbsd.org 2001/01/13 17:59:18
4591 [ssh-keygen.1]
4592 small ssh-keygen manpage cleanup; stevesk@pobox.com
4593 - markus@cvs.openbsd.org 2001/01/13 18:03:07
4594 [scp.c ssh-keygen.c sshd.c]
4595 getopt() returns -1 not EOF; stevesk@pobox.com
4596 - markus@cvs.openbsd.org 2001/01/13 18:06:54
4597 [ssh-keyscan.c]
4598 use SSH_DEFAULT_PORT; from stevesk@pobox.com
4599 - markus@cvs.openbsd.org 2001/01/13 18:12:47
4600 [ssh-keyscan.c]
4601 free() -> xfree(); fix memory leak; from stevesk@pobox.com
4602 - markus@cvs.openbsd.org 2001/01/13 18:14:13
4603 [ssh-add.c]
4604 typo, from stevesk@sweden.hp.com
4605 - markus@cvs.openbsd.org 2001/01/13 18:32:50
61e96248 4606 [packet.c session.c ssh.c sshconnect.c sshd.c]
b5c334cc 4607 split out keepalive from packet_interactive (from dale@accentre.com)
4608 set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
4609 - markus@cvs.openbsd.org 2001/01/13 18:36:45
4610 [packet.c packet.h]
4611 reorder, typo
4612 - markus@cvs.openbsd.org 2001/01/13 18:38:00
4613 [auth-options.c]
4614 fix comment
4615 - markus@cvs.openbsd.org 2001/01/13 18:43:31
4616 [session.c]
4617 Wall
61e96248 4618 - markus@cvs.openbsd.org 2001/01/13 19:14:08
b5c334cc 4619 [clientloop.h clientloop.c ssh.c]
4620 move callback to headerfile
4621 - markus@cvs.openbsd.org 2001/01/15 21:40:10
4622 [ssh.c]
4623 use log() instead of stderr
4624 - markus@cvs.openbsd.org 2001/01/15 21:43:51
4625 [dh.c]
4626 use error() not stderr!
4627 - markus@cvs.openbsd.org 2001/01/15 21:45:29
4628 [sftp-server.c]
4629 rename must fail if newpath exists, debug off by default
4630 - markus@cvs.openbsd.org 2001/01/15 21:46:38
4631 [sftp-server.c]
4632 readable long listing for sftp-server, ok deraadt@
4633 - markus@cvs.openbsd.org 2001/01/16 19:20:06
4634 [key.c ssh-rsa.c]
61e96248 4635 make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
4636 galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
4637 since they are in the wrong format, too. they must be removed from
b5c334cc 4638 .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
61e96248 4639 (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
4640 .ssh/authorized_keys2) additionally, we now check that
b5c334cc 4641 BN_num_bits(rsa->n) >= 768.
4642 - markus@cvs.openbsd.org 2001/01/16 20:54:27
4643 [sftp-server.c]
4644 remove some statics. simpler handles; idea from nisse@lysator.liu.se
4645 - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
4646 [bufaux.c radix.c sshconnect.h sshconnect1.c]
4647 indent
4648 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
4649 be missing such feature.
4650
61e96248 4651
52ce34a2 465220010117
4653 - (djm) Only write random seed file at exit
717057b6 4654 - (djm) Make PAM support optional, enable with --with-pam
61e96248 4655 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
717057b6 4656 provides a crypt() of its own)
4657 - (djm) Avoid a warning in bsd-bindresvport.c
4658 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
61e96248 4659 can cause weird segfaults errors on Solaris
8694a1ce 4660 - (djm) Avoid warning in PAM code by making read_passphrase arguments const
d748039d 4661 - (djm) Add --with-pam to RPM spec files
52ce34a2 4662
2fd3c144 466320010115
4664 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
89c7e31c 4665 - (bal) utimes() support via utime() interface on machine that lack utimes().
2fd3c144 4666
63b68889 466720010114
4668 - (stevesk) initial work for OpenBSD "support supplementary group in
4669 {Allow,Deny}Groups" patch:
4670 - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
4671 - add bsd-getgrouplist.h
4672 - new files groupaccess.[ch]
4673 - build but don't use yet (need to merge auth.c changes)
c6a69271 4674 - (stevesk) complete:
4675 - markus@cvs.openbsd.org 2001/01/13 11:56:48
4676 [auth.c sshd.8]
4677 support supplementary group in {Allow,Deny}Groups
4678 from stevesk@pobox.com
61e96248 4679
f546c780 468020010112
4681 - (bal) OpenBSD Sync
4682 - markus@cvs.openbsd.org 2001/01/10 22:56:22
4683 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
4684 cleanup sftp-server implementation:
547519f0 4685 add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
4686 parse SSH2_FILEXFER_ATTR_EXTENDED
4687 send SSH2_FX_EOF if readdir returns no more entries
4688 reply to SSH2_FXP_EXTENDED message
4689 use #defines from the draft
4690 move #definations to sftp.h
f546c780 4691 more info:
61e96248 4692 http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
f546c780 4693 - markus@cvs.openbsd.org 2001/01/10 19:43:20
4694 [sshd.c]
4695 XXX - generate_empheral_server_key() is not safe against races,
61e96248 4696 because it calls log()
f546c780 4697 - markus@cvs.openbsd.org 2001/01/09 21:19:50
4698 [packet.c]
4699 allow TCP_NDELAY for ipv6; from netbsd via itojun@
4700
9548d6c8 470120010110
4702 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
4703 Bladt Norbert <Norbert.Bladt@adi.ch>
4704
af972861 470520010109
4706 - (bal) Resync CVS ID of cli.c
4b80e97b 4707 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
4708 code.
eea39c02 4709 - (bal) OpenBSD Sync
4710 - markus@cvs.openbsd.org 2001/01/08 22:29:05
4711 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
4712 sshd_config version.h]
4713 implement option 'Banner /etc/issue.net' for ssh2, move version to
4714 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
4715 is enabled).
4716 - markus@cvs.openbsd.org 2001/01/08 22:03:23
4717 [channels.c ssh-keyscan.c]
4718 O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
4719 - markus@cvs.openbsd.org 2001/01/08 21:55:41
4720 [sshconnect1.c]
4721 more cleanups and fixes from stevesk@pobox.com:
4722 1) try_agent_authentication() for loop will overwrite key just
4723 allocated with key_new(); don't alloc
4724 2) call ssh_close_authentication_connection() before exit
4725 try_agent_authentication()
4726 3) free mem on bad passphrase in try_rsa_authentication()
4727 - markus@cvs.openbsd.org 2001/01/08 21:48:17
4728 [kex.c]
4729 missing free; thanks stevesk@pobox.com
f1c4659d 4730 - (bal) Detect if clock_t structure exists, if not define it.
4731 - (bal) Detect if O_NONBLOCK exists, if not define it.
4732 - (bal) removed news4-posix.h (now empty)
4733 - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
4734 instead of 'int'
adc83ebf 4735 - (stevesk) sshd_config: sync
4f771a33 4736 - (stevesk) defines.h: remove spurious ``;''
af972861 4737
bbcf899f 473820010108
4739 - (bal) Fixed another typo in cli.c
4740 - (bal) OpenBSD Sync
4741 - markus@cvs.openbsd.org 2001/01/07 21:26:55
4742 [cli.c]
4743 typo
4744 - markus@cvs.openbsd.org 2001/01/07 21:26:55
4745 [cli.c]
4746 missing free, stevesk@pobox.com
4747 - markus@cvs.openbsd.org 2001/01/07 19:06:25
4748 [auth1.c]
4749 missing free, stevesk@pobox.com
4750 - markus@cvs.openbsd.org 2001/01/07 11:28:04
4751 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
4752 ssh.h sshd.8 sshd.c]
4753 rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
4754 syslog priority changes:
4755 fatal() LOG_ERR -> LOG_CRIT
4756 log() LOG_INFO -> LOG_NOTICE
b8c37305 4757 - Updated TODO
bbcf899f 4758
9616313f 475920010107
4760 - (bal) OpenBSD Sync
4761 - markus@cvs.openbsd.org 2001/01/06 11:23:27
4762 [ssh-rsa.c]
4763 remove unused
4764 - itojun@cvs.openbsd.org 2001/01/05 08:23:29
4765 [ssh-keyscan.1]
4766 missing .El
4767 - markus@cvs.openbsd.org 2001/01/04 22:41:03
4768 [session.c sshconnect.c]
4769 consistent use of _PATH_BSHELL; from stevesk@pobox.com
4770 - djm@cvs.openbsd.org 2001/01/04 22:35:32
4771 [ssh.1 sshd.8]
4772 Mention AES as available SSH2 Cipher; ok markus
4773 - markus@cvs.openbsd.org 2001/01/04 22:25:58
4774 [sshd.c]
4775 sync usage()/man with defaults; from stevesk@pobox.com
4776 - markus@cvs.openbsd.org 2001/01/04 22:21:26
4777 [sshconnect2.c]
4778 handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
4779 that prints a banner (e.g. /etc/issue.net)
61e96248 4780
1877dc0c 478120010105
4782 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
5a64a938 4783 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
1877dc0c 4784
488c06c8 478520010104
4786 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
4787 work by Chris Vaughan <vaughan99@yahoo.com>
4788
7c49df64 478920010103
4790 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
4791 tree (mainly positioning)
4792 - (bal) OpenSSH CVS Update
4793 - markus@cvs.openbsd.org 2001/01/02 20:41:02
4794 [packet.c]
4795 log remote ip on disconnect; PR 1600 from jcs@rt.fm
4796 - markus@cvs.openbsd.org 2001/01/02 20:50:56
4797 [sshconnect.c]
61e96248 4798 strict_host_key_checking for host_status != HOST_CHANGED &&
7c49df64 4799 ip_status == HOST_CHANGED
61e96248 4800 - (bal) authfile.c: Synced CVS ID tag
2c523de9 4801 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
4802 - (bal) Disable sftp-server if no 64bit int support exists. Based on
4803 patch by Tim Rice <tim@multitalents.net>
4804 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
4805 and sftp-server.8 manpage.
7c49df64 4806
a421e945 480720010102
4808 - (bal) OpenBSD CVS Update
4809 - markus@cvs.openbsd.org 2001/01/01 14:52:49
4810 [scp.c]
4811 use shared fatal(); from stevesk@pobox.com
4812
0efc80a7 481320001231
4814 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
4815 for multiple reasons.
b1335fdf 4816 - (bal) Reverted out of a partial NeXT patch.
0efc80a7 4817
efcae5b1 481820001230
4819 - (bal) OpenBSD CVS Update
4820 - markus@cvs.openbsd.org 2000/12/28 18:58:30
4821 [ssh-keygen.c]
4822 enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
b148018f 4823 - markus@cvs.openbsd.org 2000/12/29 22:19:13
4824 [channels.c]
4825 missing xfree; from vaughan99@yahoo.com
efcae5b1 4826 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
03a14cc9 4827 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
34665bf7 4828 Suggested by Christian Kurz <shorty@debian.org>
cb6dabf4 4829 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
61e96248 4830 don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
cb6dabf4 4831 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
0dd78cd8 4832
483320001229
61e96248 4834 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
34665bf7 4835 Kurz <shorty@debian.org>
8abcdba4 4836 - (bal) OpenBSD CVS Update
4837 - markus@cvs.openbsd.org 2000/12/28 14:25:51
4838 [auth.h auth2.c]
4839 count authentication failures only
4840 - markus@cvs.openbsd.org 2000/12/28 14:25:03
4841 [sshconnect.c]
4842 fingerprint for MITM attacks, too.
4843 - markus@cvs.openbsd.org 2000/12/28 12:03:57
4844 [sshd.8 sshd.c]
4845 document -D
4846 - markus@cvs.openbsd.org 2000/12/27 14:19:21
4847 [serverloop.c]
4848 less chatty
4849 - markus@cvs.openbsd.org 2000/12/27 12:34
4850 [auth1.c sshconnect2.c sshd.c]
4851 typo
4852 - markus@cvs.openbsd.org 2000/12/27 12:30:19
4853 [readconf.c readconf.h ssh.1 sshconnect.c]
4854 new option: HostKeyAlias: allow the user to record the host key
4855 under a different name. This is useful for ssh tunneling over
4856 forwarded connections or if you run multiple sshd's on different
4857 ports on the same machine.
4858 - markus@cvs.openbsd.org 2000/12/27 11:51:53
4859 [ssh.1 ssh.c]
4860 multiple -t force pty allocation, document ORIGINAL_COMMAND
4861 - markus@cvs.openbsd.org 2000/12/27 11:41:31
4862 [sshd.8]
4863 update for ssh-2
c52c7082 4864 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
4865 fix merge.
0dd78cd8 4866
8f523d67 486720001228
4868 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
4869 libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
9fb76616 4870 - (djm) Update to new x11-askpass in RPM spec
0dd78cd8 4871 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
4872 header. Patch by Tim Rice <tim@multitalents.net>
4873 - Updated TODO w/ known HP/UX issue
4874 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
4875 bad reference to 'NeXT including it else were' on the #ifdef version.
8f523d67 4876
b03bd394 487720001227
61e96248 4878 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
b03bd394 4879 Takumi Yamane <yamtak@b-session.com>
4880 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
8f523d67 4881 by Corinna Vinschen <vinschen@redhat.com>
4882 - (djm) Fix catman-do target for non-bash
61e96248 4883 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
8f523d67 4884 Takumi Yamane <yamtak@b-session.com>
4885 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
b03bd394 4886 by Corinna Vinschen <vinschen@redhat.com>
13991f8e 4887 - (djm) Fix catman-do target for non-bash
61e96248 4888 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
4889 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
f318b98b 4890 'RLIMIT_NOFILE'
61e96248 4891 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
4892 the info in COPYING.Ylonen has been moved to the start of each
3bdf55b1 4893 SSH1-derived file and README.Ylonen is well out of date.
b03bd394 4894
8d88011e 489520001223
4896 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
4897 if a change to config.h has occurred. Suggested by Gert Doering
4898 <gert@greenie.muc.de>
4899 - (bal) OpenBSD CVS Update:
4900 - markus@cvs.openbsd.org 2000/12/22 16:49:40
4901 [ssh-keygen.c]
4902 fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
4903
1e3b8b07 490420001222
4905 - Updated RCSID for pty.c
4906 - (bal) OpenBSD CVS Updates:
4907 - markus@cvs.openbsd.org 2000/12/21 15:10:16
4908 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
4909 print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
4910 - markus@cvs.openbsd.org 2000/12/20 19:26:56
4911 [authfile.c]
4912 allow ssh -i userkey for root
4913 - markus@cvs.openbsd.org 2000/12/20 19:37:21
4914 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
4915 fix prototypes; from stevesk@pobox.com
4916 - markus@cvs.openbsd.org 2000/12/20 19:32:08
4917 [sshd.c]
4918 init pointer to NULL; report from Jan.Ivan@cern.ch
4919 - markus@cvs.openbsd.org 2000/12/19 23:17:54
4920 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
4921 auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
4922 bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
4923 crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
4924 key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
4925 packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
4926 serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
4927 ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
4928 uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
4929 replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
4930 unsigned' with u_char.
4931
67b0facb 493220001221
4933 - (stevesk) OpenBSD CVS updates:
4934 - markus@cvs.openbsd.org 2000/12/19 15:43:45
4935 [authfile.c channels.c sftp-server.c ssh-agent.c]
4936 remove() -> unlink() for consistency
4937 - markus@cvs.openbsd.org 2000/12/19 15:48:09
4938 [ssh-keyscan.c]
4939 replace <ssl/x.h> with <openssl/x.h>
4940 - markus@cvs.openbsd.org 2000/12/17 02:33:40
4941 [uidswap.c]
4942 typo; from wsanchez@apple.com
61e96248 4943
adeebd37 494420001220
61e96248 4945 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
adeebd37 4946 and Linux-PAM. Based on report and fix from Andrew Morgan
4947 <morgan@transmeta.com>
4948
f072c47a 494920001218
4950 - (stevesk) rsa.c: entropy.h not needed.
0c2fb82f 4951 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
4952 Suggested by Wilfredo Sanchez <wsanchez@apple.com>
f072c47a 4953
731c1541 495420001216
4955 - (stevesk) OpenBSD CVS updates:
4956 - markus@cvs.openbsd.org 2000/12/16 02:53:57
4957 [scp.c]
4958 allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
4959 - markus@cvs.openbsd.org 2000/12/16 02:39:57
4960 [scp.c]
4961 unused; from stevesk@pobox.com
4962
227e8e86 496320001215
9853409f 4964 - (stevesk) Old OpenBSD patch wasn't completely applied:
4965 - markus@cvs.openbsd.org 2000/01/24 22:11:20
4966 [scp.c]
4967 allow '.' in usernames; from jedgar@fxp.org
227e8e86 4968 - (stevesk) OpenBSD CVS updates:
4969 - markus@cvs.openbsd.org 2000/12/13 16:26:53
4970 [ssh-keyscan.c]
4971 fatal already adds \n; from stevesk@pobox.com
4972 - markus@cvs.openbsd.org 2000/12/13 16:25:44
4973 [ssh-agent.c]
4974 remove redundant spaces; from stevesk@pobox.com
4975 - ho@cvs.openbsd.org 2000/12/12 15:50:21
4976 [pty.c]
4977 When failing to set tty owner and mode on a read-only filesystem, don't
4978 abort if the tty already has correct owner and reasonably sane modes.
4979 Example; permit 'root' to login to a firewall with read-only root fs.
4980 (markus@ ok)
4981 - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
4982 [pty.c]
4983 KNF
6ffc9c88 4984 - markus@cvs.openbsd.org 2000/12/12 14:45:21
4985 [sshd.c]
4986 source port < 1024 is no longer required for rhosts-rsa since it
4987 adds no additional security.
4988 - markus@cvs.openbsd.org 2000/12/12 16:11:49
4989 [ssh.1 ssh.c]
4990 rhosts-rsa is no longer automagically disabled if ssh is not privileged.
4991 UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
4992 these changes should not change the visible default behaviour of the ssh client.
71c0d06a 4993 - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
4994 [scp.c]
4995 when copying 0-sized files, do not re-print ETA time at completion
3e1caa83 4996 - provos@cvs.openbsd.org 2000/12/15 10:30:15
4997 [kex.c kex.h sshconnect2.c sshd.c]
4998 compute diffie-hellman in parallel between server and client. okay markus@
227e8e86 4999
6c935fbd 500020001213
5001 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
5002 from Andreas M. Kirchwitz <amk@krell.zikzak.de>
227e8e86 5003 - (stevesk) OpenBSD CVS update:
1fe6a48f 5004 - markus@cvs.openbsd.org 2000/12/12 15:30:02
5005 [ssh-keyscan.c ssh.c sshd.c]
61e96248 5006 consistently use __progname; from stevesk@pobox.com
6c935fbd 5007
367d1840 500820001211
5009 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
5010 patch to install ssh-keyscan manpage. Patch by Pekka Savola
5011 <pekka@netcore.fi>
e3a70753 5012 - (bal) OpenbSD CVS update
5013 - markus@cvs.openbsd.org 2000/12/10 17:01:53
5014 [sshconnect1.c]
5015 always request new challenge for skey/tis-auth, fixes interop with
5016 other implementations; report from roth@feep.net
367d1840 5017
6b523bae 501820001210
5019 - (bal) OpenBSD CVS updates
61e96248 5020 - markus@cvs.openbsd.org 2000/12/09 13:41:51
6b523bae 5021 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
5022 undo rijndael changes
61e96248 5023 - markus@cvs.openbsd.org 2000/12/09 13:48:31
6b523bae 5024 [rijndael.c]
5025 fix byte order bug w/o introducing new implementation
61e96248 5026 - markus@cvs.openbsd.org 2000/12/09 14:08:27
6b523bae 5027 [sftp-server.c]
5028 "" -> "." for realpath; from vinschen@redhat.com
61e96248 5029 - markus@cvs.openbsd.org 2000/12/09 14:06:54
6b523bae 5030 [ssh-agent.c]
5031 extern int optind; from stevesk@sweden.hp.com
13af0aa2 5032 - provos@cvs.openbsd.org 2000/12/09 23:51:11
5033 [compat.c]
5034 remove unnecessary '\n'
6b523bae 5035
ce9c0b75 503620001209
6b523bae 5037 - (bal) OpenBSD CVS updates:
61e96248 5038 - djm@cvs.openbsd.org 2000/12/07 4:24:59
ce9c0b75 5039 [ssh.1]
5040 Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
5041
f72fc97f 504220001207
6b523bae 5043 - (bal) OpenBSD CVS updates:
61e96248 5044 - markus@cvs.openbsd.org 2000/12/06 22:58:14
f72fc97f 5045 [compat.c compat.h packet.c]
5046 disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
dfe89252 5047 - markus@cvs.openbsd.org 2000/12/06 23:10:39
5048 [rijndael.c]
5049 unexpand(1)
61e96248 5050 - markus@cvs.openbsd.org 2000/12/06 23:05:43
dfe89252 5051 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
5052 new rijndael implementation. fixes endian bugs
f72fc97f 5053
97fb6912 505420001206
6b523bae 5055 - (bal) OpenBSD CVS updates:
97fb6912 5056 - markus@cvs.openbsd.org 2000/12/05 20:34:09
5057 [channels.c channels.h clientloop.c serverloop.c]
5058 async connects for -R/-L; ok deraadt@
5059 - todd@cvs.openssh.org 2000/12/05 16:47:28
5060 [sshd.c]
5061 tweak comment to reflect real location of pid file; ok provos@
bf5f69f7 5062 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
5063 have it (used in ssh-keyscan).
227e8e86 5064 - (stevesk) OpenBSD CVS update:
f20255cb 5065 - markus@cvs.openbsd.org 2000/12/06 19:57:48
5066 [ssh-keyscan.c]
5067 err(3) -> internal error(), from stevesk@sweden.hp.com
97fb6912 5068
f6fdbddf 506920001205
6b523bae 5070 - (bal) OpenBSD CVS updates:
f6fdbddf 5071 - markus@cvs.openbsd.org 2000/12/04 19:24:02
5072 [ssh-keyscan.c ssh-keyscan.1]
5073 David Maziere's ssh-keyscan, ok niels@
5074 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
5075 to the recent OpenBSD source tree.
835d2104 5076 - (stevesk) fix typos in contrib/hpux/README
f6fdbddf 5077
cbc5abf9 507820001204
5079 - (bal) More C functions defined in NeXT that are unaccessable without
61e96248 5080 defining -POSIX.
5081 - (bal) OpenBSD CVS updates:
5082 - markus@cvs.openbsd.org 2000/12/03 11:29:04
cbc5abf9 5083 [compat.c]
5084 remove fallback to SSH_BUG_HMAC now that the drafts are updated
5085 - markus@cvs.openbsd.org 2000/12/03 11:27:55
5086 [compat.c]
61e96248 5087 correctly match "2.1.0.pl2 SSH" etc; from
97fb6912 5088 pekkas@netcore.fi/bugzilla.redhat
cbc5abf9 5089 - markus@cvs.openbsd.org 2000/12/03 11:15:03
5090 [auth2.c compat.c compat.h sshconnect2.c]
5091 support f-secure/ssh.com 2.0.12; ok niels@
5092
0b6fbf03 509320001203
cbc5abf9 5094 - (bal) OpenBSD CVS updates:
0b6fbf03 5095 - markus@cvs.openbsd.org 2000/11/30 22:54:31
5096 [channels.c]
61e96248 5097 debug->warn if tried to do -R style fwd w/o client requesting this;
0b6fbf03 5098 ok neils@
5099 - markus@cvs.openbsd.org 2000/11/29 20:39:17
5100 [cipher.c]
5101 des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
5102 - markus@cvs.openbsd.org 2000/11/30 18:33:05
5103 [ssh-agent.c]
5104 agents must not dump core, ok niels@
61e96248 5105 - markus@cvs.openbsd.org 2000/11/30 07:04:02
0b6fbf03 5106 [ssh.1]
5107 T is for both protocols
5108 - markus@cvs.openbsd.org 2000/12/01 00:00:51
5109 [ssh.1]
5110 typo; from green@FreeBSD.org
5111 - markus@cvs.openbsd.org 2000/11/30 07:02:35
5112 [ssh.c]
5113 check -T before isatty()
5114 - provos@cvs.openbsd.org 2000/11/29 13:51:27
5115 [sshconnect.c]
61e96248 5116 show IP address and hostname when new key is encountered. okay markus@
0b6fbf03 5117 - markus@cvs.openbsd.org 2000/11/30 22:53:35
5118 [sshconnect.c]
5119 disable agent/x11/port fwding if hostkey has changed; ok niels@
5120 - marksu@cvs.openbsd.org 2000/11/29 21:11:59
5121 [sshd.c]
5122 sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
5123 from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
8c9fe09e 5124 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
5125 PAM authentication using KbdInteractive.
5126 - (djm) Added another TODO
0b6fbf03 5127
90f4078a 512820001202
5129 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
61e96248 5130 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
90f4078a 5131 <mstone@cs.loyola.edu>
5132
dcef6523 513320001129
7062c40f 5134 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
5135 if there are background children with open fds.
c193d002 5136 - (djm) bsd-rresvport.c bzero -> memset
61e96248 5137 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
c193d002 5138 still fail during compilation of sftp-server).
5139 - (djm) Fail if ar is not found during configure
c523303b 5140 - (djm) OpenBSD CVS updates:
5141 - provos@cvs.openbsd.org 2000/11/22 08:38:31
5142 [sshd.8]
5143 talk about /etc/primes, okay markus@
5144 - markus@cvs.openbsd.org 2000/11/23 14:03:48
5145 [ssh.c sshconnect1.c sshconnect2.c]
5146 complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
5147 defaults
5148 - markus@cvs.openbsd.org 2000/11/25 09:42:53
5149 [sshconnect1.c]
5150 reorder check for illegal ciphers, bugreport from espie@
5151 - markus@cvs.openbsd.org 2000/11/25 10:19:34
5152 [ssh-keygen.c ssh.h]
5153 print keytype when generating a key.
5154 reasonable defaults for RSA1/RSA/DSA keys.
b3ec54b4 5155 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
5156 more manpage paths in fixpaths calls
5157 - (djm) Also add xauth path at Pekka's suggestion.
57ce3f00 5158 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
dcef6523 5159
e879a080 516020001125
5161 - (djm) Give up privs when reading seed file
5162
d343d900 516320001123
5164 - (bal) Merge OpenBSD changes:
5165 - markus@cvs.openbsd.org 2000/11/15 22:31:36
5166 [auth-options.c]
61e96248 5167 case insensitive key options; from stevesk@sweeden.hp.com
d343d900 5168 - markus@cvs.openbsd.org 2000/11/16 17:55:43
5169 [dh.c]
5170 do not use perror() in sshd, after child is forked()
5171 - markus@cvs.openbsd.org 2000/11/14 23:42:40
5172 [auth-rsa.c]
5173 parse option only if key matches; fix some confusing seen by the client
5174 - markus@cvs.openbsd.org 2000/11/14 23:44:19
5175 [session.c]
5176 check no_agent_forward_flag for ssh-2, too
5177 - markus@cvs.openbsd.org 2000/11/15
5178 [ssh-agent.1]
5179 reorder SYNOPSIS; typo, use .It
5180 - markus@cvs.openbsd.org 2000/11/14 23:48:55
5181 [ssh-agent.c]
5182 do not reorder keys if a key is removed
5183 - markus@cvs.openbsd.org 2000/11/15 19:58:08
5184 [ssh.c]
61e96248 5185 just ignore non existing user keys
d343d900 5186 - millert@cvs.openbsd.org 200/11/15 20:24:43
5187 [ssh-keygen.c]
5188 Add missing \n at end of error message.
5189
0b49a754 519020001122
5191 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
5192 are compilable.
5193 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
5194
fab2e5d3 519520001117
5196 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
5197 has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
61e96248 5198 - (stevesk) Reworked progname support.
260d427b 5199 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
5200 Shinichi Maruyama <marya@st.jip.co.jp>
fab2e5d3 5201
c2207f11 520220001116
5203 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
5204 releases.
5205 - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
5206 <roth@feep.net>
5207
3d398e04 520820001113
61e96248 5209 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
3d398e04 5210 contrib/README
fa08c86b 5211 - (djm) Merge OpenBSD changes:
5212 - markus@cvs.openbsd.org 2000/11/06 16:04:56
5213 [channels.c channels.h clientloop.c nchan.c serverloop.c]
5214 [session.c ssh.c]
5215 agent forwarding and -R for ssh2, based on work from
5216 jhuuskon@messi.uku.fi
5217 - markus@cvs.openbsd.org 2000/11/06 16:13:27
5218 [ssh.c sshconnect.c sshd.c]
5219 do not disabled rhosts(rsa) if server port > 1024; from
5220 pekkas@netcore.fi
5221 - markus@cvs.openbsd.org 2000/11/06 16:16:35
5222 [sshconnect.c]
5223 downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
5224 - markus@cvs.openbsd.org 2000/11/09 18:04:40
5225 [auth1.c]
5226 typo; from mouring@pconline.com
5227 - markus@cvs.openbsd.org 2000/11/12 12:03:28
5228 [ssh-agent.c]
5229 off-by-one when removing a key from the agent
5230 - markus@cvs.openbsd.org 2000/11/12 12:50:39
5231 [auth-rh-rsa.c auth2.c authfd.c authfd.h]
5232 [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
5233 [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
5234 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
5235 [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
61e96248 5236 [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
fa08c86b 5237 add support for RSA to SSH2. please test.
5238 there are now 3 types of keys: RSA1 is used by ssh-1 only,
5239 RSA and DSA are used by SSH2.
5240 you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
5241 keys for SSH2 and use the RSA keys for hostkeys or for user keys.
5242 SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
5243 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
f001465f 5244 - (djm) Change to interim version
5733a41a 5245 - (djm) Fix RPM spec file stupidity
6fff1ac4 5246 - (djm) fixpaths to DSA and RSA keys too
3d398e04 5247
d287c664 524820001112
5249 - (bal) SCO Patch to add needed libraries for configure.in. Patch by
5250 Phillips Porch <root@theporch.com>
3d398e04 5251 - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
5252 <dcp@sgi.com>
a3bf38d0 5253 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
5254 failed ioctl(TIOCSCTTY) call.
d287c664 5255
3c4d4fef 525620001111
5257 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
5258 packaging files
35325fd4 5259 - (djm) Fix new Makefile.in warnings
61e96248 5260 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
5261 promoted to type int. Report and fix from Dan Astoorian
027bf205 5262 <djast@cs.toronto.edu>
61e96248 5263 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
e3291159 5264 it wrong. Report from Bennett Todd <bet@rahul.net>
3c4d4fef 5265
3e366738 526620001110
5267 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
5268 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
5269 - (bal) Added in check to verify S/Key library is being detected in
5270 configure.in
61e96248 5271 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
3e366738 5272 Patch by Mark Miller <markm@swoon.net>
5273 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
61e96248 5274 to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
3e366738 5275 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
5276
373998a4 527720001107
e506ee73 5278 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
5279 Mark Miller <markm@swoon.net>
373998a4 5280 - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
5281 Jarno Huuskonen <jhuuskon@messi.uku.fi>
e506ee73 5282 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
5283 Mark D. Roth <roth@feep.net>
373998a4 5284
ac89998a 528520001106
5286 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
6c09e23c 5287 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
61e96248 5288 - (djm) Remove UPGRADING document in favour of a link to the better
d6846e6a 5289 maintained FAQ on www.openssh.com
73bd30fe 5290 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
5291 <pekkas@netcore.fi>
5292 - (djm) Don't need X11-askpass in RPM spec file if building without it
5293 from Pekka Savola <pekkas@netcore.fi>
c215ba3b 5294 - (djm) Release 2.3.0p1
97b378bf 5295 - (bal) typo in configure.in in regards to --with-ldflags from Marko
5296 Asplund <aspa@kronodoc.fi>
5297 - (bal) fixed next-posix.h. Forgot prototype of getppid().
68f189a9 5298
b850ecd9 529920001105
5300 - (bal) Sync with OpenBSD:
5301 - markus@cvs.openbsd.org 2000/10/31 9:31:58
5302 [compat.c]
5303 handle all old openssh versions
5304 - markus@cvs.openbsd.org 2000/10/31 13:1853
5305 [deattack.c]
5306 so that large packets do not wrap "n"; from netbsd
5307 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
a30ce26d 5308 - (bal) auth2-skey.c - Checked in. Missing from portable tree.
5309 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
5310 setsid() into more common files
96054e6f 5311 - (stevesk) pty.c: use __hpux to identify HP-UX.
d0127657 5312 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
5313 bsd-waitpid.c
b850ecd9 5314
75b90ced 531520001029
5316 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
95273555 5317 - (stevesk) Create contrib/cygwin/ directory; patch from
5318 Corinna Vinschen <vinschen@redhat.com>
e9e4a1c7 5319 - (bal) Resolved more $xno and $xyes issues in configure.in
fd5f0295 5320 - (bal) next-posix.h - spelling and forgot a prototype
75b90ced 5321
344f2b94 532220001028
61e96248 5323 - (djm) fix select hack in serverloop.c from Philippe WILLEM
344f2b94 5324 <Philippe.WILLEM@urssaf.fr>
240ae474 5325 - (djm) Fix mangled AIXAUTHENTICATE code
61e96248 5326 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
606ea390 5327 <markus.friedl@informatik.uni-erlangen.de>
a22aff1f 5328 - (djm) Sync with OpenBSD:
5329 - markus@cvs.openbsd.org 2000/10/16 15:46:32
5330 [ssh.1]
5331 fixes from pekkas@netcore.fi
5332 - markus@cvs.openbsd.org 2000/10/17 14:28:11
5333 [atomicio.c]
5334 return number of characters processed; ok deraadt@
5335 - markus@cvs.openbsd.org 2000/10/18 12:04:02
5336 [atomicio.c]
5337 undo
5338 - markus@cvs.openbsd.org 2000/10/18 12:23:02
5339 [scp.c]
5340 replace atomicio(read,...) with read(); ok deraadt@
5341 - markus@cvs.openbsd.org 2000/10/18 12:42:00
5342 [session.c]
5343 restore old record login behaviour
5344 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
5345 [auth-skey.c]
5346 fmt string problem in unused code
5347 - provos@cvs.openbsd.org 2000/10/19 10:45:16
5348 [sshconnect2.c]
5349 don't reference freed memory. okay deraadt@
5350 - markus@cvs.openbsd.org 2000/10/21 11:04:23
5351 [canohost.c]
5352 typo, eramore@era-t.ericsson.se; ok niels@
5353 - markus@cvs.openbsd.org 2000/10/23 13:31:55
5354 [cipher.c]
5355 non-alignment dependent swap_bytes(); from
5356 simonb@wasabisystems.com/netbsd
5357 - markus@cvs.openbsd.org 2000/10/26 12:38:28
5358 [compat.c]
5359 add older vandyke products
5360 - markus@cvs.openbsd.org 2000/10/27 01:32:19
5361 [channels.c channels.h clientloop.c serverloop.c session.c]
5362 [ssh.c util.c]
61e96248 5363 enable non-blocking IO on channels, and tty's (except for the
a22aff1f 5364 client ttys).
344f2b94 5365
ddc49b5c 536620001027
5367 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
5368
48e7916f 536920001025
5370 - (djm) Added WARNING.RNG file and modified configure to ask users of the
5371 builtin entropy code to read it.
5372 - (djm) Prefer builtin regex to PCRE.
00937921 5373 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
5374 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
5375 <proski@gnu.org>
48e7916f 5376
8dcda1e3 537720001020
5378 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
07bee9a7 5379 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
5380 is more correct then current version.
8dcda1e3 5381
f5af5cd5 538220001018
5383 - (stevesk) Add initial support for setproctitle(). Current
5384 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
134fd7f6 5385 - (stevesk) Add egd startup scripts to contrib/hpux/
f5af5cd5 5386
2f31bdd6 538720001017
5388 - (djm) Add -lregex to cywin libs from Corinna Vinschen
5389 <vinschen@cygnus.com>
ba7a3f40 5390 - (djm) Don't rely on atomicio's retval to determine length of askpass
5391 supplied passphrase. Problem report from Lutz Jaenicke
5392 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
66d6c27e 5393 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
61e96248 5394 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
66d6c27e 5395 <nakaji@tutrp.tut.ac.jp>
2f31bdd6 5396
33de75a3 539720001016
5398 - (djm) Sync with OpenBSD:
5399 - markus@cvs.openbsd.org 2000/10/14 04:01:15
5400 [cipher.c]
5401 debug3
5402 - markus@cvs.openbsd.org 2000/10/14 04:07:23
5403 [scp.c]
5404 remove spaces from arguments; from djm@mindrot.org
5405 - markus@cvs.openbsd.org 2000/10/14 06:09:46
5406 [ssh.1]
5407 Cipher is for SSH-1 only
5408 - markus@cvs.openbsd.org 2000/10/14 06:12:09
5409 [servconf.c servconf.h serverloop.c session.c sshd.8]
5410 AllowTcpForwarding; from naddy@
5411 - markus@cvs.openbsd.org 2000/10/14 06:16:56
5412 [auth2.c compat.c compat.h sshconnect2.c version.h]
61e96248 5413 OpenSSH_2.3; note that is is not complete, but the version number
33de75a3 5414 needs to be changed for interoperability reasons
5415 - markus@cvs.openbsd.org 2000/10/14 06:19:45
5416 [auth-rsa.c]
5417 do not send RSA challenge if key is not allowed by key-options; from
5418 eivind@ThinkSec.com
5419 - markus@cvs.openbsd.org 2000/10/15 08:14:01
5420 [rijndael.c session.c]
5421 typos; from stevesk@sweden.hp.com
5422 - markus@cvs.openbsd.org 2000/10/15 08:18:31
5423 [rijndael.c]
5424 typo
61e96248 5425 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
30d8b039 5426 through diffs
61e96248 5427 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
30d8b039 5428 <pekkas@netcore.fi>
aa0289fe 5429 - (djm) Update version in Redhat spec file
61e96248 5430 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
aa0289fe 5431 Redhat 7.0 spec file
5b2d4b75 5432 - (djm) Make inability to read/write PRNG seedfile non-fatal
5433
33de75a3 5434
4d670c24 543520001015
5436 - (djm) Fix ssh2 hang on background processes at logout.
5437
71dfaf1c 543820001014
443172c4 5439 - (bal) Add support for realpath and getcwd for platforms with broken
5440 or missing realpath implementations for sftp-server.
5441 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
61e96248 5442 - (bal) Add support for GNU rx library for those lacking regexp support
71dfaf1c 5443 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
02323c45 5444 - (djm) Revert SSH2 serverloop hack, will find a better way.
4ee81249 5445 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
5446 from Martin Johansson <fatbob@acc.umu.se>
94ec8c6b 5447 - (djm) Big OpenBSD sync:
5448 - markus@cvs.openbsd.org 2000/09/30 10:27:44
5449 [log.c]
5450 allow loglevel debug
5451 - markus@cvs.openbsd.org 2000/10/03 11:59:57
5452 [packet.c]
5453 hmac->mac
5454 - markus@cvs.openbsd.org 2000/10/03 12:03:03
5455 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
5456 move fake-auth from auth1.c to individual auth methods, disables s/key in
5457 debug-msg
5458 - markus@cvs.openbsd.org 2000/10/03 12:16:48
5459 ssh.c
5460 do not resolve canonname, i have no idea why this was added oin ossh
5461 - markus@cvs.openbsd.org 2000/10/09 15:30:44
5462 ssh-keygen.1 ssh-keygen.c
5463 -X now reads private ssh.com DSA keys, too.
5464 - markus@cvs.openbsd.org 2000/10/09 15:32:34
5465 auth-options.c
5466 clear options on every call.
5467 - markus@cvs.openbsd.org 2000/10/09 15:51:00
5468 authfd.c authfd.h
5469 interop with ssh-agent2, from <res@shore.net>
5470 - markus@cvs.openbsd.org 2000/10/10 14:20:45
5471 compat.c
5472 use rexexp for version string matching
5473 - provos@cvs.openbsd.org 2000/10/10 22:02:18
5474 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
5475 First rough implementation of the diffie-hellman group exchange. The
5476 client can ask the server for bigger groups to perform the diffie-hellman
5477 in, thus increasing the attack complexity when using ciphers with longer
5478 keys. University of Windsor provided network, T the company.
5479 - markus@cvs.openbsd.org 2000/10/11 13:59:52
5480 [auth-rsa.c auth2.c]
5481 clear auth options unless auth sucessfull
5482 - markus@cvs.openbsd.org 2000/10/11 14:00:27
5483 [auth-options.h]
5484 clear auth options unless auth sucessfull
5485 - markus@cvs.openbsd.org 2000/10/11 14:03:27
5486 [scp.1 scp.c]
5487 support 'scp -o' with help from mouring@pconline.com
5488 - markus@cvs.openbsd.org 2000/10/11 14:11:35
5489 [dh.c]
5490 Wall
5491 - markus@cvs.openbsd.org 2000/10/11 14:14:40
5492 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
5493 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
5494 add support for s/key (kbd-interactive) to ssh2, based on work by
5495 mkiernan@avantgo.com and me
5496 - markus@cvs.openbsd.org 2000/10/11 14:27:24
5497 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
5498 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
5499 [sshconnect2.c sshd.c]
5500 new cipher framework
5501 - markus@cvs.openbsd.org 2000/10/11 14:45:21
5502 [cipher.c]
5503 remove DES
5504 - markus@cvs.openbsd.org 2000/10/12 03:59:20
5505 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
5506 enable DES in SSH-1 clients only
5507 - markus@cvs.openbsd.org 2000/10/12 08:21:13
5508 [kex.h packet.c]
5509 remove unused
5510 - markus@cvs.openbsd.org 2000/10/13 12:34:46
5511 [sshd.c]
5512 Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
5513 - markus@cvs.openbsd.org 2000/10/13 12:59:15
5514 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
5515 rijndael/aes support
5516 - markus@cvs.openbsd.org 2000/10/13 13:10:54
5517 [sshd.8]
5518 more info about -V
5519 - markus@cvs.openbsd.org 2000/10/13 13:12:02
5520 [myproposal.h]
5521 prefer no compression
3ed32516 5522 - (djm) Fix scp user@host handling
5523 - (djm) Don't clobber ssh_prng_cmds on install
6bcf7caa 5524 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
5525 u_intXX_t types on all platforms.
9ea53ba5 5526 - (stevesk) rijndael.c: cleanup missing declaration warnings.
2919e060 5527 - (stevesk) ~/.hushlogin shouldn't cause required password change to
5528 be bypassed.
f5665f6f 5529 - (stevesk) Display correct path to ssh-askpass in configure output.
5530 Report from Lutz Jaenicke.
71dfaf1c 5531
ebd782f7 553220001007
5533 - (stevesk) Print PAM return value in PAM log messages to aid
5534 with debugging.
97994d32 5535 - (stevesk) Fix detection of pw_class struct member in configure;
5536 patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
5537
47a134c1 553820001002
5539 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
5540 - (djm) Add host system and CC to end-of-configure report. Suggested by
5541 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
5542
7322ef0e 554320000931
5544 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
5545
6ac7829a 554620000930
b6490dcb 5547 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
61e96248 5548 - (djm) Support in bsd-snprintf.c for long long conversions from
772bd898 5549 Ben Lindstrom <mouring@pconline.com>
5550 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
857040fb 5551 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
61e96248 5552 very short lived X connections. Bug report from Tobias Oetiker
857040fb 5553 <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
bd2d7f6a 5554 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
5555 patch from Pekka Savola <pekkas@netcore.fi>
58665035 5556 - (djm) Forgot to cvs add LICENSE file
dc2901a0 5557 - (djm) Add LICENSE to RPM spec files
de273eef 5558 - (djm) CVS OpenBSD sync:
5559 - markus@cvs.openbsd.org 2000/09/26 13:59:59
5560 [clientloop.c]
5561 use debug2
5562 - markus@cvs.openbsd.org 2000/09/27 15:41:34
5563 [auth2.c sshconnect2.c]
5564 use key_type()
5565 - markus@cvs.openbsd.org 2000/09/28 12:03:18
5566 [channels.c]
5567 debug -> debug2 cleanup
61e96248 5568 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
2a7d529a 5569 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
5570 <Alain.St-Denis@ec.gc.ca>
61e96248 5571 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
5572 Problem was caused by interrupted read in ssh-add. Report from Donald
2a7d529a 5573 J. Barry <don@astro.cornell.edu>
6ac7829a 5574
c5d85828 557520000929
5576 - (djm) Fix SSH2 not terminating until all background tasks done problem.
61e96248 5577 - (djm) Another off-by-one fix from Pavel Kankovsky
5578 <peak@argo.troja.mff.cuni.cz>
22d89d24 5579 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
5580 tidy necessary differences. Use Markus' new debugN() in entropy.c
61e96248 5581 - (djm) Merged big SCO portability patch from Tim Rice
77bb0bca 5582 <tim@multitalents.net>
c5d85828 5583
6fd7f731 558420000926
5585 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
c5ae7384 5586 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
61e96248 5587 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
5588 Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
6fd7f731 5589
2f125ca1 559020000924
5591 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
5592 - (djm) A bit more cleanup - created cygwin_util.h
bcdaaeab 5593 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
5594 <markm@swoon.net>
2f125ca1 5595
764d4113 559620000923
61e96248 5597 - (djm) Fix address logging in utmp from Kevin Steves
764d4113 5598 <stevesk@sweden.hp.com>
777319db 5599 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
bd590612 5600 - (djm) Seperate tests for int64_t and u_int64_t types
61e96248 5601 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
37c1c46d 5602 <stevesk@sweden.hp.com>
e79b44e1 5603 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
61e96248 5604 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
e2144f11 5605 Michael Stone <mstone@cs.loyola.edu>
188adeb2 5606 - (djm) OpenBSD CVS sync:
5607 - markus@cvs.openbsd.org 2000/09/17 09:38:59
5608 [sshconnect2.c sshd.c]
5609 fix DEBUG_KEXDH
5610 - markus@cvs.openbsd.org 2000/09/17 09:52:51
5611 [sshconnect.c]
5612 yes no; ok niels@
5613 - markus@cvs.openbsd.org 2000/09/21 04:55:11
5614 [sshd.8]
5615 typo
5616 - markus@cvs.openbsd.org 2000/09/21 05:03:54
5617 [serverloop.c]
5618 typo
5619 - markus@cvs.openbsd.org 2000/09/21 05:11:42
5620 scp.c
5621 utime() to utimes(); mouring@pconline.com
5622 - markus@cvs.openbsd.org 2000/09/21 05:25:08
5623 sshconnect2.c
5624 change login logic in ssh2, allows plugin of other auth methods
5625 - markus@cvs.openbsd.org 2000/09/21 05:25:35
5626 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
5627 [serverloop.c]
5628 add context to dispatch_run
5629 - markus@cvs.openbsd.org 2000/09/21 05:07:52
5630 authfd.c authfd.h ssh-agent.c
5631 bug compat for old ssh.com software
764d4113 5632
7f377177 563320000920
5634 - (djm) Fix bad path substitution. Report from Andrew Miner
5635 <asminer@cs.iastate.edu>
5636
bcbf86ec 563720000916
61e96248 5638 - (djm) Fix SSL search order from Lutz Jaenicke
7950bf97 5639 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
19ece6d2 5640 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
9cd45ea4 5641 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
995edaac 5642 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
5643 Patch from Larry Jones <larry.jones@sdrc.com>
61e96248 5644 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
ad55cd03 5645 password change patch.
5646 - (djm) Bring licenses on my stuff in line with OpenBSD's
0bbfbdeb 5647 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
5648 Kevin Steves <stevesk@sweden.hp.com>
7f8f5e00 5649 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
5650 - (djm) Re-enable int64_t types - we need them for sftp
5651 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
5652 - (djm) Update Redhat SPEC file accordingly
5653 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
5654 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
61e96248 5655 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
7f8f5e00 5656 <Dirk.DeWachter@rug.ac.be>
61e96248 5657 - (djm) Fixprogs and entropy list fixes from Larry Jones
7f8f5e00 5658 <larry.jones@sdrc.com>
5659 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
5660 <tyoshida@gemini.rc.kyushu-u.ac.jp>
bcbf86ec 5661 - (djm) Merge OpenBSD changes:
5662 - markus@cvs.openbsd.org 2000/09/05 02:59:57
5663 [session.c]
5664 print hostname (not hushlogin)
5665 - markus@cvs.openbsd.org 2000/09/05 13:18:48
5666 [authfile.c ssh-add.c]
5667 enable ssh-add -d for DSA keys
5668 - markus@cvs.openbsd.org 2000/09/05 13:20:49
5669 [sftp-server.c]
5670 cleanup
5671 - markus@cvs.openbsd.org 2000/09/06 03:46:41
5672 [authfile.h]
5673 prototype
5674 - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
5675 [ALL]
61e96248 5676 cleanup copyright notices on all files. I have attempted to be
5677 accurate with the details. everything is now under Tatu's licence
5678 (which I copied from his readme), and/or the core-sdi bsd-ish thing
5679 for deattack, or various openbsd developers under a 2-term bsd
bcbf86ec 5680 licence. We're not changing any rules, just being accurate.
5681 - markus@cvs.openbsd.org 2000/09/07 14:40:30
5682 [channels.c channels.h clientloop.c serverloop.c ssh.c]
5683 cleanup window and packet sizes for ssh2 flow control; ok niels
5684 - markus@cvs.openbsd.org 2000/09/07 14:53:00
5685 [scp.c]
5686 typo
5687 - markus@cvs.openbsd.org 2000/09/07 15:13:37
5688 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
5689 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
5690 [pty.c readconf.c]
5691 some more Copyright fixes
5692 - markus@cvs.openbsd.org 2000/09/08 03:02:51
5693 [README.openssh2]
5694 bye bye
5695 - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
5696 [LICENCE cipher.c]
5697 a few more comments about it being ARC4 not RC4
5698 - markus@cvs.openbsd.org 2000/09/12 14:53:11
5699 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
5700 multiple debug levels
5701 - markus@cvs.openbsd.org 2000/09/14 14:25:15
5702 [clientloop.c]
5703 typo
5704 - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
5705 [ssh-agent.c]
5706 check return value for setenv(3) for failure, and deal appropriately
5707
deb8d717 570820000913
5709 - (djm) Fix server not exiting with jobs in background.
5710
b5e300c2 571120000905
5712 - (djm) Import OpenBSD CVS changes
5713 - markus@cvs.openbsd.org 2000/08/31 15:52:24
5714 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
5715 implement a SFTP server. interops with sftp2, scp2 and the windows
5716 client from ssh.com
5717 - markus@cvs.openbsd.org 2000/08/31 15:56:03
5718 [README.openssh2]
5719 sync
5720 - markus@cvs.openbsd.org 2000/08/31 16:05:42
5721 [session.c]
5722 Wall
5723 - markus@cvs.openbsd.org 2000/08/31 16:09:34
5724 [authfd.c ssh-agent.c]
5725 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
5726 - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
5727 [scp.1 scp.c]
5728 cleanup and fix -S support; stevesk@sweden.hp.com
5729 - markus@cvs.openbsd.org 2000/09/01 16:29:32
5730 [sftp-server.c]
5731 portability fixes
5732 - markus@cvs.openbsd.org 2000/09/01 16:32:41
5733 [sftp-server.c]
5734 fix cast; mouring@pconline.com
5735 - itojun@cvs.openbsd.org 2000/09/03 09:23:28
5736 [ssh-add.1 ssh.1]
5737 add missing .El against .Bl.
