+20060710
+ - (dtucker) [INSTALL] New autoconf version: 2.60.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/06/14 10:50:42
+ [sshconnect.c]
+ limit the number of pre-banner characters we will accept; ok markus@
+ - djm@cvs.openbsd.org 2006/06/26 10:36:15
+ [clientloop.c]
+ mention optional bind_address in runtime port forwarding setup
+ command-line help. patch from santhi.amirta AT gmail.com
+ - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
+ [ssh.1 ssh.c ssh_config.5 sshd_config.5]
+ more details and clarity for tun(4) device forwarding; ok and help
+ jmc@
+ - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
+ [gss-serv-krb5.c gss-serv.c]
+ no "servconf.h" needed here
+ (gss-serv-krb5.c change not applied, portable needs the server options)
+ - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
+ [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
+ move #include <grp.h> out of includes.h
+ (portable needed uidswap.c too)
+ - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
+ [clientloop.c ssh.1]
+ use -KR[bind_address:]port here; ok djm@
+ - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
+ [includes.h ssh.c sshconnect.c sshd.c]
+ move #include "version.h" out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
+ [channels.c includes.h]
+ move #include <arpa/inet.h> out of includes.h; old ok djm@
+ (portable needed session.c too)
+ - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
+ [canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
+ [serverloop.c sshconnect.c uuencode.c]
+ move #include <netinet/in.h> out of includes.h; ok deraadt@
+ (also ssh-rand-helper.c logintest.c loginrec.c)
+ - djm@cvs.openbsd.org 2006/07/06 10:47:05
+ [servconf.c servconf.h session.c sshd_config.5]
+ support arguments to Subsystem commands; ok markus@
+ - djm@cvs.openbsd.org 2006/07/06 10:47:57
+ [sftp-server.8 sftp-server.c]
+ add commandline options to enable logging of transactions; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
+ [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
+ [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
+ [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
+ [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
+ [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
+ [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
+ [uidswap.h]
+ move #include <pwd.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
+ [ssh-keygen.c]
+ move #include "dns.h" up
+ - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
+ [monitor_wrap.h]
+ typo in comment
+ - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
+ [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
+ [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
+ [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
+ move #include <sys/socket.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
+ [monitor.c session.c]
+ missed these from last commit:
+ move #include <sys/socket.h> out of includes.h
+ - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
+ [log.c]
+ move user includes after /usr/include files
+ - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
+ [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
+ [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
+ [sshlogin.c sshpty.c]
+ move #include <fcntl.h> out of includes.h
+
+20060706
+ - (dtucker) [configure.ac] Try AIX blibpath test in different order when
+ compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
+ configure would not select the correct libpath linker flags.
+ - (dtucker) [INSTALL] A bit more info on autoconf.
+
+20060705
+ - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
+ target already exists.
+
+20060630
+ - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
+ declaration too. Patch from russ at sludge.net.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
+ prevents warnings on platforms where _res is in the system headers.
+ - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
+ version.
+
+20060627
+ - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
+ with autoconf 2.60. Patch from vapier at gentoo.org.
+
+20060625
+ - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
+ only, otherwise sshd can hang exiting non-interactive sessions.
+
+20060624
+ - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
+ Works around limitation in Solaris' passwd program for changing passwords
+ where the username is longer than 8 characters. ok djm@
+ - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
+ #1102 workaround.
+
+20060623
+ - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
+ tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
+ from reyk@, tested by anil@
+ - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
+ 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
+ on the pty slave as zero-length reads on the pty master, which sshd
+ interprets as the descriptor closing. Since most things don't do zero
+ length writes this rarely matters, but occasionally it happens, and when
+ it does the SSH pty session appears to hang, so we add a special case for
+ this condition. ok djm@
+
+20060613
+ - (djm) [getput.h] This file has been replaced by functions in misc.c
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/05/08 10:49:48
+ [sshconnect2.c]
+ uint32_t -> u_int32_t (which we use everywhere else)
+ (Id sync only - portable already had this)
+ - markus@cvs.openbsd.org 2006/05/16 09:00:00
+ [clientloop.c]
+ missing free; from Kylene Hall
+ - markus@cvs.openbsd.org 2006/05/17 12:43:34
+ [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+ fix leak; coverity via Kylene Jo Hall
+ - miod@cvs.openbsd.org 2006/05/18 21:27:25
+ [kexdhc.c kexgexc.c]
+ paramter -> parameter
+ - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
+ [ssh_config.5]
+ Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
+ - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
+ [ssh_config]
+ Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in
+ sample ssh_config. ok markus@
+ - jmc@cvs.openbsd.org 2006/05/29 16:10:03
+ [ssh_config.5]
+ oops - previous was too long; split the list of auths up
+ - mk@cvs.openbsd.org 2006/05/30 11:46:38
+ [ssh-add.c]
+ Sync usage() with man page and reality.
+ ok deraadt dtucker
+ - jmc@cvs.openbsd.org 2006/05/29 16:13:23
+ [ssh.1]
+ add GSSAPI to the list of authentication methods supported;
+ - mk@cvs.openbsd.org 2006/05/30 11:46:38
+ [ssh-add.c]
+ Sync usage() with man page and reality.
+ ok deraadt dtucker
+ - markus@cvs.openbsd.org 2006/06/01 09:21:48
+ [sshd.c]
+ call get_remote_ipaddr() early; fixes logging after client disconnects;
+ report mpf@; ok dtucker@
+ - markus@cvs.openbsd.org 2006/06/06 10:20:20
+ [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
+ replace remaining setuid() calls with permanently_set_uid() and
+ check seteuid() return values; report Marcus Meissner; ok dtucker djm
+ - markus@cvs.openbsd.org 2006/06/08 14:45:49
+ [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
+ do not set the gid, noted by solar; ok djm
+ - djm@cvs.openbsd.org 2006/06/13 01:18:36
+ [ssh-agent.c]
+ always use a format string, even when printing a constant
+ - djm@cvs.openbsd.org 2006/06/13 02:17:07
+ [ssh-agent.c]
+ revert; i am on drugs. spotted by alexander AT beard.se
+
+20060521
+ - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
+ and slave, we can remove the special-case handling in the audit hook in
+ auth_log.
+
+20060517
+ - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
+ pointer leak. From kjhall at us.ibm.com, found by coverity.
+
+20060515
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
+ _res, prevents problems on some platforms that have _res as a global but
+ don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
+ georg.schwarz at freenet.de, ok djm@.
+ - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
+ default. Patch originally from tim@, ok djm
+ - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
+ do not allow kbdint again after the PAM account check fails. ok djm@
+
+20060506
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
+ [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
+ Prevent ssh from trying to open private keys with bad permissions more than
+ once or prompting for their passphrases (which it subsequently ignores
+ anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
+ - djm@cvs.openbsd.org 2006/05/04 14:55:23
+ [dh.c]
+ tighter DH exponent checks here too; feedback and ok markus@
+ - djm@cvs.openbsd.org 2006/04/01 05:37:46
+ [OVERVIEW]
+ $OpenBSD$ in here too
+ - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
+ [auth-krb5.c]
+ Add $OpenBSD$ in comment here too
+
+20060504
+ - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
+ session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
+ openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
+ in Portable-only code; since calloc zeros, remove now-redundant memsets.
+ Also add a couple of sanity checks. With & ok djm@
+
+20060503
+ - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
+ and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
+ "no objections" tim@
+
+20060423
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
+ [scp.c]
+ minimal lint cleanup (unused crud, and some size_t); ok djm
+ - djm@cvs.openbsd.org 2006/04/01 05:50:29
+ [scp.c]
+ xasprintification; ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/01 05:51:34
+ [atomicio.c]
+ ANSIfy; requested deraadt@
+ - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
+ [ssh-keysign.c]
+ sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
+ - djm@cvs.openbsd.org 2006/04/03 07:10:38
+ [gss-genr.c]
+ GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
+ by dleonard AT vintela.com. use xasprintf() to simplify code while in
+ there; "looks right" deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:48:52
+ [buffer.c buffer.h channels.c]
+ Fix condition where we could exit with a fatal error when an input
+ buffer became too large and the remote end had advertised a big window.
+ The problem was a mismatch in the backoff math between the channels code
+ and the buffer code, so make a buffer_check_alloc() function that the
+ channels code can use to propsectivly check whether an incremental
+ allocation will succeed. bz #1131, debugged with the assistance of
+ cove AT wildpackets.com; ok dtucker@ deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:52:55
+ [atomicio.c atomicio.h]
+ introduce atomiciov() function that wraps readv/writev to retry
+ interrupted transfers like atomicio() does for read/write;
+ feedback deraadt@ dtucker@ stevesk@ ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:54:10
+ [sftp-client.c]
+ avoid making a tiny 4-byte write to send the packet length of sftp
+ commands, which would result in a separate tiny packet on the wire by
+ using atomiciov(writev, ...) to write the length and the command in one
+ pass; ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 07:59:00
+ [atomicio.c]
+ reorder sanity test so that it cannot dereference past the end of the
+ iov array; well spotted canacar@!
+ - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
+ [bufaux.c bufbn.c Makefile.in]
+ Move Buffer bignum functions into their own file, bufbn.c. This means
+ that sftp and sftp-server (which use the Buffer functions in bufaux.c
+ but not the bignum ones) no longer need to be linked with libcrypto.
+ ok markus@
+ - djm@cvs.openbsd.org 2006/04/20 09:27:09
+ [auth.h clientloop.c dispatch.c dispatch.h kex.h]
+ replace the last non-sig_atomic_t flag used in a signal handler with a
+ sig_atomic_t, unfortunately with some knock-on effects in other (non-
+ signal) contexts in which it is used; ok markus@
+ - markus@cvs.openbsd.org 2006/04/20 09:47:59
+ [sshconnect.c]
+ simplify; ok djm@
+ - djm@cvs.openbsd.org 2006/04/20 21:53:44
+ [includes.h session.c sftp.c]
+ Switch from using pipes to socketpairs for communication between
+ sftp/scp and ssh, and between sshd and its subprocesses. This saves
+ a file descriptor per session and apparently makes userland ppp over
+ ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
+ decision on a per-platform basis)
+ - djm@cvs.openbsd.org 2006/04/22 04:06:51
+ [uidswap.c]
+ use setres[ug]id() to permanently revoke privileges; ok deraadt@
+ (ID Sync only - portable already uses setres[ug]id() whenever possible)
+ - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
+ [crc32.c]
+ remove extra spaces
+ - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
+ sig_atomic_t
+
+20060421
+ - (djm) [Makefile.in configure.ac session.c sshpty.c]
+ [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
+ [openbsd-compat/port-linux.h] Add support for SELinux, setting
+ the execution and TTY contexts. based on patch from Daniel Walsh,
+ bz #880; ok dtucker@
+
+20060418
+ - (djm) [canohost.c] Reorder IP options check so that it isn't broken
+ by mapped addresses; bz #1179 reported by markw wtech-llc.com;
+ ok dtucker@
+
+20060331
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
+ [xmalloc.c]
+ we can do the size & nmemb check before the integer overflow check;
+ evol
+ - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+ [dh.c]
+ use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
+ - djm@cvs.openbsd.org 2006/03/27 23:15:46
+ [sftp.c]
+ always use a format string for addargs; spotted by mouring@
+ - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
+ [README.tun ssh.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
+ [channels.c]
+ do not accept unreasonable X ports numbers; ok djm
+ - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
+ [ssh-agent.c]
+ use strtonum() to parse the pid from the file, and range check it
+ better; ok djm
+ - djm@cvs.openbsd.org 2006/03/30 09:41:25
+ [channels.c]
+ ARGSUSED for dispatch table-driven functions
+ - djm@cvs.openbsd.org 2006/03/30 09:58:16
+ [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
+ [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
+ replace {GET,PUT}_XXBIT macros with functionally similar functions,
+ silencing a heap of lint warnings. also allows them to use
+ __bounded__ checking which can't be applied to macros; requested
+ by and feedback from deraadt@
+ - djm@cvs.openbsd.org 2006/03/30 10:41:25
+ [ssh.c ssh_config.5]
+ add percent escape chars to the IdentityFile option, bz #1159 based
+ on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
+ - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
+ [ssh-keygen.c]
+ Correctly handle truncated files while converting keys; ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
+ [auth.c monitor.c]
+ Prevent duplicate log messages when privsep=yes; ok djm@
+ - jmc@cvs.openbsd.org 2006/03/31 09:09:30
+ [ssh_config.5]
+ kill trailing whitespace;
+ - djm@cvs.openbsd.org 2006/03/31 09:13:56
+ [ssh_config.5]
+ remote user escape is %r not %h; spotted by jmc@
+
+20060326
+ - OpenBSD CVS Sync
+ - jakob@cvs.openbsd.org 2006/03/15 08:46:44
+ [ssh-keygen.c]
+ if no key file are given when printing the DNS host record, use the
+ host key file(s) as default. ok djm@
+ - biorn@cvs.openbsd.org 2006/03/16 10:31:45
+ [scp.c]
+ Try to display errormessage even if remout == -1
+ ok djm@, markus@
+ - djm@cvs.openbsd.org 2006/03/17 22:31:50
+ [authfd.c]
+ another unreachable found by lint
+ - djm@cvs.openbsd.org 2006/03/17 22:31:11
+ [authfd.c]
+ unreachanble statement, found by lint
+ - djm@cvs.openbsd.org 2006/03/19 02:22:32
+ [serverloop.c]
+ memory leaks detected by Coverity via elad AT netbsd.org;
+ ok deraadt@ dtucker@
+ - djm@cvs.openbsd.org 2006/03/19 02:22:56
+ [sftp.c]
+ more memory leaks detected by Coverity via elad AT netbsd.org;
+ deraadt@ ok
+ - djm@cvs.openbsd.org 2006/03/19 02:23:26
+ [hostfile.c]
+ FILE* leak detected by Coverity via elad AT netbsd.org;
+ ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/19 02:24:05
+ [dh.c readconf.c servconf.c]
+ potential NULL pointer dereferences detected by Coverity
+ via elad AT netbsd.org; ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/19 07:41:30
+ [sshconnect2.c]
+ memory leaks detected by Coverity via elad AT netbsd.org;
+ deraadt@ ok
+ - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
+ [servconf.c]
+ Correct strdelim null test; ok djm@
+ - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
+ [auth1.c authfd.c channels.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
+ [kex.c kex.h monitor.c myproposal.h session.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
+ [clientloop.c progressmeter.c serverloop.c sshd.c]
+ ARGSUSED for signal handlers
+ - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
+ [ssh-keyscan.c]
+ please lint
+ - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
+ [ssh.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
+ [authfile.c]
+ whoever thought that break after return was a good idea needs to
+ get their head examimed
+ - djm@cvs.openbsd.org 2006/03/20 04:09:44
+ [monitor.c]
+ memory leaks detected by Coverity via elad AT netbsd.org;
+ deraadt@ ok
+ that should be all of them now
+ - djm@cvs.openbsd.org 2006/03/20 11:38:46
+ [key.c]
+ (really) last of the Coverity diffs: avoid possible NULL deref in
+ key_free. via elad AT netbsd.org; markus@ ok
+ - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
+ [auth.c key.c misc.c packet.c ssh-add.c]
+ in a switch (), break after return or goto is stupid
+ - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
+ [key.c]
+ djm did a typo
+ - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
+ [ssh-rsa.c]
+ in a switch (), break after return or goto is stupid
+ - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
+ [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
+ [ssh.c sshpty.c sshpty.h]
+ sprinkle u_int throughout pty subsystem, ok markus
+ - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
+ [auth1.c auth2.c sshd.c]
+ sprinkle some ARGSUSED for table driven functions (which sometimes
+ must ignore their args)
+ - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
+ [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
+ [ssh-rsa.c ssh.c sshlogin.c]
+ annoying spacing fixes getting in the way of real diffs
+ - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
+ [monitor.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
+ [channels.c]
+ x11_fake_data is only ever used as u_char *
+ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
+ [dns.c]
+ cast xstrdup to propert u_char *
+ - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
+ [canohost.c match.c ssh.c sshconnect.c]
+ be strict with tolower() casting
+ - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
+ [channels.c fatal.c kex.c packet.c serverloop.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
+ [ttymodes.c]
+ spacing
+ - djm@cvs.openbsd.org 2006/03/25 00:05:41
+ [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
+ [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
+ [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
+ [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
+ [xmalloc.c xmalloc.h]
+ introduce xcalloc() and xasprintf() failure-checked allocations
+ functions and use them throughout openssh
+
+ xcalloc is particularly important because malloc(nmemb * size) is a
+ dangerous idiom (subject to integer overflow) and it is time for it
+ to die
+
+ feedback and ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/25 01:13:23
+ [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
+ [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
+ [uidswap.c]
+ change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
+ to xrealloc(p, new_nmemb, new_itemsize).
+
+ realloc is particularly prone to integer overflows because it is
+ almost always allocating "n * size" bytes, so this is a far safer
+ API; ok deraadt@
+ - djm@cvs.openbsd.org 2006/03/25 01:30:23
+ [sftp.c]
+ "abormally" is a perfectly cromulent word, but "abnormally" is better
+ - djm@cvs.openbsd.org 2006/03/25 13:17:03
+ [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
+ [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
+ [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
+ [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
+ [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
+ [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
+ [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
+ [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
+ [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
+ [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
+ [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
+ [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
+ [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
+ [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
+ [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
+ [uidswap.c uuencode.c xmalloc.c]
+ Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
+ Theo nuked - our scripts to sync -portable need them in the files
+ - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
+ [auth-rsa.c authfd.c packet.c]
+ needed casts (always will be needed)
+ - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
+ [clientloop.c serverloop.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
+ [sshlogin.c sshlogin.h]
+ nicer size_t and time_t types
+ - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
+ [ssh-keygen.c]
+ cast strtonum() result to right type
+ - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
+ [ssh-agent.c]
+ mark two more signal handlers ARGSUSED
+ - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
+ [channels.c]
+ use strtonum() instead of atoi() [limit X screens to 400, sorry]
+ - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
+ [bufaux.c channels.c packet.c]
+ remove (char *) casts to a function that accepts void * for the arg
+ - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
+ [channels.c]
+ delete cast not required
+ - djm@cvs.openbsd.org 2006/03/25 22:22:43
+ [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
+ [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
+ [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
+ [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
+ [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
+ [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
+ [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
+ [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
+ [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
+ [ttymodes.h uidswap.h uuencode.h xmalloc.h]
+ standardise spacing in $OpenBSD$ tags; requested by deraadt@
+ - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
+ [uuencode.c]
+ typo
+
+20060325
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/03/16 04:24:42
+ [ssh.1]
+ Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
+ that OpenSSH supports
+ - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
+ [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
+ [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
+ [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
+ [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
+ [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
+ [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
+ [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
+ [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
+ [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
+ [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
+ [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
+ [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
+ [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
+ [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
+ [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
+ [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
+ [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
+ [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
+ [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
+ [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
+ [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
+ [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
+ [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
+ RCSID() can die
+ - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
+ [kex.h myproposal.h]
+ spacing
+ - djm@cvs.openbsd.org 2006/03/20 04:07:22
+ [auth2-gss.c]
+ GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
+ reviewed by simon AT sxw.org.uk; deraadt@ ok
+ - djm@cvs.openbsd.org 2006/03/20 04:07:49
+ [gss-genr.c]
+ more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
+ reviewed by simon AT sxw.org.uk; deraadt@ ok
+ - djm@cvs.openbsd.org 2006/03/20 04:08:18
+ [gss-serv.c]
+ last lot of GSSAPI related leaks detected by Coverity via
+ elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
+ - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
+ [monitor_wrap.h sshpty.h]
+ sprinkle u_int throughout pty subsystem, ok markus
+ - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
+ [session.h]
+ annoying spacing fixes getting in the way of real diffs
+ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
+ [dns.c]
+ cast xstrdup to propert u_char *
+ - jakob@cvs.openbsd.org 2006/03/22 21:16:24
+ [ssh.1]
+ simplify SSHFP example; ok jmc@
+ - djm@cvs.openbsd.org 2006/03/22 21:27:15
+ [deattack.c deattack.h]
+ remove IV support from the CRC attack detector, OpenSSH has never used
+ it - it only applied to IDEA-CFB, which we don't support.
+ prompted by NetBSD Coverity report via elad AT netbsd.org;
+ feedback markus@ "nuke it" deraadt@
+
+20060318
+ - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
+ elad AT NetBSD.org
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
+ a LLONG rather than a long. Fixes scp'ing of large files on platforms
+ with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
+
+20060316
+ - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
+ - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
+ /usr/include/crypto. Hint from djm@.
+ - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
+ Disable sha256 when openssl < 0.9.7. Patch from djm@.
+ - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
+ OpenSSL; ok tim
+
20060315
- (djm) OpenBSD CVS Sync:
- msf@cvs.openbsd.org 2006/02/06 15:54:07
system sha2.h
- (djm) [ssh-rand-helper.c] Needs a bunch of headers
- (djm) [ssh-agent.c] Restore dropped stat.h
+ - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
+ SHA384, which we don't need and doesn't compile without tweaks
+ - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
+ [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
+ [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
+ [openbsd-compat/glob.c openbsd-compat/mktemp.c]
+ [openbsd-compat/readpassphrase.c] Lots of include fixes for
+ OpenSolaris
+ - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
+ - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
+ includes removed from includes.h
+ - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
+ - (djm) [includes.h] Put back paths.h, it is needed in defines.h
+ - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
+ sys/ioctl.h for struct winsize.
+ - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
20060313
- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)