+20020205
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/01/24 21:09:25
+ [channels.c misc.c misc.h packet.c]
+ add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
+ no nagle changes just yet; ok djm@ markus@
+ - stevesk@cvs.openbsd.org 2002/01/24 21:13:23
+ [packet.c]
+ need misc.h for set_nodelay()
+ - markus@cvs.openbsd.org 2002/01/25 21:00:24
+ [sshconnect2.c]
+ unused include
+ - markus@cvs.openbsd.org 2002/01/25 21:42:11
+ [ssh-dss.c ssh-rsa.c]
+ use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
+ don't use evp_md->md_size, it's not public.
+ - markus@cvs.openbsd.org 2002/01/25 22:07:40
+ [kex.c kexdh.c kexgex.c key.c mac.c]
+ use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
+ - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
+ [includes.h session.c]
+ revert code to add x11 localhost display authorization entry for
+ hostname/unix:d and uts.nodename/unix:d if nodename was different than
+ hostname. just add entry for unix:d instead. ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
+ [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
+ add X11UseLocalhost; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
+ [ssh.c]
+ handle simple case to identify FamilyLocal display; ok markus@
+ - markus@cvs.openbsd.org 2002/01/29 14:27:57
+ [ssh-add.c]
+ exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
+ - markus@cvs.openbsd.org 2002/01/29 14:32:03
+ [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
+ [servconf.c servconf.h session.c sshd.8 sshd_config]
+ s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
+ ok stevesk@
+ - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
+ [session.c]
+ limit subsystem length in log; ok markus@
+ - markus@cvs.openbsd.org 2002/01/29 16:41:19
+ [ssh-add.1]
+ add DIAGNOSTICS; ok stevesk@
+
+20020130
+ - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
+ - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
+ [sshd_config] put back in line that tells what PATH was compiled into sshd.
+
+20020125
+ - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
+ and grabbing can cause deadlocks with kinput2.
+
+20020124
+ - (stevesk) Makefile.in: bug #61; delete commented line for now.
+
+20020123
+ - (djm) Fix non-standard shell syntax in autoconf. Patch from
+ Dave Dykstra <dwd@bell-labs.com>
+ - (stevesk) fix --with-zlib=
+ - (djm) Use case statements in autoconf to clean up some tests
+ - (bal) reverted out of 5/2001 change to atexit(). I assume I
+ did it to handle SonyOS. If that is the case than we will
+ do a special case for them.
+
+20020122
+ - (djm) autoconf hacking:
+ - We don't support --without-zlib currently, so don't allow it.
+ - Rework cryptographic random number support detection. We now detect
+ whether OpenSSL seeds itself. If it does, then we don't bother with
+ the ssh-rand-helper program. You can force the use of ssh-rand-helper
+ using the --with-rand-helper configure argument
+ - Simplify and clean up ssh-rand-helper configuration
+ - Add OpenSSL sanity check: verify that header version matches version
+ reported by library
+ - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2001/12/21 08:52:22
+ [ssh-keygen.1 ssh-keygen.c]
+ Remove default (rsa1) key type; ok markus@
+ - djm@cvs.openbsd.org 2001/12/21 08:53:45
+ [readpass.c]
+ Avoid interruptable passphrase read; ok markus@
+ - djm@cvs.openbsd.org 2001/12/21 10:06:43
+ [ssh-add.1 ssh-add.c]
+ Try all standard key files (id_rsa, id_dsa, identity) when invoked with
+ no arguments; ok markus@
+ - markus@cvs.openbsd.org 2001/12/21 12:17:33
+ [serverloop.c]
+ remove ifdef for USE_PIPES since fdin != fdout; ok djm@
+ - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
+ [ssh-add.c]
+ try all listed keys.. how did this get broken?
+ - markus@cvs.openbsd.org 2001/12/25 18:49:56
+ [key.c]
+ be more careful on allocation
+ - markus@cvs.openbsd.org 2001/12/25 18:53:00
+ [auth1.c]
+ be more carefull on allocation
+ - markus@cvs.openbsd.org 2001/12/27 18:10:29
+ [ssh-keygen.c]
+ -t is only needed for key generation (unbreaks -i, -e, etc).
