summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog864
1 files changed, 863 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 9573f8672..c9b5018bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,865 @@
120060211
2 - (dtucker) [README] Bump release notes URL.
3 - (djm) Release 4.3p2
4
520060208
6 - (tim) [session.c] Logout records were not updated on systems with
7 post auth privsep disabled due to bug 1086 changes. Analysis and patch
8 by vinschen at redhat.com. OK tim@, dtucker@.
9 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
10 -> NEED_SETPGRP), reported by Berhard Simon. ok tim@
11
1220060206
13 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
14 netinet/in_systm.h. OK dtucker@.
15
1620060205
17 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
18 for Solaris. OK dtucker@.
19 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
20 kraai at ftbfs.org.
21
2220060203
23 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
24 AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
25 by a platform specific check, builtin standard includes tests will be
26 skipped on the other platforms.
27 Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
28 OK tim@, djm@.
29
3020060202
31 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
32 works with picky compilers. Patch from alex.kiernan at thus.net.
33
3420060201
35 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
36 determine the user's login name - needed for regress tests on Solaris
37 10 and OpenSolaris
38 - (djm) OpenBSD CVS Sync
39 - jmc@cvs.openbsd.org 2006/02/01 09:06:50
40 [sshd.8]
41 - merge sections on protocols 1 and 2 into a single section
42 - remove configuration file section
43 ok markus
44 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
45 [sshd.8]
46 small tweak;
47 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
48 [contrib/suse/openssh.spec] Update versions ahead of release
49 - markus@cvs.openbsd.org 2006/02/01 11:27:22
50 [version.h]
51 openssh 4.3
52 - (djm) Release OpenSSH 4.3p1
53
5420060131
55 - (djm) OpenBSD CVS Sync
56 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
57 [ssh_config.5]
58 - word change, agreed w/ markus
59 - consistency fixes
60 - jmc@cvs.openbsd.org 2006/01/25 09:04:34
61 [sshd.8]
62 move the options description up the page, and a few additional tweaks
63 whilst in here;
64 ok markus
65 - jmc@cvs.openbsd.org 2006/01/25 09:07:22
66 [sshd.8]
67 move subsections to full sections;
68 - jmc@cvs.openbsd.org 2006/01/26 08:47:56
69 [ssh.1]
70 add a section on verifying host keys in dns;
71 written with a lot of help from jakob;
72 feedback dtucker/markus;
73 ok markus
74 - reyk@cvs.openbsd.org 2006/01/30 12:22:22
75 [channels.c]
76 mark channel as write failed or dead instead of read failed on error
77 of the channel output filter.
78 ok markus@
79 - jmc@cvs.openbsd.org 2006/01/30 13:37:49
80 [ssh.1]
81 remove an incorrect sentence;
82 reported by roumen petrov;
83 ok djm markus
84 - djm@cvs.openbsd.org 2006/01/31 10:19:02
85 [misc.c misc.h scp.c sftp.c]
86 fix local arbitrary command execution vulnerability on local/local and
87 remote/remote copies (CVE-2006-0225, bz #1094), patch by
88 t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
89 - djm@cvs.openbsd.org 2006/01/31 10:35:43
90 [scp.c]
91 "scp a b c" shouldn't clobber "c" when it is not a directory, report and
92 fix from biorn@; ok markus@
93 - (djm) Sync regress tests to OpenBSD:
94 - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
95 [regress/forwarding.sh]
96 Regress test for ClearAllForwardings (bz #994); ok markus@
97 - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
98 [regress/multiplex.sh]
99 Don't call cleanup in multiplex as test-exec will cleanup anyway
100 found by tim@, ok djm@
101 NB. ID sync only, we already had this
102 - djm@cvs.openbsd.org 2005/05/20 23:14:15
103 [regress/test-exec.sh]
104 force addressfamily=inet for tests, unbreaking dynamic-forward regress for
105 recently committed nc SOCKS5 changes
106 - djm@cvs.openbsd.org 2005/05/24 04:10:54
107 [regress/try-ciphers.sh]
108 oops, new arcfour modes here too
109 - markus@cvs.openbsd.org 2005/06/30 11:02:37
110 [regress/scp.sh]
111 allow SUDO=sudo; from Alexander Bluhm
112 - grunk@cvs.openbsd.org 2005/11/14 21:25:56
113 [regress/agent-getpeereid.sh]
114 all other scripts in this dir use $SUDO, not 'sudo', so pull this even
115 ok markus@
116 - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
117 [regress/scp-ssh-wrapper.sh]
118 Fix assumption about how many args scp will pass; ok djm@
119 NB. ID sync only, we already had this
120 - djm@cvs.openbsd.org 2006/01/27 06:49:21
121 [scp.sh]
122 regress test for local to local scp copies; ok dtucker@
123 - djm@cvs.openbsd.org 2006/01/31 10:23:23
124 [scp.sh]
125 regression test for CVE-2006-0225 written by dtucker@
126 - djm@cvs.openbsd.org 2006/01/31 10:36:33
127 [scp.sh]
128 regress test for "scp a b c" where "c" is not a directory
129
13020060129
131 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
132 opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
133
13420060120
135 - (dtucker) OpenBSD CVS Sync
136 - jmc@cvs.openbsd.org 2006/01/15 17:37:05
137 [ssh.1]
138 correction from deraadt
139 - jmc@cvs.openbsd.org 2006/01/18 10:53:29
140 [ssh.1]
141 add a section on ssh-based vpn, based on reyk's README.tun;
142 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
143 [scp.1 ssh.1 ssh_config.5 sftp.1]
144 Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
145 #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
146
14720060114
148 - (djm) OpenBSD CVS Sync
149 - jmc@cvs.openbsd.org 2006/01/06 13:27:32
150 [ssh.1]
151 weed out some duplicate info in the known_hosts FILES entries;
152 ok djm
153 - jmc@cvs.openbsd.org 2006/01/06 13:29:10
154 [ssh.1]
155 final round of whacking FILES for duplicate info, and some consistency
156 fixes;
157 ok djm
158 - jmc@cvs.openbsd.org 2006/01/12 14:44:12
159 [ssh.1]
160 split sections on tcp and x11 forwarding into two sections.
161 add an example in the tcp section, based on sth i wrote for ssh faq;
162 help + ok: djm markus dtucker
163 - jmc@cvs.openbsd.org 2006/01/12 18:48:48
164 [ssh.1]
165 refer to `TCP' rather than `TCP/IP' in the context of connection
166 forwarding;
167 ok markus
168 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
169 [sshd.8]
170 refer to TCP forwarding, rather than TCP/IP forwarding;
171 - jmc@cvs.openbsd.org 2006/01/12 22:26:02
172 [ssh_config.5]
173 refer to TCP forwarding, rather than TCP/IP forwarding;
174 - jmc@cvs.openbsd.org 2006/01/12 22:34:12
175 [ssh.1]
176 back out a sentence - AUTHENTICATION already documents this;
177
17820060109
179 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
180 tcpip service so it's always started after IP is up. Patch from
181 vinschen at redhat.com.
182
18320060106
184 - (djm) OpenBSD CVS Sync
185 - jmc@cvs.openbsd.org 2006/01/03 16:31:10
186 [ssh.1]
187 move FILES to a -compact list, and make each files an item in that list.
188 this avoids nastly line wrap when we have long pathnames, and treats
189 each file as a separate item;
190 remove the .Pa too, since it is useless.
