+20050601
+ - (dtucker) [configure.ac] Look for _getshort and _getlong in
+ arpa/nameser.h.
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c]
+ Add strtoll to the compat library, from OpenBSD.
+ - (dtucker) OpenBSD CVS Sync
+ - avsm@cvs.openbsd.org 2005/05/26 02:08:05
+ [scp.c]
+ If copying multiple files to a target file (which normally fails, as it
+ must be a target directory), kill the spawned ssh child before exiting.
+ This stops it trying to authenticate and spewing lots of output.
+ deraadt@ ok
+
+20050531
+ - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
+ vintela.com.
+ - (dtucker) [mdoc2man.awk] Teach it to understand .Ox.
+
+20050530
+ - (dtucker) [README] Link to new release notes. Beter late than never...
+
+20050529
+ - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
+ argument to passwdexpired to be initialized to NULL. Suggested by tim@
+ While at it, initialize the other arguments to auth functions in case they
+ ever acquire this behaviour.
+ - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
+ - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
+ spotted by tim@.
+
+20050528
+ - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have
+ one entry per line to make it easier to merge changes. ok djm@
+ - (dtucker) [configure.ac] strsep() may be defined in string.h, so check
+ for its presence and include it in the strsep check.
+ - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for
+ its presence before doing AC_FUNC_GETPGRP.
+ - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor
+ version-specific variations as required.
+ - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
+ per the autoconf man page. Configure should always define them but it
+ doesn't hurt to check.
+
+20050527
+ - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by
+ David Leach; ok dtucker@
+ - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
+ openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
+ Required changes from Bernhard Simon, integrated by me. ok djm@
+
+20050525
+ - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
+ been used for a while
+ - (djm) OpenBSD CVS Sync
+ - otto@cvs.openbsd.org 2005/04/05 13:45:31
+ [ssh-keygen.c]
+ - djm@cvs.openbsd.org 2005/04/06 09:43:59
+ [sshd.c]
+ avoid harmless logspam by not performing setsockopt() on non-socket;
+ ok markus@
+ - dtucker@cvs.openbsd.org 2005/04/06 12:26:06
+ [ssh.c]
+ Fix debug call for port forwards; patch from pete at seebeyond.com,
+ ok djm@ (ID sync only - change already in portable)
+ - djm@cvs.openbsd.org 2005/04/09 04:32:54
+ [misc.c misc.h tildexpand.c Makefile.in]
+ replace tilde_expand_filename with a simpler implementation, ahead of
+ more whacking; ok deraadt@
+ - jmc@cvs.openbsd.org 2005/04/14 12:30:30
+ [ssh.1]
+ arg to -b is an address, not if_name;
+ ok markus@
+ - jakob@cvs.openbsd.org 2005/04/20 10:05:45
+ [dns.c]
+ do not try to look up SSHFP for numerical hostname. ok djm@
+ - djm@cvs.openbsd.org 2005/04/21 06:17:50
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
+ [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
+ variable, so don't say that we do (bz #623); ok deraadt@
+ - djm@cvs.openbsd.org 2005/04/21 11:47:19
+ [ssh.c]
+ don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
+ ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
+ - dtucker@cvs.openbsd.org 2005/04/23 23:43:47
+ [readpass.c]
+ Add debug message if read_passphrase can't open /dev/tty; bz #471;
+ ok djm@
+ - jmc@cvs.openbsd.org 2005/04/26 12:59:02
+ [sftp-client.h]
+ spelling correction in comment from wiz@netbsd;
+ - jakob@cvs.openbsd.org 2005/04/26 13:08:37
+ [ssh.c ssh_config.5]
+ fallback gracefully if client cannot connect to ControlPath. ok djm@
+ - moritz@cvs.openbsd.org 2005/04/28 10:17:56
+ [progressmeter.c ssh-keyscan.c]
+ add snprintf checks. ok djm@ markus@
+ - markus@cvs.openbsd.org 2005/05/02 21:13:22
+ [readpass.c]
+ missing {}
+ - djm@cvs.openbsd.org 2005/05/10 10:28:11
+ [ssh.c]
+ print nice error message for EADDRINUSE as well (ID sync only)
+ - djm@cvs.openbsd.org 2005/05/10 10:30:43
+ [ssh.c]
+ report real errors on fallback from ControlMaster=no to normal connect
+ - markus@cvs.openbsd.org 2005/05/16 15:30:51
+ [readconf.c servconf.c]
+ check return value from strdelim() for NULL (AddressFamily); mpech
