« back to all changes in this revision
Viewing changes to ChangeLog
- browse files at revision 1.1.2
- compare with another revision
- download diff
- download tarball
- view history from revision 1.1.2
- Committer: Bazaar Package Importer
- Author(s): Colin Watson
- Date: 2005-10-10 20:10:01 UTC
- mto: This revision was merged to the branch mainline in revision 4.
- Revision ID: james.westby@ubuntu.com-20051010201001-rno2f5bno6e6wo6t
Tags: upstream-4.1p1
ImportĀ upstreamĀ versionĀ 4.1p1
- files added:
- audit-bsm.c
- files modified:
- ChangeLog
added
removed
ChangeLog
1
20050524
2
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
4
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
5
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
6
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
7
USE_POSIX_THREADS will now generate an error so we don't silently change
8
behaviour. ok djm@
9
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
10
allocation when retrieving core Windows environment. Add CYGWIN variable
11
to propagated variables. Patch from vinschen at redhat.com, ok djm@
12
- (djm) Release 4.1p1
13
14
20050524
15
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
16
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
17
"looks ok" dtucker@
18
19
20050512
20
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
21
hard link section. Bug 1038.
22
23
20050509
24
- (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
25
user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
26
27
20050504
28
- (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
29
unix domain socket, so catch that too; from jakob@ ok dtucker@
30
31
20050503
32
- (dtucker) [canohost.c] normalise socket addresses returned by
33
get_remote_hostname(). This means that IPv4 addresses in log messages
34
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
35
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
36
addresses only for 4-in-6 mapped connections, regardless of whether
37
or not the machine is IPv6 enabled. ok djm@
38
39
20050425
40
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
41
existence of a process since it's more portable. Found by jbasney at
42
ncsa.uiuc.edu; ok tim@
43
- (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
44
will clean up anyway. From tim@
45
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
46
"make tests" works even if you're building on a filesystem that doesn't
47
support sockets. From deengert at anl.gov, ok djm@
48
49
20050424
50
- (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
51
1.2.1.2 or higher. With tim@, ok djm@
52
53
20050423
54
- (tim) [config.guess] Add support for OpenServer 6.
55
56
20050421
57
- (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
58
UseLogin is set as PAM is not used to establish credentials in that
59
case. Found by Michael Selvesteen, ok djm@
60
61
20050419
62
- (dtucker) [INSTALL] Reference README.privsep for the privilege separation
63
requirements. Pointed out by Bengt Svensson.
64
- (dtucker) [INSTALL] Put the s/key text and URL back together.
65
- (dtucker) [INSTALL] Fix s/key text too.
66
67
20050411
68
- (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
69
70
20050405
71
- (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
72
- (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
73
Tru64. Patch from cmadams at hiwaay.net.
74
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
75
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
76
77
20050403
78
- (djm) OpenBSD CVS Sync
79
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
80
[scp.c]
81
copy argv[] element instead of smashing the one that ps will see; ok otto
82
- djm@cvs.openbsd.org 2005/04/02 12:41:16
83
[scp.c]
84
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
85
build
86
- (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
87
will free as needed. ok tim@ djm@
88
89
20050331
90
- (dtucker) OpenBSD CVS Sync
91
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
92
[ssh_config.5]
93
get the syntax right for {Local,Remote}Forward;
94
based on a diff from markus;
95
problem report from ponraj;
96
ok dtucker@ markus@ deraadt@
97
- markus@cvs.openbsd.org 2005/03/16 21:17:39
98
[version.h]
99
4.1
100
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
101
[sshd_config.5]
102
typo;
103
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
104
handling of password expiry messages returned by AIX's authentication
105
routines, originally reported by robvdwal at sara.nl.
106
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
107
message on some platforms. Patch from pete at seebeyond.com via djm.
108
- (dtucker) [monitor.c] Remaining part of fix for bug #1006.
109
110
20050329
111
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
112
interested in which is much faster in large (eg LDAP or NIS) environments.
113
Patch from dleonard at vintela.com.
