X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/8f4ab41b676651280207fbb6721f5a57dbdf9031..879abf012ee720fe198d498add6b470a097b10b0:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index bf894ecc..fc67023c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,277 @@
+20050816
+ - (djm) [ttymodes.c] bugzilla #1054: Fix encoding of _POSIX_VDISABLE,
+   from Jacob Nevins; ok dtucker@
+
+20050815
+ - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
+ - (tim) [configure.ac] corrections to libedit tests. Report and patches
+   by skeleten AT shillest.net
+
+20050812
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2005/07/28 17:36:22
+     [packet.c]
+     missing packet_init_compression(); from solar
+   - djm@cvs.openbsd.org 2005/07/30 01:26:16
+     [ssh.c]
+     fix -D listen_host initialisation, so it picks up gateway_ports setting
+     correctly
+   - djm@cvs.openbsd.org 2005/07/30 02:03:47
+     [readconf.c]
+     listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
+   - dtucker@cvs.openbsd.org 2005/08/06 10:03:12
+     [servconf.c]
+     Unbreak sshd ListenAddress for bare IPv6 addresses.
+     Report from Janusz Mucka; ok djm@
+   - jaredy@cvs.openbsd.org 2005/08/08 13:22:48
+     [sftp.c]
+     sftp prompt enhancements:
+     - in non-interactive mode, do not print an empty prompt at the end
+       before finishing
+     - print newline after EOF in editline mode
+     - call el_end() in editline mode
+     ok dtucker djm
+
+20050810
+ - (dtucker) [configure.ac] Test libedit library and headers for compatibility.
+   Report from skeleten AT shillest.net, ok djm@
+ - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
+   Sync current (thread-safe) version of realpath.c from OpenBSD (which is
+   in turn based on FreeBSD's).  ok djm@
+
+20050809
+ - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
+   Report by skeleten AT shillest.net
+
+20050803
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
+   individually and use a value less likely to collide with real values from
+   netdb.h.  Fixes compile warnings on FreeBSD 5.3.  ok djm@
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
+   latter is specified in the standard.
+
+20050802
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2005/07/27 10:39:03
+     [scp.c hostfile.c sftp-client.c]
+     Silence bogus -Wuninitialized warnings; ok djm@
+ - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
+   with gcc.  ok djm@
+ - (dtucker) [configure.ac] Add a --with-Werror option to configure for
+   adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
+
+20050726
+ - (dtucker) [configure.ac] Update zlib warning message too, pointed out by
+   tim@.
+ - (djm) OpenBSD CVS Sync
+   - otto@cvs.openbsd.org 2005/07/19 15:32:26
+     [auth-passwd.c]
+     auth_usercheck(3) can return NULL, so check for that. Report from
+     mpech@. ok markus@
+   - markus@cvs.openbsd.org 2005/07/25 11:59:40
+     [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
+     [sshconnect2.c sshd.c sshd_config sshd_config.5]
+     add a new compression method that delays compression until the user
+     has been authenticated successfully and set compression to 'delayed'
+     for sshd.
+     this breaks older openssh clients (< 3.5) if they insist on
+     compression, so you have to re-enable compression in sshd_config.
+     ok djm@
+
+20050725
+ - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
+
+20050717
+- OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2005/07/16 01:35:24
+     [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
+     [sshconnect.c]
+     spacing
+ - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
+   [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL 
+   in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
+ - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
+   - djm@cvs.openbsd.org 2005/07/17 06:49:04
+     [channels.c channels.h session.c session.h]
+     Fix a number of X11 forwarding channel leaks:
+     1. Refuse multiple X11 forwarding requests on the same session
+     2. Clean up all listeners after a single_connection X11 forward, not just
+        the one that made the single connection
+     3. Destroy X11 listeners when the session owning them goes away
+     testing and ok dtucker@
+   - djm@cvs.openbsd.org 2005/07/17 07:17:55
+     [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
+     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
+     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
+     [sshconnect.c sshconnect2.c]
+     knf says that a 2nd level indent is four (not three or five) spaces
+ -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
+  [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
+ - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
+ 
+20050716
+ - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
+   socketpair stays open on in both the monitor and PAM process.  Patch from
+   Joerg Sonnenberger.
+
+20050714
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2005/07/06 09:33:05
+     [ssh.1]
+     clarify meaning of ssh -b ; with & ok jmc@
+   - dtucker@cvs.openbsd.org 2005/07/08 09:26:18
+     [misc.c]
+     Make comment match code; ok djm@
+   - markus@cvs.openbsd.org 2005/07/08 09:41:33
+     [channels.h]
+     race when efd gets closed while there is still buffered data:
+     change CHANNEL_EFD_OUTPUT_ACTIVE()
+        1) c->efd must always be valid AND
+        2a) no EOF has been seen OR
+        2b) there is buffered data
+     report, initial fix and testing Chuck Cranor
+   - dtucker@cvs.openbsd.org 2005/07/08 10:20:41
+     [ssh_config.5]
+     change BindAddress to match recent ssh -b change; prompted by markus@
+   - jmc@cvs.openbsd.org 2005/07/08 12:53:10
+     [ssh_config.5]
+     new sentence, new line;
+   - dtucker@cvs.openbsd.org 2005/07/14 04:00:43
+     [misc.h]
+     use __sentinel__ attribute; ok deraadt@ djm@ markus@
+ - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
+   compiler doesn't understand it to prevent warnings.  If any mainstream
+   compiler versions acquire it we can test for those versions.  Based on
+   discussion with djm@.
+
+20050707
+ - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
+   the MIT Kerberos code path into a common function and expand mkstemp
+   template to be consistent with the rest of OpenSSH.  From sxw at
+   inf.ed.ac.uk, ok djm@
+ - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
+   in the case where the buffer is insufficient, so always return ENOMEM.
+   Also pointed out by sxw at inf.ed.ac.uk.
+ - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
+   calls to krb5_init_ets, which has not been required since krb-1.1.x and
+   most Kerberos versions no longer export in their public API.  From sxw
+   at inf.ed.ac.uk, ok djm@
+
+20050706
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2005/07/01 13:19:47
+     [channels.c]
+     don't free() if getaddrinfo() fails; report mpech@
+   - djm@cvs.openbsd.org 2005/07/04 00:58:43
+     [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
+     implement support for X11 and agent forwarding over multiplex slave
+     connections. Because of protocol limitations, the slave connections inherit
+     the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
+     their own.
+     ok dtucker@ "put it in" deraadt@
+   - jmc@cvs.openbsd.org 2005/07/04 11:29:51
+     [ssh_config.5]
+     fix Xr and a little grammar;
+   - markus@cvs.openbsd.org 2005/07/04 14:04:11
+     [channels.c]
+     don't forget to set x11_saved_display
+
+20050626
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2005/06/17 22:53:47
+     [ssh.c sshconnect.c]
+     Fix ControlPath's %p expanding to "0" for a default port,
+     spotted dwmw2 AT infradead.org; ok markus@
+   - djm@cvs.openbsd.org 2005/06/18 04:30:36
+     [ssh.c ssh_config.5]
+     allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
+   - djm@cvs.openbsd.org 2005/06/25 22:47:49
+     [ssh.c]
+     do the default port filling code a few lines earlier, so it really 
+     does fix %p
+
+20050618
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2005/05/20 12:57:01;
+   [auth1.c] split protocol 1 auth methods into separate functions, makes 
+   authloop much more readable; fixes and ok markus@ (portable ok & 
+   polish dtucker@)
+   - djm@cvs.openbsd.org 2005/06/17 02:44:33
+   [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
+ - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
+   tested and fixes tim@
+
+20050617
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2005/06/16 03:38:36
+     [channels.c channels.h clientloop.c clientloop.h ssh.c]
+     move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
+     easier later; ok deraadt@
+   - markus@cvs.openbsd.org 2005/06/16 08:00:00
+     [canohost.c channels.c sshd.c]
+     don't exit if getpeername fails for forwarded ports; bugzilla #1054;
+     ok djm
+   - djm@cvs.openbsd.org 2005/06/17 02:44:33
+     [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
+     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
+     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
+     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
+     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
+     make this -Wsign-compare clean; ok avsm@ markus@
+     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
+     NB2. more work may be needed to make portable Wsign-compare clean
+ - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
+   openbsd-compat/openssl-compat.c] only include openssl compat stuff where
+   it's needed as it can cause conflicts elsewhere (eg xcrypt.c).  Found by
+   and ok tim@
+
+20050616
+ - (djm) OpenBSD CVS Sync
+   - jaredy@cvs.openbsd.org 2005/06/07 13:25:23
+     [progressmeter.c]
+     catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
+   - djm@cvs.openbsd.org 2005/06/06 11:20:36
+     [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
+     introduce a generic %foo expansion function. replace existing % expansion 
+     and add expansion to ControlPath; ok markus@
+   - djm@cvs.openbsd.org 2005/06/08 03:50:00
+     [ssh-keygen.1 ssh-keygen.c sshd.8]
+     increase default rsa/dsa key length from 1024 to 2048 bits;
+     ok markus@ deraadt@
+   - djm@cvs.openbsd.org 2005/06/08 11:25:09
+     [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
+     add ControlMaster=auto/autoask options to support opportunistic
+     multiplexing; tested avsm@ and jakob@, ok markus@
+   - dtucker@cvs.openbsd.org 2005/06/09 13:43:49
+     [cipher.c]
+     Correctly initialize end of array sentinel; ok djm@
+     (Id sync only, change already in portable)
+
+20050609
+ - (dtucker) [cipher.c openbsd-compat/Makefile.in
+   openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
+   Move compatibility code for supporting older OpenSSL versions to the
+   compat layer.  Suggested by and "no objection" djm@
+
+20050607
+ - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
+   in today's episode we attempt to coax it from limits.h where it may be
+   hiding, failing that we take the DIY approach.  Tested by tim@
+
+20050603
+ - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
+   defined, and check that it helps before keeping it in CFLAGS.  Some old
+   gcc's don't set an error code when encountering an unknown value in -std.
+   Found and tested by tim@.
+ - (dtucker) [configure.ac] Point configure's reporting address at the
+   openssh-unix-dev list.  ok tim@ djm@
+
+20050602
+ - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
+   Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
+   to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
+   must be run on all platforms) Add missing ;; to case statement. OK dtucker@
+
 20050601
  - (dtucker) [configure.ac] Look for _getshort and _getlong in
    arpa/nameser.h.
@@ -10,6 +284,15 @@
      must be a target directory), kill the spawned ssh child before exiting.
      This stops it trying to authenticate and spewing lots of output.
      deraadt@ ok
+   - dtucker@cvs.openbsd.org 2005/05/26 09:08:12
+     [ssh-keygen.c]
+     uint32_t -> u_int32_t for consistency; ok djm@
+   - djm@cvs.openbsd.org 2005/05/27 08:30:37
+     [ssh.c]
+     fix -O for cases where no ControlPath has been specified or socket at
+     ControlPath is not contactable; spotted by and ok avsm@
+ - (tim) [config.guess config.sub] Update to '2005-05-27' version.
+ - (tim) [configure.ac] set TEST_SHELL for OpenServer 6
 
 20050531
  - (dtucker) [contrib/aix/pam.conf] Correct comments.  From davidl at