+ - djm@cvs.openbsd.org 2005/05/19 02:39:55
+ [sshd_config.5]
+ sort config options, from grunk AT pestilenz.org; ok jmc@
+ - djm@cvs.openbsd.org 2005/05/19 02:40:52
+ [sshd_config]
+ whitespace nit, from grunk AT pestilenz.org
+ - djm@cvs.openbsd.org 2005/05/19 02:42:26
+ [includes.h]
+ fix cast, from grunk AT pestilenz.org
+ - djm@cvs.openbsd.org 2005/05/20 10:50:55
+ [ssh_config.5]
+ give a ProxyCommand example using nc(1), with and ok jmc@
+ - jmc@cvs.openbsd.org 2005/05/20 11:23:32
+ [ssh_config.5]
+ oops - article and spacing;
+ - avsm@cvs.openbsd.org 2005/05/23 22:44:01
+ [moduli.c ssh-keygen.c]
+ - removes signed/unsigned comparisons in moduli generation
+ - use strtonum instead of atoi where its easier
+ - check some strlcpy overflow and fatal instead of truncate
+ - djm@cvs.openbsd.org 2005/05/23 23:32:46
+ [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
+ add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
+ ok markus@
+ - avsm@cvs.openbsd.org 2005/05/24 02:05:09
+ [ssh-keygen.c]
+ some style nits from dmiller@, and use a fatal() instead of a printf()/exit
+ - avsm@cvs.openbsd.org 2005/05/24 17:32:44
+ [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
+ [ssh-keyscan.c sshconnect.c]
+ Switch atomicio to use a simpler interface; it now returns a size_t
+ (containing number of bytes read/written), and indicates error by
+ returning 0. EOF is signalled by errno==EPIPE.
+ Typical use now becomes:
+
+ if (atomicio(read, ..., len) != len)
+ err(1,"read");
+
+ ok deraadt@, cloder@, djm@
+ - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
+ Cygwin.
+ - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
+ warning: dereferencing type-punned pointer will break strict-aliasing rules
+ warning: passing arg 3 of `pam_get_item' from incompatible pointer type
+ The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
+ - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
+ templates for _getshort and _getlong if missing to prevent compiler warnings
+ on Linux.
+ - (djm) [configure.ac openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
+ Add strtonum(3) from OpenBSD libc, new code needs it.
+ Unfortunately Linux forces us to do a bizarre dance with compiler
+ options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
+
+20050524
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
+ - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
+ that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
+ idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
+ USE_POSIX_THREADS will now generate an error so we don't silently change
+ behaviour. ok djm@
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
+ allocation when retrieving core Windows environment. Add CYGWIN variable
+ to propagated variables. Patch from vinschen at redhat.com, ok djm@
+ - Release 4.1p1
+
+20050524
+ - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
+ terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
+ "looks ok" dtucker@
+
+20050512
+ - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
+ hard link section. Bug 1038.
+
+20050509
+ - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
+ user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
+
+20050504
+ - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
+ unix domain socket, so catch that too; from jakob@ ok dtucker@
+
+20050503
+ - (dtucker) [canohost.c] normalise socket addresses returned by
+ get_remote_hostname(). This means that IPv4 addresses in log messages
+ on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
+ AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
+ addresses only for 4-in-6 mapped connections, regardless of whether
+ or not the machine is IPv6 enabled. ok djm@
+
+20050425
+ - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
+ existence of a process since it's more portable. Found by jbasney at
+ ncsa.uiuc.edu; ok tim@
+ - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
+ will clean up anyway. From tim@
+ - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
+ "make tests" works even if you're building on a filesystem that doesn't
+ support sockets. From deengert at anl.gov, ok djm@
+
+20050424
+ - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
+ 1.2.1.2 or higher. With tim@, ok djm@
+
+20050423
+ - (tim) [config.guess] Add support for OpenServer 6.
