X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/3b307f85dcca3b279ffd699deb2580432b5b1a7f..69538b0c680486cc60423b48f419583a9e5b4650:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 23740d7f..6857a03a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,140 @@ +20020515 + - (bal) CVS ID fix up on auth-passwd.c + - (bal) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2002/05/07 19:54:36 + [ssh.h] + use ssh uid + - deraadt@cvs.openbsd.org 2002/05/08 21:06:34 + [ssh.h] + move to sshd.sshd instead + - stevesk@cvs.openbsd.org 2002/05/11 20:24:48 + [ssh.h] + typo in comment + - itojun@cvs.openbsd.org 2002/05/13 02:37:39 + [auth-skey.c auth2.c] + less warnings. skey_{respond,query} are public (in auth.h) + +20020514 + - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. + - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to + match what newer style ptys have when allocated. Based on a patch by + Roger Cornelius + - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work. + - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8 + from PAM-enabled pragraph. UnixWare has no PAM. + - (tim) [contrib/caldera/openssh.spec] update version. + +20020513 + - (stevesk) add initial README.privsep + - (stevesk) [configure.ac] nicer message: --with-privsep-user=user + - (djm) Add --with-superuser-path=xxx configure option to specify + what $PATH the superuser receives. + - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. + - (djm) Add --with-privsep-path configure option + - (djm) Update RPM spec file: different superuser path, use + /var/empty/sshd for privsep + - (djm) Bug #234: missing readpassphrase declaration and defines + - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ + OpenSSL < 0.9.6 + +20020511 + - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. + Now only searches system and /usr/local/ssl (OpenSSL's default install path) + Others must use --with-ssl-dir=.... + - (tim) [monitor_fdpass.c] fix for systems that have both + HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h + has #define msg_accrights msg_control + +20020510 + - (stevesk) [auth.c] Shadow account and expiration cleanup. Now + check for root forced expire. Still don't check for inactive. + - (djm) Rework RedHat RPM files. Based on spec from Nalin + Dahyabhai and patches from + Pekka Savola + - (djm) Try to drop supplemental groups at daemon startup. Patch from + RedHat + - (bal) Back all the way out of auth-passwd.c changes. Breaks too many + things that don't set pw->pw_passwd. + +20020509 + - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep + +20020508 + - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is + called. Report by Chris Maxwell + - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile + - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) + +20020507 + - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] + Add truncate() emulation to address Bug 208 + +20020506 + - (djm) Unbreak auth-passwd.c for PAM and SIA + - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola + + - (djm) Don't reinitialise PAM credentials before we have started PAM. + Report from Pekka Savola + +20020506 + - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue + +20020501 + - (djm) Import OpenBSD regression tests. Requires BSD make to run + - (djm) Fix readpassphase compilation for systems which have it + +20020429 + - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in + sshd_config. + - (tim) [contrib/cygwin/README] remove reference to regex. + patch from Corinna Vinschen + +20020426 + - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode + during distprep only + - (djm) Disable PAM password expiry until a complete fix for bug #188 + exists + - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on + patch from openssh@misc.tecq.org + +20020425 + - (stevesk) [defines.h] remove USE_TIMEVAL; unused + - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26 + support. bug #184. most from dcole@keysoftsys.com. + +20020424 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/04/23 12:54:10 + [version.h] + 3.2.1 + - djm@cvs.openbsd.org 2002/04/23 22:16:29 + [sshd.c] + Improve error message; ok markus@ stevesk@ + 20020423 + - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX + - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused + - (markus) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/04/23 12:58:26 + [radix.c] + send complete ticket; semerad@ss1000.ms.mff.cuni.cz - (djm) Trim ChangeLog to include only post-3.1 changes + - (djm) Update RPM spec file versions + - (djm) Redhat spec enables KrbV by default + - (djm) Applied OpenSC smartcard updates from Markus & + Antti Tapaninen + - (djm) Define BROKEN_REALPATH for AIX, patch from + Antti Tapaninen + - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from + Kevin Taylor (??) via Philipp Grau + + - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes. + Reported by Doug Manton - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by Robert Urban + - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid + sizeof(long long int) == 4 breakage. Patch from Matthew Clarke + - (djm) Make privsep work with PAM (still experimental) - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/04/20 09:02:03 @@ -33,21 +166,23 @@ 20020421 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). - entropy.c needs seteuid(getuid()) for the setuid(original_uid) to succeed. - Patch by gert@greenie.muc.de. This fixes one part of Bug 208 + entropy.c needs seteuid(getuid()) for the setuid(original_uid) to + succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208 20020418 - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from Sturle Sunde 20020417 - - (djm) Tell users to configure /dev/random support into OpenSSL in INSTALL + - (djm) Tell users to configure /dev/random support into OpenSSL in + INSTALL - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca - (tim) [configure.ac] Issue warning on --with-default-path=/some_path if LOGIN_CAP is enabled. Report & testing by Tuc 20020415 - - (djm) Unbreak "make install". Fix from Darren Tucker + - (djm) Unbreak "make install". Fix from Darren Tucker + - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen - (tim) [configure.ac] add tests for recvmsg and sendmsg. [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for @@ -85,7 +220,8 @@ - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/04/10 08:21:47 [auth1.c compat.c compat.h] - strip '@' from username only for KerbV and known broken clients, bug #204 + strip '@' from username only for KerbV and known broken clients, + bug #204 - markus@cvs.openbsd.org 2002/04/10 08:56:01 [version.h] OpenSSH_3.2 @@ -114,8 +250,8 @@ - (bal) OpenBSD CVS Sync - djm@cvs.openbsd.org 2002/04/06 00:30:08 [sftp-client.c] - Fix occasional corruption on upload due to bad reuse of request id, spotted - by chombier@mac.com; ok markus@ + Fix occasional corruption on upload due to bad reuse of request + id, spotted by chombier@mac.com; ok markus@ - mouring@cvs.openbsd.org 2002/04/06 18:24:09 [scp.c] Fixes potental double // within path. @@ -156,13 +292,15 @@ - (bal) OpenBSD CVS Sync (now for the real sync) - markus@cvs.openbsd.org 2002/03/27 22:21:45 [ssh-keygen.c] - try to import keys with extra trailing === (seen with ssh.com < 2.0.12) + try to import keys with extra trailing === (seen with ssh.com < + 2.0.12) - markus@cvs.openbsd.org 2002/03/28 15:34:51 [session.c] do not call record_login twice (for use_privsep) - markus@cvs.openbsd.org 2002/03/29 18:59:32 [session.c session.h] - retrieve last login time before the pty is allocated, store per session + retrieve last login time before the pty is allocated, store per + session - stevesk@cvs.openbsd.org 2002/03/29 19:16:22 [sshd.8] RSA key modulus size minimum 768; ok markus@ @@ -220,7 +358,8 @@ do not talk about packets in bufaux - rees@cvs.openbsd.org 2002/03/26 18:46:59 [scard.c] - try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh' + try_AUT0 in read_pubkey too, for those paranoid few who want to + acl 'sh' - markus@cvs.openbsd.org 2002/03/26 22:50:39 [channels.h] CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too @@ -277,8 +416,9 @@ simplify num_identity_files handling - markus@cvs.openbsd.org 2002/03/25 21:13:51 [channels.c channels.h compat.c compat.h nchan.c] - don't send stderr data after EOF, accept this from older known (broken) - sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179 + don't send stderr data after EOF, accept this from older known + (broken) sshd servers only, fixes + http://bugzilla.mindrot.org/show_bug.cgi?id=179 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01 [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h] $OpenBSD$ @@ -316,7 +456,8 @@ indent - markus@cvs.openbsd.org 2002/03/14 15:24:27 [sshconnect1.c] - don't trust size sent by (rogue) server; noted by s.esser@e-matters.de + don't trust size sent by (rogue) server; noted by + s.esser@e-matters.de - markus@cvs.openbsd.org 2002/03/14 16:38:26 [sshd.c] split out ssh1 session key decryption; ok provos@ @@ -337,7 +478,8 @@ BSD license. from Daniel Kouril via Dug Song. ok markus@ - provos@cvs.openbsd.org 2002/03/17 20:25:56 [auth.c auth.h auth1.c auth2.c] - getpwnamallow returns struct passwd * only if user valid; okay markus@ + getpwnamallow returns struct passwd * only if user valid; + okay markus@ - provos@cvs.openbsd.org 2002/03/18 01:12:14 [auth.h auth1.c auth2.c sshd.c] have the authentication functions return the authentication context @@ -365,11 +507,12 @@ [compress.c] export compression streams for ssh-privsep - provos@cvs.openbsd.org 2002/03/18 17:50:31 - [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h - auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c - session.h servconf.h serverloop.c session.c sshd.c] - integrate privilege separated openssh; its turned off by default for now. - work done by me and markus@ + [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c] + [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c] + [kexgex.c servconf.c] + [session.h servconf.h serverloop.c session.c sshd.c] + integrate privilege separated openssh; its turned off by default + for now. work done by me and markus@ - provos@cvs.openbsd.org 2002/03/18 17:53:08 [sshd.8] credits for privsep @@ -395,9 +538,9 @@ [auth-options.c auth.h session.c session.h sshd.c] clean up prototypes - markus@cvs.openbsd.org 2002/03/19 10:49:35 - [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c - sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c - ttymodes.c] + [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h] + [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c] + [sshconnect2.c sshd.c ttymodes.c] KNF whitespace - markus@cvs.openbsd.org 2002/03/19 14:27:39 [auth.c auth1.c auth2.c] @@ -452,9 +595,9 @@ remove unused, sync w/ cmdline patch in my tree. 20020317 - - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, - warn if directory does not exist. Put system directories in front of - PATH for finding entorpy commands. + - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is + wanted, warn if directory does not exist. Put system directories in + front of PATH for finding entorpy commands. - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package build fixes. Patch by Darren Tucker [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have