5738 - markus@cvs.openbsd.org 2000/09/04 13:03:41
5739 [session.c]
5740 missing close; ok theo
5741 - markus@cvs.openbsd.org 2000/09/04 13:07:21
5742 [session.c]
5743 fix get_last_login_time order; from andre@van-veen.de
5744 - markus@cvs.openbsd.org 2000/09/04 13:10:09
5745 [sftp-server.c]
5746 more cast fixes; from mouring@pconline.com
5747 - markus@cvs.openbsd.org 2000/09/04 13:06:04
5748 [session.c]
5749 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
5750 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
3c62e7eb 5751 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
5752
1e61f54a 575320000903
5754 - (djm) Fix Redhat init script
5755
c80876b4 575620000901
5757 - (djm) Pick up Jim's new X11-askpass
5758 - (djm) Release 2.2.0p1
5759
8b4a0d08 576020000831
bcbf86ec 5761 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
8b4a0d08 5762 <acox@cv.telegroup.com>
b817711d 5763 - (djm) Pick up new version (2.2.0) from OpenBSD CVS
8b4a0d08 5764
0b65b628 576520000830
5766 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
10fa00c8 5767 - (djm) Periodically rekey arc4random
5768 - (djm) Clean up diff against OpenBSD.
bcbf86ec 5769 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
2b10f47a 5770 <stevesk@sweden.hp.com>
b33a2e6e 5771 - (djm) Quieten the pam delete credentials error message
44839801 5772 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
5773 Kevin Steves <stevesk@sweden.hp.com>
84a770d1 5774 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
7efa2776 5775 - (djm) Fix doh in bsd-arc4random.c
0b65b628 5776
9aaf9be4 577720000829
bcbf86ec 5778 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
5779 Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
9aaf9be4 5780 Garrick James <garrick@james.net>
b5f90139 5781 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
5782 Bastian Trompetter <btrompetter@firemail.de>
698d107e 5783 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
14a9a859 5784 - More OpenBSD updates:
5785 - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
5786 [scp.c]
5787 off_t in sink, to fix files > 2GB, i think, test is still running ;-)
5788 - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
5789 [session.c]
5790 Wall
5791 - markus@cvs.openbsd.org 2000/08/26 04:33:43
5792 [compat.c]
5793 ssh.com-2.3.0
5794 - markus@cvs.openbsd.org 2000/08/27 12:18:05
5795 [compat.c]
5796 compatibility with future ssh.com versions
5797 - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
5798 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
5799 print uid/gid as unsigned
5800 - markus@cvs.openbsd.org 2000/08/28 13:51:00
5801 [ssh.c]
5802 enable -n and -f for ssh2
5803 - markus@cvs.openbsd.org 2000/08/28 14:19:53
5804 [ssh.c]
5805 allow combination of -N and -f
5806 - markus@cvs.openbsd.org 2000/08/28 14:20:56
5807 [util.c]
5808 util.c
5809 - markus@cvs.openbsd.org 2000/08/28 14:22:02
5810 [util.c]
5811 undo
5812 - markus@cvs.openbsd.org 2000/08/28 14:23:38
5813 [util.c]
5814 don't complain if setting NONBLOCK fails with ENODEV
9aaf9be4 5815
137d7b6c 581620000823
5817 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
bcbf86ec 5818 Avoids "scp never exits" problem. Reports from Lutz Jaenicke
5819 <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
137d7b6c 5820 <kajiyama@grad.sccs.chukyo-u.ac.jp>
2e73a022 5821 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
da40ab4d 5822 - (djm) Add local version to version.h
ea788c22 5823 - (djm) Don't reseed arc4random everytime it is used
2e73a022 5824 - (djm) OpenBSD CVS updates:
5825 - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
5826 [ssh.c]
5827 accept remsh as a valid name as well; roman@buildpoint.com
5828 - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
5829 [deattack.c crc32.c packet.c]
5830 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
5831 libz crc32 function yet, because it has ugly "long"'s in it;
5832 oneill@cs.sfu.ca
5833 - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
5834 [scp.1 scp.c]
5835 -S prog support; tv@debian.org
5836 - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
5837 [scp.c]
5838 knf
5839 - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
5840 [log-client.c]
5841 shorten
5842 - markus@cvs.openbsd.org 2000/08/19 12:48:11
5843 [channels.c channels.h clientloop.c ssh.c ssh.h]
5844 support for ~. in ssh2
5845 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
5846 [crc32.h]
5847 proper prototype
5848 - markus@cvs.openbsd.org 2000/08/19 15:34:44
bcbf86ec 5849 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
5850 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
2e73a022 5851 [fingerprint.c fingerprint.h]
5852 add SSH2/DSA support to the agent and some other DSA related cleanups.
5853 (note that we cannot talk to ssh.com's ssh2 agents)
5854 - markus@cvs.openbsd.org 2000/08/19 15:55:52
5855 [channels.c channels.h clientloop.c]
5856 more ~ support for ssh2
5857 - markus@cvs.openbsd.org 2000/08/19 16:21:19
5858 [clientloop.c]
5859 oops
5860 - millert@cvs.openbsd.org 2000/08/20 12:25:53
5861 [session.c]
5862 We have to stash the result of get_remote_name_or_ip() before we
5863 close our socket or getpeername() will get EBADF and the process
5864 will exit. Only a problem for "UseLogin yes".
5865 - millert@cvs.openbsd.org 2000/08/20 12:30:59
5866 [session.c]
5867 Only check /etc/nologin if "UseLogin no" since login(1) may have its
5868 own policy on determining who is allowed to login when /etc/nologin
5869 is present. Also use the _PATH_NOLOGIN define.
5870 - millert@cvs.openbsd.org 2000/08/20 12:42:43
5871 [auth1.c auth2.c session.c ssh.c]
5872 Add calls to setusercontext() and login_get*(). We basically call
5873 setusercontext() in most places where previously we did a setlogin().
5874 Add default login.conf file and put root in the "daemon" login class.
5875 - millert@cvs.openbsd.org 2000/08/21 10:23:31
5876 [session.c]
5877 Fix incorrect PATH setting; noted by Markus.
137d7b6c 5878
c345cf9d 587920000818
5880 - (djm) OpenBSD CVS changes:
5881 - markus@cvs.openbsd.org 2000/07/22 03:14:37
5882 [servconf.c servconf.h sshd.8 sshd.c sshd_config]
5883 random early drop; ok theo, niels
5884 - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
5885 [ssh.1]
5886 typo
5887 - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
5888 [sshd.8]
5889 many fixes from pepper@mail.reppep.com
5890 - provos@cvs.openbsd.org 2000/08/01 13:01:42
5891 [Makefile.in util.c aux.c]
5892 rename aux.c to util.c to help with cygwin port
5893 - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
5894 [authfd.c]
5895 correct sun_len; Alexander@Leidinger.net
5896 - provos@cvs.openbsd.org 2000/08/02 10:27:17
5897 [readconf.c sshd.8]
5898 disable kerberos authentication by default
5899 - provos@cvs.openbsd.org 2000/08/02 11:27:05
5900 [sshd.8 readconf.c auth-krb4.c]
5901 disallow kerberos authentication if we can't verify the TGT; from
5902 dugsong@
5903 kerberos authentication is on by default only if you have a srvtab.
5904 - markus@cvs.openbsd.org 2000/08/04 14:30:07
5905 [auth.c]
5906 unused
5907 - markus@cvs.openbsd.org 2000/08/04 14:30:35
5908 [sshd_config]
5909 MaxStartups
5910 - markus@cvs.openbsd.org 2000/08/15 13:20:46
5911 [authfd.c]
5912 cleanup; ok niels@
5913 - markus@cvs.openbsd.org 2000/08/17 14:05:10
5914 [session.c]
5915 cleanup login(1)-like jobs, no duplicate utmp entries
5916 - markus@cvs.openbsd.org 2000/08/17 14:06:34
5917 [session.c sshd.8 sshd.c]
5918 sshd -u len, similar to telnetd
1a022229 5919 - (djm) Lastlog was not getting closed after writing login entry
39987cc0 5920 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
c345cf9d 5921
416ed5a7 592220000816
5923 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
bcbf86ec 5924 - (djm) Fix strerror replacement for old SunOS. Based on patch from
416ed5a7 5925 Charles Levert <charles@comm.polymtl.ca>
bcbf86ec 5926 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
416ed5a7 5927 implementation.
ba606eb2 5928 - (djm) SUN_LEN macro for systems which lack it
416ed5a7 5929
dbaa2e87 593020000815
5931 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
cd352c82 5932 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
5933 Michael Stone <mstone@cs.loyola.edu>
d93a7e5a 5934 - (djm) Don't seek in directory based lastlogs
bcbf86ec 5935 - (djm) Fix --with-ipaddr-display configure option test. Patch from
d93a7e5a 5936 Jarno Huuskonen <jhuuskon@messi.uku.fi>
2a2cb9e7 5937 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
dbaa2e87 5938
6c33bf70 593920000813
5940 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
5941 Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
5942
3fcce26c 594320000809
bcbf86ec 5944 - (djm) Define AIX hard limits if headers don't. Report from
3fcce26c 5945 Bill Painter <william.t.painter@lmco.com>
bcbf86ec 5946 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
32eec038 5947 <charles@comm.polymtl.ca>
3fcce26c 5948
71d43804 594920000808
5950 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
5951 time, spec file cleanup.
5952
f9bcea07 595320000807
378f2232 5954 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
47670e77 5955 - (djm) Suppress error messages on channel close shutdown() failurs
5956 works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
378f2232 5957 - (djm) Add some more entropy collection commands from Lutz Jaenicke
f9bcea07 5958
bcf89935 595920000725
5960 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
5961
4c8722d9 596220000721
5963 - (djm) OpenBSD CVS updates:
5964 - markus@cvs.openbsd.org 2000/07/16 02:27:22
5965 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
5966 [sshconnect1.c sshconnect2.c]
5967 make ssh-add accept dsa keys (the agent does not)
5968 - djm@cvs.openbsd.org 2000/07/17 19:25:02
5969 [sshd.c]
5970 Another closing of stdin; ok deraadt
5971 - markus@cvs.openbsd.org 2000/07/19 18:33:12
5972 [dsa.c]
5973 missing free, reorder
5974 - markus@cvs.openbsd.org 2000/07/20 16:23:14
5975 [ssh-keygen.1]
5976 document input and output files
5977
240777b8 597820000720
4c8722d9 5979 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
240777b8 5980
3c7def32 598120000716
4c8722d9 5982 - (djm) Release 2.1.1p4
3c7def32 5983
819b676f 598420000715
704b1659 5985 - (djm) OpenBSD CVS updates
5986 - provos@cvs.openbsd.org 2000/07/13 16:53:22
5987 [aux.c readconf.c servconf.c ssh.h]
5988 allow multiple whitespace but only one '=' between tokens, bug report from
5989 Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
5990 - provos@cvs.openbsd.org 2000/07/13 17:14:09
5991 [clientloop.c]
5992 typo; todd@fries.net
5993 - provos@cvs.openbsd.org 2000/07/13 17:19:31
5994 [scp.c]
5995 close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
5996 - markus@cvs.openbsd.org 2000/07/14 16:59:46
5997 [readconf.c servconf.c]
5998 allow leading whitespace. ok niels
5999 - djm@cvs.openbsd.org 2000/07/14 22:01:38
6000 [ssh-keygen.c ssh.c]
6001 Always create ~/.ssh with mode 700; ok Markus
819b676f 6002 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
6003 - Include floatingpoint.h for entropy.c
6004 - strerror replacement
704b1659 6005
3f7a7e4a 600620000712
c37fb3c1 6007 - (djm) Remove -lresolve for Reliant Unix
3f7a7e4a 6008 - (djm) OpenBSD CVS Updates:
6009 - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
6010 [session.c sshd.c ]
6011 make MaxStartups code still work with -d; djm
6012 - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
6013 [readconf.c ssh_config]
6014 disable FallBackToRsh by default
c37fb3c1 6015 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
6016 Ben Lindstrom <mouring@pconline.com>
1e970014 6017 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
6018 spec file.
dcb36e5d 6019 - (djm) Released 2.1.1p3
3f7a7e4a 6020
56118702 602120000711
6022 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
6023 <tbert@abac.com>
132dd316 6024 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
bcbf86ec 6025 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
c99e5056 6026 <mouring@pconline.com>
bcbf86ec 6027 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
dc2a6d09 6028 from Jim Watt <jimw@peisj.pebio.com>
2d9a148e 6029 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
6030 to compile on more platforms (incl NeXT).
cc6f2c4c 6031 - (djm) Added bsd-inet_aton and configure support for NeXT
aae19451 6032 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
089fbbd2 6033 - (djm) OpenBSD CVS updates:
6034 - markus@cvs.openbsd.org 2000/06/26 03:22:29
6035 [authfd.c]
6036 cleanup, less cut&paste
6037 - markus@cvs.openbsd.org 2000/06/26 15:59:19
6038 [servconf.c servconf.h session.c sshd.8 sshd.c]
bcbf86ec 6039 MaxStartups: limit number of unauthenticated connections, work by
089fbbd2 6040 theo and me
6041 - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
6042 [session.c]
6043 use no_x11_forwarding_flag correctly; provos ok
6044 - provos@cvs.openbsd.org 2000/07/05 15:35:57
6045 [sshd.c]
6046 typo
6047 - aaron@cvs.openbsd.org 2000/07/05 22:06:58
6048 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
bcbf86ec 6049 Insert more missing .El directives. Our troff really should identify
089fbbd2 6050 these and spit out a warning.
6051 - todd@cvs.openbsd.org 2000/07/06 21:55:04
6052 [auth-rsa.c auth2.c ssh-keygen.c]
6053 clean code is good code
6054 - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
6055 [serverloop.c]
6056 sense of port forwarding flag test was backwards
6057 - provos@cvs.openbsd.org 2000/07/08 17:17:31
6058 [compat.c readconf.c]
6059 replace strtok with strsep; from David Young <dyoung@onthejob.net>
6060 - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
6061 [auth.h]
6062 KNF
6063 - ho@cvs.openbsd.org 2000/07/08 19:27:33
6064 [compat.c readconf.c]
6065 Better conditions for strsep() ending.
6066 - ho@cvs.openbsd.org 2000/07/10 10:27:05
6067 [readconf.c]
6068 Get the correct message on errors. (niels@ ok)
6069 - ho@cvs.openbsd.org 2000/07/10 10:30:25
6070 [cipher.c kex.c servconf.c]
6071 strtok() --> strsep(). (niels@ ok)
5540ea9b 6072 - (djm) Fix problem with debug mode and MaxStartups
eb37534b 6073 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
6074 builds)
229f64ee 6075 - (djm) Add strsep function from OpenBSD libc for systems that lack it
56118702 6076
a8545c6c 607720000709
6078 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
6079 Kevin Steves <stevesk@sweden.hp.com>
ec90a7d6 6080 - (djm) Match prototype and function declaration for rresvport_af.
6081 Problem report from Niklas Edmundsson <nikke@ing.umu.se>
bcbf86ec 6082 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
732e8ac5 6083 builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
37f1df94 6084 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
6085 <jimw@peisj.pebio.com>
264dce47 6086 - (djm) Fix pam sprintf fix
6087 - (djm) Cleanup entropy collection code a little more. Split initialisation
6088 from seeding, perform intialisation immediatly at start, be careful with
6089 uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
5bf9cfe9 6090 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
6091 Including sigaction() et al. replacements
bcbf86ec 6092 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
eeec075f 6093 <tbert@abac.com>
a8545c6c 6094
e2902a5b 609520000708
bcbf86ec 6096 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
e2902a5b 6097 Aaron Hopkins <aaron@die.net>
7a33f831 6098 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
6099 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 6100 - (djm) Fixed undefined variables for OSF SIA. Report from
b3f162ba 6101 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
bcbf86ec 6102 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
b28e4a3b 6103 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
bcbf86ec 6104 - (djm) Don't use inet_addr.
e2902a5b 6105
5637650d 610620000702
6107 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
27494968 6108 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
6109 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
a4070484 6110 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
6111 Chris, the Young One <cky@pobox.com>
bcbf86ec 6112 - (djm) Fix scp progress meter on really wide terminals. Based on patch
88726b31 6113 from James H. Cloos Jr. <cloos@jhcloos.com>
5637650d 6114
388e9f9f 611520000701
6116 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
daaff4d5 6117 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
82258d68 6118 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
6119 <vinschen@cygnus.com>
30228d7c 6120 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
2647ae26 6121 - (djm) Added check for broken snprintf() functions which do not correctly
6122 terminate output string and attempt to use replacement.
46158300 6123 - (djm) Released 2.1.1p2
388e9f9f 6124
9f32ceb4 612520000628
6126 - (djm) Fixes to lastlog code for Irix
6127 - (djm) Use atomicio in loginrec
3206bb3b 6128 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
6129 Irix 6.x array sessions, project id's, and system audit trail id.
9e0c3e1f 6130 - (djm) Added 'distprep' make target to simplify packaging
bcbf86ec 6131 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
4d33e531 6132 support. Enable using "USE_SIA=1 ./configure [options]"
61e96248 6133
d8caae24 613420000627
6135 - (djm) Fixes to login code - not setting li->uid, cleanups
a05a70ab 6136 - (djm) Formatting
d8caae24 6137
fe30cc2e 613820000626
3e98362e 6139 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
4cb5ffa0 6140 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
6141 - (djm) Added password expiry checking (no password change support)
be0b9bb7 6142 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
6143 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
b5b3f75d 6144 - (djm) Fix fixed EGD code.
3e98362e 6145 - OpenBSD CVS update
6146 - provos@cvs.openbsd.org 2000/06/25 14:17:58
6147 [channels.c]
6148 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
6149
1c04b088 615020000623
bcbf86ec 6151 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
1c04b088 6152 Svante Signell <svante.signell@telia.com>
6153 - (djm) Autoconf logic to define sa_family_t if it is missing
e5a0294f 6154 - OpenBSD CVS Updates:
6155 - markus@cvs.openbsd.org 2000/06/22 10:32:27
6156 [sshd.c]
6157 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
6158 - djm@cvs.openbsd.org 2000/06/22 17:55:00
6159 [auth-krb4.c key.c radix.c uuencode.c]
6160 Missing CVS idents; ok markus
1c04b088 6161
f528fdf2 616220000622
6163 - (djm) Automatically generate host key during "make install". Suggested
6164 by Gary E. Miller <gem@rellim.com>
6165 - (djm) Paranoia before kill() system call
74fc9186 6166 - OpenBSD CVS Updates:
6167 - markus@cvs.openbsd.org 2000/06/18 18:50:11
6168 [auth2.c compat.c compat.h sshconnect2.c]
6169 make userauth+pubkey interop with ssh.com-2.2.0
6170 - markus@cvs.openbsd.org 2000/06/18 20:56:17
6171 [dsa.c]
6172 mem leak + be more paranoid in dsa_verify.
6173 - markus@cvs.openbsd.org 2000/06/18 21:29:50
6174 [key.c]
6175 cleanup fingerprinting, less hardcoded sizes
6176 - markus@cvs.openbsd.org 2000/06/19 19:39:45
6177 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
6178 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
bcbf86ec 6179 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
74fc9186 6180 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
6181 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
bcbf86ec 6182 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
6183 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
74fc9186 6184 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
6185 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
6186 OpenBSD tag
6187 - markus@cvs.openbsd.org 2000/06/21 10:46:10
6188 sshconnect2.c missing free; nuke old comment
f528fdf2 6189
e5fe9a1f 619020000620
6191 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
986a22ec 6192 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
e5fe9a1f 6193 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
c03aced4 6194 - (djm) Typo in loginrec.c
e5fe9a1f 6195
cbd7492e 619620000618
6197 - (djm) Add summary of configure options to end of ./configure run
bcbf86ec 6198 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
cbd7492e 6199 Michael Stone <mstone@cs.loyola.edu>
bcbf86ec 6200 - (djm) rusage is a privileged operation on some Unices (incl.
cbd7492e 6201 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
bcbf86ec 6202 - (djm) Avoid PAM failures when running without a TTY. Report from
cbd7492e 6203 Martin Petrak <petrak@spsknm.schools.sk>
6204 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
6205 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
729bfe59 6206 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
38c295d6 6207 - OpenBSD CVS updates:
6208 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
6209 [channels.c]
6210 everyone says "nix it" (remove protocol 2 debugging message)
6211 - markus@cvs.openbsd.org 2000/06/17 13:24:34
6212 [sshconnect.c]
6213 allow extended server banners
6214 - markus@cvs.openbsd.org 2000/06/17 14:30:10
6215 [sshconnect.c]
6216 missing atomicio, typo
6217 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
6218 [servconf.c servconf.h session.c sshd.8 sshd_config]
6219 add support for ssh v2 subsystems. ok markus@.
