diff options
author | Colin Watson <cjwatson@debian.org> | 2003-09-01 02:05:26 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 02:05:26 +0000 |
commit | 6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch) | |
tree | 1bf23174bdb6fc71e2846dda0eca195a418484e7 /ChangeLog | |
parent | 2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff) | |
parent | 58657d96514cd6f16d82add8d6f4adbb36765758 (diff) |
Debian release 3.5p1-1.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 1608 |
1 files changed, 599 insertions, 1009 deletions
@@ -1,3 +1,599 @@ | |||
1 | 20021003 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - markus@cvs.openbsd.org 2002/10/01 20:34:12 | ||
4 | [ssh-agent.c] | ||
5 | allow root to access the agent, since there is no protection from root. | ||
6 | - markus@cvs.openbsd.org 2002/10/01 13:24:50 | ||
7 | [version.h] | ||
8 | OpenSSH 3.5 | ||
9 | - (djm) Bump RPM spec version numbers | ||
10 | - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2 | ||
11 | |||
12 | 20020930 | ||
13 | - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, | ||
14 | tweak README | ||
15 | - (djm) OpenBSD CVS Sync | ||
16 | - mickey@cvs.openbsd.org 2002/09/27 10:42:09 | ||
17 | [compat.c compat.h sshd.c] | ||
18 | add a generic match for a prober, such as sie big brother; | ||
19 | idea from stevesk@; markus@ ok | ||
20 | - stevesk@cvs.openbsd.org 2002/09/27 15:46:21 | ||
21 | [ssh.1] | ||
22 | clarify compression level protocol 1 only; ok markus@ deraadt@ | ||
23 | |||
24 | 20020927 | ||
25 | - (djm) OpenBSD CVS Sync | ||
26 | - markus@cvs.openbsd.org 2002/09/25 11:17:16 | ||
27 | [sshd_config] | ||
28 | sync LoginGraceTime with default | ||
29 | - markus@cvs.openbsd.org 2002/09/25 15:19:02 | ||
30 | [sshd.c] | ||
31 | typo; pilot@monkey.org | ||
32 | - markus@cvs.openbsd.org 2002/09/26 11:38:43 | ||
33 | [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] | ||
34 | [monitor_wrap.h] | ||
35 | krb4 + privsep; ok dugsong@, deraadt@ | ||
36 | |||
37 | 20020925 | ||
38 | - (bal) Fix issue where successfull login does not clear failure counts | ||
39 | in AIX. Patch by dtucker@zip.com.au ok by djm | ||
40 | - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. | ||
41 | This does not include the deattack.c fixes. | ||
42 | |||
43 | 20020923 | ||
44 | - (djm) OpenBSD CVS Sync | ||
45 | - stevesk@cvs.openbsd.org 2002/09/23 20:46:27 | ||
46 | [canohost.c] | ||
47 | change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for | ||
48 | non-sockets; fixes a problem passing NULL to snprintf(). ok markus@ | ||
49 | - markus@cvs.openbsd.org 2002/09/23 22:11:05 | ||
50 | [monitor.c] | ||
51 | only call auth_krb5 if kerberos is enabled; ok deraadt@ | ||
52 | - markus@cvs.openbsd.org 2002/09/24 08:46:04 | ||
53 | [monitor.c] | ||
54 | only call kerberos code for authctxt->valid | ||
55 | - todd@cvs.openbsd.org 2002/09/24 20:59:44 | ||
56 | [sshd.8] | ||
57 | tweak the example $HOME/.ssh/rc script to not show on any cmdline the | ||
58 | sensitive data it handles. This fixes bug # 402 as reported by | ||
59 | kolya@mit.edu (Nickolai Zeldovich). | ||
60 | ok markus@ and stevesk@ | ||
61 | |||
62 | 20020923 | ||
63 | - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au | ||
64 | |||
65 | 20020922 | ||
66 | - (djm) OpenBSD CVS Sync | ||
67 | - stevesk@cvs.openbsd.org 2002/09/19 14:53:14 | ||
68 | [compat.c] | ||
69 | - markus@cvs.openbsd.org 2002/09/19 15:51:23 | ||
70 | [ssh-add.c] | ||
71 | typo; cd@kalkatraz.de | ||
72 | - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 | ||
73 | [serverloop.c] | ||
74 | log IP address also; ok markus@ | ||
75 | - stevesk@cvs.openbsd.org 2002/09/20 18:41:29 | ||
76 | [auth.c] | ||
77 | log illegal user here for missing privsep case (ssh2). | ||
78 | this is executed in the monitor. ok markus@ | ||
79 | |||
80 | 20020919 | ||
81 | - (djm) OpenBSD CVS Sync | ||
82 | - stevesk@cvs.openbsd.org 2002/09/12 19:11:52 | ||
83 | [ssh-agent.c] | ||
84 | %u for uid print; ok markus@ | ||
85 | - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 | ||
86 | [session.c ssh.1] | ||
87 | add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ | ||
88 | - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 | ||
89 | [channels.c sshconnect.c sshd.c] | ||
90 | remove use of SO_LINGER, it should not be needed. error check | ||
91 | SO_REUSEADDR. fixup comments. ok markus@ | ||
92 | - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 | ||
93 | [session.c] | ||
94 | log when _PATH_NOLOGIN exists; ok markus@ | ||
95 | - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 | ||
96 | [sshd_config.5] | ||
97 | more details on X11Forwarding security issues and threats; ok markus@ | ||
98 | - stevesk@cvs.openbsd.org 2002/09/16 22:03:13 | ||
99 | [sshd.8] | ||
100 | reference moduli(5) in FILES /etc/moduli. | ||
101 | - itojun@cvs.openbsd.org 2002/09/17 07:47:02 | ||
102 | [channels.c] | ||
103 | don't quit while creating X11 listening socket. | ||
104 | http://mail-index.netbsd.org/current-users/2002/09/16/0005.html | ||
105 | got from portable. markus ok | ||
106 | - djm@cvs.openbsd.org 2002/09/19 01:58:18 | ||
107 | [ssh.c sshconnect.c] | ||
108 | bugzilla.mindrot.org #223 - ProxyCommands don't exit. | ||
109 | Patch from dtucker@zip.com.au; ok markus@ | ||
110 | |||
111 | 20020912 | ||
112 | - (djm) Made GNOME askpass programs return non-zero if cancel button is | ||
113 | pressed. | ||
114 | - (djm) Added getpeereid() replacement. Properly implemented for systems | ||
115 | with SO_PEERCRED support. Faked for systems which lack it. | ||
116 | - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and | ||
117 | fake-queue.h to sys-tree.h and sys-queue.h | ||
118 | - (djm) OpenBSD CVS Sync | ||
119 | - markus@cvs.openbsd.org 2002/09/08 20:24:08 | ||
120 | [hostfile.h] | ||
121 | no comma at end of enumerator list | ||
122 | - itojun@cvs.openbsd.org 2002/09/09 06:48:06 | ||
123 | [auth1.c auth.h auth-krb5.c monitor.c monitor.h] | ||
124 | [monitor_wrap.c monitor_wrap.h] | ||
125 | kerberos support for privsep. confirmed to work by lha@stacken.kth.se | ||
126 | patch from markus | ||
127 | - markus@cvs.openbsd.org 2002/09/09 14:54:15 | ||
128 | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] | ||
129 | signed vs unsigned from -pedantic; ok henning@ | ||
130 | - markus@cvs.openbsd.org 2002/09/10 20:24:47 | ||
131 | [ssh-agent.c] | ||
132 | check the euid of the connecting process with getpeereid(2); | ||
133 | ok provos deraadt stevesk | ||
134 | - stevesk@cvs.openbsd.org 2002/09/11 17:55:03 | ||
135 | [ssh.1] | ||
136 | add agent and X11 forwarding warning text from ssh_config.5; ok markus@ | ||
137 | - stevesk@cvs.openbsd.org 2002/09/11 18:27:26 | ||
138 | [authfd.c authfd.h ssh.c] | ||
139 | don't connect to agent to test for presence if we've previously | ||
140 | connected; ok markus@ | ||
141 | - djm@cvs.openbsd.org 2002/09/11 22:41:50 | ||
142 | [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h] | ||
143 | [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c] | ||
144 | support for short/long listings and globbing in "ls"; ok markus@ | ||
145 | - djm@cvs.openbsd.org 2002/09/12 00:13:06 | ||
146 | [sftp-int.c] | ||
147 | zap unused var introduced in last commit | ||
148 | |||
149 | 20020911 | ||
150 | - (djm) Sync openbsd-compat with OpenBSD -current | ||
151 | |||
152 | 20020910 | ||
153 | - (djm) Bug #365: Read /.ssh/environment properly under CygWin. | ||
154 | Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com> | ||
155 | - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL. | ||
156 | Patch from Robert Halubek <rob@adso.com.pl> | ||
157 | |||
158 | 20020905 | ||
159 | - (djm) OpenBSD CVS Sync | ||
160 | - stevesk@cvs.openbsd.org 2002/09/04 18:52:42 | ||
161 | [servconf.c sshd.8 sshd_config.5] | ||
162 | default LoginGraceTime to 2m; 1m may be too short for slow systems. | ||
163 | ok markus@ | ||
164 | - (djm) Merge openssh-TODO.patch from Redhat (null) beta | ||
165 | - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from | ||
166 | Nalin Dahyabhai <nalin@redhat.com> | ||
167 | - (djm) Add support for building gtk2 password requestor from Redhat beta | ||
168 | |||
169 | 20020903 | ||
170 | - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt | ||
171 | - (djm) Fix Redhat RPM build dependancy test | ||
172 | - (djm) OpenBSD CVS Sync | ||
173 | - markus@cvs.openbsd.org 2002/08/12 10:46:35 | ||
174 | [ssh-agent.c] | ||
175 | make ssh-agent setgid, disallow ptrace. | ||
176 | - espie@cvs.openbsd.org 2002/08/21 11:20:59 | ||
177 | [sshd.8] | ||
178 | `RSA' updated to refer to `public key', where it matters. | ||
179 | okay markus@ | ||
180 | - stevesk@cvs.openbsd.org 2002/08/21 19:38:06 | ||
181 | [servconf.c sshd.8 sshd_config sshd_config.5] | ||
182 | change LoginGraceTime default to 1 minute; ok mouring@ markus@ | ||
183 | - stevesk@cvs.openbsd.org 2002/08/21 20:10:28 | ||
184 | [ssh-agent.c] | ||
185 | raise listen backlog; ok markus@ | ||
186 | - stevesk@cvs.openbsd.org 2002/08/22 19:27:53 | ||
187 | [ssh-agent.c] | ||
188 | use common close function; ok markus@ | ||
189 | - stevesk@cvs.openbsd.org 2002/08/22 19:38:42 | ||
190 | [clientloop.c] | ||
191 | format with current EscapeChar; bugzilla #388 from wknox@mitre.org. | ||
192 | ok markus@ | ||
193 | - stevesk@cvs.openbsd.org 2002/08/22 20:57:19 | ||
194 | [ssh-agent.c] | ||
195 | shutdown(SHUT_RDWR) not needed before close here; ok markus@ | ||
196 | - markus@cvs.openbsd.org 2002/08/22 21:33:58 | ||
197 | [auth1.c auth2.c] | ||
198 | auth_root_allowed() is handled by the monitor in the privsep case, | ||
199 | so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325 | ||
200 | - markus@cvs.openbsd.org 2002/08/22 21:45:41 | ||
201 | [session.c] | ||
202 | send signal name (not signal number) in "exit-signal" message; noticed | ||
203 | by galb@vandyke.com | ||
204 | - stevesk@cvs.openbsd.org 2002/08/27 17:13:56 | ||
205 | [ssh-rsa.c] | ||
206 | RSA_public_decrypt() returns -1 on error so len must be signed; | ||
207 | ok markus@ | ||
208 | - stevesk@cvs.openbsd.org 2002/08/27 17:18:40 | ||
209 | [ssh_config.5] | ||
210 | some warning text for ForwardAgent and ForwardX11; ok markus@ | ||
211 | - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 | ||
212 | [monitor.c session.c sshlogin.c sshlogin.h] | ||
213 | pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> | ||
214 | NOTE: there are also p-specific parts to this patch. ok markus@ | ||
215 | - stevesk@cvs.openbsd.org 2002/08/29 16:02:54 | ||
216 | [ssh.1 ssh.c] | ||
217 | deprecate -P as UsePrivilegedPort defaults to no now; ok markus@ | ||
218 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 | ||
219 | [ssh_config.5] | ||
220 | more on UsePrivilegedPort and setuid root; ok markus@ | ||
221 | - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 | ||
222 | [ssh.c] | ||
223 | shrink initial privilege bracket for setuid case; ok markus@ | ||
224 | - stevesk@cvs.openbsd.org 2002/08/29 22:54:10 | ||
225 | [ssh_config.5 sshd_config.5] | ||
226 | state XAuthLocation is a full pathname | ||
227 | |||
228 | 20020820 | ||
229 | - OpenBSD CVS Sync | ||
230 | - millert@cvs.openbsd.org 2002/08/02 14:43:15 | ||
231 | [monitor.c monitor_mm.c] | ||
232 | Change mm_zalloc() sanity checks to be more in line with what | ||
233 | we do in calloc() and add a check to monitor_mm.c. | ||
234 | OK provos@ and markus@ | ||
235 | - marc@cvs.openbsd.org 2002/08/02 16:00:07 | ||
236 | [ssh.1 sshd.8] | ||
237 | note that .ssh/environment is only read when | ||
238 | allowed (PermitUserEnvironment in sshd_config). | ||
239 | OK markus@ | ||
240 | - markus@cvs.openbsd.org 2002/08/02 21:23:41 | ||
241 | [ssh-rsa.c] | ||
242 | diff is u_int (2x); ok deraadt/provos | ||
243 | - markus@cvs.openbsd.org 2002/08/02 22:20:30 | ||
244 | [ssh-rsa.c] | ||
245 | replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser | ||
246 | for authentication; ok deraadt/djm | ||
247 | - aaron@cvs.openbsd.org 2002/08/08 13:50:23 | ||
248 | [sshconnect1.c] | ||
249 | Use & to test if bits are set, not &&; markus@ ok. | ||
250 | - stevesk@cvs.openbsd.org 2002/08/08 23:54:52 | ||
251 | [auth.c] | ||
252 | typo in comment | ||
253 | - stevesk@cvs.openbsd.org 2002/08/09 17:21:42 | ||
254 | [sshd_config.5] | ||
255 | use Op for mdoc conformance; from esr@golux.thyrsus.com | ||
256 | ok aaron@ | ||
257 | - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 | ||
258 | [sshd_config.5] | ||
259 | proxy vs. fake display | ||
260 | - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 | ||
261 | [ssh.1 sshd.8 sshd_config.5] | ||
262 | more PermitUserEnvironment; ok markus@ | ||
263 | - stevesk@cvs.openbsd.org 2002/08/17 23:07:14 | ||
264 | [ssh.1] | ||
265 | ForwardAgent has defaulted to no for over 2 years; be more clear here. | ||
266 | - stevesk@cvs.openbsd.org 2002/08/17 23:55:01 | ||
267 | [ssh_config.5] | ||
268 | ordered list here | ||
269 | - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign | ||
270 | it to ULONG_MAX. | ||
271 | |||
272 | 20020813 | ||
273 | - (tim) [configure.ac] Display OpenSSL header/library version. | ||
274 | Patch by dtucker@zip.com.au | ||
275 | |||
276 | 20020731 | ||
277 | - (bal) OpenBSD CVS Sync | ||
278 | - markus@cvs.openbsd.org 2002/07/24 16:11:18 | ||
279 | [hostfile.c hostfile.h sshconnect.c] | ||
280 | print out all known keys for a host if we get a unknown host key, | ||
281 | see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 | ||
282 | |||
283 | the ssharp mitm tool attacks users in a similar way, so i'd like to | ||
284 | pointed out again: | ||
285 | A MITM attack is always possible if the ssh client prints: | ||
286 | The authenticity of host 'bla' can't be established. | ||
287 | (protocol version 2 with pubkey authentication allows you to detect | ||
288 | MITM attacks) | ||
289 | - mouring@cvs.openbsd.org 2002/07/25 01:16:59 | ||
290 | [sftp.c] | ||
291 | FallBackToRsh does not exist anywhere else. Remove it from here. | ||
292 | OK deraadt. | ||
293 | - markus@cvs.openbsd.org 2002/07/29 18:57:30 | ||
294 | [sshconnect.c] | ||
295 | print file:line | ||
296 | - markus@cvs.openbsd.org 2002/07/30 17:03:55 | ||
297 | [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] | ||
298 | add PermitUserEnvironment (off by default!); from dot@dotat.at; | ||
299 | ok provos, deraadt | ||
300 | |||
301 | 20020730 | ||
302 | - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de | ||
303 | |||
304 | 20020728 | ||
305 | - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar | ||
306 | - (stevesk) [CREDITS] solar | ||
307 | - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned | ||
308 | char arg. | ||
309 | |||
310 | 20020725 | ||
311 | - (djm) Remove some cruft from INSTALL | ||
312 | - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/ | ||
313 | |||
314 | 20020723 | ||
315 | - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger. | ||
316 | - (bal) sync ID w/ ssh-agent.c | ||
317 | - (bal) OpenBSD Sync | ||
318 | - markus@cvs.openbsd.org 2002/07/19 15:43:33 | ||
319 | [log.c log.h session.c sshd.c] | ||
320 | remove fatal cleanups after fork; based on discussions with and code | ||
321 | from solar. | ||
322 | - stevesk@cvs.openbsd.org 2002/07/19 17:42:40 | ||
323 | [ssh.c] | ||
324 | display a warning from ssh when XAuthLocation does not exist or xauth | ||
325 | returned no authentication data. ok markus@ | ||
326 | - stevesk@cvs.openbsd.org 2002/07/21 18:32:20 | ||
327 | [auth-options.c] | ||
328 | unneeded includes | ||
329 | - stevesk@cvs.openbsd.org 2002/07/21 18:34:43 | ||
330 | [auth-options.h] | ||
331 | remove invalid comment | ||
332 | - markus@cvs.openbsd.org 2002/07/22 11:03:06 | ||
333 | [session.c] | ||
334 | fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors; | ||
335 | - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 | ||
336 | [monitor.c] | ||
337 | u_int here; ok provos@ | ||
338 | - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 | ||
339 | [sshd.c] | ||
340 | utmp_len is unsigned; display error consistent with other options. | ||
341 | ok markus@ | ||
342 | - stevesk@cvs.openbsd.org 2002/07/15 17:15:31 | ||
343 | [uidswap.c] | ||
344 | little more debugging; ok markus@ | ||
345 | |||
346 | 20020722 | ||
347 | - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk | ||
348 | - (stevesk) [xmmap.c] missing prototype for fatal() | ||
349 | - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync | ||
350 | with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. | ||
351 | - (bal) [configure.ac] Missing ;; from cray patch. | ||
352 | - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines | ||
353 | into it's own header. | ||
354 | - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be | ||
355 | freed by the caller; add free_pam_environment() and use it. | ||
356 | - (stevesk) [auth-pam.c] typo in comment | ||
357 | |||
358 | 20020721 | ||
359 | - (stevesk) [auth-pam.c] merge cosmetic changes from solar's | ||
360 | openssh-3.4p1-owl-password-changing.diff | ||
361 | - (stevesk) [auth-pam.c] merge rest of solar's PAM patch; | ||
362 | PAM_NEW_AUTHTOK_REQD remains in #if 0 for now. | ||
363 | - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch | ||
364 | warning on pam_conv struct conversation function. | ||
365 | - (stevesk) [auth-pam.h] license | ||
366 | - (stevesk) [auth-pam.h] unneeded include | ||
367 | - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h | ||
368 | |||
369 | 20020720 | ||
370 | - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). | ||
371 | |||
372 | 20020719 | ||
373 | - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed. | ||
374 | Patch by dtucker@zip.com.au | ||
375 | - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au | ||
376 | |||
377 | 20020718 | ||
378 | - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org | ||
379 | - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported | ||
380 | by ayamura@ayamura.org | ||
381 | - (tim) [configure.ac] Bug 267 rework int64_t test. | ||
382 | - (tim) [includes.h] Bug 267 add stdint.h | ||
383 | |||
384 | 20020717 | ||
385 | - (bal) aixbff package updated by dtucker@zip.com.au | ||
386 | - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests | ||
387 | for autoconf 2.53. Based on a patch by jrj@purdue.edu | ||
388 | |||
389 | 20020716 | ||
390 | - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found | ||
391 | |||
392 | 20020715 | ||
393 | - (bal) OpenBSD CVS Sync | ||
394 | - itojun@cvs.openbsd.org 2002/07/12 13:29:09 | ||
395 | [sshconnect.c] | ||
396 | print connect failure during debugging mode. | ||
397 | - markus@cvs.openbsd.org 2002/07/12 15:50:17 | ||
398 | [cipher.c] | ||
399 | EVP_CIPH_CUSTOM_IV for our own rijndael | ||
400 | - (bal) Remove unused tty defined in do_setusercontext() pointed out by | ||
401 | dtucker@zip.com.au plus a a more KNF since I am near it. | ||
402 | - (bal) Privsep user creation support in Solaris buildpkg.sh by | ||
403 | dtucker@zip.com.au | ||
404 | |||
405 | 20020714 | ||
406 | - (tim) [Makefile.in] replace "id sshd" with "sshd -t" | ||
407 | - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c | ||
408 | openbsd-compat/Makefile.in] support compression on platforms that | ||
409 | have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c | ||
410 | Based on patch from nalin@redhat.com of code extracted from Owl's package | ||
411 | - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris. | ||
412 | report by chris@by-design.net | ||
413 | - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net | ||
414 | - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin() | ||
415 | report by rodney@bond.net | ||
416 | |||
417 | 20020712 | ||
418 | - (tim) [Makefile.in] quiet down install-files: and check-user: | ||
419 | - (tim) [configure.ac] remove unused filepriv line | ||
420 | |||
421 | 20020710 | ||
422 | - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions | ||
423 | on /var/empty to 755 Patch by vinschen@redhat.com | ||
424 | - (bal) OpenBSD CVS Sync | ||
425 | - itojun@cvs.openbsd.org 2002/07/09 11:56:50 | ||
426 | [sshconnect.c] | ||
427 | silently try next address on connect(2). markus ok | ||
428 | - itojun@cvs.openbsd.org 2002/07/09 11:56:27 | ||
429 | [canohost.c] | ||
430 | suppress log on reverse lookup failiure, as there's no real value in | ||
431 | doing so. | ||
432 | markus ok | ||
433 | - itojun@cvs.openbsd.org 2002/07/09 12:04:02 | ||
434 | [sshconnect.c] | ||
435 | ed static function (less warnings) | ||
436 | - stevesk@cvs.openbsd.org 2002/07/09 17:46:25 | ||
437 | [sshd_config.5] | ||
438 | clarify no preference ordering in protocol list; ok markus@ | ||
439 | - itojun@cvs.openbsd.org 2002/07/10 10:28:15 | ||
440 | [sshconnect.c] | ||
441 | bark if all connection attempt fails. | ||
442 | - deraadt@cvs.openbsd.org 2002/07/10 17:53:54 | ||
443 | [rijndael.c] | ||
444 | use right sizeof in memcpy; markus ok | ||
445 | |||
446 | 20020709 | ||
447 | - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms | ||
448 | lacking that concept can share it. Patch by vinschen@redhat.com | ||
449 | |||
450 | 20020708 | ||
451 | - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to | ||
452 | work in a jumpstart environment. patch by kbrint@rufus.net | ||
453 | - (tim) [Makefile.in] workaround for broken pakadd on some systems. | ||
454 | - (tim) [configure.ac] fix libc89 utimes test. Mention default path for | ||
455 | --with-privsep-path= | ||
456 | |||
457 | 20020707 | ||
458 | - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH) | ||
459 | - (tim) [acconfig.h configure.ac sshd.c] | ||
460 | s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ | ||
461 | - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes | ||
462 | patch from vinschen@redhat.com | ||
463 | - (bal) [realpath.c] Updated with OpenBSD tree. | ||
464 | - (bal) OpenBSD CVS Sync | ||
465 | - deraadt@cvs.openbsd.org 2002/07/04 04:15:33 | ||
466 | [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] | ||
467 | patch memory leaks; grendel@zeitbombe.org | ||
468 | - deraadt@cvs.openbsd.org 2002/07/04 08:12:15 | ||
469 | [channels.c packet.c] | ||
470 | blah blah minor nothing as i read and re-read and re-read... | ||
471 | - markus@cvs.openbsd.org 2002/07/04 10:41:47 | ||
472 | [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] | ||
473 | don't allocate, copy, and discard if there is not interested in the data; | ||
474 | ok deraadt@ | ||
475 | - deraadt@cvs.openbsd.org 2002/07/06 01:00:49 | ||
476 | [log.c] | ||
477 | KNF | ||
478 | - deraadt@cvs.openbsd.org 2002/07/06 01:01:26 | ||
479 | [ssh-keyscan.c] | ||
480 | KNF, realloc fix, and clean usage | ||
481 | - stevesk@cvs.openbsd.org 2002/07/06 17:47:58 | ||
482 | [ssh-keyscan.c] | ||
483 | unused variable | ||
484 | - (bal) Minor KNF on ssh-keyscan.c | ||
485 | |||
486 | 20020705 | ||
487 | - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs. | ||
488 | Reported by Darren Tucker <dtucker@zip.com.au> | ||
489 | - (tim) [contrib/cygwin/ssh-host-config] double slash corrction | ||
490 | from vinschen@redhat.com | ||
491 | |||
492 | 20020704 | ||
493 | - (bal) Limit data to TTY for AIX only (Newer versions can't handle the | ||
494 | faster data rate) Bug #124 | ||
495 | - (bal) glob.c defines TILDE and AIX also defines it. #undef it first. | ||
496 | bug #265 | ||
497 | - (bal) One too many nulls in ports-aix.c | ||
498 | |||
499 | 20020703 | ||
500 | - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com | ||
501 | - (bal) minor correction to utimes() replacement. Patch by | ||
502 | onoe@sm.sony.co.jp | ||
503 | - OpenBSD CVS Sync | ||
504 | - markus@cvs.openbsd.org 2002/06/27 08:49:44 | ||
505 | [dh.c ssh-keyscan.c sshconnect.c] | ||
506 | more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@ | ||
507 | - deraadt@cvs.openbsd.org 2002/06/27 09:08:00 | ||
508 | [monitor.c] | ||
509 | improve mm_zalloc check; markus ok | ||
510 | - deraadt@cvs.openbsd.org 2002/06/27 10:35:47 | ||
511 | [auth2-none.c monitor.c sftp-client.c] | ||
512 | use xfree() | ||
513 | - stevesk@cvs.openbsd.org 2002/06/27 19:49:08 | ||
514 | [ssh-keyscan.c] | ||
515 | use convtime(); ok markus@ | ||
516 | - millert@cvs.openbsd.org 2002/06/28 01:49:31 | ||
517 | [monitor_mm.c] | ||
518 | tree(3) wants an int return value for its compare functions and | ||
519 | the difference between two pointers is not an int. Just do the | ||
520 | safest thing and store the result in a long and then return 0, | ||
521 | -1, or 1 based on that result. | ||
522 | - deraadt@cvs.openbsd.org 2002/06/28 01:50:37 | ||
523 | [monitor_wrap.c] | ||
524 | use ssize_t | ||
525 | - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 | ||
526 | [sshd.c] | ||
527 | range check -u option at invocation | ||
528 | - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 | ||
529 | [sshd.c] | ||
530 | gidset[2] -> gidset[1]; markus ok | ||
531 | - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 | ||
532 | [auth2.c session.c sshd.c] | ||
533 | lint asks that we use names that do not overlap | ||
534 | - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 | ||
535 | [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c | ||
536 | monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c | ||
537 | sshconnect2.c sshd.c] | ||
538 | minor KNF | ||
539 | - deraadt@cvs.openbsd.org 2002/07/01 16:15:25 | ||
540 | [msg.c] | ||
541 | %u | ||
542 | - markus@cvs.openbsd.org 2002/07/01 19:48:46 | ||
543 | [sshconnect2.c] | ||
544 | for compression=yes, we fallback to no-compression if the server does | ||
545 | not support compression, vice versa for compression=no. ok mouring@ | ||
546 | - markus@cvs.openbsd.org 2002/07/03 09:55:38 | ||
547 | [ssh-keysign.c] | ||
548 | use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) | ||
549 | in order to avoid a possible Kocher timing attack pointed out by Charles | ||
550 | Hannum; ok provos@ | ||
551 | - markus@cvs.openbsd.org 2002/07/03 14:21:05 | ||
552 | [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] | ||
553 | re-enable ssh-keysign's sbit, but make ssh-keysign read | ||
554 | /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled | ||
555 | globally. based on discussions with deraadt, itojun and sommerfeld; | ||
556 | ok itojun@ | ||
557 | - (bal) Failed password attempts don't increment counter on AIX. Bug #145 | ||
558 | - (bal) Missed Makefile.in change. keysign needs readconf.o | ||
559 | - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. | ||
560 | |||
561 | 20020702 | ||
562 | - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & | ||
563 | friends consistently. Spotted by Solar Designer <solar@openwall.com> | ||
564 | |||
565 | 20020629 | ||
566 | - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style | ||
567 | clean up while I'm near it. | ||
568 | |||
569 | 20020628 | ||
570 | - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented | ||
571 | options should contain default value. from solar. | ||
572 | - (bal) Cygwin uid0 fix by vinschen@redhat.com | ||
573 | - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise | ||
574 | have issues of our fixes not propogating right (ie bcopy instead of | ||
575 | memmove). OK tim | ||
576 | - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported. | ||
577 | Bug #303 | ||
578 | |||
579 | 20020627 | ||
580 | - OpenBSD CVS Sync | ||
581 | - deraadt@cvs.openbsd.org 2002/06/26 14:49:36 | ||
582 | [monitor.c] | ||
583 | correct %u | ||
584 | - deraadt@cvs.openbsd.org 2002/06/26 14:50:04 | ||
585 | [monitor_fdpass.c] | ||
586 | use ssize_t for recvmsg() and sendmsg() return | ||
587 | - markus@cvs.openbsd.org 2002/06/26 14:51:33 | ||
588 | [ssh-add.c] | ||
589 | fix exit code for -X/-x | ||
590 | - deraadt@cvs.openbsd.org 2002/06/26 15:00:32 | ||
591 | [monitor_wrap.c] | ||
592 | more %u | ||
593 | - markus@cvs.openbsd.org 2002/06/26 22:27:32 | ||
594 | [ssh-keysign.c] | ||
595 | bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu | ||
596 | |||
1 | 20020626 | 597 | 20020626 |
2 | - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM | 598 | - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM |
3 | - (bal) OpenBSD CVS Sync | 599 | - (bal) OpenBSD CVS Sync |
@@ -68,6 +664,8 @@ | |||
68 | - (djm) Update spec files for release | 664 | - (djm) Update spec files for release |
69 | - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS | 665 | - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS |
70 | - (djm) Release 3.4p1 | 666 | - (djm) Release 3.4p1 |
667 | - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in | ||
668 | by mistake | ||
71 | 669 | ||
72 | 20020625 | 670 | 20020625 |
73 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh | 671 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh |
@@ -159,1012 +757,4 @@ | |||
159 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 757 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
160 | ok provos@ | 758 | ok provos@ |
161 | 759 | ||
162 | 20020622 | 760 | $Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $ |
163 | - (djm) Update README.privsep; spotted by fries@ | ||
164 | - (djm) Release 3.3p1 | ||
165 | - (bal) getopt now can be staticly compiled on those platforms missing | ||
166 | optreset. Patch by binder@arago.de | ||
167 | |||
168 | 20020621 | ||
169 | - (djm) Sync: | ||
170 | - djm@cvs.openbsd.org 2002/06/21 05:50:51 | ||
171 | [monitor.c] | ||
172 | Don't initialise compression buffers when compression=no in sshd_config; | ||
173 | ok Niels@ | ||
174 | - ID sync for auth-passwd.c | ||
175 | - (djm) Warn and disable compression on platforms which can't handle both | ||
176 | useprivilegeseparation=yes and compression=yes | ||
177 | - (djm) contrib/redhat/openssh.spec hacking: | ||
178 | - Merge in spec changes from seba@iq.pl (Sebastian Pachuta) | ||
179 | - Add new {ssh,sshd}_config.5 manpages | ||
180 | - Add new ssh-keysign program and remove setuid from ssh client | ||
181 | |||
182 | 20020620 | ||
183 | - (bal) Fixed AIX environment handling, use setpcred() instead of existing | ||
184 | code. (Bugzilla Bug 261) | ||
185 | - (bal) OpenBSD CVS Sync | ||
186 | - todd@cvs.openbsd.org 2002/06/14 21:35:00 | ||
187 | [monitor_wrap.c] | ||
188 | spelling; from Brian Poole <raj@cerias.purdue.edu> | ||
189 | - markus@cvs.openbsd.org 2002/06/15 00:01:36 | ||
190 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | ||
191 | break agent key lifetime protocol and allow other contraints for key | ||
192 | usage. | ||
193 | - markus@cvs.openbsd.org 2002/06/15 00:07:38 | ||
194 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | ||
195 | fix stupid typo | ||
196 | - markus@cvs.openbsd.org 2002/06/15 01:27:48 | ||
197 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | ||
198 | remove the CONSTRAIN_IDENTITY messages and introduce a new | ||
199 | ADD_ID message with contraints instead. contraints can be | ||
200 | only added together with the private key. | ||
201 | - itojun@cvs.openbsd.org 2002/06/16 21:30:58 | ||
202 | [ssh-keyscan.c] | ||
203 | use TAILQ_xx macro. from lukem@netbsd. markus ok | ||
204 | - deraadt@cvs.openbsd.org 2002/06/17 06:05:56 | ||
205 | [scp.c] | ||
206 | make usage like man page | ||
207 | - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 | ||
208 | [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c | ||
209 | authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 | ||
210 | ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c | ||
211 | ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c | ||
212 | xmalloc.h] | ||
213 | KNF done automatically while reading.... | ||
214 | - markus@cvs.openbsd.org 2002/06/19 18:01:00 | ||
215 | [cipher.c monitor.c monitor_wrap.c packet.c packet.h] | ||
216 | make the monitor sync the transfer ssh1 session key; | ||
217 | transfer keycontext only for RC4 (this is still depends on EVP | ||
218 | implementation details and is broken). | ||
219 | - stevesk@cvs.openbsd.org 2002/06/20 19:56:07 | ||
220 | [ssh.1 sshd.8] | ||
221 | move configuration file options from ssh.1/sshd.8 to | ||
222 | ssh_config.5/sshd_config.5; ok deraadt@ millert@ | ||
223 | - stevesk@cvs.openbsd.org 2002/06/20 20:00:05 | ||
224 | [scp.1 sftp.1] | ||
225 | ssh_config(5) | ||
226 | - stevesk@cvs.openbsd.org 2002/06/20 20:03:34 | ||
227 | [ssh_config sshd_config] | ||
228 | refer to config file man page | ||
229 | - markus@cvs.openbsd.org 2002/06/20 23:05:56 | ||
230 | [servconf.c servconf.h session.c sshd.c] | ||
231 | allow Compression=yes/no in sshd_config | ||
232 | - markus@cvs.openbsd.org 2002/06/20 23:37:12 | ||
233 | [sshd_config] | ||
234 | add Compression | ||
235 | - stevesk@cvs.openbsd.org 2002/05/25 20:40:08 | ||
236 | [LICENCE] | ||
237 | missed Per Allansson (auth2-chall.c) | ||
238 | - (bal) Cygwin special handling of empty passwords wrong. Patch by | ||
239 | vinschen@redhat.com | ||
240 | - (bal) Missed integrating ssh_config.5 and sshd_config.5 | ||
241 | - (bal) Still more Makefile.in updates for ssh{d}_config.5 | ||
242 | |||
243 | 20020613 | ||
244 | - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com | ||
245 | |||
246 | 20020612 | ||
247 | - (bal) OpenBSD CVS Sync | ||
248 | - markus@cvs.openbsd.org 2002/06/11 23:03:54 | ||
249 | [ssh.c] | ||
250 | remove unused cruft. | ||
251 | - markus@cvs.openbsd.org 2002/06/12 01:09:52 | ||
252 | [ssh.c] | ||
253 | ssh_connect returns 0 on success | ||
254 | - (bal) Build noop setgroups() for cygwin to clean up code (For other | ||
255 | platforms without the setgroups() requirement, you MUST define | ||
256 | SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com | ||
257 | - (bal) Some platforms don't have ONLCR (Notable Mint) | ||
258 | |||
259 | 20020611 | ||
260 | - (bal) ssh-agent.c RCSD fix (|unexpand already done) | ||
261 | - (bal) OpenBSD CVS Sync | ||
262 | - stevesk@cvs.openbsd.org 2002/06/09 22:15:15 | ||
263 | [ssh.1] | ||
264 | update for no setuid root and ssh-keysign; ok deraadt@ | ||
265 | - itojun@cvs.openbsd.org 2002/06/09 22:17:21 | ||
266 | [sshconnect.c] | ||
267 | pass salen to sockaddr_ntop so that we are happy on linux/solaris | ||
268 | - stevesk@cvs.openbsd.org 2002/06/10 16:53:06 | ||
269 | [auth-rsa.c ssh-rsa.c] | ||
270 | display minimum RSA modulus in error(); ok markus@ | ||
271 | - stevesk@cvs.openbsd.org 2002/06/10 16:56:30 | ||
272 | [ssh-keysign.8] | ||
273 | merge in stuff from my man page; ok markus@ | ||
274 | - stevesk@cvs.openbsd.org 2002/06/10 17:36:23 | ||
275 | [ssh-add.1 ssh-add.c] | ||
276 | use convtime() to parse and validate key lifetime. can now | ||
277 | use '-t 2h' etc. ok markus@ provos@ | ||
278 | - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 | ||
279 | [readconf.c ssh.1] | ||
280 | change RhostsRSAAuthentication and RhostsAuthentication default to no | ||
281 | since ssh is no longer setuid root by default; ok markus@ | ||
282 | - stevesk@cvs.openbsd.org 2002/06/10 21:21:10 | ||
283 | [ssh_config] | ||
284 | update defaults for RhostsRSAAuthentication and RhostsAuthentication | ||
285 | here too (all options commented out with default value). | ||
286 | - markus@cvs.openbsd.org 2002/06/10 22:28:41 | ||
287 | [channels.c channels.h session.c] | ||
288 | move creation of agent socket to session.c; no need for uidswapping | ||
289 | in channel.c. | ||
290 | - markus@cvs.openbsd.org 2002/06/11 04:14:26 | ||
291 | [ssh.c sshconnect.c sshconnect.h] | ||
292 | no longer use uidswap.[ch] from the ssh client | ||
293 | run less code with euid==0 if ssh is installed setuid root | ||
294 | just switch the euid, don't switch the complete set of groups | ||
295 | (this is only needed by sshd). ok provos@ | ||
296 | - mpech@cvs.openbsd.org 2002/06/11 05:46:20 | ||
297 | [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c] | ||
298 | pid_t cleanup. Markus need this now to keep hacking. | ||
299 | markus@, millert@ ok | ||
300 | - itojun@cvs.openbsd.org 2002/06/11 08:11:45 | ||
301 | [canohost.c] | ||
302 | use "ntop" only after initialized | ||
303 | - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by | ||
304 | vinschen@redhat.com | ||
305 | |||
306 | 20020609 | ||
307 | - (bal) OpenBSD CVS Sync | ||
308 | - markus@cvs.openbsd.org 2002/06/08 05:07:56 | ||
309 | [ssh.c] | ||
310 | nuke ptrace comment | ||
311 | - markus@cvs.openbsd.org 2002/06/08 05:07:09 | ||
312 | [ssh-keysign.c] | ||
313 | only accept 20 byte session ids | ||
314 | - markus@cvs.openbsd.org 2002/06/08 05:17:01 | ||
315 | [readconf.c readconf.h ssh.1 ssh.c] | ||
316 | deprecate FallBackToRsh and UseRsh; patch from djm@ | ||
317 | - markus@cvs.openbsd.org 2002/06/08 05:40:01 | ||
318 | [readconf.c] | ||
319 | just warn about Deprecated options for now | ||
320 | - markus@cvs.openbsd.org 2002/06/08 05:41:18 | ||
321 | [ssh_config] | ||
322 | remove FallBackToRsh/UseRsh | ||
323 | - markus@cvs.openbsd.org 2002/06/08 12:36:53 | ||
324 | [scp.c] | ||
325 | remove FallBackToRsh | ||
326 | - markus@cvs.openbsd.org 2002/06/08 12:46:14 | ||
327 | [readconf.c] | ||
328 | silently ignore deprecated options, since FallBackToRsh might be passed | ||
329 | by remote scp commands. | ||
330 | - itojun@cvs.openbsd.org 2002/06/08 21:15:27 | ||
331 | [sshconnect.c] | ||
332 | always use getnameinfo. (diag message only) | ||
333 | - markus@cvs.openbsd.org 2002/06/09 04:33:27 | ||
334 | [sshconnect.c] | ||
335 | abort() - > fatal() | ||
336 | - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c, | ||
337 | sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand | ||
338 | independant of them) | ||
339 | |||
340 | 20020607 | ||
341 | - (bal) Removed --{enable/disable}-suid-ssh | ||
342 | - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au | ||
343 | - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by | ||
344 | Bertrand.Velle@apogee-com.fr | ||
345 | |||
346 | 20020606 | ||
347 | - (bal) OpenBSD CVS Sync | ||
348 | - markus@cvs.openbsd.org 2002/05/15 21:56:38 | ||
349 | [servconf.c sshd.8 sshd_config] | ||
350 | re-enable privsep and disable setuid for post-3.2.2 | ||
351 | - markus@cvs.openbsd.org 2002/05/16 22:02:50 | ||
352 | [cipher.c kex.h mac.c] | ||
353 | fix warnings (openssl 0.9.7 requires const) | ||
354 | - stevesk@cvs.openbsd.org 2002/05/16 22:09:59 | ||
355 | [session.c ssh.c] | ||
356 | don't limit xauth pathlen on client side and longer print length on | ||
357 | server when debug; ok markus@ | ||
358 | - deraadt@cvs.openbsd.org 2002/05/19 20:54:52 | ||
359 | [log.h] | ||
360 | extra commas in enum not 100% portable | ||
361 | - deraadt@cvs.openbsd.org 2002/05/22 23:18:25 | ||
362 | [ssh.c sshd.c] | ||
363 | spelling; abishoff@arc.nasa.gov | ||
364 | - markus@cvs.openbsd.org 2002/05/23 19:24:30 | ||
365 | [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h | ||
366 | sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in] | ||
367 | add /usr/libexec/ssh-keysign: a setuid helper program for hostbased | ||
368 | authentication in protocol v2 (needs to access the hostkeys). | ||
369 | - markus@cvs.openbsd.org 2002/05/23 19:39:34 | ||
370 | [ssh.c] | ||
371 | add comment about ssh-keysign | ||
372 | - markus@cvs.openbsd.org 2002/05/24 08:45:14 | ||
373 | [sshconnect2.c] | ||
374 | stat ssh-keysign first, print error if stat fails; | ||
375 | some debug->error; fix comment | ||
376 | - markus@cvs.openbsd.org 2002/05/25 08:50:39 | ||
377 | [sshconnect2.c] | ||
378 | execlp->execl; from stevesk | ||
379 | - markus@cvs.openbsd.org 2002/05/25 18:51:07 | ||
380 | [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c | ||
381 | auth2-passwd.c auth2-pubkey.c Makefile.in] | ||
382 | split auth2.c into one file per method; ok provos@/deraadt@ | ||
383 | - stevesk@cvs.openbsd.org 2002/05/26 20:35:10 | ||
384 | [ssh.1] | ||
385 | sort ChallengeResponseAuthentication; ok markus@ | ||
386 | - stevesk@cvs.openbsd.org 2002/05/28 16:45:27 | ||
387 | [monitor_mm.c] | ||
388 | print strerror(errno) on mmap/munmap error; ok markus@ | ||
389 | - stevesk@cvs.openbsd.org 2002/05/28 17:28:02 | ||
390 | [uidswap.c] | ||
391 | format spec change/casts and some KNF; ok markus@ | ||
392 | - stevesk@cvs.openbsd.org 2002/05/28 21:24:00 | ||
393 | [uidswap.c] | ||
394 | use correct function name in fatal() | ||
395 | - stevesk@cvs.openbsd.org 2002/05/29 03:06:30 | ||
396 | [ssh.1 sshd.8] | ||
397 | spelling | ||
398 | - markus@cvs.openbsd.org 2002/05/29 11:21:57 | ||
399 | [sshd.c] | ||
400 | don't start if privsep is enabled and SSH_PRIVSEP_USER or | ||
401 | _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ | ||
402 | - markus@cvs.openbsd.org 2002/05/30 08:07:31 | ||
403 | [cipher.c] | ||
404 | use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of | ||
405 | our own implementation. allow use of AES hardware via libcrypto, | ||
406 | ok deraadt@ | ||
407 | - markus@cvs.openbsd.org 2002/05/31 10:30:33 | ||
408 | [sshconnect2.c] | ||
409 | extent ssh-keysign protocol: | ||
410 | pass # of socket-fd to ssh-keysign, keysign verfies locally used | ||
411 | ip-address using this socket-fd, restricts fake local hostnames | ||
412 | to actual local hostnames; ok stevesk@ | ||
413 | - markus@cvs.openbsd.org 2002/05/31 11:35:15 | ||
414 | [auth.h auth2.c] | ||
415 | move Authmethod definitons to per-method file. | ||
416 | - markus@cvs.openbsd.org 2002/05/31 13:16:48 | ||
417 | [key.c] | ||
418 | add comment: | ||
419 | key_verify returns 1 for a correct signature, 0 for an incorrect signature | ||
420 | and -1 on error. | ||
421 | - markus@cvs.openbsd.org 2002/05/31 13:20:50 | ||
422 | [ssh-rsa.c] | ||
423 | pad received signature with leading zeros, because RSA_verify expects | ||
424 | a signature of RSA_size. the drafts says the signature is transmitted | ||
425 | unpadded (e.g. putty does not pad), reported by anakin@pobox.com | ||
426 | - deraadt@cvs.openbsd.org 2002/06/03 12:04:07 | ||
427 | [ssh.h] | ||
428 | compatiblity -> compatibility | ||
429 | decriptor -> descriptor | ||
430 | authentciated -> authenticated | ||
431 | transmition -> transmission | ||
432 | - markus@cvs.openbsd.org 2002/06/04 19:42:35 | ||
433 | [monitor.c] | ||
434 | only allow enabled authentication methods; ok provos@ | ||
435 | - markus@cvs.openbsd.org 2002/06/04 19:53:40 | ||
436 | [monitor.c] | ||
437 | save the session id (hash) for ssh2 (it will be passed with the | ||
438 | initial sign request) and verify that this value is used during | ||
439 | authentication; ok provos@ | ||
440 | - markus@cvs.openbsd.org 2002/06/04 23:02:06 | ||
441 | [packet.c] | ||
442 | remove __FUNCTION__ | ||
443 | - markus@cvs.openbsd.org 2002/06/04 23:05:49 | ||
444 | [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c] | ||
445 | __FUNCTION__ -> __func__ | ||
446 | - markus@cvs.openbsd.org 2002/06/05 16:08:07 | ||
447 | [ssh-agent.1 ssh-agent.c] | ||
448 | '-a bind_address' binds the agent to user-specified unix-domain | ||
449 | socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). | ||
450 | - markus@cvs.openbsd.org 2002/06/05 16:08:07 | ||
451 | [ssh-agent.1 ssh-agent.c] | ||
452 | '-a bind_address' binds the agent to user-specified unix-domain | ||
453 | socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). | ||
454 | - markus@cvs.openbsd.org 2002/06/05 16:48:54 | ||
455 | [ssh-agent.c] | ||
456 | copy current request into an extra buffer and just flush this | ||
457 | request on errors, ok provos@ | ||
458 | - markus@cvs.openbsd.org 2002/06/05 19:57:12 | ||
459 | [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] | ||
460 | ssh-add -x for lock and -X for unlocking the agent. | ||
461 | todo: encrypt private keys with locked... | ||
462 | - markus@cvs.openbsd.org 2002/06/05 20:56:39 | ||
463 | [ssh-add.c] | ||
464 | add -x/-X to usage | ||
465 | - markus@cvs.openbsd.org 2002/06/05 21:55:44 | ||
466 | [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] | ||
467 | ssh-add -t life, Set lifetime (in seconds) when adding identities; | ||
468 | ok provos@ | ||
469 | - stevesk@cvs.openbsd.org 2002/06/06 01:09:41 | ||
470 | [monitor.h] | ||
471 | no trailing comma in enum; china@thewrittenword.com | ||
472 | - markus@cvs.openbsd.org 2002/06/06 17:12:44 | ||
473 | [sftp-server.c] | ||
474 | discard remaining bytes of current request; ok provos@ | ||
475 | - markus@cvs.openbsd.org 2002/06/06 17:30:11 | ||
476 | [sftp-server.c] | ||
477 | use get_int() macro (hide iqueue) | ||
478 | - (bal) Missed msg.[ch] in merge. Required for ssh-keysign. | ||
479 | - (bal) Forgot to add msg.c Makefile.in. | ||
480 | - (bal) monitor_mm.c typos. | ||
481 | - (bal) Refixed auth2.c. It was never fully commited while spliting out | ||
482 | authentication to different files. | ||
483 | - (bal) ssh-keysign should build and install correctly now. Phase two | ||
484 | would be to clean out any dead wood and disable ssh setuid on install. | ||
485 | - (bal) Reverse logic, use __func__ first since it's C99 | ||
486 | |||
487 | 20020604 | ||
488 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed | ||
489 | setsockopt from debug to error for now). | ||
490 | |||
491 | 20020527 | ||
492 | - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address | ||
493 | build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out | ||
494 | last monitor_fdpass.c changes that are no longer needed with new tests. | ||
495 | Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no> | ||
496 | |||
497 | 20020522 | ||
498 | - (djm) Fix spelling mistakes, spotted by Solar Designer i | ||
499 | <solar@openwall.com> | ||
500 | - Sync scard/ (not sure when it drifted) | ||
501 | - (djm) OpenBSD CVS Sync: | ||
502 | [auth.c] | ||
503 | Fix typo/thinko. Pass in as to auth_approval(), not NULL. | ||
504 | Closes PR 2659. | ||
505 | - Crank version | ||
506 | - Crank RPM spec versions | ||
507 | |||
508 | 20020521 | ||
509 | - (stevesk) [sshd.c] bug 245; disable setsid() for now | ||
510 | - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() | ||
511 | |||
512 | 20020517 | ||
513 | - (tim) [configure.ac] remove extra MD5_MSG="no" line. | ||
514 | |||
515 | 20020515 | ||
516 | - (bal) CVS ID fix up on auth-passwd.c | ||
517 | - (bal) OpenBSD CVS Sync | ||
518 | - deraadt@cvs.openbsd.org 2002/05/07 19:54:36 | ||
519 | [ssh.h] | ||
520 | use ssh uid | ||
521 | - deraadt@cvs.openbsd.org 2002/05/08 21:06:34 | ||
522 | [ssh.h] | ||
523 | move to sshd.sshd instead | ||
524 | - stevesk@cvs.openbsd.org 2002/05/11 20:24:48 | ||
525 | [ssh.h] | ||
526 | typo in comment | ||
527 | - itojun@cvs.openbsd.org 2002/05/13 02:37:39 | ||
528 | [auth-skey.c auth2.c] | ||
529 | less warnings. skey_{respond,query} are public (in auth.h) | ||
530 | - markus@cvs.openbsd.org 2002/05/13 20:44:58 | ||
531 | [auth-options.c auth.c auth.h] | ||
532 | move the packet_send_debug handling from auth-options.c to auth.c; | ||
533 | ok provos@ | ||
534 | - millert@cvs.openbsd.org 2002/05/13 15:53:19 | ||
535 | [sshd.c] | ||
536 | Call setsid() in the child after sshd accepts the connection and forks. | ||
537 | This is needed for privsep which calls setlogin() when it changes uids. | ||
538 | Without this, there is a race where the login name of an existing | ||
539 | connection, as returned by getlogin(), may be changed to the privsep | ||
540 | user (sshd). markus@ OK | ||
541 | - markus@cvs.openbsd.org 2002/05/13 21:26:49 | ||
542 | [auth-rhosts.c] | ||
543 | handle debug messages during rhosts-rsa and hostbased authentication; | ||
544 | ok provos@ | ||
545 | - mouring@cvs.openbsd.org 2002/05/15 15:47:49 | ||
546 | [kex.c monitor.c monitor_wrap.c sshd.c] | ||
547 | 'monitor' variable clashes with at least one lame platform (NeXT). i | ||
548 | Renamed to 'pmonitor'. provos@ | ||
549 | - deraadt@cvs.openbsd.org 2002/05/04 02:39:35 | ||
550 | [servconf.c sshd.8 sshd_config] | ||
551 | enable privsep by default; provos ok | ||
552 | - millert@cvs.openbsd.org 2002/05/06 23:34:33 | ||
553 | [ssh.1 sshd.8] | ||
554 | Kill/adjust r(login|exec)d? references now that those are no longer in | ||
555 | the tree. | ||
556 | - markus@cvs.openbsd.org 2002/05/15 21:02:53 | ||
557 | [servconf.c sshd.8 sshd_config] | ||
558 | disable privsep and enable setuid for the 3.2.2 release | ||
559 | - (bal) Fixed up PAM case. I think. | ||
560 | - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy | ||
561 | - (bal) OpenBSD CVS Sync | ||
562 | - markus@cvs.openbsd.org 2002/05/15 21:05:29 | ||
563 | [version.h] | ||
564 | enter OpenSSH_3.2.2 | ||
565 | - (bal) Caldara, Suse, and Redhat openssh.specs updated. | ||
566 | |||
567 | 20020514 | ||
568 | - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. | ||
569 | - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to | ||
570 | match what newer style ptys have when allocated. Based on a patch by | ||
571 | Roger Cornelius <rac@tenzing.org> | ||
572 | - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work. | ||
573 | - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8 | ||
574 | from PAM-enabled pragraph. UnixWare has no PAM. | ||
575 | - (tim) [contrib/caldera/openssh.spec] update version. | ||
576 | |||
577 | 20020513 | ||
578 | - (stevesk) add initial README.privsep | ||
579 | - (stevesk) [configure.ac] nicer message: --with-privsep-user=user | ||
580 | - (djm) Add --with-superuser-path=xxx configure option to specify | ||
581 | what $PATH the superuser receives. | ||
582 | - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. | ||
583 | - (djm) Add --with-privsep-path configure option | ||
584 | - (djm) Update RPM spec file: different superuser path, use | ||
585 | /var/empty/sshd for privsep | ||
586 | - (djm) Bug #234: missing readpassphrase declaration and defines | ||
587 | - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ | ||
588 | OpenSSL < 0.9.6 | ||
589 | |||
590 | 20020511 | ||
591 | - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. | ||
592 | Now only searches system and /usr/local/ssl (OpenSSL's default install path) | ||
593 | Others must use --with-ssl-dir=.... | ||
594 | - (tim) [monitor_fdpass.c] fix for systems that have both | ||
595 | HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h | ||
596 | has #define msg_accrights msg_control | ||
597 | |||
598 | 20020510 | ||
599 | - (stevesk) [auth.c] Shadow account and expiration cleanup. Now | ||
600 | check for root forced expire. Still don't check for inactive. | ||
601 | - (djm) Rework RedHat RPM files. Based on spec from Nalin | ||
602 | Dahyabhai <nalin@redhat.com> and patches from | ||
603 | Pekka Savola <pekkas@netcore.fi> | ||
604 | - (djm) Try to drop supplemental groups at daemon startup. Patch from | ||
605 | RedHat | ||
606 | - (bal) Back all the way out of auth-passwd.c changes. Breaks too many | ||
607 | things that don't set pw->pw_passwd. | ||
608 | |||
609 | 20020509 | ||
610 | - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep | ||
611 | |||
612 | 20020508 | ||
613 | - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is | ||
614 | called. Report by Chris Maxwell <maxwell@cs.dal.ca> | ||
615 | - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile | ||
616 | - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) | ||
617 | |||
618 | 20020507 | ||
619 | - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] | ||
620 | Add truncate() emulation to address Bug 208 | ||
621 | |||
622 | 20020506 | ||
623 | - (djm) Unbreak auth-passwd.c for PAM and SIA | ||
624 | - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola | ||
625 | <pekkas@netcore.fi> | ||
626 | - (djm) Don't reinitialise PAM credentials before we have started PAM. | ||
627 | Report from Pekka Savola <pekkas@netcore.fi> | ||
628 | |||
629 | 20020506 | ||
630 | - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue | ||
631 | |||
632 | 20020501 | ||
633 | - (djm) Import OpenBSD regression tests. Requires BSD make to run | ||
634 | - (djm) Fix readpassphase compilation for systems which have it | ||
635 | |||
636 | 20020429 | ||
637 | - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in | ||
638 | sshd_config. | ||
639 | - (tim) [contrib/cygwin/README] remove reference to regex. | ||
640 | patch from Corinna Vinschen <vinschen@redhat.com> | ||
641 | |||
642 | 20020426 | ||
643 | - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode | ||
644 | during distprep only | ||
645 | - (djm) Disable PAM password expiry until a complete fix for bug #188 | ||
646 | exists | ||
647 | - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on | ||
648 | patch from openssh@misc.tecq.org | ||
649 | |||
650 | 20020425 | ||
651 | - (stevesk) [defines.h] remove USE_TIMEVAL; unused | ||
652 | - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26 | ||
653 | support. bug #184. most from dcole@keysoftsys.com. | ||
654 | |||
655 | 20020424 | ||
656 | - (djm) OpenBSD CVS Sync | ||
657 | - markus@cvs.openbsd.org 2002/04/23 12:54:10 | ||
658 | [version.h] | ||
659 | 3.2.1 | ||
660 | - djm@cvs.openbsd.org 2002/04/23 22:16:29 | ||
661 | [sshd.c] | ||
662 | Improve error message; ok markus@ stevesk@ | ||
663 | |||
664 | 20020423 | ||
665 | - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX | ||
666 | - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused | ||
667 | - (markus) OpenBSD CVS Sync | ||
668 | - markus@cvs.openbsd.org 2002/04/23 12:58:26 | ||
669 | [radix.c] | ||
670 | send complete ticket; semerad@ss1000.ms.mff.cuni.cz | ||
671 | - (djm) Trim ChangeLog to include only post-3.1 changes | ||
672 | - (djm) Update RPM spec file versions | ||
673 | - (djm) Redhat spec enables KrbV by default | ||
674 | - (djm) Applied OpenSC smartcard updates from Markus & | ||
675 | Antti Tapaninen <aet@cc.hut.fi> | ||
676 | - (djm) Define BROKEN_REALPATH for AIX, patch from | ||
677 | Antti Tapaninen <aet@cc.hut.fi> | ||
678 | - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from | ||
679 | Kevin Taylor <no@nowhere.org> (??) via Philipp Grau | ||
680 | <phgrau@zedat.fu-berlin.de> | ||
681 | - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes. | ||
682 | Reported by Doug Manton <dmanton@emea.att.com> | ||
683 | - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by | ||
684 | Robert Urban <urban@spielwiese.de> | ||
685 | - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid | ||
686 | sizeof(long long int) == 4 breakage. Patch from Matthew Clarke | ||
687 | <Matthew_Clarke@mindlink.bc.ca> | ||
688 | - (djm) Make privsep work with PAM (still experimental) | ||
689 | - (djm) OpenBSD CVS Sync | ||
690 | - deraadt@cvs.openbsd.org 2002/04/20 09:02:03 | ||
691 | [servconf.c] | ||
692 | No, afs requires explicit enabling | ||
693 | - markus@cvs.openbsd.org 2002/04/20 09:14:58 | ||
694 | [bufaux.c bufaux.h] | ||
695 | add buffer_{get,put}_short | ||
696 | - markus@cvs.openbsd.org 2002/04/20 09:17:19 | ||
697 | [radix.c] | ||
698 | rewrite using the buffer_* API, fixes overflow; ok deraadt@ | ||
699 | - stevesk@cvs.openbsd.org 2002/04/21 16:19:27 | ||
700 | [sshd.8 sshd_config] | ||
701 | document default AFSTokenPassing no; ok deraadt@ | ||
702 | - stevesk@cvs.openbsd.org 2002/04/21 16:25:06 | ||
703 | [sshconnect1.c] | ||
704 | spelling in error message; ok markus@ | ||
705 | - markus@cvs.openbsd.org 2002/04/22 06:15:47 | ||
706 | [radix.c] | ||
707 | fix check for overflow | ||
708 | - markus@cvs.openbsd.org 2002/04/22 16:16:53 | ||
709 | [servconf.c sshd.8 sshd_config] | ||
710 | do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@ | ||
711 | - markus@cvs.openbsd.org 2002/04/22 21:04:52 | ||
712 | [channels.c clientloop.c clientloop.h ssh.c] | ||
713 | request reply (success/failure) for -R style fwd in protocol v2, | ||
714 | depends on ordered replies. | ||
715 | fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@ | ||
716 | |||
717 | 20020421 | ||
718 | - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). | ||
719 | entropy.c needs seteuid(getuid()) for the setuid(original_uid) to | ||
720 | succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208 | ||
721 | |||
722 | 20020418 | ||
723 | - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from | ||
724 | Sturle Sunde <sturle.sunde@usit.uio.no> | ||
725 | |||
726 | 20020417 | ||
727 | - (djm) Tell users to configure /dev/random support into OpenSSL in | ||
728 | INSTALL | ||
729 | - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca | ||
730 | - (tim) [configure.ac] Issue warning on --with-default-path=/some_path | ||
731 | if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com> | ||
732 | |||
733 | 20020415 | ||
734 | - (djm) Unbreak "make install". Fix from Darren Tucker | ||
735 | <dtucker@zip.com.au> | ||
736 | - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen | ||
737 | - (tim) [configure.ac] add tests for recvmsg and sendmsg. | ||
738 | [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for | ||
739 | systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg. | ||
740 | |||
741 | 20020414 | ||
742 | - (djm) ssh-rand-helper improvements | ||
743 | - Add commandline debugging options | ||
744 | - Don't write binary data if stdout is a tty (use hex instead) | ||
745 | - Give it a manpage | ||
746 | - (djm) Random number collection doc fixes from Ben | ||
747 | |||
748 | 20020413 | ||
749 | - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk> | ||
750 | |||
751 | 20020412 | ||
752 | - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams | ||
753 | - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L | ||
754 | to -h on testing for /bin being symbolic link | ||
755 | - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by | ||
756 | Corinna Vinschen <vinschen@redhat.com> | ||
757 | - (bal) disable privsep if no MAP_ANON. We can re-enable it | ||
