diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-24 22:46:54 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-24 22:46:54 +0000 |
commit | 59247ecde39f2d826a94ab07f6095ca1f6644e88 (patch) | |
tree | 5910d4a840352aafbf67e8a39fa63936e5529b26 /ChangeLog | |
parent | 07d905b406c4ab64ea2f10a22f4f8f0d595269f6 (diff) | |
parent | 964476f91b66c475d5b8fa1e8b28d39a97a1b56e (diff) |
* New upstream release.
* Update to GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 279 |
1 files changed, 279 insertions, 0 deletions
@@ -1,3 +1,282 @@ | |||
1 | 20090926 | ||
2 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
3 | [contrib/suse/openssh.spec] Update for release | ||
4 | - (djm) [README] update relnotes URL | ||
5 | - (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere | ||
6 | - (djm) Release 5.3p1 | ||
7 | |||
8 | 20090911 | ||
9 | - (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X | ||
10 | 10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch | ||
11 | from jbasney at ncsa uiuc edu. | ||
12 | |||
13 | 20090908 | ||
14 | - (djm) [serverloop.c] Fix test for server-assigned remote forwarding port | ||
15 | (-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@ | ||
16 | |||
17 | 20090901 | ||
18 | - (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for | ||
19 | krb5-config if it's not in the location specified by --with-kerberos5. | ||
20 | Patch from jchadima at redhat. | ||
21 | |||
22 | 20090829 | ||
23 | - (dtucker) [README.platform] Add text about development packages, based on | ||
24 | text from Chris Pepper in bug #1631. | ||
25 | |||
26 | 20090828 | ||
27 | - dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently | ||
28 | causes problems in some Tru64 configurations. | ||
29 | - (djm) [sshd_config.5] downgrade mention of login.conf to be an example | ||
30 | and mention PAM as another provider for ChallengeResponseAuthentication; | ||
31 | bz#1408; ok dtucker@ | ||
32 | - (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when | ||
33 | attempting atomic rename(); ok dtucker@ | ||
34 | - (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables | ||
35 | in argv, so pass them in the environment; ok dtucker@ | ||
36 | - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on | ||
37 | the pty master on Solaris, since it never succeeds and can hang if large | ||
38 | amounts of data is sent to the slave (eg a copy-paste). Based on a patch | ||
39 | originally from Doke Scott, ok djm@ | ||
40 | - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer | ||
41 | size a compile-time option and set it to 64k on Cygwin, since Corinna | ||
42 | reports that it makes a significant difference to performance. ok djm@ | ||
43 | - (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry. | ||
44 | |||
45 | 20090820 | ||
46 | - (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not | ||
47 | using it since the type conflicts can cause problems on FreeBSD. Patch | ||
48 | from Jonathan Chen. | ||
49 | - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move | ||
50 | the setpcred call on AIX to immediately before the permanently_set_uid(). | ||
51 | Ensures that we still have privileges when we call chroot and | ||
52 | pam_open_sesson. Based on a patch from David Leonard. | ||
53 | |||
54 | 20090817 | ||
55 | - (dtucker) [configure.ac] Check for headers before libraries for openssl an | ||
56 | zlib, which should make the errors slightly more meaningful on platforms | ||
57 | where there's separate "-devel" packages for those. | ||
58 | - (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make | ||
59 | PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders. | ||
60 | |||
61 | 20090729 | ||
62 | - (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error | ||
63 | function. Patch from Corinna Vinschen. | ||
64 | |||
65 | 20090713 | ||
66 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it | ||
67 | fits into 16 bits to work around a bug in glibc's resolver where it masks | ||
68 | off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob. | ||
69 | |||
70 | 20090712 | ||
71 | - (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test, | ||
72 | prevents configure complaining on older BSDs. | ||
73 | - (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch | ||
74 | from Corinna Vinschen. | ||
75 | - (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on | ||
76 | logout to after the session close. Patch from Anicka Bernathova, | ||
77 | originally from Andreas Schwab via Novelll ok djm. | ||
78 | |||
79 | 20090707 | ||
80 | - (dtucker) [contrib/cygwin/ssh-host-config] better support for automated | ||
81 | scripts and fix usage of eval. Patch from Corinna Vinschen. | ||
82 | |||
83 | 20090705 | ||
84 | - (dtucker) OpenBSD CVS Sync | ||
85 | - andreas@cvs.openbsd.org 2009/06/27 09:29:06 | ||
