+20010320
+ - (bal) glob.c update to added GLOB_LIMITS.
+
+20010319
+ - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
+ do it implicitly.
+ - (djm) Add getusershell() functions from OpenBSD CVS
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/18 12:07:52
+ [auth-options.c]
+ ignore permitopen="host:port" if AllowTcpForwarding==no
+ - (djm) Make scp work on systems without 64-bit ints
+ - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
+ move HAVE_LONG_LONG_INT where it works
+ - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
+ stuff. Change suggested by Mark Miller <markm@swoon.net>
+ - (bal) Small fix to scp. %lu vs %ld
+ - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/03/19 03:52:51
+ [sftp-client.c]
+ Report ssh connection closing correctly; ok deraadt@
+ - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
+ [compat.c compat.h sshd.c]
+ specifically version match on ssh scanners. do not log scan
+ information to the console
+ - djm@cvs.openbsd.org 2001/03/19 12:10:17
+ [sshd.8]
+ Document permitopen authorized_keys option; ok markus@
+ - djm@cvs.openbsd.org 2001/03/19 05:49:52
+ [ssh.1]
+ document PreferredAuthentications option; ok markus@
+ - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
+
+20010318
+ - (bal) Fixed scp type casing issue which causes "scp: protocol error:
+ size not delimited" fatal errors when tranfering.
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/17 17:27:59
+ [auth.c]
+ check /etc/shells, too
+ - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
+ openbsd-compat/fake-regex.h
+
+20010317
+ - Support usrinfo() on AIX. Based on patch from Gert Doering
+ <gert@greenie.muc.de>
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/15 15:05:59
+ [scp.c]
+ use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
+ - markus@cvs.openbsd.org 2001/03/15 22:07:08
+ [session.c]
+ pass Session to do_child + KNF
+ - djm@cvs.openbsd.org 2001/03/16 08:16:18
+ [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
+ Revise globbing for get/put to be more shell-like. In particular,
+ "get/put file* directory/" now works. ok markus@
+ - markus@cvs.openbsd.org 2001/03/16 09:55:53
+ [sftp-int.c]
+ fix memset and whitespace
+ - markus@cvs.openbsd.org 2001/03/16 13:44:24
+ [sftp-int.c]
+ discourage strcat/strcpy
+ - markus@cvs.openbsd.org 2001/03/16 19:06:30
+ [auth-options.c channels.c channels.h serverloop.c session.c]
+ implement "permitopen" key option, restricts -L style forwarding to
+ to specified host:port pairs. based on work by harlan@genua.de
+ - Check for gl_matchc support in glob_t and fall back to the
+ openbsd-compat/glob.[ch] support if it does not exist.
+
+20010315
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/14 08:57:14
+ [sftp-client.c]
+ Wall
+ - markus@cvs.openbsd.org 2001/03/14 15:15:58
+ [sftp-int.c]
+ add version command
+ - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
+ [sftp-server.c]
+ note no getopt()
+ - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
+ - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
+
+20010314
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/13 17:34:42
+ [auth-options.c]
+ missing xfree, deny key on parse error; ok stevesk@
+ - djm@cvs.openbsd.org 2001/03/13 22:42:54
+ [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
+ sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
+ - (bal) Fix strerror() in bsd-misc.c
+ - (djm) Add replacement glob() from OpenBSD libc if the system glob is
+ missing or lacks the GLOB_ALTDIRFUNC extension
+ - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
+ relatively. Avoids conflict between glob.h and /usr/include/glob.h
+
+20010313
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/12 22:02:02
+ [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+ remove old key_fingerprint interface, s/_ex//
+
+20010312
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/11 13:25:36
+ [auth2.c key.c]
+ debug
+ - jakob@cvs.openbsd.org 2001/03/11 15:03:16
+ [key.c key.h]
+ add improved fingerprint functions. based on work by Carsten
+ Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
+ - jakob@cvs.openbsd.org 2001/03/11 15:04:16
+ [ssh-keygen.1 ssh-keygen.c]
+ print both md5, sha1 and bubblebabble fingerprints when using
+ ssh-keygen -l -v. ok markus@.
+ - jakob@cvs.openbsd.org 2001/03/11 15:13:09
+ [key.c]
+ cleanup & shorten some var names key_fingerprint_bubblebabble.
+ - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
+ [ssh-keygen.c]
+ KNF, and SHA1 binary output is just creeping featurism
+ - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
+ test if snprintf() supports %ll
+ add /dev to search path for PRNGD/EGD socket
+ fix my mistake in USER_PATH test program
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/11 18:29:51
+ [key.c]
+ style+cleanup
+ - markus@cvs.openbsd.org 2001/03/11 22:33:24
+ [ssh-keygen.1 ssh-keygen.c]
+ remove -v again. use -B instead for bubblebabble. make -B consistent
+ with -l and make -B work with /path/to/known_hosts. ok deraadt@
+ - (djm) Bump portable version number for generating test RPMs
+ - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
+ - (bal) Reorder includes in Makefile.
+
+20010311
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/10 12:48:27
+ [sshconnect2.c]
+ ignore nonexisting private keys; report rjmooney@mediaone.net
+ - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
+ [readconf.c ssh_config]
+ default to SSH2, now that m68k runs fast
+ - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
+ [ttymodes.c ttymodes.h]
+ remove unused sgtty macros; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+ [compat.c compat.h sshconnect.c]
+ all known netscreen ssh versions, and older versions of OSU ssh cannot
+ handle password padding (newer OSU is fixed)
+ - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
+ make sure $bindir is in USER_PATH so scp will work
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/10 17:51:04
+ [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
+ add PreferredAuthentications
+
+20010310
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
+ [ssh-keygen.c]
+ create *.pub files with umask 0644, so that you can mv them to
+ authorized_keys
+ - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
+ [sshd.c]
+ typo; slade@shore.net
+ - Removed log.o from sftp client. Not needed.
+
+20010309
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
+ [auth1.c]
+ unused; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
+ [sftp.1]
+ spelling, cleanup; ok deraadt@
+ - markus@cvs.openbsd.org 2001/03/08 21:42:33
+ [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
+ implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
+ no need to do enter passphrase or do expensive sign operations if the
+ server does not accept key).
+
+20010308
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/03/07 10:11:23
+ [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
+ Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
+ functions and small protocol change.
+ - markus@cvs.openbsd.org 2001/03/08 00:15:48
+ [readconf.c ssh.1]
+ turn off useprivilegedports by default. only rhost-auth needs
+ this. older sshd's may need this, too.
+ - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
+ Dirk Markwardt <D.Markwardt@tu-bs.de>
+
+20010307
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
+ [ssh-keyscan.c]
+ appease gcc
+ - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
+ [sftp-int.c sftp.1 sftp.c]
+ sftp -b batchfile; mouring@etoh.eviladmin.org
+ - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
+ [sftp.1]
+ order things
+ - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
+ [ssh.1 sshd.8]
+ the name "secure shell" is boring, noone ever uses it
+ - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
+ [ssh.1]
+ removed dated comment
+ - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
+
+20010306
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
+ [sshd.8]
+ alpha order; jcs@rt.fm
+ - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
+ [servconf.c]
+ sync error message; ok markus@
+ - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+ [myproposal.h ssh.1]
+ switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+ provos & markus ok
+ - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
+ [sshd.8]
+ detail default hmac setup too
+ - markus@cvs.openbsd.org 2001/03/05 17:17:21
+ [kex.c kex.h sshconnect2.c sshd.c]
+ generate a 2*need size (~300 instead of 1024/2048) random private
+ exponent during the DH key agreement. according to Niels (the great
+ german advisor) this is safe since /etc/primes contains strong
+ primes only.
+
+ References:
+ P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
+ agreement with short exponents, In Advances in Cryptology
+ - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
+ - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
+ [ssh.1]
+ more ssh_known_hosts2 documentation; ok markus@
+ - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
+ [dh.c]
+ spelling
+ - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
+ [authfd.c cli.c ssh-agent.c]
+ EINTR/EAGAIN handling is required in more cases
+ - millert@cvs.openbsd.org 2001/03/06 01:06:03
+ [ssh-keyscan.c]
+ Don't assume we wil get the version string all in one read().
+ deraadt@ OK'd
+ - millert@cvs.openbsd.org 2001/03/06 01:08:27
+ [clientloop.c]
+ If read() fails with EINTR deal with it the same way we treat EAGAIN
+
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
- (bal) CVS ID touch up on sftp-int.c
list SSH2 ciphers
- (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
- (bal) Fix up logging since it changed. removed log-*.c
+ - (djm) Fix up LOG_AUTHPRIV for systems that have it
+ - (stevesk) OpenBSD sync:
+ - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
+ [ssh-keyscan.c]
+ skip inlining, why bother
+ - (stevesk) sftp.c: handle __progname
20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.