+20071026
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ (NB. RCD ID sync only for portable)
+ - djm@cvs.openbsd.org 2007/09/21 03:05:23
+ [ssh_config.5]
+ document KbdInteractiveAuthentication in ssh_config.5;
+ patch from dkg AT fifthhorseman.net
+ - djm@cvs.openbsd.org 2007/09/21 08:15:29
+ [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
+ [monitor.c monitor_wrap.c]
+ unifdef -DBSD_AUTH
+ unifdef -USKEY
+ These options have been in use for some years;
+ ok markus@ "no objection" millert@
+ (NB. RCD ID sync only for portable)
+ - canacar@cvs.openbsd.org 2007/09/25 23:48:57
+ [ssh-agent.c]
+ When adding a key that already exists, update the properties
+ (time, confirm, comment) instead of discarding them. ok djm@ markus@
+ - ray@cvs.openbsd.org 2007/09/27 00:15:57
+ [dh.c]
+ Don't return -1 on error in dh_pub_is_valid(), since it evaluates
+ to true.
+ Also fix a typo.
+ Initial diff from Matthew Dempsky, input from djm.
+ OK djm, markus.
+ - dtucker@cvs.openbsd.org 2007/09/29 00:25:51
+ [auth2.c]
+ Remove unused prototype. ok djm@
+ - chl@cvs.openbsd.org 2007/10/02 17:49:58
+ [ssh-keygen.c]
+ handles zero-sized strings that fgets can return
+ properly removes trailing newline
+ removes an unused variable
+ correctly counts line number
+ "looks ok" ray@ markus@
+ - markus@cvs.openbsd.org 2007/10/22 19:10:24
+ [readconf.c]
+ make sure that both the local and remote port are correct when
+ parsing -L; Jan Pechanec (bz #1378)
+ - djm@cvs.openbsd.org 2007/10/24 03:30:02
+ [sftp.c]
+ rework argument splitting and parsing to cope correctly with common
+ shell escapes and make handling of escaped characters consistent
+ with sh(1) and between sftp commands (especially between ones that
+ glob their arguments and ones that don't).
+ parse command flags using getopt(3) rather than hand-rolled parsers.
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/10/24 03:44:02
+ [scp.c]
+ factor out network read/write into an atomicio()-like function, and
+ use it to handle short reads, apply bandwidth limits and update
+ counters. make network IO non-blocking, so a small trickle of
+ reads/writes has a chance of updating the progress meter; bz #799
+ ok dtucker@
+ - djm@cvs.openbsd.org 2006/08/29 09:44:00
+ [regress/sftp-cmds.sh]
+ clean up our mess
+ - markus@cvs.openbsd.org 2006/11/06 09:27:43
+ [regress/cfgmatch.sh]
+ fix quoting for non-(c)sh login shells.
+ - dtucker@cvs.openbsd.org 2006/12/13 08:36:36
+ [regress/cfgmatch.sh]
+ Additional test for multiple PermitOpen entries. ok djm@
+ - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
+ [regress/cipher-speed.sh regress/try-ciphers.sh]
+ test umac-64@openssh.com
+ ok djm@
+ - djm@cvs.openbsd.org 2007/10/24 03:32:35
+ [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
+ comprehensive tests for sftp escaping its interaction with globbing;
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/10/26 05:30:01
+ [regress/sftp-glob.sh regress/test-exec.sh]
+ remove "echo -E" crap that I added in last commit and use printf(1) for
+ cases where we strictly require echo not to reprocess escape characters.
+ - deraadt@cvs.openbsd.org 2005/11/28 17:50:12
+ [openbsd-compat/glob.c]
+ unused arg in internal static API
+ - jakob@cvs.openbsd.org 2007/10/11 18:36:41
+ [openbsd-compat/getrrsetbyname.c]
+ use RRSIG instead of SIG for DNSSEC. ok djm@
+ - (djm) [regress/sftp-cmds.sh]
+ Use more restrictive glob to pick up test files from /bin - some platforms
+ ship broken symlinks there which could spoil the test.
+ - (djm) [openbsd-compat/bindresvport.c]
+ Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
+
+20070927
+ - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
+ we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
+ - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
+ so disable it for that platform. From bacon at cs nyu edu.
+
+20070921
+ - (djm) [atomicio.c] Fix spin avoidance for platforms that define
+ EWOULDBLOCK; patch from ben AT psc.edu
+
+20070917
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/08/23 02:49:43
+ [auth-passwd.c auth.c session.c]
+ unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 02:55:51
+ [auth-passwd.c auth.c session.c]
+ missed include bits from last commit
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:06:10
+ [auth.h]
+ login_cap.h doesn't belong here
+ NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:22:16
+ [auth2-none.c sshd_config sshd_config.5]
+ Support "Banner=none" to disable displaying of the pre-login banner;
+ ok dtucker@ deraadt@
+ - djm@cvs.openbsd.org 2007/08/23 03:23:26
+ [sshconnect.c]
+ Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
+ - djm@cvs.openbsd.org 2007/09/04 03:21:03
+ [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
+ [monitor_wrap.c ssh.c]
+ make file descriptor passing code return an error rather than call fatal()
+ when it encounters problems, and use this to make session multiplexing
+ masters survive slaves failing to pass all stdio FDs; ok markus@
+ - djm@cvs.openbsd.org 2007/09/04 11:15:56
+ [ssh.c sshconnect.c sshconnect.h]
+ make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
+ SSH banner exchange (previously it just covered the TCP connection).
+ This allows callers of ssh(1) to better detect and deal with stuck servers
+ that accept a TCP connection but don't progress the protocol, and also
+ makes ConnectTimeout useful for connections via a ProxyCommand;
+ feedback and "looks ok" markus@
+ - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
+ [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
+ sort synopsis and options in ssh-agent(1); usage is lowercase
+ ok jmc@
+ - stevesk@cvs.openbsd.org 2007/09/11 04:36:29
+ [sshpty.c]
+ sort #include
+ NB. RCS ID sync only
+ - gilles@cvs.openbsd.org 2007/09/11 15:47:17
+ [session.c ssh-keygen.c sshlogin.c]
+ use strcspn to properly overwrite '\n' in fgets returned buffer
+ ok pyr@, ray@, millert@, moritz@, chl@
+ - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ NB. RCS ID sync only
+ - stevesk@cvs.openbsd.org 2007/09/12 19:39:19
+ [umac.c]
+ use xmalloc() and xfree(); ok markus@ pvalchev@
+ - djm@cvs.openbsd.org 2007/09/13 04:39:04
+ [sftp-server.c]
+ fix incorrect test when setting syslog facility; from Jan Pechanec
+ - djm@cvs.openbsd.org 2007/09/16 00:55:52
+ [sftp-client.c]
+ use off_t instead of u_int64_t for file offsets, matching what the
+ progressmeter code expects; bz #842
+ - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
+ Problem report and additional testing rac AT tenzing.org.
+
+20070914
+ - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
+ Patch from Jan.Pechanec at sun com.
+
+20070910
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
+ return 0 on successful test. From David.Leonard at quest com.
+ - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
+ did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
+
20070817
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
accounts and that's what the code looks for, so make man page and code