2 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
3 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
4 openbsd-compat/Makefile.in] support compression on platforms that
5 have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
6 Based on patch from nalin@redhat.com of code extracted from Owl's package
7 - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
8 report by chris@by-design.net
11 - (tim) [Makefile.in] quiet down install-files: and check-user:
12 - (tim) [configure.ac] remove unused filepriv line
15 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
16 on /var/empty to 755 Patch by vinschen@redhat.com
17 - (bal) OpenBSD CVS Sync
18 - itojun@cvs.openbsd.org 2002/07/09 11:56:50
20 silently try next address on connect(2). markus ok
21 - itojun@cvs.openbsd.org 2002/07/09 11:56:27
23 suppress log on reverse lookup failiure, as there's no real value in
26 - itojun@cvs.openbsd.org 2002/07/09 12:04:02
28 ed static function (less warnings)
29 - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
31 clarify no preference ordering in protocol list; ok markus@
32 - itojun@cvs.openbsd.org 2002/07/10 10:28:15
34 bark if all connection attempt fails.
35 - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
37 use right sizeof in memcpy; markus ok
40 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
41 lacking that concept can share it. Patch by vinschen@redhat.com
44 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
45 work in a jumpstart environment. patch by kbrint@rufus.net
46 - (tim) [Makefile.in] workaround for broken pakadd on some systems.
47 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
51 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
52 - (tim) [acconfig.h configure.ac sshd.c]
53 s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
54 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
55 patch from vinschen@redhat.com
56 - (bal) [realpath.c] Updated with OpenBSD tree.
57 - (bal) OpenBSD CVS Sync
58 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
59 [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
60 patch memory leaks; grendel@zeitbombe.org
61 - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
63 blah blah minor nothing as i read and re-read and re-read...
64 - markus@cvs.openbsd.org 2002/07/04 10:41:47
65 [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
66 don't allocate, copy, and discard if there is not interested in the data;
68 - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
71 - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
73 KNF, realloc fix, and clean usage
74 - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
77 - (bal) Minor KNF on ssh-keyscan.c
80 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
81 Reported by Darren Tucker <dtucker@zip.com.au>
82 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
83 from vinschen@redhat.com
86 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
87 faster data rate) Bug #124
88 - (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
90 - (bal) One too many nulls in ports-aix.c
93 - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
94 - (bal) minor correction to utimes() replacement. Patch by
97 - markus@cvs.openbsd.org 2002/06/27 08:49:44
98 [dh.c ssh-keyscan.c sshconnect.c]
99 more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
100 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
102 improve mm_zalloc check; markus ok
103 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
104 [auth2-none.c monitor.c sftp-client.c]
106 - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
108 use convtime(); ok markus@
109 - millert@cvs.openbsd.org 2002/06/28 01:49:31
111 tree(3) wants an int return value for its compare functions and
112 the difference between two pointers is not an int. Just do the
113 safest thing and store the result in a long and then return 0,
114 -1, or 1 based on that result.
115 - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
118 - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
120 range check -u option at invocation
121 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
123 gidset[2] -> gidset[1]; markus ok
124 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
125 [auth2.c session.c sshd.c]
126 lint asks that we use names that do not overlap
127 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
128 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
129 monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
130 sshconnect2.c sshd.c]
132 - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
135 - markus@cvs.openbsd.org 2002/07/01 19:48:46
137 for compression=yes, we fallback to no-compression if the server does
138 not support compression, vice versa for compression=no. ok mouring@
139 - markus@cvs.openbsd.org 2002/07/03 09:55:38
141 use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
142 in order to avoid a possible Kocher timing attack pointed out by Charles
144 - markus@cvs.openbsd.org 2002/07/03 14:21:05
145 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
146 re-enable ssh-keysign's sbit, but make ssh-keysign read
147 /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
148 globally. based on discussions with deraadt, itojun and sommerfeld;
150 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
151 - (bal) Missed Makefile.in change. keysign needs readconf.o
152 - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
155 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
156 friends consistently. Spotted by Solar Designer <solar@openwall.com>
159 - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style
160 clean up while I'm near it.
163 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
164 options should contain default value. from solar.
165 - (bal) Cygwin uid0 fix by vinschen@redhat.com
166 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise
167 have issues of our fixes not propogating right (ie bcopy instead of
169 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
174 - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
177 - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
179 use ssize_t for recvmsg() and sendmsg() return
180 - markus@cvs.openbsd.org 2002/06/26 14:51:33
182 fix exit code for -X/-x
183 - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
186 - markus@cvs.openbsd.org 2002/06/26 22:27:32
188 bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
191 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
192 - (bal) OpenBSD CVS Sync
193 - markus@cvs.openbsd.org 2002/06/23 21:34:07
196 - markus@cvs.openbsd.org 2002/06/24 13:12:23
198 the socket name contains ssh-agent's ppid; via mpech@ from form@
199 - markus@cvs.openbsd.org 2002/06/24 14:33:27
200 [channels.c channels.h clientloop.c serverloop.c]
201 move channel counter to u_int
202 - markus@cvs.openbsd.org 2002/06/24 14:55:38
203 [authfile.c kex.c ssh-agent.c]
204 cat to (void) when output from buffer_get_X is ignored
205 - itojun@cvs.openbsd.org 2002/06/24 15:49:22
208 - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
209 [sftp-server.c sshpty.c]
210 explicit (u_int) for uid and gid
211 - markus@cvs.openbsd.org 2002/06/25 16:22:42
214 - markus@cvs.openbsd.org 2002/06/25 18:51:04
216 lightweight do_setusercontext after chroot()
217 - (bal) Updated AIX package build. Patch by dtucker@zip.com.au
218 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
219 - (bal) added back in error check for mmap(). I screwed up, Pointed
221 - (tim) [README.privsep] UnixWare tip no longer needed.
