blob: a37d7b4eca40b8b37a08a9f2669ef67e560008a5 [file] [log] [blame]
Damien Miller4e997202000-07-09 21:21:52 +1000120000709
2 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
3 Kevin Steves <stevesk@sweden.hp.com>
4
Damien Millerce40c702000-07-08 10:14:08 +1000520000708
6 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
7 Aaron Hopkins <aaron@die.net>
Damien Miller90dcc052000-07-08 10:17:40 +10008 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
9 Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
Damien Millerfe668e42000-07-08 10:44:13 +100010 - (djm) Fixed undefined variables for OSF SIA. Report from
11 Baars, Henk <Hendrik.Baars@nl.origin-it.com>
Damien Millerf2fdbe52000-07-08 10:57:08 +100012 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
13 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
Damien Miller8e394e72000-07-08 11:50:37 +100014 - (djm) Don't use inet_addr.
Damien Millerce40c702000-07-08 10:14:08 +100015
Damien Miller9b6d4ab2000-07-02 08:43:18 +10001620000702
17 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
Damien Millerc7088432000-07-02 18:44:54 +100018 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
19 on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
Damien Miller484118e2000-07-02 19:13:56 +100020 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
21 Chris, the Young One <cky@pobox.com>
Damien Miller0809a0a2000-07-02 19:33:54 +100022 - (djm) Fix scp progress meter on really wide terminals. Based on patch
23 from James H. Cloos Jr. <cloos@jhcloos.com>
Damien Miller9b6d4ab2000-07-02 08:43:18 +100024
Damien Millerd8cfda62000-07-01 12:56:09 +10002520000701
26 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
Damien Miller8e81ed32000-07-01 13:17:42 +100027 - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
Damien Miller28adeef2000-07-01 13:29:26 +100028 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
29 <vinschen@cygnus.com>
Damien Miller7b413d22000-07-01 13:24:21 +100030 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
Damien Millercb170cb2000-07-01 16:52:55 +100031 - (djm) Added check for broken snprintf() functions which do not correctly
32 terminate output string and attempt to use replacement.
Damien Millerc9270992000-07-01 19:42:32 +100033 - (djm) Released 2.1.1p2
Damien Millerd8cfda62000-07-01 12:56:09 +100034
Damien Miller53c5d462000-06-28 00:50:50 +10003520000628
36 - (djm) Fixes to lastlog code for Irix
37 - (djm) Use atomicio in loginrec
Damien Miller91606b12000-06-28 08:22:29 +100038 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
39 Irix 6.x array sessions, project id's, and system audit trail id.
Damien Miller262ff172000-06-28 08:24:49 +100040 - (djm) Added 'distprep' make target to simplify packaging
Damien Millerb8c656e2000-06-28 15:22:41 +100041 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
42 support. Enable using "USE_SIA=1 ./configure [options]"
43
Damien Millerf8af08d2000-06-27 09:40:06 +10004420000627
45 - (djm) Fixes to login code - not setting li->uid, cleanups
Damien Millerdd47aa22000-06-27 11:18:27 +100046 - (djm) Formatting
Damien Millerf8af08d2000-06-27 09:40:06 +100047
Damien Miller8dd33fd2000-06-26 10:20:19 +10004820000626
Damien Millerc0fd17f2000-06-26 10:22:53 +100049 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
Damien Miller1f335fb2000-06-26 11:31:33 +100050 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
51 - (djm) Added password expiry checking (no password change support)
Damien Miller64681252000-06-26 13:01:33 +100052 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
53 based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
Damien Miller08006472000-06-26 13:55:31 +100054 - (djm) Fix fixed EGD code.
Damien Millerc0fd17f2000-06-26 10:22:53 +100055 - OpenBSD CVS update
56 - provos@cvs.openbsd.org 2000/06/25 14:17:58
57 [channels.c]
58 correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
59
Damien Millerb54b40e2000-06-23 08:23:34 +10006020000623
61 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
62 Svante Signell <svante.signell@telia.com>
63 - (djm) Autoconf logic to define sa_family_t if it is missing
Damien Millerbf7f4662000-06-23 10:16:38 +100064 - OpenBSD CVS Updates:
65 - markus@cvs.openbsd.org 2000/06/22 10:32:27
66 [sshd.c]
67 missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
68 - djm@cvs.openbsd.org 2000/06/22 17:55:00
69 [auth-krb4.c key.c radix.c uuencode.c]
70 Missing CVS idents; ok markus
Damien Millerb54b40e2000-06-23 08:23:34 +100071
Damien Miller099f5052000-06-22 20:57:11 +10007220000622
73 - (djm) Automatically generate host key during "make install". Suggested
74 by Gary E. Miller <gem@rellim.com>
75 - (djm) Paranoia before kill() system call
Damien Miller6536c7d2000-06-22 21:32:31 +100076 - OpenBSD CVS Updates:
77 - markus@cvs.openbsd.org 2000/06/18 18:50:11
78 [auth2.c compat.c compat.h sshconnect2.c]
79 make userauth+pubkey interop with ssh.com-2.2.0
80 - markus@cvs.openbsd.org 2000/06/18 20:56:17
81 [dsa.c]
82 mem leak + be more paranoid in dsa_verify.
83 - markus@cvs.openbsd.org 2000/06/18 21:29:50
84 [key.c]
85 cleanup fingerprinting, less hardcoded sizes
86 - markus@cvs.openbsd.org 2000/06/19 19:39:45
87 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
88 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
89 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
90 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
91 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
92 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
93 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
94 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
95 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
96 OpenBSD tag
97 - markus@cvs.openbsd.org 2000/06/21 10:46:10
98 sshconnect2.c missing free; nuke old comment
Damien Miller099f5052000-06-22 20:57:11 +100099
Damien Milleredb82922000-06-20 13:25:52 +100010020000620
101 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
102 with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx>
103 to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
Damien Miller2f022952000-06-20 13:50:01 +1000104 - (djm) Typo in loginrec.c
Damien Milleredb82922000-06-20 13:25:52 +1000105
Damien Miller7b22d652000-06-18 14:07:04 +100010620000618
107 - (djm) Add summary of configure options to end of ./configure run
108 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
109 Michael Stone <mstone@cs.loyola.edu>
110 - (djm) rusage is a privileged operation on some Unices (incl.
111 Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
112 - (djm) Avoid PAM failures when running without a TTY. Report from
113 Martin Petrak <petrak@spsknm.schools.sk>
114 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
115 Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
Damien Miller0f91b4e2000-06-18 15:43:25 +1000116 - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
Damien Millerf6d9e222000-06-18 14:50:44 +1000117 - OpenBSD CVS updates:
118 - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
119 [channels.c]
120 everyone says "nix it" (remove protocol 2 debugging message)
121 - markus@cvs.openbsd.org 2000/06/17 13:24:34
122 [sshconnect.c]
123 allow extended server banners
124 - markus@cvs.openbsd.org 2000/06/17 14:30:10
125 [sshconnect.c]
126 missing atomicio, typo
127 - jakob@cvs.openbsd.org 2000/06/17 16:52:34
128 [servconf.c servconf.h session.c sshd.8 sshd_config]
129 add support for ssh v2 subsystems. ok markus@.
130 - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
131 [readconf.c servconf.c]
132 include = in WHITESPACE; markus ok
133 - markus@cvs.openbsd.org 2000/06/17 19:09:10
134 [auth2.c]
135 implement bug compatibility with ssh-2.0.13 pubkey, server side
136 - markus@cvs.openbsd.org 2000/06/17 21:00:28
137 [compat.c]
138 initial support for ssh.com's 2.2.0
139 - markus@cvs.openbsd.org 2000/06/17 21:16:09
140 [scp.c]
141 typo
142 - markus@cvs.openbsd.org 2000/06/17 22:05:02
143 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
144 split auth-rsa option parsing into auth-options
145 add options support to authorized_keys2
146 - markus@cvs.openbsd.org 2000/06/17 22:42:54
147 [session.c]
148 typo
Damien Miller7b22d652000-06-18 14:07:04 +1000149
Damien Millera66626b2000-06-13 18:57:53 +100015020000613
151 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
152 - Platform define for SCO 3.x which breaks on /dev/ptmx
153 - Detect and try to fix missing MAXPATHLEN
Damien Miller1a132252000-06-13 21:23:17 +1000154 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
155 <P.S.S.Camp@ukc.ac.uk>
Damien Millera66626b2000-06-13 18:57:53 +1000156
Damien Millere69f18c2000-06-12 16:38:54 +100015720000612
158 - (djm) Glob manpages in RPM spec files to catch compressed files
159 - (djm) Full license in auth-pam.c
Damien Millerc29de952000-06-12 23:04:18 +1000160 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
andre35ad6be2000-06-12 22:41:27 +0000161 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
162 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
163 def'd
164 - Set AIX to use preformatted manpages
165
Damien Millerc601a752000-06-10 08:33:38 +100016620000610
167 - (djm) Minor doc tweaks
Damien Millerd900e452000-06-10 16:51:33 +1000168 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
Damien Millerc601a752000-06-10 08:33:38 +1000169
Damien Millera1cb6442000-06-09 11:58:35 +100017020000609
171 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
172 (in favour of utmpx) on Solaris 8
173
Damien Millere37bfc12000-06-05 09:37:43 +100017420000606
Damien Miller14c12cb2000-06-07 22:20:23 +1000175 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
176 list of commands (by default). Removed verbose debugging (by default).
177 - (djm) Increased command entropy estimates and default entropy collection
178 timeout
Damien Millerd5bf3072000-06-07 21:32:13 +1000179 - (djm) Remove duplicate headers from loginrec.c
Damien Miller9e110892000-06-07 21:05:46 +1000180 - (djm) Don't add /usr/local/lib to library search path on Irix
Damien Millerd3a18572000-06-07 19:55:44 +1000181 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
182 <tibbs@math.uh.edu>
Damien Miller5314ae72000-06-07 20:08:19 +1000183 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
184 <zack@wolery.cumb.org>
Damien Millerd3a18572000-06-07 19:55:44 +1000185 - (djm) OpenBSD CVS updates:
186 - todd@cvs.openbsd.org
187 [sshconnect2.c]
188 teach protocol v2 to count login failures properly and also enable an
189 explanation of why the password prompt comes up again like v1; this is NOT
190 crypto
191 - markus@cvs.openbsd.org
192 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
193 xauth_location support; pr 1234
194 [readconf.c sshconnect2.c]
195 typo, unused
196 [session.c]
197 allow use_login only for login sessions, otherwise remote commands are
198 execed with uid==0
199 [sshd.8]
200 document UseLogin better
201 [version.h]
202 OpenSSH 2.1.1
203 [auth-rsa.c]
204 fix match_hostname() logic for auth-rsa: deny access if we have a
205 negative match or no match at all
206 [channels.c hostfile.c match.c]
207 don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
208 kris@FreeBSD.org
209
21020000606
Damien Millere37bfc12000-06-05 09:37:43 +1000211 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
212 configure.
213
Damien Miller2994e082000-06-04 15:51:47 +100021420000604
215 - Configure tweaking for new login code on Irix 5.3
andrea86c7ec2000-06-04 17:00:15 +0000216 - (andre) login code changes based on djm feedback
Damien Miller2994e082000-06-04 15:51:47 +1000217
andrea86c7ec2000-06-04 17:00:15 +000021820000603
219 - (andre) New login code
220 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
221 - Add loginrec.[ch], logintest.c and autoconf code
222
Damien Miller2f6a0ad2000-05-31 11:20:11 +100022320000531
224 - Cleanup of auth.c, login.c and fake-*
225 - Cleanup of auth-pam.c, save and print "account expired" error messages
Damien Miller1ea8ac72000-05-31 11:24:34 +1000226 - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
Damien Miller1c773922000-05-31 13:57:18 +1000227 - Rewrote bsd-login to use proper utmp API if available. Major cleanup
228 of fallback DIY code.
Damien Miller2f6a0ad2000-05-31 11:20:11 +1000229
Damien Millerbe260a02000-05-30 12:57:46 +100023020000530
231 - Define atexit for old Solaris
Damien Millerc252e2e2000-05-30 13:12:46 +1000232 - Fix buffer overrun in login.c for systems which use syslen in utmpx.
233 patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
Damien Millerb1715dc2000-05-30 13:44:51 +1000234 - OpenBSD CVS updates:
235 - markus@cvs.openbsd.org
236 [session.c]
237 make x11-fwd work w/ localhost (xauth add host/unix:11)
238 [cipher.c compat.c readconf.c servconf.c]
239 check strtok() != NULL; ok niels@
240 [key.c]
241 fix key_read() for uuencoded keys w/o '='
242 [serverloop.c]
243 group ssh1 vs. ssh2 in serverloop
244 [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
245 split kexinit/kexdh, factor out common code
246 [readconf.c ssh.1 ssh.c]
247 forwardagent defaults to no, add ssh -A
248 - theo@cvs.openbsd.org
249 [session.c]
250 just some line shortening
Damien Miller03934f22000-05-30 14:01:10 +1000251 - Released 2.1.0p3
Damien Millerbe260a02000-05-30 12:57:46 +1000252
Damien Millerd999ae22000-05-20 12:49:31 +100025320000520
254 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
Damien Millerad1bc5f2000-05-20 14:53:09 +1000255 - Don't touch utmp if USE_UTMPX defined
Damien Millerdfc83f42000-05-20 15:02:59 +1000256 - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
Damien Millerfda78d92000-05-20 15:33:44 +1000257 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
258 - HPUX and Configure fixes from Lutz Jaenicke
259 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
260 - Use mkinstalldirs script to make directories instead of non-portable
261 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
Damien Miller7b63b0f2000-05-20 15:41:26 +1000262 - Doc cleanup
Damien Millerd999ae22000-05-20 12:49:31 +1000263
Damien Milleref7df542000-05-19 00:03:23 +100026420000518
265 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
266 - OpenBSD CVS updates:
267 - markus@cvs.openbsd.org
268 [sshconnect.c]
269 copy only ai_addrlen bytes; misiek@pld.org.pl
270 [auth.c]
271 accept an empty shell in authentication; bug reported by
272 chris@tinker.ucr.edu
273 [serverloop.c]
274 we don't have stderr for interactive terminal sessions (fcntl errors)
275
Damien Miller8d1fd572000-05-17 21:34:07 +100027620000517
277 - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
278 - Fixes command line printing segfaults (spotter: Bladt Norbert)
279 - Fixes erroneous printing of debug messages to syslog
280 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
281 - Gives useful error message if PRNG initialisation fails
282 - Reduced ssh startup delay
283 - Measures cumulative command time rather than the time between reads
284 after select()
285 - 'fixprogs' perl script to eliminate non-working entropy commands, and
286 optionally run 'ent' to measure command entropy
Damien Millerd2c208a2000-05-17 22:00:02 +1000287 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
Damien Millerf3c6cf12000-05-17 22:08:29 +1000288 - Avoid WCOREDUMP complation errors for systems that lack it
289 - Avoid SIGCHLD warnings from entropy commands
Damien Miller0e65eed2000-05-17 22:16:05 +1000290 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
Damien Millerdcb6ecd2000-05-17 22:34:22 +1000291 - OpenBSD CVS update:
292 - markus@cvs.openbsd.org
293 [ssh.c]
294 fix usage()
295 [ssh2.h]
296 draft-ietf-secsh-architecture-05.txt
297 [ssh.1]
298 document ssh -T -N (ssh2 only)
299 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
300 enable nonblocking IO for sshd w/ proto 1, too; split out common code
301 [aux.c]
302 missing include
Damien Miller615f9392000-05-17 22:53:33 +1000303 - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
304 - INSTALL typo and URL fix
305 - Makefile fix
306 - Solaris fixes
307 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
308 <ksakai@kso.netwk.ntt-at.co.jp>
Damien Millerc4be7ce2000-05-17 23:02:03 +1000309 - RSAless operation patch from kevin_oconnor@standardandpoors.com
Damien Miller3b512e12000-05-17 23:29:18 +1000310 - Detect OpenSSL seperatly from RSA
311 - Better test for RSA (more compatible with RSAref). Based on work by
312 Ed Eden <ede370@stl.rural.usda.gov>
Damien Miller8d1fd572000-05-17 21:34:07 +1000313
Damien Miller95fe91b2000-05-13 12:31:22 +100031420000513
315 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
316 <misiek@pld.org.pl>
317
Damien Milleraccfeb32000-05-11 19:10:58 +100031820000511
319 - Fix for prng_seed permissions checking from Lutz Jaenicke
320 <Lutz.Jaenicke@aet.TU-Cottbus.DE>
Damien Miller95fe91b2000-05-13 12:31:22 +1000321 - "make host-key" fix for Irix
Damien Milleraccfeb32000-05-11 19:10:58 +1000322
Damien Miller30c3d422000-05-09 11:02:59 +100032320000509
324 - OpenBSD CVS update
325 - markus@cvs.openbsd.org
326 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
327 [ssh.h sshconnect1.c sshconnect2.c sshd.8]
328 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
329 - hugh@cvs.openbsd.org
330 [ssh.1]
331 - zap typo
332 [ssh-keygen.1]
333 - One last nit fix. (markus approved)
334 [sshd.8]
335 - some markus certified spelling adjustments
336 - markus@cvs.openbsd.org
337 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
338 [sshconnect2.c ]
339 - bug compat w/ ssh-2.0.13 x11, split out bugs
340 [nchan.c]
341 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
342 [ssh-keygen.c]
343 - handle escapes in real and original key format, ok millert@
344 [version.h]
345 - OpenSSH-2.1
Damien Miller16e519c2000-05-09 14:28:55 +1000346 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
Damien Miller54057c22000-05-09 15:03:37 +1000347 - Doc updates
Damien Miller95e89632000-05-09 15:28:50 +1000348 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
349 by Andre Lucas <andre.lucas@dial.pipex.com>
Damien Miller30c3d422000-05-09 11:02:59 +1000350
Damien Miller58e579b2000-05-08 00:05:31 +100035120000508
352 - Makefile and RPM spec fixes
353 - Generate DSA host keys during "make key" or RPM installs
Damien Miller6d488712000-05-08 13:44:52 +1000354 - OpenBSD CVS update
355 - markus@cvs.openbsd.org
356 [clientloop.c sshconnect2.c]
357 - make x11-fwd interop w/ ssh-2.0.13
358 [README.openssh2]
359 - interop w/ SecureFX
360 - Release 2.0.0beta2
Damien Miller58e579b2000-05-08 00:05:31 +1000361
Damien Miller61e50f12000-05-08 20:49:37 +1000362 - Configure caching and cleanup patch from Andre Lucas'
363 <andre.lucas@dial.pipex.com>
364
Damien Millere247cc42000-05-07 12:03:14 +100036520000507
366 - Remove references to SSLeay.
367 - Big OpenBSD CVS update
368 - markus@cvs.openbsd.org
369 [clientloop.c]
370 - typo
371 [session.c]
372 - update proctitle on pty alloc/dealloc, e.g. w/ windows client
373 [session.c]
374 - update proctitle for proto 1, too
375 [channels.h nchan.c serverloop.c session.c sshd.c]
376 - use c-style comments
377 - deraadt@cvs.openbsd.org
378 [scp.c]
379 - more atomicio
380 - markus@cvs.openbsd.org
381 [channels.c]
382 - set O_NONBLOCK
383 [ssh.1]
384 - update AUTHOR
385 [readconf.c ssh-keygen.c ssh.h]
386 - default DSA key file ~/.ssh/id_dsa
387 [clientloop.c]
388 - typo, rm verbose debug
389 - deraadt@cvs.openbsd.org
390 [ssh-keygen.1]
391 - document DSA use of ssh-keygen
392 [sshd.8]
393 - a start at describing what i understand of the DSA side
394 [ssh-keygen.1]
395 - document -X and -x
396 [ssh-keygen.c]
397 - simplify usage
398 - markus@cvs.openbsd.org
399 [sshd.8]
400 - there is no rhosts_dsa
401 [ssh-keygen.1]
402 - document -y, update -X,-x
403 [nchan.c]
404 - fix close for non-open ssh1 channels
405 [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
406 - s/DsaKey/HostDSAKey/, document option
407 [sshconnect2.c]
408 - respect number_of_password_prompts
409 [channels.c channels.h servconf.c servconf.h session.c sshd.8]
410 - GatewayPorts for sshd, ok deraadt@
411 [ssh-add.1 ssh-agent.1 ssh.1]
412 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
413 [ssh.1]
414 - more info on proto 2
415 [sshd.8]
416 - sync AUTHOR w/ ssh.1
417 [key.c key.h sshconnect.c]
418 - print key type when talking about host keys
419 [packet.c]
420 - clear padding in ssh2
421 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
422 - replace broken uuencode w/ libc b64_ntop
423 [auth2.c]
424 - log failure before sending the reply
425 [key.c radix.c uuencode.c]
426 - remote trailing comments before calling __b64_pton
427 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
428 [sshconnect2.c sshd.8]
429 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
430 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
431
Damien Miller63560f92000-05-02 09:06:04 +100043220000502
Damien Miller6f83b8e2000-05-02 09:23:45 +1000433 - OpenBSD CVS update
434 [channels.c]
435 - init all fds, close all fds.
436 [sshconnect2.c]
437 - check whether file exists before asking for passphrase
438 [servconf.c servconf.h sshd.8 sshd.c]
439 - PidFile, pr 1210
440 [channels.c]
441 - EINTR
442 [channels.c]
443 - unbreak, ok niels@
444 [sshd.c]
445 - unlink pid file, ok niels@
446 [auth2.c]
447 - Add missing #ifdefs; ok - markus
Damien Miller0437b332000-05-02 09:56:41 +1000448 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
449 gathering commands from a text file
Damien Miller63560f92000-05-02 09:06:04 +1000450 - Release 2.0.0beta1
451
Damien Miller7c8af4f2000-05-01 08:24:07 +100045220000501
453 - OpenBSD CVS update
454 [packet.c]
455 - send debug messages in SSH2 format
Damien Miller35dabd02000-05-01 21:10:33 +1000456 [scp.c]
457 - fix very rare EAGAIN/EINTR issues; based on work by djm
458 [packet.c]
459 - less debug, rm unused
460 [auth2.c]
461 - disable kerb,s/key in ssh2
462 [sshd.8]
463 - Minor tweaks and typo fixes.
464 [ssh-keygen.c]
465 - Put -d into usage and reorder. markus ok.
Damien Millere59ce622000-05-01 20:54:17 +1000466 - Include missing headers for OpenSSL tests. Fix from Phil Karn
467 <karn@ka9q.ampr.org>
Damien Miller70fb6712000-05-01 20:59:50 +1000468 - Fixed __progname symbol collisions reported by Andre Lucas
469 <andre.lucas@dial.pipex.com>
Damien Miller0e489dc2000-05-01 22:53:53 +1000470 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
471 <gd@hilb1.medat.de>
Damien Miller1cead2c2000-05-01 22:55:23 +1000472 - Add some missing ifdefs to auth2.c
Damien Miller7c004262000-05-01 22:57:46 +1000473 - Deprecate perl-tk askpass.
Damien Millerfc0b11b2000-05-02 00:03:55 +1000474 - Irix portability fixes - don't include netinet headers more than once
475 - Make sure we don't save PRNG seed more than once
Damien Miller7c8af4f2000-05-01 08:24:07 +1000476
Damien Miller1bead332000-04-30 00:47:29 +100047720000430
478 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
Damien Miller4018c192000-04-30 09:30:44 +1000479 - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
480 patch.
481 - Adds timeout to entropy collection
482 - Disables slow entropy sources
483 - Load and save seed file
484 - Changed entropy seed code to user per-user seeds only (server seed is
485 saved in root's .ssh directory)
486 - Use atexit() and fatal cleanups to save seed on exit
Damien Millerbd483e72000-04-30 10:00:53 +1000487 - More OpenBSD updates:
488 [session.c]
489 - don't call chan_write_failed() if we are not writing
490 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
491 - keysize warnings error() -> log()
Damien Miller1bead332000-04-30 00:47:29 +1000492
Damien Millereba71ba2000-04-29 23:57:08 +100049320000429
494 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
495 [README.openssh2]
496 - interop w/ F-secure windows client
497 - sync documentation
498 - ssh_host_dsa_key not ssh_dsa_key
499 [auth-rsa.c]
500 - missing fclose
501 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
502 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
503 [sshd.c uuencode.c uuencode.h authfile.h]
504 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
505 for trading keys with the real and the original SSH, directly from the
506 people who invented the SSH protocol.
507 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
508 [sshconnect1.c sshconnect2.c]
509 - split auth/sshconnect in one file per protocol version
510 [sshconnect2.c]
511 - remove debug
512 [uuencode.c]
513 - add trailing =
514 [version.h]
515 - OpenSSH-2.0
516 [ssh-keygen.1 ssh-keygen.c]
517 - add -R flag: exit code indicates if RSA is alive
518 [sshd.c]
519 - remove unused
520 silent if -Q is specified
521 [ssh.h]
522 - host key becomes /etc/ssh_host_dsa_key
523 [readconf.c servconf.c ]
524 - ssh/sshd default to proto 1 and 2
525 [uuencode.c]
526 - remove debug
527 [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
528 - xfree DSA blobs
529 [auth2.c serverloop.c session.c]
530 - cleanup logging for sshd/2, respect PasswordAuth no
531 [sshconnect2.c]
532 - less debug, respect .ssh/config
533 [README.openssh2 channels.c channels.h]
534 - clientloop.c session.c ssh.c
535 - support for x11-fwding, client+server
536
Damien Millera552faf2000-04-21 15:55:20 +100053720000421
538 - Merge fix from OpenBSD CVS
539 [ssh-agent.c]
540 - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
541 via Debian bug #59926
Damien Miller81171112000-04-23 11:14:01 +1000542 - Define __progname in session.c if libc doesn't
543 - Remove indentation on autoconf #include statements to avoid bug in
544 DEC Tru64 compiler. Report and fix from David Del Piero
545 <David.DelPiero@qed.qld.gov.au>
Damien Millera552faf2000-04-21 15:55:20 +1000546
Damien Miller3ef692a2000-04-20 07:33:24 +100054720000420
548 - Make fixpaths work with perl4, patch from Andre Lucas
549 <andre.lucas@dial.pipex.com>
Damien Miller166fca82000-04-20 07:42:21 +1000550 - Sync with OpenBSD CVS:
551 [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
552 - pid_t
553 [session.c]
554 - remove bogus chan_read_failed. this could cause data
555 corruption (missing data) at end of a SSH2 session.
Damien Millerd0cff3e2000-04-20 23:12:58 +1000556 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
557 - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
558 - Use vhangup to clean up Linux ttys
559 - Force posix getopt processing on GNU libc systems
Damien Millercfabe862000-04-20 23:27:27 +1000560 - Debian bug #55910 - remove references to ssl(8) manpages
Damien Millerf3a3fee2000-04-20 23:32:48 +1000561 - Debian bug #58031 - ssh_config lies about default cipher
Damien Miller3ef692a2000-04-20 07:33:24 +1000562
Damien Miller8bb73be2000-04-19 16:26:12 +100056320000419
564 - OpenBSD CVS updates
565 [channels.c]
566 - fix pr 1196, listen_port and port_to_connect interchanged
567 [scp.c]
568 - after completion, replace the progress bar ETA counter with a final
569 elapsed time; my idea, aaron wrote the patch
570 [ssh_config sshd_config]
571 - show 'Protocol' as an example, ok markus@
572 [sshd.c]
573 - missing xfree()
574 - Add missing header to bsd-misc.c
575
Damien Miller5f056372000-04-16 12:31:48 +100057620000416
577 - Reduce diff against OpenBSD source
578 - All OpenSSL includes are now unconditionally referenced as
579 openssl/foo.h
580 - Pick up formatting changes
581 - Other minor changed (typecasts, etc) that I missed
582
Damien Miller4af51302000-04-16 11:18:38 +100058320000415
584 - OpenBSD CVS updates.
585 [ssh.1 ssh.c]
586 - ssh -2
587 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
588 [session.c sshconnect.c]
589 - check payload for (illegal) extra data
590 [ALL]
591 whitespace cleanup
592
Damien Millere71eb912000-04-13 12:19:32 +100059320000413
594 - INSTALL doc updates
Damien Miller22c77262000-04-13 12:26:34 +1000595 - Merged OpenBSD updates to include paths.
Damien Miller4af51302000-04-16 11:18:38 +1000596
Damien Miller78928792000-04-12 20:17:38 +100059720000412
598 - OpenBSD CVS updates:
599 - [channels.c]
600 repair x11-fwd
601 - [sshconnect.c]
602 fix passwd prompt for ssh2, less debugging output.
603 - [clientloop.c compat.c dsa.c kex.c sshd.c]
604 less debugging output
605 - [kex.c kex.h sshconnect.c sshd.c]
606 check for reasonable public DH values
607 - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
608 [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
609 add Cipher and Protocol options to ssh/sshd, e.g.:
610 ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
611 arcfour,3des-cbc'
612 - [sshd.c]
613 print 1.99 only if server supports both
614
Damien Millerbc7c7cc2000-04-08 17:48:56 +100061520000408
616 - Avoid some compiler warnings in fake-get*.c
617 - Add IPTOS macros for systems which lack them
Damien Miller11e37f62000-04-08 18:23:30 +1000618 - Only set define entropy collection macros if they are found
Damien Millerefb4afe2000-04-12 18:45:05 +1000619 - More large OpenBSD CVS updates:
620 - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
621 [session.h ssh.h sshd.c README.openssh2]
622 ssh2 server side, see README.openssh2; enable with 'sshd -2'
623 - [channels.c]
624 no adjust after close
625 - [sshd.c compat.c ]
626 interop w/ latest ssh.com windows client.
627
Damien Miller1383bd82000-04-06 12:32:37 +100062820000406
629 - OpenBSD CVS update:
630 - [channels.c]
631 close efd on eof
632 - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
633 ssh2 client implementation, interops w/ ssh.com and lsh servers.
634 - [sshconnect.c]
635 missing free.
636 - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
637 remove unused argument, split cipher_mask()
638 - [clientloop.c]
639 re-order: group ssh1 vs. ssh2
640 - Make Redhat spec require openssl >= 0.9.5a
641
Damien Miller193ba882000-04-04 10:21:09 +100064220000404
643 - Add tests for RAND_add function when searching for OpenSSL
Damien Miller33b13562000-04-04 14:38:59 +1000644 - OpenBSD CVS update:
645 - [packet.h packet.c]
646 ssh2 packet format
647 - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
648 [channels.h channels.c]
649 channel layer support for ssh2
650 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
651 DSA, keyexchange, algorithm agreement for ssh2
Damien Miller74a333b2000-04-04 15:04:09 +1000652 - Generate manpages before make install not at the end of make all
653 - Don't seed the rng quite so often
654 - Always reseed rng when requested
Damien Miller193ba882000-04-04 10:21:09 +1000655
Damien Miller040f3832000-04-03 14:50:43 +100065620000403
657 - Wrote entropy collection routines for systems that lack /dev/random
658 and EGD
Damien Miller70494d12000-04-03 15:57:06 +1000659 - Disable tests and typedefs for 64 bit types. They are currently unused.
Damien Miller040f3832000-04-03 14:50:43 +1000660
Damien Millerb38eff82000-04-01 11:09:21 +100066120000401
662 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
663 - [auth.c session.c sshd.c auth.h]
664 split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
665 - [bufaux.c bufaux.h]
666 support ssh2 bignums
667 - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
668 [readconf.c ssh.c ssh.h serverloop.c]
669 replace big switch() with function tables (prepare for ssh2)
670 - [ssh2.h]
671 ssh2 message type codes
672 - [sshd.8]
673 reorder Xr to avoid cutting
674 - [serverloop.c]
675 close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
676 - [channels.c]
677 missing close
678 allow bigger packets
679 - [cipher.c cipher.h]
680 support ssh2 ciphers
681 - [compress.c]
682 cleanup, less code
683 - [dispatch.c dispatch.h]
684 function tables for different message types
685 - [log-server.c]
686 do not log() if debuggin to stderr
687 rename a cpp symbol, to avoid param.h collision
688 - [mpaux.c]
689 KNF
690 - [nchan.c]
691 sync w/ channels.c
692
Damien Miller2c9279f2000-03-26 12:12:34 +100069320000326
694 - Better tests for OpenSSL w/ RSAref
695 - Added replacement setenv() function from OpenBSD libc. Suggested by
696 Ben Lindstrom <mouring@pconline.com>
Damien Miller450a7a12000-03-26 13:04:51 +1000697 - OpenBSD CVS update
698 - [auth-krb4.c]
699 -Wall
700 - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
701 [match.h ssh.c ssh.h sshconnect.c sshd.c]
702 initial support for DSA keys. ok deraadt@, niels@
703 - [cipher.c cipher.h]
704 remove unused cipher_attack_detected code
705 - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
706 Fix some formatting problems I missed before.
707 - [ssh.1 sshd.8]
708 fix spelling errors, From: FreeBSD
709 - [ssh.c]
710 switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
Damien Miller2c9279f2000-03-26 12:12:34 +1000711
Damien Miller63a46cc2000-03-24 09:24:33 +110071220000324
713 - Released 1.2.3
714
Damien Miller29ea30d2000-03-17 10:54:15 +110071520000317
716 - Clarified --with-default-path option.
717 - Added -blibpath handling for AIX to work around stupid runtime linking.
718 Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
719 <jmknoble@pobox.com>
Damien Millerd6121d22000-03-17 23:26:46 +1100720 - Checks for 64 bit int types. Problem report from Mats Fredholm
721 <matsf@init.se>
Damien Miller7684ee12000-03-17 23:40:15 +1100722 - OpenBSD CVS updates:
723 - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
724 [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
725 [sshd.c]
726 pedantic: signed vs. unsigned, void*-arithm, etc
727 - [ssh.1 sshd.8]
728 Various cleanups and standardizations.
Damien Millere37ac5a2000-03-17 23:58:59 +1100729 - Runtime error fix for HPUX from Otmar Stahl
730 <O.Stahl@lsw.uni-heidelberg.de>
Damien Miller29ea30d2000-03-17 10:54:15 +1100731
Damien Miller08c788a2000-03-16 07:52:29 +110073220000316
733 - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
734 Hesprich <dghespri@sprintparanet.com>
Damien Miller166bd442000-03-16 10:48:25 +1100735 - Propogate LD through to Makefile
Damien Millerfd263682000-03-16 11:51:09 +1100736 - Doc cleanups
Damien Millerca9a49c2000-03-16 12:23:13 +1100737 - Added blurb about "scp: command not found" errors to UPGRADING
Damien Miller08c788a2000-03-16 07:52:29 +1100738
Damien Millera1ad4802000-03-15 10:04:54 +110073920000315
740 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
741 problems with gcc/Solaris.
Damien Millerf09b07a2000-03-15 11:23:48 +1100742 - Don't free argument to putenv() after use (in setenv() replacement).
743 Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
Damien Miller8b1c22b2000-03-15 12:13:01 +1100744 - Created contrib/ subdirectory. Included helpers from Phil Hands'
745 Debian package, README file and chroot patch from Ricardo Cerqueira
746 <rmcc@clix.pt>
Damien Miller96873222000-03-16 12:07:43 +1100747 - Moved gnome-ssh-askpass.c to contrib directory and removed config
Damien Miller8b1c22b2000-03-15 12:13:01 +1100748 option.
749 - Slight cleanup to doc files
Damien Miller856799b2000-03-15 21:18:10 +1100750 - Configure fix from Bratislav ILICH <bilic@zepter.ru>
Damien Millera1ad4802000-03-15 10:04:54 +1100751
Damien Miller1c67c992000-03-14 10:16:34 +110075220000314
753 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
754 peter@frontierflying.com
Damien Millerdb819592000-03-14 13:44:01 +1100755 - Include /usr/local/include and /usr/local/lib for systems that don't
756 do it themselves
757 - -R/usr/local/lib for Solaris
758 - Fix RSAref detection
759 - Fix IN6_IS_ADDR_V4MAPPED macro
Damien Miller1c67c992000-03-14 10:16:34 +1100760
Damien Millerb85dcad2000-03-11 11:37:00 +110076120000311
762 - Detect RSAref
Damien Miller02491e92000-03-11 11:58:28 +1100763 - OpenBSD CVS change
764 [sshd.c]
765 - disallow guessing of root password
Damien Millerd58b3ab2000-03-11 20:05:11 +1100766 - More configure fixes
Damien Miller7bcb0892000-03-11 20:45:40 +1100767 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
Damien Millerb85dcad2000-03-11 11:37:00 +1100768
Damien Miller98c7ad62000-03-09 21:27:49 +110076920000309
770 - OpenBSD CVS updates to v1.2.3
771 [ssh.h atomicio.c]
772 - int atomicio -> ssize_t (for alpha). ok deraadt@
773 [auth-rsa.c]
774 - delay MD5 computation until client sends response, free() early, cleanup.
775 [cipher.c]
776 - void* -> unsigned char*, ok niels@
777 [hostfile.c]
778 - remove unused variable 'len'. fix comments.
779 - remove unused variable
780 [log-client.c log-server.c]
781 - rename a cpp symbol, to avoid param.h collision
782 [packet.c]
783 - missing xfree()
784 - getsockname() requires initialized tolen; andy@guildsoftware.com
785 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
786 from Holger.Trapp@Informatik.TU-Chemnitz.DE
787 [pty.c pty.h]
788 - register cleanup for pty earlier. move code for pty-owner handling to
789 pty.c ok provos@, dugsong@
790 [readconf.c]
791 - turn off x11-fwd for the client, too.
792 [rsa.c]
793 - PKCS#1 padding
794 [scp.c]
795 - allow '.' in usernames; from jedgar@fxp.org
796 [servconf.c]
797 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
798 - sync with sshd_config
799 [ssh-keygen.c]
800 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
801 [ssh.1]
802 - Change invalid 'CHAT' loglevel to 'VERBOSE'
803 [ssh.c]
804 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
805 - turn off x11-fwd for the client, too.
806 [sshconnect.c]
807 - missing xfree()
808 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
809 - read error vs. "Connection closed by remote host"
810 [sshd.8]
811 - ie. -> i.e.,
812 - do not link to a commercial page..
813 - sync with sshd_config
814 [sshd.c]
815 - no need for poll.h; from bright@wintelcom.net
816 - log with level log() not fatal() if peer behaves badly.
817 - don't panic if client behaves strange. ok deraadt@
818 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
819 - delay close() of pty until the pty has been chowned back to root
820 - oops, fix comment, too.
821 - missing xfree()
822 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
823 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
824 - register cleanup for pty earlier. move code for pty-owner handling to
825 pty.c ok provos@, dugsong@
826 - create x11 cookie file
827 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
828 - version 1.2.3
829 - Cleaned up
Damien Miller8f975b62000-03-09 22:31:13 +1100830 - Removed warning workaround for Linux and devpts filesystems (no longer
831 required after OpenBSD updates)
Damien Miller98c7ad62000-03-09 21:27:49 +1100832
Damien Miller1a07ebd2000-03-08 09:03:44 +110083320000308
834 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
835
83620000307
837 - Released 1.2.2p1
838
Damien Miller01bedb82000-03-05 16:10:03 +110083920000305
840 - Fix DEC compile fix
Damien Millerfac99cd2000-03-05 16:10:45 +1100841 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
Damien Miller9fb07e42000-03-05 16:22:59 +1100842 - Check for getpagesize in libucb.a if not found in libc. Fix for old
843 Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
Damien Miller65165f82000-03-05 17:02:45 +1100844 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
845 Mate Wierdl <mw@moni.msci.memphis.edu>
Damien Miller01bedb82000-03-05 16:10:03 +1100846
Damien Miller4095f892000-03-03 22:13:52 +110084720000303
848 - Added "make host-key" target, Suggestion from Dominik Brettnacher
849 <domi@saargate.de>
Damien Miller3c7eeb22000-03-03 22:35:33 +1100850 - Don't permanently fail on bind() if getaddrinfo has more choices left for
851 us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
852 Miskiewicz <misiek@pld.org.pl>
Damien Miller00d4bb12000-03-03 22:48:49 +1100853 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
854 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
Damien Miller4095f892000-03-03 22:13:52 +1100855
Damien Millera22ba012000-03-02 23:09:20 +110085620000302
857 - Big cleanup of autoconf code
858 - Rearranged to be a little more logical
859 - Added -R option for Solaris
860 - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
861 to detect library and header location _and_ ensure library has proper
862 RSA support built in (this is a problem with OpenSSL 0.9.5).
Damien Millerc7d8dbb2000-03-02 23:30:53 +1100863 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
Damien Millerc4cea3e2000-03-02 23:31:50 +1100864 - Avoid warning message with Unix98 ptys
Damien Miller204ad072000-03-02 23:56:12 +1100865 - Warning was valid - possible race condition on PTYs. Avoided using
866 platform-specific code.
867 - Document some common problems
Damien Miller2453d012000-03-02 23:57:18 +1100868 - Allow root access to any key. Patch from
869 markus.friedl@informatik.uni-erlangen.de
Damien Millera22ba012000-03-02 23:09:20 +1100870
Damien Miller36143d72000-02-07 13:20:26 +110087120000207
872 - Removed SOCKS code. Will support through a ProxyCommand.
873
Damien Miller18522462000-02-03 01:07:07 +110087420000203
875 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
Damien Miller0c0e4bf2000-02-03 13:58:51 +1100876 - Add --with-ssl-dir option
Damien Miller18522462000-02-03 01:07:07 +1100877
Damien Miller65527582000-02-02 19:17:40 +110087820000202
879 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
880 <jmd@aoe.vt.edu>
Damien Miller17872522000-02-02 20:56:20 +1100881 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
882 - Added URLs to Japanese translations of documents by HARUYAMA Seigo
883 <haruyama@nt.phys.s.u-tokyo.ac.jp>
Damien Miller65527582000-02-02 19:17:40 +1100884
Damien Miller9e53f352000-02-01 23:05:30 +110088520000201
886 - Use socket pairs by default (instead of pipes). Prevents race condition
887 on several (buggy) OSs. Report and fix from tridge@linuxcare.com
888
Damien Millerf07390e2000-01-29 20:40:22 +110088920000127
890 - Seed OpenSSL's random number generator before generating RSA keypairs
891 - Split random collector into seperate file
Damien Miller6034fdf2000-01-29 20:55:09 +1100892 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
Damien Millerf07390e2000-01-29 20:40:22 +1100893
Damien Miller27f4c782000-01-27 18:22:13 +110089420000126
895 - Released 1.2.2 stable
896
897 - NeXT keeps it lastlog in /usr/adm. Report from
898 mouring@newton.pconline.com
Damien Millerc85f9b42000-01-29 10:20:21 +1100899 - Added note in UPGRADING re interop with commercial SSH using idea.
900 Report from Jim Knoble <jmknoble@pobox.com>
901 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
902 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
Damien Miller27f4c782000-01-27 18:22:13 +1100903
Damien Millerd89c24b2000-01-26 11:04:48 +110090420000125
905 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
906 <andre.lucas@dial.pipex.com>
Damien Millerfa51a832000-01-26 11:07:22 +1100907 - Reorder PAM initialisation so it does not mess up lastlog. Reported
908 by Andre Lucas <andre.lucas@dial.pipex.com>
Damien Miller0e1cf7c2000-01-26 12:15:30 +1100909 - Use preformatted manpages on SCO, report from Gary E. Miller
910 <gem@rellim.com>
911 - New URL for x11-ssh-askpass.
Damien Miller6d844932000-01-26 12:17:50 +1100912 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
913 <jmknoble@pobox.com>
Damien Miller7d7c60d2000-01-26 14:37:48 +1100914 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
915 Jim Knoble <jmknoble@pobox.com>
916 - Updated RPM spec files to use DESTDIR
Damien Millerd89c24b2000-01-26 11:04:48 +1100917
Damien Miller68cee102000-01-24 17:02:27 +110091820000124
919 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
920 increment)
921
Damien Miller6fe375d2000-01-23 09:38:00 +110092220000123
923 - OpenBSD CVS:
924 - [packet.c]
925 getsockname() requires initialized tolen; andy@guildsoftware.com
Damien Miller1fa154b2000-01-23 10:32:03 +1100926 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
927 <drankin@bohemians.lexington.ky.us>
Damien Millerdef0dc92000-01-23 20:18:35 +1100928 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
Damien Miller6fe375d2000-01-23 09:38:00 +1100929
Damien Miller91427002000-01-22 13:25:13 +110093020000122
931 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
932 <bent@clark.net>
Damien Miller670a4b82000-01-22 13:53:11 +1100933 - Merge preformatted manpage patch from Andre Lucas
934 <andre.lucas@dial.pipex.com>
Damien Miller07278932000-01-22 14:05:37 +1100935 - Make IPv4 use the default in RPM packages
936 - Irix uses preformatted manpages
Damien Miller8dbbe6e2000-01-22 18:17:42 +1100937 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
938 <Holger.Trapp@Informatik.TU-Chemnitz.DE>
Damien Millerf052aaf2000-01-22 19:47:21 +1100939 - OpenBSD CVS updates:
940 - [packet.c]
941 use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
942 from Holger.Trapp@Informatik.TU-Chemnitz.DE
943 - [sshd.c]
944 log with level log() not fatal() if peer behaves badly.
945 - [readpass.c]
946 instead of blocking SIGINT, catch it ourselves, so that we can clean
947 the tty modes up and kill ourselves -- instead of our process group
948 leader (scp, cvs, ...) going away and leaving us in noecho mode.
949 people with cbreak shells never even noticed..
Damien Miller14537852000-01-22 19:57:40 +1100950 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
951 ie. -> i.e.,
Damien Miller91427002000-01-22 13:25:13 +1100952
Damien Millereca71f82000-01-20 22:38:27 +110095320000120
954 - Don't use getaddrinfo on AIX
Damien Miller396691a2000-01-20 22:44:08 +1100955 - Update to latest OpenBSD CVS:
956 - [auth-rsa.c]
957 - fix user/1056, sshd keeps restrictions; dbt@meat.net
958 - [sshconnect.c]
959 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
960 - destroy keys earlier
Damien Milleree1c0b32000-01-21 00:18:15 +1100961 - split key exchange (kex) and user authentication (user-auth),
962 ok: provos@
Damien Miller396691a2000-01-20 22:44:08 +1100963 - [sshd.c]
964 - no need for poll.h; from bright@wintelcom.net
965 - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
Damien Milleree1c0b32000-01-21 00:18:15 +1100966 - split key exchange (kex) and user authentication (user-auth),
967 ok: provos@
Damien Miller88b86e42000-01-20 23:13:35 +1100968 - Big manpage and config file cleanup from Andre Lucas
969 <andre.lucas@dial.pipex.com>
Damien Miller886c63a2000-01-20 23:13:36 +1100970 - Re-added latest (unmodified) OpenBSD manpages
Damien Millereab2ce02000-01-20 23:58:22 +1100971 - Doc updates
Damien Milleree1c0b32000-01-21 00:18:15 +1100972 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
973 Christos Zoulas <christos@netbsd.org>
Damien Millereca71f82000-01-20 22:38:27 +1100974
Damien Miller9550a242000-01-19 10:41:23 +110097520000119
Damien Millereaf99942000-01-19 13:45:07 +1100976 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
Damien Miller9550a242000-01-19 10:41:23 +1100977 - Compile fix from Darren_Hall@progressive.com
Damien Miller7d80e342000-01-19 14:36:49 +1100978 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
979 addresses using getaddrinfo(). Added a configure switch to make the
980 default lookup mode AF_INET
Damien Miller9550a242000-01-19 10:41:23 +1100981
Damien Millerdbd250f2000-01-18 08:57:14 +110098220000118
983 - Fixed --with-pid-dir option
Damien Millerca673b32000-01-18 09:01:27 +1100984 - Makefile fix from Gary E. Miller <gem@rellim.com>
Damien Millere0f45742000-01-18 09:12:06 +1100985 - Compile fix for HPUX and Solaris from Andre Lucas
986 <andre.lucas@dial.pipex.com>
Damien Millerdbd250f2000-01-18 08:57:14 +1100987
Damien Millerb9b94a72000-01-17 09:52:46 +110098820000117
989 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
990 port, ignore EINVAL errors (Linux) when searching for free port.
Damien Miller834171e2000-01-17 09:59:41 +1100991 - Revert __snprintf -> snprintf aliasing. Apparently Solaris
992 __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
Damien Millerf693d3b2000-01-17 11:56:27 +1100993 - Document location of Redhat PAM file in INSTALL.
Damien Millere2192732000-01-17 13:22:55 +1100994 - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
995 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
Damien Miller19fe9c72000-01-17 15:23:01 +1100996 deliver (no IPv6 kernel support)
Damien Millere2192732000-01-17 13:22:55 +1100997 - Released 1.2.1pre27
Damien Millerb9b94a72000-01-17 09:52:46 +1100998
Damien Miller19fe9c72000-01-17 15:23:01 +1100999 - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
Damien Millerd426ed62000-01-17 19:22:36 +11001000 - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
1001 <jhuuskon@hytti.uku.fi>
Damien Millerb284b542000-01-17 20:55:18 +11001002 - Fix hang on logout if processes are still using the pty. Needs
1003 further testing.
Damien Miller66409952000-01-17 21:40:06 +11001004 - Patch from Christos Zoulas <christos@zoulas.com>
1005 - Try $prefix first when looking for OpenSSL.
1006 - Include sys/types.h when including sys/socket.h in test programs
Damien Millerb13c73e2000-01-17 22:02:17 +11001007 - Substitute PID directory in sshd.8. Suggestion from Andrew
1008 Stribblehill <a.d.stribblehill@durham.ac.uk>
Damien Miller19fe9c72000-01-17 15:23:01 +11001009
Damien Miller5eed6a22000-01-16 12:05:18 +1100101020000116
1011 - Renamed --with-xauth-path to --with-xauth
1012 - Added --with-pid-dir option
1013 - Released 1.2.1pre26
1014
Damien Miller8f926492000-01-16 18:19:25 +11001015 - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
Damien Miller62a52ef2000-01-16 23:03:56 +11001016 - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
1017 openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
Damien Miller8f926492000-01-16 18:19:25 +11001018
Damien Millerb29ea912000-01-15 14:12:03 +1100101920000115
1020 - Add --with-xauth-path configure directive and explicit test for
1021 /usr/openwin/bin/xauth for Solaris systems. Report from Anders
1022 Nordby <anders@fix.no>
1023 - Fix incorrect detection of /dev/ptmx on Linux systems that lack
1024 openpty. Report from John Seifarth <john@waw.be>
1025 - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
1026 sys/types.h. Fixes problems on SCO, report from Gary E. Miller
1027 <gem@rellim.com>
1028 - Use __snprintf and __vnsprintf if they are found where snprintf and
1029 vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
1030 and others.
1031
Damien Miller34132e52000-01-14 15:45:46 +1100103220000114
1033 - Merged OpenBSD IPv6 patch:
1034 - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
1035 [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
1036 [hostfile.c sshd_config]
1037 ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
1038 features: sshd allows multiple ListenAddress and Port options. note
1039 that libwrap is not IPv6-ready. (based on patches from
1040 fujiwara@rcac.tdi.co.jp)
1041 - [ssh.c canohost.c]
1042 more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
1043 from itojun@
1044 - [channels.c]
1045 listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
1046 - [packet.h]
1047 allow auth-kerberos for IPv4 only
1048 - [scp.1 sshd.8 servconf.h scp.c]
1049 document -4, -6, and 'ssh -L 2022/::1/22'
1050 - [ssh.c]
1051 'ssh @host' is illegal (null user name), from
1052 karsten@gedankenpolizei.de
1053 - [sshconnect.c]
1054 better error message
1055 - [sshd.c]
1056 allow auth-kerberos for IPv4 only
1057 - Big IPv6 merge:
1058 - Cleanup overrun in sockaddr copying on RHL 6.1
1059 - Replacements for getaddrinfo, getnameinfo, etc based on versions
1060 from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
1061 - Replacement for missing structures on systems that lack IPv6
1062 - record_login needed to know about AF_INET6 addresses
1063 - Borrowed more code from OpenBSD: rresvport_af and requisites
1064
Damien Miller25e42562000-01-11 10:59:47 +1100106520000110
1066 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
1067
Damien Miller2edcda52000-01-07 08:56:05 +1100106820000107
1069 - New config.sub and config.guess to fix problems on SCO. Supplied
1070 by Gary E. Miller <gem@rellim.com>
Damien Millerfa824cb2000-01-07 18:51:27 +11001071 - SCO build fix from Gary E. Miller <gem@rellim.com>
Damien Miller25e42562000-01-11 10:59:47 +11001072 - Released 1.2.1pre25
Damien Miller2edcda52000-01-07 08:56:05 +11001073
Damien Miller105b7f02000-01-07 08:45:55 +1100107420000106
1075 - Documentation update & cleanup
1076 - Better KrbIV / AFS detection, based on patch from:
1077 Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
1078
Damien Miller1808f382000-01-06 12:03:12 +1100107920000105
1080 - Fixed annoying DES corruption problem. libcrypt has been
1081 overriding symbols in libcrypto. Removed libcrypt and crypt.h
1082 altogether (libcrypto includes its own crypt(1) replacement)
1083 - Added platform-specific rules for Irix 6.x. Included warning that
1084 they are untested.
1085
Damien Miller645c5982000-01-03 14:42:09 +1100108620000103
1087 - Add explicit make rules for files proccessed by fixpaths.
1088 - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
1089 <tnh@kondara.org>
Damien Millere9c8f4d2000-01-03 20:00:52 +11001090 - Removed "nullok" directive from default PAM configuration files.
1091 Added information on enabling EmptyPasswords on openssh+PAM in
1092 UPGRADING file.
Damien Miller62ab38a2000-01-03 23:41:05 +11001093 - OpenBSD CVS updates
1094 - [ssh-agent.c]
1095 cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
1096 dgaudet@arctic.org
1097 - [sshconnect.c]
1098 compare correct version for 1.3 compat mode
Damien Miller645c5982000-01-03 14:42:09 +11001099
Damien Miller5121e3a2000-01-02 11:49:28 +1100110020000102
1101 - Prevent multiple inclusion of config.h and defines.h. Suggested
1102 by Andre Lucas <andre.lucas@dial.pipex.com>
1103 - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
1104 <dgaudet@arctic.org>
1105
Damien Miller8eb0fd61999-12-31 08:49:13 +1100110619991231
1107 - Fix password support on systems with a mixture of shadowed and
1108 non-shadowed passwords (e.g. NIS). Report and fix from
1109 HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
Damien Millerf3e8be81999-12-31 08:59:04 +11001110 - Fix broken autoconf typedef detection. Report from Marc G.
1111 Fournier <marc.fournier@acadiau.ca>
Damien Miller03783f01999-12-31 09:16:40 +11001112 - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
1113 <Franz.Sirl-kernel@lauterbach.com>
Damien Millerb2532b31999-12-31 09:18:12 +11001114 - Prevent typedefs from being compiled more than once. Report from
1115 Marc G. Fournier <marc.fournier@acadiau.ca>
Damien Miller3131d8b1999-12-31 09:42:24 +11001116 - Fill in ut_utaddr utmp field. Report from Benjamin Charron
1117 <iretd@bigfoot.com>
Damien Millere7f626c1999-12-31 09:49:44 +11001118 - Really fix broken default path. Fix from Jim Knoble
1119 <jmknoble@pobox.com>
Damien Milleraa7b64d1999-12-31 09:55:34 +11001120 - Remove test for quad_t. No longer needed.
Damien Miller6b85a7f2000-01-02 11:45:33 +11001121 - Released 1.2.1pre24
1122
1123 - Added support for directory-based lastlogs
1124 - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
Damien Miller8eb0fd61999-12-31 08:49:13 +11001125
Damien Millerece22a81999-12-30 09:48:15 +1100112619991230
1127 - OpenBSD CVS updates:
1128 - [auth-passwd.c]
1129 check for NULL 1st
Damien Millere72b7af1999-12-30 15:08:44 +11001130 - Removed most of the pam code into its own file auth-pam.[ch]. This
1131 cleaned up sshd.c up significantly.
Damien Miller8eb0fd61999-12-31 08:49:13 +11001132 - PAM authentication was incorrectly interpreting
1133 "PermitRootLogin without-password". Report from Matthias Andree
1134 <ma@dt.e-technik.uni-dortmund.de
Damien Millere72b7af1999-12-30 15:08:44 +11001135 - Several other cleanups
Damien Miller8bdeee21999-12-30 15:50:54 +11001136 - Merged Dante SOCKS support patch from David Rankin
1137 <drankin@bohemians.lexington.ky.us>
1138 - Updated documentation with ./configure options
Damien Miller8eb0fd61999-12-31 08:49:13 +11001139 - Released 1.2.1pre23
Damien Millerece22a81999-12-30 09:48:15 +11001140
Damien Miller9550a761999-12-29 02:32:22 +1100114119991229
1142 - Applied another NetBSD portability patch from David Rankin
1143 <drankin@bohemians.lexington.ky.us>
1144 - Fix --with-default-path option.
Damien Millere79334a1999-12-29 10:03:37 +11001145 - Autodetect perl, patch from David Rankin
1146 <drankin@bohemians.lexington.ky.us>
Damien Millerd00d1611999-12-29 10:17:09 +11001147 - Print whether OpenSSH was compiled with RSARef, patch from
1148 Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
Damien Millerac3a4b41999-12-29 10:25:40 +11001149 - Calls to pam_setcred, patch from Nalin Dahyabhai
1150 <nalin@thermo.stat.ncsu.edu>
Damien Miller95058511999-12-29 10:36:45 +11001151 - Detect missing size_t and typedef it.
Damien Miller58ca7d81999-12-29 19:56:30 +11001152 - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
1153 - Minor Makefile cleaning
Damien Miller9550a761999-12-29 02:32:22 +11001154
Damien Miller13bc0be1999-12-28 10:19:16 +1100115519991228
1156 - Replacement for getpagesize() for systems which lack it
Damien Miller4ff2b9b1999-12-28 10:41:12 +11001157 - NetBSD login.c compile fix from David Rankin
1158 <drankin@bohemians.lexington.ky.us>
1159 - Fully set ut_tv if present in utmp or utmpx
Damien Millerbeb4ba51999-12-28 15:09:35 +11001160 - Portability fixes for Irix 5.3 (now compiles OK!)
1161 - autoconf and other misc cleanups
Damien Miller74d0d4a1999-12-29 02:24:35 +11001162 - Merged AIX patch from Darren Hall <dhall@virage.org>
1163 - Cleaned up defines.h
Damien Miller06b472b1999-12-29 19:47:06 +11001164 - Released 1.2.1pre22
Damien Miller13bc0be1999-12-28 10:19:16 +11001165
Damien Millerc0d73901999-12-27 09:23:58 +1100116619991227
1167 - Automatically correct paths in manpages and configuration files. Patch
1168 and script from Andre Lucas <andre.lucas@dial.pipex.com>
1169 - Removed credits from README to CREDITS file, updated.
Damien Miller5a3e6831999-12-27 09:48:56 +11001170 - Added --with-default-path to specify custom path for server
1171 - Removed #ifdef trickery from acconfig.h into defines.h
Damien Miller373d2911999-12-27 10:45:54 +11001172 - PAM bugfix. PermitEmptyPassword was being ignored.
1173 - Fixed PAM config files to allow empty passwords if server does.
1174 - Explained spurious PAM auth warning workaround in UPGRADING
Damien Millere1276241999-12-27 11:33:56 +11001175 - Use last few chars of tty line as ut_id
Damien Miller6a5d4d61999-12-27 16:46:17 +11001176 - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
Damien Miller68e45de1999-12-27 23:54:55 +11001177 - OpenBSD CVS updates:
1178 - [packet.h auth-rhosts.c]
1179 check format string for packet_disconnect and packet_send_debug, too
1180 - [channels.c]
1181 use packet_get_maxsize for channels. consistence.
Damien Millerc0d73901999-12-27 09:23:58 +11001182
Damien Miller32b3cf21999-12-26 10:21:48 +1100118319991226
1184 - Enabled utmpx support by default for Solaris
1185 - Cleanup sshd.c PAM a little more
Damien Miller36884401999-12-26 12:26:21 +11001186 - Revised RPM package to include Jim Knoble's <jmknoble@pobox.com>
1187 X11 ssh-askpass program.
Damien Millerd49621e1999-12-26 14:04:33 +11001188 - Disable logging of PAM success and failures, PAM is verbose enough.
1189 Unfortunatly there is currently no way to disable auth failure
1190 messages. Mention this in UPGRADING file and sent message to PAM
1191 developers
Damien Miller4f0fa561999-12-26 14:24:41 +11001192 - OpenBSD CVS update:
1193 - [ssh-keygen.1 ssh.1]
1194 remove ref to .ssh/random_seed, mention .ssh/environment in
1195 .Sh FILES, too
Damien Miller9673b2b1999-12-26 19:10:30 +11001196 - Released 1.2.1pre21
1197 - Fixed implicit '.' in default path, report from Jim Knoble
1198 <jmknoble@pobox.com>
Damien Milleraae10931999-12-26 19:38:17 +11001199 - Redhat RPM spec fixes from Jim Knoble <jmknoble@pobox.com>
Damien Miller32b3cf21999-12-26 10:21:48 +11001200
Damien Miller2e1b0821999-12-25 10:11:29 +1100120119991225
1202 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
1203 - Cleanup of auth-passwd.c for shadow and MD5 passwords
1204 - Cleanup and bugfix of PAM authentication code
Damien Miller32b3cf21999-12-26 10:21:48 +11001205 - Released 1.2.1pre20
1206
1207 - Merged fixes from Ben Taylor <bent@clark.net>
1208 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
1209 - Disabled logging of PAM password authentication failures when password
1210 is empty. (e.g start of authentication loop). Reported by Naz
1211 <96na@eng.cam.ac.uk>)
Damien Miller2e1b0821999-12-25 10:11:29 +11001212
121319991223
1214 - Merged later HPUX patch from Andre Lucas
1215 <andre.lucas@dial.pipex.com>
1216 - Above patch included better utmpx support from Ben Taylor
Damien Miller32b3cf21999-12-26 10:21:48 +11001217 <bent@clark.net>
Damien Miller2e1b0821999-12-25 10:11:29 +11001218
Damien Miller365199d1999-12-22 00:12:38 +1100121919991222
1220 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
1221 <pope@netguide.dk>
Damien Miller1b0c2281999-12-22 16:09:48 +11001222 - Fix login.c breakage on systems which lack ut_host in struct
1223 utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
Damien Miller365199d1999-12-22 00:12:38 +11001224
Damien Miller76112de1999-12-21 11:18:08 +1100122519991221
1226 - Integration of large HPUX patch from Andre Lucas
1227 <andre.lucas@dial.pipex.com>. Integrating it had a few other
1228 benefits:
1229 - Ability to disable shadow passwords at configure time
1230 - Ability to disable lastlog support at configure time
1231 - Support for IP address in $DISPLAY
Damien Millerf039bad1999-12-21 20:57:20 +11001232 - OpenBSD CVS update:
1233 - [sshconnect.c]
1234 say "REMOTE HOST IDENTIFICATION HAS CHANGED"
Damien Millercb7e5f91999-12-21 21:03:09 +11001235 - Fix DISABLE_SHADOW support
1236 - Allow MD5 passwords even if shadow passwords are disabled
Damien Millere8852911999-12-21 22:50:50 +11001237 - Release 1.2.1pre19
Damien Miller76112de1999-12-21 11:18:08 +11001238
Damien Millerc4c647f1999-12-18 20:54:52 +1100123919991218
1240 - Redhat init script patch from Chun-Chung Chen
1241 <cjj@u.washington.edu>
Damien Millerfdb7caf1999-12-18 20:57:40 +11001242 - Avoid breakage on systems without IPv6 headers
Damien Millerc4c647f1999-12-18 20:54:52 +11001243
Damien Millerab8a4da1999-12-16 13:05:30 +1100124419991216
1245 - Makefile changes for Solaris from Peter Kocks
1246 <peter.kocks@baygate.com>
Damien Miller5e7c10e1999-12-16 13:18:04 +11001247 - Minor updates to docs
1248 - Merged OpenBSD CVS changes:
1249 - [authfd.c ssh-agent.c]
1250 keysize warnings talk about identity files
1251 - [packet.c]
1252 "Connection closed by x.x.x.x": fatal() -> log()
Damien Miller8f9d5071999-12-16 15:10:45 +11001253 - Correctly handle empty passwords in shadow file. Patch from:
1254 "Chris, the Young One" <cky@pobox.com>
1255 - Released 1.2.1pre18
Damien Millerab8a4da1999-12-16 13:05:30 +11001256
Damien Miller84093e91999-12-15 09:06:28 +1100125719991215
1258 - Integrated patchs from Juergen Keil <jk@tools.de>
1259 - Avoid void* pointer arithmatic
1260 - Use LDFLAGS correctly
Damien Miller864ea591999-12-15 11:04:25 +11001261 - Fix SIGIO error in scp
1262 - Simplify status line printing in scp
Damien Miller3b9d5e91999-12-15 09:34:31 +11001263 - Added better test for inline functions compiler support from
1264 Darren_Hall@progressive.com
Damien Miller84093e91999-12-15 09:06:28 +11001265
Damien Millera34a28b1999-12-14 10:47:15 +1100126619991214
1267 - OpenBSD CVS Changes
1268 - [canohost.c]
1269 fix get_remote_port() and friends for sshd -i;
1270 Holger.Trapp@Informatik.TU-Chemnitz.DE
1271 - [mpaux.c]
1272 make code simpler. no need for memcpy. niels@ ok
1273 - [pty.c]
1274 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
1275 fix proto; markus
1276 - [ssh.1]
1277 typo; mark.baushke@solipsa.com
1278 - [channels.c ssh.c ssh.h sshd.c]
1279 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
1280 - [sshconnect.c]
1281 move checking of hostkey into own function.
1282 - [version.h]
1283 OpenSSH-1.2.1
Damien Miller36b339a1999-12-14 10:54:47 +11001284 - Clean up broken includes in pty.c
Damien Miller6ae00d61999-12-14 15:43:03 +11001285 - Some older systems don't have poll.h, they use sys/poll.h instead
1286 - Doc updates
Damien Millera34a28b1999-12-14 10:47:15 +11001287
Damien Millerc6b3bbe1999-12-13 08:27:33 +1100128819991211
1289 - Fix compilation on systems with AFS. Reported by
1290 aloomis@glue.umd.edu
1291 - Fix installation on Solaris. Reported by
1292 Gordon Rowell <gordonr@gormand.com.au>
1293 - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
1294 patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
1295 - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
1296 - Compile fix from David Agraz <dagraz@jahoopa.com>
1297 - Avoid compiler warning in bsd-snprintf.c
1298 - Added pam_limits.so to default PAM config. Suggested by
1299 Jim Knoble <jmknoble@pobox.com>
1300
Damien Millerbf1c9b21999-12-09 10:16:54 +1100130119991209
1302 - Import of patch from Ben Taylor <bent@clark.net>:
1303 - Improved PAM support
1304 - "uninstall" rule for Makefile
1305 - utmpx support
1306 - Should fix PAM problems on Solaris
Damien Miller50945fa1999-12-09 10:31:37 +11001307 - OpenBSD CVS updates:
1308 - [readpass.c]
1309 avoid stdio; based on work by markus, millert, and I
1310 - [sshd.c]
1311 make sure the client selects a supported cipher
1312 - [sshd.c]
1313 fix sighup handling. accept would just restart and daemon handled
1314 sighup only after the next connection was accepted. use poll on
1315 listen sock now.
1316 - [sshd.c]
1317 make that a fatal
Damien Millerd7f66151999-12-09 10:48:58 +11001318 - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
1319 to fix libwrap support on NetBSD
Damien Miller6646bad1999-12-09 10:42:10 +11001320 - Released 1.2pre17
Damien Millerbf1c9b21999-12-09 10:16:54 +11001321
Damien Millerfce16481999-12-08 08:53:52 +1100132219991208
1323 - Compile fix for Solaris with /dev/ptmx from
1324 David Agraz <dagraz@jahoopa.com>
1325
Damien Miller0c078c61999-12-07 14:53:57 +1100132619991207
1327 - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
1328 fixes compatability with 4.x and 5.x
Damien Miller3bc14dd1999-12-07 14:54:53 +11001329 - Fixed default SSH_ASKPASS
Damien Millereabf3411999-12-07 14:56:27 +11001330 - Fix PAM account and session being called multiple times. Problem
1331 reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
Damien Miller037a0dc1999-12-07 15:38:31 +11001332 - Merged more OpenBSD changes:
1333 - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
1334 move atomicio into it's own file. wrap all socket write()s which
1335 were doing write(sock, buf, len) != len, with atomicio() calls.
1336 - [auth-skey.c]
1337 fd leak
1338 - [authfile.c]
1339 properly name fd variable
1340 - [channels.c]
1341 display great hatred towards strcpy
1342 - [pty.c pty.h sshd.c]
1343 use openpty() if it exists (it does on BSD4_4)
1344 - [tildexpand.c]
1345 check for ~ expansion past MAXPATHLEN
1346 - Modified helper.c to use new atomicio function.
1347 - Reformat Makefile a little
1348 - Moved RC4 routines from rc4.[ch] into helper.c
1349 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
Damien Milleraf2604a1999-12-07 16:21:40 +11001350 - Updated SuSE spec from Chris Saia <csaia@wtower.com>
1351 - Tweaked Redhat spec
Damien Millerf5d69a51999-12-07 16:55:04 +11001352 - Clean up bad imports of a few files (forgot -kb)
1353 - Released 1.2pre16
Damien Miller0c078c61999-12-07 14:53:57 +11001354
Damien Millerdc33fc31999-12-04 20:24:48 +1100135519991204
1356 - Small cleanup of PAM code in sshd.c
Damien Milleraae6c611999-12-06 11:47:28 +11001357 - Merged OpenBSD CVS changes:
1358 - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
1359 move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
1360 - [auth-rsa.c]
1361 warn only about mismatch if key is _used_
1362 warn about keysize-mismatch with log() not error()
1363 channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
1364 ports are u_short
1365 - [hostfile.c]
1366 indent, shorter warning
1367 - [nchan.c]
1368 use error() for internal errors
1369 - [packet.c]
1370 set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
1371 serverloop.c
1372 indent
1373 - [ssh-add.1 ssh-add.c ssh.h]
1374 document $SSH_ASKPASS, reasonable default
1375 - [ssh.1]
1376 CheckHostIP is not available for connects via proxy command
1377 - [sshconnect.c]
1378 typo
1379 easier to read client code for passwd and skey auth
1380 turn of checkhostip for proxy connects, since we don't know the remote ip
Damien Millerdc33fc31999-12-04 20:24:48 +11001381
Damien Miller42b81ff1999-11-26 12:21:24 +1100138219991126
1383 - Add definition for __P()
1384 - Added [v]snprintf() replacement for systems that lack it
1385
Damien Miller78224a01999-11-25 11:55:45 +1100138619991125
1387 - More reformatting merged from OpenBSD CVS
1388 - Merged OpenBSD CVS changes:
1389 - [channels.c]
1390 fix packet_integrity_check() for !have_hostname_in_open.
1391 report from mrwizard@psu.edu via djm@ibs.com.au
1392 - [channels.c]
1393 set SO_REUSEADDR and SO_LINGER for forwarded ports.
1394 chip@valinux.com via damien@ibs.com.au
1395 - [nchan.c]
1396 it's not an error() if shutdown_write failes in nchan.
1397 - [readconf.c]
1398 remove dead #ifdef-0-code
1399 - [readconf.c servconf.c]
1400 strcasecmp instead of tolower
1401 - [scp.c]
1402 progress meter overflow fix from damien@ibs.com.au
1403 - [ssh-add.1 ssh-add.c]
1404 SSH_ASKPASS support
1405 - [ssh.1 ssh.c]
1406 postpone fork_after_authentication until command execution,
1407 request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
1408 plus: use daemon() for backgrounding
Damien Millerd8087f61999-11-25 12:31:26 +11001409 - Added BSD compatible install program and autoconf test, thanks to
1410 Niels Kristian Bech Jensen <nkbj@image.dk>
1411 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
Damien Miller063fdf81999-11-25 13:08:31 +11001412 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
Damien Millerbf3f6ef1999-11-25 13:50:10 +11001413 - Release 1.2pre15
Damien Miller78224a01999-11-25 11:55:45 +11001414
Damien Miller95def091999-11-25 00:26:21 +1100141519991124
1416 - Merged very large OpenBSD source code reformat
1417 - OpenBSD CVS updates
1418 - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
1419 [ssh.h sshd.8 sshd.c]
1420 syslog changes:
1421 * Unified Logmessage for all auth-types, for success and for failed
1422 * Standard connections get only ONE line in the LOG when level==LOG:
1423 Auth-attempts are logged only, if authentication is:
1424 a) successfull or
1425 b) with passwd or
1426 c) we had more than AUTH_FAIL_LOG failues
1427 * many log() became verbose()
1428 * old behaviour with level=VERBOSE
1429 - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
1430 tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
1431 messages. allows use of s/key in windows (ttssh, securecrt) and
1432 ssh-1.2.27 clients without 'ssh -v', ok: niels@
1433 - [sshd.8]
1434 -V, for fallback to openssh in SSH2 compatibility mode
1435 - [sshd.c]
1436 fix sigchld race; cjc5@po.cwru.edu
1437
Damien Miller294df781999-11-23 10:11:29 +1100143819991123
1439 - Added SuSE package files from Chris Saia <csaia@wtower.com>
Damien Miller3744b511999-11-23 11:24:32 +11001440 - Restructured package-related files under packages/*
Damien Miller294df781999-11-23 10:11:29 +11001441 - Added generic PAM config
Damien Miller3744b511999-11-23 11:24:32 +11001442 - Numerous little Solaris fixes
Damien Miller4d2f15f1999-11-23 12:36:29 +11001443 - Add recommendation to use GNU make to INSTALL document
Damien Miller294df781999-11-23 10:11:29 +11001444
Damien Miller22218721999-11-22 12:51:42 +1100144519991122
1446 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
Damien Miller83df0691999-11-22 13:22:29 +11001447 - OpenBSD CVS Changes
1448 - [ssh-keygen.c]
1449 don't create ~/.ssh only if the user wants to store the private
1450 key there. show fingerprint instead of public-key after
1451 keygeneration. ok niels@
Damien Millerb3ca3aa1999-11-22 13:57:07 +11001452 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
Damien Miller859cec01999-11-22 14:27:24 +11001453 - Added timersub() macro
Damien Millerb3ca3aa1999-11-22 13:57:07 +11001454 - Tidy RCSIDs of bsd-*.c
Damien Miller859cec01999-11-22 14:27:24 +11001455 - Added autoconf test and macro to deal with old PAM libraries
1456 pam_strerror definition (one arg vs two).
Damien Millerd71b12e1999-11-22 15:24:34 +11001457 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
1458 - Retry /dev/urandom reads interrupted by signal (report from
1459 Robert Hardy <rhardy@webcon.net>)
Damien Millerd7702521999-11-22 16:11:05 +11001460 - Added a setenv replacement for systems which lack it
Damien Millerd733c911999-11-22 18:11:23 +11001461 - Only display public key comment when presenting ssh-askpass dialog
1462 - Released 1.2pre14
Damien Miller22218721999-11-22 12:51:42 +11001463
Damien Millerf7c0f821999-11-22 22:31:49 +11001464 - Configure, Make and changelog corrections from Tudor Bosman
1465 <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
1466
Damien Miller6162d121999-11-21 13:23:52 +1100146719991121
Damien Miller83df0691999-11-22 13:22:29 +11001468 - OpenBSD CVS Changes:
Damien Miller22218721999-11-22 12:51:42 +11001469 - [channels.c]
1470 make this compile, bad markus
1471 - [log.c readconf.c servconf.c ssh.h]
1472 bugfix: loglevels are per host in clientconfig,
1473 factor out common log-level parsing code.
1474 - [servconf.c]
1475 remove unused index (-Wall)
1476 - [ssh-agent.c]
1477 only one 'extern char *__progname'
1478 - [sshd.8]
1479 document SIGHUP, -Q to synopsis
1480 - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
1481 [channels.c clientloop.c]
1482 SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
1483 [hope this time my ISP stays alive during commit]
1484 - [OVERVIEW README] typos; green@freebsd
1485 - [ssh-keygen.c]
1486 replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
1487 exit if writing the key fails (no infinit loop)
1488 print usage() everytime we get bad options
1489 - [ssh-keygen.c] overflow, djm@mindrot.org
1490 - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1491
Damien Millerc6398ef1999-11-20 12:18:40 +1100149219991120
1493 - Merged more Solaris support from Marc G. Fournier
1494 <marc.fournier@acadiau.ca>
1495 - Wrote autoconf tests for integer bit-types
1496 - Fixed enabling kerberos support
Damien Millerf58db381999-11-20 17:02:56 +11001497 - Fix segfault in ssh-keygen caused by buffer overrun in filename
1498 handling.
Damien Millerc6398ef1999-11-20 12:18:40 +11001499
Damien Miller5bbbd361999-11-19 07:56:21 +1100150019991119
1501 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
Damien Miller23b78391999-11-19 08:25:48 +11001502 - Merged OpenBSD CVS changes
1503 - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
1504 more %d vs. %s in fmt-strings
1505 - [authfd.c]
1506 Integers should not be printed with %s
Damien Miller58fc4731999-11-19 12:05:01 +11001507 - EGD uses a socket, not a named pipe. Duh.
1508 - Fix includes in fingerprint.c
Damien Millerdc9365b1999-11-19 12:34:14 +11001509 - Fix scp progress bar bug again.
Damien Millerf7c0f821999-11-22 22:31:49 +11001510 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
Damien Miller18ac1711999-11-19 12:43:19 +11001511 David Rankin <drankin@bohemians.lexington.ky.us>
Damien Miller80297751999-11-19 13:03:25 +11001512 - Added autoconf option to enable Kerberos 4 support (untested)
1513 - Added autoconf option to enable AFS support (untested)
1514 - Added autoconf option to enable S/Key support (untested)
1515 - Added autoconf option to enable TCP wrappers support (compiles OK)
Damien Miller04f80141999-11-19 15:32:34 +11001516 - Renamed BSD helper function files to bsd-*
Damien Millerdd1c7ba1999-11-19 15:53:20 +11001517 - Added tests for login and daemon and enable OpenBSD replacements for
1518 when they are absent.
1519 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
Damien Miller5bbbd361999-11-19 07:56:21 +11001520
Damien Miller81428f91999-11-18 09:28:11 +1100152119991118
1522 - Merged OpenBSD CVS changes
1523 - [scp.c] foregroundproc() in scp
1524 - [sshconnect.h] include fingerprint.h
1525 - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
1526 changes.
Damien Miller6ee95641999-11-18 11:35:13 +11001527 - [ssh.1] Spell my name right.
Damien Miller81428f91999-11-18 09:28:11 +11001528 - Added openssh.com info to README
1529
Damien Miller10f6f6b1999-11-17 17:29:08 +1100153019991117
1531 - Merged OpenBSD CVS changes
1532 - [ChangeLog.Ylonen] noone needs this anymore
1533 - [authfd.c] close-on-exec for auth-socket, ok deraadt
1534 - [hostfile.c]
1535 in known_hosts key lookup the entry for the bits does not need
1536 to match, all the information is contained in n and e. This
1537 solves the problem with buggy servers announcing the wrong
1538 modulus length. markus and me.
1539 - [serverloop.c]
1540 bugfix: check for space if child has terminated, from:
1541 iedowse@maths.tcd.ie
1542 - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
1543 [fingerprint.c fingerprint.h]
1544 rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
1545 - [ssh-agent.1] typo
1546 - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
1547 - [sshd.c]
1548 force logging to stderr while loading private key file
1549 (lost while converting to new log-levels)
1550
Damien Miller7e8e8201999-11-16 13:37:16 +1100155119991116
1552 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
1553 - Merged OpenBSD CVS changes:
1554 - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
1555 [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
1556 the keysize of rsa-parameter 'n' is passed implizit,
1557 a few more checks and warnings about 'pretended' keysizes.
1558 - [cipher.c cipher.h packet.c packet.h sshd.c]
1559 remove support for cipher RC4
1560 - [ssh.c]
1561 a note for legay systems about secuity issues with permanently_set_uid(),
1562 the private hostkey and ptrace()
1563 - [sshconnect.c]
1564 more detailed messages about adding and checking hostkeys
1565
Damien Millerd05a2471999-11-15 14:25:30 +1100156619991115
1567 - Merged OpenBSD CVS changes:
1568 - [ssh-add.c] change passphrase loop logic and remove ref to
1569 $DISPLAY, ok niels
1570 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
1571 modular.
1572 - Revised autoconf support for enabling/disabling askpass support.
Damien Miller2ccf6611999-11-15 15:25:10 +11001573 - Merged more OpenBSD CVS changes:
1574 [auth-krb4.c]
1575 - disconnect if getpeername() fails
1576 - missing xfree(*client)
1577 [canohost.c]
1578 - disconnect if getpeername() fails
1579 - fix comment: we _do_ disconnect if ip-options are set
1580 [sshd.c]
1581 - disconnect if getpeername() fails
1582 - move checking of remote port to central place
1583 [auth-rhosts.c] move checking of remote port to central place
1584 [log-server.c] avoid extra fd per sshd, from millert@
1585 [readconf.c] print _all_ bad config-options in ssh(1), too
1586 [readconf.h] print _all_ bad config-options in ssh(1), too
1587 [ssh.c] print _all_ bad config-options in ssh(1), too
1588 [sshconnect.c] disconnect if getpeername() fails
1589 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
Damien Miller3bd49ec1999-11-15 15:40:55 +11001590 - Various small cleanups to bring diff (against OpenBSD) size down.
Damien Miller3f905871999-11-15 17:10:57 +11001591 - Merged more Solaris compability from Marc G. Fournier
1592 <marc.fournier@acadiau.ca>
1593 - Wrote autoconf tests for __progname symbol
Damien Miller36682061999-11-15 17:19:24 +11001594 - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
Damien Miller2e8b1c81999-11-15 23:33:56 +11001595 - Released 1.2pre12
1596
1597 - Another OpenBSD CVS update:
1598 - [ssh-keygen.1] fix .Xr
Damien Millerd05a2471999-11-15 14:25:30 +11001599
Damien Miller0a6e6681999-11-15 09:56:06 +1100160019991114
1601 - Solaris compilation fixes (still imcomplete)
1602
Damien Millerb0284381999-11-13 13:30:28 +1100160319991113
Damien Miller192bd011999-11-13 23:56:35 +11001604 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1605 - Don't install config files if they already exist
1606 - Fix inclusion of additional preprocessor directives from acconfig.h
Damien Millerb0284381999-11-13 13:30:28 +11001607 - Removed redundant inclusions of config.h
Damien Millerc6d5ce81999-11-15 16:01:07 +11001608 - Added 'Obsoletes' lines to RPM spec file
Damien Millerb0284381999-11-13 13:30:28 +11001609 - Merged OpenBSD CVS changes:
1610 - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
1611 - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
1612 totalsize, ok niels,aaron
1613 - Delay fork (-f option) in ssh until after port forwarded connections
1614 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
Damien Miller2cb210f1999-11-13 15:40:10 +11001615 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
1616 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
Damien Miller192bd011999-11-13 23:56:35 +11001617 - Tidied default config file some more
1618 - Revised Redhat initscript to fix bug: sshd (re)start would fail
1619 if executed from inside a ssh login.
Damien Millerb0284381999-11-13 13:30:28 +11001620
Damien Miller776af5d1999-11-12 08:49:09 +1100162119991112
1622 - Merged changes from OpenBSD CVS
1623 - [sshd.c] session_key_int may be zero
Damien Miller32265091999-11-12 11:33:04 +11001624 - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
1625 IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
1626 deraadt,millert
1627 - Brought default sshd_config more in line with OpenBSD's
Damien Millerb9a692d1999-11-12 12:09:36 +11001628 - Grab server in gnome-ssh-askpass (Debian bug #49872)
1629 - Released 1.2pre10
Damien Miller776af5d1999-11-12 08:49:09 +11001630
Damien Millerb5f89271999-11-12 14:35:58 +11001631 - Added INSTALL documentation
Damien Miller6d7b2cd1999-11-12 15:19:27 +11001632 - Merged yet more changes from OpenBSD CVS
1633 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
1634 [ssh.c ssh.h sshconnect.c sshd.c]
1635 make all access to options via 'extern Options options'
1636 and 'extern ServerOptions options' respectively;
1637 options are no longer passed as arguments:
1638 * make options handling more consistent
1639 * remove #include "readconf.h" from ssh.h
1640 * readconf.h is only included if necessary
1641 - [mpaux.c] clear temp buffer
1642 - [servconf.c] print _all_ bad options found in configfile
Damien Miller3d1b22c1999-11-12 15:46:08 +11001643 - Make ssh-askpass support optional through autoconf
Damien Miller9c8da3c1999-11-12 16:28:02 +11001644 - Fix nasty division-by-zero error in scp.c
1645 - Released 1.2pre11
Damien Millerb5f89271999-11-12 14:35:58 +11001646
Damien Millerab18c411999-11-11 10:40:23 +1100164719991111
1648 - Added (untested) Entropy Gathering Daemon (EGD) support
Damien Miller4236f6e1999-11-12 12:22:31 +11001649 - Fixed /dev/urandom fd leak (Debian bug #49722)
Damien Miller33e511e1999-11-11 11:43:13 +11001650 - Merged OpenBSD CVS changes:
1651 - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
1652 - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
1653 - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
Damien Miller428f2471999-11-11 12:48:35 +11001654 - Fix integer overflow which was messing up scp's progress bar for large
Damien Millerc4c647f1999-12-18 20:54:52 +11001655 file transfers. Fix submitted to OpenBSD developers. Report and fix
1656 from Kees Cook <cook@cpoint.net>
Damien Miller5ce662a1999-11-11 17:57:39 +11001657 - Merged more OpenBSD CVS changes:
1658 - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
1659 + krb-cleanup cleanup
1660 - [clientloop.c log-client.c log-server.c ]
1661 [readconf.c readconf.h servconf.c servconf.h ]
1662 [ssh.1 ssh.c ssh.h sshd.8]
1663 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
1664 obsoletes QuietMode and FascistLogging in sshd.
Damien Miller776af5d1999-11-12 08:49:09 +11001665 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
1666 allow session_key_int != sizeof(session_key)
1667 [this should fix the pre-assert-removal-core-files]
1668 - Updated default config file to use new LogLevel option and to improve
1669 readability
1670
Damien Millerb77870f1999-11-10 12:48:08 +1100167119991110
Damien Miller4236f6e1999-11-12 12:22:31 +11001672 - Merged several minor fixes:
Damien Millerb77870f1999-11-10 12:48:08 +11001673 - ssh-agent commandline parsing
1674 - RPM spec file now installs ssh setuid root
1675 - Makefile creates libdir
Damien Millerab18c411999-11-11 10:40:23 +11001676 - Merged beginnings of Solaris compability from Marc G. Fournier
1677 <marc.fournier@acadiau.ca>
Damien Millerb77870f1999-11-10 12:48:08 +11001678
Damien Millerc7b38ce1999-11-09 10:28:04 +1100167919991109
1680 - Autodetection of SSL/Crypto library location via autoconf
1681 - Fixed location of ssh-askpass to follow autoconf
1682 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1683 - Autodetection of RSAref library for US users
1684 - Minor doc updates
Damien Millerda217a01999-11-09 10:35:52 +11001685 - Merged OpenBSD CVS changes:
1686 - [rsa.c] bugfix: use correct size for memset()
1687 - [sshconnect.c] warn if announced size of modulus 'n' != real size
Damien Miller742d2cb1999-11-09 14:28:26 +11001688 - Added GNOME passphrase requestor (use --with-gnome-askpass)
Damien Miller3f51bf51999-11-09 14:46:02 +11001689 - RPM build now creates subpackages
Damien Miller74389c91999-11-09 15:03:01 +11001690 - Released 1.2pre9
Damien Millerc7b38ce1999-11-09 10:28:04 +11001691
Damien Miller356a0b01999-11-08 15:30:59 +1100169219991108
1693 - Removed debian/ directory. This is now being maintained separately.
1694 - Added symlinks for slogin in RPM spec file
1695 - Fixed permissions on manpages in RPM spec file
1696 - Added references to required libraries in README file
1697 - Removed config.h.in from CVS
1698 - Removed pwdb support (better pluggable auth is provided by glibc)
1699 - Made PAM and requisite libdl optional
1700 - Removed lots of unnecessary checks from autoconf
1701 - Added support and autoconf test for openpty() function (Unix98 pty support)
1702 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
1703 - Added TODO file
1704 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
1705 - Added ssh-askpass program
1706 - Added ssh-askpass support to ssh-add.c
1707 - Create symlinks for slogin on install
1708 - Fix "distclean" target in makefile
1709 - Added example for ssh-agent to manpage
1710 - Added support for PAM_TEXT_INFO messages
1711 - Disable internal /etc/nologin support if PAM enabled
1712 - Merged latest OpenBSD CVS changes:
Damien Millerfd7c9111999-11-08 16:15:55 +11001713 - [all] replace assert() with error, fatal or packet_disconnect
Damien Miller356a0b01999-11-08 15:30:59 +11001714 - [sshd.c] don't send fail-msg but disconnect if too many authentication
1715 failures
Damien Miller356a0b01999-11-08 15:30:59 +11001716 - [sshd.c] remove unused argument. ok dugsong
1717 - [sshd.c] typo
1718 - [rsa.c] clear buffers used for encryption. ok: niels
1719 - [rsa.c] replace assert() with error, fatal or packet_disconnect
Damien Miller5ac5f1c1999-11-08 15:50:14 +11001720 - [auth-krb4.c] remove unused argument. ok dugsong
Damien Miller356a0b01999-11-08 15:30:59 +11001721 - Fixed coredump after merge of OpenBSD rsa.c patch
Damien Millere8d90681999-11-08 18:09:57 +11001722 - Released 1.2pre8
Damien Miller356a0b01999-11-08 15:30:59 +11001723
Damien Miller0aa8e531999-11-02 19:05:02 +1100172419991102
1725 - Merged change from OpenBSD CVS
1726 - One-line cleanup in sshd.c
1727
Damien Miller744da801999-10-30 09:12:25 +1000172819991030
1729 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
Damien Miller1e4772c1999-10-30 11:39:56 +10001730 - Merged latest updates for OpenBSD CVS:
1731 - channels.[ch] - remove broken x11 fix and document istate/ostate
1732 - ssh-agent.c - call setsid() regardless of argv[]
1733 - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
1734 - Documentation cleanups
1735 - Renamed README -> README.Ylonen
1736 - Renamed README.openssh ->README
Damien Miller744da801999-10-30 09:12:25 +10001737
Damien Miller070f7a11999-10-29 10:29:29 +1000173819991029
1739 - Renamed openssh* back to ssh* at request of Theo de Raadt
1740 - Incorporated latest changes from OpenBSD's CVS
1741 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1742 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
Damien Miller07a826d1999-10-29 11:49:20 +10001743 - Make distclean now removed configure script
1744 - Improved PAM logging
1745 - Added some debug() calls for PAM
Damien Miller65b3c131999-10-29 12:37:01 +10001746 - Removed redundant subdirectories
1747 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
1748 building on Debian.
Damien Millerd0562b31999-10-29 13:09:40 +10001749 - Fixed off-by-one error in PAM env patch
1750 - Released 1.2pre6
Damien Miller070f7a11999-10-29 10:29:29 +10001751
Damien Miller7f6ea021999-10-28 13:25:17 +1000175219991028
1753 - Further PAM enhancements.
1754 - Much cleaner
1755 - Now uses account and session modules for all logins.
1756 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
1757 - Build fixes
1758 - Autoconf
1759 - Change binary names to open*
1760 - Fixed autoconf script to detect PAM on RH6.1
1761 - Added tests for libpwdb, and OpenBSD functions to autoconf
Damien Millereff18d61999-10-28 14:14:38 +10001762 - Released 1.2pre4
Damien Miller29b5a591999-10-28 15:46:27 +10001763
1764 - Imported latest OpenBSD CVS code
1765 - Updated README.openssh
Damien Miller34d0b611999-10-28 17:51:40 +10001766 - Released 1.2pre5
Damien Miller29b5a591999-10-28 15:46:27 +10001767
Damien Miller7f6ea021999-10-28 13:25:17 +1000176819991027
1769 - Adapted PAM patch.
1770 - Released 1.0pre2
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001771
Damien Miller7f6ea021999-10-28 13:25:17 +10001772 - Excised my buggy replacements for strlcpy and mkdtemp
1773 - Imported correct OpenBSD strlcpy and mkdtemp routines.
1774 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
1775 - Picked up correct version number from OpenBSD
1776 - Added sshd.pam PAM configuration file
1777 - Added sshd.init Redhat init script
1778 - Added openssh.spec RPM spec file
1779 - Released 1.2pre3
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001780
Damien Miller7f6ea021999-10-28 13:25:17 +1000178119991026
1782 - Fixed include paths of OpenSSL functions
1783 - Use OpenSSL MD5 routines
1784 - Imported RC4 code from nanocrypt
1785 - Wrote replacements for OpenBSD arc4random* functions
1786 - Wrote replacements for strlcpy and mkdtemp
1787 - Released 1.0pre1