blob: f42008433ae36dbe547cc71dea94f9948223b505 [file] [log] [blame]
Damien Miller0d7b9342007-06-28 08:48:02 +1000120070628
2 - (djm) bz#1325: Fix SELinux in permissive mode where it would
3 incorrectly fatal() on errors. patch from cjwatson AT debian.org;
4 ok dtucker
5
Darren Tucker067263e2007-06-25 18:32:33 +1000620070625
7 - (dtucker) OpenBSD CVS Sync
8 - djm@cvs.openbsd.org 2007/06/13 00:21:27
9 [scp.c]
10 don't ftruncate() non-regular files; bz#1236 reported by wood AT
11 xmission.com; ok dtucker@
Darren Tuckerd989ada2007-06-25 18:34:43 +100012 - djm@cvs.openbsd.org 2007/06/14 21:43:25
13 [ssh.c]
14 handle EINTR when waiting for mux exit status properly
Darren Tucker132367f2007-06-25 18:59:17 +100015 - djm@cvs.openbsd.org 2007/06/14 22:48:05
16 [ssh.c]
17 when waiting for the multiplex exit status, read until the master end
18 writes an entire int of data *and* closes the client_fd; fixes mux
19 regression spotted by dtucker, ok dtucker@
Darren Tuckerab17f7d2007-06-25 19:04:12 +100020 - djm@cvs.openbsd.org 2007/06/19 02:04:43
21 [atomicio.c]
22 if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
23 avoid a spin if it is not yet ready for reading/writing; ok dtucker@
Darren Tuckerae09cb82007-06-25 19:04:46 +100024 - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
25 [channels.c]
26 Correct test for window updates every three packets; prevents sending
27 window updates for every single packet. ok markus@
Darren Tuckerdc4a7792007-06-25 22:08:10 +100028 - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
29 [atomicio.c]
30 Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
Darren Tucker9e223242007-06-25 19:06:53 +100031 - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
32 atomicio.
Darren Tuckerfebf0f52007-06-25 22:15:12 +100033 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
34 openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
35 Add an implementation of poll() built on top of select(2). Code from
36 OpenNTPD with changes suggested by djm. ok djm@
Darren Tucker067263e2007-06-25 18:32:33 +100037
Darren Tuckercb520172007-06-14 23:21:32 +10003820070614
39 - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
40 USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
41 shared with umac.c. Allows building with OpenSSL 0.9.5 again including
42 umac support. With tim@ djm@, ok djm.
Darren Tuckera2ed7552007-06-14 23:38:39 +100043 - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
44 sections. Fixes builds with early OpenSSL 0.9.6 versions.
Darren Tucker7dae3d22007-06-14 23:47:31 +100045 - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
46 of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
47 subsequent <0.9.7 test.
Darren Tuckercb520172007-06-14 23:21:32 +100048
Darren Tucker395ecc22007-06-12 23:38:53 +10004920070612
50 - (dtucker) OpenBSD CVS Sync
51 - markus@cvs.openbsd.org 2007/06/11 09:14:00
52 [channels.h]
53 increase default channel windows; ok djm
Darren Tucker29a57072007-06-12 23:39:52 +100054 - djm@cvs.openbsd.org 2007/06/12 07:41:00
55 [ssh-add.1]
56 better document ssh-add's -d option (delete identies from agent), bz#1224
57 new text based on some provided by andrewmc-debian AT celt.dias.ie;
58 ok dtucker@
Darren Tucker8f6d0ed2007-06-12 23:40:39 +100059 - djm@cvs.openbsd.org 2007/06/12 08:20:00
60 [ssh-gss.h gss-serv.c gss-genr.c]
61 relocate server-only GSSAPI code from libssh to server; bz #1225
62 patch from simon AT sxw.org.uk; ok markus@ dtucker@
Darren Tucker43ce9022007-06-12 23:41:06 +100063 - djm@cvs.openbsd.org 2007/06/12 08:24:20
64 [scp.c]
65 make scp try to skip FIFOs rather than blocking when nothing is listening.
66 depends on the platform supporting sane O_NONBLOCK semantics for open
67 on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
68 bz #856; report by cjwatson AT debian.org; ok markus@
Darren Tucker2cbec742007-06-12 23:41:33 +100069 - djm@cvs.openbsd.org 2007/06/12 11:11:08
70 [ssh.c]
71 fix slave exit value when a control master goes away without passing the
72 full exit status by ensuring that the slave reads a full int. bz#1261
73 reported by frekko AT gmail.com; ok markus@ dtucker@
Darren Tucker415bddc2007-06-12 23:43:16 +100074 - djm@cvs.openbsd.org 2007/06/12 11:15:17
75 [ssh.c ssh.1]
76 Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
77 GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
78 and is useful for hosts with /home on Kerberised NFS; bz #1312
79 patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
Darren Tucker26047492007-06-12 23:44:10 +100080 - djm@cvs.openbsd.org 2007/06/12 11:45:27
81 [ssh.c]
82 improved exit message from multiplex slave sessions; bz #1262
83 reported by alexandre.nunes AT gmail.com; ok dtucker@
Darren Tuckerb1e128f2007-06-12 23:44:36 +100084 - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
85 [gss-genr.c]
86 Pass GSS OID to gss_display_status to provide better information in
87 error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
Darren Tucker930cb0b2007-06-13 00:00:27 +100088 - jmc@cvs.openbsd.org 2007/06/12 13:41:03
89 [ssh-add.1]
90 identies -> identities;
Darren Tucker0409e152007-06-13 00:00:58 +100091 - jmc@cvs.openbsd.org 2007/06/12 13:43:55
92 [ssh.1]
93 add -K to SYNOPSIS;
Darren Tuckerbed63112007-06-13 00:02:07 +100094 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
95 [scp.c]
96 Encode filename with strnvis if the name contains a newline (which can't
97 be represented in the scp protocol), from bz #891. ok markus@
Darren Tucker395ecc22007-06-12 23:38:53 +100098
Damien Miller835284b2007-06-11 13:03:16 +10009920070611
100 - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
101 fix; tested by dtucker@ and jochen.kirn AT gmail.com
Damien Millere45796f2007-06-11 14:01:42 +1000102 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
103 [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
104 [ssh_config.5 sshd.8 sshd_config.5]
105 Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
106 must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
107 compared to hmac-md5. Represents a different approach to message
108 authentication to that of HMAC that may be beneficial if HMAC based on
109 one of its underlying hash algorithms is found to be vulnerable to a
110 new attack. http://www.ietf.org/rfc/rfc4418.txt
111 in conjunction with and OK djm@
Damien Miller4de545a2007-06-11 14:04:42 +1000112 - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
113 [ssh_config]
114 Add a "MACs" line after "Ciphers" with the default MAC algorithms,
115 to ease people who want to tweak both (eg. for performance reasons).
116 ok deraadt@ djm@ dtucker@
Damien Miller5e7c30b2007-06-11 14:06:32 +1000117 - jmc@cvs.openbsd.org 2007/06/08 07:43:46
118 [ssh_config.5]
119 put the MAC list into a display, like we do for ciphers,
120 since groff has trouble handling wide lines;
Damien Miller22b7b492007-06-11 14:07:12 +1000121 - jmc@cvs.openbsd.org 2007/06/08 07:48:09
122 [sshd_config.5]
123 oops, here too: put the MAC list into a display, like we do for
124 ciphers, since groff has trouble with wide lines;
Damien Miller3191a8e2007-06-11 18:33:15 +1000125 - markus@cvs.openbsd.org 2007/06/11 08:04:44
126 [channels.c]
127 send 'window adjust' messages every tree packets and do not wait
128 until 50% of the window is consumed. ok djm dtucker
Damien Miller34a17692007-06-11 14:15:42 +1000129 - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
130 fallback to provided bit-swizzing functions
Darren Tucker1534fa42007-06-11 14:34:53 +1000131 - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
132 argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
133 but check anyway in case this changes or the code gets used elsewhere.
Darren Tucker725286e2007-06-11 14:44:02 +1000134 - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
135 prevent warnings about redefinitions of various things in paths.h.
136 Spotted by cartmanltd at hotmail.com.
Damien Miller4de545a2007-06-11 14:04:42 +1000137
Darren Tucker4a40ae22007-06-05 18:22:32 +100013820070605
139 - (dtucker) OpenBSD CVS Sync
140 - djm@cvs.openbsd.org 2007/05/22 10:18:52
141 [sshd.c]
142 zap double include; from p_nowaczyk AT o2.pl
143 (not required in -portable, Id sync only)
Darren Tucker0d0d1952007-06-05 18:23:28 +1000144 - djm@cvs.openbsd.org 2007/05/30 05:58:13
145 [kex.c]
146 tidy: KNF, ARGSUSED and u_int
Darren Tuckeraa4d5ed2007-06-05 18:27:13 +1000147 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
148 [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
149 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
150 convert to new .Dd format;
151 (We will need to teach mdoc2man.awk to understand this too.)
Darren Tuckera394f992007-06-05 18:28:20 +1000152 - djm@cvs.openbsd.org 2007/05/31 23:34:29
153 [packet.c]
154 gc unreachable code; spotted by Tavis Ormandy
Darren Tucker7b21cb52007-06-05 18:29:35 +1000155 - djm@cvs.openbsd.org 2007/06/02 09:04:58
156 [bufbn.c]
157 memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
Darren Tucker5f3d5be2007-06-05 18:30:18 +1000158 - djm@cvs.openbsd.org 2007/06/05 06:52:37
159 [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
160 Preserve MAC ctx between packets, saving 2xhash calls per-packet.
161 Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
162 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
163 committing at his request)
Darren Tucker51e5ab02007-06-05 19:16:59 +1000164 - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
165 OpenBSD's cvs now adds.
Darren Tucker88bca062007-06-05 19:30:47 +1000166 - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
167 mindrot's cvs doesn't expand it on us.
Darren Tucker0c0dc492007-06-05 20:01:16 +1000168 - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
Darren Tucker4a40ae22007-06-05 18:22:32 +1000169
Darren Tucker208ac572007-05-20 14:58:41 +100017020070520
171 - (dtucker) OpenBSD CVS Sync
172 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
173 [auth2.c]
174 remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
Darren Tucker86473c52007-05-20 14:59:32 +1000175 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
176 [sftp-server.c]
177 cast "%llu" format spec to (unsigned long long); do not assume a
178 u_int64_t arg is the same as 'unsigned long long'.
179 from Dmitry V. Levin <ldv@altlinux.org>
180 ok markus@ 'Yes, that looks correct' millert@
Darren Tuckerf78bb412007-05-20 15:03:15 +1000181 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
182 [servconf.c]
183 Remove debug() left over from development. ok deraadt@
Darren Tucker36b78002007-05-20 15:08:15 +1000184 - djm@cvs.openbsd.org 2007/05/17 07:50:31
185 [log.c]
186 save and restore errno when logging; ok deraadt@
Darren Tuckere9405982007-05-20 15:09:04 +1000187 - djm@cvs.openbsd.org 2007/05/17 07:55:29
188 [sftp-server.c]
189 bz#1286 stop reading and processing commands when input or output buffer
190 is nearly full, otherwise sftp-server would happily try to grow the
191 input/output buffers past the maximum supported by the buffer API and
192 promptly fatal()
193 based on patch from Thue Janus Kristensen; feedback & ok dtucker@
Darren Tucker26c66622007-05-20 15:09:42 +1000194 - djm@cvs.openbsd.org 2007/05/17 20:48:13
195 [sshconnect2.c]
196 fall back to gethostname() when the outgoing connection is not
197 on a socket, such as is the case when ProxyCommand is used.
198 Gives hostbased auth an opportunity to work; bz#616, report
199 and feedback stuart AT kaloram.com; ok markus@
Darren Tucker7fa339b2007-05-20 15:10:16 +1000200 - djm@cvs.openbsd.org 2007/05/17 20:52:13
201 [monitor.c]
202 pass received SIGINT from monitor to postauth child so it can clean
203 up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
204 ok markus@
Darren Tuckerf520ea12007-05-20 15:11:33 +1000205 - jolan@cvs.openbsd.org 2007/05/17 23:53:41
206 [sshconnect2.c]
207 djm owes me a vb and a tism cd for breaking ssh compilation
Darren Tucker29171e92007-05-20 15:20:08 +1000208 - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
209 ldv at altlinux.org.
Darren Tucker22164712007-05-20 15:26:07 +1000210 - (dtucker) [auth-pam.c] Return empty string if fgets fails in
211 sshpam_tty_conv. Patch from ldv at altlinux.org.
Darren Tucker208ac572007-05-20 14:58:41 +1000212
Tim Riceaa8954f2007-05-09 15:57:43 -070021320070509
214 - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
215
Darren Tucker781e7a22007-04-29 12:06:55 +100021620070429
217 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
218 for select(2) prototype.
Darren Tuckerd757e692007-04-29 12:10:57 +1000219 - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
Darren Tuckercc40d5e2007-04-29 13:58:06 +1000220 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
221 platform's _res if it has one. Should fix problem of DNSSEC record lookups
222 on NetBSD as reported by Curt Sampson.
Darren Tucker2ac529b2007-04-29 14:02:43 +1000223 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
Darren Tucker6d862a52007-04-29 14:39:02 +1000224 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
225 so we don't get redefinition warnings.
Darren Tucker391de5c2007-04-29 14:49:21 +1000226 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
227 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
228 __nonnull__ for versions of GCC that don't support it.
Darren Tuckerdca0edf2007-04-29 15:06:44 +1000229 - (dtucker) [configure.ac defines.h] Have configure check for offsetof
230 to prevent redefinition warnings.
Darren Tucker391de5c2007-04-29 14:49:21 +1000231
Darren Tucker62995c12007-04-06 12:21:47 +100023220070406
233 - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
234 to OpenPAM too.
Darren Tucker2a386852007-04-06 12:25:08 +1000235 - (dtucker) [INSTALL] prngd lives at sourceforge these days.
Darren Tucker62995c12007-04-06 12:21:47 +1000236
Tim Rice99203ec2007-03-26 09:35:28 -070023720070326
238 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
239 openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
240 to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
241
Darren Tucker20e9f972007-03-25 18:26:01 +100024220070325
243 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
244 LIBWRAP and LIBPAM variables in Makefile with the general-purpose
245 SSHDLIBS. "I like" djm@
246
Darren Tucker97b1bb52007-03-21 20:38:53 +110024720070321
248 - (dtucker) OpenBSD CVS Sync
249 - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
250 [servconf.c sshd.c]
251 Move C/R -> kbdint special case to after the defaults have been
252 loaded, which makes ChallengeResponse default to yes again. This
253 was broken by the Match changes and not fixed properly subsequently.
254 Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
Darren Tucker506ed882007-03-21 20:42:24 +1100255 - djm@cvs.openbsd.org 2007/03/19 01:01:29
256 [sshd_config]
257 Disable the legacy SSH protocol 1 for new installations via
258 a configuration override. In the future, we will change the
259 server's default itself so users who need the legacy protocol
260 will need to turn it on explicitly
Darren Tucker2812dc92007-03-21 20:45:06 +1100261 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
262 [ssh-agent.c]
263 Remove the signal handler that checks if the agent's parent process
264 has gone away, instead check when the select loop returns. Record when
265 the next key will expire when scanning for expired keys. Set the select
266 timeout to whichever of these two things happens next. With djm@, with &
267 ok deraadt@ markus@
Darren Tucker03b1cdb2007-03-21 20:46:03 +1100268 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
269 [readconf.c clientloop.c]
270 remove some bogus *p tests from charles longeau
271 ok deraadt millert
Darren Tucker04354b92007-03-21 20:46:54 +1100272 - jmc@cvs.openbsd.org 2007/03/20 15:57:15
273 [sshd.8]
274 - let synopsis and description agree for -f
275 - sort FILES
276 - +.Xr ssh-keyscan 1 ,
277 from Igor Sobrado
Darren Tucker164aa302007-03-21 21:39:57 +1100278 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
279 getpeerucred to implement getpeereid (currently only Solaris 10 and up).
280 Patch by Jan.Pechanec at Sun.
Darren Tucker9869ab32007-03-21 21:45:48 +1100281 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
282 HAVE_GETPEERUCRED too. Also from Jan Pechanec.
Darren Tucker97b1bb52007-03-21 20:38:53 +1100283
Darren Tuckera8d51ee2007-03-13 07:35:38 +110028420070313
285 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
286 string.h to prevent warnings, from vapier at gentoo.org.
Darren Tuckerb9fe6a32007-03-13 07:37:49 +1100287 - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
288 selinux bits in -portable.
Darren Tuckerda05f482007-03-13 18:50:04 +1100289 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
290 bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
291 in cipher-bf1.c. Patch from Juan Gallego.
Darren Tucker5548e8c2007-03-13 21:00:45 +1100292 - (dtucker) [README.platform] Info about blibpath on AIX.
Darren Tuckera8d51ee2007-03-13 07:35:38 +1100293
Damien Miller5737e362007-03-06 21:21:18 +110029420070306
295 - (djm) OpenBSD CVS Sync
296 - jmc@cvs.openbsd.org 2007/03/01 16:19:33
297 [sshd_config.5]
298 sort the `match' keywords;
Damien Miller2dbab872007-03-06 21:21:37 +1100299 - djm@cvs.openbsd.org 2007/03/06 10:13:14
300 [version.h]
301 openssh-4.6; "please" deraadt@
Damien Millerd91cfab2007-03-06 21:23:24 +1100302 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
303 [contrib/suse/openssh.spec] crank spec files for release
Damien Millerc49dd342007-03-08 20:13:39 +1100304 - (djm) [README] correct link to release notes
Damien Millerf0ffec92007-03-06 21:24:00 +1100305 - (djm) Release 4.6p1
Damien Miller5737e362007-03-06 21:21:18 +1100306
Damien Miller9975e482007-03-05 11:51:27 +110030720070304
308 - (djm) [configure.ac] add a --without-openssl-header-check option to
309 configure, as some platforms (OS X) ship OpenSSL headers whose version
310 does not match that of the shipping library. ok dtucker@
Darren Tuckerfd309862007-03-05 18:25:20 +1100311 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
312 bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
313 ciphers from working correctly (disconnects with "Bad packet length"
314 errors) as found by Ben Harris. ok djm@
Damien Miller9975e482007-03-05 11:51:27 +1100315
Darren Tucker90a58fd2007-03-03 09:42:23 +110031620070303
317 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
318 general to cover newer gdb versions on HP-UX.
319
Darren Tucker573e3872007-03-02 17:50:03 +110032020070302
321 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
322 CRLF as well as LF lineendings) and write in binary mode. Patch from
323 vinschen at redhat.com.
Darren Tuckeraef5bee2007-03-02 17:53:41 +1100324 - (dtucker) [INSTALL] Update to autoconf-2.61.
Darren Tucker573e3872007-03-02 17:50:03 +1100325
Darren Tucker1d75f222007-03-01 21:31:28 +110032620070301
327 - (dtucker) OpenBSD CVS Sync
328 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
329 [auth2.c sshd_config.5 servconf.c]
330 Remove ChallengeResponseAuthentication support inside a Match
331 block as its interaction with KbdInteractive makes it difficult to
332 support. Also, relocate the CR/kbdint option special-case code into
333 servconf. "please commit" djm@, ok markus@ for the relocation.
Tim Ricec3af6d42007-03-01 09:34:52 -0800334 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
335 "Looks sane" dtucker@
Darren Tucker1d75f222007-03-01 21:31:28 +1100336
Darren Tuckercf0d2db2007-02-28 21:19:58 +110033720070228
338 - (dtucker) OpenBSD CVS Sync
339 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
340 [ssh-agent.c]
341 Remove expired keys periodically so they don't remain in memory when
342 the agent is entirely idle, as noted by David R. Piegdon. This is the
343 simple fix, a more efficient one will be done later. With markus,
344 deraadt, with & ok djm.
345
Darren Tuckerd04188e2007-02-25 20:36:49 +110034620070225
347 - (dtucker) OpenBSD CVS Sync
348 - djm@cvs.openbsd.org 2007/02/20 10:25:14
349 [clientloop.c]
350 set maximum packet and window sizes the same for multiplexed clients
351 as normal connections; ok markus@
Darren Tuckered623962007-02-25 20:37:21 +1100352 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
353 [sshd.c]
354 Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
355 a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
356 newly exec'ed sshd will get the SIGALRM and not have a handler for it,
357 and the default action will terminate the listening sshd. Analysis and
358 patch from andrew at gaul.org.
Darren Tucker82347a82007-02-25 20:37:52 +1100359 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
360 [servconf.c]
361 Check activep so Match and GatewayPorts work together; ok markus@
Darren Tucker90aaed42007-02-25 20:38:55 +1100362 - ray@cvs.openbsd.org 2007/02/24 03:30:11
363 [moduli.c]
364 - strlen returns size_t, not int.
365 - Pass full buffer size to fgets.
366 OK djm@, millert@, and moritz@.
Darren Tuckerd04188e2007-02-25 20:36:49 +1100367
Darren Tuckerbf6b3282007-02-19 22:08:17 +110036820070219
369 - (dtucker) OpenBSD CVS Sync
370 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
371 [ssh_config.5]
372 do not use a list for SYNOPSIS;
373 this is actually part of a larger report sent by eric s. raymond
374 and forwarded by brad, but i only read half of it. spotted by brad.
