X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/2c9a4d41bd8f4132948c426d83d76cc3617a5637..7034edae687b1f321f7965ef2ad5594067bb4262:/ChangeLog diff --git a/ChangeLog b/ChangeLog index c973c9d3..8b8b1f63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,263 @@ +20050209 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 + [ssh_config] + Make it clear that the example entries in ssh_config are only some of the + commonly-used options and refer the user to ssh_config(5) for more + details; ok djm@ + - jmc@cvs.openbsd.org 2005/01/28 15:05:43 + [ssh_config.5] + grammar; + - jmc@cvs.openbsd.org 2005/01/28 18:14:09 + [ssh_config.5] + wording; + ok markus@ + +20050208 + - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the + regress tests so newer versions of GNU head(1) behave themselves. Patch + by djm, so ok me. + - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. + - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c + monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit + defines and enums with SSH_ to prevent namespace collisions on some + platforms (eg AIX). + +20050204 + - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. + - (dtucker) [auth.c] Fix parens in audit log check. + +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ + - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child + the process. Since we also unset KRB5CCNAME at startup, if it's set after + authentication it must have been set by the platform's native auth system. + This was already done for AIX; this enables it for the general case. + - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] + Bug #974: Teach sshd to write failed login records to btmp for failed auth + attempts (currently only for password, kbdint and C/R, only on Linux and + HP-UX), based on code from login.c from util-linux. With ashok_kovai at + hotmail.com, ok djm@ + - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c + monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: + (first stage) Add audit instrumentation to sshd, currently disabled by + default. with suggestions from and ok djm@ + +20050201 + - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some + platforms syslog will revert to its default values. This may result in + messages from external libraries (eg libwrap) being sent to a different + facility. + - (dtucker) [sshd_config.5] Bug #701: remove warning about + keyboard-interactive since this is no longer the case. + +20050124 + - (dtucker) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2005/01/21 08:32:02 + [auth-passwd.c sshd.c] + Warn in advance for password and account expiry; initialize loginmsg + buffer earlier and clear it after privsep fork. ok and help dtucker@ + markus@ + - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 + [auth.c] + Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and + DenyGroups. bz #909, ok djm@ + - djm@cvs.openbsd.org 2005/01/23 10:18:12 + [cipher.c] + config option "Ciphers" should be case-sensitive; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 + [scp.c sftp.c] + Have scp and sftp wait for the spawned ssh to exit before they exit + themselves. This prevents ssh from being unable to restore terminal + modes (not normally a problem on OpenBSD but common with -Portable + on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); + ok djm@ markus@ + - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 + [moduli] + Import new moduli; requested by deraadt@ a week ago + - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 + [auth-passwd.c] + #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ + +20050120 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/23 17:35:48 + [session.c] + check for NULL; from mpech + - markus@cvs.openbsd.org 2004/12/23 17:38:07 + [ssh-keygen.c] + leak; from mpech + - djm@cvs.openbsd.org 2004/12/23 23:11:00 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + bz #898: support AddressFamily in sshd_config. from + peak@argo.troja.mff.cuni.cz; ok deraadt@ + - markus@cvs.openbsd.org 2005/01/05 08:51:32 + [sshconnect.c] + remove dead code, log connect() failures with level error, ok djm@ + - jmc@cvs.openbsd.org 2005/01/08 00:41:19 + [sshd_config.5] + `login'(n) -> `log in'(v); + - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 + [moduli.c] + Correct spelling: SCHNOOR->SCHNORR; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 + [sshd.c] + Make debugging output continue after reexec; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 + [auth-bsdauth.c auth2-chall.c] + Have keyboard-interactive code call the drivers even for responses for + invalid logins. This allows the drivers themselves to decide how to + handle them and prevent leaking information where possible. Existing + behaviour for bsdauth is maintained by checking authctxt->valid in the + bsdauth driver. Note that any third-party kbdint drivers will now need + to be able to handle responses for invalid logins. ok markus@ + - djm@cvs.openbsd.org 2004/12/22 02:13:19 + [cipher-ctr.c cipher.c] + remove fallback AES support for old OpenSSL, as OpenBSD has had it for + many years now; ok deraadt@ + (Id sync only: Portable will continue to support older OpenSSLs) + - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user + existence via keyboard-interactive/pam, in conjunction with previous + auth2-chall.c change; with Colin Watson and djm. + - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 + bytes to prevent errors from login_init_entry() when the username is + exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ + - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from + the list of available kbdint devices if UsePAM=no. ok djm@ + +20050118 + - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement + "make survey" and "make send-survey". This will provide data on the + configure parameters, platform and platform features to the development + team, which will allow (among other things) better targetting of testing. + It's entirely voluntary and is off be default. ok djm@ + - (dtucker) [survey.sh.in] Remove any blank lines from the output of + ccver-v and ccver-V. + +20041220 + - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading + from prngd is enabled at compile time but fails at run time, eg because + prngd is not running. Note that if you have prngd running when OpenSSH is + built, OpenSSL will consider itself internally seeded and rand-helper won't + be built at all unless explicitly enabled via --with-rand-helper. ok djm@ + - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since + on some wacky platforms (eg old AIXes), dd will refuse to create an output + file if it doesn't exist. + +20041213 + - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from + amarendra.godbole at ge com. + +20041211 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/06 16:00:43 + [bufaux.c] + use 0x00 not \0 since buf[] is a bignum + - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 + [sftp.c] + - fix globbed ls for paths the same lenght as the globbed path when + we have a unique matching. + - fix globbed ls in case of a directory when we have a unique matching. + - as a side effect, if the path does not exist error (used to silently + ignore). + - don't do extra do_lstat() if we only have one matching file. + djm@ ok + - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] + Fix debug call in error path of authorized_keys processing and fix related + warnings; ok djm@ + +20041208 + - (tim) [configure.ac] Comment some non obvious platforms in the + target-specific case statement. Suggested and OK by dtucker@ + +20041207 + - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. + +20041206 + - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/11/25 22:22:14 + [sftp-client.c sftp.c] + leak; from mpech + - jmc@cvs.openbsd.org 2004/11/29 00:05:17 + [sftp.1] + missing full stop; + - djm@cvs.openbsd.org 2004/11/29 07:41:24 + [sftp-client.h sftp.c] + Some small fixes from moritz@jodeit.org. ok deraadt@ + - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 + [sftp.1] + - explain that patterns can be used as arguments in get/put/ls/etc + commands (prodded by Michael Knudsen) + - describe ls flags as a list + - other minor improvements + ok jmc, djm + - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] + Discard over-length authorized_keys entries rather than complaining when + they don't decode. bz #884, with & ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - djm@cvs.openbsd.org 2004/06/26 06:16:07 + [reexec.sh] + don't change the name of the copied sshd for the reexec fallback test, + makes life simpler for portable + - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 + [scp.sh] + Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ + - david@cvs.openbsd.org 2004/07/09 19:45:43 + [Makefile] + add a missing CLEANFILES used in the re-exec test + - djm@cvs.openbsd.org 2004/10/08 02:01:50 + [reexec.sh] + shrink and tidy; ok dtucker@ + - djm@cvs.openbsd.org 2004/10/29 23:59:22 + [Makefile added brokenkeys.sh] + regression test for handling of corrupt keys in authorized_keys file + - djm@cvs.openbsd.org 2004/11/07 00:32:41 + [multiplex.sh] + regression tests for new multiplex commands + - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 + [test-exec.sh] + Remove obsolete RhostsAuthentication from test config; ok markus@ + - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 + [test-exec.sh] + Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ + +20041203 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2004/11/07 17:42:36 + [ssh.1] + options sort, and whitespace; + - jmc@cvs.openbsd.org 2004/11/07 17:57:30 + [ssh.c] + usage(): + - add -O + - sync -S w/ manpage + - remove -h + - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is + subsequently denied by the PAM auth stack, send the PAM message to the + user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). + ok djm@ + +20041107 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/11/05 12:19:56 + [sftp.c] + command editing and history support via libedit; ok markus@ + thanks to hshoexer@ and many testers on tech@ too + - djm@cvs.openbsd.org 2004/11/07 00:01:46 + [clientloop.c clientloop.h ssh.1 ssh.c] + add basic control of a running multiplex master connection; including the + ability to check its status and request it to exit; ok markus@ + - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure + option and supporting makefile bits and documentation. + 20041105 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/08/30 09:18:08 @@ -51,6 +311,17 @@ were not being updated if they had changed after ~^Z suspends and SIGWINCH was not being processed unless the first connection had requested a tty; ok markus + - djm@cvs.openbsd.org 2004/10/29 22:53:56 + [clientloop.c misc.h readpass.c ssh-agent.c] + factor out common permission-asking code to separate function; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:56:17 + [bufaux.c bufaux.h buffer.c buffer.h] + introduce a new buffer API that returns an error rather than fatal()ing + when presented with bad data; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:57:05 + [key.c] + use new buffer API to avoid fatal errors on corrupt keys in authorized_keys + files; ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX