2 - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
6 - (djm) Avoid bug in Solaris PAM libs
7 - (djm) Disconnect if no tty and PAM reports password expired
8 - (djm) Fix for PAM password changes being echoed (from stevesk)
9 - (stevesk) Fix compile problem with PAM password change fix
10 - (stevesk) README: zlib location is http://www.gzip.org/zlib/
13 - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)
14 Patch by Robert Dahlem <Robert.Dahlem@siemens.com>
17 - (bal) Set the correct current time in login_utmp_only(). Patch by
18 Wayne Davison <wayned@users.sourceforge.net>
19 - (tim) [scard/Makefile.in] Fix install: when building outside of source
20 tree and using --src=/full_path/to/openssh
21 Patch by Mark D. Baushke <mdb@juniper.net>
24 - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch
26 - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and
27 tcp-wrappers precedence over system libraries and includes.
28 Report from Dave Dykstra <dwd@bell-labs.com>
31 - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already.
32 - (tim) configure.in -> configure.ac
35 - (bal) Updated version to 3.0p1 in preparing for release.
36 - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform.
37 - (tim) [configure.in] Fix test for broken dirname. Based on patch from
38 Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
39 [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
40 contrib/suse/openssh.spec] Update version to match version.h
43 - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open).
44 Report from Michal Zalewski <lcamtuf@coredump.cx>
47 - (tim) [configure.in] Clean up library testing. Add optional PATH to
48 --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on
49 patch by albert chin (china@thewrittenword.com)
50 Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
51 of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE
52 with AC_CHECK_MEMBERS. Add test for broken dirname() on
53 Solaris 2.5.1 by Dan Astoorian <djast@cs.toronto.edu>
54 [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test.
55 patch by albert chin (china@thewrittenword.com)
56 [scp.c] Replace obsolete HAVE_ST_BLKSIZE with
57 HAVE_STRUCT_STAT_ST_BLKSIZE.
58 [Makefile.in] When running make in top level, always do make
59 in openbsd-compat. patch by Dave Dykstra <dwd@bell-labs.com>
62 - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by
63 Zoran Milojevic <Zoran.Milojevic@SS8.com> and j.petersen@msh.de
66 - (djm) OpenBSD CVS Sync
67 - markus@cvs.openbsd.org 2001/10/10 22:18:47
68 [channels.c channels.h clientloop.c nchan.c serverloop.c]
70 try to keep channels open until an exit-status message is sent.
71 don't kill the login shells if the shells stdin/out/err is closed.
73 ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
74 - markus@cvs.openbsd.org 2001/10/11 13:45:21
76 delay detach of session if a channel gets closed but the child is
77 still alive. however, release pty, since the fd's to the child are
79 - markus@cvs.openbsd.org 2001/10/11 15:24:00
81 clear select masks if we return before calling select().
82 - (djm) "make veryclean" fix from Tom Holroyd <tomh@po.crl.go.jp>
83 - (djm) Clean some autoconf-2.52 junk when doing "make distclean"
84 - (djm) Cleanup sshpty.c a little
85 - (bal) First wave of contrib/solaris/ package upgrades. Still more
86 work needs to be done, but it is a 190% better then the stuff we
88 - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not
92 - (djm) OpenBSD CVS Sync
93 - markus@cvs.openbsd.org 2001/10/04 14:34:16
95 call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
96 - markus@cvs.openbsd.org 2001/10/04 15:05:40
97 [channels.c serverloop.c]
98 comment out bogus conditions for selecting on connection_in
99 - markus@cvs.openbsd.org 2001/10/04 15:12:37
101 client_alive_check cleanup
102 - markus@cvs.openbsd.org 2001/10/06 00:14:50
104 remove unused argument
105 - markus@cvs.openbsd.org 2001/10/06 00:36:42
107 fix typo in error message, sync with do_exec_nopty
108 - markus@cvs.openbsd.org 2001/10/06 11:18:19
109 [sshconnect1.c sshconnect2.c sshconnect.c]
110 unify hostkey check error messages, simplify prompt.
111 - markus@cvs.openbsd.org 2001/10/07 10:29:52
113 grammer; Matthew_Clarke@mindlink.bc.ca
114 - markus@cvs.openbsd.org 2001/10/07 17:49:40
115 [channels.c channels.h]
116 avoid possible FD_ISSET overflow for channels established
117 during channnel_after_select() (used for dynamic channels).
118 - markus@cvs.openbsd.org 2001/10/08 11:48:57
121 - markus@cvs.openbsd.org 2001/10/08 16:15:47
123 use correct family for -b option
124 - markus@cvs.openbsd.org 2001/10/08 19:05:05
125 [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
126 some more IPv4or6 cleanup
127 - markus@cvs.openbsd.org 2001/10/09 10:12:08
129 chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
130 - markus@cvs.openbsd.org 2001/10/09 19:32:49
132 stat subsystem command before calling do_exec, and return error to client.
133 - markus@cvs.openbsd.org 2001/10/09 19:51:18
135 close all channels if the connection to the remote host has been closed,
136 should fix sshd's hanging with WCHAN==wait
137 - markus@cvs.openbsd.org 2001/10/09 21:59:41
138 [channels.c channels.h serverloop.c session.c session.h]
139 simplify session close: no more delayed session_close, no more
140 blocking wait() calls.
141 - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c
142 - (bal) seed_init() and seed_rng() required in ssh-keyscan.c
145 - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.
146 Prompted by Matthew Vernon <matthew@sel.cam.ac.uk>
149 - (bal) AES works under Cray, no more hack.
152 - (bal) nchan2.ms resync. BSD License applied.
155 - (bal) CVS ID fix up in version.h
156 - (bal) OpenBSD CVS Sync:
157 - markus@cvs.openbsd.org 2001/09/27 11:58:16
159 mem leak; chombier@mac.com
160 - markus@cvs.openbsd.org 2001/09/27 11:59:37
162 missing called=1; chombier@mac.com
163 - markus@cvs.openbsd.org 2001/09/27 15:31:17
164 [auth2.c auth2-chall.c sshconnect1.c]
166 - camield@cvs.openbsd.org 2001/09/27 17:53:24
168 don't talk about compile-time options
170 - djm@cvs.openbsd.org 2001/09/28 12:07:09
172 bzero private key after loading to smartcard; ok markus@
173 - markus@cvs.openbsd.org 2001/09/28 15:46:29
175 bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
176 - markus@cvs.openbsd.org 2001/10/01 08:06:28
178 skip filenames containing \n; report jdamery@chiark.greenend.org.uk
179 and matthew@debian.org
180 - markus@cvs.openbsd.org 2001/10/01 21:38:53
181 [channels.c channels.h ssh.c sshd.c]
182 remove ugliness; vp@drexel.edu via angelos
183 - markus@cvs.openbsd.org 2001/10/01 21:51:16
184 [readconf.c readconf.h ssh.1 sshconnect.c]
185 add NoHostAuthenticationForLocalhost; note that the hostkey is
186 now check for localhost, too.
187 - djm@cvs.openbsd.org 2001/10/02 08:38:50
189 return non-zero exit code on error; ok markus@
190 - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
192 #include "channels.h" for channel_set_af()
193 - markus@cvs.openbsd.org 2001/10/03 10:01:20
195 use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
198 - (stevesk) loginrec.c: fix type conversion problems exposed when using
202 - (bal) move reading 'config.h' up higher. Patch by albert chin
203 <china@thewrittenword.com)
206 - (djm) OpenBSD CVS sync:
207 - djm@cvs.openbsd.org 2001/09/28 09:49:31
209 Fix segv when smartcard communication error occurs during key load.
211 - (djm) Update spec files for new x11-askpass
214 - (stevesk) session.c: declare do_pre_login() before use
215 wayned@users.sourceforge.net
218 - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
219 - (djm) Sync $sysconfdir/moduli
220 - (djm) Add AC_SYS_LARGEFILE configure test
221 - (djm) Avoid bad and unportable sprintf usage in compat code
224 - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
226 - (bal) Removed 'extern int optopt;' since it is dead wood.
227 - (bal) Updated all *.specs for 2.9.9p1 and updated version.h
230 - (bal) OpenBSD CVS Sync
231 - markus@cvs.openbsd.org 2001/09/23 11:09:13
233 relax permission check for private key files.
234 - markus@cvs.openbsd.org 2001/09/23 09:58:13
236 new rijndael implementation
239 - (tim) [scard/Makefile.in] Don't strip the Java binary
240 - (stevesk) sun_len, SUN_LEN() configure stuff no longer required
241 - (bal) OpenBSD CVS Sync
242 - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
244 fix ClientAliveCountMax
245 - markus@cvs.openbsd.org 2001/09/20 13:46:48
247 key_read returns now -1 or 1
248 - markus@cvs.openbsd.org 2001/09/20 13:50:40
249 [compat.c compat.h ssh.c]
250 bug compat: request a dummy channel for -N (no shell) sessions +
251 cleanup; vinschen@redhat.com
252 - mouring@cvs.openbsd.org 2001/09/20 20:57:51
254 CheckMail removed. OKed stevesk@
258 - markus@cvs.openbsd.org 2001/09/19 10:08:51
260 command=xxx applies to subsystem now, too
261 - markus@cvs.openbsd.org 2001/09/19 13:23:29
263 key_read() now returns -1 on type mismatch, too
264 - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
265 [readconf.c readconf.h scp.c sftp.c ssh.1]
266 add ClearAllForwardings ssh option and set it in scp and sftp; ok
268 - stevesk@cvs.openbsd.org 2001/09/19 19:35:30
270 use sizeof addr vs. SUN_LEN(addr) for sockaddr_un. Stevens
271 blesses this and we do it this way elsewhere. this helps in
272 portable because not all systems have SUN_LEN() and
273 sockaddr_un.sun_len. ok markus@
274 - stevesk@cvs.openbsd.org 2001/09/19 21:04:53
277 - stevesk@cvs.openbsd.org 2001/09/19 21:41:57
279 don't advertise -V in usage; ok markus@
280 - (bal) openbsd-compat/vis.[ch] is dead wood. Removed.
283 - (djm) Configure support for smartcards. Based on Ben's work.
284 - (djm) Revert setgroups call, it causes problems on OS-X
285 - (djm) Avoid warning on BSDgetopt
286 - (djm) More makefile infrastructre for smartcard support, also based
288 - (djm) Specify --datadir in RPM spec files so smartcard applet gets
289 put somewhere sane. Add Ssh.bin to manifest.
290 - (djm) Make smartcard support conditional in Redhat RPM spec
291 - (bal) LICENCE update. Has not been done in a while.
292 - (stevesk) nchan.c: we use X/Open Sockets on HP-UX now so shutdown(2)
293 returns ENOTCONN vs. EINVAL for socket not connected; remove EINVAL
294 check. ok Lutz Jaenicke
295 - (bal) OpenBSD CVS Sync
296 - stevesk@cvs.openbsd.org 2001/09/17 17:57:57
297 [scp.1 scp.c sftp.1 sftp.c]
298 add -Fssh_config option; ok markus@
299 - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
300 [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
301 u_char*/char* cleanup; ok markus
302 - markus@cvs.openbsd.org 2001/09/17 20:22:14
304 never keep a connection to the smartcard open.
305 allows ssh-keygen -D U while the agent is running; report from
307 - stevesk@cvs.openbsd.org 2001/09/17 20:38:09
309 cleanup and document -1, -s and -S; ok markus@
310 - markus@cvs.openbsd.org 2001/09/17 20:50:22
312 better error handling if you try to export a bad key to ssh.com
313 - markus@cvs.openbsd.org 2001/09/17 20:52:47
314 [channels.c channels.h clientloop.c]
315 try to fix agent-forwarding-backconnection-bug, as seen on HPUX,
316 for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
317 - markus@cvs.openbsd.org 2001/09/17 21:04:02
318 [channels.c serverloop.c]
319 don't send fake dummy packets on CR (\r)
320 bugreport from yyua@cs.sfu.ca via solar@@openwall.com
321 - markus@cvs.openbsd.org 2001/09/17 21:09:47
323 more versions suffering the SSH_BUG_DEBUG bug;
324 3.0.x reported by dbutts@maddog.storability.com
325 - stevesk@cvs.openbsd.org 2001/09/17 23:56:07
327 missing -B in usage string
330 - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
331 - (tim) [includes.h openbsd-compat/getopt.c openbsd-compat/getopt.h]
332 rename getopt() to BSDgetopt() to keep form conflicting with
334 [Makefile.in configure.in] disable filepriv until I can add
335 missing procpriv calls.
338 - (djm) Workaround XFree breakage in RPM spec file
339 - (bal) OpenBSD CVS Sync
340 - markus@cvs.openbsd.org 2001/09/16 14:46:54
342 calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
346 - (djm) Make do_pre_login static to avoid prototype #ifdef hell
347 - (djm) Sync scard/ stuff
348 - (djm) Redhat spec file cleanups from Pekka Savola <pekkas@netcore.fi> and
350 - (djm) Redhat initscript config sanity checking from Pekka Savola
352 - (djm) Clear supplemental groups at sshd start to prevent them from
353 being propogated to random PAM modules. Based on patch from Redhat via
354 Pekka Savola <pekkas@netcore.fi>
355 - (djm) Make sure rijndael.c picks config.h
356 - (djm) Ensure that u_char gets defined
359 - (bal) OpenBSD CVS Sync
360 - markus@cvs.openbsd.org 2001/09/13
361 [rijndael.c rijndael.h]
363 - markus@cvs.openbsd.org 2001/09/14
365 command=xxx overwrites subsystems, too
366 - markus@cvs.openbsd.org 2001/09/14
371 - (bal) OpenBSD CVS Sync
372 - markus@cvs.openbsd.org 2001/08/23 11:31:59
374 switch to the optimised AES reference code from
375 http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
378 - (bal) OpenBSD CVS Sync
379 - jakob@cvs.openbsd.org 2001/08/16 19:18:34
380 [servconf.c servconf.h session.c sshd.8]
381 deprecate CheckMail. ok markus@
382 - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
384 document case sensitivity for ssh, sshd and key file
385 options and arguments; ok markus@
386 - stevesk@cvs.openbsd.org 2001/08/17 18:59:47
389 - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
391 minor typos and cleanup
392 - stevesk@cvs.openbsd.org 2001/08/22 16:21:21
394 hostname not optional; ok markus@
395 - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
398 - stevesk@cvs.openbsd.org 2001/08/22 17:45:16
400 document cipher des for protocol 1; ok deraadt@
401 - camield@cvs.openbsd.org 2001/08/23 17:59:31
403 end request with 0, not NULL
405 - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
407 fix usage; ok markus@
408 - stevesk@cvs.openbsd.org 2001/08/23 18:08:59
409 [ssh-add.1 ssh-keyscan.1]
411 - danh@cvs.openbsd.org 2001/08/27 22:02:13
413 fix memory fault if non-existent filename is given to the -f option
415 - markus@cvs.openbsd.org 2001/08/28 09:51:26
417 don't set DynamicForward unless Host matches
418 - markus@cvs.openbsd.org 2001/08/28 15:39:48
420 allow: ssh -F configfile host
421 - markus@cvs.openbsd.org 2001/08/29 20:44:03
423 clear the malloc'd buffer, otherwise source() will leak malloc'd
425 - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
427 add text about -u0 preventing DNS requests; ok markus@
428 - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
430 document -D and DynamicForward; ok markus@
431 - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
433 validate ports for -L/-R; ok markus@
434 - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
436 additional documentation for GatewayPorts; ok markus@
437 - naddy@cvs.openbsd.org 2001/08/30 15:42:36
439 add -D to synopsis line; ok markus@
440 - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
442 validate ports for LocalForward/RemoteForward.
443 add host/port alternative syntax for IPv6 (like -L/-R).
445 - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
446 [auth-options.c sshd.8]
447 validate ports for permitopen key file option. add host/port
448 alternative syntax for IPv6. ok markus@
449 - markus@cvs.openbsd.org 2001/08/30 22:22:32
451 do not pass pointers to longjmp; fix from wayne@blorf.net
452 - markus@cvs.openbsd.org 2001/08/31 11:46:39
454 disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST
456 - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
457 [readconf.c readconf.h ssh.c]
458 fatal() for nonexistent -Fssh_config. ok markus@
459 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
460 [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
461 avoid first person in manual pages
462 - stevesk@cvs.openbsd.org 2001/09/12 18:18:25
464 don't forward agent for non third-party copies; ok markus@
467 - (bal) Fixed stray code in readconf.c that went in by mistake.
469 - markus@cvs.openbsd.org 2001/08/07 10:37:46
471 extended failure messages from galb@vandyke.com
472 - deraadt@cvs.openbsd.org 2001/08/08 07:16:58
474 when describing the -o option, give -o Protocol=1 as the specific example
475 since we are SICK AND TIRED of clueless people who cannot have difficulty
476 thinking on their own.
477 - markus@cvs.openbsd.org 2001/08/08 18:20:15
479 permanently_set_uid is a noop if user is not privilegued;
480 fixes bug on solaris; from sbi@uchicago.edu
481 - markus@cvs.openbsd.org 2001/08/08 21:34:19
483 undo last change; does not work for sshd
484 - jakob@cvs.openbsd.org 2001/08/11 22:51:27
486 fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>.
488 - stevesk@cvs.openbsd.org 2001/08/13 23:38:54
490 don't need main prototype (also sync with rcp); ok markus@
491 - markus@cvs.openbsd.org 2001/08/14 09:23:02
493 "bye"; hk63a@netscape.net
494 - stevesk@cvs.openbsd.org 2001/08/14 17:54:29
496 consistent documentation and example of ``-o ssh_option'' for sftp and
497 scp; document keyword=argument for ssh.
498 - (bal) QNX resync. OK tim@
501 - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup
502 for some #ifdef _CRAY code; ok wendyp@cray.com
503 - (stevesk) sshpty.c: return 0 on error in cray pty code;
505 - (stevesk) bsd-cray.c: utmp strings are not C strings
506 - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com
509 - (djm) Fix detection of long long int support. Based on patch from
510 Michael Stone <mstone@cs.loyola.edu>. ok stevesk, tim
513 - (bal) Minor correction to inet_ntop.h. _BSD_RRESVPORT_H should be
514 _BSD_INET_NTOP_H. Pointed out by Mark Miller <markm@swoon.net>
517 - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in
518 openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
519 in. Needed for sshconnect.c
520 [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
521 [configure.in] make tests with missing libraries fail
522 patch by Wendy Palm <wendyp@cray.com>
523 Added openbsd-compat/bsd-cray.h. Selective patches from
524 William L. Jones <jones@mail.utexas.edu>
528 - markus@cvs.openbsd.org 2001/07/22 21:32:27
531 - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42
533 There is no option "Compress", point to "Compression" instead; ok
535 - markus@cvs.openbsd.org 2001/07/22 22:04:19
537 enable challenge-response auth by default; ok millert@
538 - markus@cvs.openbsd.org 2001/07/22 22:24:16
541 - markus@cvs.openbsd.org 2001/07/23 09:06:28
543 reorder default sequence of userauth methods to match ssh behaviour:
544 hostbased,publickey,keyboard-interactive,password
545 - markus@cvs.openbsd.org 2001/07/23 12:47:05
547 sync PreferredAuthentications
548 - aaron@cvs.openbsd.org 2001/07/23 14:14:18
551 - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
554 - stevesk@cvs.openbsd.org 2001/07/23 18:21:46
556 no zero size xstrdup() error; ok markus@
557 - markus@cvs.openbsd.org 2001/07/25 11:59:35
560 - markus@cvs.openbsd.org 2001/07/25 14:35:18
561 [readconf.c ssh.1 ssh.c sshconnect.c]
562 cleanup connect(); connection_attempts 4 -> 1; from
564 - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
566 add -t option to test configuration file and keys; pekkas@netcore.fi
568 - rees@cvs.openbsd.org 2001/07/26 20:04:27
569 [scard.c ssh-keygen.c]
570 Inquire Cyberflex class for 0xf0 cards
571 change aid to conform to 7816-5
572 remove gratuitous fid selects
573 - millert@cvs.openbsd.org 2001/07/27 14:50:45
575 If smart card support is compiled in and a smart card is being used
576 for authentication, make it the first method used. markus@ OK
577 - deraadt@cvs.openbsd.org 2001/07/27 17:26:16
580 - markus@cvs.openbsd.org 2001/07/28 09:21:15
582 cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
583 - mouring@cvs.openbsd.org 2001/07/29 17:02:46
585 Clarified -o option in scp.1 OKed by Markus@
586 - jakob@cvs.openbsd.org 2001/07/30 16:06:07
588 better errorcodes from sc_*; ok markus@
589 - stevesk@cvs.openbsd.org 2001/07/30 16:23:30
590 [rijndael.c rijndael.h]
591 new BSD-style license:
592 Brian Gladman <brg@gladman.plus.com>:
593 >I have updated my code at:
594 >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
595 >with a copyright notice as follows:
597 >I am not sure which version of my old code you are using but I am
598 >happy for the notice above to be substituted for my existing copyright
599 >intent if this meets your purpose.
600 - jakob@cvs.openbsd.org 2001/07/31 08:41:10
602 do not complain about missing smartcards. ok markus@
603 - jakob@cvs.openbsd.org 2001/07/31 09:28:44
604 [readconf.c readconf.h ssh.1 ssh.c]
605 add 'SmartcardDevice' client option to specify which smartcard device
606 is used to access a smartcard used for storing the user's private RSA
608 - jakob@cvs.openbsd.org 2001/07/31 12:42:50
609 [sftp-int.c sftp-server.c]
610 avoid paths beginning with "//"; <vinschen@redhat.com>
612 - jakob@cvs.openbsd.org 2001/07/31 12:53:34
614 close smartcard connection if card is missing
615 - markus@cvs.openbsd.org 2001/08/01 22:03:33
616 [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
618 use strings instead of ints for smartcard reader ids
619 - markus@cvs.openbsd.org 2001/08/01 22:16:45
621 refer to current ietf drafts for protocol v2
622 - markus@cvs.openbsd.org 2001/08/01 23:33:09
624 allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
626 - markus@cvs.openbsd.org 2001/08/01 23:38:45
628 support finish rsa keys.
629 free public keys after login -> call finish -> close smartcard.
630 - markus@cvs.openbsd.org 2001/08/02 00:10:17
632 add -D readerid option (download, i.e. print public RSA key to stdout).
633 check for card present when uploading keys.
634 use strings instead of ints for smartcard reader ids, too.
635 - jakob@cvs.openbsd.org 2001/08/02 08:58:35
637 change -u (upload smartcard key) to -U. ok markus@
638 - jakob@cvs.openbsd.org 2001/08/02 15:06:52
640 more verbose usage(). ok markus@
641 - jakob@cvs.openbsd.org 2001/08/02 15:07:23
643 document smartcard upload/download. ok markus@
644 - jakob@cvs.openbsd.org 2001/08/02 15:32:10
646 add smartcard to usage(). ok markus@
647 - jakob@cvs.openbsd.org 2001/08/02 15:43:57
648 [ssh-agent.c ssh.c ssh-keygen.c]
649 add /* SMARTCARD */ to #else/#endif. ok markus@
650 - jakob@cvs.openbsd.org 2001/08/02 16:14:05
651 [scard.c ssh-agent.c ssh.c ssh-keygen.c]
652 clean up some /* SMARTCARD */. ok markus@
653 - mpech@cvs.openbsd.org 2001/08/02 18:37:35
655 o) .Sh AUTHOR -> .Sh AUTHORS;
656 o) .Sh EXAMPLE -> .Sh EXAMPLES;
657 o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
660 - jakob@cvs.openbsd.org 2001/08/03 10:31:19
662 document smartcard options. ok markus@
663 - jakob@cvs.openbsd.org 2001/08/03 10:31:30
664 [ssh-add.c ssh-agent.c ssh-keyscan.c]
665 improve usage(). ok markus@
666 - markus@cvs.openbsd.org 2001/08/05 23:18:20
667 [ssh-keyscan.1 ssh-keyscan.c]
668 ssh 2 support; from wayned@users.sourceforge.net
669 - markus@cvs.openbsd.org 2001/08/05 23:29:58
671 make -t dsa work with commercial servers, too
672 - stevesk@cvs.openbsd.org 2001/08/06 19:47:05
674 use alarm vs. setitimer for portable; ok markus@
675 - (bal) ssh-keyscan double -lssh hack due to seed_rng().
676 - (bal) Second around of UNICOS patches. A few other things left.
677 Patches by William L. Jones <jones@mail.utexas.edu>
680 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
684 - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
685 handler has converged.
688 - (bal) Added 'install-nokeys' to Makefile to assist package builders.
691 - (bal) 4711 not 04711 for ssh binary.
694 - (bal) Starting the Unicossmk merger. File merged TODO, configure.in,
695 myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in.
696 Added openbsd-compat/bsd-cray.c. Rest will be merged after
697 approval. Selective patches from William L. Jones
698 <jones@mail.utexas.edu>
700 - markus@cvs.openbsd.org 2001/07/18 21:10:43
702 pr #1946, allow sshd if /dev is readonly
703 - stevesk@cvs.openbsd.org 2001/07/18 21:40:40
705 chdir("/") from bbraun@synack.net; ok markus@
706 - stevesk@cvs.openbsd.org 2001/07/19 00:41:44
708 escape chars are below now
709 - markus@cvs.openbsd.org 2001/07/20 14:46:11
711 do not exit() from signal handlers; ok deraadt@
712 - stevesk@cvs.openbsd.org 2001/07/20 18:41:51
717 - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS.
718 report from Mark Miller <markm@swoon.net>
722 - stevesk@cvs.openbsd.org 2001/07/14 15:10:17
723 [readpass.c sftp-client.c sftp-common.c sftp-glob.c]
724 delete spurious #includes; ok deraadt@ markus@
725 - markus@cvs.openbsd.org 2001/07/15 16:17:08
727 schedule client alive for ssh2 only, greg@cheers.bungi.com
728 - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
730 -d will not fork; ok markus@
731 - stevesk@cvs.openbsd.org 2001/07/15 16:58:29
733 typo in usage; ok markus@
734 - markus@cvs.openbsd.org 2001/07/17 20:48:42
736 update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
737 - markus@cvs.openbsd.org 2001/07/17 21:04:58
738 [channels.c channels.h clientloop.c nchan.c serverloop.c]
739 keep track of both maxfd and the size of the malloc'ed fdsets.
740 update maxfd if maxfd gets closed.
741 - mouring@cvs.openbsd.org 2001/07/18 16:45:52
743 Missing -o in scp usage()
744 - (bal) Cleaned up trailing spaces in ChangeLog.
745 - (bal) Allow sshd to switch user context without password for Cygwin.
746 Patch by Corinna Vinschen <vinschen@redhat.com>
747 - (bal) Updated cygwin README and ssh-host-config. Patch by
748 Corinna Vinschen <vinschen@redhat.com>
751 - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by
752 Josh Larios <jdlarios@cac.washington.edu>
753 - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in.
754 needed by openbsd-compat/fake-getaddrinfo.c
757 - (stevesk) change getopt() declaration
758 - (stevesk) configure.in: use ll suffix for long long constant
762 - (djm) Enable /etc/nologin check on PAM systems, as some lack the
763 pam_nologin module. Report from William Yodlowsky
764 <bsd@openbsd.rutgers.edu>
765 - (djm) Revert dirname fix, a better one is on its way.
767 - markus@cvs.openbsd.org 2001/07/04 22:47:19
769 ignore SIGPIPE when debugging, too
770 - markus@cvs.openbsd.org 2001/07/04 23:13:10
771 [scard.c scard.h ssh-agent.c]
772 handle card removal more gracefully, add sc_close() to scard.h
773 - markus@cvs.openbsd.org 2001/07/04 23:39:07
775 for smartcards remove both RSA1/2 keys
776 - markus@cvs.openbsd.org 2001/07/04 23:49:27
778 handle mutiple adds of the same smartcard key
779 - espie@cvs.openbsd.org 2001/07/05 11:43:33
781 Directly cast to the right type. Ok markus@
782 - stevesk@cvs.openbsd.org 2001/07/05 20:32:47
784 statement after label; ok dugsong@
785 - stevesk@cvs.openbsd.org 2001/07/08 15:23:38
787 fix ``MaxStartups max''; ok markus@
788 - fgsch@cvs.openbsd.org 2001/07/09 05:58:47
790 Use getopt(3); markus@ ok.
791 - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
792 [session.c sftp-int.c]
793 correct type on last arg to execl(); nordin@cse.ogi.edu
794 - markus@cvs.openbsd.org 2001/07/10 21:49:12
796 don't panic if fork or pipe fail (just return an empty passwd).
797 - itojun@cvs.openbsd.org 2001/07/11 00:24:53
799 make it compilable in all 4 combination of KRB4/KRB5 settings.
801 XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
802 -I/usr/include/kerberosV?
803 - markus@cvs.openbsd.org 2001/07/11 16:29:59
805 sort options string, fix -p, add -k
806 - markus@cvs.openbsd.org 2001/07/11 18:26:15
808 no need to call dirname(pw->pw_dir).
809 note that dirname(3) modifies its argument on some systems.
810 - (djm) Reorder Makefile.in so clean targets work a little better when
811 run directly from Makefile.in
812 - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension.
815 - (djm) dirname(3) may modify its argument on glibc and other systems.
816 Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
820 - markus@cvs.openbsd.org 2001/06/25 08:25:41
821 [channels.c channels.h cipher.c clientloop.c compat.c compat.h
822 hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
823 session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
824 update copyright for 2001
825 - markus@cvs.openbsd.org 2001/06/25 17:18:27
827 sshd(8) will never read the private keys, but ssh(1) does;
829 - provos@cvs.openbsd.org 2001/06/25 17:54:47
830 [auth.c auth.h auth-rsa.c]
831 terminate secure_filename checking after checking homedir. that way
832 it works on AFS. okay markus@
833 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
834 [auth2.c sshconnect2.c]
835 prototype cleanup; ok markus@
836 - markus@cvs.openbsd.org 2001/06/26 02:47:07
838 allow loading a private RSA key to a cyberflex card.
839 - markus@cvs.openbsd.org 2001/06/26 04:07:06
840 [ssh-agent.1 ssh-agent.c]
842 - markus@cvs.openbsd.org 2001/06/26 04:59:59
843 [authfd.c authfd.h ssh-add.c]
844 initial support for smartcards in the agent
845 - markus@cvs.openbsd.org 2001/06/26 05:07:43
848 - markus@cvs.openbsd.org 2001/06/26 05:33:34
850 more smartcard support.
851 - mpech@cvs.openbsd.org 2001/06/26 05:48:07
853 remove unnecessary .Pp between .It;
855 - markus@cvs.openbsd.org 2001/06/26 05:50:11
857 new interface for secure_filename()
858 - itojun@cvs.openbsd.org 2001/06/26 06:32:58
859 [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
860 buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
861 compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
862 hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
863 radix.h readconf.h readpass.h rsa.h]
864 prototype pedant. not very creative...
867 - itojun@cvs.openbsd.org 2001/06/26 06:33:07
868 [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
869 sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
870 ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
871 prototype pedant. not very creative...
874 - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
875 [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
876 servconf.c servconf.h session.c sshconnect1.c sshd.c]
877 Kerberos v5 support for SSH1, mostly from Assar Westerlund
878 <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
879 - markus@cvs.openbsd.org 2001/06/26 17:25:34
881 document SSH_ASKPASS; fubob@MIT.EDU
882 - markus@cvs.openbsd.org 2001/06/26 17:27:25
883 [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
884 canohost.h channels.h cipher.h clientloop.h compat.h compress.h
885 crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
886 hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
887 packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
888 session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
889 sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
890 tildexpand.h uidswap.h uuencode.h xmalloc.h]
891 remove comments from .h, since they are cut&paste from the .c files
893 - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
896 - markus@cvs.openbsd.org 2001/06/26 20:14:11
897 [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
898 add smartcard support to the client, too (now you can use both
899 the agent and the client).
900 - markus@cvs.openbsd.org 2001/06/27 02:12:54
901 [serverloop.c serverloop.h session.c session.h]
902 quick hack to make ssh2 work again.
903 - markus@cvs.openbsd.org 2001/06/27 04:48:53
904 [auth.c match.c sshd.8]
906 - markus@cvs.openbsd.org 2001/06/27 05:35:42
908 use cyberflex_inq_class to inquire class.
909 - markus@cvs.openbsd.org 2001/06/27 05:42:25
910 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
911 s/generate_additional_parameters/rsa_generate_additional_parameters/
912 http://www.humppa.com/
913 - markus@cvs.openbsd.org 2001/06/27 06:26:36
916 - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
918 '\0' terminated data[] is ok; ok markus@
919 - markus@cvs.openbsd.org 2001/06/29 07:06:34
921 new error handling for cyberflex_*
922 - markus@cvs.openbsd.org 2001/06/29 07:11:01
925 - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
927 sync function definition with declaration; ok markus@
928 - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
930 use socklen_t for getsockopt arg #5; ok markus@
931 - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
932 [channels.c channels.h clientloop.c]
933 adress -> address; ok markus@
934 - markus@cvs.openbsd.org 2001/07/02 13:59:15
935 [serverloop.c session.c session.h]
936 wait until !session_have_children(); bugreport from
937 Lutz.Jaenicke@aet.TU-Cottbus.DE
938 - markus@cvs.openbsd.org 2001/07/02 22:29:20
940 do not return NULL, use "" instead.
941 - markus@cvs.openbsd.org 2001/07/02 22:40:18
943 update for sectok.h interface changes.
944 - markus@cvs.openbsd.org 2001/07/02 22:52:57
945 [channels.c channels.h serverloop.c]
946 improve cleanup/exit logic in ssh2:
947 stop listening to channels, detach channel users (e.g. sessions).
948 wait for children (i.e. dying sessions), send exit messages,
949 cleanup all channels.
950 - (bal) forget a few new files in sync up.
951 - (bal) Makefile fix up requires scard.c
952 - (stevesk) sync misc.h
953 - (stevesk) more sync for session.c
954 - (stevesk) sync servconf.h (comments)
955 - (tim) [contrib/caldera/openssh.spec] sync with Caldera
956 - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to
957 issue warning (line 1: tokens ignored at end of directive line)
958 - (tim) [sshconnect1.c] give the compiler something to do for success:
959 if KRB5 and AFS are not defined
960 (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: })
963 - (bal) Removed net_aton() since we don't use it any more
964 - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
965 - (bal) Updated zlib's home. Thanks to David Howe <DaveHowe@gmx.co.uk>.
966 - (stevesk) remove _REENTRANT #define
967 - (stevesk) session.c: use u_int for envsize
968 - (stevesk) remove cli.[ch]
971 - (djm) Sync openbsd-compat with -current libc
972 - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
974 - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
975 - (bal) Remove getusershell() since it's no longer used.
978 - (djm) Reintroduce pam_session call for non-pty sessions.
979 - (djm) Remove redundant and incorrect test for max auth attempts in
980 PAM kbdint code. Based on fix from Matthew Melvin
981 <matthewm@webcentral.com.au>
982 - (djm) Rename sysconfdir/primes => sysconfdir/moduli
983 - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
984 existing primes->moduli if it exists.
985 - (djm) Sync with -current openbsd-compat/readpassphrase.c:
986 - djm@cvs.openbsd.org 2001/06/27 13:23:30
987 typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
988 - (djm) Turn up warnings if gcc or egcs detected
989 - (stevesk) for HP-UX 11.X use X/Open socket interface;
990 pulls in modern socket prototypes and eliminates a number of compiler
991 warnings. see xopen_networking(7).
992 - (stevesk) fix x11 forwarding from _PATH_XAUTH change
993 - (stevesk) use X/Open socket interface for HP-UX 10.X also
997 - markus@cvs.openbsd.org 2001/06/21 21:08:25
999 don't reset forced_command (we allow multiple login shells in
1000 ssh2); dwd@bell-labs.com
1001 - mpech@cvs.openbsd.org 2001/06/22 10:17:51
1002 [ssh.1 sshd.8 ssh-keyscan.1]
1003 o) .Sh AUTHOR -> .Sh AUTHORS;
1004 o) remove unnecessary .Pp;
1005 o) better -mdoc style;
1009 - provos@cvs.openbsd.org 2001/06/22 21:27:08
1011 use /etc/moduli instead of /etc/primes, okay markus@
1012 - provos@cvs.openbsd.org 2001/06/22 21:28:53
1014 document /etc/moduli
1015 - markus@cvs.openbsd.org 2001/06/22 21:55:49
1016 [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
1018 merge authorized_keys2 into authorized_keys.
1019 authorized_keys2 is used for backward compat.
1020 (just append authorized_keys2 to authorized_keys).
1021 - provos@cvs.openbsd.org 2001/06/22 21:57:59
1023 increase linebuffer to deal with larger moduli; use rewind instead of
1025 - markus@cvs.openbsd.org 2001/06/22 22:21:20
1027 allow long usernames/groups in readdir
1028 - markus@cvs.openbsd.org 2001/06/22 23:35:21
1030 don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
1031 - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
1033 slightly better care
1034 - markus@cvs.openbsd.org 2001/06/23 00:20:57
1035 [auth2.c auth.c auth.h auth-rh-rsa.c]
1036 *known_hosts2 is obsolete for hostbased authentication and
1037 only used for backward compat. merge ssh1/2 hostkey check
1038 and move it to auth.c
1039 - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
1040 [sftp.1 sftp-server.8 ssh-keygen.1]
1041 join .%A entries; most by bk@rt.fm
1042 - markus@cvs.openbsd.org 2001/06/23 02:34:33
1043 [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
1044 sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
1045 get rid of known_hosts2, use it for hostkey lookup, but do not
1047 - markus@cvs.openbsd.org 2001/06/23 03:03:59
1049 draft-ietf-secsh-dh-group-exchange-01.txt
1050 - markus@cvs.openbsd.org 2001/06/23 03:04:42
1051 [auth2.c auth-rh-rsa.c]
1052 restore correct ignore_user_known_hosts logic.
1053 - markus@cvs.openbsd.org 2001/06/23 05:26:02
1055 handle sigature of size 0 (some broken clients send this).
1056 - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
1057 [sftp.1 sftp-server.8 ssh-keygen.1]
1058 ok, tmac is now fixed
1059 - markus@cvs.openbsd.org 2001/06/23 06:41:10
1061 try to decode ssh-3.0.0 private rsa keys
1062 (allow migration to openssh, not vice versa), #910
1063 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
1064 [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
1065 canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
1066 hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
1067 readpass.c scp.c servconf.c serverloop.c session.c sftp.c
1068 sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
1069 ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
1070 ssh-keygen.c ssh-keyscan.c]
1071 more strict prototypes. raise warning level in Makefile.inc.
1073 TODO; cleanup headers
1074 - markus@cvs.openbsd.org 2001/06/23 17:05:22
1076 fix import for (broken?) ssh.com/f-secure private keys
1077 (i tested > 1000 RSA keys)
1078 - itojun@cvs.openbsd.org 2001/06/23 17:48:18
1079 [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
1080 kill whitespace at EOL.
1081 - markus@cvs.openbsd.org 2001/06/23 19:12:43
1083 pidfile/sigterm race; bbraun@synack.net
1084 - markus@cvs.openbsd.org 2001/06/23 22:37:46
1086 consistent with ssh2: skip key if empty passphrase is entered,
1087 retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
1088 - markus@cvs.openbsd.org 2001/06/24 05:25:10
1089 [auth-options.c match.c match.h]
1090 move ip+hostname check to match.c
1091 - markus@cvs.openbsd.org 2001/06/24 05:35:33
1092 [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
1093 switch to readpassphrase(3)
1094 2.7/8-stable needs readpassphrase.[ch] from libc
1095 - markus@cvs.openbsd.org 2001/06/24 05:47:13
1097 oops, missing format string
1098 - markus@cvs.openbsd.org 2001/06/24 17:18:31
1100 passing modes works fine: debug2->3
1101 - (djm) -Wall fix for session.c
1102 - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
1106 - (stevesk) handle systems without pw_expire and pw_change.
1110 - markus@cvs.openbsd.org 2001/06/16 08:49:38
1112 typo; dunlap@apl.washington.edu
1113 - markus@cvs.openbsd.org 2001/06/16 08:50:39
1115 bad //-style comment; thx to stevev@darkwing.uoregon.edu
1116 - markus@cvs.openbsd.org 2001/06/16 08:57:35
1118 no stdio or exit() in signal handlers.
1119 - markus@cvs.openbsd.org 2001/06/16 08:58:34
1121 copy pw_expire and pw_change, too.
1122 - markus@cvs.openbsd.org 2001/06/19 12:34:09
1124 cleanup forced command handling, from dwd@bell-labs.com
1125 - markus@cvs.openbsd.org 2001/06/19 14:09:45
1127 disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
1128 - markus@cvs.openbsd.org 2001/06/19 15:40:45
1130 allocate and free at the same level.
1131 - markus@cvs.openbsd.org 2001/06/20 13:56:39
1132 [channels.c channels.h clientloop.c packet.c serverloop.c]
1133 move from channel_stop_listening to channel_free_all,
1134 call channel_free_all before calling waitpid() in serverloop.
1135 fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
1138 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
1140 - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
1144 - markus@cvs.openbsd.org 2001/06/13 09:10:31
1146 typo, use pid not s->pid, mstone@cs.loyola.edu
1150 - markus@cvs.openbsd.org 2001/06/12 10:58:29
1152 merge session_free into session_close()
1153 merge pty_cleanup_proc into session_pty_cleanup()
1154 - markus@cvs.openbsd.org 2001/06/12 16:10:38
1156 merge ssh1/ssh2 tty msg parse and alloc code
1157 - markus@cvs.openbsd.org 2001/06/12 16:11:26
1159 do not log() packet_set_maxsize
1160 - markus@cvs.openbsd.org 2001/06/12 21:21:29
1162 remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
1163 we do already trust $HOME/.ssh
1164 you can use .ssh/sshrc and .ssh/environment if you want to customize
1165 the location of the xauth cookies
1166 - markus@cvs.openbsd.org 2001/06/12 21:30:57
1171 - scp.c ID update (upstream synced vfsprintf() from us)
1173 - markus@cvs.openbsd.org 2001/06/10 11:29:20
1176 protocol errors are fatal.
1177 - markus@cvs.openbsd.org 2001/06/11 10:18:24
1179 reset pointer to NULL after xfree(); report from solar@openwall.com
1180 - markus@cvs.openbsd.org 2001/06/11 16:04:38
1182 typo; bdubreuil@crrel.usace.army.mil
1185 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
1187 - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
1188 types. Patch by Jan IVEN <Jan.Iven@cern.ch>
1189 - (bal) Fixed Makefile.in so that 'configure; make install' works.
1192 - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c
1196 - markus@cvs.openbsd.org 2001/05/30 12:55:13
1197 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
1198 packet.c serverloop.c session.c ssh.c ssh1.h]
1199 channel layer cleanup: merge header files and split .c files
1200 - markus@cvs.openbsd.org 2001/05/30 15:20:10
1202 merge functions, simplify.
1203 - markus@cvs.openbsd.org 2001/05/31 10:30:17
1204 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
1205 packet.c serverloop.c session.c ssh.c]
1206 undo the .c file split, just merge the header and keep the cvs
1208 - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
1210 - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
1213 - markus@cvs.openbsd.org 2001/05/31 13:08:04
1215 group options and add some more comments
1216 - markus@cvs.openbsd.org 2001/06/03 14:55:39
1217 [channels.c channels.h session.c]
1218 use fatal_register_cleanup instead of atexit, sync with x11 authdir
1220 - markus@cvs.openbsd.org 2001/06/03 19:36:44
1222 1-2 bits of entrophy per character (not per word), ok stevesk@
1223 - markus@cvs.openbsd.org 2001/06/03 19:38:42
1225 pass -v to ssh; from slade@shore.net
1226 - markus@cvs.openbsd.org 2001/06/03 20:06:11
1228 the challenge response device decides how to handle non-existing
1230 -> fake challenges for skey and cryptocard
1231 - markus@cvs.openbsd.org 2001/06/04 21:59:43
1232 [channels.c channels.h session.c]
1233 switch uid when cleaning up tmp files and sockets; reported by
1234 zen-parse@gmx.net on bugtraq
1235 - markus@cvs.openbsd.org 2001/06/04 23:07:21
1236 [clientloop.c serverloop.c sshd.c]
1237 set flags in the signal handlers, do real work in the main loop,
1239 - markus@cvs.openbsd.org 2001/06/04 23:16:16
1241 merge ssh1/2 x11-fwd setup, create listener after tmp-dir
1242 - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
1243 [ssh-keyscan.1 ssh-keyscan.c]
1244 License clarification from David Mazieres, ok deraadt@
1245 - markus@cvs.openbsd.org 2001/06/05 10:24:32
1247 don't delete the auth socket in channel_stop_listening()
1248 auth_sock_cleanup_proc() will take care of this.
1249 - markus@cvs.openbsd.org 2001/06/05 16:46:19
1251 let session_close() delete the pty. deny x11fwd if xauthfile is set.
1252 - markus@cvs.openbsd.org 2001/06/06 23:13:54
1253 [ssh-dss.c ssh-rsa.c]
1254 cleanup, remove old code
1255 - markus@cvs.openbsd.org 2001/06/06 23:19:35
1257 remove debug message; Darren.Moffat@eng.sun.com
1258 - markus@cvs.openbsd.org 2001/06/07 19:57:53
1260 style is used for bsdauth.
1261 disconnect on user/service change (ietf-drafts)
1262 - markus@cvs.openbsd.org 2001/06/07 20:23:05
1263 [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
1264 sshconnect.c sshconnect1.c]
1265 use xxx_put_cstring()
1266 - markus@cvs.openbsd.org 2001/06/07 22:25:02
1268 don't overwrite errno
1269 delay deletion of the xauth cookie
1270 - markus@cvs.openbsd.org 2001/06/08 15:25:40
1271 [includes.h pathnames.h readconf.c servconf.c]
1272 move the path for xauth to pathnames.h
1273 - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
1274 - (bal) ANSIify strmode()
1275 - (bal) --with-catman should be --with-mantype patch by Dave
1276 Dykstra <dwd@bell-labs.com>
1280 - markus@cvs.openbsd.org 2001/05/17 21:34:15
1282 no spaces in PreferredAuthentications;
1283 meixner@rbg.informatik.tu-darmstadt.de
1284 - markus@cvs.openbsd.org 2001/05/18 14:13:29
1285 [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
1286 readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
1287 improved kbd-interactive support. work by per@appgate.com and me
1288 - djm@cvs.openbsd.org 2001/05/19 00:36:40
1290 Disable X11 forwarding if xauth binary is not found. Patch from Nalin
1291 Dahyabhai <nalin@redhat.com>; ok markus@
1292 - markus@cvs.openbsd.org 2001/05/19 16:05:41
1294 ftruncate() instead of open()+O_TRUNC like rcp.c does
1295 allows scp /path/to/file localhost:/path/to/file
1296 - markus@cvs.openbsd.org 2001/05/19 16:08:43
1298 sort options; Matthew.Stier@fnc.fujitsu.com
1299 - markus@cvs.openbsd.org 2001/05/19 16:32:16
1300 [ssh.1 sshconnect2.c]
1301 change preferredauthentication order to
1302 publickey,hostbased,password,keyboard-interactive
1303 document that hostbased defaults to no, document order
1304 - markus@cvs.openbsd.org 2001/05/19 16:46:19
1306 document MACs defaults with .Dq
1307 - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
1308 [misc.c misc.h servconf.c sshd.8 sshd.c]
1309 sshd command-line arguments and configuration file options that
1310 specify time may be expressed using a sequence of the form:
1311 time[qualifier], where time is a positive integer value and qualifier
1312 is one of the following:
1315 600 600 seconds (10 minutes)
1317 1h30m 1 hour 30 minutes (90 minutes)
1319 - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
1321 typo in error message
1322 - markus@cvs.openbsd.org 2001/05/20 17:20:36
1323 [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
1325 configurable authorized_keys{,2} location; originally from peter@;
1327 - markus@cvs.openbsd.org 2001/05/24 11:12:42
1329 fix comment; from jakob@
1330 - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
1331 [clientloop.c readconf.c ssh.c ssh.h]
1332 don't perform escape processing when ``EscapeChar none''; ok markus@
1333 - markus@cvs.openbsd.org 2001/05/25 14:37:32
1335 use -P for -e and -y, too.
1336 - markus@cvs.openbsd.org 2001/05/28 08:04:39
1339 - markus@cvs.openbsd.org 2001/05/28 10:08:55
1341 key_load_private: set comment to filename for PEM keys
1342 - markus@cvs.openbsd.org 2001/05/28 22:51:11
1344 simpler 3des for ssh1
1345 - markus@cvs.openbsd.org 2001/05/28 23:14:49
1346 [channels.c channels.h nchan.c]
1347 undo broken channel fix and try a different one. there
1348 should be still some select errors...
1349 - markus@cvs.openbsd.org 2001/05/28 23:25:24
1352 - markus@cvs.openbsd.org 2001/05/28 23:58:35
1353 [packet.c packet.h sshconnect.c sshd.c]
1354 remove some lines, simplify.
1355 - markus@cvs.openbsd.org 2001/05/29 12:31:27
1360 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
1361 Patch by Corinna Vinschen <vinschen@redhat.com>
1365 - markus@cvs.openbsd.org 2001/05/12 19:53:13
1367 readlink does not NULL-terminate; mhe@home.se
1368 - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
1370 X11 forwarding details improved
1371 - markus@cvs.openbsd.org 2001/05/16 20:51:57
1373 return comments for private pem files, too; report from nolan@naic.edu
1374 - markus@cvs.openbsd.org 2001/05/16 21:53:53
1376 check for open sessions before we call select(); fixes the x11 client
1377 bug reported by bowman@math.ualberta.ca
1378 - markus@cvs.openbsd.org 2001/05/16 22:09:21
1379 [channels.c nchan.c]
1380 more select() error fixes (don't set rfd/wfd to -1).
1381 - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
1382 - (bal) Corrected on_exit() emulation via atexit().
1386 - markus@cvs.openbsd.org 2001/05/11 14:59:56
1387 [clientloop.c misc.c misc.h]
1388 add unset_nonblock for stdout/err flushing in client_loop().
1389 - (bal) Patch to partial sync up contrib/solaris/ packaging software.
1390 Patch by pete <ninjaz@webexpress.com>
1394 - markus@cvs.openbsd.org 2001/05/09 22:51:57
1396 fix -R for protocol 2, noticed by greg@nest.cx.
1397 bug was introduced with experimental dynamic forwarding.
1398 - markus@cvs.openbsd.org 2001/05/09 23:01:31
1400 fix prototype; J.S.Peatfield@damtp.cam.ac.uk
1404 - markus@cvs.openbsd.org 2001/05/06 21:23:31
1406 cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
1407 - markus@cvs.openbsd.org 2001/05/08 19:17:31
1408 [channels.c serverloop.c clientloop.c]
1409 adds correct error reporting to async connect()s
1410 fixes the server-discards-data-before-connected-bug found by
1412 - mouring@cvs.openbsd.org 2001/05/08 19:45:25
1413 [misc.c misc.h scp.c sftp.c]
1414 Use addargs() in sftp plus some clean up of addargs(). OK Markus
1415 - markus@cvs.openbsd.org 2001/05/06 21:45:14
1417 use atomicio for flushing stdout/stderr bufs. thanks to
1418 jbw@izanami.cee.hw.ac.uk
1419 - markus@cvs.openbsd.org 2001/05/08 22:48:07
1421 no need for xmalloc.h, thanks to espie@
1422 - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
1424 - (bal) ./configure support to disable SIA on OSF1. Patch by
1425 Chris Adams <cmadams@hiwaay.net>
1426 - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
1427 <nakaji@tutrp.tut.ac.jp>
1430 - (bal) Fixed configure test for USE_SIA.
1433 - (djm) Update config.guess and config.sub with latest versions (from
1434 ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
1435 Suggested by Jason Mader <jason@ncac.gwu.edu>
1436 - (bal) White Space and #ifdef sync with OpenBSD
1437 - (bal) Add 'seed_rng()' to ssh-add.c
1438 - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
1440 - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
1441 [sftp.1 ssh-add.1 ssh-keygen.1]
1446 - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
1449 - markus@cvs.openbsd.org 2001/05/04 14:34:34
1451 channel_new() reallocs channels[], we cannot use Channel *c after
1452 calling channel_new(), XXX fix this in the future...
1453 - markus@cvs.openbsd.org 2001/05/04 23:47:34
1454 [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
1455 move to Channel **channels (instead of Channel *channels), fixes realloc
1456 problems. channel_new now returns a Channel *, favour Channel * over
1457 channel id. remove old channel_allocate interface.
1461 - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
1463 typo in debug() string
1464 - markus@cvs.openbsd.org 2001/05/03 15:45:15
1466 exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
1467 - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
1469 remove "\n" from fatal()
1470 - mouring@cvs.openbsd.org 2001/05/03 23:09:53
1471 [misc.c misc.h scp.c sftp.c]
1472 Move colon() and cleanhost() to misc.c where I should I have put it in
1474 - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
1475 - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
1476 Patch by Egor Duda <deo@logos-m.ru>
1480 - markus@cvs.openbsd.org 2001/05/02 16:41:20
1482 fix prompt for ssh-add.
1486 - mouring@cvs.openbsd.org 2001/05/02 01:25:39
1488 Put the 'const' back into ssh_askpass() function. Pointed out
1489 by Mark Miller <markm@swoon.net>. OK Markus
1493 - markus@cvs.openbsd.org 2001/04/30 11:18:52
1494 [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
1495 implement 'ssh -b bind_address' like 'telnet -b'
1496 - markus@cvs.openbsd.org 2001/04/30 15:50:46
1497 [compat.c compat.h kex.c]
1498 allow interop with weaker key generation used by ssh-2.0.x, x < 10
1499 - markus@cvs.openbsd.org 2001/04/30 16:02:49
1501 ssh-2.0.10 has the weak-key-bug, too.
1502 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
1506 - markus@cvs.openbsd.org 2001/04/29 18:32:52
1509 - markus@cvs.openbsd.org 2001/04/29 19:16:52
1510 [channels.c clientloop.c compat.c compat.h serverloop.c]
1511 more ssh.com-2.0.x bug-compat; from per@appgate.com
1512 - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
1513 - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
1516 - (bal) Updated INSTALL. PCRE moved to a new place.
1517 - (djm) Release OpenSSH-2.9p1
1520 - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
1521 patch based on 2.5.2 version by djm.
1522 - (bal) Build manpages and config files once unless changed. Patch by
1523 Carson Gaspar <carson@taltos.org>
1524 - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna
1525 Vinschen <vinschen@redhat.com>
1526 - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
1527 Pekka Savola <pekkas@netcore.fi>
1528 - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
1529 <vinschen@redhat.com>
1530 - (bal) version.h synced, RPM specs updated for 2.9
1531 - (tim) update contrib/caldera files with what Caldera is using.
1536 - markus@cvs.openbsd.org 2001/04/23 21:57:07
1537 [ssh-keygen.1 ssh-keygen.c]
1538 allow public key for -e, too
1539 - markus@cvs.openbsd.org 2001/04/23 22:14:13
1542 - (bal) Whitespace resync w/ OpenBSD for uidswap.c
1543 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
1544 (default: off), implies KbdInteractiveAuthentication. Suggestion from
1546 - (djm) Include crypt.h if available in auth-passwd.c
1547 - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
1548 man page detection fixes for SCO
1552 - markus@cvs.openbsd.org 2001/04/22 23:58:36
1553 [ssh-keygen.1 ssh.1 sshd.8]
1554 document hostbased and other cleanup
1555 - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
1556 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
1557 - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll
1559 - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net
1563 - markus@cvs.openbsd.org 2001/04/20 16:32:22
1565 set non-privileged gid before uid; tholo@ and deraadt@
1566 - mouring@cvs.openbsd.org 2001/04/21 00:55:57
1569 - djm@cvs.openbsd.org 2001/04/22 08:13:30
1571 typos spotted by stevesk@; ok deraadt@
1572 - markus@cvs.openbsd.org 2001/04/22 12:34:05
1574 scp > 2GB; niles@scyld.com; ok deraadt@, djm@
1575 - markus@cvs.openbsd.org 2001/04/22 13:25:37
1576 [ssh-keygen.1 ssh-keygen.c]
1577 rename arguments -x -> -e (export key), -X -> -i (import key)
1578 xref draft-ietf-secsh-publickeyfile-01.txt
1579 - markus@cvs.openbsd.org 2001/04/22 13:32:27
1580 [sftp-server.8 sftp.1 ssh.1 sshd.8]
1581 xref draft-ietf-secsh-*
1582 - markus@cvs.openbsd.org 2001/04/22 13:41:02
1583 [ssh-keygen.1 ssh-keygen.c]
1584 style, noted by stevesk; sort flags in usage
1588 - djm@cvs.openbsd.org 2001/04/20 07:17:51
1589 [clientloop.c ssh.1]
1590 Split out and improve escape character documentation, mention ~R in
1591 ~? help text; ok markus@
1592 - Update RPM spec files for CVS version.h
1593 - (stevesk) set the default PAM service name to __progname instead
1594 of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
1595 - (stevesk) document PAM service name change in INSTALL
1596 - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
1597 fix perl test, fix nroff test, fix Makefile to build outside source tree
1601 - ian@cvs.openbsd.org 2001/04/18 16:21:05
1603 Fix typo reported in PR/1779
1604 - markus@cvs.openbsd.org 2001/04/18 21:57:42
1605 [readpass.c ssh-add.c]
1606 call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
1607 - markus@cvs.openbsd.org 2001/04/18 22:03:45
1608 [auth2.c sshconnect2.c]
1609 use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
1610 - markus@cvs.openbsd.org 2001/04/18 22:48:26
1613 - markus@cvs.openbsd.org 2001/04/18 23:43:26
1614 [auth2.c compat.c sshconnect2.c]
1615 more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
1616 (however the 2.1.0 server seems to work only if debug is enabled...)
1617 - markus@cvs.openbsd.org 2001/04/18 23:44:51
1619 error->debug; noted by fries@
1620 - markus@cvs.openbsd.org 2001/04/19 00:05:11
1622 use local variable, no function call needed.
1623 (btw, hostbased works now with ssh.com >= 2.0.13)
1624 - (bal) Put scp-common.h back into scp.c (it exists in the upstream
1625 tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
1629 - markus@cvs.openbsd.org 2001/04/17 19:34:25
1631 move auth_approval to do_authenticated().
1632 do_child(): nuke hostkeys from memory
1633 don't source .ssh/rc for subsystems.
1634 - markus@cvs.openbsd.org 2001/04/18 14:15:00
1637 - (bal) renabled 'catman-do:' and fixed it. So now catman pages should
1639 - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
1640 Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
1643 - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
1644 and temporary commented out 'catman-do:' since it is broken. Patches
1645 for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
1647 - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
1649 better safe than sorry in later mods; yongari@kt-is.co.kr
1650 - markus@cvs.openbsd.org 2001/04/17 08:14:01
1652 check for key!=NULL, thanks to costa
1653 - markus@cvs.openbsd.org 2001/04/17 09:52:48
1655 handle EINTR/EAGAIN on read; ok deraadt@
1656 - markus@cvs.openbsd.org 2001/04/17 10:53:26
1657 [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
1658 add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
1659 - markus@cvs.openbsd.org 2001/04/17 12:55:04
1661 undo socks5 and https support since they are not really used and
1662 only bloat ssh. remove -D from usage(), since '-D' is experimental.
1666 - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
1669 - markus@cvs.openbsd.org 2001/04/15 08:43:47
1670 [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
1671 some unused variable and typos; from tomh@po.crl.go.jp
1672 - markus@cvs.openbsd.org 2001/04/15 16:58:03
1673 [authfile.c ssh-keygen.c sshd.c]
1674 don't use errno for key_{load,save}_private; discussion w/ solar@openwall
1675 - markus@cvs.openbsd.org 2001/04/15 17:16:00
1677 set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
1678 should fix some of the blocking problems for rsync over SSH-1
1679 - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
1681 some ClientAlive cleanup; ok markus@
1682 - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
1683 [readconf.c servconf.c]
1684 use fatal() or error() vs. fprintf(); ok markus@
1685 - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
1686 Roth <roth+openssh@feep.net>
1687 - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
1688 - (djm) OpenBSD CVS Sync
1689 - mouring@cvs.openbsd.org 2001/04/16 02:31:44
1691 IPv6 support for sftp (which I bungled in my last patch) which is
1692 borrowed from scp.c. Thanks to Markus@ for pointing it out.
1693 - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
1695 xrealloc dealing with ptr == nULL; mouring
1696 - djm@cvs.openbsd.org 2001/04/16 08:19:31
1698 Split motd and hushlogin checks into seperate functions, helps for
1699 portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
1700 - Fix OSF SIA support displaying too much information for quiet
1701 logins and logins where access was denied by SIA. Patch from Chris Adams
1702 <cmadams@hiwaay.net>
1706 - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
1709 - markus@cvs.openbsd.org 2001/04/14 16:17:14
1711 remove some channels that are not appropriate for keepalive.
1712 - markus@cvs.openbsd.org 2001/04/14 16:27:57
1714 use clear_pass instead of xfree()
1715 - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
1716 [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
1717 protocol 2 tty modes support; ok markus@
1718 - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
1720 'T' handling rcp/scp sync; ok markus@
1721 - Missed sshtty.[ch] in Sync.
1724 - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
1725 - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
1726 <vinschen@redhat.com>
1728 - beck@cvs.openbsd.org 2001/04/13 22:46:54
1729 [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
1730 Add options ClientAliveInterval and ClientAliveCountMax to sshd.
1731 This gives the ability to do a "keepalive" via the encrypted channel
1732 which can't be spoofed (unlike TCP keepalives). Useful for when you want
1733 to use ssh connections to authenticate people for something, and know
1734 relatively quickly when they are no longer authenticated. Disabled
1735 by default (of course). ok markus@
1739 - markus@cvs.openbsd.org 2001/04/12 14:29:09
1741 show debug output during option processing, report from
1743 - markus@cvs.openbsd.org 2001/04/12 19:15:26
1744 [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
1745 compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
1746 servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
1747 sshconnect2.c sshd_config]
1748 implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
1749 similar to RhostRSAAuthentication unless you enable (the experimental)
1750 HostbasedUsesNameFromPacketOnly option. please test. :)
1751 - markus@cvs.openbsd.org 2001/04/12 19:39:27
1754 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
1755 [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
1756 robust port validation; ok markus@ jakob@
1757 - mouring@cvs.openbsd.org 2001/04/12 23:17:54
1758 [sftp-int.c sftp-int.h sftp.1 sftp.c]
1760 sftp [user@]host[:file [file]] - Fetch remote file(s)
1761 sftp [user@]host[:dir[/]] - Start in remote dir/
1763 - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
1765 missing \n in error message
1766 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
1771 - markus@cvs.openbsd.org 2001/04/10 07:46:58
1773 cleanup socks4 handling
1774 - itojun@cvs.openbsd.org 2001/04/10 09:13:22
1775 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
1776 document id_rsa{.pub,}. markus ok
1777 - markus@cvs.openbsd.org 2001/04/10 12:15:23
1780 - djm@cvs.openbsd.org 2001/04/11 07:06:22
1782 'mget' and 'mput' aliases; ok markus@
1783 - markus@cvs.openbsd.org 2001/04/11 10:59:01
1785 use strtol() for ports, thanks jakob@
1786 - markus@cvs.openbsd.org 2001/04/11 13:56:13
1788 https-connect and socks5 support. i feel so bad.
1789 - lebel@cvs.openbsd.org 2001/04/11 16:25:30
1791 implement the -e option into sshd:
1792 -e When this option is specified, sshd will send the output to the
1793 standard error instead of the system log.
1798 - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
1800 do not modify an actual argv[] entry
1801 - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
1804 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
1807 - markus@cvs.openbsd.org 2001/04/09 15:12:23
1809 passphrase caching: ssh-add tries last passphrase, clears passphrase if
1810 not successful and after last try.
1811 based on discussions with espie@, jakob@, ... and code from jakob@ and
1813 - markus@cvs.openbsd.org 2001/04/09 15:19:49
1815 ssh-add retries the last passphrase...
1816 - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
1818 ListenAddress mandoc from aaron@
1821 - (stevesk) use setresgid() for setegid() if needed
1822 - (stevesk) configure.in: typo
1824 - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
1826 document ListenAddress addr:port
1827 - markus@cvs.openbsd.org 2001/04/08 13:03:00
1829 init pointers with NULL, thanks to danimal@danimal.org
1830 - markus@cvs.openbsd.org 2001/04/08 11:27:33
1832 leave_raw_mode if ssh2 "session" is closed
1833 - markus@cvs.openbsd.org 2001/04/06 21:00:17
1834 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
1835 ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
1836 do gid/groups-swap in addition to uid-swap, should help if /home/group
1837 is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
1838 to olar@openwall.com is comments. we had many requests for this.
1839 - markus@cvs.openbsd.org 2001/04/07 08:55:18
1840 [buffer.c channels.c channels.h readconf.c ssh.c]
1841 allow the ssh client act as a SOCKS4 proxy (dynamic local
1842 portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
1843 thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
1844 netscape use localhost:1080 as a socks proxy.
1845 - markus@cvs.openbsd.org 2001/04/08 11:24:33
1851 - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
1853 unused; typo in comment
1854 - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
1857 ListenAddress host|ipv4_addr|ipv6_addr
1859 ListenAddress [host|ipv4_addr|ipv6_addr]:port
1860 ListenAddress host|ipv4_addr:port
1861 sshd.8 updates coming. ok markus@
1864 - (bal) CVS ID Resync of version.h
1866 - markus@cvs.openbsd.org 2001/04/05 23:39:20
1868 keep the ssh session even if there is no active channel.
1869 this is more in line with the protocol spec and makes
1870 ssh -N -L 1234:server:110 host
1872 based on discussion with <mats@mindbright.se> long time ago
1873 and recent mail from <res@shore.net>
1874 - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
1876 remove trailing / from source paths; fixes pr#1756
1879 - (stevesk) logintest.c: fix for systems without __progname
1880 - (stevesk) Makefile.in: log.o is in libssh.a
1882 - markus@cvs.openbsd.org 2001/04/05 10:00:06
1884 2.3.x does old GEX, too; report jakob@
1885 - markus@cvs.openbsd.org 2001/04/05 10:39:03
1886 [compress.c compress.h packet.c]
1887 reset compress state per direction when rekeying.
1888 - markus@cvs.openbsd.org 2001/04/05 10:39:48
1890 temporary version 2.5.4 (supports rekeying).
1891 this is not an official release.
1892 - markus@cvs.openbsd.org 2001/04/05 10:42:57
1893 [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
1894 mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
1895 sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
1896 sshconnect2.c sshd.c]
1897 fix whitespace: unexpand + trailing spaces.
1898 - markus@cvs.openbsd.org 2001/04/05 11:09:17
1899 [clientloop.c compat.c compat.h]
1900 add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
1901 - markus@cvs.openbsd.org 2001/04/05 15:45:43
1903 ssh defaults to protocol v2; from quisar@quisar.ambre.net
1904 - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
1905 [canohost.c canohost.h session.c]
1906 move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
1907 - markus@cvs.openbsd.org 2001/04/05 20:01:10
1909 for ~R print message if server does not support rekeying. (and fix ~R).
1910 - markus@cvs.openbsd.org 2001/04/05 21:02:46
1912 better error message
1913 - markus@cvs.openbsd.org 2001/04/05 21:05:24
1914 [clientloop.c ssh.c]
1915 don't request a session for 'ssh -N', pointed out slade@shore.net
1919 - markus@cvs.openbsd.org 2001/04/04 09:48:35
1920 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
1921 don't sent multiple kexinit-requests.
1922 send newkeys, block while waiting for newkeys.
1924 - markus@cvs.openbsd.org 2001/04/04 14:34:58
1925 [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
1926 enable server side rekeying + some rekey related clientup.
1927 todo: we should not send any non-KEX messages after we send KEXINIT
1928 - markus@cvs.openbsd.org 2001/04/04 15:50:55
1930 f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
1931 - markus@cvs.openbsd.org 2001/04/04 20:25:38
1932 [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
1933 sshconnect2.c sshd.c]
1934 more robust rekeying
1935 don't send channel data after rekeying is started.
1936 - markus@cvs.openbsd.org 2001/04/04 20:32:56
1938 we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
1939 - markus@cvs.openbsd.org 2001/04/04 22:04:35
1940 [kex.c kexgex.c serverloop.c]
1941 parse full kexinit packet.
1942 make server-side more robust, too.
1943 - markus@cvs.openbsd.org 2001/04/04 23:09:18
1944 [dh.c kex.c packet.c]
1945 clear+free keys,iv for rekeying.
1946 + fix DH mem leaks. ok niels@
1947 - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
1952 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
1954 grammar; slade@shore.net
1955 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
1956 [sftp-glob.c ssh-agent.c ssh-keygen.c]
1958 - markus@cvs.openbsd.org 2001/04/03 19:53:29
1959 [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
1960 move kex to kex*.c, used dispatch_set() callbacks for kex. should
1961 make rekeying easier.
1962 - todd@cvs.openbsd.org 2001/04/03 21:19:38
1964 id_rsa1/2 -> id_rsa; ok markus@
1965 - markus@cvs.openbsd.org 2001/04/03 23:32:12
1966 [kex.c kex.h packet.c sshconnect2.c sshd.c]
1967 undo parts of recent my changes: main part of keyexchange does not
1968 need dispatch-callbacks, since application data is delayed until
1969 the keyexchange completes (if i understand the drafts correctly).
1970 add some infrastructure for re-keying.
1971 - markus@cvs.openbsd.org 2001/04/04 00:06:54
1972 [clientloop.c sshconnect2.c]
1973 enable client rekeying
1974 (1) force rekeying with ~R, or
1975 (2) if the server requests rekeying.
1976 works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
1977 - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
1981 - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
1984 - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
1985 [readconf.c servconf.c]
1986 correct comment; ok markus@
1987 - (stevesk) nchan.c: remove ostate checks and add EINVAL to
1988 shutdown(SHUT_RD) error() bypass for HP-UX.
1991 - (stevesk) log.c openbsd sync; missing newlines
1992 - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
1995 - (djm) Another openbsd-compat/glob.c sync
1996 - (djm) OpenBSD CVS Sync
1997 - provos@cvs.openbsd.org 2001/03/28 21:59:41
1998 [kex.c kex.h sshconnect2.c sshd.c]
1999 forgot to include min and max params in hash, okay markus@
2000 - provos@cvs.openbsd.org 2001/03/28 22:04:57
2002 more sanity checking on primes file
2003 - markus@cvs.openbsd.org 2001/03/28 22:43:31
2004 [auth.h auth2.c auth2-chall.c]
2005 check auth_root_allowed for kbd-int auth, too.
2006 - provos@cvs.openbsd.org 2001/03/29 14:24:59
2008 use recommended defaults
2009 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
2010 [sshconnect2.c sshd.c]
2011 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
2012 - markus@cvs.openbsd.org 2001/03/29 21:17:40
2013 [dh.c dh.h kex.c kex.h]
2014 prepare for rekeying: move DH code to dh.c
2015 - djm@cvs.openbsd.org 2001/03/29 23:42:01
2017 Protocol 1 key regeneration log => verbose, some KNF; ok markus@
2021 - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
2023 document more defaults; misc. cleanup. ok markus@
2024 - markus@cvs.openbsd.org 2001/03/26 23:12:42
2027 - markus@cvs.openbsd.org 2001/03/26 23:23:24
2028 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
2029 try to read private f-secure ssh v2 rsa keys.
2030 - markus@cvs.openbsd.org 2001/03/27 10:34:08
2032 use EVP_get_digestbynid, reorder some calls and fix missing free.
2033 - markus@cvs.openbsd.org 2001/03/27 10:57:00
2034 [compat.c compat.h ssh-rsa.c]
2035 some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
2036 signatures in SSH protocol 2, ok djm@
2037 - provos@cvs.openbsd.org 2001/03/27 17:46:50
2038 [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
2039 make dh group exchange more flexible, allow min and max group size,
2040 okay markus@, deraadt@
2041 - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
2043 start to sync scp closer to rcp; ok markus@
2044 - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
2046 usage more like rcp and add missing -B to usage; ok markus@
2047 - markus@cvs.openbsd.org 2001/03/28 20:50:45
2049 call refuse() before close(); from olemx@ans.pl
2052 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
2053 resolve linking conflicts with libcrypto. Report and suggested fix
2054 from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
2055 - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
2056 fix from Philippe Levan <levan@epix.net>
2057 - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
2058 doesn't work because of conflicts between krbIV's and OpenSSL's des.h
2059 - (djm) Sync openbsd-compat/glob.c
2062 - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
2063 - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz
2064 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2066 - djm@cvs.openbsd.org 2001/03/25 00:01:34
2069 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
2070 [servconf.c servconf.h session.c sshd.8 sshd_config]
2071 PrintLastLog option; from chip@valinux.com with some minor
2072 changes by me. ok markus@
2073 - markus@cvs.openbsd.org 2001/03/26 08:07:09
2074 [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
2075 sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
2076 simpler key load/save interface, see authfile.h
2077 - (djm) Reestablish PAM credentials (which can be supplemental group
2078 memberships) after initgroups() blows them away. Report and suggested
2079 fix from Nalin Dahyabhai <nalin@redhat.com>
2082 - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
2084 - djm@cvs.openbsd.org 2001/03/23 11:04:07
2085 [compat.c compat.h sshconnect2.c sshd.c]
2086 Compat for OpenSSH with broken Rijndael/AES. ok markus@
2087 - markus@cvs.openbsd.org 2001/03/23 12:02:49
2089 authctxt is now passed to do_authenticated
2090 - markus@cvs.openbsd.org 2001/03/23 13:10:57
2092 fix put, upload to _absolute_ path, ok djm@
2093 - markus@cvs.openbsd.org 2001/03/23 14:28:32
2095 ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
2096 - (djm) Pull out our own SIGPIPE hacks
2100 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
2102 do not place linefeeds in buffer
2105 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
2106 - (bal) version.c CVS ID resync
2107 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
2109 - (bal) scp.c CVS ID resync
2111 - markus@cvs.openbsd.org 2001/03/20 19:10:16
2113 default to SSH protocol version 2
2114 - markus@cvs.openbsd.org 2001/03/20 19:21:21
2117 - markus@cvs.openbsd.org 2001/03/20 19:21:21
2120 - markus@cvs.openbsd.org 2001/03/21 11:43:45
2121 [auth1.c auth2.c session.c session.h]
2122 merge common ssh v1/2 code
2123 - jakob@cvs.openbsd.org 2001/03/21 14:20:45
2125 add -B flag to usage
2126 - markus@cvs.openbsd.org 2001/03/21 21:06:30
2128 missing init; from mib@unimelb.edu.au
2131 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
2132 VanDevender <stevev@darkwing.uoregon.edu>
2133 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
2134 from Solar Designer <solar@openwall.com>
2135 - (djm) Don't loop forever when changing password via PAM. Patch
2136 from Solar Designer <solar@openwall.com>
2137 - (djm) Generate config files before build
2138 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
2139 suggested fix from Mike Battersby <mib@unimelb.edu.au>
2142 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
2143 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
2144 - (bal) Oops. Missed globc.h change (OpenBSD CVS).
2145 - (djm) OpenBSD CVS Sync
2146 - markus@cvs.openbsd.org 2001/03/19 17:07:23
2148 undo /etc/shell and proto 2,1 change for openssh-2.5.2
2149 - markus@cvs.openbsd.org 2001/03/19 17:12:10
2152 - (djm) Update RPM spec version
2153 - (djm) Release 2.5.2p1
2154 - tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
2155 change S_ISLNK macro to work for UnixWare 2.03
2156 - tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
2157 add get_arg_max(). Use sysconf() if ARG_MAX is not defined
2160 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
2162 - (djm) Add getusershell() functions from OpenBSD CVS
2164 - markus@cvs.openbsd.org 2001/03/18 12:07:52
2166 ignore permitopen="host:port" if AllowTcpForwarding==no
2167 - (djm) Make scp work on systems without 64-bit ints
2168 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
2169 move HAVE_LONG_LONG_INT where it works
2170 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
2171 stuff. Change suggested by Mark Miller <markm@swoon.net>
2172 - (bal) Small fix to scp. %lu vs %ld
2173 - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
2174 - (djm) OpenBSD CVS Sync
2175 - djm@cvs.openbsd.org 2001/03/19 03:52:51
2177 Report ssh connection closing correctly; ok deraadt@
2178 - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
2179 [compat.c compat.h sshd.c]
2180 specifically version match on ssh scanners. do not log scan
2181 information to the console
2182 - djm@cvs.openbsd.org 2001/03/19 12:10:17
2184 Document permitopen authorized_keys option; ok markus@
2185 - djm@cvs.openbsd.org 2001/03/19 05:49:52
2187 document PreferredAuthentications option; ok markus@
2188 - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
2191 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
2192 size not delimited" fatal errors when tranfering.
2194 - markus@cvs.openbsd.org 2001/03/17 17:27:59
2196 check /etc/shells, too
2197 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
2198 openbsd-compat/fake-regex.h
2201 - Support usrinfo() on AIX. Based on patch from Gert Doering
2202 <gert@greenie.muc.de>
2204 - markus@cvs.openbsd.org 2001/03/15 15:05:59
2206 use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
2207 - markus@cvs.openbsd.org 2001/03/15 22:07:08
2209 pass Session to do_child + KNF
2210 - djm@cvs.openbsd.org 2001/03/16 08:16:18
2211 [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
2212 Revise globbing for get/put to be more shell-like. In particular,
2213 "get/put file* directory/" now works. ok markus@
2214 - markus@cvs.openbsd.org 2001/03/16 09:55:53
2216 fix memset and whitespace
2217 - markus@cvs.openbsd.org 2001/03/16 13:44:24
2219 discourage strcat/strcpy
2220 - markus@cvs.openbsd.org 2001/03/16 19:06:30
2221 [auth-options.c channels.c channels.h serverloop.c session.c]
2222 implement "permitopen" key option, restricts -L style forwarding to
2223 to specified host:port pairs. based on work by harlan@genua.de
2224 - Check for gl_matchc support in glob_t and fall back to the
2225 openbsd-compat/glob.[ch] support if it does not exist.
2229 - markus@cvs.openbsd.org 2001/03/14 08:57:14
2232 - markus@cvs.openbsd.org 2001/03/14 15:15:58
2235 - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
2238 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
2239 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
2243 - markus@cvs.openbsd.org 2001/03/13 17:34:42
2245 missing xfree, deny key on parse error; ok stevesk@
2246 - djm@cvs.openbsd.org 2001/03/13 22:42:54
2247 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
2248 sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
2249 - (bal) Fix strerror() in bsd-misc.c
2250 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
2251 missing or lacks the GLOB_ALTDIRFUNC extension
2252 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
2253 relatively. Avoids conflict between glob.h and /usr/include/glob.h
2257 - markus@cvs.openbsd.org 2001/03/12 22:02:02
2258 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
2259 remove old key_fingerprint interface, s/_ex//
2263 - markus@cvs.openbsd.org 2001/03/11 13:25:36
2266 - jakob@cvs.openbsd.org 2001/03/11 15:03:16
2268 add improved fingerprint functions. based on work by Carsten
2269 Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
2270 - jakob@cvs.openbsd.org 2001/03/11 15:04:16
2271 [ssh-keygen.1 ssh-keygen.c]
2272 print both md5, sha1 and bubblebabble fingerprints when using
2273 ssh-keygen -l -v. ok markus@.
2274 - jakob@cvs.openbsd.org 2001/03/11 15:13:09
2276 cleanup & shorten some var names key_fingerprint_bubblebabble.
2277 - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
2279 KNF, and SHA1 binary output is just creeping featurism
2280 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
2281 test if snprintf() supports %ll
2282 add /dev to search path for PRNGD/EGD socket
2283 fix my mistake in USER_PATH test program
2285 - markus@cvs.openbsd.org 2001/03/11 18:29:51
2288 - markus@cvs.openbsd.org 2001/03/11 22:33:24
2289 [ssh-keygen.1 ssh-keygen.c]
2290 remove -v again. use -B instead for bubblebabble. make -B consistent
2291 with -l and make -B work with /path/to/known_hosts. ok deraadt@
2292 - (djm) Bump portable version number for generating test RPMs
2293 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
2294 - (bal) Reorder includes in Makefile.
2298 - markus@cvs.openbsd.org 2001/03/10 12:48:27
2300 ignore nonexisting private keys; report rjmooney@mediaone.net
2301 - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
2302 [readconf.c ssh_config]
2303 default to SSH2, now that m68k runs fast
2304 - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
2305 [ttymodes.c ttymodes.h]
2306 remove unused sgtty macros; ok markus@
2307 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
2308 [compat.c compat.h sshconnect.c]
2309 all known netscreen ssh versions, and older versions of OSU ssh cannot
2310 handle password padding (newer OSU is fixed)
2311 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
2312 make sure $bindir is in USER_PATH so scp will work
2314 - markus@cvs.openbsd.org 2001/03/10 17:51:04
2315 [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
2316 add PreferredAuthentications
2320 - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
2322 create *.pub files with umask 0644, so that you can mv them to
2324 - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
2326 typo; slade@shore.net
2327 - Removed log.o from sftp client. Not needed.
2331 - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
2334 - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
2336 spelling, cleanup; ok deraadt@
2337 - markus@cvs.openbsd.org 2001/03/08 21:42:33
2338 [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
2339 implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
2340 no need to do enter passphrase or do expensive sign operations if the
2341 server does not accept key).
2345 - djm@cvs.openbsd.org 2001/03/07 10:11:23
2346 [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
2347 Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
2348 functions and small protocol change.
2349 - markus@cvs.openbsd.org 2001/03/08 00:15:48
2351 turn off useprivilegedports by default. only rhost-auth needs
2352 this. older sshd's may need this, too.
