X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/991c97285e3a36da05042516af4a15ca30a909af..fe7dba42f8a9310cf20bcb4e99419926ee2e5d5c:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 918a48da..0a931a12 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,119 @@
+20091208
+ - (dtucker) OpenBSD CVS Sync
+   - andreas@cvs.openbsd.org 2009/10/24 11:11:58
+     [roaming.h]
+     Declarations needed for upcoming changes.
+     ok markus@
+   - andreas@cvs.openbsd.org 2009/10/24 11:13:54
+     [sshconnect2.c kex.h kex.c]
+     Let the client detect if the server supports roaming by looking
+     for the resume@appgate.com kex algorithm.
+     ok markus@
+   - andreas@cvs.openbsd.org 2009/10/24 11:15:29
+     [clientloop.c]
+     client_loop() must detect if the session has been suspended and resumed,
+     and take appropriate action in that case.
+     From Martin Forssen, maf at appgate dot com
+   - andreas@cvs.openbsd.org 2009/10/24 11:19:17
+     [ssh2.h]
+     Define the KEX messages used when resuming a suspended connection.
+     ok markus@
+   - andreas@cvs.openbsd.org 2009/10/24 11:22:37
+     [roaming_common.c]
+     Do the actual suspend/resume in the client. This won't be useful until
+     the server side supports roaming.
+     Most code from Martin Forssen, maf at appgate dot com. Some changes by
+     me and markus@
+     ok markus@
+   - andreas@cvs.openbsd.org 2009/10/24 11:23:42
+     [ssh.c]
+     Request roaming to be enabled if UseRoaming is true and the server
+     supports it.
+     ok markus@
+   - reyk@cvs.openbsd.org 2009/10/28 16:38:18
+     [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
+     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
+     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
+     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
+     ok markus@
+
+20091226
+ - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
+   Gzip all man pages. Patch from Corinna Vinschen.
+
+20091221
+ - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
+   Bug #1583: Use system's kerberos principal name on AIX if it's available.
+   Based on a patch from and tested by Miguel Sanders 
+
+20091208
+ - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,
+   based on a patch from Vaclav Ovsik and Colin Watson.  ok djm.
+
+20091207
+ - (dtucker) Bug #1160: use pkg-config for opensc config if it's available.
+   Tested by Martin Paljak.
+ - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass.
+
+20091121
+ - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
+   Bug 1628. OK dtucker@
+
+20091120
+ - (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
+   line arguments as none are supported. Exit when passed unrecognised
+   commandline flags. bz#1568 from gson AT araneus.fi
+
+20091118
+ - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
+   set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
+   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
+   bz#1648, report and fix from jan.kratochvil AT redhat.com
+ - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
+   bz#1645, patch from jchadima AT redhat.com
+
+20091107
+ - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
+    keys when built with OpenSSL versions that don't do AES.
+
+20091105
+ - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
+   older versions of OpenSSL.
+
+20091024
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2009/10/11 23:03:15
+     [hostfile.c]
+     mention the host name that we are looking for in check_host_in_hostfile()
+   - sobrado@cvs.openbsd.org 2009/10/17 12:10:39
+     [sftp-server.c]
+     sort flags.
+   - sobrado@cvs.openbsd.org 2009/10/22 12:35:53
+     [ssh.1 ssh-agent.1 ssh-add.1]
+     use the UNIX-related macros (.At and .Ux) where appropriate.
+     ok jmc@
+   - sobrado@cvs.openbsd.org 2009/10/22 15:02:12
+     [ssh-agent.1 ssh-add.1 ssh.1]
+     write UNIX-domain in a more consistent way; while here, replace a
+     few remaining ".Tn UNIX" macros with ".Ux" ones.
+     pointed out by ratchov@, thanks!
+     ok jmc@
+   - djm@cvs.openbsd.org 2009/10/22 22:26:13
+     [authfile.c]
+     switch from 3DES to AES-128 for encryption of passphrase-protected
+     SSH protocol 2 private keys; ok several
+   - djm@cvs.openbsd.org 2009/10/23 01:57:11
+     [sshconnect2.c]
+     disallow a hostile server from checking jpake auth by sending an
+     out-of-sequence success message. (doesn't affect code enabled by default)
+   - dtucker@cvs.openbsd.org 2009/10/24 00:48:34
+     [ssh-keygen.1]
+     ssh-keygen now uses AES-128 for private keys
+ - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.
+ - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
+   is enabled set the security context to "sftpd_t" before running the
+   internal sftp server   Based on a patch from jchadima at redhat.
+
 20091011
  - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
    dirent d_type and DTTOIF as we've switched OpenBSD to the more portable