2 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
3 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
4 openbsd-compat/Makefile.in] support compression on platforms that
5 have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
6 Based on patch from nalin@redhat.com of code extracted from Owl's package
9 - (tim) [Makefile.in] quiet down install-files: and check-user:
10 - (tim) [configure.ac] remove unused filepriv line
13 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
14 on /var/empty to 755 Patch by vinschen@redhat.com
15 - (bal) OpenBSD CVS Sync
16 - itojun@cvs.openbsd.org 2002/07/09 11:56:50
18 silently try next address on connect(2). markus ok
19 - itojun@cvs.openbsd.org 2002/07/09 11:56:27
21 suppress log on reverse lookup failiure, as there's no real value in
24 - itojun@cvs.openbsd.org 2002/07/09 12:04:02
26 ed static function (less warnings)
27 - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
29 clarify no preference ordering in protocol list; ok markus@
30 - itojun@cvs.openbsd.org 2002/07/10 10:28:15
32 bark if all connection attempt fails.
33 - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
35 use right sizeof in memcpy; markus ok
38 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
39 lacking that concept can share it. Patch by vinschen@redhat.com
42 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
43 work in a jumpstart environment. patch by kbrint@rufus.net
44 - (tim) [Makefile.in] workaround for broken pakadd on some systems.
45 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
49 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
50 - (tim) [acconfig.h configure.ac sshd.c]
51 s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
52 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
53 patch from vinschen@redhat.com
54 - (bal) [realpath.c] Updated with OpenBSD tree.
55 - (bal) OpenBSD CVS Sync
56 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
57 [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
58 patch memory leaks; grendel@zeitbombe.org
59 - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
61 blah blah minor nothing as i read and re-read and re-read...
62 - markus@cvs.openbsd.org 2002/07/04 10:41:47
63 [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
64 don't allocate, copy, and discard if there is not interested in the data;
66 - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
69 - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
71 KNF, realloc fix, and clean usage
72 - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
75 - (bal) Minor KNF on ssh-keyscan.c
78 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
79 Reported by Darren Tucker <dtucker@zip.com.au>
80 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
81 from vinschen@redhat.com
84 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
85 faster data rate) Bug #124
86 - (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
88 - (bal) One too many nulls in ports-aix.c
91 - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
92 - (bal) minor correction to utimes() replacement. Patch by
95 - markus@cvs.openbsd.org 2002/06/27 08:49:44
96 [dh.c ssh-keyscan.c sshconnect.c]
97 more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
98 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
100 improve mm_zalloc check; markus ok
101 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
102 [auth2-none.c monitor.c sftp-client.c]
104 - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
106 use convtime(); ok markus@
107 - millert@cvs.openbsd.org 2002/06/28 01:49:31
109 tree(3) wants an int return value for its compare functions and
110 the difference between two pointers is not an int. Just do the
111 safest thing and store the result in a long and then return 0,
112 -1, or 1 based on that result.
113 - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
116 - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
118 range check -u option at invocation
119 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
121 gidset[2] -> gidset[1]; markus ok
122 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
123 [auth2.c session.c sshd.c]
124 lint asks that we use names that do not overlap
125 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
126 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
127 monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
128 sshconnect2.c sshd.c]
130 - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
133 - markus@cvs.openbsd.org 2002/07/01 19:48:46
135 for compression=yes, we fallback to no-compression if the server does
136 not support compression, vice versa for compression=no. ok mouring@
137 - markus@cvs.openbsd.org 2002/07/03 09:55:38
139 use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
140 in order to avoid a possible Kocher timing attack pointed out by Charles
142 - markus@cvs.openbsd.org 2002/07/03 14:21:05
143 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
144 re-enable ssh-keysign's sbit, but make ssh-keysign read
145 /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
146 globally. based on discussions with deraadt, itojun and sommerfeld;
148 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
149 - (bal) Missed Makefile.in change. keysign needs readconf.o
150 - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
153 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
154 friends consistently. Spotted by Solar Designer <solar@openwall.com>
157 - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style
158 clean up while I'm near it.
161 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
162 options should contain default value. from solar.
163 - (bal) Cygwin uid0 fix by vinschen@redhat.com
164 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise
165 have issues of our fixes not propogating right (ie bcopy instead of
167 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
172 - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
175 - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
177 use ssize_t for recvmsg() and sendmsg() return
178 - markus@cvs.openbsd.org 2002/06/26 14:51:33
180 fix exit code for -X/-x
181 - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
184 - markus@cvs.openbsd.org 2002/06/26 22:27:32
186 bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
189 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
190 - (bal) OpenBSD CVS Sync
191 - markus@cvs.openbsd.org 2002/06/23 21:34:07
194 - markus@cvs.openbsd.org 2002/06/24 13:12:23
196 the socket name contains ssh-agent's ppid; via mpech@ from form@
197 - markus@cvs.openbsd.org 2002/06/24 14:33:27
198 [channels.c channels.h clientloop.c serverloop.c]
199 move channel counter to u_int
200 - markus@cvs.openbsd.org 2002/06/24 14:55:38
201 [authfile.c kex.c ssh-agent.c]
202 cat to (void) when output from buffer_get_X is ignored
203 - itojun@cvs.openbsd.org 2002/06/24 15:49:22
206 - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
207 [sftp-server.c sshpty.c]
208 explicit (u_int) for uid and gid
209 - markus@cvs.openbsd.org 2002/06/25 16:22:42
212 - markus@cvs.openbsd.org 2002/06/25 18:51:04
214 lightweight do_setusercontext after chroot()
215 - (bal) Updated AIX package build. Patch by dtucker@zip.com.au
216 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
217 - (bal) added back in error check for mmap(). I screwed up, Pointed
219 - (tim) [README.privsep] UnixWare tip no longer needed.
