Commit graph

53 commits

Author SHA1 Message Date
Dirk Meyer
d35031ac66 - update to 3.8p1 2004-02-25 12:32:57 +00:00
Dirk Meyer
12fc4ace75 - fix Usage 2003-12-04 03:24:09 +00:00
Dirk Meyer
709dd56c79 - GSSAPI patch improved for kerbers5 and hemidal
Submitted by:	bg@sics.se
2003-10-10 03:52:03 +00:00
Dirk Meyer
537a93ab72 - Fix BATCH=yes patch for bento. 2003-09-28 03:07:19 +00:00
Dirk Meyer
67cde0f8e7 - update to 3.7.1p2
more regressions tests successfull
2003-09-26 18:13:52 +00:00
Dirk Meyer
91f368c344 - Security Fix in PAM handling
Obtained from:	des
2003-09-26 02:42:39 +00:00
Dirk Meyer
ae53ed442c - Security Fix obtained from OpenBSD
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/buffer.c.diff?r1=1.18&r2=1.19

Submitted by:	ash@lab.poc.net
2003-09-23 19:16:49 +00:00
Jacques Vidrine
17f5a3c9fe Add Solar Designer's additional fixes to buffer management. 2003-09-17 16:07:48 +00:00
Dirk Meyer
07a618199e - Securitry Fix revision 2
http://www.openssh.com/txt/buffer.adv
Approved by:	lioux (portmgr)
2003-09-17 12:03:12 +00:00
Jacques Vidrine
4cb3944f15 Do not record expanded size before attempting to reallocate associated
memory.

Obtained from:	OpenBSD
2003-09-16 12:43:10 +00:00
Dirk Meyer
034a5e4f4f - extend regression tests 2003-04-01 04:10:29 +00:00
Dirk Meyer
a5724cba62 - Update to 3.6p1 2003-04-01 03:02:56 +00:00
Dirk Meyer
cafc71515f - openssh-3.5p1 doesn't log utmp for IPv6 connection correctly
Submitted by:	ume
2003-01-02 04:21:59 +00:00
Dirk Meyer
0a7cc8117d - cleanup of mor patches
- fix Makefile to avoid key-generation on bento.
2002-10-26 03:56:53 +00:00
Dirk Meyer
80bc17d33a Update to 3.5p1 2002-10-17 04:40:20 +00:00
Dirk Meyer
25fa2627ff Craete moduli on bento. 2002-09-17 05:24:37 +00:00
Dirk Meyer
58d5d9a297 add bugfix from CURRENT 2002-08-06 19:31:25 +00:00
Dirk Meyer
cbf06429f9 Fix resolver problem with privilege-separation.
PR:		39953
2002-07-27 06:20:28 +00:00
Dirk Meyer
9d5e8cafdc - add pam_cleanup from CURRENT
- Fix build problems < 4.0
PR:		40576
2002-07-24 20:47:22 +00:00
Dirk Meyer
e36257ada7 Add bits for regression tests
Fix build for /var/empty is schg and have open permissions.
2002-07-22 05:28:52 +00:00
Dirk Meyer
1c0df50961 - Fix Problem with HAVE_HOST_IN_UTMP
- update monitor.c

PR:		40576
Submitted by:	lxv@a-send-pr.sink.omut.org
2002-07-15 20:08:01 +00:00
Dirk Meyer
f61d0ce158 merge PAM buffer management from current. 2002-07-07 18:55:26 +00:00
Dirk Meyer
5e5d96c36b 'PermitRootLogin no' is the new default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.

Users are encouraged to create single-purpose users with ssh keys
and very narrowly defined sudo privileges instead of using root
for automated tasks.

- PKGNAMESUFFIX for GSSAPI set.
- Merged some patches from current to improve PAM.
- Fix BATCH=yes for bento.
2002-07-04 18:29:18 +00:00
Dirk Meyer
2d15acdaf5 Cleanup patch to avoid conflicts with GSSAPI patches 2002-07-01 19:37:55 +00:00
Dirk Meyer
520aee8844 Revert changes. 2002-06-30 19:34:41 +00:00
Dirk Meyer
5211a9cdb6 give Enviroment from login.conf priority over all others,
problem found by drs@rucus.ru.ac.za.
2002-06-30 19:31:10 +00:00
Dirk Meyer
f14e05226b Defaults changed: (Gregory Sutter)
ChallengeResponseAuthentication no
 UseLogin no

patch for configure, to detect MAP_ANON submitted by:
Christophe Labouisse,Michael Handler,Gert Doering,Phil Oleson,Dave Baker

fix missing includes for "canohost.h"
2002-06-28 05:28:07 +00:00
Dirk Meyer
3ecee7d612 nuke obsolete file 2002-06-26 18:53:33 +00:00
Dirk Meyer
18a6d62c09 update patch for 3.4 2002-06-26 17:40:44 +00:00
Dirk Meyer
6e92b68117 Security FIX, Please update to this Version.
Options for both:
USE_OPENSSL_BASE=yes
	uses an older opensssl in the base system.

Options for portable:
OPENSSH_OVERWRITE_BASE=yes
	includes USE_OPENSSL_BASE=yes
	installls in the paths of the base system
2002-06-26 15:21:27 +00:00
Dirk Meyer
18f285a18d Thanks to max@wide.ad.jp, maxim, obraun@informatik.unibw-muenchen.de, fjoe
Patch from current, noted by drs@rucus.ru.ac.za:
environment variables in the 'setenv' field of login.conf are set now.
2002-06-26 12:22:25 +00:00
Dirk Meyer
7c4811d9a7 Migrate configuration files to $PREFIX/etc/ssh/
Add ${PREFIX}/etc/rc.d/sshd.sh.sample
2002-06-26 04:05:57 +00:00
Dirk Meyer
f4eb252ac6 Update to OpenSSH 3.2.3
- patch openssh-3.1-adv.token.patch is now obsolete.
- remerged PAM changes form previous port
- declare CMSG_* macros.
- fixed bad type in function input_userauth_passwd_changereq

Update to OpenSSH-portable-3.2.3p1

- patch openssh-3.1p1-adv.token.patch is now obsolete
- keep previously declared CONFIGURE_ARGS
- remove openssh-mit-krb5-20020326.diff (should be in the distribution now)
- patch patch-readpassphrase.c is now in teh distribution
- merged previous patches.
- extend CONFIGURE_ARGS so it find OPENSSL again.
- new patches for GSSAPI, not fully tested.

If you have the patch applied:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/36080

Builds with openssl-0.9.6d under:
2.2.8-RELEASE
3.2-RELEASE
4.2-RELEASE
4.6-RC
2002-05-31 07:28:46 +00:00
Dirk Meyer
24b7840a21 - Fix build for 5.0-CURRENT 2002-03-30 05:18:23 +00:00
Dirk Meyer
bb59716b3b Updated Patch on openBSD website,
patch openssh/files/patch-cipher.c is now obsolete.
2002-03-27 20:02:41 +00:00
Dirk Meyer
8f8caf8dcb - Make KERBEROS patch build with heimdal port 2002-03-25 05:39:39 +00:00
Dirk Meyer
108bf0f7d5 - Fix problem with auth_ttyok and ttyname
- Make KERBEROS patch build with heimdal port
2002-03-25 05:39:17 +00:00
Dirk Meyer
74642142e3 Merged patches for HAVE_LOGIN_CAP from stable
PR:		35904
2002-03-17 20:24:24 +00:00
Dirk Meyer
b0f1b90bd7 Allow IPv6 connection if detected by configure.
Submitted by:	ume
2002-03-09 12:51:44 +00:00
Dirk Meyer
6ecd1db2e7 fix patch for build on bento 2002-03-08 21:06:29 +00:00
Dirk Meyer
00ab21c036 - patch to fix undefined (ulong)
- builds now for FreeBSD 2.2.8
2002-03-08 18:24:12 +00:00
Dirk Meyer
e95e5c70ff Update to OpenSSH 3.1 OpennSSH-portable 3.1p1
- update patch-au,patch-session.c for password changes.
- patch-channel.c is now integrated

Excerpt from Changelog:

20020304
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/02/26 18:52:32
     [sftp.1]
     Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
   - mouring@cvs.openbsd.org 2002/02/26 19:04:37
     [sftp.1]
     > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
     Last Ic on the first line should not have a space between it and the final
     comma.
   - deraadt@cvs.openbsd.org 2002/02/26 19:06:43
     [sftp.1]
     no, look closely.  the comma was highlighted. split .Ic even more
   - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
     [misc.c]
     use socklen_t
   - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
     [canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@
   - markus@cvs.openbsd.org 2002/02/28 15:46:33
     [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
     add some const EVP_MD for openssl-0.9.7
   - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
     [auth.c match.c match.h]
     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@
   - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
     [sshd.8]
     DenyUsers allows user@host pattern also
   - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
     [sshd.8]
     -u0 DNS for user@host
   - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
     [auth.c]
     log user not allowed details, from dwd@bell-labs.com; ok markus@
   - markus@cvs.openbsd.org 2002/03/01 13:12:10
     [auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@
   - markus@cvs.openbsd.org 2002/03/04 12:43:06
     [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
   - markus@cvs.openbsd.org 2002/03/04 13:10:46
     [misc.c]
     error-> debug, because O_NONBLOCK for /dev/null causes too many different
     errnos; ok stevesk@, deraadt@
     unused include
   - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
     [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
   - stevesk@cvs.openbsd.org 2002/03/04 18:30:23
     [ssh-keyscan.c]
     handle connection close during read of protocol version string.
     fixes erroneous "bad greeting".  ok markus@
   - markus@cvs.openbsd.org 2002/03/04 19:37:58
     [channels.c]
     off by one; thanks to joost@pine.nl
20020226
 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
   based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
   Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
   reported by nolan@naic.edu (Michael Nolan)
   patch by  Pekka Savola <pekkas@netcore.fi>
   Bug 74 [configure.ac defines.h] add sig_atomic_t test
   reported by dwd@bell-labs.com (Dave Dykstra)
   Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
   [configure.ac Makefile.in] link libwrap only with sshd
   based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
   Bug 123 link libpam only with sshd
   reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
   [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
   [acconfig.h] remove unused HAVE_REGCOMP
   [configure.ac] put back in search for prngd-socket
 - (stevesk) openbsd-compat/base64.h: typo in comment
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/15 23:54:10
     [auth-krb5.c]
     krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
     ok provos@
   - markus@cvs.openbsd.org 2002/02/22 12:20:34
     [log.c log.h ssh-keyscan.c]
     overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
   - markus@cvs.openbsd.org 2002/02/23 17:59:02
     [kex.c kexdh.c kexgex.c]
     don't allow garbage after payload.
   - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
     [sshd.c]
     use u_char* here; ok markus@
   - markus@cvs.openbsd.org 2002/02/24 16:57:19
     [sftp-client.c]
     early close(), missing free; ok stevesk@
   - markus@cvs.openbsd.org 2002/02/24 16:58:32
     [packet.c]
     make 'cp' unsigned and merge with 'ucp'; ok stevesk@
   - markus@cvs.openbsd.org 2002/02/24 18:31:09
     [uuencode.c]
     typo in comment
   - markus@cvs.openbsd.org 2002/02/24 19:14:59
     [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@
   - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
     [channels.c misc.c]
     disable Nagle in connect_to() and channel_post_port_listener() (port
     forwarding endpoints).  the intention is to preserve the on-the-wire
     appearance to applications at either end; the applications can then
     enable TCP_NODELAY according to their requirements. ok markus@
   - markus@cvs.openbsd.org 2002/02/25 16:33:27
     [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
     more u_* fixes
 - (bal) Imported missing fatal.c and fixed up Makefile.in
 - (tim) [configure.ac] correction to Bug 123 fix
     [configure.ac] correction to sig_atomic_t test

20020224
 - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
   patch by wknox@mitre.org (William Knox).
   [sshlogin.h] declare record_utmp_only for session.c

20020219
 - (djm) OpenBSD CVS Sync
   - mpech@cvs.openbsd.org 2002/02/13 08:33:47
     [ssh-keyscan.1]
     When you give command examples and etc., in a manual page prefix them with:     $ command
     or
     # command
   - markus@cvs.openbsd.org 2002/02/14 23:27:59
     [channels.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@cvs.openbsd.org 2002/02/14 23:28:00
     [channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@cvs.openbsd.org 2002/02/14 23:41:01
     [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
     hide some more implementation details of cipher.[ch] and prepares for move
     to EVP, ok deraadt@
   - stevesk@cvs.openbsd.org 2002/02/16 14:53:37
     [ssh-keygen.1]
     -t required now for key generation
   - stevesk@cvs.openbsd.org 2002/02/16 20:40:08
     [ssh-keygen.c]
     default to rsa keyfile path for non key generation operations where
     keyfile not specified.  fixes core dump in those cases.  ok markus@
   - millert@cvs.openbsd.org 2002/02/16 21:27:53
     [auth.h]
     Part one of userland __P removal.  Done with a simple regexp with
     some minor hand editing to make comments line up correctly.  Another
     pass is forthcoming that handles the cases that could not be done
     automatically.
   - millert@cvs.openbsd.org 2002/02/17 19:42:32
     [auth.h]
     Manual cleanup of remaining userland __P use (excluding packages
     maintained outside the tree)
   - markus@cvs.openbsd.org 2002/02/18 13:05:32
     [cipher.c cipher.h]
     switch to EVP, ok djm@ deraadt@
   - markus@cvs.openbsd.org 2002/02/18 17:55:20
     [ssh.1]
     -q: Fatal errors are _not_ displayed.
   - deraadt@cvs.openbsd.org 2002/02/19 02:50:59
     [sshd_config]
     stategy is not an english word
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@
   - markus@cvs.openbsd.org 2002/02/16 00:51:44
     [session.c]
     typo

20020218
 - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess

20020213
 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users

20020213
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/11 16:10:15
     [kex.c]
     restore kexinit handler if we reset the dispatcher, this unbreaks
     rekeying s/kex_clear_dispatch/kex_reset_dispatch/
   - markus@cvs.openbsd.org 2002/02/11 16:15:46
     [sshconnect1.c]
     include md5.h, not evp.h
   - markus@cvs.openbsd.org 2002/02/11 16:17:55
     [sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
   - markus@cvs.openbsd.org 2002/02/11 16:19:39
     [sshd.c]
     include md5.h not hmac.h
   - markus@cvs.openbsd.org 2002/02/11 16:21:42
     [match.c]
     support up to 40 algorithms per proposal
   - djm@cvs.openbsd.org 2002/02/12 12:32:27
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Perform multiple overlapping read/write requests in file transfer. Mostly
     done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@
   - djm@cvs.openbsd.org 2002/02/12 12:44:46
     [sftp-client.c]
     Let overlapped upload path handle servers which reorder ACKs. This may be
     permitted by the protocol spec; ok markus@
   - markus@cvs.openbsd.org 2002/02/13 00:28:13
     [sftp-server.c]
     handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@
   - markus@cvs.openbsd.org 2002/02/13 00:39:15
     [readpass.c]
     readpass.c is not longer from UCB, since we now use readpassphrase(3)
   - djm@cvs.openbsd.org 2002/02/13 00:59:23
     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
     [sftp-int.c sftp-int.h]
     API cleanup and backwards compat for filexfer v.0 servers; ok markus@
 - (djm) Sync openbsd-compat with OpenBSD CVS too
 - (djm) Bug #106: Add --without-rpath configure option. Patch from
   Nicolas.Williams@ubsw.com

20020210
 - (djm) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
   - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
     [readconf.h sshd.8]
     more /etc/ssh; openbsd@davidkrause.com

20020208
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
   - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-agent.1]
     more sync for default ssh-add identities; ok markus@
   - djm@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@
   - markus@cvs.openbsd.org 2002/02/05 14:32:55
     [channels.c channels.h ssh.c]
     merge channel_request() into channel_request_start()
   - markus@cvs.openbsd.org 2002/02/06 14:22:42
     [sftp.1]
     sort options; ok mpech@, stevesk@
   - mpech@cvs.openbsd.org 2002/02/06 14:27:23
     [sftp.c]
     sync usage() with manual.
   - markus@cvs.openbsd.org 2002/02/06 14:37:22
     [session.c]
     minor KNF
   - markus@cvs.openbsd.org 2002/02/06 14:55:16
     [channels.c clientloop.c serverloop.c ssh.c]
     channel_new never returns NULL, mouring@; ok djm@
   - markus@cvs.openbsd.org 2002/02/07 09:35:39
     [ssh.c]
     remove bogus comments

20020205
 - (djm) Cleanup after sync:
   - :%s/reverse_mapping_check/verify_reverse_mapping/g
 - (djm) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/01/24 21:09:25
     [channels.c misc.c misc.h packet.c]
     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
     no nagle changes just yet; ok djm@ markus@
   - stevesk@cvs.openbsd.org 2002/01/24 21:13:23
     [packet.c]
     need misc.h for set_nodelay()
   - markus@cvs.openbsd.org 2002/01/25 21:00:24
     [sshconnect2.c]
     unused include
   - markus@cvs.openbsd.org 2002/01/25 21:42:11
     [ssh-dss.c ssh-rsa.c]
     use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
     don't use evp_md->md_size, it's not public.
   - markus@cvs.openbsd.org 2002/01/25 22:07:40
     [kex.c kexdh.c kexgex.c key.c mac.c]
     use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
   - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
     [includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@
   - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
     [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
     [ssh.c]
     handle simple case to identify FamilyLocal display; ok markus@
   - markus@cvs.openbsd.org 2002/01/29 14:27:57
     [ssh-add.c]
     exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
   - markus@cvs.openbsd.org 2002/01/29 14:32:03
     [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
     ok stevesk@
   - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
     [session.c]
     limit subsystem length in log; ok markus@
   - markus@cvs.openbsd.org 2002/01/29 16:41:19
     [ssh-add.1]
     add DIAGNOSTICS; ok stevesk@
   - markus@cvs.openbsd.org 2002/01/29 22:46:41
     [session.c]
     don't depend on servconf.c; ok djm@
   - markus@cvs.openbsd.org 2002/01/29 23:50:37
     [scp.1 ssh.1]
     mention exit status; ok stevesk@
   - markus@cvs.openbsd.org 2002/01/31 13:35:11
     [kexdh.c kexgex.c]
     cross check announced key type and type from key blob
   - markus@cvs.openbsd.org 2002/01/31 15:00:05
     [serverloop.c]
     no need for WNOHANG; ok stevesk@
   - markus@cvs.openbsd.org 2002/02/03 17:53:25
     [auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@
   - markus@cvs.openbsd.org 2002/02/03 17:55:55
     [channels.c channels.h]
     remove unused channel_input_channel_request
   - markus@cvs.openbsd.org 2002/02/03 17:58:21
     [channels.c channels.h ssh.c]
     generic callbacks are not really used, remove and
     add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
     ok djm@
   - markus@cvs.openbsd.org 2002/02/03 17:59:23
     [sshconnect2.c]
     more cross checking if announced vs. used key type; ok stevesk@
   - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
     [ssh.1 sshd.8]
     some KeepAlive cleanup/clarify; ok markus@
   - stevesk@cvs.openbsd.org 2002/02/03 23:22:59
     [ssh-agent.1]
     ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
   - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
     [ssh-agent.c]
     unneeded includes
   - markus@cvs.openbsd.org 2002/02/04 11:58:10
     [auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth;
     ok stevesk@
   - markus@cvs.openbsd.org 2002/02/04 12:15:25
     [log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
   - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-add.1]
     more sync for default ssh-add identities; ok markus@
   - djm@cvs.openbsd.org 2002/02/04 21:53:12
     [sftp.1 sftp.c]
     Add "-P" option to directly connect to a local sftp-server. Should be
     useful for regression testing; ok markus@
   - djm@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@

20020130
 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
 - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
   [sshd_config] put back in line that tells what PATH was compiled into sshd.

20020125
 - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
   and grabbing can cause deadlocks with kinput2.

20020124
 - (stevesk) Makefile.in: bug #61; delete commented line for now.

20020123
 - (djm) Fix non-standard shell syntax in autoconf. Patch from
   Dave Dykstra <dwd@bell-labs.com>
 - (stevesk) fix --with-zlib=
 - (djm) Use case statements in autoconf to clean up some tests

20020122
 - (djm) autoconf hacking:
   - We don't support --without-zlib currently, so don't allow it.
   - Rework cryptographic random number support detection. We now detect
     whether OpenSSL seeds itself. If it does, then we don't bother with
     the ssh-rand-helper program. You can force the use of ssh-rand-helper
     using the --with-rand-helper configure argument
   - Simplify and clean up ssh-rand-helper configuration
   - Add OpenSSL sanity check: verify that header version matches version
     reported by library
 - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
 - OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2001/12/21 08:52:22
     [ssh-keygen.1 ssh-keygen.c]
     Remove default (rsa1) key type; ok markus@
   - djm@cvs.openbsd.org 2001/12/21 08:53:45
     [readpass.c]
     Avoid interruptable passphrase read; ok markus@
   - djm@cvs.openbsd.org 2001/12/21 10:06:43
     [ssh-add.1 ssh-add.c]
     Try all standard key files (id_rsa, id_dsa, identity) when invoked with
     no arguments; ok markus@
   - markus@cvs.openbsd.org 2001/12/21 12:17:33
     [serverloop.c]
     remove ifdef for USE_PIPES since fdin != fdout; ok djm@
   - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
     [ssh-add.c]
     try all listed keys.. how did this get broken?
   - markus@cvs.openbsd.org 2001/12/25 18:49:56
     [key.c]
     be more careful on allocation
   - markus@cvs.openbsd.org 2001/12/25 18:53:00
     [auth1.c]
     be more carefull on allocation
   - markus@cvs.openbsd.org 2001/12/27 18:10:29
     [ssh-keygen.c]
     -t is only needed for key generation (unbreaks -i, -e, etc).
   - markus@cvs.openbsd.org 2001/12/27 18:22:16
     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
   - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
     [sshd.8]
     clarify -p; ok markus@
   - markus@cvs.openbsd.org 2001/12/27 18:26:13
     [authfile.c]
     missing include
   - markus@cvs.openbsd.org 2001/12/27 19:37:23
     [dh.c kexdh.c kexgex.c]
     always use BN_clear_free instead of BN_free
   - markus@cvs.openbsd.org 2001/12/27 19:54:53
     [auth1.c auth.h auth-rh-rsa.c]
     auth_rhosts_rsa now accept generic keys.
   - markus@cvs.openbsd.org 2001/12/27 20:39:58
     [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
     [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
   - markus@cvs.openbsd.org 2001/12/28 12:14:27
     [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
     [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
     [ssh.c sshconnect1.c sshconnect2.c sshd.c]
     s/packet_done/packet_check_eom/ (end-of-message); ok djm@
   - markus@cvs.openbsd.org 2001/12/28 13:57:33
     [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
   - markus@cvs.openbsd.org 2001/12/28 14:13:13
     [bufaux.c bufaux.h packet.c]
     buffer_get_bignum: int -> void
   - markus@cvs.openbsd.org 2001/12/28 14:50:54
     [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
     [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
     [sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
   - markus@cvs.openbsd.org 2001/12/28 15:06:00
     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
   - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
     [ssh.1 sshd.8]
     document LogLevel DEBUG[123]; ok markus@
   - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
     [authfile.c channels.c compress.c packet.c sftp-server.c]
     [ssh-agent.c ssh-keygen.c]
     remove unneeded casts and some char->u_char cleanup; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
     [ssh_config]
     grammar in comment
   - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
     [readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
     [servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
   - markus@cvs.openbsd.org 2002/01/05 10:43:40
     [channels.c]
     fix hanging x11 channels for rejected cookies (e.g.
     XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
     djast@cs.toronto.edu
   - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
     [ssh.1 sshd.8]
     some missing and misplaced periods
   - markus@cvs.openbsd.org 2002/01/09 13:49:27
     [ssh-keygen.c]
     append \n only for public keys
   - markus@cvs.openbsd.org 2002/01/09 17:16:00
     [channels.c]
     merge channel_pre_open_15/channel_pre_open_20; ok provos@
   - markus@cvs.openbsd.org 2002/01/09 17:26:35
     [channels.c nchan.c]
     replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
     ok provos@
   - markus@cvs.openbsd.org 2002/01/10 11:13:29
     [serverloop.c]
     skip client_alive_check until there are channels; ok beck@
   - markus@cvs.openbsd.org 2002/01/10 11:24:04
     [clientloop.c]
     handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
   - markus@cvs.openbsd.org 2002/01/10 12:38:26
     [nchan.c]
     remove dead code (skip drain)
   - markus@cvs.openbsd.org 2002/01/10 12:47:59
     [nchan.c]
     more unused code (with channels.c:1.156)
   - markus@cvs.openbsd.org 2002/01/11 10:31:05
     [packet.c]
     handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
   - markus@cvs.openbsd.org 2002/01/11 13:36:43
     [ssh2.h]
     add defines for msg type ranges
   - markus@cvs.openbsd.org 2002/01/11 13:39:36
     [auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of
     type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
     of exiting.
   - markus@cvs.openbsd.org 2002/01/11 20:14:11
     [auth2-chall.c auth-skey.c]
     use strlcpy not strlcat; mouring@
   - markus@cvs.openbsd.org 2002/01/11 23:02:18
     [readpass.c]
     use _PATH_TTY
   - markus@cvs.openbsd.org 2002/01/11 23:02:51
     [auth2-chall.c]
     use snprintf; mouring@
   - markus@cvs.openbsd.org 2002/01/11 23:26:30
     [auth-skey.c]
     use snprintf; mouring@
   - markus@cvs.openbsd.org 2002/01/12 13:10:29
     [auth-skey.c]
     undo local change
   - provos@cvs.openbsd.org 2002/01/13 17:27:07
     [ssh-agent.c]
     change to use queue.h macros; okay markus@
   - markus@cvs.openbsd.org 2002/01/13 17:57:37
     [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size;
     ok provos@/mouring@
   - markus@cvs.openbsd.org 2002/01/13 21:31:20
     [channels.h nchan.c]
     add chan_set_[io]state(), order states, state is now an u_int,
     simplifies debugging messages; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:22:35
     [nchan.c]
     chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:34:07
     [nchan.c]
     merge chan_[io]buf_empty[12]; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:40:10
     [nchan.c]
     correct fn names for ssh2, do not switch from closed to closed;
     ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:41:13
     [nchan.c]
     remove duplicated code; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:55:55
     [channels.c channels.h nchan.c]
     remove function pointers for events, remove chan_init*; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:57:03
     [channels.h nchan.c]
     (c) 2002
   - markus@cvs.openbsd.org 2002/01/16 13:17:51
     [channels.c channels.h serverloop.c ssh.c]
     wrapper for channel_setup_fwd_listener
   - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
     [sshd_config]
     The stategy now used for options in the default sshd_config shipped
     with OpenSSH is to specify options with their default value where
     possible, but leave them commented.  Uncommented options change a
     default value.  Subsystem is currently the only default option
     changed.  ok markus@
   - stevesk@cvs.openbsd.org 2002/01/16 17:42:33
     [ssh.1]
     correct defaults for -i/IdentityFile; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
     [ssh_config]
     correct some commented defaults.  add Ciphers default.  ok markus@
   - stevesk@cvs.openbsd.org 2002/01/17 04:27:37
     [log.c]
     casts to silence enum type warnings for bugzilla bug 37; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
     [sshd.8]
     correct Ciphers default; paola.mannaro@ubs.com
   - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
     [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
     unneeded cast cleanup; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
     [sshd.8]
     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
     allard@oceanpark.com; ok markus@
   - markus@cvs.openbsd.org 2002/01/21 15:13:51
     [sshconnect.c]
     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
     for hostkey confirm.
   - markus@cvs.openbsd.org 2002/01/21 22:30:12
     [cipher.c compat.c myproposal.h]
     remove "rijndael-*", just use "aes-" since this how rijndael is called
     in the drafts; ok stevesk@
   - markus@cvs.openbsd.org 2002/01/21 23:27:10
     [channels.c nchan.c]
     cleanup channels faster if the are empty and we are in drain-state;
     ok deraadt@
   - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
     [servconf.c]
     typo in error message; from djast@cs.toronto.edu
 - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
   changes
 - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
   bogus in configure
 - (djm) Use local sys/queue.h if necessary in ssh-agent.c

20020121
 - (djm) Rework ssh-rand-helper:
   - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
   - Always seed from system calls, even when doing PRNGd seeding
   - Tidy and comment #define knobs
   - Remove unused facility for multiple runs through command list
   - KNF, cleanup, update copyright

20020114
 - (djm) Bug #50 - make autoconf entropy path checks more robust

20020108
 - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
   fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@redhat.com>
 - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX.  does
   not depend on transition links.  from Lutz Jaenicke.

20020106
 - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
   for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".

20020103
 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
   Roger Cornelius <rac@tenzing.org>
2002-03-08 05:54:04 +00:00
Jacques Vidrine
1a07b54104 Fix off-by-one error.
Obtained from:	OpenBSD

Bump PORTREVISION.
2002-03-06 13:53:39 +00:00
Dirk Meyer
42b61e1a01 Add patch for: readpassphrase.h
Someone in the OpenSSH world doesn't understand the difference
between application and implementation namespaces.  This causes
conflicts with <readpassphrase.h>.

PR:		34362
Submitted by:	wollman@hergotha.lcs.mit.edu
2002-01-28 07:23:21 +00:00
Dirk Meyer
9f5e495359 - extend patch for batch mode, so no site-specifc files are installed. 2001-12-02 07:04:27 +00:00
Dirk Meyer
b8cb1c43d7 - Udate to OpenSSH-3.0.2
- make batch-processing cleaner

20011202
 - (djm) Syn with OpenBSD OpenSSH-3.0.2
   - markus@cvs.openbsd.org
     [session.c sshd.8 version.h]
     Don't allow authorized_keys specified environment variables when
     UseLogin in active
2001-12-02 06:52:44 +00:00
Dirk Meyer
01548f5249 cvs rm'ing patch-coredump, as the current versions are safe.
It does no harm, so a second bump of PORTVERSION is not needed.
2001-10-25 20:17:43 +00:00
Dirk Meyer
1865c26403 - included an patch that solves a coredump in sshd
- Bumped PORTREVISION

Submitted by:	ryanb@goddamnbastard.org
2001-10-24 07:16:49 +00:00
Dirk Meyer
f1edf91afe - Update to OpenSSH 2.9.9p2
- security-patch for cookie files obsolete
- MD5 password support activated

Approved by:	dwcjr@FreeBSD.org
2001-10-03 15:19:27 +00:00
Dirk Meyer
f439469443 - Update to p2:
- stripped down some patches

20010617
 - (djm) Pull in small fix from -CURRENT for session.c:
    typo, use pid not s->pid, mstone@cs.loyola.edu

20010615
 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
   around grantpt().

20010614
 - (bal) Applied X11 Cookie Patch.  X11 Cookie behavior has changed to
   no longer use /tmp/ssh-XXXXX/

20010528
 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
   Patch by Corinna Vinschen <vinschen@redhat.com>

Approved by:	dwcjr@freebsd.org
2001-08-19 17:22:39 +00:00