blob: 476310bc35907c92bca876fcc79199c956b26038 [file] [log] [blame]
Darren Tucker48554152005-04-21 19:50:55 +1000120050421
2 - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
3 UseLogin is set as PAM is not used to establish credentials in that
4 case. Found by Michael Selvesteen, ok djm@
5
Darren Tuckerd9c88132005-04-19 12:21:21 +1000620050419
7 - (dtucker) [INSTALL] Reference README.privsep for the privilege separation
8 requirements. Pointed out by Bengt Svensson.
Darren Tuckerad1e5e22005-04-19 15:31:49 +10009 - (dtucker) [INSTALL] Put the s/key text and URL back together.
Darren Tucker8d158c92005-04-19 15:40:51 +100010 - (dtucker) [INSTALL] Fix s/key text too.
Darren Tuckerd9c88132005-04-19 12:21:21 +100011
Tim Rice2f97b8b2005-04-11 19:00:18 -07001220050411
13 - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
14
Darren Tucker9d2562c2005-04-05 19:22:45 +10001520050405
16 - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
Darren Tucker00cadb82005-04-05 20:58:37 +100017 - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
18 Tru64. Patch from cmadams at hiwaay.net.
Darren Tucker0f5eeff2005-04-05 21:00:47 +100019 - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
20 sys_auth_passwd, pointed out by cmadams at hiwaay.net.
Darren Tucker9d2562c2005-04-05 19:22:45 +100021
Damien Miller3dae15c2005-04-03 10:16:11 +10002220050403
23 - (djm) OpenBSD CVS Sync
24 - deraadt@cvs.openbsd.org 2005/03/31 18:39:21
25 [scp.c]
26 copy argv[] element instead of smashing the one that ps will see; ok otto
Damien Miller4942de52005-04-03 10:16:39 +100027 - djm@cvs.openbsd.org 2005/04/02 12:41:16
28 [scp.c]
29 since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
30 build
Darren Tucker69152292005-04-03 12:44:23 +100031 - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
32 will free as needed. ok tim@ djm@
Damien Miller3dae15c2005-04-03 10:16:11 +100033
Darren Tucker5ede2ad2005-03-31 21:31:10 +10003420050331
35 - (dtucker) OpenBSD CVS Sync
36 - jmc@cvs.openbsd.org 2005/03/16 11:10:38
37 [ssh_config.5]
38 get the syntax right for {Local,Remote}Forward;
39 based on a diff from markus;
40 problem report from ponraj;
41 ok dtucker@ markus@ deraadt@
Darren Tucker1f04ca22005-03-31 21:31:54 +100042 - markus@cvs.openbsd.org 2005/03/16 21:17:39
43 [version.h]
44 4.1
Darren Tucker83d5a982005-03-31 21:33:50 +100045 - jmc@cvs.openbsd.org 2005/03/18 17:05:00
46 [sshd_config.5]
47 typo;
Darren Tuckerf3bb4342005-03-31 21:39:25 +100048 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
49 handling of password expiry messages returned by AIX's authentication
50 routines, originally reported by robvdwal at sara.nl.
Darren Tucker73ba4372005-03-31 21:51:54 +100051 - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
52 message on some platforms. Patch from pete at seebeyond.com via djm.
Darren Tuckerde0de392005-03-31 23:52:04 +100053 - (dtucker) [monitor.c] Remaining part of fix for bug #1006.
Darren Tucker5ede2ad2005-03-31 21:31:10 +100054
Darren Tucker6e1defd2005-03-29 23:24:12 +10005520050329
56 - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
57 interested in which is much faster in large (eg LDAP or NIS) environments.
58 Patch from dleonard at vintela.com.
59
Darren Tucker86a5f8d2005-03-21 09:55:17 +11006020050321
61 - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
62 and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
63 with & ok tim@
Darren Tucker1df61452005-03-21 09:58:07 +110064 - (dtucker) [configure.ac] Make configure error out if the user specifies
65 --with-libedit but the required libs can't be found, rather than silently
66 ignoring and continuing. ok tim@
Darren Tuckere66519d2005-03-21 22:46:34 +110067 - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
68 of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
Darren Tucker86a5f8d2005-03-21 09:55:17 +110069
Tim Rice12ee8e22005-03-17 13:37:04 -08007020050317
71 - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
72 Make --without-opensc work.
Tim Rice8bb561b2005-03-17 16:23:19 -080073 - (tim) [configure.ac] portability changes on test statements. Some shells
74 have problems with -a operator.
Tim Rice35cc69d2005-03-17 16:44:25 -080075 - (tim) [configure.ac] make some configure options a little more error proof.
Tim Riceeae17cc2005-03-17 16:52:20 -080076 - (tim) [configure.ac] remove trailing white space.
Tim Rice12ee8e22005-03-17 13:37:04 -080077
Darren Tucker1d55ca72005-03-14 22:58:40 +11007820050314
79 - (dtucker) OpenBSD CVS Sync
80 - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
81 [readconf.c]
82 Check listen addresses for null, prevents xfree from dying during
83 ClearAllForwardings (bz #996). From Craig Leres, ok markus@
Darren Tucker47eede72005-03-14 23:08:12 +110084 - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
85 [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
86 monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
87 readconf.c bufaux.c sftp.c]
88 spacing
Darren Tucker90b9e022005-03-14 23:08:50 +110089 - deraadt@cvs.openbsd.org 2005/03/10 22:40:38
90 [auth-options.c]
91 spacing
Darren Tucker9f438a92005-03-14 23:09:18 +110092 - markus@cvs.openbsd.org 2005/03/11 14:59:06
93 [ssh-keygen.c]
94 typo, missing \n; mpech
Darren Tucker1adc2bd2005-03-14 23:14:20 +110095 - jmc@cvs.openbsd.org 2005/03/12 11:55:03
96 [ssh_config.5]
97 escape `.' at eol to avoid double spacing issues;
Darren Tuckerda1adbc2005-03-14 23:15:58 +110098 - dtucker@cvs.openbsd.org 2005/03/14 10:09:03
99 [ssh-keygen.1]
100 Correct description of -H (bz #997); ok markus@, punctuation jmc@
Darren Tuckera8f553d2005-03-14 23:17:27 +1100101 - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
102 [auth.c]
103 Populate host for log message for logins denied by AllowUsers and
Darren Tuckerc53c3a42005-03-14 23:24:43 +1100104 DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
Darren Tucker11327cc2005-03-14 23:22:25 +1100105 - markus@cvs.openbsd.org 2005/03/14 11:46:56
106 [buffer.c buffer.h channels.c]
107 limit input buffer size for channels; bugzilla #896; with and ok dtucker@
Tim Ricec3939e22005-03-14 17:24:51 -0800108 - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
109 with a rpm -F
Darren Tucker1d55ca72005-03-14 22:58:40 +1100110
Darren Tuckera21380b2005-03-13 21:20:18 +110011120050313
112 - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
113 localized name of the local administrators group more reliable. From
114 vinschen at redhat.com.
115
Darren Tuckerf899e6a2005-03-14 23:02:46 +110011620050312
117 - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
118 output ends up in the client's output, causing regress failures. Found
119 by Corinna Vinschen.
120
Darren Tucker50c7db92005-03-09 10:02:55 +110012120050309
122 - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
123 so that regress tests behave. From Chris Adams.
Damien Millerb096ac42005-03-09 11:00:05 +1100124 - (djm) OpenBSD CVS Sync
125 - jmc@cvs.openbsd.org 2005/03/07 23:41:54
126 [ssh.1 ssh_config.5]
127 more macro simplification;
Damien Milleraca86262005-03-09 11:00:42 +1100128 - djm@cvs.openbsd.org 2005/03/08 23:49:48
129 [version.h]
130 OpenSSH 4.0
Damien Miller6f632bf2005-03-09 11:02:41 +1100131 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
132 [contrib/suse/openssh.spec] Update spec file versions
Darren Tucker835903d2005-03-09 20:12:47 +1100133 - (djm) [log.c] Fix dumb syntax error; ok dtucker@
Damien Milleraa1dba62005-03-09 11:03:08 +1100134 - (djm) Release OpenSSH 4.0p1
Darren Tucker50c7db92005-03-09 10:02:55 +1100135
Darren Tucker0d096692005-03-07 17:34:45 +110013620050307
137 - (dtucker) [configure.ac] Disable gettext search when configuring with
138 BSM audit support for the time being. ok djm@
Darren Tucker1c56ef62005-03-07 17:36:18 +1100139 - (dtucker) OpenBSD CVS Sync (regress/)
140 - fgsch@cvs.openbsd.org 2004/12/10 01:31:30
Darren Tucker68f72132005-03-07 18:25:53 +1100141 [Makefile sftp-glob.sh]
Darren Tucker1c56ef62005-03-07 17:36:18 +1100142 some globbing regress; prompted and ok djm@
Darren Tuckerb712fcc2005-03-07 18:27:28 +1100143 - david@cvs.openbsd.org 2005/01/14 04:21:18
144 [Makefile test-exec.sh]
145 pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
Darren Tuckera0f3ba72005-03-07 18:33:02 +1100146 - dtucker@cvs.openbsd.org 2005/02/27 11:33:30
147 [multiplex.sh test-exec.sh sshd-log-wrapper.sh]
148 Add optional capability to log output from regress commands; ok markus@
149 Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
Darren Tucker894823e2005-03-07 18:34:04 +1100150 - djm@cvs.openbsd.org 2005/02/27 23:13:36
151 [login-timeout.sh]
152 avoid nameservice lookups in regress test; ok dtucker@
Darren Tucker5d909f02005-03-07 18:35:34 +1100153 - djm@cvs.openbsd.org 2005/03/04 08:48:46
154 [Makefile envpass.sh]
155 regress test for SendEnv config parsing bug; ok dtucker@
Darren Tucker4b9ac332005-03-07 19:15:06 +1100156 - (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
Tim Ricec390c8d2005-03-07 01:21:37 -0800157 - (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
Darren Tucker0d096692005-03-07 17:34:45 +1100158
Darren Tucker3745e2b2005-03-06 22:31:35 +110015920050306
160 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
161 when attempting to audit disconnect events. Reported by Phil Dibowitz.
Darren Tucker2b59a6d2005-03-06 22:38:51 +1100162 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
163 events earlier, prevents mm_request_send errors reported by Matt Goebel.
Darren Tucker3745e2b2005-03-06 22:31:35 +1100164
Damien Miller7ffa3672005-03-05 11:20:40 +110016520050305
166 - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
167 from vinschen at redhat.com
Damien Millerb022b232005-03-05 11:22:36 +1100168 - (djm) OpenBSD CVS Sync
169 - jmc@cvs.openbsd.org 2005/03/02 11:45:01
170 [ssh.1]
171 missing word;
Damien Millerf8e7acc2005-03-05 11:22:50 +1100172 - djm@cvs.openbsd.org 2005/03/04 08:48:06
173 [readconf.c]
174 fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
Damien Miller7ffa3672005-03-05 11:20:40 +1100175
Damien Miller36bf7dd2005-03-02 12:02:47 +110017620050302
177 - (djm) OpenBSD CVS sync:
178 - jmc@cvs.openbsd.org 2005/03/01 14:47:58
179 [ssh.1]
180 remove some unneccesary macros;
181 do not mark up punctuation;
Damien Millerf8c55462005-03-02 12:03:05 +1100182 - jmc@cvs.openbsd.org 2005/03/01 14:55:23
183 [ssh_config.5]
184 do not mark up punctuation;
185 whitespace;
Damien Miller718fd4b2005-03-02 12:03:23 +1100186 - jmc@cvs.openbsd.org 2005/03/01 14:59:49
187 [sshd.8]
188 new sentence, new line;
189 whitespace;
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100190 - jmc@cvs.openbsd.org 2005/03/01 15:05:00
191 [ssh-keygen.1]
192 whitespace;
Damien Miller9a2fdbd2005-03-02 12:04:01 +1100193 - jmc@cvs.openbsd.org 2005/03/01 15:47:14
194 [ssh-keyscan.1 ssh-keyscan.c]
195 sort options and sync usage();
Damien Miller27e9c512005-03-02 12:04:16 +1100196 - jmc@cvs.openbsd.org 2005/03/01 17:19:35
197 [scp.1 sftp.1]
198 add HashKnownHosts to -o list;
199 ok markus@
Damien Miller02faece2005-03-02 12:04:32 +1100200 - jmc@cvs.openbsd.org 2005/03/01 17:22:06
201 [ssh.c]
202 sync usage() w/ man SYNOPSIS;
203 ok markus@
Damien Miller792c0172005-03-02 12:04:50 +1100204 - jmc@cvs.openbsd.org 2005/03/01 17:32:19
205 [ssh-add.1]
206 sort options;
Damien Miller265d3092005-03-02 12:05:06 +1100207 - jmc@cvs.openbsd.org 2005/03/01 18:15:56
208 [ssh-keygen.1]
209 sort options (no attempt made at synopsis clean up though);
210 spelling (occurance -> occurrence);
211 use prompt before examples;
212 grammar;
Damien Miller1227d4c2005-03-02 12:06:51 +1100213 - djm@cvs.openbsd.org 2005/03/02 01:00:06
214 [sshconnect.c]
215 fix addition of new hashed hostnames when CheckHostIP=yes;
216 found and ok dtucker@
Damien Miller89eac802005-03-02 12:33:04 +1100217 - djm@cvs.openbsd.org 2005/03/02 01:27:41
218 [ssh-keygen.c]
219 ignore hostnames with metachars when hashing; ok deraadt@
Damien Miller947219e2005-03-02 13:22:30 +1100220 - djm@cvs.openbsd.org 2005/03/02 02:21:07
221 [ssh.1]
222 bz#987: mention ForwardX11Trusted in ssh.1,
223 reported by andrew.benham AT thus.net; ok deraadt@
Tim Ricef8f30162005-03-02 21:49:56 -0800224 - (tim) [regress/agent-ptrace.sh] add another possible gdb error.
Damien Miller36bf7dd2005-03-02 12:02:47 +1100225
Damien Miller3eb48b62005-03-01 21:15:46 +110022620050301
227 - (djm) OpenBSD CVS sync:
228 - otto@cvs.openbsd.org 2005/02/16 09:56:44
229 [ssh.c]
230 Better diagnostic if an identity file is not accesible. ok markus@ djm@
Damien Miller9b8073e2005-03-01 21:16:18 +1100231 - djm@cvs.openbsd.org 2005/02/18 03:05:53
232 [canohost.c]
233 better error messages for getnameinfo failures; ok dtucker@
Damien Miller64e8d442005-03-01 21:16:47 +1100234 - djm@cvs.openbsd.org 2005/02/20 22:59:06
235 [sftp.c]
236 turn on ssh batch mode when in sftp batch mode, patch from
237 jdmossh AT nand.net;
238 ok markus@
Damien Miller70a908e2005-03-01 21:17:09 +1100239 - jmc@cvs.openbsd.org 2005/02/25 10:55:13
240 [sshd.8]
241 add /etc/motd and $HOME/.hushlogin to FILES;
242 from michael knudsen;
Damien Miller1717fd42005-03-01 21:17:31 +1100243 - djm@cvs.openbsd.org 2005/02/28 00:54:10
244 [ssh_config.5]
245 bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
246 orion AT cora.nwra.com; ok markus@
Damien Millerf91ee4c2005-03-01 21:24:33 +1100247 - djm@cvs.openbsd.org 2005/03/01 10:09:52
248 [auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
249 [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
250 [sshd_config.5]
251 bz#413: allow optional specification of bind address for port forwardings.
252 Patch originally by Dan Astorian, but worked on by several people
253 Adds GatewayPorts=clientspecified option on server to allow remote
254 forwards to bind to client-specified ports.
Damien Millere1776152005-03-01 21:47:37 +1100255 - djm@cvs.openbsd.org 2005/03/01 10:40:27
256 [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
257 [sshconnect.c sshd.8]
258 add support for hashing host names and addresses added to known_hosts
259 files, to improve privacy of which hosts user have been visiting; ok
260 markus@ deraadt@
Damien Millerdb7b8172005-03-01 21:48:03 +1100261 - djm@cvs.openbsd.org 2005/03/01 10:41:28
262 [ssh-keyscan.1 ssh-keyscan.c]
263 option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
Damien Miller4b42d7f2005-03-01 21:48:35 +1100264 - djm@cvs.openbsd.org 2005/03/01 10:42:49
265 [ssh-keygen.1 ssh-keygen.c ssh_config.5]
266 add tools for managing known_hosts files with hashed hostnames, including
267 hashing existing files and deleting hosts by name; ok markus@ deraadt@
Damien Miller3eb48b62005-03-01 21:15:46 +1100268
Darren Tucker34233832005-02-26 10:04:28 +110026920050226
270 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
271 Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
Darren Tucker38049032005-02-26 10:07:37 +1100272 - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
273 Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
274 more. Patch from vinschen at redhat.com.
Darren Tuckerdc8fc622005-02-26 10:12:38 +1100275 - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
276 binaries without the config files. Primarily useful for packaging.
277 Patch from phil at usc.edu. ok djm@
Darren Tucker34233832005-02-26 10:04:28 +1100278
27920050224
Damien Miller848b9932005-02-24 12:12:34 +1100280 - (djm) [configure.ac] in_addr_t test needs sys/types.h too
281
28220050222
Darren Tucker2ea9b182005-02-22 17:57:13 +1100283 - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
284 vinschen at redhat.com.
285
Darren Tuckerd9f88912005-02-20 21:01:48 +110028620050220
287 - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
288 defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
289 --with-audit=bsm to enable. Patch originally from Sun Microsystems,
290 parts by John R. Jackson. ok djm@
Darren Tucker04cfbe02005-02-20 23:27:11 +1100291 - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
292 unrelated platforms to be configured incorrectly.
Darren Tuckerd9f88912005-02-20 21:01:48 +1100293
Damien Millered462d92005-02-16 13:02:45 +110029420050216
295 - (djm) write seed to temporary file and atomically rename into place;
296 ok dtucker@
Darren Tucker7b48d252005-02-16 13:20:07 +1100297 - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
298 via mkstemp in some configurations. ok djm@
Darren Tuckera91f5ee2005-02-16 14:20:06 +1100299 - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
300 by the system headers.
Darren Tuckerca6e7a72005-02-16 16:19:17 +1100301 - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
302 Unix; prevents problems relating to the location of -lresolv in the
303 link order.
Darren Tuckerc97b01a2005-02-16 16:47:37 +1100304 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
305 authentication early enough to be available to PAM session modules when
306 privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
307 Hartman and similar to Debian's ssh-krb5 package.
Darren Tucker3c774c52005-02-16 22:49:31 +1100308 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
309 compiler warnings on AIX.
Damien Millered462d92005-02-16 13:02:45 +1100310
Darren Tuckerf04c3612005-02-15 21:26:32 +110031120050215
312 - (dtucker) [config.sh.in] Collect oslevel -r too.
Darren Tucker691d5232005-02-15 21:45:57 +1100313 - (dtucker) [README.platform auth.c configure.ac loginrec.c
314 openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
315 on AIX where possible (see README.platform for details) and work around
316 a misfeature of AIX's getnameinfo. ok djm@
Darren Tuckera39f83e2005-02-15 22:19:28 +1100317 - (dtucker) [loginrec.c] Add missing #include.
Darren Tuckerf04c3612005-02-15 21:26:32 +1100318
Darren Tucker1b6f2292005-02-11 16:11:49 +110031920050211
320 - (dtucker) [configure.ac] Tidy up configure --help output.
Darren Tucker15af68f2005-02-11 18:32:13 +1100321 - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
Darren Tucker1b6f2292005-02-11 16:11:49 +1100322
Darren Tucker2f9573d2005-02-10 22:28:54 +110032320050210
324 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
325 --disable-etc-default-login configure option.
326
Darren Tucker3f166df2005-02-09 09:46:47 +110032720050209
328 - (dtucker) OpenBSD CVS Sync
329 - dtucker@cvs.openbsd.org 2005/01/28 09:45:53
330 [ssh_config]
331 Make it clear that the example entries in ssh_config are only some of the
332 commonly-used options and refer the user to ssh_config(5) for more
333 details; ok djm@
Darren Tucker79a7acf2005-02-09 09:48:57 +1100334 - jmc@cvs.openbsd.org 2005/01/28 15:05:43
335 [ssh_config.5]
336 grammar;
Darren Tucker43d8e282005-02-09 09:51:08 +1100337 - jmc@cvs.openbsd.org 2005/01/28 18:14:09
338 [ssh_config.5]
339 wording;
340 ok markus@
Darren Tucker5b530262005-02-09 09:52:17 +1100341 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08
342 [monitor.c]
343 Make code match intent; ok djm@
Darren Tucker96d47102005-02-09 09:53:48 +1100344 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57
345 [sshd.c]
346 Provide reason in error message if getnameinfo fails; ok markus@
Darren Tucker92170a82005-02-09 17:08:23 +1100347 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
348 disable_forwarding() from compat library. Prevent linker errrors trying
349 to resolve it for binaries other than sshd. ok djm@
Darren Tuckerc7e38d52005-02-09 22:12:30 +1100350 - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
351 paths. ok djm@
Darren Tucker33370e02005-02-09 22:17:28 +1100352 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
353 the username to be passed to the passwd command when changing expired
354 passwords. ok djm@
Darren Tucker3f166df2005-02-09 09:46:47 +1100355
Darren Tuckerfeb6f7f2005-02-08 20:17:17 +110035620050208
357 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
358 regress tests so newer versions of GNU head(1) behave themselves. Patch
359 by djm, so ok me.
Darren Tuckerb4d30122005-02-08 21:06:55 +1100360 - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
Darren Tucker2e0cf0d2005-02-08 21:52:47 +1100361 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
362 monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
363 defines and enums with SSH_ to prevent namespace collisions on some
364 platforms (eg AIX).
Darren Tuckerfeb6f7f2005-02-08 20:17:17 +1100365
Darren Tucker598ba7b2005-02-04 15:05:08 +110036620050204
367 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
Darren Tucker40d9a632005-02-04 15:19:44 +1100368 - (dtucker) [auth.c] Fix parens in audit log check.
Darren Tucker598ba7b2005-02-04 15:05:08 +1100369
Darren Tuckerad7646a2005-02-02 10:43:59 +110037020050202
371 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
372 rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
Darren Tucker42d9dc72005-02-02 17:10:11 +1100373 - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
374 Make record_failed_login() call provide hostname rather than having the
375 implementations having to do lookups themselves. Only affects AIX and
376 UNICOS (the latter only uses the "user" parameter anyway). ok djm@
Darren Tucker9dc6c7d2005-02-02 18:30:33 +1100377 - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
378 the process. Since we also unset KRB5CCNAME at startup, if it's set after
379 authentication it must have been set by the platform's native auth system.
380 This was already done for AIX; this enables it for the general case.
Darren Tucker2fba9932005-02-02 23:30:24 +1100381 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
382 Bug #974: Teach sshd to write failed login records to btmp for failed auth
383 attempts (currently only for password, kbdint and C/R, only on Linux and
384 HP-UX), based on code from login.c from util-linux. With ashok_kovai at
385 hotmail.com, ok djm@
Darren Tucker269a1ea2005-02-03 00:20:53 +1100386 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
387 monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
388 (first stage) Add audit instrumentation to sshd, currently disabled by
Darren Tucker6dce9912005-02-03 15:07:37 +1100389 default. with suggestions from and ok djm@
Darren Tuckerad7646a2005-02-02 10:43:59 +1100390
Darren Tucker9b5495d2005-02-01 17:35:09 +110039120050201
392 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
393 platforms syslog will revert to its default values. This may result in
394 messages from external libraries (eg libwrap) being sent to a different
395 facility.
Darren Tucker9dca0992005-02-01 19:16:45 +1100396 - (dtucker) [sshd_config.5] Bug #701: remove warning about
397 keyboard-interactive since this is no longer the case.
Darren Tucker9b5495d2005-02-01 17:35:09 +1100398
Darren Tucker5c14c732005-01-24 21:55:49 +110039920050124
400 - (dtucker) OpenBSD CVS Sync
401 - otto@cvs.openbsd.org 2005/01/21 08:32:02
402 [auth-passwd.c sshd.c]
403 Warn in advance for password and account expiry; initialize loginmsg
404 buffer earlier and clear it after privsep fork. ok and help dtucker@
405 markus@
Darren Tucker094cd0b2005-01-24 21:56:48 +1100406 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
407 [auth.c]
408 Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
409 DenyGroups. bz #909, ok djm@
Darren Tucker660db782005-01-24 21:57:11 +1100410 - djm@cvs.openbsd.org 2005/01/23 10:18:12
411 [cipher.c]
412 config option "Ciphers" should be case-sensitive; ok dtucker@
Darren Tuckerba66df82005-01-24 21:57:40 +1100413 - dtucker@cvs.openbsd.org 2005/01/24 10:22:06
414 [scp.c sftp.c]
415 Have scp and sftp wait for the spawned ssh to exit before they exit
416 themselves. This prevents ssh from being unable to restore terminal
417 modes (not normally a problem on OpenBSD but common with -Portable
418 on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
419 ok djm@ markus@
Darren Tucker1b7223c2005-01-24 22:00:40 +1100420 - dtucker@cvs.openbsd.org 2005/01/24 10:29:06
421 [moduli]
422 Import new moduli; requested by deraadt@ a week ago
Darren Tucker218f1782005-01-24 22:50:47 +1100423 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
424 [auth-passwd.c]
425 #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
Darren Tucker5c14c732005-01-24 21:55:49 +1100426
Darren Tucker172a5e82005-01-20 10:55:46 +110042720050120
428 - (dtucker) OpenBSD CVS Sync
429 - markus@cvs.openbsd.org 2004/12/23 17:35:48
430 [session.c]
431 check for NULL; from mpech
Darren Tucker7cfeecf2005-01-20 10:56:31 +1100432 - markus@cvs.openbsd.org 2004/12/23 17:38:07
433 [ssh-keygen.c]
434 leak; from mpech
Darren Tucker0f383232005-01-20 10:57:56 +1100435 - djm@cvs.openbsd.org 2004/12/23 23:11:00
436 [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
437 bz #898: support AddressFamily in sshd_config. from
438 peak@argo.troja.mff.cuni.cz; ok deraadt@
Darren Tuckerb2161e32005-01-20 11:00:46 +1100439 - markus@cvs.openbsd.org 2005/01/05 08:51:32
440 [sshconnect.c]
441 remove dead code, log connect() failures with level error, ok djm@
Darren Tuckerb3509012005-01-20 11:01:46 +1100442 - jmc@cvs.openbsd.org 2005/01/08 00:41:19
443 [sshd_config.5]
444 `login'(n) -> `log in'(v);
Darren Tuckerf0e792e2005-01-20 11:02:26 +1100445 - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
446 [moduli.c]
447 Correct spelling: SCHNOOR->SCHNORR; ok djm@
Darren Tuckerea7c8122005-01-20 11:03:08 +1100448 - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
449 [sshd.c]
450 Make debugging output continue after reexec; ok djm@
Darren Tucker611649e2005-01-20 11:05:34 +1100451 - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
452 [auth-bsdauth.c auth2-chall.c]
453 Have keyboard-interactive code call the drivers even for responses for
454 invalid logins. This allows the drivers themselves to decide how to
455 handle them and prevent leaking information where possible. Existing
456 behaviour for bsdauth is maintained by checking authctxt->valid in the
457 bsdauth driver. Note that any third-party kbdint drivers will now need
458 to be able to handle responses for invalid logins. ok markus@
Darren Tuckerd2311862005-01-20 13:27:56 +1100459 - djm@cvs.openbsd.org 2004/12/22 02:13:19
460 [cipher-ctr.c cipher.c]
461 remove fallback AES support for old OpenSSL, as OpenBSD has had it for
462 many years now; ok deraadt@
463 (Id sync only: Portable will continue to support older OpenSSLs)
Darren Tucker36a3d602005-01-20 12:43:38 +1100464 - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
465 existence via keyboard-interactive/pam, in conjunction with previous
466 auth2-chall.c change; with Colin Watson and djm.
Darren Tucker33bc3342005-01-20 22:07:29 +1100467 - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
468 bytes to prevent errors from login_init_entry() when the username is
469 exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
Darren Tucker3c660802005-01-20 22:20:50 +1100470 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
471 the list of available kbdint devices if UsePAM=no. ok djm@
Darren Tucker172a5e82005-01-20 10:55:46 +1100472
47320050118
Darren Tucker72c025d2005-01-18 12:05:18 +1100474 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
475 "make survey" and "make send-survey". This will provide data on the
476 configure parameters, platform and platform features to the development
477 team, which will allow (among other things) better targetting of testing.
478 It's entirely voluntary and is off be default. ok djm@
Darren Tucker24c710e2005-01-18 12:45:42 +1100479 - (dtucker) [survey.sh.in] Remove any blank lines from the output of
480 ccver-v and ccver-V.
Darren Tucker72c025d2005-01-18 12:05:18 +1100481
Darren Tucker8686ed72004-12-20 12:05:08 +110048220041220
483 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
484 from prngd is enabled at compile time but fails at run time, eg because
485 prngd is not running. Note that if you have prngd running when OpenSSH is
486 built, OpenSSL will consider itself internally seeded and rand-helper won't
487 be built at all unless explicitly enabled via --with-rand-helper. ok djm@
Darren Tucker5caa78b2004-12-20 12:35:42 +1100488 - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
489 on some wacky platforms (eg old AIXes), dd will refuse to create an output
490 file if it doesn't exist.
Darren Tucker8686ed72004-12-20 12:05:08 +1100491
Darren Tucker442a3832004-12-13 18:08:32 +110049220041213
493 - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
494 amarendra.godbole at ge com.
495
Darren Tucker56c95982004-12-11 13:34:56 +110049620041211
497 - (dtucker) OpenBSD CVS Sync
498 - markus@cvs.openbsd.org 2004/12/06 16:00:43
499 [bufaux.c]
500 use 0x00 not \0 since buf[] is a bignum
Darren Tucker596dcfa2004-12-11 13:37:22 +1100501 - fgsch@cvs.openbsd.org 2004/12/10 03:10:42
502 [sftp.c]
503 - fix globbed ls for paths the same lenght as the globbed path when
504 we have a unique matching.
505 - fix globbed ls in case of a directory when we have a unique matching.
506 - as a side effect, if the path does not exist error (used to silently
507 ignore).
508 - don't do extra do_lstat() if we only have one matching file.
509 djm@ ok
Darren Tuckerf0f90982004-12-11 13:39:50 +1100510 - dtucker@cvs.openbsd.org 2004/12/11 01:48:56
511 [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
512 Fix debug call in error path of authorized_keys processing and fix related
513 warnings; ok djm@
Darren Tucker56c95982004-12-11 13:34:56 +1100514
Tim Rice0f83d292004-12-08 18:29:58 -080051520041208
516 - (tim) [configure.ac] Comment some non obvious platforms in the
517 target-specific case statement. Suggested and OK by dtucker@
518
Darren Tucker641b34c2004-12-07 11:26:15 +110051920041207
520 - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
521
Darren Tuckerba2abb32004-12-06 22:40:10 +110052220041206
523 - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
Darren Tuckercd516ef2004-12-06 22:43:43 +1100524 - (dtucker) OpenBSD CVS Sync
525 - markus@cvs.openbsd.org 2004/11/25 22:22:14
526 [sftp-client.c sftp.c]
527 leak; from mpech
Darren Tucker0133a722004-12-06 22:44:32 +1100528 - jmc@cvs.openbsd.org 2004/11/29 00:05:17
529 [sftp.1]
530 missing full stop;
Darren Tuckere2f189a2004-12-06 22:45:53 +1100531 - djm@cvs.openbsd.org 2004/11/29 07:41:24
532 [sftp-client.h sftp.c]
533 Some small fixes from moritz@jodeit.org. ok deraadt@
Darren Tucker16e254d2004-12-06 22:46:45 +1100534 - jaredy@cvs.openbsd.org 2004/12/05 23:55:07
535 [sftp.1]
536 - explain that patterns can be used as arguments in get/put/ls/etc
537 commands (prodded by Michael Knudsen)
538 - describe ls flags as a list
539 - other minor improvements
540 ok jmc, djm
Darren Tucker22cc7412004-12-06 22:47:41 +1100541 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
542 [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
543 Discard over-length authorized_keys entries rather than complaining when
544 they don't decode. bz #884, with & ok djm@
Darren Tuckera3729602004-12-06 23:00:27 +1100545 - (dtucker) OpenBSD CVS Sync (regress/)
546 - djm@cvs.openbsd.org 2004/06/26 06:16:07
547 [reexec.sh]
548 don't change the name of the copied sshd for the reexec fallback test,
549 makes life simpler for portable
Darren Tuckerccf07792004-12-06 23:03:27 +1100550 - dtucker@cvs.openbsd.org 2004/07/08 12:59:35
551 [scp.sh]
552 Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@
Darren Tucker3206e572004-12-06 23:04:57 +1100553 - david@cvs.openbsd.org 2004/07/09 19:45:43
554 [Makefile]
555 add a missing CLEANFILES used in the re-exec test
Darren Tucker71b56432004-12-06 23:05:52 +1100556 - djm@cvs.openbsd.org 2004/10/08 02:01:50
557 [reexec.sh]
558 shrink and tidy; ok dtucker@
Darren Tucker124f58e2004-12-06 23:07:37 +1100559 - djm@cvs.openbsd.org 2004/10/29 23:59:22
560 [Makefile added brokenkeys.sh]
561 regression test for handling of corrupt keys in authorized_keys file
Darren Tucker79ec66e2004-12-06 23:12:15 +1100562 - djm@cvs.openbsd.org 2004/11/07 00:32:41
563 [multiplex.sh]
564 regression tests for new multiplex commands
Darren Tuckercc0603d2004-12-06 23:13:50 +1100565 - dtucker@cvs.openbsd.org 2004/11/25 09:39:27
566 [test-exec.sh]
567 Remove obsolete RhostsAuthentication from test config; ok markus@
Darren Tuckerd028fea2004-12-06 23:16:29 +1100568 - dtucker@cvs.openbsd.org 2004/12/06 10:49:56
569 [test-exec.sh]
570 Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
Darren Tuckerba2abb32004-12-06 22:40:10 +1100571
Darren Tuckere04644c2004-12-03 14:08:45 +110057220041203
573 - (dtucker) OpenBSD CVS Sync
574 - jmc@cvs.openbsd.org 2004/11/07 17:42:36
575 [ssh.1]
576 options sort, and whitespace;
Darren Tucker9c6bf322004-12-03 14:10:19 +1100577 - jmc@cvs.openbsd.org 2004/11/07 17:57:30
578 [ssh.c]
579 usage():
580 - add -O
581 - sync -S w/ manpage
582 - remove -h
Darren Tuckerc1386672004-12-03 14:33:47 +1100583 - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
584 subsequently denied by the PAM auth stack, send the PAM message to the
585 user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
586 ok djm@
Darren Tuckere04644c2004-12-03 14:08:45 +1100587
Darren Tucker2d963d82004-11-07 20:04:10 +110058820041107
589 - (dtucker) OpenBSD CVS Sync
590 - djm@cvs.openbsd.org 2004/11/05 12:19:56
591 [sftp.c]
592 command editing and history support via libedit; ok markus@
593 thanks to hshoexer@ and many testers on tech@ too
Darren Tucker7ebfc102004-11-07 20:06:19 +1100594 - djm@cvs.openbsd.org 2004/11/07 00:01:46
595 [clientloop.c clientloop.h ssh.1 ssh.c]
596 add basic control of a running multiplex master connection; including the
597 ability to check its status and request it to exit; ok markus@
Darren Tucker16bcc1c2004-11-07 20:14:34 +1100598 - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
599 option and supporting makefile bits and documentation.
Darren Tucker2d963d82004-11-07 20:04:10 +1100600
Darren Tuckerc0161342004-11-05 20:00:03 +110060120041105
602 - (dtucker) OpenBSD CVS Sync
603 - markus@cvs.openbsd.org 2004/08/30 09:18:08
604 [LICENCE]
605 s/keygen/keyscan/
Darren Tucker4e4fe002004-11-05 20:01:03 +1100606 - jmc@cvs.openbsd.org 2004/08/30 21:22:49
607 [ssh-add.1 ssh.1]
608 .Xsession -> .xsession;
609 originally from a pr from f at obiit dot org, but missed by myself;
610 ok markus@ matthieu@
Darren Tucker07336da2004-11-05 20:02:16 +1100611 - djm@cvs.openbsd.org 2004/09/07 23:41:30
612 [clientloop.c ssh.c]
613 cleanup multiplex control socket on SIGHUP too, spotted by sturm@
614 ok markus@ deraadt@
Darren Tuckere9bf9842004-11-05 20:05:32 +1100615 - deraadt@cvs.openbsd.org 2004/09/15 00:46:01
616 [ssh.c]
617 /* fallthrough */ is something a programmer understands. But
618 /* FALLTHROUGH */ is also understood by lint, so that is better.
Darren Tucker7cc5c232004-11-05 20:06:59 +1100619 - jaredy@cvs.openbsd.org 2004/09/15 03:25:41
620 [sshd_config.5]
621 mention PrintLastLog only prints last login time for interactive
622 sessions, like PrintMotd mentions.
623 From Michael Knudsen, with wording changed slightly to match the
624 PrintMotd description.
625 ok djm
Darren Tucker178fa662004-11-05 20:09:09 +1100626 - mickey@cvs.openbsd.org 2004/09/15 18:42:27
627 [sshd.c]
628 use less doubles in daemons; markus@ ok
Darren Tuckerf30e1ac2004-11-05 20:10:02 +1100629 - deraadt@cvs.openbsd.org 2004/09/15 18:46:04
630 [scp.c]
631 scratch that do { } while (0) wrapper in this case
Darren Tucker39207a42004-11-05 20:19:51 +1100632 - djm@cvs.openbsd.org 2004/09/23 13:00:04
633 [ssh.c]
634 correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
Darren Tucker3269b132004-11-05 20:20:59 +1100635 - djm@cvs.openbsd.org 2004/09/25 03:45:14
636 [sshd.c]
637 these printf args are no longer double; ok deraadt@ markus@
Darren Tucker636ca902004-11-05 20:22:00 +1100638 - djm@cvs.openbsd.org 2004/10/07 10:10:24
639 [scp.1 sftp.1 ssh.1 ssh_config.5]
640 document KbdInteractiveDevices; ok markus@
Darren Tucker1dee8682004-11-05 20:26:49 +1100641 - djm@cvs.openbsd.org 2004/10/07 10:12:36
642 [ssh-agent.c]
643 don't unlink agent socket when bind() fails, spotted by rich AT
644 rich-paul.net, ok markus@
Darren Tuckerb2694f02004-11-05 20:27:54 +1100645 - markus@cvs.openbsd.org 2004/10/20 11:48:53
646 [packet.c ssh1.h]
647 disconnect for invalid (out of range) message types.
Darren Tucker5d78de62004-11-05 20:35:44 +1100648 - djm@cvs.openbsd.org 2004/10/29 21:47:15
649 [channels.c channels.h clientloop.c]
650 fix some window size change bugs for multiplexed connections: windows sizes
651 were not being updated if they had changed after ~^Z suspends and SIGWINCH
652 was not being processed unless the first connection had requested a tty;
653 ok markus
Darren Tuckerce327b62004-11-05 20:38:03 +1100654 - djm@cvs.openbsd.org 2004/10/29 22:53:56
655 [clientloop.c misc.h readpass.c ssh-agent.c]
656 factor out common permission-asking code to separate function; ok markus@
Darren Tucker50dbe832004-11-05 20:41:24 +1100657 - djm@cvs.openbsd.org 2004/10/29 23:56:17
658 [bufaux.c bufaux.h buffer.c buffer.h]
659 introduce a new buffer API that returns an error rather than fatal()ing
660 when presented with bad data; ok markus@
Darren Tucker08d04fa2004-11-05 20:42:28 +1100661 - djm@cvs.openbsd.org 2004/10/29 23:57:05
662 [key.c]
663 use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
664 files; ok markus@
Darren Tuckerc0161342004-11-05 20:00:03 +1100665
Darren Tuckera56f1912004-11-02 20:30:54 +110066620041102
667 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
668 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
669 only if a conflict is detected.
670
Darren Tucker35beadd2004-10-19 16:33:33 +100067120041019
672 - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
673 on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
674
Damien Millerdaffc6a2004-10-16 18:52:44 +100067520041016
Damien Miller0e035d82004-10-16 18:53:28 +1000676 - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
677 ok dtucker@
Damien Millerdaffc6a2004-10-16 18:52:44 +1000678
Darren Tuckerb7d55e32004-10-06 20:09:32 +100067920041006
680 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
681 and other PAM platforms.
Darren Tuckerdbc22962004-10-06 23:15:44 +1000682 - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
683 to void * to appease picky compilers (eg Tru64's "cc -std1").
Darren Tuckerb7d55e32004-10-06 20:09:32 +1000684
Darren Tucker59f79c42004-09-30 21:17:08 +100068520040930
686 - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@
687
Darren Tucker4127f552004-09-23 21:35:09 +100068820040923
689 - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
690 which could have caused the justification to be wrong. ok djm@
691
Darren Tucker50fbb452004-09-21 21:32:12 +100069220040921
693 - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
694 ok djm@
Darren Tucker5d596132004-09-21 21:35:55 +1000695 - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
696 install process. Patch from vinschen at redhat.com.
Darren Tucker50fbb452004-09-21 21:32:12 +1000697
Damien Miller8899ed32004-09-12 15:18:55 +100069820040912
699 - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
700 No change in resultant binary
Damien Miller6b0279c2004-09-12 15:25:17 +1000701 - (djm) [loginrec.c] __func__ifiy
Damien Millerb0aae332004-09-12 15:26:00 +1000702 - (djm) [loginrec.c] xmalloc
Damien Miller2aa6d3c2004-09-12 16:53:04 +1000703 - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
704 banner. Suggested by deraadt@, ok mouring@, dtucker@
Darren Tucker623d92f2004-09-12 22:36:15 +1000705 - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
706 Partly by & ok djm@.
Damien Miller8899ed32004-09-12 15:18:55 +1000707
Damien Miller928a19a2004-09-11 15:18:05 +100070820040911
709 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
Darren Tucker69687f42004-09-11 22:17:26 +1000710 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
711 failing PAM session modules to user then exit, similar to the way
712 /etc/nologin is handled. ok djm@
Darren Tucker0a7e3c62004-09-11 22:28:01 +1000713 - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
Damien Miller47656792004-09-11 22:42:09 +1000714 - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
715 Make cygwin code more consistent with that which surrounds it
Darren Tucker77fc29e2004-09-11 23:07:03 +1000716 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
717 Bug #892: Send messages from failing PAM account modules to the client via
718 SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
719 SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
Darren Tuckera2a3ed02004-09-11 23:09:53 +1000720 - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@
Darren Tuckera0c2b392004-09-11 23:26:37 +1000721 - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
722 Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
Darren Tucker5614d8f2004-09-11 23:32:09 +1000723 - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
724 at anl.gov, ok djm@
Damien Miller928a19a2004-09-11 15:18:05 +1000725
Darren Tucker14c372d2004-08-30 20:42:08 +100072620040830
727 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
728 copy required environment variables on Cygwin. Patch from vinschen at
729 redhat.com, ok djm@
Darren Tucker476b7ec2004-08-30 21:13:49 +1000730 - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
731 vinschen at redhat.com.
Darren Tucker25a12342004-08-30 21:33:02 +1000732 - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
733 of shell constructs. Patch from cjwatson at debian.org.
Darren Tucker14c372d2004-08-30 20:42:08 +1000734
Darren Tuckerf00e51d2004-08-29 16:12:29 +100073520040829
736 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
737 failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
738 From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
Darren Tuckerf4b43712004-08-29 16:28:39 +1000739 - (dtucker) OpenBSD CVS Sync
740 - djm@cvs.openbsd.org 2004/08/23 11:48:09
741 [authfile.c]
742 fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
Darren Tuckere6ed8392004-08-29 16:29:44 +1000743 - djm@cvs.openbsd.org 2004/08/23 11:48:47
744 [channels.c]
745 typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
Darren Tucker27a8f6b2004-08-29 16:31:28 +1000746 - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
747 [ssh-keysign.c ssh.c]
748 Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
749 change in Portable; ok markus@ (CVS ID sync only)
Darren Tucker34620d62004-08-29 16:32:59 +1000750 - dtucker@cvs.openbsd.org 2004/08/23 14:29:23
751 [ssh-keysign.c]
752 Remove duplicate getuid(), suggested by & ok markus@
Darren Tuckerdb693902004-08-29 16:37:24 +1000753 - markus@cvs.openbsd.org 2004/08/26 16:00:55
754 [ssh.1 sshd.8]
755 get rid of references to rhosts authentication; with jmc@
Darren Tucker0f56ed12004-08-29 16:38:41 +1000756 - djm@cvs.openbsd.org 2004/08/28 01:01:48
757 [sshd.c]
758 don't erroneously close stdin for !reexec case, from Dave Johnson;
759 ok markus@
Darren Tucker48d99d32004-08-29 17:04:50 +1000760 - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
761 fixes configure warning on Solaris reported by wknox at mitre.org.
Darren Tucker2a81adc2004-08-29 17:09:34 +1000762 - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
763 support FD passing since multiplex requires it. Noted by tim@
Darren Tucker07d30e42004-08-29 17:14:31 +1000764 - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
765 down, needed on some platforms, should be harmless on others. Patch from
766 jason at devrandom.org.
Darren Tucker0521dcb2004-08-29 19:39:09 +1000767 - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
768 files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
Darren Tucker2a502ff2004-08-29 19:52:32 +1000769 - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
770 builds too, from vinschen at redhat.com.
Darren Tuckerb17035f2004-08-29 20:33:07 +1000771 - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
772 too; patch from cmadams at hiwaay.net.
Darren Tuckercf59d312004-08-29 21:18:09 +1000773 - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
Darren Tucker5a88d002004-08-29 21:43:33 +1000774 - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
775 accounts with authentication configs that sshd can't support (ie
776 SYSTEM=NONE and AUTH1=something).
Darren Tuckerf00e51d2004-08-29 16:12:29 +1000777
Darren Tuckerf0c2aea2004-08-28 15:46:57 +100077820040828
Darren Tucker11bdc012004-08-28 16:17:35 +1000779 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
780 vinschen at redhat.com.
Darren Tuckerf0c2aea2004-08-28 15:46:57 +1000781
Damien Miller7daf0442004-08-23 21:52:08 +100078220040823
783 - (djm) [ssh-rand-helper.c] Typo. Found by
784 Martin.Kraemer AT Fujitsu-Siemens.com
Damien Millerb0419f22004-08-23 21:53:28 +1000785 - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
786 Martin.Kraemer AT Fujitsu-Siemens.com
Damien Miller7daf0442004-08-23 21:52:08 +1000787
Darren Tuckerbad5f2d2004-08-17 22:31:32 +100078820040817
789 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
Damien Miller87c9cca2004-08-17 22:47:41 +1000790 - (djm) OpenBSD CVS Sync
791 - markus@cvs.openbsd.org 2004/08/16 08:17:01
792 [version.h]
793 3.9
Damien Millerd5452852004-08-17 22:49:12 +1000794 - (djm) Crank RPM spec version numbers
Damien Millere17cc752004-08-17 22:50:40 +1000795 - (djm) Release 3.9p1
Darren Tuckerbad5f2d2004-08-17 22:31:32 +1000796
Darren Tucker21dd0892004-08-16 23:12:05 +100079720040816
798 - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
799 to convince Solaris PAM to honour password complexity rules. ok djm@
800
Darren Tucker25f60a72004-08-15 17:23:34 +100080120040815
802 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
803 it does the right thing on all platforms. ok djm@
Damien Miller36f49652004-08-15 18:40:59 +1000804 - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
805 openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
806 openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
807 closefrom() replacement from sudo; ok dtucker@
Damien Miller81409592004-08-15 19:12:52 +1000808 - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
Darren Tucker0cbc3c62004-08-15 21:01:37 +1000809 - (dtucker) [Makefile.in] Fix typo.
Darren Tucker25f60a72004-08-15 17:23:34 +1000810
Darren Tucker06696932004-08-14 23:55:37 +100081120040814
812 - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
813 Explicitly set umask for mkstemp; ok djm@
Darren Tucker3d50c9b2004-08-15 00:01:48 +1000814 - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
815 prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
Darren Tucker397a2f22004-08-15 00:09:11 +1000816 - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
817 Plug AIX login recording into login_write so logins will be recorded for
818 all auth types.
Darren Tucker06696932004-08-14 23:55:37 +1000819
Darren Tucker03669a32004-08-13 18:37:21 +100082020040813
821 - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
822 redhat.com
Darren Tuckerc7a6fc42004-08-13 21:18:00 +1000823- (dtucker) OpenBSD CVS Sync
824 - avsm@cvs.openbsd.org 2004/08/11 21:43:05
825 [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
826 some signed/unsigned int comparison cleanups; markus@ ok
Darren Tuckerfe6649d2004-08-13 21:19:37 +1000827 - avsm@cvs.openbsd.org 2004/08/11 21:44:32
828 [authfd.c scp.c ssh-keyscan.c]
829 use atomicio instead of homegrown equivalents or read/write.
830 markus@ ok
Darren Tuckerbcf27972004-08-13 21:21:47 +1000831 - djm@cvs.openbsd.org 2004/08/12 09:18:24
832 [sshlogin.c]
833 typo in error message, spotted by moritz AT jodeit.org (Id sync only)
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000834 - jakob@cvs.openbsd.org 2004/08/12 21:41:13
835 [ssh-keygen.1 ssh.1]
836 improve SSHFP documentation; ok deraadt@
Darren Tucker6e370372004-08-13 21:23:25 +1000837 - jmc@cvs.openbsd.org 2004/08/13 00:01:43
838 [ssh-keygen.1]
839 kill whitespace at eol;
Darren Tucker1ef0bc02004-08-13 21:29:02 +1000840 - djm@cvs.openbsd.org 2004/08/13 02:51:48
841 [monitor_fdpass.c]
842 extra check for no message case; ok markus, deraadt, hshoexer, henning
Darren Tucker137e9c92004-08-13 21:30:24 +1000843 - dtucker@cvs.openbsd.org 2004/08/13 11:09:24
844 [servconf.c]
845 Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
846 ok markus@, djm@
Darren Tucker03669a32004-08-13 18:37:21 +1000847
Darren Tucker8ae66a52004-08-12 22:16:55 +100084820040812
849 - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
Darren Tucker6832b832004-08-12 22:36:51 +1000850 - (dtucker) OpenBSD CVS Sync
851 - markus@cvs.openbsd.org 2004/07/28 08:56:22
852 [sshd.c]
853 call setsid() _before_ re-exec
Darren Tucker5cb30ad2004-08-12 22:40:24 +1000854 - markus@cvs.openbsd.org 2004/07/28 09:40:29
855 [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
856 sshconnect1.c]
857 more s/illegal/invalid/
Darren Tucker9a2bd112004-08-12 22:40:59 +1000858 - djm@cvs.openbsd.org 2004/08/04 10:37:52
859 [dh.c]
860 return group14 when no primes found - fixes hang on empty /etc/moduli;
861 ok markus@
Darren Tucker9fbac712004-08-12 22:41:44 +1000862 - dtucker@cvs.openbsd.org 2004/08/11 11:09:54
863 [servconf.c]
864 Fix minor leak; "looks right" deraadt@
Darren Tuckerd8835932004-08-12 22:42:29 +1000865 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
866 [sshd.c]
867 Don't try to close startup_pipe if it's not open; ok djm@
Darren Tucker9c5049a2004-08-12 22:49:00 +1000868 - djm@cvs.openbsd.org 2004/08/11 11:59:22
869 [sshlogin.c]
870 check that lseek went were we told it to; ok markus@
871 (Id sync only, but similar changes are needed in loginrec.c)
Darren Tucker133b7572004-08-12 22:50:03 +1000872 - djm@cvs.openbsd.org 2004/08/11 12:01:16
873 [sshlogin.c]
874 make store_lastlog_message() static to appease -Wall; ok markus
Darren Tuckereb578622004-08-12 23:08:14 +1000875 - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
876 messages generated before the postauth privsep split.
Darren Tucker8ae66a52004-08-12 22:16:55 +1000877
Damien Millerb5a21442004-07-21 20:44:05 +100087820040720
Damien Millera22f2d72004-07-21 20:48:24 +1000879 - (djm) OpenBSD CVS Sync
880 - markus@cvs.openbsd.org 2004/07/21 08:56:12
881 [auth.c]
882 s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
883 miod, ...
Damien Miller30d1f842004-07-21 20:48:53 +1000884 - djm@cvs.openbsd.org 2004/07/21 10:33:31
885 [auth1.c auth2.c]
886 bz#899: Don't display invalid usernames in setproctitle
Damien Miller10a445b2004-07-21 20:49:39 +1000887 from peak AT argo.troja.mff.cuni.cz; ok markus@
888 - djm@cvs.openbsd.org 2004/07/21 10:36:23
889 [gss-serv-krb5.c]
890 fix function declaration
Damien Miller0670c732004-07-21 21:53:34 +1000891 - djm@cvs.openbsd.org 2004/07/21 11:51:29
892 [canohost.c]
893 bz#902: cache remote port so we don't fatal() in auth_log when remote
894 connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
895 ok markus@
Damien Miller2d2ed3d2004-07-21 20:54:47 +1000896 - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
897 usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
Damien Millera22f2d72004-07-21 20:48:24 +1000898
89920040720
Damien Miller23a70272004-07-21 10:52:13 +1000900 - (djm) [log.c] bz #111: Escape more control characters when sending data
901 to syslog; from peak AT argo.troja.mff.cuni.cz
Damien Miller8fe01052004-07-21 11:01:41 +1000902 - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
903 peak AT argo.troja.mff.cuni.cz
Damien Millerb5a21442004-07-21 20:44:05 +1000904 - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
905 that sshd is fixed to behave better; suggested by tim
Damien Miller23a70272004-07-21 10:52:13 +1000906
90720040719
Damien Miller65df1742004-07-19 09:30:38 +1000908 - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
909 ok dtucker@
Damien Millera6fb77f2004-07-19 09:39:11 +1000910 - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
911 instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
Tim Rice816bd0d2004-07-19 10:19:26 -0700912 - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
913 Report by rac AT tenzing.org
Damien Miller65df1742004-07-19 09:30:38 +1000914
Darren Tuckerba6de952004-07-17 14:07:42 +100091520040717
916 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
917 ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
918 openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
919 diff vs OpenBSD; ok mouring@, tested by tim@ too.
Darren Tuckerfc959702004-07-17 16:12:08 +1000920 - (dtucker) OpenBSD CVS Sync
921 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
922 [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
923 readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
924 session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
925 sshd.c ttymodes.h]
926 spaces
Darren Tucker3ca45082004-07-17 16:13:15 +1000927 - brad@cvs.openbsd.org 2004/07/12 23:34:25
928 [ssh-keyscan.1]
929 Fix incorrect macro, .I -> .Em
930 From: Eric S. Raymond <esr at thyrsus dot com>
931 ok jmc@
Darren Tucker09991742004-07-17 17:05:14 +1000932 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
933 [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
934 Move "Last logged in at.." message generation to the monitor, right
935 before recording the new login. Fixes missing lastlog message when
936 /var/log/lastlog is not world-readable and incorrect datestamp when
937 multiple sessions are used (bz #463); much assistance & ok markus@
Darren Tuckerba6de952004-07-17 14:07:42 +1000938
Darren Tucker5d423f42004-07-11 16:54:08 +100093920040711
940 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
941 the monitor to properly clean up the PAM thread (Debian bug #252676).
942
Tim Rice3b376f02004-07-09 10:45:26 -070094320040709
944 - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
945 vinschen AT redhat.com
946
Darren Tuckercd99fa02004-07-08 23:08:26 +100094720040708
948 - (dtucker) OpenBSD CVS Sync
949 - dtucker@cvs.openbsd.org 2004/07/03 05:11:33
950 [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
951 Use '\0' not 0 for string; ok djm@, deraadt@
Darren Tucker042e2e82004-07-08 23:09:42 +1000952 - dtucker@cvs.openbsd.org 2004/07/03 11:02:25
953 [monitor_wrap.c]
954 Put s/key functions inside #ifdef SKEY same as monitor.c,
955 from des@freebsd via bz #330, ok markus@
Darren Tuckere1f17052004-07-08 23:11:44 +1000956 - dtucker@cvs.openbsd.org 2004/07/08 12:47:21
957 [scp.c]
958 Prevent scp from skipping the file following a double-error.
959 bz #863, ok markus@
Darren Tuckercd99fa02004-07-08 23:08:26 +1000960
Darren Tuckerd062da52004-07-02 18:43:09 +100096120040702
962 - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by
963 strube at physik3.gwdg.de a long time ago.
964
Darren Tucker0a44d1e2004-07-01 09:48:29 +100096520040701
966 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
967 Ensures messages from PAM modules are displayed when privsep=no.
Darren Tuckere2ba9c22004-07-01 12:38:14 +1000968 - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
969 warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
Darren Tucker1f7e4082004-07-01 14:00:14 +1000970 - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
971 to pam_authenticate for challenge-response auth too. Originally from
972 fcusack at fcusack.com, ok djm@
Tim Ricea5757f02004-07-01 20:41:15 -0700973 - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
974 the same version. Handle the case where someone uses --with-privsep-user=
975 and the user name does not match the group name. ok dtucker@
Darren Tucker0a44d1e2004-07-01 09:48:29 +1000976
Darren Tucker59e06022004-06-30 20:34:31 +100097720040630
978 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
979 appdata_ptr to the conversation function. ok djm@
Damien Miller5d1eceb2004-06-30 22:37:57 +1000980 - (djm) OpenBSD CVS Sync
981 - jmc@cvs.openbsd.org 2004/06/26 09:03:21
982 [ssh.1]
983 - remove double word
984 - rearrange .Bk to keep SYNOPSIS nice
985 - -M before -m in options description
Damien Miller2234bac2004-06-30 22:38:52 +1000986 - jmc@cvs.openbsd.org 2004/06/26 09:11:14
987 [ssh_config.5]
988 punctuation and grammar fixes. also, keep the options in order.
Damien Miller26213e52004-06-30 22:39:34 +1000989 - jmc@cvs.openbsd.org 2004/06/26 09:14:40
990 [sshd_config.5]
991 new sentence, new line;
Damien Miller386c6a22004-06-30 22:40:20 +1000992 - avsm@cvs.openbsd.org 2004/06/26 20:07:16
993 [sshd.c]
994 initialise some fd variables to -1, djm@ ok
Damien Millera6b1d162004-06-30 22:41:07 +1000995 - djm@cvs.openbsd.org 2004/06/30 08:36:59
996 [session.c]
997 unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
Darren Tucker59e06022004-06-30 20:34:31 +1000998
Tim Rice52879022004-06-27 20:50:35 -070099920040627
1000 - (tim) update README files.
Darren Tucker58cef1f2004-06-28 15:45:08 +10001001 - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros.
Darren Tuckerf9eb2b02004-06-28 15:52:50 +10001002 - (dtucker) [regress/README.regress] Document new variables.
Darren Tuckere59b5082004-06-28 16:01:19 +10001003 - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
1004 rename handling for Linux which returns EPERM for link() on (at least some)
1005 filesystems that do not support hard links. sftp-server will fall back to
1006 stat+rename() in such cases.
Darren Tucker5288cb22004-06-28 18:11:19 +10001007 - (dtucker) [openbsd-compat/port-aix.c] Missing __func__.
Tim Rice52879022004-06-27 20:50:35 -07001008
Damien Miller035a5b42004-06-26 08:16:31 +1000100920040626
1010 - (djm) OpenBSD CVS Sync
1011 - djm@cvs.openbsd.org 2004/06/25 18:43:36
1012 [sshd.c]
1013 fix broken fd handling in the re-exec fallback path, particularly when
1014 /dev/crypto is in use; ok deraadt@ markus@
Damien Miller96d6d7d2004-06-26 09:21:06 +10001015 - djm@cvs.openbsd.org 2004/06/25 23:21:38
1016 [sftp.c]
1017 bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de
Damien Miller035a5b42004-06-26 08:16:31 +10001018
Darren Tucker645ab752004-06-25 13:33:20 +1000101920040625
1020 - (dtucker) OpenBSD CVS Sync
1021 - djm@cvs.openbsd.org 2004/06/24 19:30:54
1022 [servconf.c servconf.h sshd.c]
1023 re-exec sshd on accept(); initial work, final debugging and ok markus@
Darren Tucker586b0b92004-06-25 13:34:31 +10001024 - djm@cvs.openbsd.org 2004/06/25 01:16:09
1025 [sshd.c]
1026 only perform tcp wrappers checks when the incoming connection is on a
1027 socket. silences useless warnings from regress tests that use
1028 proxycommand="sshd -i". prompted by david@ ok markus@
Darren Tucker977a9d22004-06-25 13:45:18 +10001029 - djm@cvs.openbsd.org 2004/06/24 19:32:00
1030 [regress/Makefile regress/test-exec.sh, added regress/reexec.sh]
1031 regress test for re-exec corner cases
Darren Tuckeref3b47a2004-06-25 13:46:08 +10001032 - djm@cvs.openbsd.org 2004/06/25 01:25:12
1033 [regress/test-exec.sh]
1034 clean reexec-specific junk out of text-exec.sh and simplify; idea markus@
Darren Tuckeraedc1d62004-06-25 17:06:02 +10001035 - dtucker@cvs.openbsd.org 2004/06/25 05:38:48
1036 [sftp-server.c]
1037 Fall back to stat+rename if filesystem doesn't doesn't support hard
1038 links. bz#823, ok djm@
Darren Tucker60bd4092004-06-25 14:03:34 +10001039 - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h]
1040 Add closefrom() for platforms that don't have it.
Darren Tucker17c5d032004-06-25 14:22:23 +10001041 - (dtucker) [sshd.c] add line missing from reexec sync.
Darren Tucker645ab752004-06-25 13:33:20 +10001042
Darren Tuckera8c73d32004-06-23 09:17:54 +1000104320040623
1044 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
1045 connections with empty passwords. Patch from davidwu at nbttech.com,
1046 ok djm@
Darren Tucker6eabe642004-06-23 09:23:58 +10001047 - (dtucker) OpenBSD CVS Sync
1048 - dtucker@cvs.openbsd.org 2004/06/22 22:42:02
1049 [regress/envpass.sh]
1050 Add quoting for test -z; ok markus@
Darren Tucker6223eea2004-06-23 09:25:02 +10001051 - dtucker@cvs.openbsd.org 2004/06/22 22:45:52
1052 [regress/test-exec.sh]
1053 Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
1054 arbitary options to sshd_config and ssh_config during tests. ok markus@
Darren Tucker3b9c0ad2004-06-23 09:28:20 +10001055 - dtucker@cvs.openbsd.org 2004/06/22 22:55:56
1056 [regress/dynamic-forward.sh regress/test-exec.sh]
1057 Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
Darren Tuckerede07fb2004-06-24 00:33:48 +10001058 - mouring@cvs.openbsd.org 2004/06/23 00:39:38
1059 [rijndael.c]
1060 -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@
Darren Tuckerb5bc1a62004-06-24 00:34:53 +10001061 - dtucker@cvs.openbsd.org 2004/06/23 14:31:01
1062 [ssh.c]
1063 Fix counting in master/slave when passing environment variables; ok djm@
Darren Tuckere5a604f2004-06-23 12:28:31 +10001064 - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match
1065 -Wshadow change.
Ben Lindstromca372192004-06-23 04:04:45 +00001066 - (bal) [Makefile.in] Remove opensshd.init on 'make distclean'
Darren Tucker0a9d43d2004-06-23 13:45:24 +10001067 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
1068 Move loginrestrictions test to port-aix.c, replace with a generic hook.
Tim Riceaf4ab6c2004-06-22 20:53:02 -07001069 - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable.
Ben Lindstromca372192004-06-23 04:04:45 +00001070 - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added
1071 reference to "findssl.sh"
Darren Tuckera8c73d32004-06-23 09:17:54 +10001072
Darren Tucker365433f2004-06-22 12:29:23 +1000107320040622
1074 - (dtucker) OpenBSD CVS Sync
1075 - djm@cvs.openbsd.org 2004/06/20 17:36:59
1076 [ssh.c]
1077 filter passed env vars at slave in connection sharing case; ok markus@
Darren Tuckerb215c5d2004-06-22 12:30:53 +10001078 - djm@cvs.openbsd.org 2004/06/20 18:53:39
1079 [sftp.c]
1080 make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
1081 (like /bin/ls); idea & ok markus@
Darren Tuckerb357afc2004-06-22 12:31:23 +10001082 - djm@cvs.openbsd.org 2004/06/20 19:28:12
1083 [sftp.1]
1084 mention new -n flag
Darren Tucker3f9fdc72004-06-22 12:56:01 +10001085 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
1086 [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
1087 cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
1088 monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
1089 ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
1090 sshpty.c]
1091 make ssh -Wshadow clean, no functional changes
1092 markus@ ok
Darren Tucker723e9452004-06-22 12:57:08 +10001093 - djm@cvs.openbsd.org 2004/06/21 17:53:03
1094 [session.c]
1095 fix fd leak for multiple subsystem connections; with markus@
Darren Tuckerefa62f92004-06-22 12:57:44 +10001096 - djm@cvs.openbsd.org 2004/06/21 22:02:58
1097 [log.h]
1098 mark fatal and cleanup exit as __dead; ok markus@
Darren Tuckerb9123452004-06-22 13:06:45 +10001099 - djm@cvs.openbsd.org 2004/06/21 22:04:50
1100 [sftp.c]
1101 introduce sorting for ls, same options as /bin/ls; ok markus@
Darren Tuckera4e9ffa2004-06-22 13:07:58 +10001102 - djm@cvs.openbsd.org 2004/06/21 22:30:45
1103 [sftp.c]
1104 prefix ls option flags with LS_
Darren Tucker15ca6e82004-06-22 13:08:21 +10001105 - djm@cvs.openbsd.org 2004/06/21 22:41:31
1106 [sftp.1]
1107 document sort options
Darren Tucker9a526452004-06-22 13:09:55 +10001108 - djm@cvs.openbsd.org 2004/06/22 01:16:39
1109 [sftp.c]
1110 don't show .files by default in ls, add -a option to turn them back on;
1111 ok markus
Darren Tucker430c6a12004-06-22 13:38:56 +10001112 - markus@cvs.openbsd.org 2004/06/22 03:12:13
1113 [regress/envpass.sh regress/multiplex.sh]
1114 more portable env passing tests
Darren Tuckerb09b6772004-06-22 15:06:46 +10001115 - dtucker@cvs.openbsd.org 2004/06/22 05:05:45
1116 [monitor.c monitor_wrap.c]
1117 Change login->username, will prevent -Wshadow errors in Portable;
1118 ok markus@
Darren Tucker5e4e2722004-06-22 13:26:00 +10001119 - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket".
Darren Tucker59bf4a92004-06-22 13:27:16 +10001120 - (dtucker) [defines.h] Define __dead if not already defined.
Ben Lindstromca372192004-06-23 04:04:45 +00001121 - (bal) [auth-passwd.c auth1.c] Clean up unused variables.
Darren Tucker365433f2004-06-22 12:29:23 +10001122
Tim Ricef7ba8f62004-06-20 10:37:32 -0700112320040620
1124 - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
1125
Darren Tucker17db1c42004-06-19 12:54:38 +1000112620040619
1127 - (dtucker) [auth-pam.c] Don't use PAM namespace for
1128 pam_password_change_required either.
Tim Rice5af9db92004-06-19 19:31:06 -07001129 - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd
1130 init script to top level directory. Add opensshd.init.in.
1131 Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in
Darren Tucker17db1c42004-06-19 12:54:38 +10001132
Damien Miller3756dce2004-06-18 01:17:29 +1000113320040618
1134 - (djm) OpenBSD CVS Sync
1135 - djm@cvs.openbsd.org 2004/06/17 14:52:48
1136 [clientloop.c clientloop.h ssh.c]
1137 support environment passing over shared connections; ok markus@
Damien Miller23f07702004-06-18 01:19:03 +10001138 - djm@cvs.openbsd.org 2004/06/17 15:10:14
1139 [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
1140 Add option for confirmation (ControlMaster=ask) via ssh-askpass before
1141 opening shared connections; ok markus@
Damien Millere826a8c2004-06-18 01:23:03 +10001142 - djm@cvs.openbsd.org 2004/06/17 14:53:27
1143 [regress/multiplex.sh]
1144 shared connection env passing regress test
Darren Tucker13fbe572004-06-18 14:14:43 +10001145 - (dtucker) [regress/README.regress] Add detail on how to run a single
1146 test from the top-level Makefile.
Darren Tuckerba5c5922004-06-18 16:22:39 +10001147 - (dtucker) OpenBSD CVS Sync
1148 - djm@cvs.openbsd.org 2004/06/17 23:56:57
1149 [ssh.1 ssh.c]
1150 sync usage() and SYNPOSIS with connection sharing changes
Darren Tuckerbd12f172004-06-18 16:23:43 +10001151 - dtucker@cvs.openbsd.org 2004/06/18 06:13:25
1152 [sftp.c]
1153 Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@
Darren Tucker6288dc12004-06-18 16:25:35 +10001154 - dtucker@cvs.openbsd.org 2004/06/18 06:15:51
1155 [multiplex.sh]
1156 Use -S for scp/sftp to force the use of the ssh being tested.
1157 ok djm@,markus@
Damien Miller0809e232004-06-18 22:20:57 +10001158 - (djm) OpenBSD CVS Sync
1159 - djm@cvs.openbsd.org 2004/06/18 10:40:19
1160 [ssh.c]
1161 delay signal handler setup until we have finished talking to the master.
1162 allow interrupting of setup (e.g. if master is stuck); ok markus@
Damien Millerb8ea2482004-06-18 22:21:55 +10001163 - markus@cvs.openbsd.org 2004/06/18 10:55:43
1164 [ssh.1 ssh.c]
1165 trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask';
1166 ok djm
Damien Miller3bbd8782004-06-18 22:23:22 +10001167 - djm@cvs.openbsd.org 2004/06/18 11:11:54
1168 [channels.c clientloop.c]
1169 Don't explode in clientloop when we receive a bogus channel id, but
1170 also don't generate them to begin with; ok markus@
Damien Miller3756dce2004-06-18 01:17:29 +10001171
Darren Tucker8a2f1b32004-06-17 15:18:32 +1000117220040617
1173 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
1174 platforms), so test if diff understands it. Pointed out by tim@, ok djm@
Darren Tuckerddea13d2004-06-17 16:27:43 +10001175 - (dtucker) OpenBSD CVS Sync regress/
1176 - dtucker@cvs.openbsd.org 2004/06/17 05:51:59
1177 [regress/multiplex.sh]
1178 Remove datafile between and after tests, kill sshd rather than wait;
1179 ok djm@
Darren Tuckerffaa6a52004-06-17 16:32:45 +10001180 - dtucker@cvs.openbsd.org 2004/06/17 06:00:05
1181 [regress/multiplex.sh]
1182 Use DATA and COPY for test data rather than hard-coded paths; ok djm@
Darren Tucker3e86fc42004-06-17 16:34:02 +10001183 - dtucker@cvs.openbsd.org 2004/06/17 06:19:06
1184 [regress/multiplex.sh]
1185 Add small description of failing test to failure message; ok djm@
Darren Tucker10e7f192004-06-17 16:36:27 +10001186 - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need
1187 it.
Darren Tuckera9972e12004-06-17 17:01:21 +10001188 - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not
1189 enough for slow systems, especially if they don't have a kernel RNG).
Darren Tucker8a2f1b32004-06-17 15:18:32 +10001190
Darren Tuckera7ea5462004-06-16 12:01:15 +1000119120040616
1192 - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
1193 code changes.
Darren Tucker4c37ef02004-06-16 20:08:56 +10001194 - (dtucker) OpenBSD CVS Sync regress/
1195 - djm@cvs.openbsd.org 2004/04/27 09:47:30
Darren Tucker9fe95da2004-06-16 20:33:55 +10001196 [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
Darren Tucker4c37ef02004-06-16 20:08:56 +10001197 regress test for environment passing, SendEnv & AcceptEnv options;
1198 ok markus@
Darren Tucker50433a92004-06-16 20:15:59 +10001199 - dtucker@cvs.openbsd.org 2004/06/13 13:51:02
Darren Tucker9fe95da2004-06-16 20:33:55 +10001200 [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh
1201 regress/scp.sh]
Darren Tucker50433a92004-06-16 20:15:59 +10001202 Add scp regression test; with & ok markus@
Darren Tuckere7d05832004-06-16 20:22:22 +10001203 - djm@cvs.openbsd.org 2004/06/13 15:04:08
Darren Tucker9fe95da2004-06-16 20:33:55 +10001204 [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
Darren Tuckere7d05832004-06-16 20:22:22 +10001205 regress test for client multiplexing; ok markus@
Darren Tuckera4039562004-06-16 20:31:18 +10001206 - djm@cvs.openbsd.org 2004/06/13 15:16:54
1207 [regress/test-exec.sh]
1208 remove duplicate setting of $SCP; spotted by markus@
Darren Tucker6f0e35b2004-06-16 23:22:37 +10001209 - dtucker@cvs.openbsd.org 2004/06/16 13:15:09
1210 [regress/scp.sh]
1211 Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@
Darren Tucker5711dca2004-06-16 23:23:50 +10001212 - dtucker@cvs.openbsd.org 2004/06/16 13:16:40
Darren Tuckeraf161542004-06-16 23:24:19 +10001213 [regress/multiplex.sh]
Darren Tucker5711dca2004-06-16 23:23:50 +10001214 Silence multiplex sftp and scp tests. ok markus@
Darren Tucker7a06f622004-06-16 21:08:32 +10001215 - (dtucker) [regress/test-exec.sh]
1216 Move Portable-only StrictModes to top of list to make syncs easier.
1217 - (dtucker) [regress/README.regress]
1218 Add $TEST_SHELL to readme.
Darren Tuckera7ea5462004-06-16 12:01:15 +10001219
Damien Miller350327c2004-06-15 10:24:13 +1000122020040615
1221 - (djm) OpenBSD CVS Sync
1222 - djm@cvs.openbsd.org 2004/05/26 08:59:57
1223 [sftp.c]
1224 exit -> _exit in forked child on error; from andrushock AT korovino.net
Damien Miller3e4dffb2004-06-15 10:27:15 +10001225 - markus@cvs.openbsd.org 2004/05/26 23:02:39
1226 [channels.c]
1227 missing freeaddrinfo; Andrey Matveev
Damien Miller33793852004-06-15 10:27:55 +10001228 - dtucker@cvs.openbsd.org 2004/05/27 00:50:13
1229 [readconf.c]
1230 Kill dead code after fatal(); ok djm@
Damien Miller16ea6492004-06-15 10:28:24 +10001231 - dtucker@cvs.openbsd.org 2004/06/01 14:20:45
1232 [auth2-chall.c]
1233 Remove redundant #include; ok markus@
Damien Miller7cf17eb2004-06-15 10:28:56 +10001234 - pedro@cvs.openbsd.org 2004/06/03 12:22:20
1235 [sftp-client.c sftp.c]
1236 initialize pointers, ok markus@
Damien Millerf675fc42004-06-15 10:30:09 +10001237 - djm@cvs.openbsd.org 2004/06/13 12:53:24
1238 [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
1239 [ssh-keyscan.c sshconnect2.c sshd.c]
1240 implement diffie-hellman-group14-sha1 kex method (trivial extension to
1241 existing diffie-hellman-group1-sha1); ok markus@
Damien Miller05202ff2004-06-15 10:30:39 +10001242 - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
1243 [ssh.1 ssh_config.5 sshd_config.5]
1244 List supported ciphers in man pages, tidy up ssh -c;
1245 "looks fine" jmc@, ok markus@
Damien Miller0e220db2004-06-15 10:34:08 +10001246 - djm@cvs.openbsd.org 2004/06/13 15:03:02
1247 [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
1248 [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
1249 implement session multiplexing in the client (the server has supported
1250 this since 2.0); ok markus@
Damien Miller232711f2004-06-15 10:35:30 +10001251 - djm@cvs.openbsd.org 2004/06/14 01:44:39
1252 [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
1253 [sshd.c]
Damien Miller03e66f62004-06-15 15:47:51 +10001254 set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
1255 - djm@cvs.openbsd.org 2004/06/15 05:45:04
1256 [clientloop.c]
1257 missed one unset_nonblock; spotted by Tim Rice
Damien Miller5e6f4db2004-06-15 10:44:40 +10001258 - (djm) Fix Makefile.in for connection sharing changes
Damien Miller07b6ff12004-06-15 11:14:45 +10001259 - (djm) [ssh.c] Use separate var for address length
Damien Miller350327c2004-06-15 10:24:13 +10001260
Darren Tucker94befab2004-06-03 14:53:12 +1000126120040603
1262 - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
1263 ok djm@
1264
Damien Miller26314f62004-06-01 11:28:20 +1000126520040601
1266 - (djm) [auth-pam.c] Add copyright for local changes
1267
Darren Tucker450a1582004-05-30 20:43:59 +1000126820040530
Darren Tuckere061b152004-05-30 22:04:56 +10001269 - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM
Darren Tucker450a1582004-05-30 20:43:59 +10001270 support for PasswordAuthentication=yes. ok djm@
Darren Tuckere061b152004-05-30 22:04:56 +10001271 - (dtucker) [auth-pam.c] Use an invalid password for root if
1272 PermitRootLogin != yes or the login is invalid, to prevent leaking
1273 information. Based on Openwall's owl-always-auth patch. ok djm@
Tim Rice6f1f7582004-05-30 21:38:51 -07001274 - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
1275 - (tim) [buildpkg.sh.in] New file. A more flexible version of
1276 contrib/solaris/buildpkg.sh used for "make package".
