diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 669 |
1 files changed, 668 insertions, 1 deletions
@@ -1,3 +1,670 @@ | |||
1 | 20050309 | ||
2 | - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 | ||
3 | so that regress tests behave. From Chris Adams. | ||
4 | - (djm) OpenBSD CVS Sync | ||
5 | - jmc@cvs.openbsd.org 2005/03/07 23:41:54 | ||
6 | [ssh.1 ssh_config.5] | ||
7 | more macro simplification; | ||
8 | - djm@cvs.openbsd.org 2005/03/08 23:49:48 | ||
9 | [version.h] | ||
10 | OpenSSH 4.0 | ||
11 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
12 | [contrib/suse/openssh.spec] Update spec file versions | ||
13 | - (djm) [log.c] Fix dumb syntax error; ok dtucker@ | ||
14 | - (djm) Release OpenSSH 4.0p1 | ||
15 | |||
16 | 20050307 | ||
17 | - (dtucker) [configure.ac] Disable gettext search when configuring with | ||
18 | BSM audit support for the time being. ok djm@ | ||
19 | - (dtucker) OpenBSD CVS Sync (regress/) | ||
20 | - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 | ||
21 | [Makefile sftp-glob.sh] | ||
22 | some globbing regress; prompted and ok djm@ | ||
23 | - david@cvs.openbsd.org 2005/01/14 04:21:18 | ||
24 | [Makefile test-exec.sh] | ||
25 | pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ | ||
26 | - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 | ||
27 | [multiplex.sh test-exec.sh sshd-log-wrapper.sh] | ||
28 | Add optional capability to log output from regress commands; ok markus@ | ||
29 | Use with: make TEST_SSH_LOGFILE=/tmp/regress.log | ||
30 | - djm@cvs.openbsd.org 2005/02/27 23:13:36 | ||
31 | [login-timeout.sh] | ||
32 | avoid nameservice lookups in regress test; ok dtucker@ | ||
33 | - djm@cvs.openbsd.org 2005/03/04 08:48:46 | ||
34 | [Makefile envpass.sh] | ||
35 | regress test for SendEnv config parsing bug; ok dtucker@ | ||
36 | - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. | ||
37 | - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. | ||
38 | |||
39 | 20050306 | ||
40 | - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor | ||
41 | when attempting to audit disconnect events. Reported by Phil Dibowitz. | ||
42 | - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit | ||
43 | events earlier, prevents mm_request_send errors reported by Matt Goebel. | ||
44 | |||
45 | 20050305 | ||
46 | - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch | ||
47 | from vinschen at redhat.com | ||
48 | - (djm) OpenBSD CVS Sync | ||
49 | - jmc@cvs.openbsd.org 2005/03/02 11:45:01 | ||
50 | [ssh.1] | ||
51 | missing word; | ||
52 | - djm@cvs.openbsd.org 2005/03/04 08:48:06 | ||
53 | [readconf.c] | ||
54 | fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ | ||
55 | |||
56 | 20050302 | ||
57 | - (djm) OpenBSD CVS sync: | ||
58 | - jmc@cvs.openbsd.org 2005/03/01 14:47:58 | ||
59 | [ssh.1] | ||
60 | remove some unneccesary macros; | ||
61 | do not mark up punctuation; | ||
62 | - jmc@cvs.openbsd.org 2005/03/01 14:55:23 | ||
63 | [ssh_config.5] | ||
64 | do not mark up punctuation; | ||
65 | whitespace; | ||
66 | - jmc@cvs.openbsd.org 2005/03/01 14:59:49 | ||
67 | [sshd.8] | ||
68 | new sentence, new line; | ||
69 | whitespace; | ||
70 | - jmc@cvs.openbsd.org 2005/03/01 15:05:00 | ||
71 | [ssh-keygen.1] | ||
72 | whitespace; | ||
73 | - jmc@cvs.openbsd.org 2005/03/01 15:47:14 | ||
74 | [ssh-keyscan.1 ssh-keyscan.c] | ||
75 | sort options and sync usage(); | ||
76 | - jmc@cvs.openbsd.org 2005/03/01 17:19:35 | ||
77 | [scp.1 sftp.1] | ||
78 | add HashKnownHosts to -o list; | ||
79 | ok markus@ | ||
80 | - jmc@cvs.openbsd.org 2005/03/01 17:22:06 | ||
81 | [ssh.c] | ||
82 | sync usage() w/ man SYNOPSIS; | ||
83 | ok markus@ | ||
84 | - jmc@cvs.openbsd.org 2005/03/01 17:32:19 | ||
85 | [ssh-add.1] | ||
86 | sort options; | ||
87 | - jmc@cvs.openbsd.org 2005/03/01 18:15:56 | ||
88 | [ssh-keygen.1] | ||
89 | sort options (no attempt made at synopsis clean up though); | ||
90 | spelling (occurance -> occurrence); | ||
91 | use prompt before examples; | ||
92 | grammar; | ||
93 | - djm@cvs.openbsd.org 2005/03/02 01:00:06 | ||
94 | [sshconnect.c] | ||
95 | fix addition of new hashed hostnames when CheckHostIP=yes; | ||
96 | found and ok dtucker@ | ||
