1 | Tue Jul 7 22:38:41 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
2 | |
---|
3 | * Changed scp to run ssh1 instead of ssh. |
---|
4 | |
---|
5 | * Added -L (no privileged port) option to scp. Patch from Ville |
---|
6 | Herva <vherva@niksula.hut.fi>. |
---|
7 | |
---|
8 | * Fixed spelling of privileged (was priviledged). The olwd option |
---|
9 | is still understood. Reported by Mike Friedman |
---|
10 | <mikef@ack.berkeley.edu>. |
---|
11 | |
---|
12 | * Removed .ie, and .el from man pages, and replace them with empty |
---|
13 | lines as is done with other sources. |
---|
14 | |
---|
15 | * Fixed checking that user default group must exist if it used in |
---|
16 | allow/deny groups. Patch from Teddy Grenman <tricky@cs.hut.fi>. |
---|
17 | |
---|
18 | * Fixed overflow in scp statistics. Patch from Petri Kaukasoina |
---|
19 | <kaukasoi@elektroni.ee.tut.fi>. |
---|
20 | |
---|
21 | * Added checking for syslen field in utmpx structure. |
---|
22 | |
---|
23 | * Added better support for HPUX tcb auth. |
---|
24 | |
---|
25 | * Added match_host, that will check that if the pattern is all |
---|
26 | numeric, it is only compared against ip addresses. Suggestion from |
---|
27 | Andrew Tridgell <tridge@samba.anu.edu.au>. |
---|
28 | |
---|
29 | * Added bind 8 support for make-known-hosts.pl from Niklas |
---|
30 | Edmundsson <nikke@ing.umu.se>. |
---|
31 | |
---|
32 | * Added SGI project accounting from Eivind Gjelseth |
---|
33 | <eivind@ii.uib.no>. |
---|
34 | |
---|
35 | * Added checking of system function return value in scp.c. Patch |
---|
36 | from Loren "Buck" Buchanan <lbuchana@csc.com>. |
---|
37 | |
---|
38 | * Fixed "SilentDeny on" to "SilentDeny yes" in the example config |
---|
39 | file for server. |
---|
40 | |
---|
41 | * Changed HPSUX_NONSTANDARD_X11_KLUDGE to only be used when |
---|
42 | opening socket. Added new NONSTANDARD_IP_ADDRESS_X11_KLUDGE to be |
---|
43 | used when display must be ipaddress instead of hostname. Changed |
---|
44 | configure to define the NONSTANDARD_IP_ADDRESS_X11_KLUDGE for |
---|
45 | i386-sni-sysv4 (SINIX) (report from Felix von Delius |
---|
46 | <Felix-von.Delius@dresdner-bank.de>). |
---|
47 | |
---|
48 | * Changed version number checking so that the client will allow |
---|
49 | server to send new major version number (2.x). |
---|
50 | |
---|
51 | * Moved connecting ... debug message after allocated local port |
---|
52 | message. Suggestion from Jarkko Hietaniemi <jhi@iki.fi>. |
---|
53 | |
---|
54 | * Updated deattack code to new version (fixes some bug in |
---|
55 | check_crc function. New code from CORE SDI S.A., Buenos Aires, |
---|
56 | Argentina. |
---|
57 | |
---|
58 | * Added find of passwd program in configure. Patch from Jum Bourne |
---|
59 | <jbourne@island.net>. |
---|
60 | |
---|
61 | Fri Jun 12 10:51:59 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
62 | |
---|
63 | * Fixed suid bit removing so that it will be done first and after |
---|
64 | that the files are renamed to xxx.old. |
---|
65 | |
---|
66 | * Disable scp statistics if -B option is given. Patch from Philip |
---|
67 | Kizer <pckizer@tamu.edu>. |
---|
68 | |
---|
69 | * Disable scp statistics if the stdout is not a tty. |
---|
70 | |
---|
71 | Thu Jun 11 01:05:28 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
72 | |
---|
73 | * Added time and date in the X11 connection rejected message |
---|
74 | requested by Jarkko Hietaniemi <jhi@iki.fi>. |
---|
75 | |
---|
76 | * Added username to passwd command when forcing password change. |
---|
77 | |
---|
78 | * Added crc-fix detection code from CORE SDI S.A., Buenos Aires, |
---|
79 | Argentina. See their security announcement for more information. |
---|
80 | |
---|
81 | * Disabled SO_LINGER by default. Added --enable-so-linger |
---|
82 | configure option that turns it on again. |
---|
83 | |
---|
84 | * Added scp statistics print from Craig Yap <craig@cse.fau.edu>. |
---|
85 | Added --disable-scp-stats to turn it off, and -q option to scp. |
---|
86 | |
---|
87 | * Added user@host pattern matching in Allow/DenyUsers. Patch from |
---|
88 | Andrew Tridgell <tridge@samba.anu.edu.au>. |
---|
89 | |
---|
90 | * Added run time check for /var/X directory. Patch from Charles |
---|
91 | Karney <karney@pppl.gov>. |
---|
92 | |
---|
93 | Thu May 21 21:31:44 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
94 | |
---|
95 | * Added warning about expiring passwords. Also added warning |
---|
96 | message when the account is going to expire. Idea from Harry |
---|
97 | Shamansky <shamansky@adinc.com>. Added PasswordExpireWarningDays |
---|
98 | and AccountExpireWarningDays server configuration variables. |
---|
99 | |
---|
100 | * Fixed login_getclass code for BSDI 2.1 (199510). Patch from |
---|
101 | Kazunori ANDO <ando@iij-mc.co.jp>. |
---|
102 | |
---|
103 | * Fixed defining X11_DIR in the configure.in. Patch from Bradford |
---|
104 | W. Johnson <bradford@math.umn.edu>. |
---|
105 | |
---|
106 | * Fixed -g option case clause (missing break). Patch from Kevin |
---|
107 | Steves <stevesk@sweden.hp.com>. |
---|
108 | |
---|
109 | * Added check for program name to contain ssh1, ssh1.old, ssh.old, |
---|
110 | slogin1, slogin.old, slogin1.old. Bug report from Richard Kaszeta |
---|
111 | <kaszeta@me.umn.edu>. |
---|
112 | |
---|
113 | * Fixed AC_CHECK_HEADER(socks.h) in the configure.in. Patch from |
---|
114 | Andrew Raphael <raphael@research.canon.com.au>. |
---|
115 | |
---|
116 | * Fixed TIS authentication to understand chalnecho response. Patch |
---|
117 | from Mark Horn <mhorn@funb.com>. |
---|
118 | |
---|
119 | * Fixed typo in the ForcedPasswordChange configuration variable. |
---|
120 | Patch from Rick Troxel <rick@helix.nih.gov>. |
---|
121 | |
---|
122 | * Documented ForcedPasswordChange, and changed its default value |
---|
123 | to yes. Added osf c2 code to use that option too. |
---|
124 | |
---|
125 | * Added SSH_BINDIR adding to PATH found from /etc/default/login |
---|
126 | etc. Patch from Georg-W. Koltermann <gwk@cray.com>. |
---|
127 | |
---|
128 | * AllowSHosts, DenySHosts patches from Piete Brooks |
---|
129 | <pb@cl.cam.ac.uk>. |
---|
130 | |
---|
131 | Mon May 4 16:37:41 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
132 | |
---|
133 | * Fixed layout of the authorized_keys options in the sshd man |
---|
134 | page. |
---|
135 | |
---|
136 | * Added check that if SIGPWR and SIGINFO are same only one of them |
---|
137 | is used. |
---|
138 | |
---|
139 | * Fixed no-port-forwarding so that it will also disable local port |
---|
140 | forwardings at the server side. |
---|
141 | |
---|
142 | Fri Apr 24 19:02:05 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
143 | |
---|
144 | * Changed installation so that all programs are installed as |
---|
145 | <program>1 and if the <program>2 file doesn't exists then it will |
---|
146 | make symlink from <program> to <program>1. This means that after |
---|
147 | you have ssh version 2 installed the installation process doesn't |
---|
148 | touch <program> anymore, it will just install everything as |
---|
149 | <program>1. Then you can manually change <program> link to point |
---|
150 | to version 1 or 2 programs. Man pages are exception for this, the |
---|
151 | man pages will always install as <manpage>1.x and they will always |
---|
152 | make link from <manpage>.x to <manpage>1.x. |
---|
153 | |
---|
154 | * Added ssh version 2 compat option. If started with -V "str" the |
---|
155 | sshd will assume the remote version is "str" and it doesn't try to |
---|
156 | read it from the input channel. This way ssh2d may read the |
---|
157 | version string and if it notices that this is ssh 1 client it can |
---|
158 | exec sshd -i -V "str" options. |
---|
159 | |
---|
160 | * Fixed make-known-hosts.pl so that it will first send SIGINT to |
---|
161 | ssh and then wait 1 second before sending SIGKILL. This will allow |
---|
162 | ssh-client to die cleanly and restore the terminal settings before |
---|
163 | exiting. |
---|
164 | |
---|
165 | * Added code that will ignore the string given to SSH_MSG_IGNORE. |
---|
166 | Bug reported by Bernard Perrot <perrot@lal.in2p3.fr>. |
---|
167 | |
---|
168 | * Check that proxy command isn't empy before starting it. Patch |
---|
169 | from Chuck Goodhart <ceg@alumni.caltech.edu>. |
---|
170 | |
---|
171 | * Patch from John P.Speno <speno@isc.upenn.edu> to allow osf c2 |
---|
172 | resources to be set to 0. |
---|
173 | |
---|
174 | * Added default processing of SIGPWR signal. |
---|
175 | |
---|
176 | * Configurable password prompt from Maciej W. Rozycki |
---|
177 | <macro@ds2.pg.gda.pl>. |
---|
178 | |
---|
179 | * Utmpx fix from Ofer Licht <ofer@stat.Berkeley.EDU>. |
---|
180 | |
---|
181 | * Added .rhosts to understand #-comment in the end of the line. |
---|
182 | Patch from <lamont@cranston.fc.hp.com>. |
---|
183 | |
---|
184 | * Added libwrap calls to debug mode sshd also. |
---|
185 | |
---|
186 | * Added patch that will force password change if OSF C2 password |
---|
187 | is expired. Patch from Florian Fuchs. |
---|
188 | |
---|
189 | * Added grabbing of keyboard in ssh-askpass. Patch from Raymund |
---|
190 | Will <ray@caldera.de>. |
---|
191 | |
---|
192 | * Small patch for debian linux for sparcs. |
---|
193 | |
---|
194 | * Added cray T3E patches from Kaj Mustikkamäki |
---|
195 | (kaj.mustikkamaki@csc.fi). |
---|
196 | |
---|
197 | * Added code that will set resource limits under BSD/OS. Patch |
---|
198 | from Payl Borman <prb@bsdi.com>. |
---|
199 | |
---|
200 | Fri Apr 17 01:46:00 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
201 | |
---|
202 | * Fixed ttyslot code. Fixed NeXT inline assembler codes. Patches |
---|
203 | from Corey Satten <corey@cac.washington.edu>. |
---|
204 | |
---|
205 | * Added setting of REMOTEUSER environment variable name if remote |
---|
206 | username available. |
---|
207 | |
---|
208 | * Added setting of AUTHSTATE and KRB5CCNAME environment variables |
---|
209 | if we have authenticate() in AIX. Patch from Matt Richards |
---|
210 | (v2matt@btv.ibm.com). |
---|
211 | |
---|
212 | * Added configure option --with-nologin-allow[=/etc/nologin.allow] |
---|
213 | to have sshd read the given file for a list of usernames exempt |
---|
214 | from /etc/nologin. This allows administrators retain remote access |
---|
215 | in the case of needed maintainence when users needed to not be on |
---|
216 | the system. Jointly created by Philip Kizer <pckizer@nostrum.com> |
---|
217 | and <steele@nostrum.com>. |
---|
218 | |
---|
219 | * FreeBSD /etc/login.conf capabilities patches from Steve Birnbaum |
---|
220 | <sbirn@security.org.il> and torstenb@FreeBSD.ORG. |
---|
221 | |
---|
222 | * Added setsid patch for -f option in ssh from Garance A Drosehn |
---|
223 | <gad@eclipse.its.rpi.edu>. |
---|
224 | |
---|
225 | Tue Mar 31 00:39:51 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
226 | |
---|
227 | * Fixed 2 GB file handling in scp. Bug reported by Anthony |
---|
228 | Talltree <aad@nwnet.net>. |
---|
229 | |
---|
230 | * Added checking of system default lock from John P.Speno |
---|
231 | <speno@isc.upenn.edu>. |
---|
232 | |
---|
233 | Fri Mar 27 15:17:04 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
234 | |
---|
235 | * Added IgnoreRootRhosts option to server config file. Patch from |
---|
236 | Luke Mewburn <lm@cs.rmit.edu.au>. |
---|
237 | |
---|
238 | * Fixed idle_timeout code in serverloop.c. Patch from Bob Goellner |
---|
239 | <bgelnr@bbn.com>. |
---|
240 | |
---|
241 | * Moved initgroups before closing all filedescriptors. Patch from |
---|
242 | Donald Buczek <buczek@MPING-Berlin-Dahlem.MPG.DE>. |
---|
243 | |
---|
244 | * Added patch from Bill O'Neill <woneill@thunder.ocis.temple.edu> |
---|
245 | that will fix the Digital Unix 4.0 C2 password expiration |
---|
246 | problems. |
---|
247 | |
---|
248 | * Allow authentication socket to be symlink, if we are not suid. |
---|
249 | Patch from Steve Birnbaum <sbirn@security.org.il>. |
---|
250 | |
---|
251 | * Combined two getpwent calls in the ssh.c to get around bug in |
---|
252 | red hat 4.2 nis library. |
---|
253 | |
---|
254 | * gmp-2.0.2-ssh-2/mpf/set_str.c (mpf_set_str) [!__STDC__]: Add |
---|
255 | const to STR argument, to match decl in ../gmp.h from Brendan |
---|
256 | Kehoe <brendan@cygnus.com>. |
---|
257 | |
---|
258 | * Added GatewayPorts option and -g option from Steve Bellovin |
---|
259 | <smb@research.att.com>. |
---|
260 | |
---|
261 | * Added SIGDANGER patch from Steve Bonds <sbonds@agora.rdrop.com>. |
---|
262 | |
---|
263 | * Added socks5 with kerberos patches from E. Jay Berkenbilt |
---|
264 | <ejb@ql.org>. |
---|
265 | |
---|
266 | * Added using of aix authenticate function if it exists from Matt |
---|
267 | Richards (v2matt@btv.ibm.com). |
---|
268 | |
---|
269 | * Added check that kerberos initialization succeeds from Dima |
---|
270 | Ruban (dima@best.net). |
---|
271 | |
---|
272 | * Added dectection of ttyslot function in the configure.in. |
---|
273 | |
---|
274 | * NeXT patches from Corey Satten <corey@cac.washington.edu>. |
---|
275 | |
---|
276 | * Fixed too early free of authsocket in the authfd.c (reported by |
---|
277 | many people). |
---|
278 | |
---|
279 | * Added check that .rhosts/.shosts file cannot have any other |
---|
280 | control characters except whitespaces. Problem described by Theo |
---|
281 | de Raadt <deraadt@cvs.openbsd.org>. |
---|
282 | |
---|
283 | * Disabled TCP_NODELAY and added --enable-tcp-nodelay configure |
---|
284 | option to enable it again (Sean Doran <smb@ebone.net>). |
---|
285 | |
---|
286 | * Added support for X11 socket being in the /var/X/.X11-unix |
---|
287 | instead of /tmp/.X11-unix directory (mcr@sandelman.ottawa.on.ca). |
---|
288 | |
---|
289 | Wed Jan 21 16:02:01 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
290 | |
---|
291 | * includes.h (S_ISLNK): Fixed bug reported by Paul J. Sanchez |
---|
292 | <paul@spectrum.slu.edu>. |
---|
293 | |
---|
294 | Sat Jan 3 07:11:58 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
295 | |
---|
296 | * Fixed bug in {Allow,Deny}ForwardingTo host name handling. The |
---|
297 | host name was not nul terminated properly. |
---|
298 | |
---|
299 | * Added {Allow,Deny}groups patch from Jason Ackley |
---|
300 | <jason@viaccess.net>. |
---|
301 | |
---|
302 | Fri Jan 2 04:51:21 1998 Tero Kivinen <kivinen@ssh.fi> |
---|
303 | |
---|
304 | * (F-SECURE): Added support for {Allow,Deny}Forwarding{To,Port} |
---|
305 | options in authorized_keys file. |
---|
306 | |
---|
307 | * Fixed ssh-agent dying when it received SIGPIPE when user |
---|
308 | pressed Ctrl-C in middle of login process. |
---|
309 | |
---|
310 | * Changed authorized_keys file options to be case insensitive. |
---|
311 | |
---|
312 | * Confirmed that ssh is Y2K compliant. The HAVE_USERSEC_H code in |
---|
313 | login_permitted function in sshd.c file is the only code that has |
---|
314 | some Y2K problems. The expiration format returned by getuserattr |
---|
315 | is only yymmddhhmm, and when login_permitted converts it to |
---|
316 | normalized format that assumes that if yy < 70 then it must be |
---|
317 | 20yy, otherwise assume it to be 19yy. This means that you cannot |
---|
318 | now have users whose account expires after year 2070. |
---|
319 | |
---|
320 | * Confirmed that on enviroments where time_t is 32 bit unsigned |
---|
321 | long or 64 bit value ssh should also be Y2038 complient. |
---|
322 | |
---|
323 | * GMP configure patch for FreeBSD/ELF system from Ollivier Robert |
---|
324 | <reberto@keltia.freenix.fr>. |
---|
325 | |
---|
326 | * Added CheckMail patch from Aaron Gowatch <aarong@wired.com>. |
---|
327 | |
---|
328 | * Added patch from Nick Nibma <nick.hibma@jrc.it> that will change |
---|
329 | password from from "foo's password" to foo@bar's password. |
---|
330 | |
---|
331 | * Implemented -k option for ssh-agent (kill agent) suggested by |
---|
332 | Charles M. Hannum <mycroft@mit.edu> |
---|
333 | |
---|
334 | * Fixed agent socket opening code for suid versions. |
---|
335 | |
---|
336 | * Renamed SSH_AUTHENCATION_SOCKET to SSH_AUTH_SOCK, because some |
---|
337 | environments have limit for environment variable lengths. |
---|
338 | |
---|
339 | * Added XAuthLocation and kerberos 5 patch from Harry G. McGavran |
---|
340 | Jr. <hgm@lanl.gov>. |
---|
341 | |
---|
342 | * Added OSF C2 user account locked and expired checks and user |
---|
343 | default resource limits patch from Joao Castro |
---|
344 | <jcastro@ist.utl.pt>. |
---|
345 | |
---|
346 | * Added BSDI /etc/login.conf and password expiration warning |
---|
347 | patches from Jason Ackley <jason@ackley.net>. |
---|
348 | |
---|
349 | Mon Apr 28 00:53:04 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
350 | |
---|
351 | * (F-SECURE): Added {Allow,Deny}Forwarding{To,Port} feature. |
---|
352 | |
---|
353 | * Added {Allow,Deny}Users feature from Steve Kann |
---|
354 | <stevek@SteveK.COM>. |
---|
355 | |
---|
356 | Wed Apr 23 02:56:20 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
357 | |
---|
358 | * scp: Added -oClearAllForwardings yes to ssh command line, so if |
---|
359 | you have forwardings in config file you can still use scp without |
---|
360 | errors because ssh cannot bind those same sockets. |
---|
361 | |
---|
362 | * Added ClearAllForwardings and NumberOfPasswordPrompts options. |
---|
363 | |
---|
364 | * Fixed SIGINFO check. |
---|
365 | |
---|
366 | * Added check that getpseudotty function exists before using, we |
---|
367 | cannot assume it exists if /dev/getpty exists, because some dynix |
---|
368 | systems have /dev/getpty but no getpseudotty function. |
---|
369 | |
---|
370 | * Added check that spwd struct have sp_expire and sp_inact fields. |
---|
371 | |
---|
372 | * Added WRAPLIBS to Makefile.in and configure.in so libwrap is |
---|
373 | linked to only ssh and sshd. |
---|
374 | |
---|
375 | Mon Apr 21 05:47:46 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
376 | |
---|
377 | * Added -S option to scp (specifies path to ssh program). |
---|
378 | |
---|
379 | * Added waitpid loop to main_sigchld_handler if we have it. |
---|
380 | |
---|
381 | * Changed server_loop to call pty_cleanup_proc instead of |
---|
382 | pty_release, added check to pty_cleanup_proc so it will not |
---|
383 | cleanup pty twice. |
---|
384 | |
---|
385 | * Fixed allow_tcp_forwarding option so it defaults to yes now. |
---|
386 | |
---|
387 | * Added AC_MSG_CHECKING/AC_MSG_RESULT to AC_EGREP_HEADER stuff. |
---|
388 | |
---|
389 | * Added --enable-deprecated-linux-pw-encrypt option to configure. |
---|
390 | |
---|
391 | * Added compat code for Dynix. It have incompatible SIGINFO |
---|
392 | defination in sys/siginfo.h. |
---|
393 | |
---|
394 | Thu Apr 17 02:06:16 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
395 | |
---|
396 | * scp now understands -o options, and passes them to ssh. |
---|
397 | |
---|
398 | * Some kerberos DCE fixes from Doug Engert <DEEngert@anl.gov>. |
---|
399 | |
---|
400 | * Added read_confirmation function to readpass.c that will ask |
---|
401 | confirmation from user using either stdin or /dev/tty. This is |
---|
402 | used when using StrictHostKeyChecking is set to ask. |
---|
403 | |
---|
404 | * Changed StrictHostKeyChecking to have three states: yes/no/ask. |
---|
405 | Idea from Markus Linnala <maage@ee.tut.fi>. |
---|
406 | |
---|
407 | * Fixed make-ssh-known-hosts.pl to use 3des instead of rc4. |
---|
408 | |
---|
409 | * Added -p option to ssh-add (read passphrase from pipe). Idea |
---|
410 | from Charles Karney <karney@pppl.gov>. |
---|
411 | |
---|
412 | * Added signal(SIGCHLD, SIG_DFL) on child before using libwrap |
---|
413 | stuff in sshd.c. |
---|
414 | |
---|
415 | * Fixed mv sshd sshd.old to use correct directory (sbindir). |
