X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/44fb55e9f4bdaa5585a24f742cd62a4acf5c0d42..56118702fd6541b990ebdbdbcebff4f99f740777:/ChangeLog diff --git a/ChangeLog b/ChangeLog index bdb69ea9..5aea81e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,496 @@ +20000711 + - (djm) Fixup for AIX getuserattr() support from Tom Bertelson + + +20000709 + - (djm) Only enable PAM_TTY kludge for Linux. Problem report from + Kevin Steves + - (djm) Match prototype and function declaration for rresvport_af. + Problem report from Niklas Edmundsson + - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM + builds. Problem report from Gregory Leblanc + - (djm) Replace ut_name with ut_user. Patch from Jim Watt + + - (djm) Fix pam sprintf fix + - (djm) Cleanup entropy collection code a little more. Split initialisation + from seeding, perform intialisation immediatly at start, be careful with + uids. Based on problem report from Jim Watt + - (djm) More NeXT compatibility from Ben Lindstrom + Including sigaction() et al. replacements + - (djm) AIX getuserattr() session initialisation from Tom Bertelson + + +20000708 + - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from + Aaron Hopkins + - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from + Lutz Jaenicke + - (djm) Fixed undefined variables for OSF SIA. Report from + Baars, Henk + - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c + Fix from Marquess, Steve Mr JMLFDC + - (djm) Don't use inet_addr. + +20000702 + - (djm) Fix brace mismatch from Corinna Vinschen + - (djm) Stop shadow expiry checking from preventing logins with NIS. Based + on fix from HARUYAMA Seigo + - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from + Chris, the Young One + - (djm) Fix scp progress meter on really wide terminals. Based on patch + from James H. Cloos Jr. + +20000701 + - (djm) Fix Tru64 SIA problems reported by John P Speno + - (djm) Login fixes from Tom Bertelson + - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen + + - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM + - (djm) Added check for broken snprintf() functions which do not correctly + terminate output string and attempt to use replacement. + - (djm) Released 2.1.1p2 + +20000628 + - (djm) Fixes to lastlog code for Irix + - (djm) Use atomicio in loginrec + - (djm) Patch from Michael Stone to add support for + Irix 6.x array sessions, project id's, and system audit trail id. + - (djm) Added 'distprep' make target to simplify packaging + - (djm) Added patch from Chris Adams to add OSF SIA + support. Enable using "USE_SIA=1 ./configure [options]" + +20000627 + - (djm) Fixes to login code - not setting li->uid, cleanups + - (djm) Formatting + +20000626 + - (djm) Better fix to aclocal tests from Garrick James + - (djm) Account expiry support from Andreas Steinmetz + - (djm) Added password expiry checking (no password change support) + - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK + based on patch from Lutz Jaenicke + - (djm) Fix fixed EGD code. + - OpenBSD CVS update + - provos@cvs.openbsd.org 2000/06/25 14:17:58 + [channels.c] + correct check for bad channel ids; from Wei Dai + +20000623 + - (djm) Use sa_family_t in prototype for rresvport_af. Patch from + Svante Signell + - (djm) Autoconf logic to define sa_family_t if it is missing + - OpenBSD CVS Updates: + - markus@cvs.openbsd.org 2000/06/22 10:32:27 + [sshd.c] + missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL + - djm@cvs.openbsd.org 2000/06/22 17:55:00 + [auth-krb4.c key.c radix.c uuencode.c] + Missing CVS idents; ok markus + +20000622 + - (djm) Automatically generate host key during "make install". Suggested + by Gary E. Miller + - (djm) Paranoia before kill() system call + - OpenBSD CVS Updates: + - markus@cvs.openbsd.org 2000/06/18 18:50:11 + [auth2.c compat.c compat.h sshconnect2.c] + make userauth+pubkey interop with ssh.com-2.2.0 + - markus@cvs.openbsd.org 2000/06/18 20:56:17 + [dsa.c] + mem leak + be more paranoid in dsa_verify. + - markus@cvs.openbsd.org 2000/06/18 21:29:50 + [key.c] + cleanup fingerprinting, less hardcoded sizes + - markus@cvs.openbsd.org 2000/06/19 19:39:45 + [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] + [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] + [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] + [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] + [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] + [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] + [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] + [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] + [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] + OpenBSD tag + - markus@cvs.openbsd.org 2000/06/21 10:46:10 + sshconnect2.c missing free; nuke old comment + +20000620 + - (djm) Replace use of '-o' and '-a' logical operators in configure tests + with '||' and '&&'. As suggested by Jim Knoble + to fix SCO Unixware problem reported by Gary E. Miller + - (djm) Typo in loginrec.c + +20000618 + - (djm) Add summary of configure options to end of ./configure run + - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from + Michael Stone + - (djm) rusage is a privileged operation on some Unices (incl. + Solaris 2.5.1). Report from Paul D. Smith + - (djm) Avoid PAM failures when running without a TTY. Report from + Martin Petrak + - (djm) Include sys/types.h when including netinet/in.h in configure tests. + Patch from Jun-ichiro itojun Hagino + - (djm) Started merge of Ben Lindstrom's NeXT support + - OpenBSD CVS updates: + - deraadt@cvs.openbsd.org 2000/06/17 09:58:46 + [channels.c] + everyone says "nix it" (remove protocol 2 debugging message) + - markus@cvs.openbsd.org 2000/06/17 13:24:34 + [sshconnect.c] + allow extended server banners + - markus@cvs.openbsd.org 2000/06/17 14:30:10 + [sshconnect.c] + missing atomicio, typo + - jakob@cvs.openbsd.org 2000/06/17 16:52:34 + [servconf.c servconf.h session.c sshd.8 sshd_config] + add support for ssh v2 subsystems. ok markus@. + - deraadt@cvs.openbsd.org 2000/06/17 18:57:48 + [readconf.c servconf.c] + include = in WHITESPACE; markus ok + - markus@cvs.openbsd.org 2000/06/17 19:09:10 + [auth2.c] + implement bug compatibility with ssh-2.0.13 pubkey, server side + - markus@cvs.openbsd.org 2000/06/17 21:00:28 + [compat.c] + initial support for ssh.com's 2.2.0 + - markus@cvs.openbsd.org 2000/06/17 21:16:09 + [scp.c] + typo + - markus@cvs.openbsd.org 2000/06/17 22:05:02 + [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] + split auth-rsa option parsing into auth-options + add options support to authorized_keys2 + - markus@cvs.openbsd.org 2000/06/17 22:42:54 + [session.c] + typo + +20000613 + - (djm) Fixes from Andrew McGill : + - Platform define for SCO 3.x which breaks on /dev/ptmx + - Detect and try to fix missing MAXPATHLEN + - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp + + +20000612 + - (djm) Glob manpages in RPM spec files to catch compressed files + - (djm) Full license in auth-pam.c + - (djm) Configure fixes from SAKAI Kiyotaka + - (andre) AIX, lastlog, configure fixes from Tom Bertelson : + - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is + def'd + - Set AIX to use preformatted manpages + +20000610 + - (djm) Minor doc tweaks + - (djm) Fix for configure on bash2 from Jim Knoble + +20000609 + - (djm) Patch from Kenji Miyake to disable utmp usage + (in favour of utmpx) on Solaris 8 + +20000606 + - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through + list of commands (by default). Removed verbose debugging (by default). + - (djm) Increased command entropy estimates and default entropy collection + timeout + - (djm) Remove duplicate headers from loginrec.c + - (djm) Don't add /usr/local/lib to library search path on Irix + - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III + + - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg + + - (djm) OpenBSD CVS updates: + - todd@cvs.openbsd.org + [sshconnect2.c] + teach protocol v2 to count login failures properly and also enable an + explanation of why the password prompt comes up again like v1; this is NOT + crypto + - markus@cvs.openbsd.org + [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] + xauth_location support; pr 1234 + [readconf.c sshconnect2.c] + typo, unused + [session.c] + allow use_login only for login sessions, otherwise remote commands are + execed with uid==0 + [sshd.8] + document UseLogin better + [version.h] + OpenSSH 2.1.1 + [auth-rsa.c] + fix match_hostname() logic for auth-rsa: deny access if we have a + negative match or no match at all + [channels.c hostfile.c match.c] + don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via + kris@FreeBSD.org + +20000606 + - (djm) Added --with-cflags, --with-ldflags and --with-libs options to + configure. + +20000604 + - Configure tweaking for new login code on Irix 5.3 + - (andre) login code changes based on djm feedback + +20000603 + - (andre) New login code + - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c + - Add loginrec.[ch], logintest.c and autoconf code + +20000531 + - Cleanup of auth.c, login.c and fake-* + - Cleanup of auth-pam.c, save and print "account expired" error messages + - Fix EGD read bug by IWAMURO Motonori + - Rewrote bsd-login to use proper utmp API if available. Major cleanup + of fallback DIY code. + +20000530 + - Define atexit for old Solaris + - Fix buffer overrun in login.c for systems which use syslen in utmpx. + patch from YOSHIFUJI Hideaki + - OpenBSD CVS updates: + - markus@cvs.openbsd.org + [session.c] + make x11-fwd work w/ localhost (xauth add host/unix:11) + [cipher.c compat.c readconf.c servconf.c] + check strtok() != NULL; ok niels@ + [key.c] + fix key_read() for uuencoded keys w/o '=' + [serverloop.c] + group ssh1 vs. ssh2 in serverloop + [kex.c kex.h myproposal.h sshconnect2.c sshd.c] + split kexinit/kexdh, factor out common code + [readconf.c ssh.1 ssh.c] + forwardagent defaults to no, add ssh -A + - theo@cvs.openbsd.org + [session.c] + just some line shortening + - Released 2.1.0p3 + +20000520 + - Xauth fix from Markus Friedl + - Don't touch utmp if USE_UTMPX defined + - SunOS 4.x support from Todd C. Miller + - SIGCHLD fix for AIX and HPUX from Tom Bertelson + - HPUX and Configure fixes from Lutz Jaenicke + + - Use mkinstalldirs script to make directories instead of non-portable + "install -d". Suggested by Lutz Jaenicke + - Doc cleanup + +20000518 + - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday + - OpenBSD CVS updates: + - markus@cvs.openbsd.org + [sshconnect.c] + copy only ai_addrlen bytes; misiek@pld.org.pl + [auth.c] + accept an empty shell in authentication; bug reported by + chris@tinker.ucr.edu + [serverloop.c] + we don't have stderr for interactive terminal sessions (fcntl errors) + +20000517 + - Fix from Andre Lucas + - Fixes command line printing segfaults (spotter: Bladt Norbert) + - Fixes erroneous printing of debug messages to syslog + - Fixes utmp for MacOS X (spotter: Aristedes Maniatis) + - Gives useful error message if PRNG initialisation fails + - Reduced ssh startup delay + - Measures cumulative command time rather than the time between reads + after select() + - 'fixprogs' perl script to eliminate non-working entropy commands, and + optionally run 'ent' to measure command entropy + - Applied Tom Bertelson's AIX authentication fix + - Avoid WCOREDUMP complation errors for systems that lack it + - Avoid SIGCHLD warnings from entropy commands + - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson + - OpenBSD CVS update: + - markus@cvs.openbsd.org + [ssh.c] + fix usage() + [ssh2.h] + draft-ietf-secsh-architecture-05.txt + [ssh.1] + document ssh -T -N (ssh2 only) + [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] + enable nonblocking IO for sshd w/ proto 1, too; split out common code + [aux.c] + missing include + - Several patches from SAKAI Kiyotaka + - INSTALL typo and URL fix + - Makefile fix + - Solaris fixes + - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka + + - RSAless operation patch from kevin_oconnor@standardandpoors.com + - Detect OpenSSL seperatly from RSA + - Better test for RSA (more compatible with RSAref). Based on work by + Ed Eden + +20000513 + - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz + + +20000511 + - Fix for prng_seed permissions checking from Lutz Jaenicke + + - "make host-key" fix for Irix + +20000509 + - OpenBSD CVS update + - markus@cvs.openbsd.org + [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] + [ssh.h sshconnect1.c sshconnect2.c sshd.8] + - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) + - hugh@cvs.openbsd.org + [ssh.1] + - zap typo + [ssh-keygen.1] + - One last nit fix. (markus approved) + [sshd.8] + - some markus certified spelling adjustments + - markus@cvs.openbsd.org + [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] + [sshconnect2.c ] + - bug compat w/ ssh-2.0.13 x11, split out bugs + [nchan.c] + - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ + [ssh-keygen.c] + - handle escapes in real and original key format, ok millert@ + [version.h] + - OpenSSH-2.1 + - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a + - Doc updates + - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported + by Andre Lucas + +20000508 + - Makefile and RPM spec fixes + - Generate DSA host keys during "make key" or RPM installs + - OpenBSD CVS update + - markus@cvs.openbsd.org + [clientloop.c sshconnect2.c] + - make x11-fwd interop w/ ssh-2.0.13 + [README.openssh2] + - interop w/ SecureFX + - Release 2.0.0beta2 + + - Configure caching and cleanup patch from Andre Lucas' + + +20000507 + - Remove references to SSLeay. + - Big OpenBSD CVS update + - markus@cvs.openbsd.org + [clientloop.c] + - typo + [session.c] + - update proctitle on pty alloc/dealloc, e.g. w/ windows client + [session.c] + - update proctitle for proto 1, too + [channels.h nchan.c serverloop.c session.c sshd.c] + - use c-style comments + - deraadt@cvs.openbsd.org + [scp.c] + - more atomicio + - markus@cvs.openbsd.org + [channels.c] + - set O_NONBLOCK + [ssh.1] + - update AUTHOR + [readconf.c ssh-keygen.c ssh.h] + - default DSA key file ~/.ssh/id_dsa + [clientloop.c] + - typo, rm verbose debug + - deraadt@cvs.openbsd.org + [ssh-keygen.1] + - document DSA use of ssh-keygen + [sshd.8] + - a start at describing what i understand of the DSA side + [ssh-keygen.1] + - document -X and -x + [ssh-keygen.c] + - simplify usage + - markus@cvs.openbsd.org + [sshd.8] + - there is no rhosts_dsa + [ssh-keygen.1] + - document -y, update -X,-x + [nchan.c] + - fix close for non-open ssh1 channels + [servconf.c servconf.h ssh.h sshd.8 sshd.c ] + - s/DsaKey/HostDSAKey/, document option + [sshconnect2.c] + - respect number_of_password_prompts + [channels.c channels.h servconf.c servconf.h session.c sshd.8] + - GatewayPorts for sshd, ok deraadt@ + [ssh-add.1 ssh-agent.1 ssh.1] + - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 + [ssh.1] + - more info on proto 2 + [sshd.8] + - sync AUTHOR w/ ssh.1 + [key.c key.h sshconnect.c] + - print key type when talking about host keys + [packet.c] + - clear padding in ssh2 + [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] + - replace broken uuencode w/ libc b64_ntop + [auth2.c] + - log failure before sending the reply + [key.c radix.c uuencode.c] + - remote trailing comments before calling __b64_pton + [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] + [sshconnect2.c sshd.8] + - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 + - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) + +20000502 + - OpenBSD CVS update + [channels.c] + - init all fds, close all fds. + [sshconnect2.c] + - check whether file exists before asking for passphrase + [servconf.c servconf.h sshd.8 sshd.c] + - PidFile, pr 1210 + [channels.c] + - EINTR + [channels.c] + - unbreak, ok niels@ + [sshd.c] + - unlink pid file, ok niels@ + [auth2.c] + - Add missing #ifdefs; ok - markus + - Add Andre Lucas' patch to read entropy + gathering commands from a text file + - Release 2.0.0beta1 + 20000501 - OpenBSD CVS update [packet.c] - send debug messages in SSH2 format + [scp.c] + - fix very rare EAGAIN/EINTR issues; based on work by djm + [packet.c] + - less debug, rm unused + [auth2.c] + - disable kerb,s/key in ssh2 + [sshd.8] + - Minor tweaks and typo fixes. + [ssh-keygen.c] + - Put -d into usage and reorder. markus ok. - Include missing headers for OpenSSL tests. Fix from Phil Karn + - Fixed __progname symbol collisions reported by Andre Lucas + + - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering + + - Add some missing ifdefs to auth2.c + - Deprecate perl-tk askpass. + - Irix portability fixes - don't include netinet headers more than once + - Make sure we don't save PRNG seed more than once 20000430 - Merge HP-UX fixes and TCB support from Ged Lodder