3 - markus@cvs.openbsd.org 2001/06/25 08:25:41
4 [channels.c channels.h cipher.c clientloop.c compat.c compat.h
5 hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
6 session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
7 update copyright for 2001
8 - markus@cvs.openbsd.org 2001/06/25 17:18:27
10 sshd(8) will never read the private keys, but ssh(1) does;
12 - provos@cvs.openbsd.org 2001/06/25 17:54:47
13 [auth.c auth.h auth-rsa.c]
14 terminate secure_filename checking after checking homedir. that way
15 it works on AFS. okay markus@
16 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
17 [auth2.c sshconnect2.c]
18 prototype cleanup; ok markus@
19 - markus@cvs.openbsd.org 2001/06/26 02:47:07
21 allow loading a private RSA key to a cyberflex card.
22 - markus@cvs.openbsd.org 2001/06/26 04:07:06
23 [ssh-agent.1 ssh-agent.c]
25 - markus@cvs.openbsd.org 2001/06/26 04:59:59
26 [authfd.c authfd.h ssh-add.c]
27 initial support for smartcards in the agent
28 - markus@cvs.openbsd.org 2001/06/26 05:07:43
31 - markus@cvs.openbsd.org 2001/06/26 05:33:34
33 more smartcard support.
34 - mpech@cvs.openbsd.org 2001/06/26 05:48:07
36 remove unnecessary .Pp between .It;
38 - markus@cvs.openbsd.org 2001/06/26 05:50:11
40 new interface for secure_filename()
41 - itojun@cvs.openbsd.org 2001/06/26 06:32:58
42 [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
43 buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
44 compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
45 hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
46 radix.h readconf.h readpass.h rsa.h]
47 prototype pedant. not very creative...
50 - itojun@cvs.openbsd.org 2001/06/26 06:33:07
51 [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
52 sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
53 ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
54 prototype pedant. not very creative...
57 - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
58 [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
59 servconf.c servconf.h session.c sshconnect1.c sshd.c]
60 Kerberos v5 support for SSH1, mostly from Assar Westerlund
61 <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
62 - markus@cvs.openbsd.org 2001/06/26 17:25:34
64 document SSH_ASKPASS; fubob@MIT.EDU
65 - markus@cvs.openbsd.org 2001/06/26 17:27:25
66 [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
67 canohost.h channels.h cipher.h clientloop.h compat.h compress.h
68 crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
69 hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
70 packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
71 session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
72 sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
73 tildexpand.h uidswap.h uuencode.h xmalloc.h]
74 remove comments from .h, since they are cut&paste from the .c files
76 - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
79 - markus@cvs.openbsd.org 2001/06/26 20:14:11
80 [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
81 add smartcard support to the client, too (now you can use both
82 the agent and the client).
83 - markus@cvs.openbsd.org 2001/06/27 02:12:54
84 [serverloop.c serverloop.h session.c session.h]
85 quick hack to make ssh2 work again.
86 - markus@cvs.openbsd.org 2001/06/27 04:48:53
87 [auth.c match.c sshd.8]
89 - markus@cvs.openbsd.org 2001/06/27 05:35:42
91 use cyberflex_inq_class to inquire class.
92 - markus@cvs.openbsd.org 2001/06/27 05:42:25
93 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
94 s/generate_additional_parameters/rsa_generate_additional_parameters/
95 http://www.humppa.com/
96 - markus@cvs.openbsd.org 2001/06/27 06:26:36
99 - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
101 '\0' terminated data[] is ok; ok markus@
102 - markus@cvs.openbsd.org 2001/06/29 07:06:34
104 new error handling for cyberflex_*
105 - markus@cvs.openbsd.org 2001/06/29 07:11:01
108 - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
110 sync function definition with declaration; ok markus@
111 - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
113 use socklen_t for getsockopt arg #5; ok markus@
114 - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
115 [channels.c channels.h clientloop.c]
116 adress -> address; ok markus@
117 - markus@cvs.openbsd.org 2001/07/02 13:59:15
118 [serverloop.c session.c session.h]
119 wait until !session_have_children(); bugreport from
120 Lutz.Jaenicke@aet.TU-Cottbus.DE
121 - markus@cvs.openbsd.org 2001/07/02 22:29:20
123 do not return NULL, use "" instead.
124 - markus@cvs.openbsd.org 2001/07/02 22:40:18
126 update for sectok.h interface changes.
127 - markus@cvs.openbsd.org 2001/07/02 22:52:57
128 [channels.c channels.h serverloop.c]
129 improve cleanup/exit logic in ssh2:
130 stop listening to channels, detach channel users (e.g. sessions).
131 wait for children (i.e. dying sessions), send exit messages,
132 cleanup all channels.
135 - (bal) Removed net_aton() since we don't use it any more
136 - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
137 - (bal) Updated zlib's home. Thanks to David Howe <DaveHowe@gmx.co.uk>.
138 - (stevesk) remove _REENTRANT #define
139 - (stevesk) session.c: use u_int for envsize
140 - (stevesk) remove cli.[ch]
143 - (djm) Sync openbsd-compat with -current libc
144 - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
146 - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
147 - (bal) Remove getusershell() since it's no longer used.
150 - (djm) Reintroduce pam_session call for non-pty sessions.
151 - (djm) Remove redundant and incorrect test for max auth attempts in
152 PAM kbdint code. Based on fix from Matthew Melvin
153 <matthewm@webcentral.com.au>
154 - (djm) Rename sysconfdir/primes => sysconfdir/moduli
155 - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
156 existing primes->moduli if it exists.
157 - (djm) Sync with -current openbsd-compat/readpassphrase.c:
158 - djm@cvs.openbsd.org 2001/06/27 13:23:30
159 typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
160 - (djm) Turn up warnings if gcc or egcs detected
161 - (stevesk) for HP-UX 11.X use X/Open socket interface;
162 pulls in modern socket prototypes and eliminates a number of compiler
163 warnings. see xopen_networking(7).
164 - (stevesk) fix x11 forwarding from _PATH_XAUTH change
165 - (stevesk) use X/Open socket interface for HP-UX 10.X also
169 - markus@cvs.openbsd.org 2001/06/21 21:08:25
171 don't reset forced_command (we allow multiple login shells in
172 ssh2); dwd@bell-labs.com
173 - mpech@cvs.openbsd.org 2001/06/22 10:17:51
174 [ssh.1 sshd.8 ssh-keyscan.1]
175 o) .Sh AUTHOR -> .Sh AUTHORS;
176 o) remove unnecessary .Pp;
177 o) better -mdoc style;
181 - provos@cvs.openbsd.org 2001/06/22 21:27:08
183 use /etc/moduli instead of /etc/primes, okay markus@
184 - provos@cvs.openbsd.org 2001/06/22 21:28:53
187 - markus@cvs.openbsd.org 2001/06/22 21:55:49
188 [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
190 merge authorized_keys2 into authorized_keys.
191 authorized_keys2 is used for backward compat.
192 (just append authorized_keys2 to authorized_keys).
193 - provos@cvs.openbsd.org 2001/06/22 21:57:59
195 increase linebuffer to deal with larger moduli; use rewind instead of
197 - markus@cvs.openbsd.org 2001/06/22 22:21:20
199 allow long usernames/groups in readdir
200 - markus@cvs.openbsd.org 2001/06/22 23:35:21
202 don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
203 - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
206 - markus@cvs.openbsd.org 2001/06/23 00:20:57
207 [auth2.c auth.c auth.h auth-rh-rsa.c]
208 *known_hosts2 is obsolete for hostbased authentication and
209 only used for backward compat. merge ssh1/2 hostkey check
210 and move it to auth.c
211 - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
212 [sftp.1 sftp-server.8 ssh-keygen.1]
213 join .%A entries; most by bk@rt.fm
214 - markus@cvs.openbsd.org 2001/06/23 02:34:33
215 [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
216 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
217 get rid of known_hosts2, use it for hostkey lookup, but do not
219 - markus@cvs.openbsd.org 2001/06/23 03:03:59
221 draft-ietf-secsh-dh-group-exchange-01.txt
222 - markus@cvs.openbsd.org 2001/06/23 03:04:42
223 [auth2.c auth-rh-rsa.c]
224 restore correct ignore_user_known_hosts logic.
225 - markus@cvs.openbsd.org 2001/06/23 05:26:02
227 handle sigature of size 0 (some broken clients send this).
228 - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
229 [sftp.1 sftp-server.8 ssh-keygen.1]
230 ok, tmac is now fixed
231 - markus@cvs.openbsd.org 2001/06/23 06:41:10
233 try to decode ssh-3.0.0 private rsa keys
234 (allow migration to openssh, not vice versa), #910
235 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
236 [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
237 canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
238 hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
239 readpass.c scp.c servconf.c serverloop.c session.c sftp.c
240 sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
241 ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
242 ssh-keygen.c ssh-keyscan.c]
243 more strict prototypes. raise warning level in Makefile.inc.
245 TODO; cleanup headers
246 - markus@cvs.openbsd.org 2001/06/23 17:05:22
248 fix import for (broken?) ssh.com/f-secure private keys
249 (i tested > 1000 RSA keys)
250 - itojun@cvs.openbsd.org 2001/06/23 17:48:18
251 [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
252 kill whitespace at EOL.
253 - markus@cvs.openbsd.org 2001/06/23 19:12:43
255 pidfile/sigterm race; bbraun@synack.net
256 - markus@cvs.openbsd.org 2001/06/23 22:37:46
258 consistent with ssh2: skip key if empty passphrase is entered,
259 retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
260 - markus@cvs.openbsd.org 2001/06/24 05:25:10
261 [auth-options.c match.c match.h]
262 move ip+hostname check to match.c
263 - markus@cvs.openbsd.org 2001/06/24 05:35:33
264 [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
265 switch to readpassphrase(3)
266 2.7/8-stable needs readpassphrase.[ch] from libc
267 - markus@cvs.openbsd.org 2001/06/24 05:47:13
269 oops, missing format string
270 - markus@cvs.openbsd.org 2001/06/24 17:18:31
272 passing modes works fine: debug2->3
273 - (djm) -Wall fix for session.c
274 - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
278 - (stevesk) handle systems without pw_expire and pw_change.
282 - markus@cvs.openbsd.org 2001/06/16 08:49:38
284 typo; dunlap@apl.washington.edu
285 - markus@cvs.openbsd.org 2001/06/16 08:50:39
287 bad //-style comment; thx to stevev@darkwing.uoregon.edu
288 - markus@cvs.openbsd.org 2001/06/16 08:57:35
290 no stdio or exit() in signal handlers.
291 - markus@cvs.openbsd.org 2001/06/16 08:58:34
293 copy pw_expire and pw_change, too.
294 - markus@cvs.openbsd.org 2001/06/19 12:34:09
296 cleanup forced command handling, from dwd@bell-labs.com
297 - markus@cvs.openbsd.org 2001/06/19 14:09:45
299 disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
300 - markus@cvs.openbsd.org 2001/06/19 15:40:45
302 allocate and free at the same level.
303 - markus@cvs.openbsd.org 2001/06/20 13:56:39
304 [channels.c channels.h clientloop.c packet.c serverloop.c]
305 move from channel_stop_listening to channel_free_all,
306 call channel_free_all before calling waitpid() in serverloop.
307 fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
310 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
312 - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
316 - markus@cvs.openbsd.org 2001/06/13 09:10:31
318 typo, use pid not s->pid, mstone@cs.loyola.edu
322 - markus@cvs.openbsd.org 2001/06/12 10:58:29
324 merge session_free into session_close()
325 merge pty_cleanup_proc into session_pty_cleanup()
326 - markus@cvs.openbsd.org 2001/06/12 16:10:38
328 merge ssh1/ssh2 tty msg parse and alloc code
329 - markus@cvs.openbsd.org 2001/06/12 16:11:26
331 do not log() packet_set_maxsize
332 - markus@cvs.openbsd.org 2001/06/12 21:21:29
334 remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
335 we do already trust $HOME/.ssh
336 you can use .ssh/sshrc and .ssh/environment if you want to customize
337 the location of the xauth cookies
338 - markus@cvs.openbsd.org 2001/06/12 21:30:57
343 - scp.c ID update (upstream synced vfsprintf() from us)
345 - markus@cvs.openbsd.org 2001/06/10 11:29:20
348 protocol errors are fatal.
349 - markus@cvs.openbsd.org 2001/06/11 10:18:24
351 reset pointer to NULL after xfree(); report from solar@openwall.com
352 - markus@cvs.openbsd.org 2001/06/11 16:04:38
354 typo; bdubreuil@crrel.usace.army.mil
357 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
359 - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
360 types. Patch by Jan IVEN <Jan.Iven@cern.ch>
361 - (bal) Fixed Makefile.in so that 'configure; make install' works.
364 - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
368 - markus@cvs.openbsd.org 2001/05/30 12:55:13
369 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
370 packet.c serverloop.c session.c ssh.c ssh1.h]
371 channel layer cleanup: merge header files and split .c files
372 - markus@cvs.openbsd.org 2001/05/30 15:20:10
374 merge functions, simplify.
375 - markus@cvs.openbsd.org 2001/05/31 10:30:17
376 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
377 packet.c serverloop.c session.c ssh.c]
378 undo the .c file split, just merge the header and keep the cvs
380 - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
382 - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
385 - markus@cvs.openbsd.org 2001/05/31 13:08:04
387 group options and add some more comments
388 - markus@cvs.openbsd.org 2001/06/03 14:55:39
389 [channels.c channels.h session.c]
390 use fatal_register_cleanup instead of atexit, sync with x11 authdir
392 - markus@cvs.openbsd.org 2001/06/03 19:36:44
394 1-2 bits of entrophy per character (not per word), ok stevesk@
395 - markus@cvs.openbsd.org 2001/06/03 19:38:42
397 pass -v to ssh; from slade@shore.net
398 - markus@cvs.openbsd.org 2001/06/03 20:06:11
400 the challenge response device decides how to handle non-existing
402 -> fake challenges for skey and cryptocard
403 - markus@cvs.openbsd.org 2001/06/04 21:59:43
404 [channels.c channels.h session.c]
405 switch uid when cleaning up tmp files and sockets; reported by
406 zen-parse@gmx.net on bugtraq
407 - markus@cvs.openbsd.org 2001/06/04 23:07:21
408 [clientloop.c serverloop.c sshd.c]
409 set flags in the signal handlers, do real work in the main loop,
411 - markus@cvs.openbsd.org 2001/06/04 23:16:16
413 merge ssh1/2 x11-fwd setup, create listener after tmp-dir
414 - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
415 [ssh-keyscan.1 ssh-keyscan.c]
416 License clarification from David Mazieres, ok deraadt@
417 - markus@cvs.openbsd.org 2001/06/05 10:24:32
419 don't delete the auth socket in channel_stop_listening()
420 auth_sock_cleanup_proc() will take care of this.
421 - markus@cvs.openbsd.org 2001/06/05 16:46:19
423 let session_close() delete the pty. deny x11fwd if xauthfile is set.
424 - markus@cvs.openbsd.org 2001/06/06 23:13:54
425 [ssh-dss.c ssh-rsa.c]
426 cleanup, remove old code
427 - markus@cvs.openbsd.org 2001/06/06 23:19:35
429 remove debug message; Darren.Moffat@eng.sun.com
430 - markus@cvs.openbsd.org 2001/06/07 19:57:53
432 style is used for bsdauth.
433 disconnect on user/service change (ietf-drafts)
434 - markus@cvs.openbsd.org 2001/06/07 20:23:05
435 [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
436 sshconnect.c sshconnect1.c]
437 use xxx_put_cstring()
438 - markus@cvs.openbsd.org 2001/06/07 22:25:02
440 don't overwrite errno
441 delay deletion of the xauth cookie
442 - markus@cvs.openbsd.org 2001/06/08 15:25:40
443 [includes.h pathnames.h readconf.c servconf.c]
444 move the path for xauth to pathnames.h
445 - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
446 - (bal) ANSIify strmode()
447 - (bal) --with-catman should be --with-mantype patch by Dave
448 Dykstra <dwd@bell-labs.com>
452 - markus@cvs.openbsd.org 2001/05/17 21:34:15
454 no spaces in PreferredAuthentications;
455 meixner@rbg.informatik.tu-darmstadt.de
456 - markus@cvs.openbsd.org 2001/05/18 14:13:29
457 [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
458 readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
459 improved kbd-interactive support. work by per@appgate.com and me
460 - djm@cvs.openbsd.org 2001/05/19 00:36:40
462 Disable X11 forwarding if xauth binary is not found. Patch from Nalin
463 Dahyabhai <nalin@redhat.com>; ok markus@
464 - markus@cvs.openbsd.org 2001/05/19 16:05:41
466 ftruncate() instead of open()+O_TRUNC like rcp.c does
467 allows scp /path/to/file localhost:/path/to/file
468 - markus@cvs.openbsd.org 2001/05/19 16:08:43
470 sort options; Matthew.Stier@fnc.fujitsu.com
471 - markus@cvs.openbsd.org 2001/05/19 16:32:16
472 [ssh.1 sshconnect2.c]
473 change preferredauthentication order to
474 publickey,hostbased,password,keyboard-interactive
475 document that hostbased defaults to no, document order
476 - markus@cvs.openbsd.org 2001/05/19 16:46:19
478 document MACs defaults with .Dq
479 - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
480 [misc.c misc.h servconf.c sshd.8 sshd.c]
481 sshd command-line arguments and configuration file options that
482 specify time may be expressed using a sequence of the form:
483 time[qualifier], where time is a positive integer value and qualifier
484 is one of the following:
487 600 600 seconds (10 minutes)
489 1h30m 1 hour 30 minutes (90 minutes)
491 - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
493 typo in error message
494 - markus@cvs.openbsd.org 2001/05/20 17:20:36
495 [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
497 configurable authorized_keys{,2} location; originally from peter@;
499 - markus@cvs.openbsd.org 2001/05/24 11:12:42
501 fix comment; from jakob@
502 - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
503 [clientloop.c readconf.c ssh.c ssh.h]
504 don't perform escape processing when ``EscapeChar none''; ok markus@
505 - markus@cvs.openbsd.org 2001/05/25 14:37:32
507 use -P for -e and -y, too.
508 - markus@cvs.openbsd.org 2001/05/28 08:04:39
511 - markus@cvs.openbsd.org 2001/05/28 10:08:55
513 key_load_private: set comment to filename for PEM keys
514 - markus@cvs.openbsd.org 2001/05/28 22:51:11
516 simpler 3des for ssh1
517 - markus@cvs.openbsd.org 2001/05/28 23:14:49
518 [channels.c channels.h nchan.c]
519 undo broken channel fix and try a different one. there
520 should be still some select errors...
521 - markus@cvs.openbsd.org 2001/05/28 23:25:24
524 - markus@cvs.openbsd.org 2001/05/28 23:58:35
525 [packet.c packet.h sshconnect.c sshd.c]
526 remove some lines, simplify.
527 - markus@cvs.openbsd.org 2001/05/29 12:31:27
532 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
533 Patch by Corinna Vinschen <vinschen@redhat.com>
537 - markus@cvs.openbsd.org 2001/05/12 19:53:13
539 readlink does not NULL-terminate; mhe@home.se
540 - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
542 X11 forwarding details improved
543 - markus@cvs.openbsd.org 2001/05/16 20:51:57
545 return comments for private pem files, too; report from nolan@naic.edu
546 - markus@cvs.openbsd.org 2001/05/16 21:53:53
548 check for open sessions before we call select(); fixes the x11 client
549 bug reported by bowman@math.ualberta.ca
550 - markus@cvs.openbsd.org 2001/05/16 22:09:21
552 more select() error fixes (don't set rfd/wfd to -1).
553 - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
554 - (bal) Corrected on_exit() emulation via atexit().
558 - markus@cvs.openbsd.org 2001/05/11 14:59:56
559 [clientloop.c misc.c misc.h]
560 add unset_nonblock for stdout/err flushing in client_loop().
561 - (bal) Patch to partial sync up contrib/solaris/ packaging software.
562 Patch by pete <ninjaz@webexpress.com>
566 - markus@cvs.openbsd.org 2001/05/09 22:51:57
568 fix -R for protocol 2, noticed by greg@nest.cx.
569 bug was introduced with experimental dynamic forwarding.
570 - markus@cvs.openbsd.org 2001/05/09 23:01:31
572 fix prototype; J.S.Peatfield@damtp.cam.ac.uk
576 - markus@cvs.openbsd.org 2001/05/06 21:23:31
578 cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
579 - markus@cvs.openbsd.org 2001/05/08 19:17:31
580 [channels.c serverloop.c clientloop.c]
581 adds correct error reporting to async connect()s
582 fixes the server-discards-data-before-connected-bug found by
584 - mouring@cvs.openbsd.org 2001/05/08 19:45:25
585 [misc.c misc.h scp.c sftp.c]
586 Use addargs() in sftp plus some clean up of addargs(). OK Markus
587 - markus@cvs.openbsd.org 2001/05/06 21:45:14
589 use atomicio for flushing stdout/stderr bufs. thanks to
590 jbw@izanami.cee.hw.ac.uk
591 - markus@cvs.openbsd.org 2001/05/08 22:48:07
593 no need for xmalloc.h, thanks to espie@
594 - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
596 - (bal) ./configure support to disable SIA on OSF1. Patch by
597 Chris Adams <cmadams@hiwaay.net>
598 - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
599 <nakaji@tutrp.tut.ac.jp>
602 - (bal) Fixed configure test for USE_SIA.
605 - (djm) Update config.guess and config.sub with latest versions (from
606 ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
607 Suggested by Jason Mader <jason@ncac.gwu.edu>
608 - (bal) White Space and #ifdef sync with OpenBSD
609 - (bal) Add 'seed_rng()' to ssh-add.c
610 - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
612 - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
613 [sftp.1 ssh-add.1 ssh-keygen.1]
618 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
621 - markus@cvs.openbsd.org 2001/05/04 14:34:34
623 channel_new() reallocs channels[], we cannot use Channel *c after
624 calling channel_new(), XXX fix this in the future...
625 - markus@cvs.openbsd.org 2001/05/04 23:47:34
626 [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
627 move to Channel **channels (instead of Channel *channels), fixes realloc
628 problems. channel_new now returns a Channel *, favour Channel * over
629 channel id. remove old channel_allocate interface.
633 - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
635 typo in debug() string
636 - markus@cvs.openbsd.org 2001/05/03 15:45:15
638 exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
639 - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
641 remove "\n" from fatal()
642 - mouring@cvs.openbsd.org 2001/05/03 23:09:53
643 [misc.c misc.h scp.c sftp.c]
644 Move colon() and cleanhost() to misc.c where I should I have put it in
646 - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
647 - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
648 Patch by Egor Duda <deo@logos-m.ru>
652 - markus@cvs.openbsd.org 2001/05/02 16:41:20
654 fix prompt for ssh-add.
658 - mouring@cvs.openbsd.org 2001/05/02 01:25:39
660 Put the 'const' back into ssh_askpass() function. Pointed out
661 by Mark Miller <markm@swoon.net>. OK Markus
665 - markus@cvs.openbsd.org 2001/04/30 11:18:52
666 [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
667 implement 'ssh -b bind_address' like 'telnet -b'
668 - markus@cvs.openbsd.org 2001/04/30 15:50:46
669 [compat.c compat.h kex.c]
670 allow interop with weaker key generation used by ssh-2.0.x, x < 10
671 - markus@cvs.openbsd.org 2001/04/30 16:02:49
673 ssh-2.0.10 has the weak-key-bug, too.
674 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
678 - markus@cvs.openbsd.org 2001/04/29 18:32:52
681 - markus@cvs.openbsd.org 2001/04/29 19:16:52
682 [channels.c clientloop.c compat.c compat.h serverloop.c]
683 more ssh.com-2.0.x bug-compat; from per@appgate.com
684 - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
685 - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
688 - (bal) Updated INSTALL. PCRE moved to a new place.
689 - (djm) Release OpenSSH-2.9p1
692 - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
693 patch based on 2.5.2 version by djm.
694 - (bal) Build manpages and config files once unless changed. Patch by
695 Carson Gaspar <carson@taltos.org>
696 - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
697 Vinschen <vinschen@redhat.com>
698 - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
699 Pekka Savola <pekkas@netcore.fi>
700 - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
701 <vinschen@redhat.com>
702 - (bal) version.h synced, RPM specs updated for 2.9
703 - (tim) update contrib/caldera files with what Caldera is using.
708 - markus@cvs.openbsd.org 2001/04/23 21:57:07
709 [ssh-keygen.1 ssh-keygen.c]
710 allow public key for -e, too
711 - markus@cvs.openbsd.org 2001/04/23 22:14:13
714 - (bal) Whitespace resync w/ OpenBSD for uidswap.c
715 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
716 (default: off), implies KbdInteractiveAuthentication. Suggestion from
718 - (djm) Include crypt.h if available in auth-passwd.c
719 - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
720 man page detection fixes for SCO
724 - markus@cvs.openbsd.org 2001/04/22 23:58:36
725 [ssh-keygen.1 ssh.1 sshd.8]
726 document hostbased and other cleanup
727 - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
728 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
729 - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
731 - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
735 - markus@cvs.openbsd.org 2001/04/20 16:32:22
737 set non-privileged gid before uid; tholo@ and deraadt@
738 - mouring@cvs.openbsd.org 2001/04/21 00:55:57
741 - djm@cvs.openbsd.org 2001/04/22 08:13:30
743 typos spotted by stevesk@; ok deraadt@
744 - markus@cvs.openbsd.org 2001/04/22 12:34:05
746 scp > 2GB; niles@scyld.com; ok deraadt@, djm@
747 - markus@cvs.openbsd.org 2001/04/22 13:25:37
748 [ssh-keygen.1 ssh-keygen.c]
749 rename arguments -x -> -e (export key), -X -> -i (import key)
750 xref draft-ietf-secsh-publickeyfile-01.txt
751 - markus@cvs.openbsd.org 2001/04/22 13:32:27
752 [sftp-server.8 sftp.1 ssh.1 sshd.8]
753 xref draft-ietf-secsh-*
754 - markus@cvs.openbsd.org 2001/04/22 13:41:02
755 [ssh-keygen.1 ssh-keygen.c]
756 style, noted by stevesk; sort flags in usage
760 - djm@cvs.openbsd.org 2001/04/20 07:17:51
762 Split out and improve escape character documentation, mention ~R in
763 ~? help text; ok markus@
764 - Update RPM spec files for CVS version.h
765 - (stevesk) set the default PAM service name to __progname instead
766 of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
767 - (stevesk) document PAM service name change in INSTALL
768 - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
769 fix perl test, fix nroff test, fix Makefile to build outside source tree
773 - ian@cvs.openbsd.org 2001/04/18 16:21:05
775 Fix typo reported in PR/1779
776 - markus@cvs.openbsd.org 2001/04/18 21:57:42
777 [readpass.c ssh-add.c]
778 call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
779 - markus@cvs.openbsd.org 2001/04/18 22:03:45
780 [auth2.c sshconnect2.c]
781 use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
782 - markus@cvs.openbsd.org 2001/04/18 22:48:26
785 - markus@cvs.openbsd.org 2001/04/18 23:43:26
786 [auth2.c compat.c sshconnect2.c]
787 more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
788 (however the 2.1.0 server seems to work only if debug is enabled...)
789 - markus@cvs.openbsd.org 2001/04/18 23:44:51
791 error->debug; noted by fries@
792 - markus@cvs.openbsd.org 2001/04/19 00:05:11
794 use local variable, no function call needed.
795 (btw, hostbased works now with ssh.com >= 2.0.13)
796 - (bal) Put scp-common.h back into scp.c (it exists in the upstream
797 tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
801 - markus@cvs.openbsd.org 2001/04/17 19:34:25
803 move auth_approval to do_authenticated().
804 do_child(): nuke hostkeys from memory
805 don't source .ssh/rc for subsystems.
806 - markus@cvs.openbsd.org 2001/04/18 14:15:00
809 - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
811 - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
812 Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
815 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
816 and temporary commented out 'catman-do:' since it is broken. Patches
817 for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
819 - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
821 better safe than sorry in later mods; yongari@kt-is.co.kr
822 - markus@cvs.openbsd.org 2001/04/17 08:14:01
824 check for key!=NULL, thanks to costa
825 - markus@cvs.openbsd.org 2001/04/17 09:52:48
827 handle EINTR/EAGAIN on read; ok deraadt@
828 - markus@cvs.openbsd.org 2001/04/17 10:53:26
829 [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
830 add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
831 - markus@cvs.openbsd.org 2001/04/17 12:55:04
833 undo socks5 and https support since they are not really used and
834 only bloat ssh. remove -D from usage(), since '-D' is experimental.
838 - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
841 - markus@cvs.openbsd.org 2001/04/15 08:43:47
842 [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
843 some unused variable and typos; from tomh@po.crl.go.jp
844 - markus@cvs.openbsd.org 2001/04/15 16:58:03
845 [authfile.c ssh-keygen.c sshd.c]
846 don't use errno for key_{load,save}_private; discussion w/ solar@openwall
847 - markus@cvs.openbsd.org 2001/04/15 17:16:00
849 set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
850 should fix some of the blocking problems for rsync over SSH-1
851 - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
853 some ClientAlive cleanup; ok markus@
854 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
855 [readconf.c servconf.c]
856 use fatal() or error() vs. fprintf(); ok markus@
857 - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
858 Roth <roth+openssh@feep.net>
859 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
860 - (djm) OpenBSD CVS Sync
861 - mouring@cvs.openbsd.org 2001/04/16 02:31:44
863 IPv6 support for sftp (which I bungled in my last patch) which is
864 borrowed from scp.c. Thanks to Markus@ for pointing it out.
865 - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
867 xrealloc dealing with ptr == nULL; mouring
868 - djm@cvs.openbsd.org 2001/04/16 08:19:31
870 Split motd and hushlogin checks into seperate functions, helps for
871 portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
872 - Fix OSF SIA support displaying too much information for quiet
873 logins and logins where access was denied by SIA. Patch from Chris Adams
878 - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
881 - markus@cvs.openbsd.org 2001/04/14 16:17:14
883 remove some channels that are not appropriate for keepalive.
884 - markus@cvs.openbsd.org 2001/04/14 16:27:57
886 use clear_pass instead of xfree()
887 - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
888 [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
889 protocol 2 tty modes support; ok markus@
890 - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
892 'T' handling rcp/scp sync; ok markus@
893 - Missed sshtty.[ch] in Sync.
896 - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
897 - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
898 <vinschen@redhat.com>
900 - beck@cvs.openbsd.org 2001/04/13 22:46:54
901 [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
902 Add options ClientAliveInterval and ClientAliveCountMax to sshd.
903 This gives the ability to do a "keepalive" via the encrypted channel
904 which can't be spoofed (unlike TCP keepalives). Useful for when you want
905 to use ssh connections to authenticate people for something, and know
906 relatively quickly when they are no longer authenticated. Disabled
907 by default (of course). ok markus@
911 - markus@cvs.openbsd.org 2001/04/12 14:29:09
913 show debug output during option processing, report from
915 - markus@cvs.openbsd.org 2001/04/12 19:15:26
916 [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
917 compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
918 servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
919 sshconnect2.c sshd_config]
920 implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
921 similar to RhostRSAAuthentication unless you enable (the experimental)
922 HostbasedUsesNameFromPacketOnly option. please test. :)
923 - markus@cvs.openbsd.org 2001/04/12 19:39:27
926 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
927 [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
928 robust port validation; ok markus@ jakob@
929 - mouring@cvs.openbsd.org 2001/04/12 23:17:54
930 [sftp-int.c sftp-int.h sftp.1 sftp.c]
932 sftp [user@]host[:file [file]] - Fetch remote file(s)
933 sftp [user@]host[:dir[/]] - Start in remote dir/
935 - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
937 missing \n in error message
938 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
943 - markus@cvs.openbsd.org 2001/04/10 07:46:58
945 cleanup socks4 handling
946 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
947 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
948 document id_rsa{.pub,}. markus ok
949 - markus@cvs.openbsd.org 2001/04/10 12:15:23
952 - djm@cvs.openbsd.org 2001/04/11 07:06:22
954 'mget' and 'mput' aliases; ok markus@
955 - markus@cvs.openbsd.org 2001/04/11 10:59:01
957 use strtol() for ports, thanks jakob@
958 - markus@cvs.openbsd.org 2001/04/11 13:56:13
960 https-connect and socks5 support. i feel so bad.
961 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
963 implement the -e option into sshd:
964 -e When this option is specified, sshd will send the output to the
965 standard error instead of the system log.
970 - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
972 do not modify an actual argv[] entry
973 - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
976 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
979 - markus@cvs.openbsd.org 2001/04/09 15:12:23
981 passphrase caching: ssh-add tries last passphrase, clears passphrase if
982 not successful and after last try.
983 based on discussions with espie@, jakob@, ... and code from jakob@ and
985 - markus@cvs.openbsd.org 2001/04/09 15:19:49
987 ssh-add retries the last passphrase...
988 - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
990 ListenAddress mandoc from aaron@
993 - (stevesk) use setresgid() for setegid() if needed
994 - (stevesk) configure.in: typo
996 - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
998 document ListenAddress addr:port
999 - markus@cvs.openbsd.org 2001/04/08 13:03:00
1001 init pointers with NULL, thanks to danimal@danimal.org
1002 - markus@cvs.openbsd.org 2001/04/08 11:27:33
1004 leave_raw_mode if ssh2 "session" is closed
1005 - markus@cvs.openbsd.org 2001/04/06 21:00:17
1006 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
1007 ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
1008 do gid/groups-swap in addition to uid-swap, should help if /home/group
1009 is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
1010 to olar@openwall.com is comments. we had many requests for this.
1011 - markus@cvs.openbsd.org 2001/04/07 08:55:18
1012 [buffer.c channels.c channels.h readconf.c ssh.c]
1013 allow the ssh client act as a SOCKS4 proxy (dynamic local
1014 portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
1015 thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
1016 netscape use localhost:1080 as a socks proxy.
1017 - markus@cvs.openbsd.org 2001/04/08 11:24:33
1023 - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
1025 unused; typo in comment
1026 - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
1029 ListenAddress host|ipv4_addr|ipv6_addr
1031 ListenAddress [host|ipv4_addr|ipv6_addr]:port
1032 ListenAddress host|ipv4_addr:port
1033 sshd.8 updates coming. ok markus@
1036 - (bal) CVS ID Resync of version.h
1038 - markus@cvs.openbsd.org 2001/04/05 23:39:20
1040 keep the ssh session even if there is no active channel.
1041 this is more in line with the protocol spec and makes
1042 ssh -N -L 1234:server:110 host
1044 based on discussion with <mats@mindbright.se> long time ago
1045 and recent mail from <res@shore.net>
1046 - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
1048 remove trailing / from source paths; fixes pr#1756
1051 - (stevesk) logintest.c: fix for systems without __progname
1052 - (stevesk) Makefile.in: log.o is in libssh.a
1054 - markus@cvs.openbsd.org 2001/04/05 10:00:06
1056 2.3.x does old GEX, too; report jakob@
1057 - markus@cvs.openbsd.org 2001/04/05 10:39:03
1058 [compress.c compress.h packet.c]
1059 reset compress state per direction when rekeying.
1060 - markus@cvs.openbsd.org 2001/04/05 10:39:48
1062 temporary version 2.5.4 (supports rekeying).
1063 this is not an official release.
1064 - markus@cvs.openbsd.org 2001/04/05 10:42:57
1065 [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
1066 mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
1067 sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
1068 sshconnect2.c sshd.c]
1069 fix whitespace: unexpand + trailing spaces.
1070 - markus@cvs.openbsd.org 2001/04/05 11:09:17
1071 [clientloop.c compat.c compat.h]
1072 add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
1073 - markus@cvs.openbsd.org 2001/04/05 15:45:43
1075 ssh defaults to protocol v2; from quisar@quisar.ambre.net
1076 - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
1077 [canohost.c canohost.h session.c]
1078 move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
1079 - markus@cvs.openbsd.org 2001/04/05 20:01:10
1081 for ~R print message if server does not support rekeying. (and fix ~R).
1082 - markus@cvs.openbsd.org 2001/04/05 21:02:46
1084 better error message
1085 - markus@cvs.openbsd.org 2001/04/05 21:05:24
1086 [clientloop.c ssh.c]
1087 don't request a session for 'ssh -N', pointed out slade@shore.net
1091 - markus@cvs.openbsd.org 2001/04/04 09:48:35
1092 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
1093 don't sent multiple kexinit-requests.
1094 send newkeys, block while waiting for newkeys.
1096 - markus@cvs.openbsd.org 2001/04/04 14:34:58
1097 [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
1098 enable server side rekeying + some rekey related clientup.
1099 todo: we should not send any non-KEX messages after we send KEXINIT
1100 - markus@cvs.openbsd.org 2001/04/04 15:50:55
1102 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
1103 - markus@cvs.openbsd.org 2001/04/04 20:25:38
1104 [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
1105 sshconnect2.c sshd.c]
1106 more robust rekeying
1107 don't send channel data after rekeying is started.
1108 - markus@cvs.openbsd.org 2001/04/04 20:32:56
1110 we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
1111 - markus@cvs.openbsd.org 2001/04/04 22:04:35
1112 [kex.c kexgex.c serverloop.c]
1113 parse full kexinit packet.
1114 make server-side more robust, too.
1115 - markus@cvs.openbsd.org 2001/04/04 23:09:18
1116 [dh.c kex.c packet.c]
1117 clear+free keys,iv for rekeying.
1118 + fix DH mem leaks. ok niels@
1119 - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
1124 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
1126 grammar; slade@shore.net
1127 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
1128 [sftp-glob.c ssh-agent.c ssh-keygen.c]
1130 - markus@cvs.openbsd.org 2001/04/03 19:53:29
1131 [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
1132 move kex to kex*.c, used dispatch_set() callbacks for kex. should
1133 make rekeying easier.
1134 - todd@cvs.openbsd.org 2001/04/03 21:19:38
1136 id_rsa1/2 -> id_rsa; ok markus@
1137 - markus@cvs.openbsd.org 2001/04/03 23:32:12
1138 [kex.c kex.h packet.c sshconnect2.c sshd.c]
1139 undo parts of recent my changes: main part of keyexchange does not
1140 need dispatch-callbacks, since application data is delayed until
1141 the keyexchange completes (if i understand the drafts correctly).
1142 add some infrastructure for re-keying.
1143 - markus@cvs.openbsd.org 2001/04/04 00:06:54
1144 [clientloop.c sshconnect2.c]
1145 enable client rekeying
1146 (1) force rekeying with ~R, or
1147 (2) if the server requests rekeying.
1148 works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
1149 - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
1153 - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
1156 - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
1157 [readconf.c servconf.c]
1158 correct comment; ok markus@
1159 - (stevesk) nchan.c: remove ostate checks and add EINVAL to
1160 shutdown(SHUT_RD) error() bypass for HP-UX.
1163 - (stevesk) log.c openbsd sync; missing newlines
1164 - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
1167 - (djm) Another openbsd-compat/glob.c sync
1168 - (djm) OpenBSD CVS Sync
1169 - provos@cvs.openbsd.org 2001/03/28 21:59:41
1170 [kex.c kex.h sshconnect2.c sshd.c]
1171 forgot to include min and max params in hash, okay markus@
1172 - provos@cvs.openbsd.org 2001/03/28 22:04:57
1174 more sanity checking on primes file
1175 - markus@cvs.openbsd.org 2001/03/28 22:43:31
1176 [auth.h auth2.c auth2-chall.c]
1177 check auth_root_allowed for kbd-int auth, too.
1178 - provos@cvs.openbsd.org 2001/03/29 14:24:59
1180 use recommended defaults
1181 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
1182 [sshconnect2.c sshd.c]
1183 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
1184 - markus@cvs.openbsd.org 2001/03/29 21:17:40
1185 [dh.c dh.h kex.c kex.h]
1186 prepare for rekeying: move DH code to dh.c
1187 - djm@cvs.openbsd.org 2001/03/29 23:42:01
1189 Protocol 1 key regeneration log => verbose, some KNF; ok markus@
1193 - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
1195 document more defaults; misc. cleanup. ok markus@
1196 - markus@cvs.openbsd.org 2001/03/26 23:12:42
1199 - markus@cvs.openbsd.org 2001/03/26 23:23:24
1200 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
1201 try to read private f-secure ssh v2 rsa keys.
1202 - markus@cvs.openbsd.org 2001/03/27 10:34:08
1204 use EVP_get_digestbynid, reorder some calls and fix missing free.
1205 - markus@cvs.openbsd.org 2001/03/27 10:57:00
1206 [compat.c compat.h ssh-rsa.c]
1207 some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
1208 signatures in SSH protocol 2, ok djm@
1209 - provos@cvs.openbsd.org 2001/03/27 17:46:50
1210 [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
1211 make dh group exchange more flexible, allow min and max group size,
1212 okay markus@, deraadt@
1213 - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
1215 start to sync scp closer to rcp; ok markus@
1216 - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
1218 usage more like rcp and add missing -B to usage; ok markus@
1219 - markus@cvs.openbsd.org 2001/03/28 20:50:45
1221 call refuse() before close(); from olemx@ans.pl
1224 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
1225 resolve linking conflicts with libcrypto. Report and suggested fix
1226 from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
1227 - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
1228 fix from Philippe Levan <levan@epix.net>
1229 - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
1230 doesn't work because of conflicts between krbIV's and OpenSSL's des.h
1231 - (djm) Sync openbsd-compat/glob.c
1234 - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
1235 - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
1236 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
1238 - djm@cvs.openbsd.org 2001/03/25 00:01:34
1241 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
1242 [servconf.c servconf.h session.c sshd.8 sshd_config]
1243 PrintLastLog option; from chip@valinux.com with some minor
1244 changes by me. ok markus@
1245 - markus@cvs.openbsd.org 2001/03/26 08:07:09
1246 [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
1247 sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
1248 simpler key load/save interface, see authfile.h
1249 - (djm) Reestablish PAM credentials (which can be supplemental group
1250 memberships) after initgroups() blows them away. Report and suggested
1251 fix from Nalin Dahyabhai <nalin@redhat.com>
1254 - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
1256 - djm@cvs.openbsd.org 2001/03/23 11:04:07
1257 [compat.c compat.h sshconnect2.c sshd.c]
1258 Compat for OpenSSH with broken Rijndael/AES. ok markus@
1259 - markus@cvs.openbsd.org 2001/03/23 12:02:49
1261 authctxt is now passed to do_authenticated
1262 - markus@cvs.openbsd.org 2001/03/23 13:10:57
1264 fix put, upload to _absolute_ path, ok djm@
1265 - markus@cvs.openbsd.org 2001/03/23 14:28:32
1267 ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
1268 - (djm) Pull out our own SIGPIPE hacks
1272 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
1274 do not place linefeeds in buffer
1277 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
1278 - (bal) version.c CVS ID resync
1279 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
1281 - (bal) scp.c CVS ID resync
1283 - markus@cvs.openbsd.org 2001/03/20 19:10:16
1285 default to SSH protocol version 2
1286 - markus@cvs.openbsd.org 2001/03/20 19:21:21
1289 - markus@cvs.openbsd.org 2001/03/20 19:21:21
1292 - markus@cvs.openbsd.org 2001/03/21 11:43:45
1293 [auth1.c auth2.c session.c session.h]
1294 merge common ssh v1/2 code
1295 - jakob@cvs.openbsd.org 2001/03/21 14:20:45
1297 add -B flag to usage
1298 - markus@cvs.openbsd.org 2001/03/21 21:06:30
1300 missing init; from mib@unimelb.edu.au
1303 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
1304 VanDevender <stevev@darkwing.uoregon.edu>
1305 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
1306 from Solar Designer <solar@openwall.com>
1307 - (djm) Don't loop forever when changing password via PAM. Patch
1308 from Solar Designer <solar@openwall.com>
1309 - (djm) Generate config files before build
1310 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
1311 suggested fix from Mike Battersby <mib@unimelb.edu.au>
1314 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
1315 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
1316 - (bal) Oops. Missed globc.h change (OpenBSD CVS).
1317 - (djm) OpenBSD CVS Sync
1318 - markus@cvs.openbsd.org 2001/03/19 17:07:23
1320 undo /etc/shell and proto 2,1 change for openssh-2.5.2
1321 - markus@cvs.openbsd.org 2001/03/19 17:12:10
1324 - (djm) Update RPM spec version
1325 - (djm) Release 2.5.2p1
1326 - tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
1327 change S_ISLNK macro to work for UnixWare 2.03
1328 - tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
1329 add get_arg_max(). Use sysconf() if ARG_MAX is not defined
1332 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
1334 - (djm) Add getusershell() functions from OpenBSD CVS
1336 - markus@cvs.openbsd.org 2001/03/18 12:07:52
1338 ignore permitopen="host:port" if AllowTcpForwarding==no
1339 - (djm) Make scp work on systems without 64-bit ints
1340 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
1341 move HAVE_LONG_LONG_INT where it works
1342 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
1343 stuff. Change suggested by Mark Miller <markm@swoon.net>
1344 - (bal) Small fix to scp. %lu vs %ld
1345 - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
1346 - (djm) OpenBSD CVS Sync
1347 - djm@cvs.openbsd.org 2001/03/19 03:52:51
1349 Report ssh connection closing correctly; ok deraadt@
1350 - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
1351 [compat.c compat.h sshd.c]
1352 specifically version match on ssh scanners. do not log scan
1353 information to the console
1354 - djm@cvs.openbsd.org 2001/03/19 12:10:17
1356 Document permitopen authorized_keys option; ok markus@
1357 - djm@cvs.openbsd.org 2001/03/19 05:49:52
1359 document PreferredAuthentications option; ok markus@
1360 - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
1363 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
1364 size not delimited" fatal errors when tranfering.
1366 - markus@cvs.openbsd.org 2001/03/17 17:27:59
1368 check /etc/shells, too
1369 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
1370 openbsd-compat/fake-regex.h
1373 - Support usrinfo() on AIX. Based on patch from Gert Doering
1374 <gert@greenie.muc.de>
1376 - markus@cvs.openbsd.org 2001/03/15 15:05:59
1378 use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
1379 - markus@cvs.openbsd.org 2001/03/15 22:07:08
1381 pass Session to do_child + KNF
1382 - djm@cvs.openbsd.org 2001/03/16 08:16:18
1383 [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
1384 Revise globbing for get/put to be more shell-like. In particular,
1385 "get/put file* directory/" now works. ok markus@
1386 - markus@cvs.openbsd.org 2001/03/16 09:55:53
1388 fix memset and whitespace
1389 - markus@cvs.openbsd.org 2001/03/16 13:44:24
1391 discourage strcat/strcpy
1392 - markus@cvs.openbsd.org 2001/03/16 19:06:30
1393 [auth-options.c channels.c channels.h serverloop.c session.c]
1394 implement "permitopen" key option, restricts -L style forwarding to
1395 to specified host:port pairs. based on work by harlan@genua.de
1396 - Check for gl_matchc support in glob_t and fall back to the
1397 openbsd-compat/glob.[ch] support if it does not exist.
1401 - markus@cvs.openbsd.org 2001/03/14 08:57:14
1404 - markus@cvs.openbsd.org 2001/03/14 15:15:58
1407 - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
1410 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
1411 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
1415 - markus@cvs.openbsd.org 2001/03/13 17:34:42
1417 missing xfree, deny key on parse error; ok stevesk@
1418 - djm@cvs.openbsd.org 2001/03/13 22:42:54
1419 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
1420 sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
1421 - (bal) Fix strerror() in bsd-misc.c
1422 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
1423 missing or lacks the GLOB_ALTDIRFUNC extension
1424 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
1425 relatively. Avoids conflict between glob.h and /usr/include/glob.h
1429 - markus@cvs.openbsd.org 2001/03/12 22:02:02
1430 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
1431 remove old key_fingerprint interface, s/_ex//
1435 - markus@cvs.openbsd.org 2001/03/11 13:25:36
1438 - jakob@cvs.openbsd.org 2001/03/11 15:03:16
1440 add improved fingerprint functions. based on work by Carsten
1441 Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
1442 - jakob@cvs.openbsd.org 2001/03/11 15:04:16
1443 [ssh-keygen.1 ssh-keygen.c]
1444 print both md5, sha1 and bubblebabble fingerprints when using
1445 ssh-keygen -l -v. ok markus@.
1446 - jakob@cvs.openbsd.org 2001/03/11 15:13:09
1448 cleanup & shorten some var names key_fingerprint_bubblebabble.
1449 - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
1451 KNF, and SHA1 binary output is just creeping featurism
1452 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
1453 test if snprintf() supports %ll
1454 add /dev to search path for PRNGD/EGD socket
1455 fix my mistake in USER_PATH test program
1457 - markus@cvs.openbsd.org 2001/03/11 18:29:51
1460 - markus@cvs.openbsd.org 2001/03/11 22:33:24
1461 [ssh-keygen.1 ssh-keygen.c]
1462 remove -v again. use -B instead for bubblebabble. make -B consistent
1463 with -l and make -B work with /path/to/known_hosts. ok deraadt@
1464 - (djm) Bump portable version number for generating test RPMs
1465 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
1466 - (bal) Reorder includes in Makefile.
1470 - markus@cvs.openbsd.org 2001/03/10 12:48:27
1472 ignore nonexisting private keys; report rjmooney@mediaone.net
1473 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
1474 [readconf.c ssh_config]
1475 default to SSH2, now that m68k runs fast
1476 - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
1477 [ttymodes.c ttymodes.h]
1478 remove unused sgtty macros; ok markus@
1479 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
1480 [compat.c compat.h sshconnect.c]
1481 all known netscreen ssh versions, and older versions of OSU ssh cannot
1482 handle password padding (newer OSU is fixed)
1483 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
1484 make sure $bindir is in USER_PATH so scp will work
1486 - markus@cvs.openbsd.org 2001/03/10 17:51:04
1487 [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
1488 add PreferredAuthentications
1492 - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
1494 create *.pub files with umask 0644, so that you can mv them to
1496 - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
1498 typo; slade@shore.net
1499 - Removed log.o from sftp client. Not needed.
1503 - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
1506 - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
1508 spelling, cleanup; ok deraadt@
1509 - markus@cvs.openbsd.org 2001/03/08 21:42:33
1510 [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
1511 implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
1512 no need to do enter passphrase or do expensive sign operations if the
1513 server does not accept key).
1517 - djm@cvs.openbsd.org 2001/03/07 10:11:23
1518 [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
1519 Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
1520 functions and small protocol change.
1521 - markus@cvs.openbsd.org 2001/03/08 00:15:48
1523 turn off useprivilegedports by default. only rhost-auth needs
1524 this. older sshd's may need this, too.
1525 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
1526 Dirk Markwardt <D.Markwardt@tu-bs.de>
1529 - (bal) OpenBSD CVS Sync
1530 - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
1533 - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
1534 [sftp-int.c sftp.1 sftp.c]
1535 sftp -b batchfile; mouring@etoh.eviladmin.org
1536 - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
1539 - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
1541 the name "secure shell" is boring, noone ever uses it
1542 - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
1544 removed dated comment
1545 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
1548 - (bal) OpenBSD CVS Sync
1549 - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
1551 alpha order; jcs@rt.fm
1552 - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
1554 sync error message; ok markus@
1555 - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
1556 [myproposal.h ssh.1]
1557 switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
1559 - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
1561 detail default hmac setup too
1562 - markus@cvs.openbsd.org 2001/03/05 17:17:21
1563 [kex.c kex.h sshconnect2.c sshd.c]
1564 generate a 2*need size (~300 instead of 1024/2048) random private
1565 exponent during the DH key agreement. according to Niels (the great
1566 german advisor) this is safe since /etc/primes contains strong
1570 P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
1571 agreement with short exponents, In Advances in Cryptology
1572 - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
1573 - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
1575 more ssh_known_hosts2 documentation; ok markus@
1576 - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
1579 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
1580 [authfd.c cli.c ssh-agent.c]
1581 EINTR/EAGAIN handling is required in more cases
1582 - millert@cvs.openbsd.org 2001/03/06 01:06:03
1584 Don't assume we wil get the version string all in one read().
1586 - millert@cvs.openbsd.org 2001/03/06 01:08:27
1588 If read() fails with EINTR deal with it the same way we treat EAGAIN
1591 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
1592 - (bal) CVS ID touch up on sftp-int.c
1593 - (bal) CVS ID touch up on uuencode.c
1594 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
1595 - (bal) OpenBSD CVS Sync
1596 - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
1598 it's the OpenSSH one
1599 - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
1601 inline -> __inline__, and some indent
1602 - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
1605 - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
1607 careful with & and &&; markus ok
1608 - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
1610 -i supports DSA identities now; ok markus@
1611 - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
1613 grammar; slade@shore.net
1614 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
1615 [ssh-keygen.1 ssh-keygen.c]
1616 document -d, and -t defaults to rsa1
1617 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
1618 [ssh-keygen.1 ssh-keygen.c]
1620 - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
1623 - markus@cvs.openbsd.org 2001/02/22 21:57:27
1625 typos/grammar from matt@anzen.com
1626 - markus@cvs.openbsd.org 2001/02/22 21:59:44
1627 [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
1628 use pwcopy in ssh.c, too
1629 - markus@cvs.openbsd.org 2001/02/23 15:34:53
1632 - markus@cvs.openbsd.org 2001/02/23 18:15:13
1634 the random session key depends now on the session_key_int
1635 sent by the 'attacker'
1636 dig1 = md5(cookie|session_key_int);
1637 dig2 = md5(dig1|cookie|session_key_int);
1638 fake_session_key = dig1|dig2;
1639 this change is caused by a mail from anakin@pobox.com
1640 patch based on discussions with my german advisor niels@openbsd.org
1641 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
1643 look for id_rsa by default, before id_dsa
1644 - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
1646 ssh2 rsa key before dsa key
1647 - markus@cvs.openbsd.org 2001/02/27 10:35:27
1650 - markus@cvs.openbsd.org 2001/02/27 11:00:11
1652 support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
1653 - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
1656 - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
1658 do not kill the subprocess on termination (we will see if this helps
1659 things or hurts things)
1660 - markus@cvs.openbsd.org 2001/02/28 08:45:39
1662 fix byte counts for ssh protocol v1
1663 - markus@cvs.openbsd.org 2001/02/28 08:54:55
1664 [channels.c nchan.c nchan.h]
1665 make sure remote stderr does not get truncated.
1666 remove closed fd's from the select mask.
1667 - markus@cvs.openbsd.org 2001/02/28 09:57:07
1668 [packet.c packet.h sshconnect2.c]
1669 in ssh protocol v2 use ignore messages for padding (instead of
1671 - markus@cvs.openbsd.org 2001/02/28 12:55:07
1673 unify debug messages
1674 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
1676 for completeness, copy pw_gecos too
1677 - markus@cvs.openbsd.org 2001/02/28 21:21:41
1679 generate a fake session id, too
1680 - markus@cvs.openbsd.org 2001/02/28 21:27:48
1681 [channels.c packet.c packet.h serverloop.c]
1682 use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
1683 use random content in ignore messages.
1684 - markus@cvs.openbsd.org 2001/02/28 21:31:32
1687 - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
1689 split line so that p will have an easier time next time around
1690 - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
1692 shorten usage by a line
1693 - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
1694 [auth-rsa.c auth2.c deattack.c packet.c]
1696 - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
1697 [cli.c cli.h rijndael.h ssh-keyscan.1]
1698 copyright notices on all source files
1699 - markus@cvs.openbsd.org 2001/03/01 22:46:37
1701 don't truncate remote ssh-2 commands; from mkubita@securities.cz
1702 use min, not max for logging, fixes overflow.
1703 - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
1705 explain SIGHUP better
1706 - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
1708 doc the dsa/rsa key pair files
1709 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
1710 [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
1711 scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
1712 ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
1713 make copyright lines the same format
1714 - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
1717 - millert@cvs.openbsd.org 2001/03/03 21:19:41
1719 Dynamically allocate read_wait and its copies. Since maxfd is
1720 based on resource limits it is often (usually?) larger than FD_SETSIZE.
1721 - millert@cvs.openbsd.org 2001/03/03 21:40:30
1723 Dynamically allocate fd_set; deraadt@ OK
1724 - millert@cvs.openbsd.org 2001/03/03 21:41:07
1726 Dynamically allocate fd_set; deraadt@ OK
1727 - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
1730 - markus@cvs.openbsd.org 2001/03/03 23:52:22
1732 clean up arg processing. based on work by Christophe_Moret@hp.com
1733 - markus@cvs.openbsd.org 2001/03/03 23:59:34
1736 - markus@cvs.openbsd.org 2001/03/04 00:03:59
1739 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
1741 add -m to usage; ok markus@
1742 - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
1744 small cleanup and clarify for PermitRootLogin; ok markus@
1745 - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
1747 kill obsolete RandomSeed; ok markus@ deraadt@
1748 - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
1751 - millert@cvs.openbsd.org 2001/03/04 17:42:28
1752 [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
1753 ssh.c sshconnect.c sshd.c]
1754 log functions should not be passed strings that end in newline as they
1755 get passed on to syslog() and when logging to stderr, do_log() appends
1757 - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
1760 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
1761 - (bal) Fix up logging since it changed. removed log-*.c
1762 - (djm) Fix up LOG_AUTHPRIV for systems that have it
1763 - (stevesk) OpenBSD sync:
1764 - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
1766 skip inlining, why bother
1767 - (stevesk) sftp.c: handle __progname
1770 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
1771 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
1772 give Mark Roth credit for mdoc2man.pl
1775 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
1776 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
1777 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
1778 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
1779 "--with-egd-pool" configure option with "--with-prngd-socket" and
1780 "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
1781 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
1784 - (djm) Properly add -lcrypt if needed.
1785 - (djm) Force standard PAM conversation function in a few more places.
1786 Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
1788 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
1789 <vinschen@redhat.com>
1790 - (djm) Released 2.5.1p2
1793 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
1794 "Bad packet length" bugs.
1795 - (djm) Fully revert PAM session patch (again). All PAM session init is
1796 now done before the final fork().
1797 - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
1798 - (djm) Remove /tmp from EGD socket search list
1801 - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
1802 <vinschen@redhat.com>
1803 - (bal) OpenBSD Sync
1804 - markus@cvs.openbsd.org 2001/02/23 15:37:45
1806 handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
1807 - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
1808 <jmknoble@jmknoble.cx>
1809 - (djm) Fix up POSIX saved uid support. Report from Mark Miller
1811 - (djm) Search for -lcrypt on FreeBSD too
1812 - (djm) fatal() on OpenSSL version mismatch
1813 - (djm) Move PAM init to after fork for non-Solaris derived PAMs
1814 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
1817 - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
1818 change is being made as 2.5.x configfiles are not back-compatible with
1820 - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
1822 - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
1823 <tim@multitalents.net>
1824 - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
1825 <tim@multitalents.net>
1828 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
1829 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
1830 Based on patch from Tim Rice <tim@multitalents.net>
1833 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
1834 Patch from Adrian Ho <lexfiend@usa.net>
1835 - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
1836 platform defines u_int64_t as being that.
1839 - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
1840 Vinschen <vinschen@redhat.com>
1841 - (bal) Reorder where 'strftime' is detected to resolve linking
1842 issues on SCO. Patch by Tim Rice <tim@multitalents.net>
1845 - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
1846 Patch by Pekka Savola <pekkas@netcore.fi>
1847 - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
1849 - (bal) Generalize lack of UNIX sockets since this also effects Cray
1850 not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
1853 - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
1854 <tell@telltronics.org>
1855 - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
1856 that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
1857 - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
1858 <tim@multitalents.net>
1861 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
1862 - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
1863 - (bal) Removed reference to liblogin from contrib/README. It was
1864 integrated into OpenSSH a long while ago.
1865 - (stevesk) remove erroneous #ifdef sgi code.
1866 Michael Stone <mstone@cs.loyola.edu>
1869 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
1870 - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
1871 <tim@multitalents.net>
1872 - (bal) Reverted out of 2001/02/15 patch by djm below because it
1874 - (djm) Move PAM session setup back to before setuid to user.
1875 fixes problems on Solaris-drived PAMs.
1876 - (stevesk) session.c: back out to where we were before:
1877 - (djm) Move PAM session initialisation until after fork in sshd. Patch
1878 from Nalin Dahyabhai <nalin@redhat.com>
1881 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
1883 - (bal) OpenBSD CVS Sync:
1884 - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
1886 clarify message to make it not mention "ident"
1889 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
1890 pty.[ch] -> sshpty.[ch]
1891 - (djm) Rework search for OpenSSL location. Skip directories which don't
1892 exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
1893 with its limit of 6 -L options.
1895 - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
1898 - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
1900 cleanup -V output; noted by millert
1901 - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
1903 it's the OpenSSH one
1904 - markus@cvs.openbsd.org 2001/02/18 11:33:54
1906 typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
1907 - markus@cvs.openbsd.org 2001/02/19 02:53:32
1908 [compat.c compat.h serverloop.c]
1909 ssh-1.2.{18-22} has broken handling of ignore messages; report from
1911 - markus@cvs.openbsd.org 2001/02/19 03:35:23
1913 OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
1914 - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
1916 np is changed by recursion; vinschen@redhat.com
1917 - Update versions in RPM spec files
1921 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
1922 <tim@multitalents.net>
1923 - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
1925 - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
1926 <vinschen@redhat.com> and myself.
1927 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
1928 Miskiewicz <misiek@pld.ORG.PL>
1929 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
1930 Todd C. Miller <Todd.Miller@courtesan.com>
1931 - (djm) Use ttyname() to determine name of tty returned by openpty()
1932 rather then risking overflow. Patch from Marek Michalkiewicz
1933 <marekm@amelek.gda.pl>
1934 - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
1935 Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
1936 - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
1937 - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
1939 - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
1940 <tim@multitalents.net>
1941 - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
1942 - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
1943 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
1945 - (djm) Move entropy.c over to mysignal()
1946 - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
1947 a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
1948 Miller <Todd.Miller@courtesan.com>
1949 - (djm) Update RPM spec files for 2.5.0p1
1950 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
1951 enable with --with-bsd-auth.
1952 - (stevesk) entropy.c: typo; should be SIGPIPE
1955 - (bal) OpenBSD Sync:
1956 - markus@cvs.openbsd.org 2001/02/16 13:38:18
1959 - markus@cvs.openbsd.org 2001/02/16 14:03:43
1961 proper payload-length check for x11 w/o screen-number
1964 - (bal) added '--with-prce' to allow overriding of system regex when
1965 required (tested by David Dulek <ddulek@fastenal.com>)
1966 - (bal) Added DG/UX case and set that they have a broken IPTOS.
1967 - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
1968 Fixes linking on SCO.
1969 - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
1970 Nalin Dahyabhai <nalin@redhat.com>
1971 - (djm) BSD license for gnome-ssh-askpass (was X11)
1972 - (djm) KNF on gnome-ssh-askpass
1973 - (djm) USE_PIPES for a few more sysv platforms
1974 - (djm) Cleanup configure.in a little
1975 - (djm) Ask users to check config.log when we can't find necessary libs
1976 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
1977 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
1978 - (djm) OpenBSD CVS:
1979 - markus@cvs.openbsd.org 2001/02/15 16:19:59
1980 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
1981 [sshconnect1.c sshconnect2.c]
1982 genericize password padding function for SSH1 and SSH2.
1983 add stylized echo to 2, too.
1984 - (djm) Add roundup() macro to defines.h
1985 - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
1986 needed on Unixware 2.x.
1989 - (djm) Move PAM session setup back to before setuid to user. Fixes
1990 problems on Solaris-derived PAMs.
1991 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
1992 <Darren.Moffat@eng.sun.com>
1993 - (bal) Sync w/ OpenSSH for new release
1994 - markus@cvs.openbsd.org 2001/02/12 12:45:06
1996 fix xmalloc(0), ok dugsong@
1997 - markus@cvs.openbsd.org 2001/02/11 12:59:25
1998 [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
1999 sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
2000 1) clean up the MAC support for SSH-2
2001 2) allow you to specify the MAC with 'ssh -m'
2002 3) or the 'MACs' keyword in ssh(d)_config
2003 4) add hmac-{md5,sha1}-96
2004 ok stevesk@, provos@
2005 - markus@cvs.openbsd.org 2001/02/12 16:16:23
2006 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
2007 ssh-keygen.c sshd.8]
2008 PermitRootLogin={yes,without-password,forced-commands-only,no}
2009 (before this change, root could login even if PermitRootLogin==no)
2010 - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
2011 [clientloop.c packet.c ssh-keyscan.c]
2012 deal with EAGAIN/EINTR selects which were skipped
2013 - markus@cvs.openssh.org 2001/02/13 22:49:40
2015 setproctitle(user) only if getpwnam succeeds
2016 - markus@cvs.openbsd.org 2001/02/12 23:26:20
2018 missing memset; from solar@openwall.com
2019 - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
2021 lumask now works with 1 numeric arg; ok markus@, djm@
2022 - djm@cvs.openbsd.org 2001/02/14 9:46:03
2023 [sftp-client.c sftp-int.c sftp.1]
2024 Fix and document 'preserve modes & times' option ('-p' flag in sftp);
2026 - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
2027 - (djm) Move to Jim's 1.2.0 X11 askpass program
2028 - (stevesk) OpenBSD sync:
2029 - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
2034 - (djm) Don't try to close PAM session or delete credentials if the
2035 session has not been open or credentials not set. Based on patch from
2036 Andrew Bartlett <abartlet@pcug.org.au>
2037 - (djm) Move PAM session initialisation until after fork in sshd. Patch
2038 from Nalin Dahyabhai <nalin@redhat.com>
2039 - (bal) Missing function prototype in bsd-snprintf.c patch by
2040 Mark Miller <markm@swoon.net>
2041 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
2042 <cmadams@hiwaay.net> with a little modification and KNF.
2043 - (stevesk) fix for SIA patch, misplaced session_setup_sia()
2046 - (djm) Only test -S potential EGD sockets if they exist and are readable.
2047 - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
2048 I did a base KNF over the whe whole file to make it more acceptable.
2049 (backed out of original patch and removed it from ChangeLog)
2050 - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
2051 Tim Rice <tim@multitalents.net>
2052 - (stevesk) auth1.c: fix PAM passwordless check.
2055 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
2056 --define "skip_gnome_askpass 1", --define "rh7 1" and make the
2057 implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
2058 Pekka Savola <pekkas@netcore.fi>
2059 - (djm) Clean up PCRE text in INSTALL
2060 - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
2061 <mib@unimelb.edu.au>
2062 - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
2063 - (stevesk) session.c: remove debugging code.
2066 - (bal) OpenBSD Sync
2067 - markus@cvs.openbsd.org 2001/02/07 22:35:46
2068 [auth1.c auth2.c sshd.c]
2069 move k_setpag() to a central place; ok dugsong@
2070 - markus@cvs.openbsd.org 2001/02/10 12:52:02
2072 offer passwd before s/key
2073 - markus@cvs.openbsd.org 2001/02/8 22:37:10
2075 remove last call to sprintf; ok deraadt@
2076 - markus@cvs.openbsd.org 2001/02/10 1:33:32
2078 add debug message, since sshd blocks here if DNS is not available
2079 - markus@cvs.openbsd.org 2001/02/10 12:44:02
2081 don't call vis() for \r
2082 - danh@cvs.openbsd.org 2001/02/10 0:12:43
2084 revert a small change to allow -r option to work again; ok deraadt@
2085 - danh@cvs.openbsd.org 2001/02/10 15:14:11
2087 fix memory leak; ok markus@
2088 - djm@cvs.openbsd.org 2001/02/10 0:45:52
2090 Mention that you can quote pathnames with spaces in them
2091 - markus@cvs.openbsd.org 2001/02/10 1:46:28
2093 remove mapping of argv[0] -> hostname
2094 - markus@cvs.openbsd.org 2001/02/06 22:26:17
2096 do not ask for passphrase in batch mode; report from ejb@ql.org
2097 - itojun@cvs.opebsd.org 2001/02/08 10:47:05
2098 [sshconnect.c sshconnect1.c sshconnect2.c]
2099 %.30s is too short for IPv6 numeric address. use %.128s for now.
2101 - markus@cvs.openbsd.org 2001/02/09 12:28:35
2103 do not free twice, thanks to /etc/malloc.conf
2104 - markus@cvs.openbsd.org 2001/02/09 17:10:53
2106 partial success: debug->log; "Permission denied" if no more auth methods
2107 - markus@cvs.openbsd.org 2001/02/10 12:09:21
2110 - markus@cvs.openbsd.org 2001/02/09 13:38:07
2112 reset options if no option is given; from han.holl@prismant.nl
2113 - markus@cvs.openbsd.org 2001/02/08 21:58:28
2115 nuke sprintf, ok deraadt@
2116 - markus@cvs.openbsd.org 2001/02/08 21:58:28
2118 nuke sprintf, ok deraadt@
2119 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2121 remove confusing callback code
2122 - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
2125 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
2126 sync with netbsd tree changes.
2127 - more strict prototypes, include necessary headers
2128 - use paths.h/pathnames.h decls
2129 - size_t typecase to int -> u_long
2130 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
2132 fix size_t -> int cast (use u_long). markus ok
2133 - markus@cvs.openbsd.org 2001/02/07 22:43:16
2135 s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
2136 - itojun@cvs.openbsd.org 2001/02/09 9:04:59
2138 do not assume malloc() returns zero-filled region. found by
2140 - markus@cvs.openbsd.org 2001/02/08 22:35:30
2142 don't connect if batch_mode is true and stricthostkeychecking set to
2144 - djm@cvs.openbsd.org 2001/02/04 21:26:07
2147 - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
2149 enable sftp-server by default
2150 - deraadt 2001/02/07 8:57:26
2152 deal with new ANSI malloc stuff
2153 - markus@cvs.openbsd.org 2001/02/07 16:46:08
2156 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
2158 fix size_t -> int cast (use u_long). markus ok
2159 - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
2160 [serverloop.c sshconnect1.c]
2161 mitigate SSH1 traffic analysis - from Solar Designer
2162 <solar@openwall.com>, ok provos@
2163 - (bal) fixed sftp-client.c. Return 'status' instead of '0'
2164 (from the OpenBSD tree)
2165 - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
2166 - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
2167 - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
2168 - (bal) A bit more whitespace cleanup
2169 - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
2170 <abartlet@pcug.org.au>
2171 - (stevesk) misc.c: ssh.h not needed.
2172 - (stevesk) compat.c: more friendly cpp error
2173 - (stevesk) OpenBSD sync:
2174 - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
2176 typos and small cleanup; ok deraadt@
2179 - (djm) Sync sftp and scp stuff from OpenBSD:
2180 - djm@cvs.openbsd.org 2001/02/07 03:55:13
2182 Don't free handles before we are done with them. Based on work from
2183 Corinna Vinschen <vinschen@redhat.com>. ok markus@
2184 - djm@cvs.openbsd.org 2001/02/06 22:32:53
2186 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
2187 - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
2189 pretty up significantly
2190 - itojun@cvs.openbsd.org 2001/02/07 06:49:42
2192 .Bl-.El mismatch. markus ok
2193 - djm@cvs.openbsd.org 2001/02/07 06:12:30
2195 Check that target is a directory before doing ls; ok markus@
2196 - itojun@cvs.openbsd.org 2001/02/07 11:01:18
2197 [scp.c sftp-client.c sftp-server.c]
2198 unsigned long long -> %llu, not %qu. markus ok
2199 - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
2201 more man page cleanup and sync of help text with man page; ok markus@
2202 - markus@cvs.openbsd.org 2001/02/07 14:58:34
2204 older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
2205 - djm@cvs.openbsd.org 2001/02/07 15:27:19
2207 Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
2208 <roumen.petrov@skalasoft.com>
2209 - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
2211 portable; ok markus@
2212 - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
2214 lowercase cmds[].c also; ok markus@
2215 - markus@cvs.openbsd.org 2001/02/07 17:04:52
2216 [pathnames.h sftp.c]
2217 allow sftp over ssh protocol 1; ok djm@
2218 - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
2220 memory leak fix, and snprintf throughout
2221 - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
2224 - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
2225 [session.c sftp-client.c]
2227 - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
2230 - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
2231 [sftp-int.c pathnames.h]
2232 _PATH_LS; ok markus@
2233 - djm@cvs.openbsd.org 2001/02/09 04:46:25
2235 Check for NULL attribs for chown, chmod & chgrp operations, only send
2236 relevant attribs back to server; ok markus@
2237 - djm@cvs.openbsd.org 2001/02/06 15:05:25
2239 Use getopt to process commandline arguments
2240 - djm@cvs.openbsd.org 2001/02/06 15:06:21
2242 Wait for ssh subprocess at exit
2243 - djm@cvs.openbsd.org 2001/02/06 15:18:16
2245 stat target for remote chdir before doing chdir
2246 - djm@cvs.openbsd.org 2001/02/06 15:32:54
2248 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
2249 - provos@cvs.openbsd.org 2001/02/05 22:22:02
2251 cleanup get_pathname, fix pwd after failed cd. okay djm@
2252 - (djm) Update makefile.in for _PATH_SFTP_SERVER
2253 - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
2256 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
2257 <rjmooney@mediaone.net>
2258 - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
2259 main tree while porting forward. Pointed out by Lutz Jaenicke
2260 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2261 - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
2262 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2263 - (stevesk) OpenBSD sync:
2264 - markus@cvs.openbsd.org 2001/02/08 11:20:01
2267 - markus@cvs.openbsd.org 2001/02/08 11:15:22
2270 - markus@cvs.openbsd.org 2001/02/08 11:12:30
2273 - (djm) Update spec files
2274 - (bal) OpenBSD sync:
2275 - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
2277 memory leak fix, and snprintf throughout
2278 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2280 remove confusing callback code
2281 - (djm) Add CVS Id's to files that we have missed
2282 - (bal) OpenBSD Sync (more):
2283 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
2284 sync with netbsd tree changes.
2285 - more strict prototypes, include necessary headers
2286 - use paths.h/pathnames.h decls
2287 - size_t typecase to int -> u_long
2288 - markus@cvs.openbsd.org 2001/02/06 22:07:42
2290 fatal() if subsystem fails
2291 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2293 remove confusing callback code
2294 - jakob@cvs.openbsd.org 2001/02/06 23:03:24
2296 add -1 option (force protocol version 1). ok markus@
2297 - jakob@cvs.openbsd.org 2001/02/06 23:06:21
2299 reorder -{1,2,4,6} options. ok markus@
2300 - (bal) Missing 'const' in readpass.h
2301 - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
2302 - djm@cvs.openbsd.org 2001/02/06 23:30:28
2304 replace arc4random with counter for request ids; ok markus@
2305 - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
2306 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2309 - (djm) Don't delete external askpass program in make uninstall target.
2310 Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
2311 - (djm) Fix linking of sftp, don't need arc4random any more.
2312 - (djm) Try to use shell that supports "test -S" for EGD socket search.
2313 Based on patch from Tim Rice <tim@multitalents.net>
2316 - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
2317 seem lose track of it while in openbsd-compat/ (two confirmed reports)
2318 - (djm) Much KNF on PAM code
2319 - (djm) Revise auth-pam.c conversation function to be a little more
2321 - (djm) Revise kbd-int PAM conversation function to fold all text messages
2322 to before first prompt. Fixes hangs if last pam_message did not require
2324 - (djm) Fix password changing when using PAM kbd-int authentication
2327 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
2328 that don't have NGROUPS_MAX.
2329 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
2330 - (stevesk) OpenBSD sync:
2331 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
2332 [many files; did this manually to our top-level source dir]
2333 unexpand and remove end-of-line whitespace; ok markus@
2334 - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
2336 SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
2337 - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
2340 - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
2342 sort commands, so that abbreviations work as expected
2343 - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
2345 debugging sftp: precedence and missing break. chmod, chown, chgrp
2346 seem to be working now.
2347 - markus@cvs.openbsd.org 2001/02/04 14:41:21
2349 use base 8 for umask/chmod
2350 - markus@cvs.openbsd.org 2001/02/04 11:11:54
2353 - markus@cvs.openbsd.org 2001/02/04 08:10:44
2355 typo; dpo@club-internet.fr
2356 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
2357 [auth2.c authfd.c packet.c]
2358 remove duplicate #include's; ok markus@
2359 - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
2362 - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
2364 precedence; ok markus@
2365 - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
2367 make the alpha happy
2368 - markus@cvs.openbsd.org 2001/01/31 13:37:24
2369 [channels.c channels.h serverloop.c ssh.c]
2370 do not disconnect if local port forwarding fails, e.g. if port is
2372 - markus@cvs.openbsd.org 2001/02/01 14:58:09
2374 use ipaddr in channel messages, ietf-secsh wants this
2375 - markus@cvs.openbsd.org 2001/01/31 12:26:20
2377 ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
2378 messages; bug report from edmundo@rano.org
2379 - markus@cvs.openbsd.org 2001/01/31 13:48:09
2382 - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
2383 [sftp-client.c sftp-server.c]
2384 make gcc on the alpha even happier
2387 - (bal) I think this is the last of the bsd-*.h that don't belong.
2388 - (bal) Minor Makefile fix
2389 - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
2391 - (bal) Changed order of LIB="" in -with-skey due to library resolving.
2392 - (bal) next-posix.h changed to bsd-nextstep.h
2393 - (djm) OpenBSD CVS sync:
2394 - markus@cvs.openbsd.org 2001/02/03 03:08:38
2395 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
2396 [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
2398 make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
2399 - markus@cvs.openbsd.org 2001/02/03 03:19:51
2400 [ssh.1 sshd.8 sshd_config]
2401 Skey is now called ChallengeResponse
2402 - markus@cvs.openbsd.org 2001/02/03 03:43:09
2404 use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
2405 channel. note from Erik.Anggard@cygate.se (pr/1659)
2406 - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
2409 - djm@cvs.openbsd.org 2001/02/04 04:11:56
2410 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
2411 [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
2412 Basic interactive sftp client; ok theo@
2413 - (djm) Update RPM specs for new sftp binary
2414 - (djm) Update several bits for new optional reverse lookup stuff. I
2415 think I got them all.
2416 - (djm) Makefile.in fixes
2417 - (stevesk) add mysignal() wrapper and use it for the protocol 2
2419 - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
2422 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
2423 - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
2424 based file) to ensure #include space does not get confused.
2425 - (bal) Minor Makefile.in tweak. dirname may not exist on some
2426 platforms so builds fail. (NeXT being a well known one)
2429 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
2430 <vinschen@redhat.com>
2431 - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
2432 that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
2435 - (bal) Minor fix to Makefile to stop rebuilding executables if no
2436 changes have occured to any of the supporting code. Patch by
2437 Roumen Petrov <roumen.petrov@skalasoft.com>
2440 - (djm) OpenBSD CVS Sync:
2441 - djm@cvs.openbsd.org 2001/01/30 15:48:53
2443 Make warning message a little more consistent. ok markus@
2444 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
2445 Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
2447 - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
2449 - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
2450 openbsd-compat/. And resolve all ./configure and Makefile.in issues
2454 - (djm) OpenBSD CVS Sync:
2455 - markus@cvs.openbsd.org 2001/01/29 09:55:37
2456 [channels.c channels.h clientloop.c serverloop.c]
2457 fix select overflow; ok deraadt@ and stevesk@
2458 - markus@cvs.openbsd.org 2001/01/29 12:42:35
2459 [canohost.c canohost.h channels.c clientloop.c]
2460 add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
2461 - markus@cvs.openbsd.org 2001/01/29 12:47:32
2462 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
2463 handle rsa_private_decrypt failures; helps against the Bleichenbacher
2465 - djm@cvs.openbsd.org 2001/01/29 05:36:11
2467 Allow invocation of sybsystem by commandline (-s); ok markus@
2468 - (stevesk) configure.in: remove duplicate PROG_LS
2471 - (stevesk) sftp-server.c: use %lld vs. %qd
2474 - (bal) Put USE_PIPES back into sco3.2v5
2475 - (bal) OpenBSD Sync
2476 - markus@cvs.openbsd.org 2001/01/28 10:15:34
2478 re-keying is not supported; ok deraadt@
2479 - markus@cvs.openbsd.org 2001/01/28 10:24:04
2480 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
2481 cleanup AUTHORS sections
2482 - markus@cvs.openbsd.org 2001/01/28 10:37:26
2484 remove -Q, no longer needed
2485 - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
2487 ``StrictHostKeyChecking ask'' documentation and small cleanup.
2489 - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
2491 spelling. ok markus@
2492 - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
2494 use size_t for strlen() return. ok markus@
2495 - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
2497 spelling. use sizeof vs. strlen(). ok markus@
2498 - niklas@cvs.openbsd.org 2001/01/29 1:59:14
2499 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
2500 groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
2501 key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
2502 radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
2503 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
2504 sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
2506 - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
2509 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
2510 Petrov <roumen.petrov@skalasoft.com>
2511 - (bal) OpenBSD Sync
2512 - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
2514 call _exit() in signal handler
2517 - (djm) Sync bsd-* support files:
2518 - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
2519 [rresvport.c bindresvport.c]
2520 new bindresvport() semantics that itojun, shin, jean-luc and i have
2521 agreed on, which will be happy for the future. bindresvport_sa() for
2522 sockaddr *, too. docs later..
2523 - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
2525 in bindresvport(), if sin is non-NULL, example sin->sin_family for
2526 the actual family being processed
2527 - (djm) Mention PRNGd in documentation, it is nicer than EGD
2528 - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
2529 - (bal) AC_FUNC_STRFTIME added to autoconf
2530 - (bal) OpenBSD Resync
2531 - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
2533 missing freeaddrinfo(); ok markus@
2536 - (bal) OpenBSD Resync
2537 - markus@cvs.openbsd.org 2001/01/23 10:45:10
2540 - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
2541 - (bal) #ifdef around S_IFSOCK if platform does not support it.
2542 patch by Tim Rice <tim@multitalents.net>
2543 - (bal) fake-regex.h cleanup based on Tim Rice's patch.
2544 - (stevesk) sftp-server.c: fix chmod() mode mask
2547 - (bal) regexp.h typo in configure.in. Should have been regex.h
2548 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
2549 - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
2550 - (bal) OpenBSD Resync
2551 - markus@cvs.openbsd.org 2001/01/22 8:15:00
2552 [auth-krb4.c sshconnect1.c]
2553 only AFS needs radix.[ch]
2554 - markus@cvs.openbsd.org 2001/01/22 8:32:53
2556 no need to include; from mouring@etoh.eviladmin.org
2557 - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
2559 free() -> xfree(); ok markus@
2560 - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
2561 [sshconnect2.c sshd.c]
2562 fix memory leaks in SSH2 key exchange; ok markus@
2563 - markus@cvs.openbsd.org 2001/01/22 23:06:39
2564 [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
2565 sshconnect1.c sshconnect2.c sshd.c]
2566 rename skey -> challenge response.
2567 auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2571 - (bal) OpenBSD Resync
2572 - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
2573 [servconf.c ssh.h sshd.c]
2574 only auth-chall.c needs #ifdef SKEY
2575 - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
2576 [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
2577 auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
2578 packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
2579 session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
2580 ssh1.h sshconnect1.c sshd.c ttymodes.c]
2581 move ssh1 definitions to ssh1.h, pathnames to pathnames.h
2582 - markus@cvs.openbsd.org 2001/01/19 16:48:14
2584 fix typo; from stevesk@
2585 - markus@cvs.openbsd.org 2001/01/19 16:50:58
2587 clear and free digest, make consistent with other code (use dlen); from
2589 - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
2590 [auth-options.c auth-options.h auth-rsa.c auth2.c]
2591 pass the filename to auth_parse_options()
2592 - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
2594 fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
2595 - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
2597 dh_new_group() does not return NULL. ok markus@
2598 - markus@cvs.openbsd.org 2001/01/20 21:33:42
2600 do not loop forever if askpass does not exist; from
2601 andrew@pimlott.ne.mediaone.net
2602 - djm@cvs.openbsd.org 2001/01/20 23:00:56
2604 Check for NULL return from strdelim; ok markus
2605 - djm@cvs.openbsd.org 2001/01/20 23:02:07
2608 - jakob@cvs.openbsd.org 2001/01/21 9:00:33
2610 remove -R flag; ok markus@
2611 - markus@cvs.openbsd.org 2001/01/21 19:05:40
2612 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
2613 auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
2614 auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
2615 bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
2616 cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
2617 deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
2618 key.c key.h log-client.c log-server.c log.c log.h login.c login.h
2619 match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
2620 readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
2621 session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
2622 ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
2623 sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
2624 ttysmodes.c uidswap.c xmalloc.c]
2625 split ssh.h and try to cleanup the #include mess. remove unnecessary
2626 #includes. rename util.[ch] -> misc.[ch]
2627 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
2628 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
2629 conflict when compiling for non-kerb install
2630 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
2634 - (bal) OpenBSD Resync
2635 - markus@cvs.openbsd.org 2001/01/19 12:45:26
2636 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
2637 only auth-chall.c needs #ifdef SKEY
2638 - (bal) Slight auth2-pam.c clean up.
2639 - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
2640 but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
2643 - (djm) Update versions in RPM specfiles
2644 - (bal) OpenBSD Resync
2645 - markus@cvs.openbsd.org 2001/01/18 16:20:21
2646 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
2648 log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
2650 - markus@cvs.openbsd.org 2001/01/18 16:59:59
2651 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
2652 session.h sshconnect1.c]
2653 1) removes fake skey from sshd, since this will be much
2654 harder with /usr/libexec/auth/login_XXX
2655 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
2656 3) make addition of BSD_AUTH and other challenge reponse methods
2658 - markus@cvs.openbsd.org 2001/01/18 17:12:43
2659 [auth-chall.c auth2-chall.c]
2660 rename *-skey.c *-chall.c since the files are not skey specific
2661 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
2662 to fix NULL pointer deref and fake authloop breakage in PAM code.
2663 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
2664 - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
2667 - (bal) Super Sized OpenBSD Resync
2668 - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
2671 - markus@cvs.openbsd.org 2001/01/13 17:59:18
2673 small ssh-keygen manpage cleanup; stevesk@pobox.com
2674 - markus@cvs.openbsd.org 2001/01/13 18:03:07
2675 [scp.c ssh-keygen.c sshd.c]
2676 getopt() returns -1 not EOF; stevesk@pobox.com
2677 - markus@cvs.openbsd.org 2001/01/13 18:06:54
2679 use SSH_DEFAULT_PORT; from stevesk@pobox.com
2680 - markus@cvs.openbsd.org 2001/01/13 18:12:47
2682 free() -> xfree(); fix memory leak; from stevesk@pobox.com
2683 - markus@cvs.openbsd.org 2001/01/13 18:14:13
2685 typo, from stevesk@sweden.hp.com
2686 - markus@cvs.openbsd.org 2001/01/13 18:32:50
2687 [packet.c session.c ssh.c sshconnect.c sshd.c]
2688 split out keepalive from packet_interactive (from dale@accentre.com)
2689 set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
2690 - markus@cvs.openbsd.org 2001/01/13 18:36:45
2693 - markus@cvs.openbsd.org 2001/01/13 18:38:00
2696 - markus@cvs.openbsd.org 2001/01/13 18:43:31
2699 - markus@cvs.openbsd.org 2001/01/13 19:14:08
2700 [clientloop.h clientloop.c ssh.c]
2701 move callback to headerfile
2702 - markus@cvs.openbsd.org 2001/01/15 21:40:10
2704 use log() instead of stderr
2705 - markus@cvs.openbsd.org 2001/01/15 21:43:51
2707 use error() not stderr!
2708 - markus@cvs.openbsd.org 2001/01/15 21:45:29
2710 rename must fail if newpath exists, debug off by default
2711 - markus@cvs.openbsd.org 2001/01/15 21:46:38
2713 readable long listing for sftp-server, ok deraadt@
2714 - markus@cvs.openbsd.org 2001/01/16 19:20:06
2716 make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
2717 galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
2718 since they are in the wrong format, too. they must be removed from
2719 .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
2720 (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
2721 .ssh/authorized_keys2) additionally, we now check that
2722 BN_num_bits(rsa->n) >= 768.
2723 - markus@cvs.openbsd.org 2001/01/16 20:54:27
2725 remove some statics. simpler handles; idea from nisse@lysator.liu.se
2726 - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
2727 [bufaux.c radix.c sshconnect.h sshconnect1.c]
2729 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
2730 be missing such feature.
2734 - (djm) Only write random seed file at exit
2735 - (djm) Make PAM support optional, enable with --with-pam
2736 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
2737 provides a crypt() of its own)
2738 - (djm) Avoid a warning in bsd-bindresvport.c
2739 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
2740 can cause weird segfaults errors on Solaris
2741 - (djm) Avoid warning in PAM code by making read_passphrase arguments const
2742 - (djm) Add --with-pam to RPM spec files
2745 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
2746 - (bal) utimes() support via utime() interface on machine that lack utimes().
2749 - (stevesk) initial work for OpenBSD "support supplementary group in
2750 {Allow,Deny}Groups" patch:
2751 - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
2752 - add bsd-getgrouplist.h
2753 - new files groupaccess.[ch]
2754 - build but don't use yet (need to merge auth.c changes)
2755 - (stevesk) complete:
2756 - markus@cvs.openbsd.org 2001/01/13 11:56:48
2758 support supplementary group in {Allow,Deny}Groups
2759 from stevesk@pobox.com
2762 - (bal) OpenBSD Sync
2763 - markus@cvs.openbsd.org 2001/01/10 22:56:22
2764 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
2765 cleanup sftp-server implementation:
2766 add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
2767 parse SSH2_FILEXFER_ATTR_EXTENDED
2768 send SSH2_FX_EOF if readdir returns no more entries
2769 reply to SSH2_FXP_EXTENDED message
2770 use #defines from the draft
2771 move #definations to sftp.h
2773 http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
2774 - markus@cvs.openbsd.org 2001/01/10 19:43:20
2776 XXX - generate_empheral_server_key() is not safe against races,
2777 because it calls log()
2778 - markus@cvs.openbsd.org 2001/01/09 21:19:50
2780 allow TCP_NDELAY for ipv6; from netbsd via itojun@
2783 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
2784 Bladt Norbert <Norbert.Bladt@adi.ch>
2787 - (bal) Resync CVS ID of cli.c
2788 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
2790 - (bal) OpenBSD Sync
2791 - markus@cvs.openbsd.org 2001/01/08 22:29:05
2792 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
2793 sshd_config version.h]
2794 implement option 'Banner /etc/issue.net' for ssh2, move version to
2795 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
2797 - markus@cvs.openbsd.org 2001/01/08 22:03:23
2798 [channels.c ssh-keyscan.c]
2799 O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
2800 - markus@cvs.openbsd.org 2001/01/08 21:55:41
2802 more cleanups and fixes from stevesk@pobox.com:
2803 1) try_agent_authentication() for loop will overwrite key just
2804 allocated with key_new(); don't alloc
2805 2) call ssh_close_authentication_connection() before exit
2806 try_agent_authentication()
2807 3) free mem on bad passphrase in try_rsa_authentication()
2808 - markus@cvs.openbsd.org 2001/01/08 21:48:17
2810 missing free; thanks stevesk@pobox.com
2811 - (bal) Detect if clock_t structure exists, if not define it.
2812 - (bal) Detect if O_NONBLOCK exists, if not define it.
2813 - (bal) removed news4-posix.h (now empty)
2814 - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
2816 - (stevesk) sshd_config: sync
2817 - (stevesk) defines.h: remove spurious ``;''
2820 - (bal) Fixed another typo in cli.c
2821 - (bal) OpenBSD Sync
2822 - markus@cvs.openbsd.org 2001/01/07 21:26:55
2825 - markus@cvs.openbsd.org 2001/01/07 21:26:55
2827 missing free, stevesk@pobox.com
2828 - markus@cvs.openbsd.org 2001/01/07 19:06:25
2830 missing free, stevesk@pobox.com
2831 - markus@cvs.openbsd.org 2001/01/07 11:28:04
2832 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
2833 ssh.h sshd.8 sshd.c]
2834 rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
2835 syslog priority changes:
2836 fatal() LOG_ERR -> LOG_CRIT
2837 log() LOG_INFO -> LOG_NOTICE
2841 - (bal) OpenBSD Sync
2842 - markus@cvs.openbsd.org 2001/01/06 11:23:27
2845 - itojun@cvs.openbsd.org 2001/01/05 08:23:29
2848 - markus@cvs.openbsd.org 2001/01/04 22:41:03
2849 [session.c sshconnect.c]
2850 consistent use of _PATH_BSHELL; from stevesk@pobox.com
2851 - djm@cvs.openbsd.org 2001/01/04 22:35:32
2853 Mention AES as available SSH2 Cipher; ok markus
2854 - markus@cvs.openbsd.org 2001/01/04 22:25:58
2856 sync usage()/man with defaults; from stevesk@pobox.com
2857 - markus@cvs.openbsd.org 2001/01/04 22:21:26
2859 handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
2860 that prints a banner (e.g. /etc/issue.net)
2863 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
2864 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
2867 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
2868 work by Chris Vaughan <vaughan99@yahoo.com>
2871 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
2872 tree (mainly positioning)
2873 - (bal) OpenSSH CVS Update
2874 - markus@cvs.openbsd.org 2001/01/02 20:41:02
2876 log remote ip on disconnect; PR 1600 from jcs@rt.fm
2877 - markus@cvs.openbsd.org 2001/01/02 20:50:56
2879 strict_host_key_checking for host_status != HOST_CHANGED &&
2880 ip_status == HOST_CHANGED
2881 - (bal) authfile.c: Synced CVS ID tag
2882 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
2883 - (bal) Disable sftp-server if no 64bit int support exists. Based on
2884 patch by Tim Rice <tim@multitalents.net>
2885 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
2886 and sftp-server.8 manpage.
2889 - (bal) OpenBSD CVS Update
2890 - markus@cvs.openbsd.org 2001/01/01 14:52:49
2892 use shared fatal(); from stevesk@pobox.com
2895 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
2896 for multiple reasons.
2897 - (bal) Reverted out of a partial NeXT patch.
2900 - (bal) OpenBSD CVS Update
2901 - markus@cvs.openbsd.org 2000/12/28 18:58:30
2903 enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
2904 - markus@cvs.openbsd.org 2000/12/29 22:19:13
2906 missing xfree; from vaughan99@yahoo.com
2907 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
2908 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
2909 Suggested by Christian Kurz <shorty@debian.org>
2910 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
2911 don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
2912 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2915 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
2916 Kurz <shorty@debian.org>
2917 - (bal) OpenBSD CVS Update
2918 - markus@cvs.openbsd.org 2000/12/28 14:25:51
2920 count authentication failures only
2921 - markus@cvs.openbsd.org 2000/12/28 14:25:03
2923 fingerprint for MITM attacks, too.
2924 - markus@cvs.openbsd.org 2000/12/28 12:03:57
2927 - markus@cvs.openbsd.org 2000/12/27 14:19:21
2930 - markus@cvs.openbsd.org 2000/12/27 12:34
2931 [auth1.c sshconnect2.c sshd.c]
2933 - markus@cvs.openbsd.org 2000/12/27 12:30:19
2934 [readconf.c readconf.h ssh.1 sshconnect.c]
2935 new option: HostKeyAlias: allow the user to record the host key
2936 under a different name. This is useful for ssh tunneling over
2937 forwarded connections or if you run multiple sshd's on different
2938 ports on the same machine.
2939 - markus@cvs.openbsd.org 2000/12/27 11:51:53
2941 multiple -t force pty allocation, document ORIGINAL_COMMAND
2942 - markus@cvs.openbsd.org 2000/12/27 11:41:31
2945 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
2949 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
2950 libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
2951 - (djm) Update to new x11-askpass in RPM spec
2952 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
2953 header. Patch by Tim Rice <tim@multitalents.net>
2954 - Updated TODO w/ known HP/UX issue
2955 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
2956 bad reference to 'NeXT including it else were' on the #ifdef version.
2959 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
2960 Takumi Yamane <yamtak@b-session.com>
2961 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
2962 by Corinna Vinschen <vinschen@redhat.com>
2963 - (djm) Fix catman-do target for non-bash
2964 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
2965 Takumi Yamane <yamtak@b-session.com>
2966 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
2967 by Corinna Vinschen <vinschen@redhat.com>
2968 - (djm) Fix catman-do target for non-bash
2969 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
2970 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
2972 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
2973 the info in COPYING.Ylonen has been moved to the start of each
2974 SSH1-derived file and README.Ylonen is well out of date.
2977 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
2978 if a change to config.h has occurred. Suggested by Gert Doering
2979 <gert@greenie.muc.de>
2980 - (bal) OpenBSD CVS Update:
2981 - markus@cvs.openbsd.org 2000/12/22 16:49:40
2983 fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
2986 - Updated RCSID for pty.c
2987 - (bal) OpenBSD CVS Updates:
2988 - markus@cvs.openbsd.org 2000/12/21 15:10:16
2989 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
2990 print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
2991 - markus@cvs.openbsd.org 2000/12/20 19:26:56
2993 allow ssh -i userkey for root
2994 - markus@cvs.openbsd.org 2000/12/20 19:37:21
2995 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
2996 fix prototypes; from stevesk@pobox.com
2997 - markus@cvs.openbsd.org 2000/12/20 19:32:08
2999 init pointer to NULL; report from Jan.Ivan@cern.ch
3000 - markus@cvs.openbsd.org 2000/12/19 23:17:54
3001 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
3002 auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
3003 bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
3004 crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
3005 key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
3006 packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
3007 serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
3008 ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
3009 uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
3010 replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
3011 unsigned' with u_char.
3014 - (stevesk) OpenBSD CVS updates:
3015 - markus@cvs.openbsd.org 2000/12/19 15:43:45
3016 [authfile.c channels.c sftp-server.c ssh-agent.c]
3017 remove() -> unlink() for consistency
3018 - markus@cvs.openbsd.org 2000/12/19 15:48:09
3020 replace <ssl/x.h> with <openssl/x.h>
3021 - markus@cvs.openbsd.org 2000/12/17 02:33:40
3023 typo; from wsanchez@apple.com
3026 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
3027 and Linux-PAM. Based on report and fix from Andrew Morgan
3028 <morgan@transmeta.com>
3031 - (stevesk) rsa.c: entropy.h not needed.
3032 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
3033 Suggested by Wilfredo Sanchez <wsanchez@apple.com>
3036 - (stevesk) OpenBSD CVS updates:
3037 - markus@cvs.openbsd.org 2000/12/16 02:53:57
3039 allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
3040 - markus@cvs.openbsd.org 2000/12/16 02:39:57
3042 unused; from stevesk@pobox.com
3045 - (stevesk) Old OpenBSD patch wasn't completely applied:
3046 - markus@cvs.openbsd.org 2000/01/24 22:11:20
3048 allow '.' in usernames; from jedgar@fxp.org
3049 - (stevesk) OpenBSD CVS updates:
3050 - markus@cvs.openbsd.org 2000/12/13 16:26:53
3052 fatal already adds \n; from stevesk@pobox.com
3053 - markus@cvs.openbsd.org 2000/12/13 16:25:44
3055 remove redundant spaces; from stevesk@pobox.com
3056 - ho@cvs.openbsd.org 2000/12/12 15:50:21
3058 When failing to set tty owner and mode on a read-only filesystem, don't
3059 abort if the tty already has correct owner and reasonably sane modes.
3060 Example; permit 'root' to login to a firewall with read-only root fs.
3062 - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
3065 - markus@cvs.openbsd.org 2000/12/12 14:45:21
3067 source port < 1024 is no longer required for rhosts-rsa since it
3068 adds no additional security.
3069 - markus@cvs.openbsd.org 2000/12/12 16:11:49
3071 rhosts-rsa is no longer automagically disabled if ssh is not privileged.
3072 UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
3073 these changes should not change the visible default behaviour of the ssh client.
3074 - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
3076 when copying 0-sized files, do not re-print ETA time at completion
3077 - provos@cvs.openbsd.org 2000/12/15 10:30:15
3078 [kex.c kex.h sshconnect2.c sshd.c]
3079 compute diffie-hellman in parallel between server and client. okay markus@
3082 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
3083 from Andreas M. Kirchwitz <amk@krell.zikzak.de>
3084 - (stevesk) OpenBSD CVS update:
3085 - markus@cvs.openbsd.org 2000/12/12 15:30:02
3086 [ssh-keyscan.c ssh.c sshd.c]
3087 consistently use __progname; from stevesk@pobox.com
3090 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
3091 patch to install ssh-keyscan manpage. Patch by Pekka Savola
3093 - (bal) OpenbSD CVS update
3094 - markus@cvs.openbsd.org 2000/12/10 17:01:53
3096 always request new challenge for skey/tis-auth, fixes interop with
3097 other implementations; report from roth@feep.net
3100 - (bal) OpenBSD CVS updates
3101 - markus@cvs.openbsd.org 2000/12/09 13:41:51
3102 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
3103 undo rijndael changes
3104 - markus@cvs.openbsd.org 2000/12/09 13:48:31
3106 fix byte order bug w/o introducing new implementation
3107 - markus@cvs.openbsd.org 2000/12/09 14:08:27
3109 "" -> "." for realpath; from vinschen@redhat.com
3110 - markus@cvs.openbsd.org 2000/12/09 14:06:54
3112 extern int optind; from stevesk@sweden.hp.com
3113 - provos@cvs.openbsd.org 2000/12/09 23:51:11
3115 remove unnecessary '\n'
3118 - (bal) OpenBSD CVS updates:
3119 - djm@cvs.openbsd.org 2000/12/07 4:24:59
3121 Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
3124 - (bal) OpenBSD CVS updates:
3125 - markus@cvs.openbsd.org 2000/12/06 22:58:14
3126 [compat.c compat.h packet.c]
3127 disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
3128 - markus@cvs.openbsd.org 2000/12/06 23:10:39
3131 - markus@cvs.openbsd.org 2000/12/06 23:05:43
3132 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
3133 new rijndael implementation. fixes endian bugs
3136 - (bal) OpenBSD CVS updates:
3137 - markus@cvs.openbsd.org 2000/12/05 20:34:09
3138 [channels.c channels.h clientloop.c serverloop.c]
3139 async connects for -R/-L; ok deraadt@
3140 - todd@cvs.openssh.org 2000/12/05 16:47:28
3142 tweak comment to reflect real location of pid file; ok provos@
3143 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
3144 have it (used in ssh-keyscan).
3145 - (stevesk) OpenBSD CVS update:
3146 - markus@cvs.openbsd.org 2000/12/06 19:57:48
3148 err(3) -> internal error(), from stevesk@sweden.hp.com
3151 - (bal) OpenBSD CVS updates:
3152 - markus@cvs.openbsd.org 2000/12/04 19:24:02
3153 [ssh-keyscan.c ssh-keyscan.1]
3154 David Maziere's ssh-keyscan, ok niels@
3155 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
3156 to the recent OpenBSD source tree.
3157 - (stevesk) fix typos in contrib/hpux/README
3160 - (bal) More C functions defined in NeXT that are unaccessable without
3162 - (bal) OpenBSD CVS updates:
3163 - markus@cvs.openbsd.org 2000/12/03 11:29:04
3165 remove fallback to SSH_BUG_HMAC now that the drafts are updated
3166 - markus@cvs.openbsd.org 2000/12/03 11:27:55
3168 correctly match "2.1.0.pl2 SSH" etc; from
3169 pekkas@netcore.fi/bugzilla.redhat
3170 - markus@cvs.openbsd.org 2000/12/03 11:15:03
3171 [auth2.c compat.c compat.h sshconnect2.c]
3172 support f-secure/ssh.com 2.0.12; ok niels@
3175 - (bal) OpenBSD CVS updates:
3176 - markus@cvs.openbsd.org 2000/11/30 22:54:31
3178 debug->warn if tried to do -R style fwd w/o client requesting this;
3180 - markus@cvs.openbsd.org 2000/11/29 20:39:17
3182 des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
3183 - markus@cvs.openbsd.org 2000/11/30 18:33:05
3185 agents must not dump core, ok niels@
3186 - markus@cvs.openbsd.org 2000/11/30 07:04:02
3188 T is for both protocols
3189 - markus@cvs.openbsd.org 2000/12/01 00:00:51
3191 typo; from green@FreeBSD.org
3192 - markus@cvs.openbsd.org 2000/11/30 07:02:35
3194 check -T before isatty()
3195 - provos@cvs.openbsd.org 2000/11/29 13:51:27
3197 show IP address and hostname when new key is encountered. okay markus@
3198 - markus@cvs.openbsd.org 2000/11/30 22:53:35
3200 disable agent/x11/port fwding if hostkey has changed; ok niels@
3201 - marksu@cvs.openbsd.org 2000/11/29 21:11:59
3203 sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
3204 from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
3205 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
3206 PAM authentication using KbdInteractive.
3207 - (djm) Added another TODO
3210 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
3211 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
3212 <mstone@cs.loyola.edu>
3215 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
3216 if there are background children with open fds.
3217 - (djm) bsd-rresvport.c bzero -> memset
3218 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
3219 still fail during compilation of sftp-server).
3220 - (djm) Fail if ar is not found during configure
3221 - (djm) OpenBSD CVS updates:
3222 - provos@cvs.openbsd.org 2000/11/22 08:38:31
3224 talk about /etc/primes, okay markus@
3225 - markus@cvs.openbsd.org 2000/11/23 14:03:48
3226 [ssh.c sshconnect1.c sshconnect2.c]
3227 complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
3229 - markus@cvs.openbsd.org 2000/11/25 09:42:53
3231 reorder check for illegal ciphers, bugreport from espie@
3232 - markus@cvs.openbsd.org 2000/11/25 10:19:34
3233 [ssh-keygen.c ssh.h]
3234 print keytype when generating a key.
3235 reasonable defaults for RSA1/RSA/DSA keys.
3236 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
3237 more manpage paths in fixpaths calls
3238 - (djm) Also add xauth path at Pekka's suggestion.
3239 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
3242 - (djm) Give up privs when reading seed file
3245 - (bal) Merge OpenBSD changes:
3246 - markus@cvs.openbsd.org 2000/11/15 22:31:36
3248 case insensitive key options; from stevesk@sweeden.hp.com
3249 - markus@cvs.openbsd.org 2000/11/16 17:55:43
3251 do not use perror() in sshd, after child is forked()
3252 - markus@cvs.openbsd.org 2000/11/14 23:42:40
3254 parse option only if key matches; fix some confusing seen by the client
3255 - markus@cvs.openbsd.org 2000/11/14 23:44:19
3257 check no_agent_forward_flag for ssh-2, too
3258 - markus@cvs.openbsd.org 2000/11/15
3260 reorder SYNOPSIS; typo, use .It
3261 - markus@cvs.openbsd.org 2000/11/14 23:48:55
3263 do not reorder keys if a key is removed
3264 - markus@cvs.openbsd.org 2000/11/15 19:58:08
3266 just ignore non existing user keys
3267 - millert@cvs.openbsd.org 200/11/15 20:24:43
3269 Add missing \n at end of error message.
3272 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
3274 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
3277 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
3278 has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
3279 - (stevesk) Reworked progname support.
3280 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
3281 Shinichi Maruyama <marya@st.jip.co.jp>
3284 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
3286 - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
3290 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
3292 - (djm) Merge OpenBSD changes:
3293 - markus@cvs.openbsd.org 2000/11/06 16:04:56
3294 [channels.c channels.h clientloop.c nchan.c serverloop.c]
3296 agent forwarding and -R for ssh2, based on work from
3297 jhuuskon@messi.uku.fi
3298 - markus@cvs.openbsd.org 2000/11/06 16:13:27
3299 [ssh.c sshconnect.c sshd.c]
3300 do not disabled rhosts(rsa) if server port > 1024; from
3302 - markus@cvs.openbsd.org 2000/11/06 16:16:35
3304 downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
3305 - markus@cvs.openbsd.org 2000/11/09 18:04:40
3307 typo; from mouring@pconline.com
3308 - markus@cvs.openbsd.org 2000/11/12 12:03:28
3310 off-by-one when removing a key from the agent
3311 - markus@cvs.openbsd.org 2000/11/12 12:50:39
3312 [auth-rh-rsa.c auth2.c authfd.c authfd.h]
3313 [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
3314 [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
3315 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
3316 [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
3317 [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
3318 add support for RSA to SSH2. please test.
3319 there are now 3 types of keys: RSA1 is used by ssh-1 only,
3320 RSA and DSA are used by SSH2.
3321 you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
3322 keys for SSH2 and use the RSA keys for hostkeys or for user keys.
3323 SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
3324 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
3325 - (djm) Change to interim version
3326 - (djm) Fix RPM spec file stupidity
3327 - (djm) fixpaths to DSA and RSA keys too
3330 - (bal) SCO Patch to add needed libraries for configure.in. Patch by
3331 Phillips Porch <root@theporch.com>
3332 - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
3334 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
3335 failed ioctl(TIOCSCTTY) call.
3338 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
3340 - (djm) Fix new Makefile.in warnings
3341 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
3342 promoted to type int. Report and fix from Dan Astoorian
3343 <djast@cs.toronto.edu>
3344 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
3345 it wrong. Report from Bennett Todd <bet@rahul.net>
3348 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
3349 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
3350 - (bal) Added in check to verify S/Key library is being detected in
3352 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
3353 Patch by Mark Miller <markm@swoon.net>
3354 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
3355 to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
3356 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
3359 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
3360 Mark Miller <markm@swoon.net>
3361 - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
3362 Jarno Huuskonen <jhuuskon@messi.uku.fi>
3363 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
3364 Mark D. Roth <roth@feep.net>
3367 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
3368 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
3369 - (djm) Remove UPGRADING document in favour of a link to the better
3370 maintained FAQ on www.openssh.com
3371 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
3373 - (djm) Don't need X11-askpass in RPM spec file if building without it
3374 from Pekka Savola <pekkas@netcore.fi>
3375 - (djm) Release 2.3.0p1
3376 - (bal) typo in configure.in in regards to --with-ldflags from Marko
3377 Asplund <aspa@kronodoc.fi>
3378 - (bal) fixed next-posix.h. Forgot prototype of getppid().
3381 - (bal) Sync with OpenBSD:
3382 - markus@cvs.openbsd.org 2000/10/31 9:31:58
3384 handle all old openssh versions
3385 - markus@cvs.openbsd.org 2000/10/31 13:1853
3387 so that large packets do not wrap "n"; from netbsd
3388 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
3389 - (bal) auth2-skey.c - Checked in. Missing from portable tree.
3390 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
3391 setsid() into more common files
3392 - (stevesk) pty.c: use __hpux to identify HP-UX.
3393 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
3397 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
3398 - (stevesk) Create contrib/cygwin/ directory; patch from
3399 Corinna Vinschen <vinschen@redhat.com>
3400 - (bal) Resolved more $xno and $xyes issues in configure.in
3401 - (bal) next-posix.h - spelling and forgot a prototype
3404 - (djm) fix select hack in serverloop.c from Philippe WILLEM
3405 <Philippe.WILLEM@urssaf.fr>
3406 - (djm) Fix mangled AIXAUTHENTICATE code
3407 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
3408 <markus.friedl@informatik.uni-erlangen.de>
3409 - (djm) Sync with OpenBSD:
3410 - markus@cvs.openbsd.org 2000/10/16 15:46:32
3412 fixes from pekkas@netcore.fi
3413 - markus@cvs.openbsd.org 2000/10/17 14:28:11
3415 return number of characters processed; ok deraadt@
3416 - markus@cvs.openbsd.org 2000/10/18 12:04:02
3419 - markus@cvs.openbsd.org 2000/10/18 12:23:02
3421 replace atomicio(read,...) with read(); ok deraadt@
3422 - markus@cvs.openbsd.org 2000/10/18 12:42:00
3424 restore old record login behaviour
3425 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
3427 fmt string problem in unused code
3428 - provos@cvs.openbsd.org 2000/10/19 10:45:16
3430 don't reference freed memory. okay deraadt@
3431 - markus@cvs.openbsd.org 2000/10/21 11:04:23
3433 typo, eramore@era-t.ericsson.se; ok niels@
3434 - markus@cvs.openbsd.org 2000/10/23 13:31:55
3436 non-alignment dependent swap_bytes(); from
3437 simonb@wasabisystems.com/netbsd
3438 - markus@cvs.openbsd.org 2000/10/26 12:38:28
3440 add older vandyke products
3441 - markus@cvs.openbsd.org 2000/10/27 01:32:19
3442 [channels.c channels.h clientloop.c serverloop.c session.c]
3444 enable non-blocking IO on channels, and tty's (except for the
3448 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
3451 - (djm) Added WARNING.RNG file and modified configure to ask users of the
3452 builtin entropy code to read it.
3453 - (djm) Prefer builtin regex to PCRE.
3454 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
3455 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
3459 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
3460 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
3461 is more correct then current version.
3464 - (stevesk) Add initial support for setproctitle(). Current
3465 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
3466 - (stevesk) Add egd startup scripts to contrib/hpux/
3469 - (djm) Add -lregex to cywin libs from Corinna Vinschen
3470 <vinschen@cygnus.com>
3471 - (djm) Don't rely on atomicio's retval to determine length of askpass
3472 supplied passphrase. Problem report from Lutz Jaenicke
3473 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3474 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
3475 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
3476 <nakaji@tutrp.tut.ac.jp>
3479 - (djm) Sync with OpenBSD:
3480 - markus@cvs.openbsd.org 2000/10/14 04:01:15
3483 - markus@cvs.openbsd.org 2000/10/14 04:07:23
3485 remove spaces from arguments; from djm@mindrot.org
3486 - markus@cvs.openbsd.org 2000/10/14 06:09:46
3488 Cipher is for SSH-1 only
3489 - markus@cvs.openbsd.org 2000/10/14 06:12:09
3490 [servconf.c servconf.h serverloop.c session.c sshd.8]
3491 AllowTcpForwarding; from naddy@
3492 - markus@cvs.openbsd.org 2000/10/14 06:16:56
3493 [auth2.c compat.c compat.h sshconnect2.c version.h]
3494 OpenSSH_2.3; note that is is not complete, but the version number
3495 needs to be changed for interoperability reasons
3496 - markus@cvs.openbsd.org 2000/10/14 06:19:45
3498 do not send RSA challenge if key is not allowed by key-options; from
3500 - markus@cvs.openbsd.org 2000/10/15 08:14:01
3501 [rijndael.c session.c]
3502 typos; from stevesk@sweden.hp.com
3503 - markus@cvs.openbsd.org 2000/10/15 08:18:31
3506 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
3508 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
3510 - (djm) Update version in Redhat spec file
3511 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
3512 Redhat 7.0 spec file
3513 - (djm) Make inability to read/write PRNG seedfile non-fatal
3517 - (djm) Fix ssh2 hang on background processes at logout.
3520 - (bal) Add support for realpath and getcwd for platforms with broken
3521 or missing realpath implementations for sftp-server.
3522 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
3523 - (bal) Add support for GNU rx library for those lacking regexp support
3524 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
3525 - (djm) Revert SSH2 serverloop hack, will find a better way.
3526 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
3527 from Martin Johansson <fatbob@acc.umu.se>
3528 - (djm) Big OpenBSD sync:
3529 - markus@cvs.openbsd.org 2000/09/30 10:27:44
3531 allow loglevel debug
3532 - markus@cvs.openbsd.org 2000/10/03 11:59:57
3535 - markus@cvs.openbsd.org 2000/10/03 12:03:03
3536 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
3537 move fake-auth from auth1.c to individual auth methods, disables s/key in
3539 - markus@cvs.openbsd.org 2000/10/03 12:16:48
3541 do not resolve canonname, i have no idea why this was added oin ossh
3542 - markus@cvs.openbsd.org 2000/10/09 15:30:44
3543 ssh-keygen.1 ssh-keygen.c
3544 -X now reads private ssh.com DSA keys, too.
3545 - markus@cvs.openbsd.org 2000/10/09 15:32:34
3547 clear options on every call.
3548 - markus@cvs.openbsd.org 2000/10/09 15:51:00
3550 interop with ssh-agent2, from <res@shore.net>
3551 - markus@cvs.openbsd.org 2000/10/10 14:20:45
3553 use rexexp for version string matching
3554 - provos@cvs.openbsd.org 2000/10/10 22:02:18
3555 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
3556 First rough implementation of the diffie-hellman group exchange. The
3557 client can ask the server for bigger groups to perform the diffie-hellman
3558 in, thus increasing the attack complexity when using ciphers with longer
3559 keys. University of Windsor provided network, T the company.
3560 - markus@cvs.openbsd.org 2000/10/11 13:59:52
3561 [auth-rsa.c auth2.c]
3562 clear auth options unless auth sucessfull
3563 - markus@cvs.openbsd.org 2000/10/11 14:00:27
3565 clear auth options unless auth sucessfull
3566 - markus@cvs.openbsd.org 2000/10/11 14:03:27
3568 support 'scp -o' with help from mouring@pconline.com
3569 - markus@cvs.openbsd.org 2000/10/11 14:11:35
3572 - markus@cvs.openbsd.org 2000/10/11 14:14:40
3573 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
3574 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
3575 add support for s/key (kbd-interactive) to ssh2, based on work by
3576 mkiernan@avantgo.com and me
3577 - markus@cvs.openbsd.org 2000/10/11 14:27:24
3578 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
3579 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
3580 [sshconnect2.c sshd.c]
3581 new cipher framework
3582 - markus@cvs.openbsd.org 2000/10/11 14:45:21
3585 - markus@cvs.openbsd.org 2000/10/12 03:59:20
3586 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
3587 enable DES in SSH-1 clients only
3588 - markus@cvs.openbsd.org 2000/10/12 08:21:13
3591 - markus@cvs.openbsd.org 2000/10/13 12:34:46
3593 Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
3594 - markus@cvs.openbsd.org 2000/10/13 12:59:15
3595 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
3596 rijndael/aes support
3597 - markus@cvs.openbsd.org 2000/10/13 13:10:54
3600 - markus@cvs.openbsd.org 2000/10/13 13:12:02
3602 prefer no compression
3603 - (djm) Fix scp user@host handling
3604 - (djm) Don't clobber ssh_prng_cmds on install
3605 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
3606 u_intXX_t types on all platforms.
3607 - (stevesk) rijndael.c: cleanup missing declaration warnings.
3608 - (stevesk) ~/.hushlogin shouldn't cause required password change to
3610 - (stevesk) Display correct path to ssh-askpass in configure output.
3611 Report from Lutz Jaenicke.
3614 - (stevesk) Print PAM return value in PAM log messages to aid
3616 - (stevesk) Fix detection of pw_class struct member in configure;
3617 patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
3620 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
3621 - (djm) Add host system and CC to end-of-configure report. Suggested by
3622 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3625 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
3628 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
3629 - (djm) Support in bsd-snprintf.c for long long conversions from
3630 Ben Lindstrom <mouring@pconline.com>
3631 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
3632 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
3633 very short lived X connections. Bug report from Tobias Oetiker
3634 <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
3635 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
3636 patch from Pekka Savola <pekkas@netcore.fi>
3637 - (djm) Forgot to cvs add LICENSE file
3638 - (djm) Add LICENSE to RPM spec files
3639 - (djm) CVS OpenBSD sync:
3640 - markus@cvs.openbsd.org 2000/09/26 13:59:59
3643 - markus@cvs.openbsd.org 2000/09/27 15:41:34
3644 [auth2.c sshconnect2.c]
3646 - markus@cvs.openbsd.org 2000/09/28 12:03:18
3648 debug -> debug2 cleanup
3649 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
3650 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
3651 <Alain.St-Denis@ec.gc.ca>
3652 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
3653 Problem was caused by interrupted read in ssh-add. Report from Donald
3654 J. Barry <don@astro.cornell.edu>
3657 - (djm) Fix SSH2 not terminating until all background tasks done problem.
3658 - (djm) Another off-by-one fix from Pavel Kankovsky
3659 <peak@argo.troja.mff.cuni.cz>
3660 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
3661 tidy necessary differences. Use Markus' new debugN() in entropy.c
3662 - (djm) Merged big SCO portability patch from Tim Rice
3663 <tim@multitalents.net>
3666 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
3667 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
3668 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
3669 Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
3672 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
3673 - (djm) A bit more cleanup - created cygwin_util.h
3674 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
3678 - (djm) Fix address logging in utmp from Kevin Steves
3679 <stevesk@sweden.hp.com>
3680 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
3681 - (djm) Seperate tests for int64_t and u_int64_t types
3682 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
3683 <stevesk@sweden.hp.com>
3684 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
3685 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
3686 Michael Stone <mstone@cs.loyola.edu>
3687 - (djm) OpenBSD CVS sync:
3688 - markus@cvs.openbsd.org 2000/09/17 09:38:59
3689 [sshconnect2.c sshd.c]
3691 - markus@cvs.openbsd.org 2000/09/17 09:52:51
3694 - markus@cvs.openbsd.org 2000/09/21 04:55:11
3697 - markus@cvs.openbsd.org 2000/09/21 05:03:54
3700 - markus@cvs.openbsd.org 2000/09/21 05:11:42
3702 utime() to utimes(); mouring@pconline.com
3703 - markus@cvs.openbsd.org 2000/09/21 05:25:08
3705 change login logic in ssh2, allows plugin of other auth methods
3706 - markus@cvs.openbsd.org 2000/09/21 05:25:35
3707 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
3709 add context to dispatch_run
3710 - markus@cvs.openbsd.org 2000/09/21 05:07:52
3711 authfd.c authfd.h ssh-agent.c
3712 bug compat for old ssh.com software
3715 - (djm) Fix bad path substitution. Report from Andrew Miner
3716 <asminer@cs.iastate.edu>
3719 - (djm) Fix SSL search order from Lutz Jaenicke
3720 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3721 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
3722 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
3723 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
3724 Patch from Larry Jones <larry.jones@sdrc.com>
3725 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
3726 password change patch.
3727 - (djm) Bring licenses on my stuff in line with OpenBSD's
3728 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
3729 Kevin Steves <stevesk@sweden.hp.com>
3730 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
3731 - (djm) Re-enable int64_t types - we need them for sftp
3732 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
3733 - (djm) Update Redhat SPEC file accordingly
3734 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
3735 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
3736 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
3737 <Dirk.DeWachter@rug.ac.be>
3738 - (djm) Fixprogs and entropy list fixes from Larry Jones
3739 <larry.jones@sdrc.com>
3740 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
3741 <tyoshida@gemini.rc.kyushu-u.ac.jp>
3742 - (djm) Merge OpenBSD changes:
3743 - markus@cvs.openbsd.org 2000/09/05 02:59:57
3745 print hostname (not hushlogin)
3746 - markus@cvs.openbsd.org 2000/09/05 13:18:48
3747 [authfile.c ssh-add.c]
3748 enable ssh-add -d for DSA keys
3749 - markus@cvs.openbsd.org 2000/09/05 13:20:49
3752 - markus@cvs.openbsd.org 2000/09/06 03:46:41
3755 - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
3757 cleanup copyright notices on all files. I have attempted to be
3758 accurate with the details. everything is now under Tatu's licence
3759 (which I copied from his readme), and/or the core-sdi bsd-ish thing
3760 for deattack, or various openbsd developers under a 2-term bsd
3761 licence. We're not changing any rules, just being accurate.
3762 - markus@cvs.openbsd.org 2000/09/07 14:40:30
3763 [channels.c channels.h clientloop.c serverloop.c ssh.c]
3764 cleanup window and packet sizes for ssh2 flow control; ok niels
3765 - markus@cvs.openbsd.org 2000/09/07 14:53:00
3768 - markus@cvs.openbsd.org 2000/09/07 15:13:37
3769 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
3770 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
3772 some more Copyright fixes
3773 - markus@cvs.openbsd.org 2000/09/08 03:02:51
3776 - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
3778 a few more comments about it being ARC4 not RC4
3779 - markus@cvs.openbsd.org 2000/09/12 14:53:11
3780 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
3781 multiple debug levels
3782 - markus@cvs.openbsd.org 2000/09/14 14:25:15
3785 - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
3787 check return value for setenv(3) for failure, and deal appropriately
3790 - (djm) Fix server not exiting with jobs in background.
3793 - (djm) Import OpenBSD CVS changes
3794 - markus@cvs.openbsd.org 2000/08/31 15:52:24
3795 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
3796 implement a SFTP server. interops with sftp2, scp2 and the windows
3798 - markus@cvs.openbsd.org 2000/08/31 15:56:03
3801 - markus@cvs.openbsd.org 2000/08/31 16:05:42
3804 - markus@cvs.openbsd.org 2000/08/31 16:09:34
3805 [authfd.c ssh-agent.c]
3806 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
3807 - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
3809 cleanup and fix -S support; stevesk@sweden.hp.com
3810 - markus@cvs.openbsd.org 2000/09/01 16:29:32
3813 - markus@cvs.openbsd.org 2000/09/01 16:32:41
3815 fix cast; mouring@pconline.com
3816 - itojun@cvs.openbsd.org 2000/09/03 09:23:28
3818 add missing .El against .Bl.
3819 - markus@cvs.openbsd.org 2000/09/04 13:03:41
3821 missing close; ok theo
3822 - markus@cvs.openbsd.org 2000/09/04 13:07:21
3824 fix get_last_login_time order; from andre@van-veen.de
3825 - markus@cvs.openbsd.org 2000/09/04 13:10:09
3827 more cast fixes; from mouring@pconline.com
3828 - markus@cvs.openbsd.org 2000/09/04 13:06:04
3830 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
3831 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
3832 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
3835 - (djm) Fix Redhat init script
3838 - (djm) Pick up Jim's new X11-askpass
3839 - (djm) Release 2.2.0p1
3842 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
3843 <acox@cv.telegroup.com>
3844 - (djm) Pick up new version (2.2.0) from OpenBSD CVS
3847 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
3848 - (djm) Periodically rekey arc4random
3849 - (djm) Clean up diff against OpenBSD.
3850 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
3851 <stevesk@sweden.hp.com>
3852 - (djm) Quieten the pam delete credentials error message
3853 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
3854 Kevin Steves <stevesk@sweden.hp.com>
3855 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
3856 - (djm) Fix doh in bsd-arc4random.c
3859 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
3860 Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
3861 Garrick James <garrick@james.net>
3862 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
3863 Bastian Trompetter <btrompetter@firemail.de>
3864 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
3865 - More OpenBSD updates:
3866 - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
3868 off_t in sink, to fix files > 2GB, i think, test is still running ;-)
3869 - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
3872 - markus@cvs.openbsd.org 2000/08/26 04:33:43
3875 - markus@cvs.openbsd.org 2000/08/27 12:18:05
3877 compatibility with future ssh.com versions
3878 - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
3879 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
3880 print uid/gid as unsigned
3881 - markus@cvs.openbsd.org 2000/08/28 13:51:00
3883 enable -n and -f for ssh2
3884 - markus@cvs.openbsd.org 2000/08/28 14:19:53
3886 allow combination of -N and -f
3887 - markus@cvs.openbsd.org 2000/08/28 14:20:56
3890 - markus@cvs.openbsd.org 2000/08/28 14:22:02
3893 - markus@cvs.openbsd.org 2000/08/28 14:23:38
3895 don't complain if setting NONBLOCK fails with ENODEV
3898 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
3899 Avoids "scp never exits" problem. Reports from Lutz Jaenicke
3900 <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
3901 <kajiyama@grad.sccs.chukyo-u.ac.jp>
3902 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
3903 - (djm) Add local version to version.h
3904 - (djm) Don't reseed arc4random everytime it is used
3905 - (djm) OpenBSD CVS updates:
3906 - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
3908 accept remsh as a valid name as well; roman@buildpoint.com
3909 - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
3910 [deattack.c crc32.c packet.c]
3911 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
3912 libz crc32 function yet, because it has ugly "long"'s in it;
3914 - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
3916 -S prog support; tv@debian.org
3917 - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
3920 - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
3923 - markus@cvs.openbsd.org 2000/08/19 12:48:11
3924 [channels.c channels.h clientloop.c ssh.c ssh.h]
3925 support for ~. in ssh2
3926 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
3929 - markus@cvs.openbsd.org 2000/08/19 15:34:44
3930 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
3931 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
3932 [fingerprint.c fingerprint.h]
3933 add SSH2/DSA support to the agent and some other DSA related cleanups.
3934 (note that we cannot talk to ssh.com's ssh2 agents)
3935 - markus@cvs.openbsd.org 2000/08/19 15:55:52
3936 [channels.c channels.h clientloop.c]
3937 more ~ support for ssh2
3938 - markus@cvs.openbsd.org 2000/08/19 16:21:19
3941 - millert@cvs.openbsd.org 2000/08/20 12:25:53
3943 We have to stash the result of get_remote_name_or_ip() before we
3944 close our socket or getpeername() will get EBADF and the process
3945 will exit. Only a problem for "UseLogin yes".
3946 - millert@cvs.openbsd.org 2000/08/20 12:30:59
3948 Only check /etc/nologin if "UseLogin no" since login(1) may have its
3949 own policy on determining who is allowed to login when /etc/nologin
3950 is present. Also use the _PATH_NOLOGIN define.
3951 - millert@cvs.openbsd.org 2000/08/20 12:42:43
3952 [auth1.c auth2.c session.c ssh.c]
3953 Add calls to setusercontext() and login_get*(). We basically call
3954 setusercontext() in most places where previously we did a setlogin().
3955 Add default login.conf file and put root in the "daemon" login class.
3956 - millert@cvs.openbsd.org 2000/08/21 10:23:31
3958 Fix incorrect PATH setting; noted by Markus.
3961 - (djm) OpenBSD CVS changes:
3962 - markus@cvs.openbsd.org 2000/07/22 03:14:37
3963 [servconf.c servconf.h sshd.8 sshd.c sshd_config]
3964 random early drop; ok theo, niels
3965 - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
3968 - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
3970 many fixes from pepper@mail.reppep.com
3971 - provos@cvs.openbsd.org 2000/08/01 13:01:42
3972 [Makefile.in util.c aux.c]
3973 rename aux.c to util.c to help with cygwin port
3974 - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
3976 correct sun_len; Alexander@Leidinger.net
3977 - provos@cvs.openbsd.org 2000/08/02 10:27:17
3979 disable kerberos authentication by default
3980 - provos@cvs.openbsd.org 2000/08/02 11:27:05
3981 [sshd.8 readconf.c auth-krb4.c]
3982 disallow kerberos authentication if we can't verify the TGT; from
3984 kerberos authentication is on by default only if you have a srvtab.
3985 - markus@cvs.openbsd.org 2000/08/04 14:30:07
3988 - markus@cvs.openbsd.org 2000/08/04 14:30:35
3991 - markus@cvs.openbsd.org 2000/08/15 13:20:46
3994 - markus@cvs.openbsd.org 2000/08/17 14:05:10
3996 cleanup login(1)-like jobs, no duplicate utmp entries
3997 - markus@cvs.openbsd.org 2000/08/17 14:06:34
3998 [session.c sshd.8 sshd.c]
3999 sshd -u len, similar to telnetd
4000 - (djm) Lastlog was not getting closed after writing login entry
4001 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
4004 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
4005 - (djm) Fix strerror replacement for old SunOS. Based on patch from
4006 Charles Levert <charles@comm.polymtl.ca>
4007 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
4009 - (djm) SUN_LEN macro for systems which lack it
4012 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
4013 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
4014 Michael Stone <mstone@cs.loyola.edu>
4015 - (djm) Don't seek in directory based lastlogs
4016 - (djm) Fix --with-ipaddr-display configure option test. Patch from
4017 Jarno Huuskonen <jhuuskon@messi.uku.fi>
4018 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
4021 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
4022 Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
4025 - (djm) Define AIX hard limits if headers don't. Report from
4026 Bill Painter <william.t.painter@lmco.com>
4027 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
4028 <charles@comm.polymtl.ca>
4031 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
4032 time, spec file cleanup.
4035 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
4036 - (djm) Suppress error messages on channel close shutdown() failurs
4037 works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
4038 - (djm) Add some more entropy collection commands from Lutz Jaenicke
4041 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
4044 - (djm) OpenBSD CVS updates:
4045 - markus@cvs.openbsd.org 2000/07/16 02:27:22
4046 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
4047 [sshconnect1.c sshconnect2.c]
4048 make ssh-add accept dsa keys (the agent does not)
4049 - djm@cvs.openbsd.org 2000/07/17 19:25:02
4051 Another closing of stdin; ok deraadt
4052 - markus@cvs.openbsd.org 2000/07/19 18:33:12
4054 missing free, reorder
4055 - markus@cvs.openbsd.org 2000/07/20 16:23:14
4057 document input and output files
4060 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
4063 - (djm) Release 2.1.1p4
4066 - (djm) OpenBSD CVS updates
4067 - provos@cvs.openbsd.org 2000/07/13 16:53:22
4068 [aux.c readconf.c servconf.c ssh.h]
4069 allow multiple whitespace but only one '=' between tokens, bug report from
4070 Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
4071 - provos@cvs.openbsd.org 2000/07/13 17:14:09
4073 typo; todd@fries.net
4074 - provos@cvs.openbsd.org 2000/07/13 17:19:31
4076 close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
4077 - markus@cvs.openbsd.org 2000/07/14 16:59:46
4078 [readconf.c servconf.c]
4079 allow leading whitespace. ok niels
4080 - djm@cvs.openbsd.org 2000/07/14 22:01:38
4081 [ssh-keygen.c ssh.c]
4082 Always create ~/.ssh with mode 700; ok Markus
4083 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
4084 - Include floatingpoint.h for entropy.c
4085 - strerror replacement
4088 - (djm) Remove -lresolve for Reliant Unix
4089 - (djm) OpenBSD CVS Updates:
4090 - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
4092 make MaxStartups code still work with -d; djm
4093 - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
4094 [readconf.c ssh_config]
4095 disable FallBackToRsh by default
4096 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
4097 Ben Lindstrom <mouring@pconline.com>
4098 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
4100 - (djm) Released 2.1.1p3
4103 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
4105 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
4106 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
4107 <mouring@pconline.com>
4108 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
4109 from Jim Watt <jimw@peisj.pebio.com>
4110 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
4111 to compile on more platforms (incl NeXT).
4112 - (djm) Added bsd-inet_aton and configure support for NeXT
4113 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
4114 - (djm) OpenBSD CVS updates:
4115 - markus@cvs.openbsd.org 2000/06/26 03:22:29
4117 cleanup, less cut&paste
4118 - markus@cvs.openbsd.org 2000/06/26 15:59:19
4119 [servconf.c servconf.h session.c sshd.8 sshd.c]
4120 MaxStartups: limit number of unauthenticated connections, work by
4122 - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
4124 use no_x11_forwarding_flag correctly; provos ok
4125 - provos@cvs.openbsd.org 2000/07/05 15:35:57
4128 - aaron@cvs.openbsd.org 2000/07/05 22:06:58
4129 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
4130 Insert more missing .El directives. Our troff really should identify
4131 these and spit out a warning.
4132 - todd@cvs.openbsd.org 2000/07/06 21:55:04
4133 [auth-rsa.c auth2.c ssh-keygen.c]
4134 clean code is good code
4135 - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
4137 sense of port forwarding flag test was backwards
4138 - provos@cvs.openbsd.org 2000/07/08 17:17:31
4139 [compat.c readconf.c]
4140 replace strtok with strsep; from David Young <dyoung@onthejob.net>
4141 - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
4144 - ho@cvs.openbsd.org 2000/07/08 19:27:33
4145 [compat.c readconf.c]
4146 Better conditions for strsep() ending.
4147 - ho@cvs.openbsd.org 2000/07/10 10:27:05
4149 Get the correct message on errors. (niels@ ok)
4150 - ho@cvs.openbsd.org 2000/07/10 10:30:25
4151 [cipher.c kex.c servconf.c]
4152 strtok() --> strsep(). (niels@ ok)
4153 - (djm) Fix problem with debug mode and MaxStartups
4154 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
4156 - (djm) Add strsep function from OpenBSD libc for systems that lack it
4159 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
4160 Kevin Steves <stevesk@sweden.hp.com>
4161 - (djm) Match prototype and function declaration for rresvport_af.
4162 Problem report from Niklas Edmundsson <nikke@ing.umu.se>
4163 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
4164 builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
4165 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
4166 <jimw@peisj.pebio.com>
4167 - (djm) Fix pam sprintf fix
4168 - (djm) Cleanup entropy collection code a little more. Split initialisation
4169 from seeding, perform intialisation immediatly at start, be careful with
4170 uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
4171 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
4172 Including sigaction() et al. replacements
4173 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
4177 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
4178 Aaron Hopkins <aaron@die.net>
4179 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
4180 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4181 - (djm) Fixed undefined variables for OSF SIA. Report from
4182 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
4183 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
4184 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
4185 - (djm) Don't use inet_addr.
4188 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
4189 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
4190 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
4191 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
4192 Chris, the Young One <cky@pobox.com>
4193 - (djm) Fix scp progress meter on really wide terminals. Based on patch
4194 from James H. Cloos Jr. <cloos@jhcloos.com>
4197 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
4198 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
4199 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
4200 <vinschen@cygnus.com>
4201 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
4202 - (djm) Added check for broken snprintf() functions which do not correctly
4203 terminate output string and attempt to use replacement.
4204 - (djm) Released 2.1.1p2
4207 - (djm) Fixes to lastlog code for Irix
4208 - (djm) Use atomicio in loginrec
4209 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
4210 Irix 6.x array sessions, project id's, and system audit trail id.
4211 - (djm) Added 'distprep' make target to simplify packaging
4212 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
4213 support. Enable using "USE_SIA=1 ./configure [options]"
4216 - (djm) Fixes to login code - not setting li->uid, cleanups
4220 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
4221 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
4222 - (djm) Added password expiry checking (no password change support)
4223 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
4224 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4225 - (djm) Fix fixed EGD code.
4226 - OpenBSD CVS update
4227 - provos@cvs.openbsd.org 2000/06/25 14:17:58
4229 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
4232 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
4233 Svante Signell <svante.signell@telia.com>
4234 - (djm) Autoconf logic to define sa_family_t if it is missing
4235 - OpenBSD CVS Updates:
4236 - markus@cvs.openbsd.org 2000/06/22 10:32:27
4238 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
4239 - djm@cvs.openbsd.org 2000/06/22 17:55:00
4240 [auth-krb4.c key.c radix.c uuencode.c]
4241 Missing CVS idents; ok markus
4244 - (djm) Automatically generate host key during "make install". Suggested
4245 by Gary E. Miller <gem@rellim.com>
4246 - (djm) Paranoia before kill() system call
4247 - OpenBSD CVS Updates:
4248 - markus@cvs.openbsd.org 2000/06/18 18:50:11
4249 [auth2.c compat.c compat.h sshconnect2.c]
4250 make userauth+pubkey interop with ssh.com-2.2.0
4251 - markus@cvs.openbsd.org 2000/06/18 20:56:17
4253 mem leak + be more paranoid in dsa_verify.
4254 - markus@cvs.openbsd.org 2000/06/18 21:29:50
4256 cleanup fingerprinting, less hardcoded sizes
4257 - markus@cvs.openbsd.org 2000/06/19 19:39:45
4258 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
4259 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
4260 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
4261 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
4262 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
4263 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
4264 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
4265 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
4266 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
4268 - markus@cvs.openbsd.org 2000/06/21 10:46:10
4269 sshconnect2.c missing free; nuke old comment
4272 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
4273 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
4274 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
4275 - (djm) Typo in loginrec.c
4278 - (djm) Add summary of configure options to end of ./configure run
4279 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
4280 Michael Stone <mstone@cs.loyola.edu>
4281 - (djm) rusage is a privileged operation on some Unices (incl.
4282 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
4283 - (djm) Avoid PAM failures when running without a TTY. Report from
4284 Martin Petrak <petrak@spsknm.schools.sk>
4285 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
4286 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
4287 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
4288 - OpenBSD CVS updates:
4289 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
4291 everyone says "nix it" (remove protocol 2 debugging message)
4292 - markus@cvs.openbsd.org 2000/06/17 13:24:34
4294 allow extended server banners
4295 - markus@cvs.openbsd.org 2000/06/17 14:30:10
4297 missing atomicio, typo
4298 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
4299 [servconf.c servconf.h session.c sshd.8 sshd_config]
4300 add support for ssh v2 subsystems. ok markus@.
4301 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
4302 [readconf.c servconf.c]
4303 include = in WHITESPACE; markus ok
4304 - markus@cvs.openbsd.org 2000/06/17 19:09:10
4306 implement bug compatibility with ssh-2.0.13 pubkey, server side
4307 - markus@cvs.openbsd.org 2000/06/17 21:00:28
4309 initial support for ssh.com's 2.2.0
4310 - markus@cvs.openbsd.org 2000/06/17 21:16:09
4313 - markus@cvs.openbsd.org 2000/06/17 22:05:02
4314 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
4315 split auth-rsa option parsing into auth-options
4316 add options support to authorized_keys2
4317 - markus@cvs.openbsd.org 2000/06/17 22:42:54
4322 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
4323 - Platform define for SCO 3.x which breaks on /dev/ptmx
4324 - Detect and try to fix missing MAXPATHLEN
4325 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
4326 <P.S.S.Camp@ukc.ac.uk>
4329 - (djm) Glob manpages in RPM spec files to catch compressed files
4330 - (djm) Full license in auth-pam.c
4331 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
4332 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
4333 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
4335 - Set AIX to use preformatted manpages
4338 - (djm) Minor doc tweaks
4339 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
4342 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
4343 (in favour of utmpx) on Solaris 8
4346 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
4347 list of commands (by default). Removed verbose debugging (by default).
4348 - (djm) Increased command entropy estimates and default entropy collection
4350 - (djm) Remove duplicate headers from loginrec.c
4351 - (djm) Don't add /usr/local/lib to library search path on Irix
4352 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
4354 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
4355 <zack@wolery.cumb.org>
4356 - (djm) OpenBSD CVS updates:
4357 - todd@cvs.openbsd.org
4359 teach protocol v2 to count login failures properly and also enable an
4360 explanation of why the password prompt comes up again like v1; this is NOT
4362 - markus@cvs.openbsd.org
4363 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
4364 xauth_location support; pr 1234
4365 [readconf.c sshconnect2.c]
4368 allow use_login only for login sessions, otherwise remote commands are
4371 document UseLogin better
4375 fix match_hostname() logic for auth-rsa: deny access if we have a
4376 negative match or no match at all
4377 [channels.c hostfile.c match.c]
4378 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
4382 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
4386 - Configure tweaking for new login code on Irix 5.3
4387 - (andre) login code changes based on djm feedback
4390 - (andre) New login code
4391 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
4392 - Add loginrec.[ch], logintest.c and autoconf code
4395 - Cleanup of auth.c, login.c and fake-*
4396 - Cleanup of auth-pam.c, save and print "account expired" error messages
4397 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
4398 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
4399 of fallback DIY code.
4402 - Define atexit for old Solaris
4403 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
4404 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
4405 - OpenBSD CVS updates:
4406 - markus@cvs.openbsd.org
4408 make x11-fwd work w/ localhost (xauth add host/unix:11)
4409 [cipher.c compat.c readconf.c servconf.c]
4410 check strtok() != NULL; ok niels@
4412 fix key_read() for uuencoded keys w/o '='
4414 group ssh1 vs. ssh2 in serverloop
4415 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
4416 split kexinit/kexdh, factor out common code
4417 [readconf.c ssh.1 ssh.c]
4418 forwardagent defaults to no, add ssh -A
4419 - theo@cvs.openbsd.org
4421 just some line shortening
4425 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
4426 - Don't touch utmp if USE_UTMPX defined
4427 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
4428 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
4429 - HPUX and Configure fixes from Lutz Jaenicke
4430 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4431 - Use mkinstalldirs script to make directories instead of non-portable
4432 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4436 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
4437 - OpenBSD CVS updates:
4438 - markus@cvs.openbsd.org
4440 copy only ai_addrlen bytes; misiek@pld.org.pl
4442 accept an empty shell in authentication; bug reported by
4443 chris@tinker.ucr.edu
4445 we don't have stderr for interactive terminal sessions (fcntl errors)
4448 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
4449 - Fixes command line printing segfaults (spotter: Bladt Norbert)
4450 - Fixes erroneous printing of debug messages to syslog
4451 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
4452 - Gives useful error message if PRNG initialisation fails
4453 - Reduced ssh startup delay
4454 - Measures cumulative command time rather than the time between reads
4456 - 'fixprogs' perl script to eliminate non-working entropy commands, and
4457 optionally run 'ent' to measure command entropy
4458 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
4459 - Avoid WCOREDUMP complation errors for systems that lack it
4460 - Avoid SIGCHLD warnings from entropy commands
4461 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
4462 - OpenBSD CVS update:
4463 - markus@cvs.openbsd.org
4467 draft-ietf-secsh-architecture-05.txt
4469 document ssh -T -N (ssh2 only)
4470 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
4471 enable nonblocking IO for sshd w/ proto 1, too; split out common code
4474 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
4475 - INSTALL typo and URL fix
4478 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
4479 <ksakai@kso.netwk.ntt-at.co.jp>
4480 - RSAless operation patch from kevin_oconnor@standardandpoors.com
4481 - Detect OpenSSL seperatly from RSA
4482 - Better test for RSA (more compatible with RSAref). Based on work by
4483 Ed Eden <ede370@stl.rural.usda.gov>
4486 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
4490 - Fix for prng_seed permissions checking from Lutz Jaenicke
4491 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4492 - "make host-key" fix for Irix
4495 - OpenBSD CVS update
4496 - markus@cvs.openbsd.org
4497 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
4498 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
4499 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
4500 - hugh@cvs.openbsd.org
4504 - One last nit fix. (markus approved)
4506 - some markus certified spelling adjustments
4507 - markus@cvs.openbsd.org
4508 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
4510 - bug compat w/ ssh-2.0.13 x11, split out bugs
4512 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
4514 - handle escapes in real and original key format, ok millert@
4517 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
4519 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
4520 by Andre Lucas <andre.lucas@dial.pipex.com>
4523 - Makefile and RPM spec fixes
4524 - Generate DSA host keys during "make key" or RPM installs
4525 - OpenBSD CVS update
4526 - markus@cvs.openbsd.org
4527 [clientloop.c sshconnect2.c]
4528 - make x11-fwd interop w/ ssh-2.0.13
4530 - interop w/ SecureFX
4531 - Release 2.0.0beta2
4533 - Configure caching and cleanup patch from Andre Lucas'
4534 <andre.lucas@dial.pipex.com>
4537 - Remove references to SSLeay.
4538 - Big OpenBSD CVS update
4539 - markus@cvs.openbsd.org
4543 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
4545 - update proctitle for proto 1, too
4546 [channels.h nchan.c serverloop.c session.c sshd.c]
4547 - use c-style comments
4548 - deraadt@cvs.openbsd.org
4551 - markus@cvs.openbsd.org
4556 [readconf.c ssh-keygen.c ssh.h]
4557 - default DSA key file ~/.ssh/id_dsa
4559 - typo, rm verbose debug
4560 - deraadt@cvs.openbsd.org
4562 - document DSA use of ssh-keygen
4564 - a start at describing what i understand of the DSA side
4566 - document -X and -x
4569 - markus@cvs.openbsd.org
4571 - there is no rhosts_dsa
4573 - document -y, update -X,-x
4575 - fix close for non-open ssh1 channels
4576 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
4577 - s/DsaKey/HostDSAKey/, document option
4579 - respect number_of_password_prompts
4580 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
4581 - GatewayPorts for sshd, ok deraadt@
4582 [ssh-add.1 ssh-agent.1 ssh.1]
4583 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
4585 - more info on proto 2
4587 - sync AUTHOR w/ ssh.1
4588 [key.c key.h sshconnect.c]
4589 - print key type when talking about host keys
4591 - clear padding in ssh2
4592 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
4593 - replace broken uuencode w/ libc b64_ntop
4595 - log failure before sending the reply
4596 [key.c radix.c uuencode.c]
4597 - remote trailing comments before calling __b64_pton
4598 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
4599 [sshconnect2.c sshd.8]
4600 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
4601 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
4604 - OpenBSD CVS update
4606 - init all fds, close all fds.
4608 - check whether file exists before asking for passphrase
4609 [servconf.c servconf.h sshd.8 sshd.c]
4614 - unbreak, ok niels@
4616 - unlink pid file, ok niels@
4618 - Add missing #ifdefs; ok - markus
4619 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
4620 gathering commands from a text file
4621 - Release 2.0.0beta1
4624 - OpenBSD CVS update
4626 - send debug messages in SSH2 format
4628 - fix very rare EAGAIN/EINTR issues; based on work by djm
4630 - less debug, rm unused
4632 - disable kerb,s/key in ssh2
4634 - Minor tweaks and typo fixes.
4636 - Put -d into usage and reorder. markus ok.
4637 - Include missing headers for OpenSSL tests. Fix from Phil Karn
4638 <karn@ka9q.ampr.org>
4639 - Fixed __progname symbol collisions reported by Andre Lucas
4640 <andre.lucas@dial.pipex.com>
4641 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
4643 - Add some missing ifdefs to auth2.c
4644 - Deprecate perl-tk askpass.
4645 - Irix portability fixes - don't include netinet headers more than once
4646 - Make sure we don't save PRNG seed more than once
4649 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
4650 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
4652 - Adds timeout to entropy collection
4653 - Disables slow entropy sources
4654 - Load and save seed file
4655 - Changed entropy seed code to user per-user seeds only (server seed is
4656 saved in root's .ssh directory)
4657 - Use atexit() and fatal cleanups to save seed on exit
4658 - More OpenBSD updates:
4660 - don't call chan_write_failed() if we are not writing
4661 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
4662 - keysize warnings error() -> log()
4665 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
4667 - interop w/ F-secure windows client
4668 - sync documentation
4669 - ssh_host_dsa_key not ssh_dsa_key
4672 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
4673 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
4674 [sshd.c uuencode.c uuencode.h authfile.h]
4675 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
4676 for trading keys with the real and the original SSH, directly from the
4677 people who invented the SSH protocol.
4678 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
4679 [sshconnect1.c sshconnect2.c]
4680 - split auth/sshconnect in one file per protocol version
4687 [ssh-keygen.1 ssh-keygen.c]
4688 - add -R flag: exit code indicates if RSA is alive
4691 silent if -Q is specified
4693 - host key becomes /etc/ssh_host_dsa_key
4694 [readconf.c servconf.c ]
4695 - ssh/sshd default to proto 1 and 2
4698 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
4700 [auth2.c serverloop.c session.c]
4701 - cleanup logging for sshd/2, respect PasswordAuth no
4703 - less debug, respect .ssh/config
4704 [README.openssh2 channels.c channels.h]
4705 - clientloop.c session.c ssh.c
4706 - support for x11-fwding, client+server
4709 - Merge fix from OpenBSD CVS
4711 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
4712 via Debian bug #59926
4713 - Define __progname in session.c if libc doesn't
4714 - Remove indentation on autoconf #include statements to avoid bug in
4715 DEC Tru64 compiler. Report and fix from David Del Piero
4716 <David.DelPiero@qed.qld.gov.au>
4719 - Make fixpaths work with perl4, patch from Andre Lucas
4720 <andre.lucas@dial.pipex.com>
4721 - Sync with OpenBSD CVS:
4722 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
4725 - remove bogus chan_read_failed. this could cause data
4726 corruption (missing data) at end of a SSH2 session.
4727 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
4728 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
4729 - Use vhangup to clean up Linux ttys
4730 - Force posix getopt processing on GNU libc systems
4731 - Debian bug #55910 - remove references to ssl(8) manpages
4732 - Debian bug #58031 - ssh_config lies about default cipher
4735 - OpenBSD CVS updates
4737 - fix pr 1196, listen_port and port_to_connect interchanged
4739 - after completion, replace the progress bar ETA counter with a final
4740 elapsed time; my idea, aaron wrote the patch
4741 [ssh_config sshd_config]
4742 - show 'Protocol' as an example, ok markus@
4745 - Add missing header to bsd-misc.c
4748 - Reduce diff against OpenBSD source
4749 - All OpenSSL includes are now unconditionally referenced as
4751 - Pick up formatting changes
4752 - Other minor changed (typecasts, etc) that I missed
4755 - OpenBSD CVS updates.
4758 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
4759 [session.c sshconnect.c]
4760 - check payload for (illegal) extra data
4765 - INSTALL doc updates
4766 - Merged OpenBSD updates to include paths.
4769 - OpenBSD CVS updates:
4773 fix passwd prompt for ssh2, less debugging output.
4774 - [clientloop.c compat.c dsa.c kex.c sshd.c]
4775 less debugging output
4776 - [kex.c kex.h sshconnect.c sshd.c]
4777 check for reasonable public DH values
4778 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
4779 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
4780 add Cipher and Protocol options to ssh/sshd, e.g.:
4781 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
4784 print 1.99 only if server supports both
4787 - Avoid some compiler warnings in fake-get*.c
4788 - Add IPTOS macros for systems which lack them
4789 - Only set define entropy collection macros if they are found
4790 - More large OpenBSD CVS updates:
4791 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
4792 [session.h ssh.h sshd.c README.openssh2]
4793 ssh2 server side, see README.openssh2; enable with 'sshd -2'
4795 no adjust after close
4796 - [sshd.c compat.c ]
4797 interop w/ latest ssh.com windows client.
4800 - OpenBSD CVS update:
4803 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
4804 ssh2 client implementation, interops w/ ssh.com and lsh servers.
4807 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
4808 remove unused argument, split cipher_mask()
4810 re-order: group ssh1 vs. ssh2
4811 - Make Redhat spec require openssl >= 0.9.5a
4814 - Add tests for RAND_add function when searching for OpenSSL
4815 - OpenBSD CVS update:
4816 - [packet.h packet.c]
4818 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
4819 [channels.h channels.c]
4820 channel layer support for ssh2
4821 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
4822 DSA, keyexchange, algorithm agreement for ssh2
4823 - Generate manpages before make install not at the end of make all
4824 - Don't seed the rng quite so often
4825 - Always reseed rng when requested
4828 - Wrote entropy collection routines for systems that lack /dev/random
4830 - Disable tests and typedefs for 64 bit types. They are currently unused.
4833 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
4834 - [auth.c session.c sshd.c auth.h]
4835 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
4836 - [bufaux.c bufaux.h]
4837 support ssh2 bignums
4838 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
4839 [readconf.c ssh.c ssh.h serverloop.c]
4840 replace big switch() with function tables (prepare for ssh2)
4842 ssh2 message type codes
4844 reorder Xr to avoid cutting
4846 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
4849 allow bigger packets
4850 - [cipher.c cipher.h]
4851 support ssh2 ciphers
4854 - [dispatch.c dispatch.h]
4855 function tables for different message types
4857 do not log() if debuggin to stderr
4858 rename a cpp symbol, to avoid param.h collision
4865 - Better tests for OpenSSL w/ RSAref
4866 - Added replacement setenv() function from OpenBSD libc. Suggested by
4867 Ben Lindstrom <mouring@pconline.com>
4868 - OpenBSD CVS update
4871 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
4872 [match.h ssh.c ssh.h sshconnect.c sshd.c]
4873 initial support for DSA keys. ok deraadt@, niels@
4874 - [cipher.c cipher.h]
4875 remove unused cipher_attack_detected code
4876 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
4877 Fix some formatting problems I missed before.
4879 fix spelling errors, From: FreeBSD
4881 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
4887 - Clarified --with-default-path option.
4888 - Added -blibpath handling for AIX to work around stupid runtime linking.
4889 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
4890 <jmknoble@jmknoble.cx>
4891 - Checks for 64 bit int types. Problem report from Mats Fredholm
4893 - OpenBSD CVS updates:
4894 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
4895 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
4897 pedantic: signed vs. unsigned, void*-arithm, etc
4899 Various cleanups and standardizations.
4900 - Runtime error fix for HPUX from Otmar Stahl
4901 <O.Stahl@lsw.uni-heidelberg.de>
4904 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
4905 Hesprich <dghespri@sprintparanet.com>
4906 - Propogate LD through to Makefile
4908 - Added blurb about "scp: command not found" errors to UPGRADING
4911 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
4912 problems with gcc/Solaris.
4913 - Don't free argument to putenv() after use (in setenv() replacement).
4914 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
4915 - Created contrib/ subdirectory. Included helpers from Phil Hands'
4916 Debian package, README file and chroot patch from Ricardo Cerqueira
4918 - Moved gnome-ssh-askpass.c to contrib directory and removed config
4920 - Slight cleanup to doc files
4921 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
4924 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
4925 peter@frontierflying.com
4926 - Include /usr/local/include and /usr/local/lib for systems that don't
4928 - -R/usr/local/lib for Solaris
4929 - Fix RSAref detection
4930 - Fix IN6_IS_ADDR_V4MAPPED macro
4934 - OpenBSD CVS change
4936 - disallow guessing of root password
4937 - More configure fixes
4938 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
4941 - OpenBSD CVS updates to v1.2.3
4943 - int atomicio -> ssize_t (for alpha). ok deraadt@
4945 - delay MD5 computation until client sends response, free() early, cleanup.
4947 - void* -> unsigned char*, ok niels@
4949 - remove unused variable 'len'. fix comments.
4950 - remove unused variable
4951 [log-client.c log-server.c]
4952 - rename a cpp symbol, to avoid param.h collision
4955 - getsockname() requires initialized tolen; andy@guildsoftware.com
4956 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
4957 from Holger.Trapp@Informatik.TU-Chemnitz.DE
4959 - register cleanup for pty earlier. move code for pty-owner handling to
4960 pty.c ok provos@, dugsong@
4962 - turn off x11-fwd for the client, too.
4966 - allow '.' in usernames; from jedgar@fxp.org
4968 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
4969 - sync with sshd_config
4971 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
4973 - Change invalid 'CHAT' loglevel to 'VERBOSE'
4975 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
4976 - turn off x11-fwd for the client, too.
4979 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
4980 - read error vs. "Connection closed by remote host"
4983 - do not link to a commercial page..
4984 - sync with sshd_config
4986 - no need for poll.h; from bright@wintelcom.net
4987 - log with level log() not fatal() if peer behaves badly.
4988 - don't panic if client behaves strange. ok deraadt@
4989 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
4990 - delay close() of pty until the pty has been chowned back to root
4991 - oops, fix comment, too.
4993 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
4994 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
4995 - register cleanup for pty earlier. move code for pty-owner handling to
4996 pty.c ok provos@, dugsong@
4997 - create x11 cookie file
4998 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
5001 - Removed warning workaround for Linux and devpts filesystems (no longer
5002 required after OpenBSD updates)
5005 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
5011 - Fix DEC compile fix
5012 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
5013 - Check for getpagesize in libucb.a if not found in libc. Fix for old
5014 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
5015 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
5016 Mate Wierdl <mw@moni.msci.memphis.edu>
5019 - Added "make host-key" target, Suggestion from Dominik Brettnacher
5021 - Don't permanently fail on bind() if getaddrinfo has more choices left for
5022 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
5023 Miskiewicz <misiek@pld.org.pl>
5024 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
5025 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
5028 - Big cleanup of autoconf code
5029 - Rearranged to be a little more logical
5030 - Added -R option for Solaris
5031 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
5032 to detect library and header location _and_ ensure library has proper
5033 RSA support built in (this is a problem with OpenSSL 0.9.5).
5034 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
5035 - Avoid warning message with Unix98 ptys
5036 - Warning was valid - possible race condition on PTYs. Avoided using
5037 platform-specific code.
5038 - Document some common problems
5039 - Allow root access to any key. Patch from
5040 markus.friedl@informatik.uni-erlangen.de
5043 - Removed SOCKS code. Will support through a ProxyCommand.
5046 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
5047 - Add --with-ssl-dir option
5050 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
5052 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
5053 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
5054 <haruyama@nt.phys.s.u-tokyo.ac.jp>
5057 - Use socket pairs by default (instead of pipes). Prevents race condition
5058 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
5061 - Seed OpenSSL's random number generator before generating RSA keypairs
5062 - Split random collector into seperate file
5063 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
5066 - Released 1.2.2 stable
5068 - NeXT keeps it lastlog in /usr/adm. Report from
5069 mouring@newton.pconline.com
5070 - Added note in UPGRADING re interop with commercial SSH using idea.
5071 Report from Jim Knoble <jmknoble@jmknoble.cx>
5072 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
5073 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
5076 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
5077 <andre.lucas@dial.pipex.com>
5078 - Reorder PAM initialisation so it does not mess up lastlog. Reported
5079 by Andre Lucas <andre.lucas@dial.pipex.com>
5080 - Use preformatted manpages on SCO, report from Gary E. Miller
5082 - New URL for x11-ssh-askpass.
5083 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
5084 <jmknoble@jmknoble.cx>
5085 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
5086 Jim Knoble <jmknoble@jmknoble.cx>
5087 - Updated RPM spec files to use DESTDIR
5090 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
5096 getsockname() requires initialized tolen; andy@guildsoftware.com
5097 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
5098 <drankin@bohemians.lexington.ky.us>
5099 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
5102 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
5104 - Merge preformatted manpage patch from Andre Lucas
5105 <andre.lucas@dial.pipex.com>
5106 - Make IPv4 use the default in RPM packages
5107 - Irix uses preformatted manpages
5108 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
5109 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
5110 - OpenBSD CVS updates:
5112 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
5113 from Holger.Trapp@Informatik.TU-Chemnitz.DE
5115 log with level log() not fatal() if peer behaves badly.
5117 instead of blocking SIGINT, catch it ourselves, so that we can clean
5118 the tty modes up and kill ourselves -- instead of our process group
5119 leader (scp, cvs, ...) going away and leaving us in noecho mode.
5120 people with cbreak shells never even noticed..
5121 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5125 - Don't use getaddrinfo on AIX
5126 - Update to latest OpenBSD CVS:
5128 - fix user/1056, sshd keeps restrictions; dbt@meat.net
5130 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
5131 - destroy keys earlier
5132 - split key exchange (kex) and user authentication (user-auth),
5135 - no need for poll.h; from bright@wintelcom.net
5136 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
5137 - split key exchange (kex) and user authentication (user-auth),
5139 - Big manpage and config file cleanup from Andre Lucas
5140 <andre.lucas@dial.pipex.com>
5141 - Re-added latest (unmodified) OpenBSD manpages
5143 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
5144 Christos Zoulas <christos@netbsd.org>
5147 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
5148 - Compile fix from Darren_Hall@progressive.com
5149 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
5150 addresses using getaddrinfo(). Added a configure switch to make the
5151 default lookup mode AF_INET
5154 - Fixed --with-pid-dir option
5155 - Makefile fix from Gary E. Miller <gem@rellim.com>
5156 - Compile fix for HPUX and Solaris from Andre Lucas
5157 <andre.lucas@dial.pipex.com>
5160 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
5161 port, ignore EINVAL errors (Linux) when searching for free port.
5162 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
5163 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
5164 - Document location of Redhat PAM file in INSTALL.
5165 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
5166 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
5167 deliver (no IPv6 kernel support)
5168 - Released 1.2.1pre27
5170 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
5171 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
5172 <jhuuskon@hytti.uku.fi>
5173 - Fix hang on logout if processes are still using the pty. Needs
5175 - Patch from Christos Zoulas <christos@zoulas.com>
5176 - Try $prefix first when looking for OpenSSL.
5177 - Include sys/types.h when including sys/socket.h in test programs
5178 - Substitute PID directory in sshd.8. Suggestion from Andrew
5179 Stribblehill <a.d.stribblehill@durham.ac.uk>
5182 - Renamed --with-xauth-path to --with-xauth
5183 - Added --with-pid-dir option
5184 - Released 1.2.1pre26
5186 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
5187 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
5188 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
5191 - Add --with-xauth-path configure directive and explicit test for
5192 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
5193 Nordby <anders@fix.no>
5194 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
5195 openpty. Report from John Seifarth <john@waw.be>
5196 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
5197 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
5199 - Use __snprintf and __vnsprintf if they are found where snprintf and
5200 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
5204 - Merged OpenBSD IPv6 patch:
5205 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
5206 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
5207 [hostfile.c sshd_config]
5208 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
5209 features: sshd allows multiple ListenAddress and Port options. note
5210 that libwrap is not IPv6-ready. (based on patches from
5211 fujiwara@rcac.tdi.co.jp)
5212 - [ssh.c canohost.c]
5213 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
5216 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
5218 allow auth-kerberos for IPv4 only
5219 - [scp.1 sshd.8 servconf.h scp.c]
5220 document -4, -6, and 'ssh -L 2022/::1/22'
5222 'ssh @host' is illegal (null user name), from
5223 karsten@gedankenpolizei.de
5225 better error message
5227 allow auth-kerberos for IPv4 only
5229 - Cleanup overrun in sockaddr copying on RHL 6.1
5230 - Replacements for getaddrinfo, getnameinfo, etc based on versions
5231 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
5232 - Replacement for missing structures on systems that lack IPv6
5233 - record_login needed to know about AF_INET6 addresses
5234 - Borrowed more code from OpenBSD: rresvport_af and requisites
5237 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
5240 - New config.sub and config.guess to fix problems on SCO. Supplied
5241 by Gary E. Miller <gem@rellim.com>
5242 - SCO build fix from Gary E. Miller <gem@rellim.com>
5243 - Released 1.2.1pre25
5246 - Documentation update & cleanup
5247 - Better KrbIV / AFS detection, based on patch from:
5248 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
5251 - Fixed annoying DES corruption problem. libcrypt has been
5252 overriding symbols in libcrypto. Removed libcrypt and crypt.h
5253 altogether (libcrypto includes its own crypt(1) replacement)
5254 - Added platform-specific rules for Irix 6.x. Included warning that
5258 - Add explicit make rules for files proccessed by fixpaths.
5259 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
5261 - Removed "nullok" directive from default PAM configuration files.
5262 Added information on enabling EmptyPasswords on openssh+PAM in
5264 - OpenBSD CVS updates
5266 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
5269 compare correct version for 1.3 compat mode
5272 - Prevent multiple inclusion of config.h and defines.h. Suggested
5273 by Andre Lucas <andre.lucas@dial.pipex.com>
5274 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
5275 <dgaudet@arctic.org>
5278 - Fix password support on systems with a mixture of shadowed and
5279 non-shadowed passwords (e.g. NIS). Report and fix from
5280 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
5281 - Fix broken autoconf typedef detection. Report from Marc G.
5282 Fournier <marc.fournier@acadiau.ca>
5283 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
5284 <Franz.Sirl-kernel@lauterbach.com>
5285 - Prevent typedefs from being compiled more than once. Report from
5286 Marc G. Fournier <marc.fournier@acadiau.ca>
5287 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
5289 - Really fix broken default path. Fix from Jim Knoble
5290 <jmknoble@jmknoble.cx>
5291 - Remove test for quad_t. No longer needed.
5292 - Released 1.2.1pre24
5294 - Added support for directory-based lastlogs
5295 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
5298 - OpenBSD CVS updates:
5301 - Removed most of the pam code into its own file auth-pam.[ch]. This
5302 cleaned up sshd.c up significantly.
5303 - PAM authentication was incorrectly interpreting
5304 "PermitRootLogin without-password". Report from Matthias Andree
5305 <ma@dt.e-technik.uni-dortmund.de
5306 - Several other cleanups
5307 - Merged Dante SOCKS support patch from David Rankin
5308 <drankin@bohemians.lexington.ky.us>
5309 - Updated documentation with ./configure options
5310 - Released 1.2.1pre23
5313 - Applied another NetBSD portability patch from David Rankin
5314 <drankin@bohemians.lexington.ky.us>
5315 - Fix --with-default-path option.
5316 - Autodetect perl, patch from David Rankin
5317 <drankin@bohemians.lexington.ky.us>
5318 - Print whether OpenSSH was compiled with RSARef, patch from
5319 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
5320 - Calls to pam_setcred, patch from Nalin Dahyabhai
5321 <nalin@thermo.stat.ncsu.edu>
5322 - Detect missing size_t and typedef it.
5323 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
5324 - Minor Makefile cleaning
5327 - Replacement for getpagesize() for systems which lack it
5328 - NetBSD login.c compile fix from David Rankin
5329 <drankin@bohemians.lexington.ky.us>
5330 - Fully set ut_tv if present in utmp or utmpx
5331 - Portability fixes for Irix 5.3 (now compiles OK!)
5332 - autoconf and other misc cleanups
5333 - Merged AIX patch from Darren Hall <dhall@virage.org>
5334 - Cleaned up defines.h
5335 - Released 1.2.1pre22
5338 - Automatically correct paths in manpages and configuration files. Patch
5339 and script from Andre Lucas <andre.lucas@dial.pipex.com>
5340 - Removed credits from README to CREDITS file, updated.
5341 - Added --with-default-path to specify custom path for server
5342 - Removed #ifdef trickery from acconfig.h into defines.h
5343 - PAM bugfix. PermitEmptyPassword was being ignored.
5344 - Fixed PAM config files to allow empty passwords if server does.
5345 - Explained spurious PAM auth warning workaround in UPGRADING
5346 - Use last few chars of tty line as ut_id
5347 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
5348 - OpenBSD CVS updates:
5349 - [packet.h auth-rhosts.c]
5350 check format string for packet_disconnect and packet_send_debug, too
5352 use packet_get_maxsize for channels. consistence.
5355 - Enabled utmpx support by default for Solaris
5356 - Cleanup sshd.c PAM a little more
5357 - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
5358 X11 ssh-askpass program.
5359 - Disable logging of PAM success and failures, PAM is verbose enough.
5360 Unfortunatly there is currently no way to disable auth failure
5361 messages. Mention this in UPGRADING file and sent message to PAM
5363 - OpenBSD CVS update:
5364 - [ssh-keygen.1 ssh.1]
5365 remove ref to .ssh/random_seed, mention .ssh/environment in
5367 - Released 1.2.1pre21
5368 - Fixed implicit '.' in default path, report from Jim Knoble
5369 <jmknoble@jmknoble.cx>
5370 - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
5373 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
5374 - Cleanup of auth-passwd.c for shadow and MD5 passwords
5375 - Cleanup and bugfix of PAM authentication code
5376 - Released 1.2.1pre20
5378 - Merged fixes from Ben Taylor <bent@clark.net>
5379 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
5380 - Disabled logging of PAM password authentication failures when password
5381 is empty. (e.g start of authentication loop). Reported by Naz
5382 <96na@eng.cam.ac.uk>)
5385 - Merged later HPUX patch from Andre Lucas
5386 <andre.lucas@dial.pipex.com>
5387 - Above patch included better utmpx support from Ben Taylor
5391 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
5393 - Fix login.c breakage on systems which lack ut_host in struct
5394 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
5397 - Integration of large HPUX patch from Andre Lucas
5398 <andre.lucas@dial.pipex.com>. Integrating it had a few other
5400 - Ability to disable shadow passwords at configure time
5401 - Ability to disable lastlog support at configure time
5402 - Support for IP address in $DISPLAY
5403 - OpenBSD CVS update:
5405 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
5406 - Fix DISABLE_SHADOW support
5407 - Allow MD5 passwords even if shadow passwords are disabled
5408 - Release 1.2.1pre19
5411 - Redhat init script patch from Chun-Chung Chen
5412 <cjj@u.washington.edu>
5413 - Avoid breakage on systems without IPv6 headers
5416 - Makefile changes for Solaris from Peter Kocks
5417 <peter.kocks@baygate.com>
5418 - Minor updates to docs
5419 - Merged OpenBSD CVS changes:
5420 - [authfd.c ssh-agent.c]
5421 keysize warnings talk about identity files
5423 "Connection closed by x.x.x.x": fatal() -> log()
5424 - Correctly handle empty passwords in shadow file. Patch from:
5425 "Chris, the Young One" <cky@pobox.com>
5426 - Released 1.2.1pre18
5429 - Integrated patchs from Juergen Keil <jk@tools.de>
5430 - Avoid void* pointer arithmatic
5431 - Use LDFLAGS correctly
5432 - Fix SIGIO error in scp
5433 - Simplify status line printing in scp
5434 - Added better test for inline functions compiler support from
5435 Darren_Hall@progressive.com
5438 - OpenBSD CVS Changes
5440 fix get_remote_port() and friends for sshd -i;
5441 Holger.Trapp@Informatik.TU-Chemnitz.DE
5443 make code simpler. no need for memcpy. niels@ ok
5445 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
5448 typo; mark.baushke@solipsa.com
5449 - [channels.c ssh.c ssh.h sshd.c]
5450 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
5452 move checking of hostkey into own function.
5455 - Clean up broken includes in pty.c
5456 - Some older systems don't have poll.h, they use sys/poll.h instead
5460 - Fix compilation on systems with AFS. Reported by
5461 aloomis@glue.umd.edu
5462 - Fix installation on Solaris. Reported by
5463 Gordon Rowell <gordonr@gormand.com.au>
5464 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
5465 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
5466 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
5467 - Compile fix from David Agraz <dagraz@jahoopa.com>
5468 - Avoid compiler warning in bsd-snprintf.c
5469 - Added pam_limits.so to default PAM config. Suggested by
5470 Jim Knoble <jmknoble@jmknoble.cx>
5473 - Import of patch from Ben Taylor <bent@clark.net>:
5474 - Improved PAM support
5475 - "uninstall" rule for Makefile
5477 - Should fix PAM problems on Solaris
5478 - OpenBSD CVS updates:
5480 avoid stdio; based on work by markus, millert, and I
5482 make sure the client selects a supported cipher
5484 fix sighup handling. accept would just restart and daemon handled
5485 sighup only after the next connection was accepted. use poll on
5489 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
5490 to fix libwrap support on NetBSD
5494 - Compile fix for Solaris with /dev/ptmx from
5495 David Agraz <dagraz@jahoopa.com>
5498 - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
5499 fixes compatability with 4.x and 5.x
5500 - Fixed default SSH_ASKPASS
5501 - Fix PAM account and session being called multiple times. Problem
5502 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
5503 - Merged more OpenBSD changes:
5504 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
5505 move atomicio into it's own file. wrap all socket write()s which
5506 were doing write(sock, buf, len) != len, with atomicio() calls.
5510 properly name fd variable
5512 display great hatred towards strcpy
5513 - [pty.c pty.h sshd.c]
5514 use openpty() if it exists (it does on BSD4_4)
5516 check for ~ expansion past MAXPATHLEN
5517 - Modified helper.c to use new atomicio function.
5518 - Reformat Makefile a little
5519 - Moved RC4 routines from rc4.[ch] into helper.c
5520 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
5521 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
5522 - Tweaked Redhat spec
5523 - Clean up bad imports of a few files (forgot -kb)
5527 - Small cleanup of PAM code in sshd.c
5528 - Merged OpenBSD CVS changes:
5529 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
5530 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
5532 warn only about mismatch if key is _used_
5533 warn about keysize-mismatch with log() not error()
5534 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
5537 indent, shorter warning
5539 use error() for internal errors
5541 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
5544 - [ssh-add.1 ssh-add.c ssh.h]
5545 document $SSH_ASKPASS, reasonable default
5547 CheckHostIP is not available for connects via proxy command
5550 easier to read client code for passwd and skey auth
5551 turn of checkhostip for proxy connects, since we don't know the remote ip
5554 - Add definition for __P()
5555 - Added [v]snprintf() replacement for systems that lack it
5558 - More reformatting merged from OpenBSD CVS
5559 - Merged OpenBSD CVS changes:
5561 fix packet_integrity_check() for !have_hostname_in_open.
5562 report from mrwizard@psu.edu via djm@ibs.com.au
5564 set SO_REUSEADDR and SO_LINGER for forwarded ports.
5565 chip@valinux.com via damien@ibs.com.au
5567 it's not an error() if shutdown_write failes in nchan.
5569 remove dead #ifdef-0-code
5570 - [readconf.c servconf.c]
5571 strcasecmp instead of tolower
5573 progress meter overflow fix from damien@ibs.com.au
5574 - [ssh-add.1 ssh-add.c]
5577 postpone fork_after_authentication until command execution,
5578 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
5579 plus: use daemon() for backgrounding
5580 - Added BSD compatible install program and autoconf test, thanks to
5581 Niels Kristian Bech Jensen <nkbj@image.dk>
5582 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
5583 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
5587 - Merged very large OpenBSD source code reformat
5588 - OpenBSD CVS updates
5589 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
5590 [ssh.h sshd.8 sshd.c]
5592 * Unified Logmessage for all auth-types, for success and for failed
5593 * Standard connections get only ONE line in the LOG when level==LOG:
5594 Auth-attempts are logged only, if authentication is:
5597 c) we had more than AUTH_FAIL_LOG failues
5598 * many log() became verbose()
5599 * old behaviour with level=VERBOSE
5600 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
5601 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
5602 messages. allows use of s/key in windows (ttssh, securecrt) and
5603 ssh-1.2.27 clients without 'ssh -v', ok: niels@
5605 -V, for fallback to openssh in SSH2 compatibility mode
5607 fix sigchld race; cjc5@po.cwru.edu
5610 - Added SuSE package files from Chris Saia <csaia@wtower.com>
5611 - Restructured package-related files under packages/*
5612 - Added generic PAM config
5613 - Numerous little Solaris fixes
5614 - Add recommendation to use GNU make to INSTALL document
5617 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
5618 - OpenBSD CVS Changes
5620 don't create ~/.ssh only if the user wants to store the private
5621 key there. show fingerprint instead of public-key after
5622 keygeneration. ok niels@
5623 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
5624 - Added timersub() macro
5625 - Tidy RCSIDs of bsd-*.c
5626 - Added autoconf test and macro to deal with old PAM libraries
5627 pam_strerror definition (one arg vs two).
5628 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
5629 - Retry /dev/urandom reads interrupted by signal (report from
5630 Robert Hardy <rhardy@webcon.net>)
5631 - Added a setenv replacement for systems which lack it
5632 - Only display public key comment when presenting ssh-askpass dialog
5635 - Configure, Make and changelog corrections from Tudor Bosman
5636 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
5639 - OpenBSD CVS Changes:
5641 make this compile, bad markus
5642 - [log.c readconf.c servconf.c ssh.h]
5643 bugfix: loglevels are per host in clientconfig,
5644 factor out common log-level parsing code.
5646 remove unused index (-Wall)
5648 only one 'extern char *__progname'
5650 document SIGHUP, -Q to synopsis
5651 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
5652 [channels.c clientloop.c]
5653 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
5654 [hope this time my ISP stays alive during commit]
5655 - [OVERVIEW README] typos; green@freebsd
5657 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
5658 exit if writing the key fails (no infinit loop)
5659 print usage() everytime we get bad options
5660 - [ssh-keygen.c] overflow, djm@mindrot.org
5661 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
5664 - Merged more Solaris support from Marc G. Fournier
5665 <marc.fournier@acadiau.ca>
5666 - Wrote autoconf tests for integer bit-types
5667 - Fixed enabling kerberos support
5668 - Fix segfault in ssh-keygen caused by buffer overrun in filename
5672 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
5673 - Merged OpenBSD CVS changes
5674 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
5675 more %d vs. %s in fmt-strings
5677 Integers should not be printed with %s
5678 - EGD uses a socket, not a named pipe. Duh.
5679 - Fix includes in fingerprint.c
5680 - Fix scp progress bar bug again.
5681 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
5682 David Rankin <drankin@bohemians.lexington.ky.us>
5683 - Added autoconf option to enable Kerberos 4 support (untested)
5684 - Added autoconf option to enable AFS support (untested)
5685 - Added autoconf option to enable S/Key support (untested)
5686 - Added autoconf option to enable TCP wrappers support (compiles OK)
5687 - Renamed BSD helper function files to bsd-*
5688 - Added tests for login and daemon and enable OpenBSD replacements for
5689 when they are absent.
5690 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
5693 - Merged OpenBSD CVS changes
5694 - [scp.c] foregroundproc() in scp
5695 - [sshconnect.h] include fingerprint.h
5696 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
5698 - [ssh.1] Spell my name right.
5699 - Added openssh.com info to README
5702 - Merged OpenBSD CVS changes
5703 - [ChangeLog.Ylonen] noone needs this anymore
5704 - [authfd.c] close-on-exec for auth-socket, ok deraadt
5706 in known_hosts key lookup the entry for the bits does not need
5707 to match, all the information is contained in n and e. This
5708 solves the problem with buggy servers announcing the wrong
5709 modulus length. markus and me.
5711 bugfix: check for space if child has terminated, from:
5712 iedowse@maths.tcd.ie
5713 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
5714 [fingerprint.c fingerprint.h]
5715 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
5716 - [ssh-agent.1] typo
5717 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
5719 force logging to stderr while loading private key file
5720 (lost while converting to new log-levels)
5723 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
5724 - Merged OpenBSD CVS changes:
5725 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
5726 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
5727 the keysize of rsa-parameter 'n' is passed implizit,
5728 a few more checks and warnings about 'pretended' keysizes.
5729 - [cipher.c cipher.h packet.c packet.h sshd.c]
5730 remove support for cipher RC4
5732 a note for legay systems about secuity issues with permanently_set_uid(),
5733 the private hostkey and ptrace()
5735 more detailed messages about adding and checking hostkeys
5738 - Merged OpenBSD CVS changes:
5739 - [ssh-add.c] change passphrase loop logic and remove ref to
5741 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
5743 - Revised autoconf support for enabling/disabling askpass support.
5744 - Merged more OpenBSD CVS changes:
5746 - disconnect if getpeername() fails
5747 - missing xfree(*client)
5749 - disconnect if getpeername() fails
5750 - fix comment: we _do_ disconnect if ip-options are set
5752 - disconnect if getpeername() fails
5753 - move checking of remote port to central place
5754 [auth-rhosts.c] move checking of remote port to central place
5755 [log-server.c] avoid extra fd per sshd, from millert@
5756 [readconf.c] print _all_ bad config-options in ssh(1), too
5757 [readconf.h] print _all_ bad config-options in ssh(1), too
5758 [ssh.c] print _all_ bad config-options in ssh(1), too
5759 [sshconnect.c] disconnect if getpeername() fails
5760 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
5761 - Various small cleanups to bring diff (against OpenBSD) size down.
5762 - Merged more Solaris compability from Marc G. Fournier
5763 <marc.fournier@acadiau.ca>
5764 - Wrote autoconf tests for __progname symbol
5765 - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
5768 - Another OpenBSD CVS update:
5769 - [ssh-keygen.1] fix .Xr
5772 - Solaris compilation fixes (still imcomplete)
5775 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
5776 - Don't install config files if they already exist
5777 - Fix inclusion of additional preprocessor directives from acconfig.h
5778 - Removed redundant inclusions of config.h
5779 - Added 'Obsoletes' lines to RPM spec file
5780 - Merged OpenBSD CVS changes:
5781 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
5782 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
5783 totalsize, ok niels,aaron
5784 - Delay fork (-f option) in ssh until after port forwarded connections
5785 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
5786 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
5787 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
5788 - Tidied default config file some more
5789 - Revised Redhat initscript to fix bug: sshd (re)start would fail
5790 if executed from inside a ssh login.
5793 - Merged changes from OpenBSD CVS
5794 - [sshd.c] session_key_int may be zero
5795 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
5796 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
5798 - Brought default sshd_config more in line with OpenBSD's
5799 - Grab server in gnome-ssh-askpass (Debian bug #49872)
5802 - Added INSTALL documentation
5803 - Merged yet more changes from OpenBSD CVS
5804 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
5805 [ssh.c ssh.h sshconnect.c sshd.c]
5806 make all access to options via 'extern Options options'
5807 and 'extern ServerOptions options' respectively;
5808 options are no longer passed as arguments:
5809 * make options handling more consistent
5810 * remove #include "readconf.h" from ssh.h
5811 * readconf.h is only included if necessary
5812 - [mpaux.c] clear temp buffer
5813 - [servconf.c] print _all_ bad options found in configfile
5814 - Make ssh-askpass support optional through autoconf
5815 - Fix nasty division-by-zero error in scp.c
5819 - Added (untested) Entropy Gathering Daemon (EGD) support
5820 - Fixed /dev/urandom fd leak (Debian bug #49722)
5821 - Merged OpenBSD CVS changes:
5822 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
5823 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
5824 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
5825 - Fix integer overflow which was messing up scp's progress bar for large
5826 file transfers. Fix submitted to OpenBSD developers. Report and fix
5827 from Kees Cook <cook@cpoint.net>
5828 - Merged more OpenBSD CVS changes:
5829 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
5830 + krb-cleanup cleanup
5831 - [clientloop.c log-client.c log-server.c ]
5832 [readconf.c readconf.h servconf.c servconf.h ]
5833 [ssh.1 ssh.c ssh.h sshd.8]
5834 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
5835 obsoletes QuietMode and FascistLogging in sshd.
5836 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
5837 allow session_key_int != sizeof(session_key)
5838 [this should fix the pre-assert-removal-core-files]
5839 - Updated default config file to use new LogLevel option and to improve
5843 - Merged several minor fixes:
5844 - ssh-agent commandline parsing
5845 - RPM spec file now installs ssh setuid root
5846 - Makefile creates libdir
5847 - Merged beginnings of Solaris compability from Marc G. Fournier
5848 <marc.fournier@acadiau.ca>
5851 - Autodetection of SSL/Crypto library location via autoconf
5852 - Fixed location of ssh-askpass to follow autoconf
5853 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
5854 - Autodetection of RSAref library for US users
5856 - Merged OpenBSD CVS changes:
5857 - [rsa.c] bugfix: use correct size for memset()
5858 - [sshconnect.c] warn if announced size of modulus 'n' != real size
5859 - Added GNOME passphrase requestor (use --with-gnome-askpass)
5860 - RPM build now creates subpackages
5864 - Removed debian/ directory. This is now being maintained separately.
5865 - Added symlinks for slogin in RPM spec file
5866 - Fixed permissions on manpages in RPM spec file
5867 - Added references to required libraries in README file
5868 - Removed config.h.in from CVS
5869 - Removed pwdb support (better pluggable auth is provided by glibc)
5870 - Made PAM and requisite libdl optional
5871 - Removed lots of unnecessary checks from autoconf
5872 - Added support and autoconf test for openpty() function (Unix98 pty support)
5873 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
5875 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
5876 - Added ssh-askpass program
5877 - Added ssh-askpass support to ssh-add.c
5878 - Create symlinks for slogin on install
5879 - Fix "distclean" target in makefile
5880 - Added example for ssh-agent to manpage
5881 - Added support for PAM_TEXT_INFO messages
5882 - Disable internal /etc/nologin support if PAM enabled
5883 - Merged latest OpenBSD CVS changes:
5884 - [all] replace assert() with error, fatal or packet_disconnect
5885 - [sshd.c] don't send fail-msg but disconnect if too many authentication
5887 - [sshd.c] remove unused argument. ok dugsong
5889 - [rsa.c] clear buffers used for encryption. ok: niels
5890 - [rsa.c] replace assert() with error, fatal or packet_disconnect
5891 - [auth-krb4.c] remove unused argument. ok dugsong
5892 - Fixed coredump after merge of OpenBSD rsa.c patch
5896 - Merged change from OpenBSD CVS
5897 - One-line cleanup in sshd.c
5900 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
5901 - Merged latest updates for OpenBSD CVS:
5902 - channels.[ch] - remove broken x11 fix and document istate/ostate
5903 - ssh-agent.c - call setsid() regardless of argv[]
5904 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
5905 - Documentation cleanups
5906 - Renamed README -> README.Ylonen
5907 - Renamed README.openssh ->README
5910 - Renamed openssh* back to ssh* at request of Theo de Raadt
5911 - Incorporated latest changes from OpenBSD's CVS
5912 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
5913 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
5914 - Make distclean now removed configure script
5915 - Improved PAM logging
5916 - Added some debug() calls for PAM
5917 - Removed redundant subdirectories
5918 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
5920 - Fixed off-by-one error in PAM env patch
5924 - Further PAM enhancements.
5926 - Now uses account and session modules for all logins.
5927 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
5930 - Change binary names to open*
5931 - Fixed autoconf script to detect PAM on RH6.1
5932 - Added tests for libpwdb, and OpenBSD functions to autoconf
5935 - Imported latest OpenBSD CVS code
5936 - Updated README.openssh
5940 - Adapted PAM patch.
5943 - Excised my buggy replacements for strlcpy and mkdtemp
5944 - Imported correct OpenBSD strlcpy and mkdtemp routines.
5945 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
5946 - Picked up correct version number from OpenBSD
5947 - Added sshd.pam PAM configuration file
5948 - Added sshd.init Redhat init script
5949 - Added openssh.spec RPM spec file
5953 - Fixed include paths of OpenSSL functions
5954 - Use OpenSSL MD5 routines
5955 - Imported RC4 code from nanocrypt
5956 - Wrote replacements for OpenBSD arc4random* functions
5957 - Wrote replacements for strlcpy and mkdtemp