2 - (dtucker) [regress/agent-timeout.sh] Timeout of 5 sec is borderline for
3 slower hosts, increase to 10 sec.
4 - (dtucker) [auth-passwd.c] On AIX, call setauthdb() before loginsuccess(),
5 required to correctly reset failed login count when using a password
6 registry other than "files" (eg LDAP, see bug #543).
7 - (tim) [configure.ac] define WITH_ABBREV_NO_TTY for SCO.
8 Report by Roger Cornelius.
9 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch
10 from cjwatson at debian.org.
13 - (tim) [regress/agent-ptrace.sh] sh doesn't like "if ! shell_function; then".
14 - (tim) [Makefile.in] only mkdir regress if it does not exist.
15 - (tim) [regress/yes-head.sh] shell portability fix.
18 - (dtucker) [configure.ac] Bug #588, #615: Move other libgen tests to after
19 the dirname test, to allow a broken dirname to be detected correctly.
20 Based partially on patch supplied by alex.kiernan at thus.net. ok djm@
21 - (tim) [configure.ac] Move libgen tests to before libwrap to unbreak
22 UnixWare 2.03 using --with-tcp-wrappers.
23 - (tim) [configure.ac] Prefer setuid/setgid on UnixWare and Open Server.
24 - (tim) [regress/agent-ptrace.sh regress/dynamic-forward.sh
25 regress/sftp-cmds.sh regress/stderr-after-eof.sh regress/test-exec.sh]
26 no longer depends on which(1). patch by dtucker@
29 - (dtucker) [configure.ac] Bug #636: Add support for Cray's new X1 machine.
30 Patch from wendyp at cray.com.
31 - (dtucker) [configure.ac] Part of bug #615: tcsendbreak might be a macro.
32 - (dtucker) [regressh/yes-head.sh] Some platforms (eg Solaris) don't have
36 - (tim) [regress/Makefile] Fixes for building outside of a read-only
38 - (tim) [regress/agent-timeout.sh] s/TIMEOUT/SSHAGENT_TIMEOUT/ Fixes conflict
39 with shell read-only variable.
40 - (tim) [regress/sftp-badcmds.sh regress/sftp-cmds.sh] Fix errors like
41 UX:rm: ERROR: Cannot remove '.' or '..'
44 - (tim) [configure.ac openbsd-compat/getrrsetbyname.c] wrap _getshort and
46 - (tim) [configure.ac acconfig.h openbsd-compat/getrrsetbyname.c] test for
47 HEADER.ad in arpa/nameser.h
48 - (tim) [ssh-keygen.c] s/PATH_MAX/MAXPATHLEN/ ok mouring@
51 - (dtucker) [agent-ptrace.sh dynamic-forward.sh (all regress/)]
52 Put "which" inside quotes.
53 - (dtucker) [dynamic-forward.sh forwarding.sh sftp-batch.sh (all regress/)]
54 Add ${EXEEXT}: required to work on Cygwin.
55 - (dtucker) [regress/sftp-batch.sh] Make temporary batch file name more
56 distinctive, so "rm ${BATCH}.*" doesn't match the script itself.
57 - (dtucker) [regress/sftp-cmds.sh] Skip quoted file test on Cygwin.
58 - (dtucker) [openbsd-compat/xcrypt.c] #elsif -> #elif
59 - (dtucker) [acconfig.h] Typo.
60 - (dtucker) [CREDITS Makefile.in configure.ac mdoc2man.awk mdoc2man.pl]
61 Replace mdoc2man.pl with mdoc2man.awk, provided by Peter Stuge.
64 - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX.
67 - (dtucker) [Makefile.in] Add distclean target for regress/, fix clean target.
70 - (dtucker) Portablize regression tests. Parts contributed by Roumen
71 Petrov, David M. Williams and Corinna Vinschen.
72 - [Makefile.in] Add "make tests" target and "make clean" hooks.
73 - [regress/agent-getpeereid.sh] Skip test on platforms that don't support
75 - [regress/agent-ptrace.sh] Skip tests if platform doesn't support it or
77 - [regress/reconfigure/sh] Make path to sshd fully qualified if required.
78 - [regress/rekey.sh] Remove dependence on /dev/zero (not all platforms have
79 it). The sparse file will take less disk space too.
80 - [regress/sftp-cmds.sh] Ensure files used for test are readable.
81 - [regress/stderr-after-eof.sh] Search for a usable checksum program.
82 - [regress/sftp-badcmds.sh regress/sftp-cmds.sh regress/sftp.sh
83 regress/ssh-com-client.sh regress/ssh-com-sftp.sh regress/stderr-data.sh
84 regress/transfer.sh] Use ${EXEEXT} where appropriate.
85 - [regress/sftp.sh regress/ssh-com-sftp.sh] Remove dependency on /dev/stdin.
86 - [regress/agent-ptrace.sh regress/agent-timeout.sh]
87 "grep -q" -> "grep >/dev/null"
88 - [regress/agent.sh regress/proto-version.sh regress/ssh-com.sh
89 regress/test-exec.sh] Handle different ways of echoing without newlines.
90 - [regress/dynamic-forward.sh] Some "which" programs output on stderr.
91 - [regress/sftp-cmds.sh] Use portable "test" option.
92 - [regress/test-exec.sh] Use sudo, search for "whoami" equivalent, always
93 use Strictmodes no, wait longer for sshd startup.
94 - [regress/Makefile] Remove BSDisms.
95 - [regress/README.regress] Add a basic readme.
96 - [Makefile.in regress/agent-getpeereid.sh] config.h is now in $BUILDDIR
98 - [Makefile.in regress/agent-ptrace] Fix minor regress issues on Cygwin.
101 - (djm) OpenBSD CVS Sync
102 - markus@cvs.openbsd.org 2003/08/26 09:58:43
103 [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
105 fix passwd auth for 'username leaks via timing'; with djm@, original
107 - markus@cvs.openbsd.org 2003/08/28 12:54:34
109 remove kerberos support from ssh1, since it has been replaced with GSSAPI;
110 but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
111 - markus@cvs.openbsd.org 2003/09/02 16:40:29
114 - jmc@cvs.openbsd.org 2003/09/02 18:50:06
115 [sftp.1 ssh_config.5]
120 - (djm) OpenBSD CVS Sync
121 - deraadt@cvs.openbsd.org 2003/08/24 17:36:51
123 64 bit cleanups; markus ok
124 - markus@cvs.openbsd.org 2003/08/28 12:54:34
125 [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
126 [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
127 [sshconnect1.c sshd.c sshd_config sshd_config.5]
128 remove kerberos support from ssh1, since it has been replaced with GSSAPI;
129 but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
130 - markus@cvs.openbsd.org 2003/08/29 10:03:15
132 SSH_BUG_K5USER is unused; ok henning@
133 - markus@cvs.openbsd.org 2003/08/29 10:04:36
135 be less chatty; debug -> debug2, cleanup; ok henning@
136 - markus@cvs.openbsd.org 2003/08/31 10:26:04
138 pass file_size + 1 to snprintf: fixes printing of truncated
139 file names; fix based on patch/report from sturm@;
140 - markus@cvs.openbsd.org 2003/08/31 12:14:22
143 - markus@cvs.openbsd.org 2003/08/31 13:29:05
145 call ssh_gssapi_storecreds conditionally from do_exec();
146 with sxw@inf.ed.ac.uk
147 - markus@cvs.openbsd.org 2003/08/31 13:30:18
149 correct string termination in parse_ename(); sxw@inf.ed.ac.uk
150 - markus@cvs.openbsd.org 2003/08/31 13:31:57
153 - markus@cvs.openbsd.org 2003/09/01 09:50:04
155 gss kex is not supported; sxw@inf.ed.ac.uk
156 - markus@cvs.openbsd.org 2003/09/01 12:50:46
158 rm gssapidelegatecreds alias; never supported before
159 - markus@cvs.openbsd.org 2003/09/01 13:52:18
162 - markus@cvs.openbsd.org 2003/09/01 18:15:50
163 [readconf.c readconf.h servconf.c servconf.h ssh.c]
164 remove unused kerberos code; ok henning@
165 - markus@cvs.openbsd.org 2003/09/01 20:44:54
168 - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler
169 error. Part of Bug #423, patch from michael_steffens AT hp.com
170 - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session
171 management (now done in do_setusercontext). Largely from
172 michael_steffens AT hp.com
173 - (djm) Fix openbsd-compat/ again - remove references to strl(cpy|cat).h
176 - (bal) openbsd-compat/ clean up. Considate headers, add in Id on our
177 files, and added missing license to header.
180 - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint"
181 as deprecated. Remove mention from README.privsep. Patch from
183 - (dtucker) OpenBSD CVS Sync
184 - markus@cvs.openbsd.org 2003/08/22 10:56:09
185 [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
186 gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
187 readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
188 ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
189 support GSS API user authentication; patches from Simon Wilkinson,
190 stripped down and tested by Jakob and myself.
191 - markus@cvs.openbsd.org 2003/08/22 13:20:03
193 remove support for "kerberos-2@ssh.com"
194 - markus@cvs.openbsd.org 2003/08/22 13:22:27
195 [auth2.c] (auth2-krb5.c removed)
196 nuke "kerberos-2@ssh.com"
197 - markus@cvs.openbsd.org 2003/08/22 20:55:06
200 - deraadt@cvs.openbsd.org 2003/08/24 17:36:52
201 [monitor.c monitor_wrap.c sshconnect2.c]
202 64 bit cleanups; markus ok
203 - fgsch@cvs.openbsd.org 2003/08/25 08:13:09
205 fix div by zero when listing for filename lengths longer than width.
207 - djm@cvs.openbsd.org 2003/08/25 10:33:33
209 fprintf->logit to silence login banner with "ssh -q"; ok markus@
210 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
211 configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
212 sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
213 - (dtucker) [Makefile.in] Remove auth2-krb5.
214 - (dtucker) [contrib/aix/inventory.sh] Add public domain notice. ok mouring@
215 (the original author)
216 - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.