Tim Rice2d2b9f72004-05-30 21:48:40 -07001277 - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file.
Darren Tucker450a1582004-05-30 20:43:59 +10001278
Darren Tucker0ffe6382004-05-27 09:59:31 +1000127920040527
1280 - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
1281 contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
1282 and Jim Knoble's email address , from Jim himself.
1283
Darren Tuckercdf547a2004-05-24 10:12:19 +1000128420040524
1285 - (dtucker) OpenBSD CVS Sync
1286 - djm@cvs.openbsd.org 2004/05/19 12:17:33
1287 [sftp-client.c sftp.c]
1288 gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
1289 waiting for a command; ok markus@
Darren Tuckere1675822004-05-24 10:13:07 +10001290 - dtucker@cvs.openbsd.org 2004/05/20 10:58:05
1291 [clientloop.c]
1292 Trivial type fix 0 -> '\0'; ok markus@
Darren Tuckere4ab1152004-05-24 10:14:24 +10001293 - markus@cvs.openbsd.org 2004/05/21 08:43:03
1294 [kex.h moduli.c tildexpand.c]
1295 add prototypes for -Wall; ok djm
Darren Tuckere7066df2004-05-24 10:18:05 +10001296 - djm@cvs.openbsd.org 2004/05/21 11:33:11
1297 [channels.c channels.h clientloop.c serverloop.c ssh.1]
Darren Tuckerb53355e2004-05-24 11:55:36 +10001298 bz #756: add support for the cancel-tcpip-forward request for the server
1299 and the client (through the ~C commandline). reported by z3p AT
1300 twistedmatrix.com; ok markus@
Darren Tucker1973c882004-05-24 10:34:36 +10001301 - djm@cvs.openbsd.org 2004/05/22 06:32:12
1302 [clientloop.c ssh.1]
1303 use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
Darren Tuckere534e122004-05-24 10:35:14 +10001304 - jmc@cvs.openbsd.org 2004/05/22 16:01:05
1305 [ssh.1]
1306 kill whitespace at eol;
Darren Tucker89413db2004-05-24 10:36:23 +10001307 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
Darren Tuckerb53355e2004-05-24 11:55:36 +10001308 [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
1309 sshd_config.5]
Darren Tucker89413db2004-05-24 10:36:23 +10001310 Add MaxAuthTries sshd config option; ok markus@
Darren Tuckerb53355e2004-05-24 11:55:36 +10001311 - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
1312 is terminated if the privsep slave exits during keyboard-interactive
1313 authentication. ok djm@
Darren Tucker12984962004-05-24 13:37:13 +10001314 - (dtucker) [sshd.c] Fix typo in comment.
Darren Tuckercdf547a2004-05-24 10:12:19 +10001315
Damien Miller701d0512004-05-23 11:47:58 +1000131620040523
Damien Millerb4097182004-05-23 14:09:40 +10001317 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
1318 sshd_config; ok dtucker@
1319 - (djm) [configure.ac] Warn if the system has no known way of figuring out
1320 which user is on the other end of a Unix domain socket; ok dtucker@
Ben Lindstromefec7c22004-05-23 06:22:27 +00001321 - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle
1322 old/broken/incomplete <sys/queue.h>.
Damien Miller701d0512004-05-23 11:47:58 +10001323
Darren Tucker8e968a52004-05-13 11:56:16 +1000132420040513
1325 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
1326 libresolv, fixes problems detecting it on some platforms
1327 (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@
Darren Tucker2e578f62004-05-13 13:03:04 +10001328 - (dtucker) OpenBSD CVS Sync
1329 - jmc@cvs.openbsd.org 2004/05/04 18:36:07
1330 [scp.1]
1331 SendEnv here too;
Darren Tuckerdcf6ec42004-05-13 13:03:56 +10001332 - jmc@cvs.openbsd.org 2004/05/06 11:24:23
1333 [ssh_config.5]
1334 typo from John Cosimano (PR 3770);
Darren Tucker06f2bd82004-05-13 16:06:46 +10001335 - deraadt@cvs.openbsd.org 2004/05/08 00:01:37
1336 [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
1337 tildexpand.c], removed: sshtty.h tildexpand.h
1338 make two tiny header files go away; djm ok
Darren Tuckere608ca22004-05-13 16:15:47 +10001339 - djm@cvs.openbsd.org 2004/05/08 00:21:31
1340 [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
1341 sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
1342 kill a tiny header; ok deraadt@
Darren Tucker770fc012004-05-13 16:24:32 +10001343 - djm@cvs.openbsd.org 2004/05/09 00:06:47
1344 [moduli.c ssh-keygen.c] removed: moduli.h
1345 zap another tiny header; ok deraadt@
Darren Tuckere14e0052004-05-13 16:30:44 +10001346 - djm@cvs.openbsd.org 2004/05/09 01:19:28
1347 [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
1348 sshd.c] removed: mpaux.c mpaux.h
1349 kill some more tiny files; ok deraadt@
Darren Tuckerb42714e2004-05-13 16:31:48 +10001350 - djm@cvs.openbsd.org 2004/05/09 01:26:48
1351 [kex.c]
1352 don't overwrite what we are trying to compute
Darren Tucker1f8311c2004-05-13 16:39:33 +10001353 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43
1354 [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
1355 packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
1356 improve some code lint did not like; djm millert ok
Darren Tuckera86b4532004-05-13 16:45:46 +10001357 - dtucker@cvs.openbsd.org 2004/05/13 02:47:50
1358 [ssh-agent.1]
1359 Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
Darren Tucker1dcff9a2004-05-13 16:51:40 +10001360 - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
1361 UsePAM section. Parts from djm@ and jmc@.
Darren Tuckerb6db1722004-05-13 17:29:35 +10001362 - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
1363 readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
Darren Tuckercc268552004-05-13 20:10:38 +10001364 - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR
1365 is defined before using.
Darren Tucker991d95f2004-05-13 20:24:10 +10001366 - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR
1367 -> HAVE_DECL_H_ERRNO.
Darren Tucker8e968a52004-05-13 11:56:16 +10001368
136920040502
Darren Tucker47abce42004-05-02 22:09:00 +10001370 - (dtucker) OpenBSD CVS Sync
1371 - djm@cvs.openbsd.org 2004/04/22 11:56:57
1372 [moduli.c]
1373 Bugzilla #850: Sophie Germain is the correct name of the French
1374 mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
Darren Tucker46bc0752004-05-02 22:11:30 +10001375 - djm@cvs.openbsd.org 2004/04/27 09:46:37
1376 [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
1377 ssh_config.5 sshd_config.5]
1378 bz #815: implement ability to pass specified environment variables from
1379 the client to the server; ok markus@
Darren Tucker1e0c9bf2004-05-02 22:12:48 +10001380 - djm@cvs.openbsd.org 2004/04/28 05:17:10
1381 [ssh_config.5 sshd_config.5]
1382 manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
Darren Tuckerb2a601c2004-05-02 22:13:20 +10001383 - jmc@cvs.openbsd.org 2004/04/28 07:02:56
1384 [sshd_config.5]
1385 remove unnecessary .Pp;
Darren Tucker7a6c0662004-05-02 22:14:03 +10001386 - jmc@cvs.openbsd.org 2004/04/28 07:13:42
1387 [sftp.1 ssh.1]
1388 add SendEnv to -o list;
Darren Tucker097e1e92004-05-02 22:15:08 +10001389 - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
1390 [sshd.8]
1391 Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
1392 via Debian; ok djm@
Darren Tuckeredae0ec2004-05-02 22:15:52 +10001393 - dtucker@cvs.openbsd.org 2004/05/02 11:57:52
1394 [ssh.1]
1395 ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via
1396 Debian. ok djm@
Darren Tucker3d5cbb72004-05-03 09:13:15 +10001397 - dtucker@cvs.openbsd.org 2004/05/02 23:02:17
1398 [sftp.1]
1399 ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@
Darren Tuckerc0796d72004-05-03 09:19:03 +10001400 - dtucker@cvs.openbsd.org 2004/05/02 23:17:51
1401 [scp.1]
1402 ConnectionTimeout -> ConnectTimeout for scp.1 too.
Darren Tucker47abce42004-05-02 22:09:00 +10001403
Darren Tucker5bb14002004-04-23 18:53:10 +1000140420040423
1405 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno
1406 as extern int if not already declared. Fixes compile errors on old SCO
1407 platforms. ok tim@
Darren Tucker7749c512004-04-23 18:57:13 +10001408 - (dtucker) [README.platform] List prereqs for building on Cygwin.
Darren Tucker5bb14002004-04-23 18:53:10 +10001409
Damien Miller752e4e62004-04-21 12:29:13 +1000141020040421
1411 - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@
1412
Damien Miller0b51a522004-04-20 20:07:19 +1000141320040420
1414 - (djm) OpenBSD CVS Sync
1415 - henning@cvs.openbsd.org 2004/04/08 16:08:21
1416 [sshconnect2.c]
Damien Miller50bec892004-04-20 20:20:40 +10001417 swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what
1418 FreeBSD and NetBSD do.
Damien Miller0b51a522004-04-20 20:07:19 +10001419 ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
Damien Miller57a44762004-04-20 20:11:57 +10001420 - djm@cvs.openbsd.org 2004/04/18 23:10:26
1421 [readconf.c readconf.h ssh-keysign.c ssh.c]
1422 perform strict ownership and modes checks for ~/.ssh/config files,
1423 as these can be used to execute arbitrary programs; ok markus@
1424 NB. ssh will now exit when it detects a config with poor permissions
Damien Millerc970cb92004-04-20 20:12:53 +10001425 - djm@cvs.openbsd.org 2004/04/19 13:02:40
1426 [ssh.1 ssh_config.5]
1427 document strict permission checks on ~/.ssh/config; prompted by,
1428 with & ok jmc@
Damien Miller1a812582004-04-20 20:13:32 +10001429 - jmc@cvs.openbsd.org 2004/04/19 16:12:14
1430 [ssh_config.5]
1431 kill whitespace at eol;
Damien Miller914420f2004-04-20 20:14:07 +10001432 - djm@cvs.openbsd.org 2004/04/19 21:51:49
1433 [ssh.c]
1434 fix idiot typo that i introduced in my last commit;
1435 spotted by cschneid AT cschneid.com
Damien Miller50bec892004-04-20 20:20:40 +10001436 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for
1437 above change
Damien Miller5561e0b2004-04-20 20:28:55 +10001438 - (djm) [configure.ac] Check whether libroken is required when building
1439 with Heimdal
Damien Miller0b51a522004-04-20 20:07:19 +10001440
Darren Tucker9929d1f2004-04-19 22:01:37 +1000144120040419
1442 - (dtucker) OpenBSD CVS Sync
1443 - dtucker@cvs.openbsd.org 2004/02/29 22:04:45
1444 [regress/login-timeout.sh]
1445 Use sudo when restarting daemon during test. ok markus@
Darren Tucker0a74ae72004-04-19 22:04:21 +10001446 - dtucker@cvs.openbsd.org 2004/03/08 10:17:12
1447 [regress/login-timeout.sh]
1448 Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only)
Darren Tuckerdca6a4d2004-04-19 22:10:52 +10001449 - djm@cvs.openbsd.org 2004/03/30 12:41:56
1450 [sftp-client.c]
1451 sync comment with reality
Darren Tuckerd04121f2004-04-19 22:16:53 +10001452 - djm@cvs.openbsd.org 2004/03/31 21:58:47
1453 [canohost.c]
1454 don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
Darren Tuckerbddc2b02004-04-19 23:50:16 +10001455 - markus@cvs.openbsd.org 2004/04/01 12:19:57
1456 [scp.c]
1457 limit trust between local and remote rcp/scp process,
1458 noticed by lcamtuf; ok deraadt@, djm@
Darren Tucker9929d1f2004-04-19 22:01:37 +10001459
Darren Tucker2a9bf4b2004-04-18 11:00:26 +1000146020040418
1461 - (dtucker) [auth-pam.c] Log username and source host for failed PAM
1462 authentication attempts. With & ok djm@
Damien Miller2eb42362004-04-18 21:15:43 +10001463 - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow
1464 change of user context without a password, so relax auth method
1465 restrictions; from vinschen AT redhat.com; ok dtucker@
Darren Tucker2a9bf4b2004-04-18 11:00:26 +10001466
Darren Tuckerc99a19b2004-04-16 17:58:28 +1000146720040416
1468 - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since
1469 FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com
Damien Miller9c870f92004-04-16 22:47:55 +10001470 - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
1471 file using FILE: method, fixes problems on Mac OSX.
1472 Patch from simon@sxw.org.uk; ok dtucker@
Tim Ricefe6d5aa2004-04-16 20:03:07 -07001473 - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and
1474 BROKEN_SETREGID for SCO OpenServer 3
Darren Tuckerc99a19b2004-04-16 17:58:28 +10001475
Darren Tucker96cc26b2004-04-14 13:04:35 +1000147620040412
1477 - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning
1478 from bug #701 (text from jfh at cise.ufl.edu).
Darren Tucker3b908f62004-04-14 15:26:39 +10001479 - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg
1480 skeychallenge(), eg on NetBSD. ok mouring@
Darren Tucker06a8cfe2004-04-14 17:24:30 +10001481 - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly
1482 4-arg, with compatibility for 3-arg versions. From djm@, ok me.
Damien Miller0ac45002004-04-14 20:14:26 +10001483 - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@
Darren Tucker96cc26b2004-04-14 13:04:35 +10001484
Darren Tucker4d2f3612004-04-08 10:57:05 +1000148520040408
1486 - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating
1487 pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org.
Ben Lindstrom1b9f2a62004-04-08 05:11:03 +00001488 - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers
1489 back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple)
Darren Tucker11f18292004-04-08 16:16:06 +10001490 - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and
1491 simplify loginrec.c. ok tim@
Ben Lindstrom036768e2004-04-08 16:12:30 +00001492 - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested
1493 limiting scope and dtucker@ agreed.
Darren Tucker4d2f3612004-04-08 10:57:05 +10001494
Darren Tuckerac7c9982004-04-07 08:04:09 +1000149520040407
1496 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From
1497 f_mohr at yahoo.de.
Ben Lindstroma8104b52004-04-07 04:16:11 +00001498 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see
1499 if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
1500 are starting to restrict it as internal since it is not needed by
1501 developers any more. (Patch based on Apple tree)
1502 - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
1503 krb5 on MacOS/X conflicts. There may be a better solution, but this will
1504 work for now.
Darren Tuckerac7c9982004-04-07 08:04:09 +10001505
Darren Tucker8db9a0f2004-04-06 21:31:12 +1000150620040406
1507 - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use
1508 updwtmpx() on IRIX since it seems to clobber utmp. ok djm@
Darren Tucker4398cf52004-04-06 21:39:02 +10001509 - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect
1510 broken getaddrinfo and friends on HP-UX. ok djm@
Darren Tucker8db9a0f2004-04-06 21:31:12 +10001511
Darren Tucker809031f2004-03-30 14:03:45 +1000151220040330
1513 - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on
1514 Linuxes, since that's what many use. ok djm@
Darren Tucker17addf02004-03-30 20:57:57 +10001515 - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c
1516 to reduce potential confusion with the one in sshd.c. ok djm@
Damien Millerccea0202004-03-31 15:17:54 +10001517 - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection;
1518 with & ok dtucker@
Darren Tucker809031f2004-03-30 14:03:45 +10001519
Darren Tuckerb3850592004-03-27 16:44:21 +1100152020040327
1521 - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent
1522 duplicate login messages for mutli-session logins. ok djm@
1523
Damien Miller3df755e2004-03-22 09:34:26 +1100152420040322
Damien Millerbfba3542004-03-22 09:29:57 +11001525 - (djm) [sshd.c] Drop supplemental groups if started as root
Damien Miller3df755e2004-03-22 09:34:26 +11001526 - (djm) OpenBSD CVS Sync
1527 - markus@cvs.openbsd.org 2004/03/09 22:11:05
1528 [ssh.c]
1529 increase x11 cookie lifetime to 20 minutes; ok djm
Damien Miller50955102004-03-22 09:34:58 +11001530 - markus@cvs.openbsd.org 2004/03/10 09:45:06
1531 [ssh.c]
1532 trim usage to match ssh(1) and look more like unix. ok djm@
Damien Millerb4087862004-03-22 09:35:21 +11001533 - markus@cvs.openbsd.org 2004/03/11 08:36:26
1534 [sshd.c]
1535 trim usage; ok deraadt
Damien Miller0c889cd2004-03-22 09:36:00 +11001536 - markus@cvs.openbsd.org 2004/03/11 10:21:17
1537 [ssh.c sshd.c]
1538 ssh, sshd: sync version output, ok djm
Damien Milleraed7cee2004-03-22 09:39:09 +11001539 - markus@cvs.openbsd.org 2004/03/20 10:40:59
1540 [version.h]
1541 3.8.1
Damien Miller154e8b82004-03-22 09:40:01 +11001542 - (djm) Crank RPM spec versions
Damien Millerbfba3542004-03-22 09:29:57 +11001543
Damien Miller4fefe242004-03-11 14:20:10 +1100154420040311
1545 - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker
1546
Darren Tucker7c991ab2004-03-10 21:06:32 +1100154720040310
1548 - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo
1549 before redefining it, silences warnings on Tru64.
