X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/bf7932105bd20b1f2d728b5f985280c312e10b3e..1890bf8b21328394dec8c534df8036afbf544833:/ChangeLog?ds=sidebyside

diff --git a/ChangeLog b/ChangeLog
index e37a14d8..8d30516a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,55 @@
+20081111
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2008/11/05 11:22:54
+     [servconf.c]
+     passord -> password;
+     fixes user/5975 from Rene Maroufi
+   - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
+     [ssh-keygen.c]
+     spelling/typo in comment
+
+20081105
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/11/03 08:59:41
+     [servconf.c]
+     include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
+   - djm@cvs.openbsd.org 2008/11/04 07:58:09
+     [auth.c]
+     need unistd.h for close() prototype
+     (ID sync only)
+   - djm@cvs.openbsd.org 2008/11/04 08:22:13
+     [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
+     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
+     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
+     [Makefile.in]
+     Add support for an experimental zero-knowledge password authentication
+     method using the J-PAKE protocol described in F. Hao, P. Ryan,
+     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
+     Security Protocols, Cambridge, April 2008.
+     
+     This method allows password-based authentication without exposing
+     the password to the server. Instead, the client and server exchange
+     cryptographic proofs to demonstrate of knowledge of the password while
+     revealing nothing useful to an attacker or compromised endpoint.
+     
+     This is experimental, work-in-progress code and is presently
+     compiled-time disabled (turn on -DJPAKE in Makefile.inc).
+     
+     "just commit it.  It isn't too intrusive." deraadt@
+   - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
+     [readconf.c]
+     because parse_forward() is now used to parse all forward types (DLR),
+     and it malloc's space for host variables, we don't need to malloc
+     here.  fixes small memory leaks.
+     
+     previously dynamic forwards were not parsed in parse_forward() and
+     space was not malloc'd in that case.
+     
+     ok djm@
+   - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
+     [clientloop.c ssh.1]
+     add dynamic forward escape command line; ok djm@
+
 20081103
  - OpenBSD CVS Sync
    - sthen@cvs.openbsd.org 2008/07/24 23:55:30
@@ -52,6 +104,67 @@
      Add -y option to force logging via syslog rather than stderr.
      Useful for daemonised ssh connection (ssh -f). Patch originally from
      and ok'd by markus@
+   - djm@cvs.openbsd.org 2008/10/09 03:50:54
+     [servconf.c sshd_config.5]
+     support setting PermitEmptyPasswords in a Match block
+     requested in PR3891; ok dtucker@
+   - jmc@cvs.openbsd.org 2008/10/09 06:54:22
+     [ssh.c]
+     add -y to usage();
+   - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
+     [scp.c]
+     spelling in comment; ok djm@
+   - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
+     [key.c]
+     typo in error message; ok djm@
+   - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
+     [ssh_config.5]
+     use 'Privileged ports can be forwarded only when logging in as root on
+     the remote machine.' for RemoteForward just like ssh.1 -R.
+     ok djm@ jmc@
+   - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
+     [sshconnect.c]
+     use #define ROQUIET here; no binary change. ok dtucker@
+   - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
+     [ssh_config.5]
+     correct and clarify VisualHostKey; ok jmc@
+   - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
+     [clientloop.c sshd.c]
+     don't need to #include "monitor_fdpass.h"
+   - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
+     [dispatch.c]
+     remove unused #define DISPATCH_MIN; ok markus@
+   - djm@cvs.openbsd.org 2008/11/01 04:50:08
+     [sshconnect2.c]
+     sprinkle ARGSUSED on dispatch handlers
+     nuke stale unusued prototype
+   - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
+     [channels.c]
+     fix some typos in log messages; ok djm@
+   - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
+     [ssh-keyscan.1 ssh-keyscan.c]
+     the ellipsis is not an optional argument; while here, improve spacing.
+   - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
+     [clientloop.c readconf.c readconf.h ssh.c]
+     merge dynamic forward parsing into parse_forward();
+     'i think this is OK' djm@
+   - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
+     [ttymodes.c]
+     protocol 2 tty modes support is now 7.5 years old so remove these
+     debug3()s; ok deraadt@
+   - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
+     [readconf.c]
+     remove valueless comment
+   - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
+     [readconf.c]
+     fix comment
+ - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
+   Make example scripts generate keys with default sizes rather than fixed,
+   non-default 1024 bits; patch from imorgan AT nas.nasa.gov
+ - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
+   [contrib/redhat/sshd.pam] Move pam_nologin to account group from
+   incorrect auth group in example files;
+   patch from imorgan AT nas.nasa.gov
 
 20080906
  - (dtucker) [config.guess config.sub] Update to latest versions from