| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This helps on Solaris.
|
|
|
|
Addresses pkg/15849.
|
|
|
|
|
|
are a concern.
http://www.pine.nl/advisories/pine-cert-20020301.txt
|
|
- Fix security problem described in advisory "PINE-CERT-20020301".
|
|
|
|
* Build properly on systems that don't have /dev/urandom by testing for
the presence of /dev/urandom, instead of just testing for Solaris.
* Add disabled code to handle PAM (not quite working yet with security/PAM).
* Make the sshd rc.d script more /etc/rc.subr-friendly.
* Minimize amount of diffs from pristine OpenSSH sources.
|
|
|
|
|
|
* Disabled scard-install (patch/patch-ah -- Do we need/want it?)
Changes since 2.9.9.2:
- Don't allow authorized_keys specified environment variables when
UseLogin in active
- Fix IPv4 default in ssh-keyscan
- Fix early (and double) free of remote user when using Kerberos
- fix krb5 authorization check
- enable authorized_keys2 again
- ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- pad using the padding field from the ssh2 packet instead of sending
extra ignore messages
- missing free and sync dss/rsa code
- crank c->path to 256 so they can hold a full hostname
- cleanup libwrap support
- Fix fd leak in loginrec.c
- avoid possible FD_ISSET overflow for channels established
during channnel_after_select()
- chdir $HOME after krb_afslog()
- stat subsystem command before calling do_exec
- close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
- add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too
- loginrec.c: fix type conversion problems exposed when using 64-bit off_t
- Update spec files for new x11-askpass
|
|
|
|
|
|
|
|
Generate ssh_host_rsa_key and use a newer syntax of ssh-keygen to create
ssh_host_key and ssh_host_dsa_key.
|
|
Generate ssh_host_rsa_key and use a newer syntax of ssh-keygen to create
ssh_host_key and ssh_host_dsa_key.
|
|
directory.
Also change @SSH_PID_DIR@ and @MKDIR@ in sshd.sh and the INSTALL* files.
|
|
The automatic truncation in gensolpkg doesn't work for packages which
have the same package name for the first 5-6 chars.
e.g. amanda-server and amanda-client would be named amanda and amanda.
Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for
amanda-server.
All svr4 packages also have a vendor tag, so we have to reserve some chars
for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6
or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the
vendor tag enough room.
All p5-* packages and a few other packages have now a SVR4_PKGNAME.
|
|
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
|
|
(ssh protocol v2 access control).
|
|
- don't install setuid unless SSH_SUID=YES
- use libwrap (--with-tcp-wrappers) on NetBSD
I also want to fix S/Key support and Kerberos IV,
so I've left some comments in Makefile for that.
|
|
"ssh_prng_cmds".
|
|
|
|
|
|
when X11 forwarding = yes.
20010617
- (djm) Pull in small fix from -CURRENT for session.c:
typo, use pid not s->pid, mstone@cs.loyola.edu
20010615
- (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
around grantpt().
20010614
- (bal) Applied X11 Cookie Patch. X11 Cookie behavior has changed to
no longer use /tmp/ssh-XXXXX/
20010528
- (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
Patch by Corinna Vinschen <vinschen@redhat.com>
20010512
- (bal) Patch to partial sync up contrib/solaris/ packaging software.
Patch by pete <ninjaz@webexpress.com>
20010509
- (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
<wayne@blorf.net>
- (bal) ./configure support to disable SIA on OSF1. Patch by
Chris Adams <cmadams@hiwaay.net>
- (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
<nakaji@tutrp.tut.ac.jp>
20010508
- (bal) Fixed configure test for USE_SIA.
20010506
- (djm) Update config.guess and config.sub with latest versions (from
ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
Suggested by Jason Mader <jason@ncac.gwu.edu>
20010504
- (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
- (bal) Avoid socket file security issues in ssh-agent for Cygwin.
Patch by Egor Duda <deo@logos-m.ru>
20010430
- (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
- (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
|
|
|
|
Important Changes:
==================
WARNING: SSH protocol v2 is now the default protocol version
use the 'Protocol' option from ssh(1) and sshd(8) if
you want to change this.
SSH protocol v2 implementation adds support for:
HostbasedAuthentication, similar to RhostsRSA in SSH protocol
v1
Rekeying (negotiate new encryption keys for the current SSH
session, try ~R in interactive SSH sessions)
updated DH group exchange:
draft-ietf-secsh-dh-group-exchange-01.txt
client option HostKeyAlgorithms
server options ClientAliveInterval and ClientAliveCountMax
tty mode passing
general:
gid swapping in sshd (fixes access to /home/group/user based
directory structures)
Dan Kaminsky <dankamin@cisco.com> contributed an experimental
SOCKS4 proxy to the ssh client (yes, client not the server).
Use 'ssh -D 1080 server' if you want to try this out.
server option PrintLastLog
improvements for scp > 2GB
improved ListenAddress option.
You can now use ListenAddress host:port
improved interoperability (bug detection for older implementations)
improved documentation
|
|
dependency from libperl-5.* to libperl>=${PERL5_REQD}.
|
|
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
|
base system
|
|
Detected by pkgconflict.
|
|
|
|
Pointed out in PR 12546 by Martti Kuparinen <martti.kuparinen@iki.fi>
|
|
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
|
|
|
|
20010322
- (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
- (djm) Released 2.5.2p2
20010321
- (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
VanDevender <stevev@darkwing.uoregon.edu>
- (djm) Make sure pam_retval is initialised on call to pam_end. Patch
from Solar Designer <solar@openwall.com>
- (djm) Don't loop forever when changing password via PAM. Patch
from Solar Designer <solar@openwall.com>
- (djm) Generate config files before build
- (djm) Correctly handle SIA and AIX when no tty present. Spotted and
suggested fix from Mike Battersby <mib@unimelb.edu.au>
20010320
- (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
- (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
- (bal) Oops. Missed globc.h change (OpenBSD CVS).
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/19 17:07:23
[auth.c readconf.c]
undo /etc/shell and proto 2,1 change for openssh-2.5.2
- markus@cvs.openbsd.org 2001/03/19 17:12:10
[version.h]
version 2.5.2
- (djm) Update RPM spec version
- (djm) Release 2.5.2p1
- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
change S_ISLNK macro to work for UnixWare 2.03
- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
add get_arg_max(). Use sysconf() if ARG_MAX is not defined
20010319
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
- (djm) Add getusershell() functions from OpenBSD CVS
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/18 12:07:52
[auth-options.c]
ignore permitopen="host:port" if AllowTcpForwarding==no
- (djm) Make scp work on systems without 64-bit ints
- tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
move HAVE_LONG_LONG_INT where it works
- (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
stuff. Change suggested by Mark Miller <markm@swoon.net>
- (bal) Small fix to scp. %lu vs %ld
- (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/19 03:52:51
[sftp-client.c]
Report ssh connection closing correctly; ok deraadt@
- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
- djm@cvs.openbsd.org 2001/03/19 12:10:17
[sshd.8]
Document permitopen authorized_keys option; ok markus@
- djm@cvs.openbsd.org 2001/03/19 05:49:52
[ssh.1]
document PreferredAuthentications option; ok markus@
- (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
size not delimited" fatal errors when tranfering.
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
check /etc/shells, too
- tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
openbsd-compat/fake-regex.h
20010317
- Support usrinfo() on AIX. Based on patch from Gert Doering
<gert@greenie.muc.de>
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/15 15:05:59
[scp.c]
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
- markus@cvs.openbsd.org 2001/03/15 22:07:08
[session.c]
pass Session to do_child + KNF
- djm@cvs.openbsd.org 2001/03/16 08:16:18
[sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
Revise globbing for get/put to be more shell-like. In particular,
"get/put file* directory/" now works. ok markus@
- markus@cvs.openbsd.org 2001/03/16 09:55:53
[sftp-int.c]
fix memset and whitespace
- markus@cvs.openbsd.org 2001/03/16 13:44:24
[sftp-int.c]
discourage strcat/strcpy
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
- Check for gl_matchc support in glob_t and fall back to the
openbsd-compat/glob.[ch] support if it does not exist.
20010315
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/14 08:57:14
[sftp-client.c]
Wall
- markus@cvs.openbsd.org 2001/03/14 15:15:58
[sftp-int.c]
add version command
- deraadt@cvs.openbsd.org 2001/03/14 22:50:25
[sftp-server.c]
note no getopt()
- (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
- (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
20010314
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/13 17:34:42
[auth-options.c]
missing xfree, deny key on parse error; ok stevesk@
- djm@cvs.openbsd.org 2001/03/13 22:42:54
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
- (bal) Fix strerror() in bsd-misc.c
- (djm) Add replacement glob() from OpenBSD libc if the system glob is
missing or lacks the GLOB_ALTDIRFUNC extension
- (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
relatively. Avoids conflict between glob.h and /usr/include/glob.h
20010313
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
20010312
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 13:25:36
[auth2.c key.c]
debug
- jakob@cvs.openbsd.org 2001/03/11 15:03:16
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:04:16
[ssh-keygen.1 ssh-keygen.c]
print both md5, sha1 and bubblebabble fingerprints when using
ssh-keygen -l -v. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:13:09
[key.c]
cleanup & shorten some var names key_fingerprint_bubblebabble.
- deraadt@cvs.openbsd.org 2001/03/11 16:39:03
[ssh-keygen.c]
KNF, and SHA1 binary output is just creeping featurism
- tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
test if snprintf() supports %ll
add /dev to search path for PRNGD/EGD socket
fix my mistake in USER_PATH test program
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 18:29:51
[key.c]
style+cleanup
- markus@cvs.openbsd.org 2001/03/11 22:33:24
[ssh-keygen.1 ssh-keygen.c]
remove -v again. use -B instead for bubblebabble. make -B consistent
with -l and make -B work with /path/to/known_hosts. ok deraadt@
- (djm) Bump portable version number for generating test RPMs
- (djm) Add "static_openssl" RPM build option, remove rsh build dependency
- (bal) Reorder includes in Makefile.
20010311
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 12:48:27
[sshconnect2.c]
ignore nonexisting private keys; report rjmooney@mediaone.net
- deraadt@cvs.openbsd.org 2001/03/10 12:53:51
[readconf.c ssh_config]
default to SSH2, now that m68k runs fast
- stevesk@cvs.openbsd.org 2001/03/10 15:02:05
[ttymodes.c ttymodes.h]
remove unused sgtty macros; ok markus@
- deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
- tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
make sure $bindir is in USER_PATH so scp will work
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 17:51:04
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
20010310
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/09 03:14:39
[ssh-keygen.c]
create *.pub files with umask 0644, so that you can mv them to
authorized_keys
- deraadt@cvs.openbsd.org 2001/03/09 12:30:29
[sshd.c]
typo; slade@shore.net
- Removed log.o from sftp client. Not needed.
20010309
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/08 18:47:12
[auth1.c]
unused; ok markus@
- stevesk@cvs.openbsd.org 2001/03/08 20:44:48
[sftp.1]
spelling, cleanup; ok deraadt@
- markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
20010308
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
- (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
Dirk Markwardt <D.Markwardt@tu-bs.de>
20010307
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/06 06:11:18
[ssh-keyscan.c]
appease gcc
- deraadt@cvs.openbsd.org 2001/03/06 06:11:44
[sftp-int.c sftp.1 sftp.c]
sftp -b batchfile; mouring@etoh.eviladmin.org
- deraadt@cvs.openbsd.org 2001/03/06 15:10:42
[sftp.1]
order things
- deraadt@cvs.openbsd.org 2001/03/07 01:19:06
[ssh.1 sshd.8]
the name "secure shell" is boring, noone ever uses it
- deraadt@cvs.openbsd.org 2001/03/07 04:05:58
[ssh.1]
removed dated comment
- Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
20010306
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/05 14:28:47
[sshd.8]
alpha order; jcs@rt.fm
- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
- deraadt@cvs.openbsd.org 2001/03/05 15:56:16
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
- deraadt@cvs.openbsd.org 2001/03/05 16:07:15
[sshd.8]
detail default hmac setup too
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
- stevesk@cvs.openbsd.org 2001/03/05 17:40:48
[ssh.1]
more ssh_known_hosts2 documentation; ok markus@
- stevesk@cvs.openbsd.org 2001/03/05 17:58:22
[dh.c]
spelling
- deraadt@cvs.openbsd.org 2001/03/06 00:33:04
[authfd.c cli.c ssh-agent.c]
EINTR/EAGAIN handling is required in more cases
- millert@cvs.openbsd.org 2001/03/06 01:06:03
[ssh-keyscan.c]
Don't assume we wil get the version string all in one read().
deraadt@ OK'd
- millert@cvs.openbsd.org 2001/03/06 01:08:27
[clientloop.c]
If read() fails with EINTR deal with it the same way we treat EAGAIN
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
- (bal) CVS ID touch up on sftp-int.c
- (bal) CVS ID touch up on uuencode.c
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/02/17 23:48:48
[sshd.8]
it's the OpenSSH one
- deraadt@cvs.openbsd.org 2001/02/21 07:37:04
[ssh-keyscan.c]
inline -> __inline__, and some indent
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
- deraadt@cvs.openbsd.org 2001/02/21 09:12:56
[sftp-server.c]
careful with & and &&; markus ok
- stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[ssh.c]
-i supports DSA identities now; ok markus@
- deraadt@cvs.openbsd.org 2001/02/22 04:29:37
[servconf.c]
grammar; slade@shore.net
- deraadt@cvs.openbsd.org 2001/02/22 06:43:55
[ssh-keygen.1 ssh-keygen.c]
document -d, and -t defaults to rsa1
- deraadt@cvs.openbsd.org 2001/02/22 08:03:51
[ssh-keygen.1 ssh-keygen.c]
bye bye -d
- deraadt@cvs.openbsd.org 2001/02/22 18:09:06
[sshd_config]
activate RSA 2 key
- markus@cvs.openbsd.org 2001/02/22 21:57:27
[ssh.1 sshd.8]
typos/grammar from matt@anzen.com
- markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
- markus@cvs.openbsd.org 2001/02/23 15:34:53
[serverloop.c]
debug2->3
- markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
- deraadt@cvs.openbsd.org 2001/02/24 10:37:55
[readconf.c]
look for id_rsa by default, before id_dsa
- deraadt@cvs.openbsd.org 2001/02/24 10:37:26
[sshd_config]
ssh2 rsa key before dsa key
- markus@cvs.openbsd.org 2001/02/27 10:35:27
[packet.c]
fix random padding
- markus@cvs.openbsd.org 2001/02/27 11:00:11
[compat.c]
support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
- deraadt@cvs.openbsd.org 2001/02/28 05:34:28
[misc.c]
pull in protos
- deraadt@cvs.openbsd.org 2001/02/28 05:36:28
[sftp.c]
do not kill the subprocess on termination (we will see if this helps
things or hurts things)
- markus@cvs.openbsd.org 2001/02/28 08:45:39
[clientloop.c]
fix byte counts for ssh protocol v1
- markus@cvs.openbsd.org 2001/02/28 08:54:55
[channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated.
remove closed fd's from the select mask.
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
- markus@cvs.openbsd.org 2001/02/28 12:55:07
[channels.c]
unify debug messages
- deraadt@cvs.openbsd.org 2001/02/28 17:52:54
[misc.c]
for completeness, copy pw_gecos too
- markus@cvs.openbsd.org 2001/02/28 21:21:41
[sshd.c]
generate a fake session id, too
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c]
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
use random content in ignore messages.
- markus@cvs.openbsd.org 2001/02/28 21:31:32
[channels.c]
typo
- deraadt@cvs.openbsd.org 2001/03/01 02:11:25
[authfd.c]
split line so that p will have an easier time next time around
- deraadt@cvs.openbsd.org 2001/03/01 02:29:04
[ssh.c]
shorten usage by a line
- deraadt@cvs.openbsd.org 2001/03/01 02:45:10
[auth-rsa.c auth2.c deattack.c packet.c]
KNF
- deraadt@cvs.openbsd.org 2001/03/01 03:38:33
[cli.c cli.h rijndael.h ssh-keyscan.1]
copyright notices on all source files
- markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
- deraadt@cvs.openbsd.org 2001/03/02 06:21:01
[sshd.8]
explain SIGHUP better
- deraadt@cvs.openbsd.org 2001/03/02 09:42:49
[sshd.8]
doc the dsa/rsa key pair files
- deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
- deraadt@cvs.openbsd.org 2001/03/03 06:53:12
[ssh-keyscan.c]
standard theo sweep
- millert@cvs.openbsd.org 2001/03/03 21:19:41
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
- millert@cvs.openbsd.org 2001/03/03 21:40:30
[sftp-server.c]
Dynamically allocate fd_set; deraadt@ OK
- millert@cvs.openbsd.org 2001/03/03 21:41:07
[packet.c]
Dynamically allocate fd_set; deraadt@ OK
- deraadt@cvs.openbsd.org 2001/03/03 22:07:50
[sftp-server.c]
KNF
- markus@cvs.openbsd.org 2001/03/03 23:52:22
[sftp.c]
clean up arg processing. based on work by Christophe_Moret@hp.com
- markus@cvs.openbsd.org 2001/03/03 23:59:34
[log.c ssh.c]
log*.c -> log.c
- markus@cvs.openbsd.org 2001/03/04 00:03:59
[channels.c]
debug1->2
- stevesk@cvs.openbsd.org 2001/03/04 10:57:53
[ssh.c]
add -m to usage; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[sshd.8]
small cleanup and clarify for PermitRootLogin; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
- stevesk@cvs.openbsd.org 2001/03/04 12:54:04
[sshd.8]
spelling
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
- deraadt@cvs.openbsd.org 2001/03/04 18:21:28
[sshd.8]
list SSH2 ciphers
- (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
- (bal) Fix up logging since it changed. removed log-*.c
- (djm) Fix up LOG_AUTHPRIV for systems that have it
- (stevesk) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
- (stevesk) sftp.c: handle __progname
20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
- (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
give Mark Roth credit for mdoc2man.pl
20010303
- (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
- (djm) Document PAM ChallengeResponseAuthentication in sshd.8
- (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
- (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
"--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
|
|
|
|
|
|
20010301
- (djm) Properly add -lcrypt if needed.
- (djm) Force standard PAM conversation function in a few more places.
Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
<nalin@redhat.com>
- (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
<vinschen@redhat.com>
- (djm) Released 2.5.1p2
20010228
- (djm) Detect endianness in configure and use it in rijndael.c. Fixes
"Bad packet length" bugs.
- (djm) Fully revert PAM session patch (again). All PAM session init is
now done before the final fork().
- (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
- (djm) Remove /tmp from EGD socket search list
20010227
- (bal) Applied shutdown() patch for sftp.c by Corinna Vinschen
<vinschen@redhat.com>
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/02/23 15:37:45
[session.c]
handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
- (bal) sshd.init support for all Redhat release. Patch by Jim Knoble
<jmknoble@jmknoble.cx>
- (djm) Fix up POSIX saved uid support. Report from Mark Miller
<markm@swoon.net>
- (djm) Search for -lcrypt on FreeBSD too
- (djm) fatal() on OpenSSL version mismatch
- (djm) Move PAM init to after fork for non-Solaris derived PAMs
- (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
<markm@swoon.net>
- (djm) Fix PAM fix
- (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
change is being made as 2.5.x configfiles are not back-compatible with
2.3.x.
- (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
<markm@swoon.net>
- (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
<tim@multitalents.net>
- (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
<tim@multitalents.net>
20010226
- (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
- (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
Based on patch from Tim Rice <tim@multitalents.net>
20010225
- (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
Patch from Adrian Ho <lexfiend@usa.net>
- (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
platform defines u_int64_t as being that.
20010224
- (bal) Missed part of the UNIX sockets patch. Patch by Corinna
Vinschen <vinschen@redhat.com>
- (bal) Reorder where 'strftime' is detected to resolve linking
issues on SCO. Patch by Tim Rice <tim@multitalents.net>
20010224
- (bal) pam_stack fix to correctly detect between RH7 and older RHs.
Patch by Pekka Savola <pekkas@netcore.fi>
- (bal) Renamed sigaction.[ch] to sigact.[ch]. Causes problems with
some platforms.
- (bal) Generalize lack of UNIX sockets since this also effects Cray
not just Cygwin. Based on patch by Wendy Palm <wendyp@cray.com>
20010223
- (bal) Fix --define rh7 in openssh.spec file. Patch by Steve Tell
<tell@telltronics.org>
- (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
that it was compiled against. Patch by Pekka Savola <pekkas@netcore.fi>
- (bal) Double -I for OpenSSL on SCO. Patch by Tim Rice
<tim@multitalents.net>
20010222
- (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
- (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
- (bal) Removed reference to liblogin from contrib/README. It was
integrated into OpenSSH a long while ago.
- (stevesk) remove erroneous #ifdef sgi code.
Michael Stone <mstone@cs.loyola.edu>
20010221
- (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
- (bal) Fixed OpenSSL rework to use $saved_*. Patch by Tim Rice
<tim@multitalents.net>
- (bal) Reverted out of 2001/02/15 patch by djm below because it
breaks Solaris.
- (djm) Move PAM session setup back to before setuid to user.
fixes problems on Solaris-drived PAMs.
- (stevesk) session.c: back out to where we were before:
- (djm) Move PAM session initialisation until after fork in sshd. Patch
from Nalin Dahyabhai <nalin@redhat.com>
20010220
- (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
getcwd.c.
- (bal) OpenBSD CVS Sync:
- deraadt@cvs.openbsd.org 2001/02/19 23:09:05
[sshd.c]
clarify message to make it not mention "ident"
|
|
|
|
20010219
- (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
pty.[ch] -> sshpty.[ch]
- (djm) Rework search for OpenSSL location. Skip directories which don't
exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
with its limit of 6 -L options.
- OpenBSD CVS Sync:
- reinhard@cvs.openbsd.org 2001/02/17 08:24:40
[sftp.1]
typo
- deraadt@cvs.openbsd.org 2001/02/17 16:28:58
[ssh.c]
cleanup -V output; noted by millert
- deraadt@cvs.openbsd.org 2001/02/17 16:48:48
[sshd.8]
it's the OpenSSH one
- markus@cvs.openbsd.org 2001/02/18 11:33:54
[dispatch.c]
typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
- markus@cvs.openbsd.org 2001/02/19 02:53:32
[compat.c compat.h serverloop.c]
ssh-1.2.{18-22} has broken handling of ignore messages; report from
itojun@
- markus@cvs.openbsd.org 2001/02/19 03:35:23
[version.h]
OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
- deraadt@cvs.openbsd.org 2001/02/19 03:36:25
[scp.c]
np is changed by recursion; vinschen@redhat.com
- Update versions in RPM spec files
- Release 2.5.1p1
20010218
- (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
<tim@multitalents.net>
- (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
stevesk
- (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
<vinschen@redhat.com> and myself.
- (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
Miskiewicz <misiek@pld.ORG.PL>
- (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
Todd C. Miller <Todd.Miller@courtesan.com>
- (djm) Use ttyname() to determine name of tty returned by openpty()
rather then risking overflow. Patch from Marek Michalkiewicz
<marekm@amelek.gda.pl>
- (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
- (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
- (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
SunOS)
- (djm) SCO needs librpc for libwrap. Patch from Tim Rice
<tim@multitalents.net>
- (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
- (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
- (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
SIGALRM.
- (djm) Move entropy.c over to mysignal()
- (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
Miller <Todd.Miller@courtesan.com>
- (djm) Update RPM spec files for 2.5.0p1
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
enable with --with-bsd-auth.
- (stevesk) entropy.c: typo; should be SIGPIPE
20010217
- (bal) OpenBSD Sync:
- markus@cvs.openbsd.org 2001/02/16 13:38:18
[channel.c]
remove debug
- markus@cvs.openbsd.org 2001/02/16 14:03:43
[session.c]
proper payload-length check for x11 w/o screen-number
20010216
- (bal) added '--with-prce' to allow overriding of system regex when
required (tested by David Dulek <ddulek@fastenal.com>)
- (bal) Added DG/UX case and set that they have a broken IPTOS.
- (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
Fixes linking on SCO.
- (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
Nalin Dahyabhai <nalin@redhat.com>
- (djm) BSD license for gnome-ssh-askpass (was X11)
- (djm) KNF on gnome-ssh-askpass
- (djm) USE_PIPES for a few more sysv platforms
- (djm) Cleanup configure.in a little
- (djm) Ask users to check config.log when we can't find necessary libs
- (djm) Set "login ID" on systems with setluid. Only enabled for SCO
OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
- (djm) OpenBSD CVS:
- markus@cvs.openbsd.org 2001/02/15 16:19:59
[channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
genericize password padding function for SSH1 and SSH2.
add stylized echo to 2, too.
- (djm) Add roundup() macro to defines.h
- (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
needed on Unixware 2.x.
20010215
- (djm) Move PAM session setup back to before setuid to user. Fixes
problems on Solaris-derived PAMs.
- (djm) Clean up PAM namespace. Suggested by Darren Moffat
<Darren.Moffat@eng.sun.com>
- (bal) Sync w/ OpenSSH for new release
- markus@cvs.openbsd.org 2001/02/12 12:45:06
[sshconnect1.c]
fix xmalloc(0), ok dugsong@
- markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
- markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
- deraadt@cvs.openbsd.org 2001/02/12 22:56:09
[clientloop.c packet.c ssh-keyscan.c]
deal with EAGAIN/EINTR selects which were skipped
- markus@cvs.openssh.org 2001/02/13 22:49:40
[auth1.c auth2.c]
setproctitle(user) only if getpwnam succeeds
- markus@cvs.openbsd.org 2001/02/12 23:26:20
[sshd.c]
missing memset; from solar@openwall.com
- stevesk@cvs.openbsd.org 2001/02/12 20:53:33
[sftp-int.c]
lumask now works with 1 numeric arg; ok markus@, djm@
- djm@cvs.openbsd.org 2001/02/14 9:46:03
[sftp-client.c sftp-int.c sftp.1]
Fix and document 'preserve modes & times' option ('-p' flag in sftp);
ok markus@
- (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
- (djm) Move to Jim's 1.2.0 X11 askpass program
- (stevesk) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/02/15 01:38:04
[serverloop.c]
indent
20010214
- (djm) Don't try to close PAM session or delete credentials if the
session has not been open or credentials not set. Based on patch from
Andrew Bartlett <abartlet@pcug.org.au>
- (djm) Move PAM session initialisation until after fork in sshd. Patch
from Nalin Dahyabhai <nalin@redhat.com>
- (bal) Missing function prototype in bsd-snprintf.c patch by
Mark Miller <markm@swoon.net>
- (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
<cmadams@hiwaay.net> with a little modification and KNF.
- (stevesk) fix for SIA patch, misplaced session_setup_sia()
20010213
- (djm) Only test -S potential EGD sockets if they exist and are readable.
- (bal) Cleaned out bsd-snprintf.c. VARARGS have been banished and
I did a base KNF over the whe whole file to make it more acceptable.
(backed out of original patch and removed it from ChangeLog)
- (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
Tim Rice <tim@multitalents.net>
- (stevesk) auth1.c: fix PAM passwordless check.
20010212
- (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
--define "skip_gnome_askpass 1", --define "rh7 1" and make the
implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
Pekka Savola <pekkas@netcore.fi>
- (djm) Clean up PCRE text in INSTALL
- (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
<mib@unimelb.edu.au>
- (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
- (stevesk) session.c: remove debugging code.
20010211
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/02/07 22:35:46
[auth1.c auth2.c sshd.c]
move k_setpag() to a central place; ok dugsong@
- markus@cvs.openbsd.org 2001/02/10 12:52:02
[auth2.c]
offer passwd before s/key
- markus@cvs.openbsd.org 2001/02/8 22:37:10
[canohost.c]
remove last call to sprintf; ok deraadt@
- markus@cvs.openbsd.org 2001/02/10 1:33:32
[canohost.c]
add debug message, since sshd blocks here if DNS is not available
- markus@cvs.openbsd.org 2001/02/10 12:44:02
[cli.c]
don't call vis() for \r
- danh@cvs.openbsd.org 2001/02/10 0:12:43
[scp.c]
revert a small change to allow -r option to work again; ok deraadt@
- danh@cvs.openbsd.org 2001/02/10 15:14:11
[scp.c]
fix memory leak; ok markus@
- djm@cvs.openbsd.org 2001/02/10 0:45:52
[scp.1]
Mention that you can quote pathnames with spaces in them
- markus@cvs.openbsd.org 2001/02/10 1:46:28
[ssh.c]
remove mapping of argv[0] -> hostname
- markus@cvs.openbsd.org 2001/02/06 22:26:17
[sshconnect2.c]
do not ask for passphrase in batch mode; report from ejb@ql.org
- itojun@cvs.opebsd.org 2001/02/08 10:47:05
[sshconnect.c sshconnect1.c sshconnect2.c]
%.30s is too short for IPv6 numeric address. use %.128s for now.
markus ok
- markus@cvs.openbsd.org 2001/02/09 12:28:35
[sshconnect2.c]
do not free twice, thanks to /etc/malloc.conf
- markus@cvs.openbsd.org 2001/02/09 17:10:53
[sshconnect2.c]
partial success: debug->log; "Permission denied" if no more auth methods
- markus@cvs.openbsd.org 2001/02/10 12:09:21
[sshconnect2.c]
remove some lines
- markus@cvs.openbsd.org 2001/02/09 13:38:07
[auth-options.c]
reset options if no option is given; from han.holl@prismant.nl
- markus@cvs.openbsd.org 2001/02/08 21:58:28
[channels.c]
nuke sprintf, ok deraadt@
- markus@cvs.openbsd.org 2001/02/08 21:58:28
[channels.c]
nuke sprintf, ok deraadt@
- markus@cvs.openbsd.org 2001/02/06 22:43:02
[clientloop.h]
remove confusing callback code
- deraadt@cvs.openbsd.org 2001/02/08 14:39:36
[readconf.c]
snprintf
- itojun@cvs.openbsd.org 2001/02/08 19:30:52
sync with netbsd tree changes.
- more strict prototypes, include necessary headers
- use paths.h/pathnames.h decls
- size_t typecase to int -> u_long
- itojun@cvs.openbsd.org 2001/02/07 18:04:50
[ssh-keyscan.c]
fix size_t -> int cast (use u_long). markus ok
- markus@cvs.openbsd.org 2001/02/07 22:43:16
[ssh-keyscan.c]
s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
- itojun@cvs.openbsd.org 2001/02/09 9:04:59
[ssh-keyscan.c]
do not assume malloc() returns zero-filled region. found by
malloc.conf=AJ.
- markus@cvs.openbsd.org 2001/02/08 22:35:30
[sshconnect.c]
don't connect if batch_mode is true and stricthostkeychecking set to
'ask'
- djm@cvs.openbsd.org 2001/02/04 21:26:07
[sshd_config]
type: ok markus@
- deraadt@cvs.openbsd.org 2001/02/06 22:07:50
[sshd_config]
enable sftp-server by default
- deraadt 2001/02/07 8:57:26
[xmalloc.c]
deal with new ANSI malloc stuff
- markus@cvs.openbsd.org 2001/02/07 16:46:08
[xmalloc.c]
typo in fatal()
- itojun@cvs.openbsd.org 2001/02/07 18:04:50
[xmalloc.c]
fix size_t -> int cast (use u_long). markus ok
- 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
[serverloop.c sshconnect1.c]
mitigate SSH1 traffic analysis - from Solar Designer
<solar@openwall.com>, ok provos@
- (bal) fixed sftp-client.c. Return 'status' instead of '0'
(from the OpenBSD tree)
- (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
- (bal) sftp-sever.c '%8lld' to '%8llu' (OpenBSD Sync)
- (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
- (bal) A bit more whitespace cleanup
- (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
<abartlet@pcug.org.au>
- (stevesk) misc.c: ssh.h not needed.
- (stevesk) compat.c: more friendly cpp error
- (stevesk) OpenBSD sync:
- stevesk@cvs.openbsd.org 2001/02/11 06:15:57
[LICENSE]
typos and small cleanup; ok deraadt@
20010210
- (djm) Sync sftp and scp stuff from OpenBSD:
- djm@cvs.openbsd.org 2001/02/07 03:55:13
[sftp-client.c]
Don't free handles before we are done with them. Based on work from
Corinna Vinschen <vinschen@redhat.com>. ok markus@
- djm@cvs.openbsd.org 2001/02/06 22:32:53
[sftp.1]
Punctuation fix from Pekka Savola <pekkas@netcore.fi>
- deraadt@cvs.openbsd.org 2001/02/07 04:07:29
[sftp.1]
pretty up significantly
- itojun@cvs.openbsd.org 2001/02/07 06:49:42
[sftp.1]
.Bl-.El mismatch. markus ok
- djm@cvs.openbsd.org 2001/02/07 06:12:30
[sftp-int.c]
Check that target is a directory before doing ls; ok markus@
- itojun@cvs.openbsd.org 2001/02/07 11:01:18
[scp.c sftp-client.c sftp-server.c]
unsigned long long -> %llu, not %qu. markus ok
- stevesk@cvs.openbsd.org 2001/02/07 11:10:39
[sftp.1 sftp-int.c]
more man page cleanup and sync of help text with man page; ok markus@
- markus@cvs.openbsd.org 2001/02/07 14:58:34
[sftp-client.c]
older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
- djm@cvs.openbsd.org 2001/02/07 15:27:19
[sftp.c]
Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
<roumen.petrov@skalasoft.com>
- stevesk@cvs.openbsd.org 2001/02/07 15:36:04
[sftp-int.c]
portable; ok markus@
- stevesk@cvs.openbsd.org 2001/02/07 15:55:47
[sftp-int.c]
lowercase cmds[].c also; ok markus@
- markus@cvs.openbsd.org 2001/02/07 17:04:52
[pathnames.h sftp.c]
allow sftp over ssh protocol 1; ok djm@
- deraadt@cvs.openbsd.org 2001/02/08 07:38:55
[scp.c]
memory leak fix, and snprintf throughout
- deraadt@cvs.openbsd.org 2001/02/08 08:02:02
[sftp-int.c]
plug a memory leak
- stevesk@cvs.openbsd.org 2001/02/08 10:11:23
[session.c sftp-client.c]
%i -> %d
- stevesk@cvs.openbsd.org 2001/02/08 10:57:59
[sftp-int.c]
typo
- stevesk@cvs.openbsd.org 2001/02/08 15:28:07
[sftp-int.c pathnames.h]
_PATH_LS; ok markus@
- djm@cvs.openbsd.org 2001/02/09 04:46:25
[sftp-int.c]
Check for NULL attribs for chown, chmod & chgrp operations, only send
relevant attribs back to server; ok markus@
- djm@cvs.openbsd.org 2001/02/06 15:05:25
[sftp.c]
Use getopt to process commandline arguments
- djm@cvs.openbsd.org 2001/02/06 15:06:21
[sftp.c ]
Wait for ssh subprocess at exit
- djm@cvs.openbsd.org 2001/02/06 15:18:16
[sftp-int.c]
stat target for remote chdir before doing chdir
- djm@cvs.openbsd.org 2001/02/06 15:32:54
[sftp.1]
Punctuation fix from Pekka Savola <pekkas@netcore.fi>
- provos@cvs.openbsd.org 2001/02/05 22:22:02
[sftp-int.c]
cleanup get_pathname, fix pwd after failed cd. okay djm@
- (djm) Update makefile.in for _PATH_SFTP_SERVER
- (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
20010209
- (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
<rjmooney@mediaone.net>
- (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
main tree while porting forward. Pointed out by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (bal) double entry in configure.in. Pointed out by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (stevesk) OpenBSD sync:
- markus@cvs.openbsd.org 2001/02/08 11:20:01
[auth2.c]
strict checking
- markus@cvs.openbsd.org 2001/02/08 11:15:22
[version.h]
update to 2.3.2
- markus@cvs.openbsd.org 2001/02/08 11:12:30
[auth2.c]
fix typo
- (djm) Update spec files
- (bal) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/02/08 14:38:54
[scp.c]
memory leak fix, and snprintf throughout
- markus@cvs.openbsd.org 2001/02/06 22:43:02
[clientloop.c]
remove confusing callback code
- (djm) Add CVS Id's to files that we have missed
- (bal) OpenBSD Sync (more):
- itojun@cvs.openbsd.org 2001/02/08 19:30:52
sync with netbsd tree changes.
