source: trunk/third/openssh/ChangeLog @ 18759

Revision 18759, 29.0 KB checked in by zacheiss, 22 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r18758, which included commits to RCS files with non-trunk default branches.
Line 
120021003
2 - (djm) OpenBSD CVS Sync
3   - markus@cvs.openbsd.org 2002/10/01 20:34:12
4     [ssh-agent.c]
5     allow root to access the agent, since there is no protection from root.
6   - markus@cvs.openbsd.org 2002/10/01 13:24:50
7     [version.h]
8     OpenSSH 3.5
9 - (djm) Bump RPM spec version numbers
10 - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2
11
1220020930
13 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
14   tweak README
15 - (djm) OpenBSD CVS Sync
16   - mickey@cvs.openbsd.org 2002/09/27 10:42:09
17     [compat.c compat.h sshd.c]
18     add a generic match for a prober, such as sie big brother;
19     idea from stevesk@; markus@ ok
20   - stevesk@cvs.openbsd.org 2002/09/27 15:46:21
21     [ssh.1]
22     clarify compression level protocol 1 only; ok markus@ deraadt@
23
2420020927
25 - (djm) OpenBSD CVS Sync
26   - markus@cvs.openbsd.org 2002/09/25 11:17:16
27     [sshd_config]
28     sync LoginGraceTime with default
29   - markus@cvs.openbsd.org 2002/09/25 15:19:02
30     [sshd.c]
31     typo; pilot@monkey.org
32   - markus@cvs.openbsd.org 2002/09/26 11:38:43
33     [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
34     [monitor_wrap.h]
35     krb4 + privsep; ok dugsong@, deraadt@
36
3720020925
38 - (bal) Fix issue where successfull login does not clear failure counts
39   in AIX.  Patch by dtucker@zip.com.au ok by djm
40 - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
41    This does not include the deattack.c fixes.
42
4320020923
44 - (djm) OpenBSD CVS Sync
45   - stevesk@cvs.openbsd.org 2002/09/23 20:46:27
46     [canohost.c]
47     change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
48     non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
49   - markus@cvs.openbsd.org 2002/09/23 22:11:05
50     [monitor.c]
51     only call auth_krb5 if kerberos is enabled; ok deraadt@
52   - markus@cvs.openbsd.org 2002/09/24 08:46:04
53     [monitor.c]
54     only call kerberos code for authctxt->valid
55   - todd@cvs.openbsd.org 2002/09/24 20:59:44
56     [sshd.8]
57     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
58     sensitive data it handles. This fixes bug # 402 as reported by
59     kolya@mit.edu (Nickolai Zeldovich).
60     ok markus@ and stevesk@
61
6220020923
63 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
64
6520020922
66 - (djm) OpenBSD CVS Sync
67   - stevesk@cvs.openbsd.org 2002/09/19 14:53:14
68     [compat.c]
69   - markus@cvs.openbsd.org 2002/09/19 15:51:23
70     [ssh-add.c]
71     typo; cd@kalkatraz.de
72   - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
73     [serverloop.c]
74     log IP address also; ok markus@
75   - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
76     [auth.c]
77     log illegal user here for missing privsep case (ssh2).
78     this is executed in the monitor. ok markus@
79
8020020919
81 - (djm) OpenBSD CVS Sync
82   - stevesk@cvs.openbsd.org 2002/09/12 19:11:52
83     [ssh-agent.c]
84     %u for uid print; ok markus@
85   - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
86     [session.c ssh.1]
87     add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
88   - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
89     [channels.c sshconnect.c sshd.c]
90     remove use of SO_LINGER, it should not be needed. error check
91     SO_REUSEADDR. fixup comments. ok markus@
92   - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
93     [session.c]
94     log when _PATH_NOLOGIN exists; ok markus@
95   - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
96     [sshd_config.5]
97     more details on X11Forwarding security issues and threats; ok markus@
98   - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
99     [sshd.8]
100     reference moduli(5) in FILES /etc/moduli.
101   - itojun@cvs.openbsd.org 2002/09/17 07:47:02
102     [channels.c]
103     don't quit while creating X11 listening socket.
104     http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
105     got from portable.  markus ok
106   - djm@cvs.openbsd.org 2002/09/19 01:58:18
107     [ssh.c sshconnect.c]
108     bugzilla.mindrot.org #223 - ProxyCommands don't exit.
109     Patch from dtucker@zip.com.au; ok markus@
110
11120020912
112 - (djm) Made GNOME askpass programs return non-zero if cancel button is
113   pressed.
114 - (djm) Added getpeereid() replacement. Properly implemented for systems
115   with SO_PEERCRED support. Faked for systems which lack it.
116 - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
117   fake-queue.h to sys-tree.h and sys-queue.h
118 - (djm) OpenBSD CVS Sync
119   - markus@cvs.openbsd.org 2002/09/08 20:24:08
120     [hostfile.h]
121     no comma at end of enumerator list
122   - itojun@cvs.openbsd.org 2002/09/09 06:48:06
123     [auth1.c auth.h auth-krb5.c monitor.c monitor.h]
124     [monitor_wrap.c monitor_wrap.h]
125     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
126     patch from markus
127   - markus@cvs.openbsd.org 2002/09/09 14:54:15
128     [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
129     signed vs unsigned from -pedantic; ok henning@
130   - markus@cvs.openbsd.org 2002/09/10 20:24:47
131     [ssh-agent.c]
132     check the euid of the connecting process with getpeereid(2);
133     ok provos deraadt stevesk
134   - stevesk@cvs.openbsd.org 2002/09/11 17:55:03
135     [ssh.1]
136     add agent and X11 forwarding warning text from ssh_config.5; ok markus@
137   - stevesk@cvs.openbsd.org 2002/09/11 18:27:26
138     [authfd.c authfd.h ssh.c]
139     don't connect to agent to test for presence if we've previously
140     connected; ok markus@
141   - djm@cvs.openbsd.org 2002/09/11 22:41:50
142     [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
143     [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
144     support for short/long listings and globbing in "ls"; ok markus@
145   - djm@cvs.openbsd.org 2002/09/12 00:13:06
146     [sftp-int.c]
147     zap unused var introduced in last commit
148
14920020911
150 - (djm) Sync openbsd-compat with OpenBSD -current
151
15220020910
153 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
154   Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
155 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL.
156   Patch from Robert Halubek <rob@adso.com.pl>
157
15820020905
159 - (djm) OpenBSD CVS Sync
160   - stevesk@cvs.openbsd.org 2002/09/04 18:52:42
161     [servconf.c sshd.8 sshd_config.5]
162     default LoginGraceTime to 2m; 1m may be too short for slow systems.
163     ok markus@
164 - (djm) Merge openssh-TODO.patch from Redhat (null) beta
165 - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
166    Nalin Dahyabhai <nalin@redhat.com>
167 - (djm) Add support for building gtk2 password requestor from Redhat beta
168
16920020903
170 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
171 - (djm) Fix Redhat RPM build dependancy test
172 - (djm) OpenBSD CVS Sync
173   - markus@cvs.openbsd.org 2002/08/12 10:46:35
174     [ssh-agent.c]
175     make ssh-agent setgid, disallow ptrace.
176   - espie@cvs.openbsd.org 2002/08/21 11:20:59
177     [sshd.8]
178     `RSA' updated to refer to `public key', where it matters.
179     okay markus@
180   - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
181     [servconf.c sshd.8 sshd_config sshd_config.5]
182     change LoginGraceTime default to 1 minute; ok mouring@ markus@
183   - stevesk@cvs.openbsd.org 2002/08/21 20:10:28
184     [ssh-agent.c]
185     raise listen backlog; ok markus@
186   - stevesk@cvs.openbsd.org 2002/08/22 19:27:53
187     [ssh-agent.c]
188     use common close function; ok markus@
189   - stevesk@cvs.openbsd.org 2002/08/22 19:38:42
190     [clientloop.c]
191     format with current EscapeChar; bugzilla #388 from wknox@mitre.org.
192     ok markus@
193   - stevesk@cvs.openbsd.org 2002/08/22 20:57:19
194     [ssh-agent.c]
195     shutdown(SHUT_RDWR) not needed before close here; ok markus@
196   - markus@cvs.openbsd.org 2002/08/22 21:33:58
197     [auth1.c auth2.c]
198     auth_root_allowed() is handled by the monitor in the privsep case,
199     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
200   - markus@cvs.openbsd.org 2002/08/22 21:45:41
201     [session.c]
202     send signal name (not signal number) in "exit-signal" message; noticed
203     by galb@vandyke.com
204   - stevesk@cvs.openbsd.org 2002/08/27 17:13:56
205     [ssh-rsa.c]
206     RSA_public_decrypt() returns -1 on error so len must be signed;
207     ok markus@
208   - stevesk@cvs.openbsd.org 2002/08/27 17:18:40
209     [ssh_config.5]
210     some warning text for ForwardAgent and ForwardX11; ok markus@
211   - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
212     [monitor.c session.c sshlogin.c sshlogin.h]
213     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
214     NOTE: there are also p-specific parts to this patch. ok markus@
215   - stevesk@cvs.openbsd.org 2002/08/29 16:02:54
216     [ssh.1 ssh.c]
217     deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
218   - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
219     [ssh_config.5]
220     more on UsePrivilegedPort and setuid root; ok markus@
221   - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
222     [ssh.c]
223     shrink initial privilege bracket for setuid case; ok markus@
224   - stevesk@cvs.openbsd.org 2002/08/29 22:54:10
225     [ssh_config.5 sshd_config.5]
226     state XAuthLocation is a full pathname
227
22820020820
229 - OpenBSD CVS Sync
230   - millert@cvs.openbsd.org 2002/08/02 14:43:15
231     [monitor.c monitor_mm.c]
232     Change mm_zalloc() sanity checks to be more in line with what
233     we do in calloc() and add a check to monitor_mm.c.
234     OK provos@ and markus@
235   - marc@cvs.openbsd.org 2002/08/02 16:00:07
236     [ssh.1 sshd.8]
237     note that .ssh/environment is only read when
238     allowed (PermitUserEnvironment in sshd_config).
239     OK markus@
240   - markus@cvs.openbsd.org 2002/08/02 21:23:41
241     [ssh-rsa.c]
242     diff is u_int (2x); ok deraadt/provos
243   - markus@cvs.openbsd.org 2002/08/02 22:20:30
244     [ssh-rsa.c]
245     replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
246     for authentication; ok deraadt/djm
247   - aaron@cvs.openbsd.org 2002/08/08 13:50:23
248     [sshconnect1.c]
249     Use & to test if bits are set, not &&; markus@ ok.
250   - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
251     [auth.c]
252     typo in comment
253   - stevesk@cvs.openbsd.org 2002/08/09 17:21:42
254     [sshd_config.5]
255     use Op for mdoc conformance; from esr@golux.thyrsus.com
256     ok aaron@
257   - stevesk@cvs.openbsd.org 2002/08/09 17:41:12
258     [sshd_config.5]
259     proxy vs. fake display
260   - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
261     [ssh.1 sshd.8 sshd_config.5]
262     more PermitUserEnvironment; ok markus@
263   - stevesk@cvs.openbsd.org 2002/08/17 23:07:14
264     [ssh.1]
265     ForwardAgent has defaulted to no for over 2 years; be more clear here.
266   - stevesk@cvs.openbsd.org 2002/08/17 23:55:01
267     [ssh_config.5]
268     ordered list here
269 - (bal) [defines.h] Some platforms don't have SIZE_T_MAX.  So assign
270   it to ULONG_MAX.
271
27220020813
273 - (tim) [configure.ac] Display OpenSSL header/library version.
274   Patch by dtucker@zip.com.au
275
27620020731
277 - (bal) OpenBSD CVS Sync
278   - markus@cvs.openbsd.org 2002/07/24 16:11:18
279     [hostfile.c hostfile.h sshconnect.c]
280     print out all known keys for a host if we get a unknown host key,
281     see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
282
283     the ssharp mitm tool attacks users in a similar way, so i'd like to
284     pointed out again:
285        A MITM attack is always possible if the ssh client prints:
286        The authenticity of host 'bla' can't be established.
287     (protocol version 2 with pubkey authentication allows you to detect
288     MITM attacks)
289   - mouring@cvs.openbsd.org 2002/07/25 01:16:59
290     [sftp.c]
291     FallBackToRsh does not exist anywhere else.  Remove it from here.
292     OK deraadt.
293   - markus@cvs.openbsd.org 2002/07/29 18:57:30
294     [sshconnect.c]
295     print file:line
296   - markus@cvs.openbsd.org 2002/07/30 17:03:55
297     [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
298     add PermitUserEnvironment (off by default!); from dot@dotat.at;
299     ok provos, deraadt
300
30120020730
302 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
303
30420020728
305 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
306 - (stevesk) [CREDITS] solar
307 - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
308   char arg.
309
31020020725
311 - (djm) Remove some cruft from INSTALL
312 - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/
313
31420020723
315 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
316 - (bal) sync ID w/ ssh-agent.c
317 - (bal) OpenBSD Sync
318   - markus@cvs.openbsd.org 2002/07/19 15:43:33
319     [log.c log.h session.c sshd.c]
320     remove fatal cleanups after fork; based on discussions with and code
321     from solar.
322   - stevesk@cvs.openbsd.org 2002/07/19 17:42:40
323     [ssh.c]
324     display a warning from ssh when XAuthLocation does not exist or xauth
325     returned no authentication data. ok markus@
326   - stevesk@cvs.openbsd.org 2002/07/21 18:32:20
327     [auth-options.c]
328     unneeded includes
329   - stevesk@cvs.openbsd.org 2002/07/21 18:34:43
330     [auth-options.h]
331     remove invalid comment
332   - markus@cvs.openbsd.org 2002/07/22 11:03:06
333     [session.c]
334     fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
335   - stevesk@cvs.openbsd.org 2002/07/22 17:32:56
336     [monitor.c]
337     u_int here; ok provos@
338   - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
339     [sshd.c]
340     utmp_len is unsigned; display error consistent with other options.
341     ok markus@
342   - stevesk@cvs.openbsd.org 2002/07/15 17:15:31
343     [uidswap.c]
344     little more debugging; ok markus@
345
34620020722
347 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk
348 - (stevesk) [xmmap.c] missing prototype for fatal()
349 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
350   with Cray (mostly #ifdef renaming).  Patch by wendyp@cray.com.
351 - (bal) [configure.ac]  Missing ;; from cray patch.
352 - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
353   into it's own header.
354 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
355   freed by the caller; add free_pam_environment() and use it.
356 - (stevesk) [auth-pam.c] typo in comment
357
35820020721
359 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
360   openssh-3.4p1-owl-password-changing.diff
361 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
362   PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
363 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
364   warning on pam_conv struct conversation function.
365 - (stevesk) [auth-pam.h] license
366 - (stevesk) [auth-pam.h] unneeded include
367 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h
368
36920020720
370 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().
371
37220020719
373 - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed.
374   Patch by dtucker@zip.com.au
375 - (tim) [configure.ac]  test for libxnet on HP. Patch by dtucker@zip.com.au
376
37720020718
378 - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org
379 - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
380   by ayamura@ayamura.org
381 - (tim) [configure.ac] Bug 267 rework int64_t test.
382 - (tim) [includes.h] Bug 267 add stdint.h
383
38420020717
385 - (bal) aixbff package updated by dtucker@zip.com.au
386 - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests
387   for autoconf 2.53. Based on a patch by jrj@purdue.edu
388
38920020716
390 - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found
391
39220020715
393 - (bal) OpenBSD CVS Sync
394   - itojun@cvs.openbsd.org 2002/07/12 13:29:09
395     [sshconnect.c]
396     print connect failure during debugging mode.
397   - markus@cvs.openbsd.org 2002/07/12 15:50:17
398     [cipher.c]
399     EVP_CIPH_CUSTOM_IV for our own rijndael
400 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
401   dtucker@zip.com.au plus a a more KNF since I am near it.
