2 - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
4 - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications
5 and minor fixes. OK djm@
6 - (bal) redo how we handle 'mysignal()'. Move it to
7 openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
8 be our 'mysignal' by default. OK djm@
11 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
13 - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys
14 rather that authorized_keys2. Patch from vinschen@redhat.com.
17 - (dtucker) OpenBSD CVS Sync
18 - markus@cvs.openbsd.org 2003/08/14 16:08:58
20 exit after primetest, ok djm@
21 - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros,
22 change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for
24 - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement
25 and after normal openpty test.
28 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.
29 - (dtucker) OpenBSD CVS Sync
30 - markus@cvs.openbsd.org 2003/08/13 08:33:02
32 use more portable tcsendbreak(3) and ignore break_length;
34 - markus@cvs.openbsd.org 2003/08/13 08:46:31
35 [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
36 ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
37 remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
38 fgsch@, miod@, henning@, jakob@ and others
39 - markus@cvs.openbsd.org 2003/08/13 09:07:10
41 socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
42 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
43 Add a tcsendbreak function for platforms that don't have one, based on the
47 - (dtucker) OpenBSD CVS Sync
48 (thanks to Simon Wilkinson for help with this -dt)
49 - markus@cvs.openbsd.org 2003/07/16 15:02:06
51 mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
52 otherwise the kerberos credentinal is stored in a memory cache
53 in the privileged sshd. ok jabob@, hin@ (some time ago)
54 - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate
55 in bsd-cygwin_util.h).
58 - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and
59 AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition
60 separately before defining them.
61 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@
64 - (dtucker) [session.c] Have session_break_req not attempt to send a break
65 if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
66 - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is
67 defined (fixes compile error on really old Linuxes).
68 - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if
69 not already defined (eg Linux with some versions of libc5), based on those
71 - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
72 Remove incorrect filenames from comments (file names are in Id tags).
73 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
74 specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
77 - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
78 - (dtucker) OpenBSD CVS Sync
79 - markus@cvs.openbsd.org 2003/07/22 13:35:22
80 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
81 monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
82 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
83 remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
85 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
86 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
87 - (dtucker) OpenBSD CVS Sync
88 - markus@cvs.openbsd.org 2003/07/23 07:42:43
91 - djm@cvs.openbsd.org 2003/07/28 09:49:56
92 [ssh-keygen.1 ssh-keygen.c]
93 Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
94 Based on code from Phil Karn, William Allen Simpson and Niels Provos.
95 ok markus@, thanks jmc@
96 - markus@cvs.openbsd.org 2003/07/29 18:24:00
97 [LICENCE progressmeter.c]
98 replace 4 clause BSD licensed progressmeter code with a replacement
99 from Nils Nordman and myself; ok deraadt@
100 (copied from OpenBSD an re-applied portable changes)
101 - markus@cvs.openbsd.org 2003/07/29 18:26:46
103 fix length for "- stalled -" (included with previous import)
104 - markus@cvs.openbsd.org 2003/07/30 07:44:14
106 use only 4 digits in format_size (included with previous import)
107 - markus@cvs.openbsd.org 2003/07/30 07:53:27
109 whitespace (included with previous import)
110 - markus@cvs.openbsd.org 2003/07/31 09:21:02
112 check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za
114 - avsm@cvs.openbsd.org 2003/07/31 15:50:16
116 correct comment: atomicio takes vwrite, not write; deraadt@ ok
117 - markus@cvs.openbsd.org 2003/07/31 22:34:03
119 print rate similar old version; round instead truncate;
120 (included in previous progressmeter.c commit)
121 - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
122 Add a tcgetpgrp function.
123 - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
124 - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp.
127 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
130 - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW ->
131 DISABLE_SHADOW. Fixes HP-UX compile error.
134 - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
135 openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
136 and isolate shadow password functions. Tested in Solaris, but should
137 not break other platforms too badly (except maybe HP =). Also brings
138 auth-passwd.c into full sync with OpenBSD tree.
141 - (dtucker) [configure.ac] Back out change for bug #620.
144 - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for
145 Solaris/x86. Patch from jrhett at isite.net.
146 - (dtucker) OpenBSD CVS Sync
147 - markus@cvs.openbsd.org 2003/07/14 12:36:37
149 remove undocumented -V option. would be only useful if openssh is used
150 as ssh v1 server for ssh.com's ssh v2.
151 - markus@cvs.openbsd.org 2003/07/16 10:34:53
153 don't exit on multiple -v or -d; ok deraadt@
154 - markus@cvs.openbsd.org 2003/07/16 10:36:28
156 clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@
157 - deraadt@cvs.openbsd.org 2003/07/18 01:54:25
159 userid is unsigned, but well, force it anyways; andrushock@korovino.net
160 - djm@cvs.openbsd.org 2003/07/19 00:45:53
162 fix sftp filename parsing for arguments with escaped quotes. bz #517;
164 - djm@cvs.openbsd.org 2003/07/19 00:46:31
165 [regress/sftp-cmds.sh]
166 regress test for sftp arguments with escaped quotes; ok markus
169 - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
170 loginfailed at all, so assume 3-arg loginfailed if not declared.
171 - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
173 - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
174 Call setauthdb() before loginfailed(), which may load password registry-
175 specific functions. Based on patch by cawlfiel at us.ibm.com.
176 - (dtucker) [port-aix.h] Fix prototypes.
177 - (dtucker) OpenBSD CVS Sync
178 - avsm@cvs.openbsd.org 2003/07/09 13:58:19
180 minor tweak: when generating the hex fingerprint, give strlcat the full
181 bound to the buffer, and add a comment below explaining why the
182 zero-termination is one less than the bound. markus@ ok
183 - markus@cvs.openbsd.org 2003/07/10 14:42:28
185 the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
186 blowfish, etc, so enforce a 1GB limit for small blocksizes.
187 - markus@cvs.openbsd.org 2003/07/10 20:05:55
189 sync usage with manpage, add missing -R
192 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
193 Include AIX headers for authentication functions and make calls match
194 prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed.
195 - (dtucker) [session.c] Check return value of setpcred().
196 - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
197 Convert aixloginmsg into platform-independant Buffer loginmsg.
200 - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
201 searching libraries for it. Fixes build errors on NCR MP-RAS.
204 - (dtucker) [ssh-rand-helper.c loginrec.c]
205 Apply atomicio typing change to these too.
208 - (dtucker) OpenBSD CVS Sync
209 - djm@cvs.openbsd.org 2003/06/28 07:48:10
211 report pidfile creation errors, based on patch from Roumen Petrov;
213 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
214 [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
215 progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
217 deal with typing of write vs read in atomicio
218 - markus@cvs.openbsd.org 2003/06/29 12:44:38
220 memset 0, not \0; andrushock@korovino.net
221 - markus@cvs.openbsd.org 2003/07/02 12:56:34
223 deny dynamic forwarding with -R for v1, too; ok djm@
224 - markus@cvs.openbsd.org 2003/07/02 14:51:16
225 [channels.c ssh.1 ssh_config.5]
226 (re)add socks5 suppport to -D; ok djm@
227 now ssh(1) can act both as a socks 4 and socks 5 server and
228 dynamically forward ports.
229 - markus@cvs.openbsd.org 2003/07/02 20:37:48
231 convert hostkeyalias to lowercase, otherwise uppercase aliases will
232 not match at all; ok henning@
233 - markus@cvs.openbsd.org 2003/07/03 08:21:46
234 [regress/dynamic-forward.sh]
235 add socks5; speedup; reformat; based on patch from dtucker@zip.com.au
236 - markus@cvs.openbsd.org 2003/07/03 08:24:13
238 enable tests for dynamic fwd via socks (-D), uses nc(1)
239 - djm@cvs.openbsd.org 2003/07/03 08:09:06
240 [readconf.c readconf.h ssh-keysign.c ssh.c]
241 fix AddressFamily option in config file, from brent@graveland.net;
245 - (djm) Search for support functions necessary to build our
246 getrrsetbyname() replacement. Patch from Roumen Petrov
249 - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h
250 (fixes compiler warnings on Solaris 2.5.1).
251 - (dtucker) [configure.ac] Add sanity test after system-dependant compiler
255 - (djm) Bug #591: use PKCS#15 private key label as a comment in case
256 of OpenSC. Report and patch from larsch@trustcenter.de
257 - (djm) Bug #593: Sanity check OpenSC card reader number; patch from
259 - (dtucker) OpenBSD CVS Sync
260 - markus@cvs.openbsd.org 2003/06/23 09:02:44
262 document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
263 - markus@cvs.openbsd.org 2003/06/24 08:23:46
264 [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
265 monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
266 int -> u_int; ok djm@, deraadt@, mouring@
267 - miod@cvs.openbsd.org 2003/06/25 22:39:36
269 Typo police: attribute is better written with an 'r'.
270 - markus@cvs.openbsd.org 2003/06/26 20:08:33
272 do not dump core for 'ssh -o proxycommand host'; ok deraadt@
273 - (dtucker) [regress/dynamic-forward.sh] Import new regression test.
274 - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE
275 actually enable the feature, for those normally disabled. Patch by
276 openssh (at) roumenpetrov.info.
279 - (dtucker) Have configure refer the user to config.log and
280 contrib/findssl.sh for OpenSSL header/library mismatches.
283 - (dtucker) OpenBSD CVS Sync
284 - markus@cvs.openbsd.org 2003/06/21 09:14:05
285 [regress/reconfigure.sh]
286 missing $SUDO; from dtucker@zip.com.au
287 - markus@cvs.openbsd.org 2003/06/18 11:28:11
289 backout last change, since it violates pkcs#1
290 switch to share/misc/license.template
291 - djm@cvs.openbsd.org 2003/06/20 05:47:58
293 sync description of protocol 2 cipher proposal; ok markus
294 - djm@cvs.openbsd.org 2003/06/20 05:48:21
296 sync some implemented options; ok markus@
297 - (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS.
298 - (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before
302 - (djm) OpenBSD CVS Sync
303 - markus@cvs.openbsd.org 2003/06/12 07:57:38
304 [monitor.c sshlogin.c sshpty.c]
305 typos; dtucker at zip.com.au
306 - djm@cvs.openbsd.org 2003/06/12 12:22:47
308 mention more copyright holders; ok markus@
309 - nino@cvs.openbsd.org 2003/06/12 15:34:09
312 - markus@cvs.openbsd.org 2003/06/12 19:12:03
313 [scard.c scard.h ssh-agent.c ssh.c]
314 add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
315 - markus@cvs.openbsd.org 2003/06/16 08:22:35
317 make sure the signature has at least the expected length (don't
318 insist on len == hlen + oidlen, since this breaks some smartcards)
319 bugzilla #592; ok djm@
320 - markus@cvs.openbsd.org 2003/06/16 10:22:45
322 print out key comment on each prompt; make ssh-askpass more useable; ok djm@
323 - markus@cvs.openbsd.org 2003/06/17 18:14:23
325 use license from /usr/share/misc/license.template for new code
326 - (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh]
327 Import new regression tests from OpenBSD
328 - (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS.
329 - (dtucker) OpenBSD CVS Sync (regress/)
330 - markus@cvs.openbsd.org 2003/04/02 12:21:13
333 - djm@cvs.openbsd.org 2003/04/04 09:34:22
334 [Makefile sftp-cmds.sh]
335 More regression tests, including recent directory rename bug; ok markus@
336 - markus@cvs.openbsd.org 2003/05/14 22:08:27
337 [ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh]
338 test against some new commerical versions
339 - mouring@cvs.openbsd.org 2003/05/15 04:07:12
341 Advanced put/get testing for sftp. OK @djm
342 - markus@cvs.openbsd.org 2003/06/12 15:40:01
345 - markus@cvs.openbsd.org 2003/06/12 15:43:32
347 test -HUP; dtucker at zip.com.au
350 - (djm) Update license on fake-rfc2553.[ch]; ok itojun@
353 - (djm) Mention portable copyright holders in LICENSE
354 - (djm) Put licenses on substantial header files
355 - (djm) Sync LICENSE against OpenBSD
356 - (djm) OpenBSD CVS Sync
357 - jmc@cvs.openbsd.org 2003/06/10 09:12:11
358 [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
359 [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
361 - COMPATIBILITY merge
363 - kill whitespace at EOL
364 - new sentence, new line
366 - deraadt@cvs.openbsd.org 2003/06/10 22:20:52
367 [packet.c progressmeter.c]
368 mostly ansi cleanup; pval ok
369 - jakob@cvs.openbsd.org 2003/06/11 10:16:16
371 clean up check_host_key() and improve SSHFP feedback. ok markus@
372 - jakob@cvs.openbsd.org 2003/06/11 10:18:47
374 sync with check_host_key() change
375 - djm@cvs.openbsd.org 2003/06/11 11:18:38
376 [authfd.c authfd.h ssh-add.c ssh-agent.c]
377 make agent constraints (lifetime, confirm) work with smartcard keys;
382 - (djm) Sync README.smartcard with OpenBSD -current
383 - (djm) Re-merge OpenSC info into README.smartcard
386 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
389 - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
391 - (djm) Implement paranoid priv dropping checks, based on:
392 "SetUID demystified" - Hao Chen, David Wagner and Drew Dean
393 Proceedings of USENIX Security Symposium 2002
394 - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
395 - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
396 - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
397 Patch from larsch@trustcenter.de
398 - (djm) Bug #589 - scard-opensc: load only keys with a private keys
399 Patch from larsch@trustcenter.de
400 - (dtucker) Add includes.h to fake-rfc2553.c so it will build.
401 - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c).
404 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
405 simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
406 - (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
407 Patch from larsch@trustcenter.de; ok markus@
408 - (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from
409 larsch@trustcenter.de; ok markus@
410 - (djm) OpenBSD CVS Sync
411 - djm@cvs.openbsd.org 2003/06/04 08:25:18
413 disable challenge/response and keyboard-interactive auth methods
414 upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
416 - djm@cvs.openbsd.org 2003/06/04 10:23:48
418 remove duplicated group-dropping code; ok markus@
419 - djm@cvs.openbsd.org 2003/06/04 12:03:59
421 remove bitrotten commet; ok markus@
422 - djm@cvs.openbsd.org 2003/06/04 12:18:49
425 - djm@cvs.openbsd.org 2003/06/04 12:40:39
427 kill ssh process upon receipt of signal, bz #241.
428 based on patch from esb AT hawaii.edu; ok markus@
429 - djm@cvs.openbsd.org 2003/06/04 12:41:22
431 kill ssh process on receipt of signal; ok markus@
432 - (djm) Update to fix of bug #584: lock card before return.
433 From larsch@trustcenter.de
434 - (djm) Always use mysignal() for SIGALRM
437 - (djm) Replace setproctitle replacement with code derived from
439 - (djm) OpenBSD CVS Sync
440 - markus@cvs.openbsd.org 2003/06/02 09:17:34
441 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
442 [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
444 deprecate VerifyReverseMapping since it's dangerous if combined
445 with IP based access control as noted by Mike Harding; replace with
446 a UseDNS option, UseDNS is on by default and includes the
447 VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
449 - millert@cvs.openbsd.org 2003/06/03 02:56:16
451 Remove the advertising clause in the UCB license which Berkeley
452 rescinded 22 July 1999. Proofed by myself and Theo.
453 - (djm) Fix portable-specific uses of verify_reverse_mapping too
454 - (djm) Sync openbsd-compat with OpenBSD CVS.
455 - No more 4-term BSD licenses in linked code
456 - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
459 - (djm) Fix segv from bad reordering in auth-pam.c
460 - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
462 - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
464 - (djm) Remove "noip6" option from RedHat spec file. This may now be
465 set at runtime using AddressFamily option.
466 - (djm) Fix use of macro before #define in cipher-aes.c
467 - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
468 - (djm) OpenBSD CVS Sync
469 - djm@cvs.openbsd.org 2003/05/26 12:54:40
471 fix format strings; ok markus@
472 - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
474 seteuid and setegid; markus ok
475 - jakob@cvs.openbsd.org 2003/06/02 08:31:10
477 VerifyHostKeyDNS is v2 only. ok markus@
480 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
482 - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
485 - (djm) Avoid auth2-chall.c warning when compiling without
486 PAM, BSD_AUTH and SKEY
489 - (djm) OpenBSD CVS Sync
490 - djm@cvs.openbsd.org 2003/05/24 09:02:22
492 pass logged data through strnvis; ok markus
493 - djm@cvs.openbsd.org 2003/05/24 09:30:40
494 [authfile.c monitor.c sftp-common.c sshpty.c]
495 cast some types for printing; ok markus@
498 - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
501 - (djm) Use VIS_SAFE on logged strings rather than default strnvis
502 encoding (which encodes many more characters)
504 - jmc@cvs.openbsd.org 2003/05/20 12:03:35
506 - new sentence, new line
510 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
511 [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
512 new sentence, new line
513 - djm@cvs.openbsd.org 2003/05/23 08:29:30
518 - (djm) OpenBSD CVS Sync
519 - deraadt@cvs.openbsd.org 2003/05/18 23:22:01
521 use syslog_r() in a signal handler called place; markus ok
522 - (djm) Configure logic to detect syslog_r and friends
525 - (djm) Sync auth-pam.h with what we actually implement
528 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
530 - (djm) OpenBSD CVS Sync
531 - djm@cvs.openbsd.org 2003/05/16 03:27:12
532 [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
533 add AddressFamily option to ssh_config (like -4, -6 on commandline).
534 Portable bug #534; ok markus@
535 - itojun@cvs.openbsd.org 2003/05/17 03:25:58
537 just in case, put numbers to sscanf %s arg.
538 - markus@cvs.openbsd.org 2003/05/17 04:27:52
539 [cipher.c cipher-ctr.c myproposal.h]
540 experimental support for aes-ctr modes from
541 http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
543 - (djm) Remove IPv4 by default hack now that we can specify AF in config
544 - (djm) Tidy and trim TODO
545 - (djm) Sync openbsd-compat/ with OpenBSD CVS head
546 - (djm) Big KNF on openbsd-compat/
547 - (djm) KNF on md5crypt.[ch]
548 - (djm) KNF on auth-sia.[ch]
551 - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
554 - (djm) OpenBSD CVS Sync
555 - djm@cvs.openbsd.org 2003/05/15 13:52:10
557 Make "ssh -V" print the OpenSSL version in a human readable form. Patch
558 from Craig Leres (mindrot at ee.lbl.gov); ok markus@
559 - jakob@cvs.openbsd.org 2003/05/15 14:02:47
560 [readconf.c servconf.c]
561 warn for unsupported config option. ok markus@
562 - markus@cvs.openbsd.org 2003/05/15 14:09:21
564 fix 64bit issue; report itojun@
565 - djm@cvs.openbsd.org 2003/05/15 14:55:25
566 [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
567 add a ConnectTimeout option to ssh, based on patch from
568 Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
569 - (djm) Add warning for UsePAM when built without PAM support
570 - (djm) A few type mismatch fixes from Bug #565
571 - (djm) Guard free_pam_environment against NULL argument. Works around
572 HP/UX PAM problems debugged by dtucker
575 - (djm) OpenBSD CVS Sync
576 - jmc@cvs.openbsd.org 2003/05/14 13:11:56
580 - jakob@cvs.openbsd.org 2003/05/14 18:16:20
581 [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
582 [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
583 add experimental support for verifying hos keys using DNS as described
584 in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
585 ok markus@ and henning@
586 - markus@cvs.openbsd.org 2003/05/14 22:24:42
587 [clientloop.c session.c ssh.1]
588 allow to send a BREAK to the remote system; ok various
589 - markus@cvs.openbsd.org 2003/05/15 00:28:28
591 cleanup unregister of per-method packet handlers; ok djm@
592 - jakob@cvs.openbsd.org 2003/05/15 01:48:10
593 [readconf.c readconf.h servconf.c servconf.h]
594 always parse kerberos options. ok djm@ markus@
595 - jakob@cvs.openbsd.org 2003/05/15 02:27:15
597 add missing freerrset
598 - markus@cvs.openbsd.org 2003/05/15 03:08:29
599 [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
600 split out custom EVP ciphers
601 - djm@cvs.openbsd.org 2003/05/15 03:10:52
603 avoid warning; ok jakob@
604 - mouring@cvs.openbsd.org 2003/05/15 03:39:07
606 Make put/get (globed and nonglobed) code more consistant. OK djm@
607 - mouring@cvs.openbsd.org 2003/05/15 03:43:59
609 Teach ls how to display multiple column display and allow users
610 to return to single column format via 'ls -1'. OK @djm
611 - jakob@cvs.openbsd.org 2003/05/15 04:08:44
612 [readconf.c servconf.c]
613 disable kerberos when not supported. ok markus@
614 - markus@cvs.openbsd.org 2003/05/15 04:08:41
617 - (djm) Always parse UsePAM
618 - (djm) Configure glue for DNS support (code doesn't work in portable yet)
619 - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
620 - (djm) Tidy Makefile clean targets
621 - (djm) Adapt README.dns for portable
622 - (djm) Avoid uuencode.c warnings
623 - (djm) Enable UsePAM when built --with-pam
624 - (djm) Only build getrrsetbyname replacement when using --with-dns
625 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
627 - (djm) Bug #444: Wrong paths after reconfigure
628 - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
631 - (djm) Bug #117: Don't lie to PAM about username
632 - (djm) RCSID sync w/ OpenBSD
633 - (djm) OpenBSD CVS Sync
634 - djm@cvs.openbsd.org 2003/04/09 12:00:37
636 strip trailing whitespace from config lines before parsing.
637 Fixes bz 528; ok markus@
638 - markus@cvs.openbsd.org 2003/04/12 10:13:57
640 hide cipher details; ok djm@
641 - markus@cvs.openbsd.org 2003/04/12 10:15:36
644 - naddy@cvs.openbsd.org 2003/04/12 11:40:15
646 document -V switch, fix wording; ok markus@
647 - markus@cvs.openbsd.org 2003/04/14 14:17:50
648 [channels.c sshconnect.c sshd.c ssh-keyscan.c]
649 avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
650 - mouring@cvs.openbsd.org 2003/04/14 21:31:27
652 Missing globfree(&g) in process_put() spotted by Vince Brimhall
653 <VBrimhall@novell.com>. ok@ Theo
654 - markus@cvs.openbsd.org 2003/04/16 14:35:27
656 document struct Authctxt; with solar
657 - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
659 -t in usage(); rogier@quaak.org
660 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
661 [sshd.8 sshd_config.5]
662 Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
663 Bug #550 and * escaping suggested by jmc@.
664 - david@cvs.openbsd.org 2003/04/30 20:41:07
666 fix invalid .Pf macro usage introduced in previous commit
668 - markus@cvs.openbsd.org 2003/05/11 16:56:48
669 [authfile.c ssh-keygen.c]
670 change key_load_public to try to read a public from:
671 rsa1 private or rsa1 public and ssh2 keys.
672 this makes ssh-keygen -e fail for ssh1 keys more gracefully
673 for example; report from itojun (netbsd pr 20550).
674 - markus@cvs.openbsd.org 2003/05/11 20:30:25
675 [channels.c clientloop.c serverloop.c session.c ssh.c]
676 make channel_new() strdup the 'remote_name' (not the caller); ok theo
677 - markus@cvs.openbsd.org 2003/05/12 16:55:37
679 for pubkey authentication try the user keys in the following order:
680 1. agent keys that are found in the config file
682 3. keys that are only listed in the config file
683 this helps when an agent has many keys, where the server might
684 close the connection before the correct key is used. report & ok pb@
685 - markus@cvs.openbsd.org 2003/05/12 18:35:18
687 typo: DSA keys are of type ssh-dss; Brian Poole
688 - markus@cvs.openbsd.org 2003/05/14 00:52:59
690 ranges for per auth method messages
691 - djm@cvs.openbsd.org 2003/05/14 01:00:44
693 emphasise the batchmode functionality and make reference to pubkey auth,
694 both of which are FAQs; ok markus@
695 - markus@cvs.openbsd.org 2003/05/14 02:15:47
696 [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
697 implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
698 server interops with commercial client; ok jakob@ djm@
699 - jmc@cvs.openbsd.org 2003/05/14 08:25:39
701 - better formatting in SYNOPSIS
704 - markus@cvs.openbsd.org 2003/05/14 08:57:49
706 http://bugzilla.mindrot.org/show_bug.cgi?id=560
707 Privsep child continues to run after monitor killed.
708 Pass monitor signals through to child; Darren Tucker
709 - (djm) Make portable build with MIT krb5 (some issues remain)
710 - (djm) Add new UsePAM configuration directive to allow runtime control
711 over usage of PAM. This allows non-root use of sshd when built with
713 - (djm) Die screaming if start_pam() is called when UsePAM=no
714 - (djm) Avoid KrbV leak for MIT Kerberos
715 - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
716 - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
719 - (djm) Redhat spec: Don't install profile.d scripts when not
720 building with GNOME/GTK askpass (patch from bet@rahul.net)
723 - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
724 "make install". Patch by roth@feep.net.
725 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
726 problem on Linux (fixes "could not set controlling tty" errors).
727 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
728 proper challenge-response module
729 - (djm) 2-clause license on loginrec.c, with permission from
733 - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
734 Patch from vinschen@redhat.com.
737 - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
741 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
742 privsep should now work.
743 - (dtucker) Move handling of bad password authentications into a platform
744 specific record_failed_login() function (affects AIX & Unicos). ok mouring@
747 - (djm) Add back radix.o (used by AFS support), after it went missing from
748 Makefile many moons ago
749 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
750 - (djm) Fix blibpath specification for AIX/gcc
751 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
754 - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
758 - (bal) Bug #541: return; was dropped by mistake. Reported by
760 - (bal) Since we don't support platforms lacking u_int_64. We may
761 as well clean out some of those evil #ifdefs
762 - (bal) auth1.c minor resync while looking at the code.
763 - (bal) auth2.c same changed as above.
766 - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
767 from matth@eecs.berkeley.edu
768 - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
769 - (djm) OpenBSD CVS Sync
770 - markus@cvs.openbsd.org 2003/04/02 09:48:07
771 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
772 [readconf.h serverloop.c sshconnect2.c]
773 reapply rekeying chage, tested by henning@, ok djm@
774 - markus@cvs.openbsd.org 2003/04/02 14:36:26
776 potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
777 - itojun@cvs.openbsd.org 2003/04/03 07:25:27
780 - itojun@cvs.openbsd.org 2003/04/03 10:17:35
782 remove $OpenBSD$, as other *.c does not have it.
783 - markus@cvs.openbsd.org 2003/04/07 08:29:57
785 typo: get correct counters; introduced during rekeying change.
786 - millert@cvs.openbsd.org 2003/04/07 21:58:05
788 The UCB copyright here is incorrect. This code did not originate
789 at UCB, it was written by Luke Mewburn. Updated the copyright at
790 the author's request. markus@ OK
791 - itojun@cvs.openbsd.org 2003/04/08 20:21:29
793 rename log() into logit() to avoid name conflict. markus ok, from
795 - (djm) XXX - Performed locally using:
796 "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
797 - hin@cvs.openbsd.org 2003/04/09 08:23:52
799 Don't include <krb.h> when compiling with Kerberos 5 support
800 - (djm) Fix up missing include for packet.c
801 - (djm) Fix missed log => logit occurance (reference by function pointer)
804 - (bal) if IP_TOS is not found or broken don't try to compile in
805 packet_set_tos() function call. bug #527
808 - (djm) OpenBSD CVS Sync
809 - jmc@cvs.openbsd.org 2003/03/28 10:11:43
810 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
811 [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
813 - new sentence new line
816 - markus@cvs.openbsd.org 2003/04/01 10:10:23
817 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
818 [readconf.h serverloop.c sshconnect2.c]
819 rekeying bugfixes and automatic rekeying:
820 * both client and server rekey _automatically_
821 (a) after 2^31 packets, because after 2^32 packets
822 the sequence number for packets wraps
823 (b) after 2^(blocksize_in_bits/4) blocks
824 (see: draft-ietf-secsh-newmodes-00.txt)
825 (a) and (b) are _enabled_ by default, and only disabled for known
826 openssh versions, that don't support rekeying properly.
827 * client option 'RekeyLimit'
828 * do not reply to requests during rekeying
829 - markus@cvs.openbsd.org 2003/04/01 10:22:21
830 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
831 [readconf.h serverloop.c sshconnect2.c]
832 backout rekeying changes (for 3.6.1)
833 - markus@cvs.openbsd.org 2003/04/01 10:31:26
834 [compat.c compat.h kex.c]
835 bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
836 tested by ho@ and myself
837 - markus@cvs.openbsd.org 2003/04/01 10:56:46
840 - (djm) Crank spec file versions
841 - (djm) Release 3.6.1p1
844 - (djm) OpenBSD CVS Sync
845 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
847 one last fix to the tree: race fix broke stuff; pr 3169;
848 srp@srparish.net, help from djm
851 - (djm) Fix getpeerid support for 64 bit BE systems. From
852 Arnd Bergmann <arndb@de.ibm.com>
855 - (djm) OpenBSD CVS Sync
856 - markus@cvs.openbsd.org 2003/03/23 19:02:00
858 unbreak rekeying for privsep; ok millert@
860 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
861 Report from murple@murple.net, diagnosis from dtucker@zip.com.au