/
ChangeLog
2495 lines (2321 loc) · 106 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
20050524
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
USE_POSIX_THREADS will now generate an error so we don't silently change
behaviour. ok djm@
20050524
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
"looks ok" dtucker@
20050512
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
hard link section. Bug 1038.
20050509
- (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
20050504
- (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
unix domain socket, so catch that too; from jakob@ ok dtucker@
20050503
- (dtucker) [canohost.c] normalise socket addresses returned by
get_remote_hostname(). This means that IPv4 addresses in log messages
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
addresses only for 4-in-6 mapped connections, regardless of whether
or not the machine is IPv6 enabled. ok djm@
20050425
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
existence of a process since it's more portable. Found by jbasney at
ncsa.uiuc.edu; ok tim@
- (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
will clean up anyway. From tim@
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
"make tests" works even if you're building on a filesystem that doesn't
support sockets. From deengert at anl.gov, ok djm@
20050424
- (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
1.2.1.2 or higher. With tim@, ok djm@
20050423
- (tim) [config.guess] Add support for OpenServer 6.
20050421
- (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
UseLogin is set as PAM is not used to establish credentials in that
case. Found by Michael Selvesteen, ok djm@
20050419
- (dtucker) [INSTALL] Reference README.privsep for the privilege separation
requirements. Pointed out by Bengt Svensson.
- (dtucker) [INSTALL] Put the s/key text and URL back together.
- (dtucker) [INSTALL] Fix s/key text too.
20050411
- (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
20050405
- (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
- (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
Tru64. Patch from cmadams at hiwaay.net.
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
20050403
- (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
[scp.c]
copy argv[] element instead of smashing the one that ps will see; ok otto
- djm@cvs.openbsd.org 2005/04/02 12:41:16
[scp.c]
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
build
- (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
will free as needed. ok tim@ djm@
20050331
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
[ssh_config.5]
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
- markus@cvs.openbsd.org 2005/03/16 21:17:39
[version.h]
4.1
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
[sshd_config.5]
typo;
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
message on some platforms. Patch from pete at seebeyond.com via djm.
- (dtucker) [monitor.c] Remaining part of fix for bug #1006.
20050329
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
interested in which is much faster in large (eg LDAP or NIS) environments.
Patch from dleonard at vintela.com.
20050321
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
with & ok tim@
- (dtucker) [configure.ac] Make configure error out if the user specifies
--with-libedit but the required libs can't be found, rather than silently
ignoring and continuing. ok tim@
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
20050317
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
Make --without-opensc work.
- (tim) [configure.ac] portability changes on test statements. Some shells
have problems with -a operator.
- (tim) [configure.ac] make some configure options a little more error proof.
- (tim) [configure.ac] remove trailing white space.
20050314
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
[readconf.c]
Check listen addresses for null, prevents xfree from dying during
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
readconf.c bufaux.c sftp.c]
spacing
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
[auth-options.c]
spacing
- markus@cvs.openbsd.org 2005/03/11 14:59:06
[ssh-keygen.c]
typo, missing \n; mpech
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
[ssh_config.5]
escape `.' at eol to avoid double spacing issues;
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
[ssh-keygen.1]
Correct description of -H (bz #997); ok markus@, punctuation jmc@
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
- markus@cvs.openbsd.org 2005/03/14 11:46:56
[buffer.c buffer.h channels.c]
limit input buffer size for channels; bugzilla #896; with and ok dtucker@
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
with a rpm -F
20050313
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
localized name of the local administrators group more reliable. From
vinschen at redhat.com.
20050312
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
output ends up in the client's output, causing regress failures. Found
by Corinna Vinschen.
20050309
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
so that regress tests behave. From Chris Adams.
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/03/07 23:41:54
[ssh.1 ssh_config.5]
more macro simplification;
- djm@cvs.openbsd.org 2005/03/08 23:49:48
[version.h]
OpenSSH 4.0
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update spec file versions
- (djm) [log.c] Fix dumb syntax error; ok dtucker@
- (djm) Release OpenSSH 4.0p1
20050307
- (dtucker) [configure.ac] Disable gettext search when configuring with
BSM audit support for the time being. ok djm@
- (dtucker) OpenBSD CVS Sync (regress/)
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
[Makefile sftp-glob.sh]
some globbing regress; prompted and ok djm@
- david@cvs.openbsd.org 2005/01/14 04:21:18
[Makefile test-exec.sh]
pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
Add optional capability to log output from regress commands; ok markus@
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
- djm@cvs.openbsd.org 2005/02/27 23:13:36
[login-timeout.sh]
avoid nameservice lookups in regress test; ok dtucker@
- djm@cvs.openbsd.org 2005/03/04 08:48:46
[Makefile envpass.sh]
regress test for SendEnv config parsing bug; ok dtucker@
- (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
- (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
20050306
- (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
when attempting to audit disconnect events. Reported by Phil Dibowitz.
- (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
events earlier, prevents mm_request_send errors reported by Matt Goebel.
20050305
- (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
from vinschen at redhat.com
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/03/02 11:45:01
[ssh.1]
missing word;
- djm@cvs.openbsd.org 2005/03/04 08:48:06
[readconf.c]
fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
20050302
- (djm) OpenBSD CVS sync:
- jmc@cvs.openbsd.org 2005/03/01 14:47:58
[ssh.1]
remove some unneccesary macros;
do not mark up punctuation;
- jmc@cvs.openbsd.org 2005/03/01 14:55:23
[ssh_config.5]
do not mark up punctuation;
whitespace;
- jmc@cvs.openbsd.org 2005/03/01 14:59:49
[sshd.8]
new sentence, new line;
whitespace;
- jmc@cvs.openbsd.org 2005/03/01 15:05:00
[ssh-keygen.1]
whitespace;
- jmc@cvs.openbsd.org 2005/03/01 15:47:14
[ssh-keyscan.1 ssh-keyscan.c]
sort options and sync usage();
- jmc@cvs.openbsd.org 2005/03/01 17:19:35
[scp.1 sftp.1]
add HashKnownHosts to -o list;
ok markus@
- jmc@cvs.openbsd.org 2005/03/01 17:22:06
[ssh.c]
sync usage() w/ man SYNOPSIS;
ok markus@
- jmc@cvs.openbsd.org 2005/03/01 17:32:19
[ssh-add.1]
sort options;
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
[ssh-keygen.1]
sort options (no attempt made at synopsis clean up though);
spelling (occurance -> occurrence);
use prompt before examples;
grammar;
- djm@cvs.openbsd.org 2005/03/02 01:00:06
[sshconnect.c]
fix addition of new hashed hostnames when CheckHostIP=yes;
found and ok dtucker@
- djm@cvs.openbsd.org 2005/03/02 01:27:41
[ssh-keygen.c]
ignore hostnames with metachars when hashing; ok deraadt@
- djm@cvs.openbsd.org 2005/03/02 02:21:07
[ssh.1]
bz#987: mention ForwardX11Trusted in ssh.1,
reported by andrew.benham AT thus.net; ok deraadt@
- (tim) [regress/agent-ptrace.sh] add another possible gdb error.
20050301
- (djm) OpenBSD CVS sync:
- otto@cvs.openbsd.org 2005/02/16 09:56:44
[ssh.c]
Better diagnostic if an identity file is not accesible. ok markus@ djm@
- djm@cvs.openbsd.org 2005/02/18 03:05:53
[canohost.c]
better error messages for getnameinfo failures; ok dtucker@
- djm@cvs.openbsd.org 2005/02/20 22:59:06
[sftp.c]
turn on ssh batch mode when in sftp batch mode, patch from
jdmossh AT nand.net;
ok markus@
- jmc@cvs.openbsd.org 2005/02/25 10:55:13
[sshd.8]
add /etc/motd and $HOME/.hushlogin to FILES;
from michael knudsen;
- djm@cvs.openbsd.org 2005/02/28 00:54:10
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
- djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
- djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
- djm@cvs.openbsd.org 2005/03/01 10:41:28
[ssh-keyscan.1 ssh-keyscan.c]
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
- djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
add tools for managing known_hosts files with hashed hostnames, including
hashing existing files and deleting hosts by name; ok markus@ deraadt@
20050226
- (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
more. Patch from vinschen at redhat.com.
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
binaries without the config files. Primarily useful for packaging.
Patch from phil at usc.edu. ok djm@
20050224
- (djm) [configure.ac] in_addr_t test needs sys/types.h too
20050222
- (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
vinschen at redhat.com.
20050220
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
- (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
unrelated platforms to be configured incorrectly.
20050216
- (djm) write seed to temporary file and atomically rename into place;
ok dtucker@
- (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
via mkstemp in some configurations. ok djm@
- (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
by the system headers.
- (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
Unix; prevents problems relating to the location of -lresolv in the
link order.
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
compiler warnings on AIX.
20050215
- (dtucker) [config.sh.in] Collect oslevel -r too.
- (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
- (dtucker) [loginrec.c] Add missing #include.
20050211
- (dtucker) [configure.ac] Tidy up configure --help output.
- (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
20050210
- (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
--disable-etc-default-login configure option.
20050209
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/01/28 09:45:53
[ssh_config]
Make it clear that the example entries in ssh_config are only some of the
commonly-used options and refer the user to ssh_config(5) for more
details; ok djm@
- jmc@cvs.openbsd.org 2005/01/28 15:05:43
[ssh_config.5]
grammar;
- jmc@cvs.openbsd.org 2005/01/28 18:14:09
[ssh_config.5]
wording;
ok markus@
- dtucker@cvs.openbsd.org 2005/01/30 11:18:08
[monitor.c]
Make code match intent; ok djm@
- dtucker@cvs.openbsd.org 2005/02/08 22:24:57
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
- (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
paths. ok djm@
- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
the username to be passed to the passwd command when changing expired
passwords. ok djm@
20050208
- (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me.
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
20050204
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
- (dtucker) [auth.c] Fix parens in audit log check.
20050202
- (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
- (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
Bug #974: Teach sshd to write failed login records to btmp for failed auth
attempts (currently only for password, kbdint and C/R, only on Linux and
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
hotmail.com, ok djm@
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and ok djm@
20050201
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
platforms syslog will revert to its default values. This may result in
messages from external libraries (eg libwrap) being sent to a different
facility.
- (dtucker) [sshd_config.5] Bug #701: remove warning about
keyboard-interactive since this is no longer the case.
20050124
- (dtucker) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
- dtucker@cvs.openbsd.org 2005/01/22 08:17:59
[auth.c]
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
DenyGroups. bz #909, ok djm@
- djm@cvs.openbsd.org 2005/01/23 10:18:12
[cipher.c]
config option "Ciphers" should be case-sensitive; ok dtucker@
- dtucker@cvs.openbsd.org 2005/01/24 10:22:06
[scp.c sftp.c]
Have scp and sftp wait for the spawned ssh to exit before they exit
themselves. This prevents ssh from being unable to restore terminal
modes (not normally a problem on OpenBSD but common with -Portable
on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
ok djm@ markus@
- dtucker@cvs.openbsd.org 2005/01/24 10:29:06
[moduli]
Import new moduli; requested by deraadt@ a week ago
- dtucker@cvs.openbsd.org 2005/01/24 11:47:13
[auth-passwd.c]
#if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
20050120
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/12/23 17:35:48
[session.c]
check for NULL; from mpech
- markus@cvs.openbsd.org 2004/12/23 17:38:07
[ssh-keygen.c]
leak; from mpech
- djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898: support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz; ok deraadt@
- markus@cvs.openbsd.org 2005/01/05 08:51:32
[sshconnect.c]
remove dead code, log connect() failures with level error, ok djm@
- jmc@cvs.openbsd.org 2005/01/08 00:41:19
[sshd_config.5]
`login'(n) -> `log in'(v);
- dtucker@cvs.openbsd.org 2005/01/17 03:25:46
[moduli.c]
Correct spelling: SCHNOOR->SCHNORR; ok djm@
- dtucker@cvs.openbsd.org 2005/01/17 22:48:39
[sshd.c]
Make debugging output continue after reexec; ok djm@
- dtucker@cvs.openbsd.org 2005/01/19 13:11:47
[auth-bsdauth.c auth2-chall.c]
Have keyboard-interactive code call the drivers even for responses for
invalid logins. This allows the drivers themselves to decide how to
handle them and prevent leaking information where possible. Existing
behaviour for bsdauth is maintained by checking authctxt->valid in the
bsdauth driver. Note that any third-party kbdint drivers will now need
to be able to handle responses for invalid logins. ok markus@
- djm@cvs.openbsd.org 2004/12/22 02:13:19
[cipher-ctr.c cipher.c]
remove fallback AES support for old OpenSSL, as OpenBSD has had it for
many years now; ok deraadt@
(Id sync only: Portable will continue to support older OpenSSLs)
- (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
existence via keyboard-interactive/pam, in conjunction with previous
auth2-chall.c change; with Colin Watson and djm.
- (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
bytes to prevent errors from login_init_entry() when the username is
exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
the list of available kbdint devices if UsePAM=no. ok djm@
20050118
- (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
"make survey" and "make send-survey". This will provide data on the
configure parameters, platform and platform features to the development
team, which will allow (among other things) better targetting of testing.
It's entirely voluntary and is off be default. ok djm@
- (dtucker) [survey.sh.in] Remove any blank lines from the output of
ccver-v and ccver-V.
20041220
- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
from prngd is enabled at compile time but fails at run time, eg because
prngd is not running. Note that if you have prngd running when OpenSSH is
built, OpenSSL will consider itself internally seeded and rand-helper won't
be built at all unless explicitly enabled via --with-rand-helper. ok djm@
- (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
on some wacky platforms (eg old AIXes), dd will refuse to create an output
file if it doesn't exist.
20041213
- (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
amarendra.godbole at ge com.
20041211
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/12/06 16:00:43
[bufaux.c]
use 0x00 not \0 since buf[] is a bignum
- fgsch@cvs.openbsd.org 2004/12/10 03:10:42
[sftp.c]
- fix globbed ls for paths the same lenght as the globbed path when
we have a unique matching.
- fix globbed ls in case of a directory when we have a unique matching.
- as a side effect, if the path does not exist error (used to silently
ignore).
- don't do extra do_lstat() if we only have one matching file.
djm@ ok
- dtucker@cvs.openbsd.org 2004/12/11 01:48:56
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
Fix debug call in error path of authorized_keys processing and fix related
warnings; ok djm@
20041208
- (tim) [configure.ac] Comment some non obvious platforms in the
target-specific case statement. Suggested and OK by dtucker@
20041207
- (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
20041206
- (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/11/25 22:22:14
[sftp-client.c sftp.c]
leak; from mpech
- jmc@cvs.openbsd.org 2004/11/29 00:05:17
[sftp.1]
missing full stop;
- djm@cvs.openbsd.org 2004/11/29 07:41:24
[sftp-client.h sftp.c]
Some small fixes from moritz@jodeit.org. ok deraadt@
- jaredy@cvs.openbsd.org 2004/12/05 23:55:07
[sftp.1]
- explain that patterns can be used as arguments in get/put/ls/etc
commands (prodded by Michael Knudsen)
- describe ls flags as a list
- other minor improvements
ok jmc, djm
- dtucker@cvs.openbsd.org 2004/12/06 11:41:03
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
Discard over-length authorized_keys entries rather than complaining when
they don't decode. bz #884, with & ok djm@
- (dtucker) OpenBSD CVS Sync (regress/)
- djm@cvs.openbsd.org 2004/06/26 06:16:07
[reexec.sh]
don't change the name of the copied sshd for the reexec fallback test,
makes life simpler for portable
- dtucker@cvs.openbsd.org 2004/07/08 12:59:35
[scp.sh]
Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@
- david@cvs.openbsd.org 2004/07/09 19:45:43
[Makefile]
add a missing CLEANFILES used in the re-exec test
- djm@cvs.openbsd.org 2004/10/08 02:01:50
[reexec.sh]
shrink and tidy; ok dtucker@
- djm@cvs.openbsd.org 2004/10/29 23:59:22
[Makefile added brokenkeys.sh]
regression test for handling of corrupt keys in authorized_keys file
- djm@cvs.openbsd.org 2004/11/07 00:32:41
[multiplex.sh]
regression tests for new multiplex commands
- dtucker@cvs.openbsd.org 2004/11/25 09:39:27
[test-exec.sh]
Remove obsolete RhostsAuthentication from test config; ok markus@
- dtucker@cvs.openbsd.org 2004/12/06 10:49:56
[test-exec.sh]
Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
20041203
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/11/07 17:42:36
[ssh.1]
options sort, and whitespace;
- jmc@cvs.openbsd.org 2004/11/07 17:57:30
[ssh.c]
usage():
- add -O
- sync -S w/ manpage
- remove -h
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
subsequently denied by the PAM auth stack, send the PAM message to the
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
ok djm@
20041107
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/11/05 12:19:56
[sftp.c]
command editing and history support via libedit; ok markus@
thanks to hshoexer@ and many testers on tech@ too
- djm@cvs.openbsd.org 2004/11/07 00:01:46
[clientloop.c clientloop.h ssh.1 ssh.c]
add basic control of a running multiplex master connection; including the
ability to check its status and request it to exit; ok markus@
- (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
option and supporting makefile bits and documentation.
20041105
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/08/30 09:18:08
[LICENCE]
s/keygen/keyscan/
- jmc@cvs.openbsd.org 2004/08/30 21:22:49
[ssh-add.1 ssh.1]
.Xsession -> .xsession;
originally from a pr from f at obiit dot org, but missed by myself;
ok markus@ matthieu@
- djm@cvs.openbsd.org 2004/09/07 23:41:30
[clientloop.c ssh.c]
cleanup multiplex control socket on SIGHUP too, spotted by sturm@
ok markus@ deraadt@
- deraadt@cvs.openbsd.org 2004/09/15 00:46:01
[ssh.c]
/* fallthrough */ is something a programmer understands. But
/* FALLTHROUGH */ is also understood by lint, so that is better.
- jaredy@cvs.openbsd.org 2004/09/15 03:25:41
[sshd_config.5]
mention PrintLastLog only prints last login time for interactive
sessions, like PrintMotd mentions.
From Michael Knudsen, with wording changed slightly to match the
PrintMotd description.
ok djm
- mickey@cvs.openbsd.org 2004/09/15 18:42:27
[sshd.c]
use less doubles in daemons; markus@ ok
- deraadt@cvs.openbsd.org 2004/09/15 18:46:04
[scp.c]
scratch that do { } while (0) wrapper in this case
- djm@cvs.openbsd.org 2004/09/23 13:00:04
[ssh.c]
correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
- djm@cvs.openbsd.org 2004/09/25 03:45:14
[sshd.c]
these printf args are no longer double; ok deraadt@ markus@
- djm@cvs.openbsd.org 2004/10/07 10:10:24
[scp.1 sftp.1 ssh.1 ssh_config.5]
document KbdInteractiveDevices; ok markus@
- djm@cvs.openbsd.org 2004/10/07 10:12:36
[ssh-agent.c]
don't unlink agent socket when bind() fails, spotted by rich AT
rich-paul.net, ok markus@
- markus@cvs.openbsd.org 2004/10/20 11:48:53
[packet.c ssh1.h]
disconnect for invalid (out of range) message types.
- djm@cvs.openbsd.org 2004/10/29 21:47:15
[channels.c channels.h clientloop.c]
fix some window size change bugs for multiplexed connections: windows sizes
were not being updated if they had changed after ~^Z suspends and SIGWINCH
was not being processed unless the first connection had requested a tty;
ok markus
- djm@cvs.openbsd.org 2004/10/29 22:53:56
[clientloop.c misc.h readpass.c ssh-agent.c]
factor out common permission-asking code to separate function; ok markus@
- djm@cvs.openbsd.org 2004/10/29 23:56:17
[bufaux.c bufaux.h buffer.c buffer.h]
introduce a new buffer API that returns an error rather than fatal()ing
when presented with bad data; ok markus@
- djm@cvs.openbsd.org 2004/10/29 23:57:05
[key.c]
use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
files; ok markus@
20041102
- (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
only if a conflict is detected.
20041019
- (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
20041016
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
ok dtucker@
20041006
- (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
and other PAM platforms.
- (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
to void * to appease picky compilers (eg Tru64's "cc -std1").
20040930
- (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@
20040923
- (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
which could have caused the justification to be wrong. ok djm@
20040921
- (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
ok djm@
- (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
install process. Patch from vinschen at redhat.com.
20040912
- (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
No change in resultant binary
- (djm) [loginrec.c] __func__ifiy
- (djm) [loginrec.c] xmalloc
- (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
banner. Suggested by deraadt@, ok mouring@, dtucker@
- (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
Partly by & ok djm@.
20040911
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way
/etc/nologin is handled. ok djm@
- (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
- (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
Make cygwin code more consistent with that which surrounds it
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
- (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@
- (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
- (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
at anl.gov, ok djm@
20040830
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
copy required environment variables on Cygwin. Patch from vinschen at
redhat.com, ok djm@
- (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
vinschen at redhat.com.
- (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
of shell constructs. Patch from cjwatson at debian.org.
20040829
- (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/08/23 11:48:09
[authfile.c]
fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
- djm@cvs.openbsd.org 2004/08/23 11:48:47
[channels.c]
typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
- dtucker@cvs.openbsd.org 2004/08/23 14:26:38
[ssh-keysign.c ssh.c]
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
change in Portable; ok markus@ (CVS ID sync only)
- dtucker@cvs.openbsd.org 2004/08/23 14:29:23
[ssh-keysign.c]
Remove duplicate getuid(), suggested by & ok markus@
- markus@cvs.openbsd.org 2004/08/26 16:00:55
[ssh.1 sshd.8]
get rid of references to rhosts authentication; with jmc@
- djm@cvs.openbsd.org 2004/08/28 01:01:48
[sshd.c]
don't erroneously close stdin for !reexec case, from Dave Johnson;
ok markus@
- (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
fixes configure warning on Solaris reported by wknox at mitre.org.
- (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
support FD passing since multiplex requires it. Noted by tim@
- (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
down, needed on some platforms, should be harmless on others. Patch from
jason at devrandom.org.
- (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
- (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
builds too, from vinschen at redhat.com.
- (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
too; patch from cmadams at hiwaay.net.
- (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
- (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
accounts with authentication configs that sshd can't support (ie
SYSTEM=NONE and AUTH1=something).
20040828
- (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
vinschen at redhat.com.
20040823
- (djm) [ssh-rand-helper.c] Typo. Found by
Martin.Kraemer AT Fujitsu-Siemens.com
- (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
Martin.Kraemer AT Fujitsu-Siemens.com
20040817
- (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/08/16 08:17:01
[version.h]
3.9
- (djm) Crank RPM spec version numbers
- (djm) Release 3.9p1
20040816
- (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
to convince Solaris PAM to honour password complexity rules. ok djm@
20040815
- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms. ok djm@
- (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
closefrom() replacement from sudo; ok dtucker@
- (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
- (dtucker) [Makefile.in] Fix typo.
20040814
- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
Explicitly set umask for mkstemp; ok djm@
- (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
- (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
all auth types.
20040813
- (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
redhat.com
- (dtucker) OpenBSD CVS Sync
- avsm@cvs.openbsd.org 2004/08/11 21:43:05
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
some signed/unsigned int comparison cleanups; markus@ ok
- avsm@cvs.openbsd.org 2004/08/11 21:44:32
[authfd.c scp.c ssh-keyscan.c]
use atomicio instead of homegrown equivalents or read/write.
markus@ ok
- djm@cvs.openbsd.org 2004/08/12 09:18:24
[sshlogin.c]
typo in error message, spotted by moritz AT jodeit.org (Id sync only)
- jakob@cvs.openbsd.org 2004/08/12 21:41:13
[ssh-keygen.1 ssh.1]
improve SSHFP documentation; ok deraadt@
- jmc@cvs.openbsd.org 2004/08/13 00:01:43
[ssh-keygen.1]
kill whitespace at eol;
- djm@cvs.openbsd.org 2004/08/13 02:51:48
[monitor_fdpass.c]
extra check for no message case; ok markus, deraadt, hshoexer, henning
- dtucker@cvs.openbsd.org 2004/08/13 11:09:24
[servconf.c]
Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
ok markus@, djm@
20040812
- (dtucker) [sshd.c] Remove duplicate variable imported during sync.
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/07/28 08:56:22
[sshd.c]
call setsid() _before_ re-exec
- markus@cvs.openbsd.org 2004/07/28 09:40:29
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
sshconnect1.c]
more s/illegal/invalid/
- djm@cvs.openbsd.org 2004/08/04 10:37:52
[dh.c]
return group14 when no primes found - fixes hang on empty /etc/moduli;
ok markus@
- dtucker@cvs.openbsd.org 2004/08/11 11:09:54
[servconf.c]
Fix minor leak; "looks right" deraadt@
- dtucker@cvs.openbsd.org 2004/08/11 11:50:09
[sshd.c]
Don't try to close startup_pipe if it's not open; ok djm@
- djm@cvs.openbsd.org 2004/08/11 11:59:22
[sshlogin.c]
check that lseek went were we told it to; ok markus@
(Id sync only, but similar changes are needed in loginrec.c)
- djm@cvs.openbsd.org 2004/08/11 12:01:16
[sshlogin.c]
make store_lastlog_message() static to appease -Wall; ok markus
- (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
messages generated before the postauth privsep split.
20040720
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/07/21 08:56:12
[auth.c]
s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
miod, ...
- djm@cvs.openbsd.org 2004/07/21 10:33:31
[auth1.c auth2.c]
bz#899: Don't display invalid usernames in setproctitle
from peak AT argo.troja.mff.cuni.cz; ok markus@
- djm@cvs.openbsd.org 2004/07/21 10:36:23
[gss-serv-krb5.c]
fix function declaration
- djm@cvs.openbsd.org 2004/07/21 11:51:29
[canohost.c]
bz#902: cache remote port so we don't fatal() in auth_log when remote
connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
ok markus@
- (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
20040720
- (djm) [log.c] bz #111: Escape more control characters when sending data
to syslog; from peak AT argo.troja.mff.cuni.cz
- (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
peak AT argo.troja.mff.cuni.cz
- (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
that sshd is fixed to behave better; suggested by tim
20040719
- (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
ok dtucker@
- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
- (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
Report by rac AT tenzing.org
20040717
- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
- (dtucker) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
- brad@cvs.openbsd.org 2004/07/12 23:34:25
[ssh-keyscan.1]
Fix incorrect macro, .I -> .Em
From: Eric S. Raymond <esr at thyrsus dot com>
ok jmc@
- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
20040711
- (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
the monitor to properly clean up the PAM thread (Debian bug #252676).
20040709
- (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
vinschen AT redhat.com
20040708
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2004/07/03 05:11:33