2 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
4 - (djm) OpenBSD CVS updates:
7 teach protocol v2 to count login failures properly and also enable an
8 explanation of why the password prompt comes up again like v1; this is NOT
10 - markus@cvs.openbsd.org
11 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
12 xauth_location support; pr 1234
13 [readconf.c sshconnect2.c]
16 allow use_login only for login sessions, otherwise remote commands are
19 document UseLogin better
23 fix match_hostname() logic for auth-rsa: deny access if we have a
24 negative match or no match at all
25 [channels.c hostfile.c match.c]
26 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
30 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
34 - Configure tweaking for new login code on Irix 5.3
35 - (andre) login code changes based on djm feedback
38 - (andre) New login code
39 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
40 - Add loginrec.[ch], logintest.c and autoconf code
43 - Cleanup of auth.c, login.c and fake-*
44 - Cleanup of auth-pam.c, save and print "account expired" error messages
45 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
46 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
50 - Define atexit for old Solaris
51 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
52 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
53 - OpenBSD CVS updates:
54 - markus@cvs.openbsd.org
56 make x11-fwd work w/ localhost (xauth add host/unix:11)
57 [cipher.c compat.c readconf.c servconf.c]
58 check strtok() != NULL; ok niels@
60 fix key_read() for uuencoded keys w/o '='
62 group ssh1 vs. ssh2 in serverloop
63 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
64 split kexinit/kexdh, factor out common code
65 [readconf.c ssh.1 ssh.c]
66 forwardagent defaults to no, add ssh -A
67 - theo@cvs.openbsd.org
69 just some line shortening
73 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
74 - Don't touch utmp if USE_UTMPX defined
75 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
76 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
77 - HPUX and Configure fixes from Lutz Jaenicke
78 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
79 - Use mkinstalldirs script to make directories instead of non-portable
80 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
84 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
85 - OpenBSD CVS updates:
86 - markus@cvs.openbsd.org
88 copy only ai_addrlen bytes; misiek@pld.org.pl
90 accept an empty shell in authentication; bug reported by
93 we don't have stderr for interactive terminal sessions (fcntl errors)
96 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
97 - Fixes command line printing segfaults (spotter: Bladt Norbert)
98 - Fixes erroneous printing of debug messages to syslog
99 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
100 - Gives useful error message if PRNG initialisation fails
101 - Reduced ssh startup delay
102 - Measures cumulative command time rather than the time between reads
104 - 'fixprogs' perl script to eliminate non-working entropy commands, and
105 optionally run 'ent' to measure command entropy
106 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
107 - Avoid WCOREDUMP complation errors for systems that lack it
108 - Avoid SIGCHLD warnings from entropy commands
109 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
110 - OpenBSD CVS update:
111 - markus@cvs.openbsd.org
115 draft-ietf-secsh-architecture-05.txt
117 document ssh -T -N (ssh2 only)
118 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
119 enable nonblocking IO for sshd w/ proto 1, too; split out common code
122 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
123 - INSTALL typo and URL fix
126 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
127 <ksakai@kso.netwk.ntt-at.co.jp>
128 - RSAless operation patch from kevin_oconnor@standardandpoors.com
129 - Detect OpenSSL seperatly from RSA
130 - Better test for RSA (more compatible with RSAref). Based on work by
131 Ed Eden <ede370@stl.rural.usda.gov>
134 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
138 - Fix for prng_seed permissions checking from Lutz Jaenicke
139 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
140 - "make host-key" fix for Irix
144 - markus@cvs.openbsd.org
145 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
146 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
147 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
148 - hugh@cvs.openbsd.org
152 - One last nit fix. (markus approved)
154 - some markus certified spelling adjustments
155 - markus@cvs.openbsd.org
156 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
158 - bug compat w/ ssh-2.0.13 x11, split out bugs
160 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
162 - handle escapes in real and original key format, ok millert@
165 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
167 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
168 by Andre Lucas <andre.lucas@dial.pipex.com>
171 - Makefile and RPM spec fixes
172 - Generate DSA host keys during "make key" or RPM installs
174 - markus@cvs.openbsd.org
175 [clientloop.c sshconnect2.c]
176 - make x11-fwd interop w/ ssh-2.0.13
178 - interop w/ SecureFX
181 - Configure caching and cleanup patch from Andre Lucas'
182 <andre.lucas@dial.pipex.com>
185 - Remove references to SSLeay.
186 - Big OpenBSD CVS update
187 - markus@cvs.openbsd.org
191 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
193 - update proctitle for proto 1, too
194 [channels.h nchan.c serverloop.c session.c sshd.c]
195 - use c-style comments
196 - deraadt@cvs.openbsd.org
199 - markus@cvs.openbsd.org
204 [readconf.c ssh-keygen.c ssh.h]
205 - default DSA key file ~/.ssh/id_dsa
207 - typo, rm verbose debug
208 - deraadt@cvs.openbsd.org
210 - document DSA use of ssh-keygen
212 - a start at describing what i understand of the DSA side
217 - markus@cvs.openbsd.org
219 - there is no rhosts_dsa
221 - document -y, update -X,-x
223 - fix close for non-open ssh1 channels
224 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
225 - s/DsaKey/HostDSAKey/, document option
227 - respect number_of_password_prompts
228 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
229 - GatewayPorts for sshd, ok deraadt@
230 [ssh-add.1 ssh-agent.1 ssh.1]
231 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
233 - more info on proto 2
235 - sync AUTHOR w/ ssh.1
236 [key.c key.h sshconnect.c]
237 - print key type when talking about host keys
239 - clear padding in ssh2
240 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
241 - replace broken uuencode w/ libc b64_ntop
243 - log failure before sending the reply
244 [key.c radix.c uuencode.c]
245 - remote trailing comments before calling __b64_pton
246 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
247 [sshconnect2.c sshd.8]
248 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
249 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
254 - init all fds, close all fds.
256 - check whether file exists before asking for passphrase
257 [servconf.c servconf.h sshd.8 sshd.c]
264 - unlink pid file, ok niels@
266 - Add missing #ifdefs; ok - markus
267 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
268 gathering commands from a text file
274 - send debug messages in SSH2 format
276 - fix very rare EAGAIN/EINTR issues; based on work by djm
278 - less debug, rm unused
280 - disable kerb,s/key in ssh2
282 - Minor tweaks and typo fixes.
284 - Put -d into usage and reorder. markus ok.
285 - Include missing headers for OpenSSL tests. Fix from Phil Karn
287 - Fixed __progname symbol collisions reported by Andre Lucas
288 <andre.lucas@dial.pipex.com>
289 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
291 - Add some missing ifdefs to auth2.c
292 - Deprecate perl-tk askpass.
293 - Irix portability fixes - don't include netinet headers more than once
294 - Make sure we don't save PRNG seed more than once
297 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
298 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
300 - Adds timeout to entropy collection
301 - Disables slow entropy sources
302 - Load and save seed file
303 - Changed entropy seed code to user per-user seeds only (server seed is
304 saved in root's .ssh directory)
305 - Use atexit() and fatal cleanups to save seed on exit
306 - More OpenBSD updates:
308 - don't call chan_write_failed() if we are not writing
309 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
310 - keysize warnings error() -> log()
313 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
315 - interop w/ F-secure windows client
317 - ssh_host_dsa_key not ssh_dsa_key
320 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
321 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
322 [sshd.c uuencode.c uuencode.h authfile.h]
323 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
324 for trading keys with the real and the original SSH, directly from the
325 people who invented the SSH protocol.
326 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
327 [sshconnect1.c sshconnect2.c]
328 - split auth/sshconnect in one file per protocol version
335 [ssh-keygen.1 ssh-keygen.c]
336 - add -R flag: exit code indicates if RSA is alive
339 silent if -Q is specified
341 - host key becomes /etc/ssh_host_dsa_key
342 [readconf.c servconf.c ]
343 - ssh/sshd default to proto 1 and 2
346 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
348 [auth2.c serverloop.c session.c]
349 - cleanup logging for sshd/2, respect PasswordAuth no
351 - less debug, respect .ssh/config
352 [README.openssh2 channels.c channels.h]
353 - clientloop.c session.c ssh.c
354 - support for x11-fwding, client+server
357 - Merge fix from OpenBSD CVS
359 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
360 via Debian bug #59926
361 - Define __progname in session.c if libc doesn't
362 - Remove indentation on autoconf #include statements to avoid bug in
363 DEC Tru64 compiler. Report and fix from David Del Piero
364 <David.DelPiero@qed.qld.gov.au>
367 - Make fixpaths work with perl4, patch from Andre Lucas
368 <andre.lucas@dial.pipex.com>
369 - Sync with OpenBSD CVS:
370 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
373 - remove bogus chan_read_failed. this could cause data
374 corruption (missing data) at end of a SSH2 session.
375 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
376 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
377 - Use vhangup to clean up Linux ttys
378 - Force posix getopt processing on GNU libc systems
379 - Debian bug #55910 - remove references to ssl(8) manpages
380 - Debian bug #58031 - ssh_config lies about default cipher
383 - OpenBSD CVS updates
385 - fix pr 1196, listen_port and port_to_connect interchanged
387 - after completion, replace the progress bar ETA counter with a final
388 elapsed time; my idea, aaron wrote the patch
389 [ssh_config sshd_config]
390 - show 'Protocol' as an example, ok markus@
393 - Add missing header to bsd-misc.c
396 - Reduce diff against OpenBSD source
397 - All OpenSSL includes are now unconditionally referenced as
399 - Pick up formatting changes
400 - Other minor changed (typecasts, etc) that I missed
403 - OpenBSD CVS updates.
406 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
407 [session.c sshconnect.c]
408 - check payload for (illegal) extra data
413 - INSTALL doc updates
414 - Merged OpenBSD updates to include paths.
417 - OpenBSD CVS updates:
421 fix passwd prompt for ssh2, less debugging output.
422 - [clientloop.c compat.c dsa.c kex.c sshd.c]
423 less debugging output
424 - [kex.c kex.h sshconnect.c sshd.c]
425 check for reasonable public DH values
426 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
427 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
428 add Cipher and Protocol options to ssh/sshd, e.g.:
429 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
432 print 1.99 only if server supports both
435 - Avoid some compiler warnings in fake-get*.c
436 - Add IPTOS macros for systems which lack them
437 - Only set define entropy collection macros if they are found
438 - More large OpenBSD CVS updates:
439 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
440 [session.h ssh.h sshd.c README.openssh2]
441 ssh2 server side, see README.openssh2; enable with 'sshd -2'
443 no adjust after close
445 interop w/ latest ssh.com windows client.
448 - OpenBSD CVS update:
451 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
452 ssh2 client implementation, interops w/ ssh.com and lsh servers.
455 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
456 remove unused argument, split cipher_mask()
458 re-order: group ssh1 vs. ssh2
459 - Make Redhat spec require openssl >= 0.9.5a
462 - Add tests for RAND_add function when searching for OpenSSL
463 - OpenBSD CVS update:
464 - [packet.h packet.c]
466 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
467 [channels.h channels.c]
468 channel layer support for ssh2
469 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
470 DSA, keyexchange, algorithm agreement for ssh2
471 - Generate manpages before make install not at the end of make all
472 - Don't seed the rng quite so often
473 - Always reseed rng when requested
476 - Wrote entropy collection routines for systems that lack /dev/random
478 - Disable tests and typedefs for 64 bit types. They are currently unused.
481 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
482 - [auth.c session.c sshd.c auth.h]
483 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
484 - [bufaux.c bufaux.h]
486 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
487 [readconf.c ssh.c ssh.h serverloop.c]
488 replace big switch() with function tables (prepare for ssh2)
490 ssh2 message type codes
492 reorder Xr to avoid cutting
494 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
498 - [cipher.c cipher.h]
502 - [dispatch.c dispatch.h]
503 function tables for different message types
505 do not log() if debuggin to stderr
506 rename a cpp symbol, to avoid param.h collision
513 - Better tests for OpenSSL w/ RSAref
514 - Added replacement setenv() function from OpenBSD libc. Suggested by
515 Ben Lindstrom <mouring@pconline.com>
519 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
520 [match.h ssh.c ssh.h sshconnect.c sshd.c]
521 initial support for DSA keys. ok deraadt@, niels@
522 - [cipher.c cipher.h]
523 remove unused cipher_attack_detected code
524 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
525 Fix some formatting problems I missed before.
527 fix spelling errors, From: FreeBSD
529 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
535 - Clarified --with-default-path option.
536 - Added -blibpath handling for AIX to work around stupid runtime linking.
537 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
539 - Checks for 64 bit int types. Problem report from Mats Fredholm
541 - OpenBSD CVS updates:
542 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
543 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
545 pedantic: signed vs. unsigned, void*-arithm, etc
547 Various cleanups and standardizations.
548 - Runtime error fix for HPUX from Otmar Stahl
549 <O.Stahl@lsw.uni-heidelberg.de>
552 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
553 Hesprich <dghespri@sprintparanet.com>
554 - Propogate LD through to Makefile
556 - Added blurb about "scp: command not found" errors to UPGRADING
559 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
560 problems with gcc/Solaris.
561 - Don't free argument to putenv() after use (in setenv() replacement).
562 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
563 - Created contrib/ subdirectory. Included helpers from Phil Hands'
564 Debian package, README file and chroot patch from Ricardo Cerqueira
566 - Moved gnome-ssh-askpass.c to contrib directory and removed config
568 - Slight cleanup to doc files
569 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
572 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
573 peter@frontierflying.com
574 - Include /usr/local/include and /usr/local/lib for systems that don't
576 - -R/usr/local/lib for Solaris
577 - Fix RSAref detection
578 - Fix IN6_IS_ADDR_V4MAPPED macro
584 - disallow guessing of root password
585 - More configure fixes
586 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
589 - OpenBSD CVS updates to v1.2.3
591 - int atomicio -> ssize_t (for alpha). ok deraadt@
593 - delay MD5 computation until client sends response, free() early, cleanup.
595 - void* -> unsigned char*, ok niels@
597 - remove unused variable 'len'. fix comments.
598 - remove unused variable
599 [log-client.c log-server.c]
600 - rename a cpp symbol, to avoid param.h collision
603 - getsockname() requires initialized tolen; andy@guildsoftware.com
604 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
605 from Holger.Trapp@Informatik.TU-Chemnitz.DE
607 - register cleanup for pty earlier. move code for pty-owner handling to
608 pty.c ok provos@, dugsong@
610 - turn off x11-fwd for the client, too.
614 - allow '.' in usernames; from jedgar@fxp.org
616 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
617 - sync with sshd_config
619 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
621 - Change invalid 'CHAT' loglevel to 'VERBOSE'
623 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
624 - turn off x11-fwd for the client, too.
627 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
628 - read error vs. "Connection closed by remote host"
631 - do not link to a commercial page..
632 - sync with sshd_config
634 - no need for poll.h; from bright@wintelcom.net
635 - log with level log() not fatal() if peer behaves badly.
636 - don't panic if client behaves strange. ok deraadt@
637 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
638 - delay close() of pty until the pty has been chowned back to root
639 - oops, fix comment, too.
641 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
642 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
643 - register cleanup for pty earlier. move code for pty-owner handling to
644 pty.c ok provos@, dugsong@
645 - create x11 cookie file
646 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
649 - Removed warning workaround for Linux and devpts filesystems (no longer
650 required after OpenBSD updates)
653 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
659 - Fix DEC compile fix
660 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
661 - Check for getpagesize in libucb.a if not found in libc. Fix for old
662 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
663 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
664 Mate Wierdl <mw@moni.msci.memphis.edu>
667 - Added "make host-key" target, Suggestion from Dominik Brettnacher
669 - Don't permanently fail on bind() if getaddrinfo has more choices left for
670 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
671 Miskiewicz <misiek@pld.org.pl>
672 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
673 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
676 - Big cleanup of autoconf code
677 - Rearranged to be a little more logical
678 - Added -R option for Solaris
679 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
680 to detect library and header location _and_ ensure library has proper
681 RSA support built in (this is a problem with OpenSSL 0.9.5).
682 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
683 - Avoid warning message with Unix98 ptys
684 - Warning was valid - possible race condition on PTYs. Avoided using
685 platform-specific code.
686 - Document some common problems
687 - Allow root access to any key. Patch from
688 markus.friedl@informatik.uni-erlangen.de
691 - Removed SOCKS code. Will support through a ProxyCommand.
694 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
695 - Add --with-ssl-dir option
698 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
700 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
701 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
702 <haruyama@nt.phys.s.u-tokyo.ac.jp>
705 - Use socket pairs by default (instead of pipes). Prevents race condition
706 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
709 - Seed OpenSSL's random number generator before generating RSA keypairs
710 - Split random collector into seperate file
711 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
714 - Released 1.2.2 stable
716 - NeXT keeps it lastlog in /usr/adm. Report from
717 mouring@newton.pconline.com
718 - Added note in UPGRADING re interop with commercial SSH using idea.