191 - jmc@cvs.openbsd.org 2006/01/03 16:35:30
192 [ssh.1]
193 use a larger width for the ENVIRONMENT list;
194 - jmc@cvs.openbsd.org 2006/01/03 16:52:36
195 [ssh.1]
196 put FILES in some sort of order: sort by pathname
197 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
198 [ssh.1]
199 tweak the description of ~/.ssh/environment
200 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
201 [ssh.1]
202 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
203 entries;
204 ok markus
205 - jmc@cvs.openbsd.org 2006/01/04 18:45:01
206 [ssh.1]
207 remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
208 - jmc@cvs.openbsd.org 2006/01/04 19:40:24
209 [ssh.1]
210 +.Xr ssh-keyscan 1 ,
211 - jmc@cvs.openbsd.org 2006/01/04 19:50:09
212 [ssh.1]
213 -.Xr gzip 1 ,
214 - djm@cvs.openbsd.org 2006/01/05 23:43:53
215 [misc.c]
216 check that stdio file descriptors are actually closed before clobbering
217 them in sanitise_stdfd(). problems occurred when a lower numbered fd was
218 closed, but higher ones weren't. spotted by, and patch tested by
219 Frédéric Olivié
220
22120060103
222 - (djm) [channels.c] clean up harmless merge error, from reyk@
223
22420060103
225 - (djm) OpenBSD CVS Sync
226 - jmc@cvs.openbsd.org 2006/01/02 17:09:49
227 [ssh_config.5 sshd_config.5]
228 some corrections from michael knudsen;
229
23020060102
231 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
232 - (djm) OpenBSD CVS Sync
233 - jmc@cvs.openbsd.org 2005/12/31 10:46:17
234 [ssh.1]
235 merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
236 AUTHENTICATION" sections into "AUTHENTICATION";
237 some rewording done to make the text read better, plus some
238 improvements from djm;
239 ok djm
240 - jmc@cvs.openbsd.org 2005/12/31 13:44:04
241 [ssh.1]
242 clean up ENVIRONMENT a little;
243 - jmc@cvs.openbsd.org 2005/12/31 13:45:19
244 [ssh.1]
245 .Nm does not require an argument;
246 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
247 [includes.h misc.c]
248 move <net/if.h>; ok djm@
249 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
250 [misc.c]
251 no trailing "\n" for debug()
252 - djm@cvs.openbsd.org 2006/01/02 01:20:31
253 [sftp-client.c sftp-common.h sftp-server.c]
254 use a common max. packet length, no binary change
255 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
256 [misc.c]
257 clarify tun(4) opening - set the mode and bring the interface up. also
258 (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
259 suggested and ok by djm@
260 - jmc@cvs.openbsd.org 2006/01/02 12:31:06
261 [ssh.1]
262 start to cut some duplicate info from FILES;
263 help/ok djm
264
26520060101
266 - (djm) [Makefile.in configure.ac includes.h misc.c]
267 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
268 for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
269 limited to IPv4 tunnels only, and most versions don't support the
270 tap(4) device at all.
271 - (djm) [configure.ac] Fix linux/if_tun.h test
272 - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
273
27420051229
275 - (djm) OpenBSD CVS Sync
276 - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
277 [canohost.c channels.c clientloop.c]
278 use 'break-in' for consistency; ok deraadt@ ok and input jmc@
279 - reyk@cvs.openbsd.org 2005/12/30 15:56:37
280 [channels.c channels.h clientloop.c]
281 add channel output filter interface.
282 ok djm@, suggested by markus@
283 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
284 [sftp.1]
285 do not suggest that interactive authentication will work
286 with the -b flag;
287 based on a diff from john l. scarfone;
288 ok djm
289 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
290 [ssh.1]
291 document -MM; ok djm@
292 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
293 [serverloop.c ssh.c openbsd-compat/Makefile.in]
294 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
295 compatability support for Linux, diff from reyk@
296 - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
297 not exist
298 - (djm) [configure.ac] oops, make that linux/if_tun.h
299
30020051229
301 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
302
30320051224
304 - (djm) OpenBSD CVS Sync
305 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
306 [ssh.1]
307 merge the sections on protocols 1 and 2 into one section on
308 authentication;
309 feedback djm dtucker
310 ok deraadt markus dtucker
311 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
312 [ssh.1]
313 .Ss -> .Sh: subsections have not made this page more readable
314 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
315 [ssh.1]
316 move info on ssh return values and config files up into the main
317 description;
318 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
319 [ssh.1]
320 -L and -R descriptions are now above, not below, ~C description;
321 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
322 [ssh.1]
323 options now described `above', rather than `later';
324 - jmc@cvs.openbsd.org 2005/12/21 12:53:31
325 [ssh.1]
326 -Y does X11 forwarding too;
327 ok markus
328 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
329 [sshd.8]
330 clarify precedence of -p, Port, ListenAddress; ok and help jmc@
331 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
332 [ssh_config.5]
333 put the description of "UsePrivilegedPort" in the correct place;
334 - jmc@cvs.openbsd.org 2005/12/22 11:23:42
335 [ssh.1]
336 expand the description of -w somewhat;
337 help/ok reyk
338 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
339 [ssh.1]
340 - sync the description of -e w/ synopsis
341 - simplify the description of -I
342 - note that -I is only available if support compiled in, and that it
343 isn't by default
344 feedback/ok djm@
345 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
346 [ssh.1]
347 less mark up for -c;
348 - djm@cvs.openbsd.org 2005/12/24 02:27:41
349 [session.c sshd.c]
350 eliminate some code duplicated in privsep and non-privsep paths, and
351 explicitly clear SIGALRM handler; "groovy" deraadt@
352
35320051220
354 - (dtucker) OpenBSD CVS Sync
355 - reyk@cvs.openbsd.org 2005/12/13 15:03:02
356 [serverloop.c]
357 if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
358 - jmc@cvs.openbsd.org 2005/12/16 18:07:08
359 [ssh.1]
360 move the option descriptions up the page: start of a restructure;
361 ok markus deraadt
362 - jmc@cvs.openbsd.org 2005/12/16 18:08:53
363 [ssh.1]
364 simplify a sentence;
365 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
366 [ssh.1]
367 make the description of -c a little nicer;
368 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
369 [ssh.1]
370 signpost the protocol sections;
371 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
372 [ssh_config.5 session.c]
373 spelling: fowarding, fowarded
374 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
375 [ssh_config.5]
376 spelling: intented -> intended
377 - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
378 [ssh.c]
379 exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
380
38120051219
382 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
383 openbsd-compat/openssl-compat.h] Check for and work around broken AES
384 ciphers >128bit on (some) Solaris 10 systems. ok djm@
385
38620051217
387 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
388 scp.c also uses, so undef them here.
389 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
390 snprintf replacement can have a conflicting declaration in HP-UX's system
391 headers (const vs. no const) so we now check for and work around it. Patch
392 from the dynamic duo of David Leonard and Ted Percival.
393
39420051214
395 - (dtucker) OpenBSD CVS Sync (regress/)
396 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
397 [regress/scp-ssh-wrapper.sh]
398 Fix assumption about how many args scp will pass; ok djm@
399
40020051213
401 - (djm) OpenBSD CVS Sync
402 - jmc@cvs.openbsd.org 2005/11/30 11:18:27
403 [ssh.1]
404 timezone -> time zone
405 - jmc@cvs.openbsd.org 2005/11/30 11:45:20
406 [ssh.1]
407 avoid ambiguities in describing TZ;
408 ok djm@
409 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
410 [auth-options.c auth-options.h channels.c channels.h clientloop.c]
411 [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
412 [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
413 [sshconnect.h sshd.8 sshd_config sshd_config.5]
414 Add support for tun(4) forwarding over OpenSSH, based on an idea and
415 initial channel code bits by markus@. This is a simple and easy way to
416 use OpenSSH for ad hoc virtual private network connections, e.g.
417 administrative tunnels or secure wireless access. It's based on a new
418 ssh channel and works similar to the existing TCP forwarding support,
419 except that it depends on the tun(4) network interface on both ends of
420 the connection for layer 2 or layer 3 tunneling. This diff also adds
421 support for LocalCommand in the ssh(1) client.
422 ok djm@, markus@, jmc@ (manpages), tested and discussed with others
423 - djm@cvs.openbsd.org 2005/12/07 03:52:22
424 [clientloop.c]
425 reyk forgot to compile with -Werror (missing header)
426 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
427 [ssh.1]
428 - avoid line split in SYNOPSIS
429 - add args to -w
430 - kill trailing whitespace
431 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
432 [ssh.1 ssh_config.5]
433 make `!command' a little clearer;
434 ok reyk
435 - jmc@cvs.openbsd.org 2005/12/08 15:06:29
436 [ssh_config.5]
437 keep options in order;
438 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
439 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
440 [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
441 two changes to the new ssh tunnel support. this breaks compatibility
442 with the initial commit but is required for a portable approach.
443 - make the tunnel id u_int and platform friendly, use predefined types.
444 - support configuration of layer 2 (ethernet) or layer 3
445 (point-to-point, default) modes. configuration is done using the
446 Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
447 restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
448 in sshd_config(5).
449 ok djm@, man page bits by jmc@
450 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
451 [ssh_config.5]
452 new sentence, new line;
453 - markus@cvs.openbsd.org 2005/12/12 13:46:18
454 [channels.c channels.h session.c]
455 make sure protocol messages for internal channels are ignored.
456 allow adjust messages for non-open channels; with and ok djm@
457 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
458 again by providing a sys_tun_open() function for your platform and
459 setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
460 OpenBSD's tunnel protocol, which prepends the address family to the
461 packet
462
46320051201
464 - (djm) [envpass.sh] Remove regress script that was accidentally committed
465 in top level directory and not noticed for over a year :)
466
46720051129
468 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
469 bits == 0.
470 - (dtucker) OpenBSD CVS Sync
471 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
472 [ssh-keygen.c]
473 Populate default key sizes before checking them; from & ok tim@
474 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
475 for UnixWare.
476
47720051128
478 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
479 versions of GNU head. Based on patch from zappaman at buraphalinux.org
480 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
481 _GNU_SOURCE instead. Patch from t8m at centrum.cz.
482 - (dtucker) OpenBSD CVS Sync
483 - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
484 [ssh-keygen.1 ssh-keygen.c]
485 Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
486 increase minumum RSA key size to 768 bits and update man page to reflect
487 these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
488 ok djm@, grudging ok deraadt@.
489 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
490 [ssh-agent.1]
491 Update agent socket path templates to reflect reality, correct xref for
492 time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
493
49420051126
495 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
496 when they're available) need the real UID set otherwise pam_chauthtok will
497 set ADMCHG after changing the password, forcing the user to change it
498 again immediately.
499
50020051125
501 - (dtucker) [configure.ac] Apply tim's fix for older systems where the
502 resolver state in resolv.h is "state" not "__res_state". With slight
503 modification by me to also work on old AIXes. ok djm@
504 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
505 snprintf formats, fixes warnings on some 64 bit platforms. Patch from
506 shaw at vranix.com, ok djm@
507
50820051124
509 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
510 openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
511 asprintf() implementation, after syncing our {v,}snprintf() implementation
512 with some extra fixes from Samba's version. With help and debugging from
513 dtucker and tim; ok dtucker@
514 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
515 order in Reliant Unix block. Patch from johane at lysator.liu.se.
516 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
517 many and use them only once. Speeds up testing on older/slower hardware.
518
51920051122
520 - (dtucker) OpenBSD CVS Sync
521 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
522 [ssh-add.c]
523 space
524 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
525 [scp.c]
526 avoid close(-1), as in rcp; ok cloder
527 - millert@cvs.openbsd.org 2005/11/15 11:59:54
528 [includes.h]
529 Include sys/queue.h explicitly instead of assuming some other header
530 will pull it in. At the moment it gets pulled in by sys/select.h
531 (which ssh has no business including) via event.h. OK markus@
532 (ID sync only in -portable)
533 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
534 [auth-krb5.c]
535 Perform Kerberos calls even for invalid users to prevent leaking
536 information about account validity. bz #975, patch originally from
537 Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
538 ok markus@
539 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
540 [hostfile.c]
541 Correct format/arguments to debug call; spotted by shaw at vranix.com
542 ok djm@
543 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
544 from shaw at vranix.com.
545
54620051120
547 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
548 is going on.
549
55020051112
551 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
552 ifdef lost during sync. Spotted by tim@.
553 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
554 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
555 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
556 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
557 test: if sshd takes too long to reconfigure the subsequent connection will
558 fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
559
56020051110
561 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
562 OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
563 "register").
564 - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
565 unnecessary prototype.
566 - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
567 revs 1.7 - 1.9.
568 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
569 Patch from djm@.
570 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
571 since they're not useful right now. Patch from djm@.
572 - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
573 prototypes, removal of "register").
574 - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
575 of "register").
576 - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
577 after the copyright notices. Having them at the top next to the CVSIDs
578 guarantees a conflict for each and every sync.
579 - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
580 - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
581 - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
582 Removal of rcsid, "whiteout" inode type.
583 - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
584 Removal of rcsid, will no longer strlcpy parts of the string.
585 - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
586 - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
587 - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
588 - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
589 - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
590 - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
591 - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
592 - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
593 with OpenBSD code since we don't support platforms without fstat any more.
594 - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
595 - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
596 - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
597 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
598 - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
599 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
600 - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
601 - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
602 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
603 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
604 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
605 Id and copyright sync only, there were no substantial changes we need.
606 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
607 -Wsign-compare fixes from djm.
608 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
609 Id and copyright sync only, there were no substantial changes we need.
610 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
611 doesn't change between versions, and use a safer default.
612
61320051105
614 - (djm) OpenBSD CVS Sync
615 - markus@cvs.openbsd.org 2005/10/07 11:13:57
616 [ssh-keygen.c]
617 change DSA default back to 1024, as it's defined for 1024 bits only
618 and this causes interop problems with other clients. moreover,
619 in order to improve the security of DSA you need to change more
620 components of DSA key generation (e.g. the internal SHA1 hash);
621 ok deraadt
622 - djm@cvs.openbsd.org 2005/10/10 10:23:08
623 [channels.c channels.h clientloop.c serverloop.c session.c]
624 fix regression I introduced in 4.2: X11 forwardings initiated after
625 a session has exited (e.g. "(sleep 5; xterm) &") would not start.
