X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8c1cb72e027356d5fcf5bfa41398194a739e1a83..c33de4d8d1cb036efb34a779c995eade9277247f:/ChangeLog diff --git a/ChangeLog b/ChangeLog index 070f8e15..0cef3d29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,186 @@ +20070605 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2007/05/22 10:18:52 + [sshd.c] + zap double include; from p_nowaczyk AT o2.pl + (not required in -portable, Id sync only) + +20070520 + - (dtucker) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2007/04/14 22:01:58 + [auth2.c] + remove unused macro; from Dmitry V. Levin + - stevesk@cvs.openbsd.org 2007/04/18 01:12:43 + [sftp-server.c] + cast "%llu" format spec to (unsigned long long); do not assume a + u_int64_t arg is the same as 'unsigned long long'. + from Dmitry V. Levin + ok markus@ 'Yes, that looks correct' millert@ + - dtucker@cvs.openbsd.org 2007/04/23 10:15:39 + [servconf.c] + Remove debug() left over from development. ok deraadt@ + - djm@cvs.openbsd.org 2007/05/17 07:50:31 + [log.c] + save and restore errno when logging; ok deraadt@ + - djm@cvs.openbsd.org 2007/05/17 07:55:29 + [sftp-server.c] + bz#1286 stop reading and processing commands when input or output buffer + is nearly full, otherwise sftp-server would happily try to grow the + input/output buffers past the maximum supported by the buffer API and + promptly fatal() + based on patch from Thue Janus Kristensen; feedback & ok dtucker@ + - djm@cvs.openbsd.org 2007/05/17 20:48:13 + [sshconnect2.c] + fall back to gethostname() when the outgoing connection is not + on a socket, such as is the case when ProxyCommand is used. + Gives hostbased auth an opportunity to work; bz#616, report + and feedback stuart AT kaloram.com; ok markus@ + - djm@cvs.openbsd.org 2007/05/17 20:52:13 + [monitor.c] + pass received SIGINT from monitor to postauth child so it can clean + up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; + ok markus@ + - jolan@cvs.openbsd.org 2007/05/17 23:53:41 + [sshconnect2.c] + djm owes me a vb and a tism cd for breaking ssh compilation + - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from + ldv at altlinux.org. + - (dtucker) [auth-pam.c] Return empty string if fgets fails in + sshpam_tty_conv. Patch from ldv at altlinux.org. + +20070509 + - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h. + +20070429 + - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h + for select(2) prototype. + - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. + - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the + platform's _res if it has one. Should fix problem of DNSSEC record lookups + on NetBSD as reported by Curt Sampson. + - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. + - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS + so we don't get redefinition warnings. + - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. + - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__ + __nonnull__ for versions of GCC that don't support it. + - (dtucker) [configure.ac defines.h] Have configure check for offsetof + to prevent redefinition warnings. + +20070406 + - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link + to OpenPAM too. + - (dtucker) [INSTALL] prngd lives at sourceforge these days. + +20070326 + - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c + openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines + to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@ + +20070325 + - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX, + LIBWRAP and LIBPAM variables in Makefile with the general-purpose + SSHDLIBS. "I like" djm@ + +20070321 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/03/09 05:20:06 + [servconf.c sshd.c] + Move C/R -> kbdint special case to after the defaults have been + loaded, which makes ChallengeResponse default to yes again. This + was broken by the Match changes and not fixed properly subsequently. + Found by okan at demirmen.com, ok djm@ "please do it" deraadt@ + - djm@cvs.openbsd.org 2007/03/19 01:01:29 + [sshd_config] + Disable the legacy SSH protocol 1 for new installations via + a configuration override. In the future, we will change the + server's default itself so users who need the legacy protocol + will need to turn it on explicitly + - dtucker@cvs.openbsd.org 2007/03/19 12:16:42 + [ssh-agent.c] + Remove the signal handler that checks if the agent's parent process + has gone away, instead check when the select loop returns. Record when + the next key will expire when scanning for expired keys. Set the select + timeout to whichever of these two things happens next. With djm@, with & + ok deraadt@ markus@ + - tedu@cvs.openbsd.org 2007/03/20 03:56:12 + [readconf.c clientloop.c] + remove some bogus *p tests from charles longeau + ok deraadt millert + - jmc@cvs.openbsd.org 2007/03/20 15:57:15 + [sshd.8] + - let synopsis and description agree for -f + - sort FILES + - +.Xr ssh-keyscan 1 , + from Igor Sobrado + - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use + getpeerucred to implement getpeereid (currently only Solaris 10 and up). + Patch by Jan.Pechanec at Sun. + - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have + HAVE_GETPEERUCRED too. Also from Jan Pechanec. + +20070313 + - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include + string.h to prevent warnings, from vapier at gentoo.org. + - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the + selinux bits in -portable. + - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in + bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h + in cipher-bf1.c. Patch from Juan Gallego. + - (dtucker) [README.platform] Info about blibpath on AIX. + +20070306 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2007/03/01 16:19:33 + [sshd_config.5] + sort the `match' keywords; + - djm@cvs.openbsd.org 2007/03/06 10:13:14 + [version.h] + openssh-4.6; "please" deraadt@ + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] crank spec files for release + - (djm) [README] correct link to release notes + - (djm) Release 4.6p1 + +20070304 + - (djm) [configure.ac] add a --without-openssl-header-check option to + configure, as some platforms (OS X) ship OpenSSL headers whose version + does not match that of the shipping library. ok dtucker@ + - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a + bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 + ciphers from working correctly (disconnects with "Bad packet length" + errors) as found by Ben Harris. ok djm@ + +20070303 + - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more + general to cover newer gdb versions on HP-UX. + +20070302 + - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows + CRLF as well as LF lineendings) and write in binary mode. Patch from + vinschen at redhat.com. + - (dtucker) [INSTALL] Update to autoconf-2.61. + +20070301 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 + [auth2.c sshd_config.5 servconf.c] + Remove ChallengeResponseAuthentication support inside a Match + block as its interaction with KbdInteractive makes it difficult to + support. Also, relocate the CR/kbdint option special-case code into + servconf. "please commit" djm@, ok markus@ for the relocation. + - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits. + "Looks sane" dtucker@ + +20070228 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 + [ssh-agent.c] + Remove expired keys periodically so they don't remain in memory when + the agent is entirely idle, as noted by David R. Piegdon. This is the + simple fix, a more efficient one will be done later. With markus, + deraadt, with & ok djm. + 20070225 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2007/02/20 10:25:14