86 | [packet.h packet.c] | ||
87 | packet_bacup_state() and packet_restore_state() will be used to | ||
88 | temporarily save the current state ren resuming a suspended connection. | ||
89 | ok markus@ | ||
90 | - andreas@cvs.openbsd.org 2009/06/27 09:32:43 | ||
91 | [roaming_common.c roaming.h] | ||
92 | It may be necessary to retransmit some data when resuming, so add it | ||
93 | to a buffer when roaming is enabled. | ||
94 | Most of this code was written by Martin Forssen, maf at appgate dot com. | ||
95 | ok markus@ | ||
96 | - andreas@cvs.openbsd.org 2009/06/27 09:35:06 | ||
97 | [readconf.h readconf.c] | ||
98 | Add client option UseRoaming. It doesn't do anything yet but will | ||
99 | control whether the client tries to use roaming if enabled on the | ||
100 | server. From Martin Forssen. | ||
101 | ok markus@ | ||
102 | - markus@cvs.openbsd.org 2009/06/30 14:54:40 | ||
103 | [version.h] | ||
104 | crank version; ok deraadt | ||
105 | - dtucker@cvs.openbsd.org 2009/07/02 02:11:47 | ||
106 | [ssh.c] | ||
107 | allow for long home dir paths (bz #1615). ok deraadt | ||
108 | (based in part on a patch from jchadima at redhat) | ||
109 | - stevesk@cvs.openbsd.org 2009/07/05 19:28:33 | ||
110 | [clientloop.c] | ||
111 | only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@ | ||
112 | ok deraadt@ markus@ | ||
113 | |||
114 | 20090622 | ||
115 | - (dtucker) OpenBSD CVS Sync | ||
116 | - dtucker@cvs.openbsd.org 2009/06/22 05:39:28 | ||
117 | [monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c] | ||
118 | alphabetize includes; reduces diff vs portable and style(9). | ||
119 | ok stevesk djm | ||
120 | (Id sync only; these were already in order in -portable) | ||
121 | |||
122 | 20090621 | ||
123 | - (dtucker) OpenBSD CVS Sync | ||
124 | - markus@cvs.openbsd.org 2009/03/17 21:37:00 | ||
125 | [ssh.c] | ||
126 | pass correct argv[0] to openlog(); ok djm@ | ||
127 | - jmc@cvs.openbsd.org 2009/03/19 15:15:09 | ||
128 | [ssh.1] | ||
129 | for "Ciphers", just point the reader to the keyword in ssh_config(5), just | ||
130 | as we do for "MACs": this stops us getting out of sync when the lists | ||
131 | change; | ||
132 | fixes documentation/6102, submitted by Peter J. Philipp | ||
133 | alternative fix proposed by djm | ||
134 | ok markus | ||
135 | - tobias@cvs.openbsd.org 2009/03/23 08:31:19 | ||
136 | [ssh-agent.c] | ||
137 | Fixed a possible out-of-bounds memory access if the environment variable | ||
138 | SHELL is shorter than 3 characters. | ||
139 | with input by and ok dtucker | ||
140 | - tobias@cvs.openbsd.org 2009/03/23 19:38:04 | ||
141 | [ssh-agent.c] | ||
142 | My previous commit didn't fix the problem at all, so stick at my first | ||
143 | version of the fix presented to dtucker. | ||
144 | Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). | ||
145 | ok dtucker | ||
146 | - sobrado@cvs.openbsd.org 2009/03/26 08:38:39 | ||
147 | [sftp-server.8 sshd.8 ssh-agent.1] | ||
148 | fix a few typographical errors found by spell(1). | ||
149 | ok dtucker@, jmc@ | ||
150 | - stevesk@cvs.openbsd.org 2009/04/13 19:07:44 | ||
151 | [sshd_config.5] | ||
152 | fix possessive; ok djm@ | ||
153 | - stevesk@cvs.openbsd.org 2009/04/14 16:33:42 | ||
154 | [sftp-server.c] | ||
155 | remove unused option character from getopt() optstring; ok markus@ | ||
156 | - jj@cvs.openbsd.org 2009/04/14 21:10:54 | ||
157 | [servconf.c] | ||
158 | Fixed a few the-the misspellings in comments. Skipped a bunch in | ||
159 | binutils,gcc and so on. ok jmc@ | ||
160 | - stevesk@cvs.openbsd.org 2009/04/17 19:23:06 | ||
161 | [session.c] | ||
162 | use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; | ||
163 | ok djm@ markus@ | ||
164 | - stevesk@cvs.openbsd.org 2009/04/17 19:40:17 | ||
165 | [sshd_config.5] | ||
166 | clarify that even internal-sftp needs /dev/log for logging to work; ok | ||
167 | markus@ | ||
168 | - jmc@cvs.openbsd.org 2009/04/18 18:39:10 | ||
169 | [sshd_config.5] | ||
170 | tweak previous; ok stevesk | ||
171 | - stevesk@cvs.openbsd.org 2009/04/21 15:13:17 | ||
172 | [sshd_config.5] | ||
173 | clarify we cd to user's home after chroot; ok markus@ on | ||
174 | earlier version; tweaks and ok jmc@ | ||
175 | - andreas@cvs.openbsd.org 2009/05/25 06:48:01 | ||
176 | [channels.c packet.c clientloop.c packet.h serverloop.c monitor_wrap.c | ||
177 | monitor.c] | ||
178 | Put the globals in packet.c into a struct and don't access it directly | ||
179 | from other files. No functional changes. | ||
180 | ok markus@ djm@ | ||
181 | - andreas@cvs.openbsd.org 2009/05/27 06:31:25 | ||
182 | [canohost.h canohost.c] | ||
183 | Add clear_cached_addr(), needed for upcoming changes allowing the peer | ||
184 | address to change. | ||
185 | ok markus@ | ||
186 | - andreas@cvs.openbsd.org 2009/05/27 06:33:39 | ||
187 | [clientloop.c] | ||
188 | Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger | ||
189 | change from Martin Forssen, maf at appgate dot com. | ||
190 | ok markus@ | ||
191 | - andreas@cvs.openbsd.org 2009/05/27 06:34:36 | ||
192 | [kex.c kex.h] | ||
193 | Move the KEX_COOKIE_LEN define to kex.h | ||
194 | ok markus@ | ||
195 | - andreas@cvs.openbsd.org 2009/05/27 06:36:07 | ||
196 | [packet.h packet.c] | ||
197 | Add packet_put_int64() and packet_get_int64(), part of a larger change | ||
198 | from Martin Forssen. | ||
199 | ok markus@ | ||
200 | - andreas@cvs.openbsd.org 2009/05/27 06:38:16 | ||
201 | [sshconnect.h sshconnect.c] | ||
202 | Un-static ssh_exchange_identification(), part of a larger change from | ||
203 | Martin Forssen and needed for upcoming changes. | ||
204 | ok markus@ | ||
205 | - andreas@cvs.openbsd.org 2009/05/28 16:50:16 | ||
206 | [sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c | ||
207 | monitor.c Added roaming.h roaming_common.c roaming_dummy.c] | ||
208 | Keep track of number of bytes read and written. Needed for upcoming | ||
209 | changes. Most code from Martin Forssen, maf at appgate dot com. | ||
210 | ok markus@ | ||
211 | Also, applied appropriate changes to Makefile.in | ||
212 | - andreas@cvs.openbsd.org 2009/06/12 20:43:22 | ||
213 | [monitor.c packet.c] | ||
214 | Fix warnings found by chl@ and djm@ and change roaming_atomicio's | ||
215 | return type to match atomicio's | ||
216 | Diff from djm@, ok markus@ | ||
217 | - andreas@cvs.openbsd.org 2009/06/12 20:58:32 | ||
218 | [packet.c] | ||
219 | Move some more statics into session_state | ||
220 | ok markus@ djm@ | ||
221 | - dtucker@cvs.openbsd.org 2009/06/21 07:37:15 | ||
222 | [kexdhs.c kexgexs.c] | ||
223 | abort if key_sign fails, preventing possible null deref. Based on report | ||
224 | from Paolo Ganci, ok markus@ djm@ | ||
225 | - dtucker@cvs.openbsd.org 2009/06/21 09:04:03 | ||
226 | [roaming.h roaming_common.c roaming_dummy.c] | ||
227 | Add tags for the benefit of the sync scripts | ||
228 | Also: pull in the changes for 1.1->1.2 missed in the previous sync. | ||
229 | - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and | ||
230 | header-order changes to reduce diff vs OpenBSD. | ||
231 | - (dtucker) [servconf.c sshd.c] More whitespace sync. | ||
232 | - (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include <inttypes.h> in | ||
233 | ifdef. | ||
234 | |||
235 | 20090616 | ||
236 | - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t | ||
237 | is a struct with a __val member. Fixes build on, eg, Redhat 6.2. | ||
238 | |||
239 | 20090504 | ||
240 | - (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include | ||
241 | variable declarations. Should prevent unused warnings anywhere it's set | ||
242 | (only Crays as far as I can tell) and be a no-op everywhere else. | ||
243 | |||
244 | 20090318 | ||
245 | - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem | ||
246 | that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005. | ||
247 | Based on patch from vinschen at redhat com. | ||
248 | |||
249 | 20090308 | ||
250 | - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c | ||
251 | auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} | ||
252 | openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old | ||
253 | version of Cygwin. Patch from vinschen at redhat com. | ||
254 | |||
255 | 20090307 | ||
256 | - (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it | ||
257 | exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS | ||
258 | has a /dev/random). | ||
259 | - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add | ||
260 | EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c | ||
261 | to use them. Allows building with older OpenSSL versions. | ||
262 | - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed. | ||
263 | - (dtucker) [configure.ac] Missing comma in type list. | ||
264 | - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] | ||
265 | EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg | ||
266 | in openssl 0.9.6) so add an explicit test for it. | ||
267 | |||
268 | 20090306 | ||
269 | - (djm) OpenBSD CVS Sync | ||
270 | - djm@cvs.openbsd.org 2009/03/05 07:18:19 | ||
271 | [auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c] | ||
272 | [sshconnect2.c] | ||
273 | refactor the (disabled) Schnorr proof code to make it a little more | ||
274 | generally useful | ||
275 | - djm@cvs.openbsd.org 2009/03/05 11:30:50 | ||
276 | [uuencode.c] | ||
277 | document what these functions do so I don't ever have to recuse into | ||
278 | b64_pton/ntop to remember their return values | ||
279 | |||
1 | 20090223 | 280 | 20090223 |
2 | - (djm) OpenBSD CVS Sync | 281 | - (djm) OpenBSD CVS Sync |
3 | - djm@cvs.openbsd.org 2009/02/22 23:50:57 | 282 | - djm@cvs.openbsd.org 2009/02/22 23:50:57 |