From djm at mindrot.org Wed Dec 22 12:18:17 1999 From: djm at mindrot.org (Damien Miller) Date: Wed, 22 Dec 1999 12:18:17 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre19 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSH-1.2.1pre19 has been released. http://violet.ibs.com.au/openssh/files/MIRRORS.html The major change in this version is the integration of Andre Lucas' HPUX support. This adds a few other options which may be useful on other systems. Changelog: 19991221 - Integration of large HPUX patch from Andre Lucas . Integrating it had a few other benefits: - Ability to disable shadow passwords at configure time - Ability to disable lastlog support at configure time - Support for IP address in $DISPLAY - OpenBSD CVS update: - [sshconnect.c] say "REMOTE HOST IDENTIFICATION HAS CHANGED" - Fix DISABLE_SHADOW support - Allow MD5 passwords even if shadow passwords are disabled - Release 1.2.1pre19 19991218 - Redhat init script patch from Chun-Chung Chen - Avoid breakage on systems without IPv6 headers - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4YCbdormJ9RG1dI8RAmsGAJ9NK4FDhvrAJrqYdzYK5IHFo39aZACgkiVe DYKmn9MmTA6a0D6U10DUFPo= =FxGd -----END PGP SIGNATURE----- From djm at mindrot.org Sat Dec 25 10:30:31 1999 From: djm at mindrot.org (Damien Miller) Date: Sat, 25 Dec 1999 10:30:31 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre20 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre20 has been released at: http://violet.ibs.com.au/openssh/files/ This release integrates more of Andre Lucas' portability patch, Ben Taylor's utmpx patch and some cleanups and bugfixes of my own. The auth-passwd failures should be fixed, as should lastlog support on NetBSD. Since Andre Lucas' patch included platform detection, we should use it to set appropriate compiler flags. I recall some discussion about solaris needing special flags to get openssh to compile. These can now be set by autoconf (if you tell me what they are). The PAM support has been slightly cleaned up and I have fixed a small bug in the authentication (auth_password was not being tried with an empty password for PAM first). This has necessitated a small change to the PAM config file. I am very interested to hear how this release compiles on Solaris, HPUX and AIX. ChangeLog: 19991225 - More fixes from Andre Lucas - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas - Above patch included better utmpx support from Ben Taylor : 19991222 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen - Fix login.c breakage on systems which lack ut_host in struct utmp. Reported by Willard Dawson - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4ZAIbormJ9RG1dI8RAmp2AJ962AAA5qwWCEqgwFGB/YbdM65o3ACgyW0g k+92eziI5oqXySFkuhCNCqY= =t4uu -----END PGP SIGNATURE----- From djm at mindrot.org Sun Dec 26 14:49:14 1999 From: djm at mindrot.org (Damien Miller) Date: Sun, 26 Dec 1999 14:49:14 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre21 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre21 has just been uploaded. This incorporates yet more fixes from Andre Lucas and Ben Taylor, Solaris and HPUX should be working properly now. This version also fixes up the PAM support a little more, though there is still a spurious authentication failure message at each log-in. Read the UPGRADING file for the gory details. The PAM configuration file has changed slightly. If you do not update your local copy you may experience delays during authentication. The Redhat RPM packages now include Jim Knoble's X11 ssh-askpass and use it by default. The old GNOME ssh-askpass is bundled as a seperate package. For those of you not using Redhat and who missed Jim's announcement, this is available at: http://www.pobox.com/~jmknoble/jmk/ Changes: 19991226 - Enabled utmpx support by default for Solaris - Cleanup sshd.c PAM a little more - Revised RPM package to include Jim Knoble's X11 ssh-askpass program. - Disable logging of PAM success and failures, PAM is verbose enough. Unfortunatly there is currently no way to disable auth failure messages. Mention this in UPGRADING file and sent message to PAM developers - OpenBSD CVS update: - [ssh-keygen.1 ssh.1] remove ref to .ssh/random_seed, mention .ssh/environment in .Sh FILES, too 19991225 - Merged fixes from Ben Taylor - Fixed configure support for PAM. Reported by Naz <96na at eng.cam.ac.uk> - Disabled logging of PAM password authentication failures when password is empty. (e.g start of authentication loop). Reported by Naz <96na at eng.cam.ac.uk>) Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4ZZA+ormJ9RG1dI8RAig2AKDA/XxDL/oTGqUOr/zbhQUHF6+6UgCeJwM8 fHx+Ndr8lQVcNV5jTeM70CI= =ZTbu -----END PGP SIGNATURE----- From djm at mindrot.org Tue Dec 28 15:51:39 1999 From: djm at mindrot.org (Damien Miller) Date: Tue, 28 Dec 1999 15:51:39 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre22 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2.1pre22 to: http://violet.ibs.com.au/openssh/files/ This release consists of portability fixes and cleanups. It also resolves two issues which may have caused security problems - If you OS header files did not define PATH_STDPATH, then an unsafe path was used by default (it contained an implicit '.'). Thanks to Jim Knoble for pointing this out and supplying a fix. - PermitEmptyPassword was being ignored for PAM systems. An upgrade is therefore recommended. This release also includes Andre Lucas' fixpaths perl script which will substitute the correct paths into the manpages at install time. Also included is peliminary Irix support. I have managed to compile it under Irix 5.2, but was not able to run it (my perl install is too broken to run EGD). lastlog support is disabled under Irix because it uses a strange directory based lastlog which I cannot find documentation on. I am interested in hearing success or failure stories from users of Solaris, HPUX, AIX, Irix, NetBSD and older Linux variants. ChangeLog: 19991228 - Replacement for getpagesize() for systems which lack it - NetBSD login.c compile fix from David Rankin - Fully set ut_tv if present in utmp or utmpx - Portability fixes for Irix 5.3 (now compiles OK!) - autoconf and other misc cleanups 19991227 - Automatically correct paths in manpages and configuration files. Patch and script from Andre Lucas - Removed credits from README to CREDITS file, updated. - Added --with-default-path to specify custom path for server - Removed #ifdef trickery from acconfig.h into defines.h - PAM bugfix. PermitEmptyPassword was being ignored. - Fixed PAM config files to allow empty passwords if server does. - Explained spurious PAM auth warning workaround in UPGRADING - Use last few chars of tty line as ut_id - New SuSE RPM spec file from Chris Saia - OpenBSD CVS updates: - [packet.h auth-rhosts.c] check format string for packet_disconnect and packet_send_debug, too - [channels.c] use packet_get_maxsize for channels. consistence. 19991226 - Fixed implicit '.' in default path, report from Jim Knoble - Redhat RPM spec fixes from Jim Knoble Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4aEHformJ9RG1dI8RAsy6AJ9mRwol+KxAymF6eE2m/PouqUWqkwCgxh8K vHZbW8K4chmupbT9p6s7D7o= =suuE -----END PGP SIGNATURE----- From djm at mindrot.org Thu Dec 30 17:01:39 1999 From: djm at mindrot.org (Damien Miller) Date: Thu, 30 Dec 1999 17:01:39 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre23 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre23 is available on: http://violet.ibs.com.au/openssh/files/ Highlights of this release: - - A cleanup of the PAM code (it now lives in auth-pam.[ch]). This also fixes a bug where sshd was ignoring a "PermitRootLogin without-password" directive. - - David Randkin's SOCKS support using the Dante libraries. I have not tested this because I don't have Dante. Instructions and links to Dante are in the INSTALL document. - - Automatically detect path to perl installation - - Fixed broken --wth-default-path option - - Much tidying up of source files, etc. - - Portability fixes 19991230 - OpenBSD CVS updates: - [auth-passwd.c] check for NULL 1st - Removed most of the pam code into its own file auth-pam.[ch]. This cleaned up sshd.c up significantly. - Several other cleanups - Merged Dante SOCKS support patch from David Rankin - Updated documentation with ./configure options 19991229 - Applied another NetBSD portability patch from David Rankin - Fix --with-default-path option. - Autodetect perl, patch from David Rankin - Print whether OpenSSH was compiled with RSARef, patch from Nalin Dahyabhai - Calls to pam_setcred, patch from Nalin Dahyabhai - Detect missing size_t and typedef it. - Rename helper.[ch] to (more appropriate) bsd-misc.[ch] - Minor Makefile cleaning Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4avVGormJ9RG1dI8RAlIcAKDXu0CnLcc2j1eyaZ4vto/5Pmc/sACdHny7 yJ8nI93PXkKrwPI/YFqj3TA= =w8Ia -----END PGP SIGNATURE----- From djm at mindrot.org Fri Dec 31 10:46:34 1999 From: djm at mindrot.org (Damien Miller) Date: Fri, 31 Dec 1999 10:46:34 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre24 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre24 is being uploaded to: http://violet.ibs.com.au/openssh/files/ This release fixes the silly bugs (almost all autoconf related) that crept into yesterday's release. 19991231 - Fix password support on systems with a mixture of shadowed and non-shadowed passwords (e.g. NIS). Report and fix from HARUYAMA Seigo - Fix broken autoconf typedef detection. Report from Marc G. Fournier - Fix occasional crash on LinuxPPC. Patch from Franz Sirl - Prevent typedefs from being compiled more than once. Report from Marc G. Fournier - Fill in ut_utaddr utmp field. Report from Benjamin Charron - Really fix broken default path. Fix from Jim Knoble - Remove test for quad_t. No longer needed. Regards, Damien - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4a+7dormJ9RG1dI8RAtPVAJ9eei2hVKSrLRhk5tDNjI6sIn/ybQCeNhBr INmewdyMfjU0SV6xlVqb34M= =6Bj8 -----END PGP SIGNATURE-----