diff options
author | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
commit | b7e40fa9da0b5491534a429dadb321eab5a77558 (patch) | |
tree | bed1da11e9f829925797aa093e379fc0b5868ecd /ChangeLog | |
parent | 4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff) | |
parent | 086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff) |
* New upstream release (closes: #395507, #397961, #420035). Important
changes not previously backported to 4.3p2:
- 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+ On portable OpenSSH, fix a GSSAPI authentication abort that could be
used to determine the validity of usernames on some platforms.
+ Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of
post-authentication options are supported and more are expected to
be added in future releases.
+ Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
+ Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
+ Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
+ Add optional logging of transactions to sftp-server(8).
+ ssh(1) will now record port numbers for hosts stored in
~/.ssh/known_hosts when a non-standard port has been requested
(closes: #50612).
+ Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
+ Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
+ Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
+ Many manpage fixes and improvements.
+ Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
+ Tokens in configuration files may be double-quoted in order to
contain spaces (closes: #319639).
+ Move a debug() call out of a SIGCHLD handler, fixing a hang when the
session exits very quickly (closes: #307890).
+ Fix some incorrect buffer allocation calculations (closes: #410599).
+ ssh-add doesn't ask for a passphrase if key file permissions are too
liberal (closes: #103677).
+ Likewise, ssh doesn't ask either (closes: #99675).
- 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+ sshd now allows the enabling and disabling of authentication methods
on a per user, group, host and network basis via the Match directive
in sshd_config.
+ Fixed an inconsistent check for a terminal when displaying scp
progress meter (closes: #257524).
+ Fix "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
install ChangeLog.gssapi.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 4981 |
1 files changed, 1961 insertions, 3020 deletions
@@ -1,13 +1,1969 @@ | |||
1 | 20060211 | 1 | 20070306 |
2 | - (dtucker) [README] Bump release notes URL. | 2 | - (djm) OpenBSD CVS Sync |
3 | - (djm) Release 4.3p2 | 3 | - jmc@cvs.openbsd.org 2007/03/01 16:19:33 |
4 | [sshd_config.5] | ||
5 | sort the `match' keywords; | ||
6 | - djm@cvs.openbsd.org 2007/03/06 10:13:14 | ||
7 | [version.h] | ||
8 | openssh-4.6; "please" deraadt@ | ||
9 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
10 | [contrib/suse/openssh.spec] crank spec files for release | ||
11 | - (djm) [README] correct link to release notes | ||
12 | - (djm) Release 4.6p1 | ||
13 | |||
14 | 20070304 | ||
15 | - (djm) [configure.ac] add a --without-openssl-header-check option to | ||
16 | configure, as some platforms (OS X) ship OpenSSL headers whose version | ||
17 | does not match that of the shipping library. ok dtucker@ | ||
18 | - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a | ||
19 | bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 | ||
20 | ciphers from working correctly (disconnects with "Bad packet length" | ||
21 | errors) as found by Ben Harris. ok djm@ | ||
22 | |||
23 | 20070303 | ||
24 | - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more | ||
25 | general to cover newer gdb versions on HP-UX. | ||
26 | |||
27 | 20070302 | ||
28 | - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows | ||
29 | CRLF as well as LF lineendings) and write in binary mode. Patch from | ||
30 | vinschen at redhat.com. | ||
31 | - (dtucker) [INSTALL] Update to autoconf-2.61. | ||
32 | |||
33 | 20070301 | ||
34 | - (dtucker) OpenBSD CVS Sync | ||
35 | - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 | ||
36 | [auth2.c sshd_config.5 servconf.c] | ||
37 | Remove ChallengeResponseAuthentication support inside a Match | ||
38 | block as its interaction with KbdInteractive makes it difficult to | ||
39 | support. Also, relocate the CR/kbdint option special-case code into | ||
40 | servconf. "please commit" djm@, ok markus@ for the relocation. | ||
41 | - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits. | ||
42 | "Looks sane" dtucker@ | ||
43 | |||
44 | 20070228 | ||
45 | - (dtucker) OpenBSD CVS Sync | ||
46 | - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 | ||
47 | [ssh-agent.c] | ||
48 | Remove expired keys periodically so they don't remain in memory when | ||
49 | the agent is entirely idle, as noted by David R. Piegdon. This is the | ||
50 | simple fix, a more efficient one will be done later. With markus, | ||
51 | deraadt, with & ok djm. | ||
52 | |||
53 | 20070225 | ||
54 | - (dtucker) OpenBSD CVS Sync | ||
55 | - djm@cvs.openbsd.org 2007/02/20 10:25:14 | ||
56 | [clientloop.c] | ||
57 | set maximum packet and window sizes the same for multiplexed clients | ||
58 | as normal connections; ok markus@ | ||
59 | - dtucker@cvs.openbsd.org 2007/02/21 11:00:05 | ||
60 | [sshd.c] | ||
61 | Clear alarm() before restarting sshd on SIGHUP. Without this, if there's | ||
62 | a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the | ||
63 | newly exec'ed sshd will get the SIGALRM and not have a handler for it, | ||
64 | and the default action will terminate the listening sshd. Analysis and | ||
65 | patch from andrew at gaul.org. | ||
66 | - dtucker@cvs.openbsd.org 2007/02/22 12:58:40 | ||
67 | [servconf.c] | ||
68 | Check activep so Match and GatewayPorts work together; ok markus@ | ||
69 | - ray@cvs.openbsd.org 2007/02/24 03:30:11 | ||
70 | [moduli.c] | ||
71 | - strlen returns size_t, not int. | ||
72 | - Pass full buffer size to fgets. | ||
73 | OK djm@, millert@, and moritz@. | ||
74 | |||
75 | 20070219 | ||
76 | - (dtucker) OpenBSD CVS Sync | ||
77 | - jmc@cvs.openbsd.org 2007/01/10 13:23:22 | ||
78 | [ssh_config.5] | ||
79 | do not use a list for SYNOPSIS; | ||
80 | this is actually part of a larger report sent by eric s. raymond | ||
81 | and forwarded by brad, but i only read half of it. spotted by brad. | ||
82 | - jmc@cvs.openbsd.org 2007/01/12 20:20:41 | ||
83 | [ssh-keygen.1 ssh-keygen.c] | ||
84 | more secsh -> rfc 4716 updates; | ||
85 | spotted by wiz@netbsd | ||
86 | ok markus | ||
87 | - dtucker@cvs.openbsd.org 2007/01/17 23:22:52 | ||
88 | [readconf.c] | ||
89 | Honour activep for times (eg ServerAliveInterval) while parsing | ||
90 | ssh_config and ~/.ssh/config so they work properly with Host directives. | ||
91 | From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@ | ||
92 | - stevesk@cvs.openbsd.org 2007/01/21 01:41:54 | ||
93 | [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] | ||
94 | spaces | ||
95 | - stevesk@cvs.openbsd.org 2007/01/21 01:45:35 | ||
96 | [readconf.c] | ||
97 | spaces | ||
98 | - djm@cvs.openbsd.org 2007/01/22 11:32:50 | ||
99 | [sftp-client.c] | ||
100 | return error from do_upload() when a write fails. fixes bz#1252: zero | ||
101 | exit status from sftp when uploading to a full device. report from | ||
102 | jirkat AT atlas.cz; ok dtucker@ | ||
103 | - djm@cvs.openbsd.org 2007/01/22 13:06:21 | ||
104 | [scp.c] | ||
105 | fix detection of whether we should show progress meter or not: scp | ||
106 | tested isatty(stderr) but wrote the progress meter to stdout. This patch | ||
107 | makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; | ||
108 | of dtucker@ | ||
109 | - stevesk@cvs.openbsd.org 2007/02/14 14:32:00 | ||
110 | [bufbn.c] | ||
111 | typos in comments; ok jmc@ | ||
112 | - dtucker@cvs.openbsd.org 2007/02/19 10:45:58 | ||
113 | [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] | ||
114 | Teach Match how handle config directives that are used before | ||
115 | authentication. This allows configurations such as permitting password | ||
116 | authentication from the local net only while requiring pubkey from | ||
117 | offsite. ok djm@, man page bits ok jmc@ | ||
118 | - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some | ||
119 | platforms don't have it. Patch from dleonard at vintela.com. | ||
120 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc | ||
121 | an array for signatures when there are none since "calloc(0, n) returns | ||
122 | NULL on some platforms (eg Tru64), which is explicitly permitted by | ||
123 | POSIX. Diagnosis and patch by svallet genoscope.cns.fr. | ||
124 | |||
125 | 20070128 | ||
126 | - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) | ||
127 | when closing a tty session when a background process still holds tty | ||
128 | fds open. Great detective work and patch by Marc Aurele La France, | ||
129 | slightly tweaked by me; ok dtucker@ | ||
130 | |||
131 | 20070123 | ||
132 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public | ||
133 | library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro | ||
134 | so it works properly and modify its callers so that they don't pre or | ||
135 | post decrement arguments that are conditionally evaluated. While there, | ||
136 | put SNPRINTF_CONST back as it prevents build failures in some | ||
137 | configurations. ok djm@ (for most of it) | ||
138 | |||
139 | 20070122 | ||
140 | - (djm) [ssh-rand-helper.8] manpage nits; | ||
141 | from dleonard AT vintela.com (bz#1529) | ||
142 | |||
143 | 20070117 | ||
144 | - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h | ||
145 | and multiple including it causes problems on old IRIXes. (It snuck back | ||
146 | in during a sync.) Found (again) by Georg Schwarz. | ||
147 | |||
148 | 20070114 | ||
149 | - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync. | ||
150 | - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return | ||
151 | value of snprintf replacement, similar to bugs in various libc | ||
152 | implementations. This overflow is not exploitable in OpenSSH. | ||
153 | While I'm fiddling with it, make it a fair bit faster by inlining the | ||
154 | append-char routine; ok dtucker@ | ||
155 | |||
156 | 20070105 | ||
157 | - (djm) OpenBSD CVS Sync | ||
158 | - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 | ||
159 | [ssh-keygen.c] | ||
160 | use argc and argv not some made up short form | ||
161 | - ray@cvs.openbsd.org 2006/11/23 01:35:11 | ||
162 | [misc.c sftp.c] | ||
163 | Don't access buf[strlen(buf) - 1] for zero-length strings. | ||
164 | ``ok by me'' djm@. | ||
165 | - markus@cvs.openbsd.org 2006/12/11 21:25:46 | ||
166 | [ssh-keygen.1 ssh.1] | ||
167 | add rfc 4716 (public key format); ok jmc | ||
168 | - djm@cvs.openbsd.org 2006/12/12 03:58:42 | ||
169 | [channels.c compat.c compat.h] | ||
170 | bz #1019: some ssh.com versions apparently can't cope with the | ||
171 | remote port forwarding bind_address being a hostname, so send | ||
172 | them an address for cases where they are not explicitly | ||
173 | specified (wildcard or localhost bind). reported by daveroth AT | ||
174 | acm.org; ok dtucker@ deraadt@ | ||
175 | - dtucker@cvs.openbsd.org 2006/12/13 08:34:39 | ||
176 | [servconf.c] | ||
177 | Make PermitOpen work with multiple values like the man pages says. | ||
178 | bz #1267 with details from peter at dmtz.com, with & ok djm@ | ||
179 | - dtucker@cvs.openbsd.org 2006/12/14 10:01:14 | ||
180 | [servconf.c] | ||
181 | Make "PermitOpen all" first-match within a block to match the way other | ||
182 | options work. ok markus@ djm@ | ||
183 | - jmc@cvs.openbsd.org 2007/01/02 09:57:25 | ||
184 | [sshd_config.5] | ||
185 | do not use lists for SYNOPSIS; | ||
186 | from eric s. raymond via brad | ||
187 | - stevesk@cvs.openbsd.org 2007/01/03 00:53:38 | ||
188 | [ssh-keygen.c] | ||
189 | remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan | ||
190 | - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 | ||
191 | [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] | ||
192 | spaces | ||
193 | - stevesk@cvs.openbsd.org 2007/01/03 04:09:15 | ||
194 | [sftp.c] | ||
195 | ARGSUSED for lint | ||
196 | - stevesk@cvs.openbsd.org 2007/01/03 07:22:36 | ||
197 | [sftp-server.c] | ||
198 | spaces | ||
199 | |||
200 | 20061205 | ||
201 | - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would | ||
202 | occur if the server did not have the privsep user and an invalid user | ||
203 | tried to login and both privsep and krb5 auth are disabled; ok dtucker@ | ||
204 | - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@ | ||
205 | |||
206 | 20061108 | ||
207 | - (dtucker) OpenBSD CVS Sync | ||
208 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 | ||
209 | [dh.c] | ||
210 | BN_hex2bn returns int; from dtucker@ | ||
211 | |||
212 | 20061107 | ||
213 | - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it | ||
214 | if we absolutely need it. Pointed out by Corinna, ok djm@ | ||
215 | - (dtucker) OpenBSD CVS Sync | ||
216 | - markus@cvs.openbsd.org 2006/11/06 21:25:28 | ||
217 | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c | ||
218 | ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] | ||
219 | add missing checks for openssl return codes; with & ok djm@ | ||
220 | - markus@cvs.openbsd.org 2006/11/07 10:31:31 | ||
221 | [monitor.c version.h] | ||
222 | correctly check for bad signatures in the monitor, otherwise the monitor | ||
223 | and the unpriv process can get out of sync. with dtucker@, ok djm@, | ||
224 | dtucker@ | ||
225 | - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump | ||
226 | versions. | ||
227 | - (dtucker) Release 4.5p1. | ||
228 | |||
229 | 20061105 | ||
230 | - (djm) OpenBSD CVS Sync | ||
231 | - otto@cvs.openbsd.org 2006/10/28 18:08:10 | ||
232 | [ssh.1] | ||
233 | correct/expand example of usage of -w; ok jmc@ stevesk@ | ||
234 | - markus@cvs.openbsd.org 2006/10/31 16:33:12 | ||
235 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c] | ||
236 | check DH_compute_key() for -1 even if it should not happen because of | ||
237 | earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm | ||
238 | |||
239 | 20061101 | ||
240 | - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr | ||
241 | events fatal in Solaris process contract support and tell it to signal | ||
242 | only processes in the same process group when something happens. | ||
243 | Based on information from andrew.benham at thus.net and similar to | ||
244 | a patch from Chad Mynhier. ok djm@ | ||
245 | |||
246 | 20061027 | ||
247 | - (djm) [auth.c] gc some dead code | ||
248 | |||
249 | 20061023 | ||
250 | - (djm) OpenBSD CVS Sync | ||
251 | - ray@cvs.openbsd.org 2006/09/30 17:48:22 | ||
252 | [sftp.c] | ||
253 | Clear errno before calling the strtol functions. | ||
254 | From Paul Stoeber <x0001 at x dot de1 dot cc>. | ||
255 | OK deraadt@. | ||
256 | - djm@cvs.openbsd.org 2006/10/06 02:29:19 | ||
257 | [ssh-agent.c ssh-keyscan.c ssh.c] | ||
258 | sys/resource.h needs sys/time.h; prompted by brad@ | ||
259 | (NB. Id sync only for portable) | ||
260 | - djm@cvs.openbsd.org 2006/10/09 23:36:11 | ||
261 | [session.c] | ||
262 | xmalloc -> xcalloc that was missed previously, from portable | ||
263 | (NB. Id sync only for portable, obviously) | ||
264 | - markus@cvs.openbsd.org 2006/10/10 10:12:45 | ||
265 | [sshconnect.c] | ||
266 | sleep before retrying (not after) since sleep changes errno; fixes | ||
267 | pr 5250; rad@twig.com; ok dtucker djm | ||
268 | - markus@cvs.openbsd.org 2006/10/11 12:38:03 | ||
269 | [clientloop.c serverloop.c] | ||
270 | exit instead of doing a blocking tcp send if we detect a client/server | ||
271 | timeout, since the tcp sendqueue might be already full (of alive | ||
272 | requests); ok dtucker, report mpf | ||
273 | - djm@cvs.openbsd.org 2006/10/22 02:25:50 | ||
274 | [sftp-client.c] | ||
275 | cancel progress meter when upload write fails; ok deraadt@ | ||
276 | - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep | ||
277 | autoconf 2.60 from complaining. | ||
278 | |||
279 | 20061018 | ||
280 | - (dtucker) OpenBSD CVS Sync | ||
281 | - ray@cvs.openbsd.org 2006/09/25 04:55:38 | ||
282 | [ssh-keyscan.1 ssh.1] | ||
283 | Change "a SSH" to "an SSH". Hurray, I'm not the only one who | ||
284 | pronounces "SSH" as "ess-ess-aich". | ||
285 | OK jmc@ and stevesk@. | ||
286 | - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings | ||
287 | on older versions of OS X. ok djm@ | ||
288 | |||
289 | 20061016 | ||
290 | - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros | ||
291 | on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. | ||
292 | |||
293 | 20061006 | ||
294 | - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. | ||
295 | Differentiate between OpenServer 5 and OpenServer 6 | ||
296 | - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for | ||
297 | SELinux functions so they're detected correctly. Patch from pebenito at | ||
298 | gentoo.org. | ||
299 | - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer). | ||
300 | Allow setting alternate awk in openssh-config.local. | ||
301 | |||
302 | 20061003 | ||
303 | - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific | ||
304 | section so additional platform specific CHECK_HEADER tests will work | ||
305 | correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no | ||
306 | Feedback and "seems like a good idea" dtucker@ | ||
307 | |||
308 | 20061001 | ||
309 | - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. | ||
310 | |||
311 | 20060929 | ||
312 | - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine | ||
313 | support. Patch from andrew.benham at thus net. | ||
314 | |||
315 | 20060928 | ||
316 | - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error | ||
317 | on Solaris 8 w/out /dev/random or prngd. Patch from rl at | ||
318 | math.technion.ac.il. | ||
319 | |||
320 | 20060926 | ||
321 | - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not | ||
322 | referenced any more. ok djm@ | ||
323 | - (dtucker) [sftp-server.8] Resync; spotted by djm@ | ||
324 | - (dtucker) Release 4.4p1. | ||
325 | |||
326 | 20060924 | ||
327 | - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added | ||
328 | to rev 1.308) to work around broken gcc 2.x header file. | ||
329 | |||
330 | 20060923 | ||
331 | - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than | ||
332 | $LDFLAGS. Patch from vapier at gentoo org. | ||
333 | |||
334 | 20060922 | ||
335 | - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on | ||
336 | some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. | ||
337 | |||
338 | 20060921 | ||
339 | - (dtucker) OpenBSD CVS Sync | ||
340 | - otto@cvs.openbsd.org 2006/09/19 05:52:23 | ||
341 | [sftp.c] | ||
342 | Use S_IS* macros insted of masking with S_IF* flags. The latter may | ||
343 | have multiple bits set, which lead to surprising results. Spotted by | ||
344 | Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ | ||
345 | - markus@cvs.openbsd.org 2006/09/19 21:14:08 | ||
346 | [packet.c] | ||
347 | client NULL deref on protocol error; Tavis Ormandy, Google Security Team | ||
348 | - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes | ||
349 | build error on Ultrix. From Bernhard Simon. | ||
350 | |||
351 | 20060918 | ||
352 | - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow | ||
353 | macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. | ||
354 | Allows build out of the box with older VAC and XLC compilers. Found by | ||
355 | David Bronder and Bernhard Simon. | ||
356 | - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes. | ||
357 | Prevents macro redefinition warnings of "RDONLY". | ||
358 | |||
359 | 20060916 | ||
360 | - OpenBSD CVS Sync | ||
361 | - djm@cvs.openbsd.org 2006/09/16 19:53:37 | ||
362 | [deattack.c deattack.h packet.c] | ||
363 | limit maximum work performed by the CRC compensation attack detector, | ||
364 | problem reported by Tavis Ormandy, Google Security Team; | ||
365 | ok markus@ deraadt@ | ||
366 | - (djm) Add openssh.xml to .cvsignore and sort it | ||
367 | - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth | ||
368 | process so that any logging it does is with the right timezone. From | ||
369 | Scott Strickler, ok djm@. | ||
370 | - (dtucker) [monitor.c] Correctly handle auditing of single commands when | ||
371 | using Protocol 1. From jhb at freebsd. | ||
372 | - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ | ||
373 | - (dtucker) [INSTALL] Add info about audit support. | ||
374 | |||
375 | 20060912 | ||
376 | - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] | ||
377 | Support SMF in Solaris Packages if enabled by configure. Patch from | ||
378 | Chad Mynhier, tested by dtucker@ | ||
379 | |||
380 | 20060911 | ||
381 | - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted | ||
382 | by Pekka Savola. | ||
383 | |||
384 | 20060910 | ||
385 | - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. | ||
386 | - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. | ||
387 | |||
388 | 20060909 | ||
389 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. | ||
390 | - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. | ||
391 | - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ | ||
392 | |||
393 | 20060908 | ||
394 | - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch | ||
395 | from Chris Adams. | ||
396 | - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. | ||
397 | |||
398 | 20060907 | ||
399 | - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can | ||
400 | be used to drop privilege to; fixes Solaris GSSAPI crash reported by | ||
401 | Magnus Abrante; suggestion and feedback dtucker@ | ||
402 | NB. this change will require that the privilege separation user must | ||
403 | exist on all the time, not just when UsePrivilegeSeparation=yes | ||
404 | - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 | ||
405 | - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. | ||
406 | - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better | ||
407 | chance of winning. | ||
408 | |||
409 | 20060905 | ||
410 | - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. | ||
411 | - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. | ||
412 | |||
413 | 20060904 | ||
414 | - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native | ||
415 | updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, | ||
416 | ok djm@ | ||
417 | |||
418 | 20060903 | ||
419 | - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for | ||
420 | declaration of writev(2) and declare it ourselves if necessary. Makes | ||
421 | the atomiciov() calls build on really old systems. ok djm@ | ||
422 | |||
423 | 20060902 | ||
424 | - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. | ||
425 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c | ||
426 | openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c | ||
427 | openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h> | ||
428 | for hton* and ntoh* macros. Required on (at least) HP-UX since we define | ||
429 | _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com. | ||
430 | |||
431 | 20060901 | ||
432 | - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] | ||
433 | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] | ||
434 | [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] | ||
435 | [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] | ||
436 | [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | ||
437 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] | ||
438 | [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] | ||
439 | [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] | ||
440 | [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] | ||
441 | [sshconnect1.c sshconnect2.c sshd.c] | ||
442 | [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] | ||
443 | [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] | ||
444 | [openbsd-compat/port-uw.c] | ||
445 | Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; | ||
446 | compile problems reported by rac AT tenzing.org | ||
447 | - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] | ||
448 | [openbsd-compat/rresvport.c] Some more headers: netinet/in.h | ||
449 | sys/socket.h and unistd.h in various places | ||
450 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration | ||
451 | warnings for binary_open and binary_close. Patch from Corinna Vinschen. | ||
452 | - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly | ||
453 | test for GLOB_NOMATCH and use our glob functions if it's not found. | ||
454 | Stops sftp from segfaulting when attempting to get a nonexistent file on | ||
455 | Cygwin (previous versions of OpenSSH didn't use the native glob). Partly | ||
456 | from and tested by Corinna Vinschen. | ||
457 | - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank | ||
458 | versions. | ||
459 | |||
460 | 20060831 | ||
461 | - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] | ||
462 | [platform.c platform.h sshd.c openbsd-compat/Makefile.in] | ||
463 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] | ||
464 | [openbsd-compat/port-solaris.h] Add support for Solaris process | ||
465 | contracts, enabled with --use-solaris-contracts. Patch from Chad | ||
466 | Mynhier, tweaked by dtucker@ and myself; ok dtucker@ | ||
467 | - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege | ||
468 | while setting up the ssh service account. Patch from Corinna Vinschen. | ||
469 | |||
470 | 20060830 | ||
471 | - (djm) OpenBSD CVS Sync | ||
472 | - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 | ||
473 | [sshd_config.5] | ||
474 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, | ||
475 | ok jmc@ djm@ | ||
476 | - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 | ||
477 | [sshd.8] | ||
478 | Add more detail about what permissions are and aren't accepted for | ||
479 | authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ | ||
480 | - djm@cvs.openbsd.org 2006/08/29 10:40:19 | ||
481 | [channels.c session.c] | ||
482 | normalise some inconsistent (but harmless) NULL pointer checks | ||
483 | spotted by the Stanford SATURN tool, via Isil Dillig; | ||
484 | ok markus@ deraadt@ | ||
485 | - dtucker@cvs.openbsd.org 2006/08/29 12:02:30 | ||
486 | [gss-genr.c] | ||
487 | Work around a problem in Heimdal that occurs when KRB5CCNAME file is | ||
488 | missing, by checking whether or not kerberos allocated us a context | ||
489 | before attempting to free it. Patch from Simon Wilkinson, tested by | ||
490 | biorn@, ok djm@ | ||
491 | - dtucker@cvs.openbsd.org 2006/08/30 00:06:51 | ||
492 | [sshconnect2.c] | ||
493 | Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL | ||
494 | where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ | ||
495 | - djm@cvs.openbsd.org 2006/08/30 00:14:37 | ||
496 | [version.h] | ||
497 | crank to 4.4 | ||
498 | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h | ||
499 | - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call | ||
500 | loginsuccess on AIX immediately after authentication to clear the failed | ||
501 | login count. Previously this would only happen when an interactive | ||
502 | session starts (ie when a pty is allocated) but this means that accounts | ||
503 | that have primarily non-interactive sessions (eg scp's) may gradually | ||
504 | accumulate enough failures to lock out an account. This change may have | ||
505 | a side effect of creating two audit records, one with a tty of "ssh" | ||
506 | corresponding to the authentication and one with the allocated pty per | ||
507 | interactive session. | ||
508 | |||
509 | 20060824 | ||
510 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. | ||
511 | - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on | ||
512 | older systems. | ||
513 | - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2) | ||
514 | on POSIX systems. | ||
515 | - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). | ||
516 | - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc. | ||
517 | - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent | ||
518 | unused variable warning when we have a broken or missing mmap(2). | ||
519 | |||
520 | 20060822 | ||
521 | - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in | ||
522 | Makefile. Patch from santhi.amirta at gmail, ok djm. | ||
523 | |||
524 | 20060820 | ||
525 | - (dtucker) [log.c] Move ifdef to prevent unused variable warning. | ||
526 | - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore | ||
527 | afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. | ||
528 | - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for | ||
529 | fixing bug #1181. No changes yet. | ||
530 | - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL | ||
531 | (0.9.8a and presumably newer) requires -ldl to successfully link. | ||
532 | - (dtucker) [configure.ac] Remove errant "-". | ||
533 | |||
534 | 20060819 | ||
535 | - (djm) OpenBSD CVS Sync | ||
536 | - djm@cvs.openbsd.org 2006/08/18 22:41:29 | ||
537 | [gss-genr.c] | ||
538 | GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk | ||
539 | - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a | ||
540 | single rule for the test progs. | ||
541 | |||
542 | 20060818 | ||
543 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with | ||
544 | closefrom.c from sudo. | ||
545 | - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. | ||
546 | - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. | ||
547 | - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the | ||
548 | test progs instead; they work better than what we have. | ||
549 | - (djm) OpenBSD CVS Sync | ||
550 | - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 | ||
551 | [compress.c monitor.c monitor_wrap.c] | ||
552 | "zlib.h" can be <zlib.h>; ok djm@ markus@ | ||
553 | - miod@cvs.openbsd.org 2006/08/12 20:46:46 | ||
554 | [monitor.c monitor_wrap.c] | ||
555 | Revert previous include file ordering change, for ssh to compile under | ||
556 | gcc2 (or until openssl include files are cleaned of parameter names | ||
557 | in function prototypes) | ||
558 | - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 | ||
559 | [servconf.c servconf.h sshd_config.5] | ||
560 | Add ability to match groups to Match keyword in sshd_config. Feedback | ||
561 | djm@, stevesk@, ok stevesk@. | ||
562 | - djm@cvs.openbsd.org 2006/08/16 11:47:15 | ||
563 | [sshd.c] | ||
564 | factor inetd connection, TCP listen and main TCP accept loop out of | ||
565 | main() into separate functions to improve readability; ok markus@ | ||
566 | - deraadt@cvs.openbsd.org 2006/08/18 09:13:26 | ||
567 | [log.c log.h sshd.c] | ||
568 | make signal handler termination path shorter; risky code pointed out by | ||
569 | mark dowd; ok djm markus | ||
570 | - markus@cvs.openbsd.org 2006/08/18 09:15:20 | ||
571 | [auth.h session.c sshd.c] | ||
572 | delay authentication related cleanups until we're authenticated and | ||
573 | all alarms have been cancelled; ok deraadt | ||
574 | - djm@cvs.openbsd.org 2006/08/18 10:27:16 | ||
575 | [misc.h] | ||
576 | reorder so prototypes are sorted by the files they refer to; no | ||
577 | binary change | ||
578 | - djm@cvs.openbsd.org 2006/08/18 13:54:54 | ||
579 | [gss-genr.c ssh-gss.h sshconnect2.c] | ||
580 | bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk | ||
581 | ok markus@ | ||
582 | - djm@cvs.openbsd.org 2006/08/18 14:40:34 | ||
583 | [gss-genr.c ssh-gss.h] | ||
584 | constify host argument to match the rest of the GSSAPI functions and | ||
585 | unbreak compilation with -Werror | ||
586 | - (djm) Disable sigdie() for platforms that cannot safely syslog inside | ||
587 | a signal handler (basically all of them, excepting OpenBSD); | ||
588 | ok dtucker@ | ||
589 | |||
590 | 20060817 | ||
591 | - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] | ||
592 | Include stdlib.h for malloc and friends. | ||
593 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl | ||
594 | for closefrom() on AIX. Pointed out by William Ahern. | ||
595 | - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress | ||
596 | test for closefrom() in compat code. | ||
597 | |||
598 | 20060816 | ||
599 | - (djm) [audit-bsm.c] Sprinkle in some headers | ||
600 | |||
601 | 20060815 | ||
602 | - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. | ||
603 | |||
604 | 20060806 | ||
605 | - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings | ||
606 | on Solaris 10 | ||
607 | |||
608 | 20060806 | ||
609 | - (dtucker) [defines.h] With the includes.h changes we no longer get the | ||
610 | name clash on "YES" so we can remove the workaround for it. | ||
611 | - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, | ||
612 | glob.c}] Include stdlib.h for malloc and friends in compat code. | ||
613 | |||
614 | 20060805 | ||
615 | - (djm) OpenBSD CVS Sync | ||
616 | - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 | ||
617 | [sshconnect.c] | ||
618 | disable tunnel forwarding when no strict host key checking | ||
619 | and key changed; ok djm@ markus@ dtucker@ | ||
620 | - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 | ||
621 | [scard.c] | ||
622 | need #include <string.h> | ||
623 | - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 | ||
624 | [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] | ||
625 | [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] | ||
626 | move #include <sys/time.h> out of includes.h | ||
627 | - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 | ||
628 | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] | ||
629 | [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] | ||
630 | [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] | ||
631 | [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] | ||
632 | [uidswap.c xmalloc.c] | ||
633 | move #include <sys/param.h> out of includes.h | ||
634 | - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 | ||
635 | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] | ||
636 | [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] | ||
637 | [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | ||
638 | [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] | ||
639 | [sshconnect1.c sshd.c xmalloc.c] | ||
640 | move #include <stdlib.h> out of includes.h | ||
641 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 | ||
642 | [ssh_config.5] | ||
643 | avoid confusing wording in HashKnownHosts: | ||
644 | originally spotted by alan amesbury; | ||
645 | ok deraadt | ||
646 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 | ||
647 | [ssh_config.5] | ||
648 | avoid confusing wording in HashKnownHosts: | ||
649 | originally spotted by alan amesbury; | ||
650 | ok deraadt | ||
651 | - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 | ||
652 | [sshconnect.c] | ||
653 | Allow fallback to known_hosts entries without port qualifiers for | ||
654 | non-standard ports too, so that all existing known_hosts entries will be | ||
655 | recognised. Requested by, feedback and ok markus@ | ||
656 | - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 | ||
657 | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] | ||
658 | [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] | ||
659 | [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] | ||
660 | [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] | ||
661 | [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] | ||
662 | [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] | ||
663 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] | ||
664 | [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] | ||
665 | [uuencode.h xmalloc.c] | ||
666 | move #include <stdio.h> out of includes.h | ||
667 | - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 | ||
668 | [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] | ||
669 | clean extra spaces | ||
670 | - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 | ||
671 | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] | ||
672 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] | ||
673 | [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] | ||
674 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] | ||
675 | [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] | ||
676 | [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] | ||
677 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | ||
678 | [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] | ||
679 | [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | ||
680 | [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] | ||
681 | [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] | ||
682 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] | ||
683 | [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] | ||
684 | [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] | ||
685 | [serverloop.c session.c session.h sftp-client.c sftp-common.c] | ||
686 | [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | ||
687 | [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] | ||
688 | [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] | ||
689 | [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] | ||
690 | [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] | ||
691 | [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] | ||
692 | almost entirely get rid of the culture of ".h files that include .h files" | ||
693 | ok djm, sort of ok stevesk | ||
694 | makes the pain stop in one easy step | ||
695 | NB. portable commit contains everything *except* removing includes.h, as | ||
696 | that will take a fair bit more work as we move headers that are required | ||
697 | for portability workarounds to defines.h. (also, this step wasn't "easy") | ||
698 | - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 | ||
699 | [monitor.c session.c ssh-agent.c] | ||
700 | spaces | ||
701 | - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c | ||
702 | - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] | ||
703 | remove last traces of bufaux.h - it was merged into buffer.h in the big | ||
704 | includes.h commit | ||
705 | - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec | ||
706 | - (djm) [openbsd-compat/regress/snprintftest.c] | ||
707 | [openbsd-compat/regress/strduptest.c] Add missing includes so they pass | ||
708 | compilation with "-Wall -Werror" | ||
709 | - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] | ||
710 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more | ||
711 | includes for Linux in | ||
712 | - (dtucker) [cleanup.c] Need defines.h for __dead. | ||
713 | - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. | ||
714 | - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of | ||
715 | #include stdarg.h, needed for log.h. | ||
716 | - (dtucker) [entropy.c] Needs unistd.h too. | ||
717 | - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. | ||
718 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. | ||
719 | - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, | ||
720 | otherwise it is implicitly declared as returning an int. | ||
721 | - (dtucker) OpenBSD CVS Sync | ||
722 | - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 | ||
723 | [auth2-none.c sshd.c monitor_wrap.c] | ||
724 | Add headers required to build with KERBEROS5=no. ok djm@ | ||
725 | - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 | ||
726 | [auth-skey.c] | ||
727 | Add headers required to build with -DSKEY. ok djm@ | ||
728 | - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 | ||
729 | [monitor_wrap.c auth-skey.c auth2-chall.c] | ||
730 | Zap unused variables in -DSKEY code. ok djm@ | ||
731 | - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 | ||
732 | [packet.c] | ||
733 | Typo in comment | ||
734 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile | ||
735 | on Cygwin. | ||
736 | - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. | ||
737 | - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. | ||
738 | - (dtucker) [audit.c audit.h] Repair headers. | ||
739 | - (dtucker) [audit-bsm.c] Add additional headers now required. | ||
740 | |||
741 | 20060804 | ||
742 | - (dtucker) [configure.ac] The "crippled AES" test does not work on recent | ||
743 | versions of Solaris, so use AC_LINK_IFELSE to actually link the test program | ||
744 | rather than just compiling it. Spotted by dlg@. | ||
745 | |||
746 | 20060802 | ||
747 | - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. | ||
748 | |||
749 | 20060725 | ||
750 | - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. | ||
751 | |||
752 | 20060724 | ||
753 | - (djm) OpenBSD CVS Sync | ||
754 | - jmc@cvs.openbsd.org 2006/07/12 13:39:55 | ||
755 | [sshd_config.5] | ||
756 | - new sentence, new line | ||
757 | - s/The the/The/ | ||
758 | - kill a bad comma | ||
759 | - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 | ||
760 | [auth-options.c canohost.c channels.c includes.h readconf.c] | ||
761 | [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] | ||
762 | move #include <netdb.h> out of includes.h; ok djm@ | ||
763 | - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 | ||
764 | [includes.h ssh.c ssh-rand-helper.c] | ||
765 | move #include <stddef.h> out of includes.h | ||
766 | - stevesk@cvs.openbsd.org 2006/07/14 01:15:28 | ||
767 | [monitor_wrap.h] | ||
768 | don't need incompletely-typed 'struct passwd' now with | ||
769 | #include <pwd.h>; ok markus@ | ||
770 | - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 | ||
771 | [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] | ||
772 | [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] | ||
773 | [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] | ||
774 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] | ||
775 | [sshconnect.c sshlogin.c sshpty.c uidswap.c] | ||
776 | move #include <unistd.h> out of includes.h | ||
777 | - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 | ||
778 | [auth-options.c] | ||
779 | Use '\0' rather than 0 to terminates strings; ok djm@ | ||
780 | - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 | ||
781 | [channels.c channels.h servconf.c sshd_config.5] | ||
782 | Add PermitOpen directive to sshd_config which is equivalent to the | ||
783 | "permitopen" key option. Allows server admin to allow TCP port | ||
784 | forwarding only two specific host/port pairs. Useful when combined | ||
785 | with Match. | ||
786 | If permitopen is used in both sshd_config and a key option, both | ||
787 | must allow a given connection before it will be permitted. | ||
788 | Note that users can still use external forwarders such as netcat, | ||
789 | so to be those must be controlled too for the limits to be effective. | ||
790 | Feedback & ok djm@, man page corrections & ok jmc@. | ||
791 | - jmc@cvs.openbsd.org 2006/07/18 07:50:40 | ||
792 | [sshd_config.5] | ||
793 | tweak; ok dtucker | ||
794 | - jmc@cvs.openbsd.org 2006/07/18 07:56:28 | ||
795 | [scp.1] | ||
796 | replace DIAGNOSTICS with .Ex; | ||
797 | - jmc@cvs.openbsd.org 2006/07/18 08:03:09 | ||
798 | [ssh-agent.1 sshd_config.5] | ||
799 | mark up angle brackets; | ||
800 | - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 | ||
801 | [sshd_config.5] | ||
802 | Clarify description of Match, with minor correction from jmc@ | ||
803 | - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 | ||
804 | [dh.c] | ||
805 | remove unneeded includes; ok djm@ | ||
806 | - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 | ||
807 | [servconf.c sshd_config.5] | ||
808 | Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to | ||
809 | Match. ok djm@ | ||
810 | - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 | ||
811 | [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] | ||
812 | Add ForceCommand keyword to sshd_config, equivalent to the "command=" | ||
813 | key option, man page entry and example in sshd_config. | ||
814 | Feedback & ok djm@, man page corrections & ok jmc@ | ||
815 | - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 | ||
816 | [auth1.c serverloop.c session.c sshconnect2.c] | ||
817 | missed some needed #include <unistd.h> when KERBEROS5=no; issue from | ||
818 | massimo@cedoc.mo.it | ||
819 | - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 | ||
820 | [channels.c channels.h servconf.c servconf.h sshd_config.5] | ||
821 | Make PermitOpen take a list of permitted ports and act more like most | ||
822 | other keywords (ie the first match is the effective setting). This | ||
823 | also makes it easier to override a previously set PermitOpen. ok djm@ | ||
824 | - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 | ||
825 | [channels.c] | ||
826 | more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ | ||
827 | - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 | ||
828 | [progressmeter.c] | ||
829 | ARGSUSED for signal handler | ||
830 | - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 | ||
831 | [includes.h moduli.c progressmeter.c scp.c sftp-common.c] | ||
832 | [sftp-server.c ssh-agent.c sshlogin.c] | ||
833 | move #include <time.h> out of includes.h | ||
834 | - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 | ||
835 | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] | ||
836 | [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] | ||
837 | [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] | ||
838 | [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] | ||
839 | [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] | ||
840 | [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] | ||
841 | [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] | ||
842 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] | ||
843 | [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] | ||
844 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] | ||
845 | [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | ||
846 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] | ||
847 | [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] | ||
848 | move #include <string.h> out of includes.h | ||
849 | - stevesk@cvs.openbsd.org 2006/07/23 01:11:05 | ||
850 | [auth.h dispatch.c kex.h sftp-client.c] | ||
851 | #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> | ||
852 | move | ||
853 | - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] | ||
854 | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] | ||
855 | [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] | ||
856 | [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] | ||
857 | [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] | ||
858 | [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] | ||
859 | [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] | ||
860 | [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] | ||
861 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | ||
862 | [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] | ||
863 | make the portable tree compile again - sprinkle unistd.h and string.h | ||
864 | back in. Don't redefine __unused, as it turned out to be used in | ||
865 | headers on Linux, and replace its use in auth-pam.c with ARGSUSED | ||
866 | - (djm) [openbsd-compat/glob.c] | ||
867 | Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles | ||
868 | on OpenBSD (or other platforms with a decent glob implementation) with | ||
869 | -Werror | ||
870 | - (djm) [uuencode.c] | ||
871 | Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on | ||
872 | some platforms | ||
873 | - (djm) [session.c] | ||
874 | fix compile error with -Werror -Wall: 'path' is only used in | ||
875 | do_setup_env() if HAVE_LOGIN_CAP is not defined | ||
876 | - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c] | ||
877 | [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c] | ||
878 | [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c] | ||
879 | [openbsd-compat/port-aix.c openbsd-compat/port-irix.c] | ||
880 | [openbsd-compat/rresvport.c] | ||
881 | These look to need string.h and/or unistd.h (based on a grep for function | ||
882 | names) | ||
883 | - (djm) [Makefile.in] | ||
884 | Remove generated openbsd-compat/regress/Makefile in distclean target | ||
885 | - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh] | ||
886 | [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] | ||
887 | Sync regress tests to -current; include dtucker@'s new cfgmatch and | ||
888 | forcecommand tests. Add cipher-speed.sh test (not linked in yet) | ||
889 | - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including | ||
890 | system headers before defines.h will cause conflicting definitions. | ||
891 | - (dtucker) [regress/forcecommand.sh] Portablize. | ||
892 | |||
893 | 20060713 | ||
894 | - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h | ||
895 | |||
896 | 20060712 | ||
897 | - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and | ||
898 | O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old | ||
899 | Linuxes and probably more. | ||
900 | - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h> | ||
901 | for SHUT_RD. | ||
902 | - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before | ||
903 | <netinet/ip.h>. | ||
904 | - (dtucker) OpenBSD CVS Sync | ||
905 | - stevesk@cvs.openbsd.org 2006/07/10 16:01:57 | ||
906 | [sftp-glob.c sftp-common.h sftp.c] | ||
907 | buffer.h only needed in sftp-common.h and remove some unneeded | ||
908 | user includes; ok djm@ | ||
909 | - jmc@cvs.openbsd.org 2006/07/10 16:04:21 | ||
910 | [sshd.8] | ||
911 | s/and and/and/ | ||
912 | - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 | ||
913 | [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c | ||
914 | auth.c packet.c log.c] | ||
915 | move #include <stdarg.h> out of includes.h; ok markus@ | ||
916 | - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 | ||
917 | [ssh.c] | ||
918 | Only copy the part of environment variable that we actually use. Prevents | ||
919 | ssh bailing when SendEnv is used and an environment variable with a really | ||
920 | long value exists. ok djm@ | ||
921 | - markus@cvs.openbsd.org 2006/07/11 18:50:48 | ||
922 | [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c | ||
923 | channels.h readconf.c] | ||
924 | add ExitOnForwardFailure: terminate the connection if ssh(1) | ||
925 | cannot set up all requested dynamic, local, and remote port | ||
926 | forwardings. ok djm, dtucker, stevesk, jmc | ||
927 | - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 | ||
928 | [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c | ||
929 | sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c | ||
930 | includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c | ||
931 | sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c | ||
932 | ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] | ||
933 | move #include <errno.h> out of includes.h; ok markus@ | ||
934 | - stevesk@cvs.openbsd.org 2006/07/11 20:16:43 | ||
935 | [ssh.c] | ||
936 | cast asterisk field precision argument to int to remove warning; | ||
937 | ok markus@ | ||
938 | - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 | ||
939 | [authfile.c ssh.c] | ||
940 | need <errno.h> here also (it's also included in <openssl/err.h>) | ||
941 | - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 | ||
942 | [sshd.c servconf.h servconf.c sshd_config.5 auth.c] | ||
943 | Add support for conditional directives to sshd_config via a "Match" | ||
944 | keyword, which works similarly to the "Host" directive in ssh_config. | ||
945 | Lines after a Match line override the default set in the main section | ||
946 | if the condition on the Match line is true, eg | ||
947 | AllowTcpForwarding yes | ||
948 | Match User anoncvs | ||
949 | AllowTcpForwarding no | ||
950 | will allow port forwarding by all users except "anoncvs". | ||
951 | Currently only a very small subset of directives are supported. | ||
952 | ok djm@ | ||
953 | - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c | ||
954 | openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c | ||
955 | openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>. | ||
956 | - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. | ||
957 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. | ||
958 | - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. | ||
959 | - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c | ||
960 | openbsd-compat/rresvport.c] More errno.h. | ||
961 | |||
962 | 20060711 | ||
963 | - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c | ||
964 | openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally | ||
965 | include paths.h. Fixes build error on Solaris. | ||
966 | - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably | ||
967 | others). | ||
968 | |||
969 | 20060710 | ||
970 | - (dtucker) [INSTALL] New autoconf version: 2.60. | ||
971 | - OpenBSD CVS Sync | ||
972 | - djm@cvs.openbsd.org 2006/06/14 10:50:42 | ||
973 | [sshconnect.c] | ||
974 | limit the number of pre-banner characters we will accept; ok markus@ | ||
975 | - djm@cvs.openbsd.org 2006/06/26 10:36:15 | ||
976 | [clientloop.c] | ||
977 | mention optional bind_address in runtime port forwarding setup | ||
978 | command-line help. patch from santhi.amirta AT gmail.com | ||
979 | - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 | ||
980 | [ssh.1 ssh.c ssh_config.5 sshd_config.5] | ||
981 | more details and clarity for tun(4) device forwarding; ok and help | ||
982 | jmc@ | ||
983 | - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 | ||
984 | [gss-serv-krb5.c gss-serv.c] | ||
985 | no "servconf.h" needed here | ||
986 | (gss-serv-krb5.c change not applied, portable needs the server options) | ||
987 | - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 | ||
988 | [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] | ||
989 | move #include <grp.h> out of includes.h | ||
990 | (portable needed uidswap.c too) | ||
991 | - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 | ||
992 | [clientloop.c ssh.1] | ||
993 | use -KR[bind_address:]port here; ok djm@ | ||
994 | - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 | ||
995 | [includes.h ssh.c sshconnect.c sshd.c] | ||
996 | move #include "version.h" out of includes.h; ok markus@ | ||
997 | - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 | ||
998 | [channels.c includes.h] | ||
999 | move #include <arpa/inet.h> out of includes.h; old ok djm@ | ||
1000 | (portable needed session.c too) | ||
1001 | - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 | ||
1002 | [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] | ||
1003 | [serverloop.c sshconnect.c uuencode.c] | ||
1004 | move #include <netinet/in.h> out of includes.h; ok deraadt@ | ||
1005 | (also ssh-rand-helper.c logintest.c loginrec.c) | ||
1006 | - djm@cvs.openbsd.org 2006/07/06 10:47:05 | ||
1007 | [servconf.c servconf.h session.c sshd_config.5] | ||
1008 | support arguments to Subsystem commands; ok markus@ | ||
1009 | - djm@cvs.openbsd.org 2006/07/06 10:47:57 | ||
1010 | [sftp-server.8 sftp-server.c] | ||
1011 | add commandline options to enable logging of transactions; ok markus@ | ||
1012 | - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 | ||
1013 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] | ||
1014 | [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] | ||
1015 | [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] | ||
1016 | [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] | ||
1017 | [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] | ||
1018 | [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] | ||
1019 | [uidswap.h] | ||
1020 | move #include <pwd.h> out of includes.h; ok markus@ | ||
1021 | - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 | ||
1022 | [ssh-keygen.c] | ||
1023 | move #include "dns.h" up | ||
1024 | - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 | ||
1025 | [monitor_wrap.h] | ||
1026 | typo in comment | ||
1027 | - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 | ||
1028 | [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] | ||
1029 | [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] | ||
1030 | [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] | ||
1031 | move #include <sys/socket.h> out of includes.h | ||
1032 | - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 | ||
1033 | [monitor.c session.c] | ||
1034 | missed these from last commit: | ||
1035 | move #include <sys/socket.h> out of includes.h | ||
1036 | - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 | ||
1037 | [log.c] | ||
1038 | move user includes after /usr/include files | ||
1039 | - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 | ||
1040 | [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] | ||
1041 | [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] | ||
1042 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | ||
1043 | [sshlogin.c sshpty.c] | ||
1044 | move #include <fcntl.h> out of includes.h | ||
1045 | - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 | ||
1046 | [ssh-add.c] | ||
1047 | use O_RDONLY vs. 0 in open(); no binary change | ||
1048 | - djm@cvs.openbsd.org 2006/07/10 11:24:54 | ||
1049 | [sftp-server.c] | ||
1050 | remove optind - it isn't used here | ||
1051 | - djm@cvs.openbsd.org 2006/07/10 11:25:53 | ||
1052 | [sftp-server.c] | ||
1053 | don't log variables that aren't yet set | ||
1054 | - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c] | ||
1055 | [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] | ||
1056 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | ||
1057 | [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h | ||
1058 | - OpenBSD CVS Sync | ||
1059 | - djm@cvs.openbsd.org 2006/07/10 12:03:20 | ||
1060 | [scp.c] | ||
1061 | duplicate argv at the start of main() because it gets modified later; | ||
1062 | pointed out by deraadt@ ok markus@ | ||
1063 | - djm@cvs.openbsd.org 2006/07/10 12:08:08 | ||
1064 | [channels.c] | ||
1065 | fix misparsing of SOCKS 5 packets that could result in a crash; | ||
1066 | reported by mk@ ok markus@ | ||
1067 | - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 | ||
1068 | [misc.c misc.h sshd.8 sshconnect.c] | ||
1069 | Add port identifier to known_hosts for non-default ports, based originally | ||
1070 | on a patch from Devin Nate in bz#910. | ||
1071 | For any connection using the default port or using a HostKeyAlias the | ||
1072 | format is unchanged, otherwise the host name or address is enclosed | ||
1073 | within square brackets in the same format as sshd's ListenAddress. | ||
1074 | Tested by many, ok markus@. | ||
1075 | - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h> | ||
1076 | for struct sockaddr on platforms that use the fake-rfc stuff. | ||
1077 | |||
1078 | 20060706 | ||
1079 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when | ||
1080 | compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so | ||
1081 | configure would not select the correct libpath linker flags. | ||
1082 | - (dtucker) [INSTALL] A bit more info on autoconf. | ||
1083 | |||
1084 | 20060705 | ||
1085 | - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the | ||
1086 | target already exists. | ||
1087 | |||
1088 | 20060630 | ||
1089 | - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf | ||
1090 | declaration too. Patch from russ at sludge.net. | ||
1091 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, | ||
1092 | prevents warnings on platforms where _res is in the system headers. | ||
1093 | - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which | ||
1094 | version. | ||
1095 | |||
1096 | 20060627 | ||
1097 | - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems | ||
1098 | with autoconf 2.60. Patch from vapier at gentoo.org. | ||
1099 | |||
1100 | 20060625 | ||
1101 | - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys | ||
1102 | only, otherwise sshd can hang exiting non-interactive sessions. | ||
1103 | |||
1104 | 20060624 | ||
1105 | - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. | ||
1106 | Works around limitation in Solaris' passwd program for changing passwords | ||
1107 | where the username is longer than 8 characters. ok djm@ | ||
1108 | - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug | ||
1109 | #1102 workaround. | ||
1110 | |||
1111 | 20060623 | ||
1112 | - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add | ||
1113 | tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch | ||
1114 | from reyk@, tested by anil@ | ||
1115 | - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX | ||
1116 | 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes | ||
1117 | on the pty slave as zero-length reads on the pty master, which sshd | ||
1118 | interprets as the descriptor closing. Since most things don't do zero | ||
1119 | length writes this rarely matters, but occasionally it happens, and when | ||
1120 | it does the SSH pty session appears to hang, so we add a special case for | ||
1121 | this condition. ok djm@ | ||
1122 | |||
1123 | 20060613 | ||
1124 | - (djm) [getput.h] This file has been replaced by functions in misc.c | ||
1125 | - OpenBSD CVS Sync | ||
1126 | - djm@cvs.openbsd.org 2006/05/08 10:49:48 | ||
1127 | [sshconnect2.c] | ||
1128 | uint32_t -> u_int32_t (which we use everywhere else) | ||
1129 | (Id sync only - portable already had this) | ||
1130 | - markus@cvs.openbsd.org 2006/05/16 09:00:00 | ||
1131 | [clientloop.c] | ||
1132 | missing free; from Kylene Hall | ||
1133 | - markus@cvs.openbsd.org 2006/05/17 12:43:34 | ||
1134 | [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] | ||
1135 | fix leak; coverity via Kylene Jo Hall | ||
1136 | - miod@cvs.openbsd.org 2006/05/18 21:27:25 | ||
1137 | [kexdhc.c kexgexc.c] | ||
1138 | paramter -> parameter | ||
1139 | - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 | ||
1140 | [ssh_config.5] | ||
1141 | Add gssapi-with-mic to PreferredAuthentications default list; ok jmc | ||
1142 | - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 | ||
1143 | [ssh_config] | ||
1144 | Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in | ||
1145 | sample ssh_config. ok markus@ | ||
1146 | - jmc@cvs.openbsd.org 2006/05/29 16:10:03 | ||
1147 | [ssh_config.5] | ||
1148 | oops - previous was too long; split the list of auths up | ||
1149 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 | ||
1150 | [ssh-add.c] | ||
1151 | Sync usage() with man page and reality. | ||
1152 | ok deraadt dtucker | ||
1153 | - jmc@cvs.openbsd.org 2006/05/29 16:13:23 | ||
1154 | [ssh.1] | ||
1155 | add GSSAPI to the list of authentication methods supported; | ||
1156 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 | ||
1157 | [ssh-add.c] | ||
1158 | Sync usage() with man page and reality. | ||
1159 | ok deraadt dtucker | ||
1160 | - markus@cvs.openbsd.org 2006/06/01 09:21:48 | ||
1161 | [sshd.c] | ||
1162 | call get_remote_ipaddr() early; fixes logging after client disconnects; | ||
1163 | report mpf@; ok dtucker@ | ||
1164 | - markus@cvs.openbsd.org 2006/06/06 10:20:20 | ||
1165 | [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] | ||
1166 | replace remaining setuid() calls with permanently_set_uid() and | ||
1167 | check seteuid() return values; report Marcus Meissner; ok dtucker djm | ||
1168 | - markus@cvs.openbsd.org 2006/06/08 14:45:49 | ||
1169 | [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] | ||
1170 | do not set the gid, noted by solar; ok djm | ||
1171 | - djm@cvs.openbsd.org 2006/06/13 01:18:36 | ||
1172 | [ssh-agent.c] | ||
1173 | always use a format string, even when printing a constant | ||
1174 | - djm@cvs.openbsd.org 2006/06/13 02:17:07 | ||
1175 | [ssh-agent.c] | ||
1176 | revert; i am on drugs. spotted by alexander AT beard.se | ||
1177 | |||
1178 | 20060521 | ||
1179 | - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor | ||
1180 | and slave, we can remove the special-case handling in the audit hook in | ||
1181 | auth_log. | ||
1182 | |||
1183 | 20060517 | ||
1184 | - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file | ||
1185 | pointer leak. From kjhall at us.ibm.com, found by coverity. | ||
1186 | |||
1187 | 20060515 | ||
1188 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of | ||
1189 | _res, prevents problems on some platforms that have _res as a global but | ||
1190 | don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by | ||
1191 | georg.schwarz at freenet.de, ok djm@. | ||
1192 | - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative | ||
1193 | default. Patch originally from tim@, ok djm | ||
1194 | - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and | ||
1195 | do not allow kbdint again after the PAM account check fails. ok djm@ | ||
1196 | |||
1197 | 20060506 | ||
1198 | - (dtucker) OpenBSD CVS Sync | ||
1199 | - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 | ||
1200 | [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] | ||
1201 | Prevent ssh from trying to open private keys with bad permissions more than | ||
1202 | once or prompting for their passphrases (which it subsequently ignores | ||
1203 | anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ | ||
1204 | - djm@cvs.openbsd.org 2006/05/04 14:55:23 | ||
1205 | [dh.c] | ||
1206 | tighter DH exponent checks here too; feedback and ok markus@ | ||
1207 | - djm@cvs.openbsd.org 2006/04/01 05:37:46 | ||
1208 | [OVERVIEW] | ||
1209 | $OpenBSD$ in here too | ||
1210 | - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 | ||
1211 | [auth-krb5.c] | ||
1212 | Add $OpenBSD$ in comment here too | ||
1213 | |||
1214 | 20060504 | ||
1215 | - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c | ||
1216 | session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c | ||
1217 | openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) | ||
1218 | in Portable-only code; since calloc zeros, remove now-redundant memsets. | ||
1219 | Also add a couple of sanity checks. With & ok djm@ | ||
1220 | |||
1221 | 20060503 | ||
1222 | - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h | ||
1223 | and double including it on IRIX 5.3 causes problems. From Georg Schwarz, | ||
1224 | "no objections" tim@ | ||
1225 | |||
1226 | 20060423 | ||
1227 | - (djm) OpenBSD CVS Sync | ||
1228 | - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 | ||
1229 | [scp.c] | ||
1230 | minimal lint cleanup (unused crud, and some size_t); ok djm | ||
1231 | - djm@cvs.openbsd.org 2006/04/01 05:50:29 | ||
1232 | [scp.c] | ||
1233 | xasprintification; ok deraadt@ | ||
1234 | - djm@cvs.openbsd.org 2006/04/01 05:51:34 | ||
1235 | [atomicio.c] | ||
1236 | ANSIfy; requested deraadt@ | ||
1237 | - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 | ||
1238 | [ssh-keysign.c] | ||
1239 | sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ | ||
1240 | - djm@cvs.openbsd.org 2006/04/03 07:10:38 | ||
1241 | [gss-genr.c] | ||
1242 | GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 | ||
1243 | by dleonard AT vintela.com. use xasprintf() to simplify code while in | ||
1244 | there; "looks right" deraadt@ | ||
1245 | - djm@cvs.openbsd.org 2006/04/16 00:48:52 | ||
1246 | [buffer.c buffer.h channels.c] | ||
1247 | Fix condition where we could exit with a fatal error when an input | ||
1248 | buffer became too large and the remote end had advertised a big window. | ||
1249 | The problem was a mismatch in the backoff math between the channels code | ||
1250 | and the buffer code, so make a buffer_check_alloc() function that the | ||
1251 | channels code can use to propsectivly check whether an incremental | ||
1252 | allocation will succeed. bz #1131, debugged with the assistance of | ||
1253 | cove AT wildpackets.com; ok dtucker@ deraadt@ | ||
1254 | - djm@cvs.openbsd.org 2006/04/16 00:52:55 | ||
1255 | [atomicio.c atomicio.h] | ||
1256 | introduce atomiciov() function that wraps readv/writev to retry | ||
1257 | interrupted transfers like atomicio() does for read/write; | ||
1258 | feedback deraadt@ dtucker@ stevesk@ ok deraadt@ | ||
1259 | - djm@cvs.openbsd.org 2006/04/16 00:54:10 | ||
1260 | [sftp-client.c] | ||
1261 | avoid making a tiny 4-byte write to send the packet length of sftp | ||
1262 | commands, which would result in a separate tiny packet on the wire by | ||
1263 | using atomiciov(writev, ...) to write the length and the command in one | ||
1264 | pass; ok deraadt@ | ||
1265 | - djm@cvs.openbsd.org 2006/04/16 07:59:00 | ||
1266 | [atomicio.c] | ||
1267 | reorder sanity test so that it cannot dereference past the end of the | ||
1268 | iov array; well spotted canacar@! | ||
1269 | - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 | ||
1270 | [bufaux.c bufbn.c Makefile.in] | ||
1271 | Move Buffer bignum functions into their own file, bufbn.c. This means | ||
1272 | that sftp and sftp-server (which use the Buffer functions in bufaux.c | ||
1273 | but not the bignum ones) no longer need to be linked with libcrypto. | ||
1274 | ok markus@ | ||
1275 | - djm@cvs.openbsd.org 2006/04/20 09:27:09 | ||
1276 | [auth.h clientloop.c dispatch.c dispatch.h kex.h] | ||
1277 | replace the last non-sig_atomic_t flag used in a signal handler with a | ||
1278 | sig_atomic_t, unfortunately with some knock-on effects in other (non- | ||
1279 | signal) contexts in which it is used; ok markus@ | ||
1280 | - markus@cvs.openbsd.org 2006/04/20 09:47:59 | ||
1281 | [sshconnect.c] | ||
1282 | simplify; ok djm@ | ||
1283 | - djm@cvs.openbsd.org 2006/04/20 21:53:44 | ||
1284 | [includes.h session.c sftp.c] | ||
1285 | Switch from using pipes to socketpairs for communication between | ||
1286 | sftp/scp and ssh, and between sshd and its subprocesses. This saves | ||
1287 | a file descriptor per session and apparently makes userland ppp over | ||
1288 | ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this | ||
1289 | decision on a per-platform basis) | ||
1290 | - djm@cvs.openbsd.org 2006/04/22 04:06:51 | ||
1291 | [uidswap.c] | ||
1292 | use setres[ug]id() to permanently revoke privileges; ok deraadt@ | ||
1293 | (ID Sync only - portable already uses setres[ug]id() whenever possible) | ||
1294 | - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 | ||
1295 | [crc32.c] | ||
1296 | remove extra spaces | ||
1297 | - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get | ||
1298 | sig_atomic_t | ||
1299 | |||
1300 | 20060421 | ||
1301 | - (djm) [Makefile.in configure.ac session.c sshpty.c] | ||
1302 | [contrib/redhat/sshd.init openbsd-compat/Makefile.in] | ||
1303 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] | ||
1304 | [openbsd-compat/port-linux.h] Add support for SELinux, setting | ||
1305 | the execution and TTY contexts. based on patch from Daniel Walsh, | ||
1306 | bz #880; ok dtucker@ | ||
1307 | |||
1308 | 20060418 | ||
1309 | - (djm) [canohost.c] Reorder IP options check so that it isn't broken | ||
1310 | by mapped addresses; bz #1179 reported by markw wtech-llc.com; | ||
1311 | ok dtucker@ | ||
1312 | |||
1313 | 20060331 | ||
1314 | - OpenBSD CVS Sync | ||
1315 | - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 | ||
1316 | [xmalloc.c] | ||
1317 | we can do the size & nmemb check before the integer overflow check; | ||
1318 | evol | ||
1319 | - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 | ||
1320 | [dh.c] | ||
1321 | use strtonum() instead of atoi(), limit dhg size to 64k; ok djm | ||
1322 | - djm@cvs.openbsd.org 2006/03/27 23:15:46 | ||
1323 | [sftp.c] | ||
1324 | always use a format string for addargs; spotted by mouring@ | ||
1325 | - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 | ||
1326 | [README.tun ssh.c] | ||
1327 | spacing | ||
1328 | - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 | ||
1329 | [channels.c] | ||
1330 | do not accept unreasonable X ports numbers; ok djm | ||
1331 | - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 | ||
1332 | [ssh-agent.c] | ||
1333 | use strtonum() to parse the pid from the file, and range check it | ||
1334 | better; ok djm | ||
1335 | - djm@cvs.openbsd.org 2006/03/30 09:41:25 | ||
1336 | [channels.c] | ||
1337 | ARGSUSED for dispatch table-driven functions | ||
1338 | - djm@cvs.openbsd.org 2006/03/30 09:58:16 | ||
1339 | [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] | ||
1340 | [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] | ||
1341 | replace {GET,PUT}_XXBIT macros with functionally similar functions, | ||
1342 | silencing a heap of lint warnings. also allows them to use | ||
1343 | __bounded__ checking which can't be applied to macros; requested | ||
1344 | by and feedback from deraadt@ | ||
1345 | - djm@cvs.openbsd.org 2006/03/30 10:41:25 | ||
1346 | [ssh.c ssh_config.5] | ||
1347 | add percent escape chars to the IdentityFile option, bz #1159 based | ||
1348 | on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ | ||
1349 | - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 | ||
1350 | [ssh-keygen.c] | ||
1351 | Correctly handle truncated files while converting keys; ok djm@ | ||
1352 | - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 | ||
1353 | [auth.c monitor.c] | ||
1354 | Prevent duplicate log messages when privsep=yes; ok djm@ | ||
1355 | - jmc@cvs.openbsd.org 2006/03/31 09:09:30 | ||
1356 | [ssh_config.5] | ||
1357 | kill trailing whitespace; | ||
1358 | - djm@cvs.openbsd.org 2006/03/31 09:13:56 | ||
1359 | [ssh_config.5] | ||
1360 | remote user escape is %r not %h; spotted by jmc@ | ||
1361 | |||
1362 | 20060326 | ||
1363 | - OpenBSD CVS Sync | ||
1364 | - jakob@cvs.openbsd.org 2006/03/15 08:46:44 | ||
1365 | [ssh-keygen.c] | ||
1366 | if no key file are given when printing the DNS host record, use the | ||
1367 | host key file(s) as default. ok djm@ | ||
1368 | - biorn@cvs.openbsd.org 2006/03/16 10:31:45 | ||
1369 | [scp.c] | ||
1370 | Try to display errormessage even if remout == -1 | ||
1371 | ok djm@, markus@ | ||
1372 | - djm@cvs.openbsd.org 2006/03/17 22:31:50 | ||
1373 | [authfd.c] | ||
1374 | another unreachable found by lint | ||
1375 | - djm@cvs.openbsd.org 2006/03/17 22:31:11 | ||
1376 | [authfd.c] | ||
1377 | unreachanble statement, found by lint | ||
1378 | - djm@cvs.openbsd.org 2006/03/19 02:22:32 | ||
1379 | [serverloop.c] | ||
1380 | memory leaks detected by Coverity via elad AT netbsd.org; | ||
1381 | ok deraadt@ dtucker@ | ||
1382 | - djm@cvs.openbsd.org 2006/03/19 02:22:56 | ||
1383 | [sftp.c] | ||
1384 | more memory leaks detected by Coverity via elad AT netbsd.org; | ||
1385 | deraadt@ ok | ||
1386 | - djm@cvs.openbsd.org 2006/03/19 02:23:26 | ||
1387 | [hostfile.c] | ||
1388 | FILE* leak detected by Coverity via elad AT netbsd.org; | ||
1389 | ok deraadt@ | ||
1390 | - djm@cvs.openbsd.org 2006/03/19 02:24:05 | ||
1391 | [dh.c readconf.c servconf.c] | ||
1392 | potential NULL pointer dereferences detected by Coverity | ||
1393 | via elad AT netbsd.org; ok deraadt@ | ||
1394 | - djm@cvs.openbsd.org 2006/03/19 07:41:30 | ||
1395 | [sshconnect2.c] | ||
1396 | memory leaks detected by Coverity via elad AT netbsd.org; | ||
1397 | deraadt@ ok | ||
1398 | - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 | ||
1399 | [servconf.c] | ||
1400 | Correct strdelim null test; ok djm@ | ||
1401 | - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 | ||
1402 | [auth1.c authfd.c channels.c] | ||
1403 | spacing | ||
1404 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 | ||
1405 | [kex.c kex.h monitor.c myproposal.h session.c] | ||
1406 | spacing | ||
1407 | - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 | ||
1408 | [clientloop.c progressmeter.c serverloop.c sshd.c] | ||
1409 | ARGSUSED for signal handlers | ||
1410 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 | ||
1411 | [ssh-keyscan.c] | ||
1412 | please lint | ||
1413 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 | ||
1414 | [ssh.c] | ||
1415 | spacing | ||
1416 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:09 | ||
1417 | [authfile.c] | ||
1418 | whoever thought that break after return was a good idea needs to | ||
1419 | get their head examimed | ||
1420 | - djm@cvs.openbsd.org 2006/03/20 04:09:44 | ||
1421 | [monitor.c] | ||
1422 | memory leaks detected by Coverity via elad AT netbsd.org; | ||
1423 | deraadt@ ok | ||
1424 | that should be all of them now | ||
1425 | - djm@cvs.openbsd.org 2006/03/20 11:38:46 | ||
1426 | [key.c] | ||
1427 | (really) last of the Coverity diffs: avoid possible NULL deref in | ||
1428 | key_free. via elad AT netbsd.org; markus@ ok | ||
1429 | - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 | ||
1430 | [auth.c key.c misc.c packet.c ssh-add.c] | ||
1431 | in a switch (), break after return or goto is stupid | ||
1432 | - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 | ||
1433 | [key.c] | ||
1434 | djm did a typo | ||
1435 | - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 | ||
1436 | [ssh-rsa.c] | ||
1437 | in a switch (), break after return or goto is stupid | ||
1438 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 | ||
1439 | [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] | ||
1440 | [ssh.c sshpty.c sshpty.h] | ||
1441 | sprinkle u_int throughout pty subsystem, ok markus | ||
1442 | - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 | ||
1443 | [auth1.c auth2.c sshd.c] | ||
1444 | sprinkle some ARGSUSED for table driven functions (which sometimes | ||
1445 | must ignore their args) | ||
1446 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 | ||
1447 | [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] | ||
1448 | [ssh-rsa.c ssh.c sshlogin.c] | ||
1449 | annoying spacing fixes getting in the way of real diffs | ||
1450 | - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 | ||
1451 | [monitor.c] | ||
1452 | spacing | ||
1453 | - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 | ||
1454 | [channels.c] | ||
1455 | x11_fake_data is only ever used as u_char * | ||
1456 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 | ||
1457 | [dns.c] | ||
1458 | cast xstrdup to propert u_char * | ||
1459 | - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 | ||
1460 | [canohost.c match.c ssh.c sshconnect.c] | ||
1461 | be strict with tolower() casting | ||
1462 | - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 | ||
1463 | [channels.c fatal.c kex.c packet.c serverloop.c] | ||
1464 | spacing | ||
1465 | - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 | ||
1466 | [ttymodes.c] | ||
1467 | spacing | ||
1468 | - djm@cvs.openbsd.org 2006/03/25 00:05:41 | ||
1469 | [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] | ||
1470 | [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] | ||
1471 | [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] | ||
1472 | [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] | ||
1473 | [xmalloc.c xmalloc.h] | ||
1474 | introduce xcalloc() and xasprintf() failure-checked allocations | ||
1475 | functions and use them throughout openssh | ||
1476 | |||
1477 | xcalloc is particularly important because malloc(nmemb * size) is a | ||
1478 | dangerous idiom (subject to integer overflow) and it is time for it | ||
1479 | to die | ||
1480 | |||
1481 | feedback and ok deraadt@ | ||
1482 | - djm@cvs.openbsd.org 2006/03/25 01:13:23 | ||
1483 | [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] | ||
1484 | [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] | ||
1485 | [uidswap.c] | ||
1486 | change OpenSSH's xrealloc() function from being xrealloc(p, new_size) | ||
1487 | to xrealloc(p, new_nmemb, new_itemsize). | ||
1488 | |||
1489 | realloc is particularly prone to integer overflows because it is | ||
1490 | almost always allocating "n * size" bytes, so this is a far safer | ||
1491 | API; ok deraadt@ | ||
1492 | - djm@cvs.openbsd.org 2006/03/25 01:30:23 | ||
1493 | [sftp.c] | ||
1494 | "abormally" is a perfectly cromulent word, but "abnormally" is better | ||
1495 | - djm@cvs.openbsd.org 2006/03/25 13:17:03 | ||
1496 | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] | ||
1497 | [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] | ||
1498 | [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] | ||
1499 | [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] | ||
1500 | [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] | ||
1501 | [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] | ||
1502 | [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] | ||
1503 | [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] | ||
1504 | [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] | ||
1505 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] | ||
1506 | [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] | ||
1507 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] | ||
1508 | [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | ||
1509 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | ||
1510 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | ||
1511 | [uidswap.c uuencode.c xmalloc.c] | ||
1512 | Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that | ||
1513 | Theo nuked - our scripts to sync -portable need them in the files | ||
1514 | - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 | ||
1515 | [auth-rsa.c authfd.c packet.c] | ||
1516 | needed casts (always will be needed) | ||
1517 | - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 | ||
1518 | [clientloop.c serverloop.c] | ||
1519 | spacing | ||
1520 | - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 | ||
1521 | [sshlogin.c sshlogin.h] | ||
1522 | nicer size_t and time_t types | ||
1523 | - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 | ||
1524 | [ssh-keygen.c] | ||
1525 | cast strtonum() result to right type | ||
1526 | - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 | ||
1527 | [ssh-agent.c] | ||
1528 | mark two more signal handlers ARGSUSED | ||
1529 | - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 | ||
1530 | [channels.c] | ||
1531 | use strtonum() instead of atoi() [limit X screens to 400, sorry] | ||
1532 | - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 | ||
1533 | [bufaux.c channels.c packet.c] | ||
1534 | remove (char *) casts to a function that accepts void * for the arg | ||
1535 | - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 | ||
1536 | [channels.c] | ||
1537 | delete cast not required | ||
1538 | - djm@cvs.openbsd.org 2006/03/25 22:22:43 | ||
1539 | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] | ||
1540 | [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] | ||
1541 | [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] | ||
1542 | [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] | ||
1543 | [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] | ||
1544 | [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] | ||
1545 | [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] | ||
1546 | [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] | ||
1547 | [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] | ||
1548 | [ttymodes.h uidswap.h uuencode.h xmalloc.h] | ||
1549 | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | ||
1550 | - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 | ||
1551 | [uuencode.c] | ||
1552 | typo | ||
1553 | |||
1554 | 20060325 | ||
1555 | - OpenBSD CVS Sync | ||
1556 | - djm@cvs.openbsd.org 2006/03/16 04:24:42 | ||
1557 | [ssh.1] | ||
1558 | Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs | ||
1559 | that OpenSSH supports | ||
1560 | - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 | ||
1561 | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] | ||
1562 | [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] | ||
1563 | [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] | ||
1564 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] | ||
1565 | [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] | ||
1566 | [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] | ||
1567 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | ||
1568 | [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] | ||
1569 | [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] | ||
1570 | [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] | ||
1571 | [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] | ||
1572 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] | ||
1573 | [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] | ||
1574 | [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] | ||
1575 | [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] | ||
1576 | [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] | ||
1577 | [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | ||
1578 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | ||
1579 | [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] | ||
1580 | [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] | ||
1581 | [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] | ||
1582 | [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] | ||
1583 | [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] | ||
1584 | RCSID() can die | ||
1585 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 | ||
1586 | [kex.h myproposal.h] | ||
1587 | spacing | ||
1588 | - djm@cvs.openbsd.org 2006/03/20 04:07:22 | ||
1589 | [auth2-gss.c] | ||
1590 | GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | ||
1591 | reviewed by simon AT sxw.org.uk; deraadt@ ok | ||
1592 | - djm@cvs.openbsd.org 2006/03/20 04:07:49 | ||
1593 | [gss-genr.c] | ||
1594 | more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | ||
1595 | reviewed by simon AT sxw.org.uk; deraadt@ ok | ||
1596 | - djm@cvs.openbsd.org 2006/03/20 04:08:18 | ||
1597 | [gss-serv.c] | ||
1598 | last lot of GSSAPI related leaks detected by Coverity via | ||
1599 | elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok | ||
1600 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 | ||
1601 | [monitor_wrap.h sshpty.h] | ||
1602 | sprinkle u_int throughout pty subsystem, ok markus | ||
1603 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 | ||
1604 | [session.h] | ||
1605 | annoying spacing fixes getting in the way of real diffs | ||
1606 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 | ||
1607 | [dns.c] | ||
1608 | cast xstrdup to propert u_char * | ||
1609 | - jakob@cvs.openbsd.org 2006/03/22 21:16:24 | ||
1610 | [ssh.1] | ||
1611 | simplify SSHFP example; ok jmc@ | ||
1612 | - djm@cvs.openbsd.org 2006/03/22 21:27:15 | ||
1613 | [deattack.c deattack.h] | ||
1614 | remove IV support from the CRC attack detector, OpenSSH has never used | ||
1615 | it - it only applied to IDEA-CFB, which we don't support. | ||
1616 | prompted by NetBSD Coverity report via elad AT netbsd.org; | ||
1617 | feedback markus@ "nuke it" deraadt@ | ||
1618 | |||
1619 | 20060318 | ||
1620 | - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via | ||
1621 | elad AT NetBSD.org | ||
1622 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take | ||
1623 | a LLONG rather than a long. Fixes scp'ing of large files on platforms | ||
1624 | with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. | ||
1625 | |||
1626 | 20060316 | ||
1627 | - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. | ||
1628 | - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in | ||
1629 | /usr/include/crypto. Hint from djm@. | ||
1630 | - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] | ||
1631 | Disable sha256 when openssl < 0.9.7. Patch from djm@. | ||
1632 | - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old | ||
1633 | OpenSSL; ok tim | ||
1634 | |||
1635 | 20060315 | ||
1636 | - (djm) OpenBSD CVS Sync: | ||
1637 | - msf@cvs.openbsd.org 2006/02/06 15:54:07 | ||
1638 | [ssh.1] | ||
1639 | - typo fix | ||
1640 | ok jmc@ | ||
1641 | - jmc@cvs.openbsd.org 2006/02/06 21:44:47 | ||
1642 | [ssh.1] | ||
1643 | make this a little less ambiguous... | ||
1644 | - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 | ||
1645 | [auth-rhosts.c includes.h] | ||
1646 | move #include <netgroup.h> out of includes.h; ok markus@ | ||
1647 | - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 | ||
1648 | [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] | ||
1649 | move #include <sys/queue.h> out of includes.h; ok markus@ | ||
1650 | - stevesk@cvs.openbsd.org 2006/02/07 01:42:00 | ||
1651 | [channels.c clientloop.c clientloop.h includes.h packet.h] | ||
1652 | [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] | ||
1653 | move #include <termios.h> out of includes.h; ok markus@ | ||
1654 | - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 | ||
1655 | [sshtty.c] | ||
1656 | "log.h" not needed | ||
1657 | - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 | ||
1658 | [hostfile.c] | ||
1659 | "packet.h" not needed | ||
1660 | - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 | ||
1661 | [deattack.c] | ||
1662 | duplicate #include | ||
1663 | - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 | ||
1664 | [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] | ||
1665 | [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] | ||
1666 | [sshd.c sshpty.c] | ||
1667 | move #include <paths.h> out of includes.h; ok markus@ | ||
1668 | - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 | ||
1669 | [includes.h misc.c] | ||
1670 | move #include <netinet/tcp.h> out of includes.h; ok markus@ | ||
1671 | - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 | ||
1672 | [gss-serv.c monitor.c] | ||
1673 | small KNF | ||
1674 | - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 | ||
1675 | [sshconnect.c] | ||
1676 | <openssl/bn.h> not needed | ||
1677 | - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 | ||
1678 | [includes.h ssh-agent.c ssh-keyscan.c ssh.c] | ||
1679 | move #include <sys/resource.h> out of includes.h; ok markus@ | ||
1680 | - stevesk@cvs.openbsd.org 2006/02/08 14:38:18 | ||
1681 | [includes.h packet.c] | ||
1682 | move #include <netinet/in_systm.h> and <netinet/ip.h> out of | ||
1683 | includes.h; ok markus@ | ||
1684 | - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 | ||
1685 | [includes.h scp.c sftp-glob.c sftp-server.c] | ||
1686 | move #include <dirent.h> out of includes.h; ok markus@ | ||
1687 | - stevesk@cvs.openbsd.org 2006/02/09 00:32:07 | ||
1688 | [includes.h] | ||
1689 | #include <sys/endian.h> not needed; ok djm@ | ||
1690 | NB. ID Sync only - we still need this (but it may move later) | ||
1691 | - jmc@cvs.openbsd.org 2006/02/09 10:10:47 | ||
1692 | [sshd.8] | ||
1693 | - move some text into a CAVEATS section | ||
1694 | - merge the COMMAND EXECUTION... section into AUTHENTICATION | ||
1695 | - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 | ||
1696 | [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] | ||
1697 | [ssh.c sshd.c sshpty.c] | ||
1698 | move #include <sys/ioctl.h> out of includes.h; ok markus@ | ||
1699 | - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 | ||
1700 | [includes.h monitor.c readpass.c scp.c serverloop.c session.c] | ||
1701 | [sftp.c sshconnect.c sshconnect2.c sshd.c] | ||
1702 | move #include <sys/wait.h> out of includes.h; ok markus@ | ||
1703 | - otto@cvs.openbsd.org 2006/02/11 19:31:18 | ||
1704 | [atomicio.c] | ||
1705 | type correctness; from Ray Lai in PR 5011; ok millert@ | ||
1706 | - djm@cvs.openbsd.org 2006/02/12 06:45:34 | ||
1707 | [ssh.c ssh_config.5] | ||
1708 | add a %l expansion code to the ControlPath, which is filled in with the | ||
1709 | local hostname at runtime. Requested by henning@ to avoid some problems | ||
1710 | with /home on NFS; ok dtucker@ | ||
1711 | - djm@cvs.openbsd.org 2006/02/12 10:44:18 | ||
1712 | [readconf.c] | ||
1713 | raise error when the user specifies a RekeyLimit that is smaller than 16 | ||
1714 | (the smallest of our cipher's blocksize) or big enough to cause integer | ||
1715 | wraparound; ok & feedback dtucker@ | ||
1716 | - jmc@cvs.openbsd.org 2006/02/12 10:49:44 | ||
1717 | [ssh_config.5] | ||
1718 | slight rewording; ok djm | ||
1719 | - jmc@cvs.openbsd.org 2006/02/12 10:52:41 | ||
1720 | [sshd.8] | ||
1721 | rework the description of authorized_keys a little; | ||
1722 | - jmc@cvs.openbsd.org 2006/02/12 17:57:19 | ||
1723 | [sshd.8] | ||
1724 | sort the list of options permissable w/ authorized_keys; | ||
1725 | ok djm dtucker | ||
1726 | - jmc@cvs.openbsd.org 2006/02/13 10:16:39 | ||
1727 | [sshd.8] | ||
1728 | no need to subsection the authorized_keys examples - instead, convert | ||
1729 | this to look like an actual file. also use proto 2 keys, and use IETF | ||
1730 | example addresses; | ||
1731 | - jmc@cvs.openbsd.org 2006/02/13 10:21:25 | ||
1732 | [sshd.8] | ||
1733 | small tweaks for the ssh_known_hosts section; | ||
1734 | - jmc@cvs.openbsd.org 2006/02/13 11:02:26 | ||
1735 | [sshd.8] | ||
1736 | turn this into an example ssh_known_hosts file; ok djm | ||
1737 | - jmc@cvs.openbsd.org 2006/02/13 11:08:43 | ||
1738 | [sshd.8] | ||
1739 | - avoid nasty line split | ||
1740 | - `*' does not need to be escaped | ||
1741 | - jmc@cvs.openbsd.org 2006/02/13 11:27:25 | ||
1742 | [sshd.8] | ||
1743 | sort FILES and use a -compact list; | ||
1744 | - david@cvs.openbsd.org 2006/02/15 05:08:24 | ||
1745 | [sftp-client.c] | ||
1746 | typo in comment; ok djm@ | ||
1747 | - jmc@cvs.openbsd.org 2006/02/15 16:53:20 | ||
1748 | [ssh.1] | ||
1749 | remove the IETF draft references and replace them with some updated RFCs; | ||
1750 | - jmc@cvs.openbsd.org 2006/02/15 16:55:33 | ||
1751 | [sshd.8] | ||
1752 | remove ietf draft references; RFC list now maintained in ssh.1; | ||
1753 | - jmc@cvs.openbsd.org 2006/02/16 09:05:34 | ||
1754 | [sshd.8] | ||
1755 | sync some of the FILES entries w/ ssh.1; | ||
1756 | - jmc@cvs.openbsd.org 2006/02/19 19:52:10 | ||
1757 | [sshd.8] | ||
1758 | move the sshrc stuff out of FILES, and into its own section: | ||
1759 | FILES is not a good place to document how stuff works; | ||
1760 | - jmc@cvs.openbsd.org 2006/02/19 20:02:17 | ||
1761 | [sshd.8] | ||
1762 | sync the (s)hosts.equiv FILES entries w/ those from ssh.1; | ||
1763 | - jmc@cvs.openbsd.org 2006/02/19 20:05:00 | ||
1764 | [sshd.8] | ||
1765 | grammar; | ||
1766 | - jmc@cvs.openbsd.org 2006/02/19 20:12:25 | ||
1767 | [ssh_config.5] | ||
1768 | add some vertical space; | ||
1769 | - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 | ||
1770 | [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] | ||
1771 | move #include <sys/un.h> out of includes.h; ok djm@ | ||
1772 | - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 | ||
1773 | [clientloop.c includes.h monitor.c progressmeter.c scp.c] | ||
1774 | [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] | ||
1775 | move #include <signal.h> out of includes.h; ok markus@ | ||
1776 | - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 | ||
1777 | [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] | ||
1778 | [authfile.c clientloop.c includes.h readconf.c scp.c session.c] | ||
1779 | [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] | ||
1780 | [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] | ||
1781 | [sshconnect2.c sshd.c sshpty.c] | ||
1782 | move #include <sys/stat.h> out of includes.h; ok markus@ | ||
1783 | - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 | ||
1784 | [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] | ||
1785 | [sshconnect.c] | ||
1786 | move #include <ctype.h> out of includes.h; ok djm@ | ||
1787 | - jmc@cvs.openbsd.org 2006/02/24 10:25:14 | ||
1788 | [ssh_config.5] | ||
1789 | add section on patterns; | ||
1790 | from dtucker + myself | ||
1791 | - jmc@cvs.openbsd.org 2006/02/24 10:33:54 | ||
1792 | [sshd_config.5] | ||
1793 | signpost to PATTERNS; | ||
1794 | - jmc@cvs.openbsd.org 2006/02/24 10:37:07 | ||
1795 | [ssh_config.5] | ||
1796 | tidy up the refs to PATTERNS; | ||
1797 | - jmc@cvs.openbsd.org 2006/02/24 10:39:52 | ||
1798 | [sshd.8] | ||
1799 | signpost to PATTERNS section; | ||
1800 | - jmc@cvs.openbsd.org 2006/02/24 20:22:16 | ||
1801 | [ssh-keysign.8 ssh_config.5 sshd_config.5] | ||
1802 | some consistency fixes; | ||
1803 | - jmc@cvs.openbsd.org 2006/02/24 20:31:31 | ||
1804 | [ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
1805 | more consistency fixes; | ||
1806 | - jmc@cvs.openbsd.org 2006/02/24 23:20:07 | ||
1807 | [ssh_config.5] | ||
1808 | some grammar/wording fixes; | ||
1809 | - jmc@cvs.openbsd.org 2006/02/24 23:43:57 | ||
1810 | [sshd_config.5] | ||
1811 | some grammar/wording fixes; | ||
1812 | - jmc@cvs.openbsd.org 2006/02/24 23:51:17 | ||
1813 | [sshd_config.5] | ||
1814 | oops - bits i missed; | ||
1815 | - jmc@cvs.openbsd.org 2006/02/25 12:26:17 | ||
1816 | [ssh_config.5] | ||
1817 | document the possible values for KbdInteractiveDevices; | ||
1818 | help/ok dtucker | ||
1819 | - jmc@cvs.openbsd.org 2006/02/25 12:28:34 | ||
1820 | [sshd_config.5] | ||
1821 | document the order in which allow/deny directives are processed; | ||
1822 | help/ok dtucker | ||
1823 | - jmc@cvs.openbsd.org 2006/02/26 17:17:18 | ||
1824 | [ssh_config.5] | ||
1825 | move PATTERNS to the end of the main body; requested by dtucker | ||
1826 | - jmc@cvs.openbsd.org 2006/02/26 18:01:13 | ||
1827 | [sshd_config.5] | ||
1828 | subsection is pointless here; | ||
1829 | - jmc@cvs.openbsd.org 2006/02/26 18:03:10 | ||
1830 | [ssh_config.5] | ||
1831 | comma; | ||
1832 | - djm@cvs.openbsd.org 2006/02/28 01:10:21 | ||
1833 | [session.c] | ||
1834 | fix logout recording when privilege separation is disabled, analysis and | ||
1835 | patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ | ||
1836 | NB. ID sync only - patch already in portable | ||
1837 | - djm@cvs.openbsd.org 2006/03/04 04:12:58 | ||
1838 | [serverloop.c] | ||
1839 | move a debug() outside of a signal handler; ok markus@ a little while back | ||
1840 | - djm@cvs.openbsd.org 2006/03/12 04:23:07 | ||
1841 | [ssh.c] | ||
1842 | knf nit | ||
1843 | - djm@cvs.openbsd.org 2006/03/13 08:16:00 | ||
1844 | [sshd.c] | ||
1845 | don't log that we are listening on a socket before the listen() call | ||
1846 | actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ | ||
1847 | - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 | ||
1848 | [packet.c] | ||
1849 | Set TCP_NODELAY for all connections not just "interactive" ones. Fixes | ||
1850 | poor performance and protocol stalls under some network conditions (mindrot | ||
1851 | bugs #556 and #981). Patch originally from markus@, ok djm@ | ||
1852 | - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 | ||
1853 | [ssh-keygen.c] | ||
1854 | Make ssh-keygen handle CR and CRLF line termination when converting IETF | ||
1855 | format keys, in adition to vanilla LF. mindrot #1157, tested by Chris | ||
1856 | Pepper, ok djm@ | ||
1857 | - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 | ||
1858 | [misc.c ssh_config.5 sshd_config.5] | ||
1859 | Allow config directives to contain whitespace by surrounding them by double | ||
1860 | quotes. mindrot #482, man page help from jmc@, ok djm@ | ||
1861 | - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 | ||
1862 | [authfile.c authfile.h ssh-add.c] | ||
1863 | Make ssh-add check file permissions before attempting to load private | ||
1864 | key files multiple times; it will fail anyway and this prevents confusing | ||
1865 | multiple prompts and warnings. mindrot #1138, ok djm@ | ||
1866 | - djm@cvs.openbsd.org 2006/03/14 00:15:39 | ||
1867 | [canohost.c] | ||
1868 | log the originating address and not just the name when a reverse | ||
1869 | mapping check fails, requested by linux AT linuon.com | ||
1870 | - markus@cvs.openbsd.org 2006/03/14 16:32:48 | ||
1871 | [ssh_config.5 sshd_config.5] | ||
1872 | *AliveCountMax applies to protcol v2 only; ok dtucker, djm | ||
1873 | - djm@cvs.openbsd.org 2006/03/07 09:07:40 | ||
1874 | [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] | ||
1875 | Implement the diffie-hellman-group-exchange-sha256 key exchange method | ||
1876 | using the SHA256 code in libc (and wrapper to make it into an OpenSSL | ||
1877 | EVP), interop tested against CVS PuTTY | ||
1878 | NB. no portability bits committed yet | ||
1879 | - (djm) [configure.ac defines.h kex.c md-sha256.c] | ||
1880 | [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] | ||
1881 | [openbsd-compat/sha2.c] First stab at portability glue for SHA256 | ||
1882 | KEX support, should work with libc SHA256 support or OpenSSL | ||
1883 | EVP_sha256 if present | ||
1884 | - (djm) [includes.h] Restore accidentally dropped netinet/in.h | ||
1885 | - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files | ||
1886 | - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present | ||
1887 | - (djm) [regress/.cvsignore] Ignore Makefile here | ||
1888 | - (djm) [loginrec.c] Need stat.h | ||
1889 | - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with | ||
1890 | system sha2.h | ||
1891 | - (djm) [ssh-rand-helper.c] Needs a bunch of headers | ||
1892 | - (djm) [ssh-agent.c] Restore dropped stat.h | ||
1893 | - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out | ||
1894 | SHA384, which we don't need and doesn't compile without tweaks | ||
1895 | - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] | ||
1896 | [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] | ||
1897 | [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] | ||
1898 | [openbsd-compat/glob.c openbsd-compat/mktemp.c] | ||
1899 | [openbsd-compat/readpassphrase.c] Lots of include fixes for | ||
1900 | OpenSolaris | ||
1901 | - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" | ||
1902 | - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some | ||
1903 | includes removed from includes.h | ||
1904 | - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE | ||
1905 | - (djm) [includes.h] Put back paths.h, it is needed in defines.h | ||
1906 | - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs | ||
1907 | sys/ioctl.h for struct winsize. | ||
1908 | - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. | ||
1909 | |||
1910 | 20060313 | ||
1911 | - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) | ||
1912 | since not all platforms support it. Instead, use internal equivalent while | ||
1913 | computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* | ||
1914 | as it's no longer required. Tested by Bernhard Simon, ok djm@ | ||
1915 | |||
1916 | 20060304 | ||
1917 | - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a | ||
1918 | file rather than directory, required as Cygwin will be importing lastlog(1). | ||
1919 | Also tightens up permissions on the file. Patch from vinschen@redhat.com. | ||
1920 | - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h | ||
1921 | includes. Patch from gentoo.riverrat at gmail.com. | ||
1922 | |||
1923 | 20060226 | ||
1924 | - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY | ||
1925 | patch from kraai at ftbfs.org. | ||
1926 | |||
1927 | 20060223 | ||
1928 | - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current | ||
1929 | reality. Pointed out by tryponraj at gmail.com. | ||
1930 | |||
1931 | 20060222 | ||
1932 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only | ||
1933 | compile in compat code if required. | ||
1934 | |||
1935 | 20060221 | ||
1936 | - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about | ||
1937 | redefinition of SSLeay_add_all_algorithms. | ||
1938 | |||
1939 | 20060220 | ||
1940 | - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] | ||
1941 | Add optional enabling of OpenSSL's (hardware) Engine support, via | ||
1942 | configure --with-ssl-engine. Based in part on a diff by michal at | ||
1943 | logix.cz. | ||
1944 | |||
1945 | 20060219 | ||
1946 | - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] | ||
1947 | Add first attempt at regress tests for compat library. ok djm@ | ||
1948 | |||
1949 | 20060214 | ||
1950 | - (tim) [buildpkg.sh.in] Make the names consistent. | ||
1951 | s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ | ||
1952 | |||
1953 | 20060212 | ||
1954 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned | ||
1955 | to silence compiler warning, from vinschen at redhat.com. | ||
1956 | - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. | ||
1957 | - (dtucker) [README version.h contrib/caldera/openssh.spec | ||
1958 | contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version | ||
1959 | strings to match 4.3p2 release. | ||
4 | 1960 | ||
5 | 20060208 | 1961 | 20060208 |
6 | - (tim) [session.c] Logout records were not updated on systems with | 1962 | - (tim) [session.c] Logout records were not updated on systems with |
7 | post auth privsep disabled due to bug 1086 changes. Analysis and patch | 1963 | post auth privsep disabled due to bug 1086 changes. Analysis and patch |
8 | by vinschen at redhat.com. OK tim@, dtucker@. | 1964 | by vinschen at redhat.com. OK tim@, dtucker@. |
9 | - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP | 1965 | - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP |
10 | -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ | 1966 | -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@ |
11 | 1967 | ||
12 | 20060206 | 1968 | 20060206 |
13 | - (tim) [configure.ac] Remove unnecessary tests for net/if.h and | 1969 | - (tim) [configure.ac] Remove unnecessary tests for net/if.h and |
@@ -860,3019 +2816,4 @@ | |||
860 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2816 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
861 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2817 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
862 | 2818 | ||
863 | 20050901 | 2819 | $Id: ChangeLog,v 1.4635.2.1 2007/03/06 10:27:55 djm Exp $ |
864 | - (djm) Update RPM spec file versions | ||
865 | |||
866 | 20050831 | ||
867 | - (djm) OpenBSD CVS Sync | ||
868 | - djm@cvs.openbsd.org 2005/08/30 22:08:05 | ||
869 | [gss-serv.c sshconnect2.c] | ||
870 | destroy credentials if krb5_kuserok() call fails. Stops credentials being | ||
871 | delegated to users who are not authorised for GSSAPIAuthentication when | ||
872 | GSSAPIDeletegateCredentials=yes and another authentication mechanism | ||
873 | succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by | ||
874 | simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ | ||
875 | - markus@cvs.openbsd.org 2005/08/31 09:28:42 | ||
876 | [version.h] | ||
877 | 4.2 | ||
878 | - (dtucker) [README] Update release note URL to 4.2 | ||
879 | - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c | ||
880 | openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable | ||
881 | libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). | ||
882 | Feedback and OK dtucker@ | ||
883 | |||
884 | 20050830 | ||
885 | - (tim) [configure.ac] Back out last change. It needs to be done differently. | ||
886 | |||
887 | 20050829 | ||
888 | - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long | ||
889 | password support to 7.x for now. | ||
890 | |||
891 | 20050826 | ||
892 | - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c | ||
893 | openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h | ||
894 | openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c | ||
895 | openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) | ||
896 | on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing | ||
897 | by tim@. Feedback and OK dtucker@ | ||
898 | |||
899 | 20050823 | ||
900 | - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- | ||
901 | qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" | ||
902 | and "//foo" to be different. Spotted by vinschen at redhat.com. | ||
903 | - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements | ||
904 | and OK dtucker@ | ||
905 | - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ | ||
906 | |||
907 | 20050821 | ||
908 | - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for | ||
909 | LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ | ||
910 | |||
911 | 20050816 | ||
912 | - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE, | ||
913 | from Jacob Nevins; ok dtucker@ | ||
914 | |||
915 | 20050815 | ||
916 | - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT | ||
917 | - (tim) [configure.ac] corrections to libedit tests. Report and patches | ||
918 | by skeleten AT shillest.net | ||
919 | |||
920 | 20050812 | ||
921 | - (djm) OpenBSD CVS Sync | ||
922 | - markus@cvs.openbsd.org 2005/07/28 17:36:22 | ||
923 | [packet.c] | ||
924 | missing packet_init_compression(); from solar | ||
925 | - djm@cvs.openbsd.org 2005/07/30 01:26:16 | ||
926 | [ssh.c] | ||
927 | fix -D listen_host initialisation, so it picks up gateway_ports setting | ||
928 | correctly | ||
929 | - djm@cvs.openbsd.org 2005/07/30 02:03:47 | ||
930 | [readconf.c] | ||
931 | listen_hosts initialisation here too; spotted greg AT y2005.nest.cx | ||
932 | - dtucker@cvs.openbsd.org 2005/08/06 10:03:12 | ||
933 | [servconf.c] | ||
934 | Unbreak sshd ListenAddress for bare IPv6 addresses. | ||
935 | Report from Janusz Mucka; ok djm@ | ||
936 | - jaredy@cvs.openbsd.org 2005/08/08 13:22:48 | ||
937 | [sftp.c] | ||
938 | sftp prompt enhancements: | ||
939 | - in non-interactive mode, do not print an empty prompt at the end | ||
940 | before finishing | ||
941 | - print newline after EOF in editline mode | ||
942 | - call el_end() in editline mode | ||
943 | ok dtucker djm | ||
944 | |||
945 | 20050810 | ||
946 | - (dtucker) [configure.ac] Test libedit library and headers for compatibility. | ||
947 | Report from skeleten AT shillest.net, ok djm@ | ||
948 | - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] | ||
949 | Sync current (thread-safe) version of realpath.c from OpenBSD (which is | ||
950 | in turn based on FreeBSD's). ok djm@ | ||
951 | |||
952 | 20050809 | ||
953 | - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ | ||
954 | Report by skeleten AT shillest.net | ||
955 | |||
956 | 20050803 | ||
957 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines | ||
958 | individually and use a value less likely to collide with real values from | ||
959 | netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ | ||
960 | - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the | ||
961 | latter is specified in the standard. | ||
962 | |||
963 | 20050802 | ||
964 | - (dtucker) OpenBSD CVS Sync | ||
965 | - dtucker@cvs.openbsd.org 2005/07/27 10:39:03 | ||
966 | [scp.c hostfile.c sftp-client.c] | ||
967 | Silence bogus -Wuninitialized warnings; ok djm@ | ||
968 | - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling | ||
969 | with gcc. ok djm@ | ||
970 | - (dtucker) [configure.ac] Add a --with-Werror option to configure for | ||
971 | adding -Werror to CFLAGS when all of the configure tests are done. ok djm@ | ||
972 | |||
973 | 20050726 | ||
974 | - (dtucker) [configure.ac] Update zlib warning message too, pointed out by | ||
975 | tim@. | ||
976 | - (djm) OpenBSD CVS Sync | ||
977 | - otto@cvs.openbsd.org 2005/07/19 15:32:26 | ||
978 | [auth-passwd.c] | ||
979 | auth_usercheck(3) can return NULL, so check for that. Report from | ||
980 | mpech@. ok markus@ | ||
981 | - markus@cvs.openbsd.org 2005/07/25 11:59:40 | ||
982 | [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] | ||
983 | [sshconnect2.c sshd.c sshd_config sshd_config.5] | ||
984 | add a new compression method that delays compression until the user | ||
985 | has been authenticated successfully and set compression to 'delayed' | ||
986 | for sshd. | ||
987 | this breaks older openssh clients (< 3.5) if they insist on | ||
988 | compression, so you have to re-enable compression in sshd_config. | ||
989 | ok djm@ | ||
990 | |||
991 | 20050725 | ||
992 | - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096. | ||
993 | |||
994 | 20050717 | ||
995 | - OpenBSD CVS Sync | ||
996 | - djm@cvs.openbsd.org 2005/07/16 01:35:24 | ||
997 | [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] | ||
998 | [sshconnect.c] | ||
999 | spacing | ||
1000 | - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] | ||
1001 | [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL | ||
1002 | in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") | ||
1003 | - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line | ||
1004 | - djm@cvs.openbsd.org 2005/07/17 06:49:04 | ||
1005 | [channels.c channels.h session.c session.h] | ||
1006 | Fix a number of X11 forwarding channel leaks: | ||
1007 | 1. Refuse multiple X11 forwarding requests on the same session | ||
1008 | 2. Clean up all listeners after a single_connection X11 forward, not just | ||
1009 | the one that made the single connection | ||
1010 | 3. Destroy X11 listeners when the session owning them goes away | ||
1011 | testing and ok dtucker@ | ||
1012 | - djm@cvs.openbsd.org 2005/07/17 07:17:55 | ||
1013 | [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] | ||
1014 | [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] | ||
1015 | [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] | ||
1016 | [sshconnect.c sshconnect2.c] | ||
1017 | knf says that a 2nd level indent is four (not three or five) spaces | ||
1018 | -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c] | ||
1019 | [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too | ||
1020 | - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls | ||
1021 | |||
1022 | 20050716 | ||
1023 | - (dtucker) [auth-pam.c] Ensure that only one side of the authentication | ||
1024 | socketpair stays open on in both the monitor and PAM process. Patch from | ||
1025 | Joerg Sonnenberger. | ||
1026 | |||
1027 | 20050714 | ||
1028 | - (dtucker) OpenBSD CVS Sync | ||
1029 | - dtucker@cvs.openbsd.org 2005/07/06 09:33:05 | ||
1030 | [ssh.1] | ||
1031 | clarify meaning of ssh -b ; with & ok jmc@ | ||
1032 | - dtucker@cvs.openbsd.org 2005/07/08 09:26:18 | ||
1033 | [misc.c] | ||
1034 | Make comment match code; ok djm@ | ||
1035 | - markus@cvs.openbsd.org 2005/07/08 09:41:33 | ||
1036 | [channels.h] | ||
1037 | race when efd gets closed while there is still buffered data: | ||
1038 | change CHANNEL_EFD_OUTPUT_ACTIVE() | ||
1039 | 1) c->efd must always be valid AND | ||
1040 | 2a) no EOF has been seen OR | ||
1041 | 2b) there is buffered data | ||
1042 | report, initial fix and testing Chuck Cranor | ||
1043 | - dtucker@cvs.openbsd.org 2005/07/08 10:20:41 | ||
1044 | [ssh_config.5] | ||
1045 | change BindAddress to match recent ssh -b change; prompted by markus@ | ||
1046 | - jmc@cvs.openbsd.org 2005/07/08 12:53:10 | ||
1047 | [ssh_config.5] | ||
1048 | new sentence, new line; | ||
1049 | - dtucker@cvs.openbsd.org 2005/07/14 04:00:43 | ||
1050 | [misc.h] | ||
1051 | use __sentinel__ attribute; ok deraadt@ djm@ markus@ | ||
1052 | - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the | ||
1053 | compiler doesn't understand it to prevent warnings. If any mainstream | ||
1054 | compiler versions acquire it we can test for those versions. Based on | ||
1055 | discussion with djm@. | ||
1056 | |||
1057 | 20050707 | ||
1058 | - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for | ||
1059 | the MIT Kerberos code path into a common function and expand mkstemp | ||
1060 | template to be consistent with the rest of OpenSSH. From sxw at | ||
1061 | inf.ed.ac.uk, ok djm@ | ||
1062 | - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno | ||
1063 | in the case where the buffer is insufficient, so always return ENOMEM. | ||
1064 | Also pointed out by sxw at inf.ed.ac.uk. | ||
1065 | - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove | ||
1066 | calls to krb5_init_ets, which has not been required since krb-1.1.x and | ||
1067 | most Kerberos versions no longer export in their public API. From sxw | ||
1068 | at inf.ed.ac.uk, ok djm@ | ||
1069 | |||
1070 | 20050706 | ||
1071 | - (djm) OpenBSD CVS Sync | ||
1072 | - markus@cvs.openbsd.org 2005/07/01 13:19:47 | ||
1073 | [channels.c] | ||
1074 | don't free() if getaddrinfo() fails; report mpech@ | ||
1075 | - djm@cvs.openbsd.org 2005/07/04 00:58:43 | ||
1076 | [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] | ||
1077 | implement support for X11 and agent forwarding over multiplex slave | ||
1078 | connections. Because of protocol limitations, the slave connections inherit | ||
1079 | the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding | ||
1080 | their own. | ||
1081 | ok dtucker@ "put it in" deraadt@ | ||
1082 | - jmc@cvs.openbsd.org 2005/07/04 11:29:51 | ||
1083 | [ssh_config.5] | ||
1084 | fix Xr and a little grammar; | ||
1085 | - markus@cvs.openbsd.org 2005/07/04 14:04:11 | ||
1086 | [channels.c] | ||
1087 | don't forget to set x11_saved_display | ||
1088 | |||
1089 | 20050626 | ||
1090 | - (djm) OpenBSD CVS Sync | ||
1091 | - djm@cvs.openbsd.org 2005/06/17 22:53:47 | ||
1092 | [ssh.c sshconnect.c] | ||
1093 | Fix ControlPath's %p expanding to "0" for a default port, | ||
1094 | spotted dwmw2 AT infradead.org; ok markus@ | ||
1095 | - djm@cvs.openbsd.org 2005/06/18 04:30:36 | ||
1096 | [ssh.c ssh_config.5] | ||
1097 | allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@ | ||
1098 | - djm@cvs.openbsd.org 2005/06/25 22:47:49 | ||
1099 | [ssh.c] | ||
1100 | do the default port filling code a few lines earlier, so it really | ||
1101 | does fix %p | ||
1102 | |||
1103 | 20050618 | ||
1104 | - (djm) OpenBSD CVS Sync | ||
1105 | - djm@cvs.openbsd.org 2005/05/20 12:57:01; | ||
1106 | [auth1.c] split protocol 1 auth methods into separate functions, makes | ||
1107 | authloop much more readable; fixes and ok markus@ (portable ok & | ||
1108 | polish dtucker@) | ||
1109 | - djm@cvs.openbsd.org 2005/06/17 02:44:33 | ||
1110 | [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@ | ||
1111 | - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable, | ||
1112 | tested and fixes tim@ | ||
1113 | |||
1114 | 20050617 | ||
1115 | - (djm) OpenBSD CVS Sync | ||
1116 | - djm@cvs.openbsd.org 2005/06/16 03:38:36 | ||
1117 | [channels.c channels.h clientloop.c clientloop.h ssh.c] | ||
1118 | move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd | ||
1119 | easier later; ok deraadt@ | ||
1120 | - markus@cvs.openbsd.org 2005/06/16 08:00:00 | ||
1121 | [canohost.c channels.c sshd.c] | ||
1122 | don't exit if getpeername fails for forwarded ports; bugzilla #1054; | ||
1123 | ok djm | ||
1124 | - djm@cvs.openbsd.org 2005/06/17 02:44:33 | ||
1125 | [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] | ||
1126 | [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] | ||
1127 | [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] | ||
1128 | [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] | ||
1129 | [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] | ||
1130 | make this -Wsign-compare clean; ok avsm@ markus@ | ||
1131 | NB. auth1.c changes not committed yet (conflicts with uncommitted sync) | ||
1132 | NB2. more work may be needed to make portable Wsign-compare clean | ||
1133 | - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h | ||
1134 | openbsd-compat/openssl-compat.c] only include openssl compat stuff where | ||
1135 | it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by | ||
1136 | and ok tim@ | ||
1137 | |||
1138 | 20050616 | ||
1139 | - (djm) OpenBSD CVS Sync | ||
1140 | - jaredy@cvs.openbsd.org 2005/06/07 13:25:23 | ||
1141 | [progressmeter.c] | ||
1142 | catch SIGWINCH and resize progress meter accordingly; ok markus dtucker | ||
1143 | - djm@cvs.openbsd.org 2005/06/06 11:20:36 | ||
1144 | [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] | ||
1145 | introduce a generic %foo expansion function. replace existing % expansion | ||
1146 | and add expansion to ControlPath; ok markus@ | ||
1147 | - djm@cvs.openbsd.org 2005/06/08 03:50:00 | ||
1148 | [ssh-keygen.1 ssh-keygen.c sshd.8] | ||
1149 | increase default rsa/dsa key length from 1024 to 2048 bits; | ||
1150 | ok markus@ deraadt@ | ||
1151 | - djm@cvs.openbsd.org 2005/06/08 11:25:09 | ||
1152 | [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] | ||
1153 | add ControlMaster=auto/autoask options to support opportunistic | ||
1154 | multiplexing; tested avsm@ and jakob@, ok markus@ | ||
1155 | - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 | ||
1156 | [cipher.c] | ||
1157 | Correctly initialize end of array sentinel; ok djm@ | ||
1158 | (Id sync only, change already in portable) | ||
1159 | |||
1160 | 20050609 | ||
1161 | - (dtucker) [cipher.c openbsd-compat/Makefile.in | ||
1162 | openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}] | ||
1163 | Move compatibility code for supporting older OpenSSL versions to the | ||
1164 | compat layer. Suggested by and "no objection" djm@ | ||
1165 | |||
1166 | 20050607 | ||
1167 | - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: | ||
1168 | in today's episode we attempt to coax it from limits.h where it may be | ||
1169 | hiding, failing that we take the DIY approach. Tested by tim@ | ||
1170 | |||
1171 | 20050603 | ||
1172 | - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't | ||
1173 | defined, and check that it helps before keeping it in CFLAGS. Some old | ||
1174 | gcc's don't set an error code when encountering an unknown value in -std. | ||
1175 | Found and tested by tim@. | ||
1176 | - (dtucker) [configure.ac] Point configure's reporting address at the | ||
1177 | openssh-unix-dev list. ok tim@ djm@ | ||
1178 | |||
1179 | 20050602 | ||
1180 | - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h. | ||
1181 | Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms | ||
1182 | to skip builtin standard includes tests. (first AC_CHECK_HEADERS test | ||
1183 | must be run on all platforms) Add missing ;; to case statement. OK dtucker@ | ||
1184 | |||
1185 | 20050601 | ||
1186 | - (dtucker) [configure.ac] Look for _getshort and _getlong in | ||
1187 | arpa/nameser.h. | ||
1188 | - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] | ||
1189 | Add strtoll to the compat library, from OpenBSD. | ||
1190 | - (dtucker) OpenBSD CVS Sync | ||
1191 | - avsm@cvs.openbsd.org 2005/05/26 02:08:05 | ||
1192 | [scp.c] | ||
1193 | If copying multiple files to a target file (which normally fails, as it | ||
1194 | must be a target directory), kill the spawned ssh child before exiting. | ||
1195 | This stops it trying to authenticate and spewing lots of output. | ||
1196 | deraadt@ ok | ||
1197 | - dtucker@cvs.openbsd.org 2005/05/26 09:08:12 | ||
1198 | [ssh-keygen.c] | ||
1199 | uint32_t -> u_int32_t for consistency; ok djm@ | ||
1200 | - djm@cvs.openbsd.org 2005/05/27 08:30:37 | ||
1201 | [ssh.c] | ||
1202 | fix -O for cases where no ControlPath has been specified or socket at | ||
1203 | ControlPath is not contactable; spotted by and ok avsm@ | ||
1204 | - (tim) [config.guess config.sub] Update to '2005-05-27' version. | ||
1205 | - (tim) [configure.ac] set TEST_SHELL for OpenServer 6 | ||
1206 | |||
1207 | 20050531 | ||
1208 | - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at | ||
1209 | vintela.com. | ||
1210 | - (dtucker) [mdoc2man.awk] Teach it to understand .Ox. | ||
1211 | |||
1212 | 20050530 | ||
1213 | - (dtucker) [README] Link to new release notes. Beter late than never... | ||
1214 | |||
1215 | 20050529 | ||
1216 | - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the | ||
1217 | argument to passwdexpired to be initialized to NULL. Suggested by tim@ | ||
1218 | While at it, initialize the other arguments to auth functions in case they | ||
1219 | ever acquire this behaviour. | ||
1220 | - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. | ||
1221 | - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message, | ||
1222 | spotted by tim@. | ||
1223 | |||
1224 | 20050528 | ||
1225 | - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have | ||
1226 | one entry per line to make it easier to merge changes. ok djm@ | ||
1227 | - (dtucker) [configure.ac] strsep() may be defined in string.h, so check | ||
1228 | for its presence and include it in the strsep check. | ||
1229 | - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for | ||
1230 | its presence before doing AC_FUNC_GETPGRP. | ||
1231 | - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor | ||
1232 | version-specific variations as required. | ||
1233 | - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as | ||
1234 | per the autoconf man page. Configure should always define them but it | ||
1235 | doesn't hurt to check. | ||
1236 | |||
1237 | 20050527 | ||
1238 | - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by | ||
1239 | David Leach; ok dtucker@ | ||
1240 | - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c | ||
1241 | openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. | ||
1242 | Required changes from Bernhard Simon, integrated by me. ok djm@ | ||
1243 | |||
1244 | 20050525 | ||
1245 | - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not | ||
1246 | been used for a while | ||
1247 | - (djm) OpenBSD CVS Sync | ||
1248 | - otto@cvs.openbsd.org 2005/04/05 13:45:31 | ||
1249 | [ssh-keygen.c] | ||
1250 | - djm@cvs.openbsd.org 2005/04/06 09:43:59 | ||
1251 | [sshd.c] | ||
1252 | avoid harmless logspam by not performing setsockopt() on non-socket; | ||
1253 | ok markus@ | ||
1254 | - dtucker@cvs.openbsd.org 2005/04/06 12:26:06 | ||
1255 | [ssh.c] | ||
1256 | Fix debug call for port forwards; patch from pete at seebeyond.com, | ||
1257 | ok djm@ (ID sync only - change already in portable) | ||
1258 | - djm@cvs.openbsd.org 2005/04/09 04:32:54 | ||
1259 | [misc.c misc.h tildexpand.c Makefile.in] | ||
1260 | replace tilde_expand_filename with a simpler implementation, ahead of | ||
1261 | more whacking; ok deraadt@ | ||
1262 | - jmc@cvs.openbsd.org 2005/04/14 12:30:30 | ||
1263 | [ssh.1] | ||
1264 | arg to -b is an address, not if_name; | ||
1265 | ok markus@ | ||
1266 | - jakob@cvs.openbsd.org 2005/04/20 10:05:45 | ||
1267 | [dns.c] | ||
1268 | do not try to look up SSHFP for numerical hostname. ok djm@ | ||
1269 | - djm@cvs.openbsd.org 2005/04/21 06:17:50 | ||
1270 | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] | ||
1271 | [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment | ||
1272 | variable, so don't say that we do (bz #623); ok deraadt@ | ||
1273 | - djm@cvs.openbsd.org 2005/04/21 11:47:19 | ||
1274 | [ssh.c] | ||
1275 | don't allocate a pty when -n flag (/dev/null stdin) is set, patch from | ||
1276 | ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@ | ||
1277 | - dtucker@cvs.openbsd.org 2005/04/23 23:43:47 | ||
1278 | [readpass.c] | ||
1279 | Add debug message if read_passphrase can't open /dev/tty; bz #471; | ||
1280 | ok djm@ | ||
1281 | - jmc@cvs.openbsd.org 2005/04/26 12:59:02 | ||
1282 | [sftp-client.h] | ||
1283 | spelling correction in comment from wiz@netbsd; | ||
1284 | - jakob@cvs.openbsd.org 2005/04/26 13:08:37 | ||
1285 | [ssh.c ssh_config.5] | ||
1286 | fallback gracefully if client cannot connect to ControlPath. ok djm@ | ||
1287 | - moritz@cvs.openbsd.org 2005/04/28 10:17:56 | ||
1288 | [progressmeter.c ssh-keyscan.c] | ||
1289 | add snprintf checks. ok djm@ markus@ | ||
1290 | - markus@cvs.openbsd.org 2005/05/02 21:13:22 | ||
1291 | [readpass.c] | ||
1292 | missing {} | ||
1293 | - djm@cvs.openbsd.org 2005/05/10 10:28:11 | ||
1294 | [ssh.c] | ||
1295 | print nice error message for EADDRINUSE as well (ID sync only) | ||
1296 | - djm@cvs.openbsd.org 2005/05/10 10:30:43 | ||
1297 | [ssh.c] | ||
1298 | report real errors on fallback from ControlMaster=no to normal connect | ||
1299 | - markus@cvs.openbsd.org 2005/05/16 15:30:51 | ||
1300 | [readconf.c servconf.c] | ||
1301 | check return value from strdelim() for NULL (AddressFamily); mpech | ||
1302 | - djm@cvs.openbsd.org 2005/05/19 02:39:55 | ||
1303 | [sshd_config.5] | ||
1304 | sort config options, from grunk AT pestilenz.org; ok jmc@ | ||
1305 | - djm@cvs.openbsd.org 2005/05/19 02:40:52 | ||
1306 | [sshd_config] | ||
1307 | whitespace nit, from grunk AT pestilenz.org | ||
1308 | - djm@cvs.openbsd.org 2005/05/19 02:42:26 | ||
1309 | [includes.h] | ||
1310 | fix cast, from grunk AT pestilenz.org | ||
1311 | - djm@cvs.openbsd.org 2005/05/20 10:50:55 | ||
1312 | [ssh_config.5] | ||
1313 | give a ProxyCommand example using nc(1), with and ok jmc@ | ||
1314 | - jmc@cvs.openbsd.org 2005/05/20 11:23:32 | ||
1315 | [ssh_config.5] | ||
1316 | oops - article and spacing; | ||
1317 | - avsm@cvs.openbsd.org 2005/05/23 22:44:01 | ||
1318 | [moduli.c ssh-keygen.c] | ||
1319 | - removes signed/unsigned comparisons in moduli generation | ||
1320 | - use strtonum instead of atoi where its easier | ||
1321 | - check some strlcpy overflow and fatal instead of truncate | ||
1322 | - djm@cvs.openbsd.org 2005/05/23 23:32:46 | ||
1323 | [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5] | ||
1324 | add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; | ||
1325 | ok markus@ | ||
1326 | - avsm@cvs.openbsd.org 2005/05/24 02:05:09 | ||
1327 | [ssh-keygen.c] | ||
1328 | some style nits from dmiller@, and use a fatal() instead of a printf()/exit | ||
1329 | - avsm@cvs.openbsd.org 2005/05/24 17:32:44 | ||
1330 | [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c] | ||
1331 | [ssh-keyscan.c sshconnect.c] | ||
1332 | Switch atomicio to use a simpler interface; it now returns a size_t | ||
1333 | (containing number of bytes read/written), and indicates error by | ||
1334 | returning 0. EOF is signalled by errno==EPIPE. | ||
1335 | Typical use now becomes: | ||
1336 | |||
1337 | if (atomicio(read, ..., len) != len) | ||
1338 | err(1,"read"); | ||
1339 | |||
1340 | ok deraadt@, cloder@, djm@ | ||
1341 | - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on | ||
1342 | Cygwin. | ||
1343 | - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux: | ||
1344 | warning: dereferencing type-punned pointer will break strict-aliasing rules | ||
1345 | warning: passing arg 3 of `pam_get_item' from incompatible pointer type | ||
1346 | The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@ | ||
1347 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide | ||
1348 | templates for _getshort and _getlong if missing to prevent compiler warnings | ||
1349 | on Linux. | ||
1350 | - (djm) [configure.ac openbsd-compat/Makefile.in] | ||
1351 | [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c] | ||
1352 | Add strtonum(3) from OpenBSD libc, new code needs it. | ||
1353 | Unfortunately Linux forces us to do a bizarre dance with compiler | ||
1354 | options to get LLONG_MIN/MAX; Spotted by and ok dtucker@ | ||
1355 | |||
1356 | 20050524 | ||
1357 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
1358 | [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 | ||
1359 | - (dtucker) [auth-pam.c] Since people don't seem to be getting the message | ||
1360 | that USE_POSIX_THREADS is unsupported, not recommended and generally a bad | ||
1361 | idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use | ||
1362 | USE_POSIX_THREADS will now generate an error so we don't silently change | ||
1363 | behaviour. ok djm@ | ||
1364 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory | ||
1365 | allocation when retrieving core Windows environment. Add CYGWIN variable | ||
1366 | to propagated variables. Patch from vinschen at redhat.com, ok djm@ | ||
1367 | - Release 4.1p1 | ||
1368 | |||
1369 | 20050524 | ||
1370 | - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure | ||
1371 | terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz; | ||
1372 | "looks ok" dtucker@ | ||
1373 | |||
1374 | 20050510 | ||
1375 | - (srivasta) [selinux.c] if selinux is enabled, then provide funtions to | ||
1376 | initialize the pty and execution context for ssh. | ||
1377 | - (srivasta) [selinux.h] if SELinux is defined, add function prototypes for | ||
1378 | functions, or make them null ops. | ||
1379 | - (srivasta) [sshpty.c] include selinuh.h | ||
1380 | pty_setowner: set up the selinux pty correcty. | ||
1381 | - (srivasta) [session.c] include selinuh.h | ||
1382 | do_setusercontext: set up proper execution context for SELinux. | ||
1383 | - (srivasta) [monitor_wrap.h] Add function prototype for new function to | ||
1384 | inform the privileged process about role. | ||
1385 | - (srivasta) [monitor_wrap.c] (mm_inform_authrole) Inform the privileged | ||
1386 | process about role. | ||
1387 | - (srivasta) [monitor.h] Add a new monitor request type for auth roles. | ||
1388 | - (srivasta) [monitor.c] (mm_answer_authrole) Add nre function to deal withe | ||
1389 | the new authorization role, and add a new monitor request type. | ||
1390 | - (srivasta) [contrib/redhat/sshd.init] (PID_FILE)restore the proper security | ||
1391 | file context of the generated public keys. | ||
1392 | - (srivasta) [configure.ac] (HAVE_HEADER_AD)Add an SELinux option | ||
1393 | - (srivasta) [auth2.c] (input_userauth_request)Handle the new role member | ||
1394 | - (srivasta) [auth1.c] (do_authentication)Handle the new role member | ||
1395 | - (srivasta) [auth.h] Added a role member in struct Authctxt | ||
1396 | - (srivasta) [Makefile.in (SSHDOBJS)] Add selinux.o | ||
1397 | |||
1398 | 20050512 | ||
1399 | - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script | ||
1400 | hard link section. Bug 1038. | ||
1401 | |||
1402 | 20050509 | ||
1403 | - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a | ||
1404 | user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com. | ||
1405 | |||
1406 | 20050504 | ||
1407 | - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used | ||
1408 | unix domain socket, so catch that too; from jakob@ ok dtucker@ | ||
1409 | |||
1410 | 20050503 | ||
1411 | - (dtucker) [canohost.c] normalise socket addresses returned by | ||
1412 | get_remote_hostname(). This means that IPv4 addresses in log messages | ||
1413 | on IPv6 enabled machines will no longer be prefixed by "::ffff:" and | ||
1414 | AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style | ||
1415 | addresses only for 4-in-6 mapped connections, regardless of whether | ||
1416 | or not the machine is IPv6 enabled. ok djm@ | ||
1417 | |||
1418 | 20050425 | ||
1419 | - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the | ||
1420 | existence of a process since it's more portable. Found by jbasney at | ||
1421 | ncsa.uiuc.edu; ok tim@ | ||
1422 | - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh | ||
1423 | will clean up anyway. From tim@ | ||
1424 | - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running | ||
1425 | "make tests" works even if you're building on a filesystem that doesn't | ||
1426 | support sockets. From deengert at anl.gov, ok djm@ | ||
1427 | |||
1428 | 20050424 | ||
1429 | - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or | ||
1430 | 1.2.1.2 or higher. With tim@, ok djm@ | ||
1431 | |||
1432 | 20050423 | ||
1433 | - (tim) [config.guess] Add support for OpenServer 6. | ||
1434 | |||
1435 | 20050421 | ||
1436 | - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if | ||
1437 | UseLogin is set as PAM is not used to establish credentials in that | ||
1438 | case. Found by Michael Selvesteen, ok djm@ | ||
1439 | |||
1440 | 20050419 | ||
1441 | - (dtucker) [INSTALL] Reference README.privsep for the privilege separation | ||
1442 | requirements. Pointed out by Bengt Svensson. | ||
1443 | - (dtucker) [INSTALL] Put the s/key text and URL back together. | ||
1444 | - (dtucker) [INSTALL] Fix s/key text too. | ||
1445 | |||
1446 | 20050411 | ||
1447 | - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME | ||
1448 | |||
1449 | 20050405 | ||
1450 | - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ | ||
1451 | - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on | ||
1452 | Tru64. Patch from cmadams at hiwaay.net. | ||
1453 | - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of | ||
1454 | sys_auth_passwd, pointed out by cmadams at hiwaay.net. | ||
1455 | |||
1456 | 20050403 | ||
1457 | - (djm) OpenBSD CVS Sync | ||
1458 | - deraadt@cvs.openbsd.org 2005/03/31 18:39:21 | ||
1459 | [scp.c] | ||
1460 | copy argv[] element instead of smashing the one that ps will see; ok otto | ||
1461 | - djm@cvs.openbsd.org 2005/04/02 12:41:16 | ||
1462 | [scp.c] | ||
1463 | since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror | ||
1464 | build | ||
1465 | - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read | ||
1466 | will free as needed. ok tim@ djm@ | ||
1467 | |||
1468 | 20050331 | ||
1469 | - (dtucker) OpenBSD CVS Sync | ||
1470 | - jmc@cvs.openbsd.org 2005/03/16 11:10:38 | ||
1471 | [ssh_config.5] | ||
1472 | get the syntax right for {Local,Remote}Forward; | ||
1473 | based on a diff from markus; | ||
1474 | problem report from ponraj; | ||
1475 | ok dtucker@ markus@ deraadt@ | ||
1476 | - markus@cvs.openbsd.org 2005/03/16 21:17:39 | ||
1477 | [version.h] | ||
1478 | 4.1 | ||
1479 | - jmc@cvs.openbsd.org 2005/03/18 17:05:00 | ||
1480 | [sshd_config.5] | ||
1481 | typo; | ||
1482 | - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in | ||
1483 | handling of password expiry messages returned by AIX's authentication | ||
1484 | routines, originally reported by robvdwal at sara.nl. | ||
1485 | - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug | ||
1486 | message on some platforms. Patch from pete at seebeyond.com via djm. | ||
1487 | - (dtucker) [monitor.c] Remaining part of fix for bug #1006. | ||
1488 | |||
1489 | 20050329 | ||
1490 | - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're | ||
1491 | interested in which is much faster in large (eg LDAP or NIS) environments. | ||
1492 | Patch from dleonard at vintela.com. | ||
1493 | |||
1494 | 20050321 | ||
1495 | - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes | ||
1496 | and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net, | ||
1497 | with & ok tim@ | ||
1498 | - (dtucker) [configure.ac] Make configure error out if the user specifies | ||
1499 | --with-libedit but the required libs can't be found, rather than silently | ||
1500 | ignoring and continuing. ok tim@ | ||
1501 | - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions | ||
1502 | of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se. | ||
1503 | |||
1504 | 20050317 | ||
1505 | - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional. | ||
1506 | Make --without-opensc work. | ||
1507 | - (tim) [configure.ac] portability changes on test statements. Some shells | ||
1508 | have problems with -a operator. | ||
1509 | - (tim) [configure.ac] make some configure options a little more error proof. | ||
1510 | - (tim) [configure.ac] remove trailing white space. | ||
1511 | |||
1512 | 20050314 | ||
1513 | - (dtucker) OpenBSD CVS Sync | ||
1514 | - dtucker@cvs.openbsd.org 2005/03/10 10:15:02 | ||
1515 | [readconf.c] | ||
1516 | Check listen addresses for null, prevents xfree from dying during | ||
1517 | ClearAllForwardings (bz #996). From Craig Leres, ok markus@ | ||
1518 | - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 | ||
1519 | [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c | ||
1520 | monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c | ||
1521 | readconf.c bufaux.c sftp.c] | ||
1522 | spacing | ||
1523 | - deraadt@cvs.openbsd.org 2005/03/10 22:40:38 | ||
1524 | [auth-options.c] | ||
1525 | spacing | ||
1526 | - markus@cvs.openbsd.org 2005/03/11 14:59:06 | ||
1527 | [ssh-keygen.c] | ||
1528 | typo, missing \n; mpech | ||
1529 | - jmc@cvs.openbsd.org 2005/03/12 11:55:03 | ||
1530 | [ssh_config.5] | ||
1531 | escape `.' at eol to avoid double spacing issues; | ||
1532 | - dtucker@cvs.openbsd.org 2005/03/14 10:09:03 | ||
1533 | [ssh-keygen.1] | ||
1534 | Correct description of -H (bz #997); ok markus@, punctuation jmc@ | ||
1535 | - dtucker@cvs.openbsd.org 2005/03/14 11:44:42 | ||
1536 | [auth.c] | ||
1537 | Populate host for log message for logins denied by AllowUsers and | ||
1538 | DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com) | ||
1539 | - markus@cvs.openbsd.org 2005/03/14 11:46:56 | ||
1540 | [buffer.c buffer.h channels.c] | ||
1541 | limit input buffer size for channels; bugzilla #896; with and ok dtucker@ | ||
1542 | - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed | ||
1543 | with a rpm -F | ||
1544 | |||
1545 | 20050313 | ||
1546 | - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the | ||
1547 | localized name of the local administrators group more reliable. From | ||
1548 | vinschen at redhat.com. | ||
1549 | |||
1550 | 20050312 | ||
1551 | - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug | ||
1552 | output ends up in the client's output, causing regress failures. Found | ||
1553 | by Corinna Vinschen. | ||
1554 | |||
1555 | 20050309 | ||
1556 | - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 | ||
1557 | so that regress tests behave. From Chris Adams. | ||
1558 | - (djm) OpenBSD CVS Sync | ||
1559 | - jmc@cvs.openbsd.org 2005/03/07 23:41:54 | ||
1560 | [ssh.1 ssh_config.5] | ||
1561 | more macro simplification; | ||
1562 | - djm@cvs.openbsd.org 2005/03/08 23:49:48 | ||
1563 | [version.h] | ||
1564 | OpenSSH 4.0 | ||
1565 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
1566 | [contrib/suse/openssh.spec] Update spec file versions | ||
1567 | - (djm) [log.c] Fix dumb syntax error; ok dtucker@ | ||
1568 | - (djm) Release OpenSSH 4.0p1 | ||
1569 | |||
1570 | 20050307 | ||
1571 | - (dtucker) [configure.ac] Disable gettext search when configuring with | ||
1572 | BSM audit support for the time being. ok djm@ | ||
1573 | - (dtucker) OpenBSD CVS Sync (regress/) | ||
1574 | - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 | ||
1575 | [Makefile sftp-glob.sh] | ||
1576 | some globbing regress; prompted and ok djm@ | ||
1577 | - david@cvs.openbsd.org 2005/01/14 04:21:18 | ||
1578 | [Makefile test-exec.sh] | ||
1579 | pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ | ||
1580 | - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 | ||
1581 | [multiplex.sh test-exec.sh sshd-log-wrapper.sh] | ||
1582 | Add optional capability to log output from regress commands; ok markus@ | ||
1583 | Use with: make TEST_SSH_LOGFILE=/tmp/regress.log | ||
1584 | - djm@cvs.openbsd.org 2005/02/27 23:13:36 | ||
1585 | [login-timeout.sh] | ||
1586 | avoid nameservice lookups in regress test; ok dtucker@ | ||
1587 | - djm@cvs.openbsd.org 2005/03/04 08:48:46 | ||
1588 | [Makefile envpass.sh] | ||
1589 | regress test for SendEnv config parsing bug; ok dtucker@ | ||
1590 | - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. | ||
1591 | - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. | ||
1592 | |||
1593 | 20050306 | ||
1594 | - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor | ||
1595 | when attempting to audit disconnect events. Reported by Phil Dibowitz. | ||
1596 | - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit | ||
1597 | events earlier, prevents mm_request_send errors reported by Matt Goebel. | ||
1598 | |||
1599 | 20050305 | ||
1600 | - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch | ||
1601 | from vinschen at redhat.com | ||
1602 | - (djm) OpenBSD CVS Sync | ||
1603 | - jmc@cvs.openbsd.org 2005/03/02 11:45:01 | ||
1604 | [ssh.1] | ||
1605 | missing word; | ||
1606 | - djm@cvs.openbsd.org 2005/03/04 08:48:06 | ||
1607 | [readconf.c] | ||
1608 | fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ | ||
1609 | |||
1610 | 20050302 | ||
1611 | - (djm) OpenBSD CVS sync: | ||
1612 | - jmc@cvs.openbsd.org 2005/03/01 14:47:58 | ||
1613 | [ssh.1] | ||
1614 | remove some unneccesary macros; | ||
1615 | do not mark up punctuation; | ||
1616 | - jmc@cvs.openbsd.org 2005/03/01 14:55:23 | ||
1617 | [ssh_config.5] | ||
1618 | do not mark up punctuation; | ||
1619 | whitespace; | ||
1620 | - jmc@cvs.openbsd.org 2005/03/01 14:59:49 | ||
1621 | [sshd.8] | ||
1622 | new sentence, new line; | ||
1623 | whitespace; | ||
1624 | - jmc@cvs.openbsd.org 2005/03/01 15:05:00 | ||
1625 | [ssh-keygen.1] | ||
1626 | whitespace; | ||
1627 | - jmc@cvs.openbsd.org 2005/03/01 15:47:14 | ||
1628 | [ssh-keyscan.1 ssh-keyscan.c] | ||
1629 | sort options and sync usage(); | ||
1630 | - jmc@cvs.openbsd.org 2005/03/01 17:19:35 | ||
1631 | [scp.1 sftp.1] | ||
1632 | add HashKnownHosts to -o list; | ||
1633 | ok markus@ | ||
1634 | - jmc@cvs.openbsd.org 2005/03/01 17:22:06 | ||
1635 | [ssh.c] | ||
1636 | sync usage() w/ man SYNOPSIS; | ||
1637 | ok markus@ | ||
1638 | - jmc@cvs.openbsd.org 2005/03/01 17:32:19 | ||
1639 | [ssh-add.1] | ||
1640 | sort options; | ||
1641 | - jmc@cvs.openbsd.org 2005/03/01 18:15:56 | ||
1642 | [ssh-keygen.1] | ||
1643 | sort options (no attempt made at synopsis clean up though); | ||
1644 | spelling (occurance -> occurrence); | ||
1645 | use prompt before examples; | ||
1646 | grammar; | ||
1647 | - djm@cvs.openbsd.org 2005/03/02 01:00:06 | ||
1648 | [sshconnect.c] | ||
1649 | fix addition of new hashed hostnames when CheckHostIP=yes; | ||
1650 | found and ok dtucker@ | ||
1651 | - djm@cvs.openbsd.org 2005/03/02 01:27:41 | ||
1652 | [ssh-keygen.c] | ||
1653 | ignore hostnames with metachars when hashing; ok deraadt@ | ||
1654 | - djm@cvs.openbsd.org 2005/03/02 02:21:07 | ||
1655 | [ssh.1] | ||
1656 | bz#987: mention ForwardX11Trusted in ssh.1, | ||
1657 | reported by andrew.benham AT thus.net; ok deraadt@ | ||
1658 | - (tim) [regress/agent-ptrace.sh] add another possible gdb error. | ||
1659 | |||
1660 | 20050301 | ||
1661 | - (djm) OpenBSD CVS sync: | ||
1662 | - otto@cvs.openbsd.org 2005/02/16 09:56:44 | ||
1663 | [ssh.c] | ||
1664 | Better diagnostic if an identity file is not accesible. ok markus@ djm@ | ||
1665 | - djm@cvs.openbsd.org 2005/02/18 03:05:53 | ||
1666 | [canohost.c] | ||
1667 | better error messages for getnameinfo failures; ok dtucker@ | ||
1668 | - djm@cvs.openbsd.org 2005/02/20 22:59:06 | ||
1669 | [sftp.c] | ||
1670 | turn on ssh batch mode when in sftp batch mode, patch from | ||
1671 | jdmossh AT nand.net; | ||
1672 | ok markus@ | ||
1673 | - jmc@cvs.openbsd.org 2005/02/25 10:55:13 | ||
1674 | [sshd.8] | ||
1675 | add /etc/motd and $HOME/.hushlogin to FILES; | ||
1676 | from michael knudsen; | ||
1677 | - djm@cvs.openbsd.org 2005/02/28 00:54:10 | ||
1678 | [ssh_config.5] | ||
1679 | bz#849: document timeout on untrusted x11 forwarding sessions. Reported by | ||
1680 | orion AT cora.nwra.com; ok markus@ | ||
1681 | - djm@cvs.openbsd.org 2005/03/01 10:09:52 | ||
1682 | [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] | ||
1683 | [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] | ||
1684 | [sshd_config.5] | ||
1685 | bz#413: allow optional specification of bind address for port forwardings. | ||
1686 | Patch originally by Dan Astorian, but worked on by several people | ||
1687 | Adds GatewayPorts=clientspecified option on server to allow remote | ||
1688 | forwards to bind to client-specified ports. | ||
1689 | - djm@cvs.openbsd.org 2005/03/01 10:40:27 | ||
1690 | [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] | ||
1691 | [sshconnect.c sshd.8] | ||
1692 | add support for hashing host names and addresses added to known_hosts | ||
1693 | files, to improve privacy of which hosts user have been visiting; ok | ||
1694 | markus@ deraadt@ | ||
1695 | - djm@cvs.openbsd.org 2005/03/01 10:41:28 | ||
1696 | [ssh-keyscan.1 ssh-keyscan.c] | ||
1697 | option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ | ||
1698 | - djm@cvs.openbsd.org 2005/03/01 10:42:49 | ||
1699 | [ssh-keygen.1 ssh-keygen.c ssh_config.5] | ||
1700 | add tools for managing known_hosts files with hashed hostnames, including | ||
1701 | hashing existing files and deleting hosts by name; ok markus@ deraadt@ | ||
1702 | |||
1703 | 20050226 | ||
1704 | - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] | ||
1705 | Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. | ||
1706 | - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] | ||
1707 | Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any | ||
1708 | more. Patch from vinschen at redhat.com. | ||
1709 | - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the | ||
1710 | binaries without the config files. Primarily useful for packaging. | ||
1711 | Patch from phil at usc.edu. ok djm@ | ||
1712 | |||
1713 | 20050224 | ||
1714 | - (djm) [configure.ac] in_addr_t test needs sys/types.h too | ||
1715 | |||
1716 | 20050222 | ||
1717 | - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from | ||
1718 | vinschen at redhat.com. | ||
1719 | |||
1720 | 20050220 | ||
1721 | - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac | ||
1722 | defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure | ||
1723 | --with-audit=bsm to enable. Patch originally from Sun Microsystems, | ||
1724 | parts by John R. Jackson. ok djm@ | ||
1725 | - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes | ||
1726 | unrelated platforms to be configured incorrectly. | ||
1727 | |||
1728 | 20050216 | ||
1729 | - (djm) write seed to temporary file and atomically rename into place; | ||
1730 | ok dtucker@ | ||
1731 | - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called | ||
1732 | via mkstemp in some configurations. ok djm@ | ||
1733 | - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined | ||
1734 | by the system headers. | ||
1735 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant | ||
1736 | Unix; prevents problems relating to the location of -lresolv in the | ||
1737 | link order. | ||
1738 | - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic | ||
1739 | authentication early enough to be available to PAM session modules when | ||
1740 | privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam | ||
1741 | Hartman and similar to Debian's ssh-krb5 package. | ||
1742 | - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more | ||
1743 | compiler warnings on AIX. | ||
1744 | |||
1745 | 20050215 | ||
1746 | - (dtucker) [config.sh.in] Collect oslevel -r too. | ||
1747 | - (dtucker) [README.platform auth.c configure.ac loginrec.c | ||
1748 | openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 | ||
1749 | on AIX where possible (see README.platform for details) and work around | ||
1750 | a misfeature of AIX's getnameinfo. ok djm@ | ||
1751 | - (dtucker) [loginrec.c] Add missing #include. | ||
1752 | |||
1753 | 20050211 | ||
1754 | - (dtucker) [configure.ac] Tidy up configure --help output. | ||
1755 | - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. | ||
1756 | |||
1757 | 20050210 | ||
1758 | - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the | ||
1759 | --disable-etc-default-login configure option. | ||
1760 | |||
1761 | 20050209 | ||
1762 | - (dtucker) OpenBSD CVS Sync | ||
1763 | - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 | ||
1764 | [ssh_config] | ||
1765 | Make it clear that the example entries in ssh_config are only some of the | ||
1766 | commonly-used options and refer the user to ssh_config(5) for more | ||
1767 | details; ok djm@ | ||
1768 | - jmc@cvs.openbsd.org 2005/01/28 15:05:43 | ||
1769 | [ssh_config.5] | ||
1770 | grammar; | ||
1771 | - jmc@cvs.openbsd.org 2005/01/28 18:14:09 | ||
1772 | [ssh_config.5] | ||
1773 | wording; | ||
1774 | ok markus@ | ||
1775 | - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 | ||
1776 | [monitor.c] | ||
1777 | Make code match intent; ok djm@ | ||
1778 | - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 | ||
1779 | [sshd.c] | ||
1780 | Provide reason in error message if getnameinfo fails; ok markus@ | ||
1781 | - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call | ||
1782 | disable_forwarding() from compat library. Prevent linker errrors trying | ||
1783 | to resolve it for binaries other than sshd. ok djm@ | ||
1784 | - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir | ||
1785 | paths. ok djm@ | ||
1786 | - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require | ||
1787 | the username to be passed to the passwd command when changing expired | ||
1788 | passwords. ok djm@ | ||
1789 | |||
1790 | 20050208 | ||
1791 | - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the | ||
1792 | regress tests so newer versions of GNU head(1) behave themselves. Patch | ||
1793 | by djm, so ok me. | ||
1794 | - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. | ||
1795 | - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c | ||
1796 | monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit | ||
1797 | defines and enums with SSH_ to prevent namespace collisions on some | ||
1798 | platforms (eg AIX). | ||
1799 | |||
1800 | 20050204 | ||
1801 | - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. | ||
1802 | - (dtucker) [auth.c] Fix parens in audit log check. | ||
1803 | |||
1804 | 20050202 | ||
1805 | - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath | ||
1806 | rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ | ||
1807 | - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] | ||
1808 | Make record_failed_login() call provide hostname rather than having the | ||
1809 | implementations having to do lookups themselves. Only affects AIX and | ||
1810 | UNICOS (the latter only uses the "user" parameter anyway). ok djm@ | ||
1811 | - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child | ||
1812 | the process. Since we also unset KRB5CCNAME at startup, if it's set after | ||
1813 | authentication it must have been set by the platform's native auth system. | ||
1814 | This was already done for AIX; this enables it for the general case. | ||
1815 | - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] | ||
1816 | Bug #974: Teach sshd to write failed login records to btmp for failed auth | ||
1817 | attempts (currently only for password, kbdint and C/R, only on Linux and | ||
1818 | HP-UX), based on code from login.c from util-linux. With ashok_kovai at | ||
1819 | hotmail.com, ok djm@ | ||
1820 | - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c | ||
1821 | monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: | ||
1822 | (first stage) Add audit instrumentation to sshd, currently disabled by | ||
1823 | default. with suggestions from and ok djm@ | ||
1824 | |||
1825 | 20050201 | ||
1826 | - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some | ||
1827 | platforms syslog will revert to its default values. This may result in | ||
1828 | messages from external libraries (eg libwrap) being sent to a different | ||
1829 | facility. | ||
1830 | - (dtucker) [sshd_config.5] Bug #701: remove warning about | ||
1831 | keyboard-interactive since this is no longer the case. | ||
1832 | |||
1833 | 20050124 | ||
1834 | - (dtucker) OpenBSD CVS Sync | ||
1835 | - otto@cvs.openbsd.org 2005/01/21 08:32:02 | ||
1836 | [auth-passwd.c sshd.c] | ||
1837 | Warn in advance for password and account expiry; initialize loginmsg | ||
1838 | buffer earlier and clear it after privsep fork. ok and help dtucker@ | ||
1839 | markus@ | ||
1840 | - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 | ||
1841 | [auth.c] | ||
1842 | Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and | ||
1843 | DenyGroups. bz #909, ok djm@ | ||
1844 | - djm@cvs.openbsd.org 2005/01/23 10:18:12 | ||
1845 | [cipher.c] | ||
1846 | config option "Ciphers" should be case-sensitive; ok dtucker@ | ||
1847 | - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 | ||
1848 | [scp.c sftp.c] | ||
1849 | Have scp and sftp wait for the spawned ssh to exit before they exit | ||
1850 | themselves. This prevents ssh from being unable to restore terminal | ||
1851 | modes (not normally a problem on OpenBSD but common with -Portable | ||
1852 | on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); | ||
1853 | ok djm@ markus@ | ||
1854 | - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 | ||
1855 | [moduli] | ||
1856 | Import new moduli; requested by deraadt@ a week ago | ||
1857 | - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 | ||
1858 | [auth-passwd.c] | ||
1859 | #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ | ||
1860 | |||
1861 | 20050120 | ||
1862 | - (dtucker) OpenBSD CVS Sync | ||
1863 | - markus@cvs.openbsd.org 2004/12/23 17:35:48 | ||
1864 | [session.c] | ||
1865 | check for NULL; from mpech | ||
1866 | - markus@cvs.openbsd.org 2004/12/23 17:38:07 | ||
1867 | [ssh-keygen.c] | ||
1868 | leak; from mpech | ||
1869 | - djm@cvs.openbsd.org 2004/12/23 23:11:00 | ||
1870 | [servconf.c servconf.h sshd.c sshd_config sshd_config.5] | ||
1871 | bz #898: support AddressFamily in sshd_config. from | ||
1872 | peak@argo.troja.mff.cuni.cz; ok deraadt@ | ||
1873 | - markus@cvs.openbsd.org 2005/01/05 08:51:32 | ||
1874 | [sshconnect.c] | ||
1875 | remove dead code, log connect() failures with level error, ok djm@ | ||
1876 | - jmc@cvs.openbsd.org 2005/01/08 00:41:19 | ||
1877 | [sshd_config.5] | ||
1878 | `login'(n) -> `log in'(v); | ||
1879 | - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 | ||
1880 | [moduli.c] | ||
1881 | Correct spelling: SCHNOOR->SCHNORR; ok djm@ | ||
1882 | - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 | ||
1883 | [sshd.c] | ||
1884 | Make debugging output continue after reexec; ok djm@ | ||
1885 | - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 | ||
1886 | [auth-bsdauth.c auth2-chall.c] | ||
1887 | Have keyboard-interactive code call the drivers even for responses for | ||
1888 | invalid logins. This allows the drivers themselves to decide how to | ||
1889 | handle them and prevent leaking information where possible. Existing | ||
1890 | behaviour for bsdauth is maintained by checking authctxt->valid in the | ||
1891 | bsdauth driver. Note that any third-party kbdint drivers will now need | ||
1892 | to be able to handle responses for invalid logins. ok markus@ | ||
1893 | - djm@cvs.openbsd.org 2004/12/22 02:13:19 | ||
1894 | [cipher-ctr.c cipher.c] | ||
1895 | remove fallback AES support for old OpenSSL, as OpenBSD has had it for | ||
1896 | many years now; ok deraadt@ | ||
1897 | (Id sync only: Portable will continue to support older OpenSSLs) | ||
1898 | - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user | ||
1899 | existence via keyboard-interactive/pam, in conjunction with previous | ||
1900 | auth2-chall.c change; with Colin Watson and djm. | ||
1901 | - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 | ||
1902 | bytes to prevent errors from login_init_entry() when the username is | ||
1903 | exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ | ||
1904 | - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from | ||
1905 | the list of available kbdint devices if UsePAM=no. ok djm@ | ||
1906 | |||
1907 | 20050118 | ||
1908 | - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement | ||
1909 | "make survey" and "make send-survey". This will provide data on the | ||
1910 | configure parameters, platform and platform features to the development | ||
1911 | team, which will allow (among other things) better targetting of testing. | ||
1912 | It's entirely voluntary and is off be default. ok djm@ | ||
1913 | - (dtucker) [survey.sh.in] Remove any blank lines from the output of | ||
1914 | ccver-v and ccver-V. | ||
1915 | |||
1916 | 20041220 | ||
1917 | - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading | ||
1918 | from prngd is enabled at compile time but fails at run time, eg because | ||
1919 | prngd is not running. Note that if you have prngd running when OpenSSH is | ||
1920 | built, OpenSSL will consider itself internally seeded and rand-helper won't | ||
1921 | be built at all unless explicitly enabled via --with-rand-helper. ok djm@ | ||
1922 | - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since | ||
1923 | on some wacky platforms (eg old AIXes), dd will refuse to create an output | ||
1924 | file if it doesn't exist. | ||
1925 | |||
1926 | 20041213 | ||
1927 | - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from | ||
1928 | amarendra.godbole at ge com. | ||
1929 | |||
1930 | 20041211 | ||
1931 | - (dtucker) OpenBSD CVS Sync | ||
1932 | - markus@cvs.openbsd.org 2004/12/06 16:00:43 | ||
1933 | [bufaux.c] | ||
1934 | use 0x00 not \0 since buf[] is a bignum | ||
1935 | - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 | ||
1936 | [sftp.c] | ||
1937 | - fix globbed ls for paths the same lenght as the globbed path when | ||
1938 | we have a unique matching. | ||
1939 | - fix globbed ls in case of a directory when we have a unique matching. | ||
1940 | - as a side effect, if the path does not exist error (used to silently | ||
1941 | ignore). | ||
1942 | - don't do extra do_lstat() if we only have one matching file. | ||
1943 | djm@ ok | ||
1944 | - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 | ||
1945 | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] | ||
1946 | Fix debug call in error path of authorized_keys processing and fix related | ||
1947 | warnings; ok djm@ | ||
1948 | |||
1949 | 20041208 | ||
1950 | - (tim) [configure.ac] Comment some non obvious platforms in the | ||
1951 | target-specific case statement. Suggested and OK by dtucker@ | ||
1952 | |||
1953 | 20041207 | ||
1954 | - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. | ||
1955 | |||
1956 | 20041206 | ||
1957 | - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ | ||
1958 | - (dtucker) OpenBSD CVS Sync | ||
1959 | - markus@cvs.openbsd.org 2004/11/25 22:22:14 | ||
1960 | [sftp-client.c sftp.c] | ||
1961 | leak; from mpech | ||
1962 | - jmc@cvs.openbsd.org 2004/11/29 00:05:17 | ||
1963 | [sftp.1] | ||
1964 | missing full stop; | ||
1965 | - djm@cvs.openbsd.org 2004/11/29 07:41:24 | ||
1966 | [sftp-client.h sftp.c] | ||
1967 | Some small fixes from moritz@jodeit.org. ok deraadt@ | ||
1968 | - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 | ||
1969 | [sftp.1] | ||
1970 | - explain that patterns can be used as arguments in get/put/ls/etc | ||
1971 | commands (prodded by Michael Knudsen) | ||
1972 | - describe ls flags as a list | ||
1973 | - other minor improvements | ||
1974 | ok jmc, djm | ||
1975 | - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 | ||
1976 | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] | ||
1977 | Discard over-length authorized_keys entries rather than complaining when | ||
1978 | they don't decode. bz #884, with & ok djm@ | ||
1979 | - (dtucker) OpenBSD CVS Sync (regress/) | ||
1980 | - djm@cvs.openbsd.org 2004/06/26 06:16:07 | ||
1981 | [reexec.sh] | ||
1982 | don't change the name of the copied sshd for the reexec fallback test, | ||
1983 | makes life simpler for portable | ||
1984 | - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 | ||
1985 | [scp.sh] | ||
1986 | Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ | ||
1987 | - david@cvs.openbsd.org 2004/07/09 19:45:43 | ||
1988 | [Makefile] | ||
1989 | add a missing CLEANFILES used in the re-exec test | ||
1990 | - djm@cvs.openbsd.org 2004/10/08 02:01:50 | ||
1991 | [reexec.sh] | ||
1992 | shrink and tidy; ok dtucker@ | ||
1993 | - djm@cvs.openbsd.org 2004/10/29 23:59:22 | ||
1994 | [Makefile added brokenkeys.sh] | ||
1995 | regression test for handling of corrupt keys in authorized_keys file | ||
1996 | - djm@cvs.openbsd.org 2004/11/07 00:32:41 | ||
1997 | [multiplex.sh] | ||
1998 | regression tests for new multiplex commands | ||
1999 | - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 | ||
2000 | [test-exec.sh] | ||
2001 | Remove obsolete RhostsAuthentication from test config; ok markus@ | ||
2002 | - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 | ||
2003 | [test-exec.sh] | ||
2004 | Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ | ||
2005 | |||
2006 | 20041203 | ||
2007 | - (dtucker) OpenBSD CVS Sync | ||
2008 | - jmc@cvs.openbsd.org 2004/11/07 17:42:36 | ||
2009 | [ssh.1] | ||
2010 | options sort, and whitespace; | ||
2011 | - jmc@cvs.openbsd.org 2004/11/07 17:57:30 | ||
2012 | [ssh.c] | ||
2013 | usage(): | ||
2014 | - add -O | ||
2015 | - sync -S w/ manpage | ||
2016 | - remove -h | ||
2017 | - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is | ||
2018 | subsequently denied by the PAM auth stack, send the PAM message to the | ||
2019 | user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). | ||
2020 | ok djm@ | ||
2021 | |||
2022 | 20041107 | ||
2023 | - (dtucker) OpenBSD CVS Sync | ||
2024 | - djm@cvs.openbsd.org 2004/11/05 12:19:56 | ||
2025 | [sftp.c] | ||
2026 | command editing and history support via libedit; ok markus@ | ||
2027 | thanks to hshoexer@ and many testers on tech@ too | ||
2028 | - djm@cvs.openbsd.org 2004/11/07 00:01:46 | ||
2029 | [clientloop.c clientloop.h ssh.1 ssh.c] | ||
2030 | add basic control of a running multiplex master connection; including the | ||
2031 | ability to check its status and request it to exit; ok markus@ | ||
2032 | - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure | ||
2033 | option and supporting makefile bits and documentation. | ||
2034 | |||
2035 | 20041105 | ||
2036 | - (dtucker) OpenBSD CVS Sync | ||
2037 | - markus@cvs.openbsd.org 2004/08/30 09:18:08 | ||
2038 | [LICENCE] | ||
2039 | s/keygen/keyscan/ | ||
2040 | - jmc@cvs.openbsd.org 2004/08/30 21:22:49 | ||
2041 | [ssh-add.1 ssh.1] | ||
2042 | .Xsession -> .xsession; | ||
2043 | originally from a pr from f at obiit dot org, but missed by myself; | ||
2044 | ok markus@ matthieu@ | ||
2045 | - djm@cvs.openbsd.org 2004/09/07 23:41:30 | ||
2046 | [clientloop.c ssh.c] | ||
2047 | cleanup multiplex control socket on SIGHUP too, spotted by sturm@ | ||
2048 | ok markus@ deraadt@ | ||
2049 | - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 | ||
2050 | [ssh.c] | ||
2051 | /* fallthrough */ is something a programmer understands. But | ||
2052 | /* FALLTHROUGH */ is also understood by lint, so that is better. | ||
2053 | - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 | ||
2054 | [sshd_config.5] | ||
2055 | mention PrintLastLog only prints last login time for interactive | ||
2056 | sessions, like PrintMotd mentions. | ||
2057 | From Michael Knudsen, with wording changed slightly to match the | ||
2058 | PrintMotd description. | ||
2059 | ok djm | ||
2060 | - mickey@cvs.openbsd.org 2004/09/15 18:42:27 | ||
2061 | [sshd.c] | ||
2062 | use less doubles in daemons; markus@ ok | ||
2063 | - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 | ||
2064 | [scp.c] | ||
2065 | scratch that do { } while (0) wrapper in this case | ||
2066 | - djm@cvs.openbsd.org 2004/09/23 13:00:04 | ||
2067 | [ssh.c] | ||
2068 | correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ | ||
2069 | - djm@cvs.openbsd.org 2004/09/25 03:45:14 | ||
2070 | [sshd.c] | ||
2071 | these printf args are no longer double; ok deraadt@ markus@ | ||
2072 | - djm@cvs.openbsd.org 2004/10/07 10:10:24 | ||
2073 | [scp.1 sftp.1 ssh.1 ssh_config.5] | ||
2074 | document KbdInteractiveDevices; ok markus@ | ||
2075 | - djm@cvs.openbsd.org 2004/10/07 10:12:36 | ||
2076 | [ssh-agent.c] | ||
2077 | don't unlink agent socket when bind() fails, spotted by rich AT | ||
2078 | rich-paul.net, ok markus@ | ||
2079 | - markus@cvs.openbsd.org 2004/10/20 11:48:53 | ||
2080 | [packet.c ssh1.h] | ||
2081 | disconnect for invalid (out of range) message types. | ||
2082 | - djm@cvs.openbsd.org 2004/10/29 21:47:15 | ||
2083 | [channels.c channels.h clientloop.c] | ||
2084 | fix some window size change bugs for multiplexed connections: windows sizes | ||
2085 | were not being updated if they had changed after ~^Z suspends and SIGWINCH | ||
2086 | was not being processed unless the first connection had requested a tty; | ||
2087 | ok markus | ||
2088 | - djm@cvs.openbsd.org 2004/10/29 22:53:56 | ||
2089 | [clientloop.c misc.h readpass.c ssh-agent.c] | ||
2090 | factor out common permission-asking code to separate function; ok markus@ | ||
2091 | - djm@cvs.openbsd.org 2004/10/29 23:56:17 | ||
2092 | [bufaux.c bufaux.h buffer.c buffer.h] | ||
2093 | introduce a new buffer API that returns an error rather than fatal()ing | ||
2094 | when presented with bad data; ok markus@ | ||
2095 | - djm@cvs.openbsd.org 2004/10/29 23:57:05 | ||
2096 | [key.c] | ||
2097 | use new buffer API to avoid fatal errors on corrupt keys in authorized_keys | ||
2098 | files; ok markus@ | ||
2099 | |||
2100 | 20041102 | ||
2101 | - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX | ||
2102 | 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ | ||
2103 | only if a conflict is detected. | ||
2104 | |||
2105 | 20041019 | ||
2106 | - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or | ||
2107 | on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ | ||
2108 | |||
2109 | 20041016 | ||
2110 | - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; | ||
2111 | ok dtucker@ | ||
2112 | |||
2113 | 20041006 | ||
2114 | - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode | ||
2115 | and other PAM platforms. | ||
2116 | - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants | ||
2117 | to void * to appease picky compilers (eg Tru64's "cc -std1"). | ||
2118 | |||
2119 | 20040930 | ||
2120 | - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ | ||
2121 | |||
2122 | 20040923 | ||
2123 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, | ||
2124 | which could have caused the justification to be wrong. ok djm@ | ||
2125 | |||
2126 | 20040921 | ||
2127 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. | ||
2128 | ok djm@ | ||
2129 | - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin | ||
2130 | install process. Patch from vinschen at redhat.com. | ||
2131 | |||
2132 | 20040912 | ||
2133 | - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. | ||
2134 | No change in resultant binary | ||
2135 | - (djm) [loginrec.c] __func__ifiy | ||
2136 | - (djm) [loginrec.c] xmalloc | ||
2137 | - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol | ||
2138 | banner. Suggested by deraadt@, ok mouring@, dtucker@ | ||
2139 | - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. | ||
2140 | Partly by & ok djm@. | ||
2141 | |||
2142 | 20040911 | ||
2143 | - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ | ||
2144 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from | ||
2145 | failing PAM session modules to user then exit, similar to the way | ||
2146 | /etc/nologin is handled. ok djm@ | ||
2147 | - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. | ||
2148 | - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] | ||
2149 | Make cygwin code more consistent with that which surrounds it | ||
2150 | - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] | ||
2151 | Bug #892: Send messages from failing PAM account modules to the client via | ||
2152 | SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with | ||
2153 | SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ | ||
2154 | - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ | ||
2155 | - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. | ||
2156 | Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ | ||
2157 | - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert | ||
2158 | at anl.gov, ok djm@ | ||
2159 | |||
2160 | 20040830 | ||
2161 | - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only | ||
2162 | copy required environment variables on Cygwin. Patch from vinschen at | ||
2163 | redhat.com, ok djm@ | ||
2164 | - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from | ||
2165 | vinschen at redhat.com. | ||
2166 | - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability | ||
2167 | of shell constructs. Patch from cjwatson at debian.org. | ||
2168 | |||
2169 | 20040829 | ||
2170 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from | ||
2171 | failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. | ||
2172 | From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ | ||
2173 | - (dtucker) OpenBSD CVS Sync | ||
2174 | - djm@cvs.openbsd.org 2004/08/23 11:48:09 | ||
2175 | [authfile.c] | ||
2176 | fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus | ||
2177 | - djm@cvs.openbsd.org 2004/08/23 11:48:47 | ||
2178 | [channels.c] | ||
2179 | typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus | ||
2180 | - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 | ||
2181 | [ssh-keysign.c ssh.c] | ||
2182 | Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches | ||
2183 | change in Portable; ok markus@ (CVS ID sync only) | ||
2184 | - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 | ||
2185 | [ssh-keysign.c] | ||
2186 | Remove duplicate getuid(), suggested by & ok markus@ | ||
2187 | - markus@cvs.openbsd.org 2004/08/26 16:00:55 | ||
2188 | [ssh.1 sshd.8] | ||
2189 | get rid of references to rhosts authentication; with jmc@ | ||
2190 | - djm@cvs.openbsd.org 2004/08/28 01:01:48 | ||
2191 | [sshd.c] | ||
2192 | don't erroneously close stdin for !reexec case, from Dave Johnson; | ||
2193 | ok markus@ | ||
2194 | - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, | ||
2195 | fixes configure warning on Solaris reported by wknox at mitre.org. | ||
2196 | - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not | ||
2197 | support FD passing since multiplex requires it. Noted by tim@ | ||
2198 | - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn | ||
2199 | down, needed on some platforms, should be harmless on others. Patch from | ||
2200 | jason at devrandom.org. | ||
2201 | - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like | ||
2202 | files ending in .exe that aren't binaries; patch from vinschen at redhat.com. | ||
2203 | - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree | ||
2204 | builds too, from vinschen at redhat.com. | ||
2205 | - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 | ||
2206 | too; patch from cmadams at hiwaay.net. | ||
2207 | - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. | ||
2208 | - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for | ||
2209 | accounts with authentication configs that sshd can't support (ie | ||
2210 | SYSTEM=NONE and AUTH1=something). | ||
2211 | |||
2212 | 20040828 | ||
2213 | - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from | ||
2214 | vinschen at redhat.com. | ||
2215 | |||
2216 | 20040823 | ||
2217 | - (djm) [ssh-rand-helper.c] Typo. Found by | ||
2218 | Martin.Kraemer AT Fujitsu-Siemens.com | ||
2219 | - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by | ||
2220 | Martin.Kraemer AT Fujitsu-Siemens.com | ||
2221 | |||
2222 | 20040817 | ||
2223 | - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. | ||
2224 | - (djm) OpenBSD CVS Sync | ||
2225 | - markus@cvs.openbsd.org 2004/08/16 08:17:01 | ||
2226 | [version.h] | ||
2227 | 3.9 | ||
2228 | - (djm) Crank RPM spec version numbers | ||
2229 | - (djm) Release 3.9p1 | ||
2230 | |||
2231 | 20040816 | ||
2232 | - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root | ||
2233 | to convince Solaris PAM to honour password complexity rules. ok djm@ | ||
2234 | |||
2235 | 20040815 | ||
2236 | - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since | ||
2237 | it does the right thing on all platforms. ok djm@ | ||
2238 | - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in | ||
2239 | openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c | ||
2240 | openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter | ||
2241 | closefrom() replacement from sudo; ok dtucker@ | ||
2242 | - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker | ||
2243 | - (dtucker) [Makefile.in] Fix typo. | ||
2244 | |||
2245 | 20040814 | ||
2246 | - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c] | ||
2247 | Explicitly set umask for mkstemp; ok djm@ | ||
2248 | - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise | ||
2249 | prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@ | ||
2250 | - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] | ||
2251 | Plug AIX login recording into login_write so logins will be recorded for | ||
2252 | all auth types. | ||
2253 | |||
2254 | 20040813 | ||
2255 | - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at | ||
2256 | redhat.com | ||
2257 | - (dtucker) OpenBSD CVS Sync | ||
2258 | - avsm@cvs.openbsd.org 2004/08/11 21:43:05 | ||
2259 | [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] | ||
2260 | some signed/unsigned int comparison cleanups; markus@ ok | ||
2261 | - avsm@cvs.openbsd.org 2004/08/11 21:44:32 | ||
2262 | [authfd.c scp.c ssh-keyscan.c] | ||
2263 | use atomicio instead of homegrown equivalents or read/write. | ||
2264 | markus@ ok | ||
2265 | - djm@cvs.openbsd.org 2004/08/12 09:18:24 | ||
2266 | [sshlogin.c] | ||
2267 | typo in error message, spotted by moritz AT jodeit.org (Id sync only) | ||
2268 | - jakob@cvs.openbsd.org 2004/08/12 21:41:13 | ||
2269 | [ssh-keygen.1 ssh.1] | ||
2270 | improve SSHFP documentation; ok deraadt@ | ||
2271 | - jmc@cvs.openbsd.org 2004/08/13 00:01:43 | ||
2272 | [ssh-keygen.1] | ||
2273 | kill whitespace at eol; | ||
2274 | - djm@cvs.openbsd.org 2004/08/13 02:51:48 | ||
2275 | [monitor_fdpass.c] | ||
2276 | extra check for no message case; ok markus, deraadt, hshoexer, henning | ||
2277 | - dtucker@cvs.openbsd.org 2004/08/13 11:09:24 | ||
2278 | [servconf.c] | ||
2279 | Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr | ||
2280 | ok markus@, djm@ | ||
2281 | |||
2282 | 20040812 | ||
2283 | - (dtucker) [sshd.c] Remove duplicate variable imported during sync. | ||
2284 | - (dtucker) OpenBSD CVS Sync | ||
2285 | - markus@cvs.openbsd.org 2004/07/28 08:56:22 | ||
2286 | [sshd.c] | ||
2287 | call setsid() _before_ re-exec | ||
2288 | - markus@cvs.openbsd.org 2004/07/28 09:40:29 | ||
2289 | [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c | ||
2290 | sshconnect1.c] | ||
2291 | more s/illegal/invalid/ | ||
2292 | - djm@cvs.openbsd.org 2004/08/04 10:37:52 | ||
2293 | [dh.c] | ||
2294 | return group14 when no primes found - fixes hang on empty /etc/moduli; | ||
2295 | ok markus@ | ||
2296 | - dtucker@cvs.openbsd.org 2004/08/11 11:09:54 | ||
2297 | [servconf.c] | ||
2298 | Fix minor leak; "looks right" deraadt@ | ||
2299 | - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 | ||
2300 | [sshd.c] | ||
2301 | Don't try to close startup_pipe if it's not open; ok djm@ | ||
2302 | - djm@cvs.openbsd.org 2004/08/11 11:59:22 | ||
2303 | [sshlogin.c] | ||
2304 | check that lseek went were we told it to; ok markus@ | ||
2305 | (Id sync only, but similar changes are needed in loginrec.c) | ||
2306 | - djm@cvs.openbsd.org 2004/08/11 12:01:16 | ||
2307 | [sshlogin.c] | ||
2308 | make store_lastlog_message() static to appease -Wall; ok markus | ||
2309 | - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling | ||
2310 | messages generated before the postauth privsep split. | ||
2311 | |||
2312 | 20040720 | ||
2313 | - (djm) OpenBSD CVS Sync | ||
2314 | - markus@cvs.openbsd.org 2004/07/21 08:56:12 | ||
2315 | [auth.c] | ||
2316 | s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, | ||
2317 | miod, ... | ||
2318 | - djm@cvs.openbsd.org 2004/07/21 10:33:31 | ||
2319 | [auth1.c auth2.c] | ||
2320 | bz#899: Don't display invalid usernames in setproctitle | ||
2321 | from peak AT argo.troja.mff.cuni.cz; ok markus@ | ||
2322 | - djm@cvs.openbsd.org 2004/07/21 10:36:23 | ||
2323 | [gss-serv-krb5.c] | ||
2324 | fix function declaration | ||
2325 | - djm@cvs.openbsd.org 2004/07/21 11:51:29 | ||
2326 | [canohost.c] | ||
2327 | bz#902: cache remote port so we don't fatal() in auth_log when remote | ||
2328 | connection goes away quickly. from peak AT argo.troja.mff.cuni.cz; | ||
2329 | ok markus@ | ||
2330 | - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid | ||
2331 | usernames in setproctitle from peak AT argo.troja.mff.cuni.cz; | ||
2332 | |||
2333 | 20040720 | ||
2334 | - (djm) [log.c] bz #111: Escape more control characters when sending data | ||
2335 | to syslog; from peak AT argo.troja.mff.cuni.cz | ||
2336 | - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from | ||
2337 | peak AT argo.troja.mff.cuni.cz | ||
2338 | - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now | ||
2339 | that sshd is fixed to behave better; suggested by tim | ||
2340 | |||
2341 | 20040719 | ||
2342 | - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD | ||
2343 | ok dtucker@ | ||
2344 | - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function, | ||
2345 | instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@ | ||
2346 | - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry. | ||
2347 | Report by rac AT tenzing.org | ||
2348 | |||
2349 | 20040717 | ||
2350 | - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c | ||
2351 | ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c | ||
2352 | openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces | ||
2353 | diff vs OpenBSD; ok mouring@, tested by tim@ too. | ||
2354 | - (dtucker) OpenBSD CVS Sync | ||
2355 | - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 | ||
2356 | [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c | ||
2357 | readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c | ||
2358 | session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h | ||
2359 | sshd.c ttymodes.h] | ||
2360 | spaces | ||
2361 | - brad@cvs.openbsd.org 2004/07/12 23:34:25 | ||
2362 | [ssh-keyscan.1] | ||
2363 | Fix incorrect macro, .I -> .Em | ||
2364 | From: Eric S. Raymond <esr at thyrsus dot com> | ||
2365 | ok jmc@ | ||
2366 | - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 | ||
2367 | [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] | ||
2368 | Move "Last logged in at.." message generation to the monitor, right | ||
2369 | before recording the new login. Fixes missing lastlog message when | ||
2370 | /var/log/lastlog is not world-readable and incorrect datestamp when | ||
2371 | multiple sessions are used (bz #463); much assistance & ok markus@ | ||
2372 | |||
2373 | 20040711 | ||
2374 | - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows | ||
2375 | the monitor to properly clean up the PAM thread (Debian bug #252676). | ||
2376 | |||
2377 | 20040709 | ||
2378 | - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from | ||
2379 | vinschen AT redhat.com | ||
2380 | |||
2381 | 20040708 | ||
2382 | - (dtucker) OpenBSD CVS Sync | ||
2383 | - dtucker@cvs.openbsd.org 2004/07/03 05:11:33 | ||
2384 | [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable) | ||
2385 | Use '\0' not 0 for string; ok djm@, deraadt@ | ||
2386 | - dtucker@cvs.openbsd.org 2004/07/03 11:02:25 | ||
2387 | [monitor_wrap.c] | ||
2388 | Put s/key functions inside #ifdef SKEY same as monitor.c, | ||
2389 | from des@freebsd via bz #330, ok markus@ | ||
2390 | - dtucker@cvs.openbsd.org 2004/07/08 12:47:21 | ||
2391 | [scp.c] | ||
2392 | Prevent scp from skipping the file following a double-error. | ||
2393 | bz #863, ok markus@ | ||
2394 | |||
2395 | 20040702 | ||
2396 | - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by | ||
2397 | strube at physik3.gwdg.de a long time ago. | ||
2398 | |||
2399 | 20040701 | ||
2400 | - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. | ||
2401 | Ensures messages from PAM modules are displayed when privsep=no. | ||
2402 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes | ||
2403 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ | ||
2404 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK | ||
2405 | to pam_authenticate for challenge-response auth too. Originally from | ||
2406 | fcusack at fcusack.com, ok djm@ | ||
2407 | - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within | ||
2408 | the same version. Handle the case where someone uses --with-privsep-user= | ||
2409 | and the user name does not match the group name. ok dtucker@ | ||
2410 | |||
2411 | 20040630 | ||
2412 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | ||
2413 | appdata_ptr to the conversation function. ok djm@ | ||
2414 | - (djm) OpenBSD CVS Sync | ||
2415 | - jmc@cvs.openbsd.org 2004/06/26 09:03:21 | ||
2416 | [ssh.1] | ||
2417 | - remove double word | ||
2418 | - rearrange .Bk to keep SYNOPSIS nice | ||
2419 | - -M before -m in options description | ||
2420 | - jmc@cvs.openbsd.org 2004/06/26 09:11:14 | ||
2421 | [ssh_config.5] | ||
2422 | punctuation and grammar fixes. also, keep the options in order. | ||
2423 | - jmc@cvs.openbsd.org 2004/06/26 09:14:40 | ||
2424 | [sshd_config.5] | ||
2425 | new sentence, new line; | ||
2426 | - avsm@cvs.openbsd.org 2004/06/26 20:07:16 | ||
2427 | [sshd.c] | ||
2428 | initialise some fd variables to -1, djm@ ok | ||
2429 | - djm@cvs.openbsd.org 2004/06/30 08:36:59 | ||
2430 | [session.c] | ||
2431 | unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@ | ||
2432 | |||
2433 | 20040627 | ||
2434 | - (tim) update README files. | ||
2435 | - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros. | ||
2436 | - (dtucker) [regress/README.regress] Document new variables. | ||
2437 | - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp | ||
2438 | rename handling for Linux which returns EPERM for link() on (at least some) | ||
2439 | filesystems that do not support hard links. sftp-server will fall back to | ||
2440 | stat+rename() in such cases. | ||
2441 | - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. | ||
2442 | |||
2443 | 20040626 | ||
2444 | - (djm) OpenBSD CVS Sync | ||
2445 | - djm@cvs.openbsd.org 2004/06/25 18:43:36 | ||
2446 | [sshd.c] | ||
2447 | fix broken fd handling in the re-exec fallback path, particularly when | ||
2448 | /dev/crypto is in use; ok deraadt@ markus@ | ||
2449 | - djm@cvs.openbsd.org 2004/06/25 23:21:38 | ||
2450 | [sftp.c] | ||
2451 | bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de | ||
2452 | |||
2453 | 20040625 | ||
2454 | - (dtucker) OpenBSD CVS Sync | ||
2455 | - djm@cvs.openbsd.org 2004/06/24 19:30:54 | ||
2456 | [servconf.c servconf.h sshd.c] | ||
2457 | re-exec sshd on accept(); initial work, final debugging and ok markus@ | ||
2458 | - djm@cvs.openbsd.org 2004/06/25 01:16:09 | ||
2459 | [sshd.c] | ||
2460 | only perform tcp wrappers checks when the incoming connection is on a | ||
2461 | socket. silences useless warnings from regress tests that use | ||
2462 | proxycommand="sshd -i". prompted by david@ ok markus@ | ||
2463 | - djm@cvs.openbsd.org 2004/06/24 19:32:00 | ||
2464 | [regress/Makefile regress/test-exec.sh, added regress/reexec.sh] | ||
2465 | regress test for re-exec corner cases | ||
2466 | - djm@cvs.openbsd.org 2004/06/25 01:25:12 | ||
2467 | [regress/test-exec.sh] | ||
2468 | clean reexec-specific junk out of text-exec.sh and simplify; idea markus@ | ||
2469 | - dtucker@cvs.openbsd.org 2004/06/25 05:38:48 | ||
2470 | [sftp-server.c] | ||
2471 | Fall back to stat+rename if filesystem doesn't doesn't support hard | ||
2472 | links. bz#823, ok djm@ | ||
2473 | - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h] | ||
2474 | Add closefrom() for platforms that don't have it. | ||
2475 | - (dtucker) [sshd.c] add line missing from reexec sync. | ||
2476 | |||
2477 | 20040623 | ||
2478 | - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 | ||
2479 | connections with empty passwords. Patch from davidwu at nbttech.com, | ||
2480 | ok djm@ | ||
2481 | - (dtucker) OpenBSD CVS Sync | ||
2482 | - dtucker@cvs.openbsd.org 2004/06/22 22:42:02 | ||
2483 | [regress/envpass.sh] | ||
2484 | Add quoting for test -z; ok markus@ | ||
2485 | - dtucker@cvs.openbsd.org 2004/06/22 22:45:52 | ||
2486 | [regress/test-exec.sh] | ||
2487 | Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding | ||
2488 | arbitary options to sshd_config and ssh_config during tests. ok markus@ | ||
2489 | - dtucker@cvs.openbsd.org 2004/06/22 22:55:56 | ||
2490 | [regress/dynamic-forward.sh regress/test-exec.sh] | ||
2491 | Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@ | ||
2492 | - mouring@cvs.openbsd.org 2004/06/23 00:39:38 | ||
2493 | [rijndael.c] | ||
2494 | -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@ | ||
2495 | - dtucker@cvs.openbsd.org 2004/06/23 14:31:01 | ||
2496 | [ssh.c] | ||
2497 | Fix counting in master/slave when passing environment variables; ok djm@ | ||
2498 | - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match | ||
2499 | -Wshadow change. | ||
2500 | - (bal) [Makefile.in] Remove opensshd.init on 'make distclean' | ||
2501 | - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] | ||
2502 | Move loginrestrictions test to port-aix.c, replace with a generic hook. | ||
2503 | - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable. | ||
2504 | - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added | ||
2505 | reference to "findssl.sh" | ||
2506 | |||
2507 | 20040622 | ||
2508 | - (dtucker) OpenBSD CVS Sync | ||
2509 | - djm@cvs.openbsd.org 2004/06/20 17:36:59 | ||
2510 | [ssh.c] | ||
2511 | filter passed env vars at slave in connection sharing case; ok markus@ | ||
2512 | - djm@cvs.openbsd.org 2004/06/20 18:53:39 | ||
2513 | [sftp.c] | ||
2514 | make "ls -l" listings print user/group names, add "ls -n" to show uid/gid | ||
2515 | (like /bin/ls); idea & ok markus@ | ||
2516 | - djm@cvs.openbsd.org 2004/06/20 19:28:12 | ||
2517 | [sftp.1] | ||
2518 | mention new -n flag | ||
2519 | - avsm@cvs.openbsd.org 2004/06/21 17:36:31 | ||
2520 | [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c | ||
2521 | cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c | ||
2522 | monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c | ||
2523 | ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c | ||
2524 | sshpty.c] | ||
2525 | make ssh -Wshadow clean, no functional changes | ||
2526 | markus@ ok | ||
2527 | - djm@cvs.openbsd.org 2004/06/21 17:53:03 | ||
2528 | [session.c] | ||
2529 | fix fd leak for multiple subsystem connections; with markus@ | ||
2530 | - djm@cvs.openbsd.org 2004/06/21 22:02:58 | ||
2531 | [log.h] | ||
2532 | mark fatal and cleanup exit as __dead; ok markus@ | ||
2533 | - djm@cvs.openbsd.org 2004/06/21 22:04:50 | ||
2534 | [sftp.c] | ||
2535 | introduce sorting for ls, same options as /bin/ls; ok markus@ | ||
2536 | - djm@cvs.openbsd.org 2004/06/21 22:30:45 | ||
2537 | [sftp.c] | ||
2538 | prefix ls option flags with LS_ | ||
2539 | - djm@cvs.openbsd.org 2004/06/21 22:41:31 | ||
2540 | [sftp.1] | ||
2541 | document sort options | ||
2542 | - djm@cvs.openbsd.org 2004/06/22 01:16:39 | ||
2543 | [sftp.c] | ||
2544 | don't show .files by default in ls, add -a option to turn them back on; | ||
2545 | ok markus | ||
2546 | - markus@cvs.openbsd.org 2004/06/22 03:12:13 | ||
2547 | [regress/envpass.sh regress/multiplex.sh] | ||
2548 | more portable env passing tests | ||
2549 | - dtucker@cvs.openbsd.org 2004/06/22 05:05:45 | ||
2550 | [monitor.c monitor_wrap.c] | ||
2551 | Change login->username, will prevent -Wshadow errors in Portable; | ||
2552 | ok markus@ | ||
2553 | - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket". | ||
2554 | - (dtucker) [defines.h] Define __dead if not already defined. | ||
2555 | - (bal) [auth-passwd.c auth1.c] Clean up unused variables. | ||
2556 | |||
2557 | 20040620 | ||
2558 | - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. | ||
2559 | |||
2560 | 20040619 | ||
2561 | - (dtucker) [auth-pam.c] Don't use PAM namespace for | ||
2562 | pam_password_change_required either. | ||
2563 | - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd | ||
2564 | init script to top level directory. Add opensshd.init.in. | ||
2565 | Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in | ||
2566 | |||
2567 | 20040618 | ||
2568 | - (djm) OpenBSD CVS Sync | ||
2569 | - djm@cvs.openbsd.org 2004/06/17 14:52:48 | ||
2570 | [clientloop.c clientloop.h ssh.c] | ||
2571 | support environment passing over shared connections; ok markus@ | ||
2572 | - djm@cvs.openbsd.org 2004/06/17 15:10:14 | ||
2573 | [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] | ||
2574 | Add option for confirmation (ControlMaster=ask) via ssh-askpass before | ||
2575 | opening shared connections; ok markus@ | ||
2576 | - djm@cvs.openbsd.org 2004/06/17 14:53:27 | ||
2577 | [regress/multiplex.sh] | ||
2578 | shared connection env passing regress test | ||
2579 | - (dtucker) [regress/README.regress] Add detail on how to run a single | ||
2580 | test from the top-level Makefile. | ||
2581 | - (dtucker) OpenBSD CVS Sync | ||
2582 | - djm@cvs.openbsd.org 2004/06/17 23:56:57 | ||
2583 | [ssh.1 ssh.c] | ||
2584 | sync usage() and SYNPOSIS with connection sharing changes | ||
2585 | - dtucker@cvs.openbsd.org 2004/06/18 06:13:25 | ||
2586 | [sftp.c] | ||
2587 | Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@ | ||
2588 | - dtucker@cvs.openbsd.org 2004/06/18 06:15:51 | ||
2589 | [multiplex.sh] | ||
2590 | Use -S for scp/sftp to force the use of the ssh being tested. | ||
2591 | ok djm@,markus@ | ||
2592 | - (djm) OpenBSD CVS Sync | ||
2593 | - djm@cvs.openbsd.org 2004/06/18 10:40:19 | ||
2594 | [ssh.c] | ||
2595 | delay signal handler setup until we have finished talking to the master. | ||
2596 | allow interrupting of setup (e.g. if master is stuck); ok markus@ | ||
2597 | - markus@cvs.openbsd.org 2004/06/18 10:55:43 | ||
2598 | [ssh.1 ssh.c] | ||
2599 | trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; | ||
2600 | ok djm | ||
2601 | - djm@cvs.openbsd.org 2004/06/18 11:11:54 | ||
2602 | [channels.c clientloop.c] | ||
2603 | Don't explode in clientloop when we receive a bogus channel id, but | ||
2604 | also don't generate them to begin with; ok markus@ | ||
2605 | |||
2606 | 20040617 | ||
2607 | - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some | ||
2608 | platforms), so test if diff understands it. Pointed out by tim@, ok djm@ | ||
2609 | - (dtucker) OpenBSD CVS Sync regress/ | ||
2610 | - dtucker@cvs.openbsd.org 2004/06/17 05:51:59 | ||
2611 | [regress/multiplex.sh] | ||
2612 | Remove datafile between and after tests, kill sshd rather than wait; | ||
2613 | ok djm@ | ||
2614 | - dtucker@cvs.openbsd.org 2004/06/17 06:00:05 | ||
2615 | [regress/multiplex.sh] | ||
2616 | Use DATA and COPY for test data rather than hard-coded paths; ok djm@ | ||
2617 | - dtucker@cvs.openbsd.org 2004/06/17 06:19:06 | ||
2618 | [regress/multiplex.sh] | ||
2619 | Add small description of failing test to failure message; ok djm@ | ||
2620 | - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need | ||
2621 | it. | ||
2622 | - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not | ||
2623 | enough for slow systems, especially if they don't have a kernel RNG). | ||
2624 | |||
2625 | 20040616 | ||
2626 | - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No | ||
2627 | code changes. | ||
2628 | - (dtucker) OpenBSD CVS Sync regress/ | ||
2629 | - djm@cvs.openbsd.org 2004/04/27 09:47:30 | ||
2630 | [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] | ||
2631 | regress test for environment passing, SendEnv & AcceptEnv options; | ||
2632 | ok markus@ | ||
2633 | - dtucker@cvs.openbsd.org 2004/06/13 13:51:02 | ||
2634 | [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh | ||
2635 | regress/scp.sh] | ||
2636 | Add scp regression test; with & ok markus@ | ||
2637 | - djm@cvs.openbsd.org 2004/06/13 15:04:08 | ||
2638 | [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] | ||
2639 | regress test for client multiplexing; ok markus@ | ||
2640 | - djm@cvs.openbsd.org 2004/06/13 15:16:54 | ||
2641 | [regress/test-exec.sh] | ||
2642 | remove duplicate setting of $SCP; spotted by markus@ | ||
2643 | - dtucker@cvs.openbsd.org 2004/06/16 13:15:09 | ||
2644 | [regress/scp.sh] | ||
2645 | Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@ | ||
2646 | - dtucker@cvs.openbsd.org 2004/06/16 13:16:40 | ||
2647 | [regress/multiplex.sh] | ||
2648 | Silence multiplex sftp and scp tests. ok markus@ | ||
2649 | - (dtucker) [regress/test-exec.sh] | ||
2650 | Move Portable-only StrictModes to top of list to make syncs easier. | ||
2651 | - (dtucker) [regress/README.regress] | ||
2652 | Add $TEST_SHELL to readme. | ||
2653 | |||
2654 | 20040615 | ||
2655 | - (djm) OpenBSD CVS Sync | ||
2656 | - djm@cvs.openbsd.org 2004/05/26 08:59:57 | ||
2657 | [sftp.c] | ||
2658 | exit -> _exit in forked child on error; from andrushock AT korovino.net | ||
2659 | - markus@cvs.openbsd.org 2004/05/26 23:02:39 | ||
2660 | [channels.c] | ||
2661 | missing freeaddrinfo; Andrey Matveev | ||
2662 | - dtucker@cvs.openbsd.org 2004/05/27 00:50:13 | ||
2663 | [readconf.c] | ||
2664 | Kill dead code after fatal(); ok djm@ | ||
2665 | - dtucker@cvs.openbsd.org 2004/06/01 14:20:45 | ||
2666 | [auth2-chall.c] | ||
2667 | Remove redundant #include; ok markus@ | ||
2668 | - pedro@cvs.openbsd.org 2004/06/03 12:22:20 | ||
2669 | [sftp-client.c sftp.c] | ||
2670 | initialize pointers, ok markus@ | ||
2671 | - djm@cvs.openbsd.org 2004/06/13 12:53:24 | ||
2672 | [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] | ||
2673 | [ssh-keyscan.c sshconnect2.c sshd.c] | ||
2674 | implement diffie-hellman-group14-sha1 kex method (trivial extension to | ||
2675 | existing diffie-hellman-group1-sha1); ok markus@ | ||
2676 | - dtucker@cvs.openbsd.org 2004/06/13 14:01:42 | ||
2677 | [ssh.1 ssh_config.5 sshd_config.5] | ||
2678 | List supported ciphers in man pages, tidy up ssh -c; | ||
2679 | "looks fine" jmc@, ok markus@ | ||
2680 | - djm@cvs.openbsd.org 2004/06/13 15:03:02 | ||
2681 | [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] | ||
2682 | [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] | ||
2683 | implement session multiplexing in the client (the server has supported | ||
2684 | this since 2.0); ok markus@ | ||
2685 | - djm@cvs.openbsd.org 2004/06/14 01:44:39 | ||
2686 | [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] | ||
2687 | [sshd.c] | ||
2688 | set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ | ||
2689 | - djm@cvs.openbsd.org 2004/06/15 05:45:04 | ||
2690 | [clientloop.c] | ||
2691 | missed one unset_nonblock; spotted by Tim Rice | ||
2692 | - (djm) Fix Makefile.in for connection sharing changes | ||
2693 | - (djm) [ssh.c] Use separate var for address length | ||
2694 | |||
2695 | 20040603 | ||
2696 | - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. | ||
2697 | ok djm@ | ||
2698 | |||
2699 | 20040601 | ||
2700 | - (djm) [auth-pam.c] Add copyright for local changes | ||
2701 | |||
2702 | 20040530 | ||
2703 | - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM | ||
2704 | support for PasswordAuthentication=yes. ok djm@ | ||
2705 | - (dtucker) [auth-pam.c] Use an invalid password for root if | ||
2706 | PermitRootLogin != yes or the login is invalid, to prevent leaking | ||
2707 | information. Based on Openwall's owl-always-auth patch. ok djm@ | ||
2708 | - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@ | ||
2709 | - (tim) [buildpkg.sh.in] New file. A more flexible version of | ||
2710 | contrib/solaris/buildpkg.sh used for "make package". | ||
2711 | - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file. | ||
2712 | |||
2713 | 20040527 | ||
2714 | - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec | ||
2715 | contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass | ||
2716 | and Jim Knoble's email address , from Jim himself. | ||
2717 | |||
2718 | 20040524 | ||
2719 | - (dtucker) OpenBSD CVS Sync | ||
2720 | - djm@cvs.openbsd.org 2004/05/19 12:17:33 | ||
2721 | [sftp-client.c sftp.c] | ||
2722 | gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while | ||
2723 | waiting for a command; ok markus@ | ||
2724 | - dtucker@cvs.openbsd.org 2004/05/20 10:58:05 | ||
2725 | [clientloop.c] | ||
2726 | Trivial type fix 0 -> '\0'; ok markus@ | ||
2727 | - markus@cvs.openbsd.org 2004/05/21 08:43:03 | ||
2728 | [kex.h moduli.c tildexpand.c] | ||
2729 | add prototypes for -Wall; ok djm | ||
2730 | - djm@cvs.openbsd.org 2004/05/21 11:33:11 | ||
2731 | [channels.c channels.h clientloop.c serverloop.c ssh.1] | ||
2732 | bz #756: add support for the cancel-tcpip-forward request for the server | ||
2733 | and the client (through the ~C commandline). reported by z3p AT | ||
2734 | twistedmatrix.com; ok markus@ | ||
2735 | - djm@cvs.openbsd.org 2004/05/22 06:32:12 | ||
2736 | [clientloop.c ssh.1] | ||
2737 | use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@ | ||
2738 | - jmc@cvs.openbsd.org 2004/05/22 16:01:05 | ||
2739 | [ssh.1] | ||
2740 | kill whitespace at eol; | ||
2741 | - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 | ||
2742 | [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config | ||
2743 | sshd_config.5] | ||
2744 | Add MaxAuthTries sshd config option; ok markus@ | ||
2745 | - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" | ||
2746 | is terminated if the privsep slave exits during keyboard-interactive | ||
2747 | authentication. ok djm@ | ||
2748 | - (dtucker) [sshd.c] Fix typo in comment. | ||
2749 | |||
2750 | 20040523 | ||
2751 | - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in | ||
2752 | sshd_config; ok dtucker@ | ||
2753 | - (djm) [configure.ac] Warn if the system has no known way of figuring out | ||
2754 | which user is on the other end of a Unix domain socket; ok dtucker@ | ||
2755 | - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle | ||
2756 | old/broken/incomplete <sys/queue.h>. | ||
2757 | |||
2758 | 20040513 | ||
2759 | - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in | ||
2760 | libresolv, fixes problems detecting it on some platforms | ||
2761 | (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@ | ||
2762 | - (dtucker) OpenBSD CVS Sync | ||
2763 | - jmc@cvs.openbsd.org 2004/05/04 18:36:07 | ||
2764 | [scp.1] | ||
2765 | SendEnv here too; | ||
2766 | - jmc@cvs.openbsd.org 2004/05/06 11:24:23 | ||
2767 | [ssh_config.5] | ||
2768 | typo from John Cosimano (PR 3770); | ||
2769 | - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 | ||
2770 | [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c | ||
2771 | tildexpand.c], removed: sshtty.h tildexpand.h | ||
2772 | make two tiny header files go away; djm ok | ||
2773 | - djm@cvs.openbsd.org 2004/05/08 00:21:31 | ||
2774 | [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c | ||
2775 | sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h | ||
2776 | kill a tiny header; ok deraadt@ | ||
2777 | - djm@cvs.openbsd.org 2004/05/09 00:06:47 | ||
2778 | [moduli.c ssh-keygen.c] removed: moduli.h | ||
2779 | zap another tiny header; ok deraadt@ | ||
2780 | - djm@cvs.openbsd.org 2004/05/09 01:19:28 | ||
2781 | [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c | ||
2782 | sshd.c] removed: mpaux.c mpaux.h | ||
2783 | kill some more tiny files; ok deraadt@ | ||
2784 | - djm@cvs.openbsd.org 2004/05/09 01:26:48 | ||
2785 | [kex.c] | ||
2786 | don't overwrite what we are trying to compute | ||
2787 | - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 | ||
2788 | [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c | ||
2789 | packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] | ||
2790 | improve some code lint did not like; djm millert ok | ||
2791 | - dtucker@cvs.openbsd.org 2004/05/13 02:47:50 | ||
2792 | [ssh-agent.1] | ||
2793 | Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@ | ||
2794 | - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to | ||
2795 | UsePAM section. Parts from djm@ and jmc@. | ||
2796 | - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses | ||
2797 | readpass.h, grep says scard-opensc.c does too. Replace with misc.h. | ||
2798 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR | ||
2799 | is defined before using. | ||
2800 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR | ||
2801 | -> HAVE_DECL_H_ERRNO. | ||
2802 | |||
2803 | 20040502 | ||
2804 | - (dtucker) OpenBSD CVS Sync | ||
2805 | - djm@cvs.openbsd.org 2004/04/22 11:56:57 | ||
2806 | [moduli.c] | ||
2807 | Bugzilla #850: Sophie Germain is the correct name of the French | ||
2808 | mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr | ||
2809 | - djm@cvs.openbsd.org 2004/04/27 09:46:37 | ||
2810 | [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c | ||
2811 | ssh_config.5 sshd_config.5] | ||
2812 | bz #815: implement ability to pass specified environment variables from | ||
2813 | the client to the server; ok markus@ | ||
2814 | - djm@cvs.openbsd.org 2004/04/28 05:17:10 | ||
2815 | [ssh_config.5 sshd_config.5] | ||
2816 | manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu) | ||
2817 | - jmc@cvs.openbsd.org 2004/04/28 07:02:56 | ||
2818 | [sshd_config.5] | ||
2819 | remove unnecessary .Pp; | ||
2820 | - jmc@cvs.openbsd.org 2004/04/28 07:13:42 | ||
2821 | [sftp.1 ssh.1] | ||
2822 | add SendEnv to -o list; | ||
2823 | - dtucker@cvs.openbsd.org 2004/05/02 11:54:31 | ||
2824 | [sshd.8] | ||
2825 | Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk | ||
2826 | via Debian; ok djm@ | ||
2827 | - dtucker@cvs.openbsd.org 2004/05/02 11:57:52 | ||
2828 | [ssh.1] | ||
2829 | ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via | ||
2830 | Debian. ok djm@ | ||
2831 | - dtucker@cvs.openbsd.org 2004/05/02 23:02:17 | ||
2832 | [sftp.1] | ||
2833 | ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@ | ||
2834 | - dtucker@cvs.openbsd.org 2004/05/02 23:17:51 | ||
2835 | [scp.1] | ||
2836 | ConnectionTimeout -> ConnectTimeout for scp.1 too. | ||
2837 | |||
2838 | 20040423 | ||
2839 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno | ||
2840 | as extern int if not already declared. Fixes compile errors on old SCO | ||
2841 | platforms. ok tim@ | ||
2842 | - (dtucker) [README.platform] List prereqs for building on Cygwin. | ||
2843 | |||
2844 | 20040421 | ||
2845 | - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@ | ||
2846 | |||
2847 | 20040420 | ||
2848 | - (djm) OpenBSD CVS Sync | ||
2849 | - henning@cvs.openbsd.org 2004/04/08 16:08:21 | ||
2850 | [sshconnect2.c] | ||
2851 | swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what | ||
2852 | FreeBSD and NetBSD do. | ||
2853 | ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@ | ||
2854 | - djm@cvs.openbsd.org 2004/04/18 23:10:26 | ||
2855 | [readconf.c readconf.h ssh-keysign.c ssh.c] | ||
2856 | perform strict ownership and modes checks for ~/.ssh/config files, | ||
2857 | as these can be used to execute arbitrary programs; ok markus@ | ||
2858 | NB. ssh will now exit when it detects a config with poor permissions | ||
2859 | - djm@cvs.openbsd.org 2004/04/19 13:02:40 | ||
2860 | [ssh.1 ssh_config.5] | ||
2861 | document strict permission checks on ~/.ssh/config; prompted by, | ||
2862 | with & ok jmc@ | ||
2863 | - jmc@cvs.openbsd.org 2004/04/19 16:12:14 | ||
2864 | [ssh_config.5] | ||
2865 | kill whitespace at eol; | ||
2866 | - djm@cvs.openbsd.org 2004/04/19 21:51:49 | ||
2867 | [ssh.c] | ||
2868 | fix idiot typo that i introduced in my last commit; | ||
2869 | spotted by cschneid AT cschneid.com | ||
2870 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for | ||
2871 | above change | ||
2872 | - (djm) [configure.ac] Check whether libroken is required when building | ||
2873 | with Heimdal | ||
2874 | |||
2875 | 20040419 | ||
2876 | - (dtucker) OpenBSD CVS Sync | ||
2877 | - dtucker@cvs.openbsd.org 2004/02/29 22:04:45 | ||
2878 | [regress/login-timeout.sh] | ||
2879 | Use sudo when restarting daemon during test. ok markus@ | ||
2880 | - dtucker@cvs.openbsd.org 2004/03/08 10:17:12 | ||
2881 | [regress/login-timeout.sh] | ||
2882 | Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only) | ||
2883 | - djm@cvs.openbsd.org 2004/03/30 12:41:56 | ||
2884 | [sftp-client.c] | ||
2885 | sync comment with reality | ||
2886 | - djm@cvs.openbsd.org 2004/03/31 21:58:47 | ||
2887 | [canohost.c] | ||
2888 | don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) | ||
2889 | - markus@cvs.openbsd.org 2004/04/01 12:19:57 | ||
2890 | [scp.c] | ||
2891 | limit trust between local and remote rcp/scp process, | ||
2892 | noticed by lcamtuf; ok deraadt@, djm@ | ||
2893 | |||
2894 | 20040418 | ||
2895 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM | ||
2896 | authentication attempts. With & ok djm@ | ||
2897 | - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow | ||
2898 | change of user context without a password, so relax auth method | ||
2899 | restrictions; from vinschen AT redhat.com; ok dtucker@ | ||
2900 | |||
2901 | 20040416 | ||
2902 | - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since | ||
2903 | FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com | ||
2904 | - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache | ||
2905 | file using FILE: method, fixes problems on Mac OSX. | ||
2906 | Patch from simon@sxw.org.uk; ok dtucker@ | ||
2907 | - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and | ||
2908 | BROKEN_SETREGID for SCO OpenServer 3 | ||
2909 | |||
2910 | 20040412 | ||
2911 | - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning | ||
2912 | from bug #701 (text from jfh at cise.ufl.edu). | ||
2913 | - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg | ||
2914 | skeychallenge(), eg on NetBSD. ok mouring@ | ||
2915 | - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly | ||
2916 | 4-arg, with compatibility for 3-arg versions. From djm@, ok me. | ||
2917 | - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@ | ||
2918 | |||
2919 | 20040408 | ||
2920 | - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating | ||
2921 | pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org. | ||
2922 | - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers | ||
2923 | back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) | ||
2924 | - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and | ||
2925 | simplify loginrec.c. ok tim@ | ||
2926 | - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested | ||
2927 | limiting scope and dtucker@ agreed. | ||
2928 | |||
2929 | 20040407 | ||
2930 | - (dtucker) [session.c] Flush stdout after displaying loginmsg. From | ||
2931 | f_mohr at yahoo.de. | ||
2932 | - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see | ||
2933 | if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) | ||
2934 | are starting to restrict it as internal since it is not needed by | ||
2935 | developers any more. (Patch based on Apple tree) | ||
2936 | - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since | ||
2937 | krb5 on MacOS/X conflicts. There may be a better solution, but this will | ||
2938 | work for now. | ||
2939 | |||
2940 | 20040406 | ||
2941 | - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use | ||
2942 | updwtmpx() on IRIX since it seems to clobber utmp. ok djm@ | ||
2943 | - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect | ||
2944 | broken getaddrinfo and friends on HP-UX. ok djm@ | ||
2945 | |||
2946 | 20040330 | ||
2947 | - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on | ||
2948 | Linuxes, since that's what many use. ok djm@ | ||
2949 | - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c | ||
2950 | to reduce potential confusion with the one in sshd.c. ok djm@ | ||
2951 | - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection; | ||
2952 | with & ok dtucker@ | ||
2953 | |||
2954 | 20040327 | ||
2955 | - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent | ||
2956 | duplicate login messages for mutli-session logins. ok djm@ | ||
2957 | |||
2958 | 20040322 | ||
2959 | - (djm) [sshd.c] Drop supplemental groups if started as root | ||
2960 | - (djm) OpenBSD CVS Sync | ||
2961 | - markus@cvs.openbsd.org 2004/03/09 22:11:05 | ||
2962 | [ssh.c] | ||
2963 | increase x11 cookie lifetime to 20 minutes; ok djm | ||
2964 | - markus@cvs.openbsd.org 2004/03/10 09:45:06 | ||
2965 | [ssh.c] | ||
2966 | trim usage to match ssh(1) and look more like unix. ok djm@ | ||
2967 | - markus@cvs.openbsd.org 2004/03/11 08:36:26 | ||
2968 | [sshd.c] | ||
2969 | trim usage; ok deraadt | ||
2970 | - markus@cvs.openbsd.org 2004/03/11 10:21:17 | ||
2971 | [ssh.c sshd.c] | ||
2972 | ssh, sshd: sync version output, ok djm | ||
2973 | - markus@cvs.openbsd.org 2004/03/20 10:40:59 | ||
2974 | [version.h] | ||
2975 | 3.8.1 | ||
2976 | - (djm) Crank RPM spec versions | ||
2977 | |||
2978 | 20040311 | ||
2979 | - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker | ||
2980 | |||
2981 | 20040310 | ||
2982 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo | ||
2983 | before redefining it, silences warnings on Tru64. | ||
2984 | |||
2985 | 20040308 | ||
2986 | - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some | ||
2987 | platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@ | ||
2988 | - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h | ||
2989 | openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being | ||
2990 | inherited by the child. ok djm@ | ||
2991 | - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c | ||
2992 | monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized | ||
2993 | even if keyboard-interactive is not used by the client. Prevents | ||
2994 | segfaults in some cases where the user's password is expired (note this | ||
2995 | is not considered a security exposure). ok djm@ | ||
2996 | - (djm) OpenBSD CVS Sync | ||
2997 | - markus@cvs.openbsd.org 2004/03/03 06:47:52 | ||
2998 | [sshd.c] | ||
2999 | change proctiltle after accept(2); ok henning, deraadt, djm | ||
3000 | - djm@cvs.openbsd.org 2004/03/03 09:30:42 | ||
3001 | [sftp-client.c] | ||
3002 | Don't print duplicate messages when progressmeter is off | ||
3003 | Spotted by job317 AT mailvault.com; ok markus@ | ||
3004 | - djm@cvs.openbsd.org 2004/03/03 09:31:20 | ||
3005 | [sftp.c] | ||
3006 | Fix initialisation of progress meter; ok markus@ | ||
3007 | - markus@cvs.openbsd.org 2004/03/05 10:53:58 | ||
3008 | [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] | ||
3009 | add IdentitiesOnly; ok djm@, pb@ | ||
3010 | - djm@cvs.openbsd.org 2004/03/08 09:38:05 | ||
3011 | [ssh-keyscan.c] | ||
3012 | explicitly initialise remote_major and remote_minor. | ||
3013 | from cjwatson AT debian.org; ok markus@ | ||
3014 | - dtucker@cvs.openbsd.org 2004/03/08 10:18:57 | ||
3015 | [sshd_config.5] | ||
3016 | Document KerberosGetAFSToken; ok markus@ | ||
3017 | - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal | ||
3018 | |||
3019 | 20040307 | ||
3020 | - (tim) [regress/login-timeout.sh] fix building outside of source tree. | ||
3021 | |||
3022 | 20040304 | ||
3023 | - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with | ||
3024 | -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@ | ||
3025 | - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, | ||
3026 | prevent hanging during PAM keyboard-interactive authentications. ok djm@ | ||
3027 | - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h | ||
3028 | openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when | ||
3029 | configured --with-osfsia. ok djm@ | ||
3030 | |||
3031 | 20040303 | ||
3032 | - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent | ||
3033 | ok dtucker | ||
3034 | |||
3035 | 20040229 | ||
3036 | - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 | ||
3037 | |||
3038 | 20040229 | ||
3039 | - (dtucker) OpenBSD CVS Sync | ||
3040 | - djm@cvs.openbsd.org 2004/02/25 00:22:45 | ||
3041 | [sshd.c] | ||
3042 | typo in comment | ||
3043 | - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 | ||
3044 | [dh.c] | ||
3045 | Prevent sshd from sending DH groups with a primitive generator of zero or | ||
3046 | one, even if they are listed in /etc/moduli. ok markus@ | ||
3047 | - dtucker@cvs.openbsd.org 2004/02/27 22:44:56 | ||
3048 | [dh.c] | ||
3049 | Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone | ||
3050 | ever uses one. ok markus@ | ||
3051 | - dtucker@cvs.openbsd.org 2004/02/27 22:49:27 | ||
3052 | [dh.c] | ||
3053 | Reset bit counter at the right time, fixes debug output in the case where | ||
3054 | the DH group is rejected. ok markus@ | ||
3055 | - dtucker@cvs.openbsd.org 2004/02/17 08:23:20 | ||
3056 | [regress/Makefile regress/login-timeout.sh] | ||
3057 | Add regression test for LoginGraceTime; ok markus@ | ||
3058 | - markus@cvs.openbsd.org 2004/02/24 16:56:30 | ||
3059 | [regress/test-exec.sh] | ||
3060 | allow arguments in ${TEST_SSH_XXX} | ||
3061 | - markus@cvs.openbsd.org 2004/02/24 17:06:52 | ||
3062 | [regress/ssh-com-client.sh regress/ssh-com-keygen.sh | ||
3063 | regress/ssh-com-sftp.sh regress/ssh-com.sh] | ||
3064 | test against recent ssh.com releases | ||
3065 | - dtucker@cvs.openbsd.org 2004/02/28 12:16:57 | ||
3066 | [regress/dynamic-forward.sh] | ||
3067 | Make dynamic-forward understand nc's new output. ok markus@ | ||
3068 | - dtucker@cvs.openbsd.org 2004/02/28 13:44:45 | ||
3069 | [regress/try-ciphers.sh] | ||
3070 | Test acss too; ok markus@ | ||
3071 | - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we | ||
3072 | built with openssl < 0.9.7) | ||
3073 | |||
3074 | 20040226 | ||
3075 | - (bal) KNF our sshlogin.c even if the code looks nothing like upstream | ||
3076 | code due to diversity issues. | ||
3077 | |||
3078 | 20040225 | ||
3079 | - (djm) Trim ChangeLog | ||
3080 | - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora | ||
3081 | |||
3082 | 20040224 | ||
3083 | - (dtucker) OpenBSD CVS Sync | ||
3084 | - markus@cvs.openbsd.org 2004/02/19 21:15:04 | ||
3085 | [sftp-server.c] | ||
3086 | switch to new license.template | ||
3087 | - markus@cvs.openbsd.org 2004/02/23 12:02:33 | ||
3088 | [sshd.c] | ||
3089 | backout revision 1.279; set listen socket to non-block; ok henning. | ||
3090 | - markus@cvs.openbsd.org 2004/02/23 15:12:46 | ||
3091 | [bufaux.c] | ||
3092 | encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka | ||
3093 | and drop support for negative BNs; ok otto@ | ||
3094 | - markus@cvs.openbsd.org 2004/02/23 15:16:46 | ||
3095 | [version.h] | ||
3096 | enter 3.8 | ||
3097 | - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found | ||
3098 | with krb5-config, hunt down gssapi.h and friends. Based partially on patch | ||
3099 | from deengert at anl.gov. ok djm@ | ||
3100 | - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime | ||
3101 | using sysconf() if available Based on patches from | ||
3102 | holger AT van-lengerich.de and openssh_bugzilla AT hockin.org | ||
3103 | - (dtucker) [uidswap.c] Minor KNF. ok djm@ | ||
3104 | - (tim) [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@ | ||
3105 | - (djm) Crank RPM spec versions | ||
3106 | - (dtucker) [README] Add pointer to release notes. ok djm@ | ||
3107 | - (dtucker) {README.platform] Add platform-specific notes. | ||
3108 | - (tim) [configure.ac] SCO3 needs -lcrypt_i for -lprot | ||
3109 | - (djm) Release 3.8p1 | ||
3110 | |||
3111 | 20040223 | ||
3112 | - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the | ||
3113 | non-interactive path. ok djm@ | ||
3114 | |||
3115 | 20040222 | ||
3116 | - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test | ||
3117 | to auth-shadow.c, no functional change. ok djm@ | ||
3118 | - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or | ||
3119 | password expiry. ok djm@ | ||
3120 | - (dtucker) [auth-passwd.c] Only check password expiry once. Prevents | ||
3121 | multiple warnings if a wrong password is entered. | ||
3122 | - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi path | ||
3123 | too. | ||
3124 | |||
3125 | 20040220 | ||
3126 | - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ | ||
3127 | |||
3128 | 20040218 | ||
3129 | - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a | ||
3130 | path with a "-" in it. From Sergio.Gelato at astro.su.se. | ||
3131 | - (djm) OpenBSD CVS Sync | ||
3132 | - djm@cvs.openbsd.org 2004/02/17 07:17:29 | ||
3133 | [sftp-glob.c sftp.c] | ||
3134 | Remove useless headers; ok deraadt@ | ||
3135 | - djm@cvs.openbsd.org 2004/02/17 11:03:08 | ||
3136 | [sftp.c] | ||
3137 | sftp.c and sftp-int.c, together at last; ok markus@ | ||
3138 | - jmc@cvs.openbsd.org 2004/02/17 19:35:21 | ||
3139 | [sshd_config.5] | ||
3140 | remove cruft left over from RhostsAuthentication removal; | ||
3141 | ok markus@ | ||
3142 | - (djm) [log.c] Correct use of HAVE_OPENLOG_R | ||
3143 | - (djm) [log.c] Tighten openlog_r tests | ||
3144 | |||
3145 | 20040217 | ||
3146 | - (djm) Simplify the license on code I have written. No code changes. | ||
3147 | - (djm) OpenBSD CVS Sync | ||
3148 | - djm@cvs.openbsd.org 2004/02/17 05:39:51 | ||
3149 | [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c] | ||
3150 | [sftp-int.h sftp.c] | ||
3151 | switch to license.template for code written by me (belated, I know...) | ||
3152 | - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from | ||
3153 | stadal@suse.cz and simon@sxw.org.uk | ||
3154 | - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ | ||
3155 | - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for | ||
3156 | display after login. Should fix problems like pam_motd not displaying | ||
3157 | anything, noticed by cjwatson at debian.org. ok djm@ | ||
3158 | |||
3159 | 20040212 | ||
3160 | - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh] | ||
3161 | Portablity fixes. Data sftp transfers needs to be world readable. Some | ||
3162 | older shells hang on while loops when doing sh -n some_script. OK dtucker@ | ||
3163 | - (tim) [configure.ac] Make sure -lcrypto is before -lsocket for sco3. | ||
3164 | ok mouring@ | ||
3165 | |||
3166 | 20040211 | ||
3167 | - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check | ||
3168 | if HAS_SHADOW_EXPIRY is set. | ||
3169 | - (tim) [configure.ac] Fix comment to match code changes in ver 1.117 | ||
3170 | |||
3171 | 20040210 | ||
3172 | - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c | ||
3173 | openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's | ||
3174 | native password expiry. | ||
3175 | - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h | ||
3176 | defines.h] Bug #14: Use do_pwchange to support password expiry and force | ||
3177 | change for platforms using /etc/shadow. ok djm@ | ||
3178 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat | ||
3179 | functions to avoid conflicts with Heimdal's libroken. ok djm@ | ||
3180 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to | ||
3181 | change expired PAM passwords for SSHv1 connections without privsep. | ||
3182 | pam_chauthtok is still used when privsep is disabled. ok djm@ | ||
3183 | - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move | ||
3184 | include from port-aix.h to port-aix.c and remove unnecessary function | ||
3185 | definition. Fixes build errors on AIX. | ||
3186 | - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms | ||
3187 | that support it. from & ok mouring@ | ||
3188 | - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x. | ||
3189 | ok djm@ | ||
3190 | |||
3191 | 20040207 | ||
3192 | - (dtucker) OpenBSD CVS Sync | ||
3193 | - dtucker@cvs.openbsd.org 2004/02/06 23:41:13 | ||
3194 | [cipher-ctr.c] | ||
3195 | Use EVP_CIPHER_CTX_key_length for key length. ok markus@ | ||
3196 | (This will fix builds with OpenSSL 0.9.5) | ||
3197 | - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5. | ||
3198 | ok djm@, markus@ | ||
3199 | |||
3200 | 20040206 | ||
3201 | - (dtucker) [acss.c acss.h] Fix $Id tags. | ||
3202 | - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with | ||
3203 | OpenSSL >= 0.9.7. ok djm@ | ||
3204 | - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root | ||
3205 | user, since some modules might fail due to lack of privilege. ok djm@ | ||
3206 | - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO | ||
3207 | for HP-UX 11.11. If there are known-good configs where this is not | ||
3208 | required, please report them. ok djm@ | ||
3209 | - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent | ||
3210 | accidentally inheriting from root's environment. ok djm@ | ||
3211 | - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #796: | ||
3212 | Restore previous authdb setting after auth calls. Fixes problems with | ||
3213 | setpcred failing on accounts that use AFS or NIS password registries. | ||
3214 | - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present, | ||
3215 | required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>. | ||
3216 | - (dtucker) OpenBSD CVS Sync | ||
3217 | - markus@cvs.openbsd.org 2004/01/30 09:48:57 | ||
3218 | [auth-passwd.c auth.h pathnames.h session.c] | ||
3219 | support for password change; ok dtucker@ | ||
3220 | (set password-dead=1w in login.conf to use this). | ||
3221 | In -Portable, this is currently only platforms using bsdauth. | ||
3222 | - dtucker@cvs.openbsd.org 2004/02/05 05:37:17 | ||
3223 | [monitor.c sshd.c] | ||
3224 | Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@ | ||
3225 | - markus@cvs.openbsd.org 2004/02/05 15:33:33 | ||
3226 | [progressmeter.c] | ||
3227 | fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@ | ||
3228 | |||
3229 | 20040129 | ||
3230 | - (dtucker) OpenBSD CVS Sync regress/ | ||
3231 | - dtucker@cvs.openbsd.org 2003/10/11 11:49:49 | ||
3232 | [Makefile banner.sh] | ||
3233 | Test missing banner file, suppression of banner with ssh -q, check return | ||
3234 | code from ssh. ok markus@ | ||
3235 | - jmc@cvs.openbsd.org 2003/11/07 10:16:44 | ||
3236 | [ssh-com.sh] | ||
3237 | adress -> address, and a few more; all from Jonathon Gray; | ||
3238 | - djm@cvs.openbsd.org 2004/01/13 09:49:06 | ||
3239 | [sftp-batch.sh] | ||
3240 | - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from | ||
3241 | tim@, ok several | ||
3242 | - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h] | ||
3243 | Bug #775: Cray fixes from wendy at cray.com | ||
3244 | |||
3245 | 20040128 | ||
3246 | - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@ | ||
3247 | - (dtucker) [moduli] Import new moduli file from OpenBSD. | ||
3248 | |||
3249 | 20040127 | ||
3250 | - (djm) OpenBSD CVS Sync | ||
3251 | - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03 | ||
3252 | [cipher.c] | ||
3253 | enable acss for ssh | ||
3254 | ok deraadt@ markus@ | ||
3255 | - mouring@cvs.openbsd.org 2004/01/23 17:57:48 | ||
3256 | [sftp-int.c] | ||
3257 | Fix issue pointed out with ls not handling large directories | ||
3258 | with embeded paths correctly. OK damien@ | ||
3259 | - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33 | ||
3260 | [cipher.c] | ||
3261 | rename acss@opebsd.org to acss@openssh.org | ||
3262 | ok deraadt@ | ||
3263 | - djm@cvs.openbsd.org 2004/01/25 03:49:09 | ||
3264 | [sshconnect.c] | ||
3265 | reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785) | ||
3266 | from jclonguet AT free.fr; ok millert@ | ||
3267 | - djm@cvs.openbsd.org 2004/01/27 10:08:10 | ||
3268 | [sftp.c] | ||
3269 | reorder parsing so user:skey@host:file works (bugzilla #777) | ||
3270 | patch from admorten AT umich.edu; ok markus@ | ||
3271 | - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS | ||
3272 | if libcrypto lacks it | ||
3273 | |||
3274 | 20040126 | ||
3275 | - (tim) Typo in regress/README.regress | ||
3276 | - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated. | ||
3277 | - (tim) [defines.h] Add defines for HFIXEDSZ and T_SIG | ||
3278 | - (tim) [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends. | ||
3279 | - (tim) [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ | ||
3280 | and T_SIG to getrrsetbyname.h | ||
3281 | |||
3282 | 20040124 | ||
3283 | - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com | ||
3284 | |||
3285 | 20040123 | ||
3286 | - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from | ||
3287 | ralf.hack AT pipex.net; ok dtucker@ | ||
3288 | - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect | ||
3289 | Kerberos location (and thus work with Fedora Core 1); | ||
3290 | from jason AT devrandom.org | ||
3291 | - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for | ||
3292 | zlib >= 1.1.4. Partly from jbasney at ncsa.uiuc.edu. ok djm@ | ||
3293 | - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options. | ||
3294 | Patch from vinschen at redhat.com. | ||
3295 | - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] | ||
3296 | Change AFS symbol to USE_AFS to prevent namespace collisions, do not | ||
3297 | include kafs.h unless necessary. From deengert at anl.gov. | ||
3298 | - (tim) [configure.ac] Remove hard coded -L/usr/local/lib and | ||
3299 | -I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \ | ||
3300 | CPPFLAGS="-I/usr/local/include" ./configure if needed. | ||
3301 | |||
3302 | 20040122 | ||
3303 | - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/ | ||
3304 | GSSAPI detection, libs and includes. ok djm@ | ||
3305 | - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not | ||
3306 | just HEIMDAL. | ||
3307 | - (tim) [contrib/solaris/buildpkg.sh] Allow for the possibility of | ||
3308 | /usr/local being a symbolic link. Fixes problem reported by Henry Grebler. | ||
3309 | |||
3310 | 20040121 | ||
3311 | - (djm) OpenBSD CVS Sync | ||
3312 | - djm@cvs.openbsd.org 2004/01/13 09:25:05 | ||
3313 | [sftp-int.c sftp.1 sftp.c] | ||
3314 | Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and | ||
3315 | enable use of "-b -" to accept batchfile from stdin; ok markus@ | ||
3316 | - jmc@cvs.openbsd.org 2004/01/13 12:17:33 | ||
3317 | [sftp.1] | ||
3318 | remove unnecessary Ic's; | ||
3319 | kill whitespace at EOL; | ||
3320 | ok djm@ | ||
3321 | - markus@cvs.openbsd.org 2004/01/13 19:23:15 | ||
3322 | [compress.c session.c] | ||
3323 | -Wall; ok henning | ||
3324 | - markus@cvs.openbsd.org 2004/01/13 19:45:15 | ||
3325 | [compress.c] | ||
3326 | cast for portability; millert@ | ||
3327 | - markus@cvs.openbsd.org 2004/01/19 09:24:21 | ||
3328 | [channels.c] | ||
3329 | fake consumption for half closed channels since the peer is waiting for | ||
3330 | window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@ | ||
3331 | reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo' | ||
3332 | - markus@cvs.openbsd.org 2004/01/19 21:25:15 | ||
3333 | [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] | ||
3334 | fix mem leaks; some fixes from Pete Flugstad; tested dtucker@ | ||
3335 | - djm@cvs.openbsd.org 2004/01/21 03:07:59 | ||
3336 | [sftp.c] | ||
3337 | initialise infile in main, rather than statically - from portable | ||
3338 | - deraadt@cvs.openbsd.org 2004/01/11 21:55:06 | ||
3339 | [sshpty.c] | ||
3340 | for pty opening, only use the openpty() path. the other stuff only needs | ||
3341 | to be in openssh-p; markus ok | ||
3342 | - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an | ||
3343 | openpty() replacement | ||
3344 | |||
3345 | 20040114 | ||
3346 | - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits | ||
3347 | unexpectedly. with & ok djm@ | ||
3348 | - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add | ||
3349 | test for case where cleanup has already run. | ||
3350 | - (dtucker) [auth-pam.c] Add minor debugging. | ||
3351 | |||
3352 | 20040113 | ||
3353 | - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No | ||
3354 | functional changes. | ||
3355 | |||
3356 | 20040108 | ||
3357 | - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and | ||
3358 | only define if not already. From des at freebsd.org. | ||
3359 | - (dtucker) [configure.ac] Remove extra (typo) comma. | ||
3360 | |||
3361 | 20040105 | ||
3362 | - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from | ||
3363 | cjwatson at debian.org. | ||
3364 | - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] | ||
3365 | Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@ | ||
3366 | |||
3367 | 20040102 | ||
3368 | - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from | ||
3369 | jakob@ | ||
3370 | - (djm) Remove useless DNS support configure summary message. from jakob@ | ||
3371 | - (djm) OSX/Darwin put the PAM headers in a different place, detect this. | ||
3372 | Report from jakob@ | ||
3373 | |||
3374 | 20031231 | ||
3375 | - (dtucker) OpenBSD CVS Sync | ||
3376 | - djm@cvs.openbsd.org 2003/12/22 09:16:58 | ||
3377 | [moduli.c ssh-keygen.1 ssh-keygen.c] | ||
3378 | tidy up moduli generation debugging, add -v (verbose/debug) option to | ||
3379 | ssh-keygen; ok markus@ | ||
3380 | - markus@cvs.openbsd.org 2003/12/22 20:29:55 | ||
3381 | [cipher-3des1.c] | ||
3382 | EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr | ||
3383 | - jakob@cvs.openbsd.org 2003/12/23 16:12:10 | ||
3384 | [servconf.c servconf.h session.c sshd_config] | ||
3385 | implement KerberosGetAFSToken server option. ok markus@, beck@ | ||
3386 | - millert@cvs.openbsd.org 2003/12/29 16:39:50 | ||
3387 | [sshd_config] | ||
3388 | KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK | ||
3389 | - dtucker@cvs.openbsd.org 2003/12/31 00:24:50 | ||
3390 | [auth2-passwd.c] | ||
3391 | Ignore password change request during password auth (which we currently | ||
3392 | don't support) and discard proposed new password. corrections/ok markus@ | ||
3393 | - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist. | ||
3394 | |||
3395 | 20031219 | ||
3396 | - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we | ||
3397 | typedef size_t ourselves. | ||
3398 | |||
3399 | 20031218 | ||
3400 | - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban. | ||
3401 | - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive | ||
3402 | authentication. Partially fixes bug #423. Feedback & ok djm@ | ||
3403 | |||
3404 | 20031217 | ||
3405 | - (djm) OpenBSD CVS Sync | ||
3406 | - markus@cvs.openbsd.org 2003/12/09 15:28:43 | ||
3407 | [serverloop.c] | ||
3408 | make ClientKeepAlive work for ssh -N, too (no login shell requested). | ||
3409 | 1) send a bogus channel request if we find a channel | ||
3410 | 2) send a bogus global request if we don't have a channel | ||
3411 | ok + test beck@ | ||
3412 | - markus@cvs.openbsd.org 2003/12/09 17:29:04 | ||
3413 | [sshd.c] | ||
3414 | fix -o and HUP; ok henning@ | ||
3415 | - markus@cvs.openbsd.org 2003/12/09 17:30:05 | ||
3416 | [ssh.c] | ||
3417 | don't modify argv for ssh -o; similar to sshd.c 1.283 | ||
3418 | - markus@cvs.openbsd.org 2003/12/09 21:53:37 | ||
3419 | [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] | ||
3420 | [ssh_config.5 sshconnect.c sshd.c sshd_config.5] | ||
3421 | rename keepalive to tcpkeepalive; the old name causes too much | ||
3422 | confusion; ok djm, dtucker; with help from jmc@ | ||
3423 | - dtucker@cvs.openbsd.org 2003/12/09 23:45:32 | ||
3424 | [clientloop.c] | ||
3425 | Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@ | ||
3426 | - markus@cvs.openbsd.org 2003/12/14 12:37:21 | ||
3427 | [ssh_config.5] | ||
3428 | we don't support GSS KEX; from Simon Wilkinson | ||
3429 | - markus@cvs.openbsd.org 2003/12/16 15:49:51 | ||
3430 | [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] | ||
3431 | [ssh.c ssh_config.5] | ||
3432 | application layer keep alive (ServerAliveInterval ServerAliveCountMax) | ||
3433 | for ssh(1), similar to the sshd(8) option; ok beck@; with help from | ||
3434 | jmc and dtucker@ | ||
3435 | - markus@cvs.openbsd.org 2003/12/16 15:51:54 | ||
3436 | [dh.c] | ||
3437 | use <= instead of < in dh_estimate; ok provos/hshoexer; | ||
3438 | do not return < DH_GRP_MIN | ||
3439 | - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for | ||
3440 | setres[ug]id() present but not implemented (eg some Linux/glibc | ||
3441 | combinations). | ||
3442 | - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are | ||
3443 | using a real 'signal()' (Noticed by a NeXT Compile) | ||
3444 | |||
3445 | 20031209 | ||
3446 | - (dtucker) OpenBSD CVS Sync | ||
3447 | - matthieu@cvs.openbsd.org 2003/11/25 23:10:08 | ||
3448 | [ssh-add.1] | ||
3449 | ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@. | ||
3450 | - djm@cvs.openbsd.org 2003/11/26 21:44:29 | ||
3451 | [cipher-aes.c] | ||
3452 | fix #ifdef before #define; ok markus@ | ||
3453 | (RCS ID sync only, Portable already had this) | ||
3454 | - markus@cvs.openbsd.org 2003/12/02 12:15:10 | ||
3455 | [progressmeter.c] | ||
3456 | improvments from andreas@: | ||
3457 | * saner speed estimate for transfers that takes less than a second by | ||
3458 | rounding the time to 1 second. | ||
3459 | * when the transfer is finished calculate the actual total speed | ||
3460 | rather than the current speed which is given during the transfer | ||
3461 | - markus@cvs.openbsd.org 2003/12/02 17:01:15 | ||
3462 | [channels.c session.c ssh-agent.c ssh.h sshd.c] | ||
3463 | use SSH_LISTEN_BACKLOG (=128) in listen(2). | ||
3464 | - djm@cvs.openbsd.org 2003/12/07 06:34:18 | ||
3465 | [moduli.c] | ||
3466 | remove unused debugging #define templates | ||
3467 | - markus@cvs.openbsd.org 2003/12/08 11:00:47 | ||
3468 | [kexgexc.c] | ||
3469 | print requested group size in debug; ok djm | ||
3470 | - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 | ||
3471 | [moduli.c] | ||
3472 | Prevent ssh-keygen -T from outputting moduli with a generator of 0, since | ||
3473 | they can't be used for Diffie-Hellman. Assistance and ok djm@ | ||
3474 | - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. | ||
3475 | |||
3476 | 20031208 | ||
3477 | - (tim) [configure.ac] Bug 770. Fix --without-rpath. | ||
3478 | |||
3479 | 20031123 | ||
3480 | - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own | ||
3481 | function and call it unconditionally | ||
3482 | - (djm) OpenBSD CVS Sync | ||
3483 | - djm@cvs.openbsd.org 2003/11/23 23:17:34 | ||
3484 | [ssh-keyscan.c] | ||
3485 | from portable - use sysconf to detect fd limit; ok markus@ | ||
3486 | (tidy diff by adding SSH_SSFDMAX macro to defines.h) | ||
3487 | - djm@cvs.openbsd.org 2003/11/23 23:18:45 | ||
3488 | [ssh-keygen.c] | ||
3489 | consistency PATH_MAX -> MAXPATHLEN; ok markus@ | ||
3490 | (RCS ID sync only) | ||
3491 | - djm@cvs.openbsd.org 2003/11/23 23:21:21 | ||
3492 | [scp.c] | ||
3493 | from portable: rename clashing variable limit-> limit_rate; ok markus@ | ||
3494 | (RCS ID sync only) | ||
3495 | - dtucker@cvs.openbsd.org 2003/11/24 00:16:35 | ||
3496 | [ssh.1 ssh.c] | ||
3497 | Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@ | ||
3498 | - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original | ||
3499 | source file path (in OpenBSD tree). | ||
3500 | |||
3501 | 20031122 | ||
3502 | - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@ | ||
3503 | - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] | ||
3504 | Move AIX specific password authentication code to port-aix.c, call | ||
3505 | authenticate() until reenter flag is clear. | ||
3506 | - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net. | ||
3507 | Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA | ||
3508 | is enabled, rely on SIA to check for locked accounts if enabled. ok djm@ | ||
3509 | - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch | ||
3510 | - (djm) [sftp-int.c] Remove duplicated code from bogus sync | ||
3511 | - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code | ||
3512 | |||
3513 | 20031121 | ||
3514 | - (djm) OpenBSD CVS Sync | ||
3515 | - markus@cvs.openbsd.org 2003/11/20 11:39:28 | ||
3516 | [progressmeter.c] | ||
3517 | fix rounding errors; from andreas@ | ||
3518 | - djm@cvs.openbsd.org 2003/11/21 11:57:03 | ||
3519 | [everything] | ||
3520 | unexpand and delete whitespace at EOL; ok markus@ | ||
3521 | (done locally and RCS IDs synced) | ||
3522 | |||
3523 | 20031118 | ||
3524 | - (djm) Fix early exit for root auth success when UsePAM=yes and | ||
3525 | PermitRootLogin=no | ||
3526 | - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, | ||
3527 | and use it for do_pam_session. Fixes problems like pam_motd not | ||
3528 | displaying anything. ok djm@ | ||
3529 | - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ | ||
3530 | - (djm) OpenBSD CVS Sync | ||
3531 | - dtucker@cvs.openbsd.org 2003/11/18 00:40:05 | ||
3532 | [serverloop.c] | ||
3533 | Correct check for authctxt->valid. ok djm@ | ||
3534 | - djm@cvs.openbsd.org 2003/11/18 10:53:07 | ||
3535 | [monitor.c] | ||
3536 | unbreak fake authloop for non-existent users (my screwup). Spotted and | ||
3537 | tested by dtucker@; ok markus@ | ||
3538 | |||
3539 | 20031117 | ||
3540 | - (djm) OpenBSD CVS Sync | ||
3541 | - djm@cvs.openbsd.org 2003/11/03 09:03:37 | ||
3542 | [auth-chall.c] | ||
3543 | make this a little more idiot-proof; ok markus@ | ||
3544 | (includes portable-specific changes) | ||
3545 | - jakob@cvs.openbsd.org 2003/11/03 09:09:41 | ||
3546 | [sshconnect.c] | ||
3547 | move changed key warning into warn_changed_key(). ok markus@ | ||
3548 | - jakob@cvs.openbsd.org 2003/11/03 09:37:32 | ||
3549 | [sshconnect.c] | ||
3550 | do not free static type pointer in warn_changed_key() | ||
3551 | - djm@cvs.openbsd.org 2003/11/04 08:54:09 | ||
3552 | [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] | ||
3553 | [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] | ||
3554 | [session.c] | ||
3555 | standardise arguments to auth methods - they should all take authctxt. | ||
3556 | check authctxt->valid rather then pw != NULL; ok markus@ | ||
3557 | - jakob@cvs.openbsd.org 2003/11/08 16:02:40 | ||
3558 | [auth1.c] | ||
3559 | remove unused variable (pw). ok djm@ | ||
3560 | (id sync only - still used in portable) | ||
3561 | - jmc@cvs.openbsd.org 2003/11/08 19:17:29 | ||
3562 | [sftp-int.c] | ||
3563 | typos from Jonathon Gray; | ||
3564 | - jakob@cvs.openbsd.org 2003/11/10 16:23:41 | ||
3565 | [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] | ||
3566 | [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] | ||
3567 | [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] | ||
3568 | constify. ok markus@ & djm@ | ||
3569 | - dtucker@cvs.openbsd.org 2003/11/12 10:12:15 | ||
3570 | [scp.c] | ||
3571 | When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@ | ||
3572 | - jakob@cvs.openbsd.org 2003/11/12 16:39:58 | ||
3573 | [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] | ||
3574 | update SSHFP validation. ok markus@ | ||
3575 | - jmc@cvs.openbsd.org 2003/11/12 20:14:51 | ||
3576 | [ssh_config.5] | ||
3577 | make verb agree with subject, and kill some whitespace; | ||
3578 | - markus@cvs.openbsd.org 2003/11/14 13:19:09 | ||
3579 | [sshconnect2.c] | ||
3580 | cleanup and minor fixes for the client code; from Simon Wilkinson | ||
3581 | - djm@cvs.openbsd.org 2003/11/17 09:45:39 | ||
3582 | [msg.c msg.h sshconnect2.c ssh-keysign.c] | ||
3583 | return error on msg send/receive failure (rather than fatal); ok markus@ | ||
3584 | - markus@cvs.openbsd.org 2003/11/17 11:06:07 | ||
3585 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] | ||
3586 | [monitor_wrap.h sshconnect2.c ssh-gss.h] | ||
3587 | replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; | ||
3588 | test + ok jakob. | ||
3589 | - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int | ||
3590 | conversation function | ||
3591 | - (djm) Export environment variables from authentication subprocess to | ||
3592 | parent. Part of Bug #717 | ||
3593 | |||
3594 | 20031115 | ||
3595 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and | ||
3596 | HP-UX, skip test on AIX. | ||
3597 | |||
3598 | 20031113 | ||
3599 | - (dtucker) [auth-pam.c] Append newlines to lines output by the | ||
3600 | pam_chauthtok_conv(). | ||
3601 | - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All | ||
3602 | contrib/cygwin). Major update from vinschen at redhat.com. | ||
3603 | - Makefile provides a `cygwin-postinstall' target to run right after | ||
3604 | `make install'. | ||
3605 | - Better support for Windows 2003 Server. | ||
3606 | - Try to get permissions as correct as possible. | ||
3607 | - New command line options to allow full automated host configuration. | ||
3608 | - Create configs from skeletons in /etc/defaults/etc. | ||
3609 | - Use /bin/bash, allows reading user input with readline support. | ||
3610 | - Remove really old configs from /usr/local. | ||
3611 | - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and | ||
3612 | PAM_ERROR_MSG messages. | ||
3613 | |||
3614 | 20031106 | ||
3615 | - (djm) Clarify UsePAM consequences a little more | ||
3616 | |||
3617 | 20031103 | ||
3618 | - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services | ||
3619 | are created correctly with CRLF line terminations. Patch from vinschen at | ||
3620 | redhat.com. | ||
3621 | - (dtucker) OpenBSD CVS Sync | ||
3622 | - markus@cvs.openbsd.org 2003/10/15 09:48:45 | ||
3623 | [monitor_wrap.c] | ||
3624 | check pmonitor != NULL | ||
3625 | - markus@cvs.openbsd.org 2003/10/21 09:50:06 | ||
3626 | [auth2-gss.c] | ||
3627 | make sure the doid is larger than 2 | ||
3628 | - avsm@cvs.openbsd.org 2003/10/26 16:57:43 | ||
3629 | [sshconnect2.c] | ||
3630 | rename 'supported' static var in userauth_gssapi() to 'gss_supported' | ||
3631 | to avoid shadowing the global version. markus@ ok | ||
3632 | - markus@cvs.openbsd.org 2003/10/28 09:08:06 | ||
3633 | [misc.c] | ||
3634 | error->debug for getsockopt+TCP_NODELAY; several requests | ||
3635 | - markus@cvs.openbsd.org 2003/11/02 11:01:03 | ||
3636 | [auth2-gss.c compat.c compat.h sshconnect2.c] | ||
3637 | remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk | ||
3638 | - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid. | ||
3639 | |||
3640 | 20031021 | ||
3641 | - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords | ||
3642 | directly. Noted by Darren.Moffat at sun.com. | ||
3643 | - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set, | ||
3644 | make agent setgid during test. | ||
3645 | |||
3646 | 20031017 | ||
3647 | - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with | ||
3648 | MD5 passwords even if PAM support is enabled. From steev at detritus.net. | ||
3649 | |||
3650 | 20031015 | ||
3651 | - (dtucker) OpenBSD CVS Sync | ||
3652 | - jmc@cvs.openbsd.org 2003/10/08 08:27:36 | ||
3653 | [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] | ||
3654 | scp and sftp: add options list and sort options. options list requested | ||
3655 | by deraadt@ | ||
3656 | sshd: use same format as ssh | ||
3657 | ssh: remove wrong option from list | ||
3658 | sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) | ||
3659 | ok deraadt@ markus@ | ||
3660 | - markus@cvs.openbsd.org 2003/10/08 15:21:24 | ||
3661 | [readconf.c ssh_config.5] | ||
3662 | default GSS API to no in client, too; ok jakob, deraadt@ | ||
3663 | - markus@cvs.openbsd.org 2003/10/11 08:24:08 | ||
3664 | [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] | ||
3665 | remote x11 clients are now untrusted by default, uses xauth(8) to generate | ||
3666 | untrusted cookies; ForwardX11Trusted=yes restores old behaviour. | ||
3667 | ok deraadt; feedback and ok djm/fries | ||
3668 | - markus@cvs.openbsd.org 2003/10/11 08:26:43 | ||
3669 | [sshconnect2.c] | ||
3670 | search keys in reverse order; fixes #684 | ||
3671 | - markus@cvs.openbsd.org 2003/10/11 11:36:23 | ||
3672 | [monitor_wrap.c] | ||
3673 | return NULL for missing banner; ok djm@ | ||
3674 | - jmc@cvs.openbsd.org 2003/10/12 13:12:13 | ||
3675 | [ssh_config.5] | ||
3676 | note that EnableSSHKeySign should be in the non-hostspecific section; | ||
3677 | remove unnecessary .Pp; | ||
3678 | ok markus@ | ||
3679 | - markus@cvs.openbsd.org 2003/10/13 08:22:25 | ||
3680 | [scp.1 sftp.1] | ||
3681 | don't refer to options related to forwarding; ok jmc@ | ||
3682 | - jakob@cvs.openbsd.org 2003/10/14 19:42:10 | ||
3683 | [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] | ||
3684 | include SSHFP lookup code (not enabled by default). ok markus@ | ||
3685 | - jakob@cvs.openbsd.org 2003/10/14 19:43:23 | ||
3686 | [README.dns] | ||
3687 | update | ||
3688 | - markus@cvs.openbsd.org 2003/10/14 19:54:39 | ||
3689 | [session.c ssh-agent.c] | ||
3690 | 10X for mkdtemp; djm@ | ||
3691 | - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c | ||
3692 | openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always | ||
3693 | compiled in but disabled in config. | ||
3694 | - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. | ||
3695 | - (tim) [regress/banner.sh] portability fix. | ||
3696 | |||
3697 | 20031009 | ||
3698 | - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ | ||
3699 | |||
3700 | 20031008 | ||
3701 | - (dtucker) OpenBSD CVS Sync | ||
3702 | - dtucker@cvs.openbsd.org 2003/10/07 01:47:27 | ||
3703 | [sshconnect2.c] | ||
3704 | Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & | ||
3705 | #707. ok markus@ | ||
3706 | - djm@cvs.openbsd.org 2003/10/07 07:04:16 | ||
3707 | [sftp-int.c] | ||
3708 | sftp quoting fix from admorten AT umich.edu; ok markus@ | ||
3709 | - deraadt@cvs.openbsd.org 2003/10/07 21:58:28 | ||
3710 | [sshconnect2.c] | ||
3711 | set ptr to NULL after free | ||
3712 | - dtucker@cvs.openbsd.org 2003/10/07 01:52:13 | ||
3713 | [regress/Makefile regress/banner.sh] | ||
3714 | Test SSH2 banner. ok markus@ | ||
3715 | - djm@cvs.openbsd.org 2003/10/07 07:04:52 | ||
3716 | [regress/sftp-cmds.sh] | ||
3717 | more sftp quoting regress tests; ok markus | ||
3718 | |||
3719 | 20031007 | ||
3720 | - (djm) Delete autom4te.cache after autoreconf | ||
3721 | - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static | ||
3722 | cleanup functions. With & ok djm@ | ||
3723 | - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a | ||
3724 | run-time switch, always build --with-md5-passwords. | ||
3725 | - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c] | ||
3726 | Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@ | ||
3727 | - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID | ||
3728 | on Reliant Unix. Patch from Robert.Dahlem at siemens.com. | ||
3729 | - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on | ||
3730 | Reliant Unix. Based on patch from Robert.Dahlem at siemens.com. | ||
3731 | |||
3732 | 20031003 | ||
3733 | - (dtucker) OpenBSD CVS Sync | ||
3734 | - markus@cvs.openbsd.org 2003/10/02 10:41:59 | ||
3735 | [sshd.c] | ||
3736 | print openssl version, too, several requests; ok henning/djm. | ||
3737 | - markus@cvs.openbsd.org 2003/10/02 08:26:53 | ||
3738 | [ssh-gss.h] | ||
3739 | missing $OpenBSD:; dtucker | ||
3740 | - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default | ||
3741 | option. | ||
3742 | |||
3743 | 20031002 | ||
3744 | - (dtucker) OpenBSD CVS Sync | ||
3745 | - markus@cvs.openbsd.org 2003/09/23 20:17:11 | ||
3746 | [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c | ||
3747 | cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h | ||
3748 | monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h | ||
3749 | ssh-agent.c sshd.c] | ||
3750 | replace fatal_cleanup() and linked list of fatal callbacks with static | ||
3751 | cleanup_exit() function. re-refine cleanup_exit() where appropriate, | ||
3752 | allocate sshd's authctxt eary to allow simpler cleanup in sshd. | ||
3753 | tested by many, ok deraadt@ | ||
3754 | - markus@cvs.openbsd.org 2003/09/23 20:18:52 | ||
3755 | [progressmeter.c] | ||
3756 | don't print trailing \0; bug #709; Robert.Dahlem@siemens.com | ||
3757 | ok millert/deraadt@ | ||
3758 | - markus@cvs.openbsd.org 2003/09/23 20:41:11 | ||
3759 | [channels.c channels.h clientloop.c] | ||
3760 | move client only agent code to clientloop.c | ||
3761 | - markus@cvs.openbsd.org 2003/09/26 08:19:29 | ||
3762 | [sshd.c] | ||
3763 | no need to set the listen sockets to non-block; ok deraadt@ | ||
3764 | - jmc@cvs.openbsd.org 2003/09/29 11:40:51 | ||
3765 | [ssh.1] | ||
3766 | - add list of options to -o and .Xr ssh_config(5) | ||
3767 | - some other cleanup | ||
3768 | requested by deraadt@; | ||
3769 | ok deraadt@ markus@ | ||
3770 | - markus@cvs.openbsd.org 2003/09/29 20:19:57 | ||
3771 | [servconf.c sshd_config] | ||
3772 | GSSAPICleanupCreds -> GSSAPICleanupCredentials | ||
3773 | - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring | ||
3774 | --with-pam. ok djm@ | ||
3775 | - (dtucker) [ssh-gss.h] Prototype change missed in sync. | ||
3776 | - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations. | ||
3777 | Based on patches by Matthias Koeppe and Thomas Baden. ok djm@ | ||
3778 | |||
3779 | 20030930 | ||
3780 | - (bal) Fix issues in openbsd-compat/realpath.c | ||
3781 | |||
3782 | 20030925 | ||
3783 | - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove | ||
3784 | DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from | ||
3785 | michael_steffens at hp.com, ok djm@ | ||
3786 | - (tim) [sshd_config] UsePAM defaults to no. | ||
3787 | |||
3788 | 20030924 | ||
3789 | - (djm) Update version.h and spec files for HEAD | ||
3790 | - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6. | ||
3791 | |||
3792 | 20030923 | ||
3793 | - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree | ||
3794 | builds. Portability corrections from tim@. | ||
3795 | - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X. | ||
3796 | Patch from max at quendi.de. | ||
3797 | - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi. | ||
3798 | - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64. | ||
3799 | - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS. | ||
3800 | Patch from david.haughton at ncr.com | ||
3801 | - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6. | ||
3802 | Part of patch supplied by bugzilla-openssh at thewrittenword.com | ||
3803 | - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c | ||
3804 | openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with | ||
3805 | where gai_strerror is defined as "const char *". Part of patch supplied | ||
3806 | by bugzilla-openssh at thewrittenword.com | ||
3807 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update | ||
3808 | ssh-host-config to match current defaults, bump README version. Patch from | ||
3809 | vinschen at redhat.com. | ||
3810 | - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the | ||
3811 | OS does not support permanently dropping privileges. Patch from | ||
3812 | vinschen at redhat.com. | ||
3813 | - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h, | ||
3814 | add canohost.h to stop warning. Based on patch from openssh-unix-dev at | ||
3815 | thewrittenword.com | ||
3816 | - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or | ||
3817 | higher. | ||
3818 | - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/ | ||
3819 | - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN. | ||
3820 | Report by distler AT golem ph utexas edu. | ||
3821 | - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from | ||
3822 | article by genty at austin.ibm.com, included with the author's permission. | ||
3823 | - (dtucker) OpenBSD CVS Sync | ||
3824 | - markus@cvs.openbsd.org 2003/09/18 07:52:54 | ||
3825 | [sshconnect.c] | ||
3826 | missing {}; bug #656; jclonguet at free.fr | ||
3827 | - markus@cvs.openbsd.org 2003/09/18 07:54:48 | ||
3828 | [buffer.c] | ||
3829 | protect against double free; #660; zardoz at users.sf.net | ||
3830 | - markus@cvs.openbsd.org 2003/09/18 07:56:05 | ||
3831 | [authfile.c] | ||
3832 | missing buffer_free(&encrypted); #662; zardoz at users.sf.net | ||
3833 | - markus@cvs.openbsd.org 2003/09/18 08:49:45 | ||
3834 | [deattack.c misc.c session.c ssh-agent.c] | ||
3835 | more buffer allocation fixes; from Solar Designer; CAN-2003-0682; | ||
3836 | ok millert@ | ||
3837 | - miod@cvs.openbsd.org 2003/09/18 13:02:21 | ||
3838 | [authfd.c bufaux.c dh.c mac.c ssh-keygen.c] | ||
3839 | A few signedness fixes for harmless situations; markus@ ok | ||
3840 | - markus@cvs.openbsd.org 2003/09/19 09:02:02 | ||
3841 | [packet.c] | ||
3842 | buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 | ||
3843 | - markus@cvs.openbsd.org 2003/09/19 09:03:00 | ||
3844 | [buffer.c] | ||
3845 | sign fix in buffer_dump; Jedi/Sector One; pr 3473 | ||
3846 | - markus@cvs.openbsd.org 2003/09/19 11:29:40 | ||
3847 | [ssh-agent.c] | ||
3848 | provide a ssh-agent specific fatal() function; ok deraadt | ||
3849 | - markus@cvs.openbsd.org 2003/09/19 11:30:39 | ||
3850 | [ssh-keyscan.c] | ||
3851 | avoid fatal_cleanup, just call exit(); ok deraadt | ||
3852 | - markus@cvs.openbsd.org 2003/09/19 11:31:33 | ||
3853 | [channels.c] | ||
3854 | do not call channel_free_all on fatal; ok deraadt | ||
3855 | - markus@cvs.openbsd.org 2003/09/19 11:33:09 | ||
3856 | [packet.c sshd.c] | ||
3857 | do not call packet_close on fatal; ok deraadt | ||
3858 | - markus@cvs.openbsd.org 2003/09/19 17:40:20 | ||
3859 | [scp.c] | ||
3860 | error handling for remote-remote copy; #638; report Harald Koenig; | ||
3861 | ok millert, fgs, henning, deraadt | ||
3862 | - markus@cvs.openbsd.org 2003/09/19 17:43:35 | ||
3863 | [clientloop.c sshtty.c sshtty.h] | ||
3864 | remove fatal callbacks from client code; ok deraadt | ||
3865 | - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john | ||
3866 | on #unixhelp@efnet | ||
3867 | - (tim) [configure.ac] add --disable-etc-default-login option. ok djm | ||
3868 | - (djm) Sync with V_3_7 branch: | ||
3869 | - (djm) Fix SSH1 challenge kludge | ||
3870 | - (djm) Bug #671: Fix builds on OpenBSD | ||
3871 | - (djm) Bug #676: Fix PAM stack corruption | ||
3872 | - (djm) Fix bad free() in PAM code | ||
3873 | - (djm) Don't call pam_end before pam_init | ||
3874 | - (djm) Enable build with old OpenSSL again | ||
3875 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | ||
3876 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | ||
3877 | |||
3878 | $Id: ChangeLog,v 1.4117.2.10 2006/02/11 00:00:44 djm Exp $ | ||