X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8613120657a81cbdd2398557d31e668b5ddd2b55..ac07067ed93bf76ca93c8fe7e15cb7366159e7f1:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 37f22c3a..0e623747 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,271 @@ +20060201 + - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to + determine the user's login name - needed for regress tests on Solaris + 10 and OpenSolaris + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/02/01 09:06:50 + [sshd.8] + - merge sections on protocols 1 and 2 into a single section + - remove configuration file section + ok markus + - jmc@cvs.openbsd.org 2006/02/01 09:11:41 + [sshd.8] + small tweak; + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update versions ahead of release + - markus@cvs.openbsd.org 2006/02/01 11:27:22 + [version.h] + openssh 4.3 + +20060131 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/20 11:21:45 + [ssh_config.5] + - word change, agreed w/ markus + - consistency fixes + - jmc@cvs.openbsd.org 2006/01/25 09:04:34 + [sshd.8] + move the options description up the page, and a few additional tweaks + whilst in here; + ok markus + - jmc@cvs.openbsd.org 2006/01/25 09:07:22 + [sshd.8] + move subsections to full sections; + - jmc@cvs.openbsd.org 2006/01/26 08:47:56 + [ssh.1] + add a section on verifying host keys in dns; + written with a lot of help from jakob; + feedback dtucker/markus; + ok markus + - reyk@cvs.openbsd.org 2006/01/30 12:22:22 + [channels.c] + mark channel as write failed or dead instead of read failed on error + of the channel output filter. + ok markus@ + - jmc@cvs.openbsd.org 2006/01/30 13:37:49 + [ssh.1] + remove an incorrect sentence; + reported by roumen petrov; + ok djm markus + - djm@cvs.openbsd.org 2006/01/31 10:19:02 + [misc.c misc.h scp.c sftp.c] + fix local arbitrary command execution vulnerability on local/local and + remote/remote copies (CVE-2006-0225, bz #1094), patch by + t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ + - djm@cvs.openbsd.org 2006/01/31 10:35:43 + [scp.c] + "scp a b c" shouldn't clobber "c" when it is not a directory, report and + fix from biorn@; ok markus@ + - (djm) Sync regress tests to OpenBSD: + - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 + [regress/forwarding.sh] + Regress test for ClearAllForwardings (bz #994); ok markus@ + - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 + [regress/multiplex.sh] + Don't call cleanup in multiplex as test-exec will cleanup anyway + found by tim@, ok djm@ + NB. ID sync only, we already had this + - djm@cvs.openbsd.org 2005/05/20 23:14:15 + [regress/test-exec.sh] + force addressfamily=inet for tests, unbreaking dynamic-forward regress for + recently committed nc SOCKS5 changes + - djm@cvs.openbsd.org 2005/05/24 04:10:54 + [regress/try-ciphers.sh] + oops, new arcfour modes here too + - markus@cvs.openbsd.org 2005/06/30 11:02:37 + [regress/scp.sh] + allow SUDO=sudo; from Alexander Bluhm + - grunk@cvs.openbsd.org 2005/11/14 21:25:56 + [regress/agent-getpeereid.sh] + all other scripts in this dir use $SUDO, not 'sudo', so pull this even + ok markus@ + - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 + [regress/scp-ssh-wrapper.sh] + Fix assumption about how many args scp will pass; ok djm@ + NB. ID sync only, we already had this + - djm@cvs.openbsd.org 2006/01/27 06:49:21 + [scp.sh] + regress test for local to local scp copies; ok dtucker@ + - djm@cvs.openbsd.org 2006/01/31 10:23:23 + [scp.sh] + regression test for CVE-2006-0225 written by dtucker@ + - djm@cvs.openbsd.org 2006/01/31 10:36:33 + [scp.sh] + regress test for "scp a b c" where "c" is not a directory + +20060129 + - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the + opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ + +20060120 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/15 17:37:05 + [ssh.1] + correction from deraadt + - jmc@cvs.openbsd.org 2006/01/18 10:53:29 + [ssh.1] + add a section on ssh-based vpn, based on reyk's README.tun; + - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 + [scp.1 ssh.1 ssh_config.5 sftp.1] + Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot + #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ + +20060114 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/06 13:27:32 + [ssh.1] + weed out some duplicate info in the known_hosts FILES entries; + ok djm + - jmc@cvs.openbsd.org 2006/01/06 13:29:10 + [ssh.1] + final round of whacking FILES for duplicate info, and some consistency + fixes; + ok djm + - jmc@cvs.openbsd.org 2006/01/12 14:44:12 + [ssh.1] + split sections on tcp and x11 forwarding into two sections. + add an example in the tcp section, based on sth i wrote for ssh faq; + help + ok: djm markus dtucker + - jmc@cvs.openbsd.org 2006/01/12 18:48:48 + [ssh.1] + refer to `TCP' rather than `TCP/IP' in the context of connection + forwarding; + ok markus + - jmc@cvs.openbsd.org 2006/01/12 22:20:00 + [sshd.8] + refer to TCP forwarding, rather than TCP/IP forwarding; + - jmc@cvs.openbsd.org 2006/01/12 22:26:02 + [ssh_config.5] + refer to TCP forwarding, rather than TCP/IP forwarding; + - jmc@cvs.openbsd.org 2006/01/12 22:34:12 + [ssh.1] + back out a sentence - AUTHENTICATION already documents this; + +20060109 + - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on + tcpip service so it's always started after IP is up. Patch from + vinschen at redhat.com. + +20060106 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/03 16:31:10 + [ssh.1] + move FILES to a -compact list, and make each files an item in that list. + this avoids nastly line wrap when we have long pathnames, and treats + each file as a separate item; + remove the .Pa too, since it is useless. + - jmc@cvs.openbsd.org 2006/01/03 16:35:30 + [ssh.1] + use a larger width for the ENVIRONMENT list; + - jmc@cvs.openbsd.org 2006/01/03 16:52:36 + [ssh.1] + put FILES in some sort of order: sort by pathname + - jmc@cvs.openbsd.org 2006/01/03 16:55:18 + [ssh.1] + tweak the description of ~/.ssh/environment + - jmc@cvs.openbsd.org 2006/01/04 18:42:46 + [ssh.1] + chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES + entries; + ok markus + - jmc@cvs.openbsd.org 2006/01/04 18:45:01 + [ssh.1] + remove .Xr's to rsh(1) and telnet(1): they are hardly needed; + - jmc@cvs.openbsd.org 2006/01/04 19:40:24 + [ssh.1] + +.Xr ssh-keyscan 1 , + - jmc@cvs.openbsd.org 2006/01/04 19:50:09 + [ssh.1] + -.Xr gzip 1 , + - djm@cvs.openbsd.org 2006/01/05 23:43:53 + [misc.c] + check that stdio file descriptors are actually closed before clobbering + them in sanitise_stdfd(). problems occurred when a lower numbered fd was + closed, but higher ones weren't. spotted by, and patch tested by + Frédéric Olivié + +20060103 + - (djm) [channels.c] clean up harmless merge error, from reyk@ + +20060103 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/02 17:09:49 + [ssh_config.5 sshd_config.5] + some corrections from michael knudsen; + +20060102 + - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/12/31 10:46:17 + [ssh.1] + merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER + AUTHENTICATION" sections into "AUTHENTICATION"; + some rewording done to make the text read better, plus some + improvements from djm; + ok djm + - jmc@cvs.openbsd.org 2005/12/31 13:44:04 + [ssh.1] + clean up ENVIRONMENT a little; + - jmc@cvs.openbsd.org 2005/12/31 13:45:19 + [ssh.1] + .Nm does not require an argument; + - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 + [includes.h misc.c] + move ; ok djm@ + - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 + [misc.c] + no trailing "\n" for debug() + - djm@cvs.openbsd.org 2006/01/02 01:20:31 + [sftp-client.c sftp-common.h sftp-server.c] + use a common max. packet length, no binary change + - reyk@cvs.openbsd.org 2006/01/02 07:53:44 + [misc.c] + clarify tun(4) opening - set the mode and bring the interface up. also + (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. + suggested and ok by djm@ + - jmc@cvs.openbsd.org 2006/01/02 12:31:06 + [ssh.1] + start to cut some duplicate info from FILES; + help/ok djm + +20060101 + - (djm) [Makefile.in configure.ac includes.h misc.c] + [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support + for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is + limited to IPv4 tunnels only, and most versions don't support the + tap(4) device at all. + - (djm) [configure.ac] Fix linux/if_tun.h test + - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too + +20051229 + - (djm) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 + [canohost.c channels.c clientloop.c] + use 'break-in' for consistency; ok deraadt@ ok and input jmc@ + - reyk@cvs.openbsd.org 2005/12/30 15:56:37 + [channels.c channels.h clientloop.c] + add channel output filter interface. + ok djm@, suggested by markus@ + - jmc@cvs.openbsd.org 2005/12/30 16:59:00 + [sftp.1] + do not suggest that interactive authentication will work + with the -b flag; + based on a diff from john l. scarfone; + ok djm + - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 + [ssh.1] + document -MM; ok djm@ + - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] + [serverloop.c ssh.c openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding + compatability support for Linux, diff from reyk@ + - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does + not exist + - (djm) [configure.ac] oops, make that linux/if_tun.h + +20051229 + - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd + 20051224 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2005/12/20 21:59:43 @@ -40,6 +308,13 @@ - note that -I is only available if support compiled in, and that it isn't by default feedback/ok djm@ + - jmc@cvs.openbsd.org 2005/12/23 23:46:23 + [ssh.1] + less mark up for -c; + - djm@cvs.openbsd.org 2005/12/24 02:27:41 + [session.c sshd.c] + eliminate some code duplicated in privsep and non-privsep paths, and + explicitly clear SIGALRM handler; "groovy" deraadt@ 20051220 - (dtucker) OpenBSD CVS Sync