]>
Commit | Line | Data |
---|---|---|
f97edba6 | 1 | 20090615 |
2 | - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c | |
3 | sshd.c ] | |
4 | Fix issues identified by Greg Hudson following a code review | |
5 | Check return value of gss_indicate_mechs | |
6 | Protect GSSAPI calls in monitor, so they can only be used if enabled | |
7 | Check return values of bignum functions in key exchange | |
8 | Use BN_clear_free to clear other side's DH value | |
9 | Make ssh_gssapi_id_kex more robust | |
10 | Only configure kex table pointers if GSSAPI is enabled | |
11 | Don't leak mechanism list, or gss mechanism list | |
12 | Cast data.length before printing | |
13 | If serverkey isn't provided, use an empty string, rather than NULL | |
14 | ||
15 | 20090201 | |
16 | - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h | |
17 | ssh_config.5 sshconnet2.c ] | |
18 | Add support for the GSSAPIClientIdentity option, which allows the user | |
19 | to specify which GSSAPI identity to use to contact a given server | |
20 | ||
21 | 20080404 | |
22 | - [ gss-serv.c ] | |
23 | Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow | |
24 | been omitted from a previous version of this patch. Reported by Borislav | |
25 | Stoichkov | |
26 | ||
27 | 20070317 | |
28 | - [ gss-serv-krb5.c ] | |
29 | Remove C99ism, where new_ccname was being declared in the middle of a | |
30 | function | |
31 | ||
32 | 20061220 | |
33 | - [ servconf.c ] | |
34 | Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and | |
35 | documented, behaviour. Reported by Dan Watson. | |
36 | ||
37 | 20060910 | |
38 | - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c | |
39 | ssh-gss.h ] | |
40 | add support for gss-group14-sha1 key exchange mechanisms | |
41 | - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ] | |
42 | Add GSSAPIStrictAcceptorCheck option to allow the disabling of | |
43 | acceptor principal checking on multi-homed machines. | |
44 | <Bugzilla #928> | |
45 | - [ sshd_config ssh_config ] | |
46 | Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample | |
47 | configuration files | |
48 | - [ kexgss.c kegsss.c sshconnect2.c sshd.c ] | |
49 | Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf() | |
50 | Limit length of error messages displayed by client | |
51 | ||
52 | 20060909 | |
53 | - [ gss-genr.c gss-serv.c ] | |
54 | move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server | |
55 | only, where they belong | |
56 | <Bugzilla #1225> | |
57 | ||
58 | 20060829 | |
59 | - [ gss-serv-krb5.c ] | |
60 | Fix CCAPI credentials cache name when creating KRB5CCNAME environment | |
61 | variable | |
62 | ||
63 | 20060828 | |
64 | - [ gss-genr.c ] | |
65 | Avoid Heimdal context freeing problem | |
66 | <Fixed upstream 20060829> | |
67 | ||
68 | 20060818 | |
69 | - [ gss-genr.c ssh-gss.h sshconnect2.c ] | |
70 | Make sure that SPENGO is disabled | |
71 | <Bugzilla #1218 - Fixed upstream 20060818> | |
72 | ||
73 | 20060421 | |
74 | - [ gssgenr.c, sshconnect2.c ] | |
75 | a few type changes (signed versus unsigned, int versus size_t) to | |
76 | fix compiler errors/warnings | |
77 | (from jbasney AT ncsa.uiuc.edu) | |
78 | - [ kexgssc.c, sshconnect2.c ] | |
79 | fix uninitialized variable warnings | |
80 | (from jbasney AT ncsa.uiuc.edu) | |
81 | - [ gssgenr.c ] | |
82 | pass oid to gss_display_status (helpful when using GSSAPI mechglue) | |
83 | (from jbasney AT ncsa.uiuc.edu) | |
84 | <Bugzilla #1220 > | |
85 | - [ gss-serv-krb5.c ] | |
86 | #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H | |
87 | (from jbasney AT ncsa.uiuc.edu) | |
88 | <Fixed upstream 20060304> | |
89 | - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c | |
90 | add client-side GssapiKeyExchange option | |
91 | (from jbasney AT ncsa.uiuc.edu) | |
92 | - [ sshconnect2.c ] | |
93 | add support for GssapiTrustDns option for gssapi-with-mic | |
94 | (from jbasney AT ncsa.uiuc.edu) | |
95 | <gssapi-with-mic support is Bugzilla #1008> |