+20030108
+ - (djm) Sync openbsd-compat/ with OpenBSD -current
+ - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/01/01 18:08:52
+ [channels.c]
+ move big output buffer messages to debug2
+ - djm@cvs.openbsd.org 2003/01/06 23:51:22
+ [sftp-client.c]
+ Fix "get -p" download to not add user-write perm. mindrot bug #426
+ reported by gfernandez@livevault.com; ok markus@
+ - fgsch@cvs.openbsd.org 2003/01/07 23:42:54
+ [sftp.1]
+ add version; from Nils Nordman <nino at nforced dot com> via markus@.
+ markus@ ok
+
+20030107
+ - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
+ Based on fix from yoshfuji@linux-ipv6.org
+ - (djm) Bug #442: Check for and deny access to accounts with locked
+ passwords. Patch from dtucker@zip.com.au
+ - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes
+ Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch
+ - (djm) Fix Bug #442 for PAM case
+ - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based
+ on one by peak@argo.troja.mff.cuni.cz
+ - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate
+ nasties. Report from peak@argo.troja.mff.cuni.cz
+ - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
+ Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
+ - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
+ dtucker@zip.com.au. Reorder for clarity too.
+
+20030103
+ - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
+ cjwatson@debian.org
+ - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from
+ cjwatson@debian.org
+ - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
+ mii@ornl.gov
+
+20030101
+ - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
+ parts of pass addrlen with sockaddr * fix.
+ from Hajimu UMEMOTO <ume@FreeBSD.org>
+
+20021222
+ - (bal) OpenBSD CVS Sync
+ - fgsch@cvs.openbsd.org 2002/11/15 10:03:09
+ [authfile.c]
+ lseek(2) may return -1 when getting the public/private key lenght.
+ Simplify the code and check for errors using fstat(2).
+
+ Problem reported by Mauricio Sanchez, markus@ ok.
+ - markus@cvs.openbsd.org 2002/11/18 16:43:44
+ [clientloop.c]
+ don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
+ e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
+ - markus@cvs.openbsd.org 2002/11/21 22:22:50
+ [dh.c]
+ debug->debug2
+ - markus@cvs.openbsd.org 2002/11/21 22:45:31
+ [cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
+ debug->debug2, unify debug messages
+ - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
+ [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
+ sshconnect.c]
+ KNF
+ - markus@cvs.openbsd.org 2002/11/21 23:04:33
+ [ssh.c]
+ debug->debug2
+ - stevesk@cvs.openbsd.org 2002/11/24 21:46:24
+ [ssh-keysign.8]
+ typo: "the the"
+ - wcobb@cvs.openbsd.org 2002/11/26 00:45:03
+ [scp.c ssh-keygen.c]
+ Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
+ ok markus@
+ - stevesk@cvs.openbsd.org 2002/11/26 02:35:30
+ [ssh-keygen.1]
+ remove outdated statement; ok markus@ deraadt@
+ - stevesk@cvs.openbsd.org 2002/11/26 02:38:54
+ [canohost.c]
+ KNF, comment and error message repair; ok markus@
+ - markus@cvs.openbsd.org 2002/11/27 17:53:35
+ [scp.c sftp.c ssh.c]
+ allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
+ http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
+ - stevesk@cvs.openbsd.org 2002/12/04 04:36:47
+ [session.c]
+ remove xauth entries before add; PR 2994 from janjaap@stack.nl.
+ ok markus@
+ - markus@cvs.openbsd.org 2002/12/05 11:08:35
+ [scp.c]
+ use roundup() similar to rcp/util.c and avoid problems with strange
+ filesystem block sizes, noted by tjr@freebsd.org; ok djm@
+ - djm@cvs.openbsd.org 2002/12/06 05:20:02
+ [sftp.1]
+ Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@
+ - millert@cvs.openbsd.org 2002/12/09 16:50:30
+ [ssh.c]
+ Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
+ markus@ OK
+ - markus@cvs.openbsd.org 2002/12/10 08:56:00
+ [session.c]
+ Make sure $SHELL points to the shell from the password file, even if shell
+ is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
+ - markus@cvs.openbsd.org 2002/12/10 19:26:50
+ [packet.c]
+ move tos handling to packet_set_tos; ok provos/henning/deraadt
+ - markus@cvs.openbsd.org 2002/12/10 19:47:14
+ [packet.c]
+ static
+ - markus@cvs.openbsd.org 2002/12/13 10:03:15
+ [channels.c misc.c sshconnect2.c]
+ cleanup debug messages, more useful information for the client user.
+ - markus@cvs.openbsd.org 2002/12/13 15:20:52
+ [scp.c]
+ 1) include stalling time in total time
+ 2) truncate filenames to 45 instead of 20 characters
+ 3) print rate instead of progress bar, no more stars
+ 4) scale output to tty width
+ based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
+ - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
+ we already did s/msg_send/ssh_msg_send/
+
+20021205
+ - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
+
+20021122
+ - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by
+ advax@triumf.ca. This type of solution tested by <herb@sgi.com>
+
+20021113
+ - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl
+
+20021111
+ - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is
+ not world writable.
+
+20021109
+ - (bal) OpenBSD CVS Sync
+ - itojun@cvs.openbsd.org 2002/10/16 14:31:48
+ [sftp-common.c]
+ 64bit pedant. %llu is "unsigned long long". markus ok
+ - markus@cvs.openbsd.org 2002/10/23 10:32:13
+ [packet.c]
+ use %u for u_int
+ - markus@cvs.openbsd.org 2002/10/23 10:40:16
+ [bufaux.c]
+ %u for u_int
+ - markus@cvs.openbsd.org 2002/11/04 10:07:53
+ [auth.c]
+ don't compare against pw_home if realpath fails for pw_home (seen
+ on AFS); ok djm@
+ - markus@cvs.openbsd.org 2002/11/04 10:09:51
+ [packet.c]
+ log before send disconnect; ok djm@
+ - markus@cvs.openbsd.org 2002/11/05 19:45:20
+ [monitor.c]
+ handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
+ - markus@cvs.openbsd.org 2002/11/05 20:10:37
+ [sftp-client.c]
+ typo; GaryF@livevault.com
+ - markus@cvs.openbsd.org 2002/11/07 16:28:47
+ [sshd.c]
+ log to stderr if -ie is given, bug #414, prj@po.cwru.edu
+ - markus@cvs.openbsd.org 2002/11/07 22:08:07
+ [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
+ we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
+ because HostbasedAuthentication might be enabled based on the
+ target host and ssh-keysign(8) does not know the remote hostname
+ and not trust ssh(1) about the hostname, so we add a new option
+ EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
+ - markus@cvs.openbsd.org 2002/11/07 22:35:38
+ [scp.c]
+ check exit status from ssh, and exit(1) if ssh fails; bug#369;
+ binder@arago.de
+ - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
+ ntsec now default if cygwin version beginning w/ version 56. Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) AIX does not log login attempts for unknown users (bug #432).
