X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8c5a3b272b71ee508072c2e4f8147d9877aa6898..665ca99688b93d0558967872fcd593cfab334477:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index ad024b46..42b6a8b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,140 @@
+20070628
+ - (djm) bz#1325: Fix SELinux in permissive mode where it would
+   incorrectly fatal() on errors. patch from cjwatson AT debian.org;
+   ok dtucker
+
+20070625
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2007/06/13 00:21:27
+     [scp.c]
+     don't ftruncate() non-regular files; bz#1236 reported by wood AT
+     xmission.com; ok dtucker@
+   - djm@cvs.openbsd.org 2007/06/14 21:43:25
+     [ssh.c]
+     handle EINTR when waiting for mux exit status properly
+   - djm@cvs.openbsd.org 2007/06/14 22:48:05
+     [ssh.c]
+     when waiting for the multiplex exit status, read until the master end
+     writes an entire int of data *and* closes the client_fd; fixes mux
+     regression spotted by dtucker, ok dtucker@
+   - djm@cvs.openbsd.org 2007/06/19 02:04:43
+     [atomicio.c]
+     if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
+     avoid a spin if it is not yet ready for reading/writing; ok dtucker@
+   - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
+     [channels.c]
+     Correct test for window updates every three packets; prevents sending
+     window updates for every single packet.  ok markus@
+   - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
+     [atomicio.c]
+     Include <poll.h> like the man page says rather than <sys/poll.h>.  ok djm@
+ - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
+   atomicio.
+ - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
+   openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
+   Add an implementation of poll() built on top of select(2).  Code from
+   OpenNTPD with changes suggested by djm.  ok djm@
+
+20070614
+ - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
+   USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
+   shared with umac.c.  Allows building with OpenSSL 0.9.5 again including
+   umac support.  With tim@ djm@, ok djm.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
+   sections.  Fixes builds with early OpenSSL 0.9.6 versions.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
+   of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
+   subsequent <0.9.7 test.
+
+20070612
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2007/06/11 09:14:00
+     [channels.h]
+     increase default channel windows; ok djm
+   - djm@cvs.openbsd.org 2007/06/12 07:41:00
+     [ssh-add.1]
+     better document ssh-add's -d option (delete identies from agent), bz#1224
+     new text based on some provided by andrewmc-debian AT celt.dias.ie;
+     ok dtucker@
+   - djm@cvs.openbsd.org 2007/06/12 08:20:00
+     [ssh-gss.h gss-serv.c gss-genr.c]
+     relocate server-only GSSAPI code from libssh to server; bz #1225
+     patch from simon AT sxw.org.uk; ok markus@ dtucker@
+   - djm@cvs.openbsd.org 2007/06/12 08:24:20
+     [scp.c]
+     make scp try to skip FIFOs rather than blocking when nothing is listening.
+     depends on the platform supporting sane O_NONBLOCK semantics for open
+     on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
+     bz #856; report by cjwatson AT debian.org; ok markus@
+   - djm@cvs.openbsd.org 2007/06/12 11:11:08
+     [ssh.c]
+     fix slave exit value when a control master goes away without passing the
+     full exit status by ensuring that the slave reads a full int. bz#1261
+     reported by frekko AT gmail.com; ok markus@ dtucker@
+   - djm@cvs.openbsd.org 2007/06/12 11:15:17
+     [ssh.c ssh.1]
+     Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
+     GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
+     and is useful for hosts with /home on Kerberised NFS; bz #1312
+     patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
+   - djm@cvs.openbsd.org 2007/06/12 11:45:27
+     [ssh.c]
+     improved exit message from multiplex slave sessions; bz #1262
+     reported by alexandre.nunes AT gmail.com; ok dtucker@
+   - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
+     [gss-genr.c]
+     Pass GSS OID to gss_display_status to provide better information in
+     error messages.  Patch from Simon Wilkinson via bz 1220.  ok djm@
+   - jmc@cvs.openbsd.org 2007/06/12 13:41:03
+     [ssh-add.1]
+     identies -> identities;
+   - jmc@cvs.openbsd.org 2007/06/12 13:43:55
+     [ssh.1]
+     add -K to SYNOPSIS;
+   - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
+     [scp.c]
+     Encode filename with strnvis if the name contains a newline (which can't
+     be represented in the scp protocol), from bz #891.  ok markus@
+
+20070611
+ - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
+   fix; tested by dtucker@ and jochen.kirn AT gmail.com
+   - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
+     [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
+     [ssh_config.5 sshd.8 sshd_config.5]
+     Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
+     must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
+     compared to hmac-md5. Represents a different approach to message
+     authentication to that of HMAC that may be beneficial if HMAC based on
+     one of its underlying hash algorithms is found to be vulnerable to a
+     new attack.  http://www.ietf.org/rfc/rfc4418.txt
+     in conjunction with and OK djm@
+   - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
+     [ssh_config]
+     Add a "MACs" line after "Ciphers" with the default MAC algorithms,
+     to ease people who want to tweak both (eg. for performance reasons).
+     ok deraadt@ djm@ dtucker@
+   - jmc@cvs.openbsd.org 2007/06/08 07:43:46
+     [ssh_config.5]
+     put the MAC list into a display, like we do for ciphers,
+     since groff has trouble handling wide lines;
+   - jmc@cvs.openbsd.org 2007/06/08 07:48:09
+     [sshd_config.5]
+     oops, here too: put the MAC list into a display, like we do for
+     ciphers, since groff has trouble with wide lines;
+   - markus@cvs.openbsd.org 2007/06/11 08:04:44
+     [channels.c]
+     send 'window adjust' messages every tree packets and do not wait
+     until 50% of the window is consumed.  ok djm dtucker
+ - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
+   fallback to provided bit-swizzing functions
+ - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
+   argument to nanosleep may be NULL.  Currently this never happens in OpenSSH,
+   but check anyway in case this changes or the code gets used elsewhere.
+ - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H.  Should
+   prevent warnings about redefinitions of various things in paths.h.
+   Spotted by cartmanltd at hotmail.com.
+
 20070605
  - (dtucker) OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2007/05/22 10:18:52
@@ -28,6 +165,7 @@
    OpenBSD's cvs now adds.
  - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
    mindrot's cvs doesn't expand it on us.
+ - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
 
 20070520
  - (dtucker) OpenBSD CVS Sync