2 - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint"
3 as deprecated. Remove mention from README.privsep. Patch from
7 - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
9 - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications
10 and minor fixes. OK djm@
11 - (bal) redo how we handle 'mysignal()'. Move it to
12 openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
13 be our 'mysignal' by default. OK djm@
14 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
15 any access to locked accounts. ok djm@
16 - (djm) Bug #564: Perform PAM account checks for all authentications when
17 UsePAM=yes; ok dtucker
18 - (dtucker) [configure.ac] Bug #533, #551: define BROKEN_GETADDRINFO on
19 Tru64, solves getnameinfo and "bad addr or host" errors. ok djm@
20 - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix)
21 Update package builder: correctly handle config variables, use lsuser
22 rather than /etc/passwd, fix typos, add Id's.
25 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
27 - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys
28 rather that authorized_keys2. Patch from vinschen@redhat.com.
31 - (dtucker) OpenBSD CVS Sync
32 - markus@cvs.openbsd.org 2003/08/14 16:08:58
34 exit after primetest, ok djm@
35 - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros,
36 change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for
38 - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement
39 and after normal openpty test.
42 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.
43 - (dtucker) OpenBSD CVS Sync
44 - markus@cvs.openbsd.org 2003/08/13 08:33:02
46 use more portable tcsendbreak(3) and ignore break_length;
48 - markus@cvs.openbsd.org 2003/08/13 08:46:31
49 [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
50 ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
51 remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
52 fgsch@, miod@, henning@, jakob@ and others
53 - markus@cvs.openbsd.org 2003/08/13 09:07:10
55 socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
56 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
57 Add a tcsendbreak function for platforms that don't have one, based on the
61 - (dtucker) OpenBSD CVS Sync
62 (thanks to Simon Wilkinson for help with this -dt)
63 - markus@cvs.openbsd.org 2003/07/16 15:02:06
65 mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
66 otherwise the kerberos credentinal is stored in a memory cache
67 in the privileged sshd. ok jabob@, hin@ (some time ago)
68 - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate
69 in bsd-cygwin_util.h).
72 - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and
73 AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition
74 separately before defining them.
75 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@
78 - (dtucker) [session.c] Have session_break_req not attempt to send a break
79 if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
80 - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is
81 defined (fixes compile error on really old Linuxes).
82 - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if
83 not already defined (eg Linux with some versions of libc5), based on those
85 - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
86 Remove incorrect filenames from comments (file names are in Id tags).
87 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
88 specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
91 - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
92 - (dtucker) OpenBSD CVS Sync
93 - markus@cvs.openbsd.org 2003/07/22 13:35:22
94 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
95 monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
96 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
97 remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
99 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
100 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
101 - (dtucker) OpenBSD CVS Sync
102 - markus@cvs.openbsd.org 2003/07/23 07:42:43
105 - djm@cvs.openbsd.org 2003/07/28 09:49:56
106 [ssh-keygen.1 ssh-keygen.c]
107 Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
108 Based on code from Phil Karn, William Allen Simpson and Niels Provos.
109 ok markus@, thanks jmc@
110 - markus@cvs.openbsd.org 2003/07/29 18:24:00
111 [LICENCE progressmeter.c]
112 replace 4 clause BSD licensed progressmeter code with a replacement
113 from Nils Nordman and myself; ok deraadt@
114 (copied from OpenBSD an re-applied portable changes)
115 - markus@cvs.openbsd.org 2003/07/29 18:26:46
117 fix length for "- stalled -" (included with previous import)
118 - markus@cvs.openbsd.org 2003/07/30 07:44:14
120 use only 4 digits in format_size (included with previous import)
121 - markus@cvs.openbsd.org 2003/07/30 07:53:27
123 whitespace (included with previous import)
124 - markus@cvs.openbsd.org 2003/07/31 09:21:02
126 check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za
128 - avsm@cvs.openbsd.org 2003/07/31 15:50:16
130 correct comment: atomicio takes vwrite, not write; deraadt@ ok
131 - markus@cvs.openbsd.org 2003/07/31 22:34:03
133 print rate similar old version; round instead truncate;
134 (included in previous progressmeter.c commit)
135 - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
136 Add a tcgetpgrp function.
137 - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
138 - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp.
