]>
andersk Git - openssh.git/log
mouring [Thu, 6 Jun 2002 21:46:07 +0000 (21:46 +0000)]
- markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
mouring [Thu, 6 Jun 2002 21:40:51 +0000 (21:40 +0000)]
- markus@cvs.openbsd.org 2002/06/04 23:05:49
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
__FUNCTION__ -> __func__
NOTE: This includes all portable references also.
mouring [Thu, 6 Jun 2002 20:59:25 +0000 (20:59 +0000)]
- markus@cvs.openbsd.org 2002/06/04 23:02:06
[packet.c]
remove __FUNCTION__
mouring [Thu, 6 Jun 2002 20:58:19 +0000 (20:58 +0000)]
- markus@cvs.openbsd.org 2002/06/04 19:53:40
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
mouring [Thu, 6 Jun 2002 20:57:17 +0000 (20:57 +0000)]
- markus@cvs.openbsd.org 2002/06/04 19:42:35
[monitor.c]
only allow enabled authentication methods; ok provos@
mouring [Thu, 6 Jun 2002 20:56:07 +0000 (20:56 +0000)]
- deraadt@cvs.openbsd.org 2002/06/03 12:04:07
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
mouring [Thu, 6 Jun 2002 20:55:04 +0000 (20:55 +0000)]
- markus@cvs.openbsd.org 2002/05/31 13:20:50
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
mouring [Thu, 6 Jun 2002 20:54:07 +0000 (20:54 +0000)]
- markus@cvs.openbsd.org 2002/05/31 13:16:48
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
mouring [Thu, 6 Jun 2002 20:52:37 +0000 (20:52 +0000)]
- markus@cvs.openbsd.org 2002/05/31 11:35:15
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
mouring [Thu, 6 Jun 2002 20:51:04 +0000 (20:51 +0000)]
- markus@cvs.openbsd.org 2002/05/31 10:30:33
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
mouring [Thu, 6 Jun 2002 20:50:07 +0000 (20:50 +0000)]
- markus@cvs.openbsd.org 2002/05/30 08:07:31
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
mouring [Thu, 6 Jun 2002 20:46:25 +0000 (20:46 +0000)]
- markus@cvs.openbsd.org 2002/05/29 11:21:57
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
mouring [Thu, 6 Jun 2002 20:45:33 +0000 (20:45 +0000)]
- stevesk@cvs.openbsd.org 2002/05/29 03:06:30
[ssh.1 sshd.8]
spelling
mouring [Thu, 6 Jun 2002 20:44:06 +0000 (20:44 +0000)]
- stevesk@cvs.openbsd.org 2002/05/28 21:24:00
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
mouring [Thu, 6 Jun 2002 20:42:04 +0000 (20:42 +0000)]
- (bal) Corrected debug() in uidswap.c to match upstream.
mouring [Thu, 6 Jun 2002 20:38:49 +0000 (20:38 +0000)]
- stevesk@cvs.openbsd.org 2002/05/28 17:28:02
[uidswap.c]
format spec change/casts and some KNF; ok markus@
mouring [Thu, 6 Jun 2002 20:33:06 +0000 (20:33 +0000)]
- stevesk@cvs.openbsd.org 2002/05/28 16:45:27
[monitor_mm.c]
print strerror(errno) on mmap/munmap error; ok markus@
mouring [Thu, 6 Jun 2002 20:30:28 +0000 (20:30 +0000)]
- stevesk@cvs.openbsd.org 2002/05/26 20:35:10
[ssh.1]
sort ChallengeResponseAuthentication; ok markus@
mouring [Thu, 6 Jun 2002 20:27:55 +0000 (20:27 +0000)]
- markus@cvs.openbsd.org 2002/05/25 18:51:07
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
mouring [Thu, 6 Jun 2002 20:05:57 +0000 (20:05 +0000)]
- markus@cvs.openbsd.org 2002/05/25 08:50:39
[sshconnect2.c]
execlp->execl; from stevesk
mouring [Thu, 6 Jun 2002 19:59:29 +0000 (19:59 +0000)]
- markus@cvs.openbsd.org 2002/05/24 08:45:14
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
mouring [Thu, 6 Jun 2002 19:58:27 +0000 (19:58 +0000)]
- markus@cvs.openbsd.org 2002/05/23 19:39:34
[ssh.c]
add comment about ssh-keysign
mouring [Thu, 6 Jun 2002 19:57:33 +0000 (19:57 +0000)]
- markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
mouring [Thu, 6 Jun 2002 19:51:58 +0000 (19:51 +0000)]
- deraadt@cvs.openbsd.org 2002/05/22 23:18:25
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
mouring [Thu, 6 Jun 2002 19:51:06 +0000 (19:51 +0000)]
- deraadt@cvs.openbsd.org 2002/05/19 20:54:52
[log.h]
extra commas in enum not 100% portable
mouring [Thu, 6 Jun 2002 19:49:54 +0000 (19:49 +0000)]
- stevesk@cvs.openbsd.org 2002/05/16 22:09:59
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
mouring [Thu, 6 Jun 2002 19:48:16 +0000 (19:48 +0000)]
- markus@cvs.openbsd.org 2002/05/16 22:02:50
[cipher.c kex.h mac.c]
fix warnings (openssl 0.9.7 requires const)
mouring [Thu, 6 Jun 2002 19:47:11 +0000 (19:47 +0000)]
- markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
stevesk [Tue, 4 Jun 2002 20:52:19 +0000 (20:52 +0000)]
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
setsockopt from debug to error for now).
tim [Tue, 28 May 2002 00:37:32 +0000 (00:37 +0000)]
[configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
djm [Wed, 22 May 2002 05:06:28 +0000 (05:06 +0000)]
unbreak (aaarrrgggh - stupid vi)
djm [Wed, 22 May 2002 04:24:01 +0000 (04:24 +0000)]
sync scard/
djm [Wed, 22 May 2002 04:14:54 +0000 (04:14 +0000)]
crank rpm spec versions
djm [Wed, 22 May 2002 04:14:00 +0000 (04:14 +0000)]
Crank version
(also missed changelog message)
djm [Wed, 22 May 2002 04:04:11 +0000 (04:04 +0000)]
rcsid sync
djm [Wed, 22 May 2002 01:02:15 +0000 (01:02 +0000)]
fix spelling mistakes spotted by Solar Designer <solar@openwall.com>
stevesk [Tue, 21 May 2002 17:59:13 +0000 (17:59 +0000)]
- (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
stevesk [Tue, 21 May 2002 17:50:21 +0000 (17:50 +0000)]
- (stevesk) [sshd.c] bug 245; disable setsid() for now
tim [Fri, 17 May 2002 15:59:22 +0000 (15:59 +0000)]
[configure.ac] remove extra MD5_MSG="no" line.
djm [Wed, 15 May 2002 23:25:38 +0000 (23:25 +0000)]
p1
mouring [Wed, 15 May 2002 21:50:14 +0000 (21:50 +0000)]
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/05/15 21:05:29
[version.h]
enter OpenSSH_3.2.2
- (bal) Caldara, Suse, and Redhat openssh.specs updated.
mouring [Wed, 15 May 2002 21:37:34 +0000 (21:37 +0000)]
- markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
mouring [Wed, 15 May 2002 21:36:45 +0000 (21:36 +0000)]
- millert@cvs.openbsd.org 2002/05/06 23:34:33
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
mouring [Wed, 15 May 2002 21:35:43 +0000 (21:35 +0000)]
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
mouring [Wed, 15 May 2002 16:39:51 +0000 (16:39 +0000)]
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy.
mouring [Wed, 15 May 2002 16:25:01 +0000 (16:25 +0000)]
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
mouring [Wed, 15 May 2002 16:19:37 +0000 (16:19 +0000)]
- markus@cvs.openbsd.org 2002/05/13 21:26:49
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
mouring [Wed, 15 May 2002 16:17:56 +0000 (16:17 +0000)]
- millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
mouring [Wed, 15 May 2002 16:16:14 +0000 (16:16 +0000)]
- markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
mouring [Wed, 15 May 2002 16:14:36 +0000 (16:14 +0000)]
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
mouring [Wed, 15 May 2002 16:09:57 +0000 (16:09 +0000)]
- stevesk@cvs.openbsd.org 2002/05/11 20:24:48
[ssh.h]
typo in comment
mouring [Wed, 15 May 2002 16:08:48 +0000 (16:08 +0000)]
- deraadt@cvs.openbsd.org 2002/05/08 21:06:34
[ssh.h]
move to sshd.sshd instead
mouring [Wed, 15 May 2002 16:07:11 +0000 (16:07 +0000)]
- deraadt@cvs.openbsd.org 2002/05/07 19:54:36
[ssh.h]
use ssh uid
mouring [Wed, 15 May 2002 15:59:17 +0000 (15:59 +0000)]
- (bal) CVS ID fix up on auth-passwd.c
djm [Wed, 15 May 2002 00:12:29 +0000 (00:12 +0000)]
wrap
djm [Wed, 15 May 2002 00:08:17 +0000 (00:08 +0000)]
wrap
tim [Tue, 14 May 2002 16:03:46 +0000 (16:03 +0000)]
update version.
tim [Tue, 14 May 2002 03:50:38 +0000 (03:50 +0000)]
remove reference to UnixWare 7 and OpenUNIX 8
from PAM-enabled pragraph. UnixWare has no PAM.
tim [Tue, 14 May 2002 00:07:18 +0000 (00:07 +0000)]
20020514
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
stevesk [Mon, 13 May 2002 23:31:09 +0000 (23:31 +0000)]
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
djm [Mon, 13 May 2002 05:22:21 +0000 (05:22 +0000)]
- (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ OpenSSL < 0.9.6
djm [Mon, 13 May 2002 05:14:08 +0000 (05:14 +0000)]
- (djm) Bug #234: missing readpassphrase declaration and defines
djm [Mon, 13 May 2002 04:41:31 +0000 (04:41 +0000)]
align summary
djm [Mon, 13 May 2002 04:12:05 +0000 (04:12 +0000)]
unbreak
stevesk [Mon, 13 May 2002 03:57:04 +0000 (03:57 +0000)]
- (stevesk) add initial README.privsep
stevesk [Mon, 13 May 2002 03:51:40 +0000 (03:51 +0000)]
- (stevesk) [configure.ac] nicer message: --with-privsep-user=user
djm [Mon, 13 May 2002 03:30:17 +0000 (03:30 +0000)]
unbreak
djm [Mon, 13 May 2002 03:26:57 +0000 (03:26 +0000)]
- (djm) Update RPM spec file: different superuser path, use
/var/empty/sshd for privsep
djm [Mon, 13 May 2002 03:15:42 +0000 (03:15 +0000)]
- (djm) Add --with-privsep-path configure option
djm [Mon, 13 May 2002 01:07:41 +0000 (01:07 +0000)]
- (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
djm [Mon, 13 May 2002 00:48:57 +0000 (00:48 +0000)]
- (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
the superuser receives.
tim [Sat, 11 May 2002 22:30:04 +0000 (22:30 +0000)]
fix for systems that have both HAVE_ACCRIGHTS_IN_MSGHDR and
HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h has #define msg_accrights msg_control
tim [Sat, 11 May 2002 20:17:42 +0000 (20:17 +0000)]
applied a rework of djm's OpenSSL search cleanup patch.
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....
stevesk [Fri, 10 May 2002 15:48:52 +0000 (15:48 +0000)]
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire. Still don't check for inactive.
mouring [Fri, 10 May 2002 02:40:15 +0000 (02:40 +0000)]
- (bal) Back all the way out of auth-passwd.c changes. Breaks too many
things that don't set pw->pw_passwd.
djm [Fri, 10 May 2002 02:20:24 +0000 (02:20 +0000)]
- (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
djm [Fri, 10 May 2002 02:19:23 +0000 (02:19 +0000)]
- (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi>
tim [Thu, 9 May 2002 14:05:59 +0000 (14:05 +0000)]
Unbreak make -f Makefile.in distprep
djm [Thu, 9 May 2002 05:59:13 +0000 (05:59 +0000)]
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
tim [Wed, 8 May 2002 23:04:14 +0000 (23:04 +0000)]
set SHELL in Makefile in case someone makes from a non bourne compatable shell
tim [Wed, 8 May 2002 22:57:18 +0000 (22:57 +0000)]
fix logic on when seed_rng() is called.
Report by Chris Maxwell <maxwell@cs.dal.ca>
tim [Wed, 8 May 2002 02:51:31 +0000 (02:51 +0000)]
Add truncate() emulation to address Bug 208
djm [Wed, 8 May 2002 02:27:55 +0000 (02:27 +0000)]
- (djm) Don't reinitialise PAM credentials before we have started PAM.
Report from Pekka Savola <pekkas@netcore.fi>
djm [Wed, 8 May 2002 02:24:42 +0000 (02:24 +0000)]
- (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
<pekkas@netcore.fi>
djm [Wed, 8 May 2002 02:18:26 +0000 (02:18 +0000)]
- (djm) Unbreak auth-passwd.c for PAM and SIA
mouring [Mon, 6 May 2002 23:06:08 +0000 (23:06 +0000)]
- (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
djm [Wed, 1 May 2002 12:00:22 +0000 (12:00 +0000)]
- (djm) Fix readpassphase compilation for systems which have it
djm [Wed, 1 May 2002 03:17:33 +0000 (03:17 +0000)]
- (djm) Import OpenBSD regression tests. Requires BSD make to run
tim [Tue, 30 Apr 2002 03:53:12 +0000 (03:53 +0000)]
[contrib/caldera/openssh.spec] update fixUP to reflect changes in sshd_config.
[contrib/cygwin/README] remove reference to regex.
patch from Corinna Vinschen <vinschen@redhat.com>
djm [Fri, 26 Apr 2002 06:54:34 +0000 (06:54 +0000)]
- (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
patch from openssh@misc.tecq.org
djm [Fri, 26 Apr 2002 01:27:24 +0000 (01:27 +0000)]
- (djm) Disable PAM password expiry until a complete fix for bug #188 exists
djm [Fri, 26 Apr 2002 01:25:40 +0000 (01:25 +0000)]
- (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
during distprep only
stevesk [Thu, 25 Apr 2002 18:17:04 +0000 (18:17 +0000)]
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
support. bug #184. most from dcole@keysoftsys.com.
stevesk [Thu, 25 Apr 2002 17:56:07 +0000 (17:56 +0000)]
- (stevesk) [defines.h] remove USE_TIMEVAL; unused
djm [Tue, 23 Apr 2002 23:49:09 +0000 (23:49 +0000)]
- djm@cvs.openbsd.org 2002/04/23 22:16:29
[sshd.c]
Improve error message; ok markus@ stevesk@
djm [Tue, 23 Apr 2002 23:48:14 +0000 (23:48 +0000)]
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/04/23 12:54:10
[version.h]
3.2.1
stevesk [Tue, 23 Apr 2002 20:45:55 +0000 (20:45 +0000)]
- (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
stevesk [Tue, 23 Apr 2002 20:11:13 +0000 (20:11 +0000)]
- (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
markus [Tue, 23 Apr 2002 14:41:12 +0000 (14:41 +0000)]
- markus@cvs.openbsd.org 2002/04/23 12:58:26
[radix.c]
send complete ticket; semerad@ss1000.ms.mff.cuni.cz
markus [Tue, 23 Apr 2002 14:35:15 +0000 (14:35 +0000)]
- markus@openbsd.org 2002/04/23 12:58:26
[radix.c]
send complete ticket; semerad@ss1000.ms.mff.cuni.cz
This page took 0.085022 seconds and 4 git commands to generate.