+20070605
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/05/22 10:18:52
+ [sshd.c]
+ zap double include; from p_nowaczyk AT o2.pl
+ (not required in -portable, Id sync only)
+
+20070520
+ - (dtucker) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
+ [auth2.c]
+ remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
+ - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
+ [sftp-server.c]
+ cast "%llu" format spec to (unsigned long long); do not assume a
+ u_int64_t arg is the same as 'unsigned long long'.
+ from Dmitry V. Levin <ldv@altlinux.org>
+ ok markus@ 'Yes, that looks correct' millert@
+ - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
+ [servconf.c]
+ Remove debug() left over from development. ok deraadt@
+ - djm@cvs.openbsd.org 2007/05/17 07:50:31
+ [log.c]
+ save and restore errno when logging; ok deraadt@
+ - djm@cvs.openbsd.org 2007/05/17 07:55:29
+ [sftp-server.c]
+ bz#1286 stop reading and processing commands when input or output buffer
+ is nearly full, otherwise sftp-server would happily try to grow the
+ input/output buffers past the maximum supported by the buffer API and
+ promptly fatal()
+ based on patch from Thue Janus Kristensen; feedback & ok dtucker@
+ - djm@cvs.openbsd.org 2007/05/17 20:48:13
+ [sshconnect2.c]
+ fall back to gethostname() when the outgoing connection is not
+ on a socket, such as is the case when ProxyCommand is used.
+ Gives hostbased auth an opportunity to work; bz#616, report
+ and feedback stuart AT kaloram.com; ok markus@
+ - djm@cvs.openbsd.org 2007/05/17 20:52:13
+ [monitor.c]
+ pass received SIGINT from monitor to postauth child so it can clean
+ up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
+ ok markus@
+ - jolan@cvs.openbsd.org 2007/05/17 23:53:41
+ [sshconnect2.c]
+ djm owes me a vb and a tism cd for breaking ssh compilation
+ - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
+ ldv at altlinux.org.
+ - (dtucker) [auth-pam.c] Return empty string if fgets fails in
+ sshpam_tty_conv. Patch from ldv at altlinux.org.
+
+20070509
+ - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
+
+20070429
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
+ for select(2) prototype.
+ - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
+ - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
+ platform's _res if it has one. Should fix problem of DNSSEC record lookups
+ on NetBSD as reported by Curt Sampson.
+ - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
+ - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
+ so we don't get redefinition warnings.
+ - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
+ - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
+ __nonnull__ for versions of GCC that don't support it.
+ - (dtucker) [configure.ac defines.h] Have configure check for offsetof
+ to prevent redefinition warnings.
+
+20070406
+ - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
+ to OpenPAM too.
+ - (dtucker) [INSTALL] prngd lives at sourceforge these days.
+
+20070326
+ - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
+ openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
+ to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
+
+20070325
+ - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
+ LIBWRAP and LIBPAM variables in Makefile with the general-purpose
+ SSHDLIBS. "I like" djm@
+
+20070321
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
+ [servconf.c sshd.c]
+ Move C/R -> kbdint special case to after the defaults have been
+ loaded, which makes ChallengeResponse default to yes again. This
+ was broken by the Match changes and not fixed properly subsequently.
+ Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
+ - djm@cvs.openbsd.org 2007/03/19 01:01:29
+ [sshd_config]
+ Disable the legacy SSH protocol 1 for new installations via
+ a configuration override. In the future, we will change the
+ server's default itself so users who need the legacy protocol
+ will need to turn it on explicitly
+ - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
+ [ssh-agent.c]
+ Remove the signal handler that checks if the agent's parent process
+ has gone away, instead check when the select loop returns. Record when
+ the next key will expire when scanning for expired keys. Set the select
+ timeout to whichever of these two things happens next. With djm@, with &
+ ok deraadt@ markus@
+ - tedu@cvs.openbsd.org 2007/03/20 03:56:12
+ [readconf.c clientloop.c]
+ remove some bogus *p tests from charles longeau
+ ok deraadt millert
+ - jmc@cvs.openbsd.org 2007/03/20 15:57:15
+ [sshd.8]
+ - let synopsis and description agree for -f
+ - sort FILES
+ - +.Xr ssh-keyscan 1 ,
+ from Igor Sobrado
+ - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
+ getpeerucred to implement getpeereid (currently only Solaris 10 and up).
+ Patch by Jan.Pechanec at Sun.
+ - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
+ HAVE_GETPEERUCRED too. Also from Jan Pechanec.
+
+20070313
+ - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
+ string.h to prevent warnings, from vapier at gentoo.org.
+ - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
+ selinux bits in -portable.
+ - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
+ bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
+ in cipher-bf1.c. Patch from Juan Gallego.
+ - (dtucker) [README.platform] Info about blibpath on AIX.
+
+20070306
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2007/03/01 16:19:33
+ [sshd_config.5]
+ sort the `match' keywords;
+ - djm@cvs.openbsd.org 2007/03/06 10:13:14
+ [version.h]
+ openssh-4.6; "please" deraadt@
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] crank spec files for release
+ - (djm) [README] correct link to release notes
+ - (djm) Release 4.6p1
+
20070304
- (djm) [configure.ac] add a --without-openssl-header-check option to
configure, as some platforms (OS X) ship OpenSSL headers whose version
does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+ bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+ ciphers from working correctly (disconnects with "Bad packet length"
+ errors) as found by Ben Harris. ok djm@
20070303
- (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more