---|
416 | (reported by several people). |
---|
417 | |
---|
418 | * Fixed putenvs in the xstrdup (reported by several people). |
---|
419 | |
---|
420 | Sun Apr 6 00:41:55 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
421 | |
---|
422 | * gmp: Added -Wa,+DA1.1 to SFLAGS on hppa1.1 machines. |
---|
423 | Fixed the (cd mpn; ...) > foo stuff so that it works even if |
---|
424 | some brain damaged cd prints something (it does in hpsux). |
---|
425 | |
---|
426 | * Removed restriction that ssh only used priviledged port if |
---|
427 | server port was < 1024. |
---|
428 | |
---|
429 | * Added setting of allow_severity and deny_severity in ssh.c too, |
---|
430 | because newchannels.c uses libwrap also. |
---|
431 | |
---|
432 | * Fixed ssh-agent option parsing. |
---|
433 | |
---|
434 | * Added -- option support in ssh-agent, patch from |
---|
435 | Charles M. Hannum <mycroft@gnu.ai.mit.edu>. |
---|
436 | |
---|
437 | * Added closing of agent socket in parent process, patch from |
---|
438 | Charles M. Hannum <mycroft@gnu.ai.mit.edu>. |
---|
439 | |
---|
440 | * Added check for existance of O_NOCTTY (patch from |
---|
441 | KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>). |
---|
442 | |
---|
443 | * Added setting of SSH_AGENT_PID when running command too. |
---|
444 | |
---|
445 | * Fixed ssh-add SECURE_RPC support, so it will work even if no |
---|
446 | passphrase is found. |
---|
447 | |
---|
448 | * Fixed closing of pty, and changed it to use shutdown first and |
---|
449 | close the pty only after pty have been released, patch from |
---|
450 | Charles M. Hannum <mycroft@gnu.ai.mit.edu>. |
---|
451 | |
---|
452 | * Fixed typo on allow_tcp_forwarding code. |
---|
453 | |
---|
454 | * Fixed the quoting of ' character in readpass. |
---|
455 | |
---|
456 | * Added check for $HOME/MailBox as mail spool file in configure. |
---|
457 | |
---|
458 | * Fixed kerberos patches (KRB5 define, error_code, -lcom_err and |
---|
459 | unbalanced } in sshconnect.c). |
---|
460 | |
---|
461 | * Changed make install so it will rename old ssh to ssh.old and |
---|
462 | then install new version. |
---|
463 | |
---|
464 | Thu Mar 27 04:49:50 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
465 | |
---|
466 | * Added kerberos patches from Glenn Machin <gmachin@sandia.gov>. |
---|
467 | |
---|
468 | * Added --with-login-patch from Brian Cully <shmit@panix.com>. |
---|
469 | |
---|
470 | Wed Mar 26 05:21:04 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
471 | |
---|
472 | * Added IdleTimeout option for server and idle-timeout for |
---|
473 | authorized_keys file that can set idle-timeout for process. |
---|
474 | |
---|
475 | * Added -P option and UsePriviledgedPort option. |
---|
476 | |
---|
477 | * Sony NEWS-OS 6 patches from kjm@rins.ryukoku.ac.jp (KOJIMA |
---|
478 | Hajime). |
---|
479 | |
---|
480 | Tue Mar 25 04:18:49 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
481 | |
---|
482 | * Patch for AIX 4.1 pty detection in configure from jay@pcc.com |
---|
483 | (Jay Schuster). |
---|
484 | |
---|
485 | * Config patch for NEWS-OS 4.2.1R from Makoto MATSUSHITA |
---|
486 | <matusita@ics.es.osaka-u.ac.jp>. |
---|
487 | |
---|
488 | * Use daemon() if it exists. Patch from mycroft@gnu.ai.mit.edu |
---|
489 | (Charles M. Hannum). |
---|
490 | |
---|
491 | * Added SilentDeny option proposed by Timo Rinne (tri@iki.fi). |
---|
492 | |
---|
493 | * Changed config file option handling to allow "=" character |
---|
494 | between options, now you can write -o FallBackToRsh=no in command |
---|
495 | line. Also made config file options case insensitive. |
---|
496 | |
---|
497 | * Added umask server option. |
---|
498 | |
---|
499 | * Added no_utmpx=yes for AIX 4.2, fix from John M. Sellens |
---|
500 | <jmsellen@watdragon.uwaterloo.ca>. |
---|
501 | |
---|
502 | * Moved libwrap code to child, patch from wietse@wzv.win.tue.nl |
---|
503 | (Wietse Venema). |
---|
504 | |
---|
505 | * Added HP-UX pty patch from LaMont Jones |
---|
506 | <lamont@cranston.fc.hp.com>. |
---|
507 | |
---|
508 | Wed Mar 19 17:49:36 1997 Tero Kivinen <kivinen@ssh.fi> |
---|
509 | |
---|
510 | * Added SSH_ORIGINAL_COMMAND environment variable setting. It |
---|
511 | will have the original command from the network when using |
---|
512 | forced command. It can be used to get arguments for forced |
---|
513 | command. |
---|
514 | |
---|
515 | * Disabled x11 and port forwardings if host key have changed. |
---|
516 | |
---|
517 | * Added yes/no prompt if host key is not known or changed. |
---|
518 | |
---|
519 | * Added local mapping of "localhost" to "127.0.0.1" to avoid dns |
---|
520 | attacks for localhost (the host key checking is disabled for |
---|
521 | localhost). |
---|
522 | |
---|
523 | * Added checks that public key exponent cannot be less than 3. |
---|
524 | |
---|
525 | * Fixed libshadow checks in the configure.in for linux. |
---|
526 | |
---|
527 | * Added checks if openpty can be found from libbsd. |
---|
528 | |
---|
529 | * Fixed --with-{libwrap,socks*,rsaref} argument handling. |
---|
530 | |
---|
531 | * Added --disable-suid-ssh option. Added support for it in |
---|
532 | Makefile.in |
---|
533 | |
---|
534 | * Rewrote the make dist support so it works if you are using |
---|
535 | separate object directory too. |
---|
536 | |
---|
537 | * Updated zlib version to 1.0.4. |
---|
538 | |
---|
539 | * Added checks that x11 and authentication agent forwarding is |
---|
540 | really requested when open requests is received. |
---|
541 | |
---|
542 | * Fixed SIGCHLD race condition. |
---|
543 | |
---|
544 | * Changed do_authentication to get cipher_type, so it can |
---|
545 | disable RhostsRsa authentication if using unsecure cipher |
---|
546 | (NONE, or ARCFOUR). |
---|
547 | |
---|
548 | * Changed order of environment variables set to child, because |
---|
549 | digital unixes telnet dumps core if USER is the first |
---|
550 | environment variable set. |
---|
551 | |
---|
552 | * Added code that will set all ip-address to xauth so it should |
---|
553 | work for multihosted machines too. Dont use xauth add |
---|
554 | host/unix:0 on crays, because it complains about it. Patch |
---|
555 | from Arne Henrik Juul <arnej@imf.unit.no>. |
---|
556 | |
---|
557 | * Disabled agent forwarding from client if server host key doesn't |
---|
558 | match. |
---|
559 | |
---|
560 | * Removed DES from as mandatory cipher in the protocol. |
---|
561 | |
---|
562 | * Added README.CIPHERS to tell some words about different ciphers. |
---|
563 | |
---|
564 | * Made all ciphers includation configurable by configure. |
---|
565 | |
---|
566 | * If configured ssh program isn't found in scp, try to find ssh |
---|
567 | from the same directory scp program is run. |
---|
568 | |
---|
569 | * Fixed /bin/sh command syntax printed by ssh-agent (from Hannu |
---|
570 | Napari <napo@tcm.hut.fi>). |
---|
571 | |
---|
572 | * Added -c and -s options to ssh-agent (tell shell style). |
---|
573 | |
---|
574 | * Added quoting of passphrace prompting prompt. |
---|
575 | |
---|
576 | * Disabled arcfour (see README.CIPHERS for more information). |
---|
577 | |
---|
578 | * Disabled single des. |
---|
579 | |
---|
580 | * Disabled none-encryption. |
---|
581 | |
---|
582 | * Limit hostname and username to 255 characters. |
---|
583 | |
---|
584 | * Added SECURE_RPC, SECURE_NFS and NIS_PLUS support from Andy |
---|
585 | Polyakov <appro@fy.chalmers.se>. |
---|
586 | |
---|
587 | * Added TIS authentication code from Andre April |
---|
588 | <Andre.April@cediti.be>. |
---|
589 | |
---|
590 | Fri Jan 10 17:15:15 EET 1997 Tomi Salo <ttsalo@ssh.fi> |
---|
591 | |
---|
592 | * login.c: Merged a patch for SunOS/Solaris from Scott Schwartz |
---|
593 | <schwartz@galapagos.cse.psu.edu>. (Now ttyslot() is used for |
---|
594 | writing to utmp) |
---|
595 | |
---|
596 | Wed Jan 8 15:19:19 EET 1997 Tomi Salo <ttsalo@ssh.fi> |
---|
597 | |
---|
598 | * osfc2.c: A fix for OSF/1 passwords from |
---|
599 | Steve VanDevender <stevev@hexadecimal.uoregon.edu> merged. |
---|
600 | |
---|
601 | Fri Jan 3 16:59:57 EET 1997 Tomi Salo <ttsalo@ssh.fi> |
---|
602 | |
---|
603 | * DYNIX/ptx2 patch from Kenneth Stailey |
---|
604 | <kstailey@eagle.dol-esa.gov> merged to configure.in |
---|
605 | |
---|
606 | Mon Dec 16 17:50:08 EET 1996 Tomi Salo <ttsalo@ssh.fi> |
---|
607 | |
---|
608 | * New option: X11DisplayOffset, from Jari Kokko <jari@pilvi.fi> |
---|
609 | |
---|
610 | Wed Nov 20 00:43:08 1996 Tero Kivinen <kivinen@ssh.fi> |
---|
611 | |
---|
612 | * gmp/mpn/m68k/syntax.h: Fixed bug in ALIGN for SONY_SYNTAX. |
---|
613 | |
---|
614 | * gmp/configure.in: Added system specific setting for solaris when |
---|
615 | using CC (add -Xs to CPP). |
---|
616 | |
---|
617 | * configure.in: Fixed CC for IRIX 6.2 systems (CC="cc -n32"). |
---|
618 | |
---|
619 | * authfd.c: Changed socket directory checks so that if the |
---|
620 | original_real_uid is root do not check the file owner. |
---|
621 | |
---|
622 | * Makefile.in: Added rm -f TAGS before making tags. |
---|
623 | |
---|
624 | Tue Nov 12 17:50:08 EET 1996 Tomi Salo <ttsalo@ssh.fi> |
---|
625 | |
---|
626 | * FreeBSD pty allocation patch from Andrey Chernov merged. |
---|
627 | |
---|
628 | Sat Nov 9 19:29:39 EET 1996 Tomi Salo <ttsalo@ssh.fi> |
---|
629 | |
---|
630 | * Patch from mouse@Holo.Rodents.Montreal.QC.CA to ssh-keygen.c |
---|
631 | (now tells the user the real assumed name of the key, not just |
---|
632 | $HOME/%s) |
---|
633 | |
---|
634 | Thu Nov 7 08:49:38 1996 Tero Kivinen <kivinen@ssh.fi> |
---|
635 | |
---|
636 | * Allow user@host for ssh too. Patch from peter@baileynm.com |
---|
637 | (Peter da Silva). |
---|
638 | |
---|
639 | * Fixed foos's password: prompt to foos' password:, requested by |
---|
640 | Peter Simons <simons@petium.rhein.de>. |
---|
641 | |
---|
642 | Tue Nov 5 00:13:52 1996 Tero Kivinen <kivinen@ssh.fi> |