1550
Darren Tucker112aaac2004-03-08 22:13:12 +1100155120040308
1552 - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some
Darren Tuckerdbf7a742004-03-08 23:04:06 +11001553 platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@
1554 - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
1555 openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
1556 inherited by the child. ok djm@
1557 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
1558 monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
Damien Miller57aae982004-03-08 23:11:25 +11001559 even if keyboard-interactive is not used by the client. Prevents
1560 segfaults in some cases where the user's password is expired (note this
1561 is not considered a security exposure). ok djm@
1562 - (djm) OpenBSD CVS Sync
1563 - markus@cvs.openbsd.org 2004/03/03 06:47:52
1564 [sshd.c]
1565 change proctiltle after accept(2); ok henning, deraadt, djm
Damien Miller9ba30692004-03-08 23:12:02 +11001566 - djm@cvs.openbsd.org 2004/03/03 09:30:42
1567 [sftp-client.c]
1568 Don't print duplicate messages when progressmeter is off
1569 Spotted by job317 AT mailvault.com; ok markus@
Damien Millerc0f27d82004-03-08 23:12:19 +11001570 - djm@cvs.openbsd.org 2004/03/03 09:31:20
1571 [sftp.c]
1572 Fix initialisation of progress meter; ok markus@
Damien Millerbd394c32004-03-08 23:12:36 +11001573 - markus@cvs.openbsd.org 2004/03/05 10:53:58
1574 [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
1575 add IdentitiesOnly; ok djm@, pb@
Damien Miller3b513012004-03-08 23:13:00 +11001576 - djm@cvs.openbsd.org 2004/03/08 09:38:05
1577 [ssh-keyscan.c]
1578 explicitly initialise remote_major and remote_minor.
1579 from cjwatson AT debian.org; ok markus@
Damien Miller8448e662004-03-08 23:13:15 +11001580 - dtucker@cvs.openbsd.org 2004/03/08 10:18:57
1581 [sshd_config.5]
1582 Document KerberosGetAFSToken; ok markus@
Tim Riceaa538322004-03-08 12:12:18 -08001583 - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal
Darren Tucker112aaac2004-03-08 22:13:12 +11001584
Tim Ricef45eff22004-03-07 10:40:01 -0800158520040307
1586 - (tim) [regress/login-timeout.sh] fix building outside of source tree.
1587
Darren Tucker4b385d42004-03-04 19:54:10 +1100158820040304
1589 - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with
1590 -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@
Darren Tuckerb9b60212004-03-04 20:03:54 +11001591 - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread,
1592 prevent hanging during PAM keyboard-interactive authentications. ok djm@
Darren Tucker91bf45c2004-03-04 22:59:36 +11001593 - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h
1594 openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when
1595 configured --with-osfsia. ok djm@
Darren Tucker4b385d42004-03-04 19:54:10 +11001596
Darren Tucker6e26bf12004-03-04 19:47:29 +1100159720040303
Damien Miller6c4914a2004-03-03 11:08:59 +11001598 - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent
1599 ok dtucker
1600
Darren Tuckerd5920482004-02-29 20:11:30 +1100160120040229
Tim Ricead4a1882004-02-29 15:53:37 -08001602 - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188
1603
160420040229
Darren Tuckerd5920482004-02-29 20:11:30 +11001605 - (dtucker) OpenBSD CVS Sync
1606 - djm@cvs.openbsd.org 2004/02/25 00:22:45
1607 [sshd.c]
1608 typo in comment
Darren Tuckerfc113c92004-02-29 20:12:33 +11001609 - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
1610 [dh.c]
1611 Prevent sshd from sending DH groups with a primitive generator of zero or
1612 one, even if they are listed in /etc/moduli. ok markus@
Darren Tuckerc56c7ef2004-02-29 20:13:34 +11001613 - dtucker@cvs.openbsd.org 2004/02/27 22:44:56
1614 [dh.c]
1615 Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
1616 ever uses one. ok markus@
Darren Tuckereffc84c2004-02-29 20:15:08 +11001617 - dtucker@cvs.openbsd.org 2004/02/27 22:49:27
1618 [dh.c]
1619 Reset bit counter at the right time, fixes debug output in the case where
1620 the DH group is rejected. ok markus@
Darren Tucker017fd612004-02-29 20:30:17 +11001621 - dtucker@cvs.openbsd.org 2004/02/17 08:23:20
1622 [regress/Makefile regress/login-timeout.sh]
1623 Add regression test for LoginGraceTime; ok markus@
Darren Tucker03c907a2004-02-29 20:31:08 +11001624 - markus@cvs.openbsd.org 2004/02/24 16:56:30
1625 [regress/test-exec.sh]
1626 allow arguments in ${TEST_SSH_XXX}
Darren Tucker437a5f02004-02-29 20:33:51 +11001627 - markus@cvs.openbsd.org 2004/02/24 17:06:52
1628 [regress/ssh-com-client.sh regress/ssh-com-keygen.sh
1629 regress/ssh-com-sftp.sh regress/ssh-com.sh]
1630 test against recent ssh.com releases
Darren Tucker68b184c2004-02-29 20:37:06 +11001631 - dtucker@cvs.openbsd.org 2004/02/28 12:16:57
1632 [regress/dynamic-forward.sh]
1633 Make dynamic-forward understand nc's new output. ok markus@
Darren Tucker9468ba32004-02-29 20:38:26 +11001634 - dtucker@cvs.openbsd.org 2004/02/28 13:44:45
1635 [regress/try-ciphers.sh]
1636 Test acss too; ok markus@
Darren Tuckerb099d852004-02-29 21:30:05 +11001637 - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we
1638 built with openssl < 0.9.7)
Darren Tuckerd5920482004-02-29 20:11:30 +11001639
Ben Lindstrom78ffe262004-02-27 03:01:19 +0000164020040226
1641 - (bal) KNF our sshlogin.c even if the code looks nothing like upstream
1642 code due to diversity issues.
1643
Damien Millerd8913952004-02-25 10:56:31 +1100164420040225
1645 - (djm) Trim ChangeLog
Damien Miller124055d2004-02-25 10:57:45 +11001646 - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora
Damien Millerd8913952004-02-25 10:56:31 +11001647
Darren Tucker37bd3662004-02-24 09:19:15 +1100164820040224
1649 - (dtucker) OpenBSD CVS Sync
1650 - markus@cvs.openbsd.org 2004/02/19 21:15:04
1651 [sftp-server.c]
1652 switch to new license.template
Darren Tuckerefa37062004-02-24 09:20:29 +11001653 - markus@cvs.openbsd.org 2004/02/23 12:02:33
1654 [sshd.c]
1655 backout revision 1.279; set listen socket to non-block; ok henning.
Darren Tucker0acc92a2004-02-24 09:21:41 +11001656 - markus@cvs.openbsd.org 2004/02/23 15:12:46
1657 [bufaux.c]
1658 encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka
1659 and drop support for negative BNs; ok otto@
Darren Tuckera6ea4202004-02-24 09:24:01 +11001660 - markus@cvs.openbsd.org 2004/02/23 15:16:46
1661 [version.h]
1662 enter 3.8
Darren Tucker0d27ed12004-02-24 10:37:33 +11001663 - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
1664 with krb5-config, hunt down gssapi.h and friends. Based partially on patch
Darren Tucker8a4e4f82004-02-24 10:58:10 +11001665 from deengert at anl.gov. ok djm@
Damien Millera811d9a2004-02-24 13:05:11 +11001666 - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
1667 using sysconf() if available Based on patches from
1668 holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
Darren Tucker2359aa92004-02-24 13:17:30 +11001669 - (dtucker) [uidswap.c] Minor KNF. ok djm@
Tim Rice18959002004-02-23 20:51:06 -08001670 - (tim) [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@
Damien Miller9fc475f2004-02-24 16:00:02 +11001671 - (djm) Crank RPM spec versions
Darren Tucker5ce131f2004-02-24 16:13:24 +11001672 - (dtucker) [README] Add pointer to release notes. ok djm@
Darren Tucker149543e2004-02-24 16:14:41 +11001673 - (dtucker) {README.platform] Add platform-specific notes.
Tim Ricee8c898a2004-02-23 21:47:04 -08001674 - (tim) [configure.ac] SCO3 needs -lcrypt_i for -lprot
Damien Miller33424702004-02-24 17:13:28 +11001675 - (djm) Release 3.8p1
Darren Tucker37bd3662004-02-24 09:19:15 +11001676
Darren Tucker1825f262004-02-24 00:01:27 +1100167720040223
1678 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
1679 non-interactive path. ok djm@
1680
Darren Tucker15ee7482004-02-22 09:43:15 +1100168120040222
1682 - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
1683 to auth-shadow.c, no functional change. ok djm@
Darren Tuckere828d0c2004-02-22 11:55:07 +11001684 - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or
1685 password expiry. ok djm@
1686 - (dtucker) [auth-passwd.c] Only check password expiry once. Prevents
1687 multiple warnings if a wrong password is entered.
1688 - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi path
1689 too.
Darren Tucker15ee7482004-02-22 09:43:15 +11001690
Damien Miller2e45cb02004-02-20 20:37:44 +1100169120040220
1692 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
1693
Darren Tuckera22897d2004-02-18 11:21:12 +1100169420040218
1695 - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a
1696 path with a "-" in it. From Sergio.Gelato at astro.su.se.
Damien Millerd7d46bb2004-02-18 14:11:13 +11001697 - (djm) OpenBSD CVS Sync
1698 - djm@cvs.openbsd.org 2004/02/17 07:17:29
1699 [sftp-glob.c sftp.c]
1700 Remove useless headers; ok deraadt@
Damien Miller20e1fab2004-02-18 14:30:55 +11001701 - djm@cvs.openbsd.org 2004/02/17 11:03:08
1702 [sftp.c]
1703 sftp.c and sftp-int.c, together at last; ok markus@
Damien Miller05a75b62004-02-18 14:31:23 +11001704 - jmc@cvs.openbsd.org 2004/02/17 19:35:21
1705 [sshd_config.5]
1706 remove cruft left over from RhostsAuthentication removal;
1707 ok markus@
Damien Miller82c78b32004-02-18 15:42:31 +11001708 - (djm) [log.c] Correct use of HAVE_OPENLOG_R
Damien Miller051b0ac2004-02-18 22:59:43 +11001709 - (djm) [log.c] Tighten openlog_r tests
Darren Tuckera22897d2004-02-18 11:21:12 +11001710
Damien Miller98225c22004-02-17 16:49:41 +1100171120040217
1712 - (djm) Simplify the license on code I have written. No code changes.
Damien Miller4e60ed72004-02-17 17:07:59 +11001713 - (djm) OpenBSD CVS Sync
1714 - djm@cvs.openbsd.org 2004/02/17 05:39:51
1715 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
1716 [sftp-int.h sftp.c]
1717 switch to license.template for code written by me (belated, I know...)
Damien Miller34255b92004-02-17 20:33:52 +11001718 - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from
1719 stadal@suse.cz and simon@sxw.org.uk
Darren Tuckerba53b832004-02-17 20:46:59 +11001720 - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@
Darren Tucker5cf8ef72004-02-17 23:20:07 +11001721 - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
1722 display after login. Should fix problems like pam_motd not displaying
1723 anything, noticed by cjwatson at debian.org. ok djm@
Damien Miller98225c22004-02-17 16:49:41 +11001724
Tim Rice9ad7e0e2004-02-12 07:17:10 -0800172520040212
1726 - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
1727 Portablity fixes. Data sftp transfers needs to be world readable. Some
1728 older shells hang on while loops when doing sh -n some_script. OK dtucker@
Tim Rice3d5352e2004-02-12 09:27:21 -08001729 - (tim) [configure.ac] Make sure -lcrypto is before -lsocket for sco3.
1730 ok mouring@
Tim Rice9ad7e0e2004-02-12 07:17:10 -08001731
Darren Tuckercee6d4c2004-02-11 18:48:52 +1100173220040211
1733 - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
1734 if HAS_SHADOW_EXPIRY is set.
Tim Rice43fa5572004-02-11 14:46:40 -08001735 - (tim) [configure.ac] Fix comment to match code changes in ver 1.117
Darren Tuckercee6d4c2004-02-11 18:48:52 +11001736
Darren Tuckere3dba822004-02-10 12:50:19 +1100173720040210
1738 - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
Darren Tucker9df3def2004-02-10 13:01:14 +11001739 openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
1740 native password expiry.
1741 - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
1742 defines.h] Bug #14: Use do_pwchange to support password expiry and force
1743 change for platforms using /etc/shadow. ok djm@
Darren Tuckerffae5322004-02-10 13:05:40 +11001744 - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat
1745 functions to avoid conflicts with Heimdal's libroken. ok djm@
Darren Tucker1921ed92004-02-10 13:23:28 +11001746 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
1747 change expired PAM passwords for SSHv1 connections without privsep.
1748 pam_chauthtok is still used when privsep is disabled. ok djm@
Darren Tuckercfea2062004-02-10 15:27:34 +11001749 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
1750 include from port-aix.h to port-aix.c and remove unnecessary function
1751 definition. Fixes build errors on AIX.
Darren Tuckerc28b88a2004-02-10 16:49:35 +11001752 - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms
1753 that support it. from & ok mouring@
Darren Tucker13a707b2004-02-10 17:15:05 +11001754 - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x.
Darren Tuckercee6d4c2004-02-11 18:48:52 +11001755 ok djm@
Darren Tuckere3dba822004-02-10 12:50:19 +11001756
Darren Tuckerfc57f712004-02-07 10:41:48 +1100175720040207
1758 - (dtucker) OpenBSD CVS Sync
1759 - dtucker@cvs.openbsd.org 2004/02/06 23:41:13
1760 [cipher-ctr.c]
1761 Use EVP_CIPHER_CTX_key_length for key length. ok markus@
1762 (This will fix builds with OpenSSL 0.9.5)
Darren Tucker693f8a82004-02-07 12:29:39 +11001763 - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5.
1764 ok djm@, markus@
Darren Tuckerfc57f712004-02-07 10:41:48 +11001765
Darren Tucker99762462004-02-06 15:22:43 +1100176620040206
1767 - (dtucker) [acss.c acss.h] Fix $Id tags.
Darren Tucker6977fe72004-02-06 15:26:10 +11001768 - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with
1769 OpenSSL >= 0.9.7. ok djm@
Darren Tuckeref3a4a22004-02-06 15:30:50 +11001770 - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
1771 user, since some modules might fail due to lack of privilege. ok djm@
Darren Tuckerf58fb7e2004-02-06 15:59:06 +11001772 - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
1773 for HP-UX 11.11. If there are known-good configs where this is not
1774 required, please report them. ok djm@
Darren Tuckerecc9d462004-02-06 16:04:08 +11001775 - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
1776 accidentally inheriting from root's environment. ok djm@
Darren Tucker819d4522004-02-06 16:18:47 +11001777 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #796:
1778 Restore previous authdb setting after auth calls. Fixes problems with
1779 setpcred failing on accounts that use AFS or NIS password registries.
Darren Tucker07459352004-02-06 21:29:41 +11001780 - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present,
1781 required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>.
Darren Tucker23bc8d02004-02-06 16:24:31 +11001782 - (dtucker) OpenBSD CVS Sync
1783 - markus@cvs.openbsd.org 2004/01/30 09:48:57
1784 [auth-passwd.c auth.h pathnames.h session.c]
1785 support for password change; ok dtucker@
1786 (set password-dead=1w in login.conf to use this).
1787 In -Portable, this is currently only platforms using bsdauth.
Darren Tuckera8be9e22004-02-06 16:40:27 +11001788 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17
1789 [monitor.c sshd.c]
1790 Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
Darren Tucker7f73a492004-02-06 16:41:37 +11001791 - markus@cvs.openbsd.org 2004/02/05 15:33:33
1792 [progressmeter.c]
1793 fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@
Darren Tucker99762462004-02-06 15:22:43 +11001794
Darren Tucker22991ba2004-01-30 12:58:51 +1100179520040129
1796 - (dtucker) OpenBSD CVS Sync regress/
1797 - dtucker@cvs.openbsd.org 2003/10/11 11:49:49
1798 [Makefile banner.sh]
1799 Test missing banner file, suppression of banner with ssh -q, check return
1800 code from ssh. ok markus@
Darren Tucker633f3e02004-01-30 13:00:29 +11001801 - jmc@cvs.openbsd.org 2003/11/07 10:16:44
1802 [ssh-com.sh]
1803 adress -> address, and a few more; all from Jonathon Gray;
Darren Tucker46662bf2004-01-30 13:02:55 +11001804 - djm@cvs.openbsd.org 2004/01/13 09:49:06
1805 [sftp-batch.sh]
Darren Tuckerdcc736b2004-01-30 14:20:59 +11001806 - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from
1807 tim@, ok several
Darren Tucker2df33432004-01-30 14:34:21 +11001808 - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h]
1809 Bug #775: Cray fixes from wendy at cray.com
Darren Tucker22991ba2004-01-30 12:58:51 +11001810
Darren Tucker4f9f6792004-01-28 12:26:14 +1100181120040128
1812 - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@
Darren Tucker77970692004-01-28 15:44:04 +11001813 - (dtucker) [moduli] Import new moduli file from OpenBSD.
Darren Tucker4f9f6792004-01-28 12:26:14 +11001814
Damien Miller4f0fe682004-01-27 21:19:21 +1100181520040127
1816 - (djm) OpenBSD CVS Sync
1817 - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
1818 [cipher.c]
1819 enable acss for ssh
1820 ok deraadt@ markus@
Damien Millerb21be842004-01-27 21:20:11 +11001821 - mouring@cvs.openbsd.org 2004/01/23 17:57:48
1822 [sftp-int.c]
1823 Fix issue pointed out with ls not handling large directories
1824 with embeded paths correctly. OK damien@
Damien Millerb2d1c2b2004-01-27 21:20:59 +11001825 - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33
1826 [cipher.c]
1827 rename acss@opebsd.org to acss@openssh.org
1828 ok deraadt@
Damien Millerf6723f02004-01-27 21:21:27 +11001829 - djm@cvs.openbsd.org 2004/01/25 03:49:09
1830 [sshconnect.c]
1831 reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
1832 from jclonguet AT free.fr; ok millert@
Damien Millerec692032004-01-27 21:22:00 +11001833 - djm@cvs.openbsd.org 2004/01/27 10:08:10
1834 [sftp.c]
1835 reorder parsing so user:skey@host:file works (bugzilla #777)
1836 patch from admorten AT umich.edu; ok markus@
Damien Miller4f0fe682004-01-27 21:19:21 +11001837 - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
1838 if libcrypto lacks it
1839
Tim Rice3084a612004-01-26 09:37:09 -0800184020040126
1841 - (tim) Typo in regress/README.regress
Tim Riceeafd8e92004-01-26 14:10:10 -08001842 - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated.
Tim Riceba1c2b82004-01-26 16:02:17 -08001843 - (tim) [defines.h] Add defines for HFIXEDSZ and T_SIG
Tim Rice2597bfd2004-01-26 19:03:39 -08001844 - (tim) [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends.
Tim Rice01326eb2004-01-26 21:40:35 -08001845 - (tim) [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ
1846 and T_SIG to getrrsetbyname.h
Tim Rice3084a612004-01-26 09:37:09 -08001847
Damien Miller68144112004-01-24 13:50:39 +1100184820040124
1849 - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com
1850
Damien Millerd3526362004-01-23 14:16:26 +1100185120040123
1852 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
1853 ralf.hack AT pipex.net; ok dtucker@
Damien Miller84938142004-01-23 16:30:03 +11001854 - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
1855 Kerberos location (and thus work with Fedora Core 1);
1856 from jason AT devrandom.org
Darren Tucker2dcd2392004-01-23 17:13:33 +11001857 - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for
1858 zlib >= 1.1.4. Partly from jbasney at ncsa.uiuc.edu. ok djm@
Darren Tucker63699582004-01-23 21:35:44 +11001859 - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options.
