2
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
4
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
5
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
6
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
7
USE_POSIX_THREADS will now generate an error so we don't silently change
9
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
10
allocation when retrieving core Windows environment. Add CYGWIN variable
11
to propagated variables. Patch from vinschen at redhat.com, ok djm@
15
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
16
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
20
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
21
hard link section. Bug 1038.
24
- (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
25
user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
28
- (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
29
unix domain socket, so catch that too; from jakob@ ok dtucker@
32
- (dtucker) [canohost.c] normalise socket addresses returned by
33
get_remote_hostname(). This means that IPv4 addresses in log messages
34
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
35
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
36
addresses only for 4-in-6 mapped connections, regardless of whether
37
or not the machine is IPv6 enabled. ok djm@
40
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
41
existence of a process since it's more portable. Found by jbasney at
42
ncsa.uiuc.edu; ok tim@
43
- (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
44
will clean up anyway. From tim@
45
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
46
"make tests" works even if you're building on a filesystem that doesn't
47
support sockets. From deengert at anl.gov, ok djm@
50
- (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
51
1.2.1.2 or higher. With tim@, ok djm@
54
- (tim) [config.guess] Add support for OpenServer 6.
57
- (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
58
UseLogin is set as PAM is not used to establish credentials in that
59
case. Found by Michael Selvesteen, ok djm@
62
- (dtucker) [INSTALL] Reference README.privsep for the privilege separation
63
requirements. Pointed out by Bengt Svensson.
64
- (dtucker) [INSTALL] Put the s/key text and URL back together.
65
- (dtucker) [INSTALL] Fix s/key text too.
68
- (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
71
- (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
72
- (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
73
Tru64. Patch from cmadams at hiwaay.net.
74
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
75
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
78
- (djm) OpenBSD CVS Sync
79
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
81
copy argv[] element instead of smashing the one that ps will see; ok otto
82
- djm@cvs.openbsd.org 2005/04/02 12:41:16
84
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
86
- (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
87
will free as needed. ok tim@ djm@
90
- (dtucker) OpenBSD CVS Sync
91
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
93
get the syntax right for {Local,Remote}Forward;
94
based on a diff from markus;
95
problem report from ponraj;
96
ok dtucker@ markus@ deraadt@
97
- markus@cvs.openbsd.org 2005/03/16 21:17:39
100
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
103
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
104
handling of password expiry messages returned by AIX's authentication
105
routines, originally reported by robvdwal at sara.nl.
106
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
107
message on some platforms. Patch from pete at seebeyond.com via djm.
108
- (dtucker) [monitor.c] Remaining part of fix for bug #1006.
111
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
112
interested in which is much faster in large (eg LDAP or NIS) environments.
113
Patch from dleonard at vintela.com.
116
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
117
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
119
- (dtucker) [configure.ac] Make configure error out if the user specifies
120
--with-libedit but the required libs can't be found, rather than silently
121
ignoring and continuing. ok tim@
122
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
123
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
126
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
127
Make --without-opensc work.
128
- (tim) [configure.ac] portability changes on test statements. Some shells
129
have problems with -a operator.
130
- (tim) [configure.ac] make some configure options a little more error proof.
131
- (tim) [configure.ac] remove trailing white space.
134
- (dtucker) OpenBSD CVS Sync
135
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
137
Check listen addresses for null, prevents xfree from dying during
138
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
139
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
140
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
141
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
142
readconf.c bufaux.c sftp.c]
144
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
147
- markus@cvs.openbsd.org 2005/03/11 14:59:06
149
typo, missing \n; mpech
150
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
152
escape `.' at eol to avoid double spacing issues;
153
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
155
Correct description of -H (bz #997); ok markus@, punctuation jmc@
156
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
158
Populate host for log message for logins denied by AllowUsers and
159
DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
160
- markus@cvs.openbsd.org 2005/03/14 11:46:56
161
[buffer.c buffer.h channels.c]
162
limit input buffer size for channels; bugzilla #896; with and ok dtucker@
163
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
167
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
168
localized name of the local administrators group more reliable. From
169
vinschen at redhat.com.
172
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
173
output ends up in the client's output, causing regress failures. Found
177
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
178
so that regress tests behave. From Chris Adams.
179
- (djm) OpenBSD CVS Sync
180
- jmc@cvs.openbsd.org 2005/03/07 23:41:54
182
more macro simplification;
183
- djm@cvs.openbsd.org 2005/03/08 23:49:48
186
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
187
[contrib/suse/openssh.spec] Update spec file versions
188
- (djm) [log.c] Fix dumb syntax error; ok dtucker@
189
- (djm) Release OpenSSH 4.0p1
192
- (dtucker) [configure.ac] Disable gettext search when configuring with
193
BSM audit support for the time being. ok djm@
194
- (dtucker) OpenBSD CVS Sync (regress/)
195
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
196
[Makefile sftp-glob.sh]
197
some globbing regress; prompted and ok djm@
198
- david@cvs.openbsd.org 2005/01/14 04:21:18
199
[Makefile test-exec.sh]
200
pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
201
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
202
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
203
Add optional capability to log output from regress commands; ok markus@
204
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
205
- djm@cvs.openbsd.org 2005/02/27 23:13:36
207
avoid nameservice lookups in regress test; ok dtucker@
208
- djm@cvs.openbsd.org 2005/03/04 08:48:46
209
[Makefile envpass.sh]
210
regress test for SendEnv config parsing bug; ok dtucker@
211
- (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
212
- (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
215
- (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
216
when attempting to audit disconnect events. Reported by Phil Dibowitz.
217
- (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
218
events earlier, prevents mm_request_send errors reported by Matt Goebel.
221
- (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
222
from vinschen at redhat.com
223
- (djm) OpenBSD CVS Sync
224
- jmc@cvs.openbsd.org 2005/03/02 11:45:01
227
- djm@cvs.openbsd.org 2005/03/04 08:48:06
229
fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
232
- (djm) OpenBSD CVS sync:
233
- jmc@cvs.openbsd.org 2005/03/01 14:47:58
235
remove some unneccesary macros;
236
do not mark up punctuation;
237
- jmc@cvs.openbsd.org 2005/03/01 14:55:23
239
do not mark up punctuation;
241
- jmc@cvs.openbsd.org 2005/03/01 14:59:49
243
new sentence, new line;
245
- jmc@cvs.openbsd.org 2005/03/01 15:05:00
248
- jmc@cvs.openbsd.org 2005/03/01 15:47:14
249
[ssh-keyscan.1 ssh-keyscan.c]
250
sort options and sync usage();
251
- jmc@cvs.openbsd.org 2005/03/01 17:19:35
253
add HashKnownHosts to -o list;
255
- jmc@cvs.openbsd.org 2005/03/01 17:22:06
257
sync usage() w/ man SYNOPSIS;
259
- jmc@cvs.openbsd.org 2005/03/01 17:32:19
262
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
264
sort options (no attempt made at synopsis clean up though);
265
spelling (occurance -> occurrence);
266
use prompt before examples;
268
- djm@cvs.openbsd.org 2005/03/02 01:00:06
270
fix addition of new hashed hostnames when CheckHostIP=yes;
271
found and ok dtucker@
272
- djm@cvs.openbsd.org 2005/03/02 01:27:41
274
ignore hostnames with metachars when hashing; ok deraadt@
275
- djm@cvs.openbsd.org 2005/03/02 02:21:07
277
bz#987: mention ForwardX11Trusted in ssh.1,
278
reported by andrew.benham AT thus.net; ok deraadt@
279
- (tim) [regress/agent-ptrace.sh] add another possible gdb error.
282
- (djm) OpenBSD CVS sync:
283
- otto@cvs.openbsd.org 2005/02/16 09:56:44
285
Better diagnostic if an identity file is not accesible. ok markus@ djm@
286
- djm@cvs.openbsd.org 2005/02/18 03:05:53
288
better error messages for getnameinfo failures; ok dtucker@
289
- djm@cvs.openbsd.org 2005/02/20 22:59:06
291
turn on ssh batch mode when in sftp batch mode, patch from
294
- jmc@cvs.openbsd.org 2005/02/25 10:55:13
296
add /etc/motd and $HOME/.hushlogin to FILES;
297
from michael knudsen;
298
- djm@cvs.openbsd.org 2005/02/28 00:54:10
300
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
301
orion AT cora.nwra.com; ok markus@
302
- djm@cvs.openbsd.org 2005/03/01 10:09:52
303
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
304
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
306
bz#413: allow optional specification of bind address for port forwardings.
307
Patch originally by Dan Astorian, but worked on by several people
308
Adds GatewayPorts=clientspecified option on server to allow remote
309
forwards to bind to client-specified ports.
310
- djm@cvs.openbsd.org 2005/03/01 10:40:27
311
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
312
[sshconnect.c sshd.8]
313
add support for hashing host names and addresses added to known_hosts
314
files, to improve privacy of which hosts user have been visiting; ok
316
- djm@cvs.openbsd.org 2005/03/01 10:41:28
317
[ssh-keyscan.1 ssh-keyscan.c]
318
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
319
- djm@cvs.openbsd.org 2005/03/01 10:42:49
320
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
321
add tools for managing known_hosts files with hashed hostnames, including
322
hashing existing files and deleting hosts by name; ok markus@ deraadt@
325
- (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
326
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
327
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
328
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
329
more. Patch from vinschen at redhat.com.
330
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
331
binaries without the config files. Primarily useful for packaging.
332
Patch from phil at usc.edu. ok djm@
335
- (djm) [configure.ac] in_addr_t test needs sys/types.h too
338
- (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
339
vinschen at redhat.com.
342
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
343
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
344
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
345
parts by John R. Jackson. ok djm@
346
- (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
347
unrelated platforms to be configured incorrectly.
350
- (djm) write seed to temporary file and atomically rename into place;
352
- (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
353
via mkstemp in some configurations. ok djm@
354
- (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
355
by the system headers.
356
- (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
357
Unix; prevents problems relating to the location of -lresolv in the
359
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
360
authentication early enough to be available to PAM session modules when
361
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
362
Hartman and similar to Debian's ssh-krb5 package.
363
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
364
compiler warnings on AIX.
367
- (dtucker) [config.sh.in] Collect oslevel -r too.
368
- (dtucker) [README.platform auth.c configure.ac loginrec.c
369
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
370
on AIX where possible (see README.platform for details) and work around
371
a misfeature of AIX's getnameinfo. ok djm@
372
- (dtucker) [loginrec.c] Add missing #include.
375
- (dtucker) [configure.ac] Tidy up configure --help output.
376
- (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
379
- (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
380
--disable-etc-default-login configure option.
383
- (dtucker) OpenBSD CVS Sync
384
- dtucker@cvs.openbsd.org 2005/01/28 09:45:53
386
Make it clear that the example entries in ssh_config are only some of the
387
commonly-used options and refer the user to ssh_config(5) for more
389
- jmc@cvs.openbsd.org 2005/01/28 15:05:43
392
- jmc@cvs.openbsd.org 2005/01/28 18:14:09
396
- dtucker@cvs.openbsd.org 2005/01/30 11:18:08
398
Make code match intent; ok djm@
399
- dtucker@cvs.openbsd.org 2005/02/08 22:24:57
401
Provide reason in error message if getnameinfo fails; ok markus@
402
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
403
disable_forwarding() from compat library. Prevent linker errrors trying
404
to resolve it for binaries other than sshd. ok djm@
405
- (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
407
- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
408
the username to be passed to the passwd command when changing expired
412
- (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
413
regress tests so newer versions of GNU head(1) behave themselves. Patch
415
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
416
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
417
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
418
defines and enums with SSH_ to prevent namespace collisions on some
422
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
423
- (dtucker) [auth.c] Fix parens in audit log check.
426
- (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
427
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
428
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
429
Make record_failed_login() call provide hostname rather than having the
430
implementations having to do lookups themselves. Only affects AIX and
431
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
432
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
433
the process. Since we also unset KRB5CCNAME at startup, if it's set after
434
authentication it must have been set by the platform's native auth system.
435
This was already done for AIX; this enables it for the general case.
436
- (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
437
Bug #974: Teach sshd to write failed login records to btmp for failed auth
438
attempts (currently only for password, kbdint and C/R, only on Linux and
439
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
441
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
442
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
443
(first stage) Add audit instrumentation to sshd, currently disabled by
444
default. with suggestions from and ok djm@
447
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
448
platforms syslog will revert to its default values. This may result in
449
messages from external libraries (eg libwrap) being sent to a different
451
- (dtucker) [sshd_config.5] Bug #701: remove warning about
452
keyboard-interactive since this is no longer the case.
455
- (dtucker) OpenBSD CVS Sync
456
- otto@cvs.openbsd.org 2005/01/21 08:32:02
457
[auth-passwd.c sshd.c]
458
Warn in advance for password and account expiry; initialize loginmsg
459
buffer earlier and clear it after privsep fork. ok and help dtucker@
461
- dtucker@cvs.openbsd.org 2005/01/22 08:17:59
463
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
464
DenyGroups. bz #909, ok djm@
465
- djm@cvs.openbsd.org 2005/01/23 10:18:12
467
config option "Ciphers" should be case-sensitive; ok dtucker@
468
- dtucker@cvs.openbsd.org 2005/01/24 10:22:06
470
Have scp and sftp wait for the spawned ssh to exit before they exit
471
themselves. This prevents ssh from being unable to restore terminal
472
modes (not normally a problem on OpenBSD but common with -Portable
473
on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
475
- dtucker@cvs.openbsd.org 2005/01/24 10:29:06
477
Import new moduli; requested by deraadt@ a week ago
478
- dtucker@cvs.openbsd.org 2005/01/24 11:47:13
480
#if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
483
- (dtucker) OpenBSD CVS Sync
484
- markus@cvs.openbsd.org 2004/12/23 17:35:48
486
check for NULL; from mpech
487
- markus@cvs.openbsd.org 2004/12/23 17:38:07
490
- djm@cvs.openbsd.org 2004/12/23 23:11:00
491
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
492
bz #898: support AddressFamily in sshd_config. from
493
peak@argo.troja.mff.cuni.cz; ok deraadt@
494
- markus@cvs.openbsd.org 2005/01/05 08:51:32
496
remove dead code, log connect() failures with level error, ok djm@
497
- jmc@cvs.openbsd.org 2005/01/08 00:41:19
499
`login'(n) -> `log in'(v);
500
- dtucker@cvs.openbsd.org 2005/01/17 03:25:46
502
Correct spelling: SCHNOOR->SCHNORR; ok djm@
503
- dtucker@cvs.openbsd.org 2005/01/17 22:48:39
505
Make debugging output continue after reexec; ok djm@
506
- dtucker@cvs.openbsd.org 2005/01/19 13:11:47
507
[auth-bsdauth.c auth2-chall.c]
508
Have keyboard-interactive code call the drivers even for responses for
509
invalid logins. This allows the drivers themselves to decide how to
510
handle them and prevent leaking information where possible. Existing
511
behaviour for bsdauth is maintained by checking authctxt->valid in the
512
bsdauth driver. Note that any third-party kbdint drivers will now need
513
to be able to handle responses for invalid logins. ok markus@
514
- djm@cvs.openbsd.org 2004/12/22 02:13:19
515
[cipher-ctr.c cipher.c]
516
remove fallback AES support for old OpenSSL, as OpenBSD has had it for
517
many years now; ok deraadt@
518
(Id sync only: Portable will continue to support older OpenSSLs)
519
- (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
520
existence via keyboard-interactive/pam, in conjunction with previous
521
auth2-chall.c change; with Colin Watson and djm.
522
- (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
523
bytes to prevent errors from login_init_entry() when the username is
524
exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
525
- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
526
the list of available kbdint devices if UsePAM=no. ok djm@
529
- (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
530
"make survey" and "make send-survey". This will provide data on the
531
configure parameters, platform and platform features to the development
532
team, which will allow (among other things) better targetting of testing.
533
It's entirely voluntary and is off be default. ok djm@
534
- (dtucker) [survey.sh.in] Remove any blank lines from the output of
538
- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
539
from prngd is enabled at compile time but fails at run time, eg because
540
prngd is not running. Note that if you have prngd running when OpenSSH is
541
built, OpenSSL will consider itself internally seeded and rand-helper won't
542
be built at all unless explicitly enabled via --with-rand-helper. ok djm@
543
- (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
544
on some wacky platforms (eg old AIXes), dd will refuse to create an output
545
file if it doesn't exist.
548
- (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
549
amarendra.godbole at ge com.
552
- (dtucker) OpenBSD CVS Sync
553
- markus@cvs.openbsd.org 2004/12/06 16:00:43
555
use 0x00 not \0 since buf[] is a bignum
556
- fgsch@cvs.openbsd.org 2004/12/10 03:10:42
558
- fix globbed ls for paths the same lenght as the globbed path when
559
we have a unique matching.
560
- fix globbed ls in case of a directory when we have a unique matching.
561
- as a side effect, if the path does not exist error (used to silently
563
- don't do extra do_lstat() if we only have one matching file.
565
- dtucker@cvs.openbsd.org 2004/12/11 01:48:56
566
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
567
Fix debug call in error path of authorized_keys processing and fix related
571
- (tim) [configure.ac] Comment some non obvious platforms in the
572
target-specific case statement. Suggested and OK by dtucker@
575
- (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
578
- (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
579
- (dtucker) OpenBSD CVS Sync
580
- markus@cvs.openbsd.org 2004/11/25 22:22:14
581
[sftp-client.c sftp.c]
583
- jmc@cvs.openbsd.org 2004/11/29 00:05:17
586
- djm@cvs.openbsd.org 2004/11/29 07:41:24
587
[sftp-client.h sftp.c]
588
Some small fixes from moritz@jodeit.org. ok deraadt@
589
- jaredy@cvs.openbsd.org 2004/12/05 23:55:07
591
- explain that patterns can be used as arguments in get/put/ls/etc
592
commands (prodded by Michael Knudsen)
593
- describe ls flags as a list
594
- other minor improvements
596
- dtucker@cvs.openbsd.org 2004/12/06 11:41:03
597
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
598
Discard over-length authorized_keys entries rather than complaining when
599
they don't decode. bz #884, with & ok djm@
600
- (dtucker) OpenBSD CVS Sync (regress/)
601
- djm@cvs.openbsd.org 2004/06/26 06:16:07
603
don't change the name of the copied sshd for the reexec fallback test,
604
makes life simpler for portable
605
- dtucker@cvs.openbsd.org 2004/07/08 12:59:35
607
Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@
608
- david@cvs.openbsd.org 2004/07/09 19:45:43
610
add a missing CLEANFILES used in the re-exec test
611
- djm@cvs.openbsd.org 2004/10/08 02:01:50
613
shrink and tidy; ok dtucker@
614
- djm@cvs.openbsd.org 2004/10/29 23:59:22
615
[Makefile added brokenkeys.sh]
616
regression test for handling of corrupt keys in authorized_keys file
617
- djm@cvs.openbsd.org 2004/11/07 00:32:41
619
regression tests for new multiplex commands
620
- dtucker@cvs.openbsd.org 2004/11/25 09:39:27
622
Remove obsolete RhostsAuthentication from test config; ok markus@
623
- dtucker@cvs.openbsd.org 2004/12/06 10:49:56
625
Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
628
- (dtucker) OpenBSD CVS Sync
629
- jmc@cvs.openbsd.org 2004/11/07 17:42:36
631
options sort, and whitespace;
632
- jmc@cvs.openbsd.org 2004/11/07 17:57:30
638
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
639
subsequently denied by the PAM auth stack, send the PAM message to the
640
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
644
- (dtucker) OpenBSD CVS Sync
645
- djm@cvs.openbsd.org 2004/11/05 12:19:56
647
command editing and history support via libedit; ok markus@
648
thanks to hshoexer@ and many testers on tech@ too
649
- djm@cvs.openbsd.org 2004/11/07 00:01:46
650
[clientloop.c clientloop.h ssh.1 ssh.c]
651
add basic control of a running multiplex master connection; including the
652
ability to check its status and request it to exit; ok markus@
653
- (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
654
option and supporting makefile bits and documentation.
657
- (dtucker) OpenBSD CVS Sync
658
- markus@cvs.openbsd.org 2004/08/30 09:18:08
661
- jmc@cvs.openbsd.org 2004/08/30 21:22:49
663
.Xsession -> .xsession;
664
originally from a pr from f at obiit dot org, but missed by myself;
666
- djm@cvs.openbsd.org 2004/09/07 23:41:30
668
cleanup multiplex control socket on SIGHUP too, spotted by sturm@
670
- deraadt@cvs.openbsd.org 2004/09/15 00:46:01
672
/* fallthrough */ is something a programmer understands. But
673
/* FALLTHROUGH */ is also understood by lint, so that is better.
674
- jaredy@cvs.openbsd.org 2004/09/15 03:25:41
676
mention PrintLastLog only prints last login time for interactive
677
sessions, like PrintMotd mentions.
678
From Michael Knudsen, with wording changed slightly to match the
679
PrintMotd description.
681
- mickey@cvs.openbsd.org 2004/09/15 18:42:27
683
use less doubles in daemons; markus@ ok
684
- deraadt@cvs.openbsd.org 2004/09/15 18:46:04
686
scratch that do { } while (0) wrapper in this case
687
- djm@cvs.openbsd.org 2004/09/23 13:00:04
689
correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
690
- djm@cvs.openbsd.org 2004/09/25 03:45:14
692
these printf args are no longer double; ok deraadt@ markus@
693
- djm@cvs.openbsd.org 2004/10/07 10:10:24
694
[scp.1 sftp.1 ssh.1 ssh_config.5]
695
document KbdInteractiveDevices; ok markus@
696
- djm@cvs.openbsd.org 2004/10/07 10:12:36
698
don't unlink agent socket when bind() fails, spotted by rich AT
699
rich-paul.net, ok markus@
700
- markus@cvs.openbsd.org 2004/10/20 11:48:53
702
disconnect for invalid (out of range) message types.
703
- djm@cvs.openbsd.org 2004/10/29 21:47:15
704
[channels.c channels.h clientloop.c]
705
fix some window size change bugs for multiplexed connections: windows sizes
706
were not being updated if they had changed after ~^Z suspends and SIGWINCH
707
was not being processed unless the first connection had requested a tty;
709
- djm@cvs.openbsd.org 2004/10/29 22:53:56
710
[clientloop.c misc.h readpass.c ssh-agent.c]
711
factor out common permission-asking code to separate function; ok markus@
712
- djm@cvs.openbsd.org 2004/10/29 23:56:17
713
[bufaux.c bufaux.h buffer.c buffer.h]
714
introduce a new buffer API that returns an error rather than fatal()ing
715
when presented with bad data; ok markus@
716
- djm@cvs.openbsd.org 2004/10/29 23:57:05
718
use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
722
- (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
723
10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
724
only if a conflict is detected.
727
- (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
728
on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
731
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
735
- (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
736
and other PAM platforms.
737
- (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
738
to void * to appease picky compilers (eg Tru64's "cc -std1").
741
- (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@
744
- (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
745
which could have caused the justification to be wrong. ok djm@
748
- (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
750
- (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
751
install process. Patch from vinschen at redhat.com.
754
- (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
755
No change in resultant binary
756
- (djm) [loginrec.c] __func__ifiy
757
- (djm) [loginrec.c] xmalloc
758
- (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
759
banner. Suggested by deraadt@, ok mouring@, dtucker@
760
- (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
764
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
765
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
766
failing PAM session modules to user then exit, similar to the way
767
/etc/nologin is handled. ok djm@
768
- (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
769
- (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
770
Make cygwin code more consistent with that which surrounds it
771
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
772
Bug #892: Send messages from failing PAM account modules to the client via
773
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
774
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
775
- (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@
776
- (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
777
Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
778
- (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
782
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
783
copy required environment variables on Cygwin. Patch from vinschen at
785
- (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
786
vinschen at redhat.com.
787
- (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
788
of shell constructs. Patch from cjwatson at debian.org.
791
- (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
792
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
793
From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
794
- (dtucker) OpenBSD CVS Sync
795
- djm@cvs.openbsd.org 2004/08/23 11:48:09
797
fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
798
- djm@cvs.openbsd.org 2004/08/23 11:48:47
800
typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
801
- dtucker@cvs.openbsd.org 2004/08/23 14:26:38
802
[ssh-keysign.c ssh.c]
803
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
804
change in Portable; ok markus@ (CVS ID sync only)
805
- dtucker@cvs.openbsd.org 2004/08/23 14:29:23
807
Remove duplicate getuid(), suggested by & ok markus@
808
- markus@cvs.openbsd.org 2004/08/26 16:00:55
810
get rid of references to rhosts authentication; with jmc@
811
- djm@cvs.openbsd.org 2004/08/28 01:01:48
813
don't erroneously close stdin for !reexec case, from Dave Johnson;
815
- (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
816
fixes configure warning on Solaris reported by wknox at mitre.org.
817
- (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
818
support FD passing since multiplex requires it. Noted by tim@
819
- (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
820
down, needed on some platforms, should be harmless on others. Patch from
821
jason at devrandom.org.
822
- (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
823
files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
824
- (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
825
builds too, from vinschen at redhat.com.
826
- (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
827
too; patch from cmadams at hiwaay.net.
828
- (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
829
- (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
830
accounts with authentication configs that sshd can't support (ie
831
SYSTEM=NONE and AUTH1=something).
834
- (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
835
vinschen at redhat.com.
838
- (djm) [ssh-rand-helper.c] Typo. Found by
839
Martin.Kraemer AT Fujitsu-Siemens.com
840
- (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
841
Martin.Kraemer AT Fujitsu-Siemens.com
2
844
- (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
3
845
- (djm) OpenBSD CVS Sync