| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
--- changelog from 2.1.0p3:
20000609
- (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
(in favour of utmpx) on Solaris 8
20000606
- (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
list of commands (by default). Removed verbose debugging (by default).
- (djm) Increased command entropy estimates and default entropy collection
timeout
- (djm) Remove duplicate headers from loginrec.c
- (djm) Don't add /usr/local/lib to library search path on Irix
- (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
- (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
<zack@wolery.cumb.org>
- (djm) OpenBSD CVS updates:
- todd@cvs.openbsd.org
[sshconnect2.c]
teach protocol v2 to count login failures properly and also enable an
explanation of why the password prompt comes up again like v1; this is NOT
crypto
- markus@cvs.openbsd.org
[readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
xauth_location support; pr 1234
[readconf.c sshconnect2.c]
typo, unused
[session.c]
allow use_login only for login sessions, otherwise remote commands are
execed with uid==0
[sshd.8]
document UseLogin better
[version.h]
OpenSSH 2.1.1
[auth-rsa.c]
fix match_hostname() logic for auth-rsa: deny access if we have a
negative match or no match at all
[channels.c hostfile.c match.c]
don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
kris@FreeBSD.org
20000606
- (djm) Added --with-cflags, --with-ldflags and --with-libs options to
configure.
20000604
- Configure tweaking for new login code on Irix 5.3
- (andre) login code changes based on djm feedback
20000603
- (andre) New login code
- Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
- Add loginrec.[ch], logintest.c and autoconf code
20000531
- Cleanup of auth.c, login.c and fake-*
- Cleanup of auth-pam.c, save and print "account expired" error messages
- Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
- Rewrote bsd-login to use proper utmp API if available. Major cleanup
of fallback DIY code.
|
|
- SA bundle (AH + ESP) negotiation is corrected
- be more picky about permission of pre-shared key file (don't open it
it it looks vulnerable).
|
|
Version 3.3.6.1 fixes some minor issues and nits (like using snprintf
instead of sprintf, and using newer functions, like krb_afslog_uid_home
instead of krb_afslog) in greeter/verify.c.
Most changes are from Assar Westerlund (assar@sics.se, assar@netbsd.org),
some from myself.
|
|
|
|
|
|
|
|
|
|
(does not use anoncvs any more).
changes in racoon itself is way too many to mention. for full changelog refer
http://www.kame.net/dev/cvsweb.cgi/kame/CHANGELOG.
|
|
|
|
Thanks to Johan Danielsson who looked into my Kerberos changes of xdm.
(Most of it is directly derived from his work).
|
|
|
|
|
|
installed in /usr/arla.
|
|
Inserted placeholders into MESSAGE which get replaced during pre-install.
Enhanced MESSAGE text.
|
|
393) Users in the 'exempt' group shouldn't get their $PATH overridden
by 'secure-path'. Patch from jmknoble@pobox.com.
395) Fixed a bug that caused an infinite loop when the password
timeout was disabled.
396) It is now possible to set the path to the editor for visudo as well
as the flag that determines whether or not visudo will look at
$EDITOR in the sudoers file.
398) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
and target user's passwords respectively (instead of the invoking user's
password).
399) Added -S flag to force password read from stdin.
400) Restore coredumpsize resource limit before exec'ing the child
process (sudo sets it to 0 internally).
404) Fixed a bug where sudo would hang around and consume CPU if we spawn
a long-running process.
406) Added set_logname run-time option. When unset, sudo will not set
the USER and LOGNAME environment variables.
407) Wildcards are now allowed in the hostnames specified in sudoers.
The 'fqdn' option is often required for this to be useful.
408) Fixed a bug where host and user qualifiers in a Defaults entry were
not being used correctly and the entry was being applied globally.
409) Fixed targetpw, rootpw, and runaspw options when used with non-passwd
authentication (pam, etc).
410) When the targetpw flag is set, use the target username as part
of the timestamp path.
411) Fixed a bug that prevented the -H option from being useful.
412) Fixed a case where a string was used after it has been freed.
|
|
|
|
|
|
|
|
|
|
DOS/Windows file virus scanner
|
|
Add a new USE_LIBTOOL definition that uses the libtool package instead of
pkglibtool which is now considered outdated.
USE_PKGLIBTOOL is available for backwards compatibility with old packages
but is deprecated for new packages.
|
|
there are too many changes to mention here.
the biggest change would be the addition of SSH protocol version 2 (uses DSA).
|
|
|
|
|
|
|
|
-don't let make(1) set YACC (which then gets passed to configure) so
configure can correctly find bison.
|
|
|
|
anymore
|
|
|
|
It would be easier to make that change if we support patches for one OPSYS
but someone removed that from out tree.
|
|
|
|
cope with PATENTEDOPENSSLSRC environment (mk.conf needs to be set)
|
|
|
|
|
|
|
|
* force "bison -y" *via $YACC)
* undefine _POSIX_C_SOURCE, needed to get S_ISLNK defined in <sys/stat.h>
|
|
assume that a full (i.e. "with RSA") OpenSSL installation already
exists on the system (and thus a dependency on ../security/openssl
is not needed).
|
|
be removed.
|
|
and the client happens to not be in a Kerberos realm.
|
|
|
|
|
|
|
|
|
|
|
|
authorized key and for which there was no kerberos principle, sshd
would segfault.
|
|
|
|
|
|
Author recommends RID instead of his own program.
Fixes pkg/9805.
|
|
|
|
|
