# ChangeLog for net-misc/openssh # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.112 2005/01/22 15:56:17 aliz Exp $ 22 Jan 2005; Daniel Ahlberg +files/openssh-3.9_p1-pamfix.patch.bz2, openssh-3.9_p1-r1.ebuild: Added pamfix patch from upstream, closing #65343. 07 Jan 2005; Daniel Ahlberg +files/openssh-3.9_p1-terminal_restore.patch.bz2, openssh-3.9_p1-r1.ebuild: Fix terminal restoration after breaking out from sftp and scp, closing #63544. 30 Dec 2004; Bryan Østergaard openssh-3.9_p1-r1.ebuild: Stable on alpha, bug 59361. 29 Dec 2004; Hardave Riar openssh-3.9_p1-r1.ebuild: Stable on mips, bug #59361. 29 Dec 2004; Ciaran McCreesh : Change encoding to UTF-8 for GLEP 31 compliance 29 Dec 2004; Gustavo Zacarias openssh-3.9_p1-r1.ebuild: Stable on sparc wrt #59361 29 Dec 2004; Markus Rothe openssh-3.9_p1-r1.ebuild: Stable for security; bug #59361 29 Dec 2004; openssh-3.9_p1-r1.ebuild: stable on ppc glsa: 59361 *openssh-3.9_p1-r1 (28 Dec 2004) 28 Dec 2004; Mike Frysinger files/openssh-3.9_p1-chroot.patch, +openssh-3.9_p1-r1.ebuild, +files/openssh-3.9_p1-infoleak.patch: Add infoleak fix #59361 and allow the chroot patch to support PAM auth #72987. 16 Nov 2004; Mike Frysinger openssh-3.9_p1.ebuild: If USE=pam, then disable PasswordAuthentication since PAM overrides it #71233. 14 Sep 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, files/openssh-3.9_p1-fix_suid.patch.bz2: Fixed suid binary. 14 Sep 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, openssh-3.8.1_p1-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild, openssh-3.9_p1.ebuild, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2, files/openssh-3.7.1_p1-selinux.diff, files/openssh-3.7.1_p1-selinux.diff.bz2, files/openssh-3.7.1_p2-chroot.patch, files/openssh-3.7.1_p2-chroot.patch.bz2, files/openssh-3.7.1_p2-kerberos.patch, files/openssh-3.7.1_p2-kerberos.patch.bz2, files/openssh-3.7.1_p2-skey.patch, files/openssh-3.7.1_p2-skey.patch.bz2, files/openssh-3.8.1_p1-chroot.patch, files/openssh-3.8.1_p1-chroot.patch.bz2, files/openssh-3.8.1_p1-kerberos.patch, files/openssh-3.8.1_p1-kerberos.patch.bz2, files/openssh-3.8.1_p1-largekey.patch, files/openssh-3.8.1_p1-largekey.patch.bz2, files/openssh-3.8.1_p1-opensc.patch, files/openssh-3.8.1_p1-opensc.patch.bz2, files/openssh-3.8.1_p1-resolv_functions.patch, files/openssh-3.8.1_p1-resolv_functions.patch.bz2, files/openssh-3.8.1_p1-skey.patch, files/openssh-3.8_p1-resolv_functions.patch.bz2, files/openssh-3.8_p1-skey.patch, files/openssh-3.8_p1-skey.patch.bz2, files/openssh-3.9_p1-chroot.patch, files/openssh-3.9_p1-chroot.patch.bz2, files/openssh-3.9_p1-largekey.patch, files/openssh-3.9_p1-largekey.patch.bz2, files/openssh-3.9_p1-opensc.patch, files/openssh-3.9_p1-opensc.patch.bz2, files/openssh-3.9_p1-selinux.diff, files/openssh-3.9_p1-selinux.diff.bz2, files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch, files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, files/openssh-3.9_p1-skey.patch, files/openssh-3.9_p1-skey.patch.bz2, files/openssh-skeychallenge-args.diff, files/openssh-skeychallenge-args.diff.bz2: Compressed patches. 20 Aug 2004; Gustavo Zacarias openssh-3.8.1_p1-r1.ebuild: Stable on sparc 20 Aug 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch: Enable X509 now that a updated patch is available, closing #60905. Fix skey support by running autoconf, closing #60849. Disable pam if static is in USE, closing #60864. 19 Aug 2004; Chris PeBenito +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild: Update SELinux patch 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: Fixed sftplogging patch, closing #60417 again. *openssh-3.9_p1 (18 Aug 2004) 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild, openssh-3.9_p1.ebuild: Version bump, closing #60758. 