+20060315
+ - (djm) OpenBSD CVS Sync:
+ - msf@cvs.openbsd.org 2006/02/06 15:54:07
+ [ssh.1]
+ - typo fix
+ ok jmc@
+ - jmc@cvs.openbsd.org 2006/02/06 21:44:47
+ [ssh.1]
+ make this a little less ambiguous...
+ - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
+ [auth-rhosts.c includes.h]
+ move #include <netgroup.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
+ [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
+ move #include <sys/queue.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
+ [channels.c clientloop.c clientloop.h includes.h packet.h]
+ [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
+ move #include <termios.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
+ [sshtty.c]
+ "log.h" not needed
+ - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
+ [hostfile.c]
+ "packet.h" not needed
+ - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
+ [deattack.c]
+ duplicate #include
+ - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
+ [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
+ [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
+ [sshd.c sshpty.c]
+ move #include <paths.h> out of includes.h; ok markus@
+
+20060313
+ - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
+ since not all platforms support it. Instead, use internal equivalent while
+ computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
+ as it's no longer required. Tested by Bernhard Simon, ok djm@
+
+20060304
+ - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
+ file rather than directory, required as Cygwin will be importing lastlog(1).
+ Also tightens up permissions on the file. Patch from vinschen@redhat.com.
+ - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h
+ includes. Patch from gentoo.riverrat at gmail.com.
+
+20060226
+ - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY
+ patch from kraai at ftbfs.org.
+
+20060223
+ - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
+ reality. Pointed out by tryponraj at gmail.com.
+
+20060222
+ - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
+ compile in compat code if required.
+
+20060221
+ - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
+ redefinition of SSLeay_add_all_algorithms.
+
+20060220
+ - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
+ Add optional enabling of OpenSSL's (hardware) Engine support, via
+ configure --with-ssl-engine. Based in part on a diff by michal at
+ logix.cz.
+
+20060219
+ - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
+ Add first attempt at regress tests for compat library. ok djm@
+
+20060214
+ - (tim) [buildpkg.sh.in] Make the names consistent.
+ s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
+
+20060212
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
+ to silence compiler warning, from vinschen at redhat.com.
+ - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX.
+ - (dtucker) [README version.h contrib/caldera/openssh.spec
+ contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
+ strings to match 4.3p2 release.
+
+20060208
+ - (tim) [session.c] Logout records were not updated on systems with
+ post auth privsep disabled due to bug 1086 changes. Analysis and patch
+ by vinschen at redhat.com. OK tim@, dtucker@.
+ - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
+ -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@
+
+20060206
+ - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
+ netinet/in_systm.h. OK dtucker@.
+
+20060205
+ - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
+ for Solaris. OK dtucker@.
+ - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
+ kraai at ftbfs.org.
+
+20060203
+ - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
+ AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
+ by a platform specific check, builtin standard includes tests will be
+ skipped on the other platforms.
+ Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
+ OK tim@, djm@.
+
+20060202
+ - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
+ works with picky compilers. Patch from alex.kiernan at thus.net.
+
+20060201
+ - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
+ determine the user's login name - needed for regress tests on Solaris
+ 10 and OpenSolaris
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/02/01 09:06:50
+ [sshd.8]
+ - merge sections on protocols 1 and 2 into a single section
+ - remove configuration file section
+ ok markus
+ - jmc@cvs.openbsd.org 2006/02/01 09:11:41
+ [sshd.8]
+ small tweak;
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update versions ahead of release
+ - markus@cvs.openbsd.org 2006/02/01 11:27:22
+ [version.h]
+ openssh 4.3
+ - (djm) Release OpenSSH 4.3p1
+
+20060131
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/20 11:21:45
+ [ssh_config.5]
+ - word change, agreed w/ markus
+ - consistency fixes
+ - jmc@cvs.openbsd.org 2006/01/25 09:04:34
+ [sshd.8]
+ move the options description up the page, and a few additional tweaks
+ whilst in here;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/25 09:07:22
+ [sshd.8]
+ move subsections to full sections;
+ - jmc@cvs.openbsd.org 2006/01/26 08:47:56
+ [ssh.1]
+ add a section on verifying host keys in dns;
+ written with a lot of help from jakob;
+ feedback dtucker/markus;
+ ok markus
+ - reyk@cvs.openbsd.org 2006/01/30 12:22:22
+ [channels.c]
+ mark channel as write failed or dead instead of read failed on error
+ of the channel output filter.
+ ok markus@
+ - jmc@cvs.openbsd.org 2006/01/30 13:37:49
+ [ssh.1]
+ remove an incorrect sentence;
+ reported by roumen petrov;
+ ok djm markus
+ - djm@cvs.openbsd.org 2006/01/31 10:19:02
+ [misc.c misc.h scp.c sftp.c]
+ fix local arbitrary command execution vulnerability on local/local and
+ remote/remote copies (CVE-2006-0225, bz #1094), patch by
+ t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
+ - djm@cvs.openbsd.org 2006/01/31 10:35:43
+ [scp.c]
+ "scp a b c" shouldn't clobber "c" when it is not a directory, report and
+ fix from biorn@; ok markus@
+ - (djm) Sync regress tests to OpenBSD:
+ - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
+ [regress/forwarding.sh]
+ Regress test for ClearAllForwardings (bz #994); ok markus@
+ - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
+ [regress/multiplex.sh]
+ Don't call cleanup in multiplex as test-exec will cleanup anyway
+ found by tim@, ok djm@
+ NB. ID sync only, we already had this
+ - djm@cvs.openbsd.org 2005/05/20 23:14:15
+ [regress/test-exec.sh]
+ force addressfamily=inet for tests, unbreaking dynamic-forward regress for
+ recently committed nc SOCKS5 changes
+ - djm@cvs.openbsd.org 2005/05/24 04:10:54
+ [regress/try-ciphers.sh]
+ oops, new arcfour modes here too
+ - markus@cvs.openbsd.org 2005/06/30 11:02:37
+ [regress/scp.sh]
+ allow SUDO=sudo; from Alexander Bluhm
+ - grunk@cvs.openbsd.org 2005/11/14 21:25:56
+ [regress/agent-getpeereid.sh]
+ all other scripts in this dir use $SUDO, not 'sudo', so pull this even
+ ok markus@
+ - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
+ [regress/scp-ssh-wrapper.sh]
+ Fix assumption about how many args scp will pass; ok djm@
+ NB. ID sync only, we already had this
+ - djm@cvs.openbsd.org 2006/01/27 06:49:21
+ [scp.sh]
+ regress test for local to local scp copies; ok dtucker@
+ - djm@cvs.openbsd.org 2006/01/31 10:23:23
+ [scp.sh]
+ regression test for CVE-2006-0225 written by dtucker@
+ - djm@cvs.openbsd.org 2006/01/31 10:36:33
+ [scp.sh]
+ regress test for "scp a b c" where "c" is not a directory
+
+20060129
+ - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
+ opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
+
+20060120
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/15 17:37:05
+ [ssh.1]
+ correction from deraadt
+ - jmc@cvs.openbsd.org 2006/01/18 10:53:29
+ [ssh.1]
+ add a section on ssh-based vpn, based on reyk's README.tun;
+ - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
+ [scp.1 ssh.1 ssh_config.5 sftp.1]
+ Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
+ #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
+
+20060114
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/06 13:27:32
+ [ssh.1]
+ weed out some duplicate info in the known_hosts FILES entries;
+ ok djm
+ - jmc@cvs.openbsd.org 2006/01/06 13:29:10
+ [ssh.1]
+ final round of whacking FILES for duplicate info, and some consistency
+ fixes;
+ ok djm
+ - jmc@cvs.openbsd.org 2006/01/12 14:44:12
+ [ssh.1]
+ split sections on tcp and x11 forwarding into two sections.
+ add an example in the tcp section, based on sth i wrote for ssh faq;
+ help + ok: djm markus dtucker
+ - jmc@cvs.openbsd.org 2006/01/12 18:48:48
+ [ssh.1]
+ refer to `TCP' rather than `TCP/IP' in the context of connection
+ forwarding;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/12 22:20:00
+ [sshd.8]
+ refer to TCP forwarding, rather than TCP/IP forwarding;
+ - jmc@cvs.openbsd.org 2006/01/12 22:26:02
+ [ssh_config.5]
+ refer to TCP forwarding, rather than TCP/IP forwarding;
+ - jmc@cvs.openbsd.org 2006/01/12 22:34:12
+ [ssh.1]
+ back out a sentence - AUTHENTICATION already documents this;
+
+20060109
+ - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
+ tcpip service so it's always started after IP is up. Patch from
+ vinschen at redhat.com.
+
+20060106
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/03 16:31:10
+ [ssh.1]
+ move FILES to a -compact list, and make each files an item in that list.
+ this avoids nastly line wrap when we have long pathnames, and treats
+ each file as a separate item;
+ remove the .Pa too, since it is useless.
+ - jmc@cvs.openbsd.org 2006/01/03 16:35:30
+ [ssh.1]
+ use a larger width for the ENVIRONMENT list;
+ - jmc@cvs.openbsd.org 2006/01/03 16:52:36
+ [ssh.1]
+ put FILES in some sort of order: sort by pathname
+ - jmc@cvs.openbsd.org 2006/01/03 16:55:18
+ [ssh.1]
+ tweak the description of ~/.ssh/environment
+ - jmc@cvs.openbsd.org 2006/01/04 18:42:46
+ [ssh.1]
+ chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
+ entries;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/04 18:45:01
+ [ssh.1]
+ remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
+ - jmc@cvs.openbsd.org 2006/01/04 19:40:24
+ [ssh.1]
+ +.Xr ssh-keyscan 1 ,
+ - jmc@cvs.openbsd.org 2006/01/04 19:50:09
+ [ssh.1]
+ -.Xr gzip 1 ,
+ - djm@cvs.openbsd.org 2006/01/05 23:43:53
+ [misc.c]
+ check that stdio file descriptors are actually closed before clobbering
+ them in sanitise_stdfd(). problems occurred when a lower numbered fd was
+ closed, but higher ones weren't. spotted by, and patch tested by
+ Frédéric Olivié
+
+20060103
+ - (djm) [channels.c] clean up harmless merge error, from reyk@
+
+20060103
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/02 17:09:49
+ [ssh_config.5 sshd_config.5]
+ some corrections from michael knudsen;
+
20060102
- (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/12/31 10:46:17
+ [ssh.1]
+ merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
+ AUTHENTICATION" sections into "AUTHENTICATION";
+ some rewording done to make the text read better, plus some
+ improvements from djm;
+ ok djm
+ - jmc@cvs.openbsd.org 2005/12/31 13:44:04
+ [ssh.1]
+ clean up ENVIRONMENT a little;
+ - jmc@cvs.openbsd.org 2005/12/31 13:45:19
+ [ssh.1]
+ .Nm does not require an argument;
+ - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
+ [includes.h misc.c]
+ move <net/if.h>; ok djm@
+ - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
+ [misc.c]
+ no trailing "\n" for debug()
+ - djm@cvs.openbsd.org 2006/01/02 01:20:31
+ [sftp-client.c sftp-common.h sftp-server.c]
+ use a common max. packet length, no binary change
+ - reyk@cvs.openbsd.org 2006/01/02 07:53:44
+ [misc.c]
+ clarify tun(4) opening - set the mode and bring the interface up. also
+ (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
+ suggested and ok by djm@
+ - jmc@cvs.openbsd.org 2006/01/02 12:31:06
+ [ssh.1]
+ start to cut some duplicate info from FILES;
+ help/ok djm
20060101
- (djm) [Makefile.in configure.ac includes.h misc.c]