+20050717
+- OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2005/07/16 01:35:24
+ [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
+ [sshconnect.c]
+ spacing
+ - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
+ [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
+ in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
+
+20050716
+ - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
+ socketpair stays open on in both the monitor and PAM process. Patch from
+ Joerg Sonnenberger.
+
+20050714
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2005/07/06 09:33:05
+ [ssh.1]
+ clarify meaning of ssh -b ; with & ok jmc@
+ - dtucker@cvs.openbsd.org 2005/07/08 09:26:18
+ [misc.c]
+ Make comment match code; ok djm@
+ - markus@cvs.openbsd.org 2005/07/08 09:41:33
+ [channels.h]
+ race when efd gets closed while there is still buffered data:
+ change CHANNEL_EFD_OUTPUT_ACTIVE()
+ 1) c->efd must always be valid AND
+ 2a) no EOF has been seen OR
+ 2b) there is buffered data
+ report, initial fix and testing Chuck Cranor
+ - dtucker@cvs.openbsd.org 2005/07/08 10:20:41
+ [ssh_config.5]
+ change BindAddress to match recent ssh -b change; prompted by markus@
+ - jmc@cvs.openbsd.org 2005/07/08 12:53:10
+ [ssh_config.5]
+ new sentence, new line;
+ - dtucker@cvs.openbsd.org 2005/07/14 04:00:43
+ [misc.h]
+ use __sentinel__ attribute; ok deraadt@ djm@ markus@
+ - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
+ compiler doesn't understand it to prevent warnings. If any mainstream
+ compiler versions acquire it we can test for those versions. Based on
+ discussion with djm@.
+
+20050707
+ - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
+ the MIT Kerberos code path into a common function and expand mkstemp
+ template to be consistent with the rest of OpenSSH. From sxw at
+ inf.ed.ac.uk, ok djm@
+ - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
+ in the case where the buffer is insufficient, so always return ENOMEM.
+ Also pointed out by sxw at inf.ed.ac.uk.
+ - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
+ calls to krb5_init_ets, which has not been required since krb-1.1.x and
+ most Kerberos versions no longer export in their public API. From sxw
+ at inf.ed.ac.uk, ok djm@
+
+20050706
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2005/07/01 13:19:47
+ [channels.c]
+ don't free() if getaddrinfo() fails; report mpech@
+ - djm@cvs.openbsd.org 2005/07/04 00:58:43
+ [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
+ implement support for X11 and agent forwarding over multiplex slave
+ connections. Because of protocol limitations, the slave connections inherit
+ the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
+ their own.
+ ok dtucker@ "put it in" deraadt@
+ - jmc@cvs.openbsd.org 2005/07/04 11:29:51
+ [ssh_config.5]
+ fix Xr and a little grammar;
+ - markus@cvs.openbsd.org 2005/07/04 14:04:11
+ [channels.c]
+ don't forget to set x11_saved_display
+
+20050626
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2005/06/17 22:53:47
+ [ssh.c sshconnect.c]
+ Fix ControlPath's %p expanding to "0" for a default port,
+ spotted dwmw2 AT infradead.org; ok markus@
+ - djm@cvs.openbsd.org 2005/06/18 04:30:36
+ [ssh.c ssh_config.5]
+ allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
+ - djm@cvs.openbsd.org 2005/06/25 22:47:49
+ [ssh.c]
+ do the default port filling code a few lines earlier, so it really
+ does fix %p
+
+20050618
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2005/05/20 12:57:01;
+ [auth1.c] split protocol 1 auth methods into separate functions, makes
+ authloop much more readable; fixes and ok markus@ (portable ok &
+ polish dtucker@)
+ - djm@cvs.openbsd.org 2005/06/17 02:44:33
+ [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
+ - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
+ tested and fixes tim@
+
+20050617
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2005/06/16 03:38:36
+ [channels.c channels.h clientloop.c clientloop.h ssh.c]
+ move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
+ easier later; ok deraadt@
+ - markus@cvs.openbsd.org 2005/06/16 08:00:00
+ [canohost.c channels.c sshd.c]
+ don't exit if getpeername fails for forwarded ports; bugzilla #1054;
+ ok djm
+ - djm@cvs.openbsd.org 2005/06/17 02:44:33
+ [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
+ [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
+ [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
+ [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
+ [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
+ make this -Wsign-compare clean; ok avsm@ markus@
+ NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
+ NB2. more work may be needed to make portable Wsign-compare clean
+ - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
+ openbsd-compat/openssl-compat.c] only include openssl compat stuff where
+ it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
+ and ok tim@
+
+20050616
+ - (djm) OpenBSD CVS Sync
+ - jaredy@cvs.openbsd.org 2005/06/07 13:25:23
+ [progressmeter.c]
+ catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
+ - djm@cvs.openbsd.org 2005/06/06 11:20:36
+ [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
+ introduce a generic %foo expansion function. replace existing % expansion
+ and add expansion to ControlPath; ok markus@
+ - djm@cvs.openbsd.org 2005/06/08 03:50:00
+ [ssh-keygen.1 ssh-keygen.c sshd.8]
+ increase default rsa/dsa key length from 1024 to 2048 bits;
+ ok markus@ deraadt@
+ - djm@cvs.openbsd.org 2005/06/08 11:25:09
+ [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
+ add ControlMaster=auto/autoask options to support opportunistic
+ multiplexing; tested avsm@ and jakob@, ok markus@
+ - dtucker@cvs.openbsd.org 2005/06/09 13:43:49
+ [cipher.c]
+ Correctly initialize end of array sentinel; ok djm@
+ (Id sync only, change already in portable)
+
+20050609
+ - (dtucker) [cipher.c openbsd-compat/Makefile.in
+ openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
+ Move compatibility code for supporting older OpenSSL versions to the
+ compat layer. Suggested by and "no objection" djm@
+
+20050607
+ - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
+ in today's episode we attempt to coax it from limits.h where it may be
+ hiding, failing that we take the DIY approach. Tested by tim@
+
+20050603
+ - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
+ defined, and check that it helps before keeping it in CFLAGS. Some old
+ gcc's don't set an error code when encountering an unknown value in -std.
+ Found and tested by tim@.
+ - (dtucker) [configure.ac] Point configure's reporting address at the
+ openssh-unix-dev list. ok tim@ djm@
+
+20050602
+ - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
+ Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
+ to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
+ must be run on all platforms) Add missing ;; to case statement. OK dtucker@
+
20050601
- (dtucker) [configure.ac] Look for _getshort and _getlong in
arpa/nameser.h.
- dtucker@cvs.openbsd.org 2005/05/26 09:08:12
[ssh-keygen.c]
uint32_t -> u_int32_t for consistency; ok djm@
+ - djm@cvs.openbsd.org 2005/05/27 08:30:37
+ [ssh.c]
+ fix -O for cases where no ControlPath has been specified or socket at
+ ControlPath is not contactable; spotted by and ok avsm@
+ - (tim) [config.guess config.sub] Update to '2005-05-27' version.
+ - (tim) [configure.ac] set TEST_SHELL for OpenServer 6
20050531
- (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
andersk / openssh.git / blobdiff