+ patch by dtucker@zip.com.au
+
+20021021
+ - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
+ dtucker@zip.com.au
+ - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from
+ dirk.meyer@dinoex.sub.org
+
+20021015
+ - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
+ - (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
+
+20021015
+ - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
+
+20021004
+ - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
+ SIA.
+
+20021003
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/10/01 20:34:12
+ [ssh-agent.c]
+ allow root to access the agent, since there is no protection from root.
+ - markus@cvs.openbsd.org 2002/10/01 13:24:50
+ [version.h]
+ OpenSSH 3.5
+ - (djm) Bump RPM spec version numbers
+ - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2
+
+20020930
+ - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
+ tweak README
+ - (djm) OpenBSD CVS Sync
+ - mickey@cvs.openbsd.org 2002/09/27 10:42:09
+ [compat.c compat.h sshd.c]
+ add a generic match for a prober, such as sie big brother;
+ idea from stevesk@; markus@ ok
+ - stevesk@cvs.openbsd.org 2002/09/27 15:46:21
+ [ssh.1]
+ clarify compression level protocol 1 only; ok markus@ deraadt@
+
+20020927
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/09/25 11:17:16
+ [sshd_config]
+ sync LoginGraceTime with default
+ - markus@cvs.openbsd.org 2002/09/25 15:19:02
+ [sshd.c]
+ typo; pilot@monkey.org
+ - markus@cvs.openbsd.org 2002/09/26 11:38:43
+ [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
+ [monitor_wrap.h]
+ krb4 + privsep; ok dugsong@, deraadt@
+
+20020925
+ - (bal) Fix issue where successfull login does not clear failure counts
+ in AIX. Patch by dtucker@zip.com.au ok by djm
+ - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
+ This does not include the deattack.c fixes.
+
+20020923
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/09/23 20:46:27
+ [canohost.c]
+ change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
+ non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
+ - markus@cvs.openbsd.org 2002/09/23 22:11:05
+ [monitor.c]
+ only call auth_krb5 if kerberos is enabled; ok deraadt@
+ - markus@cvs.openbsd.org 2002/09/24 08:46:04
+ [monitor.c]
+ only call kerberos code for authctxt->valid
+ - todd@cvs.openbsd.org 2002/09/24 20:59:44
+ [sshd.8]
+ tweak the example $HOME/.ssh/rc script to not show on any cmdline the
+ sensitive data it handles. This fixes bug # 402 as reported by
+ kolya@mit.edu (Nickolai Zeldovich).
+ ok markus@ and stevesk@
+
+20020923
+ - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
+
+20020922
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/09/19 14:53:14
+ [compat.c]
+ - markus@cvs.openbsd.org 2002/09/19 15:51:23
+ [ssh-add.c]
+ typo; cd@kalkatraz.de
+ - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
+ [serverloop.c]
+ log IP address also; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
+ [auth.c]
+ log illegal user here for missing privsep case (ssh2).
+ this is executed in the monitor. ok markus@
+
+20020919
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/09/12 19:11:52
+ [ssh-agent.c]
+ %u for uid print; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
+ [session.c ssh.1]
+ add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
+ [channels.c sshconnect.c sshd.c]
+ remove use of SO_LINGER, it should not be needed. error check
+ SO_REUSEADDR. fixup comments. ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
+ [session.c]
+ log when _PATH_NOLOGIN exists; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
+ [sshd_config.5]
+ more details on X11Forwarding security issues and threats; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
+ [sshd.8]
+ reference moduli(5) in FILES /etc/moduli.
+ - itojun@cvs.openbsd.org 2002/09/17 07:47:02
+ [channels.c]
+ don't quit while creating X11 listening socket.
+ http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
+ got from portable. markus ok
+ - djm@cvs.openbsd.org 2002/09/19 01:58:18
+ [ssh.c sshconnect.c]
+ bugzilla.mindrot.org #223 - ProxyCommands don't exit.
+ Patch from dtucker@zip.com.au; ok markus@
+
20020912
+ - (djm) Made GNOME askpass programs return non-zero if cancel button is
+ pressed.
+ - (djm) Added getpeereid() replacement. Properly implemented for systems
+ with SO_PEERCRED support. Faked for systems which lack it.
+ - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
+ fake-queue.h to sys-tree.h and sys-queue.h
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/09/08 20:24:08
[hostfile.h]
[sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
[sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
support for short/long listings and globbing in "ls"; ok markus@
+ - djm@cvs.openbsd.org 2002/09/12 00:13:06
+ [sftp-int.c]
+ zap unused var introduced in last commit
20020911
- (djm) Sync openbsd-compat with OpenBSD -current
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
-20020622
- - (djm) Update README.privsep; spotted by fries@
- - (djm) Release 3.3p1
- - (bal) getopt now can be staticly compiled on those platforms missing
- optreset. Patch by binder@arago.de
-
-20020621
- - (djm) Sync:
- - djm@cvs.openbsd.org 2002/06/21 05:50:51
- [monitor.c]
- Don't initialise compression buffers when compression=no in sshd_config;
- ok Niels@
- - ID sync for auth-passwd.c
- - (djm) Warn and disable compression on platforms which can't handle both
- useprivilegeseparation=yes and compression=yes
- - (djm) contrib/redhat/openssh.spec hacking:
- - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
- - Add new {ssh,sshd}_config.5 manpages
- - Add new ssh-keysign program and remove setuid from ssh client
-
-20020620
- - (bal) Fixed AIX environment handling, use setpcred() instead of existing
- code. (Bugzilla Bug 261)
- - (bal) OpenBSD CVS Sync
- - todd@cvs.openbsd.org 2002/06/14 21:35:00
- [monitor_wrap.c]
- spelling; from Brian Poole <raj@cerias.purdue.edu>
- - markus@cvs.openbsd.org 2002/06/15 00:01:36
- [authfd.c authfd.h ssh-add.c ssh-agent.c]
- break agent key lifetime protocol and allow other contraints for key
- usage.
