diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-01 17:15:23 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-01 17:15:23 +0000 |
commit | 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch) | |
tree | 1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /ChangeLog | |
parent | 87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff) | |
parent | 54af7a4ae8d455791a631bdfaade4b64436ae16a (diff) |
import openssh-5.2p1-gsskex-all-20090726.patch
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 4332 |
1 files changed, 494 insertions, 3838 deletions
@@ -1,3 +1,497 @@ | |||
1 | 20090223 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - djm@cvs.openbsd.org 2009/02/22 23:50:57 | ||
4 | [ssh_config.5 sshd_config.5] | ||
5 | don't advertise experimental options | ||
6 | - djm@cvs.openbsd.org 2009/02/22 23:59:25 | ||
7 | [sshd_config.5] | ||
8 | missing period | ||
9 | - djm@cvs.openbsd.org 2009/02/23 00:06:15 | ||
10 | [version.h] | ||
11 | openssh-5.2 | ||
12 | - (djm) [README] update for 5.2 | ||
13 | - (djm) Release openssh-5.2p1 | ||
14 | |||
15 | 20090222 | ||
16 | - (djm) OpenBSD CVS Sync | ||
17 | - tobias@cvs.openbsd.org 2009/02/21 19:32:04 | ||
18 | [misc.c sftp-server-main.c ssh-keygen.c] | ||
19 | Added missing newlines in error messages. | ||
20 | ok dtucker | ||
21 | |||
22 | 20090221 | ||
23 | - (djm) OpenBSD CVS Sync | ||
24 | - djm@cvs.openbsd.org 2009/02/17 01:28:32 | ||
25 | [ssh_config] | ||
26 | sync with revised default ciphers; pointed out by dkrause@ | ||
27 | - djm@cvs.openbsd.org 2009/02/18 04:31:21 | ||
28 | [schnorr.c] | ||
29 | signature should hash over the entire group, not just the generator | ||
30 | (this is still disabled code) | ||
31 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
32 | [contrib/suse/openssh.spec] Prepare for 5.2p1 | ||
33 | |||
34 | 20090216 | ||
35 | - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh] | ||
36 | [regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled | ||
37 | interop tests from FATAL error to a warning. Allows some interop | ||
38 | tests to proceed if others are missing necessary prerequisites. | ||
39 | - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris | ||
40 | systems; patch from Aurelien Jarno via rmh AT aybabtu.com | ||
41 | |||
42 | 20090214 | ||
43 | - (djm) OpenBSD CVS Sync | ||
44 | - dtucker@cvs.openbsd.org 2009/02/02 11:15:14 | ||
45 | [sftp.c] | ||
46 | Initialize a few variables to prevent spurious "may be used | ||
47 | uninitialized" warnings from newer gcc's. ok djm@ | ||
48 | - djm@cvs.openbsd.org 2009/02/12 03:00:56 | ||
49 | [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] | ||
50 | [readconf.h serverloop.c ssh.c] | ||
51 | support remote port forwarding with a zero listen port (-R0:...) to | ||
52 | dyamically allocate a listen port at runtime (this is actually | ||
53 | specified in rfc4254); bz#1003 ok markus@ | ||
54 | - djm@cvs.openbsd.org 2009/02/12 03:16:01 | ||
55 | [serverloop.c] | ||
56 | tighten check for -R0:... forwarding: only allow dynamic allocation | ||
57 | if want_reply is set in the packet | ||
58 | - djm@cvs.openbsd.org 2009/02/12 03:26:22 | ||
59 | [monitor.c] | ||
60 | some paranoia: check that the serialised key is really KEY_RSA before | ||
61 | diddling its internals | ||
62 | - djm@cvs.openbsd.org 2009/02/12 03:42:09 | ||
63 | [ssh.1] | ||
64 | document -R0:... usage | ||
65 | - djm@cvs.openbsd.org 2009/02/12 03:44:25 | ||
66 | [ssh.1] | ||
67 | consistency: Dq => Ql | ||
68 | - djm@cvs.openbsd.org 2009/02/12 03:46:17 | ||
69 | [ssh_config.5] | ||
70 | document RemoteForward usage with 0 listen port | ||
71 | - jmc@cvs.openbsd.org 2009/02/12 07:34:20 | ||
72 | [ssh_config.5] | ||
73 | kill trailing whitespace; | ||
74 | - markus@cvs.openbsd.org 2009/02/13 11:50:21 | ||
75 | [packet.c] | ||
76 | check for enc !=NULL in packet_start_discard | ||
77 | - djm@cvs.openbsd.org 2009/02/14 06:35:49 | ||
78 | [PROTOCOL] | ||
79 | mention that eow and no-more-sessions extensions are sent only to | ||
80 | OpenSSH peers | ||
81 | |||
82 | 20090212 | ||
83 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically | ||
84 | set ownership and modes, so avoid explicitly setting them | ||
85 | - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX. | ||
86 | OSX provides a getlastlogxbyname function that automates the reading of | ||
87 | a lastlog file. Also, the pututxline function will update lastlog so | ||
88 | there is no need for loginrec.c to do it explicitly. Collapse some | ||
89 | overly verbose code while I'm in there. | ||
90 | |||
91 | 20090201 | ||
92 | - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in | ||
93 | channels.c too, so move the definition for non-IP6 platforms to defines.h | ||
94 | where it can be shared. | ||
95 | |||
96 | 20090129 | ||
97 | - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. | ||
98 | If the CYGWIN environment variable is empty, the installer script | ||
99 | should not install the service with an empty CYGWIN variable, but | ||
100 | rather without setting CYGWNI entirely. | ||
101 | - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes. | ||
102 | |||
103 | 20090128 | ||
104 | - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. | ||
105 | Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x. | ||
106 | The information given for the setting of the CYGWIN environment variable | ||
107 | is wrong for both releases so I just removed it, together with the | ||
108 | unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting. | ||
109 | |||
110 | 20081228 | ||
111 | - (djm) OpenBSD CVS Sync | ||
112 | - stevesk@cvs.openbsd.org 2008/12/09 03:20:42 | ||
113 | [channels.c servconf.c] | ||
114 | channel_print_adm_permitted_opens() should deal with all the printing | ||
115 | for that config option. suggested by markus@; ok markus@ djm@ | ||
116 | dtucker@ | ||
117 | - djm@cvs.openbsd.org 2008/12/09 04:32:22 | ||
118 | [auth2-chall.c] | ||
119 | replace by-hand string building with xasprinf(); ok deraadt@ | ||
120 | - sobrado@cvs.openbsd.org 2008/12/09 15:35:00 | ||
121 | [sftp.1 sftp.c] | ||
122 | update for the synopses displayed by the 'help' command, there are a | ||
123 | few missing flags; add 'bye' to the output of 'help'; sorting and spacing. | ||
124 | jmc@ suggested replacing .Oo/.Oc with a single .Op macro. | ||
125 | ok jmc@ | ||
126 | - stevesk@cvs.openbsd.org 2008/12/09 22:37:33 | ||
127 | [clientloop.c] | ||
128 | fix typo in error message | ||
129 | - stevesk@cvs.openbsd.org 2008/12/10 03:55:20 | ||
130 | [addrmatch.c] | ||
131 | o cannot be NULL here but use xfree() to be consistent; ok djm@ | ||
132 | - stevesk@cvs.openbsd.org 2008/12/29 01:12:36 | ||
133 | [ssh-keyscan.1] | ||
134 | fix example, default key type is rsa for 3+ years; from | ||
135 | frederic.perrin@resel.fr | ||
136 | - stevesk@cvs.openbsd.org 2008/12/29 02:23:26 | ||
137 | [pathnames.h] | ||
138 | no need to escape single quotes in comments | ||
139 | - okan@cvs.openbsd.org 2008/12/30 00:46:56 | ||
140 | [sshd_config.5] | ||
141 | add AllowAgentForwarding to available Match keywords list | ||
142 | ok djm | ||
143 | - djm@cvs.openbsd.org 2009/01/01 21:14:35 | ||
144 | [channels.c] | ||
145 | call channel destroy callbacks on receipt of open failure messages. | ||
146 | fixes client hangs when connecting to a server that has MaxSessions=0 | ||
147 | set spotted by imorgan AT nas.nasa.gov; ok markus@ | ||
148 | - djm@cvs.openbsd.org 2009/01/01 21:17:36 | ||
149 | [kexgexs.c] | ||
150 | fix hash calculation for KEXGEX: hash over the original client-supplied | ||
151 | values and not the sanity checked versions that we acutally use; | ||
152 | bz#1540 reported by john.smith AT arrows.demon.co.uk | ||
153 | ok markus@ | ||
154 | - djm@cvs.openbsd.org 2009/01/14 01:38:06 | ||
155 | [channels.c] | ||
156 | support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482; | ||
157 | "looks ok" markus@ | ||
158 | - stevesk@cvs.openbsd.org 2009/01/15 17:38:43 | ||
159 | [readconf.c] | ||
160 | 1) use obsolete instead of alias for consistency | ||
161 | 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is | ||
162 | so move the comment. | ||
163 | 3) reorder so like options are together | ||
164 | ok djm@ | ||
165 | - djm@cvs.openbsd.org 2009/01/22 09:46:01 | ||
166 | [channels.c channels.h session.c] | ||
167 | make Channel->path an allocated string, saving a few bytes here and | ||
168 | there and fixing bz#1380 in the process; ok markus@ | ||
169 | - djm@cvs.openbsd.org 2009/01/22 09:49:57 | ||
170 | [channels.c] | ||
171 | oops! I committed the wrong version of the Channel->path diff, | ||
172 | it was missing some tweaks suggested by stevesk@ | ||
173 | - djm@cvs.openbsd.org 2009/01/22 10:02:34 | ||
174 | [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] | ||
175 | [serverloop.c ssh-keyscan.c ssh.c sshd.c] | ||
176 | make a2port() return -1 when it encounters an invalid port number | ||
177 | rather than 0, which it will now treat as valid (needed for future work) | ||
178 | adjust current consumers of a2port() to check its return value is <= 0, | ||
179 | which in turn required some things to be converted from u_short => int | ||
180 | make use of int vs. u_short consistent in some other places too | ||
181 | feedback & ok markus@ | ||
182 | - djm@cvs.openbsd.org 2009/01/22 10:09:16 | ||
183 | [auth-options.c] | ||
184 | another chunk of a2port() diff that got away. wtfdjm?? | ||
185 | - djm@cvs.openbsd.org 2009/01/23 07:58:11 | ||
186 | [myproposal.h] | ||
187 | prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC | ||
188 | modes; ok markus@ | ||
189 | - naddy@cvs.openbsd.org 2009/01/24 17:10:22 | ||
190 | [ssh_config.5 sshd_config.5] | ||
191 | sync list of preferred ciphers; ok djm@ | ||
192 | - markus@cvs.openbsd.org 2009/01/26 09:58:15 | ||
193 | [cipher.c cipher.h packet.c] | ||
194 | Work around the CPNI-957037 Plaintext Recovery Attack by always | ||
195 | reading 256K of data on packet size or HMAC errors (in CBC mode only). | ||
196 | Help, feedback and ok djm@ | ||
197 | Feedback from Martin Albrecht and Paterson Kenny | ||
198 | |||
199 | 20090107 | ||
200 | - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. | ||
201 | Patch based on one from vgiffin AT apple.com; ok dtucker@ | ||
202 | - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via | ||
203 | launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked; | ||
204 | ok dtucker@ | ||
205 | - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make | ||
206 | ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity" | ||
207 | key). Patch from cjwatson AT debian.org | ||
208 | |||
209 | 20090107 | ||
210 | - (tim) [configure.ac defines.h openbsd-compat/port-uw.c | ||
211 | openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI. | ||
212 | OK djm@ dtucker@ | ||
213 | - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section. | ||
214 | OpenServer 6 doesn't need libcrypt. | ||
215 | |||
216 | 20081209 | ||
217 | - (djm) OpenBSD CVS Sync | ||
218 | - djm@cvs.openbsd.org 2008/12/09 02:38:18 | ||
219 | [clientloop.c] | ||
220 | The ~C escape handler does not work correctly for multiplexed sessions - | ||
221 | it opens a commandline on the master session, instead of on the slave | ||
222 | that requested it. Disable it on slave sessions until such time as it | ||
223 | is fixed; bz#1543 report from Adrian Bridgett via Colin Watson | ||
224 | ok markus@ | ||
225 | - djm@cvs.openbsd.org 2008/12/09 02:39:59 | ||
226 | [sftp.c] | ||
227 | Deal correctly with failures in remote stat() operation in sftp, | ||
228 | correcting fail-on-error behaviour in batchmode. bz#1541 report and | ||
229 | fix from anedvedicky AT gmail.com; ok markus@ | ||
230 | - djm@cvs.openbsd.org 2008/12/09 02:58:16 | ||
231 | [readconf.c] | ||
232 | don't leave junk (free'd) pointers around in Forward *fwd argument on | ||
233 | failure; avoids double-free in ~C -L handler when given an invalid | ||
234 | forwarding specification; bz#1539 report from adejong AT debian.org | ||
235 | via Colin Watson; ok markus@ dtucker@ | ||
236 | - djm@cvs.openbsd.org 2008/12/09 03:02:37 | ||
237 | [sftp.1 sftp.c] | ||
238 | correct sftp(1) and corresponding usage syntax; | ||
239 | bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@ | ||
240 | |||
241 | 20081208 | ||
242 | - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually | ||
243 | use some stack in main(). | ||
244 | Report and suggested fix from vapier AT gentoo.org | ||
245 | - (djm) OpenBSD CVS Sync | ||
246 | - markus@cvs.openbsd.org 2008/12/02 19:01:07 | ||
247 | [clientloop.c] | ||
248 | we have to use the recipient's channel number (RFC 4254) for | ||
249 | SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, | ||
250 | otherwise we trigger 'Non-public channel' error messages on sshd | ||
251 | systems with clientkeepalive enabled; noticed by sturm; ok djm; | ||
252 | - markus@cvs.openbsd.org 2008/12/02 19:08:59 | ||
253 | [serverloop.c] | ||
254 | backout 1.149, since it's not necessary and openssh clients send | ||
255 | broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@ | ||
256 | - markus@cvs.openbsd.org 2008/12/02 19:09:38 | ||
257 | [channels.c] | ||
258 | s/remote_id/id/ to be more consistent with other code; ok djm@ | ||
259 | |||
260 | 20081201 | ||
261 | - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files | ||
262 | and tweak the is-sshd-running check in ssh-host-config. Patch from | ||
263 | vinschen at redhat com. | ||
264 | - (dtucker) OpenBSD CVS Sync | ||
265 | - markus@cvs.openbsd.org 2008/11/21 15:47:38 | ||
266 | [packet.c] | ||
267 | packet_disconnect() on padding error, too. should reduce the success | ||
268 | probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 | ||
269 | ok djm@ | ||
270 | - dtucker@cvs.openbsd.org 2008/11/30 11:59:26 | ||
271 | [monitor_fdpass.c] | ||
272 | Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@ | ||
273 | |||
274 | 20081123 | ||
275 | - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some | ||
276 | declarations, removing an unnecessary union member and adding whitespace. | ||
277 | cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago. | ||
278 | |||
279 | 20081118 | ||
280 | - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id | ||
281 | member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and | ||
282 | feedback by djm@ | ||
283 | |||
284 | 20081111 | ||
285 | - (dtucker) OpenBSD CVS Sync | ||
286 | - jmc@cvs.openbsd.org 2008/11/05 11:22:54 | ||
287 | [servconf.c] | ||
288 | passord -> password; | ||
289 | fixes user/5975 from Rene Maroufi | ||
290 | - stevesk@cvs.openbsd.org 2008/11/07 00:42:12 | ||
291 | [ssh-keygen.c] | ||
292 | spelling/typo in comment | ||
293 | - stevesk@cvs.openbsd.org 2008/11/07 18:50:18 | ||
294 | [nchan.c] | ||
295 | add space to some log/debug messages for readability; ok djm@ markus@ | ||
296 | - dtucker@cvs.openbsd.org 2008/11/07 23:34:48 | ||
297 | [auth2-jpake.c] | ||
298 | Move JPAKE define to make life easier for portable. ok djm@ | ||
299 | - tobias@cvs.openbsd.org 2008/11/09 12:34:47 | ||
300 | [session.c ssh.1] | ||
301 | typo fixed (overriden -> overridden) | ||
302 | ok espie, jmc | ||
303 | - stevesk@cvs.openbsd.org 2008/11/11 02:58:09 | ||
304 | [servconf.c] | ||
305 | USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing | ||
306 | kerberosgetafstoken. ok dtucker@ | ||
307 | (Id sync only, we still want the ifdef in portable) | ||
308 | - stevesk@cvs.openbsd.org 2008/11/11 03:55:11 | ||
309 | [channels.c] | ||
310 | for sshd -T print 'permitopen any' vs. 'permitopen' for case of no | ||
311 | permitopen's; ok and input dtucker@ | ||
312 | - djm@cvs.openbsd.org 2008/11/10 02:06:35 | ||
313 | [regress/putty-ciphers.sh] | ||
314 | PuTTY supports AES CTR modes, so interop test against them too | ||
315 | |||
316 | 20081105 | ||
317 | - OpenBSD CVS Sync | ||
318 | - djm@cvs.openbsd.org 2008/11/03 08:59:41 | ||
319 | [servconf.c] | ||
320 | include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov | ||
321 | - djm@cvs.openbsd.org 2008/11/04 07:58:09 | ||
322 | [auth.c] | ||
323 | need unistd.h for close() prototype | ||
324 | (ID sync only) | ||
325 | - djm@cvs.openbsd.org 2008/11/04 08:22:13 | ||
326 | [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] | ||
327 | [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] | ||
328 | [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] | ||
329 | [Makefile.in] | ||
330 | Add support for an experimental zero-knowledge password authentication | ||
331 | method using the J-PAKE protocol described in F. Hao, P. Ryan, | ||
332 | "Password Authenticated Key Exchange by Juggling", 16th Workshop on | ||
333 | Security Protocols, Cambridge, April 2008. | ||
334 | |||
335 | This method allows password-based authentication without exposing | ||
336 | the password to the server. Instead, the client and server exchange | ||
337 | cryptographic proofs to demonstrate of knowledge of the password while | ||
338 | revealing nothing useful to an attacker or compromised endpoint. | ||
339 | |||
340 | This is experimental, work-in-progress code and is presently | ||
341 | compiled-time disabled (turn on -DJPAKE in Makefile.inc). | ||
342 | |||
343 | "just commit it. It isn't too intrusive." deraadt@ | ||
344 | - stevesk@cvs.openbsd.org 2008/11/04 19:18:00 | ||
345 | [readconf.c] | ||
346 | because parse_forward() is now used to parse all forward types (DLR), | ||
347 | and it malloc's space for host variables, we don't need to malloc | ||
348 | here. fixes small memory leaks. | ||
349 | |||
350 | previously dynamic forwards were not parsed in parse_forward() and | ||
351 | space was not malloc'd in that case. | ||
352 | |||
353 | ok djm@ | ||
354 | - stevesk@cvs.openbsd.org 2008/11/05 03:23:09 | ||
355 | [clientloop.c ssh.1] | ||
356 | add dynamic forward escape command line; ok djm@ | ||
357 | |||
358 | 20081103 | ||
359 | - OpenBSD CVS Sync | ||
360 | - sthen@cvs.openbsd.org 2008/07/24 23:55:30 | ||
361 | [ssh-keygen.1] | ||
362 | Add "ssh-keygen -F -l" to synopsis (displays fingerprint from | ||
363 | known_hosts). ok djm@ | ||
364 | - grunk@cvs.openbsd.org 2008/07/25 06:56:35 | ||
365 | [ssh_config] | ||
366 | Add VisualHostKey to example file, ok djm@ | ||
367 | - grunk@cvs.openbsd.org 2008/07/25 07:05:16 | ||
368 | [key.c] | ||
369 | In random art visualization, make sure to use the end marker only at the | ||
370 | end. Initial diff by Dirk Loss, tweaks and ok djm@ | ||
371 | - markus@cvs.openbsd.org 2008/07/31 14:48:28 | ||
372 | [sshconnect2.c] | ||
373 | don't allocate space for empty banners; report t8m at centrum.cz; | ||
374 | ok deraadt | ||
375 | - krw@cvs.openbsd.org 2008/08/02 04:29:51 | ||
376 | [ssh_config.5] | ||
377 | whitepsace -> whitespace. From Matthew Clarke via bugs@. | ||
378 | - djm@cvs.openbsd.org 2008/08/21 04:09:57 | ||
379 | [session.c] | ||
380 | allow ForceCommand internal-sftp with arguments. based on patch from | ||
381 | michael.barabanov AT gmail.com; ok markus@ | ||
382 | - djm@cvs.openbsd.org 2008/09/06 12:24:13 | ||
383 | [kex.c] | ||
384 | OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our | ||
385 | replacement anymore | ||
386 | (ID sync only for portable - we still need this) | ||
387 | - markus@cvs.openbsd.org 2008/09/11 14:22:37 | ||
388 | [compat.c compat.h nchan.c ssh.c] | ||
389 | only send eow and no-more-sessions requests to openssh 5 and newer; | ||
390 | fixes interop problems with broken ssh v2 implementations; ok djm@ | ||
391 | - millert@cvs.openbsd.org 2008/10/02 14:39:35 | ||
392 | [session.c] | ||
393 | Convert an unchecked strdup to xstrdup. OK deraadt@ | ||
394 | - jmc@cvs.openbsd.org 2008/10/03 13:08:12 | ||
395 | [sshd.8] | ||
396 | do not give an example of how to chmod files: we can presume the user | ||
397 | knows that. removes an ambiguity in the permission of authorized_keys; | ||
398 | ok deraadt | ||
399 | - deraadt@cvs.openbsd.org 2008/10/03 23:56:28 | ||
400 | [sshconnect2.c] | ||
401 | Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the | ||
402 | function. | ||
403 | spotted by des@freebsd, who commited an incorrect fix to the freebsd tree | ||
404 | and (as is fairly typical) did not report the problem to us. But this fix | ||
405 | is correct. | ||
406 | ok djm | ||
407 | - djm@cvs.openbsd.org 2008/10/08 23:34:03 | ||
408 | [ssh.1 ssh.c] | ||
409 | Add -y option to force logging via syslog rather than stderr. | ||
410 | Useful for daemonised ssh connection (ssh -f). Patch originally from | ||
411 | and ok'd by markus@ | ||
412 | - djm@cvs.openbsd.org 2008/10/09 03:50:54 | ||
413 | [servconf.c sshd_config.5] | ||
414 | support setting PermitEmptyPasswords in a Match block | ||
415 | requested in PR3891; ok dtucker@ | ||
416 | - jmc@cvs.openbsd.org 2008/10/09 06:54:22 | ||
417 | [ssh.c] | ||
418 | add -y to usage(); | ||
419 | - stevesk@cvs.openbsd.org 2008/10/10 04:55:16 | ||
420 | [scp.c] | ||
421 | spelling in comment; ok djm@ | ||
422 | - stevesk@cvs.openbsd.org 2008/10/10 05:00:12 | ||
423 | [key.c] | ||
424 | typo in error message; ok djm@ | ||
425 | - stevesk@cvs.openbsd.org 2008/10/10 16:43:27 | ||
426 | [ssh_config.5] | ||
427 | use 'Privileged ports can be forwarded only when logging in as root on | ||
428 | the remote machine.' for RemoteForward just like ssh.1 -R. | ||
429 | ok djm@ jmc@ | ||
430 | - stevesk@cvs.openbsd.org 2008/10/14 18:11:33 | ||
431 | [sshconnect.c] | ||
432 | use #define ROQUIET here; no binary change. ok dtucker@ | ||
433 | - stevesk@cvs.openbsd.org 2008/10/17 18:36:24 | ||
434 | [ssh_config.5] | ||
435 | correct and clarify VisualHostKey; ok jmc@ | ||
436 | - stevesk@cvs.openbsd.org 2008/10/30 19:31:16 | ||
437 | [clientloop.c sshd.c] | ||
438 | don't need to #include "monitor_fdpass.h" | ||
439 | - stevesk@cvs.openbsd.org 2008/10/31 15:05:34 | ||
440 | [dispatch.c] | ||
441 | remove unused #define DISPATCH_MIN; ok markus@ | ||
442 | - djm@cvs.openbsd.org 2008/11/01 04:50:08 | ||
443 | [sshconnect2.c] | ||
444 | sprinkle ARGSUSED on dispatch handlers | ||
445 | nuke stale unusued prototype | ||
446 | - stevesk@cvs.openbsd.org 2008/11/01 06:43:33 | ||
447 | [channels.c] | ||
448 | fix some typos in log messages; ok djm@ | ||
449 | - sobrado@cvs.openbsd.org 2008/11/01 11:14:36 | ||
450 | [ssh-keyscan.1 ssh-keyscan.c] | ||
451 | the ellipsis is not an optional argument; while here, improve spacing. | ||
452 | - stevesk@cvs.openbsd.org 2008/11/01 17:40:33 | ||
453 | [clientloop.c readconf.c readconf.h ssh.c] | ||
454 | merge dynamic forward parsing into parse_forward(); | ||
455 | 'i think this is OK' djm@ | ||
456 | - stevesk@cvs.openbsd.org 2008/11/02 00:16:16 | ||
457 | [ttymodes.c] | ||
458 | protocol 2 tty modes support is now 7.5 years old so remove these | ||
459 | debug3()s; ok deraadt@ | ||
460 | - stevesk@cvs.openbsd.org 2008/11/03 01:07:02 | ||
461 | [readconf.c] | ||
462 | remove valueless comment | ||
463 | - stevesk@cvs.openbsd.org 2008/11/03 02:44:41 | ||
464 | [readconf.c] | ||
465 | fix comment | ||
466 | - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd] | ||
467 | Make example scripts generate keys with default sizes rather than fixed, | ||
468 | non-default 1024 bits; patch from imorgan AT nas.nasa.gov | ||
469 | - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam] | ||
470 | [contrib/redhat/sshd.pam] Move pam_nologin to account group from | ||
471 | incorrect auth group in example files; | ||
472 | patch from imorgan AT nas.nasa.gov | ||
473 | |||
474 | 20080906 | ||
475 | - (dtucker) [config.guess config.sub] Update to latest versions from | ||
476 | http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16 | ||
477 | respectively). | ||
478 | |||
479 | 20080830 | ||
480 | - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs | ||
481 | larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch | ||
482 | from Nicholas Marriott. | ||
483 | |||
484 | 20080721 | ||
485 | - (djm) OpenBSD CVS Sync | ||
486 | - djm@cvs.openbsd.org 2008/07/23 07:36:55 | ||
487 | [servconf.c] | ||
488 | do not try to print options that have been compile-time disabled | ||
489 | in config test mode (sshd -T); report from nix-corp AT esperi.org.uk | ||
490 | ok dtucker@ | ||
491 | - (djm) [servconf.c] Print UsePAM option in config test mode (when it | ||
492 | has been compiled in); report from nix-corp AT esperi.org.uk | ||
493 | ok dtucker@ | ||
494 | |||
1 | 20080721 | 495 | 20080721 |
2 | - (djm) OpenBSD CVS Sync | 496 | - (djm) OpenBSD CVS Sync |
3 | - jmc@cvs.openbsd.org 2008/07/18 22:51:01 | 497 | - jmc@cvs.openbsd.org 2008/07/18 22:51:01 |
@@ -873,3841 +1367,3 @@ | |||
873 | [contrib/suse/openssh.spec] Crank version numbers in RPM spec files | 1367 | [contrib/suse/openssh.spec] Crank version numbers in RPM spec files |
874 | - (djm) [README] Update link to release notes | 1368 | - (djm) [README] Update link to release notes |
875 | - (djm) Release 5.0p1 | 1369 | - (djm) Release 5.0p1 |
876 | |||
877 | 20080315 | ||
878 | - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are | ||
879 | empty; report and patch from Peter Stuge | ||
880 | - (djm) [regress/test-exec.sh] Silence noise from detection of putty | ||
881 | commands; report from Peter Stuge | ||
882 | - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing | ||
883 | crashes when used with ChrootDirectory | ||
884 | |||
885 | |||
886 | 20080327 | ||
887 | - (dtucker) Cache selinux status earlier so we know if it's enabled after a | ||
888 | chroot. Allows ChrootDirectory to work with selinux support compiled in | ||
889 | but not enabled. Using it with selinux enabled will require some selinux | ||
890 | support inside the chroot. "looks sane" djm@ | ||
891 | - (djm) Fix RCS ident in sftp-server-main.c | ||
892 | - (djm) OpenBSD CVS sync: | ||
893 | - jmc@cvs.openbsd.org 2008/02/11 07:58:28 | ||
894 | [ssh.1 sshd.8 sshd_config.5] | ||
895 | bump Mdocdate for pages committed in "febuary", necessary because | ||
896 | of a typo in rcs.c; | ||
897 | - deraadt@cvs.openbsd.org 2008/03/13 01:49:53 | ||
898 | [monitor_fdpass.c] | ||
899 | Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to | ||
900 | an extensive discussion with otto, kettenis, millert, and hshoexer | ||
901 | - deraadt@cvs.openbsd.org 2008/03/15 16:19:02 | ||
902 | [monitor_fdpass.c] | ||
903 | Repair the simple cases for msg_controllen where it should just be | ||
904 | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because | ||
905 | of alignment; ok kettenis hshoexer | ||
906 | - djm@cvs.openbsd.org 2008/03/23 12:54:01 | ||
907 | [sftp-client.c] | ||
908 | prefer POSIX-style file renaming over filexfer rename behaviour if the | ||
909 | server supports the posix-rename@openssh.com extension. | ||
910 | Note that the old (filexfer) behaviour would refuse to clobber an | ||
911 | existing file. Users who depended on this should adjust their sftp(1) | ||
912 | usage. | ||
913 | ok deraadt@ markus@ | ||
914 | - deraadt@cvs.openbsd.org 2008/03/24 16:11:07 | ||
915 | [monitor_fdpass.c] | ||
916 | msg_controllen has to be CMSG_SPACE so that the kernel can account for | ||
917 | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This | ||
918 | works now that kernel fd passing has been fixed to accept a bit of | ||
919 | sloppiness because of this ABI repair. | ||
920 | lots of discussion with kettenis | ||
921 | - djm@cvs.openbsd.org 2008/03/25 11:58:02 | ||
922 | [session.c sshd_config.5] | ||
923 | ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; | ||
924 | from dtucker@ ok deraadt@ djm@ | ||
925 | - djm@cvs.openbsd.org 2008/03/25 23:01:41 | ||
926 | [session.c] | ||
927 | last patch had backwards test; spotted by termim AT gmail.com | ||
928 | - djm@cvs.openbsd.org 2008/03/26 21:28:14 | ||
929 | [auth-options.c auth-options.h session.c sshd.8] | ||
930 | add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc | ||
931 | - djm@cvs.openbsd.org 2008/03/27 00:16:49 | ||
932 | [version.h] | ||
933 | openssh-4.9 | ||
934 | - djm@cvs.openbsd.org 2008/03/24 21:46:54 | ||
935 | [regress/sftp-badcmds.sh] | ||
936 | disable no-replace rename test now that we prefer a POSIX rename; spotted | ||
937 | by dkrause@ | ||
938 | - (djm) [configure.ac] fix alignment of --without-stackprotect description | ||
939 | - (djm) [configure.ac] --with-selinux too | ||
940 | - (djm) [regress/Makefile] cleanup PuTTY interop test droppings | ||
941 | - (djm) [README] Update link to release notes | ||
942 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
943 | [contrib/suse/openssh.spec] Crank version numbers in RPM spec files | ||
944 | - (djm) Release 4.9p1 | ||
945 | |||
946 | 20080315 | ||
947 | - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are | ||
948 | empty; report and patch from Peter Stuge | ||
949 | - (djm) [regress/test-exec.sh] Silence noise from detection of putty | ||
950 | commands; report from Peter Stuge | ||
951 | - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing | ||
952 | crashes when used with ChrootDirectory | ||
953 | |||
954 | 20080314 | ||
955 | - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by | ||
956 | vinschen at redhat.com. Add () to put echo commands in subshell for lls test | ||
957 | I mistakenly left out of last commit. | ||
958 | - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at | ||
959 | nas.nasa.gov | ||
960 | |||
961 | 20080313 | ||
962 | - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to | ||
963 | self: make changes to Makefile.in next time, not the generated Makefile). | ||
964 | - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and | ||
965 | puttygen(1) by $PATH | ||
966 | - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch | ||
967 | by vinschen at redhat.com. | ||
968 | - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes | ||
969 | from vinschen at redhat.com and imorgan at nas.nasa.gov | ||
970 | |||
971 | 20080312 | ||
972 | - (djm) OpenBSD CVS Sync | ||
973 | - dtucker@cvs.openbsd.org 2007/10/29 06:57:13 | ||
974 | [regress/Makefile regress/localcommand.sh] | ||
975 | Add simple regress test for LocalCommand; ok djm@ | ||
976 | - jmc@cvs.openbsd.org 2007/11/25 15:35:09 | ||
977 | [regress/agent-getpeereid.sh regress/agent.sh] | ||
978 | more existant -> existent, from Martynas Venckus; | ||
979 | pfctl changes: ok henning | ||
980 | ssh changes: ok deraadt | ||
981 | - djm@cvs.openbsd.org 2007/12/12 05:04:03 | ||
982 | [regress/sftp-cmds.sh] | ||
983 | unbreak lls command and add a regress test that would have caught the | ||
984 | breakage; spotted by mouring@ | ||
985 | NB. sftp code change already committed. | ||
986 | - djm@cvs.openbsd.org 2007/12/21 04:13:53 | ||
987 | [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] | ||
988 | [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] | ||
989 | basic (crypto, kex and transfer) interop regression tests against putty | ||
990 | To run these, install putty and run "make interop-tests" from the build | ||
991 | directory - the tests aren't run by default yet. | ||
992 | |||
993 | 20080311 | ||
994 | - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move | ||
995 | pam_open_session and pam_close_session into the privsep monitor, which | ||
996 | will ensure that pam_session_close is called as root. Patch from Tomas | ||
997 | Mraz. | ||
998 | |||
999 | 20080309 | ||
1000 | - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't | ||
1001 | always work for all platforms and versions, so test what we can and | ||
1002 | add a configure flag to turn it of if needed. ok djm@ | ||
1003 | - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups | ||
1004 | implementation. It's not needed to fix bug #1081 and breaks the build | ||
1005 | on some AIX configurations. | ||
1006 | - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's | ||
1007 | equivalent of LLONG_MAX for the compat regression tests, which makes them | ||
1008 | run on AIX and HP-UX. Patch from David Leonard. | ||
1009 | - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch | ||
1010 | platforms where gcc understands the option but it's not supported (and | ||
1011 | thus generates a warning). | ||
1012 | |||
1013 | 20080307 | ||
1014 | - (djm) OpenBSD CVS Sync | ||
1015 | - jmc@cvs.openbsd.org 2008/02/11 07:58:28 | ||
1016 | [ssh.1 sshd.8 sshd_config.5] | ||
1017 | bump Mdocdate for pages committed in "febuary", necessary because | ||
1018 | of a typo in rcs.c; | ||
1019 | - djm@cvs.openbsd.org 2008/02/13 22:38:17 | ||
1020 | [servconf.h session.c sshd.c] | ||
1021 | rekey arc4random and OpenSSL RNG in postauth child | ||
1022 | closefrom fds > 2 before shell/command execution | ||
1023 | ok markus@ | ||
1024 | - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31 | ||
1025 | [sshd.c] | ||
1026 | When started in configuration test mode (-t) do not check that sshd is | ||
1027 | being started with an absolute path. | ||
1028 | ok djm | ||
1029 | - markus@cvs.openbsd.org 2008/02/20 15:25:26 | ||
1030 | [session.c] | ||
1031 | correct boolean encoding for coredump; der Mouse via dugsong | ||
1032 | - djm@cvs.openbsd.org 2008/02/22 05:58:56 | ||
1033 | [session.c] | ||
1034 | closefrom() call was too early, delay it until just before we execute | ||
1035 | the user's rc files (if any). | ||
1036 | - dtucker@cvs.openbsd.org 2008/02/22 20:44:02 | ||
1037 | [clientloop.c packet.c packet.h serverloop.c] | ||
1038 | Allow all SSH2 packet types, including UNIMPLEMENTED to reset the | ||
1039 | keepalive timer (bz #1307). ok markus@ | ||
1040 | - djm@cvs.openbsd.org 2008/02/27 20:21:15 | ||
1041 | [sftp-server.c] | ||
1042 | add an extension method "posix-rename@openssh.com" to perform POSIX atomic | ||
1043 | rename() operations. based on patch from miklos AT szeredi.hu in bz#1400; | ||
1044 | ok dtucker@ markus@ | ||
1045 | - deraadt@cvs.openbsd.org 2008/03/02 18:19:35 | ||
1046 | [monitor_fdpass.c] | ||
1047 | use a union to ensure alignment of the cmsg (pay attention: various other | ||
1048 | parts of the tree need this treatment too); ok djm | ||
1049 | - deraadt@cvs.openbsd.org 2008/03/04 21:15:42 | ||
1050 | [version.h] | ||
1051 | crank version; from djm | ||
1052 | - (tim) [regress/sftp-glob.sh] Shell portability fix. | ||
1053 | |||
1054 | 20080302 | ||
1055 | - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect | ||
1056 | either, so use our own. | ||
1057 | |||
1058 | 20080229 | ||
1059 | - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in | ||
1060 | configure (and there's not much point, as openssh won't work without it) | ||
1061 | so HAVE_SELECT is not defined and the poll(2) compat code doesn't get | ||
1062 | built in. Remove HAVE_SELECT so we can build on platforms without poll. | ||
1063 | - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H. | ||
1064 | - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From | ||
1065 | Debian patch via bernd AT openbsd.org | ||
1066 | |||
1067 | 20080228 | ||
1068 | - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes | ||
1069 | linking problems on AIX with gcc 4.1.x. | ||
1070 | - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c | ||
1071 | openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat | ||
1072 | header to after OpenSSL headers, since some versions of OpenSSL have | ||
1073 | SSLeay_add_all_algorithms as a macro already. | ||
1074 | - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL | ||
1075 | compat glue into openssl-compat.h. | ||
1076 | - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement | ||
1077 | getgrouplist via getgrset on AIX, rather than iterating over getgrent. | ||
1078 | This allows, eg, Match and AllowGroups directives to work with NIS and | ||
1079 | LDAP groups. | ||
1080 | - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the | ||
1081 | same SyslogFacility as the rest of sshd. Patch from William Knox, | ||
1082 | ok djm@. | ||
1083 | |||
1084 | 20080225 | ||
1085 | - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack | ||
1086 | since it now conflicts with the helper function in misc.c. From | ||
1087 | vinschen AT redhat.com. | ||
1088 | - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation | ||
1089 | of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). | ||
1090 | Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@ | ||
1091 | - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle | ||
1092 | headers so ./configure --with-ssl-engine actually works. Patch from | ||
1093 | Ian Lister. | ||
1094 | |||
1095 | 20080224 | ||
1096 | - (tim) [contrib/cygwin/ssh-host-config] | ||
1097 | Grammar changes on SYSCONFDIR LOCALSTATEDIR messages. | ||
1098 | Check more thoroughly that it's possible to create the /var/empty directory. | ||
1099 | Patch by vinschen AT redhat.com | ||
1100 | |||
1101 | 20080210 | ||
1102 | - OpenBSD CVS Sync | ||
1103 | - chl@cvs.openbsd.org 2008/01/11 07:22:28 | ||
1104 | [sftp-client.c sftp-client.h] | ||
1105 | disable unused functions | ||
1106 | initially from tobias@, but disabled them by placing them in | ||
1107 | "#ifdef notyet" which was asked by djm@ | ||
1108 | ok djm@ tobias@ | ||
1109 | - djm@cvs.openbsd.org 2008/01/19 19:13:28 | ||
1110 | [ssh.1] | ||
1111 | satisfy the pedants: -q does not suppress all diagnostic messages (e.g. | ||
1112 | some commandline parsing warnings go unconditionally to stdout). | ||
1113 | - djm@cvs.openbsd.org 2008/01/19 20:48:53 | ||
1114 | [clientloop.c] | ||
1115 | fd leak on session multiplexing error path. Report and patch from | ||
1116 | gregory_shively AT fanniemae.com | ||
1117 | - djm@cvs.openbsd.org 2008/01/19 20:51:26 | ||
1118 | [ssh.c] | ||
1119 | ignore SIGPIPE in multiplex client mode - we can receive this if the | ||
1120 | server runs out of fds on us midway. Report and patch from | ||
1121 | gregory_shively AT fanniemae.com | ||
1122 | - djm@cvs.openbsd.org 2008/01/19 22:04:57 | ||
1123 | [sftp-client.c] | ||
1124 | fix remote handle leak in do_download() local file open error path; | ||
1125 | report and fix from sworley AT chkno.net | ||
1126 | - djm@cvs.openbsd.org 2008/01/19 22:22:58 | ||
1127 | [ssh-keygen.c] | ||
1128 | when hashing individual hosts (ssh-keygen -Hf hostname), make sure we | ||
1129 | hash just the specified hostname and not the entire hostspec from the | ||
1130 | keyfile. It may be of the form "hostname,ipaddr", which would lead to | ||
1131 | a hash that never matches. report and fix from jp AT devnull.cz | ||
1132 | - djm@cvs.openbsd.org 2008/01/19 22:37:19 | ||
1133 | [ssh-keygen.c] | ||
1134 | unbreak line numbering (broken in revision 1.164), fix error message | ||
1135 | - djm@cvs.openbsd.org 2008/01/19 23:02:40 | ||
1136 | [channels.c] | ||
1137 | When we added support for specified bind addresses for port forwards, we | ||
1138 | added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of | ||
1139 | this for -L port forwards that causes the client to listen on both v4 | ||
1140 | and v6 addresses when connected to a server with this quirk, despite | ||
1141 | having set 0.0.0.0 as a bind_address. | ||
1142 | report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@ | ||
1143 | - djm@cvs.openbsd.org 2008/01/19 23:09:49 | ||
1144 | [readconf.c readconf.h sshconnect2.c] | ||
1145 | promote rekeylimit to a int64 so it can hold the maximum useful limit | ||
1146 | of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@ | ||
1147 | - djm@cvs.openbsd.org 2008/01/20 00:38:30 | ||
1148 | [sftp.c] | ||
1149 | When uploading, correctly handle the case of an unquoted filename with | ||
1150 | glob metacharacters that match a file exactly but not as a glob, e.g. a | ||
1151 | file called "[abcd]". report and test cases from duncan2nd AT gmx.de | ||
1152 | - djm@cvs.openbsd.org 2008/01/21 17:24:30 | ||
1153 | [sftp-server.c] | ||
1154 | Remove the fixed 100 handle limit in sftp-server and allocate as many | ||
1155 | as we have available file descriptors. Patch from miklos AT szeredi.hu; | ||
1156 | ok dtucker@ markus@ | ||
1157 | - djm@cvs.openbsd.org 2008/01/21 19:20:17 | ||
1158 | [sftp-client.c] | ||
1159 | when a remote write error occurs during an upload, ensure that ACKs for | ||
1160 | all issued requests are properly drained. patch from t8m AT centrum.cz | ||
1161 | - dtucker@cvs.openbsd.org 2008/01/23 01:56:54 | ||
1162 | [clientloop.c packet.c serverloop.c] | ||
1163 | Revert the change for bz #1307 as it causes connection aborts if an IGNORE | ||
1164 | packet arrives while we're waiting in packet_read_expect (and possibly | ||
1165 | elsewhere). | ||
1166 | - jmc@cvs.openbsd.org 2008/01/31 20:06:50 | ||
1167 | [scp.1] | ||
1168 | explain how to handle local file names containing colons; | ||
1169 | requested by Tamas TEVESZ | ||
1170 | ok dtucker | ||
1171 | - markus@cvs.openbsd.org 2008/02/04 21:53:00 | ||
1172 | [session.c sftp-server.c sftp.h] | ||
1173 | link sftp-server into sshd; feedback and ok djm@ | ||
1174 | - mcbride@cvs.openbsd.org 2008/02/09 12:15:43 | ||
1175 | [ssh.1 sshd.8] | ||
1176 | Document the correct permissions for the ~/.ssh/ directory. | ||
1177 | ok jmc | ||
1178 | - djm@cvs.openbsd.org 2008/02/10 09:55:37 | ||
1179 | [sshd_config.5] | ||
1180 | mantion that "internal-sftp" is useful with ForceCommand too | ||
1181 | - djm@cvs.openbsd.org 2008/02/10 10:54:29 | ||
1182 | [servconf.c session.c] | ||
1183 | delay ~ expansion for ChrootDirectory so it expands to the logged-in user's | ||
1184 | home, rather than the user who starts sshd (probably root) | ||
1185 | |||
1186 | 20080119 | ||
1187 | - (djm) Silence noice from expr in ssh-copy-id; patch from | ||
1188 | mikel AT mikelward.com | ||
1189 | - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from | ||
1190 | tsr2600 AT gmail.com | ||
1191 | |||
1192 | 20080102 | ||
1193 | - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. | ||
1194 | |||
1195 | 20080101 | ||
1196 | - (dtucker) OpenBSD CVS Sync | ||
1197 | - dtucker@cvs.openbsd.org 2007/12/31 10:41:31 | ||
1198 | [readconf.c servconf.c] | ||
1199 | Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch | ||
1200 | from Dmitry V. Levin, ok djm@ | ||
1201 | - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 | ||
1202 | [sshd.c] | ||
1203 | When in inetd mode, have sshd generate a Protocol 1 ephemeral server | ||
1204 | key only for connections where the client chooses Protocol 1 as opposed | ||
1205 | to when it's enabled in the server's config. Speeds up Protocol 2 | ||
1206 | connections to inetd-mode servers that also allow Protocol 1. bz #440, | ||
1207 | based on a patch from bruno at wolff.to, ok markus@ | ||
1208 | - dtucker@cvs.openbsd.org 2008/01/01 08:47:04 | ||
1209 | [misc.c] | ||
1210 | spaces -> tabs from my previous commit | ||
1211 | - dtucker@cvs.openbsd.org 2008/01/01 09:06:39 | ||
1212 | [scp.c] | ||
1213 | If scp -p encounters a pre-epoch timestamp, use the epoch which is | ||
1214 | as close as we can get given that it's used unsigned. Add a little | ||
1215 | debugging while there. bz #828, ok djm@ | ||
1216 | - dtucker@cvs.openbsd.org 2008/01/01 09:27:33 | ||
1217 | [sshd_config.5 servconf.c] | ||
1218 | Allow PermitRootLogin in a Match block. Allows for, eg, permitting root | ||
1219 | only from the local network. ok markus@, man page bit ok jmc@ | ||
1220 | - dtucker@cvs.openbsd.org 2008/01/01 08:51:20 | ||
1221 | [moduli] | ||
1222 | Updated moduli file; ok djm@ | ||
1223 | |||
1224 | 20071231 | ||
1225 | - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of | ||
1226 | builtin glob implementation on Mac OS X. Based on a patch from | ||
1227 | vgiffin at apple. | ||
1228 | |||
1229 | 20071229 | ||
1230 | - (dtucker) OpenBSD CVS Sync | ||
1231 | - djm@cvs.openbsd.org 2007/12/12 05:04:03 | ||
1232 | [sftp.c] | ||
1233 | unbreak lls command and add a regress test that would have caught the | ||
1234 | breakage; spotted by mouring@ | ||
1235 | - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 | ||
1236 | [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c | ||
1237 | sshd.c] | ||
1238 | Add a small helper function to consistently handle the EAI_SYSTEM error | ||
1239 | code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. | ||
1240 | ok markus@ stevesk@ | ||
1241 | - dtucker@cvs.openbsd.org 2007/12/28 15:32:24 | ||
1242 | [clientloop.c serverloop.c packet.c] | ||
1243 | Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the | ||
1244 | ServerAlive and ClientAlive timers. Prevents dropping a connection | ||
1245 | when these are enabled but the peer does not support our keepalives. | ||
1246 | bz #1307, ok djm@. | ||
1247 | - dtucker@cvs.openbsd.org 2007/12/28 22:34:47 | ||
1248 | [clientloop.c] | ||
1249 | Use the correct packet maximum sizes for remote port and agent forwarding. | ||
1250 | Prevents the server from killing the connection if too much data is queued | ||
1251 | and an excessively large packet gets sent. bz #1360, ok djm@. | ||
1252 | |||
1253 | 20071202 | ||
1254 | - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where | ||
1255 | gcc supports it. ok djm@ | ||
1256 | - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove | ||
1257 | leftover debug code. | ||
1258 | - (dtucker) OpenBSD CVS Sync | ||
1259 | - dtucker@cvs.openbsd.org 2007/10/29 00:52:45 | ||
1260 | [auth2-gss.c] | ||
1261 | Allow build without -DGSSAPI; ok deraadt@ | ||
1262 | (Id sync only, Portable already has the ifdefs) | ||
1263 | - dtucker@cvs.openbsd.org 2007/10/29 01:55:04 | ||
1264 | [ssh.c] | ||
1265 | Plug tiny mem leaks in ControlPath and ProxyCommand option processing; | ||
1266 | ok djm@ | ||
1267 | - dtucker@cvs.openbsd.org 2007/10/29 04:08:08 | ||
1268 | [monitor_wrap.c monitor.c] | ||
1269 | Send config block back to slave for invalid users too so options | ||
1270 | set by a Match block (eg Banner) behave the same for non-existent | ||
1271 | users. Found by and ok djm@ | ||
1272 | - dtucker@cvs.openbsd.org 2007/10/29 06:51:59 | ||
1273 | [ssh_config.5] | ||
1274 | ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@ | ||
1275 | - dtucker@cvs.openbsd.org 2007/10/29 06:54:50 | ||
1276 | [ssh.c] | ||
1277 | Make LocalCommand work for Protocol 1 too; ok djm@ | ||
1278 | - jmc@cvs.openbsd.org 2007/10/29 07:48:19 | ||
1279 | [ssh_config.5] | ||
1280 | clean up after previous macro removal; | ||
1281 | - djm@cvs.openbsd.org 2007/11/03 00:36:14 | ||
1282 | [clientloop.c] | ||
1283 | fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM; | ||
1284 | ok dtucker@ | ||
1285 | - deraadt@cvs.openbsd.org 2007/11/03 01:24:06 | ||
1286 | [ssh.c] | ||
1287 | bz #1377: getpwuid results were being clobbered by another getpw* call | ||
1288 | inside tilde_expand_filename(); save the data we need carefully | ||
1289 | ok djm | ||
1290 | - dtucker@cvs.openbsd.org 2007/11/03 02:00:32 | ||
1291 | [ssh.c] | ||
1292 | Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@ | ||
1293 | - deraadt@cvs.openbsd.org 2007/11/03 02:03:49 | ||
1294 | [ssh.c] | ||
1295 | avoid errno trashing in signal handler; ok dtucker | ||
1296 | |||
1297 | 20071030 | ||
1298 | - (djm) OpenBSD CVS Sync | ||
1299 | - djm@cvs.openbsd.org 2007/10/29 23:49:41 | ||
1300 | [openbsd-compat/sys-tree.h] | ||
1301 | remove extra backslash at the end of RB_PROTOTYPE, report from | ||
1302 | Jan.Pechanec AT Sun.COM; ok deraadt@ | ||
1303 | |||
1304 | 20071026 | ||
1305 | - (djm) OpenBSD CVS Sync | ||
1306 | - stevesk@cvs.openbsd.org 2007/09/11 23:49:09 | ||
1307 | [sshpty.c] | ||
1308 | remove #if defined block not needed; ok markus@ dtucker@ | ||
1309 | (NB. RCD ID sync only for portable) | ||
1310 | - djm@cvs.openbsd.org 2007/09/21 03:05:23 | ||
1311 | [ssh_config.5] | ||
1312 | document KbdInteractiveAuthentication in ssh_config.5; | ||
1313 | patch from dkg AT fifthhorseman.net | ||
1314 | - djm@cvs.openbsd.org 2007/09/21 08:15:29 | ||
1315 | [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c] | ||
1316 | [monitor.c monitor_wrap.c] | ||
1317 | unifdef -DBSD_AUTH | ||
1318 | unifdef -USKEY | ||
1319 | These options have been in use for some years; | ||
1320 | ok markus@ "no objection" millert@ | ||
1321 | (NB. RCD ID sync only for portable) | ||
1322 | - canacar@cvs.openbsd.org 2007/09/25 23:48:57 | ||
1323 | [ssh-agent.c] | ||
1324 | When adding a key that already exists, update the properties | ||
1325 | (time, confirm, comment) instead of discarding them. ok djm@ markus@ | ||
1326 | - ray@cvs.openbsd.org 2007/09/27 00:15:57 | ||
1327 | [dh.c] | ||
1328 | Don't return -1 on error in dh_pub_is_valid(), since it evaluates | ||
1329 | to true. | ||
1330 | Also fix a typo. | ||
1331 | Initial diff from Matthew Dempsky, input from djm. | ||
1332 | OK djm, markus. | ||
1333 | - dtucker@cvs.openbsd.org 2007/09/29 00:25:51 | ||
1334 | [auth2.c] | ||
1335 | Remove unused prototype. ok djm@ | ||
1336 | - chl@cvs.openbsd.org 2007/10/02 17:49:58 | ||
1337 | [ssh-keygen.c] | ||
1338 | handles zero-sized strings that fgets can return | ||
1339 | properly removes trailing newline | ||
1340 | removes an unused variable | ||
1341 | correctly counts line number | ||
1342 | "looks ok" ray@ markus@ | ||
1343 | - markus@cvs.openbsd.org 2007/10/22 19:10:24 | ||
1344 | [readconf.c] | ||
1345 | make sure that both the local and remote port are correct when | ||
1346 | parsing -L; Jan Pechanec (bz #1378) | ||
1347 | - djm@cvs.openbsd.org 2007/10/24 03:30:02 | ||
1348 | [sftp.c] | ||
1349 | rework argument splitting and parsing to cope correctly with common | ||
1350 | shell escapes and make handling of escaped characters consistent | ||
1351 | with sh(1) and between sftp commands (especially between ones that | ||
1352 | glob their arguments and ones that don't). | ||
1353 | parse command flags using getopt(3) rather than hand-rolled parsers. | ||
1354 | ok dtucker@ | ||
1355 | - djm@cvs.openbsd.org 2007/10/24 03:44:02 | ||
1356 | [scp.c] | ||
1357 | factor out network read/write into an atomicio()-like function, and | ||
1358 | use it to handle short reads, apply bandwidth limits and update | ||
1359 | counters. make network IO non-blocking, so a small trickle of | ||
1360 | reads/writes has a chance of updating the progress meter; bz #799 | ||
1361 | ok dtucker@ | ||
1362 | - djm@cvs.openbsd.org 2006/08/29 09:44:00 | ||
1363 | [regress/sftp-cmds.sh] | ||
1364 | clean up our mess | ||
1365 | - markus@cvs.openbsd.org 2006/11/06 09:27:43 | ||
1366 | [regress/cfgmatch.sh] | ||
1367 | fix quoting for non-(c)sh login shells. | ||
1368 | - dtucker@cvs.openbsd.org 2006/12/13 08:36:36 | ||
1369 | [regress/cfgmatch.sh] | ||
1370 | Additional test for multiple PermitOpen entries. ok djm@ | ||
1371 | - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46 | ||
1372 | [regress/cipher-speed.sh regress/try-ciphers.sh] | ||
1373 | test umac-64@openssh.com | ||
1374 | ok djm@ | ||
1375 | - djm@cvs.openbsd.org 2007/10/24 03:32:35 | ||
1376 | [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh] | ||
1377 | comprehensive tests for sftp escaping its interaction with globbing; | ||
1378 | ok dtucker@ | ||
1379 | - djm@cvs.openbsd.org 2007/10/26 05:30:01 | ||
1380 | [regress/sftp-glob.sh regress/test-exec.sh] | ||
1381 | remove "echo -E" crap that I added in last commit and use printf(1) for | ||
1382 | cases where we strictly require echo not to reprocess escape characters. | ||
1383 | - deraadt@cvs.openbsd.org 2005/11/28 17:50:12 | ||
1384 | [openbsd-compat/glob.c] | ||
1385 | unused arg in internal static API | ||
1386 | - jakob@cvs.openbsd.org 2007/10/11 18:36:41 | ||
1387 | [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h] | ||
1388 | use RRSIG instead of SIG for DNSSEC. ok djm@ | ||
1389 | - otto@cvs.openbsd.org 2006/10/21 09:55:03 | ||
1390 | [openbsd-compat/base64.c] | ||
1391 | remove calls to abort(3) that can't happen anyway; from | ||
1392 | <bret dot lambert at gmail.com>; ok millert@ deraadt@ | ||
1393 | - frantzen@cvs.openbsd.org 2004/04/24 18:11:46 | ||
1394 | [openbsd-compat/sys-tree.h] | ||
1395 | sync to Niels Provos' version. avoid unused variable warning in | ||
1396 | RB_NEXT() | ||
1397 | - tdeval@cvs.openbsd.org 2004/11/24 18:10:42 | ||
1398 | [openbsd-compat/sys-tree.h] | ||
1399 | typo | ||
1400 | - grange@cvs.openbsd.org 2004/05/04 16:59:32 | ||
1401 | [openbsd-compat/sys-queue.h] | ||
1402 | Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro. | ||
1403 | This matches our SLIST behaviour and NetBSD's SIMPLEQ as well. | ||
1404 | ok millert krw deraadt | ||
1405 | - deraadt@cvs.openbsd.org 2005/02/25 13:29:30 | ||
1406 | [openbsd-compat/sys-queue.h] | ||
1407 | minor white spacing | ||
1408 | - otto@cvs.openbsd.org 2005/10/17 20:19:42 | ||
1409 | [openbsd-compat/sys-queue.h] | ||
1410 | Performing certain operations on queue.h data structurs produced | ||
1411 | funny results. An example is calling LIST_REMOVE on the same | ||
1412 | element twice. This will not fail, but result in a data structure | ||
1413 | referencing who knows what. Prevent these accidents by NULLing some | ||
1414 | fields on remove and replace. This way, either a panic or segfault | ||
1415 | will be produced on the faulty operation. | ||
1416 | - otto@cvs.openbsd.org 2005/10/24 20:25:14 | ||
1417 | [openbsd-compat/sys-queue.h] | ||
1418 | Partly backout. NOLIST, used in LISTs is probably interfering. | ||
1419 | requested by deraadt@ | ||
1420 | - otto@cvs.openbsd.org 2005/10/25 06:37:47 | ||
1421 | [openbsd-compat/sys-queue.h] | ||
1422 | Some uvm problem is being exposed with the more strict macros. | ||
1423 | Revert until we've found out what's causing the panics. | ||
1424 | - otto@cvs.openbsd.org 2005/11/25 08:06:25 | ||
1425 | [openbsd-compat/sys-queue.h] | ||
1426 | Introduce debugging aid for queue macros. Disabled by default; but | ||
1427 | developers are encouraged to run with this enabled. | ||
1428 | ok krw@ fgsch@ deraadt@ | ||
1429 | - otto@cvs.openbsd.org 2007/04/30 18:42:34 | ||
1430 | [openbsd-compat/sys-queue.h] | ||
1431 | Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels. | ||
1432 | Input and okays from krw@, millert@, otto@, deraadt@, miod@. | ||
1433 | - millert@cvs.openbsd.org 2004/10/07 16:56:11 | ||
1434 | GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE | ||
1435 | block. | ||
1436 | (NB. mostly an RCS ID sync, as portable strips out the conditionals) | ||
1437 | - (djm) [regress/sftp-cmds.sh] | ||
1438 | Use more restrictive glob to pick up test files from /bin - some platforms | ||
1439 | ship broken symlinks there which could spoil the test. | ||
1440 | - (djm) [openbsd-compat/bindresvport.c] | ||
1441 | Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling | ||
1442 | |||
1443 | 20070927 | ||
1444 | - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if | ||
1445 | we don't have <poll.h> (eq QNX). From bacon at cs nyu edu. | ||
1446 | - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6 | ||
1447 | so disable it for that platform. From bacon at cs nyu edu. | ||
1448 | |||
1449 | 20070921 | ||
1450 | - (djm) [atomicio.c] Fix spin avoidance for platforms that define | ||
1451 | EWOULDBLOCK; patch from ben AT psc.edu | ||
1452 | |||
1453 | 20070917 | ||
1454 | - (djm) OpenBSD CVS Sync | ||
1455 | - djm@cvs.openbsd.org 2007/08/23 02:49:43 | ||
1456 | [auth-passwd.c auth.c session.c] | ||
1457 | unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ | ||
1458 | NB. RCS ID sync only for portable | ||
1459 | - djm@cvs.openbsd.org 2007/08/23 02:55:51 | ||
1460 | [auth-passwd.c auth.c session.c] | ||
1461 | missed include bits from last commit | ||
1462 | NB. RCS ID sync only for portable | ||
1463 | - djm@cvs.openbsd.org 2007/08/23 03:06:10 | ||
1464 | [auth.h] | ||
1465 | login_cap.h doesn't belong here | ||
1466 | NB. RCS ID sync only for portable | ||
1467 | - djm@cvs.openbsd.org 2007/08/23 03:22:16 | ||
1468 | [auth2-none.c sshd_config sshd_config.5] | ||
1469 | Support "Banner=none" to disable displaying of the pre-login banner; | ||
1470 | ok dtucker@ deraadt@ | ||
1471 | - djm@cvs.openbsd.org 2007/08/23 03:23:26 | ||
1472 | [sshconnect.c] | ||
1473 | Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally | ||
1474 | - djm@cvs.openbsd.org 2007/09/04 03:21:03 | ||
1475 | [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h] | ||
1476 | [monitor_wrap.c ssh.c] | ||
1477 | make file descriptor passing code return an error rather than call fatal() | ||
1478 | when it encounters problems, and use this to make session multiplexing | ||
1479 | masters survive slaves failing to pass all stdio FDs; ok markus@ | ||
1480 | - djm@cvs.openbsd.org 2007/09/04 11:15:56 | ||
1481 | [ssh.c sshconnect.c sshconnect.h] | ||
1482 | make ssh(1)'s ConnectTimeout option apply to both the TCP connection and | ||
1483 | SSH banner exchange (previously it just covered the TCP connection). | ||
1484 | This allows callers of ssh(1) to better detect and deal with stuck servers | ||
1485 | that accept a TCP connection but don't progress the protocol, and also | ||
1486 | makes ConnectTimeout useful for connections via a ProxyCommand; | ||
1487 | feedback and "looks ok" markus@ | ||
1488 | - sobrado@cvs.openbsd.org 2007/09/09 11:38:01 | ||
1489 | [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c] | ||
1490 | sort synopsis and options in ssh-agent(1); usage is lowercase | ||
1491 | ok jmc@ | ||
1492 | - stevesk@cvs.openbsd.org 2007/09/11 04:36:29 | ||
1493 | [sshpty.c] | ||
1494 | sort #include | ||
1495 | NB. RCS ID sync only | ||
1496 | - gilles@cvs.openbsd.org 2007/09/11 15:47:17 | ||
1497 | [session.c ssh-keygen.c sshlogin.c] | ||
1498 | use strcspn to properly overwrite '\n' in fgets returned buffer | ||
1499 | ok pyr@, ray@, millert@, moritz@, chl@ | ||
1500 | - stevesk@cvs.openbsd.org 2007/09/11 23:49:09 | ||
1501 | [sshpty.c] | ||
1502 | remove #if defined block not needed; ok markus@ dtucker@ | ||
1503 | NB. RCS ID sync only | ||
1504 | - stevesk@cvs.openbsd.org 2007/09/12 19:39:19 | ||
1505 | [umac.c] | ||
1506 | use xmalloc() and xfree(); ok markus@ pvalchev@ | ||
1507 | - djm@cvs.openbsd.org 2007/09/13 04:39:04 | ||
1508 | [sftp-server.c] | ||
1509 | fix incorrect test when setting syslog facility; from Jan Pechanec | ||
1510 | - djm@cvs.openbsd.org 2007/09/16 00:55:52 | ||
1511 | [sftp-client.c] | ||
1512 | use off_t instead of u_int64_t for file offsets, matching what the | ||
1513 | progressmeter code expects; bz #842 | ||
1514 | - (tim) [defines.h] Fix regression in long password support on OpenServer 6. | ||
1515 | Problem report and additional testing rac AT tenzing.org. | ||
1516 | |||
1517 | 20070914 | ||
1518 | - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path. | ||
1519 | Patch from Jan.Pechanec at sun com. | ||
1520 | |||
1521 | 20070910 | ||
1522 | - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always | ||
1523 | return 0 on successful test. From David.Leonard at quest com. | ||
1524 | - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we | ||
1525 | did a AC_CHECK_FUNCS within the AC_CHECK_LIB test. | ||
1526 | |||
1527 | 20070817 | ||
1528 | - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked | ||
1529 | accounts and that's what the code looks for, so make man page and code | ||
1530 | agree. Pointed out by Roumen Petrov. | ||
1531 | - (dtucker) [INSTALL] Group the parts describing random options and PAM | ||
1532 | implementations together which is hopefully more coherent. | ||
1533 | - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid. | ||
1534 | - (dtucker) [INSTALL] Give PAM its own heading. | ||
1535 | - (dtucker) [INSTALL] Link to tcpwrappers. | ||
1536 | |||
1537 | 20070816 | ||
1538 | - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated | ||
1539 | connections too. Based on a patch from Sandro Wefel, with & ok djm@ | ||
1540 | |||
1541 | 20070815 | ||
1542 | - (dtucker) OpenBSD CVS Sync | ||
1543 | - markus@cvs.openbsd.org 2007/08/15 08:14:46 | ||
1544 | [clientloop.c] | ||
1545 | do NOT fall back to the trused x11 cookie if generation of an untrusted | ||
1546 | cookie fails; from Jan Pechanec, via security-alert at sun.com; | ||
1547 | ok dtucker | ||
1548 | - markus@cvs.openbsd.org 2007/08/15 08:16:49 | ||
1549 | [version.h] | ||
1550 | openssh 4.7 | ||
1551 | - stevesk@cvs.openbsd.org 2007/08/15 12:13:41 | ||
1552 | [ssh_config.5] | ||
1553 | tun device forwarding now honours ExitOnForwardFailure; ok markus@ | ||
1554 | - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler. | ||
1555 | ok djm@ | ||
1556 | - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec | ||
1557 | contrib/suse/openssh.spec] Crank version. | ||
1558 | |||
1559 | 20070813 | ||
1560 | - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always | ||
1561 | called with PAM_ESTABLISH_CRED at least once, which resolves a problem | ||
1562 | with pam_dhkeys. Patch from David Leonard, ok djm@ | ||
1563 | |||
1564 | 20070810 | ||
1565 | - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@ | ||
1566 | - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From | ||
1567 | Matt Kraai, ok djm@ | ||
1568 | |||
1569 | 20070809 | ||
1570 | - (dtucker) [openbsd-compat/port-aix.c] Comment typo. | ||
1571 | - (dtucker) [README.platform] Document the interaction between PermitRootLogin | ||
1572 | and the AIX native login restrictions. | ||
1573 | - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't | ||
1574 | used anywhere and are a potential source of warnings. | ||
1575 | |||
1576 | 20070808 | ||
1577 | - (djm) OpenBSD CVS Sync | ||
1578 | - ray@cvs.openbsd.org 2007/07/12 05:48:05 | ||
1579 | [key.c] | ||
1580 | Delint: remove some unreachable statements, from Bret Lambert. | ||
1581 | OK markus@ and dtucker@. | ||
1582 | - sobrado@cvs.openbsd.org 2007/08/06 19:16:06 | ||
1583 | [scp.1 scp.c] | ||
1584 | the ellipsis is not an optional argument; while here, sync the usage | ||
1585 | and synopsis of commands | ||
1586 | lots of good ideas by jmc@ | ||
1587 | ok jmc@ | ||
1588 | - djm@cvs.openbsd.org 2007/08/07 07:32:53 | ||
1589 | [clientloop.c clientloop.h ssh.c] | ||
1590 | bz#1232: ensure that any specified LocalCommand is executed after the | ||
1591 | tunnel device is opened. Also, make failures to open a tunnel device | ||
1592 | fatal when ExitOnForwardFailure is active. | ||
1593 | Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt | ||
1594 | |||
1595 | 20070724 | ||
1596 | - (tim) [openssh.xml.in] make FMRI match what package scripts use. | ||
1597 | - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call. | ||
1598 | Report/patch by David.Leonard AT quest.com (and Bernhard Simon) | ||
1599 | - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5) | ||
1600 | - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}| | ||
1601 | |||
1602 | 20070628 | ||
1603 | - (djm) bz#1325: Fix SELinux in permissive mode where it would | ||
1604 | incorrectly fatal() on errors. patch from cjwatson AT debian.org; | ||
1605 | ok dtucker | ||
1606 | |||
1607 | 20070625 | ||
1608 | - (dtucker) OpenBSD CVS Sync | ||
1609 | - djm@cvs.openbsd.org 2007/06/13 00:21:27 | ||
1610 | [scp.c] | ||
1611 | don't ftruncate() non-regular files; bz#1236 reported by wood AT | ||
1612 | xmission.com; ok dtucker@ | ||
1613 | - djm@cvs.openbsd.org 2007/06/14 21:43:25 | ||
1614 | [ssh.c] | ||
1615 | handle EINTR when waiting for mux exit status properly | ||
1616 | - djm@cvs.openbsd.org 2007/06/14 22:48:05 | ||
1617 | [ssh.c] | ||
1618 | when waiting for the multiplex exit status, read until the master end | ||
1619 | writes an entire int of data *and* closes the client_fd; fixes mux | ||
1620 | regression spotted by dtucker, ok dtucker@ | ||
1621 | - djm@cvs.openbsd.org 2007/06/19 02:04:43 | ||
1622 | [atomicio.c] | ||
1623 | if the fd passed to atomicio/atomiciov() is non blocking, then poll() to | ||
1624 | avoid a spin if it is not yet ready for reading/writing; ok dtucker@ | ||
1625 | - dtucker@cvs.openbsd.org 2007/06/25 08:20:03 | ||
1626 | [channels.c] | ||
1627 | Correct test for window updates every three packets; prevents sending | ||
1628 | window updates for every single packet. ok markus@ | ||
1629 | - dtucker@cvs.openbsd.org 2007/06/25 12:02:27 | ||
1630 | [atomicio.c] | ||
1631 | Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@ | ||
1632 | - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match | ||
1633 | atomicio. | ||
1634 | - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in | ||
1635 | openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h] | ||
1636 | Add an implementation of poll() built on top of select(2). Code from | ||
1637 | OpenNTPD with changes suggested by djm. ok djm@ | ||
1638 | |||
1639 | 20070614 | ||
1640 | - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the | ||
1641 | USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be | ||
1642 | shared with umac.c. Allows building with OpenSSL 0.9.5 again including | ||
1643 | umac support. With tim@ djm@, ok djm. | ||
1644 | - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL | ||
1645 | sections. Fixes builds with early OpenSSL 0.9.6 versions. | ||
1646 | - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition | ||
1647 | of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the | ||
1648 | subsequent <0.9.7 test. | ||
1649 | |||
1650 | 20070612 | ||
1651 | - (dtucker) OpenBSD CVS Sync | ||
1652 | - markus@cvs.openbsd.org 2007/06/11 09:14:00 | ||
1653 | [channels.h] | ||
1654 | increase default channel windows; ok djm | ||
1655 | - djm@cvs.openbsd.org 2007/06/12 07:41:00 | ||
1656 | [ssh-add.1] | ||
1657 | better document ssh-add's -d option (delete identies from agent), bz#1224 | ||
1658 | new text based on some provided by andrewmc-debian AT celt.dias.ie; | ||
1659 | ok dtucker@ | ||
1660 | - djm@cvs.openbsd.org 2007/06/12 08:20:00 | ||
1661 | [ssh-gss.h gss-serv.c gss-genr.c] | ||
1662 | relocate server-only GSSAPI code from libssh to server; bz #1225 | ||
1663 | patch from simon AT sxw.org.uk; ok markus@ dtucker@ | ||
1664 | - djm@cvs.openbsd.org 2007/06/12 08:24:20 | ||
1665 | [scp.c] | ||
1666 | make scp try to skip FIFOs rather than blocking when nothing is listening. | ||
1667 | depends on the platform supporting sane O_NONBLOCK semantics for open | ||
1668 | on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. | ||
1669 | bz #856; report by cjwatson AT debian.org; ok markus@ | ||
1670 | - djm@cvs.openbsd.org 2007/06/12 11:11:08 | ||
1671 | [ssh.c] | ||
1672 | fix slave exit value when a control master goes away without passing the | ||
1673 | full exit status by ensuring that the slave reads a full int. bz#1261 | ||
1674 | reported by frekko AT gmail.com; ok markus@ dtucker@ | ||
1675 | - djm@cvs.openbsd.org 2007/06/12 11:15:17 | ||
1676 | [ssh.c ssh.1] | ||
1677 | Add "-K" flag for ssh to set GSSAPIAuthentication=yes and | ||
1678 | GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI) | ||
1679 | and is useful for hosts with /home on Kerberised NFS; bz #1312 | ||
1680 | patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@ | ||
1681 | - djm@cvs.openbsd.org 2007/06/12 11:45:27 | ||
1682 | [ssh.c] | ||
1683 | improved exit message from multiplex slave sessions; bz #1262 | ||
1684 | reported by alexandre.nunes AT gmail.com; ok dtucker@ | ||
1685 | - dtucker@cvs.openbsd.org 2007/06/12 11:56:15 | ||
1686 | [gss-genr.c] | ||
1687 | Pass GSS OID to gss_display_status to provide better information in | ||
1688 | error messages. Patch from Simon Wilkinson via bz 1220. ok djm@ | ||
1689 | - jmc@cvs.openbsd.org 2007/06/12 13:41:03 | ||
1690 | [ssh-add.1] | ||
1691 | identies -> identities; | ||
1692 | - jmc@cvs.openbsd.org 2007/06/12 13:43:55 | ||
1693 | [ssh.1] | ||
1694 | add -K to SYNOPSIS; | ||
1695 | - dtucker@cvs.openbsd.org 2007/06/12 13:54:28 | ||
1696 | [scp.c] | ||
1697 | Encode filename with strnvis if the name contains a newline (which can't | ||
1698 | be represented in the scp protocol), from bz #891. ok markus@ | ||
1699 | |||
1700 | 20070611 | ||
1701 | - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit | ||
1702 | fix; tested by dtucker@ and jochen.kirn AT gmail.com | ||
1703 | - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34 | ||
1704 | [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] | ||
1705 | [ssh_config.5 sshd.8 sshd_config.5] | ||
1706 | Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, | ||
1707 | must specify umac-64@openssh.com). Provides about 20% end-to-end speedup | ||
1708 | compared to hmac-md5. Represents a different approach to message | ||
1709 | authentication to that of HMAC that may be beneficial if HMAC based on | ||
1710 | one of its underlying hash algorithms is found to be vulnerable to a | ||
1711 | new attack. http://www.ietf.org/rfc/rfc4418.txt | ||
1712 | in conjunction with and OK djm@ | ||
1713 | - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40 | ||
1714 | [ssh_config] | ||
1715 | Add a "MACs" line after "Ciphers" with the default MAC algorithms, | ||
1716 | to ease people who want to tweak both (eg. for performance reasons). | ||
1717 | ok deraadt@ djm@ dtucker@ | ||
1718 | - jmc@cvs.openbsd.org 2007/06/08 07:43:46 | ||
1719 | [ssh_config.5] | ||
1720 | put the MAC list into a display, like we do for ciphers, | ||
1721 | since groff has trouble handling wide lines; | ||
1722 | - jmc@cvs.openbsd.org 2007/06/08 07:48:09 | ||
1723 | [sshd_config.5] | ||
1724 | oops, here too: put the MAC list into a display, like we do for | ||
1725 | ciphers, since groff has trouble with wide lines; | ||
1726 | - markus@cvs.openbsd.org 2007/06/11 08:04:44 | ||
1727 | [channels.c] | ||
1728 | send 'window adjust' messages every tree packets and do not wait | ||
1729 | until 50% of the window is consumed. ok djm dtucker | ||
1730 | - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then | ||
1731 | fallback to provided bit-swizzing functions | ||
1732 | - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder" | ||
1733 | argument to nanosleep may be NULL. Currently this never happens in OpenSSH, | ||
1734 | but check anyway in case this changes or the code gets used elsewhere. | ||
1735 | - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should | ||
1736 | prevent warnings about redefinitions of various things in paths.h. | ||
1737 | Spotted by cartmanltd at hotmail.com. | ||
1738 | |||
1739 | 20070605 | ||
1740 | - (dtucker) OpenBSD CVS Sync | ||
1741 | - djm@cvs.openbsd.org 2007/05/22 10:18:52 | ||
1742 | [sshd.c] | ||
1743 | zap double include; from p_nowaczyk AT o2.pl | ||
1744 | (not required in -portable, Id sync only) | ||
1745 | - djm@cvs.openbsd.org 2007/05/30 05:58:13 | ||
1746 | [kex.c] | ||
1747 | tidy: KNF, ARGSUSED and u_int | ||
1748 | - jmc@cvs.openbsd.org 2007/05/31 19:20:16 | ||
1749 | [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 | ||
1750 | ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] | ||
1751 | convert to new .Dd format; | ||
1752 | (We will need to teach mdoc2man.awk to understand this too.) | ||
1753 | - djm@cvs.openbsd.org 2007/05/31 23:34:29 | ||
1754 | [packet.c] | ||
1755 | gc unreachable code; spotted by Tavis Ormandy | ||
1756 | - djm@cvs.openbsd.org 2007/06/02 09:04:58 | ||
1757 | [bufbn.c] | ||
1758 | memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca | ||
1759 | - djm@cvs.openbsd.org 2007/06/05 06:52:37 | ||
1760 | [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c] | ||
1761 | Preserve MAC ctx between packets, saving 2xhash calls per-packet. | ||
1762 | Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 | ||
1763 | patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm | ||
1764 | committing at his request) | ||
1765 | - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that | ||
1766 | OpenBSD's cvs now adds. | ||
1767 | - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so | ||
1768 | mindrot's cvs doesn't expand it on us. | ||
1769 | - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs. | ||
1770 | |||
1771 | 20070520 | ||
1772 | - (dtucker) OpenBSD CVS Sync | ||
1773 | - stevesk@cvs.openbsd.org 2007/04/14 22:01:58 | ||
1774 | [auth2.c] | ||
1775 | remove unused macro; from Dmitry V. Levin <ldv@altlinux.org> | ||
1776 | - stevesk@cvs.openbsd.org 2007/04/18 01:12:43 | ||
1777 | [sftp-server.c] | ||
1778 | cast "%llu" format spec to (unsigned long long); do not assume a | ||
1779 | u_int64_t arg is the same as 'unsigned long long'. | ||
1780 | from Dmitry V. Levin <ldv@altlinux.org> | ||
1781 | ok markus@ 'Yes, that looks correct' millert@ | ||
1782 | - dtucker@cvs.openbsd.org 2007/04/23 10:15:39 | ||
1783 | [servconf.c] | ||
1784 | Remove debug() left over from development. ok deraadt@ | ||
1785 | - djm@cvs.openbsd.org 2007/05/17 07:50:31 | ||
1786 | [log.c] | ||
1787 | save and restore errno when logging; ok deraadt@ | ||
1788 | - djm@cvs.openbsd.org 2007/05/17 07:55:29 | ||
1789 | [sftp-server.c] | ||
1790 | bz#1286 stop reading and processing commands when input or output buffer | ||
1791 | is nearly full, otherwise sftp-server would happily try to grow the | ||
1792 | input/output buffers past the maximum supported by the buffer API and | ||
1793 | promptly fatal() | ||
1794 | based on patch from Thue Janus Kristensen; feedback & ok dtucker@ | ||
1795 | - djm@cvs.openbsd.org 2007/05/17 20:48:13 | ||
1796 | [sshconnect2.c] | ||
1797 | fall back to gethostname() when the outgoing connection is not | ||
1798 | on a socket, such as is the case when ProxyCommand is used. | ||
1799 | Gives hostbased auth an opportunity to work; bz#616, report | ||
1800 | and feedback stuart AT kaloram.com; ok markus@ | ||
1801 | - djm@cvs.openbsd.org 2007/05/17 20:52:13 | ||
1802 | [monitor.c] | ||
1803 | pass received SIGINT from monitor to postauth child so it can clean | ||
1804 | up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; | ||
1805 | ok markus@ | ||
1806 | - jolan@cvs.openbsd.org 2007/05/17 23:53:41 | ||
1807 | [sshconnect2.c] | ||
1808 | djm owes me a vb and a tism cd for breaking ssh compilation | ||
1809 | - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from | ||
1810 | ldv at altlinux.org. | ||
1811 | - (dtucker) [auth-pam.c] Return empty string if fgets fails in | ||
1812 | sshpam_tty_conv. Patch from ldv at altlinux.org. | ||
1813 | |||
1814 | 20070509 | ||
1815 | - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h. | ||
1816 | |||
1817 | 20070429 | ||
1818 | - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h | ||
1819 | for select(2) prototype. | ||
1820 | - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. | ||
1821 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the | ||
1822 | platform's _res if it has one. Should fix problem of DNSSEC record lookups | ||
1823 | on NetBSD as reported by Curt Sampson. | ||
1824 | - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. | ||
1825 | - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS | ||
1826 | so we don't get redefinition warnings. | ||
1827 | - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. | ||
1828 | - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__ | ||
1829 | __nonnull__ for versions of GCC that don't support it. | ||
1830 | - (dtucker) [configure.ac defines.h] Have configure check for offsetof | ||
1831 | to prevent redefinition warnings. | ||
1832 | |||
1833 | 20070406 | ||
1834 | - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link | ||
1835 | to OpenPAM too. | ||
1836 | - (dtucker) [INSTALL] prngd lives at sourceforge these days. | ||
1837 | |||
1838 | 20070326 | ||
1839 | - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c | ||
1840 | openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines | ||
1841 | to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@ | ||
1842 | |||
1843 | 20070325 | ||
1844 | - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX, | ||
1845 | LIBWRAP and LIBPAM variables in Makefile with the general-purpose | ||
1846 | SSHDLIBS. "I like" djm@ | ||
1847 | |||
1848 | 20070321 | ||
1849 | - (dtucker) OpenBSD CVS Sync | ||
1850 | - dtucker@cvs.openbsd.org 2007/03/09 05:20:06 | ||
1851 | [servconf.c sshd.c] | ||
1852 | Move C/R -> kbdint special case to after the defaults have been | ||
1853 | loaded, which makes ChallengeResponse default to yes again. This | ||
1854 | was broken by the Match changes and not fixed properly subsequently. | ||
1855 | Found by okan at demirmen.com, ok djm@ "please do it" deraadt@ | ||
1856 | - djm@cvs.openbsd.org 2007/03/19 01:01:29 | ||
1857 | [sshd_config] | ||
1858 | Disable the legacy SSH protocol 1 for new installations via | ||
1859 | a configuration override. In the future, we will change the | ||
1860 | server's default itself so users who need the legacy protocol | ||
1861 | will need to turn it on explicitly | ||
1862 | - dtucker@cvs.openbsd.org 2007/03/19 12:16:42 | ||
1863 | [ssh-agent.c] | ||
1864 | Remove the signal handler that checks if the agent's parent process | ||
1865 | has gone away, instead check when the select loop returns. Record when | ||
1866 | the next key will expire when scanning for expired keys. Set the select | ||
1867 | timeout to whichever of these two things happens next. With djm@, with & | ||
1868 | ok deraadt@ markus@ | ||
1869 | - tedu@cvs.openbsd.org 2007/03/20 03:56:12 | ||
1870 | [readconf.c clientloop.c] | ||
1871 | remove some bogus *p tests from charles longeau | ||
1872 | ok deraadt millert | ||
1873 | - jmc@cvs.openbsd.org 2007/03/20 15:57:15 | ||
1874 | [sshd.8] | ||
1875 | - let synopsis and description agree for -f | ||
1876 | - sort FILES | ||
1877 | - +.Xr ssh-keyscan 1 , | ||
1878 | from Igor Sobrado | ||
1879 | - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use | ||
1880 | getpeerucred to implement getpeereid (currently only Solaris 10 and up). | ||
1881 | Patch by Jan.Pechanec at Sun. | ||
1882 | - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have | ||
1883 | HAVE_GETPEERUCRED too. Also from Jan Pechanec. | ||
1884 | |||
1885 | 20070313 | ||
1886 | - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include | ||
1887 | string.h to prevent warnings, from vapier at gentoo.org. | ||
1888 | - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the | ||
1889 | selinux bits in -portable. | ||
1890 | - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in | ||
1891 | bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h | ||
1892 | in cipher-bf1.c. Patch from Juan Gallego. | ||
1893 | - (dtucker) [README.platform] Info about blibpath on AIX. | ||
1894 | |||
1895 | 20070306 | ||
1896 | - (djm) OpenBSD CVS Sync | ||
1897 | - jmc@cvs.openbsd.org 2007/03/01 16:19:33 | ||
1898 | [sshd_config.5] | ||
1899 | sort the `match' keywords; | ||
1900 | - djm@cvs.openbsd.org 2007/03/06 10:13:14 | ||
1901 | [version.h] | ||
1902 | openssh-4.6; "please" deraadt@ | ||
1903 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
1904 | [contrib/suse/openssh.spec] crank spec files for release | ||
1905 | - (djm) [README] correct link to release notes | ||
1906 | - (djm) Release 4.6p1 | ||
1907 | |||
1908 | 20070304 | ||
1909 | - (djm) [configure.ac] add a --without-openssl-header-check option to | ||
1910 | configure, as some platforms (OS X) ship OpenSSL headers whose version | ||
1911 | does not match that of the shipping library. ok dtucker@ | ||
1912 | - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a | ||
1913 | bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 | ||
1914 | ciphers from working correctly (disconnects with "Bad packet length" | ||
1915 | errors) as found by Ben Harris. ok djm@ | ||
1916 | |||
1917 | 20070303 | ||
1918 | - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more | ||
1919 | general to cover newer gdb versions on HP-UX. | ||
1920 | |||
1921 | 20070302 | ||
1922 | - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows | ||
1923 | CRLF as well as LF lineendings) and write in binary mode. Patch from | ||
1924 | vinschen at redhat.com. | ||
1925 | - (dtucker) [INSTALL] Update to autoconf-2.61. | ||
1926 | |||
1927 | 20070301 | ||
1928 | - (dtucker) OpenBSD CVS Sync | ||
1929 | - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 | ||
1930 | [auth2.c sshd_config.5 servconf.c] | ||
1931 | Remove ChallengeResponseAuthentication support inside a Match | ||
1932 | block as its interaction with KbdInteractive makes it difficult to | ||
1933 | support. Also, relocate the CR/kbdint option special-case code into | ||
1934 | servconf. "please commit" djm@, ok markus@ for the relocation. | ||
1935 | - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits. | ||
1936 | "Looks sane" dtucker@ | ||
1937 | |||
1938 | 20070228 | ||
1939 | - (dtucker) OpenBSD CVS Sync | ||
1940 | - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 | ||
1941 | [ssh-agent.c] | ||
1942 | Remove expired keys periodically so they don't remain in memory when | ||
1943 | the agent is entirely idle, as noted by David R. Piegdon. This is the | ||
1944 | simple fix, a more efficient one will be done later. With markus, | ||
1945 | deraadt, with & ok djm. | ||
1946 | |||
1947 | 20070225 | ||
1948 | - (dtucker) OpenBSD CVS Sync | ||
1949 | - djm@cvs.openbsd.org 2007/02/20 10:25:14 | ||
1950 | [clientloop.c] | ||
1951 | set maximum packet and window sizes the same for multiplexed clients | ||
1952 | as normal connections; ok markus@ | ||
1953 | - dtucker@cvs.openbsd.org 2007/02/21 11:00:05 | ||
1954 | [sshd.c] | ||
1955 | Clear alarm() before restarting sshd on SIGHUP. Without this, if there's | ||
1956 | a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the | ||
1957 | newly exec'ed sshd will get the SIGALRM and not have a handler for it, | ||
1958 | and the default action will terminate the listening sshd. Analysis and | ||
1959 | patch from andrew at gaul.org. | ||
1960 | - dtucker@cvs.openbsd.org 2007/02/22 12:58:40 | ||
1961 | [servconf.c] | ||
1962 | Check activep so Match and GatewayPorts work together; ok markus@ | ||
1963 | - ray@cvs.openbsd.org 2007/02/24 03:30:11 | ||
1964 | [moduli.c] | ||
1965 | - strlen returns size_t, not int. | ||
1966 | - Pass full buffer size to fgets. | ||
1967 | OK djm@, millert@, and moritz@. | ||
1968 | |||
1969 | 20070219 | ||
1970 | - (dtucker) OpenBSD CVS Sync | ||
1971 | - jmc@cvs.openbsd.org 2007/01/10 13:23:22 | ||
1972 | [ssh_config.5] | ||
1973 | do not use a list for SYNOPSIS; | ||
1974 | this is actually part of a larger report sent by eric s. raymond | ||
1975 | and forwarded by brad, but i only read half of it. spotted by brad. | ||
1976 | - jmc@cvs.openbsd.org 2007/01/12 20:20:41 | ||
1977 | [ssh-keygen.1 ssh-keygen.c] | ||
1978 | more secsh -> rfc 4716 updates; | ||
1979 | spotted by wiz@netbsd | ||
1980 | ok markus | ||
1981 | - dtucker@cvs.openbsd.org 2007/01/17 23:22:52 | ||
1982 | [readconf.c] | ||
1983 | Honour activep for times (eg ServerAliveInterval) while parsing | ||
1984 | ssh_config and ~/.ssh/config so they work properly with Host directives. | ||
1985 | From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@ | ||
1986 | - stevesk@cvs.openbsd.org 2007/01/21 01:41:54 | ||
1987 | [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] | ||
1988 | spaces | ||
1989 | - stevesk@cvs.openbsd.org 2007/01/21 01:45:35 | ||
1990 | [readconf.c] | ||
1991 | spaces | ||
1992 | - djm@cvs.openbsd.org 2007/01/22 11:32:50 | ||
1993 | [sftp-client.c] | ||
1994 | return error from do_upload() when a write fails. fixes bz#1252: zero | ||
1995 | exit status from sftp when uploading to a full device. report from | ||
1996 | jirkat AT atlas.cz; ok dtucker@ | ||
1997 | - djm@cvs.openbsd.org 2007/01/22 13:06:21 | ||
1998 | [scp.c] | ||
1999 | fix detection of whether we should show progress meter or not: scp | ||
2000 | tested isatty(stderr) but wrote the progress meter to stdout. This patch | ||
2001 | makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; | ||
2002 | of dtucker@ | ||
2003 | - stevesk@cvs.openbsd.org 2007/02/14 14:32:00 | ||
2004 | [bufbn.c] | ||
2005 | typos in comments; ok jmc@ | ||
2006 | - dtucker@cvs.openbsd.org 2007/02/19 10:45:58 | ||
2007 | [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] | ||
2008 | Teach Match how handle config directives that are used before | ||
2009 | authentication. This allows configurations such as permitting password | ||
2010 | authentication from the local net only while requiring pubkey from | ||
2011 | offsite. ok djm@, man page bits ok jmc@ | ||
2012 | - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some | ||
2013 | platforms don't have it. Patch from dleonard at vintela.com. | ||
2014 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc | ||
2015 | an array for signatures when there are none since "calloc(0, n) returns | ||
2016 | NULL on some platforms (eg Tru64), which is explicitly permitted by | ||
2017 | POSIX. Diagnosis and patch by svallet genoscope.cns.fr. | ||
2018 | |||
2019 | 20070128 | ||
2020 | - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) | ||
2021 | when closing a tty session when a background process still holds tty | ||
2022 | fds open. Great detective work and patch by Marc Aurele La France, | ||
2023 | slightly tweaked by me; ok dtucker@ | ||
2024 | |||
2025 | 20070123 | ||
2026 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public | ||
2027 | library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro | ||
2028 | so it works properly and modify its callers so that they don't pre or | ||
2029 | post decrement arguments that are conditionally evaluated. While there, | ||
2030 | put SNPRINTF_CONST back as it prevents build failures in some | ||
2031 | configurations. ok djm@ (for most of it) | ||
2032 | |||
2033 | 20070122 | ||
2034 | - (djm) [ssh-rand-helper.8] manpage nits; | ||
2035 | from dleonard AT vintela.com (bz#1529) | ||
2036 | |||
2037 | 20070117 | ||
2038 | - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h | ||
2039 | and multiple including it causes problems on old IRIXes. (It snuck back | ||
2040 | in during a sync.) Found (again) by Georg Schwarz. | ||
2041 | |||
2042 | 20070114 | ||
2043 | - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync. | ||
2044 | - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return | ||
2045 | value of snprintf replacement, similar to bugs in various libc | ||
2046 | implementations. This overflow is not exploitable in OpenSSH. | ||
2047 | While I'm fiddling with it, make it a fair bit faster by inlining the | ||
2048 | append-char routine; ok dtucker@ | ||
2049 | |||
2050 | 20070105 | ||
2051 | - (djm) OpenBSD CVS Sync | ||
2052 | - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 | ||
2053 | [ssh-keygen.c] | ||
2054 | use argc and argv not some made up short form | ||
2055 | - ray@cvs.openbsd.org 2006/11/23 01:35:11 | ||
2056 | [misc.c sftp.c] | ||
2057 | Don't access buf[strlen(buf) - 1] for zero-length strings. | ||
2058 | ``ok by me'' djm@. | ||
2059 | - markus@cvs.openbsd.org 2006/12/11 21:25:46 | ||
2060 | [ssh-keygen.1 ssh.1] | ||
2061 | add rfc 4716 (public key format); ok jmc | ||
2062 | - djm@cvs.openbsd.org 2006/12/12 03:58:42 | ||
2063 | [channels.c compat.c compat.h] | ||
2064 | bz #1019: some ssh.com versions apparently can't cope with the | ||
2065 | remote port forwarding bind_address being a hostname, so send | ||
2066 | them an address for cases where they are not explicitly | ||
2067 | specified (wildcard or localhost bind). reported by daveroth AT | ||
2068 | acm.org; ok dtucker@ deraadt@ | ||
2069 | - dtucker@cvs.openbsd.org 2006/12/13 08:34:39 | ||
2070 | [servconf.c] | ||
2071 | Make PermitOpen work with multiple values like the man pages says. | ||
2072 | bz #1267 with details from peter at dmtz.com, with & ok djm@ | ||
2073 | - dtucker@cvs.openbsd.org 2006/12/14 10:01:14 | ||
2074 | [servconf.c] | ||
2075 | Make "PermitOpen all" first-match within a block to match the way other | ||
2076 | options work. ok markus@ djm@ | ||
2077 | - jmc@cvs.openbsd.org 2007/01/02 09:57:25 | ||
2078 | [sshd_config.5] | ||
2079 | do not use lists for SYNOPSIS; | ||
2080 | from eric s. raymond via brad | ||
2081 | - stevesk@cvs.openbsd.org 2007/01/03 00:53:38 | ||
2082 | [ssh-keygen.c] | ||
2083 | remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan | ||
2084 | - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 | ||
2085 | [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] | ||
2086 | spaces | ||
2087 | - stevesk@cvs.openbsd.org 2007/01/03 04:09:15 | ||
2088 | [sftp.c] | ||
2089 | ARGSUSED for lint | ||
2090 | - stevesk@cvs.openbsd.org 2007/01/03 07:22:36 | ||
2091 | [sftp-server.c] | ||
2092 | spaces | ||
2093 | |||
2094 | 20061205 | ||
2095 | - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would | ||
2096 | occur if the server did not have the privsep user and an invalid user | ||
2097 | tried to login and both privsep and krb5 auth are disabled; ok dtucker@ | ||
2098 | - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@ | ||
2099 | |||
2100 | 20061108 | ||
2101 | - (dtucker) OpenBSD CVS Sync | ||
2102 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 | ||
2103 | [dh.c] | ||
2104 | BN_hex2bn returns int; from dtucker@ | ||
2105 | |||
2106 | 20061107 | ||
2107 | - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it | ||
2108 | if we absolutely need it. Pointed out by Corinna, ok djm@ | ||
2109 | - (dtucker) OpenBSD CVS Sync | ||
2110 | - markus@cvs.openbsd.org 2006/11/06 21:25:28 | ||
2111 | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c | ||
2112 | ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] | ||
2113 | add missing checks for openssl return codes; with & ok djm@ | ||
2114 | - markus@cvs.openbsd.org 2006/11/07 10:31:31 | ||
2115 | [monitor.c version.h] | ||
2116 | correctly check for bad signatures in the monitor, otherwise the monitor | ||
2117 | and the unpriv process can get out of sync. with dtucker@, ok djm@, | ||
2118 | dtucker@ | ||
2119 | - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump | ||
2120 | versions. | ||
2121 | - (dtucker) Release 4.5p1. | ||
2122 | |||
2123 | 20061105 | ||
2124 | - (djm) OpenBSD CVS Sync | ||
2125 | - otto@cvs.openbsd.org 2006/10/28 18:08:10 | ||
2126 | [ssh.1] | ||
2127 | correct/expand example of usage of -w; ok jmc@ stevesk@ | ||
2128 | - markus@cvs.openbsd.org 2006/10/31 16:33:12 | ||
2129 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c] | ||
2130 | check DH_compute_key() for -1 even if it should not happen because of | ||
2131 | earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm | ||
2132 | |||
2133 | 20061101 | ||
2134 | - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr | ||
2135 | events fatal in Solaris process contract support and tell it to signal | ||
2136 | only processes in the same process group when something happens. | ||
2137 | Based on information from andrew.benham at thus.net and similar to | ||
2138 | a patch from Chad Mynhier. ok djm@ | ||
2139 | |||
2140 | 20061027 | ||
2141 | - (djm) [auth.c] gc some dead code | ||
2142 | |||
2143 | 20061023 | ||
2144 | - (djm) OpenBSD CVS Sync | ||
2145 | - ray@cvs.openbsd.org 2006/09/30 17:48:22 | ||
2146 | [sftp.c] | ||
2147 | Clear errno before calling the strtol functions. | ||
2148 | From Paul Stoeber <x0001 at x dot de1 dot cc>. | ||
2149 | OK deraadt@. | ||
2150 | - djm@cvs.openbsd.org 2006/10/06 02:29:19 | ||
2151 | [ssh-agent.c ssh-keyscan.c ssh.c] | ||
2152 | sys/resource.h needs sys/time.h; prompted by brad@ | ||
2153 | (NB. Id sync only for portable) | ||
2154 | - djm@cvs.openbsd.org 2006/10/09 23:36:11 | ||
2155 | [session.c] | ||
2156 | xmalloc -> xcalloc that was missed previously, from portable | ||
2157 | (NB. Id sync only for portable, obviously) | ||
2158 | - markus@cvs.openbsd.org 2006/10/10 10:12:45 | ||
2159 | [sshconnect.c] | ||
2160 | sleep before retrying (not after) since sleep changes errno; fixes | ||
2161 | pr 5250; rad@twig.com; ok dtucker djm | ||
2162 | - markus@cvs.openbsd.org 2006/10/11 12:38:03 | ||
2163 | [clientloop.c serverloop.c] | ||
2164 | exit instead of doing a blocking tcp send if we detect a client/server | ||
2165 | timeout, since the tcp sendqueue might be already full (of alive | ||
2166 | requests); ok dtucker, report mpf | ||
2167 | - djm@cvs.openbsd.org 2006/10/22 02:25:50 | ||
2168 | [sftp-client.c] | ||
2169 | cancel progress meter when upload write fails; ok deraadt@ | ||
2170 | - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep | ||
2171 | autoconf 2.60 from complaining. | ||
2172 | |||
2173 | 20061018 | ||
2174 | - (dtucker) OpenBSD CVS Sync | ||
2175 | - ray@cvs.openbsd.org 2006/09/25 04:55:38 | ||
2176 | [ssh-keyscan.1 ssh.1] | ||
2177 | Change "a SSH" to "an SSH". Hurray, I'm not the only one who | ||
2178 | pronounces "SSH" as "ess-ess-aich". | ||
2179 | OK jmc@ and stevesk@. | ||
2180 | - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings | ||
2181 | on older versions of OS X. ok djm@ | ||
2182 | |||
2183 | 20061016 | ||
2184 | - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros | ||
2185 | on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. | ||
2186 | |||
2187 | 20061006 | ||
2188 | - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. | ||
2189 | Differentiate between OpenServer 5 and OpenServer 6 | ||
2190 | - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for | ||
2191 | SELinux functions so they're detected correctly. Patch from pebenito at | ||
2192 | gentoo.org. | ||
2193 | - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer). | ||
2194 | Allow setting alternate awk in openssh-config.local. | ||
2195 | |||
2196 | 20061003 | ||
2197 | - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific | ||
2198 | section so additional platform specific CHECK_HEADER tests will work | ||
2199 | correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no | ||
2200 | Feedback and "seems like a good idea" dtucker@ | ||
2201 | |||
2202 | 20061001 | ||
2203 | - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. | ||
2204 | |||
2205 | 20060929 | ||
2206 | - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine | ||
2207 | support. Patch from andrew.benham at thus net. | ||
2208 | |||
2209 | 20060928 | ||
2210 | - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error | ||
2211 | on Solaris 8 w/out /dev/random or prngd. Patch from rl at | ||
2212 | math.technion.ac.il. | ||
2213 | |||
2214 | 20060926 | ||
2215 | - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not | ||
2216 | referenced any more. ok djm@ | ||
2217 | - (dtucker) [sftp-server.8] Resync; spotted by djm@ | ||
2218 | - (dtucker) Release 4.4p1. | ||
2219 | |||
2220 | 20060924 | ||
2221 | - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added | ||
2222 | to rev 1.308) to work around broken gcc 2.x header file. | ||
2223 | |||
2224 | 20060923 | ||
2225 | - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than | ||
2226 | $LDFLAGS. Patch from vapier at gentoo org. | ||
2227 | |||
2228 | 20060922 | ||
2229 | - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on | ||
2230 | some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. | ||
2231 | |||
2232 | 20060921 | ||
2233 | - (dtucker) OpenBSD CVS Sync | ||
2234 | - otto@cvs.openbsd.org 2006/09/19 05:52:23 | ||
2235 | [sftp.c] | ||
2236 | Use S_IS* macros insted of masking with S_IF* flags. The latter may | ||
2237 | have multiple bits set, which lead to surprising results. Spotted by | ||
2238 | Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ | ||
2239 | - markus@cvs.openbsd.org 2006/09/19 21:14:08 | ||
2240 | [packet.c] | ||
2241 | client NULL deref on protocol error; Tavis Ormandy, Google Security Team | ||
2242 | - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes | ||
2243 | build error on Ultrix. From Bernhard Simon. | ||
2244 | |||
2245 | 20060918 | ||
2246 | - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow | ||
2247 | macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. | ||
2248 | Allows build out of the box with older VAC and XLC compilers. Found by | ||
2249 | David Bronder and Bernhard Simon. | ||
2250 | - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes. | ||
2251 | Prevents macro redefinition warnings of "RDONLY". | ||
2252 | |||
2253 | 20060916 | ||
2254 | - OpenBSD CVS Sync | ||
2255 | - djm@cvs.openbsd.org 2006/09/16 19:53:37 | ||
2256 | [deattack.c deattack.h packet.c] | ||
2257 | limit maximum work performed by the CRC compensation attack detector, | ||
2258 | problem reported by Tavis Ormandy, Google Security Team; | ||
2259 | ok markus@ deraadt@ | ||
2260 | - (djm) Add openssh.xml to .cvsignore and sort it | ||
2261 | - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth | ||
2262 | process so that any logging it does is with the right timezone. From | ||
2263 | Scott Strickler, ok djm@. | ||
2264 | - (dtucker) [monitor.c] Correctly handle auditing of single commands when | ||
2265 | using Protocol 1. From jhb at freebsd. | ||
2266 | - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ | ||
2267 | - (dtucker) [INSTALL] Add info about audit support. | ||
2268 | |||
2269 | 20060912 | ||
2270 | - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] | ||
2271 | Support SMF in Solaris Packages if enabled by configure. Patch from | ||
2272 | Chad Mynhier, tested by dtucker@ | ||
2273 | |||
2274 | 20060911 | ||
2275 | - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted | ||
2276 | by Pekka Savola. | ||
2277 | |||
2278 | 20060910 | ||
2279 | - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. | ||
2280 | - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. | ||
2281 | |||
2282 | 20060909 | ||
2283 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. | ||
2284 | - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. | ||
2285 | - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ | ||
2286 | |||
2287 | 20060908 | ||
2288 | - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch | ||
2289 | from Chris Adams. | ||
2290 | - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. | ||
2291 | |||
2292 | 20060907 | ||
2293 | - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can | ||
2294 | be used to drop privilege to; fixes Solaris GSSAPI crash reported by | ||
2295 | Magnus Abrante; suggestion and feedback dtucker@ | ||
2296 | NB. this change will require that the privilege separation user must | ||
2297 | exist on all the time, not just when UsePrivilegeSeparation=yes | ||
2298 | - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 | ||
2299 | - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. | ||
2300 | - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better | ||
2301 | chance of winning. | ||
2302 | |||
2303 | 20060905 | ||
2304 | - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. | ||
2305 | - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. | ||
2306 | |||
2307 | 20060904 | ||
2308 | - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native | ||
2309 | updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, | ||
2310 | ok djm@ | ||
2311 | |||
2312 | 20060903 | ||
2313 | - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for | ||
2314 | declaration of writev(2) and declare it ourselves if necessary. Makes | ||
2315 | the atomiciov() calls build on really old systems. ok djm@ | ||
2316 | |||
2317 | 20060902 | ||
2318 | - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. | ||
2319 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c | ||
2320 | openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c | ||
2321 | openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h> | ||
2322 | for hton* and ntoh* macros. Required on (at least) HP-UX since we define | ||
2323 | _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com. | ||
2324 | |||
2325 | 20060901 | ||
2326 | - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] | ||
2327 | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] | ||
2328 | [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] | ||
2329 | [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] | ||
2330 | [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | ||
2331 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] | ||
2332 | [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] | ||
2333 | [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] | ||
2334 | [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] | ||
2335 | [sshconnect1.c sshconnect2.c sshd.c] | ||
2336 | [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] | ||
2337 | [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] | ||
2338 | [openbsd-compat/port-uw.c] | ||
2339 | Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; | ||
2340 | compile problems reported by rac AT tenzing.org | ||
2341 | - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] | ||
2342 | [openbsd-compat/rresvport.c] Some more headers: netinet/in.h | ||
2343 | sys/socket.h and unistd.h in various places | ||
2344 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration | ||
2345 | warnings for binary_open and binary_close. Patch from Corinna Vinschen. | ||
2346 | - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly | ||
2347 | test for GLOB_NOMATCH and use our glob functions if it's not found. | ||
2348 | Stops sftp from segfaulting when attempting to get a nonexistent file on | ||
2349 | Cygwin (previous versions of OpenSSH didn't use the native glob). Partly | ||
2350 | from and tested by Corinna Vinschen. | ||
2351 | - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank | ||
2352 | versions. | ||
2353 | |||
2354 | 20060831 | ||
2355 | - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] | ||
2356 | [platform.c platform.h sshd.c openbsd-compat/Makefile.in] | ||
2357 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] | ||
2358 | [openbsd-compat/port-solaris.h] Add support for Solaris process | ||
2359 | contracts, enabled with --use-solaris-contracts. Patch from Chad | ||
2360 | Mynhier, tweaked by dtucker@ and myself; ok dtucker@ | ||
2361 | - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege | ||
2362 | while setting up the ssh service account. Patch from Corinna Vinschen. | ||
2363 | |||
2364 | 20060830 | ||
2365 | - (djm) OpenBSD CVS Sync | ||
2366 | - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 | ||
2367 | [sshd_config.5] | ||
2368 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, | ||
2369 | ok jmc@ djm@ | ||
2370 | - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 | ||
2371 | [sshd.8] | ||
2372 | Add more detail about what permissions are and aren't accepted for | ||
2373 | authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ | ||
2374 | - djm@cvs.openbsd.org 2006/08/29 10:40:19 | ||
2375 | [channels.c session.c] | ||
2376 | normalise some inconsistent (but harmless) NULL pointer checks | ||
2377 | spotted by the Stanford SATURN tool, via Isil Dillig; | ||
2378 | ok markus@ deraadt@ | ||
2379 | - dtucker@cvs.openbsd.org 2006/08/29 12:02:30 | ||
2380 | [gss-genr.c] | ||
2381 | Work around a problem in Heimdal that occurs when KRB5CCNAME file is | ||
2382 | missing, by checking whether or not kerberos allocated us a context | ||
2383 | before attempting to free it. Patch from Simon Wilkinson, tested by | ||
2384 | biorn@, ok djm@ | ||
2385 | - dtucker@cvs.openbsd.org 2006/08/30 00:06:51 | ||
2386 | [sshconnect2.c] | ||
2387 | Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL | ||
2388 | where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ | ||
2389 | - djm@cvs.openbsd.org 2006/08/30 00:14:37 | ||
2390 | [version.h] | ||
2391 | crank to 4.4 | ||
2392 | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h | ||
2393 | - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call | ||
2394 | loginsuccess on AIX immediately after authentication to clear the failed | ||
2395 | login count. Previously this would only happen when an interactive | ||
2396 | session starts (ie when a pty is allocated) but this means that accounts | ||
2397 | that have primarily non-interactive sessions (eg scp's) may gradually | ||
2398 | accumulate enough failures to lock out an account. This change may have | ||
2399 | a side effect of creating two audit records, one with a tty of "ssh" | ||
2400 | corresponding to the authentication and one with the allocated pty per | ||
2401 | interactive session. | ||
2402 | |||
2403 | 20060824 | ||
2404 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. | ||
2405 | - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on | ||
2406 | older systems. | ||
2407 | - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2) | ||
2408 | on POSIX systems. | ||
2409 | - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). | ||
2410 | - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc. | ||
2411 | - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent | ||
2412 | unused variable warning when we have a broken or missing mmap(2). | ||
2413 | |||
2414 | 20060822 | ||
2415 | - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in | ||
2416 | Makefile. Patch from santhi.amirta at gmail, ok djm. | ||
2417 | |||
2418 | 20060820 | ||
2419 | - (dtucker) [log.c] Move ifdef to prevent unused variable warning. | ||
2420 | - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore | ||
2421 | afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. | ||
2422 | - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for | ||
2423 | fixing bug #1181. No changes yet. | ||
2424 | - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL | ||
2425 | (0.9.8a and presumably newer) requires -ldl to successfully link. | ||
2426 | - (dtucker) [configure.ac] Remove errant "-". | ||
2427 | |||
2428 | 20060819 | ||
2429 | - (djm) OpenBSD CVS Sync | ||
2430 | - djm@cvs.openbsd.org 2006/08/18 22:41:29 | ||
2431 | [gss-genr.c] | ||
2432 | GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk | ||
2433 | - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a | ||
2434 | single rule for the test progs. | ||
2435 | |||
2436 | 20060818 | ||
2437 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with | ||
2438 | closefrom.c from sudo. | ||
2439 | - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. | ||
2440 | - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. | ||
2441 | - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the | ||
2442 | test progs instead; they work better than what we have. | ||
2443 | - (djm) OpenBSD CVS Sync | ||
2444 | - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 | ||
2445 | [compress.c monitor.c monitor_wrap.c] | ||
2446 | "zlib.h" can be <zlib.h>; ok djm@ markus@ | ||
2447 | - miod@cvs.openbsd.org 2006/08/12 20:46:46 | ||
2448 | [monitor.c monitor_wrap.c] | ||
2449 | Revert previous include file ordering change, for ssh to compile under | ||
2450 | gcc2 (or until openssl include files are cleaned of parameter names | ||
2451 | in function prototypes) | ||
2452 | - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 | ||
2453 | [servconf.c servconf.h sshd_config.5] | ||
2454 | Add ability to match groups to Match keyword in sshd_config. Feedback | ||
2455 | djm@, stevesk@, ok stevesk@. | ||
2456 | - djm@cvs.openbsd.org 2006/08/16 11:47:15 | ||
2457 | [sshd.c] | ||
2458 | factor inetd connection, TCP listen and main TCP accept loop out of | ||
2459 | main() into separate functions to improve readability; ok markus@ | ||
2460 | - deraadt@cvs.openbsd.org 2006/08/18 09:13:26 | ||
2461 | [log.c log.h sshd.c] | ||
2462 | make signal handler termination path shorter; risky code pointed out by | ||
2463 | mark dowd; ok djm markus | ||
2464 | - markus@cvs.openbsd.org 2006/08/18 09:15:20 | ||
2465 | [auth.h session.c sshd.c] | ||
2466 | delay authentication related cleanups until we're authenticated and | ||
2467 | all alarms have been cancelled; ok deraadt | ||
2468 | - djm@cvs.openbsd.org 2006/08/18 10:27:16 | ||
2469 | [misc.h] | ||
2470 | reorder so prototypes are sorted by the files they refer to; no | ||
2471 | binary change | ||
2472 | - djm@cvs.openbsd.org 2006/08/18 13:54:54 | ||
2473 | [gss-genr.c ssh-gss.h sshconnect2.c] | ||
2474 | bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk | ||
2475 | ok markus@ | ||
2476 | - djm@cvs.openbsd.org 2006/08/18 14:40:34 | ||
2477 | [gss-genr.c ssh-gss.h] | ||
2478 | constify host argument to match the rest of the GSSAPI functions and | ||
2479 | unbreak compilation with -Werror | ||
2480 | - (djm) Disable sigdie() for platforms that cannot safely syslog inside | ||
2481 | a signal handler (basically all of them, excepting OpenBSD); | ||
2482 | ok dtucker@ | ||
2483 | |||
2484 | 20060817 | ||
2485 | - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] | ||
2486 | Include stdlib.h for malloc and friends. | ||
2487 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl | ||
2488 | for closefrom() on AIX. Pointed out by William Ahern. | ||
2489 | - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress | ||
2490 | test for closefrom() in compat code. | ||
2491 | |||
2492 | 20060816 | ||
2493 | - (djm) [audit-bsm.c] Sprinkle in some headers | ||
2494 | |||
2495 | 20060815 | ||
2496 | - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. | ||
2497 | |||
2498 | 20060806 | ||
2499 | - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings | ||
2500 | on Solaris 10 | ||
2501 | |||
2502 | 20060806 | ||
2503 | - (dtucker) [defines.h] With the includes.h changes we no longer get the | ||
2504 | name clash on "YES" so we can remove the workaround for it. | ||
2505 | - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, | ||
2506 | glob.c}] Include stdlib.h for malloc and friends in compat code. | ||
2507 | |||
2508 | 20060805 | ||
2509 | - (djm) OpenBSD CVS Sync | ||
2510 | - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 | ||
2511 | [sshconnect.c] | ||
2512 | disable tunnel forwarding when no strict host key checking | ||
2513 | and key changed; ok djm@ markus@ dtucker@ | ||
2514 | - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 | ||
2515 | [scard.c] | ||
2516 | need #include <string.h> | ||
2517 | - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 | ||
2518 | [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] | ||
2519 | [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] | ||
2520 | move #include <sys/time.h> out of includes.h | ||
2521 | - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 | ||
2522 | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] | ||
2523 | [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] | ||
2524 | [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] | ||
2525 | [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] | ||
2526 | [uidswap.c xmalloc.c] | ||
2527 | move #include <sys/param.h> out of includes.h | ||
2528 | - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 | ||
2529 | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] | ||
2530 | [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] | ||
2531 | [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | ||
2532 | [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] | ||
2533 | [sshconnect1.c sshd.c xmalloc.c] | ||
2534 | move #include <stdlib.h> out of includes.h | ||
2535 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 | ||
2536 | [ssh_config.5] | ||
2537 | avoid confusing wording in HashKnownHosts: | ||
2538 | originally spotted by alan amesbury; | ||
2539 | ok deraadt | ||
2540 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 | ||
2541 | [ssh_config.5] | ||
2542 | avoid confusing wording in HashKnownHosts: | ||
2543 | originally spotted by alan amesbury; | ||
2544 | ok deraadt | ||
2545 | - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 | ||
2546 | [sshconnect.c] | ||
2547 | Allow fallback to known_hosts entries without port qualifiers for | ||
2548 | non-standard ports too, so that all existing known_hosts entries will be | ||
2549 | recognised. Requested by, feedback and ok markus@ | ||
2550 | - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 | ||
2551 | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] | ||
2552 | [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] | ||
2553 | [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] | ||
2554 | [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] | ||
2555 | [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] | ||
2556 | [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] | ||
2557 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] | ||
2558 | [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] | ||
2559 | [uuencode.h xmalloc.c] | ||
2560 | move #include <stdio.h> out of includes.h | ||
2561 | - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 | ||
2562 | [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] | ||
2563 | clean extra spaces | ||
2564 | - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 | ||
2565 | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] | ||
2566 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] | ||
2567 | [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] | ||
2568 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] | ||
2569 | [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] | ||
2570 | [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] | ||
2571 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | ||
2572 | [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] | ||
2573 | [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | ||
2574 | [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] | ||
2575 | [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] | ||
2576 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] | ||
2577 | [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] | ||
2578 | [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] | ||
2579 | [serverloop.c session.c session.h sftp-client.c sftp-common.c] | ||
2580 | [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | ||
2581 | [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] | ||
2582 | [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] | ||
2583 | [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] | ||
2584 | [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] | ||
2585 | [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] | ||
2586 | almost entirely get rid of the culture of ".h files that include .h files" | ||
2587 | ok djm, sort of ok stevesk | ||
2588 | makes the pain stop in one easy step | ||
2589 | NB. portable commit contains everything *except* removing includes.h, as | ||
2590 | that will take a fair bit more work as we move headers that are required | ||
2591 | for portability workarounds to defines.h. (also, this step wasn't "easy") | ||
2592 | - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 | ||
2593 | [monitor.c session.c ssh-agent.c] | ||
2594 | spaces | ||
2595 | - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c | ||
2596 | - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] | ||
2597 | remove last traces of bufaux.h - it was merged into buffer.h in the big | ||
2598 | includes.h commit | ||
2599 | - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec | ||
2600 | - (djm) [openbsd-compat/regress/snprintftest.c] | ||
2601 | [openbsd-compat/regress/strduptest.c] Add missing includes so they pass | ||
2602 | compilation with "-Wall -Werror" | ||
2603 | - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] | ||
2604 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more | ||
2605 | includes for Linux in | ||
2606 | - (dtucker) [cleanup.c] Need defines.h for __dead. | ||
2607 | - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. | ||
2608 | - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of | ||
2609 | #include stdarg.h, needed for log.h. | ||
2610 | - (dtucker) [entropy.c] Needs unistd.h too. | ||
2611 | - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. | ||
2612 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. | ||
2613 | - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, | ||
2614 | otherwise it is implicitly declared as returning an int. | ||
2615 | - (dtucker) OpenBSD CVS Sync | ||
2616 | - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 | ||
2617 | [auth2-none.c sshd.c monitor_wrap.c] | ||
2618 | Add headers required to build with KERBEROS5=no. ok djm@ | ||
2619 | - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 | ||
2620 | [auth-skey.c] | ||
2621 | Add headers required to build with -DSKEY. ok djm@ | ||
2622 | - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 | ||
2623 | [monitor_wrap.c auth-skey.c auth2-chall.c] | ||
2624 | Zap unused variables in -DSKEY code. ok djm@ | ||
2625 | - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 | ||
2626 | [packet.c] | ||
2627 | Typo in comment | ||
2628 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile | ||
2629 | on Cygwin. | ||
2630 | - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. | ||
2631 | - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. | ||
2632 | - (dtucker) [audit.c audit.h] Repair headers. | ||
2633 | - (dtucker) [audit-bsm.c] Add additional headers now required. | ||
2634 | |||
2635 | 20060804 | ||
2636 | - (dtucker) [configure.ac] The "crippled AES" test does not work on recent | ||
2637 | versions of Solaris, so use AC_LINK_IFELSE to actually link the test program | ||
2638 | rather than just compiling it. Spotted by dlg@. | ||
2639 | |||
2640 | 20060802 | ||
2641 | - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. | ||
2642 | |||
2643 | 20060725 | ||
2644 | - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. | ||
2645 | |||
2646 | 20060724 | ||
2647 | - (djm) OpenBSD CVS Sync | ||
2648 | - jmc@cvs.openbsd.org 2006/07/12 13:39:55 | ||
2649 | [sshd_config.5] | ||
2650 | - new sentence, new line | ||
2651 | - s/The the/The/ | ||
2652 | - kill a bad comma | ||
2653 | - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 | ||
2654 | [auth-options.c canohost.c channels.c includes.h readconf.c] | ||
2655 | [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] | ||
2656 | move #include <netdb.h> out of includes.h; ok djm@ | ||
2657 | - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 | ||
2658 | [includes.h ssh.c ssh-rand-helper.c] | ||
2659 | move #include <stddef.h> out of includes.h | ||
2660 | - stevesk@cvs.openbsd.org 2006/07/14 01:15:28 | ||
2661 | [monitor_wrap.h] | ||
2662 | don't need incompletely-typed 'struct passwd' now with | ||
2663 | #include <pwd.h>; ok markus@ | ||
2664 | - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 | ||
2665 | [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] | ||
2666 | [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] | ||
2667 | [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] | ||
2668 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] | ||
2669 | [sshconnect.c sshlogin.c sshpty.c uidswap.c] | ||
2670 | move #include <unistd.h> out of includes.h | ||
2671 | - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 | ||
2672 | [auth-options.c] | ||
2673 | Use '\0' rather than 0 to terminates strings; ok djm@ | ||
2674 | - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 | ||
2675 | [channels.c channels.h servconf.c sshd_config.5] | ||
2676 | Add PermitOpen directive to sshd_config which is equivalent to the | ||
2677 | "permitopen" key option. Allows server admin to allow TCP port | ||
2678 | forwarding only two specific host/port pairs. Useful when combined | ||
2679 | with Match. | ||
2680 | If permitopen is used in both sshd_config and a key option, both | ||
2681 | must allow a given connection before it will be permitted. | ||
2682 | Note that users can still use external forwarders such as netcat, | ||
2683 | so to be those must be controlled too for the limits to be effective. | ||
2684 | Feedback & ok djm@, man page corrections & ok jmc@. | ||
2685 | - jmc@cvs.openbsd.org 2006/07/18 07:50:40 | ||
2686 | [sshd_config.5] | ||
2687 | tweak; ok dtucker | ||
2688 | - jmc@cvs.openbsd.org 2006/07/18 07:56:28 | ||
2689 | [scp.1] | ||
2690 | replace DIAGNOSTICS with .Ex; | ||
2691 | - jmc@cvs.openbsd.org 2006/07/18 08:03:09 | ||
2692 | [ssh-agent.1 sshd_config.5] | ||
2693 | mark up angle brackets; | ||
2694 | - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 | ||
2695 | [sshd_config.5] | ||
2696 | Clarify description of Match, with minor correction from jmc@ | ||
2697 | - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 | ||
2698 | [dh.c] | ||
2699 | remove unneeded includes; ok djm@ | ||
2700 | - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 | ||
2701 | [servconf.c sshd_config.5] | ||
2702 | Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to | ||
2703 | Match. ok djm@ | ||
2704 | - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 | ||
2705 | [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] | ||
2706 | Add ForceCommand keyword to sshd_config, equivalent to the "command=" | ||
2707 | key option, man page entry and example in sshd_config. | ||
2708 | Feedback & ok djm@, man page corrections & ok jmc@ | ||
2709 | - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 | ||
2710 | [auth1.c serverloop.c session.c sshconnect2.c] | ||
2711 | missed some needed #include <unistd.h> when KERBEROS5=no; issue from | ||
2712 | massimo@cedoc.mo.it | ||
2713 | - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 | ||
2714 | [channels.c channels.h servconf.c servconf.h sshd_config.5] | ||
2715 | Make PermitOpen take a list of permitted ports and act more like most | ||
2716 | other keywords (ie the first match is the effective setting). This | ||
2717 | also makes it easier to override a previously set PermitOpen. ok djm@ | ||
2718 | - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 | ||
2719 | [channels.c] | ||
2720 | more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ | ||
2721 | - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 | ||
2722 | [progressmeter.c] | ||
2723 | ARGSUSED for signal handler | ||
2724 | - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 | ||
2725 | [includes.h moduli.c progressmeter.c scp.c sftp-common.c] | ||
2726 | [sftp-server.c ssh-agent.c sshlogin.c] | ||
2727 | move #include <time.h> out of includes.h | ||
2728 | - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 | ||
2729 | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] | ||
2730 | [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] | ||
2731 | [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] | ||
2732 | [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] | ||
2733 | [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] | ||
2734 | [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] | ||
2735 | [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] | ||
2736 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] | ||
2737 | [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] | ||
2738 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] | ||
2739 | [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | ||
2740 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] | ||
2741 | [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] | ||
2742 | move #include <string.h> out of includes.h | ||
2743 | - stevesk@cvs.openbsd.org 2006/07/23 01:11:05 | ||
2744 | [auth.h dispatch.c kex.h sftp-client.c] | ||
2745 | #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> | ||
2746 | move | ||
2747 | - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] | ||
2748 | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] | ||
2749 | [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] | ||
2750 | [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] | ||
2751 | [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] | ||
2752 | [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] | ||
2753 | [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] | ||
2754 | [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] | ||
2755 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | ||
2756 | [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] | ||
2757 | make the portable tree compile again - sprinkle unistd.h and string.h | ||
2758 | back in. Don't redefine __unused, as it turned out to be used in | ||
2759 | headers on Linux, and replace its use in auth-pam.c with ARGSUSED | ||
2760 | - (djm) [openbsd-compat/glob.c] | ||
2761 | Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles | ||
2762 | on OpenBSD (or other platforms with a decent glob implementation) with | ||
2763 | -Werror | ||
2764 | - (djm) [uuencode.c] | ||
2765 | Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on | ||
2766 | some platforms | ||
2767 | - (djm) [session.c] | ||
2768 | fix compile error with -Werror -Wall: 'path' is only used in | ||
2769 | do_setup_env() if HAVE_LOGIN_CAP is not defined | ||
2770 | - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c] | ||
2771 | [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c] | ||
2772 | [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c] | ||
2773 | [openbsd-compat/port-aix.c openbsd-compat/port-irix.c] | ||
2774 | [openbsd-compat/rresvport.c] | ||
2775 | These look to need string.h and/or unistd.h (based on a grep for function | ||
2776 | names) | ||
2777 | - (djm) [Makefile.in] | ||
2778 | Remove generated openbsd-compat/regress/Makefile in distclean target | ||
2779 | - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh] | ||
2780 | [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] | ||
2781 | Sync regress tests to -current; include dtucker@'s new cfgmatch and | ||
2782 | forcecommand tests. Add cipher-speed.sh test (not linked in yet) | ||
2783 | - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including | ||
2784 | system headers before defines.h will cause conflicting definitions. | ||
2785 | - (dtucker) [regress/forcecommand.sh] Portablize. | ||
2786 | |||
2787 | 20060713 | ||
2788 | - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h | ||
2789 | |||
2790 | 20060712 | ||
2791 | - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and | ||
2792 | O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old | ||
2793 | Linuxes and probably more. | ||
2794 | - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h> | ||
2795 | for SHUT_RD. | ||
2796 | - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before | ||
2797 | <netinet/ip.h>. | ||
2798 | - (dtucker) OpenBSD CVS Sync | ||
2799 | - stevesk@cvs.openbsd.org 2006/07/10 16:01:57 | ||
2800 | [sftp-glob.c sftp-common.h sftp.c] | ||
2801 | buffer.h only needed in sftp-common.h and remove some unneeded | ||
2802 | user includes; ok djm@ | ||
2803 | - jmc@cvs.openbsd.org 2006/07/10 16:04:21 | ||
2804 | [sshd.8] | ||
2805 | s/and and/and/ | ||
2806 | - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 | ||
2807 | [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c | ||
2808 | auth.c packet.c log.c] | ||
2809 | move #include <stdarg.h> out of includes.h; ok markus@ | ||
2810 | - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 | ||
2811 | [ssh.c] | ||
2812 | Only copy the part of environment variable that we actually use. Prevents | ||
2813 | ssh bailing when SendEnv is used and an environment variable with a really | ||
2814 | long value exists. ok djm@ | ||
2815 | - markus@cvs.openbsd.org 2006/07/11 18:50:48 | ||
2816 | [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c | ||
2817 | channels.h readconf.c] | ||
2818 | add ExitOnForwardFailure: terminate the connection if ssh(1) | ||
2819 | cannot set up all requested dynamic, local, and remote port | ||
2820 | forwardings. ok djm, dtucker, stevesk, jmc | ||
2821 | - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 | ||
2822 | [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c | ||
2823 | sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c | ||
2824 | includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c | ||
2825 | sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c | ||
2826 | ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] | ||
2827 | move #include <errno.h> out of includes.h; ok markus@ | ||
2828 | - stevesk@cvs.openbsd.org 2006/07/11 20:16:43 | ||
2829 | [ssh.c] | ||
2830 | cast asterisk field precision argument to int to remove warning; | ||
2831 | ok markus@ | ||
2832 | - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 | ||
2833 | [authfile.c ssh.c] | ||
2834 | need <errno.h> here also (it's also included in <openssl/err.h>) | ||
2835 | - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 | ||
2836 | [sshd.c servconf.h servconf.c sshd_config.5 auth.c] | ||
2837 | Add support for conditional directives to sshd_config via a "Match" | ||
2838 | keyword, which works similarly to the "Host" directive in ssh_config. | ||
2839 | Lines after a Match line override the default set in the main section | ||
2840 | if the condition on the Match line is true, eg | ||
2841 | AllowTcpForwarding yes | ||
2842 | Match User anoncvs | ||
2843 | AllowTcpForwarding no | ||
2844 | will allow port forwarding by all users except "anoncvs". | ||
2845 | Currently only a very small subset of directives are supported. | ||
2846 | ok djm@ | ||
2847 | - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c | ||
2848 | openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c | ||
2849 | openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>. | ||
2850 | - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. | ||
2851 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. | ||
2852 | - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. | ||
2853 | - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c | ||
2854 | openbsd-compat/rresvport.c] More errno.h. | ||
2855 | |||
2856 | 20060711 | ||
2857 | - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c | ||
2858 | openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally | ||
2859 | include paths.h. Fixes build error on Solaris. | ||
2860 | - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably | ||
2861 | others). | ||
2862 | |||
2863 | 20060710 | ||
2864 | - (dtucker) [INSTALL] New autoconf version: 2.60. | ||
2865 | - OpenBSD CVS Sync | ||
2866 | - djm@cvs.openbsd.org 2006/06/14 10:50:42 | ||
2867 | [sshconnect.c] | ||
2868 | limit the number of pre-banner characters we will accept; ok markus@ | ||
2869 | - djm@cvs.openbsd.org 2006/06/26 10:36:15 | ||
2870 | [clientloop.c] | ||
2871 | mention optional bind_address in runtime port forwarding setup | ||
2872 | command-line help. patch from santhi.amirta AT gmail.com | ||
2873 | - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 | ||
2874 | [ssh.1 ssh.c ssh_config.5 sshd_config.5] | ||
2875 | more details and clarity for tun(4) device forwarding; ok and help | ||
2876 | jmc@ | ||
2877 | - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 | ||
2878 | [gss-serv-krb5.c gss-serv.c] | ||
2879 | no "servconf.h" needed here | ||
2880 | (gss-serv-krb5.c change not applied, portable needs the server options) | ||
2881 | - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 | ||
2882 | [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] | ||
2883 | move #include <grp.h> out of includes.h | ||
2884 | (portable needed uidswap.c too) | ||
2885 | - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 | ||
2886 | [clientloop.c ssh.1] | ||
2887 | use -KR[bind_address:]port here; ok djm@ | ||
2888 | - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 | ||
2889 | [includes.h ssh.c sshconnect.c sshd.c] | ||
2890 | move #include "version.h" out of includes.h; ok markus@ | ||
2891 | - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 | ||
2892 | [channels.c includes.h] | ||
2893 | move #include <arpa/inet.h> out of includes.h; old ok djm@ | ||
2894 | (portable needed session.c too) | ||
2895 | - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 | ||
2896 | [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] | ||
2897 | [serverloop.c sshconnect.c uuencode.c] | ||
2898 | move #include <netinet/in.h> out of includes.h; ok deraadt@ | ||
2899 | (also ssh-rand-helper.c logintest.c loginrec.c) | ||
2900 | - djm@cvs.openbsd.org 2006/07/06 10:47:05 | ||
2901 | [servconf.c servconf.h session.c sshd_config.5] | ||
2902 | support arguments to Subsystem commands; ok markus@ | ||
2903 | - djm@cvs.openbsd.org 2006/07/06 10:47:57 | ||
2904 | [sftp-server.8 sftp-server.c] | ||
2905 | add commandline options to enable logging of transactions; ok markus@ | ||
2906 | - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 | ||
2907 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] | ||
2908 | [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] | ||
2909 | [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] | ||
2910 | [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] | ||
2911 | [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] | ||
2912 | [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] | ||
2913 | [uidswap.h] | ||
2914 | move #include <pwd.h> out of includes.h; ok markus@ | ||
2915 | - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 | ||
2916 | [ssh-keygen.c] | ||
2917 | move #include "dns.h" up | ||
2918 | - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 | ||
2919 | [monitor_wrap.h] | ||
2920 | typo in comment | ||
2921 | - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 | ||
2922 | [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] | ||
2923 | [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] | ||
2924 | [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] | ||
2925 | move #include <sys/socket.h> out of includes.h | ||
2926 | - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 | ||
2927 | [monitor.c session.c] | ||
2928 | missed these from last commit: | ||
2929 | move #include <sys/socket.h> out of includes.h | ||
2930 | - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 | ||
2931 | [log.c] | ||
2932 | move user includes after /usr/include files | ||
2933 | - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 | ||
2934 | [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] | ||
2935 | [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] | ||
2936 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | ||
2937 | [sshlogin.c sshpty.c] | ||
2938 | move #include <fcntl.h> out of includes.h | ||
2939 | - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 | ||
2940 | [ssh-add.c] | ||
2941 | use O_RDONLY vs. 0 in open(); no binary change | ||
2942 | - djm@cvs.openbsd.org 2006/07/10 11:24:54 | ||
2943 | [sftp-server.c] | ||
2944 | remove optind - it isn't used here | ||
2945 | - djm@cvs.openbsd.org 2006/07/10 11:25:53 | ||
2946 | [sftp-server.c] | ||
2947 | don't log variables that aren't yet set | ||
2948 | - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c] | ||
2949 | [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] | ||
2950 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | ||
2951 | [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h | ||
2952 | - OpenBSD CVS Sync | ||
2953 | - djm@cvs.openbsd.org 2006/07/10 12:03:20 | ||
2954 | [scp.c] | ||
2955 | duplicate argv at the start of main() because it gets modified later; | ||
2956 | pointed out by deraadt@ ok markus@ | ||
2957 | - djm@cvs.openbsd.org 2006/07/10 12:08:08 | ||
2958 | [channels.c] | ||
2959 | fix misparsing of SOCKS 5 packets that could result in a crash; | ||
2960 | reported by mk@ ok markus@ | ||
2961 | - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 | ||
2962 | [misc.c misc.h sshd.8 sshconnect.c] | ||
2963 | Add port identifier to known_hosts for non-default ports, based originally | ||
2964 | on a patch from Devin Nate in bz#910. | ||
2965 | For any connection using the default port or using a HostKeyAlias the | ||
2966 | format is unchanged, otherwise the host name or address is enclosed | ||
2967 | within square brackets in the same format as sshd's ListenAddress. | ||
2968 | Tested by many, ok markus@. | ||
2969 | - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h> | ||
2970 | for struct sockaddr on platforms that use the fake-rfc stuff. | ||
2971 | |||
2972 | 20060706 | ||
2973 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when | ||
2974 | compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so | ||
2975 | configure would not select the correct libpath linker flags. | ||
2976 | - (dtucker) [INSTALL] A bit more info on autoconf. | ||
2977 | |||
2978 | 20060705 | ||
2979 | - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the | ||
2980 | target already exists. | ||
2981 | |||
2982 | 20060630 | ||
2983 | - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf | ||
2984 | declaration too. Patch from russ at sludge.net. | ||
2985 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, | ||
2986 | prevents warnings on platforms where _res is in the system headers. | ||
2987 | - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which | ||
2988 | version. | ||
2989 | |||
2990 | 20060627 | ||
2991 | - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems | ||
2992 | with autoconf 2.60. Patch from vapier at gentoo.org. | ||
2993 | |||
2994 | 20060625 | ||
2995 | - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys | ||
2996 | only, otherwise sshd can hang exiting non-interactive sessions. | ||
2997 | |||
2998 | 20060624 | ||
2999 | - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. | ||
3000 | Works around limitation in Solaris' passwd program for changing passwords | ||
3001 | where the username is longer than 8 characters. ok djm@ | ||
3002 | - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug | ||
3003 | #1102 workaround. | ||
3004 | |||
3005 | 20060623 | ||
3006 | - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add | ||
3007 | tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch | ||
3008 | from reyk@, tested by anil@ | ||
3009 | - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX | ||
3010 | 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes | ||
3011 | on the pty slave as zero-length reads on the pty master, which sshd | ||
3012 | interprets as the descriptor closing. Since most things don't do zero | ||
3013 | length writes this rarely matters, but occasionally it happens, and when | ||
3014 | it does the SSH pty session appears to hang, so we add a special case for | ||
3015 | this condition. ok djm@ | ||
3016 | |||
3017 | 20060613 | ||
3018 | - (djm) [getput.h] This file has been replaced by functions in misc.c | ||
3019 | - OpenBSD CVS Sync | ||
3020 | - djm@cvs.openbsd.org 2006/05/08 10:49:48 | ||
3021 | [sshconnect2.c] | ||
3022 | uint32_t -> u_int32_t (which we use everywhere else) | ||
3023 | (Id sync only - portable already had this) | ||
3024 | - markus@cvs.openbsd.org 2006/05/16 09:00:00 | ||
3025 | [clientloop.c] | ||
3026 | missing free; from Kylene Hall | ||
3027 | - markus@cvs.openbsd.org 2006/05/17 12:43:34 | ||
3028 | [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] | ||
3029 | fix leak; coverity via Kylene Jo Hall | ||
3030 | - miod@cvs.openbsd.org 2006/05/18 21:27:25 | ||
3031 | [kexdhc.c kexgexc.c] | ||
3032 | paramter -> parameter | ||
3033 | - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 | ||
3034 | [ssh_config.5] | ||
3035 | Add gssapi-with-mic to PreferredAuthentications default list; ok jmc | ||
3036 | - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 | ||
3037 | [ssh_config] | ||
3038 | Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in | ||
3039 | sample ssh_config. ok markus@ | ||
3040 | - jmc@cvs.openbsd.org 2006/05/29 16:10:03 | ||
3041 | [ssh_config.5] | ||
3042 | oops - previous was too long; split the list of auths up | ||
3043 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 | ||
3044 | [ssh-add.c] | ||
3045 | Sync usage() with man page and reality. | ||
3046 | ok deraadt dtucker | ||
3047 | - jmc@cvs.openbsd.org 2006/05/29 16:13:23 | ||
3048 | [ssh.1] | ||
3049 | add GSSAPI to the list of authentication methods supported; | ||
3050 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 | ||
3051 | [ssh-add.c] | ||
3052 | Sync usage() with man page and reality. | ||
3053 | ok deraadt dtucker | ||
3054 | - markus@cvs.openbsd.org 2006/06/01 09:21:48 | ||
3055 | [sshd.c] | ||
3056 | call get_remote_ipaddr() early; fixes logging after client disconnects; | ||
3057 | report mpf@; ok dtucker@ | ||
3058 | - markus@cvs.openbsd.org 2006/06/06 10:20:20 | ||
3059 | [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] | ||
3060 | replace remaining setuid() calls with permanently_set_uid() and | ||
3061 | check seteuid() return values; report Marcus Meissner; ok dtucker djm | ||
3062 | - markus@cvs.openbsd.org 2006/06/08 14:45:49 | ||
3063 | [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] | ||
3064 | do not set the gid, noted by solar; ok djm | ||
3065 | - djm@cvs.openbsd.org 2006/06/13 01:18:36 | ||
3066 | [ssh-agent.c] | ||
3067 | always use a format string, even when printing a constant | ||
3068 | - djm@cvs.openbsd.org 2006/06/13 02:17:07 | ||
3069 | [ssh-agent.c] | ||
3070 | revert; i am on drugs. spotted by alexander AT beard.se | ||
3071 | |||
3072 | 20060521 | ||
3073 | - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor | ||
3074 | and slave, we can remove the special-case handling in the audit hook in | ||
3075 | auth_log. | ||
3076 | |||
3077 | 20060517 | ||
3078 | - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file | ||
3079 | pointer leak. From kjhall at us.ibm.com, found by coverity. | ||
3080 | |||
3081 | 20060515 | ||
3082 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of | ||
3083 | _res, prevents problems on some platforms that have _res as a global but | ||
3084 | don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by | ||
3085 | georg.schwarz at freenet.de, ok djm@. | ||
3086 | - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative | ||
3087 | default. Patch originally from tim@, ok djm | ||
3088 | - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and | ||
3089 | do not allow kbdint again after the PAM account check fails. ok djm@ | ||
3090 | |||
3091 | 20060506 | ||
3092 | - (dtucker) OpenBSD CVS Sync | ||
3093 | - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 | ||
3094 | [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] | ||
3095 | Prevent ssh from trying to open private keys with bad permissions more than | ||
3096 | once or prompting for their passphrases (which it subsequently ignores | ||
3097 | anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ | ||
3098 | - djm@cvs.openbsd.org 2006/05/04 14:55:23 | ||
3099 | [dh.c] | ||
3100 | tighter DH exponent checks here too; feedback and ok markus@ | ||
3101 | - djm@cvs.openbsd.org 2006/04/01 05:37:46 | ||
3102 | [OVERVIEW] | ||
3103 | $OpenBSD$ in here too | ||
3104 | - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 | ||
3105 | [auth-krb5.c] | ||
3106 | Add $OpenBSD$ in comment here too | ||
3107 | |||
3108 | 20060504 | ||
3109 | - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c | ||
3110 | session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c | ||
3111 | openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) | ||
3112 | in Portable-only code; since calloc zeros, remove now-redundant memsets. | ||
3113 | Also add a couple of sanity checks. With & ok djm@ | ||
3114 | |||
3115 | 20060503 | ||
3116 | - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h | ||
3117 | and double including it on IRIX 5.3 causes problems. From Georg Schwarz, | ||
3118 | "no objections" tim@ | ||
3119 | |||
3120 | 20060423 | ||
3121 | - (djm) OpenBSD CVS Sync | ||
3122 | - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 | ||
3123 | [scp.c] | ||
3124 | minimal lint cleanup (unused crud, and some size_t); ok djm | ||
3125 | - djm@cvs.openbsd.org 2006/04/01 05:50:29 | ||
3126 | [scp.c] | ||
3127 | xasprintification; ok deraadt@ | ||
3128 | - djm@cvs.openbsd.org 2006/04/01 05:51:34 | ||
3129 | [atomicio.c] | ||
3130 | ANSIfy; requested deraadt@ | ||
3131 | - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 | ||
3132 | [ssh-keysign.c] | ||
3133 | sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ | ||
3134 | - djm@cvs.openbsd.org 2006/04/03 07:10:38 | ||
3135 | [gss-genr.c] | ||
3136 | GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 | ||
3137 | by dleonard AT vintela.com. use xasprintf() to simplify code while in | ||
3138 | there; "looks right" deraadt@ | ||
3139 | - djm@cvs.openbsd.org 2006/04/16 00:48:52 | ||
3140 | [buffer.c buffer.h channels.c] | ||
3141 | Fix condition where we could exit with a fatal error when an input | ||
3142 | buffer became too large and the remote end had advertised a big window. | ||
3143 | The problem was a mismatch in the backoff math between the channels code | ||
3144 | and the buffer code, so make a buffer_check_alloc() function that the | ||
3145 | channels code can use to propsectivly check whether an incremental | ||
3146 | allocation will succeed. bz #1131, debugged with the assistance of | ||
3147 | cove AT wildpackets.com; ok dtucker@ deraadt@ | ||
3148 | - djm@cvs.openbsd.org 2006/04/16 00:52:55 | ||
3149 | [atomicio.c atomicio.h] | ||
3150 | introduce atomiciov() function that wraps readv/writev to retry | ||
3151 | interrupted transfers like atomicio() does for read/write; | ||
3152 | feedback deraadt@ dtucker@ stevesk@ ok deraadt@ | ||
3153 | - djm@cvs.openbsd.org 2006/04/16 00:54:10 | ||
3154 | [sftp-client.c] | ||
3155 | avoid making a tiny 4-byte write to send the packet length of sftp | ||
3156 | commands, which would result in a separate tiny packet on the wire by | ||
3157 | using atomiciov(writev, ...) to write the length and the command in one | ||
3158 | pass; ok deraadt@ | ||
3159 | - djm@cvs.openbsd.org 2006/04/16 07:59:00 | ||
3160 | [atomicio.c] | ||
3161 | reorder sanity test so that it cannot dereference past the end of the | ||
3162 | iov array; well spotted canacar@! | ||
3163 | - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 | ||
3164 | [bufaux.c bufbn.c Makefile.in] | ||
3165 | Move Buffer bignum functions into their own file, bufbn.c. This means | ||
3166 | that sftp and sftp-server (which use the Buffer functions in bufaux.c | ||
3167 | but not the bignum ones) no longer need to be linked with libcrypto. | ||
3168 | ok markus@ | ||
3169 | - djm@cvs.openbsd.org 2006/04/20 09:27:09 | ||
3170 | [auth.h clientloop.c dispatch.c dispatch.h kex.h] | ||
3171 | replace the last non-sig_atomic_t flag used in a signal handler with a | ||
3172 | sig_atomic_t, unfortunately with some knock-on effects in other (non- | ||
3173 | signal) contexts in which it is used; ok markus@ | ||
3174 | - markus@cvs.openbsd.org 2006/04/20 09:47:59 | ||
3175 | [sshconnect.c] | ||
3176 | simplify; ok djm@ | ||
3177 | - djm@cvs.openbsd.org 2006/04/20 21:53:44 | ||
3178 | [includes.h session.c sftp.c] | ||
3179 | Switch from using pipes to socketpairs for communication between | ||
3180 | sftp/scp and ssh, and between sshd and its subprocesses. This saves | ||
3181 | a file descriptor per session and apparently makes userland ppp over | ||
3182 | ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this | ||
3183 | decision on a per-platform basis) | ||
3184 | - djm@cvs.openbsd.org 2006/04/22 04:06:51 | ||
3185 | [uidswap.c] | ||
3186 | use setres[ug]id() to permanently revoke privileges; ok deraadt@ | ||
3187 | (ID Sync only - portable already uses setres[ug]id() whenever possible) | ||
3188 | - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 | ||
3189 | [crc32.c] | ||
3190 | remove extra spaces | ||
3191 | - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get | ||
3192 | sig_atomic_t | ||
3193 | |||
3194 | 20060421 | ||
3195 | - (djm) [Makefile.in configure.ac session.c sshpty.c] | ||
3196 | [contrib/redhat/sshd.init openbsd-compat/Makefile.in] | ||
3197 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] | ||
3198 | [openbsd-compat/port-linux.h] Add support for SELinux, setting | ||
3199 | the execution and TTY contexts. based on patch from Daniel Walsh, | ||
3200 | bz #880; ok dtucker@ | ||
3201 | |||
3202 | 20060418 | ||
3203 | - (djm) [canohost.c] Reorder IP options check so that it isn't broken | ||
3204 | by mapped addresses; bz #1179 reported by markw wtech-llc.com; | ||
3205 | ok dtucker@ | ||
3206 | |||
3207 | 20060331 | ||
3208 | - OpenBSD CVS Sync | ||
3209 | - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 | ||
3210 | [xmalloc.c] | ||
3211 | we can do the size & nmemb check before the integer overflow check; | ||
3212 | evol | ||
3213 | - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 | ||
3214 | [dh.c] | ||
3215 | use strtonum() instead of atoi(), limit dhg size to 64k; ok djm | ||
3216 | - djm@cvs.openbsd.org 2006/03/27 23:15:46 | ||
3217 | [sftp.c] | ||
3218 | always use a format string for addargs; spotted by mouring@ | ||
3219 | - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 | ||
3220 | [README.tun ssh.c] | ||
3221 | spacing | ||
3222 | - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 | ||
3223 | [channels.c] | ||
3224 | do not accept unreasonable X ports numbers; ok djm | ||
3225 | - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 | ||
3226 | [ssh-agent.c] | ||
3227 | use strtonum() to parse the pid from the file, and range check it | ||
3228 | better; ok djm | ||
3229 | - djm@cvs.openbsd.org 2006/03/30 09:41:25 | ||
3230 | [channels.c] | ||
3231 | ARGSUSED for dispatch table-driven functions | ||
3232 | - djm@cvs.openbsd.org 2006/03/30 09:58:16 | ||
3233 | [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] | ||
3234 | [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] | ||
3235 | replace {GET,PUT}_XXBIT macros with functionally similar functions, | ||
3236 | silencing a heap of lint warnings. also allows them to use | ||
3237 | __bounded__ checking which can't be applied to macros; requested | ||
3238 | by and feedback from deraadt@ | ||
3239 | - djm@cvs.openbsd.org 2006/03/30 10:41:25 | ||
3240 | [ssh.c ssh_config.5] | ||
3241 | add percent escape chars to the IdentityFile option, bz #1159 based | ||
3242 | on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ | ||
3243 | - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 | ||
3244 | [ssh-keygen.c] | ||
3245 | Correctly handle truncated files while converting keys; ok djm@ | ||
3246 | - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 | ||
3247 | [auth.c monitor.c] | ||
3248 | Prevent duplicate log messages when privsep=yes; ok djm@ | ||
3249 | - jmc@cvs.openbsd.org 2006/03/31 09:09:30 | ||
3250 | [ssh_config.5] | ||
3251 | kill trailing whitespace; | ||
3252 | - djm@cvs.openbsd.org 2006/03/31 09:13:56 | ||
3253 | [ssh_config.5] | ||
3254 | remote user escape is %r not %h; spotted by jmc@ | ||
3255 | |||
3256 | 20060326 | ||
3257 | - OpenBSD CVS Sync | ||
3258 | - jakob@cvs.openbsd.org 2006/03/15 08:46:44 | ||
3259 | [ssh-keygen.c] | ||
3260 | if no key file are given when printing the DNS host record, use the | ||
3261 | host key file(s) as default. ok djm@ | ||
3262 | - biorn@cvs.openbsd.org 2006/03/16 10:31:45 | ||
3263 | [scp.c] | ||
3264 | Try to display errormessage even if remout == -1 | ||
3265 | ok djm@, markus@ | ||
3266 | - djm@cvs.openbsd.org 2006/03/17 22:31:50 | ||
3267 | [authfd.c] | ||
3268 | another unreachable found by lint | ||
3269 | - djm@cvs.openbsd.org 2006/03/17 22:31:11 | ||
3270 | [authfd.c] | ||
3271 | unreachanble statement, found by lint | ||
3272 | - djm@cvs.openbsd.org 2006/03/19 02:22:32 | ||
3273 | [serverloop.c] | ||
3274 | memory leaks detected by Coverity via elad AT netbsd.org; | ||
3275 | ok deraadt@ dtucker@ | ||
3276 | - djm@cvs.openbsd.org 2006/03/19 02:22:56 | ||
3277 | [sftp.c] | ||
3278 | more memory leaks detected by Coverity via elad AT netbsd.org; | ||
3279 | deraadt@ ok | ||
3280 | - djm@cvs.openbsd.org 2006/03/19 02:23:26 | ||
3281 | [hostfile.c] | ||
3282 | FILE* leak detected by Coverity via elad AT netbsd.org; | ||
3283 | ok deraadt@ | ||
3284 | - djm@cvs.openbsd.org 2006/03/19 02:24:05 | ||
3285 | [dh.c readconf.c servconf.c] | ||
3286 | potential NULL pointer dereferences detected by Coverity | ||
3287 | via elad AT netbsd.org; ok deraadt@ | ||
3288 | - djm@cvs.openbsd.org 2006/03/19 07:41:30 | ||
3289 | [sshconnect2.c] | ||
3290 | memory leaks detected by Coverity via elad AT netbsd.org; | ||
3291 | deraadt@ ok | ||
3292 | - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 | ||
3293 | [servconf.c] | ||
3294 | Correct strdelim null test; ok djm@ | ||
3295 | - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 | ||
3296 | [auth1.c authfd.c channels.c] | ||
3297 | spacing | ||
3298 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 | ||
3299 | [kex.c kex.h monitor.c myproposal.h session.c] | ||
3300 | spacing | ||
3301 | - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 | ||
3302 | [clientloop.c progressmeter.c serverloop.c sshd.c] | ||
3303 | ARGSUSED for signal handlers | ||
3304 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 | ||
3305 | [ssh-keyscan.c] | ||
3306 | please lint | ||
3307 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 | ||
3308 | [ssh.c] | ||
3309 | spacing | ||
3310 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:09 | ||
3311 | [authfile.c] | ||
3312 | whoever thought that break after return was a good idea needs to | ||
3313 | get their head examimed | ||
3314 | - djm@cvs.openbsd.org 2006/03/20 04:09:44 | ||
3315 | [monitor.c] | ||
3316 | memory leaks detected by Coverity via elad AT netbsd.org; | ||
3317 | deraadt@ ok | ||
3318 | that should be all of them now | ||
3319 | - djm@cvs.openbsd.org 2006/03/20 11:38:46 | ||
3320 | [key.c] | ||
3321 | (really) last of the Coverity diffs: avoid possible NULL deref in | ||
3322 | key_free. via elad AT netbsd.org; markus@ ok | ||
3323 | - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 | ||
3324 | [auth.c key.c misc.c packet.c ssh-add.c] | ||
3325 | in a switch (), break after return or goto is stupid | ||
3326 | - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 | ||
3327 | [key.c] | ||
3328 | djm did a typo | ||
3329 | - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 | ||
3330 | [ssh-rsa.c] | ||
3331 | in a switch (), break after return or goto is stupid | ||
3332 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 | ||
3333 | [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] | ||
3334 | [ssh.c sshpty.c sshpty.h] | ||
3335 | sprinkle u_int throughout pty subsystem, ok markus | ||
3336 | - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 | ||
3337 | [auth1.c auth2.c sshd.c] | ||
3338 | sprinkle some ARGSUSED for table driven functions (which sometimes | ||
3339 | must ignore their args) | ||
3340 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 | ||
3341 | [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] | ||
3342 | [ssh-rsa.c ssh.c sshlogin.c] | ||
3343 | annoying spacing fixes getting in the way of real diffs | ||
3344 | - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 | ||
3345 | [monitor.c] | ||
3346 | spacing | ||
3347 | - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 | ||
3348 | [channels.c] | ||
3349 | x11_fake_data is only ever used as u_char * | ||
3350 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 | ||
3351 | [dns.c] | ||
3352 | cast xstrdup to propert u_char * | ||
3353 | - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 | ||
3354 | [canohost.c match.c ssh.c sshconnect.c] | ||
3355 | be strict with tolower() casting | ||
3356 | - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 | ||
3357 | [channels.c fatal.c kex.c packet.c serverloop.c] | ||
3358 | spacing | ||
3359 | - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 | ||
3360 | [ttymodes.c] | ||
3361 | spacing | ||
3362 | - djm@cvs.openbsd.org 2006/03/25 00:05:41 | ||
3363 | [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] | ||
3364 | [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] | ||
3365 | [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] | ||
3366 | [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] | ||
3367 | [xmalloc.c xmalloc.h] | ||
3368 | introduce xcalloc() and xasprintf() failure-checked allocations | ||
3369 | functions and use them throughout openssh | ||
3370 | |||
3371 | xcalloc is particularly important because malloc(nmemb * size) is a | ||
3372 | dangerous idiom (subject to integer overflow) and it is time for it | ||
3373 | to die | ||
3374 | |||
3375 | feedback and ok deraadt@ | ||
3376 | - djm@cvs.openbsd.org 2006/03/25 01:13:23 | ||
3377 | [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] | ||
3378 | [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] | ||
3379 | [uidswap.c] | ||
3380 | change OpenSSH's xrealloc() function from being xrealloc(p, new_size) | ||
3381 | to xrealloc(p, new_nmemb, new_itemsize). | ||
3382 | |||
3383 | realloc is particularly prone to integer overflows because it is | ||
3384 | almost always allocating "n * size" bytes, so this is a far safer | ||
3385 | API; ok deraadt@ | ||
3386 | - djm@cvs.openbsd.org 2006/03/25 01:30:23 | ||
3387 | [sftp.c] | ||
3388 | "abormally" is a perfectly cromulent word, but "abnormally" is better | ||
3389 | - djm@cvs.openbsd.org 2006/03/25 13:17:03 | ||
3390 | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] | ||
3391 | [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] | ||
3392 | [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] | ||
3393 | [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] | ||
3394 | [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] | ||
3395 | [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] | ||
3396 | [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] | ||
3397 | [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] | ||
3398 | [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] | ||
3399 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] | ||
3400 | [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] | ||
3401 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] | ||
3402 | [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | ||
3403 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | ||
3404 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | ||
3405 | [uidswap.c uuencode.c xmalloc.c] | ||
3406 | Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that | ||
3407 | Theo nuked - our scripts to sync -portable need them in the files | ||
3408 | - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 | ||
3409 | [auth-rsa.c authfd.c packet.c] | ||
3410 | needed casts (always will be needed) | ||
3411 | - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 | ||
3412 | [clientloop.c serverloop.c] | ||
3413 | spacing | ||
3414 | - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 | ||
3415 | [sshlogin.c sshlogin.h] | ||
3416 | nicer size_t and time_t types | ||
3417 | - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 | ||
3418 | [ssh-keygen.c] | ||
3419 | cast strtonum() result to right type | ||
3420 | - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 | ||
3421 | [ssh-agent.c] | ||
3422 | mark two more signal handlers ARGSUSED | ||
3423 | - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 | ||
3424 | [channels.c] | ||
3425 | use strtonum() instead of atoi() [limit X screens to 400, sorry] | ||
3426 | - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 | ||
3427 | [bufaux.c channels.c packet.c] | ||
3428 | remove (char *) casts to a function that accepts void * for the arg | ||
3429 | - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 | ||
3430 | [channels.c] | ||
3431 | delete cast not required | ||
3432 | - djm@cvs.openbsd.org 2006/03/25 22:22:43 | ||
3433 | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] | ||
3434 | [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] | ||
3435 | [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] | ||
3436 | [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] | ||
3437 | [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] | ||
3438 | [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] | ||
3439 | [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] | ||
3440 | [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] | ||
3441 | [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] | ||
3442 | [ttymodes.h uidswap.h uuencode.h xmalloc.h] | ||
3443 | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | ||
3444 | - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 | ||
3445 | [uuencode.c] | ||
3446 | typo | ||
3447 | |||
3448 | 20060325 | ||
3449 | - OpenBSD CVS Sync | ||
3450 | - djm@cvs.openbsd.org 2006/03/16 04:24:42 | ||
3451 | [ssh.1] | ||
3452 | Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs | ||
3453 | that OpenSSH supports | ||
3454 | - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 | ||
3455 | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] | ||
3456 | [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] | ||
3457 | [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] | ||
3458 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] | ||
3459 | [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] | ||
3460 | [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] | ||
3461 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | ||
3462 | [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] | ||
3463 | [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] | ||
3464 | [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] | ||
3465 | [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] | ||
3466 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] | ||
3467 | [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] | ||
3468 | [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] | ||
3469 | [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] | ||
3470 | [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] | ||
3471 | [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | ||
3472 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | ||
3473 | [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] | ||
3474 | [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] | ||
3475 | [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] | ||
3476 | [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] | ||
3477 | [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] | ||
3478 | RCSID() can die | ||
3479 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 | ||
3480 | [kex.h myproposal.h] | ||
3481 | spacing | ||
3482 | - djm@cvs.openbsd.org 2006/03/20 04:07:22 | ||
3483 | [auth2-gss.c] | ||
3484 | GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | ||
3485 | reviewed by simon AT sxw.org.uk; deraadt@ ok | ||
3486 | - djm@cvs.openbsd.org 2006/03/20 04:07:49 | ||
3487 | [gss-genr.c] | ||
3488 | more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | ||
3489 | reviewed by simon AT sxw.org.uk; deraadt@ ok | ||
3490 | - djm@cvs.openbsd.org 2006/03/20 04:08:18 | ||
3491 | [gss-serv.c] | ||
3492 | last lot of GSSAPI related leaks detected by Coverity via | ||
3493 | elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok | ||
3494 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 | ||
3495 | [monitor_wrap.h sshpty.h] | ||
3496 | sprinkle u_int throughout pty subsystem, ok markus | ||
3497 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 | ||
3498 | [session.h] | ||
3499 | annoying spacing fixes getting in the way of real diffs | ||
3500 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 | ||
3501 | [dns.c] | ||
3502 | cast xstrdup to propert u_char * | ||
3503 | - jakob@cvs.openbsd.org 2006/03/22 21:16:24 | ||
3504 | [ssh.1] | ||
3505 | simplify SSHFP example; ok jmc@ | ||
3506 | - djm@cvs.openbsd.org 2006/03/22 21:27:15 | ||
3507 | [deattack.c deattack.h] | ||
3508 | remove IV support from the CRC attack detector, OpenSSH has never used | ||
3509 | it - it only applied to IDEA-CFB, which we don't support. | ||
3510 | prompted by NetBSD Coverity report via elad AT netbsd.org; | ||
3511 | feedback markus@ "nuke it" deraadt@ | ||
3512 | |||
3513 | 20060318 | ||
3514 | - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via | ||
3515 | elad AT NetBSD.org | ||
3516 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take | ||
3517 | a LLONG rather than a long. Fixes scp'ing of large files on platforms | ||
3518 | with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. | ||
3519 | |||
3520 | 20060316 | ||
3521 | - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. | ||
3522 | - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in | ||
3523 | /usr/include/crypto. Hint from djm@. | ||
3524 | - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] | ||
3525 | Disable sha256 when openssl < 0.9.7. Patch from djm@. | ||
3526 | - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old | ||
3527 | OpenSSL; ok tim | ||
3528 | |||
3529 | 20060315 | ||
3530 | - (djm) OpenBSD CVS Sync: | ||
3531 | - msf@cvs.openbsd.org 2006/02/06 15:54:07 | ||
3532 | [ssh.1] | ||
3533 | - typo fix | ||
3534 | ok jmc@ | ||
3535 | - jmc@cvs.openbsd.org 2006/02/06 21:44:47 | ||
3536 | [ssh.1] | ||
3537 | make this a little less ambiguous... | ||
3538 | - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 | ||
3539 | [auth-rhosts.c includes.h] | ||
3540 | move #include <netgroup.h> out of includes.h; ok markus@ | ||
3541 | - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 | ||
3542 | [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] | ||
3543 | move #include <sys/queue.h> out of includes.h; ok markus@ | ||
3544 | - stevesk@cvs.openbsd.org 2006/02/07 01:42:00 | ||
3545 | [channels.c clientloop.c clientloop.h includes.h packet.h] | ||
3546 | [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] | ||
3547 | move #include <termios.h> out of includes.h; ok markus@ | ||
3548 | - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 | ||
3549 | [sshtty.c] | ||
3550 | "log.h" not needed | ||
3551 | - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 | ||
3552 | [hostfile.c] | ||
3553 | "packet.h" not needed | ||
3554 | - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 | ||
3555 | [deattack.c] | ||
3556 | duplicate #include | ||
3557 | - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 | ||
3558 | [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] | ||
3559 | [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] | ||
3560 | [sshd.c sshpty.c] | ||
3561 | move #include <paths.h> out of includes.h; ok markus@ | ||
3562 | - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 | ||
3563 | [includes.h misc.c] | ||
3564 | move #include <netinet/tcp.h> out of includes.h; ok markus@ | ||
3565 | - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 | ||
3566 | [gss-serv.c monitor.c] | ||
3567 | small KNF | ||
3568 | - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 | ||
3569 | [sshconnect.c] | ||
3570 | <openssl/bn.h> not needed | ||
3571 | - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 | ||
3572 | [includes.h ssh-agent.c ssh-keyscan.c ssh.c] | ||
3573 | move #include <sys/resource.h> out of includes.h; ok markus@ | ||
3574 | - stevesk@cvs.openbsd.org 2006/02/08 14:38:18 | ||
3575 | [includes.h packet.c] | ||
3576 | move #include <netinet/in_systm.h> and <netinet/ip.h> out of | ||
3577 | includes.h; ok markus@ | ||
3578 | - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 | ||
3579 | [includes.h scp.c sftp-glob.c sftp-server.c] | ||
3580 | move #include <dirent.h> out of includes.h; ok markus@ | ||
3581 | - stevesk@cvs.openbsd.org 2006/02/09 00:32:07 | ||
3582 | [includes.h] | ||
3583 | #include <sys/endian.h> not needed; ok djm@ | ||
3584 | NB. ID Sync only - we still need this (but it may move later) | ||
3585 | - jmc@cvs.openbsd.org 2006/02/09 10:10:47 | ||
3586 | [sshd.8] | ||
3587 | - move some text into a CAVEATS section | ||
3588 | - merge the COMMAND EXECUTION... section into AUTHENTICATION | ||
3589 | - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 | ||
3590 | [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] | ||
3591 | [ssh.c sshd.c sshpty.c] | ||
3592 | move #include <sys/ioctl.h> out of includes.h; ok markus@ | ||
3593 | - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 | ||
3594 | [includes.h monitor.c readpass.c scp.c serverloop.c session.c] | ||
3595 | [sftp.c sshconnect.c sshconnect2.c sshd.c] | ||
3596 | move #include <sys/wait.h> out of includes.h; ok markus@ | ||
3597 | - otto@cvs.openbsd.org 2006/02/11 19:31:18 | ||
3598 | [atomicio.c] | ||
3599 | type correctness; from Ray Lai in PR 5011; ok millert@ | ||
3600 | - djm@cvs.openbsd.org 2006/02/12 06:45:34 | ||
3601 | [ssh.c ssh_config.5] | ||
3602 | add a %l expansion code to the ControlPath, which is filled in with the | ||
3603 | local hostname at runtime. Requested by henning@ to avoid some problems | ||
3604 | with /home on NFS; ok dtucker@ | ||
3605 | - djm@cvs.openbsd.org 2006/02/12 10:44:18 | ||
3606 | [readconf.c] | ||
3607 | raise error when the user specifies a RekeyLimit that is smaller than 16 | ||
3608 | (the smallest of our cipher's blocksize) or big enough to cause integer | ||
3609 | wraparound; ok & feedback dtucker@ | ||
3610 | - jmc@cvs.openbsd.org 2006/02/12 10:49:44 | ||
3611 | [ssh_config.5] | ||
3612 | slight rewording; ok djm | ||
3613 | - jmc@cvs.openbsd.org 2006/02/12 10:52:41 | ||
3614 | [sshd.8] | ||
3615 | rework the description of authorized_keys a little; | ||
3616 | - jmc@cvs.openbsd.org 2006/02/12 17:57:19 | ||
3617 | [sshd.8] | ||
3618 | sort the list of options permissable w/ authorized_keys; | ||
3619 | ok djm dtucker | ||
3620 | - jmc@cvs.openbsd.org 2006/02/13 10:16:39 | ||
3621 | [sshd.8] | ||
3622 | no need to subsection the authorized_keys examples - instead, convert | ||
3623 | this to look like an actual file. also use proto 2 keys, and use IETF | ||
3624 | example addresses; | ||
3625 | - jmc@cvs.openbsd.org 2006/02/13 10:21:25 | ||
3626 | [sshd.8] | ||
3627 | small tweaks for the ssh_known_hosts section; | ||
3628 | - jmc@cvs.openbsd.org 2006/02/13 11:02:26 | ||
3629 | [sshd.8] | ||
3630 | turn this into an example ssh_known_hosts file; ok djm | ||
3631 | - jmc@cvs.openbsd.org 2006/02/13 11:08:43 | ||
3632 | [sshd.8] | ||
3633 | - avoid nasty line split | ||
3634 | - `*' does not need to be escaped | ||
3635 | - jmc@cvs.openbsd.org 2006/02/13 11:27:25 | ||
3636 | [sshd.8] | ||
3637 | sort FILES and use a -compact list; | ||
3638 | - david@cvs.openbsd.org 2006/02/15 05:08:24 | ||
3639 | [sftp-client.c] | ||
3640 | typo in comment; ok djm@ | ||
3641 | - jmc@cvs.openbsd.org 2006/02/15 16:53:20 | ||
3642 | [ssh.1] | ||
3643 | remove the IETF draft references and replace them with some updated RFCs; | ||
3644 | - jmc@cvs.openbsd.org 2006/02/15 16:55:33 | ||
3645 | [sshd.8] | ||
3646 | remove ietf draft references; RFC list now maintained in ssh.1; | ||
3647 | - jmc@cvs.openbsd.org 2006/02/16 09:05:34 | ||
3648 | [sshd.8] | ||
3649 | sync some of the FILES entries w/ ssh.1; | ||
3650 | - jmc@cvs.openbsd.org 2006/02/19 19:52:10 | ||
3651 | [sshd.8] | ||
3652 | move the sshrc stuff out of FILES, and into its own section: | ||
3653 | FILES is not a good place to document how stuff works; | ||
3654 | - jmc@cvs.openbsd.org 2006/02/19 20:02:17 | ||
3655 | [sshd.8] | ||
3656 | sync the (s)hosts.equiv FILES entries w/ those from ssh.1; | ||
3657 | - jmc@cvs.openbsd.org 2006/02/19 20:05:00 | ||
3658 | [sshd.8] | ||
3659 | grammar; | ||
3660 | - jmc@cvs.openbsd.org 2006/02/19 20:12:25 | ||
3661 | [ssh_config.5] | ||
3662 | add some vertical space; | ||
3663 | - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 | ||
3664 | [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] | ||
3665 | move #include <sys/un.h> out of includes.h; ok djm@ | ||
3666 | - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 | ||
3667 | [clientloop.c includes.h monitor.c progressmeter.c scp.c] | ||
3668 | [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] | ||
3669 | move #include <signal.h> out of includes.h; ok markus@ | ||
3670 | - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 | ||
3671 | [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] | ||
3672 | [authfile.c clientloop.c includes.h readconf.c scp.c session.c] | ||
3673 | [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] | ||
3674 | [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] | ||
3675 | [sshconnect2.c sshd.c sshpty.c] | ||
3676 | move #include <sys/stat.h> out of includes.h; ok markus@ | ||
3677 | - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 | ||
3678 | [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] | ||
3679 | [sshconnect.c] | ||
3680 | move #include <ctype.h> out of includes.h; ok djm@ | ||
3681 | - jmc@cvs.openbsd.org 2006/02/24 10:25:14 | ||
3682 | [ssh_config.5] | ||
3683 | add section on patterns; | ||
3684 | from dtucker + myself | ||
3685 | - jmc@cvs.openbsd.org 2006/02/24 10:33:54 | ||
3686 | [sshd_config.5] | ||
3687 | signpost to PATTERNS; | ||
3688 | - jmc@cvs.openbsd.org 2006/02/24 10:37:07 | ||
3689 | [ssh_config.5] | ||
3690 | tidy up the refs to PATTERNS; | ||
3691 | - jmc@cvs.openbsd.org 2006/02/24 10:39:52 | ||
3692 | [sshd.8] | ||
3693 | signpost to PATTERNS section; | ||
3694 | - jmc@cvs.openbsd.org 2006/02/24 20:22:16 | ||
3695 | [ssh-keysign.8 ssh_config.5 sshd_config.5] | ||
3696 | some consistency fixes; | ||
3697 | - jmc@cvs.openbsd.org 2006/02/24 20:31:31 | ||
3698 | [ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
3699 | more consistency fixes; | ||
3700 | - jmc@cvs.openbsd.org 2006/02/24 23:20:07 | ||
3701 | [ssh_config.5] | ||
3702 | some grammar/wording fixes; | ||
3703 | - jmc@cvs.openbsd.org 2006/02/24 23:43:57 | ||
3704 | [sshd_config.5] | ||
3705 | some grammar/wording fixes; | ||
3706 | - jmc@cvs.openbsd.org 2006/02/24 23:51:17 | ||
3707 | [sshd_config.5] | ||
3708 | oops - bits i missed; | ||
3709 | - jmc@cvs.openbsd.org 2006/02/25 12:26:17 | ||
3710 | [ssh_config.5] | ||
3711 | document the possible values for KbdInteractiveDevices; | ||
3712 | help/ok dtucker | ||
3713 | - jmc@cvs.openbsd.org 2006/02/25 12:28:34 | ||
3714 | [sshd_config.5] | ||
3715 | document the order in which allow/deny directives are processed; | ||
3716 | help/ok dtucker | ||
3717 | - jmc@cvs.openbsd.org 2006/02/26 17:17:18 | ||
3718 | [ssh_config.5] | ||
3719 | move PATTERNS to the end of the main body; requested by dtucker | ||
3720 | - jmc@cvs.openbsd.org 2006/02/26 18:01:13 | ||
3721 | [sshd_config.5] | ||
3722 | subsection is pointless here; | ||
3723 | - jmc@cvs.openbsd.org 2006/02/26 18:03:10 | ||
3724 | [ssh_config.5] | ||
3725 | comma; | ||
3726 | - djm@cvs.openbsd.org 2006/02/28 01:10:21 | ||
3727 | [session.c] | ||
3728 | fix logout recording when privilege separation is disabled, analysis and | ||
3729 | patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ | ||
3730 | NB. ID sync only - patch already in portable | ||
3731 | - djm@cvs.openbsd.org 2006/03/04 04:12:58 | ||
3732 | [serverloop.c] | ||
3733 | move a debug() outside of a signal handler; ok markus@ a little while back | ||
3734 | - djm@cvs.openbsd.org 2006/03/12 04:23:07 | ||
3735 | [ssh.c] | ||
3736 | knf nit | ||
3737 | - djm@cvs.openbsd.org 2006/03/13 08:16:00 | ||
3738 | [sshd.c] | ||
3739 | don't log that we are listening on a socket before the listen() call | ||
3740 | actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ | ||
3741 | - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 | ||
3742 | [packet.c] | ||
3743 | Set TCP_NODELAY for all connections not just "interactive" ones. Fixes | ||
3744 | poor performance and protocol stalls under some network conditions (mindrot | ||
3745 | bugs #556 and #981). Patch originally from markus@, ok djm@ | ||
3746 | - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 | ||
3747 | [ssh-keygen.c] | ||
3748 | Make ssh-keygen handle CR and CRLF line termination when converting IETF | ||
3749 | format keys, in adition to vanilla LF. mindrot #1157, tested by Chris | ||
3750 | Pepper, ok djm@ | ||
3751 | - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 | ||
3752 | [misc.c ssh_config.5 sshd_config.5] | ||
3753 | Allow config directives to contain whitespace by surrounding them by double | ||
3754 | quotes. mindrot #482, man page help from jmc@, ok djm@ | ||
3755 | - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 | ||
3756 | [authfile.c authfile.h ssh-add.c] | ||
3757 | Make ssh-add check file permissions before attempting to load private | ||
3758 | key files multiple times; it will fail anyway and this prevents confusing | ||
3759 | multiple prompts and warnings. mindrot #1138, ok djm@ | ||
3760 | - djm@cvs.openbsd.org 2006/03/14 00:15:39 | ||
3761 | [canohost.c] | ||
3762 | log the originating address and not just the name when a reverse | ||
3763 | mapping check fails, requested by linux AT linuon.com | ||
3764 | - markus@cvs.openbsd.org 2006/03/14 16:32:48 | ||
3765 | [ssh_config.5 sshd_config.5] | ||
3766 | *AliveCountMax applies to protcol v2 only; ok dtucker, djm | ||
3767 | - djm@cvs.openbsd.org 2006/03/07 09:07:40 | ||
3768 | [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] | ||
3769 | Implement the diffie-hellman-group-exchange-sha256 key exchange method | ||
3770 | using the SHA256 code in libc (and wrapper to make it into an OpenSSL | ||
3771 | EVP), interop tested against CVS PuTTY | ||
3772 | NB. no portability bits committed yet | ||
3773 | - (djm) [configure.ac defines.h kex.c md-sha256.c] | ||
3774 | [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] | ||
3775 | [openbsd-compat/sha2.c] First stab at portability glue for SHA256 | ||
3776 | KEX support, should work with libc SHA256 support or OpenSSL | ||
3777 | EVP_sha256 if present | ||
3778 | - (djm) [includes.h] Restore accidentally dropped netinet/in.h | ||
3779 | - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files | ||
3780 | - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present | ||
3781 | - (djm) [regress/.cvsignore] Ignore Makefile here | ||
3782 | - (djm) [loginrec.c] Need stat.h | ||
3783 | - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with | ||
3784 | system sha2.h | ||
3785 | - (djm) [ssh-rand-helper.c] Needs a bunch of headers | ||
3786 | - (djm) [ssh-agent.c] Restore dropped stat.h | ||
3787 | - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out | ||
3788 | SHA384, which we don't need and doesn't compile without tweaks | ||
3789 | - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] | ||
3790 | [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] | ||
3791 | [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] | ||
3792 | [openbsd-compat/glob.c openbsd-compat/mktemp.c] | ||
3793 | [openbsd-compat/readpassphrase.c] Lots of include fixes for | ||
3794 | OpenSolaris | ||
3795 | - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" | ||
3796 | - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some | ||
3797 | includes removed from includes.h | ||
3798 | - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE | ||
3799 | - (djm) [includes.h] Put back paths.h, it is needed in defines.h | ||
3800 | - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs | ||
3801 | sys/ioctl.h for struct winsize. | ||
3802 | - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. | ||
3803 | |||
3804 | 20060313 | ||
3805 | - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) | ||
3806 | since not all platforms support it. Instead, use internal equivalent while | ||
3807 | computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* | ||
3808 | as it's no longer required. Tested by Bernhard Simon, ok djm@ | ||
3809 | |||
3810 | 20060304 | ||
3811 | - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a | ||
3812 | file rather than directory, required as Cygwin will be importing lastlog(1). | ||
3813 | Also tightens up permissions on the file. Patch from vinschen@redhat.com. | ||
3814 | - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h | ||
3815 | includes. Patch from gentoo.riverrat at gmail.com. | ||
3816 | |||
3817 | 20060226 | ||
3818 | - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY | ||
3819 | patch from kraai at ftbfs.org. | ||
3820 | |||
3821 | 20060223 | ||
3822 | - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current | ||
3823 | reality. Pointed out by tryponraj at gmail.com. | ||
3824 | |||
3825 | 20060222 | ||
3826 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only | ||
3827 | compile in compat code if required. | ||
3828 | |||
3829 | 20060221 | ||
3830 | - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about | ||
3831 | redefinition of SSLeay_add_all_algorithms. | ||
3832 | |||
3833 | 20060220 | ||
3834 | - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] | ||
3835 | Add optional enabling of OpenSSL's (hardware) Engine support, via | ||
3836 | configure --with-ssl-engine. Based in part on a diff by michal at | ||
3837 | logix.cz. | ||
3838 | |||
3839 | 20060219 | ||
3840 | - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] | ||
3841 | Add first attempt at regress tests for compat library. ok djm@ | ||
3842 | |||
3843 | 20060214 | ||
3844 | - (tim) [buildpkg.sh.in] Make the names consistent. | ||
3845 | s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ | ||
3846 | |||
3847 | 20060212 | ||
3848 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned | ||
3849 | to silence compiler warning, from vinschen at redhat.com. | ||
3850 | - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. | ||
3851 | - (dtucker) [README version.h contrib/caldera/openssh.spec | ||
3852 | contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version | ||
3853 | strings to match 4.3p2 release. | ||
3854 | |||
3855 | 20060208 | ||
3856 | - (tim) [session.c] Logout records were not updated on systems with | ||
3857 | post auth privsep disabled due to bug 1086 changes. Analysis and patch | ||
3858 | by vinschen at redhat.com. OK tim@, dtucker@. | ||
3859 | - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP | ||
3860 | -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@ | ||
3861 | |||
3862 | 20060206 | ||
3863 | - (tim) [configure.ac] Remove unnecessary tests for net/if.h and | ||
3864 | netinet/in_systm.h. OK dtucker@. | ||
3865 | |||
3866 | 20060205 | ||
3867 | - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test | ||
3868 | for Solaris. OK dtucker@. | ||
3869 | - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by | ||
3870 | kraai at ftbfs.org. | ||
3871 | |||
3872 | 20060203 | ||
3873 | - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first | ||
3874 | AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run | ||
3875 | by a platform specific check, builtin standard includes tests will be | ||
3876 | skipped on the other platforms. | ||
3877 | Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. | ||
3878 | OK tim@, djm@. | ||
3879 | |||
3880 | 20060202 | ||
3881 | - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it | ||
3882 | works with picky compilers. Patch from alex.kiernan at thus.net. | ||
3883 | |||
3884 | 20060201 | ||
3885 | - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to | ||
3886 | determine the user's login name - needed for regress tests on Solaris | ||
3887 | 10 and OpenSolaris | ||
3888 | - (djm) OpenBSD CVS Sync | ||
3889 | - jmc@cvs.openbsd.org 2006/02/01 09:06:50 | ||
3890 | [sshd.8] | ||
3891 | - merge sections on protocols 1 and 2 into a single section | ||
3892 | - remove configuration file section | ||
3893 | ok markus | ||
3894 | - jmc@cvs.openbsd.org 2006/02/01 09:11:41 | ||
3895 | [sshd.8] | ||
3896 | small tweak; | ||
3897 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
3898 | [contrib/suse/openssh.spec] Update versions ahead of release | ||
3899 | - markus@cvs.openbsd.org 2006/02/01 11:27:22 | ||
3900 | [version.h] | ||
3901 | openssh 4.3 | ||
3902 | - (djm) Release OpenSSH 4.3p1 | ||
3903 | |||
3904 | 20060131 | ||
3905 | - (djm) OpenBSD CVS Sync | ||
3906 | - jmc@cvs.openbsd.org 2006/01/20 11:21:45 | ||
3907 | [ssh_config.5] | ||
3908 | - word change, agreed w/ markus | ||
3909 | - consistency fixes | ||
3910 | - jmc@cvs.openbsd.org 2006/01/25 09:04:34 | ||
3911 | [sshd.8] | ||
3912 | move the options description up the page, and a few additional tweaks | ||
3913 | whilst in here; | ||
3914 | ok markus | ||
3915 | - jmc@cvs.openbsd.org 2006/01/25 09:07:22 | ||
3916 | [sshd.8] | ||
3917 | move subsections to full sections; | ||
3918 | - jmc@cvs.openbsd.org 2006/01/26 08:47:56 | ||
3919 | [ssh.1] | ||
3920 | add a section on verifying host keys in dns; | ||
3921 | written with a lot of help from jakob; | ||
3922 | feedback dtucker/markus; | ||
3923 | ok markus | ||
3924 | - reyk@cvs.openbsd.org 2006/01/30 12:22:22 | ||
3925 | [channels.c] | ||
3926 | mark channel as write failed or dead instead of read failed on error | ||
3927 | of the channel output filter. | ||
3928 | ok markus@ | ||
3929 | - jmc@cvs.openbsd.org 2006/01/30 13:37:49 | ||
3930 | [ssh.1] | ||
3931 | remove an incorrect sentence; | ||
3932 | reported by roumen petrov; | ||
3933 | ok djm markus | ||
3934 | - djm@cvs.openbsd.org 2006/01/31 10:19:02 | ||
3935 | [misc.c misc.h scp.c sftp.c] | ||
3936 | fix local arbitrary command execution vulnerability on local/local and | ||
3937 | remote/remote copies (CVE-2006-0225, bz #1094), patch by | ||
3938 | t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ | ||
3939 | - djm@cvs.openbsd.org 2006/01/31 10:35:43 | ||
3940 | [scp.c] | ||
3941 | "scp a b c" shouldn't clobber "c" when it is not a directory, report and | ||
3942 | fix from biorn@; ok markus@ | ||
3943 | - (djm) Sync regress tests to OpenBSD: | ||
3944 | - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 | ||
3945 | [regress/forwarding.sh] | ||
3946 | Regress test for ClearAllForwardings (bz #994); ok markus@ | ||
3947 | - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 | ||
3948 | [regress/multiplex.sh] | ||
3949 | Don't call cleanup in multiplex as test-exec will cleanup anyway | ||
3950 | found by tim@, ok djm@ | ||
3951 | NB. ID sync only, we already had this | ||
3952 | - djm@cvs.openbsd.org 2005/05/20 23:14:15 | ||
3953 | [regress/test-exec.sh] | ||
3954 | force addressfamily=inet for tests, unbreaking dynamic-forward regress for | ||
3955 | recently committed nc SOCKS5 changes | ||
3956 | - djm@cvs.openbsd.org 2005/05/24 04:10:54 | ||
3957 | [regress/try-ciphers.sh] | ||
3958 | oops, new arcfour modes here too | ||
3959 | - markus@cvs.openbsd.org 2005/06/30 11:02:37 | ||
3960 | [regress/scp.sh] | ||
3961 | allow SUDO=sudo; from Alexander Bluhm | ||
3962 | - grunk@cvs.openbsd.org 2005/11/14 21:25:56 | ||
3963 | [regress/agent-getpeereid.sh] | ||
3964 | all other scripts in this dir use $SUDO, not 'sudo', so pull this even | ||
3965 | ok markus@ | ||
3966 | - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 | ||
3967 | [regress/scp-ssh-wrapper.sh] | ||
3968 | Fix assumption about how many args scp will pass; ok djm@ | ||
3969 | NB. ID sync only, we already had this | ||
3970 | - djm@cvs.openbsd.org 2006/01/27 06:49:21 | ||
3971 | [scp.sh] | ||
3972 | regress test for local to local scp copies; ok dtucker@ | ||
3973 | - djm@cvs.openbsd.org 2006/01/31 10:23:23 | ||
3974 | [scp.sh] | ||
3975 | regression test for CVE-2006-0225 written by dtucker@ | ||
3976 | - djm@cvs.openbsd.org 2006/01/31 10:36:33 | ||
3977 | [scp.sh] | ||
3978 | regress test for "scp a b c" where "c" is not a directory | ||
3979 | |||
3980 | 20060129 | ||
3981 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the | ||
3982 | opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ | ||
3983 | |||
3984 | 20060120 | ||
3985 | - (dtucker) OpenBSD CVS Sync | ||
3986 | - jmc@cvs.openbsd.org 2006/01/15 17:37:05 | ||
3987 | [ssh.1] | ||
3988 | correction from deraadt | ||
3989 | - jmc@cvs.openbsd.org 2006/01/18 10:53:29 | ||
3990 | [ssh.1] | ||
3991 | add a section on ssh-based vpn, based on reyk's README.tun; | ||
3992 | - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 | ||
3993 | [scp.1 ssh.1 ssh_config.5 sftp.1] | ||
3994 | Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot | ||
3995 | #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ | ||
3996 | |||
3997 | 20060114 | ||
3998 | - (djm) OpenBSD CVS Sync | ||
3999 | - jmc@cvs.openbsd.org 2006/01/06 13:27:32 | ||
4000 | [ssh.1] | ||
4001 | weed out some duplicate info in the known_hosts FILES entries; | ||
4002 | ok djm | ||
4003 | - jmc@cvs.openbsd.org 2006/01/06 13:29:10 | ||
4004 | [ssh.1] | ||
4005 | final round of whacking FILES for duplicate info, and some consistency | ||
4006 | fixes; | ||
4007 | ok djm | ||
4008 | - jmc@cvs.openbsd.org 2006/01/12 14:44:12 | ||
4009 | [ssh.1] | ||
4010 | split sections on tcp and x11 forwarding into two sections. | ||
4011 | add an example in the tcp section, based on sth i wrote for ssh faq; | ||
4012 | help + ok: djm markus dtucker | ||
4013 | - jmc@cvs.openbsd.org 2006/01/12 18:48:48 | ||
4014 | [ssh.1] | ||
4015 | refer to `TCP' rather than `TCP/IP' in the context of connection | ||
4016 | forwarding; | ||
4017 | ok markus | ||
4018 | - jmc@cvs.openbsd.org 2006/01/12 22:20:00 | ||
4019 | [sshd.8] | ||
4020 | refer to TCP forwarding, rather than TCP/IP forwarding; | ||
4021 | - jmc@cvs.openbsd.org 2006/01/12 22:26:02 | ||
4022 | [ssh_config.5] | ||
4023 | refer to TCP forwarding, rather than TCP/IP forwarding; | ||
4024 | - jmc@cvs.openbsd.org 2006/01/12 22:34:12 | ||
4025 | [ssh.1] | ||
4026 | back out a sentence - AUTHENTICATION already documents this; | ||
4027 | |||
4028 | 20060109 | ||
4029 | - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on | ||
4030 | tcpip service so it's always started after IP is up. Patch from | ||
4031 | vinschen at redhat.com. | ||
4032 | |||
4033 | 20060106 | ||
4034 | - (djm) OpenBSD CVS Sync | ||
4035 | - jmc@cvs.openbsd.org 2006/01/03 16:31:10 | ||
4036 | [ssh.1] | ||
4037 | move FILES to a -compact list, and make each files an item in that list. | ||
4038 | this avoids nastly line wrap when we have long pathnames, and treats | ||
4039 | each file as a separate item; | ||
4040 | remove the .Pa too, since it is useless. | ||
4041 | - jmc@cvs.openbsd.org 2006/01/03 16:35:30 | ||
4042 | [ssh.1] | ||
4043 | use a larger width for the ENVIRONMENT list; | ||
4044 | - jmc@cvs.openbsd.org 2006/01/03 16:52:36 | ||
4045 | [ssh.1] | ||
4046 | put FILES in some sort of order: sort by pathname | ||
4047 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 | ||
4048 | [ssh.1] | ||
4049 | tweak the description of ~/.ssh/environment | ||
4050 | - jmc@cvs.openbsd.org 2006/01/04 18:42:46 | ||
4051 | [ssh.1] | ||
4052 | chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES | ||
4053 | entries; | ||
4054 | ok markus | ||
4055 | - jmc@cvs.openbsd.org 2006/01/04 18:45:01 | ||
4056 | [ssh.1] | ||
4057 | remove .Xr's to rsh(1) and telnet(1): they are hardly needed; | ||
4058 | - jmc@cvs.openbsd.org 2006/01/04 19:40:24 | ||
4059 | [ssh.1] | ||
4060 | +.Xr ssh-keyscan 1 , | ||
4061 | - jmc@cvs.openbsd.org 2006/01/04 19:50:09 | ||
4062 | [ssh.1] | ||
4063 | -.Xr gzip 1 , | ||
4064 | - djm@cvs.openbsd.org 2006/01/05 23:43:53 | ||
4065 | [misc.c] | ||
4066 | check that stdio file descriptors are actually closed before clobbering | ||
4067 | them in sanitise_stdfd(). problems occurred when a lower numbered fd was | ||
4068 | closed, but higher ones weren't. spotted by, and patch tested by | ||
4069 | Frédéric Olivié | ||
4070 | |||
4071 | 20060103 | ||
4072 | - (djm) [channels.c] clean up harmless merge error, from reyk@ | ||
4073 | |||
4074 | 20060103 | ||
4075 | - (djm) OpenBSD CVS Sync | ||
4076 | - jmc@cvs.openbsd.org 2006/01/02 17:09:49 | ||
4077 | [ssh_config.5 sshd_config.5] | ||
4078 | some corrections from michael knudsen; | ||
4079 | |||
4080 | 20060102 | ||
4081 | - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support | ||
4082 | - (djm) OpenBSD CVS Sync | ||
4083 | - jmc@cvs.openbsd.org 2005/12/31 10:46:17 | ||
4084 | [ssh.1] | ||
4085 | merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER | ||
4086 | AUTHENTICATION" sections into "AUTHENTICATION"; | ||
4087 | some rewording done to make the text read better, plus some | ||
4088 | improvements from djm; | ||
4089 | ok djm | ||
4090 | - jmc@cvs.openbsd.org 2005/12/31 13:44:04 | ||
4091 | [ssh.1] | ||
4092 | clean up ENVIRONMENT a little; | ||
4093 | - jmc@cvs.openbsd.org 2005/12/31 13:45:19 | ||
4094 | [ssh.1] | ||
4095 | .Nm does not require an argument; | ||
4096 | - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 | ||
4097 | [includes.h misc.c] | ||
4098 | move <net/if.h>; ok djm@ | ||
4099 | - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 | ||
4100 | [misc.c] | ||
4101 | no trailing "\n" for debug() | ||
4102 | - djm@cvs.openbsd.org 2006/01/02 01:20:31 | ||
4103 | [sftp-client.c sftp-common.h sftp-server.c] | ||
4104 | use a common max. packet length, no binary change | ||
4105 | - reyk@cvs.openbsd.org 2006/01/02 07:53:44 | ||
4106 | [misc.c] | ||
4107 | clarify tun(4) opening - set the mode and bring the interface up. also | ||
4108 | (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. | ||
4109 | suggested and ok by djm@ | ||
4110 | - jmc@cvs.openbsd.org 2006/01/02 12:31:06 | ||
4111 | [ssh.1] | ||
4112 | start to cut some duplicate info from FILES; | ||
4113 | help/ok djm | ||
4114 | |||
4115 | 20060101 | ||
4116 | - (djm) [Makefile.in configure.ac includes.h misc.c] | ||
4117 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support | ||
4118 | for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is | ||
4119 | limited to IPv4 tunnels only, and most versions don't support the | ||
4120 | tap(4) device at all. | ||
4121 | - (djm) [configure.ac] Fix linux/if_tun.h test | ||
4122 | - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too | ||
4123 | |||
4124 | 20051229 | ||
4125 | - (djm) OpenBSD CVS Sync | ||
4126 | - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 | ||
4127 | [canohost.c channels.c clientloop.c] | ||
4128 | use 'break-in' for consistency; ok deraadt@ ok and input jmc@ | ||
4129 | - reyk@cvs.openbsd.org 2005/12/30 15:56:37 | ||
4130 | [channels.c channels.h clientloop.c] | ||
4131 | add channel output filter interface. | ||
4132 | ok djm@, suggested by markus@ | ||
4133 | - jmc@cvs.openbsd.org 2005/12/30 16:59:00 | ||
4134 | [sftp.1] | ||
4135 | do not suggest that interactive authentication will work | ||
4136 | with the -b flag; | ||
4137 | based on a diff from john l. scarfone; | ||
4138 | ok djm | ||
4139 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 | ||
4140 | [ssh.1] | ||
4141 | document -MM; ok djm@ | ||
4142 | - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] | ||
4143 | [serverloop.c ssh.c openbsd-compat/Makefile.in] | ||
4144 | [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding | ||
4145 | compatability support for Linux, diff from reyk@ | ||
4146 | - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does | ||
4147 | not exist | ||
4148 | - (djm) [configure.ac] oops, make that linux/if_tun.h | ||
4149 | |||
4150 | 20051229 | ||
4151 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd | ||
4152 | |||
4153 | 20051224 | ||
4154 | - (djm) OpenBSD CVS Sync | ||
4155 | - jmc@cvs.openbsd.org 2005/12/20 21:59:43 | ||
4156 | [ssh.1] | ||
4157 | merge the sections on protocols 1 and 2 into one section on | ||
4158 | authentication; | ||
4159 | feedback djm dtucker | ||
4160 | ok deraadt markus dtucker | ||
4161 | - jmc@cvs.openbsd.org 2005/12/20 22:02:50 | ||
4162 | [ssh.1] | ||
4163 | .Ss -> .Sh: subsections have not made this page more readable | ||
4164 | - jmc@cvs.openbsd.org 2005/12/20 22:09:41 | ||
4165 | [ssh.1] | ||
4166 | move info on ssh return values and config files up into the main | ||
4167 | description; | ||
4168 | - jmc@cvs.openbsd.org 2005/12/21 11:48:16 | ||
4169 | [ssh.1] | ||
4170 | -L and -R descriptions are now above, not below, ~C description; | ||
4171 | - jmc@cvs.openbsd.org 2005/12/21 11:57:25 | ||
4172 | [ssh.1] | ||
4173 | options now described `above', rather than `later'; | ||
4174 | - jmc@cvs.openbsd.org 2005/12/21 12:53:31 | ||
4175 | [ssh.1] | ||
4176 | -Y does X11 forwarding too; | ||
4177 | ok markus | ||
4178 | - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 | ||
4179 | [sshd.8] | ||
4180 | clarify precedence of -p, Port, ListenAddress; ok and help jmc@ | ||
4181 | - jmc@cvs.openbsd.org 2005/12/22 10:31:40 | ||
4182 | [ssh_config.5] | ||
4183 | put the description of "UsePrivilegedPort" in the correct place; | ||
4184 | - jmc@cvs.openbsd.org 2005/12/22 11:23:42 | ||
4185 | [ssh.1] | ||
4186 | expand the description of -w somewhat; | ||
4187 | help/ok reyk | ||
4188 | - jmc@cvs.openbsd.org 2005/12/23 14:55:53 | ||
4189 | [ssh.1] | ||
4190 | - sync the description of -e w/ synopsis | ||
4191 | - simplify the description of -I | ||
4192 | - note that -I is only available if support compiled in, and that it | ||
4193 | isn't by default | ||
4194 | feedback/ok djm@ | ||
4195 | - jmc@cvs.openbsd.org 2005/12/23 23:46:23 | ||
4196 | [ssh.1] | ||
4197 | less mark up for -c; | ||
4198 | - djm@cvs.openbsd.org 2005/12/24 02:27:41 | ||
4199 | [session.c sshd.c] | ||
4200 | eliminate some code duplicated in privsep and non-privsep paths, and | ||
4201 | explicitly clear SIGALRM handler; "groovy" deraadt@ | ||
4202 | |||
4203 | 20051220 | ||
4204 | - (dtucker) OpenBSD CVS Sync | ||
4205 | - reyk@cvs.openbsd.org 2005/12/13 15:03:02 | ||
4206 | [serverloop.c] | ||
4207 | if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY | ||
4208 | - jmc@cvs.openbsd.org 2005/12/16 18:07:08 | ||
4209 | [ssh.1] | ||
4210 | move the option descriptions up the page: start of a restructure; | ||
4211 | ok markus deraadt | ||
4212 | - jmc@cvs.openbsd.org 2005/12/16 18:08:53 | ||
4213 | [ssh.1] | ||
4214 | simplify a sentence; | ||
4215 | - jmc@cvs.openbsd.org 2005/12/16 18:12:22 | ||
4216 | [ssh.1] | ||
4217 | make the description of -c a little nicer; | ||
4218 | - jmc@cvs.openbsd.org 2005/12/16 18:14:40 | ||
4219 | [ssh.1] | ||
4220 | signpost the protocol sections; | ||
4221 | - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 | ||
4222 | [ssh_config.5 session.c] | ||
4223 | spelling: fowarding, fowarded | ||
4224 | - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 | ||
4225 | [ssh_config.5] | ||
4226 | spelling: intented -> intended | ||
4227 | - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 | ||
4228 | [ssh.c] | ||
4229 | exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ | ||
4230 | |||
4231 | 20051219 | ||
4232 | - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac | ||
4233 | openbsd-compat/openssl-compat.h] Check for and work around broken AES | ||
4234 | ciphers >128bit on (some) Solaris 10 systems. ok djm@ | ||
4235 | |||
4236 | 20051217 | ||
4237 | - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which | ||
4238 | scp.c also uses, so undef them here. | ||
4239 | - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our | ||
4240 | snprintf replacement can have a conflicting declaration in HP-UX's system | ||
4241 | headers (const vs. no const) so we now check for and work around it. Patch | ||
4242 | from the dynamic duo of David Leonard and Ted Percival. | ||
4243 | |||
4244 | 20051214 | ||
4245 | - (dtucker) OpenBSD CVS Sync (regress/) | ||
4246 | - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 | ||
4247 | [regress/scp-ssh-wrapper.sh] | ||
4248 | Fix assumption about how many args scp will pass; ok djm@ | ||
4249 | |||
4250 | 20051213 | ||
4251 | - (djm) OpenBSD CVS Sync | ||
4252 | - jmc@cvs.openbsd.org 2005/11/30 11:18:27 | ||
4253 | [ssh.1] | ||
4254 | timezone -> time zone | ||
4255 | - jmc@cvs.openbsd.org 2005/11/30 11:45:20 | ||
4256 | [ssh.1] | ||
4257 | avoid ambiguities in describing TZ; | ||
4258 | ok djm@ | ||
4259 | - reyk@cvs.openbsd.org 2005/12/06 22:38:28 | ||
4260 | [auth-options.c auth-options.h channels.c channels.h clientloop.c] | ||
4261 | [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] | ||
4262 | [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] | ||
4263 | [sshconnect.h sshd.8 sshd_config sshd_config.5] | ||
4264 | Add support for tun(4) forwarding over OpenSSH, based on an idea and | ||
4265 | initial channel code bits by markus@. This is a simple and easy way to | ||
4266 | use OpenSSH for ad hoc virtual private network connections, e.g. | ||
4267 | administrative tunnels or secure wireless access. It's based on a new | ||
4268 | ssh channel and works similar to the existing TCP forwarding support, | ||
4269 | except that it depends on the tun(4) network interface on both ends of | ||
4270 | the connection for layer 2 or layer 3 tunneling. This diff also adds | ||
4271 | support for LocalCommand in the ssh(1) client. | ||
4272 | ok djm@, markus@, jmc@ (manpages), tested and discussed with others | ||
4273 | - djm@cvs.openbsd.org 2005/12/07 03:52:22 | ||
4274 | [clientloop.c] | ||
4275 | reyk forgot to compile with -Werror (missing header) | ||
4276 | - jmc@cvs.openbsd.org 2005/12/07 10:52:13 | ||
4277 | [ssh.1] | ||
4278 | - avoid line split in SYNOPSIS | ||
4279 | - add args to -w | ||
4280 | - kill trailing whitespace | ||
4281 | - jmc@cvs.openbsd.org 2005/12/08 14:59:44 | ||
4282 | [ssh.1 ssh_config.5] | ||
4283 | make `!command' a little clearer; | ||
4284 | ok reyk | ||
4285 | - jmc@cvs.openbsd.org 2005/12/08 15:06:29 | ||
4286 | [ssh_config.5] | ||
4287 | keep options in order; | ||
4288 | - reyk@cvs.openbsd.org 2005/12/08 18:34:11 | ||
4289 | [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] | ||
4290 | [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] | ||
4291 | two changes to the new ssh tunnel support. this breaks compatibility | ||
4292 | with the initial commit but is required for a portable approach. | ||
4293 | - make the tunnel id u_int and platform friendly, use predefined types. | ||
4294 | - support configuration of layer 2 (ethernet) or layer 3 | ||
4295 | (point-to-point, default) modes. configuration is done using the | ||
4296 | Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and | ||
4297 | restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option | ||
4298 | in sshd_config(5). | ||
4299 | ok djm@, man page bits by jmc@ | ||
4300 | - jmc@cvs.openbsd.org 2005/12/08 21:37:50 | ||
4301 | [ssh_config.5] | ||
4302 | new sentence, new line; | ||
4303 | - markus@cvs.openbsd.org 2005/12/12 13:46:18 | ||
4304 | [channels.c channels.h session.c] | ||
4305 | make sure protocol messages for internal channels are ignored. | ||
4306 | allow adjust messages for non-open channels; with and ok djm@ | ||
4307 | - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable | ||
4308 | again by providing a sys_tun_open() function for your platform and | ||
4309 | setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match | ||
4310 | OpenBSD's tunnel protocol, which prepends the address family to the | ||
4311 | packet | ||
4312 | |||
4313 | 20051201 | ||
4314 | - (djm) [envpass.sh] Remove regress script that was accidentally committed | ||
4315 | in top level directory and not noticed for over a year :) | ||
4316 | |||
4317 | 20051129 | ||
4318 | - (tim) [ssh-keygen.c] Move DSA length test after setting default when | ||
4319 | bits == 0. | ||
4320 | - (dtucker) OpenBSD CVS Sync | ||
4321 | - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 | ||
4322 | [ssh-keygen.c] | ||
4323 | Populate default key sizes before checking them; from & ok tim@ | ||
4324 | - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) | ||
4325 | for UnixWare. | ||
4326 | |||
4327 | 20051128 | ||
4328 | - (dtucker) [regress/yes-head.sh] Work around breakage caused by some | ||
4329 | versions of GNU head. Based on patch from zappaman at buraphalinux.org | ||
4330 | - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use | ||
4331 | _GNU_SOURCE instead. Patch from t8m at centrum.cz. | ||
4332 | - (dtucker) OpenBSD CVS Sync | ||
4333 | - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 | ||
4334 | [ssh-keygen.1 ssh-keygen.c] | ||
4335 | Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, | ||
4336 | increase minumum RSA key size to 768 bits and update man page to reflect | ||
4337 | these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), | ||
4338 | ok djm@, grudging ok deraadt@. | ||
4339 | - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 | ||
4340 | [ssh-agent.1] | ||
4341 | Update agent socket path templates to reflect reality, correct xref for | ||
4342 | time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ | ||
4343 | |||
4344 | 20051126 | ||
4345 | - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, | ||
4346 | when they're available) need the real UID set otherwise pam_chauthtok will | ||
4347 | set ADMCHG after changing the password, forcing the user to change it | ||
4348 | again immediately. | ||
4349 | |||
4350 | 20051125 | ||
4351 | - (dtucker) [configure.ac] Apply tim's fix for older systems where the | ||
4352 | resolver state in resolv.h is "state" not "__res_state". With slight | ||
4353 | modification by me to also work on old AIXes. ok djm@ | ||
4354 | - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for | ||
4355 | snprintf formats, fixes warnings on some 64 bit platforms. Patch from | ||
4356 | shaw at vranix.com, ok djm@ | ||
4357 | |||
4358 | 20051124 | ||
4359 | - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c | ||
4360 | openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an | ||
4361 | asprintf() implementation, after syncing our {v,}snprintf() implementation | ||
4362 | with some extra fixes from Samba's version. With help and debugging from | ||
4363 | dtucker and tim; ok dtucker@ | ||
4364 | - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument | ||
4365 | order in Reliant Unix block. Patch from johane at lysator.liu.se. | ||
4366 | - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so | ||
4367 | many and use them only once. Speeds up testing on older/slower hardware. | ||
4368 | |||
4369 | 20051122 | ||
4370 | - (dtucker) OpenBSD CVS Sync | ||
4371 | - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 | ||
4372 | [ssh-add.c] | ||
4373 | space | ||
4374 | - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 | ||
4375 | [scp.c] | ||
4376 | avoid close(-1), as in rcp; ok cloder | ||
4377 | - millert@cvs.openbsd.org 2005/11/15 11:59:54 | ||
4378 | [includes.h] | ||
4379 | Include sys/queue.h explicitly instead of assuming some other header | ||
4380 | will pull it in. At the moment it gets pulled in by sys/select.h | ||
4381 | (which ssh has no business including) via event.h. OK markus@ | ||
4382 | (ID sync only in -portable) | ||
4383 | - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 | ||
4384 | [auth-krb5.c] | ||
4385 | Perform Kerberos calls even for invalid users to prevent leaking | ||
4386 | information about account validity. bz #975, patch originally from | ||
4387 | Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, | ||
4388 | ok markus@ | ||
4389 | - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 | ||
4390 | [hostfile.c] | ||
4391 | Correct format/arguments to debug call; spotted by shaw at vranix.com | ||
4392 | ok djm@ | ||
4393 | - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch | ||
4394 | from shaw at vranix.com. | ||
4395 | |||
4396 | 20051120 | ||
4397 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what | ||
4398 | is going on. | ||
4399 | |||
4400 | 20051112 | ||
4401 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific | ||
4402 | ifdef lost during sync. Spotted by tim@. | ||
4403 | - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. | ||
4404 | - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. | ||
4405 | - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ | ||
4406 | - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure | ||
4407 | test: if sshd takes too long to reconfigure the subsequent connection will | ||
4408 | fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. | ||
4409 | |||
4410 | 20051110 | ||
4411 | - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from | ||
4412 | OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of | ||
4413 | "register"). | ||
4414 | - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove | ||
4415 | unnecessary prototype. | ||
4416 | - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c | ||
4417 | revs 1.7 - 1.9. | ||
4418 | - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. | ||
4419 | Patch from djm@. | ||
4420 | - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ | ||
4421 | since they're not useful right now. Patch from djm@. | ||
4422 | - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI | ||
4423 | prototypes, removal of "register"). | ||
4424 | - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal | ||
4425 | of "register"). | ||
4426 | - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to | ||
4427 | after the copyright notices. Having them at the top next to the CVSIDs | ||
4428 | guarantees a conflict for each and every sync. | ||
4429 | - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. | ||
4430 | - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. | ||
4431 | - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. | ||
4432 | Removal of rcsid, "whiteout" inode type. | ||
4433 | - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. | ||
4434 | Removal of rcsid, will no longer strlcpy parts of the string. | ||
4435 | - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. | ||
4436 | - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. | ||
4437 | - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. | ||
4438 | - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. | ||
4439 | - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. | ||
4440 | - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. | ||
4441 | - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. | ||
4442 | - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up | ||
4443 | with OpenBSD code since we don't support platforms without fstat any more. | ||
4444 | - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. | ||
4445 | - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. | ||
4446 | - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. | ||
4447 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. | ||
4448 | - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. | ||
4449 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. | ||
4450 | - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. | ||
4451 | - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. | ||
4452 | - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. | ||
4453 | - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. | ||
4454 | - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. | ||
4455 | Id and copyright sync only, there were no substantial changes we need. | ||
4456 | - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] | ||
4457 | -Wsign-compare fixes from djm. | ||
4458 | - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. | ||
4459 | Id and copyright sync only, there were no substantial changes we need. | ||
4460 | - (dtucker) [configure.ac] Try to get the gcc version number in a way that | ||
4461 | doesn't change between versions, and use a safer default. | ||
4462 | |||
4463 | 20051105 | ||
4464 | - (djm) OpenBSD CVS Sync | ||
4465 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | ||
4466 | [ssh-keygen.c] | ||
4467 | change DSA default back to 1024, as it's defined for 1024 bits only | ||
4468 | and this causes interop problems with other clients. moreover, | ||
4469 | in order to improve the security of DSA you need to change more | ||
4470 | components of DSA key generation (e.g. the internal SHA1 hash); | ||
4471 | ok deraadt | ||
4472 | - djm@cvs.openbsd.org 2005/10/10 10:23:08 | ||
4473 | [channels.c channels.h clientloop.c serverloop.c session.c] | ||
4474 | fix regression I introduced in 4.2: X11 forwardings initiated after | ||
4475 | a session has exited (e.g. "(sleep 5; xterm) &") would not start. | ||
4476 | bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ | ||
4477 | - djm@cvs.openbsd.org 2005/10/11 23:37:37 | ||
4478 | [channels.c] | ||
4479 | bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing | ||
4480 | bind() failure when a previous connection's listeners are in TIME_WAIT, | ||
4481 | reported by plattner AT inf.ethz.ch; ok dtucker@ | ||
4482 | - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 | ||
4483 | [auth2-gss.c gss-genr.c gss-serv.c] | ||
4484 | remove unneeded #includes; ok markus@ | ||
4485 | - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 | ||
4486 | [gss-serv.c] | ||
4487 | spelling in comments | ||
4488 | - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 | ||
4489 | [gss-serv-krb5.c gss-serv.c] | ||
4490 | unused declarations; ok deraadt@ | ||
4491 | (id sync only for gss-serv-krb5.c) | ||
4492 | - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 | ||
4493 | [dns.c] | ||
4494 | unneeded #include, unused declaration, little knf; ok deraadt@ | ||
4495 | - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 | ||
4496 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c] | ||
4497 | KNF; ok djm@ | ||
4498 | - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 | ||
4499 | [ssh-keygen.c ssh.c sshconnect2.c] | ||
4500 | no trailing "\n" for log functions; ok djm@ | ||
4501 | - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 | ||
4502 | [channels.c clientloop.c] | ||
4503 | free()->xfree(); ok djm@ | ||
4504 | - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 | ||
4505 | [sshconnect.c] | ||
4506 | make external definition static; ok deraadt@ | ||
4507 | - stevesk@cvs.openbsd.org 2005/10/17 13:45:05 | ||
4508 | [dns.c] | ||
4509 | fix memory leaks from 2 sources: | ||
4510 | 1) key_fingerprint_raw() | ||
4511 | 2) malloc in dns_read_rdata() | ||
4512 | ok jakob@ | ||
4513 | - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 | ||
4514 | [dns.c] | ||
4515 | remove #ifdef LWRES; ok jakob@ | ||
4516 | - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 | ||
4517 | [dns.c dns.h] | ||
4518 | more cleanups; ok jakob@ | ||
4519 | - djm@cvs.openbsd.org 2005/10/30 01:23:19 | ||
4520 | [ssh_config.5] | ||
4521 | mention control socket fallback behaviour, reported by | ||
4522 | tryponraj AT gmail.com | ||
4523 | - djm@cvs.openbsd.org 2005/10/30 04:01:03 | ||
4524 | [ssh-keyscan.c] | ||
4525 | make ssh-keygen discard junk from server before SSH- ident, spotted by | ||
4526 | dave AT cirt.net; ok dtucker@ | ||
4527 | - djm@cvs.openbsd.org 2005/10/30 04:03:24 | ||
4528 | [ssh.c] | ||
4529 | fix misleading debug message; ok dtucker@ | ||
4530 | - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 | ||
4531 | [canohost.c sshd.c] | ||
4532 | Check for connections with IP options earlier and drop silently. ok djm@ | ||
4533 | - jmc@cvs.openbsd.org 2005/10/30 08:43:47 | ||
4534 | [ssh_config.5] | ||
4535 | remove trailing whitespace; | ||
4536 | - djm@cvs.openbsd.org 2005/10/30 08:52:18 | ||
4537 | [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] | ||
4538 | [ssh.c sshconnect.c sshconnect1.c sshd.c] | ||
4539 | no need to escape single quotes in comments, no binary change | ||
4540 | - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 | ||
4541 | [sftp.c] | ||
4542 | Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ | ||
4543 | - djm@cvs.openbsd.org 2005/10/31 11:12:49 | ||
4544 | [ssh-keygen.1 ssh-keygen.c] | ||
4545 | generate a protocol 2 RSA key by default | ||
4546 | - djm@cvs.openbsd.org 2005/10/31 11:48:29 | ||
4547 | [serverloop.c] | ||
4548 | make sure we clean up wtmp, etc. file when we receive a SIGTERM, | ||
4549 | SIGINT or SIGQUIT when running without privilege separation (the | ||
4550 | normal privsep case is already OK). Patch mainly by dtucker@ and | ||
4551 | senthilkumar_sen AT hotpop.com; ok dtucker@ | ||
4552 | - jmc@cvs.openbsd.org 2005/10/31 19:55:25 | ||
4553 | [ssh-keygen.1] | ||
4554 | grammar; | ||
4555 | - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 | ||
4556 | [canohost.c] | ||
4557 | Cache reverse lookups with and without DNS separately; ok markus@ | ||
4558 | - djm@cvs.openbsd.org 2005/11/04 05:15:59 | ||
4559 | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] | ||
4560 | remove hardcoded hash lengths in key exchange code, allowing | ||
4561 | implementation of KEX methods with different hashes (e.g. SHA-256); | ||
4562 | ok markus@ dtucker@ stevesk@ | ||
4563 | - djm@cvs.openbsd.org 2005/11/05 05:01:15 | ||
4564 | [bufaux.c] | ||
4565 | Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT | ||
4566 | cs.stanford.edu; ok dtucker@ | ||
4567 | - (dtucker) [README.platform] Add PAM section. | ||
4568 | - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, | ||
4569 | resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; | ||
4570 | ok dtucker@ | ||
4571 | |||
4572 | 20051102 | ||
4573 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | ||
4574 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | ||
4575 | via FreeBSD. | ||
4576 | |||
4577 | 20051030 | ||
4578 | - (djm) [contrib/suse/openssh.spec contrib/suse/rc. | ||
4579 | sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init | ||
4580 | files from imorgan AT nas.nasa.gov | ||
4581 | - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is | ||
4582 | enabled, instead allow PAM to handle it. Note that on platforms using PAM, | ||
4583 | the pam_nologin module should be added to sshd's session stack in order to | ||
4584 | maintain exising behaviour. Based on patch and discussion from t8m at | ||
4585 | centrum.cz, ok djm@ | ||
4586 | |||
4587 | 20051025 | ||
4588 | - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the | ||
4589 | sizeof(long long) checks, to make fixing bug #1104 easier (no changes | ||
4590 | yet). | ||
4591 | - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't | ||
4592 | understand "%lld", even though the compiler has "long long", so handle | ||
4593 | it as a special case. Patch tested by mcaskill.scott at epa.gov. | ||
4594 | - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no | ||
4595 | prompt. Patch from vinschen at redhat.com. | ||
4596 | |||
4597 | 20051017 | ||
4598 | - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. | ||
4599 | /etc/default/login report and testing from aabaker at iee.org, corrections | ||
4600 | from tim@. | ||
4601 | |||
4602 | 20051009 | ||
4603 | - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current | ||
4604 | versions from OpenBSD. ok djm@ | ||
4605 | |||
4606 | 20051008 | ||
4607 | - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from | ||
4608 | brian.smith at agilent com. | ||
4609 | - (djm) [configure.ac] missing 'test' call for -with-Werror test | ||
4610 | |||
4611 | 20051005 | ||
4612 | - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended | ||
4613 | "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and | ||
4614 | senthilkumar_sen at hotpop.com. | ||
4615 | |||
4616 | 20051003 | ||
4617 | - (dtucker) OpenBSD CVS Sync | ||
4618 | - markus@cvs.openbsd.org 2005/09/07 08:53:53 | ||
4619 | [channels.c] | ||
4620 | enforce chanid != NULL; ok djm | ||
4621 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 | ||
4622 | [clientloop.c] | ||
4623 | typo; from mark at mcs.vuw.ac.nz, bug #1082 | ||
4624 | - djm@cvs.openbsd.org 2005/09/13 23:40:07 | ||
4625 | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c | ||
4626 | scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] | ||
4627 | ensure that stdio fds are attached; ok deraadt@ | ||
4628 | - djm@cvs.openbsd.org 2005/09/19 11:37:34 | ||
4629 | [ssh_config.5 ssh.1] | ||
4630 | mention ability to specify bind_address for DynamicForward and -D options; | ||
4631 | bz#1077 spotted by Haruyama Seigo | ||
4632 | - djm@cvs.openbsd.org 2005/09/19 11:47:09 | ||
4633 | [sshd.c] | ||
4634 | stop connection abort on rekey with delayed compression enabled when | ||
4635 | post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ | ||
4636 | - djm@cvs.openbsd.org 2005/09/19 11:48:10 | ||
4637 | [gss-serv.c] | ||
4638 | typo | ||
4639 | - jmc@cvs.openbsd.org 2005/09/19 15:38:27 | ||
4640 | [ssh.1] | ||
4641 | some more .Bk/.Ek to avoid ugly line split; | ||
4642 | - jmc@cvs.openbsd.org 2005/09/19 15:42:44 | ||
4643 | [ssh.c] | ||
4644 | update -D usage here too; | ||
4645 | - djm@cvs.openbsd.org 2005/09/19 23:31:31 | ||
4646 | [ssh.1] | ||
4647 | spelling nit from stevesk@ | ||
4648 | - djm@cvs.openbsd.org 2005/09/21 23:36:54 | ||
4649 | [sshd_config.5] | ||
4650 | aquire -> acquire, from stevesk@ | ||
4651 | - djm@cvs.openbsd.org 2005/09/21 23:37:11 | ||
4652 | [sshd.c] | ||
4653 | change label at markus@'s request | ||
4654 | - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 | ||
4655 | [ssh-keyscan.1] | ||
4656 | deploy .An -nosplit; ok jmc | ||
4657 | - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 | ||
4658 | [canohost.c] | ||
4659 | Relocate check_ip_options call to prevent logging of garbage for | ||
4660 | connections with IP options set. bz#1092 from David Leonard, | ||
4661 | "looks good" deraadt@ | ||
4662 | - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp | ||
4663 | is required in the system path for the multiplex test to work. | ||
4664 | |||
4665 | 20050930 | ||
4666 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype | ||
4667 | for strtoll. Patch from o.flebbe at science-computing.de. | ||
4668 | - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep | ||
4669 | child during PAM account check without clearing it. This restores the | ||
4670 | post-login warnings such as LDAP password expiry. Patch from Tomas Mraz | ||
4671 | with help from several others. | ||
4672 | |||
4673 | 20050929 | ||
4674 | - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg | ||
4675 | introduced during sync. | ||
4676 | |||
4677 | 20050928 | ||
4678 | - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. | ||
4679 | - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from | ||
4680 | PAM via keyboard-interactive. Patch tested by the folks at Vintela. | ||
4681 | |||
4682 | 20050927 | ||
4683 | - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid | ||
4684 | calls, since they can't possibly fail. ok djm@ | ||
4685 | - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed | ||
4686 | process when sshd relies on ssh-random-helper. Should result in faster | ||
4687 | logins on systems without a real random device or prngd. ok djm@ | ||
4688 | |||
4689 | 20050924 | ||
4690 | - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove | ||
4691 | duplicate call. ok djm@ | ||
4692 | |||
4693 | 20050922 | ||
4694 | - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from | ||
4695 | skeleten at shillest.net. | ||
4696 | - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at | ||
4697 | shillest.net. | ||
4698 | |||
4699 | 20050919 | ||
4700 | - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to | ||
4701 | AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. | ||
4702 | ok dtucker@ | ||
4703 | |||
4704 | 20050912 | ||
4705 | - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by | ||
4706 | Mike Frysinger. | ||
4707 | |||
4708 | 20050908 | ||
4709 | - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to | ||
4710 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | ||
4711 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | ||
4712 | |||
4713 | $Id: ChangeLog,v 1.5095 2008/07/21 08:22:25 djm Exp $ | ||