+
+20050421
+ - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
+ UseLogin is set as PAM is not used to establish credentials in that
+ case. Found by Michael Selvesteen, ok djm@
+
+20050419
+ - (dtucker) [INSTALL] Reference README.privsep for the privilege separation
+ requirements. Pointed out by Bengt Svensson.
+ - (dtucker) [INSTALL] Put the s/key text and URL back together.
+ - (dtucker) [INSTALL] Fix s/key text too.
+
+20050411
+ - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
+
+20050405
+ - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
+ - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
+ Tru64. Patch from cmadams at hiwaay.net.
+ - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
+ sys_auth_passwd, pointed out by cmadams at hiwaay.net.
+
+20050403
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2005/03/31 18:39:21
+ [scp.c]
+ copy argv[] element instead of smashing the one that ps will see; ok otto
+ - djm@cvs.openbsd.org 2005/04/02 12:41:16
+ [scp.c]
+ since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
+ build
+ - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
+ will free as needed. ok tim@ djm@
+
+20050331
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/03/16 11:10:38
+ [ssh_config.5]
+ get the syntax right for {Local,Remote}Forward;
+ based on a diff from markus;
+ problem report from ponraj;
+ ok dtucker@ markus@ deraadt@
+ - markus@cvs.openbsd.org 2005/03/16 21:17:39
+ [version.h]
+ 4.1
+ - jmc@cvs.openbsd.org 2005/03/18 17:05:00
+ [sshd_config.5]
+ typo;
+ - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
+ handling of password expiry messages returned by AIX's authentication
+ routines, originally reported by robvdwal at sara.nl.
+ - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
+ message on some platforms. Patch from pete at seebeyond.com via djm.
+ - (dtucker) [monitor.c] Remaining part of fix for bug #1006.
+
+20050329
+ - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
+ interested in which is much faster in large (eg LDAP or NIS) environments.
+ Patch from dleonard at vintela.com.
+
+20050321
+ - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
+ and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
+ with & ok tim@
+ - (dtucker) [configure.ac] Make configure error out if the user specifies
+ --with-libedit but the required libs can't be found, rather than silently
+ ignoring and continuing. ok tim@
+ - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
+ of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
+
+20050317
+ - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
+ Make --without-opensc work.
+ - (tim) [configure.ac] portability changes on test statements. Some shells
+ have problems with -a operator.
+ - (tim) [configure.ac] make some configure options a little more error proof.
+ - (tim) [configure.ac] remove trailing white space.
+
+20050314
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
+ [readconf.c]
+ Check listen addresses for null, prevents xfree from dying during
+ ClearAllForwardings (bz #996). From Craig Leres, ok markus@
+ - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
+ [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
+ monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
+ readconf.c bufaux.c sftp.c]
+ spacing
+ - deraadt@cvs.openbsd.org 2005/03/10 22:40:38
+ [auth-options.c]
+ spacing
+ - markus@cvs.openbsd.org 2005/03/11 14:59:06
+ [ssh-keygen.c]
+ typo, missing \n; mpech
+ - jmc@cvs.openbsd.org 2005/03/12 11:55:03
+ [ssh_config.5]
+ escape `.' at eol to avoid double spacing issues;
+ - dtucker@cvs.openbsd.org 2005/03/14 10:09:03
+ [ssh-keygen.1]
+ Correct description of -H (bz #997); ok markus@, punctuation jmc@
+ - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
+ [auth.c]
+ Populate host for log message for logins denied by AllowUsers and
+ DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
+ - markus@cvs.openbsd.org 2005/03/14 11:46:56
+ [buffer.c buffer.h channels.c]
+ limit input buffer size for channels; bugzilla #896; with and ok dtucker@
+ - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
+ with a rpm -F
+
+20050313
+ - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
+ localized name of the local administrators group more reliable. From
+ vinschen at redhat.com.
