path: root/ChangeLog

20000415
 - OpenBSD CVS updates.
   [ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   whitespace cleanup

20000413
 - INSTALL doc updates
 - Merged OpenBSD updates to include paths.
 
20000412
 - OpenBSD CVS updates:
   - [channels.c]
     repair x11-fwd
   - [sshconnect.c]
     fix passwd prompt for ssh2, less debugging output.
   - [clientloop.c compat.c dsa.c kex.c sshd.c]
     less debugging output
   - [kex.c kex.h sshconnect.c sshd.c]
     check for reasonable public DH values
   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
     add Cipher and Protocol options to ssh/sshd, e.g.:
     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
     arcfour,3des-cbc'
   - [sshd.c]
     print 1.99 only if server supports both

20000408
 - Avoid some compiler warnings in fake-get*.c
 - Add IPTOS macros for systems which lack them
 - Only set define entropy collection macros if they are found
 - More large OpenBSD CVS updates:
   - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
     [session.h ssh.h sshd.c README.openssh2]
     ssh2 server side, see README.openssh2; enable with 'sshd -2'
   - [channels.c]
     no adjust after close
   - [sshd.c compat.c ]
     interop w/ latest ssh.com windows client.
  
20000406
 - OpenBSD CVS update:
   - [channels.c]
     close efd on eof
   - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
     ssh2 client implementation, interops w/ ssh.com and lsh servers.
   - [sshconnect.c]
     missing free.
   - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
     remove unused argument, split cipher_mask()
   - [clientloop.c]
     re-order: group ssh1 vs. ssh2
 - Make Redhat spec require openssl >= 0.9.5a

20000404
 - Add tests for RAND_add function when searching for OpenSSL
 - OpenBSD CVS update:
   - [packet.h packet.c]
     ssh2 packet format
   - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
     [channels.h channels.c]
     channel layer support for ssh2
   - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
     DSA, keyexchange, algorithm agreement for ssh2
 - Generate manpages before make install not at the end of make all
 - Don't seed the rng quite so often
 - Always reseed rng when requested

20000403
 - Wrote entropy collection routines for systems that lack /dev/random
   and EGD
 - Disable tests and typedefs for 64 bit types. They are currently unused.

20000401
 - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
   - [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c

20000326
 - Better tests for OpenSSL w/ RSAref
 - Added replacement setenv() function from OpenBSD libc. Suggested by 
   Ben Lindstrom <mouring@pconline.com>
 - OpenBSD CVS update
   - [auth-krb4.c]
     -Wall
   - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
     [match.h ssh.c ssh.h sshconnect.c sshd.c]
     initial support for DSA keys. ok deraadt@, niels@
   - [cipher.c cipher.h]
     remove unused cipher_attack_detected code
   - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     Fix some formatting problems I missed before.
   - [ssh.1 sshd.8]
     fix spelling errors, From: FreeBSD
   - [ssh.c]
     switch to raw mode only if he _get_ a pty (not if we _want_ a pty).

20000324
 - Released 1.2.3

20000317
 - Clarified --with-default-path option.
 - Added -blibpath handling for AIX to work around stupid runtime linking.
   Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
   <jmknoble@pobox.com>
 - Checks for 64 bit int types. Problem report from Mats Fredholm
   <matsf@init.se>
 - OpenBSD CVS updates:
   - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] 
     [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     [sshd.c]
     pedantic: signed vs. unsigned, void*-arithm, etc
   - [ssh.1 sshd.8]
     Various cleanups and standardizations.
 - Runtime error fix for HPUX from Otmar Stahl 
   <O.Stahl@lsw.uni-heidelberg.de>

20000316
 - Fixed configure not passing LDFLAGS to Solaris. Report from David G. 
   Hesprich <dghespri@sprintparanet.com>
 - Propogate LD through to Makefile
 - Doc cleanups
 - Added blurb about "scp: command not found" errors to UPGRADING

20000315
 - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
   problems with gcc/Solaris.
 - Don't free argument to putenv() after use (in setenv() replacement). 
   Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
 - Created contrib/ subdirectory. Included helpers from Phil Hands' 
   Debian package, README file and chroot patch from Ricardo Cerqueira
   <rmcc@clix.pt>
 - Moved gnome-ssh-askpass.c to contrib directory and removed config 
   option.
 - Slight cleanup to doc files
 - Configure fix from Bratislav ILICH <bilic@zepter.ru>

20000314
 - Include macro for IN6_IS_ADDR_V4MAPPED. Report from 
   peter@frontierflying.com
 - Include /usr/local/include and /usr/local/lib for systems that don't
   do it themselves
 - -R/usr/local/lib for Solaris
 - Fix RSAref detection
 - Fix IN6_IS_ADDR_V4MAPPED macro

20000311
 - Detect RSAref
 - OpenBSD CVS change
   [sshd.c]
    - disallow guessing of root password
 - More configure fixes
 - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>

20000309
 - OpenBSD CVS updates to v1.2.3
	[ssh.h atomicio.c]
	 - int atomicio -> ssize_t (for alpha). ok deraadt@
	[auth-rsa.c]
	 - delay MD5 computation until client sends response, free() early, cleanup.
	[cipher.c]
	 - void* -> unsigned char*, ok niels@
	[hostfile.c]
	 - remove unused variable 'len'. fix comments.
	 - remove unused variable
	[log-client.c log-server.c]
	 - rename a cpp symbol, to avoid param.h collision
	[packet.c]
	 - missing xfree()
	 - getsockname() requires initialized tolen; andy@guildsoftware.com
	 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
	from Holger.Trapp@Informatik.TU-Chemnitz.DE
	[pty.c pty.h]
	 - register cleanup for pty earlier. move code for pty-owner handling to 
   	pty.c ok provos@, dugsong@
	[readconf.c]
	 - turn off x11-fwd for the client, too.
	[rsa.c]
	 - PKCS#1 padding
	[scp.c]
	 - allow '.' in usernames; from jedgar@fxp.org
	[servconf.c]
	 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
	 - sync with sshd_config
	[ssh-keygen.c]
	 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
	[ssh.1]
	 - Change invalid 'CHAT' loglevel to 'VERBOSE'
	[ssh.c]
	 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
	 - turn off x11-fwd for the client, too.
	[sshconnect.c]
	 - missing xfree()
	 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
	 - read error vs. "Connection closed by remote host"
	[sshd.8]
	 - ie. -> i.e.,
	 - do not link to a commercial page..
	 - sync with sshd_config
	[sshd.c]
	 - no need for poll.h; from bright@wintelcom.net
	 - log with level log() not fatal() if peer behaves badly.
	 - don't panic if client behaves strange. ok deraadt@
	 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
	 - delay close() of pty until the pty has been chowned back to root
	 - oops, fix comment, too.
	 - missing xfree()
	 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
   	(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
	 - register cleanup for pty earlier. move code for pty-owner handling to 
      pty.c ok provos@, dugsong@
	 - create x11 cookie file
	 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
	 - version 1.2.3
 - Cleaned up
 - Removed warning workaround for Linux and devpts filesystems (no longer 
   required after OpenBSD updates)

20000308
 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>

20000307
 - Released 1.2.2p1

20000305
 - Fix DEC compile fix
 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
 - Check for getpagesize in libucb.a if not found in libc. Fix for old
   Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion 
   Mate Wierdl <mw@moni.msci.memphis.edu>

20000303
 - Added "make host-key" target, Suggestion from Dominik Brettnacher
 <domi@saargate.de>
 - Don't permanently fail on bind() if getaddrinfo has more choices left for 
   us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
   Miskiewicz <misiek@pld.org.pl>
 - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
 - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>

20000302
 - Big cleanup of autoconf code
   - Rearranged to be a little more logical
   - Added -R option for Solaris
   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
     to detect library and header location _and_ ensure library has proper
     RSA support built in (this is a problem with OpenSSL 0.9.5).
 - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
 - Avoid warning message with Unix98 ptys
 - Warning was valid - possible race condition on PTYs. Avoided using 
   platform-specific code.
 - Document some common problems
 - Allow root access to any key. Patch from 
   markus.friedl@informatik.uni-erlangen.de

20000207
 - Removed SOCKS code. Will support through a ProxyCommand.

20000203
 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
 - Add --with-ssl-dir option

20000202
 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham 
   <jmd@aoe.vt.edu>
 - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
 - Added URLs to Japanese translations of documents by HARUYAMA Seigo 
   <haruyama@nt.phys.s.u-tokyo.ac.jp>

20000201
 - Use socket pairs by default (instead of pipes). Prevents race condition
   on several (buggy) OSs. Report and fix from tridge@linuxcare.com

20000127
 - Seed OpenSSL's random number generator before generating RSA keypairs
 - Split random collector into seperate file
 - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>

20000126
 - Released 1.2.2 stable

 - NeXT keeps it lastlog in /usr/adm. Report from 
   mouring@newton.pconline.com
 - Added note in UPGRADING re interop with commercial SSH using idea. 
   Report from Jim Knoble <jmknoble@pobox.com>
 - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
   <Holger.Trapp@Informatik.TU-Chemnitz.DE>

20000125
 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas 
   <andre.lucas@dial.pipex.com>
 - Reorder PAM initialisation so it does not mess up lastlog. Reported
   by Andre Lucas <andre.lucas@dial.pipex.com>
 - Use preformatted manpages on SCO, report from Gary E. Miller 
   <gem@rellim.com>
 - New URL for x11-ssh-askpass.
 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble 
   <jmknoble@pobox.com>
 - Added 'DESTDIR' option to Makefile to ease package building. Patch from 
   Jim Knoble <jmknoble@pobox.com>
 - Updated RPM spec files to use DESTDIR

20000124
 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
   increment)

20000123
 - OpenBSD CVS:
   - [packet.c]
     getsockname() requires initialized tolen; andy@guildsoftware.com
 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin 
   <drankin@bohemians.lexington.ky.us>
 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>

20000122
 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
   <bent@clark.net>
 - Merge preformatted manpage patch from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Make IPv4 use the default in RPM packages
 - Irix uses preformatted manpages
 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
   <Holger.Trapp@Informatik.TU-Chemnit