758 | after the release when we can do more testing. | ||
759 | |||
760 | 20020411 | ||
761 | - (stevesk) [auth-sia.c] cleanup | ||
762 | - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and | ||
763 | defines in defines.h [rijndael.c openbsd-compat/fake-socket.h | ||
764 | openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h" | ||
765 | ok stevesk@ | ||
766 | |||
767 | 20020410 | ||
768 | - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR | ||
769 | - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net> | ||
770 | - (bal) OpenBSD CVS Sync | ||
771 | - markus@cvs.openbsd.org 2002/04/10 08:21:47 | ||
772 | [auth1.c compat.c compat.h] | ||
773 | strip '@' from username only for KerbV and known broken clients, | ||
774 | bug #204 | ||
775 | - markus@cvs.openbsd.org 2002/04/10 08:56:01 | ||
776 | [version.h] | ||
777 | OpenSSH_3.2 | ||
778 | - Added p1 to idenify Portable release version. | ||
779 | |||
780 | 20020408 | ||
781 | - (bal) Minor OpenSC updates. Fix up header locations and update | ||
782 | README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi> | ||
783 | |||
784 | 20020407 | ||
785 | - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now. | ||
786 | Future: we may want to test if fd passing works correctly. | ||
787 | - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes | ||
788 | and no fd passing support. | ||
789 | - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in | ||
790 | monitor_mm.c | ||
791 | - (stevesk) remove configure support for poll.h; it was removed | ||
792 | from sshd.c a long time ago. | ||
793 | - (stevesk) --with-privsep-user; default sshd | ||
794 | - (stevesk) wrap munmap() with HAVE_MMAP also. | ||
795 | |||
796 | 20020406 | ||
797 | - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann | ||
798 | <carsten.grohmann@dr-baldeweg.de> | ||
799 | - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile. | ||
800 | - (bal) OpenBSD CVS Sync | ||
801 | - djm@cvs.openbsd.org 2002/04/06 00:30:08 | ||
802 | [sftp-client.c] | ||
803 | Fix occasional corruption on upload due to bad reuse of request | ||
804 | id, spotted by chombier@mac.com; ok markus@ | ||
805 | - mouring@cvs.openbsd.org 2002/04/06 18:24:09 | ||
806 | [scp.c] | ||
807 | Fixes potental double // within path. | ||
808 | http://bugzilla.mindrot.org/show_bug.cgi?id=76 | ||
809 | - (bal) Slight update to OpenSC support. Better version checking. patch | ||
810 | by Juha Yrjölä <jyrjola@cc.hut.fi> | ||
811 | - (bal) Revered out of runtime IRIX detection of joblimits. Code is | ||
812 | incomplete. | ||
813 | - (bal) Quiet down configure.ac if /bin/test does not exist. | ||
814 | - (bal) We no longer use atexit()/xatexit()/on_exit() | ||
815 | |||
816 | 20020405 | ||
817 | - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by | ||
818 | Juha Yrjölä <jyrjola@cc.hut.fi> | ||
819 | - (bal) Minor documentation update to reflect smartcard library | ||
820 | support changes. | ||
821 | - (bal) Too many <sys/queue.h> issues. Remove all workarounds and | ||
822 | using internal version only. | ||
823 | - (bal) OpenBSD CVS Sync | ||
824 | - stevesk@cvs.openbsd.org 2002/04/05 20:56:21 | ||
825 | [sshd.8] | ||
826 | clarify sshrc some and handle X11UseLocalhost=yes; ok markus@ | ||
827 | |||
828 | 20020404 | ||
829 | - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h | ||
830 | auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm. | ||
831 | - (bal) OpenBSD CVS Sync | ||
832 | - markus@cvs.openbsd.org 2002/04/03 09:26:11 | ||
833 | [cipher.c myproposal.h] | ||
834 | re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net | ||
835 | |||
836 | 20020402 | ||
837 | - (bal) Hand Sync of scp.c (reverted to upstream code) | ||
838 | - deraadt@cvs.openbsd.org 2002/03/30 17:45:46 | ||
839 | [scp.c] | ||
840 | stretch banners | ||
841 | - (bal) CVS ID sync of uidswap.c | ||
842 | - (bal) OpenBSD CVS Sync (now for the real sync) | ||
843 | - markus@cvs.openbsd.org 2002/03/27 22:21:45 | ||
844 | [ssh-keygen.c] | ||
845 | try to import keys with extra trailing === (seen with ssh.com < | ||
846 | 2.0.12) | ||
847 | - markus@cvs.openbsd.org 2002/03/28 15:34:51 | ||
848 | [session.c] | ||
849 | do not call record_login twice (for use_privsep) | ||
850 | - markus@cvs.openbsd.org 2002/03/29 18:59:32 | ||
851 | [session.c session.h] | ||
852 | retrieve last login time before the pty is allocated, store per | ||
853 | session | ||
854 | - stevesk@cvs.openbsd.org 2002/03/29 19:16:22 | ||
855 | [sshd.8] | ||
856 | RSA key modulus size minimum 768; ok markus@ | ||
857 | - stevesk@cvs.openbsd.org 2002/03/29 19:18:33 | ||
858 | [auth-rsa.c ssh-rsa.c ssh.h] | ||
859 | make RSA modulus minimum #define; ok markus@ | ||
860 | - markus@cvs.openbsd.org 2002/03/30 18:51:15 | ||
861 | [monitor.c serverloop.c sftp-int.c sftp.c sshd.c] | ||
862 | check waitpid for EINTR; based on patch from peter@ifm.liu.se | ||
863 | - markus@cvs.openbsd.org 2002/04/01 22:02:16 | ||
864 | [sftp-client.c] | ||
865 | 20480 is an upper limit for older server | ||
866 | - markus@cvs.openbsd.org 2002/04/01 22:07:17 | ||
867 | [sftp-client.c] | ||
868 | fallback to stat if server does not support lstat | ||
869 | - markus@cvs.openbsd.org 2002/04/02 11:49:39 | ||
870 | [ssh-agent.c] | ||
871 | check $SHELL for -k and -d, too; | ||
872 | http://bugzilla.mindrot.org/show_bug.cgi?id=199 | ||
873 | - markus@cvs.openbsd.org 2002/04/02 17:37:48 | ||
874 | [sftp.c] | ||
875 | always call log_init() | ||
876 | - markus@cvs.openbsd.org 2002/04/02 20:11:38 | ||
877 | [ssh-rsa.c] | ||
878 | ignore SSH_BUG_SIGBLOB for ssh-rsa; #187 | ||
879 | - (bal) mispelling in uidswap.c (portable only) | ||
880 | |||
881 | 20020401 | ||
882 | - (stevesk) [monitor.c] PAM should work again; will *not* work with | ||
883 | UsePrivilegeSeparation=yes. | ||
884 | - (stevesk) [auth1.c] fix password auth for protocol 1 when | ||
885 | !USE_PAM && !HAVE_OSF_SIA; merge issue. | ||
886 | |||
887 | 20020331 | ||
888 | - (tim) [configure.ac] use /bin/test -L to work around broken builtin on | ||
889 | Solaris 8 | ||
890 | - (tim) [sshconnect2.c] change uint32_t to u_int32_t | ||
891 | |||
892 | 20020330 | ||
893 | - (stevesk) [configure.ac] remove header check for sys/ttcompat.h | ||
894 | bug 167 | ||
895 | |||
896 | 20020327 | ||
897 | - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by | ||
898 | kent@lysator.liu.se | ||
899 | - (bal) OpenBSD CVS Sync | ||
900 | - markus@cvs.openbsd.org 2002/03/26 11:34:49 | ||
901 | [ssh.1 sshd.8] | ||
902 | update to recent drafts | ||
903 | - markus@cvs.openbsd.org 2002/03/26 11:37:05 | ||
904 | [ssh.c] | ||
905 | update Copyright | ||
906 | - markus@cvs.openbsd.org 2002/03/26 15:23:40 | ||
907 | [bufaux.c] | ||
908 | do not talk about packets in bufaux | ||
909 | - rees@cvs.openbsd.org 2002/03/26 18:46:59 | ||
910 | [scard.c] | ||
911 | try_AUT0 in read_pubkey too, for those paranoid few who want to | ||
912 | acl 'sh' | ||
913 | - markus@cvs.openbsd.org 2002/03/26 22:50:39 | ||
914 | [channels.h] | ||
915 | CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too | ||
916 | - markus@cvs.openbsd.org 2002/03/26 23:13:03 | ||
917 | [auth-rsa.c] | ||
918 | disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth) | ||
919 | - markus@cvs.openbsd.org 2002/03/26 23:14:51 | ||
920 | [kex.c] | ||
921 | generate a new cookie for each SSH2_MSG_KEXINIT message we send out | ||
922 | - mouring@cvs.openbsd.org 2002/03/27 11:45:42 | ||
923 | [monitor.c] | ||
924 | monitor_allowed_key() returns int instead of pointer. ok markus@ | ||
925 | |||
926 | 20020325 | ||
927 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" | ||
928 | - (bal) OpenBSD CVS Sync | ||
929 | - stevesk@cvs.openbsd.org 2002/03/23 20:57:26 | ||
930 | [sshd.c] | ||
931 | setproctitle() after preauth child; ok markus@ | ||
932 | - markus@cvs.openbsd.org 2002/03/24 16:00:27 | ||
933 | [serverloop.c] | ||
934 | remove unused debug | ||
935 | - markus@cvs.openbsd.org 2002/03/24 16:01:13 | ||
936 | [packet.c] | ||
937 | debug->debug3 for extra padding | ||
938 | - stevesk@cvs.openbsd.org 2002/03/24 17:27:03 | ||
939 | [kexgex.c] | ||
940 | typo; ok markus@ | ||
941 | - stevesk@cvs.openbsd.org 2002/03/24 17:53:16 | ||
942 | [monitor_fdpass.c] | ||
943 | minor cleanup and more error checking; ok markus@ | ||
944 | - markus@cvs.openbsd.org 2002/03/24 18:05:29 | ||
945 | [scard.c] | ||
946 | we need to figure out AUT0 for sc_private_encrypt, too | ||
947 | - stevesk@cvs.openbsd.org 2002/03/24 23:20:00 | ||
948 | [monitor.c] | ||
949 | remove "\n" from fatal() | ||
950 | - markus@cvs.openbsd.org 2002/03/25 09:21:13 | ||
951 | [auth-rsa.c] | ||
952 | return 0 (not NULL); tomh@po.crl.go.jp | ||
953 | - markus@cvs.openbsd.org 2002/03/25 09:25:06 | ||
954 | [auth-rh-rsa.c] | ||
955 | rm bogus comment | ||
956 | - markus@cvs.openbsd.org 2002/03/25 17:34:27 | ||
957 | [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c] | ||
958 | change sc_get_key to sc_get_keys and hide smartcard details in scard.c | ||
959 | - stevesk@cvs.openbsd.org 2002/03/25 20:12:10 | ||
960 | [monitor_mm.c monitor_wrap.c] | ||
961 | ssize_t args use "%ld" and cast to (long) | ||
962 | size_t args use "%lu" and cast to (u_long) | ||
963 | ok markus@ and thanks millert@ | ||
964 | - markus@cvs.openbsd.org 2002/03/25 21:04:02 | ||
965 | [ssh.c] | ||
966 | simplify num_identity_files handling | ||
967 | - markus@cvs.openbsd.org 2002/03/25 21:13:51 | ||
968 | [channels.c channels.h compat.c compat.h nchan.c] | ||
969 | don't send stderr data after EOF, accept this from older known | ||
970 | (broken) sshd servers only, fixes | ||
971 | http://bugzilla.mindrot.org/show_bug.cgi?id=179 | ||
972 | - stevesk@cvs.openbsd.org 2002/03/26 03:24:01 | ||
973 | [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h] | ||
974 | $OpenBSD$ | ||
975 | |||
976 | 20020324 | ||
977 | - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure | ||
978 | it can be removed. only used on solaris. will no longer compile with | ||
979 | privsep shuffling. | ||
980 | |||
981 | 20020322 | ||
982 | - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support | ||
983 | - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD | ||
984 | - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms | ||
985 | - (stevesk) [monitor_fdpass.c] support for access rights style file | ||
986 | descriptor passing | ||
987 | - (stevesk) [auth2.c] merge cleanup/sync | ||
988 | - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but | ||
989 | is missing CMSG_LEN() and CMSG_SPACE() macros. | ||
990 | - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other | ||
991 | platforms may need this--I'm not sure. mmap() issues will need to be | ||
992 | addressed further. | ||
993 | - (tim) [cipher.c] fix problem with OpenBSD sync | ||
994 | - (stevesk) [LICENCE] OpenBSD sync | ||
995 | |||
996 | 20020321 | ||
997 | - (bal) OpenBSD CVS Sync | ||
998 | - itojun@cvs.openbsd.org 2002/03/08 06:10:16 | ||
999 | [sftp-client.c] | ||
1000 | printf type mismatch | ||
1001 | - itojun@cvs.openbsd.org 2002/03/11 03:18:49 | ||
1002 | [sftp-client.c] | ||
1003 | correct type mismatches (u_int64_t != unsigned long long) | ||
1004 | - itojun@cvs.openbsd.org 2002/03/11 03:19:53 | ||
1005 | [sftp-client.c] | ||
1006 | indent | ||
1007 | - markus@cvs.openbsd.org 2002/03/14 15:24:27 | ||
1008 | [sshconnect1.c] | ||
1009 | don't trust size sent by (rogue) server; noted by | ||
1010 | s.esser@e-matters.de | ||
1011 | - markus@cvs.openbsd.org 2002/03/14 16:38:26 | ||
1012 | [sshd.c] | ||
1013 | split out ssh1 session key decryption; ok provos@ | ||
1014 | - markus@cvs.openbsd.org 2002/03/14 16:56:33 | ||
1015 | [auth-rh-rsa.c auth-rsa.c auth.h] | ||
1016 | split auth_rsa() for better readability and privsep; ok provos@ | ||
1017 | - itojun@cvs.openbsd.org 2002/03/15 11:00:38 | ||
1018 | [auth.c] | ||
1019 | fix file type checking (use S_ISREG). ok by markus | ||
1020 | - markus@cvs.openbsd.org 2002/03/16 11:24:53 | ||
1021 | [compress.c] | ||
1022 | skip inflateEnd if inflate fails; ok provos@ | ||
1023 | - markus@cvs.openbsd.org 2002/03/16 17:22:09 | ||
1024 | [auth-rh-rsa.c auth.h] | ||
1025 | split auth_rhosts_rsa(), ok provos@ | ||
1026 | - stevesk@cvs.openbsd.org 2002/03/16 17:41:25 | ||
1027 | [auth-krb5.c] | ||
1028 | BSD license. from Daniel Kouril via Dug Song. ok markus@ | ||
1029 | - provos@cvs.openbsd.org 2002/03/17 20:25:56 | ||
1030 | [auth.c auth.h auth1.c auth2.c] | ||
1031 | getpwnamallow returns struct passwd * only if user valid; | ||
1032 | okay markus@ | ||
1033 | - provos@cvs.openbsd.org 2002/03/18 01:12:14 | ||
1034 | [auth.h auth1.c auth2.c sshd.c] | ||
1035 | have the authentication functions return the authentication context | ||
1036 | and then do_authenticated; okay millert@ | ||
1037 | - dugsong@cvs.openbsd.org 2002/03/18 01:30:10 | ||
1038 | [auth-krb4.c] | ||
1039 | set client to NULL after xfree(), from Rolf Braun | ||
1040 | <rbraun+ssh@andrew.cmu.edu> | ||
1041 | - provos@cvs.openbsd.org 2002/03/18 03:41:08 | ||
1042 | [auth.c session.c] | ||
1043 | move auth_approval into getpwnamallow with help from millert@ | ||
1044 | - markus@cvs.openbsd.org 2002/03/18 17:13:15 | ||
1045 | [cipher.c cipher.h] | ||
1046 | export/import cipher states; needed by ssh-privsep | ||
1047 | - markus@cvs.openbsd.org 2002/03/18 17:16:38 | ||
1048 | [packet.c packet.h] | ||
1049 | export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep | ||
1050 | - markus@cvs.openbsd.org 2002/03/18 17:23:31 | ||
1051 | [key.c key.h] | ||
1052 | add key_demote() for ssh-privsep | ||
1053 | - provos@cvs.openbsd.org 2002/03/18 17:25:29 | ||
1054 | [bufaux.c bufaux.h] | ||
1055 | buffer_skip_string and extra sanity checking; needed by ssh-privsep | ||
1056 | - provos@cvs.openbsd.org 2002/03/18 17:31:54 | ||
1057 | [compress.c] | ||
1058 | export compression streams for ssh-privsep | ||
1059 | - provos@cvs.openbsd.org 2002/03/18 17:50:31 | ||
1060 | [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c] | ||
1061 | [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c] | ||
1062 | [kexgex.c servconf.c] | ||
1063 | [session.h servconf.h serverloop.c session.c sshd.c] | ||
1064 | integrate privilege separated openssh; its turned off by default | ||
1065 | for now. work done by me and markus@ | ||
1066 | - provos@cvs.openbsd.org 2002/03/18 17:53:08 | ||
1067 | [sshd.8] | ||
1068 | credits for privsep | ||
1069 | - provos@cvs.openbsd.org 2002/03/18 17:59:09 | ||
1070 | [sshd.8] | ||
1071 | document UsePrivilegeSeparation | ||
1072 | - stevesk@cvs.openbsd.org 2002/03/18 23:52:51 | ||
1073 | [servconf.c] | ||
1074 | UnprivUser/UnprivGroup usable now--specify numeric user/group; ok | ||
1075 | provos@ | ||
1076 | - stevesk@cvs.openbsd.org 2002/03/19 03:03:43 | ||
1077 | [pathnames.h servconf.c servconf.h sshd.c] | ||
1078 | _PATH_PRIVSEP_CHROOT_DIR; ok provos@ | ||
1079 | - stevesk@cvs.openbsd.org 2002/03/19 05:23:08 | ||
1080 | [sshd.8] | ||
1081 | Banner has no default. | ||
1082 | - mpech@cvs.openbsd.org 2002/03/19 06:32:56 | ||
1083 | [sftp-int.c] | ||
1084 | use xfree() after xstrdup(). | ||
1085 | |||
1086 | markus@ ok | ||
1087 | - markus@cvs.openbsd.org 2002/03/19 10:35:39 | ||
1088 | [auth-options.c auth.h session.c session.h sshd.c] | ||
1089 | clean up prototypes | ||
1090 | - markus@cvs.openbsd.org 2002/03/19 10:49:35 | ||
1091 | [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h] | ||
1092 | [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c] | ||
1093 | [sshconnect2.c sshd.c ttymodes.c] | ||
1094 | KNF whitespace | ||
1095 | - markus@cvs.openbsd.org 2002/03/19 14:27:39 | ||
1096 | [auth.c auth1.c auth2.c] | ||
1097 | make getpwnamallow() allways call pwcopy() | ||
1098 | - markus@cvs.openbsd.org 2002/03/19 15:31:47 | ||
1099 | [auth.c] | ||
1100 | check for NULL; from provos@ | ||
1101 | - stevesk@cvs.openbsd.org 2002/03/20 19:12:25 | ||
1102 | [servconf.c servconf.h ssh.h sshd.c] | ||
1103 | for unprivileged user, group do: | ||
1104 | pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@ | ||
1105 | - stevesk@cvs.openbsd.org 2002/03/20 21:08:08 | ||
1106 | [sshd.c] | ||
1107 | strerror() on chdir() fail; ok provos@ | ||
1108 | - markus@cvs.openbsd.org 2002/03/21 10:21:20 | ||
1109 | [ssh-add.c] | ||
1110 | ignore errors for nonexisting default keys in ssh-add, | ||
1111 | fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158 | ||
1112 | - jakob@cvs.openbsd.org 2002/03/21 15:17:26 | ||
1113 | [clientloop.c ssh.1] | ||
1114 | add built-in command line for adding new port forwardings on the fly. | ||
1115 | based on a patch from brian wellington. ok markus@. | ||
1116 | - markus@cvs.openbsd.org 2002/03/21 16:38:06 | ||
1117 | [scard.c] | ||
1118 | make compile w/ openssl 0.9.7 | ||
1119 | - markus@cvs.openbsd.org 2002/03/21 16:54:53 | ||
1120 | [scard.c scard.h ssh-keygen.c] | ||
1121 | move key upload to scard.[ch] | ||
1122 | - markus@cvs.openbsd.org 2002/03/21 16:57:15 | ||
1123 | [scard.c] | ||
1124 | remove const | ||
1125 | - markus@cvs.openbsd.org 2002/03/21 16:58:13 | ||
1126 | [clientloop.c] | ||
1127 | remove unused | ||
1128 | - rees@cvs.openbsd.org 2002/03/21 18:08:15 | ||
1129 | [scard.c] | ||
1130 | In sc_put_key(), sc_reader_id should be id. | ||
1131 | - markus@cvs.openbsd.org 2002/03/21 20:51:12 | ||
1132 | [sshd_config] | ||
1133 | add privsep (off) | ||
1134 | - markus@cvs.openbsd.org 2002/03/21 21:23:34 | ||
1135 | [sshd.c] | ||
1136 | add privsep_preauth() and remove 1 goto; ok provos@ | ||
1137 | - rees@cvs.openbsd.org 2002/03/21 21:54:34 | ||
1138 | [scard.c scard.h ssh-keygen.c] | ||
1139 | Add PIN-protection for secret key. | ||
1140 | - rees@cvs.openbsd.org 2002/03/21 22:44:05 | ||
1141 | [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c] | ||
1142 | Add PIN-protection for secret key. | ||
1143 | - markus@cvs.openbsd.org 2002/03/21 23:07:37 | ||
1144 | [clientloop.c] | ||
1145 | remove unused, sync w/ cmdline patch in my tree. | ||
1146 | |||
1147 | 20020317 | ||
1148 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is | ||
1149 | wanted, warn if directory does not exist. Put system directories in | ||
1150 | front of PATH for finding entorpy commands. | ||
1151 | - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package | ||
1152 | build fixes. Patch by Darren Tucker <dtucker@zip.com.au> | ||
1153 | [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have | ||
1154 | postinstall check for $piddir and add if necessary. | ||
1155 | |||
1156 | 20020311 | ||
1157 | - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to | ||
1158 | build on all platforms that support SVR4 style package tools. Now runs | ||
1159 | from build dir. Parts are based on patches from Antonio Navarro, and | ||
1160 | Darren Tucker. | ||
1161 | |||
1162 | 20020308 | ||
1163 | - (djm) Revert bits of Markus' OpenSSL compat patch which was | ||
1164 | accidentally committed. | ||
1165 | - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6. | ||
1166 | Known issue: Blowfish for SSH1 does not work | ||
1167 | - (stevesk) entropy.c: typo in debug message | ||
1168 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | ||
1169 | |||
1170 | $Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $ | ||