X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/b5171f93072b4cae66830e35b3a68c40dd63a37a..ecac8ee530080e8e3847ac1131e51e3e23385c89:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 6b80bb2b..1f976b76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,211 @@ +20020513 + - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH + the superuser receives. + - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. + - (djm) Add --with-privsep-path configure option + +20020511 + - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. + Now only searches system and /usr/local/ssl (OpenSSL's default install path) + Others must use --with-ssl-dir=.... + - (tim) [monitor_fdpass.c] fix for systems that have both + HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h has + #define msg_accrights msg_control + +20020510 + - (stevesk) [auth.c] Shadow account and expiration cleanup. Now + check for root forced expire. Still don't check for inactive. + - (djm) Rework RedHat RPM files. Based on spec from Nalin + Dahyabhai and patches from + Pekka Savola + - (djm) Try to drop supplemental groups at daemon startup. Patch from + RedHat + - (bal) Back all the way out of auth-passwd.c changes. Breaks too many + things that don't set pw->pw_passwd. + +20020509 + - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep + +20020508 + - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is + called. Report by Chris Maxwell + - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile + - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) + +20020507 + - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] + Add truncate() emulation to address Bug 208 + +20020506 + - (djm) Unbreak auth-passwd.c for PAM and SIA + - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola + + - (djm) Don't reinitialise PAM credentials before we have started PAM. + Report from Pekka Savola + +20020506 + - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue + +20020501 + - (djm) Import OpenBSD regression tests. Requires BSD make to run + - (djm) Fix readpassphase compilation for systems which have it + +20020429 + - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in + sshd_config. + - (tim) [contrib/cygwin/README] remove reference to regex. + patch from Corinna Vinschen + +20020426 + - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode + during distprep only + - (djm) Disable PAM password expiry until a complete fix for bug #188 exists + - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on + patch from openssh@misc.tecq.org + +20020425 + - (stevesk) [defines.h] remove USE_TIMEVAL; unused + - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26 + support. bug #184. most from dcole@keysoftsys.com. + +20020424 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/04/23 12:54:10 + [version.h] + 3.2.1 + - djm@cvs.openbsd.org 2002/04/23 22:16:29 + [sshd.c] + Improve error message; ok markus@ stevesk@ + +20020423 + - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX + - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused + - (markus) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/04/23 12:58:26 + [radix.c] + send complete ticket; semerad@ss1000.ms.mff.cuni.cz + - (djm) Trim ChangeLog to include only post-3.1 changes + - (djm) Update RPM spec file versions + - (djm) Redhat spec enables KrbV by default + - (djm) Applied OpenSC smartcard updates from Markus & + Antti Tapaninen + - (djm) Define BROKEN_REALPATH for AIX, patch from + Antti Tapaninen + - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from + Kevin Taylor (??) via Philipp Grau + + - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes. + Reported by Doug Manton + - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by + Robert Urban + - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid + sizeof(long long int) == 4 breakage. Patch from Matthew Clarke + + - (djm) Make privsep work with PAM (still experimental) + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2002/04/20 09:02:03 + [servconf.c] + No, afs requires explicit enabling + - markus@cvs.openbsd.org 2002/04/20 09:14:58 + [bufaux.c bufaux.h] + add buffer_{get,put}_short + - markus@cvs.openbsd.org 2002/04/20 09:17:19 + [radix.c] + rewrite using the buffer_* API, fixes overflow; ok deraadt@ + - stevesk@cvs.openbsd.org 2002/04/21 16:19:27 + [sshd.8 sshd_config] + document default AFSTokenPassing no; ok deraadt@ + - stevesk@cvs.openbsd.org 2002/04/21 16:25:06 + [sshconnect1.c] + spelling in error message; ok markus@ + - markus@cvs.openbsd.org 2002/04/22 06:15:47 + [radix.c] + fix check for overflow + - markus@cvs.openbsd.org 2002/04/22 16:16:53 + [servconf.c sshd.8 sshd_config] + do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@ + - markus@cvs.openbsd.org 2002/04/22 21:04:52 + [channels.c clientloop.c clientloop.h ssh.c] + request reply (success/failure) for -R style fwd in protocol v2, + depends on ordered replies. + fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@ + +20020421 + - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). + entropy.c needs seteuid(getuid()) for the setuid(original_uid) to succeed. + Patch by gert@greenie.muc.de. This fixes one part of Bug 208 + +20020418 + - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from + Sturle Sunde + +20020417 + - (djm) Tell users to configure /dev/random support into OpenSSL in INSTALL + - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca + - (tim) [configure.ac] Issue warning on --with-default-path=/some_path + if LOGIN_CAP is enabled. Report & testing by Tuc + +20020415 + - (djm) Unbreak "make install". Fix from Darren Tucker + - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen + - (tim) [configure.ac] add tests for recvmsg and sendmsg. + [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for + systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg. + +20020414 + - (djm) ssh-rand-helper improvements + - Add commandline debugging options + - Don't write binary data if stdout is a tty (use hex instead) + - Give it a manpage + - (djm) Random number collection doc fixes from Ben + +20020413 + - (djm) Add KrbV support patch from Simon Wilkinson + +20020412 + - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams + - (tim) [configure.ac] add to msghdr tests. Change -L + to -h on testing for /bin being symbolic link + - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by + Corinna Vinschen + - (bal) disable privsep if no MAP_ANON. We can re-enable it + after the release when we can do more testing. + +20020411 + - (stevesk) [auth-sia.c] cleanup + - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and + defines in defines.h [rijndael.c openbsd-compat/fake-socket.h + openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h" + ok stevesk@ + +20020410 + - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR + - (stevesk) [auth-sia.c] compile fix Chris Adams + - (bal) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/04/10 08:21:47 + [auth1.c compat.c compat.h] + strip '@' from username only for KerbV and known broken clients, bug #204 + - markus@cvs.openbsd.org 2002/04/10 08:56:01 + [version.h] + OpenSSH_3.2 + - Added p1 to idenify Portable release version. + +20020408 + - (bal) Minor OpenSC updates. Fix up header locations and update + README.smartcard provided by Juha Yrjölä + +20020407 + - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now. + Future: we may want to test if fd passing works correctly. + - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes + and no fd passing support. + - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in + monitor_mm.c + - (stevesk) remove configure support for poll.h; it was removed + from sshd.c a long time ago. + - (stevesk) --with-privsep-user; default sshd + - (stevesk) wrap munmap() with HAVE_MMAP also. + 20020406 - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann @@ -5,8 +213,8 @@ - (bal) OpenBSD CVS Sync - djm@cvs.openbsd.org 2002/04/06 00:30:08 [sftp-client.c] - Fix occasional corruption on upload due to bad reuse of request id, spotted - by chombier@mac.com; ok markus@ + Fix occasional corruption on upload due to bad reuse of request + id, spotted by chombier@mac.com; ok markus@ - mouring@cvs.openbsd.org 2002/04/06 18:24:09 [scp.c] Fixes potental double // within path. @@ -15,6 +223,8 @@ by Juha Yrjölä - (bal) Revered out of runtime IRIX detection of joblimits. Code is incomplete. + - (bal) Quiet down configure.ac if /bin/test does not exist. + - (bal) We no longer use atexit()/xatexit()/on_exit() 20020405 - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by @@ -363,7826 +573,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -20020307 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2002/03/06 00:20:54 - [compat.c dh.c] - compat.c - - markus@cvs.openbsd.org 2002/03/06 00:23:27 - [compat.c dh.c] - undo - - markus@cvs.openbsd.org 2002/03/06 00:24:39 - [compat.c] - compat.c - - markus@cvs.openbsd.org 2002/03/06 00:25:55 - [version.h] - OpenSSH_3.1 - - (djm) Update RPM spec files with new version number - - (bal) Updated INSTALL to reflect 0.9.6 OpenSSL requirement - - (bal) Add in check for rpc/types.h since it is needed on - some platforms for INADDR_LOOPBACK. We should retest - SCO 3 to see if this fixes their problem also. - - (bal) Test for IRIX JOBS support at runtime. Patch provided - by David Kaelbling - -20020305 - - stevesk@cvs.openbsd.org 2002/03/02 09:34:42 - [LICENCE] - correct copyright dates for scp license; ok markus@ - -20020304 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2002/02/26 18:52:32 - [sftp.1] - Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org - - mouring@cvs.openbsd.org 2002/02/26 19:04:37 - [sftp.1] - > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org - Last Ic on the first line should not have a space between it and the final - comma. - - deraadt@cvs.openbsd.org 2002/02/26 19:06:43 - [sftp.1] - no, look closely. the comma was highlighted. split .Ic even more - - stevesk@cvs.openbsd.org 2002/02/26 20:03:51 - [misc.c] - use socklen_t - - stevesk@cvs.openbsd.org 2002/02/27 21:23:13 - [canohost.c channels.c packet.c sshd.c] - remove unneeded casts in [gs]etsockopt(); ok markus@ - - markus@cvs.openbsd.org 2002/02/28 15:46:33 - [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c] - add some const EVP_MD for openssl-0.9.7 - - stevesk@cvs.openbsd.org 2002/02/28 19:36:28 - [auth.c match.c match.h] - delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers - for sshd -u0; ok markus@ - - stevesk@cvs.openbsd.org 2002/02/28 20:36:42 - [sshd.8] - DenyUsers allows user@host pattern also - - stevesk@cvs.openbsd.org 2002/02/28 20:46:10 - [sshd.8] - -u0 DNS for user@host - - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 - [auth.c] - log user not allowed details, from dwd@bell-labs.com; ok markus@ - - markus@cvs.openbsd.org 2002/03/01 13:12:10 - [auth.c match.c match.h] - undo the 'delay hostname lookup' change - match.c must not use compress.c (via canonhost.c/packet.c) - thanks to wilfried@ - - markus@cvs.openbsd.org 2002/03/04 12:43:06 - [auth-passwd.c auth-rh-rsa.c auth-rhosts.c] - - markus@cvs.openbsd.org 2002/03/04 13:10:46 - [misc.c] - error-> debug, because O_NONBLOCK for /dev/null causes too many different - errnos; ok stevesk@, deraadt@ - unused include - - stevesk@cvs.openbsd.org 2002/03/04 17:27:39 - [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h - channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h - groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h - servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h - uuencode.c xmalloc.h] - $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add - missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c - files. ok markus@ - - stevesk@cvs.openbsd.org 2002/03/04 18:30:23 - [ssh-keyscan.c] - handle connection close during read of protocol version string. - fixes erroneous "bad greeting". ok markus@ - - markus@cvs.openbsd.org 2002/03/04 19:37:58 - [channels.c] - off by one; thanks to joost@pine.nl - - (bal) Added contrib/aix/ to support BFF package generation provided - by Darren Tucker -20020226 - - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests - based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney) - Bug 45 [configure.ac] modify skey test to work around conflict with autoconf - reported by nolan@naic.edu (Michael Nolan) - patch by Pekka Savola - Bug 74 [configure.ac defines.h] add sig_atomic_t test - reported by dwd@bell-labs.com (Dave Dykstra) - Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com - [configure.ac Makefile.in] link libwrap only with sshd - based on patch by Maciej W. Rozycki - Bug 123 link libpam only with sshd - reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky) - [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7 - [acconfig.h] remove unused HAVE_REGCOMP - [configure.ac] put back in search for prngd-socket - - (stevesk) openbsd-compat/base64.h: typo in comment - - (bal) Update sshd_config CVSID - - (bal) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2002/02/15 23:54:10 - [auth-krb5.c] - krb5_get_err_text() does not like context==NULL; he@nordu.net via google; - ok provos@ - - markus@cvs.openbsd.org 2002/02/22 12:20:34 - [log.c log.h ssh-keyscan.c] - overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@ - - markus@cvs.openbsd.org 2002/02/23 17:59:02 - [kex.c kexdh.c kexgex.c] - don't allow garbage after payload. - - stevesk@cvs.openbsd.org 2002/02/24 16:09:52 - [sshd.c] - use u_char* here; ok markus@ - - markus@cvs.openbsd.org 2002/02/24 16:57:19 - [sftp-client.c] - early close(), missing free; ok stevesk@ - - markus@cvs.openbsd.org 2002/02/24 16:58:32 - [packet.c] - make 'cp' unsigned and merge with 'ucp'; ok stevesk@ - - markus@cvs.openbsd.org 2002/02/24 18:31:09 - [uuencode.c] - typo in comment - - markus@cvs.openbsd.org 2002/02/24 19:14:59 - [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h - ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] - signed vs. unsigned: make size arguments u_int, ok stevesk@ - - stevesk@cvs.openbsd.org 2002/02/24 19:59:42 - [channels.c misc.c] - disable Nagle in connect_to() and channel_post_port_listener() (port - forwarding endpoints). the intention is to preserve the on-the-wire - appearance to applications at either end; the applications can then - enable TCP_NODELAY according to their requirements. ok markus@ - - markus@cvs.openbsd.org 2002/02/25 16:33:27 - [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h] - more u_* fixes - - (bal) Imported missing fatal.c and fixed up Makefile.in - - (tim) [configure.ac] correction to Bug 123 fix - [configure.ac] correction to sig_atomic_t test - -20020225 - - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext() - since we need more session information than provided by that function. - -20020224 - - (bal) Drop Session *s usage in ports-aix.[ch] and pass just what we - need to do the jobs (AIX still does not fully compile, but that is - coming). - - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All - that is left is handling aix_usrinfo(). - - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84 - patch by wknox@mitre.org (William Knox). - [sshlogin.h] declare record_utmp_only for session.c - -20020221 - - (bal) Minor session.c fixup for cygwin. mispelt 'is_winnt' variable. - -20020219 - - (djm) OpenBSD CVS Sync - - mpech@cvs.openbsd.org 2002/02/13 08:33:47 - [ssh-keyscan.1] - When you give command examples and etc., in a manual page prefix them with: $ command - or - # command - - markus@cvs.openbsd.org 2002/02/14 23:27:59 - [channels.c] - increase the SSH v2 window size to 4 packets. comsumes a little - bit more memory for slow receivers but increases througput. - - markus@cvs.openbsd.org 2002/02/14 23:28:00 - [channels.h session.c ssh.c] - increase the SSH v2 window size to 4 packets. comsumes a little - bit more memory for slow receivers but increases througput. - - markus@cvs.openbsd.org 2002/02/14 23:41:01 - [authfile.c cipher.c cipher.h kex.c kex.h packet.c] - hide some more implementation details of cipher.[ch] and prepares for move - to EVP, ok deraadt@ - - stevesk@cvs.openbsd.org 2002/02/16 14:53:37 - [ssh-keygen.1] - -t required now for key generation - - stevesk@cvs.openbsd.org 2002/02/16 20:40:08 - [ssh-keygen.c] - default to rsa keyfile path for non key generation operations where - keyfile not specified. fixes core dump in those cases. ok markus@ - - millert@cvs.openbsd.org 2002/02/16 21:27:53 - [auth.h] - Part one of userland __P removal. Done with a simple regexp with - some minor hand editing to make comments line up correctly. Another - pass is forthcoming that handles the cases that could not be done - automatically. - - millert@cvs.openbsd.org 2002/02/17 19:42:32 - [auth.h] - Manual cleanup of remaining userland __P use (excluding packages - maintained outside the tree) - - markus@cvs.openbsd.org 2002/02/18 13:05:32 - [cipher.c cipher.h] - switch to EVP, ok djm@ deraadt@ - - markus@cvs.openbsd.org 2002/02/18 17:55:20 - [ssh.1] - -q: Fatal errors are _not_ displayed. - - deraadt@cvs.openbsd.org 2002/02/19 02:50:59 - [sshd_config] - stategy is not an english word - - (bal) Migrated IRIX jobs/projects/audit/etc code to - openbsd-compat/port-irix.[ch] to improve readiblity of do_child() - - (bal) Migrated AIX getuserattr and usrinfo code to - openbsd-compat/port-aix.[c] to improve readilbity of do_child() and - simplify our diffs against upstream source. - - (bal) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2002/02/15 23:11:26 - [session.c] - split do_child(), ok mouring@ - - markus@cvs.openbsd.org 2002/02/16 00:51:44 - [session.c] - typo - - (bal) CVS ID sync since the last two patches were merged mistakenly - -20020218 - - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess - -20020213 - - (djm) Don't use system sys/queue.h on AIX. Report from - gert@greenie.muc.de - - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users - -20020213 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2002/02/11 16:10:15 - [kex.c] - restore kexinit handler if we reset the dispatcher, this unbreaks - rekeying s/kex_clear_dispatch/kex_reset_dispatch/ - - markus@cvs.openbsd.org 2002/02/11 16:15:46 - [sshconnect1.c] - include md5.h, not evp.h - - markus@cvs.openbsd.org 2002/02/11 16:17:55 - [sshd.c] - do not complain about port > 1024 if rhosts-auth is disabled - - markus@cvs.openbsd.org 2002/02/11 16:19:39 - [sshd.c] - include md5.h not hmac.h - - markus@cvs.openbsd.org 2002/02/11 16:21:42 - [match.c] - support up to 40 algorithms per proposal - - djm@cvs.openbsd.org 2002/02/12 12:32:27 - [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c] - Perform multiple overlapping read/write requests in file transfer. Mostly - done by Tobias Ringstrom ; ok markus@ - - djm@cvs.openbsd.org 2002/02/12 12:44:46 - [sftp-client.c] - Let overlapped upload path handle servers which reorder ACKs. This may be - permitted by the protocol spec; ok markus@ - - markus@cvs.openbsd.org 2002/02/13 00:28:13 - [sftp-server.c] - handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@ - - markus@cvs.openbsd.org 2002/02/13 00:39:15 - [readpass.c] - readpass.c is not longer from UCB, since we now use readpassphrase(3) - - djm@cvs.openbsd.org 2002/02/13 00:59:23 - [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h] - [sftp-int.c sftp-int.h] - API cleanup and backwards compat for filexfer v.0 servers; ok markus@ - - (djm) Sync openbsd-compat with OpenBSD CVS too - - (djm) Bug #106: Add --without-rpath configure option. Patch from - Nicolas.Williams@ubsw.com - - (tim) [configure.ac, defines.h ] add rpc/rpc.h for INADDR_LOOPBACK - on SCO OSR3 - -20020210 - - (djm) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2002/02/09 17:37:34 - [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1] - move ssh config files to /etc/ssh - - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match - - deraadt@cvs.openbsd.org 2002/02/10 01:07:05 - [readconf.h sshd.8] - more /etc/ssh; openbsd@davidkrause.com - -20020208 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2002/02/04 12:15:25 - [sshd.c] - add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1, - fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@ - - stevesk@cvs.openbsd.org 2002/02/04 20:41:16 - [ssh-agent.1] - more sync for default ssh-add identities; ok markus@ - - djm@cvs.openbsd.org 2002/02/05 00:00:46 - [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c] - Add "-B" option to specify copy buffer length (default 32k); ok markus@ - - markus@cvs.openbsd.org 2002/02/05 14:32:55 - [channels.c channels.h ssh.c] - merge channel_request() into channel_request_start() - - markus@cvs.openbsd.org 2002/02/06 14:22:42 - [sftp.1] - sort options; ok mpech@, stevesk@ - - mpech@cvs.openbsd.org 2002/02/06 14:27:23 - [sftp.c] - sync usage() with manual. - - markus@cvs.openbsd.org 2002/02/06 14:37:22 - [session.c] - minor KNF - - markus@cvs.openbsd.org 2002/02/06 14:55:16 - [channels.c clientloop.c serverloop.c ssh.c] - channel_new never returns NULL, mouring@; ok djm@ - - markus@cvs.openbsd.org 2002/02/07 09:35:39 - [ssh.c] - remove bogus comments - -20020205 - - (djm) Cleanup after sync: - - :%s/reverse_mapping_check/verify_reverse_mapping/g - - (djm) OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2002/01/24 21:09:25 - [channels.c misc.c misc.h packet.c] - add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning). - no nagle changes just yet; ok djm@ markus@ - - stevesk@cvs.openbsd.org 2002/01/24 21:13:23 - [packet.c] - need misc.h for set_nodelay() - - markus@cvs.openbsd.org 2002/01/25 21:00:24 - [sshconnect2.c] - unused include - - markus@cvs.openbsd.org 2002/01/25 21:42:11 - [ssh-dss.c ssh-rsa.c] - use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ - don't use evp_md->md_size, it's not public. - - markus@cvs.openbsd.org 2002/01/25 22:07:40 - [kex.c kexdh.c kexgex.c key.c mac.c] - use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@ - - stevesk@cvs.openbsd.org 2002/01/26 16:44:22 - [includes.h session.c] - revert code to add x11 localhost display authorization entry for - hostname/unix:d and uts.nodename/unix:d if nodename was different than - hostname. just add entry for unix:d instead. ok markus@ - - stevesk@cvs.openbsd.org 2002/01/27 14:57:46 - [channels.c servconf.c servconf.h session.c sshd.8 sshd_config] - add X11UseLocalhost; ok markus@ - - stevesk@cvs.openbsd.org 2002/01/27 18:08:17 - [ssh.c] - handle simple case to identify FamilyLocal display; ok markus@ - - markus@cvs.openbsd.org 2002/01/29 14:27:57 - [ssh-add.c] - exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@ - - markus@cvs.openbsd.org 2002/01/29 14:32:03 - [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c] - [servconf.c servconf.h session.c sshd.8 sshd_config] - s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; - ok stevesk@ - - stevesk@cvs.openbsd.org 2002/01/29 16:29:02 - [session.c] - limit subsystem length in log; ok markus@ - - markus@cvs.openbsd.org 2002/01/29 16:41:19 - [ssh-add.1] - add DIAGNOSTICS; ok stevesk@ - - markus@cvs.openbsd.org 2002/01/29 22:46:41 - [session.c] - don't depend on servconf.c; ok djm@ - - markus@cvs.openbsd.org 2002/01/29 23:50:37 - [scp.1 ssh.1] - mention exit status; ok stevesk@ - - markus@cvs.openbsd.org 2002/01/31 13:35:11 - [kexdh.c kexgex.c] - cross check announced key type and type from key blob - - markus@cvs.openbsd.org 2002/01/31 15:00:05 - [serverloop.c] - no need for WNOHANG; ok stevesk@ - - markus@cvs.openbsd.org 2002/02/03 17:53:25 - [auth1.c serverloop.c session.c session.h] - don't use channel_input_channel_request and callback - use new server_input_channel_req() instead: - server_input_channel_req does generic request parsing on server side - session_input_channel_req handles just session specific things now - ok djm@ - - markus@cvs.openbsd.org 2002/02/03 17:55:55 - [channels.c channels.h] - remove unused channel_input_channel_request - - markus@cvs.openbsd.org 2002/02/03 17:58:21 - [channels.c channels.h ssh.c] - generic callbacks are not really used, remove and - add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION - ok djm@ - - markus@cvs.openbsd.org 2002/02/03 17:59:23 - [sshconnect2.c] - more cross checking if announced vs. used key type; ok stevesk@ - - stevesk@cvs.openbsd.org 2002/02/03 22:35:57 - [ssh.1 sshd.8] - some KeepAlive cleanup/clarify; ok markus@ - - stevesk@cvs.openbsd.org 2002/02/03 23:22:59 - [ssh-agent.1] - ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now. - - stevesk@cvs.openbsd.org 2002/02/04 00:53:39 - [ssh-agent.c] - unneeded includes - - markus@cvs.openbsd.org 2002/02/04 11:58:10 - [auth2.c] - cross checking of announced vs actual pktype in pubkey/hostbaed auth; - ok stevesk@ - - markus@cvs.openbsd.org 2002/02/04 12:15:25 - [log.c log.h readconf.c servconf.c] - add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1, - fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@ - - stevesk@cvs.openbsd.org 2002/02/04 20:41:16 - [ssh-add.1] - more sync for default ssh-add identities; ok markus@ - - djm@cvs.openbsd.org 2002/02/04 21:53:12 - [sftp.1 sftp.c] - Add "-P" option to directly connect to a local sftp-server. Should be - useful for regression testing; ok markus@ - - djm@cvs.openbsd.org 2002/02/05 00:00:46 - [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c] - Add "-B" option to specify copy buffer length (default 32k); ok markus@ - -20020130 - - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ - - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed. - [sshd_config] put back in line that tells what PATH was compiled into sshd. - -20020125 - - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't - and grabbing can cause deadlocks with kinput2. - -20020124 - - (stevesk) Makefile.in: bug #61; delete commented line for now. - -20020123 - - (djm) Fix non-standard shell syntax in autoconf. Patch from - Dave Dykstra - - (stevesk) fix --with-zlib= - - (djm) Use case statements in autoconf to clean up some tests - - (bal) reverted out of 5/2001 change to atexit(). I assume I - did it to handle SonyOS. If that is the case than we will - do a special case for them. - -20020122 - - (djm) autoconf hacking: - - We don't support --without-zlib currently, so don't allow it. - - Rework cryptographic random number support detection. We now detect - whether OpenSSL seeds itself. If it does, then we don't bother with - the ssh-rand-helper program. You can force the use of ssh-rand-helper - using the --with-rand-helper configure argument - - Simplify and clean up ssh-rand-helper configuration - - Add OpenSSL sanity check: verify that header version matches version - reported by library - - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2001/12/21 08:52:22 - [ssh-keygen.1 ssh-keygen.c] - Remove default (rsa1) key type; ok markus@ - - djm@cvs.openbsd.org 2001/12/21 08:53:45 - [readpass.c] - Avoid interruptable passphrase read; ok markus@ - - djm@cvs.openbsd.org 2001/12/21 10:06:43 - [ssh-add.1 ssh-add.c] - Try all standard key files (id_rsa, id_dsa, identity) when invoked with - no arguments; ok markus@ - - markus@cvs.openbsd.org 2001/12/21 12:17:33 - [serverloop.c] - remove ifdef for USE_PIPES since fdin != fdout; ok djm@ - - deraadt@cvs.openbsd.org 2001/12/24 07:29:43 - [ssh-add.c] - try all listed keys.. how did this get broken? - - markus@cvs.openbsd.org 2001/12/25 18:49:56 - [key.c] - be more careful on allocation - - markus@cvs.openbsd.org 2001/12/25 18:53:00 - [auth1.c] - be more carefull on allocation - - markus@cvs.openbsd.org 2001/12/27 18:10:29 - [ssh-keygen.c] - -t is only needed for key generation (unbreaks -i, -e, etc). - - markus@cvs.openbsd.org 2001/12/27 18:22:16 - [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c] - [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c] - call fatal() for openssl allocation failures - - stevesk@cvs.openbsd.org 2001/12/27 18:22:53 - [sshd.8] - clarify -p; ok markus@ - - markus@cvs.openbsd.org 2001/12/27 18:26:13 - [authfile.c] - missing include - - markus@cvs.openbsd.org 2001/12/27 19:37:23 - [dh.c kexdh.c kexgex.c] - always use BN_clear_free instead of BN_free - - markus@cvs.openbsd.org 2001/12/27 19:54:53 - [auth1.c auth.h auth-rh-rsa.c] - auth_rhosts_rsa now accept generic keys. - - markus@cvs.openbsd.org 2001/12/27 20:39:58 - [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h] - [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] - get rid of packet_integrity_check, use packet_done() instead. - - markus@cvs.openbsd.org 2001/12/28 12:14:27 - [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c] - [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c] - [ssh.c sshconnect1.c sshconnect2.c sshd.c] - s/packet_done/packet_check_eom/ (end-of-message); ok djm@ - - markus@cvs.openbsd.org 2001/12/28 13:57:33 - [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c] - packet_get_bignum* no longer returns a size - - markus@cvs.openbsd.org 2001/12/28 14:13:13 - [bufaux.c bufaux.h packet.c] - buffer_get_bignum: int -> void - - markus@cvs.openbsd.org 2001/12/28 14:50:54 - [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c] - [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c] - [sshconnect2.c sshd.c] - packet_read* no longer return the packet length, since it's not used. - - markus@cvs.openbsd.org 2001/12/28 15:06:00 - [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] - [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] - remove plen from the dispatch fn. it's no longer used. - - stevesk@cvs.openbsd.org 2001/12/28 22:37:48 - [ssh.1 sshd.8] - document LogLevel DEBUG[123]; ok markus@ - - stevesk@cvs.openbsd.org 2001/12/29 21:56:01 - [authfile.c channels.c compress.c packet.c sftp-server.c] - [ssh-agent.c ssh-keygen.c] - remove unneeded casts and some char->u_char cleanup; ok markus@ - - stevesk@cvs.openbsd.org 2002/01/03 04:11:08 - [ssh_config] - grammar in comment - - stevesk@cvs.openbsd.org 2002/01/04 17:59:17 - [readconf.c servconf.c] - remove #ifdef _PATH_XAUTH/#endif; ok markus@ - - stevesk@cvs.openbsd.org 2002/01/04 18:14:16 - [servconf.c sshd.8] - protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and - /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@ - - markus@cvs.openbsd.org 2002/01/05 10:43:40 - [channels.c] - fix hanging x11 channels for rejected cookies (e.g. - XAUTHORITY=/dev/null xbiff) bug #36, based on patch from - djast@cs.toronto.edu - - stevesk@cvs.openbsd.org 2002/01/05 21:51:56 - [ssh.1 sshd.8] - some missing and misplaced periods - - markus@cvs.openbsd.org 2002/01/09 13:49:27 - [ssh-keygen.c] - append \n only for public keys - - markus@cvs.openbsd.org 2002/01/09 17:16:00 - [channels.c] - merge channel_pre_open_15/channel_pre_open_20; ok provos@ - - markus@cvs.openbsd.org 2002/01/09 17:26:35 - [channels.c nchan.c] - replace buffer_consume(b, buffer_len(b)) with buffer_clear(b); - ok provos@ - - markus@cvs.openbsd.org 2002/01/10 11:13:29 - [serverloop.c] - skip client_alive_check until there are channels; ok beck@ - - markus@cvs.openbsd.org 2002/01/10 11:24:04 - [clientloop.c] - handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@ - - markus@cvs.openbsd.org 2002/01/10 12:38:26 - [nchan.c] - remove dead code (skip drain) - - markus@cvs.openbsd.org 2002/01/10 12:47:59 - [nchan.c] - more unused code (with channels.c:1.156) - - markus@cvs.openbsd.org 2002/01/11 10:31:05 - [packet.c] - handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@ - - markus@cvs.openbsd.org 2002/01/11 13:36:43 - [ssh2.h] - add defines for msg type ranges - - markus@cvs.openbsd.org 2002/01/11 13:39:36 - [auth2.c dispatch.c dispatch.h kex.c] - a single dispatch_protocol_error() that sends a message of - type 'UNIMPLEMENTED' - dispatch_range(): set handler for a ranges message types - use dispatch_protocol_ignore() for authentication requests after - successful authentication (the drafts requirement). - serverloop/clientloop now send a 'UNIMPLEMENTED' message instead - of exiting. - - markus@cvs.openbsd.org 2002/01/11 20:14:11 - [auth2-chall.c auth-skey.c] - use strlcpy not strlcat; mouring@ - - markus@cvs.openbsd.org 2002/01/11 23:02:18 - [readpass.c] - use _PATH_TTY - - markus@cvs.openbsd.org 2002/01/11 23:02:51 - [auth2-chall.c] - use snprintf; mouring@ - - markus@cvs.openbsd.org 2002/01/11 23:26:30 - [auth-skey.c] - use snprintf; mouring@ - - markus@cvs.openbsd.org 2002/01/12 13:10:29 - [auth-skey.c] - undo local change - - provos@cvs.openbsd.org 2002/01/13 17:27:07 - [ssh-agent.c] - change to use queue.h macros; okay markus@ - - markus@cvs.openbsd.org 2002/01/13 17:57:37 - [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] - use buffer API and avoid static strings of fixed size; - ok provos@/mouring@ - - markus@cvs.openbsd.org 2002/01/13 21:31:20 - [channels.h nchan.c] - add chan_set_[io]state(), order states, state is now an u_int, - simplifies debugging messages; ok provos@ - - markus@cvs.openbsd.org 2002/01/14 13:22:35 - [nchan.c] - chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@ - - markus@cvs.openbsd.org 2002/01/14 13:34:07 - [nchan.c] - merge chan_[io]buf_empty[12]; ok provos@ - - markus@cvs.openbsd.org 2002/01/14 13:40:10 - [nchan.c] - correct fn names for ssh2, do not switch from closed to closed; - ok provos@ - - markus@cvs.openbsd.org 2002/01/14 13:41:13 - [nchan.c] - remove duplicated code; ok provos@ - - markus@cvs.openbsd.org 2002/01/14 13:55:55 - [channels.c channels.h nchan.c] - remove function pointers for events, remove chan_init*; ok provos@ - - markus@cvs.openbsd.org 2002/01/14 13:57:03 - [channels.h nchan.c] - (c) 2002 - - markus@cvs.openbsd.org 2002/01/16 13:17:51 - [channels.c channels.h serverloop.c ssh.c] - wrapper for channel_setup_fwd_listener - - stevesk@cvs.openbsd.org 2002/01/16 17:40:23 - [sshd_config] - The stategy now used for options in the default sshd_config shipped - with OpenSSH is to specify options with their default value where - possible, but leave them commented. Uncommented options change a - default value. Subsystem is currently the only default option - changed. ok markus@ - - stevesk@cvs.openbsd.org 2002/01/16 17:42:33 - [ssh.1] - correct defaults for -i/IdentityFile; ok markus@ - - stevesk@cvs.openbsd.org 2002/01/16 17:55:33 - [ssh_config] - correct some commented defaults. add Ciphers default. ok markus@ - - stevesk@cvs.openbsd.org 2002/01/17 04:27:37 - [log.c] - casts to silence enum type warnings for bugzilla bug 37; ok markus@ - - stevesk@cvs.openbsd.org 2002/01/18 17:14:16 - [sshd.8] - correct Ciphers default; paola.mannaro@ubs.com - - stevesk@cvs.openbsd.org 2002/01/18 18:14:17 - [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c] - unneeded cast cleanup; ok markus@ - - stevesk@cvs.openbsd.org 2002/01/18 20:46:34 - [sshd.8] - clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from - allard@oceanpark.com; ok markus@ - - markus@cvs.openbsd.org 2002/01/21 15:13:51 - [sshconnect.c] - use read_passphrase+ECHO in confirm(), allows use of ssh-askpass - for hostkey confirm. - - markus@cvs.openbsd.org 2002/01/21 22:30:12 - [cipher.c compat.c myproposal.h] - remove "rijndael-*", just use "aes-" since this how rijndael is called - in the drafts; ok stevesk@ - - markus@cvs.openbsd.org 2002/01/21 23:27:10 - [channels.c nchan.c] - cleanup channels faster if the are empty and we are in drain-state; - ok deraadt@ - - stevesk@cvs.openbsd.org 2002/01/22 02:52:41 - [servconf.c] - typo in error message; from djast@cs.toronto.edu - - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h - changes - - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as - bogus in configure - - (djm) Use local sys/queue.h if necessary in ssh-agent.c - -20020121 - - (djm) Rework ssh-rand-helper: - - Reduce quantity of ifdef code, in preparation for ssh_rand_conf - - Always seed from system calls, even when doing PRNGd seeding - - Tidy and comment #define knobs - - Remove unused facility for multiple runs through command list - - KNF, cleanup, update copyright - -20020114 - - (djm) Bug #50 - make autoconf entropy path checks more robust - -20020108 - - (djm) Merge Cygwin copy_environment with do_pam_environment, removing - fixed env var size limit in the process. Report from Corinna Vinschen - - - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does - not depend on transition links. from Lutz Jaenicke. - -20020106 - - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u" - for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u". - -20020105 - - (bal) NCR requies use_pipes to operate correctly. - - (stevesk) fix spurious ; from NCR change. - -20020103 - - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from - Roger Cornelius - -20011229 - - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen - Could be abused to guess valid usernames - - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen - - -20011228 - - (djm) Remove recommendation to use GNU make, we should support most - make programs. - -20011225 - - (stevesk) [Makefile.in ssh-rand-helper.c] - portable lib and __progname support for ssh-rand-helper; ok djm@ - -20011223 - - (bal) Removed contrib/chroot.diff and noted in contrib/README that it - was not being maintained. - -20011222 - - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from - solar@openwall.com - - (djm) Rework entropy code. If the OpenSSL PRNG is has not been - internally seeded, execute a subprogram "ssh-rand-helper" to obtain - some entropy for us. Rewrite the old in-process entropy collecter as - an example ssh-rand-helper. - - (djm) Always perform ssh_prng_cmds path lookups in configure, even if - we don't end up using ssh_prng_cmds (so we always get a valid file) - -20011221 - - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X - server. I have found this necessary to avoid server hangs with X input - extensions (e.g. kinput2). Enable by setting the environment variable - "GNOME_SSH_ASKPASS_NOGRAB" - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/12/08 17:49:28 - [channels.c pathnames.h] - use only one path to X11 UNIX domain socket vs. an array of paths - to try. report from djast@cs.toronto.edu. ok markus@ - - markus@cvs.openbsd.org 2001/12/09 18:45:56 - [auth2.c auth2-chall.c auth.h] - add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions, - fixes memleak. - - stevesk@cvs.openbsd.org 2001/12/10 16:45:04 - [sshd.c] - possible fd leak on error; ok markus@ - - markus@cvs.openbsd.org 2001/12/10 20:34:31 - [ssh-keyscan.c] - check that server supports v1 for -t rsa1, report from wirth@dfki.de - - jakob@cvs.openbsd.org 2001/12/18 10:04:21 - [auth.h hostfile.c hostfile.h] - remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@ - - jakob@cvs.openbsd.org 2001/12/18 10:05:15 - [auth2.c] - log fingerprint on successful public key authentication; ok markus@ - - jakob@cvs.openbsd.org 2001/12/18 10:06:24 - [auth-rsa.c] - log fingerprint on successful public key authentication, simplify - usage of key structs; ok markus@ - - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 - [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] - [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] - [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] - [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] - [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] - [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] - [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] - [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] - basic KNF done while i was looking for something else - - markus@cvs.openbsd.org 2001/12/19 16:09:39 - [serverloop.c] - fix race between SIGCHLD and select with an additional pipe. writing - to the pipe on SIGCHLD wakes up select(). using pselect() is not - portable and siglongjmp() ugly. W. R. Stevens suggests similar solution. - initial idea by pmenage@ensim.com; ok deraadt@, djm@ - - stevesk@cvs.openbsd.org 2001/12/19 17:16:13 - [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c] - change the buffer/packet interface to use void* vs. char*; ok markus@ - - markus@cvs.openbsd.org 2001/12/20 16:37:29 - [channels.c channels.h session.c] - setup x11 listen socket for just one connect if the client requests so. - (v2 only, but the openssh client does not support this feature). - - djm@cvs.openbsd.org 2001/12/20 22:50:24 - [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] - [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] - [sshconnect2.c] - Conformance fix: we should send failing packet sequence number when - responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by - yakk@yakk.dot.net; ok markus@ - -20011219 - - (stevesk) OpenBSD CVS sync X11 localhost display - - stevesk@cvs.openbsd.org 2001/11/29 14:10:51 - [channels.h channels.c session.c] - sshd X11 fake server will now listen on localhost by default: - $ echo $DISPLAY - localhost:12.0 - $ netstat -an|grep 6012 - tcp 0 0 127.0.0.1.6012 *.* LISTEN - tcp6 0 0 ::1.6012 *.* LISTEN - sshd_config gatewayports=yes can be used to revert back to the old - behavior. will control this with another option later. ok markus@ - - stevesk@cvs.openbsd.org 2001/12/19 08:43:11 - [includes.h session.c] - handle utsname.nodename case for FamilyLocal X authorization; ok markus@ - -20011207 - - (bal) PCRE no longer required. Banished from the source along with - fake-regex.h - - (bal) OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/12/06 18:02:32 - [channels.c sshconnect.c] - shutdown(sock, SHUT_RDWR) not needed here; ok markus@ - - stevesk@cvs.openbsd.org 2001/12/06 18:09:23 - [channels.c session.c] - strncpy->strlcpy. remaining strncpy's are necessary. ok markus@ - - stevesk@cvs.openbsd.org 2001/12/06 18:20:32 - [channels.c] - disable nagle for X11 fake server and client TCPs. from netbsd. - ok markus@ - -20011206 - - (bal) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/11/14 20:45:08 - [sshd.c] - errno saving wrapping in a signal handler - - markus@cvs.openbsd.org 2001/11/16 12:46:13 - [ssh-keyscan.c] - handle empty lines instead of dumping core; report from sha@sha-1.net - - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 - [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] - enum/int type cleanup where it made sense to do so; ok markus@ - - markus@cvs.openbsd.org 2001/11/19 11:20:21 - [sshd.c] - fd leak on HUP; ok stevesk@ - - stevesk@cvs.openbsd.org 2001/11/19 18:40:46 - [ssh-agent.1] - clarify/state that private keys are not exposed to clients using the - agent; ok markus@ - - mpech@cvs.openbsd.org 2001/11/19 19:02:16 - [deattack.c radix.c] - kill more registers - millert@ ok - - markus@cvs.openbsd.org 2001/11/21 15:51:24 - [key.c] - mem leak - - stevesk@cvs.openbsd.org 2001/11/21 18:49:14 - [ssh-keygen.1] - more on passphrase construction; ok markus@ - - stevesk@cvs.openbsd.org 2001/11/22 05:27:29 - [ssh-keyscan.c] - don't use "\n" in fatal() - - markus@cvs.openbsd.org 2001/11/22 12:34:22 - [clientloop.c serverloop.c sshd.c] - volatile sig_atomic_t - - stevesk@cvs.openbsd.org 2001/11/29 19:06:39 - [channels.h] - remove dead function prototype; ok markus@ - - markus@cvs.openbsd.org 2001/11/29 22:08:48 - [auth-rsa.c] - fix protocol error: send 'failed' message instead of a 2nd challenge - (happens if the same key is in authorized_keys twice). - reported Ralf_Meister@genua.de; ok djm@ - - stevesk@cvs.openbsd.org 2001/11/30 20:39:28 - [ssh.c] - sscanf() length dependencies are clearer now; can also shrink proto - and data if desired, but i have not done that. ok markus@ - - markus@cvs.openbsd.org 2001/12/01 21:41:48 - [session.c sshd.8] - don't pass user defined variables to /usr/bin/login - - deraadt@cvs.openbsd.org 2001/12/02 02:08:32 - [sftp-common.c] - zap }; - - itojun@cvs.openbsd.org 2001/12/05 03:50:01 - [clientloop.c serverloop.c sshd.c] - deal with LP64 printf issue with sig_atomic_t. from thorpej - - itojun@cvs.openbsd.org 2001/12/05 03:56:39 - [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c - sshconnect2.c] - make it compile with more strict prototype checking - - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 - [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c - key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c - sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] - minor KNF - - markus@cvs.openbsd.org 2001/12/05 15:04:48 - [version.h] - post 3.0.2 - - markus@cvs.openbsd.org 2001/12/05 16:54:51 - [compat.c match.c match.h] - make theo and djm happy: bye bye regexp - - markus@cvs.openbsd.org 2001/12/06 13:30:06 - [servconf.c servconf.h sshd.8 sshd.c] - add -o to sshd, too. ok deraadt@ - - (bal) Minor white space fix up in servconf.c - -20011126 - - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c, - openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c] - Allow SSHD to install as service under WIndows 9x/Me - [configure.ac] Fix to allow linking against PCRE on Cygwin - Patches by Corinna Vinschen - -20011115 - - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian - Fix from markus@ - - (djm) Release 3.0.1p1 - -20011113 - - (djm) Fix early (and double) free of remote user when using Kerberos. - Patch from Simon Wilkinson - - (djm) AIX login{success,failed} changes. Move loginsuccess call to - do_authenticated. Call loginfailed for protocol 2 failures > MAX like - we do for protocol 1. Reports from Ralf Wenk , - K.Wolkersdorfer@fz-juelich.de and others - - (djm) OpenBSD CVS Sync - - dugsong@cvs.openbsd.org 2001/11/11 18:47:10 - [auth-krb5.c] - fix krb5 authorization check. found by . from - art@, deraadt@ ok - - markus@cvs.openbsd.org 2001/11/12 11:17:07 - [servconf.c] - enable authorized_keys2 again. tested by fries@ - - markus@cvs.openbsd.org 2001/11/13 02:03:57 - [version.h] - enter 3.0.1 - - (djm) Bump RPM package versions - -20011112 - - (djm) Makefile correctness fix from Mark D. Baushke - - (djm) Cygwin config patch from Corinna Vinschen - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/10/24 08:41:41 - [sshd.c] - mention remote port in debug message - - markus@cvs.openbsd.org 2001/10/24 08:41:20 - [ssh.c] - remove unused - - markus@cvs.openbsd.org 2001/10/24 08:51:35 - [clientloop.c ssh.c] - ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@ - - markus@cvs.openbsd.org 2001/10/24 19:57:40 - [clientloop.c] - make ~& (backgrounding) work again for proto v1; add support ~& for v2, too - - markus@cvs.openbsd.org 2001/10/25 21:14:32 - [ssh-keygen.1 ssh-keygen.c] - better docu for fingerprinting, ok deraadt@ - - markus@cvs.openbsd.org 2001/10/29 19:27:15 - [sshconnect2.c] - hostbased: check for client hostkey before building chost - - markus@cvs.openbsd.org 2001/10/30 20:29:09 - [ssh.1] - ssh.1 - - markus@cvs.openbsd.org 2001/11/07 16:03:17 - [packet.c packet.h sshconnect2.c] - pad using the padding field from the ssh2 packet instead of sending - extra ignore messages. tested against several other ssh servers. - - markus@cvs.openbsd.org 2001/11/07 21:40:21 - [ssh-rsa.c] - ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported - - markus@cvs.openbsd.org 2001/11/07 22:10:28 - [ssh-dss.c ssh-rsa.c] - missing free and sync dss/rsa code. - - markus@cvs.openbsd.org 2001/11/07 22:12:01 - [sshd.8] - s/Keepalive/KeepAlive/; from openbsd@davidkrause.com - - markus@cvs.openbsd.org 2001/11/07 22:41:51 - [auth2.c auth-rh-rsa.c] - unused includes - - markus@cvs.openbsd.org 2001/11/07 22:53:21 - [channels.h] - crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com - - markus@cvs.openbsd.org 2001/11/08 10:51:08 - [readpass.c] - don't strdup too much data; from gotoh@taiyo.co.jp; ok millert. - - markus@cvs.openbsd.org 2001/11/08 17:49:53 - [ssh.1] - mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@ - - markus@cvs.openbsd.org 2001/11/08 20:02:24 - [auth.c] - don't print ROOT in CAPS for the authentication messages, i.e. - Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2 - becomes - Accepted publickey for root from 127.0.0.1 port 42734 ssh2 - - markus@cvs.openbsd.org 2001/11/09 18:59:23 - [clientloop.c serverloop.c] - don't memset too much memory, ok millert@ - original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com - - markus@cvs.openbsd.org 2001/11/10 13:19:45 - [sshd.c] - cleanup libwrap support (remove bogus comment, bogus close(), add - debug, etc). - - markus@cvs.openbsd.org 2001/11/10 13:22:42 - [ssh-rsa.c] - KNF (unexpand) - - markus@cvs.openbsd.org 2001/11/10 13:37:20 - [packet.c] - remove extra debug() - - markus@cvs.openbsd.org 2001/11/11 13:02:31 - [servconf.c] - make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if - AuthorizedKeysFile is specified. - - (djm) Reorder portable-specific server options so that they come first. - This should help reduce diff collisions for new server options (as they - will appear at the end) - -20011109 - - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) - if permit_empty_passwd == 0 so null password check cannot be bypassed. - jayaraj@amritapuri.com OpenBSD bug 2168 - - markus@cvs.openbsd.org 2001/11/09 19:08:35 - [sshd.c] - remove extra trailing dot from log message; pilot@naughty.monkey.org - -20011103 - - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates - from Raymund Will - [acconfig.h configure.in] Clean up login checks. - Problem reported by Jim Knoble - -20011101 - - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free) - -20011031 - - (djm) Unsmoke drugs: config files should be noreplace. - -20011030 - - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6 - by default (can force IPv4 using --define "noipv6 1") - -20011029 - - (tim) [TODO defines.h loginrec.c] Change the references to configure.in - to configure.ac - -20011028 - - (djm) Avoid bug in Solaris PAM libs - - (djm) Disconnect if no tty and PAM reports password expired - - (djm) Fix for PAM password changes being echoed (from stevesk) - - (stevesk) Fix compile problem with PAM password change fix - - (stevesk) README: zlib location is http://www.gzip.org/zlib/ - -20011027 - - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb) - Patch by Robert Dahlem - -20011026 - - (bal) Set the correct current time in login_utmp_only(). Patch by - Wayne Davison - - (tim) [scard/Makefile.in] Fix install: when building outside of source - tree and using --src=/full_path/to/openssh - Patch by Mark D. Baushke - -20011025 - - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch - by todd@ - - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and - tcp-wrappers precedence over system libraries and includes. - Report from Dave Dykstra - -20011024 - - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already. - - (tim) configure.in -> configure.ac - -20011023 - - (bal) Updated version to 3.0p1 in preparing for release. - - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform. - - (tim) [configure.in] Fix test for broken dirname. Based on patch from - Dave Dykstra . Remove un-needed test for zlib.h. - [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec, - contrib/suse/openssh.spec] Update version to match version.h - -20011022 - - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open). - Report from Michal Zalewski - -20011021 - - (tim) [configure.in] Clean up library testing. Add optional PATH to - --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on - patch by albert chin (china@thewrittenword.com) - Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading - of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE - with AC_CHECK_MEMBERS. Add test for broken dirname() on - Solaris 2.5.1 by Dan Astoorian - [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test. - patch by albert chin (china@thewrittenword.com) - [scp.c] Replace obsolete HAVE_ST_BLKSIZE with - HAVE_STRUCT_STAT_ST_BLKSIZE. - [Makefile.in] When running make in top level, always do make - in openbsd-compat. patch by Dave Dykstra - -20011019 - - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by - Zoran Milojevic and j.petersen@msh.de - -20011012 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/10/10 22:18:47 - [channels.c channels.h clientloop.c nchan.c serverloop.c] - [session.c session.h] - try to keep channels open until an exit-status message is sent. - don't kill the login shells if the shells stdin/out/err is closed. - this should now work: - ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ? - - markus@cvs.openbsd.org 2001/10/11 13:45:21 - [session.c] - delay detach of session if a channel gets closed but the child is - still alive. however, release pty, since the fd's to the child are - already closed. - - markus@cvs.openbsd.org 2001/10/11 15:24:00 - [clientloop.c] - clear select masks if we return before calling select(). - - (djm) "make veryclean" fix from Tom Holroyd - - (djm) Clean some autoconf-2.52 junk when doing "make distclean" - - (djm) Cleanup sshpty.c a little - - (bal) First wave of contrib/solaris/ package upgrades. Still more - work needs to be done, but it is a 190% better then the stuff we - had before! - - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not - set right. - -20011010 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/10/04 14:34:16 - [key.c] - call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com - - markus@cvs.openbsd.org 2001/10/04 15:05:40 - [channels.c serverloop.c] - comment out bogus conditions for selecting on connection_in - - markus@cvs.openbsd.org 2001/10/04 15:12:37 - [serverloop.c] - client_alive_check cleanup - - markus@cvs.openbsd.org 2001/10/06 00:14:50 - [sshconnect.c] - remove unused argument - - markus@cvs.openbsd.org 2001/10/06 00:36:42 - [session.c] - fix typo in error message, sync with do_exec_nopty - - markus@cvs.openbsd.org 2001/10/06 11:18:19 - [sshconnect1.c sshconnect2.c sshconnect.c] - unify hostkey check error messages, simplify prompt. - - markus@cvs.openbsd.org 2001/10/07 10:29:52 - [authfile.c] - grammer; Matthew_Clarke@mindlink.bc.ca - - markus@cvs.openbsd.org 2001/10/07 17:49:40 - [channels.c channels.h] - avoid possible FD_ISSET overflow for channels established - during channnel_after_select() (used for dynamic channels). - - markus@cvs.openbsd.org 2001/10/08 11:48:57 - [channels.c] - better debug - - markus@cvs.openbsd.org 2001/10/08 16:15:47 - [sshconnect.c] - use correct family for -b option - - markus@cvs.openbsd.org 2001/10/08 19:05:05 - [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c] - some more IPv4or6 cleanup - - markus@cvs.openbsd.org 2001/10/09 10:12:08 - [session.c] - chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu - - markus@cvs.openbsd.org 2001/10/09 19:32:49 - [session.c] - stat subsystem command before calling do_exec, and return error to client. - - markus@cvs.openbsd.org 2001/10/09 19:51:18 - [serverloop.c] - close all channels if the connection to the remote host has been closed, - should fix sshd's hanging with WCHAN==wait - - markus@cvs.openbsd.org 2001/10/09 21:59:41 - [channels.c channels.h serverloop.c session.c session.h] - simplify session close: no more delayed session_close, no more - blocking wait() calls. - - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c - - (bal) seed_init() and seed_rng() required in ssh-keyscan.c - -20011007 - - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys. - Prompted by Matthew Vernon - -20011005 - - (bal) AES works under Cray, no more hack. - -20011004 - - (bal) nchan2.ms resync. BSD License applied. - -20011003 - - (bal) CVS ID fix up in version.h - - (bal) OpenBSD CVS Sync: - - markus@cvs.openbsd.org 2001/09/27 11:58:16 - [compress.c] - mem leak; chombier@mac.com - - markus@cvs.openbsd.org 2001/09/27 11:59:37 - [packet.c] - missing called=1; chombier@mac.com - - markus@cvs.openbsd.org 2001/09/27 15:31:17 - [auth2.c auth2-chall.c sshconnect1.c] - typos; from solar - - camield@cvs.openbsd.org 2001/09/27 17:53:24 - [sshd.8] - don't talk about compile-time options - ok markus@ - - djm@cvs.openbsd.org 2001/09/28 12:07:09 - [ssh-keygen.c] - bzero private key after loading to smartcard; ok markus@ - - markus@cvs.openbsd.org 2001/09/28 15:46:29 - [ssh.c] - bug: read user config first; report kaukasoi@elektroni.ee.tut.fi - - markus@cvs.openbsd.org 2001/10/01 08:06:28 - [scp.c] - skip filenames containing \n; report jdamery@chiark.greenend.org.uk - and matthew@debian.org - - markus@cvs.openbsd.org 2001/10/01 21:38:53 - [channels.c channels.h ssh.c sshd.c] - remove ugliness; vp@drexel.edu via angelos - - markus@cvs.openbsd.org 2001/10/01 21:51:16 - [readconf.c readconf.h ssh.1 sshconnect.c] - add NoHostAuthenticationForLocalhost; note that the hostkey is - now check for localhost, too. - - djm@cvs.openbsd.org 2001/10/02 08:38:50 - [ssh-add.c] - return non-zero exit code on error; ok markus@ - - stevesk@cvs.openbsd.org 2001/10/02 22:56:09 - [sshd.c] - #include "channels.h" for channel_set_af() - - markus@cvs.openbsd.org 2001/10/03 10:01:20 - [auth.c] - use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp - -20011001 - - (stevesk) loginrec.c: fix type conversion problems exposed when using - 64-bit off_t. - -20010929 - - (bal) move reading 'config.h' up higher. Patch by albert chin - and - Redhat - - (djm) Redhat initscript config sanity checking from Pekka Savola - - - (djm) Clear supplemental groups at sshd start to prevent them from - being propogated to random PAM modules. Based on patch from Redhat via - Pekka Savola - - (djm) Make sure rijndael.c picks config.h - - (djm) Ensure that u_char gets defined - -20010914 - - (bal) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/09/13 - [rijndael.c rijndael.h] - missing $OpenBSD - - markus@cvs.openbsd.org 2001/09/14 - [session.c] - command=xxx overwrites subsystems, too - - markus@cvs.openbsd.org 2001/09/14 - [sshd.c] - typo - -20010913 - - (bal) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/08/23 11:31:59 - [cipher.c cipher.h] - switch to the optimised AES reference code from - http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip - -20010912 - - (bal) OpenBSD CVS Sync - - jakob@cvs.openbsd.org 2001/08/16 19:18:34 - [servconf.c servconf.h session.c sshd.8] - deprecate CheckMail. ok markus@ - - stevesk@cvs.openbsd.org 2001/08/16 20:14:57 - [ssh.1 sshd.8] - document case sensitivity for ssh, sshd and key file - options and arguments; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/17 18:59:47 - [servconf.h] - typo in comment - - stevesk@cvs.openbsd.org 2001/08/21 21:47:42 - [ssh.1 sshd.8] - minor typos and cleanup - - stevesk@cvs.openbsd.org 2001/08/22 16:21:21 - [ssh.1] - hostname not optional; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/22 16:30:02 - [sshd.8] - no rexd; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/22 17:45:16 - [ssh.1] - document cipher des for protocol 1; ok deraadt@ - - camield@cvs.openbsd.org 2001/08/23 17:59:31 - [sshd.c] - end request with 0, not NULL - ok markus@ - - stevesk@cvs.openbsd.org 2001/08/23 18:02:48 - [ssh-agent.1] - fix usage; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/23 18:08:59 - [ssh-add.1 ssh-keyscan.1] - minor cleanup - - danh@cvs.openbsd.org 2001/08/27 22:02:13 - [ssh-keyscan.c] - fix memory fault if non-existent filename is given to the -f option - ok markus@ - - markus@cvs.openbsd.org 2001/08/28 09:51:26 - [readconf.c] - don't set DynamicForward unless Host matches - - markus@cvs.openbsd.org 2001/08/28 15:39:48 - [ssh.1 ssh.c] - allow: ssh -F configfile host - - markus@cvs.openbsd.org 2001/08/29 20:44:03 - [scp.c] - clear the malloc'd buffer, otherwise source() will leak malloc'd - memory; ok theo@ - - stevesk@cvs.openbsd.org 2001/08/29 23:02:21 - [sshd.8] - add text about -u0 preventing DNS requests; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/29 23:13:10 - [ssh.1 ssh.c] - document -D and DynamicForward; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/29 23:27:23 - [ssh.c] - validate ports for -L/-R; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/29 23:39:40 - [ssh.1 sshd.8] - additional documentation for GatewayPorts; ok markus@ - - naddy@cvs.openbsd.org 2001/08/30 15:42:36 - [ssh.1] - add -D to synopsis line; ok markus@ - - stevesk@cvs.openbsd.org 2001/08/30 16:04:35 - [readconf.c ssh.1] - validate ports for LocalForward/RemoteForward. - add host/port alternative syntax for IPv6 (like -L/-R). - ok markus@ - - stevesk@cvs.openbsd.org 2001/08/30 20:36:34 - [auth-options.c sshd.8] - validate ports for permitopen key file option. add host/port - alternative syntax for IPv6. ok markus@ - - markus@cvs.openbsd.org 2001/08/30 22:22:32 - [ssh-keyscan.c] - do not pass pointers to longjmp; fix from wayne@blorf.net - - markus@cvs.openbsd.org 2001/08/31 11:46:39 - [sshconnect2.c] - disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST - messages - - stevesk@cvs.openbsd.org 2001/09/03 20:58:33 - [readconf.c readconf.h ssh.c] - fatal() for nonexistent -Fssh_config. ok markus@ - - deraadt@cvs.openbsd.org 2001/09/05 06:23:07 - [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1] - avoid first person in manual pages - - stevesk@cvs.openbsd.org 2001/09/12 18:18:25 - [scp.c] - don't forward agent for non third-party copies; ok markus@ - -20010815 - - (bal) Fixed stray code in readconf.c that went in by mistake. - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/08/07 10:37:46 - [authfd.c authfd.h] - extended failure messages from galb@vandyke.com - - deraadt@cvs.openbsd.org 2001/08/08 07:16:58 - [scp.1] - when describing the -o option, give -o Protocol=1 as the specific example - since we are SICK AND TIRED of clueless people who cannot have difficulty - thinking on their own. - - markus@cvs.openbsd.org 2001/08/08 18:20:15 - [uidswap.c] - permanently_set_uid is a noop if user is not privilegued; - fixes bug on solaris; from sbi@uchicago.edu - - markus@cvs.openbsd.org 2001/08/08 21:34:19 - [uidswap.c] - undo last change; does not work for sshd - - jakob@cvs.openbsd.org 2001/08/11 22:51:27 - [ssh.c tildexpand.c] - fix more paths beginning with "//"; . - ok markus@ - - stevesk@cvs.openbsd.org 2001/08/13 23:38:54 - [scp.c] - don't need main prototype (also sync with rcp); ok markus@ - - markus@cvs.openbsd.org 2001/08/14 09:23:02 - [sftp.1 sftp-int.c] - "bye"; hk63a@netscape.net - - stevesk@cvs.openbsd.org 2001/08/14 17:54:29 - [scp.1 sftp.1 ssh.1] - consistent documentation and example of ``-o ssh_option'' for sftp and - scp; document keyword=argument for ssh. - - (bal) QNX resync. OK tim@ - -20010814 - - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup - for some #ifdef _CRAY code; ok wendyp@cray.com - - (stevesk) sshpty.c: return 0 on error in cray pty code; - ok wendyp@cray.com - - (stevesk) bsd-cray.c: utmp strings are not C strings - - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com - -20010812 - - (djm) Fix detection of long long int support. Based on patch from - Michael Stone . ok stevesk, tim - -20010808 - - (bal) Minor correction to inet_ntop.h. _BSD_RRESVPORT_H should be - _BSD_INET_NTOP_H. Pointed out by Mark Miller - -20010807 - - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in - openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back - in. Needed for sshconnect.c - [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines - [configure.in] make tests with missing libraries fail - patch by Wendy Palm - Added openbsd-compat/bsd-cray.h. Selective patches from - William L. Jones - -20010806 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/07/22 21:32:27 - [sshpty.c] - update comment - - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42 - [ssh.1] - There is no option "Compress", point to "Compression" instead; ok - markus - - markus@cvs.openbsd.org 2001/07/22 22:04:19 - [readconf.c ssh.1] - enable challenge-response auth by default; ok millert@ - - markus@cvs.openbsd.org 2001/07/22 22:24:16 - [sshd.8] - Xr login.conf - - markus@cvs.openbsd.org 2001/07/23 09:06:28 - [sshconnect2.c] - reorder default sequence of userauth methods to match ssh behaviour: - hostbased,publickey,keyboard-interactive,password - - markus@cvs.openbsd.org 2001/07/23 12:47:05 - [ssh.1] - sync PreferredAuthentications - - aaron@cvs.openbsd.org 2001/07/23 14:14:18 - [ssh-keygen.1] - Fix typo. - - stevesk@cvs.openbsd.org 2001/07/23 18:14:58 - [auth2.c auth-rsa.c] - use %lu; ok markus@ - - stevesk@cvs.openbsd.org 2001/07/23 18:21:46 - [xmalloc.c] - no zero size xstrdup() error; ok markus@ - - markus@cvs.openbsd.org 2001/07/25 11:59:35 - [scard.c] - typo in comment - - markus@cvs.openbsd.org 2001/07/25 14:35:18 - [readconf.c ssh.1 ssh.c sshconnect.c] - cleanup connect(); connection_attempts 4 -> 1; from - eivind@freebsd.org - - stevesk@cvs.openbsd.org 2001/07/26 17:18:22 - [sshd.8 sshd.c] - add -t option to test configuration file and keys; pekkas@netcore.fi - ok markus@ - - rees@cvs.openbsd.org 2001/07/26 20:04:27 - [scard.c ssh-keygen.c] - Inquire Cyberflex class for 0xf0 cards - change aid to conform to 7816-5 - remove gratuitous fid selects - - millert@cvs.openbsd.org 2001/07/27 14:50:45 - [ssh.c] - If smart card support is compiled in and a smart card is being used - for authentication, make it the first method used. markus@ OK - - deraadt@cvs.openbsd.org 2001/07/27 17:26:16 - [scp.c] - shorten lines - - markus@cvs.openbsd.org 2001/07/28 09:21:15 - [sshd.8] - cleanup some RSA vs DSA vs SSH1 vs SSH2 notes - - mouring@cvs.openbsd.org 2001/07/29 17:02:46 - [scp.1] - Clarified -o option in scp.1 OKed by Markus@ - - jakob@cvs.openbsd.org 2001/07/30 16:06:07 - [scard.c scard.h] - better errorcodes from sc_*; ok markus@ - - stevesk@cvs.openbsd.org 2001/07/30 16:23:30 - [rijndael.c rijndael.h] - new BSD-style license: - Brian Gladman : - >I have updated my code at: - >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm - >with a copyright notice as follows: - >[...] - >I am not sure which version of my old code you are using but I am - >happy for the notice above to be substituted for my existing copyright - >intent if this meets your purpose. - - jakob@cvs.openbsd.org 2001/07/31 08:41:10 - [scard.c] - do not complain about missing smartcards. ok markus@ - - jakob@cvs.openbsd.org 2001/07/31 09:28:44 - [readconf.c readconf.h ssh.1 ssh.c] - add 'SmartcardDevice' client option to specify which smartcard device - is used to access a smartcard used for storing the user's private RSA - key. ok markus@. - - jakob@cvs.openbsd.org 2001/07/31 12:42:50 - [sftp-int.c sftp-server.c] - avoid paths beginning with "//"; - ok markus@ - - jakob@cvs.openbsd.org 2001/07/31 12:53:34 - [scard.c] - close smartcard connection if card is missing - - markus@cvs.openbsd.org 2001/08/01 22:03:33 - [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c - ssh-agent.c ssh.c] - use strings instead of ints for smartcard reader ids - - markus@cvs.openbsd.org 2001/08/01 22:16:45 - [ssh.1 sshd.8] - refer to current ietf drafts for protocol v2 - - markus@cvs.openbsd.org 2001/08/01 23:33:09 - [ssh-keygen.c] - allow uploading RSA keys for non-default AUT0 (sha1 over passphrase - like sectok). - - markus@cvs.openbsd.org 2001/08/01 23:38:45 - [scard.c ssh.c] - support finish rsa keys. - free public keys after login -> call finish -> close smartcard. - - markus@cvs.openbsd.org 2001/08/02 00:10:17 - [ssh-keygen.c] - add -D readerid option (download, i.e. print public RSA key to stdout). - check for card present when uploading keys. - use strings instead of ints for smartcard reader ids, too. - - jakob@cvs.openbsd.org 2001/08/02 08:58:35 - [ssh-keygen.c] - change -u (upload smartcard key) to -U. ok markus@ - - jakob@cvs.openbsd.org 2001/08/02 15:06:52 - [ssh-keygen.c] - more verbose usage(). ok markus@ - - jakob@cvs.openbsd.org 2001/08/02 15:07:23 - [ssh-keygen.1] - document smartcard upload/download. ok markus@ - - jakob@cvs.openbsd.org 2001/08/02 15:32:10 - [ssh.c] - add smartcard to usage(). ok markus@ - - jakob@cvs.openbsd.org 2001/08/02 15:43:57 - [ssh-agent.c ssh.c ssh-keygen.c] - add /* SMARTCARD */ to #else/#endif. ok markus@ - - jakob@cvs.openbsd.org 2001/08/02 16:14:05 - [scard.c ssh-agent.c ssh.c ssh-keygen.c] - clean up some /* SMARTCARD */. ok markus@ - - mpech@cvs.openbsd.org 2001/08/02 18:37:35 - [ssh-keyscan.1] - o) .Sh AUTHOR -> .Sh AUTHORS; - o) .Sh EXAMPLE -> .Sh EXAMPLES; - o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION; - - millert@ ok - - jakob@cvs.openbsd.org 2001/08/03 10:31:19 - [ssh-add.1] - document smartcard options. ok markus@ - - jakob@cvs.openbsd.org 2001/08/03 10:31:30 - [ssh-add.c ssh-agent.c ssh-keyscan.c] - improve usage(). ok markus@ - - markus@cvs.openbsd.org 2001/08/05 23:18:20 - [ssh-keyscan.1 ssh-keyscan.c] - ssh 2 support; from wayned@users.sourceforge.net - - markus@cvs.openbsd.org 2001/08/05 23:29:58 - [ssh-keyscan.c] - make -t dsa work with commercial servers, too - - stevesk@cvs.openbsd.org 2001/08/06 19:47:05 - [scp.c] - use alarm vs. setitimer for portable; ok markus@ - - (bal) ssh-keyscan double -lssh hack due to seed_rng(). - - (bal) Second around of UNICOS patches. A few other things left. - Patches by William L. Jones - -20010803 - - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on - a fast UltraSPARC. - -20010726 - - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD - handler has converged. - -20010725 - - (bal) Added 'install-nokeys' to Makefile to assist package builders. - -20010724 - - (bal) 4711 not 04711 for ssh binary. - -20010722 - - (bal) Starting the Unicossmk merger. File merged TODO, configure.in, - myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in. - Added openbsd-compat/bsd-cray.c. Rest will be merged after - approval. Selective patches from William L. Jones - - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/07/18 21:10:43 - [sshpty.c] - pr #1946, allow sshd if /dev is readonly - - stevesk@cvs.openbsd.org 2001/07/18 21:40:40 - [ssh-agent.c] - chdir("/") from bbraun@synack.net; ok markus@ - - stevesk@cvs.openbsd.org 2001/07/19 00:41:44 - [ssh.1] - escape chars are below now - - markus@cvs.openbsd.org 2001/07/20 14:46:11 - [ssh-agent.c] - do not exit() from signal handlers; ok deraadt@ - - stevesk@cvs.openbsd.org 2001/07/20 18:41:51 - [ssh.1] - "the" command line - -20010719 - - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS. - report from Mark Miller - -20010718 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/07/14 15:10:17 - [readpass.c sftp-client.c sftp-common.c sftp-glob.c] - delete spurious #includes; ok deraadt@ markus@ - - markus@cvs.openbsd.org 2001/07/15 16:17:08 - [serverloop.c] - schedule client alive for ssh2 only, greg@cheers.bungi.com - - stevesk@cvs.openbsd.org 2001/07/15 16:57:21 - [ssh-agent.1] - -d will not fork; ok markus@ - - stevesk@cvs.openbsd.org 2001/07/15 16:58:29 - [ssh-agent.c] - typo in usage; ok markus@ - - markus@cvs.openbsd.org 2001/07/17 20:48:42 - [ssh-agent.c] - update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com - - markus@cvs.openbsd.org 2001/07/17 21:04:58 - [channels.c channels.h clientloop.c nchan.c serverloop.c] - keep track of both maxfd and the size of the malloc'ed fdsets. - update maxfd if maxfd gets closed. - - mouring@cvs.openbsd.org 2001/07/18 16:45:52 - [scp.c] - Missing -o in scp usage() - - (bal) Cleaned up trailing spaces in ChangeLog. - - (bal) Allow sshd to switch user context without password for Cygwin. - Patch by Corinna Vinschen - - (bal) Updated cygwin README and ssh-host-config. Patch by - Corinna Vinschen - -20010715 - - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by - Josh Larios - - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in. - needed by openbsd-compat/fake-getaddrinfo.c - -20010714 - - (stevesk) change getopt() declaration - - (stevesk) configure.in: use ll suffix for long long constant - in snprintf() test - -20010713 - - (djm) Enable /etc/nologin check on PAM systems, as some lack the - pam_nologin module. Report from William Yodlowsky - - - (djm) Revert dirname fix, a better one is on its way. - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/07/04 22:47:19 - [ssh-agent.c] - ignore SIGPIPE when debugging, too - - markus@cvs.openbsd.org 2001/07/04 23:13:10 - [scard.c scard.h ssh-agent.c] - handle card removal more gracefully, add sc_close() to scard.h - - markus@cvs.openbsd.org 2001/07/04 23:39:07 - [ssh-agent.c] - for smartcards remove both RSA1/2 keys - - markus@cvs.openbsd.org 2001/07/04 23:49:27 - [ssh-agent.c] - handle mutiple adds of the same smartcard key - - espie@cvs.openbsd.org 2001/07/05 11:43:33 - [sftp-glob.c] - Directly cast to the right type. Ok markus@ - - stevesk@cvs.openbsd.org 2001/07/05 20:32:47 - [sshconnect1.c] - statement after label; ok dugsong@ - - stevesk@cvs.openbsd.org 2001/07/08 15:23:38 - [servconf.c] - fix ``MaxStartups max''; ok markus@ - - fgsch@cvs.openbsd.org 2001/07/09 05:58:47 - [ssh.c] - Use getopt(3); markus@ ok. - - deraadt@cvs.openbsd.org 2001/07/09 07:04:53 - [session.c sftp-int.c] - correct type on last arg to execl(); nordin@cse.ogi.edu - - markus@cvs.openbsd.org 2001/07/10 21:49:12 - [readpass.c] - don't panic if fork or pipe fail (just return an empty passwd). - - itojun@cvs.openbsd.org 2001/07/11 00:24:53 - [servconf.c] - make it compilable in all 4 combination of KRB4/KRB5 settings. - dugsong ok - XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and - -I/usr/include/kerberosV? - - markus@cvs.openbsd.org 2001/07/11 16:29:59 - [ssh.c] - sort options string, fix -p, add -k - - markus@cvs.openbsd.org 2001/07/11 18:26:15 - [auth.c] - no need to call dirname(pw->pw_dir). - note that dirname(3) modifies its argument on some systems. - - (djm) Reorder Makefile.in so clean targets work a little better when - run directly from Makefile.in - - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension. - -20010711 - - (djm) dirname(3) may modify its argument on glibc and other systems. - Patch from markus@, spotted by Tom Holroyd - -20010704 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/06/25 08:25:41 - [channels.c channels.h cipher.c clientloop.c compat.c compat.h - hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c - session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h] - update copyright for 2001 - - markus@cvs.openbsd.org 2001/06/25 17:18:27 - [ssh-keygen.1] - sshd(8) will never read the private keys, but ssh(1) does; - hugh@mimosa.com - - provos@cvs.openbsd.org 2001/06/25 17:54:47 - [auth.c auth.h auth-rsa.c] - terminate secure_filename checking after checking homedir. that way - it works on AFS. okay markus@ - - stevesk@cvs.openbsd.org 2001/06/25 20:26:37 - [auth2.c sshconnect2.c] - prototype cleanup; ok markus@ - - markus@cvs.openbsd.org 2001/06/26 02:47:07 - [ssh-keygen.c] - allow loading a private RSA key to a cyberflex card. - - markus@cvs.openbsd.org 2001/06/26 04:07:06 - [ssh-agent.1 ssh-agent.c] - add debug flag - - markus@cvs.openbsd.org 2001/06/26 04:59:59 - [authfd.c authfd.h ssh-add.c] - initial support for smartcards in the agent - - markus@cvs.openbsd.org 2001/06/26 05:07:43 - [ssh-agent.c] - update usage - - markus@cvs.openbsd.org 2001/06/26 05:33:34 - [ssh-agent.c] - more smartcard support. - - mpech@cvs.openbsd.org 2001/06/26 05:48:07 - [sshd.8] - remove unnecessary .Pp between .It; - millert@ ok - - markus@cvs.openbsd.org 2001/06/26 05:50:11 - [auth2.c] - new interface for secure_filename() - - itojun@cvs.openbsd.org 2001/06/26 06:32:58 - [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h - buffer.h canohost.h channels.h cipher.h clientloop.h compat.h - compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h - hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h - radix.h readconf.h readpass.h rsa.h] - prototype pedant. not very creative... - - () -> (void) - - no variable names - - itojun@cvs.openbsd.org 2001/06/26 06:33:07 - [servconf.h serverloop.h session.h sftp-client.h sftp-common.h - sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h - ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h] - prototype pedant. not very creative... - - () -> (void) - - no variable names - - dugsong@cvs.openbsd.org 2001/06/26 16:15:25 - [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h - servconf.c servconf.h session.c sshconnect1.c sshd.c] - Kerberos v5 support for SSH1, mostly from Assar Westerlund - and Bjorn Gronvall . markus@ ok - - markus@cvs.openbsd.org 2001/06/26 17:25:34 - [ssh.1] - document SSH_ASKPASS; fubob@MIT.EDU - - markus@cvs.openbsd.org 2001/06/26 17:27:25 - [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h - canohost.h channels.h cipher.h clientloop.h compat.h compress.h - crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h - hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h - packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h - session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h - sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h - tildexpand.h uidswap.h uuencode.h xmalloc.h] - remove comments from .h, since they are cut&paste from the .c files - and out of sync - - dugsong@cvs.openbsd.org 2001/06/26 17:41:49 - [servconf.c] - #include - - markus@cvs.openbsd.org 2001/06/26 20:14:11 - [key.c key.h ssh.c sshconnect1.c sshconnect2.c] - add smartcard support to the client, too (now you can use both - the agent and the client). - - markus@cvs.openbsd.org 2001/06/27 02:12:54 - [serverloop.c serverloop.h session.c session.h] - quick hack to make ssh2 work again. - - markus@cvs.openbsd.org 2001/06/27 04:48:53 - [auth.c match.c sshd.8] - tridge@samba.org - - markus@cvs.openbsd.org 2001/06/27 05:35:42 - [ssh-keygen.c] - use cyberflex_inq_class to inquire class. - - markus@cvs.openbsd.org 2001/06/27 05:42:25 - [rsa.c rsa.h ssh-agent.c ssh-keygen.c] - s/generate_additional_parameters/rsa_generate_additional_parameters/ - http://www.humppa.com/ - - markus@cvs.openbsd.org 2001/06/27 06:26:36 - [ssh-add.c] - convert to getopt(3) - - stevesk@cvs.openbsd.org 2001/06/28 19:57:35 - [ssh-keygen.c] - '\0' terminated data[] is ok; ok markus@ - - markus@cvs.openbsd.org 2001/06/29 07:06:34 - [ssh-keygen.c] - new error handling for cyberflex_* - - markus@cvs.openbsd.org 2001/06/29 07:11:01 - [ssh-keygen.c] - initialize early - - stevesk@cvs.openbsd.org 2001/06/29 18:38:44 - [clientloop.c] - sync function definition with declaration; ok markus@ - - stevesk@cvs.openbsd.org 2001/06/29 18:40:28 - [channels.c] - use socklen_t for getsockopt arg #5; ok markus@ - - stevesk@cvs.openbsd.org 2001/06/30 18:08:40 - [channels.c channels.h clientloop.c] - adress -> address; ok markus@ - - markus@cvs.openbsd.org 2001/07/02 13:59:15 - [serverloop.c session.c session.h] - wait until !session_have_children(); bugreport from - Lutz.Jaenicke@aet.TU-Cottbus.DE - - markus@cvs.openbsd.org 2001/07/02 22:29:20 - [readpass.c] - do not return NULL, use "" instead. - - markus@cvs.openbsd.org 2001/07/02 22:40:18 - [ssh-keygen.c] - update for sectok.h interface changes. - - markus@cvs.openbsd.org 2001/07/02 22:52:57 - [channels.c channels.h serverloop.c] - improve cleanup/exit logic in ssh2: - stop listening to channels, detach channel users (e.g. sessions). - wait for children (i.e. dying sessions), send exit messages, - cleanup all channels. - - (bal) forget a few new files in sync up. - - (bal) Makefile fix up requires scard.c - - (stevesk) sync misc.h - - (stevesk) more sync for session.c - - (stevesk) sync servconf.h (comments) - - (tim) [contrib/caldera/openssh.spec] sync with Caldera - - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to - issue warning (line 1: tokens ignored at end of directive line) - - (tim) [sshconnect1.c] give the compiler something to do for success: - if KRB5 and AFS are not defined - (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: }) - -20010629 - - (bal) Removed net_aton() since we don't use it any more - - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c. - - (bal) Updated zlib's home. Thanks to David Howe . - - (stevesk) remove _REENTRANT #define - - (stevesk) session.c: use u_int for envsize - - (stevesk) remove cli.[ch] - -20010628 - - (djm) Sync openbsd-compat with -current libc - - (djm) Fix from Lutz Jaenicke for my - broken makefile - - (bal) Removed strtok_r() and inet_ntop() since they are no longer used. - - (bal) Remove getusershell() since it's no longer used. - -20010627 - - (djm) Reintroduce pam_session call for non-pty sessions. - - (djm) Remove redundant and incorrect test for max auth attempts in - PAM kbdint code. Based on fix from Matthew Melvin - - - (djm) Rename sysconfdir/primes => sysconfdir/moduli - - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename - existing primes->moduli if it exists. - - (djm) Sync with -current openbsd-compat/readpassphrase.c: - - djm@cvs.openbsd.org 2001/06/27 13:23:30 - typo, spotted by Tom Holroyd ; ok deraadt@ - - (djm) Turn up warnings if gcc or egcs detected - - (stevesk) for HP-UX 11.X use X/Open socket interface; - pulls in modern socket prototypes and eliminates a number of compiler - warnings. see xopen_networking(7). - - (stevesk) fix x11 forwarding from _PATH_XAUTH change - - (stevesk) use X/Open socket interface for HP-UX 10.X also - -20010625 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/06/21 21:08:25 - [session.c] - don't reset forced_command (we allow multiple login shells in - ssh2); dwd@bell-labs.com - - mpech@cvs.openbsd.org 2001/06/22 10:17:51 - [ssh.1 sshd.8 ssh-keyscan.1] - o) .Sh AUTHOR -> .Sh AUTHORS; - o) remove unnecessary .Pp; - o) better -mdoc style; - o) typo; - o) sort SEE ALSO; - aaron@ ok - - provos@cvs.openbsd.org 2001/06/22 21:27:08 - [dh.c pathnames.h] - use /etc/moduli instead of /etc/primes, okay markus@ - - provos@cvs.openbsd.org 2001/06/22 21:28:53 - [sshd.8] - document /etc/moduli - - markus@cvs.openbsd.org 2001/06/22 21:55:49 - [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config - ssh-keygen.1] - merge authorized_keys2 into authorized_keys. - authorized_keys2 is used for backward compat. - (just append authorized_keys2 to authorized_keys). - - provos@cvs.openbsd.org 2001/06/22 21:57:59 - [dh.c] - increase linebuffer to deal with larger moduli; use rewind instead of - close/open - - markus@cvs.openbsd.org 2001/06/22 22:21:20 - [sftp-server.c] - allow long usernames/groups in readdir - - markus@cvs.openbsd.org 2001/06/22 23:35:21 - [ssh.c] - don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@ - - deraadt@cvs.openbsd.org 2001/06/23 00:16:16 - [scp.c] - slightly better care - - markus@cvs.openbsd.org 2001/06/23 00:20:57 - [auth2.c auth.c auth.h auth-rh-rsa.c] - *known_hosts2 is obsolete for hostbased authentication and - only used for backward compat. merge ssh1/2 hostkey check - and move it to auth.c - - deraadt@cvs.openbsd.org 2001/06/23 02:33:05 - [sftp.1 sftp-server.8 ssh-keygen.1] - join .%A entries; most by bk@rt.fm - - markus@cvs.openbsd.org 2001/06/23 02:34:33 - [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1 - sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8] - get rid of known_hosts2, use it for hostkey lookup, but do not - modify. - - markus@cvs.openbsd.org 2001/06/23 03:03:59 - [sshd.8] - draft-ietf-secsh-dh-group-exchange-01.txt - - markus@cvs.openbsd.org 2001/06/23 03:04:42 - [auth2.c auth-rh-rsa.c] - restore correct ignore_user_known_hosts logic. - - markus@cvs.openbsd.org 2001/06/23 05:26:02 - [key.c] - handle sigature of size 0 (some broken clients send this). - - deraadt@cvs.openbsd.org 2001/06/23 05:57:09 - [sftp.1 sftp-server.8 ssh-keygen.1] - ok, tmac is now fixed - - markus@cvs.openbsd.org 2001/06/23 06:41:10 - [ssh-keygen.c] - try to decode ssh-3.0.0 private rsa keys - (allow migration to openssh, not vice versa), #910 - - itojun@cvs.openbsd.org 2001/06/23 15:12:20 - [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c - canohost.c channels.c cipher.c clientloop.c deattack.c dh.c - hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c - readpass.c scp.c servconf.c serverloop.c session.c sftp.c - sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c - ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c - ssh-keygen.c ssh-keyscan.c] - more strict prototypes. raise warning level in Makefile.inc. - markus ok'ed - TODO; cleanup headers - - markus@cvs.openbsd.org 2001/06/23 17:05:22 - [ssh-keygen.c] - fix import for (broken?) ssh.com/f-secure private keys - (i tested > 1000 RSA keys) - - itojun@cvs.openbsd.org 2001/06/23 17:48:18 - [sftp.1 ssh.1 sshd.8 ssh-keyscan.1] - kill whitespace at EOL. - - markus@cvs.openbsd.org 2001/06/23 19:12:43 - [sshd.c] - pidfile/sigterm race; bbraun@synack.net - - markus@cvs.openbsd.org 2001/06/23 22:37:46 - [sshconnect1.c] - consistent with ssh2: skip key if empty passphrase is entered, - retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@ - - markus@cvs.openbsd.org 2001/06/24 05:25:10 - [auth-options.c match.c match.h] - move ip+hostname check to match.c - - markus@cvs.openbsd.org 2001/06/24 05:35:33 - [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c] - switch to readpassphrase(3) - 2.7/8-stable needs readpassphrase.[ch] from libc - - markus@cvs.openbsd.org 2001/06/24 05:47:13 - [sshconnect2.c] - oops, missing format string - - markus@cvs.openbsd.org 2001/06/24 17:18:31 - [ttymodes.c] - passing modes works fine: debug2->3 - - (djm) -Wall fix for session.c - - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and - Solaris - -20010622 - - (stevesk) handle systems without pw_expire and pw_change. - -20010621 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/06/16 08:49:38 - [misc.c] - typo; dunlap@apl.washington.edu - - markus@cvs.openbsd.org 2001/06/16 08:50:39 - [channels.h] - bad //-style comment; thx to stevev@darkwing.uoregon.edu - - markus@cvs.openbsd.org 2001/06/16 08:57:35 - [scp.c] - no stdio or exit() in signal handlers. - - markus@cvs.openbsd.org 2001/06/16 08:58:34 - [misc.c] - copy pw_expire and pw_change, too. - - markus@cvs.openbsd.org 2001/06/19 12:34:09 - [session.c] - cleanup forced command handling, from dwd@bell-labs.com - - markus@cvs.openbsd.org 2001/06/19 14:09:45 - [session.c sshd.8] - disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com - - markus@cvs.openbsd.org 2001/06/19 15:40:45 - [session.c] - allocate and free at the same level. - - markus@cvs.openbsd.org 2001/06/20 13:56:39 - [channels.c channels.h clientloop.c packet.c serverloop.c] - move from channel_stop_listening to channel_free_all, - call channel_free_all before calling waitpid() in serverloop. - fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE - -20010615 - - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL - around grantpt(). - - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now - -20010614 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/06/13 09:10:31 - [session.c] - typo, use pid not s->pid, mstone@cs.loyola.edu - -20010613 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/06/12 10:58:29 - [session.c] - merge session_free into session_close() - merge pty_cleanup_proc into session_pty_cleanup() - - markus@cvs.openbsd.org 2001/06/12 16:10:38 - [session.c] - merge ssh1/ssh2 tty msg parse and alloc code - - markus@cvs.openbsd.org 2001/06/12 16:11:26 - [packet.c] - do not log() packet_set_maxsize - - markus@cvs.openbsd.org 2001/06/12 21:21:29 - [session.c] - remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since - we do already trust $HOME/.ssh - you can use .ssh/sshrc and .ssh/environment if you want to customize - the location of the xauth cookies - - markus@cvs.openbsd.org 2001/06/12 21:30:57 - [session.c] - unused - -20010612 - - scp.c ID update (upstream synced vfsprintf() from us) - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/06/10 11:29:20 - [dispatch.c] - we support rekeying - protocol errors are fatal. - - markus@cvs.openbsd.org 2001/06/11 10:18:24 - [session.c] - reset pointer to NULL after xfree(); report from solar@openwall.com - - markus@cvs.openbsd.org 2001/06/11 16:04:38 - [sshd.8] - typo; bdubreuil@crrel.usace.army.mil - -20010611 - - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller - - - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t - types. Patch by Jan IVEN - - (bal) Fixed Makefile.in so that 'configure; make install' works. - -20010610 - - (bal) Missed two files in major resync. auth-bsdauth.c and auth-skey.c - -20010609 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/30 12:55:13 - [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c - packet.c serverloop.c session.c ssh.c ssh1.h] - channel layer cleanup: merge header files and split .c files - - markus@cvs.openbsd.org 2001/05/30 15:20:10 - [ssh.c] - merge functions, simplify. - - markus@cvs.openbsd.org 2001/05/31 10:30:17 - [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c - packet.c serverloop.c session.c ssh.c] - undo the .c file split, just merge the header and keep the cvs - history - - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged - out of ssh Attic) - - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh - Attic. - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/31 13:08:04 - [sshd_config] - group options and add some more comments - - markus@cvs.openbsd.org 2001/06/03 14:55:39 - [channels.c channels.h session.c] - use fatal_register_cleanup instead of atexit, sync with x11 authdir - handling - - markus@cvs.openbsd.org 2001/06/03 19:36:44 - [ssh-keygen.1] - 1-2 bits of entrophy per character (not per word), ok stevesk@ - - markus@cvs.openbsd.org 2001/06/03 19:38:42 - [scp.c] - pass -v to ssh; from slade@shore.net - - markus@cvs.openbsd.org 2001/06/03 20:06:11 - [auth2-chall.c] - the challenge response device decides how to handle non-existing - users. - -> fake challenges for skey and cryptocard - - markus@cvs.openbsd.org 2001/06/04 21:59:43 - [channels.c channels.h session.c] - switch uid when cleaning up tmp files and sockets; reported by - zen-parse@gmx.net on bugtraq - - markus@cvs.openbsd.org 2001/06/04 23:07:21 - [clientloop.c serverloop.c sshd.c] - set flags in the signal handlers, do real work in the main loop, - ok provos@ - - markus@cvs.openbsd.org 2001/06/04 23:16:16 - [session.c] - merge ssh1/2 x11-fwd setup, create listener after tmp-dir - - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39 - [ssh-keyscan.1 ssh-keyscan.c] - License clarification from David Mazieres, ok deraadt@ - - markus@cvs.openbsd.org 2001/06/05 10:24:32 - [channels.c] - don't delete the auth socket in channel_stop_listening() - auth_sock_cleanup_proc() will take care of this. - - markus@cvs.openbsd.org 2001/06/05 16:46:19 - [session.c] - let session_close() delete the pty. deny x11fwd if xauthfile is set. - - markus@cvs.openbsd.org 2001/06/06 23:13:54 - [ssh-dss.c ssh-rsa.c] - cleanup, remove old code - - markus@cvs.openbsd.org 2001/06/06 23:19:35 - [ssh-add.c] - remove debug message; Darren.Moffat@eng.sun.com - - markus@cvs.openbsd.org 2001/06/07 19:57:53 - [auth2.c] - style is used for bsdauth. - disconnect on user/service change (ietf-drafts) - - markus@cvs.openbsd.org 2001/06/07 20:23:05 - [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c - sshconnect.c sshconnect1.c] - use xxx_put_cstring() - - markus@cvs.openbsd.org 2001/06/07 22:25:02 - [session.c] - don't overwrite errno - delay deletion of the xauth cookie - - markus@cvs.openbsd.org 2001/06/08 15:25:40 - [includes.h pathnames.h readconf.c servconf.c] - move the path for xauth to pathnames.h - - (bal) configure.in fix for Tru64 (forgeting to reset $LIB) - - (bal) ANSIify strmode() - - (bal) --with-catman should be --with-mantype patch by Dave - Dykstra - -20010606 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/17 21:34:15 - [ssh.1] - no spaces in PreferredAuthentications; - meixner@rbg.informatik.tu-darmstadt.de - - markus@cvs.openbsd.org 2001/05/18 14:13:29 - [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c - readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] - improved kbd-interactive support. work by per@appgate.com and me - - djm@cvs.openbsd.org 2001/05/19 00:36:40 - [session.c] - Disable X11 forwarding if xauth binary is not found. Patch from Nalin - Dahyabhai ; ok markus@ - - markus@cvs.openbsd.org 2001/05/19 16:05:41 - [scp.c] - ftruncate() instead of open()+O_TRUNC like rcp.c does - allows scp /path/to/file localhost:/path/to/file - - markus@cvs.openbsd.org 2001/05/19 16:08:43 - [sshd.8] - sort options; Matthew.Stier@fnc.fujitsu.com - - markus@cvs.openbsd.org 2001/05/19 16:32:16 - [ssh.1 sshconnect2.c] - change preferredauthentication order to - publickey,hostbased,password,keyboard-interactive - document that hostbased defaults to no, document order - - markus@cvs.openbsd.org 2001/05/19 16:46:19 - [ssh.1 sshd.8] - document MACs defaults with .Dq - - stevesk@cvs.openbsd.org 2001/05/19 19:43:57 - [misc.c misc.h servconf.c sshd.8 sshd.c] - sshd command-line arguments and configuration file options that - specify time may be expressed using a sequence of the form: - time[qualifier], where time is a positive integer value and qualifier - is one of the following: - ,s,m,h,d,w - Examples: - 600 600 seconds (10 minutes) - 10m 10 minutes - 1h30m 1 hour 30 minutes (90 minutes) - ok markus@ - - stevesk@cvs.openbsd.org 2001/05/19 19:57:09 - [channels.c] - typo in error message - - markus@cvs.openbsd.org 2001/05/20 17:20:36 - [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8 - sshd_config] - configurable authorized_keys{,2} location; originally from peter@; - ok djm@ - - markus@cvs.openbsd.org 2001/05/24 11:12:42 - [auth.c] - fix comment; from jakob@ - - stevesk@cvs.openbsd.org 2001/05/24 18:57:53 - [clientloop.c readconf.c ssh.c ssh.h] - don't perform escape processing when ``EscapeChar none''; ok markus@ - - markus@cvs.openbsd.org 2001/05/25 14:37:32 - [ssh-keygen.c] - use -P for -e and -y, too. - - markus@cvs.openbsd.org 2001/05/28 08:04:39 - [ssh.c] - fix usage() - - markus@cvs.openbsd.org 2001/05/28 10:08:55 - [authfile.c] - key_load_private: set comment to filename for PEM keys - - markus@cvs.openbsd.org 2001/05/28 22:51:11 - [cipher.c cipher.h] - simpler 3des for ssh1 - - markus@cvs.openbsd.org 2001/05/28 23:14:49 - [channels.c channels.h nchan.c] - undo broken channel fix and try a different one. there - should be still some select errors... - - markus@cvs.openbsd.org 2001/05/28 23:25:24 - [channels.c] - cleanup, typo - - markus@cvs.openbsd.org 2001/05/28 23:58:35 - [packet.c packet.h sshconnect.c sshd.c] - remove some lines, simplify. - - markus@cvs.openbsd.org 2001/05/29 12:31:27 - [authfile.c] - typo - -20010528 - - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c - Patch by Corinna Vinschen - -20010517 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/12 19:53:13 - [sftp-server.c] - readlink does not NULL-terminate; mhe@home.se - - deraadt@cvs.openbsd.org 2001/05/15 22:04:01 - [ssh.1] - X11 forwarding details improved - - markus@cvs.openbsd.org 2001/05/16 20:51:57 - [authfile.c] - return comments for private pem files, too; report from nolan@naic.edu - - markus@cvs.openbsd.org 2001/05/16 21:53:53 - [clientloop.c] - check for open sessions before we call select(); fixes the x11 client - bug reported by bowman@math.ualberta.ca - - markus@cvs.openbsd.org 2001/05/16 22:09:21 - [channels.c nchan.c] - more select() error fixes (don't set rfd/wfd to -1). - - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen - - (bal) Corrected on_exit() emulation via atexit(). - -20010512 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/11 14:59:56 - [clientloop.c misc.c misc.h] - add unset_nonblock for stdout/err flushing in client_loop(). - - (bal) Patch to partial sync up contrib/solaris/ packaging software. - Patch by pete - -20010511 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/09 22:51:57 - [channels.c] - fix -R for protocol 2, noticed by greg@nest.cx. - bug was introduced with experimental dynamic forwarding. - - markus@cvs.openbsd.org 2001/05/09 23:01:31 - [rijndael.h] - fix prototype; J.S.Peatfield@damtp.cam.ac.uk - -20010509 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/06 21:23:31 - [cli.c] - cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net - - markus@cvs.openbsd.org 2001/05/08 19:17:31 - [channels.c serverloop.c clientloop.c] - adds correct error reporting to async connect()s - fixes the server-discards-data-before-connected-bug found by - onoe@sm.sony.co.jp - - mouring@cvs.openbsd.org 2001/05/08 19:45:25 - [misc.c misc.h scp.c sftp.c] - Use addargs() in sftp plus some clean up of addargs(). OK Markus - - markus@cvs.openbsd.org 2001/05/06 21:45:14 - [clientloop.c] - use atomicio for flushing stdout/stderr bufs. thanks to - jbw@izanami.cee.hw.ac.uk - - markus@cvs.openbsd.org 2001/05/08 22:48:07 - [atomicio.c] - no need for xmalloc.h, thanks to espie@ - - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison - - - (bal) ./configure support to disable SIA on OSF1. Patch by - Chris Adams - - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki - - -20010508 - - (bal) Fixed configure test for USE_SIA. - -20010506 - - (djm) Update config.guess and config.sub with latest versions (from - ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux. - Suggested by Jason Mader - - (bal) White Space and #ifdef sync with OpenBSD - - (bal) Add 'seed_rng()' to ssh-add.c - - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/05/05 13:42:52 - [sftp.1 ssh-add.1 ssh-keygen.1] - typos, grammar - -20010505 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/05/04 14:21:56 - [ssh.1 sshd.8] - typos - - markus@cvs.openbsd.org 2001/05/04 14:34:34 - [channels.c] - channel_new() reallocs channels[], we cannot use Channel *c after - calling channel_new(), XXX fix this in the future... - - markus@cvs.openbsd.org 2001/05/04 23:47:34 - [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c] - move to Channel **channels (instead of Channel *channels), fixes realloc - problems. channel_new now returns a Channel *, favour Channel * over - channel id. remove old channel_allocate interface. - -20010504 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/05/03 15:07:39 - [channels.c] - typo in debug() string - - markus@cvs.openbsd.org 2001/05/03 15:45:15 - [session.c] - exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au - - stevesk@cvs.openbsd.org 2001/05/03 21:43:01 - [servconf.c] - remove "\n" from fatal() - - mouring@cvs.openbsd.org 2001/05/03 23:09:53 - [misc.c misc.h scp.c sftp.c] - Move colon() and cleanhost() to misc.c where I should I have put it in - the first place - - (bal) Updated Cygwin README by Corinna Vinschen - - (bal) Avoid socket file security issues in ssh-agent for Cygwin. - Patch by Egor Duda - -20010503 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/05/02 16:41:20 - [ssh-add.c] - fix prompt for ssh-add. - -20010502 - - OpenBSD CVS Sync - - mouring@cvs.openbsd.org 2001/05/02 01:25:39 - [readpass.c] - Put the 'const' back into ssh_askpass() function. Pointed out - by Mark Miller . OK Markus - -20010501 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/30 11:18:52 - [readconf.c readconf.h ssh.1 ssh.c sshconnect.c] - implement 'ssh -b bind_address' like 'telnet -b' - - markus@cvs.openbsd.org 2001/04/30 15:50:46 - [compat.c compat.h kex.c] - allow interop with weaker key generation used by ssh-2.0.x, x < 10 - - markus@cvs.openbsd.org 2001/04/30 16:02:49 - [compat.c] - ssh-2.0.10 has the weak-key-bug, too. - - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1 - -20010430 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/29 18:32:52 - [serverloop.c] - fix whitespace - - markus@cvs.openbsd.org 2001/04/29 19:16:52 - [channels.c clientloop.c compat.c compat.h serverloop.c] - more ssh.com-2.0.x bug-compat; from per@appgate.com - - (tim) New version of mdoc2man.pl from Mark D. Roth - - (djm) Add .cvsignore files, suggested by Wayne Davison - -20010429 - - (bal) Updated INSTALL. PCRE moved to a new place. - - (djm) Release OpenSSH-2.9p1 - -20010427 - - (bal) Fixed uidswap.c so it should work on non-posix complient systems. - patch based on 2.5.2 version by djm. - - (bal) Build manpages and config files once unless changed. Patch by - Carson Gaspar - - (bal) arpa/nameser.h does not exist on Cygwin. Patch by Corinna - Vinschen - - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by - Pekka Savola - - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen - - - (bal) version.h synced, RPM specs updated for 2.9 - - (tim) update contrib/caldera files with what Caldera is using. - - -20010425 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/23 21:57:07 - [ssh-keygen.1 ssh-keygen.c] - allow public key for -e, too - - markus@cvs.openbsd.org 2001/04/23 22:14:13 - [ssh-keygen.c] - remove debug - - (bal) Whitespace resync w/ OpenBSD for uidswap.c - - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt' - (default: off), implies KbdInteractiveAuthentication. Suggestion from - markus@ - - (djm) Include crypt.h if available in auth-passwd.c - - tim@mindrot.org 2001/04/25 21:38:01 [configure.in] - man page detection fixes for SCO - -20010424 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/22 23:58:36 - [ssh-keygen.1 ssh.1 sshd.8] - document hostbased and other cleanup - - (stevesk) start_pam() doesn't use DNS now for sshd -u0. - - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD - - (bal) sys/queue.h is bogus for NCR platform. Patch by Daniel Carroll - - - (bal) Fixed contrib/postinstall.in. Patch by wsanders@wsanders.net - -20010422 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/20 16:32:22 - [uidswap.c] - set non-privileged gid before uid; tholo@ and deraadt@ - - mouring@cvs.openbsd.org 2001/04/21 00:55:57 - [sftp.1] - Spelling - - djm@cvs.openbsd.org 2001/04/22 08:13:30 - [ssh.1] - typos spotted by stevesk@; ok deraadt@ - - markus@cvs.openbsd.org 2001/04/22 12:34:05 - [scp.c] - scp > 2GB; niles@scyld.com; ok deraadt@, djm@ - - markus@cvs.openbsd.org 2001/04/22 13:25:37 - [ssh-keygen.1 ssh-keygen.c] - rename arguments -x -> -e (export key), -X -> -i (import key) - xref draft-ietf-secsh-publickeyfile-01.txt - - markus@cvs.openbsd.org 2001/04/22 13:32:27 - [sftp-server.8 sftp.1 ssh.1 sshd.8] - xref draft-ietf-secsh-* - - markus@cvs.openbsd.org 2001/04/22 13:41:02 - [ssh-keygen.1 ssh-keygen.c] - style, noted by stevesk; sort flags in usage - -20010421 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2001/04/20 07:17:51 - [clientloop.c ssh.1] - Split out and improve escape character documentation, mention ~R in - ~? help text; ok markus@ - - Update RPM spec files for CVS version.h - - (stevesk) set the default PAM service name to __progname instead - of the hard-coded value "sshd"; from Mark D. Roth - - (stevesk) document PAM service name change in INSTALL - - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in] - fix perl test, fix nroff test, fix Makefile to build outside source tree - -20010420 - - OpenBSD CVS Sync - - ian@cvs.openbsd.org 2001/04/18 16:21:05 - [ssh-keyscan.1] - Fix typo reported in PR/1779 - - markus@cvs.openbsd.org 2001/04/18 21:57:42 - [readpass.c ssh-add.c] - call askpass from ssh, too, based on work by roth@feep.net, ok deraadt - - markus@cvs.openbsd.org 2001/04/18 22:03:45 - [auth2.c sshconnect2.c] - use FDQN with trailing dot in the hostbased auth packets, ok deraadt@ - - markus@cvs.openbsd.org 2001/04/18 22:48:26 - [auth2.c] - no longer const - - markus@cvs.openbsd.org 2001/04/18 23:43:26 - [auth2.c compat.c sshconnect2.c] - more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now - (however the 2.1.0 server seems to work only if debug is enabled...) - - markus@cvs.openbsd.org 2001/04/18 23:44:51 - [authfile.c] - error->debug; noted by fries@ - - markus@cvs.openbsd.org 2001/04/19 00:05:11 - [auth2.c] - use local variable, no function call needed. - (btw, hostbased works now with ssh.com >= 2.0.13) - - (bal) Put scp-common.h back into scp.c (it exists in the upstream - tree) pointed out by Tom Holroyd - -20010418 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/17 19:34:25 - [session.c] - move auth_approval to do_authenticated(). - do_child(): nuke hostkeys from memory - don't source .ssh/rc for subsystems. - - markus@cvs.openbsd.org 2001/04/18 14:15:00 - [canohost.c] - debug->debug3 - - (bal) renabled 'catman-do:' and fixed it. So now catman pages should - be working again. - - (bal) Makfile day... Cleaned up multiple mantype support (Patch by - Mark D. Roth ), and fixed PIDDIR support. - -20010417 - - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in - and temporary commented out 'catman-do:' since it is broken. Patches - for the first two by Lutz Jaenicke - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/04/16 08:26:04 - [key.c] - better safe than sorry in later mods; yongari@kt-is.co.kr - - markus@cvs.openbsd.org 2001/04/17 08:14:01 - [sshconnect1.c] - check for key!=NULL, thanks to costa - - markus@cvs.openbsd.org 2001/04/17 09:52:48 - [clientloop.c] - handle EINTR/EAGAIN on read; ok deraadt@ - - markus@cvs.openbsd.org 2001/04/17 10:53:26 - [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] - add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@ - - markus@cvs.openbsd.org 2001/04/17 12:55:04 - [channels.c ssh.c] - undo socks5 and https support since they are not really used and - only bloat ssh. remove -D from usage(), since '-D' is experimental. - -20010416 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/04/15 01:35:22 - [ttymodes.c] - fix comments - - markus@cvs.openbsd.org 2001/04/15 08:43:47 - [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c] - some unused variable and typos; from tomh@po.crl.go.jp - - markus@cvs.openbsd.org 2001/04/15 16:58:03 - [authfile.c ssh-keygen.c sshd.c] - don't use errno for key_{load,save}_private; discussion w/ solar@openwall - - markus@cvs.openbsd.org 2001/04/15 17:16:00 - [clientloop.c] - set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@ - should fix some of the blocking problems for rsync over SSH-1 - - stevesk@cvs.openbsd.org 2001/04/15 19:41:21 - [sshd.8] - some ClientAlive cleanup; ok markus@ - - stevesk@cvs.openbsd.org 2001/04/15 21:28:35 - [readconf.c servconf.c] - use fatal() or error() vs. fprintf(); ok markus@ - - (djm) Convert mandoc manpages to man automatically. Patch from Mark D. - Roth - - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree. - - (djm) OpenBSD CVS Sync - - mouring@cvs.openbsd.org 2001/04/16 02:31:44 - [scp.c sftp.c] - IPv6 support for sftp (which I bungled in my last patch) which is - borrowed from scp.c. Thanks to Markus@ for pointing it out. - - deraadt@cvs.openbsd.org 2001/04/16 08:05:34 - [xmalloc.c] - xrealloc dealing with ptr == nULL; mouring - - djm@cvs.openbsd.org 2001/04/16 08:19:31 - [session.c] - Split motd and hushlogin checks into seperate functions, helps for - portable. From Chris Adams ; ok markus@ - - Fix OSF SIA support displaying too much information for quiet - logins and logins where access was denied by SIA. Patch from Chris Adams - - -20010415 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/04/14 04:31:01 - [ssh-add.c] - do not double free - - markus@cvs.openbsd.org 2001/04/14 16:17:14 - [channels.c] - remove some channels that are not appropriate for keepalive. - - markus@cvs.openbsd.org 2001/04/14 16:27:57 - [ssh-add.c] - use clear_pass instead of xfree() - - stevesk@cvs.openbsd.org 2001/04/14 16:33:20 - [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h] - protocol 2 tty modes support; ok markus@ - - stevesk@cvs.openbsd.org 2001/04/14 17:04:42 - [scp.c] - 'T' handling rcp/scp sync; ok markus@ - - Missed sshtty.[ch] in Sync. - -20010414 - - Sync with OpenBSD glob.c, strlcat.c and vis.c changes - - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen - - - OpenBSD CVS Sync - - beck@cvs.openbsd.org 2001/04/13 22:46:54 - [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8] - Add options ClientAliveInterval and ClientAliveCountMax to sshd. - This gives the ability to do a "keepalive" via the encrypted channel - which can't be spoofed (unlike TCP keepalives). Useful for when you want - to use ssh connections to authenticate people for something, and know - relatively quickly when they are no longer authenticated. Disabled - by default (of course). ok markus@ - -20010413 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/12 14:29:09 - [ssh.c] - show debug output during option processing, report from - pekkas@netcore.fi - - markus@cvs.openbsd.org 2001/04/12 19:15:26 - [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h - compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h - servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c - sshconnect2.c sshd_config] - implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) - similar to RhostRSAAuthentication unless you enable (the experimental) - HostbasedUsesNameFromPacketOnly option. please test. :) - - markus@cvs.openbsd.org 2001/04/12 19:39:27 - [readconf.c] - typo - - stevesk@cvs.openbsd.org 2001/04/12 20:09:38 - [misc.c misc.h readconf.c servconf.c ssh.c sshd.c] - robust port validation; ok markus@ jakob@ - - mouring@cvs.openbsd.org 2001/04/12 23:17:54 - [sftp-int.c sftp-int.h sftp.1 sftp.c] - Add support for: - sftp [user@]host[:file [file]] - Fetch remote file(s) - sftp [user@]host[:dir[/]] - Start in remote dir/ - OK deraadt@ - - stevesk@cvs.openbsd.org 2001/04/13 01:26:17 - [ssh.c] - missing \n in error message - - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others) - lack it. - -20010412 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/10 07:46:58 - [channels.c] - cleanup socks4 handling - - itojun@cvs.openbsd.org 2001/04/10 09:13:22 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] - document id_rsa{.pub,}. markus ok - - markus@cvs.openbsd.org 2001/04/10 12:15:23 - [channels.c] - debug cleanup - - djm@cvs.openbsd.org 2001/04/11 07:06:22 - [sftp-int.c] - 'mget' and 'mput' aliases; ok markus@ - - markus@cvs.openbsd.org 2001/04/11 10:59:01 - [ssh.c] - use strtol() for ports, thanks jakob@ - - markus@cvs.openbsd.org 2001/04/11 13:56:13 - [channels.c ssh.c] - https-connect and socks5 support. i feel so bad. - - lebel@cvs.openbsd.org 2001/04/11 16:25:30 - [sshd.8 sshd.c] - implement the -e option into sshd: - -e When this option is specified, sshd will send the output to the - standard error instead of the system log. - markus@ OK. - -20010410 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/04/08 20:52:55 - [sftp.c] - do not modify an actual argv[] entry - - stevesk@cvs.openbsd.org 2001/04/08 23:28:27 - [sshd.8] - spelling - - stevesk@cvs.openbsd.org 2001/04/09 00:42:05 - [sftp.1] - spelling - - markus@cvs.openbsd.org 2001/04/09 15:12:23 - [ssh-add.c] - passphrase caching: ssh-add tries last passphrase, clears passphrase if - not successful and after last try. - based on discussions with espie@, jakob@, ... and code from jakob@ and - wolfgang@wsrcc.com - - markus@cvs.openbsd.org 2001/04/09 15:19:49 - [ssh-add.1] - ssh-add retries the last passphrase... - - stevesk@cvs.openbsd.org 2001/04/09 18:00:15 - [sshd.8] - ListenAddress mandoc from aaron@ - -20010409 - - (stevesk) use setresgid() for setegid() if needed - - (stevesk) configure.in: typo - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/04/08 16:01:36 - [sshd.8] - document ListenAddress addr:port - - markus@cvs.openbsd.org 2001/04/08 13:03:00 - [ssh-add.c] - init pointers with NULL, thanks to danimal@danimal.org - - markus@cvs.openbsd.org 2001/04/08 11:27:33 - [clientloop.c] - leave_raw_mode if ssh2 "session" is closed - - markus@cvs.openbsd.org 2001/04/06 21:00:17 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c - ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h] - do gid/groups-swap in addition to uid-swap, should help if /home/group - is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks - to olar@openwall.com is comments. we had many requests for this. - - markus@cvs.openbsd.org 2001/04/07 08:55:18 - [buffer.c channels.c channels.h readconf.c ssh.c] - allow the ssh client act as a SOCKS4 proxy (dynamic local - portforwarding). work by Dan Kaminsky and me. - thanks to Dan for this great patch: use 'ssh -D 1080 host' and make - netscape use localhost:1080 as a socks proxy. - - markus@cvs.openbsd.org 2001/04/08 11:24:33 - [uidswap.c] - KNF - -20010408 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/04/06 22:12:47 - [hostfile.c] - unused; typo in comment - - stevesk@cvs.openbsd.org 2001/04/06 22:25:25 - [servconf.c] - in addition to: - ListenAddress host|ipv4_addr|ipv6_addr - permit: - ListenAddress [host|ipv4_addr|ipv6_addr]:port - ListenAddress host|ipv4_addr:port - sshd.8 updates coming. ok markus@ - -20010407 - - (bal) CVS ID Resync of version.h - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/05 23:39:20 - [serverloop.c] - keep the ssh session even if there is no active channel. - this is more in line with the protocol spec and makes - ssh -N -L 1234:server:110 host - more useful. - based on discussion with long time ago - and recent mail from - - deraadt@cvs.openbsd.org 2001/04/06 16:46:59 - [scp.c] - remove trailing / from source paths; fixes pr#1756 - -20010406 - - (stevesk) logintest.c: fix for systems without __progname - - (stevesk) Makefile.in: log.o is in libssh.a - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/05 10:00:06 - [compat.c] - 2.3.x does old GEX, too; report jakob@ - - markus@cvs.openbsd.org 2001/04/05 10:39:03 - [compress.c compress.h packet.c] - reset compress state per direction when rekeying. - - markus@cvs.openbsd.org 2001/04/05 10:39:48 - [version.h] - temporary version 2.5.4 (supports rekeying). - this is not an official release. - - markus@cvs.openbsd.org 2001/04/05 10:42:57 - [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c - mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c - sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c - sshconnect2.c sshd.c] - fix whitespace: unexpand + trailing spaces. - - markus@cvs.openbsd.org 2001/04/05 11:09:17 - [clientloop.c compat.c compat.h] - add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions. - - markus@cvs.openbsd.org 2001/04/05 15:45:43 - [ssh.1] - ssh defaults to protocol v2; from quisar@quisar.ambre.net - - stevesk@cvs.openbsd.org 2001/04/05 15:48:18 - [canohost.c canohost.h session.c] - move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@ - - markus@cvs.openbsd.org 2001/04/05 20:01:10 - [clientloop.c] - for ~R print message if server does not support rekeying. (and fix ~R). - - markus@cvs.openbsd.org 2001/04/05 21:02:46 - [buffer.c] - better error message - - markus@cvs.openbsd.org 2001/04/05 21:05:24 - [clientloop.c ssh.c] - don't request a session for 'ssh -N', pointed out slade@shore.net - -20010405 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/04/04 09:48:35 - [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] - don't sent multiple kexinit-requests. - send newkeys, block while waiting for newkeys. - fix comments. - - markus@cvs.openbsd.org 2001/04/04 14:34:58 - [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] - enable server side rekeying + some rekey related clientup. - todo: we should not send any non-KEX messages after we send KEXINIT - - markus@cvs.openbsd.org 2001/04/04 15:50:55 - [compat.c] - f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov - - markus@cvs.openbsd.org 2001/04/04 20:25:38 - [channels.c channels.h clientloop.c kex.c kex.h serverloop.c - sshconnect2.c sshd.c] - more robust rekeying - don't send channel data after rekeying is started. - - markus@cvs.openbsd.org 2001/04/04 20:32:56 - [auth2.c] - we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@ - - markus@cvs.openbsd.org 2001/04/04 22:04:35 - [kex.c kexgex.c serverloop.c] - parse full kexinit packet. - make server-side more robust, too. - - markus@cvs.openbsd.org 2001/04/04 23:09:18 - [dh.c kex.c packet.c] - clear+free keys,iv for rekeying. - + fix DH mem leaks. ok niels@ - - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes - BROKEN_VHANGUP - -20010404 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/04/02 17:32:23 - [ssh-agent.1] - grammar; slade@shore.net - - stevesk@cvs.openbsd.org 2001/04/03 13:56:11 - [sftp-glob.c ssh-agent.c ssh-keygen.c] - free() -> xfree() - - markus@cvs.openbsd.org 2001/04/03 19:53:29 - [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c] - move kex to kex*.c, used dispatch_set() callbacks for kex. should - make rekeying easier. - - todd@cvs.openbsd.org 2001/04/03 21:19:38 - [ssh_config] - id_rsa1/2 -> id_rsa; ok markus@ - - markus@cvs.openbsd.org 2001/04/03 23:32:12 - [kex.c kex.h packet.c sshconnect2.c sshd.c] - undo parts of recent my changes: main part of keyexchange does not - need dispatch-callbacks, since application data is delayed until - the keyexchange completes (if i understand the drafts correctly). - add some infrastructure for re-keying. - - markus@cvs.openbsd.org 2001/04/04 00:06:54 - [clientloop.c sshconnect2.c] - enable client rekeying - (1) force rekeying with ~R, or - (2) if the server requests rekeying. - works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0 - - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. - -20010403 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/04/02 14:15:31 - [sshd.8] - typo; ok markus@ - - stevesk@cvs.openbsd.org 2001/04/02 14:20:23 - [readconf.c servconf.c] - correct comment; ok markus@ - - (stevesk) nchan.c: remove ostate checks and add EINVAL to - shutdown(SHUT_RD) error() bypass for HP-UX. - -20010402 - - (stevesk) log.c openbsd sync; missing newlines - - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H - -20010330 - - (djm) Another openbsd-compat/glob.c sync - - (djm) OpenBSD CVS Sync - - provos@cvs.openbsd.org 2001/03/28 21:59:41 - [kex.c kex.h sshconnect2.c sshd.c] - forgot to include min and max params in hash, okay markus@ - - provos@cvs.openbsd.org 2001/03/28 22:04:57 - [dh.c] - more sanity checking on primes file - - markus@cvs.openbsd.org 2001/03/28 22:43:31 - [auth.h auth2.c auth2-chall.c] - check auth_root_allowed for kbd-int auth, too. - - provos@cvs.openbsd.org 2001/03/29 14:24:59 - [sshconnect2.c] - use recommended defaults - - stevesk@cvs.openbsd.org 2001/03/29 21:06:21 - [sshconnect2.c sshd.c] - need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@ - - markus@cvs.openbsd.org 2001/03/29 21:17:40 - [dh.c dh.h kex.c kex.h] - prepare for rekeying: move DH code to dh.c - - djm@cvs.openbsd.org 2001/03/29 23:42:01 - [sshd.c] - Protocol 1 key regeneration log => verbose, some KNF; ok markus@ - -20010329 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/03/26 15:47:59 - [ssh.1] - document more defaults; misc. cleanup. ok markus@ - - markus@cvs.openbsd.org 2001/03/26 23:12:42 - [authfile.c] - KNF - - markus@cvs.openbsd.org 2001/03/26 23:23:24 - [rsa.c rsa.h ssh-agent.c ssh-keygen.c] - try to read private f-secure ssh v2 rsa keys. - - markus@cvs.openbsd.org 2001/03/27 10:34:08 - [ssh-rsa.c sshd.c] - use EVP_get_digestbynid, reorder some calls and fix missing free. - - markus@cvs.openbsd.org 2001/03/27 10:57:00 - [compat.c compat.h ssh-rsa.c] - some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5 - signatures in SSH protocol 2, ok djm@ - - provos@cvs.openbsd.org 2001/03/27 17:46:50 - [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h] - make dh group exchange more flexible, allow min and max group size, - okay markus@, deraadt@ - - stevesk@cvs.openbsd.org 2001/03/28 19:56:23 - [scp.c] - start to sync scp closer to rcp; ok markus@ - - stevesk@cvs.openbsd.org 2001/03/28 20:04:38 - [scp.c] - usage more like rcp and add missing -B to usage; ok markus@ - - markus@cvs.openbsd.org 2001/03/28 20:50:45 - [sshd.c] - call refuse() before close(); from olemx@ans.pl - -20010328 - - (djm) Reorder tests and library inclusion for Krb4/AFS to try to - resolve linking conflicts with libcrypto. Report and suggested fix - from Holger Trapp - - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested - fix from Philippe Levan - - (djm) Rework krbIV tests to get us closer to building on Redhat. Still - doesn't work because of conflicts between krbIV's and OpenSSL's des.h - - (djm) Sync openbsd-compat/glob.c - -20010327 - - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID) - - Fix pointer issues in waitpid() and wait() replaces. Patch by Lutz - Jaenicke - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2001/03/25 00:01:34 - [session.c] - shorten; ok markus@ - - stevesk@cvs.openbsd.org 2001/03/25 13:16:11 - [servconf.c servconf.h session.c sshd.8 sshd_config] - PrintLastLog option; from chip@valinux.com with some minor - changes by me. ok markus@ - - markus@cvs.openbsd.org 2001/03/26 08:07:09 - [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c - sshconnect.h sshconnect1.c sshconnect2.c sshd.c] - simpler key load/save interface, see authfile.h - - (djm) Reestablish PAM credentials (which can be supplemental group - memberships) after initgroups() blows them away. Report and suggested - fix from Nalin Dahyabhai - -20010324 - - Fixed permissions ssh-keyscan. Thanks to Christopher Linn . - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2001/03/23 11:04:07 - [compat.c compat.h sshconnect2.c sshd.c] - Compat for OpenSSH with broken Rijndael/AES. ok markus@ - - markus@cvs.openbsd.org 2001/03/23 12:02:49 - [auth1.c] - authctxt is now passed to do_authenticated - - markus@cvs.openbsd.org 2001/03/23 13:10:57 - [sftp-int.c] - fix put, upload to _absolute_ path, ok djm@ - - markus@cvs.openbsd.org 2001/03/23 14:28:32 - [session.c sshd.c] - ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@ - - (djm) Pull out our own SIGPIPE hacks - -20010323 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/03/22 20:22:55 - [sshd.c] - do not place linefeeds in buffer - -20010322 - - (djm) Better AIX no tty fix, spotted by Gert Doering - - (bal) version.c CVS ID resync - - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID - resync - - (bal) scp.c CVS ID resync - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/20 19:10:16 - [readconf.c] - default to SSH protocol version 2 - - markus@cvs.openbsd.org 2001/03/20 19:21:21 - [session.c] - remove unused arg - - markus@cvs.openbsd.org 2001/03/20 19:21:21 - [session.c] - remove unused arg - - markus@cvs.openbsd.org 2001/03/21 11:43:45 - [auth1.c auth2.c session.c session.h] - merge common ssh v1/2 code - - jakob@cvs.openbsd.org 2001/03/21 14:20:45 - [ssh-keygen.c] - add -B flag to usage - - markus@cvs.openbsd.org 2001/03/21 21:06:30 - [session.c] - missing init; from mib@unimelb.edu.au - -20010321 - - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve - VanDevender - - (djm) Make sure pam_retval is initialised on call to pam_end. Patch - from Solar Designer - - (djm) Don't loop forever when changing password via PAM. Patch - from Solar Designer - - (djm) Generate config files before build - - (djm) Correctly handle SIA and AIX when no tty present. Spotted and - suggested fix from Mike Battersby - -20010320 - - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS). - - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS). - - (bal) Oops. Missed globc.h change (OpenBSD CVS). - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/19 17:07:23 - [auth.c readconf.c] - undo /etc/shell and proto 2,1 change for openssh-2.5.2 - - markus@cvs.openbsd.org 2001/03/19 17:12:10 - [version.h] - version 2.5.2 - - (djm) Update RPM spec version - - (djm) Release 2.5.2p1 -- tim@mindrot.org 2001/03/19 18:33:47 [defines.h] - change S_ISLNK macro to work for UnixWare 2.03 -- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c] - add get_arg_max(). Use sysconf() if ARG_MAX is not defined - -20010319 - - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to - do it implicitly. - - (djm) Add getusershell() functions from OpenBSD CVS - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/18 12:07:52 - [auth-options.c] - ignore permitopen="host:port" if AllowTcpForwarding==no - - (djm) Make scp work on systems without 64-bit ints - - tim@mindrot.org 2001/03/18 18:28:39 [defines.h] - move HAVE_LONG_LONG_INT where it works - - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix - stuff. Change suggested by Mark Miller - - (bal) Small fix to scp. %lu vs %ld - - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS* - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2001/03/19 03:52:51 - [sftp-client.c] - Report ssh connection closing correctly; ok deraadt@ - - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 - [compat.c compat.h sshd.c] - specifically version match on ssh scanners. do not log scan - information to the console - - djm@cvs.openbsd.org 2001/03/19 12:10:17 - [sshd.8] - Document permitopen authorized_keys option; ok markus@ - - djm@cvs.openbsd.org 2001/03/19 05:49:52 - [ssh.1] - document PreferredAuthentications option; ok markus@ - - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX - -20010318 - - (bal) Fixed scp type casing issue which causes "scp: protocol error: - size not delimited" fatal errors when tranfering. - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/17 17:27:59 - [auth.c] - check /etc/shells, too - - tim@mindrot.org 2001/03/17 18:45:25 [compat.c] - openbsd-compat/fake-regex.h - -20010317 - - Support usrinfo() on AIX. Based on patch from Gert Doering - - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/15 15:05:59 - [scp.c] - use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi - - markus@cvs.openbsd.org 2001/03/15 22:07:08 - [session.c] - pass Session to do_child + KNF - - djm@cvs.openbsd.org 2001/03/16 08:16:18 - [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c] - Revise globbing for get/put to be more shell-like. In particular, - "get/put file* directory/" now works. ok markus@ - - markus@cvs.openbsd.org 2001/03/16 09:55:53 - [sftp-int.c] - fix memset and whitespace - - markus@cvs.openbsd.org 2001/03/16 13:44:24 - [sftp-int.c] - discourage strcat/strcpy - - markus@cvs.openbsd.org 2001/03/16 19:06:30 - [auth-options.c channels.c channels.h serverloop.c session.c] - implement "permitopen" key option, restricts -L style forwarding to - to specified host:port pairs. based on work by harlan@genua.de - - Check for gl_matchc support in glob_t and fall back to the - openbsd-compat/glob.[ch] support if it does not exist. - -20010315 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/14 08:57:14 - [sftp-client.c] - Wall - - markus@cvs.openbsd.org 2001/03/14 15:15:58 - [sftp-int.c] - add version command - - deraadt@cvs.openbsd.org 2001/03/14 22:50:25 - [sftp-server.c] - note no getopt() - - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h" - - (bal) Cygwin README change by Corinna Vinschen - -20010314 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/13 17:34:42 - [auth-options.c] - missing xfree, deny key on parse error; ok stevesk@ - - djm@cvs.openbsd.org 2001/03/13 22:42:54 - [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c] - sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@ - - (bal) Fix strerror() in bsd-misc.c - - (djm) Add replacement glob() from OpenBSD libc if the system glob is - missing or lacks the GLOB_ALTDIRFUNC extension - - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers - relatively. Avoids conflict between glob.h and /usr/include/glob.h - -20010313 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/12 22:02:02 - [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c] - remove old key_fingerprint interface, s/_ex// - -20010312 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/11 13:25:36 - [auth2.c key.c] - debug - - jakob@cvs.openbsd.org 2001/03/11 15:03:16 - [key.c key.h] - add improved fingerprint functions. based on work by Carsten - Raskgaard and modified by me. ok markus@. - - jakob@cvs.openbsd.org 2001/03/11 15:04:16 - [ssh-keygen.1 ssh-keygen.c] - print both md5, sha1 and bubblebabble fingerprints when using - ssh-keygen -l -v. ok markus@. - - jakob@cvs.openbsd.org 2001/03/11 15:13:09 - [key.c] - cleanup & shorten some var names key_fingerprint_bubblebabble. - - deraadt@cvs.openbsd.org 2001/03/11 16:39:03 - [ssh-keygen.c] - KNF, and SHA1 binary output is just creeping featurism - - tim@mindrot.org 2001/03/11 17:29:32 [configure.in] - test if snprintf() supports %ll - add /dev to search path for PRNGD/EGD socket - fix my mistake in USER_PATH test program - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/11 18:29:51 - [key.c] - style+cleanup - - markus@cvs.openbsd.org 2001/03/11 22:33:24 - [ssh-keygen.1 ssh-keygen.c] - remove -v again. use -B instead for bubblebabble. make -B consistent - with -l and make -B work with /path/to/known_hosts. ok deraadt@ - - (djm) Bump portable version number for generating test RPMs - - (djm) Add "static_openssl" RPM build option, remove rsh build dependency - - (bal) Reorder includes in Makefile. - -20010311 - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/10 12:48:27 - [sshconnect2.c] - ignore nonexisting private keys; report rjmooney@mediaone.net - - deraadt@cvs.openbsd.org 2001/03/10 12:53:51 - [readconf.c ssh_config] - default to SSH2, now that m68k runs fast - - stevesk@cvs.openbsd.org 2001/03/10 15:02:05 - [ttymodes.c ttymodes.h] - remove unused sgtty macros; ok markus@ - - deraadt@cvs.openbsd.org 2001/03/10 15:31:00 - [compat.c compat.h sshconnect.c] - all known netscreen ssh versions, and older versions of OSU ssh cannot - handle password padding (newer OSU is fixed) - - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config] - make sure $bindir is in USER_PATH so scp will work - - OpenBSD CVS Sync - - markus@cvs.openbsd.org 2001/03/10 17:51:04 - [kex.c match.c match.h readconf.c readconf.h sshconnect2.c] - add PreferredAuthentications - -20010310 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/03/09 03:14:39 - [ssh-keygen.c] - create *.pub files with umask 0644, so that you can mv them to - authorized_keys - - deraadt@cvs.openbsd.org 2001/03/09 12:30:29 - [sshd.c] - typo; slade@shore.net - - Removed log.o from sftp client. Not needed. - -20010309 - - OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2001/03/08 18:47:12 - [auth1.c] - unused; ok markus@ - - stevesk@cvs.openbsd.org 2001/03/08 20:44:48 - [sftp.1] - spelling, cleanup; ok deraadt@ - - markus@cvs.openbsd.org 2001/03/08 21:42:33 - [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c] - implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> - no need to do enter passphrase or do expensive sign operations if the - server does not accept key). - -20010308 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2001/03/07 10:11:23 - [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h] - Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling - functions and small protocol change. - - markus@cvs.openbsd.org 2001/03/08 00:15:48 - [readconf.c ssh.1] - turn off useprivilegedports by default. only rhost-auth needs - this. older sshd's may need this, too. - - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H; - Dirk Markwardt - -20010307 - - (bal) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/03/06 06:11:18 - [ssh-keyscan.c] - appease gcc - - deraadt@cvs.openbsd.org 2001/03/06 06:11:44 - [sftp-int.c sftp.1 sftp.c] - sftp -b batchfile; mouring@etoh.eviladmin.org - - deraadt@cvs.openbsd.org 2001/03/06 15:10:42 - [sftp.1] - order things - - deraadt@cvs.openbsd.org 2001/03/07 01:19:06 - [ssh.1 sshd.8] - the name "secure shell" is boring, noone ever uses it - - deraadt@cvs.openbsd.org 2001/03/07 04:05:58 - [ssh.1] - removed dated comment - - Cygwin contrib improvements from Corinna Vinschen - -20010306 - - (bal) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/03/05 14:28:47 - [sshd.8] - alpha order; jcs@rt.fm - - stevesk@cvs.openbsd.org 2001/03/05 15:44:51 - [servconf.c] - sync error message; ok markus@ - - deraadt@cvs.openbsd.org 2001/03/05 15:56:16 - [myproposal.h ssh.1] - switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster; - provos & markus ok - - deraadt@cvs.openbsd.org 2001/03/05 16:07:15 - [sshd.8] - detail default hmac setup too - - markus@cvs.openbsd.org 2001/03/05 17:17:21 - [kex.c kex.h sshconnect2.c sshd.c] - generate a 2*need size (~300 instead of 1024/2048) random private - exponent during the DH key agreement. according to Niels (the great - german advisor) this is safe since /etc/primes contains strong - primes only. - - References: - P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key - agreement with short exponents, In Advances in Cryptology - - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343. - - stevesk@cvs.openbsd.org 2001/03/05 17:40:48 - [ssh.1] - more ssh_known_hosts2 documentation; ok markus@ - - stevesk@cvs.openbsd.org 2001/03/05 17:58:22 - [dh.c] - spelling - - deraadt@cvs.openbsd.org 2001/03/06 00:33:04 - [authfd.c cli.c ssh-agent.c] - EINTR/EAGAIN handling is required in more cases - - millert@cvs.openbsd.org 2001/03/06 01:06:03 - [ssh-keyscan.c] - Don't assume we wil get the version string all in one read(). - deraadt@ OK'd - - millert@cvs.openbsd.org 2001/03/06 01:08:27 - [clientloop.c] - If read() fails with EINTR deal with it the same way we treat EAGAIN - -20010305 - - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch] - - (bal) CVS ID touch up on sftp-int.c - - (bal) CVS ID touch up on uuencode.c - - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c - - (bal) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2001/02/17 23:48:48 - [sshd.8] - it's the OpenSSH one - - deraadt@cvs.openbsd.org 2001/02/21 07:37:04 - [ssh-keyscan.c] - inline -> __inline__, and some indent - - deraadt@cvs.openbsd.org 2001/02/21 09:05:54 - [authfile.c] - improve fd handling - - deraadt@cvs.openbsd.org 2001/02/21 09:12:56 - [sftp-server.c] - careful with & and &&; markus ok - - stevesk@cvs.openbsd.org 2001/02/21 21:14:04 - [ssh.c] - -i supports DSA identities now; ok markus@ - - deraadt@cvs.openbsd.org 2001/02/22 04:29:37 - [servconf.c] - grammar; slade@shore.net - - deraadt@cvs.openbsd.org 2001/02/22 06:43:55 - [ssh-keygen.1 ssh-keygen.c] - document -d, and -t defaults to rsa1 - - deraadt@cvs.openbsd.org 2001/02/22 08:03:51 - [ssh-keygen.1 ssh-keygen.c] - bye bye -d - - deraadt@cvs.openbsd.org 2001/02/22 18:09:06 - [sshd_config] - activate RSA 2 key - - markus@cvs.openbsd.org 2001/02/22 21:57:27 - [ssh.1 sshd.8] - typos/grammar from matt@anzen.com - - markus@cvs.openbsd.org 2001/02/22 21:59:44 - [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c] - use pwcopy in ssh.c, too - - markus@cvs.openbsd.org 2001/02/23 15:34:53 - [serverloop.c] - debug2->3 - - markus@cvs.openbsd.org 2001/02/23 18:15:13 - [sshd.c] - the random session key depends now on the session_key_int - sent by the 'attacker' - dig1 = md5(cookie|session_key_int); - dig2 = md5(dig1|cookie|session_key_int); - fake_session_key = dig1|dig2; - this change is caused by a mail from anakin@pobox.com - patch based on discussions with my german advisor niels@openbsd.org - - deraadt@cvs.openbsd.org 2001/02/24 10:37:55 - [readconf.c] - look for id_rsa by default, before id_dsa - - deraadt@cvs.openbsd.org 2001/02/24 10:37:26 - [sshd_config] - ssh2 rsa key before dsa key - - markus@cvs.openbsd.org 2001/02/27 10:35:27 - [packet.c] - fix random padding - - markus@cvs.openbsd.org 2001/02/27 11:00:11 - [compat.c] - support SSH-2.0-2.1 ; from Christophe_Moret@hp.com - - deraadt@cvs.openbsd.org 2001/02/28 05:34:28 - [misc.c] - pull in protos - - deraadt@cvs.openbsd.org 2001/02/28 05:36:28 - [sftp.c] - do not kill the subprocess on termination (we will see if this helps - things or hurts things) - - markus@cvs.openbsd.org 2001/02/28 08:45:39 - [clientloop.c] - fix byte counts for ssh protocol v1 - - markus@cvs.openbsd.org 2001/02/28 08:54:55 - [channels.c nchan.c nchan.h] - make sure remote stderr does not get truncated. - remove closed fd's from the select mask. - - markus@cvs.openbsd.org 2001/02/28 09:57:07 - [packet.c packet.h sshconnect2.c] - in ssh protocol v2 use ignore messages for padding (instead of - trailing \0). - - markus@cvs.openbsd.org 2001/02/28 12:55:07 - [channels.c] - unify debug messages - - deraadt@cvs.openbsd.org 2001/02/28 17:52:54 - [misc.c] - for completeness, copy pw_gecos too - - markus@cvs.openbsd.org 2001/02/28 21:21:41 - [sshd.c] - generate a fake session id, too - - markus@cvs.openbsd.org 2001/02/28 21:27:48 - [channels.c packet.c packet.h serverloop.c] - use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message - use random content in ignore messages. - - markus@cvs.openbsd.org 2001/02/28 21:31:32 - [channels.c] - typo - - deraadt@cvs.openbsd.org 2001/03/01 02:11:25 - [authfd.c] - split line so that p will have an easier time next time around - - deraadt@cvs.openbsd.org 2001/03/01 02:29:04 - [ssh.c] - shorten usage by a line - - deraadt@cvs.openbsd.org 2001/03/01 02:45:10 - [auth-rsa.c auth2.c deattack.c packet.c] - KNF - - deraadt@cvs.openbsd.org 2001/03/01 03:38:33 - [cli.c cli.h rijndael.h ssh-keyscan.1] - copyright notices on all source files - - markus@cvs.openbsd.org 2001/03/01 22:46:37 - [ssh.c] - don't truncate remote ssh-2 commands; from mkubita@securities.cz - use min, not max for logging, fixes overflow. - - deraadt@cvs.openbsd.org 2001/03/02 06:21:01 - [sshd.8] - explain SIGHUP better - - deraadt@cvs.openbsd.org 2001/03/02 09:42:49 - [sshd.8] - doc the dsa/rsa key pair files - - deraadt@cvs.openbsd.org 2001/03/02 18:54:31 - [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h - scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c - ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8] - make copyright lines the same format - - deraadt@cvs.openbsd.org 2001/03/03 06:53:12 - [ssh-keyscan.c] - standard theo sweep - - millert@cvs.openbsd.org 2001/03/03 21:19:41 - [ssh-keyscan.c] - Dynamically allocate read_wait and its copies. Since maxfd is - based on resource limits it is often (usually?) larger than FD_SETSIZE. - - millert@cvs.openbsd.org 2001/03/03 21:40:30 - [sftp-server.c] - Dynamically allocate fd_set; deraadt@ OK - - millert@cvs.openbsd.org 2001/03/03 21:41:07 - [packet.c] - Dynamically allocate fd_set; deraadt@ OK - - deraadt@cvs.openbsd.org 2001/03/03 22:07:50 - [sftp-server.c] - KNF - - markus@cvs.openbsd.org 2001/03/03 23:52:22 - [sftp.c] - clean up arg processing. based on work by Christophe_Moret@hp.com - - markus@cvs.openbsd.org 2001/03/03 23:59:34 - [log.c ssh.c] - log*.c -> log.c - - markus@cvs.openbsd.org 2001/03/04 00:03:59 - [channels.c] - debug1->2 - - stevesk@cvs.openbsd.org 2001/03/04 10:57:53 - [ssh.c] - add -m to usage; ok markus@ - - stevesk@cvs.openbsd.org 2001/03/04 11:04:41 - [sshd.8] - small cleanup and clarify for PermitRootLogin; ok markus@ - - stevesk@cvs.openbsd.org 2001/03/04 11:16:06 - [servconf.c sshd.8] - kill obsolete RandomSeed; ok markus@ deraadt@ - - stevesk@cvs.openbsd.org 2001/03/04 12:54:04 - [sshd.8] - spelling - - millert@cvs.openbsd.org 2001/03/04 17:42:28 - [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c - ssh.c sshconnect.c sshd.c] - log functions should not be passed strings that end in newline as they - get passed on to syslog() and when logging to stderr, do_log() appends - its own newline. - - deraadt@cvs.openbsd.org 2001/03/04 18:21:28 - [sshd.8] - list SSH2 ciphers - - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy() - - (bal) Fix up logging since it changed. removed log-*.c - - (djm) Fix up LOG_AUTHPRIV for systems that have it - - (stevesk) OpenBSD sync: - - deraadt@cvs.openbsd.org 2001/03/05 08:37:27 - [ssh-keyscan.c] - skip inlining, why bother - - (stevesk) sftp.c: handle __progname - -20010304 - - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. - - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and - give Mark Roth credit for mdoc2man.pl - -20010303 - - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better. - - (djm) Document PAM ChallengeResponseAuthentication in sshd.8 - - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config - - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace - "--with-egd-pool" configure option with "--with-prngd-socket" and - "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke - - -20010301 - - (djm) Properly add -lcrypt if needed. - - (djm) Force standard PAM conversation function in a few more places. - Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai - - - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen - - - (djm) Released 2.5.1p2 - -20010228 - - (djm) Detect endianness in configure and use it in rijndael.c. Fixes - "Bad packet length" bugs. - - (djm) Fully revert PAM session patch (again). All PAM session init is - now done before the final fork(). - - (djm) EGD detection patch from Tim Rice - - (djm) Remove /tmp from EGD socket search list - -20010227 - - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen - - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/02/23 15:37:45 - [session.c] - handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients - - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble - - - (djm) Fix up POSIX saved uid support. Report from Mark Miller - - - (djm) Search for -lcrypt on FreeBSD too - - (djm) fatal() on OpenSSL version mismatch - - (djm) Move PAM init to after fork for non-Solaris derived PAMs - - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller - - - (djm) Fix PAM fix - - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This - change is being made as 2.5.x configfiles are not back-compatible with - 2.3.x. - - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller - - - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice - - - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice - - -20010226 - - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. - - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics. - Based on patch from Tim Rice - -20010225 - - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile - Patch from Adrian Ho - - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every - platform defines u_int64_t as being that. - -20010224 - - (bal) Missed part of the UNIX sockets patch. Patch by Corinna - Vinschen - - (bal) Reorder where 'strftime' is detected to resolve linking - issues on SCO. Patch by Tim Rice - -20010224 - - (bal) pam_stack fix to correctly detect between RH7 and older RHs. - Patch by Pekka Savola - - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with - some platforms. - - (bal) Generalize lack of UNIX sockets since this also effects Cray - not just Cygwin. Based on patch by Wendy Palm - -20010223 - - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell - - - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL - that it was compiled against. Patch by Pekka Savola - - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice - - -20010222 - - (bal) Corrected SCO luid patch by svaughan - - (bal) Added mdoc2man.pl from Mark Roth - - (bal) Removed reference to liblogin from contrib/README. It was - integrated into OpenSSH a long while ago. - - (stevesk) remove erroneous #ifdef sgi code. - Michael Stone - -20010221 - - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform. - - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice - - - (bal) Reverted out of 2001/02/15 patch by djm below because it - breaks Solaris. - - (djm) Move PAM session setup back to before setuid to user. - fixes problems on Solaris-drived PAMs. - - (stevesk) session.c: back out to where we were before: - - (djm) Move PAM session initialisation until after fork in sshd. Patch - from Nalin Dahyabhai - -20010220 - - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and - getcwd.c. - - (bal) OpenBSD CVS Sync: - - deraadt@cvs.openbsd.org 2001/02/19 23:09:05 - [sshd.c] - clarify message to make it not mention "ident" - -20010219 - - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and - pty.[ch] -> sshpty.[ch] - - (djm) Rework search for OpenSSL location. Skip directories which don't - exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO - with its limit of 6 -L options. - - OpenBSD CVS Sync: - - reinhard@cvs.openbsd.org 2001/02/17 08:24:40 - [sftp.1] - typo - - deraadt@cvs.openbsd.org 2001/02/17 16:28:58 - [ssh.c] - cleanup -V output; noted by millert - - deraadt@cvs.openbsd.org 2001/02/17 16:48:48 - [sshd.8] - it's the OpenSSH one - - markus@cvs.openbsd.org 2001/02/18 11:33:54 - [dispatch.c] - typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi - - markus@cvs.openbsd.org 2001/02/19 02:53:32 - [compat.c compat.h serverloop.c] - ssh-1.2.