626 bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
627 - djm@cvs.openbsd.org 2005/10/11 23:37:37
628 [channels.c]
629 bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
630 bind() failure when a previous connection's listeners are in TIME_WAIT,
631 reported by plattner AT inf.ethz.ch; ok dtucker@
632 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
633 [auth2-gss.c gss-genr.c gss-serv.c]
634 remove unneeded #includes; ok markus@
635 - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
636 [gss-serv.c]
637 spelling in comments
638 - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
639 [gss-serv-krb5.c gss-serv.c]
640 unused declarations; ok deraadt@
641 (id sync only for gss-serv-krb5.c)
642 - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
643 [dns.c]
644 unneeded #include, unused declaration, little knf; ok deraadt@
645 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
646 [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
647 KNF; ok djm@
648 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
649 [ssh-keygen.c ssh.c sshconnect2.c]
650 no trailing "\n" for log functions; ok djm@
651 - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
652 [channels.c clientloop.c]
653 free()->xfree(); ok djm@
654 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
655 [sshconnect.c]
656 make external definition static; ok deraadt@
657 - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
658 [dns.c]
659 fix memory leaks from 2 sources:
660 1) key_fingerprint_raw()
661 2) malloc in dns_read_rdata()
662 ok jakob@
663 - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
664 [dns.c]
665 remove #ifdef LWRES; ok jakob@
666 - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
667 [dns.c dns.h]
668 more cleanups; ok jakob@
669 - djm@cvs.openbsd.org 2005/10/30 01:23:19
670 [ssh_config.5]
671 mention control socket fallback behaviour, reported by
672 tryponraj AT gmail.com
673 - djm@cvs.openbsd.org 2005/10/30 04:01:03
674 [ssh-keyscan.c]
675 make ssh-keygen discard junk from server before SSH- ident, spotted by
676 dave AT cirt.net; ok dtucker@
677 - djm@cvs.openbsd.org 2005/10/30 04:03:24
678 [ssh.c]
679 fix misleading debug message; ok dtucker@
680 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
681 [canohost.c sshd.c]
682 Check for connections with IP options earlier and drop silently. ok djm@
683 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
684 [ssh_config.5]
685 remove trailing whitespace;
686 - djm@cvs.openbsd.org 2005/10/30 08:52:18
687 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
688 [ssh.c sshconnect.c sshconnect1.c sshd.c]
689 no need to escape single quotes in comments, no binary change
690 - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
691 [sftp.c]
692 Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
693 - djm@cvs.openbsd.org 2005/10/31 11:12:49
694 [ssh-keygen.1 ssh-keygen.c]
695 generate a protocol 2 RSA key by default
696 - djm@cvs.openbsd.org 2005/10/31 11:48:29
697 [serverloop.c]
698 make sure we clean up wtmp, etc. file when we receive a SIGTERM,
699 SIGINT or SIGQUIT when running without privilege separation (the
700 normal privsep case is already OK). Patch mainly by dtucker@ and
701 senthilkumar_sen AT hotpop.com; ok dtucker@
702 - jmc@cvs.openbsd.org 2005/10/31 19:55:25
703 [ssh-keygen.1]
704 grammar;
705 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
706 [canohost.c]
707 Cache reverse lookups with and without DNS separately; ok markus@
708 - djm@cvs.openbsd.org 2005/11/04 05:15:59
709 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
710 remove hardcoded hash lengths in key exchange code, allowing
711 implementation of KEX methods with different hashes (e.g. SHA-256);
712 ok markus@ dtucker@ stevesk@
713 - djm@cvs.openbsd.org 2005/11/05 05:01:15
714 [bufaux.c]
715 Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
716 cs.stanford.edu; ok dtucker@
717 - (dtucker) [README.platform] Add PAM section.
718 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
719 resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
720 ok dtucker@
721
72220051102
723 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
724 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
725 via FreeBSD.
726
72720051030
728 - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
729 sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
730 files from imorgan AT nas.nasa.gov
731 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
732 enabled, instead allow PAM to handle it. Note that on platforms using PAM,
733 the pam_nologin module should be added to sshd's session stack in order to
734 maintain exising behaviour. Based on patch and discussion from t8m at
735 centrum.cz, ok djm@
736
73720051025
738 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
739 sizeof(long long) checks, to make fixing bug #1104 easier (no changes
740 yet).
741 - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
742 understand "%lld", even though the compiler has "long long", so handle
743 it as a special case. Patch tested by mcaskill.scott at epa.gov.
744 - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
745 prompt. Patch from vinschen at redhat.com.
746
74720051017
748 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
749 /etc/default/login report and testing from aabaker at iee.org, corrections
750 from tim@.
751
75220051009
753 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
754 versions from OpenBSD. ok djm@
755
75620051008
757 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
758 brian.smith at agilent com.
759 - (djm) [configure.ac] missing 'test' call for -with-Werror test
760
76120051005
762 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
763 "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
764 senthilkumar_sen at hotpop.com.
765
76620051003
767 - (dtucker) OpenBSD CVS Sync
768 - markus@cvs.openbsd.org 2005/09/07 08:53:53
769 [channels.c]
770 enforce chanid != NULL; ok djm
771 - markus@cvs.openbsd.org 2005/09/09 19:18:05
772 [clientloop.c]
773 typo; from mark at mcs.vuw.ac.nz, bug #1082
774 - djm@cvs.openbsd.org 2005/09/13 23:40:07
775 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
776 scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
777 ensure that stdio fds are attached; ok deraadt@
778 - djm@cvs.openbsd.org 2005/09/19 11:37:34
779 [ssh_config.5 ssh.1]
780 mention ability to specify bind_address for DynamicForward and -D options;
781 bz#1077 spotted by Haruyama Seigo
782 - djm@cvs.openbsd.org 2005/09/19 11:47:09
783 [sshd.c]
784 stop connection abort on rekey with delayed compression enabled when
785 post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
786 - djm@cvs.openbsd.org 2005/09/19 11:48:10
787 [gss-serv.c]
788 typo
789 - jmc@cvs.openbsd.org 2005/09/19 15:38:27
790 [ssh.1]
791 some more .Bk/.Ek to avoid ugly line split;
792 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
793 [ssh.c]
794 update -D usage here too;
795 - djm@cvs.openbsd.org 2005/09/19 23:31:31
796 [ssh.1]
797 spelling nit from stevesk@
798 - djm@cvs.openbsd.org 2005/09/21 23:36:54
799 [sshd_config.5]
800 aquire -> acquire, from stevesk@
801 - djm@cvs.openbsd.org 2005/09/21 23:37:11
802 [sshd.c]
803 change label at markus@'s request
804 - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
805 [ssh-keyscan.1]
806 deploy .An -nosplit; ok jmc
807 - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
808 [canohost.c]
809 Relocate check_ip_options call to prevent logging of garbage for
810 connections with IP options set. bz#1092 from David Leonard,
811 "looks good" deraadt@
812 - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
813 is required in the system path for the multiplex test to work.
814
81520050930
816 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
817 for strtoll. Patch from o.flebbe at science-computing.de.
818 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
819 child during PAM account check without clearing it. This restores the
820 post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
821 with help from several others.
822
82320050929
824 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
825 introduced during sync.
826
82720050928
828 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
829 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
830 PAM via keyboard-interactive. Patch tested by the folks at Vintela.
831
83220050927
833 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
834 calls, since they can't possibly fail. ok djm@
835 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
836 process when sshd relies on ssh-random-helper. Should result in faster
837 logins on systems without a real random device or prngd. ok djm@
838
83920050924
840 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
841 duplicate call. ok djm@
842
84320050922
844 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
845 skeleten at shillest.net.
846 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
847 shillest.net.
848
84920050919
850 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
851 AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
852 ok dtucker@
853
85420050912
855 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
856 Mike Frysinger.
857
85820050908
859 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
860 OpenServer 6 and add osr5bigcrypt support so when someone migrates
861 passwords between UnixWare and OpenServer they will still work. OK dtucker@
862
120050901 86320050901
2 - (djm) Update RPM spec file versions 864 - (djm) Update RPM spec file versions
3 865
@@ -2989,4 +3851,4 @@
2989 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3851 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2990 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3852 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2991 3853
2992$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $ 3854$Id: ChangeLog,v 1.4117.2.10 2006/02/11 00:00:44 djm Exp $