+20011219
+ - (stevesk) OpenBSD CVS sync X11 localhost display
+ - stevesk@cvs.openbsd.org 2001/11/29 14:10:51
+ [channels.h channels.c session.c]
+ sshd X11 fake server will now listen on localhost by default:
+ $ echo $DISPLAY
+ localhost:12.0
+ $ netstat -an|grep 6012
+ tcp 0 0 127.0.0.1.6012 *.* LISTEN
+ tcp6 0 0 ::1.6012 *.* LISTEN
+ sshd_config gatewayports=yes can be used to revert back to the old
+ behavior. will control this with another option later. ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
+ [includes.h session.c]
+ handle utsname.nodename case for FamilyLocal X authorization; ok markus@
+
+20011207
+ - (bal) PCRE no longer required. Banished from the source along with
+ fake-regex.h
+ - (bal) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/12/06 18:02:32
+ [channels.c sshconnect.c]
+ shutdown(sock, SHUT_RDWR) not needed here; ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/06 18:09:23
+ [channels.c session.c]
+ strncpy->strlcpy. remaining strncpy's are necessary. ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/06 18:20:32
+ [channels.c]
+ disable nagle for X11 fake server and client TCPs. from netbsd.
+ ok markus@
+
+20011206
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
+ [sshd.c]
+ errno saving wrapping in a signal handler
+ - markus@cvs.openbsd.org 2001/11/16 12:46:13
+ [ssh-keyscan.c]
+ handle empty lines instead of dumping core; report from sha@sha-1.net
+ - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
+ [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
+ enum/int type cleanup where it made sense to do so; ok markus@
+ - markus@cvs.openbsd.org 2001/11/19 11:20:21
+ [sshd.c]
+ fd leak on HUP; ok stevesk@
+ - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
+ [ssh-agent.1]
+ clarify/state that private keys are not exposed to clients using the
+ agent; ok markus@
+ - mpech@cvs.openbsd.org 2001/11/19 19:02:16
+ [deattack.c radix.c]
+ kill more registers
+ millert@ ok
+ - markus@cvs.openbsd.org 2001/11/21 15:51:24
+ [key.c]
+ mem leak
+ - stevesk@cvs.openbsd.org 2001/11/21 18:49:14
+ [ssh-keygen.1]
+ more on passphrase construction; ok markus@
+ - stevesk@cvs.openbsd.org 2001/11/22 05:27:29
+ [ssh-keyscan.c]
+ don't use "\n" in fatal()
+ - markus@cvs.openbsd.org 2001/11/22 12:34:22
+ [clientloop.c serverloop.c sshd.c]
+ volatile sig_atomic_t
+ - stevesk@cvs.openbsd.org 2001/11/29 19:06:39
+ [channels.h]
+ remove dead function prototype; ok markus@
+ - markus@cvs.openbsd.org 2001/11/29 22:08:48
+ [auth-rsa.c]
+ fix protocol error: send 'failed' message instead of a 2nd challenge
+ (happens if the same key is in authorized_keys twice).
+ reported Ralf_Meister@genua.de; ok djm@
+ - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
+ [ssh.c]
+ sscanf() length dependencies are clearer now; can also shrink proto
+ and data if desired, but i have not done that. ok markus@
+ - markus@cvs.openbsd.org 2001/12/01 21:41:48
+ [session.c sshd.8]
+ don't pass user defined variables to /usr/bin/login
+ - deraadt@cvs.openbsd.org 2001/12/02 02:08:32
+ [sftp-common.c]
+ zap };
+ - itojun@cvs.openbsd.org 2001/12/05 03:50:01
+ [clientloop.c serverloop.c sshd.c]
+ deal with LP64 printf issue with sig_atomic_t. from thorpej
+ - itojun@cvs.openbsd.org 2001/12/05 03:56:39
+ [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
+ sshconnect2.c]
+ make it compile with more strict prototype checking
+ - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
+ [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
+ key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
+ sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
+ minor KNF
+ - markus@cvs.openbsd.org 2001/12/05 15:04:48
+ [version.h]
+ post 3.0.2
+ - markus@cvs.openbsd.org 2001/12/05 16:54:51
+ [compat.c match.c match.h]
+ make theo and djm happy: bye bye regexp
+ - markus@cvs.openbsd.org 2001/12/06 13:30:06
+ [servconf.c servconf.h sshd.8 sshd.c]
+ add -o to sshd, too. ok deraadt@
+ - (bal) Minor white space fix up in servconf.c
+
+20011126
+ - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
+ openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
+ Allow SSHD to install as service under WIndows 9x/Me
+ [configure.ac] Fix to allow linking against PCRE on Cygwin
+ Patches by Corinna Vinschen <vinschen@redhat.com>
+
+20011115
+ - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
+ <djast@cs.toronto.edu> Fix from markus@
+ - (djm) Release 3.0.1p1
+
+20011113
+ - (djm) Fix early (and double) free of remote user when using Kerberos.
+ Patch from Simon Wilkinson <simon@sxw.org.uk>
+ - (djm) AIX login{success,failed} changes. Move loginsuccess call to
+ do_authenticated. Call loginfailed for protocol 2 failures > MAX like
+ we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
+ K.Wolkersdorfer@fz-juelich.de and others
+ - (djm) OpenBSD CVS Sync
+ - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
+ [auth-krb5.c]
+ fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
+ art@, deraadt@ ok
+ - markus@cvs.openbsd.org 2001/11/12 11:17:07
+ [servconf.c]
+ enable authorized_keys2 again. tested by fries@
+ - markus@cvs.openbsd.org 2001/11/13 02:03:57
+ [version.h]
+ enter 3.0.1
+ - (djm) Bump RPM package versions
+
+20011112
+ - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
+ - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/10/24 08:41:41
+ [sshd.c]
+ mention remote port in debug message
+ - markus@cvs.openbsd.org 2001/10/24 08:41:20
+ [ssh.c]
+ remove unused
+ - markus@cvs.openbsd.org 2001/10/24 08:51:35
+ [clientloop.c ssh.c]
+ ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
+ - markus@cvs.openbsd.org 2001/10/24 19:57:40
+ [clientloop.c]
+ make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
+ - markus@cvs.openbsd.org 2001/10/25 21:14:32
+ [ssh-keygen.1 ssh-keygen.c]
+ better docu for fingerprinting, ok deraadt@
+ - markus@cvs.openbsd.org 2001/10/29 19:27:15
+ [sshconnect2.c]
+ hostbased: check for client hostkey before building chost
+ - markus@cvs.openbsd.org 2001/10/30 20:29:09
+ [ssh.1]
+ ssh.1
+ - markus@cvs.openbsd.org 2001/11/07 16:03:17
+ [packet.c packet.h sshconnect2.c]
+ pad using the padding field from the ssh2 packet instead of sending
+ extra ignore messages. tested against several other ssh servers.
+ - markus@cvs.openbsd.org 2001/11/07 21:40:21
+ [ssh-rsa.c]
+ ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
+ - markus@cvs.openbsd.org 2001/11/07 22:10:28
+ [ssh-dss.c ssh-rsa.c]
+ missing free and sync dss/rsa code.
+ - markus@cvs.openbsd.org 2001/11/07 22:12:01
+ [sshd.8]
+ s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
+ - markus@cvs.openbsd.org 2001/11/07 22:41:51
+ [auth2.c auth-rh-rsa.c]
+ unused includes
+ - markus@cvs.openbsd.org 2001/11/07 22:53:21
+ [channels.h]
+ crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+ - markus@cvs.openbsd.org 2001/11/08 10:51:08
+ [readpass.c]
+ don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
+ - markus@cvs.openbsd.org 2001/11/08 17:49:53
+ [ssh.1]
+ mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@
+ - markus@cvs.openbsd.org 2001/11/08 20:02:24
+ [auth.c]
+ don't print ROOT in CAPS for the authentication messages, i.e.
+ Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
+ becomes
+ Accepted publickey for root from 127.0.0.1 port 42734 ssh2
+ - markus@cvs.openbsd.org 2001/11/09 18:59:23
+ [clientloop.c serverloop.c]
+ don't memset too much memory, ok millert@
+ original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
+ - markus@cvs.openbsd.org 2001/11/10 13:19:45
+ [sshd.c]
+ cleanup libwrap support (remove bogus comment, bogus close(), add
+ debug, etc).
+ - markus@cvs.openbsd.org 2001/11/10 13:22:42
+ [ssh-rsa.c]
+ KNF (unexpand)
+ - markus@cvs.openbsd.org 2001/11/10 13:37:20
+ [packet.c]
+ remove extra debug()
+ - markus@cvs.openbsd.org 2001/11/11 13:02:31
+ [servconf.c]
+ make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
+ AuthorizedKeysFile is specified.
+ - (djm) Reorder portable-specific server options so that they come first.
+ This should help reduce diff collisions for new server options (as they
+ will appear at the end)
+
+20011109
+ - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
+ if permit_empty_passwd == 0 so null password check cannot be bypassed.
+ jayaraj@amritapuri.com OpenBSD bug 2168
+ - markus@cvs.openbsd.org 2001/11/09 19:08:35
+ [sshd.c]
+ remove extra trailing dot from log message; pilot@naughty.monkey.org
+
+20011103
+ - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates
+ from Raymund Will <ray@caldera.de>
+ [acconfig.h configure.in] Clean up login checks.
+ Problem reported by Jim Knoble <jmknoble@pobox.com>
+
+20011101
+ - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
+
+20011031
+ - (djm) Unsmoke drugs: config files should be noreplace.
+
+20011030
+ - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6
+ by default (can force IPv4 using --define "noipv6 1")
+
+20011029
+ - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
+ to configure.ac
+
+20011028
+ - (djm) Avoid bug in Solaris PAM libs
+ - (djm) Disconnect if no tty and PAM reports password expired
+ - (djm) Fix for PAM password changes being echoed (from stevesk)
+ - (stevesk) Fix compile problem with PAM password change fix
+ - (stevesk) README: zlib location is http://www.gzip.org/zlib/
+
+20011027
+ - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)
+ Patch by Robert Dahlem <Robert.Dahlem@siemens.com>
+
+20011026
+ - (bal) Set the correct current time in login_utmp_only(). Patch by
+ Wayne Davison <wayned@users.sourceforge.net>
+ - (tim) [scard/Makefile.in] Fix install: when building outside of source
+ tree and using --src=/full_path/to/openssh
+ Patch by Mark D. Baushke <mdb@juniper.net>
+
+20011025
+ - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c. Patch
+ by todd@
+ - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and
+ tcp-wrappers precedence over system libraries and includes.
+ Report from Dave Dykstra <dwd@bell-labs.com>
+
+20011024
+ - (bal) Should be 3.0p1 not 3.0p2. Corrected version.h already.
+ - (tim) configure.in -> configure.ac
+
+20011023
+ - (bal) Updated version to 3.0p1 in preparing for release.
+ - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform.
+ - (tim) [configure.in] Fix test for broken dirname. Based on patch from
+ Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
+ [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
+ contrib/suse/openssh.spec] Update version to match version.h
+
+20011022
+ - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open).
+ Report from Michal Zalewski <lcamtuf@coredump.cx>
+
+20011021
+ - (tim) [configure.in] Clean up library testing. Add optional PATH to
+ --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on
+ patch by albert chin (china@thewrittenword.com)
+ Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
+ of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE
+ with AC_CHECK_MEMBERS. Add test for broken dirname() on
+ Solaris 2.5.1 by Dan Astoorian <djast@cs.toronto.edu>
+ [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test.
+ patch by albert chin (china@thewrittenword.com)
+ [scp.c] Replace obsolete HAVE_ST_BLKSIZE with
+ HAVE_STRUCT_STAT_ST_BLKSIZE.
+ [Makefile.in] When running make in top level, always do make
+ in openbsd-compat. patch by Dave Dykstra <dwd@bell-labs.com>
+
+20011019
+ - (bal) Fixed up init.d symlink issue and piddir stuff. Patches by
+ Zoran Milojevic <Zoran.Milojevic@SS8.com> and j.petersen@msh.de
+
+20011012
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/10/10 22:18:47
+ [channels.c channels.h clientloop.c nchan.c serverloop.c]
+ [session.c session.h]
+ try to keep channels open until an exit-status message is sent.
+ don't kill the login shells if the shells stdin/out/err is closed.
+ this should now work:
+ ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
+ - markus@cvs.openbsd.org 2001/10/11 13:45:21
+ [session.c]
+ delay detach of session if a channel gets closed but the child is
+ still alive. however, release pty, since the fd's to the child are
+ already closed.
+ - markus@cvs.openbsd.org 2001/10/11 15:24:00
+ [clientloop.c]
+ clear select masks if we return before calling select().
+ - (djm) "make veryclean" fix from Tom Holroyd <tomh@po.crl.go.jp>
+ - (djm) Clean some autoconf-2.52 junk when doing "make distclean"
+ - (djm) Cleanup sshpty.c a little
+ - (bal) First wave of contrib/solaris/ package upgrades. Still more
+ work needs to be done, but it is a 190% better then the stuff we
+ had before!
+ - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not
+ set right.
+
+20011010
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/10/04 14:34:16
+ [key.c]
+ call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
+ - markus@cvs.openbsd.org 2001/10/04 15:05:40
+ [channels.c serverloop.c]
+ comment out bogus conditions for selecting on connection_in
+ - markus@cvs.openbsd.org 2001/10/04 15:12:37
+ [serverloop.c]
+ client_alive_check cleanup
+ - markus@cvs.openbsd.org 2001/10/06 00:14:50
+ [sshconnect.c]
+ remove unused argument
+ - markus@cvs.openbsd.org 2001/10/06 00:36:42
+ [session.c]
+ fix typo in error message, sync with do_exec_nopty
+ - markus@cvs.openbsd.org 2001/10/06 11:18:19
+ [sshconnect1.c sshconnect2.c sshconnect.c]
+ unify hostkey check error messages, simplify prompt.
+ - markus@cvs.openbsd.org 2001/10/07 10:29:52
+ [authfile.c]
+ grammer; Matthew_Clarke@mindlink.bc.ca
+ - markus@cvs.openbsd.org 2001/10/07 17:49:40
+ [channels.c channels.h]
+ avoid possible FD_ISSET overflow for channels established
+ during channnel_after_select() (used for dynamic channels).
+ - markus@cvs.openbsd.org 2001/10/08 11:48:57
+ [channels.c]
+ better debug
+ - markus@cvs.openbsd.org 2001/10/08 16:15:47
+ [sshconnect.c]
+ use correct family for -b option
+ - markus@cvs.openbsd.org 2001/10/08 19:05:05
+ [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
+ some more IPv4or6 cleanup
+ - markus@cvs.openbsd.org 2001/10/09 10:12:08
+ [session.c]
+ chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
+ - markus@cvs.openbsd.org 2001/10/09 19:32:49
+ [session.c]
+ stat subsystem command before calling do_exec, and return error to client.
+ - markus@cvs.openbsd.org 2001/10/09 19:51:18
+ [serverloop.c]
+ close all channels if the connection to the remote host has been closed,
+ should fix sshd's hanging with WCHAN==wait
+ - markus@cvs.openbsd.org 2001/10/09 21:59:41
+ [channels.c channels.h serverloop.c session.c session.h]
+ simplify session close: no more delayed session_close, no more
+ blocking wait() calls.
+ - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c
+ - (bal) seed_init() and seed_rng() required in ssh-keyscan.c
+
+20011007
+ - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.
+ Prompted by Matthew Vernon <matthew@sel.cam.ac.uk>
+
+20011005
+ - (bal) AES works under Cray, no more hack.
+
+20011004
+ - (bal) nchan2.ms resync. BSD License applied.
+
+20011003
+ - (bal) CVS ID fix up in version.h
+ - (bal) OpenBSD CVS Sync:
+ - markus@cvs.openbsd.org 2001/09/27 11:58:16
+ [compress.c]
+ mem leak; chombier@mac.com
+ - markus@cvs.openbsd.org 2001/09/27 11:59:37
+ [packet.c]
+ missing called=1; chombier@mac.com
+ - markus@cvs.openbsd.org 2001/09/27 15:31:17
+ [auth2.c auth2-chall.c sshconnect1.c]
+ typos; from solar
+ - camield@cvs.openbsd.org 2001/09/27 17:53:24
+ [sshd.8]
+ don't talk about compile-time options
+ ok markus@
+ - djm@cvs.openbsd.org 2001/09/28 12:07:09
+ [ssh-keygen.c]
+ bzero private key after loading to smartcard; ok markus@
+ - markus@cvs.openbsd.org 2001/09/28 15:46:29
+ [ssh.c]
+ bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
+ - markus@cvs.openbsd.org 2001/10/01 08:06:28
+ [scp.c]
+ skip filenames containing \n; report jdamery@chiark.greenend.org.uk
+ and matthew@debian.org
+ - markus@cvs.openbsd.org 2001/10/01 21:38:53
+ [channels.c channels.h ssh.c sshd.c]
+ remove ugliness; vp@drexel.edu via angelos
+ - markus@cvs.openbsd.org 2001/10/01 21:51:16
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ add NoHostAuthenticationForLocalhost; note that the hostkey is
+ now check for localhost, too.
+ - djm@cvs.openbsd.org 2001/10/02 08:38:50
+ [ssh-add.c]
+ return non-zero exit code on error; ok markus@
+ - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
+ [sshd.c]
+ #include "channels.h" for channel_set_af()
+ - markus@cvs.openbsd.org 2001/10/03 10:01:20
+ [auth.c]
+ use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
+
+20011001
+ - (stevesk) loginrec.c: fix type conversion problems exposed when using
+ 64-bit off_t.
+
+20010929
+ - (bal) move reading 'config.h' up higher. Patch by albert chin
+ <china@thewrittenword.com)
+
+20010928
+ - (djm) OpenBSD CVS sync:
+ - djm@cvs.openbsd.org 2001/09/28 09:49:31
+ [scard.c]
+ Fix segv when smartcard communication error occurs during key load.
+ ok markus@
+ - (djm) Update spec files for new x11-askpass
+
+20010927
+ - (stevesk) session.c: declare do_pre_login() before use
+ wayned@users.sourceforge.net
+
+20010925
+ - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
+ - (djm) Sync $sysconfdir/moduli
+ - (djm) Add AC_SYS_LARGEFILE configure test
+ - (djm) Avoid bad and unportable sprintf usage in compat code
+
+20010923
+ - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
+ by stevesk@
+ - (bal) Removed 'extern int optopt;' since it is dead wood.
+ - (bal) Updated all *.specs for 2.9.9p1 and updated version.h
+
+20010923
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/09/23 11:09:13
+ [authfile.c]
+ relax permission check for private key files.
+ - markus@cvs.openbsd.org 2001/09/23 09:58:13
+ [LICENCE]
+ new rijndael implementation
+
20010920
- (tim) [scard/Makefile.in] Don't strip the Java binary
+ - (stevesk) sun_len, SUN_LEN() configure stuff no longer required
+ - (bal) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
+ [sshd.8]
+ fix ClientAliveCountMax
+ - markus@cvs.openbsd.org 2001/09/20 13:46:48
+ [auth2.c]
+ key_read returns now -1 or 1
+ - markus@cvs.openbsd.org 2001/09/20 13:50:40
+ [compat.c compat.h ssh.c]
+ bug compat: request a dummy channel for -N (no shell) sessions +
+ cleanup; vinschen@redhat.com
+ - mouring@cvs.openbsd.org 2001/09/20 20:57:51
+ [sshd_config]
+ CheckMail removed. OKed stevesk@
20010919
- (bal) OpenBSD Sync