6220 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
6221 [readconf.c servconf.c]
6222 include = in WHITESPACE; markus ok
6223 - markus@cvs.openbsd.org 2000/06/17 19:09:10
6224 [auth2.c]
6225 implement bug compatibility with ssh-2.0.13 pubkey, server side
6226 - markus@cvs.openbsd.org 2000/06/17 21:00:28
6227 [compat.c]
6228 initial support for ssh.com's 2.2.0
6229 - markus@cvs.openbsd.org 2000/06/17 21:16:09
6230 [scp.c]
6231 typo
6232 - markus@cvs.openbsd.org 2000/06/17 22:05:02
6233 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
6234 split auth-rsa option parsing into auth-options
6235 add options support to authorized_keys2
6236 - markus@cvs.openbsd.org 2000/06/17 22:42:54
6237 [session.c]
6238 typo
cbd7492e 6239
509b1f88 624020000613
6241 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
6242 - Platform define for SCO 3.x which breaks on /dev/ptmx
6243 - Detect and try to fix missing MAXPATHLEN
a4d05724 6244 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
6245 <P.S.S.Camp@ukc.ac.uk>
509b1f88 6246
09564242 624720000612
6248 - (djm) Glob manpages in RPM spec files to catch compressed files
6249 - (djm) Full license in auth-pam.c
08ae384f 6250 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
383207f7 6251 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
6252 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
6253 def'd
6254 - Set AIX to use preformatted manpages
61e96248 6255
74b224a0 625620000610
6257 - (djm) Minor doc tweaks
217ab55e 6258 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
74b224a0 6259
32c80420 626020000609
6261 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
6262 (in favour of utmpx) on Solaris 8
6263
fa649821 626420000606
48c99b2c 6265 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
6266 list of commands (by default). Removed verbose debugging (by default).
bcbf86ec 6267 - (djm) Increased command entropy estimates and default entropy collection
48c99b2c 6268 timeout
f988dce5 6269 - (djm) Remove duplicate headers from loginrec.c
c5fa2eb0 6270 - (djm) Don't add /usr/local/lib to library search path on Irix
bcbf86ec 6271 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
fa649821 6272 <tibbs@math.uh.edu>
1e83f2a2 6273 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
6274 <zack@wolery.cumb.org>
fa649821 6275 - (djm) OpenBSD CVS updates:
6276 - todd@cvs.openbsd.org
6277 [sshconnect2.c]
6278 teach protocol v2 to count login failures properly and also enable an
6279 explanation of why the password prompt comes up again like v1; this is NOT
6280 crypto
61e96248 6281 - markus@cvs.openbsd.org
fa649821 6282 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
6283 xauth_location support; pr 1234
6284 [readconf.c sshconnect2.c]
6285 typo, unused
6286 [session.c]
6287 allow use_login only for login sessions, otherwise remote commands are
6288 execed with uid==0
6289 [sshd.8]
6290 document UseLogin better
6291 [version.h]
6292 OpenSSH 2.1.1
6293 [auth-rsa.c]
bcbf86ec 6294 fix match_hostname() logic for auth-rsa: deny access if we have a
fa649821 6295 negative match or no match at all
6296 [channels.c hostfile.c match.c]
bcbf86ec 6297 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
fa649821 6298 kris@FreeBSD.org
6299
8e7b16f8 630020000606
bcbf86ec 6301 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
8e7b16f8 6302 configure.
6303
d7c0f3d5 630420000604
6305 - Configure tweaking for new login code on Irix 5.3
2d6c411f 6306 - (andre) login code changes based on djm feedback
d7c0f3d5 6307
2d6c411f 630820000603
6309 - (andre) New login code
6310 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
6311 - Add loginrec.[ch], logintest.c and autoconf code
61e96248 6312
5daf7064 631320000531
6314 - Cleanup of auth.c, login.c and fake-*
6315 - Cleanup of auth-pam.c, save and print "account expired" error messages
e5662474 6316 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
69134b9b 6317 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
6318 of fallback DIY code.
5daf7064 6319
b9f446d1 632020000530
6321 - Define atexit for old Solaris
b02ebca1 6322 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
6323 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
71276795 6324 - OpenBSD CVS updates:
6325 - markus@cvs.openbsd.org
6326 [session.c]
6327 make x11-fwd work w/ localhost (xauth add host/unix:11)
6328 [cipher.c compat.c readconf.c servconf.c]
6329 check strtok() != NULL; ok niels@
6330 [key.c]
6331 fix key_read() for uuencoded keys w/o '='
6332 [serverloop.c]
6333 group ssh1 vs. ssh2 in serverloop
6334 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
6335 split kexinit/kexdh, factor out common code
6336 [readconf.c ssh.1 ssh.c]
6337 forwardagent defaults to no, add ssh -A
6338 - theo@cvs.openbsd.org
6339 [session.c]
6340 just some line shortening
60688ef9 6341 - Released 2.1.0p3
b9f446d1 6342
29611d9c 634320000520
6344 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
25422c70 6345 - Don't touch utmp if USE_UTMPX defined
a423beaf 6346 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
fc1e8bf4 6347 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
bcbf86ec 6348 - HPUX and Configure fixes from Lutz Jaenicke
fc1e8bf4 6349 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
bcbf86ec 6350 - Use mkinstalldirs script to make directories instead of non-portable
fc1e8bf4 6351 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
a905808d 6352 - Doc cleanup
29611d9c 6353
301e9b01 635420000518
6355 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
6356 - OpenBSD CVS updates:
6357 - markus@cvs.openbsd.org
6358 [sshconnect.c]
6359 copy only ai_addrlen bytes; misiek@pld.org.pl
6360 [auth.c]
bcbf86ec 6361 accept an empty shell in authentication; bug reported by
301e9b01 6362 chris@tinker.ucr.edu
6363 [serverloop.c]
6364 we don't have stderr for interactive terminal sessions (fcntl errors)
6365
ad85db64 636620000517
6367 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
6368 - Fixes command line printing segfaults (spotter: Bladt Norbert)
6369 - Fixes erroneous printing of debug messages to syslog
6370 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
6371 - Gives useful error message if PRNG initialisation fails
6372 - Reduced ssh startup delay
6373 - Measures cumulative command time rather than the time between reads
704b1659 6374 after select()
ad85db64 6375 - 'fixprogs' perl script to eliminate non-working entropy commands, and
704b1659 6376 optionally run 'ent' to measure command entropy
c1ef8333 6377 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
a64009ad 6378 - Avoid WCOREDUMP complation errors for systems that lack it
bcbf86ec 6379 - Avoid SIGCHLD warnings from entropy commands
28c1d5ce 6380 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
0e73cc53 6381 - OpenBSD CVS update:
bcbf86ec 6382 - markus@cvs.openbsd.org
0e73cc53 6383 [ssh.c]
6384 fix usage()
6385 [ssh2.h]
6386 draft-ietf-secsh-architecture-05.txt
6387 [ssh.1]
6388 document ssh -T -N (ssh2 only)
6389 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
6390 enable nonblocking IO for sshd w/ proto 1, too; split out common code
6391 [aux.c]
6392 missing include
c04f75f1 6393 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
6394 - INSTALL typo and URL fix
6395 - Makefile fix
6396 - Solaris fixes
bcbf86ec 6397 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
c04f75f1 6398 <ksakai@kso.netwk.ntt-at.co.jp>
afa5ee68 6399 - RSAless operation patch from kevin_oconnor@standardandpoors.com
d45e3d76 6400 - Detect OpenSSL seperatly from RSA
bcbf86ec 6401 - Better test for RSA (more compatible with RSAref). Based on work by
d45e3d76 6402 Ed Eden <ede370@stl.rural.usda.gov>
ad85db64 6403
3d1a1654 640420000513
bcbf86ec 6405 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
3d1a1654 6406 <misiek@pld.org.pl>
6407
d02a3a00 640820000511
bcbf86ec 6409 - Fix for prng_seed permissions checking from Lutz Jaenicke
d02a3a00 6410 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3d1a1654 6411 - "make host-key" fix for Irix
d02a3a00 6412
d0c832f3 641320000509
6414 - OpenBSD CVS update
6415 - markus@cvs.openbsd.org
6416 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
6417 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
6418 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
6419 - hugh@cvs.openbsd.org
6420 [ssh.1]
6421 - zap typo
6422 [ssh-keygen.1]
6423 - One last nit fix. (markus approved)
6424 [sshd.8]
6425 - some markus certified spelling adjustments
6426 - markus@cvs.openbsd.org
6427 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
6428 [sshconnect2.c ]
6429 - bug compat w/ ssh-2.0.13 x11, split out bugs
6430 [nchan.c]
6431 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
6432 [ssh-keygen.c]
6433 - handle escapes in real and original key format, ok millert@
6434 [version.h]
6435 - OpenSSH-2.1
3dc1102e 6436 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
e93ee87a 6437 - Doc updates
bcbf86ec 6438 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
21e5304a 6439 by Andre Lucas <andre.lucas@dial.pipex.com>
d0c832f3 6440
ebdeb9a8 644120000508
6442 - Makefile and RPM spec fixes
6443 - Generate DSA host keys during "make key" or RPM installs
f6cde515 6444 - OpenBSD CVS update
6445 - markus@cvs.openbsd.org
6446 [clientloop.c sshconnect2.c]
6447 - make x11-fwd interop w/ ssh-2.0.13
6448 [README.openssh2]
6449 - interop w/ SecureFX
6450 - Release 2.0.0beta2
ebdeb9a8 6451
bcbf86ec 6452 - Configure caching and cleanup patch from Andre Lucas'
58d100bf 6453 <andre.lucas@dial.pipex.com>
6454
1d1ffb87 645520000507
6456 - Remove references to SSLeay.
6457 - Big OpenBSD CVS update
6458 - markus@cvs.openbsd.org
6459 [clientloop.c]
6460 - typo
6461 [session.c]
6462 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
6463 [session.c]
6464 - update proctitle for proto 1, too
6465 [channels.h nchan.c serverloop.c session.c sshd.c]
6466 - use c-style comments
6467 - deraadt@cvs.openbsd.org
6468 [scp.c]
6469 - more atomicio
bcbf86ec 6470 - markus@cvs.openbsd.org
1d1ffb87 6471 [channels.c]
6472 - set O_NONBLOCK
6473 [ssh.1]
6474 - update AUTHOR
6475 [readconf.c ssh-keygen.c ssh.h]
6476 - default DSA key file ~/.ssh/id_dsa
6477 [clientloop.c]
6478 - typo, rm verbose debug
6479 - deraadt@cvs.openbsd.org
6480 [ssh-keygen.1]
6481 - document DSA use of ssh-keygen
6482 [sshd.8]
6483 - a start at describing what i understand of the DSA side
6484 [ssh-keygen.1]
6485 - document -X and -x
6486 [ssh-keygen.c]
6487 - simplify usage
bcbf86ec 6488 - markus@cvs.openbsd.org
1d1ffb87 6489 [sshd.8]
6490 - there is no rhosts_dsa
6491 [ssh-keygen.1]
6492 - document -y, update -X,-x
6493 [nchan.c]
6494 - fix close for non-open ssh1 channels
6495 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
6496 - s/DsaKey/HostDSAKey/, document option
6497 [sshconnect2.c]
6498 - respect number_of_password_prompts
6499 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
6500 - GatewayPorts for sshd, ok deraadt@
6501 [ssh-add.1 ssh-agent.1 ssh.1]
6502 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
6503 [ssh.1]
6504 - more info on proto 2
6505 [sshd.8]
6506 - sync AUTHOR w/ ssh.1
6507 [key.c key.h sshconnect.c]
6508 - print key type when talking about host keys
6509 [packet.c]
6510 - clear padding in ssh2
6511 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
6512 - replace broken uuencode w/ libc b64_ntop
6513 [auth2.c]
6514 - log failure before sending the reply
6515 [key.c radix.c uuencode.c]
6516 - remote trailing comments before calling __b64_pton
6517 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
6518 [sshconnect2.c sshd.8]
6519 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
6520 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
6521
1a11e1ae 652220000502
0fbe8c74 6523 - OpenBSD CVS update
6524 [channels.c]
6525 - init all fds, close all fds.
6526 [sshconnect2.c]
6527 - check whether file exists before asking for passphrase
6528 [servconf.c servconf.h sshd.8 sshd.c]
6529 - PidFile, pr 1210
6530 [channels.c]
6531 - EINTR
6532 [channels.c]
6533 - unbreak, ok niels@
6534 [sshd.c]
6535 - unlink pid file, ok niels@
6536 [auth2.c]
6537 - Add missing #ifdefs; ok - markus
bcbf86ec 6538 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
d3083fbd 6539 gathering commands from a text file
1a11e1ae 6540 - Release 2.0.0beta1
6541
c4bc58eb 654220000501
6543 - OpenBSD CVS update
6544 [packet.c]
6545 - send debug messages in SSH2 format
3189621b 6546 [scp.c]
6547 - fix very rare EAGAIN/EINTR issues; based on work by djm
6548 [packet.c]
6549 - less debug, rm unused
6550 [auth2.c]
6551 - disable kerb,s/key in ssh2
6552 [sshd.8]
6553 - Minor tweaks and typo fixes.
6554 [ssh-keygen.c]
6555 - Put -d into usage and reorder. markus ok.
bcbf86ec 6556 - Include missing headers for OpenSSL tests. Fix from Phil Karn
44fb55e9 6557 <karn@ka9q.ampr.org>
bcbf86ec 6558 - Fixed __progname symbol collisions reported by Andre Lucas
3fd95d9a 6559 <andre.lucas@dial.pipex.com>
0d5f7abc 6560 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
6561 <gd@hilb1.medat.de>
8cb940db 6562 - Add some missing ifdefs to auth2.c
8af50c98 6563 - Deprecate perl-tk askpass.
52bcc044 6564 - Irix portability fixes - don't include netinet headers more than once
6565 - Make sure we don't save PRNG seed more than once
c4bc58eb 6566
2b763e31 656720000430
6568 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
b7a87eea 6569 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
6570 patch.
6571 - Adds timeout to entropy collection
6572 - Disables slow entropy sources
6573 - Load and save seed file
bcbf86ec 6574 - Changed entropy seed code to user per-user seeds only (server seed is
b7a87eea 6575 saved in root's .ssh directory)
6576 - Use atexit() and fatal cleanups to save seed on exit
0b242b12 6577 - More OpenBSD updates:
6578 [session.c]
6579 - don't call chan_write_failed() if we are not writing
6580 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
6581 - keysize warnings error() -> log()
2b763e31 6582
a306f2dd 658320000429
6584 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
6585 [README.openssh2]
6586 - interop w/ F-secure windows client
6587 - sync documentation
6588 - ssh_host_dsa_key not ssh_dsa_key
6589 [auth-rsa.c]
6590 - missing fclose
6591 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
6592 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
6593 [sshd.c uuencode.c uuencode.h authfile.h]
6594 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
6595 for trading keys with the real and the original SSH, directly from the
6596 people who invented the SSH protocol.
6597 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
6598 [sshconnect1.c sshconnect2.c]
6599 - split auth/sshconnect in one file per protocol version
6600 [sshconnect2.c]
6601 - remove debug
6602 [uuencode.c]
6603 - add trailing =
6604 [version.h]
6605 - OpenSSH-2.0
6606 [ssh-keygen.1 ssh-keygen.c]
6607 - add -R flag: exit code indicates if RSA is alive
6608 [sshd.c]
6609 - remove unused
6610 silent if -Q is specified
6611 [ssh.h]
6612 - host key becomes /etc/ssh_host_dsa_key
6613 [readconf.c servconf.c ]
6614 - ssh/sshd default to proto 1 and 2
6615 [uuencode.c]
6616 - remove debug
6617 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
6618 - xfree DSA blobs
6619 [auth2.c serverloop.c session.c]
6620 - cleanup logging for sshd/2, respect PasswordAuth no
6621 [sshconnect2.c]
6622 - less debug, respect .ssh/config
6623 [README.openssh2 channels.c channels.h]
bcbf86ec 6624 - clientloop.c session.c ssh.c
a306f2dd 6625 - support for x11-fwding, client+server
6626
0ac7199f 662720000421
6628 - Merge fix from OpenBSD CVS
6629 [ssh-agent.c]
6630 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
6631 via Debian bug #59926
18ba2aab 6632 - Define __progname in session.c if libc doesn't
6633 - Remove indentation on autoconf #include statements to avoid bug in
bcbf86ec 6634 DEC Tru64 compiler. Report and fix from David Del Piero
18ba2aab 6635 <David.DelPiero@qed.qld.gov.au>
0ac7199f 6636
e1b37056 663720000420
bcbf86ec 6638 - Make fixpaths work with perl4, patch from Andre Lucas
e1b37056 6639 <andre.lucas@dial.pipex.com>
9da5c3c9 6640 - Sync with OpenBSD CVS:
6641 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
6642 - pid_t
6643 [session.c]
6644 - remove bogus chan_read_failed. this could cause data
6645 corruption (missing data) at end of a SSH2 session.
4e577b89 6646 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
6647 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
6648 - Use vhangup to clean up Linux ttys
6649 - Force posix getopt processing on GNU libc systems
371ecff9 6650 - Debian bug #55910 - remove references to ssl(8) manpages
247f1a89 6651 - Debian bug #58031 - ssh_config lies about default cipher
e1b37056 6652
d6f24e45 665320000419
6654 - OpenBSD CVS updates
6655 [channels.c]
6656 - fix pr 1196, listen_port and port_to_connect interchanged
6657 [scp.c]
bcbf86ec 6658 - after completion, replace the progress bar ETA counter with a final
d6f24e45 6659 elapsed time; my idea, aaron wrote the patch
6660 [ssh_config sshd_config]
6661 - show 'Protocol' as an example, ok markus@
6662 [sshd.c]
6663 - missing xfree()
6664 - Add missing header to bsd-misc.c
6665
35484284 666620000416
6667 - Reduce diff against OpenBSD source
bcbf86ec 6668 - All OpenSSL includes are now unconditionally referenced as
35484284 6669 openssl/foo.h
6670 - Pick up formatting changes
6671 - Other minor changed (typecasts, etc) that I missed
6672
6ae2364d 667320000415
6674 - OpenBSD CVS updates.
6675 [ssh.1 ssh.c]
6676 - ssh -2
6677 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
6678 [session.c sshconnect.c]
6679 - check payload for (illegal) extra data
6680 [ALL]
6681 whitespace cleanup
6682
c323ac76 668320000413
6684 - INSTALL doc updates
f54651ce 6685 - Merged OpenBSD updates to include paths.
bcbf86ec 6686
a8be9f80 668720000412
6688 - OpenBSD CVS updates:
6689 - [channels.c]
6690 repair x11-fwd
6691 - [sshconnect.c]
6692 fix passwd prompt for ssh2, less debugging output.
6693 - [clientloop.c compat.c dsa.c kex.c sshd.c]
6694 less debugging output
6695 - [kex.c kex.h sshconnect.c sshd.c]
6696 check for reasonable public DH values
6697 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
6698 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
6699 add Cipher and Protocol options to ssh/sshd, e.g.:
6700 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
6701 arcfour,3des-cbc'
6702 - [sshd.c]
6703 print 1.99 only if server supports both
6704
18e92801 670520000408
6706 - Avoid some compiler warnings in fake-get*.c
6707 - Add IPTOS macros for systems which lack them
9d98aaf6 6708 - Only set define entropy collection macros if they are found
e78a59f5 6709 - More large OpenBSD CVS updates:
6710 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
6711 [session.h ssh.h sshd.c README.openssh2]
6712 ssh2 server side, see README.openssh2; enable with 'sshd -2'
6713 - [channels.c]
6714 no adjust after close
6715 - [sshd.c compat.c ]
6716 interop w/ latest ssh.com windows client.
61e96248 6717
8ce64345 671820000406
6719 - OpenBSD CVS update:
6720 - [channels.c]
6721 close efd on eof
6722 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
6723 ssh2 client implementation, interops w/ ssh.com and lsh servers.
6724 - [sshconnect.c]
6725 missing free.
6726 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
6727 remove unused argument, split cipher_mask()
6728 - [clientloop.c]
6729 re-order: group ssh1 vs. ssh2
6730 - Make Redhat spec require openssl >= 0.9.5a
6731
e7627112 673220000404
6733 - Add tests for RAND_add function when searching for OpenSSL
7e7327a1 6734 - OpenBSD CVS update:
6735 - [packet.h packet.c]
6736 ssh2 packet format
6737 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
6738 [channels.h channels.c]
6739 channel layer support for ssh2
6740 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
6741 DSA, keyexchange, algorithm agreement for ssh2
6c081128 6742 - Generate manpages before make install not at the end of make all
6743 - Don't seed the rng quite so often
6744 - Always reseed rng when requested
e7627112 6745
bfc9a610 674620000403
6747 - Wrote entropy collection routines for systems that lack /dev/random
6748 and EGD
837c30b8 6749 - Disable tests and typedefs for 64 bit types. They are currently unused.
bfc9a610 6750
7368a6c8 675120000401
6752 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
6753 - [auth.c session.c sshd.c auth.h]
6754 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
6755 - [bufaux.c bufaux.h]
6756 support ssh2 bignums
6757 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
6758 [readconf.c ssh.c ssh.h serverloop.c]
6759 replace big switch() with function tables (prepare for ssh2)
6760 - [ssh2.h]
6761 ssh2 message type codes
6762 - [sshd.8]
6763 reorder Xr to avoid cutting
6764 - [serverloop.c]
6765 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
6766 - [channels.c]
6767 missing close
6768 allow bigger packets
6769 - [cipher.c cipher.h]
6770 support ssh2 ciphers
6771 - [compress.c]
6772 cleanup, less code
6773 - [dispatch.c dispatch.h]
6774 function tables for different message types
6775 - [log-server.c]
6776 do not log() if debuggin to stderr
6777 rename a cpp symbol, to avoid param.h collision
6778 - [mpaux.c]
6779 KNF
6780 - [nchan.c]
6781 sync w/ channels.c
6782
f5238bee 678320000326
6784 - Better tests for OpenSSL w/ RSAref
bcbf86ec 6785 - Added replacement setenv() function from OpenBSD libc. Suggested by
f5238bee 6786 Ben Lindstrom <mouring@pconline.com>
4fe2af09 6787 - OpenBSD CVS update
6788 - [auth-krb4.c]
6789 -Wall
6790 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
6791 [match.h ssh.c ssh.h sshconnect.c sshd.c]
6792 initial support for DSA keys. ok deraadt@, niels@
6793 - [cipher.c cipher.h]
6794 remove unused cipher_attack_detected code
6795 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
6796 Fix some formatting problems I missed before.
6797 - [ssh.1 sshd.8]
6798 fix spelling errors, From: FreeBSD
6799 - [ssh.c]
6800 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
f5238bee 6801
0024a081 680220000324
6803 - Released 1.2.3
6804
bd499f9e 680520000317
6806 - Clarified --with-default-path option.
6807 - Added -blibpath handling for AIX to work around stupid runtime linking.
6808 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
986a22ec 6809 <jmknoble@jmknoble.cx>
474b5fef 6810 - Checks for 64 bit int types. Problem report from Mats Fredholm
6811 <matsf@init.se>
610cd5c6 6812 - OpenBSD CVS updates:
bcbf86ec 6813 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
610cd5c6 6814 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
6815 [sshd.c]
6816 pedantic: signed vs. unsigned, void*-arithm, etc
6817 - [ssh.1 sshd.8]
6818 Various cleanups and standardizations.
bcbf86ec 6819 - Runtime error fix for HPUX from Otmar Stahl
be48d23c 6820 <O.Stahl@lsw.uni-heidelberg.de>
bd499f9e 6821
4696775a 682220000316
bcbf86ec 6823 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
4696775a 6824 Hesprich <dghespri@sprintparanet.com>
d423d822 6825 - Propogate LD through to Makefile
b7a9ce47 6826 - Doc cleanups
2ba2a610 6827 - Added blurb about "scp: command not found" errors to UPGRADING
4696775a 6828
cb0b7ea4 682920000315
6830 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
6831 problems with gcc/Solaris.
bcbf86ec 6832 - Don't free argument to putenv() after use (in setenv() replacement).
db55a3ea 6833 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
bcbf86ec 6834 - Created contrib/ subdirectory. Included helpers from Phil Hands'
13652e52 6835 Debian package, README file and chroot patch from Ricardo Cerqueira
6836 <rmcc@clix.pt>
bcbf86ec 6837 - Moved gnome-ssh-askpass.c to contrib directory and removed config
13652e52 6838 option.
6839 - Slight cleanup to doc files
b14b2ae7 6840 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
cb0b7ea4 6841
a8ed9fd9 684220000314
bcbf86ec 6843 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
a8ed9fd9 6844 peter@frontierflying.com
84afc958 6845 - Include /usr/local/include and /usr/local/lib for systems that don't
6846 do it themselves
6847 - -R/usr/local/lib for Solaris
6848 - Fix RSAref detection
6849 - Fix IN6_IS_ADDR_V4MAPPED macro
a8ed9fd9 6850
bcf36c78 685120000311
6852 - Detect RSAref
43e48848 6853 - OpenBSD CVS change
6854 [sshd.c]
6855 - disallow guessing of root password
867dbf40 6856 - More configure fixes
80faa19f 6857 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
bcf36c78 6858
c8d54615 685920000309
6860 - OpenBSD CVS updates to v1.2.3
704b1659 6861 [ssh.h atomicio.c]
6862 - int atomicio -> ssize_t (for alpha). ok deraadt@
6863 [auth-rsa.c]
6864 - delay MD5 computation until client sends response, free() early, cleanup.
6865 [cipher.c]
6866 - void* -> unsigned char*, ok niels@
6867 [hostfile.c]
6868 - remove unused variable 'len'. fix comments.
6869 - remove unused variable
6870 [log-client.c log-server.c]
6871 - rename a cpp symbol, to avoid param.h collision
6872 [packet.c]
6873 - missing xfree()
6874 - getsockname() requires initialized tolen; andy@guildsoftware.com
6875 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
6876 from Holger.Trapp@Informatik.TU-Chemnitz.DE
6877 [pty.c pty.h]
bcbf86ec 6878 - register cleanup for pty earlier. move code for pty-owner handling to
c8d54615 6879 pty.c ok provos@, dugsong@
704b1659 6880 [readconf.c]
6881 - turn off x11-fwd for the client, too.
6882 [rsa.c]
6883 - PKCS#1 padding
6884 [scp.c]
6885 - allow '.' in usernames; from jedgar@fxp.org
6886 [servconf.c]
6887 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
6888 - sync with sshd_config
6889 [ssh-keygen.c]
6890 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
6891 [ssh.1]
6892 - Change invalid 'CHAT' loglevel to 'VERBOSE'
6893 [ssh.c]
6894 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
6895 - turn off x11-fwd for the client, too.
6896 [sshconnect.c]
6897 - missing xfree()
6898 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
6899 - read error vs. "Connection closed by remote host"
6900 [sshd.8]
6901 - ie. -> i.e.,
6902 - do not link to a commercial page..
6903 - sync with sshd_config
6904 [sshd.c]
6905 - no need for poll.h; from bright@wintelcom.net
6906 - log with level log() not fatal() if peer behaves badly.
6907 - don't panic if client behaves strange. ok deraadt@
6908 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
6909 - delay close() of pty until the pty has been chowned back to root
6910 - oops, fix comment, too.
6911 - missing xfree()
6912 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
6913 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
bcbf86ec 6914 - register cleanup for pty earlier. move code for pty-owner handling to
704b1659 6915 pty.c ok provos@, dugsong@
6916 - create x11 cookie file
6917 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
6918 - version 1.2.3
c8d54615 6919 - Cleaned up
bcbf86ec 6920 - Removed warning workaround for Linux and devpts filesystems (no longer
d8223847 6921 required after OpenBSD updates)
c8d54615 6922
07055445 692320000308
6924 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
6925
692620000307
6927 - Released 1.2.2p1
6928
9c8c3fc6 692920000305
6930 - Fix DEC compile fix
54096dcc 6931 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
aa6bd60a 6932 - Check for getpagesize in libucb.a if not found in libc. Fix for old
6933 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 6934 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
9fc7867e 6935 Mate Wierdl <mw@moni.msci.memphis.edu>
9c8c3fc6 6936
6bf4d066 693720000303
6938 - Added "make host-key" target, Suggestion from Dominik Brettnacher
6939 <domi@saargate.de>
bcbf86ec 6940 - Don't permanently fail on bind() if getaddrinfo has more choices left for
16218745 6941 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
6942 Miskiewicz <misiek@pld.org.pl>
22fa590f 6943 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
6944 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
6bf4d066 6945
a0391976 694620000302
6947 - Big cleanup of autoconf code
6948 - Rearranged to be a little more logical
6949 - Added -R option for Solaris
6950 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
6951 to detect library and header location _and_ ensure library has proper
6952 RSA support built in (this is a problem with OpenSSL 0.9.5).
817175bc 6953 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
0a1718dc 6954 - Avoid warning message with Unix98 ptys
bcbf86ec 6955 - Warning was valid - possible race condition on PTYs. Avoided using
3276571c 6956 platform-specific code.
6957 - Document some common problems
bcbf86ec 6958 - Allow root access to any key. Patch from
81eef326 6959 markus.friedl@informatik.uni-erlangen.de
a0391976 6960
f55afe71 696120000207
6962 - Removed SOCKS code. Will support through a ProxyCommand.
6963
d07d1c58 696420000203
6965 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
d581b7ae 6966 - Add --with-ssl-dir option
d07d1c58 6967
9d5f374b 696820000202
bcbf86ec 6969 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
9d5f374b 6970 <jmd@aoe.vt.edu>
6b1f3fdb 6971 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 6972 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
6b1f3fdb 6973 <haruyama@nt.phys.s.u-tokyo.ac.jp>
9d5f374b 6974
bc8c2601 697520000201
6976 - Use socket pairs by default (instead of pipes). Prevents race condition
6977 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
6978
69c76614 697920000127
6980 - Seed OpenSSL's random number generator before generating RSA keypairs
6981 - Split random collector into seperate file
aaf2abd7 6982 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
69c76614 6983
f9507c24 698420000126
6985 - Released 1.2.2 stable
6986
bcbf86ec 6987 - NeXT keeps it lastlog in /usr/adm. Report from
f9507c24 6988 mouring@newton.pconline.com
bcbf86ec 6989 - Added note in UPGRADING re interop with commercial SSH using idea.
986a22ec 6990 Report from Jim Knoble <jmknoble@jmknoble.cx>
587120ad 6991 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
6992 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
f9507c24 6993
bfae20ad 699420000125
bcbf86ec 6995 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
bfae20ad 6996 <andre.lucas@dial.pipex.com>
07b0cb78 6997 - Reorder PAM initialisation so it does not mess up lastlog. Reported
6998 by Andre Lucas <andre.lucas@dial.pipex.com>
bcbf86ec 6999 - Use preformatted manpages on SCO, report from Gary E. Miller
9755cbdb 7000 <gem@rellim.com>
7001 - New URL for x11-ssh-askpass.
bcbf86ec 7002 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
986a22ec 7003 <jmknoble@jmknoble.cx>
bcbf86ec 7004 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
986a22ec 7005 Jim Knoble <jmknoble@jmknoble.cx>
ff8ecdb8 7006 - Updated RPM spec files to use DESTDIR
bfae20ad 7007
bb58aa4b 700820000124
7009 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
7010 increment)
7011
d45317d8 701220000123
7013 - OpenBSD CVS:
7014 - [packet.c]
7015 getsockname() requires initialized tolen; andy@guildsoftware.com
bcbf86ec 7016 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
4c40f834 7017 <drankin@bohemians.lexington.ky.us>
12aa90af 7018 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
d45317d8 7019
e844f761 702020000122
7021 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
7022 <bent@clark.net>
c54a6257 7023 - Merge preformatted manpage patch from Andre Lucas
7024 <andre.lucas@dial.pipex.com>
8eb34e02 7025 - Make IPv4 use the default in RPM packages
7026 - Irix uses preformatted manpages
1e64903d 7027 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
7028 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
9bc5ddfe 7029 - OpenBSD CVS updates:
7030 - [packet.c]
7031 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
7032 from Holger.Trapp@Informatik.TU-Chemnitz.DE
7033 - [sshd.c]
7034 log with level log() not fatal() if peer behaves badly.
7035 - [readpass.c]
bcbf86ec 7036 instead of blocking SIGINT, catch it ourselves, so that we can clean
7037 the tty modes up and kill ourselves -- instead of our process group
61e96248 7038 leader (scp, cvs, ...) going away and leaving us in noecho mode.
9bc5ddfe 7039 people with cbreak shells never even noticed..
399d9d44 7040 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
7041 ie. -> i.e.,
e844f761 7042
4c8ef3fb 704320000120
7044 - Don't use getaddrinfo on AIX
7b2ea3a1 7045 - Update to latest OpenBSD CVS:
7046 - [auth-rsa.c]
7047 - fix user/1056, sshd keeps restrictions; dbt@meat.net
7048 - [sshconnect.c]
7049 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
7050 - destroy keys earlier
bcbf86ec 7051 - split key exchange (kex) and user authentication (user-auth),
d468fc76 7052 ok: provos@
7b2ea3a1 7053 - [sshd.c]
7054 - no need for poll.h; from bright@wintelcom.net
7055 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
bcbf86ec 7056 - split key exchange (kex) and user authentication (user-auth),
d468fc76 7057 ok: provos@
f3bba493 7058 - Big manpage and config file cleanup from Andre Lucas
7059 <andre.lucas@dial.pipex.com>
5f4fdfae 7060 - Re-added latest (unmodified) OpenBSD manpages
47f9a56a 7061 - Doc updates
d468fc76 7062 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
7063 Christos Zoulas <christos@netbsd.org>
4c8ef3fb 7064
082bbfb3 706520000119
20af321f 7066 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
082bbfb3 7067 - Compile fix from Darren_Hall@progressive.com
59e76f33 7068 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
7069 addresses using getaddrinfo(). Added a configure switch to make the
7070 default lookup mode AF_INET
082bbfb3 7071
a63a7f37 707220000118
7073 - Fixed --with-pid-dir option
51a6baf8 7074 - Makefile fix from Gary E. Miller <gem@rellim.com>
61e96248 7075 - Compile fix for HPUX and Solaris from Andre Lucas
976f7e19 7076 <andre.lucas@dial.pipex.com>
a63a7f37 7077
f914c7fb 707820000117
7079 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
7080 port, ignore EINVAL errors (Linux) when searching for free port.
bcbf86ec 7081 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
de93b046 7082 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
9b363e1c 7083 - Document location of Redhat PAM file in INSTALL.
bcbf86ec 7084 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
7085 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
f4a7cf29 7086 deliver (no IPv6 kernel support)
80a44451 7087 - Released 1.2.1pre27
f914c7fb 7088
f4a7cf29 7089 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
bcbf86ec 7090 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
cf8ad170 7091 <jhuuskon@hytti.uku.fi>
bcbf86ec 7092 - Fix hang on logout if processes are still using the pty. Needs
691a8a9f 7093 further testing.
5957fd29 7094 - Patch from Christos Zoulas <christos@zoulas.com>
7095 - Try $prefix first when looking for OpenSSL.
7096 - Include sys/types.h when including sys/socket.h in test programs
bcbf86ec 7097 - Substitute PID directory in sshd.8. Suggestion from Andrew
19d9ac2a 7098 Stribblehill <a.d.stribblehill@durham.ac.uk>
f4a7cf29 7099
47e45e44 710020000116
7101 - Renamed --with-xauth-path to --with-xauth
7102 - Added --with-pid-dir option
7103 - Released 1.2.1pre26
7104
a82ef8ae 7105 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
bcbf86ec 7106 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
66be05a1 7107 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
a82ef8ae 7108
5cdfe03f 710920000115
7110 - Add --with-xauth-path configure directive and explicit test for
bcbf86ec 7111 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
5cdfe03f 7112 Nordby <anders@fix.no>
bcbf86ec 7113 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
5cdfe03f 7114 openpty. Report from John Seifarth <john@waw.be>
7115 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
bcbf86ec 7116 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
5cdfe03f 7117 <gem@rellim.com>
7118 - Use __snprintf and __vnsprintf if they are found where snprintf and
7119 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
7120 and others.
7121
48e671d5 712220000114
7123 - Merged OpenBSD IPv6 patch:
7124 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
7125 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
7126 [hostfile.c sshd_config]
7127 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
bcbf86ec 7128 features: sshd allows multiple ListenAddress and Port options. note
7129 that libwrap is not IPv6-ready. (based on patches from
48e671d5 7130 fujiwara@rcac.tdi.co.jp)
7131 - [ssh.c canohost.c]
bcbf86ec 7132 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
48e671d5 7133 from itojun@
7134 - [channels.c]
7135 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
7136 - [packet.h]
7137 allow auth-kerberos for IPv4 only
7138 - [scp.1 sshd.8 servconf.h scp.c]
7139 document -4, -6, and 'ssh -L 2022/::1/22'
7140 - [ssh.c]
bcbf86ec 7141 'ssh @host' is illegal (null user name), from
48e671d5 7142 karsten@gedankenpolizei.de
7143 - [sshconnect.c]
7144 better error message
7145 - [sshd.c]
7146 allow auth-kerberos for IPv4 only
7147 - Big IPv6 merge:
7148 - Cleanup overrun in sockaddr copying on RHL 6.1
7149 - Replacements for getaddrinfo, getnameinfo, etc based on versions
7150 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
7151 - Replacement for missing structures on systems that lack IPv6
7152 - record_login needed to know about AF_INET6 addresses
7153 - Borrowed more code from OpenBSD: rresvport_af and requisites
7154
2598df62 715520000110
7156 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
7157
b8a0310d 715820000107
7159 - New config.sub and config.guess to fix problems on SCO. Supplied
7160 by Gary E. Miller <gem@rellim.com>
b6a98a85 7161 - SCO build fix from Gary E. Miller <gem@rellim.com>
2598df62 7162 - Released 1.2.1pre25
b8a0310d 7163
dfb95100 716420000106
7165 - Documentation update & cleanup
7166 - Better KrbIV / AFS detection, based on patch from:
7167 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
7168
b9795b89 716920000105
bcbf86ec 7170 - Fixed annoying DES corruption problem. libcrypt has been
b9795b89 7171 overriding symbols in libcrypto. Removed libcrypt and crypt.h
7172 altogether (libcrypto includes its own crypt(1) replacement)
7173 - Added platform-specific rules for Irix 6.x. Included warning that
7174 they are untested.
7175
a1ec4d79 717620000103
7177 - Add explicit make rules for files proccessed by fixpaths.
61e96248 7178 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
a1ec4d79 7179 <tnh@kondara.org>
bcbf86ec 7180 - Removed "nullok" directive from default PAM configuration files.
7181 Added information on enabling EmptyPasswords on openssh+PAM in
607d73e6 7182 UPGRADING file.
e02735bb 7183 - OpenBSD CVS updates
7184 - [ssh-agent.c]
bcbf86ec 7185 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
e02735bb 7186 dgaudet@arctic.org
7187 - [sshconnect.c]
7188 compare correct version for 1.3 compat mode
a1ec4d79 7189
93c7f644 719020000102
7191 - Prevent multiple inclusion of config.h and defines.h. Suggested
7192 by Andre Lucas <andre.lucas@dial.pipex.com>
7193 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
7194 <dgaudet@arctic.org>
7195
76b8607f 719619991231
bcbf86ec 7197 - Fix password support on systems with a mixture of shadowed and
7198 non-shadowed passwords (e.g. NIS). Report and fix from
76b8607f 7199 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
bcbf86ec 7200 - Fix broken autoconf typedef detection. Report from Marc G.
723221b5 7201 Fournier <marc.fournier@acadiau.ca>
b92964b7 7202 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
7203 <Franz.Sirl-kernel@lauterbach.com>
bcbf86ec 7204 - Prevent typedefs from being compiled more than once. Report from
a6ddc88b 7205 Marc G. Fournier <marc.fournier@acadiau.ca>
4811cc0b 7206 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
7207 <iretd@bigfoot.com>
bcbf86ec 7208 - Really fix broken default path. Fix from Jim Knoble
986a22ec 7209 <jmknoble@jmknoble.cx>
ae3a3d31 7210 - Remove test for quad_t. No longer needed.
76a8e733 7211 - Released 1.2.1pre24
7212
7213 - Added support for directory-based lastlogs
7214 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
76b8607f 7215
13f825f4 721619991230
7217 - OpenBSD CVS updates:
7218 - [auth-passwd.c]
7219 check for NULL 1st
bcbf86ec 7220 - Removed most of the pam code into its own file auth-pam.[ch]. This
a5c9cd31 7221 cleaned up sshd.c up significantly.
bcbf86ec 7222 - PAM authentication was incorrectly interpreting
76b8607f 7223 "PermitRootLogin without-password". Report from Matthias Andree
7224 <ma@dt.e-technik.uni-dortmund.de
a5c9cd31 7225 - Several other cleanups
0bc5b6fb 7226 - Merged Dante SOCKS support patch from David Rankin
7227 <drankin@bohemians.lexington.ky.us>
7228 - Updated documentation with ./configure options
76b8607f 7229 - Released 1.2.1pre23
13f825f4 7230
c73a0cb5 723119991229
bcbf86ec 7232 - Applied another NetBSD portability patch from David Rankin
c73a0cb5 7233 <drankin@bohemians.lexington.ky.us>
7234 - Fix --with-default-path option.
bcbf86ec 7235 - Autodetect perl, patch from David Rankin
a0f84251 7236 <drankin@bohemians.lexington.ky.us>
bcbf86ec 7237 - Print whether OpenSSH was compiled with RSARef, patch from
0a2ff95d 7238 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
bcbf86ec 7239 - Calls to pam_setcred, patch from Nalin Dahyabhai
f91bacbd 7240 <nalin@thermo.stat.ncsu.edu>
e3a93db0 7241 - Detect missing size_t and typedef it.
5ab44a92 7242 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
7243 - Minor Makefile cleaning
c73a0cb5 7244
b6019d68 724519991228
7246 - Replacement for getpagesize() for systems which lack it
bcbf86ec 7247 - NetBSD login.c compile fix from David Rankin
70e0115b 7248 <drankin@bohemians.lexington.ky.us>
7249 - Fully set ut_tv if present in utmp or utmpx
d94aa2ae 7250 - Portability fixes for Irix 5.3 (now compiles OK!)
7251 - autoconf and other misc cleanups
ea1970a3 7252 - Merged AIX patch from Darren Hall <dhall@virage.org>
7253 - Cleaned up defines.h
fa9a2dd6 7254 - Released 1.2.1pre22
b6019d68 7255
d2dcff5f 725619991227
7257 - Automatically correct paths in manpages and configuration files. Patch
7258 and script from Andre Lucas <andre.lucas@dial.pipex.com>
7259 - Removed credits from README to CREDITS file, updated.
cb807f40 7260 - Added --with-default-path to specify custom path for server
7261 - Removed #ifdef trickery from acconfig.h into defines.h
36a5b38e 7262 - PAM bugfix. PermitEmptyPassword was being ignored.
7263 - Fixed PAM config files to allow empty passwords if server does.
7264 - Explained spurious PAM auth warning workaround in UPGRADING
21feb5fa 7265 - Use last few chars of tty line as ut_id
5a7794be 7266 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
00e6dd70 7267 - OpenBSD CVS updates:
7268 - [packet.h auth-rhosts.c]
7269 check format string for packet_disconnect and packet_send_debug, too
7270 - [channels.c]
7271 use packet_get_maxsize for channels. consistence.
d2dcff5f 7272
f74efc8d 727319991226
7274 - Enabled utmpx support by default for Solaris
7275 - Cleanup sshd.c PAM a little more
986a22ec 7276 - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
bc7ea646 7277 X11 ssh-askpass program.
20c43d8c 7278 - Disable logging of PAM success and failures, PAM is verbose enough.
bcbf86ec 7279 Unfortunatly there is currently no way to disable auth failure
7280 messages. Mention this in UPGRADING file and sent message to PAM
20c43d8c 7281 developers
83b7f649 7282 - OpenBSD CVS update:
7283 - [ssh-keygen.1 ssh.1]
bcbf86ec 7284 remove ref to .ssh/random_seed, mention .ssh/environment in
83b7f649 7285 .Sh FILES, too
72251cb6 7286 - Released 1.2.1pre21
bcbf86ec 7287 - Fixed implicit '.' in default path, report from Jim Knoble
986a22ec 7288 <jmknoble@jmknoble.cx>
7289 - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
f74efc8d 7290
f498ed15 729119991225
7292 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
7293 - Cleanup of auth-passwd.c for shadow and MD5 passwords
7294 - Cleanup and bugfix of PAM authentication code
f74efc8d 7295 - Released 1.2.1pre20
7296
7297 - Merged fixes from Ben Taylor <bent@clark.net>
7298 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
7299 - Disabled logging of PAM password authentication failures when password
7300 is empty. (e.g start of authentication loop). Reported by Naz
7301 <96na@eng.cam.ac.uk>)
f498ed15 7302
730319991223
bcbf86ec 7304 - Merged later HPUX patch from Andre Lucas
f498ed15 7305 <andre.lucas@dial.pipex.com>
7306 - Above patch included better utmpx support from Ben Taylor
f74efc8d 7307 <bent@clark.net>
f498ed15 7308
eef6f7e9 730919991222
bcbf86ec 7310 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
eef6f7e9 7311 <pope@netguide.dk>
ae28776a 7312 - Fix login.c breakage on systems which lack ut_host in struct
7313 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
eef6f7e9 7314
a7effaac 731519991221
bcbf86ec 7316 - Integration of large HPUX patch from Andre Lucas
7317 <andre.lucas@dial.pipex.com>. Integrating it had a few other
a7effaac 7318 benefits:
7319 - Ability to disable shadow passwords at configure time
7320 - Ability to disable lastlog support at configure time
7321 - Support for IP address in $DISPLAY
ae2f7af7 7322 - OpenBSD CVS update:
7323 - [sshconnect.c]
7324 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
59dd7a31 7325 - Fix DISABLE_SHADOW support
7326 - Allow MD5 passwords even if shadow passwords are disabled
16034de9 7327 - Release 1.2.1pre19
a7effaac 7328
3f1d9bcd 732919991218
bcbf86ec 7330 - Redhat init script patch from Chun-Chung Chen
3f1d9bcd 7331 <cjj@u.washington.edu>
7e1c2490 7332 - Avoid breakage on systems without IPv6 headers
3f1d9bcd 7333
60d804c8 733419991216
bcbf86ec 7335 - Makefile changes for Solaris from Peter Kocks
60d804c8 7336 <peter.kocks@baygate.com>
89cafde6 7337 - Minor updates to docs
7338 - Merged OpenBSD CVS changes:
7339 - [authfd.c ssh-agent.c]
7340 keysize warnings talk about identity files
7341 - [packet.c]
7342 "Connection closed by x.x.x.x": fatal() -> log()
bcbf86ec 7343 - Correctly handle empty passwords in shadow file. Patch from:
c9d323f0 7344 "Chris, the Young One" <cky@pobox.com>
7345 - Released 1.2.1pre18
60d804c8 7346
7dc6fc6d 734719991215
7348 - Integrated patchs from Juergen Keil <jk@tools.de>
7349 - Avoid void* pointer arithmatic
7350 - Use LDFLAGS correctly
68227e6d 7351 - Fix SIGIO error in scp
7352 - Simplify status line printing in scp
61e96248 7353 - Added better test for inline functions compiler support from
906a2515 7354 Darren_Hall@progressive.com
7dc6fc6d 7355
95f1eccc 735619991214
7357 - OpenBSD CVS Changes
7358 - [canohost.c]
bcbf86ec 7359 fix get_remote_port() and friends for sshd -i;
95f1eccc 7360 Holger.Trapp@Informatik.TU-Chemnitz.DE
7361 - [mpaux.c]
7362 make code simpler. no need for memcpy. niels@ ok
7363 - [pty.c]
7364 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
7365 fix proto; markus
7366 - [ssh.1]
7367 typo; mark.baushke@solipsa.com
7368 - [channels.c ssh.c ssh.h sshd.c]
7369 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
7370 - [sshconnect.c]
7371 move checking of hostkey into own function.
7372 - [version.h]
7373 OpenSSH-1.2.1
884bcb37 7374 - Clean up broken includes in pty.c
7303768f 7375 - Some older systems don't have poll.h, they use sys/poll.h instead
7376 - Doc updates
95f1eccc 7377
847e8865 737819991211
bcbf86ec 7379 - Fix compilation on systems with AFS. Reported by
847e8865 7380 aloomis@glue.umd.edu
bcbf86ec 7381 - Fix installation on Solaris. Reported by
847e8865 7382 Gordon Rowell <gordonr@gormand.com.au>
7383 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
7384 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
7385 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
7386 - Compile fix from David Agraz <dagraz@jahoopa.com>
7387 - Avoid compiler warning in bsd-snprintf.c
bcbf86ec 7388 - Added pam_limits.so to default PAM config. Suggested by
986a22ec 7389 Jim Knoble <jmknoble@jmknoble.cx>
847e8865 7390
8946db53 739119991209
7392 - Import of patch from Ben Taylor <bent@clark.net>:
7393 - Improved PAM support
7394 - "uninstall" rule for Makefile
7395 - utmpx support
7396 - Should fix PAM problems on Solaris
2d86a6cc 7397 - OpenBSD CVS updates:
7398 - [readpass.c]
7399 avoid stdio; based on work by markus, millert, and I
7400 - [sshd.c]
7401 make sure the client selects a supported cipher
7402 - [sshd.c]
bcbf86ec 7403 fix sighup handling. accept would just restart and daemon handled
7404 sighup only after the next connection was accepted. use poll on
2d86a6cc 7405 listen sock now.
7406 - [sshd.c]
7407 make that a fatal
87e91331 7408 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
7409 to fix libwrap support on NetBSD
5001b9e4 7410 - Released 1.2pre17
8946db53 7411
6d8c4ea4 741219991208
bcbf86ec 7413 - Compile fix for Solaris with /dev/ptmx from
6d8c4ea4 7414 David Agraz <dagraz@jahoopa.com>
7415
4285816a 741619991207
986a22ec 7417 - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
4285816a 7418 fixes compatability with 4.x and 5.x
db28aeb5 7419 - Fixed default SSH_ASKPASS
bcbf86ec 7420 - Fix PAM account and session being called multiple times. Problem
d465f2ca 7421 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
a408af76 7422 - Merged more OpenBSD changes:
7423 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
bcbf86ec 7424 move atomicio into it's own file. wrap all socket write()s which
a408af76 7425 were doing write(sock, buf, len) != len, with atomicio() calls.
7426 - [auth-skey.c]
7427 fd leak
7428 - [authfile.c]
7429 properly name fd variable
7430 - [channels.c]
7431 display great hatred towards strcpy
7432 - [pty.c pty.h sshd.c]
7433 use openpty() if it exists (it does on BSD4_4)
7434 - [tildexpand.c]
7435 check for ~ expansion past MAXPATHLEN
7436 - Modified helper.c to use new atomicio function.
7437 - Reformat Makefile a little
7438 - Moved RC4 routines from rc4.[ch] into helper.c
7439 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
9983a8ca 7440 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
7441 - Tweaked Redhat spec
9158d92f 7442 - Clean up bad imports of a few files (forgot -kb)
7443 - Released 1.2pre16
4285816a 7444
9c7b6dfd 744519991204
7446 - Small cleanup of PAM code in sshd.c
57112b5a 7447 - Merged OpenBSD CVS changes:
7448 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
7449 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
7450 - [auth-rsa.c]
7451 warn only about mismatch if key is _used_
7452 warn about keysize-mismatch with log() not error()
7453 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
7454 ports are u_short
7455 - [hostfile.c]
7456 indent, shorter warning
7457 - [nchan.c]
7458 use error() for internal errors
7459 - [packet.c]
7460 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
7461 serverloop.c
7462 indent
7463 - [ssh-add.1 ssh-add.c ssh.h]
7464 document $SSH_ASKPASS, reasonable default
7465 - [ssh.1]
7466 CheckHostIP is not available for connects via proxy command
7467 - [sshconnect.c]
7468 typo
7469 easier to read client code for passwd and skey auth
7470 turn of checkhostip for proxy connects, since we don't know the remote ip
9c7b6dfd 7471
dad3b556 747219991126
7473 - Add definition for __P()
7474 - Added [v]snprintf() replacement for systems that lack it
7475
0ce43ae4 747619991125
7477 - More reformatting merged from OpenBSD CVS
7478 - Merged OpenBSD CVS changes:
7479 - [channels.c]
7480 fix packet_integrity_check() for !have_hostname_in_open.
7481 report from mrwizard@psu.edu via djm@ibs.com.au
7482 - [channels.c]
7483 set SO_REUSEADDR and SO_LINGER for forwarded ports.
7484 chip@valinux.com via damien@ibs.com.au
7485 - [nchan.c]
7486 it's not an error() if shutdown_write failes in nchan.
7487 - [readconf.c]
7488 remove dead #ifdef-0-code
7489 - [readconf.c servconf.c]
7490 strcasecmp instead of tolower
7491 - [scp.c]
7492 progress meter overflow fix from damien@ibs.com.au
7493 - [ssh-add.1 ssh-add.c]
7494 SSH_ASKPASS support
7495 - [ssh.1 ssh.c]
7496 postpone fork_after_authentication until command execution,
7497 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
7498 plus: use daemon() for backgrounding
cf8dd513 7499 - Added BSD compatible install program and autoconf test, thanks to
7500 Niels Kristian Bech Jensen <nkbj@image.dk>
7501 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
09041313 7502 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
3dbefdb8 7503 - Release 1.2pre15
0ce43ae4 7504
5260325f 750519991124
7506 - Merged very large OpenBSD source code reformat
7507 - OpenBSD CVS updates
7508 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
7509 [ssh.h sshd.8 sshd.c]
7510 syslog changes:
7511 * Unified Logmessage for all auth-types, for success and for failed
7512 * Standard connections get only ONE line in the LOG when level==LOG:
7513 Auth-attempts are logged only, if authentication is:
7514 a) successfull or
7515 b) with passwd or
7516 c) we had more than AUTH_FAIL_LOG failues
7517 * many log() became verbose()
7518 * old behaviour with level=VERBOSE
7519 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
7520 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
7521 messages. allows use of s/key in windows (ttssh, securecrt) and
7522 ssh-1.2.27 clients without 'ssh -v', ok: niels@
7523 - [sshd.8]
7524 -V, for fallback to openssh in SSH2 compatibility mode
7525 - [sshd.c]
7526 fix sigchld race; cjc5@po.cwru.edu
7527
4655fe80 752819991123
7529 - Added SuSE package files from Chris Saia <csaia@wtower.com>
8b241e50 7530 - Restructured package-related files under packages/*
4655fe80 7531 - Added generic PAM config
8b241e50 7532 - Numerous little Solaris fixes
9c08d6ce 7533 - Add recommendation to use GNU make to INSTALL document
4655fe80 7534
60bed5fd 753519991122
7536 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
2f2cc3f9 7537 - OpenBSD CVS Changes
bcbf86ec 7538 - [ssh-keygen.c]
7539 don't create ~/.ssh only if the user wants to store the private
7540 key there. show fingerprint instead of public-key after
2f2cc3f9 7541 keygeneration. ok niels@
b09a984b 7542 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
96ad4350 7543 - Added timersub() macro
b09a984b 7544 - Tidy RCSIDs of bsd-*.c
bcbf86ec 7545 - Added autoconf test and macro to deal with old PAM libraries
96ad4350 7546 pam_strerror definition (one arg vs two).
530f1889 7547 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
bcbf86ec 7548 - Retry /dev/urandom reads interrupted by signal (report from
530f1889 7549 Robert Hardy <rhardy@webcon.net>)
1647c2b5 7550 - Added a setenv replacement for systems which lack it
d84a9a44 7551 - Only display public key comment when presenting ssh-askpass dialog
7552 - Released 1.2pre14
60bed5fd 7553
bcbf86ec 7554 - Configure, Make and changelog corrections from Tudor Bosman
2ddcfdf3 7555 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
7556
9d6b7add 755719991121
2f2cc3f9 7558 - OpenBSD CVS Changes:
60bed5fd 7559 - [channels.c]
7560 make this compile, bad markus
7561 - [log.c readconf.c servconf.c ssh.h]
7562 bugfix: loglevels are per host in clientconfig,
7563 factor out common log-level parsing code.
7564 - [servconf.c]
7565 remove unused index (-Wall)
7566 - [ssh-agent.c]
7567 only one 'extern char *__progname'
7568 - [sshd.8]
7569 document SIGHUP, -Q to synopsis
7570 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
7571 [channels.c clientloop.c]
7572 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
7573 [hope this time my ISP stays alive during commit]
7574 - [OVERVIEW README] typos; green@freebsd
7575 - [ssh-keygen.c]
7576 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
7577 exit if writing the key fails (no infinit loop)
7578 print usage() everytime we get bad options
7579 - [ssh-keygen.c] overflow, djm@mindrot.org
7580 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
61e96248 7581
2b942fe0 758219991120
bcbf86ec 7583 - Merged more Solaris support from Marc G. Fournier
2b942fe0 7584 <marc.fournier@acadiau.ca>
7585 - Wrote autoconf tests for integer bit-types
7586 - Fixed enabling kerberos support
bcbf86ec 7587 - Fix segfault in ssh-keygen caused by buffer overrun in filename
13c36c4c 7588 handling.
2b942fe0 7589
06479889 759019991119
7591 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
2ad77510 7592 - Merged OpenBSD CVS changes
7593 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
7594 more %d vs. %s in fmt-strings
7595 - [authfd.c]
7596 Integers should not be printed with %s
7b1cc56c 7597 - EGD uses a socket, not a named pipe. Duh.
7598 - Fix includes in fingerprint.c
29dbde15 7599 - Fix scp progress bar bug again.
bcbf86ec 7600 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
736890c4 7601 David Rankin <drankin@bohemians.lexington.ky.us>
91b8065d 7602 - Added autoconf option to enable Kerberos 4 support (untested)
7603 - Added autoconf option to enable AFS support (untested)
7604 - Added autoconf option to enable S/Key support (untested)
7605 - Added autoconf option to enable TCP wrappers support (compiles OK)
beb43d31 7606 - Renamed BSD helper function files to bsd-*
bcbf86ec 7607 - Added tests for login and daemon and enable OpenBSD replacements for
caf3bc51 7608 when they are absent.
7609 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
06479889 7610
2bd61362 761119991118
7612 - Merged OpenBSD CVS changes
7613 - [scp.c] foregroundproc() in scp
7614 - [sshconnect.h] include fingerprint.h
bcbf86ec 7615 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
2bd61362 7616 changes.
0c16a097 7617 - [ssh.1] Spell my name right.
2bd61362 7618 - Added openssh.com info to README
7619
f095fcc7 762019991117
7621 - Merged OpenBSD CVS changes
7622 - [ChangeLog.Ylonen] noone needs this anymore
7623 - [authfd.c] close-on-exec for auth-socket, ok deraadt
bcbf86ec 7624 - [hostfile.c]
7625 in known_hosts key lookup the entry for the bits does not need
7626 to match, all the information is contained in n and e. This
7627 solves the problem with buggy servers announcing the wrong
f095fcc7 7628 modulus length. markus and me.
bcbf86ec 7629 - [serverloop.c]
7630 bugfix: check for space if child has terminated, from:
f095fcc7 7631 iedowse@maths.tcd.ie
7632 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
7633 [fingerprint.c fingerprint.h]
7634 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
7635 - [ssh-agent.1] typo
7636 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
bcbf86ec 7637 - [sshd.c]
f095fcc7 7638 force logging to stderr while loading private key file
7639 (lost while converting to new log-levels)
7640
4d195447 764119991116
7642 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
7643 - Merged OpenBSD CVS changes:
7644 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
7645 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
7646 the keysize of rsa-parameter 'n' is passed implizit,
7647 a few more checks and warnings about 'pretended' keysizes.
7648 - [cipher.c cipher.h packet.c packet.h sshd.c]
7649 remove support for cipher RC4
7650 - [ssh.c]
7651 a note for legay systems about secuity issues with permanently_set_uid(),
7652 the private hostkey and ptrace()
7653 - [sshconnect.c]
7654 more detailed messages about adding and checking hostkeys
7655
dad9a31e 765619991115
7657 - Merged OpenBSD CVS changes:
bcbf86ec 7658 - [ssh-add.c] change passphrase loop logic and remove ref to
dad9a31e 7659 $DISPLAY, ok niels
7660 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
bcbf86ec 7661 modular.
dad9a31e 7662 - Revised autoconf support for enabling/disabling askpass support.
e7c0f9d5 7663 - Merged more OpenBSD CVS changes:
704b1659 7664 [auth-krb4.c]
7665 - disconnect if getpeername() fails
7666 - missing xfree(*client)
7667 [canohost.c]
7668 - disconnect if getpeername() fails
7669 - fix comment: we _do_ disconnect if ip-options are set
7670 [sshd.c]
7671 - disconnect if getpeername() fails
7672 - move checking of remote port to central place
7673 [auth-rhosts.c] move checking of remote port to central place
7674 [log-server.c] avoid extra fd per sshd, from millert@
7675 [readconf.c] print _all_ bad config-options in ssh(1), too
7676 [readconf.h] print _all_ bad config-options in ssh(1), too
7677 [ssh.c] print _all_ bad config-options in ssh(1), too
7678 [sshconnect.c] disconnect if getpeername() fails
e7c0f9d5 7679 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
c75a1a66 7680 - Various small cleanups to bring diff (against OpenBSD) size down.
f601d847 7681 - Merged more Solaris compability from Marc G. Fournier
7682 <marc.fournier@acadiau.ca>
7683 - Wrote autoconf tests for __progname symbol
986a22ec 7684 - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
0c372277 7685 - Released 1.2pre12
7686
7687 - Another OpenBSD CVS update:
7688 - [ssh-keygen.1] fix .Xr
dad9a31e 7689
92da7197 769019991114
7691 - Solaris compilation fixes (still imcomplete)
7692
94f7bb9e 769319991113
dd092f97 7694 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
7695 - Don't install config files if they already exist
7696 - Fix inclusion of additional preprocessor directives from acconfig.h
94f7bb9e 7697 - Removed redundant inclusions of config.h
e9c75a39 7698 - Added 'Obsoletes' lines to RPM spec file
94f7bb9e 7699 - Merged OpenBSD CVS changes:
7700 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
bcbf86ec 7701 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
94f7bb9e 7702 totalsize, ok niels,aaron
bcbf86ec 7703 - Delay fork (-f option) in ssh until after port forwarded connections
94f7bb9e 7704 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
b2344d54 7705 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
7706 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
dd092f97 7707 - Tidied default config file some more
7708 - Revised Redhat initscript to fix bug: sshd (re)start would fail
7709 if executed from inside a ssh login.
94f7bb9e 7710
e35c1dc2 771119991112
7712 - Merged changes from OpenBSD CVS
7713 - [sshd.c] session_key_int may be zero
b4748e2f 7714 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
bcbf86ec 7715 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
b4748e2f 7716 deraadt,millert
7717 - Brought default sshd_config more in line with OpenBSD's
547c9f30 7718 - Grab server in gnome-ssh-askpass (Debian bug #49872)
7719 - Released 1.2pre10
e35c1dc2 7720
8bc7973f 7721 - Added INSTALL documentation
6fa724bc 7722 - Merged yet more changes from OpenBSD CVS
7723 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
7724 [ssh.c ssh.h sshconnect.c sshd.c]
7725 make all access to options via 'extern Options options'
7726 and 'extern ServerOptions options' respectively;
7727 options are no longer passed as arguments:
7728 * make options handling more consistent
7729 * remove #include "readconf.h" from ssh.h
7730 * readconf.h is only included if necessary
7731 - [mpaux.c] clear temp buffer
7732 - [servconf.c] print _all_ bad options found in configfile
045672f9 7733 - Make ssh-askpass support optional through autoconf
59b0f0d4 7734 - Fix nasty division-by-zero error in scp.c
7735 - Released 1.2pre11
8bc7973f 7736
4cca272e 773719991111
7738 - Added (untested) Entropy Gathering Daemon (EGD) support
67d68e3a 7739 - Fixed /dev/urandom fd leak (Debian bug #49722)
5bbb5681 7740 - Merged OpenBSD CVS changes:
7741 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
7742 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
7743 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
bcbf86ec 7744 - Fix integer overflow which was messing up scp's progress bar for large
3f1d9bcd 7745 file transfers. Fix submitted to OpenBSD developers. Report and fix
7746 from Kees Cook <cook@cpoint.net>
6a17f9c2 7747 - Merged more OpenBSD CVS changes:
bcbf86ec 7748 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
6a17f9c2 7749 + krb-cleanup cleanup
7750 - [clientloop.c log-client.c log-server.c ]
7751 [readconf.c readconf.h servconf.c servconf.h ]
7752 [ssh.1 ssh.c ssh.h sshd.8]
7753 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
7754 obsoletes QuietMode and FascistLogging in sshd.
e35c1dc2 7755 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
7756 allow session_key_int != sizeof(session_key)
7757 [this should fix the pre-assert-removal-core-files]
7758 - Updated default config file to use new LogLevel option and to improve
7759 readability
7760
f370266e 776119991110
67d68e3a 7762 - Merged several minor fixes:
f370266e 7763 - ssh-agent commandline parsing
7764 - RPM spec file now installs ssh setuid root
7765 - Makefile creates libdir
4cca272e 7766 - Merged beginnings of Solaris compability from Marc G. Fournier
7767 <marc.fournier@acadiau.ca>
f370266e 7768
d4f11b59 776919991109
7770 - Autodetection of SSL/Crypto library location via autoconf
7771 - Fixed location of ssh-askpass to follow autoconf
7772 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
7773 - Autodetection of RSAref library for US users
7774 - Minor doc updates
560557bb 7775 - Merged OpenBSD CVS changes:
7776 - [rsa.c] bugfix: use correct size for memset()
7777 - [sshconnect.c] warn if announced size of modulus 'n' != real size
f025becb 7778 - Added GNOME passphrase requestor (use --with-gnome-askpass)
d397b172 7779 - RPM build now creates subpackages
aa51e7cc 7780 - Released 1.2pre9
d4f11b59 7781
e1a9c08d 778219991108
7783 - Removed debian/ directory. This is now being maintained separately.
7784 - Added symlinks for slogin in RPM spec file
7785 - Fixed permissions on manpages in RPM spec file
7786 - Added references to required libraries in README file
7787 - Removed config.h.in from CVS
7788 - Removed pwdb support (better pluggable auth is provided by glibc)
7789 - Made PAM and requisite libdl optional
7790 - Removed lots of unnecessary checks from autoconf
7791 - Added support and autoconf test for openpty() function (Unix98 pty support)
7792 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
7793 - Added TODO file
7794 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
7795 - Added ssh-askpass program
7796 - Added ssh-askpass support to ssh-add.c
7797 - Create symlinks for slogin on install
7798 - Fix "distclean" target in makefile
7799 - Added example for ssh-agent to manpage
7800 - Added support for PAM_TEXT_INFO messages
7801 - Disable internal /etc/nologin support if PAM enabled
7802 - Merged latest OpenBSD CVS changes:
5bae4ab8 7803 - [all] replace assert() with error, fatal or packet_disconnect
e1a9c08d 7804 - [sshd.c] don't send fail-msg but disconnect if too many authentication
7805 failures
e1a9c08d 7806 - [sshd.c] remove unused argument. ok dugsong
7807 - [sshd.c] typo
7808 - [rsa.c] clear buffers used for encryption. ok: niels
7809 - [rsa.c] replace assert() with error, fatal or packet_disconnect
ade6fccd 7810 - [auth-krb4.c] remove unused argument. ok dugsong
e1a9c08d 7811 - Fixed coredump after merge of OpenBSD rsa.c patch
9010d60a 7812 - Released 1.2pre8
e1a9c08d 7813
3028328e 781419991102
7815 - Merged change from OpenBSD CVS
7816 - One-line cleanup in sshd.c
7817
474832c5 781819991030
7819 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
69256d9d 7820 - Merged latest updates for OpenBSD CVS:
7821 - channels.[ch] - remove broken x11 fix and document istate/ostate
7822 - ssh-agent.c - call setsid() regardless of argv[]
7823 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
7824 - Documentation cleanups
7825 - Renamed README -> README.Ylonen
7826 - Renamed README.openssh ->README
474832c5 7827
339660f6 782819991029
7829 - Renamed openssh* back to ssh* at request of Theo de Raadt
7830 - Incorporated latest changes from OpenBSD's CVS
7831 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
7832 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
549b3eed 7833 - Make distclean now removed configure script
7834 - Improved PAM logging
7835 - Added some debug() calls for PAM
4ecd19ea 7836 - Removed redundant subdirectories
bcbf86ec 7837 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
4ecd19ea 7838 building on Debian.
242588e6 7839 - Fixed off-by-one error in PAM env patch
7840 - Released 1.2pre6
339660f6 7841
5881cd60 784219991028
7843 - Further PAM enhancements.
7844 - Much cleaner
7845 - Now uses account and session modules for all logins.
7846 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
7847 - Build fixes
7848 - Autoconf
7849 - Change binary names to open*
7850 - Fixed autoconf script to detect PAM on RH6.1
7851 - Added tests for libpwdb, and OpenBSD functions to autoconf
221395b3 7852 - Released 1.2pre4
fca82d2e 7853
7854 - Imported latest OpenBSD CVS code
7855 - Updated README.openssh
93f04616 7856 - Released 1.2pre5
fca82d2e 7857
5881cd60 785819991027
7859 - Adapted PAM patch.
7860 - Released 1.0pre2
7861
7862 - Excised my buggy replacements for strlcpy and mkdtemp
7863 - Imported correct OpenBSD strlcpy and mkdtemp routines.
7864 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
7865 - Picked up correct version number from OpenBSD
7866 - Added sshd.pam PAM configuration file
7867 - Added sshd.init Redhat init script
7868 - Added openssh.spec RPM spec file
7869 - Released 1.2pre3
7870
787119991026
7872 - Fixed include paths of OpenSSL functions
7873 - Use OpenSSL MD5 routines
7874 - Imported RC4 code from nanocrypt
7875 - Wrote replacements for OpenBSD arc4random* functions
7876 - Wrote replacements for strlcpy and mkdtemp
7877 - Released 1.0pre1
0b202697 7878
7879$Id$
git-cvsimport mirror of OpenSSH
This page took 1.80968 seconds and 5 git commands to generate.