X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/2f293d43d35185df935c5f4e39fa4a246129ecd9..135113a3d273ffea30b1867a23e9252965d3f494:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 7631769a..5c31b058 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,106 @@
+20020122
+ - (djm) autoconf hacking:
+   - We don't support --without-zlib currently, so don't allow it.
+   - Rework cryptographic random number support detection. We now detect 
+     whether OpenSSL seeds itself. If it does, then we don't bother with 
+     the ssh-rand-helper program. You can force the use of ssh-rand-helper
+     using the --with-rand-helper configure argument
+   - Simplify and clean up ssh-rand-helper configuration
+   - Add OpenSSL sanity check: verify that header version matches version
+     reported by library
+ - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/12/21 08:52:22
+     [ssh-keygen.1 ssh-keygen.c]
+     Remove default (rsa1) key type; ok markus@
+   - djm@cvs.openbsd.org 2001/12/21 08:53:45
+     [readpass.c]
+     Avoid interruptable passphrase read; ok markus@
+   - djm@cvs.openbsd.org 2001/12/21 10:06:43
+     [ssh-add.1 ssh-add.c]
+     Try all standard key files (id_rsa, id_dsa, identity) when invoked with
+     no arguments; ok markus@
+   - markus@cvs.openbsd.org 2001/12/21 12:17:33
+     [serverloop.c]
+     remove ifdef for USE_PIPES since fdin != fdout; ok djm@
+   - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
+     [ssh-add.c]
+     try all listed keys.. how did this get broken?
+   - markus@cvs.openbsd.org 2001/12/25 18:49:56
+     [key.c]
+     be more careful on allocation
+   - markus@cvs.openbsd.org 2001/12/25 18:53:00
+     [auth1.c]
+     be more carefull on allocation
+   - markus@cvs.openbsd.org 2001/12/27 18:10:29
+     [ssh-keygen.c]
+     -t is only needed for key generation (unbreaks -i, -e, etc).
+   - markus@cvs.openbsd.org 2001/12/27 18:22:16
+     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
+     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
+     call fatal() for openssl allocation failures
+   - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
+     [sshd.8]
+     clarify -p; ok markus@
+
+20020121
+ - (djm) Rework ssh-rand-helper:
+   - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
+   - Always seed from system calls, even when doing PRNGd seeding
+   - Tidy and comment #define knobs
+   - Remove unused facility for multiple runs through command list
+   - KNF, cleanup, update copyright
+
+20020114
+ - (djm) Bug #50 - make autoconf entropy path checks more robust
+
+20020108
+ - (djm) Merge Cygwin copy_environment with do_pam_environment, removing 
+   fixed env var size limit in the process. Report from Corinna Vinschen 
+   <vinschen@redhat.com>
+ - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX.  does
+   not depend on transition links.  from Lutz Jaenicke.
+
+20020106
+ - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
+   for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
+
+20020105
+ - (bal) NCR requies use_pipes to operate correctly.
+ - (stevesk) fix spurious ; from NCR change.
+
+20020103
+ - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from 
+   Roger Cornelius <rac@tenzing.org>
+
+20011229
+ - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen 
+   <vinschen@redhat.com> Could be abused to guess valid usernames
+ - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen
+   <vinschen@redhat.com>
+
+20011228
+ - (djm) Remove recommendation to use GNU make, we should support most
+   make programs.
+
+20011225
+ - (stevesk) [Makefile.in ssh-rand-helper.c]
+   portable lib and __progname support for ssh-rand-helper; ok djm@
+
+20011223
+ - (bal) Removed contrib/chroot.diff and noted in contrib/README that it
+   was not being maintained.
+
+20011222
+ - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from 
+   solar@openwall.com
+ - (djm) Rework entropy code. If the OpenSSL PRNG is has not been 
+   internally seeded, execute a subprogram "ssh-rand-helper" to obtain
+   some entropy for us. Rewrite the old in-process entropy collecter as
+   an example ssh-rand-helper.
+ - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
+   we don't end up using ssh_prng_cmds (so we always get a valid file) 
+      
 20011221
  - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
    server. I have found this necessary to avoid server hangs with X input
@@ -12,6 +115,52 @@
      [auth2.c auth2-chall.c auth.h]
      add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
      fixes memleak.
+   - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
+     [sshd.c]
+     possible fd leak on error; ok markus@
+   - markus@cvs.openbsd.org 2001/12/10 20:34:31
+     [ssh-keyscan.c]
+     check that server supports v1 for -t rsa1, report from wirth@dfki.de
+   - jakob@cvs.openbsd.org 2001/12/18 10:04:21
+     [auth.h hostfile.c hostfile.h]
+     remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
+   - jakob@cvs.openbsd.org 2001/12/18 10:05:15
+     [auth2.c]
+     log fingerprint on successful public key authentication; ok markus@
+   - jakob@cvs.openbsd.org 2001/12/18 10:06:24
+     [auth-rsa.c]
+     log fingerprint on successful public key authentication, simplify 
+     usage of key structs; ok markus@
+   - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
+     [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
+     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
+     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
+     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
+     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
+     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
+     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
+     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
+     basic KNF done while i was looking for something else
+   - markus@cvs.openbsd.org 2001/12/19 16:09:39
+     [serverloop.c]
+     fix race between SIGCHLD and select with an additional pipe.  writing
+     to the pipe on SIGCHLD wakes up select(). using pselect() is not
+     portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
+     initial idea by pmenage@ensim.com; ok deraadt@, djm@
+   - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
+     [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
+     change the buffer/packet interface to use void* vs. char*; ok markus@
+   - markus@cvs.openbsd.org 2001/12/20 16:37:29
+     [channels.c channels.h session.c]
+     setup x11 listen socket for just one connect if the client requests so.
+     (v2 only, but the openssh client does not support this feature).
+   - djm@cvs.openbsd.org 2001/12/20 22:50:24
+     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
+     [sshconnect2.c]
+     Conformance fix: we should send failing packet sequence number when
+     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
+     yakk@yakk.dot.net; ok markus@
 
 20011219
  - (stevesk) OpenBSD CVS sync X11 localhost display