+20010415
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
+ [ssh-add.c]
+ do not double free
+ - markus@cvs.openbsd.org 2001/04/14 16:17:14
+ [channels.c]
+ remove some channels that are not appropriate for keepalive.
+ - markus@cvs.openbsd.org 2001/04/14 16:27:57
+ [ssh-add.c]
+ use clear_pass instead of xfree()
+ - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
+ [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
+ protocol 2 tty modes support; ok markus@
+
+20010414
+ - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
+ - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
+ <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+ - beck@cvs.openbsd.org 2001/04/13 22:46:54
+ [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
+ Add options ClientAliveInterval and ClientAliveCountMax to sshd.
+ This gives the ability to do a "keepalive" via the encrypted channel
+ which can't be spoofed (unlike TCP keepalives). Useful for when you want
+ to use ssh connections to authenticate people for something, and know
+ relatively quickly when they are no longer authenticated. Disabled
+ by default (of course). ok markus@
+
+20010413
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/12 14:29:09
+ [ssh.c]
+ show debug output during option processing, report from
+ pekkas@netcore.fi
+ - markus@cvs.openbsd.org 2001/04/12 19:15:26
+ [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
+ compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
+ servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
+ sshconnect2.c sshd_config]
+ implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
+ similar to RhostRSAAuthentication unless you enable (the experimental)
+ HostbasedUsesNameFromPacketOnly option. please test. :)
+ - markus@cvs.openbsd.org 2001/04/12 19:39:27
+ [readconf.c]
+ typo
+ - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
+ [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
+ robust port validation; ok markus@ jakob@
+ - mouring@cvs.openbsd.org 2001/04/12 23:17:54
+ [sftp-int.c sftp-int.h sftp.1 sftp.c]
+ Add support for:
+ sftp [user@]host[:file [file]] - Fetch remote file(s)
+ sftp [user@]host[:dir[/]] - Start in remote dir/
+ OK deraadt@
+ - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
+ [ssh.c]
+ missing \n in error message
+ - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
+ lack it.
+
+20010412
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/10 07:46:58
+ [channels.c]
+ cleanup socks4 handling
+ - itojun@cvs.openbsd.org 2001/04/10 09:13:22
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ document id_rsa{.pub,}. markus ok
+ - markus@cvs.openbsd.org 2001/04/10 12:15:23
+ [channels.c]
+ debug cleanup
+ - djm@cvs.openbsd.org 2001/04/11 07:06:22
+ [sftp-int.c]
+ 'mget' and 'mput' aliases; ok markus@
+ - markus@cvs.openbsd.org 2001/04/11 10:59:01
+ [ssh.c]
+ use strtol() for ports, thanks jakob@
+ - markus@cvs.openbsd.org 2001/04/11 13:56:13
+ [channels.c ssh.c]
+ https-connect and socks5 support. i feel so bad.
+ - lebel@cvs.openbsd.org 2001/04/11 16:25:30
+ [sshd.8 sshd.c]
+ implement the -e option into sshd:
+ -e When this option is specified, sshd will send the output to the
+ standard error instead of the system log.
+ markus@ OK.
+
+20010410
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
+ [sftp.c]
+ do not modify an actual argv[] entry
+ - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
+ [sshd.8]
+ spelling
+ - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
+ [sftp.1]
+ spelling
+ - markus@cvs.openbsd.org 2001/04/09 15:12:23
+ [ssh-add.c]
+ passphrase caching: ssh-add tries last passphrase, clears passphrase if
+ not successful and after last try.
+ based on discussions with espie@, jakob@, ... and code from jakob@ and
+ wolfgang@wsrcc.com
+ - markus@cvs.openbsd.org 2001/04/09 15:19:49
+ [ssh-add.1]
+ ssh-add retries the last passphrase...
+ - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
+ [sshd.8]
+ ListenAddress mandoc from aaron@
+
+20010409
+ - (stevesk) use setresgid() for setegid() if needed
+ - (stevesk) configure.in: typo
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
+ [sshd.8]
+ document ListenAddress addr:port
+ - markus@cvs.openbsd.org 2001/04/08 13:03:00
+ [ssh-add.c]
+ init pointers with NULL, thanks to danimal@danimal.org
+ - markus@cvs.openbsd.org 2001/04/08 11:27:33
+ [clientloop.c]
+ leave_raw_mode if ssh2 "session" is closed
+ - markus@cvs.openbsd.org 2001/04/06 21:00:17
+ [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
+ ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
+ do gid/groups-swap in addition to uid-swap, should help if /home/group
+ is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
+ to olar@openwall.com is comments. we had many requests for this.
+ - markus@cvs.openbsd.org 2001/04/07 08:55:18
+ [buffer.c channels.c channels.h readconf.c ssh.c]
+ allow the ssh client act as a SOCKS4 proxy (dynamic local
+ portforwarding). work by Dan Kaminsky <dankamin@cisco.com> and me.
+ thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
+ netscape use localhost:1080 as a socks proxy.
+ - markus@cvs.openbsd.org 2001/04/08 11:24:33
+ [uidswap.c]
+ KNF
+
+20010408
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
+ [hostfile.c]
+ unused; typo in comment
+ - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
+ [servconf.c]
+ in addition to:
+ ListenAddress host|ipv4_addr|ipv6_addr
+ permit:
+ ListenAddress [host|ipv4_addr|ipv6_addr]:port
+ ListenAddress host|ipv4_addr:port
+ sshd.8 updates coming. ok markus@
+
+20010407
+ - (bal) CVS ID Resync of version.h
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/05 23:39:20
+ [serverloop.c]
+ keep the ssh session even if there is no active channel.
+ this is more in line with the protocol spec and makes
+ ssh -N -L 1234:server:110 host
+ more useful.
+ based on discussion with <mats@mindbright.se> long time ago
+ and recent mail from <res@shore.net>
+ - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
+ [scp.c]
+ remove trailing / from source paths; fixes pr#1756
+
+20010406
+ - (stevesk) logintest.c: fix for systems without __progname
+ - (stevesk) Makefile.in: log.o is in libssh.a
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/05 10:00:06
+ [compat.c]
+ 2.3.x does old GEX, too; report jakob@
+ - markus@cvs.openbsd.org 2001/04/05 10:39:03
+ [compress.c compress.h packet.c]
+ reset compress state per direction when rekeying.
+ - markus@cvs.openbsd.org 2001/04/05 10:39:48
+ [version.h]
+ temporary version 2.5.4 (supports rekeying).
+ this is not an official release.
+ - markus@cvs.openbsd.org 2001/04/05 10:42:57
+ [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
+ mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
+ sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
+ sshconnect2.c sshd.c]
+ fix whitespace: unexpand + trailing spaces.
+ - markus@cvs.openbsd.org 2001/04/05 11:09:17
+ [clientloop.c compat.c compat.h]
+ add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
+ - markus@cvs.openbsd.org 2001/04/05 15:45:43
+ [ssh.1]
+ ssh defaults to protocol v2; from quisar@quisar.ambre.net
+ - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
+ [canohost.c canohost.h session.c]
+ move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@
+ - markus@cvs.openbsd.org 2001/04/05 20:01:10
+ [clientloop.c]
+ for ~R print message if server does not support rekeying. (and fix ~R).
+ - markus@cvs.openbsd.org 2001/04/05 21:02:46
+ [buffer.c]
+ better error message
+ - markus@cvs.openbsd.org 2001/04/05 21:05:24
+ [clientloop.c ssh.c]
+ don't request a session for 'ssh -N', pointed out slade@shore.net
+
+20010405
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/04 09:48:35
+ [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+ don't sent multiple kexinit-requests.
+ send newkeys, block while waiting for newkeys.
+ fix comments.
+ - markus@cvs.openbsd.org 2001/04/04 14:34:58
+ [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
+ enable server side rekeying + some rekey related clientup.
+ todo: we should not send any non-KEX messages after we send KEXINIT
+ - markus@cvs.openbsd.org 2001/04/04 15:50:55
+ [compat.c]
+ f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
+ - markus@cvs.openbsd.org 2001/04/04 20:25:38
+ [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
+ sshconnect2.c sshd.c]
+ more robust rekeying
+ don't send channel data after rekeying is started.
+ - markus@cvs.openbsd.org 2001/04/04 20:32:56
+ [auth2.c]
+ we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/04 22:04:35
+ [kex.c kexgex.c serverloop.c]
+ parse full kexinit packet.
+ make server-side more robust, too.
+ - markus@cvs.openbsd.org 2001/04/04 23:09:18
+ [dh.c kex.c packet.c]
+ clear+free keys,iv for rekeying.
+ + fix DH mem leaks. ok niels@
+ - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
+ BROKEN_VHANGUP
+
+20010404
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
+ [ssh-agent.1]
+ grammar; slade@shore.net
+ - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
+ [sftp-glob.c ssh-agent.c ssh-keygen.c]
+ free() -> xfree()
+ - markus@cvs.openbsd.org 2001/04/03 19:53:29
+ [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
+ move kex to kex*.c, used dispatch_set() callbacks for kex. should
+ make rekeying easier.
+ - todd@cvs.openbsd.org 2001/04/03 21:19:38
+ [ssh_config]
+ id_rsa1/2 -> id_rsa; ok markus@
+ - markus@cvs.openbsd.org 2001/04/03 23:32:12
+ [kex.c kex.h packet.c sshconnect2.c sshd.c]
+ undo parts of recent my changes: main part of keyexchange does not
+ need dispatch-callbacks, since application data is delayed until
+ the keyexchange completes (if i understand the drafts correctly).
+ add some infrastructure for re-keying.
+ - markus@cvs.openbsd.org 2001/04/04 00:06:54
+ [clientloop.c sshconnect2.c]
+ enable client rekeying
+ (1) force rekeying with ~R, or
+ (2) if the server requests rekeying.
+ works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
+ - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
+
+20010403
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
+ [sshd.8]
+ typo; ok markus@
+ - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
+ [readconf.c servconf.c]
+ correct comment; ok markus@
+ - (stevesk) nchan.c: remove ostate checks and add EINVAL to
+ shutdown(SHUT_RD) error() bypass for HP-UX.
+
+20010402
+ - (stevesk) log.c openbsd sync; missing newlines
+ - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
+
+20010330
+ - (djm) Another openbsd-compat/glob.c sync
+ - (djm) OpenBSD CVS Sync
+ - provos@cvs.openbsd.org 2001/03/28 21:59:41
+ [kex.c kex.h sshconnect2.c sshd.c]
+ forgot to include min and max params in hash, okay markus@
+ - provos@cvs.openbsd.org 2001/03/28 22:04:57
+ [dh.c]
+ more sanity checking on primes file
+ - markus@cvs.openbsd.org 2001/03/28 22:43:31
+ [auth.h auth2.c auth2-chall.c]
+ check auth_root_allowed for kbd-int auth, too.
+ - provos@cvs.openbsd.org 2001/03/29 14:24:59
+ [sshconnect2.c]
+ use recommended defaults
+ - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
+ [sshconnect2.c sshd.c]
+ need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
+ - markus@cvs.openbsd.org 2001/03/29 21:17:40
+ [dh.c dh.h kex.c kex.h]
+ prepare for rekeying: move DH code to dh.c
+ - djm@cvs.openbsd.org 2001/03/29 23:42:01
+ [sshd.c]
+ Protocol 1 key regeneration log => verbose, some KNF; ok markus@
+
20010329
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/26 15:47:59
- stevesk@cvs.openbsd.org 2001/03/28 19:56:23
[scp.c]
start to sync scp closer to rcp; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
+ [scp.c]
+ usage more like rcp and add missing -B to usage; ok markus@
+ - markus@cvs.openbsd.org 2001/03/28 20:50:45
+ [sshd.c]
+ call refuse() before close(); from olemx@ans.pl
20010328
- (djm) Reorder tests and library inclusion for Krb4/AFS to try to
andersk / openssh.git / blobdiff