diff options
author | Colin Watson <cjwatson@debian.org> | 2005-01-04 13:07:27 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2005-01-04 13:07:27 +0000 |
commit | fd0f611b70a83d80fe8793af785542ee5541b7cd (patch) | |
tree | bededd22bb7eeec52e20083237ab7e4113445a16 /ChangeLog | |
parent | c44fe9a5b9d3db96a7249b04d915f17e4a3a3b04 (diff) | |
parent | ebd2ce335af5861020c79fddb1ae35c03bf036cf (diff) |
Merge 3.9p1 to the trunk.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 675 |
1 files changed, 673 insertions, 2 deletions
@@ -1,10 +1,681 @@ | |||
1 | 20040817 | ||
2 | - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. | ||
3 | - (djm) OpenBSD CVS Sync | ||
4 | - markus@cvs.openbsd.org 2004/08/16 08:17:01 | ||
5 | [version.h] | ||
6 | 3.9 | ||
7 | - (djm) Crank RPM spec version numbers | ||
8 | - (djm) Release 3.9p1 | ||
9 | |||
10 | 20040816 | ||
11 | - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root | ||
12 | to convince Solaris PAM to honour password complexity rules. ok djm@ | ||
13 | |||
14 | 20040815 | ||
15 | - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since | ||
16 | it does the right thing on all platforms. ok djm@ | ||
17 | - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in | ||
18 | openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c | ||
19 | openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter | ||
20 | closefrom() replacement from sudo; ok dtucker@ | ||
21 | - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker | ||
22 | - (dtucker) [Makefile.in] Fix typo. | ||
23 | |||
24 | 20040814 | ||
25 | - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c] | ||
26 | Explicitly set umask for mkstemp; ok djm@ | ||
27 | - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise | ||
28 | prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@ | ||
29 | - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] | ||
30 | Plug AIX login recording into login_write so logins will be recorded for | ||
31 | all auth types. | ||
32 | |||
33 | 20040813 | ||
34 | - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at | ||
35 | redhat.com | ||
36 | - (dtucker) OpenBSD CVS Sync | ||
37 | - avsm@cvs.openbsd.org 2004/08/11 21:43:05 | ||
38 | [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] | ||
39 | some signed/unsigned int comparison cleanups; markus@ ok | ||
40 | - avsm@cvs.openbsd.org 2004/08/11 21:44:32 | ||
41 | [authfd.c scp.c ssh-keyscan.c] | ||
42 | use atomicio instead of homegrown equivalents or read/write. | ||
43 | markus@ ok | ||
44 | - djm@cvs.openbsd.org 2004/08/12 09:18:24 | ||
45 | [sshlogin.c] | ||
46 | typo in error message, spotted by moritz AT jodeit.org (Id sync only) | ||
47 | - jakob@cvs.openbsd.org 2004/08/12 21:41:13 | ||
48 | [ssh-keygen.1 ssh.1] | ||
49 | improve SSHFP documentation; ok deraadt@ | ||
50 | - jmc@cvs.openbsd.org 2004/08/13 00:01:43 | ||
51 | [ssh-keygen.1] | ||
52 | kill whitespace at eol; | ||
53 | - djm@cvs.openbsd.org 2004/08/13 02:51:48 | ||
54 | [monitor_fdpass.c] | ||
55 | extra check for no message case; ok markus, deraadt, hshoexer, henning | ||
56 | - dtucker@cvs.openbsd.org 2004/08/13 11:09:24 | ||
57 | [servconf.c] | ||
58 | Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr | ||
59 | ok markus@, djm@ | ||
60 | |||
61 | 20040812 | ||
62 | - (dtucker) [sshd.c] Remove duplicate variable imported during sync. | ||
63 | - (dtucker) OpenBSD CVS Sync | ||
64 | - markus@cvs.openbsd.org 2004/07/28 08:56:22 | ||
65 | [sshd.c] | ||
66 | call setsid() _before_ re-exec | ||
67 | - markus@cvs.openbsd.org 2004/07/28 09:40:29 | ||
68 | [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c | ||
69 | sshconnect1.c] | ||
70 | more s/illegal/invalid/ | ||
71 | - djm@cvs.openbsd.org 2004/08/04 10:37:52 | ||
72 | [dh.c] | ||
73 | return group14 when no primes found - fixes hang on empty /etc/moduli; | ||
74 | ok markus@ | ||
75 | - dtucker@cvs.openbsd.org 2004/08/11 11:09:54 | ||
76 | [servconf.c] | ||
77 | Fix minor leak; "looks right" deraadt@ | ||
78 | - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 | ||
79 | [sshd.c] | ||
80 | Don't try to close startup_pipe if it's not open; ok djm@ | ||
81 | - djm@cvs.openbsd.org 2004/08/11 11:59:22 | ||
82 | [sshlogin.c] | ||
83 | check that lseek went were we told it to; ok markus@ | ||
