+ move changed key warning into warn_changed_key(). ok markus@
+ - jakob@cvs.openbsd.org 2003/11/03 09:37:32
+ [sshconnect.c]
+ do not free static type pointer in warn_changed_key()
+ - djm@cvs.openbsd.org 2003/11/04 08:54:09
+ [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
+ [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
+ [session.c]
+ standardise arguments to auth methods - they should all take authctxt.
+ check authctxt->valid rather then pw != NULL; ok markus@
+ - jakob@cvs.openbsd.org 2003/11/08 16:02:40
+ [auth1.c]
+ remove unused variable (pw). ok djm@
+ (id sync only - still used in portable)
+ - jmc@cvs.openbsd.org 2003/11/08 19:17:29
+ [sftp-int.c]
+ typos from Jonathon Gray;
+ - jakob@cvs.openbsd.org 2003/11/10 16:23:41
+ [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
+ [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
+ [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
+ constify. ok markus@ & djm@
+ - dtucker@cvs.openbsd.org 2003/11/12 10:12:15
+ [scp.c]
+ When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
+ - jakob@cvs.openbsd.org 2003/11/12 16:39:58
+ [dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
+ update SSHFP validation. ok markus@
+ - jmc@cvs.openbsd.org 2003/11/12 20:14:51
+ [ssh_config.5]
+ make verb agree with subject, and kill some whitespace;
+ - markus@cvs.openbsd.org 2003/11/14 13:19:09
+ [sshconnect2.c]
+ cleanup and minor fixes for the client code; from Simon Wilkinson
+ - djm@cvs.openbsd.org 2003/11/17 09:45:39
+ [msg.c msg.h sshconnect2.c ssh-keysign.c]
+ return error on msg send/receive failure (rather than fatal); ok markus@
+ - markus@cvs.openbsd.org 2003/11/17 11:06:07
+ [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
+ [monitor_wrap.h sshconnect2.c ssh-gss.h]
+ replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
+ test + ok jakob.
+ - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
+ conversation function
+ - (djm) Export environment variables from authentication subprocess to
+ parent. Part of Bug #717
+
+20031115
+ - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
+ HP-UX, skip test on AIX.
+
+20031113
+ - (dtucker) [auth-pam.c] Append newlines to lines output by the
+ pam_chauthtok_conv().
+ - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All
+ contrib/cygwin). Major update from vinschen at redhat.com.
+ - Makefile provides a `cygwin-postinstall' target to run right after
+ `make install'.
+ - Better support for Windows 2003 Server.
+ - Try to get permissions as correct as possible.
+ - New command line options to allow full automated host configuration.
+ - Create configs from skeletons in /etc/defaults/etc.
+ - Use /bin/bash, allows reading user input with readline support.
+ - Remove really old configs from /usr/local.
+ - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and
+ PAM_ERROR_MSG messages.
+
+20031106
+ - (djm) Clarify UsePAM consequences a little more
+
+20031103
+ - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
+ are created correctly with CRLF line terminations. Patch from vinschen at
+ redhat.com.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/10/15 09:48:45
+ [monitor_wrap.c]
+ check pmonitor != NULL
+ - markus@cvs.openbsd.org 2003/10/21 09:50:06
+ [auth2-gss.c]
+ make sure the doid is larger than 2
+ - avsm@cvs.openbsd.org 2003/10/26 16:57:43
+ [sshconnect2.c]
+ rename 'supported' static var in userauth_gssapi() to 'gss_supported'
+ to avoid shadowing the global version. markus@ ok
+ - markus@cvs.openbsd.org 2003/10/28 09:08:06
+ [misc.c]
+ error->debug for getsockopt+TCP_NODELAY; several requests
+ - markus@cvs.openbsd.org 2003/11/02 11:01:03
+ [auth2-gss.c compat.c compat.h sshconnect2.c]
+ remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
+ - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid.
+
+20031021
+ - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
+ directly. Noted by Darren.Moffat at sun.com.
+ - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set,
+ make agent setgid during test.
+
+20031017
+ - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with
+ MD5 passwords even if PAM support is enabled. From steev at detritus.net.
+
+20031015
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2003/10/08 08:27:36
+ [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
+ scp and sftp: add options list and sort options. options list requested
+ by deraadt@
+ sshd: use same format as ssh
+ ssh: remove wrong option from list
+ sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
+ ok deraadt@ markus@
+ - markus@cvs.openbsd.org 2003/10/08 15:21:24
+ [readconf.c ssh_config.5]
+ default GSS API to no in client, too; ok jakob, deraadt@
+ - markus@cvs.openbsd.org 2003/10/11 08:24:08
+ [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
+ remote x11 clients are now untrusted by default, uses xauth(8) to generate
+ untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
+ ok deraadt; feedback and ok djm/fries
+ - markus@cvs.openbsd.org 2003/10/11 08:26:43
+ [sshconnect2.c]
+ search keys in reverse order; fixes #684
+ - markus@cvs.openbsd.org 2003/10/11 11:36:23
+ [monitor_wrap.c]
+ return NULL for missing banner; ok djm@
+ - jmc@cvs.openbsd.org 2003/10/12 13:12:13
+ [ssh_config.5]
+ note that EnableSSHKeySign should be in the non-hostspecific section;
+ remove unnecessary .Pp;
+ ok markus@
+ - markus@cvs.openbsd.org 2003/10/13 08:22:25
+ [scp.1 sftp.1]
+ don't refer to options related to forwarding; ok jmc@
+ - jakob@cvs.openbsd.org 2003/10/14 19:42:10
+ [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
+ include SSHFP lookup code (not enabled by default). ok markus@
+ - jakob@cvs.openbsd.org 2003/10/14 19:43:23
+ [README.dns]
+ update
+ - markus@cvs.openbsd.org 2003/10/14 19:54:39
+ [session.c ssh-agent.c]
+ 10X for mkdtemp; djm@
+ - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
+ openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
+ compiled in but disabled in config.
+ - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
+ - (tim) [regress/banner.sh] portability fix.
+
+20031009
+ - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
+
+20031008
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2003/10/07 01:47:27
+ [sshconnect2.c]
+ Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 &
+ #707. ok markus@
+ - djm@cvs.openbsd.org 2003/10/07 07:04:16
+ [sftp-int.c]
+ sftp quoting fix from admorten AT umich.edu; ok markus@
+ - deraadt@cvs.openbsd.org 2003/10/07 21:58:28
+ [sshconnect2.c]
+ set ptr to NULL after free
+ - dtucker@cvs.openbsd.org 2003/10/07 01:52:13
+ [regress/Makefile regress/banner.sh]
+ Test SSH2 banner. ok markus@
+ - djm@cvs.openbsd.org 2003/10/07 07:04:52
+ [regress/sftp-cmds.sh]
+ more sftp quoting regress tests; ok markus
+
+20031007
+ - (djm) Delete autom4te.cache after autoreconf
+ - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
+ cleanup functions. With & ok djm@
+ - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a
+ run-time switch, always build --with-md5-passwords.
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
+ Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@
+ - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID
+ on Reliant Unix. Patch from Robert.Dahlem at siemens.com.
+ - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on
+ Reliant Unix. Based on patch from Robert.Dahlem at siemens.com.
+
+20031003
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/10/02 10:41:59
+ [sshd.c]
+ print openssl version, too, several requests; ok henning/djm.
+ - markus@cvs.openbsd.org 2003/10/02 08:26:53
+ [ssh-gss.h]
+ missing $OpenBSD:; dtucker
+ - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default
+ option.
+
+20031002
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/09/23 20:17:11
+ [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
+ cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
+ monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
+ ssh-agent.c sshd.c]
+ replace fatal_cleanup() and linked list of fatal callbacks with static
+ cleanup_exit() function. re-refine cleanup_exit() where appropriate,
+ allocate sshd's authctxt eary to allow simpler cleanup in sshd.
+ tested by many, ok deraadt@
+ - markus@cvs.openbsd.org 2003/09/23 20:18:52
+ [progressmeter.c]
+ don't print trailing \0; bug #709; Robert.Dahlem@siemens.com
+ ok millert/deraadt@
+ - markus@cvs.openbsd.org 2003/09/23 20:41:11
+ [channels.c channels.h clientloop.c]
+ move client only agent code to clientloop.c
+ - markus@cvs.openbsd.org 2003/09/26 08:19:29
+ [sshd.c]
+ no need to set the listen sockets to non-block; ok deraadt@
+ - jmc@cvs.openbsd.org 2003/09/29 11:40:51
+ [ssh.1]
+ - add list of options to -o and .Xr ssh_config(5)
+ - some other cleanup
+ requested by deraadt@;
+ ok deraadt@ markus@
+ - markus@cvs.openbsd.org 2003/09/29 20:19:57
+ [servconf.c sshd_config]
+ GSSAPICleanupCreds -> GSSAPICleanupCredentials
+ - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring
+ --with-pam. ok djm@
+ - (dtucker) [ssh-gss.h] Prototype change missed in sync.
+ - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
+ Based on patches by Matthias Koeppe and Thomas Baden. ok djm@
+
+20030930
+ - (bal) Fix issues in openbsd-compat/realpath.c
+
+20030925
+ - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove
+ DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from
+ michael_steffens at hp.com, ok djm@
+ - (tim) [sshd_config] UsePAM defaults to no.
+
+20030924
+ - (djm) Update version.h and spec files for HEAD
+ - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6.
+
+20030923