[gssapi-openssh.git] / openssh / ChangeLog.gssapi

20090615
  - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
      sshd.c ]
    Fix issues identified by Greg Hudson following a code review
	Check return value of gss_indicate_mechs
	Protect GSSAPI calls in monitor, so they can only be used if enabled
	Check return values of bignum functions in key exchange
	Use BN_clear_free to clear other side's DH value
	Make ssh_gssapi_id_kex more robust
	Only configure kex table pointers if GSSAPI is enabled
	Don't leak mechanism list, or gss mechanism list
	Cast data.length before printing
	If serverkey isn't provided, use an empty string, rather than NULL

20090201
  - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h
      ssh_config.5 sshconnet2.c ]
    Add support for the GSSAPIClientIdentity option, which allows the user
    to specify which GSSAPI identity to use to contact a given server

20080404
  - [ gss-serv.c ]
    Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
    been omitted from a previous version of this patch. Reported by Borislav
    Stoichkov

20070317
  - [ gss-serv-krb5.c ]
    Remove C99ism, where new_ccname was being declared in the middle of a 
    function

20061220
  - [ servconf.c ]
    Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and 
    documented, behaviour. Reported by Dan Watson.

20060910
  - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c
      ssh-gss.h ]
    add support for gss-group14-sha1 key exchange mechanisms
  - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ]
    Add GSSAPIStrictAcceptorCheck option to allow the disabling of
    acceptor principal checking on multi-homed machines.
    <Bugzilla #928>
  - [ sshd_config ssh_config ]
    Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample
    configuration files
  - [ kexgss.c kegsss.c sshconnect2.c sshd.c ]
    Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf()
    Limit length of error messages displayed by client

20060909
  - [ gss-genr.c gss-serv.c ]
    move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server
    only, where they belong 
    <Bugzilla #1225>

20060829
  - [ gss-serv-krb5.c ]
    Fix CCAPI credentials cache name when creating KRB5CCNAME environment 
    variable

20060828
  - [ gss-genr.c ]
    Avoid Heimdal context freeing problem
    <Fixed upstream 20060829>

20060818
  - [ gss-genr.c ssh-gss.h sshconnect2.c ]
    Make sure that SPENGO is disabled 
    <Bugzilla #1218 - Fixed upstream 20060818>

20060421
  - [ gssgenr.c, sshconnect2.c ]
    a few type changes (signed versus unsigned, int versus size_t) to
    fix compiler errors/warnings 
    (from jbasney AT ncsa.uiuc.edu)
  - [ kexgssc.c, sshconnect2.c ]
    fix uninitialized variable warnings
    (from jbasney AT ncsa.uiuc.edu)
  - [ gssgenr.c ]
    pass oid to gss_display_status (helpful when using GSSAPI mechglue)
    (from jbasney AT ncsa.uiuc.edu)
    <Bugzilla #1220 >
  - [ gss-serv-krb5.c ]
    #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H
    (from jbasney AT ncsa.uiuc.edu)
    <Fixed upstream 20060304>
  - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c 
    add client-side GssapiKeyExchange option
    (from jbasney AT ncsa.uiuc.edu)
  - [ sshconnect2.c ]
    add support for GssapiTrustDns option for gssapi-with-mic
    (from jbasney AT ncsa.uiuc.edu)
    <gssapi-with-mic support is Bugzilla #1008>
Commit	Line	Data
f97edba6	1	20090615
	2	- [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
	3	sshd.c ]
	4	Fix issues identified by Greg Hudson following a code review
	5	Check return value of gss_indicate_mechs
	6	Protect GSSAPI calls in monitor, so they can only be used if enabled
	7	Check return values of bignum functions in key exchange
	8	Use BN_clear_free to clear other side's DH value
	9	Make ssh_gssapi_id_kex more robust
	10	Only configure kex table pointers if GSSAPI is enabled
	11	Don't leak mechanism list, or gss mechanism list
	12	Cast data.length before printing
	13	If serverkey isn't provided, use an empty string, rather than NULL
	14
	15	20090201
	16	- [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h
	17	ssh_config.5 sshconnet2.c ]
	18	Add support for the GSSAPIClientIdentity option, which allows the user
	19	to specify which GSSAPI identity to use to contact a given server
	20
	21	20080404
	22	- [ gss-serv.c ]
	23	Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
	24	been omitted from a previous version of this patch. Reported by Borislav
	25	Stoichkov
	26
	27	20070317
	28	- [ gss-serv-krb5.c ]
	29	Remove C99ism, where new_ccname was being declared in the middle of a
	30	function
	31
	32	20061220
	33	- [ servconf.c ]
	34	Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and
	35	documented, behaviour. Reported by Dan Watson.
	36
	37	20060910
	38	- [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c
	39	ssh-gss.h ]
	40	add support for gss-group14-sha1 key exchange mechanisms
	41	- [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ]
	42	Add GSSAPIStrictAcceptorCheck option to allow the disabling of
	43	acceptor principal checking on multi-homed machines.
	44	<Bugzilla #928>
	45	- [ sshd_config ssh_config ]
	46	Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample
	47	configuration files
	48	- [ kexgss.c kegsss.c sshconnect2.c sshd.c ]
	49	Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf()
	50	Limit length of error messages displayed by client
	51
	52	20060909
	53	- [ gss-genr.c gss-serv.c ]
	54	move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server
	55	only, where they belong
	56	<Bugzilla #1225>
	57
	58	20060829
	59	- [ gss-serv-krb5.c ]
	60	Fix CCAPI credentials cache name when creating KRB5CCNAME environment
	61	variable
	62
	63	20060828
	64	- [ gss-genr.c ]
65	Avoid Heimdal context freeing problem
66	<Fixed upstream 20060829>
67
68	20060818
69	- [ gss-genr.c ssh-gss.h sshconnect2.c ]
70	Make sure that SPENGO is disabled
71	<Bugzilla #1218 - Fixed upstream 20060818>
72
73	20060421
74	- [ gssgenr.c, sshconnect2.c ]
75	a few type changes (signed versus unsigned, int versus size_t) to
76	fix compiler errors/warnings
77	(from jbasney AT ncsa.uiuc.edu)
78	- [ kexgssc.c, sshconnect2.c ]
79	fix uninitialized variable warnings
80	(from jbasney AT ncsa.uiuc.edu)
81	- [ gssgenr.c ]
82	pass oid to gss_display_status (helpful when using GSSAPI mechglue)
83	(from jbasney AT ncsa.uiuc.edu)
84	<Bugzilla #1220 >
85	- [ gss-serv-krb5.c ]
86	#ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H
87	(from jbasney AT ncsa.uiuc.edu)
88	<Fixed upstream 20060304>
89	- [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c
90	add client-side GssapiKeyExchange option
91	(from jbasney AT ncsa.uiuc.edu)
92	- [ sshconnect2.c ]
93	add support for GssapiTrustDns option for gssapi-with-mic
94	(from jbasney AT ncsa.uiuc.edu)
95	<gssapi-with-mic support is Bugzilla #1008>