84 | (Id sync only, but similar changes are needed in loginrec.c) | ||
85 | - djm@cvs.openbsd.org 2004/08/11 12:01:16 | ||
86 | [sshlogin.c] | ||
87 | make store_lastlog_message() static to appease -Wall; ok markus | ||
88 | - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling | ||
89 | messages generated before the postauth privsep split. | ||
90 | |||
91 | 20040720 | ||
92 | - (djm) OpenBSD CVS Sync | ||
93 | - markus@cvs.openbsd.org 2004/07/21 08:56:12 | ||
94 | [auth.c] | ||
95 | s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, | ||
96 | miod, ... | ||
97 | - djm@cvs.openbsd.org 2004/07/21 10:33:31 | ||
98 | [auth1.c auth2.c] | ||
99 | bz#899: Don't display invalid usernames in setproctitle | ||
100 | from peak AT argo.troja.mff.cuni.cz; ok markus@ | ||
101 | - djm@cvs.openbsd.org 2004/07/21 10:36:23 | ||
102 | [gss-serv-krb5.c] | ||
103 | fix function declaration | ||
104 | - djm@cvs.openbsd.org 2004/07/21 11:51:29 | ||
105 | [canohost.c] | ||
106 | bz#902: cache remote port so we don't fatal() in auth_log when remote | ||
107 | connection goes away quickly. from peak AT argo.troja.mff.cuni.cz; | ||
108 | ok markus@ | ||
109 | - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid | ||
110 | usernames in setproctitle from peak AT argo.troja.mff.cuni.cz; | ||
111 | |||
112 | 20040720 | ||
113 | - (djm) [log.c] bz #111: Escape more control characters when sending data | ||
114 | to syslog; from peak AT argo.troja.mff.cuni.cz | ||
115 | - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from | ||
116 | peak AT argo.troja.mff.cuni.cz | ||
117 | - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now | ||
118 | that sshd is fixed to behave better; suggested by tim | ||
119 | |||
120 | 20040719 | ||
121 | - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD | ||
122 | ok dtucker@ | ||
123 | - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function, | ||
124 | instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@ | ||
125 | - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry. | ||
126 | Report by rac AT tenzing.org | ||
127 | |||
128 | 20040717 | ||
129 | - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c | ||
130 | ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c | ||
131 | openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces | ||
132 | diff vs OpenBSD; ok mouring@, tested by tim@ too. | ||
133 | - (dtucker) OpenBSD CVS Sync | ||
134 | - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 | ||
135 | [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c | ||
136 | readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c | ||
137 | session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h | ||
138 | sshd.c ttymodes.h] | ||
139 | spaces | ||
140 | - brad@cvs.openbsd.org 2004/07/12 23:34:25 | ||
141 | [ssh-keyscan.1] | ||
142 | Fix incorrect macro, .I -> .Em | ||
143 | From: Eric S. Raymond <esr at thyrsus dot com> | ||
144 | ok jmc@ | ||
145 | - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 | ||
146 | [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] | ||
147 | Move "Last logged in at.." message generation to the monitor, right | ||
148 | before recording the new login. Fixes missing lastlog message when | ||
149 | /var/log/lastlog is not world-readable and incorrect datestamp when | ||
150 | multiple sessions are used (bz #463); much assistance & ok markus@ | ||
151 | |||
152 | 20040711 | ||
153 | - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows | ||
154 | the monitor to properly clean up the PAM thread (Debian bug #252676). | ||
155 | |||
156 | 20040709 | ||
157 | - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from | ||
158 | vinschen AT redhat.com | ||
159 | |||
160 | 20040708 | ||
161 | - (dtucker) OpenBSD CVS Sync | ||
162 | - dtucker@cvs.openbsd.org 2004/07/03 05:11:33 | ||
163 | [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable) | ||
164 | Use '\0' not 0 for string; ok djm@, deraadt@ | ||
165 | - dtucker@cvs.openbsd.org 2004/07/03 11:02:25 | ||
166 | [monitor_wrap.c] | ||
167 | Put s/key functions inside #ifdef SKEY same as monitor.c, | ||
168 | from des@freebsd via bz #330, ok markus@ | ||
169 | - dtucker@cvs.openbsd.org 2004/07/08 12:47:21 | ||
170 | [scp.c] | ||
171 | Prevent scp from skipping the file following a double-error. | ||
172 | bz #863, ok markus@ | ||
173 | |||
174 | 20040702 | ||
175 | - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by | ||
176 | strube at physik3.gwdg.de a long time ago. | ||
177 | |||
178 | 20040701 | ||
179 | - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. | ||
180 | Ensures messages from PAM modules are displayed when privsep=no. | ||
181 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes | ||
182 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ | ||
183 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK | ||
184 | to pam_authenticate for challenge-response auth too. Originally from | ||
185 | fcusack at fcusack.com, ok djm@ | ||
186 | - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within | ||
187 | the same version. Handle the case where someone uses --with-privsep-user= | ||
188 | and the user name does not match the group name. ok dtucker@ | ||
189 | |||
190 | 20040630 | ||
191 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | ||
192 | appdata_ptr to the conversation function. ok djm@ | ||
193 | - (djm) OpenBSD CVS Sync | ||
194 | - jmc@cvs.openbsd.org 2004/06/26 09:03:21 | ||
195 | [ssh.1] | ||
196 | - remove double word | ||
197 | - rearrange .Bk to keep SYNOPSIS nice | ||
198 | - -M before -m in options description | ||
199 | - jmc@cvs.openbsd.org 2004/06/26 09:11:14 | ||
200 | [ssh_config.5] | ||
201 | punctuation and grammar fixes. also, keep the options in order. | ||
202 | - jmc@cvs.openbsd.org 2004/06/26 09:14:40 | ||
203 | [sshd_config.5] | ||
204 | new sentence, new line; | ||
205 | - avsm@cvs.openbsd.org 2004/06/26 20:07:16 | ||
206 | [sshd.c] | ||
207 | initialise some fd variables to -1, djm@ ok | ||
208 | - djm@cvs.openbsd.org 2004/06/30 08:36:59 | ||
209 | [session.c] | ||
210 | unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@ | ||
211 | |||
212 | 20040627 | ||
213 | - (tim) update README files. | ||
214 | - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros. | ||
215 | - (dtucker) [regress/README.regress] Document new variables. | ||
216 | - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp | ||
217 | rename handling for Linux which returns EPERM for link() on (at least some) | ||
218 | filesystems that do not support hard links. sftp-server will fall back to | ||
219 | stat+rename() in such cases. | ||
220 | - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. | ||
221 | |||
222 | 20040626 | ||
223 | - (djm) OpenBSD CVS Sync | ||
224 | - djm@cvs.openbsd.org 2004/06/25 18:43:36 | ||
225 | [sshd.c] | ||
226 | fix broken fd handling in the re-exec fallback path, particularly when | ||
227 | /dev/crypto is in use; ok deraadt@ markus@ | ||
228 | - djm@cvs.openbsd.org 2004/06/25 23:21:38 | ||
229 | [sftp.c] | ||
230 | bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de | ||
231 | |||
232 | 20040625 | ||
233 | - (dtucker) OpenBSD CVS Sync | ||
234 | - djm@cvs.openbsd.org 2004/06/24 19:30:54 | ||
235 | [servconf.c servconf.h sshd.c] | ||
236 | re-exec sshd on accept(); initial work, final debugging and ok markus@ | ||
237 | - djm@cvs.openbsd.org 2004/06/25 01:16:09 | ||
238 | [sshd.c] | ||
239 | only perform tcp wrappers checks when the incoming connection is on a | ||
240 | socket. silences useless warnings from regress tests that use | ||
241 | proxycommand="sshd -i". prompted by david@ ok markus@ | ||
242 | - djm@cvs.openbsd.org 2004/06/24 19:32:00 | ||
243 | [regress/Makefile regress/test-exec.sh, added regress/reexec.sh] | ||
244 | regress test for re-exec corner cases | ||
245 | - djm@cvs.openbsd.org 2004/06/25 01:25:12 | ||
246 | [regress/test-exec.sh] | ||
247 | clean reexec-specific junk out of text-exec.sh and simplify; idea markus@ | ||
248 | - dtucker@cvs.openbsd.org 2004/06/25 05:38:48 | ||
249 | [sftp-server.c] | ||
250 | Fall back to stat+rename if filesystem doesn't doesn't support hard | ||
251 | links. bz#823, ok djm@ | ||
252 | - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h] | ||
253 | Add closefrom() for platforms that don't have it. | ||
254 | - (dtucker) [sshd.c] add line missing from reexec sync. | ||
255 | |||
256 | 20040623 | ||
257 | - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 | ||
258 | connections with empty passwords. Patch from davidwu at nbttech.com, | ||
259 | ok djm@ | ||
260 | - (dtucker) OpenBSD CVS Sync | ||
261 | - dtucker@cvs.openbsd.org 2004/06/22 22:42:02 | ||
262 | [regress/envpass.sh] | ||
263 | Add quoting for test -z; ok markus@ | ||
264 | - dtucker@cvs.openbsd.org 2004/06/22 22:45:52 | ||
265 | [regress/test-exec.sh] | ||
266 | Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding | ||
267 | arbitary options to sshd_config and ssh_config during tests. ok markus@ | ||
268 | - dtucker@cvs.openbsd.org 2004/06/22 22:55:56 | ||
269 | [regress/dynamic-forward.sh regress/test-exec.sh] | ||
270 | Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@ | ||
271 | - mouring@cvs.openbsd.org 2004/06/23 00:39:38 | ||
272 | [rijndael.c] | ||
273 | -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@ | ||
274 | - dtucker@cvs.openbsd.org 2004/06/23 14:31:01 | ||
275 | [ssh.c] | ||
276 | Fix counting in master/slave when passing environment variables; ok djm@ | ||
277 | - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match | ||
278 | -Wshadow change. | ||
279 | - (bal) [Makefile.in] Remove opensshd.init on 'make distclean' | ||
280 | - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] | ||
281 | Move loginrestrictions test to port-aix.c, replace with a generic hook. | ||
282 | - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable. | ||
283 | - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added | ||
284 | reference to "findssl.sh" | ||
285 | |||
286 | 20040622 | ||
287 | - (dtucker) OpenBSD CVS Sync | ||
288 | - djm@cvs.openbsd.org 2004/06/20 17:36:59 | ||
289 | [ssh.c] | ||
290 | filter passed env vars at slave in connection sharing case; ok markus@ | ||
291 | - djm@cvs.openbsd.org 2004/06/20 18:53:39 | ||
292 | [sftp.c] | ||
293 | make "ls -l" listings print user/group names, add "ls -n" to show uid/gid | ||
294 | (like /bin/ls); idea & ok markus@ | ||
295 | - djm@cvs.openbsd.org 2004/06/20 19:28:12 | ||
296 | [sftp.1] | ||
297 | mention new -n flag | ||
298 | - avsm@cvs.openbsd.org 2004/06/21 17:36:31 | ||
299 | [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c | ||
300 | cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c | ||
301 | monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c | ||
302 | ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c | ||
303 | sshpty.c] | ||
304 | make ssh -Wshadow clean, no functional changes | ||
305 | markus@ ok | ||
306 | - djm@cvs.openbsd.org 2004/06/21 17:53:03 | ||
307 | [session.c] | ||
308 | fix fd leak for multiple subsystem connections; with markus@ | ||
309 | - djm@cvs.openbsd.org 2004/06/21 22:02:58 | ||
310 | [log.h] | ||
311 | mark fatal and cleanup exit as __dead; ok markus@ | ||
312 | - djm@cvs.openbsd.org 2004/06/21 22:04:50 | ||
313 | [sftp.c] | ||
314 | introduce sorting for ls, same options as /bin/ls; ok markus@ | ||
315 | - djm@cvs.openbsd.org 2004/06/21 22:30:45 | ||
316 | [sftp.c] | ||
317 | prefix ls option flags with LS_ | ||
318 | - djm@cvs.openbsd.org 2004/06/21 22:41:31 | ||
319 | [sftp.1] | ||
320 | document sort options | ||
321 | - djm@cvs.openbsd.org 2004/06/22 01:16:39 | ||
322 | [sftp.c] | ||
323 | don't show .files by default in ls, add -a option to turn them back on; | ||
324 | ok markus | ||
325 | - markus@cvs.openbsd.org 2004/06/22 03:12:13 | ||
326 | [regress/envpass.sh regress/multiplex.sh] | ||
327 | more portable env passing tests | ||
328 | - dtucker@cvs.openbsd.org 2004/06/22 05:05:45 | ||
329 | [monitor.c monitor_wrap.c] | ||
330 | Change login->username, will prevent -Wshadow errors in Portable; | ||
331 | ok markus@ | ||
332 | - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket". | ||
333 | - (dtucker) [defines.h] Define __dead if not already defined. | ||
334 | - (bal) [auth-passwd.c auth1.c] Clean up unused variables. | ||
335 | |||
336 | 20040620 | ||
337 | - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. | ||
338 | |||
339 | 20040619 | ||
340 | - (dtucker) [auth-pam.c] Don't use PAM namespace for | ||
341 | pam_password_change_required either. | ||
342 | - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd | ||
343 | init script to top level directory. Add opensshd.init.in. | ||
344 | Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in | ||
345 | |||
346 | 20040618 | ||
347 | - (djm) OpenBSD CVS Sync | ||
348 | - djm@cvs.openbsd.org 2004/06/17 14:52:48 | ||
