source: trunk/third/ssh/ChangeLog @ 12646

Revision 12646, 57.9 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r12645, which included commits to RCS files with non-trunk default branches.
Line 
1Tue Jul  7 22:38:41 1998  Tero Kivinen  <kivinen@ssh.fi>
2
3        * Changed scp to run ssh1 instead of ssh.
4       
5        * Added -L (no privileged port) option to scp. Patch from Ville
6        Herva <vherva@niksula.hut.fi>.
7       
8        * Fixed spelling of privileged (was priviledged). The olwd option
9        is still understood. Reported by Mike Friedman
10        <mikef@ack.berkeley.edu>.
11       
12        * Removed .ie, and .el from man pages, and replace them with empty
13        lines as is done with other sources.
14       
15        * Fixed checking that user default group must exist if it used in
16        allow/deny groups. Patch from Teddy Grenman <tricky@cs.hut.fi>.
17       
18        * Fixed overflow in scp statistics. Patch from Petri Kaukasoina
19        <kaukasoi@elektroni.ee.tut.fi>.
20       
21        * Added checking for syslen field in utmpx structure.
22       
23        * Added better support for HPUX tcb auth.
24       
25        * Added match_host, that will check that if the pattern is all
26        numeric, it is only compared against ip addresses. Suggestion from
27        Andrew Tridgell <tridge@samba.anu.edu.au>.
28       
29        * Added bind 8 support for make-known-hosts.pl from Niklas
30        Edmundsson <nikke@ing.umu.se>.
31       
32        * Added SGI project accounting from Eivind Gjelseth
33        <eivind@ii.uib.no>.
34
35        * Added checking of system function return value in scp.c. Patch
36        from Loren "Buck" Buchanan <lbuchana@csc.com>.
37       
38        * Fixed "SilentDeny on" to "SilentDeny yes" in the example config
39        file for server.
40
41        * Changed HPSUX_NONSTANDARD_X11_KLUDGE to only be used when
42        opening socket. Added new NONSTANDARD_IP_ADDRESS_X11_KLUDGE to be
43        used when display must be ipaddress instead of hostname. Changed
44        configure to define the NONSTANDARD_IP_ADDRESS_X11_KLUDGE for
45        i386-sni-sysv4 (SINIX) (report from Felix von Delius
46        <Felix-von.Delius@dresdner-bank.de>).
47
48        * Changed version number checking so that the client will allow
49        server to send new major version number (2.x).
50       
51        * Moved connecting ... debug message after allocated local port
52        message. Suggestion from Jarkko Hietaniemi <jhi@iki.fi>.
53
54        * Updated deattack code to new version (fixes some bug in
55        check_crc function. New code from CORE SDI S.A., Buenos Aires,
56        Argentina.
57       
58        * Added find of passwd program in configure. Patch from Jum Bourne
59        <jbourne@island.net>.
60
61Fri Jun 12 10:51:59 1998  Tero Kivinen  <kivinen@ssh.fi>
62
63        * Fixed suid bit removing so that it will be done first and after
64        that the files are renamed to xxx.old.
65       
66        * Disable scp statistics if -B option is given. Patch from Philip
67        Kizer <pckizer@tamu.edu>.       
68       
69        * Disable scp statistics if the stdout is not a tty.
70
71Thu Jun 11 01:05:28 1998  Tero Kivinen  <kivinen@ssh.fi>
72
73        * Added time and date in the X11 connection rejected message
74        requested by Jarkko Hietaniemi <jhi@iki.fi>.
75
76        * Added username to passwd command when forcing password change.
77
78        * Added crc-fix detection code from CORE SDI S.A., Buenos Aires,
79        Argentina. See their security announcement for more information.
80       
81        * Disabled SO_LINGER by default. Added --enable-so-linger
82        configure option that turns it on again.
83       
84        * Added scp statistics print from Craig Yap <craig@cse.fau.edu>.
85        Added --disable-scp-stats to turn it off, and -q option to scp.
86       
87        * Added user@host pattern matching in Allow/DenyUsers. Patch from
88        Andrew Tridgell <tridge@samba.anu.edu.au>.
89       
90        * Added run time check for /var/X directory. Patch from Charles
91        Karney <karney@pppl.gov>.
92
93Thu May 21 21:31:44 1998  Tero Kivinen  <kivinen@ssh.fi>
94
95        * Added warning about expiring passwords. Also added warning
96        message when the account is going to expire. Idea from Harry
97        Shamansky <shamansky@adinc.com>. Added PasswordExpireWarningDays
98        and AccountExpireWarningDays server configuration variables.
99       
100        * Fixed login_getclass code for BSDI 2.1 (199510). Patch from
101        Kazunori ANDO <ando@iij-mc.co.jp>.
102       
103        * Fixed defining X11_DIR in the configure.in. Patch from Bradford
104        W. Johnson <bradford@math.umn.edu>.
105       
106        * Fixed -g option case clause (missing break). Patch from Kevin
107        Steves <stevesk@sweden.hp.com>.
108       
109        * Added check for program name to contain ssh1, ssh1.old, ssh.old,
110        slogin1, slogin.old, slogin1.old. Bug report from Richard Kaszeta
111        <kaszeta@me.umn.edu>.
112       
113        * Fixed AC_CHECK_HEADER(socks.h) in the configure.in. Patch from
114        Andrew Raphael <raphael@research.canon.com.au>.
115       
116        * Fixed TIS authentication to understand chalnecho response. Patch
117        from Mark Horn <mhorn@funb.com>.
118       
119        * Fixed typo in the ForcedPasswordChange configuration variable.
120        Patch from Rick Troxel <rick@helix.nih.gov>.
121
122        * Documented ForcedPasswordChange, and changed its default value
123        to yes. Added osf c2 code to use that option too.
124       
125        * Added SSH_BINDIR adding to PATH found from /etc/default/login
126        etc. Patch from Georg-W. Koltermann <gwk@cray.com>.
127       
128        * AllowSHosts, DenySHosts patches from Piete Brooks
129        <pb@cl.cam.ac.uk>.
130
131Mon May  4 16:37:41 1998  Tero Kivinen  <kivinen@ssh.fi>
132
133        * Fixed layout of the authorized_keys options in the sshd man
134        page.
135       
136        * Added check that if SIGPWR and SIGINFO are same only one of them
137        is used.
138       
139        * Fixed no-port-forwarding so that it will also disable local port
140        forwardings at the server side.
141
142Fri Apr 24 19:02:05 1998  Tero Kivinen  <kivinen@ssh.fi>
143
144        * Changed installation so that all programs are installed as
145        <program>1 and if the <program>2 file doesn't exists then it will
146        make symlink from <program> to <program>1. This means that after
147        you have ssh version 2 installed the installation process doesn't
148        touch <program> anymore, it will just install everything as
149        <program>1. Then you can manually change <program> link to point
150        to version 1 or 2 programs. Man pages are exception for this, the
151        man pages will always install as <manpage>1.x and they will always
152        make link from <manpage>.x to <manpage>1.x.
153       
154        * Added ssh version 2 compat option. If started with -V "str" the
155        sshd will assume the remote version is "str" and it doesn't try to
156        read it from the input channel. This way ssh2d may read the
157        version string and if it notices that this is ssh 1 client it can
158        exec sshd -i -V "str" options.
159       
160        * Fixed make-known-hosts.pl so that it will first send SIGINT to
161        ssh and then wait 1 second before sending SIGKILL. This will allow
162        ssh-client to die cleanly and restore the terminal settings before
163        exiting.
164       
165        * Added code that will ignore the string given to SSH_MSG_IGNORE.
166        Bug reported by Bernard Perrot <perrot@lal.in2p3.fr>.
167       
168        * Check that proxy command isn't empy before starting it. Patch
169        from Chuck Goodhart <ceg@alumni.caltech.edu>.
170       
171        * Patch from John P.Speno <speno@isc.upenn.edu> to allow osf c2
172        resources to be set to 0.
173       
174        * Added default processing of SIGPWR signal.
175       
176        * Configurable password prompt from Maciej W. Rozycki
177        <macro@ds2.pg.gda.pl>.
178       
179        * Utmpx fix from Ofer Licht <ofer@stat.Berkeley.EDU>.
180       
181        * Added .rhosts to understand #-comment in the end of the line.
182        Patch from <lamont@cranston.fc.hp.com>.
183       
184        * Added libwrap calls to debug mode sshd also.
185       
186        * Added patch that will force password change if OSF C2 password
187        is expired. Patch from Florian Fuchs.
188       
189        * Added grabbing of keyboard in ssh-askpass. Patch from Raymund
190        Will <ray@caldera.de>.
191       
192        * Small patch for debian linux for sparcs.
193       
194        * Added cray T3E patches from Kaj Mustikkamäki
195        (kaj.mustikkamaki@csc.fi).
196       
197        * Added code that will set resource limits under BSD/OS. Patch
198        from Payl Borman <prb@bsdi.com>.
199
200Fri Apr 17 01:46:00 1998  Tero Kivinen  <kivinen@ssh.fi>
201
202        * Fixed ttyslot code. Fixed NeXT inline assembler codes. Patches
203        from Corey Satten <corey@cac.washington.edu>.   
204       
205        * Added setting of REMOTEUSER environment variable name if remote
206        username available.
207       
208        * Added setting of AUTHSTATE and KRB5CCNAME environment variables
209        if we have authenticate() in AIX. Patch from Matt Richards
210        (v2matt@btv.ibm.com).
211       
212        * Added configure option --with-nologin-allow[=/etc/nologin.allow]
213        to have sshd read the given file for a list of usernames exempt
214        from /etc/nologin. This allows administrators retain remote access
215        in the case of needed maintainence when users needed to not be on
216        the system. Jointly created by Philip Kizer <pckizer@nostrum.com>
217        and <steele@nostrum.com>.
218       
219        * FreeBSD /etc/login.conf capabilities patches from Steve Birnbaum
220        <sbirn@security.org.il> and torstenb@FreeBSD.ORG.
221       
222        * Added setsid patch for -f option in ssh from Garance A Drosehn
223        <gad@eclipse.its.rpi.edu>.
224
225Tue Mar 31 00:39:51 1998  Tero Kivinen  <kivinen@ssh.fi>
226
227        * Fixed 2 GB file handling in scp. Bug reported by Anthony
228        Talltree <aad@nwnet.net>.
229       
230        * Added checking of system default lock from John P.Speno
231        <speno@isc.upenn.edu>.
232
233Fri Mar 27 15:17:04 1998  Tero Kivinen  <kivinen@ssh.fi>
234
235        * Added IgnoreRootRhosts option to server config file. Patch from
236        Luke Mewburn <lm@cs.rmit.edu.au>.
237       
238        * Fixed idle_timeout code in serverloop.c. Patch from Bob Goellner
239        <bgelnr@bbn.com>.
240       
241        * Moved initgroups before closing all filedescriptors. Patch from
242        Donald Buczek <buczek@MPING-Berlin-Dahlem.MPG.DE>.
243       
244        * Added patch from Bill O'Neill <woneill@thunder.ocis.temple.edu>
245        that will fix the Digital Unix 4.0 C2 password expiration
246        problems.
247       
248        * Allow authentication socket to be symlink, if we are not suid.
249        Patch from Steve Birnbaum <sbirn@security.org.il>.
250       
251        * Combined two getpwent calls in the ssh.c to get around bug in
252        red hat 4.2 nis library.
253       
254        * gmp-2.0.2-ssh-2/mpf/set_str.c (mpf_set_str) [!__STDC__]: Add
255        const to STR argument, to match decl in ../gmp.h from Brendan
256        Kehoe <brendan@cygnus.com>.
257       
258        * Added GatewayPorts option and -g option from Steve Bellovin
259        <smb@research.att.com>.
260       
261        * Added SIGDANGER patch from Steve Bonds <sbonds@agora.rdrop.com>.
262       
263        * Added socks5 with kerberos patches from E. Jay Berkenbilt
264        <ejb@ql.org>.
265       
266        * Added using of aix authenticate function if it exists from Matt
267        Richards (v2matt@btv.ibm.com).
268       
269        * Added check that kerberos initialization succeeds from Dima
270        Ruban (dima@best.net).
271       
272        * Added dectection of ttyslot function in the configure.in.
273       
274        * NeXT patches from Corey Satten <corey@cac.washington.edu>.
275       
276        * Fixed too early free of authsocket in the authfd.c (reported by
277        many people).
278       
279        * Added check that .rhosts/.shosts file cannot have any other
280        control characters except whitespaces. Problem described by Theo
281        de Raadt <deraadt@cvs.openbsd.org>.
282       
283        * Disabled TCP_NODELAY and added --enable-tcp-nodelay configure
284        option to enable it again (Sean Doran <smb@ebone.net>).
285               
286        * Added support for X11 socket being in the /var/X/.X11-unix
287        instead of /tmp/.X11-unix directory (mcr@sandelman.ottawa.on.ca).
288
289Wed Jan 21 16:02:01 1998  Tero Kivinen  <kivinen@ssh.fi>
290
291        * includes.h (S_ISLNK): Fixed bug reported by Paul J. Sanchez
292        <paul@spectrum.slu.edu>.
293
294Sat Jan  3 07:11:58 1998  Tero Kivinen  <kivinen@ssh.fi>
295
296        * Fixed bug in {Allow,Deny}ForwardingTo host name handling. The
297        host name was not nul terminated properly.
298       
299        * Added {Allow,Deny}groups patch from Jason Ackley
300        <jason@viaccess.net>.
301
302Fri Jan  2 04:51:21 1998  Tero Kivinen  <kivinen@ssh.fi>
303
304        * (F-SECURE): Added support for {Allow,Deny}Forwarding{To,Port}
305        options in authorized_keys file.
306       
307        * Fixed ssh-agent dying when it received SIGPIPE when user
308        pressed Ctrl-C in middle of login process.
309       
310        * Changed authorized_keys file options to be case insensitive.
311       
312        * Confirmed that ssh is Y2K compliant. The HAVE_USERSEC_H code in
313        login_permitted function in sshd.c file is the only code that has
314        some Y2K problems. The expiration format returned by getuserattr
315        is only yymmddhhmm, and when login_permitted converts it to
316        normalized format that assumes that if yy < 70 then it must be
317        20yy, otherwise assume it to be 19yy. This means that you cannot
318        now have users whose account expires after year 2070.
319
320        * Confirmed that on enviroments where time_t is 32 bit unsigned
321        long or 64 bit value ssh should also be Y2038 complient.
322       
323        * GMP configure patch for FreeBSD/ELF system from Ollivier Robert
324        <reberto@keltia.freenix.fr>.
325       
326        * Added CheckMail patch from Aaron Gowatch <aarong@wired.com>.
327       
328        * Added patch from Nick Nibma <nick.hibma@jrc.it> that will change
329        password from from "foo's password" to foo@bar's password.
330       
331        * Implemented -k option for ssh-agent (kill agent) suggested by
332        Charles M. Hannum <mycroft@mit.edu>
333
334        * Fixed agent socket opening code for suid versions.
335       
336        * Renamed SSH_AUTHENCATION_SOCKET to SSH_AUTH_SOCK, because some
337        environments have limit for environment variable lengths.
338       
339        * Added XAuthLocation and kerberos 5 patch from Harry G. McGavran
340        Jr. <hgm@lanl.gov>.
341       
342        * Added OSF C2 user account locked and expired checks and user
343        default resource limits patch from Joao Castro
344        <jcastro@ist.utl.pt>.
345       
346        * Added BSDI /etc/login.conf and password expiration warning
347        patches from Jason Ackley <jason@ackley.net>.
348       
349Mon Apr 28 00:53:04 1997  Tero Kivinen  <kivinen@ssh.fi>
350
351        * (F-SECURE): Added {Allow,Deny}Forwarding{To,Port} feature.
352       
353        * Added {Allow,Deny}Users feature from Steve Kann
354        <stevek@SteveK.COM>.
355
356Wed Apr 23 02:56:20 1997  Tero Kivinen  <kivinen@ssh.fi>
357
358        * scp: Added -oClearAllForwardings yes to ssh command line, so if
359        you have forwardings in config file you can still use scp without
360        errors because ssh cannot bind those same sockets.
361       
362        * Added ClearAllForwardings and NumberOfPasswordPrompts options.
363       
364        * Fixed SIGINFO check.
365
366        * Added check that getpseudotty function exists before using, we
367        cannot assume it exists if /dev/getpty exists, because some dynix
368        systems have /dev/getpty but no getpseudotty function.
369       
370        * Added check that spwd struct have sp_expire and sp_inact fields.
371               
372        * Added WRAPLIBS to Makefile.in and configure.in so libwrap is
373        linked to only ssh and sshd.
374
375Mon Apr 21 05:47:46 1997  Tero Kivinen  <kivinen@ssh.fi>
376
377        * Added -S option to scp (specifies path to ssh program).
378       
379        * Added waitpid loop to main_sigchld_handler if we have it.
380       
381        * Changed server_loop to call pty_cleanup_proc instead of
382        pty_release, added check to pty_cleanup_proc so it will not
383        cleanup pty twice.
384       
385        * Fixed allow_tcp_forwarding option so it defaults to yes now.
386       
387        * Added AC_MSG_CHECKING/AC_MSG_RESULT to AC_EGREP_HEADER stuff.
388       
389        * Added --enable-deprecated-linux-pw-encrypt option to configure.
390       
391        * Added compat code for Dynix. It have incompatible SIGINFO
392        defination in sys/siginfo.h.
393
394Thu Apr 17 02:06:16 1997  Tero Kivinen  <kivinen@ssh.fi>
395
396        * scp now understands -o options, and passes them to ssh.
397       
398        * Some kerberos DCE fixes from Doug Engert <DEEngert@anl.gov>.
399       
400        * Added read_confirmation function to readpass.c that will ask
401        confirmation from user using either stdin or /dev/tty. This is
402        used when using StrictHostKeyChecking is set to ask.
403       
404        * Changed StrictHostKeyChecking to have three states: yes/no/ask.
405        Idea from Markus Linnala <maage@ee.tut.fi>.
406
407        * Fixed make-ssh-known-hosts.pl to use 3des instead of rc4.
408       
409        * Added -p option to ssh-add (read passphrase from pipe). Idea
410        from Charles Karney <karney@pppl.gov>.
411               
412        * Added signal(SIGCHLD, SIG_DFL) on child before using libwrap
413        stuff in sshd.c.
414       
415        * Fixed mv sshd sshd.old to use correct directory (sbindir).
416        (reported by several people).
417       
418        * Fixed putenvs in the xstrdup (reported by several people).
419
420Sun Apr  6 00:41:55 1997  Tero Kivinen  <kivinen@ssh.fi>
421
422        * gmp: Added -Wa,+DA1.1 to SFLAGS on hppa1.1 machines.
423        Fixed the (cd mpn; ...) > foo stuff so that it works even if
424        some brain damaged cd prints something (it does in hpsux).
425       
426        * Removed restriction that ssh only used priviledged port if
427        server port was < 1024.
428       
429        * Added setting of allow_severity and deny_severity in ssh.c too,
430        because newchannels.c uses libwrap also.
431       
432        * Fixed ssh-agent option parsing.
433
434        * Added -- option support in ssh-agent, patch from
435        Charles M. Hannum <mycroft@gnu.ai.mit.edu>.
436       
437        * Added closing of agent socket in parent process, patch from
438        Charles M. Hannum <mycroft@gnu.ai.mit.edu>.
439       
440        * Added check for existance of O_NOCTTY (patch from
441        KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>).
442       
443        * Added setting of SSH_AGENT_PID when running command too.
444
445        * Fixed ssh-add SECURE_RPC support, so it will work even if no
446        passphrase is found.
447       
448        * Fixed closing of pty, and changed it to use shutdown first and
449        close the pty only after pty have been released, patch from
450        Charles M. Hannum <mycroft@gnu.ai.mit.edu>.
451       
452        * Fixed typo on allow_tcp_forwarding code.
453       
454        * Fixed the quoting of ' character in readpass.
455       
456        * Added check for $HOME/MailBox as mail spool file in configure.
457       
458        * Fixed kerberos patches (KRB5 define, error_code, -lcom_err and
459        unbalanced } in sshconnect.c).
460       
461        * Changed make install so it will rename old ssh to ssh.old and
462        then install new version.
463
464Thu Mar 27 04:49:50 1997  Tero Kivinen  <kivinen@ssh.fi>
465
466        * Added kerberos patches from Glenn Machin <gmachin@sandia.gov>.
467       
468        * Added --with-login-patch from Brian Cully <shmit@panix.com>.
469
470Wed Mar 26 05:21:04 1997  Tero Kivinen  <kivinen@ssh.fi>
471
472        * Added IdleTimeout option for server and idle-timeout for
473        authorized_keys file that can set idle-timeout for process.     
474       
475        * Added -P option and UsePriviledgedPort option.
476       
477        * Sony NEWS-OS 6 patches from kjm@rins.ryukoku.ac.jp (KOJIMA
478        Hajime).
479
480Tue Mar 25 04:18:49 1997  Tero Kivinen  <kivinen@ssh.fi>
481
482        * Patch for AIX 4.1 pty detection in configure from jay@pcc.com
483        (Jay Schuster).
484       
485        * Config patch for NEWS-OS 4.2.1R from Makoto MATSUSHITA
486        <matusita@ics.es.osaka-u.ac.jp>.
487       
488        * Use daemon() if it exists. Patch from mycroft@gnu.ai.mit.edu
489        (Charles M. Hannum).
490       
491        * Added SilentDeny option proposed by Timo Rinne (tri@iki.fi).
492       
493        * Changed config file option handling to allow "=" character
494        between options, now you can write -o FallBackToRsh=no in command
495        line. Also made config file options case insensitive.
496       
497        * Added umask server option.
498       
499        * Added no_utmpx=yes for AIX 4.2, fix  from John M. Sellens
500        <jmsellen@watdragon.uwaterloo.ca>.
501       
502        * Moved libwrap code to child, patch from wietse@wzv.win.tue.nl
503        (Wietse Venema).
504       
505        * Added HP-UX pty patch from LaMont Jones
506        <lamont@cranston.fc.hp.com>.
507
508Wed Mar 19 17:49:36 1997  Tero Kivinen  <kivinen@ssh.fi>
509
510        * Added SSH_ORIGINAL_COMMAND environment variable setting. It
511        will have the original command from the network when using
512        forced command. It can be used to get arguments for forced
513        command.
514
515        * Disabled x11 and port forwardings if host key have changed.
516       
517        * Added yes/no prompt if host key is not known or changed.
518       
519        * Added local mapping of "localhost" to "127.0.0.1" to avoid dns
520        attacks for localhost (the host key checking is disabled for
521        localhost).
522
523        * Added checks that public key exponent cannot be less than 3.
524       
525        * Fixed libshadow checks in the configure.in for linux.
526
527        * Added checks if openpty can be found from libbsd.
528
529        * Fixed --with-{libwrap,socks*,rsaref} argument handling.
530
531        * Added --disable-suid-ssh option. Added support for it in
532        Makefile.in
533       
534        * Rewrote the make dist support so it works if you are using
535        separate object directory too.
536       
537        * Updated zlib version to 1.0.4.
538       
539        * Added checks that x11 and authentication agent forwarding is
540        really requested when open requests is received.
541       
542        * Fixed SIGCHLD race condition.
543       
544        * Changed do_authentication to get cipher_type, so it can
545        disable RhostsRsa authentication if using unsecure cipher
546        (NONE, or ARCFOUR).
547
548        * Changed order of environment variables set to child, because
549        digital unixes telnet dumps core if USER is the first
550        environment variable set.
551       
552        * Added code that will set all ip-address to xauth so it should
553        work for multihosted machines too. Dont use xauth add
554        host/unix:0 on crays, because it complains about it. Patch
555        from Arne Henrik Juul <arnej@imf.unit.no>.
556
557        * Disabled agent forwarding from client if server host key doesn't
558        match.
559       
560        * Removed DES from as mandatory cipher in the protocol.
561       
562        * Added README.CIPHERS to tell some words about different ciphers.
563       
564        * Made all ciphers includation configurable by configure.
565       
566        * If configured ssh program isn't found in scp, try to find ssh
567        from the same directory scp program is run.
568       
569        * Fixed /bin/sh command syntax printed by ssh-agent (from Hannu
570        Napari <napo@tcm.hut.fi>).
571       
572        * Added -c and -s options to ssh-agent (tell shell style).     
573       
574        * Added quoting of passphrace prompting prompt.
575       
576        * Disabled arcfour (see README.CIPHERS for more information).
577       
578        * Disabled single des.
579
580        * Disabled none-encryption.
581       
582        * Limit hostname and username to 255 characters.
583       
584        * Added SECURE_RPC, SECURE_NFS and NIS_PLUS support from Andy
585        Polyakov <appro@fy.chalmers.se>.
586       
587        * Added TIS authentication code from Andre April
588        <Andre.April@cediti.be>.
589
590Fri Jan 10 17:15:15 EET 1997  Tomi Salo <ttsalo@ssh.fi>
591
592        * login.c: Merged a patch for SunOS/Solaris from Scott Schwartz
593        <schwartz@galapagos.cse.psu.edu>. (Now ttyslot() is used for
594        writing to utmp)
595
596Wed Jan  8 15:19:19 EET 1997  Tomi Salo <ttsalo@ssh.fi>
597
598        * osfc2.c: A fix for OSF/1 passwords from
599        Steve VanDevender <stevev@hexadecimal.uoregon.edu> merged.
600       
601Fri Jan  3 16:59:57 EET 1997  Tomi Salo <ttsalo@ssh.fi>
602
603        * DYNIX/ptx2 patch from Kenneth Stailey
604        <kstailey@eagle.dol-esa.gov> merged to configure.in
605       
606Mon Dec 16 17:50:08 EET 1996  Tomi Salo <ttsalo@ssh.fi>
607
608        * New option: X11DisplayOffset, from Jari Kokko <jari@pilvi.fi>
609
610Wed Nov 20 00:43:08 1996  Tero Kivinen  <kivinen@ssh.fi>
611
612        * gmp/mpn/m68k/syntax.h: Fixed bug in ALIGN for SONY_SYNTAX.
613       
614        * gmp/configure.in: Added system specific setting for solaris when
615        using CC (add -Xs to CPP).
616
617        * configure.in: Fixed CC for IRIX 6.2 systems (CC="cc -n32").
618       
619        * authfd.c: Changed socket directory checks so that if the
620        original_real_uid is root do not check the file owner.
621
622        * Makefile.in: Added rm -f TAGS before making tags.
623
624Tue Nov 12 17:50:08 EET 1996  Tomi Salo <ttsalo@ssh.fi>
625
626        * FreeBSD pty allocation patch from Andrey Chernov merged.
627
628Sat Nov  9 19:29:39 EET 1996  Tomi Salo <ttsalo@ssh.fi>
629
630        * Patch from mouse@Holo.Rodents.Montreal.QC.CA to ssh-keygen.c
631        (now tells the user the real assumed name of the key, not just
632        $HOME/%s)
633       
634Thu Nov  7 08:49:38 1996  Tero Kivinen  <kivinen@ssh.fi>
635
636        * Allow user@host for ssh too. Patch from peter@baileynm.com
637        (Peter da Silva).
638       
639        * Fixed foos's password: prompt to foos' password:, requested by
640        Peter Simons <simons@petium.rhein.de>.
641
642Tue Nov  5 00:13:52 1996  Tero Kivinen  <kivinen@ssh.fi>
643
644        * ssh.c (main): Fixed warning message of old agent to be displayed
645        only if user really tried to forward agent (agent running and
646        forwarding is not disabled).
647
648Mon Nov  4 18:24:43 EET 1996  Tomi Salo  <ttsalo@ssh.fi>
649
650        * sshconnect.c: patch to improve error handling in code receiving
651        protocol version byte, from Bill Fenner <fenner@parc.xerox.com>
652
653Wed Oct 30 00:11:34 1996  Tero Kivinen  <kivinen@ssh.fi>
654
655        * Added username to password prompt.
656
657        * Made checks even more strict in
658        auth_input_request_forwarding().
659       
660        * Renamed log() function to log_msg().
661       
662        * Upgraded from gmp-2.0.2 to gmp-2.0.2-ssh-2 (gmp 2.0.2 with
663        autoconf scripts made by Tatu Ylonen)
664
665        * Cleaned up TODO file.
666
667        * Changed protocol version to 1.5 so new ssh client and server
668        can detect old (erroneous) agent forwarding protocol, and
669        disable agent forwarding.
670
671        * Do not define SSH_AUTHENTICATION_SOCKET environment variable
672        if the agent could not be started.
673       
674Tue Oct 29 12:34:29 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
675
676        * Improved the security of auth_input_request_forwarding().
677
678        * Agent's behaviour improved: socket is created and listened to
679        before forking, and if creation fails, parent still executes
680        the specified command (without forking the child).
681
682Mon Oct 28 18:31:03 1996  Tatu Ylonen  <ylo@pilari.ssh.fi>
683
684        * Added Cray T90. Fixed recognition of mc88110.
685
686Thu Oct 24 14:05:44 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
687
688        * Cleaning up old fd-auth trash.
689       
690Wed Oct 23 16:00:19 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
691
692        * Renamed BINDIR from Makefile to SSH_BINDIR.
693
694Mon Oct 21 16:28:43 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
695
696        * Window resizing fix for ultrix & NeXT from Corey Satten
697
698        * New agent code. Many changes, agent stuff should now work as
699        defined in the specs.
700
701Sat Oct 19 02:02:24 1996  Tatu Ylonen  <ylo@pilari.ssh.fi>
702
703        * Upgraded to the latest config.guess (from autoconf-2.10).
704        Included recent patches by ttsalo (for openbsd).
705        m68k-apple-sysv is now called m68k-apple-aux*.
706       
707Mon Oct 14 14:17:14 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
708
709        * Install X_PROGRAMS too.
710
711        * Configuring for OpenBSD (from Thorsten Lockert
712        <tholo@SigmaSoft.COM>
713
714Fri Oct 11 13:01:56 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
715
716        * Fixed the checking of existence of authorized_keys.
717       
718Tue Oct  8 13:50:44 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
719
720        * Allow long passwords for HP-UX TCB authentication.
721       
722Mon Oct  7 14:40:45 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
723
724        * Configuring for hurd, a small fix to do_popen(),
725        check in minfd.c, conditional use of TCP_NODELAY in
726        packet.c from "Charles M. Hannum" <mycroft@gnu.ai.mit.edu>
727        added.
728
729Sat Oct  5 12:21:03 1996  Tatu Ylonen  <ylo@pilari.ssh.fi>
730
731        * (yesterday) Released ssh-1.2.16.
732       
733        * (yesterday) Fixed a bug in RSA authentication caused by
734          previous changes.
735       
736Fri Oct  4 05:57:59 1996  Tatu Ylonen  <ylo@pilari.ssh.fi>
737
738        * Released ssh-1.2.15.
739
740Thu Oct  3 16:53:31 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
741
742        * Configuring for Macintosh A/UX system from
743        Lawrie.Brown@adfa.oz.au added
744
745        * Cipher-update feature added to ssh-keygen
746       
747Sat Sep 28 15:23:31 1996  Tatu Ylonen  <ylo@pilari.ssh.fi>
748
749        * Default identity file cipher is now 3DES to make identity files
750          compatible between implementations that support IDEA and those
751          that don't.
752
753        * Merged workaround for channel deadlock problem.  This may cause
754          sshd to grow unboundedly under special circumstances!
755
756        * Merged ultrix and Next patches from Corey Satten.
757
758Fri Sep 27 17:14:14 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
759
760        * Major changes in ssh-agent-socket handling. See
761        comments in ssh.h.
762
763        * Patch for HPUX 10.x shadow passwords from
764        vincent@ucthpx.uct.ac.za (Russell Vincent)
765
766        * BSD default path definition patch from Andrey A. Chernov
767
768        * SSH uses now GMP 2.0.
769
770        * Added new encryption scheme: Blowfish.
771
772        XXX Changelog hasn't been actively maintained for a long time;
773        check the per-file CVS logs for changes...
774       
775Thu Sep 12 01:06:47 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
776
777        * configure.in,config.h.in: Included SOCKS5 support (from David
778          Kågedal <davidk@lysator.liu.se>)
779
780Fri Jul 12 09:16:36 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
781
782        * configure.in, Makefile.in: Detached ssh-askpass from
783        NORMAL_PROGRAMS to X_PROGRAMS, which is defined if X is
784        found.
785
786        * configure.in, login.c: Two small fixes for Cray (-lrsc,
787        length of utmp id) and configuring in zlib-1.0.3.
788
789        * newchannels.c: Fixed X11 connection socket paths for
790        HP-UX.
791
792Tue Jul  2 10:20:17 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
793
794        * configure.in: Added -lipc for bdsi 2.1
795
796Thu Jun 27 13:47:14 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
797
798        * login.c (record_login): FreeBSD doesn't tolerate > 16
799        char hostnames, use ipaddr instead
800
801        * channels.c (channel_after_select): Merged fixes for
802        tcp-wrappers from Rafal Maszkowski <rzm@torun.pdi.net>
803
804Wed Jun 26 10:37:19 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
805
806        * configure.in, pty.c (pty_allocate): Again a new way of
807        allocating pseudo ttys, getpseudotty() in DYNIX/ptx 2.1. Also
808        changes in configure.in for DYNIX.
809
810        * sshd.c: use setpgrp() instead of setsid() on ultrix (as in
811        versions < 1.5).
812
813        * config.h, configure.in, includes.h, login.c, signals.c: Merged
814        SCO fixes from Brian Murrell <Brian_Murrell@bctel.net>.
815
816Tue Jun 25 16:31:40 1996  Tomi Salo  <ttsalo@piippu.ssh.fi>
817
818        * pty.c (pty_allocate): Merged SCO fixes from Gert Doering
819        <gert@greenie.muc.de>.
820
821Fri Apr 26 03:12:19 1996  Tatu Ylonen  <ylo@pilari.ssh.fi>
822
823        * sshd.c: Fixed ip address in "Closing connection" message when
824          run from inetd.
825
826        * sshd.c: Improved error messages related to not being able to
827          read host key when not root.
828
829        * ssh-agent.c: Fixed bugs when receiving multiple simultaneous
830          connections.
831
832        * ssh-agent.c: Fixed major memory leaks.
833
834        * signals.c: Check for SIGURG == ISGIO (Linux).
835
836        * pty.c: Fixed process group setting on NeXT.
837
838        * mpaux.c: Fixed some 32-bit dependencies to make the code run on
839          16-bit machines.
840
841        * No longer check for perl5.001 (just perl5 and perl now).
842
843        * Also grep "installed" when checking for OSF/1 C2 security.
844
845        * Fixed SOCKS support.  Fixed bugs in reconnecting with SOCKS.
846
847        * Added support for HPUX 7.x.
848
849        * Makefile.in: don't include make-ssh-known-hosts.1 in
850          DISTFILES.
851
852        * No longer remove some long ago obsoleted files in install.
853
854Sun Feb 18 18:20:26 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
855
856        * sshd.c: Use setluid to set login uid on OSF/1.
857
858Thu Feb 15 11:17:26 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
859
860        * sshconnect.c: When connecting with proxy, close userfile pipes
861          after fork.
862
863Wed Feb 14 00:28:50 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
864
865        * configure.in: don't use setsid on mips-dec-mach3.
866
867        * cipher.h: comments about len in encrypt and decrypt.
868
869Sun Feb 11 16:35:37 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
870
871        * Released 1.2.13.
872
873        * sshd.8.in: Fixed a minor typo.
874
875        * configure.in: Give error on linux if the system has the libg.sa bug.
876
877        * servconf.c: Fixed pid file default setting.
878
879Sat Feb 10 14:33:29 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
880
881        * Changed licensing conditions in COPYING.
882
883        * ssh.c: Recognize -8 as an option (but it is ignored, as ssh is
884          always 8-bit clean).
885
886        * sshd.8.in: Documented SIGHUP.
887
888        * Merged PidFile patches from Danek Duvall
889          <duvall@dhduvall.student.princeton.edu>.
890
891        * sshd.c (and other files): added new packet type
892          SSH_CMSG_MAX_PACKET_SIZE.  This can be used to limit packet size
893          sent by the server, which is helpful when implementing the Windows
894          client, as it is troublesome to manipulate buffers larger than 64k
895          on Windows.
896
897        * channels.c (channel_output_poll): Don't emit any more data to
898          the output buffer from channels if it is already quite full.
899          This may reduce problems with X or TCP/IP traffic jamming the
900          interactive shell and/or prevent the size of sshd growing.
901
902        * sshd.c (do_child): clear the random number generator before
903          changing uid.
904
905        * sshd.c (do_child): Run $HOME/.ssh/rc and /etc/sshrc with the
906          user's shell.  These used to be run with /bin/sh even if the
907          user's shell was /bin/sync.
908
909Fri Feb  9 00:35:21 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
910
911        * userfile.c (do_popen): Preserve XAUTHORITY.
912
913        * sshconnect.c: When initializing the random number generator,
914          read also some noise from the systemwide seed file.  This
915          prevents the user from guessing his own session key (which,
916          together with sophisticated IP spoofing attacks on the local
917          network, might be exploited to masquerade as another user).
918
919        * ssh.c: Moved the fork caused by the -f option until after all
920          forwardings have been started.  This makes it more useful in
921          scripts.
922
923        * Eliminated rc4.  Added arcfour, which is a cipher based on a
924          usenet posting in Spring-1995.  It is widely believed and has
925          been tested to be equivalent with RC4 (RC4 is a trademark of RSA
926          Data Security).
927
928        * configure.in: Added check to determine if found rsh is actually
929          ssh.  This helps to avoid errors where ssh enters a loop
930          executing itself when trying to fall back to rsh.
931
932        * New functions log_severity() and fatal_severity().  These
933          are like log() and fatal(), but allow specifying the severity
934          of the logged message.  The primary purpose of these functions
935          is to avoid innocuous messages (e.g. connection closed) being
936          logged with high severity.
937
938        * servconf.c, readconf.c: accept "true" and "false" as values for
939          yes/no options.
940
941Thu Feb  8 13:51:59 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
942
943        * sshd.c: moved userfile_uninit() to before forking the child.
944
945        * Merged make-ssh-known-hosts changed from kivinen@niksula.hut.fi.
946
947            * added builtin ping (much faster, because you can set the
948              timeout to very short value (1-2 seconds, default is 3
949              seconds), and because it 'pings' the ssh port it will find
950              only those hosts with sshd running.
951
952            * recursive scanning (scans all subdomains of domain
953              automatically, use --norecursive to turn it off).
954
955            * automatically use all nameserver entries for domain until
956              it will get something if the origin or other nameservers
957              refuse to answer queries.
958
959            * trust the key returned from daemon by default (use
960              --notrustdaemon to get old behavior).
961
962            * --keyscan option that will make list of hosts for keyscan
963              (not compatible with current version ssh-keyscan, because it
964              will output all ipaddress separated with commas in the
965              ipaddress field, and ssh-keyscan expects only one ipaddress,
966              hopefully ssh-keyscan will accept this format too later, for
967              now you can use sed 's/^\([0-9.]*\),[,0-9.]*/\1/g' to make it
968              ssh-keyscan compatible).
969
970            * added some diagnostic prints to generated ssh_known_hosts:
971              # Domain = hut.fi, server = Santra.Hut.Fi
972              # Found 4391 hosts, 361 CNAMEs (total 11570 lines)
973              # SOA = santra.hut.fi jtv.hut.fi. (10001423 3600 300 3600000
974                3600)
975       
976Mon Feb  5 20:41:29 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
977
978        * ssh-askpass.wish: Merged changes from Antti Huima
979          <ahuima@niksula.hut.fi>.
980
981        * Removed garbage line from RFC.
982
983Mon Jan 29 23:45:58 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
984
985        * canohost.c (get_remote_ipaddr): If using two different
986          descriptors, check if they are internet-domain sockets with
987          the same peername; if so, return that address.  This should make
988          ssh be able to return the correct peername when started from
989          inetd.
990
991Fri Jan 26 23:10:20 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
992
993        * pty.c: Merged Cray pty fixes from Wayne Schroeder
994          <schroede@SDSC.EDU>.
995
996Thu Jan 25 08:05:18 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
997       
998        * sshd.c (do_child): moved clearing of resources before switching
999          to user privileges.
1000       
1001        * sshd.c: Fixed a bug where fclose was used for a file opened with
1002          popen.
1003
1004        * randoms.c (random_acquire_light_environmental_noise): Take 128
1005          bits of noise from /dev/random about every five minutes.  It
1006          used to be more often, but people were complaining that ssh
1007          completely exhausts /dev/random.
1008
1009        * Eliminated uid swapping code.
1010
1011Wed Jan 24 13:06:24 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1012
1013        * Makefile.in: $$ (referring to current pid) -> $$$$ because
1014          "make" eats the other $.
1015
1016Mon Jan 22 01:21:41 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1017
1018        * serverloop.c: fixed problems with data not always being sent to
1019          the client.
1020
1021Sun Jan 21 13:31:55 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1022
1023        * Makefile.in (install): Install scripts with INSTALL_DATA (patch
1024          from Andrey Chernov <ache@astral.msk.su>).
1025
1026Wed Jan 17 11:45:05 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1027
1028        * configure.in: Added checking for libshadow.a if have /etc/shadow.
1029
1030Mon Jan 15 10:13:52 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1031
1032        * buffer.c (buffer_append_space): Decreased buffer size increase
1033          from 32768 bytes to 4096 bytes.  This should reduce the ssh
1034          process size in interactive use.
1035
1036Sun Jan 14 10:29:19 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1037
1038        * canohost.c (get_remote_hostname): Socket options (such as source
1039          routing) were checked for descriptor 0, which is wrong.  Fixed.
1040
1041Thu Jan 11 18:48:09 1996  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1042
1043        * sshd.c: Add BINDIR to DEFAULT_PATH.  The primary purpose of this
1044          is to make it more likely that scp will be found on the remote
1045          machine in case the shell does not read the user's rc-files.
1046          Corresponding changes in Makefile.in.
1047
1048        * configure.in: Added code to recognize $HOME/.MailBox as a possible
1049          incoming mailbox name (to be set in MAIL environment variable).
1050          sshd.c: code to handle MAIL_SPOOL_FILE
1051          acconfig.h: HAVE_TILDE_NEWMAIL -> MAIL_SPOOL_FILE
1052
1053        * configure.in: Add -linet on Dynix/ptx (from geek+@cmu.edu).
1054
1055        * login.c: Added SysVr4 (Solaris) utmp patches from Ian Donaldson
1056          <iand@aone.com.au>.
1057          configure.in: Added check for makeutx.
1058
1059        * Makefile.in: Added target hostinstall.  This can be used in a
1060          networked environment to generate host key and install config
1061          files on other machines after installing the binaries to a shared
1062          directory on one machine.
1063
1064        * sshd.c (login_permitted): Added code to check for expired
1065          accounts on AIX.  Also checks whether remote logins to the
1066          account are permitted.
1067
1068        * configure.in: Added check for -lauth (function
1069          authenticate_user) in Ultrix-specific code.
1070
1071        * random.c (initstate): Changed to use unsigned int instead of
1072          u_int (u_int is not defined on all systems).
1073
1074        * pty.c (pty_allocate): Use revoke() if it exists.  Added check
1075          for it in configure (patches from Christos Zoulas
1076          <christos@deshaw.com>).
1077
1078        * When falling back to rlogin, run rlogin if called as rlogin or
1079          rsh.  Otherwise, rsh may exec wrong rlogin, resulting in a loop.
1080
1081        * sshd.c (main): Print host type with -d.
1082          ssh.c: Print host type with -v.
1083
1084        * ssh.c (rsh_connect): Made rlogin run rlogin, rsh run rsh, etc.
1085
1086        * configure.in: Changed to use autoconf-2.7.
1087          Makefile.in: made bindir, sbindir, mandir separately configurable.
1088          config.guess: updated to config.guess from autoconf-2.7.
1089       
1090        * channels.c (x11_input_open): Use /tmp/.X11-unix/`hostname`0
1091          instead of /tmp/.X11-unix/X0 on HPSUX.
1092
1093        * configure.in: No vhangup on MachTen.
1094          includes.h: need machine/endian.h on MachTen.
1095
1096Sat Dec 16 14:03:21 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1097
1098        * Removed LIBS from gen_minfd link line.
1099
1100Tue Dec  5 12:22:20 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1101
1102        * Minor fixes to ssh.1.in.
1103
1104        * auth-passwd.c: fixed C2 security password authentication on alpha.
1105
1106        * sshd.c: increased SO_LINGER times to 15 seconds.
1107
1108Fri Dec  1 14:12:31 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1109
1110        * sshd.c, pty.c: Call setsid() also for non-pty logins.  This is
1111          needed on BSD 4.4, where setlogin() works on a process group
1112          basis (What a Stupid Idea!), and setlogin() is being changed in
1113          FreeBSD to only work for process group leaders (Continued Brain
1114          Damage!).
1115
1116        * auth-passwd.c: Added support for Ultrix enhanced security.
1117
1118        * Renamed field "howmany" in authfd.h due to conflicts with system
1119          headers on Solaris 2.4.
1120
1121        * scp.c (sink): Don't use O_TRUNC if ftruncate exists.  Avoids
1122          corrupting files when copying on top of itself.
1123
1124Wed Nov 29 15:57:03 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1125
1126        * Improved debugging messages sent to client when Rhosts/RhostsRSA
1127          authentication fails.
1128
1129        * configure.in, uidswap.c: Fixed uid-swapping on ultrix and aix.
1130
1131        * tildexpand.c: for ~/file, if HOME is set, use it; use getpwnam
1132          in this case only if HOME is not set.
1133
1134Tue Nov 21 03:01:23 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1135
1136        * serverloop.c: Trying to prevent spurious "Waiting for
1137          connections to terminate" messages at client exit.
1138
1139        * ssh.1.in: Fixed small typo (.ne3).
1140
1141        * sshd.c: Fixed other setsid on Ultrix.
1142
1143Fri Nov 17 16:19:20 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1144
1145        * Released 1.2.12.
1146
1147        * channels.c: Commented out debugging messages about output draining.
1148
1149        * Added file OVERVIEW to give some idea about the structure of the
1150          ssh software.
1151
1152Thu Nov 16 16:40:17 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1153
1154        * canohost.c (get_remote_hostname): Don't ever return NULL (causes
1155          segmentation violation).
1156
1157        * sshconnect.c: Host ip address printed incorrectly with -v.
1158       
1159        * Implemented SSH_TTY environment variable.
1160
1161Wed Nov 15 01:47:40 1995  Tatu Ylonen  <ylo@trance.olari.clinet.fi>
1162
1163        * Implemented server and client option KeepAlive to specify
1164          whether to set SO_KEEPALIVE.  Both default to "yes"; to disable
1165          keepalives, set the value to "no" in both the server and the
1166          client configuration files.  Updated manual pages.
1167       
1168        * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp
1169          (patch from Petri Virkkula <argon@bat.cs.hut.fi>).
1170
1171        * login.c (record_logout): Fixed removing user from utmp on BSD
1172          (with HAVE_LIBUTIL_LOGIN).
1173
1174        * Added cleanup functions to be called from fatal().  Arranged for
1175          utmp to be cleaned if sshd terminates by calling fatal (e.g.,
1176          after dropping connection).  Eliminated separate client-side
1177          fatal() functions and moved fatal() to log-client.c.  Made all
1178          cleanups, including channel_stop_listening() and packet_close()
1179          be called using this mechanism.
1180
1181Thu Nov  9 09:58:05 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1182
1183        * sshd.c: Permit immediate login with empty password only if
1184          password authentication is allowed.
1185
1186Wed Nov  8 00:43:55 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1187
1188        * Eliminated unix-domain X11 forwarding.  Inet-domain forwarding is
1189          now the only supported form.  Renamed server option
1190          X11InetForwarding to X11Forwarding, and eliminated
1191          X11UnixForwarding.  Updated documentation.  Updated RFC (marked
1192          the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as
1193          obsolete, and removed all references to it).  Increased protocol
1194          version number to 1.3.
1195
1196        * scp.c (main): Added -B (BatchMode).  Updated manual page.
1197
1198        * Cleaned up and updated all manual pages.
1199
1200        * clientloop.c: Added new escape sequences ~# (lists forwarded
1201          connections), ~& (background ssh when waiting for forwarded
1202          connections to terminate), ~? (list available escapes).
1203          Polished the output of the connection listing.  Updated
1204          documentation.
1205
1206        * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real
1207          uid.  Assume that _POSIX_SAVED_IDS also applies to seteuid.
1208          This may solve problems with tcp_wrappers (libwrap) showing
1209          connections as coming from root.
1210       
1211Tue Nov  7 20:28:57 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1212
1213        * Added RandomSeed server configuration option.  The argument
1214          specifies the location of the random seed file.  Updated
1215          documentation.
1216       
1217        * Locate perl5 in configure.  Generate make-ssh-known-hosts (with
1218          the correct path for perl5) in Makefile.in, and install it with
1219          the other programs.  Updated manual page.
1220
1221        * sshd.c (main): Added a call to umask to set the umask to a
1222          reasonable value.
1223
1224        * compress.c (buffer_compress): Fixed to follow the zlib
1225          documentation (which is slightly confusing).
1226
1227        * INSTALL: Added information about Linux libc.so.4 problem.
1228
1229Mon Nov  6 15:42:36 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1230
1231        * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM.
1232       
1233        * sshd.c, sshd.8.in: Renamed $HOME/.environment ->
1234          $HOME/.ssh/environment.
1235
1236        * configure.in: Disable shadow password checking on convex.
1237          Convex has /etc/shadow, but sets pw_passwd automatically if
1238          running as root.
1239
1240        * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the
1241          pw_passwd field is automatically filled if running as root.
1242          Put explicit code in configure.in to prevent shadow password
1243          checking on FreeBSD and NetBSD.
1244       
1245        * serverloop.c (signchld_handler): Don't print error if wait
1246          returns -1.
1247
1248        * Makefile.in (install): Fixed modes of data files.
1249
1250        * Makefile.in (install): Make links for slogin.1.
1251
1252        * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to
1253          fix the ping command.
1254
1255Fri Nov  3 16:25:28 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1256
1257        * ssh.1.in: Added more information about X11 forwarding.
1258
1259Thu Nov  2 18:42:13 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1260
1261        * Changes to use O_NONBLOCK_BROKEN consistently.
1262
1263        * pty.c (pty_make_controlling_tty): Use setpgid instead of
1264          setsid() on Ultrix.
1265
1266        * includes.h: Removed redundant #undefs for Ultrix and Sony News;
1267          these are already handled in configure.in.
1268
1269Tue Oct 31 13:31:28 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1270
1271        * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found.
1272
1273        * configure.in: Disable vhangup on Ultrix.  I am told this fixes
1274          the server problems.
1275
1276Sat Oct 28 14:22:05 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1277
1278        * sshconnect.c: Fixed a bug in connecting to a multi-homed host.
1279          Restructured the connecting code to never try to use the same
1280          socket a second time after a failed connection.
1281
1282        * Makefile.in: Added explicit -m option to install, and umask 022
1283          when creating directories and the host key.
1284
1285Fri Oct 27 01:05:10 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1286
1287        * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean.
1288
1289        * login.c (get_last_login_time): Fixed a typo (define -> defined).
1290
1291Thu Oct 26 01:28:07 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1292
1293        * configure.in: Moved testing for ANSI C compiler after the host
1294          specific code (problems on HPUX).
1295
1296        * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan.
1297
1298        * Fixed .SH NAME sections in manual pages.
1299
1300        * compress.c: Trying to fix a mysterious bug in the compression
1301          glue.
1302
1303        * ssh-1.2.11.
1304
1305        * scp.c: disable agent forwarding when running ssh from scp.
1306
1307        * Added compression of plaintext packets using the gzip library
1308          (zlib).  Client configuration options Compression and
1309          CompressionLevel (1-9 as in gzip).  New ssh and scp option -C
1310          (to enable compression).  Updated RFC.
1311
1312Wed Oct 25 05:11:55 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1313
1314        * Implemented ProxyCommand stuff based on patches from Bryan
1315          O'Sullivan <bos@serpentine.com>.
1316
1317        * Merged BSD login/logout/lastlog patches from Mark Treacy
1318          <mark@labtam.oz.au>.
1319       
1320        * sshd.c: Added chdir("/").
1321
1322Tue Oct 24 00:29:01 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1323
1324        * Merged RSA environment= patches from Felix Leitner
1325          <leitner@prz.tu-berlin.de> with some changes.
1326       
1327        * sshd.c: Made the packet code use two separate descriptors for
1328          the connection (one for input, the other for output).  This will
1329          make future extensions easier (e.g., non-socket transports, etc.).
1330          sshd -i now uses both stdin and stdout separately.
1331       
1332Mon Oct 23 21:29:28 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1333
1334        * sshd.c: Merged execle -> execve patches from Mark Martinec
1335          <Mark.Martinec@nsc.ijs.si>.  This may help with execle bugs on
1336          Convex (environment not getting passed properly).  This might
1337          also solve similar problems on Sonys; please test!
1338
1339        * Removed all compatibility code for protocol version 1.0.
1340          THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS
1341          PRIOR TO 1.1.0.
1342
1343        * randoms.c (random_acquire_light_environmental_noise): If
1344          /dev/random is available, read up to 32 bytes (256 bits) from
1345          there in non-blocking mode, and mix the new random bytes into
1346          the pool.
1347
1348        * Added client configuration option StrictHostKeyChecking
1349          (disabled by default).  If this is enabled, the client will not
1350          automatically add new host keys to $HOME/.ssh/known_hosts;
1351          instead the connection will be refused if the host key is not
1352          known.  Similarly, if the host key has changed, the connection
1353          will be refused instead if just issuing a warning.  This
1354          provides additional security against man-in-the-middle/trojan
1355          horse attacks (especially in scripts where there is no-one to
1356          see the warnings), but may be quite inconvenient in everyday
1357          interactive use unless /etc/ssh_known_hosts is very complete,
1358          because new host keys must now be added manually.
1359       
1360        * sshconnect.c (ssh_connect): Use the user's uid when creating the
1361          socket and connecting it.  I am hoping that this might help with
1362          tcp_wrappers showing the remote user as root.
1363
1364        * ssh.c: Try inet-domain X11 forwarding regardless of whether we
1365          can get local authorization information.  If we don't, we just
1366          come up with fake information; the forwarding code will anyway
1367          generate its own fake information and validate that the client
1368          knows that information.  It will then substitute our fake
1369          information for that, but that info should get ignored by the
1370          server if it doesn't support it.
1371
1372        * Added option BatchMode to disable password/passphrase querying
1373          in scripts.
1374
1375        * auth-rh-rsa.c: Changed to use uid-swapping when reading
1376          .ssh/known_hosts.
1377
1378        * sshd.8.in (command): Improved documentation of file permissions
1379          on the manual pages.
1380
1381Thu Oct 19 21:05:51 1995  Tatu Ylonen  <ylo@soikko.cs.hut.fi>
1382
1383        * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer
1384          to freed memory (comment -> saved_comment).
1385
1386        * log-server.c: Added a prefix to debug/warning/error/fatal
1387          messages describing message types.  Syslog does not include that
1388          information automatically.
1389
1390Sun Oct  8 01:56:01 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1391
1392        * Merged /etc/default/login and MAIL environment variable changes
1393          from Bryan O'Sullivan <bos@serpentine.com>.
1394            - mail spool file location
1395            - process /etc/default/login
1396            - add HAVE_ETC_DEFAULT_LOGIN
1397            - new function child_get_env and read_etc_default_login (sshd.c)
1398       
1399        * ssh-add.c (add_file): Fixed asking for passphrase.
1400
1401        * Makefile.in: Fixed installing configure-generated man pages when
1402          compiling in a separate object directory.
1403
1404        * sshd.c (main): Moved RSA key generation until after allocating
1405          the port number.  (Actually, the code got duplicated because we
1406          never listen when run from inetd.)
1407
1408        * ssh.c: Fixed a problem that caused scp to hang when called with
1409          stdin closed.
1410
1411Sat Oct  7 03:08:06 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1412
1413        * Added server config option StrictModes.  It specifies whether to
1414          check ownership and modes of home directory and .rhosts files.
1415
1416        * ssh.c: If ssh is renamed/linked to a host name, connect to that
1417          host.
1418
1419        * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from
1420          connection.  Solaris has a kernel bug which causes select() to
1421          sometimes wake up even though there is no data available.
1422
1423        * Display all open connections when printing the "Waiting for
1424          forwarded connections to terminate" message.
1425
1426        * sshd.c, readconf.c: Added X11InetForwarding and
1427          X11UnixForwarding server config options.
1428
1429Thu Oct  5 17:41:16 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1430
1431        * Some more SCO fixes.
1432
1433Tue Oct  3 01:04:34 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1434
1435        * Fixes and cleanups in README, INSTALL, COPYING.
1436
1437Mon Oct  2 03:36:08 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1438
1439        * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...).
1440
1441        * Removed .BR from ".SH NAME" in man pages.
1442
1443Sun Oct  1 04:16:07 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1444
1445        * ssh-1.2.10.
1446       
1447        * configure.in: When checking that the compiler works, check that
1448          it understands ANSI C prototypes.
1449
1450        * Made uidswap error message a debug() to avoid confusing errors
1451          on AIX (AIX geteuid is brain-damaged and fails even for root).
1452
1453        * Fixed an error in sshd.8 (FacistLogging -> FascistLogging).
1454
1455        * Fixed distribution in Makefile.in (missing manual page .in files).
1456
1457Sat Sep 30 17:38:46 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1458
1459        * auth-rhosts.c: Fixed serious security problem in
1460          /etc/hosts.equiv authentication.
1461
1462Fri Sep 29 00:41:02 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1463
1464        * Include machine/endian.h on Paragon.
1465
1466        * ssh-add.c (add_file): Made ssh-add keep asking for the
1467          passphrase until the user just types return or cancels.
1468          Make the dialog display the comment of the key.
1469
1470        * Read use shosts.equiv in addition to /etc/hosts.equiv.
1471
1472        * sshd.8 is now sshd.8.in and is processed by configure to
1473          substitute the proper paths for various files.  Ditto for ssh.1.
1474          Ditto for make-ssh-known-hosts.1.
1475       
1476        * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid.  PIDDIR
1477          will be /var/run if it exists, and ETCDIR otherwise.
1478
1479Thu Sep 28 21:52:42 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1480
1481        * On Ultrix, check if sys/syslog.h needs to be included in
1482          addition to syslog.h.
1483
1484        * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX.
1485
1486        * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS.
1487
1488        * Fixed case-insensitivity in auth-rhosts.c.
1489
1490        * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus
1491          other SCO fixes.
1492
1493        * Makefile.in: Fixed missing install_prefixes.
1494
1495Wed Sep 27 03:57:00 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1496
1497        * ssh-1.2.9.
1498
1499        * Added SOCKS support.
1500
1501        * Fixed default setting of IgnoreRhosts option.
1502
1503        * Pass the magic cookie to xauth in stdin instead of command line;
1504          the command line is visible in ps.
1505
1506        * Added processing $HOME/.ssh/rc and /etc/sshrc.
1507
1508        * Added a section to sshd.8 on what happens at login time.
1509
1510Tue Sep 26 01:27:40 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1511
1512        * Don't define speed_t on SunOS 4.1.1; it conflicts with system
1513          headers.
1514
1515        * Added support for .hushlogin.
1516
1517        * Added --with-etcdir.
1518
1519        * Read $HOME/.environment after /etc/environment.
1520
1521Mon Sep 25 03:26:06 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1522
1523        * Merged patches for SCO Unix (from Michael Henits).
1524
1525Sun Sep 24 22:28:02 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1526
1527        * Added ssh option ConnectionAttempts.
1528
1529Sat Sep 23 12:30:15 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1530
1531        * sshd.c: Don't print last login time and /etc/motd if a command
1532          has been specified (with ssh -t host command).
1533
1534        * Added support for passing the screen number in X11 forwarding.
1535          It is implemented as a compatible protocol extension, signalled
1536          by SSH_PROTOFLAG_SCREEN_NUMBER by the child.
1537
1538        * clientloop.c: Fixed bugs in the order in which things were
1539          processed.  This may solve problems with some data not getting
1540          sent to the server as soon as possible (probably solves the TCP
1541          forwarding delayed close problem).  Also, it looked like window
1542          changes might not get transmitted as early as possible in some
1543          cases.
1544       
1545        * clientloop.c: Changed to detect window size change that
1546          happened while ssh was suspended.
1547
1548        * ssh.c: Moved the do_session function (client main loop) to
1549          clientloop.c.  Divided it into smaller functions.  General cleanup.
1550
1551        * ssh-1.2.8
1552
1553Fri Sep 22 22:07:46 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1554
1555        * sshconnect.c (ssh_login): Made ssh_login take the options
1556          structure as argument, instead of the individual arguments.
1557
1558        * auth-rhosts.c (check_rhosts_file): Added support for netgroups.
1559       
1560        * auth-rhosts.c (check_rhosts_file): Added support for negated
1561          entries.
1562
1563Thu Sep 21 00:07:56 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1564
1565        * auth-rhosts.c: Restructured rhosts authentication code.
1566          Hosts.equiv now has same format as .rhosts: user names are allowed.
1567
1568        * Added support for the Intel Paragon.
1569
1570        * sshd.c: Don't use X11 forwarding with spoofing if no xauth
1571          program.  Changed configure.in to not define XAUTH_PATH if
1572          there is no xauth program.
1573
1574        * ssh-1.2.7
1575
1576        * sshd.c: Rewrote the code to build the environment.  Now also reads
1577          /etc/environment.
1578
1579        * sshd.c: Fixed problems in libwrap code.  --with-libwrap now
1580          takes optional library name/path.
1581
1582        * ssh-1.2.6
1583
1584        * Define USE_PIPES by default.
1585
1586        * Added support for Univel Unixware and MachTen.
1587       
1588        * Added IgnoreRhosts server option.
1589
1590        * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen.
1591
1592Wed Sep 20 02:41:02 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1593
1594        * sshd.c (do_child): don't call packet_close when /etc/nologin,
1595          because packet_close does shutdown, and the message does not get
1596          sent.
1597
1598        * pty.c (pty_allocate): Push ttcompat streams module.
1599
1600        * randoms.c (random_acquire_light_environmental_noise): Don't use
1601          the second argument to gettimeofday as it is not supported on
1602          all systems.
1603
1604        * login.c (record_login): Added NULL second argument to gettimeofday.
1605
1606Tue Sep 19 13:25:48 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1607
1608        * fixed pclose wait() in sshd key regeneration (now only collects
1609          easily available noise).
1610
1611        * configure.in: test for bsdi before bsd*.
1612
1613        * ssh.c: Don't print "Connection closed" if -q.
1614
1615Wed Sep 13 04:19:52 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1616
1617        * Released ssh-1.2.5.
1618
1619        * Hopefully fixed "Waiting for forwarded connections to terminate"
1620          message.
1621
1622        * randoms.c, md5.c: Large modifications to make these work on Cray
1623          (which has no 32 bit integer type).
1624
1625        * Fixed a problem with forwarded connection closes not being
1626          reported immediately.
1627
1628        * ssh.c: fixed rhosts authentication (broken by uid-swapping).
1629
1630        * scp.c: Don't use -l if server user not specified (it made
1631          setting User in the configuration file not work).
1632
1633        * configure.in: don't use -pipe on BSDI.
1634
1635        * randoms.c: Major modifications to make it work without 32 bit
1636          integers (e.g. Cray).
1637
1638        * md5.c: Major modifications to make it work without 32 bit
1639          integers (e.g. Cray).
1640
1641        * Eliminated HPSUX_BROKEN_PTYS.  The code is now enabled by
1642          default on all systems.
1643
1644Mon Sep 11 00:53:12 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1645
1646        * sshd.c: don't include sshd pathname in log messages.
1647
1648        * Added libwrap stuff (includes support for identd).
1649
1650        * Added OSF/1 C2 extended security stuff.
1651
1652        * Fixed interactions between getuid() and uid-swap stuff.
1653
1654Sun Sep 10 00:29:27 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1655
1656        * serverloop.c: Don't send stdout data to client until after a few
1657          milliseconds if there is very little data.  This is because some
1658          systems give data from pty one character at a time, which would
1659          multiply data size by about 16.
1660
1661        * serverloop.c: Moved server do_session to a separate file and
1662          renamed it server_loop.  Split it into several functions and
1663          partially rewrote it.  Fixed "cat /etc/termcap | ssh foo cat" hangup.
1664
1665        * Screwed up something while checking stuff in under cvs.  No harm,
1666          but bogus log entries...
1667
1668Sat Sep  9 02:24:51 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1669
1670        * minfd.c (_get_permanent_fd): Use SHELL environment variable.
1671
1672        * channels.c (x11_create_display_inet): Created
1673          HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the
1674          IP address of the host instead of the name, because HPSUX uses
1675          some magic shared memory communication for local connections.
1676
1677        * Changed SIGHUP processing in server; it should now work multiple
1678          times.
1679
1680        * Added length limits in many debug/log/error/fatal calls just in
1681          case.
1682
1683        * login.c (get_last_login_time): Fixed location of lastlog.
1684
1685        * Rewrote all uid-swapping code.  New files uidswap.h, uidswap.c.
1686
1687        * Fixed several security problems involving chmod and chgrp (race
1688          conditions).  Added warnings about dubious modes for /tmp/.X11-unix.
1689
1690Fri Sep  8 20:03:36 1995  Tatu Ylonen  <ylo@shadows.cs.hut.fi>
1691
1692        * Changed readconf.c to never display anything from the config
1693          file.  This should now be prevented otherwise, but let's play safe.
1694
1695        * log-server.c: Use %.500s in syslog() just to be sure (they
1696          should already be shorter than 1024 though).
1697
1698        * sshd.c: Moved setuid in child a little earlier (just to be
1699          conservative, there was no security problem that I could detect).
1700
1701        * README, INSTALL: Added info about mailing list and WWW page.
1702
1703        * sshd.c: Added code to use SIGCHLD and wait zombies immediately.
1704
1705        * Merged patch to set ut_addr in utmp.
1706
1707        * Created ChangeLog and added it to Makefile.in.
1708
1709        * Use read_passphrase instead of getpass().
1710
1711        * Added SSH_FALLBACK_CIPHER.  Fixed a bug in default cipher
1712          selection (IDEA used to be selected even if not supported by the
1713          server).
1714
1715        * Use no encryption for key files if empty passphrase.
1716
1717        * Added section about --without-idea in INSTALL.
1718
1719        * Version 1.2.0 was released a couple of days ago.
1720
Note: See TracBrowser for help on using the repository browser.