120110101 2 - Finally update for OpenSSH 5.6p1 3 - Add GSSAPIServerIdentity option from Jim Basney 4 520100308 6 - [ Makefile.in, key.c, key.h ] 7 Updates for OpenSSH 5.4p1 8 - [ servconf.c ] 9 Include GSSAPI options in the sshd -T configuration dump, and flag 10 some older configuration options as being unsupported. Thanks to Colin 11 Watson. 12 - 13 1420100124 15 - [ sshconnect2.c ] 16 Adapt to deal with additional element in Authmethod structure. Thanks to 17 Colin Watson 18 1920090615 20 - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c 21 sshd.c ] 22 Fix issues identified by Greg Hudson following a code review 23 Check return value of gss_indicate_mechs 24 Protect GSSAPI calls in monitor, so they can only be used if enabled 25 Check return values of bignum functions in key exchange 26 Use BN_clear_free to clear other side's DH value 27 Make ssh_gssapi_id_kex more robust 28 Only configure kex table pointers if GSSAPI is enabled 29 Don't leak mechanism list, or gss mechanism list 30 Cast data.length before printing 31 If serverkey isn't provided, use an empty string, rather than NULL 32 3320090201 34 - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h 35 ssh_config.5 sshconnet2.c ] 36 Add support for the GSSAPIClientIdentity option, which allows the user 37 to specify which GSSAPI identity to use to contact a given server 38 3920080404 40 - [ gss-serv.c ] 41 Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow 42 been omitted from a previous version of this patch. Reported by Borislav 43 Stoichkov 44 4520070317 46 - [ gss-serv-krb5.c ] 47 Remove C99ism, where new_ccname was being declared in the middle of a 48 function 49 5020061220 51 - [ servconf.c ] 52 Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and 53 documented, behaviour. Reported by Dan Watson. 54 5520060910 56 - [ gss-genr.c kexgssc.c kexgsss.c kex.h monitor.c sshconnect2.c sshd.c 57 ssh-gss.h ] 58 add support for gss-group14-sha1 key exchange mechanisms 59 - [ gss-serv.c servconf.c servconf.h sshd_config sshd_config.5 ] 60 Add GSSAPIStrictAcceptorCheck option to allow the disabling of 61 acceptor principal checking on multi-homed machines. 62 <Bugzilla #928> 63 - [ sshd_config ssh_config ] 64 Add settings for GSSAPIKeyExchange and GSSAPITrustDNS to the sample 65 configuration files 66 - [ kexgss.c kegsss.c sshconnect2.c sshd.c ] 67 Code cleanup. Replace strlen/xmalloc/snprintf sequences with xasprintf() 68 Limit length of error messages displayed by client 69 7020060909 71 - [ gss-genr.c gss-serv.c ] 72 move ssh_gssapi_acquire_cred() and ssh_gssapi_server_ctx to be server 73 only, where they belong 74 <Bugzilla #1225> 75 7620060829 77 - [ gss-serv-krb5.c ] 78 Fix CCAPI credentials cache name when creating KRB5CCNAME environment 79 variable 80 8120060828 82 - [ gss-genr.c ] 83 Avoid Heimdal context freeing problem 84 <Fixed upstream 20060829> 85 8620060818 87 - [ gss-genr.c ssh-gss.h sshconnect2.c ] 88 Make sure that SPENGO is disabled 89 <Bugzilla #1218 - Fixed upstream 20060818> 90 9120060421 92 - [ gssgenr.c, sshconnect2.c ] 93 a few type changes (signed versus unsigned, int versus size_t) to 94 fix compiler errors/warnings 95 (from jbasney AT ncsa.uiuc.edu) 96 - [ kexgssc.c, sshconnect2.c ] 97 fix uninitialized variable warnings 98 (from jbasney AT ncsa.uiuc.edu) 99 - [ gssgenr.c ] 100 pass oid to gss_display_status (helpful when using GSSAPI mechglue) 101 (from jbasney AT ncsa.uiuc.edu) 102 <Bugzilla #1220 > 103 - [ gss-serv-krb5.c ] 104 #ifdef HAVE_GSSAPI_KRB5 should be #ifdef HAVE_GSSAPI_KRB5_H 105 (from jbasney AT ncsa.uiuc.edu) 106 <Fixed upstream 20060304> 107 - [ readconf.c, readconf.h, ssh_config.5, sshconnect2.c 108 add client-side GssapiKeyExchange option 109 (from jbasney AT ncsa.uiuc.edu) 110 - [ sshconnect2.c ] 111 add support for GssapiTrustDns option for gssapi-with-mic 112 (from jbasney AT ncsa.uiuc.edu) 113 <gssapi-with-mic support is Bugzilla #1008> 114