X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/63ba3638af9ef8c7be3add1811a6eae57bc4e828..05114c7476ac506bb6129dee9df34c771cfce817:/ChangeLog diff --git a/ChangeLog b/ChangeLog index f1f62ebe..db8c13b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,295 @@ +20030510 + - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than + "make install". Patch by roth@feep.net. + - (dtucker) Bug #536: Test for and work around openpty/controlling tty + problem on Linux (fixes "could not set controlling tty" errors). + - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with + proper challenge-response module + +20030504 + - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h. + Patch from vinschen@redhat.com. + +20030503 + - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted + by wendyp@cray.com. + +20030502 + - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels, + privsep should now work. + - (dtucker) Move handling of bad password authentications into a platform + specific record_failed_login() function (affects AIX & Unicos). ok mouring@ + +20030429 + - (djm) Add back radix.o (used by AFS support), after it went missing from + Makefile many moons ago + - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer + - (djm) Fix blibpath specification for AIX/gcc + - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org + +20030428 + - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit + hacked code. + +20030427 + - (bal) Bug #541: return; was dropped by mistake. Reported by + furrier@iglou.com + - (bal) Since we don't support platforms lacking u_int_64. We may + as well clean out some of those evil #ifdefs + - (bal) auth1.c minor resync while looking at the code. + - (bal) auth2.c same changed as above. + +20030409 + - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report + from matth@eecs.berkeley.edu + - (djm) Make the spec work with Redhat 9.0 (which renames sharutils) + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/04/02 09:48:07 + [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] + [readconf.h serverloop.c sshconnect2.c] + reapply rekeying chage, tested by henning@, ok djm@ + - markus@cvs.openbsd.org 2003/04/02 14:36:26 + [ssh-keysign.c] + potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526 + - itojun@cvs.openbsd.org 2003/04/03 07:25:27 + [progressmeter.c] + $OpenBSD$ + - itojun@cvs.openbsd.org 2003/04/03 10:17:35 + [progressmeter.c] + remove $OpenBSD$, as other *.c does not have it. + - markus@cvs.openbsd.org 2003/04/07 08:29:57 + [monitor_wrap.c] + typo: get correct counters; introduced during rekeying change. + - millert@cvs.openbsd.org 2003/04/07 21:58:05 + [progressmeter.c] + The UCB copyright here is incorrect. This code did not originate + at UCB, it was written by Luke Mewburn. Updated the copyright at + the author's request. markus@ OK + - itojun@cvs.openbsd.org 2003/04/08 20:21:29 + [*.c *.h] + rename log() into logit() to avoid name conflict. markus ok, from + netbsd + - (djm) XXX - Performed locally using: + "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h" + - hin@cvs.openbsd.org 2003/04/09 08:23:52 + [servconf.c] + Don't include when compiling with Kerberos 5 support + - (djm) Fix up missing include for packet.c + - (djm) Fix missed log => logit occurance (reference by function pointer) + +20030402 + - (bal) if IP_TOS is not found or broken don't try to compile in + packet_set_tos() function call. bug #527 + +20030401 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2003/03/28 10:11:43 + [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] + [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] + - killed whitespace + - new sentence new line + - .Bk for arguments + ok markus@ + - markus@cvs.openbsd.org 2003/04/01 10:10:23 + [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] + [readconf.h serverloop.c sshconnect2.c] + rekeying bugfixes and automatic rekeying: + * both client and server rekey _automatically_ + (a) after 2^31 packets, because after 2^32 packets + the sequence number for packets wraps + (b) after 2^(blocksize_in_bits/4) blocks + (see: draft-ietf-secsh-newmodes-00.txt) + (a) and (b) are _enabled_ by default, and only disabled for known + openssh versions, that don't support rekeying properly. + * client option 'RekeyLimit' + * do not reply to requests during rekeying + - markus@cvs.openbsd.org 2003/04/01 10:22:21 + [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] + [readconf.h serverloop.c sshconnect2.c] + backout rekeying changes (for 3.6.1) + - markus@cvs.openbsd.org 2003/04/01 10:31:26 + [compat.c compat.h kex.c] + bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; + tested by ho@ and myself + - markus@cvs.openbsd.org 2003/04/01 10:56:46 + [version.h] + 3.6.1 + - (djm) Crank spec file versions + - (djm) Release 3.6.1p1 + +20030326 + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 + [sftp-server.c] + one last fix to the tree: race fix broke stuff; pr 3169; + srp@srparish.net, help from djm + +20030325 + - (djm) Fix getpeerid support for 64 bit BE systems. From + Arnd Bergmann + +20030324 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/23 19:02:00 + [monitor.c] + unbreak rekeying for privsep; ok millert@ + - Release 3.6p1 + - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. + Report from murple@murple.net, diagnosis from dtucker@zip.com.au + +20030320 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/17 10:38:38 + [progressmeter.c] + don't print \n if backgrounded; from ho@ + - markus@cvs.openbsd.org 2003/03/17 11:43:47 + [version.h] + enter 3.6 + - (bal) The days of lack of int64_t support are over. Sorry kids. + - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw' + - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved + guessing rules) + - (bal) Disable Privsep for Tru64 after pre-authentication due to issues + with SIA. Also, clean up of tru64 support patch by Chris Adams + + - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files + +20030318 + - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] + add nanosleep(). testing/corrections by Darren Tucker + +20030317 + - (djm) Fix return value checks for RAND_bytes. Report from + Steve G + +20030315 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/13 11:42:19 + [authfile.c ssh-keysign.c] + move RSA_blinding_on to generic key load method + - markus@cvs.openbsd.org 2003/03/13 11:44:50 + [ssh-agent.c] + ssh-agent is similar to ssh-keysign (allows other processes to use + private rsa keys). however, it gets key over socket and not from + a file, so we have to do blinding here as well. + +20030310 +- (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/05 22:33:43 + [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] + [sftp-server.c ssh-add.c sshconnect2.c] + fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@ + - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/ + CLOUSEAU + - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and + dtucker@zip.com.au + - (djm) AIX package builder update from dtucker@zip.com.au + +20030225 + - (djm) Fix some compile errors spotted by dtucker and his fabulous + tinderbox + +20030224 + - (djm) Tweak gnome-ssh-askpass2: + - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't + immediately fail if you are doing something else when it appears (e.g. + dragging a window) + - Perform server grab after we have the keyboard and/or pointer to avoid + races. + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/01/27 17:06:31 + [sshd.c] + more specific error message when /var/empty has wrong permissions; + bug #46, map@appgate.com; ok henning@, provos@, stevesk@ + - markus@cvs.openbsd.org 2003/01/28 16:11:52 + [scp.1] + document -l; pekkas@netcore.fi + - stevesk@cvs.openbsd.org 2003/01/28 17:24:51 + [scp.1] + remove example not pertinent with -1 addition; ok markus@ + - jmc@cvs.openbsd.org 2003/01/31 21:54:40 + [sshd.8] + typos; sshd(8): help and ok markus@ + help and ok millert@ + - markus@cvs.openbsd.org 2003/02/02 10:51:13 + [scp.c] + call okname() only when using system(3) for remote-remote copy; + fixes bugs #483, #472; ok deraadt@, mouring@ + - markus@cvs.openbsd.org 2003/02/02 10:56:08 + [kex.c] + add support for key exchange guesses; based on work by + avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@ + - markus@cvs.openbsd.org 2003/02/03 08:56:16 + [sshpty.c] + don't call error() for readonly /dev; from soekris list; ok mcbride, + henning, deraadt. + - markus@cvs.openbsd.org 2003/02/04 09:32:08 + [key.c] + better debug3 message + - markus@cvs.openbsd.org 2003/02/04 09:33:22 + [monitor.c monitor_wrap.c] + skey/bsdauth: use 0 to indicate failure instead of -1, because + the buffer API only supports unsigned ints. + - markus@cvs.openbsd.org 2003/02/05 09:02:28 + [readconf.c] + simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@ + - markus@cvs.openbsd.org 2003/02/06 09:26:23 + [session.c] + missing call to setproctitle() after authentication; ok provos@ + - markus@cvs.openbsd.org 2003/02/06 09:27:29 + [ssh.c ssh_config.5] + support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@ + - markus@cvs.openbsd.org 2003/02/06 09:29:18 + [sftp-server.c] + fix races in rename/symlink; from Tony Finch; ok djm@ + - markus@cvs.openbsd.org 2003/02/06 21:22:43 + [auth1.c auth2.c] + undo broken fix for #387, fixes #486 + - markus@cvs.openbsd.org 2003/02/10 11:51:47 + [ssh-add.1] + xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490 + - markus@cvs.openbsd.org 2003/02/12 09:33:04 + [key.c key.h ssh-dss.c ssh-rsa.c] + merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@ + - markus@cvs.openbsd.org 2003/02/12 21:39:50 + [crc32.c crc32.h] + replace crc32.c with a BSD licensed version; noted by David Turner + - markus@cvs.openbsd.org 2003/02/16 17:09:57 + [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] + split kex into client and server code, no need to link + server code into the client; ok provos@ + - markus@cvs.openbsd.org 2003/02/16 17:30:33 + [monitor.c monitor_wrap.c] + fix permitrootlogin forced-commands-only for privsep; bux #387; + ok provos@ + - markus@cvs.openbsd.org 2003/02/21 09:05:53 + [servconf.c] + print sshd_config filename in debug2 mode. + - mpech@cvs.openbsd.org 2003/02/21 10:34:48 + [auth-krb4.c] + ...sizeof(&adat.session) is not good here. + henning@, deraadt@, millert@ + - (djm) Add new object files to Makefile and reorder + - (djm) Bug #501: gai_strerror should return char*; + fix from dtucker@zip.com.au + - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter; + From vinschen@redhat.com + - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc + - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me; + From vinschen@redhat.com + - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com + +20030211 + - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com + +20030206 + - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a + string service name. Suggested by markus@, review by itojun@ + +20030131 + - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by + dtucker@zip.com.au + 20030130 - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au @@ -147,7 +439,7 @@ Based on fix from yoshfuji@linux-ipv6.org - (djm) Bug #442: Check for and deny access to accounts with locked passwords. Patch from dtucker@zip.com.au - - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes + - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch - (djm) Fix Bug #442 for PAM case - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based