summaryrefslogtreecommitdiff
path: root/security/openssh
AgeCommit message (Collapse)AuthorFilesLines
2001-03-11Add dependence on "zlib" package under Solaris.tron1-1/+3
2001-03-01Fix oversight in last commit.tron1-2/+2
2001-03-01use 2.5.1p2.itojun2-4/+4
20010301 - (djm) Properly add -lcrypt if needed. - (djm) Force standard PAM conversation function in a few more places. Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai <nalin@redhat.com> - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen <vinschen@redhat.com> - (djm) Released 2.5.1p2 20010228 - (djm) Detect endianness in configure and use it in rijndael.c. Fixes "Bad packet length" bugs. - (djm) Fully revert PAM session patch (again). All PAM session init is now done before the final fork(). - (djm) EGD detection patch from Tim Rice <tim@multitalents.net> - (djm) Remove /tmp from EGD socket search list 20010227 - (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen <vinschen@redhat.com> - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/02/23 15:37:45 [session.c] handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients - (bal) sshd.init support for all Redhat release. Patch by Jim Knoble <jmknoble@jmknoble.cx> - (djm) Fix up POSIX saved uid support. Report from Mark Miller <markm@swoon.net> - (djm) Search for -lcrypt on FreeBSD too - (djm) fatal() on OpenSSL version mismatch - (djm) Move PAM init to after fork for non-Solaris derived PAMs - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller <markm@swoon.net> - (djm) Fix PAM fix - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This change is being made as 2.5.x configfiles are not back-compatible with 2.3.x. - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller <markm@swoon.net> - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice <tim@multitalents.net> - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice <tim@multitalents.net> 20010226 - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics. Based on patch from Tim Rice <tim@multitalents.net> 20010225 - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile Patch from Adrian Ho <lexfiend@usa.net> - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every platform defines u_int64_t as being that. 20010224 - (bal) Missed part of the UNIX sockets patch. Patch by Corinna Vinschen <vinschen@redhat.com> - (bal) Reorder where 'strftime' is detected to resolve linking issues on SCO. Patch by Tim Rice <tim@multitalents.net> 20010224 - (bal) pam_stack fix to correctly detect between RH7 and older RHs. Patch by Pekka Savola <pekkas@netcore.fi> - (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with some platforms. - (bal) Generalize lack of UNIX sockets since this also effects Cray not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com> 20010223 - (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell <tell@telltronics.org> - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi> - (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice <tim@multitalents.net> 20010222 - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com> - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net> - (bal) Removed reference to liblogin from contrib/README. It was integrated into OpenSSH a long while ago. - (stevesk) remove erroneous #ifdef sgi code. Michael Stone <mstone@cs.loyola.edu> 20010221 - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform. - (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice <tim@multitalents.net> - (bal) Reverted out of 2001/02/15 patch by djm below because it breaks Solaris. - (djm) Move PAM session setup back to before setuid to user. fixes problems on Solaris-drived PAMs. - (stevesk) session.c: back out to where we were before: - (djm) Move PAM session initialisation until after fork in sshd. Patch from Nalin Dahyabhai <nalin@redhat.com> 20010220 - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and getcwd.c. - (bal) OpenBSD CVS Sync: - deraadt@cvs.openbsd.org 2001/02/19 23:09:05 [sshd.c] clarify message to make it not mention "ident"
2001-02-21Sync SunOS package list and installation script with 2.5p1 changes.tron2-6/+6
2001-02-20upgrade to 2.5.1p1.itojun8-155/+43
20010219 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and pty.[ch] -> sshpty.[ch] - (djm) Rework search for OpenSSL location. Skip directories which don't exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO with its limit of 6 -L options. - OpenBSD CVS Sync: - reinhard@cvs.openbsd.org 2001/02/17 08:24:40 [sftp.1] typo - deraadt@cvs.openbsd.org 2001/02/17 16:28:58 [ssh.c] cleanup -V output; noted by millert - deraadt@cvs.openbsd.org 2001/02/17 16:48:48 [sshd.8] it's the OpenSSH one - markus@cvs.openbsd.org 2001/02/18 11:33:54 [dispatch.c] typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi - markus@cvs.openbsd.org 2001/02/19 02:53:32 [compat.c compat.h serverloop.c] ssh-1.2.{18-22} has broken handling of ignore messages; report from itojun@ - markus@cvs.openbsd.org 2001/02/19 03:35:23 [version.h] OpenSSH_2.5.1 adds bug compat with 1.2.{18-22} - deraadt@cvs.openbsd.org 2001/02/19 03:36:25 [scp.c] np is changed by recursion; vinschen@redhat.com - Update versions in RPM spec files - Release 2.5.1p1 20010218 - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice <tim@multitalents.net> - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by stevesk - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen <vinschen@redhat.com> and myself. - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz Miskiewicz <misiek@pld.ORG.PL> - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from Todd C. Miller <Todd.Miller@courtesan.com> - (djm) Use ttyname() to determine name of tty returned by openpty() rather then risking overflow. Patch from Marek Michalkiewicz <marekm@amelek.gda.pl> - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in. Patch from Marek Michalkiewicz <marekm@amelek.gda.pl> - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi> - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for SunOS) - (djm) SCO needs librpc for libwrap. Patch from Tim Rice <tim@multitalents.net> - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling. - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler. - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for SIGALRM. - (djm) Move entropy.c over to mysignal() - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C. Miller <Todd.Miller@courtesan.com> - (djm) Update RPM spec files for 2.5.0p1 - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie enable with --with-bsd-auth. - (stevesk) entropy.c: typo; should be SIGPIPE 20010217 - (bal) OpenBSD Sync: - markus@cvs.openbsd.org 2001/02/16 13:38:18 [channel.c] remove debug - markus@cvs.openbsd.org 2001/02/16 14:03:43 [session.c] proper payload-length check for x11 w/o screen-number 20010216 - (bal) added '--with-prce' to allow overriding of system regex when required (tested by David Dulek <ddulek@fastenal.com>) - (bal) Added DG/UX case and set that they have a broken IPTOS. - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net> Fixes linking on SCO. - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from Nalin Dahyabhai <nalin@redhat.com> - (djm) BSD license for gnome-ssh-askpass (was X11) - (djm) KNF on gnome-ssh-askpass - (djm) USE_PIPES for a few more sysv platforms - (djm) Cleanup configure.in a little - (djm) Ask users to check config.log when we can't find necessary libs - (djm) Set "login ID" on systems with setluid. Only enabled for SCO OpenServer for now. Based on patch from svaughan <svaughan@asterion.com> - (djm) OpenBSD CVS: - markus@cvs.openbsd.org 2001/02/15 16:19:59 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] [sshconnect1.c sshconnect2.c] genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too. - (djm) Add roundup() macro to defines.h - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD; needed on Unixware 2.x. 20010215 - (djm) Move PAM session setup back to before setuid to user. Fixes problems on Solaris-derived PAMs. - (djm) Clean up PAM namespace. Suggested by Darren Moffat <Darren.Moffat@eng.sun.com> - (bal) Sync w/ OpenSSH for new release - markus@cvs.openbsd.org 2001/02/12 12:45:06 [sshconnect1.c] fix xmalloc(0), ok dugsong@ - markus@cvs.openbsd.org 2001/02/11 12:59:25 [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c] 1) clean up the MAC support for SSH-2 2) allow you to specify the MAC with 'ssh -m' 3) or the 'MACs' keyword in ssh(d)_config 4) add hmac-{md5,sha1}-96 ok stevesk@, provos@ - markus@cvs.openbsd.org 2001/02/12 16:16:23 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h ssh-keygen.c sshd.8] PermitRootLogin={yes,without-password,forced-commands-only,no} (before this change, root could login even if PermitRootLogin==no) - deraadt@cvs.openbsd.org 2001/02/12 22:56:09 [clientloop.c packet.c ssh-keyscan.c] deal with EAGAIN/EINTR selects which were skipped - markus@cvs.openssh.org 2001/02/13 22:49:40 [auth1.c auth2.c] setproctitle(user) only if getpwnam succeeds - markus@cvs.openbsd.org 2001/02/12 23:26:20 [sshd.c] missing memset; from solar@openwall.com - stevesk@cvs.openbsd.org 2001/02/12 20:53:33 [sftp-int.c] lumask now works with 1 numeric arg; ok markus@, djm@ - djm@cvs.openbsd.org 2001/02/14 9:46:03 [sftp-client.c sftp-int.c sftp.1] Fix and document 'preserve modes & times' option ('-p' flag in sftp); ok markus@ - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN. - (djm) Move to Jim's 1.2.0 X11 askpass program - (stevesk) OpenBSD sync: - deraadt@cvs.openbsd.org 2001/02/15 01:38:04 [serverloop.c] indent 20010214 - (djm) Don't try to close PAM session or delete credentials if the session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au> - (djm) Move PAM session initialisation until after fork in sshd. Patch from Nalin Dahyabhai <nalin@redhat.com> - (bal) Missing function prototype in bsd-snprintf.c patch by Mark Miller <markm@swoon.net> - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams <cmadams@hiwaay.net> with a little modification and KNF. - (stevesk) fix for SIA patch, misplaced session_setup_sia() 20010213 - (djm) Only test -S potential EGD sockets if they exist and are readable. - (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and I did a base KNF over the whe whole file to make it more acceptable. (backed out of original patch and removed it from ChangeLog) - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by Tim Rice <tim@multitalents.net> - (stevesk) auth1.c: fix PAM passwordless check. 20010212 - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1", --define "skip_gnome_askpass 1", --define "rh7 1" and make the implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from Pekka Savola <pekkas@netcore.fi> - (djm) Clean up PCRE text in INSTALL - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby <mib@unimelb.edu.au> - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com> - (stevesk) session.c: remove debugging code. 20010211 - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/02/07 22:35:46 [auth1.c auth2.c sshd.c] move k_setpag() to a central place; ok dugsong@ - markus@cvs.openbsd.org 2001/02/10 12:52:02 [auth2.c] offer passwd before s/key - markus@cvs.openbsd.org 2001/02/8 22:37:10 [canohost.c] remove last call to sprintf; ok deraadt@ - markus@cvs.openbsd.org 2001/02/10 1:33:32 [canohost.c] add debug message, since sshd blocks here if DNS is not available - markus@cvs.openbsd.org 2001/02/10 12:44:02 [cli.c] don't call vis() for \r - danh@cvs.openbsd.org 2001/02/10 0:12:43 [scp.c] revert a small change to allow -r option to work again; ok deraadt@ - danh@cvs.openbsd.org 2001/02/10 15:14:11 [scp.c] fix memory leak; ok markus@ - djm@cvs.openbsd.org 2001/02/10 0:45:52 [scp.1] Mention that you can quote pathnames with spaces in them - markus@cvs.openbsd.org 2001/02/10 1:46:28 [ssh.c] remove mapping of argv[0] -> hostname - markus@cvs.openbsd.org 2001/02/06 22:26:17 [sshconnect2.c] do not ask for passphrase in batch mode; report from ejb@ql.org - itojun@cvs.opebsd.org 2001/02/08 10:47:05 [sshconnect.c sshconnect1.c sshconnect2.c] %.30s is too short for IPv6 numeric address. use %.128s for now. markus ok - markus@cvs.openbsd.org 2001/02/09 12:28:35 [sshconnect2.c] do not free twice, thanks to /etc/malloc.conf - markus@cvs.openbsd.org 2001/02/09 17:10:53 [sshconnect2.c] partial success: debug->log; "Permission denied" if no more auth methods - markus@cvs.openbsd.org 2001/02/10 12:09:21 [sshconnect2.c] remove some lines - markus@cvs.openbsd.org 2001/02/09 13:38:07 [auth-options.c] reset options if no option is given; from han.holl@prismant.nl - markus@cvs.openbsd.org 2001/02/08 21:58:28 [channels.c] nuke sprintf, ok deraadt@ - markus@cvs.openbsd.org 2001/02/08 21:58:28 [channels.c] nuke sprintf, ok deraadt@ - markus@cvs.openbsd.org 2001/02/06 22:43:02 [clientloop.h] remove confusing callback code - deraadt@cvs.openbsd.org 2001/02/08 14:39:36 [readconf.c] snprintf - itojun@cvs.openbsd.org 2001/02/08 19:30:52 sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long - itojun@cvs.openbsd.org 2001/02/07 18:04:50 [ssh-keyscan.c] fix size_t -> int cast (use u_long). markus ok - markus@cvs.openbsd.org 2001/02/07 22:43:16 [ssh-keyscan.c] s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com - itojun@cvs.openbsd.org 2001/02/09 9:04:59 [ssh-keyscan.c] do not assume malloc() returns zero-filled region. found by malloc.conf=AJ. - markus@cvs.openbsd.org 2001/02/08 22:35:30 [sshconnect.c] don't connect if batch_mode is true and stricthostkeychecking set to 'ask' - djm@cvs.openbsd.org 2001/02/04 21:26:07 [sshd_config] type: ok markus@ - deraadt@cvs.openbsd.org 2001/02/06 22:07:50 [sshd_config] enable sftp-server by default - deraadt 2001/02/07 8:57:26 [xmalloc.c] deal with new ANSI malloc stuff - markus@cvs.openbsd.org 2001/02/07 16:46:08 [xmalloc.c] typo in fatal() - itojun@cvs.openbsd.org 2001/02/07 18:04:50 [xmalloc.c] fix size_t -> int cast (use u_long). markus ok - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong [serverloop.c sshconnect1.c] mitigate SSH1 traffic analysis - from Solar Designer <solar@openwall.com>, ok provos@ - (bal) fixed sftp-client.c. Return 'status' instead of '0' (from the OpenBSD tree) - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD - (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync) - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace. - (bal) A bit more whitespace cleanup - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett <abartlet@pcug.org.au> - (stevesk) misc.c: ssh.h not needed. - (stevesk) compat.c: more friendly cpp error - (stevesk) OpenBSD sync: - stevesk@cvs.openbsd.org 2001/02/11 06:15:57 [LICENSE] typos and small cleanup; ok deraadt@ 20010210 - (djm) Sync sftp and scp stuff from OpenBSD: - djm@cvs.openbsd.org 2001/02/07 03:55:13 [sftp-client.c] Don't free handles before we are done with them. Based on work from Corinna Vinschen <vinschen@redhat.com>. ok markus@ - djm@cvs.openbsd.org 2001/02/06 22:32:53 [sftp.1] Punctuation fix from Pekka Savola <pekkas@netcore.fi> - deraadt@cvs.openbsd.org 2001/02/07 04:07:29 [sftp.1] pretty up significantly - itojun@cvs.openbsd.org 2001/02/07 06:49:42 [sftp.1] .Bl-.El mismatch. markus ok - djm@cvs.openbsd.org 2001/02/07 06:12:30 [sftp-int.c] Check that target is a directory before doing ls; ok markus@ - itojun@cvs.openbsd.org 2001/02/07 11:01:18 [scp.c sftp-client.c sftp-server.c] unsigned long long -> %llu, not %qu. markus ok - stevesk@cvs.openbsd.org 2001/02/07 11:10:39 [sftp.1 sftp-int.c] more man page cleanup and sync of help text with man page; ok markus@ - markus@cvs.openbsd.org 2001/02/07 14:58:34 [sftp-client.c] older servers reply with SSH2_FXP_NAME + count==0 instead of EOF - djm@cvs.openbsd.org 2001/02/07 15:27:19 [sftp.c] Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov <roumen.petrov@skalasoft.com> - stevesk@cvs.openbsd.org 2001/02/07 15:36:04 [sftp-int.c] portable; ok markus@ - stevesk@cvs.openbsd.org 2001/02/07 15:55:47 [sftp-int.c] lowercase cmds[].c also; ok markus@ - markus@cvs.openbsd.org 2001/02/07 17:04:52 [pathnames.h sftp.c] allow sftp over ssh protocol 1; ok djm@ - deraadt@cvs.openbsd.org 2001/02/08 07:38:55 [scp.c] memory leak fix, and snprintf throughout - deraadt@cvs.openbsd.org 2001/02/08 08:02:02 [sftp-int.c] plug a memory leak - stevesk@cvs.openbsd.org 2001/02/08 10:11:23 [session.c sftp-client.c] %i -> %d - stevesk@cvs.openbsd.org 2001/02/08 10:57:59 [sftp-int.c] typo - stevesk@cvs.openbsd.org 2001/02/08 15:28:07 [sftp-int.c pathnames.h] _PATH_LS; ok markus@ - djm@cvs.openbsd.org 2001/02/09 04:46:25 [sftp-int.c] Check for NULL attribs for chown, chmod & chgrp operations, only send relevant attribs back to server; ok markus@ - djm@cvs.openbsd.org 2001/02/06 15:05:25 [sftp.c] Use getopt to process commandline arguments - djm@cvs.openbsd.org 2001/02/06 15:06:21 [sftp.c ] Wait for ssh subprocess at exit - djm@cvs.openbsd.org 2001/02/06 15:18:16 [sftp-int.c] stat target for remote chdir before doing chdir - djm@cvs.openbsd.org 2001/02/06 15:32:54 [sftp.1] Punctuation fix from Pekka Savola <pekkas@netcore.fi> - provos@cvs.openbsd.org 2001/02/05 22:22:02 [sftp-int.c] cleanup get_pathname, fix pwd after failed cd. okay djm@ - (djm) Update makefile.in for _PATH_SFTP_SERVER - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree) 20010209 - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney <rjmooney@mediaone.net> - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the main tree while porting forward. Pointed out by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (bal) double entry in configure.in. Pointed out by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (stevesk) OpenBSD sync: - markus@cvs.openbsd.org 2001/02/08 11:20:01 [auth2.c] strict checking - markus@cvs.openbsd.org 2001/02/08 11:15:22 [version.h] update to 2.3.2 - markus@cvs.openbsd.org 2001/02/08 11:12:30 [auth2.c] fix typo - (djm) Update spec files - (bal) OpenBSD sync: - deraadt@cvs.openbsd.org 2001/02/08 14:38:54 [scp.c] memory leak fix, and snprintf throughout - markus@cvs.openbsd.org 2001/02/06 22:43:02 [clientloop.c] remove confusing callback code - (djm) Add CVS Id's to files that we have missed - (bal) OpenBSD Sync (more): - itojun@cvs.openbsd.org 2001/02/08 19:30:52 sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long - markus@cvs.openbsd.org 2001/02/06 22:07:42 [ssh.c] fatal() if subsystem fails - markus@cvs.openbsd.org 2001/02/06 22:43:02 [ssh.c] remove confusing callback code - jakob@cvs.openbsd.org 2001/02/06 23:03:24 [ssh.c] add -1 option (force protocol version 1). ok markus@ - jakob@cvs.openbsd.org 2001/02/06 23:06:21 [ssh.c] reorder -{1,2,4,6} options. ok markus@ - (bal) Missing 'const' in readpass.h - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =) - djm@cvs.openbsd.org 2001/02/06 23:30:28 [sftp-client.c] replace arc4random with counter for request ids; ok markus@ - (djm) Define _PATH_TTY for systems that don't. Report from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 20010208 - (djm) Don't delete external askpass program in make uninstall target. Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com> - (djm) Fix linking of sftp, don't need arc4random any more. - (djm) Try to use shell that supports "test -S" for EGD socket search. Based on patch from Tim Rice <tim@multitalents.net> 20010207 - (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs seem lose track of it while in openbsd-compat/ (two confirmed reports) - (djm) Much KNF on PAM code - (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication 20010205 - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms that don't have NGROUPS_MAX. - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu> - (stevesk) OpenBSD sync: - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@ - stevesk@cvs.openbsd.org 2001/02/04 15:21:19 [sftp-server.c] SSH2_FILEXFER_ATTR_UIDGID support; ok markus@ - deraadt@cvs.openbsd.org 2001/02/04 17:02:32 [sftp-int.c] ? == help - deraadt@cvs.openbsd.org 2001/02/04 16:47:46 [sftp-int.c] sort commands, so that abbreviations work as expected - stevesk@cvs.openbsd.org 2001/02/04 15:17:52 [sftp-int.c] debugging sftp: precedence and missing break. chmod, chown, chgrp seem to be working now. - markus@cvs.openbsd.org 2001/02/04 14:41:21 [sftp-int.c] use base 8 for umask/chmod - markus@cvs.openbsd.org 2001/02/04 11:11:54 [sftp-int.c] fix LCD - markus@cvs.openbsd.org 2001/02/04 08:10:44 [ssh.1] typo; dpo@club-internet.fr - stevesk@cvs.openbsd.org 2001/02/04 06:30:12 [auth2.c authfd.c packet.c] remove duplicate #include's; ok markus@ - deraadt@cvs.openbsd.org 2001/02/04 16:56:23 [scp.c sshd.c] alpha happiness - stevesk@cvs.openbsd.org 2001/02/04 15:12:17 [sshd.c] precedence; ok markus@ - deraadt@cvs.openbsd.org 2001/02/04 08:14:15 [ssh.c sshd.c] make the alpha happy - markus@cvs.openbsd.org 2001/01/31 13:37:24 [channels.c channels.h serverloop.c ssh.c] do not disconnect if local port forwarding fails, e.g. if port is already in use - markus@cvs.openbsd.org 2001/02/01 14:58:09 [channels.c] use ipaddr in channel messages, ietf-secsh wants this - markus@cvs.openbsd.org 2001/01/31 12:26:20 [channels.c] ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE messages; bug report from edmundo@rano.org - markus@cvs.openbsd.org 2001/01/31 13:48:09 [sshconnect2.c] unused - deraadt@cvs.openbsd.org 2001/02/04 08:23:08 [sftp-client.c sftp-server.c] make gcc on the alpha even happier 20010204 - (bal) I think this is the last of the bsd-*.h that don't belong. - (bal) Minor Makefile fix - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done right. - (bal) Changed order of LIB="" in -with-skey due to library resolving. - (bal) next-posix.h changed to bsd-nextstep.h - (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all. - (djm) Makefile.in fixes - (stevesk) add mysignal() wrapper and use it for the protocol 2 SIGCHLD handler. - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@ 20010203 - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com> - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD based file) to ensure #include space does not get confused. - (bal) Minor Makefile.in tweak. dirname may not exist on some platforms so builds fail. (NeXT being a well known one) 20010202 - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen <vinschen@redhat.com> - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms that use 'gmake'. Patch by Tim Rice <tim@multitalents.net> 20010201 - (bal) Minor fix to Makefile to stop rebuilding executables if no changes have occured to any of the supporting code. Patch by Roumen Petrov <roumen.petrov@skalasoft.com> 20010131 - (djm) OpenBSD CVS Sync: - djm@cvs.openbsd.org 2001/01/30 15:48:53 [sshconnect.c] Make warning message a little more consistent. ok markus@ - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com> respectively. - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain passwords. - (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to openbsd-compat/. And resolve all ./configure and Makefile.in issues assocated. 20010130 - (djm) OpenBSD CVS Sync: - markus@cvs.openbsd.org 2001/01/29 09:55:37 [channels.c channels.h clientloop.c serverloop.c] fix select overflow; ok deraadt@ and stevesk@ - markus@cvs.openbsd.org 2001/01/29 12:42:35 [canohost.c canohost.h channels.c clientloop.c] add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS - markus@cvs.openbsd.org 2001/01/29 12:47:32 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c] handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack - djm@cvs.openbsd.org 2001/01/29 05:36:11 [ssh.1 ssh.c] Allow invocation of sybsystem by commandline (-s); ok markus@ - (stevesk) configure.in: remove duplicate PROG_LS 20010129 - (stevesk) sftp-server.c: use %lld vs. %qd 20010128 - (bal) Put USE_PIPES back into sco3.2v5 - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/28 10:15:34 [dispatch.c] re-keying is not supported; ok deraadt@ - markus@cvs.openbsd.org 2001/01/28 10:24:04 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] cleanup AUTHORS sections - markus@cvs.openbsd.org 2001/01/28 10:37:26 [sshd.c sshd.8] remove -Q, no longer needed - stevesk@cvs.openbsd.org 2001/01/28 20:36:16 [readconf.c ssh.1] ``StrictHostKeyChecking ask'' documentation and small cleanup. ok markus@ - stevesk@cvs.openbsd.org 2001/01/28 20:43:25 [sshd.8] spelling. ok markus@ - stevesk@cvs.openbsd.org 2001/01/28 20:53:21 [xmalloc.c] use size_t for strlen() return. ok markus@ - stevesk@cvs.openbsd.org 2001/01/28 22:27:05 [authfile.c] spelling. use sizeof vs. strlen(). ok markus@ - niklas@cvs.openbsd.org 2001/01/29 1:59:14 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h] $OpenBSD$ - (bal) Minor auth2.c resync. Whitespace and moving of an #include. 20010126 - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen Petrov <roumen.petrov@skalasoft.com> - (bal) OpenBSD Sync - deraadt@cvs.openbsd.org 2001/01/25 8:06:33 [ssh-agent.c] call _exit() in signal handler 20010125 - (djm) Sync bsd-* support files: - deraadt@cvs.openbsd.org 2000/01/26 03:43:20 [rresvport.c bindresvport.c] new bindresvport() semantics that itojun, shin, jean-luc and i have agreed on, which will be happy for the future. bindresvport_sa() for sockaddr *, too. docs later.. - deraadt@cvs.openbsd.org 2000/01/24 02:24:21 [bindresvport.c] in bindresvport(), if sin is non-NULL, example sin->sin_family for the actual family being processed - (djm) Mention PRNGd in documentation, it is nicer than EGD - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf - (bal) AC_FUNC_STRFTIME added to autoconf - (bal) OpenBSD Resync - stevesk@cvs.openbsd.org 2001/01/24 21:03:50 [channels.c] missing freeaddrinfo(); ok markus@ 20010124 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/23 10:45:10 [ssh.h] nuke comment - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net> - (bal) #ifdef around S_IFSOCK if platform does not support it. patch by Tim Rice <tim@multitalents.net> - (bal) fake-regex.h cleanup based on Tim Rice's patch. - (stevesk) sftp-server.c: fix chmod() mode mask 20010123 - (bal) regexp.h typo in configure.in. Should have been regex.h - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@ - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/22 8:15:00 [auth-krb4.c sshconnect1.c] only AFS needs radix.[ch] - markus@cvs.openbsd.org 2001/01/22 8:32:53 [auth2.c] no need to include; from mouring@etoh.eviladmin.org - stevesk@cvs.openbsd.org 2001/01/22 16:55:21 [key.c] free() -> xfree(); ok markus@ - stevesk@cvs.openbsd.org 2001/01/22 17:22:28 [sshconnect2.c sshd.c] fix memory leaks in SSH2 key exchange; ok markus@ - markus@cvs.openbsd.org 2001/01/22 23:06:39 [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] rename skey -> challenge response. auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled. 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19. 20010120 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 [ssh-chall.c servconf.c servconf.h ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - (bal) Slight auth2-pam.c clean up. - (bal) Includes a fake-regexp.h to be only used if regcomp() is found, but no 'regexp.h' found (SCO OpenServer 3 lacks the header). 20010119 - (djm) Update versions in RPM specfiles - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - markus@cvs.openbsd.org 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>) to fix NULL pointer deref and fake authloop breakage in PAM code. - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com> - (bal) Minor cygwin patch to auth1.c. Suggested by djm. 20010118 - (bal) Super Sized OpenBSD Resync - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - markus@cvs.openbsd.org 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:14:13 [ssh-add.c] typo, from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - markus@cvs.openbsd.org 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - markus@cvs.openbsd.org 2001/01/13 18:38:00 [auth-options.c] fix comment - markus@cvs.openbsd.org 2001/01/13 18:43:31 [session.c] Wall - markus@cvs.openbsd.org 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - markus@cvs.openbsd.org 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - markus@cvs.openbsd.org 2001/01/15 21:43:51 [dh.c] use error() not stderr! - markus@cvs.openbsd.org 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - markus@cvs.openbsd.org 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - markus@cvs.openbsd.org 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - markus@cvs.openbsd.org 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from nisse@lysator.liu.se - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature. 20010117 - (djm) Only write random seed file at exit - (djm) Make PAM support optional, enable with --with-pam - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which provides a crypt() of its own) - (djm) Avoid a warning in bsd-bindresvport.c - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This can cause weird segfaults errors on Solaris - (djm) Avoid warning in PAM code by making read_passphrase arguments const - (djm) Add --with-pam to RPM spec files 20010115 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist. - (bal) utimes() support via utime() interface on machine that lack utimes(). 20010114 - (stevesk) initial work for OpenBSD "support supplementary group in {Allow,Deny}Groups" patch: - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c) - add bsd-getgrouplist.h - new files groupaccess.[ch] - build but don't use yet (need to merge auth.c changes) - (stevesk) complete: - markus@cvs.openbsd.org 2001/01/13 11:56:48 [auth.c sshd.8] support supplementary group in {Allow,Deny}Groups from stevesk@pobox.com 20010112 - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/10 22:56:22 [bufaux.h bufaux.c sftp-server.c sftp.h getput.h] cleanup sftp-server implementation: add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT parse SSH2_FILEXFER_ATTR_EXTENDED send SSH2_FX_EOF if readdir returns no more entries reply to SSH2_FXP_EXTENDED message use #defines from the draft move #definations to sftp.h more info: http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt - markus@cvs.openbsd.org 2001/01/10 19:43:20 [sshd.c] XXX - generate_empheral_server_key() is not safe against races, because it calls log() - markus@cvs.openbsd.org 2001/01/09 21:19:50 [packet.c] allow TCP_NDELAY for ipv6; from netbsd via itojun@ 20010110 - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from Bladt Norbert <Norbert.Bladt@adi.ch> 20010109 - (bal) Resync CVS ID of cli.c - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE code. - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/08 22:29:05 [auth2.c compat.c compat.h servconf.c servconf.h sshd.8 sshd_config version.h] implement option 'Banner /etc/issue.net' for ssh2, move version to 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner is enabled). - markus@cvs.openbsd.org 2001/01/08 22:03:23 [channels.c ssh-keyscan.c] O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/08 21:55:41 [sshconnect1.c] more cleanups and fixes from stevesk@pobox.com: 1) try_agent_authentication() for loop will overwrite key just allocated with key_new(); don't alloc 2) call ssh_close_authentication_connection() before exit try_agent_authentication() 3) free mem on bad passphrase in try_rsa_authentication() - markus@cvs.openbsd.org 2001/01/08 21:48:17 [kex.c] missing free; thanks stevesk@pobox.com - (bal) Detect if clock_t structure exists, if not define it. - (bal) Detect if O_NONBLOCK exists, if not define it. - (bal) removed news4-posix.h (now empty) - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t' instead of 'int' - (stevesk) sshd_config: sync - (stevesk) defines.h: remove spurious ``;'' 20010108 - (bal) Fixed another typo in cli.c - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] typo - markus@cvs.openbsd.org 2001/01/07 21:26:55 [cli.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 19:06:25 [auth1.c] missing free, stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/07 11:28:04 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE syslog priority changes: fatal() LOG_ERR -> LOG_CRIT log() LOG_INFO -> LOG_NOTICE - Updated TODO 20010107 - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2001/01/06 11:23:27 [ssh-rsa.c] remove unused - itojun@cvs.openbsd.org 2001/01/05 08:23:29 [ssh-keyscan.1] missing .El - markus@cvs.openbsd.org 2001/01/04 22:41:03 [session.c sshconnect.c] consistent use of _PATH_BSHELL; from stevesk@pobox.com - djm@cvs.openbsd.org 2001/01/04 22:35:32 [ssh.1 sshd.8] Mention AES as available SSH2 Cipher; ok markus - markus@cvs.openbsd.org 2001/01/04 22:25:58 [sshd.c] sync usage()/man with defaults; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/04 22:21:26 [sshconnect2.c] handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server that prints a banner (e.g. /etc/issue.net) 20010105 - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net> - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove() 20010104 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on work by Chris Vaughan <vaughan99@yahoo.com> 20010103 - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD tree (mainly positioning) - (bal) OpenSSH CVS Update - markus@cvs.openbsd.org 2001/01/02 20:41:02 [packet.c] log remote ip on disconnect; PR 1600 from jcs@rt.fm - markus@cvs.openbsd.org 2001/01/02 20:50:56 [sshconnect.c] strict_host_key_checking for host_status != HOST_CHANGED && ip_status == HOST_CHANGED - (bal) authfile.c: Synced CVS ID tag - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net> - (bal) Disable sftp-server if no 64bit int support exists. Based on patch by Tim Rice <tim@multitalents.net> - (bal) Makefile.in changes to uninstall: target to remove sftp-server and sftp-server.8 manpage. 20010102 - (bal) OpenBSD CVS Update - markus@cvs.openbsd.org 2001/01/01 14:52:49 [scp.c] use shared fatal(); from stevesk@pobox.com 20001231 - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS. for multiple reasons. - (bal) Reverted out of a partial NeXT patch. 20001230 - (bal) OpenBSD CVS Update - markus@cvs.openbsd.org 2000/12/28 18:58:30 [ssh-keygen.c] enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2} - markus@cvs.openbsd.org 2000/12/29 22:19:13 [channels.c] missing xfree; from vaughan99@yahoo.com - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination. Suggested by Christian Kurz <shorty@debian.org> - (bal) Add in '.c.o' section to Makefile.in to address make programs that don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 20001229 - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian Kurz <shorty@debian.org> - (bal) OpenBSD CVS Update - markus@cvs.openbsd.org 2000/12/28 14:25:51 [auth.h auth2.c] count authentication failures only - markus@cvs.openbsd.org 2000/12/28 14:25:03 [sshconnect.c] fingerprint for MITM attacks, too. - markus@cvs.openbsd.org 2000/12/28 12:03:57 [sshd.8 sshd.c] document -D - markus@cvs.openbsd.org 2000/12/27 14:19:21 [serverloop.c] less chatty - markus@cvs.openbsd.org 2000/12/27 12:34 [auth1.c sshconnect2.c sshd.c] typo - markus@cvs.openbsd.org 2000/12/27 12:30:19 [readconf.c readconf.h ssh.1 sshconnect.c] new option: HostKeyAlias: allow the user to record the host key under a different name. This is useful for ssh tunneling over forwarded connections or if you run multiple sshd's on different ports on the same machine. - markus@cvs.openbsd.org 2000/12/27 11:51:53 [ssh.1 ssh.c] multiple -t force pty allocation, document ORIGINAL_COMMAND - markus@cvs.openbsd.org 2000/12/27 11:41:31 [sshd.8] update for ssh-2 - (stevesk) compress.[ch] sync with openbsd; missed in prototype fix merge. 20001228 - (bal) Patch to add libutil.h to loginrec.c only if the platform has libutil.h. Suggested by Pekka Savola <pekka@netcore.fi> - (djm) Update to new x11-askpass in RPM spec - (bal) SCO patch to not include <sys/queue.h> since it's unrelated header. Patch by Tim Rice <tim@multitalents.net> - Updated TODO w/ known HP/UX issue - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the bad reference to 'NeXT including it else were' on the #ifdef version. 20001227 - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by Takumi Yamane <yamtak@b-session.com> - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch by Corinna Vinschen <vinschen@redhat.com> - (djm) Fix catman-do target for non-bash - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by Takumi Yamane <yamtak@b-session.com> - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch by Corinna Vinschen <vinschen@redhat.com> - (djm) Fix catman-do target for non-bash - (bal) Fixed NeXT's lack of CPPFLAGS honoring. - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/ 'RLIMIT_NOFILE' - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree, the info in COPYING.Ylonen has been moved to the start of each SSH1-derived file and README.Ylonen is well out of date. 20001223 - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects if a change to config.h has occurred. Suggested by Gert Doering <gert@greenie.muc.de> - (bal) OpenBSD CVS Update: - markus@cvs.openbsd.org 2000/12/22 16:49:40 [ssh-keygen.c] fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char. 20001221 - (stevesk) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/19 15:43:45 [authfile.c channels.c sftp-server.c ssh-agent.c] remove() -> unlink() for consistency - markus@cvs.openbsd.org 2000/12/19 15:48:09 [ssh-keyscan.c] replace <ssl/x.h> with <openssl/x.h> - markus@cvs.openbsd.org 2000/12/17 02:33:40 [uidswap.c] typo; from wsanchez@apple.com 20001220 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code and Linux-PAM. Based on report and fix from Andrew Morgan <morgan@transmeta.com> 20001218 - (stevesk) rsa.c: entropy.h not needed. - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile. Suggested by Wilfredo Sanchez <wsanchez@apple.com> 20001216 - (stevesk) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/16 02:53:57 [scp.c] allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE - markus@cvs.openbsd.org 2000/12/16 02:39:57 [scp.c] unused; from stevesk@pobox.com 20001215 - (stevesk) Old OpenBSD patch wasn't completely applied: - markus@cvs.openbsd.org 2000/01/24 22:11:20 [scp.c] allow '.' in usernames; from jedgar@fxp.org - (stevesk) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/13 16:26:53 [ssh-keyscan.c] fatal already adds \n; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/13 16:25:44 [ssh-agent.c] remove redundant spaces; from stevesk@pobox.com - ho@cvs.openbsd.org 2000/12/12 15:50:21 [pty.c] When failing to set tty owner and mode on a read-only filesystem, don't abort if the tty already has correct owner and reasonably sane modes. Example; permit 'root' to login to a firewall with read-only root fs. (markus@ ok) - deraadt@cvs.openbsd.org 2000/12/13 06:36:05 [pty.c] KNF - markus@cvs.openbsd.org 2000/12/12 14:45:21 [sshd.c] source port < 1024 is no longer required for rhosts-rsa since it adds no additional security. - markus@cvs.openbsd.org 2000/12/12 16:11:49 [ssh.1 ssh.c] rhosts-rsa is no longer automagically disabled if ssh is not privileged. UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers. these changes should not change the visible default behaviour of the ssh client. - deraadt@cvs.openbsd.org 2000/12/11 10:27:33 [scp.c] when copying 0-sized files, do not re-print ETA time at completion - provos@cvs.openbsd.org 2000/12/15 10:30:15 [kex.c kex.h sshconnect2.c sshd.c] compute diffie-hellman in parallel between server and client. okay markus@ 20001213 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report from Andreas M. Kirchwitz <amk@krell.zikzak.de> - (stevesk) OpenBSD CVS update: - markus@cvs.openbsd.org 2000/12/12 15:30:02 [ssh-keyscan.c ssh.c