X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8133364010712ae0ea0715184be24bb3d11b91c1..2e4fb373fccee2e5a296d484189169914f6e07d8:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 0e919a00..22ef4ac4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,180 @@
+20010314
+ - OpenBSD CVS Sync
+  - markus@cvs.openbsd.org 2001/03/13 17:34:42
+    [auth-options.c]
+    missing xfree, deny key on parse error; ok stevesk@
+  - djm@cvs.openbsd.org 2001/03/13 22:42:54
+    [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
+    sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
+
+20010313
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/12 22:02:02
+     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+     remove old key_fingerprint interface, s/_ex//
+
+20010312
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/11 13:25:36
+     [auth2.c key.c]
+     debug
+   - jakob@cvs.openbsd.org 2001/03/11 15:03:16
+     [key.c key.h]
+     add improved fingerprint functions. based on work by Carsten
+     Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
+   - jakob@cvs.openbsd.org 2001/03/11 15:04:16
+     [ssh-keygen.1 ssh-keygen.c]
+     print both md5, sha1 and bubblebabble fingerprints when using
+     ssh-keygen -l -v. ok markus@.
+   - jakob@cvs.openbsd.org 2001/03/11 15:13:09
+     [key.c]
+     cleanup & shorten some var names key_fingerprint_bubblebabble.
+   - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
+     [ssh-keygen.c]
+     KNF, and SHA1 binary output is just creeping featurism
+ - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
+   test if snprintf() supports %ll
+   add /dev to search path for PRNGD/EGD socket
+   fix my mistake in USER_PATH test program
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/11 18:29:51
+     [key.c]
+     style+cleanup
+   - markus@cvs.openbsd.org 2001/03/11 22:33:24
+     [ssh-keygen.1 ssh-keygen.c]
+     remove -v again. use -B instead for bubblebabble. make -B consistent
+     with -l and make -B work with /path/to/known_hosts. ok deraadt@
+ - (djm) Bump portable version number for generating test RPMs
+ - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
+ - (bal) Reorder includes in Makefile. 
+
+20010311
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/10 12:48:27
+     [sshconnect2.c]
+     ignore nonexisting private keys; report rjmooney@mediaone.net
+   - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
+     [readconf.c ssh_config]
+     default to SSH2, now that m68k runs fast
+   - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
+     [ttymodes.c ttymodes.h]
+     remove unused sgtty macros; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+     [compat.c compat.h sshconnect.c]
+     all known netscreen ssh versions, and older versions of OSU ssh cannot
+     handle password padding (newer OSU is fixed)
+ - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
+   make sure $bindir is in USER_PATH so scp will work
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/10 17:51:04
+     [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
+     add PreferredAuthentications
+
+20010310
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
+     [ssh-keygen.c]
+     create *.pub files with umask 0644, so that you can mv them to 
+     authorized_keys
+   - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
+     [sshd.c]
+     typo; slade@shore.net
+ - Removed log.o from sftp client.  Not needed.
+
+20010309
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
+     [auth1.c]
+     unused; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
+     [sftp.1]
+     spelling, cleanup; ok deraadt@
+   - markus@cvs.openbsd.org 2001/03/08 21:42:33
+     [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
+     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
+     no need to do enter passphrase or do expensive sign operations if the
+     server does not accept key).
+
+20010308
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/07 10:11:23
+     [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
+     Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
+     functions and small protocol change.
+   - markus@cvs.openbsd.org 2001/03/08 00:15:48
+     [readconf.c ssh.1]
+     turn off useprivilegedports by default. only rhost-auth needs
+     this. older sshd's may need this, too.
+ - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
+   Dirk Markwardt <D.Markwardt@tu-bs.de>
+
+20010307
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
+     [ssh-keyscan.c]
+     appease gcc
+   - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
+     [sftp-int.c sftp.1 sftp.c]
+     sftp -b batchfile; mouring@etoh.eviladmin.org
+   - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
+     [sftp.1]
+     order things
+   - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
+     [ssh.1 sshd.8]
+     the name "secure shell" is boring, noone ever uses it
+   - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
+     [ssh.1]
+     removed dated comment
+ - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
+
+20010306
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
+     [sshd.8]
+     alpha order; jcs@rt.fm
+   - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
+     [servconf.c]
+     sync error message; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+     [myproposal.h ssh.1]
+     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+     provos & markus ok
+   - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
+     [sshd.8]
+     detail default hmac setup too
+   - markus@cvs.openbsd.org 2001/03/05 17:17:21
+     [kex.c kex.h sshconnect2.c sshd.c]
+     generate a 2*need size (~300 instead of 1024/2048) random private
+     exponent during the DH key agreement. according to Niels (the great
+     german advisor) this is safe since /etc/primes contains strong
+     primes only.
+
+     References:
+             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
+             agreement with short exponents, In Advances in Cryptology
+             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
+   - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
+     [ssh.1]
+     more ssh_known_hosts2 documentation; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
+     [dh.c]
+     spelling
+   - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
+     [authfd.c cli.c ssh-agent.c]
+     EINTR/EAGAIN handling is required in more cases
+   - millert@cvs.openbsd.org 2001/03/06 01:06:03
+     [ssh-keyscan.c]
+     Don't assume we wil get the version string all in one read().
+     deraadt@ OK'd
+   - millert@cvs.openbsd.org 2001/03/06 01:08:27
+     [clientloop.c]
+     If read() fails with EINTR deal with it the same way we treat EAGAIN
+
 20010305
  - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
+ - (bal) CVS ID touch up on sftp-int.c 
+ - (bal) CVS ID touch up on uuencode.c
+ - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
  - (bal) OpenBSD CVS Sync
    - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
      [sshd.8]
@@ -10,6 +185,169 @@
    - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
      [authfile.c]
      improve fd handling
+   - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
+     [sftp-server.c]
+     careful with & and &&; markus ok
+   - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
+     [ssh.c]
+     -i supports DSA identities now; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
+     [servconf.c]
+     grammar; slade@shore.net
+   - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
+     [ssh-keygen.1 ssh-keygen.c]
+     document -d, and -t defaults to rsa1
+   - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
+     [ssh-keygen.1 ssh-keygen.c]
+     bye bye -d
+   - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
+     [sshd_config]
+     activate RSA 2 key
+   - markus@cvs.openbsd.org 2001/02/22 21:57:27
+     [ssh.1 sshd.8]
+     typos/grammar from matt@anzen.com
+   - markus@cvs.openbsd.org 2001/02/22 21:59:44
+     [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
+     use pwcopy in ssh.c, too
+   - markus@cvs.openbsd.org 2001/02/23 15:34:53
+     [serverloop.c]
+     debug2->3
+   - markus@cvs.openbsd.org 2001/02/23 18:15:13
+     [sshd.c]
+     the random session key depends now on the session_key_int
+     sent by the 'attacker'
+             dig1 = md5(cookie|session_key_int);
+             dig2 = md5(dig1|cookie|session_key_int);
+             fake_session_key = dig1|dig2;
+     this change is caused by a mail from anakin@pobox.com
+     patch based on discussions with my german advisor niels@openbsd.org
+   - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
+     [readconf.c]
+     look for id_rsa by default, before id_dsa
+   - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
+     [sshd_config]
+     ssh2 rsa key before dsa key
+   - markus@cvs.openbsd.org 2001/02/27 10:35:27
+     [packet.c]
+     fix random padding
+   - markus@cvs.openbsd.org 2001/02/27 11:00:11
+     [compat.c]
+     support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
+   - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
+     [misc.c]
+     pull in protos
+   - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
+     [sftp.c]
+     do not kill the subprocess on termination (we will see if this helps
+     things or hurts things)
+   - markus@cvs.openbsd.org 2001/02/28 08:45:39
+     [clientloop.c]
+     fix byte counts for ssh protocol v1
+   - markus@cvs.openbsd.org 2001/02/28 08:54:55
+     [channels.c nchan.c nchan.h]
+     make sure remote stderr does not get truncated.
+     remove closed fd's from the select mask.
+   - markus@cvs.openbsd.org 2001/02/28 09:57:07
+     [packet.c packet.h sshconnect2.c]
+     in ssh protocol v2 use ignore messages for padding (instead of
+     trailing \0).
+   - markus@cvs.openbsd.org 2001/02/28 12:55:07
+     [channels.c]
+     unify debug messages
+   - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
+     [misc.c]
+     for completeness, copy pw_gecos too
+   - markus@cvs.openbsd.org 2001/02/28 21:21:41
+     [sshd.c]
+     generate a fake session id, too
+   - markus@cvs.openbsd.org 2001/02/28 21:27:48
+     [channels.c packet.c packet.h serverloop.c]
+     use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
+     use random content in ignore messages.
+   - markus@cvs.openbsd.org 2001/02/28 21:31:32
+     [channels.c]
+     typo
+   - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
+     [authfd.c]
+     split line so that p will have an easier time next time around
+   - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
+     [ssh.c]
+     shorten usage by a line
+   - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
+     [auth-rsa.c auth2.c deattack.c packet.c]
+     KNF
+   - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
+     [cli.c cli.h rijndael.h ssh-keyscan.1]
+     copyright notices on all source files
+   - markus@cvs.openbsd.org 2001/03/01 22:46:37
+     [ssh.c]
+     don't truncate remote ssh-2 commands; from mkubita@securities.cz
+     use min, not max for logging, fixes overflow.
+   - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
+     [sshd.8]
+     explain SIGHUP better
+   - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
+     [sshd.8]
+     doc the dsa/rsa key pair files
+   - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
+     [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
+      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
+      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
+     make copyright lines the same format
+   - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
+     [ssh-keyscan.c]
+     standard theo sweep
+   - millert@cvs.openbsd.org 2001/03/03 21:19:41
+     [ssh-keyscan.c]
+     Dynamically allocate read_wait and its copies.  Since maxfd is
+     based on resource limits it is often (usually?) larger than FD_SETSIZE.
+   - millert@cvs.openbsd.org 2001/03/03 21:40:30
+     [sftp-server.c]
+     Dynamically allocate fd_set; deraadt@ OK
+   - millert@cvs.openbsd.org 2001/03/03 21:41:07
+     [packet.c]
+     Dynamically allocate fd_set; deraadt@ OK
+   - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
+     [sftp-server.c]
+     KNF
+   - markus@cvs.openbsd.org 2001/03/03 23:52:22
+     [sftp.c]
+     clean up arg processing. based on work by Christophe_Moret@hp.com
+   - markus@cvs.openbsd.org 2001/03/03 23:59:34
+     [log.c ssh.c]
+     log*.c -> log.c
+   - markus@cvs.openbsd.org 2001/03/04 00:03:59
+     [channels.c]
+     debug1->2
+   - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
+     [ssh.c]
+     add -m to usage; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
+     [sshd.8]
+     small cleanup and clarify for PermitRootLogin; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
+     [servconf.c sshd.8]
+     kill obsolete RandomSeed; ok markus@ deraadt@
+   - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
+     [sshd.8]
+     spelling
+   - millert@cvs.openbsd.org 2001/03/04 17:42:28
+     [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
+      ssh.c sshconnect.c sshd.c]
+     log functions should not be passed strings that end in newline as they
+     get passed on to syslog() and when logging to stderr, do_log() appends
+     its own newline.
+   - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
+     [sshd.8]
+     list SSH2 ciphers
+ - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
+ - (bal) Fix up logging since it changed.  removed log-*.c
+ - (djm) Fix up LOG_AUTHPRIV for systems that have it
+ - (stevesk) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
+     [ssh-keyscan.c]
+     skip inlining, why bother
+ - (stevesk) sftp.c: handle __progname
 
 20010304
  - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.