+20020903
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/08/12 10:46:35
+ [ssh-agent.c]
+ make ssh-agent setgid, disallow ptrace.
+ - espie@cvs.openbsd.org 2002/08/21 11:20:59
+ [sshd.8]
+ `RSA' updated to refer to `public key', where it matters.
+ okay markus@
+
+20020820
+ - OpenBSD CVS Sync
+ - millert@cvs.openbsd.org 2002/08/02 14:43:15
+ [monitor.c monitor_mm.c]
+ Change mm_zalloc() sanity checks to be more in line with what
+ we do in calloc() and add a check to monitor_mm.c.
+ OK provos@ and markus@
+ - marc@cvs.openbsd.org 2002/08/02 16:00:07
+ [ssh.1 sshd.8]
+ note that .ssh/environment is only read when
+ allowed (PermitUserEnvironment in sshd_config).
+ OK markus@
+ - markus@cvs.openbsd.org 2002/08/02 21:23:41
+ [ssh-rsa.c]
+ diff is u_int (2x); ok deraadt/provos
+ - markus@cvs.openbsd.org 2002/08/02 22:20:30
+ [ssh-rsa.c]
+ replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
+ for authentication; ok deraadt/djm
+ - aaron@cvs.openbsd.org 2002/08/08 13:50:23
+ [sshconnect1.c]
+ Use & to test if bits are set, not &&; markus@ ok.
+ - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
+ [auth.c]
+ typo in comment
+ - stevesk@cvs.openbsd.org 2002/08/09 17:21:42
+ [sshd_config.5]
+ use Op for mdoc conformance; from esr@golux.thyrsus.com
+ ok aaron@
+ - stevesk@cvs.openbsd.org 2002/08/09 17:41:12
+ [sshd_config.5]
+ proxy vs. fake display
+ - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
+ [ssh.1 sshd.8 sshd_config.5]
+ more PermitUserEnvironment; ok markus@
+ - stevesk@cvs.openbsd.org 2002/08/17 23:07:14
+ [ssh.1]
+ ForwardAgent has defaulted to no for over 2 years; be more clear here.
+ - stevesk@cvs.openbsd.org 2002/08/17 23:55:01
+ [ssh_config.5]
+ ordered list here
+ - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign
+ it to ULONG_MAX.
+
+20020813
+ - (tim) [configure.ac] Display OpenSSL header/library version.
+ Patch by dtucker@zip.com.au
+
+20020731
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/07/24 16:11:18
+ [hostfile.c hostfile.h sshconnect.c]
+ print out all known keys for a host if we get a unknown host key,
+ see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
+
+ the ssharp mitm tool attacks users in a similar way, so i'd like to
+ pointed out again:
+ A MITM attack is always possible if the ssh client prints:
+ The authenticity of host 'bla' can't be established.
+ (protocol version 2 with pubkey authentication allows you to detect
+ MITM attacks)
+ - mouring@cvs.openbsd.org 2002/07/25 01:16:59
+ [sftp.c]
+ FallBackToRsh does not exist anywhere else. Remove it from here.
+ OK deraadt.
+ - markus@cvs.openbsd.org 2002/07/29 18:57:30
+ [sshconnect.c]
+ print file:line
+ - markus@cvs.openbsd.org 2002/07/30 17:03:55
+ [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
+ add PermitUserEnvironment (off by default!); from dot@dotat.at;
+ ok provos, deraadt
+
+20020730
+ - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
+
+20020728
+ - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
+ - (stevesk) [CREDITS] solar
+ - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
+ char arg.
+
+20020725
+ - (djm) Remove some cruft from INSTALL
+ - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/
+
+20020723
+ - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
+ - (bal) sync ID w/ ssh-agent.c
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2002/07/19 15:43:33
+ [log.c log.h session.c sshd.c]
+ remove fatal cleanups after fork; based on discussions with and code
+ from solar.
+ - stevesk@cvs.openbsd.org 2002/07/19 17:42:40
+ [ssh.c]
+ display a warning from ssh when XAuthLocation does not exist or xauth
+ returned no authentication data. ok markus@
+ - stevesk@cvs.openbsd.org 2002/07/21 18:32:20
+ [auth-options.c]
+ unneeded includes
+ - stevesk@cvs.openbsd.org 2002/07/21 18:34:43
+ [auth-options.h]
+ remove invalid comment
+ - markus@cvs.openbsd.org 2002/07/22 11:03:06
+ [session.c]
+ fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
+ - stevesk@cvs.openbsd.org 2002/07/22 17:32:56
+ [monitor.c]
+ u_int here; ok provos@
+ - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
+ [sshd.c]
+ utmp_len is unsigned; display error consistent with other options.
+ ok markus@
+ - stevesk@cvs.openbsd.org 2002/07/15 17:15:31
+ [uidswap.c]
+ little more debugging; ok markus@
+
+20020722
+ - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk
+ - (stevesk) [xmmap.c] missing prototype for fatal()
+ - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
+ with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com.
+ - (bal) [configure.ac] Missing ;; from cray patch.
+ - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
+ into it's own header.
+ - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
+ freed by the caller; add free_pam_environment() and use it.
+ - (stevesk) [auth-pam.c] typo in comment
+
+20020721
+ - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
+ openssh-3.4p1-owl-password-changing.diff
+ - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
+ PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
+ - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
+ warning on pam_conv struct conversation function.
+ - (stevesk) [auth-pam.h] license
+ - (stevesk) [auth-pam.h] unneeded include
+ - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h
+
+20020720
+ - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().
+
+20020719
+ - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed.
+ Patch by dtucker@zip.com.au
+ - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au
+
+20020718
+ - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org
+ - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
+ by ayamura@ayamura.org
+ - (tim) [configure.ac] Bug 267 rework int64_t test.
+ - (tim) [includes.h] Bug 267 add stdint.h
+
+20020717
+ - (bal) aixbff package updated by dtucker@zip.com.au
+ - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests
+ for autoconf 2.53. Based on a patch by jrj@purdue.edu
+
+20020716
+ - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found
+
+20020715
+ - (bal) OpenBSD CVS Sync
+ - itojun@cvs.openbsd.org 2002/07/12 13:29:09
+ [sshconnect.c]
+ print connect failure during debugging mode.
+ - markus@cvs.openbsd.org 2002/07/12 15:50:17
+ [cipher.c]
+ EVP_CIPH_CUSTOM_IV for our own rijndael
+ - (bal) Remove unused tty defined in do_setusercontext() pointed out by
+ dtucker@zip.com.au plus a a more KNF since I am near it.
+ - (bal) Privsep user creation support in Solaris buildpkg.sh by
+ dtucker@zip.com.au
+
+20020714
+ - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
+ - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
+ openbsd-compat/Makefile.in] support compression on platforms that
+ have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
+ Based on patch from nalin@redhat.com of code extracted from Owl's package
+ - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
+ report by chris@by-design.net
+ - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net
+ - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
+ report by rodney@bond.net
+
+20020712
+ - (tim) [Makefile.in] quiet down install-files: and check-user:
+ - (tim) [configure.ac] remove unused filepriv line
+
+20020710
+ - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
+ on /var/empty to 755 Patch by vinschen@redhat.com
+ - (bal) OpenBSD CVS Sync
+ - itojun@cvs.openbsd.org 2002/07/09 11:56:50
+ [sshconnect.c]
+ silently try next address on connect(2). markus ok
+ - itojun@cvs.openbsd.org 2002/07/09 11:56:27
+ [canohost.c]
+ suppress log on reverse lookup failiure, as there's no real value in
+ doing so.
+ markus ok
+ - itojun@cvs.openbsd.org 2002/07/09 12:04:02
+ [sshconnect.c]
+ ed static function (less warnings)
+ - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
+ [sshd_config.5]
+ clarify no preference ordering in protocol list; ok markus@
+ - itojun@cvs.openbsd.org 2002/07/10 10:28:15
+ [sshconnect.c]
+ bark if all connection attempt fails.
+ - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
+ [rijndael.c]
+ use right sizeof in memcpy; markus ok
+
+20020709
+ - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
+ lacking that concept can share it. Patch by vinschen@redhat.com
+
+20020708
+ - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
+ work in a jumpstart environment. patch by kbrint@rufus.net
+ - (tim) [Makefile.in] workaround for broken pakadd on some systems.
+ - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
+ --with-privsep-path=
+
+20020707
+ - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
+ - (tim) [acconfig.h configure.ac sshd.c]
+ s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
+ - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
+ patch from vinschen@redhat.com
+ - (bal) [realpath.c] Updated with OpenBSD tree.
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
+ [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
+ patch memory leaks; grendel@zeitbombe.org
+ - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
+ [channels.c packet.c]
+ blah blah minor nothing as i read and re-read and re-read...
+ - markus@cvs.openbsd.org 2002/07/04 10:41:47
+ [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
+ don't allocate, copy, and discard if there is not interested in the data;
+ ok deraadt@
+ - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
+ [log.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
+ [ssh-keyscan.c]
+ KNF, realloc fix, and clean usage
+ - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
+ [ssh-keyscan.c]
+ unused variable
+ - (bal) Minor KNF on ssh-keyscan.c
+
+20020705
+ - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
+ Reported by Darren Tucker <dtucker@zip.com.au>
+ - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
+ from vinschen@redhat.com
+
+20020704
+ - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
+ faster data rate) Bug #124
+ - (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
+ bug #265
+ - (bal) One too many nulls in ports-aix.c
+
20020703
- (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
- (bal) minor correction to utimes() replacement. Patch by
/etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
globally. based on discussions with deraadt, itojun and sommerfeld;
ok itojun@
-
+ - (bal) Failed password attempts don't increment counter on AIX. Bug #145
+ - (bal) Missed Makefile.in change. keysign needs readconf.o
+ - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
+
20020702
- (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
friends consistently. Spotted by Solar Designer <solar@openwall.com>
- (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
Bug #303
-200206027
+20020627
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/06/26 14:49:36
[monitor.c]