+20020122
+ - (djm) autoconf hacking:
+ - We don't support --without-zlib currently, so don't allow it.
+ - Rework cryptographic random number support detection. We now detect
+ whether OpenSSL seeds itself. If it does, then we don't bother with
+ the ssh-rand-helper program. You can force the use of ssh-rand-helper
+ using the --with-rand-helper configure argument
+ - Simplify and clean up ssh-rand-helper configuration
+ - Add OpenSSL sanity check: verify that header version matches version
+ reported by library
+ - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/12/21 08:52:22
+ [ssh-keygen.1 ssh-keygen.c]
+ Remove default (rsa1) key type; ok markus@
+ - djm@cvs.openbsd.org 2001/12/21 08:53:45
+ [readpass.c]
+ Avoid interruptable passphrase read; ok markus@
+ - djm@cvs.openbsd.org 2001/12/21 10:06:43
+ [ssh-add.1 ssh-add.c]
+ Try all standard key files (id_rsa, id_dsa, identity) when invoked with
+ no arguments; ok markus@
+ - markus@cvs.openbsd.org 2001/12/21 12:17:33
+ [serverloop.c]
+ remove ifdef for USE_PIPES since fdin != fdout; ok djm@
+ - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
+ [ssh-add.c]
+ try all listed keys.. how did this get broken?
+ - markus@cvs.openbsd.org 2001/12/25 18:49:56
+ [key.c]
+ be more careful on allocation
+ - markus@cvs.openbsd.org 2001/12/25 18:53:00
+ [auth1.c]
+ be more carefull on allocation
+ - markus@cvs.openbsd.org 2001/12/27 18:10:29
+ [ssh-keygen.c]
+ -t is only needed for key generation (unbreaks -i, -e, etc).
+ - markus@cvs.openbsd.org 2001/12/27 18:22:16
+ [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
+ [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
+ call fatal() for openssl allocation failures
+ - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
+ [sshd.8]
+ clarify -p; ok markus@
+ - markus@cvs.openbsd.org 2001/12/27 18:26:13
+ [authfile.c]
+ missing include
+ - markus@cvs.openbsd.org 2001/12/27 19:37:23
+ [dh.c kexdh.c kexgex.c]
+ always use BN_clear_free instead of BN_free
+ - markus@cvs.openbsd.org 2001/12/27 19:54:53
+ [auth1.c auth.h auth-rh-rsa.c]
+ auth_rhosts_rsa now accept generic keys.
+ - markus@cvs.openbsd.org 2001/12/27 20:39:58
+ [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
+ [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
+ get rid of packet_integrity_check, use packet_done() instead.
+ - markus@cvs.openbsd.org 2001/12/28 12:14:27
+ [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
+ [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
+ [ssh.c sshconnect1.c sshconnect2.c sshd.c]
+ s/packet_done/packet_check_eom/ (end-of-message); ok djm@
+ - markus@cvs.openbsd.org 2001/12/28 13:57:33
+ [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
+ packet_get_bignum* no longer returns a size
+ - markus@cvs.openbsd.org 2001/12/28 14:13:13
+ [bufaux.c bufaux.h packet.c]
+ buffer_get_bignum: int -> void
+ - markus@cvs.openbsd.org 2001/12/28 14:50:54
+ [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
+ [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
+ [sshconnect2.c sshd.c]
+ packet_read* no longer return the packet length, since it's not used.
+ - markus@cvs.openbsd.org 2001/12/28 15:06:00
+ [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+ [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
+ remove plen from the dispatch fn. it's no longer used.
+ - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
+ [ssh.1 sshd.8]
+ document LogLevel DEBUG[123]; ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
+ [authfile.c channels.c compress.c packet.c sftp-server.c]
+ [ssh-agent.c ssh-keygen.c]
+ remove unneeded casts and some char->u_char cleanup; ok markus@
+
+
+20020121
+ - (djm) Rework ssh-rand-helper:
+ - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
+ - Always seed from system calls, even when doing PRNGd seeding
+ - Tidy and comment #define knobs
+ - Remove unused facility for multiple runs through command list
+ - KNF, cleanup, update copyright
+
+20020114
+ - (djm) Bug #50 - make autoconf entropy path checks more robust
+
+20020108
+ - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
+ fixed env var size limit in the process. Report from Corinna Vinschen
+ <vinschen@redhat.com>
+ - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does
+ not depend on transition links. from Lutz Jaenicke.
+
+20020106
+ - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
+ for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
+
+20020105
+ - (bal) NCR requies use_pipes to operate correctly.
+ - (stevesk) fix spurious ; from NCR change.
+
+20020103
+ - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
+ Roger Cornelius <rac@tenzing.org>
+
+20011229
+ - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
+ <vinschen@redhat.com> Could be abused to guess valid usernames
+ - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen
+ <vinschen@redhat.com>
+
+20011228
+ - (djm) Remove recommendation to use GNU make, we should support most
+ make programs.
+
+20011225
+ - (stevesk) [Makefile.in ssh-rand-helper.c]
+ portable lib and __progname support for ssh-rand-helper; ok djm@
+
+20011223
+ - (bal) Removed contrib/chroot.diff and noted in contrib/README that it
+ was not being maintained.
+
+20011222
+ - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
+ solar@openwall.com
+ - (djm) Rework entropy code. If the OpenSSL PRNG is has not been
+ internally seeded, execute a subprogram "ssh-rand-helper" to obtain
+ some entropy for us. Rewrite the old in-process entropy collecter as
+ an example ssh-rand-helper.
+ - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
+ we don't end up using ssh_prng_cmds (so we always get a valid file)
+
20011221
- (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
server. I have found this necessary to avoid server hangs with X input
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
+ - markus@cvs.openbsd.org 2001/12/19 16:09:39
+ [serverloop.c]
+ fix race between SIGCHLD and select with an additional pipe. writing
+ to the pipe on SIGCHLD wakes up select(). using pselect() is not
+ portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
+ initial idea by pmenage@ensim.com; ok deraadt@, djm@
+ - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
+ [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
+ change the buffer/packet interface to use void* vs. char*; ok markus@
+ - markus@cvs.openbsd.org 2001/12/20 16:37:29
+ [channels.c channels.h session.c]
+ setup x11 listen socket for just one connect if the client requests so.
+ (v2 only, but the openssh client does not support this feature).
+ - djm@cvs.openbsd.org 2001/12/20 22:50:24
+ [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+ [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
+ [sshconnect2.c]
+ Conformance fix: we should send failing packet sequence number when
+ responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
+ yakk@yakk.dot.net; ok markus@
20011219
- (stevesk) OpenBSD CVS sync X11 localhost display