349 | [clientloop.c clientloop.h ssh.c] | ||
350 | support environment passing over shared connections; ok markus@ | ||
351 | - djm@cvs.openbsd.org 2004/06/17 15:10:14 | ||
352 | [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] | ||
353 | Add option for confirmation (ControlMaster=ask) via ssh-askpass before | ||
354 | opening shared connections; ok markus@ | ||
355 | - djm@cvs.openbsd.org 2004/06/17 14:53:27 | ||
356 | [regress/multiplex.sh] | ||
357 | shared connection env passing regress test | ||
358 | - (dtucker) [regress/README.regress] Add detail on how to run a single | ||
359 | test from the top-level Makefile. | ||
360 | - (dtucker) OpenBSD CVS Sync | ||
361 | - djm@cvs.openbsd.org 2004/06/17 23:56:57 | ||
362 | [ssh.1 ssh.c] | ||
363 | sync usage() and SYNPOSIS with connection sharing changes | ||
364 | - dtucker@cvs.openbsd.org 2004/06/18 06:13:25 | ||
365 | [sftp.c] | ||
366 | Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@ | ||
367 | - dtucker@cvs.openbsd.org 2004/06/18 06:15:51 | ||
368 | [multiplex.sh] | ||
369 | Use -S for scp/sftp to force the use of the ssh being tested. | ||
370 | ok djm@,markus@ | ||
371 | - (djm) OpenBSD CVS Sync | ||
372 | - djm@cvs.openbsd.org 2004/06/18 10:40:19 | ||
373 | [ssh.c] | ||
374 | delay signal handler setup until we have finished talking to the master. | ||
375 | allow interrupting of setup (e.g. if master is stuck); ok markus@ | ||
376 | - markus@cvs.openbsd.org 2004/06/18 10:55:43 | ||
377 | [ssh.1 ssh.c] | ||
378 | trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; | ||
379 | ok djm | ||
380 | - djm@cvs.openbsd.org 2004/06/18 11:11:54 | ||
381 | [channels.c clientloop.c] | ||
382 | Don't explode in clientloop when we receive a bogus channel id, but | ||
383 | also don't generate them to begin with; ok markus@ | ||
384 | |||
385 | 20040617 | ||
386 | - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some | ||
387 | platforms), so test if diff understands it. Pointed out by tim@, ok djm@ | ||
388 | - (dtucker) OpenBSD CVS Sync regress/ | ||
389 | - dtucker@cvs.openbsd.org 2004/06/17 05:51:59 | ||
390 | [regress/multiplex.sh] | ||
391 | Remove datafile between and after tests, kill sshd rather than wait; | ||
392 | ok djm@ | ||
393 | - dtucker@cvs.openbsd.org 2004/06/17 06:00:05 | ||
394 | [regress/multiplex.sh] | ||
395 | Use DATA and COPY for test data rather than hard-coded paths; ok djm@ | ||
396 | - dtucker@cvs.openbsd.org 2004/06/17 06:19:06 | ||
397 | [regress/multiplex.sh] | ||
398 | Add small description of failing test to failure message; ok djm@ | ||
399 | - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need | ||
400 | it. | ||
401 | - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not | ||
402 | enough for slow systems, especially if they don't have a kernel RNG). | ||
403 | |||
404 | 20040616 | ||
405 | - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No | ||
406 | code changes. | ||
407 | - (dtucker) OpenBSD CVS Sync regress/ | ||
408 | - djm@cvs.openbsd.org 2004/04/27 09:47:30 | ||
409 | [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] | ||
410 | regress test for environment passing, SendEnv & AcceptEnv options; | ||
411 | ok markus@ | ||
412 | - dtucker@cvs.openbsd.org 2004/06/13 13:51:02 | ||
413 | [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh | ||
414 | regress/scp.sh] | ||
415 | Add scp regression test; with & ok markus@ | ||
416 | - djm@cvs.openbsd.org 2004/06/13 15:04:08 | ||
417 | [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] | ||
418 | regress test for client multiplexing; ok markus@ | ||
419 | - djm@cvs.openbsd.org 2004/06/13 15:16:54 | ||
420 | [regress/test-exec.sh] | ||
421 | remove duplicate setting of $SCP; spotted by markus@ | ||
422 | - dtucker@cvs.openbsd.org 2004/06/16 13:15:09 | ||
423 | [regress/scp.sh] | ||
424 | Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@ | ||
425 | - dtucker@cvs.openbsd.org 2004/06/16 13:16:40 | ||
426 | [regress/multiplex.sh] | ||
427 | Silence multiplex sftp and scp tests. ok markus@ | ||
428 | - (dtucker) [regress/test-exec.sh] | ||
429 | Move Portable-only StrictModes to top of list to make syncs easier. | ||
430 | - (dtucker) [regress/README.regress] | ||
431 | Add $TEST_SHELL to readme. | ||
432 | |||
433 | 20040615 | ||
434 | - (djm) OpenBSD CVS Sync | ||
435 | - djm@cvs.openbsd.org 2004/05/26 08:59:57 | ||
436 | [sftp.c] | ||
437 | exit -> _exit in forked child on error; from andrushock AT korovino.net | ||
438 | - markus@cvs.openbsd.org 2004/05/26 23:02:39 | ||
439 | [channels.c] | ||
440 | missing freeaddrinfo; Andrey Matveev | ||
441 | - dtucker@cvs.openbsd.org 2004/05/27 00:50:13 | ||
442 | [readconf.c] | ||
443 | Kill dead code after fatal(); ok djm@ | ||
444 | - dtucker@cvs.openbsd.org 2004/06/01 14:20:45 | ||
445 | [auth2-chall.c] | ||
446 | Remove redundant #include; ok markus@ | ||
447 | - pedro@cvs.openbsd.org 2004/06/03 12:22:20 | ||
448 | [sftp-client.c sftp.c] | ||
449 | initialize pointers, ok markus@ | ||
450 | - djm@cvs.openbsd.org 2004/06/13 12:53:24 | ||
451 | [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] | ||
452 | [ssh-keyscan.c sshconnect2.c sshd.c] | ||
453 | implement diffie-hellman-group14-sha1 kex method (trivial extension to | ||
454 | existing diffie-hellman-group1-sha1); ok markus@ | ||
455 | - dtucker@cvs.openbsd.org 2004/06/13 14:01:42 | ||
456 | [ssh.1 ssh_config.5 sshd_config.5] | ||
457 | List supported ciphers in man pages, tidy up ssh -c; | ||
458 | "looks fine" jmc@, ok markus@ | ||
459 | - djm@cvs.openbsd.org 2004/06/13 15:03:02 | ||
460 | [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] | ||
461 | [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] | ||
462 | implement session multiplexing in the client (the server has supported | ||
463 | this since 2.0); ok markus@ | ||
464 | - djm@cvs.openbsd.org 2004/06/14 01:44:39 | ||
465 | [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] | ||
466 | [sshd.c] | ||
467 | set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ | ||
468 | - djm@cvs.openbsd.org 2004/06/15 05:45:04 | ||
469 | [clientloop.c] | ||
470 | missed one unset_nonblock; spotted by Tim Rice | ||
471 | - (djm) Fix Makefile.in for connection sharing changes | ||
472 | - (djm) [ssh.c] Use separate var for address length | ||
473 | |||
474 | 20040603 | ||
475 | - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. | ||
476 | ok djm@ | ||
477 | |||
478 | 20040601 | ||
479 | - (djm) [auth-pam.c] Add copyright for local changes | ||
480 | |||
481 | 20040530 | ||
482 | - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM | ||
483 | support for PasswordAuthentication=yes. ok djm@ | ||
484 | - (dtucker) [auth-pam.c] Use an invalid password for root if | ||
485 | PermitRootLogin != yes or the login is invalid, to prevent leaking | ||
486 | information. Based on Openwall's owl-always-auth patch. ok djm@ | ||
487 | - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@ | ||
488 | - (tim) [buildpkg.sh.in] New file. A more flexible version of | ||
489 | contrib/solaris/buildpkg.sh used for "make package". | ||
490 | - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file. | ||
491 | |||
492 | 20040527 | ||
493 | - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec | ||
494 | contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass | ||
495 | and Jim Knoble's email address , from Jim himself. | ||
496 | |||
497 | 20040524 | ||
498 | - (dtucker) OpenBSD CVS Sync | ||
499 | - djm@cvs.openbsd.org 2004/05/19 12:17:33 | ||
500 | [sftp-client.c sftp.c] | ||
501 | gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while | ||
502 | waiting for a command; ok markus@ | ||
503 | - dtucker@cvs.openbsd.org 2004/05/20 10:58:05 | ||
504 | [clientloop.c] | ||
505 | Trivial type fix 0 -> '\0'; ok markus@ | ||
506 | - markus@cvs.openbsd.org 2004/05/21 08:43:03 | ||
507 | [kex.h moduli.c tildexpand.c] | ||
508 | add prototypes for -Wall; ok djm | ||
509 | - djm@cvs.openbsd.org 2004/05/21 11:33:11 | ||
510 | [channels.c channels.h clientloop.c serverloop.c ssh.1] | ||
511 | bz #756: add support for the cancel-tcpip-forward request for the server | ||
512 | and the client (through the ~C commandline). reported by z3p AT | ||
513 | twistedmatrix.com; ok markus@ | ||
514 | - djm@cvs.openbsd.org 2004/05/22 06:32:12 | ||
515 | [clientloop.c ssh.1] | ||
516 | use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@ | ||
517 | - jmc@cvs.openbsd.org 2004/05/22 16:01:05 | ||
518 | [ssh.1] | ||
519 | kill whitespace at eol; | ||
520 | - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 | ||
