]>
Commit | Line | Data |
---|---|---|
b3c338b7 | 1 | 20061023 |
2 | - (djm) OpenBSD CVS Sync | |
3 | - ray@cvs.openbsd.org 2006/09/30 17:48:22 | |
4 | [sftp.c] | |
5 | Clear errno before calling the strtol functions. | |
6 | From Paul Stoeber <x0001 at x dot de1 dot cc>. | |
7 | OK deraadt@. | |
fceb95fa | 8 | - djm@cvs.openbsd.org 2006/10/06 02:29:19 |
9 | [ssh-agent.c ssh-keyscan.c ssh.c] | |
10 | sys/resource.h needs sys/time.h; prompted by brad@ | |
11 | (NB. Id sync only for portable) | |
db6fcd65 | 12 | - djm@cvs.openbsd.org 2006/10/09 23:36:11 |
13 | [session.c] | |
14 | xmalloc -> xcalloc that was missed previously, from portable | |
15 | (NB. Id sync only for portable, obviously) | |
77903f77 | 16 | - markus@cvs.openbsd.org 2006/10/10 10:12:45 |
17 | [sshconnect.c] | |
18 | sleep before retrying (not after) since sleep changes errno; fixes | |
19 | pr 5250; rad@twig.com; ok dtucker djm | |
bd3b2cb2 | 20 | - markus@cvs.openbsd.org 2006/10/11 12:38:03 |
21 | [clientloop.c serverloop.c] | |
22 | exit instead of doing a blocking tcp send if we detect a client/server | |
23 | timeout, since the tcp sendqueue might be already full (of alive | |
24 | requests); ok dtucker, report mpf | |
cdfbded8 | 25 | - djm@cvs.openbsd.org 2006/10/22 02:25:50 |
26 | [sftp-client.c] | |
27 | cancel progress meter when upload write fails; ok deraadt@ | |
b3c338b7 | 28 | |
525251b0 | 29 | 20061018 |
30 | - (dtucker) OpenBSD CVS Sync | |
31 | - ray@cvs.openbsd.org 2006/09/25 04:55:38 | |
32 | [ssh-keyscan.1 ssh.1] | |
33 | Change "a SSH" to "an SSH". Hurray, I'm not the only one who | |
34 | pronounces "SSH" as "ess-ess-aich". | |
35 | OK jmc@ and stevesk@. | |
d1f7ec98 | 36 | - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings |
37 | on older versions of OS X. ok djm@ | |
525251b0 | 38 | |
8153fef1 | 39 | 20061016 |
40 | - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros | |
41 | on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. | |
42 | ||
1f231631 | 43 | 20061006 |
44 | - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. | |
45 | Differentiate between OpenServer 5 and OpenServer 6 | |
5ba277eb | 46 | - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for |
47 | SELinux functions so they're detected correctly. Patch from pebenito at | |
48 | gentoo.org. | |
b18359f6 | 49 | - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer). |
50 | Allow setting alternate awk in openssh-config.local. | |
1f231631 | 51 | |
aa56f760 | 52 | 20061003 |
53 | - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific | |
54 | section so additional platform specific CHECK_HEADER tests will work | |
55 | correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no | |
56 | Feedback and "seems like a good idea" dtucker@ | |
57 | ||
00dea73e | 58 | 20061001 |
59 | - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. | |
60 | ||
24b2647b | 61 | 20060929 |
62 | - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine | |
63 | support. Patch from andrew.benham at thus net. | |
64 | ||
243a64f1 | 65 | 20060928 |
66 | - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error | |
67 | on Solaris 8 w/out /dev/random or prngd. Patch from rl at | |
68 | math.technion.ac.il. | |
69 | ||
f0a2e834 | 70 | 20060926 |
71 | - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not | |
72 | referenced any more. ok djm@ | |
5ed1a353 | 73 | - (dtucker) [sftp-server.8] Resync; spotted by djm@ |
0eb97cdf | 74 | - (dtucker) Release 4.4p1. |
f0a2e834 | 75 | |
d6336595 | 76 | 20060924 |
77 | - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added | |
78 | to rev 1.308) to work around broken gcc 2.x header file. | |
79 | ||
530456f4 | 80 | 20060923 |
81 | - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than | |
82 | $LDFLAGS. Patch from vapier at gentoo org. | |
83 | ||
c5bca5d4 | 84 | 20060922 |
85 | - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on | |
86 | some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. | |
87 | ||
d3fc2aa3 | 88 | 20060921 |
89 | - (dtucker) OpenBSD CVS Sync | |
90 | - otto@cvs.openbsd.org 2006/09/19 05:52:23 | |
91 | [sftp.c] | |
92 | Use S_IS* macros insted of masking with S_IF* flags. The latter may | |
93 | have multiple bits set, which lead to surprising results. Spotted by | |
94 | Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ | |
a29c9898 | 95 | - markus@cvs.openbsd.org 2006/09/19 21:14:08 |
96 | [packet.c] | |
97 | client NULL deref on protocol error; Tavis Ormandy, Google Security Team | |
ffbfca72 | 98 | - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes |
99 | build error on Ultrix. From Bernhard Simon. | |
d3fc2aa3 | 100 | |
25a2779b | 101 | 20060918 |
102 | - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow | |
103 | macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. | |
104 | Allows build out of the box with older VAC and XLC compilers. Found by | |
105 | David Bronder and Bernhard Simon. | |
d9ed544b | 106 | - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes. |
107 | Prevents macro redefinition warnings of "RDONLY". | |
25a2779b | 108 | |
f0d0e025 | 109 | 20060916 |
110 | - OpenBSD CVS Sync | |
111 | - djm@cvs.openbsd.org 2006/09/16 19:53:37 | |
112 | [deattack.c deattack.h packet.c] | |
113 | limit maximum work performed by the CRC compensation attack detector, | |
114 | problem reported by Tavis Ormandy, Google Security Team; | |
115 | ok markus@ deraadt@ | |
95954124 | 116 | - (djm) Add openssh.xml to .cvsignore and sort it |
3fd7b98a | 117 | - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth |
118 | process so that any logging it does is with the right timezone. From | |
119 | Scott Strickler, ok djm@. | |
bb09a477 | 120 | - (dtucker) [monitor.c] Correctly handle auditing of single commands when |
121 | using Protocol 1. From jhb at freebsd. | |
cd3e77c4 | 122 | - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ |
8e700494 | 123 | - (dtucker) [INSTALL] Add info about audit support. |
f0d0e025 | 124 | |
29eadd7c | 125 | 20060912 |
126 | - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] | |
127 | Support SMF in Solaris Packages if enabled by configure. Patch from | |
128 | Chad Mynhier, tested by dtucker@ | |
129 | ||
7238aaad | 130 | 20060911 |
131 | - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted | |
132 | by Pekka Savola. | |
133 | ||
d23046e2 | 134 | 20060910 |
135 | - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. | |
36f36ba3 | 136 | - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. |
d23046e2 | 137 | |
fa6edaf0 | 138 | 20060909 |
139 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. | |
d2f401fe | 140 | - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. |
16082eaa | 141 | - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ |
fa6edaf0 | 142 | |
368a00c2 | 143 | 20060908 |
144 | - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch | |
145 | from Chris Adams. | |
a01f637d | 146 | - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. |
368a00c2 | 147 | |
a078cbee | 148 | 20060907 |
149 | - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can | |
150 | be used to drop privilege to; fixes Solaris GSSAPI crash reported by | |
151 | Magnus Abrante; suggestion and feedback dtucker@ | |
152 | NB. this change will require that the privilege separation user must | |
153 | exist on all the time, not just when UsePrivilegeSeparation=yes | |
5cc6ddad | 154 | - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 |
4130b6f1 | 155 | - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. |
15367d95 | 156 | - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better |
157 | chance of winning. | |
a078cbee | 158 | |
9286ecf2 | 159 | 20060905 |
160 | - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. | |
e0f3adac | 161 | - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. |
9286ecf2 | 162 | |
62143a41 | 163 | 20060904 |
164 | - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native | |
165 | updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, | |
166 | ok djm@ | |
167 | ||
752994dd | 168 | 20060903 |
169 | - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for | |
170 | declaration of writev(2) and declare it ourselves if necessary. Makes | |
171 | the atomiciov() calls build on really old systems. ok djm@ | |
172 | ||
b823d0b9 | 173 | 20060902 |
174 | - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. | |
5e837c7b | 175 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c |
176 | openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c | |
177 | openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h> | |
178 | for hton* and ntoh* macros. Required on (at least) HP-UX since we define | |
179 | _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com. | |
b823d0b9 | 180 | |
24436b92 | 181 | 20060901 |
182 | - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] | |
183 | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] | |
184 | [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] | |
185 | [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] | |
186 | [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | |
187 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] | |
188 | [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] | |
189 | [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] | |
190 | [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] | |
aa751414 | 191 | [sshconnect1.c sshconnect2.c sshd.c] |
24436b92 | 192 | [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] |
193 | [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] | |
194 | [openbsd-compat/port-uw.c] | |
195 | Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; | |
196 | compile problems reported by rac AT tenzing.org | |
aa751414 | 197 | - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] |
198 | [openbsd-compat/rresvport.c] Some more headers: netinet/in.h | |
199 | sys/socket.h and unistd.h in various places | |
dd41ba6f | 200 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration |
201 | warnings for binary_open and binary_close. Patch from Corinna Vinschen. | |
78888bab | 202 | - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly |
203 | test for GLOB_NOMATCH and use our glob functions if it's not found. | |
204 | Stops sftp from segfaulting when attempting to get a nonexistent file on | |
205 | Cygwin (previous versions of OpenSSH didn't use the native glob). Partly | |
206 | from and tested by Corinna Vinschen. | |
cdc9d1fc | 207 | - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank |
208 | versions. | |
24436b92 | 209 | |
5b84789f | 210 | 20060831 |
211 | - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] | |
212 | [platform.c platform.h sshd.c openbsd-compat/Makefile.in] | |
213 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] | |
214 | [openbsd-compat/port-solaris.h] Add support for Solaris process | |
215 | contracts, enabled with --use-solaris-contracts. Patch from Chad | |
216 | Mynhier, tweaked by dtucker@ and myself; ok dtucker@ | |
77f7d474 | 217 | - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege |
218 | while setting up the ssh service account. Patch from Corinna Vinschen. | |
5b84789f | 219 | |
e9f2e744 | 220 | 20060830 |
221 | - (djm) OpenBSD CVS Sync | |
222 | - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 | |
223 | [sshd_config.5] | |
224 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, | |
225 | ok jmc@ djm@ | |
5f047fbc | 226 | - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 |
227 | [sshd.8] | |
228 | Add more detail about what permissions are and aren't accepted for | |
229 | authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ | |
0875ae22 | 230 | - djm@cvs.openbsd.org 2006/08/29 10:40:19 |
231 | [channels.c session.c] | |
232 | normalise some inconsistent (but harmless) NULL pointer checks | |
233 | spotted by the Stanford SATURN tool, via Isil Dillig; | |
234 | ok markus@ deraadt@ | |
b4f8e1cb | 235 | - dtucker@cvs.openbsd.org 2006/08/29 12:02:30 |
236 | [gss-genr.c] | |
237 | Work around a problem in Heimdal that occurs when KRB5CCNAME file is | |
238 | missing, by checking whether or not kerberos allocated us a context | |
239 | before attempting to free it. Patch from Simon Wilkinson, tested by | |
240 | biorn@, ok djm@ | |
3223b72f | 241 | - dtucker@cvs.openbsd.org 2006/08/30 00:06:51 |
242 | [sshconnect2.c] | |
243 | Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL | |
244 | where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ | |
76970201 | 245 | - djm@cvs.openbsd.org 2006/08/30 00:14:37 |
246 | [version.h] | |
247 | crank to 4.4 | |
9d68c41d | 248 | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h |
6545dd0b | 249 | - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call |
250 | loginsuccess on AIX immediately after authentication to clear the failed | |
251 | login count. Previously this would only happen when an interactive | |
252 | session starts (ie when a pty is allocated) but this means that accounts | |
253 | that have primarily non-interactive sessions (eg scp's) may gradually | |
254 | accumulate enough failures to lock out an account. This change may have | |
255 | a side effect of creating two audit records, one with a tty of "ssh" | |
256 | corresponding to the authentication and one with the allocated pty per | |
257 | interactive session. | |
e9f2e744 | 258 | |
48a7de26 | 259 | 20060824 |
260 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. | |
8151aaa5 | 261 | - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on |
262 | older systems. | |
ab26f490 | 263 | - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2) |
264 | on POSIX systems. | |
6beea87c | 265 | - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). |
e429fba8 | 266 | - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc. |
f07855f7 | 267 | - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent |
268 | unused variable warning when we have a broken or missing mmap(2). | |
48a7de26 | 269 | |
c1a1c295 | 270 | 20060822 |
271 | - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in | |
272 | Makefile. Patch from santhi.amirta at gmail, ok djm. | |
273 | ||
9895d518 | 274 | 20060820 |
275 | - (dtucker) [log.c] Move ifdef to prevent unused variable warning. | |
08fb8ce9 | 276 | - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore |
277 | afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. | |
a086f73b | 278 | - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for |
279 | fixing bug #1181. No changes yet. | |
282d6408 | 280 | - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL |
281 | (0.9.8a and presumably newer) requires -ldl to successfully link. | |
08164407 | 282 | - (dtucker) [configure.ac] Remove errant "-". |
9895d518 | 283 | |
94d458e8 | 284 | 20060819 |
285 | - (djm) OpenBSD CVS Sync | |
286 | - djm@cvs.openbsd.org 2006/08/18 22:41:29 | |
287 | [gss-genr.c] | |
288 | GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk | |
ea83a498 | 289 | - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a |
290 | single rule for the test progs. | |
94d458e8 | 291 | |
795e7517 | 292 | 20060818 |
293 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with | |
294 | closefrom.c from sudo. | |
5a1d6300 | 295 | - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. |
fed313fd | 296 | - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. |
d5498c58 | 297 | - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the |
298 | test progs instead; they work better than what we have. | |
78372b6e | 299 | - (djm) OpenBSD CVS Sync |
300 | - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 | |
301 | [compress.c monitor.c monitor_wrap.c] | |
302 | "zlib.h" can be <zlib.h>; ok djm@ markus@ | |
ba52fb56 | 303 | - miod@cvs.openbsd.org 2006/08/12 20:46:46 |
304 | [monitor.c monitor_wrap.c] | |
305 | Revert previous include file ordering change, for ssh to compile under | |
306 | gcc2 (or until openssl include files are cleaned of parameter names | |
307 | in function prototypes) | |
fa47fe3c | 308 | - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 |
309 | [servconf.c servconf.h sshd_config.5] | |
310 | Add ability to match groups to Match keyword in sshd_config. Feedback | |
311 | djm@, stevesk@, ok stevesk@. | |
e07335e2 | 312 | - djm@cvs.openbsd.org 2006/08/16 11:47:15 |
313 | [sshd.c] | |
314 | factor inetd connection, TCP listen and main TCP accept loop out of | |
315 | main() into separate functions to improve readability; ok markus@ | |
28463427 | 316 | - deraadt@cvs.openbsd.org 2006/08/18 09:13:26 |
317 | [log.c log.h sshd.c] | |
318 | make signal handler termination path shorter; risky code pointed out by | |
319 | mark dowd; ok djm markus | |
184cb418 | 320 | - markus@cvs.openbsd.org 2006/08/18 09:15:20 |
321 | [auth.h session.c sshd.c] | |
322 | delay authentication related cleanups until we're authenticated and | |
323 | all alarms have been cancelled; ok deraadt | |
