+20070306
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2007/03/01 16:19:33
+ [sshd_config.5]
+ sort the `match' keywords;
+ - djm@cvs.openbsd.org 2007/03/06 10:13:14
+ [version.h]
+ openssh-4.6; "please" deraadt@
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] crank spec files for release
+ - (djm) [README] correct link to release notes
+ - (djm) Release 4.6p1
+
+20070304
+ - (djm) [configure.ac] add a --without-openssl-header-check option to
+ configure, as some platforms (OS X) ship OpenSSL headers whose version
+ does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+ bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+ ciphers from working correctly (disconnects with "Bad packet length"
+ errors) as found by Ben Harris. ok djm@
+
+20070303
+ - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
+ general to cover newer gdb versions on HP-UX.
+
+20070302
+ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
+ CRLF as well as LF lineendings) and write in binary mode. Patch from
+ vinschen at redhat.com.
+ - (dtucker) [INSTALL] Update to autoconf-2.61.
+
+20070301
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
+ [auth2.c sshd_config.5 servconf.c]
+ Remove ChallengeResponseAuthentication support inside a Match
+ block as its interaction with KbdInteractive makes it difficult to
+ support. Also, relocate the CR/kbdint option special-case code into
+ servconf. "please commit" djm@, ok markus@ for the relocation.
+ - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
+ "Looks sane" dtucker@
+
+20070228
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
+ [ssh-agent.c]
+ Remove expired keys periodically so they don't remain in memory when
+ the agent is entirely idle, as noted by David R. Piegdon. This is the
+ simple fix, a more efficient one will be done later. With markus,
+ deraadt, with & ok djm.
+
+20070225
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/02/20 10:25:14
+ [clientloop.c]
+ set maximum packet and window sizes the same for multiplexed clients
+ as normal connections; ok markus@
+ - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
+ [sshd.c]
+ Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
+ a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
+ newly exec'ed sshd will get the SIGALRM and not have a handler for it,
+ and the default action will terminate the listening sshd. Analysis and
+ patch from andrew at gaul.org.
+ - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
+ [servconf.c]
+ Check activep so Match and GatewayPorts work together; ok markus@
+ - ray@cvs.openbsd.org 2007/02/24 03:30:11
+ [moduli.c]
+ - strlen returns size_t, not int.
+ - Pass full buffer size to fgets.
+ OK djm@, millert@, and moritz@.
+
20070219
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2007/01/10 13:23:22
offsite. ok djm@, man page bits ok jmc@
- (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
platforms don't have it. Patch from dleonard at vintela.com.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
+ an array for signatures when there are none since "calloc(0, n) returns
+ NULL on some platforms (eg Tru64), which is explicitly permitted by
+ POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
20070128
- (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)