219 - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
220 larsch@trustcenter.de
221 - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications
222 and minor fixes. OK djm@
223 - (bal) redo how we handle 'mysignal()'. Move it to
224 openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
225 be our 'mysignal' by default. OK djm@
226 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
227 any access to locked accounts. ok djm@
228 - (djm) Bug #564: Perform PAM account checks for all authentications when
229 UsePAM=yes; ok dtucker
230 - (dtucker) [configure.ac] Bug #533, #551: define BROKEN_GETADDRINFO on
231 Tru64, solves getnameinfo and "bad addr or host" errors. ok djm@
232 - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix)
233 Update package builder: correctly handle config variables, use lsuser
234 rather than /etc/passwd, fix typos, add Id's.
237 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
239 - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys
240 rather that authorized_keys2. Patch from vinschen@redhat.com.
243 - (dtucker) OpenBSD CVS Sync
244 - markus@cvs.openbsd.org 2003/08/14 16:08:58
246 exit after primetest, ok djm@
247 - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros,
248 change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for
250 - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement
251 and after normal openpty test.
254 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.
255 - (dtucker) OpenBSD CVS Sync
256 - markus@cvs.openbsd.org 2003/08/13 08:33:02
258 use more portable tcsendbreak(3) and ignore break_length;
260 - markus@cvs.openbsd.org 2003/08/13 08:46:31
261 [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
262 ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
263 remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
264 fgsch@, miod@, henning@, jakob@ and others
265 - markus@cvs.openbsd.org 2003/08/13 09:07:10
267 socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
268 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
269 Add a tcsendbreak function for platforms that don't have one, based on the
273 - (dtucker) OpenBSD CVS Sync
274 (thanks to Simon Wilkinson for help with this -dt)
275 - markus@cvs.openbsd.org 2003/07/16 15:02:06
277 mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
278 otherwise the kerberos credentinal is stored in a memory cache
279 in the privileged sshd. ok jabob@, hin@ (some time ago)
280 - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate
281 in bsd-cygwin_util.h).
284 - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and
285 AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition
286 separately before defining them.
287 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@
290 - (dtucker) [session.c] Have session_break_req not attempt to send a break
291 if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
292 - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is
293 defined (fixes compile error on really old Linuxes).
294 - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if
295 not already defined (eg Linux with some versions of libc5), based on those
297 - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
298 Remove incorrect filenames from comments (file names are in Id tags).
299 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
300 specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
303 - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
304 - (dtucker) OpenBSD CVS Sync
305 - markus@cvs.openbsd.org 2003/07/22 13:35:22
306 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
307 monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
308 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
309 remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
311 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
312 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
313 - (dtucker) OpenBSD CVS Sync
314 - markus@cvs.openbsd.org 2003/07/23 07:42:43
317 - djm@cvs.openbsd.org 2003/07/28 09:49:56
318 [ssh-keygen.1 ssh-keygen.c]
319 Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
320 Based on code from Phil Karn, William Allen Simpson and Niels Provos.
321 ok markus@, thanks jmc@
322 - markus@cvs.openbsd.org 2003/07/29 18:24:00
323 [LICENCE progressmeter.c]
324 replace 4 clause BSD licensed progressmeter code with a replacement
325 from Nils Nordman and myself; ok deraadt@
326 (copied from OpenBSD an re-applied portable changes)
327 - markus@cvs.openbsd.org 2003/07/29 18:26:46
329 fix length for "- stalled -" (included with previous import)
330 - markus@cvs.openbsd.org 2003/07/30 07:44:14
332 use only 4 digits in format_size (included with previous import)
333 - markus@cvs.openbsd.org 2003/07/30 07:53:27
335 whitespace (included with previous import)
336 - markus@cvs.openbsd.org 2003/07/31 09:21:02
338 check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za
340 - avsm@cvs.openbsd.org 2003/07/31 15:50:16
342 correct comment: atomicio takes vwrite, not write; deraadt@ ok
343 - markus@cvs.openbsd.org 2003/07/31 22:34:03
345 print rate similar old version; round instead truncate;
346 (included in previous progressmeter.c commit)
347 - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
348 Add a tcgetpgrp function.
349 - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
350 - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp.
353 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
356 - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW ->
357 DISABLE_SHADOW. Fixes HP-UX compile error.
360 - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
361 openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
362 and isolate shadow password functions. Tested in Solaris, but should
363 not break other platforms too badly (except maybe HP =). Also brings
364 auth-passwd.c into full sync with OpenBSD tree.
367 - (dtucker) [configure.ac] Back out change for bug #620.
370 - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for
371 Solaris/x86. Patch from jrhett at isite.net.
372 - (dtucker) OpenBSD CVS Sync
373 - markus@cvs.openbsd.org 2003/07/14 12:36:37
375 remove undocumented -V option. would be only useful if openssh is used
376 as ssh v1 server for ssh.com's ssh v2.
