+20000202
+ - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
+ <jmd@aoe.vt.edu>
+ - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Added URLs to Japanese translations of documents by HARUYAMA Seigo
+ <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
+20000201
+ - Use socket pairs by default (instead of pipes). Prevents race condition
+ on several (buggy) OSs. Report and fix from tridge@linuxcare.com
+
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
+ - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000126
+ - Released 1.2.2 stable
+
+ - NeXT keeps it lastlog in /usr/adm. Report from
+ mouring@newton.pconline.com
+ - Added note in UPGRADING re interop with commercial SSH using idea.
+ Report from Jim Knoble <jmknoble@pobox.com>
+ - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
+ <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000125
+ - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+ by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Use preformatted manpages on SCO, report from Gary E. Miller
+ <gem@rellim.com>
+ - New URL for x11-ssh-askpass.
+ - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
+ <jmknoble@pobox.com>
+ - Added 'DESTDIR' option to Makefile to ease package building. Patch from
+ Jim Knoble <jmknoble@pobox.com>
+ - Updated RPM spec files to use DESTDIR
+
+20000124
+ - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
+ increment)
+
+20000123
+ - OpenBSD CVS:
+ - [packet.c]
+ getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000122
+ - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
+ <bent@clark.net>
+ - Merge preformatted manpage patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Make IPv4 use the default in RPM packages
+ - Irix uses preformatted manpages
+ - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
+ <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+ - [packet.c]
+ use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+ from Holger.Trapp@Informatik.TU-Chemnitz.DE
+ - [sshd.c]
+ log with level log() not fatal() if peer behaves badly.
+ - [readpass.c]
+ instead of blocking SIGINT, catch it ourselves, so that we can clean
+ the tty modes up and kill ourselves -- instead of our process group
+ leader (scp, cvs, ...) going away and leaving us in noecho mode.
+ people with cbreak shells never even noticed..
+ - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ ie. -> i.e.,
+
+20000120
+ - Don't use getaddrinfo on AIX
+ - Update to latest OpenBSD CVS:
+ - [auth-rsa.c]
+ - fix user/1056, sshd keeps restrictions; dbt@meat.net
+ - [sshconnect.c]
+ - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+ - destroy keys earlier
+ - split key exchange (kex) and user authentication (user-auth),
+ ok: provos@
+ - [sshd.c]
+ - no need for poll.h; from bright@wintelcom.net
+ - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+ - split key exchange (kex) and user authentication (user-auth),
+ ok: provos@
+ - Big manpage and config file cleanup from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Re-added latest (unmodified) OpenBSD manpages
+ - Doc updates
+ - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
+ Christos Zoulas <christos@netbsd.org>
+
+20000119
+ - SCO compile fixes from Gary E. Miller <gem@rellim.com>
+ - Compile fix from Darren_Hall@progressive.com
+ - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
+ addresses using getaddrinfo(). Added a configure switch to make the
+ default lookup mode AF_INET
+
+20000118
+ - Fixed --with-pid-dir option
+ - Makefile fix from Gary E. Miller <gem@rellim.com>
+ - Compile fix for HPUX and Solaris from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+
+20000117
+ - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
+ port, ignore EINVAL errors (Linux) when searching for free port.
+ - Revert __snprintf -> snprintf aliasing. Apparently Solaris
+ __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
+ - Document location of Redhat PAM file in INSTALL.
+ - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
+ INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
+ deliver (no IPv6 kernel support)
+ - Released 1.2.1pre27
+
+ - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
+ - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
+ <jhuuskon@hytti.uku.fi>
+ - Fix hang on logout if processes are still using the pty. Needs
+ further testing.
+ - Patch from Christos Zoulas <christos@zoulas.com>
+ - Try $prefix first when looking for OpenSSL.
+ - Include sys/types.h when including sys/socket.h in test programs
+ - Substitute PID directory in sshd.8. Suggestion from Andrew
+ Stribblehill <a.d.stribblehill@durham.ac.uk>
+
+20000116
+ - Renamed --with-xauth-path to --with-xauth
+ - Added --with-pid-dir option
+ - Released 1.2.1pre26
+
+ - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+ - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
+ openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+
+20000115
+ - Add --with-xauth-path configure directive and explicit test for
+ /usr/openwin/bin/xauth for Solaris systems. Report from Anders
+ Nordby <anders@fix.no>
+ - Fix incorrect detection of /dev/ptmx on Linux systems that lack
+ openpty. Report from John Seifarth <john@waw.be>
+ - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
+ sys/types.h. Fixes problems on SCO, report from Gary E. Miller
+ <gem@rellim.com>
+ - Use __snprintf and __vnsprintf if they are found where snprintf and
+ vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
+ and others.