+
+20050312
+ - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
+ output ends up in the client's output, causing regress failures. Found
+ by Corinna Vinschen.
+
+20050309
+ - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
+ so that regress tests behave. From Chris Adams.
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/03/07 23:41:54
+ [ssh.1 ssh_config.5]
+ more macro simplification;
+ - djm@cvs.openbsd.org 2005/03/08 23:49:48
+ [version.h]
+ OpenSSH 4.0
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update spec file versions
+ - (djm) [log.c] Fix dumb syntax error; ok dtucker@
+ - (djm) Release OpenSSH 4.0p1
+
+20050307
+ - (dtucker) [configure.ac] Disable gettext search when configuring with
+ BSM audit support for the time being. ok djm@
+ - (dtucker) OpenBSD CVS Sync (regress/)
+ - fgsch@cvs.openbsd.org 2004/12/10 01:31:30
+ [Makefile sftp-glob.sh]
+ some globbing regress; prompted and ok djm@
+ - david@cvs.openbsd.org 2005/01/14 04:21:18
+ [Makefile test-exec.sh]
+ pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
+ - dtucker@cvs.openbsd.org 2005/02/27 11:33:30
+ [multiplex.sh test-exec.sh sshd-log-wrapper.sh]
+ Add optional capability to log output from regress commands; ok markus@
+ Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
+ - djm@cvs.openbsd.org 2005/02/27 23:13:36
+ [login-timeout.sh]
+ avoid nameservice lookups in regress test; ok dtucker@
+ - djm@cvs.openbsd.org 2005/03/04 08:48:46
+ [Makefile envpass.sh]
+ regress test for SendEnv config parsing bug; ok dtucker@
+ - (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
+ - (tim) [configure.ac] SCO 3.2v4.2 no longer supported.
+
+20050306
+ - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
+ when attempting to audit disconnect events. Reported by Phil Dibowitz.
+ - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
+ events earlier, prevents mm_request_send errors reported by Matt Goebel.
+
+20050305
+ - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
+ from vinschen at redhat.com
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/03/02 11:45:01
+ [ssh.1]
+ missing word;
+ - djm@cvs.openbsd.org 2005/03/04 08:48:06
+ [readconf.c]
+ fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
+
+20050302
+ - (djm) OpenBSD CVS sync:
+ - jmc@cvs.openbsd.org 2005/03/01 14:47:58
+ [ssh.1]
+ remove some unneccesary macros;
+ do not mark up punctuation;
+ - jmc@cvs.openbsd.org 2005/03/01 14:55:23
+ [ssh_config.5]
+ do not mark up punctuation;
+ whitespace;
+ - jmc@cvs.openbsd.org 2005/03/01 14:59:49
+ [sshd.8]
+ new sentence, new line;
+ whitespace;
+ - jmc@cvs.openbsd.org 2005/03/01 15:05:00
+ [ssh-keygen.1]
+ whitespace;
+ - jmc@cvs.openbsd.org 2005/03/01 15:47:14
+ [ssh-keyscan.1 ssh-keyscan.c]
+ sort options and sync usage();
+ - jmc@cvs.openbsd.org 2005/03/01 17:19:35
+ [scp.1 sftp.1]
+ add HashKnownHosts to -o list;
+ ok markus@
+ - jmc@cvs.openbsd.org 2005/03/01 17:22:06
+ [ssh.c]
+ sync usage() w/ man SYNOPSIS;
+ ok markus@
+ - jmc@cvs.openbsd.org 2005/03/01 17:32:19
+ [ssh-add.1]
+ sort options;
+ - jmc@cvs.openbsd.org 2005/03/01 18:15:56
+ [ssh-keygen.1]
+ sort options (no attempt made at synopsis clean up though);
+ spelling (occurance -> occurrence);
+ use prompt before examples;
+ grammar;
+ - djm@cvs.openbsd.org 2005/03/02 01:00:06
+ [sshconnect.c]
+ fix addition of new hashed hostnames when CheckHostIP=yes;
+ found and ok dtucker@
+ - djm@cvs.openbsd.org 2005/03/02 01:27:41
+ [ssh-keygen.c]
+ ignore hostnames with metachars when hashing; ok deraadt@
+ - djm@cvs.openbsd.org 2005/03/02 02:21:07
+ [ssh.1]
+ bz#987: mention ForwardX11Trusted in ssh.1,
+ reported by andrew.benham AT thus.net; ok deraadt@
+ - (tim) [regress/agent-ptrace.sh] add another possible gdb error.
+
+20050301
+ - (djm) OpenBSD CVS sync:
+ - otto@cvs.openbsd.org 2005/02/16 09:56:44
+ [ssh.c]
+ Better diagnostic if an identity file is not accesible. ok markus@ djm@
+ - djm@cvs.openbsd.org 2005/02/18 03:05:53
+ [canohost.c]
+ better error messages for getnameinfo failures; ok dtucker@
+ - djm@cvs.openbsd.org 2005/02/20 22:59:06
+ [sftp.c]
+ turn on ssh batch mode when in sftp batch mode, patch from
+ jdmossh AT nand.net;
+ ok markus@
+ - jmc@cvs.openbsd.org 2005/02/25 10:55:13
+ [sshd.8]
+ add /etc/motd and $HOME/.hushlogin to FILES;
+ from michael knudsen;
+ - djm@cvs.openbsd.org 2005/02/28 00:54:10
+ [ssh_config.5]
+ bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
+ orion AT cora.nwra.com; ok markus@
+ - djm@cvs.openbsd.org 2005/03/01 10:09:52
+ [auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
+ [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
+ [sshd_config.5]
+ bz#413: allow optional specification of bind address for port forwardings.
+ Patch originally by Dan Astorian, but worked on by several people
+ Adds GatewayPorts=clientspecified option on server to allow remote
+ forwards to bind to client-specified ports.
+ - djm@cvs.openbsd.org 2005/03/01 10:40:27
+ [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
+ [sshconnect.c sshd.8]
+ add support for hashing host names and addresses added to known_hosts
+ files, to improve privacy of which hosts user have been visiting; ok
+ markus@ deraadt@
+ - djm@cvs.openbsd.org 2005/03/01 10:41:28
+ [ssh-keyscan.1 ssh-keyscan.c]
+ option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
+ - djm@cvs.openbsd.org 2005/03/01 10:42:49
+ [ssh-keygen.1 ssh-keygen.c ssh_config.5]
+ add tools for managing known_hosts files with hashed hostnames, including
+ hashing existing files and deleting hosts by name; ok markus@ deraadt@
+
+20050226
+ - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
+ Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
+ - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
+ Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
+ more. Patch from vinschen at redhat.com.
+ - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
+ binaries without the config files. Primarily useful for packaging.
+ Patch from phil at usc.edu. ok djm@
+
+20050224
+ - (djm) [configure.ac] in_addr_t test needs sys/types.h too
+
+20050222
+ - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
+ vinschen at redhat.com.
+
+20050220
+ - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
+ defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
+ --with-audit=bsm to enable. Patch originally from Sun Microsystems,
+ parts by John R. Jackson. ok djm@
+ - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
+ unrelated platforms to be configured incorrectly.
+
+20050216
+ - (djm) write seed to temporary file and atomically rename into place;
+ ok dtucker@
+ - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
+ via mkstemp in some configurations. ok djm@
+ - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
+ by the system headers.
+ - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
+ Unix; prevents problems relating to the location of -lresolv in the
+ link order.
+ - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
+ authentication early enough to be available to PAM session modules when
+ privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
+ Hartman and similar to Debian's ssh-krb5 package.
+ - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
+ compiler warnings on AIX.
+
+20050215
+ - (dtucker) [config.sh.in] Collect oslevel -r too.
+ - (dtucker) [README.platform auth.c configure.ac loginrec.c
+ openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
+ on AIX where possible (see README.platform for details) and work around
+ a misfeature of AIX's getnameinfo. ok djm@
+ - (dtucker) [loginrec.c] Add missing #include.
+
20050211
- (dtucker) [configure.ac] Tidy up configure --help output.
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
20050210
- (dtucker) [configure.ac] Bug #919: Provide visible feedback for the