- make batch-processing cleaner
20011202
- (djm) Syn with OpenBSD OpenSSH-3.0.2
- markus@cvs.openbsd.org
[session.c sshd.8 version.h]
Don't allow authorized_keys specified environment variables when
UseLogin in active
- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate
disabled -DSKEY
from Changelog (not complete):
20011115
- (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
<djast@cs.toronto.edu> Fix from markus@
- (djm) Release 3.0.1p1
20011113
- (djm) Fix early (and double) free of remote user when using Kerberos.
Patch from Simon Wilkinson <simon@sxw.org.uk>
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
- (djm) OpenBSD CVS Sync
- dugsong@cvs.openbsd.org 2001/11/11 18:47:10
[auth-krb5.c]
fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
art@, deraadt@ ok
- markus@cvs.openbsd.org 2001/11/12 11:17:07
[servconf.c]
enable authorized_keys2 again. tested by fries@
20011112
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/24 08:41:41
[sshd.c]
mention remote port in debug message
- markus@cvs.openbsd.org 2001/10/24 08:51:35
[clientloop.c ssh.c]
ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- markus@cvs.openbsd.org 2001/10/24 19:57:40
[clientloop.c]
make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- markus@cvs.openbsd.org 2001/10/25 21:14:32
[ssh-keygen.1 ssh-keygen.c]
better docu for fingerprinting, ok deraadt@
- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
- markus@cvs.openbsd.org 2001/11/07 21:40:21
[ssh-rsa.c]
ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
- markus@cvs.openbsd.org 2001/11/07 22:10:28
[ssh-dss.c ssh-rsa.c]
missing free and sync dss/rsa code.
- markus@cvs.openbsd.org 2001/11/07 22:53:21
[channels.h]
crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
- markus@cvs.openbsd.org 2001/11/08 10:51:08
[readpass.c]
don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
- markus@cvs.openbsd.org 2001/11/10 13:22:42
[ssh-rsa.c]
KNF (unexpand)
- markus@cvs.openbsd.org 2001/11/11 13:02:31
[servconf.c]
make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
AuthorizedKeysFile is specified.
20011109
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
Extracted from Changelog (not complete):
20011012
- markus@cvs.openbsd.org 2001/10/10 22:18:47
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c session.h]
try to keep channels open until an exit-status message is sent.
don't kill the login shells if the shells stdin/out/err is closed.
this should now work:
ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
- markus@cvs.openbsd.org 2001/10/11 13:45:21
[session.c]
delay detach of session if a channel gets closed but the child is
still alive. however, release pty, since the fd's to the child are
already closed.
- markus@cvs.openbsd.org 2001/10/11 15:24:00
[clientloop.c]
clear select masks if we return before calling select().
20011010
- markus@cvs.openbsd.org 2001/10/04 14:34:16
[key.c]
call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
- markus@cvs.openbsd.org 2001/10/04 15:05:40
[channels.c serverloop.c]
comment out bogus conditions for selecting on connection_in
- markus@cvs.openbsd.org 2001/10/04 15:12:37
[serverloop.c]
client_alive_check cleanup
- markus@cvs.openbsd.org 2001/10/06 00:14:50
[sshconnect.c]
remove unused argument
- markus@cvs.openbsd.org 2001/10/06 00:36:42
[session.c]
fix typo in error message, sync with do_exec_nopty
- markus@cvs.openbsd.org 2001/10/06 11:18:19
[sshconnect1.c sshconnect2.c sshconnect.c]
unify hostkey check error messages, simplify prompt.
- markus@cvs.openbsd.org 2001/10/07 10:29:52
[authfile.c]
grammer; Matthew_Clarke@mindlink.bc.ca
- markus@cvs.openbsd.org 2001/10/07 17:49:40
[channels.c channels.h]
avoid possible FD_ISSET overflow for channels established
during channnel_after_select() (used for dynamic channels).
- markus@cvs.openbsd.org 2001/10/08 11:48:57
[channels.c]
better debug
- markus@cvs.openbsd.org 2001/10/08 16:15:47
[sshconnect.c]
use correct family for -b option
- markus@cvs.openbsd.org 2001/10/08 19:05:05
[ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
some more IPv4or6 cleanup
- markus@cvs.openbsd.org 2001/10/09 10:12:08
[session.c]
chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
- markus@cvs.openbsd.org 2001/10/09 19:32:49
[session.c]
stat subsystem command before calling do_exec, and return error to client.
- markus@cvs.openbsd.org 2001/10/09 19:51:18
[serverloop.c]
close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
- markus@cvs.openbsd.org 2001/10/09 21:59:41
[channels.c channels.h serverloop.c session.c session.h]
simplify session close: no more delayed session_close, no more
blocking wait() calls.
- (bal) seed_init() and seed_rng() required in ssh-keyscan.c
20011003
- markus@cvs.openbsd.org 2001/09/27 11:58:16
[compress.c]
mem leak; chombier@mac.com
- markus@cvs.openbsd.org 2001/09/27 11:59:37
[packet.c]
missing called=1; chombier@mac.com
- markus@cvs.openbsd.org 2001/09/27 15:31:17
[auth2.c auth2-chall.c sshconnect1.c]
typos; from solar
- camield@cvs.openbsd.org 2001/09/27 17:53:24
[sshd.8]
don't talk about compile-time options
ok markus@
- djm@cvs.openbsd.org 2001/09/28 12:07:09
[ssh-keygen.c]
bzero private key after loading to smartcard; ok markus@
- markus@cvs.openbsd.org 2001/09/28 15:46:29
[ssh.c]
bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
- markus@cvs.openbsd.org 2001/10/01 08:06:28
[scp.c]
skip filenames containing \n; report jdamery@chiark.greenend.org.uk
and matthew@debian.org
- markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
remove ugliness; vp@drexel.edu via angelos
- markus@cvs.openbsd.org 2001/10/01 21:51:16
[readconf.c readconf.h ssh.1 sshconnect.c]
add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too.
- djm@cvs.openbsd.org 2001/10/02 08:38:50
[ssh-add.c]
return non-zero exit code on error; ok markus@
- stevesk@cvs.openbsd.org 2001/10/02 22:56:09
[sshd.c]
#include "channels.h" for channel_set_af()
- markus@cvs.openbsd.org 2001/10/03 10:01:20
[auth.c]
use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
20011001
- (stevesk) loginrec.c: fix type conversion problems exposed when using
64-bit off_t.
20010928
- djm@cvs.openbsd.org 2001/09/28 09:49:31
[scard.c]
Fix segv when smartcard communication error occurs during key load.
ok markus@
- (djm) Update spec files for new x11-askpass
20010927
- (stevesk) session.c: declare do_pre_login() before use
wayned@users.sourceforge.net
20010925
- (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
- (djm) Sync $sysconfdir/moduli
- (djm) Avoid bad and unportable sprintf usage in compat code
when used standard login via telnet or console
However when used openssh, then sshd does not setup LANG & MM_CHARSET into envir
onment for user in russian class
Code for this operation did not exists in openssh port !
PR: 21146
Submitted by: odip@bionet.nsc.ru
- Features:
Possible use of sftp/sftp-server with older FreeBSD releases.
Use a newer version independently from the Base system.
Easier to test and fix possible security bugs.
- Bugs:
build of pam_ssm.so isn't be supported any more
Any file named "cookie" can be deleted by this and any older "sshd"
with X11 Forwarding.
ports-based OpenSSH. OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
it is no longer required. Apologies to the various maintainers whom I
did not yet hear back from, but the ports freeze is coming up in a few
hours and I will be verifying all of these ports on a 4.1 machine
myself to catch any problems.
think that it's good to immediately switch to the newest API, despite
the old API call being left deliberately compatible so that that wouldn't
have to happen. OpenSSL_add_all_algorithms() is now, again,
SSLeay_add_all_algorithms.
not needed for the port.
Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!
Submitted by: Issei Suzuki <issei@jp.FreeBSD.org>
For green's honor, the patch I sent him for review was correct.
But because it is one line fix, I hand merged it into my
cvs committing environment, and then mistake happend.
This time, I applied correct fix which should have been aplied
at last commit.
