X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/ce49121d81b7f2f62e8ba334029d6403dc947fd5..8e3ce4dc2b44a9d672e7a3c65aadd689c275b1d9:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 066e0afd..6177d0e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,703 @@ +20020205 + - (djm) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2002/01/24 21:09:25 + [channels.c misc.c misc.h packet.c] + add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning). + no nagle changes just yet; ok djm@ markus@ + - stevesk@cvs.openbsd.org 2002/01/24 21:13:23 + [packet.c] + need misc.h for set_nodelay() + - markus@cvs.openbsd.org 2002/01/25 21:00:24 + [sshconnect2.c] + unused include + - markus@cvs.openbsd.org 2002/01/25 21:42:11 + [ssh-dss.c ssh-rsa.c] + use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ + don't use evp_md->md_size, it's not public. + - markus@cvs.openbsd.org 2002/01/25 22:07:40 + [kex.c kexdh.c kexgex.c key.c mac.c] + use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@ + - stevesk@cvs.openbsd.org 2002/01/26 16:44:22 + [includes.h session.c] + revert code to add x11 localhost display authorization entry for + hostname/unix:d and uts.nodename/unix:d if nodename was different than + hostname. just add entry for unix:d instead. ok markus@ + - stevesk@cvs.openbsd.org 2002/01/27 14:57:46 + [channels.c servconf.c servconf.h session.c sshd.8 sshd_config] + add X11UseLocalhost; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/27 18:08:17 + [ssh.c] + handle simple case to identify FamilyLocal display; ok markus@ + - markus@cvs.openbsd.org 2002/01/29 14:27:57 + [ssh-add.c] + exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@ + - markus@cvs.openbsd.org 2002/01/29 14:32:03 + [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c] + [servconf.c servconf.h session.c sshd.8 sshd_config] + s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; + ok stevesk@ + - stevesk@cvs.openbsd.org 2002/01/29 16:29:02 + [session.c] + limit subsystem length in log; ok markus@ + - markus@cvs.openbsd.org 2002/01/29 16:41:19 + [ssh-add.1] + add DIAGNOSTICS; ok stevesk@ + +20020130 + - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ + - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed. + [sshd_config] put back in line that tells what PATH was compiled into sshd. + +20020125 + - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't + and grabbing can cause deadlocks with kinput2. + +20020124 + - (stevesk) Makefile.in: bug #61; delete commented line for now. + +20020123 + - (djm) Fix non-standard shell syntax in autoconf. Patch from + Dave Dykstra + - (stevesk) fix --with-zlib= + - (djm) Use case statements in autoconf to clean up some tests + - (bal) reverted out of 5/2001 change to atexit(). I assume I + did it to handle SonyOS. If that is the case than we will + do a special case for them. + +20020122 + - (djm) autoconf hacking: + - We don't support --without-zlib currently, so don't allow it. + - Rework cryptographic random number support detection. We now detect + whether OpenSSL seeds itself. If it does, then we don't bother with + the ssh-rand-helper program. You can force the use of ssh-rand-helper + using the --with-rand-helper configure argument + - Simplify and clean up ssh-rand-helper configuration + - Add OpenSSL sanity check: verify that header version matches version + reported by library + - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2001/12/21 08:52:22 + [ssh-keygen.1 ssh-keygen.c] + Remove default (rsa1) key type; ok markus@ + - djm@cvs.openbsd.org 2001/12/21 08:53:45 + [readpass.c] + Avoid interruptable passphrase read; ok markus@ + - djm@cvs.openbsd.org 2001/12/21 10:06:43 + [ssh-add.1 ssh-add.c] + Try all standard key files (id_rsa, id_dsa, identity) when invoked with + no arguments; ok markus@ + - markus@cvs.openbsd.org 2001/12/21 12:17:33 + [serverloop.c] + remove ifdef for USE_PIPES since fdin != fdout; ok djm@ + - deraadt@cvs.openbsd.org 2001/12/24 07:29:43 + [ssh-add.c] + try all listed keys.. how did this get broken? + - markus@cvs.openbsd.org 2001/12/25 18:49:56 + [key.c] + be more careful on allocation + - markus@cvs.openbsd.org 2001/12/25 18:53:00 + [auth1.c] + be more carefull on allocation + - markus@cvs.openbsd.org 2001/12/27 18:10:29 + [ssh-keygen.c] + -t is only needed for key generation (unbreaks -i, -e, etc). + - markus@cvs.openbsd.org 2001/12/27 18:22:16 + [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c] + [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c] + call fatal() for openssl allocation failures + - stevesk@cvs.openbsd.org 2001/12/27 18:22:53 + [sshd.8] + clarify -p; ok markus@ + - markus@cvs.openbsd.org 2001/12/27 18:26:13 + [authfile.c] + missing include + - markus@cvs.openbsd.org 2001/12/27 19:37:23 + [dh.c kexdh.c kexgex.c] + always use BN_clear_free instead of BN_free + - markus@cvs.openbsd.org 2001/12/27 19:54:53 + [auth1.c auth.h auth-rh-rsa.c] + auth_rhosts_rsa now accept generic keys. + - markus@cvs.openbsd.org 2001/12/27 20:39:58 + [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h] + [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] + get rid of packet_integrity_check, use packet_done() instead. + - markus@cvs.openbsd.org 2001/12/28 12:14:27 + [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c] + [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c] + [ssh.c sshconnect1.c sshconnect2.c sshd.c] + s/packet_done/packet_check_eom/ (end-of-message); ok djm@ + - markus@cvs.openbsd.org 2001/12/28 13:57:33 + [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c] + packet_get_bignum* no longer returns a size + - markus@cvs.openbsd.org 2001/12/28 14:13:13 + [bufaux.c bufaux.h packet.c] + buffer_get_bignum: int -> void + - markus@cvs.openbsd.org 2001/12/28 14:50:54 + [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c] + [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c] + [sshconnect2.c sshd.c] + packet_read* no longer return the packet length, since it's not used. + - markus@cvs.openbsd.org 2001/12/28 15:06:00 + [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] + [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] + remove plen from the dispatch fn. it's no longer used. + - stevesk@cvs.openbsd.org 2001/12/28 22:37:48 + [ssh.1 sshd.8] + document LogLevel DEBUG[123]; ok markus@ + - stevesk@cvs.openbsd.org 2001/12/29 21:56:01 + [authfile.c channels.c compress.c packet.c sftp-server.c] + [ssh-agent.c ssh-keygen.c] + remove unneeded casts and some char->u_char cleanup; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/03 04:11:08 + [ssh_config] + grammar in comment + - stevesk@cvs.openbsd.org 2002/01/04 17:59:17 + [readconf.c servconf.c] + remove #ifdef _PATH_XAUTH/#endif; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/04 18:14:16 + [servconf.c sshd.8] + protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and + /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@ + - markus@cvs.openbsd.org 2002/01/05 10:43:40 + [channels.c] + fix hanging x11 channels for rejected cookies (e.g. + XAUTHORITY=/dev/null xbiff) bug #36, based on patch from + djast@cs.toronto.edu + - stevesk@cvs.openbsd.org 2002/01/05 21:51:56 + [ssh.1 sshd.8] + some missing and misplaced periods + - markus@cvs.openbsd.org 2002/01/09 13:49:27 + [ssh-keygen.c] + append \n only for public keys + - markus@cvs.openbsd.org 2002/01/09 17:16:00 + [channels.c] + merge channel_pre_open_15/channel_pre_open_20; ok provos@ + - markus@cvs.openbsd.org 2002/01/09 17:26:35 + [channels.c nchan.c] + replace buffer_consume(b, buffer_len(b)) with buffer_clear(b); + ok provos@ + - markus@cvs.openbsd.org 2002/01/10 11:13:29 + [serverloop.c] + skip client_alive_check until there are channels; ok beck@ + - markus@cvs.openbsd.org 2002/01/10 11:24:04 + [clientloop.c] + handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@ + - markus@cvs.openbsd.org 2002/01/10 12:38:26 + [nchan.c] + remove dead code (skip drain) + - markus@cvs.openbsd.org 2002/01/10 12:47:59 + [nchan.c] + more unused code (with channels.c:1.156) + - markus@cvs.openbsd.org 2002/01/11 10:31:05 + [packet.c] + handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@ + - markus@cvs.openbsd.org 2002/01/11 13:36:43 + [ssh2.h] + add defines for msg type ranges + - markus@cvs.openbsd.org 2002/01/11 13:39:36 + [auth2.c dispatch.c dispatch.h kex.c] + a single dispatch_protocol_error() that sends a message of + type 'UNIMPLEMENTED' + dispatch_range(): set handler for a ranges message types + use dispatch_protocol_ignore() for authentication requests after + successful authentication (the drafts requirement). + serverloop/clientloop now send a 'UNIMPLEMENTED' message instead + of exiting. + - markus@cvs.openbsd.org 2002/01/11 20:14:11 + [auth2-chall.c auth-skey.c] + use strlcpy not strlcat; mouring@ + - markus@cvs.openbsd.org 2002/01/11 23:02:18 + [readpass.c] + use _PATH_TTY + - markus@cvs.openbsd.org 2002/01/11 23:02:51 + [auth2-chall.c] + use snprintf; mouring@ + - markus@cvs.openbsd.org 2002/01/11 23:26:30 + [auth-skey.c] + use snprintf; mouring@ + - markus@cvs.openbsd.org 2002/01/12 13:10:29 + [auth-skey.c] + undo local change + - provos@cvs.openbsd.org 2002/01/13 17:27:07 + [ssh-agent.c] + change to use queue.h macros; okay markus@ + - markus@cvs.openbsd.org 2002/01/13 17:57:37 + [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] + use buffer API and avoid static strings of fixed size; + ok provos@/mouring@ + - markus@cvs.openbsd.org 2002/01/13 21:31:20 + [channels.h nchan.c] + add chan_set_[io]state(), order states, state is now an u_int, + simplifies debugging messages; ok provos@ + - markus@cvs.openbsd.org 2002/01/14 13:22:35 + [nchan.c] + chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@ + - markus@cvs.openbsd.org 2002/01/14 13:34:07 + [nchan.c] + merge chan_[io]buf_empty[12]; ok provos@ + - markus@cvs.openbsd.org 2002/01/14 13:40:10 + [nchan.c] + correct fn names for ssh2, do not switch from closed to closed; + ok provos@ + - markus@cvs.openbsd.org 2002/01/14 13:41:13 + [nchan.c] + remove duplicated code; ok provos@ + - markus@cvs.openbsd.org 2002/01/14 13:55:55 + [channels.c channels.h nchan.c] + remove function pointers for events, remove chan_init*; ok provos@ + - markus@cvs.openbsd.org 2002/01/14 13:57:03 + [channels.h nchan.c] + (c) 2002 + - markus@cvs.openbsd.org 2002/01/16 13:17:51 + [channels.c channels.h serverloop.c ssh.c] + wrapper for channel_setup_fwd_listener + - stevesk@cvs.openbsd.org 2002/01/16 17:40:23 + [sshd_config] + The stategy now used for options in the default sshd_config shipped + with OpenSSH is to specify options with their default value where + possible, but leave them commented. Uncommented options change a + default value. Subsystem is currently the only default option + changed. ok markus@ + - stevesk@cvs.openbsd.org 2002/01/16 17:42:33 + [ssh.1] + correct defaults for -i/IdentityFile; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/16 17:55:33 + [ssh_config] + correct some commented defaults. add Ciphers default. ok markus@ + - stevesk@cvs.openbsd.org 2002/01/17 04:27:37 + [log.c] + casts to silence enum type warnings for bugzilla bug 37; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/18 17:14:16 + [sshd.8] + correct Ciphers default; paola.mannaro@ubs.com + - stevesk@cvs.openbsd.org 2002/01/18 18:14:17 + [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c] + unneeded cast cleanup; ok markus@ + - stevesk@cvs.openbsd.org 2002/01/18 20:46:34 + [sshd.8] + clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from + allard@oceanpark.com; ok markus@ + - markus@cvs.openbsd.org 2002/01/21 15:13:51 + [sshconnect.c] + use read_passphrase+ECHO in confirm(), allows use of ssh-askpass + for hostkey confirm. + - markus@cvs.openbsd.org 2002/01/21 22:30:12 + [cipher.c compat.c myproposal.h] + remove "rijndael-*", just use "aes-" since this how rijndael is called + in the drafts; ok stevesk@ + - markus@cvs.openbsd.org 2002/01/21 23:27:10 + [channels.c nchan.c] + cleanup channels faster if the are empty and we are in drain-state; + ok deraadt@ + - stevesk@cvs.openbsd.org 2002/01/22 02:52:41 + [servconf.c] + typo in error message; from djast@cs.toronto.edu + - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h + changes + - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as + bogus in configure + - (djm) Use local sys/queue.h if necessary in ssh-agent.c + +20020121 + - (djm) Rework ssh-rand-helper: + - Reduce quantity of ifdef code, in preparation for ssh_rand_conf + - Always seed from system calls, even when doing PRNGd seeding + - Tidy and comment #define knobs + - Remove unused facility for multiple runs through command list + - KNF, cleanup, update copyright + +20020114 + - (djm) Bug #50 - make autoconf entropy path checks more robust + +20020108 + - (djm) Merge Cygwin copy_environment with do_pam_environment, removing + fixed env var size limit in the process. Report from Corinna Vinschen + + - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does + not depend on transition links. from Lutz Jaenicke. + +20020106 + - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u" + for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u". + +20020105 + - (bal) NCR requies use_pipes to operate correctly. + - (stevesk) fix spurious ; from NCR change. + +20020103 + - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from + Roger Cornelius + +20011229 + - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen + Could be abused to guess valid usernames + - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen + + +20011228 + - (djm) Remove recommendation to use GNU make, we should support most + make programs. + +20011225 + - (stevesk) [Makefile.in ssh-rand-helper.c] + portable lib and __progname support for ssh-rand-helper; ok djm@ + +20011223 + - (bal) Removed contrib/chroot.diff and noted in contrib/README that it + was not being maintained. + +20011222 + - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from + solar@openwall.com + - (djm) Rework entropy code. If the OpenSSL PRNG is has not been + internally seeded, execute a subprogram "ssh-rand-helper" to obtain + some entropy for us. Rewrite the old in-process entropy collecter as + an example ssh-rand-helper. + - (djm) Always perform ssh_prng_cmds path lookups in configure, even if + we don't end up using ssh_prng_cmds (so we always get a valid file) + +20011221 + - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X + server. I have found this necessary to avoid server hangs with X input + extensions (e.g. kinput2). Enable by setting the environment variable + "GNOME_SSH_ASKPASS_NOGRAB" + - OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2001/12/08 17:49:28 + [channels.c pathnames.h] + use only one path to X11 UNIX domain socket vs. an array of paths + to try. report from djast@cs.toronto.edu. ok markus@ + - markus@cvs.openbsd.org 2001/12/09 18:45:56 + [auth2.c auth2-chall.c auth.h] + add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions, + fixes memleak. + - stevesk@cvs.openbsd.org 2001/12/10 16:45:04 + [sshd.c] + possible fd leak on error; ok markus@ + - markus@cvs.openbsd.org 2001/12/10 20:34:31 + [ssh-keyscan.c] + check that server supports v1 for -t rsa1, report from wirth@dfki.de + - jakob@cvs.openbsd.org 2001/12/18 10:04:21 + [auth.h hostfile.c hostfile.h] + remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@ + - jakob@cvs.openbsd.org 2001/12/18 10:05:15 + [auth2.c] + log fingerprint on successful public key authentication; ok markus@ + - jakob@cvs.openbsd.org 2001/12/18 10:06:24 + [auth-rsa.c] + log fingerprint on successful public key authentication, simplify + usage of key structs; ok markus@ + - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 + [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] + [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] + [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] + [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] + [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] + [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] + [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] + [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] + basic KNF done while i was looking for something else + - markus@cvs.openbsd.org 2001/12/19 16:09:39 + [serverloop.c] + fix race between SIGCHLD and select with an additional pipe. writing + to the pipe on SIGCHLD wakes up select(). using pselect() is not + portable and siglongjmp() ugly. W. R. Stevens suggests similar solution. + initial idea by pmenage@ensim.com; ok deraadt@, djm@ + - stevesk@cvs.openbsd.org 2001/12/19 17:16:13 + [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c] + change the buffer/packet interface to use void* vs. char*; ok markus@ + - markus@cvs.openbsd.org 2001/12/20 16:37:29 + [channels.c channels.h session.c] + setup x11 listen socket for just one connect if the client requests so. + (v2 only, but the openssh client does not support this feature). + - djm@cvs.openbsd.org 2001/12/20 22:50:24 + [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] + [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] + [sshconnect2.c] + Conformance fix: we should send failing packet sequence number when + responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by + yakk@yakk.dot.net; ok markus@ + +20011219 + - (stevesk) OpenBSD CVS sync X11 localhost display + - stevesk@cvs.openbsd.org 2001/11/29 14:10:51 + [channels.h channels.c session.c] + sshd X11 fake server will now listen on localhost by default: + $ echo $DISPLAY + localhost:12.0 + $ netstat -an|grep 6012 + tcp 0 0 127.0.0.1.6012 *.* LISTEN + tcp6 0 0 ::1.6012 *.* LISTEN + sshd_config gatewayports=yes can be used to revert back to the old + behavior. will control this with another option later. ok markus@ + - stevesk@cvs.openbsd.org 2001/12/19 08:43:11 + [includes.h session.c] + handle utsname.nodename case for FamilyLocal X authorization; ok markus@ + +20011207 + - (bal) PCRE no longer required. Banished from the source along with + fake-regex.h + - (bal) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2001/12/06 18:02:32 + [channels.c sshconnect.c] + shutdown(sock, SHUT_RDWR) not needed here; ok markus@ + - stevesk@cvs.openbsd.org 2001/12/06 18:09:23 + [channels.c session.c] + strncpy->strlcpy. remaining strncpy's are necessary. ok markus@ + - stevesk@cvs.openbsd.org 2001/12/06 18:20:32 + [channels.c] + disable nagle for X11 fake server and client TCPs. from netbsd. + ok markus@ + +20011206 + - (bal) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2001/11/14 20:45:08 + [sshd.c] + errno saving wrapping in a signal handler + - markus@cvs.openbsd.org 2001/11/16 12:46:13 + [ssh-keyscan.c] + handle empty lines instead of dumping core; report from sha@sha-1.net + - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 + [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] + enum/int type cleanup where it made sense to do so; ok markus@ + - markus@cvs.openbsd.org 2001/11/19 11:20:21 + [sshd.c] + fd leak on HUP; ok stevesk@ + - stevesk@cvs.openbsd.org 2001/11/19 18:40:46 + [ssh-agent.1] + clarify/state that private keys are not exposed to clients using the + agent; ok markus@ + - mpech@cvs.openbsd.org 2001/11/19 19:02:16 + [deattack.c radix.c] + kill more registers + millert@ ok + - markus@cvs.openbsd.org 2001/11/21 15:51:24 + [key.c] + mem leak + - stevesk@cvs.openbsd.org 2001/11/21 18:49:14 + [ssh-keygen.1] + more on passphrase construction; ok markus@ + - stevesk@cvs.openbsd.org 2001/11/22 05:27:29 + [ssh-keyscan.c] + don't use "\n" in fatal() + - markus@cvs.openbsd.org 2001/11/22 12:34:22 + [clientloop.c serverloop.c sshd.c] + volatile sig_atomic_t + - stevesk@cvs.openbsd.org 2001/11/29 19:06:39 + [channels.h] + remove dead function prototype; ok markus@ + - markus@cvs.openbsd.org 2001/11/29 22:08:48 + [auth-rsa.c] + fix protocol error: send 'failed' message instead of a 2nd challenge + (happens if the same key is in authorized_keys twice). + reported Ralf_Meister@genua.de; ok djm@ + - stevesk@cvs.openbsd.org 2001/11/30 20:39:28 + [ssh.c] + sscanf() length dependencies are clearer now; can also shrink proto + and data if desired, but i have not done that. ok markus@ + - markus@cvs.openbsd.org 2001/12/01 21:41:48 + [session.c sshd.8] + don't pass user defined variables to /usr/bin/login + - deraadt@cvs.openbsd.org 2001/12/02 02:08:32 + [sftp-common.c] + zap }; + - itojun@cvs.openbsd.org 2001/12/05 03:50:01 + [clientloop.c serverloop.c sshd.c] + deal with LP64 printf issue with sig_atomic_t. from thorpej + - itojun@cvs.openbsd.org 2001/12/05 03:56:39 + [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c + sshconnect2.c] + make it compile with more strict prototype checking + - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 + [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c + key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c + sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] + minor KNF + - markus@cvs.openbsd.org 2001/12/05 15:04:48 + [version.h] + post 3.0.2 + - markus@cvs.openbsd.org 2001/12/05 16:54:51 + [compat.c match.c match.h] + make theo and djm happy: bye bye regexp + - markus@cvs.openbsd.org 2001/12/06 13:30:06 + [servconf.c servconf.h sshd.8 sshd.c] + add -o to sshd, too. ok deraadt@ + - (bal) Minor white space fix up in servconf.c + +20011126 + - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c, + openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c] + Allow SSHD to install as service under WIndows 9x/Me + [configure.ac] Fix to allow linking against PCRE on Cygwin + Patches by Corinna Vinschen + +20011115 + - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian + Fix from markus@ + - (djm) Release 3.0.1p1 + +20011113 + - (djm) Fix early (and double) free of remote user when using Kerberos. + Patch from Simon Wilkinson + - (djm) AIX login{success,failed} changes. Move loginsuccess call to + do_authenticated. Call loginfailed for protocol 2 failures > MAX like + we do for protocol 1. Reports from Ralf Wenk , + K.Wolkersdorfer@fz-juelich.de and others + - (djm) OpenBSD CVS Sync + - dugsong@cvs.openbsd.org 2001/11/11 18:47:10 + [auth-krb5.c] + fix krb5 authorization check. found by . from + art@, deraadt@ ok + - markus@cvs.openbsd.org 2001/11/12 11:17:07 + [servconf.c] + enable authorized_keys2 again. tested by fries@ + - markus@cvs.openbsd.org 2001/11/13 02:03:57 + [version.h] + enter 3.0.1 + - (djm) Bump RPM package versions + +20011112 + - (djm) Makefile correctness fix from Mark D. Baushke + - (djm) Cygwin config patch from Corinna Vinschen + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/10/24 08:41:41 + [sshd.c] + mention remote port in debug message + - markus@cvs.openbsd.org 2001/10/24 08:41:20 + [ssh.c] + remove unused + - markus@cvs.openbsd.org 2001/10/24 08:51:35 + [clientloop.c ssh.c] + ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@ + - markus@cvs.openbsd.org 2001/10/24 19:57:40 + [clientloop.c] + make ~& (backgrounding) work again for proto v1; add support ~& for v2, too + - markus@cvs.openbsd.org 2001/10/25 21:14:32 + [ssh-keygen.1 ssh-keygen.c] + better docu for fingerprinting, ok deraadt@ + - markus@cvs.openbsd.org 2001/10/29 19:27:15 + [sshconnect2.c] + hostbased: check for client hostkey before building chost + - markus@cvs.openbsd.org 2001/10/30 20:29:09 + [ssh.1] + ssh.1 + - markus@cvs.openbsd.org 2001/11/07 16:03:17 + [packet.c packet.h sshconnect2.c] + pad using the padding field from the ssh2 packet instead of sending + extra ignore messages. tested against several other ssh servers. + - markus@cvs.openbsd.org 2001/11/07 21:40:21 + [ssh-rsa.c] + ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported + - markus@cvs.openbsd.org 2001/11/07 22:10:28 + [ssh-dss.c ssh-rsa.c] + missing free and sync dss/rsa code. + - markus@cvs.openbsd.org 2001/11/07 22:12:01 + [sshd.8] + s/Keepalive/KeepAlive/; from openbsd@davidkrause.com + - markus@cvs.openbsd.org 2001/11/07 22:41:51 + [auth2.c auth-rh-rsa.c] + unused includes + - markus@cvs.openbsd.org 2001/11/07 22:53:21 + [channels.h] + crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com + - markus@cvs.openbsd.org 2001/11/08 10:51:08 + [readpass.c] + don't strdup too much data; from gotoh@taiyo.co.jp; ok millert. + - markus@cvs.openbsd.org 2001/11/08 17:49:53 + [ssh.1] + mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@ + - markus@cvs.openbsd.org 2001/11/08 20:02:24 + [auth.c] + don't print ROOT in CAPS for the authentication messages, i.e. + Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2 + becomes + Accepted publickey for root from 127.0.0.1 port 42734 ssh2 + - markus@cvs.openbsd.org 2001/11/09 18:59:23 + [clientloop.c serverloop.c] + don't memset too much memory, ok millert@ + original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com + - markus@cvs.openbsd.org 2001/11/10 13:19:45 + [sshd.c] + cleanup libwrap support (remove bogus comment, bogus close(), add + debug, etc). + - markus@cvs.openbsd.org 2001/11/10 13:22:42 + [ssh-rsa.c] + KNF (unexpand) + - markus@cvs.openbsd.org 2001/11/10 13:37:20 + [packet.c] + remove extra debug() + - markus@cvs.openbsd.org 2001/11/11 13:02:31 + [servconf.c] + make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if + AuthorizedKeysFile is specified. + - (djm) Reorder portable-specific server options so that they come first. + This should help reduce diff collisions for new server options (as they + will appear at the end) + +20011109 + - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) + if permit_empty_passwd == 0 so null password check cannot be bypassed. + jayaraj@amritapuri.com OpenBSD bug 2168 + - markus@cvs.openbsd.org 2001/11/09 19:08:35 + [sshd.c] + remove extra trailing dot from log message; pilot@naughty.monkey.org + +20011103 + - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates + from Raymund Will + [acconfig.h configure.in] Clean up login checks. + Problem reported by Jim Knoble + +20011101 + - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free) + +20011031 + - (djm) Unsmoke drugs: config files should be noreplace. + +20011030 + - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6 + by default (can force IPv4 using --define "noipv6 1") + +20011029 + - (tim) [TODO defines.h loginrec.c] Change the references to configure.in + to configure.ac + +20011028 + - (djm) Avoid bug in Solaris PAM libs + - (djm) Disconnect if no tty and PAM reports password expired + - (djm) Fix for PAM password changes being echoed (from stevesk) + - (stevesk) Fix compile problem with PAM password change fix + - (stevesk) README: zlib location is http://www.gzip.org/zlib/ + +20011027 + - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb) + Patch by Robert Dahlem + +20011026 + - (bal) Set the correct current time in login_utmp_only(). Patch by + Wayne Davison + - (tim) [scard/Makefile.in] Fix install: when building outside of source + tree and using --src=/full_path/to/openssh + Patch by Mark D. Baushke + +20011025 + - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch + by todd@ + - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and + tcp-wrappers precedence over system libraries and includes. + Report from Dave Dykstra + +20011024 + - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already. + - (tim) configure.in -> configure.ac + +20011023 + - (bal) Updated version to 3.0p1 in preparing for release. + - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform. + - (tim) [configure.in] Fix test for broken dirname. Based on patch from + Dave Dykstra . Remove un-needed test for zlib.h. + [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec, + contrib/suse/openssh.spec] Update version to match version.h + 20011022 - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open). Report from Michal Zalewski