X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/dc0cae51ae528b77d4ab2148b30a844ea4d10c95..a74e9b64e20e92d70c2d17bd424b076113ff09dd:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 09f076eb..fa4df0b7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,169 @@
+20080225
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
+   since it now conflicts with the helper function in misc.c.  From
+   vinschen AT redhat.com.
+ - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
+   of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
+   Help and testing from csjp at FreeBSD org, vgiffin at apple com.  ok djm@
+
+20080224
+ - (tim) [contrib/cygwin/ssh-host-config]
+   Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
+   Check more thoroughly that it's possible to create the /var/empty directory.
+   Patch by vinschen AT redhat.com
+
+20080210
+ - OpenBSD CVS Sync
+   - chl@cvs.openbsd.org 2008/01/11 07:22:28
+     [sftp-client.c sftp-client.h]
+     disable unused functions
+     initially from tobias@, but disabled them by placing them in
+     "#ifdef notyet" which was asked by djm@
+     ok djm@ tobias@
+   - djm@cvs.openbsd.org 2008/01/19 19:13:28
+     [ssh.1]
+     satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
+     some commandline parsing warnings go unconditionally to stdout).
+   - djm@cvs.openbsd.org 2008/01/19 20:48:53
+     [clientloop.c]
+     fd leak on session multiplexing error path. Report and patch from
+     gregory_shively AT fanniemae.com
+   - djm@cvs.openbsd.org 2008/01/19 20:51:26
+     [ssh.c]
+     ignore SIGPIPE in multiplex client mode - we can receive this if the
+     server runs out of fds on us midway. Report and patch from
+     gregory_shively AT fanniemae.com
+   - djm@cvs.openbsd.org 2008/01/19 22:04:57
+     [sftp-client.c]
+     fix remote handle leak in do_download() local file open error path;
+     report and fix from sworley AT chkno.net
+   - djm@cvs.openbsd.org 2008/01/19 22:22:58
+     [ssh-keygen.c]
+     when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
+     hash just the specified hostname and not the entire hostspec from the
+     keyfile. It may be of the form "hostname,ipaddr", which would lead to
+     a hash that never matches. report and fix from jp AT devnull.cz
+   - djm@cvs.openbsd.org 2008/01/19 22:37:19
+     [ssh-keygen.c]
+     unbreak line numbering (broken in revision 1.164), fix error message
+   - djm@cvs.openbsd.org 2008/01/19 23:02:40
+     [channels.c]
+     When we added support for specified bind addresses for port forwards, we
+     added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
+     this for -L port forwards that causes the client to listen on both v4
+     and v6 addresses when connected to a server with this quirk, despite
+     having set 0.0.0.0 as a bind_address.
+     report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
+   - djm@cvs.openbsd.org 2008/01/19 23:09:49
+     [readconf.c readconf.h sshconnect2.c]
+     promote rekeylimit to a int64 so it can hold the maximum useful limit
+     of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
+   - djm@cvs.openbsd.org 2008/01/20 00:38:30
+     [sftp.c]
+     When uploading, correctly handle the case of an unquoted filename with
+     glob metacharacters that match a file exactly but not as a glob, e.g. a
+     file called "[abcd]". report and test cases from duncan2nd AT gmx.de
+   - djm@cvs.openbsd.org 2008/01/21 17:24:30
+     [sftp-server.c]
+     Remove the fixed 100 handle limit in sftp-server and allocate as many
+     as we have available file descriptors. Patch from miklos AT szeredi.hu;
+     ok dtucker@ markus@
+   - djm@cvs.openbsd.org 2008/01/21 19:20:17
+     [sftp-client.c]
+     when a remote write error occurs during an upload, ensure that ACKs for
+     all issued requests are properly drained. patch from t8m AT centrum.cz
+   - dtucker@cvs.openbsd.org 2008/01/23 01:56:54
+     [clientloop.c packet.c serverloop.c]
+     Revert the change for bz #1307 as it causes connection aborts if an IGNORE
+     packet arrives while we're waiting in packet_read_expect (and possibly
+     elsewhere).
+   - jmc@cvs.openbsd.org 2008/01/31 20:06:50
+     [scp.1]
+     explain how to handle local file names containing colons;
+     requested by Tamas TEVESZ
+     ok dtucker
+   - markus@cvs.openbsd.org 2008/02/04 21:53:00
+     [session.c sftp-server.c sftp.h]
+     link sftp-server into sshd; feedback and ok djm@
+   - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
+     [ssh.1 sshd.8]
+     Document the correct permissions for the ~/.ssh/ directory.
+     ok jmc
+   - djm@cvs.openbsd.org 2008/02/10 09:55:37
+     [sshd_config.5]
+     mantion that "internal-sftp" is useful with ForceCommand too
+   - djm@cvs.openbsd.org 2008/02/10 10:54:29
+     [servconf.c session.c]
+     delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
+     home, rather than the user who starts sshd (probably root)
+
+20080119
+ - (djm) Silence noice from expr in ssh-copy-id; patch from
+   mikel AT mikelward.com
+ - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
+   tsr2600 AT gmail.com
+
+20080102
+ - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
+
+20080101
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2007/12/31 10:41:31
+     [readconf.c servconf.c]
+     Prevent strict-aliasing warnings on newer gcc versions.  bz #1355, patch
+     from Dmitry V. Levin, ok djm@
+   - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
+     [sshd.c]
+     When in inetd mode, have sshd generate a Protocol 1 ephemeral server
+     key only for connections where the client chooses Protocol 1 as opposed
+     to when it's enabled in the server's config.  Speeds up Protocol 2
+     connections to inetd-mode servers that also allow Protocol 1.  bz #440,
+     based on a patch from bruno at wolff.to, ok markus@
+   - dtucker@cvs.openbsd.org 2008/01/01 08:47:04
+     [misc.c]
+     spaces -> tabs from my previous commit
+   - dtucker@cvs.openbsd.org 2008/01/01 09:06:39
+     [scp.c]
+     If scp -p encounters a pre-epoch timestamp, use the epoch which is
+     as close as we can get given that it's used unsigned.  Add a little
+     debugging while there.  bz #828, ok djm@
+   - dtucker@cvs.openbsd.org 2008/01/01 09:27:33
+     [sshd_config.5 servconf.c]
+     Allow PermitRootLogin in a Match block.  Allows for, eg, permitting root
+     only from the local network.  ok markus@, man page bit ok jmc@
+   - dtucker@cvs.openbsd.org 2008/01/01 08:51:20
+     [moduli]
+     Updated moduli file; ok djm@
+
+20071231
+ - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
+   builtin glob implementation on Mac OS X.  Based on a patch from
+   vgiffin at apple.
+
+20071229
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2007/12/12 05:04:03
+     [sftp.c]
+     unbreak lls command and add a regress test that would have caught the
+     breakage; spotted by mouring@
+   - dtucker@cvs.openbsd.org 2007/12/27 14:22:08
+     [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
+      sshd.c]
+     Add a small helper function to consistently handle the EAI_SYSTEM error
+     code of getaddrinfo.  Prompted by vgiffin at apple com via bz #1417.
+     ok markus@ stevesk@
+   - dtucker@cvs.openbsd.org 2007/12/28 15:32:24
+     [clientloop.c serverloop.c packet.c]
+     Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
+     ServerAlive and ClientAlive timers.  Prevents dropping a connection
+     when these are enabled but the peer does not support our keepalives.
+     bz #1307, ok djm@.
+   - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
+     [clientloop.c]
+     Use the correct packet maximum sizes for remote port and agent forwarding.
+     Prevents the server from killing the connection if too much data is queued
+     and an excessively large packet gets sent.  bz #1360, ok djm@.
+
 20071202
  - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
    gcc supports it.  ok djm@
@@ -17,6 +183,30 @@
      Send config block back to slave for invalid users too so options
      set by a Match block (eg Banner) behave the same for non-existent
      users.  Found by and ok djm@
+   - dtucker@cvs.openbsd.org 2007/10/29 06:51:59
+     [ssh_config.5]
+     ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
+   - dtucker@cvs.openbsd.org 2007/10/29 06:54:50
+     [ssh.c]
+     Make LocalCommand work for Protocol 1 too; ok djm@
+   - jmc@cvs.openbsd.org 2007/10/29 07:48:19
+     [ssh_config.5]
+     clean up after previous macro removal;
+   - djm@cvs.openbsd.org 2007/11/03 00:36:14
+     [clientloop.c]
+     fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
+     ok dtucker@
+   - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
+     [ssh.c]
+     bz #1377: getpwuid results were being clobbered by another getpw* call
+     inside tilde_expand_filename(); save the data we need carefully
+     ok djm
+   - dtucker@cvs.openbsd.org 2007/11/03 02:00:32
+     [ssh.c]
+     Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
+   - deraadt@cvs.openbsd.org 2007/11/03 02:03:49
+     [ssh.c]
+     avoid errno trashing in signal handler; ok dtucker
 
 20071030
  - (djm) OpenBSD CVS Sync