220 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
221 but it all damned lies.
222 - (stevesk) [README.privsep] more for sshd pseudo-account.
223 - (tim) [contrib/caldera/openssh.spec] add support for privsep
224 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
225 - (djm) OpenBSD CVS Sync
226 - markus@cvs.openbsd.org 2002/06/26 08:53:12
228 limit size of BNs to 8KB; ok provos/deraadt
229 - markus@cvs.openbsd.org 2002/06/26 08:54:18
231 limit append to 1MB and buffers to 10MB
232 - markus@cvs.openbsd.org 2002/06/26 08:55:02
234 limit # of channels to 10000
235 - markus@cvs.openbsd.org 2002/06/26 08:58:26
237 limit # of env vars to 1000; ok deraadt/djm
238 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
240 be careful in mm_zalloc
241 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
243 disclose less information from environment files; based on input
244 from djm, and dschultz@uclink.Berkeley.EDU
245 - markus@cvs.openbsd.org 2002/06/26 13:55:37
247 make sure # of response matches # of queries, fixes int overflow;
249 - markus@cvs.openbsd.org 2002/06/26 13:56:27
252 - (djm) Require krb5 devel for RPM build w/ KrbV
253 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
255 - (djm) Update spec files for release
256 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
257 - (djm) Release 3.4p1
258 - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in
262 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
263 - (stevesk) [README.privsep] minor updates
264 - (djm) Create privsep directory and warn if privsep user is missing
266 - (bal) Started list of PrivSep issues in TODO
267 - (bal) if mmap() is substandard, don't allow compression on server side.
268 Post 'event' we will add more options.
269 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
270 - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
272 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
273 for Cygwin, Cray, & SCO
277 - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
280 - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
283 - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
284 [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
286 various KNF and %d for unsigned
287 - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
288 [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
290 bunch of u_int vs int stuff
291 - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
294 - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
295 [bufaux.c servconf.c]
296 minor KNF. things the fingers do while you read
297 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
299 some minor KNF and %u
300 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
302 compression_level is u_int
303 - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
306 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
307 [channels.c channels.h session.c session.h]
308 display, screen, row, col, xpixel, ypixel are u_int; markus ok
309 - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
311 packet_get_int() returns unsigned for reason & seqnr
312 - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
317 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
318 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
319 - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
321 - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
324 - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
326 section 5 not 4 for ssh_config
327 - naddy@cvs.openbsd.org 2002/06/22 11:51:39
330 - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
332 add /var/empty in FILES section
333 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
335 check /var/empty owner mode; ok provos@
336 - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
339 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
340 [ssh-agent.1 sshd.8 sshd_config.5]
341 use process ID vs. pid/PID/process identifier
342 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
344 don't call setsid() if debugging or run from inetd; no "Operation not
345 permitted" errors now; ok millert@ markus@
346 - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
348 save auth method before monitor_reset_key_state(); bugzilla bug #284;
352 - (djm) Update README.privsep; spotted by fries@
353 - (djm) Release 3.3p1
354 - (bal) getopt now can be staticly compiled on those platforms missing
355 optreset. Patch by binder@arago.de
359 - djm@cvs.openbsd.org 2002/06/21 05:50:51
361 Don't initialise compression buffers when compression=no in sshd_config;
363 - ID sync for auth-passwd.c
364 - (djm) Warn and disable compression on platforms which can't handle both
365 useprivilegeseparation=yes and compression=yes
366 - (djm) contrib/redhat/openssh.spec hacking:
367 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
368 - Add new {ssh,sshd}_config.5 manpages
369 - Add new ssh-keysign program and remove setuid from ssh client
372 - (bal) Fixed AIX environment handling, use setpcred() instead of existing
373 code. (Bugzilla Bug 261)
374 - (bal) OpenBSD CVS Sync
375 - todd@cvs.openbsd.org 2002/06/14 21:35:00
377 spelling; from Brian Poole <raj@cerias.purdue.edu>
378 - markus@cvs.openbsd.org 2002/06/15 00:01:36
379 [authfd.c authfd.h ssh-add.c ssh-agent.c]
380 break agent key lifetime protocol and allow other contraints for key
382 - markus@cvs.openbsd.org 2002/06/15 00:07:38
383 [authfd.c authfd.h ssh-add.c ssh-agent.c]
385 - markus@cvs.openbsd.org 2002/06/15 01:27:48
386 [authfd.c authfd.h ssh-add.c ssh-agent.c]
387 remove the CONSTRAIN_IDENTITY messages and introduce a new
388 ADD_ID message with contraints instead. contraints can be
389 only added together with the private key.
390 - itojun@cvs.openbsd.org 2002/06/16 21:30:58
392 use TAILQ_xx macro. from lukem@netbsd. markus ok
393 - deraadt@cvs.openbsd.org 2002/06/17 06:05:56
395 make usage like man page
396 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
397 [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
398 authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
399 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
400 ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
402 KNF done automatically while reading....
403 - markus@cvs.openbsd.org 2002/06/19 18:01:00
404 [cipher.c monitor.c monitor_wrap.c packet.c packet.h]
405 make the monitor sync the transfer ssh1 session key;
406 transfer keycontext only for RC4 (this is still depends on EVP
407 implementation details and is broken).
