+20030517
+ - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
+ recent merge
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/05/16 03:27:12
+ [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
+ add AddressFamily option to ssh_config (like -4, -6 on commandline).
+ Portable bug #534; ok markus@
+ - itojun@cvs.openbsd.org 2003/05/17 03:25:58
+ [auth-rhosts.c]
+ just in case, put numbers to sscanf %s arg.
+ - markus@cvs.openbsd.org 2003/05/17 04:27:52
+ [cipher.c cipher-ctr.c myproposal.h]
+ experimental support for aes-ctr modes from
+ http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
+ ok djm@
+ - (djm) Remove IPv4 by default hack now that we can specify AF in config
+
+20030517
+ - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
+
+20030516
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/05/15 13:52:10
+ [ssh.c]
+ Make "ssh -V" print the OpenSSL version in a human readable form. Patch
+ from Craig Leres (mindrot at ee.lbl.gov); ok markus@
+ - jakob@cvs.openbsd.org 2003/05/15 14:02:47
+ [readconf.c servconf.c]
+ warn for unsupported config option. ok markus@
+ - markus@cvs.openbsd.org 2003/05/15 14:09:21
+ [auth2-krb5.c]
+ fix 64bit issue; report itojun@
+ - djm@cvs.openbsd.org 2003/05/15 14:55:25
+ [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
+ add a ConnectTimeout option to ssh, based on patch from
+ Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
+ - (djm) Add warning for UsePAM when built without PAM support
+ - (djm) A few type mismatch fixes from Bug #565
+ - (djm) Guard free_pam_environment against NULL argument. Works around
+ HP/UX PAM problems debugged by dtucker
+
+20030515
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2003/05/14 13:11:56
+ [ssh-agent.1]
+ setup -> set up;
+ from wiz@netbsd
+ - jakob@cvs.openbsd.org 2003/05/14 18:16:20
+ [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
+ [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
+ add experimental support for verifying hos keys using DNS as described
+ in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
+ ok markus@ and henning@
+ - markus@cvs.openbsd.org 2003/05/14 22:24:42
+ [clientloop.c session.c ssh.1]
+ allow to send a BREAK to the remote system; ok various
+ - markus@cvs.openbsd.org 2003/05/15 00:28:28
+ [sshconnect2.c]
+ cleanup unregister of per-method packet handlers; ok djm@
+ - jakob@cvs.openbsd.org 2003/05/15 01:48:10
+ [readconf.c readconf.h servconf.c servconf.h]
+ always parse kerberos options. ok djm@ markus@
+ - jakob@cvs.openbsd.org 2003/05/15 02:27:15
+ [dns.c]
+ add missing freerrset
+ - markus@cvs.openbsd.org 2003/05/15 03:08:29
+ [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
+ split out custom EVP ciphers
+ - djm@cvs.openbsd.org 2003/05/15 03:10:52
+ [ssh-keygen.c]
+ avoid warning; ok jakob@
+ - mouring@cvs.openbsd.org 2003/05/15 03:39:07
+ [sftp-int.c]
+ Make put/get (globed and nonglobed) code more consistant. OK djm@
+ - mouring@cvs.openbsd.org 2003/05/15 03:43:59
+ [sftp-int.c sftp.c]
+ Teach ls how to display multiple column display and allow users
+ to return to single column format via 'ls -1'. OK @djm
+ - jakob@cvs.openbsd.org 2003/05/15 04:08:44
+ [readconf.c servconf.c]
+ disable kerberos when not supported. ok markus@
+ - markus@cvs.openbsd.org 2003/05/15 04:08:41
+ [ssh.1]
+ ~B is ssh2 only
+ - (djm) Always parse UsePAM
+ - (djm) Configure glue for DNS support (code doesn't work in portable yet)
+ - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
+ - (djm) Tidy Makefile clean targets
+ - (djm) Adapt README.dns for portable
+ - (djm) Avoid uuencode.c warnings
+ - (djm) Enable UsePAM when built --with-pam
+ - (djm) Only build getrrsetbyname replacement when using --with-dns
+ - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
+ correctly)
+ - (djm) Bug #444: Wrong paths after reconfigure
+ - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
+
+20030514
+ - (djm) Bug #117: Don't lie to PAM about username
+ - (djm) RCSID sync w/ OpenBSD
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/04/09 12:00:37
+ [readconf.c]
+ strip trailing whitespace from config lines before parsing.
+ Fixes bz 528; ok markus@
+ - markus@cvs.openbsd.org 2003/04/12 10:13:57
+ [cipher.c]
+ hide cipher details; ok djm@
+ - markus@cvs.openbsd.org 2003/04/12 10:15:36
+ [misc.c]
+ debug->debug2
+ - naddy@cvs.openbsd.org 2003/04/12 11:40:15
+ [ssh.1]
+ document -V switch, fix wording; ok markus@
+ - markus@cvs.openbsd.org 2003/04/14 14:17:50
+ [channels.c sshconnect.c sshd.c ssh-keyscan.c]
+ avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
+ - mouring@cvs.openbsd.org 2003/04/14 21:31:27
+ [sftp-int.c]
+ Missing globfree(&g) in process_put() spotted by Vince Brimhall
+ <VBrimhall@novell.com>. ok@ Theo
+ - markus@cvs.openbsd.org 2003/04/16 14:35:27
+ [auth.h]
+ document struct Authctxt; with solar
+ - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
+ [ssh-keyscan.c]
+ -t in usage(); rogier@quaak.org
+ - mouring@cvs.openbsd.org 2003/04/30 01:16:20
+ [sshd.8 sshd_config.5]
+ Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
+ Bug #550 and * escaping suggested by jmc@.
+ - david@cvs.openbsd.org 2003/04/30 20:41:07
+ [sshd.8]
+ fix invalid .Pf macro usage introduced in previous commit
+ ok jmc@ mouring@
+ - markus@cvs.openbsd.org 2003/05/11 16:56:48
+ [authfile.c ssh-keygen.c]
+ change key_load_public to try to read a public from:
+ rsa1 private or rsa1 public and ssh2 keys.
+ this makes ssh-keygen -e fail for ssh1 keys more gracefully
+ for example; report from itojun (netbsd pr 20550).
+ - markus@cvs.openbsd.org 2003/05/11 20:30:25
+ [channels.c clientloop.c serverloop.c session.c ssh.c]
+ make channel_new() strdup the 'remote_name' (not the caller); ok theo
+ - markus@cvs.openbsd.org 2003/05/12 16:55:37
+ [sshconnect2.c]
+ for pubkey authentication try the user keys in the following order:
+ 1. agent keys that are found in the config file
+ 2. other agent keys
+ 3. keys that are only listed in the config file
+ this helps when an agent has many keys, where the server might
+ close the connection before the correct key is used. report & ok pb@
+ - markus@cvs.openbsd.org 2003/05/12 18:35:18
+ [ssh-keyscan.1]
+ typo: DSA keys are of type ssh-dss; Brian Poole
+ - markus@cvs.openbsd.org 2003/05/14 00:52:59
+ [ssh2.h]
+ ranges for per auth method messages
+ - djm@cvs.openbsd.org 2003/05/14 01:00:44
+ [sftp.1]
+ emphasise the batchmode functionality and make reference to pubkey auth,
+ both of which are FAQs; ok markus@
+ - markus@cvs.openbsd.org 2003/05/14 02:15:47
+ [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
+ implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
+ server interops with commercial client; ok jakob@ djm@
+ - jmc@cvs.openbsd.org 2003/05/14 08:25:39
+ [sftp.1]
+ - better formatting in SYNOPSIS
+ - whitespace at EOL
+ ok djm@
+ - markus@cvs.openbsd.org 2003/05/14 08:57:49
+ [monitor.c]
+ http://bugzilla.mindrot.org/show_bug.cgi?id=560
+ Privsep child continues to run after monitor killed.
+ Pass monitor signals through to child; Darren Tucker
+ - (djm) Make portable build with MIT krb5 (some issues remain)
+ - (djm) Add new UsePAM configuration directive to allow runtime control
+ over usage of PAM. This allows non-root use of sshd when built with
+ --with-pam
+ - (djm) Die screaming if start_pam() is called when UsePAM=no
+ - (djm) Avoid KrbV leak for MIT Kerberos
+ - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
+ - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
+
+20030512
+ - (djm) Redhat spec: Don't install profile.d scripts when not
+ building with GNOME/GTK askpass (patch from bet@rahul.net)
+
+20030510
+ - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
+ "make install". Patch by roth@feep.net.
+ - (dtucker) Bug #536: Test for and work around openpty/controlling tty
+ problem on Linux (fixes "could not set controlling tty" errors).
+ - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
+ proper challenge-response module
+ - (djm) 2-clause license on loginrec.c, with permission from
+ andre@ae-35.com
+
+20030504
+ - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
+ Patch from vinschen@redhat.com.
+
+20030503
+ - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
+ by wendyp@cray.com.
+
+20030502
+ - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
+ privsep should now work.
+ - (dtucker) Move handling of bad password authentications into a platform
+ specific record_failed_login() function (affects AIX & Unicos). ok mouring@
+
+20030429
+ - (djm) Add back radix.o (used by AFS support), after it went missing from
+ Makefile many moons ago
+ - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
+ - (djm) Fix blibpath specification for AIX/gcc
+ - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
+
+20030428
+ - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
+ hacked code.
+
+20030427
+ - (bal) Bug #541: return; was dropped by mistake. Reported by
+ furrier@iglou.com
+ - (bal) Since we don't support platforms lacking u_int_64. We may
+ as well clean out some of those evil #ifdefs
+ - (bal) auth1.c minor resync while looking at the code.
+ - (bal) auth2.c same changed as above.
+
+20030409
+ - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
+ from matth@eecs.berkeley.edu
+ - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/04/02 09:48:07
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+ [readconf.h serverloop.c sshconnect2.c]
+ reapply rekeying chage, tested by henning@, ok djm@
+ - markus@cvs.openbsd.org 2003/04/02 14:36:26
+ [ssh-keysign.c]
+ potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
+ - itojun@cvs.openbsd.org 2003/04/03 07:25:27
+ [progressmeter.c]
+ $OpenBSD$
+ - itojun@cvs.openbsd.org 2003/04/03 10:17:35
+ [progressmeter.c]
+ remove $OpenBSD$, as other *.c does not have it.
+ - markus@cvs.openbsd.org 2003/04/07 08:29:57
+ [monitor_wrap.c]
+ typo: get correct counters; introduced during rekeying change.
+ - millert@cvs.openbsd.org 2003/04/07 21:58:05
+ [progressmeter.c]
+ The UCB copyright here is incorrect. This code did not originate
+ at UCB, it was written by Luke Mewburn. Updated the copyright at
+ the author's request. markus@ OK
+ - itojun@cvs.openbsd.org 2003/04/08 20:21:29
+ [*.c *.h]
+ rename log() into logit() to avoid name conflict. markus ok, from
+ netbsd
+ - (djm) XXX - Performed locally using:
+ "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
+ - hin@cvs.openbsd.org 2003/04/09 08:23:52
+ [servconf.c]
+ Don't include <krb.h> when compiling with Kerberos 5 support
+ - (djm) Fix up missing include for packet.c
+ - (djm) Fix missed log => logit occurance (reference by function pointer)
+
+20030402
+ - (bal) if IP_TOS is not found or broken don't try to compile in
+ packet_set_tos() function call. bug #527
+
20030401
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
[version.h]
3.6.1
- (djm) Crank spec file versions
+ - (djm) Release 3.6.1p1
20030326
- (djm) OpenBSD CVS Sync