719 Report from Jim Knoble <jmknoble@pobox.com>
720 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
721 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
724 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
725 <andre.lucas@dial.pipex.com>
726 - Reorder PAM initialisation so it does not mess up lastlog. Reported
727 by Andre Lucas <andre.lucas@dial.pipex.com>
728 - Use preformatted manpages on SCO, report from Gary E. Miller
730 - New URL for x11-ssh-askpass.
731 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
733 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
734 Jim Knoble <jmknoble@pobox.com>
735 - Updated RPM spec files to use DESTDIR
738 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
744 getsockname() requires initialized tolen; andy@guildsoftware.com
745 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
746 <drankin@bohemians.lexington.ky.us>
747 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
750 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
752 - Merge preformatted manpage patch from Andre Lucas
753 <andre.lucas@dial.pipex.com>
754 - Make IPv4 use the default in RPM packages
755 - Irix uses preformatted manpages
756 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
757 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
758 - OpenBSD CVS updates:
760 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
761 from Holger.Trapp@Informatik.TU-Chemnitz.DE
763 log with level log() not fatal() if peer behaves badly.
765 instead of blocking SIGINT, catch it ourselves, so that we can clean
766 the tty modes up and kill ourselves -- instead of our process group
767 leader (scp, cvs, ...) going away and leaving us in noecho mode.
768 people with cbreak shells never even noticed..
769 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
773 - Don't use getaddrinfo on AIX
774 - Update to latest OpenBSD CVS:
776 - fix user/1056, sshd keeps restrictions; dbt@meat.net
778 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
779 - destroy keys earlier
780 - split key exchange (kex) and user authentication (user-auth),
783 - no need for poll.h; from bright@wintelcom.net
784 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
785 - split key exchange (kex) and user authentication (user-auth),
787 - Big manpage and config file cleanup from Andre Lucas
788 <andre.lucas@dial.pipex.com>
789 - Re-added latest (unmodified) OpenBSD manpages
791 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
792 Christos Zoulas <christos@netbsd.org>
795 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
796 - Compile fix from Darren_Hall@progressive.com
797 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
798 addresses using getaddrinfo(). Added a configure switch to make the
799 default lookup mode AF_INET
802 - Fixed --with-pid-dir option
803 - Makefile fix from Gary E. Miller <gem@rellim.com>
804 - Compile fix for HPUX and Solaris from Andre Lucas
805 <andre.lucas@dial.pipex.com>
808 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
809 port, ignore EINVAL errors (Linux) when searching for free port.
810 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
811 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
812 - Document location of Redhat PAM file in INSTALL.
813 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
814 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
815 deliver (no IPv6 kernel support)
816 - Released 1.2.1pre27
818 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
819 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
820 <jhuuskon@hytti.uku.fi>
821 - Fix hang on logout if processes are still using the pty. Needs
823 - Patch from Christos Zoulas <christos@zoulas.com>
824 - Try $prefix first when looking for OpenSSL.
825 - Include sys/types.h when including sys/socket.h in test programs
826 - Substitute PID directory in sshd.8. Suggestion from Andrew
827 Stribblehill <a.d.stribblehill@durham.ac.uk>
830 - Renamed --with-xauth-path to --with-xauth
831 - Added --with-pid-dir option
832 - Released 1.2.1pre26
834 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
835 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
836 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
839 - Add --with-xauth-path configure directive and explicit test for
840 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
841 Nordby <anders@fix.no>
842 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
843 openpty. Report from John Seifarth <john@waw.be>
844 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
845 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
847 - Use __snprintf and __vnsprintf if they are found where snprintf and
848 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
852 - Merged OpenBSD IPv6 patch:
853 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
854 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
855 [hostfile.c sshd_config]
856 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
857 features: sshd allows multiple ListenAddress and Port options. note
858 that libwrap is not IPv6-ready. (based on patches from
859 fujiwara@rcac.tdi.co.jp)
861 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
864 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
866 allow auth-kerberos for IPv4 only
867 - [scp.1 sshd.8 servconf.h scp.c]
868 document -4, -6, and 'ssh -L 2022/::1/22'
870 'ssh @host' is illegal (null user name), from
871 karsten@gedankenpolizei.de
875 allow auth-kerberos for IPv4 only
877 - Cleanup overrun in sockaddr copying on RHL 6.1
878 - Replacements for getaddrinfo, getnameinfo, etc based on versions
879 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
880 - Replacement for missing structures on systems that lack IPv6
881 - record_login needed to know about AF_INET6 addresses
882 - Borrowed more code from OpenBSD: rresvport_af and requisites
885 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
888 - New config.sub and config.guess to fix problems on SCO. Supplied
889 by Gary E. Miller <gem@rellim.com>
890 - SCO build fix from Gary E. Miller <gem@rellim.com>
891 - Released 1.2.1pre25
894 - Documentation update & cleanup
895 - Better KrbIV / AFS detection, based on patch from:
896 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
899 - Fixed annoying DES corruption problem. libcrypt has been
900 overriding symbols in libcrypto. Removed libcrypt and crypt.h
901 altogether (libcrypto includes its own crypt(1) replacement)
902 - Added platform-specific rules for Irix 6.x. Included warning that
906 - Add explicit make rules for files proccessed by fixpaths.
907 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
909 - Removed "nullok" directive from default PAM configuration files.
910 Added information on enabling EmptyPasswords on openssh+PAM in
912 - OpenBSD CVS updates
914 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
917 compare correct version for 1.3 compat mode
920 - Prevent multiple inclusion of config.h and defines.h. Suggested
921 by Andre Lucas <andre.lucas@dial.pipex.com>
922 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
926 - Fix password support on systems with a mixture of shadowed and
927 non-shadowed passwords (e.g. NIS). Report and fix from
928 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
929 - Fix broken autoconf typedef detection. Report from Marc G.
930 Fournier <marc.fournier@acadiau.ca>
931 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
932 <Franz.Sirl-kernel@lauterbach.com>
933 - Prevent typedefs from being compiled more than once. Report from
934 Marc G. Fournier <marc.fournier@acadiau.ca>
935 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
937 - Really fix broken default path. Fix from Jim Knoble
939 - Remove test for quad_t. No longer needed.
940 - Released 1.2.1pre24
942 - Added support for directory-based lastlogs
943 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
946 - OpenBSD CVS updates:
949 - Removed most of the pam code into its own file auth-pam.[ch]. This
950 cleaned up sshd.c up significantly.
951 - PAM authentication was incorrectly interpreting
952 "PermitRootLogin without-password". Report from Matthias Andree
953 <ma@dt.e-technik.uni-dortmund.de
954 - Several other cleanups
955 - Merged Dante SOCKS support patch from David Rankin
956 <drankin@bohemians.lexington.ky.us>
957 - Updated documentation with ./configure options
958 - Released 1.2.1pre23
961 - Applied another NetBSD portability patch from David Rankin
962 <drankin@bohemians.lexington.ky.us>
963 - Fix --with-default-path option.
964 - Autodetect perl, patch from David Rankin
965 <drankin@bohemians.lexington.ky.us>
966 - Print whether OpenSSH was compiled with RSARef, patch from
967 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
968 - Calls to pam_setcred, patch from Nalin Dahyabhai
969 <nalin@thermo.stat.ncsu.edu>
970 - Detect missing size_t and typedef it.
971 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
972 - Minor Makefile cleaning
975 - Replacement for getpagesize() for systems which lack it
976 - NetBSD login.c compile fix from David Rankin
977 <drankin@bohemians.lexington.ky.us>
978 - Fully set ut_tv if present in utmp or utmpx
979 - Portability fixes for Irix 5.3 (now compiles OK!)
980 - autoconf and other misc cleanups
981 - Merged AIX patch from Darren Hall <dhall@virage.org>
982 - Cleaned up defines.h
983 - Released 1.2.1pre22
986 - Automatically correct paths in manpages and configuration files. Patch
987 and script from Andre Lucas <andre.lucas@dial.pipex.com>
988 - Removed credits from README to CREDITS file, updated.
989 - Added --with-default-path to specify custom path for server
990 - Removed #ifdef trickery from acconfig.h into defines.h
991 - PAM bugfix. PermitEmptyPassword was being ignored.
992 - Fixed PAM config files to allow empty passwords if server does.
993 - Explained spurious PAM auth warning workaround in UPGRADING
994 - Use last few chars of tty line as ut_id
995 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
996 - OpenBSD CVS updates:
997 - [packet.h auth-rhosts.c]
998 check format string for packet_disconnect and packet_send_debug, too
1000 use packet_get_maxsize for channels. consistence.
1003 - Enabled utmpx support by default for Solaris
1004 - Cleanup sshd.c PAM a little more
1005 - Revised RPM package to include Jim Knoble's <jmknoble@pobox.com>
1006 X11 ssh-askpass program.
1007 - Disable logging of PAM success and failures, PAM is verbose enough.
1008 Unfortunatly there is currently no way to disable auth failure
1009 messages. Mention this in UPGRADING file and sent message to PAM
1011 - OpenBSD CVS update:
1012 - [ssh-keygen.1 ssh.1]
1013 remove ref to .ssh/random_seed, mention .ssh/environment in
1015 - Released 1.2.1pre21
1016 - Fixed implicit '.' in default path, report from Jim Knoble
1017 <jmknoble@pobox.com>
1018 - Redhat RPM spec fixes from Jim Knoble <jmknoble@pobox.com>
1021 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
1022 - Cleanup of auth-passwd.c for shadow and MD5 passwords
1023 - Cleanup and bugfix of PAM authentication code
1024 - Released 1.2.1pre20
1026 - Merged fixes from Ben Taylor <bent@clark.net>
1027 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
1028 - Disabled logging of PAM password authentication failures when password
1029 is empty. (e.g start of authentication loop). Reported by Naz
1030 <96na@eng.cam.ac.uk>)
1033 - Merged later HPUX patch from Andre Lucas
1034 <andre.lucas@dial.pipex.com>
1035 - Above patch included better utmpx support from Ben Taylor
1039 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
1041 - Fix login.c breakage on systems which lack ut_host in struct
1042 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
1045 - Integration of large HPUX patch from Andre Lucas
1046 <andre.lucas@dial.pipex.com>. Integrating it had a few other
1048 - Ability to disable shadow passwords at configure time
1049 - Ability to disable lastlog support at configure time
1050 - Support for IP address in $DISPLAY
1051 - OpenBSD CVS update:
1053 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
1054 - Fix DISABLE_SHADOW support
1055 - Allow MD5 passwords even if shadow passwords are disabled
1056 - Release 1.2.1pre19
1059 - Redhat init script patch from Chun-Chung Chen
1060 <cjj@u.washington.edu>
1061 - Avoid breakage on systems without IPv6 headers
1064 - Makefile changes for Solaris from Peter Kocks
1065 <peter.kocks@baygate.com>
1066 - Minor updates to docs
1067 - Merged OpenBSD CVS changes:
1068 - [authfd.c ssh-agent.c]
1069 keysize warnings talk about identity files
1071 "Connection closed by x.x.x.x": fatal() -> log()
1072 - Correctly handle empty passwords in shadow file. Patch from:
1073 "Chris, the Young One" <cky@pobox.com>
1074 - Released 1.2.1pre18
1077 - Integrated patchs from Juergen Keil <jk@tools.de>
1078 - Avoid void* pointer arithmatic
1079 - Use LDFLAGS correctly
1080 - Fix SIGIO error in scp
1081 - Simplify status line printing in scp
1082 - Added better test for inline functions compiler support from
1083 Darren_Hall@progressive.com
1086 - OpenBSD CVS Changes
1088 fix get_remote_port() and friends for sshd -i;
1089 Holger.Trapp@Informatik.TU-Chemnitz.DE
1091 make code simpler. no need for memcpy. niels@ ok
1093 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
1096 typo; mark.baushke@solipsa.com
1097 - [channels.c ssh.c ssh.h sshd.c]
1098 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
1100 move checking of hostkey into own function.
1103 - Clean up broken includes in pty.c
1104 - Some older systems don't have poll.h, they use sys/poll.h instead
1108 - Fix compilation on systems with AFS. Reported by
1109 aloomis@glue.umd.edu
1110 - Fix installation on Solaris. Reported by
1111 Gordon Rowell <gordonr@gormand.com.au>
1112 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
1113 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
1114 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
1115 - Compile fix from David Agraz <dagraz@jahoopa.com>
1116 - Avoid compiler warning in bsd-snprintf.c
1117 - Added pam_limits.so to default PAM config. Suggested by
1118 Jim Knoble <jmknoble@pobox.com>
1121 - Import of patch from Ben Taylor <bent@clark.net>:
1122 - Improved PAM support
1123 - "uninstall" rule for Makefile
1125 - Should fix PAM problems on Solaris
1126 - OpenBSD CVS updates:
1128 avoid stdio; based on work by markus, millert, and I
1130 make sure the client selects a supported cipher
1132 fix sighup handling. accept would just restart and daemon handled
1133 sighup only after the next connection was accepted. use poll on
1137 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
1138 to fix libwrap support on NetBSD
1142 - Compile fix for Solaris with /dev/ptmx from
1143 David Agraz <dagraz@jahoopa.com>
1146 - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
1147 fixes compatability with 4.x and 5.x
1148 - Fixed default SSH_ASKPASS
1149 - Fix PAM account and session being called multiple times. Problem
1150 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
1151 - Merged more OpenBSD changes:
1152 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
1153 move atomicio into it's own file. wrap all socket write()s which
1154 were doing write(sock, buf, len) != len, with atomicio() calls.
1158 properly name fd variable
1160 display great hatred towards strcpy
1161 - [pty.c pty.h sshd.c]
1162 use openpty() if it exists (it does on BSD4_4)
1164 check for ~ expansion past MAXPATHLEN
1165 - Modified helper.c to use new atomicio function.
1166 - Reformat Makefile a little
1167 - Moved RC4 routines from rc4.[ch] into helper.c
1168 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
1169 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
1170 - Tweaked Redhat spec
1171 - Clean up bad imports of a few files (forgot -kb)
1175 - Small cleanup of PAM code in sshd.c
1176 - Merged OpenBSD CVS changes:
1177 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
1178 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
1180 warn only about mismatch if key is _used_
1181 warn about keysize-mismatch with log() not error()
1182 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
1185 indent, shorter warning
1187 use error() for internal errors
1189 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
1192 - [ssh-add.1 ssh-add.c ssh.h]
1193 document $SSH_ASKPASS, reasonable default
1195 CheckHostIP is not available for connects via proxy command
1198 easier to read client code for passwd and skey auth
1199 turn of checkhostip for proxy connects, since we don't know the remote ip
1202 - Add definition for __P()
1203 - Added [v]snprintf() replacement for systems that lack it
1206 - More reformatting merged from OpenBSD CVS
1207 - Merged OpenBSD CVS changes:
1209 fix packet_integrity_check() for !have_hostname_in_open.
1210 report from mrwizard@psu.edu via djm@ibs.com.au
1212 set SO_REUSEADDR and SO_LINGER for forwarded ports.
1213 chip@valinux.com via damien@ibs.com.au
1215 it's not an error() if shutdown_write failes in nchan.
1217 remove dead #ifdef-0-code
1218 - [readconf.c servconf.c]
1219 strcasecmp instead of tolower
1221 progress meter overflow fix from damien@ibs.com.au
1222 - [ssh-add.1 ssh-add.c]
1225 postpone fork_after_authentication until command execution,
1226 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
1227 plus: use daemon() for backgrounding
1228 - Added BSD compatible install program and autoconf test, thanks to
1229 Niels Kristian Bech Jensen <nkbj@image.dk>
1230 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
1231 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
1235 - Merged very large OpenBSD source code reformat
1236 - OpenBSD CVS updates
1237 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
1238 [ssh.h sshd.8 sshd.c]
1240 * Unified Logmessage for all auth-types, for success and for failed
1241 * Standard connections get only ONE line in the LOG when level==LOG:
1242 Auth-attempts are logged only, if authentication is:
1245 c) we had more than AUTH_FAIL_LOG failues
1246 * many log() became verbose()
1247 * old behaviour with level=VERBOSE
1248 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
1249 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
1250 messages. allows use of s/key in windows (ttssh, securecrt) and
1251 ssh-1.2.27 clients without 'ssh -v', ok: niels@
1253 -V, for fallback to openssh in SSH2 compatibility mode
1255 fix sigchld race; cjc5@po.cwru.edu
1258 - Added SuSE package files from Chris Saia <csaia@wtower.com>
1259 - Restructured package-related files under packages/*
1260 - Added generic PAM config
1261 - Numerous little Solaris fixes
1262 - Add recommendation to use GNU make to INSTALL document
1265 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
1266 - OpenBSD CVS Changes
1268 don't create ~/.ssh only if the user wants to store the private
1269 key there. show fingerprint instead of public-key after
1270 keygeneration. ok niels@
1271 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
1272 - Added timersub() macro
1273 - Tidy RCSIDs of bsd-*.c
1274 - Added autoconf test and macro to deal with old PAM libraries
1275 pam_strerror definition (one arg vs two).
1276 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
1277 - Retry /dev/urandom reads interrupted by signal (report from
1278 Robert Hardy <rhardy@webcon.net>)
1279 - Added a setenv replacement for systems which lack it
1280 - Only display public key comment when presenting ssh-askpass dialog
1283 - Configure, Make and changelog corrections from Tudor Bosman
1284 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
1287 - OpenBSD CVS Changes:
1289 make this compile, bad markus
1290 - [log.c readconf.c servconf.c ssh.h]
1291 bugfix: loglevels are per host in clientconfig,
1292 factor out common log-level parsing code.
1294 remove unused index (-Wall)
1296 only one 'extern char *__progname'
1298 document SIGHUP, -Q to synopsis
1299 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
1300 [channels.c clientloop.c]
1301 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
1302 [hope this time my ISP stays alive during commit]
1303 - [OVERVIEW README] typos; green@freebsd
1305 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
1306 exit if writing the key fails (no infinit loop)
1307 print usage() everytime we get bad options
1308 - [ssh-keygen.c] overflow, djm@mindrot.org
1309 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1312 - Merged more Solaris support from Marc G. Fournier
1313 <marc.fournier@acadiau.ca>
1314 - Wrote autoconf tests for integer bit-types
1315 - Fixed enabling kerberos support
1316 - Fix segfault in ssh-keygen caused by buffer overrun in filename
1320 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
1321 - Merged OpenBSD CVS changes
1322 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
1323 more %d vs. %s in fmt-strings
1325 Integers should not be printed with %s
1326 - EGD uses a socket, not a named pipe. Duh.
1327 - Fix includes in fingerprint.c
1328 - Fix scp progress bar bug again.
1329 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
1330 David Rankin <drankin@bohemians.lexington.ky.us>
1331 - Added autoconf option to enable Kerberos 4 support (untested)
1332 - Added autoconf option to enable AFS support (untested)
1333 - Added autoconf option to enable S/Key support (untested)
1334 - Added autoconf option to enable TCP wrappers support (compiles OK)
1335 - Renamed BSD helper function files to bsd-*
1336 - Added tests for login and daemon and enable OpenBSD replacements for
1337 when they are absent.
1338 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
1341 - Merged OpenBSD CVS changes
1342 - [scp.c] foregroundproc() in scp
1343 - [sshconnect.h] include fingerprint.h
1344 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
1346 - [ssh.1] Spell my name right.
1347 - Added openssh.com info to README
1350 - Merged OpenBSD CVS changes
1351 - [ChangeLog.Ylonen] noone needs this anymore
1352 - [authfd.c] close-on-exec for auth-socket, ok deraadt
1354 in known_hosts key lookup the entry for the bits does not need
1355 to match, all the information is contained in n and e. This
1356 solves the problem with buggy servers announcing the wrong
1357 modulus length. markus and me.
1359 bugfix: check for space if child has terminated, from:
1360 iedowse@maths.tcd.ie
1361 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
1362 [fingerprint.c fingerprint.h]
1363 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
1364 - [ssh-agent.1] typo
1365 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
1367 force logging to stderr while loading private key file
1368 (lost while converting to new log-levels)
1371 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
1372 - Merged OpenBSD CVS changes:
1373 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
1374 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
1375 the keysize of rsa-parameter 'n' is passed implizit,
1376 a few more checks and warnings about 'pretended' keysizes.
1377 - [cipher.c cipher.h packet.c packet.h sshd.c]
1378 remove support for cipher RC4
1380 a note for legay systems about secuity issues with permanently_set_uid(),
1381 the private hostkey and ptrace()
1383 more detailed messages about adding and checking hostkeys
1386 - Merged OpenBSD CVS changes:
1387 - [ssh-add.c] change passphrase loop logic and remove ref to
1389 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
1391 - Revised autoconf support for enabling/disabling askpass support.
1392 - Merged more OpenBSD CVS changes:
1394 - disconnect if getpeername() fails
1395 - missing xfree(*client)
1397 - disconnect if getpeername() fails
1398 - fix comment: we _do_ disconnect if ip-options are set
1400 - disconnect if getpeername() fails
1401 - move checking of remote port to central place
1402 [auth-rhosts.c] move checking of remote port to central place
1403 [log-server.c] avoid extra fd per sshd, from millert@
1404 [readconf.c] print _all_ bad config-options in ssh(1), too
1405 [readconf.h] print _all_ bad config-options in ssh(1), too
1406 [ssh.c] print _all_ bad config-options in ssh(1), too
1407 [sshconnect.c] disconnect if getpeername() fails
1408 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
1409 - Various small cleanups to bring diff (against OpenBSD) size down.
1410 - Merged more Solaris compability from Marc G. Fournier
1411 <marc.fournier@acadiau.ca>
1412 - Wrote autoconf tests for __progname symbol
1413 - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
1416 - Another OpenBSD CVS update:
1417 - [ssh-keygen.1] fix .Xr
1420 - Solaris compilation fixes (still imcomplete)
1423 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1424 - Don't install config files if they already exist
1425 - Fix inclusion of additional preprocessor directives from acconfig.h
1426 - Removed redundant inclusions of config.h
1427 - Added 'Obsoletes' lines to RPM spec file
1428 - Merged OpenBSD CVS changes:
1429 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
1430 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
1431 totalsize, ok niels,aaron
1432 - Delay fork (-f option) in ssh until after port forwarded connections
1433 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
1434 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
1435 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
1436 - Tidied default config file some more
1437 - Revised Redhat initscript to fix bug: sshd (re)start would fail
1438 if executed from inside a ssh login.
1441 - Merged changes from OpenBSD CVS
1442 - [sshd.c] session_key_int may be zero
1443 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
1444 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
1446 - Brought default sshd_config more in line with OpenBSD's
1447 - Grab server in gnome-ssh-askpass (Debian bug #49872)
1450 - Added INSTALL documentation
1451 - Merged yet more changes from OpenBSD CVS
1452 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
1453 [ssh.c ssh.h sshconnect.c sshd.c]
1454 make all access to options via 'extern Options options'
1455 and 'extern ServerOptions options' respectively;
1456 options are no longer passed as arguments:
1457 * make options handling more consistent
1458 * remove #include "readconf.h" from ssh.h
1459 * readconf.h is only included if necessary
1460 - [mpaux.c] clear temp buffer
1461 - [servconf.c] print _all_ bad options found in configfile
1462 - Make ssh-askpass support optional through autoconf
1463 - Fix nasty division-by-zero error in scp.c
1467 - Added (untested) Entropy Gathering Daemon (EGD) support
1468 - Fixed /dev/urandom fd leak (Debian bug #49722)
1469 - Merged OpenBSD CVS changes:
1470 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
1471 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
1472 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
1473 - Fix integer overflow which was messing up scp's progress bar for large
1474 file transfers. Fix submitted to OpenBSD developers. Report and fix
1475 from Kees Cook <cook@cpoint.net>
1476 - Merged more OpenBSD CVS changes:
1477 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
1478 + krb-cleanup cleanup
1479 - [clientloop.c log-client.c log-server.c ]
1480 [readconf.c readconf.h servconf.c servconf.h ]
1481 [ssh.1 ssh.c ssh.h sshd.8]
1482 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
1483 obsoletes QuietMode and FascistLogging in sshd.
1484 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
1485 allow session_key_int != sizeof(session_key)
1486 [this should fix the pre-assert-removal-core-files]
1487 - Updated default config file to use new LogLevel option and to improve
1491 - Merged several minor fixes:
1492 - ssh-agent commandline parsing
1493 - RPM spec file now installs ssh setuid root
1494 - Makefile creates libdir
1495 - Merged beginnings of Solaris compability from Marc G. Fournier
1496 <marc.fournier@acadiau.ca>
1499 - Autodetection of SSL/Crypto library location via autoconf
1500 - Fixed location of ssh-askpass to follow autoconf
1501 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1502 - Autodetection of RSAref library for US users
1504 - Merged OpenBSD CVS changes:
1505 - [rsa.c] bugfix: use correct size for memset()
1506 - [sshconnect.c] warn if announced size of modulus 'n' != real size
1507 - Added GNOME passphrase requestor (use --with-gnome-askpass)
1508 - RPM build now creates subpackages
1512 - Removed debian/ directory. This is now being maintained separately.
1513 - Added symlinks for slogin in RPM spec file
1514 - Fixed permissions on manpages in RPM spec file
1515 - Added references to required libraries in README file
1516 - Removed config.h.in from CVS
1517 - Removed pwdb support (better pluggable auth is provided by glibc)
1518 - Made PAM and requisite libdl optional
1519 - Removed lots of unnecessary checks from autoconf
1520 - Added support and autoconf test for openpty() function (Unix98 pty support)
1521 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
1523 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
1524 - Added ssh-askpass program
1525 - Added ssh-askpass support to ssh-add.c
1526 - Create symlinks for slogin on install
1527 - Fix "distclean" target in makefile
1528 - Added example for ssh-agent to manpage
1529 - Added support for PAM_TEXT_INFO messages
1530 - Disable internal /etc/nologin support if PAM enabled
1531 - Merged latest OpenBSD CVS changes:
1532 - [all] replace assert() with error, fatal or packet_disconnect
1533 - [sshd.c] don't send fail-msg but disconnect if too many authentication
1535 - [sshd.c] remove unused argument. ok dugsong
1537 - [rsa.c] clear buffers used for encryption. ok: niels
1538 - [rsa.c] replace assert() with error, fatal or packet_disconnect
1539 - [auth-krb4.c] remove unused argument. ok dugsong
1540 - Fixed coredump after merge of OpenBSD rsa.c patch
1544 - Merged change from OpenBSD CVS
1545 - One-line cleanup in sshd.c
1548 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
1549 - Merged latest updates for OpenBSD CVS:
1550 - channels.[ch] - remove broken x11 fix and document istate/ostate
1551 - ssh-agent.c - call setsid() regardless of argv[]
1552 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
1553 - Documentation cleanups
1554 - Renamed README -> README.Ylonen
1555 - Renamed README.openssh ->README
1558 - Renamed openssh* back to ssh* at request of Theo de Raadt
1559 - Incorporated latest changes from OpenBSD's CVS
1560 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1561 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
1562 - Make distclean now removed configure script
1563 - Improved PAM logging
1564 - Added some debug() calls for PAM
1565 - Removed redundant subdirectories
1566 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
1568 - Fixed off-by-one error in PAM env patch
1572 - Further PAM enhancements.
1574 - Now uses account and session modules for all logins.
1575 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
1578 - Change binary names to open*
1579 - Fixed autoconf script to detect PAM on RH6.1
1580 - Added tests for libpwdb, and OpenBSD functions to autoconf
1583 - Imported latest OpenBSD CVS code
1584 - Updated README.openssh
1588 - Adapted PAM patch.
1591 - Excised my buggy replacements for strlcpy and mkdtemp
1592 - Imported correct OpenBSD strlcpy and mkdtemp routines.
1593 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
1594 - Picked up correct version number from OpenBSD
1595 - Added sshd.pam PAM configuration file
1596 - Added sshd.init Redhat init script
1597 - Added openssh.spec RPM spec file
1601 - Fixed include paths of OpenSSL functions
1602 - Use OpenSSL MD5 routines
1603 - Imported RC4 code from nanocrypt
1604 - Wrote replacements for OpenBSD arc4random* functions
1605 - Wrote replacements for strlcpy and mkdtemp