X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/bbb1501d503ff001542ccbd4badedcecea8f46a2..a92a0909e5718db781ac21b72e118060b2f28692:/ChangeLog diff --git a/ChangeLog b/ChangeLog index d6eee545..51feebd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,51 @@ +20060325 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/03/16 04:24:42 + [ssh.1] + Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs + that OpenSSH supports + - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 + [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] + [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] + [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] + [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] + [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] + [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] + [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] + [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] + [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] + [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] + [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] + [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] + [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] + [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] + [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] + [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] + [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] + [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] + [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] + [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] + [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] + [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] + [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] + RCSID() can die + +20060318 + - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via + elad AT NetBSD.org + - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take + a LLONG rather than a long. Fixes scp'ing of large files on platforms + with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. + +20060316 + - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. + - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in + /usr/include/crypto. Hint from djm@. + - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] + Disable sha256 when openssl < 0.9.7. Patch from djm@. + - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old + OpenSSL; ok tim + 20060315 - (djm) OpenBSD CVS Sync: - msf@cvs.openbsd.org 2006/02/06 15:54:07 @@ -54,6 +102,224 @@ [includes.h] #include not needed; ok djm@ NB. ID Sync only - we still need this (but it may move later) + - jmc@cvs.openbsd.org 2006/02/09 10:10:47 + [sshd.8] + - move some text into a CAVEATS section + - merge the COMMAND EXECUTION... section into AUTHENTICATION + - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 + [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] + [ssh.c sshd.c sshpty.c] + move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 + [includes.h monitor.c readpass.c scp.c serverloop.c session.c] + [sftp.c sshconnect.c sshconnect2.c sshd.c] + move #include out of includes.h; ok markus@ + - otto@cvs.openbsd.org 2006/02/11 19:31:18 + [atomicio.c] + type correctness; from Ray Lai in PR 5011; ok millert@ + - djm@cvs.openbsd.org 2006/02/12 06:45:34 + [ssh.c ssh_config.5] + add a %l expansion code to the ControlPath, which is filled in with the + local hostname at runtime. Requested by henning@ to avoid some problems + with /home on NFS; ok dtucker@ + - djm@cvs.openbsd.org 2006/02/12 10:44:18 + [readconf.c] + raise error when the user specifies a RekeyLimit that is smaller than 16 + (the smallest of our cipher's blocksize) or big enough to cause integer + wraparound; ok & feedback dtucker@ + - jmc@cvs.openbsd.org 2006/02/12 10:49:44 + [ssh_config.5] + slight rewording; ok djm + - jmc@cvs.openbsd.org 2006/02/12 10:52:41 + [sshd.8] + rework the description of authorized_keys a little; + - jmc@cvs.openbsd.org 2006/02/12 17:57:19 + [sshd.8] + sort the list of options permissable w/ authorized_keys; + ok djm dtucker + - jmc@cvs.openbsd.org 2006/02/13 10:16:39 + [sshd.8] + no need to subsection the authorized_keys examples - instead, convert + this to look like an actual file. also use proto 2 keys, and use IETF + example addresses; + - jmc@cvs.openbsd.org 2006/02/13 10:21:25 + [sshd.8] + small tweaks for the ssh_known_hosts section; + - jmc@cvs.openbsd.org 2006/02/13 11:02:26 + [sshd.8] + turn this into an example ssh_known_hosts file; ok djm + - jmc@cvs.openbsd.org 2006/02/13 11:08:43 + [sshd.8] + - avoid nasty line split + - `*' does not need to be escaped + - jmc@cvs.openbsd.org 2006/02/13 11:27:25 + [sshd.8] + sort FILES and use a -compact list; + - david@cvs.openbsd.org 2006/02/15 05:08:24 + [sftp-client.c] + typo in comment; ok djm@ + - jmc@cvs.openbsd.org 2006/02/15 16:53:20 + [ssh.1] + remove the IETF draft references and replace them with some updated RFCs; + - jmc@cvs.openbsd.org 2006/02/15 16:55:33 + [sshd.8] + remove ietf draft references; RFC list now maintained in ssh.1; + - jmc@cvs.openbsd.org 2006/02/16 09:05:34 + [sshd.8] + sync some of the FILES entries w/ ssh.1; + - jmc@cvs.openbsd.org 2006/02/19 19:52:10 + [sshd.8] + move the sshrc stuff out of FILES, and into its own section: + FILES is not a good place to document how stuff works; + - jmc@cvs.openbsd.org 2006/02/19 20:02:17 + [sshd.8] + sync the (s)hosts.equiv FILES entries w/ those from ssh.1; + - jmc@cvs.openbsd.org 2006/02/19 20:05:00 + [sshd.8] + grammar; + - jmc@cvs.openbsd.org 2006/02/19 20:12:25 + [ssh_config.5] + add some vertical space; + - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 + [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] + move #include out of includes.h; ok djm@ + - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 + [clientloop.c includes.h monitor.c progressmeter.c scp.c] + [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] + move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 + [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] + [authfile.c clientloop.c includes.h readconf.c scp.c session.c] + [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] + [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] + [sshconnect2.c sshd.c sshpty.c] + move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 + [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] + [sshconnect.c] + move #include out of includes.h; ok djm@ + - jmc@cvs.openbsd.org 2006/02/24 10:25:14 + [ssh_config.5] + add section on patterns; + from dtucker + myself + - jmc@cvs.openbsd.org 2006/02/24 10:33:54 + [sshd_config.5] + signpost to PATTERNS; + - jmc@cvs.openbsd.org 2006/02/24 10:37:07 + [ssh_config.5] + tidy up the refs to PATTERNS; + - jmc@cvs.openbsd.org 2006/02/24 10:39:52 + [sshd.8] + signpost to PATTERNS section; + - jmc@cvs.openbsd.org 2006/02/24 20:22:16 + [ssh-keysign.8 ssh_config.5 sshd_config.5] + some consistency fixes; + - jmc@cvs.openbsd.org 2006/02/24 20:31:31 + [ssh.1 ssh_config.5 sshd.8 sshd_config.5] + more consistency fixes; + - jmc@cvs.openbsd.org 2006/02/24 23:20:07 + [ssh_config.5] + some grammar/wording fixes; + - jmc@cvs.openbsd.org 2006/02/24 23:43:57 + [sshd_config.5] + some grammar/wording fixes; + - jmc@cvs.openbsd.org 2006/02/24 23:51:17 + [sshd_config.5] + oops - bits i missed; + - jmc@cvs.openbsd.org 2006/02/25 12:26:17 + [ssh_config.5] + document the possible values for KbdInteractiveDevices; + help/ok dtucker + - jmc@cvs.openbsd.org 2006/02/25 12:28:34 + [sshd_config.5] + document the order in which allow/deny directives are processed; + help/ok dtucker + - jmc@cvs.openbsd.org 2006/02/26 17:17:18 + [ssh_config.5] + move PATTERNS to the end of the main body; requested by dtucker + - jmc@cvs.openbsd.org 2006/02/26 18:01:13 + [sshd_config.5] + subsection is pointless here; + - jmc@cvs.openbsd.org 2006/02/26 18:03:10 + [ssh_config.5] + comma; + - djm@cvs.openbsd.org 2006/02/28 01:10:21 + [session.c] + fix logout recording when privilege separation is disabled, analysis and + patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ + NB. ID sync only - patch already in portable + - djm@cvs.openbsd.org 2006/03/04 04:12:58 + [serverloop.c] + move a debug() outside of a signal handler; ok markus@ a little while back + - djm@cvs.openbsd.org 2006/03/12 04:23:07 + [ssh.c] + knf nit + - djm@cvs.openbsd.org 2006/03/13 08:16:00 + [sshd.c] + don't log that we are listening on a socket before the listen() call + actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ + - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 + [packet.c] + Set TCP_NODELAY for all connections not just "interactive" ones. Fixes + poor performance and protocol stalls under some network conditions (mindrot + bugs #556 and #981). Patch originally from markus@, ok djm@ + - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 + [ssh-keygen.c] + Make ssh-keygen handle CR and CRLF line termination when converting IETF + format keys, in adition to vanilla LF. mindrot #1157, tested by Chris + Pepper, ok djm@ + - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 + [misc.c ssh_config.5 sshd_config.5] + Allow config directives to contain whitespace by surrounding them by double + quotes. mindrot #482, man page help from jmc@, ok djm@ + - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 + [authfile.c authfile.h ssh-add.c] + Make ssh-add check file permissions before attempting to load private + key files multiple times; it will fail anyway and this prevents confusing + multiple prompts and warnings. mindrot #1138, ok djm@ + - djm@cvs.openbsd.org 2006/03/14 00:15:39 + [canohost.c] + log the originating address and not just the name when a reverse + mapping check fails, requested by linux AT linuon.com + - markus@cvs.openbsd.org 2006/03/14 16:32:48 + [ssh_config.5 sshd_config.5] + *AliveCountMax applies to protcol v2 only; ok dtucker, djm + - djm@cvs.openbsd.org 2006/03/07 09:07:40 + [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] + Implement the diffie-hellman-group-exchange-sha256 key exchange method + using the SHA256 code in libc (and wrapper to make it into an OpenSSL + EVP), interop tested against CVS PuTTY + NB. no portability bits committed yet + - (djm) [configure.ac defines.h kex.c md-sha256.c] + [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] + [openbsd-compat/sha2.c] First stab at portability glue for SHA256 + KEX support, should work with libc SHA256 support or OpenSSL + EVP_sha256 if present + - (djm) [includes.h] Restore accidentally dropped netinet/in.h + - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files + - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present + - (djm) [regress/.cvsignore] Ignore Makefile here + - (djm) [loginrec.c] Need stat.h + - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with + system sha2.h + - (djm) [ssh-rand-helper.c] Needs a bunch of headers + - (djm) [ssh-agent.c] Restore dropped stat.h + - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out + SHA384, which we don't need and doesn't compile without tweaks + - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] + [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] + [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] + [openbsd-compat/glob.c openbsd-compat/mktemp.c] + [openbsd-compat/readpassphrase.c] Lots of include fixes for + OpenSolaris + - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" + - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some + includes removed from includes.h + - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE + - (djm) [includes.h] Put back paths.h, it is needed in defines.h + - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs + sys/ioctl.h for struct winsize. + - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)