120021003 2 - (djm) OpenBSD CVS Sync 3 - markus@cvs.openbsd.org 2002/10/01 20:34:12 4 [ssh-agent.c] 5 allow root to access the agent, since there is no protection from root. 6 - markus@cvs.openbsd.org 2002/10/01 13:24:50 7 [version.h] 8 OpenSSH 3.5 9 - (djm) Bump RPM spec version numbers 10 - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2 11 1220020930 13 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, 14 tweak README 15 - (djm) OpenBSD CVS Sync 16 - mickey@cvs.openbsd.org 2002/09/27 10:42:09 17 [compat.c compat.h sshd.c] 18 add a generic match for a prober, such as sie big brother; 19 idea from stevesk@; markus@ ok 20 - stevesk@cvs.openbsd.org 2002/09/27 15:46:21 21 [ssh.1] 22 clarify compression level protocol 1 only; ok markus@ deraadt@ 23 2420020927 25 - (djm) OpenBSD CVS Sync 26 - markus@cvs.openbsd.org 2002/09/25 11:17:16 27 [sshd_config] 28 sync LoginGraceTime with default 29 - markus@cvs.openbsd.org 2002/09/25 15:19:02 30 [sshd.c] 31 typo; pilot@monkey.org 32 - markus@cvs.openbsd.org 2002/09/26 11:38:43 33 [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] 34 [monitor_wrap.h] 35 krb4 + privsep; ok dugsong@, deraadt@ 36 3720020925 38 - (bal) Fix issue where successfull login does not clear failure counts 39 in AIX. Patch by dtucker@zip.com.au ok by djm 40 - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. 41 This does not include the deattack.c fixes. 42 4320020923 44 - (djm) OpenBSD CVS Sync 45 - stevesk@cvs.openbsd.org 2002/09/23 20:46:27 46 [canohost.c] 47 change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for 48 non-sockets; fixes a problem passing NULL to snprintf(). ok markus@ 49 - markus@cvs.openbsd.org 2002/09/23 22:11:05 50 [monitor.c] 51 only call auth_krb5 if kerberos is enabled; ok deraadt@ 52 - markus@cvs.openbsd.org 2002/09/24 08:46:04 53 [monitor.c] 54 only call kerberos code for authctxt->valid 55 - todd@cvs.openbsd.org 2002/09/24 20:59:44 56 [sshd.8] 57 tweak the example $HOME/.ssh/rc script to not show on any cmdline the 58 sensitive data it handles. This fixes bug # 402 as reported by 59 kolya@mit.edu (Nickolai Zeldovich). 60 ok markus@ and stevesk@ 61 6220020923 63 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au 64 6520020922 66 - (djm) OpenBSD CVS Sync 67 - stevesk@cvs.openbsd.org 2002/09/19 14:53:14 68 [compat.c] 69 - markus@cvs.openbsd.org 2002/09/19 15:51:23 70 [ssh-add.c] 71 typo; cd@kalkatraz.de 72 - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 73 [serverloop.c] 74 log IP address also; ok markus@ 75 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29 76 [auth.c] 77 log illegal user here for missing privsep case (ssh2). 78 this is executed in the monitor. ok markus@ 79 8020020919 81 - (djm) OpenBSD CVS Sync 82 - stevesk@cvs.openbsd.org 2002/09/12 19:11:52 83 [ssh-agent.c] 84 %u for uid print; ok markus@ 85 - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 86 [session.c ssh.1] 87 add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ 88 - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 89 [channels.c sshconnect.c sshd.c] 90 remove use of SO_LINGER, it should not be needed. error check 91 SO_REUSEADDR. fixup comments. ok markus@ 92 - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 93 [session.c] 94 log when _PATH_NOLOGIN exists; ok markus@ 95 - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 96 [sshd_config.5] 97 more details on X11Forwarding security issues and threats; ok markus@ 98 - stevesk@cvs.openbsd.org 2002/09/16 22:03:13 99 [sshd.8] 100 reference moduli(5) in FILES /etc/moduli. 101 - itojun@cvs.openbsd.org 2002/09/17 07:47:02 102 [channels.c] 103 don't quit while creating X11 listening socket. 104 http://mail-index.netbsd.org/current-users/2002/09/16/0005.html 105 got from portable. markus ok 106 - djm@cvs.openbsd.org 2002/09/19 01:58:18 107 [ssh.c sshconnect.c] 108 bugzilla.mindrot.org #223 - ProxyCommands don't exit. 109 Patch from dtucker@zip.com.au; ok markus@ 110 11120020912 112 - (djm) Made GNOME askpass programs return non-zero if cancel button is 113 pressed. 114 - (djm) Added getpeereid() replacement. Properly implemented for systems 115 with SO_PEERCRED support. Faked for systems which lack it. 116 - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and 117 fake-queue.h to sys-tree.h and sys-queue.h 118 - (djm) OpenBSD CVS Sync 119 - markus@cvs.openbsd.org 2002/09/08 20:24:08 120 [hostfile.h] 121 no comma at end of enumerator list 122 - itojun@cvs.openbsd.org 2002/09/09 06:48:06 123 [auth1.c auth.h auth-krb5.c monitor.c monitor.h] 124 [monitor_wrap.c monitor_wrap.h] 125 kerberos support for privsep. confirmed to work by lha@stacken.kth.se 126 patch from markus 127 - markus@cvs.openbsd.org 2002/09/09 14:54:15 128 [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] 129 signed vs unsigned from -pedantic; ok henning@ 130 - markus@cvs.openbsd.org 2002/09/10 20:24:47 131 [ssh-agent.c] 132 check the euid of the connecting process with getpeereid(2); 133 ok provos deraadt stevesk 134 - stevesk@cvs.openbsd.org 2002/09/11 17:55:03 135 [ssh.1] 136 add agent and X11 forwarding warning text from ssh_config.5; ok markus@ 137 - stevesk@cvs.openbsd.org 2002/09/11 18:27:26 138 [authfd.c authfd.h ssh.c] 139 don't connect to agent to test for presence if we've previously 140 connected; ok markus@ 141 - djm@cvs.openbsd.org 2002/09/11 22:41:50 142 [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h] 143 [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c] 144 support for short/long listings and globbing in "ls"; ok markus@ 145 - djm@cvs.openbsd.org 2002/09/12 00:13:06 146 [sftp-int.c] 147 zap unused var introduced in last commit 148 14920020911 150 - (djm) Sync openbsd-compat with OpenBSD -current 151 15220020910 153 - (djm) Bug #365: Read /.ssh/environment properly under CygWin. 154 Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com> 155 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL. 156 Patch from Robert Halubek <rob@adso.com.pl> 157 15820020905 159 - (djm) OpenBSD CVS Sync 160 - stevesk@cvs.openbsd.org 2002/09/04 18:52:42 161 [servconf.c sshd.8 sshd_config.5] 162 default LoginGraceTime to 2m; 1m may be too short for slow systems. 163 ok markus@ 164 - (djm) Merge openssh-TODO.patch from Redhat (null) beta 165 - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from 166 Nalin Dahyabhai <nalin@redhat.com> 167 - (djm) Add support for building gtk2 password requestor from Redhat beta 168 16920020903 170 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt 171 - (djm) Fix Redhat RPM build dependancy test 172 - (djm) OpenBSD CVS Sync 173 - markus@cvs.openbsd.org 2002/08/12 10:46:35 174 [ssh-agent.c] 175 make ssh-agent setgid, disallow ptrace. 176 - espie@cvs.openbsd.org 2002/08/21 11:20:59 177 [sshd.8] 178 `RSA' updated to refer to `public key', where it matters. 179 okay markus@ 180 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06 181 [servconf.c sshd.8 sshd_config sshd_config.5] 182 change LoginGraceTime default to 1 minute; ok mouring@ markus@ 183 - stevesk@cvs.openbsd.org 2002/08/21 20:10:28 184 [ssh-agent.c] 185 raise listen backlog; ok markus@ 186 - stevesk@cvs.openbsd.org 2002/08/22 19:27:53 187 [ssh-agent.c] 188 use common close function; ok markus@ 189 - stevesk@cvs.openbsd.org 2002/08/22 19:38:42 190 [clientloop.c] 191 format with current EscapeChar; bugzilla #388 from wknox@mitre.org. 192 ok markus@ 193 - stevesk@cvs.openbsd.org 2002/08/22 20:57:19 194 [ssh-agent.c] 195 shutdown(SHUT_RDWR) not needed before close here; ok markus@ 196 - markus@cvs.openbsd.org 2002/08/22 21:33:58 197 [auth1.c auth2.c] 198 auth_root_allowed() is handled by the monitor in the privsep case, 199 so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325 200 - markus@cvs.openbsd.org 2002/08/22 21:45:41 201 [session.c] 202 send signal name (not signal number) in "exit-signal" message; noticed 203 by galb@vandyke.com 204 - stevesk@cvs.openbsd.org 2002/08/27 17:13:56 205 [ssh-rsa.c] 206 RSA_public_decrypt() returns -1 on error so len must be signed; 207 ok markus@ 208 - stevesk@cvs.openbsd.org 2002/08/27 17:18:40 209 [ssh_config.5] 210 some warning text for ForwardAgent and ForwardX11; ok markus@ 211 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 212 [monitor.c session.c sshlogin.c sshlogin.h] 213 pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> 214 NOTE: there are also p-specific parts to this patch. ok markus@ 215 - stevesk@cvs.openbsd.org 2002/08/29 16:02:54 216 [ssh.1 ssh.c] 217 deprecate -P as UsePrivilegedPort defaults to no now; ok markus@ 218 - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 219 [ssh_config.5] 220 more on UsePrivilegedPort and setuid root; ok markus@ 221 - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 222 [ssh.c] 223 shrink initial privilege bracket for setuid case; ok markus@ 224 - stevesk@cvs.openbsd.org 2002/08/29 22:54:10 225 [ssh_config.5 sshd_config.5] 226 state XAuthLocation is a full pathname 227 22820020820 229 - OpenBSD CVS Sync 230 - millert@cvs.openbsd.org 2002/08/02 14:43:15 231 [monitor.c monitor_mm.c] 232 Change mm_zalloc() sanity checks to be more in line with what 233 we do in calloc() and add a check to monitor_mm.c. 234 OK provos@ and markus@ 235 - marc@cvs.openbsd.org 2002/08/02 16:00:07 236 [ssh.1 sshd.8] 237 note that .ssh/environment is only read when 238 allowed (PermitUserEnvironment in sshd_config). 239 OK markus@ 240 - markus@cvs.openbsd.org 2002/08/02 21:23:41 241 [ssh-rsa.c] 242 diff is u_int (2x); ok deraadt/provos 243 - markus@cvs.openbsd.org 2002/08/02 22:20:30 244 [ssh-rsa.c] 245 replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser 246 for authentication; ok deraadt/djm 247 - aaron@cvs.openbsd.org 2002/08/08 13:50:23 248 [sshconnect1.c] 249 Use & to test if bits are set, not &&; markus@ ok. 250 - stevesk@cvs.openbsd.org 2002/08/08 23:54:52 251 [auth.c] 252 typo in comment 253 - stevesk@cvs.openbsd.org 2002/08/09 17:21:42 254 [sshd_config.5] 255 use Op for mdoc conformance; from esr@golux.thyrsus.com 256 ok aaron@ 257 - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 258 [sshd_config.5] 259 proxy vs. fake display 260 - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 261 [ssh.1 sshd.8 sshd_config.5] 262 more PermitUserEnvironment; ok markus@ 263 - stevesk@cvs.openbsd.org 2002/08/17 23:07:14 264 [ssh.1] 265 ForwardAgent has defaulted to no for over 2 years; be more clear here. 266 - stevesk@cvs.openbsd.org 2002/08/17 23:55:01 267 [ssh_config.5] 268 ordered list here 269 - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign 270 it to ULONG_MAX. 271 27220020813 273 - (tim) [configure.ac] Display OpenSSL header/library version. 274 Patch by dtucker@zip.com.au 275 27620020731 277 - (bal) OpenBSD CVS Sync 278 - markus@cvs.openbsd.org 2002/07/24 16:11:18 279 [hostfile.c hostfile.h sshconnect.c] 280 print out all known keys for a host if we get a unknown host key, 281 see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 282 283 the ssharp mitm tool attacks users in a similar way, so i'd like to 284 pointed out again: 285 A MITM attack is always possible if the ssh client prints: 286 The authenticity of host 'bla' can't be established. 287 (protocol version 2 with pubkey authentication allows you to detect 288 MITM attacks) 289 - mouring@cvs.openbsd.org 2002/07/25 01:16:59 290 [sftp.c] 291 FallBackToRsh does not exist anywhere else. Remove it from here. 292 OK deraadt. 293 - markus@cvs.openbsd.org 2002/07/29 18:57:30 294 [sshconnect.c] 295 print file:line 296 - markus@cvs.openbsd.org 2002/07/30 17:03:55 297 [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] 298 add PermitUserEnvironment (off by default!); from dot@dotat.at; 299 ok provos, deraadt 300 30120020730 302 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de 303 30420020728 305 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar 306 - (stevesk) [CREDITS] solar 307 - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned 308 char arg. 309 31020020725 311 - (djm) Remove some cruft from INSTALL 312 - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/ 313 31420020723 315 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger. 316 - (bal) sync ID w/ ssh-agent.c 317 - (bal) OpenBSD Sync 318 - markus@cvs.openbsd.org 2002/07/19 15:43:33 319 [log.c log.h session.c sshd.c] 320 remove fatal cleanups after fork; based on discussions with and code 321 from solar. 322 - stevesk@cvs.openbsd.org 2002/07/19 17:42:40 323 [ssh.c] 324 display a warning from ssh when XAuthLocation does not exist or xauth 325 returned no authentication data. ok markus@ 326 - stevesk@cvs.openbsd.org 2002/07/21 18:32:20 327 [auth-options.c] 328 unneeded includes 329 - stevesk@cvs.openbsd.org 2002/07/21 18:34:43 330 [auth-options.h] 331 remove invalid comment 332 - markus@cvs.openbsd.org 2002/07/22 11:03:06 333 [session.c] 334 fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors; 335 - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 336 [monitor.c] 337 u_int here; ok provos@ 338 - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 339 [sshd.c] 340 utmp_len is unsigned; display error consistent with other options. 341 ok markus@ 342 - stevesk@cvs.openbsd.org 2002/07/15 17:15:31 343 [uidswap.c] 344 little more debugging; ok markus@ 345 34620020722 347 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk 348 - (stevesk) [xmmap.c] missing prototype for fatal() 349 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync 350 with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. 351 - (bal) [configure.ac] Missing ;; from cray patch. 352 - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines 353 into it's own header. 354 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be 355 freed by the caller; add free_pam_environment() and use it. 356 - (stevesk) [auth-pam.c] typo in comment 357 35820020721 359 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's 360 openssh-3.4p1-owl-password-changing.diff 361 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch; 362 PAM_NEW_AUTHTOK_REQD remains in #if 0 for now. 363 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch 364 warning on pam_conv struct conversation function. 365 - (stevesk) [auth-pam.h] license 366 - (stevesk) [auth-pam.h] unneeded include 367 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h 368 36920020720 370 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). 371 37220020719 373 - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed. 374 Patch by dtucker@zip.com.au 375 - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au 376 37720020718 378 - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org 379 - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported 380 by ayamura@ayamura.org 381 - (tim) [configure.ac] Bug 267 rework int64_t test. 382 - (tim) [includes.h] Bug 267 add stdint.h 383 38420020717 385 - (bal) aixbff package updated by dtucker@zip.com.au 386 - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests 387 for autoconf 2.53. Based on a patch by jrj@purdue.edu 388 38920020716 390 - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found 391 39220020715 393 - (bal) OpenBSD CVS Sync 394 - itojun@cvs.openbsd.org 2002/07/12 13:29:09 395 [sshconnect.c] 396 print connect failure during debugging mode. 397 - markus@cvs.openbsd.org 2002/07/12 15:50:17 398 [cipher.c] 399 EVP_CIPH_CUSTOM_IV for our own rijndael 400 - (bal) Remove unused tty defined in do_setusercontext() pointed out by 401 dtucker@zip.com.au plus a a more KNF since I am near it. 402 - (bal) Privsep user creation support in Solaris buildpkg.sh by 403 dtucker@zip.com.au 404 40520020714 406 - (tim) [Makefile.in] replace "id sshd" with "sshd -t" 407 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c 408 openbsd-compat/Makefile.in] support compression on platforms that 409 have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c 410 Based on patch from nalin@redhat.com of code extracted from Owl's package 411 - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris. 412 report by chris@by-design.net 413 - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net 414 - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin() 415 report by rodney@bond.net 416 41720020712 418 - (tim) [Makefile.in] quiet down install-files: and check-user: 419 - (tim) [configure.ac] remove unused filepriv line 420 42120020710 422 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions 423 on /var/empty to 755 Patch by vinschen@redhat.com 424 - (bal) OpenBSD CVS Sync 425 - itojun@cvs.openbsd.org 2002/07/09 11:56:50 426 [sshconnect.c] 427 silently try next address on connect(2). markus ok 428 - itojun@cvs.openbsd.org 2002/07/09 11:56:27 429 [canohost.c] 430 suppress log on reverse lookup failiure, as there's no real value in 431 doing so. 432 markus ok 433 - itojun@cvs.openbsd.org 2002/07/09 12:04:02 434 [sshconnect.c] 435 ed static function (less warnings) 436 - stevesk@cvs.openbsd.org 2002/07/09 17:46:25 437 [sshd_config.5] 438 clarify no preference ordering in protocol list; ok markus@ 439 - itojun@cvs.openbsd.org 2002/07/10 10:28:15 440 [sshconnect.c] 441 bark if all connection attempt fails. 442 - deraadt@cvs.openbsd.org 2002/07/10 17:53:54 443 [rijndael.c] 444 use right sizeof in memcpy; markus ok 445 44620020709 447 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms 448 lacking that concept can share it. Patch by vinschen@redhat.com 449 45020020708 451 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to 452 work in a jumpstart environment. patch by kbrint@rufus.net 453 - (tim) [Makefile.in] workaround for broken pakadd on some systems. 454 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for 455 --with-privsep-path= 456 45720020707 458 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH) 459 - (tim) [acconfig.h configure.ac sshd.c] 460 s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ 461 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes 462 patch from vinschen@redhat.com 463 - (bal) [realpath.c] Updated with OpenBSD tree. 464 - (bal) OpenBSD CVS Sync 465 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33 466 [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] 467 patch memory leaks; grendel@zeitbombe.org 468 - deraadt@cvs.openbsd.org 2002/07/04 08:12:15 469 [channels.c packet.c] 470 blah blah minor nothing as i read and re-read and re-read... 471 - markus@cvs.openbsd.org 2002/07/04 10:41:47 472 [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] 473 don't allocate, copy, and discard if there is not interested in the data; 474 ok deraadt@ 475 - deraadt@cvs.openbsd.org 2002/07/06 01:00:49 476 [log.c] 477 KNF 478 - deraadt@cvs.openbsd.org 2002/07/06 01:01:26 479 [ssh-keyscan.c] 480 KNF, realloc fix, and clean usage 481 - stevesk@cvs.openbsd.org 2002/07/06 17:47:58 482 [ssh-keyscan.c] 483 unused variable 484 - (bal) Minor KNF on ssh-keyscan.c 485 48620020705 487 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs. 488 Reported by Darren Tucker <dtucker@zip.com.au> 489 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction 490 from vinschen@redhat.com 491 49220020704 493 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the 494 faster data rate) Bug #124 495 - (bal) glob.c defines TILDE and AIX also defines it. #undef it first. 496 bug #265 497 - (bal) One too many nulls in ports-aix.c 498 49920020703 500 - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com 501 - (bal) minor correction to utimes() replacement. Patch by 502 onoe@sm.sony.co.jp 503 - OpenBSD CVS Sync 504 - markus@cvs.openbsd.org 2002/06/27 08:49:44 505 [dh.c ssh-keyscan.c sshconnect.c] 506 more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@ 507 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00 508 [monitor.c] 509 improve mm_zalloc check; markus ok 510 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47 511 [auth2-none.c monitor.c sftp-client.c] 512 use xfree() 513 - stevesk@cvs.openbsd.org 2002/06/27 19:49:08 514 [ssh-keyscan.c] 515 use convtime(); ok markus@ 516 - millert@cvs.openbsd.org 2002/06/28 01:49:31 517 [monitor_mm.c] 518 tree(3) wants an int return value for its compare functions and 519 the difference between two pointers is not an int. Just do the 520 safest thing and store the result in a long and then return 0, 521 -1, or 1 based on that result. 522 - deraadt@cvs.openbsd.org 2002/06/28 01:50:37 523 [monitor_wrap.c] 524 use ssize_t 525 - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 526 [sshd.c] 527 range check -u option at invocation 528 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 529 [sshd.c] 530 gidset[2] -> gidset[1]; markus ok 531 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 532 [auth2.c session.c sshd.c] 533 lint asks that we use names that do not overlap 534 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 535 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c 536 monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c 537 sshconnect2.c sshd.c] 538 minor KNF 539 - deraadt@cvs.openbsd.org 2002/07/01 16:15:25 540 [msg.c] 541 %u 542 - markus@cvs.openbsd.org 2002/07/01 19:48:46 543 [sshconnect2.c] 544 for compression=yes, we fallback to no-compression if the server does 545 not support compression, vice versa for compression=no. ok mouring@ 546 - markus@cvs.openbsd.org 2002/07/03 09:55:38 547 [ssh-keysign.c] 548 use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) 549 in order to avoid a possible Kocher timing attack pointed out by Charles 550 Hannum; ok provos@ 551 - markus@cvs.openbsd.org 2002/07/03 14:21:05 552 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] 553 re-enable ssh-keysign's sbit, but make ssh-keysign read 554 /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled 555 globally. based on discussions with deraadt, itojun and sommerfeld; 556 ok itojun@ 557 - (bal) Failed password attempts don't increment counter on AIX. Bug #145 558 - (bal) Missed Makefile.in change. keysign needs readconf.o 559 - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. 560 56120020702 562 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & 563 friends consistently. Spotted by Solar Designer <solar@openwall.com> 564 56520020629 566 - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style 567 clean up while I'm near it. 568 56920020628 570 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented 571 options should contain default value. from solar. 572 - (bal) Cygwin uid0 fix by vinschen@redhat.com 573 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise 574 have issues of our fixes not propogating right (ie bcopy instead of 575 memmove). OK tim 576 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported. 577 Bug #303 578 57920020627 580 - OpenBSD CVS Sync 581 - deraadt@cvs.openbsd.org 2002/06/26 14:49:36 582 [monitor.c] 583 correct %u 584 - deraadt@cvs.openbsd.org 2002/06/26 14:50:04 585 [monitor_fdpass.c] 586 use ssize_t for recvmsg() and sendmsg() return 587 - markus@cvs.openbsd.org 2002/06/26 14:51:33 588 [ssh-add.c] 589 fix exit code for -X/-x 590 - deraadt@cvs.openbsd.org 2002/06/26 15:00:32 591 [monitor_wrap.c] 592 more %u 593 - markus@cvs.openbsd.org 2002/06/26 22:27:32 594 [ssh-keysign.c] 595 bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu 596 59720020626 598 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM 599 - (bal) OpenBSD CVS Sync 600 - markus@cvs.openbsd.org 2002/06/23 21:34:07 601 [channels.c] 602 tcode is u_int 603 - markus@cvs.openbsd.org 2002/06/24 13:12:23 604 [ssh-agent.1] 605 the socket name contains ssh-agent's ppid; via mpech@ from form@ 606 - markus@cvs.openbsd.org 2002/06/24 14:33:27 607 [channels.c channels.h clientloop.c serverloop.c] 608 move channel counter to u_int 609 - markus@cvs.openbsd.org 2002/06/24 14:55:38 610 [authfile.c kex.c ssh-agent.c] 611 cat to (void) when output from buffer_get_X is ignored 612 - itojun@cvs.openbsd.org 2002/06/24 15:49:22 613 [msg.c] 614 printf type pedant 615 - deraadt@cvs.openbsd.org 2002/06/24 17:57:20 616 [sftp-server.c sshpty.c] 617 explicit (u_int) for uid and gid 618 - markus@cvs.openbsd.org 2002/06/25 16:22:42 619 [authfd.c] 620 unnecessary cast 621 - markus@cvs.openbsd.org 2002/06/25 18:51:04 622 [sshd.c] 623 lightweight do_setusercontext after chroot() 624 - (bal) Updated AIX package build. Patch by dtucker@zip.com.au 625 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8 626 - (bal) added back in error check for mmap(). I screwed up, Pointed 627 out by stevesk@ 628 - (tim) [README.privsep] UnixWare tip no longer needed. 629 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP, 630 but it all damned lies. 631 - (stevesk) [README.privsep] more for sshd pseudo-account. 632 - (tim) [contrib/caldera/openssh.spec] add support for privsep 633 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ 634 - (djm) OpenBSD CVS Sync 635 - markus@cvs.openbsd.org 2002/06/26 08:53:12 636 [bufaux.c] 637 limit size of BNs to 8KB; ok provos/deraadt 638 - markus@cvs.openbsd.org 2002/06/26 08:54:18 639 [buffer.c] 640 limit append to 1MB and buffers to 10MB 641 - markus@cvs.openbsd.org 2002/06/26 08:55:02 642 [channels.c] 643 limit # of channels to 10000 644 - markus@cvs.openbsd.org 2002/06/26 08:58:26 645 [session.c] 646 limit # of env vars to 1000; ok deraadt/djm 647 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 648 [monitor.c] 649 be careful in mm_zalloc 650 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 651 [session.c] 652 disclose less information from environment files; based on input 653 from djm, and dschultz@uclink.Berkeley.EDU 654 - markus@cvs.openbsd.org 2002/06/26 13:55:37 655 [auth2-chall.c] 656 make sure # of response matches # of queries, fixes int overflow; 657 from ISS 658 - markus@cvs.openbsd.org 2002/06/26 13:56:27 659 [version.h] 660 3.4 661 - (djm) Require krb5 devel for RPM build w/ KrbV 662 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai 663 <nalin@redhat.com> 664 - (djm) Update spec files for release 665 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS 666 - (djm) Release 3.4p1 667 - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in 668 by mistake 669 67020020625 671 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh 672 - (stevesk) [README.privsep] minor updates 673 - (djm) Create privsep directory and warn if privsep user is missing 674 during make install 675 - (bal) Started list of PrivSep issues in TODO 676 - (bal) if mmap() is substandard, don't allow compression on server side. 677 Post 'event' we will add more options. 678 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera 679 - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by 680 dtucker@zip.com.au 681 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus 682 for Cygwin, Cray, & SCO 683 68420020624 685 - OpenBSD CVS Sync 686 - deraadt@cvs.openbsd.org 2002/06/23 03:25:50 687 [tildexpand.c] 688 KNF 689 - deraadt@cvs.openbsd.org 2002/06/23 03:26:19 690 [cipher.c key.c] 691 KNF 692 - deraadt@cvs.openbsd.org 2002/06/23 03:30:58 693 [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c 694 sshpty.c] 695 various KNF and %d for unsigned 696 - deraadt@cvs.openbsd.org 2002/06/23 09:30:14 697 [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c 698 sftp.c] 699 bunch of u_int vs int stuff 700 - deraadt@cvs.openbsd.org 2002/06/23 09:39:55 701 [ssh-keygen.c] 702 u_int stuff 703 - deraadt@cvs.openbsd.org 2002/06/23 09:46:51 704 [bufaux.c servconf.c] 705 minor KNF. things the fingers do while you read 706 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52 707 [ssh-agent.c sshd.c] 708 some minor KNF and %u 709 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45 710 [session.c] 711 compression_level is u_int 712 - deraadt@cvs.openbsd.org 2002/06/23 21:06:13 713 [sshpty.c] 714 KNF 715 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41 716 [channels.c channels.h session.c session.h] 717 display, screen, row, col, xpixel, ypixel are u_int; markus ok 718 - deraadt@cvs.openbsd.org 2002/06/23 21:10:02 719 [packet.c] 720 packet_get_int() returns unsigned for reason & seqnr 721 - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col, 722 xpixel are u_int. 723 724 72520020623 726 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX. 727 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset. 728 - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au 729 - OpenBSD CVS Sync 730 - stevesk@cvs.openbsd.org 2002/06/22 02:00:29 731 [ssh.h] 732 correct comment 733 - stevesk@cvs.openbsd.org 2002/06/22 02:40:23 734 [ssh.1] 735 section 5 not 4 for ssh_config 736 - naddy@cvs.openbsd.org 2002/06/22 11:51:39 737 [ssh.1] 738 typo 739 - stevesk@cvs.openbsd.org 2002/06/22 16:32:54 740 [sshd.8] 741 add /var/empty in FILES section 742 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 743 [sshd.c] 744 check /var/empty owner mode; ok provos@ 745 - stevesk@cvs.openbsd.org 2002/06/22 16:41:57 746 [scp.1] 747 typo 748 - stevesk@cvs.openbsd.org 2002/06/22 16:45:29 749 [ssh-agent.1 sshd.8 sshd_config.5] 750 use process ID vs. pid/PID/process identifier 751 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27 752 [sshd.c] 753 don't call setsid() if debugging or run from inetd; no "Operation not 754 permitted" errors now; ok millert@ markus@ 755 - stevesk@cvs.openbsd.org 2002/06/22 23:09:51 756 [monitor.c] 757 save auth method before monitor_reset_key_state(); bugzilla bug #284; 758 ok provos@ 759 760$Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $ 761