2 - (djm) Delete autom4te.cache after autoreconf
3 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
4 cleanup functions. With & ok djm@
5 - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a
6 run-time switch, always build --with-md5-passwords.
7 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
8 Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@
9 - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID
10 on Reliant Unix. Patch from Robert.Dahlem at siemens.com.
13 - (dtucker) OpenBSD CVS Sync
14 - markus@cvs.openbsd.org 2003/10/02 10:41:59
16 print openssl version, too, several requests; ok henning/djm.
17 - markus@cvs.openbsd.org 2003/10/02 08:26:53
19 missing $OpenBSD:; dtucker
20 - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default
24 - (dtucker) OpenBSD CVS Sync
25 - markus@cvs.openbsd.org 2003/09/23 20:17:11
26 [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
27 cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
28 monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
30 replace fatal_cleanup() and linked list of fatal callbacks with static
31 cleanup_exit() function. re-refine cleanup_exit() where appropriate,
32 allocate sshd's authctxt eary to allow simpler cleanup in sshd.
33 tested by many, ok deraadt@
34 - markus@cvs.openbsd.org 2003/09/23 20:18:52
36 don't print trailing \0; bug #709; Robert.Dahlem@siemens.com
38 - markus@cvs.openbsd.org 2003/09/23 20:41:11
39 [channels.c channels.h clientloop.c]
40 move client only agent code to clientloop.c
41 - markus@cvs.openbsd.org 2003/09/26 08:19:29
43 no need to set the listen sockets to non-block; ok deraadt@
44 - jmc@cvs.openbsd.org 2003/09/29 11:40:51
46 - add list of options to -o and .Xr ssh_config(5)
48 requested by deraadt@;
50 - markus@cvs.openbsd.org 2003/09/29 20:19:57
51 [servconf.c sshd_config]
52 GSSAPICleanupCreds -> GSSAPICleanupCredentials
53 - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring
55 - (dtucker) [ssh-gss.h] Prototype change missed in sync.
56 - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
57 Based on patches by Matthias Koeppe and Thomas Baden. ok djm@
60 - (bal) Fix issues in openbsd-compat/realpath.c
63 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove
64 DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from
65 michael_steffens at hp.com, ok djm@
66 - (tim) [sshd_config] UsePAM defaults to no.
69 - (djm) Update version.h and spec files for HEAD
70 - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6.
73 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree
74 builds. Portability corrections from tim@.
75 - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X.
76 Patch from max at quendi.de.
77 - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi.
78 - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64.
79 - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS.
80 Patch from david.haughton at ncr.com
81 - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6.
82 Part of patch supplied by bugzilla-openssh at thewrittenword.com
83 - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c
84 openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with
85 where gai_strerror is defined as "const char *". Part of patch supplied
86 by bugzilla-openssh at thewrittenword.com
87 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update
88 ssh-host-config to match current defaults, bump README version. Patch from
89 vinschen at redhat.com.
90 - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the
91 OS does not support permanently dropping privileges. Patch from
92 vinschen at redhat.com.
93 - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
94 add canohost.h to stop warning. Based on patch from openssh-unix-dev at
96 - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or
98 - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/
99 - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN.
100 Report by distler AT golem ph utexas edu.
101 - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from
102 article by genty at austin.ibm.com, included with the author's permission.
103 - (dtucker) OpenBSD CVS Sync
104 - markus@cvs.openbsd.org 2003/09/18 07:52:54
106 missing {}; bug #656; jclonguet at free.fr
107 - markus@cvs.openbsd.org 2003/09/18 07:54:48
109 protect against double free; #660; zardoz at users.sf.net
110 - markus@cvs.openbsd.org 2003/09/18 07:56:05
112 missing buffer_free(&encrypted); #662; zardoz at users.sf.net
113 - markus@cvs.openbsd.org 2003/09/18 08:49:45
114 [deattack.c misc.c session.c ssh-agent.c]
115 more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
117 - miod@cvs.openbsd.org 2003/09/18 13:02:21
118 [authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
119 A few signedness fixes for harmless situations; markus@ ok
120 - markus@cvs.openbsd.org 2003/09/19 09:02:02
122 buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471
123 - markus@cvs.openbsd.org 2003/09/19 09:03:00
125 sign fix in buffer_dump; Jedi/Sector One; pr 3473
126 - markus@cvs.openbsd.org 2003/09/19 11:29:40
128 provide a ssh-agent specific fatal() function; ok deraadt
129 - markus@cvs.openbsd.org 2003/09/19 11:30:39
131 avoid fatal_cleanup, just call exit(); ok deraadt
132 - markus@cvs.openbsd.org 2003/09/19 11:31:33
134 do not call channel_free_all on fatal; ok deraadt
135 - markus@cvs.openbsd.org 2003/09/19 11:33:09
137 do not call packet_close on fatal; ok deraadt
138 - markus@cvs.openbsd.org 2003/09/19 17:40:20
140 error handling for remote-remote copy; #638; report Harald Koenig;
141 ok millert, fgs, henning, deraadt
142 - markus@cvs.openbsd.org 2003/09/19 17:43:35
143 [clientloop.c sshtty.c sshtty.h]
144 remove fatal callbacks from client code; ok deraadt
145 - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john
147 - (tim) [configure.ac] add --disable-etc-default-login option. ok djm
148 - (djm) Sync with V_3_7 branch:
149 - (djm) Fix SSH1 challenge kludge
150 - (djm) Bug #671: Fix builds on OpenBSD
151 - (djm) Bug #676: Fix PAM stack corruption
152 - (djm) Fix bad free() in PAM code
153 - (djm) Don't call pam_end before pam_init
154 - (djm) Enable build with old OpenSSL again
155 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
156 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
159 - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL;
160 djast AT cs.toronto.edu
161 - (djm) Bug #661: Remove duplicate check for basename; from
162 bugzilla-openssh AT thewrittenword.com
163 - (djm) Bug #641: Allow RedHat RPM building without GTK-2; Patch from
164 jason AT devrandom.org
165 - (djm) Bug #646: Fix location of x11-ssh-askpass; Jim
166 - (dtucker) [openbsd-compat/port-aix.h] Bug #640: Don't include audit.h
167 unless required. Reorder to reduce warnings.
