+20070927
+ - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
+ we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
+ - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
+ so disable it for that platform. From bacon at cs nyu edu.
+
+20070921
+ - (djm) [atomicio.c] Fix spin avoidance for platforms that define
+ EWOULDBLOCK; patch from ben AT psc.edu
+
+20070917
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/08/23 02:49:43
+ [auth-passwd.c auth.c session.c]
+ unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 02:55:51
+ [auth-passwd.c auth.c session.c]
+ missed include bits from last commit
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:06:10
+ [auth.h]
+ login_cap.h doesn't belong here
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:22:16
+ [auth2-none.c sshd_config sshd_config.5]
+ Support "Banner=none" to disable displaying of the pre-login banner;
+ ok dtucker@ deraadt@
+ - djm@cvs.openbsd.org 2007/08/23 03:23:26
+ [sshconnect.c]
+ Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
+ - djm@cvs.openbsd.org 2007/09/04 03:21:03
+ [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
+ [monitor_wrap.c ssh.c]
+ make file descriptor passing code return an error rather than call fatal()
+ when it encounters problems, and use this to make session multiplexing
+ masters survive slaves failing to pass all stdio FDs; ok markus@
+ - djm@cvs.openbsd.org 2007/09/04 11:15:56
+ [ssh.c sshconnect.c sshconnect.h]
+ make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
+ SSH banner exchange (previously it just covered the TCP connection).
+ This allows callers of ssh(1) to better detect and deal with stuck servers
+ that accept a TCP connection but don't progress the protocol, and also
+ makes ConnectTimeout useful for connections via a ProxyCommand;
+ feedback and "looks ok" markus@
+ - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
+ [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
+ sort synopsis and options in ssh-agent(1); usage is lowercase
+ ok jmc@
+ - stevesk@cvs.openbsd.org 2007/09/11 04:36:29
+ [sshpty.c]
+ sort #include
+ NB. RCS ID sync only
+ - gilles@cvs.openbsd.org 2007/09/11 15:47:17
+ [session.c ssh-keygen.c sshlogin.c]
+ use strcspn to properly overwrite '\n' in fgets returned buffer
+ ok pyr@, ray@, millert@, moritz@, chl@
+ - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ NB. RCS ID sync only
+ - stevesk@cvs.openbsd.org 2007/09/12 19:39:19
+ [umac.c]
+ use xmalloc() and xfree(); ok markus@ pvalchev@
+ - djm@cvs.openbsd.org 2007/09/13 04:39:04
+ [sftp-server.c]
+ fix incorrect test when setting syslog facility; from Jan Pechanec
+ - djm@cvs.openbsd.org 2007/09/16 00:55:52
+ [sftp-client.c]
+ use off_t instead of u_int64_t for file offsets, matching what the
+ progressmeter code expects; bz #842
+ - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
+ Problem report and additional testing rac AT tenzing.org.
+
+20070914
+ - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
+ Patch from Jan.Pechanec at sun com.
+
+20070910
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
+ return 0 on successful test. From David.Leonard at quest com.
+ - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
+ did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
+
+20070817
+ - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
+ accounts and that's what the code looks for, so make man page and code
+ agree. Pointed out by Roumen Petrov.
+ - (dtucker) [INSTALL] Group the parts describing random options and PAM
+ implementations together which is hopefully more coherent.
+ - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
+ - (dtucker) [INSTALL] Give PAM its own heading.
+ - (dtucker) [INSTALL] Link to tcpwrappers.
+
+20070816
+ - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
+ connections too. Based on a patch from Sandro Wefel, with & ok djm@
+
+20070815
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2007/08/15 08:14:46
+ [clientloop.c]
+ do NOT fall back to the trused x11 cookie if generation of an untrusted
+ cookie fails; from Jan Pechanec, via security-alert at sun.com;
+ ok dtucker
+ - markus@cvs.openbsd.org 2007/08/15 08:16:49
+ [version.h]
+ openssh 4.7
+ - stevesk@cvs.openbsd.org 2007/08/15 12:13:41
+ [ssh_config.5]
+ tun device forwarding now honours ExitOnForwardFailure; ok markus@
+ - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
+ ok djm@
+ - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
+ contrib/suse/openssh.spec] Crank version.
+
+20070813
+ - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
+ called with PAM_ESTABLISH_CRED at least once, which resolves a problem
+ with pam_dhkeys. Patch from David Leonard, ok djm@
+
+20070810
+ - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
+ - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From
+ Matt Kraai, ok djm@
+
+20070809
+ - (dtucker) [openbsd-compat/port-aix.c] Comment typo.
+ - (dtucker) [README.platform] Document the interaction between PermitRootLogin
+ and the AIX native login restrictions.
+ - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
+ used anywhere and are a potential source of warnings.
+
+20070808
+ - (djm) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2007/07/12 05:48:05
+ [key.c]
+ Delint: remove some unreachable statements, from Bret Lambert.
+ OK markus@ and dtucker@.
+ - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
+ [scp.1 scp.c]
+ the ellipsis is not an optional argument; while here, sync the usage
+ and synopsis of commands
+ lots of good ideas by jmc@
+ ok jmc@
+ - djm@cvs.openbsd.org 2007/08/07 07:32:53
+ [clientloop.c clientloop.h ssh.c]
+ bz#1232: ensure that any specified LocalCommand is executed after the
+ tunnel device is opened. Also, make failures to open a tunnel device
+ fatal when ExitOnForwardFailure is active.
+ Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
+
+20070724
+ - (tim) [openssh.xml.in] make FMRI match what package scripts use.
+ - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
+ Report/patch by David.Leonard AT quest.com (and Bernhard Simon)
+ - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
+ - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
+
+20070628
+ - (djm) bz#1325: Fix SELinux in permissive mode where it would
+ incorrectly fatal() on errors. patch from cjwatson AT debian.org;
+ ok dtucker
+
+20070625
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/06/13 00:21:27
+ [scp.c]
+ don't ftruncate() non-regular files; bz#1236 reported by wood AT
+ xmission.com; ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/14 21:43:25
+ [ssh.c]
+ handle EINTR when waiting for mux exit status properly
+ - djm@cvs.openbsd.org 2007/06/14 22:48:05
+ [ssh.c]
+ when waiting for the multiplex exit status, read until the master end
+ writes an entire int of data *and* closes the client_fd; fixes mux
+ regression spotted by dtucker, ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/19 02:04:43
+ [atomicio.c]
+ if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
+ avoid a spin if it is not yet ready for reading/writing; ok dtucker@
+ - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
+ [channels.c]
+ Correct test for window updates every three packets; prevents sending
+ window updates for every single packet. ok markus@
+ - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
+ [atomicio.c]
+ Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
+ - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
+ atomicio.
+ - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
+ Add an implementation of poll() built on top of select(2). Code from
+ OpenNTPD with changes suggested by djm. ok djm@
+
+20070614
+ - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
+ USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
+ shared with umac.c. Allows building with OpenSSL 0.9.5 again including
+ umac support. With tim@ djm@, ok djm.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
+ sections. Fixes builds with early OpenSSL 0.9.6 versions.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
+ of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
+ subsequent <0.9.7 test.
+
+20070612
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2007/06/11 09:14:00
+ [channels.h]
+ increase default channel windows; ok djm
+ - djm@cvs.openbsd.org 2007/06/12 07:41:00
+ [ssh-add.1]
+ better document ssh-add's -d option (delete identies from agent), bz#1224
+ new text based on some provided by andrewmc-debian AT celt.dias.ie;
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 08:20:00
+ [ssh-gss.h gss-serv.c gss-genr.c]
+ relocate server-only GSSAPI code from libssh to server; bz #1225
+ patch from simon AT sxw.org.uk; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 08:24:20
+ [scp.c]
+ make scp try to skip FIFOs rather than blocking when nothing is listening.
+ depends on the platform supporting sane O_NONBLOCK semantics for open
+ on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
+ bz #856; report by cjwatson AT debian.org; ok markus@
+ - djm@cvs.openbsd.org 2007/06/12 11:11:08
+ [ssh.c]
+ fix slave exit value when a control master goes away without passing the
+ full exit status by ensuring that the slave reads a full int. bz#1261
+ reported by frekko AT gmail.com; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 11:15:17
+ [ssh.c ssh.1]
+ Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
+ GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
+ and is useful for hosts with /home on Kerberised NFS; bz #1312
+ patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
+ - djm@cvs.openbsd.org 2007/06/12 11:45:27
+ [ssh.c]
+ improved exit message from multiplex slave sessions; bz #1262
+ reported by alexandre.nunes AT gmail.com; ok dtucker@
+ - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
+ [gss-genr.c]
+ Pass GSS OID to gss_display_status to provide better information in
+ error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
+ - jmc@cvs.openbsd.org 2007/06/12 13:41:03
+ [ssh-add.1]
+ identies -> identities;
+ - jmc@cvs.openbsd.org 2007/06/12 13:43:55
+ [ssh.1]
+ add -K to SYNOPSIS;
+ - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
+ [scp.c]
+ Encode filename with strnvis if the name contains a newline (which can't
+ be represented in the scp protocol), from bz #891. ok markus@
+
20070611
- (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
fix; tested by dtucker@ and jochen.kirn AT gmail.com
[sshd_config.5]
oops, here too: put the MAC list into a display, like we do for
ciphers, since groff has trouble with wide lines;
+ - markus@cvs.openbsd.org 2007/06/11 08:04:44
+ [channels.c]
+ send 'window adjust' messages every tree packets and do not wait
+ until 50% of the window is consumed. ok djm dtucker
- (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
fallback to provided bit-swizzing functions
+ - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
+ argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
+ but check anyway in case this changes or the code gets used elsewhere.
+ - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
+ prevent warnings about redefinitions of various things in paths.h.
+ Spotted by cartmanltd at hotmail.com.
20070605
- (dtucker) OpenBSD CVS Sync
andersk / openssh.git / blobdiff