521 | [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config | ||
522 | sshd_config.5] | ||
523 | Add MaxAuthTries sshd config option; ok markus@ | ||
524 | - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" | ||
525 | is terminated if the privsep slave exits during keyboard-interactive | ||
526 | authentication. ok djm@ | ||
527 | - (dtucker) [sshd.c] Fix typo in comment. | ||
528 | |||
529 | 20040523 | ||
530 | - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in | ||
531 | sshd_config; ok dtucker@ | ||
532 | - (djm) [configure.ac] Warn if the system has no known way of figuring out | ||
533 | which user is on the other end of a Unix domain socket; ok dtucker@ | ||
534 | - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle | ||
535 | old/broken/incomplete <sys/queue.h>. | ||
536 | |||
537 | 20040513 | ||
538 | - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in | ||
539 | libresolv, fixes problems detecting it on some platforms | ||
540 | (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@ | ||
541 | - (dtucker) OpenBSD CVS Sync | ||
542 | - jmc@cvs.openbsd.org 2004/05/04 18:36:07 | ||
543 | [scp.1] | ||
544 | SendEnv here too; | ||
545 | - jmc@cvs.openbsd.org 2004/05/06 11:24:23 | ||
546 | [ssh_config.5] | ||
547 | typo from John Cosimano (PR 3770); | ||
548 | - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 | ||
549 | [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c | ||
550 | tildexpand.c], removed: sshtty.h tildexpand.h | ||
551 | make two tiny header files go away; djm ok | ||
552 | - djm@cvs.openbsd.org 2004/05/08 00:21:31 | ||
553 | [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c | ||
554 | sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h | ||
555 | kill a tiny header; ok deraadt@ | ||
556 | - djm@cvs.openbsd.org 2004/05/09 00:06:47 | ||
557 | [moduli.c ssh-keygen.c] removed: moduli.h | ||
558 | zap another tiny header; ok deraadt@ | ||
559 | - djm@cvs.openbsd.org 2004/05/09 01:19:28 | ||
560 | [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c | ||
561 | sshd.c] removed: mpaux.c mpaux.h | ||
562 | kill some more tiny files; ok deraadt@ | ||
563 | - djm@cvs.openbsd.org 2004/05/09 01:26:48 | ||
564 | [kex.c] | ||
565 | don't overwrite what we are trying to compute | ||
566 | - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 | ||
567 | [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c | ||
568 | packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] | ||
569 | improve some code lint did not like; djm millert ok | ||
570 | - dtucker@cvs.openbsd.org 2004/05/13 02:47:50 | ||
571 | [ssh-agent.1] | ||
572 | Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@ | ||
573 | - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to | ||
574 | UsePAM section. Parts from djm@ and jmc@. | ||
575 | - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses | ||
576 | readpass.h, grep says scard-opensc.c does too. Replace with misc.h. | ||
577 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR | ||
578 | is defined before using. | ||
579 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR | ||
580 | -> HAVE_DECL_H_ERRNO. | ||
581 | |||
582 | 20040502 | ||
583 | - (dtucker) OpenBSD CVS Sync | ||
584 | - djm@cvs.openbsd.org 2004/04/22 11:56:57 | ||
585 | [moduli.c] | ||
586 | Bugzilla #850: Sophie Germain is the correct name of the French | ||
587 | mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr | ||
588 | - djm@cvs.openbsd.org 2004/04/27 09:46:37 | ||
589 | [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c | ||
590 | ssh_config.5 sshd_config.5] | ||
591 | bz #815: implement ability to pass specified environment variables from | ||
592 | the client to the server; ok markus@ | ||
593 | - djm@cvs.openbsd.org 2004/04/28 05:17:10 | ||
594 | [ssh_config.5 sshd_config.5] | ||
595 | manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu) | ||
596 | - jmc@cvs.openbsd.org 2004/04/28 07:02:56 | ||
597 | [sshd_config.5] | ||
598 | remove unnecessary .Pp; | ||
599 | - jmc@cvs.openbsd.org 2004/04/28 07:13:42 | ||
600 | [sftp.1 ssh.1] | ||
601 | add SendEnv to -o list; | ||
602 | - dtucker@cvs.openbsd.org 2004/05/02 11:54:31 | ||
603 | [sshd.8] | ||
604 | Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk | ||
605 | via Debian; ok djm@ | ||