b2af4ca8 | 324 | - djm@cvs.openbsd.org 2006/08/18 10:27:16 |
325 | [misc.h] | |
326 | reorder so prototypes are sorted by the files they refer to; no | |
327 | binary change | |
592de384 | 328 | - djm@cvs.openbsd.org 2006/08/18 13:54:54 |
329 | [gss-genr.c ssh-gss.h sshconnect2.c] | |
330 | bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk | |
331 | ok markus@ | |
abb47f1e | 332 | - djm@cvs.openbsd.org 2006/08/18 14:40:34 |
333 | [gss-genr.c ssh-gss.h] | |
334 | constify host argument to match the rest of the GSSAPI functions and | |
335 | unbreak compilation with -Werror | |
c79c4814 | 336 | - (djm) Disable sigdie() for platforms that cannot safely syslog inside |
337 | a signal handler (basically all of them, excepting OpenBSD); | |
338 | ok dtucker@ | |
795e7517 | 339 | |
f8688ddd | 340 | 20060817 |
341 | - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] | |
342 | Include stdlib.h for malloc and friends. | |
53c337ed | 343 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl |
344 | for closefrom() on AIX. Pointed out by William Ahern. | |
98cc66aa | 345 | - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress |
346 | test for closefrom() in compat code. | |
f8688ddd | 347 | |
5388904a | 348 | 20060816 |
349 | - (djm) [audit-bsm.c] Sprinkle in some headers | |
350 | ||
4a86d8eb | 351 | 20060815 |
352 | - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. | |
353 | ||
3a5b6088 | 354 | 20060806 |
355 | - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings | |
356 | on Solaris 10 | |
357 | ||
358 | 20060806 | |
149abacb | 359 | - (dtucker) [defines.h] With the includes.h changes we no longer get the |
360 | name clash on "YES" so we can remove the workaround for it. | |
442a6515 | 361 | - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, |
362 | glob.c}] Include stdlib.h for malloc and friends in compat code. | |
149abacb | 363 | |
fee76795 | 364 | 20060805 |
365 | - (djm) OpenBSD CVS Sync | |
366 | - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 | |
367 | [sshconnect.c] | |
368 | disable tunnel forwarding when no strict host key checking | |
369 | and key changed; ok djm@ markus@ dtucker@ | |
912da635 | 370 | - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 |
371 | [scard.c] | |
372 | need #include <string.h> | |
e264ac72 | 373 | - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 |
374 | [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] | |
375 | [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] | |
376 | move #include <sys/time.h> out of includes.h | |
536c14e8 | 377 | - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 |
378 | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] | |
379 | [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] | |
380 | [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] | |
381 | [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] | |
382 | [uidswap.c xmalloc.c] | |
383 | move #include <sys/param.h> out of includes.h | |
ffa517a8 | 384 | - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 |
385 | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] | |
386 | [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] | |
387 | [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | |
388 | [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] | |
389 | [sshconnect1.c sshd.c xmalloc.c] | |
390 | move #include <stdlib.h> out of includes.h | |
f0817fbb | 391 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 |
392 | [ssh_config.5] | |
393 | avoid confusing wording in HashKnownHosts: | |
394 | originally spotted by alan amesbury; | |
395 | ok deraadt | |
38b37661 | 396 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 |
397 | [ssh_config.5] | |
398 | avoid confusing wording in HashKnownHosts: | |
399 | originally spotted by alan amesbury; | |
400 | ok deraadt | |
331c3884 | 401 | - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 |
402 | [sshconnect.c] | |
403 | Allow fallback to known_hosts entries without port qualifiers for | |
404 | non-standard ports too, so that all existing known_hosts entries will be | |
405 | recognised. Requested by, feedback and ok markus@ | |
cf851879 | 406 | - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 |
407 | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] | |
408 | [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] | |
409 | [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] | |
410 | [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] | |
411 | [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] | |
412 | [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] | |
413 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] | |
414 | [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] | |
415 | [uuencode.h xmalloc.c] | |
416 | move #include <stdio.h> out of includes.h | |
d4f40d92 | 417 | - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 |
418 | [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] | |
419 | clean extra spaces | |
31652869 | 420 | - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 |
421 | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] | |
422 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] | |
423 | [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] | |
424 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] | |
425 | [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] | |
426 | [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] | |
427 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | |
428 | [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] | |
429 | [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | |
430 | [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] | |
431 | [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] | |
432 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] | |
433 | [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] | |
434 | [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] | |
435 | [serverloop.c session.c session.h sftp-client.c sftp-common.c] | |
436 | [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | |
437 | [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] | |
438 | [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] | |
439 | [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] | |
440 | [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] | |
441 | [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] | |
442 | almost entirely get rid of the culture of ".h files that include .h files" | |
443 | ok djm, sort of ok stevesk | |
444 | makes the pain stop in one easy step | |
445 | NB. portable commit contains everything *except* removing includes.h, as | |
446 | that will take a fair bit more work as we move headers that are required | |
447 | for portability workarounds to defines.h. (also, this step wasn't "easy") | |
c56969f9 | 448 | - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 |
449 | [monitor.c session.c ssh-agent.c] | |
450 | spaces | |
8bdc7aa0 | 451 | - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c |
693a35d3 | 452 | - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] |
453 | remove last traces of bufaux.h - it was merged into buffer.h in the big | |
454 | includes.h commit | |
8ad2db2a | 455 | - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec |
8d3106fd | 456 | - (djm) [openbsd-compat/regress/snprintftest.c] |
457 | [openbsd-compat/regress/strduptest.c] Add missing includes so they pass | |
458 | compilation with "-Wall -Werror" | |
00a017bd | 459 | - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] |
460 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more | |
461 | includes for Linux in | |
ccc09f5c | 462 | - (dtucker) [cleanup.c] Need defines.h for __dead. |
9ae6b834 | 463 | - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. |
f2265d5d | 464 | - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of |
465 | #include stdarg.h, needed for log.h. | |
5be9f803 | 466 | - (dtucker) [entropy.c] Needs unistd.h too. |
35d1c2de | 467 | - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. |
76e03684 | 468 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. |
5946a69f | 469 | - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, |
470 | otherwise it is implicitly declared as returning an int. | |
428f6258 | 471 | - (dtucker) OpenBSD CVS Sync |
472 | - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 | |
473 | [auth2-none.c sshd.c monitor_wrap.c] | |
474 | Add headers required to build with KERBEROS5=no. ok djm@ | |
453cb7e7 | 475 | - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 |
476 | [auth-skey.c] | |
477 | Add headers required to build with -DSKEY. ok djm@ | |
cecc422f | 478 | - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 |
479 | [monitor_wrap.c auth-skey.c auth2-chall.c] | |
480 | Zap unused variables in -DSKEY code. ok djm@ | |
0e13ec0f | 481 | - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 |
482 | [packet.c] | |
483 | Typo in comment | |
97ea266c | 484 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile |
485 | on Cygwin. | |
e3220bb2 | 486 | - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. |
f3296bc4 | 487 | - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. |
0e23dc86 | 488 | - (dtucker) [audit.c audit.h] Repair headers. |
6f54ce27 | 489 | - (dtucker) [audit-bsm.c] Add additional headers now required. |
fee76795 | 490 | |
3e05aa50 | 491 | 20060804 |
492 | - (dtucker) [configure.ac] The "crippled AES" test does not work on recent | |
493 | versions of Solaris, so use AC_LINK_IFELSE to actually link the test program | |
494 | rather than just compiling it. Spotted by dlg@. | |
495 | ||
53d4ae20 | 496 | 20060802 |
497 | - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. | |
498 | ||
be350da6 | 499 | 20060725 |
500 | - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. | |
501 | ||
14e980ef | 502 | 20060724 |
503 | - (djm) OpenBSD CVS Sync | |
504 | - jmc@cvs.openbsd.org 2006/07/12 13:39:55 | |
505 | [sshd_config.5] | |
506 | - new sentence, new line | |
507 | - s/The the/The/ | |
508 | - kill a bad comma | |
c8dfff33 | 509 | - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 |
742bee8c | 510 | [auth-options.c canohost.c channels.c includes.h readconf.c] |
511 | [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] | |
c8dfff33 | 512 | move #include <netdb.h> out of includes.h; ok djm@ |
bcaab305 | 513 | - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 |
514 | [includes.h ssh.c ssh-rand-helper.c] | |
515 | move #include <stddef.h> out of includes.h | |
d2a69816 | 516 | - stevesk@cvs.openbsd.org 2006/07/14 01:15:28 |
517 | [monitor_wrap.h] | |
518 | don't need incompletely-typed 'struct passwd' now with | |
519 | #include <pwd.h>; ok markus@ | |
5188ba17 | 520 | - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 |
521 | [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] | |
522 | [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] | |
523 | [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] | |
524 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] | |
525 | [sshconnect.c sshlogin.c sshpty.c uidswap.c] | |
526 | move #include <unistd.h> out of includes.h | |
774de098 | 527 | - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 |
528 | [auth-options.c] | |
529 | Use '\0' rather than 0 to terminates strings; ok djm@ | |
2fefbadf | 530 | - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 |
531 | [channels.c channels.h servconf.c sshd_config.5] | |
532 | Add PermitOpen directive to sshd_config which is equivalent to the | |
533 | "permitopen" key option. Allows server admin to allow TCP port | |
534 | forwarding only two specific host/port pairs. Useful when combined | |
535 | with Match. | |
536 | If permitopen is used in both sshd_config and a key option, both | |
537 | must allow a given connection before it will be permitted. | |
538 | Note that users can still use external forwarders such as netcat, | |
539 | so to be those must be controlled too for the limits to be effective. | |
540 | Feedback & ok djm@, man page corrections & ok jmc@. | |
f22506ff | 541 | - jmc@cvs.openbsd.org 2006/07/18 07:50:40 |
542 | [sshd_config.5] | |
543 | tweak; ok dtucker | |
578d2b99 | 544 | - jmc@cvs.openbsd.org 2006/07/18 07:56:28 |
545 | [scp.1] | |
546 | replace DIAGNOSTICS with .Ex; | |
874d319b | 547 | - jmc@cvs.openbsd.org 2006/07/18 08:03:09 |
548 | [ssh-agent.1 sshd_config.5] | |
549 | mark up angle brackets; | |
4895f836 | 550 | - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 |
551 | [sshd_config.5] | |
552 | Clarify description of Match, with minor correction from jmc@ | |
62e12ffe | 553 | - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 |
554 | [dh.c] | |
555 | remove unneeded includes; ok djm@ | |
691712e0 | 556 | - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 |
557 | [servconf.c sshd_config.5] | |
558 | Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to | |
559 | Match. ok djm@ | |
e7259e8d | 560 | - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 |
561 | [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] | |
562 | Add ForceCommand keyword to sshd_config, equivalent to the "command=" | |
563 | key option, man page entry and example in sshd_config. | |
564 | Feedback & ok djm@, man page corrections & ok jmc@ | |
67514848 | 565 | - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 |
566 | [auth1.c serverloop.c session.c sshconnect2.c] | |
567 | missed some needed #include <unistd.h> when KERBEROS5=no; issue from | |
568 | massimo@cedoc.mo.it | |
ea46e550 | 569 | - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 |
570 | [channels.c channels.h servconf.c servconf.h sshd_config.5] | |
571 | Make PermitOpen take a list of permitted ports and act more like most | |
572 | other keywords (ie the first match is the effective setting). This | |
573 | also makes it easier to override a previously set PermitOpen. ok djm@ | |
ebb90778 | 574 | - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 |
575 | [channels.c] | |
576 | more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ | |
c88c3fb9 | 577 | - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 |
578 | [progressmeter.c] | |
579 | ARGSUSED for signal handler | |
b0f6943a | 580 | - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 |
581 | [includes.h moduli.c progressmeter.c scp.c sftp-common.c] | |
582 | [sftp-server.c ssh-agent.c sshlogin.c] | |
583 | move #include <time.h> out of includes.h | |
00146caa | 584 | - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 |
585 | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] | |
586 | [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] | |
587 | [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] | |
588 | [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] | |
589 | [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] | |
590 | [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] | |
591 | [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] | |
592 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] | |
593 | [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] | |
594 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] | |
595 | [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | |
596 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] | |
597 | [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] | |
598 | move #include <string.h> out of includes.h | |
519fc2b7 | 599 | - stevesk@cvs.openbsd.org 2006/07/23 01:11:05 |
600 | [auth.h dispatch.c kex.h sftp-client.c] | |
601 | #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> | |
602 | move | |
28cb0a43 | 603 | - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] |
604 | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] | |
605 | [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] | |
606 | [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] | |
607 | [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] | |
608 | [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] | |
609 | [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] | |
610 | [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] | |
611 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | |
612 | [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] | |
613 | make the portable tree compile again - sprinkle unistd.h and string.h | |
614 | back in. Don't redefine __unused, as it turned out to be used in | |
615 | headers on Linux, and replace its use in auth-pam.c with ARGSUSED | |
ba1e6121 | 616 | - (djm) [openbsd-compat/glob.c] |
617 | Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles | |
618 | on OpenBSD (or other platforms with a decent glob implementation) with | |
619 | -Werror | |
25523747 | 620 | - (djm) [uuencode.c] |
621 | Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on | |
622 | some platforms | |
9b09381d | 623 | - (djm) [session.c] |
