1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
|
19991215
- Integrated patchs from Juergen Keil <jk@tools.de>
- Avoid void* pointer arithmatic
- Use LDFLAGS correctly
- Fix SIGIO error in scp
- Simplify status line printing in scp
- Added better test for inline functions compiler support from
Darren_Hall@progressive.com
19991214
- OpenBSD CVS Changes
- [canohost.c]
fix get_remote_port() and friends for sshd -i;
Holger.Trapp@Informatik.TU-Chemnitz.DE
- [mpaux.c]
make code simpler. no need for memcpy. niels@ ok
- [pty.c]
namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
fix proto; markus
- [ssh.1]
typo; mark.baushke@solipsa.com
- [channels.c ssh.c ssh.h sshd.c]
type conflict for 'extern Type *options' in channels.c; dot@dotat.at
- [sshconnect.c]
move checking of hostkey into own function.
- [version.h]
OpenSSH-1.2.1
- Clean up broken includes in pty.c
- Some older systems don't have poll.h, they use sys/poll.h instead
- Doc updates
19991211
- Fix compilation on systems with AFS. Reported by
aloomis@glue.umd.edu
- Fix installation on Solaris. Reported by
Gordon Rowell <gordonr@gormand.com.au>
- Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
- Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
- Compile fix from David Agraz <dagraz@jahoopa.com>
- Avoid compiler warning in bsd-snprintf.c
- Added pam_limits.so to default PAM config. Suggested by
Jim Knoble <jmknoble@pobox.com>
19991209
- Import of patch from Ben Taylor <bent@clark.net>:
- Improved PAM support
- "uninstall" rule for Makefile
- utmpx support
- Should fix PAM problems on Solaris
- OpenBSD CVS updates:
- [readpass.c]
avoid stdio; based on work by markus, millert, and I
- [sshd.c]
make sure the client selects a supported cipher
- [sshd.c]
fix sighup handling. accept would just restart and daemon handled
sighup only after the next connection was accepted. use poll on
listen sock now.
- [sshd.c]
make that a fatal
- Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
to fix libwrap support on NetBSD
- Released 1.2pre17
19991208
- Compile fix for Solaris with /dev/ptmx from
David Agraz <dagraz@jahoopa.com>
19991207
- sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
fixes compatability with 4.x and 5.x
- Fixed default SSH_ASKPASS
- Fix PAM account and session being called multiple times. Problem
reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
- Merged more OpenBSD changes:
- [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
move atomicio into it's own file. wrap all socket write()s which
were doing write(sock, buf, len) != len, with atomicio() calls.
- [auth-skey.c]
fd leak
- [authfile.c]
properly name fd variable
- [channels.c]
display great hatred towards strcpy
- [pty.c pty.h sshd.c]
use openpty() if it exists (it does on BSD4_4)
- [tildexpand.c]
check for ~ expansion past MAXPATHLEN
- Modified helper.c to use new atomicio function.
- Reformat Makefile a little
- Moved RC4 routines from rc4.[ch] into helper.c
- Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
- Updated SuSE spec from Chris Saia <csaia@wtower.com>
- Tweaked Redhat spec
- Clean up bad imports of a few files (forgot -kb)
- Released 1.2pre16
19991204
- Small cleanup of PAM code in sshd.c
- Merged OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
- [auth-rsa.c]
warn only about mismatch if key is _used_
warn about keysize-mismatch with log() not error()
channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
ports are u_short
- [hostfile.c]
indent, shorter warning
- [nchan.c]
use error() for internal errors
- [packet.c]
set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
serverloop.c
indent
- [ssh-add.1 ssh-add.c ssh.h]
document $SSH_ASKPASS, reasonable default
- [ssh.1]
CheckHostIP is not available for connects via proxy command
- [sshconnect.c]
typo
easier to read client code for passwd and skey auth
turn of checkhostip for proxy connects, since we don't know the remote ip
19991126
- Add definition for __P()
- Added [v]snprintf() replacement for systems that lack it
19991125
- More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
- [channels.c]
fix packet_integrity_check() for !have_hostname_in_open.
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
- Added BSD compatible install program and autoconf test, thanks to
Niels Kristian Bech Jensen <nkbj@image.dk>
- Solaris fixing, thanks to Ben Taylor <bent@clark.net>
- Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
- Release 1.2pre15
19991124
- Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
19991123
- Added SuSE package files from Chris Saia <csaia@wtower.com>
- Restructured package-related files under packages/*
- Added generic PAM config
- Numerous little Solaris fixes
- Add recommendation to use GNU make to INSTALL document
19991122
- Make <enter> close gnome-ssh-askpass (Debian bug #50299)
- OpenBSD CVS Changes
- [ssh-keygen.c]
don't create ~/.ssh only if the user wants to store the private
key there. show fingerprint instead of public-key after
keygeneration. ok niels@
- Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
- Added timersub() macro
- Tidy RCSIDs of bsd-*.c
- Added autoconf test and macro to deal with old PAM libraries
pam_strerror definition (one arg vs two).
- Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
- Retry /dev/urandom reads interrupted by signal (report from
Robert Hardy <rhardy@webcon.net>)
- Added a setenv replacement for systems which lack it
- Only display public key comment when presenting ssh-askpass dialog
- Released 1.2pre14
- Configure, Make and changelog corrections from Tudor Bosman
<tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
19991121
- OpenBSD CVS Changes:
- [channels.c]
make this compile, bad markus
- [log.c readconf.c servconf.c ssh.h]
bugfix: loglevels are per host in clientconfig,
factor out common log-level parsing code.
- [servconf.c]
remove unused index (-Wall)
- [ssh-agent.c]
only one 'extern char *__progname'
- [sshd.8]
document SIGHUP, -Q to synopsis
- [sshconnect.c serverloop.c sshd.c packet.c packet.h]
[channels.c clientloop.c]
SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
[hope this time my ISP stays alive during commit]
- [OVERVIEW README] typos; green@freebsd
- [ssh-keygen.c]
replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
exit if writing the key fails (no infinit loop)
print usage() everytime we get bad options
- [ssh-keygen.c] overflow, djm@mindrot.org
- [sshd.c] fix sigchld race; cjc5@po.cwru.edu
19991120
- Merged more Solaris support from Marc G. Fournier
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for integer bit-types
- Fixed enabling kerberos support
- Fix segfault in ssh-keygen caused by buffer overrun in filename
handling.
19991119
- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
- Merged OpenBSD CVS changes
- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
more %d vs. %s in fmt-strings
- [authfd.c]
Integers should not be printed with %s
- EGD uses a socket, not a named pipe. Duh.
- Fix includes in fingerprint.c
- Fix scp progress bar bug again.
- Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
David Rankin <drankin@bohemians.lexington.ky.us>
- Added autoconf option to enable Kerberos 4 support (untested)
- Added autoconf option to enable AFS support (untested)
- Added autoconf option to enable S/Key support (untested)
- Added autoconf option to enable TCP wrappers support (compiles OK)
- Renamed BSD helper function files to bsd-*
- Added tests for login and daemon and enable OpenBSD replacements for
when they are absent.
- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
19991118
- Merged OpenBSD CVS changes
- [scp.c] foregroundproc() in scp
- [sshconnect.h] include fingerprint.h
- [sshd.c] bugfix: the log() for passwd-auth escaped during logging
changes.
- [ssh.1] Spell my name right.
- Added openssh.com info to README
19991117
- Merged OpenBSD CVS changes
- [ChangeLog.Ylonen] noone needs this anymore
- [authfd.c] close-on-exec for auth-socket, ok deraadt
- [hostfile.c]
in known_hosts key lookup the entry for the bits does not need
to match, all the information is contained in n and e. This
solves the problem with buggy servers announcing the wrong
modulus length. markus and me.
- [serverloop.c]
bugfix: check for space if child has terminated, from:
iedowse@maths.tcd.ie
- [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
[fingerprint.c fingerprint.h]
rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
- [ssh-agent.1] typo
- [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
- [sshd.c]
force logging to stderr while loading private key file
(lost while converting to new log-levels)
19991116
- Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
19991115
- Merged OpenBSD CVS changes:
- [ssh-add.c] change passphrase loop logic and remove ref to
$DISPLAY, ok niels
- Changed to ssh-add.c broke askpass support. Revised it to be a little more
modular.
- Revised autoconf support for enabling/disabling askpass support.
- Merged more OpenBSD CVS changes:
[auth-krb4.c]
- disconnect if getpeername() fails
- missing xfree(*client)
[canohost.c]
- disconnect if getpeername() fails
- fix comment: we _do_ disconnect if ip-options are set
[sshd.c]
- disconnect if getpeername() fails
- move checking of remote port to central place
[auth-rhosts.c] move checking of remote port to central place
[log-server.c] avoid extra fd per sshd, from millert@
[readconf.c] print _all_ bad config-options in ssh(1), too
[readconf.h] print _all_ bad config-options in ssh(1), too
[ssh.c] print _all_ bad config-options in ssh(1), too
[sshconnect.c] disconnect if getpeername() fails
- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
- Various small cleanups to bring diff (against OpenBSD) size down.
- Merged more Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for __progname symbol
- RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
- Released 1.2pre12
- Another OpenBSD CVS update:
- [ssh-keygen.1] fix .Xr
19991114
- Solaris compilation fixes (still imcomplete)
19991113
- Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- Don't install config files if they already exist
- Fix inclusion of additional preprocessor directives from acconfig.h
- Removed redundant inclusions of config.h
- Added 'Obsoletes' lines to RPM spec file
- Merged OpenBSD CVS changes:
- [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
- [scp.c] fix overflow reported by damien@ibs.com.au: off_t
totalsize, ok niels,aaron
- Delay fork (-f option) in ssh until after port forwarded connections
have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
- Tidied default config file some more
- Revised Redhat initscript to fix bug: sshd (re)start would fail
if executed from inside a ssh login.
19991112
- Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero
- [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
deraadt,millert
- Brought default sshd_config more in line with OpenBSD's
- Grab server in gnome-ssh-askpass (Debian bug #49872)
- Released 1.2pre10
- Added INSTALL documentation
- Merged yet more changes from OpenBSD CVS
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
[ssh.c ssh.h sshconnect.c sshd.c]
make all access to options via 'extern Options options'
and 'extern ServerOptions options' respectively;
options are no longer passed as arguments:
* make options handling more consistent
* remove #include "readconf.h" from ssh.h
* readconf.h is only included if necessary
- [mpaux.c] clear temp buffer
- [servconf.c] print _all_ bad options found in configfile
- Make ssh-askpass support optional through autoconf
- Fix nasty division-by-zero error in scp.c
- Released 1.2pre11
19991111
- Added (untested) Entropy Gathering Daemon (EGD) support
- Fixed /dev/urandom fd leak (Debian bug #49722)
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- Fix integer overflow which was messing up scp's progress bar for large
file transfers. Fix submitted to OpenBSD developers.
- Merged more OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ krb-cleanup cleanup
- [clientloop.c log-client.c log-server.c ]
[readconf.c readconf.h servconf.c servconf.h ]
[ssh.1 ssh.c ssh.h sshd.8]
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
- [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
allow session_key_int != sizeof(session_key)
[this should fix the pre-assert-removal-core-files]
- Updated default config file to use new LogLevel option and to improve
readability
19991110
- Merged several minor fixes:
- ssh-agent commandline parsing
- RPM spec file now installs ssh setuid root
- Makefile creates libdir
- Merged beginnings of Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
19991109
- Autodetection of SSL/Crypto library location via autoconf
- Fixed location of ssh-askpass to follow autoconf
- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- Autodetection of RSAref library for US users
- Minor doc updates
- Merged OpenBSD CVS changes:
- [rsa.c] bugfix: use correct size for memset()
- [sshconnect.c] warn if announced size of modulus 'n' != real size
- Added GNOME passphrase requestor (use --with-gnome-askpass)
- RPM build now creates subpackages
- Released 1.2pre9
19991108
- Removed debian/ directory. This is now being maintained separately.
- Added symlinks for slogin in RPM spec file
- Fixed permissions on manpages in RPM spec file
- Added references to required libraries in README file
- Removed config.h.in from CVS
- Removed pwdb support (better pluggable auth is provided by glibc)
- Made PAM and requisite libdl optional
- Removed lots of unnecessary checks from autoconf
- Added support and autoconf test for openpty() function (Unix98 pty support)
- Fix for scp not finding ssh if not installed as /usr/bin/ssh
- Added TODO file
- Merged parts of Debian patch From Phil Hands <phil@hands.com>:
- Added ssh-askpass program
- Added ssh-askpass support to ssh-add.c
- Create symlinks for slogin on install
- Fix "distclean" target in makefile
- Added example for ssh-agent to manpage
- Added support for PAM_TEXT_INFO messages
- Disable internal /etc/nologin support if PAM enabled
- Merged latest OpenBSD CVS changes:
- [all] replace assert() with error, fatal or packet_disconnect
- [sshd.c] don't send fail-msg but disconnect if too many authentication
failures
- [sshd.c] remove unused argument. ok dugsong
- [sshd.c] typo
- [rsa.c] clear buffers used for encryption. ok: niels
- [rsa.c] replace assert() with error, fatal or packet_disconnect
- [auth-krb4.c] remove unused argument. ok dugsong
- Fixed coredump after merge of OpenBSD rsa.c patch
- Released 1.2pre8
19991102
- Merged change from OpenBSD CVS
- One-line cleanup in sshd.c
19991030
- Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
- Merged latest updates for OpenBSD CVS:
- channels.[ch] - remove broken x11 fix and document istate/ostate
- ssh-agent.c - call setsid() regardless of argv[]
- ssh.c - save a few lines when disabling rhosts-{rsa-}auth
- Documentation cleanups
- Renamed README -> README.Ylonen
- Renamed README.openssh ->README
19991029
- Renamed openssh* back to ssh* at request of Theo de Raadt
- Incorporated latest changes from OpenBSD's CVS
- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Make distclean now removed configure script
- Improved PAM logging
- Added some debug() calls for PAM
- Removed redundant subdirectories
- Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
building on Debian.
- Fixed off-by-one error in PAM env patch
- Released 1.2pre6
19991028
- Further PAM enhancements.
- Much cleaner
- Now uses account and session modules for all logins.
- Integrated patch from Dan Brosemer <odin@linuxfreak.com>
- Build fixes
- Autoconf
- Change binary names to open*
- Fixed autoconf script to detect PAM on RH6.1
- Added tests for libpwdb, and OpenBSD functions to autoconf
- Released 1.2pre4
- Imported latest OpenBSD CVS code
- Updated README.openssh
- Released 1.2pre5
19991027
- Adapted PAM patch.
- Released 1.0pre2
- Excised my buggy replacements for strlcpy and mkdtemp
- Imported correct OpenBSD strlcpy and mkdtemp routines.
- Reduced arc4random_stir entropy read to 32 bytes (256 bits)
- Picked up correct version number from OpenBSD
- Added sshd.pam PAM configuration file
- Added sshd.init Redhat init script
- Added openssh.spec RPM spec file
- Released 1.2pre3
19991026
- Fixed include paths of OpenSSL functions
- Use OpenSSL MD5 routines
- Imported RC4 code from nanocrypt
- Wrote replacements for OpenBSD arc4random* functions
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
|