1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
|
20020515
- (bal) CVS ID fix up on auth-passwd.c
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/05/07 19:54:36
[ssh.h]
use ssh uid
- deraadt@cvs.openbsd.org 2002/05/08 21:06:34
[ssh.h]
move to sshd.sshd instead
- stevesk@cvs.openbsd.org 2002/05/11 20:24:48
[ssh.h]
typo in comment
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
- markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
- millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
- markus@cvs.openbsd.org 2002/05/13 21:26:49
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
20020514
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
- (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
- (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
- (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
from PAM-enabled pragraph. UnixWare has no PAM.
- (tim) [contrib/caldera/openssh.spec] update version.
20020513
- (stevesk) add initial README.privsep
- (stevesk) [configure.ac] nicer message: --with-privsep-user=user
- (djm) Add --with-superuser-path=xxx configure option to specify
what $PATH the superuser receives.
- (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
- (djm) Add --with-privsep-path configure option
- (djm) Update RPM spec file: different superuser path, use
/var/empty/sshd for privsep
- (djm) Bug #234: missing readpassphrase declaration and defines
- (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
OpenSSL < 0.9.6
20020511
- (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....
- (tim) [monitor_fdpass.c] fix for systems that have both
HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
has #define msg_accrights msg_control
20020510
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire. Still don't check for inactive.
- (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi>
- (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
- (bal) Back all the way out of auth-passwd.c changes. Breaks too many
things that don't set pw->pw_passwd.
20020509
- (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
20020508
- (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
called. Report by Chris Maxwell <maxwell@cs.dal.ca>
- (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
20020507
- (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
Add truncate() emulation to address Bug 208
20020506
- (djm) Unbreak auth-passwd.c for PAM and SIA
- (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
<pekkas@netcore.fi>
- (djm) Don't reinitialise PAM credentials before we have started PAM.
Report from Pekka Savola <pekkas@netcore.fi>
20020506
- (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
20020501
- (djm) Import OpenBSD regression tests. Requires BSD make to run
- (djm) Fix readpassphase compilation for systems which have it
20020429
- (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
sshd_config.
- (tim) [contrib/cygwin/README] remove reference to regex.
patch from Corinna Vinschen <vinschen@redhat.com>
20020426
- (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
during distprep only
- (djm) Disable PAM password expiry until a complete fix for bug #188
exists
- (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
patch from openssh@misc.tecq.org
20020425
- (stevesk) [defines.h] remove USE_TIMEVAL; unused
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
support. bug #184. most from dcole@keysoftsys.com.
20020424
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/04/23 12:54:10
[version.h]
3.2.1
- djm@cvs.openbsd.org 2002/04/23 22:16:29
[sshd.c]
Improve error message; ok markus@ stevesk@
20020423
- (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
- (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
- (markus) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/04/23 12:58:26
[radix.c]
send complete ticket; semerad@ss1000.ms.mff.cuni.cz
- (djm) Trim ChangeLog to include only post-3.1 changes
- (djm) Update RPM spec file versions
- (djm) Redhat spec enables KrbV by default
- (djm) Applied OpenSC smartcard updates from Markus &
Antti Tapaninen <aet@cc.hut.fi>
- (djm) Define BROKEN_REALPATH for AIX, patch from
Antti Tapaninen <aet@cc.hut.fi>
- (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
<phgrau@zedat.fu-berlin.de>
- (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
Reported by Doug Manton <dmanton@emea.att.com>
- (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
Robert Urban <urban@spielwiese.de>
- (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
<Matthew_Clarke@mindlink.bc.ca>
- (djm) Make privsep work with PAM (still experimental)
- (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/04/20 09:02:03
[servconf.c]
No, afs requires explicit enabling
- markus@cvs.openbsd.org 2002/04/20 09:14:58
[bufaux.c bufaux.h]
add buffer_{get,put}_short
- markus@cvs.openbsd.org 2002/04/20 09:17:19
[radix.c]
rewrite using the buffer_* API, fixes overflow; ok deraadt@
- stevesk@cvs.openbsd.org 2002/04/21 16:19:27
[sshd.8 sshd_config]
document default AFSTokenPassing no; ok deraadt@
- stevesk@cvs.openbsd.org 2002/04/21 16:25:06
[sshconnect1.c]
spelling in error message; ok markus@
- markus@cvs.openbsd.org 2002/04/22 06:15:47
[radix.c]
fix check for overflow
- markus@cvs.openbsd.org 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
- markus@cvs.openbsd.org 2002/04/22 21:04:52
[channels.c clientloop.c clientloop.h ssh.c]
request reply (success/failure) for -R style fwd in protocol v2,
depends on ordered replies.
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
20020421
- (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
20020418
- (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
Sturle Sunde <sturle.sunde@usit.uio.no>
20020417
- (djm) Tell users to configure /dev/random support into OpenSSL in
INSTALL
- (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
- (tim) [configure.ac] Issue warning on --with-default-path=/some_path
if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
20020415
- (djm) Unbreak "make install". Fix from Darren Tucker
<dtucker@zip.com.au>
- (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
- (tim) [configure.ac] add tests for recvmsg and sendmsg.
[monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
20020414
- (djm) ssh-rand-helper improvements
- Add commandline debugging options
- Don't write binary data if stdout is a tty (use hex instead)
- Give it a manpage
- (djm) Random number collection doc fixes from Ben
20020413
- (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
20020412
- (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
- (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
to -h on testing for /bin being symbolic link
- (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
Corinna Vinschen <vinschen@redhat.com>
- (bal) disable privsep if no MAP_ANON. We can re-enable it
after the release when we can do more testing.
20020411
- (stevesk) [auth-sia.c] cleanup
- (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
ok stevesk@
20020410
- (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
- (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net>
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/04/10 08:21:47
[auth1.c compat.c compat.h]
strip '@' from username only for KerbV and known broken clients,
bug #204
- markus@cvs.openbsd.org 2002/04/10 08:56:01
[version.h]
OpenSSH_3.2
- Added p1 to idenify Portable release version.
20020408
- (bal) Minor OpenSC updates. Fix up header locations and update
README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi>
20020407
- (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
Future: we may want to test if fd passing works correctly.
- (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
and no fd passing support.
- (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
monitor_mm.c
- (stevesk) remove configure support for poll.h; it was removed
from sshd.c a long time ago.
- (stevesk) --with-privsep-user; default sshd
- (stevesk) wrap munmap() with HAVE_MMAP also.
20020406
- (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
<carsten.grohmann@dr-baldeweg.de>
- (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
- (bal) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2002/04/06 00:30:08
[sftp-client.c]
Fix occasional corruption on upload due to bad reuse of request
id, spotted by chombier@mac.com; ok markus@
- mouring@cvs.openbsd.org 2002/04/06 18:24:09
[scp.c]
Fixes potental double // within path.
http://bugzilla.mindrot.org/show_bug.cgi?id=76
- (bal) Slight update to OpenSC support. Better version checking. patch
by Juha Yrjölä <jyrjola@cc.hut.fi>
- (bal) Revered out of runtime IRIX detection of joblimits. Code is
incomplete.
- (bal) Quiet down configure.ac if /bin/test does not exist.
- (bal) We no longer use atexit()/xatexit()/on_exit()
20020405
- (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
Juha Yrjölä <jyrjola@cc.hut.fi>
- (bal) Minor documentation update to reflect smartcard library
support changes.
- (bal) Too many <sys/queue.h> issues. Remove all workarounds and
using internal version only.
