1 20001106 2 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs 3 - (djm) Manually fix up missed diff hunks (mainly RCS idents) 4 - (djm) Remove UPGRADING document in favour of a link to the better 5 maintained FAQ on www.openssh.com 6 - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola 7 <pekkas (a] netcore.fi> 8 - (djm) Don't need X11-askpass in RPM spec file if building without it 9 from Pekka Savola <pekkas (a] netcore.fi> 10 - (djm) Release 2.3.0p1 11 12 20001105 13 - (bal) Sync with OpenBSD: 14 - markus (a] cvs.openbsd.org 2000/10/31 9:31:58 15 [compat.c] 16 handle all old openssh versions 17 - markus (a] cvs.openbsd.org 2000/10/31 13:1853 18 [deattack.c] 19 so that large packets do not wrap "n"; from netbsd 20 - (bal) rijndel.c - fix up RCSID to match OpenBSD tree 21 - (bal) auth2-skey.c - Checked in. Missing from portable tree. 22 - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and 23 setsid() into more common files 24 - (stevesk) pty.c: use __hpux to identify HP-UX. 25 - (bal) Missed auth-skey.o in Makefile.in and minor correction to 26 bsd-waitpid.c 27 28 20001029 29 - (stevesk) Fix typo in auth.c: USE_PAM not PAM 30 - (stevesk) Create contrib/cygwin/ directory; patch from 31 Corinna Vinschen <vinschen (a] redhat.com> 32 - (bal) Resolved more $xno and $xyes issues in configure.in 33 - (bal) next-posix.h - spelling and forgot a prototype 34 35 20001028 36 - (djm) fix select hack in serverloop.c from Philippe WILLEM 37 <Philippe.WILLEM (a] urssaf.fr> 38 - (djm) Fix mangled AIXAUTHENTICATE code 39 - (djm) authctxt->pw may be NULL. Fix from Markus Friedl 40 <markus.friedl (a] informatik.uni-erlangen.de> 41 - (djm) Sync with OpenBSD: 42 - markus (a] cvs.openbsd.org 2000/10/16 15:46:32 43 [ssh.1] 44 fixes from pekkas (a] netcore.fi 45 - markus (a] cvs.openbsd.org 2000/10/17 14:28:11 46 [atomicio.c] 47 return number of characters processed; ok deraadt@ 48 - markus (a] cvs.openbsd.org 2000/10/18 12:04:02 49 [atomicio.c] 50 undo 51 - markus (a] cvs.openbsd.org 2000/10/18 12:23:02 52 [scp.c] 53 replace atomicio(read,...) with read(); ok deraadt@ 54 - markus (a] cvs.openbsd.org 2000/10/18 12:42:00 55 [session.c] 56 restore old record login behaviour 57 - deraadt (a] cvs.openbsd.org 2000/10/19 10:41:13 58 [auth-skey.c] 59 fmt string problem in unused code 60 - provos (a] cvs.openbsd.org 2000/10/19 10:45:16 61 [sshconnect2.c] 62 don't reference freed memory. okay deraadt@ 63 - markus (a] cvs.openbsd.org 2000/10/21 11:04:23 64 [canohost.c] 65 typo, eramore (a] era-t.ericsson.se; ok niels@ 66 - markus (a] cvs.openbsd.org 2000/10/23 13:31:55 67 [cipher.c] 68 non-alignment dependent swap_bytes(); from 69 simonb (a] wasabisystems.com/netbsd 70 - markus (a] cvs.openbsd.org 2000/10/26 12:38:28 71 [compat.c] 72 add older vandyke products 73 - markus (a] cvs.openbsd.org 2000/10/27 01:32:19 74 [channels.c channels.h clientloop.c serverloop.c session.c] 75 [ssh.c util.c] 76 enable non-blocking IO on channels, and tty's (except for the 77 client ttys). 78 79 20001027 80 - (djm) Increase REKEY_BYTES to 2^24 for arc4random 81 82 20001025 83 - (djm) Added WARNING.RNG file and modified configure to ask users of the 84 builtin entropy code to read it. 85 - (djm) Prefer builtin regex to PCRE. 86 - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly. 87 - (bal) Apply fixes to configure.in pointed out by Pavel Roskin 88 <proski (a] gnu.org> 89 90 20001020 91 - (djm) Don't define _REENTRANT for SNI/Reliant Unix 92 - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation 93 is more correct then current version. 94 95 20001018 96 - (stevesk) Add initial support for setproctitle(). Current 97 support is for the HP-UX pstat(PSTAT_SETCMD, ...) method. 98 - (stevesk) Add egd startup scripts to contrib/hpux/ 99 100 20001017 101 - (djm) Add -lregex to cywin libs from Corinna Vinschen 102 <vinschen (a] cygnus.com> 103 - (djm) Don't rely on atomicio's retval to determine length of askpass 104 supplied passphrase. Problem report from Lutz Jaenicke 105 <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 106 - (bal) Changed from GNU rx to PCRE on suggestion from djm. 107 - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki 108 <nakaji (a] tutrp.tut.ac.jp> 109 110 20001016 111 - (djm) Sync with OpenBSD: 112 - markus (a] cvs.openbsd.org 2000/10/14 04:01:15 113 [cipher.c] 114 debug3 115 - markus (a] cvs.openbsd.org 2000/10/14 04:07:23 116 [scp.c] 117 remove spaces from arguments; from djm (a] mindrot.org 118 - markus (a] cvs.openbsd.org 2000/10/14 06:09:46 119 [ssh.1] 120 Cipher is for SSH-1 only 121 - markus (a] cvs.openbsd.org 2000/10/14 06:12:09 122 [servconf.c servconf.h serverloop.c session.c sshd.8] 123 AllowTcpForwarding; from naddy@ 124 - markus (a] cvs.openbsd.org 2000/10/14 06:16:56 125 [auth2.c compat.c compat.h sshconnect2.c version.h] 126 OpenSSH_2.3; note that is is not complete, but the version number 127 needs to be changed for interoperability reasons 128 - markus (a] cvs.openbsd.org 2000/10/14 06:19:45 129 [auth-rsa.c] 130 do not send RSA challenge if key is not allowed by key-options; from 131 eivind (a] ThinkSec.com 132 - markus (a] cvs.openbsd.org 2000/10/15 08:14:01 133 [rijndael.c session.c] 134 typos; from stevesk (a] sweden.hp.com 135 - markus (a] cvs.openbsd.org 2000/10/15 08:18:31 136 [rijndael.c] 137 typo 138 - (djm) Copy manpages back over from OpenBSD - too tedious to wade 139 through diffs 140 - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola 141 <pekkas (a] netcore.fi> 142 - (djm) Update version in Redhat spec file 143 - (djm) Merge some of Nalin Dahyabhai <nalin (a] redhat.com> changes from the 144 Redhat 7.0 spec file 145 - (djm) Make inability to read/write PRNG seedfile non-fatal 146 147 148 20001015 149 - (djm) Fix ssh2 hang on background processes at logout. 150 151 20001014 152 - (bal) Add support for realpath and getcwd for platforms with broken 153 or missing realpath implementations for sftp-server. 154 - (bal) Corrected mistake in INSTALL in regards to GNU rx library 155 - (bal) Add support for GNU rx library for those lacking regexp support 156 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth 157 - (djm) Revert SSH2 serverloop hack, will find a better way. 158 - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch 159 from Martin Johansson <fatbob (a] acc.umu.se> 160 - (djm) Big OpenBSD sync: 161 - markus (a] cvs.openbsd.org 2000/09/30 10:27:44 162 [log.c] 163 allow loglevel debug 164 - markus (a] cvs.openbsd.org 2000/10/03 11:59:57 165 [packet.c] 166 hmac->mac 167 - markus (a] cvs.openbsd.org 2000/10/03 12:03:03 168 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] 169 move fake-auth from auth1.c to individual auth methods, disables s/key in 170 debug-msg 171 - markus (a] cvs.openbsd.org 2000/10/03 12:16:48 172 ssh.c 173 do not resolve canonname, i have no idea why this was added oin ossh 174 - markus (a] cvs.openbsd.org 2000/10/09 15:30:44 175 ssh-keygen.1 ssh-keygen.c 176 -X now reads private ssh.com DSA keys, too. 177 - markus (a] cvs.openbsd.org 2000/10/09 15:32:34 178 auth-options.c 179 clear options on every call. 180 - markus (a] cvs.openbsd.org 2000/10/09 15:51:00 181 authfd.c authfd.h 182 interop with ssh-agent2, from <res (a] shore.net> 183 - markus (a] cvs.openbsd.org 2000/10/10 14:20:45 184 compat.c 185 use rexexp for version string matching 186 - provos (a] cvs.openbsd.org 2000/10/10 22:02:18 187 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] 188 First rough implementation of the diffie-hellman group exchange. The 189 client can ask the server for bigger groups to perform the diffie-hellman 190 in, thus increasing the attack complexity when using ciphers with longer 191 keys. University of Windsor provided network, T the company. 192 - markus (a] cvs.openbsd.org 2000/10/11 13:59:52 193 [auth-rsa.c auth2.c] 194 clear auth options unless auth sucessfull 195 - markus (a] cvs.openbsd.org 2000/10/11 14:00:27 196 [auth-options.h] 197 clear auth options unless auth sucessfull 198 - markus (a] cvs.openbsd.org 2000/10/11 14:03:27 199 [scp.1 scp.c] 200 support 'scp -o' with help from mouring (a] pconline.com 201 - markus (a] cvs.openbsd.org 2000/10/11 14:11:35 202 [dh.c] 203 Wall 204 - markus (a] cvs.openbsd.org 2000/10/11 14:14:40 205 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] 206 [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] 207 add support for s/key (kbd-interactive) to ssh2, based on work by 208 mkiernan (a] avantgo.com and me 209 - markus (a] cvs.openbsd.org 2000/10/11 14:27:24 210 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] 211 [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] 212 [sshconnect2.c sshd.c] 213 new cipher framework 214 - markus (a] cvs.openbsd.org 2000/10/11 14:45:21 215 [cipher.c] 216 remove DES 217 - markus (a] cvs.openbsd.org 2000/10/12 03:59:20 218 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] 219 enable DES in SSH-1 clients only 220 - markus (a] cvs.openbsd.org 2000/10/12 08:21:13 221 [kex.h packet.c] 222 remove unused 223 - markus (a] cvs.openbsd.org 2000/10/13 12:34:46 224 [sshd.c] 225 Kludge for F-Secure Macintosh < 1.0.2; appro (a] fy.chalmers.se 226 - markus (a] cvs.openbsd.org 2000/10/13 12:59:15 227 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] 228 rijndael/aes support 229 - markus (a] cvs.openbsd.org 2000/10/13 13:10:54 230 [sshd.8] 231 more info about -V 232 - markus (a] cvs.openbsd.org 2000/10/13 13:12:02 233 [myproposal.h] 234 prefer no compression 235 - (djm) Fix scp user@host handling 236 - (djm) Don't clobber ssh_prng_cmds on install 237 - (stevesk) Include config.h in rijndael.c so we define intXX_t and 238 u_intXX_t types on all platforms. 239 - (stevesk) rijndael.c: cleanup missing declaration warnings. 240 - (stevesk) ~/.hushlogin shouldn't cause required password change to 241 be bypassed. 242 - (stevesk) Display correct path to ssh-askpass in configure output. 243 Report from Lutz Jaenicke. 244 245 20001007 246 - (stevesk) Print PAM return value in PAM log messages to aid 247 with debugging. 248 - (stevesk) Fix detection of pw_class struct member in configure; 249 patch from KAMAHARA Junzo <kamahara (a] cc.kshosen.ac.jp> 250 251 20001002 252 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk (a] sweden.hp.com> 253 - (djm) Add host system and CC to end-of-configure report. Suggested by 254 Lutz Jaenicke <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 255 256 20000931 257 - (djm) Cygwin fixes from Corinna Vinschen <vinschen (a] cygnus.com> 258 259 20000930 260 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas (a] netcore.fi> 261 - (djm) Support in bsd-snprintf.c for long long conversions from 262 Ben Lindstrom <mouring (a] pconline.com> 263 - (djm) Cleanup NeXT support from Ben Lindstrom <mouring (a] pconline.com> 264 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with 265 very short lived X connections. Bug report from Tobias Oetiker 266 <oetiker (a] ee.ethz.ch>. Fix from Markus Friedl <markus (a] cvs.openbsd.org> 267 - (djm) Add recent InitScripts as a RPM dependancy for openssh-server 268 patch from Pekka Savola <pekkas (a] netcore.fi> 269 - (djm) Forgot to cvs add LICENSE file 270 - (djm) Add LICENSE to RPM spec files 271 - (djm) CVS OpenBSD sync: 272 - markus (a] cvs.openbsd.org 2000/09/26 13:59:59 273 [clientloop.c] 274 use debug2 275 - markus (a] cvs.openbsd.org 2000/09/27 15:41:34 276 [auth2.c sshconnect2.c] 277 use key_type() 278 - markus (a] cvs.openbsd.org 2000/09/28 12:03:18 279 [channels.c] 280 debug -> debug2 cleanup 281 - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only 282 strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis 283 <Alain.St-Denis (a] ec.gc.ca> 284 - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass. 285 Problem was caused by interrupted read in ssh-add. Report from Donald 286 J. Barry <don (a] astro.cornell.edu> 287 288 20000929 289 - (djm) Fix SSH2 not terminating until all background tasks done problem. 290 - (djm) Another off-by-one fix from Pavel Kankovsky 291 <peak (a] argo.troja.mff.cuni.cz> 292 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, 293 tidy necessary differences. Use Markus' new debugN() in entropy.c 294 - (djm) Merged big SCO portability patch from Tim Rice 295 <tim (a] multitalents.net> 296 297 20000926 298 - (djm) Update X11-askpass to 1.0.2 in RPM spec file 299 - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX 300 - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. 301 Report and fix from Pavel Kankovsky <peak (a] argo.troja.mff.cuni.cz> 302 303 20000924 304 - (djm) Merged cleanup patch from Mark Miller <markm (a] swoon.net> 305 - (djm) A bit more cleanup - created cygwin_util.h 306 - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller 307 <markm (a] swoon.net> 308 309 20000923 310 - (djm) Fix address logging in utmp from Kevin Steves 311 <stevesk (a] sweden.hp.com> 312 - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas (a] netcore.fi> 313 - (djm) Seperate tests for int64_t and u_int64_t types 314 - (djm) Tweak password expiry checking at suggestion of Kevin Steves 315 <stevesk (a] sweden.hp.com> 316 - (djm) NeXT patch from Ben Lindstrom <mouring (a] pconline.com> 317 - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from 318 Michael Stone <mstone (a] cs.loyola.edu> 319 - (djm) OpenBSD CVS sync: 320 - markus (a] cvs.openbsd.org 2000/09/17 09:38:59 321 [sshconnect2.c sshd.c] 322 fix DEBUG_KEXDH 323 - markus (a] cvs.openbsd.org 2000/09/17 09:52:51 324 [sshconnect.c] 325 yes no; ok niels@ 326 - markus (a] cvs.openbsd.org 2000/09/21 04:55:11 327 [sshd.8] 328 typo 329 - markus (a] cvs.openbsd.org 2000/09/21 05:03:54 330 [serverloop.c] 331 typo 332 - markus (a] cvs.openbsd.org 2000/09/21 05:11:42 333 scp.c 334 utime() to utimes(); mouring (a] pconline.com 335 - markus (a] cvs.openbsd.org 2000/09/21 05:25:08 336 sshconnect2.c 337 change login logic in ssh2, allows plugin of other auth methods 338 - markus (a] cvs.openbsd.org 2000/09/21 05:25:35 339 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] 340 [serverloop.c] 341 add context to dispatch_run 342 - markus (a] cvs.openbsd.org 2000/09/21 05:07:52 343 authfd.c authfd.h ssh-agent.c 344 bug compat for old ssh.com software 345 346 20000920 347 - (djm) Fix bad path substitution. Report from Andrew Miner 348 <asminer (a] cs.iastate.edu> 349 350 20000916 351 - (djm) Fix SSL search order from Lutz Jaenicke 352 <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 353 - (djm) New SuSE spec from Corinna Vinschen <corinna (a] vinschen.de> 354 - (djm) Update CygWin support from Corinna Vinschen <vinschen (a] cygnus.com> 355 - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. 356 Patch from Larry Jones <larry.jones (a] sdrc.com> 357 - (djm) Add Steve VanDevender's <stevev (a] darkwing.uoregon.edu> PAM 358 password change patch. 359 - (djm) Bring licenses on my stuff in line with OpenBSD's 360 - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from 361 Kevin Steves <stevesk (a] sweden.hp.com> 362 - (djm) Shadow expiry check fix from Pavel Troller <patrol (a] omni.sinus.cz> 363 - (djm) Re-enable int64_t types - we need them for sftp 364 - (djm) Use libexecdir from configure , rather than libexecdir/ssh 365 - (djm) Update Redhat SPEC file accordingly 366 - (djm) Add Kevin Steves <stevesk (a] sweden.hp.com> HP/UX contrib files 367 - (djm) Add Charles Levert <charles (a] comm.polymtl.ca> getpgrp patch 368 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter 369 <Dirk.DeWachter (a] rug.ac.be> 370 - (djm) Fixprogs and entropy list fixes from Larry Jones 371 <larry.jones (a] sdrc.com> 372 - (djm) Fix for SuSE spec file from Takashi YOSHIDA 373 <tyoshida (a] gemini.rc.kyushu-u.ac.jp> 374 - (djm) Merge OpenBSD changes: 375 - markus (a] cvs.openbsd.org 2000/09/05 02:59:57 376 [session.c] 377 print hostname (not hushlogin) 378 - markus (a] cvs.openbsd.org 2000/09/05 13:18:48 379 [authfile.c ssh-add.c] 380 enable ssh-add -d for DSA keys 381 - markus (a] cvs.openbsd.org 2000/09/05 13:20:49 382 [sftp-server.c] 383 cleanup 384 - markus (a] cvs.openbsd.org 2000/09/06 03:46:41 385 [authfile.h] 386 prototype 387 - deraadt (a] cvs.openbsd.org 2000/09/07 14:27:56 388 [ALL] 389 cleanup copyright notices on all files. I have attempted to be 390 accurate with the details. everything is now under Tatu's licence 391 (which I copied from his readme), and/or the core-sdi bsd-ish thing 392 for deattack, or various openbsd developers under a 2-term bsd 393 licence. We're not changing any rules, just being accurate. 394 - markus (a] cvs.openbsd.org 2000/09/07 14:40:30 395 [channels.c channels.h clientloop.c serverloop.c ssh.c] 396 cleanup window and packet sizes for ssh2 flow control; ok niels 397 - markus (a] cvs.openbsd.org 2000/09/07 14:53:00 398 [scp.c] 399 typo 400 - markus (a] cvs.openbsd.org 2000/09/07 15:13:37 401 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] 402 [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] 403 [pty.c readconf.c] 404 some more Copyright fixes 405 - markus (a] cvs.openbsd.org 2000/09/08 03:02:51 406 [README.openssh2] 407 bye bye 408 - deraadt (a] cvs.openbsd.org 2000/09/11 18:38:33 409 [LICENCE cipher.c] 410 a few more comments about it being ARC4 not RC4 411 - markus (a] cvs.openbsd.org 2000/09/12 14:53:11 412 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] 413 multiple debug levels 414 - markus (a] cvs.openbsd.org 2000/09/14 14:25:15 415 [clientloop.c] 416 typo 417 - deraadt (a] cvs.openbsd.org 2000/09/15 01:13:51 418 [ssh-agent.c] 419 check return value for setenv(3) for failure, and deal appropriately 420 421 20000913 422 - (djm) Fix server not exiting with jobs in background. 423 424 20000905 425 - (djm) Import OpenBSD CVS changes 426 - markus (a] cvs.openbsd.org 2000/08/31 15:52:24 427 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c] 428 implement a SFTP server. interops with sftp2, scp2 and the windows 429 client from ssh.com 430 - markus (a] cvs.openbsd.org 2000/08/31 15:56:03 431 [README.openssh2] 432 sync 433 - markus (a] cvs.openbsd.org 2000/08/31 16:05:42 434 [session.c] 435 Wall 436 - markus (a] cvs.openbsd.org 2000/08/31 16:09:34 437 [authfd.c ssh-agent.c] 438 add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions 439 - deraadt (a] cvs.openbsd.org 2000/09/01 09:25:13 440 [scp.1 scp.c] 441 cleanup and fix -S support; stevesk (a] sweden.hp.com 442 - markus (a] cvs.openbsd.org 2000/09/01 16:29:32 443 [sftp-server.c] 444 portability fixes 445 - markus (a] cvs.openbsd.org 2000/09/01 16:32:41 446 [sftp-server.c] 447 fix cast; mouring (a] pconline.com 448 - itojun (a] cvs.openbsd.org 2000/09/03 09:23:28 449 [ssh-add.1 ssh.1] 450 add missing .El against .Bl. 451 - markus (a] cvs.openbsd.org 2000/09/04 13:03:41 452 [session.c] 453 missing close; ok theo 454 - markus (a] cvs.openbsd.org 2000/09/04 13:07:21 455 [session.c] 456 fix get_last_login_time order; from andre (a] van-veen.de 457 - markus (a] cvs.openbsd.org 2000/09/04 13:10:09 458 [sftp-server.c] 459 more cast fixes; from mouring (a] pconline.com 460 - markus (a] cvs.openbsd.org 2000/09/04 13:06:04 461 [session.c] 462 set SSH_ORIGINAL_COMMAND; from Leakin (a] dfw.nostrum.com, bet (a] rahul.net 463 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile 464 - (djm) Merge cygwin support from Corinna Vinschen <vinschen (a] cygnus.com> 465 466 20000903 467 - (djm) Fix Redhat init script 468 469 20000901 470 - (djm) Pick up Jim's new X11-askpass 471 - (djm) Release 2.2.0p1 472 473 20000831 474 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox 475 <acox (a] cv.telegroup.com> 476 - (djm) Pick up new version (2.2.0) from OpenBSD CVS 477 478 20000830 479 - (djm) Compile warning fixes from Mark Miller <markm (a] swoon.net> 480 - (djm) Periodically rekey arc4random 481 - (djm) Clean up diff against OpenBSD. 482 - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves 483 <stevesk (a] sweden.hp.com> 484 - (djm) Quieten the pam delete credentials error message 485 - (djm) Fix printing of $DISPLAY hack if set by system type. Report from 486 Kevin Steves <stevesk (a] sweden.hp.com> 487 - (djm) NeXT patch from Ben Lindstrom <mouring (a] pconline.com> 488 - (djm) Fix doh in bsd-arc4random.c 489 490 20000829 491 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert 492 Doering <gert (a] greenie.muc.de>, John Horne <J.Horne (a] plymouth.ac.uk> and 493 Garrick James <garrick (a] james.net> 494 - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from 495 Bastian Trompetter <btrompetter (a] firemail.de> 496 - (djm) NeXT tweaks from Ben Lindstrom <mouring (a] pconline.com> 497 - More OpenBSD updates: 498 - deraadt (a] cvs.openbsd.org 2000/08/24 15:46:59 499 [scp.c] 500 off_t in sink, to fix files > 2GB, i think, test is still running ;-) 501 - deraadt (a] cvs.openbsd.org 2000/08/25 10:10:06 502 [session.c] 503 Wall 504 - markus (a] cvs.openbsd.org 2000/08/26 04:33:43 505 [compat.c] 506 ssh.com-2.3.0 507 - markus (a] cvs.openbsd.org 2000/08/27 12:18:05 508 [compat.c] 509 compatibility with future ssh.com versions 510 - deraadt (a] cvs.openbsd.org 2000/08/27 21:50:55 511 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c] 512 print uid/gid as unsigned 513 - markus (a] cvs.openbsd.org 2000/08/28 13:51:00 514 [ssh.c] 515 enable -n and -f for ssh2 516 - markus (a] cvs.openbsd.org 2000/08/28 14:19:53 517 [ssh.c] 518 allow combination of -N and -f 519 - markus (a] cvs.openbsd.org 2000/08/28 14:20:56 520 [util.c] 521 util.c 522 - markus (a] cvs.openbsd.org 2000/08/28 14:22:02 523 [util.c] 524 undo 525 - markus (a] cvs.openbsd.org 2000/08/28 14:23:38 526 [util.c] 527 don't complain if setting NONBLOCK fails with ENODEV 528 529 20000823 530 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4 531 Avoids "scp never exits" problem. Reports from Lutz Jaenicke 532 <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> and Tamito KAJIYAMA 533 <kajiyama (a] grad.sccs.chukyo-u.ac.jp> 534 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers 535 - (djm) Add local version to version.h 536 - (djm) Don't reseed arc4random everytime it is used 537 - (djm) OpenBSD CVS updates: 538 - deraadt (a] cvs.openbsd.org 2000/08/18 20:07:23 539 [ssh.c] 540 accept remsh as a valid name as well; roman (a] buildpoint.com 541 - deraadt (a] cvs.openbsd.org 2000/08/18 20:17:13 542 [deattack.c crc32.c packet.c] 543 rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to 544 libz crc32 function yet, because it has ugly "long"'s in it; 545 oneill (a] cs.sfu.ca 546 - deraadt (a] cvs.openbsd.org 2000/08/18 20:26:08 547 [scp.1 scp.c] 548 -S prog support; tv (a] debian.org 549 - deraadt (a] cvs.openbsd.org 2000/08/18 20:50:07 550 [scp.c] 551 knf 552 - deraadt (a] cvs.openbsd.org 2000/08/18 20:57:33 553 [log-client.c] 554 shorten 555 - markus (a] cvs.openbsd.org 2000/08/19 12:48:11 556 [channels.c channels.h clientloop.c ssh.c ssh.h] 557 support for ~. in ssh2 558 - deraadt (a] cvs.openbsd.org 2000/08/19 15:29:40 559 [crc32.h] 560 proper prototype 561 - markus (a] cvs.openbsd.org 2000/08/19 15:34:44 562 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] 563 [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] 564 [fingerprint.c fingerprint.h] 565 add SSH2/DSA support to the agent and some other DSA related cleanups. 566 (note that we cannot talk to ssh.com's ssh2 agents) 567 - markus (a] cvs.openbsd.org 2000/08/19 15:55:52 568 [channels.c channels.h clientloop.c] 569 more ~ support for ssh2 570 - markus (a] cvs.openbsd.org 2000/08/19 16:21:19 571 [clientloop.c] 572 oops 573 - millert (a] cvs.openbsd.org 2000/08/20 12:25:53 574 [session.c] 575 We have to stash the result of get_remote_name_or_ip() before we 576 close our socket or getpeername() will get EBADF and the process 577 will exit. Only a problem for "UseLogin yes". 578 - millert (a] cvs.openbsd.org 2000/08/20 12:30:59 579 [session.c] 580 Only check /etc/nologin if "UseLogin no" since login(1) may have its 581 own policy on determining who is allowed to login when /etc/nologin 582 is present. Also use the _PATH_NOLOGIN define. 583 - millert (a] cvs.openbsd.org 2000/08/20 12:42:43 584 [auth1.c auth2.c session.c ssh.c] 585 Add calls to setusercontext() and login_get*(). We basically call 586 setusercontext() in most places where previously we did a setlogin(). 587 Add default login.conf file and put root in the "daemon" login class. 588 - millert (a] cvs.openbsd.org 2000/08/21 10:23:31 589 [session.c] 590 Fix incorrect PATH setting; noted by Markus. 591 592 20000818 593 - (djm) OpenBSD CVS changes: 594 - markus (a] cvs.openbsd.org 2000/07/22 03:14:37 595 [servconf.c servconf.h sshd.8 sshd.c sshd_config] 596 random early drop; ok theo, niels 597 - deraadt (a] cvs.openbsd.org 2000/07/26 11:46:51 598 [ssh.1] 599 typo 600 - deraadt (a] cvs.openbsd.org 2000/08/01 11:46:11 601 [sshd.8] 602 many fixes from pepper (a] mail.reppep.com 603 - provos (a] cvs.openbsd.org 2000/08/01 13:01:42 604 [Makefile.in util.c aux.c] 605 rename aux.c to util.c to help with cygwin port 606 - deraadt (a] cvs.openbsd.org 2000/08/02 00:23:31 607 [authfd.c] 608 correct sun_len; Alexander (a] Leidinger.net 609 - provos (a] cvs.openbsd.org 2000/08/02 10:27:17 610 [readconf.c sshd.8] 611 disable kerberos authentication by default 612 - provos (a] cvs.openbsd.org 2000/08/02 11:27:05 613 [sshd.8 readconf.c auth-krb4.c] 614 disallow kerberos authentication if we can't verify the TGT; from 615 dugsong@ 616 kerberos authentication is on by default only if you have a srvtab. 617 - markus (a] cvs.openbsd.org 2000/08/04 14:30:07 618 [auth.c] 619 unused 620 - markus (a] cvs.openbsd.org 2000/08/04 14:30:35 621 [sshd_config] 622 MaxStartups 623 - markus (a] cvs.openbsd.org 2000/08/15 13:20:46 624 [authfd.c] 625 cleanup; ok niels@ 626 - markus (a] cvs.openbsd.org 2000/08/17 14:05:10 627 [session.c] 628 cleanup login(1)-like jobs, no duplicate utmp entries 629 - markus (a] cvs.openbsd.org 2000/08/17 14:06:34 630 [session.c sshd.8 sshd.c] 631 sshd -u len, similar to telnetd 632 - (djm) Lastlog was not getting closed after writing login entry 633 - (djm) Add Solaris package support from Rip Loomis <loomisg (a] cist.saic.com> 634 635 20000816 636 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc) 637 - (djm) Fix strerror replacement for old SunOS. Based on patch from 638 Charles Levert <charles (a] comm.polymtl.ca> 639 - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4 640 implementation. 641 - (djm) SUN_LEN macro for systems which lack it 642 643 20000815 644 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin (a] europa.com> 645 - (djm) Avoid failures on Irix when ssh is not setuid. Fix from 646 Michael Stone <mstone (a] cs.loyola.edu> 647 - (djm) Don't seek in directory based lastlogs 648 - (djm) Fix --with-ipaddr-display configure option test. Patch from 649 Jarno Huuskonen <jhuuskon (a] messi.uku.fi> 650 - (djm) Fix AIX limits from Alexandre Oliva <oliva (a] lsd.ic.unicamp.br> 651 652 20000813 653 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from 654 Fabrice bacchella <fabrice.bacchella (a] marchfirst.fr> 655 656 20000809 657 - (djm) Define AIX hard limits if headers don't. Report from 658 Bill Painter <william.t.painter (a] lmco.com> 659 - (djm) utmp direct write & SunOS 4 patch from Charles Levert 660 <charles (a] comm.polymtl.ca> 661 662 20000808 663 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install 664 time, spec file cleanup. 665 666 20000807 667 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke 668 - (djm) Suppress error messages on channel close shutdown() failurs 669 works around Linux bug. Patch from Zack Weinberg <zack (a] wolery.cumb.org> 670 - (djm) Add some more entropy collection commands from Lutz Jaenicke 671 672 20000725 673 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF 674 675 20000721 676 - (djm) OpenBSD CVS updates: 677 - markus (a] cvs.openbsd.org 2000/07/16 02:27:22 678 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c] 679 [sshconnect1.c sshconnect2.c] 680 make ssh-add accept dsa keys (the agent does not) 681 - djm (a] cvs.openbsd.org 2000/07/17 19:25:02 682 [sshd.c] 683 Another closing of stdin; ok deraadt 684 - markus (a] cvs.openbsd.org 2000/07/19 18:33:12 685 [dsa.c] 686 missing free, reorder 687 - markus (a] cvs.openbsd.org 2000/07/20 16:23:14 688 [ssh-keygen.1] 689 document input and output files 690 691 20000720 692 - (djm) Spec file fix from Petr Novotny <Petr.Novotny (a] antek.cz> 693 694 20000716 695 - (djm) Release 2.1.1p4 696 697 20000715 698 - (djm) OpenBSD CVS updates 699 - provos (a] cvs.openbsd.org 2000/07/13 16:53:22 700 [aux.c readconf.c servconf.c ssh.h] 701 allow multiple whitespace but only one '=' between tokens, bug report from 702 Ralf S. Engelschall <rse (a] engelschall.com> but different fix. okay deraadt@ 703 - provos (a] cvs.openbsd.org 2000/07/13 17:14:09 704 [clientloop.c] 705 typo; todd (a] fries.net 706 - provos (a] cvs.openbsd.org 2000/07/13 17:19:31 707 [scp.c] 708 close can fail on AFS, report error; from Greg Hudson <ghudson (a] mit.edu> 709 - markus (a] cvs.openbsd.org 2000/07/14 16:59:46 710 [readconf.c servconf.c] 711 allow leading whitespace. ok niels 712 - djm (a] cvs.openbsd.org 2000/07/14 22:01:38 713 [ssh-keygen.c ssh.c] 714 Always create ~/.ssh with mode 700; ok Markus 715 - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon (a] cs.ualberta.ca> 716 - Include floatingpoint.h for entropy.c 717 - strerror replacement 718 719 20000712 720 - (djm) Remove -lresolve for Reliant Unix 721 - (djm) OpenBSD CVS Updates: 722 - deraadt (a] cvs.openbsd.org 2000/07/11 02:11:34 723 [session.c sshd.c ] 724 make MaxStartups code still work with -d; djm 725 - deraadt (a] cvs.openbsd.org 2000/07/11 13:17:45 726 [readconf.c ssh_config] 727 disable FallBackToRsh by default 728 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from 729 Ben Lindstrom <mouring (a] pconline.com> 730 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM 731 spec file. 732 - (djm) Released 2.1.1p3 733 734 20000711 735 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson 736 <tbert (a] abac.com> 737 - (djm) ReliantUNIX support from Udo Schweigert <ust (a] cert.siemens.de> 738 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom 739 <mouring (a] pconline.com> 740 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report 741 from Jim Watt <jimw (a] peisj.pebio.com> 742 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known 743 to compile on more platforms (incl NeXT). 744 - (djm) Added bsd-inet_aton and configure support for NeXT 745 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring (a] pconline.com> 746 - (djm) OpenBSD CVS updates: 747 - markus (a] cvs.openbsd.org 2000/06/26 03:22:29 748 [authfd.c] 749 cleanup, less cut&paste 750 - markus (a] cvs.openbsd.org 2000/06/26 15:59:19 751 [servconf.c servconf.h session.c sshd.8 sshd.c] 752 MaxStartups: limit number of unauthenticated connections, work by 753 theo and me 754 - deraadt (a] cvs.openbsd.org 2000/07/05 14:18:07 755 [session.c] 756 use no_x11_forwarding_flag correctly; provos ok 757 - provos (a] cvs.openbsd.org 2000/07/05 15:35:57 758 [sshd.c] 759 typo 760 - aaron (a] cvs.openbsd.org 2000/07/05 22:06:58 761 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] 762 Insert more missing .El directives. Our troff really should identify 763 these and spit out a warning. 764 - todd (a] cvs.openbsd.org 2000/07/06 21:55:04 765 [auth-rsa.c auth2.c ssh-keygen.c] 766 clean code is good code 767 - deraadt (a] cvs.openbsd.org 2000/07/07 02:14:29 768 [serverloop.c] 769 sense of port forwarding flag test was backwards 770 - provos (a] cvs.openbsd.org 2000/07/08 17:17:31 771 [compat.c readconf.c] 772 replace strtok with strsep; from David Young <dyoung (a] onthejob.net> 773 - deraadt (a] cvs.openbsd.org 2000/07/08 19:21:15 774 [auth.h] 775 KNF 776 - ho (a] cvs.openbsd.org 2000/07/08 19:27:33 777 [compat.c readconf.c] 778 Better conditions for strsep() ending. 779 - ho (a] cvs.openbsd.org 2000/07/10 10:27:05 780 [readconf.c] 781 Get the correct message on errors. (niels@ ok) 782 - ho (a] cvs.openbsd.org 2000/07/10 10:30:25 783 [cipher.c kex.c servconf.c] 784 strtok() --> strsep(). (niels@ ok) 785 - (djm) Fix problem with debug mode and MaxStartups 786 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM 787 builds) 788 - (djm) Add strsep function from OpenBSD libc for systems that lack it 789 790 20000709 791 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from 792 Kevin Steves <stevesk (a] sweden.hp.com> 793 - (djm) Match prototype and function declaration for rresvport_af. 794 Problem report from Niklas Edmundsson <nikke (a] ing.umu.se> 795 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM 796 builds. Problem report from Gregory Leblanc <GLeblanc (a] cu-portland.edu> 797 - (djm) Replace ut_name with ut_user. Patch from Jim Watt 798 <jimw (a] peisj.pebio.com> 799 - (djm) Fix pam sprintf fix 800 - (djm) Cleanup entropy collection code a little more. Split initialisation 801 from seeding, perform intialisation immediatly at start, be careful with 802 uids. Based on problem report from Jim Watt <jimw (a] peisj.pebio.com> 803 - (djm) More NeXT compatibility from Ben Lindstrom <mouring (a] pconline.com> 804 Including sigaction() et al. replacements 805 - (djm) AIX getuserattr() session initialisation from Tom Bertelson 806 <tbert (a] abac.com> 807 808 20000708 809 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from 810 Aaron Hopkins <aaron (a] die.net> 811 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from 812 Lutz Jaenicke <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 813 - (djm) Fixed undefined variables for OSF SIA. Report from 814 Baars, Henk <Hendrik.Baars (a] nl.origin-it.com> 815 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c 816 Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess (a] DET.AMEDD.ARMY.MIL> 817 - (djm) Don't use inet_addr. 818 819 20000702 820 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen (a] cygnus.com> 821 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based 822 on fix from HARUYAMA Seigo <haruyama (a] nt.phys.s.u-tokyo.ac.jp> 823 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from 824 Chris, the Young One <cky (a] pobox.com> 825 - (djm) Fix scp progress meter on really wide terminals. Based on patch 826 from James H. Cloos Jr. <cloos (a] jhcloos.com> 827 828 20000701 829 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno (a] isc.upenn.edu> 830 - (djm) Login fixes from Tom Bertelson <tbert (a] abac.com> 831 - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen 832 <vinschen (a] cygnus.com> 833 - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM 834 - (djm) Added check for broken snprintf() functions which do not correctly 835 terminate output string and attempt to use replacement. 836 - (djm) Released 2.1.1p2 837 838 20000628 839 - (djm) Fixes to lastlog code for Irix 840 - (djm) Use atomicio in loginrec 841 - (djm) Patch from Michael Stone <mstone (a] cs.loyola.edu> to add support for 842 Irix 6.x array sessions, project id's, and system audit trail id. 843 - (djm) Added 'distprep' make target to simplify packaging 844 - (djm) Added patch from Chris Adams <cmadams (a] hiwaay.net> to add OSF SIA 845 support. Enable using "USE_SIA=1 ./configure [options]" 846 847 20000627 848 - (djm) Fixes to login code - not setting li->uid, cleanups 849 - (djm) Formatting 850 851 20000626 852 - (djm) Better fix to aclocal tests from Garrick James <garrick (a] james.net> 853 - (djm) Account expiry support from Andreas Steinmetz <ast (a] domdv.de> 854 - (djm) Added password expiry checking (no password change support) 855 - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK 856 based on patch from Lutz Jaenicke <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 857 - (djm) Fix fixed EGD code. 858 - OpenBSD CVS update 859 - provos (a] cvs.openbsd.org 2000/06/25 14:17:58 860 [channels.c] 861 correct check for bad channel ids; from Wei Dai <weidai (a] eskimo.com> 862 863 20000623 864 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from 865 Svante Signell <svante.signell (a] telia.com> 866 - (djm) Autoconf logic to define sa_family_t if it is missing 867 - OpenBSD CVS Updates: 868 - markus (a] cvs.openbsd.org 2000/06/22 10:32:27 869 [sshd.c] 870 missing atomicio; report from Steve.Marquess (a] DET.AMEDD.ARMY.MIL 871 - djm (a] cvs.openbsd.org 2000/06/22 17:55:00 872 [auth-krb4.c key.c radix.c uuencode.c] 873 Missing CVS idents; ok markus 874 875 20000622 876 - (djm) Automatically generate host key during "make install". Suggested 877 by Gary E. Miller <gem (a] rellim.com> 878 - (djm) Paranoia before kill() system call 879 - OpenBSD CVS Updates: 880 - markus (a] cvs.openbsd.org 2000/06/18 18:50:11 881 [auth2.c compat.c compat.h sshconnect2.c] 882 make userauth+pubkey interop with ssh.com-2.2.0 883 - markus (a] cvs.openbsd.org 2000/06/18 20:56:17 884 [dsa.c] 885 mem leak + be more paranoid in dsa_verify. 886 - markus (a] cvs.openbsd.org 2000/06/18 21:29:50 887 [key.c] 888 cleanup fingerprinting, less hardcoded sizes 889 - markus (a] cvs.openbsd.org 2000/06/19 19:39:45 890 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] 891 [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] 892 [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] 893 [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] 894 [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] 895 [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] 896 [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] 897 [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] 898 [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] 899 OpenBSD tag 900 - markus (a] cvs.openbsd.org 2000/06/21 10:46:10 901 sshconnect2.c missing free; nuke old comment 902 903 20000620 904 - (djm) Replace use of '-o' and '-a' logical operators in configure tests 905 with '||' and '&&'. As suggested by Jim Knoble <jmknoble (a] pint-stowp.cx> 906 to fix SCO Unixware problem reported by Gary E. Miller <gem (a] rellim.com> 907 - (djm) Typo in loginrec.c 908 909 20000618 910 - (djm) Add summary of configure options to end of ./configure run 911 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from 912 Michael Stone <mstone (a] cs.loyola.edu> 913 - (djm) rusage is a privileged operation on some Unices (incl. 914 Solaris 2.5.1). Report from Paul D. Smith <pausmith (a] nortelnetworks.com> 915 - (djm) Avoid PAM failures when running without a TTY. Report from 916 Martin Petrak <petrak (a] spsknm.schools.sk> 917 - (djm) Include sys/types.h when including netinet/in.h in configure tests. 918 Patch from Jun-ichiro itojun Hagino <itojun (a] iijlab.net> 919 - (djm) Started merge of Ben Lindstrom's <mouring (a] pconline.com> NeXT support 920 - OpenBSD CVS updates: 921 - deraadt (a] cvs.openbsd.org 2000/06/17 09:58:46 922 [channels.c] 923 everyone says "nix it" (remove protocol 2 debugging message) 924 - markus (a] cvs.openbsd.org 2000/06/17 13:24:34 925 [sshconnect.c] 926 allow extended server banners 927 - markus (a] cvs.openbsd.org 2000/06/17 14:30:10 928 [sshconnect.c] 929 missing atomicio, typo 930 - jakob (a] cvs.openbsd.org 2000/06/17 16:52:34 931 [servconf.c servconf.h session.c sshd.8 sshd_config] 932 add support for ssh v2 subsystems. ok markus@. 933 - deraadt (a] cvs.openbsd.org 2000/06/17 18:57:48 934 [readconf.c servconf.c] 935 include = in WHITESPACE; markus ok 936 - markus (a] cvs.openbsd.org 2000/06/17 19:09:10 937 [auth2.c] 938 implement bug compatibility with ssh-2.0.13 pubkey, server side 939 - markus (a] cvs.openbsd.org 2000/06/17 21:00:28 940 [compat.c] 941 initial support for ssh.com's 2.2.0 942 - markus (a] cvs.openbsd.org 2000/06/17 21:16:09 943 [scp.c] 944 typo 945 - markus (a] cvs.openbsd.org 2000/06/17 22:05:02 946 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] 947 split auth-rsa option parsing into auth-options 948 add options support to authorized_keys2 949 - markus (a] cvs.openbsd.org 2000/06/17 22:42:54 950 [session.c] 951 typo 952 953 20000613 954 - (djm) Fixes from Andrew McGill <andrewm (a] datrix.co.za>: 955 - Platform define for SCO 3.x which breaks on /dev/ptmx 956 - Detect and try to fix missing MAXPATHLEN 957 - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp 958 <P.S.S.Camp (a] ukc.ac.uk> 959 960 20000612 961 - (djm) Glob manpages in RPM spec files to catch compressed files 962 - (djm) Full license in auth-pam.c 963 - (djm) Configure fixes from SAKAI Kiyotaka <ksakai (a] kso.netwk.ntt-at.co.jp> 964 - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert (a] abac.com>: 965 - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is 966 def'd 967 - Set AIX to use preformatted manpages 968 969 20000610 970 - (djm) Minor doc tweaks 971 - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble (a] jmknoble.cx> 972 973 20000609 974 - (djm) Patch from Kenji Miyake <kenji (a] miyake.org> to disable utmp usage 975 (in favour of utmpx) on Solaris 8 976 977 20000606 978 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through 979 list of commands (by default). Removed verbose debugging (by default). 980 - (djm) Increased command entropy estimates and default entropy collection 981 timeout 982 - (djm) Remove duplicate headers from loginrec.c 983 - (djm) Don't add /usr/local/lib to library search path on Irix 984 - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III 985 <tibbs (a] math.uh.edu> 986 - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg 987 <zack (a] wolery.cumb.org> 988 - (djm) OpenBSD CVS updates: 989 - todd (a] cvs.openbsd.org 990 [sshconnect2.c] 991 teach protocol v2 to count login failures properly and also enable an 992 explanation of why the password prompt comes up again like v1; this is NOT 993 crypto 994 - markus (a] cvs.openbsd.org 995 [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] 996 xauth_location support; pr 1234 997 [readconf.c sshconnect2.c] 998 typo, unused 999 [session.c] 1000 allow use_login only for login sessions, otherwise remote commands are 1001 execed with uid==0 1002 [sshd.8] 1003 document UseLogin better 1004 [version.h] 1005 OpenSSH 2.1.1 1006 [auth-rsa.c] 1007 fix match_hostname() logic for auth-rsa: deny access if we have a 1008 negative match or no match at all 1009 [channels.c hostfile.c match.c] 1010 don't panic if mkdtemp fails for authfwd; jkb (a] yahoo-inc.com via 1011 kris (a] FreeBSD.org 1012 1013 20000606 1014 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to 1015 configure. 1016 1017 20000604 1018 - Configure tweaking for new login code on Irix 5.3 1019 - (andre) login code changes based on djm feedback 1020 1021 20000603 1022 - (andre) New login code 1023 - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c 1024 - Add loginrec.[ch], logintest.c and autoconf code 1025 1026 20000531 1027 - Cleanup of auth.c, login.c and fake-* 1028 - Cleanup of auth-pam.c, save and print "account expired" error messages 1029 - Fix EGD read bug by IWAMURO Motonori <iwa (a] mmp.fujitsu.co.jp> 1030 - Rewrote bsd-login to use proper utmp API if available. Major cleanup 1031 of fallback DIY code. 1032 1033 20000530 1034 - Define atexit for old Solaris 1035 - Fix buffer overrun in login.c for systems which use syslen in utmpx. 1036 patch from YOSHIFUJI Hideaki <yoshfuji (a] cerberus.nemoto.ecei.tohoku.ac.jp> 1037 - OpenBSD CVS updates: 1038 - markus (a] cvs.openbsd.org 1039 [session.c] 1040 make x11-fwd work w/ localhost (xauth add host/unix:11) 1041 [cipher.c compat.c readconf.c servconf.c] 1042 check strtok() != NULL; ok niels@ 1043 [key.c] 1044 fix key_read() for uuencoded keys w/o '=' 1045 [serverloop.c] 1046 group ssh1 vs. ssh2 in serverloop 1047 [kex.c kex.h myproposal.h sshconnect2.c sshd.c] 1048 split kexinit/kexdh, factor out common code 1049 [readconf.c ssh.1 ssh.c] 1050 forwardagent defaults to no, add ssh -A 1051 - theo (a] cvs.openbsd.org 1052 [session.c] 1053 just some line shortening 1054 - Released 2.1.0p3 1055 1056 20000520 1057 - Xauth fix from Markus Friedl <markus.friedl (a] informatik.uni-erlangen.de> 1058 - Don't touch utmp if USE_UTMPX defined 1059 - SunOS 4.x support from Todd C. Miller <Todd.Miller (a] courtesan.com> 1060 - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert (a] abac.com> 1061 - HPUX and Configure fixes from Lutz Jaenicke 1062 <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 1063 - Use mkinstalldirs script to make directories instead of non-portable 1064 "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 1065 - Doc cleanup 1066 1067 20000518 1068 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday 1069 - OpenBSD CVS updates: 1070 - markus (a] cvs.openbsd.org 1071 [sshconnect.c] 1072 copy only ai_addrlen bytes; misiek (a] pld.org.pl 1073 [auth.c] 1074 accept an empty shell in authentication; bug reported by 1075 chris (a] tinker.ucr.edu 1076 [serverloop.c] 1077 we don't have stderr for interactive terminal sessions (fcntl errors) 1078 1079 20000517 1080 - Fix from Andre Lucas <andre.lucas (a] dial.pipex.com> 1081 - Fixes command line printing segfaults (spotter: Bladt Norbert) 1082 - Fixes erroneous printing of debug messages to syslog 1083 - Fixes utmp for MacOS X (spotter: Aristedes Maniatis) 1084 - Gives useful error message if PRNG initialisation fails 1085 - Reduced ssh startup delay 1086 - Measures cumulative command time rather than the time between reads 1087 after select() 1088 - 'fixprogs' perl script to eliminate non-working entropy commands, and 1089 optionally run 'ent' to measure command entropy 1090 - Applied Tom Bertelson's <tbert (a] abac.com> AIX authentication fix 1091 - Avoid WCOREDUMP complation errors for systems that lack it 1092 - Avoid SIGCHLD warnings from entropy commands 1093 - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw (a] dcs.ed.ac.uk> 1094 - OpenBSD CVS update: 1095 - markus (a] cvs.openbsd.org 1096 [ssh.c] 1097 fix usage() 1098 [ssh2.h] 1099 draft-ietf-secsh-architecture-05.txt 1100 [ssh.1] 1101 document ssh -T -N (ssh2 only) 1102 [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c] 1103 enable nonblocking IO for sshd w/ proto 1, too; split out common code 1104 [aux.c] 1105 missing include 1106 - Several patches from SAKAI Kiyotaka <ksakai (a] kso.netwk.ntt-at.co.jp> 1107 - INSTALL typo and URL fix 1108 - Makefile fix 1109 - Solaris fixes 1110 - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka 1111 <ksakai (a] kso.netwk.ntt-at.co.jp> 1112 - RSAless operation patch from kevin_oconnor (a] standardandpoors.com 1113 - Detect OpenSSL seperatly from RSA 1114 - Better test for RSA (more compatible with RSAref). Based on work by 1115 Ed Eden <ede370 (a] stl.rural.usda.gov> 1116 1117 20000513 1118 - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz 1119 <misiek (a] pld.org.pl> 1120 1121 20000511 1122 - Fix for prng_seed permissions checking from Lutz Jaenicke 1123 <Lutz.Jaenicke (a] aet.TU-Cottbus.DE> 1124 - "make host-key" fix for Irix 1125 1126 20000509 1127 - OpenBSD CVS update 1128 - markus (a] cvs.openbsd.org 1129 [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] 1130 [ssh.h sshconnect1.c sshconnect2.c sshd.8] 1131 - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) 1132 - hugh (a] cvs.openbsd.org 1133 [ssh.1] 1134 - zap typo 1135 [ssh-keygen.1] 1136 - One last nit fix. (markus approved) 1137 [sshd.8] 1138 - some markus certified spelling adjustments 1139 - markus (a] cvs.openbsd.org 1140 [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] 1141 [sshconnect2.c ] 1142 - bug compat w/ ssh-2.0.13 x11, split out bugs 1143 [nchan.c] 1144 - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ 1145 [ssh-keygen.c] 1146 - handle escapes in real and original key format, ok millert@ 1147 [version.h] 1148 - OpenSSH-2.1 1149 - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a 1150 - Doc updates 1151 - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported 1152 by Andre Lucas <andre.lucas (a] dial.pipex.com> 1153 1154 20000508 1155 - Makefile and RPM spec fixes 1156 - Generate DSA host keys during "make key" or RPM installs 1157 - OpenBSD CVS update 1158 - markus (a] cvs.openbsd.org 1159 [clientloop.c sshconnect2.c] 1160 - make x11-fwd interop w/ ssh-2.0.13 1161 [README.openssh2] 1162 - interop w/ SecureFX 1163 - Release 2.0.0beta2 1164 1165 - Configure caching and cleanup patch from Andre Lucas' 1166 <andre.lucas (a] dial.pipex.com> 1167 1168 20000507 1169 - Remove references to SSLeay. 1170 - Big OpenBSD CVS update 1171 - markus (a] cvs.openbsd.org 1172 [clientloop.c] 1173 - typo 1174 [session.c] 1175 - update proctitle on pty alloc/dealloc, e.g. w/ windows client 1176 [session.c] 1177 - update proctitle for proto 1, too 1178 [channels.h nchan.c serverloop.c session.c sshd.c] 1179 - use c-style comments 1180 - deraadt (a] cvs.openbsd.org 1181 [scp.c] 1182 - more atomicio 1183 - markus (a] cvs.openbsd.org 1184 [channels.c] 1185 - set O_NONBLOCK 1186 [ssh.1] 1187 - update AUTHOR 1188 [readconf.c ssh-keygen.c ssh.h] 1189 - default DSA key file ~/.ssh/id_dsa 1190 [clientloop.c] 1191 - typo, rm verbose debug 1192 - deraadt (a] cvs.openbsd.org 1193 [ssh-keygen.1] 1194 - document DSA use of ssh-keygen 1195 [sshd.8] 1196 - a start at describing what i understand of the DSA side 1197 [ssh-keygen.1] 1198 - document -X and -x 1199 [ssh-keygen.c] 1200 - simplify usage 1201 - markus (a] cvs.openbsd.org 1202 [sshd.8] 1203 - there is no rhosts_dsa 1204 [ssh-keygen.1] 1205 - document -y, update -X,-x 1206 [nchan.c] 1207 - fix close for non-open ssh1 channels 1208 [servconf.c servconf.h ssh.h sshd.8 sshd.c ] 1209 - s/DsaKey/HostDSAKey/, document option 1210 [sshconnect2.c] 1211 - respect number_of_password_prompts 1212 [channels.c channels.h servconf.c servconf.h session.c sshd.8] 1213 - GatewayPorts for sshd, ok deraadt@ 1214 [ssh-add.1 ssh-agent.1 ssh.1] 1215 - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 1216 [ssh.1] 1217 - more info on proto 2 1218 [sshd.8] 1219 - sync AUTHOR w/ ssh.1 1220 [key.c key.h sshconnect.c] 1221 - print key type when talking about host keys 1222 [packet.c] 1223 - clear padding in ssh2 1224 [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] 1225 - replace broken uuencode w/ libc b64_ntop 1226 [auth2.c] 1227 - log failure before sending the reply 1228 [key.c radix.c uuencode.c] 1229 - remote trailing comments before calling __b64_pton 1230 [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] 1231 [sshconnect2.c sshd.8] 1232 - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 1233 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) 1234 1235 20000502 1236 - OpenBSD CVS update 1237 [channels.c] 1238 - init all fds, close all fds. 1239 [sshconnect2.c] 1240 - check whether file exists before asking for passphrase 1241 [servconf.c servconf.h sshd.8 sshd.c] 1242 - PidFile, pr 1210 1243 [channels.c] 1244 - EINTR 1245 [channels.c] 1246 - unbreak, ok niels@ 1247 [sshd.c] 1248 - unlink pid file, ok niels@ 1249 [auth2.c] 1250 - Add missing #ifdefs; ok - markus 1251 - Add Andre Lucas' <andre.lucas (a] dial.pipex.com> patch to read entropy 1252 gathering commands from a text file 1253 - Release 2.0.0beta1 1254 1255 20000501 1256 - OpenBSD CVS update 1257 [packet.c] 1258 - send debug messages in SSH2 format 1259 [scp.c] 1260 - fix very rare EAGAIN/EINTR issues; based on work by djm 1261 [packet.c] 1262 - less debug, rm unused 1263 [auth2.c] 1264 - disable kerb,s/key in ssh2 1265 [sshd.8] 1266 - Minor tweaks and typo fixes. 1267 [ssh-keygen.c] 1268 - Put -d into usage and reorder. markus ok. 1269 - Include missing headers for OpenSSL tests. Fix from Phil Karn 1270 <karn (a] ka9q.ampr.org> 1271 - Fixed __progname symbol collisions reported by Andre Lucas 1272 <andre.lucas (a] dial.pipex.com> 1273 - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering 1274 <gd (a] hilb1.medat.de> 1275 - Add some missing ifdefs to auth2.c 1276 - Deprecate perl-tk askpass. 1277 - Irix portability fixes - don't include netinet headers more than once 1278 - Make sure we don't save PRNG seed more than once 1279 1280 20000430 1281 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder (a] yacc.com.au> 1282 - Integrate Andre Lucas' <andre.lucas (a] dial.pipex.com> entropy collection 1283 patch. 1284 - Adds timeout to entropy collection 1285 - Disables slow entropy sources 1286 - Load and save seed file 1287 - Changed entropy seed code to user per-user seeds only (server seed is 1288 saved in root's .ssh directory) 1289 - Use atexit() and fatal cleanups to save seed on exit 1290 - More OpenBSD updates: 1291 [session.c] 1292 - don't call chan_write_failed() if we are not writing 1293 [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c] 1294 - keysize warnings error() -> log() 1295 1296 20000429 1297 - Merge big update to OpenSSH-2.0 from OpenBSD CVS 1298 [README.openssh2] 1299 - interop w/ F-secure windows client 1300 - sync documentation 1301 - ssh_host_dsa_key not ssh_dsa_key 1302 [auth-rsa.c] 1303 - missing fclose 1304 [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] 1305 [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] 1306 [sshd.c uuencode.c uuencode.h authfile.h] 1307 - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] 1308 for trading keys with the real and the original SSH, directly from the 1309 people who invented the SSH protocol. 1310 [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] 1311 [sshconnect1.c sshconnect2.c] 1312 - split auth/sshconnect in one file per protocol version 1313 [sshconnect2.c] 1314 - remove debug 1315 [uuencode.c] 1316 - add trailing = 1317 [version.h] 1318 - OpenSSH-2.0 1319 [ssh-keygen.1 ssh-keygen.c] 1320 - add -R flag: exit code indicates if RSA is alive 1321 [sshd.c] 1322 - remove unused