---|
643 | |
---|
644 | * ssh.c (main): Fixed warning message of old agent to be displayed |
---|
645 | only if user really tried to forward agent (agent running and |
---|
646 | forwarding is not disabled). |
---|
647 | |
---|
648 | Mon Nov 4 18:24:43 EET 1996 Tomi Salo <ttsalo@ssh.fi> |
---|
649 | |
---|
650 | * sshconnect.c: patch to improve error handling in code receiving |
---|
651 | protocol version byte, from Bill Fenner <fenner@parc.xerox.com> |
---|
652 | |
---|
653 | Wed Oct 30 00:11:34 1996 Tero Kivinen <kivinen@ssh.fi> |
---|
654 | |
---|
655 | * Added username to password prompt. |
---|
656 | |
---|
657 | * Made checks even more strict in |
---|
658 | auth_input_request_forwarding(). |
---|
659 | |
---|
660 | * Renamed log() function to log_msg(). |
---|
661 | |
---|
662 | * Upgraded from gmp-2.0.2 to gmp-2.0.2-ssh-2 (gmp 2.0.2 with |
---|
663 | autoconf scripts made by Tatu Ylonen) |
---|
664 | |
---|
665 | * Cleaned up TODO file. |
---|
666 | |
---|
667 | * Changed protocol version to 1.5 so new ssh client and server |
---|
668 | can detect old (erroneous) agent forwarding protocol, and |
---|
669 | disable agent forwarding. |
---|
670 | |
---|
671 | * Do not define SSH_AUTHENTICATION_SOCKET environment variable |
---|
672 | if the agent could not be started. |
---|
673 | |
---|
674 | Tue Oct 29 12:34:29 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
675 | |
---|
676 | * Improved the security of auth_input_request_forwarding(). |
---|
677 | |
---|
678 | * Agent's behaviour improved: socket is created and listened to |
---|
679 | before forking, and if creation fails, parent still executes |
---|
680 | the specified command (without forking the child). |
---|
681 | |
---|
682 | Mon Oct 28 18:31:03 1996 Tatu Ylonen <ylo@pilari.ssh.fi> |
---|
683 | |
---|
684 | * Added Cray T90. Fixed recognition of mc88110. |
---|
685 | |
---|
686 | Thu Oct 24 14:05:44 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
687 | |
---|
688 | * Cleaning up old fd-auth trash. |
---|
689 | |
---|
690 | Wed Oct 23 16:00:19 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
691 | |
---|
692 | * Renamed BINDIR from Makefile to SSH_BINDIR. |
---|
693 | |
---|
694 | Mon Oct 21 16:28:43 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
695 | |
---|
696 | * Window resizing fix for ultrix & NeXT from Corey Satten |
---|
697 | |
---|
698 | * New agent code. Many changes, agent stuff should now work as |
---|
699 | defined in the specs. |
---|
700 | |
---|
701 | Sat Oct 19 02:02:24 1996 Tatu Ylonen <ylo@pilari.ssh.fi> |
---|
702 | |
---|
703 | * Upgraded to the latest config.guess (from autoconf-2.10). |
---|
704 | Included recent patches by ttsalo (for openbsd). |
---|
705 | m68k-apple-sysv is now called m68k-apple-aux*. |
---|
706 | |
---|
707 | Mon Oct 14 14:17:14 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
708 | |
---|
709 | * Install X_PROGRAMS too. |
---|
710 | |
---|
711 | * Configuring for OpenBSD (from Thorsten Lockert |
---|
712 | <tholo@SigmaSoft.COM> |
---|
713 | |
---|
714 | Fri Oct 11 13:01:56 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
715 | |
---|
716 | * Fixed the checking of existence of authorized_keys. |
---|
717 | |
---|
718 | Tue Oct 8 13:50:44 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
719 | |
---|
720 | * Allow long passwords for HP-UX TCB authentication. |
---|
721 | |
---|
722 | Mon Oct 7 14:40:45 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
723 | |
---|
724 | * Configuring for hurd, a small fix to do_popen(), |
---|
725 | check in minfd.c, conditional use of TCP_NODELAY in |
---|
726 | packet.c from "Charles M. Hannum" <mycroft@gnu.ai.mit.edu> |
---|
727 | added. |
---|
728 | |
---|
729 | Sat Oct 5 12:21:03 1996 Tatu Ylonen <ylo@pilari.ssh.fi> |
---|
730 | |
---|
731 | * (yesterday) Released ssh-1.2.16. |
---|
732 | |
---|
733 | * (yesterday) Fixed a bug in RSA authentication caused by |
---|
734 | previous changes. |
---|
735 | |
---|
736 | Fri Oct 4 05:57:59 1996 Tatu Ylonen <ylo@pilari.ssh.fi> |
---|
737 | |
---|
738 | * Released ssh-1.2.15. |
---|
739 | |
---|
740 | Thu Oct 3 16:53:31 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
741 | |
---|
742 | * Configuring for Macintosh A/UX system from |
---|
743 | Lawrie.Brown@adfa.oz.au added |
---|
744 | |
---|
745 | * Cipher-update feature added to ssh-keygen |
---|
746 | |
---|
747 | Sat Sep 28 15:23:31 1996 Tatu Ylonen <ylo@pilari.ssh.fi> |
---|
748 | |
---|
749 | * Default identity file cipher is now 3DES to make identity files |
---|
750 | compatible between implementations that support IDEA and those |
---|
751 | that don't. |
---|
752 | |
---|
753 | * Merged workaround for channel deadlock problem. This may cause |
---|
754 | sshd to grow unboundedly under special circumstances! |
---|
755 | |
---|
756 | * Merged ultrix and Next patches from Corey Satten. |
---|
757 | |
---|
758 | Fri Sep 27 17:14:14 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
759 | |
---|
760 | * Major changes in ssh-agent-socket handling. See |
---|
761 | comments in ssh.h. |
---|
762 | |
---|
763 | * Patch for HPUX 10.x shadow passwords from |
---|
764 | vincent@ucthpx.uct.ac.za (Russell Vincent) |
---|
765 | |
---|
766 | * BSD default path definition patch from Andrey A. Chernov |
---|
767 | |
---|
768 | * SSH uses now GMP 2.0. |
---|
769 | |
---|
770 | * Added new encryption scheme: Blowfish. |
---|
771 | |
---|
772 | XXX Changelog hasn't been actively maintained for a long time; |
---|
773 | check the per-file CVS logs for changes... |
---|
774 | |
---|
775 | Thu Sep 12 01:06:47 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
776 | |
---|
777 | * configure.in,config.h.in: Included SOCKS5 support (from David |
---|
778 | Kågedal <davidk@lysator.liu.se>) |
---|
779 | |
---|
780 | Fri Jul 12 09:16:36 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
781 | |
---|
782 | * configure.in, Makefile.in: Detached ssh-askpass from |
---|
783 | NORMAL_PROGRAMS to X_PROGRAMS, which is defined if X is |
---|
784 | found. |
---|
785 | |
---|
786 | * configure.in, login.c: Two small fixes for Cray (-lrsc, |
---|
787 | length of utmp id) and configuring in zlib-1.0.3. |
---|
788 | |
---|
789 | * newchannels.c: Fixed X11 connection socket paths for |
---|
790 | HP-UX. |
---|
791 | |
---|
792 | Tue Jul 2 10:20:17 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
793 | |
---|
794 | * configure.in: Added -lipc for bdsi 2.1 |
---|
795 | |
---|
796 | Thu Jun 27 13:47:14 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
797 | |
---|
798 | * login.c (record_login): FreeBSD doesn't tolerate > 16 |
---|
799 | char hostnames, use ipaddr instead |
---|
800 | |
---|
801 | * channels.c (channel_after_select): Merged fixes for |
---|
802 | tcp-wrappers from Rafal Maszkowski <rzm@torun.pdi.net> |
---|
803 | |
---|
804 | Wed Jun 26 10:37:19 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
805 | |
---|
806 | * configure.in, pty.c (pty_allocate): Again a new way of |
---|
807 | allocating pseudo ttys, getpseudotty() in DYNIX/ptx 2.1. Also |
---|
808 | changes in configure.in for DYNIX. |
---|
809 | |
---|
810 | * sshd.c: use setpgrp() instead of setsid() on ultrix (as in |
---|
811 | versions < 1.5). |
---|
812 | |
---|
813 | * config.h, configure.in, includes.h, login.c, signals.c: Merged |
---|
814 | SCO fixes from Brian Murrell <Brian_Murrell@bctel.net>. |
---|
815 | |
---|
816 | Tue Jun 25 16:31:40 1996 Tomi Salo <ttsalo@piippu.ssh.fi> |
---|
817 | |
---|
818 | * pty.c (pty_allocate): Merged SCO fixes from Gert Doering |
---|
819 | <gert@greenie.muc.de>. |
---|
820 | |
---|
821 | Fri Apr 26 03:12:19 1996 Tatu Ylonen <ylo@pilari.ssh.fi> |
---|
822 | |
---|
823 | * sshd.c: Fixed ip address in "Closing connection" message when |
---|
824 | run from inetd. |
---|
825 | |
---|
826 | * sshd.c: Improved error messages related to not being able to |
---|
827 | read host key when not root. |
---|
828 | |
---|
829 | * ssh-agent.c: Fixed bugs when receiving multiple simultaneous |
---|
830 | connections. |
---|
831 | |
---|
832 | * ssh-agent.c: Fixed major memory leaks. |
---|
833 | |
---|
834 | * signals.c: Check for SIGURG == ISGIO (Linux). |
---|
835 | |
---|
836 | * pty.c: Fixed process group setting on NeXT. |
---|
837 | |
---|
838 | * mpaux.c: Fixed some 32-bit dependencies to make the code run on |
---|
839 | 16-bit machines. |
---|
840 | |
---|
841 | * No longer check for perl5.001 (just perl5 and perl now). |
---|
842 | |
---|
843 | * Also grep "installed" when checking for OSF/1 C2 security. |
---|
844 | |
---|
845 | * Fixed SOCKS support. Fixed bugs in reconnecting with SOCKS. |
---|
846 | |
---|
847 | * Added support for HPUX 7.x. |
---|
848 | |
---|
849 | * Makefile.in: don't include make-ssh-known-hosts.1 in |
---|
850 | DISTFILES. |
---|
851 | |
---|
852 | * No longer remove some long ago obsoleted files in install. |
---|
853 | |
---|
854 | Sun Feb 18 18:20:26 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
855 | |
---|
856 | * sshd.c: Use setluid to set login uid on OSF/1. |
---|
857 | |
---|
858 | Thu Feb 15 11:17:26 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
859 | |
---|
860 | * sshconnect.c: When connecting with proxy, close userfile pipes |
---|
861 | after fork. |
---|
862 | |
---|
863 | Wed Feb 14 00:28:50 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
864 | |
---|
865 | * configure.in: don't use setsid on mips-dec-mach3. |
---|
866 | |
---|
867 | * cipher.h: comments about len in encrypt and decrypt. |
---|
868 | |
---|
869 | Sun Feb 11 16:35:37 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
870 | |
---|
871 | * Released 1.2.13. |
---|
872 | |
---|
873 | * sshd.8.in: Fixed a minor typo. |
---|
874 | |
---|
875 | * configure.in: Give error on linux if the system has the libg.sa bug. |
---|
876 | |
---|
877 | * servconf.c: Fixed pid file default setting. |
---|
878 | |
---|
879 | Sat Feb 10 14:33:29 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
880 | |
---|
881 | * Changed licensing conditions in COPYING. |
---|
882 | |
---|
883 | * ssh.c: Recognize -8 as an option (but it is ignored, as ssh is |
---|
884 | always 8-bit clean). |
---|
885 | |
---|
886 | * sshd.8.in: Documented SIGHUP. |
---|
887 | |
---|
888 | * Merged PidFile patches from Danek Duvall |
---|
889 | <duvall@dhduvall.student.princeton.edu>. |
---|
890 | |
---|
891 | * sshd.c (and other files): added new packet type |
---|
892 | SSH_CMSG_MAX_PACKET_SIZE. This can be used to limit packet size |
---|
893 | sent by the server, which is helpful when implementing the Windows |
---|
894 | client, as it is troublesome to manipulate buffers larger than 64k |
---|
895 | on Windows. |
---|
896 | |
---|
897 | * channels.c (channel_output_poll): Don't emit any more data to |
---|
898 | the output buffer from channels if it is already quite full. |
---|
899 | This may reduce problems with X or TCP/IP traffic jamming the |
---|
900 | interactive shell and/or prevent the size of sshd growing. |
---|
901 | |
---|
902 | * sshd.c (do_child): clear the random number generator before |
---|
903 | changing uid. |
---|
904 | |
---|
905 | * sshd.c (do_child): Run $HOME/.ssh/rc and /etc/sshrc with the |
---|
906 | user's shell. These used to be run with /bin/sh even if the |
---|
907 | user's shell was /bin/sync. |
---|
908 | |
---|
909 | Fri Feb 9 00:35:21 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
910 | |
---|
911 | * userfile.c (do_popen): Preserve XAUTHORITY. |
---|
912 | |
---|
913 | * sshconnect.c: When initializing the random number generator, |
---|
914 | read also some noise from the systemwide seed file. This |
---|
915 | prevents the user from guessing his own session key (which, |
---|
916 | together with sophisticated IP spoofing attacks on the local |
---|
917 | network, might be exploited to masquerade as another user). |
---|
918 | |
---|
919 | * ssh.c: Moved the fork caused by the -f option until after all |
---|
920 | forwardings have been started. This makes it more useful in |
---|
921 | scripts. |
---|
922 | |
---|
923 | * Eliminated rc4. Added arcfour, which is a cipher based on a |
---|
924 | usenet posting in Spring-1995. It is widely believed and has |
---|
925 | been tested to be equivalent with RC4 (RC4 is a trademark of RSA |
---|
926 | Data Security). |
---|
927 | |
---|
928 | * configure.in: Added check to determine if found rsh is actually |
---|
929 | ssh. This helps to avoid errors where ssh enters a loop |
---|
930 | executing itself when trying to fall back to rsh. |
---|
931 | |
---|
932 | * New functions log_severity() and fatal_severity(). These |
---|
933 | are like log() and fatal(), but allow specifying the severity |
---|
934 | of the logged message. The primary purpose of these functions |
---|
935 | is to avoid innocuous messages (e.g. connection closed) being |
---|
936 | logged with high severity. |
---|
937 | |
---|
938 | * servconf.c, readconf.c: accept "true" and "false" as values for |
---|
939 | yes/no options. |
---|
940 | |
---|
941 | Thu Feb 8 13:51:59 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
942 | |
---|
943 | * sshd.c: moved userfile_uninit() to before forking the child. |
---|
944 | |
---|
945 | * Merged make-ssh-known-hosts changed from kivinen@niksula.hut.fi. |
---|
946 | |
---|
947 | * added builtin ping (much faster, because you can set the |
---|
948 | timeout to very short value (1-2 seconds, default is 3 |
---|
949 | seconds), and because it 'pings' the ssh port it will find |
---|
950 | only those hosts with sshd running. |
---|
951 | |
---|
952 | * recursive scanning (scans all subdomains of domain |
---|
953 | automatically, use --norecursive to turn it off). |
---|
954 | |
---|
955 | * automatically use all nameserver entries for domain until |
---|
956 | it will get something if the origin or other nameservers |
---|
957 | refuse to answer queries. |
---|
958 | |
---|
959 | * trust the key returned from daemon by default (use |
---|
960 | --notrustdaemon to get old behavior). |
---|
961 | |
---|
962 | * --keyscan option that will make list of hosts for keyscan |
---|
963 | (not compatible with current version ssh-keyscan, because it |
---|
964 | will output all ipaddress separated with commas in the |
---|
965 | ipaddress field, and ssh-keyscan expects only one ipaddress, |
---|
966 | hopefully ssh-keyscan will accept this format too later, for |
---|
967 | now you can use sed 's/^\([0-9.]*\),[,0-9.]*/\1/g' to make it |
---|
968 | ssh-keyscan compatible). |
---|
969 | |
---|
970 | * added some diagnostic prints to generated ssh_known_hosts: |
---|
971 | # Domain = hut.fi, server = Santra.Hut.Fi |
---|
972 | # Found 4391 hosts, 361 CNAMEs (total 11570 lines) |
---|
973 | # SOA = santra.hut.fi jtv.hut.fi. (10001423 3600 300 3600000 |
---|
974 | 3600) |
---|
975 | |
---|
976 | Mon Feb 5 20:41:29 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
977 | |
---|
978 | * ssh-askpass.wish: Merged changes from Antti Huima |
---|
979 | <ahuima@niksula.hut.fi>. |
---|
980 | |
---|
981 | * Removed garbage line from RFC. |
---|
982 | |
---|
983 | Mon Jan 29 23:45:58 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
984 | |
---|
985 | * canohost.c (get_remote_ipaddr): If using two different |
---|
986 | descriptors, check if they are internet-domain sockets with |
---|
987 | the same peername; if so, return that address. This should make |
---|
988 | ssh be able to return the correct peername when started from |
---|
989 | inetd. |
---|
990 | |
---|
991 | Fri Jan 26 23:10:20 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
992 | |
---|
993 | * pty.c: Merged Cray pty fixes from Wayne Schroeder |
---|
994 | <schroede@SDSC.EDU>. |
---|
995 | |
---|
996 | Thu Jan 25 08:05:18 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
997 | |
---|
998 | * sshd.c (do_child): moved clearing of resources before switching |
---|
999 | to user privileges. |
---|
1000 | |
---|
1001 | * sshd.c: Fixed a bug where fclose was used for a file opened with |
---|
1002 | popen. |
---|
1003 | |
---|
1004 | * randoms.c (random_acquire_light_environmental_noise): Take 128 |
---|
1005 | bits of noise from /dev/random about every five minutes. It |
---|
1006 | used to be more often, but people were complaining that ssh |
---|
1007 | completely exhausts /dev/random. |
---|
1008 | |
---|
1009 | * Eliminated uid swapping code. |
---|
1010 | |
---|
1011 | Wed Jan 24 13:06:24 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1012 | |
---|
1013 | * Makefile.in: $$ (referring to current pid) -> $$$$ because |
---|
1014 | "make" eats the other $. |
---|
1015 | |
---|
1016 | Mon Jan 22 01:21:41 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1017 | |
---|
1018 | * serverloop.c: fixed problems with data not always being sent to |
---|
1019 | the client. |
---|
1020 | |
---|
1021 | Sun Jan 21 13:31:55 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1022 | |
---|
1023 | * Makefile.in (install): Install scripts with INSTALL_DATA (patch |
---|
1024 | from Andrey Chernov <ache@astral.msk.su>). |
---|
1025 | |
---|
1026 | Wed Jan 17 11:45:05 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1027 | |
---|
1028 | * configure.in: Added checking for libshadow.a if have /etc/shadow. |
---|
1029 | |
---|
1030 | Mon Jan 15 10:13:52 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1031 | |
---|
1032 | * buffer.c (buffer_append_space): Decreased buffer size increase |
---|
1033 | from 32768 bytes to 4096 bytes. This should reduce the ssh |
---|
1034 | process size in interactive use. |
---|
1035 | |
---|
1036 | Sun Jan 14 10:29:19 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1037 | |
---|
1038 | * canohost.c (get_remote_hostname): Socket options (such as source |
---|
1039 | routing) were checked for descriptor 0, which is wrong. Fixed. |
---|
1040 | |
---|
1041 | Thu Jan 11 18:48:09 1996 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1042 | |
---|
1043 | * sshd.c: Add BINDIR to DEFAULT_PATH. The primary purpose of this |
---|
1044 | is to make it more likely that scp will be found on the remote |
---|
1045 | machine in case the shell does not read the user's rc-files. |
---|
1046 | Corresponding changes in Makefile.in. |
---|
1047 | |
---|
1048 | * configure.in: Added code to recognize $HOME/.MailBox as a possible |
---|
1049 | incoming mailbox name (to be set in MAIL environment variable). |
---|
1050 | sshd.c: code to handle MAIL_SPOOL_FILE |
---|
1051 | acconfig.h: HAVE_TILDE_NEWMAIL -> MAIL_SPOOL_FILE |
---|
1052 | |
---|
1053 | * configure.in: Add -linet on Dynix/ptx (from geek+@cmu.edu). |
---|
1054 | |
---|
1055 | * login.c: Added SysVr4 (Solaris) utmp patches from Ian Donaldson |
---|
1056 | <iand@aone.com.au>. |
---|
1057 | configure.in: Added check for makeutx. |
---|
1058 | |
---|
1059 | * Makefile.in: Added target hostinstall. This can be used in a |
---|
1060 | networked environment to generate host key and install config |
---|
1061 | files on other machines after installing the binaries to a shared |
---|
1062 | directory on one machine. |
---|
1063 | |
---|
1064 | * sshd.c (login_permitted): Added code to check for expired |
---|
1065 | accounts on AIX. Also checks whether remote logins to the |
---|
1066 | account are permitted. |
---|
1067 | |
---|
1068 | * configure.in: Added check for -lauth (function |
---|
1069 | authenticate_user) in Ultrix-specific code. |
---|
1070 | |
---|
1071 | * random.c (initstate): Changed to use unsigned int instead of |
---|
1072 | u_int (u_int is not defined on all systems). |
---|
1073 | |
---|
1074 | * pty.c (pty_allocate): Use revoke() if it exists. Added check |
---|
1075 | for it in configure (patches from Christos Zoulas |
---|
1076 | <christos@deshaw.com>). |
---|
1077 | |
---|
1078 | * When falling back to rlogin, run rlogin if called as rlogin or |
---|
1079 | rsh. Otherwise, rsh may exec wrong rlogin, resulting in a loop. |
---|
1080 | |
---|
1081 | * sshd.c (main): Print host type with -d. |
---|
1082 | ssh.c: Print host type with -v. |
---|
1083 | |
---|
1084 | * ssh.c (rsh_connect): Made rlogin run rlogin, rsh run rsh, etc. |
---|
1085 | |
---|
1086 | * configure.in: Changed to use autoconf-2.7. |
---|
1087 | Makefile.in: made bindir, sbindir, mandir separately configurable. |
---|
1088 | config.guess: updated to config.guess from autoconf-2.7. |
---|
1089 | |
---|
1090 | * channels.c (x11_input_open): Use /tmp/.X11-unix/`hostname`0 |
---|
1091 | instead of /tmp/.X11-unix/X0 on HPSUX. |
---|
1092 | |
---|
1093 | * configure.in: No vhangup on MachTen. |
---|
1094 | includes.h: need machine/endian.h on MachTen. |
---|
1095 | |
---|
1096 | Sat Dec 16 14:03:21 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1097 | |
---|
1098 | * Removed LIBS from gen_minfd link line. |
---|
1099 | |
---|
1100 | Tue Dec 5 12:22:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1101 | |
---|
1102 | * Minor fixes to ssh.1.in. |
---|
1103 | |
---|
1104 | * auth-passwd.c: fixed C2 security password authentication on alpha. |
---|
1105 | |
---|
1106 | * sshd.c: increased SO_LINGER times to 15 seconds. |
---|
1107 | |
---|
1108 | Fri Dec 1 14:12:31 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1109 | |
---|
1110 | * sshd.c, pty.c: Call setsid() also for non-pty logins. This is |
---|
1111 | needed on BSD 4.4, where setlogin() works on a process group |
---|
1112 | basis (What a Stupid Idea!), and setlogin() is being changed in |
---|
1113 | FreeBSD to only work for process group leaders (Continued Brain |
---|
1114 | Damage!). |
---|
1115 | |
---|
1116 | * auth-passwd.c: Added support for Ultrix enhanced security. |
---|
1117 | |
---|
1118 | * Renamed field "howmany" in authfd.h due to conflicts with system |
---|
1119 | headers on Solaris 2.4. |
---|
1120 | |
---|
1121 | * scp.c (sink): Don't use O_TRUNC if ftruncate exists. Avoids |
---|
1122 | corrupting files when copying on top of itself. |
---|
1123 | |
---|
1124 | Wed Nov 29 15:57:03 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1125 | |
---|
1126 | * Improved debugging messages sent to client when Rhosts/RhostsRSA |
---|
1127 | authentication fails. |
---|
1128 | |
---|
1129 | * configure.in, uidswap.c: Fixed uid-swapping on ultrix and aix. |
---|
1130 | |
---|
1131 | * tildexpand.c: for ~/file, if HOME is set, use it; use getpwnam |
---|
1132 | in this case only if HOME is not set. |
---|
1133 | |
---|
1134 | Tue Nov 21 03:01:23 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1135 | |
---|
1136 | * serverloop.c: Trying to prevent spurious "Waiting for |
---|
1137 | connections to terminate" messages at client exit. |
---|
1138 | |
---|
1139 | * ssh.1.in: Fixed small typo (.ne3). |
---|
1140 | |
---|
1141 | * sshd.c: Fixed other setsid on Ultrix. |
---|
1142 | |
---|
1143 | Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1144 | |
---|
1145 | * Released 1.2.12. |
---|
1146 | |
---|
1147 | * channels.c: Commented out debugging messages about output draining. |
---|
1148 | |
---|
1149 | * Added file OVERVIEW to give some idea about the structure of the |
---|
1150 | ssh software. |
---|
1151 | |
---|
1152 | Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1153 | |
---|
1154 | * canohost.c (get_remote_hostname): Don't ever return NULL (causes |
---|
1155 | segmentation violation). |
---|
1156 | |
---|
1157 | * sshconnect.c: Host ip address printed incorrectly with -v. |
---|
1158 | |
---|
1159 | * Implemented SSH_TTY environment variable. |
---|
1160 | |
---|
1161 | Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> |
---|
1162 | |
---|
1163 | * Implemented server and client option KeepAlive to specify |
---|
1164 | whether to set SO_KEEPALIVE. Both default to "yes"; to disable |
---|
1165 | keepalives, set the value to "no" in both the server and the |
---|
1166 | client configuration files. Updated manual pages. |
---|
1167 | |
---|
1168 | * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp |
---|
1169 | (patch from Petri Virkkula <argon@bat.cs.hut.fi>). |
---|
1170 | |
---|
1171 | * login.c (record_logout): Fixed removing user from utmp on BSD |
---|
1172 | (with HAVE_LIBUTIL_LOGIN). |
---|
1173 | |
---|
1174 | * Added cleanup functions to be called from fatal(). Arranged for |
---|
1175 | utmp to be cleaned if sshd terminates by calling fatal (e.g., |
---|
1176 | after dropping connection). Eliminated separate client-side |
---|
1177 | fatal() functions and moved fatal() to log-client.c. Made all |
---|
1178 | cleanups, including channel_stop_listening() and packet_close() |
---|
1179 | be called using this mechanism. |
---|
1180 | |
---|
1181 | Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1182 | |
---|
1183 | * sshd.c: Permit immediate login with empty password only if |
---|
1184 | password authentication is allowed. |
---|
1185 | |
---|
1186 | Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1187 | |
---|
1188 | * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is |
---|
1189 | now the only supported form. Renamed server option |
---|
1190 | X11InetForwarding to X11Forwarding, and eliminated |
---|
1191 | X11UnixForwarding. Updated documentation. Updated RFC (marked |
---|
1192 | the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as |
---|
1193 | obsolete, and removed all references to it). Increased protocol |
---|
1194 | version number to 1.3. |
---|
1195 | |
---|
1196 | * scp.c (main): Added -B (BatchMode). Updated manual page. |
---|
1197 | |
---|
1198 | * Cleaned up and updated all manual pages. |
---|
1199 | |
---|
1200 | * clientloop.c: Added new escape sequences ~# (lists forwarded |
---|
1201 | connections), ~& (background ssh when waiting for forwarded |
---|
1202 | connections to terminate), ~? (list available escapes). |
---|
1203 | Polished the output of the connection listing. Updated |
---|
1204 | documentation. |
---|
1205 | |
---|
1206 | * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real |
---|
1207 | uid. Assume that _POSIX_SAVED_IDS also applies to seteuid. |
---|
1208 | This may solve problems with tcp_wrappers (libwrap) showing |
---|
1209 | connections as coming from root. |
---|
1210 | |
---|
1211 | Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1212 | |
---|
1213 | * Added RandomSeed server configuration option. The argument |
---|
1214 | specifies the location of the random seed file. Updated |
---|
1215 | documentation. |
---|
1216 | |
---|
1217 | * Locate perl5 in configure. Generate make-ssh-known-hosts (with |
---|
1218 | the correct path for perl5) in Makefile.in, and install it with |
---|
1219 | the other programs. Updated manual page. |
---|
1220 | |
---|
1221 | * sshd.c (main): Added a call to umask to set the umask to a |
---|
1222 | reasonable value. |
---|
1223 | |
---|
1224 | * compress.c (buffer_compress): Fixed to follow the zlib |
---|
1225 | documentation (which is slightly confusing). |
---|
1226 | |
---|
1227 | * INSTALL: Added information about Linux libc.so.4 problem. |
---|
1228 | |
---|
1229 | Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1230 | |
---|
1231 | * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM. |
---|
1232 | |
---|
1233 | * sshd.c, sshd.8.in: Renamed $HOME/.environment -> |
---|
1234 | $HOME/.ssh/environment. |
---|
1235 | |
---|
1236 | * configure.in: Disable shadow password checking on convex. |
---|
1237 | Convex has /etc/shadow, but sets pw_passwd automatically if |
---|
1238 | running as root. |
---|
1239 | |
---|
1240 | * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the |
---|
1241 | pw_passwd field is automatically filled if running as root. |
---|
1242 | Put explicit code in configure.in to prevent shadow password |
---|
1243 | checking on FreeBSD and NetBSD. |
---|
1244 | |
---|
1245 | * serverloop.c (signchld_handler): Don't print error if wait |
---|
1246 | returns -1. |
---|
1247 | |
---|
1248 | * Makefile.in (install): Fixed modes of data files. |
---|
1249 | |
---|
1250 | * Makefile.in (install): Make links for slogin.1. |
---|
1251 | |
---|
1252 | * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to |
---|
1253 | fix the ping command. |
---|
1254 | |
---|
1255 | Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1256 | |
---|
1257 | * ssh.1.in: Added more information about X11 forwarding. |
---|
1258 | |
---|
1259 | Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1260 | |
---|
1261 | * Changes to use O_NONBLOCK_BROKEN consistently. |
---|
1262 | |
---|
1263 | * pty.c (pty_make_controlling_tty): Use setpgid instead of |
---|
1264 | setsid() on Ultrix. |
---|
1265 | |
---|
1266 | * includes.h: Removed redundant #undefs for Ultrix and Sony News; |
---|
1267 | these are already handled in configure.in. |
---|
1268 | |
---|
1269 | Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1270 | |
---|
1271 | * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found. |
---|
1272 | |
---|
1273 | * configure.in: Disable vhangup on Ultrix. I am told this fixes |
---|
1274 | the server problems. |
---|
1275 | |
---|
1276 | Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1277 | |
---|
1278 | * sshconnect.c: Fixed a bug in connecting to a multi-homed host. |
---|
1279 | Restructured the connecting code to never try to use the same |
---|
1280 | socket a second time after a failed connection. |
---|
1281 | |
---|
1282 | * Makefile.in: Added explicit -m option to install, and umask 022 |
---|
1283 | when creating directories and the host key. |
---|
1284 | |
---|
1285 | Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1286 | |
---|
1287 | * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean. |
---|
1288 | |
---|
1289 | * login.c (get_last_login_time): Fixed a typo (define -> defined). |
---|
1290 | |
---|
1291 | Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1292 | |
---|
1293 | * configure.in: Moved testing for ANSI C compiler after the host |
---|
1294 | specific code (problems on HPUX). |
---|
1295 | |
---|
1296 | * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan. |
---|
1297 | |
---|
1298 | * Fixed .SH NAME sections in manual pages. |
---|
1299 | |
---|
1300 | * compress.c: Trying to fix a mysterious bug in the compression |
---|
1301 | glue. |
---|
1302 | |
---|
1303 | * ssh-1.2.11. |
---|
1304 | |
---|
1305 | * scp.c: disable agent forwarding when running ssh from scp. |
---|
1306 | |
---|
1307 | * Added compression of plaintext packets using the gzip library |
---|
1308 | (zlib). Client configuration options Compression and |
---|
1309 | CompressionLevel (1-9 as in gzip). New ssh and scp option -C |
---|
1310 | (to enable compression). Updated RFC. |
---|
1311 | |
---|
1312 | Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1313 | |
---|
1314 | * Implemented ProxyCommand stuff based on patches from Bryan |
---|
1315 | O'Sullivan <bos@serpentine.com>. |
---|
1316 | |
---|
1317 | * Merged BSD login/logout/lastlog patches from Mark Treacy |
---|
1318 | <mark@labtam.oz.au>. |
---|
1319 | |
---|
1320 | * sshd.c: Added chdir("/"). |
---|
1321 | |
---|
1322 | Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1323 | |
---|
1324 | * Merged RSA environment= patches from Felix Leitner |
---|
1325 | <leitner@prz.tu-berlin.de> with some changes. |
---|
1326 | |
---|
1327 | * sshd.c: Made the packet code use two separate descriptors for |
---|
1328 | the connection (one for input, the other for output). This will |
---|
1329 | make future extensions easier (e.g., non-socket transports, etc.). |
---|
1330 | sshd -i now uses both stdin and stdout separately. |
---|
1331 | |
---|
1332 | Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1333 | |
---|
1334 | * sshd.c: Merged execle -> execve patches from Mark Martinec |
---|
1335 | <Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on |
---|
1336 | Convex (environment not getting passed properly). This might |
---|
1337 | also solve similar problems on Sonys; please test! |
---|
1338 | |
---|
1339 | * Removed all compatibility code for protocol version 1.0. |
---|
1340 | THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS |
---|
1341 | PRIOR TO 1.1.0. |
---|
1342 | |
---|
1343 | * randoms.c (random_acquire_light_environmental_noise): If |
---|
1344 | /dev/random is available, read up to 32 bytes (256 bits) from |
---|
1345 | there in non-blocking mode, and mix the new random bytes into |
---|
1346 | the pool. |
---|
1347 | |
---|
1348 | * Added client configuration option StrictHostKeyChecking |
---|
1349 | (disabled by default). If this is enabled, the client will not |
---|
1350 | automatically add new host keys to $HOME/.ssh/known_hosts; |
---|
1351 | instead the connection will be refused if the host key is not |
---|
1352 | known. Similarly, if the host key has changed, the connection |
---|
1353 | will be refused instead if just issuing a warning. This |
---|
1354 | provides additional security against man-in-the-middle/trojan |
---|
1355 | horse attacks (especially in scripts where there is no-one to |
---|
1356 | see the warnings), but may be quite inconvenient in everyday |
---|
1357 | interactive use unless /etc/ssh_known_hosts is very complete, |
---|
1358 | because new host keys must now be added manually. |
---|
1359 | |
---|
1360 | * sshconnect.c (ssh_connect): Use the user's uid when creating the |
---|
1361 | socket and connecting it. I am hoping that this might help with |
---|
1362 | tcp_wrappers showing the remote user as root. |
---|
1363 | |
---|
1364 | * ssh.c: Try inet-domain X11 forwarding regardless of whether we |
---|
1365 | can get local authorization information. If we don't, we just |
---|
1366 | come up with fake information; the forwarding code will anyway |
---|
1367 | generate its own fake information and validate that the client |
---|
1368 | knows that information. It will then substitute our fake |
---|
1369 | information for that, but that info should get ignored by the |
---|
1370 | server if it doesn't support it. |
---|
1371 | |
---|
1372 | * Added option BatchMode to disable password/passphrase querying |
---|
1373 | in scripts. |
---|
1374 | |
---|
1375 | * auth-rh-rsa.c: Changed to use uid-swapping when reading |
---|
1376 | .ssh/known_hosts. |
---|
1377 | |
---|
1378 | * sshd.8.in (command): Improved documentation of file permissions |
---|
1379 | on the manual pages. |
---|
1380 | |
---|
1381 | Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> |
---|
1382 | |
---|
1383 | * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer |
---|
1384 | to freed memory (comment -> saved_comment). |
---|
1385 | |
---|
1386 | * log-server.c: Added a prefix to debug/warning/error/fatal |
---|
1387 | messages describing message types. Syslog does not include that |
---|
1388 | information automatically. |
---|
1389 | |
---|
1390 | Sun Oct 8 01:56:01 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1391 | |
---|
1392 | * Merged /etc/default/login and MAIL environment variable changes |
---|
1393 | from Bryan O'Sullivan <bos@serpentine.com>. |
---|
1394 | - mail spool file location |
---|
1395 | - process /etc/default/login |
---|
1396 | - add HAVE_ETC_DEFAULT_LOGIN |
---|
1397 | - new function child_get_env and read_etc_default_login (sshd.c) |
---|
1398 | |
---|
1399 | * ssh-add.c (add_file): Fixed asking for passphrase. |
---|
1400 | |
---|
1401 | * Makefile.in: Fixed installing configure-generated man pages when |
---|
1402 | compiling in a separate object directory. |
---|
1403 | |
---|
1404 | * sshd.c (main): Moved RSA key generation until after allocating |
---|
1405 | the port number. (Actually, the code got duplicated because we |
---|
1406 | never listen when run from inetd.) |
---|
1407 | |
---|
1408 | * ssh.c: Fixed a problem that caused scp to hang when called with |
---|
1409 | stdin closed. |
---|
1410 | |
---|
1411 | Sat Oct 7 03:08:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1412 | |
---|
1413 | * Added server config option StrictModes. It specifies whether to |
---|
1414 | check ownership and modes of home directory and .rhosts files. |
---|
1415 | |
---|
1416 | * ssh.c: If ssh is renamed/linked to a host name, connect to that |
---|
1417 | host. |
---|
1418 | |
---|
1419 | * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from |
---|
1420 | connection. Solaris has a kernel bug which causes select() to |
---|
1421 | sometimes wake up even though there is no data available. |
---|
1422 | |
---|
1423 | * Display all open connections when printing the "Waiting for |
---|
1424 | forwarded connections to terminate" message. |
---|
1425 | |
---|
1426 | * sshd.c, readconf.c: Added X11InetForwarding and |
---|
1427 | X11UnixForwarding server config options. |
---|
1428 | |
---|
1429 | Thu Oct 5 17:41:16 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1430 | |
---|
1431 | * Some more SCO fixes. |
---|
1432 | |
---|
1433 | Tue Oct 3 01:04:34 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1434 | |
---|
1435 | * Fixes and cleanups in README, INSTALL, COPYING. |
---|
1436 | |
---|
1437 | Mon Oct 2 03:36:08 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1438 | |
---|
1439 | * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...). |
---|
1440 | |
---|
1441 | * Removed .BR from ".SH NAME" in man pages. |
---|
1442 | |
---|
1443 | Sun Oct 1 04:16:07 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1444 | |
---|
1445 | * ssh-1.2.10. |
---|
1446 | |
---|
1447 | * configure.in: When checking that the compiler works, check that |
---|
1448 | it understands ANSI C prototypes. |
---|
1449 | |
---|
1450 | * Made uidswap error message a debug() to avoid confusing errors |
---|
1451 | on AIX (AIX geteuid is brain-damaged and fails even for root). |
---|
1452 | |
---|
1453 | * Fixed an error in sshd.8 (FacistLogging -> FascistLogging). |
---|
1454 | |
---|
1455 | * Fixed distribution in Makefile.in (missing manual page .in files). |
---|
1456 | |
---|
1457 | Sat Sep 30 17:38:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1458 | |
---|
1459 | * auth-rhosts.c: Fixed serious security problem in |
---|
1460 | /etc/hosts.equiv authentication. |
---|
1461 | |
---|
1462 | Fri Sep 29 00:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1463 | |
---|
1464 | * Include machine/endian.h on Paragon. |
---|
1465 | |
---|
1466 | * ssh-add.c (add_file): Made ssh-add keep asking for the |
---|
1467 | passphrase until the user just types return or cancels. |
---|
1468 | Make the dialog display the comment of the key. |
---|
1469 | |
---|
1470 | * Read use shosts.equiv in addition to /etc/hosts.equiv. |
---|
1471 | |
---|
1472 | * sshd.8 is now sshd.8.in and is processed by configure to |
---|
1473 | substitute the proper paths for various files. Ditto for ssh.1. |
---|
1474 | Ditto for make-ssh-known-hosts.1. |
---|
1475 | |
---|
1476 | * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR |
---|
1477 | will be /var/run if it exists, and ETCDIR otherwise. |
---|
1478 | |
---|
1479 | Thu Sep 28 21:52:42 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1480 | |
---|
1481 | * On Ultrix, check if sys/syslog.h needs to be included in |
---|
1482 | addition to syslog.h. |
---|
1483 | |
---|
1484 | * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX. |
---|
1485 | |
---|
1486 | * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS. |
---|
1487 | |
---|
1488 | * Fixed case-insensitivity in auth-rhosts.c. |
---|
1489 | |
---|
1490 | * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus |
---|
1491 | other SCO fixes. |
---|
1492 | |
---|
1493 | * Makefile.in: Fixed missing install_prefixes. |
---|
1494 | |
---|
1495 | Wed Sep 27 03:57:00 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1496 | |
---|
1497 | * ssh-1.2.9. |
---|
1498 | |
---|
1499 | * Added SOCKS support. |
---|
1500 | |
---|
1501 | * Fixed default setting of IgnoreRhosts option. |
---|
1502 | |
---|
1503 | * Pass the magic cookie to xauth in stdin instead of command line; |
---|
1504 | the command line is visible in ps. |
---|
1505 | |
---|
1506 | * Added processing $HOME/.ssh/rc and /etc/sshrc. |
---|
1507 | |
---|
1508 | * Added a section to sshd.8 on what happens at login time. |
---|
1509 | |
---|
1510 | Tue Sep 26 01:27:40 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1511 | |
---|
1512 | * Don't define speed_t on SunOS 4.1.1; it conflicts with system |
---|
1513 | headers. |
---|
1514 | |
---|
1515 | * Added support for .hushlogin. |
---|
1516 | |
---|
1517 | * Added --with-etcdir. |
---|
1518 | |
---|
1519 | * Read $HOME/.environment after /etc/environment. |
---|
1520 | |
---|
1521 | Mon Sep 25 03:26:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1522 | |
---|
1523 | * Merged patches for SCO Unix (from Michael Henits). |
---|
1524 | |
---|
1525 | Sun Sep 24 22:28:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1526 | |
---|
1527 | * Added ssh option ConnectionAttempts. |
---|
1528 | |
---|
1529 | Sat Sep 23 12:30:15 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1530 | |
---|
1531 | * sshd.c: Don't print last login time and /etc/motd if a command |
---|
1532 | has been specified (with ssh -t host command). |
---|
1533 | |
---|
1534 | * Added support for passing the screen number in X11 forwarding. |
---|
1535 | It is implemented as a compatible protocol extension, signalled |
---|
1536 | by SSH_PROTOFLAG_SCREEN_NUMBER by the child. |
---|
1537 | |
---|
1538 | * clientloop.c: Fixed bugs in the order in which things were |
---|
1539 | processed. This may solve problems with some data not getting |
---|
1540 | sent to the server as soon as possible (probably solves the TCP |
---|
1541 | forwarding delayed close problem). Also, it looked like window |
---|
1542 | changes might not get transmitted as early as possible in some |
---|
1543 | cases. |
---|
1544 | |
---|
1545 | * clientloop.c: Changed to detect window size change that |
---|
1546 | happened while ssh was suspended. |
---|
1547 | |
---|
1548 | * ssh.c: Moved the do_session function (client main loop) to |
---|
1549 | clientloop.c. Divided it into smaller functions. General cleanup. |
---|
1550 | |
---|
1551 | * ssh-1.2.8 |
---|
1552 | |
---|
1553 | Fri Sep 22 22:07:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1554 | |
---|
1555 | * sshconnect.c (ssh_login): Made ssh_login take the options |
---|
1556 | structure as argument, instead of the individual arguments. |
---|
1557 | |
---|
1558 | * auth-rhosts.c (check_rhosts_file): Added support for netgroups. |
---|
1559 | |
---|
1560 | * auth-rhosts.c (check_rhosts_file): Added support for negated |
---|
1561 | entries. |
---|
1562 | |
---|
1563 | Thu Sep 21 00:07:56 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1564 | |
---|
1565 | * auth-rhosts.c: Restructured rhosts authentication code. |
---|
1566 | Hosts.equiv now has same format as .rhosts: user names are allowed. |
---|
1567 | |
---|
1568 | * Added support for the Intel Paragon. |
---|
1569 | |
---|
1570 | * sshd.c: Don't use X11 forwarding with spoofing if no xauth |
---|
1571 | program. Changed configure.in to not define XAUTH_PATH if |
---|
1572 | there is no xauth program. |
---|
1573 | |
---|
1574 | * ssh-1.2.7 |
---|
1575 | |
---|
1576 | * sshd.c: Rewrote the code to build the environment. Now also reads |
---|
1577 | /etc/environment. |
---|
1578 | |
---|
1579 | * sshd.c: Fixed problems in libwrap code. --with-libwrap now |
---|
1580 | takes optional library name/path. |
---|
1581 | |
---|
1582 | * ssh-1.2.6 |
---|
1583 | |
---|
1584 | * Define USE_PIPES by default. |
---|
1585 | |
---|
1586 | * Added support for Univel Unixware and MachTen. |
---|
1587 | |
---|
1588 | * Added IgnoreRhosts server option. |
---|
1589 | |
---|
1590 | * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen. |
---|
1591 | |
---|
1592 | Wed Sep 20 02:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1593 | |
---|
1594 | * sshd.c (do_child): don't call packet_close when /etc/nologin, |
---|
1595 | because packet_close does shutdown, and the message does not get |
---|
1596 | sent. |
---|
1597 | |
---|
1598 | * pty.c (pty_allocate): Push ttcompat streams module. |
---|
1599 | |
---|
1600 | * randoms.c (random_acquire_light_environmental_noise): Don't use |
---|
1601 | the second argument to gettimeofday as it is not supported on |
---|
1602 | all systems. |
---|
1603 | |
---|
1604 | * login.c (record_login): Added NULL second argument to gettimeofday. |
---|
1605 | |
---|
1606 | Tue Sep 19 13:25:48 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1607 | |
---|
1608 | * fixed pclose wait() in sshd key regeneration (now only collects |
---|
1609 | easily available noise). |
---|
1610 | |
---|
1611 | * configure.in: test for bsdi before bsd*. |
---|
1612 | |
---|
1613 | * ssh.c: Don't print "Connection closed" if -q. |
---|
1614 | |
---|
1615 | Wed Sep 13 04:19:52 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1616 | |
---|
1617 | * Released ssh-1.2.5. |
---|
1618 | |
---|
1619 | * Hopefully fixed "Waiting for forwarded connections to terminate" |
---|
1620 | message. |
---|
1621 | |
---|
1622 | * randoms.c, md5.c: Large modifications to make these work on Cray |
---|
1623 | (which has no 32 bit integer type). |
---|
1624 | |
---|
1625 | * Fixed a problem with forwarded connection closes not being |
---|
1626 | reported immediately. |
---|
1627 | |
---|
1628 | * ssh.c: fixed rhosts authentication (broken by uid-swapping). |
---|
1629 | |
---|
1630 | * scp.c: Don't use -l if server user not specified (it made |
---|
1631 | setting User in the configuration file not work). |
---|
1632 | |
---|
1633 | * configure.in: don't use -pipe on BSDI. |
---|
1634 | |
---|
1635 | * randoms.c: Major modifications to make it work without 32 bit |
---|
1636 | integers (e.g. Cray). |
---|
1637 | |
---|
1638 | * md5.c: Major modifications to make it work without 32 bit |
---|
1639 | integers (e.g. Cray). |
---|
1640 | |
---|
1641 | * Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by |
---|
1642 | default on all systems. |
---|
1643 | |
---|
1644 | Mon Sep 11 00:53:12 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1645 | |
---|
1646 | * sshd.c: don't include sshd pathname in log messages. |
---|
1647 | |
---|
1648 | * Added libwrap stuff (includes support for identd). |
---|
1649 | |
---|
1650 | * Added OSF/1 C2 extended security stuff. |
---|
1651 | |
---|
1652 | * Fixed interactions between getuid() and uid-swap stuff. |
---|
1653 | |
---|
1654 | Sun Sep 10 00:29:27 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1655 | |
---|
1656 | * serverloop.c: Don't send stdout data to client until after a few |
---|
1657 | milliseconds if there is very little data. This is because some |
---|
1658 | systems give data from pty one character at a time, which would |
---|
1659 | multiply data size by about 16. |
---|
1660 | |
---|
1661 | * serverloop.c: Moved server do_session to a separate file and |
---|
1662 | renamed it server_loop. Split it into several functions and |
---|
1663 | partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup. |
---|
1664 | |
---|
1665 | * Screwed up something while checking stuff in under cvs. No harm, |
---|
1666 | but bogus log entries... |
---|
1667 | |
---|
1668 | Sat Sep 9 02:24:51 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1669 | |
---|
1670 | * minfd.c (_get_permanent_fd): Use SHELL environment variable. |
---|
1671 | |
---|
1672 | * channels.c (x11_create_display_inet): Created |
---|
1673 | HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the |
---|
1674 | IP address of the host instead of the name, because HPSUX uses |
---|
1675 | some magic shared memory communication for local connections. |
---|
1676 | |
---|
1677 | * Changed SIGHUP processing in server; it should now work multiple |
---|
1678 | times. |
---|
1679 | |
---|
1680 | * Added length limits in many debug/log/error/fatal calls just in |
---|
1681 | case. |
---|
1682 | |
---|
1683 | * login.c (get_last_login_time): Fixed location of lastlog. |
---|
1684 | |
---|
1685 | * Rewrote all uid-swapping code. New files uidswap.h, uidswap.c. |
---|
1686 | |
---|
1687 | * Fixed several security problems involving chmod and chgrp (race |
---|
1688 | conditions). Added warnings about dubious modes for /tmp/.X11-unix. |
---|
1689 | |
---|
1690 | Fri Sep 8 20:03:36 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> |
---|
1691 | |
---|
1692 | * Changed readconf.c to never display anything from the config |
---|
1693 | file. This should now be prevented otherwise, but let's play safe. |
---|
1694 | |
---|
1695 | * log-server.c: Use %.500s in syslog() just to be sure (they |
---|
1696 | should already be shorter than 1024 though). |
---|
1697 | |
---|
1698 | * sshd.c: Moved setuid in child a little earlier (just to be |
---|
1699 | conservative, there was no security problem that I could detect). |
---|
1700 | |
---|
1701 | * README, INSTALL: Added info about mailing list and WWW page. |
---|
1702 | |
---|
1703 | * sshd.c: Added code to use SIGCHLD and wait zombies immediately. |
---|
1704 | |
---|
1705 | * Merged patch to set ut_addr in utmp. |
---|
1706 | |
---|
1707 | * Created ChangeLog and added it to Makefile.in. |
---|
1708 | |
---|
1709 | * Use read_passphrase instead of getpass(). |
---|
1710 | |
---|
1711 | * Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher |
---|
1712 | selection (IDEA used to be selected even if not supported by the |
---|
1713 | server). |
---|
1714 | |
---|
1715 | * Use no encryption for key files if empty passphrase. |
---|
1716 | |
---|
1717 | * Added section about --without-idea in INSTALL. |
---|
1718 | |
---|
1719 | * Version 1.2.0 was released a couple of days ago. |
---|
1720 | |
---|