upgrade to 2.5.2p2.

20010322
 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
 - (djm) Released 2.5.2p2

20010321
 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
   VanDevender <stevev@darkwing.uoregon.edu>
 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
   from Solar Designer <solar@openwall.com>
 - (djm) Don't loop forever when changing password via PAM. Patch
   from Solar Designer <solar@openwall.com>
 - (djm) Generate config files before build
 - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
   suggested fix from Mike Battersby <mib@unimelb.edu.au>

20010320
 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
 - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
 - (bal) Oops.  Missed globc.h change (OpenBSD CVS).
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/19 17:07:23
     [auth.c readconf.c]
     undo /etc/shell and proto 2,1 change for openssh-2.5.2
   - markus@cvs.openbsd.org 2001/03/19 17:12:10
     [version.h]
     version 2.5.2
 - (djm) Update RPM spec version
 - (djm) Release 2.5.2p1
- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
  change S_ISLNK macro to work for UnixWare 2.03
- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
  add get_arg_max(). Use sysconf() if ARG_MAX is not defined

20010319
 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
   do it implicitly.
 - (djm) Add getusershell() functions from OpenBSD CVS
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/18 12:07:52
     [auth-options.c]
     ignore permitopen="host:port" if AllowTcpForwarding==no
 - (djm) Make scp work on systems without 64-bit ints
 - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
   move HAVE_LONG_LONG_INT where it works
 - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
   stuff.  Change suggested by Mark Miller <markm@swoon.net>
 - (bal) Small fix to scp.  %lu vs %ld
 - (bal) NeXTStep lacks S_ISLNK.  Plus split up S_IS*
 - (djm) OpenBSD CVS Sync
   - djm@cvs.openbsd.org     2001/03/19 03:52:51
     [sftp-client.c]
     Report ssh connection closing correctly; ok deraadt@
   - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
     [compat.c compat.h sshd.c]
     specifically version match on ssh scanners.  do not log scan
     information to the console
   - djm@cvs.openbsd.org      2001/03/19 12:10:17
     [sshd.8]
     Document permitopen authorized_keys option; ok markus@
   - djm@cvs.openbsd.org     2001/03/19 05:49:52
     [ssh.1]
     document PreferredAuthentications option; ok markus@
 - (bal) Minor NeXT fixed.  Forgot to #undef NGROUPS_MAX

20010318
 - (bal) Fixed scp type casing issue which causes "scp: protocol error:
   size not delimited" fatal errors when tranfering.
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/17 17:27:59
     [auth.c]
     check /etc/shells, too
 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
     openbsd-compat/fake-regex.h

20010317
 - Support usrinfo() on AIX. Based on patch from Gert Doering
   <gert@greenie.muc.de>
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/15 15:05:59
     [scp.c]
     use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
   - markus@cvs.openbsd.org 2001/03/15 22:07:08
     [session.c]
     pass Session to do_child + KNF
   - djm@cvs.openbsd.org 2001/03/16 08:16:18
     [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
     Revise globbing for get/put to be more shell-like. In particular,
     "get/put file* directory/" now works. ok markus@
   - markus@cvs.openbsd.org 2001/03/16 09:55:53
     [sftp-int.c]
     fix memset and whitespace
   - markus@cvs.openbsd.org 2001/03/16 13:44:24
     [sftp-int.c]
     discourage strcat/strcpy
   - markus@cvs.openbsd.org 2001/03/16 19:06:30
     [auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de
 - Check for gl_matchc support in glob_t and fall back to the
   openbsd-compat/glob.[ch] support if it does not exist.

20010315
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/14 08:57:14
     [sftp-client.c]
     Wall
   - markus@cvs.openbsd.org 2001/03/14 15:15:58
     [sftp-int.c]
     add version command
   - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
     [sftp-server.c]
     note no getopt()
 - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
 - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>

20010314
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/13 17:34:42
     [auth-options.c]
     missing xfree, deny key on parse error; ok stevesk@
   - djm@cvs.openbsd.org 2001/03/13 22:42:54
     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
     sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
 - (bal) Fix strerror() in bsd-misc.c
 - (djm) Add replacement glob() from OpenBSD libc if the system glob is
   missing or lacks the GLOB_ALTDIRFUNC extension
 - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
   relatively. Avoids conflict between glob.h and /usr/include/glob.h

20010313
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/12 22:02:02
     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
     remove old key_fingerprint interface, s/_ex//

20010312
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/11 13:25:36
     [auth2.c key.c]
     debug
   - jakob@cvs.openbsd.org 2001/03/11 15:03:16
     [key.c key.h]
     add improved fingerprint functions. based on work by Carsten
     Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
   - jakob@cvs.openbsd.org 2001/03/11 15:04:16
     [ssh-keygen.1 ssh-keygen.c]
     print both md5, sha1 and bubblebabble fingerprints when using
     ssh-keygen -l -v. ok markus@.
   - jakob@cvs.openbsd.org 2001/03/11 15:13:09
     [key.c]
     cleanup & shorten some var names key_fingerprint_bubblebabble.
   - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
     [ssh-keygen.c]
     KNF, and SHA1 binary output is just creeping featurism
 - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
   test if snprintf() supports %ll
   add /dev to search path for PRNGD/EGD socket
   fix my mistake in USER_PATH test program
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/11 18:29:51
     [key.c]
     style+cleanup
   - markus@cvs.openbsd.org 2001/03/11 22:33:24
     [ssh-keygen.1 ssh-keygen.c]
     remove -v again. use -B instead for bubblebabble. make -B consistent
     with -l and make -B work with /path/to/known_hosts. ok deraadt@
 - (djm) Bump portable version number for generating test RPMs
 - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
 - (bal) Reorder includes in Makefile.

20010311
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/10 12:48:27
     [sshconnect2.c]
     ignore nonexisting private keys; report rjmooney@mediaone.net
   - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
     [readconf.c ssh_config]
     default to SSH2, now that m68k runs fast
   - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
     [ttymodes.c ttymodes.h]
     remove unused sgtty macros; ok markus@
   - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
     [compat.c compat.h sshconnect.c]
     all known netscreen ssh versions, and older versions of OSU ssh cannot
     handle password padding (newer OSU is fixed)
 - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
   make sure $bindir is in USER_PATH so scp will work
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/03/10 17:51:04
     [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
     add PreferredAuthentications

20010310
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
     [ssh-keygen.c]
     create *.pub files with umask 0644, so that you can mv them to
     authorized_keys
   - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
     [sshd.c]
     typo; slade@shore.net
 - Removed log.o from sftp client.  Not needed.

20010309
 - OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
     [auth1.c]
     unused; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
     [sftp.1]
     spelling, cleanup; ok deraadt@
   - markus@cvs.openbsd.org 2001/03/08 21:42:33
     [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
     no need to do enter passphrase or do expensive sign operations if the
     server does not accept key).

20010308
 - OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2001/03/07 10:11:23
     [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
     Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
     functions and small protocol change.
   - markus@cvs.openbsd.org 2001/03/08 00:15:48
     [readconf.c ssh.1]
     turn off useprivilegedports by default. only rhost-auth needs
     this. older sshd's may need this, too.
 - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
   Dirk Markwardt <D.Markwardt@tu-bs.de>

20010307
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
     [ssh-keyscan.c]
     appease gcc
   - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
     [sftp-int.c sftp.1 sftp.c]
     sftp -b batchfile; mouring@etoh.eviladmin.org
   - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
     [sftp.1]
     order things
   - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
     [ssh.1 sshd.8]
     the name "secure shell" is boring, noone ever uses it
   - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
     [ssh.1]
     removed dated comment
 - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>

20010306
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
     [sshd.8]
     alpha order; jcs@rt.fm
   - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
     [servconf.c]
     sync error message; ok markus@
   - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
     [myproposal.h ssh.1]
     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
     provos & markus ok
   - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
     [sshd.8]
     detail default hmac setup too
   - markus@cvs.openbsd.org 2001/03/05 17:17:21
     [kex.c kex.h sshconnect2.c sshd.c]
     generate a 2*need size (~300 instead of 1024/2048) random private
     exponent during the DH key agreement. according to Niels (the great
     german advisor) this is safe since /etc/primes contains strong
     primes only.

     References:
             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
             agreement with short exponents, In Advances in Cryptology
             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
   - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
     [ssh.1]
     more ssh_known_hosts2 documentation; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
     [dh.c]
     spelling
   - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
     [authfd.c cli.c ssh-agent.c]
     EINTR/EAGAIN handling is required in more cases
   - millert@cvs.openbsd.org 2001/03/06 01:06:03
     [ssh-keyscan.c]
     Don't assume we wil get the version string all in one read().
     deraadt@ OK'd
   - millert@cvs.openbsd.org 2001/03/06 01:08:27
     [clientloop.c]
     If read() fails with EINTR deal with it the same way we treat EAGAIN

20010305
 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
 - (bal) CVS ID touch up on sftp-int.c
 - (bal) CVS ID touch up on uuencode.c
 - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
 - (bal) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
     [sshd.8]
     it's the OpenSSH one
   - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
     [ssh-keyscan.c]
     inline -> __inline__, and some indent
   - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
     [authfile.c]
     improve fd handling
   - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
     [sftp-server.c]
     careful with & and &&; markus ok
   - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
     [ssh.c]
     -i supports DSA identities now; ok markus@
   - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
     [servconf.c]
     grammar; slade@shore.net
   - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
     [ssh-keygen.1 ssh-keygen.c]
     document -d, and -t defaults to rsa1
   - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
     [ssh-keygen.1 ssh-keygen.c]
     bye bye -d
   - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
     [sshd_config]
     activate RSA 2 key
   - markus@cvs.openbsd.org 2001/02/22 21:57:27
     [ssh.1 sshd.8]
     typos/grammar from matt@anzen.com
   - markus@cvs.openbsd.org 2001/02/22 21:59:44
     [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
   - markus@cvs.openbsd.org 2001/02/23 15:34:53
     [serverloop.c]
     debug2->3
   - markus@cvs.openbsd.org 2001/02/23 18:15:13
     [sshd.c]
     the random session key depends now on the session_key_int
     sent by the 'attacker'
             dig1 = md5(cookie|session_key_int);
             dig2 = md5(dig1|cookie|session_key_int);
             fake_session_key = dig1|dig2;
     this change is caused by a mail from anakin@pobox.com
     patch based on discussions with my german advisor niels@openbsd.org
   - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
     [readconf.c]
     look for id_rsa by default, before id_dsa
   - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
     [sshd_config]
     ssh2 rsa key before dsa key
   - markus@cvs.openbsd.org 2001/02/27 10:35:27
     [packet.c]
     fix random padding
   - markus@cvs.openbsd.org 2001/02/27 11:00:11
     [compat.c]
     support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
   - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
     [misc.c]
     pull in protos
   - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
     [sftp.c]
     do not kill the subprocess on termination (we will see if this helps
     things or hurts things)
   - markus@cvs.openbsd.org 2001/02/28 08:45:39
     [clientloop.c]
     fix byte counts for ssh protocol v1
   - markus@cvs.openbsd.org 2001/02/28 08:54:55
     [channels.c nchan.c nchan.h]
     make sure remote stderr does not get truncated.
     remove closed fd's from the select mask.
   - markus@cvs.openbsd.org 2001/02/28 09:57:07
     [packet.c packet.h sshconnect2.c]
     in ssh protocol v2 use ignore messages for padding (instead of
     trailing \0).
   - markus@cvs.openbsd.org 2001/02/28 12:55:07
     [channels.c]
     unify debug messages
   - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
     [misc.c]
     for completeness, copy pw_gecos too
   - markus@cvs.openbsd.org 2001/02/28 21:21:41
     [sshd.c]
     generate a fake session id, too
   - markus@cvs.openbsd.org 2001/02/28 21:27:48
     [channels.c packet.c packet.h serverloop.c]
     use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
     use random content in ignore messages.
   - markus@cvs.openbsd.org 2001/02/28 21:31:32
     [channels.c]
     typo
   - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
     [authfd.c]
     split line so that p will have an easier time next time around
   - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
     [ssh.c]
     shorten usage by a line
   - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
     [auth-rsa.c auth2.c deattack.c packet.c]
     KNF
   - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
     [cli.c cli.h rijndael.h ssh-keyscan.1]
     copyright notices on all source files
   - markus@cvs.openbsd.org 2001/03/01 22:46:37
     [ssh.c]
     don't truncate remote ssh-2 commands; from mkubita@securities.cz
     use min, not max for logging, fixes overflow.
   - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
     [sshd.8]
     explain SIGHUP better
   - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
     [sshd.8]
     doc the dsa/rsa key pair files
   - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
     [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
   - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
     [ssh-keyscan.c]
     standard theo sweep
   - millert@cvs.openbsd.org 2001/03/03 21:19:41
     [ssh-keyscan.c]
     Dynamically allocate read_wait and its copies.  Since maxfd is
     based on resource limits it is often (usually?) larger than FD_SETSIZE.
   - millert@cvs.openbsd.org 2001/03/03 21:40:30
     [sftp-server.c]
     Dynamically allocate fd_set; deraadt@ OK
   - millert@cvs.openbsd.org 2001/03/03 21:41:07
     [packet.c]
     Dynamically allocate fd_set; deraadt@ OK
   - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
     [sftp-server.c]
     KNF
   - markus@cvs.openbsd.org 2001/03/03 23:52:22
     [sftp.c]
     clean up arg processing. based on work by Christophe_Moret@hp.com
   - markus@cvs.openbsd.org 2001/03/03 23:59:34
     [log.c ssh.c]
     log*.c -> log.c
   - markus@cvs.openbsd.org 2001/03/04 00:03:59
     [channels.c]
     debug1->2
   - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
     [ssh.c]
     add -m to usage; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
     [sshd.8]
     small cleanup and clarify for PermitRootLogin; ok markus@
   - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
     [servconf.c sshd.8]
     kill obsolete RandomSeed; ok markus@ deraadt@
   - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
     [sshd.8]
     spelling
   - millert@cvs.openbsd.org 2001/03/04 17:42:28
     [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
   - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
     [sshd.8]
     list SSH2 ciphers
 - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
 - (bal) Fix up logging since it changed.  removed log-*.c
 - (djm) Fix up LOG_AUTHPRIV for systems that have it
 - (stevesk) OpenBSD sync:
   - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
     [ssh-keyscan.c]
     skip inlining, why bother
 - (stevesk) sftp.c: handle __progname

20010304
 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
 - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
   give Mark Roth credit for mdoc2man.pl

20010303
 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
 - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
 - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
   "--with-egd-pool" configure option with "--with-prngd-socket" and
   "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
This commit is contained in:
itojun 2001-03-22 08:49:28 +00:00
parent 8854d5fdc3
commit 0904d0520d
2 changed files with 4 additions and 4 deletions

View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.42 2001/03/11 20:42:28 tron Exp $
# $NetBSD: Makefile,v 1.43 2001/03/22 08:49:28 itojun Exp $
DISTNAME= openssh-2.5.1p2
DISTNAME= openssh-2.5.2p2
CATEGORIES= security
MASTER_SITES= ftp://gd.tuwien.ac.at/OpenBSD/OpenSSH/portable/ \
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \

View file

@ -1,3 +1,3 @@
$NetBSD: md5,v 1.12 2001/03/01 04:14:23 itojun Exp $
$NetBSD: md5,v 1.13 2001/03/22 08:49:29 itojun Exp $
MD5 (openssh-2.5.1p2.tar.gz) = e09e22ff91cbdf9fc52fdfb5c93e1849
SHA1 (openssh-2.5.2p2.tar.gz) = 64f1e350b435217aa55d0e97b4c7460145fd7090