- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from

[openssh.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index a17c47872a36140d78c157854dec961ff329c77b..963b94efe5945cdf09c7efa9be1eea1b3ea1b84e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,46 @@
    - markus@cvs.openbsd.org 2004/12/23 17:35:48
      [session.c]
      check for NULL; from mpech
+   - markus@cvs.openbsd.org 2004/12/23 17:38:07
+     [ssh-keygen.c]
+     leak; from mpech
+   - djm@cvs.openbsd.org 2004/12/23 23:11:00
+     [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
+     bz #898: support AddressFamily in sshd_config. from
+     peak@argo.troja.mff.cuni.cz; ok deraadt@
+   - markus@cvs.openbsd.org 2005/01/05 08:51:32
+     [sshconnect.c]
+     remove dead code, log connect() failures with level error, ok djm@
+   - jmc@cvs.openbsd.org 2005/01/08 00:41:19
+     [sshd_config.5]
+     `login'(n) -> `log in'(v);
+   - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
+     [moduli.c]
+     Correct spelling: SCHNOOR->SCHNORR; ok djm@
+   - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
+     [sshd.c]
+     Make debugging output continue after reexec; ok djm@
+   - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
+     [auth-bsdauth.c auth2-chall.c]
+     Have keyboard-interactive code call the drivers even for responses for
+     invalid logins.  This allows the drivers themselves to decide how to
+     handle them and prevent leaking information where possible.  Existing
+     behaviour for bsdauth is maintained by checking authctxt->valid in the
+     bsdauth driver.  Note that any third-party kbdint drivers will now need
+     to be able to handle responses for invalid logins.  ok markus@
+   - djm@cvs.openbsd.org 2004/12/22 02:13:19
+     [cipher-ctr.c cipher.c]
+     remove fallback AES support for old OpenSSL, as OpenBSD has had it for
+     many years now; ok deraadt@
+     (Id sync only: Portable will continue to support older OpenSSLs)
+ - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
+   existence via keyboard-interactive/pam, in conjunction with previous
+   auth2-chall.c change; with Colin Watson and djm.
+ - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
+   bytes to prevent errors from login_init_entry() when the username is
+   exactly 64 bytes(!) long.  From brhamon at cisco.com, ok djm@
+ - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
+   the list of available kbdint devices if UsePAM=no.  ok djm@
 
 20050118
  - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement