X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/d9cd35756202e3fa03a289a2f346f72e965ae28d..30dcc9186bb6f8000c4112c835ab6b30869c3cb5:/ChangeLog diff --git a/ChangeLog b/ChangeLog index b0dfaec9..37e19ca9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,289 @@ +20010415 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2001/04/14 04:31:01 + [ssh-add.c] + do not double free + - markus@cvs.openbsd.org 2001/04/14 16:17:14 + [channels.c] + remove some channels that are not appropriate for keepalive. + - markus@cvs.openbsd.org 2001/04/14 16:27:57 + [ssh-add.c] + use clear_pass instead of xfree() + - stevesk@cvs.openbsd.org 2001/04/14 16:33:20 + [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h] + protocol 2 tty modes support; ok markus@ + +20010414 + - Sync with OpenBSD glob.c, strlcat.c and vis.c changes + - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen + + - OpenBSD CVS Sync + - beck@cvs.openbsd.org 2001/04/13 22:46:54 + [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8] + Add options ClientAliveInterval and ClientAliveCountMax to sshd. + This gives the ability to do a "keepalive" via the encrypted channel + which can't be spoofed (unlike TCP keepalives). Useful for when you want + to use ssh connections to authenticate people for something, and know + relatively quickly when they are no longer authenticated. Disabled + by default (of course). ok markus@ + +20010413 + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/12 14:29:09 + [ssh.c] + show debug output during option processing, report from + pekkas@netcore.fi + - markus@cvs.openbsd.org 2001/04/12 19:15:26 + [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h + compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h + servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c + sshconnect2.c sshd_config] + implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) + similar to RhostRSAAuthentication unless you enable (the experimental) + HostbasedUsesNameFromPacketOnly option. please test. :) + - markus@cvs.openbsd.org 2001/04/12 19:39:27 + [readconf.c] + typo + - stevesk@cvs.openbsd.org 2001/04/12 20:09:38 + [misc.c misc.h readconf.c servconf.c ssh.c sshd.c] + robust port validation; ok markus@ jakob@ + - mouring@cvs.openbsd.org 2001/04/12 23:17:54 + [sftp-int.c sftp-int.h sftp.1 sftp.c] + Add support for: + sftp [user@]host[:file [file]] - Fetch remote file(s) + sftp [user@]host[:dir[/]] - Start in remote dir/ + OK deraadt@ + - stevesk@cvs.openbsd.org 2001/04/13 01:26:17 + [ssh.c] + missing \n in error message + - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others) + lack it. + +20010412 + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/10 07:46:58 + [channels.c] + cleanup socks4 handling + - itojun@cvs.openbsd.org 2001/04/10 09:13:22 + [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] + document id_rsa{.pub,}. markus ok + - markus@cvs.openbsd.org 2001/04/10 12:15:23 + [channels.c] + debug cleanup + - djm@cvs.openbsd.org 2001/04/11 07:06:22 + [sftp-int.c] + 'mget' and 'mput' aliases; ok markus@ + - markus@cvs.openbsd.org 2001/04/11 10:59:01 + [ssh.c] + use strtol() for ports, thanks jakob@ + - markus@cvs.openbsd.org 2001/04/11 13:56:13 + [channels.c ssh.c] + https-connect and socks5 support. i feel so bad. + - lebel@cvs.openbsd.org 2001/04/11 16:25:30 + [sshd.8 sshd.c] + implement the -e option into sshd: + -e When this option is specified, sshd will send the output to the + standard error instead of the system log. + markus@ OK. + +20010410 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2001/04/08 20:52:55 + [sftp.c] + do not modify an actual argv[] entry + - stevesk@cvs.openbsd.org 2001/04/08 23:28:27 + [sshd.8] + spelling + - stevesk@cvs.openbsd.org 2001/04/09 00:42:05 + [sftp.1] + spelling + - markus@cvs.openbsd.org 2001/04/09 15:12:23 + [ssh-add.c] + passphrase caching: ssh-add tries last passphrase, clears passphrase if + not successful and after last try. + based on discussions with espie@, jakob@, ... and code from jakob@ and + wolfgang@wsrcc.com + - markus@cvs.openbsd.org 2001/04/09 15:19:49 + [ssh-add.1] + ssh-add retries the last passphrase... + - stevesk@cvs.openbsd.org 2001/04/09 18:00:15 + [sshd.8] + ListenAddress mandoc from aaron@ + +20010409 + - (stevesk) use setresgid() for setegid() if needed + - (stevesk) configure.in: typo + - OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2001/04/08 16:01:36 + [sshd.8] + document ListenAddress addr:port + - markus@cvs.openbsd.org 2001/04/08 13:03:00 + [ssh-add.c] + init pointers with NULL, thanks to danimal@danimal.org + - markus@cvs.openbsd.org 2001/04/08 11:27:33 + [clientloop.c] + leave_raw_mode if ssh2 "session" is closed + - markus@cvs.openbsd.org 2001/04/06 21:00:17 + [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c + ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h] + do gid/groups-swap in addition to uid-swap, should help if /home/group + is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks + to olar@openwall.com is comments. we had many requests for this. + - markus@cvs.openbsd.org 2001/04/07 08:55:18 + [buffer.c channels.c channels.h readconf.c ssh.c] + allow the ssh client act as a SOCKS4 proxy (dynamic local + portforwarding). work by Dan Kaminsky and me. + thanks to Dan for this great patch: use 'ssh -D 1080 host' and make + netscape use localhost:1080 as a socks proxy. + - markus@cvs.openbsd.org 2001/04/08 11:24:33 + [uidswap.c] + KNF + +20010408 + - OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2001/04/06 22:12:47 + [hostfile.c] + unused; typo in comment + - stevesk@cvs.openbsd.org 2001/04/06 22:25:25 + [servconf.c] + in addition to: + ListenAddress host|ipv4_addr|ipv6_addr + permit: + ListenAddress [host|ipv4_addr|ipv6_addr]:port + ListenAddress host|ipv4_addr:port + sshd.8 updates coming. ok markus@ + +20010407 + - (bal) CVS ID Resync of version.h + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/05 23:39:20 + [serverloop.c] + keep the ssh session even if there is no active channel. + this is more in line with the protocol spec and makes + ssh -N -L 1234:server:110 host + more useful. + based on discussion with long time ago + and recent mail from + - deraadt@cvs.openbsd.org 2001/04/06 16:46:59 + [scp.c] + remove trailing / from source paths; fixes pr#1756 + +20010406 + - (stevesk) logintest.c: fix for systems without __progname + - (stevesk) Makefile.in: log.o is in libssh.a + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/05 10:00:06 + [compat.c] + 2.3.x does old GEX, too; report jakob@ + - markus@cvs.openbsd.org 2001/04/05 10:39:03 + [compress.c compress.h packet.c] + reset compress state per direction when rekeying. + - markus@cvs.openbsd.org 2001/04/05 10:39:48 + [version.h] + temporary version 2.5.4 (supports rekeying). + this is not an official release. + - markus@cvs.openbsd.org 2001/04/05 10:42:57 + [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c + mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c + sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c + sshconnect2.c sshd.c] + fix whitespace: unexpand + trailing spaces. + - markus@cvs.openbsd.org 2001/04/05 11:09:17 + [clientloop.c compat.c compat.h] + add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions. + - markus@cvs.openbsd.org 2001/04/05 15:45:43 + [ssh.1] + ssh defaults to protocol v2; from quisar@quisar.ambre.net + - stevesk@cvs.openbsd.org 2001/04/05 15:48:18 + [canohost.c canohost.h session.c] + move get_remote_name_or_ip() to canohost.[ch]; for portable. ok markus@ + - markus@cvs.openbsd.org 2001/04/05 20:01:10 + [clientloop.c] + for ~R print message if server does not support rekeying. (and fix ~R). + - markus@cvs.openbsd.org 2001/04/05 21:02:46 + [buffer.c] + better error message + - markus@cvs.openbsd.org 2001/04/05 21:05:24 + [clientloop.c ssh.c] + don't request a session for 'ssh -N', pointed out slade@shore.net + +20010405 + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/04 09:48:35 + [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] + don't sent multiple kexinit-requests. + send newkeys, block while waiting for newkeys. + fix comments. + - markus@cvs.openbsd.org 2001/04/04 14:34:58 + [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c] + enable server side rekeying + some rekey related clientup. + todo: we should not send any non-KEX messages after we send KEXINIT + - markus@cvs.openbsd.org 2001/04/04 15:50:55 + [compat.c] + f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov + - markus@cvs.openbsd.org 2001/04/04 20:25:38 + [channels.c channels.h clientloop.c kex.c kex.h serverloop.c + sshconnect2.c sshd.c] + more robust rekeying + don't send channel data after rekeying is started. + - markus@cvs.openbsd.org 2001/04/04 20:32:56 + [auth2.c] + we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@ + - markus@cvs.openbsd.org 2001/04/04 22:04:35 + [kex.c kexgex.c serverloop.c] + parse full kexinit packet. + make server-side more robust, too. + - markus@cvs.openbsd.org 2001/04/04 23:09:18 + [dh.c kex.c packet.c] + clear+free keys,iv for rekeying. + + fix DH mem leaks. ok niels@ + - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes + BROKEN_VHANGUP + +20010404 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2001/04/02 17:32:23 + [ssh-agent.1] + grammar; slade@shore.net + - stevesk@cvs.openbsd.org 2001/04/03 13:56:11 + [sftp-glob.c ssh-agent.c ssh-keygen.c] + free() -> xfree() + - markus@cvs.openbsd.org 2001/04/03 19:53:29 + [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c] + move kex to kex*.c, used dispatch_set() callbacks for kex. should + make rekeying easier. + - todd@cvs.openbsd.org 2001/04/03 21:19:38 + [ssh_config] + id_rsa1/2 -> id_rsa; ok markus@ + - markus@cvs.openbsd.org 2001/04/03 23:32:12 + [kex.c kex.h packet.c sshconnect2.c sshd.c] + undo parts of recent my changes: main part of keyexchange does not + need dispatch-callbacks, since application data is delayed until + the keyexchange completes (if i understand the drafts correctly). + add some infrastructure for re-keying. + - markus@cvs.openbsd.org 2001/04/04 00:06:54 + [clientloop.c sshconnect2.c] + enable client rekeying + (1) force rekeying with ~R, or + (2) if the server requests rekeying. + works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0 + - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. + +20010403 + - OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2001/04/02 14:15:31 + [sshd.8] + typo; ok markus@ + - stevesk@cvs.openbsd.org 2001/04/02 14:20:23 + [readconf.c servconf.c] + correct comment; ok markus@ + - (stevesk) nchan.c: remove ostate checks and add EINVAL to + shutdown(SHUT_RD) error() bypass for HP-UX. + +20010402 + - (stevesk) log.c openbsd sync; missing newlines + - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H + 20010330 - (djm) Another openbsd-compat/glob.c sync - (djm) OpenBSD CVS Sync @@ -10,6 +296,18 @@ - markus@cvs.openbsd.org 2001/03/28 22:43:31 [auth.h auth2.c auth2-chall.c] check auth_root_allowed for kbd-int auth, too. + - provos@cvs.openbsd.org 2001/03/29 14:24:59 + [sshconnect2.c] + use recommended defaults + - stevesk@cvs.openbsd.org 2001/03/29 21:06:21 + [sshconnect2.c sshd.c] + need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@ + - markus@cvs.openbsd.org 2001/03/29 21:17:40 + [dh.c dh.h kex.c kex.h] + prepare for rekeying: move DH code to dh.c + - djm@cvs.openbsd.org 2001/03/29 23:42:01 + [sshd.c] + Protocol 1 key regeneration log => verbose, some KNF; ok markus@ 20010329 - OpenBSD CVS Sync