2 - Merged OpenBSD CVS changes
3 - [ChangeLog.Ylonen] noone needs this anymore
4 - [authfd.c] close-on-exec for auth-socket, ok deraadt
6 in known_hosts key lookup the entry for the bits does not need
7 to match, all the information is contained in n and e. This
8 solves the problem with buggy servers announcing the wrong
9 modulus length. markus and me.
11 bugfix: check for space if child has terminated, from:
13 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
14 [fingerprint.c fingerprint.h]
15 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
17 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
19 force logging to stderr while loading private key file
20 (lost while converting to new log-levels)
23 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
24 - Merged OpenBSD CVS changes:
25 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
26 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
27 the keysize of rsa-parameter 'n' is passed implizit,
28 a few more checks and warnings about 'pretended' keysizes.
29 - [cipher.c cipher.h packet.c packet.h sshd.c]
30 remove support for cipher RC4
32 a note for legay systems about secuity issues with permanently_set_uid(),
33 the private hostkey and ptrace()
35 more detailed messages about adding and checking hostkeys
38 - Merged OpenBSD CVS changes:
39 - [ssh-add.c] change passphrase loop logic and remove ref to
41 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
43 - Revised autoconf support for enabling/disabling askpass support.
44 - Merged more OpenBSD CVS changes:
46 - disconnect if getpeername() fails
47 - missing xfree(*client)
49 - disconnect if getpeername() fails
50 - fix comment: we _do_ disconnect if ip-options are set
52 - disconnect if getpeername() fails
53 - move checking of remote port to central place
54 [auth-rhosts.c] move checking of remote port to central place
55 [log-server.c] avoid extra fd per sshd, from millert@
56 [readconf.c] print _all_ bad config-options in ssh(1), too
57 [readconf.h] print _all_ bad config-options in ssh(1), too
58 [ssh.c] print _all_ bad config-options in ssh(1), too
59 [sshconnect.c] disconnect if getpeername() fails
60 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
61 - Various small cleanups to bring diff (against OpenBSD) size down.
62 - Merged more Solaris compability from Marc G. Fournier
63 <marc.fournier@acadiau.ca>
64 - Wrote autoconf tests for __progname symbol
65 - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
68 - Another OpenBSD CVS update:
69 - [ssh-keygen.1] fix .Xr
72 - Solaris compilation fixes (still imcomplete)
75 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
76 - Don't install config files if they already exist
77 - Fix inclusion of additional preprocessor directives from acconfig.h
78 - Removed redundant inclusions of config.h
79 - Added 'Obsoletes' lines to RPM spec file
80 - Merged OpenBSD CVS changes:
81 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
82 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
83 totalsize, ok niels,aaron
84 - Delay fork (-f option) in ssh until after port forwarded connections
85 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
86 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
87 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
88 - Tidied default config file some more
89 - Revised Redhat initscript to fix bug: sshd (re)start would fail
90 if executed from inside a ssh login.
93 - Merged changes from OpenBSD CVS
94 - [sshd.c] session_key_int may be zero
95 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
96 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
98 - Brought default sshd_config more in line with OpenBSD's
99 - Grab server in gnome-ssh-askpass (Debian bug #49872)
102 - Added INSTALL documentation
103 - Merged yet more changes from OpenBSD CVS
104 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
105 [ssh.c ssh.h sshconnect.c sshd.c]
106 make all access to options via 'extern Options options'
107 and 'extern ServerOptions options' respectively;
108 options are no longer passed as arguments:
109 * make options handling more consistent
110 * remove #include "readconf.h" from ssh.h
111 * readconf.h is only included if necessary
112 - [mpaux.c] clear temp buffer
113 - [servconf.c] print _all_ bad options found in configfile
114 - Make ssh-askpass support optional through autoconf
115 - Fix nasty division-by-zero error in scp.c
119 - Added (untested) Entropy Gathering Daemon (EGD) support
120 - Fixed /dev/urandom fd leak (Debian bug #49722)
121 - Merged OpenBSD CVS changes:
122 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
123 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
124 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
125 - Fix integer overflow which was messing up scp's progress bar for large
126 file transfers. Fix submitted to OpenBSD developers.
127 - Merged more OpenBSD CVS changes:
128 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
129 + krb-cleanup cleanup
130 - [clientloop.c log-client.c log-server.c ]
131 [readconf.c readconf.h servconf.c servconf.h ]
132 [ssh.1 ssh.c ssh.h sshd.8]
133 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
134 obsoletes QuietMode and FascistLogging in sshd.
135 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
136 allow session_key_int != sizeof(session_key)
137 [this should fix the pre-assert-removal-core-files]
138 - Updated default config file to use new LogLevel option and to improve
142 - Merged several minor fixes:
143 - ssh-agent commandline parsing
144 - RPM spec file now installs ssh setuid root
145 - Makefile creates libdir
146 - Merged beginnings of Solaris compability from Marc G. Fournier
147 <marc.fournier@acadiau.ca>
150 - Autodetection of SSL/Crypto library location via autoconf
151 - Fixed location of ssh-askpass to follow autoconf
152 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
153 - Autodetection of RSAref library for US users
155 - Merged OpenBSD CVS changes:
156 - [rsa.c] bugfix: use correct size for memset()
157 - [sshconnect.c] warn if announced size of modulus 'n' != real size
158 - Added GNOME passphrase requestor (use --with-gnome-askpass)
159 - RPM build now creates subpackages
163 - Removed debian/ directory. This is now being maintained separately.
164 - Added symlinks for slogin in RPM spec file
165 - Fixed permissions on manpages in RPM spec file
166 - Added references to required libraries in README file
167 - Removed config.h.in from CVS
168 - Removed pwdb support (better pluggable auth is provided by glibc)
169 - Made PAM and requisite libdl optional
170 - Removed lots of unnecessary checks from autoconf
171 - Added support and autoconf test for openpty() function (Unix98 pty support)
172 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
174 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
175 - Added ssh-askpass program
176 - Added ssh-askpass support to ssh-add.c
177 - Create symlinks for slogin on install
178 - Fix "distclean" target in makefile
179 - Added example for ssh-agent to manpage
180 - Added support for PAM_TEXT_INFO messages
181 - Disable internal /etc/nologin support if PAM enabled
182 - Merged latest OpenBSD CVS changes:
183 - [all] replace assert() with error, fatal or packet_disconnect
184 - [sshd.c] don't send fail-msg but disconnect if too many authentication
186 - [sshd.c] remove unused argument. ok dugsong
188 - [rsa.c] clear buffers used for encryption. ok: niels
189 - [rsa.c] replace assert() with error, fatal or packet_disconnect
190 - [auth-krb4.c] remove unused argument. ok dugsong
191 - Fixed coredump after merge of OpenBSD rsa.c patch
195 - Merged change from OpenBSD CVS
196 - One-line cleanup in sshd.c
199 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
200 - Merged latest updates for OpenBSD CVS:
201 - channels.[ch] - remove broken x11 fix and document istate/ostate
202 - ssh-agent.c - call setsid() regardless of argv[]
203 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
204 - Documentation cleanups
205 - Renamed README -> README.Ylonen
206 - Renamed README.openssh ->README
209 - Renamed openssh* back to ssh* at request of Theo de Raadt
210 - Incorporated latest changes from OpenBSD's CVS
211 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
212 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
213 - Make distclean now removed configure script
214 - Improved PAM logging
215 - Added some debug() calls for PAM
216 - Removed redundant subdirectories
217 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
219 - Fixed off-by-one error in PAM env patch
223 - Further PAM enhancements.
225 - Now uses account and session modules for all logins.
226 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
229 - Change binary names to open*
230 - Fixed autoconf script to detect PAM on RH6.1
231 - Added tests for libpwdb, and OpenBSD functions to autoconf
234 - Imported latest OpenBSD CVS code
235 - Updated README.openssh
242 - Excised my buggy replacements for strlcpy and mkdtemp
243 - Imported correct OpenBSD strlcpy and mkdtemp routines.
244 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
245 - Picked up correct version number from OpenBSD
246 - Added sshd.pam PAM configuration file
247 - Added sshd.init Redhat init script
248 - Added openssh.spec RPM spec file
252 - Fixed include paths of OpenSSL functions
253 - Use OpenSSL MD5 routines
254 - Imported RC4 code from nanocrypt
255 - Wrote replacements for OpenBSD arc4random* functions
256 - Wrote replacements for strlcpy and mkdtemp