+20060909
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
+ - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
+
+20060908
+ - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
+ from Chris Adams.
+ - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
+
+20060907
+ - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
+ be used to drop privilege to; fixes Solaris GSSAPI crash reported by
+ Magnus Abrante; suggestion and feedback dtucker@
+ NB. this change will require that the privilege separation user must
+ exist on all the time, not just when UsePrivilegeSeparation=yes
+ - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
+ - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
+ - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
+ chance of winning.
+
+20060905
+ - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
+ - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
+
+20060904
+ - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
+ updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
+ ok djm@
+
+20060903
+ - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
+ declaration of writev(2) and declare it ourselves if necessary. Makes
+ the atomiciov() calls build on really old systems. ok djm@
+
+20060902
+ - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
+ - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
+ openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
+ openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
+ for hton* and ntoh* macros. Required on (at least) HP-UX since we define
+ _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
+
+20060901
+ - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
+ [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
+ [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
+ [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
+ [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
+ [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
+ [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
+ [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
+ [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
+ [sshconnect1.c sshconnect2.c sshd.c]
+ [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
+ [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
+ [openbsd-compat/port-uw.c]
+ Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
+ compile problems reported by rac AT tenzing.org
+ - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
+ [openbsd-compat/rresvport.c] Some more headers: netinet/in.h
+ sys/socket.h and unistd.h in various places
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
+ warnings for binary_open and binary_close. Patch from Corinna Vinschen.
+ - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
+ test for GLOB_NOMATCH and use our glob functions if it's not found.
+ Stops sftp from segfaulting when attempting to get a nonexistent file on
+ Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
+ from and tested by Corinna Vinschen.
+ - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
+ versions.
+
+20060831
+ - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
+ [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
+ [openbsd-compat/port-solaris.h] Add support for Solaris process
+ contracts, enabled with --use-solaris-contracts. Patch from Chad
+ Mynhier, tweaked by dtucker@ and myself; ok dtucker@
+ - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
+ while setting up the ssh service account. Patch from Corinna Vinschen.
+
+20060830
+ - (djm) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
+ [sshd_config.5]
+ Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
+ ok jmc@ djm@
+ - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
+ [sshd.8]
+ Add more detail about what permissions are and aren't accepted for
+ authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
+ - djm@cvs.openbsd.org 2006/08/29 10:40:19
+ [channels.c session.c]
+ normalise some inconsistent (but harmless) NULL pointer checks
+ spotted by the Stanford SATURN tool, via Isil Dillig;
+ ok markus@ deraadt@
+ - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
+ [gss-genr.c]
+ Work around a problem in Heimdal that occurs when KRB5CCNAME file is
+ missing, by checking whether or not kerberos allocated us a context
+ before attempting to free it. Patch from Simon Wilkinson, tested by
+ biorn@, ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
+ [sshconnect2.c]
+ Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
+ where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
+ - djm@cvs.openbsd.org 2006/08/30 00:14:37
+ [version.h]
+ crank to 4.4
+ - (djm) [openbsd-compat/xcrypt.c] needs unistd.h
+ - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
+ loginsuccess on AIX immediately after authentication to clear the failed
+ login count. Previously this would only happen when an interactive
+ session starts (ie when a pty is allocated) but this means that accounts
+ that have primarily non-interactive sessions (eg scp's) may gradually
+ accumulate enough failures to lock out an account. This change may have
+ a side effect of creating two audit records, one with a tty of "ssh"
+ corresponding to the authentication and one with the allocated pty per
+ interactive session.
+
+20060824
+ - (dtucker) [openbsd-compat/basename.c] Include errno.h.
+ - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
+ older systems.
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
+ on POSIX systems.
+ - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2).
+ - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc.
+ - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
+ unused variable warning when we have a broken or missing mmap(2).
+
+20060822
+ - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
+ Makefile. Patch from santhi.amirta at gmail, ok djm.
+
+20060820
+ - (dtucker) [log.c] Move ifdef to prevent unused variable warning.
+ - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
+ afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
+ - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
+ fixing bug #1181. No changes yet.
+ - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
+ (0.9.8a and presumably newer) requires -ldl to successfully link.
+ - (dtucker) [configure.ac] Remove errant "-".
+
+20060819
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/08/18 22:41:29
+ [gss-genr.c]
+ GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
+ - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
+ single rule for the test progs.
+
+20060818
+ - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
+ closefrom.c from sudo.
+ - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid.
+ - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error.
+ - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
+ test progs instead; they work better than what we have.
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2006/08/06 01:13:32
+ [compress.c monitor.c monitor_wrap.c]
+ "zlib.h" can be <zlib.h>; ok djm@ markus@
+ - miod@cvs.openbsd.org 2006/08/12 20:46:46
+ [monitor.c monitor_wrap.c]
+ Revert previous include file ordering change, for ssh to compile under
+ gcc2 (or until openssl include files are cleaned of parameter names
+ in function prototypes)
+ - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
+ [servconf.c servconf.h sshd_config.5]
+ Add ability to match groups to Match keyword in sshd_config. Feedback
+ djm@, stevesk@, ok stevesk@.
+ - djm@cvs.openbsd.org 2006/08/16 11:47:15
+ [sshd.c]
+ factor inetd connection, TCP listen and main TCP accept loop out of
+ main() into separate functions to improve readability; ok markus@
+ - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
+ [log.c log.h sshd.c]
+ make signal handler termination path shorter; risky code pointed out by
+ mark dowd; ok djm markus
+ - markus@cvs.openbsd.org 2006/08/18 09:15:20
+ [auth.h session.c sshd.c]
+ delay authentication related cleanups until we're authenticated and
+ all alarms have been cancelled; ok deraadt
+ - djm@cvs.openbsd.org 2006/08/18 10:27:16
+ [misc.h]
+ reorder so prototypes are sorted by the files they refer to; no
+ binary change
+ - djm@cvs.openbsd.org 2006/08/18 13:54:54
+ [gss-genr.c ssh-gss.h sshconnect2.c]
+ bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
+ ok markus@
+ - djm@cvs.openbsd.org 2006/08/18 14:40:34
+ [gss-genr.c ssh-gss.h]
+ constify host argument to match the rest of the GSSAPI functions and
+ unbreak compilation with -Werror
+ - (djm) Disable sigdie() for platforms that cannot safely syslog inside
+ a signal handler (basically all of them, excepting OpenBSD);
+ ok dtucker@
+
+20060817
+ - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
+ Include stdlib.h for malloc and friends.
+ - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
+ for closefrom() on AIX. Pointed out by William Ahern.
+ - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
+ test for closefrom() in compat code.
+
+20060816
+ - (djm) [audit-bsm.c] Sprinkle in some headers
+
+20060815
+ - (dtucker) [LICENCE] Add Reyk to the list for the compat dir.
+
+20060806
+ - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
+ on Solaris 10
+
+20060806
+ - (dtucker) [defines.h] With the includes.h changes we no longer get the
+ name clash on "YES" so we can remove the workaround for it.
+ - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
+ glob.c}] Include stdlib.h for malloc and friends in compat code.
+
20060805
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2006/07/24 13:58:22
#include stdarg.h, needed for log.h.
- (dtucker) [entropy.c] Needs unistd.h too.
- (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc.
+ - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
+ otherwise it is implicitly declared as returning an int.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
+ [auth2-none.c sshd.c monitor_wrap.c]
+ Add headers required to build with KERBEROS5=no. ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
+ [auth-skey.c]
+ Add headers required to build with -DSKEY. ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
+ [monitor_wrap.c auth-skey.c auth2-chall.c]
+ Zap unused variables in -DSKEY code. ok djm@
+ - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
+ [packet.c]
+ Typo in comment
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
+ on Cygwin.
+ - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa.
+ - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h.
+ - (dtucker) [audit.c audit.h] Repair headers.
+ - (dtucker) [audit-bsm.c] Add additional headers now required.
20060804
- (dtucker) [configure.ac] The "crippled AES" test does not work on recent
andersk / openssh.git / blobdiff