summaryrefslogtreecommitdiff
path: root/ChangeLog.Ylonen
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.Ylonen')
-rw-r--r--ChangeLog.Ylonen578
1 files changed, 578 insertions, 0 deletions
diff --git a/ChangeLog.Ylonen b/ChangeLog.Ylonen
new file mode 100644
index 000000000..08d90f78d
--- /dev/null
+++ b/ChangeLog.Ylonen
@@ -0,0 +1,578 @@
1Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
2
3 * Released 1.2.12.
4
5 * channels.c: Commented out debugging messages about output draining.
6
7 * Added file OVERVIEW to give some idea about the structure of the
8 ssh software.
9
10Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
11
12 * canohost.c (get_remote_hostname): Don't ever return NULL (causes
13 segmentation violation).
14
15 * sshconnect.c: Host ip address printed incorrectly with -v.
16
17 * Implemented SSH_TTY environment variable.
18
19Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
20
21 * Implemented server and client option KeepAlive to specify
22 whether to set SO_KEEPALIVE. Both default to "yes"; to disable
23 keepalives, set the value to "no" in both the server and the
24 client configuration files. Updated manual pages.
25
26 * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp
27 (patch from Petri Virkkula <argon@bat.cs.hut.fi>).
28
29 * login.c (record_logout): Fixed removing user from utmp on BSD
30 (with HAVE_LIBUTIL_LOGIN).
31
32 * Added cleanup functions to be called from fatal(). Arranged for
33 utmp to be cleaned if sshd terminates by calling fatal (e.g.,
34 after dropping connection). Eliminated separate client-side
35 fatal() functions and moved fatal() to log-client.c. Made all
36 cleanups, including channel_stop_listening() and packet_close()
37 be called using this mechanism.
38
39Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
40
41 * sshd.c: Permit immediate login with empty password only if
42 password authentication is allowed.
43
44Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
45
46 * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is
47 now the only supported form. Renamed server option
48 X11InetForwarding to X11Forwarding, and eliminated
49 X11UnixForwarding. Updated documentation. Updated RFC (marked
50 the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as
51 obsolete, and removed all references to it). Increased protocol
52 version number to 1.3.
53
54 * scp.c (main): Added -B (BatchMode). Updated manual page.
55
56 * Cleaned up and updated all manual pages.
57
58 * clientloop.c: Added new escape sequences ~# (lists forwarded
59 connections), ~& (background ssh when waiting for forwarded
60 connections to terminate), ~? (list available escapes).
61 Polished the output of the connection listing. Updated
62 documentation.
63
64 * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real
65 uid. Assume that _POSIX_SAVED_IDS also applies to seteuid.
66 This may solve problems with tcp_wrappers (libwrap) showing
67 connections as coming from root.
68
69Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
70
71 * Added RandomSeed server configuration option. The argument
72 specifies the location of the random seed file. Updated
73 documentation.
74
75 * Locate perl5 in configure. Generate make-ssh-known-hosts (with
76 the correct path for perl5) in Makefile.in, and install it with
77 the other programs. Updated manual page.
78
79 * sshd.c (main): Added a call to umask to set the umask to a
80 reasonable value.
81
82 * compress.c (buffer_compress): Fixed to follow the zlib
83 documentation (which is slightly confusing).
84
85 * INSTALL: Added information about Linux libc.so.4 problem.
86
87Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
88
89 * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM.
90
91 * sshd.c, sshd.8.in: Renamed $HOME/.environment ->
92 $HOME/.ssh/environment.
93
94 * configure.in: Disable shadow password checking on convex.
95 Convex has /etc/shadow, but sets pw_passwd automatically if
96 running as root.
97
98 * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the
99 pw_passwd field is automatically filled if running as root.
100 Put explicit code in configure.in to prevent shadow password
101 checking on FreeBSD and NetBSD.
102
103 * serverloop.c (signchld_handler): Don't print error if wait
104 returns -1.
105
106 * Makefile.in (install): Fixed modes of data files.
107
108 * Makefile.in (install): Make links for slogin.1.
109
110 * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to
111 fix the ping command.
112
113Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
114
115 * ssh.1.in: Added more information about X11 forwarding.
116
117Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
118
119 * Changes to use O_NONBLOCK_BROKEN consistently.
120
121 * pty.c (pty_make_controlling_tty): Use setpgid instead of
122 setsid() on Ultrix.
123
124 * includes.h: Removed redundant #undefs for Ultrix and Sony News;
125 these are already handled in configure.in.
126
127Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
128
129 * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found.
130
131 * configure.in: Disable vhangup on Ultrix. I am told this fixes
132 the server problems.
133
134Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
135
136 * sshconnect.c: Fixed a bug in connecting to a multi-homed host.
137 Restructured the connecting code to never try to use the same
138 socket a second time after a failed connection.
139
140 * Makefile.in: Added explicit -m option to install, and umask 022
141 when creating directories and the host key.
142
143Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
144
145 * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean.
146
147 * login.c (get_last_login_time): Fixed a typo (define -> defined).
148
149Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
150
151 * configure.in: Moved testing for ANSI C compiler after the host
152 specific code (problems on HPUX).
153
154 * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan.
155
156 * Fixed .SH NAME sections in manual pages.
157
158 * compress.c: Trying to fix a mysterious bug in the compression
159 glue.
160
161 * ssh-1.2.11.
162
163 * scp.c: disable agent forwarding when running ssh from scp.
164
165 * Added compression of plaintext packets using the gzip library
166 (zlib). Client configuration options Compression and
167 CompressionLevel (1-9 as in gzip). New ssh and scp option -C
168 (to enable compression). Updated RFC.
169
170Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
171
172 * Implemented ProxyCommand stuff based on patches from Bryan
173 O'Sullivan <bos@serpentine.com>.
174
175 * Merged BSD login/logout/lastlog patches from Mark Treacy
176 <mark@labtam.oz.au>.
177
178 * sshd.c: Added chdir("/").
179
180Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
181
182 * Merged RSA environment= patches from Felix Leitner
183 <leitner@prz.tu-berlin.de> with some changes.
184
185 * sshd.c: Made the packet code use two separate descriptors for
186 the connection (one for input, the other for output). This will
187 make future extensions easier (e.g., non-socket transports, etc.).
188 sshd -i now uses both stdin and stdout separately.
189
190Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
191
192 * sshd.c: Merged execle -> execve patches from Mark Martinec
193 <Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on
194 Convex (environment not getting passed properly). This might
195 also solve similar problems on Sonys; please test!
196
197 * Removed all compatibility code for protocol version 1.0.
198 THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS
199 PRIOR TO 1.1.0.
200
201 * randoms.c (random_acquire_light_environmental_noise): If
202 /dev/random is available, read up to 32 bytes (256 bits) from
203 there in non-blocking mode, and mix the new random bytes into
204 the pool.
205
206 * Added client configuration option StrictHostKeyChecking
207 (disabled by default). If this is enabled, the client will not
208 automatically add new host keys to $HOME/.ssh/known_hosts;
209 instead the connection will be refused if the host key is not
210 known. Similarly, if the host key has changed, the connection
211 will be refused instead if just issuing a warning. This
212 provides additional security against man-in-the-middle/trojan
213 horse attacks (especially in scripts where there is no-one to
214 see the warnings), but may be quite inconvenient in everyday
215 interactive use unless /etc/ssh_known_hosts is very complete,
216 because new host keys must now be added manually.
217
218 * sshconnect.c (ssh_connect): Use the user's uid when creating the
219 socket and connecting it. I am hoping that this might help with
220 tcp_wrappers showing the remote user as root.
221
222 * ssh.c: Try inet-domain X11 forwarding regardless of whether we
223 can get local authorization information. If we don't, we just
224 come up with fake information; the forwarding code will anyway
225 generate its own fake information and validate that the client
226 knows that information. It will then substitute our fake
227 information for that, but that info should get ignored by the
228 server if it doesn't support it.
229
230 * Added option BatchMode to disable password/passphrase querying
231 in scripts.
232
233 * auth-rh-rsa.c: Changed to use uid-swapping when reading
234 .ssh/known_hosts.
235
236 * sshd.8.in (command): Improved documentation of file permissions
237 on the manual pages.
238
239Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
240
241 * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer
242 to freed memory (comment -> saved_comment).
243
244 * log-server.c: Added a prefix to debug/warning/error/fatal
245 messages describing message types. Syslog does not include that
246 information automatically.
247
248Sun Oct 8 01:56:01 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
249
250 * Merged /etc/default/login and MAIL environment variable changes
251 from Bryan O'Sullivan <bos@serpentine.com>.
252 - mail spool file location
253 - process /etc/default/login
254 - add HAVE_ETC_DEFAULT_LOGIN
255 - new function child_get_env and read_etc_default_login (sshd.c)
256
257 * ssh-add.c (add_file): Fixed asking for passphrase.
258
259 * Makefile.in: Fixed installing configure-generated man pages when
260 compiling in a separate object directory.
261
262 * sshd.c (main): Moved RSA key generation until after allocating
263 the port number. (Actually, the code got duplicated because we
264 never listen when run from inetd.)
265
266 * ssh.c: Fixed a problem that caused scp to hang when called with
267 stdin closed.
268
269Sat Oct 7 03:08:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
270
271 * Added server config option StrictModes. It specifies whether to
272 check ownership and modes of home directory and .rhosts files.
273
274 * ssh.c: If ssh is renamed/linked to a host name, connect to that
275 host.
276
277 * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from
278 connection. Solaris has a kernel bug which causes select() to
279 sometimes wake up even though there is no data available.
280
281 * Display all open connections when printing the "Waiting for
282 forwarded connections to terminate" message.
283
284 * sshd.c, readconf.c: Added X11InetForwarding and
285 X11UnixForwarding server config options.
286
287Thu Oct 5 17:41:16 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
288
289 * Some more SCO fixes.
290
291Tue Oct 3 01:04:34 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
292
293 * Fixes and cleanups in README, INSTALL, COPYING.
294
295Mon Oct 2 03:36:08 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
296
297 * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...).
298
299 * Removed .BR from ".SH NAME" in man pages.
300
301Sun Oct 1 04:16:07 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
302
303 * ssh-1.2.10.
304
305 * configure.in: When checking that the compiler works, check that
306 it understands ANSI C prototypes.
307
308 * Made uidswap error message a debug() to avoid confusing errors
309 on AIX (AIX geteuid is brain-damaged and fails even for root).
310
311 * Fixed an error in sshd.8 (FacistLogging -> FascistLogging).
312
313 * Fixed distribution in Makefile.in (missing manual page .in files).
314
315Sat Sep 30 17:38:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
316
317 * auth-rhosts.c: Fixed serious security problem in
318 /etc/hosts.equiv authentication.
319
320Fri Sep 29 00:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
321
322 * Include machine/endian.h on Paragon.
323
324 * ssh-add.c (add_file): Made ssh-add keep asking for the
325 passphrase until the user just types return or cancels.
326 Make the dialog display the comment of the key.
327
328 * Read use shosts.equiv in addition to /etc/hosts.equiv.
329
330 * sshd.8 is now sshd.8.in and is processed by configure to
331 substitute the proper paths for various files. Ditto for ssh.1.
332 Ditto for make-ssh-known-hosts.1.
333
334 * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR
335 will be /var/run if it exists, and ETCDIR otherwise.
336
337Thu Sep 28 21:52:42 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
338
339 * On Ultrix, check if sys/syslog.h needs to be included in
340 addition to syslog.h.
341
342 * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX.
343
344 * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS.
345
346 * Fixed case-insensitivity in auth-rhosts.c.
347
348 * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus
349 other SCO fixes.
350
351 * Makefile.in: Fixed missing install_prefixes.
352
353Wed Sep 27 03:57:00 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
354
355 * ssh-1.2.9.
356
357 * Added SOCKS support.
358
359 * Fixed default setting of IgnoreRhosts option.
360
361 * Pass the magic cookie to xauth in stdin instead of command line;
362 the command line is visible in ps.
363
364 * Added processing $HOME/.ssh/rc and /etc/sshrc.
365
366 * Added a section to sshd.8 on what happens at login time.
367
368Tue Sep 26 01:27:40 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
369
370 * Don't define speed_t on SunOS 4.1.1; it conflicts with system
371 headers.
372
373 * Added support for .hushlogin.
374
375 * Added --with-etcdir.
376
377 * Read $HOME/.environment after /etc/environment.
378
379Mon Sep 25 03:26:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
380
381 * Merged patches for SCO Unix (from Michael Henits).
382
383Sun Sep 24 22:28:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
384
385 * Added ssh option ConnectionAttempts.
386
387Sat Sep 23 12:30:15 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
388
389 * sshd.c: Don't print last login time and /etc/motd if a command
390 has been specified (with ssh -t host command).
391
392 * Added support for passing the screen number in X11 forwarding.
393 It is implemented as a compatible protocol extension, signalled
394 by SSH_PROTOFLAG_SCREEN_NUMBER by the child.
395
396 * clientloop.c: Fixed bugs in the order in which things were
397 processed. This may solve problems with some data not getting
398 sent to the server as soon as possible (probably solves the TCP
399 forwarding delayed close problem). Also, it looked like window
400 changes might not get transmitted as early as possible in some
401 cases.
402
403 * clientloop.c: Changed to detect window size change that
404 happened while ssh was suspended.
405
406 * ssh.c: Moved the do_session function (client main loop) to
407 clientloop.c. Divided it into smaller functions. General cleanup.
408
409 * ssh-1.2.8
410
411Fri Sep 22 22:07:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
412
413 * sshconnect.c (ssh_login): Made ssh_login take the options
414 structure as argument, instead of the individual arguments.
415
416 * auth-rhosts.c (check_rhosts_file): Added support for netgroups.
417
418 * auth-rhosts.c (check_rhosts_file): Added support for negated
419 entries.
420
421Thu Sep 21 00:07:56 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
422
423 * auth-rhosts.c: Restructured rhosts authentication code.
424 Hosts.equiv now has same format as .rhosts: user names are allowed.
425
426 * Added support for the Intel Paragon.
427
428 * sshd.c: Don't use X11 forwarding with spoofing if no xauth
429 program. Changed configure.in to not define XAUTH_PATH if
430 there is no xauth program.
431
432 * ssh-1.2.7
433
434 * sshd.c: Rewrote the code to build the environment. Now also reads
435 /etc/environment.
436
437 * sshd.c: Fixed problems in libwrap code. --with-libwrap now
438 takes optional library name/path.
439
440 * ssh-1.2.6
441
442 * Define USE_PIPES by default.
443
444 * Added support for Univel Unixware and MachTen.
445
446 * Added IgnoreRhosts server option.
447
448 * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen.
449
450Wed Sep 20 02:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
451
452 * sshd.c (do_child): don't call packet_close when /etc/nologin,
453 because packet_close does shutdown, and the message does not get
454 sent.
455
456 * pty.c (pty_allocate): Push ttcompat streams module.
457
458 * randoms.c (random_acquire_light_environmental_noise): Don't use
459 the second argument to gettimeofday as it is not supported on
460 all systems.
461
462 * login.c (record_login): Added NULL second argument to gettimeofday.
463
464Tue Sep 19 13:25:48 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
465
466 * fixed pclose wait() in sshd key regeneration (now only collects
467 easily available noise).
468
469 * configure.in: test for bsdi before bsd*.
470
471 * ssh.c: Don't print "Connection closed" if -q.
472
473Wed Sep 13 04:19:52 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
474
475 * Released ssh-1.2.5.
476
477 * Hopefully fixed "Waiting for forwarded connections to terminate"
478 message.
479
480 * randoms.c, md5.c: Large modifications to make these work on Cray
481 (which has no 32 bit integer type).
482
483 * Fixed a problem with forwarded connection closes not being
484 reported immediately.
485
486 * ssh.c: fixed rhosts authentication (broken by uid-swapping).
487
488 * scp.c: Don't use -l if server user not specified (it made
489 setting User in the configuration file not work).
490
491 * configure.in: don't use -pipe on BSDI.
492
493 * randoms.c: Major modifications to make it work without 32 bit
494 integers (e.g. Cray).
495
496 * md5.c: Major modifications to make it work without 32 bit
497 integers (e.g. Cray).
498
499 * Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by
500 default on all systems.
501
502Mon Sep 11 00:53:12 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
503
504 * sshd.c: don't include sshd pathname in log messages.
505
506 * Added libwrap stuff (includes support for identd).
507
508 * Added OSF/1 C2 extended security stuff.
509
510 * Fixed interactions between getuid() and uid-swap stuff.
511
512Sun Sep 10 00:29:27 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
513
514 * serverloop.c: Don't send stdout data to client until after a few
515 milliseconds if there is very little data. This is because some
516 systems give data from pty one character at a time, which would
517 multiply data size by about 16.
518
519 * serverloop.c: Moved server do_session to a separate file and
520 renamed it server_loop. Split it into several functions and
521 partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup.
522
523 * Screwed up something while checking stuff in under cvs. No harm,
524 but bogus log entries...
525
526Sat Sep 9 02:24:51 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
527
528 * minfd.c (_get_permanent_fd): Use SHELL environment variable.
529
530 * channels.c (x11_create_display_inet): Created
531 HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the
532 IP address of the host instead of the name, because HPSUX uses
533 some magic shared memory communication for local connections.
534
535 * Changed SIGHUP processing in server; it should now work multiple
536 times.
537
538 * Added length limits in many debug/log/error/fatal calls just in
539 case.
540
541 * login.c (get_last_login_time): Fixed location of lastlog.
542
543 * Rewrote all uid-swapping code. New files uidswap.h, uidswap.c.
544
545 * Fixed several security problems involving chmod and chgrp (race
546 conditions). Added warnings about dubious modes for /tmp/.X11-unix.
547
548Fri Sep 8 20:03:36 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
549
550 * Changed readconf.c to never display anything from the config
551 file. This should now be prevented otherwise, but let's play safe.
552
553 * log-server.c: Use %.500s in syslog() just to be sure (they
554 should already be shorter than 1024 though).
555
556 * sshd.c: Moved setuid in child a little earlier (just to be
557 conservative, there was no security problem that I could detect).
558
559 * README, INSTALL: Added info about mailing list and WWW page.
560
561 * sshd.c: Added code to use SIGCHLD and wait zombies immediately.
562
563 * Merged patch to set ut_addr in utmp.
564
565 * Created ChangeLog and added it to Makefile.in.
566
567 * Use read_passphrase instead of getpass().
568
569 * Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher
570 selection (IDEA used to be selected even if not supported by the
571 server).
572
573 * Use no encryption for key files if empty passphrase.
574
575 * Added section about --without-idea in INSTALL.
576
577 * Version 1.2.0 was released a couple of days ago.
578