606 | - dtucker@cvs.openbsd.org 2004/05/02 11:57:52 | ||
607 | [ssh.1] | ||
608 | ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via | ||
609 | Debian. ok djm@ | ||
610 | - dtucker@cvs.openbsd.org 2004/05/02 23:02:17 | ||
611 | [sftp.1] | ||
612 | ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@ | ||
613 | - dtucker@cvs.openbsd.org 2004/05/02 23:17:51 | ||
614 | [scp.1] | ||
615 | ConnectionTimeout -> ConnectTimeout for scp.1 too. | ||
616 | |||
617 | 20040423 | ||
618 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno | ||
619 | as extern int if not already declared. Fixes compile errors on old SCO | ||
620 | platforms. ok tim@ | ||
621 | - (dtucker) [README.platform] List prereqs for building on Cygwin. | ||
622 | |||
623 | 20040421 | ||
624 | - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@ | ||
625 | |||
626 | 20040420 | ||
627 | - (djm) OpenBSD CVS Sync | ||
628 | - henning@cvs.openbsd.org 2004/04/08 16:08:21 | ||
629 | [sshconnect2.c] | ||
630 | swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what | ||
631 | FreeBSD and NetBSD do. | ||
632 | ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@ | ||
633 | - djm@cvs.openbsd.org 2004/04/18 23:10:26 | ||
634 | [readconf.c readconf.h ssh-keysign.c ssh.c] | ||
635 | perform strict ownership and modes checks for ~/.ssh/config files, | ||
636 | as these can be used to execute arbitrary programs; ok markus@ | ||
637 | NB. ssh will now exit when it detects a config with poor permissions | ||
638 | - djm@cvs.openbsd.org 2004/04/19 13:02:40 | ||
639 | [ssh.1 ssh_config.5] | ||
640 | document strict permission checks on ~/.ssh/config; prompted by, | ||
641 | with & ok jmc@ | ||
642 | - jmc@cvs.openbsd.org 2004/04/19 16:12:14 | ||
643 | [ssh_config.5] | ||
644 | kill whitespace at eol; | ||
645 | - djm@cvs.openbsd.org 2004/04/19 21:51:49 | ||
646 | [ssh.c] | ||
647 | fix idiot typo that i introduced in my last commit; | ||
648 | spotted by cschneid AT cschneid.com | ||
649 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for | ||
650 | above change | ||
651 | - (djm) [configure.ac] Check whether libroken is required when building | ||
652 | with Heimdal | ||
653 | |||
654 | 20040419 | ||
655 | - (dtucker) OpenBSD CVS Sync | ||
656 | - dtucker@cvs.openbsd.org 2004/02/29 22:04:45 | ||
657 | [regress/login-timeout.sh] | ||
658 | Use sudo when restarting daemon during test. ok markus@ | ||
659 | - dtucker@cvs.openbsd.org 2004/03/08 10:17:12 | ||
660 | [regress/login-timeout.sh] | ||
661 | Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only) | ||
662 | - djm@cvs.openbsd.org 2004/03/30 12:41:56 | ||
663 | [sftp-client.c] | ||
664 | sync comment with reality | ||
665 | - djm@cvs.openbsd.org 2004/03/31 21:58:47 | ||
666 | [canohost.c] | ||
667 | don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) | ||
668 | - markus@cvs.openbsd.org 2004/04/01 12:19:57 | ||
669 | [scp.c] | ||
670 | limit trust between local and remote rcp/scp process, | ||
671 | noticed by lcamtuf; ok deraadt@, djm@ | ||
672 | |||
1 | 20040418 | 673 | 20040418 |
2 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM | 674 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM |
3 | authentication attempts. With & ok djm@ | 675 | authentication attempts. With & ok djm@ |
4 | - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow | 676 | - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow |
5 | change of user context without a password, so relax auth method | 677 | change of user context without a password, so relax auth method |
6 | restrictions; from vinschen AT redhat.com; ok dtucker@ | 678 | restrictions; from vinschen AT redhat.com; ok dtucker@ |
7 | - Release 3.8.1p1 | ||
8 | 679 | ||
9 | 20040416 | 680 | 20040416 |
10 | - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since | 681 | - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since |
@@ -983,4 +1654,4 @@ | |||
983 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1654 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
984 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1655 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
985 | 1656 | ||
986 | $Id: ChangeLog,v 1.3316.2.1 2004/04/18 12:51:12 djm Exp $ | 1657 | $Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $ |