summaryrefslogtreecommitdiff
path: root/ChangeLog
AgeCommit message (Collapse)Author
2005-02-26 - (dtucker) [Makefile.in] Add a install-nosysconf target for installing theDarren Tucker
binaries without the config files. Primarily useful for packaging. Patch from phil at usc.edu. ok djm@
2005-02-26 - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]Darren Tucker
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any more. Patch from vinschen at redhat.com.
2005-02-26 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]Darren Tucker
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
2005-02-24 - (djm) [configure.ac] in_addr_t test needs sys/types.h tooDamien Miller
2005-02-22 - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch fromDarren Tucker
vinschen at redhat.com.
2005-02-20 - (dtucker) [configure.ac] Missing comma in AIX section, somehow causesDarren Tucker
unrelated platforms to be configured incorrectly.
2005-02-20 - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.acDarren Tucker
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@
2005-02-16 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some moreDarren Tucker
compiler warnings on AIX.
2005-02-16 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-micDarren Tucker
authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package.
2005-02-16 - (dtucker) [configure.ac] Bug #893: check for libresolv early on ReliantDarren Tucker
Unix; prevents problems relating to the location of -lresolv in the link order.
2005-02-16 - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is definedDarren Tucker
by the system headers.
2005-02-16 - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be calledDarren Tucker
via mkstemp in some configurations. ok djm@
2005-02-16write seed to temporary file and atomically rename into place; ok dtucker@Damien Miller
2005-02-15 - (dtucker) [loginrec.c] Add missing #include.Darren Tucker
2005-02-15 - (dtucker) [README.platform auth.c configure.ac loginrec.cDarren Tucker
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@
2005-02-15 - (dtucker) [config.sh.in] Collect oslevel -r too.Darren Tucker
2005-02-11 - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.Darren Tucker
2005-02-11 - (dtucker) [configure.ac] Tidy up configure --help output.Darren Tucker
2005-02-10 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for theDarren Tucker
--disable-etc-default-login configure option.
2005-02-09 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) requireDarren Tucker
the username to be passed to the passwd command when changing expired passwords. ok djm@
2005-02-09 - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dirDarren Tucker
paths. ok djm@
2005-02-09 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't callDarren Tucker
disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@
2005-02-09 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57Darren Tucker
[sshd.c] Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08Darren Tucker
[monitor.c] Make code match intent; ok djm@
2005-02-09 - jmc@cvs.openbsd.org 2005/01/28 18:14:09Darren Tucker
[ssh_config.5] wording; ok markus@
2005-02-09 - jmc@cvs.openbsd.org 2005/01/28 15:05:43Darren Tucker
[ssh_config.5] grammar;
2005-02-09 - dtucker@cvs.openbsd.org 2005/01/28 09:45:53Darren Tucker
[ssh_config] Make it clear that the example entries in ssh_config are only some of the commonly-used options and refer the user to ssh_config(5) for more details; ok djm@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-08 - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.Darren Tucker
2005-02-08 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for theDarren Tucker
regress tests so newer versions of GNU head(1) behave themselves. Patch by djm, so ok me.
2005-02-04 - (dtucker) [auth.c] Fix parens in audit log check.Darren Tucker
2005-02-04 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.Darren Tucker
2005-02-03typoDarren Tucker
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2005-02-02 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]Darren Tucker
Bug #974: Teach sshd to write failed login records to btmp for failed auth attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@
2005-02-02 - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to childDarren Tucker
the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case.
2005-02-02 - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]Darren Tucker
Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-02-02 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpathDarren Tucker
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
2005-02-01 - (dtucker) [sshd_config.5] Bug #701: remove warning aboutDarren Tucker
keyboard-interactive since this is no longer the case.
2005-02-01 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on someDarren Tucker
platforms syslog will revert to its default values. This may result in messages from external libraries (eg libwrap) being sent to a different facility.
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13Darren Tucker
[auth-passwd.c] #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/24 10:29:06Darren Tucker
[moduli] Import new moduli; requested by deraadt@ a week ago
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/24 10:22:06Darren Tucker
[scp.c sftp.c] Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
2005-01-24 - djm@cvs.openbsd.org 2005/01/23 10:18:12Darren Tucker
[cipher.c] config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59Darren Tucker
[auth.c] Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. bz #909, ok djm@
2005-01-24 - otto@cvs.openbsd.org 2005/01/21 08:32:02Darren Tucker
[auth-passwd.c sshd.c] Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@
2005-01-20 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam fromDarren Tucker
the list of available kbdint devices if UsePAM=no. ok djm@
2005-01-20 - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128Darren Tucker
bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
2005-01-20 - djm@cvs.openbsd.org 2004/12/22 02:13:19Darren Tucker
[cipher-ctr.c cipher.c] remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@ (Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about userDarren Tucker
existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm.