X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/3828f887bab608b50c5c0ca99178eb6723ab6172..0bb7755b6613813aaac3c82b3304ac94e0bc6631:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 01ed00af..8a62b761 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,190 @@
+20080518
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/04/04 05:14:38
+     [sshd_config.5]
+     ChrootDirectory is supported in Match blocks (in fact, it is most useful
+     there). Spotted by Minstrel AT minstrel.org.uk
+   - djm@cvs.openbsd.org 2008/04/04 06:44:26
+     [sshd_config.5]
+     oops, some unrelated stuff crept into that commit - backout.
+     spotted by jmc@
+   - djm@cvs.openbsd.org 2008/04/05 02:46:02
+     [sshd_config.5]
+     HostbasedAuthentication is supported under Match too
+ - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
+     [configure.ac] Implement arc4random_buf(), import implementation of
+     arc4random_uniform() from OpenBSD
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/04/13 00:22:17
+     [dh.c sshd.c]
+     Use arc4random_buf() when requesting more than a single word of output
+     Use arc4random_uniform() when the desired random number upper bound
+     is not a power of two
+     ok deraadt@ millert@
+   - djm@cvs.openbsd.org 2008/04/18 12:32:11
+     [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
+     introduce sftp extension methods statvfs@openssh.com and
+     fstatvfs@openssh.com that implement statvfs(2)-like operations,
+     based on a patch from miklos AT szeredi.hu (bz#1399)
+     also add a "df" command to the sftp client that uses the
+     statvfs@openssh.com to produce a df(1)-like display of filesystem
+     space and inode utilisation
+     ok markus@
+   - jmc@cvs.openbsd.org 2008/04/18 17:15:47
+     [sftp.1]
+     macro fixage;
+   - djm@cvs.openbsd.org 2008/04/18 22:01:33
+     [session.c]
+     remove unneccessary parentheses
+   - otto@cvs.openbsd.org 2008/04/29 11:20:31
+     [monitor_mm.h]
+     garbage collect two unused fields in struct mm_master; ok markus@
+
+20080403
+ - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
+   time warnings on LynxOS. Patch from ops AT iki.fi
+ - (djm) Force string arguments to replacement setproctitle() though
+   strnvis first. Ok dtucker@
+
+20080403
+ - (djm) OpenBSD CVS sync:
+   - markus@cvs.openbsd.org 2008/04/02 15:36:51
+     [channels.c]
+     avoid possible hijacking of x11-forwarded connections (back out 1.183)
+     CVE-2008-1483; ok djm@
+   - jmc@cvs.openbsd.org 2008/03/27 22:37:57
+     [sshd.8]
+     remove trailing whitespace;
+   - djm@cvs.openbsd.org 2008/04/03 09:50:14
+     [version.h]
+     openssh-5.0
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+   [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
+ - (djm) [README] Update link to release notes
+ - (djm) Release 5.0p1
+
+20080315
+ - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
+   empty; report and patch from Peter Stuge
+ - (djm) [regress/test-exec.sh] Silence noise from detection of putty
+   commands; report from Peter Stuge
+ - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
+   crashes when used with ChrootDirectory
+
+
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+   chroot.  Allows ChrootDirectory to work with selinux support compiled in
+   but not enabled.  Using it with selinux enabled will require some selinux
+   support inside the chroot.  "looks sane" djm@
+ - (djm) Fix RCS ident in sftp-server-main.c
+ - (djm) OpenBSD CVS sync:
+   - jmc@cvs.openbsd.org 2008/02/11 07:58:28
+     [ssh.1 sshd.8 sshd_config.5]
+     bump Mdocdate for pages committed in "febuary", necessary because
+     of a typo in rcs.c;
+   - deraadt@cvs.openbsd.org 2008/03/13 01:49:53
+     [monitor_fdpass.c]
+     Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
+     an extensive discussion with otto, kettenis, millert, and hshoexer
+   - deraadt@cvs.openbsd.org 2008/03/15 16:19:02
+     [monitor_fdpass.c]
+     Repair the simple cases for msg_controllen where it should just be
+     CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
+     of alignment; ok kettenis hshoexer
+   - djm@cvs.openbsd.org 2008/03/23 12:54:01
+     [sftp-client.c]
+     prefer POSIX-style file renaming over filexfer rename behaviour if the
+     server supports the posix-rename@openssh.com extension.
+     Note that the old (filexfer) behaviour would refuse to clobber an
+     existing file. Users who depended on this should adjust their sftp(1)
+     usage.
+     ok deraadt@ markus@
+   - deraadt@cvs.openbsd.org 2008/03/24 16:11:07
+     [monitor_fdpass.c]
+     msg_controllen has to be CMSG_SPACE so that the kernel can account for
+     each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len).  This
+     works now that kernel fd passing has been fixed to accept a bit of
+     sloppiness because of this ABI repair.
+     lots of discussion with kettenis
+   - djm@cvs.openbsd.org 2008/03/25 11:58:02
+     [session.c sshd_config.5]
+     ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
+     from dtucker@ ok deraadt@ djm@
+   - djm@cvs.openbsd.org 2008/03/25 23:01:41
+     [session.c]
+     last patch had backwards test; spotted by termim AT gmail.com
+   - djm@cvs.openbsd.org 2008/03/26 21:28:14
+     [auth-options.c auth-options.h session.c sshd.8]
+     add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
+   - djm@cvs.openbsd.org 2008/03/27 00:16:49
+     [version.h]
+     openssh-4.9
+   - djm@cvs.openbsd.org 2008/03/24 21:46:54
+     [regress/sftp-badcmds.sh]
+     disable no-replace rename test now that we prefer a POSIX rename; spotted
+     by dkrause@
+ - (djm) [configure.ac] fix alignment of --without-stackprotect description
+ - (djm) [configure.ac] --with-selinux too
+ - (djm) [regress/Makefile] cleanup PuTTY interop test droppings
+ - (djm) [README] Update link to release notes
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+   [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
+ - (djm) Release 4.9p1
+
+20080315
+ - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
+   empty; report and patch from Peter Stuge
+ - (djm) [regress/test-exec.sh] Silence noise from detection of putty
+   commands; report from Peter Stuge
+ - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
+   crashes when used with ChrootDirectory
+
+20080314
+ - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
+   vinschen at redhat.com. Add () to put echo commands in subshell for lls test
+   I mistakenly left out of last commit.
+ - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at
+   nas.nasa.gov
+
+20080313
+ - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
+   self: make changes to Makefile.in next time, not the generated Makefile).
+ - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
+   puttygen(1) by $PATH
+ - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
+   by vinschen at redhat.com.
+ - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes
+   from vinschen at redhat.com and imorgan at nas.nasa.gov
+
+20080312
+ - (djm) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2007/10/29 06:57:13
+     [regress/Makefile regress/localcommand.sh]
+     Add simple regress test for LocalCommand; ok djm@
+   - jmc@cvs.openbsd.org 2007/11/25 15:35:09
+     [regress/agent-getpeereid.sh regress/agent.sh]
+     more existant -> existent, from Martynas Venckus;
+     pfctl changes: ok henning
+     ssh changes: ok deraadt
+   - djm@cvs.openbsd.org 2007/12/12 05:04:03
+     [regress/sftp-cmds.sh]
+     unbreak lls command and add a regress test that would have caught the
+     breakage; spotted by mouring@
+     NB. sftp code change already committed.
+   - djm@cvs.openbsd.org 2007/12/21 04:13:53
+     [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
+     [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
+     basic (crypto, kex and transfer) interop regression tests against putty
+     To run these, install putty and run "make interop-tests" from the build
+     directory - the tests aren't run by default yet.
+
+20080311
+ - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
+   pam_open_session and pam_close_session into the privsep monitor, which
+   will ensure that pam_session_close is called as root.  Patch from Tomas
+   Mraz.
+
 20080309
  - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
    always work for all platforms and versions, so test what we can and
@@ -8,6 +195,9 @@
  - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
    equivalent of LLONG_MAX for the compat regression tests, which makes them
    run on AIX and HP-UX.  Patch from David Leonard.
+ - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
+   platforms where gcc understands the option but it's not supported (and
+   thus generates a warning).
 
 20080307
  - (djm) OpenBSD CVS Sync