{18-22} has broken handling of ignore messages; report from - itojun@ - - markus@cvs.openbsd.org 2001/02/19 03:35:23 - [version.h] - OpenSSH_2.5.1 adds bug compat with 1.2.{18-22} - - deraadt@cvs.openbsd.org 2001/02/19 03:36:25 - [scp.c] - np is changed by recursion; vinschen@redhat.com - - Update versions in RPM spec files - - Release 2.5.1p1 - -20010218 - - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice - - - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by - stevesk - - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen - and myself. - - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz - Miskiewicz - - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from - Todd C. Miller - - (djm) Use ttyname() to determine name of tty returned by openpty() - rather then risking overflow. Patch from Marek Michalkiewicz - - - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in. - Patch from Marek Michalkiewicz - - (djm) Doc fixes from Pekka Savola - - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for - SunOS) - - (djm) SCO needs librpc for libwrap. Patch from Tim Rice - - - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling. - - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler. - - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for - SIGALRM. - - (djm) Move entropy.c over to mysignal() - - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has - a that lacks the TAILQ_* macros. Patch from Todd C. - Miller - - (djm) Update RPM spec files for 2.5.0p1 - - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie - enable with --with-bsd-auth. - - (stevesk) entropy.c: typo; should be SIGPIPE - -20010217 - - (bal) OpenBSD Sync: - - markus@cvs.openbsd.org 2001/02/16 13:38:18 - [channel.c] - remove debug - - markus@cvs.openbsd.org 2001/02/16 14:03:43 - [session.c] - proper payload-length check for x11 w/o screen-number - -20010216 - - (bal) added '--with-prce' to allow overriding of system regex when - required (tested by David Dulek ) - - (bal) Added DG/UX case and set that they have a broken IPTOS. - - (djm) Mini-configure reorder patch from Tim Rice - Fixes linking on SCO. - - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from - Nalin Dahyabhai - - (djm) BSD license for gnome-ssh-askpass (was X11) - - (djm) KNF on gnome-ssh-askpass - - (djm) USE_PIPES for a few more sysv platforms - - (djm) Cleanup configure.in a little - - (djm) Ask users to check config.log when we can't find necessary libs - - (djm) Set "login ID" on systems with setluid. Only enabled for SCO - OpenServer for now. Based on patch from svaughan - - (djm) OpenBSD CVS: - - markus@cvs.openbsd.org 2001/02/15 16:19:59 - [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] - [sshconnect1.c sshconnect2.c] - genericize password padding function for SSH1 and SSH2. - add stylized echo to 2, too. - - (djm) Add roundup() macro to defines.h - - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD; - needed on Unixware 2.x. - -20010215 - - (djm) Move PAM session setup back to before setuid to user. Fixes - problems on Solaris-derived PAMs. - - (djm) Clean up PAM namespace. Suggested by Darren Moffat - - - (bal) Sync w/ OpenSSH for new release - - markus@cvs.openbsd.org 2001/02/12 12:45:06 - [sshconnect1.c] - fix xmalloc(0), ok dugsong@ - - markus@cvs.openbsd.org 2001/02/11 12:59:25 - [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c - sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] - 1) clean up the MAC support for SSH-2 - 2) allow you to specify the MAC with 'ssh -m' - 3) or the 'MACs' keyword in ssh(d)_config - 4) add hmac-{md5,sha1}-96 - ok stevesk@, provos@ - - markus@cvs.openbsd.org 2001/02/12 16:16:23 - [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h - ssh-keygen.c sshd.8] - PermitRootLogin={yes,without-password,forced-commands-only,no} - (before this change, root could login even if PermitRootLogin==no) - - deraadt@cvs.openbsd.org 2001/02/12 22:56:09 - [clientloop.c packet.c ssh-keyscan.c] - deal with EAGAIN/EINTR selects which were skipped - - markus@cvs.openssh.org 2001/02/13 22:49:40 - [auth1.c auth2.c] - setproctitle(user) only if getpwnam succeeds - - markus@cvs.openbsd.org 2001/02/12 23:26:20 - [sshd.c] - missing memset; from solar@openwall.com - - stevesk@cvs.openbsd.org 2001/02/12 20:53:33 - [sftp-int.c] - lumask now works with 1 numeric arg; ok markus@, djm@ - - djm@cvs.openbsd.org 2001/02/14 9:46:03 - [sftp-client.c sftp-int.c sftp.1] - Fix and document 'preserve modes & times' option ('-p' flag in sftp); - ok markus@ - - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN. - - (djm) Move to Jim's 1.2.0 X11 askpass program - - (stevesk) OpenBSD sync: - - deraadt@cvs.openbsd.org 2001/02/15 01:38:04 - [serverloop.c] - indent - -20010214 - - (djm) Don't try to close PAM session or delete credentials if the - session has not been open or credentials not set. Based on patch from - Andrew Bartlett - - (djm) Move PAM session initialisation until after fork in sshd. Patch - from Nalin Dahyabhai - - (bal) Missing function prototype in bsd-snprintf.c patch by - Mark Miller - - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams - with a little modification and KNF. - - (stevesk) fix for SIA patch, misplaced session_setup_sia() - -20010213 - - (djm) Only test -S potential EGD sockets if they exist and are readable. - - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and - I did a base KNF over the whe whole file to make it more acceptable. - (backed out of original patch and removed it from ChangeLog) - - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by - Tim Rice - - (stevesk) auth1.c: fix PAM passwordless check. - -20010212 - - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1", - --define "skip_gnome_askpass 1", --define "rh7 1" and make the - implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from - Pekka Savola - - (djm) Clean up PCRE text in INSTALL - - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby - - - (bal) NCR SVR4 compatiblity provide by Don Bragg - - (stevesk) session.c: remove debugging code. - -20010211 - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/02/07 22:35:46 - [auth1.c auth2.c sshd.c] - move k_setpag() to a central place; ok dugsong@ - - markus@cvs.openbsd.org 2001/02/10 12:52:02 - [auth2.c] - offer passwd before s/key - - markus@cvs.openbsd.org 2001/02/8 22:37:10 - [canohost.c] - remove last call to sprintf; ok deraadt@ - - markus@cvs.openbsd.org 2001/02/10 1:33:32 - [canohost.c] - add debug message, since sshd blocks here if DNS is not available - - markus@cvs.openbsd.org 2001/02/10 12:44:02 - [cli.c] - don't call vis() for \r - - danh@cvs.openbsd.org 2001/02/10 0:12:43 - [scp.c] - revert a small change to allow -r option to work again; ok deraadt@ - - danh@cvs.openbsd.org 2001/02/10 15:14:11 - [scp.c] - fix memory leak; ok markus@ - - djm@cvs.openbsd.org 2001/02/10 0:45:52 - [scp.1] - Mention that you can quote pathnames with spaces in them - - markus@cvs.openbsd.org 2001/02/10 1:46:28 - [ssh.c] - remove mapping of argv[0] -> hostname - - markus@cvs.openbsd.org 2001/02/06 22:26:17 - [sshconnect2.c] - do not ask for passphrase in batch mode; report from ejb@ql.org - - itojun@cvs.opebsd.org 2001/02/08 10:47:05 - [sshconnect.c sshconnect1.c sshconnect2.c] - %.30s is too short for IPv6 numeric address. use %.128s for now. - markus ok - - markus@cvs.openbsd.org 2001/02/09 12:28:35 - [sshconnect2.c] - do not free twice, thanks to /etc/malloc.conf - - markus@cvs.openbsd.org 2001/02/09 17:10:53 - [sshconnect2.c] - partial success: debug->log; "Permission denied" if no more auth methods - - markus@cvs.openbsd.org 2001/02/10 12:09:21 - [sshconnect2.c] - remove some lines - - markus@cvs.openbsd.org 2001/02/09 13:38:07 - [auth-options.c] - reset options if no option is given; from han.holl@prismant.nl - - markus@cvs.openbsd.org 2001/02/08 21:58:28 - [channels.c] - nuke sprintf, ok deraadt@ - - markus@cvs.openbsd.org 2001/02/08 21:58:28 - [channels.c] - nuke sprintf, ok deraadt@ - - markus@cvs.openbsd.org 2001/02/06 22:43:02 - [clientloop.h] - remove confusing callback code - - deraadt@cvs.openbsd.org 2001/02/08 14:39:36 - [readconf.c] - snprintf - - itojun@cvs.openbsd.org 2001/02/08 19:30:52 - sync with netbsd tree changes. - - more strict prototypes, include necessary headers - - use paths.h/pathnames.h decls - - size_t typecase to int -> u_long - - itojun@cvs.openbsd.org 2001/02/07 18:04:50 - [ssh-keyscan.c] - fix size_t -> int cast (use u_long). markus ok - - markus@cvs.openbsd.org 2001/02/07 22:43:16 - [ssh-keyscan.c] - s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com - - itojun@cvs.openbsd.org 2001/02/09 9:04:59 - [ssh-keyscan.c] - do not assume malloc() returns zero-filled region. found by - malloc.conf=AJ. - - markus@cvs.openbsd.org 2001/02/08 22:35:30 - [sshconnect.c] - don't connect if batch_mode is true and stricthostkeychecking set to - 'ask' - - djm@cvs.openbsd.org 2001/02/04 21:26:07 - [sshd_config] - type: ok markus@ - - deraadt@cvs.openbsd.org 2001/02/06 22:07:50 - [sshd_config] - enable sftp-server by default - - deraadt 2001/02/07 8:57:26 - [xmalloc.c] - deal with new ANSI malloc stuff - - markus@cvs.openbsd.org 2001/02/07 16:46:08 - [xmalloc.c] - typo in fatal() - - itojun@cvs.openbsd.org 2001/02/07 18:04:50 - [xmalloc.c] - fix size_t -> int cast (use u_long). markus ok - - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong - [serverloop.c sshconnect1.c] - mitigate SSH1 traffic analysis - from Solar Designer - , ok provos@ - - (bal) fixed sftp-client.c. Return 'status' instead of '0' - (from the OpenBSD tree) - - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD - - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync) - - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace. - - (bal) A bit more whitespace cleanup - - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett - - - (stevesk) misc.c: ssh.h not needed. - - (stevesk) compat.c: more friendly cpp error - - (stevesk) OpenBSD sync: - - stevesk@cvs.openbsd.org 2001/02/11 06:15:57 - [LICENSE] - typos and small cleanup; ok deraadt@ - -20010210 - - (djm) Sync sftp and scp stuff from OpenBSD: - - djm@cvs.openbsd.org 2001/02/07 03:55:13 - [sftp-client.c] - Don't free handles before we are done with them. Based on work from - Corinna Vinschen . ok markus@ - - djm@cvs.openbsd.org 2001/02/06 22:32:53 - [sftp.1] - Punctuation fix from Pekka Savola - - deraadt@cvs.openbsd.org 2001/02/07 04:07:29 - [sftp.1] - pretty up significantly - - itojun@cvs.openbsd.org 2001/02/07 06:49:42 - [sftp.1] - .Bl-.El mismatch. markus ok - - djm@cvs.openbsd.org 2001/02/07 06:12:30 - [sftp-int.c] - Check that target is a directory before doing ls; ok markus@ - - itojun@cvs.openbsd.org 2001/02/07 11:01:18 - [scp.c sftp-client.c sftp-server.c] - unsigned long long -> %llu, not %qu. markus ok - - stevesk@cvs.openbsd.org 2001/02/07 11:10:39 - [sftp.1 sftp-int.c] - more man page cleanup and sync of help text with man page; ok markus@ - - markus@cvs.openbsd.org 2001/02/07 14:58:34 - [sftp-client.c] - older servers reply with SSH2_FXP_NAME + count==0 instead of EOF - - djm@cvs.openbsd.org 2001/02/07 15:27:19 - [sftp.c] - Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov - - - stevesk@cvs.openbsd.org 2001/02/07 15:36:04 - [sftp-int.c] - portable; ok markus@ - - stevesk@cvs.openbsd.org 2001/02/07 15:55:47 - [sftp-int.c] - lowercase cmds[].c also; ok markus@ - - markus@cvs.openbsd.org 2001/02/07 17:04:52 - [pathnames.h sftp.c] - allow sftp over ssh protocol 1; ok djm@ - - deraadt@cvs.openbsd.org 2001/02/08 07:38:55 - [scp.c] - memory leak fix, and snprintf throughout - - deraadt@cvs.openbsd.org 2001/02/08 08:02:02 - [sftp-int.c] - plug a memory leak - - stevesk@cvs.openbsd.org 2001/02/08 10:11:23 - [session.c sftp-client.c] - %i -> %d - - stevesk@cvs.openbsd.org 2001/02/08 10:57:59 - [sftp-int.c] - typo - - stevesk@cvs.openbsd.org 2001/02/08 15:28:07 - [sftp-int.c pathnames.h] - _PATH_LS; ok markus@ - - djm@cvs.openbsd.org 2001/02/09 04:46:25 - [sftp-int.c] - Check for NULL attribs for chown, chmod & chgrp operations, only send - relevant attribs back to server; ok markus@ - - djm@cvs.openbsd.org 2001/02/06 15:05:25 - [sftp.c] - Use getopt to process commandline arguments - - djm@cvs.openbsd.org 2001/02/06 15:06:21 - [sftp.c ] - Wait for ssh subprocess at exit - - djm@cvs.openbsd.org 2001/02/06 15:18:16 - [sftp-int.c] - stat target for remote chdir before doing chdir - - djm@cvs.openbsd.org 2001/02/06 15:32:54 - [sftp.1] - Punctuation fix from Pekka Savola - - provos@cvs.openbsd.org 2001/02/05 22:22:02 - [sftp-int.c] - cleanup get_pathname, fix pwd after failed cd. okay djm@ - - (djm) Update makefile.in for _PATH_SFTP_SERVER - - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree) - -20010209 - - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney - - - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the - main tree while porting forward. Pointed out by Lutz Jaenicke - - - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke - - - (stevesk) OpenBSD sync: - - markus@cvs.openbsd.org 2001/02/08 11:20:01 - [auth2.c] - strict checking - - markus@cvs.openbsd.org 2001/02/08 11:15:22 - [version.h] - update to 2.3.2 - - markus@cvs.openbsd.org 2001/02/08 11:12:30 - [auth2.c] - fix typo - - (djm) Update spec files - - (bal) OpenBSD sync: - - deraadt@cvs.openbsd.org 2001/02/08 14:38:54 - [scp.c] - memory leak fix, and snprintf throughout - - markus@cvs.openbsd.org 2001/02/06 22:43:02 - [clientloop.c] - remove confusing callback code - - (djm) Add CVS Id's to files that we have missed - - (bal) OpenBSD Sync (more): - - itojun@cvs.openbsd.org 2001/02/08 19:30:52 - sync with netbsd tree changes. - - more strict prototypes, include necessary headers - - use paths.h/pathnames.h decls - - size_t typecase to int -> u_long - - markus@cvs.openbsd.org 2001/02/06 22:07:42 - [ssh.c] - fatal() if subsystem fails - - markus@cvs.openbsd.org 2001/02/06 22:43:02 - [ssh.c] - remove confusing callback code - - jakob@cvs.openbsd.org 2001/02/06 23:03:24 - [ssh.c] - add -1 option (force protocol version 1). ok markus@ - - jakob@cvs.openbsd.org 2001/02/06 23:06:21 - [ssh.c] - reorder -{1,2,4,6} options. ok markus@ - - (bal) Missing 'const' in readpass.h - - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =) - - djm@cvs.openbsd.org 2001/02/06 23:30:28 - [sftp-client.c] - replace arc4random with counter for request ids; ok markus@ - - (djm) Define _PATH_TTY for systems that don't. Report from Lutz - Jaenicke - -20010208 - - (djm) Don't delete external askpass program in make uninstall target. - Report and fix from Roumen Petrov - - (djm) Fix linking of sftp, don't need arc4random any more. - - (djm) Try to use shell that supports "test -S" for EGD socket search. - Based on patch from Tim Rice - -20010207 - - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs - seem lose track of it while in openbsd-compat/ (two confirmed reports) - - (djm) Much KNF on PAM code - - (djm) Revise auth-pam.c conversation function to be a little more - readable. - - (djm) Revise kbd-int PAM conversation function to fold all text messages - to before first prompt. Fixes hangs if last pam_message did not require - a reply. - - (djm) Fix password changing when using PAM kbd-int authentication - -20010205 - - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms - that don't have NGROUPS_MAX. - - (bal) AIX patch for auth1.c by William L. Jones - - (stevesk) OpenBSD sync: - - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 - [many files; did this manually to our top-level source dir] - unexpand and remove end-of-line whitespace; ok markus@ - - stevesk@cvs.openbsd.org 2001/02/04 15:21:19 - [sftp-server.c] - SSH2_FILEXFER_ATTR_UIDGID support; ok markus@ - - deraadt@cvs.openbsd.org 2001/02/04 17:02:32 - [sftp-int.c] - ? == help - - deraadt@cvs.openbsd.org 2001/02/04 16:47:46 - [sftp-int.c] - sort commands, so that abbreviations work as expected - - stevesk@cvs.openbsd.org 2001/02/04 15:17:52 - [sftp-int.c] - debugging sftp: precedence and missing break. chmod, chown, chgrp - seem to be working now. - - markus@cvs.openbsd.org 2001/02/04 14:41:21 - [sftp-int.c] - use base 8 for umask/chmod - - markus@cvs.openbsd.org 2001/02/04 11:11:54 - [sftp-int.c] - fix LCD - - markus@cvs.openbsd.org 2001/02/04 08:10:44 - [ssh.1] - typo; dpo@club-internet.fr - - stevesk@cvs.openbsd.org 2001/02/04 06:30:12 - [auth2.c authfd.c packet.c] - remove duplicate #include's; ok markus@ - - deraadt@cvs.openbsd.org 2001/02/04 16:56:23 - [scp.c sshd.c] - alpha happiness - - stevesk@cvs.openbsd.org 2001/02/04 15:12:17 - [sshd.c] - precedence; ok markus@ - - deraadt@cvs.openbsd.org 2001/02/04 08:14:15 - [ssh.c sshd.c] - make the alpha happy - - markus@cvs.openbsd.org 2001/01/31 13:37:24 - [channels.c channels.h serverloop.c ssh.c] - do not disconnect if local port forwarding fails, e.g. if port is - already in use - - markus@cvs.openbsd.org 2001/02/01 14:58:09 - [channels.c] - use ipaddr in channel messages, ietf-secsh wants this - - markus@cvs.openbsd.org 2001/01/31 12:26:20 - [channels.c] - ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE - messages; bug report from edmundo@rano.org - - markus@cvs.openbsd.org 2001/01/31 13:48:09 - [sshconnect2.c] - unused - - deraadt@cvs.openbsd.org 2001/02/04 08:23:08 - [sftp-client.c sftp-server.c] - make gcc on the alpha even happier - -20010204 - - (bal) I think this is the last of the bsd-*.h that don't belong. - - (bal) Minor Makefile fix - - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done - right. - - (bal) Changed order of LIB="" in -with-skey due to library resolving. - - (bal) next-posix.h changed to bsd-nextstep.h - - (djm) OpenBSD CVS sync: - - markus@cvs.openbsd.org 2001/02/03 03:08:38 - [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] - [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] - [sshd_config] - make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - - markus@cvs.openbsd.org 2001/02/03 03:19:51 - [ssh.1 sshd.8 sshd_config] - Skey is now called ChallengeResponse - - markus@cvs.openbsd.org 2001/02/03 03:43:09 - [sshd.8] - use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean - channel. note from Erik.Anggard@cygate.se (pr/1659) - - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 - [ssh.1] - typos; ok markus@ - - djm@cvs.openbsd.org 2001/02/04 04:11:56 - [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] - [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] - Basic interactive sftp client; ok theo@ - - (djm) Update RPM specs for new sftp binary - - (djm) Update several bits for new optional reverse lookup stuff. I - think I got them all. - - (djm) Makefile.in fixes - - (stevesk) add mysignal() wrapper and use it for the protocol 2 - SIGCHLD handler. - - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@ - -20010203 - - (bal) Cygwin clean up by Corinna Vinschen - - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD - based file) to ensure #include space does not get confused. - - (bal) Minor Makefile.in tweak. dirname may not exist on some - platforms so builds fail. (NeXT being a well known one) - -20010202 - - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen - - - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms - that use 'gmake'. Patch by Tim Rice - -20010201 - - (bal) Minor fix to Makefile to stop rebuilding executables if no - changes have occured to any of the supporting code. Patch by - Roumen Petrov - -20010131 - - (djm) OpenBSD CVS Sync: - - djm@cvs.openbsd.org 2001/01/30 15:48:53 - [sshconnect.c] - Make warning message a little more consistent. ok markus@ - - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from - Philipp Buehler and Kevin Steves - respectively. - - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain - passwords. - - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to - openbsd-compat/. And resolve all ./configure and Makefile.in issues - assocated. - -20010130 - - (djm) OpenBSD CVS Sync: - - markus@cvs.openbsd.org 2001/01/29 09:55:37 - [channels.c channels.h clientloop.c serverloop.c] - fix select overflow; ok deraadt@ and stevesk@ - - markus@cvs.openbsd.org 2001/01/29 12:42:35 - [canohost.c canohost.h channels.c clientloop.c] - add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS - - markus@cvs.openbsd.org 2001/01/29 12:47:32 - [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c] - handle rsa_private_decrypt failures; helps against the Bleichenbacher - pkcs#1 attack - - djm@cvs.openbsd.org 2001/01/29 05:36:11 - [ssh.1 ssh.c] - Allow invocation of sybsystem by commandline (-s); ok markus@ - - (stevesk) configure.in: remove duplicate PROG_LS - -20010129 - - (stevesk) sftp-server.c: use %lld vs. %qd - -20010128 - - (bal) Put USE_PIPES back into sco3.2v5 - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/01/28 10:15:34 - [dispatch.c] - re-keying is not supported; ok deraadt@ - - markus@cvs.openbsd.org 2001/01/28 10:24:04 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] - cleanup AUTHORS sections - - markus@cvs.openbsd.org 2001/01/28 10:37:26 - [sshd.c sshd.8] - remove -Q, no longer needed - - stevesk@cvs.openbsd.org 2001/01/28 20:36:16 - [readconf.c ssh.1] - ``StrictHostKeyChecking ask'' documentation and small cleanup. - ok markus@ - - stevesk@cvs.openbsd.org 2001/01/28 20:43:25 - [sshd.8] - spelling. ok markus@ - - stevesk@cvs.openbsd.org 2001/01/28 20:53:21 - [xmalloc.c] - use size_t for strlen() return. ok markus@ - - stevesk@cvs.openbsd.org 2001/01/28 22:27:05 - [authfile.c] - spelling. use sizeof vs. strlen(). ok markus@ - - niklas@cvs.openbsd.org 2001/01/29 1:59:14 - [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h - groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h - key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h - radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1 - ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config - sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h] - $OpenBSD$ - - (bal) Minor auth2.c resync. Whitespace and moving of an #include. - -20010126 - - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen - Petrov - - (bal) OpenBSD Sync - - deraadt@cvs.openbsd.org 2001/01/25 8:06:33 - [ssh-agent.c] - call _exit() in signal handler - -20010125 - - (djm) Sync bsd-* support files: - - deraadt@cvs.openbsd.org 2000/01/26 03:43:20 - [rresvport.c bindresvport.c] - new bindresvport() semantics that itojun, shin, jean-luc and i have - agreed on, which will be happy for the future. bindresvport_sa() for - sockaddr *, too. docs later.. - - deraadt@cvs.openbsd.org 2000/01/24 02:24:21 - [bindresvport.c] - in bindresvport(), if sin is non-NULL, example sin->sin_family for - the actual family being processed - - (djm) Mention PRNGd in documentation, it is nicer than EGD - - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf - - (bal) AC_FUNC_STRFTIME added to autoconf - - (bal) OpenBSD Resync - - stevesk@cvs.openbsd.org 2001/01/24 21:03:50 - [channels.c] - missing freeaddrinfo(); ok markus@ - -20010124 - - (bal) OpenBSD Resync - - markus@cvs.openbsd.org 2001/01/23 10:45:10 - [ssh.h] - nuke comment - - (bal) no 64bit support patch from Tim Rice - - (bal) #ifdef around S_IFSOCK if platform does not support it. - patch by Tim Rice - - (bal) fake-regex.h cleanup based on Tim Rice's patch. - - (stevesk) sftp-server.c: fix chmod() mode mask - -20010123 - - (bal) regexp.h typo in configure.in. Should have been regex.h - - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@ - - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT - - (bal) OpenBSD Resync - - markus@cvs.openbsd.org 2001/01/22 8:15:00 - [auth-krb4.c sshconnect1.c] - only AFS needs radix.[ch] - - markus@cvs.openbsd.org 2001/01/22 8:32:53 - [auth2.c] - no need to include; from mouring@etoh.eviladmin.org - - stevesk@cvs.openbsd.org 2001/01/22 16:55:21 - [key.c] - free() -> xfree(); ok markus@ - - stevesk@cvs.openbsd.org 2001/01/22 17:22:28 - [sshconnect2.c sshd.c] - fix memory leaks in SSH2 key exchange; ok markus@ - - markus@cvs.openbsd.org 2001/01/22 23:06:39 - [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h - sshconnect1.c sshconnect2.c sshd.c] - rename skey -> challenge response. - auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled. - - -20010122 - - (bal) OpenBSD Resync - - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus - [servconf.c ssh.h sshd.c] - only auth-chall.c needs #ifdef SKEY - - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus - [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c - auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c - packet.c pathname.h readconf.c scp.c servconf.c serverloop.c - session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h - ssh1.h sshconnect1.c sshd.c ttymodes.c] - move ssh1 definitions to ssh1.h, pathnames to pathnames.h - - markus@cvs.openbsd.org 2001/01/19 16:48:14 - [sshd.8] - fix typo; from stevesk@ - - markus@cvs.openbsd.org 2001/01/19 16:50:58 - [ssh-dss.c] - clear and free digest, make consistent with other code (use dlen); from - stevesk@ - - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus - [auth-options.c auth-options.h auth-rsa.c auth2.c] - pass the filename to auth_parse_options() - - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 - [readconf.c] - fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 - [sshconnect2.c] - dh_new_group() does not return NULL. ok markus@ - - markus@cvs.openbsd.org 2001/01/20 21:33:42 - [ssh-add.c] - do not loop forever if askpass does not exist; from - andrew@pimlott.ne.mediaone.net - - djm@cvs.openbsd.org 2001/01/20 23:00:56 - [servconf.c] - Check for NULL return from strdelim; ok markus - - djm@cvs.openbsd.org 2001/01/20 23:02:07 - [readconf.c] - KNF; ok markus - - jakob@cvs.openbsd.org 2001/01/21 9:00:33 - [ssh-keygen.1] - remove -R flag; ok markus@ - - markus@cvs.openbsd.org 2001/01/21 19:05:40 - [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c - auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c - auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c - bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c - cipher.c cli.c clientloop.c clientloop.h compat.c compress.c - deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c - key.c key.h log-client.c log-server.c log.c log.h login.c login.h - match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c - readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h - session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c - ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h - sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h - ttysmodes.c uidswap.c xmalloc.c] - split ssh.h and try to cleanup the #include mess. remove unnecessary - #includes. rename util.[ch] -> misc.[ch] - - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve - conflict when compiling for non-kerb install - - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes - on 1/19. - -20010120 - - (bal) OpenBSD Resync - - markus@cvs.openbsd.org 2001/01/19 12:45:26 - [ssh-chall.c servconf.c servconf.h ssh.h sshd.c] - only auth-chall.c needs #ifdef SKEY - - (bal) Slight auth2-pam.c clean up. - - (bal) Includes a fake-regexp.h to be only used if regcomp() is found, - but no 'regexp.h' found (SCO OpenServer 3 lacks the header). - -20010119 - - (djm) Update versions in RPM specfiles - - (bal) OpenBSD Resync - - markus@cvs.openbsd.org 2001/01/18 16:20:21 - [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h - sshd.8 sshd.c] - log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many - systems - - markus@cvs.openbsd.org 2001/01/18 16:59:59 - [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c - session.h sshconnect1.c] - 1) removes fake skey from sshd, since this will be much - harder with /usr/libexec/auth/login_XXX - 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) - 3) make addition of BSD_AUTH and other challenge reponse methods - easier. - - markus@cvs.openbsd.org 2001/01/18 17:12:43 - [auth-chall.c auth2-chall.c] - rename *-skey.c *-chall.c since the files are not skey specific - - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai ) - to fix NULL pointer deref and fake authloop breakage in PAM code. - - (bal) Updated contrib/cygwin/ by Corinna Vinschen - - (bal) Minor cygwin patch to auth1.c. Suggested by djm. - -20010118 - - (bal) Super Sized OpenBSD Resync - - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus - [sshd.c] - maxfd+1 - - markus@cvs.openbsd.org 2001/01/13 17:59:18 - [ssh-keygen.1] - small ssh-keygen manpage cleanup; stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/13 18:03:07 - [scp.c ssh-keygen.c sshd.c] - getopt() returns -1 not EOF; stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/13 18:06:54 - [ssh-keyscan.c] - use SSH_DEFAULT_PORT; from stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/13 18:12:47 - [ssh-keyscan.c] - free() -> xfree(); fix memory leak; from stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/13 18:14:13 - [ssh-add.c] - typo, from stevesk@sweden.hp.com - - markus@cvs.openbsd.org 2001/01/13 18:32:50 - [packet.c session.c ssh.c sshconnect.c sshd.c] - split out keepalive from packet_interactive (from dale@accentre.com) - set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - - markus@cvs.openbsd.org 2001/01/13 18:36:45 - [packet.c packet.h] - reorder, typo - - markus@cvs.openbsd.org 2001/01/13 18:38:00 - [auth-options.c] - fix comment - - markus@cvs.openbsd.org 2001/01/13 18:43:31 - [session.c] - Wall - - markus@cvs.openbsd.org 2001/01/13 19:14:08 - [clientloop.h clientloop.c ssh.c] - move callback to headerfile - - markus@cvs.openbsd.org 2001/01/15 21:40:10 - [ssh.c] - use log() instead of stderr - - markus@cvs.openbsd.org 2001/01/15 21:43:51 - [dh.c] - use error() not stderr! - - markus@cvs.openbsd.org 2001/01/15 21:45:29 - [sftp-server.c] - rename must fail if newpath exists, debug off by default - - markus@cvs.openbsd.org 2001/01/15 21:46:38 - [sftp-server.c] - readable long listing for sftp-server, ok deraadt@ - - markus@cvs.openbsd.org 2001/01/16 19:20:06 - [key.c ssh-rsa.c] - make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from - galb@vandyke.com. note that you have to delete older ssh2-rsa keys, - since they are in the wrong format, too. they must be removed from - .ssh/authorized_keys2 and .ssh/known_hosts2, etc. - (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP - .ssh/authorized_keys2) additionally, we now check that - BN_num_bits(rsa->n) >= 768. - - markus@cvs.openbsd.org 2001/01/16 20:54:27 - [sftp-server.c] - remove some statics. simpler handles; idea from nisse@lysator.liu.se - - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 - [bufaux.c radix.c sshconnect.h sshconnect1.c] - indent - - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may - be missing such feature. - - -20010117 - - (djm) Only write random seed file at exit - - (djm) Make PAM support optional, enable with --with-pam - - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which - provides a crypt() of its own) - - (djm) Avoid a warning in bsd-bindresvport.c - - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This - can cause weird segfaults errors on Solaris - - (djm) Avoid warning in PAM code by making read_passphrase arguments const - - (djm) Add --with-pam to RPM spec files - -20010115 - - (bal) sftp-server.c change to use chmod() if fchmod() does not exist. - - (bal) utimes() support via utime() interface on machine that lack utimes(). - -20010114 - - (stevesk) initial work for OpenBSD "support supplementary group in - {Allow,Deny}Groups" patch: - - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c) - - add bsd-getgrouplist.h - - new files groupaccess.[ch] - - build but don't use yet (need to merge auth.c changes) - - (stevesk) complete: - - markus@cvs.openbsd.org 2001/01/13 11:56:48 - [auth.c sshd.8] - support supplementary group in {Allow,Deny}Groups - from stevesk@pobox.com - -20010112 - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/01/10 22:56:22 - [bufaux.h bufaux.c sftp-server.c sftp.h getput.h] - cleanup sftp-server implementation: - add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT - parse SSH2_FILEXFER_ATTR_EXTENDED - send SSH2_FX_EOF if readdir returns no more entries - reply to SSH2_FXP_EXTENDED message - use #defines from the draft - move #definations to sftp.h - more info: - http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt - - markus@cvs.openbsd.org 2001/01/10 19:43:20 - [sshd.c] - XXX - generate_empheral_server_key() is not safe against races, - because it calls log() - - markus@cvs.openbsd.org 2001/01/09 21:19:50 - [packet.c] - allow TCP_NDELAY for ipv6; from netbsd via itojun@ - -20010110 - - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from - Bladt Norbert - -20010109 - - (bal) Resync CVS ID of cli.c - - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE - code. - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/01/08 22:29:05 - [auth2.c compat.c compat.h servconf.c servconf.h sshd.8 - sshd_config version.h] - implement option 'Banner /etc/issue.net' for ssh2, move version to - 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner - is enabled). - - markus@cvs.openbsd.org 2001/01/08 22:03:23 - [channels.c ssh-keyscan.c] - O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/08 21:55:41 - [sshconnect1.c] - more cleanups and fixes from stevesk@pobox.com: - 1) try_agent_authentication() for loop will overwrite key just - allocated with key_new(); don't alloc - 2) call ssh_close_authentication_connection() before exit - try_agent_authentication() - 3) free mem on bad passphrase in try_rsa_authentication() - - markus@cvs.openbsd.org 2001/01/08 21:48:17 - [kex.c] - missing free; thanks stevesk@pobox.com - - (bal) Detect if clock_t structure exists, if not define it. - - (bal) Detect if O_NONBLOCK exists, if not define it. - - (bal) removed news4-posix.h (now empty) - - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t' - instead of 'int' - - (stevesk) sshd_config: sync - - (stevesk) defines.h: remove spurious ``;'' - -20010108 - - (bal) Fixed another typo in cli.c - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/01/07 21:26:55 - [cli.c] - typo - - markus@cvs.openbsd.org 2001/01/07 21:26:55 - [cli.c] - missing free, stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/07 19:06:25 - [auth1.c] - missing free, stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/07 11:28:04 - [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 - ssh.h sshd.8 sshd.c] - rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE - syslog priority changes: - fatal() LOG_ERR -> LOG_CRIT - log() LOG_INFO -> LOG_NOTICE - - Updated TODO - -20010107 - - (bal) OpenBSD Sync - - markus@cvs.openbsd.org 2001/01/06 11:23:27 - [ssh-rsa.c] - remove unused - - itojun@cvs.openbsd.org 2001/01/05 08:23:29 - [ssh-keyscan.1] - missing .El - - markus@cvs.openbsd.org 2001/01/04 22:41:03 - [session.c sshconnect.c] - consistent use of _PATH_BSHELL; from stevesk@pobox.com - - djm@cvs.openbsd.org 2001/01/04 22:35:32 - [ssh.1 sshd.8] - Mention AES as available SSH2 Cipher; ok markus - - markus@cvs.openbsd.org 2001/01/04 22:25:58 - [sshd.c] - sync usage()/man with defaults; from stevesk@pobox.com - - markus@cvs.openbsd.org 2001/01/04 22:21:26 - [sshconnect2.c] - handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server - that prints a banner (e.g. /etc/issue.net) - -20010105 - - (bal) contrib/caldera/ provided by Tim Rice - - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove() - -20010104 - - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on - work by Chris Vaughan - -20010103 - - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD - tree (mainly positioning) - - (bal) OpenSSH CVS Update - - markus@cvs.openbsd.org 2001/01/02 20:41:02 - [packet.c] - log remote ip on disconnect; PR 1600 from jcs@rt.fm - - markus@cvs.openbsd.org 2001/01/02 20:50:56 - [sshconnect.c] - strict_host_key_checking for host_status != HOST_CHANGED && - ip_status == HOST_CHANGED - - (bal) authfile.c: Synced CVS ID tag - - (bal) UnixWare 2.0 fixes by Tim Rice - - (bal) Disable sftp-server if no 64bit int support exists. Based on - patch by Tim Rice - - (bal) Makefile.in changes to uninstall: target to remove sftp-server - and sftp-server.8 manpage. - -20010102 - - (bal) OpenBSD CVS Update - - markus@cvs.openbsd.org 2001/01/01 14:52:49 - [scp.c] - use shared fatal(); from stevesk@pobox.com - -20001231 - - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS. - for multiple reasons. - - (bal) Reverted out of a partial NeXT patch. - -20001230 - - (bal) OpenBSD CVS Update - - markus@cvs.openbsd.org 2000/12/28 18:58:30 - [ssh-keygen.c] - enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2} - - markus@cvs.openbsd.org 2000/12/29 22:19:13 - [channels.c] - missing xfree; from vaughan99@yahoo.com - - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c - - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination. - Suggested by Christian Kurz - - (bal) Add in '.c.o' section to Makefile.in to address make programs that - don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke - - -20001229 - - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian - Kurz - - (bal) OpenBSD CVS Update - - markus@cvs.openbsd.org 2000/12/28 14:25:51 - [auth.h auth2.c] - count authentication failures only - - markus@cvs.openbsd.org 2000/12/28 14:25:03 - [sshconnect.c] - fingerprint for MITM attacks, too. - - markus@cvs.openbsd.org 2000/12/28 12:03:57 - [sshd.8 sshd.c] - document -D - - markus@cvs.openbsd.org 2000/12/27 14:19:21 - [serverloop.c] - less chatty - - markus@cvs.openbsd.org 2000/12/27 12:34 - [auth1.c sshconnect2.c sshd.c] - typo - - markus@cvs.openbsd.org 2000/12/27 12:30:19 - [readconf.c readconf.h ssh.1 sshconnect.c] - new option: HostKeyAlias: allow the user to record the host key - under a different name. This is useful for ssh tunneling over - forwarded connections or if you run multiple sshd's on different - ports on the same machine. - - markus@cvs.openbsd.org 2000/12/27 11:51:53 - [ssh.1 ssh.c] - multiple -t force pty allocation, document ORIGINAL_COMMAND - - markus@cvs.openbsd.org 2000/12/27 11:41:31 - [sshd.8] - update for ssh-2 - - (stevesk) compress.[ch] sync with openbsd; missed in prototype - fix merge. - -20001228 - - (bal) Patch to add libutil.h to loginrec.c only if the platform has - libutil.h. Suggested by Pekka Savola - - (djm) Update to new x11-askpass in RPM spec - - (bal) SCO patch to not include since it's unrelated - header. Patch by Tim Rice - - Updated TODO w/ known HP/UX issue - - (bal) removed extra noticed by Kevin Steves and removed the - bad reference to 'NeXT including it else were' on the #ifdef version. - -20001227 - - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by - Takumi Yamane - - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch - by Corinna Vinschen - - (djm) Fix catman-do target for non-bash - - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by - Takumi Yamane - - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch - by Corinna Vinschen - - (djm) Fix catman-do target for non-bash - - (bal) Fixed NeXT's lack of CPPFLAGS honoring. - - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/ - 'RLIMIT_NOFILE' - - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree, - the info in COPYING.Ylonen has been moved to the start of each - SSH1-derived file and README.Ylonen is well out of date. - -20001223 - - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects - if a change to config.h has occurred. Suggested by Gert Doering - - - (bal) OpenBSD CVS Update: - - markus@cvs.openbsd.org 2000/12/22 16:49:40 - [ssh-keygen.c] - fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com - -20001222 - - Updated RCSID for pty.c - - (bal) OpenBSD CVS Updates: - - markus@cvs.openbsd.org 2000/12/21 15:10:16 - [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] - print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - - markus@cvs.openbsd.org 2000/12/20 19:26:56 - [authfile.c] - allow ssh -i userkey for root - - markus@cvs.openbsd.org 2000/12/20 19:37:21 - [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] - fix prototypes; from stevesk@pobox.com - - markus@cvs.openbsd.org 2000/12/20 19:32:08 - [sshd.c] - init pointer to NULL; report from Jan.Ivan@cern.ch - - markus@cvs.openbsd.org 2000/12/19 23:17:54 - [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c - auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c - bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c - crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h - key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c - packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h - serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h - ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c - uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] - replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char - unsigned' with u_char. - -20001221 - - (stevesk) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/19 15:43:45 - [authfile.c channels.c sftp-server.c ssh-agent.c] - remove() -> unlink() for consistency - - markus@cvs.openbsd.org 2000/12/19 15:48:09 - [ssh-keyscan.c] - replace with - - markus@cvs.openbsd.org 2000/12/17 02:33:40 - [uidswap.c] - typo; from wsanchez@apple.com - -20001220 - - (djm) Workaround PAM inconsistencies between Solaris derived PAM code - and Linux-PAM. Based on report and fix from Andrew Morgan - - -20001218 - - (stevesk) rsa.c: entropy.h not needed. - - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile. - Suggested by Wilfredo Sanchez - -20001216 - - (stevesk) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/16 02:53:57 - [scp.c] - allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE - - markus@cvs.openbsd.org 2000/12/16 02:39:57 - [scp.c] - unused; from stevesk@pobox.com - -20001215 - - (stevesk) Old OpenBSD patch wasn't completely applied: - - markus@cvs.openbsd.org 2000/01/24 22:11:20 - [scp.c] - allow '.' in usernames; from jedgar@fxp.org - - (stevesk) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/13 16:26:53 - [ssh-keyscan.c] - fatal already adds \n; from stevesk@pobox.com - - markus@cvs.openbsd.org 2000/12/13 16:25:44 - [ssh-agent.c] - remove redundant spaces; from stevesk@pobox.com - - ho@cvs.openbsd.org 2000/12/12 15:50:21 - [pty.c] - When failing to set tty owner and mode on a read-only filesystem, don't - abort if the tty already has correct owner and reasonably sane modes. - Example; permit 'root' to login to a firewall with read-only root fs. - (markus@ ok) - - deraadt@cvs.openbsd.org 2000/12/13 06:36:05 - [pty.c] - KNF - - markus@cvs.openbsd.org 2000/12/12 14:45:21 - [sshd.c] - source port < 1024 is no longer required for rhosts-rsa since it - adds no additional security. - - markus@cvs.openbsd.org 2000/12/12 16:11:49 - [ssh.1 ssh.c] - rhosts-rsa is no longer automagically disabled if ssh is not privileged. - UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. - these changes should not change the visible default behaviour of the ssh client. - - deraadt@cvs.openbsd.org 2000/12/11 10:27:33 - [scp.c] - when copying 0-sized files, do not re-print ETA time at completion - - provos@cvs.openbsd.org 2000/12/15 10:30:15 - [kex.c kex.h sshconnect2.c sshd.c] - compute diffie-hellman in parallel between server and client. okay markus@ - -20001213 - - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report - from Andreas M. Kirchwitz - - (stevesk) OpenBSD CVS update: - - markus@cvs.openbsd.org 2000/12/12 15:30:02 - [ssh-keyscan.c ssh.c sshd.c] - consistently use __progname; from stevesk@pobox.com - -20001211 - - (bal) Applied patch to include ssh-keyscan into Redhat's package, and - patch to install ssh-keyscan manpage. Patch by Pekka Savola - - - (bal) OpenbSD CVS update - - markus@cvs.openbsd.org 2000/12/10 17:01:53 - [sshconnect1.c] - always request new challenge for skey/tis-auth, fixes interop with - other implementations; report from roth@feep.net - -20001210 - - (bal) OpenBSD CVS updates - - markus@cvs.openbsd.org 2000/12/09 13:41:51 - [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] - undo rijndael changes - - markus@cvs.openbsd.org 2000/12/09 13:48:31 - [rijndael.c] - fix byte order bug w/o introducing new implementation - - markus@cvs.openbsd.org 2000/12/09 14:08:27 - [sftp-server.c] - "" -> "." for realpath; from vinschen@redhat.com - - markus@cvs.openbsd.org 2000/12/09 14:06:54 - [ssh-agent.c] - extern int optind; from stevesk@sweden.hp.com - - provos@cvs.openbsd.org 2000/12/09 23:51:11 - [compat.c] - remove unnecessary '\n' - -20001209 - - (bal) OpenBSD CVS updates: - - djm@cvs.openbsd.org 2000/12/07 4:24:59 - [ssh.1] - Typo fix from Wilfredo Sanchez ; ok theo - -20001207 - - (bal) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/06 22:58:14 - [compat.c compat.h packet.c] - disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0 - - markus@cvs.openbsd.org 2000/12/06 23:10:39 - [rijndael.c] - unexpand(1) - - markus@cvs.openbsd.org 2000/12/06 23:05:43 - [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] - new rijndael implementation. fixes endian bugs - -20001206 - - (bal) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/05 20:34:09 - [channels.c channels.h clientloop.c serverloop.c] - async connects for -R/-L; ok deraadt@ - - todd@cvs.openssh.org 2000/12/05 16:47:28 - [sshd.c] - tweak comment to reflect real location of pid file; ok provos@ - - (stevesk) Import from OpenBSD for systems that don't - have it (used in ssh-keyscan). - - (stevesk) OpenBSD CVS update: - - markus@cvs.openbsd.org 2000/12/06 19:57:48 - [ssh-keyscan.c] - err(3) -> internal error(), from stevesk@sweden.hp.com - -20001205 - - (bal) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/04 19:24:02 - [ssh-keyscan.c ssh-keyscan.1] - David Maziere's ssh-keyscan, ok niels@ - - (bal) Updated Makefile.in to include ssh-keyscan that was just added - to the recent OpenBSD source tree. - - (stevesk) fix typos in contrib/hpux/README - -20001204 - - (bal) More C functions defined in NeXT that are unaccessable without - defining -POSIX. - - (bal) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/12/03 11:29:04 - [compat.c] - remove fallback to SSH_BUG_HMAC now that the drafts are updated - - markus@cvs.openbsd.org 2000/12/03 11:27:55 - [compat.c] - correctly match "2.1.0.pl2 SSH" etc; from - pekkas@netcore.fi/bugzilla.redhat - - markus@cvs.openbsd.org 2000/12/03 11:15:03 - [auth2.c compat.c compat.h sshconnect2.c] - support f-secure/ssh.com 2.0.12; ok niels@ - -20001203 - - (bal) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/11/30 22:54:31 - [channels.c] - debug->warn if tried to do -R style fwd w/o client requesting this; - ok neils@ - - markus@cvs.openbsd.org 2000/11/29 20:39:17 - [cipher.c] - des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - - markus@cvs.openbsd.org 2000/11/30 18:33:05 - [ssh-agent.c] - agents must not dump core, ok niels@ - - markus@cvs.openbsd.org 2000/11/30 07:04:02 - [ssh.1] - T is for both protocols - - markus@cvs.openbsd.org 2000/12/01 00:00:51 - [ssh.1] - typo; from green@FreeBSD.org - - markus@cvs.openbsd.org 2000/11/30 07:02:35 - [ssh.c] - check -T before isatty() - - provos@cvs.openbsd.org 2000/11/29 13:51:27 - [sshconnect.c] - show IP address and hostname when new key is encountered. okay markus@ - - markus@cvs.openbsd.org 2000/11/30 22:53:35 - [sshconnect.c] - disable agent/x11/port fwding if hostkey has changed; ok niels@ - - marksu@cvs.openbsd.org 2000/11/29 21:11:59 - [sshd.c] - sshd -D, startup w/o deamon(), for monitoring scripts or inittab; - from handler@sub-rosa.com and eric@urbanrange.com; ok niels@ - - (djm) Added patch from Nalin Dahyabhai to enable - PAM authentication using KbdInteractive. - - (djm) Added another TODO - -20001202 - - (bal) Backed out of part of Alain St-Denis' loginrec.c patch. - - (bal) Irix need some sort of mansubdir, patch by Michael Stone - - -20001129 - - (djm) Back out all the serverloop.c hacks. sshd will now hang again - if there are background children with open fds. - - (djm) bsd-rresvport.c bzero -> memset - - (djm) Don't fail in defines.h on absence of 64 bit types (we will - still fail during compilation of sftp-server). - - (djm) Fail if ar is not found during configure - - (djm) OpenBSD CVS updates: - - provos@cvs.openbsd.org 2000/11/22 08:38:31 - [sshd.8] - talk about /etc/primes, okay markus@ - - markus@cvs.openbsd.org 2000/11/23 14:03:48 - [ssh.c sshconnect1.c sshconnect2.c] - complain about invalid ciphers for ssh1/ssh2, fall back to reasonable - defaults - - markus@cvs.openbsd.org 2000/11/25 09:42:53 - [sshconnect1.c] - reorder check for illegal ciphers, bugreport from espie@ - - markus@cvs.openbsd.org 2000/11/25 10:19:34 - [ssh-keygen.c ssh.h] - print keytype when generating a key. - reasonable defaults for RSA1/RSA/DSA keys. - - (djm) Patch from Pekka Savola to include a few - more manpage paths in fixpaths calls - - (djm) Also add xauth path at Pekka's suggestion. - - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility - -20001125 - - (djm) Give up privs when reading seed file - -20001123 - - (bal) Merge OpenBSD changes: - - markus@cvs.openbsd.org 2000/11/15 22:31:36 - [auth-options.c] - case insensitive key options; from stevesk@sweeden.hp.com - - markus@cvs.openbsd.org 2000/11/16 17:55:43 - [dh.c] - do not use perror() in sshd, after child is forked() - - markus@cvs.openbsd.org 2000/11/14 23:42:40 - [auth-rsa.c] - parse option only if key matches; fix some confusing seen by the client - - markus@cvs.openbsd.org 2000/11/14 23:44:19 - [session.c] - check no_agent_forward_flag for ssh-2, too - - markus@cvs.openbsd.org 2000/11/15 - [ssh-agent.1] - reorder SYNOPSIS; typo, use .It - - markus@cvs.openbsd.org 2000/11/14 23:48:55 - [ssh-agent.c] - do not reorder keys if a key is removed - - markus@cvs.openbsd.org 2000/11/15 19:58:08 - [ssh.c] - just ignore non existing user keys - - millert@cvs.openbsd.org 200/11/15 20:24:43 - [ssh-keygen.c] - Add missing \n at end of error message. - -20001122 - - (bal) Minor patch to ensure platforms lacking IRIX job limit supports - are compilable. - - (bal) Updated TODO as of 11/18/2000 with known things to resolve. - -20001117 - - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It - has no affect the output. Patch by Corinna Vinschen - - (stevesk) Reworked progname support. - - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by - Shinichi Maruyama - -20001116 - - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO - releases. - - (bal) Make builds work outside of source tree. Patch by Mark D. Roth - - -20001113 - - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to - contrib/README - - (djm) Merge OpenBSD changes: - - markus@cvs.openbsd.org 2000/11/06 16:04:56 - [channels.c channels.h clientloop.c nchan.c serverloop.c] - [session.c ssh.c] - agent forwarding and -R for ssh2, based on work from - jhuuskon@messi.uku.fi - - markus@cvs.openbsd.org 2000/11/06 16:13:27 - [ssh.c sshconnect.c sshd.c] - do not disabled rhosts(rsa) if server port > 1024; from - pekkas@netcore.fi - - markus@cvs.openbsd.org 2000/11/06 16:16:35 - [sshconnect.c] - downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - - markus@cvs.openbsd.org 2000/11/09 18:04:40 - [auth1.c] - typo; from mouring@pconline.com - - markus@cvs.openbsd.org 2000/11/12 12:03:28 - [ssh-agent.c] - off-by-one when removing a key from the agent - - markus@cvs.openbsd.org 2000/11/12 12:50:39 - [auth-rh-rsa.c auth2.c authfd.c authfd.h] - [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] - [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] - [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] - [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] - [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] - add support for RSA to SSH2. please test. - there are now 3 types of keys: RSA1 is used by ssh-1 only, - RSA and DSA are used by SSH2. - you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA - keys for SSH2 and use the RSA keys for hostkeys or for user keys. - SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - - (djm) Fix up Makefile and Redhat init script to create RSA host keys - - (djm) Change to interim version - - (djm) Fix RPM spec file stupidity - - (djm) fixpaths to DSA and RSA keys too - -20001112 - - (bal) SCO Patch to add needed libraries for configure.in. Patch by - Phillips Porch - - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker - - - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to - failed ioctl(TIOCSCTTY) call. - -20001111 - - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and - packaging files - - (djm) Fix new Makefile.in warnings - - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are - promoted to type int. Report and fix from Dan Astoorian - - - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get - it wrong. Report from Bennett Todd - -20001110 - - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c - - (bal) Changed from --with-skey to --with-skey=PATH in configure.in - - (bal) Added in check to verify S/Key library is being detected in - configure.in - - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif. - Patch by Mark Miller - - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined - to remove warnings under MacOS X. Patch by Mark Miller - - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs - -20001107 - - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by - Mark Miller - - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by - Jarno Huuskonen - - (bal) fixpaths fixed to stop it from quitely failing. Patch by - Mark D. Roth - -20001106 - - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs - - (djm) Manually fix up missed diff hunks (mainly RCS idents) - - (djm) Remove UPGRADING document in favour of a link to the better - maintained FAQ on www.openssh.com - - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola - - - (djm) Don't need X11-askpass in RPM spec file if building without it - from Pekka Savola - - (djm) Release 2.3.0p1 - - (bal) typo in configure.in in regards to --with-ldflags from Marko - Asplund - - (bal) fixed next-posix.h. Forgot prototype of getppid(). - -20001105 - - (bal) Sync with OpenBSD: - - markus@cvs.openbsd.org 2000/10/31 9:31:58 - [compat.c] - handle all old openssh versions - - markus@cvs.openbsd.org 2000/10/31 13:1853 - [deattack.c] - so that large packets do not wrap "n"; from netbsd - - (bal) rijndel.c - fix up RCSID to match OpenBSD tree - - (bal) auth2-skey.c - Checked in. Missing from portable tree. - - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and - setsid() into more common files - - (stevesk) pty.c: use __hpux to identify HP-UX. - - (bal) Missed auth-skey.o in Makefile.in and minor correction to - bsd-waitpid.c - -20001029 - - (stevesk) Fix typo in auth.c: USE_PAM not PAM - - (stevesk) Create contrib/cygwin/ directory; patch from - Corinna Vinschen - - (bal) Resolved more $xno and $xyes issues in configure.in - - (bal) next-posix.h - spelling and forgot a prototype - -20001028 - - (djm) fix select hack in serverloop.c from Philippe WILLEM - - - (djm) Fix mangled AIXAUTHENTICATE code - - (djm) authctxt->pw may be NULL. Fix from Markus Friedl - - - (djm) Sync with OpenBSD: - - markus@cvs.openbsd.org 2000/10/16 15:46:32 - [ssh.1] - fixes from pekkas@netcore.fi - - markus@cvs.openbsd.org 2000/10/17 14:28:11 - [atomicio.c] - return number of characters processed; ok deraadt@ - - markus@cvs.openbsd.org 2000/10/18 12:04:02 - [atomicio.c] - undo - - markus@cvs.openbsd.org 2000/10/18 12:23:02 - [scp.c] - replace atomicio(read,...) with read(); ok deraadt@ - - markus@cvs.openbsd.org 2000/10/18 12:42:00 - [session.c] - restore old record login behaviour - - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 - [auth-skey.c] - fmt string problem in unused code - - provos@cvs.openbsd.org 2000/10/19 10:45:16 - [sshconnect2.c] - don't reference freed memory. okay deraadt@ - - markus@cvs.openbsd.org 2000/10/21 11:04:23 - [canohost.c] - typo, eramore@era-t.ericsson.se; ok niels@ - - markus@cvs.openbsd.org 2000/10/23 13:31:55 - [cipher.c] - non-alignment dependent swap_bytes(); from - simonb@wasabisystems.com/netbsd - - markus@cvs.openbsd.org 2000/10/26 12:38:28 - [compat.c] - add older vandyke products - - markus@cvs.openbsd.org 2000/10/27 01:32:19 - [channels.c channels.h clientloop.c serverloop.c session.c] - [ssh.c util.c] - enable non-blocking IO on channels, and tty's (except for the - client ttys). - -20001027 - - (djm) Increase REKEY_BYTES to 2^24 for arc4random - -20001025 - - (djm) Added WARNING.RNG file and modified configure to ask users of the - builtin entropy code to read it. - - (djm) Prefer builtin regex to PCRE. - - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly. - - (bal) Apply fixes to configure.in pointed out by Pavel Roskin - - -20001020 - - (djm) Don't define _REENTRANT for SNI/Reliant Unix - - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation - is more correct then current version. - -20001018 - - (stevesk) Add initial support for setproctitle(). Current - support is for the HP-UX pstat(PSTAT_SETCMD, ...) method. - - (stevesk) Add egd startup scripts to contrib/hpux/ - -20001017 - - (djm) Add -lregex to cywin libs from Corinna Vinschen - - - (djm) Don't rely on atomicio's retval to determine length of askpass - supplied passphrase. Problem report from Lutz Jaenicke - - - (bal) Changed from GNU rx to PCRE on suggestion from djm. - - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki - - -20001016 - - (djm) Sync with OpenBSD: - - markus@cvs.openbsd.org 2000/10/14 04:01:15 - [cipher.c] - debug3 - - markus@cvs.openbsd.org 2000/10/14 04:07:23 - [scp.c] - remove spaces from arguments; from djm@mindrot.org - - markus@cvs.openbsd.org 2000/10/14 06:09:46 - [ssh.1] - Cipher is for SSH-1 only - - markus@cvs.openbsd.org 2000/10/14 06:12:09 - [servconf.c servconf.h serverloop.c session.c sshd.8] - AllowTcpForwarding; from naddy@ - - markus@cvs.openbsd.org 2000/10/14 06:16:56 - [auth2.c compat.c compat.h sshconnect2.c version.h] - OpenSSH_2.3; note that is is not complete, but the version number - needs to be changed for interoperability reasons - - markus@cvs.openbsd.org 2000/10/14 06:19:45 - [auth-rsa.c] - do not send RSA challenge if key is not allowed by key-options; from - eivind@ThinkSec.com - - markus@cvs.openbsd.org 2000/10/15 08:14:01 - [rijndael.c session.c] - typos; from stevesk@sweden.hp.com - - markus@cvs.openbsd.org 2000/10/15 08:18:31 - [rijndael.c] - typo - - (djm) Copy manpages back over from OpenBSD - too tedious to wade - through diffs - - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola - - - (djm) Update version in Redhat spec file - - (djm) Merge some of Nalin Dahyabhai changes from the - Redhat 7.0 spec file - - (djm) Make inability to read/write PRNG seedfile non-fatal - - -20001015 - - (djm) Fix ssh2 hang on background processes at logout. - -20001014 - - (bal) Add support for realpath and getcwd for platforms with broken - or missing realpath implementations for sftp-server. - - (bal) Corrected mistake in INSTALL in regards to GNU rx library - - (bal) Add support for GNU rx library for those lacking regexp support - - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth - - (djm) Revert SSH2 serverloop hack, will find a better way. - - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch - from Martin Johansson - - (djm) Big OpenBSD sync: - - markus@cvs.openbsd.org 2000/09/30 10:27:44 - [log.c] - allow loglevel debug - - markus@cvs.openbsd.org 2000/10/03 11:59:57 - [packet.c] - hmac->mac - - markus@cvs.openbsd.org 2000/10/03 12:03:03 - [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] - move fake-auth from auth1.c to individual auth methods, disables s/key in - debug-msg - - markus@cvs.openbsd.org 2000/10/03 12:16:48 - ssh.c - do not resolve canonname, i have no idea why this was added oin ossh - - markus@cvs.openbsd.org 2000/10/09 15:30:44 - ssh-keygen.1 ssh-keygen.c - -X now reads private ssh.com DSA keys, too. - - markus@cvs.openbsd.org 2000/10/09 15:32:34 - auth-options.c - clear options on every call. - - markus@cvs.openbsd.org 2000/10/09 15:51:00 - authfd.c authfd.h - interop with ssh-agent2, from - - markus@cvs.openbsd.org 2000/10/10 14:20:45 - compat.c - use rexexp for version string matching - - provos@cvs.openbsd.org 2000/10/10 22:02:18 - [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] - First rough implementation of the diffie-hellman group exchange. The - client can ask the server for bigger groups to perform the diffie-hellman - in, thus increasing the attack complexity when using ciphers with longer - keys. University of Windsor provided network, T the company. - - markus@cvs.openbsd.org 2000/10/11 13:59:52 - [auth-rsa.c auth2.c] - clear auth options unless auth sucessfull - - markus@cvs.openbsd.org 2000/10/11 14:00:27 - [auth-options.h] - clear auth options unless auth sucessfull - - markus@cvs.openbsd.org 2000/10/11 14:03:27 - [scp.1 scp.c] - support 'scp -o' with help from mouring@pconline.com - - markus@cvs.openbsd.org 2000/10/11 14:11:35 - [dh.c] - Wall - - markus@cvs.openbsd.org 2000/10/11 14:14:40 - [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] - [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] - add support for s/key (kbd-interactive) to ssh2, based on work by - mkiernan@avantgo.com and me - - markus@cvs.openbsd.org 2000/10/11 14:27:24 - [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] - [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] - [sshconnect2.c sshd.c] - new cipher framework - - markus@cvs.openbsd.org 2000/10/11 14:45:21 - [cipher.c] - remove DES - - markus@cvs.openbsd.org 2000/10/12 03:59:20 - [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] - enable DES in SSH-1 clients only - - markus@cvs.openbsd.org 2000/10/12 08:21:13 - [kex.h packet.c] - remove unused - - markus@cvs.openbsd.org 2000/10/13 12:34:46 - [sshd.c] - Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - - markus@cvs.openbsd.org 2000/10/13 12:59:15 - [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] - rijndael/aes support - - markus@cvs.openbsd.org 2000/10/13 13:10:54 - [sshd.8] - more info about -V - - markus@cvs.openbsd.org 2000/10/13 13:12:02 - [myproposal.h] - prefer no compression - - (djm) Fix scp user@host handling - - (djm) Don't clobber ssh_prng_cmds on install - - (stevesk) Include config.h in rijndael.c so we define intXX_t and - u_intXX_t types on all platforms. - - (stevesk) rijndael.c: cleanup missing declaration warnings. - - (stevesk) ~/.hushlogin shouldn't cause required password change to - be bypassed. - - (stevesk) Display correct path to ssh-askpass in configure output. - Report from Lutz Jaenicke. - -20001007 - - (stevesk) Print PAM return value in PAM log messages to aid - with debugging. - - (stevesk) Fix detection of pw_class struct member in configure; - patch from KAMAHARA Junzo - -20001002 - - (djm) Fix USER_PATH, report from Kevin Steves - - (djm) Add host system and CC to end-of-configure report. Suggested by - Lutz Jaenicke - -20000931 - - (djm) Cygwin fixes from Corinna Vinschen - -20000930 - - (djm) Irix ssh_prng_cmds path fix from Pekka Savola - - (djm) Support in bsd-snprintf.c for long long conversions from - Ben Lindstrom - - (djm) Cleanup NeXT support from Ben Lindstrom - - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with - very short lived X connections. Bug report from Tobias Oetiker - . Fix from Markus Friedl - - (djm) Add recent InitScripts as a RPM dependancy for openssh-server - patch from Pekka Savola - - (djm) Forgot to cvs add LICENSE file - - (djm) Add LICENSE to RPM spec files - - (djm) CVS OpenBSD sync: - - markus@cvs.openbsd.org 2000/09/26 13:59:59 - [clientloop.c] - use debug2 - - markus@cvs.openbsd.org 2000/09/27 15:41:34 - [auth2.c sshconnect2.c] - use key_type() - - markus@cvs.openbsd.org 2000/09/28 12:03:18 - [channels.c] - debug -> debug2 cleanup - - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only - strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis - - - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass. - Problem was caused by interrupted read in ssh-add. Report from Donald - J. Barry - -20000929 - - (djm) Fix SSH2 not terminating until all background tasks done problem. - - (djm) Another off-by-one fix from Pavel Kankovsky - - - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, - tidy necessary differences. Use Markus' new debugN() in entropy.c - - (djm) Merged big SCO portability patch from Tim Rice - - -20000926 - - (djm) Update X11-askpass to 1.0.2 in RPM spec file - - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX - - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. - Report and fix from Pavel Kankovsky - -20000924 - - (djm) Merged cleanup patch from Mark Miller - - (djm) A bit more cleanup - created cygwin_util.h - - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller - - -20000923 - - (djm) Fix address logging in utmp from Kevin Steves - - - (djm) Redhat spec and manpage fixes from Pekka Savola - - (djm) Seperate tests for int64_t and u_int64_t types - - (djm) Tweak password expiry checking at suggestion of Kevin Steves - - - (djm) NeXT patch from Ben Lindstrom - - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from - Michael Stone - - (djm) OpenBSD CVS sync: - - markus@cvs.openbsd.org 2000/09/17 09:38:59 - [sshconnect2.c sshd.c] - fix DEBUG_KEXDH - - markus@cvs.openbsd.org 2000/09/17 09:52:51 - [sshconnect.c] - yes no; ok niels@ - - markus@cvs.openbsd.org 2000/09/21 04:55:11 - [sshd.8] - typo - - markus@cvs.openbsd.org 2000/09/21 05:03:54 - [serverloop.c] - typo - - markus@cvs.openbsd.org 2000/09/21 05:11:42 - scp.c - utime() to utimes(); mouring@pconline.com - - markus@cvs.openbsd.org 2000/09/21 05:25:08 - sshconnect2.c - change login logic in ssh2, allows plugin of other auth methods - - markus@cvs.openbsd.org 2000/09/21 05:25:35 - [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] - [serverloop.c] - add context to dispatch_run - - markus@cvs.openbsd.org 2000/09/21 05:07:52 - authfd.c authfd.h ssh-agent.c - bug compat for old ssh.com software - -20000920 - - (djm) Fix bad path substitution. Report from Andrew Miner - - -20000916 - - (djm) Fix SSL search order from Lutz Jaenicke - - - (djm) New SuSE spec from Corinna Vinschen - - (djm) Update CygWin support from Corinna Vinschen - - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. - Patch from Larry Jones - - (djm) Add Steve VanDevender's PAM - password change patch. - - (djm) Bring licenses on my stuff in line with OpenBSD's - - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from - Kevin Steves - - (djm) Shadow expiry check fix from Pavel Troller - - (djm) Re-enable int64_t types - we need them for sftp - - (djm) Use libexecdir from configure , rather than libexecdir/ssh - - (djm) Update Redhat SPEC file accordingly - - (djm) Add Kevin Steves HP/UX contrib files - - (djm) Add Charles Levert getpgrp patch - - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter - - - (djm) Fixprogs and entropy list fixes from Larry Jones - - - (djm) Fix for SuSE spec file from Takashi YOSHIDA - - - (djm) Merge OpenBSD changes: - - markus@cvs.openbsd.org 2000/09/05 02:59:57 - [session.c] - print hostname (not hushlogin) - - markus@cvs.openbsd.org 2000/09/05 13:18:48 - [authfile.c ssh-add.c] - enable ssh-add -d for DSA keys - - markus@cvs.openbsd.org 2000/09/05 13:20:49 - [sftp-server.c] - cleanup - - markus@cvs.openbsd.org 2000/09/06 03:46:41 - [authfile.h] - prototype - - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 - [ALL] - cleanup copyright notices on all files. I have attempted to be - accurate with the details. everything is now under Tatu's licence - (which I copied from his readme), and/or the core-sdi bsd-ish thing - for deattack, or various openbsd developers under a 2-term bsd - licence. We're not changing any rules, just being accurate. - - markus@cvs.openbsd.org 2000/09/07 14:40:30 - [channels.c channels.h clientloop.c serverloop.c ssh.c] - cleanup window and packet sizes for ssh2 flow control; ok niels - - markus@cvs.openbsd.org 2000/09/07 14:53:00 - [scp.c] - typo - - markus@cvs.openbsd.org 2000/09/07 15:13:37 - [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] - [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] - [pty.c readconf.c] - some more Copyright fixes - - markus@cvs.openbsd.org 2000/09/08 03:02:51 - [README.openssh2] - bye bye - - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 - [LICENCE cipher.c] - a few more comments about it being ARC4 not RC4 - - markus@cvs.openbsd.org 2000/09/12 14:53:11 - [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] - multiple debug levels - - markus@cvs.openbsd.org 2000/09/14 14:25:15 - [clientloop.c] - typo - - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 - [ssh-agent.c] - check return value for setenv(3) for failure, and deal appropriately - -20000913 - - (djm) Fix server not exiting with jobs in background. - -20000905 - - (djm) Import OpenBSD CVS changes - - markus@cvs.openbsd.org 2000/08/31 15:52:24 - [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c] - implement a SFTP server. interops with sftp2, scp2 and the windows - client from ssh.com - - markus@cvs.openbsd.org 2000/08/31 15:56:03 - [README.openssh2] - sync - - markus@cvs.openbsd.org 2000/08/31 16:05:42 - [session.c] - Wall - - markus@cvs.openbsd.org 2000/08/31 16:09:34 - [authfd.c ssh-agent.c] - add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions - - deraadt@cvs.openbsd.org 2000/09/01 09:25:13 - [scp.1 scp.c] - cleanup and fix -S support; stevesk@sweden.hp.com - - markus@cvs.openbsd.org 2000/09/01 16:29:32 - [sftp-server.c] - portability fixes - - markus@cvs.openbsd.org 2000/09/01 16:32:41 - [sftp-server.c] - fix cast; mouring@pconline.com - - itojun@cvs.openbsd.org 2000/09/03 09:23:28 - [ssh-add.1 ssh.1] - add missing .El against .Bl. - - markus@cvs.openbsd.org 2000/09/04 13:03:41 - [session.c] - missing close; ok theo - - markus@cvs.openbsd.org 2000/09/04 13:07:21 - [session.c] - fix get_last_login_time order; from andre@van-veen.de - - markus@cvs.openbsd.org 2000/09/04 13:10:09 - [sftp-server.c] - more cast fixes; from mouring@pconline.com - - markus@cvs.openbsd.org 2000/09/04 13:06:04 - [session.c] - set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net - - (djm) Cleanup after import. Fix sftp-server compilation, Makefile - - (djm) Merge cygwin support from Corinna Vinschen - -20000903 - - (djm) Fix Redhat init script - -20000901 - - (djm) Pick up Jim's new X11-askpass - - (djm) Release 2.2.0p1 - -20000831 - - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox - - - (djm) Pick up new version (2.2.0) from OpenBSD CVS - -20000830 - - (djm) Compile warning fixes from Mark Miller - - (djm) Periodically rekey arc4random - - (djm) Clean up diff against OpenBSD. - - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves - - - (djm) Quieten the pam delete credentials error message - - (djm) Fix printing of $DISPLAY hack if set by system type. Report from - Kevin Steves - - (djm) NeXT patch from Ben Lindstrom - - (djm) Fix doh in bsd-arc4random.c - -20000829 - - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert - Doering , John Horne and - Garrick James - - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from - Bastian Trompetter - - (djm) NeXT tweaks from Ben Lindstrom - - More OpenBSD updates: - - deraadt@cvs.openbsd.org 2000/08/24 15:46:59 - [scp.c] - off_t in sink, to fix files > 2GB, i think, test is still running ;-) - - deraadt@cvs.openbsd.org 2000/08/25 10:10:06 - [session.c] - Wall - - markus@cvs.openbsd.org 2000/08/26 04:33:43 - [compat.c] - ssh.com-2.3.0 - - markus@cvs.openbsd.org 2000/08/27 12:18:05 - [compat.c] - compatibility with future ssh.com versions - - deraadt@cvs.openbsd.org 2000/08/27 21:50:55 - [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c] - print uid/gid as unsigned - - markus@cvs.openbsd.org 2000/08/28 13:51:00 - [ssh.c] - enable -n and -f for ssh2 - - markus@cvs.openbsd.org 2000/08/28 14:19:53 - [ssh.c] - allow combination of -N and -f - - markus@cvs.openbsd.org 2000/08/28 14:20:56 - [util.c] - util.c - - markus@cvs.openbsd.org 2000/08/28 14:22:02 - [util.c] - undo - - markus@cvs.openbsd.org 2000/08/28 14:23:38 - [util.c] - don't complain if setting NONBLOCK fails with ENODEV - -20000823 - - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4 - Avoids "scp never exits" problem. Reports from Lutz Jaenicke - and Tamito KAJIYAMA - - - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers - - (djm) Add local version to version.h - - (djm) Don't reseed arc4random everytime it is used - - (djm) OpenBSD CVS updates: - - deraadt@cvs.openbsd.org 2000/08/18 20:07:23 - [ssh.c] - accept remsh as a valid name as well; roman@buildpoint.com - - deraadt@cvs.openbsd.org 2000/08/18 20:17:13 - [deattack.c crc32.c packet.c] - rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to - libz crc32 function yet, because it has ugly "long"'s in it; - oneill@cs.sfu.ca - - deraadt@cvs.openbsd.org 2000/08/18 20:26:08 - [scp.1 scp.c] - -S prog support; tv@debian.org - - deraadt@cvs.openbsd.org 2000/08/18 20:50:07 - [scp.c] - knf - - deraadt@cvs.openbsd.org 2000/08/18 20:57:33 - [log-client.c] - shorten - - markus@cvs.openbsd.org 2000/08/19 12:48:11 - [channels.c channels.h clientloop.c ssh.c ssh.h] - support for ~. in ssh2 - - deraadt@cvs.openbsd.org 2000/08/19 15:29:40 - [crc32.h] - proper prototype - - markus@cvs.openbsd.org 2000/08/19 15:34:44 - [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] - [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] - [fingerprint.c fingerprint.h] - add SSH2/DSA support to the agent and some other DSA related cleanups. - (note that we cannot talk to ssh.com's ssh2 agents) - - markus@cvs.openbsd.org 2000/08/19 15:55:52 - [channels.c channels.h clientloop.c] - more ~ support for ssh2 - - markus@cvs.openbsd.org 2000/08/19 16:21:19 - [clientloop.c] - oops - - millert@cvs.openbsd.org 2000/08/20 12:25:53 - [session.c] - We have to stash the result of get_remote_name_or_ip() before we - close our socket or getpeername() will get EBADF and the process - will exit. Only a problem for "UseLogin yes". - - millert@cvs.openbsd.org 2000/08/20 12:30:59 - [session.c] - Only check /etc/nologin if "UseLogin no" since login(1) may have its - own policy on determining who is allowed to login when /etc/nologin - is present. Also use the _PATH_NOLOGIN define. - - millert@cvs.openbsd.org 2000/08/20 12:42:43 - [auth1.c auth2.c session.c ssh.c] - Add calls to setusercontext() and login_get*(). We basically call - setusercontext() in most places where previously we did a setlogin(). - Add default login.conf file and put root in the "daemon" login class. - - millert@cvs.openbsd.org 2000/08/21 10:23:31 - [session.c] - Fix incorrect PATH setting; noted by Markus. - -20000818 - - (djm) OpenBSD CVS changes: - - markus@cvs.openbsd.org 2000/07/22 03:14:37 - [servconf.c servconf.h sshd.8 sshd.c sshd_config] - random early drop; ok theo, niels - - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 - [ssh.1] - typo - - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 - [sshd.8] - many fixes from pepper@mail.reppep.com - - provos@cvs.openbsd.org 2000/08/01 13:01:42 - [Makefile.in util.c aux.c] - rename aux.c to util.c to help with cygwin port - - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 - [authfd.c] - correct sun_len; Alexander@Leidinger.net - - provos@cvs.openbsd.org 2000/08/02 10:27:17 - [readconf.c sshd.8] - disable kerberos authentication by default - - provos@cvs.openbsd.org 2000/08/02 11:27:05 - [sshd.8 readconf.c auth-krb4.c] - disallow kerberos authentication if we can't verify the TGT; from - dugsong@ - kerberos authentication is on by default only if you have a srvtab. - - markus@cvs.openbsd.org 2000/08/04 14:30:07 - [auth.c] - unused - - markus@cvs.openbsd.org 2000/08/04 14:30:35 - [sshd_config] - MaxStartups - - markus@cvs.openbsd.org 2000/08/15 13:20:46 - [authfd.c] - cleanup; ok niels@ - - markus@cvs.openbsd.org 2000/08/17 14:05:10 - [session.c] - cleanup login(1)-like jobs, no duplicate utmp entries - - markus@cvs.openbsd.org 2000/08/17 14:06:34 - [session.c sshd.8 sshd.c] - sshd -u len, similar to telnetd - - (djm) Lastlog was not getting closed after writing login entry - - (djm) Add Solaris package support from Rip Loomis - -20000816 - - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc) - - (djm) Fix strerror replacement for old SunOS. Based on patch from - Charles Levert - - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4 - implementation. - - (djm) SUN_LEN macro for systems which lack it - -20000815 - - (djm) More SunOS 4.1.x fixes from Nate Itkin - - (djm) Avoid failures on Irix when ssh is not setuid. Fix from - Michael Stone - - (djm) Don't seek in directory based lastlogs - - (djm) Fix --with-ipaddr-display configure option test. Patch from - Jarno Huuskonen - - (djm) Fix AIX limits from Alexandre Oliva - -20000813 - - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from - Fabrice bacchella - -20000809 - - (djm) Define AIX hard limits if headers don't. Report from - Bill Painter - - (djm) utmp direct write & SunOS 4 patch from Charles Levert - - -20000808 - - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install - time, spec file cleanup. - -20000807 - - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke - - (djm) Suppress error messages on channel close shutdown() failurs - works around Linux bug. Patch from Zack Weinberg - - (djm) Add some more entropy collection commands from Lutz Jaenicke - -20000725 - - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF - -20000721 - - (djm) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/07/16 02:27:22 - [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c] - [sshconnect1.c sshconnect2.c] - make ssh-add accept dsa keys (the agent does not) - - djm@cvs.openbsd.org 2000/07/17 19:25:02 - [sshd.c] - Another closing of stdin; ok deraadt - - markus@cvs.openbsd.org 2000/07/19 18:33:12 - [dsa.c] - missing free, reorder - - markus@cvs.openbsd.org 2000/07/20 16:23:14 - [ssh-keygen.1] - document input and output files - -20000720 - - (djm) Spec file fix from Petr Novotny - -20000716 - - (djm) Release 2.1.1p4 - -20000715 - - (djm) OpenBSD CVS updates - - provos@cvs.openbsd.org 2000/07/13 16:53:22 - [aux.c readconf.c servconf.c ssh.h] - allow multiple whitespace but only one '=' between tokens, bug report from - Ralf S. Engelschall but different fix. okay deraadt@ - - provos@cvs.openbsd.org 2000/07/13 17:14:09 - [clientloop.c] - typo; todd@fries.net - - provos@cvs.openbsd.org 2000/07/13 17:19:31 - [scp.c] - close can fail on AFS, report error; from Greg Hudson - - markus@cvs.openbsd.org 2000/07/14 16:59:46 - [readconf.c servconf.c] - allow leading whitespace. ok niels - - djm@cvs.openbsd.org 2000/07/14 22:01:38 - [ssh-keygen.c ssh.c] - Always create ~/.ssh with mode 700; ok Markus - - Fixes for SunOS 4.1.4 from Gordon Atwood - - Include floatingpoint.h for entropy.c - - strerror replacement - -20000712 - - (djm) Remove -lresolve for Reliant Unix - - (djm) OpenBSD CVS Updates: - - deraadt@cvs.openbsd.org 2000/07/11 02:11:34 - [session.c sshd.c ] - make MaxStartups code still work with -d; djm - - deraadt@cvs.openbsd.org 2000/07/11 13:17:45 - [readconf.c ssh_config] - disable FallBackToRsh by default - - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from - Ben Lindstrom - - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM - spec file. - - (djm) Released 2.1.1p3 - -20000711 - - (djm) Fixup for AIX getuserattr() support from Tom Bertelson - - - (djm) ReliantUNIX support from Udo Schweigert - - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom - - - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report - from Jim Watt - - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known - to compile on more platforms (incl NeXT). - - (djm) Added bsd-inet_aton and configure support for NeXT - - (djm) Misc NeXT fixes from Ben Lindstrom - - (djm) OpenBSD CVS updates: - - markus@cvs.openbsd.org 2000/06/26 03:22:29 - [authfd.c] - cleanup, less cut&paste - - markus@cvs.openbsd.org 2000/06/26 15:59:19 - [servconf.c servconf.h session.c sshd.8 sshd.c] - MaxStartups: limit number of unauthenticated connections, work by - theo and me - - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 - [session.c] - use no_x11_forwarding_flag correctly; provos ok - - provos@cvs.openbsd.org 2000/07/05 15:35:57 - [sshd.c] - typo - - aaron@cvs.openbsd.org 2000/07/05 22:06:58 - [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] - Insert more missing .El directives. Our troff really should identify - these and spit out a warning. - - todd@cvs.openbsd.org 2000/07/06 21:55:04 - [auth-rsa.c auth2.c ssh-keygen.c] - clean code is good code - - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 - [serverloop.c] - sense of port forwarding flag test was backwards - - provos@cvs.openbsd.org 2000/07/08 17:17:31 - [compat.c readconf.c] - replace strtok with strsep; from David Young - - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 - [auth.h] - KNF - - ho@cvs.openbsd.org 2000/07/08 19:27:33 - [compat.c readconf.c] - Better conditions for strsep() ending. - - ho@cvs.openbsd.org 2000/07/10 10:27:05 - [readconf.c] - Get the correct message on errors. (niels@ ok) - - ho@cvs.openbsd.org 2000/07/10 10:30:25 - [cipher.c kex.c servconf.c] - strtok() --> strsep(). (niels@ ok) - - (djm) Fix problem with debug mode and MaxStartups - - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM - builds) - - (djm) Add strsep function from OpenBSD libc for systems that lack it - -20000709 - - (djm) Only enable PAM_TTY kludge for Linux. Problem report from - Kevin Steves - - (djm) Match prototype and function declaration for rresvport_af. - Problem report from Niklas Edmundsson - - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM - builds. Problem report from Gregory Leblanc - - (djm) Replace ut_name with ut_user. Patch from Jim Watt - - - (djm) Fix pam sprintf fix - - (djm) Cleanup entropy collection code a little more. Split initialisation - from seeding, perform intialisation immediatly at start, be careful with - uids. Based on problem report from Jim Watt - - (djm) More NeXT compatibility from Ben Lindstrom - Including sigaction() et al. replacements - - (djm) AIX getuserattr() session initialisation from Tom Bertelson - - -20000708 - - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from - Aaron Hopkins - - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from - Lutz Jaenicke - - (djm) Fixed undefined variables for OSF SIA. Report from - Baars, Henk - - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c - Fix from Marquess, Steve Mr JMLFDC - - (djm) Don't use inet_addr. - -20000702 - - (djm) Fix brace mismatch from Corinna Vinschen - - (djm) Stop shadow expiry checking from preventing logins with NIS. Based - on fix from HARUYAMA Seigo - - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from - Chris, the Young One - - (djm) Fix scp progress meter on really wide terminals. Based on patch - from James H. Cloos Jr. - -20000701 - - (djm) Fix Tru64 SIA problems reported by John P Speno - - (djm) Login fixes from Tom Bertelson - - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen - - - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM - - (djm) Added check for broken snprintf() functions which do not correctly - terminate output string and attempt to use replacement. - - (djm) Released 2.1.1p2 - -20000628 - - (djm) Fixes to lastlog code for Irix - - (djm) Use atomicio in loginrec - - (djm) Patch from Michael Stone to add support for - Irix 6.x array sessions, project id's, and system audit trail id. - - (djm) Added 'distprep' make target to simplify packaging - - (djm) Added patch from Chris Adams to add OSF SIA - support. Enable using "USE_SIA=1 ./configure [options]" - -20000627 - - (djm) Fixes to login code - not setting li->uid, cleanups - - (djm) Formatting - -20000626 - - (djm) Better fix to aclocal tests from Garrick James - - (djm) Account expiry support from Andreas Steinmetz - - (djm) Added password expiry checking (no password change support) - - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK - based on patch from Lutz Jaenicke - - (djm) Fix fixed EGD code. - - OpenBSD CVS update - - provos@cvs.openbsd.org 2000/06/25 14:17:58 - [channels.c] - correct check for bad channel ids; from Wei Dai - -20000623 - - (djm) Use sa_family_t in prototype for rresvport_af. Patch from - Svante Signell - - (djm) Autoconf logic to define sa_family_t if it is missing - - OpenBSD CVS Updates: - - markus@cvs.openbsd.org 2000/06/22 10:32:27 - [sshd.c] - missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL - - djm@cvs.openbsd.org 2000/06/22 17:55:00 - [auth-krb4.c key.c radix.c uuencode.c] - Missing CVS idents; ok markus - -20000622 - - (djm) Automatically generate host key during "make install". Suggested - by Gary E. Miller - - (djm) Paranoia before kill() system call - - OpenBSD CVS Updates: - - markus@cvs.openbsd.org 2000/06/18 18:50:11 - [auth2.c compat.c compat.h sshconnect2.c] - make userauth+pubkey interop with ssh.com-2.2.0 - - markus@cvs.openbsd.org 2000/06/18 20:56:17 - [dsa.c] - mem leak + be more paranoid in dsa_verify. - - markus@cvs.openbsd.org 2000/06/18 21:29:50 - [key.c] - cleanup fingerprinting, less hardcoded sizes - - markus@cvs.openbsd.org 2000/06/19 19:39:45 - [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] - [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] - [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] - [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] - [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] - [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] - [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] - [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] - [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] - OpenBSD tag - - markus@cvs.openbsd.org 2000/06/21 10:46:10 - sshconnect2.c missing free; nuke old comment - -20000620 - - (djm) Replace use of '-o' and '-a' logical operators in configure tests - with '||' and '&&'. As suggested by Jim Knoble - to fix SCO Unixware problem reported by Gary E. Miller - - (djm) Typo in loginrec.c - -20000618 - - (djm) Add summary of configure options to end of ./configure run - - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from - Michael Stone - - (djm) rusage is a privileged operation on some Unices (incl. - Solaris 2.5.1). Report from Paul D. Smith - - (djm) Avoid PAM failures when running without a TTY. Report from - Martin Petrak - - (djm) Include sys/types.h when including netinet/in.h in configure tests. - Patch from Jun-ichiro itojun Hagino - - (djm) Started merge of Ben Lindstrom's NeXT support - - OpenBSD CVS updates: - - deraadt@cvs.openbsd.org 2000/06/17 09:58:46 - [channels.c] - everyone says "nix it" (remove protocol 2 debugging message) - - markus@cvs.openbsd.org 2000/06/17 13:24:34 - [sshconnect.c] - allow extended server banners - - markus@cvs.openbsd.org 2000/06/17 14:30:10 - [sshconnect.c] - missing atomicio, typo - - jakob@cvs.openbsd.org 2000/06/17 16:52:34 - [servconf.c servconf.h session.c sshd.8 sshd_config] - add support for ssh v2 subsystems. ok markus@. - - deraadt@cvs.openbsd.org 2000/06/17 18:57:48 - [readconf.c servconf.c] - include = in WHITESPACE; markus ok - - markus@cvs.openbsd.org 2000/06/17 19:09:10 - [auth2.c] - implement bug compatibility with ssh-2.0.13 pubkey, server side - - markus@cvs.openbsd.org 2000/06/17 21:00:28 - [compat.c] - initial support for ssh.com's 2.2.0 - - markus@cvs.openbsd.org 2000/06/17 21:16:09 - [scp.c] - typo - - markus@cvs.openbsd.org 2000/06/17 22:05:02 - [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] - split auth-rsa option parsing into auth-options - add options support to authorized_keys2 - - markus@cvs.openbsd.org 2000/06/17 22:42:54 - [session.c] - typo - -20000613 - - (djm) Fixes from Andrew McGill : - - Platform define for SCO 3.x which breaks on /dev/ptmx - - Detect and try to fix missing MAXPATHLEN - - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp - - -20000612 - - (djm) Glob manpages in RPM spec files to catch compressed files - - (djm) Full license in auth-pam.c - - (djm) Configure fixes from SAKAI Kiyotaka - - (andre) AIX, lastlog, configure fixes from Tom Bertelson : - - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is - def'd - - Set AIX to use preformatted manpages - -20000610 - - (djm) Minor doc tweaks - - (djm) Fix for configure on bash2 from Jim Knoble - -20000609 - - (djm) Patch from Kenji Miyake to disable utmp usage - (in favour of utmpx) on Solaris 8 - -20000606 - - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through - list of commands (by default). Removed verbose debugging (by default). - - (djm) Increased command entropy estimates and default entropy collection - timeout - - (djm) Remove duplicate headers from loginrec.c - - (djm) Don't add /usr/local/lib to library search path on Irix - - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III - - - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg - - - (djm) OpenBSD CVS updates: - - todd@cvs.openbsd.org - [sshconnect2.c] - teach protocol v2 to count login failures properly and also enable an - explanation of why the password prompt comes up again like v1; this is NOT - crypto - - markus@cvs.openbsd.org - [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] - xauth_location support; pr 1234 - [readconf.c sshconnect2.c] - typo, unused - [session.c] - allow use_login only for login sessions, otherwise remote commands are - execed with uid==0 - [sshd.8] - document UseLogin better - [version.h] - OpenSSH 2.1.1 - [auth-rsa.c] - fix match_hostname() logic for auth-rsa: deny access if we have a - negative match or no match at all - [channels.c hostfile.c match.c] - don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via - kris@FreeBSD.org - -20000606 - - (djm) Added --with-cflags, --with-ldflags and --with-libs options to - configure. - -20000604 - - Configure tweaking for new login code on Irix 5.3 - - (andre) login code changes based on djm feedback - -20000603 - - (andre) New login code - - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c - - Add loginrec.[ch], logintest.c and autoconf code - -20000531 - - Cleanup of auth.c, login.c and fake-* - - Cleanup of auth-pam.c, save and print "account expired" error messages - - Fix EGD read bug by IWAMURO Motonori - - Rewrote bsd-login to use proper utmp API if available. Major cleanup - of fallback DIY code. - -20000530 - - Define atexit for old Solaris - - Fix buffer overrun in login.c for systems which use syslen in utmpx. - patch from YOSHIFUJI Hideaki - - OpenBSD CVS updates: - - markus@cvs.openbsd.org - [session.c] - make x11-fwd work w/ localhost (xauth add host/unix:11) - [cipher.c compat.c readconf.c servconf.c] - check strtok() != NULL; ok niels@ - [key.c] - fix key_read() for uuencoded keys w/o '=' - [serverloop.c] - group ssh1 vs. ssh2 in serverloop - [kex.c kex.h myproposal.h sshconnect2.c sshd.c] - split kexinit/kexdh, factor out common code - [readconf.c ssh.1 ssh.c] - forwardagent defaults to no, add ssh -A - - theo@cvs.openbsd.org - [session.c] - just some line shortening - - Released 2.1.0p3 - -20000520 - - Xauth fix from Markus Friedl - - Don't touch utmp if USE_UTMPX defined - - SunOS 4.x support from Todd C. Miller - - SIGCHLD fix for AIX and HPUX from Tom Bertelson - - HPUX and Configure fixes from Lutz Jaenicke - - - Use mkinstalldirs script to make directories instead of non-portable - "install -d". Suggested by Lutz Jaenicke - - Doc cleanup - -20000518 - - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday - - OpenBSD CVS updates: - - markus@cvs.openbsd.org - [sshconnect.c] - copy only ai_addrlen bytes; misiek@pld.org.pl - [auth.c] - accept an empty shell in authentication; bug reported by - chris@tinker.ucr.edu - [serverloop.c] - we don't have stderr for interactive terminal sessions (fcntl errors) - -20000517 - - Fix from Andre Lucas - - Fixes command line printing segfaults (spotter: Bladt Norbert) - - Fixes erroneous printing of debug messages to syslog - - Fixes utmp for MacOS X (spotter: Aristedes Maniatis) - - Gives useful error message if PRNG initialisation fails - - Reduced ssh startup delay - - Measures cumulative command time rather than the time between reads - after select() - - 'fixprogs' perl script to eliminate non-working entropy commands, and - optionally run 'ent' to measure command entropy - - Applied Tom Bertelson's AIX authentication fix - - Avoid WCOREDUMP complation errors for systems that lack it - - Avoid SIGCHLD warnings from entropy commands - - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson - - OpenBSD CVS update: - - markus@cvs.openbsd.org - [ssh.c] - fix usage() - [ssh2.h] - draft-ietf-secsh-architecture-05.txt - [ssh.1] - document ssh -T -N (ssh2 only) - [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] - enable nonblocking IO for sshd w/ proto 1, too; split out common code - [aux.c] - missing include - - Several patches from SAKAI Kiyotaka - - INSTALL typo and URL fix - - Makefile fix - - Solaris fixes - - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka - - - RSAless operation patch from kevin_oconnor@standardandpoors.com - - Detect OpenSSL seperatly from RSA - - Better test for RSA (more compatible with RSAref). Based on work by - Ed Eden - -20000513 - - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz - - -20000511 - - Fix for prng_seed permissions checking from Lutz Jaenicke - - - "make host-key" fix for Irix - -20000509 - - OpenBSD CVS update - - markus@cvs.openbsd.org - [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] - [ssh.h sshconnect1.c sshconnect2.c sshd.8] - - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - - hugh@cvs.openbsd.org - [ssh.1] - - zap typo - [ssh-keygen.1] - - One last nit fix. (markus approved) - [sshd.8] - - some markus certified spelling adjustments - - markus@cvs.openbsd.org - [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] - [sshconnect2.c ] - - bug compat w/ ssh-2.0.13 x11, split out bugs - [nchan.c] - - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ - [ssh-keygen.c] - - handle escapes in real and original key format, ok millert@ - [version.h] - - OpenSSH-2.1 - - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a - - Doc updates - - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported - by Andre Lucas - -20000508 - - Makefile and RPM spec fixes - - Generate DSA host keys during "make key" or RPM installs - - OpenBSD CVS update - - markus@cvs.openbsd.org - [clientloop.c sshconnect2.c] - - make x11-fwd interop w/ ssh-2.0.13 - [README.openssh2] - - interop w/ SecureFX - - Release 2.0.0beta2 - - - Configure caching and cleanup patch from Andre Lucas' - - -20000507 - - Remove references to SSLeay. - - Big OpenBSD CVS update - - markus@cvs.openbsd.org - [clientloop.c] - - typo - [session.c] - - update proctitle on pty alloc/dealloc, e.g. w/ windows client - [session.c] - - update proctitle for proto 1, too - [channels.h nchan.c serverloop.c session.c sshd.c] - - use c-style comments - - deraadt@cvs.openbsd.org - [scp.c] - - more atomicio - - markus@cvs.openbsd.org - [channels.c] - - set O_NONBLOCK - [ssh.1] - - update AUTHOR - [readconf.c ssh-keygen.c ssh.h] - - default DSA key file ~/.ssh/id_dsa - [clientloop.c] - - typo, rm verbose debug - - deraadt@cvs.openbsd.org - [ssh-keygen.1] - - document DSA use of ssh-keygen - [sshd.8] - - a start at describing what i understand of the DSA side - [ssh-keygen.1] - - document -X and -x - [ssh-keygen.c] - - simplify usage - - markus@cvs.openbsd.org - [sshd.8] - - there is no rhosts_dsa - [ssh-keygen.1] - - document -y, update -X,-x - [nchan.c] - - fix close for non-open ssh1 channels - [servconf.c servconf.h ssh.h sshd.8 sshd.c ] - - s/DsaKey/HostDSAKey/, document option - [sshconnect2.c] - - respect number_of_password_prompts - [channels.c channels.h servconf.c servconf.h session.c sshd.8] - - GatewayPorts for sshd, ok deraadt@ - [ssh-add.1 ssh-agent.1 ssh.1] - - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 - [ssh.1] - - more info on proto 2 - [sshd.8] - - sync AUTHOR w/ ssh.1 - [key.c key.h sshconnect.c] - - print key type when talking about host keys - [packet.c] - - clear padding in ssh2 - [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] - - replace broken uuencode w/ libc b64_ntop - [auth2.c] - - log failure before sending the reply - [key.c radix.c uuencode.c] - - remote trailing comments before calling __b64_pton - [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] - [sshconnect2.c sshd.8] - - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 - - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) - -20000502 - - OpenBSD CVS update - [channels.c] - - init all fds, close all fds. - [sshconnect2.c] - - check whether file exists before asking for passphrase - [servconf.c servconf.h sshd.8 sshd.c] - - PidFile, pr 1210 - [channels.c] - - EINTR - [channels.c] - - unbreak, ok niels@ - [sshd.c] - - unlink pid file, ok niels@ - [auth2.c] - - Add missing #ifdefs; ok - markus - - Add Andre Lucas' patch to read entropy - gathering commands from a text file - - Release 2.0.0beta1 - -20000501 - - OpenBSD CVS update - [packet.c] - - send debug messages in SSH2 format - [scp.c] - - fix very rare EAGAIN/EINTR issues; based on work by djm - [packet.c] - - less debug, rm unused - [auth2.c] - - disable kerb,s/key in ssh2 - [sshd.8] - - Minor tweaks and typo fixes. - [ssh-keygen.c] - - Put -d into usage and reorder. markus ok. - - Include missing headers for OpenSSL tests. Fix from Phil Karn - - - Fixed __progname symbol collisions reported by Andre Lucas - - - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering - - - Add some missing ifdefs to auth2.c - - Deprecate perl-tk askpass. - - Irix portability fixes - don't include netinet headers more than once - - Make sure we don't save PRNG seed more than once - -20000430 - - Merge HP-UX fixes and TCB support from Ged Lodder - - Integrate Andre Lucas' entropy collection - patch. - - Adds timeout to entropy collection - - Disables slow entropy sources - - Load and save seed file - - Changed entropy seed code to user per-user seeds only (server seed is - saved in root's .ssh directory) - - Use atexit() and fatal cleanups to save seed on exit - - More OpenBSD updates: - [session.c] - - don't call chan_write_failed() if we are not writing - [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c] - - keysize warnings error() -> log() - -20000429 - - Merge big update to OpenSSH-2.0 from OpenBSD CVS - [README.openssh2] - - interop w/ F-secure windows client - - sync documentation - - ssh_host_dsa_key not ssh_dsa_key - [auth-rsa.c] - - missing fclose - [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] - [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] - [sshd.c uuencode.c uuencode.h authfile.h] - - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] - for trading keys with the real and the original SSH, directly from the - people who invented the SSH protocol. - [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] - [sshconnect1.c sshconnect2.c] - - split auth/sshconnect in one file per protocol version - [sshconnect2.c] - - remove debug - [uuencode.c] - - add trailing = - [version.h] - - OpenSSH-2.0 - [ssh-keygen.1 ssh-keygen.c] - - add -R flag: exit code indicates if RSA is alive - [sshd.c] - - remove unused - silent if -Q is specified - [ssh.h] - - host key becomes /etc/ssh_host_dsa_key - [readconf.c servconf.c ] - - ssh/sshd default to proto 1 and 2 - [uuencode.c] - - remove debug - [auth2.c ssh-keygen.c sshconnect2.c sshd.c] - - xfree DSA blobs - [auth2.c serverloop.c session.c] - - cleanup logging for sshd/2, respect PasswordAuth no - [sshconnect2.c] - - less debug, respect .ssh/config - [README.openssh2 channels.c channels.h] - - clientloop.c session.c ssh.c - - support for x11-fwding, client+server - -20000421 - - Merge fix from OpenBSD CVS - [ssh-agent.c] - - Fix memory leak per connection. Report from Andy Spiegl - via Debian bug #59926 - - Define __progname in session.c if libc doesn't - - Remove indentation on autoconf #include statements to avoid bug in - DEC Tru64 compiler. Report and fix from David Del Piero - - -20000420 - - Make fixpaths work with perl4, patch from Andre Lucas - - - Sync with OpenBSD CVS: - [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c] - - pid_t - [session.c] - - remove bogus chan_read_failed. this could cause data - corruption (missing data) at end of a SSH2 session. - - Merge fixes from Debian patch from Phil Hands - - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE) - - Use vhangup to clean up Linux ttys - - Force posix getopt processing on GNU libc systems - - Debian bug #55910 - remove references to ssl(8) manpages - - Debian bug #58031 - ssh_config lies about default cipher - -20000419 - - OpenBSD CVS updates - [channels.c] - - fix pr 1196, listen_port and port_to_connect interchanged - [scp.c] - - after completion, replace the progress bar ETA counter with a final - elapsed time; my idea, aaron wrote the patch - [ssh_config sshd_config] - - show 'Protocol' as an example, ok markus@ - [sshd.c] - - missing xfree() - - Add missing header to bsd-misc.c - -20000416 - - Reduce diff against OpenBSD source - - All OpenSSL includes are now unconditionally referenced as - openssl/foo.h - - Pick up formatting changes - - Other minor changed (typecasts, etc) that I missed - -20000415 - - OpenBSD CVS updates. - [ssh.1 ssh.c] - - ssh -2 - [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] - [session.c sshconnect.c] - - check payload for (illegal) extra data - [ALL] - whitespace cleanup - -20000413 - - INSTALL doc updates - - Merged OpenBSD updates to include paths. - -20000412 - - OpenBSD CVS updates: - - [channels.c] - repair x11-fwd - - [sshconnect.c] - fix passwd prompt for ssh2, less debugging output. - - [clientloop.c compat.c dsa.c kex.c sshd.c] - less debugging output - - [kex.c kex.h sshconnect.c sshd.c] - check for reasonable public DH values - - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c] - [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c] - add Cipher and Protocol options to ssh/sshd, e.g.: - ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers - arcfour,3des-cbc' - - [sshd.c] - print 1.99 only if server supports both - -20000408 - - Avoid some compiler warnings in fake-get*.c - - Add IPTOS macros for systems which lack them - - Only set define entropy collection macros if they are found - - More large OpenBSD CVS updates: - - [auth.c auth.h servconf.c servconf.h serverloop.c session.c] - [session.h ssh.h sshd.c README.openssh2] - ssh2 server side, see README.openssh2; enable with 'sshd -2' - - [channels.c] - no adjust after close - - [sshd.c compat.c ] - interop w/ latest ssh.com windows client. - -20000406 - - OpenBSD CVS update: - - [channels.c] - close efd on eof - - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h] - ssh2 client implementation, interops w/ ssh.com and lsh servers. - - [sshconnect.c] - missing free. - - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c] - remove unused argument, split cipher_mask() - - [clientloop.c] - re-order: group ssh1 vs. ssh2 - - Make Redhat spec require openssl >= 0.9.5a - -20000404 - - Add tests for RAND_add function when searching for OpenSSL - - OpenBSD CVS update: - - [packet.h packet.c] - ssh2 packet format - - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c] - [channels.h channels.c] - channel layer support for ssh2 - - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h] - DSA, keyexchange, algorithm agreement for ssh2 - - Generate manpages before make install not at the end of make all - - Don't seed the rng quite so often - - Always reseed rng when requested - -20000403 - - Wrote entropy collection routines for systems that lack /dev/random - and EGD - - Disable tests and typedefs for 64 bit types. They are currently unused. - -20000401 - - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure) - - [auth.c session.c sshd.c auth.h] - split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal - - [bufaux.c bufaux.h] - support ssh2 bignums - - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c] - [readconf.c ssh.c ssh.h serverloop.c] - replace big switch() with function tables (prepare for ssh2) - - [ssh2.h] - ssh2 message type codes - - [sshd.8] - reorder Xr to avoid cutting - - [serverloop.c] - close(fdin) if fdin != fdout, shutdown otherwise, ok theo@ - - [channels.c] - missing close - allow bigger packets - - [cipher.c cipher.h] - support ssh2 ciphers - - [compress.c] - cleanup, less code - - [dispatch.c dispatch.h] - function tables for different message types - - [log-server.c] - do not log() if debuggin to stderr - rename a cpp symbol, to avoid param.h collision - - [mpaux.c] - KNF - - [nchan.c] - sync w/ channels.c - -20000326 - - Better tests for OpenSSL w/ RSAref - - Added replacement setenv() function from OpenBSD libc. Suggested by - Ben Lindstrom - - OpenBSD CVS update - - [auth-krb4.c] - -Wall - - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] - [match.h ssh.c ssh.h sshconnect.c sshd.c] - initial support for DSA keys. ok deraadt@, niels@ - - [cipher.c cipher.h] - remove unused cipher_attack_detected code - - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] - Fix some formatting problems I missed before. - - [ssh.1 sshd.8] - fix spelling errors, From: FreeBSD - - [ssh.c] - switch to raw mode only if he _get_ a pty (not if we _want_ a pty). - -20000324 - - Released 1.2.3 - -20000317 - - Clarified --with-default-path option. - - Added -blibpath handling for AIX to work around stupid runtime linking. - Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble - - - Checks for 64 bit int types. Problem report from Mats Fredholm - - - OpenBSD CVS updates: - - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] - [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c] - [sshd.c] - pedantic: signed vs. unsigned, void*-arithm, etc - - [ssh.1 sshd.8] - Various cleanups and standardizations. - - Runtime error fix for HPUX from Otmar Stahl - - -20000316 - - Fixed configure not passing LDFLAGS to Solaris. Report from David G. - Hesprich - - Propogate LD through to Makefile - - Doc cleanups - - Added blurb about "scp: command not found" errors to UPGRADING - -20000315 - - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list - problems with gcc/Solaris. - - Don't free argument to putenv() after use (in setenv() replacement). - Report from Seigo Tanimura - - Created contrib/ subdirectory. Included helpers from Phil Hands' - Debian package, README file and chroot patch from Ricardo Cerqueira - - - Moved gnome-ssh-askpass.c to contrib directory and removed config - option. - - Slight cleanup to doc files - - Configure fix from Bratislav ILICH - -20000314 - - Include macro for IN6_IS_ADDR_V4MAPPED. Report from - peter@frontierflying.com - - Include /usr/local/include and /usr/local/lib for systems that don't - do it themselves - - -R/usr/local/lib for Solaris - - Fix RSAref detection - - Fix IN6_IS_ADDR_V4MAPPED macro - -20000311 - - Detect RSAref - - OpenBSD CVS change - [sshd.c] - - disallow guessing of root password - - More configure fixes - - IPv6 workarounds from Hideaki YOSHIFUJI - -20000309 - - OpenBSD CVS updates to v1.2.3 - [ssh.h atomicio.c] - - int atomicio -> ssize_t (for alpha). ok deraadt@ - [auth-rsa.c] - - delay MD5 computation until client sends response, free() early, cleanup. - [cipher.c] - - void* -> unsigned char*, ok niels@ - [hostfile.c] - - remove unused variable 'len'. fix comments. - - remove unused variable - [log-client.c log-server.c] - - rename a cpp symbol, to avoid param.h collision - [packet.c] - - missing xfree() - - getsockname() requires initialized tolen; andy@guildsoftware.com - - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; - from Holger.Trapp@Informatik.TU-Chemnitz.DE - [pty.c pty.h] - - register cleanup for pty earlier. move code for pty-owner handling to - pty.c ok provos@, dugsong@ - [readconf.c] - - turn off x11-fwd for the client, too. - [rsa.c] - - PKCS#1 padding - [scp.c] - - allow '.' in usernames; from jedgar@fxp.org - [servconf.c] - - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de - - sync with sshd_config - [ssh-keygen.c] - - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ - [ssh.1] - - Change invalid 'CHAT' loglevel to 'VERBOSE' - [ssh.c] - - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp - - turn off x11-fwd for the client, too. - [sshconnect.c] - - missing xfree() - - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. - - read error vs. "Connection closed by remote host" - [sshd.8] - - ie. -> i.e., - - do not link to a commercial page.. - - sync with sshd_config - [sshd.c] - - no need for poll.h; from bright@wintelcom.net - - log with level log() not fatal() if peer behaves badly. - - don't panic if client behaves strange. ok deraadt@ - - make no-port-forwarding for RSA keys deny both -L and -R style fwding - - delay close() of pty until the pty has been chowned back to root - - oops, fix comment, too. - - missing xfree() - - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. - (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) - - register cleanup for pty earlier. move code for pty-owner handling to - pty.c ok provos@, dugsong@ - - create x11 cookie file - - fix pr 1113, fclose() -> pclose(), todo: remote popen() - - version 1.2.3 - - Cleaned up - - Removed warning workaround for Linux and devpts filesystems (no longer - required after OpenBSD updates) - -20000308 - - Configure fix from Hiroshi Takekawa - -20000307 - - Released 1.2.2p1 - -20000305 - - Fix DEC compile fix - - Explicitly seed OpenSSL's PRNG before checking rsa_alive() - - Check for getpagesize in libucb.a if not found in libc. Fix for old - Solaris from Andre Lucas - - Check for libwrap if --with-tcp-wrappers option specified. Suggestion - Mate Wierdl - -20000303 - - Added "make host-key" target, Suggestion from Dominik Brettnacher - - - Don't permanently fail on bind() if getaddrinfo has more choices left for - us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz - Miskiewicz - - DEC Unix compile fix from David Del Piero - - Manpage fix from David Del Piero - -20000302 - - Big cleanup of autoconf code - - Rearranged to be a little more logical - - Added -R option for Solaris - - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program - to detect library and header location _and_ ensure library has proper - RSA support built in (this is a problem with OpenSSL 0.9.5). - - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de - - Avoid warning message with Unix98 ptys - - Warning was valid - possible race condition on PTYs. Avoided using - platform-specific code. - - Document some common problems - - Allow root access to any key. Patch from - markus.friedl@informatik.uni-erlangen.de - -20000207 - - Removed SOCKS code. Will support through a ProxyCommand. - -20000203 - - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu - - Add --with-ssl-dir option - -20000202 - - Fix lastlog code for directory based lastlogs. Fix from Josh Durham - - - Documentation fixes from HARUYAMA Seigo - - Added URLs to Japanese translations of documents by HARUYAMA Seigo - - -20000201 - - Use socket pairs by default (instead of pipes). Prevents race condition - on several (buggy) OSs. Report and fix from tridge@linuxcare.com - -20000127 - - Seed OpenSSL's random number generator before generating RSA keypairs - - Split random collector into seperate file - - Compile fix from Andre Lucas - -20000126 - - Released 1.2.2 stable - - - NeXT keeps it lastlog in /usr/adm. Report from - mouring@newton.pconline.com - - Added note in UPGRADING re interop with commercial SSH using idea. - Report from Jim Knoble - - Fix linking order for Kerberos/AFS. Fix from Holget Trapp - - -20000125 - - Fix NULL pointer dereference in login.c. Fix from Andre Lucas - - - Reorder PAM initialisation so it does not mess up lastlog. Reported - by Andre Lucas - - Use preformatted manpages on SCO, report from Gary E. Miller - - - New URL for x11-ssh-askpass. - - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble - - - Added 'DESTDIR' option to Makefile to ease package building. Patch from - Jim Knoble - - Updated RPM spec files to use DESTDIR - -20000124 - - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number - increment) - -20000123 - - OpenBSD CVS: - - [packet.c] - getsockname() requires initialized tolen; andy@guildsoftware.com - - AIX patch from Matt Richards and David Rankin - - - Fix lastlog support, patch from Andre Lucas - -20000122 - - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor - - - Merge preformatted manpage patch from Andre Lucas - - - Make IPv4 use the default in RPM packages - - Irix uses preformatted manpages - - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp - - - OpenBSD CVS updates: - - [packet.c] - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; - from Holger.Trapp@Informatik.TU-Chemnitz.DE - - [sshd.c] - log with level log() not fatal() if peer behaves badly. - - [readpass.c] - instead of blocking SIGINT, catch it ourselves, so that we can clean - the tty modes up and kill ourselves -- instead of our process group - leader (scp, cvs, ...) going away and leaving us in noecho mode. - people with cbreak shells never even noticed.. - - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] - ie. -> i.e., - -20000120 - - Don't use getaddrinfo on AIX - - Update to latest OpenBSD CVS: - - [auth-rsa.c] - - fix user/1056, sshd keeps restrictions; dbt@meat.net - - [sshconnect.c] - - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - - destroy keys earlier - - split key exchange (kex) and user authentication (user-auth), - ok: provos@ - - [sshd.c] - - no need for poll.h; from bright@wintelcom.net - - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - - split key exchange (kex) and user authentication (user-auth), - ok: provos@ - - Big manpage and config file cleanup from Andre Lucas - - - Re-added latest (unmodified) OpenBSD manpages - - Doc updates - - NetBSD patch from David Rankin and - Christos Zoulas - -20000119 - - SCO compile fixes from Gary E. Miller - - Compile fix from Darren_Hall@progressive.com - - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC - addresses using getaddrinfo(). Added a configure switch to make the - default lookup mode AF_INET - -20000118 - - Fixed --with-pid-dir option - - Makefile fix from Gary E. Miller - - Compile fix for HPUX and Solaris from Andre Lucas - - -20000117 - - Clean up bsd-bindresvport.c. Use arc4random() for picking initial - port, ignore EINVAL errors (Linux) when searching for free port. - - Revert __snprintf -> snprintf aliasing. Apparently Solaris - __snprintf isn't. Report from Theo de Raadt - - Document location of Redhat PAM file in INSTALL. - - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6 - INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to - deliver (no IPv6 kernel support) - - Released 1.2.1pre27 - - - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c) - - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen - - - Fix hang on logout if processes are still using the pty. Needs - further testing. - - Patch from Christos Zoulas - - Try $prefix first when looking for OpenSSL. - - Include sys/types.h when including sys/socket.h in test programs - - Substitute PID directory in sshd.8. Suggestion from Andrew - Stribblehill - -20000116 - - Renamed --with-xauth-path to --with-xauth - - Added --with-pid-dir option - - Released 1.2.1pre26 - - - Compilation fix from Kiyokazu SUTO - - Fixed broken bugfix for /dev/ptmx on Linux systems which lack - openpty(). Report from Kiyokazu SUTO - -20000115 - - Add --with-xauth-path configure directive and explicit test for - /usr/openwin/bin/xauth for Solaris systems. Report from Anders - Nordby - - Fix incorrect detection of /dev/ptmx on Linux systems that lack - openpty. Report from John Seifarth - - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in - sys/types.h. Fixes problems on SCO, report from Gary E. Miller - - - Use __snprintf and __vnsprintf if they are found where snprintf and - vnsprintf are lacking. Suggested by Ben Taylor - and others. - -20000114 - - Merged OpenBSD IPv6 patch: - - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1] - [scp.c packet.h packet.c login.c log.c canohost.c channels.c] - [hostfile.c sshd_config] - ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new - features: sshd allows multiple ListenAddress and Port options. note - that libwrap is not IPv6-ready. (based on patches from - fujiwara@rcac.tdi.co.jp) - - [ssh.c canohost.c] - more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, - from itojun@ - - [channels.c] - listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE) - - [packet.h] - allow auth-kerberos for IPv4 only - - [scp.1 sshd.8 servconf.h scp.c] - document -4, -6, and 'ssh -L 2022/::1/22' - - [ssh.c] - 'ssh @host' is illegal (null user name), from - karsten@gedankenpolizei.de - - [sshconnect.c] - better error message - - [sshd.c] - allow auth-kerberos for IPv4 only - - Big IPv6 merge: - - Cleanup overrun in sockaddr copying on RHL 6.1 - - Replacements for getaddrinfo, getnameinfo, etc based on versions - from patch from KIKUCHI Takahiro - - Replacement for missing structures on systems that lack IPv6 - - record_login needed to know about AF_INET6 addresses - - Borrowed more code from OpenBSD: rresvport_af and requisites - -20000110 - - Fixes to auth-skey to enable it to use the standard OpenSSL libraries - -20000107 - - New config.sub and config.guess to fix problems on SCO. Supplied - by Gary E. Miller - - SCO build fix from Gary E. Miller - - Released 1.2.1pre25 - -20000106 - - Documentation update & cleanup - - Better KrbIV / AFS detection, based on patch from: - Holger Trapp - -20000105 - - Fixed annoying DES corruption problem. libcrypt has been - overriding symbols in libcrypto. Removed libcrypt and crypt.h - altogether (libcrypto includes its own crypt(1) replacement) - - Added platform-specific rules for Irix 6.x. Included warning that - they are untested. - -20000103 - - Add explicit make rules for files proccessed by fixpaths. - - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori - - - Removed "nullok" directive from default PAM configuration files. - Added information on enabling EmptyPasswords on openssh+PAM in - UPGRADING file. - - OpenBSD CVS updates - - [ssh-agent.c] - cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and - dgaudet@arctic.org - - [sshconnect.c] - compare correct version for 1.3 compat mode - -20000102 - - Prevent multiple inclusion of config.h and defines.h. Suggested - by Andre Lucas - - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet - - -19991231 - - Fix password support on systems with a mixture of shadowed and - non-shadowed passwords (e.g. NIS). Report and fix from - HARUYAMA Seigo - - Fix broken autoconf typedef detection. Report from Marc G. - Fournier - - Fix occasional crash on LinuxPPC. Patch from Franz Sirl - - - Prevent typedefs from being compiled more than once. Report from - Marc G. Fournier - - Fill in ut_utaddr utmp field. Report from Benjamin Charron - - - Really fix broken default path. Fix from Jim Knoble - - - Remove test for quad_t. No longer needed. - - Released 1.2.1pre24 - - - Added support for directory-based lastlogs - - Really fix typedefs, patch from Ben Taylor - -19991230 - - OpenBSD CVS updates: - - [auth-passwd.c] - check for NULL 1st - - Removed most of the pam code into its own file auth-pam.[ch]. This - cleaned up sshd.c up significantly. - - PAM authentication was incorrectly interpreting - "PermitRootLogin without-password". Report from Matthias Andree - - - Updated documentation with ./configure options - - Released 1.2.1pre23 - -19991229 - - Applied another NetBSD portability patch from David Rankin - - - Fix --with-default-path option. - - Autodetect perl, patch from David Rankin - - - Print whether OpenSSH was compiled with RSARef, patch from - Nalin Dahyabhai - - Calls to pam_setcred, patch from Nalin Dahyabhai - - - Detect missing size_t and typedef it. - - Rename helper.[ch] to (more appropriate) bsd-misc.[ch] - - Minor Makefile cleaning - -19991228 - - Replacement for getpagesize() for systems which lack it - - NetBSD login.c compile fix from David Rankin - - - Fully set ut_tv if present in utmp or utmpx - - Portability fixes for Irix 5.3 (now compiles OK!) - - autoconf and other misc cleanups - - Merged AIX patch from Darren Hall - - Cleaned up defines.h - - Released 1.2.1pre22 - -19991227 - - Automatically correct paths in manpages and configuration files. Patch - and script from Andre Lucas - - Removed credits from README to CREDITS file, updated. - - Added --with-default-path to specify custom path for server - - Removed #ifdef trickery from acconfig.h into defines.h - - PAM bugfix. PermitEmptyPassword was being ignored. - - Fixed PAM config files to allow empty passwords if server does. - - Explained spurious PAM auth warning workaround in UPGRADING - - Use last few chars of tty line as ut_id - - New SuSE RPM spec file from Chris Saia - - OpenBSD CVS updates: - - [packet.h auth-rhosts.c] - check format string for packet_disconnect and packet_send_debug, too - - [channels.c] - use packet_get_maxsize for channels. consistence. - -19991226 - - Enabled utmpx support by default for Solaris - - Cleanup sshd.c PAM a little more - - Revised RPM package to include Jim Knoble's - X11 ssh-askpass program. - - Disable logging of PAM success and failures, PAM is verbose enough. - Unfortunatly there is currently no way to disable auth failure - messages. Mention this in UPGRADING file and sent message to PAM - developers - - OpenBSD CVS update: - - [ssh-keygen.1 ssh.1] - remove ref to .ssh/random_seed, mention .ssh/environment in - .Sh FILES, too - - Released 1.2.1pre21 - - Fixed implicit '.' in default path, report from Jim Knoble - - - Redhat RPM spec fixes from Jim Knoble - -19991225 - - More fixes from Andre Lucas - - Cleanup of auth-passwd.c for shadow and MD5 passwords - - Cleanup and bugfix of PAM authentication code - - Released 1.2.1pre20 - - - Merged fixes from Ben Taylor - - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk> - - Disabled logging of PAM password authentication failures when password - is empty. (e.g start of authentication loop). Reported by Naz - <96na@eng.cam.ac.uk>) - -19991223 - - Merged later HPUX patch from Andre Lucas - - - Above patch included better utmpx support from Ben Taylor - - -19991222 - - Fix undefined fd_set type in ssh.h from Povl H. Pedersen - - - Fix login.c breakage on systems which lack ut_host in struct - utmp. Reported by Willard Dawson - -19991221 - - Integration of large HPUX patch from Andre Lucas - . Integrating it had a few other - benefits: - - Ability to disable shadow passwords at configure time - - Ability to disable lastlog support at configure time - - Support for IP address in $DISPLAY - - OpenBSD CVS update: - - [sshconnect.c] - say "REMOTE HOST IDENTIFICATION HAS CHANGED" - - Fix DISABLE_SHADOW support - - Allow MD5 passwords even if shadow passwords are disabled - - Release 1.2.1pre19 - -19991218 - - Redhat init script patch from Chun-Chung Chen - - - Avoid breakage on systems without IPv6 headers - -19991216 - - Makefile changes for Solaris from Peter Kocks - - - Minor updates to docs - - Merged OpenBSD CVS changes: - - [authfd.c ssh-agent.c] - keysize warnings talk about identity files - - [packet.c] - "Connection closed by x.x.x.x": fatal() -> log() - - Correctly handle empty passwords in shadow file. Patch from: - "Chris, the Young One" - - Released 1.2.1pre18 - -19991215 - - Integrated patchs from Juergen Keil - - Avoid void* pointer arithmatic - - Use LDFLAGS correctly - - Fix SIGIO error in scp - - Simplify status line printing in scp - - Added better test for inline functions compiler support from - Darren_Hall@progressive.com - -19991214 - - OpenBSD CVS Changes - - [canohost.c] - fix get_remote_port() and friends for sshd -i; - Holger.Trapp@Informatik.TU-Chemnitz.DE - - [mpaux.c] - make code simpler. no need for memcpy. niels@ ok - - [pty.c] - namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org - fix proto; markus - - [ssh.1] - typo; mark.baushke@solipsa.com - - [channels.c ssh.c ssh.h sshd.c] - type conflict for 'extern Type *options' in channels.c; dot@dotat.at - - [sshconnect.c] - move checking of hostkey into own function. - - [version.h] - OpenSSH-1.2.1 - - Clean up broken includes in pty.c - - Some older systems don't have poll.h, they use sys/poll.h instead - - Doc updates - -19991211 - - Fix compilation on systems with AFS. Reported by - aloomis@glue.umd.edu - - Fix installation on Solaris. Reported by - Gordon Rowell - - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com, - patch from Markus Friedl - - Auto-locate xauth. Patch from David Agraz - - Compile fix from David Agraz - - Avoid compiler warning in bsd-snprintf.c - - Added pam_limits.so to default PAM config. Suggested by - Jim Knoble - -19991209 - - Import of patch from Ben Taylor : - - Improved PAM support - - "uninstall" rule for Makefile - - utmpx support - - Should fix PAM problems on Solaris - - OpenBSD CVS updates: - - [readpass.c] - avoid stdio; based on work by markus, millert, and I - - [sshd.c] - make sure the client selects a supported cipher - - [sshd.c] - fix sighup handling. accept would just restart and daemon handled - sighup only after the next connection was accepted. use poll on - listen sock now. - - [sshd.c] - make that a fatal - - Applied patch from David Rankin - to fix libwrap support on NetBSD - - Released 1.2pre17 - -19991208 - - Compile fix for Solaris with /dev/ptmx from - David Agraz - -19991207 - - sshd Redhat init script patch from Jim Knoble - fixes compatability with 4.x and 5.x - - Fixed default SSH_ASKPASS - - Fix PAM account and session being called multiple times. Problem - reported by Adrian Baugh - - Merged more OpenBSD changes: - - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c] - move atomicio into it's own file. wrap all socket write()s which - were doing write(sock, buf, len) != len, with atomicio() calls. - - [auth-skey.c] - fd leak - - [authfile.c] - properly name fd variable - - [channels.c] - display great hatred towards strcpy - - [pty.c pty.h sshd.c] - use openpty() if it exists (it does on BSD4_4) - - [tildexpand.c] - check for ~ expansion past MAXPATHLEN - - Modified helper.c to use new atomicio function. - - Reformat Makefile a little - - Moved RC4 routines from rc4.[ch] into helper.c - - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX) - - Updated SuSE spec from Chris Saia - - Tweaked Redhat spec - - Clean up bad imports of a few files (forgot -kb) - - Released 1.2pre16 - -19991204 - - Small cleanup of PAM code in sshd.c - - Merged OpenBSD CVS changes: - - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h] - move skey-auth from auth-passwd.c to auth-skey.c, same for krb4 - - [auth-rsa.c] - warn only about mismatch if key is _used_ - warn about keysize-mismatch with log() not error() - channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c - ports are u_short - - [hostfile.c] - indent, shorter warning - - [nchan.c] - use error() for internal errors - - [packet.c] - set loglevel for SSH_MSG_DISCONNECT to log(), not fatal() - serverloop.c - indent - - [ssh-add.1 ssh-add.c ssh.h] - document $SSH_ASKPASS, reasonable default - - [ssh.1] - CheckHostIP is not available for connects via proxy command - - [sshconnect.c] - typo - easier to read client code for passwd and skey auth - turn of checkhostip for proxy connects, since we don't know the remote ip - -19991126 - - Add definition for __P() - - Added [v]snprintf() replacement for systems that lack it - -19991125 - - More reformatting merged from OpenBSD CVS - - Merged OpenBSD CVS changes: - - [channels.c] - fix packet_integrity_check() for !have_hostname_in_open. - report from mrwizard@psu.edu via djm@ibs.com.au - - [channels.c] - set SO_REUSEADDR and SO_LINGER for forwarded ports. - chip@valinux.com via damien@ibs.com.au - - [nchan.c] - it's not an error() if shutdown_write failes in nchan. - - [readconf.c] - remove dead #ifdef-0-code - - [readconf.c servconf.c] - strcasecmp instead of tolower - - [scp.c] - progress meter overflow fix from damien@ibs.com.au - - [ssh-add.1 ssh-add.c] - SSH_ASKPASS support - - [ssh.1 ssh.c] - postpone fork_after_authentication until command execution, - request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au - plus: use daemon() for backgrounding - - Added BSD compatible install program and autoconf test, thanks to - Niels Kristian Bech Jensen - - Solaris fixing, thanks to Ben Taylor - - Merged beginnings of AIX support from Tor-Ake Fransson - - Release 1.2pre15 - -19991124 - - Merged very large OpenBSD source code reformat - - OpenBSD CVS updates - - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] - [ssh.h sshd.8 sshd.c] - syslog changes: - * Unified Logmessage for all auth-types, for success and for failed - * Standard connections get only ONE line in the LOG when level==LOG: - Auth-attempts are logged only, if authentication is: - a) successfull or - b) with passwd or - c) we had more than AUTH_FAIL_LOG failues - * many log() became verbose() - * old behaviour with level=VERBOSE - - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] - tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE - messages. allows use of s/key in windows (ttssh, securecrt) and - ssh-1.2.27 clients without 'ssh -v', ok: niels@ - - [sshd.8] - -V, for fallback to openssh in SSH2 compatibility mode - - [sshd.c] - fix sigchld race; cjc5@po.cwru.edu - -19991123 - - Added SuSE package files from Chris Saia - - Restructured package-related files under packages/* - - Added generic PAM config - - Numerous little Solaris fixes - - Add recommendation to use GNU make to INSTALL document - -19991122 - - Make close gnome-ssh-askpass (Debian bug #50299) - - OpenBSD CVS Changes - - [ssh-keygen.c] - don't create ~/.ssh only if the user wants to store the private - key there. show fingerprint instead of public-key after - keygeneration. ok niels@ - - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h - - Added timersub() macro - - Tidy RCSIDs of bsd-*.c - - Added autoconf test and macro to deal with old PAM libraries - pam_strerror definition (one arg vs two). - - Fix EGD problems (Thanks to Ben Taylor ) - - Retry /dev/urandom reads interrupted by signal (report from - Robert Hardy ) - - Added a setenv replacement for systems which lack it - - Only display public key comment when presenting ssh-askpass dialog - - Released 1.2pre14 - - - Configure, Make and changelog corrections from Tudor Bosman - and Niels Kristian Bech Jensen - -19991121 - - OpenBSD CVS Changes: - - [channels.c] - make this compile, bad markus - - [log.c readconf.c servconf.c ssh.h] - bugfix: loglevels are per host in clientconfig, - factor out common log-level parsing code. - - [servconf.c] - remove unused index (-Wall) - - [ssh-agent.c] - only one 'extern char *__progname' - - [sshd.8] - document SIGHUP, -Q to synopsis - - [sshconnect.c serverloop.c sshd.c packet.c packet.h] - [channels.c clientloop.c] - SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@ - [hope this time my ISP stays alive during commit] - - [OVERVIEW README] typos; green@freebsd - - [ssh-keygen.c] - replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me) - exit if writing the key fails (no infinit loop) - print usage() everytime we get bad options - - [ssh-keygen.c] overflow, djm@mindrot.org - - [sshd.c] fix sigchld race; cjc5@po.cwru.edu - -19991120 - - Merged more Solaris support from Marc G. Fournier - - - Wrote autoconf tests for integer bit-types - - Fixed enabling kerberos support - - Fix segfault in ssh-keygen caused by buffer overrun in filename - handling. - -19991119 - - Merged PAM buffer overrun patch from Chip Salzenberg - - Merged OpenBSD CVS changes - - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c] - more %d vs. %s in fmt-strings - - [authfd.c] - Integers should not be printed with %s - - EGD uses a socket, not a named pipe. Duh. - - Fix includes in fingerprint.c - - Fix scp progress bar bug again. - - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of - David Rankin - - Added autoconf option to enable Kerberos 4 support (untested) - - Added autoconf option to enable AFS support (untested) - - Added autoconf option to enable S/Key support (untested) - - Added autoconf option to enable TCP wrappers support (compiles OK) - - Renamed BSD helper function files to bsd-* - - Added tests for login and daemon and enable OpenBSD replacements for - when they are absent. - - Added non-PAM MD5 password support patch from Tudor Bosman - -19991118 - - Merged OpenBSD CVS changes - - [scp.c] foregroundproc() in scp - - [sshconnect.h] include fingerprint.h - - [sshd.c] bugfix: the log() for passwd-auth escaped during logging - changes. - - [ssh.1] Spell my name right. - - Added openssh.com info to README - -19991117 - - Merged OpenBSD CVS changes - - [ChangeLog.Ylonen] noone needs this anymore - - [authfd.c] close-on-exec for auth-socket, ok deraadt - - [hostfile.c] - in known_hosts key lookup the entry for the bits does not need - to match, all the information is contained in n and e. This - solves the problem with buggy servers announcing the wrong - modulus length. markus and me. - - [serverloop.c] - bugfix: check for space if child has terminated, from: - iedowse@maths.tcd.ie - - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] - [fingerprint.c fingerprint.h] - rsa key fingerprints, idea from Bjoern Groenvall - - [ssh-agent.1] typo - - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - - [sshd.c] - force logging to stderr while loading private key file - (lost while converting to new log-levels) - -19991116 - - Fix some Linux libc5 problems reported by Miles Wilson - - Merged OpenBSD CVS changes: - - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] - [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] - the keysize of rsa-parameter 'n' is passed implizit, - a few more checks and warnings about 'pretended' keysizes. - - [cipher.c cipher.h packet.c packet.h sshd.c] - remove support for cipher RC4 - - [ssh.c] - a note for legay systems about secuity issues with permanently_set_uid(), - the private hostkey and ptrace() - - [sshconnect.c] - more detailed messages about adding and checking hostkeys - -19991115 - - Merged OpenBSD CVS changes: - - [ssh-add.c] change passphrase loop logic and remove ref to - $DISPLAY, ok niels - - Changed to ssh-add.c broke askpass support. Revised it to be a little more - modular. - - Revised autoconf support for enabling/disabling askpass support. - - Merged more OpenBSD CVS changes: - [auth-krb4.c] - - disconnect if getpeername() fails - - missing xfree(*client) - [canohost.c] - - disconnect if getpeername() fails - - fix comment: we _do_ disconnect if ip-options are set - [sshd.c] - - disconnect if getpeername() fails - - move checking of remote port to central place - [auth-rhosts.c] move checking of remote port to central place - [log-server.c] avoid extra fd per sshd, from millert@ - [readconf.c] print _all_ bad config-options in ssh(1), too - [readconf.h] print _all_ bad config-options in ssh(1), too - [ssh.c] print _all_ bad config-options in ssh(1), too - [sshconnect.c] disconnect if getpeername() fails - - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it. - - Various small cleanups to bring diff (against OpenBSD) size down. - - Merged more Solaris compability from Marc G. Fournier - - - Wrote autoconf tests for __progname symbol - - RPM spec file fixes from Jim Knoble - - Released 1.2pre12 - - - Another OpenBSD CVS update: - - [ssh-keygen.1] fix .Xr - -19991114 - - Solaris compilation fixes (still imcomplete) - -19991113 - - Build patch from Niels Kristian Bech Jensen - - Don't install config files if they already exist - - Fix inclusion of additional preprocessor directives from acconfig.h - - Removed redundant inclusions of config.h - - Added 'Obsoletes' lines to RPM spec file - - Merged OpenBSD CVS changes: - - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels - - [scp.c] fix overflow reported by damien@ibs.com.au: off_t - totalsize, ok niels,aaron - - Delay fork (-f option) in ssh until after port forwarded connections - have been initialised. Patch from Jani Hakala - - Added shadow password patch from Thomas Neumann - - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled - - Tidied default config file some more - - Revised Redhat initscript to fix bug: sshd (re)start would fail - if executed from inside a ssh login. - -19991112 - - Merged changes from OpenBSD CVS - - [sshd.c] session_key_int may be zero - - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] - IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok - deraadt,millert - - Brought default sshd_config more in line with OpenBSD's - - Grab server in gnome-ssh-askpass (Debian bug #49872) - - Released 1.2pre10 - - - Added INSTALL documentation - - Merged yet more changes from OpenBSD CVS - - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c] - [ssh.c ssh.h sshconnect.c sshd.c] - make all access to options via 'extern Options options' - and 'extern ServerOptions options' respectively; - options are no longer passed as arguments: - * make options handling more consistent - * remove #include "readconf.h" from ssh.h - * readconf.h is only included if necessary - - [mpaux.c] clear temp buffer - - [servconf.c] print _all_ bad options found in configfile - - Make ssh-askpass support optional through autoconf - - Fix nasty division-by-zero error in scp.c - - Released 1.2pre11 - -19991111 - - Added (untested) Entropy Gathering Daemon (EGD) support - - Fixed /dev/urandom fd leak (Debian bug #49722) - - Merged OpenBSD CVS changes: - - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - - Fix integer overflow which was messing up scp's progress bar for large - file transfers. Fix submitted to OpenBSD developers. Report and fix - from Kees Cook - - Merged more OpenBSD CVS changes: - - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() - + krb-cleanup cleanup - - [clientloop.c log-client.c log-server.c ] - [readconf.c readconf.h servconf.c servconf.h ] - [ssh.1 ssh.c ssh.h sshd.8] - add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, - obsoletes QuietMode and FascistLogging in sshd. - - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au: - allow session_key_int != sizeof(session_key) - [this should fix the pre-assert-removal-core-files] - - Updated default config file to use new LogLevel option and to improve - readability - -19991110 - - Merged several minor fixes: - - ssh-agent commandline parsing - - RPM spec file now installs ssh setuid root - - Makefile creates libdir - - Merged beginnings of Solaris compability from Marc G. Fournier - - -19991109 - - Autodetection of SSL/Crypto library location via autoconf - - Fixed location of ssh-askpass to follow autoconf - - Integrated Makefile patch from Niels Kristian Bech Jensen - - Autodetection of RSAref library for US users - - Minor doc updates - - Merged OpenBSD CVS changes: - - [rsa.c] bugfix: use correct size for memset() - - [sshconnect.c] warn if announced size of modulus 'n' != real size - - Added GNOME passphrase requestor (use --with-gnome-askpass) - - RPM build now creates subpackages - - Released 1.2pre9 - -19991108 - - Removed debian/ directory. This is now being maintained separately. - - Added symlinks for slogin in RPM spec file - - Fixed permissions on manpages in RPM spec file - - Added references to required libraries in README file - - Removed config.h.in from CVS - - Removed pwdb support (better pluggable auth is provided by glibc) - - Made PAM and requisite libdl optional - - Removed lots of unnecessary checks from autoconf - - Added support and autoconf test for openpty() function (Unix98 pty support) - - Fix for scp not finding ssh if not installed as /usr/bin/ssh - - Added TODO file - - Merged parts of Debian patch From Phil Hands : - - Added ssh-askpass program - - Added ssh-askpass support to ssh-add.c - - Create symlinks for slogin on install - - Fix "distclean" target in makefile - - Added example for ssh-agent to manpage - - Added support for PAM_TEXT_INFO messages - - Disable internal /etc/nologin support if PAM enabled - - Merged latest OpenBSD CVS changes: - - [all] replace assert() with error, fatal or packet_disconnect - - [sshd.c] don't send fail-msg but disconnect if too many authentication - failures - - [sshd.c] remove unused argument. ok dugsong - - [sshd.c] typo - - [rsa.c] clear buffers used for encryption. ok: niels - - [rsa.c] replace assert() with error, fatal or packet_disconnect - - [auth-krb4.c] remove unused argument. ok dugsong - - Fixed coredump after merge of OpenBSD rsa.c patch - - Released 1.2pre8 - -19991102 - - Merged change from OpenBSD CVS - - One-line cleanup in sshd.c - -19991030 - - Integrated debian package support from Dan Brosemer - - Merged latest updates for OpenBSD CVS: - - channels.[ch] - remove broken x11 fix and document istate/ostate - - ssh-agent.c - call setsid() regardless of argv[] - - ssh.c - save a few lines when disabling rhosts-{rsa-}auth - - Documentation cleanups - - Renamed README -> README.Ylonen - - Renamed README.openssh ->README - -19991029 - - Renamed openssh* back to ssh* at request of Theo de Raadt - - Incorporated latest changes from OpenBSD's CVS - - Integrated Makefile patch from Niels Kristian Bech Jensen - - Integrated PAM env patch from Nalin Dahyabhai - - Make distclean now removed configure script - - Improved PAM logging - - Added some debug() calls for PAM - - Removed redundant subdirectories - - Integrated part of a patch from Dan Brosemer for - building on Debian. - - Fixed off-by-one error in PAM env patch - - Released 1.2pre6 - -19991028 - - Further PAM enhancements. - - Much cleaner - - Now uses account and session modules for all logins. - - Integrated patch from Dan Brosemer - - Build fixes - - Autoconf - - Change binary names to open* - - Fixed autoconf script to detect PAM on RH6.1 - - Added tests for libpwdb, and OpenBSD functions to autoconf - - Released 1.2pre4 - - - Imported latest OpenBSD CVS code - - Updated README.openssh - - Released 1.2pre5 - -19991027 - - Adapted PAM patch. - - Released 1.0pre2 - - - Excised my buggy replacements for strlcpy and mkdtemp - - Imported correct OpenBSD strlcpy and mkdtemp routines. - - Reduced arc4random_stir entropy read to 32 bytes (256 bits) - - Picked up correct version number from OpenBSD - - Added sshd.pam PAM configuration file - - Added sshd.init Redhat init script - - Added openssh.spec RPM spec file - - Released 1.2pre3 - -19991026 - - Fixed include paths of OpenSSL functions - - Use OpenSSL MD5 routines - - Imported RC4 code from nanocrypt - - Wrote replacements for OpenBSD arc4random* functions - - Wrote replacements for strlcpy and mkdtemp - - Released 1.0pre1 - $Id$