+
+20000114
+ - Merged OpenBSD IPv6 patch:
+ - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
+ [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
+ [hostfile.c sshd_config]
+ ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
+ features: sshd allows multiple ListenAddress and Port options. note
+ that libwrap is not IPv6-ready. (based on patches from
+ fujiwara@rcac.tdi.co.jp)
+ - [ssh.c canohost.c]
+ more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
+ from itojun@
+ - [channels.c]
+ listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
+ - [packet.h]
+ allow auth-kerberos for IPv4 only
+ - [scp.1 sshd.8 servconf.h scp.c]
+ document -4, -6, and 'ssh -L 2022/::1/22'
+ - [ssh.c]
+ 'ssh @host' is illegal (null user name), from
+ karsten@gedankenpolizei.de
+ - [sshconnect.c]
+ better error message
+ - [sshd.c]
+ allow auth-kerberos for IPv4 only
+ - Big IPv6 merge:
+ - Cleanup overrun in sockaddr copying on RHL 6.1
+ - Replacements for getaddrinfo, getnameinfo, etc based on versions
+ from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
+ - Replacement for missing structures on systems that lack IPv6
+ - record_login needed to know about AF_INET6 addresses
+ - Borrowed more code from OpenBSD: rresvport_af and requisites
+
+20000110
+ - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
+
+20000107
+ - New config.sub and config.guess to fix problems on SCO. Supplied
+ by Gary E. Miller <gem@rellim.com>
+ - SCO build fix from Gary E. Miller <gem@rellim.com>
+ - Released 1.2.1pre25
+
+20000106
+ - Documentation update & cleanup
+ - Better KrbIV / AFS detection, based on patch from:
+ Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000105
+ - Fixed annoying DES corruption problem. libcrypt has been
+ overriding symbols in libcrypto. Removed libcrypt and crypt.h
+ altogether (libcrypto includes its own crypt(1) replacement)
+ - Added platform-specific rules for Irix 6.x. Included warning that
+ they are untested.
+
+20000103
+ - Add explicit make rules for files proccessed by fixpaths.
+ - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
+ <tnh@kondara.org>
+ - Removed "nullok" directive from default PAM configuration files.
+ Added information on enabling EmptyPasswords on openssh+PAM in
+ UPGRADING file.
+ - OpenBSD CVS updates
+ - [ssh-agent.c]
+ cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
+ dgaudet@arctic.org
+ - [sshconnect.c]
+ compare correct version for 1.3 compat mode
+
+20000102
+ - Prevent multiple inclusion of config.h and defines.h. Suggested
+ by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
+ <dgaudet@arctic.org>
+
+19991231
+ - Fix password support on systems with a mixture of shadowed and
+ non-shadowed passwords (e.g. NIS). Report and fix from
+ HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Fix broken autoconf typedef detection. Report from Marc G.
+ Fournier <marc.fournier@acadiau.ca>
+ - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
+ <Franz.Sirl-kernel@lauterbach.com>
+ - Prevent typedefs from being compiled more than once. Report from
+ Marc G. Fournier <marc.fournier@acadiau.ca>
+ - Fill in ut_utaddr utmp field. Report from Benjamin Charron
+ <iretd@bigfoot.com>
+ - Really fix broken default path. Fix from Jim Knoble
+ <jmknoble@pobox.com>
+ - Remove test for quad_t. No longer needed.
+ - Released 1.2.1pre24
+
+ - Added support for directory-based lastlogs
+ - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
+
+19991230
+ - OpenBSD CVS updates:
+ - [auth-passwd.c]
+ check for NULL 1st
+ - Removed most of the pam code into its own file auth-pam.[ch]. This
+ cleaned up sshd.c up significantly.
+ - PAM authentication was incorrectly interpreting
+ "PermitRootLogin without-password". Report from Matthias Andree
+ <ma@dt.e-technik.uni-dortmund.de
+ - Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
+ - Released 1.2.1pre23
+
+19991229
+ - Applied another NetBSD portability patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fix --with-default-path option.
+ - Autodetect perl, patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Print whether OpenSSH was compiled with RSARef, patch from
+ Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
+ - Calls to pam_setcred, patch from Nalin Dahyabhai
+ <nalin@thermo.stat.ncsu.edu>
+ - Detect missing size_t and typedef it.
+ - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
+ - Minor Makefile cleaning
+
+19991228
+ - Replacement for getpagesize() for systems which lack it
+ - NetBSD login.c compile fix from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
+ - Merged AIX patch from Darren Hall <dhall@virage.org>
+ - Cleaned up defines.h
+ - Released 1.2.1pre22
+
+19991227
+ - Automatically correct paths in manpages and configuration files. Patch
+ and script from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Removed credits from README to CREDITS file, updated.
+ - Added --with-default-path to specify custom path for server
+ - Removed #ifdef trickery from acconfig.h into defines.h
+ - PAM bugfix. PermitEmptyPassword was being ignored.
+ - Fixed PAM config files to allow empty passwords if server does.
+ - Explained spurious PAM auth warning workaround in UPGRADING
+ - Use last few chars of tty line as ut_id
+ - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
+ - OpenBSD CVS updates:
+ - [packet.h auth-rhosts.c]
+ check format string for packet_disconnect and packet_send_debug, too
+ - [channels.c]
+ use packet_get_maxsize for channels. consistence.
+
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+ - Revised RPM package to include Jim Knoble's <jmknoble@pobox.com>
+ X11 ssh-askpass program.
+ - Disable logging of PAM success and failures, PAM is verbose enough.
+ Unfortunatly there is currently no way to disable auth failure
+ messages. Mention this in UPGRADING file and sent message to PAM
+ developers
+ - OpenBSD CVS update:
+ - [ssh-keygen.1 ssh.1]
+ remove ref to .ssh/random_seed, mention .ssh/environment in
+ .Sh FILES, too
+ - Released 1.2.1pre21
+ - Fixed implicit '.' in default path, report from Jim Knoble
+ <jmknoble@pobox.com>
+ - Redhat RPM spec fixes from Jim Knoble <jmknoble@pobox.com>
+
+19991225
+ - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Cleanup of auth-passwd.c for shadow and MD5 passwords
+ - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+ is empty. (e.g start of authentication loop). Reported by Naz
+ <96na@eng.cam.ac.uk>)
+
+19991223
+ - Merged later HPUX patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Above patch included better utmpx support from Ben Taylor
+ <bent@clark.net>
+
+19991222
+ - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
+ <pope@netguide.dk>
+ - Fix login.c breakage on systems which lack ut_host in struct
+ utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
+
+19991221
+ - Integration of large HPUX patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>. Integrating it had a few other
+ benefits:
+ - Ability to disable shadow passwords at configure time
+ - Ability to disable lastlog support at configure time
+ - Support for IP address in $DISPLAY
+ - OpenBSD CVS update:
+ - [sshconnect.c]
+ say "REMOTE HOST IDENTIFICATION HAS CHANGED"
+ - Fix DISABLE_SHADOW support
+ - Allow MD5 passwords even if shadow passwords are disabled
+ - Release 1.2.1pre19
+
+19991218
+ - Redhat init script patch from Chun-Chung Chen
+ <cjj@u.washington.edu>
+ - Avoid breakage on systems without IPv6 headers
+
+19991216
+ - Makefile changes for Solaris from Peter Kocks
+ <peter.kocks@baygate.com>
+ - Minor updates to docs
+ - Merged OpenBSD CVS changes:
+ - [authfd.c ssh-agent.c]
+ keysize warnings talk about identity files
+ - [packet.c]
+ "Connection closed by x.x.x.x": fatal() -> log()
+ - Correctly handle empty passwords in shadow file. Patch from:
+ "Chris, the Young One" <cky@pobox.com>
+ - Released 1.2.1pre18
+
+19991215
+ - Integrated patchs from Juergen Keil <jk@tools.de>
+ - Avoid void* pointer arithmatic
+ - Use LDFLAGS correctly
+ - Fix SIGIO error in scp
+ - Simplify status line printing in scp
+ - Added better test for inline functions compiler support from
+ Darren_Hall@progressive.com
+
+19991214
+ - OpenBSD CVS Changes
+ - [canohost.c]
+ fix get_remote_port() and friends for sshd -i;
+ Holger.Trapp@Informatik.TU-Chemnitz.DE
+ - [mpaux.c]
+ make code simpler. no need for memcpy. niels@ ok
+ - [pty.c]
+ namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
+ fix proto; markus
+ - [ssh.1]
+ typo; mark.baushke@solipsa.com
+ - [channels.c ssh.c ssh.h sshd.c]
+ type conflict for 'extern Type *options' in channels.c; dot@dotat.at
+ - [sshconnect.c]
+ move checking of hostkey into own function.
+ - [version.h]
+ OpenSSH-1.2.1
+ - Clean up broken includes in pty.c
+ - Some older systems don't have poll.h, they use sys/poll.h instead
+ - Doc updates
+
19991211
- Fix compilation on systems with AFS. Reported by
aloomis@glue.umd.edu
- [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
- Fix integer overflow which was messing up scp's progress bar for large
- file transfers. Fix submitted to OpenBSD developers.
+ file transfers. Fix submitted to OpenBSD developers. Report and fix
+ from Kees Cook <cook@cpoint.net>
- Merged more OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+ krb-cleanup cleanup