- (bal) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/04/05 20:56:21
[sshd.8]
clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
20020404
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/04/03 09:26:11
[cipher.c myproposal.h]
re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
20020402
- (bal) Hand Sync of scp.c (reverted to upstream code)
- deraadt@cvs.openbsd.org 2002/03/30 17:45:46
[scp.c]
stretch banners
- (bal) CVS ID sync of uidswap.c
- (bal) OpenBSD CVS Sync (now for the real sync)
- markus@cvs.openbsd.org 2002/03/27 22:21:45
[ssh-keygen.c]
try to import keys with extra trailing === (seen with ssh.com <
2.0.12)
- markus@cvs.openbsd.org 2002/03/28 15:34:51
[session.c]
do not call record_login twice (for use_privsep)
- markus@cvs.openbsd.org 2002/03/29 18:59:32
[session.c session.h]
retrieve last login time before the pty is allocated, store per
session
- stevesk@cvs.openbsd.org 2002/03/29 19:16:22
[sshd.8]
RSA key modulus size minimum 768; ok markus@
- stevesk@cvs.openbsd.org 2002/03/29 19:18:33
[auth-rsa.c ssh-rsa.c ssh.h]
make RSA modulus minimum #define; ok markus@
- markus@cvs.openbsd.org 2002/03/30 18:51:15
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from peter@ifm.liu.se
- markus@cvs.openbsd.org 2002/04/01 22:02:16
[sftp-client.c]
20480 is an upper limit for older server
- markus@cvs.openbsd.org 2002/04/01 22:07:17
[sftp-client.c]
fallback to stat if server does not support lstat
- markus@cvs.openbsd.org 2002/04/02 11:49:39
[ssh-agent.c]
check $SHELL for -k and -d, too;
http://bugzilla.mindrot.org/show_bug.cgi?id=199
- markus@cvs.openbsd.org 2002/04/02 17:37:48
[sftp.c]
always call log_init()
- markus@cvs.openbsd.org 2002/04/02 20:11:38
[ssh-rsa.c]
ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
- (bal) mispelling in uidswap.c (portable only)
20020401
- (stevesk) [monitor.c] PAM should work again; will *not* work with
UsePrivilegeSeparation=yes.
- (stevesk) [auth1.c] fix password auth for protocol 1 when
!USE_PAM && !HAVE_OSF_SIA; merge issue.
20020331
- (tim) [configure.ac] use /bin/test -L to work around broken builtin on
Solaris 8
- (tim) [sshconnect2.c] change uint32_t to u_int32_t
20020330
- (stevesk) [configure.ac] remove header check for sys/ttcompat.h
bug 167
20020327
- (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
kent@lysator.liu.se
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/03/26 11:34:49
[ssh.1 sshd.8]
update to recent drafts
- markus@cvs.openbsd.org 2002/03/26 11:37:05
[ssh.c]
update Copyright
- markus@cvs.openbsd.org 2002/03/26 15:23:40
[bufaux.c]
do not talk about packets in bufaux
- rees@cvs.openbsd.org 2002/03/26 18:46:59
[scard.c]
try_AUT0 in read_pubkey too, for those paranoid few who want to
acl 'sh'
- markus@cvs.openbsd.org 2002/03/26 22:50:39
[channels.h]
CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
- markus@cvs.openbsd.org 2002/03/26 23:13:03
[auth-rsa.c]
disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
- markus@cvs.openbsd.org 2002/03/26 23:14:51
[kex.c]
generate a new cookie for each SSH2_MSG_KEXINIT message we send out
- mouring@cvs.openbsd.org 2002/03/27 11:45:42
[monitor.c]
monitor_allowed_key() returns int instead of pointer. ok markus@
20020325
- (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
- (bal) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/03/23 20:57:26
[sshd.c]
setproctitle() after preauth child; ok markus@
- markus@cvs.openbsd.org 2002/03/24 16:00:27
[serverloop.c]
remove unused debug
- markus@cvs.openbsd.org 2002/03/24 16:01:13
[packet.c]
debug->debug3 for extra padding
- stevesk@cvs.openbsd.org 2002/03/24 17:27:03
[kexgex.c]
typo; ok markus@
- stevesk@cvs.openbsd.org 2002/03/24 17:53:16
[monitor_fdpass.c]
minor cleanup and more error checking; ok markus@
- markus@cvs.openbsd.org 2002/03/24 18:05:29
[scard.c]
we need to figure out AUT0 for sc_private_encrypt, too
- stevesk@cvs.openbsd.org 2002/03/24 23:20:00
[monitor.c]
remove "\n" from fatal()
- markus@cvs.openbsd.org 2002/03/25 09:21:13
[auth-rsa.c]
return 0 (not NULL); tomh@po.crl.go.jp
- markus@cvs.openbsd.org 2002/03/25 09:25:06
[auth-rh-rsa.c]
rm bogus comment
- markus@cvs.openbsd.org 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
- stevesk@cvs.openbsd.org 2002/03/25 20:12:10
[monitor_mm.c monitor_wrap.c]
ssize_t args use "%ld" and cast to (long)
size_t args use "%lu" and cast to (u_long)
ok markus@ and thanks millert@
- markus@cvs.openbsd.org 2002/03/25 21:04:02
[ssh.c]
simplify num_identity_files handling
- markus@cvs.openbsd.org 2002/03/25 21:13:51
[channels.c channels.h compat.c compat.h nchan.c]
don't send stderr data after EOF, accept this from older known
(broken) sshd servers only, fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=179
- stevesk@cvs.openbsd.org 2002/03/26 03:24:01
[monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
$OpenBSD$
20020324
- (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
it can be removed. only used on solaris. will no longer compile with
privsep shuffling.
20020322
- (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
- (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
- (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
- (stevesk) [monitor_fdpass.c] support for access rights style file
descriptor passing
- (stevesk) [auth2.c] merge cleanup/sync
- (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
is missing CMSG_LEN() and CMSG_SPACE() macros.
- (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
platforms may need this--I'm not sure. mmap() issues will need to be
addressed further.
- (tim) [cipher.c] fix problem with OpenBSD sync
- (stevesk) [LICENCE] OpenBSD sync
20020321
- (bal) OpenBSD CVS Sync
- itojun@cvs.openbsd.org 2002/03/08 06:10:16
[sftp-client.c]
printf type mismatch
- itojun@cvs.openbsd.org 2002/03/11 03:18:49
[sftp-client.c]
correct type mismatches (u_int64_t != unsigned long long)
- itojun@cvs.openbsd.org 2002/03/11 03:19:53
[sftp-client.c]
indent
- markus@cvs.openbsd.org 2002/03/14 15:24:27
[sshconnect1.c]
don't trust size sent by (rogue) server; noted by
s.esser@e-matters.de
- markus@cvs.openbsd.org 2002/03/14 16:38:26
[sshd.c]
split out ssh1 session key decryption; ok provos@
- markus@cvs.openbsd.org 2002/03/14 16:56:33
[auth-rh-rsa.c auth-rsa.c auth.h]
split auth_rsa() for better readability and privsep; ok provos@
- itojun@cvs.openbsd.org 2002/03/15 11:00:38
[auth.c]
fix file type checking (use S_ISREG). ok by markus
- markus@cvs.openbsd.org 2002/03/16 11:24:53
[compress.c]
skip inflateEnd if inflate fails; ok provos@
- markus@cvs.openbsd.org 2002/03/16 17:22:09
[auth-rh-rsa.c auth.h]
split auth_rhosts_rsa(), ok provos@
- stevesk@cvs.openbsd.org 2002/03/16 17:41:25
[auth-krb5.c]
BSD license. from Daniel Kouril via Dug Song. ok markus@
- provos@cvs.openbsd.org 2002/03/17 20:25:56
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid;
okay markus@
- provos@cvs.openbsd.org 2002/03/18 01:12:14
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
- dugsong@cvs.openbsd.org 2002/03/18 01:30:10
[auth-krb4.c]
set client to NULL after xfree(), from Rolf Braun
<rbraun+ssh@andrew.cmu.edu>
- provos@cvs.openbsd.org 2002/03/18 03:41:08
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
- markus@cvs.openbsd.org 2002/03/18 17:13:15
[cipher.c cipher.h]
export/import cipher states; needed by ssh-privsep
- markus@cvs.openbsd.org 2002/03/18 17:16:38
[packet.c packet.h]
export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
- markus@cvs.openbsd.org 2002/03/18 17:23:31
[key.c key.h]
add key_demote() for ssh-privsep
- provos@cvs.openbsd.org 2002/03/18 17:25:29
[bufaux.c bufaux.h]
buffer_skip_string and extra sanity checking; needed by ssh-privsep
- provos@cvs.openbsd.org 2002/03/18 17:31:54
[compress.c]
export compression streams for ssh-privsep
- provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
[auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
[kexgex.c servconf.c]
[session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default
for now. work done by me and markus@
- provos@cvs.openbsd.org 2002/03/18 17:53:08
[sshd.8]
credits for privsep
- provos@cvs.openbsd.org 2002/03/18 17:59:09
[sshd.8]
document UsePrivilegeSeparation
- stevesk@cvs.openbsd.org 2002/03/18 23:52:51
[servconf.c]
UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
provos@
- stevesk@cvs.openbsd.org 2002/03/19 03:03:43
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
- stevesk@cvs.openbsd.org 2002/03/19 05:23:08
[sshd.8]
Banner has no default.
- mpech@cvs.openbsd.org 2002/03/19 06:32:56
[sftp-int.c]
use xfree() after xstrdup().
markus@ ok
- markus@cvs.openbsd.org 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
clean up prototypes
- markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
[packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
[sshconnect2.c sshd.c ttymodes.c]
KNF whitespace
- markus@cvs.openbsd.org 2002/03/19 14:27:39
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
- markus@cvs.openbsd.org 2002/03/19 15:31:47
[auth.c]
check for NULL; from provos@
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
- stevesk@cvs.openbsd.org 2002/03/20 21:08:08
[sshd.c]
strerror() on chdir() fail; ok provos@
- markus@cvs.openbsd.org 2002/03/21 10:21:20
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
- jakob@cvs.openbsd.org 2002/03/21 15:17:26
[clientloop.c ssh.1]
add built-in command line for adding new port forwardings on the fly.
based on a patch from brian wellington. ok markus@.
- markus@cvs.openbsd.org 2002/03/21 16:38:06
[scard.c]
make compile w/ openssl 0.9.7
- markus@cvs.openbsd.org 2002/03/21 16:54:53
[scard.c scard.h ssh-keygen.c]
move key upload to scard.[ch]
- markus@cvs.openbsd.org 2002/03/21 16:57:15
[scard.c]
remove const
- markus@cvs.openbsd.org 2002/03/21 16:58:13
[clientloop.c]
remove unused
- rees@cvs.openbsd.org 2002/03/21 18:08:15
[scard.c]
In sc_put_key(), sc_reader_id should be id.
- markus@cvs.openbsd.org 2002/03/21 20:51:12
[sshd_config]
add privsep (off)
- markus@cvs.openbsd.org 2002/03/21 21:23:34
[sshd.c]
add privsep_preauth() and remove 1 goto; ok provos@
- rees@cvs.openbsd.org 2002/03/21 21:54:34
[scard.c scard.h ssh-keygen.c]
Add PIN-protection for secret key.
- rees@cvs.openbsd.org 2002/03/21 22:44:05
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
Add PIN-protection for secret key.
- markus@cvs.openbsd.org 2002/03/21 23:07:37
[clientloop.c]
remove unused, sync w/ cmdline patch in my tree.
20020317
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
wanted, warn if directory does not exist. Put system directories in
front of PATH for finding entorpy commands.
- (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
[contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
postinstall check for $piddir and add if necessary.
20020311
- (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
build on all platforms that support SVR4 style package tools. Now runs
from build dir. Parts are based on patches from Antonio Navarro, and
Darren Tucker.
20020308
- (djm) Revert bits of Markus' OpenSSL compat patch which was
accidentally committed.
- (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
Known issue: Blowfish for SSH1 does not work
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2128 2002/05/15 16:19:37 mouring Exp $
|