forked from arichardson/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog
656 lines (613 loc) · 25.6 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
20020515
- (bal) CVS ID fix up on auth-passwd.c
- (bal) OpenBSD CVS Sync
- [email protected] 2002/05/07 19:54:36
[ssh.h]
use ssh uid
- [email protected] 2002/05/08 21:06:34
[ssh.h]
move to sshd.sshd instead
- [email protected] 2002/05/11 20:24:48
[ssh.h]
typo in comment
- [email protected] 2002/05/13 02:37:39
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
- [email protected] 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
- [email protected] 2002/05/13 15:53:19
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
- [email protected] 2002/05/13 21:26:49
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
- [email protected] 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- [email protected] 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
- [email protected] 2002/05/06 23:34:33
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
- [email protected] 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
- (bal) Fixed up PAM case. I think.
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
- (bal) OpenBSD CVS Sync
- [email protected] 2002/05/15 21:05:29
[version.h]
enter OpenSSH_3.2.2
- (bal) Caldara, Suse, and Redhat openssh.specs updated.
20020514
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
- (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <[email protected]>
- (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
- (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
from PAM-enabled pragraph. UnixWare has no PAM.
- (tim) [contrib/caldera/openssh.spec] update version.
20020513
- (stevesk) add initial README.privsep
- (stevesk) [configure.ac] nicer message: --with-privsep-user=user
- (djm) Add --with-superuser-path=xxx configure option to specify
what $PATH the superuser receives.
- (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
- (djm) Add --with-privsep-path configure option
- (djm) Update RPM spec file: different superuser path, use
/var/empty/sshd for privsep
- (djm) Bug #234: missing readpassphrase declaration and defines
- (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
OpenSSL < 0.9.6
20020511
- (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....
- (tim) [monitor_fdpass.c] fix for systems that have both
HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
has #define msg_accrights msg_control
20020510
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire. Still don't check for inactive.
- (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <[email protected]> and patches from
Pekka Savola <[email protected]>
- (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
- (bal) Back all the way out of auth-passwd.c changes. Breaks too many
things that don't set pw->pw_passwd.
20020509
- (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
20020508
- (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
called. Report by Chris Maxwell <[email protected]>
- (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
20020507
- (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
Add truncate() emulation to address Bug 208
20020506
- (djm) Unbreak auth-passwd.c for PAM and SIA
- (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
- (djm) Don't reinitialise PAM credentials before we have started PAM.
Report from Pekka Savola <[email protected]>
20020506
- (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
20020501
- (djm) Import OpenBSD regression tests. Requires BSD make to run
- (djm) Fix readpassphase compilation for systems which have it
20020429
- (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
sshd_config.
- (tim) [contrib/cygwin/README] remove reference to regex.
patch from Corinna Vinschen <[email protected]>
20020426
- (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
during distprep only
- (djm) Disable PAM password expiry until a complete fix for bug #188
exists
- (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
patch from [email protected]
20020425
- (stevesk) [defines.h] remove USE_TIMEVAL; unused
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
support. bug #184. most from [email protected].
20020424
- (djm) OpenBSD CVS Sync
- [email protected] 2002/04/23 12:54:10
[version.h]
3.2.1
- [email protected] 2002/04/23 22:16:29
[sshd.c]
Improve error message; ok markus@ stevesk@
20020423
- (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
- (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
- (markus) OpenBSD CVS Sync
- [email protected] 2002/04/23 12:58:26
[radix.c]
send complete ticket; [email protected]
- (djm) Trim ChangeLog to include only post-3.1 changes
- (djm) Update RPM spec file versions
- (djm) Redhat spec enables KrbV by default
- (djm) Applied OpenSC smartcard updates from Markus &
Antti Tapaninen <[email protected]>
- (djm) Define BROKEN_REALPATH for AIX, patch from
Antti Tapaninen <[email protected]>
- (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
Kevin Taylor <[email protected]> (??) via Philipp Grau
- (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
Reported by Doug Manton <[email protected]>
- (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
Robert Urban <[email protected]>
- (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
- (djm) Make privsep work with PAM (still experimental)
- (djm) OpenBSD CVS Sync
- [email protected] 2002/04/20 09:02:03
[servconf.c]
No, afs requires explicit enabling
- [email protected] 2002/04/20 09:14:58
[bufaux.c bufaux.h]
add buffer_{get,put}_short
- [email protected] 2002/04/20 09:17:19
[radix.c]
rewrite using the buffer_* API, fixes overflow; ok deraadt@
- [email protected] 2002/04/21 16:19:27
[sshd.8 sshd_config]
document default AFSTokenPassing no; ok deraadt@
- [email protected] 2002/04/21 16:25:06
[sshconnect1.c]
spelling in error message; ok markus@
- [email protected] 2002/04/22 06:15:47
[radix.c]
fix check for overflow
- [email protected] 2002/04/22 16:16:53
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
- [email protected] 2002/04/22 21:04:52
[channels.c clientloop.c clientloop.h ssh.c]
request reply (success/failure) for -R style fwd in protocol v2,
depends on ordered replies.
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
20020421
- (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
succeed. Patch by [email protected]. This fixes one part of Bug 208
20020418
- (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
Sturle Sunde <[email protected]>
20020417
- (djm) Tell users to configure /dev/random support into OpenSSL in
INSTALL
- (djm) Fix .Nm in mdoc2man.pl from [email protected]
- (tim) [configure.ac] Issue warning on --with-default-path=/some_path
if LOGIN_CAP is enabled. Report & testing by Tuc <[email protected]>
20020415
- (djm) Unbreak "make install". Fix from Darren Tucker
- (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
- (tim) [configure.ac] add tests for recvmsg and sendmsg.
[monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
20020414
- (djm) ssh-rand-helper improvements
- Add commandline debugging options
- Don't write binary data if stdout is a tty (use hex instead)
- Give it a manpage
- (djm) Random number collection doc fixes from Ben
20020413
- (djm) Add KrbV support patch from Simon Wilkinson <[email protected]>
20020412
- (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
- (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
to -h on testing for /bin being symbolic link
- (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
Corinna Vinschen <[email protected]>
- (bal) disable privsep if no MAP_ANON. We can re-enable it
after the release when we can do more testing.
20020411
- (stevesk) [auth-sia.c] cleanup
- (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
ok stevesk@
20020410
- (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
- (stevesk) [auth-sia.c] compile fix Chris Adams <[email protected]>
- (bal) OpenBSD CVS Sync
- [email protected] 2002/04/10 08:21:47
[auth1.c compat.c compat.h]
strip '@' from username only for KerbV and known broken clients,
bug #204
- [email protected] 2002/04/10 08:56:01
[version.h]
OpenSSH_3.2
- Added p1 to idenify Portable release version.
20020408
- (bal) Minor OpenSC updates. Fix up header locations and update
README.smartcard provided by Juha Yrjölä <[email protected]>
20020407
- (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
Future: we may want to test if fd passing works correctly.
- (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
and no fd passing support.
- (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
monitor_mm.c
- (stevesk) remove configure support for poll.h; it was removed
from sshd.c a long time ago.
- (stevesk) --with-privsep-user; default sshd
- (stevesk) wrap munmap() with HAVE_MMAP also.
20020406
- (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
- (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
- (bal) OpenBSD CVS Sync
- [email protected] 2002/04/06 00:30:08
[sftp-client.c]
Fix occasional corruption on upload due to bad reuse of request
id, spotted by [email protected]; ok markus@
- [email protected] 2002/04/06 18:24:09
[scp.c]
Fixes potental double // within path.
http://bugzilla.mindrot.org/show_bug.cgi?id=76
- (bal) Slight update to OpenSC support. Better version checking. patch
by Juha Yrjölä <[email protected]>
- (bal) Revered out of runtime IRIX detection of joblimits. Code is
incomplete.
- (bal) Quiet down configure.ac if /bin/test does not exist.
- (bal) We no longer use atexit()/xatexit()/on_exit()
20020405
- (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
Juha Yrjölä <[email protected]>
- (bal) Minor documentation update to reflect smartcard library
support changes.
- (bal) Too many <sys/queue.h> issues. Remove all workarounds and
using internal version only.
- (bal) OpenBSD CVS Sync
- [email protected] 2002/04/05 20:56:21
[sshd.8]
clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
20020404
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
- (bal) OpenBSD CVS Sync
- [email protected] 2002/04/03 09:26:11
[cipher.c myproposal.h]
re-add [email protected] for MacSSH; [email protected]
20020402
- (bal) Hand Sync of scp.c (reverted to upstream code)
- [email protected] 2002/03/30 17:45:46
[scp.c]
stretch banners
- (bal) CVS ID sync of uidswap.c
- (bal) OpenBSD CVS Sync (now for the real sync)
- [email protected] 2002/03/27 22:21:45
[ssh-keygen.c]
try to import keys with extra trailing === (seen with ssh.com <
2.0.12)
- [email protected] 2002/03/28 15:34:51
[session.c]
do not call record_login twice (for use_privsep)
- [email protected] 2002/03/29 18:59:32
[session.c session.h]
retrieve last login time before the pty is allocated, store per
session
- [email protected] 2002/03/29 19:16:22
[sshd.8]
RSA key modulus size minimum 768; ok markus@
- [email protected] 2002/03/29 19:18:33
[auth-rsa.c ssh-rsa.c ssh.h]
make RSA modulus minimum #define; ok markus@
- [email protected] 2002/03/30 18:51:15
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from [email protected]
- [email protected] 2002/04/01 22:02:16
[sftp-client.c]
20480 is an upper limit for older server
- [email protected] 2002/04/01 22:07:17
[sftp-client.c]
fallback to stat if server does not support lstat
- [email protected] 2002/04/02 11:49:39
[ssh-agent.c]
check $SHELL for -k and -d, too;
http://bugzilla.mindrot.org/show_bug.cgi?id=199
- [email protected] 2002/04/02 17:37:48
[sftp.c]
always call log_init()
- [email protected] 2002/04/02 20:11:38
[ssh-rsa.c]
ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
- (bal) mispelling in uidswap.c (portable only)
20020401
- (stevesk) [monitor.c] PAM should work again; will *not* work with
UsePrivilegeSeparation=yes.
- (stevesk) [auth1.c] fix password auth for protocol 1 when
!USE_PAM && !HAVE_OSF_SIA; merge issue.
20020331
- (tim) [configure.ac] use /bin/test -L to work around broken builtin on
Solaris 8
- (tim) [sshconnect2.c] change uint32_t to u_int32_t
20020330
- (stevesk) [configure.ac] remove header check for sys/ttcompat.h
bug 167
20020327
- (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
- (bal) OpenBSD CVS Sync
- [email protected] 2002/03/26 11:34:49
[ssh.1 sshd.8]
update to recent drafts
- [email protected] 2002/03/26 11:37:05
[ssh.c]
update Copyright
- [email protected] 2002/03/26 15:23:40
[bufaux.c]
do not talk about packets in bufaux
- [email protected] 2002/03/26 18:46:59
[scard.c]
try_AUT0 in read_pubkey too, for those paranoid few who want to
acl 'sh'
- [email protected] 2002/03/26 22:50:39
[channels.h]
CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
- [email protected] 2002/03/26 23:13:03
[auth-rsa.c]
disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
- [email protected] 2002/03/26 23:14:51
[kex.c]
generate a new cookie for each SSH2_MSG_KEXINIT message we send out
- [email protected] 2002/03/27 11:45:42
[monitor.c]
monitor_allowed_key() returns int instead of pointer. ok markus@
20020325
- (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
- (bal) OpenBSD CVS Sync
- [email protected] 2002/03/23 20:57:26
[sshd.c]
setproctitle() after preauth child; ok markus@
- [email protected] 2002/03/24 16:00:27
[serverloop.c]
remove unused debug
- [email protected] 2002/03/24 16:01:13
[packet.c]
debug->debug3 for extra padding
- [email protected] 2002/03/24 17:27:03
[kexgex.c]
typo; ok markus@
- [email protected] 2002/03/24 17:53:16
[monitor_fdpass.c]
minor cleanup and more error checking; ok markus@
- [email protected] 2002/03/24 18:05:29
[scard.c]
we need to figure out AUT0 for sc_private_encrypt, too
- [email protected] 2002/03/24 23:20:00
[monitor.c]
remove "\n" from fatal()
- [email protected] 2002/03/25 09:21:13
[auth-rsa.c]
return 0 (not NULL); [email protected]
- [email protected] 2002/03/25 09:25:06
[auth-rh-rsa.c]
rm bogus comment
- [email protected] 2002/03/25 17:34:27
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
- [email protected] 2002/03/25 20:12:10
[monitor_mm.c monitor_wrap.c]
ssize_t args use "%ld" and cast to (long)
size_t args use "%lu" and cast to (u_long)
ok markus@ and thanks millert@
- [email protected] 2002/03/25 21:04:02
[ssh.c]
simplify num_identity_files handling
- [email protected] 2002/03/25 21:13:51
[channels.c channels.h compat.c compat.h nchan.c]
don't send stderr data after EOF, accept this from older known
(broken) sshd servers only, fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=179
- [email protected] 2002/03/26 03:24:01
[monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
$OpenBSD$
20020324
- (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
it can be removed. only used on solaris. will no longer compile with
privsep shuffling.
20020322
- (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
- (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
- (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
- (stevesk) [monitor_fdpass.c] support for access rights style file
descriptor passing
- (stevesk) [auth2.c] merge cleanup/sync
- (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
is missing CMSG_LEN() and CMSG_SPACE() macros.
- (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
platforms may need this--I'm not sure. mmap() issues will need to be
addressed further.
- (tim) [cipher.c] fix problem with OpenBSD sync
- (stevesk) [LICENCE] OpenBSD sync
20020321
- (bal) OpenBSD CVS Sync
- [email protected] 2002/03/08 06:10:16
[sftp-client.c]
printf type mismatch
- [email protected] 2002/03/11 03:18:49
[sftp-client.c]
correct type mismatches (u_int64_t != unsigned long long)
- [email protected] 2002/03/11 03:19:53
[sftp-client.c]
indent
- [email protected] 2002/03/14 15:24:27
[sshconnect1.c]
don't trust size sent by (rogue) server; noted by
- [email protected] 2002/03/14 16:38:26
[sshd.c]
split out ssh1 session key decryption; ok provos@
- [email protected] 2002/03/14 16:56:33
[auth-rh-rsa.c auth-rsa.c auth.h]
split auth_rsa() for better readability and privsep; ok provos@
- [email protected] 2002/03/15 11:00:38
[auth.c]
fix file type checking (use S_ISREG). ok by markus
- [email protected] 2002/03/16 11:24:53
[compress.c]
skip inflateEnd if inflate fails; ok provos@
- [email protected] 2002/03/16 17:22:09
[auth-rh-rsa.c auth.h]
split auth_rhosts_rsa(), ok provos@
- [email protected] 2002/03/16 17:41:25
[auth-krb5.c]
BSD license. from Daniel Kouril via Dug Song. ok markus@
- [email protected] 2002/03/17 20:25:56
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid;
okay markus@
- [email protected] 2002/03/18 01:12:14
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
- [email protected] 2002/03/18 01:30:10
[auth-krb4.c]
set client to NULL after xfree(), from Rolf Braun
- [email protected] 2002/03/18 03:41:08
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
- [email protected] 2002/03/18 17:13:15
[cipher.c cipher.h]
export/import cipher states; needed by ssh-privsep
- [email protected] 2002/03/18 17:16:38
[packet.c packet.h]
export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
- [email protected] 2002/03/18 17:23:31
[key.c key.h]
add key_demote() for ssh-privsep
- [email protected] 2002/03/18 17:25:29
[bufaux.c bufaux.h]
buffer_skip_string and extra sanity checking; needed by ssh-privsep
- [email protected] 2002/03/18 17:31:54
[compress.c]
export compression streams for ssh-privsep
- [email protected] 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
[auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
[kexgex.c servconf.c]
[session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default
for now. work done by me and markus@
- [email protected] 2002/03/18 17:53:08
[sshd.8]
credits for privsep
- [email protected] 2002/03/18 17:59:09
[sshd.8]
document UsePrivilegeSeparation
- [email protected] 2002/03/18 23:52:51
[servconf.c]
UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
provos@
- [email protected] 2002/03/19 03:03:43
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
- [email protected] 2002/03/19 05:23:08
[sshd.8]
Banner has no default.
- [email protected] 2002/03/19 06:32:56
[sftp-int.c]
use xfree() after xstrdup().
markus@ ok
- [email protected] 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
clean up prototypes
- [email protected] 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
[packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
[sshconnect2.c sshd.c ttymodes.c]
KNF whitespace
- [email protected] 2002/03/19 14:27:39
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
- [email protected] 2002/03/19 15:31:47
[auth.c]
check for NULL; from provos@
- [email protected] 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
- [email protected] 2002/03/20 21:08:08
[sshd.c]
strerror() on chdir() fail; ok provos@
- [email protected] 2002/03/21 10:21:20
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
- [email protected] 2002/03/21 15:17:26
[clientloop.c ssh.1]
add built-in command line for adding new port forwardings on the fly.
based on a patch from brian wellington. ok markus@.
- [email protected] 2002/03/21 16:38:06
[scard.c]
make compile w/ openssl 0.9.7
- [email protected] 2002/03/21 16:54:53
[scard.c scard.h ssh-keygen.c]
move key upload to scard.[ch]
- [email protected] 2002/03/21 16:57:15
[scard.c]
remove const
- [email protected] 2002/03/21 16:58:13
[clientloop.c]
remove unused
- [email protected] 2002/03/21 18:08:15
[scard.c]
In sc_put_key(), sc_reader_id should be id.
- [email protected] 2002/03/21 20:51:12
[sshd_config]
add privsep (off)
- [email protected] 2002/03/21 21:23:34
[sshd.c]
add privsep_preauth() and remove 1 goto; ok provos@
- [email protected] 2002/03/21 21:54:34
[scard.c scard.h ssh-keygen.c]
Add PIN-protection for secret key.
- [email protected] 2002/03/21 22:44:05
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
Add PIN-protection for secret key.
- [email protected] 2002/03/21 23:07:37
[clientloop.c]
remove unused, sync w/ cmdline patch in my tree.
20020317
- (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
wanted, warn if directory does not exist. Put system directories in
front of PATH for finding entorpy commands.
- (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
build fixes. Patch by Darren Tucker <[email protected]>
[contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
postinstall check for $piddir and add if necessary.
20020311
- (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
build on all platforms that support SVR4 style package tools. Now runs
from build dir. Parts are based on patches from Antonio Navarro, and
Darren Tucker.
20020308
- (djm) Revert bits of Markus' OpenSSL compat patch which was
accidentally committed.
- (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
Known issue: Blowfish for SSH1 does not work
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2134 2002/05/15 21:50:14 mouring Exp $