2 - (bal) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2002/05/15 21:56:38
4 [servconf.c sshd.8 sshd_config]
5 re-enable privsep and disable setuid for post-3.2.2
6 - markus@cvs.openbsd.org 2002/05/16 22:02:50
8 fix warnings (openssl 0.9.7 requires const)
9 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
11 don't limit xauth pathlen on client side and longer print length on
12 server when debug; ok markus@
13 - deraadt@cvs.openbsd.org 2002/05/19 20:54:52
15 extra commas in enum not 100% portable
16 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
18 spelling; abishoff@arc.nasa.gov
19 - markus@cvs.openbsd.org 2002/05/23 19:24:30
20 [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
21 sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
22 add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
23 authentication in protocol v2 (needs to access the hostkeys).
24 - markus@cvs.openbsd.org 2002/05/23 19:39:34
26 add comment about ssh-keysign
27 - markus@cvs.openbsd.org 2002/05/24 08:45:14
29 stat ssh-keysign first, print error if stat fails;
30 some debug->error; fix comment
31 - markus@cvs.openbsd.org 2002/05/25 08:50:39
33 execlp->execl; from stevesk
34 - markus@cvs.openbsd.org 2002/05/25 18:51:07
35 [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
36 auth2-passwd.c auth2-pubkey.c Makefile.in]
37 split auth2.c into one file per method; ok provos@/deraadt@
38 - stevesk@cvs.openbsd.org 2002/05/26 20:35:10
40 sort ChallengeResponseAuthentication; ok markus@
41 - stevesk@cvs.openbsd.org 2002/05/28 16:45:27
43 print strerror(errno) on mmap/munmap error; ok markus@
44 - stevesk@cvs.openbsd.org 2002/05/28 17:28:02
46 format spec change/casts and some KNF; ok markus@
49 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
50 setsockopt from debug to error for now).
53 - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
54 build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
55 last monitor_fdpass.c changes that are no longer needed with new tests.
56 Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
59 - (djm) Fix spelling mistakes, spotted by Solar Designer i
61 - Sync scard/ (not sure when it drifted)
62 - (djm) OpenBSD CVS Sync:
64 Fix typo/thinko. Pass in as to auth_approval(), not NULL.
67 - Crank RPM spec versions
70 - (stevesk) [sshd.c] bug 245; disable setsid() for now
71 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
74 - (tim) [configure.ac] remove extra MD5_MSG="no" line.
77 - (bal) CVS ID fix up on auth-passwd.c
78 - (bal) OpenBSD CVS Sync
79 - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
82 - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
84 move to sshd.sshd instead
85 - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
88 - itojun@cvs.openbsd.org 2002/05/13 02:37:39
90 less warnings. skey_{respond,query} are public (in auth.h)
91 - markus@cvs.openbsd.org 2002/05/13 20:44:58
92 [auth-options.c auth.c auth.h]
93 move the packet_send_debug handling from auth-options.c to auth.c;
95 - millert@cvs.openbsd.org 2002/05/13 15:53:19
97 Call setsid() in the child after sshd accepts the connection and forks.
98 This is needed for privsep which calls setlogin() when it changes uids.
99 Without this, there is a race where the login name of an existing
100 connection, as returned by getlogin(), may be changed to the privsep
101 user (sshd). markus@ OK
102 - markus@cvs.openbsd.org 2002/05/13 21:26:49
104 handle debug messages during rhosts-rsa and hostbased authentication;
106 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
107 [kex.c monitor.c monitor_wrap.c sshd.c]
108 'monitor' variable clashes with at least one lame platform (NeXT). i
109 Renamed to 'pmonitor'. provos@
110 - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
111 [servconf.c sshd.8 sshd_config]
112 enable privsep by default; provos ok
113 - millert@cvs.openbsd.org 2002/05/06 23:34:33
115 Kill/adjust r(login|exec)d? references now that those are no longer in
117 - markus@cvs.openbsd.org 2002/05/15 21:02:53
118 [servconf.c sshd.8 sshd_config]
119 disable privsep and enable setuid for the 3.2.2 release
120 - (bal) Fixed up PAM case. I think.
