From 11a09ab416e21c995885dc0e5847151627094217 Mon Sep 17 00:00:00 2001 From: des Date: Sun, 5 Jun 2005 15:40:50 +0000 Subject: Vendor import of OpenSSH 4.0p1. --- crypto/openssh/ChangeLog | 669 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 668 insertions(+), 1 deletion(-) (limited to 'crypto/openssh/ChangeLog') diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 2292ffb..046e32e 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,670 @@ +20050309 + - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 + so that regress tests behave. From Chris Adams. + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/07 23:41:54 + [ssh.1 ssh_config.5] + more macro simplification; + - djm@cvs.openbsd.org 2005/03/08 23:49:48 + [version.h] + OpenSSH 4.0 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update spec file versions + - (djm) [log.c] Fix dumb syntax error; ok dtucker@ + - (djm) Release OpenSSH 4.0p1 + +20050307 + - (dtucker) [configure.ac] Disable gettext search when configuring with + BSM audit support for the time being. ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 + [Makefile sftp-glob.sh] + some globbing regress; prompted and ok djm@ + - david@cvs.openbsd.org 2005/01/14 04:21:18 + [Makefile test-exec.sh] + pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ + - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 + [multiplex.sh test-exec.sh sshd-log-wrapper.sh] + Add optional capability to log output from regress commands; ok markus@ + Use with: make TEST_SSH_LOGFILE=/tmp/regress.log + - djm@cvs.openbsd.org 2005/02/27 23:13:36 + [login-timeout.sh] + avoid nameservice lookups in regress test; ok dtucker@ + - djm@cvs.openbsd.org 2005/03/04 08:48:46 + [Makefile envpass.sh] + regress test for SendEnv config parsing bug; ok dtucker@ + - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. + - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. + +20050306 + - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor + when attempting to audit disconnect events. Reported by Phil Dibowitz. + - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit + events earlier, prevents mm_request_send errors reported by Matt Goebel. + +20050305 + - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch + from vinschen at redhat.com + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/02 11:45:01 + [ssh.1] + missing word; + - djm@cvs.openbsd.org 2005/03/04 08:48:06 + [readconf.c] + fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ + +20050302 + - (djm) OpenBSD CVS sync: + - jmc@cvs.openbsd.org 2005/03/01 14:47:58 + [ssh.1] + remove some unneccesary macros; + do not mark up punctuation; + - jmc@cvs.openbsd.org 2005/03/01 14:55:23 + [ssh_config.5] + do not mark up punctuation; + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 14:59:49 + [sshd.8] + new sentence, new line; + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:05:00 + [ssh-keygen.1] + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:47:14 + [ssh-keyscan.1 ssh-keyscan.c] + sort options and sync usage(); + - jmc@cvs.openbsd.org 2005/03/01 17:19:35 + [scp.1 sftp.1] + add HashKnownHosts to -o list; + ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:22:06 + [ssh.c] + sync usage() w/ man SYNOPSIS; + ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:32:19 + [ssh-add.1] + sort options; + - jmc@cvs.openbsd.org 2005/03/01 18:15:56 + [ssh-keygen.1] + sort options (no attempt made at synopsis clean up though); + spelling (occurance -> occurrence); + use prompt before examples; + grammar; + - djm@cvs.openbsd.org 2005/03/02 01:00:06 + [sshconnect.c] + fix addition of new hashed hostnames when CheckHostIP=yes; + found and ok dtucker@ + - djm@cvs.openbsd.org 2005/03/02 01:27:41 + [ssh-keygen.c] + ignore hostnames with metachars when hashing; ok deraadt@ + - djm@cvs.openbsd.org 2005/03/02 02:21:07 + [ssh.1] + bz#987: mention ForwardX11Trusted in ssh.1, + reported by andrew.benham AT thus.net; ok deraadt@ + - (tim) [regress/agent-ptrace.sh] add another possible gdb error. + +20050301 + - (djm) OpenBSD CVS sync: + - otto@cvs.openbsd.org 2005/02/16 09:56:44 + [ssh.c] + Better diagnostic if an identity file is not accesible. ok markus@ djm@ + - djm@cvs.openbsd.org 2005/02/18 03:05:53 + [canohost.c] + better error messages for getnameinfo failures; ok dtucker@ + - djm@cvs.openbsd.org 2005/02/20 22:59:06 + [sftp.c] + turn on ssh batch mode when in sftp batch mode, patch from + jdmossh AT nand.net; + ok markus@ + - jmc@cvs.openbsd.org 2005/02/25 10:55:13 + [sshd.8] + add /etc/motd and $HOME/.hushlogin to FILES; + from michael knudsen; + - djm@cvs.openbsd.org 2005/02/28 00:54:10 + [ssh_config.5] + bz#849: document timeout on untrusted x11 forwarding sessions. Reported by + orion AT cora.nwra.com; ok markus@ + - djm@cvs.openbsd.org 2005/03/01 10:09:52 + [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] + [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] + [sshd_config.5] + bz#413: allow optional specification of bind address for port forwardings. + Patch originally by Dan Astorian, but worked on by several people + Adds GatewayPorts=clientspecified option on server to allow remote + forwards to bind to client-specified ports. + - djm@cvs.openbsd.org 2005/03/01 10:40:27 + [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] + [sshconnect.c sshd.8] + add support for hashing host names and addresses added to known_hosts + files, to improve privacy of which hosts user have been visiting; ok + markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:41:28 + [ssh-keyscan.1 ssh-keyscan.c] + option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:42:49 + [ssh-keygen.1 ssh-keygen.c ssh_config.5] + add tools for managing known_hosts files with hashed hostnames, including + hashing existing files and deleting hosts by name; ok markus@ deraadt@ + +20050226 + - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] + Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] + Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any + more. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the + binaries without the config files. Primarily useful for packaging. + Patch from phil at usc.edu. ok djm@ + +20050224 + - (djm) [configure.ac] in_addr_t test needs sys/types.h too + +20050222 + - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from + vinschen at redhat.com. + +20050220 + - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac + defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure + --with-audit=bsm to enable. Patch originally from Sun Microsystems, + parts by John R. Jackson. ok djm@ + - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes + unrelated platforms to be configured incorrectly. + +20050216 + - (djm) write seed to temporary file and atomically rename into place; + ok dtucker@ + - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called + via mkstemp in some configurations. ok djm@ + - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined + by the system headers. + - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant + Unix; prevents problems relating to the location of -lresolv in the + link order. + - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic + authentication early enough to be available to PAM session modules when + privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam + Hartman and similar to Debian's ssh-krb5 package. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more + compiler warnings on AIX. + +20050215 + - (dtucker) [config.sh.in] Collect oslevel -r too. + - (dtucker) [README.platform auth.c configure.ac loginrec.c + openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 + on AIX where possible (see README.platform for details) and work around + a misfeature of AIX's getnameinfo. ok djm@ + - (dtucker) [loginrec.c] Add missing #include. + +20050211 + - (dtucker) [configure.ac] Tidy up configure --help output. + - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. + +20050210 + - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the + --disable-etc-default-login configure option. + +20050209 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 + [ssh_config] + Make it clear that the example entries in ssh_config are only some of the + commonly-used options and refer the user to ssh_config(5) for more + details; ok djm@ + - jmc@cvs.openbsd.org 2005/01/28 15:05:43 + [ssh_config.5] + grammar; + - jmc@cvs.openbsd.org 2005/01/28 18:14:09 + [ssh_config.5] + wording; + ok markus@ + - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 + [monitor.c] + Make code match intent; ok djm@ + - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 + [sshd.c] + Provide reason in error message if getnameinfo fails; ok markus@ + - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call + disable_forwarding() from compat library. Prevent linker errrors trying + to resolve it for binaries other than sshd. ok djm@ + - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir + paths. ok djm@ + - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require + the username to be passed to the passwd command when changing expired + passwords. ok djm@ + +20050208 + - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the + regress tests so newer versions of GNU head(1) behave themselves. Patch + by djm, so ok me. + - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. + - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c + monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit + defines and enums with SSH_ to prevent namespace collisions on some + platforms (eg AIX). + +20050204 + - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. + - (dtucker) [auth.c] Fix parens in audit log check. + +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ + - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child + the process. Since we also unset KRB5CCNAME at startup, if it's set after + authentication it must have been set by the platform's native auth system. + This was already done for AIX; this enables it for the general case. + - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] + Bug #974: Teach sshd to write failed login records to btmp for failed auth + attempts (currently only for password, kbdint and C/R, only on Linux and + HP-UX), based on code from login.c from util-linux. With ashok_kovai at + hotmail.com, ok djm@ + - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c + monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: + (first stage) Add audit instrumentation to sshd, currently disabled by + default. with suggestions from and ok djm@ + +20050201 + - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some + platforms syslog will revert to its default values. This may result in + messages from external libraries (eg libwrap) being sent to a different + facility. + - (dtucker) [sshd_config.5] Bug #701: remove warning about + keyboard-interactive since this is no longer the case. + +20050124 + - (dtucker) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2005/01/21 08:32:02 + [auth-passwd.c sshd.c] + Warn in advance for password and account expiry; initialize loginmsg + buffer earlier and clear it after privsep fork. ok and help dtucker@ + markus@ + - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 + [auth.c] + Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and + DenyGroups. bz #909, ok djm@ + - djm@cvs.openbsd.org 2005/01/23 10:18:12 + [cipher.c] + config option "Ciphers" should be case-sensitive; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 + [scp.c sftp.c] + Have scp and sftp wait for the spawned ssh to exit before they exit + themselves. This prevents ssh from being unable to restore terminal + modes (not normally a problem on OpenBSD but common with -Portable + on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); + ok djm@ markus@ + - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 + [moduli] + Import new moduli; requested by deraadt@ a week ago + - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 + [auth-passwd.c] + #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ + +20050120 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/23 17:35:48 + [session.c] + check for NULL; from mpech + - markus@cvs.openbsd.org 2004/12/23 17:38:07 + [ssh-keygen.c] + leak; from mpech + - djm@cvs.openbsd.org 2004/12/23 23:11:00 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + bz #898: support AddressFamily in sshd_config. from + peak@argo.troja.mff.cuni.cz; ok deraadt@ + - markus@cvs.openbsd.org 2005/01/05 08:51:32 + [sshconnect.c] + remove dead code, log connect() failures with level error, ok djm@ + - jmc@cvs.openbsd.org 2005/01/08 00:41:19 + [sshd_config.5] + `login'(n) -> `log in'(v); + - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 + [moduli.c] + Correct spelling: SCHNOOR->SCHNORR; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 + [sshd.c] + Make debugging output continue after reexec; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 + [auth-bsdauth.c auth2-chall.c] + Have keyboard-interactive code call the drivers even for responses for + invalid logins. This allows the drivers themselves to decide how to + handle them and prevent leaking information where possible. Existing + behaviour for bsdauth is maintained by checking authctxt->valid in the + bsdauth driver. Note that any third-party kbdint drivers will now need + to be able to handle responses for invalid logins. ok markus@ + - djm@cvs.openbsd.org 2004/12/22 02:13:19 + [cipher-ctr.c cipher.c] + remove fallback AES support for old OpenSSL, as OpenBSD has had it for + many years now; ok deraadt@ + (Id sync only: Portable will continue to support older OpenSSLs) + - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user + existence via keyboard-interactive/pam, in conjunction with previous + auth2-chall.c change; with Colin Watson and djm. + - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 + bytes to prevent errors from login_init_entry() when the username is + exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ + - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from + the list of available kbdint devices if UsePAM=no. ok djm@ + +20050118 + - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement + "make survey" and "make send-survey". This will provide data on the + configure parameters, platform and platform features to the development + team, which will allow (among other things) better targetting of testing. + It's entirely voluntary and is off be default. ok djm@ + - (dtucker) [survey.sh.in] Remove any blank lines from the output of + ccver-v and ccver-V. + +20041220 + - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading + from prngd is enabled at compile time but fails at run time, eg because + prngd is not running. Note that if you have prngd running when OpenSSH is + built, OpenSSL will consider itself internally seeded and rand-helper won't + be built at all unless explicitly enabled via --with-rand-helper. ok djm@ + - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since + on some wacky platforms (eg old AIXes), dd will refuse to create an output + file if it doesn't exist. + +20041213 + - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from + amarendra.godbole at ge com. + +20041211 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/06 16:00:43 + [bufaux.c] + use 0x00 not \0 since buf[] is a bignum + - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 + [sftp.c] + - fix globbed ls for paths the same lenght as the globbed path when + we have a unique matching. + - fix globbed ls in case of a directory when we have a unique matching. + - as a side effect, if the path does not exist error (used to silently + ignore). + - don't do extra do_lstat() if we only have one matching file. + djm@ ok + - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] + Fix debug call in error path of authorized_keys processing and fix related + warnings; ok djm@ + +20041208 + - (tim) [configure.ac] Comment some non obvious platforms in the + target-specific case statement. Suggested and OK by dtucker@ + +20041207 + - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. + +20041206 + - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/11/25 22:22:14 + [sftp-client.c sftp.c] + leak; from mpech + - jmc@cvs.openbsd.org 2004/11/29 00:05:17 + [sftp.1] + missing full stop; + - djm@cvs.openbsd.org 2004/11/29 07:41:24 + [sftp-client.h sftp.c] + Some small fixes from moritz@jodeit.org. ok deraadt@ + - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 + [sftp.1] + - explain that patterns can be used as arguments in get/put/ls/etc + commands (prodded by Michael Knudsen) + - describe ls flags as a list + - other minor improvements + ok jmc, djm + - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] + Discard over-length authorized_keys entries rather than complaining when + they don't decode. bz #884, with & ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - djm@cvs.openbsd.org 2004/06/26 06:16:07 + [reexec.sh] + don't change the name of the copied sshd for the reexec fallback test, + makes life simpler for portable + - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 + [scp.sh] + Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ + - david@cvs.openbsd.org 2004/07/09 19:45:43 + [Makefile] + add a missing CLEANFILES used in the re-exec test + - djm@cvs.openbsd.org 2004/10/08 02:01:50 + [reexec.sh] + shrink and tidy; ok dtucker@ + - djm@cvs.openbsd.org 2004/10/29 23:59:22 + [Makefile added brokenkeys.sh] + regression test for handling of corrupt keys in authorized_keys file + - djm@cvs.openbsd.org 2004/11/07 00:32:41 + [multiplex.sh] + regression tests for new multiplex commands + - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 + [test-exec.sh] + Remove obsolete RhostsAuthentication from test config; ok markus@ + - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 + [test-exec.sh] + Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ + +20041203 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2004/11/07 17:42:36 + [ssh.1] + options sort, and whitespace; + - jmc@cvs.openbsd.org 2004/11/07 17:57:30 + [ssh.c] + usage(): + - add -O + - sync -S w/ manpage + - remove -h + - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is + subsequently denied by the PAM auth stack, send the PAM message to the + user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). + ok djm@ + +20041107 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/11/05 12:19:56 + [sftp.c] + command editing and history support via libedit; ok markus@ + thanks to hshoexer@ and many testers on tech@ too + - djm@cvs.openbsd.org 2004/11/07 00:01:46 + [clientloop.c clientloop.h ssh.1 ssh.c] + add basic control of a running multiplex master connection; including the + ability to check its status and request it to exit; ok markus@ + - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure + option and supporting makefile bits and documentation. + +20041105 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/08/30 09:18:08 + [LICENCE] + s/keygen/keyscan/ + - jmc@cvs.openbsd.org 2004/08/30 21:22:49 + [ssh-add.1 ssh.1] + .Xsession -> .xsession; + originally from a pr from f at obiit dot org, but missed by myself; + ok markus@ matthieu@ + - djm@cvs.openbsd.org 2004/09/07 23:41:30 + [clientloop.c ssh.c] + cleanup multiplex control socket on SIGHUP too, spotted by sturm@ + ok markus@ deraadt@ + - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 + [ssh.c] + /* fallthrough */ is something a programmer understands. But + /* FALLTHROUGH */ is also understood by lint, so that is better. + - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 + [sshd_config.5] + mention PrintLastLog only prints last login time for interactive + sessions, like PrintMotd mentions. + From Michael Knudsen, with wording changed slightly to match the + PrintMotd description. + ok djm + - mickey@cvs.openbsd.org 2004/09/15 18:42:27 + [sshd.c] + use less doubles in daemons; markus@ ok + - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 + [scp.c] + scratch that do { } while (0) wrapper in this case + - djm@cvs.openbsd.org 2004/09/23 13:00:04 + [ssh.c] + correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ + - djm@cvs.openbsd.org 2004/09/25 03:45:14 + [sshd.c] + these printf args are no longer double; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2004/10/07 10:10:24 + [scp.1 sftp.1 ssh.1 ssh_config.5] + document KbdInteractiveDevices; ok markus@ + - djm@cvs.openbsd.org 2004/10/07 10:12:36 + [ssh-agent.c] + don't unlink agent socket when bind() fails, spotted by rich AT + rich-paul.net, ok markus@ + - markus@cvs.openbsd.org 2004/10/20 11:48:53 + [packet.c ssh1.h] + disconnect for invalid (out of range) message types. + - djm@cvs.openbsd.org 2004/10/29 21:47:15 + [channels.c channels.h clientloop.c] + fix some window size change bugs for multiplexed connections: windows sizes + were not being updated if they had changed after ~^Z suspends and SIGWINCH + was not being processed unless the first connection had requested a tty; + ok markus + - djm@cvs.openbsd.org 2004/10/29 22:53:56 + [clientloop.c misc.h readpass.c ssh-agent.c] + factor out common permission-asking code to separate function; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:56:17 + [bufaux.c bufaux.h buffer.c buffer.h] + introduce a new buffer API that returns an error rather than fatal()ing + when presented with bad data; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:57:05 + [key.c] + use new buffer API to avoid fatal errors on corrupt keys in authorized_keys + files; ok markus@ + +20041102 + - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX + 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ + only if a conflict is detected. + +20041019 + - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or + on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ + +20041016 + - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; + ok dtucker@ + +20041006 + - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode + and other PAM platforms. + - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants + to void * to appease picky compilers (eg Tru64's "cc -std1"). + +20040930 + - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ + +20040923 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, + which could have caused the justification to be wrong. ok djm@ + +20040921 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. + ok djm@ + - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin + install process. Patch from vinschen at redhat.com. + +20040912 + - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. + No change in resultant binary + - (djm) [loginrec.c] __func__ifiy + - (djm) [loginrec.c] xmalloc + - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol + banner. Suggested by deraadt@, ok mouring@, dtucker@ + - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. + Partly by & ok djm@. + +20040911 + - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ + - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from + failing PAM session modules to user then exit, similar to the way + /etc/nologin is handled. ok djm@ + - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. + - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] + Make cygwin code more consistent with that which surrounds it + - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] + Bug #892: Send messages from failing PAM account modules to the client via + SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with + SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ + - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ + - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. + Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ + - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert + at anl.gov, ok djm@ + +20040830 + - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only + copy required environment variables on Cygwin. Patch from vinschen at + redhat.com, ok djm@ + - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from + vinschen at redhat.com. + - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability + of shell constructs. Patch from cjwatson at debian.org. + +20040829 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from + failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. + From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/08/23 11:48:09 + [authfile.c] + fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus + - djm@cvs.openbsd.org 2004/08/23 11:48:47 + [channels.c] + typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus + - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 + [ssh-keysign.c ssh.c] + Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches + change in Portable; ok markus@ (CVS ID sync only) + - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 + [ssh-keysign.c] + Remove duplicate getuid(), suggested by & ok markus@ + - markus@cvs.openbsd.org 2004/08/26 16:00:55 + [ssh.1 sshd.8] + get rid of references to rhosts authentication; with jmc@ + - djm@cvs.openbsd.org 2004/08/28 01:01:48 + [sshd.c] + don't erroneously close stdin for !reexec case, from Dave Johnson; + ok markus@ + - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, + fixes configure warning on Solaris reported by wknox at mitre.org. + - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not + support FD passing since multiplex requires it. Noted by tim@ + - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn + down, needed on some platforms, should be harmless on others. Patch from + jason at devrandom.org. + - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like + files ending in .exe that aren't binaries; patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree + builds too, from vinschen at redhat.com. + - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 + too; patch from cmadams at hiwaay.net. + - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. + - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for + accounts with authentication configs that sshd can't support (ie + SYSTEM=NONE and AUTH1=something). + +20040828 + - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from + vinschen at redhat.com. + +20040823 + - (djm) [ssh-rand-helper.c] Typo. Found by + Martin.Kraemer AT Fujitsu-Siemens.com + - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by + Martin.Kraemer AT Fujitsu-Siemens.com + 20040817 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. - (djm) OpenBSD CVS Sync @@ -1654,4 +2321,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $ +$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ -- cgit v1.1