+20081228
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2008/12/09 03:20:42
+ [channels.c servconf.c]
+ channel_print_adm_permitted_opens() should deal with all the printing
+ for that config option. suggested by markus@; ok markus@ djm@
+ dtucker@
+ - djm@cvs.openbsd.org 2008/12/09 04:32:22
+ [auth2-chall.c]
+ replace by-hand string building with xasprinf(); ok deraadt@
+ - sobrado@cvs.openbsd.org 2008/12/09 15:35:00
+ [sftp.1 sftp.c]
+ update for the synopses displayed by the 'help' command, there are a
+ few missing flags; add 'bye' to the output of 'help'; sorting and spacing.
+ jmc@ suggested replacing .Oo/.Oc with a single .Op macro.
+ ok jmc@
+ - stevesk@cvs.openbsd.org 2008/12/09 22:37:33
+ [clientloop.c]
+ fix typo in error message
+ - stevesk@cvs.openbsd.org 2008/12/10 03:55:20
+ [addrmatch.c]
+ o cannot be NULL here but use xfree() to be consistent; ok djm@
+ - stevesk@cvs.openbsd.org 2008/12/29 01:12:36
+ [ssh-keyscan.1]
+ fix example, default key type is rsa for 3+ years; from
+ frederic.perrin@resel.fr
+ - stevesk@cvs.openbsd.org 2008/12/29 02:23:26
+ [pathnames.h]
+ no need to escape single quotes in comments
+ - okan@cvs.openbsd.org 2008/12/30 00:46:56
+ [sshd_config.5]
+ add AllowAgentForwarding to available Match keywords list
+ ok djm
+ - djm@cvs.openbsd.org 2009/01/01 21:14:35
+ [channels.c]
+ call channel destroy callbacks on receipt of open failure messages.
+ fixes client hangs when connecting to a server that has MaxSessions=0
+ set spotted by imorgan AT nas.nasa.gov; ok markus@
+ - djm@cvs.openbsd.org 2009/01/01 21:17:36
+ [kexgexs.c]
+ fix hash calculation for KEXGEX: hash over the original client-supplied
+ values and not the sanity checked versions that we acutally use;
+ bz#1540 reported by john.smith AT arrows.demon.co.uk
+ ok markus@
+ - djm@cvs.openbsd.org 2009/01/14 01:38:06
+ [channels.c]
+ support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
+ "looks ok" markus@
+ - stevesk@cvs.openbsd.org 2009/01/15 17:38:43
+ [readconf.c]
+ 1) use obsolete instead of alias for consistency
+ 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
+ so move the comment.
+ 3) reorder so like options are together
+ ok djm@
+ - djm@cvs.openbsd.org 2009/01/22 09:46:01
+ [channels.c channels.h session.c]
+ make Channel->path an allocated string, saving a few bytes here and
+ there and fixing bz#1380 in the process; ok markus@
+ - djm@cvs.openbsd.org 2009/01/22 09:49:57
+ [channels.c]
+ oops! I committed the wrong version of the Channel->path diff,
+ it was missing some tweaks suggested by stevesk@
+ - djm@cvs.openbsd.org 2009/01/22 10:02:34
+ [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
+ [serverloop.c ssh-keyscan.c ssh.c sshd.c]
+ make a2port() return -1 when it encounters an invalid port number
+ rather than 0, which it will now treat as valid (needed for future work)
+ adjust current consumers of a2port() to check its return value is <= 0,
+ which in turn required some things to be converted from u_short => int
+ make use of int vs. u_short consistent in some other places too
+ feedback & ok markus@
+
+20090107
+ - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
+ Patch based on one from vgiffin AT apple.com; ok dtucker@
+ - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via
+ launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
+ ok dtucker@
+ - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make
+ ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity"
+ key). Patch from cjwatson AT debian.org
+
+20090107
+ - (tim) [configure.ac defines.h openbsd-compat/port-uw.c
+ openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
+ OK djm@ dtucker@
+ - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section.
+ OpenServer 6 doesn't need libcrypt.
+
+20081209
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2008/12/09 02:38:18
+ [clientloop.c]
+ The ~C escape handler does not work correctly for multiplexed sessions -
+ it opens a commandline on the master session, instead of on the slave
+ that requested it. Disable it on slave sessions until such time as it
+ is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
+ ok markus@
+ - djm@cvs.openbsd.org 2008/12/09 02:39:59
+ [sftp.c]
+ Deal correctly with failures in remote stat() operation in sftp,
+ correcting fail-on-error behaviour in batchmode. bz#1541 report and
+ fix from anedvedicky AT gmail.com; ok markus@
+ - djm@cvs.openbsd.org 2008/12/09 02:58:16
+ [readconf.c]
+ don't leave junk (free'd) pointers around in Forward *fwd argument on
+ failure; avoids double-free in ~C -L handler when given an invalid
+ forwarding specification; bz#1539 report from adejong AT debian.org
+ via Colin Watson; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2008/12/09 03:02:37
+ [sftp.1 sftp.c]
+ correct sftp(1) and corresponding usage syntax;
+ bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
+
+20081208
+ - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
+ use some stack in main().
+ Report and suggested fix from vapier AT gentoo.org
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2008/12/02 19:01:07
+ [clientloop.c]
+ we have to use the recipient's channel number (RFC 4254) for
+ SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
+ otherwise we trigger 'Non-public channel' error messages on sshd
+ systems with clientkeepalive enabled; noticed by sturm; ok djm;
+ - markus@cvs.openbsd.org 2008/12/02 19:08:59
+ [serverloop.c]
+ backout 1.149, since it's not necessary and openssh clients send
+ broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
+ - markus@cvs.openbsd.org 2008/12/02 19:09:38
+ [channels.c]
+ s/remote_id/id/ to be more consistent with other code; ok djm@
+
+20081201
+ - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files
+ and tweak the is-sshd-running check in ssh-host-config. Patch from
+ vinschen at redhat com.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2008/11/21 15:47:38
+ [packet.c]
+ packet_disconnect() on padding error, too. should reduce the success
+ probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
+ ok djm@
+ - dtucker@cvs.openbsd.org 2008/11/30 11:59:26
+ [monitor_fdpass.c]
+ Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
+
+20081123
+ - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
+ declarations, removing an unnecessary union member and adding whitespace.
+ cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago.
+
+20081118
+ - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
+ member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
+ feedback by djm@
+
+20081111
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2008/11/05 11:22:54
+ [servconf.c]
+ passord -> password;
+ fixes user/5975 from Rene Maroufi
+ - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
+ [ssh-keygen.c]
+ spelling/typo in comment
+ - stevesk@cvs.openbsd.org 2008/11/07 18:50:18
+ [nchan.c]
+ add space to some log/debug messages for readability; ok djm@ markus@
+ - dtucker@cvs.openbsd.org 2008/11/07 23:34:48
+ [auth2-jpake.c]
+ Move JPAKE define to make life easier for portable. ok djm@
+ - tobias@cvs.openbsd.org 2008/11/09 12:34:47
+ [session.c ssh.1]
+ typo fixed (overriden -> overridden)
+ ok espie, jmc
+ - stevesk@cvs.openbsd.org 2008/11/11 02:58:09
+ [servconf.c]
+ USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing
+ kerberosgetafstoken. ok dtucker@
+ (Id sync only, we still want the ifdef in portable)
+ - stevesk@cvs.openbsd.org 2008/11/11 03:55:11
+ [channels.c]
+ for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
+ permitopen's; ok and input dtucker@
+ - djm@cvs.openbsd.org 2008/11/10 02:06:35
+ [regress/putty-ciphers.sh]
+ PuTTY supports AES CTR modes, so interop test against them too
+
20081105
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/11/03 08:59:41
passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id$
+