402 - (bal) Privsep user creation support in Solaris buildpkg.sh by
403   dtucker@zip.com.au
404
40520020714
406 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
407 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
408   openbsd-compat/Makefile.in] support compression on platforms that
409   have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
410   Based on patch from nalin@redhat.com of code extracted from Owl's package
411 - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
412   report by chris@by-design.net
413 - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net
414 - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
415   report by rodney@bond.net
416
41720020712
418 - (tim) [Makefile.in] quiet down install-files: and check-user:
419 - (tim) [configure.ac] remove unused filepriv line
420
42120020710
422 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
423   on /var/empty to 755 Patch by vinschen@redhat.com
424 - (bal) OpenBSD CVS Sync
425   - itojun@cvs.openbsd.org 2002/07/09 11:56:50
426     [sshconnect.c]
427     silently try next address on connect(2).  markus ok
428   - itojun@cvs.openbsd.org 2002/07/09 11:56:27
429     [canohost.c]
430     suppress log on reverse lookup failiure, as there's no real value in
431     doing so.
432     markus ok
433   - itojun@cvs.openbsd.org 2002/07/09 12:04:02
434     [sshconnect.c]
435     ed static function (less warnings)
436   - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
437     [sshd_config.5]
438     clarify no preference ordering in protocol list; ok markus@
439   - itojun@cvs.openbsd.org 2002/07/10 10:28:15
440     [sshconnect.c]
441     bark if all connection attempt fails.
442   - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
443     [rijndael.c]
444     use right sizeof in memcpy; markus ok
445
44620020709
447 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
448   lacking that concept can share it. Patch by vinschen@redhat.com
449
45020020708
451 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
452   work in a jumpstart environment. patch by kbrint@rufus.net
453 - (tim) [Makefile.in] workaround for broken pakadd on some systems.
454 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
455   --with-privsep-path=
456
45720020707
458 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
459 - (tim) [acconfig.h configure.ac sshd.c]
460   s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
461 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
462   patch from vinschen@redhat.com
463 - (bal) [realpath.c] Updated with OpenBSD tree.
464 - (bal) OpenBSD CVS Sync
465   - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
466     [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
467     patch memory leaks; grendel@zeitbombe.org
468   - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
469     [channels.c packet.c]
470     blah blah minor nothing as i read and re-read and re-read...
471   - markus@cvs.openbsd.org 2002/07/04 10:41:47
472     [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
473     don't allocate, copy, and discard if there is not interested in the data;
474     ok deraadt@
475   - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
476     [log.c]
477     KNF
478   - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
479     [ssh-keyscan.c]
480     KNF, realloc fix, and clean usage
481   - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
482     [ssh-keyscan.c]
483     unused variable
484 - (bal) Minor KNF on ssh-keyscan.c
485
48620020705
487 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
488   Reported by Darren Tucker <dtucker@zip.com.au>
489 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
490   from vinschen@redhat.com
491
49220020704
493 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
494   faster data rate)  Bug #124
495 - (bal) glob.c defines TILDE and AIX also defines it.  #undef it first.
496   bug #265
497 - (bal) One too many nulls in ports-aix.c
498 
49920020703
500 - (bal) Updated contrib/cygwin/  patch by vinschen@redhat.com
501 - (bal) minor correction to utimes() replacement.  Patch by
502   onoe@sm.sony.co.jp
503 - OpenBSD CVS Sync
504   - markus@cvs.openbsd.org 2002/06/27 08:49:44
505     [dh.c ssh-keyscan.c sshconnect.c]
506     more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
507   - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
508     [monitor.c]
509     improve mm_zalloc check; markus ok
510   - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
511     [auth2-none.c monitor.c sftp-client.c]
512     use xfree()
513   - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
514     [ssh-keyscan.c]
515     use convtime(); ok markus@
516   - millert@cvs.openbsd.org 2002/06/28 01:49:31
517     [monitor_mm.c]
518     tree(3) wants an int return value for its compare functions and
519     the difference between two pointers is not an int.  Just do the
520     safest thing and store the result in a long and then return 0,
521     -1, or 1 based on that result.
522   - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
523     [monitor_wrap.c]
524     use ssize_t
525   - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
526     [sshd.c]
527     range check -u option at invocation
528   - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
529     [sshd.c]
530     gidset[2] -> gidset[1]; markus ok
531   - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
532     [auth2.c session.c sshd.c]
533     lint asks that we use names that do not overlap
534   - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
535     [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
536      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
537      sshconnect2.c sshd.c]
538     minor KNF
539   - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
540     [msg.c]
541     %u
542   - markus@cvs.openbsd.org 2002/07/01 19:48:46
543     [sshconnect2.c]
544     for compression=yes, we fallback to no-compression if the server does
545     not support compression, vice versa for compression=no. ok mouring@
546   - markus@cvs.openbsd.org 2002/07/03 09:55:38
547     [ssh-keysign.c]
548     use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
549     in order to avoid a possible Kocher timing attack pointed out by Charles
550     Hannum; ok provos@
551   - markus@cvs.openbsd.org 2002/07/03 14:21:05
552     [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
553     re-enable ssh-keysign's sbit, but make ssh-keysign read
554     /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
555     globally. based on discussions with deraadt, itojun and sommerfeld;
556     ok itojun@
557 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
558 - (bal) Missed Makefile.in change.  keysign needs readconf.o
559 - (bal) Clean up aix_usrinfo().  Ignore TTY= period I guess.
560 
56120020702
562 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
563   friends consistently. Spotted by Solar Designer <solar@openwall.com>
564
56520020629
566 - (bal) fix to auth2-pam.c to swap fatal() arguments,  A bit of style
567   clean up while I'm near it.
568
56920020628
570 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
571   options should contain default value.  from solar.
572 - (bal) Cygwin uid0 fix by vinschen@redhat.com
573 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c.  Otherwise wise
574   have issues of our fixes not propogating right (ie bcopy instead of
575   memmove).  OK tim
576 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
577   Bug #303
578
57920020627
580 - OpenBSD CVS Sync
581   - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
582     [monitor.c]
583     correct %u
584   - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
585     [monitor_fdpass.c]
586     use ssize_t for recvmsg() and sendmsg() return
587   - markus@cvs.openbsd.org 2002/06/26 14:51:33
588     [ssh-add.c]
589     fix exit code for -X/-x
590   - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
591     [monitor_wrap.c]
592     more %u
593   - markus@cvs.openbsd.org 2002/06/26 22:27:32
594     [ssh-keysign.c]
595     bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
596
59720020626
598 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
599 - (bal) OpenBSD CVS Sync
600   - markus@cvs.openbsd.org 2002/06/23 21:34:07
601     [channels.c]
602     tcode is u_int
603   - markus@cvs.openbsd.org 2002/06/24 13:12:23
604     [ssh-agent.1]
605     the socket name contains ssh-agent's ppid; via mpech@ from form@
606   - markus@cvs.openbsd.org 2002/06/24 14:33:27
607     [channels.c channels.h clientloop.c serverloop.c]
608     move channel counter to u_int
609   - markus@cvs.openbsd.org 2002/06/24 14:55:38
610     [authfile.c kex.c ssh-agent.c]
611     cat to (void) when output from buffer_get_X is ignored
612   - itojun@cvs.openbsd.org 2002/06/24 15:49:22
613     [msg.c]
614     printf type pedant
615   - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
616     [sftp-server.c sshpty.c]
617     explicit (u_int) for uid and gid
618   - markus@cvs.openbsd.org 2002/06/25 16:22:42
619     [authfd.c]
620     unnecessary cast
621   - markus@cvs.openbsd.org 2002/06/25 18:51:04
622     [sshd.c]
623     lightweight do_setusercontext after chroot()
624 - (bal) Updated AIX package build.  Patch by dtucker@zip.com.au
625 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
626 - (bal) added back in error check for mmap().  I screwed up, Pointed
627   out by stevesk@
628 - (tim) [README.privsep] UnixWare tip no longer needed.
629 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
630   but it all damned lies.
631 - (stevesk) [README.privsep] more for sshd pseudo-account.
632 - (tim) [contrib/caldera/openssh.spec] add support for privsep
633 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
634 - (djm) OpenBSD CVS Sync
635   - markus@cvs.openbsd.org 2002/06/26 08:53:12
636     [bufaux.c]
637     limit size of BNs to 8KB; ok provos/deraadt
638   - markus@cvs.openbsd.org 2002/06/26 08:54:18
639     [buffer.c]
640     limit append to 1MB and buffers to 10MB
641   - markus@cvs.openbsd.org 2002/06/26 08:55:02
642     [channels.c]
643     limit # of channels to 10000
644   - markus@cvs.openbsd.org 2002/06/26 08:58:26
645     [session.c]
646     limit # of env vars to 1000; ok deraadt/djm
647   - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
648     [monitor.c]
649     be careful in mm_zalloc
650   - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
651     [session.c]
652     disclose less information from environment files; based on input
653     from djm, and dschultz@uclink.Berkeley.EDU
654   - markus@cvs.openbsd.org 2002/06/26 13:55:37
655     [auth2-chall.c]
656     make sure # of response matches # of queries, fixes int overflow;
657     from ISS
658   - markus@cvs.openbsd.org 2002/06/26 13:56:27
659     [version.h]
660     3.4
661 - (djm) Require krb5 devel for RPM build w/ KrbV
662 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
663   <nalin@redhat.com>
664 - (djm) Update spec files for release
665 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
666 - (djm) Release 3.4p1
667 - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in
668   by mistake
669
67020020625
671 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
672 - (stevesk) [README.privsep] minor updates
673 - (djm) Create privsep directory and warn if privsep user is missing
674   during make install
675 - (bal) Started list of PrivSep issues in TODO
676 - (bal) if mmap() is substandard, don't allow compression on server side.
677   Post 'event' we will add more options.
678 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
679 - (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
680   dtucker@zip.com.au
681 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
682   for Cygwin, Cray, & SCO
683
68420020624
685 - OpenBSD CVS Sync
686   - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
687     [tildexpand.c]
688     KNF
689   - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
690     [cipher.c key.c]
691     KNF
692   - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
693     [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
694      sshpty.c]
695     various KNF and %d for unsigned
696   - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
697     [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
698      sftp.c]
699     bunch of u_int vs int stuff
700   - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
701     [ssh-keygen.c]
702     u_int stuff
703   - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
704     [bufaux.c servconf.c]
705     minor KNF.  things the fingers do while you read
706   - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
707     [ssh-agent.c sshd.c]
708     some minor KNF and %u
709   - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
710     [session.c]
711     compression_level is u_int
712   - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
713     [sshpty.c]
714     KNF
715   - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
716     [channels.c channels.h session.c session.h]
717     display, screen, row, col, xpixel, ypixel are u_int; markus ok
718   - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
719     [packet.c]
720     packet_get_int() returns unsigned for reason & seqnr
721  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
722    xpixel are u_int.
723
724
72520020623
726 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
727 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
728 - (bal) add extern char *getopt.  Based on report by dtucker@zip.com.au
729 - OpenBSD CVS Sync
730   - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
731     [ssh.h]
732     correct comment
733   - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
734     [ssh.1]
735     section 5 not 4 for ssh_config
736   - naddy@cvs.openbsd.org 2002/06/22 11:51:39
737     [ssh.1]
738     typo
739   - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
740     [sshd.8]
741     add /var/empty in FILES section
742   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
743     [sshd.c]
744     check /var/empty owner mode; ok provos@
745   - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
746     [scp.1]
747     typo
748   - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
749     [ssh-agent.1 sshd.8 sshd_config.5]
750     use process ID vs. pid/PID/process identifier
751   - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
752     [sshd.c]
753     don't call setsid() if debugging or run from inetd; no "Operation not
754     permitted" errors now; ok millert@ markus@
755   - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
756     [monitor.c]
757     save auth method before monitor_reset_key_state(); bugzilla bug #284;
758     ok provos@
759
760$Id: ChangeLog,v 1.1.1.3 2003-02-05 19:04:52 zacheiss Exp $
Note: See TracBrowser for help on using the repository browser.