X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/dbaa2e878166721c3999e64c9b0ef2e2553e30da..97994d32f2bc12c0273130a1f359e0bdb5d69789:/ChangeLog diff --git a/ChangeLog b/ChangeLog index de8ddf38..61993bb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,14 +1,418 @@ +20001007 + - (stevesk) Print PAM return value in PAM log messages to aid + with debugging. + - (stevesk) Fix detection of pw_class struct member in configure; + patch from KAMAHARA Junzo + +20001002 + - (djm) Fix USER_PATH, report from Kevin Steves + - (djm) Add host system and CC to end-of-configure report. Suggested by + Lutz Jaenicke + +20000931 + - (djm) Cygwin fixes from Corinna Vinschen + +20000930 + - (djm) Irix ssh_prng_cmds path fix from Pekka Savola + - (djm) Support in bsd-snprintf.c for long long conversions from + Ben Lindstrom + - (djm) Cleanup NeXT support from Ben Lindstrom + - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with + very short lived X connections. Bug report from Tobias Oetiker + . Fix from Markus Friedl + - (djm) Add recent InitScripts as a RPM dependancy for openssh-server + patch from Pekka Savola + - (djm) Forgot to cvs add LICENSE file + - (djm) Add LICENSE to RPM spec files + - (djm) CVS OpenBSD sync: + - markus@cvs.openbsd.org 2000/09/26 13:59:59 + [clientloop.c] + use debug2 + - markus@cvs.openbsd.org 2000/09/27 15:41:34 + [auth2.c sshconnect2.c] + use key_type() + - markus@cvs.openbsd.org 2000/09/28 12:03:18 + [channels.c] + debug -> debug2 cleanup + - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only + strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis + + - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass. + Problem was caused by interrupted read in ssh-add. Report from Donald + J. Barry + +20000929 + - (djm) Fix SSH2 not terminating until all background tasks done problem. + - (djm) Another off-by-one fix from Pavel Kankovsky + + - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, + tidy necessary differences. Use Markus' new debugN() in entropy.c + - (djm) Merged big SCO portability patch from Tim Rice + + +20000926 + - (djm) Update X11-askpass to 1.0.2 in RPM spec file + - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX + - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. + Report and fix from Pavel Kankovsky + +20000924 + - (djm) Merged cleanup patch from Mark Miller + - (djm) A bit more cleanup - created cygwin_util.h + - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller + + +20000923 + - (djm) Fix address logging in utmp from Kevin Steves + + - (djm) Redhat spec and manpage fixes from Pekka Savola + - (djm) Seperate tests for int64_t and u_int64_t types + - (djm) Tweak password expiry checking at suggestion of Kevin Steves + + - (djm) NeXT patch from Ben Lindstrom + - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from + Michael Stone + - (djm) OpenBSD CVS sync: + - markus@cvs.openbsd.org 2000/09/17 09:38:59 + [sshconnect2.c sshd.c] + fix DEBUG_KEXDH + - markus@cvs.openbsd.org 2000/09/17 09:52:51 + [sshconnect.c] + yes no; ok niels@ + - markus@cvs.openbsd.org 2000/09/21 04:55:11 + [sshd.8] + typo + - markus@cvs.openbsd.org 2000/09/21 05:03:54 + [serverloop.c] + typo + - markus@cvs.openbsd.org 2000/09/21 05:11:42 + scp.c + utime() to utimes(); mouring@pconline.com + - markus@cvs.openbsd.org 2000/09/21 05:25:08 + sshconnect2.c + change login logic in ssh2, allows plugin of other auth methods + - markus@cvs.openbsd.org 2000/09/21 05:25:35 + [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] + [serverloop.c] + add context to dispatch_run + - markus@cvs.openbsd.org 2000/09/21 05:07:52 + authfd.c authfd.h ssh-agent.c + bug compat for old ssh.com software + +20000920 + - (djm) Fix bad path substitution. Report from Andrew Miner + + +20000916 + - (djm) Fix SSL search order from Lutz Jaenicke + + - (djm) New SuSE spec from Corinna Vinschen + - (djm) Update CygWin support from Corinna Vinschen + - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. + Patch from Larry Jones + - (djm) Add Steve VanDevender's PAM + password change patch. + - (djm) Bring licenses on my stuff in line with OpenBSD's + - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from + Kevin Steves + - (djm) Shadow expiry check fix from Pavel Troller + - (djm) Re-enable int64_t types - we need them for sftp + - (djm) Use libexecdir from configure , rather than libexecdir/ssh + - (djm) Update Redhat SPEC file accordingly + - (djm) Add Kevin Steves HP/UX contrib files + - (djm) Add Charles Levert getpgrp patch + - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter + + - (djm) Fixprogs and entropy list fixes from Larry Jones + + - (djm) Fix for SuSE spec file from Takashi YOSHIDA + + - (djm) Merge OpenBSD changes: + - markus@cvs.openbsd.org 2000/09/05 02:59:57 + [session.c] + print hostname (not hushlogin) + - markus@cvs.openbsd.org 2000/09/05 13:18:48 + [authfile.c ssh-add.c] + enable ssh-add -d for DSA keys + - markus@cvs.openbsd.org 2000/09/05 13:20:49 + [sftp-server.c] + cleanup + - markus@cvs.openbsd.org 2000/09/06 03:46:41 + [authfile.h] + prototype + - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 + [ALL] + cleanup copyright notices on all files. I have attempted to be + accurate with the details. everything is now under Tatu's licence + (which I copied from his readme), and/or the core-sdi bsd-ish thing + for deattack, or various openbsd developers under a 2-term bsd + licence. We're not changing any rules, just being accurate. + - markus@cvs.openbsd.org 2000/09/07 14:40:30 + [channels.c channels.h clientloop.c serverloop.c ssh.c] + cleanup window and packet sizes for ssh2 flow control; ok niels + - markus@cvs.openbsd.org 2000/09/07 14:53:00 + [scp.c] + typo + - markus@cvs.openbsd.org 2000/09/07 15:13:37 + [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] + [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] + [pty.c readconf.c] + some more Copyright fixes + - markus@cvs.openbsd.org 2000/09/08 03:02:51 + [README.openssh2] + bye bye + - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 + [LICENCE cipher.c] + a few more comments about it being ARC4 not RC4 + - markus@cvs.openbsd.org 2000/09/12 14:53:11 + [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] + multiple debug levels + - markus@cvs.openbsd.org 2000/09/14 14:25:15 + [clientloop.c] + typo + - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 + [ssh-agent.c] + check return value for setenv(3) for failure, and deal appropriately + +20000913 + - (djm) Fix server not exiting with jobs in background. + +20000905 + - (djm) Import OpenBSD CVS changes + - markus@cvs.openbsd.org 2000/08/31 15:52:24 + [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c] + implement a SFTP server. interops with sftp2, scp2 and the windows + client from ssh.com + - markus@cvs.openbsd.org 2000/08/31 15:56:03 + [README.openssh2] + sync + - markus@cvs.openbsd.org 2000/08/31 16:05:42 + [session.c] + Wall + - markus@cvs.openbsd.org 2000/08/31 16:09:34 + [authfd.c ssh-agent.c] + add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions + - deraadt@cvs.openbsd.org 2000/09/01 09:25:13 + [scp.1 scp.c] + cleanup and fix -S support; stevesk@sweden.hp.com + - markus@cvs.openbsd.org 2000/09/01 16:29:32 + [sftp-server.c] + portability fixes + - markus@cvs.openbsd.org 2000/09/01 16:32:41 + [sftp-server.c] + fix cast; mouring@pconline.com + - itojun@cvs.openbsd.org 2000/09/03 09:23:28 + [ssh-add.1 ssh.1] + add missing .El against .Bl. + - markus@cvs.openbsd.org 2000/09/04 13:03:41 + [session.c] + missing close; ok theo + - markus@cvs.openbsd.org 2000/09/04 13:07:21 + [session.c] + fix get_last_login_time order; from andre@van-veen.de + - markus@cvs.openbsd.org 2000/09/04 13:10:09 + [sftp-server.c] + more cast fixes; from mouring@pconline.com + - markus@cvs.openbsd.org 2000/09/04 13:06:04 + [session.c] + set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net + - (djm) Cleanup after import. Fix sftp-server compilation, Makefile + - (djm) Merge cygwin support from Corinna Vinschen + +20000903 + - (djm) Fix Redhat init script + +20000901 + - (djm) Pick up Jim's new X11-askpass + - (djm) Release 2.2.0p1 + +20000831 + - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox + + - (djm) Pick up new version (2.2.0) from OpenBSD CVS + +20000830 + - (djm) Compile warning fixes from Mark Miller + - (djm) Periodically rekey arc4random + - (djm) Clean up diff against OpenBSD. + - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves + + - (djm) Quieten the pam delete credentials error message + - (djm) Fix printing of $DISPLAY hack if set by system type. Report from + Kevin Steves + - (djm) NeXT patch from Ben Lindstrom + - (djm) Fix doh in bsd-arc4random.c + +20000829 + - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert + Doering , John Horne and + Garrick James + - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from + Bastian Trompetter + - (djm) NeXT tweaks from Ben Lindstrom + - More OpenBSD updates: + - deraadt@cvs.openbsd.org 2000/08/24 15:46:59 + [scp.c] + off_t in sink, to fix files > 2GB, i think, test is still running ;-) + - deraadt@cvs.openbsd.org 2000/08/25 10:10:06 + [session.c] + Wall + - markus@cvs.openbsd.org 2000/08/26 04:33:43 + [compat.c] + ssh.com-2.3.0 + - markus@cvs.openbsd.org 2000/08/27 12:18:05 + [compat.c] + compatibility with future ssh.com versions + - deraadt@cvs.openbsd.org 2000/08/27 21:50:55 + [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c] + print uid/gid as unsigned + - markus@cvs.openbsd.org 2000/08/28 13:51:00 + [ssh.c] + enable -n and -f for ssh2 + - markus@cvs.openbsd.org 2000/08/28 14:19:53 + [ssh.c] + allow combination of -N and -f + - markus@cvs.openbsd.org 2000/08/28 14:20:56 + [util.c] + util.c + - markus@cvs.openbsd.org 2000/08/28 14:22:02 + [util.c] + undo + - markus@cvs.openbsd.org 2000/08/28 14:23:38 + [util.c] + don't complain if setting NONBLOCK fails with ENODEV + +20000823 + - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4 + Avoids "scp never exits" problem. Reports from Lutz Jaenicke + and Tamito KAJIYAMA + + - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers + - (djm) Add local version to version.h + - (djm) Don't reseed arc4random everytime it is used + - (djm) OpenBSD CVS updates: + - deraadt@cvs.openbsd.org 2000/08/18 20:07:23 + [ssh.c] + accept remsh as a valid name as well; roman@buildpoint.com + - deraadt@cvs.openbsd.org 2000/08/18 20:17:13 + [deattack.c crc32.c packet.c] + rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to + libz crc32 function yet, because it has ugly "long"'s in it; + oneill@cs.sfu.ca + - deraadt@cvs.openbsd.org 2000/08/18 20:26:08 + [scp.1 scp.c] + -S prog support; tv@debian.org + - deraadt@cvs.openbsd.org 2000/08/18 20:50:07 + [scp.c] + knf + - deraadt@cvs.openbsd.org 2000/08/18 20:57:33 + [log-client.c] + shorten + - markus@cvs.openbsd.org 2000/08/19 12:48:11 + [channels.c channels.h clientloop.c ssh.c ssh.h] + support for ~. in ssh2 + - deraadt@cvs.openbsd.org 2000/08/19 15:29:40 + [crc32.h] + proper prototype + - markus@cvs.openbsd.org 2000/08/19 15:34:44 + [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] + [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] + [fingerprint.c fingerprint.h] + add SSH2/DSA support to the agent and some other DSA related cleanups. + (note that we cannot talk to ssh.com's ssh2 agents) + - markus@cvs.openbsd.org 2000/08/19 15:55:52 + [channels.c channels.h clientloop.c] + more ~ support for ssh2 + - markus@cvs.openbsd.org 2000/08/19 16:21:19 + [clientloop.c] + oops + - millert@cvs.openbsd.org 2000/08/20 12:25:53 + [session.c] + We have to stash the result of get_remote_name_or_ip() before we + close our socket or getpeername() will get EBADF and the process + will exit. Only a problem for "UseLogin yes". + - millert@cvs.openbsd.org 2000/08/20 12:30:59 + [session.c] + Only check /etc/nologin if "UseLogin no" since login(1) may have its + own policy on determining who is allowed to login when /etc/nologin + is present. Also use the _PATH_NOLOGIN define. + - millert@cvs.openbsd.org 2000/08/20 12:42:43 + [auth1.c auth2.c session.c ssh.c] + Add calls to setusercontext() and login_get*(). We basically call + setusercontext() in most places where previously we did a setlogin(). + Add default login.conf file and put root in the "daemon" login class. + - millert@cvs.openbsd.org 2000/08/21 10:23:31 + [session.c] + Fix incorrect PATH setting; noted by Markus. + +20000818 + - (djm) OpenBSD CVS changes: + - markus@cvs.openbsd.org 2000/07/22 03:14:37 + [servconf.c servconf.h sshd.8 sshd.c sshd_config] + random early drop; ok theo, niels + - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 + [ssh.1] + typo + - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 + [sshd.8] + many fixes from pepper@mail.reppep.com + - provos@cvs.openbsd.org 2000/08/01 13:01:42 + [Makefile.in util.c aux.c] + rename aux.c to util.c to help with cygwin port + - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 + [authfd.c] + correct sun_len; Alexander@Leidinger.net + - provos@cvs.openbsd.org 2000/08/02 10:27:17 + [readconf.c sshd.8] + disable kerberos authentication by default + - provos@cvs.openbsd.org 2000/08/02 11:27:05 + [sshd.8 readconf.c auth-krb4.c] + disallow kerberos authentication if we can't verify the TGT; from + dugsong@ + kerberos authentication is on by default only if you have a srvtab. + - markus@cvs.openbsd.org 2000/08/04 14:30:07 + [auth.c] + unused + - markus@cvs.openbsd.org 2000/08/04 14:30:35 + [sshd_config] + MaxStartups + - markus@cvs.openbsd.org 2000/08/15 13:20:46 + [authfd.c] + cleanup; ok niels@ + - markus@cvs.openbsd.org 2000/08/17 14:05:10 + [session.c] + cleanup login(1)-like jobs, no duplicate utmp entries + - markus@cvs.openbsd.org 2000/08/17 14:06:34 + [session.c sshd.8 sshd.c] + sshd -u len, similar to telnetd + - (djm) Lastlog was not getting closed after writing login entry + - (djm) Add Solaris package support from Rip Loomis + +20000816 + - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc) + - (djm) Fix strerror replacement for old SunOS. Based on patch from + Charles Levert + - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4 + implementation. + - (djm) SUN_LEN macro for systems which lack it + 20000815 - (djm) More SunOS 4.1.x fixes from Nate Itkin + - (djm) Avoid failures on Irix when ssh is not setuid. Fix from + Michael Stone + - (djm) Don't seek in directory based lastlogs + - (djm) Fix --with-ipaddr-display configure option test. Patch from + Jarno Huuskonen + - (djm) Fix AIX limits from Alexandre Oliva 20000813 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from Fabrice bacchella 20000809 - - (djm) Define AIX hard limits if headers don't. Report from + - (djm) Define AIX hard limits if headers don't. Report from Bill Painter - - (djm) utmp direct write & SunOS 4 patch from Charles Levert + - (djm) utmp direct write & SunOS 4 patch from Charles Levert 20000808 @@ -87,9 +491,9 @@ - (djm) Fixup for AIX getuserattr() support from Tom Bertelson - (djm) ReliantUNIX support from Udo Schweigert - - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom + - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom - - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report + - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report from Jim Watt - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known to compile on more platforms (incl NeXT). @@ -101,7 +505,7 @@ cleanup, less cut&paste - markus@cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] - MaxStartups: limit number of unauthenticated connections, work by + MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 [session.c] @@ -111,7 +515,7 @@ typo - aaron@cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] - Insert more missing .El directives. Our troff really should identify + Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd@cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] @@ -144,7 +548,7 @@ Kevin Steves - (djm) Match prototype and function declaration for rresvport_af. Problem report from Niklas Edmundsson - - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM + - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM builds. Problem report from Gregory Leblanc - (djm) Replace ut_name with ut_user. Patch from Jim Watt @@ -154,19 +558,19 @@ uids. Based on problem report from Jim Watt - (djm) More NeXT compatibility from Ben Lindstrom Including sigaction() et al. replacements - - (djm) AIX getuserattr() session initialisation from Tom Bertelson + - (djm) AIX getuserattr() session initialisation from Tom Bertelson 20000708 - - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from + - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from Aaron Hopkins - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from Lutz Jaenicke - - (djm) Fixed undefined variables for OSF SIA. Report from + - (djm) Fixed undefined variables for OSF SIA. Report from Baars, Henk - - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c + - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c Fix from Marquess, Steve Mr JMLFDC - - (djm) Don't use inet_addr. + - (djm) Don't use inet_addr. 20000702 - (djm) Fix brace mismatch from Corinna Vinschen @@ -174,7 +578,7 @@ on fix from HARUYAMA Seigo - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from Chris, the Young One - - (djm) Fix scp progress meter on really wide terminals. Based on patch + - (djm) Fix scp progress meter on really wide terminals. Based on patch from James H. Cloos Jr. 20000701 @@ -193,9 +597,9 @@ - (djm) Patch from Michael Stone to add support for Irix 6.x array sessions, project id's, and system audit trail id. - (djm) Added 'distprep' make target to simplify packaging - - (djm) Added patch from Chris Adams to add OSF SIA + - (djm) Added patch from Chris Adams to add OSF SIA support. Enable using "USE_SIA=1 ./configure [options]" - + 20000627 - (djm) Fixes to login code - not setting li->uid, cleanups - (djm) Formatting @@ -213,7 +617,7 @@ correct check for bad channel ids; from Wei Dai 20000623 - - (djm) Use sa_family_t in prototype for rresvport_af. Patch from + - (djm) Use sa_family_t in prototype for rresvport_af. Patch from Svante Signell - (djm) Autoconf logic to define sa_family_t if it is missing - OpenBSD CVS Updates: @@ -241,11 +645,11 @@ - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] - [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] + [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] - [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] - [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] + [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] + [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag @@ -254,17 +658,17 @@ 20000620 - (djm) Replace use of '-o' and '-a' logical operators in configure tests - with '||' and '&&'. As suggested by Jim Knoble + with '||' and '&&'. As suggested by Jim Knoble to fix SCO Unixware problem reported by Gary E. Miller - (djm) Typo in loginrec.c 20000618 - (djm) Add summary of configure options to end of ./configure run - - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from + - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from Michael Stone - - (djm) rusage is a privileged operation on some Unices (incl. + - (djm) rusage is a privileged operation on some Unices (incl. Solaris 2.5.1). Report from Paul D. Smith - - (djm) Avoid PAM failures when running without a TTY. Report from + - (djm) Avoid PAM failures when running without a TTY. Report from Martin Petrak - (djm) Include sys/types.h when including netinet/in.h in configure tests. Patch from Jun-ichiro itojun Hagino @@ -317,7 +721,7 @@ - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is def'd - Set AIX to use preformatted manpages - + 20000610 - (djm) Minor doc tweaks - (djm) Fix for configure on bash2 from Jim Knoble @@ -329,11 +733,11 @@ 20000606 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through list of commands (by default). Removed verbose debugging (by default). - - (djm) Increased command entropy estimates and default entropy collection + - (djm) Increased command entropy estimates and default entropy collection timeout - (djm) Remove duplicate headers from loginrec.c - (djm) Don't add /usr/local/lib to library search path on Irix - - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III + - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg @@ -343,7 +747,7 @@ teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - - markus@cvs.openbsd.org + - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] @@ -356,14 +760,14 @@ [version.h] OpenSSH 2.1.1 [auth-rsa.c] - fix match_hostname() logic for auth-rsa: deny access if we have a + fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] - don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via + don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org 20000606 - - (djm) Added --with-cflags, --with-ldflags and --with-libs options to + - (djm) Added --with-cflags, --with-ldflags and --with-libs options to configure. 20000604 @@ -374,7 +778,7 @@ - (andre) New login code - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c - Add loginrec.[ch], logintest.c and autoconf code - + 20000531 - Cleanup of auth.c, login.c and fake-* - Cleanup of auth-pam.c, save and print "account expired" error messages @@ -410,9 +814,9 @@ - Don't touch utmp if USE_UTMPX defined - SunOS 4.x support from Todd C. Miller - SIGCHLD fix for AIX and HPUX from Tom Bertelson - - HPUX and Configure fixes from Lutz Jaenicke + - HPUX and Configure fixes from Lutz Jaenicke - - Use mkinstalldirs script to make directories instead of non-portable + - Use mkinstalldirs script to make directories instead of non-portable "install -d". Suggested by Lutz Jaenicke - Doc cleanup @@ -423,7 +827,7 @@ [sshconnect.c] copy only ai_addrlen bytes; misiek@pld.org.pl [auth.c] - accept an empty shell in authentication; bug reported by + accept an empty shell in authentication; bug reported by chris@tinker.ucr.edu [serverloop.c] we don't have stderr for interactive terminal sessions (fcntl errors) @@ -441,10 +845,10 @@ optionally run 'ent' to measure command entropy - Applied Tom Bertelson's AIX authentication fix - Avoid WCOREDUMP complation errors for systems that lack it - - Avoid SIGCHLD warnings from entropy commands + - Avoid SIGCHLD warnings from entropy commands - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson - OpenBSD CVS update: - - markus@cvs.openbsd.org + - markus@cvs.openbsd.org [ssh.c] fix usage() [ssh2.h] @@ -459,19 +863,19 @@ - INSTALL typo and URL fix - Makefile fix - Solaris fixes - - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka + - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka - RSAless operation patch from kevin_oconnor@standardandpoors.com - Detect OpenSSL seperatly from RSA - - Better test for RSA (more compatible with RSAref). Based on work by + - Better test for RSA (more compatible with RSAref). Based on work by Ed Eden 20000513 - - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz + - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz 20000511 - - Fix for prng_seed permissions checking from Lutz Jaenicke + - Fix for prng_seed permissions checking from Lutz Jaenicke - "make host-key" fix for Irix @@ -500,7 +904,7 @@ - OpenSSH-2.1 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a - Doc updates - - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported + - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported by Andre Lucas 20000508 @@ -514,7 +918,7 @@ - interop w/ SecureFX - Release 2.0.0beta2 - - Configure caching and cleanup patch from Andre Lucas' + - Configure caching and cleanup patch from Andre Lucas' 20000507 @@ -532,7 +936,7 @@ - deraadt@cvs.openbsd.org [scp.c] - more atomicio - - markus@cvs.openbsd.org + - markus@cvs.openbsd.org [channels.c] - set O_NONBLOCK [ssh.1] @@ -550,7 +954,7 @@ - document -X and -x [ssh-keygen.c] - simplify usage - - markus@cvs.openbsd.org + - markus@cvs.openbsd.org [sshd.8] - there is no rhosts_dsa [ssh-keygen.1] @@ -600,7 +1004,7 @@ - unlink pid file, ok niels@ [auth2.c] - Add missing #ifdefs; ok - markus - - Add Andre Lucas' patch to read entropy + - Add Andre Lucas' patch to read entropy gathering commands from a text file - Release 2.0.0beta1 @@ -618,9 +1022,9 @@ - Minor tweaks and typo fixes. [ssh-keygen.c] - Put -d into usage and reorder. markus ok. - - Include missing headers for OpenSSL tests. Fix from Phil Karn + - Include missing headers for OpenSSL tests. Fix from Phil Karn - - Fixed __progname symbol collisions reported by Andre Lucas + - Fixed __progname symbol collisions reported by Andre Lucas - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering @@ -636,7 +1040,7 @@ - Adds timeout to entropy collection - Disables slow entropy sources - Load and save seed file - - Changed entropy seed code to user per-user seeds only (server seed is + - Changed entropy seed code to user per-user seeds only (server seed is saved in root's .ssh directory) - Use atexit() and fatal cleanups to save seed on exit - More OpenBSD updates: @@ -686,7 +1090,7 @@ [sshconnect2.c] - less debug, respect .ssh/config [README.openssh2 channels.c channels.h] - - clientloop.c session.c ssh.c + - clientloop.c session.c ssh.c - support for x11-fwding, client+server 20000421 @@ -696,11 +1100,11 @@ via Debian bug #59926 - Define __progname in session.c if libc doesn't - Remove indentation on autoconf #include statements to avoid bug in - DEC Tru64 compiler. Report and fix from David Del Piero + DEC Tru64 compiler. Report and fix from David Del Piero 20000420 - - Make fixpaths work with perl4, patch from Andre Lucas + - Make fixpaths work with perl4, patch from Andre Lucas - Sync with OpenBSD CVS: [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c] @@ -720,7 +1124,7 @@ [channels.c] - fix pr 1196, listen_port and port_to_connect interchanged [scp.c] - - after completion, replace the progress bar ETA counter with a final + - after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch [ssh_config sshd_config] - show 'Protocol' as an example, ok markus@ @@ -730,7 +1134,7 @@ 20000416 - Reduce diff against OpenBSD source - - All OpenSSL includes are now unconditionally referenced as + - All OpenSSL includes are now unconditionally referenced as openssl/foo.h - Pick up formatting changes - Other minor changed (typecasts, etc) that I missed @@ -748,7 +1152,7 @@ 20000413 - INSTALL doc updates - Merged OpenBSD updates to include paths. - + 20000412 - OpenBSD CVS updates: - [channels.c] @@ -779,7 +1183,7 @@ no adjust after close - [sshd.c compat.c ] interop w/ latest ssh.com windows client. - + 20000406 - OpenBSD CVS update: - [channels.c] @@ -847,7 +1251,7 @@ 20000326 - Better tests for OpenSSL w/ RSAref - - Added replacement setenv() function from OpenBSD libc. Suggested by + - Added replacement setenv() function from OpenBSD libc. Suggested by Ben Lindstrom - OpenBSD CVS update - [auth-krb4.c] @@ -875,17 +1279,17 @@ - Checks for 64 bit int types. Problem report from Mats Fredholm - OpenBSD CVS updates: - - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] + - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c] [sshd.c] pedantic: signed vs. unsigned, void*-arithm, etc - [ssh.1 sshd.8] Various cleanups and standardizations. - - Runtime error fix for HPUX from Otmar Stahl + - Runtime error fix for HPUX from Otmar Stahl 20000316 - - Fixed configure not passing LDFLAGS to Solaris. Report from David G. + - Fixed configure not passing LDFLAGS to Solaris. Report from David G. Hesprich - Propogate LD through to Makefile - Doc cleanups @@ -894,18 +1298,18 @@ 20000315 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list problems with gcc/Solaris. - - Don't free argument to putenv() after use (in setenv() replacement). + - Don't free argument to putenv() after use (in setenv() replacement). Report from Seigo Tanimura - - Created contrib/ subdirectory. Included helpers from Phil Hands' + - Created contrib/ subdirectory. Included helpers from Phil Hands' Debian package, README file and chroot patch from Ricardo Cerqueira - - Moved gnome-ssh-askpass.c to contrib directory and removed config + - Moved gnome-ssh-askpass.c to contrib directory and removed config option. - Slight cleanup to doc files - Configure fix from Bratislav ILICH 20000314 - - Include macro for IN6_IS_ADDR_V4MAPPED. Report from + - Include macro for IN6_IS_ADDR_V4MAPPED. Report from peter@frontierflying.com - Include /usr/local/include and /usr/local/lib for systems that don't do it themselves @@ -940,7 +1344,7 @@ - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE [pty.c pty.h] - - register cleanup for pty earlier. move code for pty-owner handling to + - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. @@ -976,13 +1380,13 @@ - missing xfree() - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) - - register cleanup for pty earlier. move code for pty-owner handling to + - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ - create x11 cookie file - fix pr 1113, fclose() -> pclose(), todo: remote popen() - version 1.2.3 - Cleaned up - - Removed warning workaround for Linux and devpts filesystems (no longer + - Removed warning workaround for Linux and devpts filesystems (no longer required after OpenBSD updates) 20000308 @@ -996,13 +1400,13 @@ - Explicitly seed OpenSSL's PRNG before checking rsa_alive() - Check for getpagesize in libucb.a if not found in libc. Fix for old Solaris from Andre Lucas - - Check for libwrap if --with-tcp-wrappers option specified. Suggestion + - Check for libwrap if --with-tcp-wrappers option specified. Suggestion Mate Wierdl 20000303 - Added "make host-key" target, Suggestion from Dominik Brettnacher - - Don't permanently fail on bind() if getaddrinfo has more choices left for + - Don't permanently fail on bind() if getaddrinfo has more choices left for us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz Miskiewicz - DEC Unix compile fix from David Del Piero @@ -1017,10 +1421,10 @@ RSA support built in (this is a problem with OpenSSL 0.9.5). - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de - Avoid warning message with Unix98 ptys - - Warning was valid - possible race condition on PTYs. Avoided using + - Warning was valid - possible race condition on PTYs. Avoided using platform-specific code. - Document some common problems - - Allow root access to any key. Patch from + - Allow root access to any key. Patch from markus.friedl@informatik.uni-erlangen.de 20000207 @@ -1031,10 +1435,10 @@ - Add --with-ssl-dir option 20000202 - - Fix lastlog code for directory based lastlogs. Fix from Josh Durham + - Fix lastlog code for directory based lastlogs. Fix from Josh Durham - Documentation fixes from HARUYAMA Seigo - - Added URLs to Japanese translations of documents by HARUYAMA Seigo + - Added URLs to Japanese translations of documents by HARUYAMA Seigo 20000201 @@ -1049,24 +1453,24 @@ 20000126 - Released 1.2.2 stable - - NeXT keeps it lastlog in /usr/adm. Report from + - NeXT keeps it lastlog in /usr/adm. Report from mouring@newton.pconline.com - - Added note in UPGRADING re interop with commercial SSH using idea. + - Added note in UPGRADING re interop with commercial SSH using idea. Report from Jim Knoble - Fix linking order for Kerberos/AFS. Fix from Holget Trapp 20000125 - - Fix NULL pointer dereference in login.c. Fix from Andre Lucas + - Fix NULL pointer dereference in login.c. Fix from Andre Lucas - Reorder PAM initialisation so it does not mess up lastlog. Reported by Andre Lucas - - Use preformatted manpages on SCO, report from Gary E. Miller + - Use preformatted manpages on SCO, report from Gary E. Miller - New URL for x11-ssh-askpass. - - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble + - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble - - Added 'DESTDIR' option to Makefile to ease package building. Patch from + - Added 'DESTDIR' option to Makefile to ease package building. Patch from Jim Knoble - Updated RPM spec files to use DESTDIR @@ -1078,7 +1482,7 @@ - OpenBSD CVS: - [packet.c] getsockname() requires initialized tolen; andy@guildsoftware.com - - AIX patch from Matt Richards and David Rankin + - AIX patch from Matt Richards and David Rankin - Fix lastlog support, patch from Andre Lucas @@ -1098,9 +1502,9 @@ - [sshd.c] log with level log() not fatal() if peer behaves badly. - [readpass.c] - instead of blocking SIGINT, catch it ourselves, so that we can clean - the tty modes up and kill ourselves -- instead of our process group - leader (scp, cvs, ...) going away and leaving us in noecho mode. + instead of blocking SIGINT, catch it ourselves, so that we can clean + the tty modes up and kill ourselves -- instead of our process group + leader (scp, cvs, ...) going away and leaving us in noecho mode. people with cbreak shells never even noticed.. - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] ie. -> i.e., @@ -1113,12 +1517,12 @@ - [sshconnect.c] - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - destroy keys earlier - - split key exchange (kex) and user authentication (user-auth), + - split key exchange (kex) and user authentication (user-auth), ok: provos@ - [sshd.c] - no need for poll.h; from bright@wintelcom.net - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - - split key exchange (kex) and user authentication (user-auth), + - split key exchange (kex) and user authentication (user-auth), ok: provos@ - Big manpage and config file cleanup from Andre Lucas @@ -1137,29 +1541,29 @@ 20000118 - Fixed --with-pid-dir option - Makefile fix from Gary E. Miller - - Compile fix for HPUX and Solaris from Andre Lucas + - Compile fix for HPUX and Solaris from Andre Lucas 20000117 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial port, ignore EINVAL errors (Linux) when searching for free port. - - Revert __snprintf -> snprintf aliasing. Apparently Solaris + - Revert __snprintf -> snprintf aliasing. Apparently Solaris __snprintf isn't. Report from Theo de Raadt - Document location of Redhat PAM file in INSTALL. - - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6 - INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to + - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6 + INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to deliver (no IPv6 kernel support) - Released 1.2.1pre27 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c) - - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen + - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen - - Fix hang on logout if processes are still using the pty. Needs + - Fix hang on logout if processes are still using the pty. Needs further testing. - Patch from Christos Zoulas - Try $prefix first when looking for OpenSSL. - Include sys/types.h when including sys/socket.h in test programs - - Substitute PID directory in sshd.8. Suggestion from Andrew + - Substitute PID directory in sshd.8. Suggestion from Andrew Stribblehill 20000116 @@ -1168,17 +1572,17 @@ - Released 1.2.1pre26 - Compilation fix from Kiyokazu SUTO - - Fixed broken bugfix for /dev/ptmx on Linux systems which lack + - Fixed broken bugfix for /dev/ptmx on Linux systems which lack openpty(). Report from Kiyokazu SUTO 20000115 - Add --with-xauth-path configure directive and explicit test for - /usr/openwin/bin/xauth for Solaris systems. Report from Anders + /usr/openwin/bin/xauth for Solaris systems. Report from Anders Nordby - - Fix incorrect detection of /dev/ptmx on Linux systems that lack + - Fix incorrect detection of /dev/ptmx on Linux systems that lack openpty. Report from John Seifarth - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in - sys/types.h. Fixes problems on SCO, report from Gary E. Miller + sys/types.h. Fixes problems on SCO, report from Gary E. Miller - Use __snprintf and __vnsprintf if they are found where snprintf and vnsprintf are lacking. Suggested by Ben Taylor @@ -1190,11 +1594,11 @@ [scp.c packet.h packet.c login.c log.c canohost.c channels.c] [hostfile.c sshd_config] ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new - features: sshd allows multiple ListenAddress and Port options. note - that libwrap is not IPv6-ready. (based on patches from + features: sshd allows multiple ListenAddress and Port options. note + that libwrap is not IPv6-ready. (based on patches from fujiwara@rcac.tdi.co.jp) - [ssh.c canohost.c] - more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, + more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, from itojun@ - [channels.c] listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE) @@ -1203,7 +1607,7 @@ - [scp.1 sshd.8 servconf.h scp.c] document -4, -6, and 'ssh -L 2022/::1/22' - [ssh.c] - 'ssh @host' is illegal (null user name), from + 'ssh @host' is illegal (null user name), from karsten@gedankenpolizei.de - [sshconnect.c] better error message @@ -1232,7 +1636,7 @@ Holger Trapp 20000105 - - Fixed annoying DES corruption problem. libcrypt has been + - Fixed annoying DES corruption problem. libcrypt has been overriding symbols in libcrypto. Removed libcrypt and crypt.h altogether (libcrypto includes its own crypt(1) replacement) - Added platform-specific rules for Irix 6.x. Included warning that @@ -1240,14 +1644,14 @@ 20000103 - Add explicit make rules for files proccessed by fixpaths. - - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori + - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori - - Removed "nullok" directive from default PAM configuration files. - Added information on enabling EmptyPasswords on openssh+PAM in + - Removed "nullok" directive from default PAM configuration files. + Added information on enabling EmptyPasswords on openssh+PAM in UPGRADING file. - OpenBSD CVS updates - [ssh-agent.c] - cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and + cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and dgaudet@arctic.org - [sshconnect.c] compare correct version for 1.3 compat mode @@ -1259,18 +1663,18 @@ 19991231 - - Fix password support on systems with a mixture of shadowed and - non-shadowed passwords (e.g. NIS). Report and fix from + - Fix password support on systems with a mixture of shadowed and + non-shadowed passwords (e.g. NIS). Report and fix from HARUYAMA Seigo - - Fix broken autoconf typedef detection. Report from Marc G. + - Fix broken autoconf typedef detection. Report from Marc G. Fournier - Fix occasional crash on LinuxPPC. Patch from Franz Sirl - - Prevent typedefs from being compiled more than once. Report from + - Prevent typedefs from being compiled more than once. Report from Marc G. Fournier - Fill in ut_utaddr utmp field. Report from Benjamin Charron - - Really fix broken default path. Fix from Jim Knoble + - Really fix broken default path. Fix from Jim Knoble - Remove test for quad_t. No longer needed. - Released 1.2.1pre24 @@ -1282,9 +1686,9 @@ - OpenBSD CVS updates: - [auth-passwd.c] check for NULL 1st - - Removed most of the pam code into its own file auth-pam.[ch]. This + - Removed most of the pam code into its own file auth-pam.[ch]. This cleaned up sshd.c up significantly. - - PAM authentication was incorrectly interpreting + - PAM authentication was incorrectly interpreting "PermitRootLogin without-password". Report from Matthias Andree - Fix --with-default-path option. - - Autodetect perl, patch from David Rankin + - Autodetect perl, patch from David Rankin - - Print whether OpenSSH was compiled with RSARef, patch from + - Print whether OpenSSH was compiled with RSARef, patch from Nalin Dahyabhai - - Calls to pam_setcred, patch from Nalin Dahyabhai + - Calls to pam_setcred, patch from Nalin Dahyabhai - Detect missing size_t and typedef it. - Rename helper.[ch] to (more appropriate) bsd-misc.[ch] @@ -1309,7 +1713,7 @@ 19991228 - Replacement for getpagesize() for systems which lack it - - NetBSD login.c compile fix from David Rankin + - NetBSD login.c compile fix from David Rankin - Fully set ut_tv if present in utmp or utmpx - Portability fixes for Irix 5.3 (now compiles OK!) @@ -1341,15 +1745,15 @@ - Revised RPM package to include Jim Knoble's X11 ssh-askpass program. - Disable logging of PAM success and failures, PAM is verbose enough. - Unfortunatly there is currently no way to disable auth failure - messages. Mention this in UPGRADING file and sent message to PAM + Unfortunatly there is currently no way to disable auth failure + messages. Mention this in UPGRADING file and sent message to PAM developers - OpenBSD CVS update: - [ssh-keygen.1 ssh.1] - remove ref to .ssh/random_seed, mention .ssh/environment in + remove ref to .ssh/random_seed, mention .ssh/environment in .Sh FILES, too - Released 1.2.1pre21 - - Fixed implicit '.' in default path, report from Jim Knoble + - Fixed implicit '.' in default path, report from Jim Knoble - Redhat RPM spec fixes from Jim Knoble @@ -1366,20 +1770,20 @@ <96na@eng.cam.ac.uk>) 19991223 - - Merged later HPUX patch from Andre Lucas + - Merged later HPUX patch from Andre Lucas - Above patch included better utmpx support from Ben Taylor 19991222 - - Fix undefined fd_set type in ssh.h from Povl H. Pedersen + - Fix undefined fd_set type in ssh.h from Povl H. Pedersen - Fix login.c breakage on systems which lack ut_host in struct utmp. Reported by Willard Dawson 19991221 - - Integration of large HPUX patch from Andre Lucas - . Integrating it had a few other + - Integration of large HPUX patch from Andre Lucas + . Integrating it had a few other benefits: - Ability to disable shadow passwords at configure time - Ability to disable lastlog support at configure time @@ -1392,12 +1796,12 @@ - Release 1.2.1pre19 19991218 - - Redhat init script patch from Chun-Chung Chen + - Redhat init script patch from Chun-Chung Chen - Avoid breakage on systems without IPv6 headers 19991216 - - Makefile changes for Solaris from Peter Kocks + - Makefile changes for Solaris from Peter Kocks - Minor updates to docs - Merged OpenBSD CVS changes: @@ -1405,7 +1809,7 @@ keysize warnings talk about identity files - [packet.c] "Connection closed by x.x.x.x": fatal() -> log() - - Correctly handle empty passwords in shadow file. Patch from: + - Correctly handle empty passwords in shadow file. Patch from: "Chris, the Young One" - Released 1.2.1pre18 @@ -1415,13 +1819,13 @@ - Use LDFLAGS correctly - Fix SIGIO error in scp - Simplify status line printing in scp - - Added better test for inline functions compiler support from + - Added better test for inline functions compiler support from Darren_Hall@progressive.com 19991214 - OpenBSD CVS Changes - [canohost.c] - fix get_remote_port() and friends for sshd -i; + fix get_remote_port() and friends for sshd -i; Holger.Trapp@Informatik.TU-Chemnitz.DE - [mpaux.c] make code simpler. no need for memcpy. niels@ ok @@ -1441,16 +1845,16 @@ - Doc updates 19991211 - - Fix compilation on systems with AFS. Reported by + - Fix compilation on systems with AFS. Reported by aloomis@glue.umd.edu - - Fix installation on Solaris. Reported by + - Fix installation on Solaris. Reported by Gordon Rowell - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com, patch from Markus Friedl - Auto-locate xauth. Patch from David Agraz - Compile fix from David Agraz - Avoid compiler warning in bsd-snprintf.c - - Added pam_limits.so to default PAM config. Suggested by + - Added pam_limits.so to default PAM config. Suggested by Jim Knoble 19991209 @@ -1465,8 +1869,8 @@ - [sshd.c] make sure the client selects a supported cipher - [sshd.c] - fix sighup handling. accept would just restart and daemon handled - sighup only after the next connection was accepted. use poll on + fix sighup handling. accept would just restart and daemon handled + sighup only after the next connection was accepted. use poll on listen sock now. - [sshd.c] make that a fatal @@ -1475,18 +1879,18 @@ - Released 1.2pre17 19991208 - - Compile fix for Solaris with /dev/ptmx from + - Compile fix for Solaris with /dev/ptmx from David Agraz 19991207 - sshd Redhat init script patch from Jim Knoble fixes compatability with 4.x and 5.x - Fixed default SSH_ASKPASS - - Fix PAM account and session being called multiple times. Problem + - Fix PAM account and session being called multiple times. Problem reported by Adrian Baugh - Merged more OpenBSD changes: - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c] - move atomicio into it's own file. wrap all socket write()s which + move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls. - [auth-skey.c] fd leak @@ -1600,23 +2004,23 @@ 19991122 - Make close gnome-ssh-askpass (Debian bug #50299) - OpenBSD CVS Changes - - [ssh-keygen.c] - don't create ~/.ssh only if the user wants to store the private - key there. show fingerprint instead of public-key after + - [ssh-keygen.c] + don't create ~/.ssh only if the user wants to store the private + key there. show fingerprint instead of public-key after keygeneration. ok niels@ - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h - Added timersub() macro - Tidy RCSIDs of bsd-*.c - - Added autoconf test and macro to deal with old PAM libraries + - Added autoconf test and macro to deal with old PAM libraries pam_strerror definition (one arg vs two). - Fix EGD problems (Thanks to Ben Taylor ) - - Retry /dev/urandom reads interrupted by signal (report from + - Retry /dev/urandom reads interrupted by signal (report from Robert Hardy ) - Added a setenv replacement for systems which lack it - Only display public key comment when presenting ssh-askpass dialog - Released 1.2pre14 - - Configure, Make and changelog corrections from Tudor Bosman + - Configure, Make and changelog corrections from Tudor Bosman and Niels Kristian Bech Jensen 19991121 @@ -1643,13 +2047,13 @@ print usage() everytime we get bad options - [ssh-keygen.c] overflow, djm@mindrot.org - [sshd.c] fix sigchld race; cjc5@po.cwru.edu - + 19991120 - - Merged more Solaris support from Marc G. Fournier + - Merged more Solaris support from Marc G. Fournier - Wrote autoconf tests for integer bit-types - Fixed enabling kerberos support - - Fix segfault in ssh-keygen caused by buffer overrun in filename + - Fix segfault in ssh-keygen caused by buffer overrun in filename handling. 19991119 @@ -1662,14 +2066,14 @@ - EGD uses a socket, not a named pipe. Duh. - Fix includes in fingerprint.c - Fix scp progress bar bug again. - - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of + - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of David Rankin - Added autoconf option to enable Kerberos 4 support (untested) - Added autoconf option to enable AFS support (untested) - Added autoconf option to enable S/Key support (untested) - Added autoconf option to enable TCP wrappers support (compiles OK) - Renamed BSD helper function files to bsd-* - - Added tests for login and daemon and enable OpenBSD replacements for + - Added tests for login and daemon and enable OpenBSD replacements for when they are absent. - Added non-PAM MD5 password support patch from Tudor Bosman @@ -1677,7 +2081,7 @@ - Merged OpenBSD CVS changes - [scp.c] foregroundproc() in scp - [sshconnect.h] include fingerprint.h - - [sshd.c] bugfix: the log() for passwd-auth escaped during logging + - [sshd.c] bugfix: the log() for passwd-auth escaped during logging changes. - [ssh.1] Spell my name right. - Added openssh.com info to README @@ -1686,20 +2090,20 @@ - Merged OpenBSD CVS changes - [ChangeLog.Ylonen] noone needs this anymore - [authfd.c] close-on-exec for auth-socket, ok deraadt - - [hostfile.c] - in known_hosts key lookup the entry for the bits does not need - to match, all the information is contained in n and e. This - solves the problem with buggy servers announcing the wrong + - [hostfile.c] + in known_hosts key lookup the entry for the bits does not need + to match, all the information is contained in n and e. This + solves the problem with buggy servers announcing the wrong modulus length. markus and me. - - [serverloop.c] - bugfix: check for space if child has terminated, from: + - [serverloop.c] + bugfix: check for space if child has terminated, from: iedowse@maths.tcd.ie - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] [fingerprint.c fingerprint.h] rsa key fingerprints, idea from Bjoern Groenvall - [ssh-agent.1] typo - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - - [sshd.c] + - [sshd.c] force logging to stderr while loading private key file (lost while converting to new log-levels) @@ -1720,10 +2124,10 @@ 19991115 - Merged OpenBSD CVS changes: - - [ssh-add.c] change passphrase loop logic and remove ref to + - [ssh-add.c] change passphrase loop logic and remove ref to $DISPLAY, ok niels - Changed to ssh-add.c broke askpass support. Revised it to be a little more - modular. + modular. - Revised autoconf support for enabling/disabling askpass support. - Merged more OpenBSD CVS changes: [auth-krb4.c] @@ -1763,9 +2167,9 @@ - Added 'Obsoletes' lines to RPM spec file - Merged OpenBSD CVS changes: - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels - - [scp.c] fix overflow reported by damien@ibs.com.au: off_t + - [scp.c] fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron - - Delay fork (-f option) in ssh until after port forwarded connections + - Delay fork (-f option) in ssh until after port forwarded connections have been initialised. Patch from Jani Hakala - Added shadow password patch from Thomas Neumann - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled @@ -1777,7 +2181,7 @@ - Merged changes from OpenBSD CVS - [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] - IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok + IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSD's - Grab server in gnome-ssh-askpass (Debian bug #49872) @@ -1806,11 +2210,11 @@ - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - - Fix integer overflow which was messing up scp's progress bar for large + - Fix integer overflow which was messing up scp's progress bar for large file transfers. Fix submitted to OpenBSD developers. Report and fix from Kees Cook - Merged more OpenBSD CVS changes: - - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() + - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() + krb-cleanup cleanup - [clientloop.c log-client.c log-server.c ] [readconf.c readconf.h servconf.c servconf.h ] @@ -1899,7 +2303,7 @@ - Improved PAM logging - Added some debug() calls for PAM - Removed redundant subdirectories - - Integrated part of a patch from Dan Brosemer for + - Integrated part of a patch from Dan Brosemer for building on Debian. - Fixed off-by-one error in PAM env patch - Released 1.2pre6