diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 864 |
1 files changed, 863 insertions, 1 deletions
@@ -1,3 +1,865 @@ | |||
1 | 20060211 | ||
2 | - (dtucker) [README] Bump release notes URL. | ||
3 | - (djm) Release 4.3p2 | ||
4 | |||
5 | 20060208 | ||
6 | - (tim) [session.c] Logout records were not updated on systems with | ||
7 | post auth privsep disabled due to bug 1086 changes. Analysis and patch | ||
8 | by vinschen at redhat.com. OK tim@, dtucker@. | ||
9 | - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP | ||
10 | -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ | ||
11 | |||
12 | 20060206 | ||
13 | - (tim) [configure.ac] Remove unnecessary tests for net/if.h and | ||
14 | netinet/in_systm.h. OK dtucker@. | ||
15 | |||
16 | 20060205 | ||
17 | - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test | ||
18 | for Solaris. OK dtucker@. | ||
19 | - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by | ||
20 | kraai at ftbfs.org. | ||
21 | |||
22 | 20060203 | ||
23 | - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first | ||
24 | AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run | ||
25 | by a platform specific check, builtin standard includes tests will be | ||
26 | skipped on the other platforms. | ||
27 | Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. | ||
28 | OK tim@, djm@. | ||
29 | |||
30 | 20060202 | ||
31 | - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it | ||
32 | works with picky compilers. Patch from alex.kiernan at thus.net. | ||
33 | |||
34 | 20060201 | ||
35 | - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to | ||
36 | determine the user's login name - needed for regress tests on Solaris | ||
37 | 10 and OpenSolaris | ||
38 | - (djm) OpenBSD CVS Sync | ||
39 | - jmc@cvs.openbsd.org 2006/02/01 09:06:50 | ||
40 | [sshd.8] | ||
41 | - merge sections on protocols 1 and 2 into a single section | ||
42 | - remove configuration file section | ||
43 | ok markus | ||
44 | - jmc@cvs.openbsd.org 2006/02/01 09:11:41 | ||
45 | [sshd.8] | ||
46 | small tweak; | ||
47 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
48 | [contrib/suse/openssh.spec] Update versions ahead of release | ||
49 | - markus@cvs.openbsd.org 2006/02/01 11:27:22 | ||
50 | [version.h] | ||
51 | openssh 4.3 | ||
52 | - (djm) Release OpenSSH 4.3p1 | ||
53 | |||
54 | 20060131 | ||
55 | - (djm) OpenBSD CVS Sync | ||
56 | - jmc@cvs.openbsd.org 2006/01/20 11:21:45 | ||
57 | [ssh_config.5] | ||
58 | - word change, agreed w/ markus | ||
59 | - consistency fixes | ||
60 | - jmc@cvs.openbsd.org 2006/01/25 09:04:34 | ||
61 | [sshd.8] | ||
62 | move the options description up the page, and a few additional tweaks | ||
63 | whilst in here; | ||
64 | ok markus | ||
65 | - jmc@cvs.openbsd.org 2006/01/25 09:07:22 | ||
66 | [sshd.8] | ||
67 | move subsections to full sections; | ||
68 | - jmc@cvs.openbsd.org 2006/01/26 08:47:56 | ||
69 | [ssh.1] | ||
70 | add a section on verifying host keys in dns; | ||
71 | written with a lot of help from jakob; | ||
72 | feedback dtucker/markus; | ||
73 | ok markus | ||
74 | - reyk@cvs.openbsd.org 2006/01/30 12:22:22 | ||
75 | [channels.c] | ||
76 | mark channel as write failed or dead instead of read failed on error | ||
77 | of the channel output filter. | ||
78 | ok markus@ | ||
79 | - jmc@cvs.openbsd.org 2006/01/30 13:37:49 | ||
80 | [ssh.1] | ||
81 | remove an incorrect sentence; | ||
82 | reported by roumen petrov; | ||
83 | ok djm markus | ||
84 | - djm@cvs.openbsd.org 2006/01/31 10:19:02 | ||
85 | [misc.c misc.h scp.c sftp.c] | ||
86 | fix local arbitrary command execution vulnerability on local/local and | ||
87 | remote/remote copies (CVE-2006-0225, bz #1094), patch by | ||
88 | t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ | ||
89 | - djm@cvs.openbsd.org 2006/01/31 10:35:43 | ||
90 | [scp.c] | ||
91 | "scp a b c" shouldn't clobber "c" when it is not a directory, report and | ||
92 | fix from biorn@; ok markus@ | ||
93 | - (djm) Sync regress tests to OpenBSD: | ||
94 | - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 | ||
95 | [regress/forwarding.sh] | ||
96 | Regress test for ClearAllForwardings (bz #994); ok markus@ | ||
97 | - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 | ||
98 | [regress/multiplex.sh] | ||
99 | Don't call cleanup in multiplex as test-exec will cleanup anyway | ||
100 | found by tim@, ok djm@ | ||
101 | NB. ID sync only, we already had this | ||
102 | - djm@cvs.openbsd.org 2005/05/20 23:14:15 | ||
103 | [regress/test-exec.sh] | ||
104 | force addressfamily=inet for tests, unbreaking dynamic-forward regress for | ||
105 | recently committed nc SOCKS5 changes | ||
106 | - djm@cvs.openbsd.org 2005/05/24 04:10:54 | ||
107 | [regress/try-ciphers.sh] | ||
108 | oops, new arcfour modes here too | ||
109 | - markus@cvs.openbsd.org 2005/06/30 11:02:37 | ||
110 | [regress/scp.sh] | ||
111 | allow SUDO=sudo; from Alexander Bluhm | ||
112 | - grunk@cvs.openbsd.org 2005/11/14 21:25:56 | ||
113 | [regress/agent-getpeereid.sh] | ||
114 | all other scripts in this dir use $SUDO, not 'sudo', so pull this even | ||
115 | ok markus@ | ||
116 | - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 | ||
117 | [regress/scp-ssh-wrapper.sh] | ||
118 | Fix assumption about how many args scp will pass; ok djm@ | ||
119 | NB. ID sync only, we already had this | ||
120 | - djm@cvs.openbsd.org 2006/01/27 06:49:21 | ||
121 | [scp.sh] | ||
122 | regress test for local to local scp copies; ok dtucker@ | ||
123 | - djm@cvs.openbsd.org 2006/01/31 10:23:23 | ||
124 | [scp.sh] | ||
125 | regression test for CVE-2006-0225 written by dtucker@ | ||
126 | - djm@cvs.openbsd.org 2006/01/31 10:36:33 | ||
127 | [scp.sh] | ||
128 | regress test for "scp a b c" where "c" is not a directory | ||
129 | |||
130 | 20060129 | ||
131 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the | ||
132 | opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ | ||
133 | |||
134 | 20060120 | ||
135 | - (dtucker) OpenBSD CVS Sync | ||
136 | - jmc@cvs.openbsd.org 2006/01/15 17:37:05 | ||
137 | [ssh.1] | ||
138 | correction from deraadt | ||
139 | - jmc@cvs.openbsd.org 2006/01/18 10:53:29 | ||
140 | [ssh.1] | ||
141 | add a section on ssh-based vpn, based on reyk's README.tun; | ||
142 | - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 | ||
143 | [scp.1 ssh.1 ssh_config.5 sftp.1] | ||
144 | Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot | ||
145 | #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ | ||
146 | |||
147 | 20060114 | ||
148 | - (djm) OpenBSD CVS Sync | ||
149 | - jmc@cvs.openbsd.org 2006/01/06 13:27:32 | ||
150 | [ssh.1] | ||
151 | weed out some duplicate info in the known_hosts FILES entries; | ||
152 | ok djm | ||
153 | - jmc@cvs.openbsd.org 2006/01/06 13:29:10 | ||
154 | [ssh.1] | ||
155 | final round of whacking FILES for duplicate info, and some consistency | ||
156 | fixes; | ||
157 | ok djm | ||
158 | - jmc@cvs.openbsd.org 2006/01/12 14:44:12 | ||
159 | [ssh.1] | ||
160 | split sections on tcp and x11 forwarding into two sections. | ||
161 | add an example in the tcp section, based on sth i wrote for ssh faq; | ||
162 | help + ok: djm markus dtucker | ||
163 | - jmc@cvs.openbsd.org 2006/01/12 18:48:48 | ||
164 | [ssh.1] | ||
165 | refer to `TCP' rather than `TCP/IP' in the context of connection | ||
166 | forwarding; | ||
167 | ok markus | ||
168 | - jmc@cvs.openbsd.org 2006/01/12 22:20:00 | ||
169 | [sshd.8] | ||
170 | refer to TCP forwarding, rather than TCP/IP forwarding; | ||
171 | - jmc@cvs.openbsd.org 2006/01/12 22:26:02 | ||
172 | [ssh_config.5] | ||
173 | refer to TCP forwarding, rather than TCP/IP forwarding; | ||
174 | - jmc@cvs.openbsd.org 2006/01/12 22:34:12 | ||
175 | [ssh.1] | ||
176 | back out a sentence - AUTHENTICATION already documents this; | ||
177 | |||
178 | 20060109 | ||
179 | - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on | ||
180 | tcpip service so it's always started after IP is up. Patch from | ||
181 | vinschen at redhat.com. | ||
182 | |||
183 | 20060106 | ||
184 | - (djm) OpenBSD CVS Sync | ||
185 | - jmc@cvs.openbsd.org 2006/01/03 16:31:10 | ||
186 | [ssh.1] | ||
187 | move FILES to a -compact list, and make each files an item in that list. | ||
188 | this avoids nastly line wrap when we have long pathnames, and treats | ||
189 | each file as a separate item; | ||
190 | remove the .Pa too, since it is useless. | ||
191 | - jmc@cvs.openbsd.org 2006/01/03 16:35:30 | ||
192 | [ssh.1] | ||
193 | use a larger width for the ENVIRONMENT list; | ||
194 | - jmc@cvs.openbsd.org 2006/01/03 16:52:36 | ||
195 | [ssh.1] | ||
196 | put FILES in some sort of order: sort by pathname | ||
197 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 | ||
198 | [ssh.1] | ||
199 | tweak the description of ~/.ssh/environment | ||
200 | - jmc@cvs.openbsd.org 2006/01/04 18:42:46 | ||
201 | [ssh.1] | ||
202 | chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES | ||
203 | entries; | ||
204 | ok markus | ||
205 | - jmc@cvs.openbsd.org 2006/01/04 18:45:01 | ||
206 | [ssh.1] | ||
207 | remove .Xr's to rsh(1) and telnet(1): they are hardly needed; | ||
208 | - jmc@cvs.openbsd.org 2006/01/04 19:40:24 | ||
209 | [ssh.1] | ||
210 | +.Xr ssh-keyscan 1 , | ||
211 | - jmc@cvs.openbsd.org 2006/01/04 19:50:09 | ||
212 | [ssh.1] | ||
213 | -.Xr gzip 1 , | ||
214 | - djm@cvs.openbsd.org 2006/01/05 23:43:53 | ||
215 | [misc.c] | ||
216 | check that stdio file descriptors are actually closed before clobbering | ||
217 | them in sanitise_stdfd(). problems occurred when a lower numbered fd was | ||
218 | closed, but higher ones weren't. spotted by, and patch tested by | ||
219 | Frédéric Olivié | ||
220 | |||
221 | 20060103 | ||
222 | - (djm) [channels.c] clean up harmless merge error, from reyk@ | ||
223 | |||
224 | 20060103 | ||
225 | - (djm) OpenBSD CVS Sync | ||
226 | - jmc@cvs.openbsd.org 2006/01/02 17:09:49 | ||
227 | [ssh_config.5 sshd_config.5] | ||
228 | some corrections from michael knudsen; | ||
229 | |||
230 | 20060102 | ||
231 | - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support | ||
232 | - (djm) OpenBSD CVS Sync | ||
233 | - jmc@cvs.openbsd.org 2005/12/31 10:46:17 | ||
234 | [ssh.1] | ||
235 | merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER | ||
236 | AUTHENTICATION" sections into "AUTHENTICATION"; | ||
237 | some rewording done to make the text read better, plus some | ||
238 | improvements from djm; | ||
239 | ok djm | ||
240 | - jmc@cvs.openbsd.org 2005/12/31 13:44:04 | ||
241 | [ssh.1] | ||
242 | clean up ENVIRONMENT a little; | ||
243 | - jmc@cvs.openbsd.org 2005/12/31 13:45:19 | ||
244 | [ssh.1] | ||
245 | .Nm does not require an argument; | ||
246 | - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 | ||
247 | [includes.h misc.c] | ||
248 | move <net/if.h>; ok djm@ | ||
249 | - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 | ||
250 | [misc.c] | ||
251 | no trailing "\n" for debug() | ||
252 | - djm@cvs.openbsd.org 2006/01/02 01:20:31 | ||
253 | [sftp-client.c sftp-common.h sftp-server.c] | ||
254 | use a common max. packet length, no binary change | ||
255 | - reyk@cvs.openbsd.org 2006/01/02 07:53:44 | ||
256 | [misc.c] | ||
257 | clarify tun(4) opening - set the mode and bring the interface up. also | ||
258 | (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. | ||
259 | suggested and ok by djm@ | ||
260 | - jmc@cvs.openbsd.org 2006/01/02 12:31:06 | ||
261 | [ssh.1] | ||
262 | start to cut some duplicate info from FILES; | ||
263 | help/ok djm | ||
264 | |||
265 | 20060101 | ||
266 | - (djm) [Makefile.in configure.ac includes.h misc.c] | ||
267 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support | ||
268 | for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is | ||
269 | limited to IPv4 tunnels only, and most versions don't support the | ||
270 | tap(4) device at all. | ||
271 | - (djm) [configure.ac] Fix linux/if_tun.h test | ||
272 | - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too | ||
273 | |||
274 | 20051229 | ||
275 | - (djm) OpenBSD CVS Sync | ||
276 | - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 | ||
277 | [canohost.c channels.c clientloop.c] | ||
278 | use 'break-in' for consistency; ok deraadt@ ok and input jmc@ | ||
279 | - reyk@cvs.openbsd.org 2005/12/30 15:56:37 | ||
280 | [channels.c channels.h clientloop.c] | ||
281 | add channel output filter interface. | ||
282 | ok djm@, suggested by markus@ | ||
283 | - jmc@cvs.openbsd.org 2005/12/30 16:59:00 | ||
284 | [sftp.1] | ||
285 | do not suggest that interactive authentication will work | ||
286 | with the -b flag; | ||
287 | based on a diff from john l. scarfone; | ||
288 | ok djm | ||
289 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 | ||
290 | [ssh.1] | ||
291 | document -MM; ok djm@ | ||
292 | - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] | ||
293 | [serverloop.c ssh.c openbsd-compat/Makefile.in] | ||
294 | [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding | ||
295 | compatability support for Linux, diff from reyk@ | ||
296 | - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does | ||
297 | not exist | ||
298 | - (djm) [configure.ac] oops, make that linux/if_tun.h | ||
299 | |||
300 | 20051229 | ||
301 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd | ||
302 | |||
303 | 20051224 | ||
304 | - (djm) OpenBSD CVS Sync | ||
305 | - jmc@cvs.openbsd.org 2005/12/20 21:59:43 | ||
306 | [ssh.1] | ||
307 | merge the sections on protocols 1 and 2 into one section on | ||
308 | authentication; | ||
309 | feedback djm dtucker | ||
310 | ok deraadt markus dtucker | ||
311 | - jmc@cvs.openbsd.org 2005/12/20 22:02:50 | ||
312 | [ssh.1] | ||
313 | .Ss -> .Sh: subsections have not made this page more readable | ||
314 | - jmc@cvs.openbsd.org 2005/12/20 22:09:41 | ||
315 | [ssh.1] | ||
316 | move info on ssh return values and config files up into the main | ||
317 | description; | ||
318 | - jmc@cvs.openbsd.org 2005/12/21 11:48:16 | ||
319 | [ssh.1] | ||
320 | -L and -R descriptions are now above, not below, ~C description; | ||
321 | - jmc@cvs.openbsd.org 2005/12/21 11:57:25 | ||
322 | [ssh.1] | ||
323 | options now described `above', rather than `later'; | ||
324 | - jmc@cvs.openbsd.org 2005/12/21 12:53:31 | ||
325 | [ssh.1] | ||
326 | -Y does X11 forwarding too; | ||
327 | ok markus | ||
328 | - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 | ||
329 | [sshd.8] | ||
330 | clarify precedence of -p, Port, ListenAddress; ok and help jmc@ | ||
331 | - jmc@cvs.openbsd.org 2005/12/22 10:31:40 | ||
332 | [ssh_config.5] | ||
333 | put the description of "UsePrivilegedPort" in the correct place; | ||
334 | - jmc@cvs.openbsd.org 2005/12/22 11:23:42 | ||
335 | [ssh.1] | ||
336 | expand the description of -w somewhat; | ||
337 | help/ok reyk | ||
338 | - jmc@cvs.openbsd.org 2005/12/23 14:55:53 | ||
339 | [ssh.1] | ||
340 | - sync the description of -e w/ synopsis | ||
341 | - simplify the description of -I | ||
342 | - note that -I is only available if support compiled in, and that it | ||
343 | isn't by default | ||
344 | feedback/ok djm@ | ||
345 | - jmc@cvs.openbsd.org 2005/12/23 23:46:23 | ||
346 | [ssh.1] | ||
347 | less mark up for -c; | ||
348 | - djm@cvs.openbsd.org 2005/12/24 02:27:41 | ||
349 | [session.c sshd.c] | ||
350 | eliminate some code duplicated in privsep and non-privsep paths, and | ||
351 | explicitly clear SIGALRM handler; "groovy" deraadt@ | ||
352 | |||
353 | 20051220 | ||
354 | - (dtucker) OpenBSD CVS Sync | ||
355 | - reyk@cvs.openbsd.org 2005/12/13 15:03:02 | ||
356 | [serverloop.c] | ||
357 | if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY | ||
358 | - jmc@cvs.openbsd.org 2005/12/16 18:07:08 | ||
359 | [ssh.1] | ||
360 | move the option descriptions up the page: start of a restructure; | ||
361 | ok markus deraadt | ||
362 | - jmc@cvs.openbsd.org 2005/12/16 18:08:53 | ||
363 | [ssh.1] | ||
364 | simplify a sentence; | ||
365 | - jmc@cvs.openbsd.org 2005/12/16 18:12:22 | ||
366 | [ssh.1] | ||
367 | make the description of -c a little nicer; | ||
368 | - jmc@cvs.openbsd.org 2005/12/16 18:14:40 | ||
369 | [ssh.1] | ||
370 | signpost the protocol sections; | ||
371 | - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 | ||
372 | [ssh_config.5 session.c] | ||
373 | spelling: fowarding, fowarded | ||
374 | - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 | ||
375 | [ssh_config.5] | ||
376 | spelling: intented -> intended | ||
377 | - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 | ||
378 | [ssh.c] | ||
379 | exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ | ||
380 | |||
381 | 20051219 | ||
382 | - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac | ||
383 | openbsd-compat/openssl-compat.h] Check for and work around broken AES | ||
384 | ciphers >128bit on (some) Solaris 10 systems. ok djm@ | ||
385 | |||
386 | 20051217 | ||
387 | - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which | ||
388 | scp.c also uses, so undef them here. | ||
389 | - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our | ||
390 | snprintf replacement can have a conflicting declaration in HP-UX's system | ||
391 | headers (const vs. no const) so we now check for and work around it. Patch | ||
392 | from the dynamic duo of David Leonard and Ted Percival. | ||
393 | |||
394 | 20051214 | ||
395 | - (dtucker) OpenBSD CVS Sync (regress/) | ||
396 | - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 | ||
397 | [regress/scp-ssh-wrapper.sh] | ||
398 | Fix assumption about how many args scp will pass; ok djm@ | ||
399 | |||
400 | 20051213 | ||
401 | - (djm) OpenBSD CVS Sync | ||
402 | - jmc@cvs.openbsd.org 2005/11/30 11:18:27 | ||
403 | [ssh.1] | ||
404 | timezone -> time zone | ||
405 | - jmc@cvs.openbsd.org 2005/11/30 11:45:20 | ||
406 | [ssh.1] | ||
407 | avoid ambiguities in describing TZ; | ||
408 | ok djm@ | ||
409 | - reyk@cvs.openbsd.org 2005/12/06 22:38:28 | ||
410 | [auth-options.c auth-options.h channels.c channels.h clientloop.c] | ||
411 | [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] | ||
412 | [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] | ||
413 | [sshconnect.h sshd.8 sshd_config sshd_config.5] | ||
414 | Add support for tun(4) forwarding over OpenSSH, based on an idea and | ||
415 | initial channel code bits by markus@. This is a simple and easy way to | ||
416 | use OpenSSH for ad hoc virtual private network connections, e.g. | ||
417 | administrative tunnels or secure wireless access. It's based on a new | ||
418 | ssh channel and works similar to the existing TCP forwarding support, | ||
419 | except that it depends on the tun(4) network interface on both ends of | ||
420 | the connection for layer 2 or layer 3 tunneling. This diff also adds | ||
421 | support for LocalCommand in the ssh(1) client. | ||
422 | ok djm@, markus@, jmc@ (manpages), tested and discussed with others | ||
423 | - djm@cvs.openbsd.org 2005/12/07 03:52:22 | ||
424 | [clientloop.c] | ||
425 | reyk forgot to compile with -Werror (missing header) | ||
426 | - jmc@cvs.openbsd.org 2005/12/07 10:52:13 | ||
427 | [ssh.1] | ||
428 | - avoid line split in SYNOPSIS | ||
429 | - add args to -w | ||
430 | - kill trailing whitespace | ||
431 | - jmc@cvs.openbsd.org 2005/12/08 14:59:44 | ||
432 | [ssh.1 ssh_config.5] | ||
433 | make `!command' a little clearer; | ||
434 | ok reyk | ||
435 | - jmc@cvs.openbsd.org 2005/12/08 15:06:29 | ||
436 | [ssh_config.5] | ||
437 | keep options in order; | ||
438 | - reyk@cvs.openbsd.org 2005/12/08 18:34:11 | ||
439 | [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] | ||
440 | [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] | ||
441 | two changes to the new ssh tunnel support. this breaks compatibility | ||
442 | with the initial commit but is required for a portable approach. | ||
443 | - make the tunnel id u_int and platform friendly, use predefined types. | ||
444 | - support configuration of layer 2 (ethernet) or layer 3 | ||
445 | (point-to-point, default) modes. configuration is done using the | ||
446 | Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and | ||
447 | restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option | ||
448 | in sshd_config(5). | ||
449 | ok djm@, man page bits by jmc@ | ||
450 | - jmc@cvs.openbsd.org 2005/12/08 21:37:50 | ||
451 | [ssh_config.5] | ||
452 | new sentence, new line; | ||
453 | - markus@cvs.openbsd.org 2005/12/12 13:46:18 | ||
454 | [channels.c channels.h session.c] | ||
455 | make sure protocol messages for internal channels are ignored. | ||
456 | allow adjust messages for non-open channels; with and ok djm@ | ||
457 | - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable | ||
458 | again by providing a sys_tun_open() function for your platform and | ||
459 | setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match | ||
460 | OpenBSD's tunnel protocol, which prepends the address family to the | ||
461 | packet | ||
462 | |||
463 | 20051201 | ||
464 | - (djm) [envpass.sh] Remove regress script that was accidentally committed | ||
465 | in top level directory and not noticed for over a year :) | ||
466 | |||
467 | 20051129 | ||
468 | - (tim) [ssh-keygen.c] Move DSA length test after setting default when | ||
469 | bits == 0. | ||
470 | - (dtucker) OpenBSD CVS Sync | ||
471 | - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 | ||
472 | [ssh-keygen.c] | ||
473 | Populate default key sizes before checking them; from & ok tim@ | ||
474 | - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) | ||
475 | for UnixWare. | ||
476 | |||
477 | 20051128 | ||
478 | - (dtucker) [regress/yes-head.sh] Work around breakage caused by some | ||
479 | versions of GNU head. Based on patch from zappaman at buraphalinux.org | ||
480 | - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use | ||
481 | _GNU_SOURCE instead. Patch from t8m at centrum.cz. | ||
482 | - (dtucker) OpenBSD CVS Sync | ||
483 | - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 | ||
484 | [ssh-keygen.1 ssh-keygen.c] | ||
485 | Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, | ||
486 | increase minumum RSA key size to 768 bits and update man page to reflect | ||
487 | these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), | ||
488 | ok djm@, grudging ok deraadt@. | ||
489 | - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 | ||
490 | [ssh-agent.1] | ||
491 | Update agent socket path templates to reflect reality, correct xref for | ||
492 | time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ | ||
493 | |||
494 | 20051126 | ||
495 | - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, | ||
496 | when they're available) need the real UID set otherwise pam_chauthtok will | ||
497 | set ADMCHG after changing the password, forcing the user to change it | ||
498 | again immediately. | ||
499 | |||
500 | 20051125 | ||
501 | - (dtucker) [configure.ac] Apply tim's fix for older systems where the | ||
502 | resolver state in resolv.h is "state" not "__res_state". With slight | ||
503 | modification by me to also work on old AIXes. ok djm@ | ||
504 | - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for | ||
505 | snprintf formats, fixes warnings on some 64 bit platforms. Patch from | ||
506 | shaw at vranix.com, ok djm@ | ||
507 | |||
508 | 20051124 | ||
509 | - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c | ||
510 | openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an | ||
511 | asprintf() implementation, after syncing our {v,}snprintf() implementation | ||
512 | with some extra fixes from Samba's version. With help and debugging from | ||
513 | dtucker and tim; ok dtucker@ | ||
514 | - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument | ||
515 | order in Reliant Unix block. Patch from johane at lysator.liu.se. | ||
516 | - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so | ||
517 | many and use them only once. Speeds up testing on older/slower hardware. | ||
518 | |||
519 | 20051122 | ||
520 | - (dtucker) OpenBSD CVS Sync | ||
521 | - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 | ||
522 | [ssh-add.c] | ||
523 | space | ||
524 | - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 | ||
525 | [scp.c] | ||
526 | avoid close(-1), as in rcp; ok cloder | ||
527 | - millert@cvs.openbsd.org 2005/11/15 11:59:54 | ||
528 | [includes.h] | ||
529 | Include sys/queue.h explicitly instead of assuming some other header | ||
530 | will pull it in. At the moment it gets pulled in by sys/select.h | ||
531 | (which ssh has no business including) via event.h. OK markus@ | ||
532 | (ID sync only in -portable) | ||
533 | - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 | ||
534 | [auth-krb5.c] | ||
535 | Perform Kerberos calls even for invalid users to prevent leaking | ||
536 | information about account validity. bz #975, patch originally from | ||
537 | Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, | ||
538 | ok markus@ | ||
539 | - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 | ||
540 | [hostfile.c] | ||
541 | Correct format/arguments to debug call; spotted by shaw at vranix.com | ||
542 | ok djm@ | ||
543 | - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch | ||
544 | from shaw at vranix.com. | ||
545 | |||
546 | 20051120 | ||
547 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what | ||
548 | is going on. | ||
549 | |||
550 | 20051112 | ||
551 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific | ||
552 | ifdef lost during sync. Spotted by tim@. | ||
553 | - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. | ||
554 | - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. | ||
555 | - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ | ||
556 | - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure | ||
557 | test: if sshd takes too long to reconfigure the subsequent connection will | ||
558 | fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. | ||
559 | |||
560 | 20051110 | ||
561 | - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from | ||
562 | OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of | ||
563 | "register"). | ||
564 | - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove | ||
565 | unnecessary prototype. | ||
566 | - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c | ||
567 | revs 1.7 - 1.9. | ||
568 | - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. | ||
569 | Patch from djm@. | ||
570 | - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ | ||
571 | since they're not useful right now. Patch from djm@. | ||
572 | - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI | ||
573 | prototypes, removal of "register"). | ||
574 | - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal | ||
575 | of "register"). | ||
576 | - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to | ||
577 | after the copyright notices. Having them at the top next to the CVSIDs | ||
578 | guarantees a conflict for each and every sync. | ||
579 | - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. | ||
580 | - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. | ||
581 | - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. | ||
582 | Removal of rcsid, "whiteout" inode type. | ||
583 | - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. | ||
584 | Removal of rcsid, will no longer strlcpy parts of the string. | ||
585 | - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. | ||
586 | - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. | ||
587 | - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. | ||
588 | - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. | ||
589 | - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. | ||
590 | - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. | ||
591 | - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. | ||
592 | - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up | ||
593 | with OpenBSD code since we don't support platforms without fstat any more. | ||
594 | - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. | ||
595 | - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. | ||
596 | - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. | ||
597 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. | ||
598 | - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. | ||
599 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. | ||
600 | - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. | ||
601 | - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. | ||
602 | - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. | ||
603 | - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. | ||
604 | - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. | ||
605 | Id and copyright sync only, there were no substantial changes we need. | ||
606 | - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] | ||
607 | -Wsign-compare fixes from djm. | ||
608 | - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. | ||
609 | Id and copyright sync only, there were no substantial changes we need. | ||
610 | - (dtucker) [configure.ac] Try to get the gcc version number in a way that | ||
611 | doesn't change between versions, and use a safer default. | ||
612 | |||
613 | 20051105 | ||
614 | - (djm) OpenBSD CVS Sync | ||
615 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | ||
616 | [ssh-keygen.c] | ||
617 | change DSA default back to 1024, as it's defined for 1024 bits only | ||
618 | and this causes interop problems with other clients. moreover, | ||
619 | in order to improve the security of DSA you need to change more | ||
620 | components of DSA key generation (e.g. the internal SHA1 hash); | ||
621 | ok deraadt | ||
622 | - djm@cvs.openbsd.org 2005/10/10 10:23:08 | ||
623 | [channels.c channels.h clientloop.c serverloop.c session.c] | ||
624 | fix regression I introduced in 4.2: X11 forwardings initiated after | ||
625 | a session has exited (e.g. "(sleep 5; xterm) &") would not start. | ||
626 | bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ | ||
627 | - djm@cvs.openbsd.org 2005/10/11 23:37:37 | ||
628 | [channels.c] | ||
629 | bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing | ||
630 | bind() failure when a previous connection's listeners are in TIME_WAIT, | ||
631 | reported by plattner AT inf.ethz.ch; ok dtucker@ | ||
632 | - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 | ||
633 | [auth2-gss.c gss-genr.c gss-serv.c] | ||
634 | remove unneeded #includes; ok markus@ | ||
635 | - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 | ||
636 | [gss-serv.c] | ||
637 | spelling in comments | ||
638 | - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 | ||
639 | [gss-serv-krb5.c gss-serv.c] | ||
640 | unused declarations; ok deraadt@ | ||
641 | (id sync only for gss-serv-krb5.c) | ||
642 | - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 | ||
643 | [dns.c] | ||
644 | unneeded #include, unused declaration, little knf; ok deraadt@ | ||
645 | - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 | ||
646 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c] | ||
647 | KNF; ok djm@ | ||
648 | - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 | ||
649 | [ssh-keygen.c ssh.c sshconnect2.c] | ||
650 | no trailing "\n" for log functions; ok djm@ | ||
651 | - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 | ||
652 | [channels.c clientloop.c] | ||
653 | free()->xfree(); ok djm@ | ||
654 | - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 | ||
655 | [sshconnect.c] | ||
656 | make external definition static; ok deraadt@ | ||
657 | - stevesk@cvs.openbsd.org 2005/10/17 13:45:05 | ||
658 | [dns.c] | ||
659 | fix memory leaks from 2 sources: | ||
660 | 1) key_fingerprint_raw() | ||
661 | 2) malloc in dns_read_rdata() | ||
662 | ok jakob@ | ||
663 | - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 | ||
664 | [dns.c] | ||
665 | remove #ifdef LWRES; ok jakob@ | ||
666 | - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 | ||
667 | [dns.c dns.h] | ||
668 | more cleanups; ok jakob@ | ||
669 | - djm@cvs.openbsd.org 2005/10/30 01:23:19 | ||
670 | [ssh_config.5] | ||
671 | mention control socket fallback behaviour, reported by | ||
672 | tryponraj AT gmail.com | ||
673 | - djm@cvs.openbsd.org 2005/10/30 04:01:03 | ||
674 | [ssh-keyscan.c] | ||
675 | make ssh-keygen discard junk from server before SSH- ident, spotted by | ||
676 | dave AT cirt.net; ok dtucker@ | ||
677 | - djm@cvs.openbsd.org 2005/10/30 04:03:24 | ||
678 | [ssh.c] | ||
679 | fix misleading debug message; ok dtucker@ | ||
680 | - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 | ||
681 | [canohost.c sshd.c] | ||
682 | Check for connections with IP options earlier and drop silently. ok djm@ | ||
683 | - jmc@cvs.openbsd.org 2005/10/30 08:43:47 | ||
684 | [ssh_config.5] | ||
685 | remove trailing whitespace; | ||
686 | - djm@cvs.openbsd.org 2005/10/30 08:52:18 | ||
687 | [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] | ||
688 | [ssh.c sshconnect.c sshconnect1.c sshd.c] | ||
689 | no need to escape single quotes in comments, no binary change | ||
690 | - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 | ||
691 | [sftp.c] | ||
692 | Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ | ||
693 | - djm@cvs.openbsd.org 2005/10/31 11:12:49 | ||
694 | [ssh-keygen.1 ssh-keygen.c] | ||
695 | generate a protocol 2 RSA key by default | ||
696 | - djm@cvs.openbsd.org 2005/10/31 11:48:29 | ||
697 | [serverloop.c] | ||
698 | make sure we clean up wtmp, etc. file when we receive a SIGTERM, | ||
699 | SIGINT or SIGQUIT when running without privilege separation (the | ||
700 | normal privsep case is already OK). Patch mainly by dtucker@ and | ||
701 | senthilkumar_sen AT hotpop.com; ok dtucker@ | ||
702 | - jmc@cvs.openbsd.org 2005/10/31 19:55:25 | ||
703 | [ssh-keygen.1] | ||
704 | grammar; | ||
705 | - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 | ||
706 | [canohost.c] | ||
707 | Cache reverse lookups with and without DNS separately; ok markus@ | ||
708 | - djm@cvs.openbsd.org 2005/11/04 05:15:59 | ||
709 | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] | ||
710 | remove hardcoded hash lengths in key exchange code, allowing | ||
711 | implementation of KEX methods with different hashes (e.g. SHA-256); | ||
712 | ok markus@ dtucker@ stevesk@ | ||
713 | - djm@cvs.openbsd.org 2005/11/05 05:01:15 | ||
714 | [bufaux.c] | ||
715 | Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT | ||
716 | cs.stanford.edu; ok dtucker@ | ||
717 | - (dtucker) [README.platform] Add PAM section. | ||
718 | - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, | ||
719 | resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; | ||
720 | ok dtucker@ | ||
721 | |||
722 | 20051102 | ||
723 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | ||
724 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | ||
725 | via FreeBSD. | ||
726 | |||
727 | 20051030 | ||
728 | - (djm) [contrib/suse/openssh.spec contrib/suse/rc. | ||
729 | sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init | ||
730 | files from imorgan AT nas.nasa.gov | ||
731 | - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is | ||
732 | enabled, instead allow PAM to handle it. Note that on platforms using PAM, | ||
733 | the pam_nologin module should be added to sshd's session stack in order to | ||
734 | maintain exising behaviour. Based on patch and discussion from t8m at | ||
735 | centrum.cz, ok djm@ | ||
736 | |||
737 | 20051025 | ||
738 | - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the | ||
739 | sizeof(long long) checks, to make fixing bug #1104 easier (no changes | ||
740 | yet). | ||
741 | - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't | ||
742 | understand "%lld", even though the compiler has "long long", so handle | ||
743 | it as a special case. Patch tested by mcaskill.scott at epa.gov. | ||
744 | - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no | ||
745 | prompt. Patch from vinschen at redhat.com. | ||
746 | |||
747 | 20051017 | ||
748 | - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. | ||
749 | /etc/default/login report and testing from aabaker at iee.org, corrections | ||
750 | from tim@. | ||
751 | |||
752 | 20051009 | ||
753 | - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current | ||
754 | versions from OpenBSD. ok djm@ | ||
755 | |||
756 | 20051008 | ||
757 | - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from | ||
758 | brian.smith at agilent com. | ||
759 | - (djm) [configure.ac] missing 'test' call for -with-Werror test | ||
760 | |||
761 | 20051005 | ||
762 | - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended | ||
763 | "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and | ||
764 | senthilkumar_sen at hotpop.com. | ||
765 | |||
766 | 20051003 | ||
767 | - (dtucker) OpenBSD CVS Sync | ||
768 | - markus@cvs.openbsd.org 2005/09/07 08:53:53 | ||
769 | [channels.c] | ||
770 | enforce chanid != NULL; ok djm | ||
771 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 | ||
772 | [clientloop.c] | ||
773 | typo; from mark at mcs.vuw.ac.nz, bug #1082 | ||
774 | - djm@cvs.openbsd.org 2005/09/13 23:40:07 | ||
775 | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c | ||
776 | scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] | ||
777 | ensure that stdio fds are attached; ok deraadt@ | ||
778 | - djm@cvs.openbsd.org 2005/09/19 11:37:34 | ||
779 | [ssh_config.5 ssh.1] | ||
780 | mention ability to specify bind_address for DynamicForward and -D options; | ||
781 | bz#1077 spotted by Haruyama Seigo | ||
782 | - djm@cvs.openbsd.org 2005/09/19 11:47:09 | ||
783 | [sshd.c] | ||
784 | stop connection abort on rekey with delayed compression enabled when | ||
785 | post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ | ||
786 | - djm@cvs.openbsd.org 2005/09/19 11:48:10 | ||
787 | [gss-serv.c] | ||
788 | typo | ||
789 | - jmc@cvs.openbsd.org 2005/09/19 15:38:27 | ||
790 | [ssh.1] | ||
791 | some more .Bk/.Ek to avoid ugly line split; | ||
792 | - jmc@cvs.openbsd.org 2005/09/19 15:42:44 | ||
793 | [ssh.c] | ||
794 | update -D usage here too; | ||
795 | - djm@cvs.openbsd.org 2005/09/19 23:31:31 | ||
796 | [ssh.1] | ||
797 | spelling nit from stevesk@ | ||
798 | - djm@cvs.openbsd.org 2005/09/21 23:36:54 | ||
799 | [sshd_config.5] | ||
800 | aquire -> acquire, from stevesk@ | ||
801 | - djm@cvs.openbsd.org 2005/09/21 23:37:11 | ||
802 | [sshd.c] | ||
803 | change label at markus@'s request | ||
804 | - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 | ||
805 | [ssh-keyscan.1] | ||
806 | deploy .An -nosplit; ok jmc | ||
807 | - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 | ||
808 | [canohost.c] | ||
809 | Relocate check_ip_options call to prevent logging of garbage for | ||
810 | connections with IP options set. bz#1092 from David Leonard, | ||
811 | "looks good" deraadt@ | ||
812 | - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp | ||
813 | is required in the system path for the multiplex test to work. | ||
814 | |||
815 | 20050930 | ||
816 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype | ||
817 | for strtoll. Patch from o.flebbe at science-computing.de. | ||
818 | - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep | ||
819 | child during PAM account check without clearing it. This restores the | ||
820 | post-login warnings such as LDAP password expiry. Patch from Tomas Mraz | ||
821 | with help from several others. | ||
822 | |||
823 | 20050929 | ||
824 | - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg | ||
825 | introduced during sync. | ||
826 | |||
827 | 20050928 | ||
828 | - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. | ||
829 | - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from | ||
830 | PAM via keyboard-interactive. Patch tested by the folks at Vintela. | ||
831 | |||
832 | 20050927 | ||
833 | - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid | ||
834 | calls, since they can't possibly fail. ok djm@ | ||
835 | - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed | ||
836 | process when sshd relies on ssh-random-helper. Should result in faster | ||
837 | logins on systems without a real random device or prngd. ok djm@ | ||
838 | |||
839 | 20050924 | ||
840 | - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove | ||
841 | duplicate call. ok djm@ | ||
842 | |||
843 | 20050922 | ||
844 | - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from | ||
845 | skeleten at shillest.net. | ||
846 | - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at | ||
847 | shillest.net. | ||
848 | |||
849 | 20050919 | ||
850 | - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to | ||
851 | AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. | ||
852 | ok dtucker@ | ||
853 | |||
854 | 20050912 | ||
855 | - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by | ||
856 | Mike Frysinger. | ||
857 | |||
858 | 20050908 | ||
859 | - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to | ||
860 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | ||
861 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | ||
862 | |||
1 | 20050901 | 863 | 20050901 |
2 | - (djm) Update RPM spec file versions | 864 | - (djm) Update RPM spec file versions |
3 | 865 | ||
@@ -2989,4 +3851,4 @@ | |||
2989 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3851 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2990 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3852 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2991 | 3853 | ||
2992 | $Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $ | 3854 | $Id: ChangeLog,v 1.4117.2.10 2006/02/11 00:00:44 djm Exp $ |