168 - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref
169 when /etc/default/login doesn't exist or isn't readable. Fixes from
170 jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
171 - (dtucker) [acconfig.h] Updated basename test needs HAVE_BASENAME
174 - (djm) Bug #652: Fix empty password auth
177 - (djm) Sync with V_3_7 branch
179 - markus@cvs.openbsd.org 2003/09/16 21:02:40
180 [buffer.c channels.c version.h]
181 more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
182 - (djm) Crank RPM spec file versions
183 - (tim) [openbsd-compat/inet_ntoa.c] 20030917 "Sync with V_3_7 branch" undid
184 20030916 "Missed dead header in inet_ntoa.c"
187 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve
188 PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
189 (eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com.
192 - deraadt@cvs.openbsd.org 2003/09/16 03:03:47
194 do not expand buffer before attempting to reallocate it; markus ok
195 - (tim) [configure.ac] Fix portability issues.
196 - (bal) Missed dead header in inet_ntoa.c
199 - (dtucker) [Makefile regress/Makefile] Fix portability issues preventing
200 the regression tests from running with Solaris' make. Patch from Brian
201 Poole (raj at cerias.purdue.edu).
202 - (dtucker) [regress/Makefile] AIX's make doesn't like " +=", so replace
206 - (dtucker) [regress/agent-timeout.sh] Timeout of 5 sec is borderline for
207 slower hosts, increase to 10 sec.
208 - (dtucker) [auth-passwd.c] On AIX, call setauthdb() before loginsuccess(),
209 required to correctly reset failed login count when using a password
210 registry other than "files" (eg LDAP, see bug #543).
211 - (tim) [configure.ac] define WITH_ABBREV_NO_TTY for SCO.
212 Report by Roger Cornelius.
213 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch
214 from cjwatson at debian.org.
217 - (tim) [regress/agent-ptrace.sh] sh doesn't like "if ! shell_function; then".
218 - (tim) [Makefile.in] only mkdir regress if it does not exist.
219 - (tim) [regress/yes-head.sh] shell portability fix.
222 - (dtucker) [configure.ac] Bug #588, #615: Move other libgen tests to after
223 the dirname test, to allow a broken dirname to be detected correctly.
224 Based partially on patch supplied by alex.kiernan at thus.net. ok djm@
225 - (tim) [configure.ac] Move libgen tests to before libwrap to unbreak
226 UnixWare 2.03 using --with-tcp-wrappers.
227 - (tim) [configure.ac] Prefer setuid/setgid on UnixWare and Open Server.
228 - (tim) [regress/agent-ptrace.sh regress/dynamic-forward.sh
229 regress/sftp-cmds.sh regress/stderr-after-eof.sh regress/test-exec.sh]
230 no longer depends on which(1). patch by dtucker@
233 - (dtucker) [configure.ac] Bug #636: Add support for Cray's new X1 machine.
234 Patch from wendyp at cray.com.
235 - (dtucker) [configure.ac] Part of bug #615: tcsendbreak might be a macro.
236 - (dtucker) [regressh/yes-head.sh] Some platforms (eg Solaris) don't have
240 - (tim) [regress/Makefile] Fixes for building outside of a read-only
242 - (tim) [regress/agent-timeout.sh] s/TIMEOUT/SSHAGENT_TIMEOUT/ Fixes conflict
243 with shell read-only variable.
244 - (tim) [regress/sftp-badcmds.sh regress/sftp-cmds.sh] Fix errors like
245 UX:rm: ERROR: Cannot remove '.' or '..'
248 - (tim) [configure.ac openbsd-compat/getrrsetbyname.c] wrap _getshort and
250 - (tim) [configure.ac acconfig.h openbsd-compat/getrrsetbyname.c] test for
251 HEADER.ad in arpa/nameser.h
252 - (tim) [ssh-keygen.c] s/PATH_MAX/MAXPATHLEN/ ok mouring@
255 - (dtucker) [agent-ptrace.sh dynamic-forward.sh (all regress/)]
256 Put "which" inside quotes.
257 - (dtucker) [dynamic-forward.sh forwarding.sh sftp-batch.sh (all regress/)]
258 Add ${EXEEXT}: required to work on Cygwin.
259 - (dtucker) [regress/sftp-batch.sh] Make temporary batch file name more
260 distinctive, so "rm ${BATCH}.*" doesn't match the script itself.
261 - (dtucker) [regress/sftp-cmds.sh] Skip quoted file test on Cygwin.
262 - (dtucker) [openbsd-compat/xcrypt.c] #elsif -> #elif
263 - (dtucker) [acconfig.h] Typo.
264 - (dtucker) [CREDITS Makefile.in configure.ac mdoc2man.awk mdoc2man.pl]
265 Replace mdoc2man.pl with mdoc2man.awk, provided by Peter Stuge.
268 - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX.
271 - (dtucker) [Makefile.in] Add distclean target for regress/, fix clean target.
274 - (dtucker) Portablize regression tests. Parts contributed by Roumen
275 Petrov, David M. Williams and Corinna Vinschen.
276 - [Makefile.in] Add "make tests" target and "make clean" hooks.
277 - [regress/agent-getpeereid.sh] Skip test on platforms that don't support
279 - [regress/agent-ptrace.sh] Skip tests if platform doesn't support it or
281 - [regress/reconfigure/sh] Make path to sshd fully qualified if required.
282 - [regress/rekey.sh] Remove dependence on /dev/zero (not all platforms have
283 it). The sparse file will take less disk space too.
284 - [regress/sftp-cmds.sh] Ensure files used for test are readable.
285 - [regress/stderr-after-eof.sh] Search for a usable checksum program.
286 - [regress/sftp-badcmds.sh regress/sftp-cmds.sh regress/sftp.sh
287 regress/ssh-com-client.sh regress/ssh-com-sftp.sh regress/stderr-data.sh
288 regress/transfer.sh] Use ${EXEEXT} where appropriate.
289 - [regress/sftp.sh regress/ssh-com-sftp.sh] Remove dependency on /dev/stdin.
290 - [regress/agent-ptrace.sh regress/agent-timeout.sh]
291 "grep -q" -> "grep >/dev/null"
292 - [regress/agent.sh regress/proto-version.sh regress/ssh-com.sh
293 regress/test-exec.sh] Handle different ways of echoing without newlines.
294 - [regress/dynamic-forward.sh] Some "which" programs output on stderr.
295 - [regress/sftp-cmds.sh] Use portable "test" option.
296 - [regress/test-exec.sh] Use sudo, search for "whoami" equivalent, always
297 use Strictmodes no, wait longer for sshd startup.
298 - [regress/Makefile] Remove BSDisms.
299 - [regress/README.regress] Add a basic readme.
300 - [Makefile.in regress/agent-getpeereid.sh] config.h is now in $BUILDDIR
302 - [Makefile.in regress/agent-ptrace] Fix minor regress issues on Cygwin.
305 - (djm) OpenBSD CVS Sync
306 - markus@cvs.openbsd.org 2003/08/26 09:58:43
307 [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
309 fix passwd auth for 'username leaks via timing'; with djm@, original
311 - markus@cvs.openbsd.org 2003/08/28 12:54:34
313 remove kerberos support from ssh1, since it has been replaced with GSSAPI;
314 but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
315 - markus@cvs.openbsd.org 2003/09/02 16:40:29
318 - jmc@cvs.openbsd.org 2003/09/02 18:50:06
319 [sftp.1 ssh_config.5]
324 - (djm) OpenBSD CVS Sync
325 - deraadt@cvs.openbsd.org 2003/08/24 17:36:51
327 64 bit cleanups; markus ok
328 - markus@cvs.openbsd.org 2003/08/28 12:54:34
329 [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
330 [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
331 [sshconnect1.c sshd.c sshd_config sshd_config.5]
332 remove kerberos support from ssh1, since it has been replaced with GSSAPI;
333 but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
334 - markus@cvs.openbsd.org 2003/08/29 10:03:15
336 SSH_BUG_K5USER is unused; ok henning@
337 - markus@cvs.openbsd.org 2003/08/29 10:04:36
339 be less chatty; debug -> debug2, cleanup; ok henning@
340 - markus@cvs.openbsd.org 2003/08/31 10:26:04
342 pass file_size + 1 to snprintf: fixes printing of truncated
343 file names; fix based on patch/report from sturm@;
344 - markus@cvs.openbsd.org 2003/08/31 12:14:22
347 - markus@cvs.openbsd.org 2003/08/31 13:29:05
349 call ssh_gssapi_storecreds conditionally from do_exec();
350 with sxw@inf.ed.ac.uk
351 - markus@cvs.openbsd.org 2003/08/31 13:30:18
353 correct string termination in parse_ename(); sxw@inf.ed.ac.uk
354 - markus@cvs.openbsd.org 2003/08/31 13:31:57
357 - markus@cvs.openbsd.org 2003/09/01 09:50:04
359 gss kex is not supported; sxw@inf.ed.ac.uk
360 - markus@cvs.openbsd.org 2003/09/01 12:50:46
362 rm gssapidelegatecreds alias; never supported before
363 - markus@cvs.openbsd.org 2003/09/01 13:52:18
366 - markus@cvs.openbsd.org 2003/09/01 18:15:50
367 [readconf.c readconf.h servconf.c servconf.h ssh.c]
368 remove unused kerberos code; ok henning@
369 - markus@cvs.openbsd.org 2003/09/01 20:44:54
372 - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler
373 error. Part of Bug #423, patch from michael_steffens AT hp.com
374 - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session
375 management (now done in do_setusercontext). Largely from
376 michael_steffens AT hp.com
377 - (djm) Fix openbsd-compat/ again - remove references to strl(cpy|cat).h
380 - (bal) openbsd-compat/ clean up. Considate headers, add in Id on our
381 files, and added missing license to header.
384 - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint"
385 as deprecated. Remove mention from README.privsep. Patch from
387 - (dtucker) OpenBSD CVS Sync
388 - markus@cvs.openbsd.org 2003/08/22 10:56:09
389 [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
390 gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
391 readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
392 ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
393 support GSS API user authentication; patches from Simon Wilkinson,
394 stripped down and tested by Jakob and myself.
395 - markus@cvs.openbsd.org 2003/08/22 13:20:03
397 remove support for "kerberos-2@ssh.com"
398 - markus@cvs.openbsd.org 2003/08/22 13:22:27
399 [auth2.c] (auth2-krb5.c removed)
400 nuke "kerberos-2@ssh.com"
401 - markus@cvs.openbsd.org 2003/08/22 20:55:06
404 - deraadt@cvs.openbsd.org 2003/08/24 17:36:52
405 [monitor.c monitor_wrap.c sshconnect2.c]
406 64 bit cleanups; markus ok
407 - fgsch@cvs.openbsd.org 2003/08/25 08:13:09
409 fix div by zero when listing for filename lengths longer than width.
411 - djm@cvs.openbsd.org 2003/08/25 10:33:33
413 fprintf->logit to silence login banner with "ssh -q"; ok markus@
414 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
415 configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
416 sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
417 - (dtucker) [Makefile.in] Remove auth2-krb5.
418 - (dtucker) [contrib/aix/inventory.sh] Add public domain notice. ok mouring@
419 (the original author)
420 - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.
423 - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
424 larsch@trustcenter.de
425 - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications
426 and minor fixes. OK djm@
427 - (bal) redo how we handle 'mysignal()'. Move it to
428 openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
429 be our 'mysignal' by default. OK djm@
430 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
431 any access to locked accounts. ok djm@
432 - (djm) Bug #564: Perform PAM account checks for all authentications when
433 UsePAM=yes; ok dtucker
434 - (dtucker) [configure.ac] Bug #533, #551: define BROKEN_GETADDRINFO on
435 Tru64, solves getnameinfo and "bad addr or host" errors. ok djm@
436 - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix)
437 Update package builder: correctly handle config variables, use lsuser
438 rather than /etc/passwd, fix typos, add Id's.
