X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/0185527783fe549694316d3f4432cf9db264f939..c9d0ad9bcc6ae98c544f29d84972c11745179078:/ChangeLog diff --git a/ChangeLog b/ChangeLog index faac243a..495cb943 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,333 @@ +20011219 + - (stevesk) OpenBSD CVS sync X11 localhost display + - stevesk@cvs.openbsd.org 2001/11/29 14:10:51 + [channels.h channels.c session.c] + sshd X11 fake server will now listen on localhost by default: + $ echo $DISPLAY + localhost:12.0 + $ netstat -an|grep 6012 + tcp 0 0 127.0.0.1.6012 *.* LISTEN + tcp6 0 0 ::1.6012 *.* LISTEN + sshd_config gatewayports=yes can be used to revert back to the old + behavior. will control this with another option later. ok markus@ + - stevesk@cvs.openbsd.org 2001/12/19 08:43:11 + [includes.h session.c] + handle utsname.nodename case for FamilyLocal X authorization; ok markus@ + +20011207 + - (bal) PCRE no longer required. Banished from the source along with + fake-regex.h + - (bal) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2001/12/06 18:02:32 + [channels.c sshconnect.c] + shutdown(sock, SHUT_RDWR) not needed here; ok markus@ + - stevesk@cvs.openbsd.org 2001/12/06 18:09:23 + [channels.c session.c] + strncpy->strlcpy. remaining strncpy's are necessary. ok markus@ + - stevesk@cvs.openbsd.org 2001/12/06 18:20:32 + [channels.c] + disable nagle for X11 fake server and client TCPs. from netbsd. + ok markus@ + +20011206 + - (bal) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2001/11/14 20:45:08 + [sshd.c] + errno saving wrapping in a signal handler + - markus@cvs.openbsd.org 2001/11/16 12:46:13 + [ssh-keyscan.c] + handle empty lines instead of dumping core; report from sha@sha-1.net + - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 + [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] + enum/int type cleanup where it made sense to do so; ok markus@ + - markus@cvs.openbsd.org 2001/11/19 11:20:21 + [sshd.c] + fd leak on HUP; ok stevesk@ + - stevesk@cvs.openbsd.org 2001/11/19 18:40:46 + [ssh-agent.1] + clarify/state that private keys are not exposed to clients using the + agent; ok markus@ + - mpech@cvs.openbsd.org 2001/11/19 19:02:16 + [deattack.c radix.c] + kill more registers + millert@ ok + - markus@cvs.openbsd.org 2001/11/21 15:51:24 + [key.c] + mem leak + - stevesk@cvs.openbsd.org 2001/11/21 18:49:14 + [ssh-keygen.1] + more on passphrase construction; ok markus@ + - stevesk@cvs.openbsd.org 2001/11/22 05:27:29 + [ssh-keyscan.c] + don't use "\n" in fatal() + - markus@cvs.openbsd.org 2001/11/22 12:34:22 + [clientloop.c serverloop.c sshd.c] + volatile sig_atomic_t + - stevesk@cvs.openbsd.org 2001/11/29 19:06:39 + [channels.h] + remove dead function prototype; ok markus@ + - markus@cvs.openbsd.org 2001/11/29 22:08:48 + [auth-rsa.c] + fix protocol error: send 'failed' message instead of a 2nd challenge + (happens if the same key is in authorized_keys twice). + reported Ralf_Meister@genua.de; ok djm@ + - stevesk@cvs.openbsd.org 2001/11/30 20:39:28 + [ssh.c] + sscanf() length dependencies are clearer now; can also shrink proto + and data if desired, but i have not done that. ok markus@ + - markus@cvs.openbsd.org 2001/12/01 21:41:48 + [session.c sshd.8] + don't pass user defined variables to /usr/bin/login + - deraadt@cvs.openbsd.org 2001/12/02 02:08:32 + [sftp-common.c] + zap }; + - itojun@cvs.openbsd.org 2001/12/05 03:50:01 + [clientloop.c serverloop.c sshd.c] + deal with LP64 printf issue with sig_atomic_t. from thorpej + - itojun@cvs.openbsd.org 2001/12/05 03:56:39 + [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c + sshconnect2.c] + make it compile with more strict prototype checking + - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 + [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c + key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c + sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] + minor KNF + - markus@cvs.openbsd.org 2001/12/05 15:04:48 + [version.h] + post 3.0.2 + - markus@cvs.openbsd.org 2001/12/05 16:54:51 + [compat.c match.c match.h] + make theo and djm happy: bye bye regexp + - markus@cvs.openbsd.org 2001/12/06 13:30:06 + [servconf.c servconf.h sshd.8 sshd.c] + add -o to sshd, too. ok deraadt@ + - (bal) Minor white space fix up in servconf.c + +20011126 + - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c, + openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c] + Allow SSHD to install as service under WIndows 9x/Me + [configure.ac] Fix to allow linking against PCRE on Cygwin + Patches by Corinna Vinschen + +20011115 + - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian + Fix from markus@ + - (djm) Release 3.0.1p1 + +20011113 + - (djm) Fix early (and double) free of remote user when using Kerberos. + Patch from Simon Wilkinson + - (djm) AIX login{success,failed} changes. Move loginsuccess call to + do_authenticated. Call loginfailed for protocol 2 failures > MAX like + we do for protocol 1. Reports from Ralf Wenk , + K.Wolkersdorfer@fz-juelich.de and others + - (djm) OpenBSD CVS Sync + - dugsong@cvs.openbsd.org 2001/11/11 18:47:10 + [auth-krb5.c] + fix krb5 authorization check. found by . from + art@, deraadt@ ok + - markus@cvs.openbsd.org 2001/11/12 11:17:07 + [servconf.c] + enable authorized_keys2 again. tested by fries@ + - markus@cvs.openbsd.org 2001/11/13 02:03:57 + [version.h] + enter 3.0.1 + - (djm) Bump RPM package versions + +20011112 + - (djm) Makefile correctness fix from Mark D. Baushke + - (djm) Cygwin config patch from Corinna Vinschen + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/10/24 08:41:41 + [sshd.c] + mention remote port in debug message + - markus@cvs.openbsd.org 2001/10/24 08:41:20 + [ssh.c] + remove unused + - markus@cvs.openbsd.org 2001/10/24 08:51:35 + [clientloop.c ssh.c] + ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@ + - markus@cvs.openbsd.org 2001/10/24 19:57:40 + [clientloop.c] + make ~& (backgrounding) work again for proto v1; add support ~& for v2, too + - markus@cvs.openbsd.org 2001/10/25 21:14:32 + [ssh-keygen.1 ssh-keygen.c] + better docu for fingerprinting, ok deraadt@ + - markus@cvs.openbsd.org 2001/10/29 19:27:15 + [sshconnect2.c] + hostbased: check for client hostkey before building chost + - markus@cvs.openbsd.org 2001/10/30 20:29:09 + [ssh.1] + ssh.1 + - markus@cvs.openbsd.org 2001/11/07 16:03:17 + [packet.c packet.h sshconnect2.c] + pad using the padding field from the ssh2 packet instead of sending + extra ignore messages. tested against several other ssh servers. + - markus@cvs.openbsd.org 2001/11/07 21:40:21 + [ssh-rsa.c] + ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported + - markus@cvs.openbsd.org 2001/11/07 22:10:28 + [ssh-dss.c ssh-rsa.c] + missing free and sync dss/rsa code. + - markus@cvs.openbsd.org 2001/11/07 22:12:01 + [sshd.8] + s/Keepalive/KeepAlive/; from openbsd@davidkrause.com + - markus@cvs.openbsd.org 2001/11/07 22:41:51 + [auth2.c auth-rh-rsa.c] + unused includes + - markus@cvs.openbsd.org 2001/11/07 22:53:21 + [channels.h] + crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com + - markus@cvs.openbsd.org 2001/11/08 10:51:08 + [readpass.c] + don't strdup too much data; from gotoh@taiyo.co.jp; ok millert. + - markus@cvs.openbsd.org 2001/11/08 17:49:53 + [ssh.1] + mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@ + - markus@cvs.openbsd.org 2001/11/08 20:02:24 + [auth.c] + don't print ROOT in CAPS for the authentication messages, i.e. + Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2 + becomes + Accepted publickey for root from 127.0.0.1 port 42734 ssh2 + - markus@cvs.openbsd.org 2001/11/09 18:59:23 + [clientloop.c serverloop.c] + don't memset too much memory, ok millert@ + original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com + - markus@cvs.openbsd.org 2001/11/10 13:19:45 + [sshd.c] + cleanup libwrap support (remove bogus comment, bogus close(), add + debug, etc). + - markus@cvs.openbsd.org 2001/11/10 13:22:42 + [ssh-rsa.c] + KNF (unexpand) + - markus@cvs.openbsd.org 2001/11/10 13:37:20 + [packet.c] + remove extra debug() + - markus@cvs.openbsd.org 2001/11/11 13:02:31 + [servconf.c] + make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if + AuthorizedKeysFile is specified. + - (djm) Reorder portable-specific server options so that they come first. + This should help reduce diff collisions for new server options (as they + will appear at the end) + +20011109 + - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) + if permit_empty_passwd == 0 so null password check cannot be bypassed. + jayaraj@amritapuri.com OpenBSD bug 2168 + - markus@cvs.openbsd.org 2001/11/09 19:08:35 + [sshd.c] + remove extra trailing dot from log message; pilot@naughty.monkey.org + +20011103 + - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates + from Raymund Will + [acconfig.h configure.in] Clean up login checks. + Problem reported by Jim Knoble + +20011101 + - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free) + +20011031 + - (djm) Unsmoke drugs: config files should be noreplace. + +20011030 + - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6 + by default (can force IPv4 using --define "noipv6 1") + +20011029 + - (tim) [TODO defines.h loginrec.c] Change the references to configure.in + to configure.ac + +20011028 + - (djm) Avoid bug in Solaris PAM libs + - (djm) Disconnect if no tty and PAM reports password expired + - (djm) Fix for PAM password changes being echoed (from stevesk) + - (stevesk) Fix compile problem with PAM password change fix + - (stevesk) README: zlib location is http://www.gzip.org/zlib/ + +20011027 + - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb) + Patch by Robert Dahlem + +20011026 + - (bal) Set the correct current time in login_utmp_only(). Patch by + Wayne Davison + - (tim) [scard/Makefile.in] Fix install: when building outside of source + tree and using --src=/full_path/to/openssh + Patch by Mark D. Baushke + +20011025 + - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch + by todd@ + - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and + tcp-wrappers precedence over system libraries and includes. + Report from Dave Dykstra + +20011024 + - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already. + - (tim) configure.in -> configure.ac + +20011023 + - (bal) Updated version to 3.0p1 in preparing for release. + - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform. + - (tim) [configure.in] Fix test for broken dirname. Based on patch from + Dave Dykstra . Remove un-needed test for zlib.h. + [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec, + contrib/suse/openssh.spec] Update version to match version.h + +20011022 + - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open). + Report from Michal Zalewski + +20011021 + - (tim) [configure.in] Clean up library testing. Add optional PATH to + --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on + patch by albert chin (china@thewrittenword.com) + Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading + of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE + with AC_CHECK_MEMBERS. Add test for broken dirname() on + Solaris 2.5.1 by Dan Astoorian + [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test. + patch by albert chin (china@thewrittenword.com) + [scp.c] Replace obsolete HAVE_ST_BLKSIZE with + HAVE_STRUCT_STAT_ST_BLKSIZE. + [Makefile.in] When running make in top level, always do make + in openbsd-compat. patch by Dave Dykstra + +20011019 + - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by + Zoran Milojevic and j.petersen@msh.de + +20011012 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/10/10 22:18:47 + [channels.c channels.h clientloop.c nchan.c serverloop.c] + [session.c session.h] + try to keep channels open until an exit-status message is sent. + don't kill the login shells if the shells stdin/out/err is closed. + this should now work: + ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ? + - markus@cvs.openbsd.org 2001/10/11 13:45:21 + [session.c] + delay detach of session if a channel gets closed but the child is + still alive. however, release pty, since the fd's to the child are + already closed. + - markus@cvs.openbsd.org 2001/10/11 15:24:00 + [clientloop.c] + clear select masks if we return before calling select(). + - (djm) "make veryclean" fix from Tom Holroyd + - (djm) Clean some autoconf-2.52 junk when doing "make distclean" + - (djm) Cleanup sshpty.c a little + - (bal) First wave of contrib/solaris/ package upgrades. Still more + work needs to be done, but it is a 190% better then the stuff we + had before! + - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not + set right. + 20011010 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/10/04 14:34:16 @@ -40,6 +370,16 @@ - markus@cvs.openbsd.org 2001/10/09 19:32:49 [session.c] stat subsystem command before calling do_exec, and return error to client. + - markus@cvs.openbsd.org 2001/10/09 19:51:18 + [serverloop.c] + close all channels if the connection to the remote host has been closed, + should fix sshd's hanging with WCHAN==wait + - markus@cvs.openbsd.org 2001/10/09 21:59:41 + [channels.c channels.h serverloop.c session.c session.h] + simplify session close: no more delayed session_close, no more + blocking wait() calls. + - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c + - (bal) seed_init() and seed_rng() required in ssh-keyscan.c 20011007 - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.