+20060613
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2006/05/08 10:49:48
+ [sshconnect2.c]
+ uint32_t -> u_int32_t (which we use everywhere else)
+ (Id sync only - portable already had this)
+ - markus@cvs.openbsd.org 2006/05/16 09:00:00
+ [clientloop.c]
+ missing free; from Kylene Hall
+ - markus@cvs.openbsd.org 2006/05/17 12:43:34
+ [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+ fix leak; coverity via Kylene Jo Hall
+ - miod@cvs.openbsd.org 2006/05/18 21:27:25
+ [kexdhc.c kexgexc.c]
+ paramter -> parameter
+ - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
+ [ssh_config.5]
+ Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
+ - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
+ [ssh_config]
+ Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
+ ssh_config. ok markus@
+
+20060521
+ - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
+ and slave, we can remove the special-case handling in the audit hook in
+ auth_log.
+
+20060517
+ - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
+ pointer leak. From kjhall at us.ibm.com, found by coverity.
+
+20060515
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
+ _res, prevents problems on some platforms that have _res as a global but
+ don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
+ georg.schwarz at freenet.de, ok djm@.
+ - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
+ default. Patch originally from tim@, ok djm
+ - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
+ do not allow kbdint again after the PAM account check fails. ok djm@
+
+20060506
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
+ [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
+ Prevent ssh from trying to open private keys with bad permissions more than
+ once or prompting for their passphrases (which it subsequently ignores
+ anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
+ - djm@cvs.openbsd.org 2006/05/04 14:55:23
+ [dh.c]
+ tighter DH exponent checks here too; feedback and ok markus@
+ - djm@cvs.openbsd.org 2006/04/01 05:37:46
+ [OVERVIEW]
+ $OpenBSD$ in here too
+ - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
+ [auth-krb5.c]
+ Add $OpenBSD$ in comment here too
+
+20060504
+ - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
+ session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
+ openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
+ in Portable-only code; since calloc zeros, remove now-redundant memsets.
+ Also add a couple of sanity checks. With & ok djm@
+
+20060503
+ - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
+ and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
+ "no objections" tim@
+
+20060423
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
+ [scp.c]
+ minimal lint cleanup (unused crud, and some size_t); ok djm
+ - djm@cvs.openbsd.org 2006/04/01 05:50:29
+ [scp.c]
+ xasprintification; ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/01 05:51:34
+ [atomicio.c]
+ ANSIfy; requested deraadt@
+ - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
+ [ssh-keysign.c]
+ sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
+ - djm@cvs.openbsd.org 2006/04/03 07:10:38
+ [gss-genr.c]
+ GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
+ by dleonard AT vintela.com. use xasprintf() to simplify code while in
+ there; "looks right" deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:48:52
+ [buffer.c buffer.h channels.c]
+ Fix condition where we could exit with a fatal error when an input
+ buffer became too large and the remote end had advertised a big window.
+ The problem was a mismatch in the backoff math between the channels code
+ and the buffer code, so make a buffer_check_alloc() function that the
+ channels code can use to propsectivly check whether an incremental
+ allocation will succeed. bz #1131, debugged with the assistance of
+ cove AT wildpackets.com; ok dtucker@ deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:52:55
+ [atomicio.c atomicio.h]
+ introduce atomiciov() function that wraps readv/writev to retry
+ interrupted transfers like atomicio() does for read/write;
+ feedback deraadt@ dtucker@ stevesk@ ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 00:54:10
+ [sftp-client.c]
+ avoid making a tiny 4-byte write to send the packet length of sftp
+ commands, which would result in a separate tiny packet on the wire by
+ using atomiciov(writev, ...) to write the length and the command in one
+ pass; ok deraadt@
+ - djm@cvs.openbsd.org 2006/04/16 07:59:00
+ [atomicio.c]
+ reorder sanity test so that it cannot dereference past the end of the
+ iov array; well spotted canacar@!
+ - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
+ [bufaux.c bufbn.c Makefile.in]
+ Move Buffer bignum functions into their own file, bufbn.c. This means
+ that sftp and sftp-server (which use the Buffer functions in bufaux.c
+ but not the bignum ones) no longer need to be linked with libcrypto.
+ ok markus@
+ - djm@cvs.openbsd.org 2006/04/20 09:27:09
+ [auth.h clientloop.c dispatch.c dispatch.h kex.h]
+ replace the last non-sig_atomic_t flag used in a signal handler with a
+ sig_atomic_t, unfortunately with some knock-on effects in other (non-
+ signal) contexts in which it is used; ok markus@
+ - markus@cvs.openbsd.org 2006/04/20 09:47:59
+ [sshconnect.c]
+ simplify; ok djm@
+ - djm@cvs.openbsd.org 2006/04/20 21:53:44
+ [includes.h session.c sftp.c]
+ Switch from using pipes to socketpairs for communication between
+ sftp/scp and ssh, and between sshd and its subprocesses. This saves
+ a file descriptor per session and apparently makes userland ppp over
+ ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
+ decision on a per-platform basis)
+ - djm@cvs.openbsd.org 2006/04/22 04:06:51
+ [uidswap.c]
+ use setres[ug]id() to permanently revoke privileges; ok deraadt@
+ (ID Sync only - portable already uses setres[ug]id() whenever possible)
+ - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
+ [crc32.c]
+ remove extra spaces
+ - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
+ sig_atomic_t
+
+20060421
+ - (djm) [Makefile.in configure.ac session.c sshpty.c]
+ [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
+ [openbsd-compat/port-linux.h] Add support for SELinux, setting
+ the execution and TTY contexts. based on patch from Daniel Walsh,
+ bz #880; ok dtucker@
+
+20060418
+ - (djm) [canohost.c] Reorder IP options check so that it isn't broken
+ by mapped addresses; bz #1179 reported by markw wtech-llc.com;
+ ok dtucker@
+
+20060331
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
+ [xmalloc.c]
+ we can do the size & nmemb check before the integer overflow check;
+ evol
+ - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+ [dh.c]
+ use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
+ - djm@cvs.openbsd.org 2006/03/27 23:15:46
+ [sftp.c]
+ always use a format string for addargs; spotted by mouring@
+ - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
+ [README.tun ssh.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
+ [channels.c]
+ do not accept unreasonable X ports numbers; ok djm
+ - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
+ [ssh-agent.c]
+ use strtonum() to parse the pid from the file, and range check it
+ better; ok djm
+ - djm@cvs.openbsd.org 2006/03/30 09:41:25
+ [channels.c]
+ ARGSUSED for dispatch table-driven functions
+ - djm@cvs.openbsd.org 2006/03/30 09:58:16
+ [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
+ [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
+ replace {GET,PUT}_XXBIT macros with functionally similar functions,
+ silencing a heap of lint warnings. also allows them to use
+ __bounded__ checking which can't be applied to macros; requested
+ by and feedback from deraadt@
+ - djm@cvs.openbsd.org 2006/03/30 10:41:25
+ [ssh.c ssh_config.5]
+ add percent escape chars to the IdentityFile option, bz #1159 based
+ on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
+ - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
+ [ssh-keygen.c]
+ Correctly handle truncated files while converting keys; ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
+ [auth.c monitor.c]
+ Prevent duplicate log messages when privsep=yes; ok djm@
+ - jmc@cvs.openbsd.org 2006/03/31 09:09:30
+ [ssh_config.5]
+ kill trailing whitespace;
+ - djm@cvs.openbsd.org 2006/03/31 09:13:56
+ [ssh_config.5]
+ remote user escape is %r not %h; spotted by jmc@
+
20060326
- OpenBSD CVS Sync
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
[ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
[ttymodes.h uidswap.h uuencode.h xmalloc.h]
standardise spacing in $OpenBSD$ tags; requested by deraadt@
+ - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
+ [uuencode.c]
+ typo
20060325
- OpenBSD CVS Sync