441 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
443 - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys
444 rather that authorized_keys2. Patch from vinschen@redhat.com.
447 - (dtucker) OpenBSD CVS Sync
448 - markus@cvs.openbsd.org 2003/08/14 16:08:58
450 exit after primetest, ok djm@
451 - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros,
452 change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for
454 - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement
455 and after normal openpty test.
458 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.
459 - (dtucker) OpenBSD CVS Sync
460 - markus@cvs.openbsd.org 2003/08/13 08:33:02
462 use more portable tcsendbreak(3) and ignore break_length;
464 - markus@cvs.openbsd.org 2003/08/13 08:46:31
465 [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
466 ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
467 remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
468 fgsch@, miod@, henning@, jakob@ and others
469 - markus@cvs.openbsd.org 2003/08/13 09:07:10
471 socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
472 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
473 Add a tcsendbreak function for platforms that don't have one, based on the
477 - (dtucker) OpenBSD CVS Sync
478 (thanks to Simon Wilkinson for help with this -dt)
479 - markus@cvs.openbsd.org 2003/07/16 15:02:06
481 mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
482 otherwise the kerberos credentinal is stored in a memory cache
483 in the privileged sshd. ok jabob@, hin@ (some time ago)
484 - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate
485 in bsd-cygwin_util.h).
488 - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and
489 AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition
490 separately before defining them.
491 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@
494 - (dtucker) [session.c] Have session_break_req not attempt to send a break
495 if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
496 - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is
497 defined (fixes compile error on really old Linuxes).
498 - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if
499 not already defined (eg Linux with some versions of libc5), based on those
501 - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
502 Remove incorrect filenames from comments (file names are in Id tags).
503 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
504 specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
507 - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
508 - (dtucker) OpenBSD CVS Sync
509 - markus@cvs.openbsd.org 2003/07/22 13:35:22
510 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
511 monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
512 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
513 remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
515 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
516 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
517 - (dtucker) OpenBSD CVS Sync
518 - markus@cvs.openbsd.org 2003/07/23 07:42:43
521 - djm@cvs.openbsd.org 2003/07/28 09:49:56
522 [ssh-keygen.1 ssh-keygen.c]
523 Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
524 Based on code from Phil Karn, William Allen Simpson and Niels Provos.
525 ok markus@, thanks jmc@
526 - markus@cvs.openbsd.org 2003/07/29 18:24:00
527 [LICENCE progressmeter.c]
528 replace 4 clause BSD licensed progressmeter code with a replacement
529 from Nils Nordman and myself; ok deraadt@
530 (copied from OpenBSD an re-applied portable changes)
531 - markus@cvs.openbsd.org 2003/07/29 18:26:46
533 fix length for "- stalled -" (included with previous import)
534 - markus@cvs.openbsd.org 2003/07/30 07:44:14
536 use only 4 digits in format_size (included with previous import)
537 - markus@cvs.openbsd.org 2003/07/30 07:53:27
539 whitespace (included with previous import)
540 - markus@cvs.openbsd.org 2003/07/31 09:21:02
542 check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za
544 - avsm@cvs.openbsd.org 2003/07/31 15:50:16
546 correct comment: atomicio takes vwrite, not write; deraadt@ ok
547 - markus@cvs.openbsd.org 2003/07/31 22:34:03
549 print rate similar old version; round instead truncate;
550 (included in previous progressmeter.c commit)
551 - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
552 Add a tcgetpgrp function.
553 - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
554 - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp.
557 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
560 - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW ->
561 DISABLE_SHADOW. Fixes HP-UX compile error.
564 - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
565 openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
566 and isolate shadow password functions. Tested in Solaris, but should
567 not break other platforms too badly (except maybe HP =). Also brings
568 auth-passwd.c into full sync with OpenBSD tree.
571 - (dtucker) [configure.ac] Back out change for bug #620.
574 - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for
575 Solaris/x86. Patch from jrhett at isite.net.
576 - (dtucker) OpenBSD CVS Sync
577 - markus@cvs.openbsd.org 2003/07/14 12:36:37
579 remove undocumented -V option. would be only useful if openssh is used
580 as ssh v1 server for ssh.com's ssh v2.
581 - markus@cvs.openbsd.org 2003/07/16 10:34:53
583 don't exit on multiple -v or -d; ok deraadt@
584 - markus@cvs.openbsd.org 2003/07/16 10:36:28
586 clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@
587 - deraadt@cvs.openbsd.org 2003/07/18 01:54:25
589 userid is unsigned, but well, force it anyways; andrushock@korovino.net
590 - djm@cvs.openbsd.org 2003/07/19 00:45:53
592 fix sftp filename parsing for arguments with escaped quotes. bz #517;
594 - djm@cvs.openbsd.org 2003/07/19 00:46:31
595 [regress/sftp-cmds.sh]
596 regress test for sftp arguments with escaped quotes; ok markus
599 - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
600 loginfailed at all, so assume 3-arg loginfailed if not declared.
601 - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
603 - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
604 Call setauthdb() before loginfailed(), which may load password registry-
605 specific functions. Based on patch by cawlfiel at us.ibm.com.
606 - (dtucker) [port-aix.h] Fix prototypes.
607 - (dtucker) OpenBSD CVS Sync
608 - avsm@cvs.openbsd.org 2003/07/09 13:58:19
610 minor tweak: when generating the hex fingerprint, give strlcat the full
611 bound to the buffer, and add a comment below explaining why the
612 zero-termination is one less than the bound. markus@ ok
613 - markus@cvs.openbsd.org 2003/07/10 14:42:28
615 the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
616 blowfish, etc, so enforce a 1GB limit for small blocksizes.
617 - markus@cvs.openbsd.org 2003/07/10 20:05:55
619 sync usage with manpage, add missing -R
622 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
623 Include AIX headers for authentication functions and make calls match
624 prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed.
625 - (dtucker) [session.c] Check return value of setpcred().
626 - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
627 Convert aixloginmsg into platform-independant Buffer loginmsg.
630 - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
631 searching libraries for it. Fixes build errors on NCR MP-RAS.