377 - markus@cvs.openbsd.org 2003/07/16 10:34:53
379 don't exit on multiple -v or -d; ok deraadt@
380 - markus@cvs.openbsd.org 2003/07/16 10:36:28
382 clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@
383 - deraadt@cvs.openbsd.org 2003/07/18 01:54:25
385 userid is unsigned, but well, force it anyways; andrushock@korovino.net
386 - djm@cvs.openbsd.org 2003/07/19 00:45:53
388 fix sftp filename parsing for arguments with escaped quotes. bz #517;
390 - djm@cvs.openbsd.org 2003/07/19 00:46:31
391 [regress/sftp-cmds.sh]
392 regress test for sftp arguments with escaped quotes; ok markus
395 - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
396 loginfailed at all, so assume 3-arg loginfailed if not declared.
397 - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
399 - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
400 Call setauthdb() before loginfailed(), which may load password registry-
401 specific functions. Based on patch by cawlfiel at us.ibm.com.
402 - (dtucker) [port-aix.h] Fix prototypes.
403 - (dtucker) OpenBSD CVS Sync
404 - avsm@cvs.openbsd.org 2003/07/09 13:58:19
406 minor tweak: when generating the hex fingerprint, give strlcat the full
407 bound to the buffer, and add a comment below explaining why the
408 zero-termination is one less than the bound. markus@ ok
409 - markus@cvs.openbsd.org 2003/07/10 14:42:28
411 the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
412 blowfish, etc, so enforce a 1GB limit for small blocksizes.
413 - markus@cvs.openbsd.org 2003/07/10 20:05:55
415 sync usage with manpage, add missing -R
418 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
419 Include AIX headers for authentication functions and make calls match
420 prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed.
421 - (dtucker) [session.c] Check return value of setpcred().
422 - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
423 Convert aixloginmsg into platform-independant Buffer loginmsg.
426 - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
427 searching libraries for it. Fixes build errors on NCR MP-RAS.
430 - (dtucker) [ssh-rand-helper.c loginrec.c]
431 Apply atomicio typing change to these too.
434 - (dtucker) OpenBSD CVS Sync
435 - djm@cvs.openbsd.org 2003/06/28 07:48:10
437 report pidfile creation errors, based on patch from Roumen Petrov;
439 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
440 [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
441 progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
443 deal with typing of write vs read in atomicio
444 - markus@cvs.openbsd.org 2003/06/29 12:44:38
446 memset 0, not \0; andrushock@korovino.net
447 - markus@cvs.openbsd.org 2003/07/02 12:56:34
449 deny dynamic forwarding with -R for v1, too; ok djm@
450 - markus@cvs.openbsd.org 2003/07/02 14:51:16
451 [channels.c ssh.1 ssh_config.5]
452 (re)add socks5 suppport to -D; ok djm@
453 now ssh(1) can act both as a socks 4 and socks 5 server and
454 dynamically forward ports.
455 - markus@cvs.openbsd.org 2003/07/02 20:37:48
457 convert hostkeyalias to lowercase, otherwise uppercase aliases will
458 not match at all; ok henning@
459 - markus@cvs.openbsd.org 2003/07/03 08:21:46
460 [regress/dynamic-forward.sh]
461 add socks5; speedup; reformat; based on patch from dtucker@zip.com.au
462 - markus@cvs.openbsd.org 2003/07/03 08:24:13
464 enable tests for dynamic fwd via socks (-D), uses nc(1)
465 - djm@cvs.openbsd.org 2003/07/03 08:09:06
466 [readconf.c readconf.h ssh-keysign.c ssh.c]
467 fix AddressFamily option in config file, from brent@graveland.net;
471 - (djm) Search for support functions necessary to build our
472 getrrsetbyname() replacement. Patch from Roumen Petrov
475 - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h
476 (fixes compiler warnings on Solaris 2.5.1).
477 - (dtucker) [configure.ac] Add sanity test after system-dependant compiler
481 - (djm) Bug #591: use PKCS#15 private key label as a comment in case
482 of OpenSC. Report and patch from larsch@trustcenter.de
483 - (djm) Bug #593: Sanity check OpenSC card reader number; patch from
485 - (dtucker) OpenBSD CVS Sync
486 - markus@cvs.openbsd.org 2003/06/23 09:02:44
488 document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@
489 - markus@cvs.openbsd.org 2003/06/24 08:23:46
490 [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
491 monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
492 int -> u_int; ok djm@, deraadt@, mouring@
493 - miod@cvs.openbsd.org 2003/06/25 22:39:36
495 Typo police: attribute is better written with an 'r'.
496 - markus@cvs.openbsd.org 2003/06/26 20:08:33
498 do not dump core for 'ssh -o proxycommand host'; ok deraadt@
499 - (dtucker) [regress/dynamic-forward.sh] Import new regression test.
500 - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE
501 actually enable the feature, for those normally disabled. Patch by
502 openssh (at) roumenpetrov.info.
505 - (dtucker) Have configure refer the user to config.log and
506 contrib/findssl.sh for OpenSSL header/library mismatches.
509 - (dtucker) OpenBSD CVS Sync
510 - markus@cvs.openbsd.org 2003/06/21 09:14:05
511 [regress/reconfigure.sh]
512 missing $SUDO; from dtucker@zip.com.au
513 - markus@cvs.openbsd.org 2003/06/18 11:28:11
515 backout last change, since it violates pkcs#1
516 switch to share/misc/license.template
517 - djm@cvs.openbsd.org 2003/06/20 05:47:58
519 sync description of protocol 2 cipher proposal; ok markus
520 - djm@cvs.openbsd.org 2003/06/20 05:48:21
522 sync some implemented options; ok markus@
523 - (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS.