408 - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
410 move configuration file options from ssh.1/sshd.8 to
411 ssh_config.5/sshd_config.5; ok deraadt@ millert@
412 - stevesk@cvs.openbsd.org 2002/06/20 20:00:05
415 - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
416 [ssh_config sshd_config]
417 refer to config file man page
418 - markus@cvs.openbsd.org 2002/06/20 23:05:56
419 [servconf.c servconf.h session.c sshd.c]
420 allow Compression=yes/no in sshd_config
421 - markus@cvs.openbsd.org 2002/06/20 23:37:12
424 - stevesk@cvs.openbsd.org 2002/05/25 20:40:08
426 missed Per Allansson (auth2-chall.c)
427 - (bal) Cygwin special handling of empty passwords wrong. Patch by
429 - (bal) Missed integrating ssh_config.5 and sshd_config.5
430 - (bal) Still more Makefile.in updates for ssh{d}_config.5
433 - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com
436 - (bal) OpenBSD CVS Sync
437 - markus@cvs.openbsd.org 2002/06/11 23:03:54
440 - markus@cvs.openbsd.org 2002/06/12 01:09:52
442 ssh_connect returns 0 on success
443 - (bal) Build noop setgroups() for cygwin to clean up code (For other
444 platforms without the setgroups() requirement, you MUST define
445 SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
446 - (bal) Some platforms don't have ONLCR (Notable Mint)
449 - (bal) ssh-agent.c RCSD fix (|unexpand already done)
450 - (bal) OpenBSD CVS Sync
451 - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
453 update for no setuid root and ssh-keysign; ok deraadt@
454 - itojun@cvs.openbsd.org 2002/06/09 22:17:21
456 pass salen to sockaddr_ntop so that we are happy on linux/solaris
457 - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
458 [auth-rsa.c ssh-rsa.c]
459 display minimum RSA modulus in error(); ok markus@
460 - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
462 merge in stuff from my man page; ok markus@
463 - stevesk@cvs.openbsd.org 2002/06/10 17:36:23
464 [ssh-add.1 ssh-add.c]
465 use convtime() to parse and validate key lifetime. can now
466 use '-t 2h' etc. ok markus@ provos@
467 - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
469 change RhostsRSAAuthentication and RhostsAuthentication default to no
470 since ssh is no longer setuid root by default; ok markus@
471 - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
473 update defaults for RhostsRSAAuthentication and RhostsAuthentication
474 here too (all options commented out with default value).
475 - markus@cvs.openbsd.org 2002/06/10 22:28:41
476 [channels.c channels.h session.c]
477 move creation of agent socket to session.c; no need for uidswapping
479 - markus@cvs.openbsd.org 2002/06/11 04:14:26
480 [ssh.c sshconnect.c sshconnect.h]
481 no longer use uidswap.[ch] from the ssh client
482 run less code with euid==0 if ssh is installed setuid root
483 just switch the euid, don't switch the complete set of groups
484 (this is only needed by sshd). ok provos@
485 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
486 [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
487 pid_t cleanup. Markus need this now to keep hacking.
489 - itojun@cvs.openbsd.org 2002/06/11 08:11:45
491 use "ntop" only after initialized
492 - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
496 - (bal) OpenBSD CVS Sync
497 - markus@cvs.openbsd.org 2002/06/08 05:07:56
500 - markus@cvs.openbsd.org 2002/06/08 05:07:09
502 only accept 20 byte session ids
503 - markus@cvs.openbsd.org 2002/06/08 05:17:01
504 [readconf.c readconf.h ssh.1 ssh.c]
505 deprecate FallBackToRsh and UseRsh; patch from djm@
506 - markus@cvs.openbsd.org 2002/06/08 05:40:01
508 just warn about Deprecated options for now
509 - markus@cvs.openbsd.org 2002/06/08 05:41:18
511 remove FallBackToRsh/UseRsh
512 - markus@cvs.openbsd.org 2002/06/08 12:36:53
515 - markus@cvs.openbsd.org 2002/06/08 12:46:14
517 silently ignore deprecated options, since FallBackToRsh might be passed
518 by remote scp commands.
519 - itojun@cvs.openbsd.org 2002/06/08 21:15:27
521 always use getnameinfo. (diag message only)
522 - markus@cvs.openbsd.org 2002/06/09 04:33:27
525 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
526 sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
530 - (bal) Removed --{enable/disable}-suid-ssh
531 - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au
532 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
533 Bertrand.Velle@apogee-com.fr
536 - (bal) OpenBSD CVS Sync
537 - markus@cvs.openbsd.org 2002/05/15 21:56:38
538 [servconf.c sshd.8 sshd_config]
539 re-enable privsep and disable setuid for post-3.2.2
540 - markus@cvs.openbsd.org 2002/05/16 22:02:50
541 [cipher.c kex.h mac.c]
542 fix warnings (openssl 0.9.7 requires const)
543 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
545 don't limit xauth pathlen on client side and longer print length on
546 server when debug; ok markus@
547 - deraadt@cvs.openbsd.org 2002/05/19 20:54:52
549 extra commas in enum not 100% portable
550 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
552 spelling; abishoff@arc.nasa.gov
553 - markus@cvs.openbsd.org 2002/05/23 19:24:30
554 [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
555 sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
556 add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
557 authentication in protocol v2 (needs to access the hostkeys).
558 - markus@cvs.openbsd.org 2002/05/23 19:39:34
560 add comment about ssh-keysign
561 - markus@cvs.openbsd.org 2002/05/24 08:45:14
563 stat ssh-keysign first, print error if stat fails;
564 some debug->error; fix comment
565 - markus@cvs.openbsd.org 2002/05/25 08:50:39
567 execlp->execl; from stevesk
568 - markus@cvs.openbsd.org 2002/05/25 18:51:07
569 [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
570 auth2-passwd.c auth2-pubkey.c Makefile.in]
571 split auth2.c into one file per method; ok provos@/deraadt@
572 - stevesk@cvs.openbsd.org 2002/05/26 20:35:10
574 sort ChallengeResponseAuthentication; ok markus@
575 - stevesk@cvs.openbsd.org 2002/05/28 16:45:27
577 print strerror(errno) on mmap/munmap error; ok markus@
578 - stevesk@cvs.openbsd.org 2002/05/28 17:28:02
580 format spec change/casts and some KNF; ok markus@
581 - stevesk@cvs.openbsd.org 2002/05/28 21:24:00
583 use correct function name in fatal()
584 - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
587 - markus@cvs.openbsd.org 2002/05/29 11:21:57
589 don't start if privsep is enabled and SSH_PRIVSEP_USER or
590 _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
591 - markus@cvs.openbsd.org 2002/05/30 08:07:31
593 use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
594 our own implementation. allow use of AES hardware via libcrypto,
596 - markus@cvs.openbsd.org 2002/05/31 10:30:33
598 extent ssh-keysign protocol:
599 pass # of socket-fd to ssh-keysign, keysign verfies locally used
600 ip-address using this socket-fd, restricts fake local hostnames
601 to actual local hostnames; ok stevesk@
602 - markus@cvs.openbsd.org 2002/05/31 11:35:15
604 move Authmethod definitons to per-method file.
605 - markus@cvs.openbsd.org 2002/05/31 13:16:48
608 key_verify returns 1 for a correct signature, 0 for an incorrect signature
610 - markus@cvs.openbsd.org 2002/05/31 13:20:50
612 pad received signature with leading zeros, because RSA_verify expects
613 a signature of RSA_size. the drafts says the signature is transmitted
614 unpadded (e.g. putty does not pad), reported by anakin@pobox.com
615 - deraadt@cvs.openbsd.org 2002/06/03 12:04:07
617 compatiblity -> compatibility
618 decriptor -> descriptor
619 authentciated -> authenticated
620 transmition -> transmission
621 - markus@cvs.openbsd.org 2002/06/04 19:42:35
623 only allow enabled authentication methods; ok provos@
624 - markus@cvs.openbsd.org 2002/06/04 19:53:40
626 save the session id (hash) for ssh2 (it will be passed with the
627 initial sign request) and verify that this value is used during
628 authentication; ok provos@
629 - markus@cvs.openbsd.org 2002/06/04 23:02:06
632 - markus@cvs.openbsd.org 2002/06/04 23:05:49
633 [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
634 __FUNCTION__ -> __func__
635 - markus@cvs.openbsd.org 2002/06/05 16:08:07
636 [ssh-agent.1 ssh-agent.c]
637 '-a bind_address' binds the agent to user-specified unix-domain
638 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
639 - markus@cvs.openbsd.org 2002/06/05 16:08:07
640 [ssh-agent.1 ssh-agent.c]
641 '-a bind_address' binds the agent to user-specified unix-domain
642 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
643 - markus@cvs.openbsd.org 2002/06/05 16:48:54
645 copy current request into an extra buffer and just flush this
646 request on errors, ok provos@
647 - markus@cvs.openbsd.org 2002/06/05 19:57:12
648 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
649 ssh-add -x for lock and -X for unlocking the agent.
650 todo: encrypt private keys with locked...
651 - markus@cvs.openbsd.org 2002/06/05 20:56:39
654 - markus@cvs.openbsd.org 2002/06/05 21:55:44
655 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
656 ssh-add -t life, Set lifetime (in seconds) when adding identities;
658 - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
660 no trailing comma in enum; china@thewrittenword.com
661 - markus@cvs.openbsd.org 2002/06/06 17:12:44
663 discard remaining bytes of current request; ok provos@
664 - markus@cvs.openbsd.org 2002/06/06 17:30:11
666 use get_int() macro (hide iqueue)
667 - (bal) Missed msg.[ch] in merge. Required for ssh-keysign.
668 - (bal) Forgot to add msg.c Makefile.in.
669 - (bal) monitor_mm.c typos.
670 - (bal) Refixed auth2.c. It was never fully commited while spliting out
671 authentication to different files.
672 - (bal) ssh-keysign should build and install correctly now. Phase two
673 would be to clean out any dead wood and disable ssh setuid on install.
674 - (bal) Reverse logic, use __func__ first since it's C99
677 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
678 setsockopt from debug to error for now).
681 - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
682 build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
683 last monitor_fdpass.c changes that are no longer needed with new tests.
684 Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
687 - (djm) Fix spelling mistakes, spotted by Solar Designer i
689 - Sync scard/ (not sure when it drifted)
690 - (djm) OpenBSD CVS Sync:
692 Fix typo/thinko. Pass in as to auth_approval(), not NULL.
695 - Crank RPM spec versions
698 - (stevesk) [sshd.c] bug 245; disable setsid() for now
699 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
702 - (tim) [configure.ac] remove extra MD5_MSG="no" line.
705 - (bal) CVS ID fix up on auth-passwd.c
706 - (bal) OpenBSD CVS Sync
707 - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
710 - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
712 move to sshd.sshd instead
713 - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
716 - itojun@cvs.openbsd.org 2002/05/13 02:37:39
717 [auth-skey.c auth2.c]
718 less warnings. skey_{respond,query} are public (in auth.h)
719 - markus@cvs.openbsd.org 2002/05/13 20:44:58
720 [auth-options.c auth.c auth.h]
721 move the packet_send_debug handling from auth-options.c to auth.c;
723 - millert@cvs.openbsd.org 2002/05/13 15:53:19
725 Call setsid() in the child after sshd accepts the connection and forks.
726 This is needed for privsep which calls setlogin() when it changes uids.
727 Without this, there is a race where the login name of an existing
728 connection, as returned by getlogin(), may be changed to the privsep
729 user (sshd). markus@ OK
730 - markus@cvs.openbsd.org 2002/05/13 21:26:49
732 handle debug messages during rhosts-rsa and hostbased authentication;
734 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
735 [kex.c monitor.c monitor_wrap.c sshd.c]
736 'monitor' variable clashes with at least one lame platform (NeXT). i
737 Renamed to 'pmonitor'. provos@
738 - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
739 [servconf.c sshd.8 sshd_config]
740 enable privsep by default; provos ok
741 - millert@cvs.openbsd.org 2002/05/06 23:34:33
743 Kill/adjust r(login|exec)d? references now that those are no longer in
745 - markus@cvs.openbsd.org 2002/05/15 21:02:53
746 [servconf.c sshd.8 sshd_config]
747 disable privsep and enable setuid for the 3.2.2 release
748 - (bal) Fixed up PAM case. I think.
749 - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
750 - (bal) OpenBSD CVS Sync
751 - markus@cvs.openbsd.org 2002/05/15 21:05:29
754 - (bal) Caldara, Suse, and Redhat openssh.specs updated.
757 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
758 - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
759 match what newer style ptys have when allocated. Based on a patch by
760 Roger Cornelius <rac@tenzing.org>
761 - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
762 - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
763 from PAM-enabled pragraph. UnixWare has no PAM.
764 - (tim) [contrib/caldera/openssh.spec] update version.
767 - (stevesk) add initial README.privsep
768 - (stevesk) [configure.ac] nicer message: --with-privsep-user=user
769 - (djm) Add --with-superuser-path=xxx configure option to specify
770 what $PATH the superuser receives.
771 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
772 - (djm) Add --with-privsep-path configure option
773 - (djm) Update RPM spec file: different superuser path, use
774 /var/empty/sshd for privsep
775 - (djm) Bug #234: missing readpassphrase declaration and defines
776 - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
780 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
781 Now only searches system and /usr/local/ssl (OpenSSL's default install path)
782 Others must use --with-ssl-dir=....
783 - (tim) [monitor_fdpass.c] fix for systems that have both
784 HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
785 has #define msg_accrights msg_control
788 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
789 check for root forced expire. Still don't check for inactive.
790 - (djm) Rework RedHat RPM files. Based on spec from Nalin
791 Dahyabhai <nalin@redhat.com> and patches from
792 Pekka Savola <pekkas@netcore.fi>
793 - (djm) Try to drop supplemental groups at daemon startup. Patch from
795 - (bal) Back all the way out of auth-passwd.c changes. Breaks too many
796 things that don't set pw->pw_passwd.
799 - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
802 - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
803 called. Report by Chris Maxwell <maxwell@cs.dal.ca>
804 - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
805 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
808 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
809 Add truncate() emulation to address Bug 208
812 - (djm) Unbreak auth-passwd.c for PAM and SIA
813 - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
815 - (djm) Don't reinitialise PAM credentials before we have started PAM.
816 Report from Pekka Savola <pekkas@netcore.fi>
819 - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
822 - (djm) Import OpenBSD regression tests. Requires BSD make to run
823 - (djm) Fix readpassphase compilation for systems which have it
826 - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
828 - (tim) [contrib/cygwin/README] remove reference to regex.
829 patch from Corinna Vinschen <vinschen@redhat.com>
832 - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
834 - (djm) Disable PAM password expiry until a complete fix for bug #188
836 - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
837 patch from openssh@misc.tecq.org
840 - (stevesk) [defines.h] remove USE_TIMEVAL; unused
841 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
842 support. bug #184. most from dcole@keysoftsys.com.
845 - (djm) OpenBSD CVS Sync
846 - markus@cvs.openbsd.org 2002/04/23 12:54:10
849 - djm@cvs.openbsd.org 2002/04/23 22:16:29
851 Improve error message; ok markus@ stevesk@
854 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
855 - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
856 - (markus) OpenBSD CVS Sync
857 - markus@cvs.openbsd.org 2002/04/23 12:58:26
859 send complete ticket; semerad@ss1000.ms.mff.cuni.cz
860 - (djm) Trim ChangeLog to include only post-3.1 changes
861 - (djm) Update RPM spec file versions
862 - (djm) Redhat spec enables KrbV by default
863 - (djm) Applied OpenSC smartcard updates from Markus &
864 Antti Tapaninen <aet@cc.hut.fi>
865 - (djm) Define BROKEN_REALPATH for AIX, patch from
866 Antti Tapaninen <aet@cc.hut.fi>
867 - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
868 Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
869 <phgrau@zedat.fu-berlin.de>
870 - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
871 Reported by Doug Manton <dmanton@emea.att.com>
872 - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
873 Robert Urban <urban@spielwiese.de>
874 - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
875 sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
876 <Matthew_Clarke@mindlink.bc.ca>
877 - (djm) Make privsep work with PAM (still experimental)
878 - (djm) OpenBSD CVS Sync
879 - deraadt@cvs.openbsd.org 2002/04/20 09:02:03
881 No, afs requires explicit enabling
882 - markus@cvs.openbsd.org 2002/04/20 09:14:58
884 add buffer_{get,put}_short
885 - markus@cvs.openbsd.org 2002/04/20 09:17:19
887 rewrite using the buffer_* API, fixes overflow; ok deraadt@
888 - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
890 document default AFSTokenPassing no; ok deraadt@
891 - stevesk@cvs.openbsd.org 2002/04/21 16:25:06
893 spelling in error message; ok markus@
894 - markus@cvs.openbsd.org 2002/04/22 06:15:47
896 fix check for overflow
897 - markus@cvs.openbsd.org 2002/04/22 16:16:53
898 [servconf.c sshd.8 sshd_config]
899 do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
900 - markus@cvs.openbsd.org 2002/04/22 21:04:52
901 [channels.c clientloop.c clientloop.h ssh.c]
902 request reply (success/failure) for -R style fwd in protocol v2,
903 depends on ordered replies.