141 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
144 - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW ->
145 DISABLE_SHADOW. Fixes HP-UX compile error.
148 - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
149 openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
150 and isolate shadow password functions. Tested in Solaris, but should
151 not break other platforms too badly (except maybe HP =). Also brings
152 auth-passwd.c into full sync with OpenBSD tree.
155 - (dtucker) [configure.ac] Back out change for bug #620.
158 - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for
159 Solaris/x86. Patch from jrhett at isite.net.
160 - (dtucker) OpenBSD CVS Sync
161 - markus@cvs.openbsd.org 2003/07/14 12:36:37
163 remove undocumented -V option. would be only useful if openssh is used
164 as ssh v1 server for ssh.com's ssh v2.
165 - markus@cvs.openbsd.org 2003/07/16 10:34:53
167 don't exit on multiple -v or -d; ok deraadt@
168 - markus@cvs.openbsd.org 2003/07/16 10:36:28
170 clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@
171 - deraadt@cvs.openbsd.org 2003/07/18 01:54:25
173 userid is unsigned, but well, force it anyways; andrushock@korovino.net
174 - djm@cvs.openbsd.org 2003/07/19 00:45:53
176 fix sftp filename parsing for arguments with escaped quotes. bz #517;
178 - djm@cvs.openbsd.org 2003/07/19 00:46:31
179 [regress/sftp-cmds.sh]
180 regress test for sftp arguments with escaped quotes; ok markus
183 - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
184 loginfailed at all, so assume 3-arg loginfailed if not declared.
185 - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
187 - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
188 Call setauthdb() before loginfailed(), which may load password registry-
189 specific functions. Based on patch by cawlfiel at us.ibm.com.
190 - (dtucker) [port-aix.h] Fix prototypes.
191 - (dtucker) OpenBSD CVS Sync
192 - avsm@cvs.openbsd.org 2003/07/09 13:58:19
194 minor tweak: when generating the hex fingerprint, give strlcat the full
195 bound to the buffer, and add a comment below explaining why the
196 zero-termination is one less than the bound. markus@ ok
197 - markus@cvs.openbsd.org 2003/07/10 14:42:28
199 the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
200 blowfish, etc, so enforce a 1GB limit for small blocksizes.
201 - markus@cvs.openbsd.org 2003/07/10 20:05:55
203 sync usage with manpage, add missing -R
206 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
207 Include AIX headers for authentication functions and make calls match
208 prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed.
209 - (dtucker) [session.c] Check return value of setpcred().
210 - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
211 Convert aixloginmsg into platform-independant Buffer loginmsg.
214 - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
215 searching libraries for it. Fixes build errors on NCR MP-RAS.
218 - (dtucker) [ssh-rand-helper.c loginrec.c]
219 Apply atomicio typing change to these too.
222 - (dtucker) OpenBSD CVS Sync
223 - djm@cvs.openbsd.org 2003/06/28 07:48:10
225 report pidfile creation errors, based on patch from Roumen Petrov;
227 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
228 [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
229 progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
231 deal with typing of write vs read in atomicio
232 - markus@cvs.openbsd.org 2003/06/29 12:44:38
234 memset 0, not \0; andrushock@korovino.net
235 - markus@cvs.openbsd.org 2003/07/02 12:56:34
237 deny dynamic forwarding with -R for v1, too; ok djm@
238 - markus@cvs.openbsd.org 2003/07/02 14:51:16
239 [channels.c ssh.1 ssh_config.5]
240 (re)add socks5 suppport to -D; ok djm@
241 now ssh(1) can act both as a socks 4 and socks 5 server and
242 dynamically forward ports.
243 - markus@cvs.openbsd.org 2003/07/02 20:37:48
245 convert hostkeyalias to lowercase, otherwise uppercase aliases will
246 not match at all; ok henning@
247 - markus@cvs.openbsd.org 2003/07/03 08:21:46
248 [regress/dynamic-forward.sh]
249 add socks5; speedup; reformat; based on patch from dtucker@zip.com.au
250 - markus@cvs.openbsd.org 2003/07/03 08:24:13
252 enable tests for dynamic fwd via socks (-D), uses nc(1)
253 - djm@cvs.openbsd.org 2003/07/03 08:09:06
254 [readconf.c readconf.h ssh-keysign.c ssh.c]
255 fix AddressFamily option in config file, from brent@graveland.net;
259 - (djm) Search for support functions necessary to build our
260 getrrsetbyname() replacement. Patch from Roumen Petrov
263 - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h
264 (fixes compiler warnings on Solaris 2.5.1).
265 - (dtucker) [configure.ac] Add sanity test after system-dependant compiler
269 - (djm) Bug #591: use PKCS#15 private key label as a comment in case
270 of OpenSC. Report and patch from larsch@trustcenter.de
271 - (djm) Bug #593: Sanity check OpenSC card reader number; patch from
273 - (dtucker) OpenBSD CVS Sync
274 - markus@cvs.openbsd.org 2003/06/23 09:02:44
276 document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
277 - markus@cvs.openbsd.org 2003/06/24 08:23:46
278 [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
279 monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
280 int -> u_int; ok djm@, deraadt@, mouring@
281 - miod@cvs.openbsd.org 2003/06/25 22:39:36
283 Typo police: attribute is better written with an 'r'.
284 - markus@cvs.openbsd.org 2003/06/26 20:08:33
286 do not dump core for 'ssh -o proxycommand host'; ok deraadt@
287 - (dtucker) [regress/dynamic-forward.sh] Import new regression test.
288 - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE
289 actually enable the feature, for those normally disabled. Patch by
290 openssh (at) roumenpetrov.info.
293 - (dtucker) Have configure refer the user to config.log and
294 contrib/findssl.sh for OpenSSL header/library mismatches.
297 - (dtucker) OpenBSD CVS Sync
298 - markus@cvs.openbsd.org 2003/06/21 09:14:05
299 [regress/reconfigure.sh]
300 missing $SUDO; from dtucker@zip.com.au
301 - markus@cvs.openbsd.org 2003/06/18 11:28:11
303 backout last change, since it violates pkcs#1
304 switch to share/misc/license.template
305 - djm@cvs.openbsd.org 2003/06/20 05:47:58
307 sync description of protocol 2 cipher proposal; ok markus
308 - djm@cvs.openbsd.org 2003/06/20 05:48:21
310 sync some implemented options; ok markus@
311 - (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS.
312 - (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before
316 - (djm) OpenBSD CVS Sync
317 - markus@cvs.openbsd.org 2003/06/12 07:57:38
318 [monitor.c sshlogin.c sshpty.c]
319 typos; dtucker at zip.com.au
320 - djm@cvs.openbsd.org 2003/06/12 12:22:47
322 mention more copyright holders; ok markus@
323 - nino@cvs.openbsd.org 2003/06/12 15:34:09
326 - markus@cvs.openbsd.org 2003/06/12 19:12:03
327 [scard.c scard.h ssh-agent.c ssh.c]
328 add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
329 - markus@cvs.openbsd.org 2003/06/16 08:22:35
331 make sure the signature has at least the expected length (don't
332 insist on len == hlen + oidlen, since this breaks some smartcards)
333 bugzilla #592; ok djm@
334 - markus@cvs.openbsd.org 2003/06/16 10:22:45
336 print out key comment on each prompt; make ssh-askpass more useable; ok djm@
337 - markus@cvs.openbsd.org 2003/06/17 18:14:23
339 use license from /usr/share/misc/license.template for new code
340 - (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh]
341 Import new regression tests from OpenBSD
342 - (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS.
343 - (dtucker) OpenBSD CVS Sync (regress/)
344 - markus@cvs.openbsd.org 2003/04/02 12:21:13
347 - djm@cvs.openbsd.org 2003/04/04 09:34:22
348 [Makefile sftp-cmds.sh]
349 More regression tests, including recent directory rename bug; ok markus@
350 - markus@cvs.openbsd.org 2003/05/14 22:08:27
351 [ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh]
352 test against some new commerical versions
353 - mouring@cvs.openbsd.org 2003/05/15 04:07:12
355 Advanced put/get testing for sftp. OK @djm
356 - markus@cvs.openbsd.org 2003/06/12 15:40:01
359 - markus@cvs.openbsd.org 2003/06/12 15:43:32
361 test -HUP; dtucker at zip.com.au
364 - (djm) Update license on fake-rfc2553.[ch]; ok itojun@
367 - (djm) Mention portable copyright holders in LICENSE
368 - (djm) Put licenses on substantial header files
369 - (djm) Sync LICENSE against OpenBSD
370 - (djm) OpenBSD CVS Sync
371 - jmc@cvs.openbsd.org 2003/06/10 09:12:11
372 [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
373 [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
375 - COMPATIBILITY merge
377 - kill whitespace at EOL
378 - new sentence, new line
380 - deraadt@cvs.openbsd.org 2003/06/10 22:20:52
381 [packet.c progressmeter.c]
382 mostly ansi cleanup; pval ok
383 - jakob@cvs.openbsd.org 2003/06/11 10:16:16
385 clean up check_host_key() and improve SSHFP feedback. ok markus@
386 - jakob@cvs.openbsd.org 2003/06/11 10:18:47
388 sync with check_host_key() change
389 - djm@cvs.openbsd.org 2003/06/11 11:18:38
390 [authfd.c authfd.h ssh-add.c ssh-agent.c]
391 make agent constraints (lifetime, confirm) work with smartcard keys;
396 - (djm) Sync README.smartcard with OpenBSD -current
397 - (djm) Re-merge OpenSC info into README.smartcard
400 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
403 - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
405 - (djm) Implement paranoid priv dropping checks, based on:
406 "SetUID demystified" - Hao Chen, David Wagner and Drew Dean
407 Proceedings of USENIX Security Symposium 2002
408 - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
409 - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
410 - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
411 Patch from larsch@trustcenter.de
412 - (djm) Bug #589 - scard-opensc: load only keys with a private keys
413 Patch from larsch@trustcenter.de
414 - (dtucker) Add includes.h to fake-rfc2553.c so it will build.
415 - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c).
418 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
419 simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
420 - (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
421 Patch from larsch@trustcenter.de; ok markus@
422 - (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from
423 larsch@trustcenter.de; ok markus@
424 - (djm) OpenBSD CVS Sync
425 - djm@cvs.openbsd.org 2003/06/04 08:25:18
427 disable challenge/response and keyboard-interactive auth methods
428 upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
430 - djm@cvs.openbsd.org 2003/06/04 10:23:48
432 remove duplicated group-dropping code; ok markus@
433 - djm@cvs.openbsd.org 2003/06/04 12:03:59
435 remove bitrotten commet; ok markus@
436 - djm@cvs.openbsd.org 2003/06/04 12:18:49
439 - djm@cvs.openbsd.org 2003/06/04 12:40:39
441 kill ssh process upon receipt of signal, bz #241.
442 based on patch from esb AT hawaii.edu; ok markus@
443 - djm@cvs.openbsd.org 2003/06/04 12:41:22
445 kill ssh process on receipt of signal; ok markus@
446 - (djm) Update to fix of bug #584: lock card before return.
447 From larsch@trustcenter.de
448 - (djm) Always use mysignal() for SIGALRM
451 - (djm) Replace setproctitle replacement with code derived from
453 - (djm) OpenBSD CVS Sync
454 - markus@cvs.openbsd.org 2003/06/02 09:17:34
455 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
456 [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
458 deprecate VerifyReverseMapping since it's dangerous if combined
459 with IP based access control as noted by Mike Harding; replace with
460 a UseDNS option, UseDNS is on by default and includes the
461 VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
463 - millert@cvs.openbsd.org 2003/06/03 02:56:16
465 Remove the advertising clause in the UCB license which Berkeley
466 rescinded 22 July 1999. Proofed by myself and Theo.
467 - (djm) Fix portable-specific uses of verify_reverse_mapping too
468 - (djm) Sync openbsd-compat with OpenBSD CVS.
469 - No more 4-term BSD licenses in linked code
470 - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
473 - (djm) Fix segv from bad reordering in auth-pam.c
474 - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
476 - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
478 - (djm) Remove "noip6" option from RedHat spec file. This may now be
479 set at runtime using AddressFamily option.
480 - (djm) Fix use of macro before #define in cipher-aes.c
481 - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
482 - (djm) OpenBSD CVS Sync
483 - djm@cvs.openbsd.org 2003/05/26 12:54:40
485 fix format strings; ok markus@
486 - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
488 seteuid and setegid; markus ok
489 - jakob@cvs.openbsd.org 2003/06/02 08:31:10
491 VerifyHostKeyDNS is v2 only. ok markus@
494 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
496 - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
499 - (djm) Avoid auth2-chall.c warning when compiling without
500 PAM, BSD_AUTH and SKEY
503 - (djm) OpenBSD CVS Sync
504 - djm@cvs.openbsd.org 2003/05/24 09:02:22
506 pass logged data through strnvis; ok markus
507 - djm@cvs.openbsd.org 2003/05/24 09:30:40
508 [authfile.c monitor.c sftp-common.c sshpty.c]
509 cast some types for printing; ok markus@
512 - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
515 - (djm) Use VIS_SAFE on logged strings rather than default strnvis
516 encoding (which encodes many more characters)
518 - jmc@cvs.openbsd.org 2003/05/20 12:03:35
520 - new sentence, new line
524 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
525 [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
526 new sentence, new line
527 - djm@cvs.openbsd.org 2003/05/23 08:29:30
532 - (djm) OpenBSD CVS Sync
533 - deraadt@cvs.openbsd.org 2003/05/18 23:22:01
535 use syslog_r() in a signal handler called place; markus ok
536 - (djm) Configure logic to detect syslog_r and friends
539 - (djm) Sync auth-pam.h with what we actually implement
542 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
544 - (djm) OpenBSD CVS Sync
545 - djm@cvs.openbsd.org 2003/05/16 03:27:12
546 [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
547 add AddressFamily option to ssh_config (like -4, -6 on commandline).
548 Portable bug #534; ok markus@
549 - itojun@cvs.openbsd.org 2003/05/17 03:25:58
551 just in case, put numbers to sscanf %s arg.
552 - markus@cvs.openbsd.org 2003/05/17 04:27:52
553 [cipher.c cipher-ctr.c myproposal.h]
554 experimental support for aes-ctr modes from
555 http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
557 - (djm) Remove IPv4 by default hack now that we can specify AF in config
558 - (djm) Tidy and trim TODO
559 - (djm) Sync openbsd-compat/ with OpenBSD CVS head
560 - (djm) Big KNF on openbsd-compat/
561 - (djm) KNF on md5crypt.[ch]
562 - (djm) KNF on auth-sia.[ch]
565 - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
568 - (djm) OpenBSD CVS Sync
569 - djm@cvs.openbsd.org 2003/05/15 13:52:10
571 Make "ssh -V" print the OpenSSL version in a human readable form. Patch
572 from Craig Leres (mindrot at ee.lbl.gov); ok markus@
573 - jakob@cvs.openbsd.org 2003/05/15 14:02:47
574 [readconf.c servconf.c]
575 warn for unsupported config option. ok markus@
576 - markus@cvs.openbsd.org 2003/05/15 14:09:21
578 fix 64bit issue; report itojun@
579 - djm@cvs.openbsd.org 2003/05/15 14:55:25
580 [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
581 add a ConnectTimeout option to ssh, based on patch from
582 Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
583 - (djm) Add warning for UsePAM when built without PAM support
584 - (djm) A few type mismatch fixes from Bug #565
585 - (djm) Guard free_pam_environment against NULL argument. Works around
586 HP/UX PAM problems debugged by dtucker
589 - (djm) OpenBSD CVS Sync
590 - jmc@cvs.openbsd.org 2003/05/14 13:11:56
594 - jakob@cvs.openbsd.org 2003/05/14 18:16:20
595 [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
596 [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
597 add experimental support for verifying hos keys using DNS as described
598 in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
599 ok markus@ and henning@
600 - markus@cvs.openbsd.org 2003/05/14 22:24:42
601 [clientloop.c session.c ssh.1]
602 allow to send a BREAK to the remote system; ok various
603 - markus@cvs.openbsd.org 2003/05/15 00:28:28
605 cleanup unregister of per-method packet handlers; ok djm@
606 - jakob@cvs.openbsd.org 2003/05/15 01:48:10
607 [readconf.c readconf.h servconf.c servconf.h]
608 always parse kerberos options. ok djm@ markus@
609 - jakob@cvs.openbsd.org 2003/05/15 02:27:15
611 add missing freerrset
612 - markus@cvs.openbsd.org 2003/05/15 03:08:29
613 [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
614 split out custom EVP ciphers
615 - djm@cvs.openbsd.org 2003/05/15 03:10:52
617 avoid warning; ok jakob@
618 - mouring@cvs.openbsd.org 2003/05/15 03:39:07
620 Make put/get (globed and nonglobed) code more consistant. OK djm@
621 - mouring@cvs.openbsd.org 2003/05/15 03:43:59
623 Teach ls how to display multiple column display and allow users
624 to return to single column format via 'ls -1'. OK @djm
625 - jakob@cvs.openbsd.org 2003/05/15 04:08:44
626 [readconf.c servconf.c]
627 disable kerberos when not supported. ok markus@
628 - markus@cvs.openbsd.org 2003/05/15 04:08:41
631 - (djm) Always parse UsePAM
632 - (djm) Configure glue for DNS support (code doesn't work in portable yet)
633 - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
634 - (djm) Tidy Makefile clean targets
635 - (djm) Adapt README.dns for portable
636 - (djm) Avoid uuencode.c warnings
637 - (djm) Enable UsePAM when built --with-pam
638 - (djm) Only build getrrsetbyname replacement when using --with-dns
639 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
641 - (djm) Bug #444: Wrong paths after reconfigure
642 - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
645 - (djm) Bug #117: Don't lie to PAM about username
646 - (djm) RCSID sync w/ OpenBSD
647 - (djm) OpenBSD CVS Sync
648 - djm@cvs.openbsd.org 2003/04/09 12:00:37
650 strip trailing whitespace from config lines before parsing.
651 Fixes bz 528; ok markus@
652 - markus@cvs.openbsd.org 2003/04/12 10:13:57
654 hide cipher details; ok djm@
655 - markus@cvs.openbsd.org 2003/04/12 10:15:36
658 - naddy@cvs.openbsd.org 2003/04/12 11:40:15
660 document -V switch, fix wording; ok markus@
661 - markus@cvs.openbsd.org 2003/04/14 14:17:50
662 [channels.c sshconnect.c sshd.c ssh-keyscan.c]
663 avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
664 - mouring@cvs.openbsd.org 2003/04/14 21:31:27
666 Missing globfree(&g) in process_put() spotted by Vince Brimhall
667 <VBrimhall@novell.com>. ok@ Theo
668 - markus@cvs.openbsd.org 2003/04/16 14:35:27
670 document struct Authctxt; with solar
671 - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
673 -t in usage(); rogier@quaak.org
674 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
675 [sshd.8 sshd_config.5]
676 Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
677 Bug #550 and * escaping suggested by jmc@.
678 - david@cvs.openbsd.org 2003/04/30 20:41:07
680 fix invalid .Pf macro usage introduced in previous commit
682 - markus@cvs.openbsd.org 2003/05/11 16:56:48
683 [authfile.c ssh-keygen.c]
684 change key_load_public to try to read a public from:
685 rsa1 private or rsa1 public and ssh2 keys.
686 this makes ssh-keygen -e fail for ssh1 keys more gracefully
687 for example; report from itojun (netbsd pr 20550).
688 - markus@cvs.openbsd.org 2003/05/11 20:30:25
689 [channels.c clientloop.c serverloop.c session.c ssh.c]
690 make channel_new() strdup the 'remote_name' (not the caller); ok theo
691 - markus@cvs.openbsd.org 2003/05/12 16:55:37
693 for pubkey authentication try the user keys in the following order:
694 1. agent keys that are found in the config file
696 3. keys that are only listed in the config file
697 this helps when an agent has many keys, where the server might
698 close the connection before the correct key is used. report & ok pb@
699 - markus@cvs.openbsd.org 2003/05/12 18:35:18
701 typo: DSA keys are of type ssh-dss; Brian Poole
702 - markus@cvs.openbsd.org 2003/05/14 00:52:59
704 ranges for per auth method messages
705 - djm@cvs.openbsd.org 2003/05/14 01:00:44
707 emphasise the batchmode functionality and make reference to pubkey auth,
708 both of which are FAQs; ok markus@
709 - markus@cvs.openbsd.org 2003/05/14 02:15:47
710 [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
711 implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
712 server interops with commercial client; ok jakob@ djm@
713 - jmc@cvs.openbsd.org 2003/05/14 08:25:39
715 - better formatting in SYNOPSIS
718 - markus@cvs.openbsd.org 2003/05/14 08:57:49
720 http://bugzilla.mindrot.org/show_bug.cgi?id=560
721 Privsep child continues to run after monitor killed.
722 Pass monitor signals through to child; Darren Tucker
723 - (djm) Make portable build with MIT krb5 (some issues remain)
724 - (djm) Add new UsePAM configuration directive to allow runtime control
725 over usage of PAM. This allows non-root use of sshd when built with
727 - (djm) Die screaming if start_pam() is called when UsePAM=no
728 - (djm) Avoid KrbV leak for MIT Kerberos
729 - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
730 - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
733 - (djm) Redhat spec: Don't install profile.d scripts when not
734 building with GNOME/GTK askpass (patch from bet@rahul.net)
737 - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
738 "make install". Patch by roth@feep.net.
739 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
740 problem on Linux (fixes "could not set controlling tty" errors).
741 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
742 proper challenge-response module
743 - (djm) 2-clause license on loginrec.c, with permission from
747 - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
748 Patch from vinschen@redhat.com.
751 - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
755 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
756 privsep should now work.
757 - (dtucker) Move handling of bad password authentications into a platform
758 specific record_failed_login() function (affects AIX & Unicos). ok mouring@
761 - (djm) Add back radix.o (used by AFS support), after it went missing from
762 Makefile many moons ago
763 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
764 - (djm) Fix blibpath specification for AIX/gcc
765 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
768 - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
772 - (bal) Bug #541: return; was dropped by mistake. Reported by
774 - (bal) Since we don't support platforms lacking u_int_64. We may
775 as well clean out some of those evil #ifdefs
776 - (bal) auth1.c minor resync while looking at the code.
777 - (bal) auth2.c same changed as above.
780 - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
781 from matth@eecs.berkeley.edu
782 - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
783 - (djm) OpenBSD CVS Sync
784 - markus@cvs.openbsd.org 2003/04/02 09:48:07
785 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
786 [readconf.h serverloop.c sshconnect2.c]
787 reapply rekeying chage, tested by henning@, ok djm@
788 - markus@cvs.openbsd.org 2003/04/02 14:36:26
790 potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
791 - itojun@cvs.openbsd.org 2003/04/03 07:25:27
794 - itojun@cvs.openbsd.org 2003/04/03 10:17:35
796 remove $OpenBSD$, as other *.c does not have it.
797 - markus@cvs.openbsd.org 2003/04/07 08:29:57
799 typo: get correct counters; introduced during rekeying change.
800 - millert@cvs.openbsd.org 2003/04/07 21:58:05
802 The UCB copyright here is incorrect. This code did not originate
803 at UCB, it was written by Luke Mewburn. Updated the copyright at
804 the author's request. markus@ OK
805 - itojun@cvs.openbsd.org 2003/04/08 20:21:29
807 rename log() into logit() to avoid name conflict. markus ok, from
809 - (djm) XXX - Performed locally using:
810 "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
811 - hin@cvs.openbsd.org 2003/04/09 08:23:52
813 Don't include <krb.h> when compiling with Kerberos 5 support
814 - (djm) Fix up missing include for packet.c
815 - (djm) Fix missed log => logit occurance (reference by function pointer)
818 - (bal) if IP_TOS is not found or broken don't try to compile in
819 packet_set_tos() function call. bug #527
822 - (djm) OpenBSD CVS Sync
823 - jmc@cvs.openbsd.org 2003/03/28 10:11:43
824 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
825 [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
827 - new sentence new line
830 - markus@cvs.openbsd.org 2003/04/01 10:10:23
831 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
832 [readconf.h serverloop.c sshconnect2.c]
833 rekeying bugfixes and automatic rekeying:
834 * both client and server rekey _automatically_
835 (a) after 2^31 packets, because after 2^32 packets
836 the sequence number for packets wraps
837 (b) after 2^(blocksize_in_bits/4) blocks
838 (see: draft-ietf-secsh-newmodes-00.txt)
839 (a) and (b) are _enabled_ by default, and only disabled for known
840 openssh versions, that don't support rekeying properly.
841 * client option 'RekeyLimit'
842 * do not reply to requests during rekeying
843 - markus@cvs.openbsd.org 2003/04/01 10:22:21
844 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
845 [readconf.h serverloop.c sshconnect2.c]
846 backout rekeying changes (for 3.6.1)
847 - markus@cvs.openbsd.org 2003/04/01 10:31:26
848 [compat.c compat.h kex.c]
849 bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
850 tested by ho@ and myself
851 - markus@cvs.openbsd.org 2003/04/01 10:56:46
854 - (djm) Crank spec file versions
855 - (djm) Release 3.6.1p1
858 - (djm) OpenBSD CVS Sync
859 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
861 one last fix to the tree: race fix broke stuff; pr 3169;
862 srp@srparish.net, help from djm
865 - (djm) Fix getpeerid support for 64 bit BE systems. From
866 Arnd Bergmann <arndb@de.ibm.com>
869 - (djm) OpenBSD CVS Sync
870 - markus@cvs.openbsd.org 2003/03/23 19:02:00
872 unbreak rekeying for privsep; ok millert@
874 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
875 Report from murple@murple.net, diagnosis from dtucker@zip.com.au