634 - (dtucker) [ssh-rand-helper.c loginrec.c]
635 Apply atomicio typing change to these too.
638 - (dtucker) OpenBSD CVS Sync
639 - djm@cvs.openbsd.org 2003/06/28 07:48:10
641 report pidfile creation errors, based on patch from Roumen Petrov;
643 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
644 [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
645 progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
647 deal with typing of write vs read in atomicio
648 - markus@cvs.openbsd.org 2003/06/29 12:44:38
650 memset 0, not \0; andrushock@korovino.net
651 - markus@cvs.openbsd.org 2003/07/02 12:56:34
653 deny dynamic forwarding with -R for v1, too; ok djm@
654 - markus@cvs.openbsd.org 2003/07/02 14:51:16
655 [channels.c ssh.1 ssh_config.5]
656 (re)add socks5 suppport to -D; ok djm@
657 now ssh(1) can act both as a socks 4 and socks 5 server and
658 dynamically forward ports.
659 - markus@cvs.openbsd.org 2003/07/02 20:37:48
661 convert hostkeyalias to lowercase, otherwise uppercase aliases will
662 not match at all; ok henning@
663 - markus@cvs.openbsd.org 2003/07/03 08:21:46
664 [regress/dynamic-forward.sh]
665 add socks5; speedup; reformat; based on patch from dtucker@zip.com.au
666 - markus@cvs.openbsd.org 2003/07/03 08:24:13
668 enable tests for dynamic fwd via socks (-D), uses nc(1)
669 - djm@cvs.openbsd.org 2003/07/03 08:09:06
670 [readconf.c readconf.h ssh-keysign.c ssh.c]
671 fix AddressFamily option in config file, from brent@graveland.net;
675 - (djm) Search for support functions necessary to build our
676 getrrsetbyname() replacement. Patch from Roumen Petrov
679 - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h
680 (fixes compiler warnings on Solaris 2.5.1).
681 - (dtucker) [configure.ac] Add sanity test after system-dependant compiler
685 - (djm) Bug #591: use PKCS#15 private key label as a comment in case
686 of OpenSC. Report and patch from larsch@trustcenter.de
687 - (djm) Bug #593: Sanity check OpenSC card reader number; patch from
689 - (dtucker) OpenBSD CVS Sync
690 - markus@cvs.openbsd.org 2003/06/23 09:02:44
692 document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
693 - markus@cvs.openbsd.org 2003/06/24 08:23:46
694 [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
695 monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
696 int -> u_int; ok djm@, deraadt@, mouring@
697 - miod@cvs.openbsd.org 2003/06/25 22:39:36
699 Typo police: attribute is better written with an 'r'.
700 - markus@cvs.openbsd.org 2003/06/26 20:08:33
702 do not dump core for 'ssh -o proxycommand host'; ok deraadt@
703 - (dtucker) [regress/dynamic-forward.sh] Import new regression test.
704 - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE
705 actually enable the feature, for those normally disabled. Patch by
706 openssh (at) roumenpetrov.info.
709 - (dtucker) Have configure refer the user to config.log and
710 contrib/findssl.sh for OpenSSL header/library mismatches.
713 - (dtucker) OpenBSD CVS Sync
714 - markus@cvs.openbsd.org 2003/06/21 09:14:05
715 [regress/reconfigure.sh]
716 missing $SUDO; from dtucker@zip.com.au
717 - markus@cvs.openbsd.org 2003/06/18 11:28:11
719 backout last change, since it violates pkcs#1
720 switch to share/misc/license.template
721 - djm@cvs.openbsd.org 2003/06/20 05:47:58
723 sync description of protocol 2 cipher proposal; ok markus
724 - djm@cvs.openbsd.org 2003/06/20 05:48:21
726 sync some implemented options; ok markus@
727 - (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS.
728 - (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before
732 - (djm) OpenBSD CVS Sync
733 - markus@cvs.openbsd.org 2003/06/12 07:57:38
734 [monitor.c sshlogin.c sshpty.c]
735 typos; dtucker at zip.com.au
736 - djm@cvs.openbsd.org 2003/06/12 12:22:47
738 mention more copyright holders; ok markus@
739 - nino@cvs.openbsd.org 2003/06/12 15:34:09
742 - markus@cvs.openbsd.org 2003/06/12 19:12:03
743 [scard.c scard.h ssh-agent.c ssh.c]
744 add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
745 - markus@cvs.openbsd.org 2003/06/16 08:22:35
747 make sure the signature has at least the expected length (don't
748 insist on len == hlen + oidlen, since this breaks some smartcards)
749 bugzilla #592; ok djm@
750 - markus@cvs.openbsd.org 2003/06/16 10:22:45
752 print out key comment on each prompt; make ssh-askpass more useable; ok djm@
753 - markus@cvs.openbsd.org 2003/06/17 18:14:23
755 use license from /usr/share/misc/license.template for new code
756 - (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh]
757 Import new regression tests from OpenBSD
758 - (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS.
759 - (dtucker) OpenBSD CVS Sync (regress/)
760 - markus@cvs.openbsd.org 2003/04/02 12:21:13
763 - djm@cvs.openbsd.org 2003/04/04 09:34:22
764 [Makefile sftp-cmds.sh]
765 More regression tests, including recent directory rename bug; ok markus@
766 - markus@cvs.openbsd.org 2003/05/14 22:08:27
767 [ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh]
768 test against some new commerical versions
769 - mouring@cvs.openbsd.org 2003/05/15 04:07:12
771 Advanced put/get testing for sftp. OK @djm
772 - markus@cvs.openbsd.org 2003/06/12 15:40:01
775 - markus@cvs.openbsd.org 2003/06/12 15:43:32
777 test -HUP; dtucker at zip.com.au
780 - (djm) Update license on fake-rfc2553.[ch]; ok itojun@
783 - (djm) Mention portable copyright holders in LICENSE
784 - (djm) Put licenses on substantial header files
785 - (djm) Sync LICENSE against OpenBSD
786 - (djm) OpenBSD CVS Sync
787 - jmc@cvs.openbsd.org 2003/06/10 09:12:11
788 [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
789 [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
791 - COMPATIBILITY merge
793 - kill whitespace at EOL
794 - new sentence, new line
796 - deraadt@cvs.openbsd.org 2003/06/10 22:20:52
797 [packet.c progressmeter.c]
798 mostly ansi cleanup; pval ok
799 - jakob@cvs.openbsd.org 2003/06/11 10:16:16
801 clean up check_host_key() and improve SSHFP feedback. ok markus@
802 - jakob@cvs.openbsd.org 2003/06/11 10:18:47
804 sync with check_host_key() change
805 - djm@cvs.openbsd.org 2003/06/11 11:18:38
806 [authfd.c authfd.h ssh-add.c ssh-agent.c]
807 make agent constraints (lifetime, confirm) work with smartcard keys;
812 - (djm) Sync README.smartcard with OpenBSD -current
813 - (djm) Re-merge OpenSC info into README.smartcard
816 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
819 - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
821 - (djm) Implement paranoid priv dropping checks, based on:
822 "SetUID demystified" - Hao Chen, David Wagner and Drew Dean
823 Proceedings of USENIX Security Symposium 2002
824 - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
825 - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
826 - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
827 Patch from larsch@trustcenter.de
828 - (djm) Bug #589 - scard-opensc: load only keys with a private keys
829 Patch from larsch@trustcenter.de
830 - (dtucker) Add includes.h to fake-rfc2553.c so it will build.
831 - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c).
834 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
835 simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
836 - (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
837 Patch from larsch@trustcenter.de; ok markus@
838 - (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from
839 larsch@trustcenter.de; ok markus@
840 - (djm) OpenBSD CVS Sync
841 - djm@cvs.openbsd.org 2003/06/04 08:25:18
843 disable challenge/response and keyboard-interactive auth methods
844 upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
846 - djm@cvs.openbsd.org 2003/06/04 10:23:48
848 remove duplicated group-dropping code; ok markus@
849 - djm@cvs.openbsd.org 2003/06/04 12:03:59
851 remove bitrotten commet; ok markus@
852 - djm@cvs.openbsd.org 2003/06/04 12:18:49
855 - djm@cvs.openbsd.org 2003/06/04 12:40:39
857 kill ssh process upon receipt of signal, bz #241.
858 based on patch from esb AT hawaii.edu; ok markus@
859 - djm@cvs.openbsd.org 2003/06/04 12:41:22
861 kill ssh process on receipt of signal; ok markus@
862 - (djm) Update to fix of bug #584: lock card before return.
863 From larsch@trustcenter.de
864 - (djm) Always use mysignal() for SIGALRM
867 - (djm) Replace setproctitle replacement with code derived from
869 - (djm) OpenBSD CVS Sync
870 - markus@cvs.openbsd.org 2003/06/02 09:17:34
871 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
872 [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
874 deprecate VerifyReverseMapping since it's dangerous if combined
875 with IP based access control as noted by Mike Harding; replace with
876 a UseDNS option, UseDNS is on by default and includes the
877 VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
879 - millert@cvs.openbsd.org 2003/06/03 02:56:16
881 Remove the advertising clause in the UCB license which Berkeley
882 rescinded 22 July 1999. Proofed by myself and Theo.
883 - (djm) Fix portable-specific uses of verify_reverse_mapping too
884 - (djm) Sync openbsd-compat with OpenBSD CVS.
885 - No more 4-term BSD licenses in linked code
886 - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
889 - (djm) Fix segv from bad reordering in auth-pam.c
890 - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
892 - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
894 - (djm) Remove "noip6" option from RedHat spec file. This may now be
895 set at runtime using AddressFamily option.
896 - (djm) Fix use of macro before #define in cipher-aes.c
897 - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
898 - (djm) OpenBSD CVS Sync
899 - djm@cvs.openbsd.org 2003/05/26 12:54:40
901 fix format strings; ok markus@
902 - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
904 seteuid and setegid; markus ok
905 - jakob@cvs.openbsd.org 2003/06/02 08:31:10
907 VerifyHostKeyDNS is v2 only. ok markus@
910 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
912 - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
915 - (djm) Avoid auth2-chall.c warning when compiling without
916 PAM, BSD_AUTH and SKEY
919 - (djm) OpenBSD CVS Sync
920 - djm@cvs.openbsd.org 2003/05/24 09:02:22
922 pass logged data through strnvis; ok markus
923 - djm@cvs.openbsd.org 2003/05/24 09:30:40
924 [authfile.c monitor.c sftp-common.c sshpty.c]
925 cast some types for printing; ok markus@
928 - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
931 - (djm) Use VIS_SAFE on logged strings rather than default strnvis
932 encoding (which encodes many more characters)
934 - jmc@cvs.openbsd.org 2003/05/20 12:03:35
936 - new sentence, new line
940 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
941 [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
942 new sentence, new line
943 - djm@cvs.openbsd.org 2003/05/23 08:29:30
948 - (djm) OpenBSD CVS Sync
949 - deraadt@cvs.openbsd.org 2003/05/18 23:22:01
951 use syslog_r() in a signal handler called place; markus ok
952 - (djm) Configure logic to detect syslog_r and friends
955 - (djm) Sync auth-pam.h with what we actually implement
958 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
960 - (djm) OpenBSD CVS Sync
961 - djm@cvs.openbsd.org 2003/05/16 03:27:12
962 [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
963 add AddressFamily option to ssh_config (like -4, -6 on commandline).
964 Portable bug #534; ok markus@
965 - itojun@cvs.openbsd.org 2003/05/17 03:25:58
967 just in case, put numbers to sscanf %s arg.
968 - markus@cvs.openbsd.org 2003/05/17 04:27:52
969 [cipher.c cipher-ctr.c myproposal.h]
970 experimental support for aes-ctr modes from
971 http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
973 - (djm) Remove IPv4 by default hack now that we can specify AF in config
974 - (djm) Tidy and trim TODO
975 - (djm) Sync openbsd-compat/ with OpenBSD CVS head
976 - (djm) Big KNF on openbsd-compat/
977 - (djm) KNF on md5crypt.[ch]
978 - (djm) KNF on auth-sia.[ch]
981 - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
984 - (djm) OpenBSD CVS Sync
985 - djm@cvs.openbsd.org 2003/05/15 13:52:10
987 Make "ssh -V" print the OpenSSL version in a human readable form. Patch
988 from Craig Leres (mindrot at ee.lbl.gov); ok markus@
989 - jakob@cvs.openbsd.org 2003/05/15 14:02:47
990 [readconf.c servconf.c]
991 warn for unsupported config option. ok markus@
992 - markus@cvs.openbsd.org 2003/05/15 14:09:21
994 fix 64bit issue; report itojun@
995 - djm@cvs.openbsd.org 2003/05/15 14:55:25
996 [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
997 add a ConnectTimeout option to ssh, based on patch from
998 Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
999 - (djm) Add warning for UsePAM when built without PAM support
1000 - (djm) A few type mismatch fixes from Bug #565
1001 - (djm) Guard free_pam_environment against NULL argument. Works around
1002 HP/UX PAM problems debugged by dtucker
1005 - (djm) OpenBSD CVS Sync
1006 - jmc@cvs.openbsd.org 2003/05/14 13:11:56
1010 - jakob@cvs.openbsd.org 2003/05/14 18:16:20
1011 [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
1012 [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
1013 add experimental support for verifying hos keys using DNS as described
1014 in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
1015 ok markus@ and henning@
1016 - markus@cvs.openbsd.org 2003/05/14 22:24:42
1017 [clientloop.c session.c ssh.1]
1018 allow to send a BREAK to the remote system; ok various
1019 - markus@cvs.openbsd.org 2003/05/15 00:28:28
1021 cleanup unregister of per-method packet handlers; ok djm@
1022 - jakob@cvs.openbsd.org 2003/05/15 01:48:10
1023 [readconf.c readconf.h servconf.c servconf.h]
1024 always parse kerberos options. ok djm@ markus@
1025 - jakob@cvs.openbsd.org 2003/05/15 02:27:15
1027 add missing freerrset
1028 - markus@cvs.openbsd.org 2003/05/15 03:08:29
1029 [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
1030 split out custom EVP ciphers
1031 - djm@cvs.openbsd.org 2003/05/15 03:10:52
1033 avoid warning; ok jakob@
1034 - mouring@cvs.openbsd.org 2003/05/15 03:39:07
1036 Make put/get (globed and nonglobed) code more consistant. OK djm@
1037 - mouring@cvs.openbsd.org 2003/05/15 03:43:59
1039 Teach ls how to display multiple column display and allow users
1040 to return to single column format via 'ls -1'. OK @djm
1041 - jakob@cvs.openbsd.org 2003/05/15 04:08:44
1042 [readconf.c servconf.c]
1043 disable kerberos when not supported. ok markus@
1044 - markus@cvs.openbsd.org 2003/05/15 04:08:41
1047 - (djm) Always parse UsePAM
1048 - (djm) Configure glue for DNS support (code doesn't work in portable yet)
1049 - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
1050 - (djm) Tidy Makefile clean targets
1051 - (djm) Adapt README.dns for portable
1052 - (djm) Avoid uuencode.c warnings
1053 - (djm) Enable UsePAM when built --with-pam
1054 - (djm) Only build getrrsetbyname replacement when using --with-dns
1055 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
1057 - (djm) Bug #444: Wrong paths after reconfigure
1058 - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
1061 - (djm) Bug #117: Don't lie to PAM about username
1062 - (djm) RCSID sync w/ OpenBSD
1063 - (djm) OpenBSD CVS Sync
1064 - djm@cvs.openbsd.org 2003/04/09 12:00:37
1066 strip trailing whitespace from config lines before parsing.
1067 Fixes bz 528; ok markus@
1068 - markus@cvs.openbsd.org 2003/04/12 10:13:57
1070 hide cipher details; ok djm@
1071 - markus@cvs.openbsd.org 2003/04/12 10:15:36
1074 - naddy@cvs.openbsd.org 2003/04/12 11:40:15
1076 document -V switch, fix wording; ok markus@
1077 - markus@cvs.openbsd.org 2003/04/14 14:17:50
1078 [channels.c sshconnect.c sshd.c ssh-keyscan.c]
1079 avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
1080 - mouring@cvs.openbsd.org 2003/04/14 21:31:27
1082 Missing globfree(&g) in process_put() spotted by Vince Brimhall
1083 <VBrimhall@novell.com>. ok@ Theo
1084 - markus@cvs.openbsd.org 2003/04/16 14:35:27
1086 document struct Authctxt; with solar
1087 - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
1089 -t in usage(); rogier@quaak.org
1090 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
1091 [sshd.8 sshd_config.5]
1092 Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
1093 Bug #550 and * escaping suggested by jmc@.
1094 - david@cvs.openbsd.org 2003/04/30 20:41:07
1096 fix invalid .Pf macro usage introduced in previous commit
1098 - markus@cvs.openbsd.org 2003/05/11 16:56:48
1099 [authfile.c ssh-keygen.c]
1100 change key_load_public to try to read a public from:
1101 rsa1 private or rsa1 public and ssh2 keys.
1102 this makes ssh-keygen -e fail for ssh1 keys more gracefully
1103 for example; report from itojun (netbsd pr 20550).
1104 - markus@cvs.openbsd.org 2003/05/11 20:30:25
1105 [channels.c clientloop.c serverloop.c session.c ssh.c]
1106 make channel_new() strdup the 'remote_name' (not the caller); ok theo
1107 - markus@cvs.openbsd.org 2003/05/12 16:55:37
1109 for pubkey authentication try the user keys in the following order:
1110 1. agent keys that are found in the config file
1112 3. keys that are only listed in the config file
1113 this helps when an agent has many keys, where the server might
1114 close the connection before the correct key is used. report & ok pb@
1115 - markus@cvs.openbsd.org 2003/05/12 18:35:18
1117 typo: DSA keys are of type ssh-dss; Brian Poole
1118 - markus@cvs.openbsd.org 2003/05/14 00:52:59
1120 ranges for per auth method messages
1121 - djm@cvs.openbsd.org 2003/05/14 01:00:44
1123 emphasise the batchmode functionality and make reference to pubkey auth,
1124 both of which are FAQs; ok markus@
1125 - markus@cvs.openbsd.org 2003/05/14 02:15:47
1126 [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
1127 implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
1128 server interops with commercial client; ok jakob@ djm@
1129 - jmc@cvs.openbsd.org 2003/05/14 08:25:39
1131 - better formatting in SYNOPSIS
1134 - markus@cvs.openbsd.org 2003/05/14 08:57:49
1136 http://bugzilla.mindrot.org/show_bug.cgi?id=560
1137 Privsep child continues to run after monitor killed.
1138 Pass monitor signals through to child; Darren Tucker
1139 - (djm) Make portable build with MIT krb5 (some issues remain)
1140 - (djm) Add new UsePAM configuration directive to allow runtime control
1141 over usage of PAM. This allows non-root use of sshd when built with
1143 - (djm) Die screaming if start_pam() is called when UsePAM=no
1144 - (djm) Avoid KrbV leak for MIT Kerberos
1145 - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
1146 - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
1149 - (djm) Redhat spec: Don't install profile.d scripts when not
1150 building with GNOME/GTK askpass (patch from bet@rahul.net)
1153 - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
1154 "make install". Patch by roth@feep.net.
1155 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
1156 problem on Linux (fixes "could not set controlling tty" errors).
1157 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
1158 proper challenge-response module
1159 - (djm) 2-clause license on loginrec.c, with permission from
1163 - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
1164 Patch from vinschen@redhat.com.
1167 - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
1171 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
1172 privsep should now work.
1173 - (dtucker) Move handling of bad password authentications into a platform
1174 specific record_failed_login() function (affects AIX & Unicos). ok mouring@
1177 - (djm) Add back radix.o (used by AFS support), after it went missing from
1178 Makefile many moons ago
1179 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
1180 - (djm) Fix blibpath specification for AIX/gcc
1181 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
1184 - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
1188 - (bal) Bug #541: return; was dropped by mistake. Reported by
1190 - (bal) Since we don't support platforms lacking u_int_64. We may
1191 as well clean out some of those evil #ifdefs
1192 - (bal) auth1.c minor resync while looking at the code.
1193 - (bal) auth2.c same changed as above.
1196 - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
1197 from matth@eecs.berkeley.edu
1198 - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
1199 - (djm) OpenBSD CVS Sync
1200 - markus@cvs.openbsd.org 2003/04/02 09:48:07
1201 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
1202 [readconf.h serverloop.c sshconnect2.c]
1203 reapply rekeying chage, tested by henning@, ok djm@
1204 - markus@cvs.openbsd.org 2003/04/02 14:36:26
1206 potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
1207 - itojun@cvs.openbsd.org 2003/04/03 07:25:27
1210 - itojun@cvs.openbsd.org 2003/04/03 10:17:35
1212 remove $OpenBSD$, as other *.c does not have it.
1213 - markus@cvs.openbsd.org 2003/04/07 08:29:57
1215 typo: get correct counters; introduced during rekeying change.
1216 - millert@cvs.openbsd.org 2003/04/07 21:58:05
1218 The UCB copyright here is incorrect. This code did not originate
1219 at UCB, it was written by Luke Mewburn. Updated the copyright at
1220 the author's request. markus@ OK
1221 - itojun@cvs.openbsd.org 2003/04/08 20:21:29
1223 rename log() into logit() to avoid name conflict. markus ok, from
1225 - (djm) XXX - Performed locally using:
1226 "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
1227 - hin@cvs.openbsd.org 2003/04/09 08:23:52
1229 Don't include <krb.h> when compiling with Kerberos 5 support
1230 - (djm) Fix up missing include for packet.c
1231 - (djm) Fix missed log => logit occurance (reference by function pointer)
1234 - (bal) if IP_TOS is not found or broken don't try to compile in
1235 packet_set_tos() function call. bug #527
1238 - (djm) OpenBSD CVS Sync
1239 - jmc@cvs.openbsd.org 2003/03/28 10:11:43
1240 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
1241 [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
1243 - new sentence new line
1246 - markus@cvs.openbsd.org 2003/04/01 10:10:23
1247 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
1248 [readconf.h serverloop.c sshconnect2.c]
1249 rekeying bugfixes and automatic rekeying:
1250 * both client and server rekey _automatically_
1251 (a) after 2^31 packets, because after 2^32 packets
1252 the sequence number for packets wraps
1253 (b) after 2^(blocksize_in_bits/4) blocks
1254 (see: draft-ietf-secsh-newmodes-00.txt)
1255 (a) and (b) are _enabled_ by default, and only disabled for known
1256 openssh versions, that don't support rekeying properly.
1257 * client option 'RekeyLimit'
1258 * do not reply to requests during rekeying
1259 - markus@cvs.openbsd.org 2003/04/01 10:22:21
1260 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
1261 [readconf.h serverloop.c sshconnect2.c]
1262 backout rekeying changes (for 3.6.1)
1263 - markus@cvs.openbsd.org 2003/04/01 10:31:26
1264 [compat.c compat.h kex.c]
1265 bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
1266 tested by ho@ and myself
1267 - markus@cvs.openbsd.org 2003/04/01 10:56:46
1270 - (djm) Crank spec file versions
1271 - (djm) Release 3.6.1p1
1274 - (djm) OpenBSD CVS Sync
1275 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
1277 one last fix to the tree: race fix broke stuff; pr 3169;
1278 srp@srparish.net, help from djm
1281 - (djm) Fix getpeerid support for 64 bit BE systems. From
1282 Arnd Bergmann <arndb@de.ibm.com>
1285 - (djm) OpenBSD CVS Sync
1286 - markus@cvs.openbsd.org 2003/03/23 19:02:00
1288 unbreak rekeying for privsep; ok millert@
1290 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1291 Report from murple@murple.net, diagnosis from dtucker@zip.com.au