X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/15c8e3fd4b1bb74156fc65666bfd85da5d4c4664..90f3c2721dd69c1811fd5902c11ac472d08282aa:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 4a7f64c6..ccfde562 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,197 @@
+20040114
+ - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
+   unexpectedly.  with & ok djm@
+ - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
+   test for case where cleanup has already run.
+ - (dtucker) [auth-pam.c] Add minor debugging.
+
+20040113
+ - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes.  No
+   functional changes.
+
+20040108
+ - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and
+   only define if not already.  From des at freebsd.org.
+ - (dtucker) [configure.ac] Remove extra (typo) comma.
+
+20040105
+ - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails.  Patch from
+   cjwatson at debian.org.
+ - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
+   Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
+
+20040102
+ - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
+   jakob@
+ - (djm) Remove useless DNS support configure summary message. from jakob@
+ - (djm) OSX/Darwin put the PAM headers in a different place, detect this.
+   Report from jakob@
+
+20031231
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/12/22 09:16:58
+     [moduli.c ssh-keygen.1 ssh-keygen.c]
+     tidy up moduli generation debugging, add -v (verbose/debug) option to
+     ssh-keygen; ok markus@
+   - markus@cvs.openbsd.org 2003/12/22 20:29:55
+     [cipher-3des1.c]
+     EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
+   - jakob@cvs.openbsd.org 2003/12/23 16:12:10
+     [servconf.c servconf.h session.c sshd_config]
+     implement KerberosGetAFSToken server option. ok markus@, beck@
+   - millert@cvs.openbsd.org 2003/12/29 16:39:50
+     [sshd_config]
+     KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
+   - dtucker@cvs.openbsd.org 2003/12/31 00:24:50
+     [auth2-passwd.c]
+     Ignore password change request during password auth (which we currently
+     don't support) and discard proposed new password.  corrections/ok markus@
+ - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist.
+
+20031219
+ - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
+   typedef size_t ourselves.
+
+20031218
+ - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban.
+ - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
+   authentication.  Partially fixes bug #423.  Feedback & ok djm@
+
+20031217
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/12/09 15:28:43
+     [serverloop.c]
+     make ClientKeepAlive work for ssh -N, too (no login shell requested).
+     1) send a bogus channel request if we find a channel
+     2) send a bogus global request if we don't have a channel
+     ok + test beck@
+   - markus@cvs.openbsd.org 2003/12/09 17:29:04
+     [sshd.c]
+     fix -o and HUP; ok henning@
+   - markus@cvs.openbsd.org 2003/12/09 17:30:05
+     [ssh.c]
+     don't modify argv for ssh -o; similar to sshd.c 1.283
+   - markus@cvs.openbsd.org 2003/12/09 21:53:37
+     [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
+     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
+     rename keepalive to tcpkeepalive; the old name causes too much
+     confusion; ok djm, dtucker; with help from jmc@
+   - dtucker@cvs.openbsd.org 2003/12/09 23:45:32
+     [clientloop.c]
+     Clear exit code when ssh -N is terminated with a SIGTERM.  ok markus@
+   - markus@cvs.openbsd.org 2003/12/14 12:37:21
+     [ssh_config.5]
+     we don't support GSS KEX; from Simon Wilkinson
+   - markus@cvs.openbsd.org 2003/12/16 15:49:51
+     [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
+     [ssh.c ssh_config.5]
+     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
+     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
+     jmc and dtucker@
+   - markus@cvs.openbsd.org 2003/12/16 15:51:54
+     [dh.c]
+     use <= instead of < in dh_estimate; ok provos/hshoexer; 
+     do not return < DH_GRP_MIN
+ - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for
+   setres[ug]id() present but not implemented (eg some Linux/glibc
+   combinations).
+ - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are
+   using a real 'signal()' (Noticed by a NeXT Compile)
+
+20031209
+ - (dtucker) OpenBSD CVS Sync
+   - matthieu@cvs.openbsd.org 2003/11/25 23:10:08
+     [ssh-add.1]
+     ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
+   - djm@cvs.openbsd.org 2003/11/26 21:44:29
+     [cipher-aes.c]
+     fix #ifdef before #define; ok markus@
+     (RCS ID sync only, Portable already had this)
+   - markus@cvs.openbsd.org 2003/12/02 12:15:10
+     [progressmeter.c]
+     improvments from andreas@:
+     * saner speed estimate for transfers that takes less than a second by
+       rounding the time to 1 second.
+     * when the transfer is finished calculate the actual total speed
+       rather than the current speed which is given during the transfer
+   - markus@cvs.openbsd.org 2003/12/02 17:01:15
+     [channels.c session.c ssh-agent.c ssh.h sshd.c]
+     use SSH_LISTEN_BACKLOG (=128) in listen(2).
+   - djm@cvs.openbsd.org 2003/12/07 06:34:18
+     [moduli.c]
+     remove unused debugging #define templates
+   - markus@cvs.openbsd.org 2003/12/08 11:00:47
+     [kexgexc.c]
+     print requested group size in debug; ok djm
+   - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
+     [moduli.c]
+     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
+     they can't be used for Diffie-Hellman.  Assistance and ok djm@
+ - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
+
+20031208
+ - (tim) [configure.ac] Bug 770. Fix --without-rpath.
+
+20031123
+ - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own
+   function and call it unconditionally
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/11/23 23:17:34
+     [ssh-keyscan.c]
+     from portable - use sysconf to detect fd limit; ok markus@
+     (tidy diff by adding SSH_SSFDMAX macro to defines.h)
+   - djm@cvs.openbsd.org 2003/11/23 23:18:45
+     [ssh-keygen.c]
+     consistency PATH_MAX -> MAXPATHLEN; ok markus@
+     (RCS ID sync only)
+   - djm@cvs.openbsd.org 2003/11/23 23:21:21
+     [scp.c]
+     from portable: rename clashing variable limit-> limit_rate; ok markus@
+     (RCS ID sync only)
+   - dtucker@cvs.openbsd.org 2003/11/24 00:16:35
+     [ssh.1 ssh.c]
+     Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
+ - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original 
+   source file path (in OpenBSD tree).
+
+20031122
+ - (dtucker) [channels.c] Make AIX write limit code clearer.  Suggested by djm@
+ - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
+   Move AIX specific password authentication code to port-aix.c, call
+   authenticate() until reenter flag is clear.
+ - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
+   Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
+   is enabled, rely on SIA to check for locked accounts if enabled.  ok djm@
+ - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch
+ - (djm) [sftp-int.c] Remove duplicated code from bogus sync
+ - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code
+
+20031121
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/11/20 11:39:28
+     [progressmeter.c]
+     fix rounding errors; from andreas@
+   - djm@cvs.openbsd.org 2003/11/21 11:57:03
+     [everything]
+     unexpand and delete whitespace at EOL; ok markus@
+     (done locally and RCS IDs synced)
+
+20031118
+ - (djm) Fix early exit for root auth success when UsePAM=yes and 
+   PermitRootLogin=no
+ - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
+   and use it for do_pam_session.  Fixes problems like pam_motd not
+   displaying anything.  ok djm@
+ - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@
+ - (djm) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2003/11/18 00:40:05
+     [serverloop.c]
+     Correct check for authctxt->valid.  ok djm@
+   - djm@cvs.openbsd.org 2003/11/18 10:53:07
+     [monitor.c]
+     unbreak fake authloop for non-existent users (my screwup). Spotted and
+     tested by dtucker@; ok markus@
+
 20031117
  - (djm) OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2003/11/03 09:03:37
@@ -31,6 +225,27 @@
    - dtucker@cvs.openbsd.org 2003/11/12 10:12:15
      [scp.c]
      When called with -q, pass -q to ssh; suppresses SSH2 banner.  ok markus@
+   - jakob@cvs.openbsd.org 2003/11/12 16:39:58
+     [dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
+     update SSHFP validation. ok markus@
+   - jmc@cvs.openbsd.org 2003/11/12 20:14:51
+     [ssh_config.5]
+     make verb agree with subject, and kill some whitespace;
+   - markus@cvs.openbsd.org 2003/11/14 13:19:09
+     [sshconnect2.c]
+     cleanup and minor fixes for the client code; from Simon Wilkinson
+   - djm@cvs.openbsd.org 2003/11/17 09:45:39
+     [msg.c msg.h sshconnect2.c ssh-keysign.c]
+     return error on msg send/receive failure (rather than fatal); ok markus@
+   - markus@cvs.openbsd.org 2003/11/17 11:06:07
+     [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
+     [monitor_wrap.h sshconnect2.c ssh-gss.h]
+     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; 
+     test + ok jakob.
+ - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
+   conversation function
+ - (djm) Export environment variables from authentication subprocess to 
+   parent. Part of Bug #717
 
 20031115
  - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and