97 | - djm@cvs.openbsd.org 2005/03/02 01:27:41 | ||
98 | [ssh-keygen.c] | ||
99 | ignore hostnames with metachars when hashing; ok deraadt@ | ||
100 | - djm@cvs.openbsd.org 2005/03/02 02:21:07 | ||
101 | [ssh.1] | ||
102 | bz#987: mention ForwardX11Trusted in ssh.1, | ||
103 | reported by andrew.benham AT thus.net; ok deraadt@ | ||
104 | - (tim) [regress/agent-ptrace.sh] add another possible gdb error. | ||
105 | |||
106 | 20050301 | ||
107 | - (djm) OpenBSD CVS sync: | ||
108 | - otto@cvs.openbsd.org 2005/02/16 09:56:44 | ||
109 | [ssh.c] | ||
110 | Better diagnostic if an identity file is not accesible. ok markus@ djm@ | ||
111 | - djm@cvs.openbsd.org 2005/02/18 03:05:53 | ||
112 | [canohost.c] | ||
113 | better error messages for getnameinfo failures; ok dtucker@ | ||
114 | - djm@cvs.openbsd.org 2005/02/20 22:59:06 | ||
115 | [sftp.c] | ||
116 | turn on ssh batch mode when in sftp batch mode, patch from | ||
117 | jdmossh AT nand.net; | ||
118 | ok markus@ | ||
119 | - jmc@cvs.openbsd.org 2005/02/25 10:55:13 | ||
120 | [sshd.8] | ||
121 | add /etc/motd and $HOME/.hushlogin to FILES; | ||
122 | from michael knudsen; | ||
123 | - djm@cvs.openbsd.org 2005/02/28 00:54:10 | ||
124 | [ssh_config.5] | ||
125 | bz#849: document timeout on untrusted x11 forwarding sessions. Reported by | ||
126 | orion AT cora.nwra.com; ok markus@ | ||
127 | - djm@cvs.openbsd.org 2005/03/01 10:09:52 | ||
128 | [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] | ||
129 | [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] | ||
130 | [sshd_config.5] | ||
131 | bz#413: allow optional specification of bind address for port forwardings. | ||
132 | Patch originally by Dan Astorian, but worked on by several people | ||
133 | Adds GatewayPorts=clientspecified option on server to allow remote | ||
134 | forwards to bind to client-specified ports. | ||
135 | - djm@cvs.openbsd.org 2005/03/01 10:40:27 | ||
136 | [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] | ||
137 | [sshconnect.c sshd.8] | ||
138 | add support for hashing host names and addresses added to known_hosts | ||
139 | files, to improve privacy of which hosts user have been visiting; ok | ||
140 | markus@ deraadt@ | ||
141 | - djm@cvs.openbsd.org 2005/03/01 10:41:28 | ||
142 | [ssh-keyscan.1 ssh-keyscan.c] | ||
143 | option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ | ||
144 | - djm@cvs.openbsd.org 2005/03/01 10:42:49 | ||
145 | [ssh-keygen.1 ssh-keygen.c ssh_config.5] | ||
146 | add tools for managing known_hosts files with hashed hostnames, including | ||
147 | hashing existing files and deleting hosts by name; ok markus@ deraadt@ | ||
148 | |||
149 | 20050226 | ||
150 | - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] | ||
151 | Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. | ||
152 | - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] | ||
153 | Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any | ||
154 | more. Patch from vinschen at redhat.com. | ||
155 | - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the | ||
156 | binaries without the config files. Primarily useful for packaging. | ||
157 | Patch from phil at usc.edu. ok djm@ | ||
158 | |||
159 | 20050224 | ||
160 | - (djm) [configure.ac] in_addr_t test needs sys/types.h too | ||
161 | |||
162 | 20050222 | ||
163 | - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from | ||
164 | vinschen at redhat.com. | ||
165 | |||
166 | 20050220 | ||
167 | - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac | ||
168 | defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure | ||
169 | --with-audit=bsm to enable. Patch originally from Sun Microsystems, | ||
170 | parts by John R. Jackson. ok djm@ | ||
171 | - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes | ||
172 | unrelated platforms to be configured incorrectly. | ||
173 | |||
174 | 20050216 | ||
175 | - (djm) write seed to temporary file and atomically rename into place; | ||
176 | ok dtucker@ | ||
177 | - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called | ||
178 | via mkstemp in some configurations. ok djm@ | ||
179 | - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined | ||
180 | by the system headers. | ||
181 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant | ||
182 | Unix; prevents problems relating to the location of -lresolv in the | ||
183 | link order. | ||
184 | - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic | ||
185 | authentication early enough to be available to PAM session modules when | ||
186 | privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam | ||
187 | Hartman and similar to Debian's ssh-krb5 package. | ||
188 | - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more | ||
189 | compiler warnings on AIX. | ||
190 | |||
191 | 20050215 | ||
192 | - (dtucker) [config.sh.in] Collect oslevel -r too. | ||
193 | - (dtucker) [README.platform auth.c configure.ac loginrec.c | ||
194 | openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 | ||
195 | on AIX where possible (see README.platform for details) and work around | ||
196 | a misfeature of AIX's getnameinfo. ok djm@ | ||
197 | - (dtucker) [loginrec.c] Add missing #include. | ||
198 | |||
199 | 20050211 | ||
200 | - (dtucker) [configure.ac] Tidy up configure --help output. | ||
201 | - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. | ||
202 | |||
203 | 20050210 | ||
204 | - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the | ||
205 | --disable-etc-default-login configure option. | ||
206 | |||
207 | 20050209 | ||
208 | - (dtucker) OpenBSD CVS Sync | ||
209 | - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 | ||
210 | [ssh_config] | ||
211 | Make it clear that the example entries in ssh_config are only some of the | ||
212 | commonly-used options and refer the user to ssh_config(5) for more | ||
213 | details; ok djm@ | ||
214 | - jmc@cvs.openbsd.org 2005/01/28 15:05:43 | ||
215 | [ssh_config.5] | ||
216 | grammar; | ||
217 | - jmc@cvs.openbsd.org 2005/01/28 18:14:09 | ||
218 | [ssh_config.5] | ||
219 | wording; | ||
220 | ok markus@ | ||
221 | - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 | ||
222 | [monitor.c] | ||
223 | Make code match intent; ok djm@ | ||
224 | - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 | ||
225 | [sshd.c] | ||
226 | Provide reason in error message if getnameinfo fails; ok markus@ | ||
227 | - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call | ||
228 | disable_forwarding() from compat library. Prevent linker errrors trying | ||
229 | to resolve it for binaries other than sshd. ok djm@ | ||
230 | - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir | ||
231 | paths. ok djm@ | ||
232 | - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require | ||
233 | the username to be passed to the passwd command when changing expired | ||
234 | passwords. ok djm@ | ||
235 | |||
236 | 20050208 | ||
237 | - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the | ||
238 | regress tests so newer versions of GNU head(1) behave themselves. Patch | ||
239 | by djm, so ok me. | ||
240 | - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. | ||
241 | - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c | ||
242 | monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit | ||
243 | defines and enums with SSH_ to prevent namespace collisions on some | ||
244 | platforms (eg AIX). | ||
245 | |||
246 | 20050204 | ||
247 | - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. | ||
248 | - (dtucker) [auth.c] Fix parens in audit log check. | ||
249 | |||
250 | 20050202 | ||
251 | - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath | ||
252 | rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ | ||
253 | - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] | ||
254 | Make record_failed_login() call provide hostname rather than having the | ||
255 | implementations having to do lookups themselves. Only affects AIX and | ||
256 | UNICOS (the latter only uses the "user" parameter anyway). ok djm@ | ||
257 | - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child | ||
258 | the process. Since we also unset KRB5CCNAME at startup, if it's set after | ||
259 | authentication it must have been set by the platform's native auth system. | ||
260 | This was already done for AIX; this enables it for the general case. | ||
261 | - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] | ||
262 | Bug #974: Teach sshd to write failed login records to btmp for failed auth | ||
263 | attempts (currently only for password, kbdint and C/R, only on Linux and | ||
264 | HP-UX), based on code from login.c from util-linux. With ashok_kovai at | ||
265 | hotmail.com, ok djm@ | ||
266 | - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c | ||
267 | monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: | ||
268 | (first stage) Add audit instrumentation to sshd, currently disabled by | ||
269 | default. with suggestions from and ok djm@ | ||
270 | |||
271 | 20050201 | ||
272 | - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some | ||
273 | platforms syslog will revert to its default values. This may result in | ||
274 | messages from external libraries (eg libwrap) being sent to a different | ||
275 | facility. | ||
276 | - (dtucker) [sshd_config.5] Bug #701: remove warning about | ||
277 | keyboard-interactive since this is no longer the case. | ||
278 | |||
279 | 20050124 | ||
280 | - (dtucker) OpenBSD CVS Sync | ||
281 | - otto@cvs.openbsd.org 2005/01/21 08:32:02 | ||
282 | [auth-passwd.c sshd.c] | ||
283 | Warn in advance for password and account expiry; initialize loginmsg | ||
284 | buffer earlier and clear it after privsep fork. ok and help dtucker@ | ||
285 | markus@ | ||
286 | - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 | ||
287 | [auth.c] | ||
288 | Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and | ||
289 | DenyGroups. bz #909, ok djm@ | ||
290 | - djm@cvs.openbsd.org 2005/01/23 10:18:12 | ||
291 | [cipher.c] | ||
292 | config option "Ciphers" should be case-sensitive; ok dtucker@ | ||
293 | - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 | ||
294 | [scp.c sftp.c] | ||
295 | Have scp and sftp wait for the spawned ssh to exit before they exit | ||
296 | themselves. This prevents ssh from being unable to restore terminal | ||
297 | modes (not normally a problem on OpenBSD but common with -Portable | ||
298 | on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); | ||
299 | ok djm@ markus@ | ||
300 | - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 | ||
301 | [moduli] | ||
302 | Import new moduli; requested by deraadt@ a week ago | ||
303 | - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 | ||
304 | [auth-passwd.c] | ||
305 | #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ | ||
306 | |||
307 | 20050120 | ||
308 | - (dtucker) OpenBSD CVS Sync | ||
309 | - markus@cvs.openbsd.org 2004/12/23 17:35:48 | ||
310 | [session.c] | ||
311 | check for NULL; from mpech | ||
312 | - markus@cvs.openbsd.org 2004/12/23 17:38:07 | ||
313 | [ssh-keygen.c] | ||
314 | leak; from mpech | ||
315 | - djm@cvs.openbsd.org 2004/12/23 23:11:00 | ||
316 | [servconf.c servconf.h sshd.c sshd_config sshd_config.5] | ||
317 | bz #898: support AddressFamily in sshd_config. from | ||
318 | peak@argo.troja.mff.cuni.cz; ok deraadt@ | ||
319 | - markus@cvs.openbsd.org 2005/01/05 08:51:32 | ||
320 | [sshconnect.c] | ||
321 | remove dead code, log connect() failures with level error, ok djm@ | ||
322 | - jmc@cvs.openbsd.org 2005/01/08 00:41:19 | ||
323 | [sshd_config.5] | ||
324 | `login'(n) -> `log in'(v); | ||
325 | - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 | ||
326 | [moduli.c] | ||
327 | Correct spelling: SCHNOOR->SCHNORR; ok djm@ | ||
328 | - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 | ||
329 | [sshd.c] | ||
330 | Make debugging output continue after reexec; ok djm@ | ||
331 | - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 | ||
332 | [auth-bsdauth.c auth2-chall.c] | ||
333 | Have keyboard-interactive code call the drivers even for responses for | ||
334 | invalid logins. This allows the drivers themselves to decide how to | ||
335 | handle them and prevent leaking information where possible. Existing | ||
336 | behaviour for bsdauth is maintained by checking authctxt->valid in the | ||
337 | bsdauth driver. Note that any third-party kbdint drivers will now need | ||
338 | to be able to handle responses for invalid logins. ok markus@ | ||
339 | - djm@cvs.openbsd.org 2004/12/22 02:13:19 | ||
340 | [cipher-ctr.c cipher.c] | ||
341 | remove fallback AES support for old OpenSSL, as OpenBSD has had it for | ||
342 | many years now; ok deraadt@ | ||
343 | (Id sync only: Portable will continue to support older OpenSSLs) | ||
344 | - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user | ||
345 | existence via keyboard-interactive/pam, in conjunction with previous | ||
346 | auth2-chall.c change; with Colin Watson and djm. | ||
347 | - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 | ||
348 | bytes to prevent errors from login_init_entry() when the username is | ||
349 | exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ | ||
350 | - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from | ||
351 | the list of available kbdint devices if UsePAM=no. ok djm@ | ||
352 | |||
353 | 20050118 | ||
354 | - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement | ||
355 | "make survey" and "make send-survey". This will provide data on the | ||
356 | configure parameters, platform and platform features to the development | ||
357 | team, which will allow (among other things) better targetting of testing. | ||
358 | It's entirely voluntary and is off be default. ok djm@ | ||
359 | - (dtucker) [survey.sh.in] Remove any blank lines from the output of | ||
360 | ccver-v and ccver-V. | ||
361 | |||
362 | 20041220 | ||
363 | - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading | ||
364 | from prngd is enabled at compile time but fails at run time, eg because | ||
365 | prngd is not running. Note that if you have prngd running when OpenSSH is | ||
366 | built, OpenSSL will consider itself internally seeded and rand-helper won't | ||
367 | be built at all unless explicitly enabled via --with-rand-helper. ok djm@ | ||
368 | - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since | ||
369 | on some wacky platforms (eg old AIXes), dd will refuse to create an output | ||
370 | file if it doesn't exist. | ||
371 | |||
372 | 20041213 | ||
373 | - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from | ||
374 | amarendra.godbole at ge com. | ||
375 | |||
376 | 20041211 | ||
377 | - (dtucker) OpenBSD CVS Sync | ||
378 | - markus@cvs.openbsd.org 2004/12/06 16:00:43 | ||
379 | [bufaux.c] | ||
380 | use 0x00 not \0 since buf[] is a bignum | ||
381 | - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 | ||
382 | [sftp.c] | ||
383 | - fix globbed ls for paths the same lenght as the globbed path when | ||
384 | we have a unique matching. | ||
385 | - fix globbed ls in case of a directory when we have a unique matching. | ||
386 | - as a side effect, if the path does not exist error (used to silently | ||
387 | ignore). | ||
388 | - don't do extra do_lstat() if we only have one matching file. | ||
389 | djm@ ok | ||
390 | - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 | ||
391 | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] | ||
392 | Fix debug call in error path of authorized_keys processing and fix related | ||
393 | warnings; ok djm@ | ||
394 | |||
395 | 20041208 | ||
396 | - (tim) [configure.ac] Comment some non obvious platforms in the | ||
397 | target-specific case statement. Suggested and OK by dtucker@ | ||
398 | |||
399 | 20041207 | ||
400 | - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. | ||
401 | |||
402 | 20041206 | ||
403 | - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ | ||
404 | - (dtucker) OpenBSD CVS Sync | ||
405 | - markus@cvs.openbsd.org 2004/11/25 22:22:14 | ||
406 | [sftp-client.c sftp.c] | ||
407 | leak; from mpech | ||
408 | - jmc@cvs.openbsd.org 2004/11/29 00:05:17 | ||
409 | [sftp.1] | ||
410 | missing full stop; | ||
411 | - djm@cvs.openbsd.org 2004/11/29 07:41:24 | ||
412 | [sftp-client.h sftp.c] | ||
413 | Some small fixes from moritz@jodeit.org. ok deraadt@ | ||
414 | - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 | ||
415 | [sftp.1] | ||
416 | - explain that patterns can be used as arguments in get/put/ls/etc | ||
417 | commands (prodded by Michael Knudsen) | ||
418 | - describe ls flags as a list | ||
419 | - other minor improvements | ||
420 | ok jmc, djm | ||
421 | - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 | ||
422 | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] | ||
423 | Discard over-length authorized_keys entries rather than complaining when | ||
424 | they don't decode. bz #884, with & ok djm@ | ||
425 | - (dtucker) OpenBSD CVS Sync (regress/) | ||
426 | - djm@cvs.openbsd.org 2004/06/26 06:16:07 | ||
427 | [reexec.sh] | ||
428 | don't change the name of the copied sshd for the reexec fallback test, | ||
429 | makes life simpler for portable | ||
430 | - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 | ||
431 | [scp.sh] | ||
432 | Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ | ||
433 | - david@cvs.openbsd.org 2004/07/09 19:45:43 | ||
434 | [Makefile] | ||
435 | add a missing CLEANFILES used in the re-exec test | ||
436 | - djm@cvs.openbsd.org 2004/10/08 02:01:50 | ||
437 | [reexec.sh] | ||
438 | shrink and tidy; ok dtucker@ | ||
439 | - djm@cvs.openbsd.org 2004/10/29 23:59:22 | ||
440 | [Makefile added brokenkeys.sh] | ||
441 | regression test for handling of corrupt keys in authorized_keys file | ||
442 | - djm@cvs.openbsd.org 2004/11/07 00:32:41 | ||
443 | [multiplex.sh] | ||
444 | regression tests for new multiplex commands | ||
445 | - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 | ||
446 | [test-exec.sh] | ||
447 | Remove obsolete RhostsAuthentication from test config; ok markus@ | ||
448 | - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 | ||
449 | [test-exec.sh] | ||
450 | Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ | ||
451 | |||
452 | 20041203 | ||
453 | - (dtucker) OpenBSD CVS Sync | ||
454 | - jmc@cvs.openbsd.org 2004/11/07 17:42:36 | ||
455 | [ssh.1] | ||
456 | options sort, and whitespace; | ||
457 | - jmc@cvs.openbsd.org 2004/11/07 17:57:30 | ||
458 | [ssh.c] | ||
459 | usage(): | ||
460 | - add -O | ||
461 | - sync -S w/ manpage | ||
462 | - remove -h | ||
463 | - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is | ||
464 | subsequently denied by the PAM auth stack, send the PAM message to the | ||
465 | user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). | ||
466 | ok djm@ | ||
467 | |||
468 | 20041107 | ||
469 | - (dtucker) OpenBSD CVS Sync | ||
470 | - djm@cvs.openbsd.org 2004/11/05 12:19:56 | ||
471 | [sftp.c] | ||
472 | command editing and history support via libedit; ok markus@ | ||
473 | thanks to hshoexer@ and many testers on tech@ too | ||
474 | - djm@cvs.openbsd.org 2004/11/07 00:01:46 | ||
475 | [clientloop.c clientloop.h ssh.1 ssh.c] | ||
476 | add basic control of a running multiplex master connection; including the | ||
477 | ability to check its status and request it to exit; ok markus@ | ||
478 | - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure | ||
479 | option and supporting makefile bits and documentation. | ||
480 | |||
481 | 20041105 | ||
482 | - (dtucker) OpenBSD CVS Sync | ||
483 | - markus@cvs.openbsd.org 2004/08/30 09:18:08 | ||
484 | [LICENCE] | ||
485 | s/keygen/keyscan/ | ||
486 | - jmc@cvs.openbsd.org 2004/08/30 21:22:49 | ||
487 | [ssh-add.1 ssh.1] | ||
488 | .Xsession -> .xsession; | ||
489 | originally from a pr from f at obiit dot org, but missed by myself; | ||
490 | ok markus@ matthieu@ | ||
491 | - djm@cvs.openbsd.org 2004/09/07 23:41:30 | ||
492 | [clientloop.c ssh.c] | ||
493 | cleanup multiplex control socket on SIGHUP too, spotted by sturm@ | ||
494 | ok markus@ deraadt@ | ||
495 | - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 | ||
496 | [ssh.c] | ||
497 | /* fallthrough */ is something a programmer understands. But | ||
498 | /* FALLTHROUGH */ is also understood by lint, so that is better. | ||
499 | - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 | ||
500 | [sshd_config.5] | ||
501 | mention PrintLastLog only prints last login time for interactive | ||
502 | sessions, like PrintMotd mentions. | ||
503 | From Michael Knudsen, with wording changed slightly to match the | ||
504 | PrintMotd description. | ||
505 | ok djm | ||
506 | - mickey@cvs.openbsd.org 2004/09/15 18:42:27 | ||
507 | [sshd.c] | ||
508 | use less doubles in daemons; markus@ ok | ||
509 | - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 | ||
510 | [scp.c] | ||
511 | scratch that do { } while (0) wrapper in this case | ||
512 | - djm@cvs.openbsd.org 2004/09/23 13:00:04 | ||
513 | [ssh.c] | ||
514 | correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ | ||
515 | - djm@cvs.openbsd.org 2004/09/25 03:45:14 | ||
516 | [sshd.c] | ||
517 | these printf args are no longer double; ok deraadt@ markus@ | ||
518 | - djm@cvs.openbsd.org 2004/10/07 10:10:24 | ||
519 | [scp.1 sftp.1 ssh.1 ssh_config.5] | ||
520 | document KbdInteractiveDevices; ok markus@ | ||
521 | - djm@cvs.openbsd.org 2004/10/07 10:12:36 | ||
522 | [ssh-agent.c] | ||
523 | don't unlink agent socket when bind() fails, spotted by rich AT | ||
524 | rich-paul.net, ok markus@ | ||
525 | - markus@cvs.openbsd.org 2004/10/20 11:48:53 | ||
526 | [packet.c ssh1.h] | ||
527 | disconnect for invalid (out of range) message types. | ||
528 | - djm@cvs.openbsd.org 2004/10/29 21:47:15 | ||
529 | [channels.c channels.h clientloop.c] | ||
530 | fix some window size change bugs for multiplexed connections: windows sizes | ||
531 | were not being updated if they had changed after ~^Z suspends and SIGWINCH | ||
532 | was not being processed unless the first connection had requested a tty; | ||
533 | ok markus | ||
534 | - djm@cvs.openbsd.org 2004/10/29 22:53:56 | ||
535 | [clientloop.c misc.h readpass.c ssh-agent.c] | ||
536 | factor out common permission-asking code to separate function; ok markus@ | ||
537 | - djm@cvs.openbsd.org 2004/10/29 23:56:17 | ||
538 | [bufaux.c bufaux.h buffer.c buffer.h] | ||
539 | introduce a new buffer API that returns an error rather than fatal()ing | ||
540 | when presented with bad data; ok markus@ | ||
541 | - djm@cvs.openbsd.org 2004/10/29 23:57:05 | ||
542 | [key.c] | ||
543 | use new buffer API to avoid fatal errors on corrupt keys in authorized_keys | ||
544 | files; ok markus@ | ||
545 | |||
546 | 20041102 | ||
547 | - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX | ||
548 | 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ | ||
549 | only if a conflict is detected. | ||
550 | |||
551 | 20041019 | ||
552 | - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or | ||
553 | on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ | ||
554 | |||
555 | 20041016 | ||
556 | - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; | ||
557 | ok dtucker@ | ||
558 | |||
559 | 20041006 | ||
560 | - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode | ||
561 | and other PAM platforms. | ||
562 | - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants | ||
563 | to void * to appease picky compilers (eg Tru64's "cc -std1"). | ||
564 | |||
565 | 20040930 | ||
566 | - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ | ||
567 | |||
568 | 20040923 | ||
569 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, | ||
570 | which could have caused the justification to be wrong. ok djm@ | ||
571 | |||
572 | 20040921 | ||
573 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. | ||
574 | ok djm@ | ||
575 | - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin | ||
576 | install process. Patch from vinschen at redhat.com. | ||
577 | |||
578 | 20040912 | ||
579 | - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. | ||
580 | No change in resultant binary | ||
581 | - (djm) [loginrec.c] __func__ifiy | ||
582 | - (djm) [loginrec.c] xmalloc | ||
583 | - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol | ||
584 | banner. Suggested by deraadt@, ok mouring@, dtucker@ | ||
585 | - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. | ||
586 | Partly by & ok djm@. | ||
587 | |||
588 | 20040911 | ||
589 | - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ | ||
590 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from | ||
591 | failing PAM session modules to user then exit, similar to the way | ||
592 | /etc/nologin is handled. ok djm@ | ||
593 | - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. | ||
594 | - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] | ||
595 | Make cygwin code more consistent with that which surrounds it | ||
596 | - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] | ||
597 | Bug #892: Send messages from failing PAM account modules to the client via | ||
598 | SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with | ||
599 | SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ | ||
