+20030517
+ - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
+ recent merge
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/05/16 03:27:12
+ [readconf.c ssh_config ssh_config.5 ssh-keysign.c]
+ add AddressFamily option to ssh_config (like -4, -6 on commandline).
+ Portable bug #534; ok markus@
+ - itojun@cvs.openbsd.org 2003/05/17 03:25:58
+ [auth-rhosts.c]
+ just in case, put numbers to sscanf %s arg.
+ - markus@cvs.openbsd.org 2003/05/17 04:27:52
+ [cipher.c cipher-ctr.c myproposal.h]
+ experimental support for aes-ctr modes from
+ http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
+ ok djm@
+ - (djm) Remove IPv4 by default hack now that we can specify AF in config
+
+20030517
+ - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
+
+20030516
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/05/15 13:52:10
+ [ssh.c]
+ Make "ssh -V" print the OpenSSL version in a human readable form. Patch
+ from Craig Leres (mindrot at ee.lbl.gov); ok markus@
+ - jakob@cvs.openbsd.org 2003/05/15 14:02:47
+ [readconf.c servconf.c]
+ warn for unsupported config option. ok markus@
+ - markus@cvs.openbsd.org 2003/05/15 14:09:21
+ [auth2-krb5.c]
+ fix 64bit issue; report itojun@
+ - djm@cvs.openbsd.org 2003/05/15 14:55:25
+ [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
+ add a ConnectTimeout option to ssh, based on patch from
+ Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
+ - (djm) Add warning for UsePAM when built without PAM support
+ - (djm) A few type mismatch fixes from Bug #565
+ - (djm) Guard free_pam_environment against NULL argument. Works around
+ HP/UX PAM problems debugged by dtucker
+
+20030515
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2003/05/14 13:11:56
+ [ssh-agent.1]
+ setup -> set up;
+ from wiz@netbsd
+ - jakob@cvs.openbsd.org 2003/05/14 18:16:20
+ [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
+ [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
+ add experimental support for verifying hos keys using DNS as described
+ in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
+ ok markus@ and henning@
+ - markus@cvs.openbsd.org 2003/05/14 22:24:42
+ [clientloop.c session.c ssh.1]
+ allow to send a BREAK to the remote system; ok various
+ - markus@cvs.openbsd.org 2003/05/15 00:28:28
+ [sshconnect2.c]
+ cleanup unregister of per-method packet handlers; ok djm@
+ - jakob@cvs.openbsd.org 2003/05/15 01:48:10
+ [readconf.c readconf.h servconf.c servconf.h]
+ always parse kerberos options. ok djm@ markus@
+ - jakob@cvs.openbsd.org 2003/05/15 02:27:15
+ [dns.c]
+ add missing freerrset
+ - markus@cvs.openbsd.org 2003/05/15 03:08:29
+ [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
+ split out custom EVP ciphers
+ - djm@cvs.openbsd.org 2003/05/15 03:10:52
+ [ssh-keygen.c]
+ avoid warning; ok jakob@
+ - mouring@cvs.openbsd.org 2003/05/15 03:39:07
+ [sftp-int.c]
+ Make put/get (globed and nonglobed) code more consistant. OK djm@
+ - mouring@cvs.openbsd.org 2003/05/15 03:43:59
+ [sftp-int.c sftp.c]
+ Teach ls how to display multiple column display and allow users
+ to return to single column format via 'ls -1'. OK @djm
+ - jakob@cvs.openbsd.org 2003/05/15 04:08:44
+ [readconf.c servconf.c]
+ disable kerberos when not supported. ok markus@
+ - markus@cvs.openbsd.org 2003/05/15 04:08:41
+ [ssh.1]
+ ~B is ssh2 only
+ - (djm) Always parse UsePAM
+ - (djm) Configure glue for DNS support (code doesn't work in portable yet)
+ - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
+ - (djm) Tidy Makefile clean targets
+ - (djm) Adapt README.dns for portable
+ - (djm) Avoid uuencode.c warnings
+ - (djm) Enable UsePAM when built --with-pam
+ - (djm) Only build getrrsetbyname replacement when using --with-dns
+ - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
+ correctly)
+ - (djm) Bug #444: Wrong paths after reconfigure
+ - (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
+
+20030514
+ - (djm) Bug #117: Don't lie to PAM about username
+ - (djm) RCSID sync w/ OpenBSD
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/04/09 12:00:37
+ [readconf.c]
+ strip trailing whitespace from config lines before parsing.
+ Fixes bz 528; ok markus@
+ - markus@cvs.openbsd.org 2003/04/12 10:13:57
+ [cipher.c]
+ hide cipher details; ok djm@
+ - markus@cvs.openbsd.org 2003/04/12 10:15:36
+ [misc.c]
+ debug->debug2
+ - naddy@cvs.openbsd.org 2003/04/12 11:40:15
+ [ssh.1]
+ document -V switch, fix wording; ok markus@
+ - markus@cvs.openbsd.org 2003/04/14 14:17:50
+ [channels.c sshconnect.c sshd.c ssh-keyscan.c]
+ avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
+ - mouring@cvs.openbsd.org 2003/04/14 21:31:27
+ [sftp-int.c]
+ Missing globfree(&g) in process_put() spotted by Vince Brimhall
+ <VBrimhall@novell.com>. ok@ Theo
+ - markus@cvs.openbsd.org 2003/04/16 14:35:27
+ [auth.h]
+ document struct Authctxt; with solar
+ - deraadt@cvs.openbsd.org 2003/04/26 04:29:49
+ [ssh-keyscan.c]
+ -t in usage(); rogier@quaak.org
+ - mouring@cvs.openbsd.org 2003/04/30 01:16:20
+ [sshd.8 sshd_config.5]
+ Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
+ Bug #550 and * escaping suggested by jmc@.
+ - david@cvs.openbsd.org 2003/04/30 20:41:07
+ [sshd.8]
+ fix invalid .Pf macro usage introduced in previous commit
+ ok jmc@ mouring@
+ - markus@cvs.openbsd.org 2003/05/11 16:56:48
+ [authfile.c ssh-keygen.c]
+ change key_load_public to try to read a public from:
+ rsa1 private or rsa1 public and ssh2 keys.
+ this makes ssh-keygen -e fail for ssh1 keys more gracefully
+ for example; report from itojun (netbsd pr 20550).
+ - markus@cvs.openbsd.org 2003/05/11 20:30:25
+ [channels.c clientloop.c serverloop.c session.c ssh.c]
+ make channel_new() strdup the 'remote_name' (not the caller); ok theo
+ - markus@cvs.openbsd.org 2003/05/12 16:55:37
+ [sshconnect2.c]
+ for pubkey authentication try the user keys in the following order:
+ 1. agent keys that are found in the config file
+ 2. other agent keys
+ 3. keys that are only listed in the config file
+ this helps when an agent has many keys, where the server might
+ close the connection before the correct key is used. report & ok pb@
+ - markus@cvs.openbsd.org 2003/05/12 18:35:18
+ [ssh-keyscan.1]
+ typo: DSA keys are of type ssh-dss; Brian Poole
+ - markus@cvs.openbsd.org 2003/05/14 00:52:59
+ [ssh2.h]
+ ranges for per auth method messages
+ - djm@cvs.openbsd.org 2003/05/14 01:00:44
+ [sftp.1]
+ emphasise the batchmode functionality and make reference to pubkey auth,
+ both of which are FAQs; ok markus@
+ - markus@cvs.openbsd.org 2003/05/14 02:15:47
+ [auth2.c monitor.c sshconnect2.c auth2-krb5.c]
+ implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
+ server interops with commercial client; ok jakob@ djm@
+ - jmc@cvs.openbsd.org 2003/05/14 08:25:39
+ [sftp.1]
+ - better formatting in SYNOPSIS
+ - whitespace at EOL
+ ok djm@
+ - markus@cvs.openbsd.org 2003/05/14 08:57:49
+ [monitor.c]
+ http://bugzilla.mindrot.org/show_bug.cgi?id=560
+ Privsep child continues to run after monitor killed.
+ Pass monitor signals through to child; Darren Tucker
+ - (djm) Make portable build with MIT krb5 (some issues remain)
+ - (djm) Add new UsePAM configuration directive to allow runtime control
+ over usage of PAM. This allows non-root use of sshd when built with
+ --with-pam
+ - (djm) Die screaming if start_pam() is called when UsePAM=no
+ - (djm) Avoid KrbV leak for MIT Kerberos
+ - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
+ - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability
+
+20030512
+ - (djm) Redhat spec: Don't install profile.d scripts when not
+ building with GNOME/GTK askpass (patch from bet@rahul.net)
+
20030510
- (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
"make install". Patch by roth@feep.net.
- (dtucker) Bug #536: Test for and work around openpty/controlling tty
problem on Linux (fixes "could not set controlling tty" errors).
+ - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
+ proper challenge-response module
+ - (djm) 2-clause license on loginrec.c, with permission from
+ andre@ae-35.com
20030504
- (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.