+20070114
+ - (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync.
+
+20070105
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
+ [ssh-keygen.c]
+ use argc and argv not some made up short form
+ - ray@cvs.openbsd.org 2006/11/23 01:35:11
+ [misc.c sftp.c]
+ Don't access buf[strlen(buf) - 1] for zero-length strings.
+ ``ok by me'' djm@.
+ - markus@cvs.openbsd.org 2006/12/11 21:25:46
+ [ssh-keygen.1 ssh.1]
+ add rfc 4716 (public key format); ok jmc
+ - djm@cvs.openbsd.org 2006/12/12 03:58:42
+ [channels.c compat.c compat.h]
+ bz #1019: some ssh.com versions apparently can't cope with the
+ remote port forwarding bind_address being a hostname, so send
+ them an address for cases where they are not explicitly
+ specified (wildcard or localhost bind). reported by daveroth AT
+ acm.org; ok dtucker@ deraadt@
+ - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
+ [servconf.c]
+ Make PermitOpen work with multiple values like the man pages says.
+ bz #1267 with details from peter at dmtz.com, with & ok djm@
+ - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
+ [servconf.c]
+ Make "PermitOpen all" first-match within a block to match the way other
+ options work. ok markus@ djm@
+ - jmc@cvs.openbsd.org 2007/01/02 09:57:25
+ [sshd_config.5]
+ do not use lists for SYNOPSIS;
+ from eric s. raymond via brad
+ - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
+ [ssh-keygen.c]
+ remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
+ - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
+ [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
+ spaces
+ - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
+ [sftp.c]
+ ARGSUSED for lint
+ - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
+ [sftp-server.c]
+ spaces
+
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
+ occur if the server did not have the privsep user and an invalid user
+ tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+ - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
+
+20061108
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2006/11/07 13:02:07
+ [dh.c]
+ BN_hex2bn returns int; from dtucker@
+
+20061107
+ - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
+ if we absolutely need it. Pointed out by Corinna, ok djm@
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2006/11/06 21:25:28
+ [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
+ ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
+ add missing checks for openssl return codes; with & ok djm@
+ - markus@cvs.openbsd.org 2006/11/07 10:31:31
+ [monitor.c version.h]
+ correctly check for bad signatures in the monitor, otherwise the monitor
+ and the unpriv process can get out of sync. with dtucker@, ok djm@,
+ dtucker@
+ - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
+ versions.
+ - (dtucker) Release 4.5p1.
+
+20061105
+ - (djm) OpenBSD CVS Sync
+ - otto@cvs.openbsd.org 2006/10/28 18:08:10
+ [ssh.1]
+ correct/expand example of usage of -w; ok jmc@ stevesk@
+ - markus@cvs.openbsd.org 2006/10/31 16:33:12
+ [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
+ check DH_compute_key() for -1 even if it should not happen because of
+ earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
+
+20061101
+ - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
+ events fatal in Solaris process contract support and tell it to signal
+ only processes in the same process group when something happens.
+ Based on information from andrew.benham at thus.net and similar to
+ a patch from Chad Mynhier. ok djm@
+
+20061027
+- (djm) [auth.c] gc some dead code
+
+20061023
+ - (djm) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2006/09/30 17:48:22
+ [sftp.c]
+ Clear errno before calling the strtol functions.
+ From Paul Stoeber <x0001 at x dot de1 dot cc>.
+ OK deraadt@.
+ - djm@cvs.openbsd.org 2006/10/06 02:29:19
+ [ssh-agent.c ssh-keyscan.c ssh.c]
+ sys/resource.h needs sys/time.h; prompted by brad@
+ (NB. Id sync only for portable)
+ - djm@cvs.openbsd.org 2006/10/09 23:36:11
+ [session.c]
+ xmalloc -> xcalloc that was missed previously, from portable
+ (NB. Id sync only for portable, obviously)
+ - markus@cvs.openbsd.org 2006/10/10 10:12:45
+ [sshconnect.c]
+ sleep before retrying (not after) since sleep changes errno; fixes
+ pr 5250; rad@twig.com; ok dtucker djm
+ - markus@cvs.openbsd.org 2006/10/11 12:38:03
+ [clientloop.c serverloop.c]
+ exit instead of doing a blocking tcp send if we detect a client/server
+ timeout, since the tcp sendqueue might be already full (of alive
+ requests); ok dtucker, report mpf
+ - djm@cvs.openbsd.org 2006/10/22 02:25:50
+ [sftp-client.c]
+ cancel progress meter when upload write fails; ok deraadt@
+ - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
+ autoconf 2.60 from complaining.
+
+20061018
+ - (dtucker) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2006/09/25 04:55:38
+ [ssh-keyscan.1 ssh.1]
+ Change "a SSH" to "an SSH". Hurray, I'm not the only one who
+ pronounces "SSH" as "ess-ess-aich".
+ OK jmc@ and stevesk@.
+ - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
+ on older versions of OS X. ok djm@
+
+20061016
+ - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
+ on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
+
20061006
- (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
Differentiate between OpenServer 5 and OpenServer 6
+ - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
+ SELinux functions so they're detected correctly. Patch from pebenito at
+ gentoo.org.
+ - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
+ Allow setting alternate awk in openssh-config.local.
20061003
- (tim) [configure.ac] Move CHECK_HEADERS test before platform specific