16 Aug 2004; Daniel Ahlberg files/openssh-3.8.1_p1-largekey.patch: Fixed largekey patch. Closing #60417. *openssh-3.8.1_p1-r2 (15 Aug 2004) 15 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: + Added sftp-logging patch, closing #52168. + Added patch for large keys, closing #55013. 08 Jul 2004; Bryan Østergaard openssh-3.8.1_p1-r1.ebuild: Stable on alpha. 07 Jul 2004; Travis Tilley openssh-3.8.1_p1-r1.ebuild: stable on amd64 03 Jul 2004; Joshua Kinard openssh-3.8.1_p1-r1.ebuild: Marked stable on mips. 01 Jul 2004; Jon Hood openssh-3.7.1_p2-r1.ebuild, openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: change virtual/glibc to virtual/libc 28 Jun 2004; Brandon Hale openssh-3.8.1_p1-r1.ebuild: Stable on x86. 15 Jun 2004; openssh-3.8.1_p1-r1.ebuild: pam & uclibc updates 07 Jun 2004; Bryan Østergaard openssh-3.8.1_p1.ebuild: Stable on alpha. 05 Jun 2004; Hanselmann Michael openssh-3.8.1_p1.ebuild: Replaced ~ppc with ppc in KEYWORDS. *openssh-3.8.1_p1-r1 (30 May 2004) 30 May 2004; Mike Frysinger +files/openssh-3.8.1_p1-opensc.patch, +openssh-3.8.1_p1-r1.ebuild: Add optional support for smartcard stuff #43593 by Andreas Jellinghaus. 01 May 2004; Ciaran McCreesh openssh-3.8_p1.ebuild: Stable on sparc, mips 28 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: Readded X509 patch now that it has been updated upstream. 27 Apr 2004; Michael McCabe openssh-3.8.1_p1.ebuild: Stable on s390 22 Apr 2004; Guy Martin openssh-3.8_p1.ebuild: Marked stable on hppa. 22 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: Fixed IUSE flags. 21 Apr 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: Stable on x86 and amd64. *openssh-3.8.1_p1 (21 Apr 2004) 21 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: Version bump. Found by Daniel Webert in #48465. 13 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild: Updated SRC_URI. 23 Mar 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild: Change download URI for X509 patches temporarily. 18 Mar 2004; Daniel Ahlberg files/sshd.rc6, openssh-3.8_p1.ebuild: Add mkdir -p /var/empty to initscript. Closing #42936. 09 Mar 2004; openssh-3.7.1_p2-r2.ebuild: stable on alpha and ia64 09 Mar 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + Add X509 patch back in, bumped to g4. + Fix static compile by Sascha Silbe in #44077. 07 Mar 2004; Joshua Kinard openssh-3.7.1_p2-r2.ebuild: Marked stable on mips. 02 Mar 2004; Brian Jackson openssh-3.8_p1.ebuild: adding initial s390 support 27 Feb 2004; Sven Blumenstein openssh-3.7.1_p2-r2.ebuild: Stable on sparc. Remember to mkdir /var/empty if it doesnt exist before you restart sshd... 25 Feb 2004; Guy Martin openssh-3.7.1_p2-r2.ebuild: Marked stable on hppa. 25 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: Backport skey configure.ac patch. 24 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: Unmask for x86 and amd64. *openssh-3.8_p1 (24 Feb 2004) 24 Feb 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: Version bump. 21 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: Fix openssh to work with multipe kerbers5 libs. Closing #30310. 20 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: Filter flag if using ldap. Closing #41727. 12 Feb 2004; Mike Frysinger : Set Protocol to only allow ssh2 by default #41215 and enable pam if in USE. 10 Jan 2004; Brad House openssh-3.7.1_p2-r2.ebuild: install doesn't seem to be creating /var/empty 08 Jan 2004; openssh-3.5_p1-r1.ebuild, openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild, openssh-3.7.1_p2-r2.ebuild: ppc64/mips nightmare.. had to remove tcpd and skey support for various arches due to other things not being marked stable on those arches *openssh-3.7.1_p2-r2 (08 Jan 2004) 08 Jan 2004; openssh-3.7.1_p2-r2.ebuild: added feature request for chrooting via sshd bug #26615 04 Jan 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: Changeing sshd user shell. Closing #35063. 03 Jan 2003; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: Change adding sshd user and group to user enewuser and enewgroup. Should fix #35369. *openssh-3.7.1_p2-r1 (05 Nov 2003) 17 Nov 2003; Joshua Kinard openssh-3.7.1_p2-r1.ebuild: Added a gnuconfig_update call for mips systems 05 Nov 2003; Tavis Ormandy openssh-3.7.1_p2-r1.ebuild, files/openssh-skeychallenge-args.diff: patch needed for compatability with new skey. 28 Oct 2003; Chris PeBenito openssh-3.5_p1-r1.ebuild, openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild, files/openssh-3.7.1_p1-selinux.diff: Switch SELinux patch from old API to new API. 30 Sep 2003; Daniel Ahlberg openssh-3.7.1_p2.ebuild : Add X509 patch back in, closes #29664. 23 Sep 2003; openssh-3.7.1_p2.ebuild: according to the ChangeLog for openssh =zlib-1.1.4 is a must now. Note: openssh needs a X509 patch made upstream for p2 *openssh-3.7.1_p2 (23 Sep 2003) 23 Sep 2003; openssh-3.7.1_p2.ebuild: security update. http://www.openssh.com/txt/sshpam.adv 19 Sep 2003; Chris PeBenito openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild: Fix SELinux patch for 3.7.1_p1 19 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : Disabled selinux patch until a new can be made. Fixed some of the patches to allow the X509 patch to apply. Closing #29105. *openssh-3.7.1_p1-r1 (18 Sep 2003) 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : Removed krb4 and afs support since they are removed according to the Announcment. Ebuild cleanups. Added a bunch of patches from CVS. Among them a fix for CAN-2003-0682. 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1.ebuild : Readd X509 patch. Closing #28992. *openssh-3.7.1_p1 (16 Sep 2003) 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7.1_p1.ebuild: added warning about restarting sshd. 16 Sep 2003; Mike Frysinger : Another version bump ! :D #28927. This fixes 'more malloc bugs'. *openssh-3.7_p1 (16 Sep 2003) 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7_p1.ebuild: added warning about restarting sshd. 16 Sep 2003; Mike Frysinger : Version bump to fix #28873 ... selinux needs to be caught up though :(. Marked stable due to nature of release (security). *openssh-3.6.1_p2-r3 (05 Sep 2003) 05 Sep 2003; Tavis Ormandy openssh-3.6.1_p2-r3.ebuild: adding optional s/key authentication support, using new local USE flag `skey`, currently ~arch only. #11478 *openssh-3.6.1_p2-r1 (06 Aug 2003) 06 Aug 2003; Donny Davies openssh-3.6.1_p2-r1.ebuild: Added new local USE=X509 variable which includes Roumen Petrov's patch providing support for authentication with X.509 certificates. 31 May 2003; Brandon Low files/sshd.rc6: Add 'use dns logger' to the rcscript *openssh-3.6.1_p2 (30 Apr 2003) 30 Apr 2003; Daniel Ahlberg openssh-3.6.1_p2.ebuild : Security update. *openssh-3.6.1_p1 (02 Apr 2003) 02 Apr 2003; Brandon Low openssh-3.6.1_p1.ebuild: Bump *openssh-3.6_p1 (02 Apr 2003) 02 Apr 2003; Brandon Low openssh-3.6_p1.ebuild: Bump, required some modifications to the selinux patch, test thoroughly 09 Feb 2003; Guy Martin : Added hppa to keywords. *openssh-3.5_p1-r1 (20 Jan 2003) 30 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: fixed compile options for selinux support 20 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: added selinux support 15 Mar 2003; Jan Seidel : Added mips to KEYWORDS 13 Mar 2003; Zach Welch openssh-3.5_p1-r1.ebuild: add arm keyword 09 Mar 2003; Aron Griffis openssh-3.5_p1-r1.ebuild: Mark stable on alpha 01 Mar 2003; Brandon Low openssh-3.5_p1-r1.ebuild: make -> emake 21 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild : Changed USE="kerberos" to depend on app-crypt/krb5 as heimdal is not compatible currently. Install app-crypt/kth-krb and set KTH_KRB="yes" to enable Kerberos IV support. 20 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild, files/digest-openssh-3.5_p1-r1 : Added kerberos use flag support. 09 Dec 2002; Donny Davies openssh-3.5_p1.ebuild, openssh-3.4_p1-r2.ebuild, openssh-3.4_p1-r3.ebuild : Add a shells reminder. 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords 01 Dec 2002; Jack Morgan openssh-3.5_p1.ebuild : Removed ~ from sparc/sparc64 keywords. 29 Nov 2002; Daniel Ahlberg openssh-3.5_p1.ebuild : Rewrote patch applying code. 22 Nov 2002; Will Woods openssh-3.5_p1.ebuild: Added patch to fix compile problem on alpha. 23 Oct 2002; Maik Schreiber openssh-3.5_p1.ebuild: Changed "~x86" to "x86" in KEYWORDS. *openssh-3.5_p1 (18 Oct 2002) 19 Jan 2003; Jan Seidel : Added mips to keywords 18 Oct 2002; Daniel Ahlberg openssh-3.5_p1.ebuild: Version bump, found by fluxbox in bug #9262. *openssh-3.4_p1-r3 (04 July 2002) 25 Jul 2002; Nicholas Jones openssh-3.4_p1-r3.ebuild: Bopped Brandon on the head. Added -passwords to the end of --with-md5 No version bump as this doesn't affect most people, and those who need it can just rsync and emerge. 09 Jul 2002; Brandon Low openssh-3.4_p1-r3.ebuild: New revision enables md5 passwords, please test and let me know how it goes so I can unmask. Thanks. *openssh-3.4_p1-r2 (04 July 2002) 09 Jul 2002; phoen][x openssh-3.4_p1-r2.ebuild: Added KEYWORDS. 04 July 2002; Brandon Low openssh-3.4_p1-r2.ebuild: Fixes problem of /var/empty being removed if immediately do emerge openssh emerge openssh. Not an urgent upgrade, but recommended. *openssh-3.4_p1-r1 (02 July 2002) 02 July 2002; Brandon Low openssh-3.4_p1-r1.ebuild: This closes bugs 4169, 4170, and 4193. This new ebuild changes the sshd user from whatever it may be to UID 22, this shouldn't mean anything to most people because no scripts, nor programs use the sshd UID directly (for that matter it is only referenced during authentication of new logins via ssh). However if for some reason your system does have things that were owned by user sshd, you will need to change their UID. *openssh-3.4_p1 (26 June 2002) 26 June 2002; Brandon Low : New version closes soon to be released security hole, PLEASE upgrade immediately according to the changelogs, this new version closes several possible holes found during a massive audit of the code. *openssh-3.3_p1 (22 June 2002) 22 June 2002; Donny Davies : Chase latest release. Starting with this version sshd uses a new privelaged process separation scheme. See the docs for more info. *openssh-3.2.3_p1-1 (5 June 2002) 5 June 2002; Gabriele Giorgetti : New revision. Changes submitted by Alson van der Meulen gentoo@alm.xs4all.nl within bug #3391 were added. Bug closed/fixed. *openssh-3.2.3_p1 (30 May 2002) 30 May 2002; Arcady Genkin : Update to 3.2.3. *openssh-3.2.2_p1 (18 May 2002) 18 May 2002; Donny Davies : Chase latest release + update openssl dependency. *openssh-3.1_p1-r2 (03 Apr 2002) 03 Apr 2002; Daniel Robbins files/sshd.pam: new pam sshd file to use pam_stack, pam_nologin and pam_shells, as well as use pam_unix instead of pam_pwdb. Added updated shadow dependency if pam is enabled (to depend upon our new shadow with the pam_pwdb to pam_unix conversion). *openssh-3.1_p1 (7 Mar 2002) 15 Mar 2002; Bruce A. Locke files/sshd.rc6, files/sshd.rc5: ssh1 keygen requires a new option in the initscripts 13 Mar 2002; M.Schlemmer openssh-3.1_p1-r1.ebuild: Update rc-script not to fail on restart if there is open sessions. 7 Mar 2002; F.Meyndert openssh-3.1_p1.ebuild: Updated openssh to version 3.1 that fixes a nasty off by one bug in all previous version. That caused a local root hole. *openssh-3.0.2_p1-r1 (01 Feb 2002) 01 Feb 2002; G.Bevin ChangeLog: Added initial ChangeLog which should be updated whenever the package is updated in any way. This changelog is targetted to users. This means that the comments should well explained and written in clean English. The details about writing correct changelogs are explained in the skel.ChangeLog file which you can find in the root directory of the portage repository.