blob: b1ed0552ece4b7cb62bb3e5365779f32e26bead4 [file] [log] [blame]
Damien Millerf3bff942003-06-02 12:13:40 +1000120030602
2 - (djm) Fix segv from bad reordering in auth-pam.c
Damien Millerf2e3e9d2003-06-02 12:15:54 +10003 - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
4 clobber
Tim Rice237ca4a2003-06-01 19:25:27 -07005 - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
6 CVS ID.
Damien Millerdba59502003-06-02 17:43:19 +10007 - (djm) Remove "noip6" option from RedHat spec file. This may now be
8 set at runtime using AddressFamily option.
Damien Millerdcc83122003-06-02 18:57:59 +10009 - (djm) Fix use of macro before #define in cipher-aes.c
Damien Millerf4684422003-06-02 18:59:08 +100010 - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
Damien Millerf3bff942003-06-02 12:13:40 +100011
Darren Tucker3cb84e52003-05-30 16:58:22 +10001220030530
13 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
14 roumenpetrov.info
Darren Tucker2972d6c2003-05-30 17:43:42 +100015 - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
Darren Tucker3cb84e52003-05-30 16:58:22 +100016
Damien Millera6a7c192003-05-26 21:36:13 +10001720030526
18 - (djm) Avoid auth2-chall.c warning when compiling without
19 PAM, BSD_AUTH and SKEY
20
Damien Millerc11fe252003-05-25 14:38:02 +10002120030525
22- (djm) OpenBSD CVS Sync
23 - djm@cvs.openbsd.org 2003/05/24 09:02:22
24 [log.c]
25 pass logged data through strnvis; ok markus
Damien Miller04bd8b02003-05-25 14:38:33 +100026 - djm@cvs.openbsd.org 2003/05/24 09:30:40
27 [authfile.c monitor.c sftp-common.c sshpty.c]
28 cast some types for printing; ok markus@
Damien Millerc11fe252003-05-25 14:38:02 +100029
Darren Tucker60145782003-05-24 11:41:16 +10003020030524
31 - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
32
Damien Millerd419bda2003-05-23 18:43:40 +10003320030523
34 - (djm) Use VIS_SAFE on logged strings rather than default strnvis
35 encoding (which encodes many more characters)
Damien Miller50677922003-05-23 18:44:04 +100036 - OpenBSD CVS Sync
37 - jmc@cvs.openbsd.org 2003/05/20 12:03:35
38 [sftp.1]
39 - new sentence, new line
40 - added .Xr's
41 - typos
42 ok djm@
Damien Millerfbf486b2003-05-23 18:44:23 +100043 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
44 [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
45 new sentence, new line
Damien Miller08293fa2003-05-23 18:44:41 +100046 - djm@cvs.openbsd.org 2003/05/23 08:29:30
47 [sshconnect.c]
48 fix leak; ok markus@
Damien Millerd419bda2003-05-23 18:43:40 +100049
Damien Miller74a34422003-05-20 09:24:17 +10005020030520
51 - (djm) OpenBSD CVS Sync
52 - deraadt@cvs.openbsd.org 2003/05/18 23:22:01
53 [log.c]
54 use syslog_r() in a signal handler called place; markus ok
Damien Miller1340ec22003-05-20 09:24:42 +100055 - (djm) Configure logic to detect syslog_r and friends
Damien Miller74a34422003-05-20 09:24:17 +100056
Damien Millereb0e9692003-05-19 11:28:44 +10005720030519
58 - (djm) Sync auth-pam.h with what we actually implement
59
6020030518
Damien Miller25d93422003-05-18 20:45:47 +100061 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
62 recent merge
Damien Miller20a8f972003-05-18 20:50:30 +100063 - (djm) OpenBSD CVS Sync
64 - djm@cvs.openbsd.org 2003/05/16 03:27:12
65 [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
66 add AddressFamily option to ssh_config (like -4, -6 on commandline).
67 Portable bug #534; ok markus@
Damien Millera9825782003-05-18 20:53:10 +100068 - itojun@cvs.openbsd.org 2003/05/17 03:25:58
69 [auth-rhosts.c]
70 just in case, put numbers to sscanf %s arg.
Damien Millerf5399c22003-05-18 20:53:59 +100071 - markus@cvs.openbsd.org 2003/05/17 04:27:52
72 [cipher.c cipher-ctr.c myproposal.h]
73 experimental support for aes-ctr modes from
74 http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
75 ok djm@
Damien Miller7e1bbc52003-05-18 20:52:40 +100076 - (djm) Remove IPv4 by default hack now that we can specify AF in config
Damien Miller0b8e9002003-05-18 21:44:07 +100077 - (djm) Tidy and trim TODO
Damien Millere323df62003-05-18 22:24:09 +100078 - (djm) Sync openbsd-compat/ with OpenBSD CVS head
Damien Miller31741252003-05-19 00:13:38 +100079 - (djm) Big KNF on openbsd-compat/
Damien Miller5b5ca192003-05-19 00:50:02 +100080 - (djm) KNF on md5crypt.[ch]
81 - (djm) KNF on auth-sia.[ch]
Damien Miller25d93422003-05-18 20:45:47 +100082
8320030517
Ben Lindstrom4c9e9ab2003-05-18 01:22:43 +000084 - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
85
Damien Miller6e80c362003-05-16 11:38:00 +10008620030516
87 - (djm) OpenBSD CVS Sync
88 - djm@cvs.openbsd.org 2003/05/15 13:52:10
89 [ssh.c]
90 Make "ssh -V" print the OpenSSL version in a human readable form. Patch
91 from Craig Leres (mindrot at ee.lbl.gov); ok markus@
Damien Millerf9b3feb2003-05-16 11:38:32 +100092 - jakob@cvs.openbsd.org 2003/05/15 14:02:47
93 [readconf.c servconf.c]
94 warn for unsupported config option. ok markus@
Damien Miller99b4b882003-05-16 11:38:46 +100095 - markus@cvs.openbsd.org 2003/05/15 14:09:21
96 [auth2-krb5.c]
97 fix 64bit issue; report itojun@
Damien Millerb78d5eb2003-05-16 11:39:04 +100098 - djm@cvs.openbsd.org 2003/05/15 14:55:25
99 [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
100 add a ConnectTimeout option to ssh, based on patch from
101 Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
Damien Miller6ac2c482003-05-16 11:42:35 +1000102 - (djm) Add warning for UsePAM when built without PAM support
Damien Millerc46b6bc2003-05-16 15:51:44 +1000103 - (djm) A few type mismatch fixes from Bug #565
Damien Millere27c6cc2003-05-16 18:21:01 +1000104 - (djm) Guard free_pam_environment against NULL argument. Works around
105 HP/UX PAM problems debugged by dtucker
Damien Miller6e80c362003-05-16 11:38:00 +1000106
Damien Millerabbae982003-05-15 10:16:21 +100010720030515
108 - (djm) OpenBSD CVS Sync
109 - jmc@cvs.openbsd.org 2003/05/14 13:11:56
110 [ssh-agent.1]
111 setup -> set up;
112 from wiz@netbsd
Damien Miller37876e92003-05-15 10:19:46 +1000113 - jakob@cvs.openbsd.org 2003/05/14 18:16:20
114 [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
115 [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
116 add experimental support for verifying hos keys using DNS as described
117 in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
118 ok markus@ and henning@
Damien Miller54c45982003-05-15 10:20:13 +1000119 - markus@cvs.openbsd.org 2003/05/14 22:24:42
120 [clientloop.c session.c ssh.1]
121 allow to send a BREAK to the remote system; ok various
Damien Millerf842fcb2003-05-15 12:01:28 +1000122 - markus@cvs.openbsd.org 2003/05/15 00:28:28
123 [sshconnect2.c]
124 cleanup unregister of per-method packet handlers; ok djm@
Damien Miller2aa0ab42003-05-15 12:05:28 +1000125 - jakob@cvs.openbsd.org 2003/05/15 01:48:10
126 [readconf.c readconf.h servconf.c servconf.h]
127 always parse kerberos options. ok djm@ markus@
Damien Millerb0622652003-05-15 13:27:28 +1000128 - jakob@cvs.openbsd.org 2003/05/15 02:27:15
129 [dns.c]
130 add missing freerrset
Damien Miller3a3261f2003-05-15 13:37:19 +1000131 - markus@cvs.openbsd.org 2003/05/15 03:08:29
132 [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
133 split out custom EVP ciphers
Damien Millered12a262003-05-15 13:37:43 +1000134 - djm@cvs.openbsd.org 2003/05/15 03:10:52
135 [ssh-keygen.c]
136 avoid warning; ok jakob@
Damien Miller4962ed62003-05-15 13:48:59 +1000137 - mouring@cvs.openbsd.org 2003/05/15 03:39:07
138 [sftp-int.c]
139 Make put/get (globed and nonglobed) code more consistant. OK djm@
Damien Miller19c8f2b2003-05-15 13:49:21 +1000140 - mouring@cvs.openbsd.org 2003/05/15 03:43:59
Damien Miller34bb5672003-05-15 13:49:58 +1000141 [sftp-int.c sftp.c]
Damien Miller19c8f2b2003-05-15 13:49:21 +1000142 Teach ls how to display multiple column display and allow users
143 to return to single column format via 'ls -1'. OK @djm
Damien Miller156cbe82003-05-15 14:16:41 +1000144 - jakob@cvs.openbsd.org 2003/05/15 04:08:44
145 [readconf.c servconf.c]
146 disable kerberos when not supported. ok markus@
Damien Miller46a7b402003-05-15 14:17:28 +1000147 - markus@cvs.openbsd.org 2003/05/15 04:08:41
148 [ssh.1]
149 ~B is ssh2 only
Damien Miller2aa0ab42003-05-15 12:05:28 +1000150 - (djm) Always parse UsePAM
Damien Miller7abe09b2003-05-15 10:53:49 +1000151 - (djm) Configure glue for DNS support (code doesn't work in portable yet)
Damien Millerd9ec3702003-05-15 12:27:08 +1000152 - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
Damien Millera47f5262003-05-15 13:23:07 +1000153 - (djm) Tidy Makefile clean targets
Damien Miller5975cf12003-05-15 13:23:36 +1000154 - (djm) Adapt README.dns for portable
Damien Millerffda4cb2003-05-15 13:57:51 +1000155 - (djm) Avoid uuencode.c warnings
Damien Miller156cbe82003-05-15 14:16:41 +1000156 - (djm) Enable UsePAM when built --with-pam
Damien Millerb10f1cd2003-05-15 20:55:27 +1000157 - (djm) Only build getrrsetbyname replacement when using --with-dns
Damien Miller04cb5362003-05-15 21:29:10 +1000158 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
159 correctly)
Damien Millereff041d2003-05-15 21:33:46 +1000160 - (djm) Bug #444: Wrong paths after reconfigure
Darren Tucker5d0ccf32003-05-15 21:42:59 +1000161 - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
Damien Miller04cb5362003-05-15 21:29:10 +1000162
Damien Miller1a27a1e2003-05-14 10:27:09 +100016320030514
164 - (djm) Bug #117: Don't lie to PAM about username
Damien Millerd5580922003-05-14 13:40:06 +1000165 - (djm) RCSID sync w/ OpenBSD
Damien Millerc652cac2003-05-14 13:40:54 +1000166 - (djm) OpenBSD CVS Sync
167 - djm@cvs.openbsd.org 2003/04/09 12:00:37
168 [readconf.c]
169 strip trailing whitespace from config lines before parsing.
170 Fixes bz 528; ok markus@
Damien Millera201bb32003-05-14 13:41:23 +1000171 - markus@cvs.openbsd.org 2003/04/12 10:13:57
172 [cipher.c]
173 hide cipher details; ok djm@
Damien Milleref095ce2003-05-14 13:41:39 +1000174 - markus@cvs.openbsd.org 2003/04/12 10:15:36
175 [misc.c]
176 debug->debug2
Damien Miller44e72a72003-05-14 13:42:08 +1000177 - naddy@cvs.openbsd.org 2003/04/12 11:40:15
178 [ssh.1]
179 document -V switch, fix wording; ok markus@
Damien Miller2372ace2003-05-14 13:42:23 +1000180 - markus@cvs.openbsd.org 2003/04/14 14:17:50
181 [channels.c sshconnect.c sshd.c ssh-keyscan.c]
182 avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
Damien Miller8ce778a2003-05-14 13:43:25 +1000183 - mouring@cvs.openbsd.org 2003/04/14 21:31:27
184 [sftp-int.c]
185 Missing globfree(&g) in process_put() spotted by Vince Brimhall
186 <VBrimhall@novell.com>. ok@ Theo
187 - markus@cvs.openbsd.org 2003/04/16 14:35:27
188 [auth.h]
189 document struct Authctxt; with solar
Damien Millerea5ade22003-05-14 13:43:53 +1000190 - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
191 [ssh-keyscan.c]
192 -t in usage(); rogier@quaak.org
Damien Miller049245d2003-05-14 13:44:42 +1000193 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
194 [sshd.8 sshd_config.5]
195 Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
196 Bug #550 and * escaping suggested by jmc@.
Damien Miller31554322003-05-14 13:44:58 +1000197 - david@cvs.openbsd.org 2003/04/30 20:41:07
198 [sshd.8]
199 fix invalid .Pf macro usage introduced in previous commit
200 ok jmc@ mouring@
Damien Millerdb274722003-05-14 13:45:22 +1000201 - markus@cvs.openbsd.org 2003/05/11 16:56:48
202 [authfile.c ssh-keygen.c]
203 change key_load_public to try to read a public from:
204 rsa1 private or rsa1 public and ssh2 keys.
205 this makes ssh-keygen -e fail for ssh1 keys more gracefully
206 for example; report from itojun (netbsd pr 20550).
Damien Millerb1ca8bb2003-05-14 13:45:42 +1000207 - markus@cvs.openbsd.org 2003/05/11 20:30:25
208 [channels.c clientloop.c serverloop.c session.c ssh.c]
209 make channel_new() strdup the 'remote_name' (not the caller); ok theo
Damien Miller280ecfb2003-05-14 13:46:00 +1000210 - markus@cvs.openbsd.org 2003/05/12 16:55:37
211 [sshconnect2.c]
212 for pubkey authentication try the user keys in the following order:
213 1. agent keys that are found in the config file
214 2. other agent keys
215 3. keys that are only listed in the config file
216 this helps when an agent has many keys, where the server might
217 close the connection before the correct key is used. report & ok pb@
Damien Miller93506352003-05-14 13:46:33 +1000218 - markus@cvs.openbsd.org 2003/05/12 18:35:18
219 [ssh-keyscan.1]
220 typo: DSA keys are of type ssh-dss; Brian Poole
Damien Millerfb7508e2003-05-14 13:47:07 +1000221 - markus@cvs.openbsd.org 2003/05/14 00:52:59
222 [ssh2.h]
223 ranges for per auth method messages
224 - djm@cvs.openbsd.org 2003/05/14 01:00:44
225 [sftp.1]
226 emphasise the batchmode functionality and make reference to pubkey auth,
227 both of which are FAQs; ok markus@
Damien Miller3ab496b2003-05-14 13:47:37 +1000228 - markus@cvs.openbsd.org 2003/05/14 02:15:47
229 [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
230 implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
231 server interops with commercial client; ok jakob@ djm@
Damien Millerd6ead282003-05-14 19:30:38 +1000232 - jmc@cvs.openbsd.org 2003/05/14 08:25:39
233 [sftp.1]
234 - better formatting in SYNOPSIS
235 - whitespace at EOL
236 ok djm@
Damien Millerbe64d432003-05-14 19:31:12 +1000237 - markus@cvs.openbsd.org 2003/05/14 08:57:49
238 [monitor.c]
239 http://bugzilla.mindrot.org/show_bug.cgi?id=560
240 Privsep child continues to run after monitor killed.
241 Pass monitor signals through to child; Darren Tucker
Damien Miller9c617692003-05-14 14:31:11 +1000242 - (djm) Make portable build with MIT krb5 (some issues remain)
Damien Miller4e448a32003-05-14 15:11:48 +1000243 - (djm) Add new UsePAM configuration directive to allow runtime control
244 over usage of PAM. This allows non-root use of sshd when built with
245 --with-pam
Damien Miller9d507da2003-05-14 15:31:12 +1000246 - (djm) Die screaming if start_pam() is called when UsePAM=no
Damien Miller4d995192003-05-14 19:23:56 +1000247 - (djm) Avoid KrbV leak for MIT Kerberos
Darren Tuckerabef5622003-05-14 21:48:51 +1000248 - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
Damien Miller1ea71662003-05-14 22:33:58 +1000249 - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
Damien Miller1a27a1e2003-05-14 10:27:09 +1000250
Damien Miller75d3b052003-05-12 18:15:49 +100025120030512
252 - (djm) Redhat spec: Don't install profile.d scripts when not
253 building with GNOME/GTK askpass (patch from bet@rahul.net)
254
Darren Tuckere8831092003-05-10 16:48:23 +100025520030510
256 - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
257 "make install". Patch by roth@feep.net.
Darren Tuckerc437cda2003-05-10 17:05:46 +1000258 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
259 problem on Linux (fixes "could not set controlling tty" errors).
Damien Miller4f9f42a2003-05-10 19:28:02 +1000260 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
261 proper challenge-response module
Damien Miller0d8b7922003-05-10 23:42:12 +1000262 - (djm) 2-clause license on loginrec.c, with permission from
263 andre@ae-35.com
Darren Tuckere8831092003-05-10 16:48:23 +1000264
Darren Tucker70a08cd2003-05-04 10:41:20 +100026520030504
Darren Tuckerac279282003-05-04 11:36:25 +1000266 - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
267 Patch from vinschen@redhat.com.
Darren Tucker70a08cd2003-05-04 10:41:20 +1000268
Darren Tucker04cc5382003-05-03 07:32:56 +100026920030503
270 - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
271 by wendyp@cray.com.
272
Darren Tucker3c016542003-05-02 20:48:21 +100027320030502
274 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
275 privsep should now work.
Darren Tucker97363a82003-05-02 23:42:25 +1000276 - (dtucker) Move handling of bad password authentications into a platform
Darren Tuckerbd570d72003-05-02 23:50:09 +1000277 specific record_failed_login() function (affects AIX & Unicos). ok mouring@
Darren Tucker3c016542003-05-02 20:48:21 +1000278
Damien Millereab4bae2003-04-29 23:22:40 +100027920030429
280 - (djm) Add back radix.o (used by AFS support), after it went missing from
281 Makefile many moons ago
282 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
283 - (djm) Fix blibpath specification for AIX/gcc
284 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
285
Ben Lindstrom0e7f4362003-04-28 23:30:43 +000028620030428
287 - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
288 hacked code.
289
Ben Lindstrom93b6b772003-04-27 17:55:33 +000029020030427
291 - (bal) Bug #541: return; was dropped by mistake. Reported by
292 furrier@iglou.com
Ben Lindstrom796b9a52003-04-27 18:01:37 +0000293 - (bal) Since we don't support platforms lacking u_int_64. We may
294 as well clean out some of those evil #ifdefs
Ben Lindstrom683036e2003-04-27 18:41:30 +0000295 - (bal) auth1.c minor resync while looking at the code.
Ben Lindstromf50ad1f2003-04-27 18:44:31 +0000296 - (bal) auth2.c same changed as above.
Ben Lindstrom93b6b772003-04-27 17:55:33 +0000297
Damien Millerd186d742003-04-09 19:40:33 +100029820030409
299 - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
300 from matth@eecs.berkeley.edu
Damien Millera92a5892003-04-09 19:41:25 +1000301 - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
Damien Millera5539d22003-04-09 20:50:06 +1000302 - (djm) OpenBSD CVS Sync
303 - markus@cvs.openbsd.org 2003/04/02 09:48:07
304 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
305 [readconf.h serverloop.c sshconnect2.c]
306 reapply rekeying chage, tested by henning@, ok djm@
Damien Miller703ced52003-04-09 20:50:26 +1000307 - markus@cvs.openbsd.org 2003/04/02 14:36:26
308 [ssh-keysign.c]
309 potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
Damien Miller3bed1912003-04-09 20:50:59 +1000310 - itojun@cvs.openbsd.org 2003/04/03 07:25:27
311 [progressmeter.c]
312 $OpenBSD$
313 - itojun@cvs.openbsd.org 2003/04/03 10:17:35
314 [progressmeter.c]
315 remove $OpenBSD$, as other *.c does not have it.
Damien Millerb1ecd9c2003-04-09 20:51:24 +1000316 - markus@cvs.openbsd.org 2003/04/07 08:29:57
317 [monitor_wrap.c]
318 typo: get correct counters; introduced during rekeying change.
Damien Millera0898b82003-04-09 21:05:52 +1000319 - millert@cvs.openbsd.org 2003/04/07 21:58:05
320 [progressmeter.c]
321 The UCB copyright here is incorrect. This code did not originate
322 at UCB, it was written by Luke Mewburn. Updated the copyright at
323 the author's request. markus@ OK
324 - itojun@cvs.openbsd.org 2003/04/08 20:21:29
325 [*.c *.h]
326 rename log() into logit() to avoid name conflict. markus ok, from
327 netbsd
328 - (djm) XXX - Performed locally using:
329 "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
Damien Millerbf2a0172003-04-09 21:07:14 +1000330 - hin@cvs.openbsd.org 2003/04/09 08:23:52
331 [servconf.c]
332 Don't include <krb.h> when compiling with Kerberos 5 support
Damien Millera0898b82003-04-09 21:05:52 +1000333 - (djm) Fix up missing include for packet.c
Damien Miller2a3f20e2003-04-09 21:12:00 +1000334 - (djm) Fix missed log => logit occurance (reference by function pointer)
Damien Millerd186d742003-04-09 19:40:33 +1000335
Ben Lindstromc8a49d72003-04-02 15:18:22 +000033620030402
337 - (bal) if IP_TOS is not found or broken don't try to compile in
338 packet_set_tos() function call. bug #527
339
Damien Miller495dca32003-04-01 21:42:14 +100034020030401
341 - (djm) OpenBSD CVS Sync
342 - jmc@cvs.openbsd.org 2003/03/28 10:11:43
343 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
344 [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
345 - killed whitespace
346 - new sentence new line
347 - .Bk for arguments
348 ok markus@
Damien Miller2dc074e2003-04-01 21:43:39 +1000349 - markus@cvs.openbsd.org 2003/04/01 10:10:23
350 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
351 [readconf.h serverloop.c sshconnect2.c]
352 rekeying bugfixes and automatic rekeying:
353 * both client and server rekey _automatically_
354 (a) after 2^31 packets, because after 2^32 packets
355 the sequence number for packets wraps
356 (b) after 2^(blocksize_in_bits/4) blocks
357 (see: draft-ietf-secsh-newmodes-00.txt)
358 (a) and (b) are _enabled_ by default, and only disabled for known
359 openssh versions, that don't support rekeying properly.
360 * client option 'RekeyLimit'
361 * do not reply to requests during rekeying
362 - markus@cvs.openbsd.org 2003/04/01 10:22:21
363 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
364 [readconf.h serverloop.c sshconnect2.c]
365 backout rekeying changes (for 3.6.1)
Damien Millerd3209042003-04-01 21:44:37 +1000366 - markus@cvs.openbsd.org 2003/04/01 10:31:26
367 [compat.c compat.h kex.c]
368 bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
369 tested by ho@ and myself
Damien Miller13c1c7a2003-04-01 21:45:26 +1000370 - markus@cvs.openbsd.org 2003/04/01 10:56:46
371 [version.h]
372 3.6.1
Damien Millerb80e52a2003-04-01 21:46:53 +1000373 - (djm) Crank spec file versions
Damien Millera0ab6692003-04-01 21:47:16 +1000374 - (djm) Release 3.6.1p1
Damien Miller495dca32003-04-01 21:42:14 +1000375
Damien Millerb3207e82003-03-26 16:01:11 +110037620030326
377 - (djm) OpenBSD CVS Sync
378 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
379 [sftp-server.c]
380 one last fix to the tree: race fix broke stuff; pr 3169;
381 srp@srparish.net, help from djm
382
Damien Miller68d893d2003-03-25 09:07:52 +110038320030325
384 - (djm) Fix getpeerid support for 64 bit BE systems. From
385 Arnd Bergmann <arndb@de.ibm.com>
386
Damien Millerb062c292003-03-24 09:12:09 +110038720030324
388 - (djm) OpenBSD CVS Sync
389 - markus@cvs.openbsd.org 2003/03/23 19:02:00
390 [monitor.c]
391 unbreak rekeying for privsep; ok millert@
392 - Release 3.6p1
Damien Miller62b6b172003-03-24 13:35:58 +1100393 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
394 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
Damien Millerb062c292003-03-24 09:12:09 +1100395
Damien Miller05f55782003-03-20 10:08:05 +110039620030320
397 - (djm) OpenBSD CVS Sync
398 - markus@cvs.openbsd.org 2003/03/17 10:38:38
399 [progressmeter.c]
400 don't print \n if backgrounded; from ho@
Damien Miller4874c322003-03-20 10:11:34 +1100401 - markus@cvs.openbsd.org 2003/03/17 11:43:47
402 [version.h]
403 enter 3.6
Ben Lindstrom5bd6eb72003-03-21 00:34:34 +0000404 - (bal) The days of lack of int64_t support are over. Sorry kids.
Ben Lindstromd54d9382003-03-21 00:55:32 +0000405 - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
Ben Lindstroma5a26482003-03-21 01:05:37 +0000406 - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
407 guessing rules)
Ben Lindstromc8c548d2003-03-21 01:18:09 +0000408 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
409 with SIA. Also, clean up of tru64 support patch by Chris Adams
410 <cmadams@hiwaay.net>
Tim Rice009b23f2003-03-20 20:50:41 -0800411 - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files
Damien Miller05f55782003-03-20 10:08:05 +1100412
Tim Rice4e4dc562003-03-18 10:21:40 -080041320030318
414 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
415 add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au>
416
Damien Millercafbcc72003-03-17 16:13:53 +110041720030317
418 - (djm) Fix return value checks for RAND_bytes. Report from
419 Steve G <linux_4ever@yahoo.com>
420
Damien Millered33d3b2003-03-15 11:36:18 +110042120030315
422 - (djm) OpenBSD CVS Sync
423 - markus@cvs.openbsd.org 2003/03/13 11:42:19
424 [authfile.c ssh-keysign.c]
425 move RSA_blinding_on to generic key load method
Damien Millerc51d0732003-03-15 11:37:09 +1100426 - markus@cvs.openbsd.org 2003/03/13 11:44:50
427 [ssh-agent.c]
428 ssh-agent is similar to ssh-keysign (allows other processes to use
429 private rsa keys). however, it gets key over socket and not from
430 a file, so we have to do blinding here as well.
Damien Millered33d3b2003-03-15 11:36:18 +1100431
Damien Miller00111382003-03-10 11:21:17 +110043220030310
433- (djm) OpenBSD CVS Sync
434 - markus@cvs.openbsd.org 2003/03/05 22:33:43
435 [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
436 [sftp-server.c ssh-add.c sshconnect2.c]
437 fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
Damien Millerf211efc2003-03-10 11:23:06 +1100438 - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/
439 CLOUSEAU
Damien Miller933cc8f2003-03-10 11:38:10 +1100440 - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
441 dtucker@zip.com.au
Damien Millerc9c1d372003-03-10 12:10:45 +1100442 - (djm) AIX package builder update from dtucker@zip.com.au
Damien Miller00111382003-03-10 11:21:17 +1100443
Damien Millerca49a972003-02-25 10:22:35 +110044420030225
445 - (djm) Fix some compile errors spotted by dtucker and his fabulous
446 tinderbox
447
Damien Miller07759762003-02-24 11:48:22 +110044820030224
449 - (djm) Tweak gnome-ssh-askpass2:
450 - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't
451 immediately fail if you are doing something else when it appears (e.g.
452 dragging a window)
453 - Perform server grab after we have the keyboard and/or pointer to avoid
454 races.
Damien Miller180fc5b2003-02-24 11:50:18 +1100455 - (djm) OpenBSD CVS Sync
456 - markus@cvs.openbsd.org 2003/01/27 17:06:31
457 [sshd.c]
458 more specific error message when /var/empty has wrong permissions;
459 bug #46, map@appgate.com; ok henning@, provos@, stevesk@
Damien Miller8ee66a22003-02-24 11:50:50 +1100460 - markus@cvs.openbsd.org 2003/01/28 16:11:52
461 [scp.1]
462 document -l; pekkas@netcore.fi
Damien Miller2eb26e82003-02-24 11:51:32 +1100463 - stevesk@cvs.openbsd.org 2003/01/28 17:24:51
464 [scp.1]
465 remove example not pertinent with -1 addition; ok markus@
Damien Millerffadc582003-02-24 11:52:26 +1100466 - jmc@cvs.openbsd.org 2003/01/31 21:54:40
467 [sshd.8]
468 typos; sshd(8): help and ok markus@
469 help and ok millert@
Damien Millereeeeb352003-02-24 11:52:58 +1100470 - markus@cvs.openbsd.org 2003/02/02 10:51:13
471 [scp.c]
472 call okname() only when using system(3) for remote-remote copy;
473 fixes bugs #483, #472; ok deraadt@, mouring@
Damien Millerbabb47a2003-02-24 11:53:32 +1100474 - markus@cvs.openbsd.org 2003/02/02 10:56:08
475 [kex.c]
476 add support for key exchange guesses; based on work by
477 avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
Damien Millere8cea9e2003-02-24 11:54:10 +1100478 - markus@cvs.openbsd.org 2003/02/03 08:56:16
479 [sshpty.c]
480 don't call error() for readonly /dev; from soekris list; ok mcbride,
481 henning, deraadt.
Damien Miller386f1f32003-02-24 11:54:57 +1100482 - markus@cvs.openbsd.org 2003/02/04 09:32:08
483 [key.c]
484 better debug3 message
Damien Millerb7df3af2003-02-24 11:55:46 +1100485 - markus@cvs.openbsd.org 2003/02/04 09:33:22
486 [monitor.c monitor_wrap.c]
487 skey/bsdauth: use 0 to indicate failure instead of -1, because
488 the buffer API only supports unsigned ints.
Damien Miller61f08ac2003-02-24 11:56:27 +1100489 - markus@cvs.openbsd.org 2003/02/05 09:02:28
490 [readconf.c]
491 simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
Damien Miller97f39ae2003-02-24 11:57:01 +1100492 - markus@cvs.openbsd.org 2003/02/06 09:26:23
493 [session.c]
494 missing call to setproctitle() after authentication; ok provos@
Damien Miller9f1e33a2003-02-24 11:57:32 +1100495 - markus@cvs.openbsd.org 2003/02/06 09:27:29
496 [ssh.c ssh_config.5]
497 support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
Damien Miller9e51a732003-02-24 11:58:44 +1100498 - markus@cvs.openbsd.org 2003/02/06 09:29:18
499 [sftp-server.c]
500 fix races in rename/symlink; from Tony Finch; ok djm@
Damien Miller556f9312003-02-24 11:59:26 +1100501 - markus@cvs.openbsd.org 2003/02/06 21:22:43
502 [auth1.c auth2.c]
503 undo broken fix for #387, fixes #486
Damien Miller7b406272003-02-24 12:00:16 +1100504 - markus@cvs.openbsd.org 2003/02/10 11:51:47
505 [ssh-add.1]
506 xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
Damien Millere8a240f2003-02-24 12:01:40 +1100507 - markus@cvs.openbsd.org 2003/02/12 09:33:04
508 [key.c key.h ssh-dss.c ssh-rsa.c]
509 merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
Damien Miller1587fb82003-02-24 12:02:12 +1100510 - markus@cvs.openbsd.org 2003/02/12 21:39:50
511 [crc32.c crc32.h]
512 replace crc32.c with a BSD licensed version; noted by David Turner
Damien Miller8e7fb332003-02-24 12:03:03 +1100513 - markus@cvs.openbsd.org 2003/02/16 17:09:57
514 [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
515 split kex into client and server code, no need to link
516 server code into the client; ok provos@
Damien Miller06ebedf2003-02-24 12:03:38 +1100517 - markus@cvs.openbsd.org 2003/02/16 17:30:33
518 [monitor.c monitor_wrap.c]
519 fix permitrootlogin forced-commands-only for privsep; bux #387;
520 ok provos@
Damien Miller9f82c8f2003-02-24 12:04:33 +1100521 - markus@cvs.openbsd.org 2003/02/21 09:05:53
522 [servconf.c]
523 print sshd_config filename in debug2 mode.
Damien Miller54340212003-02-24 12:05:18 +1100524 - mpech@cvs.openbsd.org 2003/02/21 10:34:48
525 [auth-krb4.c]
526 ...sizeof(&adat.session) is not good here.
527 henning@, deraadt@, millert@
Damien Millerd1940482003-02-24 12:18:46 +1100528 - (djm) Add new object files to Makefile and reorder
Damien Miller30947c72003-02-24 12:35:08 +1100529 - (djm) Bug #501: gai_strerror should return char*;
530 fix from dtucker@zip.com.au
Damien Miller1a3ccb02003-02-24 13:04:01 +1100531 - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter;
532 From vinschen@redhat.com
Damien Miller8d8168a2003-02-24 12:55:55 +1100533 - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc
Damien Miller1a3ccb02003-02-24 13:04:01 +1100534 - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
535 From vinschen@redhat.com
Damien Millerfe1f1432003-02-24 15:45:42 +1100536 - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com
Damien Miller07759762003-02-24 11:48:22 +1100537
Damien Millerc8936ac2003-02-11 10:04:03 +110053820030211
539 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
540
Damien Miller850b9422003-02-06 10:50:42 +110054120030206
542 - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a
543 string service name. Suggested by markus@, review by itojun@
544
Ben Lindstrom4b0f1ad2003-02-01 04:43:34 +000054520030131
546 - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by
547 dtucker@zip.com.au
548
Damien Miller4d9dc1a2003-01-30 10:20:56 +110054920030130
550 - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au
551
Damien Millercd6853c2003-01-28 11:33:42 +1100552200301028
553 - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au
554 and openssh-unix-dev@thewrittenword.com
555
Ben Lindstrom6dc562a2003-01-27 21:15:10 +0000556200301027
557 - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for
558 cray. Also removed test for tcgetpgrp in configure.ac since it
559 is no longer used.
560
Damien Miller5a93add2003-01-24 11:34:52 +110056120030124
562 - (djm) OpenBSD CVS Sync
563 - jmc@cvs.openbsd.org 2003/01/23 08:58:47
564 [sshd_config.5]
565 typos; ok millert@
Damien Miller6c711792003-01-24 11:36:23 +1100566 - markus@cvs.openbsd.org 2003/01/23 13:50:27
567 [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
568 ssh-add -c, prompt user for confirmation (using ssh-askpass) when
569 private agent key is used; with djm@; test by dugsong@, djm@;
570 ok deraadt@
Damien Millerff74d742003-01-24 11:36:58 +1100571 - markus@cvs.openbsd.org 2003/01/23 14:01:53
572 [scp.c]
573 bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
Damien Miller8e121472003-01-24 11:37:38 +1100574 - markus@cvs.openbsd.org 2003/01/23 14:06:15
575 [scp.1 scp.c]
576 scp -12; Sam Smith and others; ok provos@, deraadt@
Damien Miller3bc0c062003-01-24 11:50:32 +1100577 - (djm) Add TIMEVAL_TO_TIMESPEC macros
Damien Miller5a93add2003-01-24 11:34:52 +1100578
Damien Miller21de87b2003-01-23 17:41:20 +110057920030123
580 - (djm) OpenBSD CVS Sync
581 - djm@cvs.openbsd.org 2003/01/23 00:03:00
582 [auth1.c]
583 Don't log TIS auth response; "get rid of it" - markus@
584
Damien Miller53d81482003-01-22 11:47:19 +110058520030122
586 - (djm) OpenBSD CVS Sync
587 - marc@cvs.openbsd.org 2003/01/21 18:14:36
588 [ssh-agent.1 ssh-agent.c]
589 Add a -t life option to ssh-agent that set the default lifetime.
590 The default can still be overriden by using -t in ssh-add.
591 OK markus@
Damien Miller2101bfc2003-01-22 15:42:26 +1100592 - (djm) Reorganise PAM & SIA password handling to eliminate some common code
Damien Miller8b9cde72003-01-22 17:53:16 +1100593 - (djm) Sync regress with OpenBSD -current
Damien Miller53d81482003-01-22 11:47:19 +1100594
Damien Miller140344b2003-01-20 13:15:10 +110059520030120
596 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au
Tim Rice4ea542b2003-01-19 20:15:13 -0800597 - (tim) [progressmeter.c] make compilers without long long happy.
Tim Rice89fe3f32003-01-19 20:20:24 -0800598 - (tim) [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when
599 using cc. (gcc already did)
Damien Miller140344b2003-01-20 13:15:10 +1100600
Damien Millere443e932003-01-18 16:24:06 +110060120030118
602 - (djm) Revert fix for Bug #442 for now.
603
Damien Miller9715bb12003-01-17 10:31:38 +110060420030117
605 - (djm) Bug #470: Detect strnvis, not strvis in configure.
606 From d_wllms@lanl.gov
607
Damien Millercb3e3c82003-01-16 15:39:13 +110060820030116
609 - (djm) OpenBSD CVS Sync
610 - djm@cvs.openbsd.org 2003/01/16 03:41:55
611 [sftp-int.c]
612 explicitly use first glob result
613
Damien Miller01413192003-01-14 22:22:11 +110061420030114
615 - (djm) OpenBSD CVS Sync
616 - fgsch@cvs.openbsd.org 2003/01/10 23:23:24
617 [sftp-int.c]
618 typo; from Nils Nordman <nino at nforced dot com>.
Damien Miller0946d872003-01-14 22:22:43 +1100619 - markus@cvs.openbsd.org 2003/01/11 18:29:43
620 [log.c]
621 set fatal_cleanups to NULL in fatal_remove_all_cleanups();
622 dtucker@zip.com.au
Damien Miller71a51412003-01-14 22:23:23 +1100623 - markus@cvs.openbsd.org 2003/01/12 16:57:02
624 [progressmeter.c]
625 allow WARNINGS=yes; ok djm@
Damien Millerdc708572003-01-14 22:24:05 +1100626 - djm@cvs.openbsd.org 2003/01/13 11:04:04
627 [sftp-int.c]
628 make cmds[] array static to avoid conflict with BSDI libc.
Damien Miller7a992382003-01-14 22:24:19 +1100629 mindrot bug #466. Fix from mdev@idg.nl; ok markus@
Damien Miller5fa01fd2003-01-14 22:24:47 +1100630 - djm@cvs.openbsd.org 2003/01/14 10:58:00
631 [sftp-client.c sftp-int.c]
632 Don't try to upload or download non-regular files. Report from
633 apoloval@pantuflo.escet.urjc.es; ok markus@
Damien Miller01413192003-01-14 22:22:11 +1100634
63520030113
Damien Millerec201962003-01-13 10:04:58 +1100636 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type
637 detection to configure.ac. Prompted by stevesk@
Damien Miller7d901272003-01-13 16:55:22 +1100638 - (djm) Bug #467: Add a --disable-strip option to turn off stripping of
639 installed binaries. From mdev@idg.nl
Damien Millerec201962003-01-13 10:04:58 +1100640
Damien Millera8ed44b2003-01-10 09:53:12 +110064120030110
642 - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
643 systems may be added later.
Damien Miller956f3fb2003-01-10 21:40:00 +1100644 - (djm) OpenBSD CVS Sync
645 - djm@cvs.openbsd.org 2003/01/08 23:53:26
646 [sftp.1 sftp.c sftp-int.c sftp-int.h]
647 Cleanup error handling for batchmode
648 Allow blank lines and comments in input
649 Ability to suppress abort on error in batchmode ("-put blah")
650 Fixes mindrot bug #452; markus@ ok
Damien Miller62d57f62003-01-10 21:43:24 +1100651 - fgsch@cvs.openbsd.org 2003/01/10 08:19:07
Damien Miller6fd00e02003-01-10 21:46:02 +1100652 [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c]
653 [progressmeter.h]
Damien Miller62d57f62003-01-10 21:43:24 +1100654 sftp progress meter support.
655 original diffs by Nils Nordman <nino at nforced dot com> via
656 markus@, merged to -current by me, djm@ ok.
Damien Millera7f3aaa2003-01-10 21:43:58 +1100657 - djm@cvs.openbsd.org 2003/01/10 08:48:15
658 [sftp-client.c]
659 Simplify and avoid redundancy in packet send and receive
660 functions; ok fgs@
Damien Miller86b781c2003-01-10 21:44:48 +1100661 - djm@cvs.openbsd.org 2003/01/10 10:29:35
662 [scp.c]
663 Don't ftruncate after write error, creating sparse files of
664 incorrect length
665 mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
Damien Millerb46b9f32003-01-10 21:45:12 +1100666 - djm@cvs.openbsd.org 2003/01/10 10:32:54
667 [channels.c]
668 hush socket() errors, except last. Fixes mindrot bug #408; ok markus@
Damien Millera8ed44b2003-01-10 09:53:12 +1100669
Damien Miller13dd03a2003-01-08 11:16:48 +110067020030108
671 - (djm) Sync openbsd-compat/ with OpenBSD -current
Damien Millere77c17e2003-01-08 12:37:03 +1100672 - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@
Damien Miller275295e2003-01-08 14:04:09 +1100673 - (djm) OpenBSD CVS Sync
674 - markus@cvs.openbsd.org 2003/01/01 18:08:52
675 [channels.c]
676 move big output buffer messages to debug2
Damien Miller770b3742003-01-08 14:04:53 +1100677 - djm@cvs.openbsd.org 2003/01/06 23:51:22
678 [sftp-client.c]
679 Fix "get -p" download to not add user-write perm. mindrot bug #426
680 reported by gfernandez@livevault.com; ok markus@
Damien Miller63421802003-01-08 14:05:23 +1100681 - fgsch@cvs.openbsd.org 2003/01/07 23:42:54
682 [sftp.1]
683 add version; from Nils Nordman <nino at nforced dot com> via markus@.
684 markus@ ok
Damien Miller2047b3b2003-01-08 23:28:40 +1100685 - (djm) Update README to reflect AIX's status as a well supported platform.
686 From dtucker@zip.com.au
Tim Riced0d7a8b2003-01-08 17:22:59 -0800687 - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch
Tim Rice13b2e552003-01-08 20:09:30 -0800688 by Mo DeJong.
Tim Rice458c6bf2003-01-08 20:04:27 -0800689 - (tim) [auth.c] declare today at top of allowed_user() to keep
690 older compilers happy.
Tim Rice13b2e552003-01-08 20:09:30 -0800691 - (tim) [scp.c] make compilers without long long happy.
Damien Miller13dd03a2003-01-08 11:16:48 +1100692
Damien Miller5e4471e2003-01-07 10:51:23 +110069320030107
694 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
695 Based on fix from yoshfuji@linux-ipv6.org
Damien Miller48cb8aa2003-01-07 12:19:32 +1100696 - (djm) Bug #442: Check for and deny access to accounts with locked
697 passwords. Patch from dtucker@zip.com.au
Damien Millerc1365e12003-03-13 09:42:51 +1100698 - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes
Damien Millere8328192003-01-07 15:18:32 +1100699 Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch
Damien Miller64004b52003-01-07 16:15:20 +1100700 - (djm) Fix Bug #442 for PAM case
Damien Miller7df881d2003-01-07 16:46:58 +1100701 - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based
702 on one by peak@argo.troja.mff.cuni.cz
Damien Millerb93addb2003-01-07 17:04:18 +1100703 - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate
704 nasties. Report from peak@argo.troja.mff.cuni.cz
Damien Millerf25c18d2003-01-07 17:38:58 +1100705 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
706 Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
Damien Miller06817f92003-01-07 23:55:59 +1100707 - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
708 dtucker@zip.com.au. Reorder for clarity too.
Damien Miller5e4471e2003-01-07 10:51:23 +1100709
Damien Miller8aff5cb2003-01-03 14:34:06 +110071020030103
711 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
712 cjwatson@debian.org
Damien Miller02e16ad2003-01-03 14:42:27 +1100713 - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from
714 cjwatson@debian.org
Damien Millerdfedbf82003-01-03 14:52:53 +1100715 - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
716 mii@ornl.gov
717
Kevin Steves678ee512003-01-01 23:43:55 +000071820030101
719 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
720 parts of pass addrlen with sockaddr * fix.
721 from Hajimu UMEMOTO <ume@FreeBSD.org>
722
Ben Lindstrom44adb8f2002-12-23 02:00:23 +000072320021222
724 - (bal) OpenBSD CVS Sync
725 - fgsch@cvs.openbsd.org 2002/11/15 10:03:09
726 [authfile.c]
727 lseek(2) may return -1 when getting the public/private key lenght.
728 Simplify the code and check for errors using fstat(2).
729
730 Problem reported by Mauricio Sanchez, markus@ ok.
Ben Lindstromf49dbff2002-12-23 02:01:55 +0000731 - markus@cvs.openbsd.org 2002/11/18 16:43:44
732 [clientloop.c]
733 don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
734 e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
Ben Lindstrom1f530832002-12-23 02:03:02 +0000735 - markus@cvs.openbsd.org 2002/11/21 22:22:50
736 [dh.c]
737 debug->debug2
Ben Lindstrom064496f2002-12-23 02:04:22 +0000738 - markus@cvs.openbsd.org 2002/11/21 22:45:31
739 [cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
740 debug->debug2, unify debug messages
Ben Lindstrom93576d92002-12-23 02:06:19 +0000741 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
742 [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
743 sshconnect.c]
744 KNF
Ben Lindstrom40b95032002-12-23 02:53:08 +0000745 - markus@cvs.openbsd.org 2002/11/21 23:04:33
Ben Lindstrom604dc722002-12-23 02:08:57 +0000746 [ssh.c]
747 debug->debug2
Ben Lindstrom40b95032002-12-23 02:53:08 +0000748 - stevesk@cvs.openbsd.org 2002/11/24 21:46:24
Ben Lindstrom2594d9a2002-12-23 02:09:59 +0000749 [ssh-keysign.8]
750 typo: "the the"
Ben Lindstrome7ee7fe2002-12-23 02:11:02 +0000751 - wcobb@cvs.openbsd.org 2002/11/26 00:45:03
752 [scp.c ssh-keygen.c]
753 Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
754 ok markus@
Ben Lindstrom40b95032002-12-23 02:53:08 +0000755 - stevesk@cvs.openbsd.org 2002/11/26 02:35:30
Ben Lindstrom9394d2f2002-12-23 02:11:54 +0000756 [ssh-keygen.1]
757 remove outdated statement; ok markus@ deraadt@
Ben Lindstromacaac972002-12-23 02:13:37 +0000758 - stevesk@cvs.openbsd.org 2002/11/26 02:38:54
759 [canohost.c]
760 KNF, comment and error message repair; ok markus@
Ben Lindstromc276c122002-12-23 02:14:51 +0000761 - markus@cvs.openbsd.org 2002/11/27 17:53:35
762 [scp.c sftp.c ssh.c]
763 allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
764 http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
Ben Lindstrom611797e2002-12-23 02:15:57 +0000765 - stevesk@cvs.openbsd.org 2002/12/04 04:36:47
766 [session.c]
767 remove xauth entries before add; PR 2994 from janjaap@stack.nl.
768 ok markus@
Ben Lindstrom418e0782002-12-23 02:22:09 +0000769 - markus@cvs.openbsd.org 2002/12/05 11:08:35
770 [scp.c]
771 use roundup() similar to rcp/util.c and avoid problems with strange
772 filesystem block sizes, noted by tjr@freebsd.org; ok djm@
Ben Lindstrom40b95032002-12-23 02:53:08 +0000773 - djm@cvs.openbsd.org 2002/12/06 05:20:02
Ben Lindstromd5767812002-12-23 02:23:37 +0000774 [sftp.1]
775 Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@
Ben Lindstromb9fa6912002-12-23 02:24:54 +0000776 - millert@cvs.openbsd.org 2002/12/09 16:50:30
777 [ssh.c]
778 Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
779 markus@ OK
Ben Lindstrom46767602002-12-23 02:26:08 +0000780 - markus@cvs.openbsd.org 2002/12/10 08:56:00
781 [session.c]
782 Make sure $SHELL points to the shell from the password file, even if shell
783 is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
Ben Lindstroma7433982002-12-23 02:41:41 +0000784 - markus@cvs.openbsd.org 2002/12/10 19:26:50
785 [packet.c]
786 move tos handling to packet_set_tos; ok provos/henning/deraadt
Ben Lindstromfaa1ea82002-12-23 02:42:52 +0000787 - markus@cvs.openbsd.org 2002/12/10 19:47:14
788 [packet.c]
789 static
Ben Lindstrom1d568f92002-12-23 02:44:36 +0000790 - markus@cvs.openbsd.org 2002/12/13 10:03:15
791 [channels.c misc.c sshconnect2.c]
792 cleanup debug messages, more useful information for the client user.
Ben Lindstrom40b95032002-12-23 02:53:08 +0000793 - markus@cvs.openbsd.org 2002/12/13 15:20:52
794 [scp.c]
795 1) include stalling time in total time
796 2) truncate filenames to 45 instead of 20 characters
797 3) print rate instead of progress bar, no more stars
798 4) scale output to tty width
799 based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
Ben Lindstrom1b96cfb2002-12-23 02:58:17 +0000800 - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
801 we already did s/msg_send/ssh_msg_send/
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000802
Damien Millerab1c12a2002-12-05 20:59:33 +110080320021205
804 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
805
Tim Rice1c9e6882002-11-22 13:29:01 -080080620021122
807 - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by
808 advax@triumf.ca. This type of solution tested by <herb@sgi.com>
809
Tim Ricebe239642002-11-13 15:55:55 -080081020021113
811 - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl
812
Tim Rice748fcf92002-11-13 15:50:04 -080081320021111
814 - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is
815 not world writable.
816
Ben Lindstrom08513812002-11-09 15:40:34 +000081720021109
818 - (bal) OpenBSD CVS Sync
819 - itojun@cvs.openbsd.org 2002/10/16 14:31:48
820 [sftp-common.c]
821 64bit pedant. %llu is "unsigned long long". markus ok
Ben Lindstrom0cc2a472002-11-09 15:41:39 +0000822 - markus@cvs.openbsd.org 2002/10/23 10:32:13
823 [packet.c]
824 use %u for u_int
Ben Lindstromee844912002-11-09 15:43:23 +0000825 - markus@cvs.openbsd.org 2002/10/23 10:40:16
826 [bufaux.c]
827 %u for u_int
Ben Lindstrom485075e2002-11-09 15:45:12 +0000828 - markus@cvs.openbsd.org 2002/11/04 10:07:53
829 [auth.c]
830 don't compare against pw_home if realpath fails for pw_home (seen
831 on AFS); ok djm@
Ben Lindstrom9bda7ae2002-11-09 15:46:24 +0000832 - markus@cvs.openbsd.org 2002/11/04 10:09:51
833 [packet.c]
834 log before send disconnect; ok djm@
Ben Lindstrom41ee2b02002-11-09 15:47:47 +0000835 - markus@cvs.openbsd.org 2002/11/05 19:45:20
836 [monitor.c]
837 handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
Ben Lindstrom8e879cf2002-11-09 15:48:49 +0000838 - markus@cvs.openbsd.org 2002/11/05 20:10:37
839 [sftp-client.c]
840 typo; GaryF@livevault.com
Ben Lindstromc2faa4a2002-11-09 15:50:03 +0000841 - markus@cvs.openbsd.org 2002/11/07 16:28:47
842 [sshd.c]
843 log to stderr if -ie is given, bug #414, prj@po.cwru.edu
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000844 - markus@cvs.openbsd.org 2002/11/07 22:08:07
845 [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
846 we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
847 because HostbasedAuthentication might be enabled based on the
848 target host and ssh-keysign(8) does not know the remote hostname
849 and not trust ssh(1) about the hostname, so we add a new option
850 EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
Ben Lindstrom007eb912002-11-09 15:54:08 +0000851 - markus@cvs.openbsd.org 2002/11/07 22:35:38
852 [scp.c]
853 check exit status from ssh, and exit(1) if ssh fails; bug#369;
854 binder@arago.de
Ben Lindstrom224313c2002-11-09 15:59:27 +0000855 - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
856 ntsec now default if cygwin version beginning w/ version 56. Patch
857 by Corinna Vinschen <vinschen@redhat.com>
Ben Lindstromf5397c02002-11-09 16:11:10 +0000858 - (bal) AIX does not log login attempts for unknown users (bug #432).
859 patch by dtucker@zip.com.au
Ben Lindstrom08513812002-11-09 15:40:34 +0000860
Damien Miller5a5da882002-10-21 10:13:35 +100086120021021
Damien Miller885929c2002-10-21 20:26:16 +1000862 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
863 dtucker@zip.com.au
Damien Miller7b3f58c2002-10-21 10:50:25 +1000864 - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from
865 dirk.meyer@dinoex.sub.org
Damien Miller5a5da882002-10-21 10:13:35 +1000866
Tim Rice94f628f2002-10-15 13:16:55 -070086720021015
Ben Lindstrom97e38d82002-10-16 00:13:52 +0000868 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
Ben Lindstrom3e006472002-10-16 00:24:03 +0000869 - (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
Ben Lindstrom97e38d82002-10-16 00:13:52 +0000870
87120021015
Tim Rice94f628f2002-10-15 13:16:55 -0700872 - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
873
Ben Lindstromdc3c7572002-10-04 23:54:54 +000087420021004
875 - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
876 SIA.
877
Damien Milleraf9de382002-10-03 11:54:35 +100087820021003
879 - (djm) OpenBSD CVS Sync
880 - markus@cvs.openbsd.org 2002/10/01 20:34:12
881 [ssh-agent.c]
882 allow root to access the agent, since there is no protection from root.
Damien Miller7156fc72002-10-03 11:55:37 +1000883 - markus@cvs.openbsd.org 2002/10/01 13:24:50
884 [version.h]
885 OpenSSH 3.5
Damien Miller510d5132002-10-03 11:56:58 +1000886 - (djm) Bump RPM spec version numbers
Damien Miller901119b2002-10-04 11:10:04 +1000887 - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2
Damien Milleraf9de382002-10-03 11:54:35 +1000888
Damien Miller50f61232002-09-30 10:40:39 +100088920020930
Damien Millere9264972002-09-30 11:59:21 +1000890 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
891 tweak README
892 - (djm) OpenBSD CVS Sync
893 - mickey@cvs.openbsd.org 2002/09/27 10:42:09
894 [compat.c compat.h sshd.c]
895 add a generic match for a prober, such as sie big brother;
896 idea from stevesk@; markus@ ok
Damien Millerd8769622002-09-30 12:00:55 +1000897 - stevesk@cvs.openbsd.org 2002/09/27 15:46:21
898 [ssh.1]
899 clarify compression level protocol 1 only; ok markus@ deraadt@
Damien Miller50f61232002-09-30 10:40:39 +1000900
Damien Millerd681d262002-09-27 13:21:57 +100090120020927
902 - (djm) OpenBSD CVS Sync
903 - markus@cvs.openbsd.org 2002/09/25 11:17:16
904 [sshd_config]
905 sync LoginGraceTime with default
Damien Millerd27a76d2002-09-27 13:22:31 +1000906 - markus@cvs.openbsd.org 2002/09/25 15:19:02
907 [sshd.c]
908 typo; pilot@monkey.org
Damien Millerd94e5492002-09-27 13:25:58 +1000909 - markus@cvs.openbsd.org 2002/09/26 11:38:43
910 [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
911 [monitor_wrap.h]
912 krb4 + privsep; ok dugsong@, deraadt@
Damien Millerd681d262002-09-27 13:21:57 +1000913
Ben Lindstrom164725f2002-09-25 23:14:14 +000091420020925
915 - (bal) Fix issue where successfull login does not clear failure counts
916 in AIX. Patch by dtucker@zip.com.au ok by djm
Tim Rice81ed5182002-09-25 17:38:46 -0700917 - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
918 This does not include the deattack.c fixes.
Ben Lindstrom164725f2002-09-25 23:14:14 +0000919
Tim Rice2c961ce2002-09-23 16:54:10 -070092020020923
Damien Millerb2f844d2002-09-25 12:19:08 +1000921 - (djm) OpenBSD CVS Sync
922 - stevesk@cvs.openbsd.org 2002/09/23 20:46:27
923 [canohost.c]
924 change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
925 non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
Damien Miller7db40c92002-09-25 12:19:39 +1000926 - markus@cvs.openbsd.org 2002/09/23 22:11:05
927 [monitor.c]
928 only call auth_krb5 if kerberos is enabled; ok deraadt@
Damien Milleref73f502002-09-25 12:20:17 +1000929 - markus@cvs.openbsd.org 2002/09/24 08:46:04
930 [monitor.c]
931 only call kerberos code for authctxt->valid
Damien Millerdcbb6c22002-09-25 12:20:52 +1000932 - todd@cvs.openbsd.org 2002/09/24 20:59:44
933 [sshd.8]
934 tweak the example $HOME/.ssh/rc script to not show on any cmdline the
935 sensitive data it handles. This fixes bug # 402 as reported by
936 kolya@mit.edu (Nickolai Zeldovich).
937 ok markus@ and stevesk@
Damien Millerb2f844d2002-09-25 12:19:08 +1000938
93920020923
Tim Rice2c961ce2002-09-23 16:54:10 -0700940 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
941
Damien Millera0e45592002-09-22 01:25:35 +100094220020922
943 - (djm) OpenBSD CVS Sync
944 - stevesk@cvs.openbsd.org 2002/09/19 14:53:14
945 [compat.c]
Damien Miller2138d152002-09-22 01:26:00 +1000946 - markus@cvs.openbsd.org 2002/09/19 15:51:23
947 [ssh-add.c]
948 typo; cd@kalkatraz.de
Damien Miller16aed052002-09-22 01:26:27 +1000949 - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
950 [serverloop.c]
951 log IP address also; ok markus@
Damien Miller6f0a1882002-09-22 01:26:51 +1000952 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
953 [auth.c]
954 log illegal user here for missing privsep case (ssh2).
955 this is executed in the monitor. ok markus@
Damien Millera0e45592002-09-22 01:25:35 +1000956
Damien Millerdb30b122002-09-19 11:46:58 +100095720020919
958 - (djm) OpenBSD CVS Sync
959 - stevesk@cvs.openbsd.org 2002/09/12 19:11:52
960 [ssh-agent.c]
961 %u for uid print; ok markus@
Damien Millerf37e2462002-09-19 11:47:55 +1000962 - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
963 [session.c ssh.1]
964 add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@
Damien Millere1383ce2002-09-19 11:49:37 +1000965 - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
966 [channels.c sshconnect.c sshd.c]
967 remove use of SO_LINGER, it should not be needed. error check
968 SO_REUSEADDR. fixup comments. ok markus@
Damien Millera6eb2b72002-09-19 11:50:48 +1000969 - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
970 [session.c]
971 log when _PATH_NOLOGIN exists; ok markus@
Damien Miller101c4a72002-09-19 11:51:21 +1000972 - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
973 [sshd_config.5]
974 more details on X11Forwarding security issues and threats; ok markus@
Damien Miller86247e22002-09-19 11:51:53 +1000975 - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
976 [sshd.8]
977 reference moduli(5) in FILES /etc/moduli.
Damien Miller9b037b82002-09-19 11:54:54 +1000978 - itojun@cvs.openbsd.org 2002/09/17 07:47:02
979 [channels.c]
980 don't quit while creating X11 listening socket.
981 http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
982 got from portable. markus ok
Damien Miller8c4e18a2002-09-19 12:05:02 +1000983 - djm@cvs.openbsd.org 2002/09/19 01:58:18
984 [ssh.c sshconnect.c]
985 bugzilla.mindrot.org #223 - ProxyCommands don't exit.
986 Patch from dtucker@zip.com.au; ok markus@
Damien Millerdb30b122002-09-19 11:46:58 +1000987
Damien Miller4d53d392002-09-12 09:43:56 +100098820020912
Damien Miller10f30852002-09-12 14:49:00 +1000989 - (djm) Made GNOME askpass programs return non-zero if cancel button is
990 pressed.
Damien Miller771721f2002-09-12 10:32:59 +1000991 - (djm) Added getpeereid() replacement. Properly implemented for systems
992 with SO_PEERCRED support. Faked for systems which lack it.
Damien Miller9b481512002-09-12 10:43:29 +1000993 - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
994 fake-queue.h to sys-tree.h and sys-queue.h
Damien Miller4d53d392002-09-12 09:43:56 +1000995 - (djm) OpenBSD CVS Sync
996 - markus@cvs.openbsd.org 2002/09/08 20:24:08
997 [hostfile.h]
998 no comma at end of enumerator list
Damien Miller25162f22002-09-12 09:47:29 +1000999 - itojun@cvs.openbsd.org 2002/09/09 06:48:06
1000 [auth1.c auth.h auth-krb5.c monitor.c monitor.h]
1001 [monitor_wrap.c monitor_wrap.h]
1002 kerberos support for privsep. confirmed to work by lha@stacken.kth.se
1003 patch from markus
Damien Millera10f5612002-09-12 09:49:15 +10001004 - markus@cvs.openbsd.org 2002/09/09 14:54:15
1005 [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
1006 signed vs unsigned from -pedantic; ok henning@
Damien Miller538f1812002-09-12 09:51:10 +10001007 - markus@cvs.openbsd.org 2002/09/10 20:24:47
1008 [ssh-agent.c]
1009 check the euid of the connecting process with getpeereid(2);
1010 ok provos deraadt stevesk
Damien Millerb5fdfaa2002-09-12 09:52:03 +10001011 - stevesk@cvs.openbsd.org 2002/09/11 17:55:03
1012 [ssh.1]
1013 add agent and X11 forwarding warning text from ssh_config.5; ok markus@
Damien Miller789e95d2002-09-12 09:52:46 +10001014 - stevesk@cvs.openbsd.org 2002/09/11 18:27:26
1015 [authfd.c authfd.h ssh.c]
1016 don't connect to agent to test for presence if we've previously
1017 connected; ok markus@
Damien Millere1a49812002-09-12 09:54:25 +10001018 - djm@cvs.openbsd.org 2002/09/11 22:41:50
1019 [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
1020 [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
1021 support for short/long listings and globbing in "ls"; ok markus@
Damien Miller622accf2002-09-12 10:34:13 +10001022 - djm@cvs.openbsd.org 2002/09/12 00:13:06
1023 [sftp-int.c]
1024 zap unused var introduced in last commit
Damien Miller4d53d392002-09-12 09:43:56 +10001025
Damien Miller71eb0c12002-09-11 10:29:11 +1000102620020911
1027 - (djm) Sync openbsd-compat with OpenBSD -current
1028
Damien Millere9994cb2002-09-10 21:43:53 +1000102920020910
1030 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
1031 Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
Damien Millerc34e03e2002-09-10 22:26:17 +10001032 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL.
1033 Patch from Robert Halubek <rob@adso.com.pl>
Damien Millere9994cb2002-09-10 21:43:53 +10001034
Damien Millerc1348632002-09-05 14:35:14 +1000103520020905
1036 - (djm) OpenBSD CVS Sync
1037 - stevesk@cvs.openbsd.org 2002/09/04 18:52:42
1038 [servconf.c sshd.8 sshd_config.5]
1039 default LoginGraceTime to 2m; 1m may be too short for slow systems.
1040 ok markus@
Damien Miller53998382002-09-05 16:32:02 +10001041 - (djm) Merge openssh-TODO.patch from Redhat (null) beta
Damien Miller44d5b602002-09-05 16:46:24 +10001042 - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
1043 Nalin Dahyabhai <nalin@redhat.com>
Damien Miller005d4562002-09-05 16:53:20 +10001044 - (djm) Add support for building gtk2 password requestor from Redhat beta
Damien Millerc1348632002-09-05 14:35:14 +10001045
Damien Miller6cffb9a2002-09-04 16:20:26 +1000104620020903
Damien Millerfc93d4b2002-09-04 23:26:29 +10001047 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
Damien Miller6b097922002-09-04 17:19:04 +10001048 - (djm) Fix Redhat RPM build dependancy test
Damien Miller6cffb9a2002-09-04 16:20:26 +10001049 - (djm) OpenBSD CVS Sync
1050 - markus@cvs.openbsd.org 2002/08/12 10:46:35
1051 [ssh-agent.c]
1052 make ssh-agent setgid, disallow ptrace.
Damien Millerb83df8d2002-09-04 16:24:55 +10001053 - espie@cvs.openbsd.org 2002/08/21 11:20:59
1054 [sshd.8]
1055 `RSA' updated to refer to `public key', where it matters.
1056 okay markus@
Damien Millerf771ab72002-09-04 16:25:52 +10001057 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
1058 [servconf.c sshd.8 sshd_config sshd_config.5]
1059 change LoginGraceTime default to 1 minute; ok mouring@ markus@
Damien Miller4efdfff2002-09-04 16:28:18 +10001060 - stevesk@cvs.openbsd.org 2002/08/21 20:10:28
1061 [ssh-agent.c]
1062 raise listen backlog; ok markus@
Damien Miller58f34862002-09-04 16:31:21 +10001063 - stevesk@cvs.openbsd.org 2002/08/22 19:27:53
1064 [ssh-agent.c]
1065 use common close function; ok markus@
Damien Miller06692862002-09-04 16:32:10 +10001066 - stevesk@cvs.openbsd.org 2002/08/22 19:38:42
1067 [clientloop.c]
1068 format with current EscapeChar; bugzilla #388 from wknox@mitre.org.
1069 ok markus@
Damien Miller061d5b12002-09-04 16:33:31 +10001070 - stevesk@cvs.openbsd.org 2002/08/22 20:57:19
1071 [ssh-agent.c]
1072 shutdown(SHUT_RDWR) not needed before close here; ok markus@
Damien Millerde6f2de2002-09-04 16:37:26 +10001073 - markus@cvs.openbsd.org 2002/08/22 21:33:58
1074 [auth1.c auth2.c]
1075 auth_root_allowed() is handled by the monitor in the privsep case,
1076 so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
Damien Miller5a80bba2002-09-04 16:39:02 +10001077 - markus@cvs.openbsd.org 2002/08/22 21:45:41
1078 [session.c]
1079 send signal name (not signal number) in "exit-signal" message; noticed
1080 by galb@vandyke.com
Damien Millerf7c23912002-09-04 16:39:48 +10001081 - stevesk@cvs.openbsd.org 2002/08/27 17:13:56
1082 [ssh-rsa.c]
1083 RSA_public_decrypt() returns -1 on error so len must be signed;
1084 ok markus@
Damien Milleraf653042002-09-04 16:40:37 +10001085 - stevesk@cvs.openbsd.org 2002/08/27 17:18:40
1086 [ssh_config.5]
1087 some warning text for ForwardAgent and ForwardX11; ok markus@
Damien Millerebc23062002-09-04 16:45:09 +10001088 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
1089 [monitor.c session.c sshlogin.c sshlogin.h]
1090 pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
1091 NOTE: there are also p-specific parts to this patch. ok markus@
Damien Miller147bba32002-09-04 16:46:06 +10001092 - stevesk@cvs.openbsd.org 2002/08/29 16:02:54
1093 [ssh.1 ssh.c]
1094 deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
Damien Miller9b1dacd2002-09-04 16:47:35 +10001095 - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
1096 [ssh_config.5]
1097 more on UsePrivilegedPort and setuid root; ok markus@
Damien Miller50b9a602002-09-04 16:50:06 +10001098 - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
1099 [ssh.c]
1100 shrink initial privilege bracket for setuid case; ok markus@
Damien Miller05913ba2002-09-04 16:51:03 +10001101 - stevesk@cvs.openbsd.org 2002/08/29 22:54:10
1102 [ssh_config.5 sshd_config.5]
1103 state XAuthLocation is a full pathname
Damien Miller6cffb9a2002-09-04 16:20:26 +10001104
Ben Lindstrom0a4f7542002-08-20 18:36:25 +0000110520020820
1106 - OpenBSD CVS Sync
1107 - millert@cvs.openbsd.org 2002/08/02 14:43:15
1108 [monitor.c monitor_mm.c]
1109 Change mm_zalloc() sanity checks to be more in line with what
1110 we do in calloc() and add a check to monitor_mm.c.
1111 OK provos@ and markus@
Ben Lindstromdc7adf22002-08-20 18:38:02 +00001112 - marc@cvs.openbsd.org 2002/08/02 16:00:07
1113 [ssh.1 sshd.8]
1114 note that .ssh/environment is only read when
1115 allowed (PermitUserEnvironment in sshd_config).
1116 OK markus@
Ben Lindstrom0e50d842002-08-20 18:39:14 +00001117 - markus@cvs.openbsd.org 2002/08/02 21:23:41
1118 [ssh-rsa.c]
1119 diff is u_int (2x); ok deraadt/provos
Ben Lindstrom0deb5d92002-08-20 18:40:03 +00001120 - markus@cvs.openbsd.org 2002/08/02 22:20:30
1121 [ssh-rsa.c]
1122 replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
1123 for authentication; ok deraadt/djm
Ben Lindstrome143f612002-08-20 18:41:15 +00001124 - aaron@cvs.openbsd.org 2002/08/08 13:50:23
1125 [sshconnect1.c]
1126 Use & to test if bits are set, not &&; markus@ ok.
Ben Lindstromd4ee3492002-08-20 18:42:13 +00001127 - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
1128 [auth.c]
1129 typo in comment
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +00001130 - stevesk@cvs.openbsd.org 2002/08/09 17:21:42
1131 [sshd_config.5]
1132 use Op for mdoc conformance; from esr@golux.thyrsus.com
1133 ok aaron@
Ben Lindstrom15b61202002-08-20 18:44:24 +00001134 - stevesk@cvs.openbsd.org 2002/08/09 17:41:12
1135 [sshd_config.5]
1136 proxy vs. fake display
Ben Lindstrombd9bf382002-08-20 18:54:20 +00001137 - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
1138 [ssh.1 sshd.8 sshd_config.5]
1139 more PermitUserEnvironment; ok markus@
Ben Lindstrom3541f182002-08-20 19:03:20 +00001140 - stevesk@cvs.openbsd.org 2002/08/17 23:07:14
1141 [ssh.1]
1142 ForwardAgent has defaulted to no for over 2 years; be more clear here.
Ben Lindstrom479b4762002-08-20 19:04:51 +00001143 - stevesk@cvs.openbsd.org 2002/08/17 23:55:01
1144 [ssh_config.5]
1145 ordered list here
Ben Lindstrom39621192002-08-21 02:54:11 +00001146 - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign
1147 it to ULONG_MAX.
Ben Lindstrom0a4f7542002-08-20 18:36:25 +00001148
Tim Riced730b782002-08-13 18:52:10 -0700114920020813
1150 - (tim) [configure.ac] Display OpenSSL header/library version.
1151 Patch by dtucker@zip.com.au
1152
Ben Lindstrom3ed66402002-08-01 01:21:56 +0000115320020731
1154 - (bal) OpenBSD CVS Sync
1155 - markus@cvs.openbsd.org 2002/07/24 16:11:18
1156 [hostfile.c hostfile.h sshconnect.c]
1157 print out all known keys for a host if we get a unknown host key,
1158 see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
1159
1160 the ssharp mitm tool attacks users in a similar way, so i'd like to
1161 pointed out again:
1162 A MITM attack is always possible if the ssh client prints:
1163 The authenticity of host 'bla' can't be established.
1164 (protocol version 2 with pubkey authentication allows you to detect
1165 MITM attacks)
Ben Lindstrom8d631e82002-08-01 01:25:00 +00001166 - mouring@cvs.openbsd.org 2002/07/25 01:16:59
1167 [sftp.c]
1168 FallBackToRsh does not exist anywhere else. Remove it from here.
1169 OK deraadt.
Ben Lindstrom4b99be82002-08-01 01:26:29 +00001170 - markus@cvs.openbsd.org 2002/07/29 18:57:30
1171 [sshconnect.c]
1172 print file:line
Ben Lindstrom5d860f02002-08-01 01:28:38 +00001173 - markus@cvs.openbsd.org 2002/07/30 17:03:55
1174 [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
1175 add PermitUserEnvironment (off by default!); from dot@dotat.at;
1176 ok provos, deraadt
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001177
Ben Lindstrom18d2b5d2002-07-30 19:32:07 +0000117820020730
1179 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
1180
Kevin Steves6a998eb2002-07-28 20:24:07 +0000118120020728
1182 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
Kevin Stevese7dbdf72002-07-28 20:31:18 +00001183 - (stevesk) [CREDITS] solar
Kevin Steves4bdb5472002-07-28 20:42:23 +00001184 - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
1185 char arg.
Kevin Steves6a998eb2002-07-28 20:24:07 +00001186
Damien Miller6d8d7882002-07-25 14:36:24 +1000118720020725
1188 - (djm) Remove some cruft from INSTALL
Damien Millera7609f52002-07-25 14:40:22 +10001189 - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/
Damien Miller6d8d7882002-07-25 14:36:24 +10001190
Ben Lindstrom6f52b3e2002-07-23 21:00:17 +0000119120020723
1192 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
Ben Lindstrom82ec9832002-07-23 21:05:17 +00001193 - (bal) sync ID w/ ssh-agent.c
Ben Lindstrom264ee302002-07-23 21:01:56 +00001194 - (bal) OpenBSD Sync
1195 - markus@cvs.openbsd.org 2002/07/19 15:43:33
1196 [log.c log.h session.c sshd.c]
1197 remove fatal cleanups after fork; based on discussions with and code
1198 from solar.
Ben Lindstromee8d52d2002-07-23 21:03:02 +00001199 - stevesk@cvs.openbsd.org 2002/07/19 17:42:40
1200 [ssh.c]
1201 display a warning from ssh when XAuthLocation does not exist or xauth
1202 returned no authentication data. ok markus@
Ben Lindstrom218a07d2002-07-23 21:06:45 +00001203 - stevesk@cvs.openbsd.org 2002/07/21 18:32:20
1204 [auth-options.c]
1205 unneeded includes
Ben Lindstrom3cc44502002-07-23 21:07:45 +00001206 - stevesk@cvs.openbsd.org 2002/07/21 18:34:43
1207 [auth-options.h]
1208 remove invalid comment
Ben Lindstromb9051ec2002-07-23 21:11:09 +00001209 - markus@cvs.openbsd.org 2002/07/22 11:03:06
1210 [session.c]
1211 fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
Ben Lindstrom7cea16b2002-07-23 21:13:40 +00001212 - stevesk@cvs.openbsd.org 2002/07/22 17:32:56
1213 [monitor.c]
1214 u_int here; ok provos@
Ben Lindstrom41daec72002-07-23 21:15:13 +00001215 - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
1216 [sshd.c]
1217 utmp_len is unsigned; display error consistent with other options.
1218 ok markus@
Ben Lindstrom1fa330c2002-07-23 21:29:49 +00001219 - stevesk@cvs.openbsd.org 2002/07/15 17:15:31
1220 [uidswap.c]
1221 little more debugging; ok markus@
Ben Lindstrom7cea16b2002-07-23 21:13:40 +00001222
Ben Lindstrombeb5f332002-07-22 15:28:53 +0000122320020722
1224 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk
Kevin Steves066e1ab2002-07-22 16:20:29 +00001225 - (stevesk) [xmmap.c] missing prototype for fatal()
Ben Lindstrom232ccf72002-07-22 23:34:25 +00001226 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
1227 with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com.
Ben Lindstrom762104e2002-07-23 00:00:05 +00001228 - (bal) [configure.ac] Missing ;; from cray patch.
Ben Lindstrom446d8862002-07-23 00:03:33 +00001229 - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
1230 into it's own header.
Kevin Steves38b050a2002-07-23 00:44:07 +00001231 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
1232 freed by the caller; add free_pam_environment() and use it.
Kevin Steves6fa740b2002-07-23 00:51:53 +00001233 - (stevesk) [auth-pam.c] typo in comment
Ben Lindstrombeb5f332002-07-22 15:28:53 +00001234
Kevin Steves6cdecd02002-07-21 17:26:54 +0000123520020721
1236 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
1237 openssh-3.4p1-owl-password-changing.diff
Kevin Steves63007d42002-07-21 17:57:01 +00001238 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
1239 PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
Kevin Steves3429a1b2002-07-21 22:49:47 +00001240 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
1241 warning on pam_conv struct conversation function.
Kevin Steves7ba49702002-07-21 23:16:00 +00001242 - (stevesk) [auth-pam.h] license
Kevin Steves21e04eb2002-07-21 23:20:07 +00001243 - (stevesk) [auth-pam.h] unneeded include
Kevin Steves287077e2002-07-21 23:59:39 +00001244 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h
Kevin Steves6cdecd02002-07-21 17:26:54 +00001245
Kevin Steves3a881912002-07-20 19:05:40 +0000124620020720
1247 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().
1248
Tim Ricef1a10012002-07-19 11:57:57 -0700124920020719
1250 - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed.
1251 Patch by dtucker@zip.com.au
Tim Ricef028f1e2002-07-19 12:41:10 -07001252 - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au
Tim Ricef1a10012002-07-19 11:57:57 -07001253
Tim Rice76645842002-07-18 11:34:29 -0700125420020718
1255 - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org
1256 - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
1257 by ayamura@ayamura.org
Tim Rice907881e2002-07-18 11:44:50 -07001258 - (tim) [configure.ac] Bug 267 rework int64_t test.
Tim Riceeae876e2002-07-18 11:49:32 -07001259 - (tim) [includes.h] Bug 267 add stdint.h
Tim Rice76645842002-07-18 11:34:29 -07001260
Ben Lindstrom2faabf32002-07-18 01:04:50 +0000126120020717
1262 - (bal) aixbff package updated by dtucker@zip.com.au
Tim Ricee22be3b2002-07-17 19:20:07 -07001263 - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests
1264 for autoconf 2.53. Based on a patch by jrj@purdue.edu
Ben Lindstrom2faabf32002-07-18 01:04:50 +00001265
Tim Riceffaf4452002-07-16 14:24:38 -0700126620020716
1267 - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found
1268
Ben Lindstrom728aa7e2002-07-15 17:48:11 +0000126920020715
1270 - (bal) OpenBSD CVS Sync
1271 - itojun@cvs.openbsd.org 2002/07/12 13:29:09
1272 [sshconnect.c]
1273 print connect failure during debugging mode.
Ben Lindstromc491b0d2002-07-15 17:52:49 +00001274 - markus@cvs.openbsd.org 2002/07/12 15:50:17
1275 [cipher.c]
1276 EVP_CIPH_CUSTOM_IV for our own rijndael
Ben Lindstrom938b8282002-07-15 17:58:34 +00001277 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
1278 dtucker@zip.com.au plus a a more KNF since I am near it.
Ben Lindstrom104c3fe2002-07-15 18:49:20 +00001279 - (bal) Privsep user creation support in Solaris buildpkg.sh by
1280 dtucker@zip.com.au
Ben Lindstrom728aa7e2002-07-15 17:48:11 +00001281
Tim Rice95210192002-07-14 10:02:20 -0700128220020714
1283 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
Tim Rice40017b02002-07-14 13:36:49 -07001284 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
1285 openbsd-compat/Makefile.in] support compression on platforms that
1286 have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
1287 Based on patch from nalin@redhat.com of code extracted from Owl's package
Tim Ricea0911592002-07-14 14:43:57 -07001288 - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
1289 report by chris@by-design.net
Tim Ricecdb82942002-07-14 15:33:20 -07001290 - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net
Tim Rice370e0ba2002-07-14 15:50:51 -07001291 - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
1292 report by rodney@bond.net
Tim Rice95210192002-07-14 10:02:20 -07001293
Tim Rice1363b3c2002-07-12 09:04:06 -0700129420020712
1295 - (tim) [Makefile.in] quiet down install-files: and check-user:
Tim Rice4796a292002-07-12 18:11:24 -07001296 - (tim) [configure.ac] remove unused filepriv line
Tim Rice1363b3c2002-07-12 09:04:06 -07001297
Tim Rice68273952002-07-10 07:40:11 -0700129820020710
1299 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
1300 on /var/empty to 755 Patch by vinschen@redhat.com
Ben Lindstromefee0592002-07-11 03:54:43 +00001301 - (bal) OpenBSD CVS Sync
1302 - itojun@cvs.openbsd.org 2002/07/09 11:56:50
1303 [sshconnect.c]
1304 silently try next address on connect(2). markus ok
Ben Lindstrome9827732002-07-11 03:56:46 +00001305 - itojun@cvs.openbsd.org 2002/07/09 11:56:27
1306 [canohost.c]
1307 suppress log on reverse lookup failiure, as there's no real value in
1308 doing so.
1309 markus ok
Ben Lindstromba8df7d2002-07-11 03:58:11 +00001310 - itojun@cvs.openbsd.org 2002/07/09 12:04:02
1311 [sshconnect.c]
1312 ed static function (less warnings)
Ben Lindstrom9c445542002-07-11 03:59:18 +00001313 - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
1314 [sshd_config.5]
1315 clarify no preference ordering in protocol list; ok markus@
Ben Lindstroma6cd75c2002-07-11 04:00:19 +00001316 - itojun@cvs.openbsd.org 2002/07/10 10:28:15
1317 [sshconnect.c]
1318 bark if all connection attempt fails.
Ben Lindstrom6f893882002-07-11 04:01:29 +00001319 - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
1320 [rijndael.c]
1321 use right sizeof in memcpy; markus ok
Tim Rice68273952002-07-10 07:40:11 -07001322
Ben Lindstrom99a4e142002-07-09 14:06:40 +0000132320020709
1324 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
1325 lacking that concept can share it. Patch by vinschen@redhat.com
1326
Tim Rice88177242002-07-08 19:02:10 -0700132720020708
1328 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
1329 work in a jumpstart environment. patch by kbrint@rufus.net
Tim Rice2d0bf3d2002-07-08 19:10:05 -07001330 - (tim) [Makefile.in] workaround for broken pakadd on some systems.
Tim Ricecbb90662002-07-08 19:17:10 -07001331 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
1332 --with-privsep-path=
Tim Rice88177242002-07-08 19:02:10 -07001333
Tim Ricecc252062002-07-07 13:30:45 -0700133420020707
1335 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
Tim Rice9dd30812002-07-07 13:43:36 -07001336 - (tim) [acconfig.h configure.ac sshd.c]
1337 s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
Tim Ricee475a3c2002-07-07 14:07:46 -07001338 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
1339 patch from vinschen@redhat.com
Ben Lindstrom8abe7362002-07-07 22:07:10 +00001340 - (bal) [realpath.c] Updated with OpenBSD tree.
Ben Lindstromc51b9242002-07-07 22:10:15 +00001341 - (bal) OpenBSD CVS Sync
1342 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
1343 [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
1344 patch memory leaks; grendel@zeitbombe.org
Ben Lindstrom8b2eecd2002-07-07 22:11:51 +00001345 - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
1346 [channels.c packet.c]
1347 blah blah minor nothing as i read and re-read and re-read...
Ben Lindstrom2bf759c2002-07-07 22:13:31 +00001348 - markus@cvs.openbsd.org 2002/07/04 10:41:47
1349 [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
1350 don't allocate, copy, and discard if there is not interested in the data;
1351 ok deraadt@
Ben Lindstrom8e8ef2a2002-07-07 22:14:55 +00001352 - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
1353 [log.c]
1354 KNF
Ben Lindstrom965710f2002-07-07 22:17:22 +00001355 - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
1356 [ssh-keyscan.c]
1357 KNF, realloc fix, and clean usage
Ben Lindstrom6a9fbc92002-07-07 22:19:13 +00001358 - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
1359 [ssh-keyscan.c]
1360 unused variable
Ben Lindstrom5c98db52002-07-07 22:25:29 +00001361 - (bal) Minor KNF on ssh-keyscan.c
Tim Ricecc252062002-07-07 13:30:45 -07001362
Tim Ricee958ed32002-07-05 07:12:33 -0700136320020705
1364 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
1365 Reported by Darren Tucker <dtucker@zip.com.au>
Tim Riceb66e2922002-07-05 16:22:32 -07001366 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
1367 from vinschen@redhat.com
Tim Ricee958ed32002-07-05 07:12:33 -07001368
Ben Lindstrom92ea0ea2002-07-04 18:11:09 +0000136920020704
1370 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
1371 faster data rate) Bug #124
Ben Lindstrom604de562002-07-04 18:20:51 +00001372 - (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
1373 bug #265
Ben Lindstromd00a1a12002-07-04 19:33:49 +00001374 - (bal) One too many nulls in ports-aix.c
Ben Lindstrom92ea0ea2002-07-04 18:11:09 +00001375
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000137620020703
1377 - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
Ben Lindstrom723e29a2002-07-03 23:50:00 +00001378 - (bal) minor correction to utimes() replacement. Patch by
1379 onoe@sm.sony.co.jp
Ben Lindstrom04f9af72002-07-04 00:03:56 +00001380 - OpenBSD CVS Sync
1381 - markus@cvs.openbsd.org 2002/06/27 08:49:44
1382 [dh.c ssh-keyscan.c sshconnect.c]
1383 more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
Ben Lindstrom35a2cb92002-07-04 00:05:06 +00001384 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
1385 [monitor.c]
1386 improve mm_zalloc check; markus ok
Ben Lindstromeec16fc2002-07-04 00:06:15 +00001387 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
1388 [auth2-none.c monitor.c sftp-client.c]
1389 use xfree()
Ben Lindstromedd098b2002-07-04 00:07:13 +00001390 - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
1391 [ssh-keyscan.c]
1392 use convtime(); ok markus@
Ben Lindstroma7961622002-07-04 00:08:23 +00001393 - millert@cvs.openbsd.org 2002/06/28 01:49:31
1394 [monitor_mm.c]
1395 tree(3) wants an int return value for its compare functions and
1396 the difference between two pointers is not an int. Just do the
1397 safest thing and store the result in a long and then return 0,
1398 -1, or 1 based on that result.
Ben Lindstromb1bdc5a2002-07-04 00:09:26 +00001399 - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
1400 [monitor_wrap.c]
1401 use ssize_t
Ben Lindstromfbbfa842002-07-04 00:10:34 +00001402 - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
1403 [sshd.c]
1404 range check -u option at invocation
Ben Lindstrom810af962002-07-04 00:11:40 +00001405 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
1406 [sshd.c]
1407 gidset[2] -> gidset[1]; markus ok
Ben Lindstrom5a9d0ea2002-07-04 00:12:53 +00001408 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
1409 [auth2.c session.c sshd.c]
1410 lint asks that we use names that do not overlap
Ben Lindstroma962c2f2002-07-04 00:14:17 +00001411 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
1412 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
1413 monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
1414 sshconnect2.c sshd.c]
1415 minor KNF
Ben Lindstromfd2aace2002-07-04 00:15:22 +00001416 - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
1417 [msg.c]
1418 %u
Ben Lindstrom343010a2002-07-04 00:16:25 +00001419 - markus@cvs.openbsd.org 2002/07/01 19:48:46
1420 [sshconnect2.c]
1421 for compression=yes, we fallback to no-compression if the server does
1422 not support compression, vice versa for compression=no. ok mouring@
Ben Lindstrom43ce2c82002-07-04 00:17:33 +00001423 - markus@cvs.openbsd.org 2002/07/03 09:55:38
1424 [ssh-keysign.c]
1425 use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
1426 in order to avoid a possible Kocher timing attack pointed out by Charles
1427 Hannum; ok provos@
Ben Lindstrom5d35a2f2002-07-04 00:19:40 +00001428 - markus@cvs.openbsd.org 2002/07/03 14:21:05
1429 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
1430 re-enable ssh-keysign's sbit, but make ssh-keysign read
1431 /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
1432 globally. based on discussions with deraadt, itojun and sommerfeld;
1433 ok itojun@
Ben Lindstrome06eb682002-07-04 00:27:21 +00001434 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
Ben Lindstromee3a8e42002-07-04 03:07:15 +00001435 - (bal) Missed Makefile.in change. keysign needs readconf.o
Ben Lindstrom51b24882002-07-04 03:08:40 +00001436 - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
Ben Lindstrome06eb682002-07-04 00:27:21 +00001437
Damien Miller23fe57c2002-07-02 17:08:23 +1000143820020702
1439 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
1440 friends consistently. Spotted by Solar Designer <solar@openwall.com>
1441
Ben Lindstromde07cbf2002-06-28 16:48:11 +0000144220020629
1443 - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style
1444 clean up while I'm near it.
1445
Kevin Stevesbdf3e892002-06-27 16:59:50 +0000144620020628
1447 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
1448 options should contain default value. from solar.
Ben Lindstrom59627352002-06-27 18:02:21 +00001449 - (bal) Cygwin uid0 fix by vinschen@redhat.com
Ben Lindstromdd21fe92002-06-27 18:23:20 +00001450 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise
1451 have issues of our fixes not propogating right (ie bcopy instead of
1452 memmove). OK tim
Ben Lindstrom68e83112002-06-28 00:37:33 +00001453 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
1454 Bug #303
Kevin Stevesbdf3e892002-06-27 16:59:50 +00001455
Kevin Steves3a881912002-07-20 19:05:40 +0000145620020627
Ben Lindstromd5502182002-06-27 00:12:57 +00001457 - OpenBSD CVS Sync
1458 - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
1459 [monitor.c]
1460 correct %u
Ben Lindstromd5bf46e2002-06-27 00:21:03 +00001461 - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
1462 [monitor_fdpass.c]
1463 use ssize_t for recvmsg() and sendmsg() return
Ben Lindstrom33907492002-06-27 00:21:59 +00001464 - markus@cvs.openbsd.org 2002/06/26 14:51:33
1465 [ssh-add.c]
1466 fix exit code for -X/-x
Ben Lindstrom08512492002-06-27 00:23:02 +00001467 - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
1468 [monitor_wrap.c]
1469 more %u
Ben Lindstromfe275982002-06-27 00:25:07 +00001470 - markus@cvs.openbsd.org 2002/06/26 22:27:32
1471 [ssh-keysign.c]
1472 bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
Ben Lindstromd5502182002-06-27 00:12:57 +00001473
Kevin Stevescfae58c2002-06-25 22:43:19 +0000147420020626
1475 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
Ben Lindstromdaa21792002-06-25 23:15:30 +00001476 - (bal) OpenBSD CVS Sync
1477 - markus@cvs.openbsd.org 2002/06/23 21:34:07
1478 [channels.c]
1479 tcode is u_int
Ben Lindstromb48057b2002-06-25 23:16:31 +00001480 - markus@cvs.openbsd.org 2002/06/24 13:12:23
1481 [ssh-agent.1]
1482 the socket name contains ssh-agent's ppid; via mpech@ from form@
Ben Lindstrom4fed2be2002-06-25 23:17:36 +00001483 - markus@cvs.openbsd.org 2002/06/24 14:33:27
1484 [channels.c channels.h clientloop.c serverloop.c]
1485 move channel counter to u_int
Ben Lindstromc5a7f4f2002-06-25 23:19:13 +00001486 - markus@cvs.openbsd.org 2002/06/24 14:55:38
1487 [authfile.c kex.c ssh-agent.c]
1488 cat to (void) when output from buffer_get_X is ignored
Ben Lindstrom9b413972002-06-25 23:20:18 +00001489 - itojun@cvs.openbsd.org 2002/06/24 15:49:22
1490 [msg.c]
1491 printf type pedant
Ben Lindstromc2df3ec2002-06-25 23:21:41 +00001492 - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
1493 [sftp-server.c sshpty.c]
1494 explicit (u_int) for uid and gid
Ben Lindstrom6398a0e2002-06-25 23:22:54 +00001495 - markus@cvs.openbsd.org 2002/06/25 16:22:42
1496 [authfd.c]
1497 unnecessary cast
Ben Lindstromfbcc3f72002-06-25 23:24:18 +00001498 - markus@cvs.openbsd.org 2002/06/25 18:51:04
1499 [sshd.c]
1500 lightweight do_setusercontext after chroot()
Ben Lindstrom52237272002-06-25 23:38:47 +00001501 - (bal) Updated AIX package build. Patch by dtucker@zip.com.au
Tim Rice2b3897c2002-06-25 16:45:42 -07001502 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
Ben Lindstroma95fd3f2002-06-26 00:22:57 +00001503 - (bal) added back in error check for mmap(). I screwed up, Pointed
1504 out by stevesk@
Tim Ricee04ee922002-06-25 17:25:47 -07001505 - (tim) [README.privsep] UnixWare tip no longer needed.
Ben Lindstrom4e3c6312002-06-26 00:29:02 +00001506 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
1507 but it all damned lies.
Kevin Steves40b011c2002-06-26 00:43:57 +00001508 - (stevesk) [README.privsep] more for sshd pseudo-account.
Tim Rice6de3dfd2002-06-25 19:28:55 -07001509 - (tim) [contrib/caldera/openssh.spec] add support for privsep
Damien Millerf18cd162002-06-26 19:12:59 +10001510 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
Damien Milleraa151372002-06-26 19:14:08 +10001511 - (djm) OpenBSD CVS Sync
1512 - markus@cvs.openbsd.org 2002/06/26 08:53:12
1513 [bufaux.c]
1514 limit size of BNs to 8KB; ok provos/deraadt
Damien Miller468cd712002-06-26 19:14:25 +10001515 - markus@cvs.openbsd.org 2002/06/26 08:54:18
1516 [buffer.c]
1517 limit append to 1MB and buffers to 10MB
Damien Miller9403aa22002-06-26 19:14:43 +10001518 - markus@cvs.openbsd.org 2002/06/26 08:55:02
1519 [channels.c]
1520 limit # of channels to 10000
Damien Millera0796ca2002-06-26 19:15:07 +10001521 - markus@cvs.openbsd.org 2002/06/26 08:58:26
1522 [session.c]
1523 limit # of env vars to 1000; ok deraadt/djm
Damien Miller530a7542002-06-26 23:27:11 +10001524 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
1525 [monitor.c]
1526 be careful in mm_zalloc
Damien Miller990070a2002-06-26 23:51:06 +10001527 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
1528 [session.c]
1529 disclose less information from environment files; based on input
1530 from djm, and dschultz@uclink.Berkeley.EDU
Damien Millerfb7fd952002-06-26 23:58:39 +10001531 - markus@cvs.openbsd.org 2002/06/26 13:55:37
1532 [auth2-chall.c]
1533 make sure # of response matches # of queries, fixes int overflow;
1534 from ISS
Damien Miller3e36f9f2002-06-26 23:59:10 +10001535 - markus@cvs.openbsd.org 2002/06/26 13:56:27
1536 [version.h]
1537 3.4
Damien Millerf49035a2002-06-26 19:42:52 +10001538 - (djm) Require krb5 devel for RPM build w/ KrbV
Damien Miller136d4412002-06-26 23:05:16 +10001539 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
1540 <nalin@redhat.com>
Damien Millerd4b11d62002-06-26 23:57:12 +10001541 - (djm) Update spec files for release
Damien Miller78682022002-06-26 23:57:59 +10001542 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
Damien Miller3e36f9f2002-06-26 23:59:10 +10001543 - (djm) Release 3.4p1
Tim Ricea8959ae2002-06-26 11:05:32 -07001544 - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in
1545 by mistake
Kevin Stevescfae58c2002-06-25 22:43:19 +00001546
Kevin Steves34f0d8f2002-06-24 16:26:49 +0000154720020625
1548 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
Kevin Stevesd4866362002-06-24 16:49:22 +00001549 - (stevesk) [README.privsep] minor updates
Damien Millerd3f6ad22002-06-25 10:24:47 +10001550 - (djm) Create privsep directory and warn if privsep user is missing
1551 during make install
Ben Lindstromaa83b982002-06-25 02:28:22 +00001552 - (bal) Started list of PrivSep issues in TODO
Ben Lindstrom6b0c96a2002-06-25 03:22:03 +00001553 - (bal) if mmap() is substandard, don't allow compression on server side.
1554 Post 'event' we will add more options.
Tim Rice78688d72002-06-25 10:07:25 -07001555 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
Ben Lindstromb129be62002-06-25 17:12:26 +00001556 - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
1557 dtucker@zip.com.au
Tim Rice8eff3192002-06-25 15:35:15 -07001558 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
1559 for Cygwin, Cray, & SCO
Kevin Steves34f0d8f2002-06-24 16:26:49 +00001560
Ben Lindstrom2953d0f2002-06-23 21:20:34 +0000156120020624
1562 - OpenBSD CVS Sync
1563 - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
1564 [tildexpand.c]
1565 KNF
Ben Lindstrom836f0e92002-06-23 21:21:30 +00001566 - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
1567 [cipher.c key.c]
1568 KNF
Ben Lindstrom5c385522002-06-23 21:23:20 +00001569 - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
1570 [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
1571 sshpty.c]
1572 various KNF and %d for unsigned
Ben Lindstromb1f483f2002-06-23 21:27:18 +00001573 - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
1574 [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
1575 sftp.c]
1576 bunch of u_int vs int stuff
Ben Lindstrom58d3b722002-06-23 21:28:13 +00001577 - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
1578 [ssh-keygen.c]
1579 u_int stuff
Ben Lindstrome1353632002-06-23 21:29:23 +00001580 - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
1581 [bufaux.c servconf.c]
1582 minor KNF. things the fingers do while you read
Ben Lindstrom822b6342002-06-23 21:38:49 +00001583 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
1584 [ssh-agent.c sshd.c]
1585 some minor KNF and %u
Ben Lindstrome23f4a32002-06-23 21:40:16 +00001586 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
1587 [session.c]
1588 compression_level is u_int
Ben Lindstrom8ada5d02002-06-23 21:42:50 +00001589 - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
1590 [sshpty.c]
1591 KNF
Ben Lindstroma9d2c892002-06-23 21:48:28 +00001592 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
1593 [channels.c channels.h session.c session.h]
1594 display, screen, row, col, xpixel, ypixel are u_int; markus ok
Ben Lindstrom3f584742002-06-23 21:49:25 +00001595 - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
1596 [packet.c]
1597 packet_get_int() returns unsigned for reason & seqnr
Ben Lindstroma9d2c892002-06-23 21:48:28 +00001598 - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
1599 xpixel are u_int.
1600
Ben Lindstrom2953d0f2002-06-23 21:20:34 +00001601
Kevin Steves90d5de72002-06-22 18:51:48 +0000160220020623
1603 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
Ben Lindstrom1a1b8512002-06-23 00:18:15 +00001604 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
Ben Lindstrom883844d2002-06-23 00:20:50 +00001605 - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
Ben Lindstrom5590aa52002-06-23 00:30:30 +00001606 - OpenBSD CVS Sync
1607 - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
1608 [ssh.h]
1609 correct comment
Ben Lindstrombf69e3b2002-06-23 00:31:24 +00001610 - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
1611 [ssh.1]
1612 section 5 not 4 for ssh_config
Ben Lindstromc001cd32002-06-23 00:32:11 +00001613 - naddy@cvs.openbsd.org 2002/06/22 11:51:39
1614 [ssh.1]
1615 typo
Ben Lindstrom624e3f22002-06-23 00:32:57 +00001616 - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
1617 [sshd.8]
1618 add /var/empty in FILES section
Ben Lindstrom2dfacb32002-06-23 00:33:47 +00001619 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
1620 [sshd.c]
1621 check /var/empty owner mode; ok provos@
Ben Lindstromc06bf702002-06-23 00:34:37 +00001622 - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
1623 [scp.1]
1624 typo
Ben Lindstrom959de992002-06-23 00:35:25 +00001625 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
1626 [ssh-agent.1 sshd.8 sshd_config.5]
1627 use process ID vs. pid/PID/process identifier
Ben Lindstrom57f08002002-06-23 00:37:10 +00001628 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
1629 [sshd.c]
1630 don't call setsid() if debugging or run from inetd; no "Operation not
1631 permitted" errors now; ok millert@ markus@
Ben Lindstrome1c09122002-06-23 00:38:24 +00001632 - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
1633 [monitor.c]
1634 save auth method before monitor_reset_key_state(); bugzilla bug #284;
1635 ok provos@
Kevin Steves90d5de72002-06-22 18:51:48 +00001636
Damien Millerf4684422003-06-02 18:59:08 +10001637$Id: ChangeLog,v 1.2760 2003/06/02 08:59:08 djm Exp $