+20010122
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+ [servconf.c ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+ [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+ packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+ session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+ ssh1.h sshconnect1.c sshd.c ttymodes.c]
+ move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+ - markus@cvs.openbsd.org 2001/01/19 16:48:14
+ [sshd.8]
+ fix typo; from stevesk@
+ - markus@cvs.openbsd.org 2001/01/19 16:50:58
+ [ssh-dss.c]
+ clear and free digest, make consistent with other code (use dlen); from
+ stevesk@
+ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+ [auth-options.c auth-options.h auth-rsa.c auth2.c]
+ pass the filename to auth_parse_options()
+ - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+ [readconf.c]
+ fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+ - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
+ [sshconnect2.c]
+ dh_new_group() does not return NULL. ok markus@
+ - markus@cvs.openbsd.org 2001/01/20 21:33:42
+ [ssh-add.c]
+ do not loop forever if askpass does not exist; from
+ andrew@pimlott.ne.mediaone.net
+ - djm@cvs.openbsd.org 2001/01/20 23:00:56
+ [servconf.c]
+ Check for NULL return from strdelim; ok markus
+ - djm@cvs.openbsd.org 2001/01/20 23:02:07
+ [readconf.c]
+ KNF; ok markus
+ - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+ [ssh-keygen.1]
+ remove -R flag; ok markus@
+ - markus@cvs.openbsd.org 2001/01/21 19:05:40
+ [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+ auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+ bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
+ cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+ deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+ key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+ match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+ readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+ session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+ ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+ sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+ ttysmodes.c uidswap.c xmalloc.c]
+ split ssh.h and try to cleanup the #include mess. remove unnecessary
+ #includes. rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+ conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+ on 1/19.
+
+20010120
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26
+ [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - (bal) Slight auth2-pam.c clean up.
+ - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
+ but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
+
+20010119
+ - (djm) Update versions in RPM specfiles
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/18 16:20:21
+ [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
+ sshd.8 sshd.c]
+ log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
+ systems
+ - markus@cvs.openbsd.org 2001/01/18 16:59:59
+ [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
+ session.h sshconnect1.c]
+ 1) removes fake skey from sshd, since this will be much
+ harder with /usr/libexec/auth/login_XXX
+ 2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
+ 3) make addition of BSD_AUTH and other challenge reponse methods
+ easier.
+ - markus@cvs.openbsd.org 2001/01/18 17:12:43
+ [auth-chall.c auth2-chall.c]
+ rename *-skey.c *-chall.c since the files are not skey specific
+ - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
+ to fix NULL pointer deref and fake authloop breakage in PAM code.
+ - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Minor cygwin patch to auth1.c. Suggested by djm.
+
+20010118
+ - (bal) Super Sized OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
+ [sshd.c]
+ maxfd+1
+ - markus@cvs.openbsd.org 2001/01/13 17:59:18
+ [ssh-keygen.1]
+ small ssh-keygen manpage cleanup; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:03:07
+ [scp.c ssh-keygen.c sshd.c]
+ getopt() returns -1 not EOF; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:06:54
+ [ssh-keyscan.c]
+ use SSH_DEFAULT_PORT; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:12:47
+ [ssh-keyscan.c]
+ free() -> xfree(); fix memory leak; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:14:13
+ [ssh-add.c]
+ typo, from stevesk@sweden.hp.com
+ - markus@cvs.openbsd.org 2001/01/13 18:32:50
+ [packet.c session.c ssh.c sshconnect.c sshd.c]
+ split out keepalive from packet_interactive (from dale@accentre.com)
+ set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+ - markus@cvs.openbsd.org 2001/01/13 18:36:45
+ [packet.c packet.h]
+ reorder, typo
+ - markus@cvs.openbsd.org 2001/01/13 18:38:00
+ [auth-options.c]
+ fix comment
+ - markus@cvs.openbsd.org 2001/01/13 18:43:31
+ [session.c]
+ Wall
+ - markus@cvs.openbsd.org 2001/01/13 19:14:08
+ [clientloop.h clientloop.c ssh.c]
+ move callback to headerfile
+ - markus@cvs.openbsd.org 2001/01/15 21:40:10
+ [ssh.c]
+ use log() instead of stderr
+ - markus@cvs.openbsd.org 2001/01/15 21:43:51
+ [dh.c]
+ use error() not stderr!
