+20030825
+ - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
+ larsch@trustcenter.de
+ - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications
+ and minor fixes. OK djm@
+ - (bal) redo how we handle 'mysignal()'. Move it to
+ openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
+ be our 'mysignal' by default. OK djm@
+ - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
+ any access to locked accounts. ok djm@
+ - (djm) Bug #564: Perform PAM account checks for all authentications when
+ UsePAM=yes; ok dtucker
+
+20030822
+ - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
+ -lbroken; ok dtucker
+ - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys
+ rather that authorized_keys2. Patch from vinschen@redhat.com.
+
+20030821
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/08/14 16:08:58
+ [ssh-keygen.c]
+ exit after primetest, ok djm@
+ - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros,
+ change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for
+ consistency.
+ - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement
+ and after normal openpty test.
+
+20030813
+ - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/08/13 08:33:02
+ [session.c]
+ use more portable tcsendbreak(3) and ignore break_length;
+ ok deraadt, millert
+ - markus@cvs.openbsd.org 2003/08/13 08:46:31
+ [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
+ ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
+ remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
+ fgsch@, miod@, henning@, jakob@ and others
+ - markus@cvs.openbsd.org 2003/08/13 09:07:10
+ [readconf.c ssh.c]
+ socks4->socks, since with support both 4 and 5; dtucker@zip.com.au
+ - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
+ Add a tcsendbreak function for platforms that don't have one, based on the
+ one from OpenBSD.
+
+20030811
+ - (dtucker) OpenBSD CVS Sync
+ (thanks to Simon Wilkinson for help with this -dt)
+ - markus@cvs.openbsd.org 2003/07/16 15:02:06
+ [auth-krb5.c]
+ mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
+ otherwise the kerberos credentinal is stored in a memory cache
+ in the privileged sshd. ok jabob@, hin@ (some time ago)
+ - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate
+ in bsd-cygwin_util.h).
+
+20030808
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and
+ AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition
+ separately before defining them.
+ - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@
+
+20030807
+ - (dtucker) [session.c] Have session_break_req not attempt to send a break
+ if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
+ - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is
+ defined (fixes compile error on really old Linuxes).
+ - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if
+ not already defined (eg Linux with some versions of libc5), based on those
+ from OpenBSD.
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
+ Remove incorrect filenames from comments (file names are in Id tags).
+ - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
+ specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
+
+20030802
+ - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/07/22 13:35:22
+ [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
+ monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
+ ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
+ remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
+ test+ok henning@
+ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
+ - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/07/23 07:42:43
+ [sshd_config]
+ remove AFS; itojun@
+ - djm@cvs.openbsd.org 2003/07/28 09:49:56
+ [ssh-keygen.1 ssh-keygen.c]
+ Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
+ Based on code from Phil Karn, William Allen Simpson and Niels Provos.
+ ok markus@, thanks jmc@
+ - markus@cvs.openbsd.org 2003/07/29 18:24:00
+ [LICENCE progressmeter.c]
+ replace 4 clause BSD licensed progressmeter code with a replacement
+ from Nils Nordman and myself; ok deraadt@
+ (copied from OpenBSD an re-applied portable changes)
+ - markus@cvs.openbsd.org 2003/07/29 18:26:46
+ [progressmeter.c]
+ fix length for "- stalled -" (included with previous import)
+ - markus@cvs.openbsd.org 2003/07/30 07:44:14
+ [progressmeter.c]
+ use only 4 digits in format_size (included with previous import)
+ - markus@cvs.openbsd.org 2003/07/30 07:53:27
+ [progressmeter.c]
+ whitespace (included with previous import)
+ - markus@cvs.openbsd.org 2003/07/31 09:21:02
+ [auth2-none.c]
+ check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za
+ ok henning
+ - avsm@cvs.openbsd.org 2003/07/31 15:50:16
+ [atomicio.c]
+ correct comment: atomicio takes vwrite, not write; deraadt@ ok
+ - markus@cvs.openbsd.org 2003/07/31 22:34:03
+ [progressmeter.c]
+ print rate similar old version; round instead truncate;
+ (included in previous progressmeter.c commit)
+ - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
+ Add a tcgetpgrp function.
+ - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
+ - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp.
+
+20030730
+ - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
+
+20030726
+ - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW ->
+ DISABLE_SHADOW. Fixes HP-UX compile error.
+
+20030724
+ - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
+ openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
+ and isolate shadow password functions. Tested in Solaris, but should
+ not break other platforms too badly (except maybe HP =). Also brings
+ auth-passwd.c into full sync with OpenBSD tree.
+
+20030723
+ - (dtucker) [configure.ac] Back out change for bug #620.
+
+20030719
+ - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for
+ Solaris/x86. Patch from jrhett at isite.net.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/07/14 12:36:37
+ [sshd.c]
+ remove undocumented -V option. would be only useful if openssh is used
+ as ssh v1 server for ssh.com's ssh v2.
+ - markus@cvs.openbsd.org 2003/07/16 10:34:53
+ [ssh.c sshd.c]
+ don't exit on multiple -v or -d; ok deraadt@
+ - markus@cvs.openbsd.org 2003/07/16 10:36:28
+ [sshtty.c]
+ clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@
+ - deraadt@cvs.openbsd.org 2003/07/18 01:54:25
+ [scp.c]
+ userid is unsigned, but well, force it anyways; andrushock@korovino.net
+ - djm@cvs.openbsd.org 2003/07/19 00:45:53
+ [sftp-int.c]
+ fix sftp filename parsing for arguments with escaped quotes. bz #517;
+ ok markus
+ - djm@cvs.openbsd.org 2003/07/19 00:46:31
+ [regress/sftp-cmds.sh]
+ regress test for sftp arguments with escaped quotes; ok markus
+
+20030714
+ - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
+ loginfailed at all, so assume 3-arg loginfailed if not declared.
+ - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
+ undef'ing it.
+ - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
+ Call setauthdb() before loginfailed(), which may load password registry-
+ specific functions. Based on patch by cawlfiel at us.ibm.com.
+ - (dtucker) [port-aix.h] Fix prototypes.
+ - (dtucker) OpenBSD CVS Sync
+ - avsm@cvs.openbsd.org 2003/07/09 13:58:19
+ [key.c]
+ minor tweak: when generating the hex fingerprint, give strlcat the full
+ bound to the buffer, and add a comment below explaining why the
+ zero-termination is one less than the bound. markus@ ok
+ - markus@cvs.openbsd.org 2003/07/10 14:42:28
+ [packet.c]
+ the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
+ blowfish, etc, so enforce a 1GB limit for small blocksizes.
+ - markus@cvs.openbsd.org 2003/07/10 20:05:55
+ [sftp.c]
+ sync usage with manpage, add missing -R
+
+20030708
+ - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
+ Include AIX headers for authentication functions and make calls match
+ prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed.
+ - (dtucker) [session.c] Check return value of setpcred().
+ - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
+ Convert aixloginmsg into platform-independant Buffer loginmsg.
+
+20030707
+ - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
+ searching libraries for it. Fixes build errors on NCR MP-RAS.
+
+20030706
+ - (dtucker) [ssh-rand-helper.c loginrec.c]
+ Apply atomicio typing change to these too.
+
+20030703
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/06/28 07:48:10
+ [sshd.c]
+ report pidfile creation errors, based on patch from Roumen Petrov;
+ ok markus@
+ - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
+ [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
+ progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
+ sshd.c]
+ deal with typing of write vs read in atomicio
+ - markus@cvs.openbsd.org 2003/06/29 12:44:38
+ [sshconnect.c]
+ memset 0, not \0; andrushock@korovino.net
+ - markus@cvs.openbsd.org 2003/07/02 12:56:34
+ [channels.c]
+ deny dynamic forwarding with -R for v1, too; ok djm@
+ - markus@cvs.openbsd.org 2003/07/02 14:51:16
+ [channels.c ssh.1 ssh_config.5]
+ (re)add socks5 suppport to -D; ok djm@
+ now ssh(1) can act both as a socks 4 and socks 5 server and
+ dynamically forward ports.
+ - markus@cvs.openbsd.org 2003/07/02 20:37:48
+ [ssh.c]
+ convert hostkeyalias to lowercase, otherwise uppercase aliases will
+ not match at all; ok henning@
+ - markus@cvs.openbsd.org 2003/07/03 08:21:46
+ [regress/dynamic-forward.sh]
+ add socks5; speedup; reformat; based on patch from dtucker@zip.com.au
+ - markus@cvs.openbsd.org 2003/07/03 08:24:13
+ [regress/Makefile]
+ enable tests for dynamic fwd via socks (-D), uses nc(1)
+ - djm@cvs.openbsd.org 2003/07/03 08:09:06
+ [readconf.c readconf.h ssh-keysign.c ssh.c]
+ fix AddressFamily option in config file, from brent@graveland.net;
+ ok markus@
+
+20030630
+ - (djm) Search for support functions necessary to build our
+ getrrsetbyname() replacement. Patch from Roumen Petrov
+
+20030629
+ - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h
+ (fixes compiler warnings on Solaris 2.5.1).
+ - (dtucker) [configure.ac] Add sanity test after system-dependant compiler
+ flag modifications.
+
20030628
+ - (djm) Bug #591: use PKCS#15 private key label as a comment in case
+ of OpenSC. Report and patch from larsch@trustcenter.de
+ - (djm) Bug #593: Sanity check OpenSC card reader number; patch from
+ aj@dungeon.inka.de
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/23 09:02:44
[ssh_config.5]
- markus@cvs.openbsd.org 2003/06/26 20:08:33
[readconf.c]
do not dump core for 'ssh -o proxycommand host'; ok deraadt@
+ - (dtucker) [regress/dynamic-forward.sh] Import new regression test.
+ - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE
+ actually enable the feature, for those normally disabled. Patch by
+ openssh (at) roumenpetrov.info.
20030624
- (dtucker) Have configure refer the user to config.log and