summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2005-01-04 13:07:27 +0000
committerColin Watson <cjwatson@debian.org>2005-01-04 13:07:27 +0000
commitfd0f611b70a83d80fe8793af785542ee5541b7cd (patch)
treebededd22bb7eeec52e20083237ab7e4113445a16 /ChangeLog
parentc44fe9a5b9d3db96a7249b04d915f17e4a3a3b04 (diff)
parentebd2ce335af5861020c79fddb1ae35c03bf036cf (diff)
Merge 3.9p1 to the trunk.
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog675
1 files changed, 673 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index e259be6a3..2292ffb00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,681 @@
120040817
2 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
3 - (djm) OpenBSD CVS Sync
4 - markus@cvs.openbsd.org 2004/08/16 08:17:01
5 [version.h]
6 3.9
7 - (djm) Crank RPM spec version numbers
8 - (djm) Release 3.9p1
9
1020040816
11 - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
12 to convince Solaris PAM to honour password complexity rules. ok djm@
13
1420040815
15 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
16 it does the right thing on all platforms. ok djm@
17 - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
18 openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
19 openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
20 closefrom() replacement from sudo; ok dtucker@
21 - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
22 - (dtucker) [Makefile.in] Fix typo.
23
2420040814
25 - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
26 Explicitly set umask for mkstemp; ok djm@
27 - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
28 prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
29 - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
30 Plug AIX login recording into login_write so logins will be recorded for
31 all auth types.
32
3320040813
34 - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
35 redhat.com
36- (dtucker) OpenBSD CVS Sync
37 - avsm@cvs.openbsd.org 2004/08/11 21:43:05
38 [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
39 some signed/unsigned int comparison cleanups; markus@ ok
40 - avsm@cvs.openbsd.org 2004/08/11 21:44:32
41 [authfd.c scp.c ssh-keyscan.c]
42 use atomicio instead of homegrown equivalents or read/write.
43 markus@ ok
44 - djm@cvs.openbsd.org 2004/08/12 09:18:24
45 [sshlogin.c]
46 typo in error message, spotted by moritz AT jodeit.org (Id sync only)
47 - jakob@cvs.openbsd.org 2004/08/12 21:41:13
48 [ssh-keygen.1 ssh.1]
49 improve SSHFP documentation; ok deraadt@
50 - jmc@cvs.openbsd.org 2004/08/13 00:01:43
51 [ssh-keygen.1]
52 kill whitespace at eol;
53 - djm@cvs.openbsd.org 2004/08/13 02:51:48
54 [monitor_fdpass.c]
55 extra check for no message case; ok markus, deraadt, hshoexer, henning
56 - dtucker@cvs.openbsd.org 2004/08/13 11:09:24
57 [servconf.c]
58 Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
59 ok markus@, djm@
60
6120040812
62 - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
63 - (dtucker) OpenBSD CVS Sync
64 - markus@cvs.openbsd.org 2004/07/28 08:56:22
65 [sshd.c]
66 call setsid() _before_ re-exec
67 - markus@cvs.openbsd.org 2004/07/28 09:40:29
68 [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
69 sshconnect1.c]
70 more s/illegal/invalid/
71 - djm@cvs.openbsd.org 2004/08/04 10:37:52
72 [dh.c]
73 return group14 when no primes found - fixes hang on empty /etc/moduli;
74 ok markus@
75 - dtucker@cvs.openbsd.org 2004/08/11 11:09:54
76 [servconf.c]
77 Fix minor leak; "looks right" deraadt@
78 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
79 [sshd.c]
80 Don't try to close startup_pipe if it's not open; ok djm@
81 - djm@cvs.openbsd.org 2004/08/11 11:59:22
82 [sshlogin.c]
83 check that lseek went were we told it to; ok markus@
84 (Id sync only, but similar changes are needed in loginrec.c)
85 - djm@cvs.openbsd.org 2004/08/11 12:01:16
86 [sshlogin.c]
87 make store_lastlog_message() static to appease -Wall; ok markus
88 - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
89 messages generated before the postauth privsep split.
90
9120040720
92 - (djm) OpenBSD CVS Sync
93 - markus@cvs.openbsd.org 2004/07/21 08:56:12
94 [auth.c]
95 s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
96 miod, ...
97 - djm@cvs.openbsd.org 2004/07/21 10:33:31
98 [auth1.c auth2.c]
99 bz#899: Don't display invalid usernames in setproctitle
100 from peak AT argo.troja.mff.cuni.cz; ok markus@
101 - djm@cvs.openbsd.org 2004/07/21 10:36:23
102 [gss-serv-krb5.c]
103 fix function declaration
104 - djm@cvs.openbsd.org 2004/07/21 11:51:29
105 [canohost.c]
106 bz#902: cache remote port so we don't fatal() in auth_log when remote
107 connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
108 ok markus@
109 - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
110 usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
111
11220040720
113 - (djm) [log.c] bz #111: Escape more control characters when sending data
114 to syslog; from peak AT argo.troja.mff.cuni.cz
115 - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
116 peak AT argo.troja.mff.cuni.cz
117 - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
118 that sshd is fixed to behave better; suggested by tim
119
12020040719
121 - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
122 ok dtucker@
123 - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
124 instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
125 - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
126 Report by rac AT tenzing.org
127
12820040717
129 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
130 ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
131 openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
132 diff vs OpenBSD; ok mouring@, tested by tim@ too.
133 - (dtucker) OpenBSD CVS Sync
134 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
135 [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
136 readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
137 session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
138 sshd.c ttymodes.h]
139 spaces
140 - brad@cvs.openbsd.org 2004/07/12 23:34:25
141 [ssh-keyscan.1]
142 Fix incorrect macro, .I -> .Em
143 From: Eric S. Raymond <esr at thyrsus dot com>
144 ok jmc@
145 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
146 [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
147 Move "Last logged in at.." message generation to the monitor, right
148 before recording the new login. Fixes missing lastlog message when
149 /var/log/lastlog is not world-readable and incorrect datestamp when
150 multiple sessions are used (bz #463); much assistance & ok markus@
151
15220040711
153 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
154 the monitor to properly clean up the PAM thread (Debian bug #252676).
155
15620040709
157 - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
158 vinschen AT redhat.com
159
16020040708
161 - (dtucker) OpenBSD CVS Sync
162 - dtucker@cvs.openbsd.org 2004/07/03 05:11:33
163 [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
164 Use '\0' not 0 for string; ok djm@, deraadt@
165 - dtucker@cvs.openbsd.org 2004/07/03 11:02:25
166 [monitor_wrap.c]
167 Put s/key functions inside #ifdef SKEY same as monitor.c,
168 from des@freebsd via bz #330, ok markus@
169 - dtucker@cvs.openbsd.org 2004/07/08 12:47:21
170 [scp.c]
171 Prevent scp from skipping the file following a double-error.
172 bz #863, ok markus@
173
17420040702
175 - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by
176 strube at physik3.gwdg.de a long time ago.
177
17820040701
179 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
180 Ensures messages from PAM modules are displayed when privsep=no.
181 - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
182 warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
183 - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
184 to pam_authenticate for challenge-response auth too. Originally from
185 fcusack at fcusack.com, ok djm@
186 - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
187 the same version. Handle the case where someone uses --with-privsep-user=
188 and the user name does not match the group name. ok dtucker@
189
19020040630
191 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
192 appdata_ptr to the conversation function. ok djm@
193 - (djm) OpenBSD CVS Sync
194 - jmc@cvs.openbsd.org 2004/06/26 09:03:21
195 [ssh.1]
196 - remove double word
197 - rearrange .Bk to keep SYNOPSIS nice
198 - -M before -m in options description
199 - jmc@cvs.openbsd.org 2004/06/26 09:11:14
200 [ssh_config.5]
201 punctuation and grammar fixes. also, keep the options in order.
202 - jmc@cvs.openbsd.org 2004/06/26 09:14:40
203 [sshd_config.5]
204 new sentence, new line;
205 - avsm@cvs.openbsd.org 2004/06/26 20:07:16
206 [sshd.c]
207 initialise some fd variables to -1, djm@ ok
208 - djm@cvs.openbsd.org 2004/06/30 08:36:59
209 [session.c]
210 unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
211
21220040627
213 - (tim) update README files.
214 - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros.
215 - (dtucker) [regress/README.regress] Document new variables.
216 - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
217 rename handling for Linux which returns EPERM for link() on (at least some)
218 filesystems that do not support hard links. sftp-server will fall back to
219 stat+rename() in such cases.
220 - (dtucker) [openbsd-compat/port-aix.c] Missing __func__.
221
22220040626
223 - (djm) OpenBSD CVS Sync
224 - djm@cvs.openbsd.org 2004/06/25 18:43:36
225 [sshd.c]
226 fix broken fd handling in the re-exec fallback path, particularly when
227 /dev/crypto is in use; ok deraadt@ markus@
228 - djm@cvs.openbsd.org 2004/06/25 23:21:38
229 [sftp.c]
230 bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de
231
23220040625
233 - (dtucker) OpenBSD CVS Sync
234 - djm@cvs.openbsd.org 2004/06/24 19:30:54
235 [servconf.c servconf.h sshd.c]
236 re-exec sshd on accept(); initial work, final debugging and ok markus@
237 - djm@cvs.openbsd.org 2004/06/25 01:16:09
238 [sshd.c]
239 only perform tcp wrappers checks when the incoming connection is on a
240 socket. silences useless warnings from regress tests that use
241 proxycommand="sshd -i". prompted by david@ ok markus@
242 - djm@cvs.openbsd.org 2004/06/24 19:32:00
243 [regress/Makefile regress/test-exec.sh, added regress/reexec.sh]
244 regress test for re-exec corner cases
245 - djm@cvs.openbsd.org 2004/06/25 01:25:12
246 [regress/test-exec.sh]
247 clean reexec-specific junk out of text-exec.sh and simplify; idea markus@
248 - dtucker@cvs.openbsd.org 2004/06/25 05:38:48
249 [sftp-server.c]
250 Fall back to stat+rename if filesystem doesn't doesn't support hard
251 links. bz#823, ok djm@
252 - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h]
253 Add closefrom() for platforms that don't have it.
254 - (dtucker) [sshd.c] add line missing from reexec sync.
255
25620040623
257 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
258 connections with empty passwords. Patch from davidwu at nbttech.com,
259 ok djm@
260 - (dtucker) OpenBSD CVS Sync
261 - dtucker@cvs.openbsd.org 2004/06/22 22:42:02
262 [regress/envpass.sh]
263 Add quoting for test -z; ok markus@
264 - dtucker@cvs.openbsd.org 2004/06/22 22:45:52
265 [regress/test-exec.sh]
266 Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
267 arbitary options to sshd_config and ssh_config during tests. ok markus@
268 - dtucker@cvs.openbsd.org 2004/06/22 22:55:56
269 [regress/dynamic-forward.sh regress/test-exec.sh]
270 Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
271 - mouring@cvs.openbsd.org 2004/06/23 00:39:38
272 [rijndael.c]
273 -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@
274 - dtucker@cvs.openbsd.org 2004/06/23 14:31:01
275 [ssh.c]
276 Fix counting in master/slave when passing environment variables; ok djm@
277 - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match
278 -Wshadow change.
279 - (bal) [Makefile.in] Remove opensshd.init on 'make distclean'
280 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
281 Move loginrestrictions test to port-aix.c, replace with a generic hook.
282 - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable.
283 - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added
284 reference to "findssl.sh"
285
28620040622
287 - (dtucker) OpenBSD CVS Sync
288 - djm@cvs.openbsd.org 2004/06/20 17:36:59
289 [ssh.c]
290 filter passed env vars at slave in connection sharing case; ok markus@
291 - djm@cvs.openbsd.org 2004/06/20 18:53:39
292 [sftp.c]
293 make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
294 (like /bin/ls); idea & ok markus@
295 - djm@cvs.openbsd.org 2004/06/20 19:28:12
296 [sftp.1]
297 mention new -n flag
298 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
299 [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
300 cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
301 monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
302 ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
303 sshpty.c]
304 make ssh -Wshadow clean, no functional changes
305 markus@ ok
306 - djm@cvs.openbsd.org 2004/06/21 17:53:03
307 [session.c]
308 fix fd leak for multiple subsystem connections; with markus@
309 - djm@cvs.openbsd.org 2004/06/21 22:02:58
310 [log.h]
311 mark fatal and cleanup exit as __dead; ok markus@
312 - djm@cvs.openbsd.org 2004/06/21 22:04:50
313 [sftp.c]
314 introduce sorting for ls, same options as /bin/ls; ok markus@
315 - djm@cvs.openbsd.org 2004/06/21 22:30:45
316 [sftp.c]
317 prefix ls option flags with LS_
318 - djm@cvs.openbsd.org 2004/06/21 22:41:31
319 [sftp.1]
320 document sort options
321 - djm@cvs.openbsd.org 2004/06/22 01:16:39
322 [sftp.c]
323 don't show .files by default in ls, add -a option to turn them back on;
324 ok markus
325 - markus@cvs.openbsd.org 2004/06/22 03:12:13
326 [regress/envpass.sh regress/multiplex.sh]
327 more portable env passing tests
328 - dtucker@cvs.openbsd.org 2004/06/22 05:05:45
329 [monitor.c monitor_wrap.c]
330 Change login->username, will prevent -Wshadow errors in Portable;
331 ok markus@
332 - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket".
333 - (dtucker) [defines.h] Define __dead if not already defined.
334 - (bal) [auth-passwd.c auth1.c] Clean up unused variables.
335
33620040620
337 - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
338
33920040619
340 - (dtucker) [auth-pam.c] Don't use PAM namespace for
341 pam_password_change_required either.
342 - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd
343 init script to top level directory. Add opensshd.init.in.
344 Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in
345
34620040618
347 - (djm) OpenBSD CVS Sync
348 - djm@cvs.openbsd.org 2004/06/17 14:52:48
349 [clientloop.c clientloop.h ssh.c]
350 support environment passing over shared connections; ok markus@
351 - djm@cvs.openbsd.org 2004/06/17 15:10:14
352 [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
353 Add option for confirmation (ControlMaster=ask) via ssh-askpass before
354 opening shared connections; ok markus@
355 - djm@cvs.openbsd.org 2004/06/17 14:53:27
356 [regress/multiplex.sh]
357 shared connection env passing regress test
358 - (dtucker) [regress/README.regress] Add detail on how to run a single
359 test from the top-level Makefile.
360 - (dtucker) OpenBSD CVS Sync
361 - djm@cvs.openbsd.org 2004/06/17 23:56:57
362 [ssh.1 ssh.c]
363 sync usage() and SYNPOSIS with connection sharing changes
364 - dtucker@cvs.openbsd.org 2004/06/18 06:13:25
365 [sftp.c]
366 Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@
367 - dtucker@cvs.openbsd.org 2004/06/18 06:15:51
368 [multiplex.sh]
369 Use -S for scp/sftp to force the use of the ssh being tested.
370 ok djm@,markus@
371 - (djm) OpenBSD CVS Sync
372 - djm@cvs.openbsd.org 2004/06/18 10:40:19
373 [ssh.c]
374 delay signal handler setup until we have finished talking to the master.
375 allow interrupting of setup (e.g. if master is stuck); ok markus@
376 - markus@cvs.openbsd.org 2004/06/18 10:55:43
377 [ssh.1 ssh.c]
378 trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask';
379 ok djm
380 - djm@cvs.openbsd.org 2004/06/18 11:11:54
381 [channels.c clientloop.c]
382 Don't explode in clientloop when we receive a bogus channel id, but
383 also don't generate them to begin with; ok markus@
384
38520040617
386 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
387 platforms), so test if diff understands it. Pointed out by tim@, ok djm@
388 - (dtucker) OpenBSD CVS Sync regress/
389 - dtucker@cvs.openbsd.org 2004/06/17 05:51:59
390 [regress/multiplex.sh]
391 Remove datafile between and after tests, kill sshd rather than wait;
392 ok djm@
393 - dtucker@cvs.openbsd.org 2004/06/17 06:00:05
394 [regress/multiplex.sh]
395 Use DATA and COPY for test data rather than hard-coded paths; ok djm@
396 - dtucker@cvs.openbsd.org 2004/06/17 06:19:06
397 [regress/multiplex.sh]
398 Add small description of failing test to failure message; ok djm@
399 - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need
400 it.
401 - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not
402 enough for slow systems, especially if they don't have a kernel RNG).
403
40420040616
405 - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
406 code changes.
407 - (dtucker) OpenBSD CVS Sync regress/
408 - djm@cvs.openbsd.org 2004/04/27 09:47:30
409 [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
410 regress test for environment passing, SendEnv & AcceptEnv options;
411 ok markus@
412 - dtucker@cvs.openbsd.org 2004/06/13 13:51:02
413 [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh
414 regress/scp.sh]
415 Add scp regression test; with & ok markus@
416 - djm@cvs.openbsd.org 2004/06/13 15:04:08
417 [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
418 regress test for client multiplexing; ok markus@
419 - djm@cvs.openbsd.org 2004/06/13 15:16:54
420 [regress/test-exec.sh]
421 remove duplicate setting of $SCP; spotted by markus@
422 - dtucker@cvs.openbsd.org 2004/06/16 13:15:09
423 [regress/scp.sh]
424 Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@
425 - dtucker@cvs.openbsd.org 2004/06/16 13:16:40
426 [regress/multiplex.sh]
427 Silence multiplex sftp and scp tests. ok markus@
428 - (dtucker) [regress/test-exec.sh]
429 Move Portable-only StrictModes to top of list to make syncs easier.
430 - (dtucker) [regress/README.regress]
431 Add $TEST_SHELL to readme.
432
43320040615
434 - (djm) OpenBSD CVS Sync
435 - djm@cvs.openbsd.org 2004/05/26 08:59:57
436 [sftp.c]
437 exit -> _exit in forked child on error; from andrushock AT korovino.net
438 - markus@cvs.openbsd.org 2004/05/26 23:02:39
439 [channels.c]
440 missing freeaddrinfo; Andrey Matveev
441 - dtucker@cvs.openbsd.org 2004/05/27 00:50:13
442 [readconf.c]
443 Kill dead code after fatal(); ok djm@
444 - dtucker@cvs.openbsd.org 2004/06/01 14:20:45
445 [auth2-chall.c]
446 Remove redundant #include; ok markus@
447 - pedro@cvs.openbsd.org 2004/06/03 12:22:20
448 [sftp-client.c sftp.c]
449 initialize pointers, ok markus@
450 - djm@cvs.openbsd.org 2004/06/13 12:53:24
451 [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
452 [ssh-keyscan.c sshconnect2.c sshd.c]
453 implement diffie-hellman-group14-sha1 kex method (trivial extension to
454 existing diffie-hellman-group1-sha1); ok markus@
455 - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
456 [ssh.1 ssh_config.5 sshd_config.5]
457 List supported ciphers in man pages, tidy up ssh -c;
458 "looks fine" jmc@, ok markus@
459 - djm@cvs.openbsd.org 2004/06/13 15:03:02
460 [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
461 [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
462 implement session multiplexing in the client (the server has supported
463 this since 2.0); ok markus@
464 - djm@cvs.openbsd.org 2004/06/14 01:44:39
465 [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
466 [sshd.c]
467 set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
468 - djm@cvs.openbsd.org 2004/06/15 05:45:04
469 [clientloop.c]
470 missed one unset_nonblock; spotted by Tim Rice
471 - (djm) Fix Makefile.in for connection sharing changes
472 - (djm) [ssh.c] Use separate var for address length
473
47420040603
475 - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
476 ok djm@
477
47820040601
479 - (djm) [auth-pam.c] Add copyright for local changes
480
48120040530
482 - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM
483 support for PasswordAuthentication=yes. ok djm@
484 - (dtucker) [auth-pam.c] Use an invalid password for root if
485 PermitRootLogin != yes or the login is invalid, to prevent leaking
486 information. Based on Openwall's owl-always-auth patch. ok djm@
487 - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
488 - (tim) [buildpkg.sh.in] New file. A more flexible version of
489 contrib/solaris/buildpkg.sh used for "make package".
490 - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file.
491
49220040527
493 - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
494 contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
495 and Jim Knoble's email address , from Jim himself.
496
49720040524
498 - (dtucker) OpenBSD CVS Sync
499 - djm@cvs.openbsd.org 2004/05/19 12:17:33
500 [sftp-client.c sftp.c]
501 gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
502 waiting for a command; ok markus@
503 - dtucker@cvs.openbsd.org 2004/05/20 10:58:05
504 [clientloop.c]
505 Trivial type fix 0 -> '\0'; ok markus@
506 - markus@cvs.openbsd.org 2004/05/21 08:43:03
507 [kex.h moduli.c tildexpand.c]
508 add prototypes for -Wall; ok djm
509 - djm@cvs.openbsd.org 2004/05/21 11:33:11
510 [channels.c channels.h clientloop.c serverloop.c ssh.1]
511 bz #756: add support for the cancel-tcpip-forward request for the server
512 and the client (through the ~C commandline). reported by z3p AT
513 twistedmatrix.com; ok markus@
514 - djm@cvs.openbsd.org 2004/05/22 06:32:12
515 [clientloop.c ssh.1]
516 use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
517 - jmc@cvs.openbsd.org 2004/05/22 16:01:05
518 [ssh.1]
519 kill whitespace at eol;
520 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
521 [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
522 sshd_config.5]
523 Add MaxAuthTries sshd config option; ok markus@
524 - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
525 is terminated if the privsep slave exits during keyboard-interactive
526 authentication. ok djm@
527 - (dtucker) [sshd.c] Fix typo in comment.
528
52920040523
530 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
531 sshd_config; ok dtucker@
532 - (djm) [configure.ac] Warn if the system has no known way of figuring out
533 which user is on the other end of a Unix domain socket; ok dtucker@
534 - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle
535 old/broken/incomplete <sys/queue.h>.
536
53720040513
538 - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
539 libresolv, fixes problems detecting it on some platforms
540 (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@
541 - (dtucker) OpenBSD CVS Sync
542 - jmc@cvs.openbsd.org 2004/05/04 18:36:07
543 [scp.1]
544 SendEnv here too;
545 - jmc@cvs.openbsd.org 2004/05/06 11:24:23
546 [ssh_config.5]
547 typo from John Cosimano (PR 3770);
548 - deraadt@cvs.openbsd.org 2004/05/08 00:01:37
549 [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
550 tildexpand.c], removed: sshtty.h tildexpand.h
551 make two tiny header files go away; djm ok
552 - djm@cvs.openbsd.org 2004/05/08 00:21:31
553 [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
554 sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
555 kill a tiny header; ok deraadt@
556 - djm@cvs.openbsd.org 2004/05/09 00:06:47
557 [moduli.c ssh-keygen.c] removed: moduli.h
558 zap another tiny header; ok deraadt@
559 - djm@cvs.openbsd.org 2004/05/09 01:19:28
560 [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
561 sshd.c] removed: mpaux.c mpaux.h
562 kill some more tiny files; ok deraadt@
563 - djm@cvs.openbsd.org 2004/05/09 01:26:48
564 [kex.c]
565 don't overwrite what we are trying to compute
566 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43
567 [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
568 packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
569 improve some code lint did not like; djm millert ok
570 - dtucker@cvs.openbsd.org 2004/05/13 02:47:50
571 [ssh-agent.1]
572 Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
573 - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
574 UsePAM section. Parts from djm@ and jmc@.
575 - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
576 readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
577 - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR
578 is defined before using.
579 - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR
580 -> HAVE_DECL_H_ERRNO.
581
58220040502
583 - (dtucker) OpenBSD CVS Sync
584 - djm@cvs.openbsd.org 2004/04/22 11:56:57
585 [moduli.c]
586 Bugzilla #850: Sophie Germain is the correct name of the French
587 mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
588 - djm@cvs.openbsd.org 2004/04/27 09:46:37
589 [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
590 ssh_config.5 sshd_config.5]
591 bz #815: implement ability to pass specified environment variables from
592 the client to the server; ok markus@
593 - djm@cvs.openbsd.org 2004/04/28 05:17:10
594 [ssh_config.5 sshd_config.5]
595 manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
596 - jmc@cvs.openbsd.org 2004/04/28 07:02:56
597 [sshd_config.5]
598 remove unnecessary .Pp;
599 - jmc@cvs.openbsd.org 2004/04/28 07:13:42
600 [sftp.1 ssh.1]
601 add SendEnv to -o list;
602 - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
603 [sshd.8]
604 Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
605 via Debian; ok djm@
606 - dtucker@cvs.openbsd.org 2004/05/02 11:57:52
607 [ssh.1]
608 ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via
609 Debian. ok djm@
610 - dtucker@cvs.openbsd.org 2004/05/02 23:02:17
611 [sftp.1]
612 ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@
613 - dtucker@cvs.openbsd.org 2004/05/02 23:17:51
614 [scp.1]
615 ConnectionTimeout -> ConnectTimeout for scp.1 too.
616
61720040423
618 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno
619 as extern int if not already declared. Fixes compile errors on old SCO
620 platforms. ok tim@
621 - (dtucker) [README.platform] List prereqs for building on Cygwin.
622
62320040421
624 - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@
625
62620040420
627 - (djm) OpenBSD CVS Sync
628 - henning@cvs.openbsd.org 2004/04/08 16:08:21
629 [sshconnect2.c]
630 swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what
631 FreeBSD and NetBSD do.
632 ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
633 - djm@cvs.openbsd.org 2004/04/18 23:10:26
634 [readconf.c readconf.h ssh-keysign.c ssh.c]
635 perform strict ownership and modes checks for ~/.ssh/config files,
636 as these can be used to execute arbitrary programs; ok markus@
637 NB. ssh will now exit when it detects a config with poor permissions
638 - djm@cvs.openbsd.org 2004/04/19 13:02:40
639 [ssh.1 ssh_config.5]
640 document strict permission checks on ~/.ssh/config; prompted by,
641 with & ok jmc@
642 - jmc@cvs.openbsd.org 2004/04/19 16:12:14
643 [ssh_config.5]
644 kill whitespace at eol;
645 - djm@cvs.openbsd.org 2004/04/19 21:51:49
646 [ssh.c]
647 fix idiot typo that i introduced in my last commit;
648 spotted by cschneid AT cschneid.com
649 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for
650 above change
651 - (djm) [configure.ac] Check whether libroken is required when building
652 with Heimdal
653
65420040419
655 - (dtucker) OpenBSD CVS Sync
656 - dtucker@cvs.openbsd.org 2004/02/29 22:04:45
657 [regress/login-timeout.sh]
658 Use sudo when restarting daemon during test. ok markus@
659 - dtucker@cvs.openbsd.org 2004/03/08 10:17:12
660 [regress/login-timeout.sh]
661 Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only)
662 - djm@cvs.openbsd.org 2004/03/30 12:41:56
663 [sftp-client.c]
664 sync comment with reality
665 - djm@cvs.openbsd.org 2004/03/31 21:58:47
666 [canohost.c]
667 don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
668 - markus@cvs.openbsd.org 2004/04/01 12:19:57
669 [scp.c]
670 limit trust between local and remote rcp/scp process,
671 noticed by lcamtuf; ok deraadt@, djm@
672
120040418 67320040418
2 - (dtucker) [auth-pam.c] Log username and source host for failed PAM 674 - (dtucker) [auth-pam.c] Log username and source host for failed PAM
3 authentication attempts. With & ok djm@ 675 authentication attempts. With & ok djm@
4 - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow 676 - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow
5 change of user context without a password, so relax auth method 677 change of user context without a password, so relax auth method
6 restrictions; from vinschen AT redhat.com; ok dtucker@ 678 restrictions; from vinschen AT redhat.com; ok dtucker@
7 - Release 3.8.1p1
8 679
920040416 68020040416
10 - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since 681 - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since
@@ -983,4 +1654,4 @@
983 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 1654 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
984 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 1655 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
985 1656
986$Id: ChangeLog,v 1.3316.2.1 2004/04/18 12:51:12 djm Exp $ 1657$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $