[openssh.git] / ChangeLog

19991207
 - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
   fixes compatability with 4.x and 5.x
 - Fixed default SSH_ASKPASS

19991204
 - Small cleanup of PAM code in sshd.c
 - Merged OpenBSD CVS changes:
   - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
     move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
   - [auth-rsa.c]
     warn only about mismatch if key is _used_
     warn about keysize-mismatch with log() not error()
     channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
     ports are u_short
   - [hostfile.c]
     indent, shorter warning
   - [nchan.c]
     use error() for internal errors
   - [packet.c]
     set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
     serverloop.c
     indent
   - [ssh-add.1 ssh-add.c ssh.h]
     document $SSH_ASKPASS, reasonable default
   - [ssh.1]
     CheckHostIP is not available for connects via proxy command
   - [sshconnect.c]
     typo
     easier to read client code for passwd and skey auth
     turn of checkhostip for proxy connects, since we don't know the remote ip

19991126
 - Add definition for __P()
 - Added [v]snprintf() replacement for systems that lack it

19991125
 - More reformatting merged from OpenBSD CVS
 - Merged OpenBSD CVS changes:
   - [channels.c]
     fix packet_integrity_check() for !have_hostname_in_open.
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
 - Added BSD compatible install program and autoconf test, thanks to
   Niels Kristian Bech Jensen <nkbj@image.dk>
 - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
 - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
 - Release 1.2pre15

19991124
 - Merged very large OpenBSD source code reformat
 - OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu

19991123
 - Added SuSE package files from Chris Saia <csaia@wtower.com>
 - Restructured package-related files under packages/*
 - Added generic PAM config
 - Numerous little Solaris fixes
 - Add recommendation to use GNU make to INSTALL document

19991122
 - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
 - OpenBSD CVS Changes
   - [ssh-keygen.c] 
     don't create ~/.ssh only if the user wants to store the private 
     key there. show fingerprint instead of public-key after 
     keygeneration. ok niels@
 - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
 - Added timersub() macro
 - Tidy RCSIDs of bsd-*.c
 - Added autoconf test and macro to deal with old PAM libraries 
   pam_strerror definition (one arg vs two).
 - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
 - Retry /dev/urandom reads interrupted by signal (report from 
   Robert Hardy <rhardy@webcon.net>)
 - Added a setenv replacement for systems which lack it
 - Only display public key comment when presenting ssh-askpass dialog
 - Released 1.2pre14

 - Configure, Make and changelog corrections from Tudor Bosman 
   <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>

19991121
 - OpenBSD CVS Changes:
   - [channels.c]
     make this compile, bad markus
   - [log.c readconf.c servconf.c ssh.h]
     bugfix: loglevels are per host in clientconfig,
     factor out common log-level parsing code.
   - [servconf.c]
     remove unused index (-Wall)
   - [ssh-agent.c]
     only one 'extern char *__progname'
   - [sshd.8]
     document SIGHUP, -Q to synopsis
   - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
     [channels.c clientloop.c]
     SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
     [hope this time my ISP stays alive during commit]
   - [OVERVIEW README] typos; green@freebsd
   - [ssh-keygen.c]
     replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
     exit if writing the key fails (no infinit loop)
     print usage() everytime we get bad options
   - [ssh-keygen.c] overflow, djm@mindrot.org
   - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
     
19991120
 - Merged more Solaris support from Marc G. Fournier 
   <marc.fournier@acadiau.ca>
 - Wrote autoconf tests for integer bit-types
 - Fixed enabling kerberos support
 - Fix segfault in ssh-keygen caused by buffer overrun in filename 
   handling.

19991119
 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
 - Merged OpenBSD CVS changes
   - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
     more %d vs. %s in fmt-strings
   - [authfd.c]
     Integers should not be printed with %s
 - EGD uses a socket, not a named pipe. Duh.
 - Fix includes in fingerprint.c
 - Fix scp progress bar bug again.
 - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of 
   David Rankin <drankin@bohemians.lexington.ky.us>
 - Added autoconf option to enable Kerberos 4 support (untested)
 - Added autoconf option to enable AFS support (untested)
 - Added autoconf option to enable S/Key support (untested)
 - Added autoconf option to enable TCP wrappers support (compiles OK)
 - Renamed BSD helper function files to bsd-*
 - Added tests for login and daemon and enable OpenBSD replacements for 
   when they are absent.
 - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>

19991118
 - Merged OpenBSD CVS changes
   - [scp.c] foregroundproc() in scp
   - [sshconnect.h] include fingerprint.h
   - [sshd.c] bugfix: the log() for passwd-auth escaped during logging 
     changes.
   - [ssh.1] Spell my name right.
 - Added openssh.com info to README

19991117
 - Merged OpenBSD CVS changes
   - [ChangeLog.Ylonen] noone needs this anymore
   - [authfd.c] close-on-exec for auth-socket, ok deraadt
   - [hostfile.c] 
     in known_hosts key lookup the entry for the bits does not need 
     to match, all the information is contained in n and e. This 
     solves the problem with buggy servers announcing the wrong 
     modulus length.  markus and me.
   - [serverloop.c] 
     bugfix: check for space if child has terminated, from: 
     iedowse@maths.tcd.ie
   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
     [fingerprint.c fingerprint.h]
     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
   - [ssh-agent.1] typo
   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
   - [sshd.c] 
     force logging to stderr while loading private key file
     (lost while converting to new log-levels)

19991116
 - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
 - Merged OpenBSD CVS changes:
   - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
     the keysize of rsa-parameter 'n' is passed implizit,
     a few more checks and warnings about 'pretended' keysizes.
   - [cipher.c cipher.h packet.c packet.h sshd.c]
     remove support for cipher RC4
   - [ssh.c]
     a note for legay systems about secuity issues with permanently_set_uid(),
     the private hostkey and ptrace()
   - [sshconnect.c]
     more detailed messages about adding and checking hostkeys

19991115
 - Merged OpenBSD CVS changes:
   - [ssh-add.c] change passphrase loop logic and remove ref to 
     $DISPLAY, ok niels
 - Changed to ssh-add.c broke askpass support. Revised it to be a little more
   modular. 
 - Revised autoconf support for enabling/disabling askpass support.
 - Merged more OpenBSD CVS changes:
	[auth-krb4.c]
	  - disconnect if getpeername() fails
	  - missing xfree(*client)
	[canohost.c]
	  - disconnect if getpeername() fails
	  - fix comment: we _do_ disconnect if ip-options are set
	[sshd.c]
	  - disconnect if getpeername() fails
	  - move checking of remote port to central place
	[auth-rhosts.c] move checking of remote port to central place
	[log-server.c] avoid extra fd per sshd, from millert@
	[readconf.c] print _all_ bad config-options in ssh(1), too
	[readconf.h] print _all_ bad config-options in ssh(1), too
	[ssh.c] print _all_ bad config-options in ssh(1), too
	[sshconnect.c] disconnect if getpeername() fails
 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
 - Various small cleanups to bring diff (against OpenBSD) size down.
 - Merged more Solaris compability from Marc G. Fournier
   <marc.fournier@acadiau.ca>
 - Wrote autoconf tests for __progname symbol
 - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
 - Released 1.2pre12

 - Another OpenBSD CVS update:
   - [ssh-keygen.1] fix .Xr

19991114
 - Solaris compilation fixes (still imcomplete)

19991113
 - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
   - Don't install config files if they already exist
   - Fix inclusion of additional preprocessor directives from acconfig.h
 - Removed redundant inclusions of config.h
 - Added 'Obsoletes' lines to RPM spec file
 - Merged OpenBSD CVS changes:
   - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
   - [scp.c] fix overflow reported by damien@ibs.com.au: off_t 
     totalsize, ok niels,aaron
 - Delay fork (-f option) in ssh until after port forwarded connections 
   have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
 - Tidied default config file some more
 - Revised Redhat initscript to fix bug: sshd (re)start would fail
   if executed from inside a ssh login.

19991112
 - Merged changes from OpenBSD CVS
   - [sshd.c] session_key_int may be zero
   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok 
     deraadt,millert
 - Brought default sshd_config more in line with OpenBSD's
 - Grab server in gnome-ssh-askpass (Debian bug #49872)
 - Released 1.2pre10

 - Added INSTALL documentation
 - Merged yet more changes from OpenBSD CVS
   - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
     [ssh.c ssh.h sshconnect.c sshd.c]
     make all access to options via 'extern Options options'
     and 'extern ServerOptions options' respectively;
     options are no longer passed as arguments:
      * make options handling more consistent
      * remove #include "readconf.h" from ssh.h
      * readconf.h is only included if necessary
   - [mpaux.c] clear temp buffer
   - [servconf.c] print _all_ bad options found in configfile
 - Make ssh-askpass support optional through autoconf
 - Fix nasty division-by-zero error in scp.c
 - Released 1.2pre11

19991111
 - Added (untested) Entropy Gathering Daemon (EGD) support
 - Fixed /dev/urandom fd leak (Debian bug #49722)
 - Merged OpenBSD CVS changes:
   - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
   - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
   - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
 - Fix integer overflow which was messing up scp's progress bar for large 
   file transfers. Fix submitted to OpenBSD developers.
 - Merged more OpenBSD CVS changes:
   - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() 
     + krb-cleanup cleanup
   - [clientloop.c log-client.c log-server.c ]
     [readconf.c readconf.h servconf.c servconf.h ]
     [ssh.1 ssh.c ssh.h sshd.8]
     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
     obsoletes QuietMode and FascistLogging in sshd.
   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
     allow session_key_int != sizeof(session_key)
     [this should fix the pre-assert-removal-core-files]
 - Updated default config file to use new LogLevel option and to improve
   readability

19991110
 - Merged several minor fixes:
   - ssh-agent commandline parsing
   - RPM spec file now installs ssh setuid root
   - Makefile creates libdir
   - Merged beginnings of Solaris compability from Marc G. Fournier
     <marc.fournier@acadiau.ca>

19991109
 - Autodetection of SSL/Crypto library location via autoconf
 - Fixed location of ssh-askpass to follow autoconf
 - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
 - Autodetection of RSAref library for US users
 - Minor doc updates
 - Merged OpenBSD CVS changes:
   - [rsa.c] bugfix: use correct size for memset()
   - [sshconnect.c] warn if announced size of modulus 'n' != real size
 - Added GNOME passphrase requestor (use --with-gnome-askpass)
 - RPM build now creates subpackages
 - Released 1.2pre9

19991108
 - Removed debian/ directory. This is now being maintained separately.
 - Added symlinks for slogin in RPM spec file
 - Fixed permissions on manpages in RPM spec file
 - Added references to required libraries in README file
 - Removed config.h.in from CVS
 - Removed pwdb support (better pluggable auth is provided by glibc)
 - Made PAM and requisite libdl optional
 - Removed lots of unnecessary checks from autoconf
 - Added support and autoconf test for openpty() function (Unix98 pty support)
 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
 - Added TODO file
 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
   - Added ssh-askpass program
   - Added ssh-askpass support to ssh-add.c
   - Create symlinks for slogin on install
   - Fix "distclean" target in makefile
   - Added example for ssh-agent to manpage
   - Added support for PAM_TEXT_INFO messages
   - Disable internal /etc/nologin support if PAM enabled
 - Merged latest OpenBSD CVS changes:
   - [all] replace assert() with error, fatal or packet_disconnect
   - [sshd.c] don't send fail-msg but disconnect if too many authentication
     failures
   - [sshd.c] remove unused argument. ok dugsong
   - [sshd.c] typo
   - [rsa.c] clear buffers used for encryption. ok: niels
   - [rsa.c] replace assert() with error, fatal or packet_disconnect
   - [auth-krb4.c] remove unused argument. ok dugsong
 - Fixed coredump after merge of OpenBSD rsa.c patch
 - Released 1.2pre8

19991102
 - Merged change from OpenBSD CVS
  - One-line cleanup in sshd.c

19991030
 - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
 - Merged latest updates for OpenBSD CVS:
   - channels.[ch] - remove broken x11 fix and document istate/ostate
   - ssh-agent.c - call setsid() regardless of argv[]
   - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
 - Documentation cleanups
 - Renamed README -> README.Ylonen
 - Renamed README.openssh ->README

19991029
 - Renamed openssh* back to ssh* at request of Theo de Raadt
 - Incorporated latest changes from OpenBSD's CVS
 - Integrated Makefile patch from  Niels Kristian Bech Jensen <nkbj@image.dk>
 - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
 - Make distclean now removed configure script
 - Improved PAM logging
 - Added some debug() calls for PAM
 - Removed redundant subdirectories
 - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for 
   building on Debian.
 - Fixed off-by-one error in PAM env patch
 - Released 1.2pre6

19991028
 - Further PAM enhancements.
   - Much cleaner
   - Now uses account and session modules for all logins.
 - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
   - Build fixes
   - Autoconf
   - Change binary names to open*
 - Fixed autoconf script to detect PAM on RH6.1
 - Added tests for libpwdb, and OpenBSD functions to autoconf
 - Released 1.2pre4

 - Imported latest OpenBSD CVS code
 - Updated README.openssh
 - Released 1.2pre5

19991027
 - Adapted PAM patch.
 - Released 1.0pre2

 - Excised my buggy replacements for strlcpy and mkdtemp
 - Imported correct OpenBSD strlcpy and mkdtemp routines.
 - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
 - Picked up correct version number from OpenBSD
 - Added sshd.pam PAM configuration file
 - Added sshd.init Redhat init script
 - Added openssh.spec RPM spec file
 - Released 1.2pre3

19991026
 - Fixed include paths of OpenSSL functions
 - Use OpenSSL MD5 routines
 - Imported RC4 code from nanocrypt
 - Wrote replacements for OpenBSD arc4random* functions
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
Commit	Line	Data
4285816a	1	19991207
	2	- sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
	3	fixes compatability with 4.x and 5.x
db28aeb5	4	- Fixed default SSH_ASKPASS
4285816a	5
9c7b6dfd	6	19991204
9c7b6dfd	7	- Small cleanup of PAM code in sshd.c
57112b5a	8	- Merged OpenBSD CVS changes:
	9	- [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
	10	move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
	11	- [auth-rsa.c]
	12	warn only about mismatch if key is _used_
	13	warn about keysize-mismatch with log() not error()
	14	channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
	15	ports are u_short
	16	- [hostfile.c]
	17	indent, shorter warning
	18	- [nchan.c]
	19	use error() for internal errors
	20	- [packet.c]
	21	set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
	22	serverloop.c
	23	indent
	24	- [ssh-add.1 ssh-add.c ssh.h]
	25	document $SSH_ASKPASS, reasonable default
	26	- [ssh.1]
	27	CheckHostIP is not available for connects via proxy command
	28	- [sshconnect.c]
	29	typo
	30	easier to read client code for passwd and skey auth
	31	turn of checkhostip for proxy connects, since we don't know the remote ip
9c7b6dfd	32
dad3b556	33	19991126
	34	- Add definition for __P()
	35	- Added [v]snprintf() replacement for systems that lack it
	36
0ce43ae4	37	19991125
	38	- More reformatting merged from OpenBSD CVS
	39	- Merged OpenBSD CVS changes:
	40	- [channels.c]
	41	fix packet_integrity_check() for !have_hostname_in_open.
	42	report from mrwizard@psu.edu via djm@ibs.com.au
	43	- [channels.c]
	44	set SO_REUSEADDR and SO_LINGER for forwarded ports.
	45	chip@valinux.com via damien@ibs.com.au
	46	- [nchan.c]
	47	it's not an error() if shutdown_write failes in nchan.
	48	- [readconf.c]
	49	remove dead #ifdef-0-code
	50	- [readconf.c servconf.c]
	51	strcasecmp instead of tolower
	52	- [scp.c]
	53	progress meter overflow fix from damien@ibs.com.au
	54	- [ssh-add.1 ssh-add.c]
	55	SSH_ASKPASS support
	56	- [ssh.1 ssh.c]
	57	postpone fork_after_authentication until command execution,
	58	request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
	59	plus: use daemon() for backgrounding
cf8dd513	60	- Added BSD compatible install program and autoconf test, thanks to
	61	Niels Kristian Bech Jensen <nkbj@image.dk>
	62	- Solaris fixing, thanks to Ben Taylor <bent@clark.net>
09041313	63	- Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
3dbefdb8	64	- Release 1.2pre15
0ce43ae4	65
5260325f	66	19991124
	67	- Merged very large OpenBSD source code reformat
	68	- OpenBSD CVS updates
	69	- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
	70	[ssh.h sshd.8 sshd.c]
	71	syslog changes:
	72	* Unified Logmessage for all auth-types, for success and for failed
	73	* Standard connections get only ONE line in the LOG when level==LOG:
	74	Auth-attempts are logged only, if authentication is:
	75	a) successfull or
	76	b) with passwd or
	77	c) we had more than AUTH_FAIL_LOG failues
	78	* many log() became verbose()
	79	* old behaviour with level=VERBOSE
	80	- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
	81	tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
	82	messages. allows use of s/key in windows (ttssh, securecrt) and
	83	ssh-1.2.27 clients without 'ssh -v', ok: niels@
	84	- [sshd.8]
	85	-V, for fallback to openssh in SSH2 compatibility mode
	86	- [sshd.c]
	87	fix sigchld race; cjc5@po.cwru.edu
	88
4655fe80	89	19991123
4655fe80	90	- Added SuSE package files from Chris Saia <csaia@wtower.com>
8b241e50	91	- Restructured package-related files under packages/*
4655fe80	92	- Added generic PAM config
8b241e50	93	- Numerous little Solaris fixes
9c08d6ce	94	- Add recommendation to use GNU make to INSTALL document
4655fe80	95
60bed5fd	96	19991122
60bed5fd	97	- Make <enter> close gnome-ssh-askpass (Debian bug #50299)
2f2cc3f9	98	- OpenBSD CVS Changes
	99	- [ssh-keygen.c]
	100	don't create ~/.ssh only if the user wants to store the private
	101	key there. show fingerprint instead of public-key after
	102	keygeneration. ok niels@
b09a984b	103	- Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
96ad4350	104	- Added timersub() macro
b09a984b	105	- Tidy RCSIDs of bsd-*.c
96ad4350	106	- Added autoconf test and macro to deal with old PAM libraries
96ad4350	107	pam_strerror definition (one arg vs two).
530f1889	108	- Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
	109	- Retry /dev/urandom reads interrupted by signal (report from
	110	Robert Hardy <rhardy@webcon.net>)
1647c2b5	111	- Added a setenv replacement for systems which lack it
d84a9a44	112	- Only display public key comment when presenting ssh-askpass dialog
d84a9a44	113	- Released 1.2pre14
60bed5fd	114
2ddcfdf3	115	- Configure, Make and changelog corrections from Tudor Bosman
	116	<tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
	117
9d6b7add	118	19991121
2f2cc3f9	119	- OpenBSD CVS Changes:
60bed5fd	120	- [channels.c]
	121	make this compile, bad markus
	122	- [log.c readconf.c servconf.c ssh.h]
	123	bugfix: loglevels are per host in clientconfig,
	124	factor out common log-level parsing code.
	125	- [servconf.c]
	126	remove unused index (-Wall)
	127	- [ssh-agent.c]
	128	only one 'extern char *__progname'
	129	- [sshd.8]
	130	document SIGHUP, -Q to synopsis
	131	- [sshconnect.c serverloop.c sshd.c packet.c packet.h]
	132	[channels.c clientloop.c]
	133	SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
	134	[hope this time my ISP stays alive during commit]
	135	- [OVERVIEW README] typos; green@freebsd
	136	- [ssh-keygen.c]
	137	replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
	138	exit if writing the key fails (no infinit loop)
	139	print usage() everytime we get bad options
	140	- [ssh-keygen.c] overflow, djm@mindrot.org
	141	- [sshd.c] fix sigchld race; cjc5@po.cwru.edu
	142
2b942fe0	143	19991120
	144	- Merged more Solaris support from Marc G. Fournier
	145	<marc.fournier@acadiau.ca>
	146	- Wrote autoconf tests for integer bit-types
	147	- Fixed enabling kerberos support
13c36c4c	148	- Fix segfault in ssh-keygen caused by buffer overrun in filename
13c36c4c	149	handling.
2b942fe0	150
06479889	151	19991119
06479889	152	- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
2ad77510	153	- Merged OpenBSD CVS changes
	154	- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
	155	more %d vs. %s in fmt-strings
	156	- [authfd.c]
	157	Integers should not be printed with %s
7b1cc56c	158	- EGD uses a socket, not a named pipe. Duh.
7b1cc56c	159	- Fix includes in fingerprint.c
29dbde15	160	- Fix scp progress bar bug again.
2ddcfdf3	161	- Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
736890c4	162	David Rankin <drankin@bohemians.lexington.ky.us>
91b8065d	163	- Added autoconf option to enable Kerberos 4 support (untested)
	164	- Added autoconf option to enable AFS support (untested)
	165	- Added autoconf option to enable S/Key support (untested)
	166	- Added autoconf option to enable TCP wrappers support (compiles OK)
beb43d31	167	- Renamed BSD helper function files to bsd-*
caf3bc51	168	- Added tests for login and daemon and enable OpenBSD replacements for
	169	when they are absent.
	170	- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
06479889	171
2bd61362	172	19991118
	173	- Merged OpenBSD CVS changes
	174	- [scp.c] foregroundproc() in scp
	175	- [sshconnect.h] include fingerprint.h
	176	- [sshd.c] bugfix: the log() for passwd-auth escaped during logging
	177	changes.
0c16a097	178	- [ssh.1] Spell my name right.
2bd61362	179	- Added openssh.com info to README
2bd61362	180
f095fcc7	181	19991117
	182	- Merged OpenBSD CVS changes
	183	- [ChangeLog.Ylonen] noone needs this anymore
	184	- [authfd.c] close-on-exec for auth-socket, ok deraadt
	185	- [hostfile.c]
	186	in known_hosts key lookup the entry for the bits does not need
	187	to match, all the information is contained in n and e. This
	188	solves the problem with buggy servers announcing the wrong
	189	modulus length. markus and me.
	190	- [serverloop.c]
	191	bugfix: check for space if child has terminated, from:
	192	iedowse@maths.tcd.ie
	193	- [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
	194	[fingerprint.c fingerprint.h]
	195	rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
	196	- [ssh-agent.1] typo
	197	- [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
	198	- [sshd.c]
	199	force logging to stderr while loading private key file
	200	(lost while converting to new log-levels)
	201
4d195447	202	19991116
	203	- Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
	204	- Merged OpenBSD CVS changes:
	205	- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
	206	[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
	207	the keysize of rsa-parameter 'n' is passed implizit,
	208	a few more checks and warnings about 'pretended' keysizes.
	209	- [cipher.c cipher.h packet.c packet.h sshd.c]
	210	remove support for cipher RC4
	211	- [ssh.c]
	212	a note for legay systems about secuity issues with permanently_set_uid(),
	213	the private hostkey and ptrace()
	214	- [sshconnect.c]
	215	more detailed messages about adding and checking hostkeys
	216
dad9a31e	217	19991115
	218	- Merged OpenBSD CVS changes:
	219	- [ssh-add.c] change passphrase loop logic and remove ref to
	220	$DISPLAY, ok niels
	221	- Changed to ssh-add.c broke askpass support. Revised it to be a little more
	222	modular.
	223	- Revised autoconf support for enabling/disabling askpass support.
e7c0f9d5	224	- Merged more OpenBSD CVS changes:
	225	[auth-krb4.c]
	226	- disconnect if getpeername() fails
	227	- missing xfree(*client)
	228	[canohost.c]
	229	- disconnect if getpeername() fails
	230	- fix comment: we _do_ disconnect if ip-options are set
	231	[sshd.c]
	232	- disconnect if getpeername() fails
	233	- move checking of remote port to central place
	234	[auth-rhosts.c] move checking of remote port to central place
	235	[log-server.c] avoid extra fd per sshd, from millert@
	236	[readconf.c] print _all_ bad config-options in ssh(1), too
	237	[readconf.h] print _all_ bad config-options in ssh(1), too
	238	[ssh.c] print _all_ bad config-options in ssh(1), too
	239	[sshconnect.c] disconnect if getpeername() fails
	240	- OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
c75a1a66	241	- Various small cleanups to bring diff (against OpenBSD) size down.
f601d847	242	- Merged more Solaris compability from Marc G. Fournier
	243	<marc.fournier@acadiau.ca>
	244	- Wrote autoconf tests for __progname symbol
8c119fd0	245	- RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
0c372277	246	- Released 1.2pre12
	247
	248	- Another OpenBSD CVS update:
	249	- [ssh-keygen.1] fix .Xr
dad9a31e	250
92da7197	251	19991114
	252	- Solaris compilation fixes (still imcomplete)
	253
94f7bb9e	254	19991113
dd092f97	255	- Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
	256	- Don't install config files if they already exist
	257	- Fix inclusion of additional preprocessor directives from acconfig.h
94f7bb9e	258	- Removed redundant inclusions of config.h
e9c75a39	259	- Added 'Obsoletes' lines to RPM spec file
94f7bb9e	260	- Merged OpenBSD CVS changes:
	261	- [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
	262	- [scp.c] fix overflow reported by damien@ibs.com.au: off_t
	263	totalsize, ok niels,aaron
	264	- Delay fork (-f option) in ssh until after port forwarded connections
	265	have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
b2344d54	266	- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
b2344d54	267	- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
dd092f97	268	- Tidied default config file some more
	269	- Revised Redhat initscript to fix bug: sshd (re)start would fail
	270	if executed from inside a ssh login.
94f7bb9e	271
e35c1dc2	272	19991112
	273	- Merged changes from OpenBSD CVS
	274	- [sshd.c] session_key_int may be zero
b4748e2f	275	- [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
	276	IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
	277	deraadt,millert
	278	- Brought default sshd_config more in line with OpenBSD's
547c9f30	279	- Grab server in gnome-ssh-askpass (Debian bug #49872)
547c9f30	280	- Released 1.2pre10
e35c1dc2	281
8bc7973f	282	- Added INSTALL documentation
6fa724bc	283	- Merged yet more changes from OpenBSD CVS
	284	- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
	285	[ssh.c ssh.h sshconnect.c sshd.c]
	286	make all access to options via 'extern Options options'
	287	and 'extern ServerOptions options' respectively;
	288	options are no longer passed as arguments:
	289	* make options handling more consistent
	290	* remove #include "readconf.h" from ssh.h
	291	* readconf.h is only included if necessary
	292	- [mpaux.c] clear temp buffer
	293	- [servconf.c] print _all_ bad options found in configfile
045672f9	294	- Make ssh-askpass support optional through autoconf
59b0f0d4	295	- Fix nasty division-by-zero error in scp.c
59b0f0d4	296	- Released 1.2pre11
8bc7973f	297
4cca272e	298	19991111
4cca272e	299	- Added (untested) Entropy Gathering Daemon (EGD) support
67d68e3a	300	- Fixed /dev/urandom fd leak (Debian bug #49722)
5bbb5681	301	- Merged OpenBSD CVS changes:
	302	- [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
	303	- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
	304	- [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
505fed0a	305	- Fix integer overflow which was messing up scp's progress bar for large
505fed0a	306	file transfers. Fix submitted to OpenBSD developers.
6a17f9c2	307	- Merged more OpenBSD CVS changes:
	308	- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
	309	+ krb-cleanup cleanup
	310	- [clientloop.c log-client.c log-server.c ]
	311	[readconf.c readconf.h servconf.c servconf.h ]
	312	[ssh.1 ssh.c ssh.h sshd.8]
	313	add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
	314	obsoletes QuietMode and FascistLogging in sshd.
e35c1dc2	315	- [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
	316	allow session_key_int != sizeof(session_key)
	317	[this should fix the pre-assert-removal-core-files]
	318	- Updated default config file to use new LogLevel option and to improve
	319	readability
	320
f370266e	321	19991110
67d68e3a	322	- Merged several minor fixes:
f370266e	323	- ssh-agent commandline parsing
	324	- RPM spec file now installs ssh setuid root
	325	- Makefile creates libdir
4cca272e	326	- Merged beginnings of Solaris compability from Marc G. Fournier
4cca272e	327	<marc.fournier@acadiau.ca>
f370266e	328
d4f11b59	329	19991109
	330	- Autodetection of SSL/Crypto library location via autoconf
	331	- Fixed location of ssh-askpass to follow autoconf
	332	- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
	333	- Autodetection of RSAref library for US users
	334	- Minor doc updates
560557bb	335	- Merged OpenBSD CVS changes:
	336	- [rsa.c] bugfix: use correct size for memset()
	337	- [sshconnect.c] warn if announced size of modulus 'n' != real size
f025becb	338	- Added GNOME passphrase requestor (use --with-gnome-askpass)
d397b172	339	- RPM build now creates subpackages
aa51e7cc	340	- Released 1.2pre9
d4f11b59	341
e1a9c08d	342	19991108
	343	- Removed debian/ directory. This is now being maintained separately.
	344	- Added symlinks for slogin in RPM spec file
	345	- Fixed permissions on manpages in RPM spec file
	346	- Added references to required libraries in README file
	347	- Removed config.h.in from CVS
	348	- Removed pwdb support (better pluggable auth is provided by glibc)
	349	- Made PAM and requisite libdl optional
	350	- Removed lots of unnecessary checks from autoconf
	351	- Added support and autoconf test for openpty() function (Unix98 pty support)
	352	- Fix for scp not finding ssh if not installed as /usr/bin/ssh
	353	- Added TODO file
	354	- Merged parts of Debian patch From Phil Hands <phil@hands.com>:
	355	- Added ssh-askpass program
	356	- Added ssh-askpass support to ssh-add.c
	357	- Create symlinks for slogin on install
	358	- Fix "distclean" target in makefile
	359	- Added example for ssh-agent to manpage
	360	- Added support for PAM_TEXT_INFO messages
	361	- Disable internal /etc/nologin support if PAM enabled
	362	- Merged latest OpenBSD CVS changes:
5bae4ab8	363	- [all] replace assert() with error, fatal or packet_disconnect
e1a9c08d	364	- [sshd.c] don't send fail-msg but disconnect if too many authentication
e1a9c08d	365	failures
e1a9c08d	366	- [sshd.c] remove unused argument. ok dugsong
	367	- [sshd.c] typo
	368	- [rsa.c] clear buffers used for encryption. ok: niels
	369	- [rsa.c] replace assert() with error, fatal or packet_disconnect
ade6fccd	370	- [auth-krb4.c] remove unused argument. ok dugsong
e1a9c08d	371	- Fixed coredump after merge of OpenBSD rsa.c patch
9010d60a	372	- Released 1.2pre8
e1a9c08d	373
3028328e	374	19991102
	375	- Merged change from OpenBSD CVS
	376	- One-line cleanup in sshd.c
	377
474832c5	378	19991030
474832c5	379	- Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
69256d9d	380	- Merged latest updates for OpenBSD CVS:
	381	- channels.[ch] - remove broken x11 fix and document istate/ostate
	382	- ssh-agent.c - call setsid() regardless of argv[]
	383	- ssh.c - save a few lines when disabling rhosts-{rsa-}auth
	384	- Documentation cleanups
	385	- Renamed README -> README.Ylonen
	386	- Renamed README.openssh ->README
474832c5	387
339660f6	388	19991029
	389	- Renamed openssh* back to ssh* at request of Theo de Raadt
	390	- Incorporated latest changes from OpenBSD's CVS
	391	- Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
	392	- Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
549b3eed	393	- Make distclean now removed configure script
	394	- Improved PAM logging
	395	- Added some debug() calls for PAM
4ecd19ea	396	- Removed redundant subdirectories
	397	- Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
	398	building on Debian.
242588e6	399	- Fixed off-by-one error in PAM env patch
242588e6	400	- Released 1.2pre6
339660f6	401
5881cd60	402	19991028
	403	- Further PAM enhancements.
	404	- Much cleaner
	405	- Now uses account and session modules for all logins.
	406	- Integrated patch from Dan Brosemer <odin@linuxfreak.com>
	407	- Build fixes
	408	- Autoconf
	409	- Change binary names to open*
	410	- Fixed autoconf script to detect PAM on RH6.1
	411	- Added tests for libpwdb, and OpenBSD functions to autoconf
221395b3	412	- Released 1.2pre4
fca82d2e	413
	414	- Imported latest OpenBSD CVS code
	415	- Updated README.openssh
93f04616	416	- Released 1.2pre5
fca82d2e	417
5881cd60	418	19991027
	419	- Adapted PAM patch.
	420	- Released 1.0pre2
	421
	422	- Excised my buggy replacements for strlcpy and mkdtemp
	423	- Imported correct OpenBSD strlcpy and mkdtemp routines.
	424	- Reduced arc4random_stir entropy read to 32 bytes (256 bits)
	425	- Picked up correct version number from OpenBSD
	426	- Added sshd.pam PAM configuration file
	427	- Added sshd.init Redhat init script
	428	- Added openssh.spec RPM spec file
	429	- Released 1.2pre3
	430
	431	19991026
	432	- Fixed include paths of OpenSSL functions
	433	- Use OpenSSL MD5 routines
	434	- Imported RC4 code from nanocrypt
	435	- Wrote replacements for OpenBSD arc4random* functions
	436	- Wrote replacements for strlcpy and mkdtemp
	437	- Released 1.0pre1