[openssh.git] / ChangeLog

19991125
 - More reformatting merged from OpenBSD CVS
 - Merged OpenBSD CVS changes:
   - [channels.c]
     fix packet_integrity_check() for !have_hostname_in_open.
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
 - Added BSD compatible install program and autoconf test, thanks to
   Niels Kristian Bech Jensen <nkbj@image.dk>
 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>

19991124
 - Merged very large OpenBSD source code reformat
 - OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu

19991123
 - Added SuSE package files from Chris Saia <csaia@wtower.com>
 - Restructured package-related files under packages/*
 - Added generic PAM config
 - Numerous little Solaris fixes
 - Add recommendation to use GNU make to INSTALL document

19991122
 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
 - OpenBSD CVS Changes
   - [ssh-keygen.c] 
     don't create ~/.ssh only if the user wants to store the private 
     key there. show fingerprint instead of public-key after 
     keygeneration. ok niels@
 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
 - Added timersub() macro
 - Tidy RCSIDs of bsd-*.c
 - Added autoconf test and macro to deal with old PAM libraries 
   pam_strerror definition (one arg vs two).
 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
 - Retry /dev/urandom reads interrupted by signal (report from 
   Robert Hardy <rhardy@webcon.net>)
 - Added a setenv replacement for systems which lack it
 - Only display public key comment when presenting ssh-askpass dialog
 - Released 1.2pre14

 - Configure, Make and changelog corrections from Tudor Bosman 
   <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>

19991121
 - OpenBSD CVS Changes:
   - [channels.c]
     make this compile, bad markus
   - [log.c readconf.c servconf.c ssh.h]
     bugfix: loglevels are per host in clientconfig,
     factor out common log-level parsing code.
   - [servconf.c]
     remove unused index (-Wall)
   - [ssh-agent.c]
     only one 'extern char *__progname'
   - [sshd.8]
     document SIGHUP, -Q to synopsis
   - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
     [channels.c clientloop.c]
     SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
     [hope this time my ISP stays alive during commit]
   - [OVERVIEW README] typos; green@freebsd
   - [ssh-keygen.c]
     replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
     exit if writing the key fails (no infinit loop)
     print usage() everytime we get bad options
   - [ssh-keygen.c] overflow, djm@mindrot.org
   - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
     
19991120
 - Merged more Solaris support from Marc G. Fournier 
   <marc.fournier@acadiau.ca>
 - Wrote autoconf tests for integer bit-types
 - Fixed enabling kerberos support
 - Fix segfault in ssh-keygen caused by buffer overrun in filename 
   handling.

19991119
 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
 - Merged OpenBSD CVS changes
   - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
     more %d vs. %s in fmt-strings
   - [authfd.c]
     Integers should not be printed with %s
 - EGD uses a socket, not a named pipe. Duh.
 - Fix includes in fingerprint.c
 - Fix scp progress bar bug again.
 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of 
   David Rankin <drankin@bohemians.lexington.ky.us>
 - Added autoconf option to enable Kerberos 4 support (untested)
 - Added autoconf option to enable AFS support (untested)
 - Added autoconf option to enable S/Key support (untested)
 - Added autoconf option to enable TCP wrappers support (compiles OK)
 - Renamed BSD helper function files to bsd-*
 - Added tests for login and daemon and enable OpenBSD replacements for 
   when they are absent.
 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>

19991118
 - Merged OpenBSD CVS changes
   - [scp.c] foregroundproc() in scp
   - [sshconnect.h] include fingerprint.h
   - [sshd.c] bugfix: the log() for passwd-auth escaped during logging 
     changes.
   - [ssh.1] Spell my name right.
 - Added openssh.com info to README

19991117
 - Merged OpenBSD CVS changes
   - [ChangeLog.Ylonen] noone needs this anymore
   - [authfd.c] close-on-exec for auth-socket, ok deraadt
   - [hostfile.c] 
     in known_hosts key lookup the entry for the bits does not need 
     to match, all the information is contained in n and e. This 
     solves the problem with buggy servers announcing the wrong 
     modulus length.  markus and me.
   - [serverloop.c] 
     bugfix: check for space if child has terminated, from: 
     iedowse@maths.tcd.ie
   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
     [fingerprint.c fingerprint.h]
     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
   - [ssh-agent.1] typo
   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
   - [sshd.c] 
     force logging to stderr while loading private key file
     (lost while converting to new log-levels)

19991116
 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
 - Merged OpenBSD CVS changes:
   - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
     the keysize of rsa-parameter 'n' is passed implizit,
     a few more checks and warnings about 'pretended' keysizes.
   - [cipher.c cipher.h packet.c packet.h sshd.c]
     remove support for cipher RC4
   - [ssh.c]
     a note for legay systems about secuity issues with permanently_set_uid(),
     the private hostkey and ptrace()
   - [sshconnect.c]
     more detailed messages about adding and checking hostkeys

19991115
 - Merged OpenBSD CVS changes:
   - [ssh-add.c] change passphrase loop logic and remove ref to 
     $DISPLAY, ok niels
 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
   modular. 
 - Revised autoconf support for enabling/disabling askpass support.
 - Merged more OpenBSD CVS changes:
	[auth-krb4.c]
	  - disconnect if getpeername() fails
	  - missing xfree(*client)
	[canohost.c]
	  - disconnect if getpeername() fails
	  - fix comment: we _do_ disconnect if ip-options are set
	[sshd.c]
	  - disconnect if getpeername() fails
	  - move checking of remote port to central place
	[auth-rhosts.c] move checking of remote port to central place
	[log-server.c] avoid extra fd per sshd, from millert@
	[readconf.c] print _all_ bad config-options in ssh(1), too
	[readconf.h] print _all_ bad config-options in ssh(1), too
	[ssh.c] print _all_ bad config-options in ssh(1), too
	[sshconnect.c] disconnect if getpeername() fails
 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
 - Various small cleanups to bring diff (against OpenBSD) size down.
 - Merged more Solaris compability from Marc G. Fournier
   <marc.fournier@acadiau.ca>
 - Wrote autoconf tests for __progname symbol
 - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
 - Released 1.2pre12

 - Another OpenBSD CVS update:
   - [ssh-keygen.1] fix .Xr

19991114
 - Solaris compilation fixes (still imcomplete)

19991113
 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
   - Don't install config files if they already exist
   - Fix inclusion of additional preprocessor directives from acconfig.h
 - Removed redundant inclusions of config.h
 - Added 'Obsoletes' lines to RPM spec file
 - Merged OpenBSD CVS changes:
   - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
   - [scp.c] fix overflow reported by damien@ibs.com.au: off_t 
     totalsize, ok niels,aaron
 - Delay fork (-f option) in ssh until after port forwarded connections 
   have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
 - Tidied default config file some more
 - Revised Redhat initscript to fix bug: sshd (re)start would fail
   if executed from inside a ssh login.

19991112
 - Merged changes from OpenBSD CVS
   - [sshd.c] session_key_int may be zero
   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok 
     deraadt,millert
 - Brought default sshd_config more in line with OpenBSD's
 - Grab server in gnome-ssh-askpass (Debian bug #49872)
 - Released 1.2pre10

 - Added INSTALL documentation
 - Merged yet more changes from OpenBSD CVS
   - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
     [ssh.c ssh.h sshconnect.c sshd.c]
     make all access to options via 'extern Options options'
     and 'extern ServerOptions options' respectively;
     options are no longer passed as arguments:
      * make options handling more consistent
      * remove #include "readconf.h" from ssh.h
      * readconf.h is only included if necessary
   - [mpaux.c] clear temp buffer
   - [servconf.c] print _all_ bad options found in configfile
 - Make ssh-askpass support optional through autoconf
 - Fix nasty division-by-zero error in scp.c
 - Released 1.2pre11

19991111
 - Added (untested) Entropy Gathering Daemon (EGD) support
 - Fixed /dev/urandom fd leak (Debian bug #49722)
 - Merged OpenBSD CVS changes:
   - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
   - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
   - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
 - Fix integer overflow which was messing up scp's progress bar for large 
   file transfers. Fix submitted to OpenBSD developers.
 - Merged more OpenBSD CVS changes:
   - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() 
     + krb-cleanup cleanup
   - [clientloop.c log-client.c log-server.c ]
     [readconf.c readconf.h servconf.c servconf.h ]
     [ssh.1 ssh.c ssh.h sshd.8]
     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
     obsoletes QuietMode and FascistLogging in sshd.
   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
     allow session_key_int != sizeof(session_key)
     [this should fix the pre-assert-removal-core-files]
 - Updated default config file to use new LogLevel option and to improve
   readability

19991110
 - Merged several minor fixes:
   - ssh-agent commandline parsing
   - RPM spec file now installs ssh setuid root
   - Makefile creates libdir
   - Merged beginnings of Solaris compability from Marc G. Fournier
     <marc.fournier@acadiau.ca>

19991109
 - Autodetection of SSL/Crypto library location via autoconf
 - Fixed location of ssh-askpass to follow autoconf
 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
 - Autodetection of RSAref library for US users
 - Minor doc updates
 - Merged OpenBSD CVS changes:
   - [rsa.c] bugfix: use correct size for memset()
   - [sshconnect.c] warn if announced size of modulus 'n' != real size
 - Added GNOME passphrase requestor (use --with-gnome-askpass)
 - RPM build now creates subpackages
 - Released 1.2pre9

19991108
 - Removed debian/ directory. This is now being maintained separately.
 - Added symlinks for slogin in RPM spec file
 - Fixed permissions on manpages in RPM spec file
 - Added references to required libraries in README file
 - Removed config.h.in from CVS
 - Removed pwdb support (better pluggable auth is provided by glibc)
 - Made PAM and requisite libdl optional
 - Removed lots of unnecessary checks from autoconf
 - Added support and autoconf test for openpty() function (Unix98 pty support)
 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
 - Added TODO file
 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
   - Added ssh-askpass program
   - Added ssh-askpass support to ssh-add.c
   - Create symlinks for slogin on install
   - Fix "distclean" target in makefile
   - Added example for ssh-agent to manpage
   - Added support for PAM_TEXT_INFO messages
   - Disable internal /etc/nologin support if PAM enabled
 - Merged latest OpenBSD CVS changes:
   - [all] replace assert() with error, fatal or packet_disconnect
   - [sshd.c] don't send fail-msg but disconnect if too many authentication
     failures
   - [sshd.c] remove unused argument. ok dugsong
   - [sshd.c] typo
   - [rsa.c] clear buffers used for encryption. ok: niels
   - [rsa.c] replace assert() with error, fatal or packet_disconnect
   - [auth-krb4.c] remove unused argument. ok dugsong
 - Fixed coredump after merge of OpenBSD rsa.c patch
 - Released 1.2pre8

19991102
 - Merged change from OpenBSD CVS
  - One-line cleanup in sshd.c

19991030
 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
 - Merged latest updates for OpenBSD CVS:
   - channels.[ch] - remove broken x11 fix and document istate/ostate
   - ssh-agent.c - call setsid() regardless of argv[]
   - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
 - Documentation cleanups
 - Renamed README -> README.Ylonen
 - Renamed README.openssh ->README

19991029
 - Renamed openssh* back to ssh* at request of Theo de Raadt
 - Incorporated latest changes from OpenBSD's CVS
 - Integrated Makefile patch from  Niels Kristian Bech Jensen <nkbj@image.dk>
 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
 - Make distclean now removed configure script
 - Improved PAM logging
 - Added some debug() calls for PAM
 - Removed redundant subdirectories
 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for 
   building on Debian.
 - Fixed off-by-one error in PAM env patch
 - Released 1.2pre6

19991028
 - Further PAM enhancements.
   - Much cleaner
   - Now uses account and session modules for all logins.
 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
   - Build fixes
   - Autoconf
   - Change binary names to open*
 - Fixed autoconf script to detect PAM on RH6.1
 - Added tests for libpwdb, and OpenBSD functions to autoconf
 - Released 1.2pre4

 - Imported latest OpenBSD CVS code
 - Updated README.openssh
 - Released 1.2pre5

19991027
 - Adapted PAM patch.
 - Released 1.0pre2

 - Excised my buggy replacements for strlcpy and mkdtemp
 - Imported correct OpenBSD strlcpy and mkdtemp routines.
 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
 - Picked up correct version number from OpenBSD
 - Added sshd.pam PAM configuration file
 - Added sshd.init Redhat init script
 - Added openssh.spec RPM spec file
 - Released 1.2pre3

19991026
 - Fixed include paths of OpenSSL functions
 - Use OpenSSL MD5 routines
 - Imported RC4 code from nanocrypt
 - Wrote replacements for OpenBSD arc4random* functions
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
Commit	Line	Data
0ce43ae4	1	19991125
	2	- More reformatting merged from OpenBSD CVS
	3	- Merged OpenBSD CVS changes:
	4	- [channels.c]
	5	fix packet_integrity_check() for !have_hostname_in_open.
	6	report from mrwizard@psu.edu via djm@ibs.com.au
	7	- [channels.c]
	8	set SO_REUSEADDR and SO_LINGER for forwarded ports.
	9	chip@valinux.com via damien@ibs.com.au
	10	- [nchan.c]
	11	it's not an error() if shutdown_write failes in nchan.
	12	- [readconf.c]
	13	remove dead #ifdef-0-code
	14	- [readconf.c servconf.c]
	15	strcasecmp instead of tolower
	16	- [scp.c]
	17	progress meter overflow fix from damien@ibs.com.au
	18	- [ssh-add.1 ssh-add.c]
	19	SSH_ASKPASS support
	20	- [ssh.1 ssh.c]
	21	postpone fork_after_authentication until command execution,
	22	request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
	23	plus: use daemon() for backgrounding
cf8dd513	24	- Added BSD compatible install program and autoconf test, thanks to
	25	Niels Kristian Bech Jensen <nkbj@image.dk>
	26	- Solaris fixing, thanks to Ben Taylor <bent@clark.net>
0ce43ae4	27
5260325f	28	19991124
	29	- Merged very large OpenBSD source code reformat
	30	- OpenBSD CVS updates
	31	- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
	32	[ssh.h sshd.8 sshd.c]
	33	syslog changes:
	34	* Unified Logmessage for all auth-types, for success and for failed
	35	* Standard connections get only ONE line in the LOG when level==LOG:
	36	Auth-attempts are logged only, if authentication is:
	37	a) successfull or
	38	b) with passwd or
	39	c) we had more than AUTH_FAIL_LOG failues
	40	* many log() became verbose()
	41	* old behaviour with level=VERBOSE
	42	- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
	43	tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
	44	messages. allows use of s/key in windows (ttssh, securecrt) and
	45	ssh-1.2.27 clients without 'ssh -v', ok: niels@
	46	- [sshd.8]
	47	-V, for fallback to openssh in SSH2 compatibility mode
	48	- [sshd.c]
	49	fix sigchld race; cjc5@po.cwru.edu
	50
4655fe80	51	19991123
4655fe80	52	- Added SuSE package files from Chris Saia <csaia@wtower.com>
8b241e50	53	- Restructured package-related files under packages/*
4655fe80	54	- Added generic PAM config
8b241e50	55	- Numerous little Solaris fixes
9c08d6ce	56	- Add recommendation to use GNU make to INSTALL document
4655fe80	57
60bed5fd	58	19991122
60bed5fd	59	- Make <enter> close gnome-ssh-askpass (Debian bug #50299)
2f2cc3f9	60	- OpenBSD CVS Changes
	61	- [ssh-keygen.c]
	62	don't create ~/.ssh only if the user wants to store the private
	63	key there. show fingerprint instead of public-key after
	64	keygeneration. ok niels@
b09a984b	65	- Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
96ad4350	66	- Added timersub() macro
b09a984b	67	- Tidy RCSIDs of bsd-*.c
96ad4350	68	- Added autoconf test and macro to deal with old PAM libraries
96ad4350	69	pam_strerror definition (one arg vs two).
530f1889	70	- Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
	71	- Retry /dev/urandom reads interrupted by signal (report from
	72	Robert Hardy <rhardy@webcon.net>)
1647c2b5	73	- Added a setenv replacement for systems which lack it
d84a9a44	74	- Only display public key comment when presenting ssh-askpass dialog
d84a9a44	75	- Released 1.2pre14
60bed5fd	76
2ddcfdf3	77	- Configure, Make and changelog corrections from Tudor Bosman
	78	<tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
	79
9d6b7add	80	19991121
2f2cc3f9	81	- OpenBSD CVS Changes:
60bed5fd	82	- [channels.c]
	83	make this compile, bad markus
	84	- [log.c readconf.c servconf.c ssh.h]
	85	bugfix: loglevels are per host in clientconfig,
	86	factor out common log-level parsing code.
	87	- [servconf.c]
	88	remove unused index (-Wall)
	89	- [ssh-agent.c]
	90	only one 'extern char *__progname'
	91	- [sshd.8]
	92	document SIGHUP, -Q to synopsis
	93	- [sshconnect.c serverloop.c sshd.c packet.c packet.h]
	94	[channels.c clientloop.c]
	95	SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
	96	[hope this time my ISP stays alive during commit]
	97	- [OVERVIEW README] typos; green@freebsd
	98	- [ssh-keygen.c]
	99	replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
	100	exit if writing the key fails (no infinit loop)
	101	print usage() everytime we get bad options
	102	- [ssh-keygen.c] overflow, djm@mindrot.org
	103	- [sshd.c] fix sigchld race; cjc5@po.cwru.edu
	104
2b942fe0	105	19991120
	106	- Merged more Solaris support from Marc G. Fournier
	107	<marc.fournier@acadiau.ca>
	108	- Wrote autoconf tests for integer bit-types
	109	- Fixed enabling kerberos support
13c36c4c	110	- Fix segfault in ssh-keygen caused by buffer overrun in filename
13c36c4c	111	handling.
2b942fe0	112
06479889	113	19991119
06479889	114	- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
2ad77510	115	- Merged OpenBSD CVS changes
	116	- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
	117	more %d vs. %s in fmt-strings
	118	- [authfd.c]
	119	Integers should not be printed with %s
7b1cc56c	120	- EGD uses a socket, not a named pipe. Duh.
7b1cc56c	121	- Fix includes in fingerprint.c
29dbde15	122	- Fix scp progress bar bug again.
2ddcfdf3	123	- Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
736890c4	124	David Rankin <drankin@bohemians.lexington.ky.us>
91b8065d	125	- Added autoconf option to enable Kerberos 4 support (untested)
	126	- Added autoconf option to enable AFS support (untested)
	127	- Added autoconf option to enable S/Key support (untested)
	128	- Added autoconf option to enable TCP wrappers support (compiles OK)
beb43d31	129	- Renamed BSD helper function files to bsd-*
caf3bc51	130	- Added tests for login and daemon and enable OpenBSD replacements for
	131	when they are absent.
	132	- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
06479889	133
2bd61362	134	19991118
	135	- Merged OpenBSD CVS changes
	136	- [scp.c] foregroundproc() in scp
	137	- [sshconnect.h] include fingerprint.h
	138	- [sshd.c] bugfix: the log() for passwd-auth escaped during logging
	139	changes.
0c16a097	140	- [ssh.1] Spell my name right.
2bd61362	141	- Added openssh.com info to README
2bd61362	142
f095fcc7	143	19991117
	144	- Merged OpenBSD CVS changes
	145	- [ChangeLog.Ylonen] noone needs this anymore
	146	- [authfd.c] close-on-exec for auth-socket, ok deraadt
	147	- [hostfile.c]
	148	in known_hosts key lookup the entry for the bits does not need
	149	to match, all the information is contained in n and e. This
	150	solves the problem with buggy servers announcing the wrong
	151	modulus length. markus and me.
	152	- [serverloop.c]
	153	bugfix: check for space if child has terminated, from:
	154	iedowse@maths.tcd.ie
	155	- [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
	156	[fingerprint.c fingerprint.h]
	157	rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
	158	- [ssh-agent.1] typo
	159	- [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
	160	- [sshd.c]
	161	force logging to stderr while loading private key file
	162	(lost while converting to new log-levels)
	163
4d195447	164	19991116
	165	- Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
	166	- Merged OpenBSD CVS changes:
	167	- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
	168	[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
	169	the keysize of rsa-parameter 'n' is passed implizit,
	170	a few more checks and warnings about 'pretended' keysizes.
	171	- [cipher.c cipher.h packet.c packet.h sshd.c]
	172	remove support for cipher RC4
	173	- [ssh.c]
	174	a note for legay systems about secuity issues with permanently_set_uid(),
	175	the private hostkey and ptrace()
	176	- [sshconnect.c]
	177	more detailed messages about adding and checking hostkeys
	178
dad9a31e	179	19991115
	180	- Merged OpenBSD CVS changes:
	181	- [ssh-add.c] change passphrase loop logic and remove ref to
	182	$DISPLAY, ok niels
	183	- Changed to ssh-add.c broke askpass support. Revised it to be a little more
	184	modular.
	185	- Revised autoconf support for enabling/disabling askpass support.
e7c0f9d5	186	- Merged more OpenBSD CVS changes:
	187	[auth-krb4.c]
	188	- disconnect if getpeername() fails
	189	- missing xfree(*client)
	190	[canohost.c]
	191	- disconnect if getpeername() fails
	192	- fix comment: we _do_ disconnect if ip-options are set
	193	[sshd.c]
	194	- disconnect if getpeername() fails
	195	- move checking of remote port to central place
	196	[auth-rhosts.c] move checking of remote port to central place
	197	[log-server.c] avoid extra fd per sshd, from millert@
	198	[readconf.c] print _all_ bad config-options in ssh(1), too
	199	[readconf.h] print _all_ bad config-options in ssh(1), too
	200	[ssh.c] print _all_ bad config-options in ssh(1), too
	201	[sshconnect.c] disconnect if getpeername() fails
	202	- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
c75a1a66	203	- Various small cleanups to bring diff (against OpenBSD) size down.
f601d847	204	- Merged more Solaris compability from Marc G. Fournier
	205	<marc.fournier@acadiau.ca>
	206	- Wrote autoconf tests for __progname symbol
8c119fd0	207	- RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
0c372277	208	- Released 1.2pre12
	209
	210	- Another OpenBSD CVS update:
	211	- [ssh-keygen.1] fix .Xr
dad9a31e	212
92da7197	213	19991114
	214	- Solaris compilation fixes (still imcomplete)
	215
94f7bb9e	216	19991113
dd092f97	217	- Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
	218	- Don't install config files if they already exist
	219	- Fix inclusion of additional preprocessor directives from acconfig.h
94f7bb9e	220	- Removed redundant inclusions of config.h
e9c75a39	221	- Added 'Obsoletes' lines to RPM spec file
94f7bb9e	222	- Merged OpenBSD CVS changes:
	223	- [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
	224	- [scp.c] fix overflow reported by damien@ibs.com.au: off_t
	225	totalsize, ok niels,aaron
	226	- Delay fork (-f option) in ssh until after port forwarded connections
	227	have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
b2344d54	228	- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
b2344d54	229	- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
dd092f97	230	- Tidied default config file some more
	231	- Revised Redhat initscript to fix bug: sshd (re)start would fail
	232	if executed from inside a ssh login.
94f7bb9e	233
e35c1dc2	234	19991112
	235	- Merged changes from OpenBSD CVS
	236	- [sshd.c] session_key_int may be zero
b4748e2f	237	- [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
	238	IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
	239	deraadt,millert
	240	- Brought default sshd_config more in line with OpenBSD's
547c9f30	241	- Grab server in gnome-ssh-askpass (Debian bug #49872)
547c9f30	242	- Released 1.2pre10
e35c1dc2	243
8bc7973f	244	- Added INSTALL documentation
6fa724bc	245	- Merged yet more changes from OpenBSD CVS
	246	- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
	247	[ssh.c ssh.h sshconnect.c sshd.c]
	248	make all access to options via 'extern Options options'
	249	and 'extern ServerOptions options' respectively;
	250	options are no longer passed as arguments:
	251	* make options handling more consistent
	252	* remove #include "readconf.h" from ssh.h
	253	* readconf.h is only included if necessary
	254	- [mpaux.c] clear temp buffer
	255	- [servconf.c] print _all_ bad options found in configfile
045672f9	256	- Make ssh-askpass support optional through autoconf
59b0f0d4	257	- Fix nasty division-by-zero error in scp.c
59b0f0d4	258	- Released 1.2pre11
8bc7973f	259
4cca272e	260	19991111
4cca272e	261	- Added (untested) Entropy Gathering Daemon (EGD) support
67d68e3a	262	- Fixed /dev/urandom fd leak (Debian bug #49722)
5bbb5681	263	- Merged OpenBSD CVS changes:
	264	- [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
	265	- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
	266	- [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
505fed0a	267	- Fix integer overflow which was messing up scp's progress bar for large
505fed0a	268	file transfers. Fix submitted to OpenBSD developers.
6a17f9c2	269	- Merged more OpenBSD CVS changes:
	270	- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
	271	+ krb-cleanup cleanup
	272	- [clientloop.c log-client.c log-server.c ]
	273	[readconf.c readconf.h servconf.c servconf.h ]
	274	[ssh.1 ssh.c ssh.h sshd.8]
	275	add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
	276	obsoletes QuietMode and FascistLogging in sshd.
e35c1dc2	277	- [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
	278	allow session_key_int != sizeof(session_key)
	279	[this should fix the pre-assert-removal-core-files]
	280	- Updated default config file to use new LogLevel option and to improve
	281	readability
	282
f370266e	283	19991110
67d68e3a	284	- Merged several minor fixes:
f370266e	285	- ssh-agent commandline parsing
	286	- RPM spec file now installs ssh setuid root
	287	- Makefile creates libdir
4cca272e	288	- Merged beginnings of Solaris compability from Marc G. Fournier
4cca272e	289	<marc.fournier@acadiau.ca>
f370266e	290
d4f11b59	291	19991109
	292	- Autodetection of SSL/Crypto library location via autoconf
	293	- Fixed location of ssh-askpass to follow autoconf
	294	- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
	295	- Autodetection of RSAref library for US users
	296	- Minor doc updates
560557bb	297	- Merged OpenBSD CVS changes:
	298	- [rsa.c] bugfix: use correct size for memset()
	299	- [sshconnect.c] warn if announced size of modulus 'n' != real size
f025becb	300	- Added GNOME passphrase requestor (use --with-gnome-askpass)
d397b172	301	- RPM build now creates subpackages
aa51e7cc	302	- Released 1.2pre9
d4f11b59	303
e1a9c08d	304	19991108
	305	- Removed debian/ directory. This is now being maintained separately.
	306	- Added symlinks for slogin in RPM spec file
	307	- Fixed permissions on manpages in RPM spec file
	308	- Added references to required libraries in README file
	309	- Removed config.h.in from CVS
	310	- Removed pwdb support (better pluggable auth is provided by glibc)
	311	- Made PAM and requisite libdl optional
	312	- Removed lots of unnecessary checks from autoconf
	313	- Added support and autoconf test for openpty() function (Unix98 pty support)
	314	- Fix for scp not finding ssh if not installed as /usr/bin/ssh
	315	- Added TODO file
	316	- Merged parts of Debian patch From Phil Hands <phil@hands.com>:
	317	- Added ssh-askpass program
	318	- Added ssh-askpass support to ssh-add.c
	319	- Create symlinks for slogin on install
	320	- Fix "distclean" target in makefile
	321	- Added example for ssh-agent to manpage
	322	- Added support for PAM_TEXT_INFO messages
	323	- Disable internal /etc/nologin support if PAM enabled
	324	- Merged latest OpenBSD CVS changes:
5bae4ab8	325	- [all] replace assert() with error, fatal or packet_disconnect
e1a9c08d	326	- [sshd.c] don't send fail-msg but disconnect if too many authentication
e1a9c08d	327	failures
e1a9c08d	328	- [sshd.c] remove unused argument. ok dugsong
	329	- [sshd.c] typo
	330	- [rsa.c] clear buffers used for encryption. ok: niels
	331	- [rsa.c] replace assert() with error, fatal or packet_disconnect
ade6fccd	332	- [auth-krb4.c] remove unused argument. ok dugsong
e1a9c08d	333	- Fixed coredump after merge of OpenBSD rsa.c patch
9010d60a	334	- Released 1.2pre8
e1a9c08d	335
3028328e	336	19991102
	337	- Merged change from OpenBSD CVS
	338	- One-line cleanup in sshd.c
	339
474832c5	340	19991030
474832c5	341	- Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
69256d9d	342	- Merged latest updates for OpenBSD CVS:
	343	- channels.[ch] - remove broken x11 fix and document istate/ostate
	344	- ssh-agent.c - call setsid() regardless of argv[]
	345	- ssh.c - save a few lines when disabling rhosts-{rsa-}auth
	346	- Documentation cleanups
	347	- Renamed README -> README.Ylonen
	348	- Renamed README.openssh ->README
474832c5	349
339660f6	350	19991029
	351	- Renamed openssh* back to ssh* at request of Theo de Raadt
	352	- Incorporated latest changes from OpenBSD's CVS
	353	- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
	354	- Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
549b3eed	355	- Make distclean now removed configure script
	356	- Improved PAM logging
	357	- Added some debug() calls for PAM
4ecd19ea	358	- Removed redundant subdirectories
	359	- Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
	360	building on Debian.
242588e6	361	- Fixed off-by-one error in PAM env patch
242588e6	362	- Released 1.2pre6
339660f6	363
5881cd60	364	19991028
	365	- Further PAM enhancements.
	366	- Much cleaner
	367	- Now uses account and session modules for all logins.
	368	- Integrated patch from Dan Brosemer <odin@linuxfreak.com>
	369	- Build fixes
	370	- Autoconf
	371	- Change binary names to open*
	372	- Fixed autoconf script to detect PAM on RH6.1
	373	- Added tests for libpwdb, and OpenBSD functions to autoconf
221395b3	374	- Released 1.2pre4
fca82d2e	375
	376	- Imported latest OpenBSD CVS code
	377	- Updated README.openssh
93f04616	378	- Released 1.2pre5
fca82d2e	379
5881cd60	380	19991027
	381	- Adapted PAM patch.
	382	- Released 1.0pre2
	383
	384	- Excised my buggy replacements for strlcpy and mkdtemp
	385	- Imported correct OpenBSD strlcpy and mkdtemp routines.
	386	- Reduced arc4random_stir entropy read to 32 bytes (256 bits)
	387	- Picked up correct version number from OpenBSD
	388	- Added sshd.pam PAM configuration file
	389	- Added sshd.init Redhat init script
	390	- Added openssh.spec RPM spec file
	391	- Released 1.2pre3
	392
	393	19991026
	394	- Fixed include paths of OpenSSL functions
	395	- Use OpenSSL MD5 routines
	396	- Imported RC4 code from nanocrypt
	397	- Wrote replacements for OpenBSD arc4random* functions
	398	- Wrote replacements for strlcpy and mkdtemp
	399	- Released 1.0pre1