Darren Tucker26dc3e62007-02-19 22:09:06 +1100375 - jmc@cvs.openbsd.org 2007/01/12 20:20:41
376 [ssh-keygen.1 ssh-keygen.c]
377 more secsh -> rfc 4716 updates;
378 spotted by wiz@netbsd
379 ok markus
Darren Tuckerc58b5b02007-02-19 22:12:23 +1100380 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
381 [readconf.c]
382 Honour activep for times (eg ServerAliveInterval) while parsing
383 ssh_config and ~/.ssh/config so they work properly with Host directives.
384 From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
385 - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
386 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
387 spaces
Darren Tuckercb0e1752007-02-19 22:12:53 +1100388 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
389 [readconf.c]
390 spaces
Darren Tucker0aa3dbb2007-02-19 22:13:39 +1100391 - djm@cvs.openbsd.org 2007/01/22 11:32:50
392 [sftp-client.c]
393 return error from do_upload() when a write fails. fixes bz#1252: zero
394 exit status from sftp when uploading to a full device. report from
395 jirkat AT atlas.cz; ok dtucker@
Darren Tucker6ec2fbe2007-02-19 22:14:11 +1100396 - djm@cvs.openbsd.org 2007/01/22 13:06:21
397 [scp.c]
398 fix detection of whether we should show progress meter or not: scp
399 tested isatty(stderr) but wrote the progress meter to stdout. This patch
400 makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
401 of dtucker@
Darren Tucker591322a2007-02-19 22:17:28 +1100402 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
403 [bufbn.c]
404 typos in comments; ok jmc@
Darren Tucker1629c072007-02-19 22:25:37 +1100405 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
406 [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
407 Teach Match how handle config directives that are used before
408 authentication. This allows configurations such as permitting password
409 authentication from the local net only while requiring pubkey from
410 offsite. ok djm@, man page bits ok jmc@
Darren Tucker53ced252007-02-19 22:44:25 +1100411 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
412 platforms don't have it. Patch from dleonard at vintela.com.
Darren Tucker89ee69e2007-02-19 22:56:55 +1100413 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
414 an array for signatures when there are none since "calloc(0, n) returns
415 NULL on some platforms (eg Tru64), which is explicitly permitted by
416 POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
Darren Tuckerbf6b3282007-02-19 22:08:17 +1100417
Damien Millere42bd242007-01-29 10:16:28 +110041820070128
419 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
420 when closing a tty session when a background process still holds tty
421 fds open. Great detective work and patch by Marc Aurele La France,
422 slightly tweaked by me; ok dtucker@
423
Darren Tucker07877ca2007-01-24 00:07:29 +110042420070123
425 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
426 library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
427 so it works properly and modify its callers so that they don't pre or
428 post decrement arguments that are conditionally evaluated. While there,
429 put SNPRINTF_CONST back as it prevents build failures in some
430 configurations. ok djm@ (for most of it)
431
Damien Miller9f741052007-01-22 12:44:53 +110043220070122
433 - (djm) [ssh-rand-helper.8] manpage nits;
434 from dleonard AT vintela.com (bz#1529)
435
Darren Tuckereae5fa12007-01-17 11:00:13 +110043620070117
437 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
438 and multiple including it causes problems on old IRIXes. (It snuck back
439 in during a sync.) Found (again) by Georg Schwarz.
440
Darren Tucker9ac56e92007-01-14 10:19:59 +110044120070114
Darren Tuckere67ac002007-01-14 10:26:25 +1100442 - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
Damien Miller742cc1c2007-01-14 21:20:30 +1100443 - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
444 value of snprintf replacement, similar to bugs in various libc
445 implementations. This overflow is not exploitable in OpenSSH.
446 While I'm fiddling with it, make it a fair bit faster by inlining the
447 append-char routine; ok dtucker@
Darren Tucker9ac56e92007-01-14 10:19:59 +1100448
Damien Millerdf8b7db2007-01-05 16:22:57 +110044920070105
450 - (djm) OpenBSD CVS Sync
451 - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
452 [ssh-keygen.c]
453 use argc and argv not some made up short form
Damien Miller3ca8b772007-01-05 16:24:47 +1100454 - ray@cvs.openbsd.org 2006/11/23 01:35:11
455 [misc.c sftp.c]
456 Don't access buf[strlen(buf) - 1] for zero-length strings.
457 ``ok by me'' djm@.
Damien Millerc0367fb2007-01-05 16:25:46 +1100458 - markus@cvs.openbsd.org 2006/12/11 21:25:46
459 [ssh-keygen.1 ssh.1]
460 add rfc 4716 (public key format); ok jmc
Damien Miller1ec46262007-01-05 16:26:45 +1100461 - djm@cvs.openbsd.org 2006/12/12 03:58:42
462 [channels.c compat.c compat.h]
463 bz #1019: some ssh.com versions apparently can't cope with the
464 remote port forwarding bind_address being a hostname, so send
465 them an address for cases where they are not explicitly
466 specified (wildcard or localhost bind). reported by daveroth AT
467 acm.org; ok dtucker@ deraadt@
Damien Millera29b95e2007-01-05 16:28:36 +1100468 - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
469 [servconf.c]
470 Make PermitOpen work with multiple values like the man pages says.
471 bz #1267 with details from peter at dmtz.com, with & ok djm@
Damien Miller9fc6a562007-01-05 16:29:02 +1100472 - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
473 [servconf.c]
474 Make "PermitOpen all" first-match within a block to match the way other
475 options work. ok markus@ djm@
Damien Millerd94fc722007-01-05 16:29:30 +1100476 - jmc@cvs.openbsd.org 2007/01/02 09:57:25
477 [sshd_config.5]
478 do not use lists for SYNOPSIS;
479 from eric s. raymond via brad
Damien Miller6c7439f2007-01-05 16:29:55 +1100480 - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
481 [ssh-keygen.c]
482 remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
Damien Miller80163902007-01-05 16:30:16 +1100483 - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
484 [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
485 spaces
Damien Millerb6c85fc2007-01-05 16:30:41 +1100486 - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
487 [sftp.c]
488 ARGSUSED for lint
Damien Millere2334d62007-01-05 16:31:02 +1100489 - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
490 [sftp-server.c]
491 spaces
Damien Millerdf8b7db2007-01-05 16:22:57 +1100492
Damien Miller143c2ef2006-12-05 09:08:54 +110049320061205
494 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
495 occur if the server did not have the privsep user and an invalid user
496 tried to login and both privsep and krb5 auth are disabled; ok dtucker@
Damien Millerbe6db832006-12-05 22:58:09 +1100497 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
Damien Miller143c2ef2006-12-05 09:08:54 +1100498
Darren Tuckerb0781f72006-11-08 10:01:36 +110049920061108
500 - (dtucker) OpenBSD CVS Sync
501 - markus@cvs.openbsd.org 2006/11/07 13:02:07
502 [dh.c]
503 BN_hex2bn returns int; from dtucker@
504
Darren Tuckerdf0e4382006-11-07 11:28:40 +110050520061107
506 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
507 if we absolutely need it. Pointed out by Corinna, ok djm@
Darren Tucker0bc85572006-11-07 23:14:41 +1100508 - (dtucker) OpenBSD CVS Sync
509 - markus@cvs.openbsd.org 2006/11/06 21:25:28
510 [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
511 ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
512 add missing checks for openssl return codes; with & ok djm@
Darren Tuckerfbba7352006-11-07 23:16:08 +1100513 - markus@cvs.openbsd.org 2006/11/07 10:31:31
514 [monitor.c version.h]
515 correctly check for bad signatures in the monitor, otherwise the monitor
516 and the unpriv process can get out of sync. with dtucker@, ok djm@,
517 dtucker@
Darren Tuckerc2820c52006-11-07 23:25:45 +1100518 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
519 versions.
Darren Tucker14ea8632006-11-07 23:27:34 +1100520 - (dtucker) Release 4.5p1.
Darren Tuckerdf0e4382006-11-07 11:28:40 +1100521
Damien Miller3975ee22006-11-05 05:31:33 +110052220061105
523 - (djm) OpenBSD CVS Sync
524 - otto@cvs.openbsd.org 2006/10/28 18:08:10
525 [ssh.1]
526 correct/expand example of usage of -w; ok jmc@ stevesk@
Damien Miller570c2ab2006-11-05 05:32:02 +1100527 - markus@cvs.openbsd.org 2006/10/31 16:33:12
528 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
529 check DH_compute_key() for -1 even if it should not happen because of
530 earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
Damien Miller3975ee22006-11-05 05:31:33 +1100531
Darren Tucker4d13ece2006-11-01 10:28:49 +110053220061101
533 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
534 events fatal in Solaris process contract support and tell it to signal
535 only processes in the same process group when something happens.
536 Based on information from andrew.benham at thus.net and similar to
537 a patch from Chad Mynhier. ok djm@
538
Damien Miller796c6c62006-10-28 01:10:15 +100053920061027
540- (djm) [auth.c] gc some dead code
541
Damien Millere7658a52006-10-24 03:00:12 +100054220061023
543 - (djm) OpenBSD CVS Sync
544 - ray@cvs.openbsd.org 2006/09/30 17:48:22
545 [sftp.c]
546 Clear errno before calling the strtol functions.
547 From Paul Stoeber <x0001 at x dot de1 dot cc>.
548 OK deraadt@.
Damien Miller952dce62006-10-24 03:01:16 +1000549 - djm@cvs.openbsd.org 2006/10/06 02:29:19
550 [ssh-agent.c ssh-keyscan.c ssh.c]
551 sys/resource.h needs sys/time.h; prompted by brad@
552 (NB. Id sync only for portable)
Damien Miller990b1a82006-10-24 03:01:56 +1000553 - djm@cvs.openbsd.org 2006/10/09 23:36:11
554 [session.c]
555 xmalloc -> xcalloc that was missed previously, from portable
556 (NB. Id sync only for portable, obviously)
Damien Millerf4bcd102006-10-24 03:02:23 +1000557 - markus@cvs.openbsd.org 2006/10/10 10:12:45
558 [sshconnect.c]
559 sleep before retrying (not after) since sleep changes errno; fixes
560 pr 5250; rad@twig.com; ok dtucker djm
Damien Miller985a4482006-10-24 03:02:41 +1000561 - markus@cvs.openbsd.org 2006/10/11 12:38:03
562 [clientloop.c serverloop.c]
563 exit instead of doing a blocking tcp send if we detect a client/server
564 timeout, since the tcp sendqueue might be already full (of alive
565 requests); ok dtucker, report mpf
Damien Miller50455892006-10-24 03:03:02 +1000566 - djm@cvs.openbsd.org 2006/10/22 02:25:50
567 [sftp-client.c]
568 cancel progress meter when upload write fails; ok deraadt@
Tim Ricebcf8be32006-10-23 14:44:47 -0700569 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
570 autoconf 2.60 from complaining.
Damien Millere7658a52006-10-24 03:00:12 +1000571
Darren Tuckerffe88e12006-10-18 07:53:06 +100057220061018
573 - (dtucker) OpenBSD CVS Sync
574 - ray@cvs.openbsd.org 2006/09/25 04:55:38
575 [ssh-keyscan.1 ssh.1]
576 Change "a SSH" to "an SSH". Hurray, I'm not the only one who
577 pronounces "SSH" as "ess-ess-aich".
578 OK jmc@ and stevesk@.
Darren Tucker78802f02006-10-18 22:51:31 +1000579 - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
580 on older versions of OS X. ok djm@
Darren Tuckerffe88e12006-10-18 07:53:06 +1000581
Darren Tuckera43c0052006-10-16 19:49:12 +100058220061016
583 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
584 on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
585
Tim Rice09f10932006-10-06 14:58:38 -070058620061006
587 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
588 Differentiate between OpenServer 5 and OpenServer 6
Darren Tuckeradc947d2006-10-07 09:07:20 +1000589 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
590 SELinux functions so they're detected correctly. Patch from pebenito at
591 gentoo.org.
Tim Rice77674b12006-10-06 18:49:36 -0700592 - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
593 Allow setting alternate awk in openssh-config.local.
Tim Rice09f10932006-10-06 14:58:38 -0700594
Tim Rice1cfab232006-10-03 09:34:35 -070059520061003
596 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
597 section so additional platform specific CHECK_HEADER tests will work
598 correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
599 Feedback and "seems like a good idea" dtucker@
600
Darren Tucker47bda1f2006-10-01 08:09:50 +100060120061001
602 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.
603
Darren Tucker5e8381e2006-09-29 20:16:51 +100060420060929
605 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine
606 support. Patch from andrew.benham at thus net.
607
Darren Tucker23dd6582006-09-28 19:40:20 +100060820060928
609 - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error
610 on Solaris 8 w/out /dev/random or prngd. Patch from rl at
611 math.technion.ac.il.
612
Darren Tucker822d3a62006-09-26 18:59:34 +100061320060926
614 - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not
615 referenced any more. ok djm@
Darren Tucker25bd3c02006-09-26 20:14:28 +1000616 - (dtucker) [sftp-server.8] Resync; spotted by djm@
Darren Tuckerb4b2f9a2006-09-28 19:08:32 +1000617 - (dtucker) Release 4.4p1.
Darren Tucker822d3a62006-09-26 18:59:34 +1000618
Tim Rice983b35b2006-09-24 12:08:59 -070061920060924
620 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
621 to rev 1.308) to work around broken gcc 2.x header file.
622
Darren Tucker0ee3cbf2006-09-23 16:25:19 +100062320060923
624 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than
625 $LDFLAGS. Patch from vapier at gentoo org.
626
Darren Tuckerdace2332006-09-22 19:22:17 +100062720060922
628 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on
629 some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
630
Darren Tucker1e80e402006-09-21 12:59:33 +100063120060921
632 - (dtucker) OpenBSD CVS Sync
633 - otto@cvs.openbsd.org 2006/09/19 05:52:23
634 [sftp.c]
635 Use S_IS* macros insted of masking with S_IF* flags. The latter may
636 have multiple bits set, which lead to surprising results. Spotted by
637 Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
Darren Tucker4aa665b2006-09-21 13:00:25 +1000638 - markus@cvs.openbsd.org 2006/09/19 21:14:08
639 [packet.c]
640 client NULL deref on protocol error; Tavis Ormandy, Google Security Team
Darren Tucker0dc54842006-09-21 23:13:30 +1000641 - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes
642 build error on Ultrix. From Bernhard Simon.
Darren Tucker1e80e402006-09-21 12:59:33 +1000643
Darren Tucker9216c372006-09-18 23:17:40 +100064420060918
645 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
646 macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
647 Allows build out of the box with older VAC and XLC compilers. Found by
648 David Bronder and Bernhard Simon.
Darren Tuckerc70ce7b2006-09-18 23:54:32 +1000649 - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
650 Prevents macro redefinition warnings of "RDONLY".
Darren Tucker9216c372006-09-18 23:17:40 +1000651
Damien Miller3c9c1fb2006-09-17 06:08:53 +100065220060916
653 - OpenBSD CVS Sync
654 - djm@cvs.openbsd.org 2006/09/16 19:53:37
655 [deattack.c deattack.h packet.c]
656 limit maximum work performed by the CRC compensation attack detector,
657 problem reported by Tavis Ormandy, Google Security Team;
658 ok markus@ deraadt@
Damien Millerdd1f9b32006-09-17 08:05:03 +1000659 - (djm) Add openssh.xml to .cvsignore and sort it
Darren Tucker54e1b222006-09-17 11:57:46 +1000660 - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
661 process so that any logging it does is with the right timezone. From
662 Scott Strickler, ok djm@.
Darren Tucker5965ae12006-09-17 12:00:13 +1000663 - (dtucker) [monitor.c] Correctly handle auditing of single commands when
664 using Protocol 1. From jhb at freebsd.
Damien Miller1f062ca2006-09-17 14:04:46 +1000665 - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
Darren Tucker83bbb032006-09-17 22:55:52 +1000666 - (dtucker) [INSTALL] Add info about audit support.
Damien Miller3c9c1fb2006-09-17 06:08:53 +1000667
Damien Miller223897a2006-09-12 21:54:10 +100066820060912
669 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
670 Support SMF in Solaris Packages if enabled by configure. Patch from
671 Chad Mynhier, tested by dtucker@
672
Darren Tucker5d8a9ac2006-09-11 20:46:13 +100067320060911
674 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
675 by Pekka Savola.
676
Darren Tuckerf3766692006-09-10 13:24:18 +100067720060910
678 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available.
Darren Tucker57b29202006-09-10 20:25:51 +1000679 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
Darren Tuckerf3766692006-09-10 13:24:18 +1000680
Darren Tucker08432d52006-09-09 15:59:43 +100068120060909
682 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
Darren Tucker19a66db2006-09-09 20:34:15 +1000683 - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
Darren Tucker733a2922006-09-09 20:41:25 +1000684 - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@
Darren Tucker08432d52006-09-09 15:59:43 +1000685
Darren Tucker17da5302006-09-08 09:54:41 +100068620060908
687 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
688 from Chris Adams.
Darren Tucker6d0d6fb2006-09-09 01:05:21 +1000689 - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
Darren Tucker17da5302006-09-08 09:54:41 +1000690
Damien Miller6433df02006-09-07 10:36:43 +100069120060907
692 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
693 be used to drop privilege to; fixes Solaris GSSAPI crash reported by
694 Magnus Abrante; suggestion and feedback dtucker@
695 NB. this change will require that the privilege separation user must
696 exist on all the time, not just when UsePrivilegeSeparation=yes
Tim Riceb8f00192006-09-06 18:11:29 -0700697 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
Darren Tuckerf19bbc32006-09-07 22:57:53 +1000698 - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
Darren Tucker89f59ce2006-09-08 00:03:05 +1000699 - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
700 chance of winning.
Damien Miller6433df02006-09-07 10:36:43 +1000701
Darren Tuckere1fe0992006-09-05 07:53:38 +100070220060905
703 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
Darren Tucker6e103332006-09-05 19:25:19 +1000704 - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
Darren Tuckere1fe0992006-09-05 07:53:38 +1000705
Darren Tucker3e089102006-09-04 22:37:41 +100070620060904
707 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
708 updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
709 ok djm@
710
Darren Tuckered0b5922006-09-03 22:44:49 +100071120060903
712 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
713 declaration of writev(2) and declare it ourselves if necessary. Makes
714 the atomiciov() calls build on really old systems. ok djm@
715
Darren Tucker25fa0ee2006-09-02 12:38:56 +100071620060902
717 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
Darren Tucker46aa3e02006-09-02 15:32:40 +1000718 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
719 openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
720 openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
721 for hton* and ntoh* macros. Required on (at least) HP-UX since we define
722 _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
Darren Tucker25fa0ee2006-09-02 12:38:56 +1000723
Damien Millerded319c2006-09-01 15:38:36 +100072420060901
725 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
726 [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
727 [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
728 [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
729 [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
730 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
731 [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
732 [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
733 [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
Damien Miller607aede2006-09-01 15:48:19 +1000734 [sshconnect1.c sshconnect2.c sshd.c]
Damien Millerded319c2006-09-01 15:38:36 +1000735 [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
736 [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
737 [openbsd-compat/port-uw.c]
738 Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
739 compile problems reported by rac AT tenzing.org
Damien Miller607aede2006-09-01 15:48:19 +1000740 - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
741 [openbsd-compat/rresvport.c] Some more headers: netinet/in.h
742 sys/socket.h and unistd.h in various places
Darren Tucker0646ca62006-09-01 19:29:01 +1000743 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
744 warnings for binary_open and binary_close. Patch from Corinna Vinschen.
Darren Tucker096faec2006-09-01 20:29:10 +1000745 - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
746 test for GLOB_NOMATCH and use our glob functions if it's not found.
747 Stops sftp from segfaulting when attempting to get a nonexistent file on
748 Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
749 from and tested by Corinna Vinschen.
Darren Tucker9fdeb662006-09-01 21:32:53 +1000750 - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
751 versions.
Damien Millerded319c2006-09-01 15:38:36 +1000752
Damien Miller1b06dc32006-08-31 03:24:41 +100075320060831
754 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
755 [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
756 [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
757 [openbsd-compat/port-solaris.h] Add support for Solaris process
758 contracts, enabled with --use-solaris-contracts. Patch from Chad
759 Mynhier, tweaked by dtucker@ and myself; ok dtucker@
Darren Tucker288cbbd2006-08-31 11:28:49 +1000760 - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
761 while setting up the ssh service account. Patch from Corinna Vinschen.
Damien Miller1b06dc32006-08-31 03:24:41 +1000762
Damien Millerb594f382006-08-30 11:06:34 +100076320060830
764 - (djm) OpenBSD CVS Sync
765 - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
766 [sshd_config.5]
767 Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
768 ok jmc@ djm@
Damien Miller5d43d492006-08-30 11:07:00 +1000769 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
770 [sshd.8]
771 Add more detail about what permissions are and aren't accepted for
772 authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
Damien Millerd5fe0ba2006-08-30 11:07:39 +1000773 - djm@cvs.openbsd.org 2006/08/29 10:40:19
774 [channels.c session.c]
775 normalise some inconsistent (but harmless) NULL pointer checks
776 spotted by the Stanford SATURN tool, via Isil Dillig;
777 ok markus@ deraadt@
Damien Miller76758b62006-08-30 11:08:04 +1000778 - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
779 [gss-genr.c]
780 Work around a problem in Heimdal that occurs when KRB5CCNAME file is
781 missing, by checking whether or not kerberos allocated us a context
782 before attempting to free it. Patch from Simon Wilkinson, tested by
783 biorn@, ok djm@
Damien Miller21258872006-08-30 11:08:33 +1000784 - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
785 [sshconnect2.c]
786 Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
787 where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
Damien Miller6ba57402006-08-30 11:09:01 +1000788 - djm@cvs.openbsd.org 2006/08/30 00:14:37
789 [version.h]
790 crank to 4.4
Damien Miller8ff1da82006-08-30 17:52:03 +1000791 - (djm) [openbsd-compat/xcrypt.c] needs unistd.h
Darren Tucker26d4e192006-08-30 22:33:09 +1000792 - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
793 loginsuccess on AIX immediately after authentication to clear the failed
794 login count. Previously this would only happen when an interactive
795 session starts (ie when a pty is allocated) but this means that accounts
796 that have primarily non-interactive sessions (eg scp's) may gradually
797 accumulate enough failures to lock out an account. This change may have
798 a side effect of creating two audit records, one with a tty of "ssh"
799 corresponding to the authentication and one with the allocated pty per
800 interactive session.
Damien Millerb594f382006-08-30 11:06:34 +1000801
Darren Tuckerfe408b42006-08-24 19:41:03 +100080220060824
803 - (dtucker) [openbsd-compat/basename.c] Include errno.h.
Darren Tuckere0869552006-08-24 19:43:16 +1000804 - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
805 older systems.
Darren Tucker450d2af2006-08-24 19:45:33 +1000806 - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
807 on POSIX systems.
Darren Tuckerf80f5ec2006-08-24 19:52:30 +1000808 - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2).
Darren Tuckerc1abe8e2006-08-24 19:53:40 +1000809 - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc.
Darren Tuckere83a83c2006-08-24 19:55:41 +1000810 - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
811 unused variable warning when we have a broken or missing mmap(2).
Darren Tuckerfe408b42006-08-24 19:41:03 +1000812
Darren Tucker12259d92006-08-22 22:24:10 +100081320060822
814 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
815 Makefile. Patch from santhi.amirta at gmail, ok djm.
816
Darren Tuckeraa1517c2006-08-20 17:55:54 +100081720060820
818 - (dtucker) [log.c] Move ifdef to prevent unused variable warning.
Darren Tucker4ba38732006-08-20 19:55:02 +1000819 - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
820 afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
Darren Tucker3e6bde42006-08-20 20:03:50 +1000821 - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
822 fixing bug #1181. No changes yet.
Darren Tucker639bbe82006-08-20 20:17:53 +1000823 - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
824 (0.9.8a and presumably newer) requires -ldl to successfully link.
Darren Tucker0eb81002006-08-20 21:43:19 +1000825 - (dtucker) [configure.ac] Remove errant "-".
Darren Tuckeraa1517c2006-08-20 17:55:54 +1000826
Damien Millerdeccaa72006-08-19 08:50:57 +100082720060819
828 - (djm) OpenBSD CVS Sync
829 - djm@cvs.openbsd.org 2006/08/18 22:41:29
830 [gss-genr.c]
831 GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
Darren Tuckerf0625692006-08-19 19:12:14 +1000832 - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
833 single rule for the test progs.
Damien Millerdeccaa72006-08-19 08:50:57 +1000834
Darren Tuckerd018b2e2006-08-18 18:51:20 +100083520060818
836 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
837 closefrom.c from sudo.
Darren Tucker43d3ccd2006-08-18 19:49:58 +1000838 - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid.
Darren Tuckerec4e4da2006-08-18 20:09:32 +1000839 - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error.
Darren Tucker637c80a2006-08-18 20:56:18 +1000840 - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
841 test progs instead; they work better than what we have.
Damien Miller63b94122006-08-19 00:21:46 +1000842 - (djm) OpenBSD CVS Sync
843 - stevesk@cvs.openbsd.org 2006/08/06 01:13:32
844 [compress.c monitor.c monitor_wrap.c]
845 "zlib.h" can be <zlib.h>; ok djm@ markus@
Damien Miller1c89ce02006-08-19 00:22:40 +1000846 - miod@cvs.openbsd.org 2006/08/12 20:46:46
847 [monitor.c monitor_wrap.c]
848 Revert previous include file ordering change, for ssh to compile under
849 gcc2 (or until openssl include files are cleaned of parameter names
850 in function prototypes)
Damien Miller565ca3f2006-08-19 00:23:15 +1000851 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
852 [servconf.c servconf.h sshd_config.5]
853 Add ability to match groups to Match keyword in sshd_config. Feedback
854 djm@, stevesk@, ok stevesk@.
Damien Millera1f68402006-08-19 00:31:39 +1000855 - djm@cvs.openbsd.org 2006/08/16 11:47:15
856 [sshd.c]
857 factor inetd connection, TCP listen and main TCP accept loop out of
858 main() into separate functions to improve readability; ok markus@
Damien Miller99a648e2006-08-19 00:32:20 +1000859 - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
860 [log.c log.h sshd.c]
861 make signal handler termination path shorter; risky code pointed out by
862 mark dowd; ok djm markus
Damien Miller3f8123c2006-08-19 00:32:46 +1000863 - markus@cvs.openbsd.org 2006/08/18 09:15:20
864 [auth.h session.c sshd.c]
865 delay authentication related cleanups until we're authenticated and
866 all alarms have been cancelled; ok deraadt
Damien Millerbdf00ca2006-08-19 00:33:05 +1000867 - djm@cvs.openbsd.org 2006/08/18 10:27:16
868 [misc.h]
869 reorder so prototypes are sorted by the files they refer to; no
870 binary change
Damien Millera1cb9f32006-08-19 00:33:34 +1000871 - djm@cvs.openbsd.org 2006/08/18 13:54:54
872 [gss-genr.c ssh-gss.h sshconnect2.c]
873 bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
874 ok markus@
Damien Miller3d2d6e92006-08-19 00:46:43 +1000875 - djm@cvs.openbsd.org 2006/08/18 14:40:34
876 [gss-genr.c ssh-gss.h]
877 constify host argument to match the rest of the GSSAPI functions and
878 unbreak compilation with -Werror
Damien Millerbb598142006-08-19 08:38:23 +1000879 - (djm) Disable sigdie() for platforms that cannot safely syslog inside
880 a signal handler (basically all of them, excepting OpenBSD);
881 ok dtucker@
Darren Tuckerd018b2e2006-08-18 18:51:20 +1000882
Darren Tuckere6b641a2006-08-17 18:55:27 +100088320060817
884 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
885 Include stdlib.h for malloc and friends.
Darren Tucker3083bc22006-08-17 19:35:49 +1000886 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
887 for closefrom() on AIX. Pointed out by William Ahern.
Darren Tuckerc889ffd2006-08-17 19:40:35 +1000888 - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
889 test for closefrom() in compat code.
Darren Tuckere6b641a2006-08-17 18:55:27 +1000890
Damien Miller56799c32006-08-16 11:40:45 +100089120060816
892 - (djm) [audit-bsm.c] Sprinkle in some headers
893
Darren Tucker53341812006-08-15 18:21:32 +100089420060815
895 - (dtucker) [LICENCE] Add Reyk to the list for the compat dir.
896
Damien Miller0e5143e2006-08-07 11:26:36 +100089720060806
898 - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
899 on Solaris 10
900
90120060806
Darren Tucker32ab2ae2006-08-06 21:23:27 +1000902 - (dtucker) [defines.h] With the includes.h changes we no longer get the
903 name clash on "YES" so we can remove the workaround for it.
Darren Tuckerf78fb542006-08-06 21:25:24 +1000904 - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
905 glob.c}] Include stdlib.h for malloc and friends in compat code.
Darren Tucker32ab2ae2006-08-06 21:23:27 +1000906
Damien Miller437edb92006-08-05 09:11:13 +100090720060805
908 - (djm) OpenBSD CVS Sync
909 - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
910 [sshconnect.c]
911 disable tunnel forwarding when no strict host key checking
912 and key changed; ok djm@ markus@ dtucker@
Damien Miller7c6e4b02006-08-05 09:33:15 +1000913 - stevesk@cvs.openbsd.org 2006/07/25 02:01:34
914 [scard.c]
915 need #include <string.h>
Damien Miller9aec9192006-08-05 10:57:45 +1000916 - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
917 [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
918 [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
919 move #include <sys/time.h> out of includes.h
Damien Miller8dbffe72006-08-05 11:02:17 +1000920 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
921 [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
922 [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
923 [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
924 [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
925 [uidswap.c xmalloc.c]
926 move #include <sys/param.h> out of includes.h
Damien Millere7a1e5c2006-08-05 11:34:19 +1000927 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
928 [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
929 [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
930 [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
931 [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
932 [sshconnect1.c sshd.c xmalloc.c]
933 move #include <stdlib.h> out of includes.h
Damien Miller858bb7d2006-08-05 11:34:51 +1000934 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
935 [ssh_config.5]
936 avoid confusing wording in HashKnownHosts:
937 originally spotted by alan amesbury;
938 ok deraadt
Damien Miller1a5b4042006-08-05 11:35:23 +1000939 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
940 [ssh_config.5]
941 avoid confusing wording in HashKnownHosts:
942 originally spotted by alan amesbury;
943 ok deraadt
Damien Millerda828392006-08-05 11:35:45 +1000944 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
945 [sshconnect.c]
946 Allow fallback to known_hosts entries without port qualifiers for
947 non-standard ports too, so that all existing known_hosts entries will be
948 recognised. Requested by, feedback and ok markus@
Damien Millera7a73ee2006-08-05 11:37:59 +1000949 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
950 [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
951 [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
952 [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
953 [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
954 [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
955 [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
956 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
957 [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
958 [uuencode.h xmalloc.c]
959 move #include <stdio.h> out of includes.h
Damien Miller4dec5d72006-08-05 11:38:40 +1000960 - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
961 [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
962 clean extra spaces
Damien Millerd7834352006-08-05 12:39:39 +1000963 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
964 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
965 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
966 [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
967 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
968 [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
969 [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
970 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
971 [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
972 [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
973 [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
974 [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
975 [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
976 [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
977 [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
978 [serverloop.c session.c session.h sftp-client.c sftp-common.c]
979 [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
980 [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
981 [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
982 [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
983 [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
984 [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
985 almost entirely get rid of the culture of ".h files that include .h files"
986 ok djm, sort of ok stevesk
987 makes the pain stop in one easy step
988 NB. portable commit contains everything *except* removing includes.h, as
989 that will take a fair bit more work as we move headers that are required
990 for portability workarounds to defines.h. (also, this step wasn't "easy")
Damien Miller9ab00b42006-08-05 12:40:11 +1000991 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
992 [monitor.c session.c ssh-agent.c]
993 spaces
Damien Miller2ab323e2006-08-05 12:43:32 +1000994 - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c
Damien Miller4cbfe8e2006-08-05 12:49:30 +1000995 - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
996 remove last traces of bufaux.h - it was merged into buffer.h in the big
997 includes.h commit
Damien Miller36cbe412006-08-05 12:54:24 +1000998 - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec
Damien Millerd04db592006-08-05 13:27:29 +1000999 - (djm) [openbsd-compat/regress/snprintftest.c]
1000 [openbsd-compat/regress/strduptest.c] Add missing includes so they pass
1001 compilation with "-Wall -Werror"
Damien Miller75bb6642006-08-05 14:07:20 +10001002 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
1003 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
1004 includes for Linux in
Darren Tucker90659f82006-08-05 14:46:27 +10001005 - (dtucker) [cleanup.c] Need defines.h for __dead.
Darren Tucker8c6feda2006-08-05 15:24:59 +10001006 - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable.
Darren Tuckere7eec902006-08-05 15:47:26 +10001007 - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of
1008 #include stdarg.h, needed for log.h.
Darren Tuckerecf28ba2006-08-05 15:50:20 +10001009 - (dtucker) [entropy.c] Needs unistd.h too.
Darren Tucker4c655432006-08-05 15:57:40 +10001010 - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h.
Darren Tuckerd8aec102006-08-05 16:12:15 +10001011 - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc.
Darren Tucker8a15f012006-08-05 16:27:20 +10001012 - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
1013 otherwise it is implicitly declared as returning an int.
Darren Tucker1a3d6e72006-08-05 18:46:47 +10001014 - (dtucker) OpenBSD CVS Sync
1015 - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
1016 [auth2-none.c sshd.c monitor_wrap.c]
1017 Add headers required to build with KERBEROS5=no. ok djm@
Darren Tucker260cb352006-08-05 18:48:01 +10001018 - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
1019 [auth-skey.c]
1020 Add headers required to build with -DSKEY. ok djm@
Darren Tuckerd6a23f22006-08-05 18:50:35 +10001021 - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
1022 [monitor_wrap.c auth-skey.c auth2-chall.c]
1023 Zap unused variables in -DSKEY code. ok djm@
Darren Tuckerf676c572006-08-05 18:51:08 +10001024 - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
1025 [packet.c]
1026 Typo in comment
Darren Tucker92350102006-08-05 19:08:16 +10001027 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
1028 on Cygwin.
Darren Tucker2b4e38b2006-08-05 19:18:08 +10001029 - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa.
Darren Tucker6e1a9aa2006-08-05 19:56:00 +10001030 - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h.
Darren Tucker79ba8682006-08-06 00:05:09 +10001031 - (dtucker) [audit.c audit.h] Repair headers.
Darren Tucker3e714512006-08-06 00:12:54 +10001032 - (dtucker) [audit-bsm.c] Add additional headers now required.
Damien Miller437edb92006-08-05 09:11:13 +10001033
Darren Tuckerf1f4bdd2006-08-04 19:44:23 +1000103420060804
1035 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
1036 versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
1037 rather than just compiling it. Spotted by dlg@.
1038
Darren Tucker88fdc832006-08-02 23:33:54 +1000103920060802
1040 - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
1041
Darren Tucker94346f82006-07-25 19:52:07 +1000104220060725
1043 - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
1044
Damien Millerd04f3572006-07-24 13:46:50 +1000104520060724
1046 - (djm) OpenBSD CVS Sync
1047 - jmc@cvs.openbsd.org 2006/07/12 13:39:55
1048 [sshd_config.5]
1049 - new sentence, new line
1050 - s/The the/The/
1051 - kill a bad comma
Damien Millerbe43ebf2006-07-24 13:51:51 +10001052 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
Damien Miller939878b2006-07-24 13:52:06 +10001053 [auth-options.c canohost.c channels.c includes.h readconf.c]
1054 [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
Damien Millerbe43ebf2006-07-24 13:51:51 +10001055 move #include <netdb.h> out of includes.h; ok djm@
Damien Miller2d00e632006-07-24 13:53:19 +10001056 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
1057 [includes.h ssh.c ssh-rand-helper.c]
1058 move #include <stddef.h> out of includes.h
Damien Millerdef915b2006-07-24 13:55:56 +10001059 - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
1060 [monitor_wrap.h]
1061 don't need incompletely-typed 'struct passwd' now with
1062 #include <pwd.h>; ok markus@
Damien Millere6b3b612006-07-24 14:01:23 +10001063 - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
1064 [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
1065 [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
1066 [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
1067 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
1068 [sshconnect.c sshlogin.c sshpty.c uidswap.c]
1069 move #include <unistd.h> out of includes.h
Damien Miller98299262006-07-24 14:01:43 +10001070 - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
1071 [auth-options.c]
1072 Use '\0' rather than 0 to terminates strings; ok djm@
Damien Miller9b439df2006-07-24 14:04:00 +10001073 - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
1074 [channels.c channels.h servconf.c sshd_config.5]
1075 Add PermitOpen directive to sshd_config which is equivalent to the
1076 "permitopen" key option. Allows server admin to allow TCP port
1077 forwarding only two specific host/port pairs. Useful when combined
1078 with Match.
1079 If permitopen is used in both sshd_config and a key option, both
1080 must allow a given connection before it will be permitted.
1081 Note that users can still use external forwarders such as netcat,
1082 so to be those must be controlled too for the limits to be effective.
1083 Feedback & ok djm@, man page corrections & ok jmc@.
Damien Miller65bc2c42006-07-24 14:04:16 +10001084 - jmc@cvs.openbsd.org 2006/07/18 07:50:40
1085 [sshd_config.5]
1086 tweak; ok dtucker
Damien Miller22d47ab2006-07-24 14:04:36 +10001087 - jmc@cvs.openbsd.org 2006/07/18 07:56:28
1088 [scp.1]
1089 replace DIAGNOSTICS with .Ex;
Damien Miller393821a2006-07-24 14:04:53 +10001090 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
1091 [ssh-agent.1 sshd_config.5]
1092 mark up angle brackets;
Damien Miller8c234032006-07-24 14:05:08 +10001093 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
1094 [sshd_config.5]
1095 Clarify description of Match, with minor correction from jmc@
Damien Millerf757d222006-07-24 14:05:24 +10001096 - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
1097 [dh.c]
1098 remove unneeded includes; ok djm@
Damien Millerd1de9952006-07-24 14:05:48 +10001099 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41
1100 [servconf.c sshd_config.5]
1101 Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
1102 Match. ok djm@
Damien Millere2754432006-07-24 14:06:47 +10001103 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
1104 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
1105 Add ForceCommand keyword to sshd_config, equivalent to the "command="
1106 key option, man page entry and example in sshd_config.
1107 Feedback & ok djm@, man page corrections & ok jmc@
Damien Miller1cdde6f2006-07-24 14:07:35 +10001108 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
1109 [auth1.c serverloop.c session.c sshconnect2.c]
1110 missed some needed #include <unistd.h> when KERBEROS5=no; issue from
1111 massimo@cedoc.mo.it
Damien Millera765cf42006-07-24 14:08:13 +10001112 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
1113 [channels.c channels.h servconf.c servconf.h sshd_config.5]
1114 Make PermitOpen take a list of permitted ports and act more like most
1115 other keywords (ie the first match is the effective setting). This
1116 also makes it easier to override a previously set PermitOpen. ok djm@
Damien Miller8473dd82006-07-24 14:08:32 +10001117 - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
1118 [channels.c]
1119 more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
Damien Milleree0d0db2006-07-24 14:08:50 +10001120 - stevesk@cvs.openbsd.org 2006/07/21 21:26:55
1121 [progressmeter.c]
1122 ARGSUSED for signal handler
Damien Miller5598b4f2006-07-24 14:09:40 +10001123 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
1124 [includes.h moduli.c progressmeter.c scp.c sftp-common.c]
1125 [sftp-server.c ssh-agent.c sshlogin.c]
1126 move #include <time.h> out of includes.h
Damien Millere3476ed2006-07-24 14:13:33 +10001127 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
1128 [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
1129 [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
1130 [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
1131 [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
1132 [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
1133 [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
1134 [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
1135 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
1136 [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
1137 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
1138 [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
1139 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
1140 [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
1141 move #include <string.h> out of includes.h
Damien Millerd8337c52006-07-24 14:14:19 +10001142 - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
1143 [auth.h dispatch.c kex.h sftp-client.c]
1144 #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
1145 move
Damien Millerb8fe89c2006-07-24 14:51:00 +10001146 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
1147 [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
1148 [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
1149 [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
1150 [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
1151 [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
1152 [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
1153 [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
1154 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
1155 [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
1156 make the portable tree compile again - sprinkle unistd.h and string.h
1157 back in. Don't redefine __unused, as it turned out to be used in
1158 headers on Linux, and replace its use in auth-pam.c with ARGSUSED
Damien Miller8b373ba2006-07-24 14:55:47 +10001159 - (djm) [openbsd-compat/glob.c]
1160 Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
1161 on OpenBSD (or other platforms with a decent glob implementation) with
1162 -Werror
Damien Miller874bc482006-07-24 14:58:07 +10001163 - (djm) [uuencode.c]
1164 Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
1165 some platforms
Damien Millerad5ecbf2006-07-24 15:03:06 +10001166 - (djm) [session.c]
1167 fix compile error with -Werror -Wall: 'path' is only used in
1168 do_setup_env() if HAVE_LOGIN_CAP is not defined
Damien Miller62da44f2006-07-24 15:08:35 +10001169 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
1170 [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
1171 [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
1172 [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
1173 [openbsd-compat/rresvport.c]
1174 These look to need string.h and/or unistd.h (based on a grep for function
1175 names)
Damien Miller24f2a422006-07-24 15:30:18 +10001176 - (djm) [Makefile.in]
1177 Remove generated openbsd-compat/regress/Makefile in distclean target
Damien Miller7b1877c2006-07-24 15:31:41 +10001178 - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
1179 [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
1180 Sync regress tests to -current; include dtucker@'s new cfgmatch and
1181 forcecommand tests. Add cipher-speed.sh test (not linked in yet)
Darren Tucker22c58b02006-07-24 23:19:40 +10001182 - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
1183 system headers before defines.h will cause conflicting definitions.
Darren Tucker28e9ad12006-07-24 23:50:23 +10001184 - (dtucker) [regress/forcecommand.sh] Portablize.
Damien Miller62da44f2006-07-24 15:08:35 +10001185
Darren Tucker341dae52006-07-13 08:45:14 +1000118620060713
1187 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
1188
Darren Tucker248469b2006-07-12 14:14:31 +1000118920060712
Darren Tucker250f1a62006-07-12 19:01:29 +10001190 - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and
1191 O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old
1192 Linuxes and probably more.
Darren Tucker128a0892006-07-12 19:02:56 +10001193 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
1194 for SHUT_RD.
Darren Tucker686852f2006-07-12 19:05:56 +10001195 - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
1196 <netinet/ip.h>.
Darren Tuckera5362452006-07-12 22:07:08 +10001197 - (dtucker) OpenBSD CVS Sync
1198 - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
1199 [sftp-glob.c sftp-common.h sftp.c]
1200 buffer.h only needed in sftp-common.h and remove some unneeded
1201 user includes; ok djm@
Darren Tucker11318472006-07-12 22:07:59 +10001202 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
1203 [sshd.8]
1204 s/and and/and/
Darren Tucker5d196262006-07-12 22:15:16 +10001205 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
1206 [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
1207 auth.c packet.c log.c]
1208 move #include <stdarg.h> out of includes.h; ok markus@
Darren Tucker284706a2006-07-12 22:16:23 +10001209 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
1210 [ssh.c]
1211 Only copy the part of environment variable that we actually use. Prevents
1212 ssh bailing when SendEnv is used and an environment variable with a really
1213 long value exists. ok djm@
Darren Tuckere7d4b192006-07-12 22:17:10 +10001214 - markus@cvs.openbsd.org 2006/07/11 18:50:48
1215 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
1216 channels.h readconf.c]
1217 add ExitOnForwardFailure: terminate the connection if ssh(1)
1218 cannot set up all requested dynamic, local, and remote port
1219 forwardings. ok djm, dtucker, stevesk, jmc
Darren Tucker39972492006-07-12 22:22:46 +10001220 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
1221 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
1222 sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
1223 includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
1224 sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
1225 ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
1226 move #include <errno.h> out of includes.h; ok markus@
Darren Tucker57f42242006-07-12 22:23:35 +10001227 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
1228 [ssh.c]
1229 cast asterisk field precision argument to int to remove warning;
1230 ok markus@
Darren Tuckerba724052006-07-12 22:24:22 +10001231 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
1232 [authfile.c ssh.c]
1233 need <errno.h> here also (it's also included in <openssl/err.h>)
Darren Tucker45150472006-07-12 22:34:17 +10001234 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
1235 [sshd.c servconf.h servconf.c sshd_config.5 auth.c]
1236 Add support for conditional directives to sshd_config via a "Match"
1237 keyword, which works similarly to the "Host" directive in ssh_config.
1238 Lines after a Match line override the default set in the main section
1239 if the condition on the Match line is true, eg
1240 AllowTcpForwarding yes
1241 Match User anoncvs
1242 AllowTcpForwarding no
1243 will allow port forwarding by all users except "anoncvs".
1244 Currently only a very small subset of directives are supported.
1245 ok djm@
Darren Tucker2c1a02a2006-07-12 22:40:50 +10001246 - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
1247 openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
1248 openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
Darren Tucker767e4132006-07-12 22:43:28 +10001249 - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
Darren Tuckerdeecec92006-07-12 22:44:34 +10001250 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
Darren Tucker5998ed02006-07-12 23:10:33 +10001251 - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
Darren Tucker2eaea992006-07-12 23:41:33 +10001252 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
1253 openbsd-compat/rresvport.c] More errno.h.
1254
Darren Tucker44c828f2006-07-11 18:00:06 +1000125520060711
1256 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
1257 openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
1258 include paths.h. Fixes build error on Solaris.
Darren Tuckere0e4aad2006-07-11 19:01:51 +10001259 - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
1260 others).
Darren Tucker44c828f2006-07-11 18:00:06 +10001261
Darren Tuckere34c96a2006-07-10 12:55:24 +1000126220060710
1263 - (dtucker) [INSTALL] New autoconf version: 2.60.
Damien Miller1e88ea62006-07-10 20:15:56 +10001264 - OpenBSD CVS Sync
1265 - djm@cvs.openbsd.org 2006/06/14 10:50:42
1266 [sshconnect.c]
1267 limit the number of pre-banner characters we will accept; ok markus@
Damien Miller43020952006-07-10 20:16:12 +10001268 - djm@cvs.openbsd.org 2006/06/26 10:36:15
1269 [clientloop.c]
1270 mention optional bind_address in runtime port forwarding setup
1271 command-line help. patch from santhi.amirta AT gmail.com
Damien Miller991dba42006-07-10 20:16:27 +10001272 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
1273 [ssh.1 ssh.c ssh_config.5 sshd_config.5]
1274 more details and clarity for tun(4) device forwarding; ok and help
1275 jmc@
Damien Miller5d3ac7f2006-07-10 20:17:55 +10001276 - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
1277 [gss-serv-krb5.c gss-serv.c]
1278 no "servconf.h" needed here
1279 (gss-serv-krb5.c change not applied, portable needs the server options)
Damien Miller427a1d52006-07-10 20:20:33 +10001280 - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
1281 [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
1282 move #include <grp.h> out of includes.h
1283 (portable needed uidswap.c too)
Damien Miller57e8ad32006-07-10 20:20:52 +10001284 - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
1285 [clientloop.c ssh.1]
1286 use -KR[bind_address:]port here; ok djm@
Damien Millerb7576772006-07-10 20:23:39 +10001287 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
1288 [includes.h ssh.c sshconnect.c sshd.c]
1289 move #include "version.h" out of includes.h; ok markus@
Damien Millerefc04e72006-07-10 20:26:27 +10001290 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
1291 [channels.c includes.h]
1292 move #include <arpa/inet.h> out of includes.h; old ok djm@
1293 (portable needed session.c too)
Damien Miller8ec8c3e2006-07-10 20:35:38 +10001294 - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
1295 [canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
1296 [serverloop.c sshconnect.c uuencode.c]
1297 move #include <netinet/in.h> out of includes.h; ok deraadt@
1298 (also ssh-rand-helper.c logintest.c loginrec.c)
Damien Miller917f9b62006-07-10 20:36:47 +10001299 - djm@cvs.openbsd.org 2006/07/06 10:47:05
1300 [servconf.c servconf.h session.c sshd_config.5]
1301 support arguments to Subsystem commands; ok markus@
Damien Millerfef95ad2006-07-10 20:46:55 +10001302 - djm@cvs.openbsd.org 2006/07/06 10:47:57
1303 [sftp-server.8 sftp-server.c]
1304 add commandline options to enable logging of transactions; ok markus@
Damien Miller9f2abc42006-07-10 20:53:08 +10001305 - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
1306 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
1307 [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
1308 [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
1309 [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
1310 [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
1311 [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
1312 [uidswap.h]
1313 move #include <pwd.h> out of includes.h; ok markus@
Damien Miller69996102006-07-10 20:53:31 +10001314 - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
1315 [ssh-keygen.c]
1316 move #include "dns.h" up
Damien Miller58059ae2006-07-10 20:53:45 +10001317 - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
1318 [monitor_wrap.h]
1319 typo in comment
Damien Millere3b60b52006-07-10 21:08:03 +10001320 - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
1321 [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
1322 [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
1323 [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
1324 move #include <sys/socket.h> out of includes.h
Damien Millere33b6032006-07-10 21:08:34 +10001325 - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
1326 [monitor.c session.c]
1327 missed these from last commit:
1328 move #include <sys/socket.h> out of includes.h
Damien Miller194a1cb2006-07-10 21:09:22 +10001329 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
1330 [log.c]
1331 move user includes after /usr/include files
Damien Miller57cf6382006-07-10 21:13:46 +10001332 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
1333 [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
1334 [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
1335 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
1336 [sshlogin.c sshpty.c]
1337 move #include <fcntl.h> out of includes.h
Damien Miller211838d2006-07-10 21:14:00 +10001338 - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
1339 [ssh-add.c]
1340 use O_RDONLY vs. 0 in open(); no binary change
Damien Millerc718c742006-07-10 21:31:00 +10001341 - djm@cvs.openbsd.org 2006/07/10 11:24:54
1342 [sftp-server.c]
1343 remove optind - it isn't used here
Damien Miller6444fe92006-07-10 21:31:27 +10001344 - djm@cvs.openbsd.org 2006/07/10 11:25:53
1345 [sftp-server.c]
1346 don't log variables that aren't yet set
Damien Millera1738e42006-07-10 21:33:04 +10001347 - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
1348 [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
1349 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
1350 [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
Damien Miller3d1a9f42006-07-10 22:19:53 +10001351 - OpenBSD CVS Sync
1352 - djm@cvs.openbsd.org 2006/07/10 12:03:20
1353 [scp.c]
1354 duplicate argv at the start of main() because it gets modified later;
1355 pointed out by deraadt@ ok markus@
Damien Miller0f077072006-07-10 22:21:02 +10001356 - djm@cvs.openbsd.org 2006/07/10 12:08:08
1357 [channels.c]
1358 fix misparsing of SOCKS 5 packets that could result in a crash;
1359 reported by mk@ ok markus@
Darren Tuckerda345532006-07-10 23:04:19 +10001360 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
1361 [misc.c misc.h sshd.8 sshconnect.c]
1362 Add port identifier to known_hosts for non-default ports, based originally
1363 on a patch from Devin Nate in bz#910.
1364 For any connection using the default port or using a HostKeyAlias the
1365 format is unchanged, otherwise the host name or address is enclosed
1366 within square brackets in the same format as sshd's ListenAddress.
1367 Tested by many, ok markus@.
Darren Tucker4e880e62006-07-11 00:20:51 +10001368 - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
1369 for struct sockaddr on platforms that use the fake-rfc stuff.
Darren Tuckere34c96a2006-07-10 12:55:24 +10001370
Darren Tuckerbdc12122006-07-06 11:56:25 +1000137120060706
1372 - (dtucker) [configure.ac] Try AIX blibpath test in different order when
1373 compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
1374 configure would not select the correct libpath linker flags.
Darren Tuckerf32f5522006-07-06 19:12:08 +10001375 - (dtucker) [INSTALL] A bit more info on autoconf.
Darren Tuckerbdc12122006-07-06 11:56:25 +10001376
Darren Tuckerdaf6ff42006-07-05 21:35:48 +1000137720060705
1378 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
1379 target already exists.
1380
Darren Tucker66c32d52006-06-30 10:51:32 +1000138120060630
1382 - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
1383 declaration too. Patch from russ at sludge.net.
Darren Tucker7243f9d2006-06-30 11:47:49 +10001384 - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
1385 prevents warnings on platforms where _res is in the system headers.
Darren Tuckerdb4c54b2006-06-30 16:20:58 +10001386 - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
1387 version.
Darren Tucker66c32d52006-06-30 10:51:32 +10001388
Darren Tucker8b272ab2006-06-27 11:20:28 +1000138920060627
1390 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
1391 with autoconf 2.60. Patch from vapier at gentoo.org.
1392
Darren Tucker144e8d62006-06-25 08:25:25 +1000139320060625
1394 - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
1395 only, otherwise sshd can hang exiting non-interactive sessions.
1396
Darren Tucker0249f932006-06-24 12:10:07 +1000139720060624
1398 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
1399 Works around limitation in Solaris' passwd program for changing passwords
1400 where the username is longer than 8 characters. ok djm@
Darren Tucker03890e42006-06-24 16:58:45 +10001401 - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
1402 #1102 workaround.
Darren Tucker0249f932006-06-24 12:10:07 +10001403
Darren Tucker3eb48342006-06-23 21:05:12 +1000140420060623
1405 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
1406 tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
1407 from reyk@, tested by anil@
Darren Tucker9afe1152006-06-23 21:24:12 +10001408 - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
1409 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
1410 on the pty slave as zero-length reads on the pty master, which sshd
1411 interprets as the descriptor closing. Since most things don't do zero
1412 length writes this rarely matters, but occasionally it happens, and when
1413 it does the SSH pty session appears to hang, so we add a special case for
1414 this condition. ok djm@
Darren Tucker3eb48342006-06-23 21:05:12 +10001415
Damien Millere250a942006-06-13 12:59:53 +1000141620060613
Damien Miller64346082006-06-13 13:15:54 +10001417 - (djm) [getput.h] This file has been replaced by functions in misc.c
Damien Millere250a942006-06-13 12:59:53 +10001418 - OpenBSD CVS Sync
1419 - djm@cvs.openbsd.org 2006/05/08 10:49:48
1420 [sshconnect2.c]
1421 uint32_t -> u_int32_t (which we use everywhere else)
1422 (Id sync only - portable already had this)
Damien Miller24fd8dd2006-06-13 13:00:09 +10001423 - markus@cvs.openbsd.org 2006/05/16 09:00:00
1424 [clientloop.c]
1425 missing free; from Kylene Hall
Damien Miller40b59852006-06-13 13:00:25 +10001426 - markus@cvs.openbsd.org 2006/05/17 12:43:34
1427 [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
1428 fix leak; coverity via Kylene Jo Hall
Damien Millerad6b14d2006-06-13 13:00:41 +10001429 - miod@cvs.openbsd.org 2006/05/18 21:27:25
1430 [kexdhc.c kexgexc.c]
1431 paramter -> parameter
Damien Miller658f9452006-06-13 13:00:55 +10001432 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
1433 [ssh_config.5]
1434 Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
Damien Miller81a38922006-06-13 13:01:09 +10001435 - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
1436 [ssh_config]
Damien Miller3c6ed7b2006-06-13 13:01:41 +10001437 Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in
1438 sample ssh_config. ok markus@
1439 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
1440 [ssh_config.5]
1441 oops - previous was too long; split the list of auths up
Damien Millerfbc94c82006-06-13 13:03:16 +10001442 - mk@cvs.openbsd.org 2006/05/30 11:46:38
1443 [ssh-add.c]
1444 Sync usage() with man page and reality.
1445 ok deraadt dtucker
1446 - jmc@cvs.openbsd.org 2006/05/29 16:13:23
1447 [ssh.1]
1448 add GSSAPI to the list of authentication methods supported;
Damien Miller7b1e7572006-06-13 13:03:34 +10001449 - mk@cvs.openbsd.org 2006/05/30 11:46:38
1450 [ssh-add.c]
1451 Sync usage() with man page and reality.
1452 ok deraadt dtucker
Damien Millereb13e552006-06-13 13:03:53 +10001453 - markus@cvs.openbsd.org 2006/06/01 09:21:48
1454 [sshd.c]
1455 call get_remote_ipaddr() early; fixes logging after client disconnects;
1456 report mpf@; ok dtucker@
Damien Miller6b4069a2006-06-13 13:05:15 +10001457 - markus@cvs.openbsd.org 2006/06/06 10:20:20
1458 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
1459 replace remaining setuid() calls with permanently_set_uid() and
1460 check seteuid() return values; report Marcus Meissner; ok dtucker djm
Damien Miller2e5fe882006-06-13 13:10:00 +10001461 - markus@cvs.openbsd.org 2006/06/08 14:45:49
1462 [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
1463 do not set the gid, noted by solar; ok djm
Damien Millera6680a42006-06-13 13:10:18 +10001464 - djm@cvs.openbsd.org 2006/06/13 01:18:36
1465 [ssh-agent.c]
1466 always use a format string, even when printing a constant
1467 - djm@cvs.openbsd.org 2006/06/13 02:17:07
1468 [ssh-agent.c]
1469 revert; i am on drugs. spotted by alexander AT beard.se
Damien Millere250a942006-06-13 12:59:53 +10001470
Darren Tuckerf14b2aa2006-05-21 18:26:40 +1000147120060521
1472 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
1473 and slave, we can remove the special-case handling in the audit hook in
1474 auth_log.
1475
147620060517
Darren Tuckerf58b29d2006-05-17 22:24:56 +10001477 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
1478 pointer leak. From kjhall at us.ibm.com, found by coverity.
1479
Darren Tuckerf14b2aa2006-05-21 18:26:40 +1000148020060515
Darren Tucker13c539a2006-05-15 17:15:56 +10001481 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
1482 _res, prevents problems on some platforms that have _res as a global but
1483 don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
1484 georg.schwarz at freenet.de, ok djm@.
Darren Tuckercefd8bb2006-05-15 17:17:29 +10001485 - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
1486 default. Patch originally from tim@, ok djm
Darren Tucker2c77b7f2006-05-15 17:22:33 +10001487 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
1488 do not allow kbdint again after the PAM account check fails. ok djm@
Darren Tucker13c539a2006-05-15 17:15:56 +10001489
Darren Tuckerf14b2aa2006-05-21 18:26:40 +1000149020060506
Darren Tucker73373872006-05-15 17:24:25 +10001491 - (dtucker) OpenBSD CVS Sync
Darren Tucker232b76f2006-05-06 17:41:51 +10001492 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
1493 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
1494 Prevent ssh from trying to open private keys with bad permissions more than
1495 once or prompting for their passphrases (which it subsequently ignores
1496 anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
Darren Tucker31cde682006-05-06 17:43:33 +10001497 - djm@cvs.openbsd.org 2006/05/04 14:55:23
1498 [dh.c]
1499 tighter DH exponent checks here too; feedback and ok markus@
Darren Tuckerf779f672006-05-06 17:48:48 +10001500 - djm@cvs.openbsd.org 2006/04/01 05:37:46
1501 [OVERVIEW]
1502 $OpenBSD$ in here too
Darren Tucker43ff44e2006-05-06 18:40:53 +10001503 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
1504 [auth-krb5.c]
1505 Add $OpenBSD$ in comment here too
Darren Tucker232b76f2006-05-06 17:41:51 +10001506
Darren Tuckerd8093e42006-05-04 16:24:34 +1000150720060504
1508 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
1509 session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
1510 openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
1511 in Portable-only code; since calloc zeros, remove now-redundant memsets.
1512 Also add a couple of sanity checks. With & ok djm@
1513
Darren Tucker596d3382006-05-03 19:01:09 +1000151420060503
1515 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
1516 and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
1517 "no objections" tim@
1518
Damien Miller07aa1322006-04-23 12:04:27 +1000151920060423
1520 - (djm) OpenBSD CVS Sync
1521 - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
1522 [scp.c]
1523 minimal lint cleanup (unused crud, and some size_t); ok djm
Damien Miller7a656f72006-04-23 12:04:46 +10001524 - djm@cvs.openbsd.org 2006/04/01 05:50:29
1525 [scp.c]
1526 xasprintification; ok deraadt@
Damien Miller603e68f2006-04-23 12:05:32 +10001527 - djm@cvs.openbsd.org 2006/04/01 05:51:34
1528 [atomicio.c]
1529 ANSIfy; requested deraadt@
1530 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
1531 [ssh-keysign.c]
1532 sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
Damien Miller63e437f2006-04-23 12:05:46 +10001533 - djm@cvs.openbsd.org 2006/04/03 07:10:38
1534 [gss-genr.c]
1535 GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
1536 by dleonard AT vintela.com. use xasprintf() to simplify code while in
1537 there; "looks right" deraadt@
Damien Miller499a0d52006-04-23 12:06:03 +10001538 - djm@cvs.openbsd.org 2006/04/16 00:48:52
1539 [buffer.c buffer.h channels.c]
1540 Fix condition where we could exit with a fatal error when an input
1541 buffer became too large and the remote end had advertised a big window.
1542 The problem was a mismatch in the backoff math between the channels code
1543 and the buffer code, so make a buffer_check_alloc() function that the
1544 channels code can use to propsectivly check whether an incremental
1545 allocation will succeed. bz #1131, debugged with the assistance of
1546 cove AT wildpackets.com; ok dtucker@ deraadt@
Damien Miller6aa139c2006-04-23 12:06:20 +10001547 - djm@cvs.openbsd.org 2006/04/16 00:52:55
1548 [atomicio.c atomicio.h]
1549 introduce atomiciov() function that wraps readv/writev to retry
1550 interrupted transfers like atomicio() does for read/write;
1551 feedback deraadt@ dtucker@ stevesk@ ok deraadt@
Damien Miller58ca98b2006-04-23 12:06:35 +10001552 - djm@cvs.openbsd.org 2006/04/16 00:54:10
1553 [sftp-client.c]
1554 avoid making a tiny 4-byte write to send the packet length of sftp
1555 commands, which would result in a separate tiny packet on the wire by
1556 using atomiciov(writev, ...) to write the length and the command in one
1557 pass; ok deraadt@
Damien Millerb5ea7e72006-04-23 12:06:49 +10001558 - djm@cvs.openbsd.org 2006/04/16 07:59:00
1559 [atomicio.c]
1560 reorder sanity test so that it cannot dereference past the end of the
1561 iov array; well spotted canacar@!
Damien Miller58629fa2006-04-23 12:08:19 +10001562 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
Damien Miller7b50b202006-04-23 12:31:27 +10001563 [bufaux.c bufbn.c Makefile.in]
Damien Miller58629fa2006-04-23 12:08:19 +10001564 Move Buffer bignum functions into their own file, bufbn.c. This means
1565 that sftp and sftp-server (which use the Buffer functions in bufaux.c
1566 but not the bignum ones) no longer need to be linked with libcrypto.