624 | fix compile error with -Werror -Wall: 'path' is only used in | |
625 | do_setup_env() if HAVE_LOGIN_CAP is not defined | |
e204f3ee | 626 | - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c] |
627 | [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c] | |
628 | [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c] | |
629 | [openbsd-compat/port-aix.c openbsd-compat/port-irix.c] | |
630 | [openbsd-compat/rresvport.c] | |
631 | These look to need string.h and/or unistd.h (based on a grep for function | |
632 | names) | |
f40c8634 | 633 | - (djm) [Makefile.in] |
634 | Remove generated openbsd-compat/regress/Makefile in distclean target | |
e7c5b206 | 635 | - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh] |
636 | [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] | |
637 | Sync regress tests to -current; include dtucker@'s new cfgmatch and | |
638 | forcecommand tests. Add cipher-speed.sh test (not linked in yet) | |
30872a12 | 639 | - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including |
640 | system headers before defines.h will cause conflicting definitions. | |
b64d983b | 641 | - (dtucker) [regress/forcecommand.sh] Portablize. |
e204f3ee | 642 | |
4352744e | 643 | 20060713 |
644 | - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h | |
645 | ||
956d6743 | 646 | 20060712 |
294d3ca5 | 647 | - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and |
648 | O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old | |
649 | Linuxes and probably more. | |
71f4c727 | 650 | - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h> |
651 | for SHUT_RD. | |
f9d5c000 | 652 | - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before |
653 | <netinet/ip.h>. | |
a773acf7 | 654 | - (dtucker) OpenBSD CVS Sync |
655 | - stevesk@cvs.openbsd.org 2006/07/10 16:01:57 | |
656 | [sftp-glob.c sftp-common.h sftp.c] | |
657 | buffer.h only needed in sftp-common.h and remove some unneeded | |
658 | user includes; ok djm@ | |
a0bca6ed | 659 | - jmc@cvs.openbsd.org 2006/07/10 16:04:21 |
660 | [sshd.8] | |
661 | s/and and/and/ | |
4c72fcfd | 662 | - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 |
663 | [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c | |
664 | auth.c packet.c log.c] | |
665 | move #include <stdarg.h> out of includes.h; ok markus@ | |
0ad62016 | 666 | - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 |
667 | [ssh.c] | |
668 | Only copy the part of environment variable that we actually use. Prevents | |
669 | ssh bailing when SendEnv is used and an environment variable with a really | |
670 | long value exists. ok djm@ | |
42ea6f5e | 671 | - markus@cvs.openbsd.org 2006/07/11 18:50:48 |
672 | [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c | |
673 | channels.h readconf.c] | |
674 | add ExitOnForwardFailure: terminate the connection if ssh(1) | |
675 | cannot set up all requested dynamic, local, and remote port | |
676 | forwardings. ok djm, dtucker, stevesk, jmc | |
028094f4 | 677 | - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 |
678 | [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c | |
679 | sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c | |
680 | includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c | |
681 | sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c | |
682 | ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] | |
683 | move #include <errno.h> out of includes.h; ok markus@ | |
00c8971b | 684 | - stevesk@cvs.openbsd.org 2006/07/11 20:16:43 |
685 | [ssh.c] | |
686 | cast asterisk field precision argument to int to remove warning; | |
687 | ok markus@ | |
dd984467 | 688 | - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 |
689 | [authfile.c ssh.c] | |
690 | need <errno.h> here also (it's also included in <openssl/err.h>) | |
d231781a | 691 | - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 |
692 | [sshd.c servconf.h servconf.c sshd_config.5 auth.c] | |
693 | Add support for conditional directives to sshd_config via a "Match" | |
694 | keyword, which works similarly to the "Host" directive in ssh_config. | |
695 | Lines after a Match line override the default set in the main section | |
696 | if the condition on the Match line is true, eg | |
697 | AllowTcpForwarding yes | |
698 | Match User anoncvs | |
699 | AllowTcpForwarding no | |
700 | will allow port forwarding by all users except "anoncvs". | |
701 | Currently only a very small subset of directives are supported. | |
702 | ok djm@ | |
fec71b2f | 703 | - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c |
704 | openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c | |
705 | openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>. | |
baede55a | 706 | - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. |
403a29ac | 707 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. |
5f8747dc | 708 | - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. |
4f4b7d4d | 709 | - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c |
710 | openbsd-compat/rresvport.c] More errno.h. | |
711 | ||
37259a8e | 712 | 20060711 |
713 | - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c | |
714 | openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally | |
715 | include paths.h. Fixes build error on Solaris. | |
2edd133e | 716 | - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably |
717 | others). | |
37259a8e | 718 | |
44064ac4 | 719 | 20060710 |
720 | - (dtucker) [INSTALL] New autoconf version: 2.60. | |
e5c76324 | 721 | - OpenBSD CVS Sync |
722 | - djm@cvs.openbsd.org 2006/06/14 10:50:42 | |
723 | [sshconnect.c] | |
724 | limit the number of pre-banner characters we will accept; ok markus@ | |
9f1090be | 725 | - djm@cvs.openbsd.org 2006/06/26 10:36:15 |
726 | [clientloop.c] | |
727 | mention optional bind_address in runtime port forwarding setup | |
728 | command-line help. patch from santhi.amirta AT gmail.com | |
06fa4ac1 | 729 | - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 |
730 | [ssh.1 ssh.c ssh_config.5 sshd_config.5] | |
731 | more details and clarity for tun(4) device forwarding; ok and help | |
732 | jmc@ | |
6955279c | 733 | - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 |
734 | [gss-serv-krb5.c gss-serv.c] | |
735 | no "servconf.h" needed here | |
736 | (gss-serv-krb5.c change not applied, portable needs the server options) | |
16fbe330 | 737 | - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 |
738 | [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] | |
739 | move #include <grp.h> out of includes.h | |
740 | (portable needed uidswap.c too) | |
33f13fa5 | 741 | - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 |
742 | [clientloop.c ssh.1] | |
743 | use -KR[bind_address:]port here; ok djm@ | |
28015df4 | 744 | - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 |
745 | [includes.h ssh.c sshconnect.c sshd.c] | |
746 | move #include "version.h" out of includes.h; ok markus@ | |
319d6b41 | 747 | - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 |
748 | [channels.c includes.h] | |
749 | move #include <arpa/inet.h> out of includes.h; old ok djm@ | |
750 | (portable needed session.c too) | |
9794d008 | 751 | - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 |
752 | [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] | |
753 | [serverloop.c sshconnect.c uuencode.c] | |
754 | move #include <netinet/in.h> out of includes.h; ok deraadt@ | |
755 | (also ssh-rand-helper.c logintest.c loginrec.c) | |
d66ce1a1 | 756 | - djm@cvs.openbsd.org 2006/07/06 10:47:05 |
757 | [servconf.c servconf.h session.c sshd_config.5] | |
758 | support arguments to Subsystem commands; ok markus@ | |
a13880bb | 759 | - djm@cvs.openbsd.org 2006/07/06 10:47:57 |
760 | [sftp-server.8 sftp-server.c] | |
761 | add commandline options to enable logging of transactions; ok markus@ | |
b1842393 | 762 | - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 |
763 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] | |
764 | [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] | |
765 | [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] | |
766 | [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] | |
767 | [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] | |
768 | [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] | |
769 | [uidswap.h] | |
770 | move #include <pwd.h> out of includes.h; ok markus@ | |
0cbe25f0 | 771 | - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 |
772 | [ssh-keygen.c] | |
773 | move #include "dns.h" up | |
76275092 | 774 | - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 |
775 | [monitor_wrap.h] | |
776 | typo in comment | |
5b04a8bf | 777 | - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 |
778 | [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] | |
779 | [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] | |
780 | [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] | |
781 | move #include <sys/socket.h> out of includes.h | |
9305512d | 782 | - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 |
783 | [monitor.c session.c] | |
784 | missed these from last commit: | |
785 | move #include <sys/socket.h> out of includes.h | |
ca1df159 | 786 | - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 |
787 | [log.c] | |
788 | move user includes after /usr/include files | |
d3221cca | 789 | - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 |
790 | [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] | |
791 | [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] | |
792 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | |
793 | [sshlogin.c sshpty.c] | |
794 | move #include <fcntl.h> out of includes.h | |
657939aa | 795 | - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 |
796 | [ssh-add.c] | |
797 | use O_RDONLY vs. 0 in open(); no binary change | |
43bc2dc9 | 798 | - djm@cvs.openbsd.org 2006/07/10 11:24:54 |
799 | [sftp-server.c] | |
800 | remove optind - it isn't used here | |
26ddd377 | 801 | - djm@cvs.openbsd.org 2006/07/10 11:25:53 |
802 | [sftp-server.c] | |
803 | don't log variables that aren't yet set | |
22bbb3e6 | 804 | - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c] |
805 | [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] | |
806 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | |
807 | [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h | |
1879b184 | 808 | - OpenBSD CVS Sync |
809 | - djm@cvs.openbsd.org 2006/07/10 12:03:20 | |
810 | [scp.c] | |
811 | duplicate argv at the start of main() because it gets modified later; | |
812 | pointed out by deraadt@ ok markus@ | |
a217e418 | 813 | - djm@cvs.openbsd.org 2006/07/10 12:08:08 |
814 | [channels.c] | |
815 | fix misparsing of SOCKS 5 packets that could result in a crash; | |
816 | reported by mk@ ok markus@ | |
d4530052 | 817 | - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 |
818 | [misc.c misc.h sshd.8 sshconnect.c] | |
819 | Add port identifier to known_hosts for non-default ports, based originally | |
820 | on a patch from Devin Nate in bz#910. | |
821 | For any connection using the default port or using a HostKeyAlias the | |
822 | format is unchanged, otherwise the host name or address is enclosed | |
823 | within square brackets in the same format as sshd's ListenAddress. | |
824 | Tested by many, ok markus@. | |
9b6edf98 | 825 | - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h> |
826 | for struct sockaddr on platforms that use the fake-rfc stuff. | |
44064ac4 | 827 | |
e7479666 | 828 | 20060706 |
829 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when | |
830 | compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so | |
831 | configure would not select the correct libpath linker flags. | |
90f321a4 | 832 | - (dtucker) [INSTALL] A bit more info on autoconf. |
e7479666 | 833 | |
e5c27607 | 834 | 20060705 |
835 | - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the | |
836 | target already exists. | |
837 | ||
202c6095 | 838 | 20060630 |
839 | - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf | |
840 | declaration too. Patch from russ at sludge.net. | |
0bbb4f75 | 841 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, |
842 | prevents warnings on platforms where _res is in the system headers. | |
10f1064f | 843 | - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which |
844 | version. | |
202c6095 | 845 | |
ecd9ec09 | 846 | 20060627 |
847 | - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems | |
848 | with autoconf 2.60. Patch from vapier at gentoo.org. | |
849 | ||
9c04d67d | 850 | 20060625 |
851 | - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys | |
852 | only, otherwise sshd can hang exiting non-interactive sessions. | |
853 | ||
795aa5f5 | 854 | 20060624 |
855 | - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. | |
856 | Works around limitation in Solaris' passwd program for changing passwords | |
857 | where the username is longer than 8 characters. ok djm@ | |
24a87055 | 858 | - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug |
859 | #1102 workaround. | |
795aa5f5 | 860 | |
e02505e2 | 861 | 20060623 |
862 | - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add | |
863 | tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch | |
864 | from reyk@, tested by anil@ | |
ea8c44d9 | 865 | - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX |
866 | 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes | |
867 | on the pty slave as zero-length reads on the pty master, which sshd | |
868 | interprets as the descriptor closing. Since most things don't do zero | |
869 | length writes this rarely matters, but occasionally it happens, and when | |
870 | it does the SSH pty session appears to hang, so we add a special case for | |
871 | this condition. ok djm@ | |
e02505e2 | 872 | |
6cba36fd | 873 | 20060613 |
ae410a09 | 874 | - (djm) [getput.h] This file has been replaced by functions in misc.c |
6cba36fd | 875 | - OpenBSD CVS Sync |
876 | - djm@cvs.openbsd.org 2006/05/08 10:49:48 | |
877 | [sshconnect2.c] | |
878 | uint32_t -> u_int32_t (which we use everywhere else) | |
879 | (Id sync only - portable already had this) | |
3173dd0d | 880 | - markus@cvs.openbsd.org 2006/05/16 09:00:00 |
881 | [clientloop.c] | |
882 | missing free; from Kylene Hall | |
2b8dc5e3 | 883 | - markus@cvs.openbsd.org 2006/05/17 12:43:34 |
884 | [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] | |
885 | fix leak; coverity via Kylene Jo Hall | |
18c60a0b | 886 | - miod@cvs.openbsd.org 2006/05/18 21:27:25 |
887 | [kexdhc.c kexgexc.c] | |
888 | paramter -> parameter | |
07a80cea | 889 | - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 |
890 | [ssh_config.5] | |
891 | Add gssapi-with-mic to PreferredAuthentications default list; ok jmc | |
aa195106 | 892 | - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 |
893 | [ssh_config] | |
f127d8a4 | 894 | Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in |
895 | sample ssh_config. ok markus@ | |
896 | - jmc@cvs.openbsd.org 2006/05/29 16:10:03 | |
897 | [ssh_config.5] | |
898 | oops - previous was too long; split the list of auths up | |
ed277f5e | 899 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 |
900 | [ssh-add.c] | |
901 | Sync usage() with man page and reality. | |
902 | ok deraadt dtucker | |
903 | - jmc@cvs.openbsd.org 2006/05/29 16:13:23 | |
904 | [ssh.1] | |
905 | add GSSAPI to the list of authentication methods supported; | |
f9579ee9 | 906 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 |
907 | [ssh-add.c] | |
908 | Sync usage() with man page and reality. | |
909 | ok deraadt dtucker | |
211f229e | 910 | - markus@cvs.openbsd.org 2006/06/01 09:21:48 |
911 | [sshd.c] | |
912 | call get_remote_ipaddr() early; fixes logging after client disconnects; | |
913 | report mpf@; ok dtucker@ | |
82aeee5d | 914 | - markus@cvs.openbsd.org 2006/06/06 10:20:20 |
915 | [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] | |
916 | replace remaining setuid() calls with permanently_set_uid() and | |
917 | check seteuid() return values; report Marcus Meissner; ok dtucker djm | |
3c33c1b6 | 918 | - markus@cvs.openbsd.org 2006/06/08 14:45:49 |
919 | [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] | |
920 | do not set the gid, noted by solar; ok djm | |
e1ff5445 | 921 | - djm@cvs.openbsd.org 2006/06/13 01:18:36 |
922 | [ssh-agent.c] | |
923 | always use a format string, even when printing a constant | |
924 | - djm@cvs.openbsd.org 2006/06/13 02:17:07 | |
925 | [ssh-agent.c] | |
926 | revert; i am on drugs. spotted by alexander AT beard.se | |
6cba36fd | 927 | |
2ae7f715 | 928 | 20060521 |
929 | - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor | |
930 | and slave, we can remove the special-case handling in the audit hook in | |
931 | auth_log. | |
932 | ||
933 | 20060517 | |
aee28e67 | 934 | - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file |
935 | pointer leak. From kjhall at us.ibm.com, found by coverity. | |
936 | ||
2ae7f715 | 937 | 20060515 |
a048aeba | 938 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of |
939 | _res, prevents problems on some platforms that have _res as a global but | |
940 | don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by | |
941 | georg.schwarz at freenet.de, ok djm@. | |
143a79db | 942 | - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative |
943 | default. Patch originally from tim@, ok djm | |
5aa56df0 | 944 | - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and |
945 | do not allow kbdint again after the PAM account check fails. ok djm@ | |
a048aeba | 946 | |
2ae7f715 | 947 | 20060506 |
689d3f77 | 948 | - (dtucker) OpenBSD CVS Sync |
fc231518 | 949 | - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 |
950 | [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] | |
951 | Prevent ssh from trying to open private keys with bad permissions more than | |
952 | once or prompting for their passphrases (which it subsequently ignores | |
953 | anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ | |
397d64d2 | 954 | - djm@cvs.openbsd.org 2006/05/04 14:55:23 |
955 | [dh.c] | |
956 | tighter DH exponent checks here too; feedback and ok markus@ | |
a1361c4b | 957 | - djm@cvs.openbsd.org 2006/04/01 05:37:46 |
958 | [OVERVIEW] | |
959 | $OpenBSD$ in here too | |
9188927d | 960 | - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 |
961 | [auth-krb5.c] | |
962 | Add $OpenBSD$ in comment here too | |
fc231518 | 963 | |
01d35895 | 964 | 20060504 |
965 | - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c | |
966 | session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c | |
967 | openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) | |
968 | in Portable-only code; since calloc zeros, remove now-redundant memsets. | |
969 | Also add a couple of sanity checks. With & ok djm@ | |
970 | ||
7ca4010c | 971 | 20060503 |
972 | - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h | |
973 | and double including it on IRIX 5.3 causes problems. From Georg Schwarz, | |
974 | "no objections" tim@ | |
975 | ||
ac93e676 | 976 | 20060423 |
977 | - (djm) OpenBSD CVS Sync | |
978 | - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 | |
979 | [scp.c] | |
980 | minimal lint cleanup (unused crud, and some size_t); ok djm | |
c0a8e7bb | 981 | - djm@cvs.openbsd.org 2006/04/01 05:50:29 |
982 | [scp.c] | |
983 | xasprintification; ok deraadt@ | |
5fe9ca7d | 984 | - djm@cvs.openbsd.org 2006/04/01 05:51:34 |
985 | [atomicio.c] | |
986 | ANSIfy; requested deraadt@ | |
987 | - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 | |
988 | [ssh-keysign.c] | |
989 | sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ | |
9c3c8eb1 | 990 | - djm@cvs.openbsd.org 2006/04/03 07:10:38 |
991 | [gss-genr.c] | |
992 | GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 | |
993 | by dleonard AT vintela.com. use xasprintf() to simplify code while in | |
994 | there; "looks right" deraadt@ | |
69d9d413 | 995 | - djm@cvs.openbsd.org 2006/04/16 00:48:52 |
996 | [buffer.c buffer.h channels.c] | |
997 | Fix condition where we could exit with a fatal error when an input | |
998 | buffer became too large and the remote end had advertised a big window. | |
999 | The problem was a mismatch in the backoff math between the channels code | |
1000 | and the buffer code, so make a buffer_check_alloc() function that the | |
1001 | channels code can use to propsectivly check whether an incremental | |
1002 | allocation will succeed. bz #1131, debugged with the assistance of | |
1003 | cove AT wildpackets.com; ok dtucker@ deraadt@ | |
68d86b37 | 1004 | - djm@cvs.openbsd.org 2006/04/16 00:52:55 |
1005 | [atomicio.c atomicio.h] | |
1006 | introduce atomiciov() function that wraps readv/writev to retry | |
1007 | interrupted transfers like atomicio() does for read/write; | |
1008 | feedback deraadt@ dtucker@ stevesk@ ok deraadt@ | |
2c4369de | 1009 | - djm@cvs.openbsd.org 2006/04/16 00:54:10 |
1010 | [sftp-client.c] | |
1011 | avoid making a tiny 4-byte write to send the packet length of sftp | |
1012 | commands, which would result in a separate tiny packet on the wire by | |
1013 | using atomiciov(writev, ...) to write the length and the command in one | |
1014 | pass; ok deraadt@ | |
7bccebd0 | 1015 | - djm@cvs.openbsd.org 2006/04/16 07:59:00 |
1016 | [atomicio.c] | |
1017 | reorder sanity test so that it cannot dereference past the end of the | |
1018 | iov array; well spotted canacar@! | |
b0a892b2 | 1019 | - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 |
71544c3d | 1020 | [bufaux.c bufbn.c Makefile.in] |
b0a892b2 | 1021 | Move Buffer bignum functions into their own file, bufbn.c. This means |
1022 | that sftp and sftp-server (which use the Buffer functions in bufaux.c | |
1023 | but not the bignum ones) no longer need to be linked with libcrypto. | |
1024 | ok markus@ | |
50394f26 | 1025 | - djm@cvs.openbsd.org 2006/04/20 09:27:09 |
1026 | [auth.h clientloop.c dispatch.c dispatch.h kex.h] | |
1027 | replace the last non-sig_atomic_t flag used in a signal handler with a | |
1028 | sig_atomic_t, unfortunately with some knock-on effects in other (non- | |
1029 | signal) contexts in which it is used; ok markus@ | |
4439dde1 | 1030 | - markus@cvs.openbsd.org 2006/04/20 09:47:59 |
1031 | [sshconnect.c] | |
1032 | simplify; ok djm@ | |
6e97fe1d | 1033 | - djm@cvs.openbsd.org 2006/04/20 21:53:44 |
1034 | [includes.h session.c sftp.c] | |
1035 | Switch from using pipes to socketpairs for communication between | |
1036 | sftp/scp and ssh, and between sshd and its subprocesses. This saves | |
1037 | a file descriptor per session and apparently makes userland ppp over | |
1038 | ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this | |
1039 | decision on a per-platform basis) | |
40402a68 | 1040 | - djm@cvs.openbsd.org 2006/04/22 04:06:51 |
1041 | [uidswap.c] | |
1042 | use setres[ug]id() to permanently revoke privileges; ok deraadt@ | |
1043 | (ID Sync only - portable already uses setres[ug]id() whenever possible) | |
ae3afe05 | 1044 | - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 |
1045 | [crc32.c] | |
1046 | remove extra spaces | |
0ca1dcaf | 1047 | - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get |
1048 | sig_atomic_t | |
ac93e676 | 1049 | |
ef4d1846 | 1050 | 20060421 |
1051 | - (djm) [Makefile.in configure.ac session.c sshpty.c] | |
1052 | [contrib/redhat/sshd.init openbsd-compat/Makefile.in] | |
1053 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] | |
1054 | [openbsd-compat/port-linux.h] Add support for SELinux, setting | |
1055 | the execution and TTY contexts. based on patch from Daniel Walsh, | |
1056 | bz #880; ok dtucker@ | |
1057 | ||
88680c8b | 1058 | 20060418 |
ef4d1846 | 1059 | - (djm) [canohost.c] Reorder IP options check so that it isn't broken |
1060 | by mapped addresses; bz #1179 reported by markw wtech-llc.com; | |
88680c8b | 1061 | ok dtucker@ |
1062 | ||
6a0984b4 | 1063 | 20060331 |
1064 | - OpenBSD CVS Sync | |
1065 | - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 | |
1066 | [xmalloc.c] | |
1067 | we can do the size & nmemb check before the integer overflow check; | |
1068 | evol | |
fd06fbe0 | 1069 | - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 |
1070 | [dh.c] | |
1071 | use strtonum() instead of atoi(), limit dhg size to 64k; ok djm | |
e56b07ea | 1072 | - djm@cvs.openbsd.org 2006/03/27 23:15:46 |
1073 | [sftp.c] | |
1074 | always use a format string for addargs; spotted by mouring@ | |
19e79961 | 1075 | - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 |
1076 | [README.tun ssh.c] | |
1077 | spacing | |
4f16046f | 1078 | - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 |
1079 | [channels.c] | |
1080 | do not accept unreasonable X ports numbers; ok djm | |
cfaa5405 | 1081 | - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 |
1082 | [ssh-agent.c] | |
1083 | use strtonum() to parse the pid from the file, and range check it | |
1084 | better; ok djm | |
04aa9e67 | 1085 | - djm@cvs.openbsd.org 2006/03/30 09:41:25 |
1086 | [channels.c] | |
1087 | ARGSUSED for dispatch table-driven functions | |
51e7a012 | 1088 | - djm@cvs.openbsd.org 2006/03/30 09:58:16 |
1089 | [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] | |
1090 | [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] | |
1091 | replace {GET,PUT}_XXBIT macros with functionally similar functions, | |
1092 | silencing a heap of lint warnings. also allows them to use | |
1093 | __bounded__ checking which can't be applied to macros; requested | |
1094 | by and feedback from deraadt@ | |
8cffe22a | 1095 | - djm@cvs.openbsd.org 2006/03/30 10:41:25 |
1096 | [ssh.c ssh_config.5] | |
1097 | add percent escape chars to the IdentityFile option, bz #1159 based | |
1098 | on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ | |
2ccf5424 | 1099 | - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 |
1100 | [ssh-keygen.c] | |
1101 | Correctly handle truncated files while converting keys; ok djm@ | |
c023a130 | 1102 | - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 |
1103 | [auth.c monitor.c] | |
1104 | Prevent duplicate log messages when privsep=yes; ok djm@ | |
99d18e3e | 1105 | - jmc@cvs.openbsd.org 2006/03/31 09:09:30 |
1106 | [ssh_config.5] | |
1107 | kill trailing whitespace; | |
b4d7dedd | 1108 | - djm@cvs.openbsd.org 2006/03/31 09:13:56 |
1109 | [ssh_config.5] | |
1110 | remote user escape is %r not %h; spotted by jmc@ | |
6a0984b4 | 1111 | |
3eff92ec | 1112 | 20060326 |
1113 | - OpenBSD CVS Sync | |
1114 | - jakob@cvs.openbsd.org 2006/03/15 08:46:44 | |
1115 | [ssh-keygen.c] | |
1116 | if no key file are given when printing the DNS host record, use the | |
1117 | host key file(s) as default. ok djm@ | |
d6157b67 | 1118 | - biorn@cvs.openbsd.org 2006/03/16 10:31:45 |
1119 | [scp.c] | |
1120 | Try to display errormessage even if remout == -1 | |
1121 | ok djm@, markus@ | |
9dfca510 | 1122 | - djm@cvs.openbsd.org 2006/03/17 22:31:50 |
1123 | [authfd.c] | |
1124 | another unreachable found by lint | |
60ffd527 | 1125 | - djm@cvs.openbsd.org 2006/03/17 22:31:11 |
1126 | [authfd.c] | |
1127 | unreachanble statement, found by lint | |
4113a1d7 | 1128 | - djm@cvs.openbsd.org 2006/03/19 02:22:32 |
1129 | [serverloop.c] | |
1130 | memory leaks detected by Coverity via elad AT netbsd.org; | |
1131 | ok deraadt@ dtucker@ | |
e6a3cfb5 | 1132 | - djm@cvs.openbsd.org 2006/03/19 02:22:56 |
1133 | [sftp.c] | |
1134 | more memory leaks detected by Coverity via elad AT netbsd.org; | |
1135 | deraadt@ ok | |
f8f9ef4d | 1136 | - djm@cvs.openbsd.org 2006/03/19 02:23:26 |
1137 | [hostfile.c] | |
1138 | FILE* leak detected by Coverity via elad AT netbsd.org; | |
1139 | ok deraadt@ | |
88299971 | 1140 | - djm@cvs.openbsd.org 2006/03/19 02:24:05 |
1141 | [dh.c readconf.c servconf.c] | |
1142 | potential NULL pointer dereferences detected by Coverity | |
1143 | via elad AT netbsd.org; ok deraadt@ | |
18fc231c | 1144 | - djm@cvs.openbsd.org 2006/03/19 07:41:30 |
1145 | [sshconnect2.c] | |
1146 | memory leaks detected by Coverity via elad AT netbsd.org; | |
1147 | deraadt@ ok | |
0f8cd5a6 | 1148 | - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 |
1149 | [servconf.c] | |
1150 | Correct strdelim null test; ok djm@ | |
c8e9c167 | 1151 | - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 |
1152 | [auth1.c authfd.c channels.c] | |
1153 | spacing | |
b4bbf172 | 1154 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 |
1155 | [kex.c kex.h monitor.c myproposal.h session.c] | |
1156 | spacing | |
3efa8ea9 | 1157 | - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 |
1158 | [clientloop.c progressmeter.c serverloop.c sshd.c] | |
1159 | ARGSUSED for signal handlers | |
6e56dc92 | 1160 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 |
1161 | [ssh-keyscan.c] | |
1162 | please lint | |
7de98c39 | 1163 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 |
1164 | [ssh.c] | |
1165 | spacing | |
c84ac6a4 | 1166 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:09 |
1167 | [authfile.c] | |
1168 | whoever thought that break after return was a good idea needs to | |
1169 | get their head examimed | |
98d40a74 | 1170 | - djm@cvs.openbsd.org 2006/03/20 04:09:44 |
1171 | [monitor.c] | |
1172 | memory leaks detected by Coverity via elad AT netbsd.org; | |
1173 | deraadt@ ok | |
1174 | that should be all of them now | |
7016f7cf | 1175 | - djm@cvs.openbsd.org 2006/03/20 11:38:46 |
1176 | [key.c] | |
1177 | (really) last of the Coverity diffs: avoid possible NULL deref in | |
1178 | key_free. via elad AT netbsd.org; markus@ ok | |
5ef36928 | 1179 | - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 |
1180 | [auth.c key.c misc.c packet.c ssh-add.c] | |
1181 | in a switch (), break after return or goto is stupid | |
353d48db | 1182 | - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 |
1183 | [key.c] | |
1184 | djm did a typo | |
952fce1b | 1185 | - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 |
1186 | [ssh-rsa.c] | |
1187 | in a switch (), break after return or goto is stupid | |
148de80c | 1188 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 |
b3b6f53d | 1189 | [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] |
1190 | [ssh.c sshpty.c sshpty.h] | |
148de80c | 1191 | sprinkle u_int throughout pty subsystem, ok markus |
fe8c3af1 | 1192 | - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 |
1193 | [auth1.c auth2.c sshd.c] | |
1194 | sprinkle some ARGSUSED for table driven functions (which sometimes | |
1195 | must ignore their args) | |
32596c7b | 1196 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 |
1197 | [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] | |
1198 | [ssh-rsa.c ssh.c sshlogin.c] | |
1199 | annoying spacing fixes getting in the way of real diffs | |
b248a875 | 1200 | - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 |
1201 | [monitor.c] | |
1202 | spacing | |
338eb2ab | 1203 | - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 |
1204 | [channels.c] | |
1205 | x11_fake_data is only ever used as u_char * | |
0bcc3e35 | 1206 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 |
1207 | [dns.c] | |
1208 | cast xstrdup to propert u_char * | |
9555d258 | 1209 | - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 |
1210 | [canohost.c match.c ssh.c sshconnect.c] | |
1211 | be strict with tolower() casting | |
a7137f6b | 1212 | - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 |
1213 | [channels.c fatal.c kex.c packet.c serverloop.c] | |
1214 | spacing | |
1cec12db | 1215 | - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 |
1216 | [ttymodes.c] | |
1217 | spacing | |
52e3daed | 1218 | - djm@cvs.openbsd.org 2006/03/25 00:05:41 |
1219 | [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] | |
1220 | [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] | |
1221 | [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] | |
1222 | [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] | |
1223 | [xmalloc.c xmalloc.h] | |
1224 | introduce xcalloc() and xasprintf() failure-checked allocations | |
1225 | functions and use them throughout openssh | |
1226 | ||
1227 | xcalloc is particularly important because malloc(nmemb * size) is a | |
1228 | dangerous idiom (subject to integer overflow) and it is time for it | |
1229 | to die | |
1230 | ||
1231 | feedback and ok deraadt@ | |
c5d10563 | 1232 | - djm@cvs.openbsd.org 2006/03/25 01:13:23 |
1233 | [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] | |
1234 | [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] | |
1235 | [uidswap.c] | |
1236 | change OpenSSH's xrealloc() function from being xrealloc(p, new_size) | |
1237 | to xrealloc(p, new_nmemb, new_itemsize). | |
1238 | ||
1239 | realloc is particularly prone to integer overflows because it is | |
1240 | almost always allocating "n * size" bytes, so this is a far safer | |
1241 | API; ok deraadt@ | |
522327f5 | 1242 | - djm@cvs.openbsd.org 2006/03/25 01:30:23 |
1243 | [sftp.c] | |
1244 | "abormally" is a perfectly cromulent word, but "abnormally" is better | |
c1cb7bae | 1245 | - djm@cvs.openbsd.org 2006/03/25 13:17:03 |
6ba5f28f | 1246 | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] |
1247 | [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] | |
1248 | [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] | |
1249 | [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] | |
1250 | [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] | |
1251 | [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] | |
1252 | [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] | |
1253 | [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] | |
1254 | [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] | |
1255 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] | |
1256 | [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] | |
1257 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] | |
1258 | [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | |
1259 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | |
1260 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | |
1261 | [uidswap.c uuencode.c xmalloc.c] | |
c1cb7bae | 1262 | Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that |
1263 | Theo nuked - our scripts to sync -portable need them in the files | |
febd6f21 | 1264 | - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 |
1265 | [auth-rsa.c authfd.c packet.c] | |
1266 | needed casts (always will be needed) | |
b476adfa | 1267 | - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 |
1268 | [clientloop.c serverloop.c] | |
1269 | spacing | |
306f24ca | 1270 | - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 |
1271 | [sshlogin.c sshlogin.h] | |
1272 | nicer size_t and time_t types | |
0fe9892f | 1273 | - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 |
1274 | [ssh-keygen.c] | |
1275 | cast strtonum() result to right type | |
8d0b0353 | 1276 | - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 |
1277 | [ssh-agent.c] | |
1278 | mark two more signal handlers ARGSUSED | |
d6d4897e | 1279 | - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 |
1280 | [channels.c] | |
1281 | use strtonum() instead of atoi() [limit X screens to 400, sorry] | |
15dd2c4f | 1282 | - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 |
1283 | [bufaux.c channels.c packet.c] | |
1284 | remove (char *) casts to a function that accepts void * for the arg | |
5b5f6af7 | 1285 | - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 |
1286 | [channels.c] | |
1287 | delete cast not required | |
56f824f3 | 1288 | - djm@cvs.openbsd.org 2006/03/25 22:22:43 |
1289 | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] | |
1290 | [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] | |
1291 | [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] | |
1292 | [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] | |
1293 | [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] | |
1294 | [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] | |
1295 | [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] | |
1296 | [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] | |
1297 | [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] | |
1298 | [ttymodes.h uidswap.h uuencode.h xmalloc.h] | |
1299 | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | |
9594740b | 1300 | - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 |
1301 | [uuencode.c] | |
1302 | typo | |
3eff92ec | 1303 | |
df938409 | 1304 | 20060325 |
1305 | - OpenBSD CVS Sync | |
1306 | - djm@cvs.openbsd.org 2006/03/16 04:24:42 | |
1307 | [ssh.1] | |
1308 | Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs | |
1309 | that OpenSSH supports | |
a92a0909 | 1310 | - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 |
1311 | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] | |
1312 | [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] | |
1313 | [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] | |
1314 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] | |
1315 | [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] | |
1316 | [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] | |
1317 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | |
1318 | [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] | |
1319 | [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] | |
1320 | [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] | |
1321 | [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] | |
1322 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] | |
1323 | [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] | |
1324 | [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] | |
1325 | [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] | |
1326 | [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] | |
1327 | [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | |
1328 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | |
1329 | [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] | |
1330 | [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] | |
1331 | [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] | |
1332 | [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] | |
1333 | [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] | |
1334 | RCSID() can die | |
0e03e3d0 | 1335 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 |
1336 | [kex.h myproposal.h] | |
1337 | spacing | |
0fa53840 | 1338 | - djm@cvs.openbsd.org 2006/03/20 04:07:22 |
1339 | [auth2-gss.c] | |
1340 | GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | |
1341 | reviewed by simon AT sxw.org.uk; deraadt@ ok | |
0926fd19 | 1342 | - djm@cvs.openbsd.org 2006/03/20 04:07:49 |
1343 | [gss-genr.c] | |
1344 | more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | |
1345 | reviewed by simon AT sxw.org.uk; deraadt@ ok | |
7cd30d48 | 1346 | - djm@cvs.openbsd.org 2006/03/20 04:08:18 |
1347 | [gss-serv.c] | |
1348 | last lot of GSSAPI related leaks detected by Coverity via | |
1349 | elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok | |
97f67e9a | 1350 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 |
1351 | [monitor_wrap.h sshpty.h] | |
1352 | sprinkle u_int throughout pty subsystem, ok markus | |
fd6eaa8c | 1353 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 |
1354 | [session.h] | |
1355 | annoying spacing fixes getting in the way of real diffs | |
6cfe93ec | 1356 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 |
1357 | [dns.c] | |
1358 | cast xstrdup to propert u_char * | |
f0eea41f | 1359 | - jakob@cvs.openbsd.org 2006/03/22 21:16:24 |
1360 | [ssh.1] | |
1361 | simplify SSHFP example; ok jmc@ | |
69753336 | 1362 | - djm@cvs.openbsd.org 2006/03/22 21:27:15 |
1363 | [deattack.c deattack.h] | |
1364 | remove IV support from the CRC attack detector, OpenSSH has never used | |
1365 | it - it only applied to IDEA-CFB, which we don't support. | |
1366 | prompted by NetBSD Coverity report via elad AT netbsd.org; | |
1367 | feedback markus@ "nuke it" deraadt@ | |
df938409 | 1368 | |
08a3f952 | 1369 | 20060318 |
7f38714e | 1370 | - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via |
1371 | elad AT NetBSD.org | |
1372 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take | |
1373 | a LLONG rather than a long. Fixes scp'ing of large files on platforms | |
1374 | with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. | |
08a3f952 | 1375 | |
32b0131a | 1376 | 20060316 |
1377 | - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. | |
2f360c89 | 1378 | - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in |
1379 | /usr/include/crypto. Hint from djm@. | |
b1f0c612 | 1380 | - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] |
1381 | Disable sha256 when openssl < 0.9.7. Patch from djm@. | |
30baf904 | 1382 | - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old |
1383 | OpenSSL; ok tim | |
32b0131a | 1384 | |
0ac58ab4 | 1385 | 20060315 |
1386 | - (djm) OpenBSD CVS Sync: | |
1387 | - msf@cvs.openbsd.org 2006/02/06 15:54:07 | |
1388 | [ssh.1] | |
1389 | - typo fix | |
1390 | ok jmc@ | |
260c414c | 1391 | - jmc@cvs.openbsd.org 2006/02/06 21:44:47 |
1392 | [ssh.1] | |
1393 | make this a little less ambiguous... | |
c38f5d19 | 1394 | - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 |
1395 | [auth-rhosts.c includes.h] | |
1396 | move #include <netgroup.h> out of includes.h; ok markus@ | |
c3ff311a | 1397 | - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 |
1398 | [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] | |
1399 | move #include <sys/queue.h> out of includes.h; ok markus@ | |
1d3e026f | 1400 | - stevesk@cvs.openbsd.org 2006/02/07 01:42:00 |
1401 | [channels.c clientloop.c clientloop.h includes.h packet.h] | |
1402 | [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] | |
1403 | move #include <termios.h> out of includes.h; ok markus@ | |
99f28949 | 1404 | - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 |
1405 | [sshtty.c] | |
1406 | "log.h" not needed | |
cc63c340 | 1407 | - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 |
1408 | [hostfile.c] | |
1409 | "packet.h" not needed | |
db5a9db9 | 1410 | - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 |
1411 | [deattack.c] | |
1412 | duplicate #include | |
a75f5360 | 1413 | - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 |
1414 | [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] | |
1415 | [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] | |
1416 | [sshd.c sshpty.c] | |
1417 | move #include <paths.h> out of includes.h; ok markus@ | |
6425cf65 | 1418 | - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 |
1419 | [includes.h misc.c] | |
1420 | move #include <netinet/tcp.h> out of includes.h; ok markus@ | |
1720c23b | 1421 | - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 |
1422 | [gss-serv.c monitor.c] | |
1423 | small KNF | |
5b984d1d | 1424 | - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 |
1425 | [sshconnect.c] | |
1426 | <openssl/bn.h> not needed | |
876faccd | 1427 | - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 |
1428 | [includes.h ssh-agent.c ssh-keyscan.c ssh.c] | |
1429 | move #include <sys/resource.h> out of includes.h; ok markus@ | |
a3dcf543 | 1430 | - stevesk@cvs.openbsd.org 2006/02/08 14:38:18 |
1431 | [includes.h packet.c] | |
1432 | move #include <netinet/in_systm.h> and <netinet/ip.h> out of | |
1433 | includes.h; ok markus@ | |
68e39d38 | 1434 | - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 |
1435 | [includes.h scp.c sftp-glob.c sftp-server.c] | |
1436 | move #include <dirent.h> out of includes.h; ok markus@ | |
bbb1501d | 1437 | - stevesk@cvs.openbsd.org 2006/02/09 00:32:07 |
1438 | [includes.h] | |
1439 | #include <sys/endian.h> not needed; ok djm@ | |
1440 | NB. ID Sync only - we still need this (but it may move later) | |
4eb67845 | 1441 | - jmc@cvs.openbsd.org 2006/02/09 10:10:47 |
1442 | [sshd.8] | |
1443 | - move some text into a CAVEATS section | |
1444 | - merge the COMMAND EXECUTION... section into AUTHENTICATION | |
bd7c69ea | 1445 | - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 |
1446 | [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] | |
1447 | [ssh.c sshd.c sshpty.c] | |
1448 | move #include <sys/ioctl.h> out of includes.h; ok markus@ | |
aa2eae64 | 1449 | - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 |
1450 | [includes.h monitor.c readpass.c scp.c serverloop.c session.c\7f] | |
1451 | [sftp.c sshconnect.c sshconnect2.c sshd.c] | |
1452 | move #include <sys/wait.h> out of includes.h; ok markus@ | |
cfb9181c | 1453 | - otto@cvs.openbsd.org 2006/02/11 19:31:18 |
1454 | [atomicio.c] | |
1455 | type correctness; from Ray Lai in PR 5011; ok millert@ | |
f7b8224d | 1456 | - djm@cvs.openbsd.org 2006/02/12 06:45:34 |
1457 | [ssh.c ssh_config.5] | |
1458 | add a %l expansion code to the ControlPath, which is filled in with the | |
1459 | local hostname at runtime. Requested by henning@ to avoid some problems | |
1460 | with /home on NFS; ok dtucker@ | |
129d5252 | 1461 | - djm@cvs.openbsd.org 2006/02/12 10:44:18 |
1462 | [readconf.c] | |
1463 | raise error when the user specifies a RekeyLimit that is smaller than 16 | |
1464 | (the smallest of our cipher's blocksize) or big enough to cause integer | |
1465 | wraparound; ok & feedback dtucker@ | |
5e7007ea | 1466 | - jmc@cvs.openbsd.org 2006/02/12 10:49:44 |
1467 | [ssh_config.5] | |
1468 | slight rewording; ok djm | |
010c04e5 | 1469 | - jmc@cvs.openbsd.org 2006/02/12 10:52:41 |
1470 | [sshd.8] | |
1471 | rework the description of authorized_keys a little; | |
9ed4bd80 | 1472 | - jmc@cvs.openbsd.org 2006/02/12 17:57:19 |
1473 | [sshd.8] | |
1474 | sort the list of options permissable w/ authorized_keys; | |
1475 | ok djm dtucker | |
1e0fcfc6 | 1476 | - jmc@cvs.openbsd.org 2006/02/13 10:16:39 |
1477 | [sshd.8] | |
1478 | no need to subsection the authorized_keys examples - instead, convert | |
1479 | this to look like an actual file. also use proto 2 keys, and use IETF | |
1480 | example addresses; | |
2881e0e9 | 1481 | - jmc@cvs.openbsd.org 2006/02/13 10:21:25 |
1482 | [sshd.8] | |
1483 | small tweaks for the ssh_known_hosts section; | |
9d4b0313 | 1484 | - jmc@cvs.openbsd.org 2006/02/13 11:02:26 |
1485 | [sshd.8] | |
1486 | turn this into an example ssh_known_hosts file; ok djm | |
481e991f | 1487 | - jmc@cvs.openbsd.org 2006/02/13 11:08:43 |
1488 | [sshd.8] | |
1489 | - avoid nasty line split | |
1490 | - `*' does not need to be escaped | |
10fa86ae | 1491 | - jmc@cvs.openbsd.org 2006/02/13 11:27:25 |
1492 | [sshd.8] | |
1493 | sort FILES and use a -compact list; | |
2db34ac9 | 1494 | - david@cvs.openbsd.org 2006/02/15 05:08:24 |
1495 | [sftp-client.c] | |
1496 | typo in comment; ok djm@ | |
0e505e42 | 1497 | - jmc@cvs.openbsd.org 2006/02/15 16:53:20 |
1498 | [ssh.1] | |
1499 | remove the IETF draft references and replace them with some updated RFCs; | |
2866aceb | 1500 | - jmc@cvs.openbsd.org 2006/02/15 16:55:33 |
1501 | [sshd.8] | |
1502 | remove ietf draft references; RFC list now maintained in ssh.1; | |
00e7c607 | 1503 | - jmc@cvs.openbsd.org 2006/02/16 09:05:34 |
1504 | [sshd.8] | |
1505 | sync some of the FILES entries w/ ssh.1; | |
f3d2d92e | 1506 | - jmc@cvs.openbsd.org 2006/02/19 19:52:10 |
1507 | [sshd.8] | |
1508 | move the sshrc stuff out of FILES, and into its own section: | |
1509 | FILES is not a good place to document how stuff works; | |
e56bbe08 | 1510 | - jmc@cvs.openbsd.org 2006/02/19 20:02:17 |
1511 | [sshd.8] | |
1512 | sync the (s)hosts.equiv FILES entries w/ those from ssh.1; | |
3783659a | 1513 | - jmc@cvs.openbsd.org 2006/02/19 20:05:00 |
1514 | [sshd.8] | |
1515 | grammar; | |
922f8f17 | 1516 | - jmc@cvs.openbsd.org 2006/02/19 20:12:25 |
1517 | [ssh_config.5] | |
1518 | add some vertical space; | |
cebb4c24 | 1519 | - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 |
1520 | [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] | |
1521 | move #include <sys/un.h> out of includes.h; ok djm@ | |
4095f623 | 1522 | - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 |
1523 | [clientloop.c includes.h monitor.c progressmeter.c scp.c] | |
1524 | [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] | |
1525 | move #include <signal.h> out of includes.h; ok markus@ | |
ada68823 | 1526 | - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 |
1527 | [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] | |
1528 | [authfile.c clientloop.c includes.h readconf.c scp.c session.c] | |
1529 | [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] | |
1530 | [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] | |
1531 | [sshconnect2.c sshd.c sshpty.c] | |
1532 | move #include <sys/stat.h> out of includes.h; ok markus@ | |
b6438382 | 1533 | - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 |
1534 | [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] | |
1535 | [sshconnect.c] | |
1536 | move #include <ctype.h> out of includes.h; ok djm@ | |
95d46d8f | 1537 | - jmc@cvs.openbsd.org 2006/02/24 10:25:14 |
1538 | [ssh_config.5] | |
1539 | add section on patterns; | |
1540 | from dtucker + myself | |
ac1ec4d8 | 1541 | - jmc@cvs.openbsd.org 2006/02/24 10:33:54 |
1542 | [sshd_config.5] | |
1543 | signpost to PATTERNS; | |
436a5ff9 | 1544 | - jmc@cvs.openbsd.org 2006/02/24 10:37:07 |
1545 | [ssh_config.5] | |
1546 | tidy up the refs to PATTERNS; | |
4cb23985 | 1547 | - jmc@cvs.openbsd.org 2006/02/24 10:39:52 |
1548 | [sshd.8] | |
1549 | signpost to PATTERNS section; | |
340a4caf | 1550 | - jmc@cvs.openbsd.org 2006/02/24 20:22:16 |
1551 | [ssh-keysign.8 ssh_config.5 sshd_config.5] | |
1552 | some consistency fixes; | |
f09ffbdb | 1553 | - jmc@cvs.openbsd.org 2006/02/24 20:31:31 |
1554 | [ssh.1 ssh_config.5 sshd.8 sshd_config.5] | |
1555 | more consistency fixes; | |
c5786b30 | 1556 | - jmc@cvs.openbsd.org 2006/02/24 23:20:07 |
1557 | [ssh_config.5] | |
1558 | some grammar/wording fixes; | |
b74c3b8c | 1559 | - jmc@cvs.openbsd.org 2006/02/24 23:43:57 |
1560 | [sshd_config.5] | |
1561 | some grammar/wording fixes; | |
32cfd177 | 1562 | - jmc@cvs.openbsd.org 2006/02/24 23:51:17 |
1563 | [sshd_config.5] | |
1564 | oops - bits i missed; | |
2963b207 | 1565 | - jmc@cvs.openbsd.org 2006/02/25 12:26:17 |
1566 | [ssh_config.5] | |
1567 | document the possible values for KbdInteractiveDevices; | |
84c1b530 | 1568 | help/ok dtucker |
1569 | - jmc@cvs.openbsd.org 2006/02/25 12:28:34 | |
1570 | [sshd_config.5] | |
1571 | document the order in which allow/deny directives are processed; | |
a269663f | 1572 | help/ok dtucker |
de4f5093 | 1573 | - jmc@cvs.openbsd.org 2006/02/26 17:17:18 |
1574 | [ssh_config.5] | |
1575 | move PATTERNS to the end of the main body; requested by dtucker | |
ef1c6497 | 1576 | - jmc@cvs.openbsd.org 2006/02/26 18:01:13 |
1577 | [sshd_config.5] | |
1578 | subsection is pointless here; | |
c04ba6a6 | 1579 | - jmc@cvs.openbsd.org 2006/02/26 18:03:10 |
