X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/5b5f6af7bdfb6586eb07602d2414f04ad29e14f4..d3221cca2d803f842bd8cef2fc3c542d17b1be39:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 281386ec..df9bc664 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,364 @@ +20060710 + - (dtucker) [INSTALL] New autoconf version: 2.60. + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/06/14 10:50:42 + [sshconnect.c] + limit the number of pre-banner characters we will accept; ok markus@ + - djm@cvs.openbsd.org 2006/06/26 10:36:15 + [clientloop.c] + mention optional bind_address in runtime port forwarding setup + command-line help. patch from santhi.amirta AT gmail.com + - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 + [ssh.1 ssh.c ssh_config.5 sshd_config.5] + more details and clarity for tun(4) device forwarding; ok and help + jmc@ + - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 + [gss-serv-krb5.c gss-serv.c] + no "servconf.h" needed here + (gss-serv-krb5.c change not applied, portable needs the server options) + - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 + [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] + move #include out of includes.h + (portable needed uidswap.c too) + - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 + [clientloop.c ssh.1] + use -KR[bind_address:]port here; ok djm@ + - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 + [includes.h ssh.c sshconnect.c sshd.c] + move #include "version.h" out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 + [channels.c includes.h] + move #include out of includes.h; old ok djm@ + (portable needed session.c too) + - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 + [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] + [serverloop.c sshconnect.c uuencode.c] + move #include out of includes.h; ok deraadt@ + (also ssh-rand-helper.c logintest.c loginrec.c) + - djm@cvs.openbsd.org 2006/07/06 10:47:05 + [servconf.c servconf.h session.c sshd_config.5] + support arguments to Subsystem commands; ok markus@ + - djm@cvs.openbsd.org 2006/07/06 10:47:57 + [sftp-server.8 sftp-server.c] + add commandline options to enable logging of transactions; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 + [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] + [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] + [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] + [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] + [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] + [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] + [uidswap.h] + move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 + [ssh-keygen.c] + move #include "dns.h" up + - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 + [monitor_wrap.h] + typo in comment + - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 + [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] + [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] + [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] + move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 + [monitor.c session.c] + missed these from last commit: + move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 + [log.c] + move user includes after /usr/include files + - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 + [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] + [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] + [sshlogin.c sshpty.c] + move #include out of includes.h + +20060706 + - (dtucker) [configure.ac] Try AIX blibpath test in different order when + compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so + configure would not select the correct libpath linker flags. + - (dtucker) [INSTALL] A bit more info on autoconf. + +20060705 + - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the + target already exists. + +20060630 + - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf + declaration too. Patch from russ at sludge.net. + - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, + prevents warnings on platforms where _res is in the system headers. + - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which + version. + +20060627 + - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems + with autoconf 2.60. Patch from vapier at gentoo.org. + +20060625 + - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys + only, otherwise sshd can hang exiting non-interactive sessions. + +20060624 + - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. + Works around limitation in Solaris' passwd program for changing passwords + where the username is longer than 8 characters. ok djm@ + - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug + #1102 workaround. + +20060623 + - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add + tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch + from reyk@, tested by anil@ + - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX + 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes + on the pty slave as zero-length reads on the pty master, which sshd + interprets as the descriptor closing. Since most things don't do zero + length writes this rarely matters, but occasionally it happens, and when + it does the SSH pty session appears to hang, so we add a special case for + this condition. ok djm@ + +20060613 + - (djm) [getput.h] This file has been replaced by functions in misc.c + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/05/08 10:49:48 + [sshconnect2.c] + uint32_t -> u_int32_t (which we use everywhere else) + (Id sync only - portable already had this) + - markus@cvs.openbsd.org 2006/05/16 09:00:00 + [clientloop.c] + missing free; from Kylene Hall + - markus@cvs.openbsd.org 2006/05/17 12:43:34 + [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] + fix leak; coverity via Kylene Jo Hall + - miod@cvs.openbsd.org 2006/05/18 21:27:25 + [kexdhc.c kexgexc.c] + paramter -> parameter + - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 + [ssh_config.5] + Add gssapi-with-mic to PreferredAuthentications default list; ok jmc + - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 + [ssh_config] + Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in + sample ssh_config. ok markus@ + - jmc@cvs.openbsd.org 2006/05/29 16:10:03 + [ssh_config.5] + oops - previous was too long; split the list of auths up + - mk@cvs.openbsd.org 2006/05/30 11:46:38 + [ssh-add.c] + Sync usage() with man page and reality. + ok deraadt dtucker + - jmc@cvs.openbsd.org 2006/05/29 16:13:23 + [ssh.1] + add GSSAPI to the list of authentication methods supported; + - mk@cvs.openbsd.org 2006/05/30 11:46:38 + [ssh-add.c] + Sync usage() with man page and reality. + ok deraadt dtucker + - markus@cvs.openbsd.org 2006/06/01 09:21:48 + [sshd.c] + call get_remote_ipaddr() early; fixes logging after client disconnects; + report mpf@; ok dtucker@ + - markus@cvs.openbsd.org 2006/06/06 10:20:20 + [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] + replace remaining setuid() calls with permanently_set_uid() and + check seteuid() return values; report Marcus Meissner; ok dtucker djm + - markus@cvs.openbsd.org 2006/06/08 14:45:49 + [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] + do not set the gid, noted by solar; ok djm + - djm@cvs.openbsd.org 2006/06/13 01:18:36 + [ssh-agent.c] + always use a format string, even when printing a constant + - djm@cvs.openbsd.org 2006/06/13 02:17:07 + [ssh-agent.c] + revert; i am on drugs. spotted by alexander AT beard.se + +20060521 + - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor + and slave, we can remove the special-case handling in the audit hook in + auth_log. + +20060517 + - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file + pointer leak. From kjhall at us.ibm.com, found by coverity. + +20060515 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of + _res, prevents problems on some platforms that have _res as a global but + don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by + georg.schwarz at freenet.de, ok djm@. + - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative + default. Patch originally from tim@, ok djm + - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and + do not allow kbdint again after the PAM account check fails. ok djm@ + +20060506 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 + [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] + Prevent ssh from trying to open private keys with bad permissions more than + once or prompting for their passphrases (which it subsequently ignores + anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ + - djm@cvs.openbsd.org 2006/05/04 14:55:23 + [dh.c] + tighter DH exponent checks here too; feedback and ok markus@ + - djm@cvs.openbsd.org 2006/04/01 05:37:46 + [OVERVIEW] + $OpenBSD$ in here too + - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 + [auth-krb5.c] + Add $OpenBSD$ in comment here too + +20060504 + - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c + session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c + openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) + in Portable-only code; since calloc zeros, remove now-redundant memsets. + Also add a couple of sanity checks. With & ok djm@ + +20060503 + - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h + and double including it on IRIX 5.3 causes problems. From Georg Schwarz, + "no objections" tim@ + +20060423 + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 + [scp.c] + minimal lint cleanup (unused crud, and some size_t); ok djm + - djm@cvs.openbsd.org 2006/04/01 05:50:29 + [scp.c] + xasprintification; ok deraadt@ + - djm@cvs.openbsd.org 2006/04/01 05:51:34 + [atomicio.c] + ANSIfy; requested deraadt@ + - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 + [ssh-keysign.c] + sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ + - djm@cvs.openbsd.org 2006/04/03 07:10:38 + [gss-genr.c] + GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 + by dleonard AT vintela.com. use xasprintf() to simplify code while in + there; "looks right" deraadt@ + - djm@cvs.openbsd.org 2006/04/16 00:48:52 + [buffer.c buffer.h channels.c] + Fix condition where we could exit with a fatal error when an input + buffer became too large and the remote end had advertised a big window. + The problem was a mismatch in the backoff math between the channels code + and the buffer code, so make a buffer_check_alloc() function that the + channels code can use to propsectivly check whether an incremental + allocation will succeed. bz #1131, debugged with the assistance of + cove AT wildpackets.com; ok dtucker@ deraadt@ + - djm@cvs.openbsd.org 2006/04/16 00:52:55 + [atomicio.c atomicio.h] + introduce atomiciov() function that wraps readv/writev to retry + interrupted transfers like atomicio() does for read/write; + feedback deraadt@ dtucker@ stevesk@ ok deraadt@ + - djm@cvs.openbsd.org 2006/04/16 00:54:10 + [sftp-client.c] + avoid making a tiny 4-byte write to send the packet length of sftp + commands, which would result in a separate tiny packet on the wire by + using atomiciov(writev, ...) to write the length and the command in one + pass; ok deraadt@ + - djm@cvs.openbsd.org 2006/04/16 07:59:00 + [atomicio.c] + reorder sanity test so that it cannot dereference past the end of the + iov array; well spotted canacar@! + - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 + [bufaux.c bufbn.c Makefile.in] + Move Buffer bignum functions into their own file, bufbn.c. This means + that sftp and sftp-server (which use the Buffer functions in bufaux.c + but not the bignum ones) no longer need to be linked with libcrypto. + ok markus@ + - djm@cvs.openbsd.org 2006/04/20 09:27:09 + [auth.h clientloop.c dispatch.c dispatch.h kex.h] + replace the last non-sig_atomic_t flag used in a signal handler with a + sig_atomic_t, unfortunately with some knock-on effects in other (non- + signal) contexts in which it is used; ok markus@ + - markus@cvs.openbsd.org 2006/04/20 09:47:59 + [sshconnect.c] + simplify; ok djm@ + - djm@cvs.openbsd.org 2006/04/20 21:53:44 + [includes.h session.c sftp.c] + Switch from using pipes to socketpairs for communication between + sftp/scp and ssh, and between sshd and its subprocesses. This saves + a file descriptor per session and apparently makes userland ppp over + ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this + decision on a per-platform basis) + - djm@cvs.openbsd.org 2006/04/22 04:06:51 + [uidswap.c] + use setres[ug]id() to permanently revoke privileges; ok deraadt@ + (ID Sync only - portable already uses setres[ug]id() whenever possible) + - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 + [crc32.c] + remove extra spaces + - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get + sig_atomic_t + +20060421 + - (djm) [Makefile.in configure.ac session.c sshpty.c] + [contrib/redhat/sshd.init openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] + [openbsd-compat/port-linux.h] Add support for SELinux, setting + the execution and TTY contexts. based on patch from Daniel Walsh, + bz #880; ok dtucker@ + +20060418 + - (djm) [canohost.c] Reorder IP options check so that it isn't broken + by mapped addresses; bz #1179 reported by markw wtech-llc.com; + ok dtucker@ + +20060331 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 + [xmalloc.c] + we can do the size & nmemb check before the integer overflow check; + evol + - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 + [dh.c] + use strtonum() instead of atoi(), limit dhg size to 64k; ok djm + - djm@cvs.openbsd.org 2006/03/27 23:15:46 + [sftp.c] + always use a format string for addargs; spotted by mouring@ + - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 + [README.tun ssh.c] + spacing + - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 + [channels.c] + do not accept unreasonable X ports numbers; ok djm + - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 + [ssh-agent.c] + use strtonum() to parse the pid from the file, and range check it + better; ok djm + - djm@cvs.openbsd.org 2006/03/30 09:41:25 + [channels.c] + ARGSUSED for dispatch table-driven functions + - djm@cvs.openbsd.org 2006/03/30 09:58:16 + [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] + [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] + replace {GET,PUT}_XXBIT macros with functionally similar functions, + silencing a heap of lint warnings. also allows them to use + __bounded__ checking which can't be applied to macros; requested + by and feedback from deraadt@ + - djm@cvs.openbsd.org 2006/03/30 10:41:25 + [ssh.c ssh_config.5] + add percent escape chars to the IdentityFile option, bz #1159 based + on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ + - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 + [ssh-keygen.c] + Correctly handle truncated files while converting keys; ok djm@ + - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 + [auth.c monitor.c] + Prevent duplicate log messages when privsep=yes; ok djm@ + - jmc@cvs.openbsd.org 2006/03/31 09:09:30 + [ssh_config.5] + kill trailing whitespace; + - djm@cvs.openbsd.org 2006/03/31 09:13:56 + [ssh_config.5] + remote user escape is %r not %h; spotted by jmc@ + 20060326 - OpenBSD CVS Sync - jakob@cvs.openbsd.org 2006/03/15 08:46:44 @@ -174,6 +535,21 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 [channels.c] delete cast not required + - djm@cvs.openbsd.org 2006/03/25 22:22:43 + [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] + [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] + [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] + [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] + [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] + [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] + [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] + [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] + [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] + [ttymodes.h uidswap.h uuencode.h xmalloc.h] + standardise spacing in $OpenBSD$ tags; requested by deraadt@ + - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 + [uuencode.c] + typo 20060325 - OpenBSD CVS Sync