20001106
- (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
- (djm) Manually fix up missed diff hunks (mainly RCS idents)
- (djm) Remove UPGRADING document in favour of a link to the better
maintained FAQ on www.openssh.com
- (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
<pekkas@netcore.fi>
- (djm) Don't need X11-askpass in RPM spec file if building without it
from Pekka Savola <pekkas@netcore.fi>
- (djm) Release 2.3.0p1
20001105
- (bal) Sync with OpenBSD:
- markus@cvs.openbsd.org 2000/10/31 9:31:58
[compat.c]
handle all old openssh versions
- markus@cvs.openbsd.org 2000/10/31 13:1853
[deattack.c]
so that large packets do not wrap "n"; from netbsd
- (bal) rijndel.c - fix up RCSID to match OpenBSD tree
- (bal) auth2-skey.c - Checked in. Missing from portable tree.
- (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
setsid() into more common files
- (stevesk) pty.c: use __hpux to identify HP-UX.
- (bal) Missed auth-skey.o in Makefile.in and minor correction to
bsd-waitpid.c
20001029
- (stevesk) Fix typo in auth.c: USE_PAM not PAM
- (stevesk) Create contrib/cygwin/ directory; patch from
Corinna Vinschen <vinschen@redhat.com>
- (bal) Resolved more $xno and $xyes issues in configure.in
- (bal) next-posix.h - spelling and forgot a prototype
20001028
- (djm) fix select hack in serverloop.c from Philippe WILLEM
<Philippe.WILLEM@urssaf.fr>
- (djm) Fix mangled AIXAUTHENTICATE code
- (djm) authctxt->pw may be NULL. Fix from Markus Friedl
<markus.friedl@informatik.uni-erlangen.de>
- (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org 2000/10/16 15:46:32
[ssh.1]
fixes from pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/10/17 14:28:11
[atomicio.c]
return number of characters processed; ok deraadt@
- markus@cvs.openbsd.org 2000/10/18 12:04:02
[atomicio.c]
undo
- markus@cvs.openbsd.org 2000/10/18 12:23:02
[scp.c]
replace atomicio(read,...) with read(); ok deraadt@
- markus@cvs.openbsd.org 2000/10/18 12:42:00
[session.c]
restore old record login behaviour
- deraadt@cvs.openbsd.org 2000/10/19 10:41:13
[auth-skey.c]
fmt string problem in unused code
- provos@cvs.openbsd.org 2000/10/19 10:45:16
[sshconnect2.c]
don't reference freed memory. okay deraadt@
- markus@cvs.openbsd.org 2000/10/21 11:04:23
[canohost.c]
typo, eramore@era-t.ericsson.se; ok niels@
- markus@cvs.openbsd.org 2000/10/23 13:31:55
[cipher.c]
non-alignment dependent swap_bytes(); from
simonb@wasabisystems.com/netbsd
- markus@cvs.openbsd.org 2000/10/26 12:38:28
[compat.c]
add older vandyke products
- markus@cvs.openbsd.org 2000/10/27 01:32:19
[channels.c channels.h clientloop.c serverloop.c session.c]
[ssh.c util.c]
enable non-blocking IO on channels, and tty's (except for the
client ttys).
20001027
- (djm) Increase REKEY_BYTES to 2^24 for arc4random
20001025
- (djm) Added WARNING.RNG file and modified configure to ask users of the
builtin entropy code to read it.
- (djm) Prefer builtin regex to PCRE.
- (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
- (bal) Apply fixes to configure.in pointed out by Pavel Roskin
<proski@gnu.org>
20001020
- (djm) Don't define _REENTRANT for SNI/Reliant Unix
- (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation
is more correct then current version.
20001018
- (stevesk) Add initial support for setproctitle(). Current
support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
- (stevesk) Add egd startup scripts to contrib/hpux/
20001017
- (djm) Add -lregex to cywin libs from Corinna Vinschen
<vinschen@cygnus.com>
- (djm) Don't rely on atomicio's retval to determine length of askpass
supplied passphrase. Problem report from Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (bal) Changed from GNU rx to PCRE on suggestion from djm.
- (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
<nakaji@tutrp.tut.ac.jp>
20001016
- (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org 2000/10/14 04:01:15
[cipher.c]
debug3
- markus@cvs.openbsd.org 2000/10/14 04:07:23
[scp.c]
remove spaces from arguments; from djm@mindrot.org
- markus@cvs.openbsd.org 2000/10/14 06:09:46
[ssh.1]
Cipher is for SSH-1 only
- markus@cvs.openbsd.org 2000/10/14 06:12:09
[servconf.c servconf.h serverloop.c session.c sshd.8]
AllowTcpForwarding; from naddy@
- markus@cvs.openbsd.org 2000/10/14 06:16:56
[auth2.c compat.c compat.h sshconnect2.c version.h]
OpenSSH_2.3; note that is is not complete, but the version number
needs to be changed for interoperability reasons
- markus@cvs.openbsd.org 2000/10/14 06:19:45
[auth-rsa.c]
do not send RSA challenge if key is not allowed by key-options; from
eivind@ThinkSec.com
- markus@cvs.openbsd.org 2000/10/15 08:14:01
[rijndael.c session.c]
typos; from stevesk@sweden.hp.com
- markus@cvs.openbsd.org 2000/10/15 08:18:31
[rijndael.c]
typo
- (djm) Copy manpages back over from OpenBSD - too tedious to wade
through diffs
- (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
<pekkas@netcore.fi>
- (djm) Update version in Redhat spec file
- (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
Redhat 7.0 spec file
- (djm) Make inability to read/write PRNG seedfile non-fatal
20001015
- (djm) Fix ssh2 hang on background processes at logout.
20001014
- (bal) Add support for realpath and getcwd for platforms with broken
or missing realpath implementations for sftp-server.
- (bal) Corrected mistake in INSTALL in regards to GNU rx library
- (bal) Add support for GNU rx library for those lacking regexp support
- (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
- (djm) Revert SSH2 serverloop hack, will find a better way.
- (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
from Martin Johansson <fatbob@acc.umu.se>
- (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/30 10:27:44
[log.c]
allow loglevel debug
- markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
hmac->mac
- markus@cvs.openbsd.org 2000/10/03 12:03:03
[auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
move fake-auth from auth1.c to individual auth methods, disables s/key in
debug-msg
- markus@cvs.openbsd.org 2000/10/03 12:16:48
ssh.c
do not resolve canonname, i have no idea why this was added oin ossh
- markus@cvs.openbsd.org 2000/10/09 15:30:44
ssh-keygen.1 ssh-keygen.c
-X now reads private ssh.com DSA keys, too.
- markus@cvs.openbsd.org 2000/10/09 15:32:34
auth-options.c
clear options on every call.
- markus@cvs.openbsd.org 2000/10/09 15:51:00
authfd.c authfd.h
interop with ssh-agent2, from <res@shore.net>
- markus@cvs.openbsd.org 2000/10/10 14:20:45
compat.c
use rexexp for version string matching
- provos@cvs.openbsd.org 2000/10/10 22:02:18
[kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
First rough implementation of the diffie-hellman group exchange. The
client can ask the server for bigger groups to perform the diffie-hellman
in, thus increasing the attack complexity when using ciphers with longer
keys. University of Windsor provided network, T the company.
- markus@cvs.openbsd.org 2000/10/11 13:59:52
[auth-rsa.c auth2.c]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:00:27
[auth-options.h]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:03:27
[scp.1 scp.c]
support 'scp -o' with help from mouring@pconline.com
- markus@cvs.openbsd.org 2000/10/11 14:11:35
[dh.c]
Wall
- markus@cvs.openbsd.org 2000/10/11 14:14:40
[auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
[ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
add support for s/key (kbd-interactive) to ssh2, based on work by
mkiernan@avantgo.com and me
- markus@cvs.openbsd.org 2000/10/11 14:27:24
[auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
[myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
[sshconnect2.c sshd.c]
new cipher framework
- markus@cvs.openbsd.org 2000/10/11 14:45:21
[cipher.c]
remove DES
- markus@cvs.openbsd.org 2000/10/12 03:59:20
[cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
enable DES in SSH-1 clients only
- markus@cvs.openbsd.org 2000/10/12 08:21:13
[kex.h packet.c]
remove unused
- markus@cvs.openbsd.org 2000/10/13 12:34:46
[sshd.c]
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- markus@cvs.openbsd.org 2000/10/13 12:59:15
[cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
rijndael/aes support
- markus@cvs.openbsd.org 2000/10/13 13:10:54
[sshd.8]
more info about -V
- markus@cvs.openbsd.org 2000/10/13 13:12:02
[myproposal.h]
prefer no compression
- (djm) Fix scp user@host handling
- (djm) Don't clobber ssh_prng_cmds on install
- (stevesk) Include config.h in rijndael.c so we define intXX_t and
u_intXX_t types on all platforms.
- (stevesk) rijndael.c: cleanup missing declaration warnings.
- (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
- (stevesk) Display correct path to ssh-askpass in configure output.
Report from Lutz Jaenicke.
20001007
- (stevesk) Print PAM return value in PAM log messages to aid
with debugging.
- (stevesk) Fix detection of pw_class struct member in configure;
patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
20001002
- (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
- (djm) Add host system and CC to end-of-configure report. Suggested by
Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
20000931
- (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
20000930
- (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
- (djm) Support in bsd-snprintf.c for long long conversions from
Ben Lindstrom <mouring@pconline.com>
- (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
- (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
very short lived X connections. Bug report from Tobias Oetiker
<oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
- (djm) Add recent InitScripts as a RPM dependancy for openssh-server
patch from Pekka Savola <pekkas@netcore.fi>
- (djm) Forgot to cvs add LICENSE file
- (djm) Add LICENSE to RPM spec files
- (djm) CVS OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/26 13:59:59
[clientloop.c]
use debug2
- markus@cvs.openbsd.org 2000/09/27 15:41:34
[auth2.c sshconnect2.c]
use key_type()
- markus@cvs.openbsd.org 2000/09/28 12:03:18
[channels.c]
debug -> debug2 cleanup
- (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
<Alain.St-Denis@ec.gc.ca>
- (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
Problem was caused by interrupted read in ssh-add. Report from Donald
J. Barry <don@astro.cornell.edu>
20000929
- (djm) Fix SSH2 not terminating until all background tasks done problem.
- (djm) Another off-by-one fix from Pavel Kankovsky
<peak@argo.troja.mff.cuni.cz>
- (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
tidy necessary differences. Use Markus' new debugN() in entropy.c
- (djm) Merged big SCO portability patch from Tim Rice
<tim@multitalents.net>
20000926
- (djm) Update X11-askpass to 1.0.2 in RPM spec file
- (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
- (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
20000924
- (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
- (djm) A bit more cleanup - created cygwin_util.h
- (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
<markm@swoon.net>
20000923
- (djm) Fix address logging in utmp from Kevin Steves
<stevesk@sweden.hp.com>
- (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
- (djm) Seperate tests for int64_t and u_int64_t types
- (djm) Tweak password expiry checking at suggestion of Kevin Steves
<stevesk@sweden.hp.com>
- (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
- (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
Michael Stone <mstone@cs.loyola.edu>
- (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org 2000/09/17 09:38:59
[sshconnect2.c sshd.c]
fix DEBUG_KEXDH
- markus@cvs.openbsd.org 2000/09/17 09:52:51
[sshconnect.c]
yes no; ok niels@
- markus@cvs.openbsd.org 2000/09/21 04:55:11
[sshd.8]
typo
- markus@cvs.openbsd.org 2000/09/21 05:03:54
[serverloop.c]
typo
- markus@cvs.openbsd.org 2000/09/21 05:11:42
scp.c
utime() to utimes(); mouring@pconline.com
- markus@cvs.openbsd.org 2000/09/21 05:25:08
sshconnect2.c
change login logic in ssh2, allows plugin of other auth methods
- markus@cvs.openbsd.org 2000/09/21 05:25:35
[auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
[serverloop.c]
add context to dispatch_run
- markus@cvs.openbsd.org 2000/09/21 05:07:52
authfd.c authfd.h ssh-agent.c
bug compat for old ssh.com software
20000920
- (djm) Fix bad path substitution. Report from Andrew Miner
<asminer@cs.iastate.edu>
20000916
- (djm) Fix SSL search order from Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
- (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
- (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
Patch from Larry Jones <larry.jones@sdrc.com>
- (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
password change patch.
- (djm) Bring licenses on my stuff in line with OpenBSD's
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk@sweden.hp.com>
- (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
- (djm) Re-enable int64_t types - we need them for sftp
- (djm) Use libexecdir from configure , rather than libexecdir/ssh
- (djm) Update Redhat SPEC file accordingly
- (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
- (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
- (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
<Dirk.DeWachter@rug.ac.be>
- (djm) Fixprogs and entropy list fixes from Larry Jones
<larry.jones@sdrc.com>
- (djm) Fix for SuSE spec file from Takashi YOSHIDA
<tyoshida@gemini.rc.kyushu-u.ac.jp>
- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
20000913
- (djm) Fix server not exiting with jobs in background.
20000905
- (djm) Import OpenBSD CVS changes
- markus@cvs.openbsd.org 2000/08/31 15:52:24
[Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
implement a SFTP server. interops with sftp2, scp2 and the windows
client from ssh.com
- markus@cvs.openbsd.org 2000/08/31 15:56:03
[README.openssh2]
sync
- markus@cvs.openbsd.org 2000/08/31 16:05:42
[session.c]
Wall
- markus@cvs.openbsd.org 2000/08/31 16:09:34
[authfd.c ssh-agent.c]
add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
- deraadt@cvs.openbsd.org 2000/09/01 09:25:13
[scp.1 scp.c]
cleanup and fix -S support; stevesk@sweden.hp.com
- markus@cvs.openbsd.org 2000/09/01 16:29:32
[sftp-server.c]
portability fixes
- markus@cvs.openbsd.org 2000/09/01 16:32:41
[sftp-server.c]
fix cast; mouring@pconline.com
- itojun@cvs.openbsd.org 2000/09/03 09:23:28
[ssh-add.1 ssh.1]
add missing .El against .Bl.
- markus@cvs.openbsd.org 2000/09/04 13:03:41
[session.c]
missing close; ok theo
- markus@cvs.openbsd.org 2000/09/04 13:07:21
[session.c]
fix get_last_login_time order; from andre@van-veen.de
- markus@cvs.openbsd.org 2000/09/04 13:10:09
[sftp-server.c]
more cast fixes; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/09/04 13:06:04
[session.c]
set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
- (djm) Cleanup after import. Fix sftp-server compilation, Makefile
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
20000903
- (djm) Fix Redhat init script
20000901
- (djm) Pick up Jim's new X11-askpass
- (djm) Release 2.2.0p1
how NetBSD's rc.d interprets script names. Also add REQUIRE and PROVIDE
sections to control scripts so they can be used directly in NetBSD's rc.d
system.
---
20000901
- (djm) Pick up Jim's new X11-askpass
- (djm) Release 2.2.0p1
20000831
- (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
<acox@cv.telegroup.com>
- (djm) Pick up new version (2.2.0) from OpenBSD CVS
20000830
- (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
- (djm) Periodically rekey arc4random
- (djm) Clean up diff against OpenBSD.
- (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
<stevesk@sweden.hp.com>
- (djm) Quieten the pam delete credentials error message
- (djm) Fix printing of $DISPLAY hack if set by system type. Report from
Kevin Steves <stevesk@sweden.hp.com>
- (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
- (djm) Fix doh in bsd-arc4random.c
20000829
- (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
Garrick James <garrick@james.net>
- (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
Bastian Trompetter <btrompetter@firemail.de>
- (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
- More OpenBSD updates:
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59
[scp.c]
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
- deraadt@cvs.openbsd.org 2000/08/25 10:10:06
[session.c]
Wall
- markus@cvs.openbsd.org 2000/08/26 04:33:43
[compat.c]
ssh.com-2.3.0
- markus@cvs.openbsd.org 2000/08/27 12:18:05
[compat.c]
compatibility with future ssh.com versions
- deraadt@cvs.openbsd.org 2000/08/27 21:50:55
[auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
print uid/gid as unsigned
- markus@cvs.openbsd.org 2000/08/28 13:51:00
[ssh.c]
enable -n and -f for ssh2
- markus@cvs.openbsd.org 2000/08/28 14:19:53
[ssh.c]
allow combination of -N and -f
- markus@cvs.openbsd.org 2000/08/28 14:20:56
[util.c]
util.c
- markus@cvs.openbsd.org 2000/08/28 14:22:02
[util.c]
undo
- markus@cvs.openbsd.org 2000/08/28 14:23:38
[util.c]
don't complain if setting NONBLOCK fails with ENODEV
20000823
- (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
Avoids "scp never exits" problem. Reports from Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
<kajiyama@grad.sccs.chukyo-u.ac.jp>
- (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- (djm) Add local version to version.h
- (djm) Don't reseed arc4random everytime it is used
- (djm) OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/08/18 20:07:23
[ssh.c]
accept remsh as a valid name as well; roman@buildpoint.com
- deraadt@cvs.openbsd.org 2000/08/18 20:17:13
[deattack.c crc32.c packet.c]
rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
libz crc32 function yet, because it has ugly "long"'s in it;
oneill@cs.sfu.ca
- deraadt@cvs.openbsd.org 2000/08/18 20:26:08
[scp.1 scp.c]
-S prog support; tv@debian.org
- deraadt@cvs.openbsd.org 2000/08/18 20:50:07
[scp.c]
knf
- deraadt@cvs.openbsd.org 2000/08/18 20:57:33
[log-client.c]
shorten
- markus@cvs.openbsd.org 2000/08/19 12:48:11
[channels.c channels.h clientloop.c ssh.c ssh.h]
support for ~. in ssh2
- deraadt@cvs.openbsd.org 2000/08/19 15:29:40
[crc32.h]
proper prototype
- markus@cvs.openbsd.org 2000/08/19 15:34:44
[authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
[ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
[fingerprint.c fingerprint.h]
add SSH2/DSA support to the agent and some other DSA related cleanups.
(note that we cannot talk to ssh.com's ssh2 agents)
- markus@cvs.openbsd.org 2000/08/19 15:55:52
[channels.c channels.h clientloop.c]
more ~ support for ssh2
- markus@cvs.openbsd.org 2000/08/19 16:21:19
[clientloop.c]
oops
- millert@cvs.openbsd.org 2000/08/20 12:25:53
[session.c]
We have to stash the result of get_remote_name_or_ip() before we
close our socket or getpeername() will get EBADF and the process
will exit. Only a problem for "UseLogin yes".
- millert@cvs.openbsd.org 2000/08/20 12:30:59
[session.c]
Only check /etc/nologin if "UseLogin no" since login(1) may have its
own policy on determining who is allowed to login when /etc/nologin
is present. Also use the _PATH_NOLOGIN define.
- millert@cvs.openbsd.org 2000/08/20 12:42:43
[auth1.c auth2.c session.c ssh.c]
Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.
- millert@cvs.openbsd.org 2000/08/21 10:23:31
[session.c]
Fix incorrect PATH setting; noted by Markus.
20000818
- (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org 2000/07/22 03:14:37
[servconf.c servconf.h sshd.8 sshd.c sshd_config]
random early drop; ok theo, niels
- deraadt@cvs.openbsd.org 2000/07/26 11:46:51
[ssh.1]
typo
- deraadt@cvs.openbsd.org 2000/08/01 11:46:11
[sshd.8]
many fixes from pepper@mail.reppep.com
- provos@cvs.openbsd.org 2000/08/01 13:01:42
[Makefile.in util.c aux.c]
rename aux.c to util.c to help with cygwin port
- deraadt@cvs.openbsd.org 2000/08/02 00:23:31
[authfd.c]
correct sun_len; Alexander@Leidinger.net
- provos@cvs.openbsd.org 2000/08/02 10:27:17
[readconf.c sshd.8]
disable kerberos authentication by default
- provos@cvs.openbsd.org 2000/08/02 11:27:05
[sshd.8 readconf.c auth-krb4.c]
disallow kerberos authentication if we can't verify the TGT; from
dugsong@
kerberos authentication is on by default only if you have a srvtab.
- markus@cvs.openbsd.org 2000/08/04 14:30:07
[auth.c]
unused
- markus@cvs.openbsd.org 2000/08/04 14:30:35
[sshd_config]
MaxStartups
- markus@cvs.openbsd.org 2000/08/15 13:20:46
[authfd.c]
cleanup; ok niels@
- markus@cvs.openbsd.org 2000/08/17 14:05:10
[session.c]
cleanup login(1)-like jobs, no duplicate utmp entries
- markus@cvs.openbsd.org 2000/08/17 14:06:34
[session.c sshd.8 sshd.c]
sshd -u len, similar to telnetd
- (djm) Lastlog was not getting closed after writing login entry
- (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
20000816
- (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
- (djm) Fix strerror replacement for old SunOS. Based on patch from
Charles Levert <charles@comm.polymtl.ca>
- (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
implementation.
- (djm) SUN_LEN macro for systems which lack it
20000815
- (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
- (djm) Avoid failures on Irix when ssh is not setuid. Fix from
Michael Stone <mstone@cs.loyola.edu>
- (djm) Don't seek in directory based lastlogs
- (djm) Fix --with-ipaddr-display configure option test. Patch from
Jarno Huuskonen <jhuuskon@messi.uku.fi>
- (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
20000813
- (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
20000809
- (djm) Define AIX hard limits if headers don't. Report from
Bill Painter <william.t.painter@lmco.com>
- (djm) utmp direct write & SunOS 4 patch from Charles Levert
<charles@comm.polymtl.ca>
20000808
- (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
time, spec file cleanup.
20000807
- (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
- (djm) Suppress error messages on channel close shutdown() failurs
works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
- (djm) Add some more entropy collection commands from Lutz Jaenicke
20000725
- (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
20000721
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/07/16 02:27:22
[authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c]
make ssh-add accept dsa keys (the agent does not)
- djm@cvs.openbsd.org 2000/07/17 19:25:02
[sshd.c]
Another closing of stdin; ok deraadt
- markus@cvs.openbsd.org 2000/07/19 18:33:12
[dsa.c]
missing free, reorder
- markus@cvs.openbsd.org 2000/07/20 16:23:14
[ssh-keygen.1]
document input and output files
20000720
- (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
20000716
- (djm) Release 2.1.1p4
-lcrypto NetBSD-1.5*
-lcrypto -lrsaref OpenSSL and USE_RSAREF2=NO
-lcrypto -lRSAglue -lrsaref OpenSSL and USE_RSAREF2=YES
and use the first set of libraries which work.
Closes the following PRs: 9820, 10268, 10681.
Package changes:
* Factor out common post-install code from PLIST and package Makefile
into files/INSTALL.
* Enhance files/sshd.sh to handle start/stop/restart/status.
* Check for usable installed version of OpenSSL. This bit possibly
closes the following PRs: 10404, 10501, 10593
Changes from 2.1.1p3:
* allow multiple whitespace but only one '=' between tokens
* close can fail on AFS
* allow leading whitespace in configuration files
* Always create ~/.ssh with mode 700
depend on openssl >= 0.9.5. see PR 10593.
--- 2.1.1p2 -> 2.1.1p3
20000712
- (djm) Remove -lresolve for Reliant Unix
- (djm) OpenBSD CVS Updates:
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34
[session.c sshd.c ]
make MaxStartups code still work with -d; djm
- deraadt@cvs.openbsd.org 2000/07/11 13:17:45
[readconf.c ssh_config]
disable FallBackToRsh by default
- (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
Ben Lindstrom <mouring@pconline.com>
- (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
spec file.
- (djm) Released 2.1.1p3
20000711
- (djm) Fixup for AIX getuserattr() support from Tom Bertelson
<tbert@abac.com>
- (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
- (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
<mouring@pconline.com>
- (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
from Jim Watt <jimw@peisj.pebio.com>
- (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
to compile on more platforms (incl NeXT).
- (djm) Added bsd-inet_aton and configure support for NeXT
- (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/06/26 03:22:29
[authfd.c]
cleanup, less cut&paste
- markus@cvs.openbsd.org 2000/06/26 15:59:19
[servconf.c servconf.h session.c sshd.8 sshd.c]
MaxStartups: limit number of unauthenticated connections, work by
theo and me
- deraadt@cvs.openbsd.org 2000/07/05 14:18:07
[session.c]
use no_x11_forwarding_flag correctly; provos ok
- provos@cvs.openbsd.org 2000/07/05 15:35:57
[sshd.c]
typo
- aaron@cvs.openbsd.org 2000/07/05 22:06:58
[scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
Insert more missing .El directives. Our troff really should identify
these and spit out a warning.
- todd@cvs.openbsd.org 2000/07/06 21:55:04
[auth-rsa.c auth2.c ssh-keygen.c]
clean code is good code
- deraadt@cvs.openbsd.org 2000/07/07 02:14:29
[serverloop.c]
sense of port forwarding flag test was backwards
- provos@cvs.openbsd.org 2000/07/08 17:17:31
[compat.c readconf.c]
replace strtok with strsep; from David Young <dyoung@onthejob.net>
- deraadt@cvs.openbsd.org 2000/07/08 19:21:15
[auth.h]
KNF
- ho@cvs.openbsd.org 2000/07/08 19:27:33
[compat.c readconf.c]
Better conditions for strsep() ending.
- ho@cvs.openbsd.org 2000/07/10 10:27:05
[readconf.c]
Get the correct message on errors. (niels@ ok)
- ho@cvs.openbsd.org 2000/07/10 10:30:25
[cipher.c kex.c servconf.c]
strtok() --> strsep(). (niels@ ok)
- (djm) Fix problem with debug mode and MaxStartups
- (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
builds)
- (djm) Add strsep function from OpenBSD libc for systems that lack it
20000709
- (djm) Only enable PAM_TTY kludge for Linux. Problem report from
Kevin Steves <stevesk@sweden.hp.com>
- (djm) Match prototype and function declaration for rresvport_af.
Problem report from Niklas Edmundsson <nikke@ing.umu.se>
- (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
- (djm) Replace ut_name with ut_user. Patch from Jim Watt
<jimw@peisj.pebio.com>
- (djm) Fix pam sprintf fix
- (djm) Cleanup entropy collection code a little more. Split initialisation
from seeding, perform intialisation immediatly at start, be careful with
uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
- (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
Including sigaction() et al. replacements
- (djm) AIX getuserattr() session initialisation from Tom Bertelson
<tbert@abac.com>
20000708
- (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
Aaron Hopkins <aaron@die.net>
- (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (djm) Fixed undefined variables for OSF SIA. Report from
Baars, Henk <Hendrik.Baars@nl.origin-it.com>
- (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
- (djm) Don't use inet_addr.
20000702
- (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
- (djm) Stop shadow expiry checking from preventing logins with NIS. Based
on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
Chris, the Young One <cky@pobox.com>
- (djm) Fix scp progress meter on really wide terminals. Based on patch
from James H. Cloos Jr. <cloos@jhcloos.com>
20000701
- (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
- (djm) Login fixes from Tom Bertelson <tbert@abac.com>
- (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
<vinschen@cygnus.com>
- (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
- (djm) Added check for broken snprintf() functions which do not correctly
terminate output string and attempt to use replacement.
- (djm) Released 2.1.1p2
--- recent changelogs
20000701
- (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
- (djm) Login fixes from Tom Bertelson <tbert@abac.com>
- (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
<vinschen@cygnus.com>
- (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
- (djm) Added check for broken snprintf() functions which do not correctly
terminate output string and attempt to use replacement.
- (djm) Released 2.1.1p2
20000628
- (djm) Fixes to lastlog code for Irix
- (djm) Use atomicio in loginrec
- (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
Irix 6.x array sessions, project id's, and system audit trail id.
- (djm) Added 'distprep' make target to simplify packaging
- (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
support. Enable using "USE_SIA=1 ./configure [options]"
20000627
- (djm) Fixes to login code - not setting li->uid, cleanups
- (djm) Formatting
20000626
- (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
- (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (djm) Fix fixed EGD code.
- OpenBSD CVS update
- provos@cvs.openbsd.org 2000/06/25 14:17:58
[channels.c]
correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
20000623
- (djm) Use sa_family_t in prototype for rresvport_af. Patch from
Svante Signell <svante.signell@telia.com>
- (djm) Autoconf logic to define sa_family_t if it is missing
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/22 10:32:27
[sshd.c]
missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
- djm@cvs.openbsd.org 2000/06/22 17:55:00
[auth-krb4.c key.c radix.c uuencode.c]
Missing CVS idents; ok markus
20000622
- (djm) Automatically generate host key during "make install". Suggested
by Gary E. Miller <gem@rellim.com>
- (djm) Paranoia before kill() system call
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
20000620
- (djm) Replace use of '-o' and '-a' logical operators in configure tests
with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx>
to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
- (djm) Typo in loginrec.c
20000618
- (djm) Add summary of configure options to end of ./configure run
- (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
Michael Stone <mstone@cs.loyola.edu>
- (djm) rusage is a privileged operation on some Unices (incl.
Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
- (djm) Avoid PAM failures when running without a TTY. Report from
Martin Petrak <petrak@spsknm.schools.sk>
- (djm) Include sys/types.h when including netinet/in.h in configure tests.
Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
- (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
- OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46
[channels.c]
everyone says "nix it" (remove protocol 2 debugging message)
- markus@cvs.openbsd.org 2000/06/17 13:24:34
[sshconnect.c]
allow extended server banners
- markus@cvs.openbsd.org 2000/06/17 14:30:10
[sshconnect.c]
missing atomicio, typo
- jakob@cvs.openbsd.org 2000/06/17 16:52:34
[servconf.c servconf.h session.c sshd.8 sshd_config]
add support for ssh v2 subsystems. ok markus@.
- deraadt@cvs.openbsd.org 2000/06/17 18:57:48
[readconf.c servconf.c]
include = in WHITESPACE; markus ok
- markus@cvs.openbsd.org 2000/06/17 19:09:10
[auth2.c]
implement bug compatibility with ssh-2.0.13 pubkey, server side
- markus@cvs.openbsd.org 2000/06/17 21:00:28
[compat.c]
initial support for ssh.com's 2.2.0
- markus@cvs.openbsd.org 2000/06/17 21:16:09
[scp.c]
typo
- markus@cvs.openbsd.org 2000/06/17 22:05:02
[auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
split auth-rsa option parsing into auth-options
add options support to authorized_keys2
- markus@cvs.openbsd.org 2000/06/17 22:42:54
[session.c]
typo
20000613
- (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
- Platform define for SCO 3.x which breaks on /dev/ptmx
- Detect and try to fix missing MAXPATHLEN
- (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
<P.S.S.Camp@ukc.ac.uk>
20000612
- (djm) Glob manpages in RPM spec files to catch compressed files
- (djm) Full license in auth-pam.c
- (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
- (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
- Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
def'd
- Set AIX to use preformatted manpages
20000610
- (djm) Minor doc tweaks
- (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
20000609
- (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
(in favour of utmpx) on Solaris 8
20000606
- (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
list of commands (by default). Removed verbose debugging (by default).
- (djm) Increased command entropy estimates and default entropy collection
timeout
- (djm) Remove duplicate headers from loginrec.c
- (djm) Don't add /usr/local/lib to library search path on Irix
- (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
- (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
<zack@wolery.cumb.org>
- (djm) OpenBSD CVS updates:
- todd@cvs.openbsd.org
[sshconnect2.c]
teach protocol v2 to count login failures properly and also enable an
explanation of why the password prompt comes up again like v1; this is NOT
crypto
- markus@cvs.openbsd.org
[readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
xauth_location support; pr 1234
[readconf.c sshconnect2.c]
typo, unused
[session.c]
allow use_login only for login sessions, otherwise remote commands are
execed with uid==0
[sshd.8]
document UseLogin better
[version.h]
OpenSSH 2.1.1
[auth-rsa.c]
fix match_hostname() logic for auth-rsa: deny access if we have a
negative match or no match at all
[channels.c hostfile.c match.c]
don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
kris@FreeBSD.org
--- changelog from 2.1.0p3:
20000609
- (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
(in favour of utmpx) on Solaris 8
20000606
- (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
list of commands (by default). Removed verbose debugging (by default).
- (djm) Increased command entropy estimates and default entropy collection
timeout
- (djm) Remove duplicate headers from loginrec.c
- (djm) Don't add /usr/local/lib to library search path on Irix
- (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
- (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
<zack@wolery.cumb.org>
- (djm) OpenBSD CVS updates:
- todd@cvs.openbsd.org
[sshconnect2.c]
teach protocol v2 to count login failures properly and also enable an
explanation of why the password prompt comes up again like v1; this is NOT
crypto
- markus@cvs.openbsd.org
[readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
xauth_location support; pr 1234
[readconf.c sshconnect2.c]
typo, unused
[session.c]
allow use_login only for login sessions, otherwise remote commands are
execed with uid==0
[sshd.8]
document UseLogin better
[version.h]
OpenSSH 2.1.1
[auth-rsa.c]
fix match_hostname() logic for auth-rsa: deny access if we have a
negative match or no match at all
[channels.c hostfile.c match.c]
don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
kris@FreeBSD.org
20000606
- (djm) Added --with-cflags, --with-ldflags and --with-libs options to
configure.
20000604
- Configure tweaking for new login code on Irix 5.3
- (andre) login code changes based on djm feedback
20000603
- (andre) New login code
- Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
- Add loginrec.[ch], logintest.c and autoconf code
20000531
- Cleanup of auth.c, login.c and fake-*
- Cleanup of auth-pam.c, save and print "account expired" error messages
- Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
- Rewrote bsd-login to use proper utmp API if available. Major cleanup
of fallback DIY code.
the reason of failure: openssh configure.in tries to include specwise
incorrect header (netinet/in6.h), and checks for function availablility
with too high warning level.
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
itojun
jlam
elric
fredb
hubertf
christos