222 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
223 but it all damned lies.
224 - (stevesk) [README.privsep] more for sshd pseudo-account.
225 - (tim) [contrib/caldera/openssh.spec] add support for privsep
226 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
227 - (djm) OpenBSD CVS Sync
228 - markus@cvs.openbsd.org 2002/06/26 08:53:12
230 limit size of BNs to 8KB; ok provos/deraadt
231 - markus@cvs.openbsd.org 2002/06/26 08:54:18
233 limit append to 1MB and buffers to 10MB
234 - markus@cvs.openbsd.org 2002/06/26 08:55:02
236 limit # of channels to 10000
237 - markus@cvs.openbsd.org 2002/06/26 08:58:26
239 limit # of env vars to 1000; ok deraadt/djm
240 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
242 be careful in mm_zalloc
243 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
245 disclose less information from environment files; based on input
246 from djm, and dschultz@uclink.Berkeley.EDU
247 - markus@cvs.openbsd.org 2002/06/26 13:55:37
249 make sure # of response matches # of queries, fixes int overflow;
251 - markus@cvs.openbsd.org 2002/06/26 13:56:27
254 - (djm) Require krb5 devel for RPM build w/ KrbV
255 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
257 - (djm) Update spec files for release
258 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
259 - (djm) Release 3.4p1
260 - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in
264 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
265 - (stevesk) [README.privsep] minor updates
266 - (djm) Create privsep directory and warn if privsep user is missing
268 - (bal) Started list of PrivSep issues in TODO
269 - (bal) if mmap() is substandard, don't allow compression on server side.
270 Post 'event' we will add more options.
271 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
272 - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
274 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
275 for Cygwin, Cray, & SCO
279 - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
282 - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
285 - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
286 [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
288 various KNF and %d for unsigned
289 - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
290 [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
292 bunch of u_int vs int stuff
293 - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
296 - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
297 [bufaux.c servconf.c]
298 minor KNF. things the fingers do while you read
299 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
301 some minor KNF and %u
302 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
304 compression_level is u_int
305 - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
308 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
309 [channels.c channels.h session.c session.h]
310 display, screen, row, col, xpixel, ypixel are u_int; markus ok
311 - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
313 packet_get_int() returns unsigned for reason & seqnr
314 - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
319 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
320 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
321 - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
323 - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
326 - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
328 section 5 not 4 for ssh_config
329 - naddy@cvs.openbsd.org 2002/06/22 11:51:39
332 - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
334 add /var/empty in FILES section
335 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
337 check /var/empty owner mode; ok provos@
338 - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
341 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
342 [ssh-agent.1 sshd.8 sshd_config.5]
343 use process ID vs. pid/PID/process identifier
344 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
346 don't call setsid() if debugging or run from inetd; no "Operation not
347 permitted" errors now; ok millert@ markus@
348 - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
350 save auth method before monitor_reset_key_state(); bugzilla bug #284;
354 - (djm) Update README.privsep; spotted by fries@
355 - (djm) Release 3.3p1
356 - (bal) getopt now can be staticly compiled on those platforms missing
357 optreset. Patch by binder@arago.de
361 - djm@cvs.openbsd.org 2002/06/21 05:50:51
363 Don't initialise compression buffers when compression=no in sshd_config;
365 - ID sync for auth-passwd.c
366 - (djm) Warn and disable compression on platforms which can't handle both
367 useprivilegeseparation=yes and compression=yes
368 - (djm) contrib/redhat/openssh.spec hacking:
369 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
370 - Add new {ssh,sshd}_config.5 manpages
371 - Add new ssh-keysign program and remove setuid from ssh client
374 - (bal) Fixed AIX environment handling, use setpcred() instead of existing
375 code. (Bugzilla Bug 261)
376 - (bal) OpenBSD CVS Sync
377 - todd@cvs.openbsd.org 2002/06/14 21:35:00
379 spelling; from Brian Poole <raj@cerias.purdue.edu>
380 - markus@cvs.openbsd.org 2002/06/15 00:01:36
381 [authfd.c authfd.h ssh-add.c ssh-agent.c]
382 break agent key lifetime protocol and allow other contraints for key
384 - markus@cvs.openbsd.org 2002/06/15 00:07:38
385 [authfd.c authfd.h ssh-add.c ssh-agent.c]
387 - markus@cvs.openbsd.org 2002/06/15 01:27:48
388 [authfd.c authfd.h ssh-add.c ssh-agent.c]
389 remove the CONSTRAIN_IDENTITY messages and introduce a new
390 ADD_ID message with contraints instead. contraints can be
391 only added together with the private key.
392 - itojun@cvs.openbsd.org 2002/06/16 21:30:58
394 use TAILQ_xx macro. from lukem@netbsd. markus ok
395 - deraadt@cvs.openbsd.org 2002/06/17 06:05:56
397 make usage like man page
398 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
399 [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
400 authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
401 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
402 ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
404 KNF done automatically while reading....
405 - markus@cvs.openbsd.org 2002/06/19 18:01:00
406 [cipher.c monitor.c monitor_wrap.c packet.c packet.h]
407 make the monitor sync the transfer ssh1 session key;
408 transfer keycontext only for RC4 (this is still depends on EVP
409 implementation details and is broken).
410 - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
412 move configuration file options from ssh.1/sshd.8 to
413 ssh_config.5/sshd_config.5; ok deraadt@ millert@
414 - stevesk@cvs.openbsd.org 2002/06/20 20:00:05
417 - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
418 [ssh_config sshd_config]
419 refer to config file man page
420 - markus@cvs.openbsd.org 2002/06/20 23:05:56
421 [servconf.c servconf.h session.c sshd.c]
422 allow Compression=yes/no in sshd_config
423 - markus@cvs.openbsd.org 2002/06/20 23:37:12
426 - stevesk@cvs.openbsd.org 2002/05/25 20:40:08
428 missed Per Allansson (auth2-chall.c)
429 - (bal) Cygwin special handling of empty passwords wrong. Patch by
431 - (bal) Missed integrating ssh_config.5 and sshd_config.5
432 - (bal) Still more Makefile.in updates for ssh{d}_config.5
435 - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com
438 - (bal) OpenBSD CVS Sync
439 - markus@cvs.openbsd.org 2002/06/11 23:03:54
442 - markus@cvs.openbsd.org 2002/06/12 01:09:52
444 ssh_connect returns 0 on success
445 - (bal) Build noop setgroups() for cygwin to clean up code (For other
446 platforms without the setgroups() requirement, you MUST define
447 SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
448 - (bal) Some platforms don't have ONLCR (Notable Mint)
451 - (bal) ssh-agent.c RCSD fix (|unexpand already done)
452 - (bal) OpenBSD CVS Sync
453 - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
455 update for no setuid root and ssh-keysign; ok deraadt@
456 - itojun@cvs.openbsd.org 2002/06/09 22:17:21
458 pass salen to sockaddr_ntop so that we are happy on linux/solaris
459 - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
460 [auth-rsa.c ssh-rsa.c]
461 display minimum RSA modulus in error(); ok markus@
462 - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
464 merge in stuff from my man page; ok markus@
465 - stevesk@cvs.openbsd.org 2002/06/10 17:36:23
466 [ssh-add.1 ssh-add.c]
467 use convtime() to parse and validate key lifetime. can now
468 use '-t 2h' etc. ok markus@ provos@
469 - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
471 change RhostsRSAAuthentication and RhostsAuthentication default to no
472 since ssh is no longer setuid root by default; ok markus@
473 - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
475 update defaults for RhostsRSAAuthentication and RhostsAuthentication
476 here too (all options commented out with default value).
477 - markus@cvs.openbsd.org 2002/06/10 22:28:41
478 [channels.c channels.h session.c]
479 move creation of agent socket to session.c; no need for uidswapping
481 - markus@cvs.openbsd.org 2002/06/11 04:14:26
482 [ssh.c sshconnect.c sshconnect.h]
483 no longer use uidswap.[ch] from the ssh client
484 run less code with euid==0 if ssh is installed setuid root
485 just switch the euid, don't switch the complete set of groups
486 (this is only needed by sshd). ok provos@
487 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
488 [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
489 pid_t cleanup. Markus need this now to keep hacking.
491 - itojun@cvs.openbsd.org 2002/06/11 08:11:45
493 use "ntop" only after initialized
494 - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
498 - (bal) OpenBSD CVS Sync
499 - markus@cvs.openbsd.org 2002/06/08 05:07:56
502 - markus@cvs.openbsd.org 2002/06/08 05:07:09
504 only accept 20 byte session ids
505 - markus@cvs.openbsd.org 2002/06/08 05:17:01
506 [readconf.c readconf.h ssh.1 ssh.c]
507 deprecate FallBackToRsh and UseRsh; patch from djm@
508 - markus@cvs.openbsd.org 2002/06/08 05:40:01
510 just warn about Deprecated options for now
511 - markus@cvs.openbsd.org 2002/06/08 05:41:18
513 remove FallBackToRsh/UseRsh
514 - markus@cvs.openbsd.org 2002/06/08 12:36:53
517 - markus@cvs.openbsd.org 2002/06/08 12:46:14
519 silently ignore deprecated options, since FallBackToRsh might be passed
520 by remote scp commands.
521 - itojun@cvs.openbsd.org 2002/06/08 21:15:27
523 always use getnameinfo. (diag message only)
524 - markus@cvs.openbsd.org 2002/06/09 04:33:27
527 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
528 sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
532 - (bal) Removed --{enable/disable}-suid-ssh
533 - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au
534 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
535 Bertrand.Velle@apogee-com.fr
538 - (bal) OpenBSD CVS Sync
539 - markus@cvs.openbsd.org 2002/05/15 21:56:38
540 [servconf.c sshd.8 sshd_config]
541 re-enable privsep and disable setuid for post-3.2.2
542 - markus@cvs.openbsd.org 2002/05/16 22:02:50
543 [cipher.c kex.h mac.c]
544 fix warnings (openssl 0.9.7 requires const)
545 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
547 don't limit xauth pathlen on client side and longer print length on
548 server when debug; ok markus@
549 - deraadt@cvs.openbsd.org 2002/05/19 20:54:52
551 extra commas in enum not 100% portable
552 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
554 spelling; abishoff@arc.nasa.gov
555 - markus@cvs.openbsd.org 2002/05/23 19:24:30
556 [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
557 sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
558 add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
559 authentication in protocol v2 (needs to access the hostkeys).
560 - markus@cvs.openbsd.org 2002/05/23 19:39:34
562 add comment about ssh-keysign
563 - markus@cvs.openbsd.org 2002/05/24 08:45:14
565 stat ssh-keysign first, print error if stat fails;
566 some debug->error; fix comment
567 - markus@cvs.openbsd.org 2002/05/25 08:50:39
569 execlp->execl; from stevesk
570 - markus@cvs.openbsd.org 2002/05/25 18:51:07
571 [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
572 auth2-passwd.c auth2-pubkey.c Makefile.in]
573 split auth2.c into one file per method; ok provos@/deraadt@
574 - stevesk@cvs.openbsd.org 2002/05/26 20:35:10
576 sort ChallengeResponseAuthentication; ok markus@
577 - stevesk@cvs.openbsd.org 2002/05/28 16:45:27
579 print strerror(errno) on mmap/munmap error; ok markus@
580 - stevesk@cvs.openbsd.org 2002/05/28 17:28:02
582 format spec change/casts and some KNF; ok markus@
583 - stevesk@cvs.openbsd.org 2002/05/28 21:24:00
585 use correct function name in fatal()
586 - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
589 - markus@cvs.openbsd.org 2002/05/29 11:21:57
591 don't start if privsep is enabled and SSH_PRIVSEP_USER or
592 _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
593 - markus@cvs.openbsd.org 2002/05/30 08:07:31
595 use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
596 our own implementation. allow use of AES hardware via libcrypto,
598 - markus@cvs.openbsd.org 2002/05/31 10:30:33
600 extent ssh-keysign protocol:
601 pass # of socket-fd to ssh-keysign, keysign verfies locally used
602 ip-address using this socket-fd, restricts fake local hostnames
603 to actual local hostnames; ok stevesk@
604 - markus@cvs.openbsd.org 2002/05/31 11:35:15
606 move Authmethod definitons to per-method file.
607 - markus@cvs.openbsd.org 2002/05/31 13:16:48
610 key_verify returns 1 for a correct signature, 0 for an incorrect signature
612 - markus@cvs.openbsd.org 2002/05/31 13:20:50
614 pad received signature with leading zeros, because RSA_verify expects
615 a signature of RSA_size. the drafts says the signature is transmitted
616 unpadded (e.g. putty does not pad), reported by anakin@pobox.com
617 - deraadt@cvs.openbsd.org 2002/06/03 12:04:07
619 compatiblity -> compatibility
620 decriptor -> descriptor
621 authentciated -> authenticated
622 transmition -> transmission
623 - markus@cvs.openbsd.org 2002/06/04 19:42:35
625 only allow enabled authentication methods; ok provos@
626 - markus@cvs.openbsd.org 2002/06/04 19:53:40
628 save the session id (hash) for ssh2 (it will be passed with the
629 initial sign request) and verify that this value is used during
630 authentication; ok provos@
631 - markus@cvs.openbsd.org 2002/06/04 23:02:06
634 - markus@cvs.openbsd.org 2002/06/04 23:05:49
635 [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
636 __FUNCTION__ -> __func__
637 - markus@cvs.openbsd.org 2002/06/05 16:08:07
638 [ssh-agent.1 ssh-agent.c]
639 '-a bind_address' binds the agent to user-specified unix-domain
640 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
641 - markus@cvs.openbsd.org 2002/06/05 16:08:07
642 [ssh-agent.1 ssh-agent.c]
643 '-a bind_address' binds the agent to user-specified unix-domain
644 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
645 - markus@cvs.openbsd.org 2002/06/05 16:48:54
647 copy current request into an extra buffer and just flush this
648 request on errors, ok provos@
649 - markus@cvs.openbsd.org 2002/06/05 19:57:12
650 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
651 ssh-add -x for lock and -X for unlocking the agent.
652 todo: encrypt private keys with locked...
653 - markus@cvs.openbsd.org 2002/06/05 20:56:39
656 - markus@cvs.openbsd.org 2002/06/05 21:55:44
657 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
658 ssh-add -t life, Set lifetime (in seconds) when adding identities;
660 - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
662 no trailing comma in enum; china@thewrittenword.com
663 - markus@cvs.openbsd.org 2002/06/06 17:12:44
665 discard remaining bytes of current request; ok provos@
666 - markus@cvs.openbsd.org 2002/06/06 17:30:11
668 use get_int() macro (hide iqueue)
669 - (bal) Missed msg.[ch] in merge. Required for ssh-keysign.
670 - (bal) Forgot to add msg.c Makefile.in.
671 - (bal) monitor_mm.c typos.
672 - (bal) Refixed auth2.c. It was never fully commited while spliting out
673 authentication to different files.
674 - (bal) ssh-keysign should build and install correctly now. Phase two
675 would be to clean out any dead wood and disable ssh setuid on install.
676 - (bal) Reverse logic, use __func__ first since it's C99
679 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
680 setsockopt from debug to error for now).
683 - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
684 build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
685 last monitor_fdpass.c changes that are no longer needed with new tests.
686 Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
689 - (djm) Fix spelling mistakes, spotted by Solar Designer i
691 - Sync scard/ (not sure when it drifted)
692 - (djm) OpenBSD CVS Sync:
694 Fix typo/thinko. Pass in as to auth_approval(), not NULL.
697 - Crank RPM spec versions
700 - (stevesk) [sshd.c] bug 245; disable setsid() for now
701 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
704 - (tim) [configure.ac] remove extra MD5_MSG="no" line.
707 - (bal) CVS ID fix up on auth-passwd.c
708 - (bal) OpenBSD CVS Sync
709 - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
712 - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
714 move to sshd.sshd instead
715 - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
718 - itojun@cvs.openbsd.org 2002/05/13 02:37:39
719 [auth-skey.c auth2.c]
720 less warnings. skey_{respond,query} are public (in auth.h)
721 - markus@cvs.openbsd.org 2002/05/13 20:44:58
722 [auth-options.c auth.c auth.h]
723 move the packet_send_debug handling from auth-options.c to auth.c;
725 - millert@cvs.openbsd.org 2002/05/13 15:53:19
727 Call setsid() in the child after sshd accepts the connection and forks.
728 This is needed for privsep which calls setlogin() when it changes uids.
729 Without this, there is a race where the login name of an existing
730 connection, as returned by getlogin(), may be changed to the privsep
731 user (sshd). markus@ OK
732 - markus@cvs.openbsd.org 2002/05/13 21:26:49
734 handle debug messages during rhosts-rsa and hostbased authentication;
736 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
737 [kex.c monitor.c monitor_wrap.c sshd.c]
738 'monitor' variable clashes with at least one lame platform (NeXT). i
739 Renamed to 'pmonitor'. provos@
740 - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
741 [servconf.c sshd.8 sshd_config]
742 enable privsep by default; provos ok
743 - millert@cvs.openbsd.org 2002/05/06 23:34:33
745 Kill/adjust r(login|exec)d? references now that those are no longer in
747 - markus@cvs.openbsd.org 2002/05/15 21:02:53
748 [servconf.c sshd.8 sshd_config]
749 disable privsep and enable setuid for the 3.2.2 release
750 - (bal) Fixed up PAM case. I think.
751 - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
752 - (bal) OpenBSD CVS Sync
753 - markus@cvs.openbsd.org 2002/05/15 21:05:29
756 - (bal) Caldara, Suse, and Redhat openssh.specs updated.
759 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
760 - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
761 match what newer style ptys have when allocated. Based on a patch by
762 Roger Cornelius <rac@tenzing.org>
763 - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
764 - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
765 from PAM-enabled pragraph. UnixWare has no PAM.
766 - (tim) [contrib/caldera/openssh.spec] update version.
769 - (stevesk) add initial README.privsep
770 - (stevesk) [configure.ac] nicer message: --with-privsep-user=user
771 - (djm) Add --with-superuser-path=xxx configure option to specify
772 what $PATH the superuser receives.
773 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
774 - (djm) Add --with-privsep-path configure option
775 - (djm) Update RPM spec file: different superuser path, use
776 /var/empty/sshd for privsep
777 - (djm) Bug #234: missing readpassphrase declaration and defines
778 - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
782 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
783 Now only searches system and /usr/local/ssl (OpenSSL's default install path)
784 Others must use --with-ssl-dir=....
785 - (tim) [monitor_fdpass.c] fix for systems that have both
786 HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
787 has #define msg_accrights msg_control
790 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
791 check for root forced expire. Still don't check for inactive.
792 - (djm) Rework RedHat RPM files. Based on spec from Nalin
793 Dahyabhai <nalin@redhat.com> and patches from
794 Pekka Savola <pekkas@netcore.fi>
795 - (djm) Try to drop supplemental groups at daemon startup. Patch from
797 - (bal) Back all the way out of auth-passwd.c changes. Breaks too many
798 things that don't set pw->pw_passwd.
801 - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
804 - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
805 called. Report by Chris Maxwell <maxwell@cs.dal.ca>
806 - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
807 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
810 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
811 Add truncate() emulation to address Bug 208
814 - (djm) Unbreak auth-passwd.c for PAM and SIA
815 - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
817 - (djm) Don't reinitialise PAM credentials before we have started PAM.
818 Report from Pekka Savola <pekkas@netcore.fi>
821 - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
824 - (djm) Import OpenBSD regression tests. Requires BSD make to run
825 - (djm) Fix readpassphase compilation for systems which have it
828 - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
830 - (tim) [contrib/cygwin/README] remove reference to regex.
831 patch from Corinna Vinschen <vinschen@redhat.com>
834 - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
836 - (djm) Disable PAM password expiry until a complete fix for bug #188
838 - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
839 patch from openssh@misc.tecq.org
842 - (stevesk) [defines.h] remove USE_TIMEVAL; unused
843 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
844 support. bug #184. most from dcole@keysoftsys.com.
847 - (djm) OpenBSD CVS Sync
848 - markus@cvs.openbsd.org 2002/04/23 12:54:10
851 - djm@cvs.openbsd.org 2002/04/23 22:16:29
853 Improve error message; ok markus@ stevesk@
856 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
857 - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
858 - (markus) OpenBSD CVS Sync
859 - markus@cvs.openbsd.org 2002/04/23 12:58:26
861 send complete ticket; semerad@ss1000.ms.mff.cuni.cz
862 - (djm) Trim ChangeLog to include only post-3.1 changes
863 - (djm) Update RPM spec file versions
864 - (djm) Redhat spec enables KrbV by default
865 - (djm) Applied OpenSC smartcard updates from Markus &
866 Antti Tapaninen <aet@cc.hut.fi>
867 - (djm) Define BROKEN_REALPATH for AIX, patch from
868 Antti Tapaninen <aet@cc.hut.fi>
869 - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
870 Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
871 <phgrau@zedat.fu-berlin.de>
872 - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
873 Reported by Doug Manton <dmanton@emea.att.com>
874 - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
875 Robert Urban <urban@spielwiese.de>
876 - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
877 sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
878 <Matthew_Clarke@mindlink.bc.ca>
879 - (djm) Make privsep work with PAM (still experimental)
880 - (djm) OpenBSD CVS Sync
881 - deraadt@cvs.openbsd.org 2002/04/20 09:02:03
883 No, afs requires explicit enabling
884 - markus@cvs.openbsd.org 2002/04/20 09:14:58
886 add buffer_{get,put}_short
887 - markus@cvs.openbsd.org 2002/04/20 09:17:19
889 rewrite using the buffer_* API, fixes overflow; ok deraadt@
890 - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
892 document default AFSTokenPassing no; ok deraadt@
893 - stevesk@cvs.openbsd.org 2002/04/21 16:25:06
895 spelling in error message; ok markus@
896 - markus@cvs.openbsd.org 2002/04/22 06:15:47
898 fix check for overflow
899 - markus@cvs.openbsd.org 2002/04/22 16:16:53
900 [servconf.c sshd.8 sshd_config]
901 do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
902 - markus@cvs.openbsd.org 2002/04/22 21:04:52
903 [channels.c clientloop.c clientloop.h ssh.c]
904 request reply (success/failure) for -R style fwd in protocol v2,
905 depends on ordered replies.
906 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
909 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
910 entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
911 succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
914 - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
915 Sturle Sunde <sturle.sunde@usit.uio.no>
918 - (djm) Tell users to configure /dev/random support into OpenSSL in
920 - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
921 - (tim) [configure.ac] Issue warning on --with-default-path=/some_path
922 if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
925 - (djm) Unbreak "make install". Fix from Darren Tucker
927 - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
928 - (tim) [configure.ac] add tests for recvmsg and sendmsg.
929 [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
930 systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
933 - (djm) ssh-rand-helper improvements
934 - Add commandline debugging options
935 - Don't write binary data if stdout is a tty (use hex instead)
937 - (djm) Random number collection doc fixes from Ben
940 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
943 - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
944 - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
945 to -h on testing for /bin being symbolic link
946 - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
947 Corinna Vinschen <vinschen@redhat.com>
948 - (bal) disable privsep if no MAP_ANON. We can re-enable it
949 after the release when we can do more testing.
952 - (stevesk) [auth-sia.c] cleanup
953 - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
954 defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
955 openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
959 - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
960 - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net>
961 - (bal) OpenBSD CVS Sync
962 - markus@cvs.openbsd.org 2002/04/10 08:21:47
963 [auth1.c compat.c compat.h]
964 strip '@' from username only for KerbV and known broken clients,
966 - markus@cvs.openbsd.org 2002/04/10 08:56:01
969 - Added p1 to idenify Portable release version.
972 - (bal) Minor OpenSC updates. Fix up header locations and update
973 README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi>
976 - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
977 Future: we may want to test if fd passing works correctly.
978 - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
979 and no fd passing support.
980 - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
982 - (stevesk) remove configure support for poll.h; it was removed
983 from sshd.c a long time ago.
984 - (stevesk) --with-privsep-user; default sshd
985 - (stevesk) wrap munmap() with HAVE_MMAP also.
988 - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
989 <carsten.grohmann@dr-baldeweg.de>
990 - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
991 - (bal) OpenBSD CVS Sync
992 - djm@cvs.openbsd.org 2002/04/06 00:30:08
994 Fix occasional corruption on upload due to bad reuse of request
995 id, spotted by chombier@mac.com; ok markus@
996 - mouring@cvs.openbsd.org 2002/04/06 18:24:09
998 Fixes potental double // within path.
999 http://bugzilla.mindrot.org/show_bug.cgi?id=76
1000 - (bal) Slight update to OpenSC support. Better version checking. patch
1001 by Juha Yrjölä <jyrjola@cc.hut.fi>
1002 - (bal) Revered out of runtime IRIX detection of joblimits. Code is
1004 - (bal) Quiet down configure.ac if /bin/test does not exist.
1005 - (bal) We no longer use atexit()/xatexit()/on_exit()
1008 - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
1009 Juha Yrjölä <jyrjola@cc.hut.fi>
1010 - (bal) Minor documentation update to reflect smartcard library
1012 - (bal) Too many <sys/queue.h> issues. Remove all workarounds and
1013 using internal version only.
1014 - (bal) OpenBSD CVS Sync
1015 - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
1017 clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
1020 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
1021 auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
1022 - (bal) OpenBSD CVS Sync
1023 - markus@cvs.openbsd.org 2002/04/03 09:26:11
1024 [cipher.c myproposal.h]
1025 re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
1028 - (bal) Hand Sync of scp.c (reverted to upstream code)
1029 - deraadt@cvs.openbsd.org 2002/03/30 17:45:46
1032 - (bal) CVS ID sync of uidswap.c
1033 - (bal) OpenBSD CVS Sync (now for the real sync)
1034 - markus@cvs.openbsd.org 2002/03/27 22:21:45
1036 try to import keys with extra trailing === (seen with ssh.com <
1038 - markus@cvs.openbsd.org 2002/03/28 15:34:51
1040 do not call record_login twice (for use_privsep)
1041 - markus@cvs.openbsd.org 2002/03/29 18:59:32
1042 [session.c session.h]
1043 retrieve last login time before the pty is allocated, store per
1045 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
1047 RSA key modulus size minimum 768; ok markus@
1048 - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
1049 [auth-rsa.c ssh-rsa.c ssh.h]
1050 make RSA modulus minimum #define; ok markus@
1051 - markus@cvs.openbsd.org 2002/03/30 18:51:15
1052 [monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
1053 check waitpid for EINTR; based on patch from peter@ifm.liu.se
1054 - markus@cvs.openbsd.org 2002/04/01 22:02:16
1056 20480 is an upper limit for older server
1057 - markus@cvs.openbsd.org 2002/04/01 22:07:17
1059 fallback to stat if server does not support lstat
1060 - markus@cvs.openbsd.org 2002/04/02 11:49:39
1062 check $SHELL for -k and -d, too;
1063 http://bugzilla.mindrot.org/show_bug.cgi?id=199
1064 - markus@cvs.openbsd.org 2002/04/02 17:37:48
1066 always call log_init()
1067 - markus@cvs.openbsd.org 2002/04/02 20:11:38
1069 ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
1070 - (bal) mispelling in uidswap.c (portable only)
1073 - (stevesk) [monitor.c] PAM should work again; will *not* work with
1074 UsePrivilegeSeparation=yes.
1075 - (stevesk) [auth1.c] fix password auth for protocol 1 when
1076 !USE_PAM && !HAVE_OSF_SIA; merge issue.
1079 - (tim) [configure.ac] use /bin/test -L to work around broken builtin on
1081 - (tim) [sshconnect2.c] change uint32_t to u_int32_t
1084 - (stevesk) [configure.ac] remove header check for sys/ttcompat.h
1088 - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
1090 - (bal) OpenBSD CVS Sync
1091 - markus@cvs.openbsd.org 2002/03/26 11:34:49
1093 update to recent drafts
1094 - markus@cvs.openbsd.org 2002/03/26 11:37:05
1097 - markus@cvs.openbsd.org 2002/03/26 15:23:40
1099 do not talk about packets in bufaux
1100 - rees@cvs.openbsd.org 2002/03/26 18:46:59
1102 try_AUT0 in read_pubkey too, for those paranoid few who want to
1104 - markus@cvs.openbsd.org 2002/03/26 22:50:39
1106 CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
1107 - markus@cvs.openbsd.org 2002/03/26 23:13:03
1109 disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
1110 - markus@cvs.openbsd.org 2002/03/26 23:14:51
1112 generate a new cookie for each SSH2_MSG_KEXINIT message we send out
1113 - mouring@cvs.openbsd.org 2002/03/27 11:45:42
1115 monitor_allowed_key() returns int instead of pointer. ok markus@
1118 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
1119 - (bal) OpenBSD CVS Sync
1120 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
1122 setproctitle() after preauth child; ok markus@
1123 - markus@cvs.openbsd.org 2002/03/24 16:00:27
1126 - markus@cvs.openbsd.org 2002/03/24 16:01:13
1128 debug->debug3 for extra padding
1129 - stevesk@cvs.openbsd.org 2002/03/24 17:27:03
1132 - stevesk@cvs.openbsd.org 2002/03/24 17:53:16
1134 minor cleanup and more error checking; ok markus@
1135 - markus@cvs.openbsd.org 2002/03/24 18:05:29
1137 we need to figure out AUT0 for sc_private_encrypt, too
1138 - stevesk@cvs.openbsd.org 2002/03/24 23:20:00
1140 remove "\n" from fatal()
1141 - markus@cvs.openbsd.org 2002/03/25 09:21:13
1143 return 0 (not NULL); tomh@po.crl.go.jp
1144 - markus@cvs.openbsd.org 2002/03/25 09:25:06
1147 - markus@cvs.openbsd.org 2002/03/25 17:34:27
1148 [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
1149 change sc_get_key to sc_get_keys and hide smartcard details in scard.c
1150 - stevesk@cvs.openbsd.org 2002/03/25 20:12:10
1151 [monitor_mm.c monitor_wrap.c]
1152 ssize_t args use "%ld" and cast to (long)
1153 size_t args use "%lu" and cast to (u_long)
1154 ok markus@ and thanks millert@
1155 - markus@cvs.openbsd.org 2002/03/25 21:04:02
1157 simplify num_identity_files handling
1158 - markus@cvs.openbsd.org 2002/03/25 21:13:51
1159 [channels.c channels.h compat.c compat.h nchan.c]
1160 don't send stderr data after EOF, accept this from older known
1161 (broken) sshd servers only, fixes
1162 http://bugzilla.mindrot.org/show_bug.cgi?id=179
1163 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01
1164 [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
1168 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
1169 it can be removed. only used on solaris. will no longer compile with
1173 - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
1174 - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
1175 - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
1176 - (stevesk) [monitor_fdpass.c] support for access rights style file
1178 - (stevesk) [auth2.c] merge cleanup/sync
1179 - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
1180 is missing CMSG_LEN() and CMSG_SPACE() macros.
1181 - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
1182 platforms may need this--I'm not sure. mmap() issues will need to be
1184 - (tim) [cipher.c] fix problem with OpenBSD sync
1185 - (stevesk) [LICENCE] OpenBSD sync
1188 - (bal) OpenBSD CVS Sync
1189 - itojun@cvs.openbsd.org 2002/03/08 06:10:16
1191 printf type mismatch
1192 - itojun@cvs.openbsd.org 2002/03/11 03:18:49
1194 correct type mismatches (u_int64_t != unsigned long long)
1195 - itojun@cvs.openbsd.org 2002/03/11 03:19:53
1198 - markus@cvs.openbsd.org 2002/03/14 15:24:27
1200 don't trust size sent by (rogue) server; noted by
1201 s.esser@e-matters.de
1202 - markus@cvs.openbsd.org 2002/03/14 16:38:26
1204 split out ssh1 session key decryption; ok provos@
1205 - markus@cvs.openbsd.org 2002/03/14 16:56:33
1206 [auth-rh-rsa.c auth-rsa.c auth.h]
1207 split auth_rsa() for better readability and privsep; ok provos@
1208 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
1210 fix file type checking (use S_ISREG). ok by markus
1211 - markus@cvs.openbsd.org 2002/03/16 11:24:53
1213 skip inflateEnd if inflate fails; ok provos@
1214 - markus@cvs.openbsd.org 2002/03/16 17:22:09
1215 [auth-rh-rsa.c auth.h]
1216 split auth_rhosts_rsa(), ok provos@
1217 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
1219 BSD license. from Daniel Kouril via Dug Song. ok markus@
1220 - provos@cvs.openbsd.org 2002/03/17 20:25:56
1221 [auth.c auth.h auth1.c auth2.c]
1222 getpwnamallow returns struct passwd * only if user valid;
1224 - provos@cvs.openbsd.org 2002/03/18 01:12:14
1225 [auth.h auth1.c auth2.c sshd.c]
1226 have the authentication functions return the authentication context
1227 and then do_authenticated; okay millert@
1228 - dugsong@cvs.openbsd.org 2002/03/18 01:30:10
1230 set client to NULL after xfree(), from Rolf Braun
1231 <rbraun+ssh@andrew.cmu.edu>
1232 - provos@cvs.openbsd.org 2002/03/18 03:41:08
1234 move auth_approval into getpwnamallow with help from millert@
1235 - markus@cvs.openbsd.org 2002/03/18 17:13:15
1237 export/import cipher states; needed by ssh-privsep
1238 - markus@cvs.openbsd.org 2002/03/18 17:16:38
1240 export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
1241 - markus@cvs.openbsd.org 2002/03/18 17:23:31
1243 add key_demote() for ssh-privsep
1244 - provos@cvs.openbsd.org 2002/03/18 17:25:29
1246 buffer_skip_string and extra sanity checking; needed by ssh-privsep
1247 - provos@cvs.openbsd.org 2002/03/18 17:31:54
1249 export compression streams for ssh-privsep
1250 - provos@cvs.openbsd.org 2002/03/18 17:50:31
1251 [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
1252 [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
1253 [kexgex.c servconf.c]
1254 [session.h servconf.h serverloop.c session.c sshd.c]
1255 integrate privilege separated openssh; its turned off by default
1256 for now. work done by me and markus@
1257 - provos@cvs.openbsd.org 2002/03/18 17:53:08
1260 - provos@cvs.openbsd.org 2002/03/18 17:59:09
1262 document UsePrivilegeSeparation
1263 - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
1265 UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
1267 - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
1268 [pathnames.h servconf.c servconf.h sshd.c]
1269 _PATH_PRIVSEP_CHROOT_DIR; ok provos@
1270 - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
1272 Banner has no default.
1273 - mpech@cvs.openbsd.org 2002/03/19 06:32:56
1275 use xfree() after xstrdup().
1278 - markus@cvs.openbsd.org 2002/03/19 10:35:39
1279 [auth-options.c auth.h session.c session.h sshd.c]
1281 - markus@cvs.openbsd.org 2002/03/19 10:49:35
1282 [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
1283 [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
1284 [sshconnect2.c sshd.c ttymodes.c]
1286 - markus@cvs.openbsd.org 2002/03/19 14:27:39
1287 [auth.c auth1.c auth2.c]
1288 make getpwnamallow() allways call pwcopy()
1289 - markus@cvs.openbsd.org 2002/03/19 15:31:47
1291 check for NULL; from provos@
1292 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
1293 [servconf.c servconf.h ssh.h sshd.c]
1294 for unprivileged user, group do:
1295 pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
1296 - stevesk@cvs.openbsd.org 2002/03/20 21:08:08
1298 strerror() on chdir() fail; ok provos@
1299 - markus@cvs.openbsd.org 2002/03/21 10:21:20
1301 ignore errors for nonexisting default keys in ssh-add,
1302 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
1303 - jakob@cvs.openbsd.org 2002/03/21 15:17:26
1304 [clientloop.c ssh.1]
1305 add built-in command line for adding new port forwardings on the fly.
1306 based on a patch from brian wellington. ok markus@.
1307 - markus@cvs.openbsd.org 2002/03/21 16:38:06
1309 make compile w/ openssl 0.9.7
1310 - markus@cvs.openbsd.org 2002/03/21 16:54:53
1311 [scard.c scard.h ssh-keygen.c]
1312 move key upload to scard.[ch]
1313 - markus@cvs.openbsd.org 2002/03/21 16:57:15
1316 - markus@cvs.openbsd.org 2002/03/21 16:58:13
1319 - rees@cvs.openbsd.org 2002/03/21 18:08:15
1321 In sc_put_key(), sc_reader_id should be id.
1322 - markus@cvs.openbsd.org 2002/03/21 20:51:12
1325 - markus@cvs.openbsd.org 2002/03/21 21:23:34
1327 add privsep_preauth() and remove 1 goto; ok provos@
1328 - rees@cvs.openbsd.org 2002/03/21 21:54:34
1329 [scard.c scard.h ssh-keygen.c]
1330 Add PIN-protection for secret key.
1331 - rees@cvs.openbsd.org 2002/03/21 22:44:05
1332 [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
1333 Add PIN-protection for secret key.
1334 - markus@cvs.openbsd.org 2002/03/21 23:07:37
1336 remove unused, sync w/ cmdline patch in my tree.
1339 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
1340 wanted, warn if directory does not exist. Put system directories in
1341 front of PATH for finding entorpy commands.
1342 - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
1343 build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
1344 [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
1345 postinstall check for $piddir and add if necessary.
1348 - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
1349 build on all platforms that support SVR4 style package tools. Now runs
1350 from build dir. Parts are based on patches from Antonio Navarro, and
1354 - (djm) Revert bits of Markus' OpenSSL compat patch which was
1355 accidentally committed.
1356 - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
1357 Known issue: Blowfish for SSH1 does not work
1358 - (stevesk) entropy.c: typo in debug message
1359 - (djm) ssh-keygen -i needs seeded RNG; report from markus@