2353 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
2354 Dirk Markwardt <D.Markwardt@tu-bs.de>
2357 - (bal) OpenBSD CVS Sync
2358 - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
2361 - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
2362 [sftp-int.c sftp.1 sftp.c]
2363 sftp -b batchfile; mouring@etoh.eviladmin.org
2364 - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
2367 - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
2369 the name "secure shell" is boring, noone ever uses it
2370 - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
2372 removed dated comment
2373 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
2376 - (bal) OpenBSD CVS Sync
2377 - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
2379 alpha order; jcs@rt.fm
2380 - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
2382 sync error message; ok markus@
2383 - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
2384 [myproposal.h ssh.1]
2385 switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
2387 - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
2389 detail default hmac setup too
2390 - markus@cvs.openbsd.org 2001/03/05 17:17:21
2391 [kex.c kex.h sshconnect2.c sshd.c]
2392 generate a 2*need size (~300 instead of 1024/2048) random private
2393 exponent during the DH key agreement. according to Niels (the great
2394 german advisor) this is safe since /etc/primes contains strong
2398 P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
2399 agreement with short exponents, In Advances in Cryptology
2400 - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
2401 - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
2403 more ssh_known_hosts2 documentation; ok markus@
2404 - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
2407 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
2408 [authfd.c cli.c ssh-agent.c]
2409 EINTR/EAGAIN handling is required in more cases
2410 - millert@cvs.openbsd.org 2001/03/06 01:06:03
2412 Don't assume we wil get the version string all in one read().
2414 - millert@cvs.openbsd.org 2001/03/06 01:08:27
2416 If read() fails with EINTR deal with it the same way we treat EAGAIN
2419 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
2420 - (bal) CVS ID touch up on sftp-int.c
2421 - (bal) CVS ID touch up on uuencode.c
2422 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
2423 - (bal) OpenBSD CVS Sync
2424 - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
2426 it's the OpenSSH one
2427 - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
2429 inline -> __inline__, and some indent
2430 - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
2433 - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
2435 careful with & and &&; markus ok
2436 - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
2438 -i supports DSA identities now; ok markus@
2439 - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
2441 grammar; slade@shore.net
2442 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
2443 [ssh-keygen.1 ssh-keygen.c]
2444 document -d, and -t defaults to rsa1
2445 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
2446 [ssh-keygen.1 ssh-keygen.c]
2448 - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
2451 - markus@cvs.openbsd.org 2001/02/22 21:57:27
2453 typos/grammar from matt@anzen.com
2454 - markus@cvs.openbsd.org 2001/02/22 21:59:44
2455 [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
2456 use pwcopy in ssh.c, too
2457 - markus@cvs.openbsd.org 2001/02/23 15:34:53
2460 - markus@cvs.openbsd.org 2001/02/23 18:15:13
2462 the random session key depends now on the session_key_int
2463 sent by the 'attacker'
2464 dig1 = md5(cookie|session_key_int);
2465 dig2 = md5(dig1|cookie|session_key_int);
2466 fake_session_key = dig1|dig2;
2467 this change is caused by a mail from anakin@pobox.com
2468 patch based on discussions with my german advisor niels@openbsd.org
2469 - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
2471 look for id_rsa by default, before id_dsa
2472 - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
2474 ssh2 rsa key before dsa key
2475 - markus@cvs.openbsd.org 2001/02/27 10:35:27
2478 - markus@cvs.openbsd.org 2001/02/27 11:00:11
2480 support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
2481 - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
2484 - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
2486 do not kill the subprocess on termination (we will see if this helps
2487 things or hurts things)
2488 - markus@cvs.openbsd.org 2001/02/28 08:45:39
2490 fix byte counts for ssh protocol v1
2491 - markus@cvs.openbsd.org 2001/02/28 08:54:55
2492 [channels.c nchan.c nchan.h]
2493 make sure remote stderr does not get truncated.
2494 remove closed fd's from the select mask.
2495 - markus@cvs.openbsd.org 2001/02/28 09:57:07
2496 [packet.c packet.h sshconnect2.c]
2497 in ssh protocol v2 use ignore messages for padding (instead of
2499 - markus@cvs.openbsd.org 2001/02/28 12:55:07
2501 unify debug messages
2502 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
2504 for completeness, copy pw_gecos too
2505 - markus@cvs.openbsd.org 2001/02/28 21:21:41
2507 generate a fake session id, too
2508 - markus@cvs.openbsd.org 2001/02/28 21:27:48
2509 [channels.c packet.c packet.h serverloop.c]
2510 use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
2511 use random content in ignore messages.
2512 - markus@cvs.openbsd.org 2001/02/28 21:31:32
2515 - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
2517 split line so that p will have an easier time next time around
2518 - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
2520 shorten usage by a line
2521 - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
2522 [auth-rsa.c auth2.c deattack.c packet.c]
2524 - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
2525 [cli.c cli.h rijndael.h ssh-keyscan.1]
2526 copyright notices on all source files
2527 - markus@cvs.openbsd.org 2001/03/01 22:46:37
2529 don't truncate remote ssh-2 commands; from mkubita@securities.cz
2530 use min, not max for logging, fixes overflow.
2531 - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
2533 explain SIGHUP better
2534 - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
2536 doc the dsa/rsa key pair files
2537 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
2538 [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
2539 scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
2540 ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
2541 make copyright lines the same format
2542 - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
2545 - millert@cvs.openbsd.org 2001/03/03 21:19:41
2547 Dynamically allocate read_wait and its copies. Since maxfd is
2548 based on resource limits it is often (usually?) larger than FD_SETSIZE.
2549 - millert@cvs.openbsd.org 2001/03/03 21:40:30
2551 Dynamically allocate fd_set; deraadt@ OK
2552 - millert@cvs.openbsd.org 2001/03/03 21:41:07
2554 Dynamically allocate fd_set; deraadt@ OK
2555 - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
2558 - markus@cvs.openbsd.org 2001/03/03 23:52:22
2560 clean up arg processing. based on work by Christophe_Moret@hp.com
2561 - markus@cvs.openbsd.org 2001/03/03 23:59:34
2564 - markus@cvs.openbsd.org 2001/03/04 00:03:59
2567 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
2569 add -m to usage; ok markus@
2570 - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
2572 small cleanup and clarify for PermitRootLogin; ok markus@
2573 - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
2575 kill obsolete RandomSeed; ok markus@ deraadt@
2576 - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
2579 - millert@cvs.openbsd.org 2001/03/04 17:42:28
2580 [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
2581 ssh.c sshconnect.c sshd.c]
2582 log functions should not be passed strings that end in newline as they
2583 get passed on to syslog() and when logging to stderr, do_log() appends
2585 - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
2588 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
2589 - (bal) Fix up logging since it changed. removed log-*.c
2590 - (djm) Fix up LOG_AUTHPRIV for systems that have it
2591 - (stevesk) OpenBSD sync:
2592 - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
2594 skip inlining, why bother
2595 - (stevesk) sftp.c: handle __progname
2598 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
2599 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
2600 give Mark Roth credit for mdoc2man.pl
2603 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
2604 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
2605 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
2606 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
2607 "--with-egd-pool" configure option with "--with-prngd-socket" and
2608 "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
2609 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2612 - (djm) Properly add -lcrypt if needed.
2613 - (djm) Force standard PAM conversation function in a few more places.
2614 Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
2616 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
2617 <vinschen@redhat.com>
2618 - (djm) Released 2.5.1p2
2621 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
2622 "Bad packet length" bugs.
2623 - (djm) Fully revert PAM session patch (again). All PAM session init is
2624 now done before the final fork().
2625 - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
2626 - (djm) Remove /tmp from EGD socket search list
2629 - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
2630 <vinschen@redhat.com>
2631 - (bal) OpenBSD Sync
2632 - markus@cvs.openbsd.org 2001/02/23 15:37:45
2634 handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
2635 - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
2636 <jmknoble@jmknoble.cx>
2637 - (djm) Fix up POSIX saved uid support. Report from Mark Miller
2639 - (djm) Search for -lcrypt on FreeBSD too
2640 - (djm) fatal() on OpenSSL version mismatch
2641 - (djm) Move PAM init to after fork for non-Solaris derived PAMs
2642 - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
2645 - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
2646 change is being made as 2.5.x configfiles are not back-compatible with
2648 - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
2650 - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
2651 <tim@multitalents.net>
2652 - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
2653 <tim@multitalents.net>
2656 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
2657 - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
2658 Based on patch from Tim Rice <tim@multitalents.net>
2661 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
2662 Patch from Adrian Ho <lexfiend@usa.net>
2663 - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
2664 platform defines u_int64_t as being that.
2667 - (bal) Missed part of the UNIX sockets patch. Patch by Corinna
2668 Vinschen <vinschen@redhat.com>
2669 - (bal) Reorder where 'strftime' is detected to resolve linking
2670 issues on SCO. Patch by Tim Rice <tim@multitalents.net>
2673 - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
2674 Patch by Pekka Savola <pekkas@netcore.fi>
2675 - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
2677 - (bal) Generalize lack of UNIX sockets since this also effects Cray
2678 not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
2681 - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
2682 <tell@telltronics.org>
2683 - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
2684 that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
2685 - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
2686 <tim@multitalents.net>
2689 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
2690 - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
2691 - (bal) Removed reference to liblogin from contrib/README. It was
2692 integrated into OpenSSH a long while ago.
2693 - (stevesk) remove erroneous #ifdef sgi code.
2694 Michael Stone <mstone@cs.loyola.edu>
2697 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
2698 - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
2699 <tim@multitalents.net>
2700 - (bal) Reverted out of 2001/02/15 patch by djm below because it
2702 - (djm) Move PAM session setup back to before setuid to user.
2703 fixes problems on Solaris-drived PAMs.
2704 - (stevesk) session.c: back out to where we were before:
2705 - (djm) Move PAM session initialisation until after fork in sshd. Patch
2706 from Nalin Dahyabhai <nalin@redhat.com>
2709 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
2711 - (bal) OpenBSD CVS Sync:
2712 - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
2714 clarify message to make it not mention "ident"
2717 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
2718 pty.[ch] -> sshpty.[ch]
2719 - (djm) Rework search for OpenSSL location. Skip directories which don't
2720 exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
2721 with its limit of 6 -L options.
2723 - reinhard@cvs.openbsd.org 2001/02/17 08:24:40
2726 - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
2728 cleanup -V output; noted by millert
2729 - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
2731 it's the OpenSSH one
2732 - markus@cvs.openbsd.org 2001/02/18 11:33:54
2734 typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
2735 - markus@cvs.openbsd.org 2001/02/19 02:53:32
2736 [compat.c compat.h serverloop.c]
2737 ssh-1.2.{18-22} has broken handling of ignore messages; report from
2739 - markus@cvs.openbsd.org 2001/02/19 03:35:23
2741 OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
2742 - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
2744 np is changed by recursion; vinschen@redhat.com
2745 - Update versions in RPM spec files
2749 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
2750 <tim@multitalents.net>
2751 - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
2753 - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
2754 <vinschen@redhat.com> and myself.
2755 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
2756 Miskiewicz <misiek@pld.ORG.PL>
2757 - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
2758 Todd C. Miller <Todd.Miller@courtesan.com>
2759 - (djm) Use ttyname() to determine name of tty returned by openpty()
2760 rather then risking overflow. Patch from Marek Michalkiewicz
2761 <marekm@amelek.gda.pl>
2762 - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
2763 Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
2764 - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
2765 - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
2767 - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
2768 <tim@multitalents.net>
2769 - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
2770 - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
2771 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
2773 - (djm) Move entropy.c over to mysignal()
2774 - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
2775 a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
2776 Miller <Todd.Miller@courtesan.com>
2777 - (djm) Update RPM spec files for 2.5.0p1
2778 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
2779 enable with --with-bsd-auth.
2780 - (stevesk) entropy.c: typo; should be SIGPIPE
2783 - (bal) OpenBSD Sync:
2784 - markus@cvs.openbsd.org 2001/02/16 13:38:18
2787 - markus@cvs.openbsd.org 2001/02/16 14:03:43
2789 proper payload-length check for x11 w/o screen-number
2792 - (bal) added '--with-prce' to allow overriding of system regex when
2793 required (tested by David Dulek <ddulek@fastenal.com>)
2794 - (bal) Added DG/UX case and set that they have a broken IPTOS.
2795 - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
2796 Fixes linking on SCO.
2797 - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
2798 Nalin Dahyabhai <nalin@redhat.com>
2799 - (djm) BSD license for gnome-ssh-askpass (was X11)
2800 - (djm) KNF on gnome-ssh-askpass
2801 - (djm) USE_PIPES for a few more sysv platforms
2802 - (djm) Cleanup configure.in a little
2803 - (djm) Ask users to check config.log when we can't find necessary libs
2804 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
2805 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
2806 - (djm) OpenBSD CVS:
2807 - markus@cvs.openbsd.org 2001/02/15 16:19:59
2808 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
2809 [sshconnect1.c sshconnect2.c]
2810 genericize password padding function for SSH1 and SSH2.
2811 add stylized echo to 2, too.
2812 - (djm) Add roundup() macro to defines.h
2813 - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
2814 needed on Unixware 2.x.
2817 - (djm) Move PAM session setup back to before setuid to user. Fixes
2818 problems on Solaris-derived PAMs.
2819 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
2820 <Darren.Moffat@eng.sun.com>
2821 - (bal) Sync w/ OpenSSH for new release
2822 - markus@cvs.openbsd.org 2001/02/12 12:45:06
2824 fix xmalloc(0), ok dugsong@
2825 - markus@cvs.openbsd.org 2001/02/11 12:59:25
2826 [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
2827 sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
2828 1) clean up the MAC support for SSH-2
2829 2) allow you to specify the MAC with 'ssh -m'
2830 3) or the 'MACs' keyword in ssh(d)_config
2831 4) add hmac-{md5,sha1}-96
2832 ok stevesk@, provos@
2833 - markus@cvs.openbsd.org 2001/02/12 16:16:23
2834 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
2835 ssh-keygen.c sshd.8]
2836 PermitRootLogin={yes,without-password,forced-commands-only,no}
2837 (before this change, root could login even if PermitRootLogin==no)
2838 - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
2839 [clientloop.c packet.c ssh-keyscan.c]
2840 deal with EAGAIN/EINTR selects which were skipped
2841 - markus@cvs.openssh.org 2001/02/13 22:49:40
2843 setproctitle(user) only if getpwnam succeeds
2844 - markus@cvs.openbsd.org 2001/02/12 23:26:20
2846 missing memset; from solar@openwall.com
2847 - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
2849 lumask now works with 1 numeric arg; ok markus@, djm@
2850 - djm@cvs.openbsd.org 2001/02/14 9:46:03
2851 [sftp-client.c sftp-int.c sftp.1]
2852 Fix and document 'preserve modes & times' option ('-p' flag in sftp);
2854 - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
2855 - (djm) Move to Jim's 1.2.0 X11 askpass program
2856 - (stevesk) OpenBSD sync:
2857 - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
2862 - (djm) Don't try to close PAM session or delete credentials if the
2863 session has not been open or credentials not set. Based on patch from
2864 Andrew Bartlett <abartlet@pcug.org.au>
2865 - (djm) Move PAM session initialisation until after fork in sshd. Patch
2866 from Nalin Dahyabhai <nalin@redhat.com>
2867 - (bal) Missing function prototype in bsd-snprintf.c patch by
2868 Mark Miller <markm@swoon.net>
2869 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
2870 <cmadams@hiwaay.net> with a little modification and KNF.
2871 - (stevesk) fix for SIA patch, misplaced session_setup_sia()
2874 - (djm) Only test -S potential EGD sockets if they exist and are readable.
2875 - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
2876 I did a base KNF over the whe whole file to make it more acceptable.
2877 (backed out of original patch and removed it from ChangeLog)
2878 - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
2879 Tim Rice <tim@multitalents.net>
2880 - (stevesk) auth1.c: fix PAM passwordless check.
2883 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
2884 --define "skip_gnome_askpass 1", --define "rh7 1" and make the
2885 implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
2886 Pekka Savola <pekkas@netcore.fi>
2887 - (djm) Clean up PCRE text in INSTALL
2888 - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
2889 <mib@unimelb.edu.au>
2890 - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
2891 - (stevesk) session.c: remove debugging code.
2894 - (bal) OpenBSD Sync
2895 - markus@cvs.openbsd.org 2001/02/07 22:35:46
2896 [auth1.c auth2.c sshd.c]
2897 move k_setpag() to a central place; ok dugsong@
2898 - markus@cvs.openbsd.org 2001/02/10 12:52:02
2900 offer passwd before s/key
2901 - markus@cvs.openbsd.org 2001/02/8 22:37:10
2903 remove last call to sprintf; ok deraadt@
2904 - markus@cvs.openbsd.org 2001/02/10 1:33:32
2906 add debug message, since sshd blocks here if DNS is not available
2907 - markus@cvs.openbsd.org 2001/02/10 12:44:02
2909 don't call vis() for \r
2910 - danh@cvs.openbsd.org 2001/02/10 0:12:43
2912 revert a small change to allow -r option to work again; ok deraadt@
2913 - danh@cvs.openbsd.org 2001/02/10 15:14:11
2915 fix memory leak; ok markus@
2916 - djm@cvs.openbsd.org 2001/02/10 0:45:52
2918 Mention that you can quote pathnames with spaces in them
2919 - markus@cvs.openbsd.org 2001/02/10 1:46:28
2921 remove mapping of argv[0] -> hostname
2922 - markus@cvs.openbsd.org 2001/02/06 22:26:17
2924 do not ask for passphrase in batch mode; report from ejb@ql.org
2925 - itojun@cvs.opebsd.org 2001/02/08 10:47:05
2926 [sshconnect.c sshconnect1.c sshconnect2.c]
2927 %.30s is too short for IPv6 numeric address. use %.128s for now.
2929 - markus@cvs.openbsd.org 2001/02/09 12:28:35
2931 do not free twice, thanks to /etc/malloc.conf
2932 - markus@cvs.openbsd.org 2001/02/09 17:10:53
2934 partial success: debug->log; "Permission denied" if no more auth methods
2935 - markus@cvs.openbsd.org 2001/02/10 12:09:21
2938 - markus@cvs.openbsd.org 2001/02/09 13:38:07
2940 reset options if no option is given; from han.holl@prismant.nl
2941 - markus@cvs.openbsd.org 2001/02/08 21:58:28
2943 nuke sprintf, ok deraadt@
2944 - markus@cvs.openbsd.org 2001/02/08 21:58:28
2946 nuke sprintf, ok deraadt@
2947 - markus@cvs.openbsd.org 2001/02/06 22:43:02
2949 remove confusing callback code
2950 - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
2953 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
2954 sync with netbsd tree changes.
2955 - more strict prototypes, include necessary headers
2956 - use paths.h/pathnames.h decls
2957 - size_t typecase to int -> u_long
2958 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
2960 fix size_t -> int cast (use u_long). markus ok
2961 - markus@cvs.openbsd.org 2001/02/07 22:43:16
2963 s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
2964 - itojun@cvs.openbsd.org 2001/02/09 9:04:59
2966 do not assume malloc() returns zero-filled region. found by
2968 - markus@cvs.openbsd.org 2001/02/08 22:35:30
2970 don't connect if batch_mode is true and stricthostkeychecking set to
2972 - djm@cvs.openbsd.org 2001/02/04 21:26:07
2975 - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
2977 enable sftp-server by default
2978 - deraadt 2001/02/07 8:57:26
2980 deal with new ANSI malloc stuff
2981 - markus@cvs.openbsd.org 2001/02/07 16:46:08
2984 - itojun@cvs.openbsd.org 2001/02/07 18:04:50
2986 fix size_t -> int cast (use u_long). markus ok
2987 - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
2988 [serverloop.c sshconnect1.c]
2989 mitigate SSH1 traffic analysis - from Solar Designer
2990 <solar@openwall.com>, ok provos@
2991 - (bal) fixed sftp-client.c. Return 'status' instead of '0'
2992 (from the OpenBSD tree)
2993 - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
2994 - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
2995 - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
2996 - (bal) A bit more whitespace cleanup
2997 - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
2998 <abartlet@pcug.org.au>
2999 - (stevesk) misc.c: ssh.h not needed.
3000 - (stevesk) compat.c: more friendly cpp error
3001 - (stevesk) OpenBSD sync:
3002 - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
3004 typos and small cleanup; ok deraadt@
3007 - (djm) Sync sftp and scp stuff from OpenBSD:
3008 - djm@cvs.openbsd.org 2001/02/07 03:55:13
3010 Don't free handles before we are done with them. Based on work from
3011 Corinna Vinschen <vinschen@redhat.com>. ok markus@
3012 - djm@cvs.openbsd.org 2001/02/06 22:32:53
3014 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
3015 - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
3017 pretty up significantly
3018 - itojun@cvs.openbsd.org 2001/02/07 06:49:42
3020 .Bl-.El mismatch. markus ok
3021 - djm@cvs.openbsd.org 2001/02/07 06:12:30
3023 Check that target is a directory before doing ls; ok markus@
3024 - itojun@cvs.openbsd.org 2001/02/07 11:01:18
3025 [scp.c sftp-client.c sftp-server.c]
3026 unsigned long long -> %llu, not %qu. markus ok
3027 - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
3029 more man page cleanup and sync of help text with man page; ok markus@
3030 - markus@cvs.openbsd.org 2001/02/07 14:58:34
3032 older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
3033 - djm@cvs.openbsd.org 2001/02/07 15:27:19
3035 Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
3036 <roumen.petrov@skalasoft.com>
3037 - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
3039 portable; ok markus@
3040 - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
3042 lowercase cmds[].c also; ok markus@
3043 - markus@cvs.openbsd.org 2001/02/07 17:04:52
3044 [pathnames.h sftp.c]
3045 allow sftp over ssh protocol 1; ok djm@
3046 - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
3048 memory leak fix, and snprintf throughout
3049 - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
3052 - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
3053 [session.c sftp-client.c]
3055 - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
3058 - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
3059 [sftp-int.c pathnames.h]
3060 _PATH_LS; ok markus@
3061 - djm@cvs.openbsd.org 2001/02/09 04:46:25
3063 Check for NULL attribs for chown, chmod & chgrp operations, only send
3064 relevant attribs back to server; ok markus@
3065 - djm@cvs.openbsd.org 2001/02/06 15:05:25
3067 Use getopt to process commandline arguments
3068 - djm@cvs.openbsd.org 2001/02/06 15:06:21
3070 Wait for ssh subprocess at exit
3071 - djm@cvs.openbsd.org 2001/02/06 15:18:16
3073 stat target for remote chdir before doing chdir
3074 - djm@cvs.openbsd.org 2001/02/06 15:32:54
3076 Punctuation fix from Pekka Savola <pekkas@netcore.fi>
3077 - provos@cvs.openbsd.org 2001/02/05 22:22:02
3079 cleanup get_pathname, fix pwd after failed cd. okay djm@
3080 - (djm) Update makefile.in for _PATH_SFTP_SERVER
3081 - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
3084 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
3085 <rjmooney@mediaone.net>
3086 - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
3087 main tree while porting forward. Pointed out by Lutz Jaenicke
3088 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3089 - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
3090 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3091 - (stevesk) OpenBSD sync:
3092 - markus@cvs.openbsd.org 2001/02/08 11:20:01
3095 - markus@cvs.openbsd.org 2001/02/08 11:15:22
3098 - markus@cvs.openbsd.org 2001/02/08 11:12:30
3101 - (djm) Update spec files
3102 - (bal) OpenBSD sync:
3103 - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
3105 memory leak fix, and snprintf throughout
3106 - markus@cvs.openbsd.org 2001/02/06 22:43:02
3108 remove confusing callback code
3109 - (djm) Add CVS Id's to files that we have missed
3110 - (bal) OpenBSD Sync (more):
3111 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
3112 sync with netbsd tree changes.
3113 - more strict prototypes, include necessary headers
3114 - use paths.h/pathnames.h decls
3115 - size_t typecase to int -> u_long
3116 - markus@cvs.openbsd.org 2001/02/06 22:07:42
3118 fatal() if subsystem fails
3119 - markus@cvs.openbsd.org 2001/02/06 22:43:02
3121 remove confusing callback code
3122 - jakob@cvs.openbsd.org 2001/02/06 23:03:24
3124 add -1 option (force protocol version 1). ok markus@
3125 - jakob@cvs.openbsd.org 2001/02/06 23:06:21
3127 reorder -{1,2,4,6} options. ok markus@
3128 - (bal) Missing 'const' in readpass.h
3129 - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
3130 - djm@cvs.openbsd.org 2001/02/06 23:30:28
3132 replace arc4random with counter for request ids; ok markus@
3133 - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
3134 Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3137 - (djm) Don't delete external askpass program in make uninstall target.
3138 Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
3139 - (djm) Fix linking of sftp, don't need arc4random any more.
3140 - (djm) Try to use shell that supports "test -S" for EGD socket search.
3141 Based on patch from Tim Rice <tim@multitalents.net>
3144 - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
3145 seem lose track of it while in openbsd-compat/ (two confirmed reports)
3146 - (djm) Much KNF on PAM code
3147 - (djm) Revise auth-pam.c conversation function to be a little more
3149 - (djm) Revise kbd-int PAM conversation function to fold all text messages
3150 to before first prompt. Fixes hangs if last pam_message did not require
3152 - (djm) Fix password changing when using PAM kbd-int authentication
3155 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
3156 that don't have NGROUPS_MAX.
3157 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
3158 - (stevesk) OpenBSD sync:
3159 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
3160 [many files; did this manually to our top-level source dir]
3161 unexpand and remove end-of-line whitespace; ok markus@
3162 - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
3164 SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
3165 - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
3168 - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
3170 sort commands, so that abbreviations work as expected
3171 - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
3173 debugging sftp: precedence and missing break. chmod, chown, chgrp
3174 seem to be working now.
3175 - markus@cvs.openbsd.org 2001/02/04 14:41:21
3177 use base 8 for umask/chmod
3178 - markus@cvs.openbsd.org 2001/02/04 11:11:54
3181 - markus@cvs.openbsd.org 2001/02/04 08:10:44
3183 typo; dpo@club-internet.fr
3184 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
3185 [auth2.c authfd.c packet.c]
3186 remove duplicate #include's; ok markus@
3187 - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
3190 - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
3192 precedence; ok markus@
3193 - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
3195 make the alpha happy
3196 - markus@cvs.openbsd.org 2001/01/31 13:37:24
3197 [channels.c channels.h serverloop.c ssh.c]
3198 do not disconnect if local port forwarding fails, e.g. if port is
3200 - markus@cvs.openbsd.org 2001/02/01 14:58:09
3202 use ipaddr in channel messages, ietf-secsh wants this
3203 - markus@cvs.openbsd.org 2001/01/31 12:26:20
3205 ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
3206 messages; bug report from edmundo@rano.org
3207 - markus@cvs.openbsd.org 2001/01/31 13:48:09
3210 - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
3211 [sftp-client.c sftp-server.c]
3212 make gcc on the alpha even happier
3215 - (bal) I think this is the last of the bsd-*.h that don't belong.
3216 - (bal) Minor Makefile fix
3217 - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
3219 - (bal) Changed order of LIB="" in -with-skey due to library resolving.
3220 - (bal) next-posix.h changed to bsd-nextstep.h
3221 - (djm) OpenBSD CVS sync:
3222 - markus@cvs.openbsd.org 2001/02/03 03:08:38
3223 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
3224 [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
3226 make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
3227 - markus@cvs.openbsd.org 2001/02/03 03:19:51
3228 [ssh.1 sshd.8 sshd_config]
3229 Skey is now called ChallengeResponse
3230 - markus@cvs.openbsd.org 2001/02/03 03:43:09
3232 use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
3233 channel. note from Erik.Anggard@cygate.se (pr/1659)
3234 - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
3237 - djm@cvs.openbsd.org 2001/02/04 04:11:56
3238 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
3239 [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
3240 Basic interactive sftp client; ok theo@
3241 - (djm) Update RPM specs for new sftp binary
3242 - (djm) Update several bits for new optional reverse lookup stuff. I
3243 think I got them all.
3244 - (djm) Makefile.in fixes
3245 - (stevesk) add mysignal() wrapper and use it for the protocol 2
3247 - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
3250 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
3251 - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
3252 based file) to ensure #include space does not get confused.
3253 - (bal) Minor Makefile.in tweak. dirname may not exist on some
3254 platforms so builds fail. (NeXT being a well known one)
3257 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
3258 <vinschen@redhat.com>
3259 - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
3260 that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
3263 - (bal) Minor fix to Makefile to stop rebuilding executables if no
3264 changes have occured to any of the supporting code. Patch by
3265 Roumen Petrov <roumen.petrov@skalasoft.com>
3268 - (djm) OpenBSD CVS Sync:
3269 - djm@cvs.openbsd.org 2001/01/30 15:48:53
3271 Make warning message a little more consistent. ok markus@
3272 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
3273 Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
3275 - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
3277 - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
3278 openbsd-compat/. And resolve all ./configure and Makefile.in issues
3282 - (djm) OpenBSD CVS Sync:
3283 - markus@cvs.openbsd.org 2001/01/29 09:55:37
3284 [channels.c channels.h clientloop.c serverloop.c]
3285 fix select overflow; ok deraadt@ and stevesk@
3286 - markus@cvs.openbsd.org 2001/01/29 12:42:35
3287 [canohost.c canohost.h channels.c clientloop.c]
3288 add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
3289 - markus@cvs.openbsd.org 2001/01/29 12:47:32
3290 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
3291 handle rsa_private_decrypt failures; helps against the Bleichenbacher
3293 - djm@cvs.openbsd.org 2001/01/29 05:36:11
3295 Allow invocation of sybsystem by commandline (-s); ok markus@
3296 - (stevesk) configure.in: remove duplicate PROG_LS
3299 - (stevesk) sftp-server.c: use %lld vs. %qd
3302 - (bal) Put USE_PIPES back into sco3.2v5
3303 - (bal) OpenBSD Sync
3304 - markus@cvs.openbsd.org 2001/01/28 10:15:34
3306 re-keying is not supported; ok deraadt@
3307 - markus@cvs.openbsd.org 2001/01/28 10:24:04
3308 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
3309 cleanup AUTHORS sections
3310 - markus@cvs.openbsd.org 2001/01/28 10:37:26
3312 remove -Q, no longer needed
3313 - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
3315 ``StrictHostKeyChecking ask'' documentation and small cleanup.
3317 - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
3319 spelling. ok markus@
3320 - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
3322 use size_t for strlen() return. ok markus@
3323 - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
3325 spelling. use sizeof vs. strlen(). ok markus@
3326 - niklas@cvs.openbsd.org 2001/01/29 1:59:14
3327 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
3328 groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
3329 key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
3330 radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
3331 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
3332 sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
3334 - (bal) Minor auth2.c resync. Whitespace and moving of an #include.
3337 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
3338 Petrov <roumen.petrov@skalasoft.com>
3339 - (bal) OpenBSD Sync
3340 - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
3342 call _exit() in signal handler
3345 - (djm) Sync bsd-* support files:
3346 - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
3347 [rresvport.c bindresvport.c]
3348 new bindresvport() semantics that itojun, shin, jean-luc and i have
3349 agreed on, which will be happy for the future. bindresvport_sa() for
3350 sockaddr *, too. docs later..
3351 - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
3353 in bindresvport(), if sin is non-NULL, example sin->sin_family for
3354 the actual family being processed
3355 - (djm) Mention PRNGd in documentation, it is nicer than EGD
3356 - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
3357 - (bal) AC_FUNC_STRFTIME added to autoconf
3358 - (bal) OpenBSD Resync
3359 - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
3361 missing freeaddrinfo(); ok markus@
3364 - (bal) OpenBSD Resync
3365 - markus@cvs.openbsd.org 2001/01/23 10:45:10
3368 - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
3369 - (bal) #ifdef around S_IFSOCK if platform does not support it.
3370 patch by Tim Rice <tim@multitalents.net>
3371 - (bal) fake-regex.h cleanup based on Tim Rice's patch.
3372 - (stevesk) sftp-server.c: fix chmod() mode mask
3375 - (bal) regexp.h typo in configure.in. Should have been regex.h
3376 - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
3377 - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
3378 - (bal) OpenBSD Resync
3379 - markus@cvs.openbsd.org 2001/01/22 8:15:00
3380 [auth-krb4.c sshconnect1.c]
3381 only AFS needs radix.[ch]
3382 - markus@cvs.openbsd.org 2001/01/22 8:32:53
3384 no need to include; from mouring@etoh.eviladmin.org
3385 - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
3387 free() -> xfree(); ok markus@
3388 - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
3389 [sshconnect2.c sshd.c]
3390 fix memory leaks in SSH2 key exchange; ok markus@
3391 - markus@cvs.openbsd.org 2001/01/22 23:06:39
3392 [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
3393 sshconnect1.c sshconnect2.c sshd.c]
3394 rename skey -> challenge response.
3395 auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
3399 - (bal) OpenBSD Resync
3400 - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
3401 [servconf.c ssh.h sshd.c]
3402 only auth-chall.c needs #ifdef SKEY
3403 - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
3404 [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
3405 auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
3406 packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
3407 session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
3408 ssh1.h sshconnect1.c sshd.c ttymodes.c]
3409 move ssh1 definitions to ssh1.h, pathnames to pathnames.h
3410 - markus@cvs.openbsd.org 2001/01/19 16:48:14
3412 fix typo; from stevesk@
3413 - markus@cvs.openbsd.org 2001/01/19 16:50:58
3415 clear and free digest, make consistent with other code (use dlen); from
3417 - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
3418 [auth-options.c auth-options.h auth-rsa.c auth2.c]
3419 pass the filename to auth_parse_options()
3420 - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
3422 fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
3423 - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
3425 dh_new_group() does not return NULL. ok markus@
3426 - markus@cvs.openbsd.org 2001/01/20 21:33:42
3428 do not loop forever if askpass does not exist; from
3429 andrew@pimlott.ne.mediaone.net
3430 - djm@cvs.openbsd.org 2001/01/20 23:00:56
3432 Check for NULL return from strdelim; ok markus
3433 - djm@cvs.openbsd.org 2001/01/20 23:02:07
3436 - jakob@cvs.openbsd.org 2001/01/21 9:00:33
3438 remove -R flag; ok markus@
3439 - markus@cvs.openbsd.org 2001/01/21 19:05:40
3440 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
3441 auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
3442 auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
3443 bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
3444 cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
3445 deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
3446 key.c key.h log-client.c log-server.c log.c log.h login.c login.h
3447 match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
3448 readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
3449 session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
3450 ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
3451 sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
3452 ttysmodes.c uidswap.c xmalloc.c]
3453 split ssh.h and try to cleanup the #include mess. remove unnecessary
3454 #includes. rename util.[ch] -> misc.[ch]
3455 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
3456 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
3457 conflict when compiling for non-kerb install
3458 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
3462 - (bal) OpenBSD Resync
3463 - markus@cvs.openbsd.org 2001/01/19 12:45:26
3464 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
3465 only auth-chall.c needs #ifdef SKEY
3466 - (bal) Slight auth2-pam.c clean up.
3467 - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
3468 but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
3471 - (djm) Update versions in RPM specfiles
3472 - (bal) OpenBSD Resync
3473 - markus@cvs.openbsd.org 2001/01/18 16:20:21
3474 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
3476 log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
3478 - markus@cvs.openbsd.org 2001/01/18 16:59:59
3479 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
3480 session.h sshconnect1.c]
3481 1) removes fake skey from sshd, since this will be much
3482 harder with /usr/libexec/auth/login_XXX
3483 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
3484 3) make addition of BSD_AUTH and other challenge reponse methods
3486 - markus@cvs.openbsd.org 2001/01/18 17:12:43
3487 [auth-chall.c auth2-chall.c]
3488 rename *-skey.c *-chall.c since the files are not skey specific
3489 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
3490 to fix NULL pointer deref and fake authloop breakage in PAM code.
3491 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
3492 - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
3495 - (bal) Super Sized OpenBSD Resync
3496 - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
3499 - markus@cvs.openbsd.org 2001/01/13 17:59:18
3501 small ssh-keygen manpage cleanup; stevesk@pobox.com
3502 - markus@cvs.openbsd.org 2001/01/13 18:03:07
3503 [scp.c ssh-keygen.c sshd.c]
3504 getopt() returns -1 not EOF; stevesk@pobox.com
3505 - markus@cvs.openbsd.org 2001/01/13 18:06:54
3507 use SSH_DEFAULT_PORT; from stevesk@pobox.com
3508 - markus@cvs.openbsd.org 2001/01/13 18:12:47
3510 free() -> xfree(); fix memory leak; from stevesk@pobox.com
3511 - markus@cvs.openbsd.org 2001/01/13 18:14:13
3513 typo, from stevesk@sweden.hp.com
3514 - markus@cvs.openbsd.org 2001/01/13 18:32:50
3515 [packet.c session.c ssh.c sshconnect.c sshd.c]
3516 split out keepalive from packet_interactive (from dale@accentre.com)
3517 set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
3518 - markus@cvs.openbsd.org 2001/01/13 18:36:45
3521 - markus@cvs.openbsd.org 2001/01/13 18:38:00
3524 - markus@cvs.openbsd.org 2001/01/13 18:43:31
3527 - markus@cvs.openbsd.org 2001/01/13 19:14:08
3528 [clientloop.h clientloop.c ssh.c]
3529 move callback to headerfile
3530 - markus@cvs.openbsd.org 2001/01/15 21:40:10
3532 use log() instead of stderr
3533 - markus@cvs.openbsd.org 2001/01/15 21:43:51
3535 use error() not stderr!
3536 - markus@cvs.openbsd.org 2001/01/15 21:45:29
3538 rename must fail if newpath exists, debug off by default
3539 - markus@cvs.openbsd.org 2001/01/15 21:46:38
3541 readable long listing for sftp-server, ok deraadt@
3542 - markus@cvs.openbsd.org 2001/01/16 19:20:06
3544 make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
3545 galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
3546 since they are in the wrong format, too. they must be removed from
3547 .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
3548 (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
3549 .ssh/authorized_keys2) additionally, we now check that
3550 BN_num_bits(rsa->n) >= 768.
3551 - markus@cvs.openbsd.org 2001/01/16 20:54:27
3553 remove some statics. simpler handles; idea from nisse@lysator.liu.se
3554 - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
3555 [bufaux.c radix.c sshconnect.h sshconnect1.c]
3557 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
3558 be missing such feature.
3562 - (djm) Only write random seed file at exit
3563 - (djm) Make PAM support optional, enable with --with-pam
3564 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
3565 provides a crypt() of its own)
3566 - (djm) Avoid a warning in bsd-bindresvport.c
3567 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
3568 can cause weird segfaults errors on Solaris
3569 - (djm) Avoid warning in PAM code by making read_passphrase arguments const
3570 - (djm) Add --with-pam to RPM spec files
3573 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
3574 - (bal) utimes() support via utime() interface on machine that lack utimes().
3577 - (stevesk) initial work for OpenBSD "support supplementary group in
3578 {Allow,Deny}Groups" patch:
3579 - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
3580 - add bsd-getgrouplist.h
3581 - new files groupaccess.[ch]
3582 - build but don't use yet (need to merge auth.c changes)
3583 - (stevesk) complete:
3584 - markus@cvs.openbsd.org 2001/01/13 11:56:48
3586 support supplementary group in {Allow,Deny}Groups
3587 from stevesk@pobox.com
3590 - (bal) OpenBSD Sync
3591 - markus@cvs.openbsd.org 2001/01/10 22:56:22
3592 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
3593 cleanup sftp-server implementation:
3594 add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
3595 parse SSH2_FILEXFER_ATTR_EXTENDED
3596 send SSH2_FX_EOF if readdir returns no more entries
3597 reply to SSH2_FXP_EXTENDED message
3598 use #defines from the draft
3599 move #definations to sftp.h
3601 http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
3602 - markus@cvs.openbsd.org 2001/01/10 19:43:20
3604 XXX - generate_empheral_server_key() is not safe against races,
3605 because it calls log()
3606 - markus@cvs.openbsd.org 2001/01/09 21:19:50
3608 allow TCP_NDELAY for ipv6; from netbsd via itojun@
3611 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
3612 Bladt Norbert <Norbert.Bladt@adi.ch>
3615 - (bal) Resync CVS ID of cli.c
3616 - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
3618 - (bal) OpenBSD Sync
3619 - markus@cvs.openbsd.org 2001/01/08 22:29:05
3620 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
3621 sshd_config version.h]
3622 implement option 'Banner /etc/issue.net' for ssh2, move version to
3623 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
3625 - markus@cvs.openbsd.org 2001/01/08 22:03:23
3626 [channels.c ssh-keyscan.c]
3627 O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
3628 - markus@cvs.openbsd.org 2001/01/08 21:55:41
3630 more cleanups and fixes from stevesk@pobox.com:
3631 1) try_agent_authentication() for loop will overwrite key just
3632 allocated with key_new(); don't alloc
3633 2) call ssh_close_authentication_connection() before exit
3634 try_agent_authentication()
3635 3) free mem on bad passphrase in try_rsa_authentication()
3636 - markus@cvs.openbsd.org 2001/01/08 21:48:17
3638 missing free; thanks stevesk@pobox.com
3639 - (bal) Detect if clock_t structure exists, if not define it.
3640 - (bal) Detect if O_NONBLOCK exists, if not define it.
3641 - (bal) removed news4-posix.h (now empty)
3642 - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
3644 - (stevesk) sshd_config: sync
3645 - (stevesk) defines.h: remove spurious ``;''
3648 - (bal) Fixed another typo in cli.c
3649 - (bal) OpenBSD Sync
3650 - markus@cvs.openbsd.org 2001/01/07 21:26:55
3653 - markus@cvs.openbsd.org 2001/01/07 21:26:55
3655 missing free, stevesk@pobox.com
3656 - markus@cvs.openbsd.org 2001/01/07 19:06:25
3658 missing free, stevesk@pobox.com
3659 - markus@cvs.openbsd.org 2001/01/07 11:28:04
3660 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
3661 ssh.h sshd.8 sshd.c]
3662 rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
3663 syslog priority changes:
3664 fatal() LOG_ERR -> LOG_CRIT
3665 log() LOG_INFO -> LOG_NOTICE
3669 - (bal) OpenBSD Sync
3670 - markus@cvs.openbsd.org 2001/01/06 11:23:27
3673 - itojun@cvs.openbsd.org 2001/01/05 08:23:29
3676 - markus@cvs.openbsd.org 2001/01/04 22:41:03
3677 [session.c sshconnect.c]
3678 consistent use of _PATH_BSHELL; from stevesk@pobox.com
3679 - djm@cvs.openbsd.org 2001/01/04 22:35:32
3681 Mention AES as available SSH2 Cipher; ok markus
3682 - markus@cvs.openbsd.org 2001/01/04 22:25:58
3684 sync usage()/man with defaults; from stevesk@pobox.com
3685 - markus@cvs.openbsd.org 2001/01/04 22:21:26
3687 handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
3688 that prints a banner (e.g. /etc/issue.net)
3691 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
3692 - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
3695 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
3696 work by Chris Vaughan <vaughan99@yahoo.com>
3699 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
3700 tree (mainly positioning)
3701 - (bal) OpenSSH CVS Update
3702 - markus@cvs.openbsd.org 2001/01/02 20:41:02
3704 log remote ip on disconnect; PR 1600 from jcs@rt.fm
3705 - markus@cvs.openbsd.org 2001/01/02 20:50:56
3707 strict_host_key_checking for host_status != HOST_CHANGED &&
3708 ip_status == HOST_CHANGED
3709 - (bal) authfile.c: Synced CVS ID tag
3710 - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
3711 - (bal) Disable sftp-server if no 64bit int support exists. Based on
3712 patch by Tim Rice <tim@multitalents.net>
3713 - (bal) Makefile.in changes to uninstall: target to remove sftp-server
3714 and sftp-server.8 manpage.
3717 - (bal) OpenBSD CVS Update
3718 - markus@cvs.openbsd.org 2001/01/01 14:52:49
3720 use shared fatal(); from stevesk@pobox.com
3723 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
3724 for multiple reasons.
3725 - (bal) Reverted out of a partial NeXT patch.
3728 - (bal) OpenBSD CVS Update
3729 - markus@cvs.openbsd.org 2000/12/28 18:58:30
3731 enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
3732 - markus@cvs.openbsd.org 2000/12/29 22:19:13
3734 missing xfree; from vaughan99@yahoo.com
3735 - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
3736 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
3737 Suggested by Christian Kurz <shorty@debian.org>
3738 - (bal) Add in '.c.o' section to Makefile.in to address make programs that
3739 don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
3740 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
3743 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
3744 Kurz <shorty@debian.org>
3745 - (bal) OpenBSD CVS Update
3746 - markus@cvs.openbsd.org 2000/12/28 14:25:51
3748 count authentication failures only
3749 - markus@cvs.openbsd.org 2000/12/28 14:25:03
3751 fingerprint for MITM attacks, too.
3752 - markus@cvs.openbsd.org 2000/12/28 12:03:57
3755 - markus@cvs.openbsd.org 2000/12/27 14:19:21
3758 - markus@cvs.openbsd.org 2000/12/27 12:34
3759 [auth1.c sshconnect2.c sshd.c]
3761 - markus@cvs.openbsd.org 2000/12/27 12:30:19
3762 [readconf.c readconf.h ssh.1 sshconnect.c]
3763 new option: HostKeyAlias: allow the user to record the host key
3764 under a different name. This is useful for ssh tunneling over
3765 forwarded connections or if you run multiple sshd's on different
3766 ports on the same machine.
3767 - markus@cvs.openbsd.org 2000/12/27 11:51:53
3769 multiple -t force pty allocation, document ORIGINAL_COMMAND
3770 - markus@cvs.openbsd.org 2000/12/27 11:41:31
3773 - (stevesk) compress.[ch] sync with openbsd; missed in prototype
3777 - (bal) Patch to add libutil.h to loginrec.c only if the platform has
3778 libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
3779 - (djm) Update to new x11-askpass in RPM spec
3780 - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
3781 header. Patch by Tim Rice <tim@multitalents.net>
3782 - Updated TODO w/ known HP/UX issue
3783 - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
3784 bad reference to 'NeXT including it else were' on the #ifdef version.
3787 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
3788 Takumi Yamane <yamtak@b-session.com>
3789 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
3790 by Corinna Vinschen <vinschen@redhat.com>
3791 - (djm) Fix catman-do target for non-bash
3792 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
3793 Takumi Yamane <yamtak@b-session.com>
3794 - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
3795 by Corinna Vinschen <vinschen@redhat.com>
3796 - (djm) Fix catman-do target for non-bash
3797 - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
3798 - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
3800 - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
3801 the info in COPYING.Ylonen has been moved to the start of each
3802 SSH1-derived file and README.Ylonen is well out of date.
3805 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
3806 if a change to config.h has occurred. Suggested by Gert Doering
3807 <gert@greenie.muc.de>
3808 - (bal) OpenBSD CVS Update:
3809 - markus@cvs.openbsd.org 2000/12/22 16:49:40
3811 fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
3814 - Updated RCSID for pty.c
3815 - (bal) OpenBSD CVS Updates:
3816 - markus@cvs.openbsd.org 2000/12/21 15:10:16
3817 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
3818 print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
3819 - markus@cvs.openbsd.org 2000/12/20 19:26:56
3821 allow ssh -i userkey for root
3822 - markus@cvs.openbsd.org 2000/12/20 19:37:21
3823 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
3824 fix prototypes; from stevesk@pobox.com
3825 - markus@cvs.openbsd.org 2000/12/20 19:32:08
3827 init pointer to NULL; report from Jan.Ivan@cern.ch
3828 - markus@cvs.openbsd.org 2000/12/19 23:17:54
3829 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
3830 auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
3831 bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
3832 crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
3833 key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
3834 packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
3835 serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
3836 ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
3837 uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
3838 replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
3839 unsigned' with u_char.
3842 - (stevesk) OpenBSD CVS updates:
3843 - markus@cvs.openbsd.org 2000/12/19 15:43:45
3844 [authfile.c channels.c sftp-server.c ssh-agent.c]
3845 remove() -> unlink() for consistency
3846 - markus@cvs.openbsd.org 2000/12/19 15:48:09
3848 replace <ssl/x.h> with <openssl/x.h>
3849 - markus@cvs.openbsd.org 2000/12/17 02:33:40
3851 typo; from wsanchez@apple.com
3854 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
3855 and Linux-PAM. Based on report and fix from Andrew Morgan
3856 <morgan@transmeta.com>
3859 - (stevesk) rsa.c: entropy.h not needed.
3860 - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
3861 Suggested by Wilfredo Sanchez <wsanchez@apple.com>
3864 - (stevesk) OpenBSD CVS updates:
3865 - markus@cvs.openbsd.org 2000/12/16 02:53:57
3867 allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
3868 - markus@cvs.openbsd.org 2000/12/16 02:39:57
3870 unused; from stevesk@pobox.com
3873 - (stevesk) Old OpenBSD patch wasn't completely applied:
3874 - markus@cvs.openbsd.org 2000/01/24 22:11:20
3876 allow '.' in usernames; from jedgar@fxp.org
3877 - (stevesk) OpenBSD CVS updates:
3878 - markus@cvs.openbsd.org 2000/12/13 16:26:53
3880 fatal already adds \n; from stevesk@pobox.com
3881 - markus@cvs.openbsd.org 2000/12/13 16:25:44
3883 remove redundant spaces; from stevesk@pobox.com
3884 - ho@cvs.openbsd.org 2000/12/12 15:50:21
3886 When failing to set tty owner and mode on a read-only filesystem, don't
3887 abort if the tty already has correct owner and reasonably sane modes.
3888 Example; permit 'root' to login to a firewall with read-only root fs.
3890 - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
3893 - markus@cvs.openbsd.org 2000/12/12 14:45:21
3895 source port < 1024 is no longer required for rhosts-rsa since it
3896 adds no additional security.
3897 - markus@cvs.openbsd.org 2000/12/12 16:11:49
3899 rhosts-rsa is no longer automagically disabled if ssh is not privileged.
3900 UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
3901 these changes should not change the visible default behaviour of the ssh client.
3902 - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
3904 when copying 0-sized files, do not re-print ETA time at completion
3905 - provos@cvs.openbsd.org 2000/12/15 10:30:15
3906 [kex.c kex.h sshconnect2.c sshd.c]
3907 compute diffie-hellman in parallel between server and client. okay markus@
3910 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
3911 from Andreas M. Kirchwitz <amk@krell.zikzak.de>
3912 - (stevesk) OpenBSD CVS update:
3913 - markus@cvs.openbsd.org 2000/12/12 15:30:02
3914 [ssh-keyscan.c ssh.c sshd.c]
3915 consistently use __progname; from stevesk@pobox.com
3918 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
3919 patch to install ssh-keyscan manpage. Patch by Pekka Savola
3921 - (bal) OpenbSD CVS update
3922 - markus@cvs.openbsd.org 2000/12/10 17:01:53
3924 always request new challenge for skey/tis-auth, fixes interop with
3925 other implementations; report from roth@feep.net
3928 - (bal) OpenBSD CVS updates
3929 - markus@cvs.openbsd.org 2000/12/09 13:41:51
3930 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
3931 undo rijndael changes
3932 - markus@cvs.openbsd.org 2000/12/09 13:48:31
3934 fix byte order bug w/o introducing new implementation
3935 - markus@cvs.openbsd.org 2000/12/09 14:08:27
3937 "" -> "." for realpath; from vinschen@redhat.com
3938 - markus@cvs.openbsd.org 2000/12/09 14:06:54
3940 extern int optind; from stevesk@sweden.hp.com
3941 - provos@cvs.openbsd.org 2000/12/09 23:51:11
3943 remove unnecessary '\n'
3946 - (bal) OpenBSD CVS updates:
3947 - djm@cvs.openbsd.org 2000/12/07 4:24:59
3949 Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
3952 - (bal) OpenBSD CVS updates:
3953 - markus@cvs.openbsd.org 2000/12/06 22:58:14
3954 [compat.c compat.h packet.c]
3955 disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
3956 - markus@cvs.openbsd.org 2000/12/06 23:10:39
3959 - markus@cvs.openbsd.org 2000/12/06 23:05:43
3960 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
3961 new rijndael implementation. fixes endian bugs
3964 - (bal) OpenBSD CVS updates:
3965 - markus@cvs.openbsd.org 2000/12/05 20:34:09
3966 [channels.c channels.h clientloop.c serverloop.c]
3967 async connects for -R/-L; ok deraadt@
3968 - todd@cvs.openssh.org 2000/12/05 16:47:28
3970 tweak comment to reflect real location of pid file; ok provos@
3971 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
3972 have it (used in ssh-keyscan).
3973 - (stevesk) OpenBSD CVS update:
3974 - markus@cvs.openbsd.org 2000/12/06 19:57:48
3976 err(3) -> internal error(), from stevesk@sweden.hp.com
3979 - (bal) OpenBSD CVS updates:
3980 - markus@cvs.openbsd.org 2000/12/04 19:24:02
3981 [ssh-keyscan.c ssh-keyscan.1]
3982 David Maziere's ssh-keyscan, ok niels@
3983 - (bal) Updated Makefile.in to include ssh-keyscan that was just added
3984 to the recent OpenBSD source tree.
3985 - (stevesk) fix typos in contrib/hpux/README
3988 - (bal) More C functions defined in NeXT that are unaccessable without
3990 - (bal) OpenBSD CVS updates:
3991 - markus@cvs.openbsd.org 2000/12/03 11:29:04
3993 remove fallback to SSH_BUG_HMAC now that the drafts are updated
3994 - markus@cvs.openbsd.org 2000/12/03 11:27:55
3996 correctly match "2.1.0.pl2 SSH" etc; from
3997 pekkas@netcore.fi/bugzilla.redhat
3998 - markus@cvs.openbsd.org 2000/12/03 11:15:03
3999 [auth2.c compat.c compat.h sshconnect2.c]
4000 support f-secure/ssh.com 2.0.12; ok niels@
4003 - (bal) OpenBSD CVS updates:
4004 - markus@cvs.openbsd.org 2000/11/30 22:54:31
4006 debug->warn if tried to do -R style fwd w/o client requesting this;
4008 - markus@cvs.openbsd.org 2000/11/29 20:39:17
4010 des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
4011 - markus@cvs.openbsd.org 2000/11/30 18:33:05
4013 agents must not dump core, ok niels@
4014 - markus@cvs.openbsd.org 2000/11/30 07:04:02
4016 T is for both protocols
4017 - markus@cvs.openbsd.org 2000/12/01 00:00:51
4019 typo; from green@FreeBSD.org
4020 - markus@cvs.openbsd.org 2000/11/30 07:02:35
4022 check -T before isatty()
4023 - provos@cvs.openbsd.org 2000/11/29 13:51:27
4025 show IP address and hostname when new key is encountered. okay markus@
4026 - markus@cvs.openbsd.org 2000/11/30 22:53:35
4028 disable agent/x11/port fwding if hostkey has changed; ok niels@
4029 - marksu@cvs.openbsd.org 2000/11/29 21:11:59
4031 sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
4032 from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
4033 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
4034 PAM authentication using KbdInteractive.
4035 - (djm) Added another TODO
4038 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
4039 - (bal) Irix need some sort of mansubdir, patch by Michael Stone
4040 <mstone@cs.loyola.edu>
4043 - (djm) Back out all the serverloop.c hacks. sshd will now hang again
4044 if there are background children with open fds.
4045 - (djm) bsd-rresvport.c bzero -> memset
4046 - (djm) Don't fail in defines.h on absence of 64 bit types (we will
4047 still fail during compilation of sftp-server).
4048 - (djm) Fail if ar is not found during configure
4049 - (djm) OpenBSD CVS updates:
4050 - provos@cvs.openbsd.org 2000/11/22 08:38:31
4052 talk about /etc/primes, okay markus@
4053 - markus@cvs.openbsd.org 2000/11/23 14:03:48
4054 [ssh.c sshconnect1.c sshconnect2.c]
4055 complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
4057 - markus@cvs.openbsd.org 2000/11/25 09:42:53
4059 reorder check for illegal ciphers, bugreport from espie@
4060 - markus@cvs.openbsd.org 2000/11/25 10:19:34
4061 [ssh-keygen.c ssh.h]
4062 print keytype when generating a key.
4063 reasonable defaults for RSA1/RSA/DSA keys.
4064 - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
4065 more manpage paths in fixpaths calls
4066 - (djm) Also add xauth path at Pekka's suggestion.
4067 - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
4070 - (djm) Give up privs when reading seed file
4073 - (bal) Merge OpenBSD changes:
4074 - markus@cvs.openbsd.org 2000/11/15 22:31:36
4076 case insensitive key options; from stevesk@sweeden.hp.com
4077 - markus@cvs.openbsd.org 2000/11/16 17:55:43
4079 do not use perror() in sshd, after child is forked()
4080 - markus@cvs.openbsd.org 2000/11/14 23:42:40
4082 parse option only if key matches; fix some confusing seen by the client
4083 - markus@cvs.openbsd.org 2000/11/14 23:44:19
4085 check no_agent_forward_flag for ssh-2, too
4086 - markus@cvs.openbsd.org 2000/11/15
4088 reorder SYNOPSIS; typo, use .It
4089 - markus@cvs.openbsd.org 2000/11/14 23:48:55
4091 do not reorder keys if a key is removed
4092 - markus@cvs.openbsd.org 2000/11/15 19:58:08
4094 just ignore non existing user keys
4095 - millert@cvs.openbsd.org 200/11/15 20:24:43
4097 Add missing \n at end of error message.
4100 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
4102 - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
4105 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
4106 has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
4107 - (stevesk) Reworked progname support.
4108 - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
4109 Shinichi Maruyama <marya@st.jip.co.jp>
4112 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
4114 - (bal) Make builds work outside of source tree. Patch by Mark D. Roth
4118 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
4120 - (djm) Merge OpenBSD changes:
4121 - markus@cvs.openbsd.org 2000/11/06 16:04:56
4122 [channels.c channels.h clientloop.c nchan.c serverloop.c]
4124 agent forwarding and -R for ssh2, based on work from
4125 jhuuskon@messi.uku.fi
4126 - markus@cvs.openbsd.org 2000/11/06 16:13:27
4127 [ssh.c sshconnect.c sshd.c]
4128 do not disabled rhosts(rsa) if server port > 1024; from
4130 - markus@cvs.openbsd.org 2000/11/06 16:16:35
4132 downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
4133 - markus@cvs.openbsd.org 2000/11/09 18:04:40
4135 typo; from mouring@pconline.com
4136 - markus@cvs.openbsd.org 2000/11/12 12:03:28
4138 off-by-one when removing a key from the agent
4139 - markus@cvs.openbsd.org 2000/11/12 12:50:39
4140 [auth-rh-rsa.c auth2.c authfd.c authfd.h]
4141 [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
4142 [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
4143 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
4144 [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
4145 [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
4146 add support for RSA to SSH2. please test.
4147 there are now 3 types of keys: RSA1 is used by ssh-1 only,
4148 RSA and DSA are used by SSH2.
4149 you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
4150 keys for SSH2 and use the RSA keys for hostkeys or for user keys.
4151 SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
4152 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
4153 - (djm) Change to interim version
4154 - (djm) Fix RPM spec file stupidity
4155 - (djm) fixpaths to DSA and RSA keys too
4158 - (bal) SCO Patch to add needed libraries for configure.in. Patch by
4159 Phillips Porch <root@theporch.com>
4160 - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
4162 - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
4163 failed ioctl(TIOCSCTTY) call.
4166 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
4168 - (djm) Fix new Makefile.in warnings
4169 - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
4170 promoted to type int. Report and fix from Dan Astoorian
4171 <djast@cs.toronto.edu>
4172 - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
4173 it wrong. Report from Bennett Todd <bet@rahul.net>
4176 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
4177 - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
4178 - (bal) Added in check to verify S/Key library is being detected in
4180 - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
4181 Patch by Mark Miller <markm@swoon.net>
4182 - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
4183 to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
4184 - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
4187 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
4188 Mark Miller <markm@swoon.net>
4189 - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
4190 Jarno Huuskonen <jhuuskon@messi.uku.fi>
4191 - (bal) fixpaths fixed to stop it from quitely failing. Patch by
4192 Mark D. Roth <roth@feep.net>
4195 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
4196 - (djm) Manually fix up missed diff hunks (mainly RCS idents)
4197 - (djm) Remove UPGRADING document in favour of a link to the better
4198 maintained FAQ on www.openssh.com
4199 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
4201 - (djm) Don't need X11-askpass in RPM spec file if building without it
4202 from Pekka Savola <pekkas@netcore.fi>
4203 - (djm) Release 2.3.0p1
4204 - (bal) typo in configure.in in regards to --with-ldflags from Marko
4205 Asplund <aspa@kronodoc.fi>
4206 - (bal) fixed next-posix.h. Forgot prototype of getppid().
4209 - (bal) Sync with OpenBSD:
4210 - markus@cvs.openbsd.org 2000/10/31 9:31:58
4212 handle all old openssh versions
4213 - markus@cvs.openbsd.org 2000/10/31 13:1853
4215 so that large packets do not wrap "n"; from netbsd
4216 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
4217 - (bal) auth2-skey.c - Checked in. Missing from portable tree.
4218 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
4219 setsid() into more common files
4220 - (stevesk) pty.c: use __hpux to identify HP-UX.
4221 - (bal) Missed auth-skey.o in Makefile.in and minor correction to
4225 - (stevesk) Fix typo in auth.c: USE_PAM not PAM
4226 - (stevesk) Create contrib/cygwin/ directory; patch from
4227 Corinna Vinschen <vinschen@redhat.com>
4228 - (bal) Resolved more $xno and $xyes issues in configure.in
4229 - (bal) next-posix.h - spelling and forgot a prototype
4232 - (djm) fix select hack in serverloop.c from Philippe WILLEM
4233 <Philippe.WILLEM@urssaf.fr>
4234 - (djm) Fix mangled AIXAUTHENTICATE code
4235 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
4236 <markus.friedl@informatik.uni-erlangen.de>
4237 - (djm) Sync with OpenBSD:
4238 - markus@cvs.openbsd.org 2000/10/16 15:46:32
4240 fixes from pekkas@netcore.fi
4241 - markus@cvs.openbsd.org 2000/10/17 14:28:11
4243 return number of characters processed; ok deraadt@
4244 - markus@cvs.openbsd.org 2000/10/18 12:04:02
4247 - markus@cvs.openbsd.org 2000/10/18 12:23:02
4249 replace atomicio(read,...) with read(); ok deraadt@
4250 - markus@cvs.openbsd.org 2000/10/18 12:42:00
4252 restore old record login behaviour
4253 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
4255 fmt string problem in unused code
4256 - provos@cvs.openbsd.org 2000/10/19 10:45:16
4258 don't reference freed memory. okay deraadt@
4259 - markus@cvs.openbsd.org 2000/10/21 11:04:23
4261 typo, eramore@era-t.ericsson.se; ok niels@
4262 - markus@cvs.openbsd.org 2000/10/23 13:31:55
4264 non-alignment dependent swap_bytes(); from
4265 simonb@wasabisystems.com/netbsd
4266 - markus@cvs.openbsd.org 2000/10/26 12:38:28
4268 add older vandyke products
4269 - markus@cvs.openbsd.org 2000/10/27 01:32:19
4270 [channels.c channels.h clientloop.c serverloop.c session.c]
4272 enable non-blocking IO on channels, and tty's (except for the
4276 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
4279 - (djm) Added WARNING.RNG file and modified configure to ask users of the
4280 builtin entropy code to read it.
4281 - (djm) Prefer builtin regex to PCRE.
4282 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
4283 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
4287 - (djm) Don't define _REENTRANT for SNI/Reliant Unix
4288 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
4289 is more correct then current version.
4292 - (stevesk) Add initial support for setproctitle(). Current
4293 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
4294 - (stevesk) Add egd startup scripts to contrib/hpux/
4297 - (djm) Add -lregex to cywin libs from Corinna Vinschen
4298 <vinschen@cygnus.com>
4299 - (djm) Don't rely on atomicio's retval to determine length of askpass
4300 supplied passphrase. Problem report from Lutz Jaenicke
4301 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4302 - (bal) Changed from GNU rx to PCRE on suggestion from djm.
4303 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
4304 <nakaji@tutrp.tut.ac.jp>
4307 - (djm) Sync with OpenBSD:
4308 - markus@cvs.openbsd.org 2000/10/14 04:01:15
4311 - markus@cvs.openbsd.org 2000/10/14 04:07:23
4313 remove spaces from arguments; from djm@mindrot.org
4314 - markus@cvs.openbsd.org 2000/10/14 06:09:46
4316 Cipher is for SSH-1 only
4317 - markus@cvs.openbsd.org 2000/10/14 06:12:09
4318 [servconf.c servconf.h serverloop.c session.c sshd.8]
4319 AllowTcpForwarding; from naddy@
4320 - markus@cvs.openbsd.org 2000/10/14 06:16:56
4321 [auth2.c compat.c compat.h sshconnect2.c version.h]
4322 OpenSSH_2.3; note that is is not complete, but the version number
4323 needs to be changed for interoperability reasons
4324 - markus@cvs.openbsd.org 2000/10/14 06:19:45
4326 do not send RSA challenge if key is not allowed by key-options; from
4328 - markus@cvs.openbsd.org 2000/10/15 08:14:01
4329 [rijndael.c session.c]
4330 typos; from stevesk@sweden.hp.com
4331 - markus@cvs.openbsd.org 2000/10/15 08:18:31
4334 - (djm) Copy manpages back over from OpenBSD - too tedious to wade
4336 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
4338 - (djm) Update version in Redhat spec file
4339 - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
4340 Redhat 7.0 spec file
4341 - (djm) Make inability to read/write PRNG seedfile non-fatal
4345 - (djm) Fix ssh2 hang on background processes at logout.
4348 - (bal) Add support for realpath and getcwd for platforms with broken
4349 or missing realpath implementations for sftp-server.
4350 - (bal) Corrected mistake in INSTALL in regards to GNU rx library
4351 - (bal) Add support for GNU rx library for those lacking regexp support
4352 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
4353 - (djm) Revert SSH2 serverloop hack, will find a better way.
4354 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
4355 from Martin Johansson <fatbob@acc.umu.se>
4356 - (djm) Big OpenBSD sync:
4357 - markus@cvs.openbsd.org 2000/09/30 10:27:44
4359 allow loglevel debug
4360 - markus@cvs.openbsd.org 2000/10/03 11:59:57
4363 - markus@cvs.openbsd.org 2000/10/03 12:03:03
4364 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
4365 move fake-auth from auth1.c to individual auth methods, disables s/key in
4367 - markus@cvs.openbsd.org 2000/10/03 12:16:48
4369 do not resolve canonname, i have no idea why this was added oin ossh
4370 - markus@cvs.openbsd.org 2000/10/09 15:30:44
4371 ssh-keygen.1 ssh-keygen.c
4372 -X now reads private ssh.com DSA keys, too.
4373 - markus@cvs.openbsd.org 2000/10/09 15:32:34
4375 clear options on every call.
4376 - markus@cvs.openbsd.org 2000/10/09 15:51:00
4378 interop with ssh-agent2, from <res@shore.net>
4379 - markus@cvs.openbsd.org 2000/10/10 14:20:45
4381 use rexexp for version string matching
4382 - provos@cvs.openbsd.org 2000/10/10 22:02:18
4383 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
4384 First rough implementation of the diffie-hellman group exchange. The
4385 client can ask the server for bigger groups to perform the diffie-hellman
4386 in, thus increasing the attack complexity when using ciphers with longer
4387 keys. University of Windsor provided network, T the company.
4388 - markus@cvs.openbsd.org 2000/10/11 13:59:52
4389 [auth-rsa.c auth2.c]
4390 clear auth options unless auth sucessfull
4391 - markus@cvs.openbsd.org 2000/10/11 14:00:27
4393 clear auth options unless auth sucessfull
4394 - markus@cvs.openbsd.org 2000/10/11 14:03:27
4396 support 'scp -o' with help from mouring@pconline.com
4397 - markus@cvs.openbsd.org 2000/10/11 14:11:35
4400 - markus@cvs.openbsd.org 2000/10/11 14:14:40
4401 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
4402 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
4403 add support for s/key (kbd-interactive) to ssh2, based on work by
4404 mkiernan@avantgo.com and me
4405 - markus@cvs.openbsd.org 2000/10/11 14:27:24
4406 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
4407 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
4408 [sshconnect2.c sshd.c]
4409 new cipher framework
4410 - markus@cvs.openbsd.org 2000/10/11 14:45:21
4413 - markus@cvs.openbsd.org 2000/10/12 03:59:20
4414 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
4415 enable DES in SSH-1 clients only
4416 - markus@cvs.openbsd.org 2000/10/12 08:21:13
4419 - markus@cvs.openbsd.org 2000/10/13 12:34:46
4421 Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
4422 - markus@cvs.openbsd.org 2000/10/13 12:59:15
4423 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
4424 rijndael/aes support
4425 - markus@cvs.openbsd.org 2000/10/13 13:10:54
4428 - markus@cvs.openbsd.org 2000/10/13 13:12:02
4430 prefer no compression
4431 - (djm) Fix scp user@host handling
4432 - (djm) Don't clobber ssh_prng_cmds on install
4433 - (stevesk) Include config.h in rijndael.c so we define intXX_t and
4434 u_intXX_t types on all platforms.
4435 - (stevesk) rijndael.c: cleanup missing declaration warnings.
4436 - (stevesk) ~/.hushlogin shouldn't cause required password change to
4438 - (stevesk) Display correct path to ssh-askpass in configure output.
4439 Report from Lutz Jaenicke.
4442 - (stevesk) Print PAM return value in PAM log messages to aid
4444 - (stevesk) Fix detection of pw_class struct member in configure;
4445 patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
4448 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
4449 - (djm) Add host system and CC to end-of-configure report. Suggested by
4450 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4453 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
4456 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
4457 - (djm) Support in bsd-snprintf.c for long long conversions from
4458 Ben Lindstrom <mouring@pconline.com>
4459 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
4460 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
4461 very short lived X connections. Bug report from Tobias Oetiker
4462 <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
4463 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
4464 patch from Pekka Savola <pekkas@netcore.fi>
4465 - (djm) Forgot to cvs add LICENSE file
4466 - (djm) Add LICENSE to RPM spec files
4467 - (djm) CVS OpenBSD sync:
4468 - markus@cvs.openbsd.org 2000/09/26 13:59:59
4471 - markus@cvs.openbsd.org 2000/09/27 15:41:34
4472 [auth2.c sshconnect2.c]
4474 - markus@cvs.openbsd.org 2000/09/28 12:03:18
4476 debug -> debug2 cleanup
4477 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
4478 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
4479 <Alain.St-Denis@ec.gc.ca>
4480 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
4481 Problem was caused by interrupted read in ssh-add. Report from Donald
4482 J. Barry <don@astro.cornell.edu>
4485 - (djm) Fix SSH2 not terminating until all background tasks done problem.
4486 - (djm) Another off-by-one fix from Pavel Kankovsky
4487 <peak@argo.troja.mff.cuni.cz>
4488 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
4489 tidy necessary differences. Use Markus' new debugN() in entropy.c
4490 - (djm) Merged big SCO portability patch from Tim Rice
4491 <tim@multitalents.net>
4494 - (djm) Update X11-askpass to 1.0.2 in RPM spec file
4495 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
4496 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
4497 Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
4500 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
4501 - (djm) A bit more cleanup - created cygwin_util.h
4502 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
4506 - (djm) Fix address logging in utmp from Kevin Steves
4507 <stevesk@sweden.hp.com>
4508 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
4509 - (djm) Seperate tests for int64_t and u_int64_t types
4510 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
4511 <stevesk@sweden.hp.com>
4512 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
4513 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
4514 Michael Stone <mstone@cs.loyola.edu>
4515 - (djm) OpenBSD CVS sync:
4516 - markus@cvs.openbsd.org 2000/09/17 09:38:59
4517 [sshconnect2.c sshd.c]
4519 - markus@cvs.openbsd.org 2000/09/17 09:52:51
4522 - markus@cvs.openbsd.org 2000/09/21 04:55:11
4525 - markus@cvs.openbsd.org 2000/09/21 05:03:54
4528 - markus@cvs.openbsd.org 2000/09/21 05:11:42
4530 utime() to utimes(); mouring@pconline.com
4531 - markus@cvs.openbsd.org 2000/09/21 05:25:08
4533 change login logic in ssh2, allows plugin of other auth methods
4534 - markus@cvs.openbsd.org 2000/09/21 05:25:35
4535 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
4537 add context to dispatch_run
4538 - markus@cvs.openbsd.org 2000/09/21 05:07:52
4539 authfd.c authfd.h ssh-agent.c
4540 bug compat for old ssh.com software
4543 - (djm) Fix bad path substitution. Report from Andrew Miner
4544 <asminer@cs.iastate.edu>
4547 - (djm) Fix SSL search order from Lutz Jaenicke
4548 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
4549 - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
4550 - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
4551 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
4552 Patch from Larry Jones <larry.jones@sdrc.com>
4553 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
4554 password change patch.
4555 - (djm) Bring licenses on my stuff in line with OpenBSD's
4556 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
4557 Kevin Steves <stevesk@sweden.hp.com>
4558 - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
4559 - (djm) Re-enable int64_t types - we need them for sftp
4560 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
4561 - (djm) Update Redhat SPEC file accordingly
4562 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
4563 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
4564 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
4565 <Dirk.DeWachter@rug.ac.be>
4566 - (djm) Fixprogs and entropy list fixes from Larry Jones
4567 <larry.jones@sdrc.com>
4568 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
4569 <tyoshida@gemini.rc.kyushu-u.ac.jp>
4570 - (djm) Merge OpenBSD changes:
4571 - markus@cvs.openbsd.org 2000/09/05 02:59:57
4573 print hostname (not hushlogin)
4574 - markus@cvs.openbsd.org 2000/09/05 13:18:48
4575 [authfile.c ssh-add.c]
4576 enable ssh-add -d for DSA keys
4577 - markus@cvs.openbsd.org 2000/09/05 13:20:49
4580 - markus@cvs.openbsd.org 2000/09/06 03:46:41
4583 - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
4585 cleanup copyright notices on all files. I have attempted to be
4586 accurate with the details. everything is now under Tatu's licence
4587 (which I copied from his readme), and/or the core-sdi bsd-ish thing
4588 for deattack, or various openbsd developers under a 2-term bsd
4589 licence. We're not changing any rules, just being accurate.
4590 - markus@cvs.openbsd.org 2000/09/07 14:40:30
4591 [channels.c channels.h clientloop.c serverloop.c ssh.c]
4592 cleanup window and packet sizes for ssh2 flow control; ok niels
4593 - markus@cvs.openbsd.org 2000/09/07 14:53:00
4596 - markus@cvs.openbsd.org 2000/09/07 15:13:37
4597 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
4598 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
4600 some more Copyright fixes
4601 - markus@cvs.openbsd.org 2000/09/08 03:02:51
4604 - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
4606 a few more comments about it being ARC4 not RC4
4607 - markus@cvs.openbsd.org 2000/09/12 14:53:11
4608 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
4609 multiple debug levels
4610 - markus@cvs.openbsd.org 2000/09/14 14:25:15
4613 - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
4615 check return value for setenv(3) for failure, and deal appropriately
4618 - (djm) Fix server not exiting with jobs in background.
4621 - (djm) Import OpenBSD CVS changes
4622 - markus@cvs.openbsd.org 2000/08/31 15:52:24
4623 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
4624 implement a SFTP server. interops with sftp2, scp2 and the windows
4626 - markus@cvs.openbsd.org 2000/08/31 15:56:03
4629 - markus@cvs.openbsd.org 2000/08/31 16:05:42
4632 - markus@cvs.openbsd.org 2000/08/31 16:09:34
4633 [authfd.c ssh-agent.c]
4634 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
4635 - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
4637 cleanup and fix -S support; stevesk@sweden.hp.com
4638 - markus@cvs.openbsd.org 2000/09/01 16:29:32
4641 - markus@cvs.openbsd.org 2000/09/01 16:32:41
4643 fix cast; mouring@pconline.com
4644 - itojun@cvs.openbsd.org 2000/09/03 09:23:28
4646 add missing .El against .Bl.
4647 - markus@cvs.openbsd.org 2000/09/04 13:03:41
4649 missing close; ok theo
4650 - markus@cvs.openbsd.org 2000/09/04 13:07:21
4652 fix get_last_login_time order; from andre@van-veen.de
4653 - markus@cvs.openbsd.org 2000/09/04 13:10:09
4655 more cast fixes; from mouring@pconline.com
4656 - markus@cvs.openbsd.org 2000/09/04 13:06:04
4658 set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
4659 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
4660 - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
4663 - (djm) Fix Redhat init script
4666 - (djm) Pick up Jim's new X11-askpass
4667 - (djm) Release 2.2.0p1
4670 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
4671 <acox@cv.telegroup.com>
4672 - (djm) Pick up new version (2.2.0) from OpenBSD CVS
4675 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
4676 - (djm) Periodically rekey arc4random
4677 - (djm) Clean up diff against OpenBSD.
4678 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
4679 <stevesk@sweden.hp.com>
4680 - (djm) Quieten the pam delete credentials error message
4681 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
4682 Kevin Steves <stevesk@sweden.hp.com>
4683 - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
4684 - (djm) Fix doh in bsd-arc4random.c
4687 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
4688 Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
4689 Garrick James <garrick@james.net>
4690 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
4691 Bastian Trompetter <btrompetter@firemail.de>
4692 - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
4693 - More OpenBSD updates:
4694 - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
4696 off_t in sink, to fix files > 2GB, i think, test is still running ;-)
4697 - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
4700 - markus@cvs.openbsd.org 2000/08/26 04:33:43
4703 - markus@cvs.openbsd.org 2000/08/27 12:18:05
4705 compatibility with future ssh.com versions
4706 - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
4707 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
4708 print uid/gid as unsigned
4709 - markus@cvs.openbsd.org 2000/08/28 13:51:00
4711 enable -n and -f for ssh2
4712 - markus@cvs.openbsd.org 2000/08/28 14:19:53
4714 allow combination of -N and -f
4715 - markus@cvs.openbsd.org 2000/08/28 14:20:56
4718 - markus@cvs.openbsd.org 2000/08/28 14:22:02
4721 - markus@cvs.openbsd.org 2000/08/28 14:23:38
4723 don't complain if setting NONBLOCK fails with ENODEV
4726 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
4727 Avoids "scp never exits" problem. Reports from Lutz Jaenicke
4728 <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
4729 <kajiyama@grad.sccs.chukyo-u.ac.jp>
4730 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
4731 - (djm) Add local version to version.h
4732 - (djm) Don't reseed arc4random everytime it is used
4733 - (djm) OpenBSD CVS updates:
4734 - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
4736 accept remsh as a valid name as well; roman@buildpoint.com
4737 - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
4738 [deattack.c crc32.c packet.c]
4739 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
4740 libz crc32 function yet, because it has ugly "long"'s in it;
4742 - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
4744 -S prog support; tv@debian.org
4745 - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
4748 - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
4751 - markus@cvs.openbsd.org 2000/08/19 12:48:11
4752 [channels.c channels.h clientloop.c ssh.c ssh.h]
4753 support for ~. in ssh2
4754 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
4757 - markus@cvs.openbsd.org 2000/08/19 15:34:44
4758 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
4759 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
4760 [fingerprint.c fingerprint.h]
4761 add SSH2/DSA support to the agent and some other DSA related cleanups.
4762 (note that we cannot talk to ssh.com's ssh2 agents)
4763 - markus@cvs.openbsd.org 2000/08/19 15:55:52
4764 [channels.c channels.h clientloop.c]
4765 more ~ support for ssh2
4766 - markus@cvs.openbsd.org 2000/08/19 16:21:19
4769 - millert@cvs.openbsd.org 2000/08/20 12:25:53
4771 We have to stash the result of get_remote_name_or_ip() before we
4772 close our socket or getpeername() will get EBADF and the process
4773 will exit. Only a problem for "UseLogin yes".
4774 - millert@cvs.openbsd.org 2000/08/20 12:30:59
4776 Only check /etc/nologin if "UseLogin no" since login(1) may have its
4777 own policy on determining who is allowed to login when /etc/nologin
4778 is present. Also use the _PATH_NOLOGIN define.
4779 - millert@cvs.openbsd.org 2000/08/20 12:42:43
4780 [auth1.c auth2.c session.c ssh.c]
4781 Add calls to setusercontext() and login_get*(). We basically call
4782 setusercontext() in most places where previously we did a setlogin().
4783 Add default login.conf file and put root in the "daemon" login class.
4784 - millert@cvs.openbsd.org 2000/08/21 10:23:31
4786 Fix incorrect PATH setting; noted by Markus.
4789 - (djm) OpenBSD CVS changes:
4790 - markus@cvs.openbsd.org 2000/07/22 03:14:37
4791 [servconf.c servconf.h sshd.8 sshd.c sshd_config]
4792 random early drop; ok theo, niels
4793 - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
4796 - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
4798 many fixes from pepper@mail.reppep.com
4799 - provos@cvs.openbsd.org 2000/08/01 13:01:42
4800 [Makefile.in util.c aux.c]
4801 rename aux.c to util.c to help with cygwin port
4802 - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
4804 correct sun_len; Alexander@Leidinger.net
4805 - provos@cvs.openbsd.org 2000/08/02 10:27:17
4807 disable kerberos authentication by default
4808 - provos@cvs.openbsd.org 2000/08/02 11:27:05
4809 [sshd.8 readconf.c auth-krb4.c]
4810 disallow kerberos authentication if we can't verify the TGT; from
4812 kerberos authentication is on by default only if you have a srvtab.
4813 - markus@cvs.openbsd.org 2000/08/04 14:30:07
4816 - markus@cvs.openbsd.org 2000/08/04 14:30:35
4819 - markus@cvs.openbsd.org 2000/08/15 13:20:46
4822 - markus@cvs.openbsd.org 2000/08/17 14:05:10
4824 cleanup login(1)-like jobs, no duplicate utmp entries
4825 - markus@cvs.openbsd.org 2000/08/17 14:06:34
4826 [session.c sshd.8 sshd.c]
4827 sshd -u len, similar to telnetd
4828 - (djm) Lastlog was not getting closed after writing login entry
4829 - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
4832 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
4833 - (djm) Fix strerror replacement for old SunOS. Based on patch from
4834 Charles Levert <charles@comm.polymtl.ca>
4835 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
4837 - (djm) SUN_LEN macro for systems which lack it
4840 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
4841 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
4842 Michael Stone <mstone@cs.loyola.edu>
4843 - (djm) Don't seek in directory based lastlogs
4844 - (djm) Fix --with-ipaddr-display configure option test. Patch from
4845 Jarno Huuskonen <jhuuskon@messi.uku.fi>
4846 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
4849 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
4850 Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
4853 - (djm) Define AIX hard limits if headers don't. Report from
4854 Bill Painter <william.t.painter@lmco.com>
4855 - (djm) utmp direct write & SunOS 4 patch from Charles Levert
4856 <charles@comm.polymtl.ca>
4859 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
4860 time, spec file cleanup.
4863 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
4864 - (djm) Suppress error messages on channel close shutdown() failurs
4865 works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
4866 - (djm) Add some more entropy collection commands from Lutz Jaenicke
4869 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
4872 - (djm) OpenBSD CVS updates:
4873 - markus@cvs.openbsd.org 2000/07/16 02:27:22
4874 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
4875 [sshconnect1.c sshconnect2.c]
4876 make ssh-add accept dsa keys (the agent does not)
4877 - djm@cvs.openbsd.org 2000/07/17 19:25:02
4879 Another closing of stdin; ok deraadt
4880 - markus@cvs.openbsd.org 2000/07/19 18:33:12
4882 missing free, reorder
4883 - markus@cvs.openbsd.org 2000/07/20 16:23:14
4885 document input and output files
4888 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
4891 - (djm) Release 2.1.1p4
4894 - (djm) OpenBSD CVS updates
4895 - provos@cvs.openbsd.org 2000/07/13 16:53:22
4896 [aux.c readconf.c servconf.c ssh.h]
4897 allow multiple whitespace but only one '=' between tokens, bug report from
4898 Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
4899 - provos@cvs.openbsd.org 2000/07/13 17:14:09
4901 typo; todd@fries.net
4902 - provos@cvs.openbsd.org 2000/07/13 17:19:31
4904 close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
4905 - markus@cvs.openbsd.org 2000/07/14 16:59:46
4906 [readconf.c servconf.c]
4907 allow leading whitespace. ok niels
4908 - djm@cvs.openbsd.org 2000/07/14 22:01:38
4909 [ssh-keygen.c ssh.c]
4910 Always create ~/.ssh with mode 700; ok Markus
4911 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
4912 - Include floatingpoint.h for entropy.c
4913 - strerror replacement
4916 - (djm) Remove -lresolve for Reliant Unix
4917 - (djm) OpenBSD CVS Updates:
4918 - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
4920 make MaxStartups code still work with -d; djm
4921 - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
4922 [readconf.c ssh_config]
4923 disable FallBackToRsh by default
4924 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
4925 Ben Lindstrom <mouring@pconline.com>
4926 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
4928 - (djm) Released 2.1.1p3
4931 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
4933 - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
4934 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
4935 <mouring@pconline.com>
4936 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
4937 from Jim Watt <jimw@peisj.pebio.com>
4938 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
4939 to compile on more platforms (incl NeXT).
4940 - (djm) Added bsd-inet_aton and configure support for NeXT
4941 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
4942 - (djm) OpenBSD CVS updates:
4943 - markus@cvs.openbsd.org 2000/06/26 03:22:29
4945 cleanup, less cut&paste
4946 - markus@cvs.openbsd.org 2000/06/26 15:59:19
4947 [servconf.c servconf.h session.c sshd.8 sshd.c]
4948 MaxStartups: limit number of unauthenticated connections, work by
4950 - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
4952 use no_x11_forwarding_flag correctly; provos ok
4953 - provos@cvs.openbsd.org 2000/07/05 15:35:57
4956 - aaron@cvs.openbsd.org 2000/07/05 22:06:58
4957 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
4958 Insert more missing .El directives. Our troff really should identify
4959 these and spit out a warning.
4960 - todd@cvs.openbsd.org 2000/07/06 21:55:04
4961 [auth-rsa.c auth2.c ssh-keygen.c]
4962 clean code is good code
4963 - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
4965 sense of port forwarding flag test was backwards
4966 - provos@cvs.openbsd.org 2000/07/08 17:17:31
4967 [compat.c readconf.c]
4968 replace strtok with strsep; from David Young <dyoung@onthejob.net>
4969 - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
4972 - ho@cvs.openbsd.org 2000/07/08 19:27:33
4973 [compat.c readconf.c]
4974 Better conditions for strsep() ending.
4975 - ho@cvs.openbsd.org 2000/07/10 10:27:05
4977 Get the correct message on errors. (niels@ ok)
4978 - ho@cvs.openbsd.org 2000/07/10 10:30:25
4979 [cipher.c kex.c servconf.c]
4980 strtok() --> strsep(). (niels@ ok)
4981 - (djm) Fix problem with debug mode and MaxStartups
4982 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
4984 - (djm) Add strsep function from OpenBSD libc for systems that lack it
4987 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
4988 Kevin Steves <stevesk@sweden.hp.com>
4989 - (djm) Match prototype and function declaration for rresvport_af.
4990 Problem report from Niklas Edmundsson <nikke@ing.umu.se>
4991 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
4992 builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
4993 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
4994 <jimw@peisj.pebio.com>
4995 - (djm) Fix pam sprintf fix
4996 - (djm) Cleanup entropy collection code a little more. Split initialisation
4997 from seeding, perform intialisation immediatly at start, be careful with
4998 uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
4999 - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
5000 Including sigaction() et al. replacements
5001 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
5005 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
5006 Aaron Hopkins <aaron@die.net>
5007 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
5008 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
5009 - (djm) Fixed undefined variables for OSF SIA. Report from
5010 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
5011 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
5012 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
5013 - (djm) Don't use inet_addr.
5016 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
5017 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
5018 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
5019 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
5020 Chris, the Young One <cky@pobox.com>
5021 - (djm) Fix scp progress meter on really wide terminals. Based on patch
5022 from James H. Cloos Jr. <cloos@jhcloos.com>
5025 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
5026 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
5027 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
5028 <vinschen@cygnus.com>
5029 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
5030 - (djm) Added check for broken snprintf() functions which do not correctly
5031 terminate output string and attempt to use replacement.
5032 - (djm) Released 2.1.1p2
5035 - (djm) Fixes to lastlog code for Irix
5036 - (djm) Use atomicio in loginrec
5037 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
5038 Irix 6.x array sessions, project id's, and system audit trail id.
5039 - (djm) Added 'distprep' make target to simplify packaging
5040 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
5041 support. Enable using "USE_SIA=1 ./configure [options]"
5044 - (djm) Fixes to login code - not setting li->uid, cleanups
5048 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
5049 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
5050 - (djm) Added password expiry checking (no password change support)
5051 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
5052 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
5053 - (djm) Fix fixed EGD code.
5054 - OpenBSD CVS update
5055 - provos@cvs.openbsd.org 2000/06/25 14:17:58
5057 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
5060 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
5061 Svante Signell <svante.signell@telia.com>
5062 - (djm) Autoconf logic to define sa_family_t if it is missing
5063 - OpenBSD CVS Updates:
5064 - markus@cvs.openbsd.org 2000/06/22 10:32:27
5066 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
5067 - djm@cvs.openbsd.org 2000/06/22 17:55:00
5068 [auth-krb4.c key.c radix.c uuencode.c]
5069 Missing CVS idents; ok markus
5072 - (djm) Automatically generate host key during "make install". Suggested
5073 by Gary E. Miller <gem@rellim.com>
5074 - (djm) Paranoia before kill() system call
5075 - OpenBSD CVS Updates:
5076 - markus@cvs.openbsd.org 2000/06/18 18:50:11
5077 [auth2.c compat.c compat.h sshconnect2.c]
5078 make userauth+pubkey interop with ssh.com-2.2.0
5079 - markus@cvs.openbsd.org 2000/06/18 20:56:17
5081 mem leak + be more paranoid in dsa_verify.
5082 - markus@cvs.openbsd.org 2000/06/18 21:29:50
5084 cleanup fingerprinting, less hardcoded sizes
5085 - markus@cvs.openbsd.org 2000/06/19 19:39:45
5086 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
5087 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
5088 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
5089 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
5090 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
5091 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
5092 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
5093 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
5094 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
5096 - markus@cvs.openbsd.org 2000/06/21 10:46:10
5097 sshconnect2.c missing free; nuke old comment
5100 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
5101 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
5102 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
5103 - (djm) Typo in loginrec.c
5106 - (djm) Add summary of configure options to end of ./configure run
5107 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
5108 Michael Stone <mstone@cs.loyola.edu>
5109 - (djm) rusage is a privileged operation on some Unices (incl.
5110 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
5111 - (djm) Avoid PAM failures when running without a TTY. Report from
5112 Martin Petrak <petrak@spsknm.schools.sk>
5113 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
5114 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
5115 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
5116 - OpenBSD CVS updates:
5117 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
5119 everyone says "nix it" (remove protocol 2 debugging message)
5120 - markus@cvs.openbsd.org 2000/06/17 13:24:34
5122 allow extended server banners
5123 - markus@cvs.openbsd.org 2000/06/17 14:30:10
5125 missing atomicio, typo
5126 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
5127 [servconf.c servconf.h session.c sshd.8 sshd_config]
5128 add support for ssh v2 subsystems. ok markus@.
5129 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
5130 [readconf.c servconf.c]
5131 include = in WHITESPACE; markus ok
5132 - markus@cvs.openbsd.org 2000/06/17 19:09:10
5134 implement bug compatibility with ssh-2.0.13 pubkey, server side
5135 - markus@cvs.openbsd.org 2000/06/17 21:00:28
5137 initial support for ssh.com's 2.2.0
5138 - markus@cvs.openbsd.org 2000/06/17 21:16:09
5141 - markus@cvs.openbsd.org 2000/06/17 22:05:02
5142 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
5143 split auth-rsa option parsing into auth-options
5144 add options support to authorized_keys2
5145 - markus@cvs.openbsd.org 2000/06/17 22:42:54
5150 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
5151 - Platform define for SCO 3.x which breaks on /dev/ptmx
5152 - Detect and try to fix missing MAXPATHLEN
5153 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
5154 <P.S.S.Camp@ukc.ac.uk>
5157 - (djm) Glob manpages in RPM spec files to catch compressed files
5158 - (djm) Full license in auth-pam.c
5159 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
5160 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
5161 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
5163 - Set AIX to use preformatted manpages
5166 - (djm) Minor doc tweaks
5167 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
5170 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
5171 (in favour of utmpx) on Solaris 8
5174 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
5175 list of commands (by default). Removed verbose debugging (by default).
5176 - (djm) Increased command entropy estimates and default entropy collection
5178 - (djm) Remove duplicate headers from loginrec.c
5179 - (djm) Don't add /usr/local/lib to library search path on Irix
5180 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
5182 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
5183 <zack@wolery.cumb.org>
5184 - (djm) OpenBSD CVS updates:
5185 - todd@cvs.openbsd.org
5187 teach protocol v2 to count login failures properly and also enable an
5188 explanation of why the password prompt comes up again like v1; this is NOT
5190 - markus@cvs.openbsd.org
5191 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
5192 xauth_location support; pr 1234
5193 [readconf.c sshconnect2.c]
5196 allow use_login only for login sessions, otherwise remote commands are
5199 document UseLogin better
5203 fix match_hostname() logic for auth-rsa: deny access if we have a
5204 negative match or no match at all
5205 [channels.c hostfile.c match.c]
5206 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
5210 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
5214 - Configure tweaking for new login code on Irix 5.3
5215 - (andre) login code changes based on djm feedback
5218 - (andre) New login code
5219 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
5220 - Add loginrec.[ch], logintest.c and autoconf code
5223 - Cleanup of auth.c, login.c and fake-*
5224 - Cleanup of auth-pam.c, save and print "account expired" error messages
5225 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
5226 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
5227 of fallback DIY code.
5230 - Define atexit for old Solaris
5231 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
5232 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
5233 - OpenBSD CVS updates:
5234 - markus@cvs.openbsd.org
5236 make x11-fwd work w/ localhost (xauth add host/unix:11)
5237 [cipher.c compat.c readconf.c servconf.c]
5238 check strtok() != NULL; ok niels@
5240 fix key_read() for uuencoded keys w/o '='
5242 group ssh1 vs. ssh2 in serverloop
5243 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
5244 split kexinit/kexdh, factor out common code
5245 [readconf.c ssh.1 ssh.c]
5246 forwardagent defaults to no, add ssh -A
5247 - theo@cvs.openbsd.org
5249 just some line shortening
5253 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
5254 - Don't touch utmp if USE_UTMPX defined
5255 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
5256 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
5257 - HPUX and Configure fixes from Lutz Jaenicke
5258 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
5259 - Use mkinstalldirs script to make directories instead of non-portable
5260 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
5264 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
5265 - OpenBSD CVS updates:
5266 - markus@cvs.openbsd.org
5268 copy only ai_addrlen bytes; misiek@pld.org.pl
5270 accept an empty shell in authentication; bug reported by
5271 chris@tinker.ucr.edu
5273 we don't have stderr for interactive terminal sessions (fcntl errors)
5276 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
5277 - Fixes command line printing segfaults (spotter: Bladt Norbert)
5278 - Fixes erroneous printing of debug messages to syslog
5279 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
5280 - Gives useful error message if PRNG initialisation fails
5281 - Reduced ssh startup delay
5282 - Measures cumulative command time rather than the time between reads
5284 - 'fixprogs' perl script to eliminate non-working entropy commands, and
5285 optionally run 'ent' to measure command entropy
5286 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
5287 - Avoid WCOREDUMP complation errors for systems that lack it
5288 - Avoid SIGCHLD warnings from entropy commands
5289 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
5290 - OpenBSD CVS update:
5291 - markus@cvs.openbsd.org
5295 draft-ietf-secsh-architecture-05.txt
5297 document ssh -T -N (ssh2 only)
5298 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
5299 enable nonblocking IO for sshd w/ proto 1, too; split out common code
5302 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
5303 - INSTALL typo and URL fix
5306 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
5307 <ksakai@kso.netwk.ntt-at.co.jp>
5308 - RSAless operation patch from kevin_oconnor@standardandpoors.com
5309 - Detect OpenSSL seperatly from RSA
5310 - Better test for RSA (more compatible with RSAref). Based on work by
5311 Ed Eden <ede370@stl.rural.usda.gov>
5314 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
5318 - Fix for prng_seed permissions checking from Lutz Jaenicke
5319 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
5320 - "make host-key" fix for Irix
5323 - OpenBSD CVS update
5324 - markus@cvs.openbsd.org
5325 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
5326 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
5327 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
5328 - hugh@cvs.openbsd.org
5332 - One last nit fix. (markus approved)
5334 - some markus certified spelling adjustments
5335 - markus@cvs.openbsd.org
5336 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
5338 - bug compat w/ ssh-2.0.13 x11, split out bugs
5340 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
5342 - handle escapes in real and original key format, ok millert@
5345 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
5347 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
5348 by Andre Lucas <andre.lucas@dial.pipex.com>
5351 - Makefile and RPM spec fixes
5352 - Generate DSA host keys during "make key" or RPM installs
5353 - OpenBSD CVS update
5354 - markus@cvs.openbsd.org
5355 [clientloop.c sshconnect2.c]
5356 - make x11-fwd interop w/ ssh-2.0.13
5358 - interop w/ SecureFX
5359 - Release 2.0.0beta2
5361 - Configure caching and cleanup patch from Andre Lucas'
5362 <andre.lucas@dial.pipex.com>
5365 - Remove references to SSLeay.
5366 - Big OpenBSD CVS update
5367 - markus@cvs.openbsd.org
5371 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
5373 - update proctitle for proto 1, too
5374 [channels.h nchan.c serverloop.c session.c sshd.c]
5375 - use c-style comments
5376 - deraadt@cvs.openbsd.org
5379 - markus@cvs.openbsd.org
5384 [readconf.c ssh-keygen.c ssh.h]
5385 - default DSA key file ~/.ssh/id_dsa
5387 - typo, rm verbose debug
5388 - deraadt@cvs.openbsd.org
5390 - document DSA use of ssh-keygen
5392 - a start at describing what i understand of the DSA side
5394 - document -X and -x
5397 - markus@cvs.openbsd.org
5399 - there is no rhosts_dsa
5401 - document -y, update -X,-x
5403 - fix close for non-open ssh1 channels
5404 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
5405 - s/DsaKey/HostDSAKey/, document option
5407 - respect number_of_password_prompts
5408 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
5409 - GatewayPorts for sshd, ok deraadt@
5410 [ssh-add.1 ssh-agent.1 ssh.1]
5411 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
5413 - more info on proto 2
5415 - sync AUTHOR w/ ssh.1
5416 [key.c key.h sshconnect.c]
5417 - print key type when talking about host keys
5419 - clear padding in ssh2
5420 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
5421 - replace broken uuencode w/ libc b64_ntop
5423 - log failure before sending the reply
5424 [key.c radix.c uuencode.c]
5425 - remote trailing comments before calling __b64_pton
5426 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
5427 [sshconnect2.c sshd.8]
5428 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
5429 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
5432 - OpenBSD CVS update
5434 - init all fds, close all fds.
5436 - check whether file exists before asking for passphrase
5437 [servconf.c servconf.h sshd.8 sshd.c]
5442 - unbreak, ok niels@
5444 - unlink pid file, ok niels@
5446 - Add missing #ifdefs; ok - markus
5447 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
5448 gathering commands from a text file
5449 - Release 2.0.0beta1
5452 - OpenBSD CVS update
5454 - send debug messages in SSH2 format
5456 - fix very rare EAGAIN/EINTR issues; based on work by djm
5458 - less debug, rm unused
5460 - disable kerb,s/key in ssh2
5462 - Minor tweaks and typo fixes.
5464 - Put -d into usage and reorder. markus ok.
5465 - Include missing headers for OpenSSL tests. Fix from Phil Karn
5466 <karn@ka9q.ampr.org>
5467 - Fixed __progname symbol collisions reported by Andre Lucas
5468 <andre.lucas@dial.pipex.com>
5469 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
5471 - Add some missing ifdefs to auth2.c
5472 - Deprecate perl-tk askpass.
5473 - Irix portability fixes - don't include netinet headers more than once
5474 - Make sure we don't save PRNG seed more than once
5477 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
5478 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
5480 - Adds timeout to entropy collection
5481 - Disables slow entropy sources
5482 - Load and save seed file
5483 - Changed entropy seed code to user per-user seeds only (server seed is
5484 saved in root's .ssh directory)
5485 - Use atexit() and fatal cleanups to save seed on exit
5486 - More OpenBSD updates:
5488 - don't call chan_write_failed() if we are not writing
5489 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
5490 - keysize warnings error() -> log()
5493 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
5495 - interop w/ F-secure windows client
5496 - sync documentation
5497 - ssh_host_dsa_key not ssh_dsa_key
5500 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
5501 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
5502 [sshd.c uuencode.c uuencode.h authfile.h]
5503 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
5504 for trading keys with the real and the original SSH, directly from the
5505 people who invented the SSH protocol.
5506 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
5507 [sshconnect1.c sshconnect2.c]
5508 - split auth/sshconnect in one file per protocol version
5515 [ssh-keygen.1 ssh-keygen.c]
5516 - add -R flag: exit code indicates if RSA is alive
5519 silent if -Q is specified
5521 - host key becomes /etc/ssh_host_dsa_key
5522 [readconf.c servconf.c ]
5523 - ssh/sshd default to proto 1 and 2
5526 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
5528 [auth2.c serverloop.c session.c]
5529 - cleanup logging for sshd/2, respect PasswordAuth no
5531 - less debug, respect .ssh/config
5532 [README.openssh2 channels.c channels.h]
5533 - clientloop.c session.c ssh.c
5534 - support for x11-fwding, client+server
5537 - Merge fix from OpenBSD CVS
5539 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
5540 via Debian bug #59926
5541 - Define __progname in session.c if libc doesn't
5542 - Remove indentation on autoconf #include statements to avoid bug in
5543 DEC Tru64 compiler. Report and fix from David Del Piero
5544 <David.DelPiero@qed.qld.gov.au>
5547 - Make fixpaths work with perl4, patch from Andre Lucas
5548 <andre.lucas@dial.pipex.com>
5549 - Sync with OpenBSD CVS:
5550 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
5553 - remove bogus chan_read_failed. this could cause data
5554 corruption (missing data) at end of a SSH2 session.
5555 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
5556 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
5557 - Use vhangup to clean up Linux ttys
5558 - Force posix getopt processing on GNU libc systems
5559 - Debian bug #55910 - remove references to ssl(8) manpages
5560 - Debian bug #58031 - ssh_config lies about default cipher
5563 - OpenBSD CVS updates
5565 - fix pr 1196, listen_port and port_to_connect interchanged
5567 - after completion, replace the progress bar ETA counter with a final
5568 elapsed time; my idea, aaron wrote the patch
5569 [ssh_config sshd_config]
5570 - show 'Protocol' as an example, ok markus@
5573 - Add missing header to bsd-misc.c
5576 - Reduce diff against OpenBSD source
5577 - All OpenSSL includes are now unconditionally referenced as
5579 - Pick up formatting changes
5580 - Other minor changed (typecasts, etc) that I missed
5583 - OpenBSD CVS updates.
5586 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
5587 [session.c sshconnect.c]
5588 - check payload for (illegal) extra data
5593 - INSTALL doc updates
5594 - Merged OpenBSD updates to include paths.
5597 - OpenBSD CVS updates:
5601 fix passwd prompt for ssh2, less debugging output.
5602 - [clientloop.c compat.c dsa.c kex.c sshd.c]
5603 less debugging output
5604 - [kex.c kex.h sshconnect.c sshd.c]
5605 check for reasonable public DH values
5606 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
5607 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
5608 add Cipher and Protocol options to ssh/sshd, e.g.:
5609 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
5612 print 1.99 only if server supports both
5615 - Avoid some compiler warnings in fake-get*.c
5616 - Add IPTOS macros for systems which lack them
5617 - Only set define entropy collection macros if they are found
5618 - More large OpenBSD CVS updates:
5619 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
5620 [session.h ssh.h sshd.c README.openssh2]
5621 ssh2 server side, see README.openssh2; enable with 'sshd -2'
5623 no adjust after close
5624 - [sshd.c compat.c ]
5625 interop w/ latest ssh.com windows client.
5628 - OpenBSD CVS update:
5631 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
5632 ssh2 client implementation, interops w/ ssh.com and lsh servers.
5635 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
5636 remove unused argument, split cipher_mask()
5638 re-order: group ssh1 vs. ssh2
5639 - Make Redhat spec require openssl >= 0.9.5a
5642 - Add tests for RAND_add function when searching for OpenSSL
5643 - OpenBSD CVS update:
5644 - [packet.h packet.c]
5646 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
5647 [channels.h channels.c]
5648 channel layer support for ssh2
5649 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
5650 DSA, keyexchange, algorithm agreement for ssh2
5651 - Generate manpages before make install not at the end of make all
5652 - Don't seed the rng quite so often
5653 - Always reseed rng when requested
5656 - Wrote entropy collection routines for systems that lack /dev/random
5658 - Disable tests and typedefs for 64 bit types. They are currently unused.
5661 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
5662 - [auth.c session.c sshd.c auth.h]
5663 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
5664 - [bufaux.c bufaux.h]
5665 support ssh2 bignums
5666 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
5667 [readconf.c ssh.c ssh.h serverloop.c]
5668 replace big switch() with function tables (prepare for ssh2)
5670 ssh2 message type codes
5672 reorder Xr to avoid cutting
5674 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
5677 allow bigger packets
5678 - [cipher.c cipher.h]
5679 support ssh2 ciphers
5682 - [dispatch.c dispatch.h]
5683 function tables for different message types
5685 do not log() if debuggin to stderr
5686 rename a cpp symbol, to avoid param.h collision
5693 - Better tests for OpenSSL w/ RSAref
5694 - Added replacement setenv() function from OpenBSD libc. Suggested by
5695 Ben Lindstrom <mouring@pconline.com>
5696 - OpenBSD CVS update
5699 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
5700 [match.h ssh.c ssh.h sshconnect.c sshd.c]
5701 initial support for DSA keys. ok deraadt@, niels@
5702 - [cipher.c cipher.h]
5703 remove unused cipher_attack_detected code
5704 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5705 Fix some formatting problems I missed before.
5707 fix spelling errors, From: FreeBSD
5709 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
5715 - Clarified --with-default-path option.
5716 - Added -blibpath handling for AIX to work around stupid runtime linking.
5717 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
5718 <jmknoble@jmknoble.cx>
5719 - Checks for 64 bit int types. Problem report from Mats Fredholm
5721 - OpenBSD CVS updates:
5722 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
5723 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
5725 pedantic: signed vs. unsigned, void*-arithm, etc
5727 Various cleanups and standardizations.
5728 - Runtime error fix for HPUX from Otmar Stahl
5729 <O.Stahl@lsw.uni-heidelberg.de>
5732 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
5733 Hesprich <dghespri@sprintparanet.com>
5734 - Propogate LD through to Makefile
5736 - Added blurb about "scp: command not found" errors to UPGRADING
5739 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
5740 problems with gcc/Solaris.
5741 - Don't free argument to putenv() after use (in setenv() replacement).
5742 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
5743 - Created contrib/ subdirectory. Included helpers from Phil Hands'
5744 Debian package, README file and chroot patch from Ricardo Cerqueira
5746 - Moved gnome-ssh-askpass.c to contrib directory and removed config
5748 - Slight cleanup to doc files
5749 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
5752 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
5753 peter@frontierflying.com
5754 - Include /usr/local/include and /usr/local/lib for systems that don't
5756 - -R/usr/local/lib for Solaris
5757 - Fix RSAref detection
5758 - Fix IN6_IS_ADDR_V4MAPPED macro
5762 - OpenBSD CVS change
5764 - disallow guessing of root password
5765 - More configure fixes
5766 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
5769 - OpenBSD CVS updates to v1.2.3
5771 - int atomicio -> ssize_t (for alpha). ok deraadt@
5773 - delay MD5 computation until client sends response, free() early, cleanup.
5775 - void* -> unsigned char*, ok niels@
5777 - remove unused variable 'len'. fix comments.
5778 - remove unused variable
5779 [log-client.c log-server.c]
5780 - rename a cpp symbol, to avoid param.h collision
5783 - getsockname() requires initialized tolen; andy@guildsoftware.com
5784 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
5785 from Holger.Trapp@Informatik.TU-Chemnitz.DE
5787 - register cleanup for pty earlier. move code for pty-owner handling to
5788 pty.c ok provos@, dugsong@
5790 - turn off x11-fwd for the client, too.
5794 - allow '.' in usernames; from jedgar@fxp.org
5796 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
5797 - sync with sshd_config
5799 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
5801 - Change invalid 'CHAT' loglevel to 'VERBOSE'
5803 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
5804 - turn off x11-fwd for the client, too.
5807 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
5808 - read error vs. "Connection closed by remote host"
5811 - do not link to a commercial page..
5812 - sync with sshd_config
5814 - no need for poll.h; from bright@wintelcom.net
5815 - log with level log() not fatal() if peer behaves badly.
5816 - don't panic if client behaves strange. ok deraadt@
5817 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
5818 - delay close() of pty until the pty has been chowned back to root
5819 - oops, fix comment, too.
5821 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
5822 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
5823 - register cleanup for pty earlier. move code for pty-owner handling to
5824 pty.c ok provos@, dugsong@
5825 - create x11 cookie file
5826 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
5829 - Removed warning workaround for Linux and devpts filesystems (no longer
5830 required after OpenBSD updates)
5833 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
5839 - Fix DEC compile fix
5840 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
5841 - Check for getpagesize in libucb.a if not found in libc. Fix for old
5842 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
5843 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
5844 Mate Wierdl <mw@moni.msci.memphis.edu>
5847 - Added "make host-key" target, Suggestion from Dominik Brettnacher
5849 - Don't permanently fail on bind() if getaddrinfo has more choices left for
5850 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
5851 Miskiewicz <misiek@pld.org.pl>
5852 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
5853 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
5856 - Big cleanup of autoconf code
5857 - Rearranged to be a little more logical
5858 - Added -R option for Solaris
5859 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
5860 to detect library and header location _and_ ensure library has proper
5861 RSA support built in (this is a problem with OpenSSL 0.9.5).
5862 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
5863 - Avoid warning message with Unix98 ptys
5864 - Warning was valid - possible race condition on PTYs. Avoided using
5865 platform-specific code.
5866 - Document some common problems
5867 - Allow root access to any key. Patch from
5868 markus.friedl@informatik.uni-erlangen.de
5871 - Removed SOCKS code. Will support through a ProxyCommand.
5874 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
5875 - Add --with-ssl-dir option
5878 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
5880 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
5881 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
5882 <haruyama@nt.phys.s.u-tokyo.ac.jp>
5885 - Use socket pairs by default (instead of pipes). Prevents race condition
5886 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
5889 - Seed OpenSSL's random number generator before generating RSA keypairs
5890 - Split random collector into seperate file
5891 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
5894 - Released 1.2.2 stable
5896 - NeXT keeps it lastlog in /usr/adm. Report from
5897 mouring@newton.pconline.com
5898 - Added note in UPGRADING re interop with commercial SSH using idea.
5899 Report from Jim Knoble <jmknoble@jmknoble.cx>
5900 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
5901 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
5904 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
5905 <andre.lucas@dial.pipex.com>
5906 - Reorder PAM initialisation so it does not mess up lastlog. Reported
5907 by Andre Lucas <andre.lucas@dial.pipex.com>
5908 - Use preformatted manpages on SCO, report from Gary E. Miller
5910 - New URL for x11-ssh-askpass.
5911 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
5912 <jmknoble@jmknoble.cx>
5913 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
5914 Jim Knoble <jmknoble@jmknoble.cx>
5915 - Updated RPM spec files to use DESTDIR
5918 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
5924 getsockname() requires initialized tolen; andy@guildsoftware.com
5925 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
5926 <drankin@bohemians.lexington.ky.us>
5927 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
5930 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
5932 - Merge preformatted manpage patch from Andre Lucas
5933 <andre.lucas@dial.pipex.com>
5934 - Make IPv4 use the default in RPM packages
5935 - Irix uses preformatted manpages
5936 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
5937 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
5938 - OpenBSD CVS updates:
5940 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
5941 from Holger.Trapp@Informatik.TU-Chemnitz.DE
5943 log with level log() not fatal() if peer behaves badly.
5945 instead of blocking SIGINT, catch it ourselves, so that we can clean
5946 the tty modes up and kill ourselves -- instead of our process group
5947 leader (scp, cvs, ...) going away and leaving us in noecho mode.
5948 people with cbreak shells never even noticed..
5949 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
5953 - Don't use getaddrinfo on AIX
5954 - Update to latest OpenBSD CVS:
5956 - fix user/1056, sshd keeps restrictions; dbt@meat.net
5958 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
5959 - destroy keys earlier
5960 - split key exchange (kex) and user authentication (user-auth),
5963 - no need for poll.h; from bright@wintelcom.net
5964 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
5965 - split key exchange (kex) and user authentication (user-auth),
5967 - Big manpage and config file cleanup from Andre Lucas
5968 <andre.lucas@dial.pipex.com>
5969 - Re-added latest (unmodified) OpenBSD manpages
5971 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
5972 Christos Zoulas <christos@netbsd.org>
5975 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
5976 - Compile fix from Darren_Hall@progressive.com
5977 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
5978 addresses using getaddrinfo(). Added a configure switch to make the
5979 default lookup mode AF_INET
5982 - Fixed --with-pid-dir option
5983 - Makefile fix from Gary E. Miller <gem@rellim.com>
5984 - Compile fix for HPUX and Solaris from Andre Lucas
5985 <andre.lucas@dial.pipex.com>
5988 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
5989 port, ignore EINVAL errors (Linux) when searching for free port.
5990 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
5991 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
5992 - Document location of Redhat PAM file in INSTALL.
5993 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
5994 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
5995 deliver (no IPv6 kernel support)
5996 - Released 1.2.1pre27
5998 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
5999 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
6000 <jhuuskon@hytti.uku.fi>
6001 - Fix hang on logout if processes are still using the pty. Needs
6003 - Patch from Christos Zoulas <christos@zoulas.com>
6004 - Try $prefix first when looking for OpenSSL.
6005 - Include sys/types.h when including sys/socket.h in test programs
6006 - Substitute PID directory in sshd.8. Suggestion from Andrew
6007 Stribblehill <a.d.stribblehill@durham.ac.uk>
6010 - Renamed --with-xauth-path to --with-xauth
6011 - Added --with-pid-dir option
6012 - Released 1.2.1pre26
6014 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
6015 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
6016 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
6019 - Add --with-xauth-path configure directive and explicit test for
6020 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
6021 Nordby <anders@fix.no>
6022 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
6023 openpty. Report from John Seifarth <john@waw.be>
6024 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
6025 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
6027 - Use __snprintf and __vnsprintf if they are found where snprintf and
6028 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
6032 - Merged OpenBSD IPv6 patch:
6033 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
6034 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
6035 [hostfile.c sshd_config]
6036 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
6037 features: sshd allows multiple ListenAddress and Port options. note
6038 that libwrap is not IPv6-ready. (based on patches from
6039 fujiwara@rcac.tdi.co.jp)
6040 - [ssh.c canohost.c]
6041 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
6044 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
6046 allow auth-kerberos for IPv4 only
6047 - [scp.1 sshd.8 servconf.h scp.c]
6048 document -4, -6, and 'ssh -L 2022/::1/22'
6050 'ssh @host' is illegal (null user name), from
6051 karsten@gedankenpolizei.de
6053 better error message
6055 allow auth-kerberos for IPv4 only
6057 - Cleanup overrun in sockaddr copying on RHL 6.1
6058 - Replacements for getaddrinfo, getnameinfo, etc based on versions
6059 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
6060 - Replacement for missing structures on systems that lack IPv6
6061 - record_login needed to know about AF_INET6 addresses
6062 - Borrowed more code from OpenBSD: rresvport_af and requisites
6065 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
6068 - New config.sub and config.guess to fix problems on SCO. Supplied
6069 by Gary E. Miller <gem@rellim.com>
6070 - SCO build fix from Gary E. Miller <gem@rellim.com>
6071 - Released 1.2.1pre25
6074 - Documentation update & cleanup
6075 - Better KrbIV / AFS detection, based on patch from:
6076 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
6079 - Fixed annoying DES corruption problem. libcrypt has been
6080 overriding symbols in libcrypto. Removed libcrypt and crypt.h
6081 altogether (libcrypto includes its own crypt(1) replacement)
6082 - Added platform-specific rules for Irix 6.x. Included warning that
6086 - Add explicit make rules for files proccessed by fixpaths.
6087 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
6089 - Removed "nullok" directive from default PAM configuration files.
6090 Added information on enabling EmptyPasswords on openssh+PAM in
6092 - OpenBSD CVS updates
6094 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
6097 compare correct version for 1.3 compat mode
6100 - Prevent multiple inclusion of config.h and defines.h. Suggested
6101 by Andre Lucas <andre.lucas@dial.pipex.com>
6102 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
6103 <dgaudet@arctic.org>
6106 - Fix password support on systems with a mixture of shadowed and
6107 non-shadowed passwords (e.g. NIS). Report and fix from
6108 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
6109 - Fix broken autoconf typedef detection. Report from Marc G.
6110 Fournier <marc.fournier@acadiau.ca>
6111 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
6112 <Franz.Sirl-kernel@lauterbach.com>
6113 - Prevent typedefs from being compiled more than once. Report from
6114 Marc G. Fournier <marc.fournier@acadiau.ca>
6115 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
6117 - Really fix broken default path. Fix from Jim Knoble
6118 <jmknoble@jmknoble.cx>
6119 - Remove test for quad_t. No longer needed.
6120 - Released 1.2.1pre24
6122 - Added support for directory-based lastlogs
6123 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
6126 - OpenBSD CVS updates:
6129 - Removed most of the pam code into its own file auth-pam.[ch]. This
6130 cleaned up sshd.c up significantly.
6131 - PAM authentication was incorrectly interpreting
6132 "PermitRootLogin without-password". Report from Matthias Andree
6133 <ma@dt.e-technik.uni-dortmund.de
6134 - Several other cleanups
6135 - Merged Dante SOCKS support patch from David Rankin
6136 <drankin@bohemians.lexington.ky.us>
6137 - Updated documentation with ./configure options
6138 - Released 1.2.1pre23
6141 - Applied another NetBSD portability patch from David Rankin
6142 <drankin@bohemians.lexington.ky.us>
6143 - Fix --with-default-path option.
6144 - Autodetect perl, patch from David Rankin
6145 <drankin@bohemians.lexington.ky.us>
6146 - Print whether OpenSSH was compiled with RSARef, patch from
6147 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
6148 - Calls to pam_setcred, patch from Nalin Dahyabhai
6149 <nalin@thermo.stat.ncsu.edu>
6150 - Detect missing size_t and typedef it.
6151 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
6152 - Minor Makefile cleaning
6155 - Replacement for getpagesize() for systems which lack it
6156 - NetBSD login.c compile fix from David Rankin
6157 <drankin@bohemians.lexington.ky.us>
6158 - Fully set ut_tv if present in utmp or utmpx
6159 - Portability fixes for Irix 5.3 (now compiles OK!)
6160 - autoconf and other misc cleanups
6161 - Merged AIX patch from Darren Hall <dhall@virage.org>
6162 - Cleaned up defines.h
6163 - Released 1.2.1pre22
6166 - Automatically correct paths in manpages and configuration files. Patch
6167 and script from Andre Lucas <andre.lucas@dial.pipex.com>
6168 - Removed credits from README to CREDITS file, updated.
6169 - Added --with-default-path to specify custom path for server
6170 - Removed #ifdef trickery from acconfig.h into defines.h
6171 - PAM bugfix. PermitEmptyPassword was being ignored.
6172 - Fixed PAM config files to allow empty passwords if server does.
6173 - Explained spurious PAM auth warning workaround in UPGRADING
6174 - Use last few chars of tty line as ut_id
6175 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
6176 - OpenBSD CVS updates:
6177 - [packet.h auth-rhosts.c]
6178 check format string for packet_disconnect and packet_send_debug, too
6180 use packet_get_maxsize for channels. consistence.
6183 - Enabled utmpx support by default for Solaris
6184 - Cleanup sshd.c PAM a little more
6185 - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
6186 X11 ssh-askpass program.
6187 - Disable logging of PAM success and failures, PAM is verbose enough.
6188 Unfortunatly there is currently no way to disable auth failure
6189 messages. Mention this in UPGRADING file and sent message to PAM
6191 - OpenBSD CVS update:
6192 - [ssh-keygen.1 ssh.1]
6193 remove ref to .ssh/random_seed, mention .ssh/environment in
6195 - Released 1.2.1pre21
6196 - Fixed implicit '.' in default path, report from Jim Knoble
6197 <jmknoble@jmknoble.cx>
6198 - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
6201 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
6202 - Cleanup of auth-passwd.c for shadow and MD5 passwords
6203 - Cleanup and bugfix of PAM authentication code
6204 - Released 1.2.1pre20
6206 - Merged fixes from Ben Taylor <bent@clark.net>
6207 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
6208 - Disabled logging of PAM password authentication failures when password
6209 is empty. (e.g start of authentication loop). Reported by Naz
6210 <96na@eng.cam.ac.uk>)
6213 - Merged later HPUX patch from Andre Lucas
6214 <andre.lucas@dial.pipex.com>
6215 - Above patch included better utmpx support from Ben Taylor
6219 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
6221 - Fix login.c breakage on systems which lack ut_host in struct
6222 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
6225 - Integration of large HPUX patch from Andre Lucas
6226 <andre.lucas@dial.pipex.com>. Integrating it had a few other
6228 - Ability to disable shadow passwords at configure time
6229 - Ability to disable lastlog support at configure time
6230 - Support for IP address in $DISPLAY
6231 - OpenBSD CVS update:
6233 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
6234 - Fix DISABLE_SHADOW support
6235 - Allow MD5 passwords even if shadow passwords are disabled
6236 - Release 1.2.1pre19
6239 - Redhat init script patch from Chun-Chung Chen
6240 <cjj@u.washington.edu>
6241 - Avoid breakage on systems without IPv6 headers
6244 - Makefile changes for Solaris from Peter Kocks
6245 <peter.kocks@baygate.com>
6246 - Minor updates to docs
6247 - Merged OpenBSD CVS changes:
6248 - [authfd.c ssh-agent.c]
6249 keysize warnings talk about identity files
6251 "Connection closed by x.x.x.x": fatal() -> log()
6252 - Correctly handle empty passwords in shadow file. Patch from:
6253 "Chris, the Young One" <cky@pobox.com>
6254 - Released 1.2.1pre18
6257 - Integrated patchs from Juergen Keil <jk@tools.de>
6258 - Avoid void* pointer arithmatic
6259 - Use LDFLAGS correctly
6260 - Fix SIGIO error in scp
6261 - Simplify status line printing in scp
6262 - Added better test for inline functions compiler support from
6263 Darren_Hall@progressive.com
6266 - OpenBSD CVS Changes
6268 fix get_remote_port() and friends for sshd -i;
6269 Holger.Trapp@Informatik.TU-Chemnitz.DE
6271 make code simpler. no need for memcpy. niels@ ok
6273 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
6276 typo; mark.baushke@solipsa.com
6277 - [channels.c ssh.c ssh.h sshd.c]
6278 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
6280 move checking of hostkey into own function.
6283 - Clean up broken includes in pty.c
6284 - Some older systems don't have poll.h, they use sys/poll.h instead
6288 - Fix compilation on systems with AFS. Reported by
6289 aloomis@glue.umd.edu
6290 - Fix installation on Solaris. Reported by
6291 Gordon Rowell <gordonr@gormand.com.au>
6292 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
6293 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
6294 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
6295 - Compile fix from David Agraz <dagraz@jahoopa.com>
6296 - Avoid compiler warning in bsd-snprintf.c
6297 - Added pam_limits.so to default PAM config. Suggested by
6298 Jim Knoble <jmknoble@jmknoble.cx>
6301 - Import of patch from Ben Taylor <bent@clark.net>:
6302 - Improved PAM support
6303 - "uninstall" rule for Makefile
6305 - Should fix PAM problems on Solaris
6306 - OpenBSD CVS updates:
6308 avoid stdio; based on work by markus, millert, and I
6310 make sure the client selects a supported cipher
6312 fix sighup handling. accept would just restart and daemon handled
6313 sighup only after the next connection was accepted. use poll on
6317 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
6318 to fix libwrap support on NetBSD
6322 - Compile fix for Solaris with /dev/ptmx from
6323 David Agraz <dagraz@jahoopa.com>
6326 - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
6327 fixes compatability with 4.x and 5.x
6328 - Fixed default SSH_ASKPASS
6329 - Fix PAM account and session being called multiple times. Problem
6330 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
6331 - Merged more OpenBSD changes:
6332 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
6333 move atomicio into it's own file. wrap all socket write()s which
6334 were doing write(sock, buf, len) != len, with atomicio() calls.
6338 properly name fd variable
6340 display great hatred towards strcpy
6341 - [pty.c pty.h sshd.c]
6342 use openpty() if it exists (it does on BSD4_4)
6344 check for ~ expansion past MAXPATHLEN
6345 - Modified helper.c to use new atomicio function.
6346 - Reformat Makefile a little
6347 - Moved RC4 routines from rc4.[ch] into helper.c
6348 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
6349 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
6350 - Tweaked Redhat spec
6351 - Clean up bad imports of a few files (forgot -kb)
6355 - Small cleanup of PAM code in sshd.c
6356 - Merged OpenBSD CVS changes:
6357 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
6358 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
6360 warn only about mismatch if key is _used_
6361 warn about keysize-mismatch with log() not error()
6362 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
6365 indent, shorter warning
6367 use error() for internal errors
6369 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
6372 - [ssh-add.1 ssh-add.c ssh.h]
6373 document $SSH_ASKPASS, reasonable default
6375 CheckHostIP is not available for connects via proxy command
6378 easier to read client code for passwd and skey auth
6379 turn of checkhostip for proxy connects, since we don't know the remote ip
6382 - Add definition for __P()
6383 - Added [v]snprintf() replacement for systems that lack it
6386 - More reformatting merged from OpenBSD CVS
6387 - Merged OpenBSD CVS changes:
6389 fix packet_integrity_check() for !have_hostname_in_open.
6390 report from mrwizard@psu.edu via djm@ibs.com.au
6392 set SO_REUSEADDR and SO_LINGER for forwarded ports.
6393 chip@valinux.com via damien@ibs.com.au
6395 it's not an error() if shutdown_write failes in nchan.
6397 remove dead #ifdef-0-code
6398 - [readconf.c servconf.c]
6399 strcasecmp instead of tolower
6401 progress meter overflow fix from damien@ibs.com.au
6402 - [ssh-add.1 ssh-add.c]
6405 postpone fork_after_authentication until command execution,
6406 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
6407 plus: use daemon() for backgrounding
6408 - Added BSD compatible install program and autoconf test, thanks to
6409 Niels Kristian Bech Jensen <nkbj@image.dk>
6410 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
6411 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
6415 - Merged very large OpenBSD source code reformat
6416 - OpenBSD CVS updates
6417 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
6418 [ssh.h sshd.8 sshd.c]
6420 * Unified Logmessage for all auth-types, for success and for failed
6421 * Standard connections get only ONE line in the LOG when level==LOG:
6422 Auth-attempts are logged only, if authentication is:
6425 c) we had more than AUTH_FAIL_LOG failues
6426 * many log() became verbose()
6427 * old behaviour with level=VERBOSE
6428 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
6429 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
6430 messages. allows use of s/key in windows (ttssh, securecrt) and
6431 ssh-1.2.27 clients without 'ssh -v', ok: niels@
6433 -V, for fallback to openssh in SSH2 compatibility mode
6435 fix sigchld race; cjc5@po.cwru.edu
6438 - Added SuSE package files from Chris Saia <csaia@wtower.com>
6439 - Restructured package-related files under packages/*
6440 - Added generic PAM config
6441 - Numerous little Solaris fixes
6442 - Add recommendation to use GNU make to INSTALL document
6445 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
6446 - OpenBSD CVS Changes
6448 don't create ~/.ssh only if the user wants to store the private
6449 key there. show fingerprint instead of public-key after
6450 keygeneration. ok niels@
6451 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
6452 - Added timersub() macro
6453 - Tidy RCSIDs of bsd-*.c
6454 - Added autoconf test and macro to deal with old PAM libraries
6455 pam_strerror definition (one arg vs two).
6456 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
6457 - Retry /dev/urandom reads interrupted by signal (report from
6458 Robert Hardy <rhardy@webcon.net>)
6459 - Added a setenv replacement for systems which lack it
6460 - Only display public key comment when presenting ssh-askpass dialog
6463 - Configure, Make and changelog corrections from Tudor Bosman
6464 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
6467 - OpenBSD CVS Changes:
6469 make this compile, bad markus
6470 - [log.c readconf.c servconf.c ssh.h]
6471 bugfix: loglevels are per host in clientconfig,
6472 factor out common log-level parsing code.
6474 remove unused index (-Wall)
6476 only one 'extern char *__progname'
6478 document SIGHUP, -Q to synopsis
6479 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
6480 [channels.c clientloop.c]
6481 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
6482 [hope this time my ISP stays alive during commit]
6483 - [OVERVIEW README] typos; green@freebsd
6485 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
6486 exit if writing the key fails (no infinit loop)
6487 print usage() everytime we get bad options
6488 - [ssh-keygen.c] overflow, djm@mindrot.org
6489 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
6492 - Merged more Solaris support from Marc G. Fournier
6493 <marc.fournier@acadiau.ca>
6494 - Wrote autoconf tests for integer bit-types
6495 - Fixed enabling kerberos support
6496 - Fix segfault in ssh-keygen caused by buffer overrun in filename
6500 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
6501 - Merged OpenBSD CVS changes
6502 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
6503 more %d vs. %s in fmt-strings
6505 Integers should not be printed with %s
6506 - EGD uses a socket, not a named pipe. Duh.
6507 - Fix includes in fingerprint.c
6508 - Fix scp progress bar bug again.
6509 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
6510 David Rankin <drankin@bohemians.lexington.ky.us>
6511 - Added autoconf option to enable Kerberos 4 support (untested)
6512 - Added autoconf option to enable AFS support (untested)
6513 - Added autoconf option to enable S/Key support (untested)
6514 - Added autoconf option to enable TCP wrappers support (compiles OK)
6515 - Renamed BSD helper function files to bsd-*
6516 - Added tests for login and daemon and enable OpenBSD replacements for
6517 when they are absent.
6518 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
6521 - Merged OpenBSD CVS changes
6522 - [scp.c] foregroundproc() in scp
6523 - [sshconnect.h] include fingerprint.h
6524 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
6526 - [ssh.1] Spell my name right.
6527 - Added openssh.com info to README
6530 - Merged OpenBSD CVS changes
6531 - [ChangeLog.Ylonen] noone needs this anymore
6532 - [authfd.c] close-on-exec for auth-socket, ok deraadt
6534 in known_hosts key lookup the entry for the bits does not need
6535 to match, all the information is contained in n and e. This
6536 solves the problem with buggy servers announcing the wrong
6537 modulus length. markus and me.
6539 bugfix: check for space if child has terminated, from:
6540 iedowse@maths.tcd.ie
6541 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
6542 [fingerprint.c fingerprint.h]
6543 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
6544 - [ssh-agent.1] typo
6545 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
6547 force logging to stderr while loading private key file
6548 (lost while converting to new log-levels)
6551 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
6552 - Merged OpenBSD CVS changes:
6553 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
6554 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
6555 the keysize of rsa-parameter 'n' is passed implizit,
6556 a few more checks and warnings about 'pretended' keysizes.
6557 - [cipher.c cipher.h packet.c packet.h sshd.c]
6558 remove support for cipher RC4
6560 a note for legay systems about secuity issues with permanently_set_uid(),
6561 the private hostkey and ptrace()
6563 more detailed messages about adding and checking hostkeys
6566 - Merged OpenBSD CVS changes:
6567 - [ssh-add.c] change passphrase loop logic and remove ref to
6569 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
6571 - Revised autoconf support for enabling/disabling askpass support.
6572 - Merged more OpenBSD CVS changes:
6574 - disconnect if getpeername() fails
6575 - missing xfree(*client)
6577 - disconnect if getpeername() fails
6578 - fix comment: we _do_ disconnect if ip-options are set
6580 - disconnect if getpeername() fails
6581 - move checking of remote port to central place
6582 [auth-rhosts.c] move checking of remote port to central place
6583 [log-server.c] avoid extra fd per sshd, from millert@
6584 [readconf.c] print _all_ bad config-options in ssh(1), too
6585 [readconf.h] print _all_ bad config-options in ssh(1), too
6586 [ssh.c] print _all_ bad config-options in ssh(1), too
6587 [sshconnect.c] disconnect if getpeername() fails
6588 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
6589 - Various small cleanups to bring diff (against OpenBSD) size down.
6590 - Merged more Solaris compability from Marc G. Fournier
6591 <marc.fournier@acadiau.ca>
6592 - Wrote autoconf tests for __progname symbol
6593 - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
6596 - Another OpenBSD CVS update:
6597 - [ssh-keygen.1] fix .Xr
6600 - Solaris compilation fixes (still imcomplete)
6603 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
6604 - Don't install config files if they already exist
6605 - Fix inclusion of additional preprocessor directives from acconfig.h
6606 - Removed redundant inclusions of config.h
6607 - Added 'Obsoletes' lines to RPM spec file
6608 - Merged OpenBSD CVS changes:
6609 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
6610 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
6611 totalsize, ok niels,aaron
6612 - Delay fork (-f option) in ssh until after port forwarded connections
6613 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
6614 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
6615 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
6616 - Tidied default config file some more
6617 - Revised Redhat initscript to fix bug: sshd (re)start would fail
6618 if executed from inside a ssh login.
6621 - Merged changes from OpenBSD CVS
6622 - [sshd.c] session_key_int may be zero
6623 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
6624 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
6626 - Brought default sshd_config more in line with OpenBSD's
6627 - Grab server in gnome-ssh-askpass (Debian bug #49872)
6630 - Added INSTALL documentation
6631 - Merged yet more changes from OpenBSD CVS
6632 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
6633 [ssh.c ssh.h sshconnect.c sshd.c]
6634 make all access to options via 'extern Options options'
6635 and 'extern ServerOptions options' respectively;
6636 options are no longer passed as arguments:
6637 * make options handling more consistent
6638 * remove #include "readconf.h" from ssh.h
6639 * readconf.h is only included if necessary
6640 - [mpaux.c] clear temp buffer
6641 - [servconf.c] print _all_ bad options found in configfile
6642 - Make ssh-askpass support optional through autoconf
6643 - Fix nasty division-by-zero error in scp.c
6647 - Added (untested) Entropy Gathering Daemon (EGD) support
6648 - Fixed /dev/urandom fd leak (Debian bug #49722)
6649 - Merged OpenBSD CVS changes:
6650 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
6651 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
6652 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
6653 - Fix integer overflow which was messing up scp's progress bar for large
6654 file transfers. Fix submitted to OpenBSD developers. Report and fix
6655 from Kees Cook <cook@cpoint.net>
6656 - Merged more OpenBSD CVS changes:
6657 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
6658 + krb-cleanup cleanup
6659 - [clientloop.c log-client.c log-server.c ]
6660 [readconf.c readconf.h servconf.c servconf.h ]
6661 [ssh.1 ssh.c ssh.h sshd.8]
6662 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
6663 obsoletes QuietMode and FascistLogging in sshd.
6664 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
6665 allow session_key_int != sizeof(session_key)
6666 [this should fix the pre-assert-removal-core-files]
6667 - Updated default config file to use new LogLevel option and to improve
6671 - Merged several minor fixes:
6672 - ssh-agent commandline parsing
6673 - RPM spec file now installs ssh setuid root
6674 - Makefile creates libdir
6675 - Merged beginnings of Solaris compability from Marc G. Fournier
6676 <marc.fournier@acadiau.ca>
6679 - Autodetection of SSL/Crypto library location via autoconf
6680 - Fixed location of ssh-askpass to follow autoconf
6681 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
6682 - Autodetection of RSAref library for US users
6684 - Merged OpenBSD CVS changes:
6685 - [rsa.c] bugfix: use correct size for memset()
6686 - [sshconnect.c] warn if announced size of modulus 'n' != real size
6687 - Added GNOME passphrase requestor (use --with-gnome-askpass)
6688 - RPM build now creates subpackages
6692 - Removed debian/ directory. This is now being maintained separately.
6693 - Added symlinks for slogin in RPM spec file
6694 - Fixed permissions on manpages in RPM spec file
6695 - Added references to required libraries in README file
6696 - Removed config.h.in from CVS
6697 - Removed pwdb support (better pluggable auth is provided by glibc)
6698 - Made PAM and requisite libdl optional
6699 - Removed lots of unnecessary checks from autoconf
6700 - Added support and autoconf test for openpty() function (Unix98 pty support)
6701 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
6703 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
6704 - Added ssh-askpass program
6705 - Added ssh-askpass support to ssh-add.c
6706 - Create symlinks for slogin on install
6707 - Fix "distclean" target in makefile
6708 - Added example for ssh-agent to manpage
6709 - Added support for PAM_TEXT_INFO messages
6710 - Disable internal /etc/nologin support if PAM enabled
6711 - Merged latest OpenBSD CVS changes:
6712 - [all] replace assert() with error, fatal or packet_disconnect
6713 - [sshd.c] don't send fail-msg but disconnect if too many authentication
6715 - [sshd.c] remove unused argument. ok dugsong
6717 - [rsa.c] clear buffers used for encryption. ok: niels
6718 - [rsa.c] replace assert() with error, fatal or packet_disconnect
6719 - [auth-krb4.c] remove unused argument. ok dugsong
6720 - Fixed coredump after merge of OpenBSD rsa.c patch
6724 - Merged change from OpenBSD CVS
6725 - One-line cleanup in sshd.c
6728 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
6729 - Merged latest updates for OpenBSD CVS:
6730 - channels.[ch] - remove broken x11 fix and document istate/ostate
6731 - ssh-agent.c - call setsid() regardless of argv[]
6732 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
6733 - Documentation cleanups
6734 - Renamed README -> README.Ylonen
6735 - Renamed README.openssh ->README
6738 - Renamed openssh* back to ssh* at request of Theo de Raadt
6739 - Incorporated latest changes from OpenBSD's CVS
6740 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
6741 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
6742 - Make distclean now removed configure script
6743 - Improved PAM logging
6744 - Added some debug() calls for PAM
6745 - Removed redundant subdirectories
6746 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
6748 - Fixed off-by-one error in PAM env patch
6752 - Further PAM enhancements.
6754 - Now uses account and session modules for all logins.
6755 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
6758 - Change binary names to open*
6759 - Fixed autoconf script to detect PAM on RH6.1
6760 - Added tests for libpwdb, and OpenBSD functions to autoconf
6763 - Imported latest OpenBSD CVS code
6764 - Updated README.openssh
6768 - Adapted PAM patch.
6771 - Excised my buggy replacements for strlcpy and mkdtemp
6772 - Imported correct OpenBSD strlcpy and mkdtemp routines.
6773 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
6774 - Picked up correct version number from OpenBSD
6775 - Added sshd.pam PAM configuration file
6776 - Added sshd.init Redhat init script
6777 - Added openssh.spec RPM spec file
6781 - Fixed include paths of OpenSSL functions
6782 - Use OpenSSL MD5 routines
6783 - Imported RC4 code from nanocrypt
6784 - Wrote replacements for OpenBSD arc4random* functions
6785 - Wrote replacements for strlcpy and mkdtemp