- - markus@cvs.openbsd.org 2002/06/15 00:07:38
- [authfd.c authfd.h ssh-add.c ssh-agent.c]
- fix stupid typo
- - markus@cvs.openbsd.org 2002/06/15 01:27:48
- [authfd.c authfd.h ssh-add.c ssh-agent.c]
- remove the CONSTRAIN_IDENTITY messages and introduce a new
- ADD_ID message with contraints instead. contraints can be
- only added together with the private key.
- - itojun@cvs.openbsd.org 2002/06/16 21:30:58
- [ssh-keyscan.c]
- use TAILQ_xx macro. from lukem@netbsd. markus ok
- - deraadt@cvs.openbsd.org 2002/06/17 06:05:56
- [scp.c]
- make usage like man page
- - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
- [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
- authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
- ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
- ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
- xmalloc.h]
- KNF done automatically while reading....
- - markus@cvs.openbsd.org 2002/06/19 18:01:00
- [cipher.c monitor.c monitor_wrap.c packet.c packet.h]
- make the monitor sync the transfer ssh1 session key;
- transfer keycontext only for RC4 (this is still depends on EVP
- implementation details and is broken).
- - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
- [ssh.1 sshd.8]
- move configuration file options from ssh.1/sshd.8 to
- ssh_config.5/sshd_config.5; ok deraadt@ millert@
- - stevesk@cvs.openbsd.org 2002/06/20 20:00:05
- [scp.1 sftp.1]
- ssh_config(5)
- - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
- [ssh_config sshd_config]
- refer to config file man page
- - markus@cvs.openbsd.org 2002/06/20 23:05:56
- [servconf.c servconf.h session.c sshd.c]
- allow Compression=yes/no in sshd_config
- - markus@cvs.openbsd.org 2002/06/20 23:37:12
- [sshd_config]
- add Compression
- - stevesk@cvs.openbsd.org 2002/05/25 20:40:08
- [LICENCE]
- missed Per Allansson (auth2-chall.c)
- - (bal) Cygwin special handling of empty passwords wrong. Patch by
- vinschen@redhat.com
- - (bal) Missed integrating ssh_config.5 and sshd_config.5
- - (bal) Still more Makefile.in updates for ssh{d}_config.5
-
-20020613
- - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com
-
-20020612
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/06/11 23:03:54
- [ssh.c]
- remove unused cruft.
- - markus@cvs.openbsd.org 2002/06/12 01:09:52
- [ssh.c]
- ssh_connect returns 0 on success
- - (bal) Build noop setgroups() for cygwin to clean up code (For other
- platforms without the setgroups() requirement, you MUST define
- SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
- - (bal) Some platforms don't have ONLCR (Notable Mint)
-
-20020611
- - (bal) ssh-agent.c RCSD fix (|unexpand already done)
- - (bal) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
- [ssh.1]
- update for no setuid root and ssh-keysign; ok deraadt@
- - itojun@cvs.openbsd.org 2002/06/09 22:17:21
- [sshconnect.c]
- pass salen to sockaddr_ntop so that we are happy on linux/solaris
- - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
- [auth-rsa.c ssh-rsa.c]
- display minimum RSA modulus in error(); ok markus@
- - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
- [ssh-keysign.8]
- merge in stuff from my man page; ok markus@
- - stevesk@cvs.openbsd.org 2002/06/10 17:36:23
- [ssh-add.1 ssh-add.c]
- use convtime() to parse and validate key lifetime. can now
- use '-t 2h' etc. ok markus@ provos@
- - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
- [readconf.c ssh.1]
- change RhostsRSAAuthentication and RhostsAuthentication default to no
- since ssh is no longer setuid root by default; ok markus@
- - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
- [ssh_config]
- update defaults for RhostsRSAAuthentication and RhostsAuthentication
- here too (all options commented out with default value).
- - markus@cvs.openbsd.org 2002/06/10 22:28:41
- [channels.c channels.h session.c]
- move creation of agent socket to session.c; no need for uidswapping
- in channel.c.
- - markus@cvs.openbsd.org 2002/06/11 04:14:26
- [ssh.c sshconnect.c sshconnect.h]
- no longer use uidswap.[ch] from the ssh client
- run less code with euid==0 if ssh is installed setuid root
- just switch the euid, don't switch the complete set of groups
- (this is only needed by sshd). ok provos@
- - mpech@cvs.openbsd.org 2002/06/11 05:46:20
- [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
- pid_t cleanup. Markus need this now to keep hacking.
- markus@, millert@ ok
- - itojun@cvs.openbsd.org 2002/06/11 08:11:45
- [canohost.c]
- use "ntop" only after initialized
- - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
- vinschen@redhat.com
-
-20020609
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/06/08 05:07:56
- [ssh.c]
- nuke ptrace comment
- - markus@cvs.openbsd.org 2002/06/08 05:07:09
- [ssh-keysign.c]
- only accept 20 byte session ids
- - markus@cvs.openbsd.org 2002/06/08 05:17:01
- [readconf.c readconf.h ssh.1 ssh.c]
- deprecate FallBackToRsh and UseRsh; patch from djm@
- - markus@cvs.openbsd.org 2002/06/08 05:40:01
- [readconf.c]
- just warn about Deprecated options for now
- - markus@cvs.openbsd.org 2002/06/08 05:41:18
- [ssh_config]
- remove FallBackToRsh/UseRsh
- - markus@cvs.openbsd.org 2002/06/08 12:36:53
- [scp.c]
- remove FallBackToRsh
- - markus@cvs.openbsd.org 2002/06/08 12:46:14
- [readconf.c]
- silently ignore deprecated options, since FallBackToRsh might be passed
- by remote scp commands.
- - itojun@cvs.openbsd.org 2002/06/08 21:15:27
- [sshconnect.c]
- always use getnameinfo. (diag message only)
- - markus@cvs.openbsd.org 2002/06/09 04:33:27
- [sshconnect.c]
- abort() - > fatal()
- - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
- sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
- independant of them)
-
-20020607
- - (bal) Removed --{enable/disable}-suid-ssh
- - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au
- - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
- Bertrand.Velle@apogee-com.fr
-
-20020606
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/05/15 21:56:38
- [servconf.c sshd.8 sshd_config]
- re-enable privsep and disable setuid for post-3.2.2
- - markus@cvs.openbsd.org 2002/05/16 22:02:50
- [cipher.c kex.h mac.c]
- fix warnings (openssl 0.9.7 requires const)
- - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
- [session.c ssh.c]
- don't limit xauth pathlen on client side and longer print length on
- server when debug; ok markus@
- - deraadt@cvs.openbsd.org 2002/05/19 20:54:52
- [log.h]
- extra commas in enum not 100% portable
- - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
- [ssh.c sshd.c]
- spelling; abishoff@arc.nasa.gov
- - markus@cvs.openbsd.org 2002/05/23 19:24:30
- [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
- sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
- add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
- authentication in protocol v2 (needs to access the hostkeys).
- - markus@cvs.openbsd.org 2002/05/23 19:39:34
- [ssh.c]
- add comment about ssh-keysign
- - markus@cvs.openbsd.org 2002/05/24 08:45:14
- [sshconnect2.c]
- stat ssh-keysign first, print error if stat fails;
- some debug->error; fix comment
- - markus@cvs.openbsd.org 2002/05/25 08:50:39
- [sshconnect2.c]
- execlp->execl; from stevesk
- - markus@cvs.openbsd.org 2002/05/25 18:51:07
- [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
- auth2-passwd.c auth2-pubkey.c Makefile.in]
- split auth2.c into one file per method; ok provos@/deraadt@
- - stevesk@cvs.openbsd.org 2002/05/26 20:35:10
- [ssh.1]
- sort ChallengeResponseAuthentication; ok markus@
- - stevesk@cvs.openbsd.org 2002/05/28 16:45:27
- [monitor_mm.c]
- print strerror(errno) on mmap/munmap error; ok markus@
- - stevesk@cvs.openbsd.org 2002/05/28 17:28:02
- [uidswap.c]
- format spec change/casts and some KNF; ok markus@
- - stevesk@cvs.openbsd.org 2002/05/28 21:24:00
- [uidswap.c]
- use correct function name in fatal()
- - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
- [ssh.1 sshd.8]
- spelling
- - markus@cvs.openbsd.org 2002/05/29 11:21:57
- [sshd.c]
- don't start if privsep is enabled and SSH_PRIVSEP_USER or
- _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
- - markus@cvs.openbsd.org 2002/05/30 08:07:31
- [cipher.c]
- use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
- our own implementation. allow use of AES hardware via libcrypto,
- ok deraadt@
- - markus@cvs.openbsd.org 2002/05/31 10:30:33
- [sshconnect2.c]
- extent ssh-keysign protocol:
- pass # of socket-fd to ssh-keysign, keysign verfies locally used
- ip-address using this socket-fd, restricts fake local hostnames
- to actual local hostnames; ok stevesk@
- - markus@cvs.openbsd.org 2002/05/31 11:35:15
- [auth.h auth2.c]
- move Authmethod definitons to per-method file.
- - markus@cvs.openbsd.org 2002/05/31 13:16:48
- [key.c]
- add comment:
- key_verify returns 1 for a correct signature, 0 for an incorrect signature
- and -1 on error.
- - markus@cvs.openbsd.org 2002/05/31 13:20:50
- [ssh-rsa.c]
- pad received signature with leading zeros, because RSA_verify expects
- a signature of RSA_size. the drafts says the signature is transmitted
- unpadded (e.g. putty does not pad), reported by anakin@pobox.com
- - deraadt@cvs.openbsd.org 2002/06/03 12:04:07
- [ssh.h]
- compatiblity -> compatibility
- decriptor -> descriptor
- authentciated -> authenticated
- transmition -> transmission
- - markus@cvs.openbsd.org 2002/06/04 19:42:35
- [monitor.c]
- only allow enabled authentication methods; ok provos@
- - markus@cvs.openbsd.org 2002/06/04 19:53:40
- [monitor.c]
- save the session id (hash) for ssh2 (it will be passed with the
- initial sign request) and verify that this value is used during
- authentication; ok provos@
- - markus@cvs.openbsd.org 2002/06/04 23:02:06
- [packet.c]
- remove __FUNCTION__
- - markus@cvs.openbsd.org 2002/06/04 23:05:49
- [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
- __FUNCTION__ -> __func__
- - markus@cvs.openbsd.org 2002/06/05 16:08:07
- [ssh-agent.1 ssh-agent.c]
- '-a bind_address' binds the agent to user-specified unix-domain
- socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
- - markus@cvs.openbsd.org 2002/06/05 16:08:07
- [ssh-agent.1 ssh-agent.c]
- '-a bind_address' binds the agent to user-specified unix-domain
- socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
- - markus@cvs.openbsd.org 2002/06/05 16:48:54
- [ssh-agent.c]
- copy current request into an extra buffer and just flush this
- request on errors, ok provos@
- - markus@cvs.openbsd.org 2002/06/05 19:57:12
- [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
- ssh-add -x for lock and -X for unlocking the agent.
- todo: encrypt private keys with locked...
- - markus@cvs.openbsd.org 2002/06/05 20:56:39
- [ssh-add.c]
- add -x/-X to usage
- - markus@cvs.openbsd.org 2002/06/05 21:55:44
- [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
- ssh-add -t life, Set lifetime (in seconds) when adding identities;
- ok provos@
- - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
- [monitor.h]
- no trailing comma in enum; china@thewrittenword.com
- - markus@cvs.openbsd.org 2002/06/06 17:12:44
- [sftp-server.c]
- discard remaining bytes of current request; ok provos@
- - markus@cvs.openbsd.org 2002/06/06 17:30:11
- [sftp-server.c]
- use get_int() macro (hide iqueue)
- - (bal) Missed msg.[ch] in merge. Required for ssh-keysign.
- - (bal) Forgot to add msg.c Makefile.in.
- - (bal) monitor_mm.c typos.
- - (bal) Refixed auth2.c. It was never fully commited while spliting out
- authentication to different files.
- - (bal) ssh-keysign should build and install correctly now. Phase two
- would be to clean out any dead wood and disable ssh setuid on install.