+ - markus@cvs.openbsd.org 2001/12/27 18:22:16
+ [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
+ [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
+ call fatal() for openssl allocation failures
+ - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
+ [sshd.8]
+ clarify -p; ok markus@
+ - markus@cvs.openbsd.org 2001/12/27 18:26:13
+ [authfile.c]
+ missing include
+ - markus@cvs.openbsd.org 2001/12/27 19:37:23
+ [dh.c kexdh.c kexgex.c]
+ always use BN_clear_free instead of BN_free
+ - markus@cvs.openbsd.org 2001/12/27 19:54:53
+ [auth1.c auth.h auth-rh-rsa.c]
+ auth_rhosts_rsa now accept generic keys.
+ - markus@cvs.openbsd.org 2001/12/27 20:39:58
+ [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
+ [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
+ get rid of packet_integrity_check, use packet_done() instead.
+ - markus@cvs.openbsd.org 2001/12/28 12:14:27
+ [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
+ [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
+ [ssh.c sshconnect1.c sshconnect2.c sshd.c]
+ s/packet_done/packet_check_eom/ (end-of-message); ok djm@
+ - markus@cvs.openbsd.org 2001/12/28 13:57:33
+ [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
+ packet_get_bignum* no longer returns a size
+ - markus@cvs.openbsd.org 2001/12/28 14:13:13
+ [bufaux.c bufaux.h packet.c]
+ buffer_get_bignum: int -> void
+ - markus@cvs.openbsd.org 2001/12/28 14:50:54
+ [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
+ [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
+ [sshconnect2.c sshd.c]
+ packet_read* no longer return the packet length, since it's not used.
+ - markus@cvs.openbsd.org 2001/12/28 15:06:00
+ [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+ [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
+ remove plen from the dispatch fn. it's no longer used.
+ - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
+ [ssh.1 sshd.8]
+ document LogLevel DEBUG[123]; ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
+ [authfile.c channels.c compress.c packet.c sftp-server.c]
+ [ssh-agent.c ssh-keygen.c]
+ remove unneeded casts and some char->u_char cleanup; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
+ [ssh_config]
+ grammar in comment
+ - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
+ [readconf.c servconf.c]
+ remove #ifdef _PATH_XAUTH/#endif; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
+ [servconf.c sshd.8]
+ protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
+ /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
+ - markus@cvs.openbsd.org 2002/01/05 10:43:40
+ [channels.c]
+ fix hanging x11 channels for rejected cookies (e.g.
+ XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
+ djast@cs.toronto.edu
+ - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
+ [ssh.1 sshd.8]
+ some missing and misplaced periods
+ - markus@cvs.openbsd.org 2002/01/09 13:49:27
+ [ssh-keygen.c]
+ append \n only for public keys
+ - markus@cvs.openbsd.org 2002/01/09 17:16:00
+ [channels.c]
+ merge channel_pre_open_15/channel_pre_open_20; ok provos@
+ - markus@cvs.openbsd.org 2002/01/09 17:26:35
+ [channels.c nchan.c]
+ replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
+ ok provos@
+ - markus@cvs.openbsd.org 2002/01/10 11:13:29
+ [serverloop.c]
+ skip client_alive_check until there are channels; ok beck@
+ - markus@cvs.openbsd.org 2002/01/10 11:24:04
+ [clientloop.c]
+ handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
+ - markus@cvs.openbsd.org 2002/01/10 12:38:26
+ [nchan.c]
+ remove dead code (skip drain)
+ - markus@cvs.openbsd.org 2002/01/10 12:47:59
+ [nchan.c]
+ more unused code (with channels.c:1.156)
+ - markus@cvs.openbsd.org 2002/01/11 10:31:05
+ [packet.c]
+ handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
+ - markus@cvs.openbsd.org 2002/01/11 13:36:43
+ [ssh2.h]
+ add defines for msg type ranges
+ - markus@cvs.openbsd.org 2002/01/11 13:39:36
+ [auth2.c dispatch.c dispatch.h kex.c]
+ a single dispatch_protocol_error() that sends a message of
+ type 'UNIMPLEMENTED'
+ dispatch_range(): set handler for a ranges message types
+ use dispatch_protocol_ignore() for authentication requests after
+ successful authentication (the drafts requirement).
+ serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
+ of exiting.
+ - markus@cvs.openbsd.org 2002/01/11 20:14:11
+ [auth2-chall.c auth-skey.c]
+ use strlcpy not strlcat; mouring@
+ - markus@cvs.openbsd.org 2002/01/11 23:02:18
+ [readpass.c]
+ use _PATH_TTY
+ - markus@cvs.openbsd.org 2002/01/11 23:02:51
+ [auth2-chall.c]
+ use snprintf; mouring@
+ - markus@cvs.openbsd.org 2002/01/11 23:26:30
+ [auth-skey.c]
+ use snprintf; mouring@
+ - markus@cvs.openbsd.org 2002/01/12 13:10:29
+ [auth-skey.c]
+ undo local change
+ - provos@cvs.openbsd.org 2002/01/13 17:27:07
+ [ssh-agent.c]
+ change to use queue.h macros; okay markus@
+ - markus@cvs.openbsd.org 2002/01/13 17:57:37
+ [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
+ use buffer API and avoid static strings of fixed size;
+ ok provos@/mouring@
+ - markus@cvs.openbsd.org 2002/01/13 21:31:20
+ [channels.h nchan.c]
+ add chan_set_[io]state(), order states, state is now an u_int,
+ simplifies debugging messages; ok provos@
+ - markus@cvs.openbsd.org 2002/01/14 13:22:35
+ [nchan.c]
+ chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
+ - markus@cvs.openbsd.org 2002/01/14 13:34:07
+ [nchan.c]
+ merge chan_[io]buf_empty[12]; ok provos@
+ - markus@cvs.openbsd.org 2002/01/14 13:40:10
+ [nchan.c]
+ correct fn names for ssh2, do not switch from closed to closed;
+ ok provos@
+ - markus@cvs.openbsd.org 2002/01/14 13:41:13
+ [nchan.c]
+ remove duplicated code; ok provos@
+ - markus@cvs.openbsd.org 2002/01/14 13:55:55
+ [channels.c channels.h nchan.c]
+ remove function pointers for events, remove chan_init*; ok provos@
+ - markus@cvs.openbsd.org 2002/01/14 13:57:03
+ [channels.h nchan.c]
+ (c) 2002
+ - markus@cvs.openbsd.org 2002/01/16 13:17:51
+ [channels.c channels.h serverloop.c ssh.c]
+ wrapper for channel_setup_fwd_listener
+ - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
+ [sshd_config]
+ The stategy now used for options in the default sshd_config shipped
+ with OpenSSH is to specify options with their default value where
+ possible, but leave them commented. Uncommented options change a
+ default value. Subsystem is currently the only default option
+ changed. ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/16 17:42:33
+ [ssh.1]
+ correct defaults for -i/IdentityFile; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
+ [ssh_config]
+ correct some commented defaults. add Ciphers default. ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/17 04:27:37
+ [log.c]
+ casts to silence enum type warnings for bugzilla bug 37; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
+ [sshd.8]
+ correct Ciphers default; paola.mannaro@ubs.com
+ - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
+ [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
+ unneeded cast cleanup; ok markus@
+ - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
+ [sshd.8]
+ clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
+ allard@oceanpark.com; ok markus@
+ - markus@cvs.openbsd.org 2002/01/21 15:13:51
+ [sshconnect.c]
+ use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
+ for hostkey confirm.
+ - markus@cvs.openbsd.org 2002/01/21 22:30:12
+ [cipher.c compat.c myproposal.h]
+ remove "rijndael-*", just use "aes-" since this how rijndael is called
+ in the drafts; ok stevesk@
+ - markus@cvs.openbsd.org 2002/01/21 23:27:10
+ [channels.c nchan.c]
+ cleanup channels faster if the are empty and we are in drain-state;
+ ok deraadt@
+ - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
+ [servconf.c]
+ typo in error message; from djast@cs.toronto.edu
+ - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
+ changes
+ - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
+ bogus in configure
+ - (djm) Use local sys/queue.h if necessary in ssh-agent.c
+
+20020121
+ - (djm) Rework ssh-rand-helper:
+ - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
+ - Always seed from system calls, even when doing PRNGd seeding
+ - Tidy and comment #define knobs
+ - Remove unused facility for multiple runs through command list
+ - KNF, cleanup, update copyright
+
+20020114
+ - (djm) Bug #50 - make autoconf entropy path checks more robust
+
+20020108
+ - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
+ fixed env var size limit in the process. Report from Corinna Vinschen
+ <vinschen@redhat.com>
+ - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does
+ not depend on transition links. from Lutz Jaenicke.
+
+20020106
+ - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
+ for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
+
+20020105
+ - (bal) NCR requies use_pipes to operate correctly.
+ - (stevesk) fix spurious ; from NCR change.
+
+20020103
+ - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
+ Roger Cornelius <rac@tenzing.org>
+
+20011229
+ - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
+ <vinschen@redhat.com> Could be abused to guess valid usernames
+ - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen
+ <vinschen@redhat.com>
+
+20011228
+ - (djm) Remove recommendation to use GNU make, we should support most
+ make programs.
+
+20011225
+ - (stevesk) [Makefile.in ssh-rand-helper.c]
+ portable lib and __progname support for ssh-rand-helper; ok djm@
+
+20011223
+ - (bal) Removed contrib/chroot.diff and noted in contrib/README that it
+ was not being maintained.
+
+20011222
+ - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
+ solar@openwall.com
+ - (djm) Rework entropy code. If the OpenSSL PRNG is has not been
+ internally seeded, execute a subprogram "ssh-rand-helper" to obtain
+ some entropy for us. Rewrite the old in-process entropy collecter as
+ an example ssh-rand-helper.
+ - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
+ we don't end up using ssh_prng_cmds (so we always get a valid file)
+
+20011221
+ - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
+ server. I have found this necessary to avoid server hangs with X input
+ extensions (e.g. kinput2). Enable by setting the environment variable
+ "GNOME_SSH_ASKPASS_NOGRAB"
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/12/08 17:49:28
+ [channels.c pathnames.h]
+ use only one path to X11 UNIX domain socket vs. an array of paths
+ to try. report from djast@cs.toronto.edu. ok markus@
+ - markus@cvs.openbsd.org 2001/12/09 18:45:56
+ [auth2.c auth2-chall.c auth.h]
+ add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
+ fixes memleak.
+ - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
+ [sshd.c]
+ possible fd leak on error; ok markus@
+ - markus@cvs.openbsd.org 2001/12/10 20:34:31
+ [ssh-keyscan.c]
+ check that server supports v1 for -t rsa1, report from wirth@dfki.de
+ - jakob@cvs.openbsd.org 2001/12/18 10:04:21
+ [auth.h hostfile.c hostfile.h]
+ remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
+ - jakob@cvs.openbsd.org 2001/12/18 10:05:15
+ [auth2.c]
+ log fingerprint on successful public key authentication; ok markus@
+ - jakob@cvs.openbsd.org 2001/12/18 10:06:24
+ [auth-rsa.c]
+ log fingerprint on successful public key authentication, simplify
+ usage of key structs; ok markus@
+ - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
+ [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
+ [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
+ [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
+ [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
+ [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
+ [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
+ [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
+ [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
+ basic KNF done while i was looking for something else
+ - markus@cvs.openbsd.org 2001/12/19 16:09:39
+ [serverloop.c]
+ fix race between SIGCHLD and select with an additional pipe. writing
+ to the pipe on SIGCHLD wakes up select(). using pselect() is not
+ portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
+ initial idea by pmenage@ensim.com; ok deraadt@, djm@
+ - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
+ [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
+ change the buffer/packet interface to use void* vs. char*; ok markus@
+ - markus@cvs.openbsd.org 2001/12/20 16:37:29
+ [channels.c channels.h session.c]
+ setup x11 listen socket for just one connect if the client requests so.
+ (v2 only, but the openssh client does not support this feature).
+ - djm@cvs.openbsd.org 2001/12/20 22:50:24
+ [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+ [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
+ [sshconnect2.c]
+ Conformance fix: we should send failing packet sequence number when
+ responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
+ yakk@yakk.dot.net; ok markus@
+
+20011219
+ - (stevesk) OpenBSD CVS sync X11 localhost display
+ - stevesk@cvs.openbsd.org 2001/11/29 14:10:51
+ [channels.h channels.c session.c]
+ sshd X11 fake server will now listen on localhost by default:
+ $ echo $DISPLAY
+ localhost:12.0
+ $ netstat -an|grep 6012
+ tcp 0 0 127.0.0.1.6012 *.* LISTEN
+ tcp6 0 0 ::1.6012 *.* LISTEN
+ sshd_config gatewayports=yes can be used to revert back to the old
+ behavior. will control this with another option later. ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
+ [includes.h session.c]
+ handle utsname.nodename case for FamilyLocal X authorization; ok markus@
+
+20011207
+ - (bal) PCRE no longer required. Banished from the source along with
+ fake-regex.h
+ - (bal) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2001/12/06 18:02:32
+ [channels.c sshconnect.c]
+ shutdown(sock, SHUT_RDWR) not needed here; ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/06 18:09:23
+ [channels.c session.c]
+ strncpy->strlcpy. remaining strncpy's are necessary. ok markus@
+ - stevesk@cvs.openbsd.org 2001/12/06 18:20:32
+ [channels.c]
+ disable nagle for X11 fake server and client TCPs. from netbsd.
+ ok markus@
+
+20011206
+ - (bal) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
+ [sshd.c]
+ errno saving wrapping in a signal handler
+ - markus@cvs.openbsd.org 2001/11/16 12:46:13
+ [ssh-keyscan.c]
+ handle empty lines instead of dumping core; report from sha@sha-1.net
+ - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
+ [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
+ enum/int type cleanup where it made sense to do so; ok markus@
+ - markus@cvs.openbsd.org 2001/11/19 11:20:21
+ [sshd.c]
+ fd leak on HUP; ok stevesk@
+ - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
+ [ssh-agent.1]
+ clarify/state that private keys are not exposed to clients using the
+ agent; ok markus@
+ - mpech@cvs.openbsd.org 2001/11/19 19:02:16
+ [deattack.c radix.c]
+ kill more registers
+ millert@ ok
+ - markus@cvs.openbsd.org 2001/11/21 15:51:24
+ [key.c]
+ mem leak
+ - stevesk@cvs.openbsd.org 2001/11/21 18:49:14
+ [ssh-keygen.1]
+ more on passphrase construction; ok markus@
+ - stevesk@cvs.openbsd.org 2001/11/22 05:27:29
+ [ssh-keyscan.c]
+ don't use "\n" in fatal()
+ - markus@cvs.openbsd.org 2001/11/22 12:34:22
+ [clientloop.c serverloop.c sshd.c]
+ volatile sig_atomic_t
+ - stevesk@cvs.openbsd.org 2001/11/29 19:06:39
+ [channels.h]
+ remove dead function prototype; ok markus@
+ - markus@cvs.openbsd.org 2001/11/29 22:08:48
+ [auth-rsa.c]
+ fix protocol error: send 'failed' message instead of a 2nd challenge
+ (happens if the same key is in authorized_keys twice).
+ reported Ralf_Meister@genua.de; ok djm@
+ - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
+ [ssh.c]
+ sscanf() length dependencies are clearer now; can also shrink proto
+ and data if desired, but i have not done that. ok markus@
+ - markus@cvs.openbsd.org 2001/12/01 21:41:48
+ [session.c sshd.8]
+ don't pass user defined variables to /usr/bin/login
+ - deraadt@cvs.openbsd.org 2001/12/02 02:08:32
+ [sftp-common.c]
+ zap };
+ - itojun@cvs.openbsd.org 2001/12/05 03:50:01
+ [clientloop.c serverloop.c sshd.c]
+ deal with LP64 printf issue with sig_atomic_t. from thorpej
+ - itojun@cvs.openbsd.org 2001/12/05 03:56:39
+ [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
+ sshconnect2.c]
+ make it compile with more strict prototype checking
+ - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
+ [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
+ key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
+ sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
+ minor KNF
+ - markus@cvs.openbsd.org 2001/12/05 15:04:48
+ [version.h]
+ post 3.0.2
+ - markus@cvs.openbsd.org 2001/12/05 16:54:51
+ [compat.c match.c match.h]
+ make theo and djm happy: bye bye regexp
+ - markus@cvs.openbsd.org 2001/12/06 13:30:06
+ [servconf.c servconf.h sshd.8 sshd.c]
+ add -o to sshd, too. ok deraadt@
+ - (bal) Minor white space fix up in servconf.c
+
+20011126
+ - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
+ openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
+ Allow SSHD to install as service under WIndows 9x/Me
+ [configure.ac] Fix to allow linking against PCRE on Cygwin
+ Patches by Corinna Vinschen <vinschen@redhat.com>
+
+20011115
+ - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
+ <djast@cs.toronto.edu> Fix from markus@
+ - (djm) Release 3.0.1p1
+
+20011113
+ - (djm) Fix early (and double) free of remote user when using Kerberos.
+ Patch from Simon Wilkinson <simon@sxw.org.uk>
+ - (djm) AIX login{success,failed} changes. Move loginsuccess call to
+ do_authenticated. Call loginfailed for protocol 2 failures > MAX like
+ we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
+ K.Wolkersdorfer@fz-juelich.de and others
+ - (djm) OpenBSD CVS Sync
+ - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
+ [auth-krb5.c]
+ fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
+ art@, deraadt@ ok
+ - markus@cvs.openbsd.org 2001/11/12 11:17:07
+ [servconf.c]
+ enable authorized_keys2 again. tested by fries@
+ - markus@cvs.openbsd.org 2001/11/13 02:03:57
+ [version.h]
+ enter 3.0.1
+ - (djm) Bump RPM package versions
+
+20011112
+ - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
+ - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/10/24 08:41:41
+ [sshd.c]
+ mention remote port in debug message
+ - markus@cvs.openbsd.org 2001/10/24 08:41:20
+ [ssh.c]
+ remove unused
+ - markus@cvs.openbsd.org 2001/10/24 08:51:35
+ [clientloop.c ssh.c]
+ ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
+ - markus@cvs.openbsd.org 2001/10/24 19:57:40
+ [clientloop.c]
+ make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
+ - markus@cvs.openbsd.org 2001/10/25 21:14:32
+ [ssh-keygen.1 ssh-keygen.c]
+ better docu for fingerprinting, ok deraadt@
+ - markus@cvs.openbsd.org 2001/10/29 19:27:15
+ [sshconnect2.c]
+ hostbased: check for client hostkey before building chost
+ - markus@cvs.openbsd.org 2001/10/30 20:29:09
+ [ssh.1]
+ ssh.1
+ - markus@cvs.openbsd.org 2001/11/07 16:03:17
+ [packet.c packet.h sshconnect2.c]
+ pad using the padding field from the ssh2 packet instead of sending
+ extra ignore messages. tested against several other ssh servers.
+ - markus@cvs.openbsd.org 2001/11/07 21:40:21
+ [ssh-rsa.c]
+ ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
+ - markus@cvs.openbsd.org 2001/11/07 22:10:28
+ [ssh-dss.c ssh-rsa.c]
+ missing free and sync dss/rsa code.
+ - markus@cvs.openbsd.org 2001/11/07 22:12:01
+ [sshd.8]
+ s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
+ - markus@cvs.openbsd.org 2001/11/07 22:41:51
+ [auth2.c auth-rh-rsa.c]
+ unused includes
+ - markus@cvs.openbsd.org 2001/11/07 22:53:21
+ [channels.h]
+ crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+ - markus@cvs.openbsd.org 2001/11/08 10:51:08
+ [readpass.c]
+ don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
+ - markus@cvs.openbsd.org 2001/11/08 17:49:53
+ [ssh.1]
+ mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@
+ - markus@cvs.openbsd.org 2001/11/08 20:02:24
+ [auth.c]
+ don't print ROOT in CAPS for the authentication messages, i.e.
+ Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
+ becomes
+ Accepted publickey for root from 127.0.0.1 port 42734 ssh2
+ - markus@cvs.openbsd.org 2001/11/09 18:59:23
+ [clientloop.c serverloop.c]
+ don't memset too much memory, ok millert@
+ original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
+ - markus@cvs.openbsd.org 2001/11/10 13:19:45
+ [sshd.c]
+ cleanup libwrap support (remove bogus comment, bogus close(), add
+ debug, etc).
+ - markus@cvs.openbsd.org 2001/11/10 13:22:42
+ [ssh-rsa.c]
+ KNF (unexpand)
+ - markus@cvs.openbsd.org 2001/11/10 13:37:20
+ [packet.c]
+ remove extra debug()
+ - markus@cvs.openbsd.org 2001/11/11 13:02:31
+ [servconf.c]
+ make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
+ AuthorizedKeysFile is specified.
+ - (djm) Reorder portable-specific server options so that they come first.
+ This should help reduce diff collisions for new server options (as they
+ will appear at the end)
+
+20011109
+ - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
+ if permit_empty_passwd == 0 so null password check cannot be bypassed.
+ jayaraj@amritapuri.com OpenBSD bug 2168
+ - markus@cvs.openbsd.org 2001/11/09 19:08:35
+ [sshd.c]
+ remove extra trailing dot from log message; pilot@naughty.monkey.org
+
+20011103
+ - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates
+ from Raymund Will <ray@caldera.de>
+ [acconfig.h configure.in] Clean up login checks.
+ Problem reported by Jim Knoble <jmknoble@pobox.com>
+
+20011101
+ - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
+
+20011031
+ - (djm) Unsmoke drugs: config files should be noreplace.
+
+20011030
+ - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6
+ by default (can force IPv4 using --define "noipv6 1")
+
+20011029
+ - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
+ to configure.ac
+
20011028
- (djm) Avoid bug in Solaris PAM libs
- (djm) Disconnect if no tty and PAM reports password expired
- (djm) Fix for PAM password changes being echoed (from stevesk)
+ - (stevesk) Fix compile problem with PAM password change fix
+ - (stevesk) README: zlib location is http://www.gzip.org/zlib/
20011027
- (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)