1567 ok markus@
Damien Miller97c91f62006-04-23 12:08:37 +10001568 - djm@cvs.openbsd.org 2006/04/20 09:27:09
1569 [auth.h clientloop.c dispatch.c dispatch.h kex.h]
1570 replace the last non-sig_atomic_t flag used in a signal handler with a
1571 sig_atomic_t, unfortunately with some knock-on effects in other (non-
1572 signal) contexts in which it is used; ok markus@
Damien Miller56e5e6a2006-04-23 12:08:59 +10001573 - markus@cvs.openbsd.org 2006/04/20 09:47:59
1574 [sshconnect.c]
1575 simplify; ok djm@
Damien Miller525a0b02006-04-23 12:10:49 +10001576 - djm@cvs.openbsd.org 2006/04/20 21:53:44
1577 [includes.h session.c sftp.c]
1578 Switch from using pipes to socketpairs for communication between
1579 sftp/scp and ssh, and between sshd and its subprocesses. This saves
1580 a file descriptor per session and apparently makes userland ppp over
1581 ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
1582 decision on a per-platform basis)
Damien Miller2282c6e2006-04-23 12:11:57 +10001583 - djm@cvs.openbsd.org 2006/04/22 04:06:51
1584 [uidswap.c]
1585 use setres[ug]id() to permanently revoke privileges; ok deraadt@
1586 (ID Sync only - portable already uses setres[ug]id() whenever possible)
Damien Miller08d4b0c2006-04-23 12:12:24 +10001587 - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
1588 [crc32.c]
1589 remove extra spaces
Damien Miller2bdd1c12006-04-23 12:28:53 +10001590 - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
1591 sig_atomic_t
Damien Miller07aa1322006-04-23 12:04:27 +10001592
Damien Miller73b42d22006-04-22 21:26:08 +1000159320060421
1594 - (djm) [Makefile.in configure.ac session.c sshpty.c]
1595 [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
1596 [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
1597 [openbsd-compat/port-linux.h] Add support for SELinux, setting
1598 the execution and TTY contexts. based on patch from Daniel Walsh,
1599 bz #880; ok dtucker@
1600
Damien Miller2eaf37d2006-04-18 15:13:16 +1000160120060418
Damien Miller73b42d22006-04-22 21:26:08 +10001602 - (djm) [canohost.c] Reorder IP options check so that it isn't broken
1603 by mapped addresses; bz #1179 reported by markw wtech-llc.com;
Damien Miller2eaf37d2006-04-18 15:13:16 +10001604 ok dtucker@
1605
Damien Millerda380be2006-03-31 23:09:17 +1100160620060331
1607 - OpenBSD CVS Sync
1608 - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
1609 [xmalloc.c]
1610 we can do the size & nmemb check before the integer overflow check;
1611 evol
Damien Miller5a73c1a2006-03-31 23:09:41 +11001612 - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
1613 [dh.c]
1614 use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
Damien Miller2b5a0de2006-03-31 23:10:31 +11001615 - djm@cvs.openbsd.org 2006/03/27 23:15:46
1616 [sftp.c]
1617 always use a format string for addargs; spotted by mouring@
Damien Millerddd63ab2006-03-31 23:10:51 +11001618 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
1619 [README.tun ssh.c]
1620 spacing
Damien Miller57c4e872006-03-31 23:11:07 +11001621 - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
1622 [channels.c]
1623 do not accept unreasonable X ports numbers; ok djm
Damien Miller89c3fe42006-03-31 23:11:28 +11001624 - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
1625 [ssh-agent.c]
1626 use strtonum() to parse the pid from the file, and range check it
1627 better; ok djm
Damien Millerd79b4242006-03-31 23:11:44 +11001628 - djm@cvs.openbsd.org 2006/03/30 09:41:25
1629 [channels.c]
1630 ARGSUSED for dispatch table-driven functions
Damien Miller3f941882006-03-31 23:13:02 +11001631 - djm@cvs.openbsd.org 2006/03/30 09:58:16
1632 [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
1633 [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
1634 replace {GET,PUT}_XXBIT macros with functionally similar functions,
1635 silencing a heap of lint warnings. also allows them to use
1636 __bounded__ checking which can't be applied to macros; requested
1637 by and feedback from deraadt@
Damien Miller6b1d53c2006-03-31 23:13:21 +11001638 - djm@cvs.openbsd.org 2006/03/30 10:41:25
1639 [ssh.c ssh_config.5]
1640 add percent escape chars to the IdentityFile option, bz #1159 based
1641 on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
Damien Millere23209f2006-03-31 23:13:35 +11001642 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
1643 [ssh-keygen.c]
1644 Correctly handle truncated files while converting keys; ok djm@
Damien Miller7a8f5b32006-03-31 23:14:23 +11001645 - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
1646 [auth.c monitor.c]
1647 Prevent duplicate log messages when privsep=yes; ok djm@
Damien Millerc6437cf2006-03-31 23:14:41 +11001648 - jmc@cvs.openbsd.org 2006/03/31 09:09:30
1649 [ssh_config.5]
1650 kill trailing whitespace;
Damien Millerdfc61832006-03-31 23:14:57 +11001651 - djm@cvs.openbsd.org 2006/03/31 09:13:56
1652 [ssh_config.5]
1653 remote user escape is %r not %h; spotted by jmc@
Damien Millerda380be2006-03-31 23:09:17 +11001654
Damien Millercb314822006-03-26 13:48:01 +1100165520060326
1656 - OpenBSD CVS Sync
1657 - jakob@cvs.openbsd.org 2006/03/15 08:46:44
1658 [ssh-keygen.c]
1659 if no key file are given when printing the DNS host record, use the
1660 host key file(s) as default. ok djm@
Damien Miller745570c2006-03-26 13:49:43 +11001661 - biorn@cvs.openbsd.org 2006/03/16 10:31:45
1662 [scp.c]
1663 Try to display errormessage even if remout == -1
1664 ok djm@, markus@
Damien Miller5b832322006-03-26 13:50:14 +11001665 - djm@cvs.openbsd.org 2006/03/17 22:31:50
1666 [authfd.c]
1667 another unreachable found by lint
Damien Miller304a9402006-03-26 13:50:37 +11001668 - djm@cvs.openbsd.org 2006/03/17 22:31:11
1669 [authfd.c]
1670 unreachanble statement, found by lint
Damien Miller6f98a1f2006-03-26 13:51:08 +11001671 - djm@cvs.openbsd.org 2006/03/19 02:22:32
1672 [serverloop.c]
1673 memory leaks detected by Coverity via elad AT netbsd.org;
1674 ok deraadt@ dtucker@
Damien Millere0b90a62006-03-26 13:51:44 +11001675 - djm@cvs.openbsd.org 2006/03/19 02:22:56
1676 [sftp.c]
1677 more memory leaks detected by Coverity via elad AT netbsd.org;
1678 deraadt@ ok
Damien Miller6db780e2006-03-26 13:52:20 +11001679 - djm@cvs.openbsd.org 2006/03/19 02:23:26
1680 [hostfile.c]
1681 FILE* leak detected by Coverity via elad AT netbsd.org;
1682 ok deraadt@
Damien Miller928b2362006-03-26 13:53:32 +11001683 - djm@cvs.openbsd.org 2006/03/19 02:24:05
1684 [dh.c readconf.c servconf.c]
1685 potential NULL pointer dereferences detected by Coverity
1686 via elad AT netbsd.org; ok deraadt@
Damien Miller5790b592006-03-26 13:54:03 +11001687 - djm@cvs.openbsd.org 2006/03/19 07:41:30
1688 [sshconnect2.c]
1689 memory leaks detected by Coverity via elad AT netbsd.org;
1690 deraadt@ ok
Damien Miller78f16cb2006-03-26 13:54:37 +11001691 - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
1692 [servconf.c]
1693 Correct strdelim null test; ok djm@
Damien Millerd62f2ca2006-03-26 13:57:41 +11001694 - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
1695 [auth1.c authfd.c channels.c]
1696 spacing
Damien Millerc91e5562006-03-26 13:58:55 +11001697 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
1698 [kex.c kex.h monitor.c myproposal.h session.c]
1699 spacing
Damien Millerf0b15df2006-03-26 13:59:20 +11001700 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
1701 [clientloop.c progressmeter.c serverloop.c sshd.c]
1702 ARGSUSED for signal handlers
Damien Miller3bbaba62006-03-26 13:59:38 +11001703 - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
1704 [ssh-keyscan.c]
1705 please lint
Damien Miller4662d342006-03-26 13:59:59 +11001706 - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
1707 [ssh.c]
1708 spacing
Damien Miller3305f552006-03-26 14:00:31 +11001709 - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
1710 [authfile.c]
1711 whoever thought that break after return was a good idea needs to
1712 get their head examimed
Damien Miller96937bd2006-03-26 14:01:54 +11001713 - djm@cvs.openbsd.org 2006/03/20 04:09:44
1714 [monitor.c]
1715 memory leaks detected by Coverity via elad AT netbsd.org;
1716 deraadt@ ok
1717 that should be all of them now
Damien Miller429fcc22006-03-26 14:02:16 +11001718 - djm@cvs.openbsd.org 2006/03/20 11:38:46
1719 [key.c]
1720 (really) last of the Coverity diffs: avoid possible NULL deref in
1721 key_free. via elad AT netbsd.org; markus@ ok
Damien Miller69b72032006-03-26 14:02:35 +11001722 - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
1723 [auth.c key.c misc.c packet.c ssh-add.c]
1724 in a switch (), break after return or goto is stupid
Damien Millerbbaad772006-03-26 14:03:03 +11001725 - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
1726 [key.c]
1727 djm did a typo
Damien Miller6d39bcf2006-03-26 14:03:21 +11001728 - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
1729 [ssh-rsa.c]
1730 in a switch (), break after return or goto is stupid
Damien Miller71a73672006-03-26 14:04:36 +11001731 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
Damien Miller1b81a492006-03-26 14:05:02 +11001732 [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
1733 [ssh.c sshpty.c sshpty.h]
Damien Miller71a73672006-03-26 14:04:36 +11001734 sprinkle u_int throughout pty subsystem, ok markus
Damien Miller91d4b122006-03-26 14:05:20 +11001735 - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
1736 [auth1.c auth2.c sshd.c]
1737 sprinkle some ARGSUSED for table driven functions (which sometimes
1738 must ignore their args)
Damien Miller90967402006-03-26 14:07:26 +11001739 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
1740 [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
1741 [ssh-rsa.c ssh.c sshlogin.c]
1742 annoying spacing fixes getting in the way of real diffs
Damien Miller9f3bd532006-03-26 14:07:52 +11001743 - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
1744 [monitor.c]
1745 spacing
Damien Miller4ae97f12006-03-26 14:08:10 +11001746 - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
1747 [channels.c]
1748 x11_fake_data is only ever used as u_char *
Damien Miller1ff7c642006-03-26 14:09:09 +11001749 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
1750 [dns.c]
1751 cast xstrdup to propert u_char *
Damien Miller1d2b6702006-03-26 14:09:54 +11001752 - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
1753 [canohost.c match.c ssh.c sshconnect.c]
1754 be strict with tolower() casting
Damien Miller4f7becb2006-03-26 14:10:14 +11001755 - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
1756 [channels.c fatal.c kex.c packet.c serverloop.c]
1757 spacing
Damien Millera5a28592006-03-26 14:10:34 +11001758 - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
1759 [ttymodes.c]
1760 spacing
Damien Miller07d86be2006-03-26 14:19:21 +11001761 - djm@cvs.openbsd.org 2006/03/25 00:05:41
1762 [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
1763 [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
1764 [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
1765 [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
1766 [xmalloc.c xmalloc.h]
1767 introduce xcalloc() and xasprintf() failure-checked allocations
1768 functions and use them throughout openssh
1769
1770 xcalloc is particularly important because malloc(nmemb * size) is a
1771 dangerous idiom (subject to integer overflow) and it is time for it
1772 to die
1773
1774 feedback and ok deraadt@
Damien Miller36812092006-03-26 14:22:47 +11001775 - djm@cvs.openbsd.org 2006/03/25 01:13:23
1776 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
1777 [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
1778 [uidswap.c]
1779 change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
1780 to xrealloc(p, new_nmemb, new_itemsize).
1781
1782 realloc is particularly prone to integer overflows because it is
1783 almost always allocating "n * size" bytes, so this is a far safer
1784 API; ok deraadt@
Damien Miller55b04f12006-03-26 14:23:17 +11001785 - djm@cvs.openbsd.org 2006/03/25 01:30:23
1786 [sftp.c]
1787 "abormally" is a perfectly cromulent word, but "abnormally" is better
Damien Miller57c30112006-03-26 14:24:48 +11001788 - djm@cvs.openbsd.org 2006/03/25 13:17:03
Damien Miller48c4ed22006-03-26 14:25:05 +11001789 [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
1790 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
1791 [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
1792 [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
1793 [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
1794 [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
1795 [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
1796 [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
1797 [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
1798 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
1799 [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
1800 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
1801 [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
1802 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
1803 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
1804 [uidswap.c uuencode.c xmalloc.c]
Damien Miller57c30112006-03-26 14:24:48 +11001805 Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
1806 Theo nuked - our scripts to sync -portable need them in the files
Damien Miller8ba29fe2006-03-26 14:25:19 +11001807 - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
1808 [auth-rsa.c authfd.c packet.c]
1809 needed casts (always will be needed)
Damien Miller90fdfaf2006-03-26 14:25:37 +11001810 - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
1811 [clientloop.c serverloop.c]
1812 spacing
Damien Millera1690d02006-03-26 14:27:35 +11001813 - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
1814 [sshlogin.c sshlogin.h]
1815 nicer size_t and time_t types
Damien Miller5f340062006-03-26 14:27:57 +11001816 - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
1817 [ssh-keygen.c]
1818 cast strtonum() result to right type
Damien Miller1c13bd82006-03-26 14:28:14 +11001819 - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
1820 [ssh-agent.c]
1821 mark two more signal handlers ARGSUSED
Damien Miller08d61502006-03-26 14:28:32 +11001822 - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
1823 [channels.c]
1824 use strtonum() instead of atoi() [limit X screens to 400, sorry]
Damien Millera0fdce92006-03-26 14:28:50 +11001825 - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
1826 [bufaux.c channels.c packet.c]
1827 remove (char *) casts to a function that accepts void * for the arg
Damien Millere3b21a52006-03-26 14:29:06 +11001828 - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
1829 [channels.c]
1830 delete cast not required
Damien Miller51096382006-03-26 14:30:00 +11001831 - djm@cvs.openbsd.org 2006/03/25 22:22:43
1832 [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
1833 [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
1834 [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
1835 [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
1836 [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
1837 [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
1838 [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
1839 [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
1840 [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
1841 [ttymodes.h uidswap.h uuencode.h xmalloc.h]
1842 standardise spacing in $OpenBSD$ tags; requested by deraadt@
Damien Millerb3cdc222006-03-26 14:30:33 +11001843 - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
1844 [uuencode.c]
1845 typo
Damien Millercb314822006-03-26 13:48:01 +11001846
Damien Miller3e96d742006-03-25 23:39:29 +1100184720060325
1848 - OpenBSD CVS Sync
1849 - djm@cvs.openbsd.org 2006/03/16 04:24:42
1850 [ssh.1]
1851 Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
1852 that OpenSSH supports
Damien Millerb0fb6872006-03-26 00:03:21 +11001853 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
1854 [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
1855 [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
1856 [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
1857 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
1858 [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
1859 [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
1860 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
1861 [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
1862 [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
1863 [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
1864 [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
1865 [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
1866 [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
1867 [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
1868 [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
1869 [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
1870 [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
1871 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
1872 [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
1873 [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
1874 [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
1875 [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
1876 [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
1877 RCSID() can die
Damien Miller51b4f822006-03-26 00:04:32 +11001878 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
1879 [kex.h myproposal.h]
1880 spacing
Damien Millerf23c0962006-03-26 00:04:53 +11001881 - djm@cvs.openbsd.org 2006/03/20 04:07:22
1882 [auth2-gss.c]
1883 GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
1884 reviewed by simon AT sxw.org.uk; deraadt@ ok
Damien Millera66cf682006-03-26 00:05:23 +11001885 - djm@cvs.openbsd.org 2006/03/20 04:07:49
1886 [gss-genr.c]
1887 more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
1888 reviewed by simon AT sxw.org.uk; deraadt@ ok
Damien Miller91a2d972006-03-26 00:05:44 +11001889 - djm@cvs.openbsd.org 2006/03/20 04:08:18
1890 [gss-serv.c]
1891 last lot of GSSAPI related leaks detected by Coverity via
1892 elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
Damien Millered3986a2006-03-26 00:06:14 +11001893 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
1894 [monitor_wrap.h sshpty.h]
1895 sprinkle u_int throughout pty subsystem, ok markus
Damien Miller1345e612006-03-26 00:06:32 +11001896 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
1897 [session.h]
1898 annoying spacing fixes getting in the way of real diffs
Damien Miller59962942006-03-26 00:06:48 +11001899 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
1900 [dns.c]
1901 cast xstrdup to propert u_char *
Damien Millera1b3d632006-03-26 00:07:02 +11001902 - jakob@cvs.openbsd.org 2006/03/22 21:16:24
1903 [ssh.1]
1904 simplify SSHFP example; ok jmc@
Damien Miller2dbbf8e2006-03-26 00:11:46 +11001905 - djm@cvs.openbsd.org 2006/03/22 21:27:15
1906 [deattack.c deattack.h]
1907 remove IV support from the CRC attack detector, OpenSSH has never used
1908 it - it only applied to IDEA-CFB, which we don't support.
1909 prompted by NetBSD Coverity report via elad AT netbsd.org;
1910 feedback markus@ "nuke it" deraadt@
Damien Miller3e96d742006-03-25 23:39:29 +11001911
Damien Miller66f9eb62006-03-18 23:04:49 +1100191220060318
Darren Tucker9834cab2006-03-19 00:07:07 +11001913 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
1914 elad AT NetBSD.org
1915 - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
1916 a LLONG rather than a long. Fixes scp'ing of large files on platforms
1917 with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
Damien Miller66f9eb62006-03-18 23:04:49 +11001918
Darren Tuckerd82cbcb2006-03-16 07:21:35 +1100191920060316
1920 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
Darren Tuckerc4953012006-03-16 08:14:34 +11001921 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
1922 /usr/include/crypto. Hint from djm@.
Tim Rice425a6882006-03-15 20:17:05 -08001923 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
1924 Disable sha256 when openssl < 0.9.7. Patch from djm@.
Damien Millerb3092032006-03-16 18:22:18 +11001925 - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
1926 OpenSSL; ok tim
Darren Tuckerd82cbcb2006-03-16 07:21:35 +11001927
Damien Miller9f67a212006-03-15 11:05:35 +1100192820060315
1929 - (djm) OpenBSD CVS Sync:
1930 - msf@cvs.openbsd.org 2006/02/06 15:54:07
1931 [ssh.1]
1932 - typo fix
1933 ok jmc@
Damien Millere93eaaa2006-03-15 11:05:59 +11001934 - jmc@cvs.openbsd.org 2006/02/06 21:44:47
1935 [ssh.1]
1936 make this a little less ambiguous...
Damien Miller015cd792006-03-15 11:08:02 +11001937 - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
1938 [auth-rhosts.c includes.h]
1939 move #include <netgroup.h> out of includes.h; ok markus@
Damien Miller2eb63402006-03-15 11:09:42 +11001940 - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
1941 [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
1942 move #include <sys/queue.h> out of includes.h; ok markus@
Damien Miller99bd21e2006-03-15 11:11:28 +11001943 - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
1944 [channels.c clientloop.c clientloop.h includes.h packet.h]
1945 [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
1946 move #include <termios.h> out of includes.h; ok markus@
Damien Miller972c84b2006-03-15 11:11:56 +11001947 - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
1948 [sshtty.c]
1949 "log.h" not needed
Damien Miller5d771052006-03-15 11:12:13 +11001950 - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
1951 [hostfile.c]
1952 "packet.h" not needed
Damien Millerde6dd0a2006-03-15 11:12:38 +11001953 - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
1954 [deattack.c]
1955 duplicate #include
Damien Miller03e20032006-03-15 11:16:59 +11001956 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
1957 [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
1958 [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
1959 [sshd.c sshpty.c]
1960 move #include <paths.h> out of includes.h; ok markus@
Damien Miller3a4051e2006-03-15 11:19:42 +11001961 - stevesk@cvs.openbsd.org 2006/02/08 12:32:49
1962 [includes.h misc.c]
1963 move #include <netinet/tcp.h> out of includes.h; ok markus@
Damien Miller0b70b542006-03-15 11:20:03 +11001964 - stevesk@cvs.openbsd.org 2006/02/08 13:15:44
1965 [gss-serv.c monitor.c]
1966 small KNF
Damien Miller52ab0842006-03-15 11:20:46 +11001967 - stevesk@cvs.openbsd.org 2006/02/08 14:16:59
1968 [sshconnect.c]
1969 <openssl/bn.h> not needed
Damien Millercd4223c2006-03-15 11:22:47 +11001970 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
1971 [includes.h ssh-agent.c ssh-keyscan.c ssh.c]
1972 move #include <sys/resource.h> out of includes.h; ok markus@
Damien Miller68f8e992006-03-15 11:24:12 +11001973 - stevesk@cvs.openbsd.org 2006/02/08 14:38:18
1974 [includes.h packet.c]
1975 move #include <netinet/in_systm.h> and <netinet/ip.h> out of
1976 includes.h; ok markus@
Damien Miller88f254b2006-03-15 11:25:13 +11001977 - stevesk@cvs.openbsd.org 2006/02/08 23:51:24
1978 [includes.h scp.c sftp-glob.c sftp-server.c]
1979 move #include <dirent.h> out of includes.h; ok markus@
Damien Miller1d905402006-03-15 11:26:55 +11001980 - stevesk@cvs.openbsd.org 2006/02/09 00:32:07
1981 [includes.h]
1982 #include <sys/endian.h> not needed; ok djm@
1983 NB. ID Sync only - we still need this (but it may move later)
Damien Millerc47d7e92006-03-15 11:27:20 +11001984 - jmc@cvs.openbsd.org 2006/02/09 10:10:47
1985 [sshd.8]
1986 - move some text into a CAVEATS section
1987 - merge the COMMAND EXECUTION... section into AUTHENTICATION
Damien Miller17e91c02006-03-15 11:28:34 +11001988 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
1989 [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
1990 [ssh.c sshd.c sshpty.c]
1991 move #include <sys/ioctl.h> out of includes.h; ok markus@
Damien Miller9cf6d072006-03-15 11:29:24 +11001992 - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
1993 [includes.h monitor.c readpass.c scp.c serverloop.c session.c]
1994 [sftp.c sshconnect.c sshconnect2.c sshd.c]
1995 move #include <sys/wait.h> out of includes.h; ok markus@
Damien Miller3fd019e2006-03-15 11:29:51 +11001996 - otto@cvs.openbsd.org 2006/02/11 19:31:18
1997 [atomicio.c]
1998 type correctness; from Ray Lai in PR 5011; ok millert@
Damien Miller3ec54c72006-03-15 11:30:13 +11001999 - djm@cvs.openbsd.org 2006/02/12 06:45:34
2000 [ssh.c ssh_config.5]
2001 add a %l expansion code to the ControlPath, which is filled in with the
2002 local hostname at runtime. Requested by henning@ to avoid some problems
2003 with /home on NFS; ok dtucker@
Damien Millerb59d4fe2006-03-15 11:30:38 +11002004 - djm@cvs.openbsd.org 2006/02/12 10:44:18
2005 [readconf.c]
2006 raise error when the user specifies a RekeyLimit that is smaller than 16
2007 (the smallest of our cipher's blocksize) or big enough to cause integer
2008 wraparound; ok & feedback dtucker@
Damien Miller20c2ec42006-03-15 11:31:01 +11002009 - jmc@cvs.openbsd.org 2006/02/12 10:49:44
2010 [ssh_config.5]
2011 slight rewording; ok djm
Damien Millerdcfea272006-03-15 11:31:22 +11002012 - jmc@cvs.openbsd.org 2006/02/12 10:52:41
2013 [sshd.8]
2014 rework the description of authorized_keys a little;
Damien Miller31bdc522006-03-15 11:31:44 +11002015 - jmc@cvs.openbsd.org 2006/02/12 17:57:19
2016 [sshd.8]
2017 sort the list of options permissable w/ authorized_keys;
2018 ok djm dtucker
Damien Miller7d2ef022006-03-15 11:32:06 +11002019 - jmc@cvs.openbsd.org 2006/02/13 10:16:39
2020 [sshd.8]
2021 no need to subsection the authorized_keys examples - instead, convert
2022 this to look like an actual file. also use proto 2 keys, and use IETF
2023 example addresses;
Damien Miller9a7f2012006-03-15 11:32:42 +11002024 - jmc@cvs.openbsd.org 2006/02/13 10:21:25
2025 [sshd.8]
2026 small tweaks for the ssh_known_hosts section;
Damien Millercc00f5e2006-03-15 11:33:00 +11002027 - jmc@cvs.openbsd.org 2006/02/13 11:02:26
2028 [sshd.8]
2029 turn this into an example ssh_known_hosts file; ok djm
Damien Millerc8f61cf2006-03-15 11:33:25 +11002030 - jmc@cvs.openbsd.org 2006/02/13 11:08:43
2031 [sshd.8]
2032 - avoid nasty line split
2033 - `*' does not need to be escaped
Damien Millerd8702e82006-03-15 11:33:56 +11002034 - jmc@cvs.openbsd.org 2006/02/13 11:27:25
2035 [sshd.8]
2036 sort FILES and use a -compact list;
Damien Miller0c8d8f62006-03-15 11:34:25 +11002037 - david@cvs.openbsd.org 2006/02/15 05:08:24
2038 [sftp-client.c]
2039 typo in comment; ok djm@
Damien Miller39a93a32006-03-15 11:34:45 +11002040 - jmc@cvs.openbsd.org 2006/02/15 16:53:20
2041 [ssh.1]
2042 remove the IETF draft references and replace them with some updated RFCs;
Damien Millerbc1936a2006-03-15 11:35:05 +11002043 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
2044 [sshd.8]
2045 remove ietf draft references; RFC list now maintained in ssh.1;
Damien Milleradc35b92006-03-15 11:35:27 +11002046 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
2047 [sshd.8]
2048 sync some of the FILES entries w/ ssh.1;
Damien Millerfd725cf2006-03-15 11:35:54 +11002049 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
2050 [sshd.8]
2051 move the sshrc stuff out of FILES, and into its own section:
2052 FILES is not a good place to document how stuff works;
Damien Miller445121f2006-03-15 11:36:18 +11002053 - jmc@cvs.openbsd.org 2006/02/19 20:02:17
2054 [sshd.8]
2055 sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
Damien Milleredd03752006-03-15 11:36:45 +11002056 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
2057 [sshd.8]
2058 grammar;
Damien Miller5c853b52006-03-15 11:37:02 +11002059 - jmc@cvs.openbsd.org 2006/02/19 20:12:25
2060 [ssh_config.5]
2061 add some vertical space;
Damien Miller574c41f2006-03-15 11:40:10 +11002062 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
2063 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
2064 move #include <sys/un.h> out of includes.h; ok djm@
Damien Millerf17883e2006-03-15 11:45:54 +11002065 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
2066 [clientloop.c includes.h monitor.c progressmeter.c scp.c]
2067 [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
2068 move #include <signal.h> out of includes.h; ok markus@
Damien Miller6ff3cad2006-03-15 11:52:09 +11002069 - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
2070 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
2071 [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
2072 [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
2073 [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
2074 [sshconnect2.c sshd.c sshpty.c]
2075 move #include <sys/stat.h> out of includes.h; ok markus@
Damien Millerc7b06362006-03-15 11:53:45 +11002076 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
2077 [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
2078 [sshconnect.c]
2079 move #include <ctype.h> out of includes.h; ok djm@
Damien Miller6def5512006-03-15 11:54:05 +11002080 - jmc@cvs.openbsd.org 2006/02/24 10:25:14
2081 [ssh_config.5]
2082 add section on patterns;
2083 from dtucker + myself
Damien Miller0c2079d2006-03-15 11:54:21 +11002084 - jmc@cvs.openbsd.org 2006/02/24 10:33:54
2085 [sshd_config.5]
2086 signpost to PATTERNS;
Damien Millerf54a4b92006-03-15 11:54:36 +11002087 - jmc@cvs.openbsd.org 2006/02/24 10:37:07
2088 [ssh_config.5]
2089 tidy up the refs to PATTERNS;
Damien Millerc7d5b5e2006-03-15 11:55:08 +11002090 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
2091 [sshd.8]
2092 signpost to PATTERNS section;
Damien Miller1faa7132006-03-15 11:55:31 +11002093 - jmc@cvs.openbsd.org 2006/02/24 20:22:16
2094 [ssh-keysign.8 ssh_config.5 sshd_config.5]
2095 some consistency fixes;
Damien Miller208f1ed2006-03-15 11:56:03 +11002096 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
2097 [ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2098 more consistency fixes;
Damien Miller45ee2b92006-03-15 11:56:18 +11002099 - jmc@cvs.openbsd.org 2006/02/24 23:20:07
2100 [ssh_config.5]
2101 some grammar/wording fixes;
Damien Miller5b0d63f2006-03-15 11:56:56 +11002102 - jmc@cvs.openbsd.org 2006/02/24 23:43:57
2103 [sshd_config.5]
2104 some grammar/wording fixes;
Damien Millerf4f22b52006-03-15 11:57:25 +11002105 - jmc@cvs.openbsd.org 2006/02/24 23:51:17
2106 [sshd_config.5]
2107 oops - bits i missed;
Damien Miller9cfbaec2006-03-15 11:57:55 +11002108 - jmc@cvs.openbsd.org 2006/02/25 12:26:17
2109 [ssh_config.5]
2110 document the possible values for KbdInteractiveDevices;
Damien Millerd450f492006-03-15 11:58:25 +11002111 help/ok dtucker
Damien Millerac73e512006-03-15 11:58:49 +11002112 - jmc@cvs.openbsd.org 2006/02/25 12:28:34
2113 [sshd_config.5]
2114 document the order in which allow/deny directives are processed;
2115 help/ok dtucker
Damien Millerb5282c22006-03-15 11:59:08 +11002116 - jmc@cvs.openbsd.org 2006/02/26 17:17:18
2117 [ssh_config.5]
2118 move PATTERNS to the end of the main body; requested by dtucker
Damien Millere3beba22006-03-15 11:59:25 +11002119 - jmc@cvs.openbsd.org 2006/02/26 18:01:13
2120 [sshd_config.5]
2121 subsection is pointless here;
Damien Miller4aea9742006-03-15 11:59:39 +11002122 - jmc@cvs.openbsd.org 2006/02/26 18:03:10
2123 [ssh_config.5]
2124 comma;
Damien Miller1cf76d92006-03-15 12:01:14 +11002125 - djm@cvs.openbsd.org 2006/02/28 01:10:21
2126 [session.c]
2127 fix logout recording when privilege separation is disabled, analysis and
2128 patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
2129 NB. ID sync only - patch already in portable
Damien Millerec04f362006-03-15 12:01:34 +11002130 - djm@cvs.openbsd.org 2006/03/04 04:12:58
2131 [serverloop.c]
2132 move a debug() outside of a signal handler; ok markus@ a little while back
Damien Miller2ecb6bd2006-03-15 12:03:53 +11002133 - djm@cvs.openbsd.org 2006/03/12 04:23:07
2134 [ssh.c]
2135 knf nit
Damien Millerb24c2f82006-03-15 12:04:36 +11002136 - djm@cvs.openbsd.org 2006/03/13 08:16:00
2137 [sshd.c]
2138 don't log that we are listening on a socket before the listen() call
2139 actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
Damien Miller314dd4b2006-03-15 12:05:22 +11002140 - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
2141 [packet.c]
2142 Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
2143 poor performance and protocol stalls under some network conditions (mindrot
2144 bugs #556 and #981). Patch originally from markus@, ok djm@
Damien Miller8056a9d2006-03-15 12:05:40 +11002145 - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
2146 [ssh-keygen.c]
2147 Make ssh-keygen handle CR and CRLF line termination when converting IETF
2148 format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
2149 Pepper, ok djm@
Damien Miller306d1182006-03-15 12:05:59 +11002150 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
2151 [misc.c ssh_config.5 sshd_config.5]
2152 Allow config directives to contain whitespace by surrounding them by double
2153 quotes. mindrot #482, man page help from jmc@, ok djm@
Damien Miller8275fad2006-03-15 12:06:23 +11002154 - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
2155 [authfile.c authfile.h ssh-add.c]
2156 Make ssh-add check file permissions before attempting to load private
2157 key files multiple times; it will fail anyway and this prevents confusing
2158 multiple prompts and warnings. mindrot #1138, ok djm@
Damien Millerde85a282006-03-15 12:06:41 +11002159 - djm@cvs.openbsd.org 2006/03/14 00:15:39
2160 [canohost.c]
2161 log the originating address and not just the name when a reverse
2162 mapping check fails, requested by linux AT linuon.com
Damien Millercc3e8ba2006-03-15 12:06:55 +11002163 - markus@cvs.openbsd.org 2006/03/14 16:32:48
2164 [ssh_config.5 sshd_config.5]
2165 *AliveCountMax applies to protcol v2 only; ok dtucker, djm
Damien Millera63128d2006-03-15 12:08:28 +11002166 - djm@cvs.openbsd.org 2006/03/07 09:07:40
2167 [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
2168 Implement the diffie-hellman-group-exchange-sha256 key exchange method
2169 using the SHA256 code in libc (and wrapper to make it into an OpenSSL
2170 EVP), interop tested against CVS PuTTY
2171 NB. no portability bits committed yet
Damien Milleraf87af12006-03-15 13:02:28 +11002172 - (djm) [configure.ac defines.h kex.c md-sha256.c]
2173 [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
2174 [openbsd-compat/sha2.c] First stab at portability glue for SHA256
2175 KEX support, should work with libc SHA256 support or OpenSSL
2176 EVP_sha256 if present
Damien Millerdcf4ca12006-03-15 13:07:48 +11002177 - (djm) [includes.h] Restore accidentally dropped netinet/in.h
Damien Miller471e9b32006-03-15 13:09:18 +11002178 - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
Damien Miller41e364b2006-03-15 13:12:41 +11002179 - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
Damien Millerb3b4ba32006-03-15 13:13:27 +11002180 - (djm) [regress/.cvsignore] Ignore Makefile here
Damien Miller62772522006-03-15 14:01:11 +11002181 - (djm) [loginrec.c] Need stat.h
Damien Millera6238072006-03-15 14:02:01 +11002182 - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
2183 system sha2.h
Damien Miller3717cda2006-03-15 14:02:36 +11002184 - (djm) [ssh-rand-helper.c] Needs a bunch of headers
Damien Miller42fb0682006-03-15 14:03:06 +11002185 - (djm) [ssh-agent.c] Restore dropped stat.h
Damien Miller34877d22006-03-15 14:36:55 +11002186 - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
2187 SHA384, which we don't need and doesn't compile without tweaks
Damien Miller6645e7a2006-03-15 14:42:54 +11002188 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
2189 [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
2190 [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
2191 [openbsd-compat/glob.c openbsd-compat/mktemp.c]
2192 [openbsd-compat/readpassphrase.c] Lots of include fixes for
2193 OpenSolaris
Tim Rice7a4cf232006-03-14 21:04:18 -08002194 - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
Tim Rice4b23f7c2006-03-14 22:09:50 -08002195 - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
2196 includes removed from includes.h
Darren Tucker486d95e2006-03-15 21:31:39 +11002197 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
Damien Millerb0024912006-03-15 21:48:54 +11002198 - (djm) [includes.h] Put back paths.h, it is needed in defines.h
Darren Tuckerdc6118e2006-03-15 22:25:54 +11002199 - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
2200 sys/ioctl.h for struct winsize.
Darren Tucker8bb9e2c2006-03-15 22:28:17 +11002201 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
Damien Miller9f67a212006-03-15 11:05:35 +11002202
Darren Tuckerd1450db2006-03-13 19:06:51 +1100220320060313
2204 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
2205 since not all platforms support it. Instead, use internal equivalent while
2206 computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
2207 as it's no longer required. Tested by Bernhard Simon, ok djm@
2208
Darren Tucker18614c22006-03-04 08:50:31 +1100220920060304
2210 - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
2211 file rather than directory, required as Cygwin will be importing lastlog(1).
2212 Also tightens up permissions on the file. Patch from vinschen@redhat.com.
Darren Tucker890909e2006-03-04 08:59:39 +11002213 - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h
2214 includes. Patch from gentoo.riverrat at gmail.com.
Darren Tucker18614c22006-03-04 08:50:31 +11002215
Darren Tucker54b75fe2006-02-26 12:31:48 +1100221620060226
2217 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY
2218 patch from kraai at ftbfs.org.
2219
222020060223
Darren Tuckera4904f72006-02-23 21:35:30 +11002221 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
2222 reality. Pointed out by tryponraj at gmail.com.
2223
Darren Tucker54b75fe2006-02-26 12:31:48 +1100222420060222
Darren Tucker94413cf2006-02-22 22:24:47 +11002225 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
2226 compile in compat code if required.
2227
Darren Tucker3322e0d2006-02-22 00:00:27 +1100222820060221
2229 - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
2230 redefinition of SSLeay_add_all_algorithms.
2231
Darren Tuckerfabdb6c2006-02-20 20:17:35 +1100223220060220
2233 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
2234 Add optional enabling of OpenSSL's (hardware) Engine support, via
2235 configure --with-ssl-engine. Based in part on a diff by michal at
2236 logix.cz.
2237
Darren Tucker4881c372006-02-19 22:50:20 +1100223820060219
2239 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
2240 Add first attempt at regress tests for compat library. ok djm@
2241
Tim Ricebf209f52006-02-13 12:46:44 -0800224220060214
2243 - (tim) [buildpkg.sh.in] Make the names consistent.
2244 s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
2245
Darren Tucker84af6152006-02-12 11:59:08 +1100224620060212
2247 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
2248 to silence compiler warning, from vinschen at redhat.com.
Tim Rice2f993462006-02-11 18:37:48 -08002249 - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX.
Darren Tucker61633502006-02-12 16:48:56 +11002250 - (dtucker) [README version.h contrib/caldera/openssh.spec
2251 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
2252 strings to match 4.3p2 release.
Darren Tucker84af6152006-02-12 11:59:08 +11002253
Tim Rice83d2f5f2006-02-07 15:17:44 -0800225420060208
2255 - (tim) [session.c] Logout records were not updated on systems with
2256 post auth privsep disabled due to bug 1086 changes. Analysis and patch
2257 by vinschen at redhat.com. OK tim@, dtucker@.
Darren Tucker988b3fd2006-02-08 22:11:27 +11002258 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
Darren Tuckerf35014a2006-03-04 09:00:19 +11002259 -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@
Tim Rice83d2f5f2006-02-07 15:17:44 -08002260
Tim Riceac9b0602006-02-05 11:27:10 -0800226120060206
2262 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
2263 netinet/in_systm.h. OK dtucker@.
2264
Tim Rice0daad782006-02-04 17:33:55 -0800226520060205
2266 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
2267 for Solaris. OK dtucker@.
Tim Rice70335a62006-02-04 17:42:58 -08002268 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
2269 kraai at ftbfs.org.
Tim Rice0daad782006-02-04 17:33:55 -08002270
Tim Ricefd80ddc2006-02-02 19:11:56 -0800227120060203
2272 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
2273 AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
2274 by a platform specific check, builtin standard includes tests will be
2275 skipped on the other platforms.
2276 Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
2277 OK tim@, djm@.
2278
Darren Tuckercc7c2122006-02-02 18:44:19 +1100227920060202
2280 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
2281 works with picky compilers. Patch from alex.kiernan at thus.net.
2282
Damien Millere682cb02006-02-01 11:21:01 +1100228320060201
2284 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
2285 determine the user's login name - needed for regress tests on Solaris
2286 10 and OpenSolaris
Damien Miller8bbdf902006-02-01 22:05:25 +11002287 - (djm) OpenBSD CVS Sync
2288 - jmc@cvs.openbsd.org 2006/02/01 09:06:50
2289 [sshd.8]
2290 - merge sections on protocols 1 and 2 into a single section
2291 - remove configuration file section
2292 ok markus
Damien Miller2ac05772006-02-01 22:05:42 +11002293 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
2294 [sshd.8]
2295 small tweak;
Damien Miller0d689562006-02-01 22:10:47 +11002296 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2297 [contrib/suse/openssh.spec] Update versions ahead of release
Damien Millerc79824b2006-02-01 22:27:31 +11002298 - markus@cvs.openbsd.org 2006/02/01 11:27:22
2299 [version.h]
2300 openssh 4.3
Damien Millerbfd52192006-02-01 22:32:17 +11002301 - (djm) Release OpenSSH 4.3p1
Damien Millere682cb02006-02-01 11:21:01 +11002302
Damien Millerddfddf12006-01-31 21:39:03 +1100230320060131
2304 - (djm) OpenBSD CVS Sync
2305 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
2306 [ssh_config.5]
2307 - word change, agreed w/ markus
2308 - consistency fixes
Damien Miller99cc4a82006-01-31 21:45:53 +11002309 - jmc@cvs.openbsd.org 2006/01/25 09:04:34
2310 [sshd.8]
2311 move the options description up the page, and a few additional tweaks
2312 whilst in here;
2313 ok markus
Damien Miller7602cba2006-01-31 21:46:20 +11002314 - jmc@cvs.openbsd.org 2006/01/25 09:07:22
2315 [sshd.8]
2316 move subsections to full sections;
Damien Millerbbc59092006-01-31 21:46:51 +11002317 - jmc@cvs.openbsd.org 2006/01/26 08:47:56
2318 [ssh.1]
2319 add a section on verifying host keys in dns;
2320 written with a lot of help from jakob;
2321 feedback dtucker/markus;
2322 ok markus
Damien Millere204f6a2006-01-31 21:47:15 +11002323 - reyk@cvs.openbsd.org 2006/01/30 12:22:22
2324 [channels.c]
2325 mark channel as write failed or dead instead of read failed on error
2326 of the channel output filter.