904 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
907 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
908 entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
909 succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
912 - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
913 Sturle Sunde <sturle.sunde@usit.uio.no>
916 - (djm) Tell users to configure /dev/random support into OpenSSL in
918 - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
919 - (tim) [configure.ac] Issue warning on --with-default-path=/some_path
920 if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
923 - (djm) Unbreak "make install". Fix from Darren Tucker
925 - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
926 - (tim) [configure.ac] add tests for recvmsg and sendmsg.
927 [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
928 systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
931 - (djm) ssh-rand-helper improvements
932 - Add commandline debugging options
933 - Don't write binary data if stdout is a tty (use hex instead)
935 - (djm) Random number collection doc fixes from Ben
938 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
941 - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
942 - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
943 to -h on testing for /bin being symbolic link
944 - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
945 Corinna Vinschen <vinschen@redhat.com>
946 - (bal) disable privsep if no MAP_ANON. We can re-enable it
947 after the release when we can do more testing.
950 - (stevesk) [auth-sia.c] cleanup
951 - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
952 defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
953 openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
957 - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
958 - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net>
959 - (bal) OpenBSD CVS Sync
960 - markus@cvs.openbsd.org 2002/04/10 08:21:47
961 [auth1.c compat.c compat.h]
962 strip '@' from username only for KerbV and known broken clients,
964 - markus@cvs.openbsd.org 2002/04/10 08:56:01
967 - Added p1 to idenify Portable release version.
970 - (bal) Minor OpenSC updates. Fix up header locations and update
971 README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi>
974 - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
975 Future: we may want to test if fd passing works correctly.
976 - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
977 and no fd passing support.
978 - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
980 - (stevesk) remove configure support for poll.h; it was removed
981 from sshd.c a long time ago.
982 - (stevesk) --with-privsep-user; default sshd
983 - (stevesk) wrap munmap() with HAVE_MMAP also.
986 - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
987 <carsten.grohmann@dr-baldeweg.de>
988 - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
989 - (bal) OpenBSD CVS Sync
990 - djm@cvs.openbsd.org 2002/04/06 00:30:08
992 Fix occasional corruption on upload due to bad reuse of request
993 id, spotted by chombier@mac.com; ok markus@
994 - mouring@cvs.openbsd.org 2002/04/06 18:24:09
996 Fixes potental double // within path.
997 http://bugzilla.mindrot.org/show_bug.cgi?id=76
998 - (bal) Slight update to OpenSC support. Better version checking. patch
999 by Juha Yrjölä <jyrjola@cc.hut.fi>
1000 - (bal) Revered out of runtime IRIX detection of joblimits. Code is
1002 - (bal) Quiet down configure.ac if /bin/test does not exist.
1003 - (bal) We no longer use atexit()/xatexit()/on_exit()
1006 - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
1007 Juha Yrjölä <jyrjola@cc.hut.fi>
1008 - (bal) Minor documentation update to reflect smartcard library
1010 - (bal) Too many <sys/queue.h> issues. Remove all workarounds and
1011 using internal version only.
1012 - (bal) OpenBSD CVS Sync
1013 - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
1015 clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
1018 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
1019 auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
1020 - (bal) OpenBSD CVS Sync
1021 - markus@cvs.openbsd.org 2002/04/03 09:26:11
1022 [cipher.c myproposal.h]
1023 re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
1026 - (bal) Hand Sync of scp.c (reverted to upstream code)
1027 - deraadt@cvs.openbsd.org 2002/03/30 17:45:46
1030 - (bal) CVS ID sync of uidswap.c
1031 - (bal) OpenBSD CVS Sync (now for the real sync)
1032 - markus@cvs.openbsd.org 2002/03/27 22:21:45
1034 try to import keys with extra trailing === (seen with ssh.com <
1036 - markus@cvs.openbsd.org 2002/03/28 15:34:51
1038 do not call record_login twice (for use_privsep)
1039 - markus@cvs.openbsd.org 2002/03/29 18:59:32
1040 [session.c session.h]
1041 retrieve last login time before the pty is allocated, store per
1043 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
1045 RSA key modulus size minimum 768; ok markus@
1046 - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
1047 [auth-rsa.c ssh-rsa.c ssh.h]
1048 make RSA modulus minimum #define; ok markus@
1049 - markus@cvs.openbsd.org 2002/03/30 18:51:15
1050 [monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
1051 check waitpid for EINTR; based on patch from peter@ifm.liu.se
1052 - markus@cvs.openbsd.org 2002/04/01 22:02:16
1054 20480 is an upper limit for older server
1055 - markus@cvs.openbsd.org 2002/04/01 22:07:17
1057 fallback to stat if server does not support lstat
1058 - markus@cvs.openbsd.org 2002/04/02 11:49:39
1060 check $SHELL for -k and -d, too;
1061 http://bugzilla.mindrot.org/show_bug.cgi?id=199
1062 - markus@cvs.openbsd.org 2002/04/02 17:37:48
1064 always call log_init()
1065 - markus@cvs.openbsd.org 2002/04/02 20:11:38
1067 ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
1068 - (bal) mispelling in uidswap.c (portable only)
1071 - (stevesk) [monitor.c] PAM should work again; will *not* work with
1072 UsePrivilegeSeparation=yes.
1073 - (stevesk) [auth1.c] fix password auth for protocol 1 when
1074 !USE_PAM && !HAVE_OSF_SIA; merge issue.