- - (bal) Reverse logic, use __func__ first since it's C99
-
-20020604
- - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
- setsockopt from debug to error for now).
-
-20020527
- - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
- build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
- last monitor_fdpass.c changes that are no longer needed with new tests.
- Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
-
-20020522
- - (djm) Fix spelling mistakes, spotted by Solar Designer i
- <solar@openwall.com>
- - Sync scard/ (not sure when it drifted)
- - (djm) OpenBSD CVS Sync:
- [auth.c]
- Fix typo/thinko. Pass in as to auth_approval(), not NULL.
- Closes PR 2659.
- - Crank version
- - Crank RPM spec versions
-
-20020521
- - (stevesk) [sshd.c] bug 245; disable setsid() for now
- - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
-
-20020517
- - (tim) [configure.ac] remove extra MD5_MSG="no" line.
-
-20020515
- - (bal) CVS ID fix up on auth-passwd.c
- - (bal) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
- [ssh.h]
- use ssh uid
- - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
- [ssh.h]
- move to sshd.sshd instead
- - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
- [ssh.h]
- typo in comment
- - itojun@cvs.openbsd.org 2002/05/13 02:37:39
- [auth-skey.c auth2.c]
- less warnings. skey_{respond,query} are public (in auth.h)
- - markus@cvs.openbsd.org 2002/05/13 20:44:58
- [auth-options.c auth.c auth.h]
- move the packet_send_debug handling from auth-options.c to auth.c;
- ok provos@
- - millert@cvs.openbsd.org 2002/05/13 15:53:19
- [sshd.c]
- Call setsid() in the child after sshd accepts the connection and forks.
- This is needed for privsep which calls setlogin() when it changes uids.
- Without this, there is a race where the login name of an existing
- connection, as returned by getlogin(), may be changed to the privsep
- user (sshd). markus@ OK
- - markus@cvs.openbsd.org 2002/05/13 21:26:49
- [auth-rhosts.c]
- handle debug messages during rhosts-rsa and hostbased authentication;
- ok provos@
- - mouring@cvs.openbsd.org 2002/05/15 15:47:49
- [kex.c monitor.c monitor_wrap.c sshd.c]
- 'monitor' variable clashes with at least one lame platform (NeXT). i
- Renamed to 'pmonitor'. provos@
- - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
- [servconf.c sshd.8 sshd_config]
- enable privsep by default; provos ok
- - millert@cvs.openbsd.org 2002/05/06 23:34:33
- [ssh.1 sshd.8]
- Kill/adjust r(login|exec)d? references now that those are no longer in
- the tree.
- - markus@cvs.openbsd.org 2002/05/15 21:02:53
- [servconf.c sshd.8 sshd_config]
- disable privsep and enable setuid for the 3.2.2 release
- - (bal) Fixed up PAM case. I think.
- - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/05/15 21:05:29
- [version.h]
- enter OpenSSH_3.2.2
- - (bal) Caldara, Suse, and Redhat openssh.specs updated.
-
-20020514
- - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
- - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
- match what newer style ptys have when allocated. Based on a patch by
- Roger Cornelius <rac@tenzing.org>
- - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
- - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
- from PAM-enabled pragraph. UnixWare has no PAM.
- - (tim) [contrib/caldera/openssh.spec] update version.
-
-20020513
- - (stevesk) add initial README.privsep
- - (stevesk) [configure.ac] nicer message: --with-privsep-user=user
- - (djm) Add --with-superuser-path=xxx configure option to specify
- what $PATH the superuser receives.
- - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
- - (djm) Add --with-privsep-path configure option
- - (djm) Update RPM spec file: different superuser path, use
- /var/empty/sshd for privsep
- - (djm) Bug #234: missing readpassphrase declaration and defines
- - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
- OpenSSL < 0.9.6
-
-20020511
- - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
- Now only searches system and /usr/local/ssl (OpenSSL's default install path)
- Others must use --with-ssl-dir=....
- - (tim) [monitor_fdpass.c] fix for systems that have both
- HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
- has #define msg_accrights msg_control
-
-20020510
- - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
- check for root forced expire. Still don't check for inactive.
- - (djm) Rework RedHat RPM files. Based on spec from Nalin
- Dahyabhai <nalin@redhat.com> and patches from
- Pekka Savola <pekkas@netcore.fi>
- - (djm) Try to drop supplemental groups at daemon startup. Patch from
- RedHat
- - (bal) Back all the way out of auth-passwd.c changes. Breaks too many
- things that don't set pw->pw_passwd.
-
-20020509
- - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
-
-20020508
- - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
- called. Report by Chris Maxwell <maxwell@cs.dal.ca>
- - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
- - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
-
-20020507
- - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
- Add truncate() emulation to address Bug 208
-
-20020506
- - (djm) Unbreak auth-passwd.c for PAM and SIA
- - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
- <pekkas@netcore.fi>
- - (djm) Don't reinitialise PAM credentials before we have started PAM.
- Report from Pekka Savola <pekkas@netcore.fi>
-
-20020506
- - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
-
-20020501
- - (djm) Import OpenBSD regression tests. Requires BSD make to run
- - (djm) Fix readpassphase compilation for systems which have it
-
-20020429
- - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
- sshd_config.
- - (tim) [contrib/cygwin/README] remove reference to regex.
- patch from Corinna Vinschen <vinschen@redhat.com>
-
-20020426
- - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
- during distprep only
- - (djm) Disable PAM password expiry until a complete fix for bug #188
- exists
- - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
- patch from openssh@misc.tecq.org
-
-20020425
- - (stevesk) [defines.h] remove USE_TIMEVAL; unused
- - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
- support. bug #184. most from dcole@keysoftsys.com.
-
-20020424
- - (djm) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/04/23 12:54:10
- [version.h]
- 3.2.1
- - djm@cvs.openbsd.org 2002/04/23 22:16:29
- [sshd.c]
- Improve error message; ok markus@ stevesk@
-
-20020423
- - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
- - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
- - (markus) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/04/23 12:58:26
- [radix.c]
- send complete ticket; semerad@ss1000.ms.mff.cuni.cz
- - (djm) Trim ChangeLog to include only post-3.1 changes
- - (djm) Update RPM spec file versions
- - (djm) Redhat spec enables KrbV by default
- - (djm) Applied OpenSC smartcard updates from Markus &
- Antti Tapaninen <aet@cc.hut.fi>
- - (djm) Define BROKEN_REALPATH for AIX, patch from
- Antti Tapaninen <aet@cc.hut.fi>
- - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
- Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
- <phgrau@zedat.fu-berlin.de>
- - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
- Reported by Doug Manton <dmanton@emea.att.com>
- - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
- Robert Urban <urban@spielwiese.de>
- - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
- sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
- <Matthew_Clarke@mindlink.bc.ca>
- - (djm) Make privsep work with PAM (still experimental)
- - (djm) OpenBSD CVS Sync
- - deraadt@cvs.openbsd.org 2002/04/20 09:02:03
- [servconf.c]
- No, afs requires explicit enabling
- - markus@cvs.openbsd.org 2002/04/20 09:14:58
- [bufaux.c bufaux.h]
- add buffer_{get,put}_short
- - markus@cvs.openbsd.org 2002/04/20 09:17:19
- [radix.c]
- rewrite using the buffer_* API, fixes overflow; ok deraadt@
- - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
- [sshd.8 sshd_config]
- document default AFSTokenPassing no; ok deraadt@
- - stevesk@cvs.openbsd.org 2002/04/21 16:25:06
- [sshconnect1.c]
- spelling in error message; ok markus@
- - markus@cvs.openbsd.org 2002/04/22 06:15:47
- [radix.c]
- fix check for overflow
- - markus@cvs.openbsd.org 2002/04/22 16:16:53
- [servconf.c sshd.8 sshd_config]
- do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
- - markus@cvs.openbsd.org 2002/04/22 21:04:52
- [channels.c clientloop.c clientloop.h ssh.c]
- request reply (success/failure) for -R style fwd in protocol v2,
- depends on ordered replies.
- fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
-
-20020421
- - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
- entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
- succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
-
-20020418
- - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
- Sturle Sunde <sturle.sunde@usit.uio.no>
-
-20020417
- - (djm) Tell users to configure /dev/random support into OpenSSL in
- INSTALL
- - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
- - (tim) [configure.ac] Issue warning on --with-default-path=/some_path
- if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
-
-20020415
- - (djm) Unbreak "make install". Fix from Darren Tucker
- <dtucker@zip.com.au>
- - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
- - (tim) [configure.ac] add tests for recvmsg and sendmsg.
- [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
- systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
-
-20020414
- - (djm) ssh-rand-helper improvements
- - Add commandline debugging options
- - Don't write binary data if stdout is a tty (use hex instead)
- - Give it a manpage
- - (djm) Random number collection doc fixes from Ben
-
-20020413
- - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
-
-20020412
- - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
- - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
- to -h on testing for /bin being symbolic link
- - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
- Corinna Vinschen <vinschen@redhat.com>
- - (bal) disable privsep if no MAP_ANON. We can re-enable it
- after the release when we can do more testing.
-
-20020411
- - (stevesk) [auth-sia.c] cleanup
- - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
- defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
- openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
- ok stevesk@
-
-20020410
- - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
- - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net>
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/04/10 08:21:47
- [auth1.c compat.c compat.h]
- strip '@' from username only for KerbV and known broken clients,
- bug #204
- - markus@cvs.openbsd.org 2002/04/10 08:56:01
- [version.h]
- OpenSSH_3.2
- - Added p1 to idenify Portable release version.
-
-20020408
- - (bal) Minor OpenSC updates. Fix up header locations and update
- README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi>
-
-20020407
- - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
- Future: we may want to test if fd passing works correctly.
- - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
- and no fd passing support.
- - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
- monitor_mm.c
- - (stevesk) remove configure support for poll.h; it was removed
- from sshd.c a long time ago.
- - (stevesk) --with-privsep-user; default sshd
- - (stevesk) wrap munmap() with HAVE_MMAP also.
-
-20020406
- - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
- <carsten.grohmann@dr-baldeweg.de>
- - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
- - (bal) OpenBSD CVS Sync
- - djm@cvs.openbsd.org 2002/04/06 00:30:08
- [sftp-client.c]
- Fix occasional corruption on upload due to bad reuse of request
- id, spotted by chombier@mac.com; ok markus@
- - mouring@cvs.openbsd.org 2002/04/06 18:24:09
- [scp.c]
- Fixes potental double // within path.
- http://bugzilla.mindrot.org/show_bug.cgi?id=76
- - (bal) Slight update to OpenSC support. Better version checking. patch
- by Juha Yrjölä <jyrjola@cc.hut.fi>
- - (bal) Revered out of runtime IRIX detection of joblimits. Code is
- incomplete.
- - (bal) Quiet down configure.ac if /bin/test does not exist.
- - (bal) We no longer use atexit()/xatexit()/on_exit()
-
-20020405
- - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
- Juha Yrjölä <jyrjola@cc.hut.fi>
- - (bal) Minor documentation update to reflect smartcard library
- support changes.
- - (bal) Too many <sys/queue.h> issues. Remove all workarounds and
- using internal version only.
- - (bal) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
- [sshd.8]
- clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
-
-20020404
- - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
- auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/04/03 09:26:11
- [cipher.c myproposal.h]
- re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
-
-20020402
- - (bal) Hand Sync of scp.c (reverted to upstream code)
- - deraadt@cvs.openbsd.org 2002/03/30 17:45:46
- [scp.c]
- stretch banners
- - (bal) CVS ID sync of uidswap.c
- - (bal) OpenBSD CVS Sync (now for the real sync)
- - markus@cvs.openbsd.org 2002/03/27 22:21:45
- [ssh-keygen.c]
- try to import keys with extra trailing === (seen with ssh.com <
- 2.0.12)
- - markus@cvs.openbsd.org 2002/03/28 15:34:51
- [session.c]
- do not call record_login twice (for use_privsep)
- - markus@cvs.openbsd.org 2002/03/29 18:59:32
- [session.c session.h]
- retrieve last login time before the pty is allocated, store per
- session
- - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
- [sshd.8]
- RSA key modulus size minimum 768; ok markus@
- - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
- [auth-rsa.c ssh-rsa.c ssh.h]
- make RSA modulus minimum #define; ok markus@
- - markus@cvs.openbsd.org 2002/03/30 18:51:15
- [monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
- check waitpid for EINTR; based on patch from peter@ifm.liu.se
- - markus@cvs.openbsd.org 2002/04/01 22:02:16
- [sftp-client.c]
- 20480 is an upper limit for older server
- - markus@cvs.openbsd.org 2002/04/01 22:07:17
- [sftp-client.c]
- fallback to stat if server does not support lstat
- - markus@cvs.openbsd.org 2002/04/02 11:49:39
- [ssh-agent.c]
- check $SHELL for -k and -d, too;
- http://bugzilla.mindrot.org/show_bug.cgi?id=199
- - markus@cvs.openbsd.org 2002/04/02 17:37:48
- [sftp.c]
- always call log_init()
- - markus@cvs.openbsd.org 2002/04/02 20:11:38
- [ssh-rsa.c]
- ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
- - (bal) mispelling in uidswap.c (portable only)
-
-20020401
- - (stevesk) [monitor.c] PAM should work again; will *not* work with
- UsePrivilegeSeparation=yes.
- - (stevesk) [auth1.c] fix password auth for protocol 1 when
- !USE_PAM && !HAVE_OSF_SIA; merge issue.
-
-20020331
- - (tim) [configure.ac] use /bin/test -L to work around broken builtin on
- Solaris 8
- - (tim) [sshconnect2.c] change uint32_t to u_int32_t
-
-20020330
- - (stevesk) [configure.ac] remove header check for sys/ttcompat.h
- bug 167
-
-20020327
- - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
- kent@lysator.liu.se
- - (bal) OpenBSD CVS Sync
- - markus@cvs.openbsd.org 2002/03/26 11:34:49
- [ssh.1 sshd.8]
- update to recent drafts
- - markus@cvs.openbsd.org 2002/03/26 11:37:05
- [ssh.c]
- update Copyright
- - markus@cvs.openbsd.org 2002/03/26 15:23:40
- [bufaux.c]
- do not talk about packets in bufaux
- - rees@cvs.openbsd.org 2002/03/26 18:46:59
- [scard.c]
- try_AUT0 in read_pubkey too, for those paranoid few who want to
- acl 'sh'
- - markus@cvs.openbsd.org 2002/03/26 22:50:39
- [channels.h]
- CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
- - markus@cvs.openbsd.org 2002/03/26 23:13:03
- [auth-rsa.c]
- disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
- - markus@cvs.openbsd.org 2002/03/26 23:14:51
- [kex.c]
- generate a new cookie for each SSH2_MSG_KEXINIT message we send out
- - mouring@cvs.openbsd.org 2002/03/27 11:45:42
- [monitor.c]
- monitor_allowed_key() returns int instead of pointer. ok markus@
-
-20020325
- - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
- - (bal) OpenBSD CVS Sync
- - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
- [sshd.c]
- setproctitle() after preauth child; ok markus@
- - markus@cvs.openbsd.org 2002/03/24 16:00:27
- [serverloop.c]
- remove unused debug
- - markus@cvs.openbsd.org 2002/03/24 16:01:13
- [packet.c]
- debug->debug3 for extra padding
- - stevesk@cvs.openbsd.org 2002/03/24 17:27:03
- [kexgex.c]
- typo; ok markus@
- - stevesk@cvs.openbsd.org 2002/03/24 17:53:16
- [monitor_fdpass.c]
- minor cleanup and more error checking; ok markus@
- - markus@cvs.openbsd.org 2002/03/24 18:05:29
- [scard.c]
- we need to figure out AUT0 for sc_private_encrypt, too
- - stevesk@cvs.openbsd.org 2002/03/24 23:20:00
- [monitor.c]
- remove "\n" from fatal()
- - markus@cvs.openbsd.org 2002/03/25 09:21:13
- [auth-rsa.c]
- return 0 (not NULL); tomh@po.crl.go.jp
- - markus@cvs.openbsd.org 2002/03/25 09:25:06
- [auth-rh-rsa.c]
- rm bogus comment
- - markus@cvs.openbsd.org 2002/03/25 17:34:27
- [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
- change sc_get_key to sc_get_keys and hide smartcard details in scard.c
- - stevesk@cvs.openbsd.org 2002/03/25 20:12:10
- [monitor_mm.c monitor_wrap.c]
- ssize_t args use "%ld" and cast to (long)
- size_t args use "%lu" and cast to (u_long)
- ok markus@ and thanks millert@
- - markus@cvs.openbsd.org 2002/03/25 21:04:02
- [ssh.c]
- simplify num_identity_files handling
- - markus@cvs.openbsd.org 2002/03/25 21:13:51
- [channels.c channels.h compat.c compat.h nchan.c]
- don't send stderr data after EOF, accept this from older known
- (broken) sshd servers only, fixes
- http://bugzilla.mindrot.org/show_bug.cgi?id=179
- - stevesk@cvs.openbsd.org 2002/03/26 03:24:01
- [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
- $OpenBSD$
-
-20020324
- - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
- it can be removed. only used on solaris. will no longer compile with
- privsep shuffling.
-
-20020322
- - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
- - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
- - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
- - (stevesk) [monitor_fdpass.c] support for access rights style file
- descriptor passing
- - (stevesk) [auth2.c] merge cleanup/sync
- - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
- is missing CMSG_LEN() and CMSG_SPACE() macros.
- - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
- platforms may need this--I'm not sure. mmap() issues will need to be
- addressed further.
- - (tim) [cipher.c] fix problem with OpenBSD sync
- - (stevesk) [LICENCE] OpenBSD sync
-
-20020321
- - (bal) OpenBSD CVS Sync
- - itojun@cvs.openbsd.org 2002/03/08 06:10:16
- [sftp-client.c]
- printf type mismatch
- - itojun@cvs.openbsd.org 2002/03/11 03:18:49
- [sftp-client.c]
- correct type mismatches (u_int64_t != unsigned long long)
- - itojun@cvs.openbsd.org 2002/03/11 03:19:53
- [sftp-client.c]
- indent
- - markus@cvs.openbsd.org 2002/03/14 15:24:27
- [sshconnect1.c]
- don't trust size sent by (rogue) server; noted by
- s.esser@e-matters.de
- - markus@cvs.openbsd.org 2002/03/14 16:38:26
- [sshd.c]
- split out ssh1 session key decryption; ok provos@
- - markus@cvs.openbsd.org 2002/03/14 16:56:33
- [auth-rh-rsa.c auth-rsa.c auth.h]
- split auth_rsa() for better readability and privsep; ok provos@
- - itojun@cvs.openbsd.org 2002/03/15 11:00:38
- [auth.c]
- fix file type checking (use S_ISREG). ok by markus
- - markus@cvs.openbsd.org 2002/03/16 11:24:53
- [compress.c]
- skip inflateEnd if inflate fails; ok provos@
- - markus@cvs.openbsd.org 2002/03/16 17:22:09
- [auth-rh-rsa.c auth.h]
- split auth_rhosts_rsa(), ok provos@
- - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
- [auth-krb5.c]
- BSD license. from Daniel Kouril via Dug Song. ok markus@
- - provos@cvs.openbsd.org 2002/03/17 20:25:56
- [auth.c auth.h auth1.c auth2.c]
- getpwnamallow returns struct passwd * only if user valid;
- okay markus@
- - provos@cvs.openbsd.org 2002/03/18 01:12:14
- [auth.h auth1.c auth2.c sshd.c]
- have the authentication functions return the authentication context
- and then do_authenticated; okay millert@
- - dugsong@cvs.openbsd.org 2002/03/18 01:30:10
- [auth-krb4.c]
- set client to NULL after xfree(), from Rolf Braun
- <rbraun+ssh@andrew.cmu.edu>
- - provos@cvs.openbsd.org 2002/03/18 03:41:08
- [auth.c session.c]
- move auth_approval into getpwnamallow with help from millert@
- - markus@cvs.openbsd.org 2002/03/18 17:13:15
- [cipher.c cipher.h]
- export/import cipher states; needed by ssh-privsep
- - markus@cvs.openbsd.org 2002/03/18 17:16:38
- [packet.c packet.h]
- export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
- - markus@cvs.openbsd.org 2002/03/18 17:23:31
- [key.c key.h]
- add key_demote() for ssh-privsep
- - provos@cvs.openbsd.org 2002/03/18 17:25:29
- [bufaux.c bufaux.h]
- buffer_skip_string and extra sanity checking; needed by ssh-privsep
- - provos@cvs.openbsd.org 2002/03/18 17:31:54
- [compress.c]
- export compression streams for ssh-privsep
- - provos@cvs.openbsd.org 2002/03/18 17:50:31
- [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
- [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
- [kexgex.c servconf.c]
- [session.h servconf.h serverloop.c session.c sshd.c]
- integrate privilege separated openssh; its turned off by default
- for now. work done by me and markus@
- - provos@cvs.openbsd.org 2002/03/18 17:53:08
- [sshd.8]
- credits for privsep
- - provos@cvs.openbsd.org 2002/03/18 17:59:09
- [sshd.8]
- document UsePrivilegeSeparation
- - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
- [servconf.c]
- UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
- provos@
- - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
- [pathnames.h servconf.c servconf.h sshd.c]
- _PATH_PRIVSEP_CHROOT_DIR; ok provos@
- - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
- [sshd.8]
- Banner has no default.
- - mpech@cvs.openbsd.org 2002/03/19 06:32:56
- [sftp-int.c]
- use xfree() after xstrdup().
-
- markus@ ok
- - markus@cvs.openbsd.org 2002/03/19 10:35:39
- [auth-options.c auth.h session.c session.h sshd.c]
- clean up prototypes
- - markus@cvs.openbsd.org 2002/03/19 10:49:35
- [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
- [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
- [sshconnect2.c sshd.c ttymodes.c]
- KNF whitespace
- - markus@cvs.openbsd.org 2002/03/19 14:27:39
- [auth.c auth1.c auth2.c]
- make getpwnamallow() allways call pwcopy()
- - markus@cvs.openbsd.org 2002/03/19 15:31:47
- [auth.c]
- check for NULL; from provos@
- - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
- [servconf.c servconf.h ssh.h sshd.c]
- for unprivileged user, group do:
- pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
- - stevesk@cvs.openbsd.org 2002/03/20 21:08:08
- [sshd.c]
- strerror() on chdir() fail; ok provos@
- - markus@cvs.openbsd.org 2002/03/21 10:21:20
- [ssh-add.c]
- ignore errors for nonexisting default keys in ssh-add,
- fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
- - jakob@cvs.openbsd.org 2002/03/21 15:17:26
- [clientloop.c ssh.1]
- add built-in command line for adding new port forwardings on the fly.
- based on a patch from brian wellington. ok markus@.
- - markus@cvs.openbsd.org 2002/03/21 16:38:06
- [scard.c]
- make compile w/ openssl 0.9.7
- - markus@cvs.openbsd.org 2002/03/21 16:54:53
- [scard.c scard.h ssh-keygen.c]
- move key upload to scard.[ch]
- - markus@cvs.openbsd.org 2002/03/21 16:57:15
- [scard.c]
- remove const
- - markus@cvs.openbsd.org 2002/03/21 16:58:13
- [clientloop.c]
- remove unused
- - rees@cvs.openbsd.org 2002/03/21 18:08:15
- [scard.c]
- In sc_put_key(), sc_reader_id should be id.
- - markus@cvs.openbsd.org 2002/03/21 20:51:12
- [sshd_config]
- add privsep (off)
- - markus@cvs.openbsd.org 2002/03/21 21:23:34
- [sshd.c]
- add privsep_preauth() and remove 1 goto; ok provos@
- - rees@cvs.openbsd.org 2002/03/21 21:54:34
- [scard.c scard.h ssh-keygen.c]
- Add PIN-protection for secret key.
- - rees@cvs.openbsd.org 2002/03/21 22:44:05
- [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
- Add PIN-protection for secret key.
- - markus@cvs.openbsd.org 2002/03/21 23:07:37
- [clientloop.c]
- remove unused, sync w/ cmdline patch in my tree.
-
-20020317
- - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
- wanted, warn if directory does not exist. Put system directories in
- front of PATH for finding entorpy commands.
- - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
- build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
- [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
- postinstall check for $piddir and add if necessary.
-
-20020311
- - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
- build on all platforms that support SVR4 style package tools. Now runs
- from build dir. Parts are based on patches from Antonio Navarro, and
- Darren Tucker.
-
-20020308
- - (djm) Revert bits of Markus' OpenSSL compat patch which was
- accidentally committed.
- - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
- Known issue: Blowfish for SSH1 does not work
- - (stevesk) entropy.c: typo in debug message
- - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-
$Id$