mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 19:32:09 +00:00
485397c48d
ok markus@
435 lines
17 KiB
Plaintext
435 lines
17 KiB
Plaintext
20030603
|
|
- (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
|
|
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
|
|
- (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
|
|
ok markus@
|
|
|
|
20030603
|
|
- (djm) Replace setproctitle replacement with code derived from
|
|
UCB sendmail
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/06/02 09:17:34
|
|
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
|
|
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
|
|
[sshd_config.5]
|
|
deprecate VerifyReverseMapping since it's dangerous if combined
|
|
with IP based access control as noted by Mike Harding; replace with
|
|
a UseDNS option, UseDNS is on by default and includes the
|
|
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
|
|
ok deraadt@, djm@
|
|
- millert@cvs.openbsd.org 2003/06/03 02:56:16
|
|
[scp.c]
|
|
Remove the advertising clause in the UCB license which Berkeley
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
- (djm) Fix portable-specific uses of verify_reverse_mapping too
|
|
- (djm) Sync openbsd-compat with OpenBSD CVS.
|
|
- No more 4-term BSD licenses in linked code
|
|
- (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
|
|
|
|
20030602
|
|
- (djm) Fix segv from bad reordering in auth-pam.c
|
|
- (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
|
|
clobber
|
|
- (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
|
|
CVS ID.
|
|
- (djm) Remove "noip6" option from RedHat spec file. This may now be
|
|
set at runtime using AddressFamily option.
|
|
- (djm) Fix use of macro before #define in cipher-aes.c
|
|
- (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/26 12:54:40
|
|
[sshconnect.c]
|
|
fix format strings; ok markus@
|
|
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
|
|
[sshd.c uidswap.c]
|
|
seteuid and setegid; markus ok
|
|
- jakob@cvs.openbsd.org 2003/06/02 08:31:10
|
|
[ssh_config.5]
|
|
VerifyHostKeyDNS is v2 only. ok markus@
|
|
|
|
20030530
|
|
- (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
|
|
roumenpetrov.info
|
|
- (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
|
|
|
|
20030526
|
|
- (djm) Avoid auth2-chall.c warning when compiling without
|
|
PAM, BSD_AUTH and SKEY
|
|
|
|
20030525
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/24 09:02:22
|
|
[log.c]
|
|
pass logged data through strnvis; ok markus
|
|
- djm@cvs.openbsd.org 2003/05/24 09:30:40
|
|
[authfile.c monitor.c sftp-common.c sshpty.c]
|
|
cast some types for printing; ok markus@
|
|
|
|
20030524
|
|
- (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
|
|
|
|
20030523
|
|
- (djm) Use VIS_SAFE on logged strings rather than default strnvis
|
|
encoding (which encodes many more characters)
|
|
- OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/05/20 12:03:35
|
|
[sftp.1]
|
|
- new sentence, new line
|
|
- added .Xr's
|
|
- typos
|
|
ok djm@
|
|
- jmc@cvs.openbsd.org 2003/05/20 12:09:31
|
|
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
|
|
new sentence, new line
|
|
- djm@cvs.openbsd.org 2003/05/23 08:29:30
|
|
[sshconnect.c]
|
|
fix leak; ok markus@
|
|
|
|
20030520
|
|
- (djm) OpenBSD CVS Sync
|
|
- deraadt@cvs.openbsd.org 2003/05/18 23:22:01
|
|
[log.c]
|
|
use syslog_r() in a signal handler called place; markus ok
|
|
- (djm) Configure logic to detect syslog_r and friends
|
|
|
|
20030519
|
|
- (djm) Sync auth-pam.h with what we actually implement
|
|
|
|
20030518
|
|
- (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
|
|
recent merge
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/16 03:27:12
|
|
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
|
|
add AddressFamily option to ssh_config (like -4, -6 on commandline).
|
|
Portable bug #534; ok markus@
|
|
- itojun@cvs.openbsd.org 2003/05/17 03:25:58
|
|
[auth-rhosts.c]
|
|
just in case, put numbers to sscanf %s arg.
|
|
- markus@cvs.openbsd.org 2003/05/17 04:27:52
|
|
[cipher.c cipher-ctr.c myproposal.h]
|
|
experimental support for aes-ctr modes from
|
|
http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
|
|
ok djm@
|
|
- (djm) Remove IPv4 by default hack now that we can specify AF in config
|
|
- (djm) Tidy and trim TODO
|
|
- (djm) Sync openbsd-compat/ with OpenBSD CVS head
|
|
- (djm) Big KNF on openbsd-compat/
|
|
- (djm) KNF on md5crypt.[ch]
|
|
- (djm) KNF on auth-sia.[ch]
|
|
|
|
20030517
|
|
- (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
|
|
|
|
20030516
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/15 13:52:10
|
|
[ssh.c]
|
|
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
|
|
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
|
|
- jakob@cvs.openbsd.org 2003/05/15 14:02:47
|
|
[readconf.c servconf.c]
|
|
warn for unsupported config option. ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/15 14:09:21
|
|
[auth2-krb5.c]
|
|
fix 64bit issue; report itojun@
|
|
- djm@cvs.openbsd.org 2003/05/15 14:55:25
|
|
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
|
|
add a ConnectTimeout option to ssh, based on patch from
|
|
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
|
|
- (djm) Add warning for UsePAM when built without PAM support
|
|
- (djm) A few type mismatch fixes from Bug #565
|
|
- (djm) Guard free_pam_environment against NULL argument. Works around
|
|
HP/UX PAM problems debugged by dtucker
|
|
|
|
20030515
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/05/14 13:11:56
|
|
[ssh-agent.1]
|
|
setup -> set up;
|
|
from wiz@netbsd
|
|
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
|
|
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
|
|
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
|
|
add experimental support for verifying hos keys using DNS as described
|
|
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
|
|
ok markus@ and henning@
|
|
- markus@cvs.openbsd.org 2003/05/14 22:24:42
|
|
[clientloop.c session.c ssh.1]
|
|
allow to send a BREAK to the remote system; ok various
|
|
- markus@cvs.openbsd.org 2003/05/15 00:28:28
|
|
[sshconnect2.c]
|
|
cleanup unregister of per-method packet handlers; ok djm@
|
|
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
|
|
[readconf.c readconf.h servconf.c servconf.h]
|
|
always parse kerberos options. ok djm@ markus@
|
|
- jakob@cvs.openbsd.org 2003/05/15 02:27:15
|
|
[dns.c]
|
|
add missing freerrset
|
|
- markus@cvs.openbsd.org 2003/05/15 03:08:29
|
|
[cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
|
|
split out custom EVP ciphers
|
|
- djm@cvs.openbsd.org 2003/05/15 03:10:52
|
|
[ssh-keygen.c]
|
|
avoid warning; ok jakob@
|
|
- mouring@cvs.openbsd.org 2003/05/15 03:39:07
|
|
[sftp-int.c]
|
|
Make put/get (globed and nonglobed) code more consistant. OK djm@
|
|
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
|
|
[sftp-int.c sftp.c]
|
|
Teach ls how to display multiple column display and allow users
|
|
to return to single column format via 'ls -1'. OK @djm
|
|
- jakob@cvs.openbsd.org 2003/05/15 04:08:44
|
|
[readconf.c servconf.c]
|
|
disable kerberos when not supported. ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/15 04:08:41
|
|
[ssh.1]
|
|
~B is ssh2 only
|
|
- (djm) Always parse UsePAM
|
|
- (djm) Configure glue for DNS support (code doesn't work in portable yet)
|
|
- (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
|
|
- (djm) Tidy Makefile clean targets
|
|
- (djm) Adapt README.dns for portable
|
|
- (djm) Avoid uuencode.c warnings
|
|
- (djm) Enable UsePAM when built --with-pam
|
|
- (djm) Only build getrrsetbyname replacement when using --with-dns
|
|
- (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
|
|
correctly)
|
|
- (djm) Bug #444: Wrong paths after reconfigure
|
|
- (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
|
|
|
|
20030514
|
|
- (djm) Bug #117: Don't lie to PAM about username
|
|
- (djm) RCSID sync w/ OpenBSD
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/04/09 12:00:37
|
|
[readconf.c]
|
|
strip trailing whitespace from config lines before parsing.
|
|
Fixes bz 528; ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/12 10:13:57
|
|
[cipher.c]
|
|
hide cipher details; ok djm@
|
|
- markus@cvs.openbsd.org 2003/04/12 10:15:36
|
|
[misc.c]
|
|
debug->debug2
|
|
- naddy@cvs.openbsd.org 2003/04/12 11:40:15
|
|
[ssh.1]
|
|
document -V switch, fix wording; ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/14 14:17:50
|
|
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
|
|
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
|
|
- mouring@cvs.openbsd.org 2003/04/14 21:31:27
|
|
[sftp-int.c]
|
|
Missing globfree(&g) in process_put() spotted by Vince Brimhall
|
|
<VBrimhall@novell.com>. ok@ Theo
|
|
- markus@cvs.openbsd.org 2003/04/16 14:35:27
|
|
[auth.h]
|
|
document struct Authctxt; with solar
|
|
- deraadt@cvs.openbsd.org 2003/04/26 04:29:49
|
|
[ssh-keyscan.c]
|
|
-t in usage(); rogier@quaak.org
|
|
- mouring@cvs.openbsd.org 2003/04/30 01:16:20
|
|
[sshd.8 sshd_config.5]
|
|
Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
|
|
Bug #550 and * escaping suggested by jmc@.
|
|
- david@cvs.openbsd.org 2003/04/30 20:41:07
|
|
[sshd.8]
|
|
fix invalid .Pf macro usage introduced in previous commit
|
|
ok jmc@ mouring@
|
|
- markus@cvs.openbsd.org 2003/05/11 16:56:48
|
|
[authfile.c ssh-keygen.c]
|
|
change key_load_public to try to read a public from:
|
|
rsa1 private or rsa1 public and ssh2 keys.
|
|
this makes ssh-keygen -e fail for ssh1 keys more gracefully
|
|
for example; report from itojun (netbsd pr 20550).
|
|
- markus@cvs.openbsd.org 2003/05/11 20:30:25
|
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
|
|
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|
|
- markus@cvs.openbsd.org 2003/05/12 16:55:37
|
|
[sshconnect2.c]
|
|
for pubkey authentication try the user keys in the following order:
|
|
1. agent keys that are found in the config file
|
|
2. other agent keys
|
|
3. keys that are only listed in the config file
|
|
this helps when an agent has many keys, where the server might
|
|
close the connection before the correct key is used. report & ok pb@
|
|
- markus@cvs.openbsd.org 2003/05/12 18:35:18
|
|
[ssh-keyscan.1]
|
|
typo: DSA keys are of type ssh-dss; Brian Poole
|
|
- markus@cvs.openbsd.org 2003/05/14 00:52:59
|
|
[ssh2.h]
|
|
ranges for per auth method messages
|
|
- djm@cvs.openbsd.org 2003/05/14 01:00:44
|
|
[sftp.1]
|
|
emphasise the batchmode functionality and make reference to pubkey auth,
|
|
both of which are FAQs; ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/14 02:15:47
|
|
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
|
|
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
|
|
server interops with commercial client; ok jakob@ djm@
|
|
- jmc@cvs.openbsd.org 2003/05/14 08:25:39
|
|
[sftp.1]
|
|
- better formatting in SYNOPSIS
|
|
- whitespace at EOL
|
|
ok djm@
|
|
- markus@cvs.openbsd.org 2003/05/14 08:57:49
|
|
[monitor.c]
|
|
http://bugzilla.mindrot.org/show_bug.cgi?id=560
|
|
Privsep child continues to run after monitor killed.
|
|
Pass monitor signals through to child; Darren Tucker
|
|
- (djm) Make portable build with MIT krb5 (some issues remain)
|
|
- (djm) Add new UsePAM configuration directive to allow runtime control
|
|
over usage of PAM. This allows non-root use of sshd when built with
|
|
--with-pam
|
|
- (djm) Die screaming if start_pam() is called when UsePAM=no
|
|
- (djm) Avoid KrbV leak for MIT Kerberos
|
|
- (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
|
|
- (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
|
|
|
|
20030512
|
|
- (djm) Redhat spec: Don't install profile.d scripts when not
|
|
building with GNOME/GTK askpass (patch from bet@rahul.net)
|
|
|
|
20030510
|
|
- (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
|
|
"make install". Patch by roth@feep.net.
|
|
- (dtucker) Bug #536: Test for and work around openpty/controlling tty
|
|
problem on Linux (fixes "could not set controlling tty" errors).
|
|
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
|
|
proper challenge-response module
|
|
- (djm) 2-clause license on loginrec.c, with permission from
|
|
andre@ae-35.com
|
|
|
|
20030504
|
|
- (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
|
|
Patch from vinschen@redhat.com.
|
|
|
|
20030503
|
|
- (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
|
|
by wendyp@cray.com.
|
|
|
|
20030502
|
|
- (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
|
|
privsep should now work.
|
|
- (dtucker) Move handling of bad password authentications into a platform
|
|
specific record_failed_login() function (affects AIX & Unicos). ok mouring@
|
|
|
|
20030429
|
|
- (djm) Add back radix.o (used by AFS support), after it went missing from
|
|
Makefile many moons ago
|
|
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
|
|
- (djm) Fix blibpath specification for AIX/gcc
|
|
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
|
|
|
|
20030428
|
|
- (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
|
|
hacked code.
|
|
|
|
20030427
|
|
- (bal) Bug #541: return; was dropped by mistake. Reported by
|
|
furrier@iglou.com
|
|
- (bal) Since we don't support platforms lacking u_int_64. We may
|
|
as well clean out some of those evil #ifdefs
|
|
- (bal) auth1.c minor resync while looking at the code.
|
|
- (bal) auth2.c same changed as above.
|
|
|
|
20030409
|
|
- (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
|
|
from matth@eecs.berkeley.edu
|
|
- (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/04/02 09:48:07
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
|
|
[readconf.h serverloop.c sshconnect2.c]
|
|
reapply rekeying chage, tested by henning@, ok djm@
|
|
- markus@cvs.openbsd.org 2003/04/02 14:36:26
|
|
[ssh-keysign.c]
|
|
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
|
- itojun@cvs.openbsd.org 2003/04/03 07:25:27
|
|
[progressmeter.c]
|
|
$OpenBSD$
|
|
- itojun@cvs.openbsd.org 2003/04/03 10:17:35
|
|
[progressmeter.c]
|
|
remove $OpenBSD$, as other *.c does not have it.
|
|
- markus@cvs.openbsd.org 2003/04/07 08:29:57
|
|
[monitor_wrap.c]
|
|
typo: get correct counters; introduced during rekeying change.
|
|
- millert@cvs.openbsd.org 2003/04/07 21:58:05
|
|
[progressmeter.c]
|
|
The UCB copyright here is incorrect. This code did not originate
|
|
at UCB, it was written by Luke Mewburn. Updated the copyright at
|
|
the author's request. markus@ OK
|
|
- itojun@cvs.openbsd.org 2003/04/08 20:21:29
|
|
[*.c *.h]
|
|
rename log() into logit() to avoid name conflict. markus ok, from
|
|
netbsd
|
|
- (djm) XXX - Performed locally using:
|
|
"perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
|
|
- hin@cvs.openbsd.org 2003/04/09 08:23:52
|
|
[servconf.c]
|
|
Don't include <krb.h> when compiling with Kerberos 5 support
|
|
- (djm) Fix up missing include for packet.c
|
|
- (djm) Fix missed log => logit occurance (reference by function pointer)
|
|
|
|
20030402
|
|
- (bal) if IP_TOS is not found or broken don't try to compile in
|
|
packet_set_tos() function call. bug #527
|
|
|
|
20030401
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
|
|
[scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
|
|
[ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
|
|
- killed whitespace
|
|
- new sentence new line
|
|
- .Bk for arguments
|
|
ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/01 10:10:23
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
|
|
[readconf.h serverloop.c sshconnect2.c]
|
|
rekeying bugfixes and automatic rekeying:
|
|
* both client and server rekey _automatically_
|
|
(a) after 2^31 packets, because after 2^32 packets
|
|
the sequence number for packets wraps
|
|
(b) after 2^(blocksize_in_bits/4) blocks
|
|
(see: draft-ietf-secsh-newmodes-00.txt)
|
|
(a) and (b) are _enabled_ by default, and only disabled for known
|
|
openssh versions, that don't support rekeying properly.
|
|
* client option 'RekeyLimit'
|
|
* do not reply to requests during rekeying
|
|
- markus@cvs.openbsd.org 2003/04/01 10:22:21
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
|
|
[readconf.h serverloop.c sshconnect2.c]
|
|
backout rekeying changes (for 3.6.1)
|
|
- markus@cvs.openbsd.org 2003/04/01 10:31:26
|
|
[compat.c compat.h kex.c]
|
|
bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
|
|
tested by ho@ and myself
|
|
- markus@cvs.openbsd.org 2003/04/01 10:56:46
|
|
[version.h]
|
|
3.6.1
|
|
- (djm) Crank spec file versions
|
|
- (djm) Release 3.6.1p1
|
|
|
|
20030326
|
|
- (djm) OpenBSD CVS Sync
|
|
- deraadt@cvs.openbsd.org 2003/03/26 04:02:51
|
|
[sftp-server.c]
|
|
one last fix to the tree: race fix broke stuff; pr 3169;
|
|
srp@srparish.net, help from djm
|
|
|
|
20030325
|
|
- (djm) Fix getpeerid support for 64 bit BE systems. From
|
|
Arnd Bergmann <arndb@de.ibm.com>
|
|
|
|
20030324
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/03/23 19:02:00
|
|
[monitor.c]
|
|
unbreak rekeying for privsep; ok millert@
|
|
- Release 3.6p1
|
|
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
|
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
|
|
|
$Id: ChangeLog,v 1.2772 2003/06/04 09:15:10 djm Exp $
|