1860 Patch from vinschen at redhat.com.
Darren Tucker3c78c5e2004-01-23 22:03:10 +11001861 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
1862 Change AFS symbol to USE_AFS to prevent namespace collisions, do not
1863 include kafs.h unless necessary. From deengert at anl.gov.
Tim Ricefcb62202004-01-23 18:35:16 -08001864 - (tim) [configure.ac] Remove hard coded -L/usr/local/lib and
1865 -I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
1866 CPPFLAGS="-I/usr/local/include" ./configure if needed.
Damien Millerd3526362004-01-23 14:16:26 +11001867
Darren Tucker1d3ca582004-01-22 12:05:34 +1100186820040122
1869 - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/
1870 GSSAPI detection, libs and includes. ok djm@
Darren Tucker7fe8b722004-01-22 12:48:26 +11001871 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
1872 just HEIMDAL.
Tim Ricec9001282004-01-22 16:10:03 -08001873 - (tim) [contrib/solaris/buildpkg.sh] Allow for the possibility of
1874 /usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
Darren Tucker1d3ca582004-01-22 12:05:34 +11001875
Damien Miller44f75c12004-01-21 10:58:47 +1100187620040121
1877 - (djm) OpenBSD CVS Sync
1878 - djm@cvs.openbsd.org 2004/01/13 09:25:05
1879 [sftp-int.c sftp.1 sftp.c]
1880 Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
1881 enable use of "-b -" to accept batchfile from stdin; ok markus@
Damien Miller86a39682004-01-21 11:00:04 +11001882 - jmc@cvs.openbsd.org 2004/01/13 12:17:33
1883 [sftp.1]
1884 remove unnecessary Ic's;
1885 kill whitespace at EOL;
1886 ok djm@
Damien Miller8f341f82004-01-21 11:00:46 +11001887 - markus@cvs.openbsd.org 2004/01/13 19:23:15
1888 [compress.c session.c]
1889 -Wall; ok henning
Damien Millerf84fed62004-01-21 11:01:23 +11001890 - markus@cvs.openbsd.org 2004/01/13 19:45:15
1891 [compress.c]
1892 cast for portability; millert@
Damien Millera04ad492004-01-21 11:02:09 +11001893 - markus@cvs.openbsd.org 2004/01/19 09:24:21
1894 [channels.c]
1895 fake consumption for half closed channels since the peer is waiting for
1896 window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
1897 reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
Damien Millerfb1310e2004-01-21 11:02:50 +11001898 - markus@cvs.openbsd.org 2004/01/19 21:25:15
1899 [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
1900 fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
Damien Millere4f5a822004-01-21 14:11:05 +11001901 - djm@cvs.openbsd.org 2004/01/21 03:07:59
1902 [sftp.c]
1903 initialise infile in main, rather than statically - from portable
Damien Millerf4da3bb2004-01-21 17:07:16 +11001904 - deraadt@cvs.openbsd.org 2004/01/11 21:55:06
1905 [sshpty.c]
1906 for pty opening, only use the openpty() path. the other stuff only needs
1907 to be in openssh-p; markus ok
1908 - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
1909 openpty() replacement
Damien Miller44f75c12004-01-21 10:58:47 +11001910
Darren Tucker749bc952004-01-14 22:14:04 +1100191120040114
1912 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
1913 unexpectedly. with & ok djm@
Darren Tucker7ae09622004-01-14 23:07:56 +11001914 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
1915 test for case where cleanup has already run.
Darren Tuckera8df9242004-01-15 00:15:07 +11001916 - (dtucker) [auth-pam.c] Add minor debugging.
Darren Tucker749bc952004-01-14 22:14:04 +11001917
Darren Tucker1b27c8f2004-01-13 22:35:58 +1100191820040113
1919 - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No
1920 functional changes.
1921
Darren Tucker0234e862004-01-08 23:32:04 +1100192220040108
1923 - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and
1924 only define if not already. From des at freebsd.org.
Darren Tuckerfd0894a2004-01-09 00:19:25 +11001925 - (dtucker) [configure.ac] Remove extra (typo) comma.
Darren Tucker0234e862004-01-08 23:32:04 +11001926
Darren Tuckere9183182004-01-05 08:16:34 +1100192720040105
1928 - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from
1929 cjwatson at debian.org.
Darren Tucker409cb322004-01-05 22:36:51 +11001930 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
1931 Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
Darren Tuckere9183182004-01-05 08:16:34 +11001932
Damien Miller7a2ea782004-01-02 17:52:10 +1100193320040102
1934 - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
1935 jakob@
Damien Millerc8ec1662004-01-02 17:53:04 +11001936 - (djm) Remove useless DNS support configure summary message. from jakob@
Damien Miller0f47c532004-01-02 18:01:30 +11001937 - (djm) OSX/Darwin put the PAM headers in a different place, detect this.
1938 Report from jakob@
Damien Miller7a2ea782004-01-02 17:52:10 +11001939
Darren Tucker06930c72003-12-31 11:34:51 +1100194020031231
1941 - (dtucker) OpenBSD CVS Sync
1942 - djm@cvs.openbsd.org 2003/12/22 09:16:58
1943 [moduli.c ssh-keygen.1 ssh-keygen.c]
1944 tidy up moduli generation debugging, add -v (verbose/debug) option to
1945 ssh-keygen; ok markus@
Darren Tuckera32e19c2003-12-31 11:36:00 +11001946 - markus@cvs.openbsd.org 2003/12/22 20:29:55
1947 [cipher-3des1.c]
1948 EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
Darren Tucker22ef5082003-12-31 11:37:34 +11001949 - jakob@cvs.openbsd.org 2003/12/23 16:12:10
1950 [servconf.c servconf.h session.c sshd_config]
1951 implement KerberosGetAFSToken server option. ok markus@, beck@
Darren Tucker0b3b9752003-12-31 11:38:32 +11001952 - millert@cvs.openbsd.org 2003/12/29 16:39:50
1953 [sshd_config]
1954 KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
Darren Tuckerea287062003-12-31 11:43:24 +11001955 - dtucker@cvs.openbsd.org 2003/12/31 00:24:50
1956 [auth2-passwd.c]
1957 Ignore password change request during password auth (which we currently
1958 don't support) and discard proposed new password. corrections/ok markus@
Darren Tucker2a6b0292003-12-31 14:59:17 +11001959 - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist.
Darren Tucker06930c72003-12-31 11:34:51 +11001960
Darren Tucker3715be32003-12-19 10:58:43 +1100196120031219
1962 - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
1963 typedef size_t ourselves.
1964
Darren Tucker454da0b2003-12-18 12:52:19 +1100196520031218
1966 - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban.
Darren Tucker07705c72003-12-18 15:34:31 +11001967 - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
1968 authentication. Partially fixes bug #423. Feedback & ok djm@
Darren Tucker454da0b2003-12-18 12:52:19 +11001969
Damien Millerb5820f42003-12-17 16:27:32 +1100197020031217
1971 - (djm) OpenBSD CVS Sync
1972 - markus@cvs.openbsd.org 2003/12/09 15:28:43
1973 [serverloop.c]
1974 make ClientKeepAlive work for ssh -N, too (no login shell requested).
1975 1) send a bogus channel request if we find a channel
1976 2) send a bogus global request if we don't have a channel
1977 ok + test beck@
Damien Millerb9997192003-12-17 16:29:22 +11001978 - markus@cvs.openbsd.org 2003/12/09 17:29:04
1979 [sshd.c]
1980 fix -o and HUP; ok henning@
Damien Miller9836cf82003-12-17 16:30:06 +11001981 - markus@cvs.openbsd.org 2003/12/09 17:30:05
1982 [ssh.c]
1983 don't modify argv for ssh -o; similar to sshd.c 1.283
Damien Miller12c150e2003-12-17 16:31:10 +11001984 - markus@cvs.openbsd.org 2003/12/09 21:53:37
1985 [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
1986 [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
1987 rename keepalive to tcpkeepalive; the old name causes too much
1988 confusion; ok djm, dtucker; with help from jmc@
Damien Millerd6965512003-12-17 16:31:53 +11001989 - dtucker@cvs.openbsd.org 2003/12/09 23:45:32
1990 [clientloop.c]
1991 Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@
Damien Millerbaafb982003-12-17 16:32:23 +11001992 - markus@cvs.openbsd.org 2003/12/14 12:37:21
1993 [ssh_config.5]
1994 we don't support GSS KEX; from Simon Wilkinson
Damien Miller509b0102003-12-17 16:33:10 +11001995 - markus@cvs.openbsd.org 2003/12/16 15:49:51
1996 [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
1997 [ssh.c ssh_config.5]
1998 application layer keep alive (ServerAliveInterval ServerAliveCountMax)
1999 for ssh(1), similar to the sshd(8) option; ok beck@; with help from
2000 jmc and dtucker@
Damien Miller8975ddf2003-12-17 16:33:53 +11002001 - markus@cvs.openbsd.org 2003/12/16 15:51:54
2002 [dh.c]
2003 use <= instead of < in dh_estimate; ok provos/hshoexer;
2004 do not return < DH_GRP_MIN
Darren Tuckere937be32003-12-17 18:53:26 +11002005 - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for
2006 setres[ug]id() present but not implemented (eg some Linux/glibc
2007 combinations).
Ben Lindstrom563eb992003-12-18 00:34:06 +00002008 - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are
2009 using a real 'signal()' (Noticed by a NeXT Compile)
Damien Millerb5820f42003-12-17 16:27:32 +11002010
Darren Tucker4c568432003-12-09 19:01:51 +1100201120031209
2012 - (dtucker) OpenBSD CVS Sync
2013 - matthieu@cvs.openbsd.org 2003/11/25 23:10:08
2014 [ssh-add.1]
2015 ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
Darren Tucker37afa9d2003-12-09 19:05:42 +11002016 - djm@cvs.openbsd.org 2003/11/26 21:44:29
2017 [cipher-aes.c]
2018 fix #ifdef before #define; ok markus@
2019 (RCS ID sync only, Portable already had this)
Darren Tucker1fb04252003-12-09 19:07:13 +11002020 - markus@cvs.openbsd.org 2003/12/02 12:15:10
2021 [progressmeter.c]
2022 improvments from andreas@:
2023 * saner speed estimate for transfers that takes less than a second by
2024 rounding the time to 1 second.
2025 * when the transfer is finished calculate the actual total speed
2026 rather than the current speed which is given during the transfer
Darren Tucker3175eb92003-12-09 19:15:11 +11002027 - markus@cvs.openbsd.org 2003/12/02 17:01:15
2028 [channels.c session.c ssh-agent.c ssh.h sshd.c]
2029 use SSH_LISTEN_BACKLOG (=128) in listen(2).
Darren Tucker1cbc4442003-12-09 19:19:38 +11002030 - djm@cvs.openbsd.org 2003/12/07 06:34:18
2031 [moduli.c]
2032 remove unused debugging #define templates
Darren Tucker564f19e2003-12-09 19:18:07 +11002033 - markus@cvs.openbsd.org 2003/12/08 11:00:47
2034 [kexgexc.c]
2035 print requested group size in debug; ok djm
Darren Tucker5cd9d442003-12-10 00:54:38 +11002036 - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
2037 [moduli.c]
2038 Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
2039 they can't be used for Diffie-Hellman. Assistance and ok djm@
Darren Tuckera6153142003-12-10 00:52:37 +11002040 - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
Darren Tucker4c568432003-12-09 19:01:51 +11002041
Tim Rice88368a32003-12-08 12:35:59 -0800204220031208
2043 - (tim) [configure.ac] Bug 770. Fix --without-rpath.
2044
Damien Miller927f5272003-11-24 12:57:25 +1100204520031123
2046 - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own
2047 function and call it unconditionally
Damien Millere00074a2003-11-24 13:07:45 +11002048 - (djm) OpenBSD CVS Sync
2049 - djm@cvs.openbsd.org 2003/11/23 23:17:34
2050 [ssh-keyscan.c]
2051 from portable - use sysconf to detect fd limit; ok markus@
2052 (tidy diff by adding SSH_SSFDMAX macro to defines.h)
Damien Millera4b33df2003-11-24 13:09:27 +11002053 - djm@cvs.openbsd.org 2003/11/23 23:18:45
2054 [ssh-keygen.c]
2055 consistency PATH_MAX -> MAXPATHLEN; ok markus@
2056 (RCS ID sync only)
2057 - djm@cvs.openbsd.org 2003/11/23 23:21:21
2058 [scp.c]
2059 from portable: rename clashing variable limit-> limit_rate; ok markus@
2060 (RCS ID sync only)
Damien Millere0113cc2003-11-24 13:10:09 +11002061 - dtucker@cvs.openbsd.org 2003/11/24 00:16:35
2062 [ssh.1 ssh.c]
2063 Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
Damien Miller3db2e4d2003-11-24 13:33:34 +11002064 - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original
2065 source file path (in OpenBSD tree).
Damien Miller927f5272003-11-24 12:57:25 +11002066
Darren Tucker240fdfa2003-11-22 14:10:02 +1100206720031122
2068 - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@
Darren Tuckerd7634162003-11-22 14:16:56 +11002069 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
2070 Move AIX specific password authentication code to port-aix.c, call
2071 authenticate() until reenter flag is clear.
Darren Tucker4e06a1d2003-11-22 14:25:15 +11002072 - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
2073 Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
2074 is enabled, rely on SIA to check for locked accounts if enabled. ok djm@
Damien Miller4da295c2003-11-22 14:39:04 +11002075 - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch
Damien Miller841b9f12003-11-22 14:48:49 +11002076 - (djm) [sftp-int.c] Remove duplicated code from bogus sync
Damien Miller5924ceb2003-11-22 15:02:42 +11002077 - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code
Darren Tucker240fdfa2003-11-22 14:10:02 +11002078
Damien Miller8c5e91c2003-11-21 23:09:10 +1100207920031121
2080 - (djm) OpenBSD CVS Sync
2081 - markus@cvs.openbsd.org 2003/11/20 11:39:28
2082 [progressmeter.c]
2083 fix rounding errors; from andreas@
Damien Millera8e06ce2003-11-21 23:48:55 +11002084 - djm@cvs.openbsd.org 2003/11/21 11:57:03
2085 [everything]
2086 unexpand and delete whitespace at EOL; ok markus@
2087 (done locally and RCS IDs synced)
Damien Miller8c5e91c2003-11-21 23:09:10 +11002088
Darren Tucker18df00c2003-11-18 12:42:07 +1100208920031118
Damien Miller6aef38f2003-11-18 10:45:20 +11002090 - (djm) Fix early exit for root auth success when UsePAM=yes and
2091 PermitRootLogin=no
Darren Tucker18df00c2003-11-18 12:42:07 +11002092 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
Damien Miller4bb1dd32003-11-18 22:01:25 +11002093 and use it for do_pam_session. Fixes problems like pam_motd not
2094 displaying anything. ok djm@
Darren Tucker8a1624c2003-11-18 12:45:35 +11002095 - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@
Damien Miller4bb1dd32003-11-18 22:01:25 +11002096 - (djm) OpenBSD CVS Sync
2097 - dtucker@cvs.openbsd.org 2003/11/18 00:40:05
2098 [serverloop.c]
2099 Correct check for authctxt->valid. ok djm@
Damien Millerf96d1832003-11-18 22:01:48 +11002100 - djm@cvs.openbsd.org 2003/11/18 10:53:07
2101 [monitor.c]
2102 unbreak fake authloop for non-existent users (my screwup). Spotted and
2103 tested by dtucker@; ok markus@
Damien Miller6aef38f2003-11-18 10:45:20 +11002104
210520031117
Damien Miller3e8f41e2003-11-17 21:09:50 +11002106 - (djm) OpenBSD CVS Sync
2107 - djm@cvs.openbsd.org 2003/11/03 09:03:37
2108 [auth-chall.c]
2109 make this a little more idiot-proof; ok markus@
2110 (includes portable-specific changes)
Damien Miller5a388972003-11-17 21:10:47 +11002111 - jakob@cvs.openbsd.org 2003/11/03 09:09:41
2112 [sshconnect.c]
2113 move changed key warning into warn_changed_key(). ok markus@
Damien Miller8f746ec2003-11-17 21:11:15 +11002114 - jakob@cvs.openbsd.org 2003/11/03 09:37:32
2115 [sshconnect.c]
2116 do not free static type pointer in warn_changed_key()
Damien Miller3e3b5142003-11-17 21:13:40 +11002117 - djm@cvs.openbsd.org 2003/11/04 08:54:09
2118 [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
2119 [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
2120 [session.c]
2121 standardise arguments to auth methods - they should all take authctxt.
2122 check authctxt->valid rather then pw != NULL; ok markus@
Damien Millera9fcd3a2003-11-17 21:16:55 +11002123 - jakob@cvs.openbsd.org 2003/11/08 16:02:40
2124 [auth1.c]
2125 remove unused variable (pw). ok djm@
2126 (id sync only - still used in portable)
Damien Miller939cd382003-11-17 21:17:24 +11002127 - jmc@cvs.openbsd.org 2003/11/08 19:17:29
2128 [sftp-int.c]
2129 typos from Jonathon Gray;
Damien Millerf58b58c2003-11-17 21:18:23 +11002130 - jakob@cvs.openbsd.org 2003/11/10 16:23:41
2131 [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
2132 [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
2133 [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
2134 constify. ok markus@ & djm@
Damien Millerc1f27922003-11-17 21:19:05 +11002135 - dtucker@cvs.openbsd.org 2003/11/12 10:12:15
2136 [scp.c]
2137 When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
Damien Miller150b5572003-11-17 21:19:29 +11002138 - jakob@cvs.openbsd.org 2003/11/12 16:39:58
2139 [dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
2140 update SSHFP validation. ok markus@
Damien Millerfe448472003-11-17 21:19:49 +11002141 - jmc@cvs.openbsd.org 2003/11/12 20:14:51
2142 [ssh_config.5]
2143 make verb agree with subject, and kill some whitespace;
Damien Miller91c6aa42003-11-17 21:20:18 +11002144 - markus@cvs.openbsd.org 2003/11/14 13:19:09
2145 [sshconnect2.c]
2146 cleanup and minor fixes for the client code; from Simon Wilkinson
Damien Miller51bf11f2003-11-17 21:20:47 +11002147 - djm@cvs.openbsd.org 2003/11/17 09:45:39
2148 [msg.c msg.h sshconnect2.c ssh-keysign.c]
2149 return error on msg send/receive failure (rather than fatal); ok markus@
Damien Miller0425d402003-11-17 22:18:21 +11002150 - markus@cvs.openbsd.org 2003/11/17 11:06:07
2151 [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
2152 [monitor_wrap.h sshconnect2.c ssh-gss.h]
2153 replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
2154 test + ok jakob.
Damien Miller9bdba702003-11-17 21:27:55 +11002155 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
2156 conversation function
Damien Millerc756e9b2003-11-17 21:41:42 +11002157 - (djm) Export environment variables from authentication subprocess to
2158 parent. Part of Bug #717
Damien Miller3e8f41e2003-11-17 21:09:50 +11002159
Darren Tucker203c40b2003-11-15 12:13:16 +1100216020031115
2161 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
2162 HP-UX, skip test on AIX.
2163
Darren Tucker0947ddf2003-11-13 11:21:31 +1100216420031113
2165 - (dtucker) [auth-pam.c] Append newlines to lines output by the
2166 pam_chauthtok_conv().
Darren Tucker798ca842003-11-13 11:28:49 +11002167 - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All
2168 contrib/cygwin). Major update from vinschen at redhat.com.
2169 - Makefile provides a `cygwin-postinstall' target to run right after
2170 `make install'.
2171 - Better support for Windows 2003 Server.
2172 - Try to get permissions as correct as possible.
2173 - New command line options to allow full automated host configuration.
2174 - Create configs from skeletons in /etc/defaults/etc.
2175 - Use /bin/bash, allows reading user input with readline support.
2176 - Remove really old configs from /usr/local.
Darren Tuckerae52b7c2003-11-13 19:52:31 +11002177 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and
2178 PAM_ERROR_MSG messages.
Darren Tucker0947ddf2003-11-13 11:21:31 +11002179
Damien Miller418a3862003-11-06 20:27:51 +1100218020031106
2181 - (djm) Clarify UsePAM consequences a little more
2182
Darren Tucker7c582db2003-11-03 18:59:29 +1100218320031103
2184 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
2185 are created correctly with CRLF line terminations. Patch from vinschen at
2186 redhat.com.
Darren Tuckera47c9bc2003-11-03 20:03:25 +11002187 - (dtucker) OpenBSD CVS Sync
2188 - markus@cvs.openbsd.org 2003/10/15 09:48:45
2189 [monitor_wrap.c]
2190 check pmonitor != NULL
Darren Tucker8cc39782003-11-03 20:05:03 +11002191 - markus@cvs.openbsd.org 2003/10/21 09:50:06
2192 [auth2-gss.c]
2193 make sure the doid is larger than 2
Darren Tucker56afe142003-11-03 20:06:14 +11002194 - avsm@cvs.openbsd.org 2003/10/26 16:57:43
2195 [sshconnect2.c]
2196 rename 'supported' static var in userauth_gssapi() to 'gss_supported'
2197 to avoid shadowing the global version. markus@ ok
Darren Tucker6db8f932003-11-03 20:07:14 +11002198 - markus@cvs.openbsd.org 2003/10/28 09:08:06
2199 [misc.c]
2200 error->debug for getsockopt+TCP_NODELAY; several requests
Darren Tucker655a5e02003-11-03 20:09:03 +11002201 - markus@cvs.openbsd.org 2003/11/02 11:01:03
2202 [auth2-gss.c compat.c compat.h sshconnect2.c]
2203 remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
Darren Tuckerbe8a7712003-11-03 22:52:52 +11002204 - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid.
Darren Tucker7c582db2003-11-03 18:59:29 +11002205
Darren Tucker0d37b5c2003-10-21 12:41:14 +1000220620031021
2207 - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
2208 directly. Noted by Darren.Moffat at sun.com.
Darren Tuckerea4c6702003-10-21 22:27:08 +10002209 - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set,
2210 make agent setgid during test.
Darren Tucker0d37b5c2003-10-21 12:41:14 +10002211
Darren Tucker9568ad92003-10-17 16:32:11 +1000221220031017
2213 - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with
2214 MD5 passwords even if PAM support is enabled. From steev at detritus.net.
2215
Darren Tucker1f203942003-10-15 15:50:42 +1000221620031015
2217 - (dtucker) OpenBSD CVS Sync
2218 - jmc@cvs.openbsd.org 2003/10/08 08:27:36
2219 [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
2220 scp and sftp: add options list and sort options. options list requested
2221 by deraadt@
2222 sshd: use same format as ssh
2223 ssh: remove wrong option from list
2224 sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
2225 ok deraadt@ markus@
Darren Tuckera044f472003-10-15 15:52:03 +10002226 - markus@cvs.openbsd.org 2003/10/08 15:21:24
2227 [readconf.c ssh_config.5]
2228 default GSS API to no in client, too; ok jakob, deraadt@
Darren Tucker0a118da2003-10-15 15:54:32 +10002229 - markus@cvs.openbsd.org 2003/10/11 08:24:08
2230 [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
2231 remote x11 clients are now untrusted by default, uses xauth(8) to generate
2232 untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
2233 ok deraadt; feedback and ok djm/fries
Darren Tuckerd05b6012003-10-15 15:55:59 +10002234 - markus@cvs.openbsd.org 2003/10/11 08:26:43
2235 [sshconnect2.c]
2236 search keys in reverse order; fixes #684
Darren Tucker7eb3de02003-10-15 15:56:58 +10002237 - markus@cvs.openbsd.org 2003/10/11 11:36:23
2238 [monitor_wrap.c]
2239 return NULL for missing banner; ok djm@
Darren Tuckerf132c672003-10-15 15:58:18 +10002240 - jmc@cvs.openbsd.org 2003/10/12 13:12:13
2241 [ssh_config.5]
2242 note that EnableSSHKeySign should be in the non-hostspecific section;
2243 remove unnecessary .Pp;
2244 ok markus@
Darren Tuckerb370ca92003-10-15 15:59:26 +10002245 - markus@cvs.openbsd.org 2003/10/13 08:22:25
2246 [scp.1 sftp.1]
2247 don't refer to options related to forwarding; ok jmc@
Darren Tuckerdda19d62003-10-15 16:00:47 +10002248 - jakob@cvs.openbsd.org 2003/10/14 19:42:10
2249 [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
2250 include SSHFP lookup code (not enabled by default). ok markus@
Darren Tucker64b77bc2003-10-15 16:07:53 +10002251 - jakob@cvs.openbsd.org 2003/10/14 19:43:23
2252 [README.dns]
2253 update
Darren Tucker072a7b12003-10-15 16:10:25 +10002254 - markus@cvs.openbsd.org 2003/10/14 19:54:39
2255 [session.c ssh-agent.c]
2256 10X for mkdtemp; djm@
Darren Tucker5f88d342003-10-15 16:57:57 +10002257 - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
2258 openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
2259 compiled in but disabled in config.
Darren Tuckerc6020652003-10-15 17:48:20 +10002260 - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
Tim Rice6b1f8a32003-10-15 09:22:39 -07002261 - (tim) [regress/banner.sh] portability fix.
Darren Tucker1f203942003-10-15 15:50:42 +10002262
Darren Tucker6c0c0702003-10-09 14:13:53 +1000226320031009
2264 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
2265
Darren Tucker046dff22003-10-08 17:32:02 +1000226620031008
2267 - (dtucker) OpenBSD CVS Sync
2268 - dtucker@cvs.openbsd.org 2003/10/07 01:47:27
2269 [sshconnect2.c]
Darren Tucker79644822003-10-08 17:37:58 +10002270 Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 &
2271 #707. ok markus@
Darren Tucker64dbccc2003-10-08 17:34:38 +10002272 - djm@cvs.openbsd.org 2003/10/07 07:04:16
2273 [sftp-int.c]
2274 sftp quoting fix from admorten AT umich.edu; ok markus@
Darren Tucker79644822003-10-08 17:37:58 +10002275 - deraadt@cvs.openbsd.org 2003/10/07 21:58:28
2276 [sshconnect2.c]
2277 set ptr to NULL after free
Darren Tuckerdc001a52003-10-08 17:47:19 +10002278 - dtucker@cvs.openbsd.org 2003/10/07 01:52:13
2279 [regress/Makefile regress/banner.sh]
2280 Test SSH2 banner. ok markus@
Darren Tucker0240ff72003-10-08 17:52:10 +10002281 - djm@cvs.openbsd.org 2003/10/07 07:04:52
2282 [regress/sftp-cmds.sh]
2283 more sftp quoting regress tests; ok markus
Darren Tucker046dff22003-10-08 17:32:02 +10002284
Damien Miller6f1f6112003-10-07 10:18:22 +1000228520031007
2286 - (djm) Delete autom4te.cache after autoreconf
Darren Tucker8846a072003-10-07 11:30:15 +10002287 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
2288 cleanup functions. With & ok djm@
Darren Tuckerdfe6d912003-10-07 17:40:56 +10002289 - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a
2290 run-time switch, always build --with-md5-passwords.
Darren Tucker2e8c0cc2003-10-07 17:49:56 +10002291 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
2292 Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@
Darren Tucker3b2a06c2003-10-07 18:37:11 +10002293 - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID
2294 on Reliant Unix. Patch from Robert.Dahlem at siemens.com.
Darren Tucker89df7a32003-10-07 20:35:57 +10002295 - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on
2296 Reliant Unix. Based on patch from Robert.Dahlem at siemens.com.
Damien Miller6f1f6112003-10-07 10:18:22 +10002297
Darren Tucker4a250542003-10-03 17:57:24 +1000229820031003
Darren Tuckerf4bf5d02003-10-07 11:31:22 +10002299 - (dtucker) OpenBSD CVS Sync
Darren Tucker4a250542003-10-03 17:57:24 +10002300 - markus@cvs.openbsd.org 2003/10/02 10:41:59
2301 [sshd.c]
2302 print openssl version, too, several requests; ok henning/djm.
Darren Tuckere3ca82e2003-10-03 18:02:30 +10002303 - markus@cvs.openbsd.org 2003/10/02 08:26:53
2304 [ssh-gss.h]
2305 missing $OpenBSD:; dtucker
Tim Rice30aa44c2003-10-03 22:30:23 -07002306 - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default
2307 option.
Darren Tucker4a250542003-10-03 17:57:24 +10002308
Darren Tucker3e33cec2003-10-02 16:12:36 +1000230920031002
Darren Tuckerf4bf5d02003-10-07 11:31:22 +10002310 - (dtucker) OpenBSD CVS Sync
Darren Tucker3e33cec2003-10-02 16:12:36 +10002311 - markus@cvs.openbsd.org 2003/09/23 20:17:11
2312 [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
2313 cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
2314 monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
2315 ssh-agent.c sshd.c]
2316 replace fatal_cleanup() and linked list of fatal callbacks with static
2317 cleanup_exit() function. re-refine cleanup_exit() where appropriate,
2318 allocate sshd's authctxt eary to allow simpler cleanup in sshd.
2319 tested by many, ok deraadt@
Darren Tucker6cc310b2003-10-02 16:15:15 +10002320 - markus@cvs.openbsd.org 2003/09/23 20:18:52
2321 [progressmeter.c]
2322 don't print trailing \0; bug #709; Robert.Dahlem@siemens.com
2323 ok millert/deraadt@
Darren Tucker5dcdd212003-10-02 16:17:00 +10002324 - markus@cvs.openbsd.org 2003/09/23 20:41:11
2325 [channels.c channels.h clientloop.c]
2326 move client only agent code to clientloop.c
Darren Tucker8fca6b52003-10-02 16:18:22 +10002327 - markus@cvs.openbsd.org 2003/09/26 08:19:29
2328 [sshd.c]
2329 no need to set the listen sockets to non-block; ok deraadt@
Darren Tucker61776952003-10-02 16:19:47 +10002330 - jmc@cvs.openbsd.org 2003/09/29 11:40:51
2331 [ssh.1]
2332 - add list of options to -o and .Xr ssh_config(5)
2333 - some other cleanup
2334 requested by deraadt@;
2335 ok deraadt@ markus@
Darren Tuckera49d36e2003-10-02 16:20:54 +10002336 - markus@cvs.openbsd.org 2003/09/29 20:19:57
2337 [servconf.c sshd_config]
2338 GSSAPICleanupCreds -> GSSAPICleanupCredentials
Darren Tucker0ccb59b2003-10-02 16:26:34 +10002339 - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring
2340 --with-pam. ok djm@
Darren Tucker7596d682003-10-02 17:32:30 +10002341 - (dtucker) [ssh-gss.h] Prototype change missed in sync.
Darren Tuckerf391ba62003-10-02 20:07:09 +10002342 - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
2343 Based on patches by Matthias Koeppe and Thomas Baden. ok djm@
Darren Tucker3e33cec2003-10-02 16:12:36 +10002344
Ben Lindstromb210aa22003-09-30 23:49:06 +0000234520030930
2346 - (bal) Fix issues in openbsd-compat/realpath.c
2347
Darren Tuckerb88fcc72003-09-25 20:18:33 +1000234820030925
2349 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove
2350 DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from
2351 michael_steffens at hp.com, ok djm@
Tim Riced4d18152003-09-25 19:04:34 -07002352 - (tim) [sshd_config] UsePAM defaults to no.
Darren Tuckerb88fcc72003-09-25 20:18:33 +10002353
Damien Millerdbb10472003-09-24 08:30:18 +1000235420030924
2355 - (djm) Update version.h and spec files for HEAD
Darren Tuckerbeaf6792003-09-24 20:03:48 +10002356 - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6.
Damien Millerdbb10472003-09-24 08:30:18 +10002357
Darren Tucker782390e2003-09-22 10:58:55 +1000235820030923
Darren Tucker8a49dd12003-09-22 10:59:34 +10002359 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree
Darren Tucker782390e2003-09-22 10:58:55 +10002360 builds. Portability corrections from tim@.
Tim Rice480ef8d2003-09-21 21:38:11 -07002361 - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X.
Darren Tucker20379a32003-09-22 11:07:40 +10002362 Patch from max at quendi.de.
Darren Tuckered92b212003-09-22 11:26:16 +10002363 - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi.
2364 - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64.
Darren Tucker00130112003-09-22 11:40:24 +10002365 - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS.
2366 Patch from david.haughton at ncr.com
Darren Tuckerbe79af12003-09-22 11:58:21 +10002367 - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6.
2368 Part of patch supplied by bugzilla-openssh at thewrittenword.com
Darren Tuckerd5e082f2003-09-22 12:08:23 +10002369 - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c
2370 openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with
2371 where gai_strerror is defined as "const char *". Part of patch supplied
2372 by bugzilla-openssh at thewrittenword.com
Darren Tucker8daf4b42003-09-22 12:32:00 +10002373 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update
2374 ssh-host-config to match current defaults, bump README version. Patch from
2375 vinschen at redhat.com.
Darren Tuckerfbe3b362003-09-22 12:54:37 +10002376 - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the
2377 OS does not support permanently dropping privileges. Patch from
2378 vinschen at redhat.com.
Darren Tucker051c2702003-09-22 13:05:26 +10002379 - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
2380 add canohost.h to stop warning. Based on patch from openssh-unix-dev at
2381 thewrittenword.com
Darren Tucker42d30822003-09-22 13:28:36 +10002382 - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or
2383 higher.
Tim Rice7a74c6b2003-09-21 21:00:59 -07002384 - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/
Tim Rice480ef8d2003-09-21 21:38:11 -07002385 - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN.
2386 Report by distler AT golem ph utexas edu.
Darren Tucker220bf132003-09-22 20:41:40 +10002387 - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from
2388 article by genty at austin.ibm.com, included with the author's permission.
Darren Tuckerbd5361b2003-09-22 20:59:16 +10002389 - (dtucker) OpenBSD CVS Sync
2390 - markus@cvs.openbsd.org 2003/09/18 07:52:54
2391 [sshconnect.c]
2392 missing {}; bug #656; jclonguet at free.fr
Darren Tuckerd2730d32003-09-22 21:00:19 +10002393 - markus@cvs.openbsd.org 2003/09/18 07:54:48
2394 [buffer.c]
2395 protect against double free; #660; zardoz at users.sf.net
Darren Tuckerd1d41b32003-09-22 21:01:27 +10002396 - markus@cvs.openbsd.org 2003/09/18 07:56:05
2397 [authfile.c]
2398 missing buffer_free(&encrypted); #662; zardoz at users.sf.net
Darren Tuckerfb16b242003-09-22 21:04:23 +10002399 - markus@cvs.openbsd.org 2003/09/18 08:49:45
2400 [deattack.c misc.c session.c ssh-agent.c]
2401 more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
2402 ok millert@
Darren Tuckerc0815c92003-09-22 21:05:50 +10002403 - miod@cvs.openbsd.org 2003/09/18 13:02:21
2404 [authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
2405 A few signedness fixes for harmless situations; markus@ ok
Darren Tuckera8151da2003-09-22 21:06:46 +10002406 - markus@cvs.openbsd.org 2003/09/19 09:02:02
2407 [packet.c]
2408 buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471
Darren Tucker631a4a92003-09-22 21:08:21 +10002409 - markus@cvs.openbsd.org 2003/09/19 09:03:00
2410 [buffer.c]
2411 sign fix in buffer_dump; Jedi/Sector One; pr 3473
Darren Tucker6fa8abd2003-09-22 21:10:21 +10002412 - markus@cvs.openbsd.org 2003/09/19 11:29:40
2413 [ssh-agent.c]
2414 provide a ssh-agent specific fatal() function; ok deraadt
Darren Tucker3d326222003-09-22 21:11:20 +10002415 - markus@cvs.openbsd.org 2003/09/19 11:30:39
2416 [ssh-keyscan.c]
2417 avoid fatal_cleanup, just call exit(); ok deraadt
Darren Tucker3dbff2a2003-09-22 21:12:56 +10002418 - markus@cvs.openbsd.org 2003/09/19 11:31:33
2419 [channels.c]
2420 do not call channel_free_all on fatal; ok deraadt
Darren Tuckeraaa56cb2003-09-22 21:13:59 +10002421 - markus@cvs.openbsd.org 2003/09/19 11:33:09
2422 [packet.c sshd.c]
2423 do not call packet_close on fatal; ok deraadt
Darren Tucker8654d162003-09-22 21:14:55 +10002424 - markus@cvs.openbsd.org 2003/09/19 17:40:20
2425 [scp.c]
2426 error handling for remote-remote copy; #638; report Harald Koenig;
2427 ok millert, fgs, henning, deraadt
Darren Tucker9a2c4cd2003-09-22 21:16:05 +10002428 - markus@cvs.openbsd.org 2003/09/19 17:43:35
2429 [clientloop.c sshtty.c sshtty.h]
2430 remove fatal callbacks from client code; ok deraadt
Ben Lindstromda4d9cf2003-09-22 15:36:15 +00002431 - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john
2432 on #unixhelp@efnet
Tim Rice7ff4e6d2003-09-22 19:50:14 -07002433 - (tim) [configure.ac] add --disable-etc-default-login option. ok djm
Damien Miller5c3a5582003-09-23 22:12:38 +10002434 - (djm) Sync with V_3_7 branch:
2435 - (djm) Fix SSH1 challenge kludge
2436 - (djm) Bug #671: Fix builds on OpenBSD
2437 - (djm) Bug #676: Fix PAM stack corruption
2438 - (djm) Fix bad free() in PAM code
2439 - (djm) Don't call pam_end before pam_init
2440 - (djm) Enable build with old OpenSSL again
2441 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2442 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
Darren Tucker782390e2003-09-22 10:58:55 +10002443
Darren Tucker48554152005-04-21 19:50:55 +10002444$Id: ChangeLog,v 1.3745 2005/04/21 09:50:55 dtucker Exp $