114
115
20050321
116
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
117
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
118
with & ok tim@
119
- (dtucker) [configure.ac] Make configure error out if the user specifies
120
--with-libedit but the required libs can't be found, rather than silently
121
ignoring and continuing. ok tim@
122
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
123
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
124
125
20050317
126
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
127
Make --without-opensc work.
128
- (tim) [configure.ac] portability changes on test statements. Some shells
129
have problems with -a operator.
130
- (tim) [configure.ac] make some configure options a little more error proof.
131
- (tim) [configure.ac] remove trailing white space.
132
133
20050314
134
- (dtucker) OpenBSD CVS Sync
135
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
136
[readconf.c]
137
Check listen addresses for null, prevents xfree from dying during
138
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
139
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
140
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
141
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
142
readconf.c bufaux.c sftp.c]
143
spacing
144
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
145
[auth-options.c]
146
spacing
147
- markus@cvs.openbsd.org 2005/03/11 14:59:06
148
[ssh-keygen.c]
149
typo, missing \n; mpech
150
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
151
[ssh_config.5]
152
escape `.' at eol to avoid double spacing issues;
153
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
154
[ssh-keygen.1]
155
Correct description of -H (bz #997); ok markus@, punctuation jmc@
156
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
157
[auth.c]
158
Populate host for log message for logins denied by AllowUsers and
159
DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
160
- markus@cvs.openbsd.org 2005/03/14 11:46:56
161
[buffer.c buffer.h channels.c]
162
limit input buffer size for channels; bugzilla #896; with and ok dtucker@
163
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
164
with a rpm -F
165
166
20050313
167
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
168
localized name of the local administrators group more reliable. From
169
vinschen at redhat.com.
170
171
20050312
172
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
173
output ends up in the client's output, causing regress failures. Found
174
by Corinna Vinschen.
175
176
20050309
177
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
178
so that regress tests behave. From Chris Adams.
179
- (djm) OpenBSD CVS Sync
180
- jmc@cvs.openbsd.org 2005/03/07 23:41:54
181
[ssh.1 ssh_config.5]
182
more macro simplification;
183
- djm@cvs.openbsd.org 2005/03/08 23:49:48
184
[version.h]
185
OpenSSH 4.0
186
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
187
[contrib/suse/openssh.spec] Update spec file versions
188
- (djm) [log.c] Fix dumb syntax error; ok dtucker@
189
- (djm) Release OpenSSH 4.0p1
190
191
20050307
192
- (dtucker) [configure.ac] Disable gettext search when configuring with
193
BSM audit support for the time being. ok djm@
194
- (dtucker) OpenBSD CVS Sync (regress/)
195
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
196
[Makefile sftp-glob.sh]
197
some globbing regress; prompted and ok djm@
198
- david@cvs.openbsd.org 2005/01/14 04:21:18
199
[Makefile test-exec.sh]
200
pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
201
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
202
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
203
Add optional capability to log output from regress commands; ok markus@
204
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
205
- djm@cvs.openbsd.org 2005/02/27 23:13:36
206
[login-timeout.sh]
207
avoid nameservice lookups in regress test; ok dtucker@
208
- djm@cvs.openbsd.org 2005/03/04 08:48:46
209
[Makefile envpass.sh]
210
regress test for SendEnv config parsing bug; ok dtucker@
211
- (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
212
- (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
213
214
20050306
215
- (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
216
when attempting to audit disconnect events. Reported by Phil Dibowitz.
217
- (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
218
events earlier, prevents mm_request_send errors reported by Matt Goebel.
219
220
20050305
221
- (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
222
from vinschen at redhat.com
223
- (djm) OpenBSD CVS Sync
224
- jmc@cvs.openbsd.org 2005/03/02 11:45:01
225
[ssh.1]
226
missing word;
227
- djm@cvs.openbsd.org 2005/03/04 08:48:06
228
[readconf.c]
229
fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
230
231
20050302
232
- (djm) OpenBSD CVS sync:
233
- jmc@cvs.openbsd.org 2005/03/01 14:47:58
234
[ssh.1]
235
remove some unneccesary macros;
236
do not mark up punctuation;
237
- jmc@cvs.openbsd.org 2005/03/01 14:55:23
238
[ssh_config.5]
239
do not mark up punctuation;
240
whitespace;
241
- jmc@cvs.openbsd.org 2005/03/01 14:59:49
242
[sshd.8]
243
new sentence, new line;
244
whitespace;
245
- jmc@cvs.openbsd.org 2005/03/01 15:05:00
246
[ssh-keygen.1]
247
whitespace;
248
- jmc@cvs.openbsd.org 2005/03/01 15:47:14
249
[ssh-keyscan.1 ssh-keyscan.c]
250
sort options and sync usage();
251
- jmc@cvs.openbsd.org 2005/03/01 17:19:35
252
[scp.1 sftp.1]
253
add HashKnownHosts to -o list;
254
ok markus@
255
- jmc@cvs.openbsd.org 2005/03/01 17:22:06
256
[ssh.c]
257
sync usage() w/ man SYNOPSIS;
258
ok markus@
259
- jmc@cvs.openbsd.org 2005/03/01 17:32:19
260
[ssh-add.1]
261
sort options;
262
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
263
[ssh-keygen.1]
264
sort options (no attempt made at synopsis clean up though);
265
spelling (occurance -> occurrence);
266
use prompt before examples;
267
grammar;
268
- djm@cvs.openbsd.org 2005/03/02 01:00:06
269
[sshconnect.c]
270
fix addition of new hashed hostnames when CheckHostIP=yes;
271
found and ok dtucker@
272
- djm@cvs.openbsd.org 2005/03/02 01:27:41
273
[ssh-keygen.c]
274
ignore hostnames with metachars when hashing; ok deraadt@
275
- djm@cvs.openbsd.org 2005/03/02 02:21:07
276
[ssh.1]
277
bz#987: mention ForwardX11Trusted in ssh.1,
278
reported by andrew.benham AT thus.net; ok deraadt@
279
- (tim) [regress/agent-ptrace.sh] add another possible gdb error.
280
281
20050301
282
- (djm) OpenBSD CVS sync:
283
- otto@cvs.openbsd.org 2005/02/16 09:56:44
284
[ssh.c]
285
Better diagnostic if an identity file is not accesible. ok markus@ djm@
286
- djm@cvs.openbsd.org 2005/02/18 03:05:53
287
[canohost.c]
288
better error messages for getnameinfo failures; ok dtucker@
289
- djm@cvs.openbsd.org 2005/02/20 22:59:06
290
[sftp.c]
291
turn on ssh batch mode when in sftp batch mode, patch from
292
jdmossh AT nand.net;
293
ok markus@
294
- jmc@cvs.openbsd.org 2005/02/25 10:55:13
295
[sshd.8]
296
add /etc/motd and $HOME/.hushlogin to FILES;
297
from michael knudsen;
298
- djm@cvs.openbsd.org 2005/02/28 00:54:10
299
[ssh_config.5]
300
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
301
orion AT cora.nwra.com; ok markus@
302
- djm@cvs.openbsd.org 2005/03/01 10:09:52
303
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
304
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
305
[sshd_config.5]
306
bz#413: allow optional specification of bind address for port forwardings.
307
Patch originally by Dan Astorian, but worked on by several people
308
Adds GatewayPorts=clientspecified option on server to allow remote
309
forwards to bind to client-specified ports.
310
- djm@cvs.openbsd.org 2005/03/01 10:40:27
311
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
312
[sshconnect.c sshd.8]
313
add support for hashing host names and addresses added to known_hosts
314
files, to improve privacy of which hosts user have been visiting; ok
315
markus@ deraadt@
316
- djm@cvs.openbsd.org 2005/03/01 10:41:28
317
[ssh-keyscan.1 ssh-keyscan.c]
318
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
319
- djm@cvs.openbsd.org 2005/03/01 10:42:49
320
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
321
add tools for managing known_hosts files with hashed hostnames, including
322
hashing existing files and deleting hosts by name; ok markus@ deraadt@
323
324
20050226
325
- (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
326
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
327
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
328
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
329
more. Patch from vinschen at redhat.com.
330
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
331
binaries without the config files. Primarily useful for packaging.
332
Patch from phil at usc.edu. ok djm@
333
334
20050224
335
- (djm) [configure.ac] in_addr_t test needs sys/types.h too
336
337
20050222
338
- (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
339
vinschen at redhat.com.
340
341
20050220
342
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
343
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
344
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
345
parts by John R. Jackson. ok djm@
346
- (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
347
unrelated platforms to be configured incorrectly.
348
349
20050216
350
- (djm) write seed to temporary file and atomically rename into place;
351
ok dtucker@
352
- (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
353
via mkstemp in some configurations. ok djm@
354
- (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
355
by the system headers.
356
- (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
357
Unix; prevents problems relating to the location of -lresolv in the
358
link order.
359
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
360
authentication early enough to be available to PAM session modules when
361
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
362
Hartman and similar to Debian's ssh-krb5 package.
363
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
364
compiler warnings on AIX.
365
366
20050215
367
- (dtucker) [config.sh.in] Collect oslevel -r too.
368
- (dtucker) [README.platform auth.c configure.ac loginrec.c
369
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
370
on AIX where possible (see README.platform for details) and work around
371
a misfeature of AIX's getnameinfo. ok djm@
372
- (dtucker) [loginrec.c] Add missing #include.
373
374
20050211
375
- (dtucker) [configure.ac] Tidy up configure --help output.
376
- (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
377
378
20050210
379
- (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
380
--disable-etc-default-login configure option.
381
382
20050209
383
- (dtucker) OpenBSD CVS Sync
384
- dtucker@cvs.openbsd.org 2005/01/28 09:45:53
385
[ssh_config]
386
Make it clear that the example entries in ssh_config are only some of the
387
commonly-used options and refer the user to ssh_config(5) for more
388
details; ok djm@
389
- jmc@cvs.openbsd.org 2005/01/28 15:05:43
390
[ssh_config.5]
391
grammar;
392
- jmc@cvs.openbsd.org 2005/01/28 18:14:09
393
[ssh_config.5]
394
wording;
395
ok markus@
396
- dtucker@cvs.openbsd.org 2005/01/30 11:18:08
397
[monitor.c]
398
Make code match intent; ok djm@
399
- dtucker@cvs.openbsd.org 2005/02/08 22:24:57
400
[sshd.c]
401
Provide reason in error message if getnameinfo fails; ok markus@
402
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
403
disable_forwarding() from compat library. Prevent linker errrors trying
404
to resolve it for binaries other than sshd. ok djm@
405
- (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
406
paths. ok djm@
407
- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
408
the username to be passed to the passwd command when changing expired
409
passwords. ok djm@
410
411
20050208
412
- (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
413
regress tests so newer versions of GNU head(1) behave themselves. Patch
414
by djm, so ok me.
415
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
416
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
417
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
418
defines and enums with SSH_ to prevent namespace collisions on some
419
platforms (eg AIX).
420
421
20050204
422
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
423
- (dtucker) [auth.c] Fix parens in audit log check.
424
425
20050202
426
- (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
427
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
428
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
429
Make record_failed_login() call provide hostname rather than having the
430
implementations having to do lookups themselves. Only affects AIX and
431
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
432
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
433
the process. Since we also unset KRB5CCNAME at startup, if it's set after
434
authentication it must have been set by the platform's native auth system.
435
This was already done for AIX; this enables it for the general case.
436
- (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
437
Bug #974: Teach sshd to write failed login records to btmp for failed auth
438
attempts (currently only for password, kbdint and C/R, only on Linux and
439
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
440
hotmail.com, ok djm@
441
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
442
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
443
(first stage) Add audit instrumentation to sshd, currently disabled by
444
default. with suggestions from and ok djm@
445
446
20050201
447
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
448
platforms syslog will revert to its default values. This may result in
449
messages from external libraries (eg libwrap) being sent to a different
450
facility.
451
- (dtucker) [sshd_config.5] Bug #701: remove warning about
452
keyboard-interactive since this is no longer the case.
453
454
20050124
455
- (dtucker) OpenBSD CVS Sync
456
- otto@cvs.openbsd.org 2005/01/21 08:32:02
457
[auth-passwd.c sshd.c]
458
Warn in advance for password and account expiry; initialize loginmsg
459
buffer earlier and clear it after privsep fork. ok and help dtucker@
460
markus@
461
- dtucker@cvs.openbsd.org 2005/01/22 08:17:59
462
[auth.c]
463
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
464
DenyGroups. bz #909, ok djm@
465
- djm@cvs.openbsd.org 2005/01/23 10:18:12
466
[cipher.c]
467
config option "Ciphers" should be case-sensitive; ok dtucker@
468
- dtucker@cvs.openbsd.org 2005/01/24 10:22:06
469
[scp.c sftp.c]
470
Have scp and sftp wait for the spawned ssh to exit before they exit
471
themselves. This prevents ssh from being unable to restore terminal
472
modes (not normally a problem on OpenBSD but common with -Portable
473
on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
474
ok djm@ markus@
475
- dtucker@cvs.openbsd.org 2005/01/24 10:29:06
476
[moduli]
477
Import new moduli; requested by deraadt@ a week ago
478
- dtucker@cvs.openbsd.org 2005/01/24 11:47:13
479
[auth-passwd.c]
480
#if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
481
482
20050120
483
- (dtucker) OpenBSD CVS Sync
484
- markus@cvs.openbsd.org 2004/12/23 17:35:48
485
[session.c]
486
check for NULL; from mpech
487
- markus@cvs.openbsd.org 2004/12/23 17:38:07
488
[ssh-keygen.c]
489
leak; from mpech
490
- djm@cvs.openbsd.org 2004/12/23 23:11:00
491
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
492
bz #898: support AddressFamily in sshd_config. from
493
peak@argo.troja.mff.cuni.cz; ok deraadt@
494
- markus@cvs.openbsd.org 2005/01/05 08:51:32
495
[sshconnect.c]
496
remove dead code, log connect() failures with level error, ok djm@
497
- jmc@cvs.openbsd.org 2005/01/08 00:41:19
498
[sshd_config.5]
499
`login'(n) -> `log in'(v);
500
- dtucker@cvs.openbsd.org 2005/01/17 03:25:46
501
[moduli.c]
502
Correct spelling: SCHNOOR->SCHNORR; ok djm@
503
- dtucker@cvs.openbsd.org 2005/01/17 22:48:39
504
[sshd.c]
505
Make debugging output continue after reexec; ok djm@
506
- dtucker@cvs.openbsd.org 2005/01/19 13:11:47
507
[auth-bsdauth.c auth2-chall.c]
508
Have keyboard-interactive code call the drivers even for responses for
509
invalid logins. This allows the drivers themselves to decide how to
510
handle them and prevent leaking information where possible. Existing
511
behaviour for bsdauth is maintained by checking authctxt->valid in the
512
bsdauth driver. Note that any third-party kbdint drivers will now need
513
to be able to handle responses for invalid logins. ok markus@
514
- djm@cvs.openbsd.org 2004/12/22 02:13:19
515
[cipher-ctr.c cipher.c]
516
remove fallback AES support for old OpenSSL, as OpenBSD has had it for
517
many years now; ok deraadt@
518
(Id sync only: Portable will continue to support older OpenSSLs)
519
- (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
520
existence via keyboard-interactive/pam, in conjunction with previous
521
auth2-chall.c change; with Colin Watson and djm.
522
- (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
523
bytes to prevent errors from login_init_entry() when the username is
524
exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
525
- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
526
the list of available kbdint devices if UsePAM=no. ok djm@
527
528
20050118
529
- (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
530
"make survey" and "make send-survey". This will provide data on the
531
configure parameters, platform and platform features to the development
532
team, which will allow (among other things) better targetting of testing.
533
It's entirely voluntary and is off be default. ok djm@
534
- (dtucker) [survey.sh.in] Remove any blank lines from the output of
535
ccver-v and ccver-V.
536
537
20041220
538
- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
539
from prngd is enabled at compile time but fails at run time, eg because
540
prngd is not running. Note that if you have prngd running when OpenSSH is
541
built, OpenSSL will consider itself internally seeded and rand-helper won't
542
be built at all unless explicitly enabled via --with-rand-helper. ok djm@
543
- (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
544
on some wacky platforms (eg old AIXes), dd will refuse to create an output
545
file if it doesn't exist.
546
547
20041213
548
- (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
549
amarendra.godbole at ge com.
550
551
20041211
552
- (dtucker) OpenBSD CVS Sync
553
- markus@cvs.openbsd.org 2004/12/06 16:00:43
554
[bufaux.c]
555
use 0x00 not \0 since buf[] is a bignum
556
- fgsch@cvs.openbsd.org 2004/12/10 03:10:42
557
[sftp.c]
558
- fix globbed ls for paths the same lenght as the globbed path when
559
we have a unique matching.
560
- fix globbed ls in case of a directory when we have a unique matching.
561
- as a side effect, if the path does not exist error (used to silently
562
ignore).
563
- don't do extra do_lstat() if we only have one matching file.
564
djm@ ok
565
- dtucker@cvs.openbsd.org 2004/12/11 01:48:56
566
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
567
Fix debug call in error path of authorized_keys processing and fix related
568
warnings; ok djm@
569
570
20041208
571
- (tim) [configure.ac] Comment some non obvious platforms in the
572
target-specific case statement. Suggested and OK by dtucker@
573
574
20041207
575
- (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
576
577
20041206
578
- (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
579
- (dtucker) OpenBSD CVS Sync
580
- markus@cvs.openbsd.org 2004/11/25 22:22:14
581
[sftp-client.c sftp.c]
582
leak; from mpech
583
- jmc@cvs.openbsd.org 2004/11/29 00:05:17
584
[sftp.1]
585
missing full stop;
586
- djm@cvs.openbsd.org 2004/11/29 07:41:24
587
[sftp-client.h sftp.c]
588
Some small fixes from moritz@jodeit.org. ok deraadt@
589
- jaredy@cvs.openbsd.org 2004/12/05 23:55:07
590
[sftp.1]
591
- explain that patterns can be used as arguments in get/put/ls/etc
592
commands (prodded by Michael Knudsen)
593
- describe ls flags as a list
594
- other minor improvements
595
ok jmc, djm
596
- dtucker@cvs.openbsd.org 2004/12/06 11:41:03
597
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
598
Discard over-length authorized_keys entries rather than complaining when
599
they don't decode. bz #884, with & ok djm@
600
- (dtucker) OpenBSD CVS Sync (regress/)
601
- djm@cvs.openbsd.org 2004/06/26 06:16:07
602
[reexec.sh]
603
don't change the name of the copied sshd for the reexec fallback test,
604
makes life simpler for portable
605
- dtucker@cvs.openbsd.org 2004/07/08 12:59:35
606
[scp.sh]
607
Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@
608
- david@cvs.openbsd.org 2004/07/09 19:45:43
609
[Makefile]
610
add a missing CLEANFILES used in the re-exec test
611
- djm@cvs.openbsd.org 2004/10/08 02:01:50
612
[reexec.sh]
613
shrink and tidy; ok dtucker@
614
- djm@cvs.openbsd.org 2004/10/29 23:59:22
615
[Makefile added brokenkeys.sh]
616
regression test for handling of corrupt keys in authorized_keys file
617
- djm@cvs.openbsd.org 2004/11/07 00:32:41
618
[multiplex.sh]
619
regression tests for new multiplex commands
620
- dtucker@cvs.openbsd.org 2004/11/25 09:39:27
621
[test-exec.sh]
622
Remove obsolete RhostsAuthentication from test config; ok markus@
623
- dtucker@cvs.openbsd.org 2004/12/06 10:49:56
624
[test-exec.sh]
625
Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
626
627
20041203
628
- (dtucker) OpenBSD CVS Sync
629
- jmc@cvs.openbsd.org 2004/11/07 17:42:36
630
[ssh.1]
631
options sort, and whitespace;
632
- jmc@cvs.openbsd.org 2004/11/07 17:57:30
633
[ssh.c]
634
usage():
635
- add -O
636
- sync -S w/ manpage
637
- remove -h
638
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
639
subsequently denied by the PAM auth stack, send the PAM message to the
640
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
641
ok djm@
642
643
20041107
644
- (dtucker) OpenBSD CVS Sync
645
- djm@cvs.openbsd.org 2004/11/05 12:19:56
646
[sftp.c]
647
command editing and history support via libedit; ok markus@
648
thanks to hshoexer@ and many testers on tech@ too
649
- djm@cvs.openbsd.org 2004/11/07 00:01:46
650
[clientloop.c clientloop.h ssh.1 ssh.c]
651
add basic control of a running multiplex master connection; including the
652
ability to check its status and request it to exit; ok markus@
653
- (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
654
option and supporting makefile bits and documentation.
655
656
20041105
657
- (dtucker) OpenBSD CVS Sync
658
- markus@cvs.openbsd.org 2004/08/30 09:18:08
659
[LICENCE]
660
s/keygen/keyscan/
661
- jmc@cvs.openbsd.org 2004/08/30 21:22:49
662
[ssh-add.1 ssh.1]
663
.Xsession -> .xsession;
664
originally from a pr from f at obiit dot org, but missed by myself;
665
ok markus@ matthieu@
666
- djm@cvs.openbsd.org 2004/09/07 23:41:30
667
[clientloop.c ssh.c]
668
cleanup multiplex control socket on SIGHUP too, spotted by sturm@
669
ok markus@ deraadt@
670
- deraadt@cvs.openbsd.org 2004/09/15 00:46:01
671
[ssh.c]
672
/* fallthrough */ is something a programmer understands. But
673
/* FALLTHROUGH */ is also understood by lint, so that is better.
674
- jaredy@cvs.openbsd.org 2004/09/15 03:25:41
675
[sshd_config.5]
676
mention PrintLastLog only prints last login time for interactive
677
sessions, like PrintMotd mentions.
678
From Michael Knudsen, with wording changed slightly to match the
679
PrintMotd description.
680
ok djm
681
- mickey@cvs.openbsd.org 2004/09/15 18:42:27
682
[sshd.c]
683
use less doubles in daemons; markus@ ok
684
- deraadt@cvs.openbsd.org 2004/09/15 18:46:04
685
[scp.c]
686
scratch that do { } while (0) wrapper in this case
687
- djm@cvs.openbsd.org 2004/09/23 13:00:04
688
[ssh.c]
689
correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
690
- djm@cvs.openbsd.org 2004/09/25 03:45:14
691
[sshd.c]
692
these printf args are no longer double; ok deraadt@ markus@
693
- djm@cvs.openbsd.org 2004/10/07 10:10:24
694
[scp.1 sftp.1 ssh.1 ssh_config.5]
695
document KbdInteractiveDevices; ok markus@
696
- djm@cvs.openbsd.org 2004/10/07 10:12:36
697
[ssh-agent.c]
698
don't unlink agent socket when bind() fails, spotted by rich AT
699
rich-paul.net, ok markus@
700
- markus@cvs.openbsd.org 2004/10/20 11:48:53
701
[packet.c ssh1.h]
702
disconnect for invalid (out of range) message types.
703
- djm@cvs.openbsd.org 2004/10/29 21:47:15
704
[channels.c channels.h clientloop.c]
705
fix some window size change bugs for multiplexed connections: windows sizes
706
were not being updated if they had changed after ~^Z suspends and SIGWINCH
707
was not being processed unless the first connection had requested a tty;
708
ok markus
709
- djm@cvs.openbsd.org 2004/10/29 22:53:56
710
[clientloop.c misc.h readpass.c ssh-agent.c]
711
factor out common permission-asking code to separate function; ok markus@
712
- djm@cvs.openbsd.org 2004/10/29 23:56:17
713
[bufaux.c bufaux.h buffer.c buffer.h]
714
introduce a new buffer API that returns an error rather than fatal()ing
715
when presented with bad data; ok markus@
716
- djm@cvs.openbsd.org 2004/10/29 23:57:05
717
[key.c]
718
use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
719
files; ok markus@
720
721
20041102
722
- (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
723
10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
724
only if a conflict is detected.
725
726
20041019
727
- (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
728
on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
729
730
20041016
731
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
732
ok dtucker@
733
734
20041006
735
- (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
736
and other PAM platforms.
737
- (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
738
to void * to appease picky compilers (eg Tru64's "cc -std1").
739
740
20040930
741
- (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@
742
743
20040923
744
- (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
745
which could have caused the justification to be wrong. ok djm@
746
747
20040921
748
- (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
749
ok djm@
750
- (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
751
install process. Patch from vinschen at redhat.com.
752
753
20040912
754
- (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
755
No change in resultant binary
756
- (djm) [loginrec.c] __func__ifiy
757
- (djm) [loginrec.c] xmalloc
758
- (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
759
banner. Suggested by deraadt@, ok mouring@, dtucker@
760
- (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
761
Partly by & ok djm@.
762
763
20040911
764
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
765
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
766
failing PAM session modules to user then exit, similar to the way
767
/etc/nologin is handled. ok djm@
768
- (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
769
- (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
770
Make cygwin code more consistent with that which surrounds it
771
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
772
Bug #892: Send messages from failing PAM account modules to the client via
773
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
774
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
775
- (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@
776
- (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
777
Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
778
- (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
779
at anl.gov, ok djm@
780
781
20040830
782
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
783
copy required environment variables on Cygwin. Patch from vinschen at
784
redhat.com, ok djm@
785
- (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
786
vinschen at redhat.com.
787
- (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
788
of shell constructs. Patch from cjwatson at debian.org.
789
790
20040829
791
- (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
792
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
793
From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
794
- (dtucker) OpenBSD CVS Sync
795
- djm@cvs.openbsd.org 2004/08/23 11:48:09
796
[authfile.c]
797
fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
798
- djm@cvs.openbsd.org 2004/08/23 11:48:47
799
[channels.c]
800
typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
801
- dtucker@cvs.openbsd.org 2004/08/23 14:26:38
802
[ssh-keysign.c ssh.c]
803
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
804
change in Portable; ok markus@ (CVS ID sync only)
805
- dtucker@cvs.openbsd.org 2004/08/23 14:29:23
806
[ssh-keysign.c]
807
Remove duplicate getuid(), suggested by & ok markus@
808
- markus@cvs.openbsd.org 2004/08/26 16:00:55
809
[ssh.1 sshd.8]
810
get rid of references to rhosts authentication; with jmc@
811
- djm@cvs.openbsd.org 2004/08/28 01:01:48
812
[sshd.c]
813
don't erroneously close stdin for !reexec case, from Dave Johnson;
814
ok markus@
815
- (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
816
fixes configure warning on Solaris reported by wknox at mitre.org.
817
- (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
818
support FD passing since multiplex requires it. Noted by tim@
819
- (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
820
down, needed on some platforms, should be harmless on others. Patch from
821
jason at devrandom.org.
822
- (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
823
files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
824
- (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
825
builds too, from vinschen at redhat.com.
826
- (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
827
too; patch from cmadams at hiwaay.net.
828
- (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
829
- (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
830
accounts with authentication configs that sshd can't support (ie
831
SYSTEM=NONE and AUTH1=something).
832
833
20040828
834
- (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
835
vinschen at redhat.com.
836
837
20040823
838
- (djm) [ssh-rand-helper.c] Typo. Found by
839
Martin.Kraemer AT Fujitsu-Siemens.com
840
- (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
841
Martin.Kraemer AT Fujitsu-Siemens.com
842
1
843
20040817
2
844
- (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
3
845
- (djm) OpenBSD CVS Sync
1654
2496
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
1655
2497
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1656
2498
1657
$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $
2499
$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
Loggerhead is a web-based interface for Breezy
Version: 2.0.1