X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/e68868a1fb5f5c4ac85dcd35a64c2952ba71bc03..16076ac940ffdc4d07ad57b3b15f39ac6e0da129:/ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 177d7dd0..2799540e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,150 @@
+20090107
+ - (tim) [configure.ac defines.h openbsd-compat/port-uw.c
+   openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
+   OK djm@ dtucker@
+
+20081209
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/12/09 02:38:18
+     [clientloop.c]
+     The ~C escape handler does not work correctly for multiplexed sessions -
+     it opens a commandline on the master session, instead of on the slave
+     that requested it. Disable it on slave sessions until such time as it
+     is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
+     ok markus@
+   - djm@cvs.openbsd.org 2008/12/09 02:39:59
+     [sftp.c]
+     Deal correctly with failures in remote stat() operation in sftp,
+     correcting fail-on-error behaviour in batchmode. bz#1541 report and
+     fix from anedvedicky AT gmail.com; ok markus@
+   - djm@cvs.openbsd.org 2008/12/09 02:58:16
+     [readconf.c]
+     don't leave junk (free'd) pointers around in Forward *fwd argument on
+     failure; avoids double-free in ~C -L handler when given an invalid
+     forwarding specification; bz#1539 report from adejong AT debian.org
+     via Colin Watson; ok markus@ dtucker@
+   - djm@cvs.openbsd.org 2008/12/09 03:02:37
+     [sftp.1 sftp.c]
+     correct sftp(1) and corresponding usage syntax;
+     bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
+
+20081208
+ - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
+   use some stack in main().
+   Report and suggested fix from vapier AT gentoo.org
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2008/12/02 19:01:07
+     [clientloop.c]
+     we have to use the recipient's channel number (RFC 4254) for
+     SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
+     otherwise we trigger 'Non-public channel' error messages on sshd
+     systems with clientkeepalive enabled; noticed by sturm; ok djm;
+   - markus@cvs.openbsd.org 2008/12/02 19:08:59
+     [serverloop.c]
+     backout 1.149, since it's not necessary and openssh clients send
+     broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
+   - markus@cvs.openbsd.org 2008/12/02 19:09:38
+     [channels.c]
+     s/remote_id/id/ to be more consistent with other code; ok djm@
+
+20081201
+ - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}]  Add new doc files
+   and tweak the is-sshd-running check in ssh-host-config.  Patch from
+   vinschen at redhat com.
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2008/11/21 15:47:38
+     [packet.c]
+     packet_disconnect() on padding error, too.  should reduce the success
+     probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
+     ok djm@
+   - dtucker@cvs.openbsd.org 2008/11/30 11:59:26
+     [monitor_fdpass.c]
+     Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
+
+20081123
+ - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
+    declarations, removing an unnecessary union member and adding whitespace.
+    cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago.
+
+20081118
+ - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
+   member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
+   feedback by djm@
+
+20081111
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2008/11/05 11:22:54
+     [servconf.c]
+     passord -> password;
+     fixes user/5975 from Rene Maroufi
+   - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
+     [ssh-keygen.c]
+     spelling/typo in comment
+   - stevesk@cvs.openbsd.org 2008/11/07 18:50:18
+     [nchan.c]
+     add space to some log/debug messages for readability; ok djm@ markus@
+   - dtucker@cvs.openbsd.org 2008/11/07 23:34:48
+     [auth2-jpake.c]
+     Move JPAKE define to make life easier for portable.  ok djm@
+   - tobias@cvs.openbsd.org 2008/11/09 12:34:47
+     [session.c ssh.1]
+     typo fixed (overriden -> overridden)
+     ok espie, jmc
+   - stevesk@cvs.openbsd.org 2008/11/11 02:58:09
+     [servconf.c]
+     USE_AFS not referenced so remove #ifdef.  fixes sshd -T not printing
+     kerberosgetafstoken. ok dtucker@
+     (Id sync only, we still want the ifdef in portable)
+   - stevesk@cvs.openbsd.org 2008/11/11 03:55:11
+     [channels.c]
+     for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
+     permitopen's; ok and input dtucker@
+   - djm@cvs.openbsd.org 2008/11/10 02:06:35
+     [regress/putty-ciphers.sh]
+     PuTTY supports AES CTR modes, so interop test against them too
+
+20081105
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2008/11/03 08:59:41
+     [servconf.c]
+     include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
+   - djm@cvs.openbsd.org 2008/11/04 07:58:09
+     [auth.c]
+     need unistd.h for close() prototype
+     (ID sync only)
+   - djm@cvs.openbsd.org 2008/11/04 08:22:13
+     [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
+     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
+     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
+     [Makefile.in]
+     Add support for an experimental zero-knowledge password authentication
+     method using the J-PAKE protocol described in F. Hao, P. Ryan,
+     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
+     Security Protocols, Cambridge, April 2008.
+     
+     This method allows password-based authentication without exposing
+     the password to the server. Instead, the client and server exchange
+     cryptographic proofs to demonstrate of knowledge of the password while
+     revealing nothing useful to an attacker or compromised endpoint.
+     
+     This is experimental, work-in-progress code and is presently
+     compiled-time disabled (turn on -DJPAKE in Makefile.inc).
+     
+     "just commit it.  It isn't too intrusive." deraadt@
+   - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
+     [readconf.c]
+     because parse_forward() is now used to parse all forward types (DLR),
+     and it malloc's space for host variables, we don't need to malloc
+     here.  fixes small memory leaks.
+     
+     previously dynamic forwards were not parsed in parse_forward() and
+     space was not malloc'd in that case.
+     
+     ok djm@
+   - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
+     [clientloop.c ssh.1]
+     add dynamic forward escape command line; ok djm@
+
 20081103
  - OpenBSD CVS Sync
    - sthen@cvs.openbsd.org 2008/07/24 23:55:30
@@ -56,6 +203,63 @@
      [servconf.c sshd_config.5]
      support setting PermitEmptyPasswords in a Match block
      requested in PR3891; ok dtucker@
+   - jmc@cvs.openbsd.org 2008/10/09 06:54:22
+     [ssh.c]
+     add -y to usage();
+   - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
+     [scp.c]
+     spelling in comment; ok djm@
+   - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
+     [key.c]
+     typo in error message; ok djm@
+   - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
+     [ssh_config.5]
+     use 'Privileged ports can be forwarded only when logging in as root on
+     the remote machine.' for RemoteForward just like ssh.1 -R.
+     ok djm@ jmc@
+   - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
+     [sshconnect.c]
+     use #define ROQUIET here; no binary change. ok dtucker@
+   - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
+     [ssh_config.5]
+     correct and clarify VisualHostKey; ok jmc@
+   - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
+     [clientloop.c sshd.c]
+     don't need to #include "monitor_fdpass.h"
+   - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
+     [dispatch.c]
+     remove unused #define DISPATCH_MIN; ok markus@
+   - djm@cvs.openbsd.org 2008/11/01 04:50:08
+     [sshconnect2.c]
+     sprinkle ARGSUSED on dispatch handlers
+     nuke stale unusued prototype
+   - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
+     [channels.c]
+     fix some typos in log messages; ok djm@
+   - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
+     [ssh-keyscan.1 ssh-keyscan.c]
+     the ellipsis is not an optional argument; while here, improve spacing.
+   - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
+     [clientloop.c readconf.c readconf.h ssh.c]
+     merge dynamic forward parsing into parse_forward();
+     'i think this is OK' djm@
+   - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
+     [ttymodes.c]
+     protocol 2 tty modes support is now 7.5 years old so remove these
+     debug3()s; ok deraadt@
+   - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
+     [readconf.c]
+     remove valueless comment
+   - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
+     [readconf.c]
+     fix comment
+ - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
+   Make example scripts generate keys with default sizes rather than fixed,
+   non-default 1024 bits; patch from imorgan AT nas.nasa.gov
+ - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
+   [contrib/redhat/sshd.pam] Move pam_nologin to account group from
+   incorrect auth group in example files;
+   patch from imorgan AT nas.nasa.gov
 
 20080906
  - (dtucker) [config.guess config.sub] Update to latest versions from
@@ -4791,3 +4995,4 @@
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
 $Id$
+