-20030603
+20030609
+ - (djm) Sync README.smartcard with OpenBSD -current
+ - (djm) Re-merge OpenSC info into README.smartcard
+
+20030606
+ - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
+
+20030605
+ - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
+ canohost.c changes.
+ - (djm) Implement paranoid priv dropping checks, based on:
+ "SetUID demystified" - Hao Chen, David Wagner and Drew Dean
+ Proceedings of USENIX Security Symposium 2002
+ - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
+ - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch]
+ - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in
+ Patch from larsch@trustcenter.de
+ - (djm) Bug #589 - scard-opensc: load only keys with a private keys
+ Patch from larsch@trustcenter.de
+ - (dtucker) Add includes.h to fake-rfc2553.c so it will build.
+ - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c).
+
+20030604
- (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
- (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
Patch from larsch@trustcenter.de; ok markus@
- (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from
larsch@trustcenter.de; ok markus@
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/06/04 08:25:18
+ [sshconnect.c]
+ disable challenge/response and keyboard-interactive auth methods
+ upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
+ bz #580; ok markus@
+ - djm@cvs.openbsd.org 2003/06/04 10:23:48
+ [sshd.c]
+ remove duplicated group-dropping code; ok markus@
+ - djm@cvs.openbsd.org 2003/06/04 12:03:59
+ [serverloop.c]
+ remove bitrotten commet; ok markus@
+ - djm@cvs.openbsd.org 2003/06/04 12:18:49
+ [scp.c]
+ ansify; ok markus@
+ - djm@cvs.openbsd.org 2003/06/04 12:40:39
+ [scp.c]
+ kill ssh process upon receipt of signal, bz #241.
+ based on patch from esb AT hawaii.edu; ok markus@
+ - djm@cvs.openbsd.org 2003/06/04 12:41:22
+ [sftp.c]
+ kill ssh process on receipt of signal; ok markus@
+ - (djm) Update to fix of bug #584: lock card before return.
+ From larsch@trustcenter.de
+ - (djm) Always use mysignal() for SIGALRM
20030603
- (djm) Replace setproctitle replacement with code derived from