1580 | [ssh_config.5] | |
1581 | comma; | |
8b6bf4d5 | 1582 | - djm@cvs.openbsd.org 2006/02/28 01:10:21 |
1583 | [session.c] | |
1584 | fix logout recording when privilege separation is disabled, analysis and | |
1585 | patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ | |
1586 | NB. ID sync only - patch already in portable | |
140000b4 | 1587 | - djm@cvs.openbsd.org 2006/03/04 04:12:58 |
1588 | [serverloop.c] | |
1589 | move a debug() outside of a signal handler; ok markus@ a little while back | |
16a5525d | 1590 | - djm@cvs.openbsd.org 2006/03/12 04:23:07 |
1591 | [ssh.c] | |
1592 | knf nit | |
9f513268 | 1593 | - djm@cvs.openbsd.org 2006/03/13 08:16:00 |
1594 | [sshd.c] | |
1595 | don't log that we are listening on a socket before the listen() call | |
1596 | actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ | |
71f0de56 | 1597 | - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 |
1598 | [packet.c] | |
1599 | Set TCP_NODELAY for all connections not just "interactive" ones. Fixes | |
1600 | poor performance and protocol stalls under some network conditions (mindrot | |
1601 | bugs #556 and #981). Patch originally from markus@, ok djm@ | |
15b81af3 | 1602 | - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 |
1603 | [ssh-keygen.c] | |
1604 | Make ssh-keygen handle CR and CRLF line termination when converting IETF | |
1605 | format keys, in adition to vanilla LF. mindrot #1157, tested by Chris | |
1606 | Pepper, ok djm@ | |
533b9133 | 1607 | - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 |
1608 | [misc.c ssh_config.5 sshd_config.5] | |
1609 | Allow config directives to contain whitespace by surrounding them by double | |
1610 | quotes. mindrot #482, man page help from jmc@, ok djm@ | |
45660a22 | 1611 | - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 |
1612 | [authfile.c authfile.h ssh-add.c] | |
1613 | Make ssh-add check file permissions before attempting to load private | |
1614 | key files multiple times; it will fail anyway and this prevents confusing | |
1615 | multiple prompts and warnings. mindrot #1138, ok djm@ | |
22aa23f8 | 1616 | - djm@cvs.openbsd.org 2006/03/14 00:15:39 |
1617 | [canohost.c] | |
1618 | log the originating address and not just the name when a reverse | |
1619 | mapping check fails, requested by linux AT linuon.com | |
2d762582 | 1620 | - markus@cvs.openbsd.org 2006/03/14 16:32:48 |
1621 | [ssh_config.5 sshd_config.5] | |
1622 | *AliveCountMax applies to protcol v2 only; ok dtucker, djm | |
2ff8003a | 1623 | - djm@cvs.openbsd.org 2006/03/07 09:07:40 |
1624 | [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] | |
1625 | Implement the diffie-hellman-group-exchange-sha256 key exchange method | |
1626 | using the SHA256 code in libc (and wrapper to make it into an OpenSSL | |
1627 | EVP), interop tested against CVS PuTTY | |
1628 | NB. no portability bits committed yet | |
13ff27b7 | 1629 | - (djm) [configure.ac defines.h kex.c md-sha256.c] |
1630 | [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] | |
1631 | [openbsd-compat/sha2.c] First stab at portability glue for SHA256 | |
1632 | KEX support, should work with libc SHA256 support or OpenSSL | |
1633 | EVP_sha256 if present | |
1a6e2ed1 | 1634 | - (djm) [includes.h] Restore accidentally dropped netinet/in.h |
d3c45531 | 1635 | - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files |
f73e2ad7 | 1636 | - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present |
53a9f480 | 1637 | - (djm) [regress/.cvsignore] Ignore Makefile here |
81e73e57 | 1638 | - (djm) [loginrec.c] Need stat.h |
6c3a432e | 1639 | - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with |
1640 | system sha2.h | |
cb2c6179 | 1641 | - (djm) [ssh-rand-helper.c] Needs a bunch of headers |
3e598f1a | 1642 | - (djm) [ssh-agent.c] Restore dropped stat.h |
3070c7e1 | 1643 | - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out |
1644 | SHA384, which we don't need and doesn't compile without tweaks | |
b5b88c19 | 1645 | - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] |
1646 | [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] | |
1647 | [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] | |
1648 | [openbsd-compat/glob.c openbsd-compat/mktemp.c] | |
1649 | [openbsd-compat/readpassphrase.c] Lots of include fixes for | |
1650 | OpenSolaris | |
b481f63d | 1651 | - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" |
3e9b2b1b | 1652 | - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some |
1653 | includes removed from includes.h | |
d90b9f9a | 1654 | - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE |
b02dadfc | 1655 | - (djm) [includes.h] Put back paths.h, it is needed in defines.h |
d4bf5977 | 1656 | - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs |
1657 | sys/ioctl.h for struct winsize. | |
3919d576 | 1658 | - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. |
0ac58ab4 | 1659 | |
055252ed | 1660 | 20060313 |
1661 | - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) | |
1662 | since not all platforms support it. Instead, use internal equivalent while | |
1663 | computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* | |
1664 | as it's no longer required. Tested by Bernhard Simon, ok djm@ | |
1665 | ||
f9b93ff8 | 1666 | 20060304 |
1667 | - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a | |
1668 | file rather than directory, required as Cygwin will be importing lastlog(1). | |
1669 | Also tightens up permissions on the file. Patch from vinschen@redhat.com. | |
a8d3dd47 | 1670 | - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h |
1671 | includes. Patch from gentoo.riverrat at gmail.com. | |
f9b93ff8 | 1672 | |
49c64dd6 | 1673 | 20060226 |
1674 | - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY | |
1675 | patch from kraai at ftbfs.org. | |
1676 | ||
1677 | 20060223 | |
05059810 | 1678 | - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current |
1679 | reality. Pointed out by tryponraj at gmail.com. | |
1680 | ||
49c64dd6 | 1681 | 20060222 |
0244ad55 | 1682 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only |
1683 | compile in compat code if required. | |
1684 | ||
15101d77 | 1685 | 20060221 |
1686 | - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about | |
1687 | redefinition of SSLeay_add_all_algorithms. | |
1688 | ||
c7ad0d99 | 1689 | 20060220 |
1690 | - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] | |
1691 | Add optional enabling of OpenSSL's (hardware) Engine support, via | |
1692 | configure --with-ssl-engine. Based in part on a diff by michal at | |
1693 | logix.cz. | |
1694 | ||
46096a5b | 1695 | 20060219 |
1696 | - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] | |
1697 | Add first attempt at regress tests for compat library. ok djm@ | |
1698 | ||
103ff395 | 1699 | 20060214 |
1700 | - (tim) [buildpkg.sh.in] Make the names consistent. | |
1701 | s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ | |
1702 | ||
06a517d4 | 1703 | 20060212 |
1704 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned | |
1705 | to silence compiler warning, from vinschen at redhat.com. | |
0c7e8877 | 1706 | - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. |
9603096f | 1707 | - (dtucker) [README version.h contrib/caldera/openssh.spec |
1708 | contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version | |
1709 | strings to match 4.3p2 release. | |
06a517d4 | 1710 | |
4c721c3d | 1711 | 20060208 |
1712 | - (tim) [session.c] Logout records were not updated on systems with | |
1713 | post auth privsep disabled due to bug 1086 changes. Analysis and patch | |
1714 | by vinschen at redhat.com. OK tim@, dtucker@. | |
4b2cf3f1 | 1715 | - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP |
8753ef06 | 1716 | -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@ |
4c721c3d | 1717 | |
5679f14d | 1718 | 20060206 |
1719 | - (tim) [configure.ac] Remove unnecessary tests for net/if.h and | |
1720 | netinet/in_systm.h. OK dtucker@. | |
1721 | ||
823221b2 | 1722 | 20060205 |
1723 | - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test | |
1724 | for Solaris. OK dtucker@. | |
9c54c067 | 1725 | - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by |
1726 | kraai at ftbfs.org. | |
823221b2 | 1727 | |
c9ecc3c7 | 1728 | 20060203 |
1729 | - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first | |
1730 | AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run | |
1731 | by a platform specific check, builtin standard includes tests will be | |
1732 | skipped on the other platforms. | |
1733 | Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. | |
1734 | OK tim@, djm@. | |
1735 | ||
300ea548 | 1736 | 20060202 |
1737 | - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it | |
1738 | works with picky compilers. Patch from alex.kiernan at thus.net. | |
1739 | ||
0ceedd4e | 1740 | 20060201 |
1741 | - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to | |
1742 | determine the user's login name - needed for regress tests on Solaris | |
1743 | 10 and OpenSolaris | |
f3906047 | 1744 | - (djm) OpenBSD CVS Sync |
1745 | - jmc@cvs.openbsd.org 2006/02/01 09:06:50 | |
1746 | [sshd.8] | |
1747 | - merge sections on protocols 1 and 2 into a single section | |
1748 | - remove configuration file section | |
1749 | ok markus | |
170c69ba | 1750 | - jmc@cvs.openbsd.org 2006/02/01 09:11:41 |
1751 | [sshd.8] | |
1752 | small tweak; | |
026be201 | 1753 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
1754 | [contrib/suse/openssh.spec] Update versions ahead of release | |
ac07067e | 1755 | - markus@cvs.openbsd.org 2006/02/01 11:27:22 |
1756 | [version.h] | |
1757 | openssh 4.3 | |
2ac31303 | 1758 | - (djm) Release OpenSSH 4.3p1 |
0ceedd4e | 1759 | |
0ce89457 | 1760 | 20060131 |
1761 | - (djm) OpenBSD CVS Sync | |
1762 | - jmc@cvs.openbsd.org 2006/01/20 11:21:45 | |
1763 | [ssh_config.5] | |
1764 | - word change, agreed w/ markus | |
1765 | - consistency fixes | |
ec63d7ce | 1766 | - jmc@cvs.openbsd.org 2006/01/25 09:04:34 |
1767 | [sshd.8] | |
1768 | move the options description up the page, and a few additional tweaks | |
1769 | whilst in here; | |
1770 | ok markus | |
f464b2f1 | 1771 | - jmc@cvs.openbsd.org 2006/01/25 09:07:22 |
1772 | [sshd.8] | |
1773 | move subsections to full sections; | |
b661b7fb | 1774 | - jmc@cvs.openbsd.org 2006/01/26 08:47:56 |
1775 | [ssh.1] | |
1776 | add a section on verifying host keys in dns; | |
1777 | written with a lot of help from jakob; | |
1778 | feedback dtucker/markus; | |
1779 | ok markus | |
d7b37427 | 1780 | - reyk@cvs.openbsd.org 2006/01/30 12:22:22 |
1781 | [channels.c] | |
1782 | mark channel as write failed or dead instead of read failed on error | |
1783 | of the channel output filter. | |
1784 | ok markus@ | |
062d2977 | 1785 | - jmc@cvs.openbsd.org 2006/01/30 13:37:49 |
1786 | [ssh.1] | |
1787 | remove an incorrect sentence; | |
1788 | reported by roumen petrov; | |
1789 | ok djm markus | |
4116f5c0 | 1790 | - djm@cvs.openbsd.org 2006/01/31 10:19:02 |
1791 | [misc.c misc.h scp.c sftp.c] | |
1792 | fix local arbitrary command execution vulnerability on local/local and | |
1793 | remote/remote copies (CVE-2006-0225, bz #1094), patch by | |
1794 | t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ | |
16e8ab10 | 1795 | - djm@cvs.openbsd.org 2006/01/31 10:35:43 |
1796 | [scp.c] | |
1797 | "scp a b c" shouldn't clobber "c" when it is not a directory, report and | |
1798 | fix from biorn@; ok markus@ | |
b645ff66 | 1799 | - (djm) Sync regress tests to OpenBSD: |
1800 | - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 | |
1801 | [regress/forwarding.sh] | |
1802 | Regress test for ClearAllForwardings (bz #994); ok markus@ | |
9b347e5f | 1803 | - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 |
1804 | [regress/multiplex.sh] | |
1805 | Don't call cleanup in multiplex as test-exec will cleanup anyway | |
1806 | found by tim@, ok djm@ | |
1807 | NB. ID sync only, we already had this | |
1808 | - djm@cvs.openbsd.org 2005/05/20 23:14:15 | |
1809 | [regress/test-exec.sh] | |
1810 | force addressfamily=inet for tests, unbreaking dynamic-forward regress for | |
1811 | recently committed nc SOCKS5 changes | |
9f22d634 | 1812 | - djm@cvs.openbsd.org 2005/05/24 04:10:54 |
89deb4c2 | 1813 | [regress/try-ciphers.sh] |
9f22d634 | 1814 | oops, new arcfour modes here too |
89deb4c2 | 1815 | - markus@cvs.openbsd.org 2005/06/30 11:02:37 |
1816 | [regress/scp.sh] | |
1817 | allow SUDO=sudo; from Alexander Bluhm | |
41f70006 | 1818 | - grunk@cvs.openbsd.org 2005/11/14 21:25:56 |
1819 | [regress/agent-getpeereid.sh] | |
1820 | all other scripts in this dir use $SUDO, not 'sudo', so pull this even | |
1821 | ok markus@ | |
71133d5b | 1822 | - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 |
1823 | [regress/scp-ssh-wrapper.sh] | |
1824 | Fix assumption about how many args scp will pass; ok djm@ | |
1825 | NB. ID sync only, we already had this | |
452613c1 | 1826 | - djm@cvs.openbsd.org 2006/01/27 06:49:21 |
1827 | [scp.sh] | |
1828 | regress test for local to local scp copies; ok dtucker@ | |
3ca1f5b0 | 1829 | - djm@cvs.openbsd.org 2006/01/31 10:23:23 |
1830 | [scp.sh] | |
1831 | regression test for CVE-2006-0225 written by dtucker@ | |
d5b44cf1 | 1832 | - djm@cvs.openbsd.org 2006/01/31 10:36:33 |
1833 | [scp.sh] | |
1834 | regress test for "scp a b c" where "c" is not a directory | |
0ce89457 | 1835 | |
eeb27c78 | 1836 | 20060129 |
1837 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the | |
1838 | opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ | |
1839 | ||
16ad260d | 1840 | 20060120 |
1841 | - (dtucker) OpenBSD CVS Sync | |
1842 | - jmc@cvs.openbsd.org 2006/01/15 17:37:05 | |
1843 | [ssh.1] | |
1844 | correction from deraadt | |
43a7d9e7 | 1845 | - jmc@cvs.openbsd.org 2006/01/18 10:53:29 |
1846 | [ssh.1] | |
1847 | add a section on ssh-based vpn, based on reyk's README.tun; | |
db175906 | 1848 | - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 |
1849 | [scp.1 ssh.1 ssh_config.5 sftp.1] | |
1850 | Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot | |
1851 | #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ | |
16ad260d | 1852 | |
aaa18db9 | 1853 | 20060114 |
1854 | - (djm) OpenBSD CVS Sync | |
1855 | - jmc@cvs.openbsd.org 2006/01/06 13:27:32 | |
1856 | [ssh.1] | |
1857 | weed out some duplicate info in the known_hosts FILES entries; | |
1858 | ok djm | |
5d7b356f | 1859 | - jmc@cvs.openbsd.org 2006/01/06 13:29:10 |
1860 | [ssh.1] | |
1861 | final round of whacking FILES for duplicate info, and some consistency | |
1862 | fixes; | |
1863 | ok djm | |
dbb3bf96 | 1864 | - jmc@cvs.openbsd.org 2006/01/12 14:44:12 |
1865 | [ssh.1] | |
1866 | split sections on tcp and x11 forwarding into two sections. | |
1867 | add an example in the tcp section, based on sth i wrote for ssh faq; | |
1868 | help + ok: djm markus dtucker | |
5d4e571c | 1869 | - jmc@cvs.openbsd.org 2006/01/12 18:48:48 |
1870 | [ssh.1] | |
1871 | refer to `TCP' rather than `TCP/IP' in the context of connection | |
1872 | forwarding; | |
1873 | ok markus | |
e5d4cfad | 1874 | - jmc@cvs.openbsd.org 2006/01/12 22:20:00 |
1875 | [sshd.8] | |
1876 | refer to TCP forwarding, rather than TCP/IP forwarding; | |
0b3950af | 1877 | - jmc@cvs.openbsd.org 2006/01/12 22:26:02 |
1878 | [ssh_config.5] | |
1879 | refer to TCP forwarding, rather than TCP/IP forwarding; | |
c2da64a1 | 1880 | - jmc@cvs.openbsd.org 2006/01/12 22:34:12 |
1881 | [ssh.1] | |
1882 | back out a sentence - AUTHENTICATION already documents this; | |
aaa18db9 | 1883 | |
794febd2 | 1884 | 20060109 |
1885 | - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on | |
1886 | tcpip service so it's always started after IP is up. Patch from | |
1887 | vinschen at redhat.com. | |
1888 | ||
0624a70b | 1889 | 20060106 |
1890 | - (djm) OpenBSD CVS Sync | |
1891 | - jmc@cvs.openbsd.org 2006/01/03 16:31:10 | |
1892 | [ssh.1] | |
1893 | move FILES to a -compact list, and make each files an item in that list. | |
1894 | this avoids nastly line wrap when we have long pathnames, and treats | |
1895 | each file as a separate item; | |
1896 | remove the .Pa too, since it is useless. | |
0502727e | 1897 | - jmc@cvs.openbsd.org 2006/01/03 16:35:30 |
1898 | [ssh.1] | |
1899 | use a larger width for the ENVIRONMENT list; | |
f403d7b5 | 1900 | - jmc@cvs.openbsd.org 2006/01/03 16:52:36 |
1901 | [ssh.1] | |
1902 | put FILES in some sort of order: sort by pathname | |
c0907b37 | 1903 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 |
1904 | [ssh.1] | |
1905 | tweak the description of ~/.ssh/environment | |
f3119772 | 1906 | - jmc@cvs.openbsd.org 2006/01/04 18:42:46 |
1907 | [ssh.1] | |
1908 | chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES | |
1909 | entries; | |
1910 | ok markus | |
6c276bb9 | 1911 | - jmc@cvs.openbsd.org 2006/01/04 18:45:01 |
1912 | [ssh.1] | |
1913 | remove .Xr's to rsh(1) and telnet(1): they are hardly needed; | |
926f6a7a | 1914 | - jmc@cvs.openbsd.org 2006/01/04 19:40:24 |
1915 | [ssh.1] | |
1916 | +.Xr ssh-keyscan 1 , | |
ccce91ef | 1917 | - jmc@cvs.openbsd.org 2006/01/04 19:50:09 |
1918 | [ssh.1] | |
1919 | -.Xr gzip 1 , | |
db382686 | 1920 | - djm@cvs.openbsd.org 2006/01/05 23:43:53 |
1921 | [misc.c] | |
1922 | check that stdio file descriptors are actually closed before clobbering | |
1923 | them in sanitise_stdfd(). problems occurred when a lower numbered fd was | |
1924 | closed, but higher ones weren't. spotted by, and patch tested by | |
1925 | Frédéric Olivié | |
0624a70b | 1926 | |
d3506f6d | 1927 | 20060103 |
1928 | - (djm) [channels.c] clean up harmless merge error, from reyk@ | |
1929 | ||
79e46360 | 1930 | 20060103 |
1931 | - (djm) OpenBSD CVS Sync | |
1932 | - jmc@cvs.openbsd.org 2006/01/02 17:09:49 | |
1933 | [ssh_config.5 sshd_config.5] | |
1934 | some corrections from michael knudsen; | |
1935 | ||
6f6cd507 | 1936 | 20060102 |
1937 | - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support | |
4b5e6c81 | 1938 | - (djm) OpenBSD CVS Sync |
1939 | - jmc@cvs.openbsd.org 2005/12/31 10:46:17 | |
1940 | [ssh.1] | |
1941 | merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER | |
1942 | AUTHENTICATION" sections into "AUTHENTICATION"; | |
1943 | some rewording done to make the text read better, plus some | |
1944 | improvements from djm; | |
1945 | ok djm | |
b92605e1 | 1946 | - jmc@cvs.openbsd.org 2005/12/31 13:44:04 |
1947 | [ssh.1] | |
1948 | clean up ENVIRONMENT a little; | |
20892533 | 1949 | - jmc@cvs.openbsd.org 2005/12/31 13:45:19 |
1950 | [ssh.1] | |
1951 | .Nm does not require an argument; | |
1f1fbbd8 | 1952 | - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 |
1953 | [includes.h misc.c] | |
1954 | move <net/if.h>; ok djm@ | |
81c042a3 | 1955 | - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 |
1956 | [misc.c] | |
1957 | no trailing "\n" for debug() | |
3eee3b86 | 1958 | - djm@cvs.openbsd.org 2006/01/02 01:20:31 |
1959 | [sftp-client.c sftp-common.h sftp-server.c] | |
1960 | use a common max. packet length, no binary change | |
b1b65311 | 1961 | - reyk@cvs.openbsd.org 2006/01/02 07:53:44 |
1962 | [misc.c] | |
1963 | clarify tun(4) opening - set the mode and bring the interface up. also | |
1964 | (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. | |
1965 | suggested and ok by djm@ | |
d141c93d | 1966 | - jmc@cvs.openbsd.org 2006/01/02 12:31:06 |
1967 | [ssh.1] | |
1968 | start to cut some duplicate info from FILES; | |
1969 | help/ok djm | |
6f6cd507 | 1970 | |
0f6cb079 | 1971 | 20060101 |
1972 | - (djm) [Makefile.in configure.ac includes.h misc.c] | |
1973 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support | |
1974 | for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is | |
1975 | limited to IPv4 tunnels only, and most versions don't support the | |
1976 | tap(4) device at all. | |
b5081213 | 1977 | - (djm) [configure.ac] Fix linux/if_tun.h test |
3aef38da | 1978 | - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too |
0f6cb079 | 1979 | |
1908529f | 1980 | 20051229 |
1981 | - (djm) OpenBSD CVS Sync | |
1982 | - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 | |
1983 | [canohost.c channels.c clientloop.c] | |
1984 | use 'break-in' for consistency; ok deraadt@ ok and input jmc@ | |
c1c6a032 | 1985 | - reyk@cvs.openbsd.org 2005/12/30 15:56:37 |
1986 | [channels.c channels.h clientloop.c] | |
1987 | add channel output filter interface. | |
1988 | ok djm@, suggested by markus@ | |
3da242db | 1989 | - jmc@cvs.openbsd.org 2005/12/30 16:59:00 |
1990 | [sftp.1] | |
1991 | do not suggest that interactive authentication will work | |
1992 | with the -b flag; | |
1993 | based on a diff from john l. scarfone; | |
1994 | ok djm | |
f470cf48 | 1995 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 |
1996 | [ssh.1] | |
1997 | document -MM; ok djm@ | |
e914f53a | 1998 | - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] |
1999 | [serverloop.c ssh.c openbsd-compat/Makefile.in] | |
2000 | [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding | |
2001 | compatability support for Linux, diff from reyk@ | |
c40f09ca | 2002 | - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does |
2003 | not exist | |
d91775e1 | 2004 | - (djm) [configure.ac] oops, make that linux/if_tun.h |
1908529f | 2005 | |
b5c428f0 | 2006 | 20051229 |
2007 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd | |
2008 | ||
6b0117fd | 2009 | 20051224 |
2010 | - (djm) OpenBSD CVS Sync | |
2011 | - jmc@cvs.openbsd.org 2005/12/20 21:59:43 | |
2012 | [ssh.1] | |
2013 | merge the sections on protocols 1 and 2 into one section on | |
2014 | authentication; | |
2015 | feedback djm dtucker | |
2016 | ok deraadt markus dtucker | |
5c5546be | 2017 | - jmc@cvs.openbsd.org 2005/12/20 22:02:50 |
2018 | [ssh.1] | |
2019 | .Ss -> .Sh: subsections have not made this page more readable | |
e6c7c03e | 2020 | - jmc@cvs.openbsd.org 2005/12/20 22:09:41 |
2021 | [ssh.1] | |
2022 | move info on ssh return values and config files up into the main | |
2023 | description; | |
e49f7abd | 2024 | - jmc@cvs.openbsd.org 2005/12/21 11:48:16 |
2025 | [ssh.1] | |
2026 | -L and -R descriptions are now above, not below, ~C description; | |
8770ef76 | 2027 | - jmc@cvs.openbsd.org 2005/12/21 11:57:25 |
2028 | [ssh.1] | |
2029 | options now described `above', rather than `later'; | |
6e1e9c73 | 2030 | - jmc@cvs.openbsd.org 2005/12/21 12:53:31 |
2031 | [ssh.1] | |
2032 | -Y does X11 forwarding too; | |
2033 | ok markus | |
6cd6c442 | 2034 | - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 |
2035 | [sshd.8] | |
2036 | clarify precedence of -p, Port, ListenAddress; ok and help jmc@ | |
0c9851b1 | 2037 | - jmc@cvs.openbsd.org 2005/12/22 10:31:40 |
2038 | [ssh_config.5] | |
2039 | put the description of "UsePrivilegedPort" in the correct place; | |
9bf41db3 | 2040 | - jmc@cvs.openbsd.org 2005/12/22 11:23:42 |
2041 | [ssh.1] | |
2042 | expand the description of -w somewhat; | |
2043 | help/ok reyk | |
86131206 | 2044 | - jmc@cvs.openbsd.org 2005/12/23 14:55:53 |
2045 | [ssh.1] | |
2046 | - sync the description of -e w/ synopsis | |
2047 | - simplify the description of -I | |
2048 | - note that -I is only available if support compiled in, and that it | |
2049 | isn't by default | |
2050 | feedback/ok djm@ | |
025fc42e | 2051 | - jmc@cvs.openbsd.org 2005/12/23 23:46:23 |
2052 | [ssh.1] | |
2053 | less mark up for -c; | |
678143bd | 2054 | - djm@cvs.openbsd.org 2005/12/24 02:27:41 |
2055 | [session.c sshd.c] | |
2056 | eliminate some code duplicated in privsep and non-privsep paths, and | |
2057 | explicitly clear SIGALRM handler; "groovy" deraadt@ | |
6b0117fd | 2058 | |
a2b1748a | 2059 | 20051220 |
2060 | - (dtucker) OpenBSD CVS Sync | |
2061 | - reyk@cvs.openbsd.org 2005/12/13 15:03:02 | |
2062 | [serverloop.c] | |
2063 | if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY | |
442c8b33 | 2064 | - jmc@cvs.openbsd.org 2005/12/16 18:07:08 |
2065 | [ssh.1] | |
2066 | move the option descriptions up the page: start of a restructure; | |
2067 | ok markus deraadt | |
e426efa9 | 2068 | - jmc@cvs.openbsd.org 2005/12/16 18:08:53 |
2069 | [ssh.1] | |
2070 | simplify a sentence; | |
28ca205d | 2071 | - jmc@cvs.openbsd.org 2005/12/16 18:12:22 |
2072 | [ssh.1] | |
2073 | make the description of -c a little nicer; | |
a55c1733 | 2074 | - jmc@cvs.openbsd.org 2005/12/16 18:14:40 |
2075 | [ssh.1] | |
2076 | signpost the protocol sections; | |
8918b906 | 2077 | - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 |
2078 | [ssh_config.5 session.c] | |
2079 | spelling: fowarding, fowarded | |
551ed07c | 2080 | - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 |
2081 | [ssh_config.5] | |
2082 | spelling: intented -> intended | |
3aa43b24 | 2083 | - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 |
2084 | [ssh.c] | |
2085 | exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ | |
a2b1748a | 2086 | |
e5146707 | 2087 | 20051219 |
2088 | - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac | |
2089 | openbsd-compat/openssl-compat.h] Check for and work around broken AES | |
2090 | ciphers >128bit on (some) Solaris 10 systems. ok djm@ | |
2091 | ||
2f89281c | 2092 | 20051217 |
2093 | - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which | |
2094 | scp.c also uses, so undef them here. | |
31b0732a | 2095 | - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our |
2096 | snprintf replacement can have a conflicting declaration in HP-UX's system | |
2097 | headers (const vs. no const) so we now check for and work around it. Patch | |
2098 | from the dynamic duo of David Leonard and Ted Percival. | |
2f89281c | 2099 | |
9fed02d8 | 2100 | 20051214 |
2101 | - (dtucker) OpenBSD CVS Sync (regress/) | |
2102 | - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 | |
2103 | [regress/scp-ssh-wrapper.sh] | |
2104 | Fix assumption about how many args scp will pass; ok djm@ | |
2105 | ||
d7cf99ff | 2106 | 20051213 |
2107 | - (djm) OpenBSD CVS Sync | |
2108 | - jmc@cvs.openbsd.org 2005/11/30 11:18:27 | |
2109 | [ssh.1] | |
2110 | timezone -> time zone | |
04ac3e62 | 2111 | - jmc@cvs.openbsd.org 2005/11/30 11:45:20 |
2112 | [ssh.1] | |
2113 | avoid ambiguities in describing TZ; | |
2114 | ok djm@ | |
d20f3c9e | 2115 | - reyk@cvs.openbsd.org 2005/12/06 22:38:28 |
2116 | [auth-options.c auth-options.h channels.c channels.h clientloop.c] | |
2117 | [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] | |
2118 | [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] | |
2119 | [sshconnect.h sshd.8 sshd_config sshd_config.5] | |
2120 | Add support for tun(4) forwarding over OpenSSH, based on an idea and | |
2121 | initial channel code bits by markus@. This is a simple and easy way to | |
2122 | use OpenSSH for ad hoc virtual private network connections, e.g. | |
2123 | administrative tunnels or secure wireless access. It's based on a new | |
2124 | ssh channel and works similar to the existing TCP forwarding support, | |
2125 | except that it depends on the tun(4) network interface on both ends of | |
2126 | the connection for layer 2 or layer 3 tunneling. This diff also adds | |
2127 | support for LocalCommand in the ssh(1) client. | |
d20f3c9e | 2128 | ok djm@, markus@, jmc@ (manpages), tested and discussed with others |
ceec33f3 | 2129 | - djm@cvs.openbsd.org 2005/12/07 03:52:22 |
2130 | [clientloop.c] | |
2131 | reyk forgot to compile with -Werror (missing header) | |
985bb789 | 2132 | - jmc@cvs.openbsd.org 2005/12/07 10:52:13 |
2133 | [ssh.1] | |
2134 | - avoid line split in SYNOPSIS | |
2135 | - add args to -w | |
2136 | - kill trailing whitespace | |
64925c6d | 2137 | - jmc@cvs.openbsd.org 2005/12/08 14:59:44 |
2138 | [ssh.1 ssh_config.5] | |
2139 | make `!command' a little clearer; | |
2140 | ok reyk | |
030723f9 | 2141 | - jmc@cvs.openbsd.org 2005/12/08 15:06:29 |
2142 | [ssh_config.5] | |
2143 | keep options in order; | |
a4f24bf8 | 2144 | - reyk@cvs.openbsd.org 2005/12/08 18:34:11 |
2145 | [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] | |
2146 | [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] | |
2147 | two changes to the new ssh tunnel support. this breaks compatibility | |
2148 | with the initial commit but is required for a portable approach. | |
2149 | - make the tunnel id u_int and platform friendly, use predefined types. | |
2150 | - support configuration of layer 2 (ethernet) or layer 3 | |
2151 | (point-to-point, default) modes. configuration is done using the | |
2152 | Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and | |
2153 | restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option | |
2154 | in sshd_config(5). | |
2155 | ok djm@, man page bits by jmc@ | |
a274ba38 | 2156 | - jmc@cvs.openbsd.org 2005/12/08 21:37:50 |
2157 | [ssh_config.5] | |
2158 | new sentence, new line; | |
b872f7f0 | 2159 | - markus@cvs.openbsd.org 2005/12/12 13:46:18 |
2160 | [channels.c channels.h session.c] | |
2161 | make sure protocol messages for internal channels are ignored. | |
2162 | allow adjust messages for non-open channels; with and ok djm@ | |
6306853a | 2163 | - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable |
2164 | again by providing a sys_tun_open() function for your platform and | |
2165 | setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match | |
2166 | OpenBSD's tunnel protocol, which prepends the address family to the | |
2167 | packet | |
d7cf99ff | 2168 | |
fbc06315 | 2169 | 20051201 |
2170 | - (djm) [envpass.sh] Remove regress script that was accidentally committed | |
2171 | in top level directory and not noticed for over a year :) | |
2172 | ||
6e94bd72 | 2173 | 20051129 |
2174 | - (tim) [ssh-keygen.c] Move DSA length test after setting default when | |
2175 | bits == 0. | |
60dc0294 | 2176 | - (dtucker) OpenBSD CVS Sync |
2177 | - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 | |
2178 | [ssh-keygen.c] | |
2179 | Populate default key sizes before checking them; from & ok tim@ | |
e45da4d6 | 2180 | - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) |
2181 | for UnixWare. | |
6e94bd72 | 2182 | |
b7bb251f | 2183 | 20051128 |
2184 | - (dtucker) [regress/yes-head.sh] Work around breakage caused by some | |
2185 | versions of GNU head. Based on patch from zappaman at buraphalinux.org | |
8b396721 | 2186 | - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use |
2187 | _GNU_SOURCE instead. Patch from t8m at centrum.cz. | |
c6d7b211 | 2188 | - (dtucker) OpenBSD CVS Sync |
2189 | - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 | |
2190 | [ssh-keygen.1 ssh-keygen.c] | |
2191 | Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, | |
2192 | increase minumum RSA key size to 768 bits and update man page to reflect | |
2193 | these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), | |
2194 | ok djm@, grudging ok deraadt@. | |
98e93fbc | 2195 | - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 |
2196 | [ssh-agent.1] | |
2197 | Update agent socket path templates to reflect reality, correct xref for | |
2198 | time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ | |
b7bb251f | 2199 | |
961c2997 | 2200 | 20051126 |
2201 | - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, | |
2202 | when they're available) need the real UID set otherwise pam_chauthtok will | |
2203 | set ADMCHG after changing the password, forcing the user to change it | |
2204 | again immediately. | |
2205 | ||
ccc45ee0 | 2206 | 20051125 |
2207 | - (dtucker) [configure.ac] Apply tim's fix for older systems where the | |
2208 | resolver state in resolv.h is "state" not "__res_state". With slight | |
2209 | modification by me to also work on old AIXes. ok djm@ | |
419094c6 | 2210 | - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for |
2211 | snprintf formats, fixes warnings on some 64 bit platforms. Patch from | |
2212 | shaw at vranix.com, ok djm@ | |
ccc45ee0 | 2213 | |
2214 | 20051124 | |
9a406e1e | 2215 | - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c |
2216 | openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an | |
2217 | asprintf() implementation, after syncing our {v,}snprintf() implementation | |
2218 | with some extra fixes from Samba's version. With help and debugging from | |
2219 | dtucker and tim; ok dtucker@ | |
d08db6d1 | 2220 | - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument |
2221 | order in Reliant Unix block. Patch from johane at lysator.liu.se. | |
d77c7dff | 2222 | - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so |
2223 | many and use them only once. Speeds up testing on older/slower hardware. | |
9a406e1e | 2224 | |
932ab351 | 2225 | 20051122 |
2226 | - (dtucker) OpenBSD CVS Sync | |
2227 | - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 | |
2228 | [ssh-add.c] | |
2229 | space | |
29accf74 | 2230 | - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 |
2231 | [scp.c] | |
2232 | avoid close(-1), as in rcp; ok cloder | |
a001f9d7 | 2233 | - millert@cvs.openbsd.org 2005/11/15 11:59:54 |
2234 | [includes.h] | |
2235 | Include sys/queue.h explicitly instead of assuming some other header | |
2236 | will pull it in. At the moment it gets pulled in by sys/select.h | |
2237 | (which ssh has no business including) via event.h. OK markus@ | |
2238 | (ID sync only in -portable) | |
426cef74 | 2239 | - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 |
2240 | [auth-krb5.c] | |
2241 | Perform Kerberos calls even for invalid users to prevent leaking | |
2242 | information about account validity. bz #975, patch originally from | |
2243 | Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, | |
2244 | ok markus@ | |
18f8ef7a | 2245 | - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 |
2246 | [hostfile.c] | |
2247 | Correct format/arguments to debug call; spotted by shaw at vranix.com | |
2248 | ok djm@ | |
dfde7f6e | 2249 | - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch |
2250 | from shaw at vranix.com. | |
932ab351 | 2251 | |
60e10887 | 2252 | 20051120 |
2253 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what | |
2254 | is going on. | |
2255 | ||
4162eae5 | 2256 | 20051112 |
2257 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific | |
2258 | ifdef lost during sync. Spotted by tim@. | |
f97dc218 | 2259 | - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. |
eeee8237 | 2260 | - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. |
23361281 | 2261 | - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ |
29aaf112 | 2262 | - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure |
2263 | test: if sshd takes too long to reconfigure the subsequent connection will | |
2264 | fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. | |
4162eae5 | 2265 | |
e1658b5c | 2266 | 20051110 |
b69585d9 | 2267 | - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from |
e1658b5c | 2268 | OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of |
2269 | "register"). | |
b69585d9 | 2270 | - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove |
7b2dcf21 | 2271 | unnecessary prototype. |
b69585d9 | 2272 | - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c |
2273 | revs 1.7 - 1.9. | |
c080bed1 | 2274 | - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. |
2275 | Patch from djm@. | |
dbf07ba2 | 2276 | - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ |
2277 | since they're not useful right now. Patch from djm@. | |
242652fe | 2278 | - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI |
2279 | prototypes, removal of "register"). | |
432e59f9 | 2280 | - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal |
2281 | of "register"). | |
f6d4fb87 | 2282 | - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to |
2283 | after the copyright notices. Having them at the top next to the CVSIDs | |
2284 | guarantees a conflict for each and every sync. | |
e4f65477 | 2285 | - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. |
bfd4a832 | 2286 | - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. |
bc16ca63 | 2287 | - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. |
2288 | Removal of rcsid, "whiteout" inode type. | |
7dfb4a82 | 2289 | - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. |
2290 | Removal of rcsid, will no longer strlcpy parts of the string. | |
d8922805 | 2291 | - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. |
4ff445f1 | 2292 | - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. |
e1829842 | 2293 | - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. |
625552b8 | 2294 | - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. |
a65ea33b | 2295 | - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. |
b84a707a | 2296 | - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. |
281bbb02 | 2297 | - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. |
16d51c41 | 2298 | - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up |
2299 | with OpenBSD code since we don't support platforms without fstat any more. | |
b53df919 | 2300 | - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. |
68b36828 | 2301 | - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. |
2302 | - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. | |
fc1c42f3 | 2303 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. |
0695e921 | 2304 | - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. |
3c8f7a26 | 2305 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. |
5bf337a5 | 2306 | - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. |
8c603515 | 2307 | - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. |
c9d7b187 | 2308 | - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. |
295034ce | 2309 | - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. |
3e6325a6 | 2310 | - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. |
2311 | Id and copyright sync only, there were no substantial changes we need. | |
8d767ef2 | 2312 | - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] |
6bd2d8e5 | 2313 | -Wsign-compare fixes from djm. |
e1b4416e | 2314 | - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. |
2315 | Id and copyright sync only, there were no substantial changes we need. | |
cd595991 | 2316 | - (dtucker) [configure.ac] Try to get the gcc version number in a way that |
2317 | doesn't change between versions, and use a safer default. | |
e1658b5c | 2318 | |
255d3e00 | 2319 | 20051105 |
2320 | - (djm) OpenBSD CVS Sync | |
2321 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | |
2322 | [ssh-keygen.c] | |
2323 | change DSA default back to 1024, as it's defined for 1024 bits only | |
2324 | and this causes interop problems with other clients. moreover, | |
2325 | in order to improve the security of DSA you need to change more | |
2326 | components of DSA key generation (e.g. the internal SHA1 hash); | |
2327 | ok deraadt | |
8cd0437d | 2328 | - djm@cvs.openbsd.org 2005/10/10 10:23:08 |
2329 | [channels.c channels.h clientloop.c serverloop.c session.c] | |
2330 | fix regression I introduced in 4.2: X11 forwardings initiated after | |
2331 | a session has exited (e.g. "(sleep 5; xterm) &") would not start. | |
2332 | bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ | |
442aee3a | 2333 | - djm@cvs.openbsd.org 2005/10/11 23:37:37 |
2334 | [channels.c] | |
2335 | bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing | |
2336 | bind() failure when a previous connection's listeners are in TIME_WAIT, | |
2337 | reported by plattner AT inf.ethz.ch; ok dtucker@ | |
b96eade6 | 2338 | - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 |
2339 | [auth2-gss.c gss-genr.c gss-serv.c] | |
2340 | remove unneeded #includes; ok markus@ | |
6e902aec | 2341 | - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 |
2342 | [gss-serv.c] | |
2343 | spelling in comments | |
6472fefc | 2344 | - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 |
2345 | [gss-serv-krb5.c gss-serv.c] | |
2346 | unused declarations; ok deraadt@ | |
2347 | (id sync only for gss-serv-krb5.c) | |
adf8c40b | 2348 | - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 |
2349 | [dns.c] | |
2350 | unneeded #include, unused declaration, little knf; ok deraadt@ | |
8442cc66 | 2351 | - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 |
2352 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c] | |
2353 | KNF; ok djm@ | |
17318dd6 | 2354 | - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 |
2355 | [ssh-keygen.c ssh.c sshconnect2.c] | |
2356 | no trailing "\n" for log functions; ok djm@ | |
8c4bd764 | 2357 | - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 |
2358 | [channels.c clientloop.c] | |
2359 | free()->xfree(); ok djm@ | |
ed82a2a9 | 2360 | - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 |
2361 | [sshconnect.c] | |
2362 | make external definition static; ok deraadt@ | |
7238b6e4 | 2363 | - stevesk@cvs.openbsd.org 2005/10/17 13:45:05 |
2364 | [dns.c] | |
2365 | fix memory leaks from 2 sources: | |
2366 | 1) key_fingerprint_raw() | |
2367 | 2) malloc in dns_read_rdata() | |
2368 | ok jakob@ | |
2369 | - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 | |
2370 | [dns.c] | |
2371 | remove #ifdef LWRES; ok jakob@ | |
8374cf6f | 2372 | - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 |
2373 | [dns.c dns.h] | |
2374 | more cleanups; ok jakob@ | |
6b0b0d65 | 2375 | - djm@cvs.openbsd.org 2005/10/30 01:23:19 |
2376 | [ssh_config.5] | |
2377 | mention control socket fallback behaviour, reported by | |
2378 | tryponraj AT gmail.com | |
2995db03 | 2379 | - djm@cvs.openbsd.org 2005/10/30 04:01:03 |
2380 | [ssh-keyscan.c] | |
2381 | make ssh-keygen discard junk from server before SSH- ident, spotted by | |
2382 | dave AT cirt.net; ok dtucker@ | |
aa9bc1de | 2383 | - djm@cvs.openbsd.org 2005/10/30 04:03:24 |
2384 | [ssh.c] | |
2385 | fix misleading debug message; ok dtucker@ | |
3a85986d | 2386 | - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 |
2387 | [canohost.c sshd.c] | |
2388 | Check for connections with IP options earlier and drop silently. ok djm@ | |
db98627d | 2389 | - jmc@cvs.openbsd.org 2005/10/30 08:43:47 |
2390 | [ssh_config.5] | |
2391 | remove trailing whitespace; | |
7b9b0103 | 2392 | - djm@cvs.openbsd.org 2005/10/30 08:52:18 |
2393 | [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] | |
2394 | [ssh.c sshconnect.c sshconnect1.c sshd.c] | |
2395 | no need to escape single quotes in comments, no binary change | |
bdd3b323 | 2396 | - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 |
2397 | [sftp.c] | |
2398 | Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ | |
882c9d5a | 2399 | - djm@cvs.openbsd.org 2005/10/31 11:12:49 |
2400 | [ssh-keygen.1 ssh-keygen.c] | |
2401 | generate a protocol 2 RSA key by default | |
6af12d46 | 2402 | - djm@cvs.openbsd.org 2005/10/31 11:48:29 |
2403 | [serverloop.c] | |
2404 | make sure we clean up wtmp, etc. file when we receive a SIGTERM, | |
2405 | SIGINT or SIGQUIT when running without privilege separation (the | |
2406 | normal privsep case is already OK). Patch mainly by dtucker@ and | |
2407 | senthilkumar_sen AT hotpop.com; ok dtucker@ | |
3543c5e1 | 2408 | - jmc@cvs.openbsd.org 2005/10/31 19:55:25 |
2409 | [ssh-keygen.1] | |
2410 | grammar; | |
0bbbf2a4 | 2411 | - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 |
2412 | [canohost.c] | |
2413 | Cache reverse lookups with and without DNS separately; ok markus@ | |
47e5dc72 | 2414 | - djm@cvs.openbsd.org 2005/11/04 05:15:59 |
2415 | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] | |
2416 | remove hardcoded hash lengths in key exchange code, allowing | |
2417 | implementation of KEX methods with different hashes (e.g. SHA-256); | |
2418 | ok markus@ dtucker@ stevesk@ | |
27e3ef36 | 2419 | - djm@cvs.openbsd.org 2005/11/05 05:01:15 |
2420 | [bufaux.c] | |
2421 | Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT | |
2422 | cs.stanford.edu; ok dtucker@ | |
e557f3b5 | 2423 | - (dtucker) [README.platform] Add PAM section. |
ebb049f1 | 2424 | - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, |
2425 | resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; | |
2426 | ok dtucker@ | |
255d3e00 | 2427 | |
bd2a0801 | 2428 | 20051102 |
2429 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | |
2430 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | |
2431 | via FreeBSD. | |
2432 | ||
5097eaa9 | 2433 | 20051030 |
2434 | - (djm) [contrib/suse/openssh.spec contrib/suse/rc. | |
2435 | sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init | |
2436 | files from imorgan AT nas.nasa.gov | |
0a61a240 | 2437 | - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is |
2438 | enabled, instead allow PAM to handle it. Note that on platforms using PAM, | |
2439 | the pam_nologin module should be added to sshd's session stack in order to | |
2440 | maintain exising behaviour. Based on patch and discussion from t8m at | |
2441 | centrum.cz, ok djm@ | |
5097eaa9 | 2442 | |
90f15776 | 2443 | 20051025 |
2444 | - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the | |
2445 | sizeof(long long) checks, to make fixing bug #1104 easier (no changes | |
2446 | yet). | |
d75dfaa6 | 2447 | - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't |
2448 | understand "%lld", even though the compiler has "long long", so handle | |
2449 | it as a special case. Patch tested by mcaskill.scott at epa.gov. | |
b8bc9d84 | 2450 | - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no |
2451 | prompt. Patch from vinschen at redhat.com. | |
90f15776 | 2452 | |
b0e7249f | 2453 | 20051017 |
2454 | - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. | |
2455 | /etc/default/login report and testing from aabaker at iee.org, corrections | |
2456 | from tim@. | |
2457 | ||
8034a348 | 2458 | 20051009 |
2459 | - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current | |
2460 | versions from OpenBSD. ok djm@ | |
2461 | ||
83f987c3 | 2462 | 20051008 |
2463 | - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from | |
2464 | brian.smith at agilent com. | |
1012885d | 2465 | - (djm) [configure.ac] missing 'test' call for -with-Werror test |
83f987c3 | 2466 | |
278f9900 | 2467 | 20051005 |
2468 | - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended | |
2469 | "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and | |
2470 | senthilkumar_sen at hotpop.com. | |
2471 | ||
59e5aff5 | 2472 | 20051003 |
2473 | - (dtucker) OpenBSD CVS Sync | |
2474 | - markus@cvs.openbsd.org 2005/09/07 08:53:53 | |
2475 | [channels.c] | |
2476 | enforce chanid != NULL; ok djm | |
b5443199 | 2477 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 |
2478 | [clientloop.c] | |
2479 | typo; from mark at mcs.vuw.ac.nz, bug #1082 | |
fd6168c1 | 2480 | - djm@cvs.openbsd.org 2005/09/13 23:40:07 |
2481 | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c | |
2482 | scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] | |
2483 | ensure that stdio fds are attached; ok deraadt@ | |
5ddc5eb4 | 2484 | - djm@cvs.openbsd.org 2005/09/19 11:37:34 |
2485 | [ssh_config.5 ssh.1] | |
2486 | mention ability to specify bind_address for DynamicForward and -D options; | |
2487 | bz#1077 spotted by Haruyama Seigo | |
d77dd4d7 | 2488 | - djm@cvs.openbsd.org 2005/09/19 11:47:09 |
2489 | [sshd.c] | |
2490 | stop connection abort on rekey with delayed compression enabled when | |
2491 | post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ | |
67003554 | 2492 | - djm@cvs.openbsd.org 2005/09/19 11:48:10 |
2493 | [gss-serv.c] | |
2494 | typo | |
37c406a8 | 2495 | - jmc@cvs.openbsd.org 2005/09/19 15:38:27 |
2496 | [ssh.1] | |
2497 | some more .Bk/.Ek to avoid ugly line split; | |
80e29ee6 | 2498 | - jmc@cvs.openbsd.org 2005/09/19 15:42:44 |
2499 | [ssh.c] | |
2500 | update -D usage here too; | |
2915e42b | 2501 | - djm@cvs.openbsd.org 2005/09/19 23:31:31 |
2502 | [ssh.1] | |
2503 | spelling nit from stevesk@ | |
0d3d1077 | 2504 | - djm@cvs.openbsd.org 2005/09/21 23:36:54 |
2505 | [sshd_config.5] | |
2506 | aquire -> acquire, from stevesk@ | |
ae25711b | 2507 | - djm@cvs.openbsd.org 2005/09/21 23:37:11 |
2508 | [sshd.c] | |
2509 | change label at markus@'s request | |
8f921a4a | 2510 | - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 |
2511 | [ssh-keyscan.1] | |
2512 | deploy .An -nosplit; ok jmc | |
d2130e1f | 2513 | - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 |
2514 | [canohost.c] | |
2515 | Relocate check_ip_options call to prevent logging of garbage for | |
2516 | connections with IP options set. bz#1092 from David Leonard, | |
2517 | "looks good" deraadt@ | |
1172d361 | 2518 | - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp |
2519 | is required in the system path for the multiplex test to work. | |
59e5aff5 | 2520 | |
bfd17430 | 2521 | 20050930 |
2522 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype | |
2523 | for strtoll. Patch from o.flebbe at science-computing.de. | |
cfb60d3a | 2524 | - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep |
2525 | child during PAM account check without clearing it. This restores the | |
2526 | post-login warnings such as LDAP password expiry. Patch from Tomas Mraz | |
2527 | with help from several others. | |
bfd17430 | 2528 | |
140da888 | 2529 | 20050929 |
2530 | - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg | |
2531 | introduced during sync. | |
2532 | ||
4ebacf50 | 2533 | 20050928 |
2534 | - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. | |
cafa6a80 | 2535 | - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from |
2536 | PAM via keyboard-interactive. Patch tested by the folks at Vintela. | |
4ebacf50 | 2537 | |
759ab0d9 | 2538 | 20050927 |
2539 | - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid | |
2540 | calls, since they can't possibly fail. ok djm@ | |
72f02ae7 | 2541 | - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed |
2542 | process when sshd relies on ssh-random-helper. Should result in faster | |
2543 | logins on systems without a real random device or prngd. ok djm@ | |
759ab0d9 | 2544 | |
b6c37221 | 2545 | 20050924 |
2546 | - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove | |
2547 | duplicate call. ok djm@ | |
2548 | ||
bb116c8e | 2549 | 20050922 |
2550 | - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from | |
2551 | skeleten at shillest.net. | |
e47fb473 | 2552 | - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at |
2553 | shillest.net. | |
bb116c8e | 2554 | |
3466e002 | 2555 | 20050919 |
2556 | - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to | |
2557 | AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. | |
f666dcfa | 2558 | ok dtucker@ |
3466e002 | 2559 | |
f5555364 | 2560 | 20050912 |
2561 | - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by | |
2562 | Mike Frysinger. | |
2563 | ||
d2a3abef | 2564 | 20050908 |
2565 | - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to | |
2566 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | |
2567 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | |
2568 | ||
0b202697 | 2569 | $Id$ |