524 - (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before
528 - (djm) OpenBSD CVS Sync
529 - markus@cvs.openbsd.org 2003/06/12 07:57:38
530 [monitor.c sshlogin.c sshpty.c]
531 typos; dtucker at zip.com.au
532 - djm@cvs.openbsd.org 2003/06/12 12:22:47
534 mention more copyright holders; ok markus@
535 - nino@cvs.openbsd.org 2003/06/12 15:34:09
538 - markus@cvs.openbsd.org 2003/06/12 19:12:03
539 [scard.c scard.h ssh-agent.c ssh.c]
540 add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
541 - markus@cvs.openbsd.org 2003/06/16 08:22:35
543 make sure the signature has at least the expected length (don't
544 insist on len == hlen + oidlen, since this breaks some smartcards)
545 bugzilla #592; ok djm@
546 - markus@cvs.openbsd.org 2003/06/16 10:22:45
548 print out key comment on each prompt; make ssh-askpass more useable; ok djm@
549 - markus@cvs.openbsd.org 2003/06/17 18:14:23
551 use license from /usr/share/misc/license.template for new code
552 - (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh]
553 Import new regression tests from OpenBSD
554 - (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS.
555 - (dtucker) OpenBSD CVS Sync (regress/)
556 - markus@cvs.openbsd.org 2003/04/02 12:21:13
559 - djm@cvs.openbsd.org 2003/04/04 09:34:22
560 [Makefile sftp-cmds.sh]
561 More regression tests, including recent directory rename bug; ok markus@
562 - markus@cvs.openbsd.org 2003/05/14 22:08:27
563 [ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh]
564 test against some new commerical versions
565 - mouring@cvs.openbsd.org 2003/05/15 04:07:12
567 Advanced put/get testing for sftp. OK @djm
568 - markus@cvs.openbsd.org 2003/06/12 15:40:01
571 - markus@cvs.openbsd.org 2003/06/12 15:43:32
573 test -HUP; dtucker at zip.com.au
576 - (djm) Update license on fake-rfc2553.[ch]; ok itojun@
579 - (djm) Mention portable copyright holders in LICENSE
580 - (djm) Put licenses on substantial header files
581 - (djm) Sync LICENSE against OpenBSD
582 - (djm) OpenBSD CVS Sync
583 - jmc@cvs.openbsd.org 2003/06/10 09:12:11
584 [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5]
585 [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
587 - COMPATIBILITY merge
589 - kill whitespace at EOL
590 - new sentence, new line
592 - deraadt@cvs.openbsd.org 2003/06/10 22:20:52
593 [packet.c progressmeter.c]
594 mostly ansi cleanup; pval ok
595 - jakob@cvs.openbsd.org 2003/06/11 10:16:16
597 clean up check_host_key() and improve SSHFP feedback. ok markus@
598 - jakob@cvs.openbsd.org 2003/06/11 10:18:47
600 sync with check_host_key() change
601 - djm@cvs.openbsd.org 2003/06/11 11:18:38
602 [authfd.c authfd.h ssh-add.c ssh-agent.c]
603 make agent constraints (lifetime, confirm) work with smartcard keys;
608 - (djm) Sync README.smartcard with OpenBSD -current
609 - (djm) Re-merge OpenSC info into README.smartcard
612 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
615 - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
617 - (djm) Implement paranoid priv dropping checks, based on:
618 "SetUID demystified" - Hao Chen, David Wagner and Drew Dean
619 Proceedings of USENIX Security Symposium 2002
620 - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
621 - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
622 - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
623 Patch from larsch@trustcenter.de
624 - (djm) Bug #589 - scard-opensc: load only keys with a private keys
625 Patch from larsch@trustcenter.de
626 - (dtucker) Add includes.h to fake-rfc2553.c so it will build.
627 - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c).
630 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
631 simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
632 - (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
633 Patch from larsch@trustcenter.de; ok markus@
634 - (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from
635 larsch@trustcenter.de; ok markus@
636 - (djm) OpenBSD CVS Sync
637 - djm@cvs.openbsd.org 2003/06/04 08:25:18
639 disable challenge/response and keyboard-interactive auth methods
640 upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
642 - djm@cvs.openbsd.org 2003/06/04 10:23:48
644 remove duplicated group-dropping code; ok markus@
645 - djm@cvs.openbsd.org 2003/06/04 12:03:59
647 remove bitrotten commet; ok markus@
648 - djm@cvs.openbsd.org 2003/06/04 12:18:49
651 - djm@cvs.openbsd.org 2003/06/04 12:40:39
653 kill ssh process upon receipt of signal, bz #241.
654 based on patch from esb AT hawaii.edu; ok markus@
655 - djm@cvs.openbsd.org 2003/06/04 12:41:22
657 kill ssh process on receipt of signal; ok markus@
658 - (djm) Update to fix of bug #584: lock card before return.