121 - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
122 - (bal) OpenBSD CVS Sync
123 - markus@cvs.openbsd.org 2002/05/15 21:05:29
126 - (bal) Caldara, Suse, and Redhat openssh.specs updated.
129 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
130 - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
131 match what newer style ptys have when allocated. Based on a patch by
132 Roger Cornelius <rac@tenzing.org>
133 - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
134 - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
135 from PAM-enabled pragraph. UnixWare has no PAM.
136 - (tim) [contrib/caldera/openssh.spec] update version.
139 - (stevesk) add initial README.privsep
140 - (stevesk) [configure.ac] nicer message: --with-privsep-user=user
141 - (djm) Add --with-superuser-path=xxx configure option to specify
142 what $PATH the superuser receives.
143 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
144 - (djm) Add --with-privsep-path configure option
145 - (djm) Update RPM spec file: different superuser path, use
146 /var/empty/sshd for privsep
147 - (djm) Bug #234: missing readpassphrase declaration and defines
148 - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
152 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
153 Now only searches system and /usr/local/ssl (OpenSSL's default install path)
154 Others must use --with-ssl-dir=....
155 - (tim) [monitor_fdpass.c] fix for systems that have both
156 HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
157 has #define msg_accrights msg_control
160 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
161 check for root forced expire. Still don't check for inactive.
162 - (djm) Rework RedHat RPM files. Based on spec from Nalin
163 Dahyabhai <nalin@redhat.com> and patches from
164 Pekka Savola <pekkas@netcore.fi>
165 - (djm) Try to drop supplemental groups at daemon startup. Patch from
167 - (bal) Back all the way out of auth-passwd.c changes. Breaks too many
168 things that don't set pw->pw_passwd.
171 - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
174 - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
175 called. Report by Chris Maxwell <maxwell@cs.dal.ca>
176 - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
177 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
180 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
181 Add truncate() emulation to address Bug 208
184 - (djm) Unbreak auth-passwd.c for PAM and SIA
185 - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
187 - (djm) Don't reinitialise PAM credentials before we have started PAM.
188 Report from Pekka Savola <pekkas@netcore.fi>
191 - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
194 - (djm) Import OpenBSD regression tests. Requires BSD make to run
195 - (djm) Fix readpassphase compilation for systems which have it
198 - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
200 - (tim) [contrib/cygwin/README] remove reference to regex.
201 patch from Corinna Vinschen <vinschen@redhat.com>
204 - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
206 - (djm) Disable PAM password expiry until a complete fix for bug #188
208 - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
209 patch from openssh@misc.tecq.org
212 - (stevesk) [defines.h] remove USE_TIMEVAL; unused
213 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
214 support. bug #184. most from dcole@keysoftsys.com.
217 - (djm) OpenBSD CVS Sync
218 - markus@cvs.openbsd.org 2002/04/23 12:54:10
221 - djm@cvs.openbsd.org 2002/04/23 22:16:29
223 Improve error message; ok markus@ stevesk@
226 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
227 - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
228 - (markus) OpenBSD CVS Sync
229 - markus@cvs.openbsd.org 2002/04/23 12:58:26
231 send complete ticket; semerad@ss1000.ms.mff.cuni.cz
232 - (djm) Trim ChangeLog to include only post-3.1 changes
233 - (djm) Update RPM spec file versions
234 - (djm) Redhat spec enables KrbV by default
235 - (djm) Applied OpenSC smartcard updates from Markus &
236 Antti Tapaninen <aet@cc.hut.fi>
237 - (djm) Define BROKEN_REALPATH for AIX, patch from
238 Antti Tapaninen <aet@cc.hut.fi>
239 - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
240 Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
241 <phgrau@zedat.fu-berlin.de>
242 - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
243 Reported by Doug Manton <dmanton@emea.att.com>
244 - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
245 Robert Urban <urban@spielwiese.de>
246 - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
247 sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
248 <Matthew_Clarke@mindlink.bc.ca>
249 - (djm) Make privsep work with PAM (still experimental)
250 - (djm) OpenBSD CVS Sync
251 - deraadt@cvs.openbsd.org 2002/04/20 09:02:03
253 No, afs requires explicit enabling
254 - markus@cvs.openbsd.org 2002/04/20 09:14:58
256 add buffer_{get,put}_short
257 - markus@cvs.openbsd.org 2002/04/20 09:17:19
259 rewrite using the buffer_* API, fixes overflow; ok deraadt@
260 - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
262 document default AFSTokenPassing no; ok deraadt@
263 - stevesk@cvs.openbsd.org 2002/04/21 16:25:06
265 spelling in error message; ok markus@
266 - markus@cvs.openbsd.org 2002/04/22 06:15:47
268 fix check for overflow
269 - markus@cvs.openbsd.org 2002/04/22 16:16:53
270 [servconf.c sshd.8 sshd_config]
271 do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
272 - markus@cvs.openbsd.org 2002/04/22 21:04:52
273 [channels.c clientloop.c clientloop.h ssh.c]
274 request reply (success/failure) for -R style fwd in protocol v2,
275 depends on ordered replies.
276 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
279 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
280 entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
281 succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
284 - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
285 Sturle Sunde <sturle.sunde@usit.uio.no>
288 - (djm) Tell users to configure /dev/random support into OpenSSL in
290 - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
291 - (tim) [configure.ac] Issue warning on --with-default-path=/some_path
292 if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
295 - (djm) Unbreak "make install". Fix from Darren Tucker
297 - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
298 - (tim) [configure.ac] add tests for recvmsg and sendmsg.
299 [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
300 systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
303 - (djm) ssh-rand-helper improvements
304 - Add commandline debugging options
305 - Don't write binary data if stdout is a tty (use hex instead)
307 - (djm) Random number collection doc fixes from Ben
310 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
313 - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
314 - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
315 to -h on testing for /bin being symbolic link
316 - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
317 Corinna Vinschen <vinschen@redhat.com>
318 - (bal) disable privsep if no MAP_ANON. We can re-enable it
319 after the release when we can do more testing.
322 - (stevesk) [auth-sia.c] cleanup
323 - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
324 defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
325 openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
329 - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
330 - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net>
331 - (bal) OpenBSD CVS Sync
332 - markus@cvs.openbsd.org 2002/04/10 08:21:47
333 [auth1.c compat.c compat.h]
334 strip '@' from username only for KerbV and known broken clients,
336 - markus@cvs.openbsd.org 2002/04/10 08:56:01
339 - Added p1 to idenify Portable release version.
342 - (bal) Minor OpenSC updates. Fix up header locations and update
343 README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi>
346 - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
347 Future: we may want to test if fd passing works correctly.
348 - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
349 and no fd passing support.
350 - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
352 - (stevesk) remove configure support for poll.h; it was removed
353 from sshd.c a long time ago.
354 - (stevesk) --with-privsep-user; default sshd
355 - (stevesk) wrap munmap() with HAVE_MMAP also.
358 - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
359 <carsten.grohmann@dr-baldeweg.de>
360 - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
361 - (bal) OpenBSD CVS Sync
362 - djm@cvs.openbsd.org 2002/04/06 00:30:08
364 Fix occasional corruption on upload due to bad reuse of request
365 id, spotted by chombier@mac.com; ok markus@
366 - mouring@cvs.openbsd.org 2002/04/06 18:24:09
368 Fixes potental double // within path.
369 http://bugzilla.mindrot.org/show_bug.cgi?id=76
370 - (bal) Slight update to OpenSC support. Better version checking. patch
371 by Juha Yrjölä <jyrjola@cc.hut.fi>
372 - (bal) Revered out of runtime IRIX detection of joblimits. Code is
374 - (bal) Quiet down configure.ac if /bin/test does not exist.
375 - (bal) We no longer use atexit()/xatexit()/on_exit()
378 - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
379 Juha Yrjölä <jyrjola@cc.hut.fi>
380 - (bal) Minor documentation update to reflect smartcard library
382 - (bal) Too many <sys/queue.h> issues. Remove all workarounds and
383 using internal version only.