sshd.c] consistently use __progname; from stevesk@pobox.com 20001211 - (bal) Applied patch to include ssh-keyscan into Redhat's package, and patch to install ssh-keyscan manpage. Patch by Pekka Savola <pekka@netcore.fi> - (bal) OpenbSD CVS update - markus@cvs.openbsd.org 2000/12/10 17:01:53 [sshconnect1.c] always request new challenge for skey/tis-auth, fixes interop with other implementations; report from roth@feep.net 20001210 - (bal) OpenBSD CVS updates - markus@cvs.openbsd.org 2000/12/09 13:41:51 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] undo rijndael changes - markus@cvs.openbsd.org 2000/12/09 13:48:31 [rijndael.c] fix byte order bug w/o introducing new implementation - markus@cvs.openbsd.org 2000/12/09 14:08:27 [sftp-server.c] "" -> "." for realpath; from vinschen@redhat.com - markus@cvs.openbsd.org 2000/12/09 14:06:54 [ssh-agent.c] extern int optind; from stevesk@sweden.hp.com - provos@cvs.openbsd.org 2000/12/09 23:51:11 [compat.c] remove unnecessary '\n' 20001209 - (bal) OpenBSD CVS updates: - djm@cvs.openbsd.org 2000/12/07 4:24:59 [ssh.1] Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo 20001207 - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/06 22:58:14 [compat.c compat.h packet.c] disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0 - markus@cvs.openbsd.org 2000/12/06 23:10:39 [rijndael.c] unexpand(1) - markus@cvs.openbsd.org 2000/12/06 23:05:43 [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] new rijndael implementation. fixes endian bugs 20001206 - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/05 20:34:09 [channels.c channels.h clientloop.c serverloop.c] async connects for -R/-L; ok deraadt@ - todd@cvs.openssh.org 2000/12/05 16:47:28 [sshd.c] tweak comment to reflect real location of pid file; ok provos@ - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't have it (used in ssh-keyscan). - (stevesk) OpenBSD CVS update: - markus@cvs.openbsd.org 2000/12/06 19:57:48 [ssh-keyscan.c] err(3) -> internal error(), from stevesk@sweden.hp.com 20001205 - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/04 19:24:02 [ssh-keyscan.c ssh-keyscan.1] David Maziere's ssh-keyscan, ok niels@ - (bal) Updated Makefile.in to include ssh-keyscan that was just added to the recent OpenBSD source tree. - (stevesk) fix typos in contrib/hpux/README 20001204 - (bal) More C functions defined in NeXT that are unaccessable without defining -POSIX. - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/03 11:29:04 [compat.c] remove fallback to SSH_BUG_HMAC now that the drafts are updated - markus@cvs.openbsd.org 2000/12/03 11:27:55 [compat.c] correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat - markus@cvs.openbsd.org 2000/12/03 11:15:03 [auth2.c compat.c compat.h sshconnect2.c] support f-secure/ssh.com 2.0.12; ok niels@ 20001203 - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; ok neils@ - markus@cvs.openbsd.org 2000/11/29 20:39:17 [cipher.c] des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - markus@cvs.openbsd.org 2000/11/30 18:33:05 [ssh-agent.c] agents must not dump core, ok niels@ - markus@cvs.openbsd.org 2000/11/30 07:04:02 [ssh.1] T is for both protocols - markus@cvs.openbsd.org 2000/12/01 00:00:51 [ssh.1] typo; from green@FreeBSD.org - markus@cvs.openbsd.org 2000/11/30 07:02:35 [ssh.c] check -T before isatty() - provos@cvs.openbsd.org 2000/11/29 13:51:27 [sshconnect.c] show IP address and hostname when new key is encountered. okay markus@ - markus@cvs.openbsd.org 2000/11/30 22:53:35 [sshconnect.c] disable agent/x11/port fwding if hostkey has changed; ok niels@ - marksu@cvs.openbsd.org 2000/11/29 21:11:59 [sshd.c] sshd -D, startup w/o deamon(), for monitoring scripts or inittab; from handler@sub-rosa.com and eric@urbanrange.com; ok niels@ - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable PAM authentication using KbdInteractive. - (djm) Added another TODO 20001202 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch. - (bal) Irix need some sort of mansubdir, patch by Michael Stone <mstone@cs.loyola.edu> 20001129 - (djm) Back out all the serverloop.c hacks. sshd will now hang again if there are background children with open fds. - (djm) bsd-rresvport.c bzero -> memset - (djm) Don't fail in defines.h on absence of 64 bit types (we will still fail during compilation of sftp-server). - (djm) Fail if ar is not found during configure - (djm) OpenBSD CVS updates: - provos@cvs.openbsd.org 2000/11/22 08:38:31 [sshd.8] talk about /etc/primes, okay markus@ - markus@cvs.openbsd.org 2000/11/23 14:03:48 [ssh.c sshconnect1.c sshconnect2.c] complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults - markus@cvs.openbsd.org 2000/11/25 09:42:53 [sshconnect1.c] reorder check for illegal ciphers, bugreport from espie@ - markus@cvs.openbsd.org 2000/11/25 10:19:34 [ssh-keygen.c ssh.h] print keytype when generating a key. reasonable defaults for RSA1/RSA/DSA keys. - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few more manpage paths in fixpaths calls - (djm) Also add xauth path at Pekka's suggestion. - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility 20001125 - (djm) Give up privs when reading seed file 20001123 - (bal) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/11/15 22:31:36 [auth-options.c] case insensitive key options; from stevesk@sweeden.hp.com - markus@cvs.openbsd.org 2000/11/16 17:55:43 [dh.c] do not use perror() in sshd, after child is forked() - markus@cvs.openbsd.org 2000/11/14 23:42:40 [auth-rsa.c] parse option only if key matches; fix some confusing seen by the client - markus@cvs.openbsd.org 2000/11/14 23:44:19 [session.c] check no_agent_forward_flag for ssh-2, too - markus@cvs.openbsd.org 2000/11/15 [ssh-agent.1] reorder SYNOPSIS; typo, use .It - markus@cvs.openbsd.org 2000/11/14 23:48:55 [ssh-agent.c] do not reorder keys if a key is removed - markus@cvs.openbsd.org 2000/11/15 19:58:08 [ssh.c] just ignore non existing user keys - millert@cvs.openbsd.org 200/11/15 20:24:43 [ssh-keygen.c] Add missing \n at end of error message. 20001122 - (bal) Minor patch to ensure platforms lacking IRIX job limit supports are compilable. - (bal) Updated TODO as of 11/18/2000 with known things to resolve. 20001117 - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com> - (stevesk) Reworked progname support. - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by Shinichi Maruyama <marya@st.jip.co.jp> 20001116 - (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO releases. - (bal) Make builds work outside of source tree. Patch by Mark D. Roth <roth@feep.net> 20001113 - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to contrib/README - (djm) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version - (djm) Fix RPM spec file stupidity - (djm) fixpaths to DSA and RSA keys too 20001112 - (bal) SCO Patch to add needed libraries for configure.in. Patch by Phillips Porch <root@theporch.com> - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker <dcp@sgi.com> - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to failed ioctl(TIOCSCTTY) call. 20001111 - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and packaging files - (djm) Fix new Makefile.in warnings - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are promoted to type int. Report and fix from Dan Astoorian <djast@cs.toronto.edu> - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get it wrong. Report from Bennett Todd <bet@rahul.net> 20001110 - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c - (bal) Changed from --with-skey to --with-skey=PATH in configure.in - (bal) Added in check to verify S/Key library is being detected in configure.in - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif. Patch by Mark Miller <markm@swoon.net> - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net> - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs 20001107 - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by Mark Miller <markm@swoon.net> - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by Jarno Huuskonen <jhuuskon@messi.uku.fi> - (bal) fixpaths fixed to stop it from quitely failing. Patch by Mark D. Roth <roth@feep.net> 20001106 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs - (djm) Manually fix up missed diff hunks (mainly RCS idents) - (djm) Remove UPGRADING document in favour of a link to the better maintained FAQ on www.openssh.com - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola <pekkas@netcore.fi> - (djm) Don't need X11-askpass in RPM spec file if building without it from Pekka Savola <pekkas@netcore.fi> - (djm) Release 2.3.0p1 - (bal) typo in configure.in in regards to --with-ldflags from Marko Asplund <aspa@kronodoc.fi> - (bal) fixed next-posix.h. Forgot prototype of getppid().
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz2-2/+2
2001-02-15Prune old/nonexistant mirror sites from MASTER_SITES.briggs1-6/+2
2001-02-06Make that "autoreconf" -- there is no "autoremake".fredb1-3/+3
2001-02-05Use full pathname "${LOCALBASE}/bin/auto..." in dependences and maketron1-3/+3
targets. This includes a fix for PR pkg/12125 by Tomasz Luchowski.
2001-01-29Add automatic ${VARIABLE} handling for MESSAGE files.wiz2-8/+9
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced, not @VARIABLE@, nor @@VARIABLE@@). By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX, X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST. Clean up some packages while I'm there; add RCS tags to most MESSAGEs. Remove some uninteresting MESSAGEs.
2001-01-10Make this package work under SunOS.tron4-10/+83
2001-01-10Don't check for "/dev/urandom" under Solaris.tron2-7/+10
2001-01-07If someone installs openssh on netbsd and then pkg_deletes it again,hubertf1-2/+2
he sure does NOT want to nuke /etc/ssh* - adjust to ssh*_config.
2000-12-08Move code from REQ file to INSTALL.wiz3-32/+19
2000-11-11add ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patchitojun2-1/+13
(fix S/Key authentication).
2000-11-09ssh-add.1 was fixed in master repositoryitojun2-22/+1
2000-11-09upgrade to 2.3.0p1. XXX pathname for ssh-askpass?itojun8-61/+73
20001106 - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs - (djm) Manually fix up missed diff hunks (mainly RCS idents) - (djm) Remove UPGRADING document in favour of a link to the better maintained FAQ on www.openssh.com - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola <pekkas@netcore.fi> - (djm) Don't need X11-askpass in RPM spec file if building without it from Pekka Savola <pekkas@netcore.fi> - (djm) Release 2.3.0p1 20001105 - (bal) Sync with OpenBSD: - markus@cvs.openbsd.org 2000/10/31 9:31:58 [compat.c] handle all old openssh versions - markus@cvs.openbsd.org 2000/10/31 13:1853 [deattack.c] so that large packets do not wrap "n"; from netbsd - (bal) rijndel.c - fix up RCSID to match OpenBSD tree - (bal) auth2-skey.c - Checked in. Missing from portable tree. - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and setsid() into more common files - (stevesk) pty.c: use __hpux to identify HP-UX. - (bal) Missed auth-skey.o in Makefile.in and minor correction to bsd-waitpid.c 20001029 - (stevesk) Fix typo in auth.c: USE_PAM not PAM - (stevesk) Create contrib/cygwin/ directory; patch from Corinna Vinschen <vinschen@redhat.com> - (bal) Resolved more $xno and $xyes issues in configure.in - (bal) next-posix.h - spelling and forgot a prototype 20001028 - (djm) fix select hack in serverloop.c from Philippe WILLEM <Philippe.WILLEM@urssaf.fr> - (djm) Fix mangled AIXAUTHENTICATE code - (djm) authctxt->pw may be NULL. Fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de> - (djm) Sync with OpenBSD: - markus@cvs.openbsd.org 2000/10/16 15:46:32 [ssh.1] fixes from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/10/17 14:28:11 [atomicio.c] return number of characters processed; ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:04:02 [atomicio.c] undo - markus@cvs.openbsd.org 2000/10/18 12:23:02 [scp.c] replace atomicio(read,...) with read(); ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:42:00 [session.c] restore old record login behaviour - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 [auth-skey.c] fmt string problem in unused code - provos@cvs.openbsd.org 2000/10/19 10:45:16 [sshconnect2.c] don't reference freed memory. okay deraadt@ - markus@cvs.openbsd.org 2000/10/21 11:04:23 [canohost.c] typo, eramore@era-t.ericsson.se; ok niels@ - markus@cvs.openbsd.org 2000/10/23 13:31:55 [cipher.c] non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd - markus@cvs.openbsd.org 2000/10/26 12:38:28 [compat.c] add older vandyke products - markus@cvs.openbsd.org 2000/10/27 01:32:19 [channels.c channels.h clientloop.c serverloop.c session.c] [ssh.c util.c] enable non-blocking IO on channels, and tty's (except for the client ttys). 20001027 - (djm) Increase REKEY_BYTES to 2^24 for arc4random 20001025 - (djm) Added WARNING.RNG file and modified configure to ask users of the builtin entropy code to read it. - (djm) Prefer builtin regex to PCRE. - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly. - (bal) Apply fixes to configure.in pointed out by Pavel Roskin <proski@gnu.org> 20001020 - (djm) Don't define _REENTRANT for SNI/Reliant Unix - (bal) Imported NEWS-OS waitpid() macros into NeXT. Since implementation is more correct then current version. 20001018 - (stevesk) Add initial support for setproctitle(). Current support is for the HP-UX pstat(PSTAT_SETCMD, ...) method. - (stevesk) Add egd startup scripts to contrib/hpux/ 20001017 - (djm) Add -lregex to cywin libs from Corinna Vinschen <vinschen@cygnus.com> - (djm) Don't rely on atomicio's retval to determine length of askpass supplied passphrase. Problem report from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (bal) Changed from GNU rx to PCRE on suggestion from djm. - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki <nakaji@tutrp.tut.ac.jp> 20001016 - (djm) Sync with OpenBSD: - markus@cvs.openbsd.org 2000/10/14 04:01:15 [cipher.c] debug3 - markus@cvs.openbsd.org 2000/10/14 04:07:23 [scp.c] remove spaces from arguments; from djm@mindrot.org - markus@cvs.openbsd.org 2000/10/14 06:09:46 [ssh.1] Cipher is for SSH-1 only - markus@cvs.openbsd.org 2000/10/14 06:12:09 [servconf.c servconf.h serverloop.c session.c sshd.8] AllowTcpForwarding; from naddy@ - markus@cvs.openbsd.org 2000/10/14 06:16:56 [auth2.c compat.c compat.h sshconnect2.c version.h] OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons - markus@cvs.openbsd.org 2000/10/14 06:19:45 [auth-rsa.c] do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com - markus@cvs.openbsd.org 2000/10/15 08:14:01 [rijndael.c session.c] typos; from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/10/15 08:18:31 [rijndael.c] typo - (djm) Copy manpages back over from OpenBSD - too tedious to wade through diffs - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola <pekkas@netcore.fi> - (djm) Update version in Redhat spec file - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the Redhat 7.0 spec file - (djm) Make inability to read/write PRNG seedfile non-fatal 20001015 - (djm) Fix ssh2 hang on background processes at logout. 20001014 - (bal) Add support for realpath and getcwd for platforms with broken or missing realpath implementations for sftp-server. - (bal) Corrected mistake in INSTALL in regards to GNU rx library - (bal) Add support for GNU rx library for those lacking regexp support - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth - (djm) Revert SSH2 serverloop hack, will find a better way. - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch from Martin Johansson <fatbob@acc.umu.se> - (djm) Big OpenBSD sync: - markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression - (djm) Fix scp user@host handling - (djm) Don't clobber ssh_prng_cmds on install - (stevesk) Include config.h in rijndael.c so we define intXX_t and u_intXX_t types on all platforms. - (stevesk) rijndael.c: cleanup missing declaration warnings. - (stevesk) ~/.hushlogin shouldn't cause required password change to be bypassed. - (stevesk) Display correct path to ssh-askpass in configure output. Report from Lutz Jaenicke. 20001007 - (stevesk) Print PAM return value in PAM log messages to aid with debugging. - (stevesk) Fix detection of pw_class struct member in configure; patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> 20001002 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com> - (djm) Add host system and CC to end-of-configure report. Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 20000931 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com> 20000930 - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi> - (djm) Support in bsd-snprintf.c for long long conversions from Ben Lindstrom <mouring@pconline.com> - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com> - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with very short lived X connections. Bug report from Tobias Oetiker <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org> - (djm) Add recent InitScripts as a RPM dependancy for openssh-server patch from Pekka Savola <pekkas@netcore.fi> - (djm) Forgot to cvs add LICENSE file - (djm) Add LICENSE to RPM spec files - (djm) CVS OpenBSD sync: - markus@cvs.openbsd.org 2000/09/26 13:59:59 [clientloop.c] use debug2 - markus@cvs.openbsd.org 2000/09/27 15:41:34 [auth2.c sshconnect2.c] use key_type() - markus@cvs.openbsd.org 2000/09/28 12:03:18 [channels.c] debug -> debug2 cleanup - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis <Alain.St-Denis@ec.gc.ca> - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass. Problem was caused by interrupted read in ssh-add. Report from Donald J. Barry <don@astro.cornell.edu> 20000929 - (djm) Fix SSH2 not terminating until all background tasks done problem. - (djm) Another off-by-one fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, tidy necessary differences. Use Markus' new debugN() in entropy.c - (djm) Merged big SCO portability patch from Tim Rice <tim@multitalents.net> 20000926 - (djm) Update X11-askpass to 1.0.2 in RPM spec file - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> 20000924 - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net> - (djm) A bit more cleanup - created cygwin_util.h - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller <markm@swoon.net> 20000923 - (djm) Fix address logging in utmp from Kevin Steves <stevesk@sweden.hp.com> - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi> - (djm) Seperate tests for int64_t and u_int64_t types - (djm) Tweak password expiry checking at suggestion of Kevin Steves <stevesk@sweden.hp.com> - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com> - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from Michael Stone <mstone@cs.loyola.edu> - (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2000/09/17 09:38:59 [sshconnect2.c sshd.c] fix DEBUG_KEXDH - markus@cvs.openbsd.org 2000/09/17 09:52:51 [sshconnect.c] yes no; ok niels@ - markus@cvs.openbsd.org 2000/09/21 04:55:11 [sshd.8] typo - markus@cvs.openbsd.org 2000/09/21 05:03:54 [serverloop.c] typo - markus@cvs.openbsd.org 2000/09/21 05:11:42 scp.c utime() to utimes(); mouring@pconline.com - markus@cvs.openbsd.org 2000/09/21 05:25:08 sshconnect2.c change login logic in ssh2, allows plugin of other auth methods - markus@cvs.openbsd.org 2000/09/21 05:25:35 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] [serverloop.c] add context to dispatch_run - markus@cvs.openbsd.org 2000/09/21 05:07:52 authfd.c authfd.h ssh-agent.c bug compat for old ssh.com software 20000920 - (djm) Fix bad path substitution. Report from Andrew Miner <asminer@cs.iastate.edu> 20000916 - (djm) Fix SSL search order from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de> - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com> - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. Patch from Larry Jones <larry.jones@sdrc.com> - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM password change patch. - (djm) Bring licenses on my stuff in line with OpenBSD's - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com> - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> - (djm) Re-enable int64_t types - we need them for sftp - (djm) Use libexecdir from configure , rather than libexecdir/ssh - (djm) Update Redhat SPEC file accordingly - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter <Dirk.DeWachter@rug.ac.be> - (djm) Fixprogs and entropy list fixes from Larry Jones <larry.jones@sdrc.com> - (djm) Fix for SuSE spec file from Takashi YOSHIDA <tyoshida@gemini.rc.kyushu-u.ac.jp> - (djm) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately 20000913 - (djm) Fix server not exiting with jobs in background. 20000905 - (djm) Import OpenBSD CVS changes - markus@cvs.openbsd.org 2000/08/31 15:52:24 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c] implement a SFTP server. interops with sftp2, scp2 and the windows client from ssh.com - markus@cvs.openbsd.org 2000/08/31 15:56:03 [README.openssh2] sync - markus@cvs.openbsd.org 2000/08/31 16:05:42 [session.c] Wall - markus@cvs.openbsd.org 2000/08/31 16:09:34 [authfd.c ssh-agent.c] add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions - deraadt@cvs.openbsd.org 2000/09/01 09:25:13 [scp.1 scp.c] cleanup and fix -S support; stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/09/01 16:29:32 [sftp-server.c] portability fixes - markus@cvs.openbsd.org 2000/09/01 16:32:41 [sftp-server.c] fix cast; mouring@pconline.com - itojun@cvs.openbsd.org 2000/09/03 09:23:28 [ssh-add.1 ssh.1] add missing .El against .Bl. - markus@cvs.openbsd.org 2000/09/04 13:03:41 [session.c] missing close; ok theo - markus@cvs.openbsd.org 2000/09/04 13:07:21 [session.c] fix get_last_login_time order; from andre@van-veen.de - markus@cvs.openbsd.org 2000/09/04 13:10:09 [sftp-server.c] more cast fixes; from mouring@pconline.com - markus@cvs.openbsd.org 2000/09/04 13:06:04 [session.c] set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net - (djm) Cleanup after import. Fix sftp-server compilation, Makefile - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com> 20000903 - (djm) Fix Redhat init script 20000901 - (djm) Pick up Jim's new X11-askpass - (djm) Release 2.2.0p1
2000-10-15allow build with login.conf support enabled. PR11150.itojun2-13/+9
2000-09-28openssl is broken on alpha, and openssh hangs in configure when checkinghubertf1-3/+3
for openssl libs. Disable both, and reference PR to fix it. XXX should be changed for USE_SSL.
2000-09-28The name of the rc.d script has changed. Update message to reflect newjlam1-2/+2
name.
2000-09-20Install rc.d control script as "sshd" instead of "sshd.sh" to comply withjlam3-5/+7
how NetBSD's rc.d interprets script names. Also add REQUIRE and PROVIDE sections to control scripts so they can be used directly in NetBSD's rc.d system.
2000-09-09Reorganize crypto handling, as discussed on tech-pkg. Remove allfredb1-4/+3
RESTRICTED= variables that were predicated on former U.S. export regulations. Add CRYPTO=, as necessary, so it's still possible to exclude all crypto packages from a build by setting MKCRYPTO=no (but "lintpkgsrc -R" will no longer catch them). Specifically, - - All packages which set USE_SSL just lose their RESTRICTED variable, since MKCRYPTO responds to USE_SSL directly. - - realplayer7 and ns-flash keep their RESTRICTED, which is based on license terms, but also gain the CRYPTO variable. - - srp-client is now marked broken, since the distfile is evidently no longer available. On this, we're no worse off than before. [We haven't been mirroring the distfile, or testing the build!] - - isakmpd gets CRYPTO for RESTRICTED, but remains broken. - - crack loses all restrictions, as it does not evidently empower a user to utilize strong encryption (working definition: ability to encode a message that requires a secret key plus big number arithmetic to decode).
2000-09-05The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin dependingjlam1-4/+8
on whether it's part of the X11 distribution or installed from pkgsrc. Use correct path depending on if ${X11BASE}/bin/ssh-askpass exists.
2000-09-05Update build dependency on perl to build in correct directory if perljlam1-2/+2
interpreter is not found.
2000-09-04inhibit login_cap support, as the code does not have fallback caseitojun2-25/+18
(the code rejects all login attempts if there's no login_cap entry).
2000-09-04upgrade to 2.2.0p1.itojun4-20/+12
--- 20000901 - (djm) Pick up Jim's new X11-askpass - (djm) Release 2.2.0p1 20000831 - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox <acox@cv.telegroup.com> - (djm) Pick up new version (2.2.0) from OpenBSD CVS 20000830 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net> - (djm) Periodically rekey arc4random - (djm) Clean up diff against OpenBSD. - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves <stevesk@sweden.hp.com> - (djm) Quieten the pam delete credentials error message - (djm) Fix printing of $DISPLAY hack if set by system type. Report from Kevin Steves <stevesk@sweden.hp.com> - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com> - (djm) Fix doh in bsd-arc4random.c 20000829 - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and Garrick James <garrick@james.net> - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from Bastian Trompetter <btrompetter@firemail.de> - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com> - More OpenBSD updates: - deraadt@cvs.openbsd.org 2000/08/24 15:46:59 [scp.c] off_t in sink, to fix files > 2GB, i think, test is still running ;-) - deraadt@cvs.openbsd.org 2000/08/25 10:10:06 [session.c] Wall - markus@cvs.openbsd.org 2000/08/26 04:33:43 [compat.c] ssh.com-2.3.0 - markus@cvs.openbsd.org 2000/08/27 12:18:05 [compat.c] compatibility with future ssh.com versions - deraadt@cvs.openbsd.org 2000/08/27 21:50:55 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c] print uid/gid as unsigned - markus@cvs.openbsd.org 2000/08/28 13:51:00 [ssh.c] enable -n and -f for ssh2 - markus@cvs.openbsd.org 2000/08/28 14:19:53 [ssh.c] allow combination of -N and -f - markus@cvs.openbsd.org 2000/08/28 14:20:56 [util.c] util.c - markus@cvs.openbsd.org 2000/08/28 14:22:02 [util.c] undo - markus@cvs.openbsd.org 2000/08/28 14:23:38 [util.c] don't complain if setting NONBLOCK fails with ENODEV 20000823 - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4 Avoids "scp never exits" problem. Reports from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA <kajiyama@grad.sccs.chukyo-u.ac.jp> - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers - (djm) Add local version to version.h - (djm) Don't reseed arc4random everytime it is used - (djm) OpenBSD CVS updates: - deraadt@cvs.openbsd.org 2000/08/18 20:07:23 [ssh.c] accept remsh as a valid name as well; roman@buildpoint.com - deraadt@cvs.openbsd.org 2000/08/18 20:17:13 [deattack.c crc32.c packet.c] rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to libz crc32 function yet, because it has ugly "long"'s in it; oneill@cs.sfu.ca - deraadt@cvs.openbsd.org 2000/08/18 20:26:08 [scp.1 scp.c] -S prog support; tv@debian.org - deraadt@cvs.openbsd.org 2000/08/18 20:50:07 [scp.c] knf - deraadt@cvs.openbsd.org 2000/08/18 20:57:33 [log-client.c] shorten - markus@cvs.openbsd.org 2000/08/19 12:48:11 [channels.c channels.h clientloop.c ssh.c ssh.h] support for ~. in ssh2 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40 [crc32.h] proper prototype - markus@cvs.openbsd.org 2000/08/19 15:34:44 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] [fingerprint.c fingerprint.h] add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents) - markus@cvs.openbsd.org 2000/08/19 15:55:52 [channels.c channels.h clientloop.c] more ~ support for ssh2 - markus@cvs.openbsd.org 2000/08/19 16:21:19 [clientloop.c] oops - millert@cvs.openbsd.org 2000/08/20 12:25:53 [session.c] We have to stash the result of get_remote_name_or_ip() before we close our socket or getpeername() will get EBADF and the process will exit. Only a problem for "UseLogin yes". - millert@cvs.openbsd.org 2000/08/20 12:30:59 [session.c] Only check /etc/nologin if "UseLogin no" since login(1) may have its own policy on determining who is allowed to login when /etc/nologin is present. Also use the _PATH_NOLOGIN define. - millert@cvs.openbsd.org 2000/08/20 12:42:43 [auth1.c auth2.c session.c ssh.c] Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class. - millert@cvs.openbsd.org 2000/08/21 10:23:31 [session.c] Fix incorrect PATH setting; noted by Markus. 20000818 - (djm) OpenBSD CVS changes: - markus@cvs.openbsd.org 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 [ssh.1] typo - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 [sshd.8] many fixes from pepper@mail.reppep.com - provos@cvs.openbsd.org 2000/08/01 13:01:42 [Makefile.in util.c aux.c] rename aux.c to util.c to help with cygwin port - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 [authfd.c] correct sun_len; Alexander@Leidinger.net - provos@cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos@cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus@cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus@cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus@cvs.openbsd.org 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - markus@cvs.openbsd.org 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - markus@cvs.openbsd.org 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd - (djm) Lastlog was not getting closed after writing login entry - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com> 20000816 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc) - (djm) Fix strerror replacement for old SunOS. Based on patch from Charles Levert <charles@comm.polymtl.ca> - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4 implementation. - (djm) SUN_LEN macro for systems which lack it 20000815 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com> - (djm) Avoid failures on Irix when ssh is not setuid. Fix from Michael Stone <mstone@cs.loyola.edu> - (djm) Don't seek in directory based lastlogs - (djm) Fix --with-ipaddr-display configure option test. Patch from Jarno Huuskonen <jhuuskon@messi.uku.fi> - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br> 20000813 - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from Fabrice bacchella <fabrice.bacchella@marchfirst.fr> 20000809 - (djm) Define AIX hard limits if headers don't. Report from Bill Painter <william.t.painter@lmco.com> - (djm) utmp direct write & SunOS 4 patch from Charles Levert <charles@comm.polymtl.ca> 20000808 - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install time, spec file cleanup. 20000807 - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke - (djm) Suppress error messages on channel close shutdown() failurs works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org> - (djm) Add some more entropy collection commands from Lutz Jaenicke 20000725 - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF 20000721 - (djm) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/07/16 02:27:22 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c] make ssh-add accept dsa keys (the agent does not) - djm@cvs.openbsd.org 2000/07/17 19:25:02 [sshd.c] Another closing of stdin; ok deraadt - markus@cvs.openbsd.org 2000/07/19 18:33:12 [dsa.c] missing free, reorder - markus@cvs.openbsd.org 2000/07/20 16:23:14 [ssh-keygen.1] document input and output files 20000720 - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz> 20000716 - (djm) Release 2.1.1p4
2000-09-01Don't hardcode /usr/pkg...use @PREFIX@jlam1-2/+2
2000-08-31Don't use dewey depends for version numbers with alpha characters.fredb1-2/+2
[Question: is openssl-0.9.5a before or after openssl-0.9.5? Dewey depends sure doesn't know.]
2000-08-28Use PERL5 variable for location of perl5 binary.jlam1-3/+2
2000-08-18Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive andhubertf1-3/+3
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions. MIRROR_DISTFILES and NO_CDROM are now dead.
2000-08-11When looking for -lcrypto, test linking with:jlam2-1/+76
-lcrypto NetBSD-1.5* -lcrypto -lrsaref OpenSSL and USE_RSAREF2=NO -lcrypto -lRSAglue -lrsaref OpenSSL and USE_RSAREF2=YES and use the first set of libraries which work. Closes the following PRs: 9820, 10268, 10681.
2000-08-11Set location of ssh-askpass to be ${X11PREFIX}/bin/ssh-askpass.jlam3-5/+20
Closes PR#10774.
2000-08-09Add master site on ftp.openssh.com.wiz1-1/+4
Add note why we have both openssh.com entries.
2000-07-28It's openssl>=0.9.5a, not openssl>=0.9.5.jlam1-3/+3
2000-07-25Address concern raised in pkg/10268, part 3, by telling user how to getjlam1-5/+12
a working /dev/urandom if it's found not to work.
2000-07-24Make all the installed /usr/pkg/etc/rc.d/sshd.sh files match.jlam1-2/+4
Also default to "start" command if run with no arguments.
2000-07-22INSTALL file containing post-install code factored from package Makefilejlam1-0/+48
and PLIST.
2000-07-22Update openssh to 2.1.1p4.jlam8-84/+124
Package changes: * Factor out common post-install code from PLIST and package Makefile into files/INSTALL. * Enhance files/sshd.sh to handle start/stop/restart/status. * Check for usable installed version of OpenSSL. This bit possibly closes the following PRs: 10404, 10501, 10593 Changes from 2.1.1p3: * allow multiple whitespace but only one '=' between tokens * close can fail on AFS * allow leading whitespace in configuration files * Always create ~/.ssh with mode 700
2000-07-15update to 2.1.1p3.itojun11-141/+9
depend on openssl >= 0.9.5. see PR 10593. --- 2.1.1p2 -> 2.1.1p3 20000712 - (djm) Remove -lresolve for Reliant Unix - (djm) OpenBSD CVS Updates: - deraadt@cvs.openbsd.org 2000/07/11 02:11:34 [session.c sshd.c ] make MaxStartups code still work with -d; djm - deraadt@cvs.openbsd.org 2000/07/11 13:17:45 [readconf.c ssh_config] disable FallBackToRsh by default - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from Ben Lindstrom <mouring@pconline.com> - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM spec file. - (djm) Released 2.1.1p3 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson <tbert@abac.com> - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de> - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom <mouring@pconline.com> - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report from Jim Watt <jimw@peisj.pebio.com> - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known to compile on more platforms (incl NeXT). - (djm) Added bsd-inet_aton and configure support for NeXT - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com> - (djm) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - markus@cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - provos@cvs.openbsd.org 2000/07/05 15:35:57 [sshd.c] typo - aaron@cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd@cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - provos@cvs.openbsd.org 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <dyoung@onthejob.net> - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 [auth.h] KNF - ho@cvs.openbsd.org 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - ho@cvs.openbsd.org 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - ho@cvs.openbsd.org 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok) - (djm) Fix problem with debug mode and MaxStartups - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM builds) - (djm) Add strsep function from OpenBSD libc for systems that lack it 20000709 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from Kevin Steves <stevesk@sweden.hp.com> - (djm) Match prototype and function declaration for rresvport_af. Problem report from Niklas Edmundsson <nikke@ing.umu.se> - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu> - (djm) Replace ut_name with ut_user. Patch from Jim Watt <jimw@peisj.pebio.com> - (djm) Fix pam sprintf fix - (djm) Cleanup entropy collection code a little more. Split initialisation from seeding, perform intialisation immediatly at start, be careful with uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com> - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com> Including sigaction() et al. replacements - (djm) AIX getuserattr() session initialisation from Tom Bertelson <tbert@abac.com> 20000708 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from Aaron Hopkins <aaron@die.net> - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (djm) Fixed undefined variables for OSF SIA. Report from Baars, Henk <Hendrik.Baars@nl.origin-it.com> - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL> - (djm) Don't use inet_addr. 20000702 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com> - (djm) Stop shadow expiry checking from preventing logins with NIS. Based on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp> - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from Chris, the Young One <cky@pobox.com> - (djm) Fix scp progress meter on really wide terminals. Based on patch from James H. Cloos Jr. <cloos@jhcloos.com> 20000701 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu> - (djm) Login fixes from Tom Bertelson <tbert@abac.com> - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen <vinschen@cygnus.com> - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM - (djm) Added check for broken snprintf() functions which do not correctly terminate output string and attempt to use replacement. - (djm) Released 2.1.1p2
2000-07-09add Austrian mirror site for distfilewiz1-1/+2
2000-07-07Added a patch file to take care of a LP64 bug, -1 != -1U. Actually whenelric2-1/+15
using inet_addr(3) failure is indicated by INADDR_NONE... Addresses: pkg/10526
2000-07-04in default sshd_config, listen to all address families availableitojun2-1/+15
(listens to IPv4 and IPv6 for GENERIC kernel)
2000-07-02upgrade fro 2.1.1p1 to 2.1.1p2.itojun7-39/+79
--- recent changelogs 20000701 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu> - (djm) Login fixes from Tom Bertelson <tbert@abac.com> - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen <vinschen@cygnus.com> - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM - (djm) Added check for broken snprintf() functions which do not correctly terminate output string and attempt to use replacement. - (djm) Released 2.1.1p2 20000628 - (djm) Fixes to lastlog code for Irix - (djm) Use atomicio in loginrec - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for Irix 6.x array sessions, project id's, and system audit trail id. - (djm) Added 'distprep' make target to simplify packaging - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA support. Enable using "USE_SIA=1 ./configure [options]" 20000627 - (djm) Fixes to login code - not setting li->uid, cleanups - (djm) Formatting 20000626 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net> - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de> - (djm) Added password expiry checking (no password change support) - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (djm) Fix fixed EGD code. - OpenBSD CVS update - provos@cvs.openbsd.org 2000/06/25 14:17:58 [channels.c] correct check for bad channel ids; from Wei Dai <weidai@eskimo.com> 20000623 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from Svante Signell <svante.signell@telia.com> - (djm) Autoconf logic to define sa_family_t if it is missing - OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/06/22 10:32:27 [sshd.c] missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL - djm@cvs.openbsd.org 2000/06/22 17:55:00 [auth-krb4.c key.c radix.c uuencode.c] Missing CVS idents; ok markus 20000622 - (djm) Automatically generate host key during "make install". Suggested by Gary E. Miller <gem@rellim.com> - (djm) Paranoia before kill() system call - OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment 20000620 - (djm) Replace use of '-o' and '-a' logical operators in configure tests with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx> to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com> - (djm) Typo in loginrec.c 20000618 - (djm) Add summary of configure options to end of ./configure run - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from Michael Stone <mstone@cs.loyola.edu> - (djm) rusage is a privileged operation on some Unices (incl. Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com> - (djm) Avoid PAM failures when running without a TTY. Report from Martin Petrak <petrak@spsknm.schools.sk> - (djm) Include sys/types.h when including netinet/in.h in configure tests. Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net> - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support - OpenBSD CVS updates: - deraadt@cvs.openbsd.org 2000/06/17 09:58:46 [channels.c] everyone says "nix it" (remove protocol 2 debugging message) - markus@cvs.openbsd.org 2000/06/17 13:24:34 [sshconnect.c] allow extended server banners - markus@cvs.openbsd.org 2000/06/17 14:30:10 [sshconnect.c] missing atomicio, typo - jakob@cvs.openbsd.org 2000/06/17 16:52:34 [servconf.c servconf.h session.c sshd.8 sshd_config] add support for ssh v2 subsystems. ok markus@. - deraadt@cvs.openbsd.org 2000/06/17 18:57:48 [readconf.c servconf.c] include = in WHITESPACE; markus ok - markus@cvs.openbsd.org 2000/06/17 19:09:10 [auth2.c] implement bug compatibility with ssh-2.0.13 pubkey, server side - markus@cvs.openbsd.org 2000/06/17 21:00:28 [compat.c] initial support for ssh.com's 2.2.0 - markus@cvs.openbsd.org 2000/06/17 21:16:09 [scp.c] typo - markus@cvs.openbsd.org 2000/06/17 22:05:02 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] split auth-rsa option parsing into auth-options add options support to authorized_keys2 - markus@cvs.openbsd.org 2000/06/17 22:42:54 [session.c] typo 20000613 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>: - Platform define for SCO 3.x which breaks on /dev/ptmx - Detect and try to fix missing MAXPATHLEN - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp <P.S.S.Camp@ukc.ac.uk> 20000612 - (djm) Glob manpages in RPM spec files to catch compressed files - (djm) Full license in auth-pam.c - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>: - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is def'd - Set AIX to use preformatted manpages 20000610 - (djm) Minor doc tweaks - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx> 20000609 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage (in favour of utmpx) on Solaris 8 20000606 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through list of commands (by default). Removed verbose debugging (by default). - (djm) Increased command entropy estimates and default entropy collection timeout - (djm) Remove duplicate headers from loginrec.c - (djm) Don't add /usr/local/lib to library search path on Irix - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III <tibbs@math.uh.edu> - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg <zack@wolery.cumb.org> - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org
2000-07-01generate dsa host key in post-install.itojun1-1/+6
2000-06-15upgrade to 2.1.1p1 from portable openssh distribution.itojun5-58/+12
--- changelog from 2.1.0p3: 20000609 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage (in favour of utmpx) on Solaris 8 20000606 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through list of commands (by default). Removed verbose debugging (by default). - (djm) Increased command entropy estimates and default entropy collection timeout - (djm) Remove duplicate headers from loginrec.c - (djm) Don't add /usr/local/lib to library search path on Irix - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III <tibbs@math.uh.edu> - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg <zack@wolery.cumb.org> - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org 20000606 - (djm) Added --with-cflags, --with-ldflags and --with-libs options to configure. 20000604 - Configure tweaking for new login code on Irix 5.3 - (andre) login code changes based on djm feedback 20000603 - (andre) New login code - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c - Add loginrec.[ch], logintest.c and autoconf code 20000531 - Cleanup of auth.c, login.c and fake-* - Cleanup of auth-pam.c, save and print "account expired" error messages - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - Rewrote bsd-login to use proper utmp API if available. Major cleanup of fallback DIY code.
2000-05-31upgrade to 2.1.0p3.itojun11-142/+69
there are too many changes to mention here. the biggest change would be the addition of SSH protocol version 2 (uses DSA).
2000-05-28Fix path to old distfile on openssh.com.wiz1-2/+2
2000-05-19add www.openssh.com to MASTER_SITES; all mirrors don't have the filewiz1-2/+3
anymore
2000-03-30Check for "/usr/include/openssl/rsa.h" instead of "/usr/bin/openssl" onjlam1-2/+2
-current.
2000-03-27Fix one more nroff warning.fredb2-1/+14