2327 ok markus@
Damien Millerb5dd55c2006-01-31 21:47:58 +11002328 - jmc@cvs.openbsd.org 2006/01/30 13:37:49
2329 [ssh.1]
2330 remove an incorrect sentence;
2331 reported by roumen petrov;
2332 ok djm markus
Damien Miller3eec6b72006-01-31 21:49:27 +11002333 - djm@cvs.openbsd.org 2006/01/31 10:19:02
2334 [misc.c misc.h scp.c sftp.c]
2335 fix local arbitrary command execution vulnerability on local/local and
2336 remote/remote copies (CVE-2006-0225, bz #1094), patch by
2337 t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
Damien Miller923f1ce2006-01-31 22:11:37 +11002338 - djm@cvs.openbsd.org 2006/01/31 10:35:43
2339 [scp.c]
2340 "scp a b c" shouldn't clobber "c" when it is not a directory, report and
2341 fix from biorn@; ok markus@
Damien Millerc34940c2006-01-31 21:57:27 +11002342 - (djm) Sync regress tests to OpenBSD:
2343 - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
2344 [regress/forwarding.sh]
2345 Regress test for ClearAllForwardings (bz #994); ok markus@
Damien Miller76be6b82006-01-31 21:59:01 +11002346 - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
2347 [regress/multiplex.sh]
2348 Don't call cleanup in multiplex as test-exec will cleanup anyway
2349 found by tim@, ok djm@
2350 NB. ID sync only, we already had this
2351 - djm@cvs.openbsd.org 2005/05/20 23:14:15
2352 [regress/test-exec.sh]
2353 force addressfamily=inet for tests, unbreaking dynamic-forward regress for
2354 recently committed nc SOCKS5 changes
Damien Millerec7b2f12006-01-31 21:59:35 +11002355 - djm@cvs.openbsd.org 2005/05/24 04:10:54
Damien Miller10c5fa72006-01-31 22:01:42 +11002356 [regress/try-ciphers.sh]
Damien Millerec7b2f12006-01-31 21:59:35 +11002357 oops, new arcfour modes here too
Damien Miller10c5fa72006-01-31 22:01:42 +11002358 - markus@cvs.openbsd.org 2005/06/30 11:02:37
2359 [regress/scp.sh]
2360 allow SUDO=sudo; from Alexander Bluhm
Damien Miller27a0dfa2006-01-31 22:02:16 +11002361 - grunk@cvs.openbsd.org 2005/11/14 21:25:56
2362 [regress/agent-getpeereid.sh]
2363 all other scripts in this dir use $SUDO, not 'sudo', so pull this even
2364 ok markus@
Damien Miller15a815b2006-01-31 22:03:11 +11002365 - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
2366 [regress/scp-ssh-wrapper.sh]
2367 Fix assumption about how many args scp will pass; ok djm@
2368 NB. ID sync only, we already had this
Damien Miller0b996462006-01-31 22:05:23 +11002369 - djm@cvs.openbsd.org 2006/01/27 06:49:21
2370 [scp.sh]
2371 regress test for local to local scp copies; ok dtucker@
Damien Miller7410ad72006-01-31 22:06:14 +11002372 - djm@cvs.openbsd.org 2006/01/31 10:23:23
2373 [scp.sh]
2374 regression test for CVE-2006-0225 written by dtucker@
Damien Miller50c6eed2006-01-31 22:06:41 +11002375 - djm@cvs.openbsd.org 2006/01/31 10:36:33
2376 [scp.sh]
2377 regress test for "scp a b c" where "c" is not a directory
Damien Millerddfddf12006-01-31 21:39:03 +11002378
Darren Tuckerfbea7642006-01-30 00:22:39 +1100237920060129
2380 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
2381 opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
2382
Darren Tucker94299ec2006-01-20 11:30:14 +1100238320060120
2384 - (dtucker) OpenBSD CVS Sync
2385 - jmc@cvs.openbsd.org 2006/01/15 17:37:05
2386 [ssh.1]
2387 correction from deraadt
Darren Tucker248dd132006-01-20 11:30:58 +11002388 - jmc@cvs.openbsd.org 2006/01/18 10:53:29
2389 [ssh.1]
2390 add a section on ssh-based vpn, based on reyk's README.tun;
Darren Tucker62388b22006-01-20 11:31:47 +11002391 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
2392 [scp.1 ssh.1 ssh_config.5 sftp.1]
2393 Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
2394 #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
Darren Tucker94299ec2006-01-20 11:30:14 +11002395
Damien Millere87eb4c2006-01-14 10:08:36 +1100239620060114
2397 - (djm) OpenBSD CVS Sync
2398 - jmc@cvs.openbsd.org 2006/01/06 13:27:32
2399 [ssh.1]
2400 weed out some duplicate info in the known_hosts FILES entries;
2401 ok djm
Damien Miller7e76e1f2006-01-14 10:08:57 +11002402 - jmc@cvs.openbsd.org 2006/01/06 13:29:10
2403 [ssh.1]
2404 final round of whacking FILES for duplicate info, and some consistency
2405 fixes;
2406 ok djm
Damien Millerf3177182006-01-14 10:09:13 +11002407 - jmc@cvs.openbsd.org 2006/01/12 14:44:12
2408 [ssh.1]
2409 split sections on tcp and x11 forwarding into two sections.
2410 add an example in the tcp section, based on sth i wrote for ssh faq;
2411 help + ok: djm markus dtucker
Damien Miller8bfaf932006-01-14 10:09:30 +11002412 - jmc@cvs.openbsd.org 2006/01/12 18:48:48
2413 [ssh.1]
2414 refer to `TCP' rather than `TCP/IP' in the context of connection
2415 forwarding;
2416 ok markus
Damien Miller7c24b812006-01-14 10:09:56 +11002417 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
2418 [sshd.8]
2419 refer to TCP forwarding, rather than TCP/IP forwarding;
Damien Millere9d001e2006-01-14 10:10:17 +11002420 - jmc@cvs.openbsd.org 2006/01/12 22:26:02
2421 [ssh_config.5]
2422 refer to TCP forwarding, rather than TCP/IP forwarding;
Damien Miller4a8dc9e2006-01-14 10:10:31 +11002423 - jmc@cvs.openbsd.org 2006/01/12 22:34:12
2424 [ssh.1]
2425 back out a sentence - AUTHENTICATION already documents this;
Damien Millere87eb4c2006-01-14 10:08:36 +11002426
Darren Tuckere78c6ce2006-01-10 00:02:44 +1100242720060109
2428 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
2429 tcpip service so it's always started after IP is up. Patch from
2430 vinschen at redhat.com.
2431
Damien Miller7655f5c2006-01-06 14:48:18 +1100243220060106
2433 - (djm) OpenBSD CVS Sync
2434 - jmc@cvs.openbsd.org 2006/01/03 16:31:10
2435 [ssh.1]
2436 move FILES to a -compact list, and make each files an item in that list.
2437 this avoids nastly line wrap when we have long pathnames, and treats
2438 each file as a separate item;
2439 remove the .Pa too, since it is useless.
Damien Miller6aa22902006-01-06 14:48:34 +11002440 - jmc@cvs.openbsd.org 2006/01/03 16:35:30
2441 [ssh.1]
2442 use a larger width for the ENVIRONMENT list;
Damien Millerfb8ea742006-01-06 14:48:52 +11002443 - jmc@cvs.openbsd.org 2006/01/03 16:52:36
2444 [ssh.1]
2445 put FILES in some sort of order: sort by pathname
Damien Miller4c102ee2006-01-06 14:49:17 +11002446 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
2447 [ssh.1]
2448 tweak the description of ~/.ssh/environment
Damien Miller1bcdb502006-01-06 14:49:38 +11002449 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
2450 [ssh.1]
2451 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
2452 entries;
2453 ok markus
Damien Millera246d3b2006-01-06 14:49:54 +11002454 - jmc@cvs.openbsd.org 2006/01/04 18:45:01
2455 [ssh.1]
2456 remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
Damien Miller128a0f12006-01-06 14:50:11 +11002457 - jmc@cvs.openbsd.org 2006/01/04 19:40:24
2458 [ssh.1]
2459 +.Xr ssh-keyscan 1 ,
Damien Millerc27f83a2006-01-06 14:50:26 +11002460 - jmc@cvs.openbsd.org 2006/01/04 19:50:09
2461 [ssh.1]
2462 -.Xr gzip 1 ,
Damien Miller72c5b7d2006-01-06 14:50:44 +11002463 - djm@cvs.openbsd.org 2006/01/05 23:43:53
2464 [misc.c]
2465 check that stdio file descriptors are actually closed before clobbering
2466 them in sanitise_stdfd(). problems occurred when a lower numbered fd was
2467 closed, but higher ones weren't. spotted by, and patch tested by
2468 Frédéric Olivié
Damien Miller7655f5c2006-01-06 14:48:18 +11002469
Damien Millerb7977702006-01-03 18:47:31 +1100247020060103
Damien Millera9694372006-01-04 07:27:50 +11002471 - (djm) [channels.c] clean up harmless merge error, from reyk@
2472
247320060103
Damien Millerb7977702006-01-03 18:47:31 +11002474 - (djm) OpenBSD CVS Sync
2475 - jmc@cvs.openbsd.org 2006/01/02 17:09:49
2476 [ssh_config.5 sshd_config.5]
2477 some corrections from michael knudsen;
2478
Damien Miller90cd1c52006-01-02 20:23:18 +1100247920060102
2480 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
Damien Miller48c94ab2006-01-02 23:38:00 +11002481 - (djm) OpenBSD CVS Sync
2482 - jmc@cvs.openbsd.org 2005/12/31 10:46:17
2483 [ssh.1]
2484 merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
2485 AUTHENTICATION" sections into "AUTHENTICATION";
2486 some rewording done to make the text read better, plus some
2487 improvements from djm;
2488 ok djm
Damien Miller14af93e2006-01-02 23:38:21 +11002489 - jmc@cvs.openbsd.org 2005/12/31 13:44:04
2490 [ssh.1]
2491 clean up ENVIRONMENT a little;
Damien Miller1164c292006-01-02 23:38:37 +11002492 - jmc@cvs.openbsd.org 2005/12/31 13:45:19
2493 [ssh.1]
2494 .Nm does not require an argument;
Damien Miller3beb8522006-01-02 23:40:10 +11002495 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
2496 [includes.h misc.c]
2497 move <net/if.h>; ok djm@
Damien Millera210d522006-01-02 23:40:30 +11002498 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
2499 [misc.c]
2500 no trailing "\n" for debug()
Damien Miller54446182006-01-02 23:40:50 +11002501 - djm@cvs.openbsd.org 2006/01/02 01:20:31
2502 [sftp-client.c sftp-common.h sftp-server.c]
2503 use a common max. packet length, no binary change
Damien Millera1d9a182006-01-02 23:41:21 +11002504 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
2505 [misc.c]
2506 clarify tun(4) opening - set the mode and bring the interface up. also
2507 (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
2508 suggested and ok by djm@
Damien Millera07a5912006-01-02 23:41:37 +11002509 - jmc@cvs.openbsd.org 2006/01/02 12:31:06
2510 [ssh.1]
2511 start to cut some duplicate info from FILES;
2512 help/ok djm
Damien Miller90cd1c52006-01-02 20:23:18 +11002513
Damien Miller2dcddbf2006-01-01 19:47:05 +1100251420060101
2515 - (djm) [Makefile.in configure.ac includes.h misc.c]
2516 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
2517 for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
2518 limited to IPv4 tunnels only, and most versions don't support the
2519 tap(4) device at all.
Damien Millerbd4e4102006-01-01 21:03:30 +11002520 - (djm) [configure.ac] Fix linux/if_tun.h test
Damien Miller5df52e82006-01-01 21:15:50 +11002521 - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
Damien Miller2dcddbf2006-01-01 19:47:05 +11002522
Tim Rice8db70e22005-12-28 14:28:08 -0800252320051229
Damien Miller5eb137c2005-12-31 16:19:53 +11002524 - (djm) OpenBSD CVS Sync
2525 - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
2526 [canohost.c channels.c clientloop.c]
2527 use 'break-in' for consistency; ok deraadt@ ok and input jmc@
Damien Miller077b2382005-12-31 16:22:32 +11002528 - reyk@cvs.openbsd.org 2005/12/30 15:56:37
2529 [channels.c channels.h clientloop.c]
2530 add channel output filter interface.
2531 ok djm@, suggested by markus@
Damien Miller134eb812005-12-31 16:22:55 +11002532 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
2533 [sftp.1]
2534 do not suggest that interactive authentication will work
2535 with the -b flag;
2536 based on a diff from john l. scarfone;
2537 ok djm
Damien Miller88b25522005-12-31 16:23:15 +11002538 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
2539 [ssh.1]
2540 document -MM; ok djm@
Damien Miller598bbc22005-12-31 16:33:36 +11002541 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
2542 [serverloop.c ssh.c openbsd-compat/Makefile.in]
2543 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
2544 compatability support for Linux, diff from reyk@
Damien Miller89e03ba2005-12-31 16:42:03 +11002545 - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
2546 not exist
Damien Millerc4bcc912005-12-31 17:05:58 +11002547 - (djm) [configure.ac] oops, make that linux/if_tun.h
Damien Miller5eb137c2005-12-31 16:19:53 +11002548
254920051229
Tim Rice8db70e22005-12-28 14:28:08 -08002550 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
2551
Damien Millerc93a8132005-12-24 14:52:13 +1100255220051224
2553 - (djm) OpenBSD CVS Sync
2554 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
2555 [ssh.1]
2556 merge the sections on protocols 1 and 2 into one section on
2557 authentication;
2558 feedback djm dtucker
2559 ok deraadt markus dtucker
Damien Miller52d20612005-12-24 14:52:36 +11002560 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
2561 [ssh.1]
2562 .Ss -> .Sh: subsections have not made this page more readable
Damien Millere9b333a2005-12-24 14:53:04 +11002563 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
2564 [ssh.1]
2565 move info on ssh return values and config files up into the main
2566 description;
Damien Miller329cb012005-12-24 14:53:23 +11002567 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
2568 [ssh.1]
2569 -L and -R descriptions are now above, not below, ~C description;
Damien Miller9a765b22005-12-24 14:53:44 +11002570 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
2571 [ssh.1]
2572 options now described `above', rather than `later';
Damien Miller1530f242005-12-24 14:54:03 +11002573 - jmc@cvs.openbsd.org 2005/12/21 12:53:31
2574 [ssh.1]
2575 -Y does X11 forwarding too;
2576 ok markus
Damien Millerd7f308f2005-12-24 14:55:16 +11002577 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
2578 [sshd.8]
2579 clarify precedence of -p, Port, ListenAddress; ok and help jmc@
Damien Millere8cd7412005-12-24 14:55:47 +11002580 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
2581 [ssh_config.5]
2582 put the description of "UsePrivilegedPort" in the correct place;
Damien Millercf1e3422005-12-24 14:56:04 +11002583 - jmc@cvs.openbsd.org 2005/12/22 11:23:42
2584 [ssh.1]
2585 expand the description of -w somewhat;
2586 help/ok reyk
Damien Miller2142ba02005-12-24 14:56:29 +11002587 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
2588 [ssh.1]
2589 - sync the description of -e w/ synopsis
2590 - simplify the description of -I
2591 - note that -I is only available if support compiled in, and that it
2592 isn't by default
2593 feedback/ok djm@
Damien Miller35978212005-12-24 14:56:47 +11002594 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
2595 [ssh.1]
2596 less mark up for -c;
Damien Miller7bff1a92005-12-24 14:59:12 +11002597 - djm@cvs.openbsd.org 2005/12/24 02:27:41
2598 [session.c sshd.c]
2599 eliminate some code duplicated in privsep and non-privsep paths, and
2600 explicitly clear SIGALRM handler; "groovy" deraadt@
Damien Millerc93a8132005-12-24 14:52:13 +11002601
Darren Tucker0d0e8f02005-12-20 16:08:42 +1100260220051220
2603 - (dtucker) OpenBSD CVS Sync
2604 - reyk@cvs.openbsd.org 2005/12/13 15:03:02
2605 [serverloop.c]
2606 if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
Darren Tuckerd3877b92005-12-20 16:09:36 +11002607 - jmc@cvs.openbsd.org 2005/12/16 18:07:08
2608 [ssh.1]
2609 move the option descriptions up the page: start of a restructure;
2610 ok markus deraadt
Darren Tuckerb18c8672005-12-20 16:10:09 +11002611 - jmc@cvs.openbsd.org 2005/12/16 18:08:53
2612 [ssh.1]
2613 simplify a sentence;
Darren Tucker56529242005-12-20 16:12:24 +11002614 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
2615 [ssh.1]
2616 make the description of -c a little nicer;
Darren Tucker5434cfe2005-12-20 16:11:35 +11002617 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
2618 [ssh.1]
2619 signpost the protocol sections;
Darren Tucker63551872005-12-20 16:14:15 +11002620 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
2621 [ssh_config.5 session.c]
2622 spelling: fowarding, fowarded
Darren Tucker7eba8202005-12-20 16:15:14 +11002623 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
2624 [ssh_config.5]
2625 spelling: intented -> intended
Darren Tuckere9a9b712005-12-20 16:15:51 +11002626 - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
2627 [ssh.c]
2628 exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
Darren Tucker0d0e8f02005-12-20 16:08:42 +11002629
Darren Tucker129d0bb2005-12-19 17:40:40 +1100263020051219
2631 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
2632 openbsd-compat/openssl-compat.h] Check for and work around broken AES
2633 ciphers >128bit on (some) Solaris 10 systems. ok djm@
2634
Darren Tucker98cfc4c2005-12-17 22:04:08 +1100263520051217
2636 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
2637 scp.c also uses, so undef them here.
Darren Tuckerd40c66c2005-12-17 22:32:03 +11002638 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
2639 snprintf replacement can have a conflicting declaration in HP-UX's system
2640 headers (const vs. no const) so we now check for and work around it. Patch
2641 from the dynamic duo of David Leonard and Ted Percival.
Darren Tucker98cfc4c2005-12-17 22:04:08 +11002642
Darren Tucker31543582005-12-14 15:39:20 +1100264320051214
2644 - (dtucker) OpenBSD CVS Sync (regress/)
2645 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
2646 [regress/scp-ssh-wrapper.sh]
2647 Fix assumption about how many args scp will pass; ok djm@
2648
Damien Millerc94ebbc2005-12-13 19:25:21 +1100264920051213
2650 - (djm) OpenBSD CVS Sync
2651 - jmc@cvs.openbsd.org 2005/11/30 11:18:27
2652 [ssh.1]
2653 timezone -> time zone
Damien Miller6dbdb6a2005-12-13 19:25:43 +11002654 - jmc@cvs.openbsd.org 2005/11/30 11:45:20
2655 [ssh.1]
2656 avoid ambiguities in describing TZ;
2657 ok djm@
Damien Millerd27b9472005-12-13 19:29:02 +11002658 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
2659 [auth-options.c auth-options.h channels.c channels.h clientloop.c]
2660 [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
2661 [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
2662 [sshconnect.h sshd.8 sshd_config sshd_config.5]
2663 Add support for tun(4) forwarding over OpenSSH, based on an idea and
2664 initial channel code bits by markus@. This is a simple and easy way to
2665 use OpenSSH for ad hoc virtual private network connections, e.g.
2666 administrative tunnels or secure wireless access. It's based on a new
2667 ssh channel and works similar to the existing TCP forwarding support,
2668 except that it depends on the tun(4) network interface on both ends of
2669 the connection for layer 2 or layer 3 tunneling. This diff also adds
2670 support for LocalCommand in the ssh(1) client.
Damien Millerd27b9472005-12-13 19:29:02 +11002671 ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Damien Milleraeb31d62005-12-13 19:29:36 +11002672 - djm@cvs.openbsd.org 2005/12/07 03:52:22
2673 [clientloop.c]
2674 reyk forgot to compile with -Werror (missing header)
Damien Millerf0c8c152005-12-13 19:29:58 +11002675 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
2676 [ssh.1]
2677 - avoid line split in SYNOPSIS
2678 - add args to -w
2679 - kill trailing whitespace
Damien Miller4b2319f2005-12-13 19:30:27 +11002680 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
2681 [ssh.1 ssh_config.5]
2682 make `!command' a little clearer;
2683 ok reyk
Damien Miller957d4e42005-12-13 19:30:45 +11002684 - jmc@cvs.openbsd.org 2005/12/08 15:06:29
2685 [ssh_config.5]
2686 keep options in order;
Damien Miller7b58e802005-12-13 19:33:19 +11002687 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
2688 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
2689 [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
2690 two changes to the new ssh tunnel support. this breaks compatibility
2691 with the initial commit but is required for a portable approach.
2692 - make the tunnel id u_int and platform friendly, use predefined types.
2693 - support configuration of layer 2 (ethernet) or layer 3
2694 (point-to-point, default) modes. configuration is done using the
2695 Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
2696 restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
2697 in sshd_config(5).
2698 ok djm@, man page bits by jmc@
Damien Miller7746c392005-12-13 19:33:37 +11002699 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
2700 [ssh_config.5]
2701 new sentence, new line;
Damien Millerd47c62a2005-12-13 19:33:57 +11002702 - markus@cvs.openbsd.org 2005/12/12 13:46:18
2703 [channels.c channels.h session.c]
2704 make sure protocol messages for internal channels are ignored.
2705 allow adjust messages for non-open channels; with and ok djm@
Damien Miller62a31c92005-12-13 20:44:13 +11002706 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
2707 again by providing a sys_tun_open() function for your platform and
2708 setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
2709 OpenBSD's tunnel protocol, which prepends the address family to the
2710 packet
Damien Millerc94ebbc2005-12-13 19:25:21 +11002711
Damien Miller7677be52005-12-01 12:51:59 +1100271220051201
2713 - (djm) [envpass.sh] Remove regress script that was accidentally committed
2714 in top level directory and not noticed for over a year :)
2715
Tim Rice660c3402005-11-28 17:45:32 -0800271620051129
2717 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
2718 bits == 0.
Darren Tucker3af2ac52005-11-29 13:10:24 +11002719 - (dtucker) OpenBSD CVS Sync
2720 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
2721 [ssh-keygen.c]
2722 Populate default key sizes before checking them; from & ok tim@
Tim Rice46259d82005-11-28 18:40:34 -08002723 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
2724 for UnixWare.
Tim Rice660c3402005-11-28 17:45:32 -08002725
Darren Tuckerb1a87772005-11-28 16:41:03 +1100272620051128
2727 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
2728 versions of GNU head. Based on patch from zappaman at buraphalinux.org
Darren Tuckerac0c8a52005-11-28 22:28:59 +11002729 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
2730 _GNU_SOURCE instead. Patch from t8m at centrum.cz.
Darren Tucker9f647332005-11-28 16:41:46 +11002731 - (dtucker) OpenBSD CVS Sync
2732 - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
2733 [ssh-keygen.1 ssh-keygen.c]
2734 Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
2735 increase minumum RSA key size to 768 bits and update man page to reflect
2736 these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
2737 ok djm@, grudging ok deraadt@.
Darren Tucker3a4634f2005-11-28 17:05:40 +11002738 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
2739 [ssh-agent.1]
2740 Update agent socket path templates to reflect reality, correct xref for
2741 time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
Darren Tuckerb1a87772005-11-28 16:41:03 +11002742
Darren Tucker91d25a02005-11-26 22:24:09 +1100274320051126
2744 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
2745 when they're available) need the real UID set otherwise pam_chauthtok will
2746 set ADMCHG after changing the password, forcing the user to change it
2747 again immediately.
2748
Darren Tucker58e298d2005-11-25 13:14:58 +1100274920051125
2750 - (dtucker) [configure.ac] Apply tim's fix for older systems where the
2751 resolver state in resolv.h is "state" not "__res_state". With slight
2752 modification by me to also work on old AIXes. ok djm@
Darren Tuckere0be3042005-11-25 14:44:55 +11002753 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
2754 snprintf formats, fixes warnings on some 64 bit platforms. Patch from
2755 shaw at vranix.com, ok djm@
Darren Tucker58e298d2005-11-25 13:14:58 +11002756
275720051124
Damien Miller57f39152005-11-24 19:58:19 +11002758 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
2759 openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
2760 asprintf() implementation, after syncing our {v,}snprintf() implementation
2761 with some extra fixes from Samba's version. With help and debugging from
2762 dtucker and tim; ok dtucker@
Darren Tucker79d09fa2005-11-24 22:34:54 +11002763 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
2764 order in Reliant Unix block. Patch from johane at lysator.liu.se.
Darren Tuckerfaec5ca2005-11-24 23:18:54 +11002765 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
2766 many and use them only once. Speeds up testing on older/slower hardware.
Damien Miller57f39152005-11-24 19:58:19 +11002767
276820051122
Darren Tuckerb736d8d2005-11-22 19:37:08 +11002769 - (dtucker) OpenBSD CVS Sync
2770 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
2771 [ssh-add.c]
2772 space
Darren Tucker33f86bc2005-11-22 19:38:06 +11002773 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
2774 [scp.c]
2775 avoid close(-1), as in rcp; ok cloder
Darren Tuckere8400da2005-11-22 19:41:33 +11002776 - millert@cvs.openbsd.org 2005/11/15 11:59:54
2777 [includes.h]
2778 Include sys/queue.h explicitly instead of assuming some other header
2779 will pull it in. At the moment it gets pulled in by sys/select.h
2780 (which ssh has no business including) via event.h. OK markus@
2781 (ID sync only in -portable)
Darren Tuckerf4732f62005-11-22 19:42:42 +11002782 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
2783 [auth-krb5.c]
2784 Perform Kerberos calls even for invalid users to prevent leaking
2785 information about account validity. bz #975, patch originally from
2786 Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
2787 ok markus@
Darren Tucker593bae72005-11-22 19:43:26 +11002788 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
2789 [hostfile.c]
2790 Correct format/arguments to debug call; spotted by shaw at vranix.com
2791 ok djm@
Darren Tuckerefc17472005-11-22 19:55:13 +11002792 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
2793 from shaw at vranix.com.
Darren Tuckerb736d8d2005-11-22 19:37:08 +11002794
Darren Tucker41236362005-11-20 14:09:59 +1100279520051120
2796 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
2797 is going on.
2798
Darren Tucker16fd99c2005-11-12 14:06:29 +1100279920051112
2800 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
2801 ifdef lost during sync. Spotted by tim@.
Darren Tucker5a0bdf72005-11-12 14:28:05 +11002802 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
Darren Tucker3f9545e2005-11-12 15:20:52 +11002803 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
Darren Tucker5bfe1682005-11-12 18:42:36 +11002804 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
Darren Tuckercb6ecde2005-11-12 21:30:07 +11002805 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
2806 test: if sshd takes too long to reconfigure the subsequent connection will
2807 fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
Darren Tucker16fd99c2005-11-12 14:06:29 +11002808
Darren Tuckerb8c89d12005-11-10 10:10:10 +1100280920051110
Darren Tucker063ba742005-11-10 10:38:45 +11002810 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
Darren Tuckerb8c89d12005-11-10 10:10:10 +11002811 OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
2812 "register").
Darren Tucker063ba742005-11-10 10:38:45 +11002813 - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
Darren Tucker32b53102005-11-10 10:13:06 +11002814 unnecessary prototype.
Darren Tucker063ba742005-11-10 10:38:45 +11002815 - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
2816 revs 1.7 - 1.9.
Darren Tucker618db972005-11-10 14:43:11 +11002817 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
2818 Patch from djm@.
Darren Tuckerb0288092005-11-10 14:46:48 +11002819 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
2820 since they're not useful right now. Patch from djm@.
Darren Tuckere5a2b522005-11-10 15:56:44 +11002821 - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
2822 prototypes, removal of "register").
Darren Tucker80c0d7e2005-11-10 16:05:37 +11002823 - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
2824 of "register").
Darren Tucker7f24a0e2005-11-10 16:18:56 +11002825 - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
2826 after the copyright notices. Having them at the top next to the CVSIDs
2827 guarantees a conflict for each and every sync.
Darren Tucker52245662005-11-10 16:26:17 +11002828 - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
Darren Tucker925d1de2005-11-10 16:31:55 +11002829 - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
Darren Tucker09471d82005-11-10 16:38:54 +11002830 - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
2831 Removal of rcsid, "whiteout" inode type.
Darren Tuckerad1dada2005-11-10 16:42:51 +11002832 - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
2833 Removal of rcsid, will no longer strlcpy parts of the string.
Darren Tuckerf976e6f2005-11-10 16:46:26 +11002834 - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
Darren Tuckerf5ebfe92005-11-10 16:48:10 +11002835 - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
Darren Tuckerdbb631c2005-11-10 16:56:28 +11002836 - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
Darren Tuckerd76b4c72005-11-10 16:58:47 +11002837 - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
Darren Tucker6524d4f2005-11-10 17:02:21 +11002838 - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
Darren Tucker50a221b2005-11-10 17:03:22 +11002839 - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
Darren Tucker31ba53e2005-11-10 17:11:29 +11002840 - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
Darren Tucker0a149d12005-11-10 17:15:06 +11002841 - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
2842 with OpenBSD code since we don't support platforms without fstat any more.
Darren Tuckerc7e05d62005-11-10 17:21:21 +11002843 - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
Darren Tucker28640392005-11-10 17:25:26 +11002844 - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
2845 - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
Darren Tuckerb10b4972005-11-10 17:27:25 +11002846 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
Darren Tucker4e8c2492005-11-10 17:28:35 +11002847 - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
Darren Tucker8f0d8f82005-11-10 17:33:00 +11002848 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
Darren Tuckerffcd0ec2005-11-10 17:37:02 +11002849 - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
Darren Tucker91b34dc2005-11-10 17:42:40 +11002850 - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
Darren Tucker6f15c072005-11-10 17:52:08 +11002851 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
Darren Tuckerfe80d7a2005-11-10 17:54:46 +11002852 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
Darren Tucker30d69742005-11-10 19:29:12 +11002853 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
2854 Id and copyright sync only, there were no substantial changes we need.
Darren Tuckerce1cb1f2005-11-10 19:31:08 +11002855 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
Darren Tucker58120342005-11-10 19:31:37 +11002856 -Wsign-compare fixes from djm.
Darren Tucker9d30d132005-11-10 19:43:48 +11002857 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
2858 Id and copyright sync only, there were no substantial changes we need.
Darren Tuckerf0324352005-11-10 21:30:36 +11002859 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
2860 doesn't change between versions, and use a safer default.
Darren Tuckerb8c89d12005-11-10 10:10:10 +11002861
Damien Miller3f54a9f2005-11-05 14:52:18 +1100286220051105
2863 - (djm) OpenBSD CVS Sync
2864 - markus@cvs.openbsd.org 2005/10/07 11:13:57
2865 [ssh-keygen.c]
2866 change DSA default back to 1024, as it's defined for 1024 bits only
2867 and this causes interop problems with other clients. moreover,
2868 in order to improve the security of DSA you need to change more
2869 components of DSA key generation (e.g. the internal SHA1 hash);
2870 ok deraadt
Damien Miller39eda6e2005-11-05 14:52:50 +11002871 - djm@cvs.openbsd.org 2005/10/10 10:23:08
2872 [channels.c channels.h clientloop.c serverloop.c session.c]
2873 fix regression I introduced in 4.2: X11 forwardings initiated after
2874 a session has exited (e.g. "(sleep 5; xterm) &") would not start.
2875 bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
Damien Miller5e7fd072005-11-05 14:53:39 +11002876 - djm@cvs.openbsd.org 2005/10/11 23:37:37
2877 [channels.c]
2878 bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
2879 bind() failure when a previous connection's listeners are in TIME_WAIT,
2880 reported by plattner AT inf.ethz.ch; ok dtucker@
Damien Miller5434eb22005-11-05 15:03:24 +11002881 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
2882 [auth2-gss.c gss-genr.c gss-serv.c]
2883 remove unneeded #includes; ok markus@
Damien Miller9fac2632005-11-05 15:03:48 +11002884 - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
2885 [gss-serv.c]
2886 spelling in comments
Damien Miller5f916c82005-11-05 15:05:28 +11002887 - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
2888 [gss-serv-krb5.c gss-serv.c]
2889 unused declarations; ok deraadt@
2890 (id sync only for gss-serv-krb5.c)
Damien Miller20afc242005-11-05 15:06:38 +11002891 - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
2892 [dns.c]
2893 unneeded #include, unused declaration, little knf; ok deraadt@
Damien Miller6fd6def2005-11-05 15:07:05 +11002894 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
2895 [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
2896 KNF; ok djm@
Damien Miller15d72a02005-11-05 15:07:33 +11002897 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
2898 [ssh-keygen.c ssh.c sshconnect2.c]
2899 no trailing "\n" for log functions; ok djm@
Damien Miller0a0176e2005-11-05 15:07:59 +11002900 - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
2901 [channels.c clientloop.c]
2902 free()->xfree(); ok djm@
Damien Millerc1af1d52005-11-05 15:08:57 +11002903 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
2904 [sshconnect.c]
2905 make external definition static; ok deraadt@
Damien Miller7e8795d2005-11-05 15:10:42 +11002906 - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
2907 [dns.c]
2908 fix memory leaks from 2 sources:
2909 1) key_fingerprint_raw()
2910 2) malloc in dns_read_rdata()
2911 ok jakob@
2912 - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
2913 [dns.c]
2914 remove #ifdef LWRES; ok jakob@
Damien Miller319550a2005-11-05 15:11:15 +11002915 - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
2916 [dns.c dns.h]
2917 more cleanups; ok jakob@
Damien Millerb3bfbb72005-11-05 15:11:48 +11002918 - djm@cvs.openbsd.org 2005/10/30 01:23:19
2919 [ssh_config.5]
2920 mention control socket fallback behaviour, reported by
2921 tryponraj AT gmail.com
Damien Miller4bbacb72005-11-05 15:12:28 +11002922 - djm@cvs.openbsd.org 2005/10/30 04:01:03
2923 [ssh-keyscan.c]
2924 make ssh-keygen discard junk from server before SSH- ident, spotted by
2925 dave AT cirt.net; ok dtucker@
Damien Milleraa3bb102005-11-05 15:12:59 +11002926 - djm@cvs.openbsd.org 2005/10/30 04:03:24
2927 [ssh.c]
2928 fix misleading debug message; ok dtucker@
Damien Miller4d3fd542005-11-05 15:13:24 +11002929 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
2930 [canohost.c sshd.c]
2931 Check for connections with IP options earlier and drop silently. ok djm@
Damien Miller713de762005-11-05 15:13:49 +11002932 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
2933 [ssh_config.5]
2934 remove trailing whitespace;
Damien Miller788f2122005-11-05 15:14:59 +11002935 - djm@cvs.openbsd.org 2005/10/30 08:52:18
2936 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
2937 [ssh.c sshconnect.c sshconnect1.c sshd.c]
2938 no need to escape single quotes in comments, no binary change
Damien Miller653b93b2005-11-05 15:15:23 +11002939 - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
2940 [sftp.c]
2941 Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
Damien Millerf14be5c2005-11-05 15:15:49 +11002942 - djm@cvs.openbsd.org 2005/10/31 11:12:49
2943 [ssh-keygen.1 ssh-keygen.c]
2944 generate a protocol 2 RSA key by default
Damien Millerc7e2d3f2005-11-05 15:16:12 +11002945 - djm@cvs.openbsd.org 2005/10/31 11:48:29
2946 [serverloop.c]
2947 make sure we clean up wtmp, etc. file when we receive a SIGTERM,
2948 SIGINT or SIGQUIT when running without privilege separation (the
2949 normal privsep case is already OK). Patch mainly by dtucker@ and
2950 senthilkumar_sen AT hotpop.com; ok dtucker@
Damien Miller83d0d392005-11-05 15:16:27 +11002951 - jmc@cvs.openbsd.org 2005/10/31 19:55:25
2952 [ssh-keygen.1]
2953 grammar;
Damien Miller24ecf612005-11-05 15:16:52 +11002954 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
2955 [canohost.c]
2956 Cache reverse lookups with and without DNS separately; ok markus@
Damien Miller19bb3a52005-11-05 15:19:35 +11002957 - djm@cvs.openbsd.org 2005/11/04 05:15:59
2958 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
2959 remove hardcoded hash lengths in key exchange code, allowing
2960 implementation of KEX methods with different hashes (e.g. SHA-256);
2961 ok markus@ dtucker@ stevesk@
Damien Miller5fd8b022005-11-05 16:04:36 +11002962 - djm@cvs.openbsd.org 2005/11/05 05:01:15
2963 [bufaux.c]
2964 Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
2965 cs.stanford.edu; ok dtucker@
Darren Tucker3a38c5a2005-11-05 16:28:35 +11002966 - (dtucker) [README.platform] Add PAM section.
Damien Miller9b59ada2005-11-05 16:56:52 +11002967 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
2968 resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
2969 ok dtucker@
Damien Miller3f54a9f2005-11-05 14:52:18 +11002970
Darren Tuckerd32e2932005-11-02 09:07:31 +1100297120051102
2972 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
2973 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
2974 via FreeBSD.
2975
Damien Miller88edf622005-10-30 11:55:45 +1100297620051030
2977 - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
2978 sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
2979 files from imorgan AT nas.nasa.gov
Darren Tucker42308a42005-10-30 15:31:55 +11002980 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
2981 enabled, instead allow PAM to handle it. Note that on platforms using PAM,
2982 the pam_nologin module should be added to sshd's session stack in order to
2983 maintain exising behaviour. Based on patch and discussion from t8m at
2984 centrum.cz, ok djm@
Damien Miller88edf622005-10-30 11:55:45 +11002985
Darren Tucker537f1ed2005-10-25 18:38:33 +1000298620051025
2987 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
2988 sizeof(long long) checks, to make fixing bug #1104 easier (no changes
2989 yet).
Darren Tuckere7374552005-10-25 18:52:31 +10002990 - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
2991 understand "%lld", even though the compiler has "long long", so handle
2992 it as a special case. Patch tested by mcaskill.scott at epa.gov.
Darren Tuckera841dce2005-10-25 18:55:00 +10002993 - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
2994 prompt. Patch from vinschen at redhat.com.
Darren Tucker537f1ed2005-10-25 18:38:33 +10002995
Darren Tucker314d89e2005-10-17 23:29:23 +1000299620051017
2997 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
2998 /etc/default/login report and testing from aabaker at iee.org, corrections
2999 from tim@.
3000
Darren Tucker9ac1a652005-10-09 11:40:03 +1000300120051009
3002 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
3003 versions from OpenBSD. ok djm@
3004
Darren Tucker1e6616b2005-10-08 12:07:01 +1000300520051008
3006 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
3007 brian.smith at agilent com.
Damien Millere04ec6f2005-10-08 16:21:19 +10003008 - (djm) [configure.ac] missing 'test' call for -with-Werror test
Darren Tucker1e6616b2005-10-08 12:07:01 +10003009
Darren Tuckerb18f1512005-10-05 23:02:16 +1000301020051005
3011 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
3012 "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
3013 senthilkumar_sen at hotpop.com.
3014
Darren Tuckerd3d0fa12005-10-03 18:03:05 +1000301520051003
3016 - (dtucker) OpenBSD CVS Sync
3017 - markus@cvs.openbsd.org 2005/09/07 08:53:53
3018 [channels.c]
3019 enforce chanid != NULL; ok djm
Darren Tuckerd89dbf22005-10-03 18:05:26 +10003020 - markus@cvs.openbsd.org 2005/09/09 19:18:05
3021 [clientloop.c]
3022 typo; from mark at mcs.vuw.ac.nz, bug #1082
Darren Tuckerce321d82005-10-03 18:11:24 +10003023 - djm@cvs.openbsd.org 2005/09/13 23:40:07
3024 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
3025 scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
3026 ensure that stdio fds are attached; ok deraadt@
Darren Tuckerc8d64212005-10-03 18:13:42 +10003027 - djm@cvs.openbsd.org 2005/09/19 11:37:34
3028 [ssh_config.5 ssh.1]
3029 mention ability to specify bind_address for DynamicForward and -D options;
3030 bz#1077 spotted by Haruyama Seigo
Darren Tuckera2cdbda2005-10-03 18:16:02 +10003031 - djm@cvs.openbsd.org 2005/09/19 11:47:09
3032 [sshd.c]
3033 stop connection abort on rekey with delayed compression enabled when
3034 post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
Darren Tucker8813bbb2005-10-03 18:17:02 +10003035 - djm@cvs.openbsd.org 2005/09/19 11:48:10
3036 [gss-serv.c]
3037 typo
Darren Tucker05d4dfe2005-10-03 18:17:38 +10003038 - jmc@cvs.openbsd.org 2005/09/19 15:38:27
3039 [ssh.1]
3040 some more .Bk/.Ek to avoid ugly line split;
Darren Tucker895d6982005-10-03 18:18:05 +10003041 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
3042 [ssh.c]
3043 update -D usage here too;
Darren Tucker1e4308e2005-10-03 18:18:40 +10003044 - djm@cvs.openbsd.org 2005/09/19 23:31:31
3045 [ssh.1]
3046 spelling nit from stevesk@
Darren Tuckere2dd2d52005-10-03 18:19:06 +10003047 - djm@cvs.openbsd.org 2005/09/21 23:36:54
3048 [sshd_config.5]
3049 aquire -> acquire, from stevesk@
Darren Tucker45b01422005-10-03 18:20:00 +10003050 - djm@cvs.openbsd.org 2005/09/21 23:37:11
3051 [sshd.c]
3052 change label at markus@'s request
Darren Tucker28e8e592005-10-03 18:20:28 +10003053 - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
3054 [ssh-keyscan.1]
3055 deploy .An -nosplit; ok jmc
Darren Tuckerb0b12292005-10-03 18:23:44 +10003056 - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
3057 [canohost.c]
3058 Relocate check_ip_options call to prevent logging of garbage for
3059 connections with IP options set. bz#1092 from David Leonard,
3060 "looks good" deraadt@
Darren Tucker1f85dc72005-10-03 20:14:18 +10003061 - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
3062 is required in the system path for the multiplex test to work.
Darren Tuckerd3d0fa12005-10-03 18:03:05 +10003063
Darren Tucker6e422112005-09-30 09:55:49 +1000306420050930
3065 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
3066 for strtoll. Patch from o.flebbe at science-computing.de.
Darren Tuckerd4f04ae2005-09-30 10:23:21 +10003067 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
3068 child during PAM account check without clearing it. This restores the
3069 post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
3070 with help from several others.
Darren Tucker6e422112005-09-30 09:55:49 +10003071
Darren Tucker372c8fb2005-09-29 22:01:10 +1000307220050929
3073 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
3074 introduced during sync.
3075
Darren Tucker46e7ba52005-09-28 08:26:30 +1000307620050928
3077 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
Darren Tucker7b1e6952005-09-28 22:33:27 +10003078 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
3079 PAM via keyboard-interactive. Patch tested by the folks at Vintela.
Darren Tucker46e7ba52005-09-28 08:26:30 +10003080
Darren Tuckerf1377bd2005-09-27 19:50:25 +1000308120050927
3082 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
3083 calls, since they can't possibly fail. ok djm@
Darren Tuckerc6f82192005-09-27 22:46:32 +10003084 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
3085 process when sshd relies on ssh-random-helper. Should result in faster
3086 logins on systems without a real random device or prngd. ok djm@
Darren Tuckerf1377bd2005-09-27 19:50:25 +10003087
Darren Tuckerd3eff2b2005-09-24 12:43:51 +1000308820050924
3089 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
3090 duplicate call. ok djm@
3091
Darren Tuckerc373a562005-09-22 20:15:08 +1000309220050922
3093 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
3094 skeleten at shillest.net.
Darren Tucker82171c62005-09-22 20:19:54 +10003095 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
3096 shillest.net.
Darren Tuckerc373a562005-09-22 20:15:08 +10003097
Tim Rice7df8d392005-09-19 09:33:39 -0700309820050919
3099 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
3100 AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
Tim Rice542f62b2005-09-19 09:36:55 -07003101 ok dtucker@
Tim Rice7df8d392005-09-19 09:33:39 -07003102
Tim Ricefd9e9e32005-09-12 17:36:10 -0700310320050912
3104 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
3105 Mike Frysinger.
3106
Tim Rice64ead482005-09-08 21:56:33 -0700310720050908
3108 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
3109 OpenServer 6 and add osr5bigcrypt support so when someone migrates
3110 passwords between UnixWare and OpenServer they will still work. OK dtucker@
3111
Damien Miller0d7b9342007-06-28 08:48:02 +10003112$Id: ChangeLog,v 1.4711 2007/06/27 22:48:02 djm Exp $