384 - (bal) OpenBSD CVS Sync
385 - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
387 clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
390 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
391 auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
392 - (bal) OpenBSD CVS Sync
393 - markus@cvs.openbsd.org 2002/04/03 09:26:11
394 [cipher.c myproposal.h]
395 re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
398 - (bal) Hand Sync of scp.c (reverted to upstream code)
399 - deraadt@cvs.openbsd.org 2002/03/30 17:45:46
402 - (bal) CVS ID sync of uidswap.c
403 - (bal) OpenBSD CVS Sync (now for the real sync)
404 - markus@cvs.openbsd.org 2002/03/27 22:21:45
406 try to import keys with extra trailing === (seen with ssh.com <
408 - markus@cvs.openbsd.org 2002/03/28 15:34:51
410 do not call record_login twice (for use_privsep)
411 - markus@cvs.openbsd.org 2002/03/29 18:59:32
412 [session.c session.h]
413 retrieve last login time before the pty is allocated, store per
415 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
417 RSA key modulus size minimum 768; ok markus@
418 - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
419 [auth-rsa.c ssh-rsa.c ssh.h]
420 make RSA modulus minimum #define; ok markus@
421 - markus@cvs.openbsd.org 2002/03/30 18:51:15
422 [monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
423 check waitpid for EINTR; based on patch from peter@ifm.liu.se
424 - markus@cvs.openbsd.org 2002/04/01 22:02:16
426 20480 is an upper limit for older server
427 - markus@cvs.openbsd.org 2002/04/01 22:07:17
429 fallback to stat if server does not support lstat
430 - markus@cvs.openbsd.org 2002/04/02 11:49:39
432 check $SHELL for -k and -d, too;
433 http://bugzilla.mindrot.org/show_bug.cgi?id=199
434 - markus@cvs.openbsd.org 2002/04/02 17:37:48
436 always call log_init()
437 - markus@cvs.openbsd.org 2002/04/02 20:11:38
439 ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
440 - (bal) mispelling in uidswap.c (portable only)
443 - (stevesk) [monitor.c] PAM should work again; will *not* work with
444 UsePrivilegeSeparation=yes.
445 - (stevesk) [auth1.c] fix password auth for protocol 1 when
446 !USE_PAM && !HAVE_OSF_SIA; merge issue.
449 - (tim) [configure.ac] use /bin/test -L to work around broken builtin on
451 - (tim) [sshconnect2.c] change uint32_t to u_int32_t
454 - (stevesk) [configure.ac] remove header check for sys/ttcompat.h
458 - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
460 - (bal) OpenBSD CVS Sync
461 - markus@cvs.openbsd.org 2002/03/26 11:34:49
463 update to recent drafts
464 - markus@cvs.openbsd.org 2002/03/26 11:37:05
467 - markus@cvs.openbsd.org 2002/03/26 15:23:40
469 do not talk about packets in bufaux
470 - rees@cvs.openbsd.org 2002/03/26 18:46:59
472 try_AUT0 in read_pubkey too, for those paranoid few who want to
474 - markus@cvs.openbsd.org 2002/03/26 22:50:39
476 CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
477 - markus@cvs.openbsd.org 2002/03/26 23:13:03
479 disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
480 - markus@cvs.openbsd.org 2002/03/26 23:14:51
482 generate a new cookie for each SSH2_MSG_KEXINIT message we send out
483 - mouring@cvs.openbsd.org 2002/03/27 11:45:42
485 monitor_allowed_key() returns int instead of pointer. ok markus@
488 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
489 - (bal) OpenBSD CVS Sync
490 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
492 setproctitle() after preauth child; ok markus@
493 - markus@cvs.openbsd.org 2002/03/24 16:00:27
496 - markus@cvs.openbsd.org 2002/03/24 16:01:13
498 debug->debug3 for extra padding
499 - stevesk@cvs.openbsd.org 2002/03/24 17:27:03
502 - stevesk@cvs.openbsd.org 2002/03/24 17:53:16
504 minor cleanup and more error checking; ok markus@
505 - markus@cvs.openbsd.org 2002/03/24 18:05:29
507 we need to figure out AUT0 for sc_private_encrypt, too
508 - stevesk@cvs.openbsd.org 2002/03/24 23:20:00
510 remove "\n" from fatal()
511 - markus@cvs.openbsd.org 2002/03/25 09:21:13
513 return 0 (not NULL); tomh@po.crl.go.jp
514 - markus@cvs.openbsd.org 2002/03/25 09:25:06
517 - markus@cvs.openbsd.org 2002/03/25 17:34:27
518 [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
519 change sc_get_key to sc_get_keys and hide smartcard details in scard.c