1077 - (tim) [configure.ac] use /bin/test -L to work around broken builtin on
1079 - (tim) [sshconnect2.c] change uint32_t to u_int32_t
1082 - (stevesk) [configure.ac] remove header check for sys/ttcompat.h
1086 - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
1088 - (bal) OpenBSD CVS Sync
1089 - markus@cvs.openbsd.org 2002/03/26 11:34:49
1091 update to recent drafts
1092 - markus@cvs.openbsd.org 2002/03/26 11:37:05
1095 - markus@cvs.openbsd.org 2002/03/26 15:23:40
1097 do not talk about packets in bufaux
1098 - rees@cvs.openbsd.org 2002/03/26 18:46:59
1100 try_AUT0 in read_pubkey too, for those paranoid few who want to
1102 - markus@cvs.openbsd.org 2002/03/26 22:50:39
1104 CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
1105 - markus@cvs.openbsd.org 2002/03/26 23:13:03
1107 disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
1108 - markus@cvs.openbsd.org 2002/03/26 23:14:51
1110 generate a new cookie for each SSH2_MSG_KEXINIT message we send out
1111 - mouring@cvs.openbsd.org 2002/03/27 11:45:42
1113 monitor_allowed_key() returns int instead of pointer. ok markus@
1116 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
1117 - (bal) OpenBSD CVS Sync
1118 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
1120 setproctitle() after preauth child; ok markus@
1121 - markus@cvs.openbsd.org 2002/03/24 16:00:27
1124 - markus@cvs.openbsd.org 2002/03/24 16:01:13
1126 debug->debug3 for extra padding
1127 - stevesk@cvs.openbsd.org 2002/03/24 17:27:03
1130 - stevesk@cvs.openbsd.org 2002/03/24 17:53:16
1132 minor cleanup and more error checking; ok markus@
1133 - markus@cvs.openbsd.org 2002/03/24 18:05:29
1135 we need to figure out AUT0 for sc_private_encrypt, too
1136 - stevesk@cvs.openbsd.org 2002/03/24 23:20:00
1138 remove "\n" from fatal()
1139 - markus@cvs.openbsd.org 2002/03/25 09:21:13
1141 return 0 (not NULL); tomh@po.crl.go.jp
1142 - markus@cvs.openbsd.org 2002/03/25 09:25:06
1145 - markus@cvs.openbsd.org 2002/03/25 17:34:27
1146 [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
1147 change sc_get_key to sc_get_keys and hide smartcard details in scard.c
1148 - stevesk@cvs.openbsd.org 2002/03/25 20:12:10
1149 [monitor_mm.c monitor_wrap.c]
1150 ssize_t args use "%ld" and cast to (long)
1151 size_t args use "%lu" and cast to (u_long)
1152 ok markus@ and thanks millert@
1153 - markus@cvs.openbsd.org 2002/03/25 21:04:02
1155 simplify num_identity_files handling
1156 - markus@cvs.openbsd.org 2002/03/25 21:13:51
1157 [channels.c channels.h compat.c compat.h nchan.c]
1158 don't send stderr data after EOF, accept this from older known
1159 (broken) sshd servers only, fixes
1160 http://bugzilla.mindrot.org/show_bug.cgi?id=179
1161 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01
1162 [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
1166 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
1167 it can be removed. only used on solaris. will no longer compile with
1171 - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
1172 - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
1173 - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
1174 - (stevesk) [monitor_fdpass.c] support for access rights style file
1176 - (stevesk) [auth2.c] merge cleanup/sync
1177 - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
1178 is missing CMSG_LEN() and CMSG_SPACE() macros.
1179 - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
1180 platforms may need this--I'm not sure. mmap() issues will need to be
1182 - (tim) [cipher.c] fix problem with OpenBSD sync
1183 - (stevesk) [LICENCE] OpenBSD sync
1186 - (bal) OpenBSD CVS Sync
1187 - itojun@cvs.openbsd.org 2002/03/08 06:10:16
1189 printf type mismatch
1190 - itojun@cvs.openbsd.org 2002/03/11 03:18:49
1192 correct type mismatches (u_int64_t != unsigned long long)
1193 - itojun@cvs.openbsd.org 2002/03/11 03:19:53
1196 - markus@cvs.openbsd.org 2002/03/14 15:24:27
1198 don't trust size sent by (rogue) server; noted by
1199 s.esser@e-matters.de
1200 - markus@cvs.openbsd.org 2002/03/14 16:38:26
1202 split out ssh1 session key decryption; ok provos@
1203 - markus@cvs.openbsd.org 2002/03/14 16:56:33
1204 [auth-rh-rsa.c auth-rsa.c auth.h]
1205 split auth_rsa() for better readability and privsep; ok provos@
1206 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
1208 fix file type checking (use S_ISREG). ok by markus
1209 - markus@cvs.openbsd.org 2002/03/16 11:24:53
1211 skip inflateEnd if inflate fails; ok provos@
1212 - markus@cvs.openbsd.org 2002/03/16 17:22:09
1213 [auth-rh-rsa.c auth.h]
1214 split auth_rhosts_rsa(), ok provos@
1215 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
1217 BSD license. from Daniel Kouril via Dug Song. ok markus@
1218 - provos@cvs.openbsd.org 2002/03/17 20:25:56
1219 [auth.c auth.h auth1.c auth2.c]
1220 getpwnamallow returns struct passwd * only if user valid;
1222 - provos@cvs.openbsd.org 2002/03/18 01:12:14
1223 [auth.h auth1.c auth2.c sshd.c]
1224 have the authentication functions return the authentication context
1225 and then do_authenticated; okay millert@
1226 - dugsong@cvs.openbsd.org 2002/03/18 01:30:10
1228 set client to NULL after xfree(), from Rolf Braun
1229 <rbraun+ssh@andrew.cmu.edu>
1230 - provos@cvs.openbsd.org 2002/03/18 03:41:08
1232 move auth_approval into getpwnamallow with help from millert@
1233 - markus@cvs.openbsd.org 2002/03/18 17:13:15
1235 export/import cipher states; needed by ssh-privsep
1236 - markus@cvs.openbsd.org 2002/03/18 17:16:38
1238 export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
1239 - markus@cvs.openbsd.org 2002/03/18 17:23:31
1241 add key_demote() for ssh-privsep
1242 - provos@cvs.openbsd.org 2002/03/18 17:25:29
1244 buffer_skip_string and extra sanity checking; needed by ssh-privsep
1245 - provos@cvs.openbsd.org 2002/03/18 17:31:54
1247 export compression streams for ssh-privsep
1248 - provos@cvs.openbsd.org 2002/03/18 17:50:31
1249 [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
1250 [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
1251 [kexgex.c servconf.c]
1252 [session.h servconf.h serverloop.c session.c sshd.c]
1253 integrate privilege separated openssh; its turned off by default
1254 for now. work done by me and markus@
1255 - provos@cvs.openbsd.org 2002/03/18 17:53:08
1258 - provos@cvs.openbsd.org 2002/03/18 17:59:09
1260 document UsePrivilegeSeparation
1261 - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
1263 UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
1265 - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
1266 [pathnames.h servconf.c servconf.h sshd.c]
1267 _PATH_PRIVSEP_CHROOT_DIR; ok provos@
1268 - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
1270 Banner has no default.
1271 - mpech@cvs.openbsd.org 2002/03/19 06:32:56
1273 use xfree() after xstrdup().
1276 - markus@cvs.openbsd.org 2002/03/19 10:35:39
1277 [auth-options.c auth.h session.c session.h sshd.c]
1279 - markus@cvs.openbsd.org 2002/03/19 10:49:35
1280 [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
1281 [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
1282 [sshconnect2.c sshd.c ttymodes.c]
1284 - markus@cvs.openbsd.org 2002/03/19 14:27:39
1285 [auth.c auth1.c auth2.c]
1286 make getpwnamallow() allways call pwcopy()
1287 - markus@cvs.openbsd.org 2002/03/19 15:31:47
1289 check for NULL; from provos@
1290 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
1291 [servconf.c servconf.h ssh.h sshd.c]
1292 for unprivileged user, group do:
1293 pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
1294 - stevesk@cvs.openbsd.org 2002/03/20 21:08:08
1296 strerror() on chdir() fail; ok provos@
1297 - markus@cvs.openbsd.org 2002/03/21 10:21:20
1299 ignore errors for nonexisting default keys in ssh-add,
1300 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
1301 - jakob@cvs.openbsd.org 2002/03/21 15:17:26
1302 [clientloop.c ssh.1]
1303 add built-in command line for adding new port forwardings on the fly.
1304 based on a patch from brian wellington. ok markus@.
1305 - markus@cvs.openbsd.org 2002/03/21 16:38:06
1307 make compile w/ openssl 0.9.7
1308 - markus@cvs.openbsd.org 2002/03/21 16:54:53
1309 [scard.c scard.h ssh-keygen.c]
1310 move key upload to scard.[ch]
1311 - markus@cvs.openbsd.org 2002/03/21 16:57:15
1314 - markus@cvs.openbsd.org 2002/03/21 16:58:13
1317 - rees@cvs.openbsd.org 2002/03/21 18:08:15
1319 In sc_put_key(), sc_reader_id should be id.
1320 - markus@cvs.openbsd.org 2002/03/21 20:51:12
1323 - markus@cvs.openbsd.org 2002/03/21 21:23:34
1325 add privsep_preauth() and remove 1 goto; ok provos@
1326 - rees@cvs.openbsd.org 2002/03/21 21:54:34
1327 [scard.c scard.h ssh-keygen.c]
1328 Add PIN-protection for secret key.
1329 - rees@cvs.openbsd.org 2002/03/21 22:44:05
1330 [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
1331 Add PIN-protection for secret key.
1332 - markus@cvs.openbsd.org 2002/03/21 23:07:37
1334 remove unused, sync w/ cmdline patch in my tree.
1337 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
1338 wanted, warn if directory does not exist. Put system directories in
1339 front of PATH for finding entorpy commands.
1340 - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
1341 build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
1342 [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
1343 postinstall check for $piddir and add if necessary.
1346 - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
1347 build on all platforms that support SVR4 style package tools. Now runs
1348 from build dir. Parts are based on patches from Antonio Navarro, and
1352 - (djm) Revert bits of Markus' OpenSSL compat patch which was
1353 accidentally committed.
1354 - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
1355 Known issue: Blowfish for SSH1 does not work
1356 - (stevesk) entropy.c: typo in debug message
1357 - (djm) ssh-keygen -i needs seeded RNG; report from markus@