- more strict prototypes, include necessary headers
- use paths.h/pathnames.h decls
- size_t typecase to int -> u_long
- markus@cvs.openbsd.org 2001/02/06 22:07:42
[ssh.c]
fatal() if subsystem fails
- markus@cvs.openbsd.org 2001/02/06 22:43:02
[ssh.c]
remove confusing callback code
- jakob@cvs.openbsd.org 2001/02/06 23:03:24
[ssh.c]
add -1 option (force protocol version 1). ok markus@
- jakob@cvs.openbsd.org 2001/02/06 23:06:21
[ssh.c]
reorder -{1,2,4,6} options. ok markus@
- (bal) Missing 'const' in readpass.h
- (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
- djm@cvs.openbsd.org 2001/02/06 23:30:28
[sftp-client.c]
replace arc4random with counter for request ids; ok markus@
- (djm) Define _PATH_TTY for systems that don't. Report from Lutz
Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
20010208
- (djm) Don't delete external askpass program in make uninstall target.
Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
- (djm) Fix linking of sftp, don't need arc4random any more.
- (djm) Try to use shell that supports "test -S" for EGD socket search.
Based on patch from Tim Rice <tim@multitalents.net>
20010207
- (bal) Save the whole path to AR in configure. Some Solaris 2.7 installs
seem lose track of it while in openbsd-compat/ (two confirmed reports)
- (djm) Much KNF on PAM code
- (djm) Revise auth-pam.c conversation function to be a little more
readable.
- (djm) Revise kbd-int PAM conversation function to fold all text messages
to before first prompt. Fixes hangs if last pam_message did not require
a reply.
- (djm) Fix password changing when using PAM kbd-int authentication
20010205
- (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
that don't have NGROUPS_MAX.
- (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
- (stevesk) OpenBSD sync:
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
- stevesk@cvs.openbsd.org 2001/02/04 15:21:19
[sftp-server.c]
SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
- deraadt@cvs.openbsd.org 2001/02/04 17:02:32
[sftp-int.c]
? == help
- deraadt@cvs.openbsd.org 2001/02/04 16:47:46
[sftp-int.c]
sort commands, so that abbreviations work as expected
- stevesk@cvs.openbsd.org 2001/02/04 15:17:52
[sftp-int.c]
debugging sftp: precedence and missing break. chmod, chown, chgrp
seem to be working now.
- markus@cvs.openbsd.org 2001/02/04 14:41:21
[sftp-int.c]
use base 8 for umask/chmod
- markus@cvs.openbsd.org 2001/02/04 11:11:54
[sftp-int.c]
fix LCD
- markus@cvs.openbsd.org 2001/02/04 08:10:44
[ssh.1]
typo; dpo@club-internet.fr
- stevesk@cvs.openbsd.org 2001/02/04 06:30:12
[auth2.c authfd.c packet.c]
remove duplicate #include's; ok markus@
- deraadt@cvs.openbsd.org 2001/02/04 16:56:23
[scp.c sshd.c]
alpha happiness
- stevesk@cvs.openbsd.org 2001/02/04 15:12:17
[sshd.c]
precedence; ok markus@
- deraadt@cvs.openbsd.org 2001/02/04 08:14:15
[ssh.c sshd.c]
make the alpha happy
- markus@cvs.openbsd.org 2001/01/31 13:37:24
[channels.c channels.h serverloop.c ssh.c]
do not disconnect if local port forwarding fails, e.g. if port is
already in use
- markus@cvs.openbsd.org 2001/02/01 14:58:09
[channels.c]
use ipaddr in channel messages, ietf-secsh wants this
- markus@cvs.openbsd.org 2001/01/31 12:26:20
[channels.c]
ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
messages; bug report from edmundo@rano.org
- markus@cvs.openbsd.org 2001/01/31 13:48:09
[sshconnect2.c]
unused
- deraadt@cvs.openbsd.org 2001/02/04 08:23:08
[sftp-client.c sftp-server.c]
make gcc on the alpha even happier
20010204
- (bal) I think this is the last of the bsd-*.h that don't belong.
- (bal) Minor Makefile fix
- (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done
right.
- (bal) Changed order of LIB="" in -with-skey due to library resolving.
- (bal) next-posix.h changed to bsd-nextstep.h
- (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org 2001/02/03 03:08:38
[auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
[canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
[sshd_config]
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
- markus@cvs.openbsd.org 2001/02/03 03:19:51
[ssh.1 sshd.8 sshd_config]
Skey is now called ChallengeResponse
- markus@cvs.openbsd.org 2001/02/03 03:43:09
[sshd.8]
use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
channel. note from Erik.Anggard@cygate.se (pr/1659)
- stevesk@cvs.openbsd.org 2001/02/03 10:03:06
[ssh.1]
typos; ok markus@
- djm@cvs.openbsd.org 2001/02/04 04:11:56
[scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
[sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
Basic interactive sftp client; ok theo@
- (djm) Update RPM specs for new sftp binary
- (djm) Update several bits for new optional reverse lookup stuff. I
think I got them all.
- (djm) Makefile.in fixes
- (stevesk) add mysignal() wrapper and use it for the protocol 2
SIGCHLD handler.
- (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
20010203
- (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
- (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
based file) to ensure #include space does not get confused.
- (bal) Minor Makefile.in tweak. dirname may not exist on some
platforms so builds fail. (NeXT being a well known one)
20010202
- (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
<vinschen@redhat.com>
- (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms
that use 'gmake'. Patch by Tim Rice <tim@multitalents.net>
20010201
- (bal) Minor fix to Makefile to stop rebuilding executables if no
changes have occured to any of the supporting code. Patch by
Roumen Petrov <roumen.petrov@skalasoft.com>
20010131
- (djm) OpenBSD CVS Sync:
- djm@cvs.openbsd.org 2001/01/30 15:48:53
[sshconnect.c]
Make warning message a little more consistent. ok markus@
- (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
respectively.
- (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
passwords.
- (bal) Reorder. Move all bsd-*, fake-*, next-*, and cygwin* stuff to
openbsd-compat/. And resolve all ./configure and Makefile.in issues
assocated.
20010130
- (djm) OpenBSD CVS Sync:
- markus@cvs.openbsd.org 2001/01/29 09:55:37
[channels.c channels.h clientloop.c serverloop.c]
fix select overflow; ok deraadt@ and stevesk@
- markus@cvs.openbsd.org 2001/01/29 12:42:35
[canohost.c canohost.h channels.c clientloop.c]
add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
- markus@cvs.openbsd.org 2001/01/29 12:47:32
[rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
handle rsa_private_decrypt failures; helps against the Bleichenbacher
pkcs#1 attack
- djm@cvs.openbsd.org 2001/01/29 05:36:11
[ssh.1 ssh.c]
Allow invocation of sybsystem by commandline (-s); ok markus@
- (stevesk) configure.in: remove duplicate PROG_LS
20010129
- (stevesk) sftp-server.c: use %lld vs. %qd
20010128
- (bal) Put USE_PIPES back into sco3.2v5
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/28 10:15:34
[dispatch.c]
re-keying is not supported; ok deraadt@
- markus@cvs.openbsd.org 2001/01/28 10:24:04
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
cleanup AUTHORS sections
- markus@cvs.openbsd.org 2001/01/28 10:37:26
[sshd.c sshd.8]
remove -Q, no longer needed
- stevesk@cvs.openbsd.org 2001/01/28 20:36:16
[readconf.c ssh.1]
``StrictHostKeyChecking ask'' documentation and small cleanup.
ok markus@
- stevesk@cvs.openbsd.org 2001/01/28 20:43:25
[sshd.8]
spelling. ok markus@
- stevesk@cvs.openbsd.org 2001/01/28 20:53:21
[xmalloc.c]
use size_t for strlen() return. ok markus@
- stevesk@cvs.openbsd.org 2001/01/28 22:27:05
[authfile.c]
spelling. use sizeof vs. strlen(). ok markus@
- niklas@cvs.openbsd.org 2001/01/29 1:59:14
[atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
$OpenBSD$
- (bal) Minor auth2.c resync. Whitespace and moving of an #include.
20010126
- (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
Petrov <roumen.petrov@skalasoft.com>
- (bal) OpenBSD Sync
- deraadt@cvs.openbsd.org 2001/01/25 8:06:33
[ssh-agent.c]
call _exit() in signal handler
20010125
- (djm) Sync bsd-* support files:
- deraadt@cvs.openbsd.org 2000/01/26 03:43:20
[rresvport.c bindresvport.c]
new bindresvport() semantics that itojun, shin, jean-luc and i have
agreed on, which will be happy for the future. bindresvport_sa() for
sockaddr *, too. docs later..
- deraadt@cvs.openbsd.org 2000/01/24 02:24:21
[bindresvport.c]
in bindresvport(), if sin is non-NULL, example sin->sin_family for
the actual family being processed
- (djm) Mention PRNGd in documentation, it is nicer than EGD
- (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
- (bal) AC_FUNC_STRFTIME added to autoconf
- (bal) OpenBSD Resync
- stevesk@cvs.openbsd.org 2001/01/24 21:03:50
[channels.c]
missing freeaddrinfo(); ok markus@
20010124
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/23 10:45:10
[ssh.h]
nuke comment
- (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
- (bal) #ifdef around S_IFSOCK if platform does not support it.
patch by Tim Rice <tim@multitalents.net>
- (bal) fake-regex.h cleanup based on Tim Rice's patch.
- (stevesk) sftp-server.c: fix chmod() mode mask
20010123
- (bal) regexp.h typo in configure.in. Should have been regex.h
- (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
- (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/22 8:15:00
[auth-krb4.c sshconnect1.c]
only AFS needs radix.[ch]
- markus@cvs.openbsd.org 2001/01/22 8:32:53
[auth2.c]
no need to include; from mouring@etoh.eviladmin.org
- stevesk@cvs.openbsd.org 2001/01/22 16:55:21
[key.c]
free() -> xfree(); ok markus@
- stevesk@cvs.openbsd.org 2001/01/22 17:22:28
[sshconnect2.c sshd.c]
fix memory leaks in SSH2 key exchange; ok markus@
- markus@cvs.openbsd.org 2001/01/22 23:06:39
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
sshconnect1.c sshconnect2.c sshd.c]
rename skey -> challenge response.
auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26
[ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- (bal) Slight auth2-pam.c clean up.
- (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
20010119
- (djm) Update versions in RPM specfiles
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/18 16:20:21
[log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
sshd.8 sshd.c]
log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
systems
- markus@cvs.openbsd.org 2001/01/18 16:59:59
[auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
session.h sshconnect1.c]
1) removes fake skey from sshd, since this will be much
harder with /usr/libexec/auth/login_XXX
2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
3) make addition of BSD_AUTH and other challenge reponse methods
easier.
- markus@cvs.openbsd.org 2001/01/18 17:12:43
[auth-chall.c auth2-chall.c]
rename *-skey.c *-chall.c since the files are not skey specific
- (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
to fix NULL pointer deref and fake authloop breakage in PAM code.
- (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
- (bal) Minor cygwin patch to auth1.c. Suggested by djm.
20010118
- (bal) Super Sized OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
[sshd.c]
maxfd+1
- markus@cvs.openbsd.org 2001/01/13 17:59:18
[ssh-keygen.1]
small ssh-keygen manpage cleanup; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:03:07
[scp.c ssh-keygen.c sshd.c]
getopt() returns -1 not EOF; stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:06:54
[ssh-keyscan.c]
use SSH_DEFAULT_PORT; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:12:47
[ssh-keyscan.c]
free() -> xfree(); fix memory leak; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/13 18:14:13
[ssh-add.c]
typo, from stevesk@sweden.hp.com
- markus@cvs.openbsd.org 2001/01/13 18:32:50
[packet.c session.c ssh.c sshconnect.c sshd.c]
split out keepalive from packet_interactive (from dale@accentre.com)
set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
- markus@cvs.openbsd.org 2001/01/13 18:36:45
[packet.c packet.h]
reorder, typo
- markus@cvs.openbsd.org 2001/01/13 18:38:00
[auth-options.c]
fix comment
- markus@cvs.openbsd.org 2001/01/13 18:43:31
[session.c]
Wall
- markus@cvs.openbsd.org 2001/01/13 19:14:08
[clientloop.h clientloop.c ssh.c]
move callback to headerfile
- markus@cvs.openbsd.org 2001/01/15 21:40:10
[ssh.c]
use log() instead of stderr
- markus@cvs.openbsd.org 2001/01/15 21:43:51
[dh.c]
use error() not stderr!
- markus@cvs.openbsd.org 2001/01/15 21:45:29
[sftp-server.c]
rename must fail if newpath exists, debug off by default
- markus@cvs.openbsd.org 2001/01/15 21:46:38
[sftp-server.c]
readable long listing for sftp-server, ok deraadt@
- markus@cvs.openbsd.org 2001/01/16 19:20:06
[key.c ssh-rsa.c]
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
since they are in the wrong format, too. they must be removed from
.ssh/authorized_keys2 and .ssh/known_hosts2, etc.
(cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
.ssh/authorized_keys2) additionally, we now check that
BN_num_bits(rsa->n) >= 768.
- markus@cvs.openbsd.org 2001/01/16 20:54:27
[sftp-server.c]
remove some statics. simpler handles; idea from nisse@lysator.liu.se
- deraadt@cvs.openbsd.org 2001/01/16 23:58:08
[bufaux.c radix.c sshconnect.h sshconnect1.c]
indent
- (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
be missing such feature.
20010117
- (djm) Only write random seed file at exit
- (djm) Make PAM support optional, enable with --with-pam
- (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
provides a crypt() of its own)
- (djm) Avoid a warning in bsd-bindresvport.c
- (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
can cause weird segfaults errors on Solaris
- (djm) Avoid warning in PAM code by making read_passphrase arguments const
- (djm) Add --with-pam to RPM spec files
20010115
- (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
- (bal) utimes() support via utime() interface on machine that lack utimes().
20010114
- (stevesk) initial work for OpenBSD "support supplementary group in
{Allow,Deny}Groups" patch:
- import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
- add bsd-getgrouplist.h
- new files groupaccess.[ch]
- build but don't use yet (need to merge auth.c changes)
- (stevesk) complete:
- markus@cvs.openbsd.org 2001/01/13 11:56:48
[auth.c sshd.8]
support supplementary group in {Allow,Deny}Groups
from stevesk@pobox.com
20010112
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/10 22:56:22
[bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
cleanup sftp-server implementation:
add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
parse SSH2_FILEXFER_ATTR_EXTENDED
send SSH2_FX_EOF if readdir returns no more entries
reply to SSH2_FXP_EXTENDED message
use #defines from the draft
move #definations to sftp.h
more info:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
- markus@cvs.openbsd.org 2001/01/10 19:43:20
[sshd.c]
XXX - generate_empheral_server_key() is not safe against races,
because it calls log()
- markus@cvs.openbsd.org 2001/01/09 21:19:50
[packet.c]
allow TCP_NDELAY for ipv6; from netbsd via itojun@
20010110
- (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
Bladt Norbert <Norbert.Bladt@adi.ch>
20010109
- (bal) Resync CVS ID of cli.c
- (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
code.
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/08 22:29:05
[auth2.c compat.c compat.h servconf.c servconf.h sshd.8
sshd_config version.h]
implement option 'Banner /etc/issue.net' for ssh2, move version to
2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
is enabled).
- markus@cvs.openbsd.org 2001/01/08 22:03:23
[channels.c ssh-keyscan.c]
O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/08 21:55:41
[sshconnect1.c]
more cleanups and fixes from stevesk@pobox.com:
1) try_agent_authentication() for loop will overwrite key just
allocated with key_new(); don't alloc
2) call ssh_close_authentication_connection() before exit
try_agent_authentication()
3) free mem on bad passphrase in try_rsa_authentication()
- markus@cvs.openbsd.org 2001/01/08 21:48:17
[kex.c]
missing free; thanks stevesk@pobox.com
- (bal) Detect if clock_t structure exists, if not define it.
- (bal) Detect if O_NONBLOCK exists, if not define it.
- (bal) removed news4-posix.h (now empty)
- (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
instead of 'int'
- (stevesk) sshd_config: sync
- (stevesk) defines.h: remove spurious ``;''
20010108
- (bal) Fixed another typo in cli.c
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/07 21:26:55
[cli.c]
typo
- markus@cvs.openbsd.org 2001/01/07 21:26:55
[cli.c]
missing free, stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/07 19:06:25
[auth1.c]
missing free, stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/07 11:28:04
[log-client.c log-server.c log.c readconf.c servconf.c ssh.1
ssh.h sshd.8 sshd.c]
rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
syslog priority changes:
fatal() LOG_ERR -> LOG_CRIT
log() LOG_INFO -> LOG_NOTICE
- Updated TODO
20010107
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/06 11:23:27
[ssh-rsa.c]
remove unused
- itojun@cvs.openbsd.org 2001/01/05 08:23:29
[ssh-keyscan.1]
missing .El
- markus@cvs.openbsd.org 2001/01/04 22:41:03
[session.c sshconnect.c]
consistent use of _PATH_BSHELL; from stevesk@pobox.com
- djm@cvs.openbsd.org 2001/01/04 22:35:32
[ssh.1 sshd.8]
Mention AES as available SSH2 Cipher; ok markus
- markus@cvs.openbsd.org 2001/01/04 22:25:58
[sshd.c]
sync usage()/man with defaults; from stevesk@pobox.com
- markus@cvs.openbsd.org 2001/01/04 22:21:26
[sshconnect2.c]
handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
that prints a banner (e.g. /etc/issue.net)
20010105
- (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
- (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
20010104
- (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
work by Chris Vaughan <vaughan99@yahoo.com>
20010103
- (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
tree (mainly positioning)
- (bal) OpenSSH CVS Update
- markus@cvs.openbsd.org 2001/01/02 20:41:02
[packet.c]
log remote ip on disconnect; PR 1600 from jcs@rt.fm
- markus@cvs.openbsd.org 2001/01/02 20:50:56
[sshconnect.c]
strict_host_key_checking for host_status != HOST_CHANGED &&
ip_status == HOST_CHANGED
- (bal) authfile.c: Synced CVS ID tag
- (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
- (bal) Disable sftp-server if no 64bit int support exists. Based on
patch by Tim Rice <tim@multitalents.net>
- (bal) Makefile.in changes to uninstall: target to remove sftp-server
and sftp-server.8 manpage.
20010102
- (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2001/01/01 14:52:49
[scp.c]
use shared fatal(); from stevesk@pobox.com
20001231
- (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
for multiple reasons.
- (bal) Reverted out of a partial NeXT patch.
20001230
- (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 18:58:30
[ssh-keygen.c]
enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
- markus@cvs.openbsd.org 2000/12/29 22:19:13
[channels.c]
missing xfree; from vaughan99@yahoo.com
- (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
- (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
Suggested by Christian Kurz <shorty@debian.org>
- (bal) Add in '.c.o' section to Makefile.in to address make programs that
don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
20001229
- (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
Kurz <shorty@debian.org>
- (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 14:25:51
[auth.h auth2.c]
count authentication failures only
- markus@cvs.openbsd.org 2000/12/28 14:25:03
[sshconnect.c]
fingerprint for MITM attacks, too.
- markus@cvs.openbsd.org 2000/12/28 12:03:57
[sshd.8 sshd.c]
document -D
- markus@cvs.openbsd.org 2000/12/27 14:19:21
[serverloop.c]
less chatty
- markus@cvs.openbsd.org 2000/12/27 12:34
[auth1.c sshconnect2.c sshd.c]
typo
- markus@cvs.openbsd.org 2000/12/27 12:30:19
[readconf.c readconf.h ssh.1 sshconnect.c]
new option: HostKeyAlias: allow the user to record the host key
under a different name. This is useful for ssh tunneling over
forwarded connections or if you run multiple sshd's on different
ports on the same machine.
- markus@cvs.openbsd.org 2000/12/27 11:51:53
[ssh.1 ssh.c]
multiple -t force pty allocation, document ORIGINAL_COMMAND
- markus@cvs.openbsd.org 2000/12/27 11:41:31
[sshd.8]
update for ssh-2
- (stevesk) compress.[ch] sync with openbsd; missed in prototype
fix merge.
20001228
- (bal) Patch to add libutil.h to loginrec.c only if the platform has
libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
- (djm) Update to new x11-askpass in RPM spec
- (bal) SCO patch to not include <sys/queue.h> since it's unrelated
header. Patch by Tim Rice <tim@multitalents.net>
- Updated TODO w/ known HP/UX issue
- (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
bad reference to 'NeXT including it else were' on the #ifdef version.
20001227
- (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
Takumi Yamane <yamtak@b-session.com>
- (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
by Corinna Vinschen <vinschen@redhat.com>
- (djm) Fix catman-do target for non-bash
- (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
Takumi Yamane <yamtak@b-session.com>
- (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
by Corinna Vinschen <vinschen@redhat.com>
- (djm) Fix catman-do target for non-bash
- (bal) Fixed NeXT's lack of CPPFLAGS honoring.
- (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
'RLIMIT_NOFILE'
- (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
the info in COPYING.Ylonen has been moved to the start of each
SSH1-derived file and README.Ylonen is well out of date.
20001223
- (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
if a change to config.h has occurred. Suggested by Gert Doering
<gert@greenie.muc.de>
- (bal) OpenBSD CVS Update:
- markus@cvs.openbsd.org 2000/12/22 16:49:40
[ssh-keygen.c]
fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
20001221
- (stevesk) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/19 15:43:45
[authfile.c channels.c sftp-server.c ssh-agent.c]
remove() -> unlink() for consistency
- markus@cvs.openbsd.org 2000/12/19 15:48:09
[ssh-keyscan.c]
replace <ssl/x.h> with <openssl/x.h>
- markus@cvs.openbsd.org 2000/12/17 02:33:40
[uidswap.c]
typo; from wsanchez@apple.com
20001220
- (djm) Workaround PAM inconsistencies between Solaris derived PAM code
and Linux-PAM. Based on report and fix from Andrew Morgan
<morgan@transmeta.com>
20001218
- (stevesk) rsa.c: entropy.h not needed.
- (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
Suggested by Wilfredo Sanchez <wsanchez@apple.com>
20001216
- (stevesk) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/16 02:53:57
[scp.c]
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
- markus@cvs.openbsd.org 2000/12/16 02:39:57
[scp.c]
unused; from stevesk@pobox.com
20001215
- (stevesk) Old OpenBSD patch wasn't completely applied:
- markus@cvs.openbsd.org 2000/01/24 22:11:20
[scp.c]
allow '.' in usernames; from jedgar@fxp.org
- (stevesk) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/13 16:26:53
[ssh-keyscan.c]
fatal already adds \n; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/13 16:25:44
[ssh-agent.c]
remove redundant spaces; from stevesk@pobox.com
- ho@cvs.openbsd.org 2000/12/12 15:50:21
[pty.c]
When failing to set tty owner and mode on a read-only filesystem, don't
abort if the tty already has correct owner and reasonably sane modes.
Example; permit 'root' to login to a firewall with read-only root fs.
(markus@ ok)
- deraadt@cvs.openbsd.org 2000/12/13 06:36:05
[pty.c]
KNF
- markus@cvs.openbsd.org 2000/12/12 14:45:21
[sshd.c]
source port < 1024 is no longer required for rhosts-rsa since it
adds no additional security.
- markus@cvs.openbsd.org 2000/12/12 16:11:49
[ssh.1 ssh.c]
rhosts-rsa is no longer automagically disabled if ssh is not privileged.
UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
these changes should not change the visible default behaviour of the ssh client.
- deraadt@cvs.openbsd.org 2000/12/11 10:27:33
[scp.c]
when copying 0-sized files, do not re-print ETA time at completion
- provos@cvs.openbsd.org 2000/12/15 10:30:15
[kex.c kex.h sshconnect2.c sshd.c]
compute diffie-hellman in parallel between server and client. okay markus@
20001213
- (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
from Andreas M. Kirchwitz <amk@krell.zikzak.de>
- (stevesk) OpenBSD CVS update:
- markus@cvs.openbsd.org 2000/12/12 15:30:02
[ssh-keyscan.c ssh.c sshd.c]
consistently use __progname; from stevesk@pobox.com
20001211
- (bal) Applied patch to include ssh-keyscan into Redhat's package, and
patch to install ssh-keyscan manpage. Patch by Pekka Savola
<pekka@netcore.fi>
- (bal) OpenbSD CVS update
- markus@cvs.openbsd.org 2000/12/10 17:01:53
[sshconnect1.c]
always request new challenge for skey/tis-auth, fixes interop with
other implementations; report from roth@feep.net
20001210
- (bal) OpenBSD CVS updates
- markus@cvs.openbsd.org 2000/12/09 13:41:51
[cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
undo rijndael changes
- markus@cvs.openbsd.org 2000/12/09 13:48:31
[rijndael.c]
fix byte order bug w/o introducing new implementation
- markus@cvs.openbsd.org 2000/12/09 14:08:27
[sftp-server.c]
"" -> "." for realpath; from vinschen@redhat.com
- markus@cvs.openbsd.org 2000/12/09 14:06:54
[ssh-agent.c]
extern int optind; from stevesk@sweden.hp.com
- provos@cvs.openbsd.org 2000/12/09 23:51:11
[compat.c]
remove unnecessary '\n'
20001209
- (bal) OpenBSD CVS updates:
- djm@cvs.openbsd.org 2000/12/07 4:24:59
[ssh.1]
Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
20001207
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/06 22:58:14
[compat.c compat.h packet.c]
disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
- markus@cvs.openbsd.org 2000/12/06 23:10:39
[rijndael.c]
unexpand(1)
- markus@cvs.openbsd.org 2000/12/06 23:05:43
[cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
new rijndael implementation. fixes endian bugs
20001206
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/05 20:34:09
[channels.c channels.h clientloop.c serverloop.c]
async connects for -R/-L; ok deraadt@
- todd@cvs.openssh.org 2000/12/05 16:47:28
[sshd.c]
tweak comment to reflect real location of pid file; ok provos@
- (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
have it (used in ssh-keyscan).
- (stevesk) OpenBSD CVS update:
- markus@cvs.openbsd.org 2000/12/06 19:57:48
[ssh-keyscan.c]
err(3) -> internal error(), from stevesk@sweden.hp.com
20001205
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/04 19:24:02
[ssh-keyscan.c ssh-keyscan.1]
David Maziere's ssh-keyscan, ok niels@
- (bal) Updated Makefile.in to include ssh-keyscan that was just added
to the recent OpenBSD source tree.
- (stevesk) fix typos in contrib/hpux/README
20001204
- (bal) More C functions defined in NeXT that are unaccessable without
defining -POSIX.
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/03 11:29:04
[compat.c]
remove fallback to SSH_BUG_HMAC now that the drafts are updated
- markus@cvs.openbsd.org 2000/12/03 11:27:55
[compat.c]
correctly match "2.1.0.pl2 SSH" etc; from
pekkas@netcore.fi/bugzilla.redhat
- markus@cvs.openbsd.org 2000/12/03 11:15:03
[auth2.c compat.c compat.h sshconnect2.c]
support f-secure/ssh.com 2.0.12; ok niels@
20001203
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/11/30 22:54:31
[channels.c]
debug->warn if tried to do -R style fwd w/o client requesting this;
ok neils@
- markus@cvs.openbsd.org 2000/11/29 20:39:17
[cipher.c]
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
- markus@cvs.openbsd.org 2000/11/30 18:33:05
[ssh-agent.c]
agents must not dump core, ok niels@
- markus@cvs.openbsd.org 2000/11/30 07:04:02
[ssh.1]
T is for both protocols
- markus@cvs.openbsd.org 2000/12/01 00:00:51
[ssh.1]
typo; from green@FreeBSD.org
- markus@cvs.openbsd.org 2000/11/30 07:02:35
[ssh.c]
check -T before isatty()
- provos@cvs.openbsd.org 2000/11/29 13:51:27
[sshconnect.c]
show IP address and hostname when new key is encountered. okay markus@
- markus@cvs.openbsd.org 2000/11/30 22:53:35
[sshconnect.c]
disable agent/x11/port fwding if hostkey has changed; ok niels@
- marksu@cvs.openbsd.org 2000/11/29 21:11:59
[sshd.c]
sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
- (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
PAM authentication using KbdInteractive.
- (djm) Added another TODO
20001202
- (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
- (bal) Irix need some sort of mansubdir, patch by Michael Stone
<mstone@cs.loyola.edu>
20001129
- (djm) Back out all the serverloop.c hacks. sshd will now hang again
if there are background children with open fds.
- (djm) bsd-rresvport.c bzero -> memset
- (djm) Don't fail in defines.h on absence of 64 bit types (we will
still fail during compilation of sftp-server).
- (djm) Fail if ar is not found during configure
- (djm) OpenBSD CVS updates:
- provos@cvs.openbsd.org 2000/11/22 08:38:31
[sshd.8]
talk about /etc/primes, okay markus@
- markus@cvs.openbsd.org 2000/11/23 14:03:48
[ssh.c sshconnect1.c sshconnect2.c]
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
defaults
- markus@cvs.openbsd.org 2000/11/25 09:42:53
[sshconnect1.c]
reorder check for illegal ciphers, bugreport from espie@
- markus@cvs.openbsd.org 2000/11/25 10:19:34
[ssh-keygen.c ssh.h]
print keytype when generating a key.
reasonable defaults for RSA1/RSA/DSA keys.
- (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
more manpage paths in fixpaths calls
- (djm) Also add xauth path at Pekka's suggestion.
- (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
20001125
- (djm) Give up privs when reading seed file
20001123
- (bal) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/15 22:31:36
[auth-options.c]
case insensitive key options; from stevesk@sweeden.hp.com
- markus@cvs.openbsd.org 2000/11/16 17:55:43
[dh.c]
do not use perror() in sshd, after child is forked()
- markus@cvs.openbsd.org 2000/11/14 23:42:40
[auth-rsa.c]
parse option only if key matches; fix some confusing seen by the client
- markus@cvs.openbsd.org 2000/11/14 23:44:19
[session.c]
check no_agent_forward_flag for ssh-2, too
- markus@cvs.openbsd.org 2000/11/15
[ssh-agent.1]
reorder SYNOPSIS; typo, use .It
- markus@cvs.openbsd.org 2000/11/14 23:48:55
[ssh-agent.c]
do not reorder keys if a key is removed
- markus@cvs.openbsd.org 2000/11/15 19:58:08
[ssh.c]
just ignore non existing user keys
- millert@cvs.openbsd.org 200/11/15 20:24:43
[ssh-keygen.c]
Add missing \n at end of error message.
20001122
- (bal) Minor patch to ensure platforms lacking IRIX job limit supports
are compilable.
- (bal) Updated TODO as of 11/18/2000 with known things to resolve.
20001117
- (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
- (stevesk) Reworked progname support.
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
Shinichi Maruyama <marya@st.jip.co.jp>
20001116
- (bal) Added in MAXSYMLINK test in bsd-realpath.c. Required for some SCO
releases.
- (bal) Make builds work outside of source tree. Patch by Mark D. Roth
<roth@feep.net>
20001113
- (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
contrib/README
- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
- (djm) Fix RPM spec file stupidity
- (djm) fixpaths to DSA and RSA keys too
20001112
- (bal) SCO Patch to add needed libraries for configure.in. Patch by
Phillips Porch <root@theporch.com>
- (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
<dcp@sgi.com>
- (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
failed ioctl(TIOCSCTTY) call.
20001111
- (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
packaging files
- (djm) Fix new Makefile.in warnings
- (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
promoted to type int. Report and fix from Dan Astoorian
<djast@cs.toronto.edu>
- (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
it wrong. Report from Bennett Todd <bet@rahul.net>
20001110
- (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
- (bal) Changed from --with-skey to --with-skey=PATH in configure.in
- (bal) Added in check to verify S/Key library is being detected in
configure.in
- (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
Patch by Mark Miller <markm@swoon.net>
- (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net>
- (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
20001107
- (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
Mark Miller <markm@swoon.net>
- (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
Jarno Huuskonen <jhuuskon@messi.uku.fi>
- (bal) fixpaths fixed to stop it from quitely failing. Patch by
Mark D. Roth <roth@feep.net>
20001106
- (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
- (djm) Manually fix up missed diff hunks (mainly RCS idents)
- (djm) Remove UPGRADING document in favour of a link to the better
maintained FAQ on www.openssh.com
- (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
<pekkas@netcore.fi>
- (djm) Don't need X11-askpass in RPM spec file if building without it
from Pekka Savola <pekkas@netcore.fi>
- (djm) Release 2.3.0p1
- (bal) typo in configure.in in regards to --with-ldflags from Marko
Asplund <aspa@kronodoc.fi>
- (bal) fixed next-posix.h. Forgot prototype of getppid().
|
|
|
|
|
|
|
|
targets. This includes a fix for PR pkg/12125 by Tomasz Luchowski.
|
|
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced,
not @VARIABLE@, nor @@VARIABLE@@).
By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX,
X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST.
Clean up some packages while I'm there; add RCS tags to most MESSAGEs.
Remove some uninteresting MESSAGEs.
|
|
|
|
|
