X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/836d58d768c8821a3ff156552c419bc5eced6a6f..69538b0c680486cc60423b48f419583a9e5b4650:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 3d489d15..6857a03a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,87 @@ +20020515 + - (bal) CVS ID fix up on auth-passwd.c + - (bal) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2002/05/07 19:54:36 + [ssh.h] + use ssh uid + - deraadt@cvs.openbsd.org 2002/05/08 21:06:34 + [ssh.h] + move to sshd.sshd instead + - stevesk@cvs.openbsd.org 2002/05/11 20:24:48 + [ssh.h] + typo in comment + - itojun@cvs.openbsd.org 2002/05/13 02:37:39 + [auth-skey.c auth2.c] + less warnings. skey_{respond,query} are public (in auth.h) + +20020514 + - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. + - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to + match what newer style ptys have when allocated. Based on a patch by + Roger Cornelius + - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work. + - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8 + from PAM-enabled pragraph. UnixWare has no PAM. + - (tim) [contrib/caldera/openssh.spec] update version. + +20020513 + - (stevesk) add initial README.privsep + - (stevesk) [configure.ac] nicer message: --with-privsep-user=user + - (djm) Add --with-superuser-path=xxx configure option to specify + what $PATH the superuser receives. + - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. + - (djm) Add --with-privsep-path configure option + - (djm) Update RPM spec file: different superuser path, use + /var/empty/sshd for privsep + - (djm) Bug #234: missing readpassphrase declaration and defines + - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ + OpenSSL < 0.9.6 + +20020511 + - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. + Now only searches system and /usr/local/ssl (OpenSSL's default install path) + Others must use --with-ssl-dir=.... + - (tim) [monitor_fdpass.c] fix for systems that have both + HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h + has #define msg_accrights msg_control + +20020510 + - (stevesk) [auth.c] Shadow account and expiration cleanup. Now + check for root forced expire. Still don't check for inactive. + - (djm) Rework RedHat RPM files. Based on spec from Nalin + Dahyabhai and patches from + Pekka Savola + - (djm) Try to drop supplemental groups at daemon startup. Patch from + RedHat + - (bal) Back all the way out of auth-passwd.c changes. Breaks too many + things that don't set pw->pw_passwd. + +20020509 + - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep + +20020508 + - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is + called. Report by Chris Maxwell + - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile + - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) + +20020507 + - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] + Add truncate() emulation to address Bug 208 + +20020506 + - (djm) Unbreak auth-passwd.c for PAM and SIA + - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola + + - (djm) Don't reinitialise PAM credentials before we have started PAM. + Report from Pekka Savola + +20020506 + - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue + 20020501 - (djm) Import OpenBSD regression tests. Requires BSD make to run + - (djm) Fix readpassphase compilation for systems which have it 20020429 - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in @@ -10,7 +92,8 @@ 20020426 - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode during distprep only - - (djm) Disable PAM password expiry until a complete fix for bug #188 exists + - (djm) Disable PAM password expiry until a complete fix for bug #188 + exists - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on patch from openssh@misc.tecq.org @@ -83,21 +166,23 @@ 20020421 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). - entropy.c needs seteuid(getuid()) for the setuid(original_uid) to succeed. - Patch by gert@greenie.muc.de. This fixes one part of Bug 208 + entropy.c needs seteuid(getuid()) for the setuid(original_uid) to + succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208 20020418 - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from Sturle Sunde 20020417 - - (djm) Tell users to configure /dev/random support into OpenSSL in INSTALL + - (djm) Tell users to configure /dev/random support into OpenSSL in + INSTALL - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca - (tim) [configure.ac] Issue warning on --with-default-path=/some_path if LOGIN_CAP is enabled. Report & testing by Tuc 20020415 - - (djm) Unbreak "make install". Fix from Darren Tucker + - (djm) Unbreak "make install". Fix from Darren Tucker + - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen - (tim) [configure.ac] add tests for recvmsg and sendmsg. [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for @@ -135,7 +220,8 @@ - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/04/10 08:21:47 [auth1.c compat.c compat.h] - strip '@' from username only for KerbV and known broken clients, bug #204 + strip '@' from username only for KerbV and known broken clients, + bug #204 - markus@cvs.openbsd.org 2002/04/10 08:56:01 [version.h] OpenSSH_3.2 @@ -206,13 +292,15 @@ - (bal) OpenBSD CVS Sync (now for the real sync) - markus@cvs.openbsd.org 2002/03/27 22:21:45 [ssh-keygen.c] - try to import keys with extra trailing === (seen with ssh.com < 2.0.12) + try to import keys with extra trailing === (seen with ssh.com < + 2.0.12) - markus@cvs.openbsd.org 2002/03/28 15:34:51 [session.c] do not call record_login twice (for use_privsep) - markus@cvs.openbsd.org 2002/03/29 18:59:32 [session.c session.h] - retrieve last login time before the pty is allocated, store per session + retrieve last login time before the pty is allocated, store per + session - stevesk@cvs.openbsd.org 2002/03/29 19:16:22 [sshd.8] RSA key modulus size minimum 768; ok markus@ @@ -270,7 +358,8 @@ do not talk about packets in bufaux - rees@cvs.openbsd.org 2002/03/26 18:46:59 [scard.c] - try_AUT0 in read_pubkey too, for those paranoid few who want to acl 'sh' + try_AUT0 in read_pubkey too, for those paranoid few who want to + acl 'sh' - markus@cvs.openbsd.org 2002/03/26 22:50:39 [channels.h] CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too @@ -327,8 +416,9 @@ simplify num_identity_files handling - markus@cvs.openbsd.org 2002/03/25 21:13:51 [channels.c channels.h compat.c compat.h nchan.c] - don't send stderr data after EOF, accept this from older known (broken) - sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179 + don't send stderr data after EOF, accept this from older known + (broken) sshd servers only, fixes + http://bugzilla.mindrot.org/show_bug.cgi?id=179 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01 [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h] $OpenBSD$ @@ -366,7 +456,8 @@ indent - markus@cvs.openbsd.org 2002/03/14 15:24:27 [sshconnect1.c] - don't trust size sent by (rogue) server; noted by s.esser@e-matters.de + don't trust size sent by (rogue) server; noted by + s.esser@e-matters.de - markus@cvs.openbsd.org 2002/03/14 16:38:26 [sshd.c] split out ssh1 session key decryption; ok provos@ @@ -387,7 +478,8 @@ BSD license. from Daniel Kouril via Dug Song. ok markus@ - provos@cvs.openbsd.org 2002/03/17 20:25:56 [auth.c auth.h auth1.c auth2.c] - getpwnamallow returns struct passwd * only if user valid; okay markus@ + getpwnamallow returns struct passwd * only if user valid; + okay markus@ - provos@cvs.openbsd.org 2002/03/18 01:12:14 [auth.h auth1.c auth2.c sshd.c] have the authentication functions return the authentication context @@ -415,11 +507,12 @@ [compress.c] export compression streams for ssh-privsep - provos@cvs.openbsd.org 2002/03/18 17:50:31 - [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h - auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c - session.h servconf.h serverloop.c session.c sshd.c] - integrate privilege separated openssh; its turned off by default for now. - work done by me and markus@ + [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c] + [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c] + [kexgex.c servconf.c] + [session.h servconf.h serverloop.c session.c sshd.c] + integrate privilege separated openssh; its turned off by default + for now. work done by me and markus@ - provos@cvs.openbsd.org 2002/03/18 17:53:08 [sshd.8] credits for privsep @@ -445,9 +538,9 @@ [auth-options.c auth.h session.c session.h sshd.c] clean up prototypes - markus@cvs.openbsd.org 2002/03/19 10:49:35 - [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c - sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c - ttymodes.c] + [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h] + [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c] + [sshconnect2.c sshd.c ttymodes.c] KNF whitespace - markus@cvs.openbsd.org 2002/03/19 14:27:39 [auth.c auth1.c auth2.c] @@ -502,9 +595,9 @@ remove unused, sync w/ cmdline patch in my tree. 20020317 - - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, - warn if directory does not exist. Put system directories in front of - PATH for finding entorpy commands. + - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is + wanted, warn if directory does not exist. Put system directories in + front of PATH for finding entorpy commands. - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package build fixes. Patch by Darren Tucker [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have