- make batch-processing cleaner
20011202
- (djm) Syn with OpenBSD OpenSSH-3.0.2
- markus@cvs.openbsd.org
[session.c sshd.8 version.h]
Don't allow authorized_keys specified environment variables when
UseLogin in active
- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate
disabled -DSKEY
from Changelog (not complete):
20011115
- (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
<djast@cs.toronto.edu> Fix from markus@
- (djm) Release 3.0.1p1
20011113
- (djm) Fix early (and double) free of remote user when using Kerberos.
Patch from Simon Wilkinson <simon@sxw.org.uk>
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
- (djm) OpenBSD CVS Sync
- dugsong@cvs.openbsd.org 2001/11/11 18:47:10
[auth-krb5.c]
fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
art@, deraadt@ ok
- markus@cvs.openbsd.org 2001/11/12 11:17:07
[servconf.c]
enable authorized_keys2 again. tested by fries@
20011112
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/24 08:41:41
[sshd.c]
mention remote port in debug message
- markus@cvs.openbsd.org 2001/10/24 08:51:35
[clientloop.c ssh.c]
ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- markus@cvs.openbsd.org 2001/10/24 19:57:40
[clientloop.c]
make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- markus@cvs.openbsd.org 2001/10/25 21:14:32
[ssh-keygen.1 ssh-keygen.c]
better docu for fingerprinting, ok deraadt@
- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
- markus@cvs.openbsd.org 2001/11/07 21:40:21
[ssh-rsa.c]
ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
- markus@cvs.openbsd.org 2001/11/07 22:10:28
[ssh-dss.c ssh-rsa.c]
missing free and sync dss/rsa code.
- markus@cvs.openbsd.org 2001/11/07 22:53:21
[channels.h]
crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
- markus@cvs.openbsd.org 2001/11/08 10:51:08
[readpass.c]
don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
- markus@cvs.openbsd.org 2001/11/10 13:22:42
[ssh-rsa.c]
KNF (unexpand)
- markus@cvs.openbsd.org 2001/11/11 13:02:31
[servconf.c]
make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
AuthorizedKeysFile is specified.
20011109
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
Extracted from Changelog (not complete):
20011012
- markus@cvs.openbsd.org 2001/10/10 22:18:47
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c session.h]
try to keep channels open until an exit-status message is sent.
don't kill the login shells if the shells stdin/out/err is closed.
this should now work:
ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
- markus@cvs.openbsd.org 2001/10/11 13:45:21
[session.c]
delay detach of session if a channel gets closed but the child is
still alive. however, release pty, since the fd's to the child are
already closed.
- markus@cvs.openbsd.org 2001/10/11 15:24:00
[clientloop.c]
clear select masks if we return before calling select().
20011010
- markus@cvs.openbsd.org 2001/10/04 14:34:16
[key.c]
call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
- markus@cvs.openbsd.org 2001/10/04 15:05:40
[channels.c serverloop.c]
comment out bogus conditions for selecting on connection_in
- markus@cvs.openbsd.org 2001/10/04 15:12:37
[serverloop.c]
client_alive_check cleanup
- markus@cvs.openbsd.org 2001/10/06 00:14:50
[sshconnect.c]
remove unused argument
- markus@cvs.openbsd.org 2001/10/06 00:36:42
[session.c]
fix typo in error message, sync with do_exec_nopty
- markus@cvs.openbsd.org 2001/10/06 11:18:19
[sshconnect1.c sshconnect2.c sshconnect.c]
unify hostkey check error messages, simplify prompt.
- markus@cvs.openbsd.org 2001/10/07 10:29:52
[authfile.c]
grammer; Matthew_Clarke@mindlink.bc.ca
- markus@cvs.openbsd.org 2001/10/07 17:49:40
[channels.c channels.h]
avoid possible FD_ISSET overflow for channels established
during channnel_after_select() (used for dynamic channels).
- markus@cvs.openbsd.org 2001/10/08 11:48:57
[channels.c]
better debug
- markus@cvs.openbsd.org 2001/10/08 16:15:47
[sshconnect.c]
use correct family for -b option
- markus@cvs.openbsd.org 2001/10/08 19:05:05
[ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
some more IPv4or6 cleanup
- markus@cvs.openbsd.org 2001/10/09 10:12:08
[session.c]
chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
- markus@cvs.openbsd.org 2001/10/09 19:32:49
[session.c]
stat subsystem command before calling do_exec, and return error to client.
- markus@cvs.openbsd.org 2001/10/09 19:51:18
[serverloop.c]
close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
- markus@cvs.openbsd.org 2001/10/09 21:59:41
[channels.c channels.h serverloop.c session.c session.h]
simplify session close: no more delayed session_close, no more
blocking wait() calls.
- (bal) seed_init() and seed_rng() required in ssh-keyscan.c
20011003
- markus@cvs.openbsd.org 2001/09/27 11:58:16
[compress.c]
mem leak; chombier@mac.com
- markus@cvs.openbsd.org 2001/09/27 11:59:37
[packet.c]
missing called=1; chombier@mac.com
- markus@cvs.openbsd.org 2001/09/27 15:31:17
[auth2.c auth2-chall.c sshconnect1.c]
typos; from solar
- camield@cvs.openbsd.org 2001/09/27 17:53:24
[sshd.8]
don't talk about compile-time options
ok markus@
- djm@cvs.openbsd.org 2001/09/28 12:07:09
[ssh-keygen.c]
bzero private key after loading to smartcard; ok markus@
- markus@cvs.openbsd.org 2001/09/28 15:46:29
[ssh.c]
bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
- markus@cvs.openbsd.org 2001/10/01 08:06:28
[scp.c]
skip filenames containing \n; report jdamery@chiark.greenend.org.uk
and matthew@debian.org
- markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
remove ugliness; vp@drexel.edu via angelos
- markus@cvs.openbsd.org 2001/10/01 21:51:16
[readconf.c readconf.h ssh.1 sshconnect.c]
add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too.
- djm@cvs.openbsd.org 2001/10/02 08:38:50
[ssh-add.c]
return non-zero exit code on error; ok markus@
- stevesk@cvs.openbsd.org 2001/10/02 22:56:09
[sshd.c]
#include "channels.h" for channel_set_af()
- markus@cvs.openbsd.org 2001/10/03 10:01:20
[auth.c]
use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
20011001
- (stevesk) loginrec.c: fix type conversion problems exposed when using
64-bit off_t.
20010928
- djm@cvs.openbsd.org 2001/09/28 09:49:31
[scard.c]
Fix segv when smartcard communication error occurs during key load.
ok markus@
- (djm) Update spec files for new x11-askpass
20010927
- (stevesk) session.c: declare do_pre_login() before use
wayned@users.sourceforge.net
20010925
- (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
- (djm) Sync $sysconfdir/moduli
- (djm) Avoid bad and unportable sprintf usage in compat code
- stripped down some patches
20010617
- (djm) Pull in small fix from -CURRENT for session.c:
typo, use pid not s->pid, mstone@cs.loyola.edu
20010615
- (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
around grantpt().
20010614
- (bal) Applied X11 Cookie Patch. X11 Cookie behavior has changed to
no longer use /tmp/ssh-XXXXX/
20010528
- (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
Patch by Corinna Vinschen <vinschen@redhat.com>
Approved by: dwcjr@freebsd.org
OpenSSH portable, which has GNU-configure and more.
Diffs to OpenSSH-OPenBSD are huge.
So this is here a complete diffrent branch, no repro-copy
- Did a bit cleanup in the Makefile
Submitted by: dwcjr@inethouston.net