659 From larsch@trustcenter.de
660 - (djm) Always use mysignal() for SIGALRM
663 - (djm) Replace setproctitle replacement with code derived from
665 - (djm) OpenBSD CVS Sync
666 - markus@cvs.openbsd.org 2003/06/02 09:17:34
667 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
668 [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
670 deprecate VerifyReverseMapping since it's dangerous if combined
671 with IP based access control as noted by Mike Harding; replace with
672 a UseDNS option, UseDNS is on by default and includes the
673 VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
675 - millert@cvs.openbsd.org 2003/06/03 02:56:16
677 Remove the advertising clause in the UCB license which Berkeley
678 rescinded 22 July 1999. Proofed by myself and Theo.
679 - (djm) Fix portable-specific uses of verify_reverse_mapping too
680 - (djm) Sync openbsd-compat with OpenBSD CVS.
681 - No more 4-term BSD licenses in linked code
682 - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
685 - (djm) Fix segv from bad reordering in auth-pam.c
686 - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
688 - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing
690 - (djm) Remove "noip6" option from RedHat spec file. This may now be
691 set at runtime using AddressFamily option.
692 - (djm) Fix use of macro before #define in cipher-aes.c
693 - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
694 - (djm) OpenBSD CVS Sync
695 - djm@cvs.openbsd.org 2003/05/26 12:54:40
697 fix format strings; ok markus@
698 - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
700 seteuid and setegid; markus ok
701 - jakob@cvs.openbsd.org 2003/06/02 08:31:10
703 VerifyHostKeyDNS is v2 only. ok markus@
706 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
708 - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
711 - (djm) Avoid auth2-chall.c warning when compiling without
712 PAM, BSD_AUTH and SKEY
715 - (djm) OpenBSD CVS Sync
716 - djm@cvs.openbsd.org 2003/05/24 09:02:22
718 pass logged data through strnvis; ok markus
719 - djm@cvs.openbsd.org 2003/05/24 09:30:40
720 [authfile.c monitor.c sftp-common.c sshpty.c]
721 cast some types for printing; ok markus@
724 - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
727 - (djm) Use VIS_SAFE on logged strings rather than default strnvis
728 encoding (which encodes many more characters)
730 - jmc@cvs.openbsd.org 2003/05/20 12:03:35
732 - new sentence, new line
736 - jmc@cvs.openbsd.org 2003/05/20 12:09:31
737 [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
738 new sentence, new line
739 - djm@cvs.openbsd.org 2003/05/23 08:29:30
744 - (djm) OpenBSD CVS Sync
745 - deraadt@cvs.openbsd.org 2003/05/18 23:22:01
747 use syslog_r() in a signal handler called place; markus ok
748 - (djm) Configure logic to detect syslog_r and friends
751 - (djm) Sync auth-pam.h with what we actually implement
754 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
756 - (djm) OpenBSD CVS Sync
757 - djm@cvs.openbsd.org 2003/05/16 03:27:12
758 [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
759 add AddressFamily option to ssh_config (like -4, -6 on commandline).
760 Portable bug #534; ok markus@
761 - itojun@cvs.openbsd.org 2003/05/17 03:25:58
763 just in case, put numbers to sscanf %s arg.
764 - markus@cvs.openbsd.org 2003/05/17 04:27:52
765 [cipher.c cipher-ctr.c myproposal.h]
766 experimental support for aes-ctr modes from
767 http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
769 - (djm) Remove IPv4 by default hack now that we can specify AF in config
770 - (djm) Tidy and trim TODO
771 - (djm) Sync openbsd-compat/ with OpenBSD CVS head
772 - (djm) Big KNF on openbsd-compat/
773 - (djm) KNF on md5crypt.[ch]
774 - (djm) KNF on auth-sia.[ch]
777 - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
780 - (djm) OpenBSD CVS Sync
781 - djm@cvs.openbsd.org 2003/05/15 13:52:10
783 Make "ssh -V" print the OpenSSL version in a human readable form. Patch
784 from Craig Leres (mindrot at ee.lbl.gov); ok markus@
785 - jakob@cvs.openbsd.org 2003/05/15 14:02:47
786 [readconf.c servconf.c]
787 warn for unsupported config option. ok markus@
788 - markus@cvs.openbsd.org 2003/05/15 14:09:21
790 fix 64bit issue; report itojun@
791 - djm@cvs.openbsd.org 2003/05/15 14:55:25
792 [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
793 add a ConnectTimeout option to ssh, based on patch from
794 Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
795 - (djm) Add warning for UsePAM when built without PAM support
796 - (djm) A few type mismatch fixes from Bug #565
797 - (djm) Guard free_pam_environment against NULL argument. Works around
798 HP/UX PAM problems debugged by dtucker
801 - (djm) OpenBSD CVS Sync
802 - jmc@cvs.openbsd.org 2003/05/14 13:11:56
806 - jakob@cvs.openbsd.org 2003/05/14 18:16:20
807 [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
808 [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
809 add experimental support for verifying hos keys using DNS as described
810 in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
811 ok markus@ and henning@
812 - markus@cvs.openbsd.org 2003/05/14 22:24:42
813 [clientloop.c session.c ssh.1]
814 allow to send a BREAK to the remote system; ok various
815 - markus@cvs.openbsd.org 2003/05/15 00:28:28
817 cleanup unregister of per-method packet handlers; ok djm@
818 - jakob@cvs.openbsd.org 2003/05/15 01:48:10
819 [readconf.c readconf.h servconf.c servconf.h]
820 always parse kerberos options. ok djm@ markus@
821 - jakob@cvs.openbsd.org 2003/05/15 02:27:15
823 add missing freerrset
824 - markus@cvs.openbsd.org 2003/05/15 03:08:29
825 [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
826 split out custom EVP ciphers
827 - djm@cvs.openbsd.org 2003/05/15 03:10:52
829 avoid warning; ok jakob@
830 - mouring@cvs.openbsd.org 2003/05/15 03:39:07
832 Make put/get (globed and nonglobed) code more consistant. OK djm@
833 - mouring@cvs.openbsd.org 2003/05/15 03:43:59
835 Teach ls how to display multiple column display and allow users
836 to return to single column format via 'ls -1'. OK @djm
837 - jakob@cvs.openbsd.org 2003/05/15 04:08:44
838 [readconf.c servconf.c]
839 disable kerberos when not supported. ok markus@
840 - markus@cvs.openbsd.org 2003/05/15 04:08:41
843 - (djm) Always parse UsePAM
844 - (djm) Configure glue for DNS support (code doesn't work in portable yet)
845 - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
846 - (djm) Tidy Makefile clean targets
847 - (djm) Adapt README.dns for portable
848 - (djm) Avoid uuencode.c warnings
849 - (djm) Enable UsePAM when built --with-pam
850 - (djm) Only build getrrsetbyname replacement when using --with-dns
851 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
853 - (djm) Bug #444: Wrong paths after reconfigure
854 - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
857 - (djm) Bug #117: Don't lie to PAM about username
858 - (djm) RCSID sync w/ OpenBSD
859 - (djm) OpenBSD CVS Sync
860 - djm@cvs.openbsd.org 2003/04/09 12:00:37
862 strip trailing whitespace from config lines before parsing.
863 Fixes bz 528; ok markus@
864 - markus@cvs.openbsd.org 2003/04/12 10:13:57
866 hide cipher details; ok djm@
867 - markus@cvs.openbsd.org 2003/04/12 10:15:36
870 - naddy@cvs.openbsd.org 2003/04/12 11:40:15
872 document -V switch, fix wording; ok markus@
873 - markus@cvs.openbsd.org 2003/04/14 14:17:50
874 [channels.c sshconnect.c sshd.c ssh-keyscan.c]
875 avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
876 - mouring@cvs.openbsd.org 2003/04/14 21:31:27
878 Missing globfree(&g) in process_put() spotted by Vince Brimhall
879 <VBrimhall@novell.com>. ok@ Theo
880 - markus@cvs.openbsd.org 2003/04/16 14:35:27
882 document struct Authctxt; with solar
883 - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
885 -t in usage(); rogier@quaak.org
886 - mouring@cvs.openbsd.org 2003/04/30 01:16:20
887 [sshd.8 sshd_config.5]
888 Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
889 Bug #550 and * escaping suggested by jmc@.
890 - david@cvs.openbsd.org 2003/04/30 20:41:07
892 fix invalid .Pf macro usage introduced in previous commit
894 - markus@cvs.openbsd.org 2003/05/11 16:56:48
895 [authfile.c ssh-keygen.c]
896 change key_load_public to try to read a public from:
897 rsa1 private or rsa1 public and ssh2 keys.
898 this makes ssh-keygen -e fail for ssh1 keys more gracefully
899 for example; report from itojun (netbsd pr 20550).
900 - markus@cvs.openbsd.org 2003/05/11 20:30:25
901 [channels.c clientloop.c serverloop.c session.c ssh.c]
902 make channel_new() strdup the 'remote_name' (not the caller); ok theo
903 - markus@cvs.openbsd.org 2003/05/12 16:55:37
905 for pubkey authentication try the user keys in the following order:
906 1. agent keys that are found in the config file
908 3. keys that are only listed in the config file
909 this helps when an agent has many keys, where the server might
910 close the connection before the correct key is used. report & ok pb@
911 - markus@cvs.openbsd.org 2003/05/12 18:35:18
913 typo: DSA keys are of type ssh-dss; Brian Poole
914 - markus@cvs.openbsd.org 2003/05/14 00:52:59
916 ranges for per auth method messages
917 - djm@cvs.openbsd.org 2003/05/14 01:00:44
919 emphasise the batchmode functionality and make reference to pubkey auth,
920 both of which are FAQs; ok markus@
921 - markus@cvs.openbsd.org 2003/05/14 02:15:47
922 [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
923 implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
924 server interops with commercial client; ok jakob@ djm@
925 - jmc@cvs.openbsd.org 2003/05/14 08:25:39
927 - better formatting in SYNOPSIS
930 - markus@cvs.openbsd.org 2003/05/14 08:57:49
932 http://bugzilla.mindrot.org/show_bug.cgi?id=560
933 Privsep child continues to run after monitor killed.
934 Pass monitor signals through to child; Darren Tucker
935 - (djm) Make portable build with MIT krb5 (some issues remain)
936 - (djm) Add new UsePAM configuration directive to allow runtime control
937 over usage of PAM. This allows non-root use of sshd when built with
939 - (djm) Die screaming if start_pam() is called when UsePAM=no
940 - (djm) Avoid KrbV leak for MIT Kerberos
941 - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
942 - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
945 - (djm) Redhat spec: Don't install profile.d scripts when not
946 building with GNOME/GTK askpass (patch from bet@rahul.net)
949 - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
950 "make install". Patch by roth@feep.net.
951 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
952 problem on Linux (fixes "could not set controlling tty" errors).
953 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
954 proper challenge-response module
955 - (djm) 2-clause license on loginrec.c, with permission from
959 - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
960 Patch from vinschen@redhat.com.
963 - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
967 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
968 privsep should now work.
969 - (dtucker) Move handling of bad password authentications into a platform
970 specific record_failed_login() function (affects AIX & Unicos). ok mouring@
973 - (djm) Add back radix.o (used by AFS support), after it went missing from
974 Makefile many moons ago
975 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
976 - (djm) Fix blibpath specification for AIX/gcc
977 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
980 - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
984 - (bal) Bug #541: return; was dropped by mistake. Reported by
986 - (bal) Since we don't support platforms lacking u_int_64. We may
987 as well clean out some of those evil #ifdefs
988 - (bal) auth1.c minor resync while looking at the code.
989 - (bal) auth2.c same changed as above.
992 - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
993 from matth@eecs.berkeley.edu
994 - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
995 - (djm) OpenBSD CVS Sync
996 - markus@cvs.openbsd.org 2003/04/02 09:48:07
997 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
998 [readconf.h serverloop.c sshconnect2.c]
999 reapply rekeying chage, tested by henning@, ok djm@
1000 - markus@cvs.openbsd.org 2003/04/02 14:36:26
1002 potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
1003 - itojun@cvs.openbsd.org 2003/04/03 07:25:27
1006 - itojun@cvs.openbsd.org 2003/04/03 10:17:35
1008 remove $OpenBSD$, as other *.c does not have it.
1009 - markus@cvs.openbsd.org 2003/04/07 08:29:57
1011 typo: get correct counters; introduced during rekeying change.
1012 - millert@cvs.openbsd.org 2003/04/07 21:58:05
1014 The UCB copyright here is incorrect. This code did not originate
1015 at UCB, it was written by Luke Mewburn. Updated the copyright at
1016 the author's request. markus@ OK
1017 - itojun@cvs.openbsd.org 2003/04/08 20:21:29
1019 rename log() into logit() to avoid name conflict. markus ok, from
1021 - (djm) XXX - Performed locally using:
1022 "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
1023 - hin@cvs.openbsd.org 2003/04/09 08:23:52
1025 Don't include <krb.h> when compiling with Kerberos 5 support
1026 - (djm) Fix up missing include for packet.c
1027 - (djm) Fix missed log => logit occurance (reference by function pointer)
1030 - (bal) if IP_TOS is not found or broken don't try to compile in
1031 packet_set_tos() function call. bug #527
1034 - (djm) OpenBSD CVS Sync
1035 - jmc@cvs.openbsd.org 2003/03/28 10:11:43
1036 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
1037 [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
1039 - new sentence new line
1042 - markus@cvs.openbsd.org 2003/04/01 10:10:23
1043 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
1044 [readconf.h serverloop.c sshconnect2.c]
1045 rekeying bugfixes and automatic rekeying:
1046 * both client and server rekey _automatically_
1047 (a) after 2^31 packets, because after 2^32 packets
1048 the sequence number for packets wraps
1049 (b) after 2^(blocksize_in_bits/4) blocks
1050 (see: draft-ietf-secsh-newmodes-00.txt)
1051 (a) and (b) are _enabled_ by default, and only disabled for known
1052 openssh versions, that don't support rekeying properly.
1053 * client option 'RekeyLimit'
1054 * do not reply to requests during rekeying
1055 - markus@cvs.openbsd.org 2003/04/01 10:22:21
1056 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
1057 [readconf.h serverloop.c sshconnect2.c]
1058 backout rekeying changes (for 3.6.1)
1059 - markus@cvs.openbsd.org 2003/04/01 10:31:26
1060 [compat.c compat.h kex.c]
1061 bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
1062 tested by ho@ and myself
1063 - markus@cvs.openbsd.org 2003/04/01 10:56:46
1066 - (djm) Crank spec file versions
1067 - (djm) Release 3.6.1p1
1070 - (djm) OpenBSD CVS Sync
1071 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
1073 one last fix to the tree: race fix broke stuff; pr 3169;
1074 srp@srparish.net, help from djm
1077 - (djm) Fix getpeerid support for 64 bit BE systems. From
1078 Arnd Bergmann <arndb@de.ibm.com>
1081 - (djm) OpenBSD CVS Sync
1082 - markus@cvs.openbsd.org 2003/03/23 19:02:00
1084 unbreak rekeying for privsep; ok millert@
1086 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1087 Report from murple@murple.net, diagnosis from dtucker@zip.com.au