openssh/ChangeLog

401 lines
16 KiB
Plaintext

19991125
- More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
- [channels.c]
fix packet_integrity_check() for !have_hostname_in_open.
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
- Added BSD compatible install program and autoconf test, thanks to
Niels Kristian Bech Jensen <nkbj@image.dk>
- Solaris fixing, thanks to Ben Taylor <bent@clark.net>
- Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
19991124
- Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
19991123
- Added SuSE package files from Chris Saia <csaia@wtower.com>
- Restructured package-related files under packages/*
- Added generic PAM config
- Numerous little Solaris fixes
- Add recommendation to use GNU make to INSTALL document
19991122
- Make <enter> close gnome-ssh-askpass (Debian bug #50299)
- OpenBSD CVS Changes
- [ssh-keygen.c]
don't create ~/.ssh only if the user wants to store the private
key there. show fingerprint instead of public-key after
keygeneration. ok niels@
- Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
- Added timersub() macro
- Tidy RCSIDs of bsd-*.c
- Added autoconf test and macro to deal with old PAM libraries
pam_strerror definition (one arg vs two).
- Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
- Retry /dev/urandom reads interrupted by signal (report from
Robert Hardy <rhardy@webcon.net>)
- Added a setenv replacement for systems which lack it
- Only display public key comment when presenting ssh-askpass dialog
- Released 1.2pre14
- Configure, Make and changelog corrections from Tudor Bosman
<tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
19991121
- OpenBSD CVS Changes:
- [channels.c]
make this compile, bad markus
- [log.c readconf.c servconf.c ssh.h]
bugfix: loglevels are per host in clientconfig,
factor out common log-level parsing code.
- [servconf.c]
remove unused index (-Wall)
- [ssh-agent.c]
only one 'extern char *__progname'
- [sshd.8]
document SIGHUP, -Q to synopsis
- [sshconnect.c serverloop.c sshd.c packet.c packet.h]
[channels.c clientloop.c]
SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
[hope this time my ISP stays alive during commit]
- [OVERVIEW README] typos; green@freebsd
- [ssh-keygen.c]
replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
exit if writing the key fails (no infinit loop)
print usage() everytime we get bad options
- [ssh-keygen.c] overflow, djm@mindrot.org
- [sshd.c] fix sigchld race; cjc5@po.cwru.edu
19991120
- Merged more Solaris support from Marc G. Fournier
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for integer bit-types
- Fixed enabling kerberos support
- Fix segfault in ssh-keygen caused by buffer overrun in filename
handling.
19991119
- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
- Merged OpenBSD CVS changes
- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
more %d vs. %s in fmt-strings
- [authfd.c]
Integers should not be printed with %s
- EGD uses a socket, not a named pipe. Duh.
- Fix includes in fingerprint.c
- Fix scp progress bar bug again.
- Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
David Rankin <drankin@bohemians.lexington.ky.us>
- Added autoconf option to enable Kerberos 4 support (untested)
- Added autoconf option to enable AFS support (untested)
- Added autoconf option to enable S/Key support (untested)
- Added autoconf option to enable TCP wrappers support (compiles OK)
- Renamed BSD helper function files to bsd-*
- Added tests for login and daemon and enable OpenBSD replacements for
when they are absent.
- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
19991118
- Merged OpenBSD CVS changes
- [scp.c] foregroundproc() in scp
- [sshconnect.h] include fingerprint.h
- [sshd.c] bugfix: the log() for passwd-auth escaped during logging
changes.
- [ssh.1] Spell my name right.
- Added openssh.com info to README
19991117
- Merged OpenBSD CVS changes
- [ChangeLog.Ylonen] noone needs this anymore
- [authfd.c] close-on-exec for auth-socket, ok deraadt
- [hostfile.c]
in known_hosts key lookup the entry for the bits does not need
to match, all the information is contained in n and e. This
solves the problem with buggy servers announcing the wrong
modulus length. markus and me.
- [serverloop.c]
bugfix: check for space if child has terminated, from:
iedowse@maths.tcd.ie
- [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
[fingerprint.c fingerprint.h]
rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
- [ssh-agent.1] typo
- [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
- [sshd.c]
force logging to stderr while loading private key file
(lost while converting to new log-levels)
19991116
- Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
19991115
- Merged OpenBSD CVS changes:
- [ssh-add.c] change passphrase loop logic and remove ref to
$DISPLAY, ok niels
- Changed to ssh-add.c broke askpass support. Revised it to be a little more
modular.
- Revised autoconf support for enabling/disabling askpass support.
- Merged more OpenBSD CVS changes:
[auth-krb4.c]
- disconnect if getpeername() fails
- missing xfree(*client)
[canohost.c]
- disconnect if getpeername() fails
- fix comment: we _do_ disconnect if ip-options are set
[sshd.c]
- disconnect if getpeername() fails
- move checking of remote port to central place
[auth-rhosts.c] move checking of remote port to central place
[log-server.c] avoid extra fd per sshd, from millert@
[readconf.c] print _all_ bad config-options in ssh(1), too
[readconf.h] print _all_ bad config-options in ssh(1), too
[ssh.c] print _all_ bad config-options in ssh(1), too
[sshconnect.c] disconnect if getpeername() fails
- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
- Various small cleanups to bring diff (against OpenBSD) size down.
- Merged more Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for __progname symbol
- RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
- Released 1.2pre12
- Another OpenBSD CVS update:
- [ssh-keygen.1] fix .Xr
19991114
- Solaris compilation fixes (still imcomplete)
19991113
- Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- Don't install config files if they already exist
- Fix inclusion of additional preprocessor directives from acconfig.h
- Removed redundant inclusions of config.h
- Added 'Obsoletes' lines to RPM spec file
- Merged OpenBSD CVS changes:
- [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
- [scp.c] fix overflow reported by damien@ibs.com.au: off_t
totalsize, ok niels,aaron
- Delay fork (-f option) in ssh until after port forwarded connections
have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
- Tidied default config file some more
- Revised Redhat initscript to fix bug: sshd (re)start would fail
if executed from inside a ssh login.
19991112
- Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero
- [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
deraadt,millert
- Brought default sshd_config more in line with OpenBSD's
- Grab server in gnome-ssh-askpass (Debian bug #49872)
- Released 1.2pre10
- Added INSTALL documentation
- Merged yet more changes from OpenBSD CVS
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
[ssh.c ssh.h sshconnect.c sshd.c]
make all access to options via 'extern Options options'
and 'extern ServerOptions options' respectively;
options are no longer passed as arguments:
* make options handling more consistent
* remove #include "readconf.h" from ssh.h
* readconf.h is only included if necessary
- [mpaux.c] clear temp buffer
- [servconf.c] print _all_ bad options found in configfile
- Make ssh-askpass support optional through autoconf
- Fix nasty division-by-zero error in scp.c
- Released 1.2pre11
19991111
- Added (untested) Entropy Gathering Daemon (EGD) support
- Fixed /dev/urandom fd leak (Debian bug #49722)
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- Fix integer overflow which was messing up scp's progress bar for large
file transfers. Fix submitted to OpenBSD developers.
- Merged more OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ krb-cleanup cleanup
- [clientloop.c log-client.c log-server.c ]
[readconf.c readconf.h servconf.c servconf.h ]
[ssh.1 ssh.c ssh.h sshd.8]
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
- [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
allow session_key_int != sizeof(session_key)
[this should fix the pre-assert-removal-core-files]
- Updated default config file to use new LogLevel option and to improve
readability
19991110
- Merged several minor fixes:
- ssh-agent commandline parsing
- RPM spec file now installs ssh setuid root
- Makefile creates libdir
- Merged beginnings of Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
19991109
- Autodetection of SSL/Crypto library location via autoconf
- Fixed location of ssh-askpass to follow autoconf
- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- Autodetection of RSAref library for US users
- Minor doc updates
- Merged OpenBSD CVS changes:
- [rsa.c] bugfix: use correct size for memset()
- [sshconnect.c] warn if announced size of modulus 'n' != real size
- Added GNOME passphrase requestor (use --with-gnome-askpass)
- RPM build now creates subpackages
- Released 1.2pre9
19991108
- Removed debian/ directory. This is now being maintained separately.
- Added symlinks for slogin in RPM spec file
- Fixed permissions on manpages in RPM spec file
- Added references to required libraries in README file
- Removed config.h.in from CVS
- Removed pwdb support (better pluggable auth is provided by glibc)
- Made PAM and requisite libdl optional
- Removed lots of unnecessary checks from autoconf
- Added support and autoconf test for openpty() function (Unix98 pty support)
- Fix for scp not finding ssh if not installed as /usr/bin/ssh
- Added TODO file
- Merged parts of Debian patch From Phil Hands <phil@hands.com>:
- Added ssh-askpass program
- Added ssh-askpass support to ssh-add.c
- Create symlinks for slogin on install
- Fix "distclean" target in makefile
- Added example for ssh-agent to manpage
- Added support for PAM_TEXT_INFO messages
- Disable internal /etc/nologin support if PAM enabled
- Merged latest OpenBSD CVS changes:
- [all] replace assert() with error, fatal or packet_disconnect
- [sshd.c] don't send fail-msg but disconnect if too many authentication
failures
- [sshd.c] remove unused argument. ok dugsong
- [sshd.c] typo
- [rsa.c] clear buffers used for encryption. ok: niels
- [rsa.c] replace assert() with error, fatal or packet_disconnect
- [auth-krb4.c] remove unused argument. ok dugsong
- Fixed coredump after merge of OpenBSD rsa.c patch
- Released 1.2pre8
19991102
- Merged change from OpenBSD CVS
- One-line cleanup in sshd.c
19991030
- Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
- Merged latest updates for OpenBSD CVS:
- channels.[ch] - remove broken x11 fix and document istate/ostate
- ssh-agent.c - call setsid() regardless of argv[]
- ssh.c - save a few lines when disabling rhosts-{rsa-}auth
- Documentation cleanups
- Renamed README -> README.Ylonen
- Renamed README.openssh ->README
19991029
- Renamed openssh* back to ssh* at request of Theo de Raadt
- Incorporated latest changes from OpenBSD's CVS
- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
- Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Make distclean now removed configure script
- Improved PAM logging
- Added some debug() calls for PAM
- Removed redundant subdirectories
- Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
building on Debian.
- Fixed off-by-one error in PAM env patch
- Released 1.2pre6
19991028
- Further PAM enhancements.
- Much cleaner
- Now uses account and session modules for all logins.
- Integrated patch from Dan Brosemer <odin@linuxfreak.com>
- Build fixes
- Autoconf
- Change binary names to open*
- Fixed autoconf script to detect PAM on RH6.1
- Added tests for libpwdb, and OpenBSD functions to autoconf
- Released 1.2pre4
- Imported latest OpenBSD CVS code
- Updated README.openssh
- Released 1.2pre5
19991027
- Adapted PAM patch.
- Released 1.0pre2
- Excised my buggy replacements for strlcpy and mkdtemp
- Imported correct OpenBSD strlcpy and mkdtemp routines.
- Reduced arc4random_stir entropy read to 32 bytes (256 bits)
- Picked up correct version number from OpenBSD
- Added sshd.pam PAM configuration file
- Added sshd.init Redhat init script
- Added openssh.spec RPM spec file
- Released 1.2pre3
19991026
- Fixed include paths of OpenSSL functions
- Use OpenSSL MD5 routines
- Imported RC4 code from nanocrypt
- Wrote replacements for OpenBSD arc4random* functions
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1