2 - Added SuSE package files from Chris Saia <csaia@wtower.com>
3 - Restructured package-related files under packages/*
4 - Added generic PAM config
5 - Numerous little Solaris fixes
6 - Add recommendation to use GNU make to INSTALL document
9 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
12 don't create ~/.ssh only if the user wants to store the private
13 key there. show fingerprint instead of public-key after
14 keygeneration. ok niels@
15 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
16 - Added timersub() macro
17 - Tidy RCSIDs of bsd-*.c
18 - Added autoconf test and macro to deal with old PAM libraries
19 pam_strerror definition (one arg vs two).
20 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
21 - Retry /dev/urandom reads interrupted by signal (report from
22 Robert Hardy <rhardy@webcon.net>)
23 - Added a setenv replacement for systems which lack it
24 - Only display public key comment when presenting ssh-askpass dialog
27 - Configure, Make and changelog corrections from Tudor Bosman
28 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
31 - OpenBSD CVS Changes:
33 make this compile, bad markus
34 - [log.c readconf.c servconf.c ssh.h]
35 bugfix: loglevels are per host in clientconfig,
36 factor out common log-level parsing code.
38 remove unused index (-Wall)
40 only one 'extern char *__progname'
42 document SIGHUP, -Q to synopsis
43 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
44 [channels.c clientloop.c]
45 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
46 [hope this time my ISP stays alive during commit]
47 - [OVERVIEW README] typos; green@freebsd
49 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
50 exit if writing the key fails (no infinit loop)
51 print usage() everytime we get bad options
52 - [ssh-keygen.c] overflow, djm@mindrot.org
53 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
56 - Merged more Solaris support from Marc G. Fournier
57 <marc.fournier@acadiau.ca>
58 - Wrote autoconf tests for integer bit-types
59 - Fixed enabling kerberos support
60 - Fix segfault in ssh-keygen caused by buffer overrun in filename
64 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
65 - Merged OpenBSD CVS changes
66 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
67 more %d vs. %s in fmt-strings
69 Integers should not be printed with %s
70 - EGD uses a socket, not a named pipe. Duh.
71 - Fix includes in fingerprint.c
72 - Fix scp progress bar bug again.
73 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
74 David Rankin <drankin@bohemians.lexington.ky.us>
75 - Added autoconf option to enable Kerberos 4 support (untested)
76 - Added autoconf option to enable AFS support (untested)
77 - Added autoconf option to enable S/Key support (untested)
78 - Added autoconf option to enable TCP wrappers support (compiles OK)
79 - Renamed BSD helper function files to bsd-*
80 - Added tests for login and daemon and enable OpenBSD replacements for
82 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
85 - Merged OpenBSD CVS changes
86 - [scp.c] foregroundproc() in scp
87 - [sshconnect.h] include fingerprint.h
88 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
90 - [ssh.1] Spell my name right.
91 - Added openssh.com info to README
94 - Merged OpenBSD CVS changes
95 - [ChangeLog.Ylonen] noone needs this anymore
96 - [authfd.c] close-on-exec for auth-socket, ok deraadt
98 in known_hosts key lookup the entry for the bits does not need
99 to match, all the information is contained in n and e. This
100 solves the problem with buggy servers announcing the wrong
101 modulus length. markus and me.
103 bugfix: check for space if child has terminated, from:
105 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
106 [fingerprint.c fingerprint.h]
107 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
109 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
111 force logging to stderr while loading private key file
112 (lost while converting to new log-levels)
115 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
116 - Merged OpenBSD CVS changes:
117 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
118 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
119 the keysize of rsa-parameter 'n' is passed implizit,
120 a few more checks and warnings about 'pretended' keysizes.
121 - [cipher.c cipher.h packet.c packet.h sshd.c]
122 remove support for cipher RC4
124 a note for legay systems about secuity issues with permanently_set_uid(),
125 the private hostkey and ptrace()
127 more detailed messages about adding and checking hostkeys
130 - Merged OpenBSD CVS changes:
131 - [ssh-add.c] change passphrase loop logic and remove ref to
133 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
135 - Revised autoconf support for enabling/disabling askpass support.
136 - Merged more OpenBSD CVS changes:
138 - disconnect if getpeername() fails
139 - missing xfree(*client)
141 - disconnect if getpeername() fails
142 - fix comment: we _do_ disconnect if ip-options are set
144 - disconnect if getpeername() fails
145 - move checking of remote port to central place
146 [auth-rhosts.c] move checking of remote port to central place
147 [log-server.c] avoid extra fd per sshd, from millert@
148 [readconf.c] print _all_ bad config-options in ssh(1), too
149 [readconf.h] print _all_ bad config-options in ssh(1), too
150 [ssh.c] print _all_ bad config-options in ssh(1), too
151 [sshconnect.c] disconnect if getpeername() fails
152 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
153 - Various small cleanups to bring diff (against OpenBSD) size down.
154 - Merged more Solaris compability from Marc G. Fournier
155 <marc.fournier@acadiau.ca>
156 - Wrote autoconf tests for __progname symbol
157 - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
160 - Another OpenBSD CVS update:
161 - [ssh-keygen.1] fix .Xr
164 - Solaris compilation fixes (still imcomplete)
167 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
168 - Don't install config files if they already exist
169 - Fix inclusion of additional preprocessor directives from acconfig.h
170 - Removed redundant inclusions of config.h
171 - Added 'Obsoletes' lines to RPM spec file
172 - Merged OpenBSD CVS changes:
173 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
174 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
175 totalsize, ok niels,aaron
176 - Delay fork (-f option) in ssh until after port forwarded connections
177 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
178 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
179 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
180 - Tidied default config file some more
181 - Revised Redhat initscript to fix bug: sshd (re)start would fail
182 if executed from inside a ssh login.
185 - Merged changes from OpenBSD CVS
186 - [sshd.c] session_key_int may be zero
187 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
188 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
190 - Brought default sshd_config more in line with OpenBSD's
191 - Grab server in gnome-ssh-askpass (Debian bug #49872)
194 - Added INSTALL documentation
195 - Merged yet more changes from OpenBSD CVS
196 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
197 [ssh.c ssh.h sshconnect.c sshd.c]
198 make all access to options via 'extern Options options'
199 and 'extern ServerOptions options' respectively;
200 options are no longer passed as arguments:
201 * make options handling more consistent
202 * remove #include "readconf.h" from ssh.h
203 * readconf.h is only included if necessary
204 - [mpaux.c] clear temp buffer
205 - [servconf.c] print _all_ bad options found in configfile
206 - Make ssh-askpass support optional through autoconf
207 - Fix nasty division-by-zero error in scp.c
211 - Added (untested) Entropy Gathering Daemon (EGD) support
212 - Fixed /dev/urandom fd leak (Debian bug #49722)
213 - Merged OpenBSD CVS changes:
214 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
215 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
216 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
217 - Fix integer overflow which was messing up scp's progress bar for large
218 file transfers. Fix submitted to OpenBSD developers.
219 - Merged more OpenBSD CVS changes:
220 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
221 + krb-cleanup cleanup
222 - [clientloop.c log-client.c log-server.c ]
223 [readconf.c readconf.h servconf.c servconf.h ]
224 [ssh.1 ssh.c ssh.h sshd.8]
225 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
226 obsoletes QuietMode and FascistLogging in sshd.
227 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
228 allow session_key_int != sizeof(session_key)
229 [this should fix the pre-assert-removal-core-files]
230 - Updated default config file to use new LogLevel option and to improve
234 - Merged several minor fixes:
235 - ssh-agent commandline parsing
236 - RPM spec file now installs ssh setuid root
237 - Makefile creates libdir
238 - Merged beginnings of Solaris compability from Marc G. Fournier
239 <marc.fournier@acadiau.ca>
242 - Autodetection of SSL/Crypto library location via autoconf
243 - Fixed location of ssh-askpass to follow autoconf
244 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
245 - Autodetection of RSAref library for US users
247 - Merged OpenBSD CVS changes:
248 - [rsa.c] bugfix: use correct size for memset()
249 - [sshconnect.c] warn if announced size of modulus 'n' != real size
250 - Added GNOME passphrase requestor (use --with-gnome-askpass)
251 - RPM build now creates subpackages
255 - Removed debian/ directory. This is now being maintained separately.
256 - Added symlinks for slogin in RPM spec file
257 - Fixed permissions on manpages in RPM spec file
258 - Added references to required libraries in README file
259 - Removed config.h.in from CVS
260 - Removed pwdb support (better pluggable auth is provided by glibc)
261 - Made PAM and requisite libdl optional
262 - Removed lots of unnecessary checks from autoconf
263 - Added support and autoconf test for openpty() function (Unix98 pty support)
264 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
266 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
267 - Added ssh-askpass program
268 - Added ssh-askpass support to ssh-add.c
269 - Create symlinks for slogin on install
270 - Fix "distclean" target in makefile
271 - Added example for ssh-agent to manpage
272 - Added support for PAM_TEXT_INFO messages
273 - Disable internal /etc/nologin support if PAM enabled
274 - Merged latest OpenBSD CVS changes:
275 - [all] replace assert() with error, fatal or packet_disconnect
276 - [sshd.c] don't send fail-msg but disconnect if too many authentication
278 - [sshd.c] remove unused argument. ok dugsong
280 - [rsa.c] clear buffers used for encryption. ok: niels
281 - [rsa.c] replace assert() with error, fatal or packet_disconnect
282 - [auth-krb4.c] remove unused argument. ok dugsong
283 - Fixed coredump after merge of OpenBSD rsa.c patch
287 - Merged change from OpenBSD CVS
288 - One-line cleanup in sshd.c
291 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
292 - Merged latest updates for OpenBSD CVS:
293 - channels.[ch] - remove broken x11 fix and document istate/ostate
294 - ssh-agent.c - call setsid() regardless of argv[]
295 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
296 - Documentation cleanups
297 - Renamed README -> README.Ylonen
298 - Renamed README.openssh ->README
301 - Renamed openssh* back to ssh* at request of Theo de Raadt
302 - Incorporated latest changes from OpenBSD's CVS
303 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
304 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
305 - Make distclean now removed configure script
306 - Improved PAM logging
307 - Added some debug() calls for PAM
308 - Removed redundant subdirectories
309 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
311 - Fixed off-by-one error in PAM env patch
315 - Further PAM enhancements.
317 - Now uses account and session modules for all logins.
318 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
321 - Change binary names to open*
322 - Fixed autoconf script to detect PAM on RH6.1
323 - Added tests for libpwdb, and OpenBSD functions to autoconf
326 - Imported latest OpenBSD CVS code
327 - Updated README.openssh
334 - Excised my buggy replacements for strlcpy and mkdtemp
335 - Imported correct OpenBSD strlcpy and mkdtemp routines.
336 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
337 - Picked up correct version number from OpenBSD
338 - Added sshd.pam PAM configuration file
339 - Added sshd.init Redhat init script
340 - Added openssh.spec RPM spec file
344 - Fixed include paths of OpenSSL functions
345 - Use OpenSSL MD5 routines
346 - Imported RC4 code from nanocrypt
347 - Wrote replacements for OpenBSD arc4random* functions
348 - Wrote replacements for strlcpy and mkdtemp