X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/5b7b5e23fcd79801e9d0335482686cba928d0f24..fd6168c16c215c69869f078920ee7ffd69606c49:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index e3ae468d..bab6e22f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,228 @@
+20051003
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2005/09/07 08:53:53
+     [channels.c]
+     enforce chanid != NULL; ok djm
+   - markus@cvs.openbsd.org 2005/09/09 19:18:05
+     [clientloop.c]
+     typo; from mark at mcs.vuw.ac.nz, bug #1082
+   - djm@cvs.openbsd.org 2005/09/13 23:40:07
+     [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+     ensure that stdio fds are attached; ok deraadt@
+
+20050930
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
+   for strtoll.  Patch from o.flebbe at science-computing.de.
+ - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
+   child during PAM account check without clearing it.  This restores the
+   post-login warnings such as LDAP password expiry.  Patch from Tomas Mraz
+   with help from several others.
+
+20050929
+ - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
+   introduced during sync.
+
+20050928
+ - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
+ - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
+   PAM via keyboard-interactive.  Patch tested by the folks at Vintela.
+
+20050927
+ - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
+   calls, since they can't possibly fail.  ok djm@
+ - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
+   process when sshd relies on ssh-random-helper.  Should result in faster
+   logins on systems without a real random device or prngd.  ok djm@
+
+20050924
+ - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
+   duplicate call.  ok djm@
+
+20050922
+ - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
+   skeleten at shillest.net.
+ - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
+   shillest.net.
+
+20050919
+ - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
+   AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
+   ok dtucker@
+
+20050912
+ - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
+   Mike Frysinger.
+
+20050908
+ - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
+   OpenServer 6 and add osr5bigcrypt support so when someone migrates
+   passwords between UnixWare and OpenServer they will still work. OK dtucker@
+
+20050901
+ - (djm) Update RPM spec file versions
+
+20050831
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2005/08/30 22:08:05
+     [gss-serv.c sshconnect2.c]
+     destroy credentials if krb5_kuserok() call fails. Stops credentials being
+     delegated to users who are not authorised for GSSAPIAuthentication when
+     GSSAPIDeletegateCredentials=yes and another authentication mechanism 
+     succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by 
+     simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
+   - markus@cvs.openbsd.org 2005/08/31 09:28:42
+     [version.h]
+     4.2
+ - (dtucker) [README] Update release note URL to 4.2
+ - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
+   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
+   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
+   Feedback and OK dtucker@
+
+20050830
+ - (tim) [configure.ac] Back out last change. It needs to be done differently.
+
+20050829
+ - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
+   password support to 7.x for now.
+
+20050826
+ - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
+   openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
+   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
+   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
+   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
+   by tim@. Feedback and OK dtucker@
+
+20050823
+ - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
+   qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
+   and "//foo" to be different.  Spotted by vinschen at redhat.com.
+ - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
+   and OK dtucker@
+ - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
+
+20050821
+ - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
+   LynxOS, patch from Olli Savia (ops at iki.fi).  ok djm@
+
+20050816
+ - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
+   from Jacob Nevins; ok dtucker@
+
+20050815
+ - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
+ - (tim) [configure.ac] corrections to libedit tests. Report and patches
+   by skeleten AT shillest.net
+
+20050812
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2005/07/28 17:36:22
+     [packet.c]
+     missing packet_init_compression(); from solar
+   - djm@cvs.openbsd.org 2005/07/30 01:26:16
+     [ssh.c]
+     fix -D listen_host initialisation, so it picks up gateway_ports setting
+     correctly
+   - djm@cvs.openbsd.org 2005/07/30 02:03:47
+     [readconf.c]
+     listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
+   - dtucker@cvs.openbsd.org 2005/08/06 10:03:12
+     [servconf.c]
+     Unbreak sshd ListenAddress for bare IPv6 addresses.
+     Report from Janusz Mucka; ok djm@
+   - jaredy@cvs.openbsd.org 2005/08/08 13:22:48
+     [sftp.c]
+     sftp prompt enhancements:
+     - in non-interactive mode, do not print an empty prompt at the end
+       before finishing
+     - print newline after EOF in editline mode
+     - call el_end() in editline mode
+     ok dtucker djm
+
+20050810
+ - (dtucker) [configure.ac] Test libedit library and headers for compatibility.
+   Report from skeleten AT shillest.net, ok djm@
+ - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
+   Sync current (thread-safe) version of realpath.c from OpenBSD (which is
+   in turn based on FreeBSD's).  ok djm@
+
+20050809
+ - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
+   Report by skeleten AT shillest.net
+
+20050803
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
+   individually and use a value less likely to collide with real values from
+   netdb.h.  Fixes compile warnings on FreeBSD 5.3.  ok djm@
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
+   latter is specified in the standard.
+
+20050802
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2005/07/27 10:39:03
+     [scp.c hostfile.c sftp-client.c]
+     Silence bogus -Wuninitialized warnings; ok djm@
+ - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
+   with gcc.  ok djm@
+ - (dtucker) [configure.ac] Add a --with-Werror option to configure for
+   adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
+
+20050726
+ - (dtucker) [configure.ac] Update zlib warning message too, pointed out by
+   tim@.
+ - (djm) OpenBSD CVS Sync
+   - otto@cvs.openbsd.org 2005/07/19 15:32:26
+     [auth-passwd.c]
+     auth_usercheck(3) can return NULL, so check for that. Report from
+     mpech@. ok markus@
+   - markus@cvs.openbsd.org 2005/07/25 11:59:40
+     [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
+     [sshconnect2.c sshd.c sshd_config sshd_config.5]
+     add a new compression method that delays compression until the user
+     has been authenticated successfully and set compression to 'delayed'
+     for sshd.
+     this breaks older openssh clients (< 3.5) if they insist on
+     compression, so you have to re-enable compression in sshd_config.
+     ok djm@
+
+20050725
+ - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
+
+20050717
+- OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2005/07/16 01:35:24
+     [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
+     [sshconnect.c]
+     spacing
+ - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
+   [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL 
+   in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
+ - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
+   - djm@cvs.openbsd.org 2005/07/17 06:49:04
+     [channels.c channels.h session.c session.h]
+     Fix a number of X11 forwarding channel leaks:
+     1. Refuse multiple X11 forwarding requests on the same session
+     2. Clean up all listeners after a single_connection X11 forward, not just
+        the one that made the single connection
+     3. Destroy X11 listeners when the session owning them goes away
+     testing and ok dtucker@
+   - djm@cvs.openbsd.org 2005/07/17 07:17:55
+     [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
+     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
+     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
+     [sshconnect.c sshconnect2.c]
+     knf says that a 2nd level indent is four (not three or five) spaces
+ -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
+  [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
+ - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
+ 
+20050716
+ - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
+   socketpair stays open on in both the monitor and PAM process.  Patch from
+   Joerg Sonnenberger.
+
 20050714
  - (dtucker) OpenBSD CVS Sync
    - dtucker@cvs.openbsd.org 2005/07/06 09:33:05