diff options
Diffstat (limited to 'ChangeLog.gssapi')
-rw-r--r-- | ChangeLog.gssapi | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi new file mode 100644 index 000000000..0c3f5a44f --- /dev/null +++ b/ChangeLog.gssapi | |||
@@ -0,0 +1,103 @@ | |||
1 | 20100124 | ||
2 | - [ sshconnect2.c ] | ||
3 | Adapt to deal with additional element in Authmethod structure. Thanks to | ||
4 | Colin Wilson | ||
5 | - [ clientloop.c ] | ||
6 | Protect credentials updated code with suitable #ifdefs. Thanks to Colin | ||
7 | Wilson | ||
8 | |||
9 | 20090615 | ||
10 | - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c | ||
11 | sshd.c ] | ||
12 | Fix issues identified by Greg Hudson following a code review | ||
13 | Check return value of gss_indicate_mechs | ||
14 | Protect GSSAPI calls in monitor, so they can only be used if enabled | ||
15 | Check return values of bignum functions in key exchange | ||
16 | Use BN_clear_free to clear other side's DH value | ||
17 | Make ssh_gssapi_id_kex more robust | ||
18 | Only configure kex table pointers if GSSAPI is enabled | ||
19 | Don't leak mechanism list, or gss mechanism list | ||
20 | Cast data.length before printing | ||
21 | If serverkey isn't provided, use an empty string, rather than NULL | ||
22 | |||
23 | 20090201 | ||
24 | - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h | ||
25 | ssh_config.5 sshconnet2.c ] | ||
26 | Add support for the GSSAPIClientIdentity option, which allows the user | ||
27 | to specify which GSSAPI identity to use to contact a given server | ||
28 | |||
29 | 20080404 | ||
30 | - [ gss-serv.c ] | ||
31 | Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow | ||
32 | been omitted from a previous version of this patch. Reported by Borislav | ||
33 | Stoichkov | ||
34 | |||
35 | 20070317 | ||
36 | - [ gss-serv-krb5.c ] | ||
37 | Remove C99ism, where new_ccname was being declared in the middle of a | ||
38 | function | ||
39 | |||
40 | 20061220 | ||
41 | - [ servconf.c ] | ||
42 | Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and | ||
43 | documented, behaviour. Reported by Dan Watson. | ||
44 | |||
45 | 20060910 | ||
46 | - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c | ||
47 | ssh-gss.h ] | ||
48 | add support for gss-group14-sha1 key exchange mechanisms | ||
49 | - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ] | ||
50 | Add GSSAPIStrictAcceptorCheck option to allow the disabling of | ||
51 | acceptor principal checking on multi-homed machines. | ||
52 | <Bugzilla #928> | ||
53 | - [ sshd_config ssh_config ] | ||
54 | Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample | ||
55 | configuration files | ||
56 | - [ kexgss.c kegsss.c sshconnect2.c sshd.c ] | ||
57 | Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf() | ||
58 | Limit length of error messages displayed by client | ||
59 | |||
60 | 20060909 | ||
61 | - [ gss-genr.c gss-serv.c ] | ||
62 | move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server | ||
63 | only, where they belong | ||
64 | <Bugzilla #1225> | ||
65 | |||
66 | 20060829 | ||
67 | - [ gss-serv-krb5.c ] | ||
68 | Fix CCAPI credentials cache name when creating KRB5CCNAME environment | ||
69 | variable | ||
70 | |||
71 | 20060828 | ||
72 | - [ gss-genr.c ] | ||
73 | Avoid Heimdal context freeing problem | ||
74 | <Fixed upstream 20060829> | ||
75 | |||
76 | 20060818 | ||
77 | - [ gss-genr.c ssh-gss.h sshconnect2.c ] | ||
78 | Make sure that SPENGO is disabled | ||
79 | <Bugzilla #1218 - Fixed upstream 20060818> | ||
80 | |||
81 | 20060421 | ||
82 | - [ gssgenr.c, sshconnect2.c ] | ||
83 | a few type changes (signed versus unsigned, int versus size_t) to | ||
84 | fix compiler errors/warnings | ||
85 | (from jbasney AT ncsa.uiuc.edu) | ||
86 | - [ kexgssc.c, sshconnect2.c ] | ||
87 | fix uninitialized variable warnings | ||
88 | (from jbasney AT ncsa.uiuc.edu) | ||
89 | - [ gssgenr.c ] | ||
90 | pass oid to gss_display_status (helpful when using GSSAPI mechglue) | ||
91 | (from jbasney AT ncsa.uiuc.edu) | ||
92 | <Bugzilla #1220 > | ||
93 | - [ gss-serv-krb5.c ] | ||
94 | #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H | ||
95 | (from jbasney AT ncsa.uiuc.edu) | ||
96 | <Fixed upstream 20060304> | ||
97 | - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c | ||
98 | add client-side GssapiKeyExchange option | ||
99 | (from jbasney AT ncsa.uiuc.edu) | ||
100 | - [ sshconnect2.c ] | ||
101 | add support for GssapiTrustDns option for gssapi-with-mic | ||
102 | (from jbasney AT ncsa.uiuc.edu) | ||
103 | <gssapi-with-mic support is Bugzilla #1008> | ||