-Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
-
- * Released 1.2.12.
-
- * channels.c: Commented out debugging messages about output draining.
-
- * Added file OVERVIEW to give some idea about the structure of the
- ssh software.
-
-Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
-
- * canohost.c (get_remote_hostname): Don't ever return NULL (causes
- segmentation violation).
-
- * sshconnect.c: Host ip address printed incorrectly with -v.
-
- * Implemented SSH_TTY environment variable.
-
-Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
-
- * Implemented server and client option KeepAlive to specify
- whether to set SO_KEEPALIVE. Both default to "yes"; to disable
- keepalives, set the value to "no" in both the server and the
- client configuration files. Updated manual pages.
-
- * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp
- (patch from Petri Virkkula <argon@bat.cs.hut.fi>).
-
- * login.c (record_logout): Fixed removing user from utmp on BSD
- (with HAVE_LIBUTIL_LOGIN).
-
- * Added cleanup functions to be called from fatal(). Arranged for
- utmp to be cleaned if sshd terminates by calling fatal (e.g.,
- after dropping connection). Eliminated separate client-side
- fatal() functions and moved fatal() to log-client.c. Made all
- cleanups, including channel_stop_listening() and packet_close()
- be called using this mechanism.
-
-Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * sshd.c: Permit immediate login with empty password only if
- password authentication is allowed.
-
-Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is
- now the only supported form. Renamed server option
- X11InetForwarding to X11Forwarding, and eliminated
- X11UnixForwarding. Updated documentation. Updated RFC (marked
- the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as
- obsolete, and removed all references to it). Increased protocol
- version number to 1.3.
-
- * scp.c (main): Added -B (BatchMode). Updated manual page.
-
- * Cleaned up and updated all manual pages.
-
- * clientloop.c: Added new escape sequences ~# (lists forwarded
- connections), ~& (background ssh when waiting for forwarded
- connections to terminate), ~? (list available escapes).
- Polished the output of the connection listing. Updated
- documentation.
-
- * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real
- uid. Assume that _POSIX_SAVED_IDS also applies to seteuid.
- This may solve problems with tcp_wrappers (libwrap) showing
- connections as coming from root.
-
-Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * Added RandomSeed server configuration option. The argument
- specifies the location of the random seed file. Updated
- documentation.
-
- * Locate perl5 in configure. Generate make-ssh-known-hosts (with
- the correct path for perl5) in Makefile.in, and install it with
- the other programs. Updated manual page.
-
- * sshd.c (main): Added a call to umask to set the umask to a
- reasonable value.
-
- * compress.c (buffer_compress): Fixed to follow the zlib
- documentation (which is slightly confusing).
-
- * INSTALL: Added information about Linux libc.so.4 problem.
-
-Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM.
-
- * sshd.c, sshd.8.in: Renamed $HOME/.environment ->
- $HOME/.ssh/environment.
-
- * configure.in: Disable shadow password checking on convex.
- Convex has /etc/shadow, but sets pw_passwd automatically if
- running as root.
-
- * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the
- pw_passwd field is automatically filled if running as root.
- Put explicit code in configure.in to prevent shadow password
- checking on FreeBSD and NetBSD.
-
- * serverloop.c (signchld_handler): Don't print error if wait
- returns -1.
-
- * Makefile.in (install): Fixed modes of data files.
-
- * Makefile.in (install): Make links for slogin.1.
-
- * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to
- fix the ping command.
-
-Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * ssh.1.in: Added more information about X11 forwarding.
-
-Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * Changes to use O_NONBLOCK_BROKEN consistently.
-
- * pty.c (pty_make_controlling_tty): Use setpgid instead of
- setsid() on Ultrix.
-
- * includes.h: Removed redundant #undefs for Ultrix and Sony News;
- these are already handled in configure.in.
-
-Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found.
-
- * configure.in: Disable vhangup on Ultrix. I am told this fixes
- the server problems.
-
-Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * sshconnect.c: Fixed a bug in connecting to a multi-homed host.
- Restructured the connecting code to never try to use the same
- socket a second time after a failed connection.
-
- * Makefile.in: Added explicit -m option to install, and umask 022
- when creating directories and the host key.
-
-Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean.
-
- * login.c (get_last_login_time): Fixed a typo (define -> defined).
-
-Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * configure.in: Moved testing for ANSI C compiler after the host
- specific code (problems on HPUX).
-
- * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan.
-
- * Fixed .SH NAME sections in manual pages.
-
- * compress.c: Trying to fix a mysterious bug in the compression
- glue.
-
- * ssh-1.2.11.
-
- * scp.c: disable agent forwarding when running ssh from scp.
-
- * Added compression of plaintext packets using the gzip library
- (zlib). Client configuration options Compression and
- CompressionLevel (1-9 as in gzip). New ssh and scp option -C
- (to enable compression). Updated RFC.
-
-Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * Implemented ProxyCommand stuff based on patches from Bryan
- O'Sullivan <bos@serpentine.com>.
-
- * Merged BSD login/logout/lastlog patches from Mark Treacy
- <mark@labtam.oz.au>.
-
- * sshd.c: Added chdir("/").
-
-Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * Merged RSA environment= patches from Felix Leitner
- <leitner@prz.tu-berlin.de> with some changes.
-
- * sshd.c: Made the packet code use two separate descriptors for
- the connection (one for input, the other for output). This will
- make future extensions easier (e.g., non-socket transports, etc.).
- sshd -i now uses both stdin and stdout separately.
-
-Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * sshd.c: Merged execle -> execve patches from Mark Martinec
- <Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on
- Convex (environment not getting passed properly). This might
- also solve similar problems on Sonys; please test!
-
- * Removed all compatibility code for protocol version 1.0.
- THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS
- PRIOR TO 1.1.0.
-
- * randoms.c (random_acquire_light_environmental_noise): If
- /dev/random is available, read up to 32 bytes (256 bits) from
- there in non-blocking mode, and mix the new random bytes into
- the pool.
-
- * Added client configuration option StrictHostKeyChecking
- (disabled by default). If this is enabled, the client will not
- automatically add new host keys to $HOME/.ssh/known_hosts;
- instead the connection will be refused if the host key is not
- known. Similarly, if the host key has changed, the connection
- will be refused instead if just issuing a warning. This
- provides additional security against man-in-the-middle/trojan
- horse attacks (especially in scripts where there is no-one to
- see the warnings), but may be quite inconvenient in everyday
- interactive use unless /etc/ssh_known_hosts is very complete,
- because new host keys must now be added manually.
-
- * sshconnect.c (ssh_connect): Use the user's uid when creating the
- socket and connecting it. I am hoping that this might help with
- tcp_wrappers showing the remote user as root.
-
- * ssh.c: Try inet-domain X11 forwarding regardless of whether we
- can get local authorization information. If we don't, we just
- come up with fake information; the forwarding code will anyway
- generate its own fake information and validate that the client
- knows that information. It will then substitute our fake
- information for that, but that info should get ignored by the
- server if it doesn't support it.
-
- * Added option BatchMode to disable password/passphrase querying
- in scripts.
-
- * auth-rh-rsa.c: Changed to use uid-swapping when reading
- .ssh/known_hosts.
-
- * sshd.8.in (command): Improved documentation of file permissions
- on the manual pages.
-
-Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
-
- * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer
- to freed memory (comment -> saved_comment).
-
- * log-server.c: Added a prefix to debug/warning/error/fatal
- messages describing message types. Syslog does not include that
- information automatically.
-
-Sun Oct 8 01:56:01 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Merged /etc/default/login and MAIL environment variable changes
- from Bryan O'Sullivan <bos@serpentine.com>.
- - mail spool file location
- - process /etc/default/login
- - add HAVE_ETC_DEFAULT_LOGIN
- - new function child_get_env and read_etc_default_login (sshd.c)
-
- * ssh-add.c (add_file): Fixed asking for passphrase.
-
- * Makefile.in: Fixed installing configure-generated man pages when
- compiling in a separate object directory.
-
- * sshd.c (main): Moved RSA key generation until after allocating
- the port number. (Actually, the code got duplicated because we
- never listen when run from inetd.)
-
- * ssh.c: Fixed a problem that caused scp to hang when called with
- stdin closed.
-
-Sat Oct 7 03:08:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Added server config option StrictModes. It specifies whether to
- check ownership and modes of home directory and .rhosts files.
-
- * ssh.c: If ssh is renamed/linked to a host name, connect to that
- host.
-
- * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from
- connection. Solaris has a kernel bug which causes select() to
- sometimes wake up even though there is no data available.
-
- * Display all open connections when printing the "Waiting for
- forwarded connections to terminate" message.
-
- * sshd.c, readconf.c: Added X11InetForwarding and
- X11UnixForwarding server config options.
-
-Thu Oct 5 17:41:16 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Some more SCO fixes.
-
-Tue Oct 3 01:04:34 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Fixes and cleanups in README, INSTALL, COPYING.
-
-Mon Oct 2 03:36:08 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...).
-
- * Removed .BR from ".SH NAME" in man pages.
-
-Sun Oct 1 04:16:07 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * ssh-1.2.10.
-
- * configure.in: When checking that the compiler works, check that
- it understands ANSI C prototypes.
-
- * Made uidswap error message a debug() to avoid confusing errors
- on AIX (AIX geteuid is brain-damaged and fails even for root).
-
- * Fixed an error in sshd.8 (FacistLogging -> FascistLogging).
-
- * Fixed distribution in Makefile.in (missing manual page .in files).
-
-Sat Sep 30 17:38:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * auth-rhosts.c: Fixed serious security problem in
- /etc/hosts.equiv authentication.
-
-Fri Sep 29 00:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Include machine/endian.h on Paragon.
-
- * ssh-add.c (add_file): Made ssh-add keep asking for the
- passphrase until the user just types return or cancels.
- Make the dialog display the comment of the key.
-
- * Read use shosts.equiv in addition to /etc/hosts.equiv.
-
- * sshd.8 is now sshd.8.in and is processed by configure to
- substitute the proper paths for various files. Ditto for ssh.1.
- Ditto for make-ssh-known-hosts.1.
-
- * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR
- will be /var/run if it exists, and ETCDIR otherwise.
-
-Thu Sep 28 21:52:42 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * On Ultrix, check if sys/syslog.h needs to be included in
- addition to syslog.h.
-
- * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX.
-
- * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS.
-
- * Fixed case-insensitivity in auth-rhosts.c.
-
- * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus
- other SCO fixes.
-
- * Makefile.in: Fixed missing install_prefixes.
-
-Wed Sep 27 03:57:00 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * ssh-1.2.9.
-
- * Added SOCKS support.
-
- * Fixed default setting of IgnoreRhosts option.
-
- * Pass the magic cookie to xauth in stdin instead of command line;
- the command line is visible in ps.
-
- * Added processing $HOME/.ssh/rc and /etc/sshrc.
-
- * Added a section to sshd.8 on what happens at login time.
-
-Tue Sep 26 01:27:40 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Don't define speed_t on SunOS 4.1.1; it conflicts with system
- headers.
-
- * Added support for .hushlogin.
-
- * Added --with-etcdir.
-
- * Read $HOME/.environment after /etc/environment.
-
-Mon Sep 25 03:26:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Merged patches for SCO Unix (from Michael Henits).
-
-Sun Sep 24 22:28:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Added ssh option ConnectionAttempts.
-
-Sat Sep 23 12:30:15 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * sshd.c: Don't print last login time and /etc/motd if a command
- has been specified (with ssh -t host command).
-
- * Added support for passing the screen number in X11 forwarding.
- It is implemented as a compatible protocol extension, signalled
- by SSH_PROTOFLAG_SCREEN_NUMBER by the child.
-
- * clientloop.c: Fixed bugs in the order in which things were
- processed. This may solve problems with some data not getting
- sent to the server as soon as possible (probably solves the TCP
- forwarding delayed close problem). Also, it looked like window
- changes might not get transmitted as early as possible in some
- cases.
-
- * clientloop.c: Changed to detect window size change that
- happened while ssh was suspended.
-
- * ssh.c: Moved the do_session function (client main loop) to
- clientloop.c. Divided it into smaller functions. General cleanup.
-
- * ssh-1.2.8
-
-Fri Sep 22 22:07:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * sshconnect.c (ssh_login): Made ssh_login take the options
- structure as argument, instead of the individual arguments.
-
- * auth-rhosts.c (check_rhosts_file): Added support for netgroups.
-
- * auth-rhosts.c (check_rhosts_file): Added support for negated
- entries.
-
-Thu Sep 21 00:07:56 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * auth-rhosts.c: Restructured rhosts authentication code.
- Hosts.equiv now has same format as .rhosts: user names are allowed.
-
- * Added support for the Intel Paragon.
-
- * sshd.c: Don't use X11 forwarding with spoofing if no xauth
- program. Changed configure.in to not define XAUTH_PATH if
- there is no xauth program.
-
- * ssh-1.2.7
-
- * sshd.c: Rewrote the code to build the environment. Now also reads
- /etc/environment.
-
- * sshd.c: Fixed problems in libwrap code. --with-libwrap now
- takes optional library name/path.
-
- * ssh-1.2.6
-
- * Define USE_PIPES by default.
-
- * Added support for Univel Unixware and MachTen.
-
- * Added IgnoreRhosts server option.
-
- * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen.
-
-Wed Sep 20 02:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * sshd.c (do_child): don't call packet_close when /etc/nologin,
- because packet_close does shutdown, and the message does not get
- sent.
-
- * pty.c (pty_allocate): Push ttcompat streams module.
-
- * randoms.c (random_acquire_light_environmental_noise): Don't use
- the second argument to gettimeofday as it is not supported on
- all systems.
-
- * login.c (record_login): Added NULL second argument to gettimeofday.
-
-Tue Sep 19 13:25:48 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * fixed pclose wait() in sshd key regeneration (now only collects
- easily available noise).
-
- * configure.in: test for bsdi before bsd*.
-
- * ssh.c: Don't print "Connection closed" if -q.
-
-Wed Sep 13 04:19:52 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Released ssh-1.2.5.
-
- * Hopefully fixed "Waiting for forwarded connections to terminate"
- message.
-
- * randoms.c, md5.c: Large modifications to make these work on Cray
- (which has no 32 bit integer type).
-
- * Fixed a problem with forwarded connection closes not being
- reported immediately.
-
- * ssh.c: fixed rhosts authentication (broken by uid-swapping).
-
- * scp.c: Don't use -l if server user not specified (it made
- setting User in the configuration file not work).
-
- * configure.in: don't use -pipe on BSDI.
-
- * randoms.c: Major modifications to make it work without 32 bit
- integers (e.g. Cray).
-
- * md5.c: Major modifications to make it work without 32 bit
- integers (e.g. Cray).
-
- * Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by
- default on all systems.
-
-Mon Sep 11 00:53:12 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * sshd.c: don't include sshd pathname in log messages.
-
- * Added libwrap stuff (includes support for identd).
-
- * Added OSF/1 C2 extended security stuff.
-
- * Fixed interactions between getuid() and uid-swap stuff.
-
-Sun Sep 10 00:29:27 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * serverloop.c: Don't send stdout data to client until after a few
- milliseconds if there is very little data. This is because some
- systems give data from pty one character at a time, which would
- multiply data size by about 16.
-
- * serverloop.c: Moved server do_session to a separate file and
- renamed it server_loop. Split it into several functions and
- partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup.
-
- * Screwed up something while checking stuff in under cvs. No harm,
- but bogus log entries...
-
-Sat Sep 9 02:24:51 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * minfd.c (_get_permanent_fd): Use SHELL environment variable.
-
- * channels.c (x11_create_display_inet): Created
- HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the
- IP address of the host instead of the name, because HPSUX uses
- some magic shared memory communication for local connections.
-
- * Changed SIGHUP processing in server; it should now work multiple
- times.
-
- * Added length limits in many debug/log/error/fatal calls just in
- case.
-
- * login.c (get_last_login_time): Fixed location of lastlog.
-
- * Rewrote all uid-swapping code. New files uidswap.h, uidswap.c.
-
- * Fixed several security problems involving chmod and chgrp (race
- conditions). Added warnings about dubious modes for /tmp/.X11-unix.
-
-Fri Sep 8 20:03:36 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
-
- * Changed readconf.c to never display anything from the config
- file. This should now be prevented otherwise, but let's play safe.
-
- * log-server.c: Use %.500s in syslog() just to be sure (they
- should already be shorter than 1024 though).
-
- * sshd.c: Moved setuid in child a little earlier (just to be
- conservative, there was no security problem that I could detect).
-
- * README, INSTALL: Added info about mailing list and WWW page.
-
- * sshd.c: Added code to use SIGCHLD and wait zombies immediately.
-
- * Merged patch to set ut_addr in utmp.
-
- * Created ChangeLog and added it to Makefile.in.
-
- * Use read_passphrase instead of getpass().
-
- * Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher
- selection (IDEA used to be selected even if not supported by the
- server).
-
- * Use no encryption for key files if empty passphrase.
-
- * Added section about --without-idea in INSTALL.
-
- * Version 1.2.0 was released a couple of days ago.
-
+19991119
+ - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
+ (off-by-one error - doesn't appear to be easily exploitable)
+ - Merged OpenBSD CVS changes
+ - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
+ more %d vs. %s in fmt-strings
+ - [authfd.c]
+ Integers should not be printed with %s
+ - EGD uses a socket, not a named pipe. Duh.
+ - Fix includes in fingerprint.c
+
+19991118
+ - Merged OpenBSD CVS changes
+ - [scp.c] foregroundproc() in scp
+ - [sshconnect.h] include fingerprint.h
+ - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
+ changes.
+ - [ssh.1] Spell my name right.
+ - Added openssh.com info to README
+
+19991117
+ - Merged OpenBSD CVS changes
+ - [ChangeLog.Ylonen] noone needs this anymore
+ - [authfd.c] close-on-exec for auth-socket, ok deraadt
+ - [hostfile.c]
+ in known_hosts key lookup the entry for the bits does not need
+ to match, all the information is contained in n and e. This
+ solves the problem with buggy servers announcing the wrong
+ modulus length. markus and me.
+ - [serverloop.c]
+ bugfix: check for space if child has terminated, from:
+ iedowse@maths.tcd.ie
+ - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
+ [fingerprint.c fingerprint.h]
+ rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
+ - [ssh-agent.1] typo
+ - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
+ - [sshd.c]
+ force logging to stderr while loading private key file
+ (lost while converting to new log-levels)
+
+19991116
+ - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
+ - Merged OpenBSD CVS changes:
+ - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
+ [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
+ the keysize of rsa-parameter 'n' is passed implizit,
+ a few more checks and warnings about 'pretended' keysizes.
+ - [cipher.c cipher.h packet.c packet.h sshd.c]
+ remove support for cipher RC4
+ - [ssh.c]
+ a note for legay systems about secuity issues with permanently_set_uid(),
+ the private hostkey and ptrace()
+ - [sshconnect.c]
+ more detailed messages about adding and checking hostkeys
+
+19991115
+ - Merged OpenBSD CVS changes:
+ - [ssh-add.c] change passphrase loop logic and remove ref to
+ $DISPLAY, ok niels
+ - Changed to ssh-add.c broke askpass support. Revised it to be a little more
+ modular.
+ - Revised autoconf support for enabling/disabling askpass support.
+ - Merged more OpenBSD CVS changes:
+ [auth-krb4.c]
+ - disconnect if getpeername() fails
+ - missing xfree(*client)
+ [canohost.c]
+ - disconnect if getpeername() fails
+ - fix comment: we _do_ disconnect if ip-options are set
+ [sshd.c]
+ - disconnect if getpeername() fails
+ - move checking of remote port to central place
+ [auth-rhosts.c] move checking of remote port to central place
+ [log-server.c] avoid extra fd per sshd, from millert@
+ [readconf.c] print _all_ bad config-options in ssh(1), too
+ [readconf.h] print _all_ bad config-options in ssh(1), too
+ [ssh.c] print _all_ bad config-options in ssh(1), too
+ [sshconnect.c] disconnect if getpeername() fails
+ - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
+ - Various small cleanups to bring diff (against OpenBSD) size down.
+ - Merged more Solaris compability from Marc G. Fournier
+ <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for __progname symbol
+ - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
+ - Released 1.2pre12
+
+ - Another OpenBSD CVS update:
+ - [ssh-keygen.1] fix .Xr
+
+19991114
+ - Solaris compilation fixes (still imcomplete)
+
+19991113
+ - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Don't install config files if they already exist
+ - Fix inclusion of additional preprocessor directives from acconfig.h
+ - Removed redundant inclusions of config.h
+ - Added 'Obsoletes' lines to RPM spec file
+ - Merged OpenBSD CVS changes:
+ - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
+ - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
+ totalsize, ok niels,aaron
+ - Delay fork (-f option) in ssh until after port forwarded connections
+ have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
+ - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
+ - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
+ - Tidied default config file some more
+ - Revised Redhat initscript to fix bug: sshd (re)start would fail
+ if executed from inside a ssh login.
+
+19991112
+ - Merged changes from OpenBSD CVS
+ - [sshd.c] session_key_int may be zero
+ - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+ IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
+ deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
+ - Grab server in gnome-ssh-askpass (Debian bug #49872)
+ - Released 1.2pre10
+
+ - Added INSTALL documentation
+ - Merged yet more changes from OpenBSD CVS
+ - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
+ [ssh.c ssh.h sshconnect.c sshd.c]
+ make all access to options via 'extern Options options'
+ and 'extern ServerOptions options' respectively;
+ options are no longer passed as arguments:
+ * make options handling more consistent
+ * remove #include "readconf.h" from ssh.h
+ * readconf.h is only included if necessary
+ - [mpaux.c] clear temp buffer
+ - [servconf.c] print _all_ bad options found in configfile
+ - Make ssh-askpass support optional through autoconf
+ - Fix nasty division-by-zero error in scp.c
+ - Released 1.2pre11
+
+19991111
+ - Added (untested) Entropy Gathering Daemon (EGD) support
+ - Fixed /dev/urandom fd leak (Debian bug #49722)
+ - Merged OpenBSD CVS changes:
+ - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - Fix integer overflow which was messing up scp's progress bar for large
+ file transfers. Fix submitted to OpenBSD developers.
+ - Merged more OpenBSD CVS changes:
+ - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ + krb-cleanup cleanup
+ - [clientloop.c log-client.c log-server.c ]
+ [readconf.c readconf.h servconf.c servconf.h ]
+ [ssh.1 ssh.c ssh.h sshd.8]
+ add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
+ obsoletes QuietMode and FascistLogging in sshd.
+ - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+ allow session_key_int != sizeof(session_key)
+ [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+ readability
+
+19991110
+ - Merged several minor fixes:
+ - ssh-agent commandline parsing
+ - RPM spec file now installs ssh setuid root
+ - Makefile creates libdir
+ - Merged beginnings of Solaris compability from Marc G. Fournier
+ <marc.fournier@acadiau.ca>
+
+19991109
+ - Autodetection of SSL/Crypto library location via autoconf
+ - Fixed location of ssh-askpass to follow autoconf
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Autodetection of RSAref library for US users
+ - Minor doc updates
+ - Merged OpenBSD CVS changes:
+ - [rsa.c] bugfix: use correct size for memset()
+ - [sshconnect.c] warn if announced size of modulus 'n' != real size
+ - Added GNOME passphrase requestor (use --with-gnome-askpass)
+ - RPM build now creates subpackages
+ - Released 1.2pre9
+
+19991108
+ - Removed debian/ directory. This is now being maintained separately.
+ - Added symlinks for slogin in RPM spec file
+ - Fixed permissions on manpages in RPM spec file
+ - Added references to required libraries in README file
+ - Removed config.h.in from CVS
+ - Removed pwdb support (better pluggable auth is provided by glibc)
+ - Made PAM and requisite libdl optional
+ - Removed lots of unnecessary checks from autoconf
+ - Added support and autoconf test for openpty() function (Unix98 pty support)
+ - Fix for scp not finding ssh if not installed as /usr/bin/ssh
+ - Added TODO file
+ - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
+ - Added ssh-askpass program
+ - Added ssh-askpass support to ssh-add.c
+ - Create symlinks for slogin on install
+ - Fix "distclean" target in makefile
+ - Added example for ssh-agent to manpage
+ - Added support for PAM_TEXT_INFO messages
+ - Disable internal /etc/nologin support if PAM enabled
+ - Merged latest OpenBSD CVS changes:
+ - [all] replace assert() with error, fatal or packet_disconnect
+ - [sshd.c] don't send fail-msg but disconnect if too many authentication
+ failures
+ - [sshd.c] remove unused argument. ok dugsong
+ - [sshd.c] typo
+ - [rsa.c] clear buffers used for encryption. ok: niels
+ - [rsa.c] replace assert() with error, fatal or packet_disconnect
+ - [auth-krb4.c] remove unused argument. ok dugsong
+ - Fixed coredump after merge of OpenBSD rsa.c patch
+ - Released 1.2pre8
+
+19991102
+ - Merged change from OpenBSD CVS
+ - One-line cleanup in sshd.c
+
+19991030
+ - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
+ - Merged latest updates for OpenBSD CVS:
+ - channels.[ch] - remove broken x11 fix and document istate/ostate
+ - ssh-agent.c - call setsid() regardless of argv[]
+ - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
+ - Documentation cleanups
+ - Renamed README -> README.Ylonen
+ - Renamed README.openssh ->README
+
+19991029
+ - Renamed openssh* back to ssh* at request of Theo de Raadt
+ - Incorporated latest changes from OpenBSD's CVS
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
+ - Make distclean now removed configure script
+ - Improved PAM logging
+ - Added some debug() calls for PAM
+ - Removed redundant subdirectories
+ - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
+ building on Debian.
+ - Fixed off-by-one error in PAM env patch
+ - Released 1.2pre6
+
+19991028
+ - Further PAM enhancements.
+ - Much cleaner
+ - Now uses account and session modules for all logins.
+ - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
+ - Build fixes
+ - Autoconf
+ - Change binary names to open*
+ - Fixed autoconf script to detect PAM on RH6.1
+ - Added tests for libpwdb, and OpenBSD functions to autoconf
+ - Released 1.2pre4
+
+ - Imported latest OpenBSD CVS code
+ - Updated README.openssh
+ - Released 1.2pre5
+
+19991027
+ - Adapted PAM patch.
+ - Released 1.0pre2
+
+ - Excised my buggy replacements for strlcpy and mkdtemp
+ - Imported correct OpenBSD strlcpy and mkdtemp routines.
+ - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
+ - Picked up correct version number from OpenBSD
+ - Added sshd.pam PAM configuration file
+ - Added sshd.init Redhat init script
+ - Added openssh.spec RPM spec file
+ - Released 1.2pre3
+
+19991026
+ - Fixed include paths of OpenSSL functions
+ - Use OpenSSL MD5 routines
+ - Imported RC4 code from nanocrypt
+ - Wrote replacements for OpenBSD arc4random* functions
+ - Wrote replacements for strlcpy and mkdtemp
+ - Released 1.0pre1
andersk / openssh.git / blobdiff