+ - markus@cvs.openbsd.org 2001/01/15 21:45:29
+ [sftp-server.c]
+ rename must fail if newpath exists, debug off by default
+ - markus@cvs.openbsd.org 2001/01/15 21:46:38
+ [sftp-server.c]
+ readable long listing for sftp-server, ok deraadt@
+ - markus@cvs.openbsd.org 2001/01/16 19:20:06
+ [key.c ssh-rsa.c]
+ make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
+ galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
+ since they are in the wrong format, too. they must be removed from
+ .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+ (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
+ .ssh/authorized_keys2) additionally, we now check that
+ BN_num_bits(rsa->n) >= 768.
+ - markus@cvs.openbsd.org 2001/01/16 20:54:27
+ [sftp-server.c]
+ remove some statics. simpler handles; idea from nisse@lysator.liu.se
+ - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+ [bufaux.c radix.c sshconnect.h sshconnect1.c]
+ indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+ be missing such feature.
+
+
+20010117
+ - (djm) Only write random seed file at exit
+ - (djm) Make PAM support optional, enable with --with-pam
+ - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
+ provides a crypt() of its own)
+ - (djm) Avoid a warning in bsd-bindresvport.c
+ - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
+ can cause weird segfaults errors on Solaris
+ - (djm) Avoid warning in PAM code by making read_passphrase arguments const
+ - (djm) Add --with-pam to RPM spec files
+
+20010115
+ - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
+ - (bal) utimes() support via utime() interface on machine that lack utimes().
+
+20010114
+ - (stevesk) initial work for OpenBSD "support supplementary group in
+ {Allow,Deny}Groups" patch:
+ - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
+ - add bsd-getgrouplist.h
+ - new files groupaccess.[ch]
+ - build but don't use yet (need to merge auth.c changes)
+ - (stevesk) complete:
+ - markus@cvs.openbsd.org 2001/01/13 11:56:48
+ [auth.c sshd.8]
+ support supplementary group in {Allow,Deny}Groups
+ from stevesk@pobox.com
+
+20010112
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/10 22:56:22
+ [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
+ cleanup sftp-server implementation:
+ add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
+ parse SSH2_FILEXFER_ATTR_EXTENDED
+ send SSH2_FX_EOF if readdir returns no more entries
+ reply to SSH2_FXP_EXTENDED message
+ use #defines from the draft
+ move #definations to sftp.h
+ more info:
+ http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
+ - markus@cvs.openbsd.org 2001/01/10 19:43:20
+ [sshd.c]
+ XXX - generate_empheral_server_key() is not safe against races,
+ because it calls log()
+ - markus@cvs.openbsd.org 2001/01/09 21:19:50
+ [packet.c]
+ allow TCP_NDELAY for ipv6; from netbsd via itojun@
+
+20010110
+ - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
+ Bladt Norbert <Norbert.Bladt@adi.ch>
+
+20010109
+ - (bal) Resync CVS ID of cli.c
+ - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
+ code.
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/08 22:29:05
+ [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
+ sshd_config version.h]
+ implement option 'Banner /etc/issue.net' for ssh2, move version to
+ 2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
+ is enabled).
+ - markus@cvs.openbsd.org 2001/01/08 22:03:23
+ [channels.c ssh-keyscan.c]
+ O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/08 21:55:41
+ [sshconnect1.c]
+ more cleanups and fixes from stevesk@pobox.com:
+ 1) try_agent_authentication() for loop will overwrite key just
+ allocated with key_new(); don't alloc
+ 2) call ssh_close_authentication_connection() before exit
+ try_agent_authentication()
+ 3) free mem on bad passphrase in try_rsa_authentication()
+ - markus@cvs.openbsd.org 2001/01/08 21:48:17
+ [kex.c]
+ missing free; thanks stevesk@pobox.com
+ - (bal) Detect if clock_t structure exists, if not define it.
+ - (bal) Detect if O_NONBLOCK exists, if not define it.
+ - (bal) removed news4-posix.h (now empty)
+ - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
+ instead of 'int'
+ - (stevesk) sshd_config: sync
+ - (stevesk) defines.h: remove spurious ``;''
+
+20010108
+ - (bal) Fixed another typo in cli.c
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/07 21:26:55
+ [cli.c]
+ typo
+ - markus@cvs.openbsd.org 2001/01/07 21:26:55
+ [cli.c]
+ missing free, stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/07 19:06:25
+ [auth1.c]
+ missing free, stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/07 11:28:04
+ [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
+ ssh.h sshd.8 sshd.c]
+ rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
+ syslog priority changes:
+ fatal() LOG_ERR -> LOG_CRIT
+ log() LOG_INFO -> LOG_NOTICE
+ - Updated TODO
+
+20010107
+ - (bal) OpenBSD Sync
+ - markus@cvs.openbsd.org 2001/01/06 11:23:27
+ [ssh-rsa.c]
+ remove unused
+ - itojun@cvs.openbsd.org 2001/01/05 08:23:29
+ [ssh-keyscan.1]
+ missing .El
+ - markus@cvs.openbsd.org 2001/01/04 22:41:03
+ [session.c sshconnect.c]
+ consistent use of _PATH_BSHELL; from stevesk@pobox.com
+ - djm@cvs.openbsd.org 2001/01/04 22:35:32
+ [ssh.1 sshd.8]
+ Mention AES as available SSH2 Cipher; ok markus
+ - markus@cvs.openbsd.org 2001/01/04 22:25:58
+ [sshd.c]
+ sync usage()/man with defaults; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/04 22:21:26
+ [sshconnect2.c]
+ handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
+ that prints a banner (e.g. /etc/issue.net)
+
+20010105
+ - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
+ - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
+
+20010104
+ - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
+ work by Chris Vaughan <vaughan99@yahoo.com>
+
+20010103
+ - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
+ tree (mainly positioning)
+ - (bal) OpenSSH CVS Update
+ - markus@cvs.openbsd.org 2001/01/02 20:41:02
+ [packet.c]
+ log remote ip on disconnect; PR 1600 from jcs@rt.fm
+ - markus@cvs.openbsd.org 2001/01/02 20:50:56
+ [sshconnect.c]
+ strict_host_key_checking for host_status != HOST_CHANGED &&
+ ip_status == HOST_CHANGED
+ - (bal) authfile.c: Synced CVS ID tag
+ - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
+ - (bal) Disable sftp-server if no 64bit int support exists. Based on
+ patch by Tim Rice <tim@multitalents.net>
+ - (bal) Makefile.in changes to uninstall: target to remove sftp-server
+ and sftp-server.8 manpage.
+
+20010102
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2001/01/01 14:52:49
+ [scp.c]
+ use shared fatal(); from stevesk@pobox.com
+
+20001231
+ - (bal) Reverted out of MAXHOSTNAMELEN. This should be set per OS.
+ for multiple reasons.
+ - (bal) Reverted out of a partial NeXT patch.
+
+20001230
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2000/12/28 18:58:30
+ [ssh-keygen.c]
+ enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
+ - markus@cvs.openbsd.org 2000/12/29 22:19:13
+ [channels.c]
+ missing xfree; from vaughan99@yahoo.com
+ - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
+ - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination.
+ Suggested by Christian Kurz <shorty@debain.org>
+ - (bal) Add in '.c.o' section to Makefile.in to address make programs that
+ don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke
+ <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20001229
+ - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
+ Kurz <shorty@debain.org>
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2000/12/28 14:25:51
+ [auth.h auth2.c]
+ count authentication failures only
+ - markus@cvs.openbsd.org 2000/12/28 14:25:03
+ [sshconnect.c]
+ fingerprint for MITM attacks, too.
+ - markus@cvs.openbsd.org 2000/12/28 12:03:57
+ [sshd.8 sshd.c]
+ document -D
+ - markus@cvs.openbsd.org 2000/12/27 14:19:21
+ [serverloop.c]
+ less chatty
+ - markus@cvs.openbsd.org 2000/12/27 12:34
+ [auth1.c sshconnect2.c sshd.c]
+ typo
+ - markus@cvs.openbsd.org 2000/12/27 12:30:19
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ new option: HostKeyAlias: allow the user to record the host key
+ under a different name. This is useful for ssh tunneling over
+ forwarded connections or if you run multiple sshd's on different
+ ports on the same machine.
+ - markus@cvs.openbsd.org 2000/12/27 11:51:53
+ [ssh.1 ssh.c]
+ multiple -t force pty allocation, document ORIGINAL_COMMAND
+ - markus@cvs.openbsd.org 2000/12/27 11:41:31
+ [sshd.8]
+ update for ssh-2
+ - (stevesk) compress.[ch] sync with openbsd; missed in prototype
+ fix merge.
+
+20001228
+ - (bal) Patch to add libutil.h to loginrec.c only if the platform has
+ libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
+ - (djm) Update to new x11-askpass in RPM spec
+ - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
+ header. Patch by Tim Rice <tim@multitalents.net>
+ - Updated TODO w/ known HP/UX issue
+ - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
+ bad reference to 'NeXT including it else were' on the #ifdef version.
+
+20001227
+ - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
+ Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
+ Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
+ - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
+ 'RLIMIT_NOFILE'
+ - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
+ the info in COPYING.Ylonen has been moved to the start of each
+ SSH1-derived file and README.Ylonen is well out of date.
+
+20001223
+ - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
+ if a change to config.h has occurred. Suggested by Gert Doering
+ <gert@greenie.muc.de>
+ - (bal) OpenBSD CVS Update:
+ - markus@cvs.openbsd.org 2000/12/22 16:49:40
+ [ssh-keygen.c]
+ fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
+
+20001222
+ - Updated RCSID for pty.c
+ - (bal) OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/12/21 15:10:16
+ [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
+ print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
+ - markus@cvs.openbsd.org 2000/12/20 19:26:56
+ [authfile.c]
+ allow ssh -i userkey for root
+ - markus@cvs.openbsd.org 2000/12/20 19:37:21
+ [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
+ fix prototypes; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/20 19:32:08
+ [sshd.c]
+ init pointer to NULL; report from Jan.Ivan@cern.ch
+ - markus@cvs.openbsd.org 2000/12/19 23:17:54
+ [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
+ auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
+ bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
+ crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
+ key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
+ packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
+ serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
+ ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
+ uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
+ replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
+ unsigned' with u_char.
+
+20001221
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/19 15:43:45
+ [authfile.c channels.c sftp-server.c ssh-agent.c]
+ remove() -> unlink() for consistency
+ - markus@cvs.openbsd.org 2000/12/19 15:48:09
+ [ssh-keyscan.c]
+ replace <ssl/x.h> with <openssl/x.h>
+ - markus@cvs.openbsd.org 2000/12/17 02:33:40
+ [uidswap.c]
+ typo; from wsanchez@apple.com
+
+20001220
+ - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
+ and Linux-PAM. Based on report and fix from Andrew Morgan
+ <morgan@transmeta.com>
+
+20001218
+ - (stevesk) rsa.c: entropy.h not needed.
+ - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
+ Suggested by Wilfredo Sanchez <wsanchez@apple.com>
+
+20001216
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/16 02:53:57
+ [scp.c]
+ allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
+ - markus@cvs.openbsd.org 2000/12/16 02:39:57
+ [scp.c]
+ unused; from stevesk@pobox.com
+
+20001215
+ - (stevesk) Old OpenBSD patch wasn't completely applied:
+ - markus@cvs.openbsd.org 2000/01/24 22:11:20
+ [scp.c]
+ allow '.' in usernames; from jedgar@fxp.org
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/13 16:26:53
+ [ssh-keyscan.c]
+ fatal already adds \n; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/13 16:25:44
+ [ssh-agent.c]
+ remove redundant spaces; from stevesk@pobox.com
+ - ho@cvs.openbsd.org 2000/12/12 15:50:21
+ [pty.c]
+ When failing to set tty owner and mode on a read-only filesystem, don't
+ abort if the tty already has correct owner and reasonably sane modes.
+ Example; permit 'root' to login to a firewall with read-only root fs.
+ (markus@ ok)
+ - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+ [pty.c]
+ KNF
+ - markus@cvs.openbsd.org 2000/12/12 14:45:21
+ [sshd.c]
+ source port < 1024 is no longer required for rhosts-rsa since it
+ adds no additional security.
+ - markus@cvs.openbsd.org 2000/12/12 16:11:49
+ [ssh.1 ssh.c]
+ rhosts-rsa is no longer automagically disabled if ssh is not privileged.
+ UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
+ these changes should not change the visible default behaviour of the ssh client.
+ - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
+ [scp.c]
+ when copying 0-sized files, do not re-print ETA time at completion
+ - provos@cvs.openbsd.org 2000/12/15 10:30:15
+ [kex.c kex.h sshconnect2.c sshd.c]
+ compute diffie-hellman in parallel between server and client. okay markus@
+
+20001213
+ - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
+ from Andreas M. Kirchwitz <amk@krell.zikzak.de>
+ - (stevesk) OpenBSD CVS update:
+ - markus@cvs.openbsd.org 2000/12/12 15:30:02
+ [ssh-keyscan.c ssh.c sshd.c]
+ consistently use __progname; from stevesk@pobox.com
+
+20001211
+ - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
+ patch to install ssh-keyscan manpage. Patch by Pekka Savola
+ <pekka@netcore.fi>
+ - (bal) OpenbSD CVS update
+ - markus@cvs.openbsd.org 2000/12/10 17:01:53
+ [sshconnect1.c]
+ always request new challenge for skey/tis-auth, fixes interop with
+ other implementations; report from roth@feep.net
+
+20001210
+ - (bal) OpenBSD CVS updates
+ - markus@cvs.openbsd.org 2000/12/09 13:41:51
+ [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+ undo rijndael changes
+ - markus@cvs.openbsd.org 2000/12/09 13:48:31
+ [rijndael.c]
+ fix byte order bug w/o introducing new implementation
+ - markus@cvs.openbsd.org 2000/12/09 14:08:27
+ [sftp-server.c]
+ "" -> "." for realpath; from vinschen@redhat.com
+ - markus@cvs.openbsd.org 2000/12/09 14:06:54
+ [ssh-agent.c]
+ extern int optind; from stevesk@sweden.hp.com
+ - provos@cvs.openbsd.org 2000/12/09 23:51:11
+ [compat.c]
+ remove unnecessary '\n'
+
+20001209
+ - (bal) OpenBSD CVS updates:
+ - djm@cvs.openbsd.org 2000/12/07 4:24:59
+ [ssh.1]
+ Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
+
+20001207
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/06 22:58:14
+ [compat.c compat.h packet.c]
+ disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
+ - markus@cvs.openbsd.org 2000/12/06 23:10:39
+ [rijndael.c]
+ unexpand(1)
+ - markus@cvs.openbsd.org 2000/12/06 23:05:43
+ [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+ new rijndael implementation. fixes endian bugs
+
+20001206
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/05 20:34:09
+ [channels.c channels.h clientloop.c serverloop.c]
+ async connects for -R/-L; ok deraadt@
+ - todd@cvs.openssh.org 2000/12/05 16:47:28
+ [sshd.c]
+ tweak comment to reflect real location of pid file; ok provos@
+ - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
+ have it (used in ssh-keyscan).
+ - (stevesk) OpenBSD CVS update:
+ - markus@cvs.openbsd.org 2000/12/06 19:57:48
+ [ssh-keyscan.c]
+ err(3) -> internal error(), from stevesk@sweden.hp.com
+
20001205
- - (bal) OpenSSH CVS updates:
+ - (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/04 19:24:02
[ssh-keyscan.c ssh-keyscan.1]
David Maziere's ssh-keyscan, ok niels@
remove fallback to SSH_BUG_HMAC now that the drafts are updated
- markus@cvs.openbsd.org 2000/12/03 11:27:55
[compat.c]
- correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
+ correctly match "2.1.0.pl2 SSH" etc; from
+ pekkas@netcore.fi/bugzilla.redhat
- markus@cvs.openbsd.org 2000/12/03 11:15:03
[auth2.c compat.c compat.h sshconnect2.c]
support f-secure/ssh.com 2.0.12; ok niels@
20000620
- (djm) Replace use of '-o' and '-a' logical operators in configure tests
- with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx>
+ with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
- (djm) Typo in loginrec.c
- Clarified --with-default-path option.
- Added -blibpath handling for AIX to work around stupid runtime linking.
Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
- <jmknoble@pobox.com>
+ <jmknoble@jmknoble.cx>
- Checks for 64 bit int types. Problem report from Mats Fredholm
<matsf@init.se>
- OpenBSD CVS updates:
- NeXT keeps it lastlog in /usr/adm. Report from
mouring@newton.pconline.com
- Added note in UPGRADING re interop with commercial SSH using idea.
- Report from Jim Knoble <jmknoble@pobox.com>
+ Report from Jim Knoble <jmknoble@jmknoble.cx>
- Fix linking order for Kerberos/AFS. Fix from Holget Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
- <jmknoble@pobox.com>
+ <jmknoble@jmknoble.cx>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
- Jim Knoble <jmknoble@pobox.com>
+ Jim Knoble <jmknoble@jmknoble.cx>
- Updated RPM spec files to use DESTDIR
20000124
- Fill in ut_utaddr utmp field. Report from Benjamin Charron
<iretd@bigfoot.com>
- Really fix broken default path. Fix from Jim Knoble
- <jmknoble@pobox.com>
+ <jmknoble@jmknoble.cx>
- Remove test for quad_t. No longer needed.
- Released 1.2.1pre24
19991226
- Enabled utmpx support by default for Solaris
- Cleanup sshd.c PAM a little more
- - Revised RPM package to include Jim Knoble's <jmknoble@pobox.com>
+ - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
X11 ssh-askpass program.
- Disable logging of PAM success and failures, PAM is verbose enough.
Unfortunatly there is currently no way to disable auth failure
.Sh FILES, too
- Released 1.2.1pre21
- Fixed implicit '.' in default path, report from Jim Knoble
- <jmknoble@pobox.com>
- - Redhat RPM spec fixes from Jim Knoble <jmknoble@pobox.com>
+ <jmknoble@jmknoble.cx>
+ - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Compile fix from David Agraz <dagraz@jahoopa.com>
- Avoid compiler warning in bsd-snprintf.c
- Added pam_limits.so to default PAM config. Suggested by
- Jim Knoble <jmknoble@pobox.com>
+ Jim Knoble <jmknoble@jmknoble.cx>
19991209
- Import of patch from Ben Taylor <bent@clark.net>:
David Agraz <dagraz@jahoopa.com>
19991207
- - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
+ - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
fixes compatability with 4.x and 5.x
- Fixed default SSH_ASKPASS
- Fix PAM account and session being called multiple times. Problem
- Merged more Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
- Wrote autoconf tests for __progname symbol
- - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
+ - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
- Released 1.2pre12
- Another OpenBSD CVS update:
andersk / openssh.git / blobdiff