when X11 forwarding = yes.
20010617
- (djm) Pull in small fix from -CURRENT for session.c:
typo, use pid not s->pid, mstone@cs.loyola.edu
20010615
- (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
around grantpt().
20010614
- (bal) Applied X11 Cookie Patch. X11 Cookie behavior has changed to
no longer use /tmp/ssh-XXXXX/
20010528
- (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
Patch by Corinna Vinschen <vinschen@redhat.com>
20010512
- (bal) Patch to partial sync up contrib/solaris/ packaging software.
Patch by pete <ninjaz@webexpress.com>
20010509
- (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
<wayne@blorf.net>
- (bal) ./configure support to disable SIA on OSF1. Patch by
Chris Adams <cmadams@hiwaay.net>
- (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
<nakaji@tutrp.tut.ac.jp>
20010508
- (bal) Fixed configure test for USE_SIA.
20010506
- (djm) Update config.guess and config.sub with latest versions (from
ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
Suggested by Jason Mader <jason@ncac.gwu.edu>
20010504
- (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
- (bal) Avoid socket file security issues in ssh-agent for Cygwin.
Patch by Egor Duda <deo@logos-m.ru>
20010430
- (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
- (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
- various bugfixes
- fixed fd leak in KB and session saving
- possibly fixed connections problems between the client and
the server
- updated config.guess and config.sub
- many new plugins
key changes since 20010403:
- be more picky about isakmpd.policy permission
- debug: dump decoded IKE packets in pcap(3) format
- cert improvements
- RFC2367 compliance
- bug fixes: correct SA refcnt, memory alloc and doc fixes
linked from a particular package, and add a pre-configure target to
the buildlink.mk file to more painlessly use buildlink.mk files. A
${BUILDLINK_TARGETS} variable still exists in case a package _must_
define NO_CONFIGURE.
* Use NetBSD's getpass() function instead of the homegrown one, as the
homegrown one doesn't seem to hide the password when it is being entered.
* Add a rc.d style script to start cfsd, and also install the documentation
for the filesystem.
* Rename c* commands to cfs_* to avoid conflicts with coda programs with
a similar name.
homegrown one doesn't seem to hide the password when it is being entered.
* Add a rc.d style script to start cfsd, and also install the documentation
for the filesystem.
* Rename c* commands to cfs_* to avoid conflicts with coda programs with
a similar name.
CFS pushes encryption services into the UN*X file system. It supports
secure storage at the system level through a standard UN*X file system
interface to encrypted files. Users associate a cryptographic key with the
directories they wish to protect. Files in these directories (as well as
their pathname components) are transparently encrypted and decrypted with
the specified key without further user intervention; cleartext is never
stored on a disk or sent to a remote file server. CFS employs a novel
combination of DES stream and codebook cipher modes to provide high
security with good performance on a modern workstation. CFS can use any
available file system for its underlying storage without modification,
including remote file servers such as NFS. System management functions,
such as file backup, work in a normal manner and without knowledge of the
key.
packages collection.
CFS is an encrypting file system for Unix-like OSs. It uses NFS as
its interface, and so is reasonably portable. The FS code dates back
to 1989, and the crypto to 1992, so it is showing signs of age. This
code should be regarded as completely unsupported; a complete rewrite
will follow eventually.
Please don't download this code if you're in a place that's forbidden
(under US or local law) to export cryptographic software from the US
to, or if you're on the State Department's "Denied Persons List." If
you aren't sure, ask a good lawyer.
Changes:
Fixed a format string bug which is exploitable if --batch is not used.
Checked all translations for format strings bugs.
Removed the Russian translation due to too many bugs.
Fixed keyserver access and expire time calculation.
0.11 2001/05/20
* Defining line_not_blank().
Stefan H. Holek <stefan@epy.co.at>
* Enhancing Public_Key_Encrypted_Session_Key_Packet().
Stefan H. Holek <stefan@epy.co.at>
Brian M. Carlson <karlsson@hal-pc.org>
0.10 2001/05/08
* Fixing key_server_preferences().
* Fixing signature_multi_precision_integer().
0.09 2001/05/05
* Implementing additional_decryption_key() like revocation_key().
Stefan H. Holek <stefan@epy.co.at>
Important Changes:
==================
WARNING: SSH protocol v2 is now the default protocol version
use the 'Protocol' option from ssh(1) and sshd(8) if
you want to change this.
SSH protocol v2 implementation adds support for:
HostbasedAuthentication, similar to RhostsRSA in SSH protocol
v1
Rekeying (negotiate new encryption keys for the current SSH
session, try ~R in interactive SSH sessions)
updated DH group exchange:
draft-ietf-secsh-dh-group-exchange-01.txt
client option HostKeyAlgorithms
server options ClientAliveInterval and ClientAliveCountMax
tty mode passing
general:
gid swapping in sshd (fixes access to /home/group/user based
directory structures)
Dan Kaminsky <dankamin@cisco.com> contributed an experimental
SOCKS4 proxy to the ssh client (yes, client not the server).
Use 'ssh -D 1080 server' if you want to try this out.
server option PrintLastLog
improvements for scp > 2GB
improved ListenAddress option.
You can now use ListenAddress host:port
improved interoperability (bug detection for older implementations)
improved documentation
Some pkg related changes by me.
Changes since 1.0.4:
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores
signed material given on stdin unless this is requested by using
a "-" as the name for the file with the signed material. Please
check all your detached signature handling applications and make
sure that they don't pipe the signed material to stdin without
using a filename together with "-" on the the command line.
* WARNING: Corrected hash calculation for input data larger than
512M - it was just wrong, so you might notice bad signature in
some very big files. It may be wise to keep an old copy of
GnuPG around.
* Secret keys are no longer imported unless you use the new option
--allow-secret-key-import. This is a kludge and future versions will
handle it in another way.
* New command "showpref" in the --edit-key menu to show an easier
to understand preference listing.
* There is now the notation of a primary user ID. For example, it
is printed with a signature verification as the first user ID;
revoked user IDs are not printed there anymore. In general the
primary user ID is the one with the latest self-signature.
* New --charset=utf-8 to bypass all internal conversions.
* Large File Support (LFS) is now working.
* New options: --ignore-crc-error, --no-sig-create-check,
--no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks,
--enable-special-filenames and --use-agent. See man page.
* New command --pipemode, which can be used to run gpg as a
co-process. Currently only the verification of detached
signatures are working. See doc/DETAILS.
* Rewritten key selection code so that GnuPG can better cope with
multiple subkeys, expire dates and so. The drawback is that it
is slower.
* A whole lot of bug fixes.
* The verification status of self-signatures are now cached. To
increase the speed of key list operations for existing keys you
can do the following in your GnuPG homedir (~/.gnupg):
$ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \
rm pubring.gpg && gpg --import x
Only v4 keys (i.e not the old RSA keys) benefit from this caching.
* New translations: Estonian, Turkish.