600 | - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ | ||
601 | - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. | ||
602 | Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ | ||
603 | - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert | ||
604 | at anl.gov, ok djm@ | ||
605 | |||
606 | 20040830 | ||
607 | - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only | ||
608 | copy required environment variables on Cygwin. Patch from vinschen at | ||
609 | redhat.com, ok djm@ | ||
610 | - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from | ||
611 | vinschen at redhat.com. | ||
612 | - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability | ||
613 | of shell constructs. Patch from cjwatson at debian.org. | ||
614 | |||
615 | 20040829 | ||
616 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from | ||
617 | failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. | ||
618 | From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ | ||
619 | - (dtucker) OpenBSD CVS Sync | ||
620 | - djm@cvs.openbsd.org 2004/08/23 11:48:09 | ||
621 | [authfile.c] | ||
622 | fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus | ||
623 | - djm@cvs.openbsd.org 2004/08/23 11:48:47 | ||
624 | [channels.c] | ||
625 | typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus | ||
626 | - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 | ||
627 | [ssh-keysign.c ssh.c] | ||
628 | Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches | ||
629 | change in Portable; ok markus@ (CVS ID sync only) | ||
630 | - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 | ||
631 | [ssh-keysign.c] | ||
632 | Remove duplicate getuid(), suggested by & ok markus@ | ||
633 | - markus@cvs.openbsd.org 2004/08/26 16:00:55 | ||
634 | [ssh.1 sshd.8] | ||
635 | get rid of references to rhosts authentication; with jmc@ | ||
636 | - djm@cvs.openbsd.org 2004/08/28 01:01:48 | ||
637 | [sshd.c] | ||
638 | don't erroneously close stdin for !reexec case, from Dave Johnson; | ||
639 | ok markus@ | ||
640 | - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, | ||
641 | fixes configure warning on Solaris reported by wknox at mitre.org. | ||
642 | - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not | ||
643 | support FD passing since multiplex requires it. Noted by tim@ | ||
644 | - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn | ||
645 | down, needed on some platforms, should be harmless on others. Patch from | ||
646 | jason at devrandom.org. | ||
647 | - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like | ||
648 | files ending in .exe that aren't binaries; patch from vinschen at redhat.com. | ||
649 | - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree | ||
650 | builds too, from vinschen at redhat.com. | ||
651 | - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 | ||
652 | too; patch from cmadams at hiwaay.net. | ||
653 | - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. | ||
654 | - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for | ||
655 | accounts with authentication configs that sshd can't support (ie | ||
656 | SYSTEM=NONE and AUTH1=something). | ||
657 | |||
658 | 20040828 | ||
659 | - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from | ||
660 | vinschen at redhat.com. | ||
661 | |||
662 | 20040823 | ||
663 | - (djm) [ssh-rand-helper.c] Typo. Found by | ||
664 | Martin.Kraemer AT Fujitsu-Siemens.com | ||
665 | - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by | ||
666 | Martin.Kraemer AT Fujitsu-Siemens.com | ||
667 | |||
1 | 20040817 | 668 | 20040817 |
2 | - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. | 669 | - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. |
3 | - (djm) OpenBSD CVS Sync | 670 | - (djm) OpenBSD CVS Sync |
@@ -1654,4 +2321,4 @@ | |||
1654 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2321 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1655 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2322 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1656 | 2323 | ||
1657 | $Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $ | 2324 | $Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ |