+20070520
+ - (dtucker) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
+ [auth2.c]
+ remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
+ - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
+ [sftp-server.c]
+ cast "%llu" format spec to (unsigned long long); do not assume a
+ u_int64_t arg is the same as 'unsigned long long'.
+ from Dmitry V. Levin <ldv@altlinux.org>
+ ok markus@ 'Yes, that looks correct' millert@
+ - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
+ [servconf.c]
+ Remove debug() left over from development. ok deraadt@
+ - djm@cvs.openbsd.org 2007/05/17 07:50:31
+ [log.c]
+ save and restore errno when logging; ok deraadt@
+
+20070509
+ - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
+
+20070429
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
+ for select(2) prototype.
+ - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
+ - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
+ platform's _res if it has one. Should fix problem of DNSSEC record lookups
+ on NetBSD as reported by Curt Sampson.
+ - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
+ - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
+ so we don't get redefinition warnings.
+ - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
+ - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
+ __nonnull__ for versions of GCC that don't support it.
+ - (dtucker) [configure.ac defines.h] Have configure check for offsetof
+ to prevent redefinition warnings.
+
+20070406
+ - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
+ to OpenPAM too.
+ - (dtucker) [INSTALL] prngd lives at sourceforge these days.
+
+20070326
+ - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
+ openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
+ to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
+
+20070325
+ - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
+ LIBWRAP and LIBPAM variables in Makefile with the general-purpose
+ SSHDLIBS. "I like" djm@
+
+20070321
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
+ [servconf.c sshd.c]
+ Move C/R -> kbdint special case to after the defaults have been
+ loaded, which makes ChallengeResponse default to yes again. This
+ was broken by the Match changes and not fixed properly subsequently.
+ Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
+ - djm@cvs.openbsd.org 2007/03/19 01:01:29
+ [sshd_config]
+ Disable the legacy SSH protocol 1 for new installations via
+ a configuration override. In the future, we will change the
+ server's default itself so users who need the legacy protocol
+ will need to turn it on explicitly
+ - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
+ [ssh-agent.c]
+ Remove the signal handler that checks if the agent's parent process
+ has gone away, instead check when the select loop returns. Record when
+ the next key will expire when scanning for expired keys. Set the select
+ timeout to whichever of these two things happens next. With djm@, with &
+ ok deraadt@ markus@
+ - tedu@cvs.openbsd.org 2007/03/20 03:56:12
+ [readconf.c clientloop.c]
+ remove some bogus *p tests from charles longeau
+ ok deraadt millert
+ - jmc@cvs.openbsd.org 2007/03/20 15:57:15
+ [sshd.8]
+ - let synopsis and description agree for -f
+ - sort FILES
+ - +.Xr ssh-keyscan 1 ,
+ from Igor Sobrado
+ - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
+ getpeerucred to implement getpeereid (currently only Solaris 10 and up).
+ Patch by Jan.Pechanec at Sun.
+ - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
+ HAVE_GETPEERUCRED too. Also from Jan Pechanec.
+
+20070313
+ - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
+ string.h to prevent warnings, from vapier at gentoo.org.
+ - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
+ selinux bits in -portable.
+ - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
+ bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
+ in cipher-bf1.c. Patch from Juan Gallego.
+ - (dtucker) [README.platform] Info about blibpath on AIX.
+
+20070306
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2007/03/01 16:19:33
+ [sshd_config.5]
+ sort the `match' keywords;
+ - djm@cvs.openbsd.org 2007/03/06 10:13:14
+ [version.h]
+ openssh-4.6; "please" deraadt@
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] crank spec files for release
+ - (djm) [README] correct link to release notes
+ - (djm) Release 4.6p1
+
+20070304
+ - (djm) [configure.ac] add a --without-openssl-header-check option to
+ configure, as some platforms (OS X) ship OpenSSL headers whose version
+ does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+ bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+ ciphers from working correctly (disconnects with "Bad packet length"
+ errors) as found by Ben Harris. ok djm@
+
+20070303
+ - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
+ general to cover newer gdb versions on HP-UX.
+
+20070302
+ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
+ CRLF as well as LF lineendings) and write in binary mode. Patch from
+ vinschen at redhat.com.
+ - (dtucker) [INSTALL] Update to autoconf-2.61.
+
+20070301
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
+ [auth2.c sshd_config.5 servconf.c]
+ Remove ChallengeResponseAuthentication support inside a Match
+ block as its interaction with KbdInteractive makes it difficult to
+ support. Also, relocate the CR/kbdint option special-case code into
+ servconf. "please commit" djm@, ok markus@ for the relocation.
+ - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
+ "Looks sane" dtucker@
+
+20070228
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
+ [ssh-agent.c]
+ Remove expired keys periodically so they don't remain in memory when
+ the agent is entirely idle, as noted by David R. Piegdon. This is the
+ simple fix, a more efficient one will be done later. With markus,
+ deraadt, with & ok djm.
+
20070225
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2007/02/20 10:25:14
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
+ - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
+ [servconf.c]
+ Check activep so Match and GatewayPorts work together; ok markus@
+ - ray@cvs.openbsd.org 2007/02/24 03:30:11
+ [moduli.c]
+ - strlen returns size_t, not int.
+ - Pass full buffer size to fgets.
+ OK djm@, millert@, and moritz@.
20070219
- (dtucker) OpenBSD CVS Sync