X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/cda43f668846cedd2fb45756d1366b22bc60c177..f3b93df3d8a7e44db3c1f3e3d1fa009d7dd4f7b5:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 548bb856..babdfbfd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,245 @@
+20080721
+ - (djm) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2008/07/18 22:51:01
+     [sftp-server.8]
+     no need for .Pp before or after .Sh;
+   - djm@cvs.openbsd.org 2008/07/21 08:19:07
+     [version.h]
+     openssh-5.1
+
+20080717
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/17 08:48:00
+     [sshconnect2.c]
+     strnvis preauth banner; pointed out by mpf@ ok markus@
+   - djm@cvs.openbsd.org 2008/07/17 08:51:07
+     [auth2-hostbased.c]
+     strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes
+     report and patch from res AT qoxp.net (bz#1200); ok markus@
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c]  Remove long-unneeded compat
+   code, replace with equivalent cygwin library call.  Patch from vinschen
+   at redhat.com, ok djm@.
+ - (djm) [sshconnect2.c] vis.h isn't available everywhere
+
+20080716
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/15 02:23:14
+     [sftp.1]
+     number of pipelined requests is now 64;
+     prodded by Iain.Morgan AT nasa.gov
+   - djm@cvs.openbsd.org 2008/07/16 11:51:14
+     [clientloop.c]
+     rename variable first_gc -> last_gc (since it is actually the last
+     in the list).
+   - djm@cvs.openbsd.org 2008/07/16 11:52:19
+     [channels.c]
+     this loop index should be automatic, not static
+
+20080714
+ - (djm) OpenBSD CVS Sync
+   - sthen@cvs.openbsd.org 2008/07/13 21:22:52
+     [ssh-keygen.c]
+     Change "ssh-keygen -F [host] -l" to not display random art unless
+     -v is also specified, making it consistent with the manual and other
+     uses of -l.
+     ok grunk@
+   - djm@cvs.openbsd.org 2008/07/13 22:13:07
+     [channels.c]
+     use struct sockaddr_storage instead of struct sockaddr for accept(2)
+     address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
+   - djm@cvs.openbsd.org 2008/07/13 22:16:03
+     [sftp.c]
+     increase number of piplelined requests so they properly fill the
+     (recently increased) channel window. prompted by rapier AT psc.edu;
+     ok markus@
+   - djm@cvs.openbsd.org 2008/07/14 01:55:56
+     [sftp-server.8]
+     mention requirement for /dev/log inside chroot when using sftp-server
+     with ChrootDirectory
+ - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to
+   avoid clash with sin(3) function; reported by
+   cristian.ionescu-idbohrn AT axis.com
+ - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close()
+   prototype; reported by cristian.ionescu-idbohrn AT axis.com
+ - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash;
+   reported by cristian.ionescu-idbohrn AT axis.com
+ - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config]
+   [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd]
+   Revamped and simplified Cygwin ssh-host-config script that uses
+   unified csih configuration tool. Requires recent Cygwin.
+   Patch from vinschen AT redhat.com
+
+20080712
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/12 04:52:50
+     [channels.c]
+     unbreak; move clearing of cctx struct to before first use
+     reported by dkrause@
+   - djm@cvs.openbsd.org 2008/07/12 05:33:41
+     [scp.1]
+     better description for -i flag:
+     s/RSA authentication/public key authentication/
+ - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h]
+   return EAI_FAMILY when trying to lookup unsupported address family;
+   from vinschen AT redhat.com
+
+20080711
+ - (djm) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2008/07/07 00:31:41
+     [ttymodes.c]
+     we don't need arg after the debug3() was removed.  from lint.
+     ok djm@
+   - stevesk@cvs.openbsd.org 2008/07/07 23:32:51
+     [key.c]
+     /*NOTREACHED*/ for lint warning:
+       warning: function key_equal falls off bottom without returning value
+     ok djm@
+   - markus@cvs.openbsd.org 2008/07/10 18:05:58
+     [channels.c]
+     missing bzero; from mickey; ok djm@
+   - markus@cvs.openbsd.org 2008/07/10 18:08:11
+     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
+     sync v1 and v2 traffic accounting; add it to sshd, too;
+     ok djm@, dtucker@
+
+20080709
+ - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
+ - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
+   account check failure path. The vulnerable format buffer is supplied
+   from PAM and should not contain attacker-supplied data.
+ - (djm) [auth.c] Missing unistd.h for close()
+ - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x
+
+20080705
+ - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
+   passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
+   hotpop.com, w/ dtucker@
+ - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for
+   Tru64. readv doesn't seem to be a comparable object there.
+   bz#1386, patch from dtucker@ ok me
+ - (djm) [Makefile.in] Pass though pass to conch for interop tests
+ - (djm) [configure.ac] unbreak: remove extra closing brace
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/04 23:08:25
+     [packet.c]
+     handle EINTR in packet_write_poll()l ok dtucker@
+   - djm@cvs.openbsd.org 2008/07/04 23:30:16
+     [auth1.c auth2.c]
+     Make protocol 1 MaxAuthTries logic match protocol 2's.
+     Do not treat the first protocol 2 authentication attempt as
+     a failure IFF it is for method "none".
+     Makes MaxAuthTries' user-visible behaviour identical for
+     protocol 1 vs 2.
+     ok dtucker@
+   - djm@cvs.openbsd.org 2008/07/05 05:16:01
+     [PROTOCOL]
+     grammar
+
+20080704
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/02 13:30:34
+     [auth2.c]
+     really really remove the freebie "none" auth try for protocol 2
+   - djm@cvs.openbsd.org 2008/07/02 13:47:39
+     [ssh.1 ssh.c]
+     When forking after authentication ("ssh -f") with ExitOnForwardFailure
+     enabled, delay the fork until after replies for any -R forwards have
+     been seen. Allows for robust detection of -R forward failure when
+     using -f (similar to bz#92); ok dtucker@
+   - otto@cvs.openbsd.org 2008/07/03 21:46:58
+     [auth2-pubkey.c]
+     avoid nasty double free; ok dtucker@ djm@
+   - djm@cvs.openbsd.org 2008/07/04 03:44:59
+     [servconf.c groupaccess.h groupaccess.c]
+     support negation of groups in "Match group" block (bz#1315); ok dtucker@
+   - dtucker@cvs.openbsd.org 2008/07/04 03:47:02
+     [monitor.c]
+     Make debug a little clearer.  ok djm@
+   - djm@cvs.openbsd.org 2008/06/30 08:07:34
+     [regress/key-options.sh]
+     shell portability: use "=" instead of "==" in test(1) expressions,
+     double-quote string with backslash escaped /
+   - djm@cvs.openbsd.org 2008/06/30 10:31:11
+     [regress/{putty-transfer,putty-kex,putty-ciphers}.sh]
+     remove "set -e" left over from debugging
+   - djm@cvs.openbsd.org 2008/06/30 10:43:03
+     [regress/conch-ciphers.sh]
+     explicitly disable conch options that could interfere with the test
+ - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link
+   returns EXDEV.  Patch from Mike Garrison, ok djm@
+ - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
+   [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
+   [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
+   some platforms (HP nonstop) it is a distinct errno;
+   bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
+
+20080702
+ - (dtucker) OpenBSD CVS Sync
+    - djm@cvs.openbsd.org 2008/06/30 08:05:59
+      [PROTOCOL.agent]
+      typo: s/constraint_date/constraint_data/
+   - djm@cvs.openbsd.org 2008/06/30 12:15:39
+     [serverloop.c]
+     only pass channel requests on session channels through to the session
+     channel handler, avoiding spurious log messages; ok! markus@
+   - djm@cvs.openbsd.org 2008/06/30 12:16:02
+     [nchan.c]
+     only send eow@openssh.com notifications for session channels; ok! markus@
+   - djm@cvs.openbsd.org 2008/06/30 12:18:34
+     [PROTOCOL]
+     clarify that eow@openssh.com is only sent on session channels
+   - dtucker@cvs.openbsd.org 2008/07/01 07:20:52
+     [sshconnect.c]
+     Check ExitOnForwardFailure if forwardings are disabled due to a failed
+     host key check.  ok djm@
+   - dtucker@cvs.openbsd.org 2008/07/01 07:24:22
+     [sshconnect.c sshd.c]
+     Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
+     in order to comply with RFC 4253.  bz #1443, ok djm@
+   - stevesk@cvs.openbsd.org 2008/07/01 23:12:47
+     [PROTOCOL.agent]
+     fix some typos; ok djm@
+   - djm@cvs.openbsd.org 2008/07/02 02:24:18
+     [sshd_config sshd_config.5 sshd.8 servconf.c]
+     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
+     bits; prodded by & ok dtucker@ ok deraadt@
+   - dtucker@cvs.openbsd.org 2008/07/02 12:03:51
+     [auth-rsa.c auth.c auth2-pubkey.c auth.h]
+     Merge duplicate host key file checks, based in part on a patch from Rob
+     Holland via bz #1348 .  Also checks for non-regular files during protocol
+     1 RSA auth.  ok djm@
+   - djm@cvs.openbsd.org 2008/07/02 12:36:39
+     [auth2-none.c auth2.c]
+     Make protocol 2 MaxAuthTries behaviour a little more sensible:
+     Check whether client has exceeded MaxAuthTries before running
+     an authentication method and skip it if they have, previously it
+     would always allow one try (for "none" auth).
+     Preincrement failure count before post-auth test - previously this
+     checked and postincremented, also to allow one "none" try.
+     Together, these two changes always count the "none" auth method
+     which could be skipped by a malicious client (e.g. an SSH worm)
+     to get an extra attempt at a real auth method. They also make
+     MaxAuthTries=0 a useful way to block users entirely (esp. in a
+     sshd_config Match block).
+     Also, move sending of any preauth banner from "none" auth method
+     to the first call to input_userauth_request(), so worms that skip
+     the "none" method get to see it too.
+
+20080630
+ - (djm) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2008/06/10 23:13:43
+     [regress/Makefile regress/key-options.sh]
+     Add regress test for key options.  ok djm@
+   - dtucker@cvs.openbsd.org 2008/06/11 23:11:40
+     [regress/Makefile]
+     Don't run cipher-speed test by default; mistakenly enabled by me
+   - djm@cvs.openbsd.org 2008/06/28 13:57:25
+     [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
+     very basic regress test against Twisted Conch in "make interop"
+     target (conch is available in ports/devel/py-twisted/conch);
+     ok markus@
+ - (djm) [regress/Makefile] search for conch by path, like we do putty
+
 20080629
  - (djm) OpenBSD CVS Sync
    - martynas@cvs.openbsd.org 2008/06/21 07:46:46
@@ -34,6 +276,17 @@
    - djm@cvs.openbsd.org 2008/06/28 07:25:07
      [PROTOCOL]
      spelling fixes
+   - djm@cvs.openbsd.org 2008/06/28 13:58:23
+     [ssh-agent.c]
+     refuse to add a key that has unknown constraints specified;
+     ok markus
+   - djm@cvs.openbsd.org 2008/06/28 14:05:15
+     [ssh-agent.c]
+     reset global compat flag after processing a protocol 2 signature
+     request with the legacy DSA encoding flag set; ok markus
+   - djm@cvs.openbsd.org 2008/06/28 14:08:30
+     [PROTOCOL PROTOCOL.agent]
+     document the protocol used by ssh-agent; "looks ok" markus@
 
 20080628
  - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]