520 - stevesk@cvs.openbsd.org 2002/03/25 20:12:10
521 [monitor_mm.c monitor_wrap.c]
522 ssize_t args use "%ld" and cast to (long)
523 size_t args use "%lu" and cast to (u_long)
524 ok markus@ and thanks millert@
525 - markus@cvs.openbsd.org 2002/03/25 21:04:02
527 simplify num_identity_files handling
528 - markus@cvs.openbsd.org 2002/03/25 21:13:51
529 [channels.c channels.h compat.c compat.h nchan.c]
530 don't send stderr data after EOF, accept this from older known
531 (broken) sshd servers only, fixes
532 http://bugzilla.mindrot.org/show_bug.cgi?id=179
533 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01
534 [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
538 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
539 it can be removed. only used on solaris. will no longer compile with
543 - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
544 - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
545 - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
546 - (stevesk) [monitor_fdpass.c] support for access rights style file
548 - (stevesk) [auth2.c] merge cleanup/sync
549 - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
550 is missing CMSG_LEN() and CMSG_SPACE() macros.
551 - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
552 platforms may need this--I'm not sure. mmap() issues will need to be
554 - (tim) [cipher.c] fix problem with OpenBSD sync
555 - (stevesk) [LICENCE] OpenBSD sync
558 - (bal) OpenBSD CVS Sync
559 - itojun@cvs.openbsd.org 2002/03/08 06:10:16
562 - itojun@cvs.openbsd.org 2002/03/11 03:18:49
564 correct type mismatches (u_int64_t != unsigned long long)
565 - itojun@cvs.openbsd.org 2002/03/11 03:19:53
568 - markus@cvs.openbsd.org 2002/03/14 15:24:27
570 don't trust size sent by (rogue) server; noted by
572 - markus@cvs.openbsd.org 2002/03/14 16:38:26
574 split out ssh1 session key decryption; ok provos@
575 - markus@cvs.openbsd.org 2002/03/14 16:56:33
576 [auth-rh-rsa.c auth-rsa.c auth.h]
577 split auth_rsa() for better readability and privsep; ok provos@
578 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
580 fix file type checking (use S_ISREG). ok by markus
581 - markus@cvs.openbsd.org 2002/03/16 11:24:53
583 skip inflateEnd if inflate fails; ok provos@
584 - markus@cvs.openbsd.org 2002/03/16 17:22:09
585 [auth-rh-rsa.c auth.h]
586 split auth_rhosts_rsa(), ok provos@
587 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
589 BSD license. from Daniel Kouril via Dug Song. ok markus@
590 - provos@cvs.openbsd.org 2002/03/17 20:25:56
591 [auth.c auth.h auth1.c auth2.c]
592 getpwnamallow returns struct passwd * only if user valid;
594 - provos@cvs.openbsd.org 2002/03/18 01:12:14
595 [auth.h auth1.c auth2.c sshd.c]
596 have the authentication functions return the authentication context
597 and then do_authenticated; okay millert@
598 - dugsong@cvs.openbsd.org 2002/03/18 01:30:10
600 set client to NULL after xfree(), from Rolf Braun
601 <rbraun+ssh@andrew.cmu.edu>
602 - provos@cvs.openbsd.org 2002/03/18 03:41:08
604 move auth_approval into getpwnamallow with help from millert@
605 - markus@cvs.openbsd.org 2002/03/18 17:13:15
607 export/import cipher states; needed by ssh-privsep
608 - markus@cvs.openbsd.org 2002/03/18 17:16:38
610 export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
611 - markus@cvs.openbsd.org 2002/03/18 17:23:31
613 add key_demote() for ssh-privsep
614 - provos@cvs.openbsd.org 2002/03/18 17:25:29
616 buffer_skip_string and extra sanity checking; needed by ssh-privsep
617 - provos@cvs.openbsd.org 2002/03/18 17:31:54
619 export compression streams for ssh-privsep
620 - provos@cvs.openbsd.org 2002/03/18 17:50:31
621 [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
622 [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
623 [kexgex.c servconf.c]
624 [session.h servconf.h serverloop.c session.c sshd.c]
625 integrate privilege separated openssh; its turned off by default
626 for now. work done by me and markus@
627 - provos@cvs.openbsd.org 2002/03/18 17:53:08
630 - provos@cvs.openbsd.org 2002/03/18 17:59:09
632 document UsePrivilegeSeparation
633 - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
635 UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
637 - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
638 [pathnames.h servconf.c servconf.h sshd.c]
639 _PATH_PRIVSEP_CHROOT_DIR; ok provos@
640 - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
642 Banner has no default.
643 - mpech@cvs.openbsd.org 2002/03/19 06:32:56
645 use xfree() after xstrdup().
648 - markus@cvs.openbsd.org 2002/03/19 10:35:39
649 [auth-options.c auth.h session.c session.h sshd.c]
651 - markus@cvs.openbsd.org 2002/03/19 10:49:35
652 [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
653 [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
654 [sshconnect2.c sshd.c ttymodes.c]
656 - markus@cvs.openbsd.org 2002/03/19 14:27:39
657 [auth.c auth1.c auth2.c]
658 make getpwnamallow() allways call pwcopy()
659 - markus@cvs.openbsd.org 2002/03/19 15:31:47
661 check for NULL; from provos@
662 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
663 [servconf.c servconf.h ssh.h sshd.c]
664 for unprivileged user, group do:
665 pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
666 - stevesk@cvs.openbsd.org 2002/03/20 21:08:08
668 strerror() on chdir() fail; ok provos@
669 - markus@cvs.openbsd.org 2002/03/21 10:21:20
671 ignore errors for nonexisting default keys in ssh-add,
672 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
673 - jakob@cvs.openbsd.org 2002/03/21 15:17:26
675 add built-in command line for adding new port forwardings on the fly.
676 based on a patch from brian wellington. ok markus@.
677 - markus@cvs.openbsd.org 2002/03/21 16:38:06
679 make compile w/ openssl 0.9.7
680 - markus@cvs.openbsd.org 2002/03/21 16:54:53
681 [scard.c scard.h ssh-keygen.c]
682 move key upload to scard.[ch]
683 - markus@cvs.openbsd.org 2002/03/21 16:57:15
686 - markus@cvs.openbsd.org 2002/03/21 16:58:13
689 - rees@cvs.openbsd.org 2002/03/21 18:08:15
691 In sc_put_key(), sc_reader_id should be id.
692 - markus@cvs.openbsd.org 2002/03/21 20:51:12
695 - markus@cvs.openbsd.org 2002/03/21 21:23:34
697 add privsep_preauth() and remove 1 goto; ok provos@
698 - rees@cvs.openbsd.org 2002/03/21 21:54:34
699 [scard.c scard.h ssh-keygen.c]
700 Add PIN-protection for secret key.
701 - rees@cvs.openbsd.org 2002/03/21 22:44:05
702 [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
703 Add PIN-protection for secret key.
704 - markus@cvs.openbsd.org 2002/03/21 23:07:37
706 remove unused, sync w/ cmdline patch in my tree.
709 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
710 wanted, warn if directory does not exist. Put system directories in
711 front of PATH for finding entorpy commands.
712 - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
713 build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
714 [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
715 postinstall check for $piddir and add if necessary.
718 - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
719 build on all platforms that support SVR4 style package tools. Now runs
720 from build dir. Parts are based on patches from Antonio Navarro, and
724 - (djm) Revert bits of Markus' OpenSSL compat patch which was
725 accidentally committed.
726 - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
727 Known issue: Blowfish for SSH1 does not work
728 - (stevesk) entropy.c: typo in debug message
729 - (djm) ssh-keygen -i needs seeded RNG; report from markus@