1 files changed, 113 insertions, 0 deletions
diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi
new file mode 100644
index 000000000..f117a336a
--- /dev/null
+++ b/ChangeLog.gssapi
@@ -0,0 +1,113 @@
+20110101
+  - Finally update for OpenSSH 5.6p1
+  - Add GSSAPIServerIdentity option from Jim Basney
+ 
+20100308
+  - [ Makefile.in, key.c, key.h ]
+    Updates for OpenSSH 5.4p1
+  - [ servconf.c ]
+    Include GSSAPI options in the sshd -T configuration dump, and flag
+    some older configuration options as being unsupported. Thanks to Colin 
+    Watson.
+  -
+20100124
+  - [ sshconnect2.c ]
+    Adapt to deal with additional element in Authmethod structure. Thanks to
+    Colin Watson
+20090615
+  - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
+      sshd.c ]
+    Fix issues identified by Greg Hudson following a code review
+        Check return value of gss_indicate_mechs
+        Protect GSSAPI calls in monitor, so they can only be used if enabled
+        Check return values of bignum functions in key exchange
+        Use BN_clear_free to clear other side's DH value
+        Make ssh_gssapi_id_kex more robust
+        Only configure kex table pointers if GSSAPI is enabled
+        Don't leak mechanism list, or gss mechanism list
+        Cast data.length before printing
+        If serverkey isn't provided, use an empty string, rather than NULL
+20090201
+  - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h
+      ssh_config.5 sshconnet2.c ]
+    Add support for the GSSAPIClientIdentity option, which allows the user
+    to specify which GSSAPI identity to use to contact a given server
+20080404
+  - [ gss-serv.c ]
+    Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
+    been omitted from a previous version of this patch. Reported by Borislav
+    Stoichkov
+20070317
+  - [ gss-serv-krb5.c ]
+    Remove C99ism, where new_ccname was being declared in the middle of a 
+    function
+20061220
+  - [ servconf.c ]
+    Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and 
+    documented, behaviour. Reported by Dan Watson.
+20060910
+  - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c
+      ssh-gss.h ]
+    add support for gss-group14-sha1 key exchange mechanisms
+  - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ]
+    Add GSSAPIStrictAcceptorCheck option to allow the disabling of
+    acceptor principal checking on multi-homed machines.
+    <Bugzilla #928>
+  - [ sshd_config ssh_config ]
+    Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample
+    configuration files
+  - [ kexgss.c kegsss.c sshconnect2.c sshd.c ]
+    Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf()
+    Limit length of error messages displayed by client
+20060909
+  - [ gss-genr.c gss-serv.c ]
+    move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server
+    only, where they belong 
+    <Bugzilla #1225>
+20060829
+  - [ gss-serv-krb5.c ]
+    Fix CCAPI credentials cache name when creating KRB5CCNAME environment 
+    variable
+20060828
+  - [ gss-genr.c ]
+    Avoid Heimdal context freeing problem
+    <Fixed upstream 20060829>
+20060818
+  - [ gss-genr.c ssh-gss.h sshconnect2.c ]
+    Make sure that SPENGO is disabled 
+    <Bugzilla #1218 - Fixed upstream 20060818>
+20060421
+  - [ gssgenr.c, sshconnect2.c ]
+    a few type changes (signed versus unsigned, int versus size_t) to
+    fix compiler errors/warnings 
+    (from jbasney AT ncsa.uiuc.edu)
+  - [ kexgssc.c, sshconnect2.c ]
+    fix uninitialized variable warnings
+    (from jbasney AT ncsa.uiuc.edu)
+  - [ gssgenr.c ]
+    pass oid to gss_display_status (helpful when using GSSAPI mechglue)
+    (from jbasney AT ncsa.uiuc.edu)
+    <Bugzilla #1220 >
+  - [ gss-serv-krb5.c ]
+    #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H
+    (from jbasney AT ncsa.uiuc.edu)
+    <Fixed upstream 20060304>
+  - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c 
+    add client-side GssapiKeyExchange option
+    (from jbasney AT ncsa.uiuc.edu)
+  - [ sshconnect2.c ]
+    add support for GssapiTrustDns option for gssapi-with-mic
+    (from jbasney AT ncsa.uiuc.edu)
+    <gssapi-with-mic support is Bugzilla #1008>

diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi new file mode 100644 index 000000000..f117a336a --- /dev/null +++ b/ChangeLog.gssapi
@@ -0,0 +1,113 @@
	1	20110101
	2	- Finally update for OpenSSH 5.6p1
	3	- Add GSSAPIServerIdentity option from Jim Basney
	4
	5	20100308
	6	- [ Makefile.in, key.c, key.h ]
	7	Updates for OpenSSH 5.4p1
	8	- [ servconf.c ]
	9	Include GSSAPI options in the sshd -T configuration dump, and flag
	10	some older configuration options as being unsupported. Thanks to Colin
	11	Watson.
	12	-
	13
	14	20100124
	15	- [ sshconnect2.c ]
	16	Adapt to deal with additional element in Authmethod structure. Thanks to
	17	Colin Watson
	18
	19	20090615
	20	- [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
	21	sshd.c ]
	22	Fix issues identified by Greg Hudson following a code review
	23	Check return value of gss_indicate_mechs
	24	Protect GSSAPI calls in monitor, so they can only be used if enabled
	25	Check return values of bignum functions in key exchange
	26	Use BN_clear_free to clear other side's DH value
	27	Make ssh_gssapi_id_kex more robust
	28	Only configure kex table pointers if GSSAPI is enabled
	29	Don't leak mechanism list, or gss mechanism list
	30	Cast data.length before printing
	31	If serverkey isn't provided, use an empty string, rather than NULL
	32
	33	20090201
	34	- [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h
	35	ssh_config.5 sshconnet2.c ]
	36	Add support for the GSSAPIClientIdentity option, which allows the user
	37	to specify which GSSAPI identity to use to contact a given server
	38
	39	20080404
	40	- [ gss-serv.c ]
	41	Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
	42	been omitted from a previous version of this patch. Reported by Borislav
	43	Stoichkov
	44
	45	20070317
	46	- [ gss-serv-krb5.c ]
	47	Remove C99ism, where new_ccname was being declared in the middle of a
	48	function
	49
	50	20061220
	51	- [ servconf.c ]
	52	Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and
	53	documented, behaviour. Reported by Dan Watson.
	54
	55	20060910
	56	- [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c
	57	ssh-gss.h ]
	58	add support for gss-group14-sha1 key exchange mechanisms
	59	- [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ]
	60	Add GSSAPIStrictAcceptorCheck option to allow the disabling of
	61	acceptor principal checking on multi-homed machines.
	62	<Bugzilla #928>
	63	- [ sshd_config ssh_config ]
	64	Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample
	65	configuration files
	66	- [ kexgss.c kegsss.c sshconnect2.c sshd.c ]
	67	Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf()
	68	Limit length of error messages displayed by client
	69
	70	20060909
	71	- [ gss-genr.c gss-serv.c ]
	72	move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server
	73	only, where they belong
	74	<Bugzilla #1225>
	75
	76	20060829
	77	- [ gss-serv-krb5.c ]
	78	Fix CCAPI credentials cache name when creating KRB5CCNAME environment
	79	variable
	80
	81	20060828
	82	- [ gss-genr.c ]
	83	Avoid Heimdal context freeing problem
	84	<Fixed upstream 20060829>
	85
	86	20060818
	87	- [ gss-genr.c ssh-gss.h sshconnect2.c ]
	88	Make sure that SPENGO is disabled
	89	<Bugzilla #1218 - Fixed upstream 20060818>
	90
	91	20060421
	92	- [ gssgenr.c, sshconnect2.c ]
	93	a few type changes (signed versus unsigned, int versus size_t) to
	94	fix compiler errors/warnings
	95	(from jbasney AT ncsa.uiuc.edu)
	96	- [ kexgssc.c, sshconnect2.c ]
	97	fix uninitialized variable warnings
	98	(from jbasney AT ncsa.uiuc.edu)
	99	- [ gssgenr.c ]
	100	pass oid to gss_display_status (helpful when using GSSAPI mechglue)
	101	(from jbasney AT ncsa.uiuc.edu)
	102	<Bugzilla #1220 >
	103	- [ gss-serv-krb5.c ]
	104	#ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H
	105	(from jbasney AT ncsa.uiuc.edu)
	106	<Fixed upstream 20060304>
	107	- [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c
	108	add client-side GssapiKeyExchange option
	109	(from jbasney AT ncsa.uiuc.edu)
	110	- [ sshconnect2.c ]
	111	add support for GssapiTrustDns option for gssapi-with-mic
	112	(from jbasney AT ncsa.uiuc.edu)
	113	<gssapi-with-mic support is Bugzilla #1008>