765 lines
31 KiB
Plaintext
765 lines
31 KiB
Plaintext
20030802
|
|
- (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/07/22 13:35:22
|
|
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
|
|
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
|
|
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
|
|
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
|
|
test+ok henning@
|
|
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
|
|
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/07/23 07:42:43
|
|
[sshd_config]
|
|
remove AFS; itojun@
|
|
- djm@cvs.openbsd.org 2003/07/28 09:49:56
|
|
[ssh-keygen.1 ssh-keygen.c]
|
|
Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
|
|
Based on code from Phil Karn, William Allen Simpson and Niels Provos.
|
|
ok markus@, thanks jmc@
|
|
- markus@cvs.openbsd.org 2003/07/29 18:24:00
|
|
[LICENCE progressmeter.c]
|
|
replace 4 clause BSD licensed progressmeter code with a replacement
|
|
from Nils Nordman and myself; ok deraadt@
|
|
(copied from OpenBSD an re-applied portable changes)
|
|
|
|
20030730
|
|
- (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
|
|
|
|
20030726
|
|
- (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW ->
|
|
DISABLE_SHADOW. Fixes HP-UX compile error.
|
|
|
|
20030724
|
|
- (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
|
|
openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
|
|
and isolate shadow password functions. Tested in Solaris, but should
|
|
not break other platforms too badly (except maybe HP =). Also brings
|
|
auth-passwd.c into full sync with OpenBSD tree.
|
|
|
|
20030723
|
|
- (dtucker) [configure.ac] Back out change for bug #620.
|
|
|
|
20030719
|
|
- (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for
|
|
Solaris/x86. Patch from jrhett at isite.net.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/07/14 12:36:37
|
|
[sshd.c]
|
|
remove undocumented -V option. would be only useful if openssh is used
|
|
as ssh v1 server for ssh.com's ssh v2.
|
|
- markus@cvs.openbsd.org 2003/07/16 10:34:53
|
|
[ssh.c sshd.c]
|
|
don't exit on multiple -v or -d; ok deraadt@
|
|
- markus@cvs.openbsd.org 2003/07/16 10:36:28
|
|
[sshtty.c]
|
|
clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@
|
|
- deraadt@cvs.openbsd.org 2003/07/18 01:54:25
|
|
[scp.c]
|
|
userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
|
- djm@cvs.openbsd.org 2003/07/19 00:45:53
|
|
[sftp-int.c]
|
|
fix sftp filename parsing for arguments with escaped quotes. bz #517;
|
|
ok markus
|
|
- djm@cvs.openbsd.org 2003/07/19 00:46:31
|
|
[regress/sftp-cmds.sh]
|
|
regress test for sftp arguments with escaped quotes; ok markus
|
|
|
|
20030714
|
|
- (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
|
|
loginfailed at all, so assume 3-arg loginfailed if not declared.
|
|
- (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
|
|
undef'ing it.
|
|
- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
|
|
Call setauthdb() before loginfailed(), which may load password registry-
|
|
specific functions. Based on patch by cawlfiel at us.ibm.com.
|
|
- (dtucker) [port-aix.h] Fix prototypes.
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- avsm@cvs.openbsd.org 2003/07/09 13:58:19
|
|
[key.c]
|
|
minor tweak: when generating the hex fingerprint, give strlcat the full
|
|
bound to the buffer, and add a comment below explaining why the
|
|
zero-termination is one less than the bound. markus@ ok
|
|
- markus@cvs.openbsd.org 2003/07/10 14:42:28
|
|
[packet.c]
|
|
the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
|
|
blowfish, etc, so enforce a 1GB limit for small blocksizes.
|
|
- markus@cvs.openbsd.org 2003/07/10 20:05:55
|
|
[sftp.c]
|
|
sync usage with manpage, add missing -R
|
|
|
|
20030708
|
|
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
|
|
Include AIX headers for authentication functions and make calls match
|
|
prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed.
|
|
- (dtucker) [session.c] Check return value of setpcred().
|
|
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
|
|
Convert aixloginmsg into platform-independant Buffer loginmsg.
|
|
|
|
20030707
|
|
- (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
|
|
searching libraries for it. Fixes build errors on NCR MP-RAS.
|
|
|
|
20030706
|
|
- (dtucker) [ssh-rand-helper.c loginrec.c]
|
|
Apply atomicio typing change to these too.
|
|
|
|
20030703
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/06/28 07:48:10
|
|
[sshd.c]
|
|
report pidfile creation errors, based on patch from Roumen Petrov;
|
|
ok markus@
|
|
- deraadt@cvs.openbsd.org 2003/06/28 16:23:06
|
|
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
|
|
progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
|
|
sshd.c]
|
|
deal with typing of write vs read in atomicio
|
|
- markus@cvs.openbsd.org 2003/06/29 12:44:38
|
|
[sshconnect.c]
|
|
memset 0, not \0; andrushock@korovino.net
|
|
- markus@cvs.openbsd.org 2003/07/02 12:56:34
|
|
[channels.c]
|
|
deny dynamic forwarding with -R for v1, too; ok djm@
|
|
- markus@cvs.openbsd.org 2003/07/02 14:51:16
|
|
[channels.c ssh.1 ssh_config.5]
|
|
(re)add socks5 suppport to -D; ok djm@
|
|
now ssh(1) can act both as a socks 4 and socks 5 server and
|
|
dynamically forward ports.
|
|
- markus@cvs.openbsd.org 2003/07/02 20:37:48
|
|
[ssh.c]
|
|
convert hostkeyalias to lowercase, otherwise uppercase aliases will
|
|
not match at all; ok henning@
|
|
- markus@cvs.openbsd.org 2003/07/03 08:21:46
|
|
[regress/dynamic-forward.sh]
|
|
add socks5; speedup; reformat; based on patch from dtucker@zip.com.au
|
|
- markus@cvs.openbsd.org 2003/07/03 08:24:13
|
|
[regress/Makefile]
|
|
enable tests for dynamic fwd via socks (-D), uses nc(1)
|
|
- djm@cvs.openbsd.org 2003/07/03 08:09:06
|
|
[readconf.c readconf.h ssh-keysign.c ssh.c]
|
|
fix AddressFamily option in config file, from brent@graveland.net;
|
|
ok markus@
|
|
|
|
20030630
|
|
- (djm) Search for support functions necessary to build our
|
|
getrrsetbyname() replacement. Patch from Roumen Petrov
|
|
|
|
20030629
|
|
- (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h
|
|
(fixes compiler warnings on Solaris 2.5.1).
|
|
- (dtucker) [configure.ac] Add sanity test after system-dependant compiler
|
|
flag modifications.
|
|
|
|
20030628
|
|
- (djm) Bug #591: use PKCS#15 private key label as a comment in case
|
|
of OpenSC. Report and patch from larsch@trustcenter.de
|
|
- (djm) Bug #593: Sanity check OpenSC card reader number; patch from
|
|
aj@dungeon.inka.de
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/06/23 09:02:44
|
|
[ssh_config.5]
|
|
document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
|
|
- markus@cvs.openbsd.org 2003/06/24 08:23:46
|
|
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
|
|
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
|
|
int -> u_int; ok djm@, deraadt@, mouring@
|
|
- miod@cvs.openbsd.org 2003/06/25 22:39:36
|
|
[sftp-server.c]
|
|
Typo police: attribute is better written with an 'r'.
|
|
- markus@cvs.openbsd.org 2003/06/26 20:08:33
|
|
[readconf.c]
|
|
do not dump core for 'ssh -o proxycommand host'; ok deraadt@
|
|
- (dtucker) [regress/dynamic-forward.sh] Import new regression test.
|
|
- (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE
|
|
actually enable the feature, for those normally disabled. Patch by
|
|
openssh (at) roumenpetrov.info.
|
|
|
|
20030624
|
|
- (dtucker) Have configure refer the user to config.log and
|
|
contrib/findssl.sh for OpenSSL header/library mismatches.
|
|
|
|
20030622
|
|
- (dtucker) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/06/21 09:14:05
|
|
[regress/reconfigure.sh]
|
|
missing $SUDO; from dtucker@zip.com.au
|
|
- markus@cvs.openbsd.org 2003/06/18 11:28:11
|
|
[ssh-rsa.c]
|
|
backout last change, since it violates pkcs#1
|
|
switch to share/misc/license.template
|
|
- djm@cvs.openbsd.org 2003/06/20 05:47:58
|
|
[sshd_config.5]
|
|
sync description of protocol 2 cipher proposal; ok markus
|
|
- djm@cvs.openbsd.org 2003/06/20 05:48:21
|
|
[sshd_config]
|
|
sync some implemented options; ok markus@
|
|
- (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS.
|
|
- (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before
|
|
testing its value.
|
|
|
|
20030618
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/06/12 07:57:38
|
|
[monitor.c sshlogin.c sshpty.c]
|
|
typos; dtucker at zip.com.au
|
|
- djm@cvs.openbsd.org 2003/06/12 12:22:47
|
|
[LICENCE]
|
|
mention more copyright holders; ok markus@
|
|
- nino@cvs.openbsd.org 2003/06/12 15:34:09
|
|
[scp.c]
|
|
Typo. Ok markus@.
|
|
- markus@cvs.openbsd.org 2003/06/12 19:12:03
|
|
[scard.c scard.h ssh-agent.c ssh.c]
|
|
add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
|
|
- markus@cvs.openbsd.org 2003/06/16 08:22:35
|
|
[ssh-rsa.c]
|
|
make sure the signature has at least the expected length (don't
|
|
insist on len == hlen + oidlen, since this breaks some smartcards)
|
|
bugzilla #592; ok djm@
|
|
- markus@cvs.openbsd.org 2003/06/16 10:22:45
|
|
[ssh-add.c]
|
|
print out key comment on each prompt; make ssh-askpass more useable; ok djm@
|
|
- markus@cvs.openbsd.org 2003/06/17 18:14:23
|
|
[cipher-ctr.c]
|
|
use license from /usr/share/misc/license.template for new code
|
|
- (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh]
|
|
Import new regression tests from OpenBSD
|
|
- (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS.
|
|
- (dtucker) OpenBSD CVS Sync (regress/)
|
|
- markus@cvs.openbsd.org 2003/04/02 12:21:13
|
|
[Makefile]
|
|
enable rekey test
|
|
- djm@cvs.openbsd.org 2003/04/04 09:34:22
|
|
[Makefile sftp-cmds.sh]
|
|
More regression tests, including recent directory rename bug; ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/14 22:08:27
|
|
[ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh]
|
|
test against some new commerical versions
|
|
- mouring@cvs.openbsd.org 2003/05/15 04:07:12
|
|
[sftp-cmds.sh]
|
|
Advanced put/get testing for sftp. OK @djm
|
|
- markus@cvs.openbsd.org 2003/06/12 15:40:01
|
|
[try-ciphers.sh]
|
|
add ctr
|
|
- markus@cvs.openbsd.org 2003/06/12 15:43:32
|
|
[Makefile]
|
|
test -HUP; dtucker at zip.com.au
|
|
|
|
20030614
|
|
- (djm) Update license on fake-rfc2553.[ch]; ok itojun@
|
|
|
|
20030611
|
|
- (djm) Mention portable copyright holders in LICENSE
|
|
- (djm) Put licenses on substantial header files
|
|
- (djm) Sync LICENSE against OpenBSD
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/06/10 09:12:11
|
|
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
|
|
[sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
|
|
- section reorder
|
|
- COMPATIBILITY merge
|
|
- macro cleanup
|
|
- kill whitespace at EOL
|
|
- new sentence, new line
|
|
ssh pages ok markus@
|
|
- deraadt@cvs.openbsd.org 2003/06/10 22:20:52
|
|
[packet.c progressmeter.c]
|
|
mostly ansi cleanup; pval ok
|
|
- jakob@cvs.openbsd.org 2003/06/11 10:16:16
|
|
[sshconnect.c]
|
|
clean up check_host_key() and improve SSHFP feedback. ok markus@
|
|
- jakob@cvs.openbsd.org 2003/06/11 10:18:47
|
|
[dns.c]
|
|
sync with check_host_key() change
|
|
- djm@cvs.openbsd.org 2003/06/11 11:18:38
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c]
|
|
make agent constraints (lifetime, confirm) work with smartcard keys;
|
|
ok markus@
|
|
|
|
|
|
20030609
|
|
- (djm) Sync README.smartcard with OpenBSD -current
|
|
- (djm) Re-merge OpenSC info into README.smartcard
|
|
|
|
20030606
|
|
- (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
|
|
|
|
20030605
|
|
- (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
|
|
canohost.c changes.
|
|
- (djm) Implement paranoid priv dropping checks, based on:
|
|
"SetUID demystified" - Hao Chen, David Wagner and Drew Dean
|
|
Proceedings of USENIX Security Symposium 2002
|
|
- (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
|
|
- (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
|
|
- (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
|
|
Patch from larsch@trustcenter.de
|
|
- (djm) Bug #589 - scard-opensc: load only keys with a private keys
|
|
Patch from larsch@trustcenter.de
|
|
- (dtucker) Add includes.h to fake-rfc2553.c so it will build.
|
|
- (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c).
|
|
|
|
20030604
|
|
- (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
|
|
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
|
|
- (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
|
|
Patch from larsch@trustcenter.de; ok markus@
|
|
- (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from
|
|
larsch@trustcenter.de; ok markus@
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/06/04 08:25:18
|
|
[sshconnect.c]
|
|
disable challenge/response and keyboard-interactive auth methods
|
|
upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
|
|
bz #580; ok markus@
|
|
- djm@cvs.openbsd.org 2003/06/04 10:23:48
|
|
[sshd.c]
|
|
remove duplicated group-dropping code; ok markus@
|
|
- djm@cvs.openbsd.org 2003/06/04 12:03:59
|
|
[serverloop.c]
|
|
remove bitrotten commet; ok markus@
|
|
- djm@cvs.openbsd.org 2003/06/04 12:18:49
|
|
[scp.c]
|
|
ansify; ok markus@
|
|
- djm@cvs.openbsd.org 2003/06/04 12:40:39
|
|
[scp.c]
|
|
kill ssh process upon receipt of signal, bz #241.
|
|
based on patch from esb AT hawaii.edu; ok markus@
|
|
- djm@cvs.openbsd.org 2003/06/04 12:41:22
|
|
[sftp.c]
|
|
kill ssh process on receipt of signal; ok markus@
|
|
- (djm) Update to fix of bug #584: lock card before return.
|
|
From larsch@trustcenter.de
|
|
- (djm) Always use mysignal() for SIGALRM
|
|
|
|
20030603
|
|
- (djm) Replace setproctitle replacement with code derived from
|
|
UCB sendmail
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/06/02 09:17:34
|
|
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
|
|
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
|
|
[sshd_config.5]
|
|
deprecate VerifyReverseMapping since it's dangerous if combined
|
|
with IP based access control as noted by Mike Harding; replace with
|
|
a UseDNS option, UseDNS is on by default and includes the
|
|
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
|
|
ok deraadt@, djm@
|
|
- millert@cvs.openbsd.org 2003/06/03 02:56:16
|
|
[scp.c]
|
|
Remove the advertising clause in the UCB license which Berkeley
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
- (djm) Fix portable-specific uses of verify_reverse_mapping too
|
|
- (djm) Sync openbsd-compat with OpenBSD CVS.
|
|
- No more 4-term BSD licenses in linked code
|
|
- (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
|
|
|
|
20030602
|
|
- (djm) Fix segv from bad reordering in auth-pam.c
|
|
- (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
|
|
clobber
|
|
- (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
|
|
CVS ID.
|
|
- (djm) Remove "noip6" option from RedHat spec file. This may now be
|
|
set at runtime using AddressFamily option.
|
|
- (djm) Fix use of macro before #define in cipher-aes.c
|
|
- (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/26 12:54:40
|
|
[sshconnect.c]
|
|
fix format strings; ok markus@
|
|
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
|
|
[sshd.c uidswap.c]
|
|
seteuid and setegid; markus ok
|
|
- jakob@cvs.openbsd.org 2003/06/02 08:31:10
|
|
[ssh_config.5]
|
|
VerifyHostKeyDNS is v2 only. ok markus@
|
|
|
|
20030530
|
|
- (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
|
|
roumenpetrov.info
|
|
- (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
|
|
|
|
20030526
|
|
- (djm) Avoid auth2-chall.c warning when compiling without
|
|
PAM, BSD_AUTH and SKEY
|
|
|
|
20030525
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/24 09:02:22
|
|
[log.c]
|
|
pass logged data through strnvis; ok markus
|
|
- djm@cvs.openbsd.org 2003/05/24 09:30:40
|
|
[authfile.c monitor.c sftp-common.c sshpty.c]
|
|
cast some types for printing; ok markus@
|
|
|
|
20030524
|
|
- (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
|
|
|
|
20030523
|
|
- (djm) Use VIS_SAFE on logged strings rather than default strnvis
|
|
encoding (which encodes many more characters)
|
|
- OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/05/20 12:03:35
|
|
[sftp.1]
|
|
- new sentence, new line
|
|
- added .Xr's
|
|
- typos
|
|
ok djm@
|
|
- jmc@cvs.openbsd.org 2003/05/20 12:09:31
|
|
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
|
|
new sentence, new line
|
|
- djm@cvs.openbsd.org 2003/05/23 08:29:30
|
|
[sshconnect.c]
|
|
fix leak; ok markus@
|
|
|
|
20030520
|
|
- (djm) OpenBSD CVS Sync
|
|
- deraadt@cvs.openbsd.org 2003/05/18 23:22:01
|
|
[log.c]
|
|
use syslog_r() in a signal handler called place; markus ok
|
|
- (djm) Configure logic to detect syslog_r and friends
|
|
|
|
20030519
|
|
- (djm) Sync auth-pam.h with what we actually implement
|
|
|
|
20030518
|
|
- (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
|
|
recent merge
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/16 03:27:12
|
|
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
|
|
add AddressFamily option to ssh_config (like -4, -6 on commandline).
|
|
Portable bug #534; ok markus@
|
|
- itojun@cvs.openbsd.org 2003/05/17 03:25:58
|
|
[auth-rhosts.c]
|
|
just in case, put numbers to sscanf %s arg.
|
|
- markus@cvs.openbsd.org 2003/05/17 04:27:52
|
|
[cipher.c cipher-ctr.c myproposal.h]
|
|
experimental support for aes-ctr modes from
|
|
http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
|
|
ok djm@
|
|
- (djm) Remove IPv4 by default hack now that we can specify AF in config
|
|
- (djm) Tidy and trim TODO
|
|
- (djm) Sync openbsd-compat/ with OpenBSD CVS head
|
|
- (djm) Big KNF on openbsd-compat/
|
|
- (djm) KNF on md5crypt.[ch]
|
|
- (djm) KNF on auth-sia.[ch]
|
|
|
|
20030517
|
|
- (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
|
|
|
|
20030516
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/05/15 13:52:10
|
|
[ssh.c]
|
|
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
|
|
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
|
|
- jakob@cvs.openbsd.org 2003/05/15 14:02:47
|
|
[readconf.c servconf.c]
|
|
warn for unsupported config option. ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/15 14:09:21
|
|
[auth2-krb5.c]
|
|
fix 64bit issue; report itojun@
|
|
- djm@cvs.openbsd.org 2003/05/15 14:55:25
|
|
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
|
|
add a ConnectTimeout option to ssh, based on patch from
|
|
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
|
|
- (djm) Add warning for UsePAM when built without PAM support
|
|
- (djm) A few type mismatch fixes from Bug #565
|
|
- (djm) Guard free_pam_environment against NULL argument. Works around
|
|
HP/UX PAM problems debugged by dtucker
|
|
|
|
20030515
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/05/14 13:11:56
|
|
[ssh-agent.1]
|
|
setup -> set up;
|
|
from wiz@netbsd
|
|
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
|
|
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
|
|
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
|
|
add experimental support for verifying hos keys using DNS as described
|
|
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
|
|
ok markus@ and henning@
|
|
- markus@cvs.openbsd.org 2003/05/14 22:24:42
|
|
[clientloop.c session.c ssh.1]
|
|
allow to send a BREAK to the remote system; ok various
|
|
- markus@cvs.openbsd.org 2003/05/15 00:28:28
|
|
[sshconnect2.c]
|
|
cleanup unregister of per-method packet handlers; ok djm@
|
|
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
|
|
[readconf.c readconf.h servconf.c servconf.h]
|
|
always parse kerberos options. ok djm@ markus@
|
|
- jakob@cvs.openbsd.org 2003/05/15 02:27:15
|
|
[dns.c]
|
|
add missing freerrset
|
|
- markus@cvs.openbsd.org 2003/05/15 03:08:29
|
|
[cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
|
|
split out custom EVP ciphers
|
|
- djm@cvs.openbsd.org 2003/05/15 03:10:52
|
|
[ssh-keygen.c]
|
|
avoid warning; ok jakob@
|
|
- mouring@cvs.openbsd.org 2003/05/15 03:39:07
|
|
[sftp-int.c]
|
|
Make put/get (globed and nonglobed) code more consistant. OK djm@
|
|
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
|
|
[sftp-int.c sftp.c]
|
|
Teach ls how to display multiple column display and allow users
|
|
to return to single column format via 'ls -1'. OK @djm
|
|
- jakob@cvs.openbsd.org 2003/05/15 04:08:44
|
|
[readconf.c servconf.c]
|
|
disable kerberos when not supported. ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/15 04:08:41
|
|
[ssh.1]
|
|
~B is ssh2 only
|
|
- (djm) Always parse UsePAM
|
|
- (djm) Configure glue for DNS support (code doesn't work in portable yet)
|
|
- (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
|
|
- (djm) Tidy Makefile clean targets
|
|
- (djm) Adapt README.dns for portable
|
|
- (djm) Avoid uuencode.c warnings
|
|
- (djm) Enable UsePAM when built --with-pam
|
|
- (djm) Only build getrrsetbyname replacement when using --with-dns
|
|
- (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
|
|
correctly)
|
|
- (djm) Bug #444: Wrong paths after reconfigure
|
|
- (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
|
|
|
|
20030514
|
|
- (djm) Bug #117: Don't lie to PAM about username
|
|
- (djm) RCSID sync w/ OpenBSD
|
|
- (djm) OpenBSD CVS Sync
|
|
- djm@cvs.openbsd.org 2003/04/09 12:00:37
|
|
[readconf.c]
|
|
strip trailing whitespace from config lines before parsing.
|
|
Fixes bz 528; ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/12 10:13:57
|
|
[cipher.c]
|
|
hide cipher details; ok djm@
|
|
- markus@cvs.openbsd.org 2003/04/12 10:15:36
|
|
[misc.c]
|
|
debug->debug2
|
|
- naddy@cvs.openbsd.org 2003/04/12 11:40:15
|
|
[ssh.1]
|
|
document -V switch, fix wording; ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/14 14:17:50
|
|
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
|
|
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
|
|
- mouring@cvs.openbsd.org 2003/04/14 21:31:27
|
|
[sftp-int.c]
|
|
Missing globfree(&g) in process_put() spotted by Vince Brimhall
|
|
<VBrimhall@novell.com>. ok@ Theo
|
|
- markus@cvs.openbsd.org 2003/04/16 14:35:27
|
|
[auth.h]
|
|
document struct Authctxt; with solar
|
|
- deraadt@cvs.openbsd.org 2003/04/26 04:29:49
|
|
[ssh-keyscan.c]
|
|
-t in usage(); rogier@quaak.org
|
|
- mouring@cvs.openbsd.org 2003/04/30 01:16:20
|
|
[sshd.8 sshd_config.5]
|
|
Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
|
|
Bug #550 and * escaping suggested by jmc@.
|
|
- david@cvs.openbsd.org 2003/04/30 20:41:07
|
|
[sshd.8]
|
|
fix invalid .Pf macro usage introduced in previous commit
|
|
ok jmc@ mouring@
|
|
- markus@cvs.openbsd.org 2003/05/11 16:56:48
|
|
[authfile.c ssh-keygen.c]
|
|
change key_load_public to try to read a public from:
|
|
rsa1 private or rsa1 public and ssh2 keys.
|
|
this makes ssh-keygen -e fail for ssh1 keys more gracefully
|
|
for example; report from itojun (netbsd pr 20550).
|
|
- markus@cvs.openbsd.org 2003/05/11 20:30:25
|
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
|
|
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|
|
- markus@cvs.openbsd.org 2003/05/12 16:55:37
|
|
[sshconnect2.c]
|
|
for pubkey authentication try the user keys in the following order:
|
|
1. agent keys that are found in the config file
|
|
2. other agent keys
|
|
3. keys that are only listed in the config file
|
|
this helps when an agent has many keys, where the server might
|
|
close the connection before the correct key is used. report & ok pb@
|
|
- markus@cvs.openbsd.org 2003/05/12 18:35:18
|
|
[ssh-keyscan.1]
|
|
typo: DSA keys are of type ssh-dss; Brian Poole
|
|
- markus@cvs.openbsd.org 2003/05/14 00:52:59
|
|
[ssh2.h]
|
|
ranges for per auth method messages
|
|
- djm@cvs.openbsd.org 2003/05/14 01:00:44
|
|
[sftp.1]
|
|
emphasise the batchmode functionality and make reference to pubkey auth,
|
|
both of which are FAQs; ok markus@
|
|
- markus@cvs.openbsd.org 2003/05/14 02:15:47
|
|
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
|
|
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
|
|
server interops with commercial client; ok jakob@ djm@
|
|
- jmc@cvs.openbsd.org 2003/05/14 08:25:39
|
|
[sftp.1]
|
|
- better formatting in SYNOPSIS
|
|
- whitespace at EOL
|
|
ok djm@
|
|
- markus@cvs.openbsd.org 2003/05/14 08:57:49
|
|
[monitor.c]
|
|
http://bugzilla.mindrot.org/show_bug.cgi?id=560
|
|
Privsep child continues to run after monitor killed.
|
|
Pass monitor signals through to child; Darren Tucker
|
|
- (djm) Make portable build with MIT krb5 (some issues remain)
|
|
- (djm) Add new UsePAM configuration directive to allow runtime control
|
|
over usage of PAM. This allows non-root use of sshd when built with
|
|
--with-pam
|
|
- (djm) Die screaming if start_pam() is called when UsePAM=no
|
|
- (djm) Avoid KrbV leak for MIT Kerberos
|
|
- (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
|
|
- (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
|
|
|
|
20030512
|
|
- (djm) Redhat spec: Don't install profile.d scripts when not
|
|
building with GNOME/GTK askpass (patch from bet@rahul.net)
|
|
|
|
20030510
|
|
- (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
|
|
"make install". Patch by roth@feep.net.
|
|
- (dtucker) Bug #536: Test for and work around openpty/controlling tty
|
|
problem on Linux (fixes "could not set controlling tty" errors).
|
|
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
|
|
proper challenge-response module
|
|
- (djm) 2-clause license on loginrec.c, with permission from
|
|
andre@ae-35.com
|
|
|
|
20030504
|
|
- (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
|
|
Patch from vinschen@redhat.com.
|
|
|
|
20030503
|
|
- (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
|
|
by wendyp@cray.com.
|
|
|
|
20030502
|
|
- (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
|
|
privsep should now work.
|
|
- (dtucker) Move handling of bad password authentications into a platform
|
|
specific record_failed_login() function (affects AIX & Unicos). ok mouring@
|
|
|
|
20030429
|
|
- (djm) Add back radix.o (used by AFS support), after it went missing from
|
|
Makefile many moons ago
|
|
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
|
|
- (djm) Fix blibpath specification for AIX/gcc
|
|
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
|
|
|
|
20030428
|
|
- (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
|
|
hacked code.
|
|
|
|
20030427
|
|
- (bal) Bug #541: return; was dropped by mistake. Reported by
|
|
furrier@iglou.com
|
|
- (bal) Since we don't support platforms lacking u_int_64. We may
|
|
as well clean out some of those evil #ifdefs
|
|
- (bal) auth1.c minor resync while looking at the code.
|
|
- (bal) auth2.c same changed as above.
|
|
|
|
20030409
|
|
- (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
|
|
from matth@eecs.berkeley.edu
|
|
- (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/04/02 09:48:07
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
|
|
[readconf.h serverloop.c sshconnect2.c]
|
|
reapply rekeying chage, tested by henning@, ok djm@
|
|
- markus@cvs.openbsd.org 2003/04/02 14:36:26
|
|
[ssh-keysign.c]
|
|
potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
|
|
- itojun@cvs.openbsd.org 2003/04/03 07:25:27
|
|
[progressmeter.c]
|
|
$OpenBSD$
|
|
- itojun@cvs.openbsd.org 2003/04/03 10:17:35
|
|
[progressmeter.c]
|
|
remove $OpenBSD$, as other *.c does not have it.
|
|
- markus@cvs.openbsd.org 2003/04/07 08:29:57
|
|
[monitor_wrap.c]
|
|
typo: get correct counters; introduced during rekeying change.
|
|
- millert@cvs.openbsd.org 2003/04/07 21:58:05
|
|
[progressmeter.c]
|
|
The UCB copyright here is incorrect. This code did not originate
|
|
at UCB, it was written by Luke Mewburn. Updated the copyright at
|
|
the author's request. markus@ OK
|
|
- itojun@cvs.openbsd.org 2003/04/08 20:21:29
|
|
[*.c *.h]
|
|
rename log() into logit() to avoid name conflict. markus ok, from
|
|
netbsd
|
|
- (djm) XXX - Performed locally using:
|
|
"perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
|
|
- hin@cvs.openbsd.org 2003/04/09 08:23:52
|
|
[servconf.c]
|
|
Don't include <krb.h> when compiling with Kerberos 5 support
|
|
- (djm) Fix up missing include for packet.c
|
|
- (djm) Fix missed log => logit occurance (reference by function pointer)
|
|
|
|
20030402
|
|
- (bal) if IP_TOS is not found or broken don't try to compile in
|
|
packet_set_tos() function call. bug #527
|
|
|
|
20030401
|
|
- (djm) OpenBSD CVS Sync
|
|
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
|
|
[scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
|
|
[ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
|
|
- killed whitespace
|
|
- new sentence new line
|
|
- .Bk for arguments
|
|
ok markus@
|
|
- markus@cvs.openbsd.org 2003/04/01 10:10:23
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
|
|
[readconf.h serverloop.c sshconnect2.c]
|
|
rekeying bugfixes and automatic rekeying:
|
|
* both client and server rekey _automatically_
|
|
(a) after 2^31 packets, because after 2^32 packets
|
|
the sequence number for packets wraps
|
|
(b) after 2^(blocksize_in_bits/4) blocks
|
|
(see: draft-ietf-secsh-newmodes-00.txt)
|
|
(a) and (b) are _enabled_ by default, and only disabled for known
|
|
openssh versions, that don't support rekeying properly.
|
|
* client option 'RekeyLimit'
|
|
* do not reply to requests during rekeying
|
|
- markus@cvs.openbsd.org 2003/04/01 10:22:21
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
|
|
[readconf.h serverloop.c sshconnect2.c]
|
|
backout rekeying changes (for 3.6.1)
|
|
- markus@cvs.openbsd.org 2003/04/01 10:31:26
|
|
[compat.c compat.h kex.c]
|
|
bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
|
|
tested by ho@ and myself
|
|
- markus@cvs.openbsd.org 2003/04/01 10:56:46
|
|
[version.h]
|
|
3.6.1
|
|
- (djm) Crank spec file versions
|
|
- (djm) Release 3.6.1p1
|
|
|
|
20030326
|
|
- (djm) OpenBSD CVS Sync
|
|
- deraadt@cvs.openbsd.org 2003/03/26 04:02:51
|
|
[sftp-server.c]
|
|
one last fix to the tree: race fix broke stuff; pr 3169;
|
|
srp@srparish.net, help from djm
|
|
|
|
20030325
|
|
- (djm) Fix getpeerid support for 64 bit BE systems. From
|
|
Arnd Bergmann <arndb@de.ibm.com>
|
|
|
|
20030324
|
|
- (djm) OpenBSD CVS Sync
|
|
- markus@cvs.openbsd.org 2003/03/23 19:02:00
|
|
[monitor.c]
|
|
unbreak rekeying for privsep; ok millert@
|
|
- Release 3.6p1
|
|
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
|
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
|
|
|
$Id: ChangeLog,v 1.2872 2003/08/02 13:28:38 dtucker Exp $
|