X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8a4c4ee4e710c79d1f008e51715515b5f33b0aea..d9bc3cde7dca4052eabd769af1ca688595213a1a:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 50c97422..f659f570 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,233 @@ +20050306 + - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor + when attempting to audit disconnect events. Reported by Phil Dibowitz. + +20050305 + - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch + from vinschen at redhat.com + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/02 11:45:01 + [ssh.1] + missing word; + - djm@cvs.openbsd.org 2005/03/04 08:48:06 + [readconf.c] + fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ + +20050302 + - (djm) OpenBSD CVS sync: + - jmc@cvs.openbsd.org 2005/03/01 14:47:58 + [ssh.1] + remove some unneccesary macros; + do not mark up punctuation; + - jmc@cvs.openbsd.org 2005/03/01 14:55:23 + [ssh_config.5] + do not mark up punctuation; + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 14:59:49 + [sshd.8] + new sentence, new line; + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:05:00 + [ssh-keygen.1] + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:47:14 + [ssh-keyscan.1 ssh-keyscan.c] + sort options and sync usage(); + - jmc@cvs.openbsd.org 2005/03/01 17:19:35 + [scp.1 sftp.1] + add HashKnownHosts to -o list; + ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:22:06 + [ssh.c] + sync usage() w/ man SYNOPSIS; + ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:32:19 + [ssh-add.1] + sort options; + - jmc@cvs.openbsd.org 2005/03/01 18:15:56 + [ssh-keygen.1] + sort options (no attempt made at synopsis clean up though); + spelling (occurance -> occurrence); + use prompt before examples; + grammar; + - djm@cvs.openbsd.org 2005/03/02 01:00:06 + [sshconnect.c] + fix addition of new hashed hostnames when CheckHostIP=yes; + found and ok dtucker@ + - djm@cvs.openbsd.org 2005/03/02 01:27:41 + [ssh-keygen.c] + ignore hostnames with metachars when hashing; ok deraadt@ + - djm@cvs.openbsd.org 2005/03/02 02:21:07 + [ssh.1] + bz#987: mention ForwardX11Trusted in ssh.1, + reported by andrew.benham AT thus.net; ok deraadt@ + - (tim) [regress/agent-ptrace.sh] add another possible gdb error. + +20050301 + - (djm) OpenBSD CVS sync: + - otto@cvs.openbsd.org 2005/02/16 09:56:44 + [ssh.c] + Better diagnostic if an identity file is not accesible. ok markus@ djm@ + - djm@cvs.openbsd.org 2005/02/18 03:05:53 + [canohost.c] + better error messages for getnameinfo failures; ok dtucker@ + - djm@cvs.openbsd.org 2005/02/20 22:59:06 + [sftp.c] + turn on ssh batch mode when in sftp batch mode, patch from + jdmossh AT nand.net; + ok markus@ + - jmc@cvs.openbsd.org 2005/02/25 10:55:13 + [sshd.8] + add /etc/motd and $HOME/.hushlogin to FILES; + from michael knudsen; + - djm@cvs.openbsd.org 2005/02/28 00:54:10 + [ssh_config.5] + bz#849: document timeout on untrusted x11 forwarding sessions. Reported by + orion AT cora.nwra.com; ok markus@ + - djm@cvs.openbsd.org 2005/03/01 10:09:52 + [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] + [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] + [sshd_config.5] + bz#413: allow optional specification of bind address for port forwardings. + Patch originally by Dan Astorian, but worked on by several people + Adds GatewayPorts=clientspecified option on server to allow remote + forwards to bind to client-specified ports. + - djm@cvs.openbsd.org 2005/03/01 10:40:27 + [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] + [sshconnect.c sshd.8] + add support for hashing host names and addresses added to known_hosts + files, to improve privacy of which hosts user have been visiting; ok + markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:41:28 + [ssh-keyscan.1 ssh-keyscan.c] + option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:42:49 + [ssh-keygen.1 ssh-keygen.c ssh_config.5] + add tools for managing known_hosts files with hashed hostnames, including + hashing existing files and deleting hosts by name; ok markus@ deraadt@ + +20050226 + - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] + Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] + Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any + more. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the + binaries without the config files. Primarily useful for packaging. + Patch from phil at usc.edu. ok djm@ + +20050224 + - (djm) [configure.ac] in_addr_t test needs sys/types.h too + +20050222 + - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from + vinschen at redhat.com. + +20050220 + - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac + defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure + --with-audit=bsm to enable. Patch originally from Sun Microsystems, + parts by John R. Jackson. ok djm@ + - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes + unrelated platforms to be configured incorrectly. + +20050216 + - (djm) write seed to temporary file and atomically rename into place; + ok dtucker@ + - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called + via mkstemp in some configurations. ok djm@ + - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined + by the system headers. + - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant + Unix; prevents problems relating to the location of -lresolv in the + link order. + - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic + authentication early enough to be available to PAM session modules when + privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam + Hartman and similar to Debian's ssh-krb5 package. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more + compiler warnings on AIX. + +20050215 + - (dtucker) [config.sh.in] Collect oslevel -r too. + - (dtucker) [README.platform auth.c configure.ac loginrec.c + openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 + on AIX where possible (see README.platform for details) and work around + a misfeature of AIX's getnameinfo. ok djm@ + - (dtucker) [loginrec.c] Add missing #include. + +20050211 + - (dtucker) [configure.ac] Tidy up configure --help output. + - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. + +20050210 + - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the + --disable-etc-default-login configure option. + +20050209 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 + [ssh_config] + Make it clear that the example entries in ssh_config are only some of the + commonly-used options and refer the user to ssh_config(5) for more + details; ok djm@ + - jmc@cvs.openbsd.org 2005/01/28 15:05:43 + [ssh_config.5] + grammar; + - jmc@cvs.openbsd.org 2005/01/28 18:14:09 + [ssh_config.5] + wording; + ok markus@ + - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 + [monitor.c] + Make code match intent; ok djm@ + - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 + [sshd.c] + Provide reason in error message if getnameinfo fails; ok markus@ + - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call + disable_forwarding() from compat library. Prevent linker errrors trying + to resolve it for binaries other than sshd. ok djm@ + - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir + paths. ok djm@ + - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require + the username to be passed to the passwd command when changing expired + passwords. ok djm@ + +20050208 + - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the + regress tests so newer versions of GNU head(1) behave themselves. Patch + by djm, so ok me. + - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. + - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c + monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit + defines and enums with SSH_ to prevent namespace collisions on some + platforms (eg AIX). + +20050204 + - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. + - (dtucker) [auth.c] Fix parens in audit log check. + +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ + - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child + the process. Since we also unset KRB5CCNAME at startup, if it's set after + authentication it must have been set by the platform's native auth system. + This was already done for AIX; this enables it for the general case. + - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] + Bug #974: Teach sshd to write failed login records to btmp for failed auth + attempts (currently only for password, kbdint and C/R, only on Linux and + HP-UX), based on code from login.c from util-linux. With ashok_kovai at + hotmail.com, ok djm@ + - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c + monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: + (first stage) Add audit instrumentation to sshd, currently disabled by + default. with suggestions from and ok djm@ + 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some platforms syslog will revert to its default values. This may result in