X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/cdfbc8299cfe8754522579b641440aee9cde44cf..1890bf8b21328394dec8c534df8036afbf544833:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 28f5486d..8d30516a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,218 @@
+20081111
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2008/11/05 11:22:54
+     [servconf.c]
+     passord -> password;
+     fixes user/5975 from Rene Maroufi
+   - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
+     [ssh-keygen.c]
+     spelling/typo in comment
+
+20081105
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/11/03 08:59:41
+     [servconf.c]
+     include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
+   - djm@cvs.openbsd.org 2008/11/04 07:58:09
+     [auth.c]
+     need unistd.h for close() prototype
+     (ID sync only)
+   - djm@cvs.openbsd.org 2008/11/04 08:22:13
+     [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
+     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
+     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
+     [Makefile.in]
+     Add support for an experimental zero-knowledge password authentication
+     method using the J-PAKE protocol described in F. Hao, P. Ryan,
+     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
+     Security Protocols, Cambridge, April 2008.
+     
+     This method allows password-based authentication without exposing
+     the password to the server. Instead, the client and server exchange
+     cryptographic proofs to demonstrate of knowledge of the password while
+     revealing nothing useful to an attacker or compromised endpoint.
+     
+     This is experimental, work-in-progress code and is presently
+     compiled-time disabled (turn on -DJPAKE in Makefile.inc).
+     
+     "just commit it.  It isn't too intrusive." deraadt@
+   - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
+     [readconf.c]
+     because parse_forward() is now used to parse all forward types (DLR),
+     and it malloc's space for host variables, we don't need to malloc
+     here.  fixes small memory leaks.
+     
+     previously dynamic forwards were not parsed in parse_forward() and
+     space was not malloc'd in that case.
+     
+     ok djm@
+   - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
+     [clientloop.c ssh.1]
+     add dynamic forward escape command line; ok djm@
+
+20081103
+ - OpenBSD CVS Sync
+   - sthen@cvs.openbsd.org 2008/07/24 23:55:30
+     [ssh-keygen.1]
+     Add "ssh-keygen -F -l" to synopsis (displays fingerprint from
+     known_hosts).  ok djm@
+   - grunk@cvs.openbsd.org 2008/07/25 06:56:35
+     [ssh_config]
+     Add VisualHostKey to example file, ok djm@
+   - grunk@cvs.openbsd.org 2008/07/25 07:05:16
+     [key.c]
+     In random art visualization, make sure to use the end marker only at the
+     end.  Initial diff by Dirk Loss, tweaks and ok djm@
+  - markus@cvs.openbsd.org 2008/07/31 14:48:28
+     [sshconnect2.c]
+     don't allocate space for empty banners; report t8m at centrum.cz;
+     ok deraadt
+   - krw@cvs.openbsd.org 2008/08/02 04:29:51
+     [ssh_config.5]
+     whitepsace -> whitespace. From Matthew Clarke via bugs@.
+   - djm@cvs.openbsd.org 2008/08/21 04:09:57
+     [session.c]
+     allow ForceCommand internal-sftp with arguments. based on patch from
+     michael.barabanov AT gmail.com; ok markus@
+   - djm@cvs.openbsd.org 2008/09/06 12:24:13
+     [kex.c]
+     OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our
+     replacement anymore
+     (ID sync only for portable - we still need this)
+   - markus@cvs.openbsd.org 2008/09/11 14:22:37
+     [compat.c compat.h nchan.c ssh.c]
+     only send eow and no-more-sessions requests to openssh 5 and newer;
+     fixes interop problems with broken ssh v2 implementations; ok djm@
+   - millert@cvs.openbsd.org 2008/10/02 14:39:35
+     [session.c]
+     Convert an unchecked strdup to xstrdup.  OK deraadt@
+  - jmc@cvs.openbsd.org 2008/10/03 13:08:12
+     [sshd.8]
+     do not give an example of how to chmod files: we can presume the user
+     knows that. removes an ambiguity in the permission of authorized_keys;
+     ok deraadt
+   - deraadt@cvs.openbsd.org 2008/10/03 23:56:28
+     [sshconnect2.c]
+     Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the
+     function.
+     spotted by des@freebsd, who commited an incorrect fix to the freebsd tree
+     and (as is fairly typical) did not report the problem to us.  But this fix
+     is correct.
+     ok djm
+   - djm@cvs.openbsd.org 2008/10/08 23:34:03
+     [ssh.1 ssh.c]
+     Add -y option to force logging via syslog rather than stderr.
+     Useful for daemonised ssh connection (ssh -f). Patch originally from
+     and ok'd by markus@
+   - djm@cvs.openbsd.org 2008/10/09 03:50:54
+     [servconf.c sshd_config.5]
+     support setting PermitEmptyPasswords in a Match block
+     requested in PR3891; ok dtucker@
+   - jmc@cvs.openbsd.org 2008/10/09 06:54:22
+     [ssh.c]
+     add -y to usage();
+   - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
+     [scp.c]
+     spelling in comment; ok djm@
+   - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
+     [key.c]
+     typo in error message; ok djm@
+   - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
+     [ssh_config.5]
+     use 'Privileged ports can be forwarded only when logging in as root on
+     the remote machine.' for RemoteForward just like ssh.1 -R.
+     ok djm@ jmc@
+   - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
+     [sshconnect.c]
+     use #define ROQUIET here; no binary change. ok dtucker@
+   - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
+     [ssh_config.5]
+     correct and clarify VisualHostKey; ok jmc@
+   - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
+     [clientloop.c sshd.c]
+     don't need to #include "monitor_fdpass.h"
+   - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
+     [dispatch.c]
+     remove unused #define DISPATCH_MIN; ok markus@
+   - djm@cvs.openbsd.org 2008/11/01 04:50:08
+     [sshconnect2.c]
+     sprinkle ARGSUSED on dispatch handlers
+     nuke stale unusued prototype
+   - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
+     [channels.c]
+     fix some typos in log messages; ok djm@
+   - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
+     [ssh-keyscan.1 ssh-keyscan.c]
+     the ellipsis is not an optional argument; while here, improve spacing.
+   - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
+     [clientloop.c readconf.c readconf.h ssh.c]
+     merge dynamic forward parsing into parse_forward();
+     'i think this is OK' djm@
+   - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
+     [ttymodes.c]
+     protocol 2 tty modes support is now 7.5 years old so remove these
+     debug3()s; ok deraadt@
+   - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
+     [readconf.c]
+     remove valueless comment
+   - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
+     [readconf.c]
+     fix comment
+ - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
+   Make example scripts generate keys with default sizes rather than fixed,
+   non-default 1024 bits; patch from imorgan AT nas.nasa.gov
+ - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
+   [contrib/redhat/sshd.pam] Move pam_nologin to account group from
+   incorrect auth group in example files;
+   patch from imorgan AT nas.nasa.gov
+
+20080906
+ - (dtucker) [config.guess config.sub] Update to latest versions from
+   http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16
+   respectively).
+
+20080830
+ - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs
+   larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd).  Patch
+   from Nicholas Marriott.
+
+20080721
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/23 07:36:55
+     [servconf.c]
+     do not try to print options that have been compile-time disabled
+     in config test mode (sshd -T); report from nix-corp AT esperi.org.uk
+     ok dtucker@
+ - (djm) [servconf.c] Print UsePAM option in config test mode (when it
+   has been compiled in); report from nix-corp AT esperi.org.uk
+   ok dtucker@
+
+20080721
+ - (djm) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2008/07/18 22:51:01
+     [sftp-server.8]
+     no need for .Pp before or after .Sh;
+   - djm@cvs.openbsd.org 2008/07/21 08:19:07
+     [version.h]
+     openssh-5.1
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+   [contrib/suse/openssh.spec] Update version number in README and RPM specs
+ - (djm) Release OpenSSH-5.1
+
+20080717
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/07/17 08:48:00
+     [sshconnect2.c]
+     strnvis preauth banner; pointed out by mpf@ ok markus@
+   - djm@cvs.openbsd.org 2008/07/17 08:51:07
+     [auth2-hostbased.c]
+     strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes
+     report and patch from res AT qoxp.net (bz#1200); ok markus@
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c]  Remove long-unneeded compat
+   code, replace with equivalent cygwin library call.  Patch from vinschen
+   at redhat.com, ok djm@.
+ - (djm) [sshconnect2.c] vis.h isn't available everywhere
+
 20080716
  - OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2008/07/15 02:23:14