+20060315
+ - (djm) OpenBSD CVS Sync:
+ - msf@cvs.openbsd.org 2006/02/06 15:54:07
+ [ssh.1]
+ - typo fix
+ ok jmc@
+ - jmc@cvs.openbsd.org 2006/02/06 21:44:47
+ [ssh.1]
+ make this a little less ambiguous...
+ - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
+ [auth-rhosts.c includes.h]
+ move #include <netgroup.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
+ [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
+ move #include <sys/queue.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
+ [channels.c clientloop.c clientloop.h includes.h packet.h]
+ [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
+ move #include <termios.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
+ [sshtty.c]
+ "log.h" not needed
+ - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
+ [hostfile.c]
+ "packet.h" not needed
+ - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
+ [deattack.c]
+ duplicate #include
+ - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
+ [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
+ [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
+ [sshd.c sshpty.c]
+ move #include <paths.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 12:32:49
+ [includes.h misc.c]
+ move #include <netinet/tcp.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 13:15:44
+ [gss-serv.c monitor.c]
+ small KNF
+ - stevesk@cvs.openbsd.org 2006/02/08 14:16:59
+ [sshconnect.c]
+ <openssl/bn.h> not needed
+ - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
+ [includes.h ssh-agent.c ssh-keyscan.c ssh.c]
+ move #include <sys/resource.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 14:38:18
+ [includes.h packet.c]
+ move #include <netinet/in_systm.h> and <netinet/ip.h> out of
+ includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/08 23:51:24
+ [includes.h scp.c sftp-glob.c sftp-server.c]
+ move #include <dirent.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/09 00:32:07
+ [includes.h]
+ #include <sys/endian.h> not needed; ok djm@
+ NB. ID Sync only - we still need this (but it may move later)
+ - jmc@cvs.openbsd.org 2006/02/09 10:10:47
+ [sshd.8]
+ - move some text into a CAVEATS section
+ - merge the COMMAND EXECUTION... section into AUTHENTICATION
+ - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
+ [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
+ [ssh.c sshd.c sshpty.c]
+ move #include <sys/ioctl.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
+ [includes.h monitor.c readpass.c scp.c serverloop.c session.c\7f]
+ [sftp.c sshconnect.c sshconnect2.c sshd.c]
+ move #include <sys/wait.h> out of includes.h; ok markus@
+ - otto@cvs.openbsd.org 2006/02/11 19:31:18
+ [atomicio.c]
+ type correctness; from Ray Lai in PR 5011; ok millert@
+ - djm@cvs.openbsd.org 2006/02/12 06:45:34
+ [ssh.c ssh_config.5]
+ add a %l expansion code to the ControlPath, which is filled in with the
+ local hostname at runtime. Requested by henning@ to avoid some problems
+ with /home on NFS; ok dtucker@
+ - djm@cvs.openbsd.org 2006/02/12 10:44:18
+ [readconf.c]
+ raise error when the user specifies a RekeyLimit that is smaller than 16
+ (the smallest of our cipher's blocksize) or big enough to cause integer
+ wraparound; ok & feedback dtucker@
+ - jmc@cvs.openbsd.org 2006/02/12 10:49:44
+ [ssh_config.5]
+ slight rewording; ok djm
+ - jmc@cvs.openbsd.org 2006/02/12 10:52:41
+ [sshd.8]
+ rework the description of authorized_keys a little;
+ - jmc@cvs.openbsd.org 2006/02/12 17:57:19
+ [sshd.8]
+ sort the list of options permissable w/ authorized_keys;
+ ok djm dtucker
+ - jmc@cvs.openbsd.org 2006/02/13 10:16:39
+ [sshd.8]
+ no need to subsection the authorized_keys examples - instead, convert
+ this to look like an actual file. also use proto 2 keys, and use IETF
+ example addresses;
+ - jmc@cvs.openbsd.org 2006/02/13 10:21:25
+ [sshd.8]
+ small tweaks for the ssh_known_hosts section;
+ - jmc@cvs.openbsd.org 2006/02/13 11:02:26
+ [sshd.8]
+ turn this into an example ssh_known_hosts file; ok djm
+ - jmc@cvs.openbsd.org 2006/02/13 11:08:43
+ [sshd.8]
+ - avoid nasty line split
+ - `*' does not need to be escaped
+ - jmc@cvs.openbsd.org 2006/02/13 11:27:25
+ [sshd.8]
+ sort FILES and use a -compact list;
+ - david@cvs.openbsd.org 2006/02/15 05:08:24
+ [sftp-client.c]
+ typo in comment; ok djm@
+ - jmc@cvs.openbsd.org 2006/02/15 16:53:20
+ [ssh.1]
+ remove the IETF draft references and replace them with some updated RFCs;
+ - jmc@cvs.openbsd.org 2006/02/15 16:55:33
+ [sshd.8]
+ remove ietf draft references; RFC list now maintained in ssh.1;
+ - jmc@cvs.openbsd.org 2006/02/16 09:05:34
+ [sshd.8]
+ sync some of the FILES entries w/ ssh.1;
+ - jmc@cvs.openbsd.org 2006/02/19 19:52:10
+ [sshd.8]
+ move the sshrc stuff out of FILES, and into its own section:
+ FILES is not a good place to document how stuff works;
+ - jmc@cvs.openbsd.org 2006/02/19 20:02:17
+ [sshd.8]
+ sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
+ - jmc@cvs.openbsd.org 2006/02/19 20:05:00
+ [sshd.8]
+ grammar;
+ - jmc@cvs.openbsd.org 2006/02/19 20:12:25
+ [ssh_config.5]
+ add some vertical space;
+ - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
+ [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
+ move #include <sys/un.h> out of includes.h; ok djm@
+ - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
+ [clientloop.c includes.h monitor.c progressmeter.c scp.c]
+ [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
+ move #include <signal.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
+ [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
+ [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
+ [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
+ [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
+ [sshconnect2.c sshd.c sshpty.c]
+ move #include <sys/stat.h> out of includes.h; ok markus@
+ - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
+ [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
+ [sshconnect.c]
+ move #include <ctype.h> out of includes.h; ok djm@
+ - jmc@cvs.openbsd.org 2006/02/24 10:25:14
+ [ssh_config.5]
+ add section on patterns;
+ from dtucker + myself
+ - jmc@cvs.openbsd.org 2006/02/24 10:33:54
+ [sshd_config.5]
+ signpost to PATTERNS;
+ - jmc@cvs.openbsd.org 2006/02/24 10:37:07
+ [ssh_config.5]
+ tidy up the refs to PATTERNS;
+ - jmc@cvs.openbsd.org 2006/02/24 10:39:52
+ [sshd.8]
+ signpost to PATTERNS section;
+ - jmc@cvs.openbsd.org 2006/02/24 20:22:16
+ [ssh-keysign.8 ssh_config.5 sshd_config.5]
+ some consistency fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 20:31:31
+ [ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ more consistency fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 23:20:07
+ [ssh_config.5]
+ some grammar/wording fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 23:43:57
+ [sshd_config.5]
+ some grammar/wording fixes;
+ - jmc@cvs.openbsd.org 2006/02/24 23:51:17
+ [sshd_config.5]
+ oops - bits i missed;
+ - jmc@cvs.openbsd.org 2006/02/25 12:26:17
+ [ssh_config.5]
+ document the possible values for KbdInteractiveDevices;
+ help/ok dtucker
+ - jmc@cvs.openbsd.org 2006/02/25 12:28:34
+ [sshd_config.5]
+ document the order in which allow/deny directives are processed;
+ help/ok dtucker
+ - jmc@cvs.openbsd.org 2006/02/26 17:17:18
+ [ssh_config.5]
+ move PATTERNS to the end of the main body; requested by dtucker
+ - jmc@cvs.openbsd.org 2006/02/26 18:01:13
+ [sshd_config.5]
+ subsection is pointless here;
+ - jmc@cvs.openbsd.org 2006/02/26 18:03:10
+ [ssh_config.5]
+ comma;
+ - djm@cvs.openbsd.org 2006/02/28 01:10:21
+ [session.c]
+ fix logout recording when privilege separation is disabled, analysis and
+ patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
+ NB. ID sync only - patch already in portable
+ - djm@cvs.openbsd.org 2006/03/04 04:12:58
+ [serverloop.c]
+ move a debug() outside of a signal handler; ok markus@ a little while back
+ - djm@cvs.openbsd.org 2006/03/12 04:23:07
+ [ssh.c]
+ knf nit
+ - djm@cvs.openbsd.org 2006/03/13 08:16:00
+ [sshd.c]
+ don't log that we are listening on a socket before the listen() call
+ actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
+ - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
+ [packet.c]
+ Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
+ poor performance and protocol stalls under some network conditions (mindrot
+ bugs #556 and #981). Patch originally from markus@, ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
+ [ssh-keygen.c]
+ Make ssh-keygen handle CR and CRLF line termination when converting IETF
+ format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
+ Pepper, ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
+ [misc.c ssh_config.5 sshd_config.5]
+ Allow config directives to contain whitespace by surrounding them by double
+ quotes. mindrot #482, man page help from jmc@, ok djm@
+ - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
+ [authfile.c authfile.h ssh-add.c]
+ Make ssh-add check file permissions before attempting to load private
+ key files multiple times; it will fail anyway and this prevents confusing
+ multiple prompts and warnings. mindrot #1138, ok djm@
+ - djm@cvs.openbsd.org 2006/03/14 00:15:39
+ [canohost.c]
+ log the originating address and not just the name when a reverse
+ mapping check fails, requested by linux AT linuon.com
+ - markus@cvs.openbsd.org 2006/03/14 16:32:48
+ [ssh_config.5 sshd_config.5]
+ *AliveCountMax applies to protcol v2 only; ok dtucker, djm
+ - djm@cvs.openbsd.org 2006/03/07 09:07:40
+ [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+ Implement the diffie-hellman-group-exchange-sha256 key exchange method
+ using the SHA256 code in libc (and wrapper to make it into an OpenSSL
+ EVP), interop tested against CVS PuTTY
+ NB. no portability bits committed yet
+ - (djm) [configure.ac defines.h kex.c md-sha256.c]
+ [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
+ [openbsd-compat/sha2.c] First stab at portability glue for SHA256
+ KEX support, should work with libc SHA256 support or OpenSSL
+ EVP_sha256 if present
+
+20060313
+ - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
+ since not all platforms support it. Instead, use internal equivalent while
+ computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
+ as it's no longer required. Tested by Bernhard Simon, ok djm@
+
20060304
- (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
file rather than directory, required as Cygwin will be importing lastlog(1).